[codex] Fold hardening audits into doctor proof path

[grnbtqdbyx-create]

Summary

• adds Claude Code settings, agentic workflow, and GitHub Actions hardening checks to contextforge doctor
• updates proof-pack and scorecard evidence commands so Codex/Claude handoffs can rerun the hardening audits directly
• refreshes README first proof path around doctor + scorecard
• bumps package/action references to v0.70.0 and regenerates public readiness artifacts

Closes #164.

Why

ContextForge already had specialized hardening commands, but first-time repo evaluators should not need to remember each one before deciding whether a repository is safe enough for agent-assisted work. This moves the hardening evidence into the first command people and agents naturally run.

Research anchors:

• GitHub Actions script injection guidance: https://docs.github.com/en/actions/concepts/security/script-injections
• GitHub Security Lab untrusted input / pwn requests guidance: https://securitylab.github.com/resources/github-actions-untrusted-input/
• GitHub Copilot customization docs: https://docs.github.com/en/copilot/concepts/prompting/response-customization
• Claude Code settings docs: https://docs.anthropic.com/en/docs/claude-code/settings

Validation

• pnpm vitest run tests/doctor.test.ts tests/proofPack.test.ts tests/scorecard.test.ts tests/cli.test.ts tests/init.test.ts tests/packageMetadata.test.ts
• pnpm typecheck
• pnpm test -> 47 files, 155 tests passed
• pnpm build
• node dist/cli.js doctor --summary contextforge-doctor.md -> pass, 12 readiness checks
• node dist/cli.js scorecard --output contextforge-scorecard.md
• node dist/cli.js proof-pack --output contextforge-proof-pack.md
• node dist/cli.js actions-audit --summary contextforge-actions-audit.md --sarif contextforge-actions.sarif -> pass, 100/100
• node dist/cli.js workflow-audit --summary contextforge-workflow-audit.md --sarif contextforge-workflow.sarif -> pass, 100/100
• node dist/cli.js claude-audit --summary contextforge-claude-audit.md --sarif contextforge-claude.sarif -> pass, 100/100
• node dist/cli.js security-benchmark -> pass, 4/4
• node dist/cli.js audit --min-context-score 70 --min-cache-score 70 --min-security-score 70 --output contextforge-audit.json --report contextforge-report.html -> pass, 100/100 / 100/100 / 100/100
• node dist/cli.js publish-readiness --summary contextforge-publish-readiness.md -> warn only for human npm account setup
• npm pack --dry-run --json -> contextforge@0.70.0
• git diff --check

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f294b4659b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Fail scalar pull_request_target checkout cases

This fixture uses valid single-event workflow syntax (on: pull_request_target), and it also checks out github.event.pull_request.head.sha, which is the high-risk pwn-request pattern the hardening path is meant to catch. Expecting only warn locks in the current false negative where auditGithubActions only recognizes the mapping form pull_request_target:; repos using the scalar form will get a non-failing doctor result for a dangerous privileged PR-head checkout.

Useful? React with 👍 / 👎.