v1.0.0 — Initial release
First public release of the Solana ruleset for Anthropic's Claude Code security-guidance plugin.
What's in v1.0.0:
- 20 Solana security rules in
claude-security-guidance.md(model-backed review checklist, 7.4KB / 8KB cap) - 15 deterministic regex/substring patterns in
security-patterns.yaml(per-edit check) - 5 paired vulnerable/fixed example snippets
- CI workflow validating size caps, YAML parse, regex compilation
- MIT licensed
5 headline rules drawn from real published bounty findings:
- SOL-001 Unauthenticated
now_slot— Bounty 6 H2 (percolator-prog#107, closed/fixed by Toly) - SOL-002 Cross-market state asymmetry — Bounty 5 primary class
- SOL-003 Wrapper re-implements engine logic — Bounty 5 F1 (percolator-cli#78)
- SOL-004 Penalty/health terms omitted — Bounty 5 F2 (percolator-cli#78)
- SOL-005 Anchor
realloc()without guards — Bounty 5 F12 (percolator-cli#78)
15 generic Solana hygiene rules: signer checks, owner verification, PDA validation, CPI authority, reinit attacks, lamport drains, Token Program ID confusion, integer overflow, Anchor constraints, bump validation, discriminator checks, SetAuthority verification.
Install in 30 seconds:
mkdir -p .claude && curl -sL https://raw.githubusercontent.com/Copenhagen0x/solana-security-guidance/v1.0.0/claude-security-guidance.md -o .claude/claude-security-guidance.md && curl -sL https://raw.githubusercontent.com/Copenhagen0x/solana-security-guidance/v1.0.0/security-patterns.yaml -o .claude/security-patterns.yamlMaintained by Jelleo — continuous Solana program audits.