chore(sync): cascade errorMessage hook refactor + trimming-bundle skill + bundle-trim scan from socket-repo-template

jdalton · jdalton · commit f249a3a726d3 · 2026-05-09T17:29:16.000-04:00
diff --git a/.claude/hooks/no-fleet-fork-guard/index.mts b/.claude/hooks/no-fleet-fork-guard/index.mts
@@ -53,6 +53,8 @@ import { existsSync, readFileSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
 
+import { errorMessage } from '@socketsecurity/lib/errors'
+
 type ToolInput = {
   tool_input?: { file_path?: string } | undefined
   tool_name?: string | undefined
@@ -289,7 +291,7 @@ main().then(
   code => process.exit(code),
   e => {
     process.stderr.write(
-      `no-fleet-fork-guard: hook bug — fail-open. ${e instanceof Error ? e.message : String(e)}\n`,
+      `no-fleet-fork-guard: hook bug — fail-open. ${errorMessage(e)}\n`,
     )
     process.exit(0)
   },
diff --git a/.claude/hooks/no-fleet-fork-guard/package.json b/.claude/hooks/no-fleet-fork-guard/package.json
@@ -6,6 +6,9 @@
   "exports": {
     ".": "./index.mts"
   },
+  "dependencies": {
+    "@socketsecurity/lib": "catalog:"
+  },
   "devDependencies": {
     "@types/node": "catalog:"
   },
diff --git a/.claude/skills/scanning-quality/SKILL.md b/.claude/skills/scanning-quality/SKILL.md
@@ -34,6 +34,7 @@ Modular scan types (one file per type under `scans/`, easier to extend than the
 9. **variant-analysis** — for each High/Critical finding from above, search the rest of the repo for the same shape. See [`scans/variant-analysis.md`](scans/variant-analysis.md).
 10. **insecure-defaults** — fail-open defaults, hardcoded credentials, lazy fallbacks. See [`scans/insecure-defaults.md`](scans/insecure-defaults.md).
 11. **differential** — security-focused diff against a base ref. See [`scans/differential.md`](scans/differential.md).
+12. **bundle-trim** — for repos that ship a built bundle (today: rolldown), identify unused module paths the bundler statically pulled in but the runtime never reaches. Reports candidates; the trim loop itself lives in the [`trimming-bundle`](../trimming-bundle/SKILL.md) skill. See [`scans/bundle-trim.md`](scans/bundle-trim.md).
 
 Adding a new scan type: drop a file under `scans/<name>.md` describing mission, method, output shape, when-to-skip — same shape as the three above. The orchestrator picks them up by directory listing; no edits to this SKILL.md needed beyond appending to the list.
 
