fix(security): restrict network scope to ports 80 and 443

sunny-se · claude · sunny-se · commit 93071b92d3c1 · 2026-05-27T16:16:50.000+05:30
.all(ports: []) is semantically identical to .all() in SPM — empty
array means "all ports allowed". Change to .all(ports: [80, 443])
to actually restrict the plugin to HTTP/HTTPS ports only, blocking
port scanning and access to internal services on non-standard ports.

Verified end-to-end: plugin downloads CLI v1.34.2 over port 443 and
runs scan successfully with restricted scope.

DEVA11Y-481

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/Package.swift b/Package.swift
@@ -19,7 +19,7 @@ let package = Package(
                 ),
                 permissions: [
                     .allowNetworkConnections(
-                        scope: .all(ports: []),
+                        scope: .all(ports: [80, 443]),
                         reason: "Please allow network connection permission to authenticate and run accessibility rules."
                     ),
                     .writeToPackageDirectory(reason: "Please allow writing to package directory for logging.")
