Commit Graph

2 Commits

Author SHA1 Message Date
claude 3bab54d135 fix(modules-1,15,17): onboarding step, make M15 gate actually catch the plant, M17 .env override
- M1: add a no-git "Get the course materials" step (download+unzip; clone noted
  as Module 8) so Part A's paths resolve without assuming git. URL flagged
  Verify-before-publish (swap to public host before publishing).
- M15: security gate was failing OPEN on python3-only systems (bare `python`)
  and missing the UNTRACKED config.py, so the planted secret passed green. Now
  guards python3, fails CLOSED on any non-clean exit, and stages files so the
  planted SYNC_API_KEY + typosquat dep are actually caught.
- M15: correct the false "Bandit flags the API key" claim (B105-107 need
  password-named ids); add an honest MD5 (B324) flaw so the SAST demo fires.
  Planted secret/deps preserved.
- M17: require the .env loader to use setdefault so Part D's override demo works;
  explain precedence. Hardcoded "before" anti-pattern left intact.

Closes #6
Closes #17
Closes #18
Closes #19
Closes #29

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TfzV5QvtPDz8LJS3Pu5VLT
2026-06-22 15:48:27 -04:00
claude 2684095e2f Build out all 27 modules + capstone (#1)
Co-authored-by: claude <claude@jpaul.io>
Co-committed-by: claude <claude@jpaul.io>
2026-06-22 12:19:01 -04:00