docs: sync AgentShield adapter evidence

[affaan-m]

Summary

• sync AgentShield Create README.md #94 Zed/VS Code adapter evidence into the GA roadmap and rc.1 publication ledger
• add the new ITO-49/project Linear comment IDs to the repo evidence mirror
• update preview-pack manifest and supply-chain incident guidance for Zed .zed/tasks.json persistence coverage

Verification

• npm run preview-pack:smoke -- --format json
• npm run platform:audit -- --json
• git diff --check HEAD~1..HEAD
• npm run release:approval-gate -- --format json exits 2 as expected: 4/6 pass, owner decisions and live URL ledger still intentionally blocked

---

Summary by cubic

Synced AgentShield PR #94 evidence into the GA roadmap and rc.1 publication ledger, adding Zed/VS Code adapter coverage (.zed/settings.json, .zed/tasks.json) and flagging .zed/setup.mjs under the tool‑persistence IOC rule. Also linked updates to Linear ITO-49/project comments and updated the preview-pack manifest and supply‑chain incident guide to include Zed indicators.

^{Written for commit a5a57b5. Summary will update on new commits. Review in cubic}

Summary by CodeRabbit

• Documentation
  • Updated roadmap to include Zed and VS Code editor adapter detection coverage
  • Refreshed release evidence documentation with latest verification data and commit references
  • Enhanced security incident response guidance to include Zed editor persistence indicators

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR synchronizes multiple documentation surfaces across the ECC repository to incorporate AgentShield PR #94's Zed and VS Code editor adapter coverage. The roadmap, publication evidence, and security incident response runbook are updated to record new adapter detections, scan discovery inputs (.zed/settings.json, .zed/tasks.json), and persistence IOC rules (.zed/setup.mjs) as first-class capabilities alongside existing VS Code support.

Changes

Documentation Synchronization for Zed/VS Code Adapter Coverage

Layer / File(s)	Summary
Roadmap synchronization with PR #94 scope docs/ECC-2.0-GA-ROADMAP.md	The May 20 delta section and May 19 evidence area record AgentShield PR #94 as a new adapter-slice. Enterprise iteration scope, operator readiness checklist, and execution lanes tracking are all updated to include Zed/VS Code adapter detection, .zed scan-discovery inputs, and .zed/setup.mjs IOC rule coverage.
RC.1 publication evidence snapshot update docs/releases/2.0.0-rc.1/preview-pack-manifest.md, docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md	Upstream commit reference and evidence scope PR list are updated; the May 20 hosted observability section is replaced with an AgentShield adapter sync section; commit range endpoints are refreshed for ECC main (3cb8c48...) and AgentShield main (4caee27...); Linear progress proof and roadmap-sync mappings are extended with May 20 comment IDs.
Supply-chain incident response runbook extension docs/security/supply-chain-incident-response.md	Zed editor persistence indicators (.zed/tasks.json) and escalation criteria are added to the current IOC sweep and "When To Escalate" section, treating Zed indicators as escalation-worthy alongside VS Code and OS-level persistence guidance.

Possibly Related PRs

• affaan-m/ECC#1994: Both PRs update the May 19 rc.1 publication-readiness documentation surfaces, especially docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md, with this PR extending that evidence snapshot to include AgentShield PR #94's Zed/VS Code adapter coverage.

Poem

🐰 A Zed and VS Code, now in sight,
Our roadmap glows with adapter light,
From delta notes to checklists grand,
Zed persistence swept across the land! 🌿

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly and accurately summarizes the main change: syncing AgentShield adapter evidence (specifically Zed/VS Code adapter coverage) across multiple documentation files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/may20-agentshield-adapter-evidence

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md`:
- Around line 77-79: The discussion-count in the queue table is inconsistent
with the recorded resolution of Discussion `#2015`; update the earlier queue table
row that lists total discussions (the one showing "59 discussions after `#2003`")
to decrement the count to reflect `#2015` being answered/accepted and adjust its
timestamp to match the May 20 `#2015` update (use the same ISO timestamp format
shown for the ECC platform audit entries), and ensure any inline mention of
Discussion `#2015` in the table text or footnotes matches the phrasing "answered
and marked accepted" used later in the evidence section.

In `@docs/security/supply-chain-incident-response.md`:
- Around line 29-31: The Immediate Response "Remove persistence hooks" checklist
is missing Zed-specific cleanup; update that section to explicitly remove Zed
persistence files (e.g., `.zed/tasks.json` and any `.zed/*` configs), delete or
quarantine Zed workspace settings, and stop/uninstall any associated agents or
launch services (similar to `gh-token-monitor` LaunchAgent/systemd steps), then
re-run token rotation and verification; reference the existing examples for
`.claude/settings.json` and `.vscode/tasks.json` to mirror wording and order so
Zed entries are covered in the containment checklist.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 15f05d5c-55dd-4658-a04f-1b7d679acfbb

📥 Commits

Reviewing files that changed from the base of the PR and between 3cb8c48 and a5a57b5.

📒 Files selected for processing (4)

• docs/ECC-2.0-GA-ROADMAP.md
• docs/releases/2.0.0-rc.1/preview-pack-manifest.md
• docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md
• docs/security/supply-chain-incident-response.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Align discussion-count evidence with the May 20 #2015 update.

This section records Discussion #2015 as answered/accepted, but the earlier queue table in the same file still says 59 discussions after #2003. Please update the count/timestamp so the evidence narrative is internally consistent.

Proposed doc fix

-| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 59 sampled after `#2003` AURA integration proposal; 0 needing maintainer touch; 0 answerable without accepted answer |
+| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 60 sampled after `#2003` plus `#2015` acceptance; 0 needing maintainer touch; 0 answerable without accepted answer |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` around lines 77
- 79, The discussion-count in the queue table is inconsistent with the recorded
resolution of Discussion `#2015`; update the earlier queue table row that lists
total discussions (the one showing "59 discussions after `#2003`") to decrement
the count to reflect `#2015` being answered/accepted and adjust its timestamp to
match the May 20 `#2015` update (use the same ISO timestamp format shown for the
ECC platform audit entries), and ensure any inline mention of Discussion `#2015`
in the table text or footnotes matches the phrasing "answered and marked
accepted" used later in the evidence section.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add Zed persistence cleanup steps in the containment checklist.

The runbook now flags Zed persistence indicators, but the Immediate Response “Remove persistence hooks” list still omits Zed file cleanup. During an incident, that can leave persistence in place after token rotation.

Proposed runbook patch

 4. Remove persistence hooks before token revocation:
    - `~/.claude/settings.json` `SessionStart` hooks and adjacent
      `router_runtime.js` / `setup.mjs` payload files;
    - `.vscode/tasks.json` folder-open tasks and adjacent payload files;
+   - `.zed/tasks.json`, `.zed/settings.json`, and adjacent `.zed/setup.mjs` / hook payload files;
    - `~/Library/LaunchAgents/com.user.gh-token-monitor.plist`;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/security/supply-chain-incident-response.md` around lines 29 - 31, The
Immediate Response "Remove persistence hooks" checklist is missing Zed-specific
cleanup; update that section to explicitly remove Zed persistence files (e.g.,
`.zed/tasks.json` and any `.zed/*` configs), delete or quarantine Zed workspace
settings, and stop/uninstall any associated agents or launch services (similar
to `gh-token-monitor` LaunchAgent/systemd steps), then re-run token rotation and
verification; reference the existing examples for `.claude/settings.json` and
`.vscode/tasks.json` to mirror wording and order so Zed entries are covered in
the containment checklist.

[cubic-dev-ai]

1 issue found across 4 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="docs/security/supply-chain-incident-response.md">

<violation number="1" location="docs/security/supply-chain-incident-response.md:29">
P3: Add `.zed/tasks.json` (and adjacent payload files) to the Immediate Response step 4 cleanup list to match the newly added Zed IOC indicator.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P3: Add .zed/tasks.json (and adjacent payload files) to the Immediate Response step 4 cleanup list to match the newly added Zed IOC indicator.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At docs/security/supply-chain-incident-response.md, line 29:

<comment>Add `.zed/tasks.json` (and adjacent payload files) to the Immediate Response step 4 cleanup list to match the newly added Zed IOC indicator.</comment>

<file context>
@@ -26,8 +26,9 @@ credentials:
 - The live IOC set includes persistence through Claude Code
-  `.claude/settings.json`, VS Code `.vscode/tasks.json`, and OS-level
-  `gh-token-monitor` LaunchAgent/systemd services. Some variants add
+  `.claude/settings.json`, VS Code `.vscode/tasks.json`, Zed
+  `.zed/tasks.json`, and OS-level `gh-token-monitor` LaunchAgent/systemd
+  services. Some variants add
</file context>