v1.2.0: Justified Suppression, 3 new AVE records, bawbel creds + chain

[chaksaray]

What's new

Justified suppression and false positive feedback

The existing bawbel-ignore silently removes findings. That's not enough
when a developer can't explain why something is suppressed, or when an
accepted risk is never reviewed again.

v1.2.0 adds two new inline comment keywords:

• bawbel-ignore with metadata: false positive declaration. Requires a
  reason, reviewer, and reviewed date. Suppressed permanently. The
  reason is recorded in the audit trail.
• bawbel-accept with an expires date: accepted risk. When the expiry
  passes, the finding resurfaces automatically on the next scan.

<!-- bawbel-ignore: AVE-2026-00001
     reason: Internal registry endpoint, not attacker-controlled
     reviewer: chaksaray
     reviewed: 2026-05-16
-->

<!-- bawbel-accept: AVE-2026-00047
     reason: Placeholder replaced at deploy time by CI pipeline
     reviewer: chaksaray
     reviewed: 2026-05-16
     expires: 2026-08-16
-->

The bawbel accept CLI inserts these comments directly into source files
without manual editing:

bawbel accept AVE-2026-00001 ./skill.md --line 7 \
  --reason "Internal registry endpoint" \
  --type false-positive

bawbel accept AVE-2026-00047 ./skill.md --line 3 \
  --reason "Placeholder, replaced at deploy time" \
  --type accepted-risk \
  --expires 90d

bawbel accept --list
bawbel accept --expiring-soon --within 30

JSON output now includes an accepted_findings array with full metadata
for each justified suppression. --report sends an anonymous FP signal to
PiranhaDB (AVE ID, engine, confidence, match hash only, no file content).

---

3 new AVE records

Rule	AVE ID	Severity	AIVSS	What it detects
bawbel-hook-hijack	AVE-2026-00046	CRITICAL	9.1	MCP tool hook hijacking: skill files that register hooks to intercept or redirect tool execution calls to attacker-controlled callbacks
bawbel-hardcoded-credential	AVE-2026-00047	HIGH	7.8	Hardcoded API keys, tokens, passwords, private key blocks, and URL-embedded credentials (scheme://user:pass@host)
bawbel-unsafe-delegation	AVE-2026-00048	HIGH	8.2	Sub-agent spawning with inherited permissions and no explicit trust boundary

Pattern engine: 37 rules -> 40 rules. AVE records: 45 -> 48.

---

bawbel creds and bawbel chain

Two new focused scan commands. Both use the same panel output as
bawbel scan and support --recursive, --no-ignore, --fail-on-any,
--format json.

# Credential-only scan (AVE-2026-00047)
bawbel creds ./skills/ --recursive

# Delegation chain scan (AVE-2026-00048)
bawbel chain ./skills/ --recursive

Use bawbel scan for full security review. These commands are for targeted
triage or specialized CI gates.

---

bawbel report improvements

• --recursive / -r flag: scan a directory and produce a full remediation
  report for every file.
• --no-ignore flag: audit mode, same as bawbel scan --no-ignore.

---

Fixes

• pr-review.yml regression-check: missing pip install -e . caused import
  failures on clean repos.
• ci.yml test job: same missing pip install -e . fix.
• ci.yml Docker verify step: python3 -c "..." with f-strings was mangled
  by shell brace expansion before Python saw the script. Replaced with a
  single-line assertion. Also fixed wrong field name (aivss -> aivss_score)
  and wrong threshold (9.0 -> 7.0).

---

Upgrade

pip install --upgrade bawbel-scanner
bawbel version

Links

• Docs: https://bawbel.io/docs
• AVE records 46/47/48: https://github.com/bawbel/ave
• PiranhaDB: https://api.piranha.bawbel.io
• CHANGELOG: https://github.com/bawbel/scanner/blob/main/CHANGELOG.md

---

This discussion was created from the release v1.2.0: Justified Suppression, 3 new AVE records, bawbel creds + chain.