feat(commands): E14 part 3 — /security mcp-baseline-reset slash command

Wave C step C3: closes E14 with the user-facing reset command.

After a legitimate MCP server upgrade the sticky baseline (added in C1)
becomes a stale "what the tool used to say" anchor and every subsequent
post-mcp-verify advisory will re-flag the change. /security mcp-baseline-reset
lets the user acknowledge the upgrade so the next call seeds a fresh
baseline.

New files:
- scanners/mcp-baseline-reset.mjs — small CLI wrapper around clearBaseline /
  listBaselines. Modes: --list (read-only), --target <name>, no-args (all).
  Outputs JSON summary on stdout. Exit 0 always (idempotent).
- commands/mcp-baseline-reset.md — dispatcher following mcp-inspect.md
  shape. Frontmatter: name=security:mcp-baseline-reset, sonnet model,
  Read/Bash/AskUserQuestion tools. 4-step body (list -> confirm scope
  -> execute -> confirm result).
- tests/scanners/mcp-baseline-reset.test.mjs — 10 CLI tests across
  --list, --target, clear-all, idempotency, history preservation, and
  bare-positional sugar.

Updated:
- commands/security.md — new row in commands table after mcp-inspect.
- CLAUDE.md — new commands-table row + new v7.3.0 narrative section
  describing the baseline schema, cumulative-drift detection, reset
  semantics, and the LLM_SECURITY_MCP_CACHE_FILE override.
- Plugin README.md — new MCP-baseline-reset row in commands table,
  scanner count 12 standalone -> 13 standalone, new "MCP Description
  Drift (E14, v7.3.0)" subsection explaining the sticky baseline,
  cumulative threshold, reset semantics, and env-var override.
- Root marketplace README.md — scanner count 22 -> 23 (10 orchestrated +
  13 standalone), command count 19 -> 20, test count 1511 -> 1768.

Wave C complete: 1738 -> 1768 tests (+30 across C1/C2/C3). Per plan,
Wave C does NOT bump the plugin version — that lands at the wave-bundle
release. The advisory text in post-mcp-verify already references the
new command path so the user has a ready remediation step.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/llm-security/commands/mcp-baseline-reset.md

@@ -0,0 +1,74 @@
+---
+name: security:mcp-baseline-reset
+description: Reset MCP description baseline cache
+allowed-tools: Read, Bash, AskUserQuestion
+model: sonnet
+---
+
+# /security mcp-baseline-reset
+
+Reset the sticky description baseline used by `post-mcp-verify.mjs` for cumulative-drift detection (E14, OWASP MCP05).
+
+## Why this matters
+
+The cache stores a per-tool **baseline** description plus a rolling 10-event history. Cumulative drift is measured as `levenshtein(current, baseline) / max(|current|, |baseline|)`; when the ratio crosses the threshold (default 0.25), `post-mcp-verify.mjs` emits a MEDIUM `mcp-cumulative-drift` advisory.
+
+After a **legitimate** MCP server upgrade the old baseline is stale — every subsequent call will keep tripping the advisory. Reset the baseline once to acknowledge the upgrade. The next MCP invocation will seed a fresh baseline from the new description.
+
+Resetting **removes the slow-burn detection window** for that server until the new baseline is established. Only do this for upgrades you trust.
+
+## Step 1 — List current baselines
+
+Run the listing CLI in read-only mode:
+
+```bash
+node <plugin-root>/scanners/mcp-baseline-reset.mjs --list
+```
+
+Parse the JSON `baselines[]` array. If `count == 0`, report "No baselines stored yet" and stop.
+
+## Step 2 — Confirm scope
+
+Use `AskUserQuestion` to confirm the user's intent:
+
+- Question: "Reset which baselines?"
+- Options derived from Step 1's output:
+  - "All baselines (N tools)" — clears every entry
+  - One option per tool, e.g. `mcp__tavily__tavily_search`
+  - "Cancel" — abort
+
+## Step 3 — Execute
+
+If the user picked **all**:
+
+```bash
+node <plugin-root>/scanners/mcp-baseline-reset.mjs
+```
+
+If the user picked a specific tool:
+
+```bash
+node <plugin-root>/scanners/mcp-baseline-reset.mjs --target <toolName>
+```
+
+Capture stdout JSON.
+
+## Step 4 — Confirm result
+
+Report from the JSON response:
+
+```
+Cleared <cleared> baseline(s):
+  - <tool 1>
+  - <tool 2>
+  ...
+Remaining baselines: <remaining>
+```
+
+Add a one-line reminder: "The next MCP call to each cleared tool will seed a fresh baseline from the incoming description."
+
+## Notes
+
+- The CLI exits 0 even when nothing was cleared (idempotent).
+- History entries are **preserved** across reset for audit purposes.
+- This command does not connect to MCP servers — it only mutates the local cache at `~/.cache/llm-security/mcp-descriptions.json`.

plugins/llm-security/commands/security.md

@@ -21,6 +21,7 @@ Based on OWASP LLM Top 10 (2025) and OWASP Agentic AI Top 10.
 | `/security plugin-audit [path\|url]` | Dedicated plugin security audit with trust verdict | Before installing a third-party plugin |
 | `/security mcp-audit [--live]` | Focused audit of all installed MCP servers | After adding MCP servers or on suspicion |
 | `/security mcp-inspect` | Live inspection — connect to MCP servers, scan tool descriptions | Verify running servers have safe tool descriptions |
+| `/security mcp-baseline-reset` | Reset MCP description baseline cache | After legitimate MCP server upgrade |
 | `/security ide-scan [target]` | Scan installed VS Code / JetBrains extensions for supply-chain risk, typosquats, malicious patterns | After installing new extensions or periodic review |
 | `/security posture` | Quick security posture scorecard | Daily/weekly health check |
 | `/security threat-model` | Interactive STRIDE/MAESTRO threat modeling session | When designing new architecture |