chore(voyage): release v4.3.0 — finalize version-sync + docs (3 re-review findings deferred to v4.3.1)

Bumps .claude-plugin/plugin.json 4.2.0 -> 4.3.0 (package.json, package-lock.json,
and the README badge were already at 4.3.0). Updates the v4.3.0 CHANGELOG entry with
the verified test count (711 pass / 0 fail / 2 skipped, 713 total), a "Re-review
remediation (Sesjon 13-18)" note covering the 11-finding cycle Waves 1-3 closed, and
a "Known issues — deferred to v4.3.1" subsection listing the 3 new findings the Sesjon
18 re-review surfaced in the remediation code (87069b35 SECURITY_INJECTION defense-in-
depth, 4cc3bfc9 PLAN_EXECUTE_DRIFT, c6c64a58 MISSING_TEST). Updates root CLAUDE.md
(voyage v4.0.0 -> v4.3.0, seven-command + playground), root README + plugin README
(test count, Known-limitations note, fixes the stale "trekplan@" install snippet ->
"voyage@"), root marketplace.json (voyage description), and plugin CLAUDE.md (Playground
paragraph). A plan-critic-reviewed Wave-4 remediation plan for the 3 deferred findings
is ready (.claude/plans/, gitignored).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

.claude-plugin/marketplace.json

@@ -23,7 +23,7 @@
     {
       "name": "voyage",
       "source": "./plugins/voyage",
-      "description": "Voyage — brief, research, plan, execute, review, continue. Contract-driven Claude Code pipeline with specialized agent swarms, external research triangulation, adversarial review, post-hoc independent review with Handover 6 feedback loop, multi-session resumption, session decomposition, and headless execution."
+      "description": "Voyage — brief, research, plan, execute, review, revise, continue. Contract-driven Claude Code pipeline with specialized agent swarms, external research triangulation, adversarial review, post-hoc independent review with Handover 6 feedback loop, operator-driven artifact annotation (Handover 8) via a dashboard-centric marketplace playground, multi-session resumption, session decomposition, and headless execution."
     },
     {
       "name": "linkedin-thought-leadership",

CLAUDE.md

@@ -13,7 +13,7 @@ plugins/
   llm-security/          v6.0.0  — Security scanning, auditing, threat modeling
   ms-ai-architect/       v1.13.1 — Microsoft AI architecture (Cosmo Skyberg persona) + manual KB-refresh slash command
   okr/                   v1.0.0  — OKR guidance for Norwegian public sector
-  voyage/                v4.0.0  — Brief, research, plan, execute, review, continue. Contract-driven Claude Code pipeline (six-command universal pipeline + multi-session resumption + --gates autonomy chain)
+  voyage/                v4.3.0  — Brief, research, plan, execute, review, revise, continue. Contract-driven Claude Code pipeline (seven-command universal pipeline + multi-session resumption + --gates autonomy chain + Handover 8 annotation pipeline + dashboard-centric marketplace playground). v4.3.0 ships with 3 known re-review findings deferred to v4.3.1 (defense-in-depth + conformance; ready Wave-4 plan exists).
 
 shared/
   playground-design-system/  v0.1  — Aksel/Digdir-aligned CSS design system + JSON schemas + self-hosted Inter/JetBrains Mono/Source Serif 4 fonts (Tier 1+2+3 wave 1+wave 2 = 20 Tier 3 components total). Consumed by ms-ai-architect, okr, llm-security, voyage, config-audit

README.md

@@ -81,7 +81,7 @@ Key commands: `/config-audit posture`, `/config-audit feature-gap`, `/config-aud
 
 Deep requirements gathering, research, implementation planning, self-verifying execution, independent post-hoc review, operator-driven artifact annotation via voyage's marketplace playground, and zero-friction multi-session resumption — with specialized agent swarms, adversarial review, and failure recovery. Seven-command (brief, research, plan, execute, review, **revise**, continue) universal pipeline.
 
-v4.3.0 (non-breaking) rebuilds the v4.2 playground with a dashboard-centric layout, file://-loader, and matured anchor-rendering. `playground/voyage-playground.html` now opens a `.claude/projects/<slug>/`-mappe directly via `webkitdirectory` directory-picker, drag-drop with `webkitGetAsEntry` recursive walk, or `?project=/abs/path` URL-parameter — no more paste-into-textarea workflow. The new `fleet-grid` of `fleet-tile` per artifact with drill-down detail surface achieves visual parity with `plugins/llm-security/playground/llm-security-playground.html`. Anchor-rendering matures: block-boundary placement with code-fence/table/list-item fallback, browser-side `parseAnchor` mirroring Node-side regex, numbered-badge gutter + yellow-tint highlight, hidden-by-default sidebar-rail with J/K keyboard navigation, two-opacity pattern (active 100% / inactive 40% / resolved 30% strikethrough). A11Y panel built from DS-primitives. Screenshots-spor convention via `window.__voyage` hooks (`navigate` / `scheduleRender` / `getProjectArtifacts`) + `docs/screenshots/`. Path-traversal + symlink/dotfile filter (`isProjectPathSafe`). DOMPurify ≥ 3.1.1 vendored for `sanitizeAnnotation`; HTML-comment indirect prompt-injection mitigation via `parseAnchor`-allowlist gate before `md.render`. Total bundle 388 KB / 460 KB HALT-gate. Test pyramid Groups A-D — Group A 17 static-HTML grep tests (SC1 10-element checklist + SC3 + SC6 + SC7 tag-level no-CDN), Group B 9 structure tests, Group C 7 export-bundle schema + `annotation_digest` SHA-256 validity tests, Group D 4 Playwright e2e (light/dark axe-core delta-baseline + pixel-diff smoke + zero-external-network authoritative gate via `npm run test:e2e`). Test count: 672 → 705 pass / 0 fail. WCAG-violations baseline'd; actual fix deferred to v4.4 (HTML FROZEN in Sesjon 6 per Wave 7 verification-only scope).
+v4.3.0 (non-breaking) rebuilds the v4.2 playground with a dashboard-centric layout, file://-loader, and matured anchor-rendering. `playground/voyage-playground.html` now opens a `.claude/projects/<slug>/`-mappe directly via `webkitdirectory` directory-picker, drag-drop with `webkitGetAsEntry` recursive walk, or `?project=/abs/path` URL-parameter — no more paste-into-textarea workflow. The new `fleet-grid` of `fleet-tile` per artifact with drill-down detail surface achieves visual parity with `plugins/llm-security/playground/llm-security-playground.html`. Anchor-rendering matures: block-boundary placement with code-fence/table/list-item fallback, browser-side `parseAnchor` mirroring Node-side regex, numbered-badge gutter + yellow-tint highlight, hidden-by-default sidebar-rail with J/K keyboard navigation, two-opacity pattern (active 100% / inactive 40% / resolved 30% strikethrough). A11Y panel built from DS-primitives. Screenshots-spor convention via `window.__voyage` hooks (`navigate` / `scheduleRender` / `getProjectArtifacts`) + `docs/screenshots/`. Path-traversal + symlink/dotfile filter (`isProjectPathSafe`). DOMPurify ≥ 3.1.1 vendored for `sanitizeAnnotation`; HTML-comment indirect prompt-injection mitigation via `parseAnchor`-allowlist gate before `md.render`. Total bundle 388 KB / 460 KB HALT-gate. Test pyramid Groups A-D — Group A 17 static-HTML grep tests (SC1 10-element checklist + SC3 + SC6 + SC7 tag-level no-CDN), Group B 9 structure tests, Group C 7 export-bundle schema + `annotation_digest` SHA-256 validity tests, Group D 5 Playwright e2e specs (light/dark axe-core absolute zero-violation + pixel-diff smoke + inline-gallery + zero-external-network authoritative gate via `npm run test:e2e`). Test count: 672 → 711 pass / 0 fail / 2 skipped (713 total). A Sesjon 13–18 independent-review remediation cycle then closed all 11 review findings (DOMPurify on the artifact body, inline screenshots gallery, absolute-zero-violation a11y spec, Phase 9 `plan_critic` injection, fleet-grid CSS parity); a Sesjon 18 re-review found 3 new defense-in-depth/conformance findings in the remediation code itself — deferred to v4.3.1 (a ready, plan-critic-reviewed Wave-4 plan exists).
 
 v4.2.0 (non-breaking) adds the `/trekrevise` command and the **Handover 8 (annotation → revision)** annotation pipeline. The original `playground/voyage-playground.html` (single self-contained HTML with vendored `markdown-it` + `highlight.js`) lets operators paste a brief/plan/review, drag-select or hover-anchor comments, and export a `/trekrevise --apply` batch. Round-trippable in-place revision: byte-identical body outside anchor blocks (SC2), idempotent `annotation_digest` (SC3), additive frontmatter — no `*_version` bump, every brief / plan / review written before v4.2 validates as `revision: 0` without migration. Single-iteration MVP per research-05; multi-iteration loops deferred. Includes `lib/parsers/anchor-parser.mjs` + `lib/parsers/annotation-digest.mjs`, `lib/util/markdown-write.mjs` + `lib/util/revision-guard.mjs`, `scripts/render-artifact.mjs` server-side render CLI, and `docs/annotation-quickstart.md` ≤7-step operator walkthrough.
 

plugins/voyage/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "voyage",
   "description": "Voyage — brief, research, plan, execute, review, revise, continue. Contract-driven Claude Code pipeline + first marketplace playground.",
-  "version": "4.2.0",
+  "version": "4.3.0",
   "author": {
     "name": "Kjell Tore Guttormsen"
   },

plugins/voyage/CHANGELOG.md

@@ -28,7 +28,7 @@ The v4.2 playground proved the annotation loop. v4.3 rebuilds it from the ground
 
 ### Changed
 
-- **Test count: 672 → 705 pass / 0 fail / 2 skipped** (+33 new node-test tests across Groups A/B/C; +4 Playwright tests run via `npm run test:e2e`).
+- **Test count: 672 → 711 pass / 0 fail / 2 skipped** (713 total — Groups A/B/C node-test additions from the rebuild and the Sesjon 13–18 re-review remediation; +5 Playwright e2e specs run via `npm run test:e2e`).
 - **Theme bootstrap IIFE** (Wave 2 Step 6) sets `data-theme="dark"` as default; respects `localStorage('voyage-theme')` → `prefers-color-scheme: dark` matchMedia → fallback `dark`. Theme-toggle button in topbar (Wave 2 Step 7) persists user choice.
 - **Page-shell pattern** (Wave 2 Step 9) — `page__eyebrow` + `page__title` + `page__lede` + `page__meta` matches DS reference.
 - **Annotation export filename** — `annotated-{target}.md` where target = brief|plan|review|artifact (derived from frontmatter).
@@ -39,20 +39,31 @@ The v4.2 playground proved the annotation loop. v4.3 rebuilds it from the ground
 - **Hard-coded WIP token strings** (Wave 1 Step 4) — voyage tokens normalized to canonical `--color-scope-voyage` + `--ds-color-*` tokens; literal pixel font-sizes replaced with DS scale.
 - **Plan-determinism test reference path** (Wave 0 Step 3) — `tests/synthetic/plan-determinism.test.mjs:115` updated to `plan-run-C.md` (alphabetic convention matching A/B).
 
+### Re-review remediation (Sesjon 13–18)
+
+After the rebuild, an independent `/trekreview` (Sesjon 13) flagged 11 findings (5 BLOCKER + 5 MAJOR + 1 MINOR). Waves 1–3 of remediation closed **all 11** with delivered code + tests — notably reinstating an **inline screenshots gallery** (`renderScreenshotGallery`, finding `31d28f65`; supersedes the original "deferred to v4.4" item below), wrapping `renderArtifact`'s `bodyHtml` in `DOMPurify.sanitize` (`1d3591d4`), converting the SC2 a11y spec to absolute zero-violation mode and removing `a11y-baseline.json` (`09132940`), documenting the Phase 9 `plan_critic` frontmatter injection (`906f155d`), and asserting the `.fleet-grid` 4-column CSS parity (`99707f51`). A Sesjon 18 re-review then found 3 **new** findings introduced by the remediation code itself — deferred to v4.3.1 (see *Known issues* below).
+
 ### Deferred to v4.4
 
-- WCAG-violations fix (HTML FROZEN in Sesjon 6 per Wave 7 verification-only scope).
-- Inline screenshots-gallery component (Element 6 redefinition risk).
+- WCAG-violations fix (HTML FROZEN in Sesjon 6 per Wave 7 verification-only scope; superseded for the a11y-spec by the absolute zero-violation conversion in the Sesjon 13–18 remediation).
 - File System Access API (FSA) write-back (currently `Blob`-download only).
 - `<project>/design/`-folder traversal.
 - `IndexedDB` primary persistence (localStorage stays primary for v4.3).
 - Hybrid claude-design-skill → canvas → frontend-design workflow (research/02 deferred to v4.4+).
 
+### Known issues — deferred to v4.3.1
+
+The Sesjon 18 re-review surfaced 3 findings in code the Sesjon 13–18 remediation introduced. None is a live operator-facing exploit; they are deferred to a v4.3.1 patch (a ready Wave-4 remediation plan exists, plan-critic-reviewed, ALIGNED):
+
+- **`87069b35` (SECURITY_INJECTION, defense-in-depth)** — `renderScreenshotGallery()` interpolates `screenshots[].dataUrl` raw into an `<img src>` attribute, and `renderDashboard`'s `innerHTML` (unlike `renderArtifact`'s) is not DOMPurify-wrapped. **Not exploitable from the operator file-load path** — `FileReader.readAsDataURL` of a `.png` File always yields a safe base64 `data:` URL; the only injection path is `window.__voyage.scheduleRender({ artifacts: { screenshots: [{ dataUrl: '" onerror="…' }] } })`, which requires JS already executing in the page. Fix: a `data:image/…;base64,…` allowlist in `renderScreenshotGallery`.
+- **`4cc3bfc9` (PLAN_EXECUTE_DRIFT)** — `commands/trekplan.md:745` uses a backtick template literal as an ES `import` specifier (a `SyntaxError`). An LLM running the Phase 9 snippet verbatim fails before `plan_critic` is written; the documented fallback is non-fatal, so `plan.md` is still produced — without the field. Fix: backtick → single quote.
+- **`c6c64a58` (MISSING_TEST)** — no test asserts that a non-`data:` `dataUrl` is neutralised before DOM injection, so `87069b35` is invisible to `npm test`. Fix: Group D Playwright runtime guard + Group A static-grep guard.
+
 ### Notes
 
 - Brief, research (4 briefs), plan, and execute (6 sessions) all produced from the v4.3 pipeline itself. SC11 pipeline-self-eat gate continues to hold.
 - Path A/B/C decision (cache-first / sequential `--no-ff` waves / hybrid identical-tool) unchanged from v3.4.0 — Path B remains in production.
-- Plan quality score 86/100 Grade A APPROVE_WITH_NOTES (adversarial review Phase 9, 22 revisions documented in plan.md Revisions table).
+- Plan quality score 86/100 Grade A APPROVE_WITH_NOTES (adversarial review Phase 9, 22 revisions documented in plan.md Revisions table). Sesjon 13–18 remediation plans reviewed independently; Sesjon 18 re-review verdict BLOCK with 3 findings (now v4.3.1).
 
 ## v4.2.0 — 2026-05-09 — Annotation pipeline + first voyage playground
 

plugins/voyage/CLAUDE.md

@@ -235,7 +235,7 @@ Local Docker Compose stack: `examples/observability/`. Operator docs: `docs/obse
 
 **Revise (v4.2):** `/trekrevise --project <dir>` consumes a batch exported from `playground/voyage-playground.html` and folds operator annotations back into the source artifact (`brief.md` / `plan.md` / `review.md`). Phase 1 parse + validate, Phase 2 read source + rollback hygiene (`*.local.bak` via `lib/util/revision-guard.mjs`), Phase 3 parse anchors + validate placement (`lib/parsers/anchor-parser.mjs` — block-boundary discipline), Phase 4 compute revision diff + deterministic SHA-256 digest (`lib/parsers/annotation-digest.mjs`), Phase 5 atomic apply via `lib/util/markdown-write.mjs`, Phase 6 round-trip integrity (`stripAnchors`-of-written equals pre-write body), Phase 7 optional review-gate when target is plan and review.md exists, Phase 8 stats + report. Single-iteration MVP — each batch produces one `revision:` increment with `source_annotations:` audit trail. **Handover 8** (`docs/HANDOVER-CONTRACTS.md`) — additive frontmatter; no `*_version` bump; artifacts written before v4.2 validate as `revision: 0`.
 
-**Playground (v4.3):** `playground/voyage-playground.html` is the operator-facing surface for browsing voyage projects and editing annotations. v4.3 rebuilds the v4.2 playground from the ground up — dashboard-centric layout (`fleet-grid` of `fleet-tile` per artifact), file://-loader with three entry points (`webkitdirectory` directory-picker / drag-drop with `webkitGetAsEntry` recursive walk / URL-parameter `?project=/abs/path`), block-boundary anchor placement matching browser-side `parseAnchor` to Node-side `lib/parsers/anchor-parser.mjs` regex, hidden-by-default sidebar-rail with J/K keyboard navigation, two-opacity pattern (active 100% / inactive 40% / resolved 30% strikethrough), A11Y panel built from DS-primitives, screenshots-spor convention via `window.__voyage` hooks (`navigate` / `scheduleRender` / `getProjectArtifacts`) + `docs/screenshots/`. Path-traversal + symlink/dotfile filter (`isProjectPathSafe`) blocks `..` / `node_modules/` / `dist/` / `build/` / hidden-paths with `aria-live` announces. DOMPurify ≥ 3.1.1 vendored for `sanitizeAnnotation`; HTML-comment indirect prompt-injection mitigation via `parseAnchor`-allowlist gate before `md.render`. Total bundle 388 KB / 460 KB HALT-gate. Test pyramid Groups A-D — Group A 17 static-HTML tests (SC1 10-element checklist + SC3 + SC6 + SC7 tag-level no-CDN), Group B 9 DS-token + theme-toggle + sidebar-tab + keyboard-pattern tests, Group C 7 export-bundle schema + `annotation_digest` SHA-256 validity tests, Group D 4 Playwright e2e (light/dark axe-core delta-baseline + pixel-diff smoke + zero-external-network authoritative gate). See `playground/README.md` + `docs/sc1-checklist-verification.md`.
+**Playground (v4.3):** `playground/voyage-playground.html` is the operator-facing surface for browsing voyage projects and editing annotations. v4.3 rebuilds the v4.2 playground from the ground up — dashboard-centric layout (`fleet-grid` of `fleet-tile` per artifact), file://-loader with three entry points (`webkitdirectory` directory-picker / drag-drop with `webkitGetAsEntry` recursive walk / URL-parameter `?project=/abs/path`), block-boundary anchor placement matching browser-side `parseAnchor` to Node-side `lib/parsers/anchor-parser.mjs` regex, hidden-by-default sidebar-rail with J/K keyboard navigation, two-opacity pattern (active 100% / inactive 40% / resolved 30% strikethrough), A11Y panel built from DS-primitives, screenshots-spor convention via `window.__voyage` hooks (`navigate` / `scheduleRender` / `getProjectArtifacts`) + `docs/screenshots/`. Path-traversal + symlink/dotfile filter (`isProjectPathSafe`) blocks `..` / `node_modules/` / `dist/` / `build/` / hidden-paths with `aria-live` announces. DOMPurify ≥ 3.1.1 vendored for `sanitizeAnnotation`; HTML-comment indirect prompt-injection mitigation via `parseAnchor`-allowlist gate before `md.render`. Total bundle 388 KB / 460 KB HALT-gate. Test pyramid Groups A-D — Group A 17 static-HTML tests (SC1 10-element checklist + SC3 + SC6 + SC7 tag-level no-CDN), Group B 9 DS-token + theme-toggle + sidebar-tab + keyboard-pattern tests, Group C 7 export-bundle schema + `annotation_digest` SHA-256 validity tests, Group D 5 Playwright e2e specs (light/dark axe-core absolute zero-violation + pixel-diff smoke + inline-gallery + zero-external-network authoritative gate). See `playground/README.md` + `docs/sc1-checklist-verification.md`. A Sesjon 13–18 independent-review remediation cycle closed all 11 findings from the first `/trekreview` (DOMPurify on the artifact body, inline `renderScreenshotGallery`, absolute-zero-violation a11y spec, Phase 9 `plan_critic` injection, fleet-grid CSS parity). **v4.3.0 ships with 3 new re-review findings deferred to v4.3.1:** `87069b35` (`renderScreenshotGallery` interpolates `screenshots[].dataUrl` raw into an `<img src>` — defense-in-depth only, *not* exploitable from the operator file-load path, only via the `window.__voyage.scheduleRender` hook), `4cc3bfc9` (backtick template-literal ES-import specifier at `commands/trekplan.md:745` Phase 9 — SyntaxError; documented fallback keeps `plan.md` valid, just without `plan_critic`), `c6c64a58` (no test for the gallery `dataUrl` injection path). A plan-critic-reviewed Wave-4 remediation plan is ready; see [CHANGELOG.md](CHANGELOG.md) § "Known issues — deferred to v4.3.1".
 
 **Security:** 4-layer defense-in-depth: plugin hooks (pre-bash-executor, pre-write-executor), prompt-level denylist (works in headless sessions), pre-execution plan scan (Phase 2.4), scoped `--allowedTools` replacing `--dangerously-skip-permissions`. Hard Rules 14-16 enforce verify command security, repo-boundary writes, and sensitive path protection.
 

plugins/voyage/README.md

@@ -695,6 +695,8 @@ The `pre-compact-flush.mjs` hook directly fixes the documented P0 in `docs/treke
 
 **Infrastructure-as-code (IaC) gets reduced value.** The exploration agents are designed for application code. Terraform, Helm, Pulumi, CDK projects will get a plan, but agents like `architecture-mapper` and `test-strategist` produce less useful output for IaC. Use trekplan for the structural plan, then supplement IaC-specific steps manually.
 
+**v4.3.0 — 3 known re-review findings deferred to v4.3.1.** A Sesjon 13–18 independent-review remediation closed all 11 findings from the first `/trekreview`, but a re-review found 3 new ones in the remediation code: `87069b35` (`renderScreenshotGallery` interpolates `screenshots[].dataUrl` raw into an `<img src>` — defense-in-depth only; *not* exploitable from the operator file-load path, only via the `window.__voyage.scheduleRender` hook which needs JS already running in the page), `4cc3bfc9` (a backtick template literal as an ES `import` specifier in `commands/trekplan.md:745` Phase 9 — SyntaxError; the documented fallback keeps `plan.md` valid, just without `plan_critic`), and `c6c64a58` (no test covers the gallery `dataUrl` injection path). A plan-critic-reviewed Wave-4 remediation plan is ready; v4.3.1 ships the fixes. See [CHANGELOG.md](CHANGELOG.md) § "Known issues — deferred to v4.3.1".
+
 ## Installation
 
 Add the marketplace and browse plugins with `/plugin`:
@@ -708,7 +710,7 @@ Or enable directly in `~/.claude/settings.json`:
 ```json
 {
   "enabledPlugins": {
-    "trekplan@ktg-plugin-marketplace": true
+    "voyage@ktg-plugin-marketplace": true
   }
 }
 ```