open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

chore(voyage): release v4.3.0 — finalize version-sync + docs (3 re-review findings deferred to v4.3.1)

Browse source 
Bumps .claude-plugin/plugin.json 4.2.0 -> 4.3.0 (package.json, package-lock.json,
and the README badge were already at 4.3.0). Updates the v4.3.0 CHANGELOG entry with
the verified test count (711 pass / 0 fail / 2 skipped, 713 total), a "Re-review
remediation (Sesjon 13-18)" note covering the 11-finding cycle Waves 1-3 closed, and
a "Known issues — deferred to v4.3.1" subsection listing the 3 new findings the Sesjon
18 re-review surfaced in the remediation code (87069b35 SECURITY_INJECTION defense-in-
depth, 4cc3bfc9 PLAN_EXECUTE_DRIFT, c6c64a58 MISSING_TEST). Updates root CLAUDE.md
(voyage v4.0.0 -> v4.3.0, seven-command + playground), root README + plugin README
(test count, Known-limitations note, fixes the stale "trekplan@" install snippet ->
"voyage@"), root marketplace.json (voyage description), and plugin CLAUDE.md (Playground
paragraph). A plan-critic-reviewed Wave-4 remediation plan for the 3 deferred findings
is ready (.claude/plans/, gitignored).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-05-11 21:08:48 +02:00
commit 0f197f6ff6
7 changed files with 23 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
plugins/voyage/README.md
View file

@ -695,6 +695,8 @@ The `pre-compact-flush.mjs` hook directly fixes the documented P0 in `docs/treke
**Infrastructure-as-code (IaC) gets reduced value.** The exploration agents are designed for application code. Terraform, Helm, Pulumi, CDK projects will get a plan, but agents like `architecture-mapper` and `test-strategist` produce less useful output for IaC. Use trekplan for the structural plan, then supplement IaC-specific steps manually.
**v4.3.0 — 3 known re-review findings deferred to v4.3.1.** A Sesjon 1318 independent-review remediation closed all 11 findings from the first `/trekreview`, but a re-review found 3 new ones in the remediation code: `87069b35` (`renderScreenshotGallery` interpolates `screenshots[].dataUrl` raw into an `<img src>` — defense-in-depth only; *not* exploitable from the operator file-load path, only via the `window.__voyage.scheduleRender` hook which needs JS already running in the page), `4cc3bfc9` (a backtick template literal as an ES `import` specifier in `commands/trekplan.md:745` Phase 9 — SyntaxError; the documented fallback keeps `plan.md` valid, just without `plan_critic`), and `c6c64a58` (no test covers the gallery `dataUrl` injection path). A plan-critic-reviewed Wave-4 remediation plan is ready; v4.3.1 ships the fixes. See [CHANGELOG.md](CHANGELOG.md) § "Known issues — deferred to v4.3.1".
## Installation
Add the marketplace and browse plugins with `/plugin`:
@ -708,7 +710,7 @@ Or enable directly in `~/.claude/settings.json`:
```json
{
"enabledPlugins": {
"trekplan@ktg-plugin-marketplace": true
"voyage@ktg-plugin-marketplace": true
}
}
```