feat: add okr plugin v1.0.0 — OKR guidance for Norwegian public sector
Expert OKR guidance based on Google/Doerr methodology, adapted for 4-month tertial cycles and Norwegian government accountability. Components: - 8 commands (skriv, kvalitet, kaskade, sporing, møter, innføring, governance, oppsett) - 5 agents (kvalitetssjekker, kaskadebygger, fremdriftssporer, møtefasilitator, styringsrådgiver) - 3 hooks (UserPromptSubmit context injection, PreCompact state preservation, Stop reminder) - 15 reference files covering methodology, governance, meetings, antipatterns - Linear MCP integration for OKR tracking Previously in ktg-privat, now open-sourced. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
parent
96d4d3ee45
commit
5078712f0e
42 changed files with 7341 additions and 0 deletions
60
plugins/okr/SECURITY.md
Normal file
60
plugins/okr/SECURITY.md
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| >= 1.0.0 | :white_check_mark: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you discover a security vulnerability, please:
|
||||
|
||||
1. **Do not** open a public issue
|
||||
2. Email the maintainer directly or use GitHub's private vulnerability reporting
|
||||
3. Include:
|
||||
- Description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Suggested fix (if any)
|
||||
|
||||
## What to Expect
|
||||
|
||||
- Acknowledgment within 48 hours
|
||||
- Status update within 7 days
|
||||
- Fix timeline depends on severity
|
||||
|
||||
## Security Considerations
|
||||
|
||||
This plugin handles OKR data which may contain sensitive organizational information:
|
||||
|
||||
### Data Handling
|
||||
|
||||
- All processing happens locally in Claude Code
|
||||
- No data is transmitted to external services (except configured integrations)
|
||||
- Linear integration uses your own API credentials
|
||||
|
||||
### Sensitive Files
|
||||
|
||||
The following files contain sensitive data and are gitignored:
|
||||
|
||||
| File | Contents |
|
||||
|------|----------|
|
||||
| `.claude/okr.local.md` | Linear API configuration, team settings |
|
||||
| `.mcp.json` | MCP server credentials |
|
||||
|
||||
### Best Practices
|
||||
|
||||
- Never commit `okr.local.md` to version control
|
||||
- Use environment variables for API keys when possible
|
||||
- Review OKR content before sharing externally
|
||||
- Consider data classification when tracking sensitive objectives
|
||||
|
||||
## Linear Integration Security
|
||||
|
||||
If using Linear integration:
|
||||
|
||||
- API keys are stored locally in `okr.local.md`
|
||||
- Use team-scoped API keys, not personal tokens
|
||||
- Rotate keys periodically
|
||||
- Review Linear's security documentation
|
||||
Loading…
Add table
Add a link
Reference in a new issue