feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)

New standalone scanner (prefix IDE) discovers installed VS Code extensions across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH) and runs 7 IDE-specific threat checks: blocklist match (CRITICAL), theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH), wildcard activation, extension-pack expansion, typosquat (MEDIUM). Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed for v1.1. 22 new tests (1296 total, was 1274). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-17 16:23:35 +02:00 · 2026-04-17 16:23:35 +02:00 · 6252e55700
commit 6252e55700
parent 7bcf5fae9d
33 changed files with 1849 additions and 20 deletions
--- a/README.md
+++ b/README.md
@ -22,21 +22,21 @@ Then open Claude Code and type `/plugin` to browse and install plugins from the

 ## Plugins

-### [LLM Security](plugins/llm-security/) `v6.2.0`
+### [LLM Security](plugins/llm-security/) `v6.3.0`

 Security scanning, auditing, and threat modeling for agentic AI projects.

 Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:

 - **Automated enforcement** — 9 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails, transcript scanning before context compaction)
- **Deterministic scanning** — 21 Node.js scanners (10 orchestrated + 11 standalone) for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics, AI-BOM, attack simulation. Bash-normalize T1-T6 for obfuscation-resistant denylists
- **Advisory analysis** — 18 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation
+- **Deterministic scanning** — 22 Node.js scanners (10 orchestrated + 12 standalone) for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics, AI-BOM, attack simulation, IDE extension prescan. Bash-normalize T1-T6 for obfuscation-resistant denylists
+- **Advisory analysis** — 19 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation
 - **Enterprise governance** — Compliance mapping (EU AI Act, NIST AI RMF, ISO 42001), SARIF 2.1.0 output, structured audit trail, policy-as-code, standalone CLI
 - **Opus 4.7 aligned** — Agent instructions rewritten for literal instruction-following (system card §6.3.1.1), defense-in-depth posture per §5.2.1, production hardening guide

-Key commands: `/security posture`, `/security audit`, `/security scan`, `/security threat-model`, `/security plugin-audit`
+Key commands: `/security posture`, `/security audit`, `/security scan`, `/security ide-scan`, `/security threat-model`, `/security plugin-audit`

-6 specialized agents · 21 scanners · 9 hooks · 16 knowledge docs · 1274 tests
+6 specialized agents · 22 scanners · 9 hooks · 18 knowledge docs · 1296 tests

 → [Full documentation](plugins/llm-security/README.md)