open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

chore(llm-security): v7.3.1 — stabilization patch for forkers and downstream users

Browse source 
No behavior changes. Sets the public stance, tightens documentation, and
removes coherence drift so anyone forking or downloading the plugin gets
a consistent starting point.

Added:
- CONTRIBUTING.md — public fork-and-own guide. Why PRs are not accepted,
  how to fork well, what is welcome via issues.
- README "Project scope" section — out-of-scope table naming what is
  fork-and-own territory (web dashboard, fleet policy, runtime firewall,
  IDE LSP, compliance pack, ticketing, multi-tenancy, ML detectors,
  marketplace UI, SSO/SCIM/RBAC) with commercial alternatives.
- package.json: bugs.url, CONTRIBUTING/SECURITY/CHANGELOG in files
  whitelist for npm publishing.

Changed:
- SECURITY.md rewritten. Supported-versions table from stale 5.1.x to
  current reality (7.3.x active, 7.0-7.2 best-effort, <7.0 EOL).
  Best-effort solo response timeline. Scope expanded to bin/.
- Scanner VERSION constants synced to plugin version. Was 6.0.0 in
  dashboard-aggregator and posture-scanner.
- package.json repository.url corrected from fromaitochitta/ to open/.
- README "Feedback & contributing" links to CONTRIBUTING.md.

Fixed:
- pre-compact-scan size-cap timing test ceiling raised 500ms -> 1000ms.
  Was a flake on Intel Mac and CI under load. Design target unchanged
  (<500ms, documented in CLAUDE.md).

Notes:
- First patch on the stabilization line (post-2026-05-01).
- Wave E attack-simulator scenarios deferred indefinitely; coverage
  remains at 72.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-05-01 06:14:03 +02:00
commit 62a9335772
12 changed files with 336 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/llm-security/scanners/dashboard-aggregator.mjs
View file

@ -19,7 +19,7 @@ import { scan } from './posture-scanner.mjs';
// Constants
// ---------------------------------------------------------------------------
const VERSION = '6.0.0';
const VERSION = '7.3.1';
/** Cache location */
const CACHE_DIR = join(homedir(), '.cache', 'llm-security');

2
plugins/llm-security/scanners/ide-extension-scanner.mjs
View file

@ -49,7 +49,7 @@ import { scan as scanTaint } from './taint-tracer.mjs';
import { scan as scanMemoryPoisoning } from './memory-poisoning-scanner.mjs';
import { scan as scanSupplyChain } from './supply-chain-recheck.mjs';
const VERSION = '7.3.0';
const VERSION = '7.3.1';
const SCANNER = 'IDE';
// ---------------------------------------------------------------------------

2
plugins/llm-security/scanners/posture-scanner.mjs
View file

@ -20,7 +20,7 @@ import { finding, scannerResult, resetCounter } from './lib/output.mjs';
// Constants
// ---------------------------------------------------------------------------
const VERSION = '6.0.0';
const VERSION = '7.3.1';
/** Minimum lines for a hook script to be considered non-stub */
const NON_STUB_THRESHOLD = 5;