From 8ca391fdb2b7f7a84fd4cfe001ac21a5c2911fa5 Mon Sep 17 00:00:00 2001
From: Kjell Tore Guttormsen <ktg@humanize.no>
Date: Fri, 1 May 2026 06:20:54 +0200
Subject: [PATCH] fix(llm-security): correct distribution URLs to marketplace
 path

The plugin lives in ktg-plugin-marketplace and is distributed via the
Claude Code marketplace mechanism. There is no standalone
open/claude-code-llm-security repo; references to it were aspirational
and never realized.

- package.json: homepage now deep-links to plugins/llm-security/ in the
  marketplace; repository.url uses the marketplace repo with directory
  field (npm convention for monorepo plugins); bugs.url routes to
  marketplace issue tracker.
- CLAUDE.md: "Public Repository" section replaced with "Distribution"
  section documenting the marketplace install path.
- CONTRIBUTING.md: issue tracker URL points at marketplace issues with
  [llm-security] prefix convention.
- CHANGELOG.md: v7.3.1 entry rewritten to reflect actual change
  (URLs corrected to marketplace, not "fixed from one wrong URL to
  another wrong URL").

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 plugins/llm-security/CHANGELOG.md    | 16 ++++++++++++----
 plugins/llm-security/CLAUDE.md       | 14 +++++++++++---
 plugins/llm-security/CONTRIBUTING.md |  9 +++++++--
 plugins/llm-security/package.json    |  7 ++++---
 4 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/plugins/llm-security/CHANGELOG.md b/plugins/llm-security/CHANGELOG.md
index ab66aac..18bf4a5 100644
--- a/plugins/llm-security/CHANGELOG.md
+++ b/plugins/llm-security/CHANGELOG.md
@@ -39,10 +39,18 @@ organizations get a consistent starting point.
   response rather than silent ignore.
 - `README.md` "Feedback & contributing" section now links to
   `CONTRIBUTING.md` and the new "Project scope" section.
-- `package.json` `repository.url` corrected from
-  `fromaitochitta/claude-code-llm-security` to
-  `open/claude-code-llm-security` (matches `homepage` and the canonical
-  Forgejo path).
+- `package.json` URL fields corrected to point at the
+  `ktg-plugin-marketplace` monorepo (the canonical home for this plugin).
+  `homepage` now deep-links to `plugins/llm-security/`, `repository.url`
+  uses the marketplace repo with a `directory: "plugins/llm-security"`
+  field (npm convention for monorepo plugins), and `bugs.url` routes to
+  the marketplace issue tracker. Earlier values referenced a standalone
+  `claude-code-llm-security` repo that was never published — the plugin
+  is distributed via the marketplace mechanism, not as an independent
+  package.
+- `CLAUDE.md` "Public Repository" section replaced with a "Distribution"
+  section that documents the marketplace install path and removes the
+  stale standalone-repo references.
 - Scanner `VERSION` constants synced to plugin version. Previously
   `dashboard-aggregator.mjs` and `posture-scanner.mjs` reported `6.0.0`
   in scan output and SARIF, mismatching the actual plugin version.
diff --git a/plugins/llm-security/CLAUDE.md b/plugins/llm-security/CLAUDE.md
index bd6c497..4ddb008 100644
--- a/plugins/llm-security/CLAUDE.md
+++ b/plugins/llm-security/CLAUDE.md
@@ -225,11 +225,19 @@ Standalone CLI makes zero network calls in default mode. Schrems II compatible i
 
 Scan reports are stored in `reports/` as `.docx` (for sharing) with `.md` source.
 
-## Public Repository
+## Distribution
 
-Published as standalone repo: `https://git.fromaitochitta.com/open/claude-code-llm-security`
+This plugin lives in the `ktg-plugin-marketplace` monorepo at
+`https://git.fromaitochitta.com/open/ktg-plugin-marketplace` under
+`plugins/llm-security/`. It is not published as a standalone repo —
+users install it via the Claude Code marketplace mechanism:
 
-Pushed via `git subtree push --prefix=plugins/llm-security` from the plugin-marketplace monorepo.
+```bash
+claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
+```
+
+Issues, bug reports, and security disclosures all route to the
+marketplace repo.
 
 ## State
 
diff --git a/plugins/llm-security/CONTRIBUTING.md b/plugins/llm-security/CONTRIBUTING.md
index 5527694..8abbc80 100644
--- a/plugins/llm-security/CONTRIBUTING.md
+++ b/plugins/llm-security/CONTRIBUTING.md
@@ -54,8 +54,13 @@ Open issues for:
   threat model is wrong, stale, or missing
 - **Compatibility regressions** — Claude Code version X stopped working
 
-Issues are tracked on the canonical Forgejo repo:
-`https://git.fromaitochitta.com/open/claude-code-llm-security`
+This plugin lives in the `ktg-plugin-marketplace` monorepo. Issues are
+tracked there, scoped to the `llm-security` plugin:
+
+`https://git.fromaitochitta.com/open/ktg-plugin-marketplace/issues`
+
+Tag the issue with the plugin name in the title — e.g.
+`[llm-security] entropy scanner false positive on GLSL shader`.
 
 The maintainer reads them. Response is best-effort, not real-time.
 
diff --git a/plugins/llm-security/package.json b/plugins/llm-security/package.json
index f6375ff..d05feaa 100644
--- a/plugins/llm-security/package.json
+++ b/plugins/llm-security/package.json
@@ -15,7 +15,7 @@
     "SECURITY.md",
     "CHANGELOG.md"
   ],
-  "homepage": "https://git.fromaitochitta.com/open/claude-code-llm-security",
+  "homepage": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace/src/branch/main/plugins/llm-security",
   "engines": {
     "node": ">=18"
   },
@@ -34,9 +34,10 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://git.fromaitochitta.com/open/claude-code-llm-security"
+    "url": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace",
+    "directory": "plugins/llm-security"
   },
   "bugs": {
-    "url": "https://git.fromaitochitta.com/open/claude-code-llm-security/issues"
+    "url": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace/issues"
   }
 }