fix(llm-security): correct distribution URLs to marketplace path

The plugin lives in ktg-plugin-marketplace and is distributed via the Claude Code marketplace mechanism. There is no standalone open/claude-code-llm-security repo; references to it were aspirational and never realized. - package.json: homepage now deep-links to plugins/llm-security/ in the marketplace; repository.url uses the marketplace repo with directory field (npm convention for monorepo plugins); bugs.url routes to marketplace issue tracker. - CLAUDE.md: "Public Repository" section replaced with "Distribution" section documenting the marketplace install path. - CONTRIBUTING.md: issue tracker URL points at marketplace issues with [llm-security] prefix convention. - CHANGELOG.md: v7.3.1 entry rewritten to reflect actual change (URLs corrected to marketplace, not "fixed from one wrong URL to another wrong URL"). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 06:20:54 +02:00 · 2026-05-01 06:20:54 +02:00 · 8ca391fdb2
commit 8ca391fdb2
parent a65c7f4080
4 changed files with 34 additions and 12 deletions
--- a/plugins/llm-security/CHANGELOG.md
+++ b/plugins/llm-security/CHANGELOG.md
@ -39,10 +39,18 @@ organizations get a consistent starting point.
  response rather than silent ignore.
 - `README.md` "Feedback & contributing" section now links to
  `CONTRIBUTING.md` and the new "Project scope" section.
- `package.json` `repository.url` corrected from
-  `fromaitochitta/claude-code-llm-security` to
-  `open/claude-code-llm-security` (matches `homepage` and the canonical
-  Forgejo path).
+- `package.json` URL fields corrected to point at the
+  `ktg-plugin-marketplace` monorepo (the canonical home for this plugin).
+  `homepage` now deep-links to `plugins/llm-security/`, `repository.url`
+  uses the marketplace repo with a `directory: "plugins/llm-security"`
+  field (npm convention for monorepo plugins), and `bugs.url` routes to
+  the marketplace issue tracker. Earlier values referenced a standalone
+  `claude-code-llm-security` repo that was never published — the plugin
+  is distributed via the marketplace mechanism, not as an independent
+  package.
+- `CLAUDE.md` "Public Repository" section replaced with a "Distribution"
+  section that documents the marketplace install path and removes the
+  stale standalone-repo references.
 - Scanner `VERSION` constants synced to plugin version. Previously
  `dashboard-aggregator.mjs` and `posture-scanner.mjs` reported `6.0.0`
  in scan output and SARIF, mismatching the actual plugin version.
--- a/plugins/llm-security/CLAUDE.md
+++ b/plugins/llm-security/CLAUDE.md
@ -225,11 +225,19 @@ Standalone CLI makes zero network calls in default mode. Schrems II compatible i

 Scan reports are stored in `reports/` as `.docx` (for sharing) with `.md` source.

-## Public Repository
+## Distribution

-Published as standalone repo: `https://git.fromaitochitta.com/open/claude-code-llm-security`
+This plugin lives in the `ktg-plugin-marketplace` monorepo at
+`https://git.fromaitochitta.com/open/ktg-plugin-marketplace` under
+`plugins/llm-security/`. It is not published as a standalone repo —
+users install it via the Claude Code marketplace mechanism:

-Pushed via `git subtree push --prefix=plugins/llm-security` from the plugin-marketplace monorepo.
+```bash
+claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
+```
+
+Issues, bug reports, and security disclosures all route to the
+marketplace repo.

 ## State

--- a/plugins/llm-security/CONTRIBUTING.md
+++ b/plugins/llm-security/CONTRIBUTING.md
@ -54,8 +54,13 @@ Open issues for:
  threat model is wrong, stale, or missing
 - **Compatibility regressions** — Claude Code version X stopped working

-Issues are tracked on the canonical Forgejo repo:
-`https://git.fromaitochitta.com/open/claude-code-llm-security`
+This plugin lives in the `ktg-plugin-marketplace` monorepo. Issues are
+tracked there, scoped to the `llm-security` plugin:
+
+`https://git.fromaitochitta.com/open/ktg-plugin-marketplace/issues`
+
+Tag the issue with the plugin name in the title — e.g.
+`[llm-security] entropy scanner false positive on GLSL shader`.

 The maintainer reads them. Response is best-effort, not real-time.

--- a/plugins/llm-security/package.json
+++ b/plugins/llm-security/package.json
@ -15,7 +15,7 @@
    "SECURITY.md",
    "CHANGELOG.md"
  ],
-  "homepage": "https://git.fromaitochitta.com/open/claude-code-llm-security",
+  "homepage": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace/src/branch/main/plugins/llm-security",
  "engines": {
    "node": ">=18"
  },
@ -34,9 +34,10 @@
  "license": "MIT",
  "repository": {
    "type": "git",
-    "url": "https://git.fromaitochitta.com/open/claude-code-llm-security"
+    "url": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace",
+    "directory": "plugins/llm-security"
  },
  "bugs": {
-    "url": "https://git.fromaitochitta.com/open/claude-code-llm-security/issues"
+    "url": "https://git.fromaitochitta.com/open/ktg-plugin-marketplace/issues"
  }
 }