feat(policy-loader): 8.7 — env-var deprecation warnings (v8.0.0 removal)

plugins/llm-security/CLAUDE.md

@@ -45,6 +45,30 @@ history are preserved for audit. `LLM_SECURITY_MCP_CACHE_FILE` env var
 overrides the cache path for end-to-end testing without polluting the
 user's real `~/.cache/llm-security/mcp-descriptions.json`.
 
+**v7.3.0 — Env-var deprecation warnings (D3 of Batch C, Wave D).**
+Closes 8.7 from `.claude/projects/2026-04-29-batch-c-scope-finalize/plan.md`.
+`scanners/lib/policy-loader.mjs` exports a new helper
+`getPolicyValueWithEnvWarn(section, key, envVarName, defaultValue)` —
+env still wins per Preferences (existing behaviour), but when both the
+env-var AND the `policy.json` key are explicitly set, the helper emits a
+single per-process stderr line: `[llm-security] Deprecation: env-var
+${ENVVAR} will be removed in v8.0.0; policy.json key ${section}.${key}
+also set — env wins for now. Suppress with LLM_SECURITY_DEPRECATION_QUIET=1.`
+Module-scoped `Set` dedupes per env-var name across call-sites. Four
+overlapping vars are wired through the helper:
+`LLM_SECURITY_INJECTION_MODE` ↔ `injection.mode` (in
+`pre-prompt-inject-scan.mjs`), `LLM_SECURITY_TRIFECTA_MODE` ↔
+`trifecta.mode` and `LLM_SECURITY_ESCALATION_WINDOW` ↔
+`trifecta.escalation_window` (in `post-session-guard.mjs`),
+`LLM_SECURITY_AUDIT_LOG` ↔ `audit.log_path` (in
+`scanners/lib/audit-trail.mjs`). `DEFAULT_POLICY` gains
+`trifecta.escalation_window: 5` to close the gap noted in the plan
+revisions table (M10). Env-only vars without policy.json equivalents
+(`LLM_SECURITY_UPDATE_CHECK`, `LLM_SECURITY_PRECOMPACT_MODE`,
+`LLM_SECURITY_PRECOMPACT_MAX_BYTES`, `LLM_SECURITY_IDE_ROOTS`,
+`LLM_SECURITY_MCP_CACHE_FILE`) are unchanged — they emit no
+deprecation signal because there is nothing to deprecate yet.
+
 ## Commands
 
 | Command | Description |