chore(ms-ai-architect): sanitize all private references for open-source

README.md: badges updated (1.7.0/387/12), installation URL updated to
ktg-plugin-marketplace, added ai-act-assessor to agent table, updated skill
ref counts, updated hooks section, updated category-skill-map path.

CLAUDE.md: fix agent model column (sonnet->opus), remove Linear section,
fix manual test path to generic placeholder.

commands/generate-skills.md: orchestrator paths updated to scripts/skill-gen.
commands/export.md: add Bash scope guardrail (security scan finding).

docs: replace GitHub and ktg-privat URLs with Forgejo, replace personal paths.
scripts/skill-gen/manifest.json: rename ktg-privat ID.
skills: remove Linear tagging reference, add supply chain warnings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

plugins/ms-ai-architect/README.md

@@ -2,10 +2,10 @@
 
 > Your virtual Microsoft AI solution architect — meet **Cosmo Skyberg**.
 
-![Version](https://img.shields.io/badge/version-1.5.0-blue)
+![Version](https://img.shields.io/badge/version-1.7.0-blue)
 ![Platform](https://img.shields.io/badge/platform-Claude_Code_Plugin-purple)
-![Docs](https://img.shields.io/badge/reference_docs-380-green)
-![Agents](https://img.shields.io/badge/agents-11-orange)
+![Docs](https://img.shields.io/badge/reference_docs-387-green)
+![Agents](https://img.shields.io/badge/agents-12-orange)
 ![License](https://img.shields.io/badge/license-MIT-lightgrey)
 
 A Claude Code plugin that provides structured architecture guidance across the full Microsoft AI stack. Cosmo Skyberg is a methodical, opinionated architect persona who understands the problem before recommending technology, verifies claims against live Microsoft Learn documentation via MCP, and delivers assessments calibrated for Norwegian public sector governance — while remaining useful for any enterprise context.
@@ -65,7 +65,7 @@ Key capabilities:
 ### Installation
 
 ```bash
-claude plugin add ktg-privat/ms-ai-architect
+claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
 ```
 
 Or add to your `~/.claude/settings.json`:
@@ -73,7 +73,7 @@ Or add to your `~/.claude/settings.json`:
 ```json
 {
   "enabledPlugins": {
-    "ms-ai-architect@ktg-privat": true
+    "ms-ai-architect@ktg-plugin-marketplace": true
   }
 }
 ```
@@ -146,7 +146,7 @@ Cosmo will ask clarifying questions about your business need, licenses, data sou
 
 ## Agent Architecture
 
-The plugin delegates specialized work to 11 purpose-built agents. Each agent has its own knowledge base routing, model assignment, and tool access.
+The plugin delegates specialized work to 12 purpose-built agents. Each agent has its own knowledge base routing, model assignment, and tool access.
 
 | Agent | Role | KB Sources | Triggered By |
 |-------|------|------------|--------------|
@@ -161,6 +161,7 @@ The plugin delegates specialized work to 11 purpose-built agents. Each agent has
 | `diagram-generation-agent` | Architecture diagrams via Imagen 3 / Mermaid | Prompt templates | `/architect:diagram` |
 | `summary-agent` | Executive summary and decision memo synthesis | All assessment outputs (incl. ROS) | `/architect:summary` |
 | `onboarding-agent` | 5-phase structured org interview | Writes org/*.md | `/architect:onboard` |
+| `ai-act-assessor` | EU AI Act classification, obligations, and compliance assessment | ms-ai-governance (ai-act-*) | `/architect:classify`, `/architect:requirements`, `/architect:transparency`, `/architect:frimpact`, `/architect:conformity` |
 
 ### Orchestration Pattern
 
@@ -193,25 +194,25 @@ The orchestrator creates a `.work/` directory for intermediate results, delegate
 
 ## Knowledge Base
 
-The plugin includes **380 reference documents** organized across 5 domain-specific skills:
+The plugin includes **387 reference documents** organized across 5 domain-specific skills:
 
 | Skill | Domain | Refs | User Intent |
 |-------|--------|------|-------------|
 | `ms-ai-advisor` | Cosmo persona, 7-phase workflow, platform selection | 62 | "Help me choose" |
 | `ms-ai-engineering` | RAG, agents, Azure AI Services, data, MLOps, multimodal | 153 | "How do I build this?" |
-| `ms-ai-governance` | Norwegian public sector governance, EU regulations, responsible AI, ROS | 71 | "Is this legal/safe?" |
+| `ms-ai-governance` | Norwegian public sector governance, EU regulations, responsible AI, ROS | 78 | "Is this legal/safe?" |
 | `ms-ai-security` | Security scoring (6×5), cost estimation (P10/P50/P90) | 60 | "Is this safe?" |
 | `ms-ai-infrastructure` | BCDR, hybrid/edge, sovereign cloud | 34 | "How do I operate this?" |
 
-### ms-ai-advisor (61 refs)
+### ms-ai-advisor (62 refs)
 
 Architecture decision trees, platform comparison matrices, Cosmo persona definition, cost models, migration patterns.
 
-### ms-ai-engineering (149 refs)
+### ms-ai-engineering (153 refs)
 
 RAG implementation patterns, agent orchestration, Azure AI Foundry, Copilot Studio extensibility, AI Builder, multimodal processing, Semantic Kernel, MLOps pipelines.
 
-### ms-ai-governance (71 refs)
+### ms-ai-governance (78 refs)
 
 Norwegian public sector governance (Digdir, DFØ), EU AI Act (Annex III checklist), responsible AI frameworks, GDPR/Schrems II compliance, Utredningsinstruksen alignment. Includes a comprehensive **ROS analysis framework** with 7 new reference documents: AI threat library (49 threats across 7 categories), NS 5814/ISO 31000 methodology guide, 7×5 scoring rubrics, sector-specific checklists (health, transport, finance, justice, education), report templates, DPIA/security integration patterns, and MAESTRO multi-agent security model.
 
@@ -329,25 +330,15 @@ These MCP servers enhance the plugin's capabilities but are not required:
 
 ## Hooks & Safety
 
-Three runtime hooks provide session context and safety guardrails:
+Two runtime hooks provide session context and safety guardrails:
 
 | Event | Script | Purpose | Behavior |
 |-------|--------|---------|----------|
 | `SessionStart` | `session-start-context.mjs` | Show active investigations + KB freshness | Advisory — displays context |
-| `PreToolUse` (Edit\|Write) | `pre-edit-secrets.mjs` | Block Azure keys, tokens, credentials from being written | **Blocking** — prevents write |
 | `Stop` | `stop-assessment-reminder.mjs` | Remind about uncommitted assessments and next steps | Advisory — displays reminder |
 
-### Secrets Detection
-
-The `pre-edit-secrets` hook scans all Edit and Write operations for patterns matching:
-
-- Azure subscription keys and connection strings
-- Bearer tokens and API keys
-- Service principal credentials
-- SAS tokens and storage account keys
-
-> [!IMPORTANT]
-> The secrets hook is **blocking** — it will prevent the write operation if a secret pattern is detected. This is a safety net, not a replacement for proper secrets management with `.env` files.
+> [!TIP]
+> For secrets scanning across all plugins, use the [llm-security plugin](https://git.fromaitochitta.com/open/ktg-plugin-marketplace) which provides byte-level secrets detection as a blocking PreToolUse hook.
 
 ---
 
@@ -519,7 +510,7 @@ bash scripts/kb-staleness-check.sh --json --output report.json
 /architect:generate-skills --update
 ```
 
-Category-to-skill routing is defined in `category-skill-map.json` (20 categories mapped to 5 skills), used by the generate-skills workflow to place new reference documents in the correct skill directory.
+Category-to-skill routing is defined in `scripts/skill-gen/category-skill-map.json` (20 categories mapped to 5 skills), used by the generate-skills workflow to place new reference documents in the correct skill directory.
 
 ---