feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere

Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

plugins/llm-security/CLAUDE.md

@@ -1,4 +1,4 @@
-# LLM Security Plugin (v7.4.0)
+# LLM Security Plugin (v7.5.0)
 
 Security scanning, auditing, and threat modeling for Claude Code projects. 5 frameworks: OWASP LLM Top 10, Agentic AI Top 10 (ASI), Skills Top 10 (AST), MCP Top 10, AI Agent Traps (DeepMind). 1822+ unit, integration, and end-to-end tests (`tests/e2e/` covers the multi-hook attack chain, multi-session state simulation, and the full scan-orchestrator pipeline); mutation-testing coverage not published.
 
@@ -69,6 +69,26 @@ revisions table (M10). Env-only vars without policy.json equivalents
 `LLM_SECURITY_MCP_CACHE_FILE`) are unchanged — they emit no
 deprecation signal because there is nothing to deprecate yet.
 
+**v7.5.0 — Playground (additive surface, no scanner/hook behavior changes).**
+Single-file SPA at `playground/llm-security-playground.html` (~10 200 lines)
+for onboarding, demo og workshop-bruk uten Claude Code-installasjon. Parser
++ renderer for alle 18 `produces_report=true`-kommandoer i `CATALOG`. State
+i IndexedDB primær (`llm-security-playground-v1`) med localStorage-fallback,
+sirkelfri Proxy + EventTarget store, microtask-batchet render. Theme-bootstrap
+med FOUC-prevention. 4 overflater: onboarding (5 grupper) → home (3 tracks)
+→ catalog (20 kommandoer) ⇄ project (rapporter / oversikt / kontekst /
+eksport). Demo-state har tre prosjekter inline; `dft-komplett-demo` har alle
+18 rapporter ferdig parsed for klikk-gjennom. Vendor-synket design-system
+under `playground/vendor/playground-design-system/` (sjekksum-låst via
+`MANIFEST.json`, redigeres aldri direkte). Test-fixtures under
+`playground/test-fixtures/` (én markdown-fil per kommando) er kontrakt-anker
+for parser-utvikling. Skjermdumper i `playground/screenshots/v7.5.0/`.
+Eksponerte vinduer-globaler for testing/automasjon: `__store`, `__navigate`,
+`__loadDemoState`, `__scheduleRender`, `__PARSERS`, `__RENDERERS`, `__CATALOG`,
+`__inferVerdict`, `__inferKeyStats`, `__renderPageShell`, `__handlePasteImport`.
+Inkluderer fix av `normalizeVerdictText` regex-rekkefølge: GO-WITH-CONDITIONS
+sjekkes før GO så betinget verdict ikke kollapser til ALLOW.
+
 ## Commands
 
 | Command | Description |