open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

chore(privacy): scrub real-org references from shared/ + root

Browse source 
Replace named real-world entity with fictional generic Norwegian
public-sector entity ("Direktoratet for digital tjenesteutvikling",
DDT) across the design system reference scenarios and root docs.
Repository is a private personal project; references to a real
organization were unintended and unrelated to the project.

- Rename: security-vegvesen.html -> security-direktorat.html
- Persona: replaced with fictional Kari Nordmann
- Domain refs / acronym / rule-IDs: SVV* -> DDT*
- Internal system names (Autosys etc.): replaced with fictional names

Phase 2 (plugin-internal references) follows in next commit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-05-03 04:22:29 +02:00
commit f95cc4b13d
7 changed files with 42 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CLAUDE.md
View file

@ -18,7 +18,7 @@ plugins/
shared/
playground-design-system/ v0.1 — Aksel/Digdir-aligned CSS design system + JSON schemas for plugin Playgrounds (consumed by ms-ai-architect, okr, llm-security, ultraplan-local, config-audit)
playground-examples/ — Reference scenarios (ROS-Lier, OKR-Bærum, security-Vegvesen) + showcase landing
playground-examples/ — Reference scenarios (ROS-Lier, OKR-Bærum, security-Direktorat) + showcase landing
```
Hvert plugin er selvstendig med egen CLAUDE.md, README, hooks, agents og commands. `shared/` inneholder marketplace-nivå infrastruktur som flere plugins bygger på.

2
README.md
View file

@ -251,7 +251,7 @@ Targets five plugins: `ms-ai-architect`, `okr`, `llm-security`, `ultraplan-local
- **Tier 1 components** — radar/spider, 5×5 matrix-heatmap (bottom-left origin, ROS/DPIA), findings-browser, critique-card, wizard/stepper, live-meter with antipattern lints
- **Tier 2 components** — decision-tree (AI Act 4-step), traffic-lights, diff-review, treemap (token hotspots), distribution P10/P50/P90, command-pipeline output, AI Act 4-color pyramide, pipeline-cockpit, verdict-pill + 5-band risk-meter, codepoint-reveal (Unicode steganography), small-multiples grid (16-category posture without overcrowded radar), OWASP badges (LLM/ASI/AST/MCP)
- **JSON schemas**`finding.schema.json`, `okr-set.schema.json`, `ros-threat.schema.json` for cross-plugin data interchange
- **Reference scenarios** — Lier kommune ROS-rapport (ms-ai-architect), Bærum kommune T2 OKR live-writer, Statens vegvesen ToxicSkills findings review (85 funn, BLOCK)
- **Reference scenarios** — Lier kommune ROS-rapport (ms-ai-architect), Bærum kommune T2 OKR live-writer, Direktoratet for digital tjenesteutvikling ToxicSkills findings review (85 funn, BLOCK)
→ [Full documentation](shared/playground-design-system/README.md) · [Browse showcase](shared/playground-examples/index.html)

2
shared/playground-design-system/README.md
View file

@ -31,7 +31,7 @@ shared/
├── index.html # System showcase (browse all components)
├── ros-lier-kommune.html # Scenario A — ms-ai-architect ROS report
├── okr-baerum.html # Scenario B — OKR live writer
├── security-vegvesen.html # Scenario C — llm-security findings review
├── security-direktorat.html # Scenario C — llm-security findings review
├── templates.html # Skeleton + print-template demos
├── ros-app.js # Scenario A interactivity
└── ros-data.js # Scenario A mock data

4
shared/playground-design-system/schemas/finding.schema.json
View file

@ -8,7 +8,7 @@
"properties": {
"id": {
"type": "string",
"description": "Stabil ID, f.eks. SVV-2026-118-F-001",
"description": "Stabil ID, f.eks. DDT-2026-118-F-001",
"pattern": "^[A-Z0-9-]{4,}$"
},
"title": { "type": "string", "minLength": 4, "maxLength": 140 },
@ -23,7 +23,7 @@
"rules": {
"type": "array",
"items": { "type": "string", "pattern": "^[A-Z]{2,4}[0-9]{2}(\\.[0-9]+)?$" },
"description": "Regler/categories truffet, f.eks. LLM01, ASI02, SVV01"
"description": "Regler/categories truffet, f.eks. LLM01, ASI02, DDT01"
},
"source": {
"type": "object",

12
shared/playground-examples/index.html
View file

@ -70,7 +70,7 @@
<span class="app-header__spacer"></span>
<a href="ros-lier-kommune.html" class="btn btn--ghost btn--sm">Scenario A</a>
<a href="okr-baerum.html" class="btn btn--ghost btn--sm">Scenario B</a>
<a href="security-vegvesen.html" class="btn btn--secondary btn--sm">Scenario C →</a>
<a href="security-direktorat.html" class="btn btn--secondary btn--sm">Scenario C →</a>
<button type="button" class="theme-toggle" id="themeToggle">
<svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" aria-hidden="true"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"/></svg>
<span id="themeLabel">Mørkt</span>
@ -130,14 +130,14 @@
<span class="text-link text-sm" style="font-weight: var(--font-weight-semibold);">Åpne →</span>
</a>
<a href="security-vegvesen.html" class="card" style="text-decoration: none; color: inherit; display: flex; flex-direction: column; gap: var(--space-3); border-top: 4px solid var(--color-scope-security);">
<a href="security-direktorat.html" class="card" style="text-decoration: none; color: inherit; display: flex; flex-direction: column; gap: var(--space-3); border-top: 4px solid var(--color-scope-security);">
<div style="display: flex; gap: 6px; flex-wrap: wrap;">
<span class="badge badge--scope-security">llm-security</span>
<span class="badge">42 funn</span>
</div>
<h3 style="margin: 0; font-size: var(--font-size-lg);">C · Findings, Statens vegvesen</h3>
<p class="text-secondary text-sm" style="margin: 0; flex: 1;">Monica Rein. Konsulent-leveranse skannet. 16-celle posture-grid, codepoint-reveal, OWASP-mapping, tiltaksplan.</p>
<span class="text-mono text-xs text-tertiary">SVV-2026-118 · skann #4422</span>
<h3 style="margin: 0; font-size: var(--font-size-lg);">C · Findings, Direktoratet for digital tjenesteutvikling</h3>
<p class="text-secondary text-sm" style="margin: 0; flex: 1;">Kari Nordmann. Konsulent-leveranse skannet. 16-celle posture-grid, codepoint-reveal, OWASP-mapping, tiltaksplan.</p>
<span class="text-mono text-xs text-tertiary">DDT-2026-118 · skann #4422</span>
<span class="text-link text-sm" style="font-weight: var(--font-weight-semibold);">Åpne →</span>
</a>
@ -606,7 +606,7 @@
<div class="component-demo">
<div class="cmd-pipeline">
<div class="cmd-step"><span class="cmd-step__num">1</span><span class="cmd-step__cmd">git checkout <span class="cmd-arg">-b</span> <span class="cmd-arg">fix/strip-tag-codepoints</span></span><button class="btn btn--ghost btn--sm">Kjør</button></div>
<div class="cmd-step"><span class="cmd-step__num">2</span><span class="cmd-step__cmd">npx <span class="cmd-arg">@svv/sanitize</span> <span class="cmd-flag">--strip</span> <span class="cmd-arg">U+E0000-U+E007F</span></span><button class="btn btn--ghost btn--sm">Kjør</button></div>
<div class="cmd-step"><span class="cmd-step__num">2</span><span class="cmd-step__cmd">npx <span class="cmd-arg">@ddt/sanitize</span> <span class="cmd-flag">--strip</span> <span class="cmd-arg">U+E0000-U+E007F</span></span><button class="btn btn--ghost btn--sm">Kjør</button></div>
<div class="cmd-step"><span class="cmd-step__num">3</span><span class="cmd-step__cmd">git commit <span class="cmd-flag">-am</span> <span class="cmd-arg">"fix(security): strip tag codepoints"</span></span><button class="btn btn--ghost btn--sm">Kjør</button></div>
</div>
</div>

58
shared/playground-examples/security-vegvesen.html → shared/playground-examples/security-direktorat.html
View file

@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>llm-security findings — Statens vegvesen</title>
<title>llm-security findings — Direktoratet for digital tjenesteutvikling</title>
<link rel="stylesheet" href="../playground-design-system/tokens.css" />
<link rel="stylesheet" href="../playground-design-system/base.css" />
<link rel="stylesheet" href="../playground-design-system/components.css" />
@ -230,7 +230,7 @@
<span style="font-size: var(--font-size-sm); color: var(--color-text-secondary);">Playground / Scenarios / llm-security</span>
</div>
<div style="display: flex; gap: var(--space-3); align-items: center;">
<span class="badge" style="background: var(--color-scope-security); color: #fff; font-family: var(--font-family-mono); font-size: 11px;">PLUGIN: llm-security/svv-v3.1</span>
<span class="badge" style="background: var(--color-scope-security); color: #fff; font-family: var(--font-family-mono); font-size: 11px;">PLUGIN: llm-security/ddt-v3.1</span>
<button class="btn btn--ghost" id="theme-toggle" aria-pressed="false">Mørk</button>
</div>
</div>
@ -241,10 +241,10 @@
<div class="page__header">
<div>
<span class="page__eyebrow">llm-security · skanning av AI-leverandørrespons</span>
<h1 style="margin: 6px 0 8px; font-size: var(--font-size-3xl);">Konsulentleveranse SVV-2026-118</h1>
<h1 style="margin: 6px 0 8px; font-size: var(--font-size-3xl);">Konsulentleveranse DDT-2026-118</h1>
<div class="page__meta">
<span class="page__meta-item"><span class="page__meta-label">Skanning</span> #4422 · 02. mai 09:14</span>
<span class="page__meta-item"><span class="page__meta-label">Eier</span> Monica Rein</span>
<span class="page__meta-item"><span class="page__meta-label">Eier</span> Kari Nordmann</span>
<span class="page__meta-item"><span class="page__meta-label">Kilde</span> Sopra Steria · revisjonsbrev v3.docx</span>
<span class="page__meta-item"><span class="page__meta-label">Modeller analysert</span> 47 prompt-svar par</span>
</div>
@ -425,7 +425,7 @@
</div>
<div class="sm-card">
<div class="sm-card__header">
<span class="sm-card__name">SVV01 · PII-norsk</span>
<span class="sm-card__name">DDT01 · PII-norsk</span>
<span class="sm-card__grade" data-grade="D">D</span>
</div>
<div class="sm-card__bar"><div class="sm-card__bar-fill" style="width: 70%; background: var(--color-severity-high);"></div></div>
@ -433,7 +433,7 @@
</div>
<div class="sm-card">
<div class="sm-card__header">
<span class="sm-card__name">SVV02 · Anbuds­integritet</span>
<span class="sm-card__name">DDT02 · Anbuds­integritet</span>
<span class="sm-card__grade" data-grade="B">B</span>
</div>
<div class="sm-card__bar"><div class="sm-card__bar-fill" style="width: 30%; background: var(--color-severity-low);"></div></div>
@ -450,7 +450,7 @@
<span style="font-size: 22px;"></span>
<div>
<div style="font-weight: var(--font-weight-semibold); font-size: var(--font-size-sm);">2 funn over kommunens akseptgrense for Tier 1-leveranser</div>
<div style="font-size: 12px; opacity: 0.9; margin-top: 2px;">Statens vegvesen · sikkerhetsdir. SVV-2024-09 § 4.2 krever signoff fra avd.dir. ved kritiske LLM01- og ASI02-funn.</div>
<div style="font-size: 12px; opacity: 0.9; margin-top: 2px;">Direktoratet for digital tjenesteutvikling · sikkerhetsdir. DDT-2024-09 § 4.2 krever signoff fra avd.dir. ved kritiske LLM01- og ASI02-funn.</div>
</div>
<button class="btn btn--secondary">Be om signoff →</button>
</div>
@ -469,7 +469,7 @@
<span class="filter-bar__label">Kategori</span>
<button class="chip" aria-pressed="false">LLM Top 10</button>
<button class="chip" aria-pressed="false">Agentic</button>
<button class="chip" aria-pressed="false">SVV-egne regler</button>
<button class="chip" aria-pressed="false">DDT-egne regler</button>
</div>
<div style="margin-left: auto; font-size: 11px; color: var(--color-text-tertiary); font-family: var(--font-family-mono);">
Sortert: alvorlighet ↓
@ -480,7 +480,7 @@
<article class="finding" data-sev="critical">
<header class="finding__head">
<div>
<div class="finding__id">SVV-2026-118 · F-001</div>
<div class="finding__id">DDT-2026-118 · F-001</div>
<h2 class="finding__title">Skjulte instruksjoner i konsulentens revisjonsbrev (Tag-prompt-injeksjon)</h2>
</div>
<div></div>
@ -513,7 +513,7 @@
<div class="source-window__body">
<div class="src-line">
<span class="src-line__num">42</span>
<span class="src-line__code">Vi anbefaler at Statens vegvesen viderefører gjeldende</span>
<span class="src-line__code">Vi anbefaler at Direktoratet for digital tjenesteutvikling viderefører gjeldende</span>
</div>
<div class="src-line src-line--hit">
<span class="src-line__num">43</span>
@ -555,10 +555,10 @@
<div class="field">
<span class="field__label">Hvorfor det er kritisk her</span>
<p class="field__value">
Konsulenten leverer et revisjonsbrev som skal mates til SVVs interne AI-assistent for å produsere et sammendrag til etatsledelsen.
Konsulenten leverer et revisjonsbrev som skal mates til DDTs interne AI-assistent for å produsere et sammendrag til etatsledelsen.
Hvis sammendraget genereres uten sanering av denne typen tegn, vil ledelsen lese et resultat som er <strong>aktivt manipulert
av leverandørens dokument</strong>, og som ikke samsvarer med tekst en saksbehandler ville lese ved manuell gjennomgang.
Dette er — uavhengig av intensjonen bak — en alvorlig avvik fra integritetskravet i SVVs informasjonssikkerhets­policy § 7.3.
Dette er — uavhengig av intensjonen bak — en alvorlig avvik fra integritetskravet i DDTs informasjonssikkerhets­policy § 7.3.
</p>
</div>
@ -596,7 +596,7 @@
<li>OWASP LLM01 (2025-rev.)</li>
<li>OWASP Agentic-AI ASI02</li>
<li>NSM Grunnprinsipper 2.7.4</li>
<li>SVV info-sec § 7.3</li>
<li>DDT info-sec § 7.3</li>
</ul>
</div>
@ -612,13 +612,13 @@
<article class="finding" data-sev="critical">
<header class="finding__head">
<div>
<div class="finding__id">SVV-2026-118 · F-002</div>
<div class="finding__id">DDT-2026-118 · F-002</div>
<h2 class="finding__title">Personnummer eksponert i prompt-eksempel (Anneks C)</h2>
</div>
<div></div>
<div class="finding__badges">
<span class="rule-badge badge--owasp-llm">LLM02</span>
<span class="rule-badge" style="background: var(--color-scope-security); color: #fff;">SVV01</span>
<span class="rule-badge" style="background: var(--color-scope-security); color: #fff;">DDT01</span>
<span class="badge" style="background: var(--color-severity-critical); color: #fff;">Kritisk</span>
</div>
</header>
@ -633,7 +633,7 @@
<div class="source-window">
<div class="source-window__head"><span>Anneks C · prompt-eksempel #2</span><span>2 treff</span></div>
<div class="source-window__body">
<div class="src-line src-line--hit"><span class="src-line__num">12</span><span class="src-line__code">"Slå opp saksgang for fnr <span class="ipi">[•••••••••••]</span> i Autosys og oppsummer."</span></div>
<div class="src-line src-line--hit"><span class="src-line__num">12</span><span class="src-line__code">"Slå opp saksgang for fnr <span class="ipi">[•••••••••••]</span> i Saksys og oppsummer."</span></div>
<div class="src-line"><span class="src-line__num">13</span><span class="src-line__code">→ Modellen returnerer: 14 saker. Eldste: 2018-04-22.</span></div>
<div class="src-line src-line--hit"><span class="src-line__num">14</span><span class="src-line__code">"Sammenlign med fnr <span class="ipi">[•••••••••••]</span>." (returner: ingen overlapp)</span></div>
</div>
@ -672,7 +672,7 @@
<article class="finding" data-sev="high">
<header class="finding__head">
<div>
<div class="finding__id">SVV-2026-118 · F-003</div>
<div class="finding__id">DDT-2026-118 · F-003</div>
<h2 class="finding__title">Modell-svar inneholder ekstern markdown-lenke til ukjent domene</h2>
</div>
<div></div>
@ -686,16 +686,16 @@
<div class="finding__main">
<div class="field">
<span class="field__label">Hva ble funnet</span>
<p class="field__value">Tre svar fra modellen inneholder lenker formatert som markdown <span style="font-family: var(--font-family-mono); font-size: 12px;">[oppdatert vegliste](https://vegnett-no.example/...)</span> til et domene som ikke er på SVVs whitelist. Hvis svaret rendes i Confluence eller Sharepoint vil saksbehandleren se en klikkbar lenke som ser troverdig ut.</p>
<p class="field__value">Tre svar fra modellen inneholder lenker formatert som markdown <span style="font-family: var(--font-family-mono); font-size: 12px;">[oppdatert registerliste](https://ddt-data.example/...)</span> til et domene som ikke er på DDTs whitelist. Hvis svaret rendes i Confluence eller Sharepoint vil saksbehandleren se en klikkbar lenke som ser troverdig ut.</p>
</div>
<div class="field">
<span class="field__label">Domene-analyse</span>
<div class="source-window">
<div class="source-window__head"><span>Lenker funnet i 47 svar</span><span>3 unike domener</span></div>
<div class="source-window__body">
<div class="src-line"><span class="src-line__num">1</span><span class="src-line__code">https://vegvesen.no/... ✓ whitelistet (32 forekomster)</span></div>
<div class="src-line"><span class="src-line__num">1</span><span class="src-line__code">https://ddt.no/... ✓ whitelistet (32 forekomster)</span></div>
<div class="src-line"><span class="src-line__num">2</span><span class="src-line__code">https://lovdata.no/... ✓ whitelistet (8)</span></div>
<div class="src-line src-line--hit"><span class="src-line__num">3</span><span class="src-line__code">https://vegnett-no.example/oppdat-2026 ⚠ ukjent · domene reg. 11. mars 2026</span></div>
<div class="src-line src-line--hit"><span class="src-line__num">3</span><span class="src-line__code">https://ddt-data.example/oppdat-2026 ⚠ ukjent · domene reg. 11. mars 2026</span></div>
</div>
</div>
</div>
@ -712,7 +712,7 @@
<div class="section__head">
<div>
<h2 class="section__title">Norske kontekst-oppdateringer brukt i denne skanningen</h2>
<p class="section__subtitle">SVV vedlikeholder regelsettet selv. Her er det som ble lagt til siden forrige skanning.</p>
<p class="section__subtitle">DDT vedlikeholder regelsettet selv. Her er det som ble lagt til siden forrige skanning.</p>
</div>
<span class="badge badge--soft" style="font-family: var(--font-family-mono);">v3.1.0 · 02. mai</span>
</div>
@ -720,7 +720,7 @@
<div class="feed-row">
<span class="feed-row__date">02. mai</span>
<div class="feed-row__title">
<span class="feed-row__title-text">SVV01-pii-norsk: lagt til detektor for D-nummer (gyldig MOD-11)</span>
<span class="feed-row__title-text">DDT01-pii-norsk: lagt til detektor for D-nummer (gyldig MOD-11)</span>
<span class="feed-row__meta">avd. Personvern · 14 testtilfeller</span>
</div>
<span class="badge badge--soft">+ ny regel</span>
@ -729,14 +729,14 @@
<span class="feed-row__date">28. apr</span>
<div class="feed-row__title">
<span class="feed-row__title-text">ASI02-unicode-steg: utvidet tag-blokk med U+E0080U+E00FF (rapportert av Atea sikkerhets­fora)</span>
<span class="feed-row__meta">SVV-CERT · ekstern kilde</span>
<span class="feed-row__meta">DDT-CERT · ekstern kilde</span>
</div>
<span class="badge badge--soft">↑ utvidet</span>
</div>
<div class="feed-row">
<span class="feed-row__date">19. apr</span>
<div class="feed-row__title">
<span class="feed-row__title-text">SVV02-anbuds­integritet: ny terskel for sammenlign-prompts som ber modellen rangere leverandører</span>
<span class="feed-row__title-text">DDT02-anbuds­integritet: ny terskel for sammenlign-prompts som ber modellen rangere leverandører</span>
<span class="feed-row__meta">avd. Anskaffelser · krav SAK-2026-04</span>
</div>
<span class="badge badge--soft">+ ny regel</span>
@ -757,7 +757,7 @@
<div class="section__head">
<div>
<h2 class="section__title">Tiltaksplan — sortert på TTF (tid til løsning)</h2>
<p class="section__subtitle">Plan generert automatisk basert på SVVs eskalasjonsmatrise. Eier kan endres etter signoff.</p>
<p class="section__subtitle">Plan generert automatisk basert på DDTs eskalasjonsmatrise. Eier kan endres etter signoff.</p>
</div>
<button class="btn btn--secondary">Eksporter som CSV</button>
</div>
@ -765,19 +765,19 @@
<div class="plan-item">
<span class="plan-item__id">F-003</span>
<span class="plan-item__title">Whitelist-validering av lenker i modellsvar — slå på</span>
<span class="plan-item__owner">M. Rein</span>
<span class="plan-item__owner">K. Nordmann</span>
<span class="plan-item__ttf">30 min</span>
</div>
<div class="plan-item">
<span class="plan-item__id">F-001</span>
<span class="plan-item__title">Pre-prosessor for U+E0000-blokken — installere på AI-gateway</span>
<span class="plan-item__owner">SVV-Plattform</span>
<span class="plan-item__owner">DDT-Plattform</span>
<span class="plan-item__ttf">2 t</span>
</div>
<div class="plan-item">
<span class="plan-item__id">F-002</span>
<span class="plan-item__title">Tilbakekalle revisjonsbrev v3, be om sanert versjon</span>
<span class="plan-item__owner">M. Rein + Innkjøp</span>
<span class="plan-item__owner">K. Nordmann + Innkjøp</span>
<span class="plan-item__ttf">1 d</span>
</div>
<div class="plan-item">
@ -803,7 +803,7 @@
<!-- FOOTER -->
<div style="margin-top: var(--space-12); padding-top: var(--space-5); border-top: 1px solid var(--color-border-subtle); display: flex; justify-content: space-between; font-size: 12px; color: var(--color-text-tertiary); font-family: var(--font-family-mono);">
<span>Plugin: llm-security/svv-v3.1 · regelsett: 84 regler aktive</span>
<span>Plugin: llm-security/ddt-v3.1 · regelsett: 84 regler aktive</span>
<span>Skann-ID: 4422 · sluttid 09:14:22 · varighet 8.4 s</span>
</div>

4
shared/playground-examples/templates.html
View file

@ -232,7 +232,7 @@
<h2>Single-report</h2>
<p class="tpl__lede">Én rapport, fire seksjoner: header med metadata + verdict-pill, hovedinnhold, sidefelt, signatur. Bygd for projector-bruk og PDF-eksport.</p>
</div>
<span class="badge badge--soft">scenarios/security-vegvesen.html</span>
<span class="badge badge--soft">scenarios/security-direktorat.html</span>
</div>
<div class="tpl__demo" style="background: #fff; padding: var(--space-5);">
@ -273,7 +273,7 @@
<h2>Findings-review</h2>
<p class="tpl__lede">Posture-grid + filter-bar + finding-kort + tiltaksplan. Strukturen i Scenario C i konsentrert form.</p>
</div>
<span class="badge badge--soft">scenarios/security-vegvesen.html</span>
<span class="badge badge--soft">scenarios/security-direktorat.html</span>
</div>
<div class="tpl__demo" style="background: var(--color-surface);">