- Remove file limit (was 10, now processes all critical+high+medium)
- Increase max-turns to 200 and timeout to 60min
- Add medium priority to update filter
- Update README KB note to reflect automated weekly updates
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Additional factual updates from batch 3 research:
- responsible-ai-training-awareness.md: module renamed
"Azure AI Studio" → "Microsoft Foundry" (3 occurrences)
- transparency-documentation-standards.md: ISO/IEC 42001 scope expanded
to include Copilot Studio, Microsoft Foundry, Security Copilot,
GitHub Copilot, Dragon Copilot
- ai-act-compliance-guide.md: same ISO 42001 scope expansion
- human-in-the-loop-oversight.md: AI approval stages in Copilot Studio
(GPT-o3 as AI approver, new Human in the loop connector)
- continuous-improvement-feedback-loops.md: MLflow 3 Feedback vs
Expectation assessment types, Genie Code trace analysis
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Not a distributable plugin — Copilot CLI has no plugin mechanism.
Was an internal one-off port for a colleague, not a marketplace item.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.
- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wrapper script that polls Microsoft Learn sitemaps and spawns a local
Claude session to update stale reference files. Designed for crontab,
zero cloud dependencies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sitemap-based KB change detection system: weekly polling of Microsoft
Learn sitemaps, prioritized change reports, new page discovery.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds a zero-dependency Node.js pipeline that polls Microsoft Learn sitemaps
weekly to detect when source documentation changes. Replaces the broken
mtime-based staleness check (all files had identical mtime after release).
Components:
- build-registry.mjs: extracts 1342 URLs from 387 reference files
- poll-sitemaps.mjs: streams ~18 child sitemaps, matches against registry
- report-changes.mjs: prioritized change report (critical/high/medium/low)
- discover-new-urls.mjs: finds relevant new MS Learn pages not yet covered
- run-weekly-update.mjs: orchestrator with --force/--discover/--dry-run
Integration:
- session-start hook reads change-report.json instead of broken mtime check
- hook triggers background poll if >7 days since last check
- generate-skills --update reads change report for targeted MCP updates
Current stats: 69% match rate (924/1342 URLs tracked via sitemaps).
~31% unmatched due to Microsoft URL restructuring (ai-foundry/openai paths).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Shift focus from tildelingsbrev-specific to general strategy transformation.
More motivating, explains what and why for leaders/advisors, not developers.
Updated marketplace root README section to match.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Security hardening section to ultraplan-local README covering all 4
defense layers. Update architecture tree to include hooks directory.
Update root marketplace README with security summary and hook count.
Update CLAUDE.md architecture section with Phase 2.4 and --allowedTools.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Four-layer security model for ultraexecute-local and headless sessions:
Layer 1 — Plugin hooks: pre-bash-executor.mjs (13 BLOCK + 8 WARN rules
with bash evasion normalization) and pre-write-executor.mjs (8 path guard
rules blocking .git/hooks, .claude/settings, shell configs, .env, SSH/AWS).
Layer 2 — Prompt-level security rules: denylist in ultraexecute-local.md
Sub-step D and session-spec-template.md Security Constraints section.
These are the only rules that work in headless child sessions.
Layer 3 — Pre-execution plan validation: new Phase 2.4 scans all Verify
and Checkpoint commands against denylist before execution begins.
Layer 4 — Replace --dangerously-skip-permissions with scoped
--allowedTools "Read,Write,Edit,Bash,Glob,Grep" --permission-mode
bypassPermissions in ultraexecute-local.md, headless-launch-template.md,
and session-decomposer.md. Blocks Agent, MCP, WebSearch in child sessions.
Also adds Hard Rules 14-16: verify command security check, no writing
outside repository root, no writing to security-sensitive paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Lead with strategy → OKR, not tildelingsbrev → OKR
- Tildelingsbrev repositioned as early analysis tool for leaders
- Broaden tracking: mention Azure Boards and Jira alongside Linear
- Fix limitation: Linear is built-in, others work via MCP
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Major restructure based on user feedback:
- Lead with onboarding as the key differentiator
- Add "Bring What You Have" section with two real examples:
tildelingsbrev parsing and existing OKR quality review
- Show iterative development process, not one-shot usage
- Stronger value proposition: OKR expert that learns your context
- Remove simplistic Q&A example that made plugin look like a form-filler
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace dry documentation-style README with problem-first structure:
lead with public sector pain points, show realistic interaction example,
add "when not to use" section, move badges to bottom.
132 lines (down from 280). Hook within 10 seconds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
No plugins should promise future features. ROADMAP.md and BACKLOG.md
are internal planning documents, not public-facing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All 6 plugin READMEs now use identical installation section:
marketplace-first approach with /plugin browsing, then direct
settings.json as alternative. Replaces inconsistent mix of
git clone, plugin add, and JSON-only instructions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
REMEMBER.md, TODO.md, and ROADMAP.md are local session state files
that should not be tracked in git. Untrack the two previously
committed ROADMAP.md files (linkedin, ultraplan) and add root
.gitignore to prevent future tracking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Plugin README, marketplace README, and CONTRIBUTING.md were committed
with pre-v1.6.0 content. Syncs all documentation with the actual v1.6.0
release: adds /ultraresearch-local section, updates agent count (19),
command count (3), pipeline diagram, examples, and architecture tree.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.
New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.
Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.
Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Version badge 1.4.0 → 1.5.0
- Rewrite parallel execution section to document worktree isolation,
pre-flight checks, sequential merge, and automatic cleanup
- Update plugin.json version reference in directory tree
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers onboarding, content quality, analytics, Claude Code platform
integration, architecture improvements, and growth features.
Includes dependency tracking and deprioritized items with rationale.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 2.6 previously launched parallel claude -p sessions in the same
working directory, causing git race conditions and repository corruption.
Changes:
- Add Phase 2.55 (pre-flight safety checks): clean tree, plan file
tracking, scope fence overlap validation, stale worktree cleanup
- Rewrite Phase 2.6 with git worktree isolation: each parallel session
gets its own worktree and branch, merged back sequentially
- Add merge conflict detection and abort (no silent data loss)
- Add unconditional worktree cleanup (even on failure)
- Add hard rules 11-13 (worktree mandatory, cleanup, sequential merge)
- Session-scoped progress file naming for --session mode
- Update headless launch template with worktree support and cleanup trap
- Bump version to 1.5.0
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Session-start hook: welcome message with getting-started steps on first run
- Session-start hook: prominent personalization score section when score is 0
- Router: condensed 4-option menu for users who haven't posted yet
- Post/quick commands: non-blocking readiness check for unpersonalized state
- Post-creation hook: inline 5x5x5 engagement ritual explanation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build LinkedIn thought leadership with algorithmic understanding,
strategic consistency, and AI-assisted content creation. Updated for
the January 2026 360Brew algorithm change.
16 agents, 25 commands, 6 skills, 9 hooks, 24 reference docs.
Personal data sanitized: voice samples generalized to template,
high-engagement posts cleared, region-specific references replaced
with placeholders.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Allow name field to match either 'command' or 'plugin:command' format.
The architect: prefix is the correct convention for namespaced commands.
Also make auto_discover optional (not required in marketplace format).
Result: 215 PASS, 0 FAIL.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds complete version history (1.0.0-1.6.0) sourced from README version
history table. Adds 1.7.0 entry documenting the open-source release changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
commands/dpia.md: fix gdpr-compliance-ai-systems.md path
from: references/norwegian-public-sector-governance/
to: references/responsible-ai/ (where the file actually lives)
hooks/scripts/pre-edit-secrets.mjs: remove orphaned script that was
never registered in hooks.json. Secrets scanning handled by llm-security.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bump version to 1.7.0 (open-source release). Add author full name,
license, repository URL, and keywords to plugin.json.
Modernize .gitignore: remove dead orchestrator/ entries, add .claude/,
node_modules/, *.pdf, *.log, secrets.*.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial addition of ms-ai-architect plugin to the open-source marketplace.
Private content excluded: orchestrator/ (Linear tooling), docs/utredning/
(client investigation), generated test reports and PDF export script.
skill-gen tooling moved from orchestrator/ to scripts/skill-gen/.
Security scan: WARNING (risk 20/100) — no secrets, no injection found.
False positive fixed: added gitleaks:allow to Python variable reference
in output-validation-grounding-verification.md line 109.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add detailed platform matrix with links to sandbox-exec, bubblewrap,
Windows Sandbox, Docker Desktop, WSL2, and AppContainer documentation.
CVE reference for .gitattributes attack vector. Git config flag table
with per-flag mitigation descriptions. Windows guidance with concrete
options and recommendations. Note on why Node.js --permission is not
applicable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Harden git clone attack surface for remote scans with defense-in-depth:
Layer 1 (all platforms): 8 git config flags disable hooks, symlinks,
filter/smudge drivers, fsmonitor, local file protocol. 4 env vars
isolate from system/user git config and block interactive prompts.
Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap)
restrict file writes to only the specific temp directory. bwrap
probe-tests availability before use. Graceful fallback on Windows
and Ubuntu 24.04+ (git config hardening only).
Additional: post-clone 100MB size check, UUID-unique evidence filenames,
evidence file cleanup, cleanup guarantee in scan/plugin-audit commands.
32 new tests (1147 total).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Meta-awareness tools for healthy AI interaction patterns.
Detects reinforcement loops, scope escalation, and compulsive patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
