Adds complete version history (1.0.0-1.6.0) sourced from README version
history table. Adds 1.7.0 entry documenting the open-source release changes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
commands/dpia.md: fix gdpr-compliance-ai-systems.md path
from: references/norwegian-public-sector-governance/
to: references/responsible-ai/ (where the file actually lives)
hooks/scripts/pre-edit-secrets.mjs: remove orphaned script that was
never registered in hooks.json. Secrets scanning handled by llm-security.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bump version to 1.7.0 (open-source release). Add author full name,
license, repository URL, and keywords to plugin.json.
Modernize .gitignore: remove dead orchestrator/ entries, add .claude/,
node_modules/, *.pdf, *.log, secrets.*.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial addition of ms-ai-architect plugin to the open-source marketplace.
Private content excluded: orchestrator/ (Linear tooling), docs/utredning/
(client investigation), generated test reports and PDF export script.
skill-gen tooling moved from orchestrator/ to scripts/skill-gen/.
Security scan: WARNING (risk 20/100) — no secrets, no injection found.
False positive fixed: added gitleaks:allow to Python variable reference
in output-validation-grounding-verification.md line 109.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add detailed platform matrix with links to sandbox-exec, bubblewrap,
Windows Sandbox, Docker Desktop, WSL2, and AppContainer documentation.
CVE reference for .gitattributes attack vector. Git config flag table
with per-flag mitigation descriptions. Windows guidance with concrete
options and recommendations. Note on why Node.js --permission is not
applicable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Harden git clone attack surface for remote scans with defense-in-depth:
Layer 1 (all platforms): 8 git config flags disable hooks, symlinks,
filter/smudge drivers, fsmonitor, local file protocol. 4 env vars
isolate from system/user git config and block interactive prompts.
Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap)
restrict file writes to only the specific temp directory. bwrap
probe-tests availability before use. Graceful fallback on Windows
and Ubuntu 24.04+ (git config hardening only).
Additional: post-clone 100MB size check, UUID-unique evidence filenames,
evidence file cleanup, cleanup guarantee in scan/plugin-audit commands.
32 new tests (1147 total).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Meta-awareness tools for healthy AI interaction patterns.
Detects reinforcement loops, scope escalation, and compulsive patterns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
