All 6 plugin READMEs now use identical installation section:
marketplace-first approach with /plugin browsing, then direct
settings.json as alternative. Replaces inconsistent mix of
git clone, plugin add, and JSON-only instructions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial addition of ms-ai-architect plugin to the open-source marketplace.
Private content excluded: orchestrator/ (Linear tooling), docs/utredning/
(client investigation), generated test reports and PDF export script.
skill-gen tooling moved from orchestrator/ to scripts/skill-gen/.
Security scan: WARNING (risk 20/100) — no secrets, no injection found.
False positive fixed: added gitleaks:allow to Python variable reference
in output-validation-grounding-verification.md line 109.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add detailed platform matrix with links to sandbox-exec, bubblewrap,
Windows Sandbox, Docker Desktop, WSL2, and AppContainer documentation.
CVE reference for .gitattributes attack vector. Git config flag table
with per-flag mitigation descriptions. Windows guidance with concrete
options and recommendations. Note on why Node.js --permission is not
applicable.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Harden git clone attack surface for remote scans with defense-in-depth:
Layer 1 (all platforms): 8 git config flags disable hooks, symlinks,
filter/smudge drivers, fsmonitor, local file protocol. 4 env vars
isolate from system/user git config and block interactive prompts.
Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap)
restrict file writes to only the specific temp directory. bwrap
probe-tests availability before use. Graceful fallback on Windows
and Ubuntu 24.04+ (git config hardening only).
Additional: post-clone 100MB size check, UUID-unique evidence filenames,
evidence file cleanup, cleanup guarantee in scan/plugin-audit commands.
32 new tests (1147 total).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
