ktg-plugin-marketplace

Author	SHA1	Message	Date
Kjell Tore Guttormsen	db80854830	feat(llm-security): playground v7.6.2-dev — render-report CLI + wire 4 skills (scan, audit, posture, deep-scan) [skip-docs] - New scripts/render-report.mjs CLI: stdin/file/stdout modes, ESM import from ./lib/report-renderers.mjs, kebab→camel renderer-name lookup so any of the 18 PARSERS works - Standalone HTML wrap: inlines 6 DS stylesheets (tokens, base, components, tier2, tier3, tier3-supplement) + local .report-table CSS. Skips fonts.css → system-ui fallback via tokens.css (~137 KB self-contained vs ~1 MB with woff2 bundled) - 4 skill files wired: commands/{scan,audit,posture,deep-scan}.md — new step instructs Claude to Write the markdown report to a temp file, invoke the CLI, and print a markdown-formatted file:// link - Absolute file:// paths in stdout for Ghostty cmd-click compatibility - Default output: reports/<command>-<YYYYMMDD-HHmmss>.html relative to CWD - Smoke-tested: stdin→stdout, file→file roundtrip, all 4 commands produce valid HTML with DS-aligned page-shell (page__title, verdict-pill-lg, risk-meter, key-stats, findings__item, recommendation-card) - Tests 1820/1820 green (same baseline; pre-compact-scan perf-flake from NEXT-SESSION-PROMPT did not fire on retry) - Playground untouched (2 scripts, 0 parse failures), report-renderers.mjs untouched (74 exports, 18 PARSERS, 18 RENDERERS) Sesjon 4 av 5. v7.7.0 release + 9 remaining skill wirings = sesjon 5. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-18 12:56:03 +02:00
Kjell Tore Guttormsen	d3b1157a08	docs(scoring): unify scan/audit/mcp-scanner/posture-assessor to v2 formula Closes the v7.1.1 out-of-scope item: commands/scan.md:113-114 retained the v1 formula. Exploration found two more v1 surfaces that v7.1.1 missed: commands/audit.md:46 and agents/mcp-scanner-agent.md:419, plus agents/posture-assessor-agent.md:376 (caught by the new doc-consistency test). Four files unified to v2 in one atomic commit. Three-way → four-way verdict-divergence is now closed: - scanners/lib/severity.mjs (v2, BLOCK ≥65, WARNING ≥15) — authoritative - agents/skill-scanner-agent.md (v2 since v7.1.1) - templates/unified-report.md (v2 since v7.1.1) - commands/scan.md (v2 — this commit) - commands/audit.md (v2 — this commit) - agents/mcp-scanner-agent.md (v2 — this commit) - agents/posture-assessor-agent.md (v2 — this commit) New: tests/lib/doc-consistency.test.mjs walks commands/ + agents/ and asserts NO file contains v1 formula tokens. Pinned regex set: - score >= 61, score >= 21, score ≥ 61, score ≥ 21 - critical * 25, Critical × 25 - min(100, critical*25 ...) Plus three v2-cutoff anchors asserting commands/scan.md, commands/audit.md, and agents/mcp-scanner-agent.md document the v2 BLOCK ≥65 cutoff (or reference riskScore() helper). Tests: 1523 → 1551 (+28 from doc-consistency: 25 file walks + 3 anchors). All green.	2026-04-29 13:58:25 +02:00
Kjell Tore Guttormsen	708c898754	feat(llm-security): sandboxed remote cloning v5.1.0 Harden git clone attack surface for remote scans with defense-in-depth: Layer 1 (all platforms): 8 git config flags disable hooks, symlinks, filter/smudge drivers, fsmonitor, local file protocol. 4 env vars isolate from system/user git config and block interactive prompts. Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap) restrict file writes to only the specific temp directory. bwrap probe-tests availability before use. Graceful fallback on Windows and Ubuntu 24.04+ (git config hardening only). Additional: post-clone 100MB size check, UUID-unique evidence filenames, evidence file cleanup, cleanup guarantee in scan/plugin-audit commands. 32 new tests (1147 total). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-07 17:08:32 +02:00
Kjell Tore Guttormsen	f93d6abdae	feat: initial open marketplace with llm-security, config-audit, ultraplan-local	2026-04-06 18:47:49 +02:00

4 commits