ktg-plugin-marketplace

History

Kjell Tore Guttormsen 427b68eca9 feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs] Wave C step C2: surface the cumulative-drift signal from checkDescriptionDrift() (added in C1) as a separate MEDIUM advisory with finding category mcp-cumulative-drift. Independent of the existing per-update drift advisory — a slow-burn rug-pull that keeps each update below the 10% per-update threshold but cumulatively drifts >=25% from the sticky baseline now triggers the new advisory without ever crossing the per-update bar. The advisory references /security mcp-baseline-reset (added in C3) so the user knows how to acknowledge a legitimate MCP server upgrade. CLAUDE.md updates: - post-mcp-verify hooks-table row mentions per-update + cumulative drift - mcp-description-cache lib bullet documents baseline schema, history, cumulative threshold policy key, and LLM_SECURITY_MCP_CACHE_FILE override. Tests: 2 new hook tests using LLM_SECURITY_MCP_CACHE_FILE for cache isolation. Existing 68 still pass; total 70. Plugin README and root marketplace README updates land in C3 alongside the new /security mcp-baseline-reset slash command (combined Wave-C doc update per plan §"Wave C — Touch" list). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-30 16:40:52 +02:00
..
scripts	feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs]	2026-04-30 16:40:52 +02:00
hooks.json	feat(hooks): register PreCompact event in hooks.json	2026-04-17 14:45:13 +02:00

Kjell Tore Guttormsen 427b68eca9 feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs]

Wave C step C2: surface the cumulative-drift signal from
checkDescriptionDrift() (added in C1) as a separate MEDIUM advisory
with finding category mcp-cumulative-drift. Independent of the existing
per-update drift advisory — a slow-burn rug-pull that keeps each update
below the 10% per-update threshold but cumulatively drifts >=25% from
the sticky baseline now triggers the new advisory without ever crossing
the per-update bar.

The advisory references /security mcp-baseline-reset (added in C3) so
the user knows how to acknowledge a legitimate MCP server upgrade.

CLAUDE.md updates:
- post-mcp-verify hooks-table row mentions per-update + cumulative drift
- mcp-description-cache lib bullet documents baseline schema, history,
  cumulative threshold policy key, and LLM_SECURITY_MCP_CACHE_FILE
  override.

Tests: 2 new hook tests using LLM_SECURITY_MCP_CACHE_FILE for cache
isolation. Existing 68 still pass; total 70.

Plugin README and root marketplace README updates land in C3 alongside
the new /security mcp-baseline-reset slash command (combined Wave-C
doc update per plan §"Wave C — Touch" list).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-30 16:40:52 +02:00

scripts

feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs]

2026-04-30 16:40:52 +02:00

hooks.json

feat(hooks): register PreCompact event in hooks.json

2026-04-17 14:45:13 +02:00