Kjell Tore Guttormsen 427b68eca9 feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs] ... Wave C step C2: surface the cumulative-drift signal from checkDescriptionDrift() (added in C1) as a separate MEDIUM advisory with finding category mcp-cumulative-drift. Independent of the existing per-update drift advisory — a slow-burn rug-pull that keeps each update below the 10% per-update threshold but cumulatively drifts >=25% from the sticky baseline now triggers the new advisory without ever crossing the per-update bar. The advisory references /security mcp-baseline-reset (added in C3) so the user knows how to acknowledge a legitimate MCP server upgrade. CLAUDE.md updates: - post-mcp-verify hooks-table row mentions per-update + cumulative drift - mcp-description-cache lib bullet documents baseline schema, history, cumulative threshold policy key, and LLM_SECURITY_MCP_CACHE_FILE override. Tests: 2 new hook tests using LLM_SECURITY_MCP_CACHE_FILE for cache isolation. Existing 68 still pass; total 70. Plugin README and root marketplace README updates land in C3 alongside the new /security mcp-baseline-reset slash command (combined Wave-C doc update per plan §"Wave C — Touch" list). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>		2026-04-30 16:40:52 +02:00
..
fixtures	feat(workflow-scanner): E11 part 2 — re-interpolation + auth-bypass + WFL prefix + orchestrator	2026-04-30 15:57:10 +02:00
helpers	test(llm-security): add JetBrains fixture tree + build helper	2026-04-18 10:49:49 +02:00
hooks	feat(post-mcp-verify): E14 part 2 — cumulative-drift MEDIUM advisory [skip-docs]	2026-04-30 16:40:52 +02:00
lib	feat(mcp-description-cache): E14 part 1 — baseline + history schema (cumulative drift) [skip-docs]	2026-04-30 16:37:33 +02:00
scanners	feat(workflow-scanner): E11 part 2 — re-interpolation + auth-bypass + WFL prefix + orchestrator	2026-04-30 15:57:10 +02:00