open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/okr/SECURITY.md
Kjell Tore Guttormsen 5078712f0e feat: add okr plugin v1.0.0 — OKR guidance for Norwegian public sector 
Expert OKR guidance based on Google/Doerr methodology, adapted for
4-month tertial cycles and Norwegian government accountability.

Components:
- 8 commands (skriv, kvalitet, kaskade, sporing, møter, innføring, governance, oppsett)
- 5 agents (kvalitetssjekker, kaskadebygger, fremdriftssporer, møtefasilitator, styringsrådgiver)
- 3 hooks (UserPromptSubmit context injection, PreCompact state preservation, Stop reminder)
- 15 reference files covering methodology, governance, meetings, antipatterns
- Linear MCP integration for OKR tracking

Previously in ktg-privat, now open-sourced.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 13:32:45 +02:00

60 lines
1.6 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| >= 1.0.0 | :white_check_mark: |
## Reporting a Vulnerability
If you discover a security vulnerability, please:
1. **Do not** open a public issue
2. Email the maintainer directly or use GitHub's private vulnerability reporting
3. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
## What to Expect
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline depends on severity
## Security Considerations
This plugin handles OKR data which may contain sensitive organizational information:
### Data Handling
- All processing happens locally in Claude Code
- No data is transmitted to external services (except configured integrations)
- Linear integration uses your own API credentials
### Sensitive Files
The following files contain sensitive data and are gitignored:
| File | Contents |
|------|----------|
| `.claude/okr.local.md` | Linear API configuration, team settings |
| `.mcp.json` | MCP server credentials |
### Best Practices
- Never commit `okr.local.md` to version control
- Use environment variables for API keys when possible
- Review OKR content before sharing externally
- Consider data classification when tracking sensitive objectives
## Linear Integration Security
If using Linear integration:
- API keys are stored locally in `okr.local.md`
- Use team-scoped API keys, not personal tokens
- Rotate keys periodically
- Review Linear's security documentation
Reference in a new issue View git blame Copy permalink