docs(readme): total overhaul for v7.3.0
Rewrites README.md from 919 → 484 lines (47% reduction). Modernized
structure, all counts updated to v7.3.0 reality (commands 19→20,
scanners 22→23, knowledge 19→22, tests 1665→1777), trimmed Version
History to last 3 versions with link to CHANGELOG.md.
Structural changes:
- Removed dated "Prompt Injection Showcase (v5.0)" section
- Removed verbose Directory Structure tree (file paths discoverable
from CLAUDE.md and the file system itself)
- Collapsed Knowledge Base 18-row table into 5-category summary
- Merged "Architecture" mermaid + "What's inside" into single layered
overview
- Tightened Compliance & Governance, OWASP Coverage, Workflow Examples
to essentials only
- Added explicit v7.3.0 sections inline:
- npm scope-hop typosquat in supply-chain hook (E13)
- workflow-scanner W F L row in Scanners (E11)
- .gitattributes post-clone advisory in remote scanning table (E12)
- MCP cumulative-drift baseline + reset in Output verification + own subsection (E14)
- rot13 + T7-T9 bash-normalize in Prompt injection + Destructive commands hooks (E3/E8/E9/E10)
- env-var deprecation runway in Compliance & Governance (8.7)
- Hook count corrected to 9 throughout (8.10)
- New badges: commands-20, scanners-23, knowledge-22, tests-1777
Content preserved (load-bearing):
- AI-generated disclosure
- "no PRs accepted" framing
- Sandbox defense-in-depth tables
- OWASP coverage matrix
- Defense philosophy section
- Self-scan + malicious-skill-demo references
- Recommended-combo with parry-guard
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
7219a5fe20