open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins
History
Kjell Tore Guttormsen 751f1199c8 fix(llm-security): B1 pathguard regex — match multi-segment .env.*.* 
The previous ENV regex `/[\\/]\.env\.[a-z]+$/` only matched a single
lowercase segment after `.env`. Multi-segment and mixed-case variants
such as `.env.production.local.backup`, `.env.stage-1.local`, and
`.env.CI.secret` slipped past the hook. Replaced with
`/[\\/]\.env(\.[A-Za-z0-9._-]+)*$/` which matches `.env` plus any
number of dot-separated alphanumeric/dot/hyphen/underscore segments.
`.envrc` (direnv config, no dot separator) is still allowed.

Addresses critical review 2026-04-20 §2 B1 (HIGH).

Tests: 7 added (6 new multi-segment BLOCK cases + 1 .envrc ALLOW).
All 1494 tests pass.
2026-04-19 23:59:38 +02:00
..
ai-psychosis docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
config-audit docs(config-audit): straggler sweep — 7 → 8 quality areas in agent + command 2026-04-19 22:58:50 +02:00
graceful-handoff feat(graceful-handoff): initial plugin with /graceful-handoff command 2026-04-19 22:54:10 +02:00
linkedin-thought-leadership docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
llm-security fix(llm-security): B1 pathguard regex — match multi-segment .env.*.* 2026-04-19 23:59:38 +02:00
ms-ai-architect docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
okr docs: add AI-generated code disclosure to marketplace and all plugins 2026-04-19 19:27:05 +02:00
ultraplan-local feat(ultraplan-local)!: v2.4.0 — version bump 2026-04-19 21:46:17 +02:00