62a9335772
No behavior changes. Sets the public stance, tightens documentation, and removes coherence drift so anyone forking or downloading the plugin gets a consistent starting point. Added: - CONTRIBUTING.md — public fork-and-own guide. Why PRs are not accepted, how to fork well, what is welcome via issues. - README "Project scope" section — out-of-scope table naming what is fork-and-own territory (web dashboard, fleet policy, runtime firewall, IDE LSP, compliance pack, ticketing, multi-tenancy, ML detectors, marketplace UI, SSO/SCIM/RBAC) with commercial alternatives. - package.json: bugs.url, CONTRIBUTING/SECURITY/CHANGELOG in files whitelist for npm publishing. Changed: - SECURITY.md rewritten. Supported-versions table from stale 5.1.x to current reality (7.3.x active, 7.0-7.2 best-effort, <7.0 EOL). Best-effort solo response timeline. Scope expanded to bin/. - Scanner VERSION constants synced to plugin version. Was 6.0.0 in dashboard-aggregator and posture-scanner. - package.json repository.url corrected from fromaitochitta/ to open/. - README "Feedback & contributing" links to CONTRIBUTING.md. Fixed: - pre-compact-scan size-cap timing test ceiling raised 500ms -> 1000ms. Was a flake on Intel Mac and CI under load. Design target unchanged (<500ms, documented in CLAUDE.md). Notes: - First patch on the stabilization line (post-2026-05-01). - Wave E attack-simulator scenarios deferred indefinitely; coverage remains at 72. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
5 lines
272 B
JSON
5 lines
272 B
JSON
{
|
|
"name": "llm-security",
|
|
"description": "Security scanning, auditing, and threat modeling for Claude Code projects. Detects secrets, validates MCP servers, assesses security posture, and generates threat models aligned with OWASP LLM Top 10.",
|
|
"version": "7.3.1"
|
|
}
|