8ec320f40c
New policy-loader.mjs reads .llm-security/policy.json with deep-merge against defaults that exactly match existing hardcoded values. Integrated into all 7 hooks: - pre-prompt-inject-scan: injection.mode (env var still takes precedence) - post-session-guard: trifecta.mode, window_size, long_horizon_window - pre-edit-secrets: secrets.additional_patterns - pre-bash-destructive: destructive.additional_blocked - pre-write-pathguard: pathguard.additional_protected - pre-install-supply-chain: supply_chain.additional_blocked_packages - post-mcp-verify: mcp.volume_threshold_bytes, mcp.trusted_servers Backward compatible: no policy file = identical behavior to v5.1.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| audit-trail.test.mjs | ||
| bash-normalize.test.mjs | ||
| distribution-stats.test.mjs | ||
| git-clone-sandbox.test.mjs | ||
| injection-patterns.test.mjs | ||
| mcp-description-cache.test.mjs | ||
| output.test.mjs | ||
| policy-loader.test.mjs | ||
| severity.test.mjs | ||
| string-utils.test.mjs | ||