Reword the v7.8.0 release notes to refer to the scanners as TRG/SIG/AST only;
the internal codename is removed from CHANGELOG, CLAUDE.md, README, the
version-history section, and STATE. No behaviour or version change.
Session C of the security-fix track: cut the TRG/SIG/AST release now that the
F-1/F-2/F-3 security gates pass. Pure version-sync — the three scanners shipped
in Steps 1-7 (616e7ff..fc7cf57); no production code changes here.
Version-sync 7.7.2 -> 7.8.0 across every current pointer: .claude-plugin/
plugin.json, package.json, README.md badge, and the CLAUDE.md header + "release
notes" range sentinel. Narrative additions (prior releases kept as history):
- CHANGELOG.md: new [7.8.0] entry (Added: TRG/SIG/AST; Changed: prefix
registration + knowledge/ packaging).
- docs/version-history.md: new v7.8.0 section describing the three scanners.
- README.md "Recent versions": new 7.8.0 row.
- CLAUDE.md: new v7.8.0 highlights paragraph above the v7.7.2 one.
TRG/SIG/AST recap (built Steps 1-7, behind the security-fix gate):
- TRG (scanners/trigger-scanner.mjs) — trigger/activation-abuse: TRG-shadow /
TRG-baiting / TRG-broad over name+description frontmatter, decode pipeline
first (LLM06/AST04).
- SIG (scanners/signature-scanner.mjs) — pure-Node known-malware identity engine
over raw bytes + decode pipeline; rules in knowledge/signatures.json
(LLM03/LLM02).
- AST (scanners/ast-taint-scanner.mjs) — parse-only python3 taint helper
(scanners/lib/py-ast-taint.py) with graceful regex fallback (LLM01/LLM02/AST02).
Release gate: full node --test suite 1863/0 after the doc edits. No scanner,
hook, or command behaviour changes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01V3s6WnubSSrFjAQTLQdVbG
Tre fixes commited etter v7.7.0-tagen (adffb60 + 52afd12 + 02a66f3) viste
versjons-inkonsistens: package.json + plugin.json + README badge + CLAUDE.md
header satt fortsatt på v7.7.0 mens commit-meldinger og inline-kommentarer
refererte v7.7.1 som om det var en release. Per feedback_version_sync.md
skal alle versjonsreferanser stemme — denne commiten lukker gapet.
Endringer:
- package.json: 7.7.0 → 7.7.1
- .claude-plugin/plugin.json: 7.7.0 → 7.7.1
- plugin README badge: version-7.7.0-blue → version-7.7.1-blue
- plugin README "Recent versions"-tabell: ny [7.7.1]-rad
- plugin CLAUDE.md header + v7.7.1-highlights state-seksjon
- docs/version-history.md: ny v7.7.1-seksjon
- playground HTML linje 6935: 'Plugin v7.7.0' → 'Plugin v7.7.1'
(samme template-litteral som v7.7.0-bumpen ikke fanget, nå synket)
- CHANGELOG.md: ny [7.7.1]-seksjon med full Changed/Fixed/Notes
- rot README llm-security-entry: v7.7.0 → v7.7.1 + ny v7.7.1-bullet
- rot CLAUDE.md plugin-katalog: v7.7.1-bump
Verifisert:
- 1820/1820 tester grønne (pre-compact-flake fyrte ikke)
- CLI rapporterer fornuftig feilmelding på tom input
- Ingen kildefil-treff på 7.7.0 utenfor CHANGELOG/version-history/REMEMBER/TODO/ROADMAP
Ingen ny atferd. Kun versjons-synking + dokumentasjon av tre fixes som var
deployert som ad-hoc-commits.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Hver /security <cmd> som produserer rapport printer nå en klikkbar
file://-lenke til en self-contained HTML-versjon. Levert over fem
sesjoner; sesjon 5 wirer de 14 resterende skill-filene + slipper
v7.7.0 (versjonsbump + docs).
Sesjon-historikk:
- Sesjon 1 (de23a63) — playground katalog list-view + builder-pane med
copy-knapp på alle 18 rapporter
- Sesjon 2 (ea8da55) — playground prosjekt-surface opprydding
(stub-screen + topbar-splitt)
- Sesjon 3 (01a8947) — extract 18 inline parsers + 18 inline renderers
fra playground til canonical ESM-modul scripts/lib/report-renderers.mjs
(playground beholder bit-identisk inline-kopi siden ESM import ikke
fungerer fra file://)
- Sesjon 4 (c7748d5) — ny zero-dep CLI scripts/render-report.mjs
(stdin/file/stdout-modus, kebab→camel commandId-routing, ~140 KB
self-contained HTML med 6 inlined DS-stylesheets + lokal .report-table,
absolutte file://-paths for Ghostty cmd-click). 4 skills wired:
scan, audit, posture, deep-scan.
- Sesjon 5 (denne) — 14 resterende skills wired: plugin-audit, mcp-audit,
mcp-inspect, ide-scan, supply-check, dashboard, pre-deploy, diff,
watch, registry, clean, harden, threat-model, red-team. Hver skill-fil
har nå en HTML Report-step som instruerer Claude å skrive markdown
verbatim, kjøre CLI, og appende klikkbar file://-lenke til respons.
Release-arbeid:
- Versjonsbump v7.6.1 → v7.7.0 i 6 plugin-filer + 2 rot-filer
(package.json, .claude-plugin/plugin.json, README badge, CLAUDE.md
header + state-seksjon, docs/version-history.md, plugin Recent versions-
tabell, rot README plugin-entry, rot CLAUDE.md plugin-katalog)
- CHANGELOG [7.7.0] med full historikk fra sesjon 1-5
- docs/version-history.md v7.7.0-seksjon
Verifisert:
- 18/18 commandIds i CLI gir > 138 KB self-contained HTML
- 1819/1820 tester grønne (pre-compact-scan-perf-flake fyrte under last,
passerer i isolasjon på 1582 ms — pre-eksisterende, defer til v7.7.x)
- 18/18 skill-filer har HTML Report-step
- Ingen kildefil-treff på 7.6.1 utenfor historiske changelog/version-
history/README releases-tabell
Ingen scanner- eller hook-atferdsendringer — purely additive surface.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Pre-trekexecute snapshot of in-progress CLAUDE.md/SKILL.md edits and
extracted docs/ files. Captured as one commit so /trekexecute claude-design
can run against a clean working tree.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>