Session C of the security-fix track: cut the TRG/SIG/AST release now that the
F-1/F-2/F-3 security gates pass. Pure version-sync — the three scanners shipped
in Steps 1-7 (616e7ff..fc7cf57); no production code changes here.
Version-sync 7.7.2 -> 7.8.0 across every current pointer: .claude-plugin/
plugin.json, package.json, README.md badge, and the CLAUDE.md header + "release
notes" range sentinel. Narrative additions (prior releases kept as history):
- CHANGELOG.md: new [7.8.0] entry (Added: TRG/SIG/AST; Changed: prefix
registration + knowledge/ packaging).
- docs/version-history.md: new v7.8.0 section describing the three scanners.
- README.md "Recent versions": new 7.8.0 row.
- CLAUDE.md: new v7.8.0 highlights paragraph above the v7.7.2 one.
TRG/SIG/AST recap (built Steps 1-7, behind the security-fix gate):
- TRG (scanners/trigger-scanner.mjs) — trigger/activation-abuse: TRG-shadow /
TRG-baiting / TRG-broad over name+description frontmatter, decode pipeline
first (LLM06/AST04).
- SIG (scanners/signature-scanner.mjs) — pure-Node known-malware identity engine
over raw bytes + decode pipeline; rules in knowledge/signatures.json
(LLM03/LLM02).
- AST (scanners/ast-taint-scanner.mjs) — parse-only python3 taint helper
(scanners/lib/py-ast-taint.py) with graceful regex fallback (LLM01/LLM02/AST02).
Release gate: full node --test suite 1863/0 after the doc edits. No scanner,
hook, or command behaviour changes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01V3s6WnubSSrFjAQTLQdVbG