mike/kickstart.nvim

Fork 0

forked from Neptune/mirror.kickstart.nvim

Release v1.28.0 — Mission Control MCP & Claude Forge Security Hooks #53

Merged

Mike Bros merged 8 commits from release/1.28.0 into master

2026-03-16 05:42:35 +00:00

Gravity Bot commented

2026-03-16 05:26:16 +00:00

Collaborator

Release v1.28.0 — Mission Control MCP & Claude Forge Security Hooks

Changes

OP#2002: Initialize version branch from develop
OP#1936: Evaluate Claude Code ecosystem tools (Forge, Mission Control, Agent Deck)
OP#2241: fix: remove unregistered /humanize trigger from gt-writing-quality
OP#1994: Evaluate all 6 Claude Forge security hooks
OP#1995: Implement approved security hooks (output-secret-filter, security-auto-trigger)
OP#1996: Test security hooks integration
OP#1997-2000: Mission Control MCP tasks (closed per ADR-008 skip decision)
OP#2001: Document MCP server inventory in repo docs
OP#2026: Pre-release merge: consolidate feature branches
OP#2003: Create release branch and publish v1.28.0

Highlights

ADR-008 evaluates three Claude Code ecosystem tools and recommends cherry-picking only security hooks from Forge
Two security hooks adapted and integrated: secret output masking and sensitive file edit detection
MCP server inventory documents all active servers, hooks, and aliases
Bug fix removes dead /humanize slash command reference

Checklist

All version tasks closed in Gravity PM
Version file matches Gravity PM version (manifest.json → 1.28.0)
Security hooks tested (10 scenarios, all pass, <30ms performance)

References

Version: 1.28.0 (Gravity PM ID: 137)

## Release v1.28.0 — Mission Control MCP & Claude Forge Security Hooks ### Changes - OP#2002: Initialize version branch from develop - OP#1936: Evaluate Claude Code ecosystem tools (Forge, Mission Control, Agent Deck) - OP#2241: fix: remove unregistered /humanize trigger from gt-writing-quality - OP#1994: Evaluate all 6 Claude Forge security hooks - OP#1995: Implement approved security hooks (output-secret-filter, security-auto-trigger) - OP#1996: Test security hooks integration - OP#1997-2000: Mission Control MCP tasks (closed per ADR-008 skip decision) - OP#2001: Document MCP server inventory in repo docs - OP#2026: Pre-release merge: consolidate feature branches - OP#2003: Create release branch and publish v1.28.0 ### Highlights - **ADR-008** evaluates three Claude Code ecosystem tools and recommends cherry-picking only security hooks from Forge - **Two security hooks** adapted and integrated: secret output masking and sensitive file edit detection - **MCP server inventory** documents all active servers, hooks, and aliases - **Bug fix** removes dead /humanize slash command reference ### Checklist - [x] All version tasks closed in Gravity PM - [x] Version file matches Gravity PM version (manifest.json → 1.28.0) - [x] Security hooks tested (10 scenarios, all pass, <30ms performance) ### References Version: 1.28.0 (Gravity PM ID: 137)

Gravity Bot added 8 commits

2026-03-16 05:26:16 +00:00

docs(adr): add ADR-008 Claude Code ecosystem tools evaluation fe88771a57

Evaluate Forge, Mission Control, and Agent Deck for integration with
Gravity PM. Decision: cherry-pick two security hooks from Forge
(output-secret-filter, security-auto-trigger), skip all other tools.

Refs OP#1936

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix(skills): remove unregistered /humanize trigger from gt-writing-quality 658fc22fec

The trigger conditions listed /humanize as a valid slash command but
gravity-skills.tsv only registers /writing-quality. Removes the dead
reference to prevent confusion.

Closes OP#2241

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs(guides): add MCP server inventory 213135cb69

Catalogue all active MCP servers (gitea, openproject, cloud Gmail/Calendar),
hooks (format-on-edit), and shell aliases. Provides a single reference for
the development environment's MCP configuration.

Closes OP#2001

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(hooks): add output-secret-filter and security-auto-trigger hooks 034041c374

Cherry-pick and adapt two security hooks from claude-forge per ADR-008:

- output-secret-filter.sh: PostToolUse hook that detects API keys, bearer
  tokens, private keys, and credentials in tool output. Masks them before
  they enter conversation history.

- security-auto-trigger.sh: PostToolUse hook on Edit|Write that detects
  modifications to security-sensitive files and suggests review.

Both hooks adapted from sangrokjung/claude-forge with: OPENCLAW_SESSION_ID
gate removed (always active), English messages, Gitea token pattern added.

Manifest updated to deploy hooks. Settings updated to register hooks.

Closes OP#1995

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

merge: integrate feature/1933-mission-control-mcp into version branch 932dc3e041

Brings in MCP server inventory documentation (OP#2001).
Mission control tasks #1997-#2000 closed per ADR-008 skip decision.

merge: integrate feature/1934-claude-forge-hooks into version branch c7a6f25c7d

Brings in two cherry-picked security hooks from Claude Forge (ADR-008):
- output-secret-filter.sh (PostToolUse)
- security-auto-trigger.sh (PostToolUse on Edit|Write)

Plus manifest and settings updates for deployment.

merge: integrate feature/1933-ecosystem-tools-and-hooks into develop 33e9047e4e

v1.28.0 implementation: ADR-008 ecosystem tools evaluation, security hooks,
MCP inventory, /humanize fix.

chore(release): bump version to 1.28.0

CI / json-check (pull_request) Successful in 7s

Details

PR Validation / validate-branch (pull_request) Successful in 3s

Details

CI / security (pull_request) Successful in 9s

Details

CI / lua-check (pull_request) Successful in 11s

Details

CI / manifest (pull_request) Successful in 8s

Details

PR Validation / validate-release-pr (pull_request) Successful in 5s

Details

CI / sast (pull_request) Successful in 14s

Details

c134291c96

Refs OP#2003

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Mike Bros pinned this

2026-03-16 05:31:17 +00:00

Mike Bros unpinned this

2026-03-16 05:31:20 +00:00

Mike Bros approved these changes

2026-03-16 05:42:23 +00:00

Mike Bros merged commit 7e233469a5 into master

2026-03-16 05:42:35 +00:00

Mike Bros referenced this pull request from a commit

2026-03-16 05:42:37 +00:00

Merge pull request 'Release v1.28.0 — Mission Control MCP & Claude Forge Security Hooks' (!53) from release/1.28.0 into master

No reviewers

No labels

No milestone

No project

No assignees

2 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

mike/kickstart.nvim!53

No description provided.

Rows
Columns