elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-14 02:10:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: record AgentShield provenance evidence (#1793)

Browse Source
This commit is contained in:
Affaan Mustafa 2026-05-12 06:06:11 -04:00 committed by GitHub
parent 0e40ff640c
commit a7699d04ba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ECC-2.0-GA-ROADMAP.md
View File

@ -49,6 +49,9 @@ As of 2026-05-12:
- AgentShield PR #57 added OSS, team, enterprise, regulated, - AgentShield PR #57 added OSS, team, enterprise, regulated,
high-risk-hooks/MCP, and CI-enforcement policy-pack presets plus high-risk-hooks/MCP, and CI-enforcement policy-pack presets plus
`agentshield policy init --pack`. `agentshield policy init --pack`.
- AgentShield PR #58 added MCP package provenance fields and report-level
counts for npm vs git, pinned vs unpinned, known-good, and registry-backed
supply-chain evidence.
- ECC PR #1778 recovered the useful stale #1413 network/homelab architect-agent - ECC PR #1778 recovered the useful stale #1413 network/homelab architect-agent
concepts. concepts.
- ECC-Tools PR #26 added cost/token-risk predictive follow-ups for AI routing, - ECC-Tools PR #26 added cost/token-risk predictive follow-ups for AI routing,
@ -168,8 +171,8 @@ Acceptance:
counts for branch-protection and CI evidence. counts for branch-protection and CI evidence.
- Policy packs are defined for OSS, team, enterprise, regulated, high-risk - Policy packs are defined for OSS, team, enterprise, regulated, high-risk
hooks/MCP, and CI enforcement. hooks/MCP, and CI enforcement.
- Supply-chain intelligence plan covers MCP package provenance, npm/pip - Supply-chain intelligence covers MCP package provenance and has an extension
reputation, CVEs, typosquats, and dependency risk. path for npm/pip reputation, CVEs, typosquats, and dependency risk.
- Prompt-injection corpus and regression benchmark are ready for continuous - Prompt-injection corpus and regression benchmark are ready for continuous
rule hardening. rule hardening.
- Enterprise reports include JSON plus HTML/PDF or equivalent executive output. - Enterprise reports include JSON plus HTML/PDF or equivalent executive output.
@ -215,7 +218,7 @@ Acceptance:
## Next Engineering Slices ## Next Engineering Slices
1. Continue AgentShield enterprise supply-chain intelligence and reporting in 1. Extend AgentShield enterprise reporting beyond terminal/JSON supply-chain
the AgentShield repo. evidence toward executive HTML/PDF or equivalent report output.
2. Audit ECC Tools billing, entitlement, and marketplace surfaces before any 2. Audit ECC Tools billing, entitlement, and marketplace surfaces before any
native GitHub payments announcement. native GitHub payments announcement.