Summary

Rename the security-planning collection to security to broaden the scope from planning-only to the full security domain (review, planning, incident response, risk assessment, vulnerability analysis).

This is a pre-condition for all other MVP security reviewer work. Breaking change — acceptable per copilot-instructions.md.

Acceptance Criteria

• collections/security-planning.collection.yml renamed to collections/security.collection.yml
  • id: security, name: Security, updated description and tags
  • All path: entries updated from security-planning/ to security/
  • Collection level maturity set to experimental
• collections/security-planning.collection.md renamed to collections/security.collection.md
  • Content updated to reflect broader security domain scope
  • Includes [!CAUTION] disclaimer about AI-generated security artifacts
• .github/agents/security-planning/ moved to .github/agents/security/
  • security-plan-creator.agent.md preserved at new path
• .github/prompts/security-planning/ moved to .github/prompts/security/
  • incident-response.prompt.md and risk-register.prompt.md preserved at new paths
• collections/hve-core-all.collection.yml updated (all paths from security-planning/ to security/)
• extension/package.security-planning.json renamed to extension/package.security.json
  • name updated to hve-security, displayName updated to HVE Core - Security
• extension/README.security-planning.md renamed to extension/README.security.md (if exists)
• Old plugins/security-planning/ directory removed
• npm run plugin:generate produces plugins/security/ successfully
• npm run plugin:validate passes
• npm run lint:all passes with no regressions
• No references to security-planning remain in the codebase (search verification)

Context

Discussion #480 consensus: collection scope broadens from "planning" to full security domain. All active participants (katriendg, obrocki, JasonTheDeveloper) agreed. Related to #643 (collection-based directory reorg, mostly implemented) — not a prerequisite but coordinate timing.

Files to Change

Related Issues

Complete this issue before starting the following MVP security reviewer work:

• feat(skills): add owasp-agentic skill for OWASP Agentic Top 10 vulnerability assessment #793 — feat(skills): add owasp-agentic skill
• feat(agents): add security-reviewer agent with OWASP-aligned skill delegation #794 — feat(agents): add security-reviewer agent
• feat(skills): add owasp-top-10 skill for OWASP Top 10 web vulnerability assessment #795 — feat(skills): add owasp-top-10 skill
• feat(skills): add owasp-llm skill for OWASP LLM Top 10 vulnerability assessment #796 — feat(skills): add owasp-llm skill
• feat(prompts): add security review prompts (security-review, security-review-web, security-review-llm) #797 — feat(prompts): add security review prompts
• chore(security): end-to-end validation of security collection MVP #798 — chore(security): end-to-end validation
• chore(collections): add MVP security artifacts to collection manifests #799 — chore(collections): add MVP security artifacts to manifests