fix: tool-risk-no-allowlist pattern now matches multi-statement LLM tool invocation (v0.21.1)

feat: add 3 new rule categories for 2026 agentic AI threats

feat: add 4 new rule modules for 2026 agent security threats

feat: add coding-agent-config rules module (21 rules for AI IDE config attacks)

feat(multi-agent-trust): add 5 new rules (session hijacking, A2A callback injection, result tampering, tool whitelist bypass, memory poisoning)

feat(rules): add resource-exhaustion module (9ルール: infinite-loop/recursive-spawn/unbounded-calls/context-flood/prompt-amplification/rate-limit-bypass/denial-of-wallet/memory-write-loop/external-flood, +55テスト, v0.20.17)

feat(rules): add resource-exhaustion module (8ルール: infinite-loop/recursive-self-spawn/unbounded-tool-calls/context-flooding/prompt-amplification/rate-limit-bypass/denial-of-wallet/memory-write-loop/external-service-flood, +55テスト, total 2185)

feat(computer-use): add VPN credential harvest + password manager access rules (+9 tests, v0.20.15)

chore: bump version to 0.20.14

feat(agent-memory): add reflection-loop + cross-session-leak rules and tests (+16 tests, v0.20.14)

feat(a2a): add encryption & OIDC advanced tests (+24 tests, 2137 total) — TLS/HTTP/internal-endpoint/port/OIDC-scheme coverage

feat(mcp-supply-chain): batch 10 — auto-approval/checksum/update-url/CORS/timeout (+24 tests, 2113 total) — Issue #15 complete!

feat(mcp-supply-chain): batch 9 — eval-injection/deserialization/token-stuffing/no-auth/world-readable (+22 tests, 2089 total)

feat(mcp-supply-chain): batch 8 — secret-in-name/SSRF/tool-spoofing/IPC-socket/debug-mode (+20 tests, 2067 total)

feat(mcp-supply-chain): batch 7 — excessive-scopes/persistent-storage/inter-agent/redirect/shadow-registry (+24 tests, 2047 total)