docs: align security exemption workflow guidance

[cursor]

Description

Updates existing documentation and prompt guidance to match the current STO security exemption execute behavior and refreshes related setup/tooling references.

Docs added/updated:

• README.md: STO security_exemption execute workflow, current tool inventory, docs/schema maintenance commands.
• docs/gemini.md: current tool/resource/toolset counts, harness_schema, optional org/project setup, exemption promotion capability.
• docs/testing/security_exemption/test_plan.md and test_report.md: current approve/reject/promote examples and expected results.
• CONTRIBUTING.md: canonical repository URL, 11 generic tools, docs/schema scripts.
• src/prompts/exemption-review.ts: prompt guidance for project-only approve vs scoped promote.
• tasks/todo.md: automation plan and verification record.

Codepaths covered:

• src/registry/toolsets/sto.ts security exemption execute actions: approve, reject, promote.
• src/tools/index.ts generic tool registration including harness_schema.
• src/config.ts optional HARNESS_ORG / HARNESS_PROJECT behavior.

Key knowledge gaps addressed:

• Clarifies that approve is project-scope only.
• Clarifies that promote approves and promotes in one call and requires body.scope; PIPELINE and TARGET also require the corresponding IDs.
• Clarifies approver_id is optional because the server derives it from the authenticated user when omitted.
• Removes setup examples that implied an org named default is configured by default.

Type of Change

• Bug fix
• New feature
• Refactor
• Documentation
• Other

Checklist

• Tests pass
• Typecheck passes

Verification:

• pnpm build
• pnpm docs:check
• pnpm typecheck

  

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}