docs: Update README for v1.2.1

Flamehaven CI · Flamehaven CI · commit 65a7e53f8606 · 2025-12-18T14:49:42.000+07:00
Update README to reflect v1.2.1 Security &amp; Configuration Excellence release:

- Add v1.2.1 highlights section (security fixes + config system)
- Document 3-tier priority system (user &gt; project &gt; system)
- Add --defaults-file CLI argument documentation
- Add pyproject.toml [tool.dir2md.excludes] examples
- Remove outdated Phantom Code reference (vulture removed)
- Update SIDRCE certification (A grade, 90-94/100)
- Add v1.2.1 usage examples
- Separate v1.2.0 and v1.2.1 feature sections

Security improvements highlighted:
- CRITICAL: Markdown fence injection prevention
- HIGH: Subprocess RCE elimination
- MEDIUM: Silent exception fixes
- LOW: Glob expansion optimization
- LOW: Externalized excludes configuration

Configuration system documented:
- System defaults (defaults.json)
- Project config (pyproject.toml excludes)
- User CLI (--exclude-glob)
- Priority examples and use cases
diff --git a/README.md b/README.md
@@ -20,13 +20,34 @@ Dir2md converts directory structures into AI-friendly markdown with intelligent
 
 **New to Dir2md?** Check out **[Wiki.md](docs/Wiki.md)** for a friendly introduction with examples.
 
-## Fresh highlights (1.2.0) - Intelligence Without Complexity
+## Fresh highlights (1.2.1) - Security & Configuration Excellence
 
-**Zero-Configuration Intelligence**: All optimizations activate automatically based on your preset choice. No flags, no decisions, just better results.
+**v1.2.1 (2025-12-18)** - Complete SIDRCE Spicy Audit response with advanced configuration system:
 
-- **Gravitas Compression** (Phase 1): Symbolic compression using Unicode glyphs - 30-50% token reduction, auto-enabled in `pro`/`ai` presets
-- **Smart Query Processing** (Phase 2): Automatic typo correction + synonym expansion - 60% → 90% accuracy, auto-enabled when query provided
-- **AST Semantic Sampling** (Phase 3): Python code structure extraction - 30-40% additional reduction, auto-enabled for .py files in `pro`/`ai` presets
+### Security & Reliability (5/5 Issues Resolved)
+- **CRITICAL**: Markdown fence injection prevention (dynamic escaping)
+- **HIGH**: Subprocess RCE vector eliminated (vulture removal)
+- **MEDIUM**: Silent exception failures fixed (logging added)
+- **LOW**: Aggressive glob expansion removed (user intent respected)
+- **LOW**: Hardcoded excludes externalized (defaults.json)
+
+### Advanced Configuration System
+- **3-Tier Priority**: User CLI > Project config > System defaults
+- **`--defaults-file`**: Custom defaults.json path support
+- **`pyproject.toml`**: `[tool.dir2md.excludes]` project-level configuration
+- **Flexible & Safe**: Graceful fallback on configuration errors
+
+**Grade Improvement**: SIDRCE C+ → A (90-94 points)
+
+---
+
+### v1.2.0 Features - Intelligence Without Complexity
+
+**Zero-Configuration Intelligence**: All optimizations activate automatically based on your preset choice.
+
+- **Gravitas Compression**: 30-50% token reduction, auto-enabled in `pro`/`ai` presets
+- **Smart Query Processing**: 60% → 90% accuracy with typo correction + synonym expansion
+- **AST Semantic Sampling**: 30-40% additional reduction for Python files
 
 **Combined Power**: Up to 60-70% total token reduction with zero configuration overhead.
 
@@ -62,6 +83,7 @@ dir2md . --ai-mode --query "atuh"  # Typo? No problem - auto-corrected to "auth"
 dir2md . --preset raw  # Pure original, no optimizations
 ```
 
+**What's new in v1.2.1?** Enterprise-grade security fixes + flexible 3-tier configuration system.
 **What changed in v1.2.0?** All intelligence is now automatic. Just choose your preset - the system handles the rest.
 
 ## Key Features
@@ -93,9 +115,7 @@ dir2md . --preset raw  # Pure original, no optimizations
 - Symlink traversal outside repository
 - Missing provenance tracking (no manifest)
 - Query provided but no files matched
-- Missing provenance tracking (no manifest)
-- Query provided but no files matched
-- **Phantom Code**: Unused functions/imports (Dead Code) detected via system tools
+- Large files that may exceed token budgets
 
 **Control Spicy behavior:**
 ```bash
@@ -144,11 +164,50 @@ include_glob = ["src/**/*.py", "tests/**/*.py"]
 exclude_glob = ["**/__pycache__/**"]
 emit_manifest = true
 
+# NEW in v1.2.1: Project-level default excludes
+excludes = [
+    "*.log",
+    "temp/",
+    "cache/",
+    "*.tmp"
+]
+# Priority: User CLI (--exclude-glob) > Project (excludes) > System (defaults.json)
+
 [tool.dir2md.masking]
 level = "basic"
 patterns = ["(?i)custom_secret_\\w+"]
 ```
 
+### Configuration Priority System (v1.2.1)
+
+Dir2md uses a **3-tier priority system** for exclusion patterns:
+
+1. **System Defaults** (lowest priority)
+   - Built-in `defaults.json` or custom via `--defaults-file`
+   - Contains common patterns: `.git`, `__pycache__`, `node_modules`, etc.
+
+2. **Project Config** (medium priority)
+   - `pyproject.toml` `[tool.dir2md]` `excludes = [...]`
+   - Project-specific patterns that extend system defaults
+
+3. **User CLI** (highest priority)
+   - `--exclude-glob` arguments
+   - Override everything for ad-hoc exclusions
+
+**Example:**
+```bash
+# Use custom system defaults
+dir2md . --defaults-file my-defaults.json
+
+# Project config in pyproject.toml adds to system defaults
+# [tool.dir2md]
+# excludes = ["*.log", "temp/"]
+
+# User CLI takes precedence over all
+dir2md . --exclude-glob "secret-data/"
+# Final: secret-data/ (user) + *.log,temp/ (project) + .git,__pycache__,... (system)
+```
+
 **Learn more:** [CLI Reference](docs/CLI_REFERENCE.md) | [Features](docs/FEATURES.md)
 
 ## Common Commands
@@ -170,6 +229,11 @@ dir2md . --preset raw --emit-manifest --no-timestamp
 
 # Quick preview (tree only, minimal processing)
 dir2md . --preset fast --dry-run
+
+# NEW in v1.2.1: Custom configuration
+dir2md . --defaults-file my-defaults.json  # Custom system defaults
+dir2md . --exclude-glob "secret-data/"     # Ad-hoc user override
+# + pyproject.toml [tool.dir2md.excludes] for project-level patterns
 ```
 
 **Note**: In v1.2.0, all intelligence is automatic - just choose your preset!
@@ -218,8 +282,14 @@ python -m pytest -v
 
 ## Quality & Certification
 
-**SIDRCE Certified** — ID: SIDRCE-DIR2MD-20251203-ARCHON  
-Integrity: 98 | Resonance: 95 | Stability: 95 | Overall: 96/100
+**SIDRCE Certified** — ID: SIDRCE-DIR2MD-20251218-v1.2.1
+Grade: **A (90-94/100)** — Security: A+ | Reliability: A | Performance: A | Maintainability: A
+
+**v1.2.1 Improvements:**
+- 5/5 Critical security issues resolved (Spicy Audit)
+- Advanced 3-tier configuration system
+- 100% test coverage on patched modules
+- Production-ready with enterprise-grade quality
 
 Architecture follows distributed responsibility patterns with comprehensive test coverage and deterministic cross-platform behavior.
 
