chore: bump version to 1.17.0 + document inline-db-mutation family in README

Bumps all four version-bearing manifests:
- package.json
- .claude-plugin/plugin.json
- .claude-plugin/marketplace.json (root version + plugins[0].version)
- README.md "Version: 1.17.0" header line

README additions:
- New bullet under the Bash hooks section describing all six
  inline-db-mutation-* rules, the shared bypass marker
  `db-mutation-rule`, and the per-repo sentinel
  `.no-make-no-mistakes-db-mutation`.
- New section under "Bypassing a rule" listing the v1.17.0 marker
  alongside the existing Tier 1 markers, and documenting the
  per-repo sentinel escape hatch.

CHANGELOG entry comes in the next commit per project convention.

Author: lapc506

.claude-plugin/marketplace.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
   "name": "make-no-mistakes",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, manage sessions, and stash secrets via OS-native prompts. One plugin to make no mistakes.",
   "owner": {
     "name": "Luis Andres Pena Castillo",
@@ -11,7 +11,7 @@
     {
       "name": "make-no-mistakes",
       "description": "Dev lifecycle orchestrator: disciplined Linear issue execution with worktree isolation, PR review with Greptile gating, team release sync, E2E test generation and execution, test suite previewer, security pentesting, MoSCoW + RICE prioritization, cross-platform secret stash via OS-native GUI prompts (zenity / kdialog / osascript / Get-Credential), and session management. 18 commands, 6 auto-activating skills, 2 specialized agents.",
-      "version": "1.16.0",
+      "version": "1.17.0",
       "author": {
         "name": "Luis Andres Pena Castillo",
         "email": "lapc506@users.noreply.github.com"

.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "make-no-mistakes",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, manage sessions, stash secrets, and enforce manifest-driven tool-call hooks. One plugin to make no mistakes.",
   "author": {
     "name": "Luis Andres Pena Castillo",

README.md

@@ -1,6 +1,6 @@
 # make-no-mistakes
 
-**Version: 1.16.0** · [CHANGELOG](./CHANGELOG.md) · [Marketplace](https://github.com/DojoCodingLabs/make-no-mistakes-toolkit)
+**Version: 1.17.0** · [CHANGELOG](./CHANGELOG.md) · [Marketplace](https://github.com/DojoCodingLabs/make-no-mistakes-toolkit)
 
 The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, and manage sessions. One plugin to make no mistakes.
 
@@ -245,7 +245,8 @@ the manifest-driven hooks in `hooks/rules/rules.yaml`. The Tier 1 ruleset
 ships 10 rules:
 
 **PreToolUse on `Bash` (block by default):**
-- `ssh-db-mutation` — blocks `gcloud compute ssh ... --command="...php -r/mysql/set_config..."` (forces use of versioned scripts)
+- `ssh-db-mutation` — blocks `gcloud compute ssh ... --command="...php -r/mysql/set_config..."` (Moodle-flavoured SSH payloads)
+- `inline-db-mutation-mysql` / `-psql` / `-sqlite` / `-mongo` / `-redis` / `-gcloud-sql` — blocks inline DB mutations across any CLI (`mysql -e "UPDATE..."`, `psql -c "INSERT..."`, `sqlite3 path "DROP..."`, `mongo --eval "db.x.update(...)"`, `redis-cli SET/DEL/FLUSHALL`, `gcloud sql import/export`). Forces use of a versioned script under `scripts/` or `bin/`. SELECT-only reads are never blocked. Per-rule bypass via `# hook-bypass: db-mutation-rule`; per-repo opt-out via `touch .no-make-no-mistakes-db-mutation` at the root (memory: `feedback_scripts_not_db.md`).
 - `prod-ops-no-approval` — blocks `--project=*-prod` operations without explicit acknowledgement
 - `destructive-db-ops` — blocks `supabase db reset|push|repair` and inline `DROP/TRUNCATE/DELETE FROM`
 - `manual-edge-fn-deploy` — blocks `supabase functions deploy` (forces CI-only deploys)
@@ -274,8 +275,18 @@ command or content to acknowledge the rule and proceed:
 # // hook-bypass: edge-fn-manual
 # // hook-bypass: minified-build
 # // hook-bypass: secret-leak
+
+# Bypass marker shipped in v1.17.0 inline-db-mutation family:
+# // hook-bypass: db-mutation-rule
 ```
 
+Some rules (e.g., the v1.17.0 inline-DB-mutation family) also support a
+per-repo escape hatch: drop a sentinel file at the repo root and the rule
+becomes a no-op in that repo. The current sentinel filenames are:
+
+- `.no-make-no-mistakes-db-mutation` — disables all six
+  `inline-db-mutation-*` rules in the repo
+
 Bypasses are explicit acknowledgements — they sit inside the command/content
 itself, not as silent flags.
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lapc506/make-no-mistakes",
-  "version": "1.16.0",
+  "version": "1.17.0",
   "description": "The disciplined dev lifecycle — implement issues, review PRs, sync releases, test E2E, manage sessions, stash secrets, and enforce manifest-driven tool-call hooks (no SSH+DB, no manual prod, no minified build, no secret leaks, Slack format). OpenCode + Claude Code plugin.",
   "type": "module",
   "main": "./dist/index.js",