refactor: Restructure install options for clarity

Create three clear install tiers:
- [developer] - Lightweight for individual developers (recommended)
- [enterprise] - Backend + auth for teams (production deployment)
- [healthcare] - Enterprise + HIPAA/GDPR compliance (regulated industries)

Changes:
- New [developer] extra: LLM + agents + software plugins (no backend)
- New [enterprise] extra: [developer] + FastAPI + bcrypt + JWT
- Updated [healthcare]: Now includes [enterprise] + redis + compliance
- Updated [all]: Now includes bcrypt and PyJWT (was missing)
- README: Recommend [developer] instead of [full] for quick start
- README: Added collapsible section explaining differences

Impact:
- Individual developers no longer forced to install enterprise features
- Healthcare features now properly isolated to [healthcare] extra
- Clear separation of concerns: dev tools vs production backend
- Backwards compatible: [full] still exists as alias to [developer]

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

Author: 2 people

README.md

@@ -9,7 +9,7 @@
 [![Python](https://img.shields.io/badge/python-3.10+-blue)](https://www.python.org)
 
 ```bash
-pip install empathy-framework[full]
+pip install empathy-framework[developer]  # Lightweight for individual developers
 ```
 
 ## What's New in v3.6.0
@@ -123,10 +123,37 @@ See ESLintParser, PylintParser, or MyPyParser for examples.
 
 ### 1. Install
 
+**Individual Developers (Recommended):**
+
 ```bash
-pip install empathy-framework[full]
+pip install empathy-framework[developer]
 ```
 
+**Teams/Enterprises (Backend + Auth):**
+
+```bash
+pip install empathy-framework[enterprise]
+```
+
+**Healthcare Organizations (HIPAA/GDPR Compliance):**
+
+```bash
+pip install empathy-framework[healthcare]
+```
+
+<details>
+<summary><b>What's the difference?</b></summary>
+
+- **`[developer]`** - Lightweight install for individual developers. Includes CLI tools, VSCode extension, LLM providers, agents. **No backend server needed.**
+
+- **`[enterprise]`** - Everything in `[developer]` plus backend API server with authentication (bcrypt, JWT, rate limiting). For teams deploying to production.
+
+- **`[healthcare]`** - Everything in `[enterprise]` plus HIPAA/GDPR compliance database, redis, and healthcare-specific plugins. Only needed for regulated industries.
+
+**Most developers should use `[developer]`** - it's fast to install and has everything you need for software development.
+
+</details>
+
 ### 2. Configure Provider
 
 ```bash

pyproject.toml

@@ -89,10 +89,28 @@ crewai = [
     "crewai>=0.1.0,<1.0.0",
 ]
 
-# Plugin-specific dependencies
+# Healthcare organizations - enterprise + compliance + healthcare plugins
+# NOTE: Only install this if you need HIPAA/GDPR compliance features
 healthcare = [
+    # Everything in enterprise
+    "anthropic>=0.25.0,<1.0.0",
+    "openai>=1.12.0,<2.0.0",
+    "google-generativeai>=0.3.0,<1.0.0",
+    "memdocs>=1.0.0",
+    "langchain>=1.0.0,<2.0.0",
+    "langchain-core>=1.2.5,<2.0.0",
+    "langchain-text-splitters>=0.3.9,<0.4.0",
+    "langgraph>=1.0.0,<2.0.0",
+    "langgraph-checkpoint>=3.0.0,<4.0.0",
+    "marshmallow>=4.1.2,<5.0.0",
     "python-docx>=0.8.11,<1.0.0",
     "pyyaml>=6.0,<7.0",
+    "fastapi>=0.109.1,<1.0.0",
+    "uvicorn>=0.20.0,<1.0.0",
+    "starlette>=0.40.0,<1.0.0",
+    "bcrypt>=4.0.0,<5.0.0",
+    "PyJWT[crypto]>=2.8.0",
+    # Healthcare-specific dependencies
     "redis>=5.0.0,<6.0.0",  # For session management and real-time alerts
 ]
 
@@ -146,7 +164,50 @@ dev = [
     "fastapi>=0.109.1,<1.0.0",  # For wizard API tests
 ]
 
-# Complete installation with Claude Code + MemDocs transformative stack
+# Individual developers - lightweight, software development focused
+developer = [
+    # LLM providers
+    "anthropic>=0.25.0,<1.0.0",
+    "openai>=1.12.0,<2.0.0",
+    "google-generativeai>=0.3.0,<1.0.0",
+    # MemDocs integration
+    "memdocs>=1.0.0",
+    # Agents (updated for security fixes)
+    "langchain>=1.0.0,<2.0.0",
+    "langchain-core>=1.2.5,<2.0.0",  # 1.2.5+ has security fixes
+    "langchain-text-splitters>=0.3.9,<0.4.0",
+    "langgraph>=1.0.0,<2.0.0",  # 1.0+ required for langgraph-checkpoint 3.0 (RCE fix)
+    "langgraph-checkpoint>=3.0.0,<4.0.0",  # Security: GHSA-wwqv-p2pp-99h5 (RCE fix)
+    "marshmallow>=4.1.2,<5.0.0",  # Security: GHSA-428g-f7cq-pgp5
+    # Software development plugins
+    "python-docx>=0.8.11,<1.0.0",
+    "pyyaml>=6.0,<7.0",
+]
+
+# Teams/enterprises - backend + authentication + compliance (excludes healthcare)
+enterprise = [
+    # Everything in developer
+    "anthropic>=0.25.0,<1.0.0",
+    "openai>=1.12.0,<2.0.0",
+    "google-generativeai>=0.3.0,<1.0.0",
+    "memdocs>=1.0.0",
+    "langchain>=1.0.0,<2.0.0",
+    "langchain-core>=1.2.5,<2.0.0",
+    "langchain-text-splitters>=0.3.9,<0.4.0",
+    "langgraph>=1.0.0,<2.0.0",
+    "langgraph-checkpoint>=3.0.0,<4.0.0",
+    "marshmallow>=4.1.2,<5.0.0",
+    "python-docx>=0.8.11,<1.0.0",
+    "pyyaml>=6.0,<7.0",
+    # Backend API server with authentication
+    "fastapi>=0.109.1,<1.0.0",
+    "uvicorn>=0.20.0,<1.0.0",
+    "starlette>=0.40.0,<1.0.0",
+    "bcrypt>=4.0.0,<5.0.0",  # Secure password hashing
+    "PyJWT[crypto]>=2.8.0",  # JWT authentication
+]
+
+# Alias for backwards compatibility (maps to developer)
 full = [
     # LLM providers
     "anthropic>=0.25.0,<1.0.0",
@@ -184,10 +245,12 @@ all = [
     # Plugins
     "python-docx>=0.8.11,<1.0.0",
     "pyyaml>=6.0,<7.0",
-    # Backend
+    # Backend with authentication
     "fastapi>=0.109.1,<1.0.0",  # CVE fix
     "uvicorn>=0.20.0,<1.0.0",
     "starlette>=0.40.0,<1.0.0",  # CVE fix
+    "bcrypt>=4.0.0,<5.0.0",  # Secure password hashing
+    "PyJWT[crypto]>=2.8.0",  # JWT authentication
     # LSP
     "pygls>=1.0.0,<2.0.0",
     "lsprotocol>=2023.0.0,<2024.0.0",