--- description: Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent. --- ## User Input ```text $ARGUMENTS ``` You **MUST** consider the user input before proceeding (if not empty). ### Argument Parsing The argument string follows this grammar: ``` security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci] ``` | Argument | Default | Effect | |----------|---------|--------| | `scope` (first positional) | `full` | One of: `full`, `backend`, `frontend`, `infra`, `deps` | | `--floor=critical` | `info` | Suppress findings below the floor in main report; show in Suppressed footer | | `--floor=high` | `info` | Suppress `Medium`/`Low`/`Info` | | `--floor=medium` | `info` | Suppress `Low`/`Info` | | `--profile=strict` | `default` | Pass `scan_profile=strict` to axiom `audit scan` | | `--ci` | off | Non-interactive mode: suppress `Next Action` line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL) | Examples: - `security.audit` — full scope, all severities - `security.audit backend --floor=high` — backend only, suppress Medium/Low/Info - `security.audit deps --profile=strict --ci` — dependencies only, strict scan, CI mode - `security.audit frontend --floor=critical` — frontend only, Critical-only report If `$ARGUMENTS` is empty, run with defaults: `full` scope, no floor, `default` profile, interactive mode. ## Required Skills MANDATORY USE `skill({name="semantics-core"})`, `skill({name="semantics-contracts"})`, `skill({name="molecular-cot-logging"})`, `skill({name="semantics-python"})`, `skill({name="semantics-svelte"})` ## Goal Produce a Security Audit Report for the superset-tools repository by dispatching the `security-auditor` subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is `edit: deny` by hard permission. ## Operating Constraints 1. **ROLE: Orchestrator** — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent. 2. **MCP-FIRST** — use AXIOM for index health check before dispatch, and rely on the agent's own `audit`/`search` operations for projections. 3. **STRICT ADHERENCE** — follow: - `skill({name="semantics-core"})` for tier/anchor/Axiom reference - `skill({name="semantics-contracts"})` for anti-corruption §VIII - `skill({name="molecular-cot-logging"})` for REASON/REFLECT/EXPLORE emission - `skill({name="semantics-python"})` and `skill({name="semantics-svelte"})` for stack conventions the agent audits against 4. **NON-DESTRUCTIVE** — this command is read-only by contract. No file edits. No commits. No patches applied. 5. **NO FALSE-POSITIVE INFLATION** — the security-auditor agent downgrades test fixtures and `@REJECTED` paths. Do not re-inflate them in the orchestration step. 6. **DECISION-MEMORY CONTINUITY** — surface S6 contract gaps (security-critical contracts missing `@INVARIANT`/`@RATIONALE`/`@REJECTED`) verbatim. Do not compress away. 7. **CI MODE BEHAVIOR** — when `--ci` is set, suppress the `Next Action` line and emit exit code: - 0 → `PASS` (zero Critical, zero High) - 1 → `NEEDS_REVIEW` (zero Critical, ≥1 High or Medium) - 2 → `FAIL` (≥1 Critical) 8. **LANGUAGE-AWARE** — Python uses `# #region`; Svelte HTML uses ``; Svelte script uses `// #region`. The agent respects this in its contract coverage gate (S6). ## Execution Steps ### 1. Parse Arguments Extract: - `scope` (first positional token, default `full`) - `floor` (from `--floor=`, default `info`) - `profile` (from `--profile=`, default `default`) - `ci` flag (from `--ci`, default false) Validate `scope ∈ {full, backend, frontend, infra, deps}` and `floor ∈ {critical, high, medium, low, info}`. Reject invalid input with a clear error. ### 2. Index Health Gate (PCAM: Constraints) Run `search` tool with `operation="status"` to confirm axiom is healthy. - If `status` reports `stale` or `unhealthy`: - Run `search` tool with `operation="rebuild" rebuild_mode="full"` (may take 2+ minutes on large repos). - Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run." - If `rebuild` fails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial). ### 3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance) Construct the following packet and pass it to the `task` tool when dispatching `security-auditor`: ```markdown ### Purpose Run a read-only security audit on scope= with floor= and profile=. ### Constraints - Read-only by hard contract. No `edit`, `write`, or git operations. - Axiom MCP `audit scan` with `scan_profile=""` and `selection_mode` based on floor: - floor=critical → `selection_mode="critical_only"` - floor=high → `selection_mode="high_only"` - else → `selection_mode="all"` - Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`. - Follow the agent's seven orthogonal projections (S1–S7) per its Core Mandate. ### Autonomy - Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`. - Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos). - Browser: denied. ### Acceptance - One Security Audit Report emitted matching the agent's Output Contract. - Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation. - Severity floor applied; suppressed count in footer. - Tooling-absence findings reported as `Info`, never silently dropped. - No `edit` tool calls in the agent's transcript. ``` ### 4. Dispatch Agent Call the `task` tool with: - `subagent_type: "security-auditor"` - `prompt`: the worker packet from Step 3 - `description`: "Security audit " Wait for the agent to return its report. Do NOT do parallel re-scans. ### 5. Compose User-Facing Report When the agent returns, post-process the report: 1. **Severity floor filter** (if not already applied by the agent): - Re-apply floor to the Critical/High/Medium/Low/Info sections. - Move suppressed findings to a `Suppressed (N below floor=)` footer line. 2. **Collapse Medium** to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule). 3. **Surface Critical/High fully** — no truncation, no compression. 4. **Strip raw scanner output** — pip-audit JSON, bandit verbose output, `rg` byte counts are noise. Keep only the structured findings. 5. **Add Tooling Matrix** if the agent didn't already include it. 6. **CI mode handling**: - If `--ci` flag set: emit only the Projection Summary + Critical/High tables + exit code. - Else: emit full report including `Next Action`. ### 6. Routing Decision (Non-CI Mode) If the report contains ≥1 `Critical` or ≥3 `High` findings, suggest one routing line in the `Next Action` section: ``` Next Action: Route Critical + High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit. ``` Do not dispatch the coders from this command — the user reviews the report and confirms. The command is `task: deny` for coders by design (orchestrator-only). ### 7. Exit Code (CI Mode Only) If `--ci` flag set: - 0 if verdict=PASS - 1 if verdict=NEEDS_REVIEW - 2 if verdict=FAIL - 3 if agent emitted `` (treated as error in CI) Print exit code to stderr (or set `$?` appropriately when the command framework supports it). ## Output Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7. The output structure follows the agent's Output Contract: ```markdown ## Security Audit Report: (floor=, profile=) ### Verdict: [PASS / NEEDS_REVIEW / FAIL] ### Projection Summary | # | Projection | Critical | High | Medium | Low | Info | Status | |---|-----------|----------|------|--------|-----|------|--------| | S1 | Secrets & Credentials | ... | | ... | ... | ... | ### Critical Findings [full table] ### High Findings [full table] ### Medium Findings [summary table if >5, else full] ### Low & Info Findings [bulleted list] ### Suppressed [N findings below floor=] ### Decision-Memory / Contract Gaps (S6) [verbatim from agent] ### Cross-Projection Taint (Critical/High only) [from agent's impact_analysis] ### Tooling Matrix [from agent] ### Next Action [autonomous / needs_human_intent / ready_for_review] [optional routing suggestion] ``` ## Anti-Patterns | ❌ Don't | ✅ Do | |----------|-------| | Run `rg`/`bandit`/`pip-audit` yourself from this command | Delegate to security-auditor subagent | | Compress Critical/High findings to fit a height limit | Show Critical/High in full | | Emit the agent's raw transcript | Post-process per Step 5 | | Apply patches inline when a Critical is found | Surface as `Next Action`; let user confirm | | Skip the index-health gate | Always check axiom status first | | Treat tooling absence as "all clean" | Surface as `Info` finding | | Re-inflate test-fixture findings the agent downgraded | Trust the agent's classification | | Route to coders automatically | Suggest routing; let user dispatch |