Read-only security audit tooling aligned with GRACE-Poly v2.6 and axiom MCP scan capabilities. Combines code+secrets (S1–S3), supply-chain (S4), and runtime/config (S5–S7) projections into a single severity-ranked report with OWASP/CWE references. Agent: .opencode/agents/security-auditor.md - mode: all, edit: deny (hard read-only contract) - 7 orthogonal projections with pattern catalogs for secrets, Python SAST, Svelte/TS SAST, dependency audit, config/runtime, contract coverage, and logging hygiene - Maps findings to CVSS v3.1 severity bands, CWE, and OWASP Top 10 - Mirrors qa-tester P1–P7 anti-loop protocol for [ATTEMPT: N] ladder - Anti-corruption §VIII: tooling absence is reported as Info finding, never silently dropped Command: .opencode/command/security.audit.md - Dispatches security-auditor subagent via axiom MCP scan - Supports --floor, --profile, --ci (exit code 0/1/2 for CI gates) - PCAM worker packet contract; severity floor + suppression footer Mirrored to .agents/agents/ and .agents/commands/ per repo convention.
217 lines
9.5 KiB
Markdown
217 lines
9.5 KiB
Markdown
---
|
||
description: Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent.
|
||
---
|
||
|
||
## User Input
|
||
|
||
```text
|
||
$ARGUMENTS
|
||
```
|
||
|
||
You **MUST** consider the user input before proceeding (if not empty).
|
||
|
||
### Argument Parsing
|
||
|
||
The argument string follows this grammar:
|
||
|
||
```
|
||
security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci]
|
||
```
|
||
|
||
| Argument | Default | Effect |
|
||
|----------|---------|--------|
|
||
| `scope` (first positional) | `full` | One of: `full`, `backend`, `frontend`, `infra`, `deps` |
|
||
| `--floor=critical` | `info` | Suppress findings below the floor in main report; show in Suppressed footer |
|
||
| `--floor=high` | `info` | Suppress `Medium`/`Low`/`Info` |
|
||
| `--floor=medium` | `info` | Suppress `Low`/`Info` |
|
||
| `--profile=strict` | `default` | Pass `scan_profile=strict` to axiom `audit scan` |
|
||
| `--ci` | off | Non-interactive mode: suppress `Next Action` line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL) |
|
||
|
||
Examples:
|
||
- `security.audit` — full scope, all severities
|
||
- `security.audit backend --floor=high` — backend only, suppress Medium/Low/Info
|
||
- `security.audit deps --profile=strict --ci` — dependencies only, strict scan, CI mode
|
||
- `security.audit frontend --floor=critical` — frontend only, Critical-only report
|
||
|
||
If `$ARGUMENTS` is empty, run with defaults: `full` scope, no floor, `default` profile, interactive mode.
|
||
|
||
## Required Skills
|
||
|
||
MANDATORY USE `skill({name="semantics-core"})`, `skill({name="semantics-contracts"})`, `skill({name="molecular-cot-logging"})`, `skill({name="semantics-python"})`, `skill({name="semantics-svelte"})`
|
||
|
||
## Goal
|
||
|
||
Produce a Security Audit Report for the superset-tools repository by dispatching the `security-auditor` subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is `edit: deny` by hard permission.
|
||
|
||
## Operating Constraints
|
||
|
||
1. **ROLE: Orchestrator** — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent.
|
||
2. **MCP-FIRST** — use AXIOM for index health check before dispatch, and rely on the agent's own `audit`/`search` operations for projections.
|
||
3. **STRICT ADHERENCE** — follow:
|
||
- `skill({name="semantics-core"})` for tier/anchor/Axiom reference
|
||
- `skill({name="semantics-contracts"})` for anti-corruption §VIII
|
||
- `skill({name="molecular-cot-logging"})` for REASON/REFLECT/EXPLORE emission
|
||
- `skill({name="semantics-python"})` and `skill({name="semantics-svelte"})` for stack conventions the agent audits against
|
||
4. **NON-DESTRUCTIVE** — this command is read-only by contract. No file edits. No commits. No patches applied.
|
||
5. **NO FALSE-POSITIVE INFLATION** — the security-auditor agent downgrades test fixtures and `@REJECTED` paths. Do not re-inflate them in the orchestration step.
|
||
6. **DECISION-MEMORY CONTINUITY** — surface S6 contract gaps (security-critical contracts missing `@INVARIANT`/`@RATIONALE`/`@REJECTED`) verbatim. Do not compress away.
|
||
7. **CI MODE BEHAVIOR** — when `--ci` is set, suppress the `Next Action` line and emit exit code:
|
||
- 0 → `PASS` (zero Critical, zero High)
|
||
- 1 → `NEEDS_REVIEW` (zero Critical, ≥1 High or Medium)
|
||
- 2 → `FAIL` (≥1 Critical)
|
||
8. **LANGUAGE-AWARE** — Python uses `# #region`; Svelte HTML uses `<!-- #region -->`; Svelte script uses `// #region`. The agent respects this in its contract coverage gate (S6).
|
||
|
||
## Execution Steps
|
||
|
||
### 1. Parse Arguments
|
||
|
||
Extract:
|
||
- `scope` (first positional token, default `full`)
|
||
- `floor` (from `--floor=`, default `info`)
|
||
- `profile` (from `--profile=`, default `default`)
|
||
- `ci` flag (from `--ci`, default false)
|
||
|
||
Validate `scope ∈ {full, backend, frontend, infra, deps}` and `floor ∈ {critical, high, medium, low, info}`. Reject invalid input with a clear error.
|
||
|
||
### 2. Index Health Gate (PCAM: Constraints)
|
||
|
||
Run `search` tool with `operation="status"` to confirm axiom is healthy.
|
||
|
||
- If `status` reports `stale` or `unhealthy`:
|
||
- Run `search` tool with `operation="rebuild" rebuild_mode="full"` (may take 2+ minutes on large repos).
|
||
- Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run."
|
||
- If `rebuild` fails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial).
|
||
|
||
### 3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance)
|
||
|
||
Construct the following packet and pass it to the `task` tool when dispatching `security-auditor`:
|
||
|
||
```markdown
|
||
### Purpose
|
||
Run a read-only security audit on scope=<scope> with floor=<floor> and profile=<profile>.
|
||
|
||
### Constraints
|
||
- Read-only by hard contract. No `edit`, `write`, or git operations.
|
||
- Axiom MCP `audit scan` with `scan_profile="<profile>"` and `selection_mode` based on floor:
|
||
- floor=critical → `selection_mode="critical_only"`
|
||
- floor=high → `selection_mode="high_only"`
|
||
- else → `selection_mode="all"`
|
||
- Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`.
|
||
- Follow the agent's seven orthogonal projections (S1–S7) per its Core Mandate.
|
||
|
||
### Autonomy
|
||
- Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`.
|
||
- Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos).
|
||
- Browser: denied.
|
||
|
||
### Acceptance
|
||
- One Security Audit Report emitted matching the agent's Output Contract.
|
||
- Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation.
|
||
- Severity floor applied; suppressed count in footer.
|
||
- Tooling-absence findings reported as `Info`, never silently dropped.
|
||
- No `edit` tool calls in the agent's transcript.
|
||
```
|
||
|
||
### 4. Dispatch Agent
|
||
|
||
Call the `task` tool with:
|
||
- `subagent_type: "security-auditor"`
|
||
- `prompt`: the worker packet from Step 3
|
||
- `description`: "Security audit <scope>"
|
||
|
||
Wait for the agent to return its report. Do NOT do parallel re-scans.
|
||
|
||
### 5. Compose User-Facing Report
|
||
|
||
When the agent returns, post-process the report:
|
||
|
||
1. **Severity floor filter** (if not already applied by the agent):
|
||
- Re-apply floor to the Critical/High/Medium/Low/Info sections.
|
||
- Move suppressed findings to a `Suppressed (N below floor=<floor>)` footer line.
|
||
2. **Collapse Medium** to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule).
|
||
3. **Surface Critical/High fully** — no truncation, no compression.
|
||
4. **Strip raw scanner output** — pip-audit JSON, bandit verbose output, `rg` byte counts are noise. Keep only the structured findings.
|
||
5. **Add Tooling Matrix** if the agent didn't already include it.
|
||
6. **CI mode handling**:
|
||
- If `--ci` flag set: emit only the Projection Summary + Critical/High tables + exit code.
|
||
- Else: emit full report including `Next Action`.
|
||
|
||
### 6. Routing Decision (Non-CI Mode)
|
||
|
||
If the report contains ≥1 `Critical` or ≥3 `High` findings, suggest one routing line in the `Next Action` section:
|
||
|
||
```
|
||
Next Action: Route <N> Critical + <M> High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit.
|
||
```
|
||
|
||
Do not dispatch the coders from this command — the user reviews the report and confirms. The command is `task: deny` for coders by design (orchestrator-only).
|
||
|
||
### 7. Exit Code (CI Mode Only)
|
||
|
||
If `--ci` flag set:
|
||
- 0 if verdict=PASS
|
||
- 1 if verdict=NEEDS_REVIEW
|
||
- 2 if verdict=FAIL
|
||
- 3 if agent emitted `<ESCALATION>` (treated as error in CI)
|
||
|
||
Print exit code to stderr (or set `$?` appropriately when the command framework supports it).
|
||
|
||
## Output
|
||
|
||
Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7.
|
||
|
||
The output structure follows the agent's Output Contract:
|
||
|
||
```markdown
|
||
## Security Audit Report: <scope> (floor=<floor>, profile=<profile>)
|
||
|
||
### Verdict: [PASS / NEEDS_REVIEW / FAIL]
|
||
|
||
### Projection Summary
|
||
| # | Projection | Critical | High | Medium | Low | Info | Status |
|
||
|---|-----------|----------|------|--------|-----|------|--------|
|
||
| S1 | Secrets & Credentials | ... |
|
||
| ... | ... | ... |
|
||
|
||
### Critical Findings
|
||
[full table]
|
||
|
||
### High Findings
|
||
[full table]
|
||
|
||
### Medium Findings
|
||
[summary table if >5, else full]
|
||
|
||
### Low & Info Findings
|
||
[bulleted list]
|
||
|
||
### Suppressed
|
||
[N findings below floor=<floor>]
|
||
|
||
### Decision-Memory / Contract Gaps (S6)
|
||
[verbatim from agent]
|
||
|
||
### Cross-Projection Taint (Critical/High only)
|
||
[from agent's impact_analysis]
|
||
|
||
### Tooling Matrix
|
||
[from agent]
|
||
|
||
### Next Action
|
||
[autonomous / needs_human_intent / ready_for_review]
|
||
[optional routing suggestion]
|
||
```
|
||
|
||
## Anti-Patterns
|
||
|
||
| ❌ Don't | ✅ Do |
|
||
|----------|-------|
|
||
| Run `rg`/`bandit`/`pip-audit` yourself from this command | Delegate to security-auditor subagent |
|
||
| Compress Critical/High findings to fit a height limit | Show Critical/High in full |
|
||
| Emit the agent's raw transcript | Post-process per Step 5 |
|
||
| Apply patches inline when a Critical is found | Surface as `Next Action`; let user confirm |
|
||
| Skip the index-health gate | Always check axiom status first |
|
||
| Treat tooling absence as "all clean" | Surface as `Info` finding |
|
||
| Re-inflate test-fixture findings the agent downgraded | Trust the agent's classification |
|
||
| Route to coders automatically | Suggest routing; let user dispatch |
|