Read-only security audit tooling aligned with GRACE-Poly v2.6 and axiom MCP scan capabilities. Combines code+secrets (S1–S3), supply-chain (S4), and runtime/config (S5–S7) projections into a single severity-ranked report with OWASP/CWE references. Agent: .opencode/agents/security-auditor.md - mode: all, edit: deny (hard read-only contract) - 7 orthogonal projections with pattern catalogs for secrets, Python SAST, Svelte/TS SAST, dependency audit, config/runtime, contract coverage, and logging hygiene - Maps findings to CVSS v3.1 severity bands, CWE, and OWASP Top 10 - Mirrors qa-tester P1–P7 anti-loop protocol for [ATTEMPT: N] ladder - Anti-corruption §VIII: tooling absence is reported as Info finding, never silently dropped Command: .opencode/command/security.audit.md - Dispatches security-auditor subagent via axiom MCP scan - Supports --floor, --profile, --ci (exit code 0/1/2 for CI gates) - PCAM worker packet contract; severity floor + suppression footer Mirrored to .agents/agents/ and .agents/commands/ per repo convention.
9.5 KiB
description
| description |
|---|
| Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent. |
User Input
$ARGUMENTS
You MUST consider the user input before proceeding (if not empty).
Argument Parsing
The argument string follows this grammar:
security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci]
| Argument | Default | Effect |
|---|---|---|
scope (first positional) |
full |
One of: full, backend, frontend, infra, deps |
--floor=critical |
info |
Suppress findings below the floor in main report; show in Suppressed footer |
--floor=high |
info |
Suppress Medium/Low/Info |
--floor=medium |
info |
Suppress Low/Info |
--profile=strict |
default |
Pass scan_profile=strict to axiom audit scan |
--ci |
off | Non-interactive mode: suppress Next Action line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL) |
Examples:
security.audit— full scope, all severitiessecurity.audit backend --floor=high— backend only, suppress Medium/Low/Infosecurity.audit deps --profile=strict --ci— dependencies only, strict scan, CI modesecurity.audit frontend --floor=critical— frontend only, Critical-only report
If $ARGUMENTS is empty, run with defaults: full scope, no floor, default profile, interactive mode.
Required Skills
MANDATORY USE skill({name="semantics-core"}), skill({name="semantics-contracts"}), skill({name="molecular-cot-logging"}), skill({name="semantics-python"}), skill({name="semantics-svelte"})
Goal
Produce a Security Audit Report for the superset-tools repository by dispatching the security-auditor subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is edit: deny by hard permission.
Operating Constraints
- ROLE: Orchestrator — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent.
- MCP-FIRST — use AXIOM for index health check before dispatch, and rely on the agent's own
audit/searchoperations for projections. - STRICT ADHERENCE — follow:
skill({name="semantics-core"})for tier/anchor/Axiom referenceskill({name="semantics-contracts"})for anti-corruption §VIIIskill({name="molecular-cot-logging"})for REASON/REFLECT/EXPLORE emissionskill({name="semantics-python"})andskill({name="semantics-svelte"})for stack conventions the agent audits against
- NON-DESTRUCTIVE — this command is read-only by contract. No file edits. No commits. No patches applied.
- NO FALSE-POSITIVE INFLATION — the security-auditor agent downgrades test fixtures and
@REJECTEDpaths. Do not re-inflate them in the orchestration step. - DECISION-MEMORY CONTINUITY — surface S6 contract gaps (security-critical contracts missing
@INVARIANT/@RATIONALE/@REJECTED) verbatim. Do not compress away. - CI MODE BEHAVIOR — when
--ciis set, suppress theNext Actionline and emit exit code:- 0 →
PASS(zero Critical, zero High) - 1 →
NEEDS_REVIEW(zero Critical, ≥1 High or Medium) - 2 →
FAIL(≥1 Critical)
- 0 →
- LANGUAGE-AWARE — Python uses
# #region; Svelte HTML uses<!-- #region -->; Svelte script uses// #region. The agent respects this in its contract coverage gate (S6).
Execution Steps
1. Parse Arguments
Extract:
scope(first positional token, defaultfull)floor(from--floor=, defaultinfo)profile(from--profile=, defaultdefault)ciflag (from--ci, default false)
Validate scope ∈ {full, backend, frontend, infra, deps} and floor ∈ {critical, high, medium, low, info}. Reject invalid input with a clear error.
2. Index Health Gate (PCAM: Constraints)
Run search tool with operation="status" to confirm axiom is healthy.
- If
statusreportsstaleorunhealthy:- Run
searchtool withoperation="rebuild" rebuild_mode="full"(may take 2+ minutes on large repos). - Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run."
- Run
- If
rebuildfails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial).
3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance)
Construct the following packet and pass it to the task tool when dispatching security-auditor:
### Purpose
Run a read-only security audit on scope=<scope> with floor=<floor> and profile=<profile>.
### Constraints
- Read-only by hard contract. No `edit`, `write`, or git operations.
- Axiom MCP `audit scan` with `scan_profile="<profile>"` and `selection_mode` based on floor:
- floor=critical → `selection_mode="critical_only"`
- floor=high → `selection_mode="high_only"`
- else → `selection_mode="all"`
- Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`.
- Follow the agent's seven orthogonal projections (S1–S7) per its Core Mandate.
### Autonomy
- Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`.
- Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos).
- Browser: denied.
### Acceptance
- One Security Audit Report emitted matching the agent's Output Contract.
- Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation.
- Severity floor applied; suppressed count in footer.
- Tooling-absence findings reported as `Info`, never silently dropped.
- No `edit` tool calls in the agent's transcript.
4. Dispatch Agent
Call the task tool with:
subagent_type: "security-auditor"prompt: the worker packet from Step 3description: "Security audit "
Wait for the agent to return its report. Do NOT do parallel re-scans.
5. Compose User-Facing Report
When the agent returns, post-process the report:
- Severity floor filter (if not already applied by the agent):
- Re-apply floor to the Critical/High/Medium/Low/Info sections.
- Move suppressed findings to a
Suppressed (N below floor=<floor>)footer line.
- Collapse Medium to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule).
- Surface Critical/High fully — no truncation, no compression.
- Strip raw scanner output — pip-audit JSON, bandit verbose output,
rgbyte counts are noise. Keep only the structured findings. - Add Tooling Matrix if the agent didn't already include it.
- CI mode handling:
- If
--ciflag set: emit only the Projection Summary + Critical/High tables + exit code. - Else: emit full report including
Next Action.
- If
6. Routing Decision (Non-CI Mode)
If the report contains ≥1 Critical or ≥3 High findings, suggest one routing line in the Next Action section:
Next Action: Route <N> Critical + <M> High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit.
Do not dispatch the coders from this command — the user reviews the report and confirms. The command is task: deny for coders by design (orchestrator-only).
7. Exit Code (CI Mode Only)
If --ci flag set:
- 0 if verdict=PASS
- 1 if verdict=NEEDS_REVIEW
- 2 if verdict=FAIL
- 3 if agent emitted
<ESCALATION>(treated as error in CI)
Print exit code to stderr (or set $? appropriately when the command framework supports it).
Output
Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7.
The output structure follows the agent's Output Contract:
## Security Audit Report: <scope> (floor=<floor>, profile=<profile>)
### Verdict: [PASS / NEEDS_REVIEW / FAIL]
### Projection Summary
| # | Projection | Critical | High | Medium | Low | Info | Status |
|---|-----------|----------|------|--------|-----|------|--------|
| S1 | Secrets & Credentials | ... |
| ... | ... | ... |
### Critical Findings
[full table]
### High Findings
[full table]
### Medium Findings
[summary table if >5, else full]
### Low & Info Findings
[bulleted list]
### Suppressed
[N findings below floor=<floor>]
### Decision-Memory / Contract Gaps (S6)
[verbatim from agent]
### Cross-Projection Taint (Critical/High only)
[from agent's impact_analysis]
### Tooling Matrix
[from agent]
### Next Action
[autonomous / needs_human_intent / ready_for_review]
[optional routing suggestion]
Anti-Patterns
| ❌ Don't | ✅ Do |
|---|---|
Run rg/bandit/pip-audit yourself from this command |
Delegate to security-auditor subagent |
| Compress Critical/High findings to fit a height limit | Show Critical/High in full |
| Emit the agent's raw transcript | Post-process per Step 5 |
| Apply patches inline when a Critical is found | Surface as Next Action; let user confirm |
| Skip the index-health gate | Always check axiom status first |
| Treat tooling absence as "all clean" | Surface as Info finding |
| Re-inflate test-fixture findings the agent downgraded | Trust the agent's classification |
| Route to coders automatically | Suggest routing; let user dispatch |