Files
ss-tools/.kilo/command/security.audit.md
busya 8c10632494 feat(semantic): curator-driven protocol hardening — decision memory + relation repair
- Add @RATIONALE/@REJECTED to 103+ C4/C5 contracts across backend core, services, API routes, and frontend models
- Fix 109 unresolved @RELATION edges (Auth.*, SupersetClient.*, AgentChat.*, ADR cross-refs)
- Add 13 @ingroup tags for DSA/HCA attention grouping
- Repair 29 stale graph edges via index rebuild
- Update .kilo agent prompts and skills for GRACE-Poly v2.6 compliance
- Git integration: merge routes, branch lifecycle, remote providers, UX components
- 0 broken anchor pairs, index rebuilt with 0 parse warnings
2026-07-02 08:53:19 +03:00

9.5 KiB
Raw Blame History

description
description
Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent.

User Input

$ARGUMENTS

You MUST consider the user input before proceeding (if not empty).

Argument Parsing

The argument string follows this grammar:

security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci]
Argument Default Effect
scope (first positional) full One of: full, backend, frontend, infra, deps
--floor=critical info Suppress findings below the floor in main report; show in Suppressed footer
--floor=high info Suppress Medium/Low/Info
--floor=medium info Suppress Low/Info
--profile=strict default Pass scan_profile=strict to axiom audit scan
--ci off Non-interactive mode: suppress Next Action line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL)

Examples:

  • security.audit — full scope, all severities
  • security.audit backend --floor=high — backend only, suppress Medium/Low/Info
  • security.audit deps --profile=strict --ci — dependencies only, strict scan, CI mode
  • security.audit frontend --floor=critical — frontend only, Critical-only report

If $ARGUMENTS is empty, run with defaults: full scope, no floor, default profile, interactive mode.

Required Skills

MANDATORY USE skill({name="semantics-core"}), skill({name="semantics-contracts"}), skill({name="molecular-cot-logging"}), skill({name="semantics-python"}), skill({name="semantics-svelte"})

Goal

Produce a Security Audit Report for the superset-tools repository by dispatching the security-auditor subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is edit: deny by hard permission.

Operating Constraints

  1. ROLE: Orchestrator — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent.
  2. MCP-FIRST — use AXIOM for index health check before dispatch, and rely on the agent's own audit/search operations for projections.
  3. STRICT ADHERENCE — follow:
    • skill({name="semantics-core"}) for tier/anchor/Axiom reference
    • skill({name="semantics-contracts"}) for anti-corruption §VIII
    • skill({name="molecular-cot-logging"}) for REASON/REFLECT/EXPLORE emission
    • skill({name="semantics-python"}) and skill({name="semantics-svelte"}) for stack conventions the agent audits against
  4. NON-DESTRUCTIVE — this command is read-only by contract. No file edits. No commits. No patches applied.
  5. NO FALSE-POSITIVE INFLATION — the security-auditor agent downgrades test fixtures and @REJECTED paths. Do not re-inflate them in the orchestration step.
  6. DECISION-MEMORY CONTINUITY — surface S6 contract gaps (security-critical contracts missing @INVARIANT/@RATIONALE/@REJECTED) verbatim. Do not compress away.
  7. CI MODE BEHAVIOR — when --ci is set, suppress the Next Action line and emit exit code:
    • 0 → PASS (zero Critical, zero High)
    • 1 → NEEDS_REVIEW (zero Critical, ≥1 High or Medium)
    • 2 → FAIL (≥1 Critical)
  8. LANGUAGE-AWARE — Python uses # #region; Svelte HTML uses <!-- #region -->; Svelte script uses // #region. The agent respects this in its contract coverage gate (S6).

Execution Steps

1. Parse Arguments

Extract:

  • scope (first positional token, default full)
  • floor (from --floor=, default info)
  • profile (from --profile=, default default)
  • ci flag (from --ci, default false)

Validate scope ∈ {full, backend, frontend, infra, deps} and floor ∈ {critical, high, medium, low, info}. Reject invalid input with a clear error.

2. Index Health Gate (PCAM: Constraints)

Run search tool with operation="status" to confirm axiom is healthy.

  • If status reports stale or unhealthy:
    • Run search tool with operation="rebuild" rebuild_mode="full" (may take 2+ minutes on large repos).
    • Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run."
  • If rebuild fails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial).

3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance)

Construct the following packet and pass it to the task tool when dispatching security-auditor:

### Purpose
Run a read-only security audit on scope=<scope> with floor=<floor> and profile=<profile>.

### Constraints
- Read-only by hard contract. No `edit`, `write`, or git operations.
- Axiom MCP `audit scan` with `scan_profile="<profile>"` and `selection_mode` based on floor:
  - floor=critical → `selection_mode="critical_only"`
  - floor=high → `selection_mode="high_only"`
  - else → `selection_mode="all"`
- Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`.
- Follow the agent's seven orthogonal projections (S1S7) per its Core Mandate.

### Autonomy
- Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`.
- Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos).
- Browser: denied.

### Acceptance
- One Security Audit Report emitted matching the agent's Output Contract.
- Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation.
- Severity floor applied; suppressed count in footer.
- Tooling-absence findings reported as `Info`, never silently dropped.
- No `edit` tool calls in the agent's transcript.

4. Dispatch Agent

Call the task tool with:

  • subagent_type: "security-auditor"
  • prompt: the worker packet from Step 3
  • description: "Security audit "

Wait for the agent to return its report. Do NOT do parallel re-scans.

5. Compose User-Facing Report

When the agent returns, post-process the report:

  1. Severity floor filter (if not already applied by the agent):
    • Re-apply floor to the Critical/High/Medium/Low/Info sections.
    • Move suppressed findings to a Suppressed (N below floor=<floor>) footer line.
  2. Collapse Medium to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule).
  3. Surface Critical/High fully — no truncation, no compression.
  4. Strip raw scanner output — pip-audit JSON, bandit verbose output, rg byte counts are noise. Keep only the structured findings.
  5. Add Tooling Matrix if the agent didn't already include it.
  6. CI mode handling:
    • If --ci flag set: emit only the Projection Summary + Critical/High tables + exit code.
    • Else: emit full report including Next Action.

6. Routing Decision (Non-CI Mode)

If the report contains ≥1 Critical or ≥3 High findings, suggest one routing line in the Next Action section:

Next Action: Route <N> Critical + <M> High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit.

Do not dispatch the coders from this command — the user reviews the report and confirms. The command is task: deny for coders by design (orchestrator-only).

7. Exit Code (CI Mode Only)

If --ci flag set:

  • 0 if verdict=PASS
  • 1 if verdict=NEEDS_REVIEW
  • 2 if verdict=FAIL
  • 3 if agent emitted <ESCALATION> (treated as error in CI)

Print exit code to stderr (or set $? appropriately when the command framework supports it).

Output

Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7.

The output structure follows the agent's Output Contract:

## Security Audit Report: <scope> (floor=<floor>, profile=<profile>)

### Verdict: [PASS / NEEDS_REVIEW / FAIL]

### Projection Summary
| # | Projection | Critical | High | Medium | Low | Info | Status |
|---|-----------|----------|------|--------|-----|------|--------|
| S1 | Secrets & Credentials | ... |
| ... | ... | ... |

### Critical Findings
[full table]

### High Findings
[full table]

### Medium Findings
[summary table if >5, else full]

### Low & Info Findings
[bulleted list]

### Suppressed
[N findings below floor=<floor>]

### Decision-Memory / Contract Gaps (S6)
[verbatim from agent]

### Cross-Projection Taint (Critical/High only)
[from agent's impact_analysis]

### Tooling Matrix
[from agent]

### Next Action
[autonomous / needs_human_intent / ready_for_review]
[optional routing suggestion]

Anti-Patterns

Don't Do
Run rg/bandit/pip-audit yourself from this command Delegate to security-auditor subagent
Compress Critical/High findings to fit a height limit Show Critical/High in full
Emit the agent's raw transcript Post-process per Step 5
Apply patches inline when a Critical is found Surface as Next Action; let user confirm
Skip the index-health gate Always check axiom status first
Treat tooling absence as "all clean" Surface as Info finding
Re-inflate test-fixture findings the agent downgraded Trust the agent's classification
Route to coders automatically Suggest routing; let user dispatch