Files
ss-tools/.kilo/command/security.audit.md
busya 8c10632494 feat(semantic): curator-driven protocol hardening — decision memory + relation repair
- Add @RATIONALE/@REJECTED to 103+ C4/C5 contracts across backend core, services, API routes, and frontend models
- Fix 109 unresolved @RELATION edges (Auth.*, SupersetClient.*, AgentChat.*, ADR cross-refs)
- Add 13 @ingroup tags for DSA/HCA attention grouping
- Repair 29 stale graph edges via index rebuild
- Update .kilo agent prompts and skills for GRACE-Poly v2.6 compliance
- Git integration: merge routes, branch lifecycle, remote providers, UX components
- 0 broken anchor pairs, index rebuilt with 0 parse warnings
2026-07-02 08:53:19 +03:00

217 lines
9.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
description: Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent.
---
## User Input
```text
$ARGUMENTS
```
You **MUST** consider the user input before proceeding (if not empty).
### Argument Parsing
The argument string follows this grammar:
```
security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci]
```
| Argument | Default | Effect |
|----------|---------|--------|
| `scope` (first positional) | `full` | One of: `full`, `backend`, `frontend`, `infra`, `deps` |
| `--floor=critical` | `info` | Suppress findings below the floor in main report; show in Suppressed footer |
| `--floor=high` | `info` | Suppress `Medium`/`Low`/`Info` |
| `--floor=medium` | `info` | Suppress `Low`/`Info` |
| `--profile=strict` | `default` | Pass `scan_profile=strict` to axiom `audit scan` |
| `--ci` | off | Non-interactive mode: suppress `Next Action` line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL) |
Examples:
- `security.audit` — full scope, all severities
- `security.audit backend --floor=high` — backend only, suppress Medium/Low/Info
- `security.audit deps --profile=strict --ci` — dependencies only, strict scan, CI mode
- `security.audit frontend --floor=critical` — frontend only, Critical-only report
If `$ARGUMENTS` is empty, run with defaults: `full` scope, no floor, `default` profile, interactive mode.
## Required Skills
MANDATORY USE `skill({name="semantics-core"})`, `skill({name="semantics-contracts"})`, `skill({name="molecular-cot-logging"})`, `skill({name="semantics-python"})`, `skill({name="semantics-svelte"})`
## Goal
Produce a Security Audit Report for the superset-tools repository by dispatching the `security-auditor` subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is `edit: deny` by hard permission.
## Operating Constraints
1. **ROLE: Orchestrator** — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent.
2. **MCP-FIRST** — use AXIOM for index health check before dispatch, and rely on the agent's own `audit`/`search` operations for projections.
3. **STRICT ADHERENCE** — follow:
- `skill({name="semantics-core"})` for tier/anchor/Axiom reference
- `skill({name="semantics-contracts"})` for anti-corruption §VIII
- `skill({name="molecular-cot-logging"})` for REASON/REFLECT/EXPLORE emission
- `skill({name="semantics-python"})` and `skill({name="semantics-svelte"})` for stack conventions the agent audits against
4. **NON-DESTRUCTIVE** — this command is read-only by contract. No file edits. No commits. No patches applied.
5. **NO FALSE-POSITIVE INFLATION** — the security-auditor agent downgrades test fixtures and `@REJECTED` paths. Do not re-inflate them in the orchestration step.
6. **DECISION-MEMORY CONTINUITY** — surface S6 contract gaps (security-critical contracts missing `@INVARIANT`/`@RATIONALE`/`@REJECTED`) verbatim. Do not compress away.
7. **CI MODE BEHAVIOR** — when `--ci` is set, suppress the `Next Action` line and emit exit code:
- 0 → `PASS` (zero Critical, zero High)
- 1 → `NEEDS_REVIEW` (zero Critical, ≥1 High or Medium)
- 2 → `FAIL` (≥1 Critical)
8. **LANGUAGE-AWARE** — Python uses `# #region`; Svelte HTML uses `<!-- #region -->`; Svelte script uses `// #region`. The agent respects this in its contract coverage gate (S6).
## Execution Steps
### 1. Parse Arguments
Extract:
- `scope` (first positional token, default `full`)
- `floor` (from `--floor=`, default `info`)
- `profile` (from `--profile=`, default `default`)
- `ci` flag (from `--ci`, default false)
Validate `scope ∈ {full, backend, frontend, infra, deps}` and `floor ∈ {critical, high, medium, low, info}`. Reject invalid input with a clear error.
### 2. Index Health Gate (PCAM: Constraints)
Run `search` tool with `operation="status"` to confirm axiom is healthy.
- If `status` reports `stale` or `unhealthy`:
- Run `search` tool with `operation="rebuild" rebuild_mode="full"` (may take 2+ minutes on large repos).
- Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run."
- If `rebuild` fails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial).
### 3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance)
Construct the following packet and pass it to the `task` tool when dispatching `security-auditor`:
```markdown
### Purpose
Run a read-only security audit on scope=<scope> with floor=<floor> and profile=<profile>.
### Constraints
- Read-only by hard contract. No `edit`, `write`, or git operations.
- Axiom MCP `audit scan` with `scan_profile="<profile>"` and `selection_mode` based on floor:
- floor=critical → `selection_mode="critical_only"`
- floor=high → `selection_mode="high_only"`
- else → `selection_mode="all"`
- Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`.
- Follow the agent's seven orthogonal projections (S1S7) per its Core Mandate.
### Autonomy
- Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`.
- Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos).
- Browser: denied.
### Acceptance
- One Security Audit Report emitted matching the agent's Output Contract.
- Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation.
- Severity floor applied; suppressed count in footer.
- Tooling-absence findings reported as `Info`, never silently dropped.
- No `edit` tool calls in the agent's transcript.
```
### 4. Dispatch Agent
Call the `task` tool with:
- `subagent_type: "security-auditor"`
- `prompt`: the worker packet from Step 3
- `description`: "Security audit <scope>"
Wait for the agent to return its report. Do NOT do parallel re-scans.
### 5. Compose User-Facing Report
When the agent returns, post-process the report:
1. **Severity floor filter** (if not already applied by the agent):
- Re-apply floor to the Critical/High/Medium/Low/Info sections.
- Move suppressed findings to a `Suppressed (N below floor=<floor>)` footer line.
2. **Collapse Medium** to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule).
3. **Surface Critical/High fully** — no truncation, no compression.
4. **Strip raw scanner output** — pip-audit JSON, bandit verbose output, `rg` byte counts are noise. Keep only the structured findings.
5. **Add Tooling Matrix** if the agent didn't already include it.
6. **CI mode handling**:
- If `--ci` flag set: emit only the Projection Summary + Critical/High tables + exit code.
- Else: emit full report including `Next Action`.
### 6. Routing Decision (Non-CI Mode)
If the report contains ≥1 `Critical` or ≥3 `High` findings, suggest one routing line in the `Next Action` section:
```
Next Action: Route <N> Critical + <M> High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit.
```
Do not dispatch the coders from this command — the user reviews the report and confirms. The command is `task: deny` for coders by design (orchestrator-only).
### 7. Exit Code (CI Mode Only)
If `--ci` flag set:
- 0 if verdict=PASS
- 1 if verdict=NEEDS_REVIEW
- 2 if verdict=FAIL
- 3 if agent emitted `<ESCALATION>` (treated as error in CI)
Print exit code to stderr (or set `$?` appropriately when the command framework supports it).
## Output
Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7.
The output structure follows the agent's Output Contract:
```markdown
## Security Audit Report: <scope> (floor=<floor>, profile=<profile>)
### Verdict: [PASS / NEEDS_REVIEW / FAIL]
### Projection Summary
| # | Projection | Critical | High | Medium | Low | Info | Status |
|---|-----------|----------|------|--------|-----|------|--------|
| S1 | Secrets & Credentials | ... |
| ... | ... | ... |
### Critical Findings
[full table]
### High Findings
[full table]
### Medium Findings
[summary table if >5, else full]
### Low & Info Findings
[bulleted list]
### Suppressed
[N findings below floor=<floor>]
### Decision-Memory / Contract Gaps (S6)
[verbatim from agent]
### Cross-Projection Taint (Critical/High only)
[from agent's impact_analysis]
### Tooling Matrix
[from agent]
### Next Action
[autonomous / needs_human_intent / ready_for_review]
[optional routing suggestion]
```
## Anti-Patterns
| ❌ Don't | ✅ Do |
|----------|-------|
| Run `rg`/`bandit`/`pip-audit` yourself from this command | Delegate to security-auditor subagent |
| Compress Critical/High findings to fit a height limit | Show Critical/High in full |
| Emit the agent's raw transcript | Post-process per Step 5 |
| Apply patches inline when a Critical is found | Surface as `Next Action`; let user confirm |
| Skip the index-health gate | Always check axiom status first |
| Treat tooling absence as "all clean" | Surface as `Info` finding |
| Re-inflate test-fixture findings the agent downgraded | Trust the agent's classification |
| Route to coders automatically | Suggest routing; let user dispatch |