Files
ss-tools/.opencode/command/security.audit.md
busya f1810090b6 feat(opencode): add security-auditor agent + /security.audit command
Read-only security audit tooling aligned with GRACE-Poly v2.6 and
axiom MCP scan capabilities. Combines code+secrets (S1–S3),
supply-chain (S4), and runtime/config (S5–S7) projections into a
single severity-ranked report with OWASP/CWE references.

Agent: .opencode/agents/security-auditor.md
- mode: all, edit: deny (hard read-only contract)
- 7 orthogonal projections with pattern catalogs for secrets, Python
  SAST, Svelte/TS SAST, dependency audit, config/runtime, contract
  coverage, and logging hygiene
- Maps findings to CVSS v3.1 severity bands, CWE, and OWASP Top 10
- Mirrors qa-tester P1–P7 anti-loop protocol for [ATTEMPT: N] ladder
- Anti-corruption §VIII: tooling absence is reported as Info finding,
  never silently dropped

Command: .opencode/command/security.audit.md
- Dispatches security-auditor subagent via axiom MCP scan
- Supports --floor, --profile, --ci (exit code 0/1/2 for CI gates)
- PCAM worker packet contract; severity floor + suppression footer

Mirrored to .agents/agents/ and .agents/commands/ per repo convention.
2026-06-30 18:44:52 +03:00

217 lines
9.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
description: Run read-only security audit (code/secrets, supply-chain, config) on the superset-tools repository; emits severity-ranked report with OWASP/CWE references. Dispatches the security-auditor agent.
---
## User Input
```text
$ARGUMENTS
```
You **MUST** consider the user input before proceeding (if not empty).
### Argument Parsing
The argument string follows this grammar:
```
security.audit [scope] [--floor=critical|high|medium|low] [--profile=default|strict] [--ci]
```
| Argument | Default | Effect |
|----------|---------|--------|
| `scope` (first positional) | `full` | One of: `full`, `backend`, `frontend`, `infra`, `deps` |
| `--floor=critical` | `info` | Suppress findings below the floor in main report; show in Suppressed footer |
| `--floor=high` | `info` | Suppress `Medium`/`Low`/`Info` |
| `--floor=medium` | `info` | Suppress `Low`/`Info` |
| `--profile=strict` | `default` | Pass `scan_profile=strict` to axiom `audit scan` |
| `--ci` | off | Non-interactive mode: suppress `Next Action` line, exit code reflects verdict (0=PASS, 1=NEEDS_REVIEW, 2=FAIL) |
Examples:
- `security.audit` — full scope, all severities
- `security.audit backend --floor=high` — backend only, suppress Medium/Low/Info
- `security.audit deps --profile=strict --ci` — dependencies only, strict scan, CI mode
- `security.audit frontend --floor=critical` — frontend only, Critical-only report
If `$ARGUMENTS` is empty, run with defaults: `full` scope, no floor, `default` profile, interactive mode.
## Required Skills
MANDATORY USE `skill({name="semantics-core"})`, `skill({name="semantics-contracts"})`, `skill({name="molecular-cot-logging"})`, `skill({name="semantics-python"})`, `skill({name="semantics-svelte"})`
## Goal
Produce a Security Audit Report for the superset-tools repository by dispatching the `security-auditor` subagent with a bounded PCAM worker packet. The report covers code+secrets (S1, S2, S3), supply-chain (S4), and runtime/config (S5, S6, S7) projections. Output is severity-ranked with OWASP/CWE references. No code mutations are made by this command — the security-auditor agent is `edit: deny` by hard permission.
## Operating Constraints
1. **ROLE: Orchestrator** — coordinate the audit at the workflow level. Do NOT run rg/bandit/pip-audit yourself; delegate to the agent.
2. **MCP-FIRST** — use AXIOM for index health check before dispatch, and rely on the agent's own `audit`/`search` operations for projections.
3. **STRICT ADHERENCE** — follow:
- `skill({name="semantics-core"})` for tier/anchor/Axiom reference
- `skill({name="semantics-contracts"})` for anti-corruption §VIII
- `skill({name="molecular-cot-logging"})` for REASON/REFLECT/EXPLORE emission
- `skill({name="semantics-python"})` and `skill({name="semantics-svelte"})` for stack conventions the agent audits against
4. **NON-DESTRUCTIVE** — this command is read-only by contract. No file edits. No commits. No patches applied.
5. **NO FALSE-POSITIVE INFLATION** — the security-auditor agent downgrades test fixtures and `@REJECTED` paths. Do not re-inflate them in the orchestration step.
6. **DECISION-MEMORY CONTINUITY** — surface S6 contract gaps (security-critical contracts missing `@INVARIANT`/`@RATIONALE`/`@REJECTED`) verbatim. Do not compress away.
7. **CI MODE BEHAVIOR** — when `--ci` is set, suppress the `Next Action` line and emit exit code:
- 0 → `PASS` (zero Critical, zero High)
- 1 → `NEEDS_REVIEW` (zero Critical, ≥1 High or Medium)
- 2 → `FAIL` (≥1 Critical)
8. **LANGUAGE-AWARE** — Python uses `# #region`; Svelte HTML uses `<!-- #region -->`; Svelte script uses `// #region`. The agent respects this in its contract coverage gate (S6).
## Execution Steps
### 1. Parse Arguments
Extract:
- `scope` (first positional token, default `full`)
- `floor` (from `--floor=`, default `info`)
- `profile` (from `--profile=`, default `default`)
- `ci` flag (from `--ci`, default false)
Validate `scope ∈ {full, backend, frontend, infra, deps}` and `floor ∈ {critical, high, medium, low, info}`. Reject invalid input with a clear error.
### 2. Index Health Gate (PCAM: Constraints)
Run `search` tool with `operation="status"` to confirm axiom is healthy.
- If `status` reports `stale` or `unhealthy`:
- Run `search` tool with `operation="rebuild" rebuild_mode="full"` (may take 2+ minutes on large repos).
- Surface a one-line warning: "Axiom index was stale — rebuilt before audit. This may add 2+ minutes to the run."
- If `rebuild` fails, emit a one-line warning and continue with degraded coverage (S6 and S7 may be partial).
### 3. Build Worker Packet (PCAM: Purpose + Constraints + Autonomy + Acceptance)
Construct the following packet and pass it to the `task` tool when dispatching `security-auditor`:
```markdown
### Purpose
Run a read-only security audit on scope=<scope> with floor=<floor> and profile=<profile>.
### Constraints
- Read-only by hard contract. No `edit`, `write`, or git operations.
- Axiom MCP `audit scan` with `scan_profile="<profile>"` and `selection_mode` based on floor:
- floor=critical → `selection_mode="critical_only"`
- floor=high → `selection_mode="high_only"`
- else → `selection_mode="all"`
- Project tree exclusions: `node_modules/`, `.venv/`, `venv/`, `__pycache__/`, `dist/`, `build/`, `coverage_html_*/`, `*.bak`, `research/`, `playwright-report/`, `.svelte-kit/`.
- Follow the agent's seven orthogonal projections (S1S7) per its Core Mandate.
### Autonomy
- Tools allowed: bash (rg, pip-audit, npm audit, bandit), axiom `search` + `audit`.
- Sub-delegation: allowed only to `security-auditor` (recursive subset scans for large repos).
- Browser: denied.
### Acceptance
- One Security Audit Report emitted matching the agent's Output Contract.
- Every finding has `file_path:line`, severity, CWE/OWASP ref, snippet, remediation.
- Severity floor applied; suppressed count in footer.
- Tooling-absence findings reported as `Info`, never silently dropped.
- No `edit` tool calls in the agent's transcript.
```
### 4. Dispatch Agent
Call the `task` tool with:
- `subagent_type: "security-auditor"`
- `prompt`: the worker packet from Step 3
- `description`: "Security audit <scope>"
Wait for the agent to return its report. Do NOT do parallel re-scans.
### 5. Compose User-Facing Report
When the agent returns, post-process the report:
1. **Severity floor filter** (if not already applied by the agent):
- Re-apply floor to the Critical/High/Medium/Low/Info sections.
- Move suppressed findings to a `Suppressed (N below floor=<floor>)` footer line.
2. **Collapse Medium** to summary table only if >5 Medium findings (preserves attention density; matches qa-tester §IV "no raw dumps" rule).
3. **Surface Critical/High fully** — no truncation, no compression.
4. **Strip raw scanner output** — pip-audit JSON, bandit verbose output, `rg` byte counts are noise. Keep only the structured findings.
5. **Add Tooling Matrix** if the agent didn't already include it.
6. **CI mode handling**:
- If `--ci` flag set: emit only the Projection Summary + Critical/High tables + exit code.
- Else: emit full report including `Next Action`.
### 6. Routing Decision (Non-CI Mode)
If the report contains ≥1 `Critical` or ≥3 `High` findings, suggest one routing line in the `Next Action` section:
```
Next Action: Route <N> Critical + <M> High to python-coder (and svelte-coder if S3/S7) via the swarm-master dispatcher. The security-auditor will NOT auto-fix; this is a read-only audit.
```
Do not dispatch the coders from this command — the user reviews the report and confirms. The command is `task: deny` for coders by design (orchestrator-only).
### 7. Exit Code (CI Mode Only)
If `--ci` flag set:
- 0 if verdict=PASS
- 1 if verdict=NEEDS_REVIEW
- 2 if verdict=FAIL
- 3 if agent emitted `<ESCALATION>` (treated as error in CI)
Print exit code to stderr (or set `$?` appropriately when the command framework supports it).
## Output
Print the post-processed Security Audit Report to stdout. In CI mode, also emit the exit code per Step 7.
The output structure follows the agent's Output Contract:
```markdown
## Security Audit Report: <scope> (floor=<floor>, profile=<profile>)
### Verdict: [PASS / NEEDS_REVIEW / FAIL]
### Projection Summary
| # | Projection | Critical | High | Medium | Low | Info | Status |
|---|-----------|----------|------|--------|-----|------|--------|
| S1 | Secrets & Credentials | ... |
| ... | ... | ... |
### Critical Findings
[full table]
### High Findings
[full table]
### Medium Findings
[summary table if >5, else full]
### Low & Info Findings
[bulleted list]
### Suppressed
[N findings below floor=<floor>]
### Decision-Memory / Contract Gaps (S6)
[verbatim from agent]
### Cross-Projection Taint (Critical/High only)
[from agent's impact_analysis]
### Tooling Matrix
[from agent]
### Next Action
[autonomous / needs_human_intent / ready_for_review]
[optional routing suggestion]
```
## Anti-Patterns
| ❌ Don't | ✅ Do |
|----------|-------|
| Run `rg`/`bandit`/`pip-audit` yourself from this command | Delegate to security-auditor subagent |
| Compress Critical/High findings to fit a height limit | Show Critical/High in full |
| Emit the agent's raw transcript | Post-process per Step 5 |
| Apply patches inline when a Critical is found | Surface as `Next Action`; let user confirm |
| Skip the index-health gate | Always check axiom status first |
| Treat tooling absence as "all clean" | Surface as `Info` finding |
| Re-inflate test-fixture findings the agent downgraded | Trust the agent's classification |
| Route to coders automatically | Suggest routing; let user dispatch |