fix(llm-security): template — v1 → v2 risk constants + narrative_audit block

Updates the HTML-comment risk-formula reference at lines 55-66 from the stale v1 sum-and-cap formula to the v2 severity-dominated tiers that have been authoritative in scanners/lib/severity.mjs since v7.0.0. Adds a Narrative Audit block inside the Executive Summary section surfacing summary.narrative_audit.suppressed_findings.{count,by_category} from the agent's trailing JSON. The block is transparency only — it does NOT affect risk_score, riskBand, or verdict. Part of v7.1.1 narrative-coherence patch (plan: .claude/plans/ultraplan-2026-04-29-report-coherence.md). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 12:45:28 +02:00 · 2026-04-29 12:45:28 +02:00 · 899cb5c121
commit 899cb5c121
parent 1e555b6833
1 changed files with 36 additions and 11 deletions
--- a/plugins/llm-security/templates/unified-report.md
+++ b/plugins/llm-security/templates/unified-report.md
@ -52,17 +52,29 @@ Rollback                   |  -   |     -     |   -   |    -    |      -       |
 Recommendations            |  Y   |     Y     |   -   |    Y    |      Y       |     -     |      -       |     Y      |   -
 Footer                     |  Y   |     Y     |   Y   |    Y    |      Y       |     Y     |      Y       |     Y      |   Y

-RISK SCORING (unified — all analysis types)
-  Formula:  score = min((Critical × 25) + (High × 10) + (Medium × 4) + (Low × 1), 100)
-  Bands:    0-20 Low, 21-40 Medium, 41-60 High, 61-80 Critical, 81-100 Extreme
-  Verdict:  BLOCK if Critical >= 1 OR score >= 61
-            WARNING if High >= 1 OR score >= 21
-            ALLOW otherwise
-  Grade:    A: pass_rate >= 0.89 AND zero FAIL in cat 1,2,5 AND zero Critical
-            B: pass_rate >= 0.72 AND zero Critical
-            C: pass_rate >= 0.56
-            D: pass_rate >= 0.33
-            F: pass_rate < 0.33 OR 3+ Critical
+RISK SCORING (v2 — severity-dominated, log-scaled, v7.0.0+)
+  See scanners/lib/severity.mjs riskScore(), verdict(), riskBand() —
+  this comment block is reference only; severity.mjs is authoritative.
+
+  Tiers (riskScore):
+    critical >= 1 → 70-95 (1=80, 2=86, 4=93, 10=95)
+    high only     → 40-65 (1=48, 5=60, 17=65)
+    medium only   → 15-35 (1=20, 5=28, 50=33)
+    low only      → 1-11  (1=4, 10=11)
+    none          → 0
+
+  Bands (riskBand): 0-14 Low, 15-39 Medium, 40-64 High, 65-84 Critical, 85-100 Extreme
+
+  Verdict: BLOCK if critical>=1 OR score>=65
+           WARNING if high>=1 OR score>=15
+           ALLOW otherwise
+
+  Grade (gradeFromPassRate, posture/audit only):
+    A: pass_rate >= 0.89 AND zero FAIL in cat 1,2,5 AND zero Critical
+    B: pass_rate >= 0.72 AND zero Critical
+    C: pass_rate >= 0.56
+    D: pass_rate >= 0.33
+    F: pass_rate < 0.33 OR 3+ Critical

 FINDING CATEGORIES
  Secrets, Injection, Permissions, Supply Chain, MCP Trust,
@ -124,6 +136,19 @@ SEVERITY CLASSIFICATION

 {{EXECUTIVE_SUMMARY}}

+<!-- SECTION: Narrative Audit — scan, deep-scan, plugin-audit (transparency only — does NOT adjust verdict) -->
+
+### Narrative Audit
+
+**Suppressed signals:** {{SUPPRESSED_FINDINGS_COUNT}} ({{SUPPRESSED_FINDINGS_BREAKDOWN}})
+
+> Per `summary.narrative_audit.suppressed_findings`. Suppressed signals
+> are raw extractor matches (entropy, frontmatter, taint) that the agent
+> downgraded after context evaluation (e.g., GLSL keywords, framework
+> env-var references, animation markup, SVG inline data URIs). They do
+> NOT appear in the Findings sections and do NOT affect risk_score or
+> verdict. The category breakdown is for reviewer transparency only.
+
 ---

 <!-- SECTION: System Description — threat-model only -->