chore(release): bump to v6.0.0 — CAISS-readiness release with compliance, governance, CLI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
parent
52d26ddb0b
commit
dea17a1c11
7 changed files with 76 additions and 15 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# LLM Security Plugin (v5.1.0)
|
||||
# LLM Security Plugin (v6.0.0)
|
||||
|
||||
Security scanning, auditing, and threat modeling for Claude Code projects. 5 frameworks: OWASP LLM Top 10, Agentic AI Top 10 (ASI), Skills Top 10 (AST), MCP Top 10, AI Agent Traps (DeepMind). 1147 tests.
|
||||
Security scanning, auditing, and threat modeling for Claude Code projects. 5 frameworks: OWASP LLM Top 10, Agentic AI Top 10 (ASI), Skills Top 10 (AST), MCP Top 10, AI Agent Traps (DeepMind). 1242+ tests.
|
||||
|
||||
## Commands
|
||||
|
||||
|
|
@ -77,7 +77,11 @@ Memory-poisoning (MEM) detects cognitive state poisoning in CLAUDE.md, memory fi
|
|||
Toxic-flow (TFA) is a post-processing correlator that runs LAST — detects "lethal trifecta" (untrusted input + sensitive data access + exfiltration sink) by correlating output from prior scanners.
|
||||
Utility: `node scanners/lib/fs-utils.mjs <backup|restore|cleanup|tmppath> [args]`.
|
||||
|
||||
**Standalone (5):** `posture-scanner.mjs` — deterministic posture assessment, 13 categories, <50ms. NOT in scan-orchestrator (meta-level, not code-level).
|
||||
Lib: `sarif-formatter.mjs` — converts scan output to OASIS SARIF 2.1.0 format. Used by `--format sarif` flag.
|
||||
Lib: `audit-trail.mjs` — writes structured JSONL audit events (ISO 8601, OWASP tags, SIEM-ready). Env: `LLM_SECURITY_AUDIT_*`.
|
||||
Lib: `policy-loader.mjs` — reads `.llm-security/policy.json` for distributable hook configuration. Defaults match hardcoded values.
|
||||
|
||||
**Standalone (7):** `posture-scanner.mjs` — deterministic posture assessment, 16 categories (incl. EU AI Act, NIST AI RMF, ISO 42001), <50ms. NOT in scan-orchestrator (meta-level, not code-level).
|
||||
Run: `node scanners/posture-scanner.mjs [path]` → JSON stdout. Scanner prefix: PST. Used by `/security posture` and `/security audit`.
|
||||
`mcp-live-inspect.mjs` — NOT in scan-orchestrator. MCP servers are running processes, not files.
|
||||
Run: `node scanners/mcp-live-inspect.mjs [target] [--timeout 10000] [--skip-global]`
|
||||
|
|
@ -86,7 +90,8 @@ Scanner prefix: MCI. OWASP: MCP03, MCP06, MCP09. Invoked by `mcp-inspect` and `m
|
|||
`reference-config-generator.mjs` — generates Grade A reference config based on posture gaps. Detects project type (plugin/monorepo/standalone). Templates in `templates/reference-config/`. Run: `node scanners/reference-config-generator.mjs [path] [--apply]`
|
||||
`dashboard-aggregator.mjs` — cross-project security dashboard. Discovers Claude Code projects under ~/ (depth 3) and ~/.claude/plugins/, runs posture-scanner on each, aggregates to machine-grade (weakest link). Cache in `~/.cache/llm-security/dashboard-latest.json` (24h staleness). Run: `node scanners/dashboard-aggregator.mjs [--no-cache] [--max-depth N]`
|
||||
|
||||
`attack-simulator.mjs` — red-team harness. Data-driven: 64 scenarios in 12 categories from `knowledge/attack-scenarios.json`. Payloads constructed at runtime (fragment assembly to avoid triggering hooks on source). Uses `runHook()` from test helper. Adaptive mode (`--adaptive`): 5 mutation rounds per passing scenario (homoglyph, encoding, zero-width, case alternation, synonym). Mutation rules in `knowledge/attack-mutations.json`. Run: `node scanners/attack-simulator.mjs [--category <name>] [--json] [--verbose] [--adaptive]`
|
||||
`attack-simulator.mjs` — red-team harness. Data-driven: 64 scenarios in 12 categories from `knowledge/attack-scenarios.json`. Payloads constructed at runtime (fragment assembly to avoid triggering hooks on source). Uses `runHook()` from test helper. Adaptive mode (`--adaptive`): 5 mutation rounds per passing scenario (homoglyph, encoding, zero-width, case alternation, synonym). Mutation rules in `knowledge/attack-mutations.json`. Benchmark mode (`--benchmark`): outputs structured pass/fail metrics. Run: `node scanners/attack-simulator.mjs [--category <name>] [--json] [--verbose] [--adaptive] [--benchmark]`
|
||||
`ai-bom-generator.mjs` — AI Bill of Materials generator. Discovers AI components (models, MCP servers, plugins, knowledge, hooks) and outputs CycloneDX 1.6 JSON. Scanner prefix: BOM. Run: `node scanners/ai-bom-generator.mjs <target> [--output-file <path>]`
|
||||
|
||||
## Token Budget (ENFORCED)
|
||||
|
||||
|
|
@ -99,7 +104,13 @@ All commands total ~600 lines. All commands use registered subagent types.
|
|||
- Agents run sequentially to avoid burst rate limits
|
||||
- `pre-install-supply-chain.mjs` queries OSV.dev for CVEs on every package install
|
||||
|
||||
## Knowledge Files (13)
|
||||
## CLI
|
||||
|
||||
`bin/llm-security.mjs` — standalone CLI entry point. Works without Claude Code via `npx llm-security` or `node bin/llm-security.mjs`.
|
||||
Subcommands: `scan`, `deep-scan`, `posture`, `audit-bom`, `benchmark`. Dispatches to scanner scripts via `child_process.spawn`.
|
||||
`package.json` `bin` field: `"llm-security": "./bin/llm-security.mjs"`.
|
||||
|
||||
## Knowledge Files (15)
|
||||
|
||||
| File | Content |
|
||||
|------|---------|
|
||||
|
|
@ -116,6 +127,8 @@ All commands total ~600 lines. All commands use registered subagent types.
|
|||
| `deepmind-agent-traps.md` | DeepMind AI Agent Traps — 6 categories, 43 techniques, coverage matrix |
|
||||
| `attack-scenarios.json` | 64 red-team scenarios across 12 categories for attack simulation |
|
||||
| `attack-mutations.json` | Synonym tables and mutation rules for adaptive red-team testing |
|
||||
| `compliance-mapping.md` | EU AI Act, NIST AI RMF, ISO 42001, MITRE ATLAS mappings to plugin capabilities |
|
||||
| `norwegian-context.md` | Norwegian regulatory landscape — Datatilsynet, NSM, Digitaliseringsdirektoratet |
|
||||
|
||||
## Reports
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue