feat: initial open marketplace with llm-security, config-audit, ultraplan-local

2026-04-06 18:47:49 +02:00 · 2026-04-06 18:47:49 +02:00 · f93d6abdae
commit f93d6abdae
380 changed files with 65935 additions and 0 deletions
--- a/plugins/llm-security/commands/clean.md
+++ b/plugins/llm-security/commands/clean.md
@ -0,0 +1,61 @@
+---
+name: security:clean
+description: Scan and remediate security findings — auto-fixes deterministic issues, confirms semi-auto with user, reports manual findings
+allowed-tools: Read, Glob, Grep, Bash, Write, Edit, Agent, AskUserQuestion
+model: sonnet
+---
+
+# /security clean [path] [--dry-run]
+
+Scan, classify findings by remediability, auto-fix deterministic issues, propose semi-auto fixes, report manual. Goal: `/security scan` yields zero findings after clean.
+
+## Step 1: Setup
+
+- Parse `$ARGUMENTS`: extract path (default `.`), `--dry-run` flag. Resolve to absolute.
+- Plugin root = parent of this `commands/` folder.
+- Unless dry-run: create backup via `node <plugin-root>/scanners/lib/fs-utils.mjs backup "<target>"`. Record backup path.
+
+## Step 2: Pre-Clean Scan
+
+```bash
+node <plugin-root>/scanners/lib/fs-utils.mjs tmppath clean-findings.json
+node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<findings_file>"
+```
+
+Show banner: Verdict, Risk Score, Finding counts. If 0 findings → stop.
+
+## Step 3: Auto-Fix
+
+```bash
+node <plugin-root>/scanners/auto-cleaner.mjs "<target>" --findings "<findings_file>" [--dry-run]
+```
+
+Report: Applied/Skipped/Failed counts + list of fixes.
+
+## Step 4: Semi-Auto Proposals
+
+Collect `semi_auto` findings from auto-cleaner output. If any, spawn `subagent_type: "llm-security:cleaner-agent"`, `model: "sonnet"`:
+
+> Here are semi-auto findings: \<JSON\>. Target: \<target\>.
+> Read: \<plugin-root\>/knowledge/secrets-patterns.md
+> Return remediation proposals as JSON.
+
+Present each proposal group via AskUserQuestion: "Apply all" / "Review individually" / "Skip". Apply approved fixes with Edit tool. Skip if dry-run.
+
+## Step 5: LLM Threat Scan
+
+Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`:
+
+> Scan target: \<target\>. Read: \<plugin-root\>/knowledge/skill-threat-patterns.md, \<plugin-root\>/knowledge/secrets-patterns.md
+> Return findings with severity, category, file, line, remediation.
+
+Auto-fix deterministic LLM findings (injection comments, spoofed headers, exfil URLs). Present semi-auto via AskUserQuestion. Report manual findings.
+
+## Step 6: Validate + Re-Scan
+
+Validate modified files (JSON parse, frontmatter, `node --check`). Restore from backup on failure. Re-run orchestrator to measure improvement.
+
+## Step 7: Report
+
+Output: Pre/post comparison, all fix summaries, remaining manual findings, rollback instructions.
+- Dry-run: show "DRY-RUN" mode, list proposed changes without applying.