feat: initial open marketplace with llm-security, config-audit, ultraplan-local

plugins/llm-security/commands/watch.md

@@ -0,0 +1,58 @@
+---
+name: security:watch
+description: Continuous security monitoring — runs diff on a recurring interval
+allowed-tools: Bash, Read, Skill
+model: sonnet
+---
+
+# /security watch [path] [--interval 6h]
+
+Set up continuous security monitoring. Establishes a baseline, then runs `/security diff` on a recurring interval to detect regressions.
+
+## Step 1: Parse Arguments
+
+Extract from `$ARGUMENTS`:
+- **path** — first non-flag argument (default `.`)
+- **--interval \<value\>** — loop interval like `6h`, `30m`, `1h` (default `6h`)
+
+## Step 2: Establish Baseline
+
+Determine plugin root (parent of this `commands/` folder) and resolve the target path.
+
+```bash
+node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --save-baseline
+```
+
+Parse stdout JSON. Display:
+
+```
+## Security Watch: <target>
+
+**Baseline established** at <timestamp>
+**Findings:** XC XH XM XL XI | **Risk Score:** X/100 | **Verdict:** ALLOW/WARNING/BLOCK
+
+Starting watch with interval: <interval>
+```
+
+If the verdict is BLOCK, add a warning: "Initial scan shows BLOCK verdict — you will be alerted to any new findings above this baseline."
+
+## Step 3: Start Loop
+
+Use the **Skill** tool to invoke the built-in `/loop` skill:
+- skill: `loop`
+- args: `<interval> /security diff <target>`
+
+This runs `/security diff <target>` every `<interval>`. Each diff compares against the latest baseline and saves a new one — a rolling window of changes.
+
+## Step 4: Advisory
+
+After starting the loop, display:
+
+```
+**Watch active.** `/security diff <target>` runs every <interval>.
+
+To run as a system cron job instead:
+  node <plugin-root>/scanners/watch-cron.mjs
+
+To stop watching: Escape or Ctrl+C
+```