open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/playground/test-fixtures/audit.md
Kjell Tore Guttormsen ce3891bdd0 feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere 
Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 22:15:47 +02:00

141 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Full Security Audit — DFT marketplace
---
## Header
| Field | Value |
|-------|-------|
| **Report type** | audit |
| **Target** | ~/repos/dft-marketplace |
| **Date** | 2026-05-05 |
| **Version** | llm-security v7.4.0 |
| **Scope** | 7 audit dimensions, 10 OWASP categories |
| **Frameworks** | OWASP LLM Top 10, OWASP Agentic |
| **Triggered by** | /security audit |
---
## Risk Dashboard
| Metric | Value |
|--------|-------|
| **Risk Score** | 31/100 |
| **Risk Band** | Medium |
| **Grade** | C |
| **Verdict** | WARNING |
| Severity | Count |
|----------|------:|
| Critical | 0 |
| High | 4 |
| Medium | 8 |
| Low | 7 |
| Info | 9 |
| **Total** | **28** |
**Verdict rationale:** Posture base grade B downgraded to C after agent-level findings (4 high). No critical, but `Logging & Audit` and `Permission Hygiene` need attention.
---
## Executive Summary
Full audit combined posture-scanner output with skill-scanner-agent and mcp-scanner-agent narratives. 28 findings across 14 files. Most concentrated in agent definitions (over-permissioned tool lists) and `.claude/settings.json` (missing audit log + wildcard Bash). Recommendation: address top 3 actions to reach Grade B; six more to reach Grade A.
---
## Radar Axes
| Axis | Score |
|------|------:|
| Deny-First Configuration | 4 |
| Hook Coverage | 5 |
| MCP Trust | 3 |
| Secrets Management | 5 |
| Permission Hygiene | 2 |
| Supply-Chain Defense | 4 |
| Logging & Audit | 1 |
---
## Category Assessment
### Category 1 — Deny-First Configuration
| Status | PASS |
**Evidence:** `.claude/settings.json` has `permissions.defaultMode: "deny"`. Explicit allow-list in place.
**Recommendations:** None — Grade A on this axis.
### Category 2 — Hook Coverage
| Status | PASS |
**Evidence:** 9 hooks active (PreToolUse: 4, PostToolUse: 2, UserPromptSubmit: 1, PreCompact: 1, others: 1).
**Recommendations:** Consider adding PreCompact-poisoning detection if not already covered.
### Category 5 — Permission Hygiene
| Status | PARTIAL |
**Evidence:** 3 agents have `Write` in tool list. 1 has `Bash` without sub-command restriction.
**Recommendations:** Tighten tool lists to minimum-necessary set. Use `Bash(git:*)` instead of `Bash(*)`.
### Category 11 — Logging & Audit
| Status | FAIL |
**Evidence:** No `audit.log_path` configured. No SIEM integration. No JSONL audit-trail.
**Recommendations:** Enable `audit.log_path` immediately — closes 1 high + 3 medium findings.
(Categories 3, 4, 6-10, 12-13 follow same format — see envelope JSON for full breakdown)
---
## Risk Matrix (Likelihood × Impact)
| Category | Likelihood | Impact | Score |
|----------|-----------:|-------:|------:|
| Logging gap (PST-001) | 4 | 4 | 16 |
| Permission sprawl | 3 | 4 | 12 |
| MCP drift (airbnb-mcp) | 3 | 3 | 9 |
| AI Act classification missing | 2 | 3 | 6 |
---
## Action Plan
### IMMEDIATE (this week)
1. Enable audit-trail: set `audit.log_path` in `.llm-security/policy.json`
2. Tighten 3 over-permissioned agents (drop `Write` where unused)
3. Investigate airbnb-mcp drift — reset baseline only after review
### HIGH (this month)
4. Document AI Act risk classification in `CLAUDE.md`
5. Replace `Bash(*)` with `Bash(git:*, npm:*)` in `.claude/settings.json`
6. Bump 2 dependencies to clear OSV advisories
### MEDIUM (next quarter)
7. Add SECURITY.md disclosure policy
8. Trim verbose skill descriptions (3 files)
9. Document hook rationale in plugin CLAUDE.md
---
## Positive Findings
- All hooks active and non-bypassed
- No critical findings
- Posture scanner runtime < 2s (well-tuned)
- Memory hygiene clean
---
*Audit complete. 28 findings, Grade C, 14.7 seconds.*
Reference in a new issue View git blame Copy permalink