Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
82 lines
2.2 KiB
Markdown
82 lines
2.2 KiB
Markdown
# Security Dashboard — Machine-wide
|
|
|
|
---
|
|
|
|
## Header
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Report type** | dashboard |
|
|
| **Target** | machine-wide (5 projects) |
|
|
| **Date** | 2026-05-05 |
|
|
| **Version** | llm-security v7.4.0 |
|
|
| **Scope** | all Claude Code projects under ~/ + ~/.claude/plugins/ |
|
|
| **Frameworks** | OWASP LLM Top 10 |
|
|
| **Triggered by** | /security dashboard |
|
|
|
|
---
|
|
|
|
## Risk Dashboard
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| **Machine Grade** | C (weakest link) |
|
|
| **Projects Scanned** | 5 |
|
|
| **Total Findings** | 87 |
|
|
| **Scan Time** | 8.4s |
|
|
| **Cache** | Cached (3h old) |
|
|
|
|
| Severity | Count |
|
|
|----------|------:|
|
|
| Critical | 1 |
|
|
| High | 12 |
|
|
| Medium | 28 |
|
|
| Low | 24 |
|
|
| Info | 22 |
|
|
| **Total** | **87** |
|
|
|
|
**Verdict rationale:** Machine grade is weakest-link rule. The `from-ai-to-chitta` project (Grade D) drags machine to C. Resolving that project would lift machine to B.
|
|
|
|
---
|
|
|
|
## Project Overview
|
|
|
|
| Project | Grade | Risk | Worst Category | Findings |
|
|
|---------|-------|------:|----------------|---------:|
|
|
| from-ai-to-chitta | D | 56 | MCP Trust | 32 |
|
|
| dft-marketplace | C | 31 | Logging & Audit | 28 |
|
|
| airbnb-mcp-plugin | C | 41 | Permissions | 14 |
|
|
| ktg-plugin-marketplace | B | 22 | Skill Hygiene | 9 |
|
|
| nightly-utils | A | 4 | — | 4 |
|
|
|
|
---
|
|
|
|
## Trend (since last scan)
|
|
|
|
| Project | Trend | Δ Risk | Δ Findings |
|
|
|---------|:-----:|-------:|-----------:|
|
|
| from-ai-to-chitta | worse | +12 | +6 |
|
|
| dft-marketplace | stable | 0 | -1 |
|
|
| airbnb-mcp-plugin | stable | -2 | 0 |
|
|
| ktg-plugin-marketplace | better | -7 | -3 |
|
|
| nightly-utils | stable | 0 | 0 |
|
|
|
|
---
|
|
|
|
## Errors
|
|
|
|
No projects failed to scan in this run.
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
1. **Priority:** Investigate `from-ai-to-chitta` — only Grade D project. Run `/security audit ~/repos/from-ai-to-chitta` for category-level breakdown.
|
|
2. **Quick win:** Apply audit-trail fix to `dft-marketplace` (already identified, 30 min) → likely lifts to Grade B.
|
|
3. **Maintenance:** Re-run `/security plugin-audit` on `airbnb-mcp-plugin` after maintainer responds to permission-clarification issue.
|
|
|
|
Estimated effort to Machine Grade B: 4 hours (focused on from-ai-to-chitta + dft-marketplace).
|
|
|
|
---
|
|
|
|
*Dashboard complete. 5 projects, machine grade C.*
|