open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/playground/test-fixtures/harden.md
Kjell Tore Guttormsen ce3891bdd0 feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere 
Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 22:15:47 +02:00

2.6 KiB
Raw Blame History

Security Harden — DFT marketplace

Header

Field Value
Report type harden
Target ~/repos/dft-marketplace
Date 2026-05-05
Version llm-security v7.4.0
Scope Grade A reference config
Frameworks OWASP LLM Top 10
Triggered by /security harden

Risk Dashboard

Metric Value
Current Grade C
Project Type monorepo
Recommendations 6/8
Mode dry-run

Posture Snapshot

Metric Before
Pass 8
Partial 3
Fail 1
N-A 4
Pass rate 67%

Recommendations

1. Logging & Audit — .llm-security/policy.json

  • Action: create
  • Category: Logging & Audit
  • Content preview: 
    {
  "audit": {
    "log_path": "~/.claude/llm-security-audit.jsonl",
    "format": "jsonl"
  }
}

2. Permission Hygiene — .claude/settings.json

  • Action: merge
  • Category: Permission Hygiene
  • Content preview: Replace "Bash(*)" with "Bash(git:*, npm:*, node:*, jq:*)". Adds explicit allow-list.

3. Memory Hygiene — CLAUDE.md

  • Action: append
  • Category: Memory Hygiene
  • Content preview: Add Security Boundaries section with 4 rules.

4. Hook Coverage — .claude/settings.json

  • Action: merge
  • Category: Hook Coverage
  • Content preview: Add precompact hook reference (currently missing).

5. EU AI Act — CLAUDE.md

  • Action: append
  • Category: Compliance
  • Content preview: Add AI Act risk classification stub: risk_level: not-applicable (developer-tool).

6. Documentation — SECURITY.md

  • Action: create
  • Category: Documentation
  • Content preview: Disclosure policy template (7-day ack, 14-day triage).

7. (skipped) Supply-Chain Defense

  • Action: none
  • Reason: Already at Grade A.

8. (skipped) Plugin Trust

  • Action: none
  • Reason: No third-party plugins installed.

Diff Summary

File Action Lines
.llm-security/policy.json + create +12
.claude/settings.json ~ merge ~3
CLAUDE.md + append +18
SECURITY.md + create +47
Total +80 / ~3

Apply Confirmation

Run /security harden . --apply to apply these 6 changes. Backup will be created at ~/.cache/llm-security/backups/2026-05-05/.

Estimated outcome: Grade C → A after apply + posture re-scan.

Harden complete. 6 actionable recommendations, dry-run.