58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
---
|
|
name: security:watch
|
|
description: Continuous security monitoring — runs diff on a recurring interval
|
|
allowed-tools: Bash, Read, Skill
|
|
model: sonnet
|
|
---
|
|
|
|
# /security watch [path] [--interval 6h]
|
|
|
|
Set up continuous security monitoring. Establishes a baseline, then runs `/security diff` on a recurring interval to detect regressions.
|
|
|
|
## Step 1: Parse Arguments
|
|
|
|
Extract from `$ARGUMENTS`:
|
|
- **path** — first non-flag argument (default `.`)
|
|
- **--interval \<value\>** — loop interval like `6h`, `30m`, `1h` (default `6h`)
|
|
|
|
## Step 2: Establish Baseline
|
|
|
|
Determine plugin root (parent of this `commands/` folder) and resolve the target path.
|
|
|
|
```bash
|
|
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --save-baseline
|
|
```
|
|
|
|
Parse stdout JSON. Display:
|
|
|
|
```
|
|
## Security Watch: <target>
|
|
|
|
**Baseline established** at <timestamp>
|
|
**Findings:** XC XH XM XL XI | **Risk Score:** X/100 | **Verdict:** ALLOW/WARNING/BLOCK
|
|
|
|
Starting watch with interval: <interval>
|
|
```
|
|
|
|
If the verdict is BLOCK, add a warning: "Initial scan shows BLOCK verdict — you will be alerted to any new findings above this baseline."
|
|
|
|
## Step 3: Start Loop
|
|
|
|
Use the **Skill** tool to invoke the built-in `/loop` skill:
|
|
- skill: `loop`
|
|
- args: `<interval> /security diff <target>`
|
|
|
|
This runs `/security diff <target>` every `<interval>`. Each diff compares against the latest baseline and saves a new one — a rolling window of changes.
|
|
|
|
## Step 4: Advisory
|
|
|
|
After starting the loop, display:
|
|
|
|
```
|
|
**Watch active.** `/security diff <target>` runs every <interval>.
|
|
|
|
To run as a system cron job instead:
|
|
node <plugin-root>/scanners/watch-cron.mjs
|
|
|
|
To stop watching: Escape or Ctrl+C
|
|
```
|