open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/harden.md

72 lines
2.2 KiB
Markdown
Raw Blame History

---
name: security:harden
description: Generate Grade A security configuration — settings.json, CLAUDE.md security section, .gitignore additions
allowed-tools: Read, Glob, Grep, Bash, Write, Edit, AskUserQuestion
model: sonnet
---
# /security harden [path] [--apply] [--dry-run]
Generate reference security configuration to achieve Grade A posture. Runs posture scanner, identifies gaps, generates config to close them.
## Step 1: Generate
Run the reference configuration generator:
```
node <this plugin's scanners/reference-config-generator.mjs> [target-path or cwd] [--apply]
```
Default is `--dry-run` (show JSON output, do not write files).
Parse the JSON output. The result contains:
- `projectType`: plugin, monorepo, or standalone
- `posture`: current grade, pass_rate, pass/partial/fail counts
- `recommendations[]`: file, action (create/merge/append/none), content, category
- `summary`: total, actionable, creates, merges, appends
## Step 2: Present Results
```
# Security Harden — [project name]
| Field | Value |
|-------|-------|
| **Current Grade** | [grade] |
| **Project Type** | [type] |
| **Recommendations** | [actionable]/[total] |
## Recommendations
[For each recommendation with action != 'none':]
### [N]. [category] — [file]
- **Action:** [create/merge/append]
- **Content preview:** [first 3 lines or summary]
```
## Step 3: Apply (if --apply or user confirms)
If `$ARGUMENTS` contains `--apply`, the generator already wrote files. Report what was changed.
If `$ARGUMENTS` is `--dry-run` or empty, ask the user:
> "Apply these [N] changes? This will create a backup first."
If confirmed, re-run with `--apply`. Report backup location and files written.
## Step 4: Post-Apply Verification
After applying, re-run posture scanner to verify improvement:
```
node <this plugin's scanners/posture-scanner.mjs> [target-path]
```
Report: "Grade improved from [old] to [new]." or "Grade unchanged at [grade]."
If Grade A not achieved, explain remaining gaps (likely hook-related, which require manual setup or plugin installation).
## Step 5: Closing
- Grade A: "Configuration hardened. All posture checks pass."
- Below A: "Configuration improved. Remaining gaps require [hooks/manual setup]. Run `/security posture` for details."
Reference in a new issue View git blame Copy permalink