Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-09 21:56:10 +02:00

4.3 KiB

Raw Blame History

Security Clean Report — {{TARGET}}

Date: {{TIMESTAMP}} Mode: {{MODE}} (live / dry-run) Backup: {{BACKUP_PATH}} Duration: {{DURATION_MS}}ms

Remediation Summary

[!{{VERDICT_TYPE}}] Pre-clean: {{PRE_VERDICT}} ({{PRE_RISK_SCORE}}/100) — {{PRE_TOTAL_FINDINGS}} findings Post-clean: {{POST_VERDICT}} ({{POST_RISK_SCORE}}/100) — {{POST_TOTAL_FINDINGS}} findings Risk reduction: {{RISK_REDUCTION}}%

Metric	Before	After	Delta
Risk Score	{{PRE_RISK_SCORE}}	{{POST_RISK_SCORE}}	{{RISK_DELTA}}
Total Findings	{{PRE_TOTAL_FINDINGS}}	{{POST_TOTAL_FINDINGS}}	{{FINDINGS_DELTA}}
Critical	{{PRE_CRITICAL}}	{{POST_CRITICAL}}	{{CRITICAL_DELTA}}
High	{{PRE_HIGH}}	{{POST_HIGH}}	{{HIGH_DELTA}}
Medium	{{PRE_MEDIUM}}	{{POST_MEDIUM}}	{{MEDIUM_DELTA}}
Low	{{PRE_LOW}}	{{POST_LOW}}	{{LOW_DELTA}}
Info	{{PRE_INFO}}	{{POST_INFO}}	{{INFO_DELTA}}

Fix Summary

Category	Count
Auto-fixes applied	{{AUTO_APPLIED}}
Semi-auto approved	{{SEMI_APPROVED}}
Semi-auto skipped	{{SEMI_SKIPPED}}
LLM-detected auto-fixes	{{LLM_AUTO_APPLIED}}
LLM-detected semi-auto approved	{{LLM_SEMI_APPROVED}}
Manual (reported only)	{{MANUAL_COUNT}}
Skipped (historical)	{{HISTORICAL_COUNT}}
Failed	{{FAILED_COUNT}}
Total processed	{{TOTAL_PROCESSED}}

Auto-Fixes Applied

Finding ID	File	Operation	Description
{{AUTO_FIXES_ROWS}}

Tip

Auto-fixes are lossless operations: stripping zero-width characters, removing known-malicious strings, or replacing hardcoded secrets with placeholder tokens.

Semi-Auto Fixes Applied

Finding ID	File	Change Description	Rationale
{{SEMI_AUTO_APPLIED_ROWS}}

Semi-Auto Fixes Skipped

Finding ID	Proposed Change	User Decision
{{SEMI_AUTO_SKIPPED_ROWS}}

Remaining Manual Findings

Finding ID	Severity	File	Description	Recommendation
{{MANUAL_FINDINGS_ROWS}}

Caution

Manual findings are not reduced by re-running /security clean. Address them directly in the codebase, then re-run /security scan to verify the fix.

Skipped (Historical)

Finding ID	Severity	Commit	Description
{{HISTORICAL_ROWS}}

Note

Historical findings in git history require git filter-repo or a force-push to remove. Consult your team before rewriting shared history. These findings are listed for awareness only.

File Modification Log

File Path	Operations	Validation
{{FILE_MOD_ROWS}}

Validation Results

Each modified file was validated after changes were applied. Any file that failed validation was automatically restored from the backup.

File	Check	Result	Detail
{{VALIDATION_ROWS}}

Validation rules:

.json files: JSON.parse() succeeded
Frontmatter files (.md, .yaml): ^---\n prefix present
.mjs / .js files: node --check passed
All other files: character encoding check only

Warning

Files marked FAIL in validation were restored from backup. The finding they targeted is still present and has been moved back to the Manual Findings section above.

Rollback

To restore the original (pre-clean) state:

rm -rf {{TARGET}}
mv {{BACKUP_PATH}} {{TARGET}}

Warning

The backup will be removed when you next run /security clean on this target. Copy or rename it if you want to preserve it permanently.

Generated by llm-security clean v1.3.0

4.3 KiB Raw Blame History