Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
121 lines
2.6 KiB
Markdown
121 lines
2.6 KiB
Markdown
# Security Harden — DFT marketplace
|
|
|
|
---
|
|
|
|
## Header
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Report type** | harden |
|
|
| **Target** | ~/repos/dft-marketplace |
|
|
| **Date** | 2026-05-05 |
|
|
| **Version** | llm-security v7.4.0 |
|
|
| **Scope** | Grade A reference config |
|
|
| **Frameworks** | OWASP LLM Top 10 |
|
|
| **Triggered by** | /security harden |
|
|
|
|
---
|
|
|
|
## Risk Dashboard
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| **Current Grade** | C |
|
|
| **Project Type** | monorepo |
|
|
| **Recommendations** | 6/8 |
|
|
| **Mode** | dry-run |
|
|
|
|
---
|
|
|
|
## Posture Snapshot
|
|
|
|
| Metric | Before |
|
|
|--------|-------:|
|
|
| Pass | 8 |
|
|
| Partial | 3 |
|
|
| Fail | 1 |
|
|
| N-A | 4 |
|
|
| Pass rate | 67% |
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
### 1. Logging & Audit — `.llm-security/policy.json`
|
|
|
|
- **Action:** create
|
|
- **Category:** Logging & Audit
|
|
- **Content preview:**
|
|
```json
|
|
{
|
|
"audit": {
|
|
"log_path": "~/.claude/llm-security-audit.jsonl",
|
|
"format": "jsonl"
|
|
}
|
|
}
|
|
```
|
|
|
|
### 2. Permission Hygiene — `.claude/settings.json`
|
|
|
|
- **Action:** merge
|
|
- **Category:** Permission Hygiene
|
|
- **Content preview:**
|
|
Replace `"Bash(*)"` with `"Bash(git:*, npm:*, node:*, jq:*)"`. Adds explicit allow-list.
|
|
|
|
### 3. Memory Hygiene — `CLAUDE.md`
|
|
|
|
- **Action:** append
|
|
- **Category:** Memory Hygiene
|
|
- **Content preview:** Add Security Boundaries section with 4 rules.
|
|
|
|
### 4. Hook Coverage — `.claude/settings.json`
|
|
|
|
- **Action:** merge
|
|
- **Category:** Hook Coverage
|
|
- **Content preview:** Add `precompact` hook reference (currently missing).
|
|
|
|
### 5. EU AI Act — `CLAUDE.md`
|
|
|
|
- **Action:** append
|
|
- **Category:** Compliance
|
|
- **Content preview:** Add AI Act risk classification stub: `risk_level: not-applicable (developer-tool)`.
|
|
|
|
### 6. Documentation — `SECURITY.md`
|
|
|
|
- **Action:** create
|
|
- **Category:** Documentation
|
|
- **Content preview:** Disclosure policy template (7-day ack, 14-day triage).
|
|
|
|
### 7. (skipped) Supply-Chain Defense
|
|
|
|
- **Action:** none
|
|
- **Reason:** Already at Grade A.
|
|
|
|
### 8. (skipped) Plugin Trust
|
|
|
|
- **Action:** none
|
|
- **Reason:** No third-party plugins installed.
|
|
|
|
---
|
|
|
|
## Diff Summary
|
|
|
|
| File | Action | Lines |
|
|
|------|--------|------:|
|
|
| `.llm-security/policy.json` | + create | +12 |
|
|
| `.claude/settings.json` | ~ merge | ~3 |
|
|
| `CLAUDE.md` | + append | +18 |
|
|
| `SECURITY.md` | + create | +47 |
|
|
| **Total** | | **+80 / ~3** |
|
|
|
|
---
|
|
|
|
## Apply Confirmation
|
|
|
|
Run `/security harden . --apply` to apply these 6 changes. Backup will be created at `~/.cache/llm-security/backups/2026-05-05/`.
|
|
|
|
**Estimated outcome:** Grade C → A after apply + posture re-scan.
|
|
|
|
---
|
|
|
|
*Harden complete. 6 actionable recommendations, dry-run.*
|