chore(llm-security): STATE — TRG/SIG/AST done; v7.8.0 deferred behind security-fix brief
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01V3s6WnubSSrFjAQTLQdVbG
This commit is contained in:
parent
fc7cf57da6
commit
089623af89
1 changed files with 29 additions and 35 deletions
64
STATE.md
64
STATE.md
|
|
@ -1,43 +1,37 @@
|
|||
# STATE — llm-security
|
||||
|
||||
**Active focus:** EXECUTE the TRG/SIG/AST-gap plan — 3 new scanners (TRG, SIG, AST). Plan is written,
|
||||
reviewed, validated. Next session = cold start straight into `/trekexecute`.
|
||||
**Active focus:** TRG/SIG/AST-gap scanners (TRG/SIG/AST) — DONE & pushed (Steps 1–7).
|
||||
Release v7.8.0 (Step 8) DEFERRED by operator. **The next session is NOT TRG/SIG/AST** — it is
|
||||
the security-fix brief (see PREREQUISITE) which must run before we resume/release this track.
|
||||
|
||||
## COLD START — do this first
|
||||
1. `pwd` (should be repo root) and `git status` (expect clean; plan + brief committed).
|
||||
2. Read the plan: `docs/plans/trekplan-2026-06-20-TRG/SIG/AST-gap-analysis.md` (8 steps, validates clean).
|
||||
3. Run: **`/trekexecute docs/plans/trekplan-2026-06-20-TRG/SIG/AST-gap-analysis.md`**
|
||||
(optionally `/trekexecute --validate <plan>` or `--dry-run <plan>` first to sanity-check).
|
||||
4. TDD per step (failing test first), commit per step within its scope-fence. Check push window before push.
|
||||
## PREREQUISITE — do BEFORE continuing TRG/SIG/AST / releasing v7.8.0
|
||||
- Run the security-fix session: **`docs/security-fix-brief-2026-06-20.md`**
|
||||
(F-1 RCE + F-2/F-3 shell/path injection sinks; from the marketplace-wide review
|
||||
`docs/review-2026-06-20.md`). Operator instruction (2026-06-20): do NOT interleave it with
|
||||
TRG/SIG/AST work; it gates the v7.8.0 release — don't ship a version with F-1/F-2/F-3 open.
|
||||
|
||||
Build order: **TRG** (steps 1-2) → **SIG** (3-4) → **AST** (5-6) → **docs/packaging** (7) →
|
||||
**release v7.8.0** (8 — OPERATOR-GATED, confirm before doing; it's beyond the brief's scope).
|
||||
## What landed this session (pushed to Forgejo, main @ d19abf0)
|
||||
- **TRG** `scanners/trigger-scanner.mjs` — shadow/baiting/broad triggers; decode-pipeline on
|
||||
descriptions. + wiring (orchestrator/policy/4 OWASP maps). Commits 54115a9, 75aeeee. Test 16/0.
|
||||
- **SIG** `scanners/signature-scanner.mjs` + `knowledge/signatures.json` (webshell/reverse_shell/
|
||||
cryptominer/hacktool, matched over normalizeForScan/foldHomoglyphs/rot13 — catches obfuscated
|
||||
malware). + wiring. Commits bac6f6f, 76e3543. Test 12/0.
|
||||
- **AST** `scanners/ast-taint-scanner.mjs` + `scanners/lib/py-ast-taint.py` (PARSE-ONLY ast.parse,
|
||||
scope-aware var taint, 5s timeout, graceful skip when python3 absent). + wiring.
|
||||
Commits e497bb7, b50313e. Test 9/0. Parse-only proven (sentinel: no SENTINEL written).
|
||||
- Docs/packaging `d19abf0` — scanner-reference rows + count bumps, output.mjs JSDoc prefixes,
|
||||
orchestrator header (→14), `package.json` files[] += `knowledge/`.
|
||||
- Full suite **1859/0**. Orchestrator runs **14** scanners (trg/sig/ast keys present). Zero-dep holds.
|
||||
|
||||
## How we got here
|
||||
- Brief: `docs/plans/TRG/SIG/AST-gap-analysis.md` (gap analysis vs NVIDIA/TRG/SIG/AST; all claims verified).
|
||||
- Lean Voyage chosen (trekplan→execute→review, no research). trekplan done; adversarial review caught
|
||||
3 blockers + 7 majors on draft 1 (59/D) — all real — fixed → 86/B. The fixes are baked into the plan.
|
||||
## Step 8 (deferred) — release v7.8.0 when ready, AFTER the security fix
|
||||
- Bump 7.7.2 → 7.8.0 in `.claude-plugin/plugin.json`, `package.json`, README badge (`README.md:9`),
|
||||
CHANGELOG `[7.8.0]`, `docs/version-history.md`, CLAUDE.md header. Verify w/ version-consistency grep.
|
||||
Spec: Step 8 of `docs/plans/trekplan-2026-06-20-TRG/SIG/AST-gap-analysis.md`.
|
||||
|
||||
## Verified gotchas (DO NOT re-derive — these broke draft 1)
|
||||
- Orchestrator is **`scanners/scan-orchestrator.mjs`** (NOT repo root). Siblings import as `./x.mjs`.
|
||||
New scanner = export `scan(targetPath, discovery)`, add import + `{name,fn}` to SCANNERS (`:113-125`).
|
||||
- `severity.mjs` has **4 OWASP maps with ARRAY values** (`OWASP_MAP`/`_AGENTIC_`/`_SKILLS_`/`_MCP_`).
|
||||
Add array entries to all four per scanner; assert with `deepEqual`. (e.g. `WFL: ['LLM02','LLM06']`)
|
||||
- `parseFrontmatter` already exists: `scanners/lib/yaml-frontmatter.mjs:13` (TRG reuses it).
|
||||
- **Zero npm deps** (no `dependencies` key in package.json — keep it that way). python3 = optional,
|
||||
graceful `status:'skipped'` when absent. Emit via `finding()`/`scannerResult()` (`scanners/lib/output.mjs`).
|
||||
- Policy: add section to `DEFAULT_POLICY` (`scanners/lib/policy-loader.mjs`), read via `getPolicyValue`.
|
||||
- Distribution = Claude Code marketplace git-clone (whole repo), NOT npm — so `package.json` `files[]`
|
||||
is moot for runtime; the `knowledge/` add in Step 7 is correctness-only.
|
||||
- Template scanner to copy: `scanners/memory-poisoning-scanner.mjs:386`. Tests: `node --test`,
|
||||
committed `clean/`+`poisoned/` fixtures, `resetCounter()` in `beforeEach`. Full suite: `npm test`.
|
||||
## Known pre-existing doc drift (out of this plan's scope — flagged, NOT fixed)
|
||||
- `docs/scanner-reference.md` orchestrated count/list never counted `workflow` (true array = 14, docs
|
||||
now say 13). Per the plan I bumped each count by +3; reconciling the workflow omission needs its own scope.
|
||||
|
||||
## Continuity
|
||||
- STATE.md is canonical + committed (now un-gitignored — global rule). Voyage `.session-state.local.json`
|
||||
is disposable per-plan scratch, gitignored (`*.local.json`).
|
||||
|
||||
## Committed this session
|
||||
- `docs/plans/TRG/SIG/AST-gap-analysis.md` (brief), `docs/plans/trekplan-2026-06-20-...md` (plan),
|
||||
`.gitignore` (un-ignore STATE.md; ignore `docs/plans/*.html`), this STATE.md.
|
||||
- Annotation HTML is gitignored (regenerable via Voyage `annotate.mjs`).
|
||||
- NO scanner code written yet — execution is next session.
|
||||
- STATE.md canonical + committed (never gitignored). trekexecute progress scratch deleted (run done;
|
||||
git history is the durable record). origin = Forgejo `open/llm-security` (never GitHub).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue