llm-security/templates/archive/pre-deploy-report.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

4.3 KiB
Raw Permalink Blame History

Pre-Deployment Security Checklist


Header

Project: [Name of the project or directory assessed] Assessment date: [ISO 8601 — e.g. 2026-02-19] Assessed by: llm-security plugin v[X.X] — pre-deploy checklist Mode: Pre-deployment checklist


Score Summary

Passed: X/10 automated checks

[========--] 8/10

Verdict: [Ready for deployment / Nearly ready / Not ready]


Automated Checks

Status values: PASS — control confirmed | FAIL — control absent or broken | WARN — partial or unverified | N/A — not applicable

# Check Status Detail
1 Deny-first permissions [PASS/FAIL/WARN/N/A] [finding detail]
2 Secrets hook active [PASS/FAIL/WARN/N/A] [finding detail]
3 Path guard active [PASS/FAIL/WARN/N/A] [finding detail]
4 Destructive command guard [PASS/FAIL/WARN/N/A] [finding detail]
5 MCP servers verified [PASS/FAIL/WARN/N/A] [finding detail]
6 No hardcoded secrets [PASS/FAIL/WARN/N/A] [finding detail]
7 .gitignore covers secrets [PASS/FAIL/WARN/N/A] [finding detail]
8 CLAUDE.md security docs [PASS/FAIL/WARN/N/A] [finding detail]
9 Sandbox enabled [PASS/FAIL/WARN/N/A] [finding detail]
10 Audit logging configured [PASS/FAIL/WARN/N/A] [finding detail]

Manual Verification

Answers provided by the user during the assessment session.

  • Enterprise plan: [user answer]
  • DPIA completed: [user answer]
  • Incident response plan: [user answer]

Recommendations

FAIL items are listed first (blocking), followed by WARN items (advisory). Items with PASS or N/A status are omitted.

Priority Check # Action Effort
FAIL [#] [Specific remediation step for the failed check] [Low / Medium / High]
FAIL [#] [Specific remediation step for the failed check] [Low / Medium / High]
WARN [#] [Specific remediation step for the warned check] [Low / Medium / High]
WARN [#] [Specific remediation step for the warned check] [Low / Medium / High]

If no FAIL or WARN items exist, write: "No recommendations — all automated checks passed."


Verdict

[Ready for deployment / Nearly ready / Not ready]

  • 10/10 PASS: Ready for deployment — all automated checks passed.
  • 79 PASS: Nearly ready — address the remaining items before deploying.
  • <7 PASS: Not ready — significant security gaps remain. Resolve FAIL items before deployment.

Field Value
llm-security version [e.g. 0.1.0]
Assessment engine pre-deploy checklist
OWASP references LLM Top 10 (2025), Agentic AI Top 10
Full audit command /security audit
Report generated [ISO 8601 timestamp]