llm-security/STATE.md
2026-06-20 09:51:28 +02:00

37 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# STATE — llm-security
**Active focus:** SkillSpector-gap scanners (TRG/SIG/AST) — DONE & pushed (Steps 17).
Release v7.8.0 (Step 8) DEFERRED by operator. **The next session is NOT SkillSpector** — it is
the security-fix brief (see PREREQUISITE) which must run before we resume/release this track.
## PREREQUISITE — do BEFORE continuing SkillSpector / releasing v7.8.0
- Run the security-fix session: **`docs/security-fix-brief-2026-06-20.md`**
(F-1 RCE + F-2/F-3 shell/path injection sinks; from the marketplace-wide review
`docs/review-2026-06-20.md`). Operator instruction (2026-06-20): do NOT interleave it with
SkillSpector work; it gates the v7.8.0 release — don't ship a version with F-1/F-2/F-3 open.
## What landed this session (pushed to Forgejo, main @ d19abf0)
- **TRG** `scanners/trigger-scanner.mjs` — shadow/baiting/broad triggers; decode-pipeline on
descriptions. + wiring (orchestrator/policy/4 OWASP maps). Commits 54115a9, 75aeeee. Test 16/0.
- **SIG** `scanners/signature-scanner.mjs` + `knowledge/signatures.json` (webshell/reverse_shell/
cryptominer/hacktool, matched over normalizeForScan/foldHomoglyphs/rot13 — catches obfuscated
malware). + wiring. Commits bac6f6f, 76e3543. Test 12/0.
- **AST** `scanners/ast-taint-scanner.mjs` + `scanners/lib/py-ast-taint.py` (PARSE-ONLY ast.parse,
scope-aware var taint, 5s timeout, graceful skip when python3 absent). + wiring.
Commits e497bb7, b50313e. Test 9/0. Parse-only proven (sentinel: no SENTINEL written).
- Docs/packaging `d19abf0` — scanner-reference rows + count bumps, output.mjs JSDoc prefixes,
orchestrator header (→14), `package.json` files[] += `knowledge/`.
- Full suite **1859/0**. Orchestrator runs **14** scanners (trg/sig/ast keys present). Zero-dep holds.
## Step 8 (deferred) — release v7.8.0 when ready, AFTER the security fix
- Bump 7.7.2 → 7.8.0 in `.claude-plugin/plugin.json`, `package.json`, README badge (`README.md:9`),
CHANGELOG `[7.8.0]`, `docs/version-history.md`, CLAUDE.md header. Verify w/ version-consistency grep.
Spec: Step 8 of `docs/plans/trekplan-2026-06-20-skillspector-gap-analysis.md`.
## Known pre-existing doc drift (out of this plan's scope — flagged, NOT fixed)
- `docs/scanner-reference.md` orchestrated count/list never counted `workflow` (true array = 14, docs
now say 13). Per the plan I bumped each count by +3; reconciling the workflow omission needs its own scope.
## Continuity
- STATE.md canonical + committed (never gitignored). trekexecute progress scratch deleted (run done;
git history is the durable record). origin = Forgejo `open/llm-security` (never GitHub).