llm-security/templates/archive/pre-deploy-report.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

125 lines
4.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Pre-Deployment Security Checklist
<!--
TEMPLATE USAGE
This is a reference document describing the expected output structure for `/security pre-deploy`.
Agents use this as a formatting guide for the pre-deployment checklist report.
Fill every section with real observations. Do NOT output placeholder text.
Run all 10 automated checks first, then ask the 3 manual verification questions.
State the verdict clearly at the end based on the PASS count.
-->
---
## Header
**Project:** [Name of the project or directory assessed]
**Assessment date:** [ISO 8601 — e.g. 2026-02-19]
**Assessed by:** llm-security plugin v[X.X] — pre-deploy checklist
**Mode:** Pre-deployment checklist
---
## Score Summary
**Passed: X/10 automated checks**
```
[========--] 8/10
```
**Verdict:** [Ready for deployment / Nearly ready / Not ready]
---
## Automated Checks
Status values: PASS — control confirmed | FAIL — control absent or broken | WARN — partial or unverified | N/A — not applicable
| # | Check | Status | Detail |
|---|-------|--------|--------|
| 1 | Deny-first permissions | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 2 | Secrets hook active | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 3 | Path guard active | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 4 | Destructive command guard | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 5 | MCP servers verified | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 6 | No hardcoded secrets | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 7 | .gitignore covers secrets | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 8 | CLAUDE.md security docs | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 9 | Sandbox enabled | [PASS/FAIL/WARN/N/A] | [finding detail] |
| 10 | Audit logging configured | [PASS/FAIL/WARN/N/A] | [finding detail] |
---
## Manual Verification
Answers provided by the user during the assessment session.
- [ ] **Enterprise plan:** [user answer]
- [ ] **DPIA completed:** [user answer]
- [ ] **Incident response plan:** [user answer]
---
## Recommendations
FAIL items are listed first (blocking), followed by WARN items (advisory). Items with PASS or N/A status are omitted.
| Priority | Check # | Action | Effort |
|----------|---------|--------|--------|
| FAIL | [#] | [Specific remediation step for the failed check] | [Low / Medium / High] |
| FAIL | [#] | [Specific remediation step for the failed check] | [Low / Medium / High] |
| WARN | [#] | [Specific remediation step for the warned check] | [Low / Medium / High] |
| WARN | [#] | [Specific remediation step for the warned check] | [Low / Medium / High] |
> If no FAIL or WARN items exist, write: "No recommendations — all automated checks passed."
---
## Verdict
**[Ready for deployment / Nearly ready / Not ready]**
- **10/10 PASS:** Ready for deployment — all automated checks passed.
- **79 PASS:** Nearly ready — address the remaining items before deploying.
- **<7 PASS:** Not ready — significant security gaps remain. Resolve FAIL items before deployment.
---
## Footer
| Field | Value |
|-------|-------|
| llm-security version | [e.g. 0.1.0] |
| Assessment engine | pre-deploy checklist |
| OWASP references | LLM Top 10 (2025), Agentic AI Top 10 |
| Full audit command | `/security audit` |
| Report generated | [ISO 8601 timestamp] |
---
<!--
SCORING LOGIC (for agents filling in this template)
Score = count of checks with status PASS only.
WARN and N/A do not count as PASS for scoring purposes.
FAIL counts against the score.
Progress bar fill = round((pass_count / 10) * 10) filled blocks out of 10
Example: 8 PASS → round((8/10) * 10) = 8 filled blocks → [========--]
Filled block: = Empty block: -
Verdict thresholds:
10/10 PASS → "Ready for deployment — all automated checks passed."
79 PASS → "Nearly ready — address the remaining items before deploying."
<7 PASS → "Not ready — significant security gaps remain. Resolve FAIL items before deployment."
RECOMMENDATIONS SORTING
List FAIL items before WARN items, in ascending check number order within each group.
Omit PASS and N/A checks from the recommendations table entirely.
Each row must have a specific, actionable remediation step — not a generic instruction.
MANUAL VERIFICATION
Ask questions one at a time using AskUserQuestion.
Mark checkbox as checked [x] if user confirms yes; leave unchecked [ ] if no or unsure.
-->