llm-security/commands/harden.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

2.2 KiB

name description allowed-tools model
security:harden Generate Grade A security configuration — settings.json, CLAUDE.md security section, .gitignore additions Read, Glob, Grep, Bash, Write, Edit, AskUserQuestion sonnet

/security harden [path] [--apply] [--dry-run]

Generate reference security configuration to achieve Grade A posture. Runs posture scanner, identifies gaps, generates config to close them.

Step 1: Generate

Run the reference configuration generator:

node <this plugin's scanners/reference-config-generator.mjs> [target-path or cwd] [--apply]

Default is --dry-run (show JSON output, do not write files).

Parse the JSON output. The result contains:

  • projectType: plugin, monorepo, or standalone
  • posture: current grade, pass_rate, pass/partial/fail counts
  • recommendations[]: file, action (create/merge/append/none), content, category
  • summary: total, actionable, creates, merges, appends

Step 2: Present Results

# Security Harden — [project name]

| Field | Value |
|-------|-------|
| **Current Grade** | [grade] |
| **Project Type** | [type] |
| **Recommendations** | [actionable]/[total] |

## Recommendations

[For each recommendation with action != 'none':]
### [N]. [category] — [file]
- **Action:** [create/merge/append]
- **Content preview:** [first 3 lines or summary]

Step 3: Apply (if --apply or user confirms)

If $ARGUMENTS contains --apply, the generator already wrote files. Report what was changed.

If $ARGUMENTS is --dry-run or empty, ask the user:

"Apply these [N] changes? This will create a backup first."

If confirmed, re-run with --apply. Report backup location and files written.

Step 4: Post-Apply Verification

After applying, re-run posture scanner to verify improvement:

node <this plugin's scanners/posture-scanner.mjs> [target-path]

Report: "Grade improved from [old] to [new]." or "Grade unchanged at [grade]."

If Grade A not achieved, explain remaining gaps (likely hook-related, which require manual setup or plugin installation).

Step 5: Closing

  • Grade A: "Configuration hardened. All posture checks pass."
  • Below A: "Configuration improved. Remaining gaps require [hooks/manual setup]. Run /security posture for details."