0be354a920
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
45 lines
1.1 KiB
TOML
45 lines
1.1 KiB
TOML
# Example task.toml — read-only role for kei-security-auditor.
|
|
# Security sweep scoped to HIGH-risk surfaces (auth / crypto / network
|
|
# / deserialisation / FFI).
|
|
|
|
[task]
|
|
role = "read-only"
|
|
agent-id = "read-only-security-EXAMPLE"
|
|
parent-agent = ""
|
|
|
|
[scope]
|
|
files-whitelist = [
|
|
"_primitives/_rust/**/src/**/*.rs",
|
|
"hooks/**",
|
|
"install/**",
|
|
]
|
|
files-denylist = [
|
|
"**/target/**",
|
|
"**/tests/**",
|
|
]
|
|
|
|
[verification]
|
|
cargo-check-crates = []
|
|
cargo-test-crates = []
|
|
|
|
[output]
|
|
# Parameterises output::report-format + output::severity-grade.
|
|
report-fields-required = [
|
|
"risk-classification",
|
|
"mode",
|
|
"files-reviewed",
|
|
"new-dependencies",
|
|
"per-finding",
|
|
"supply-chain-verdict",
|
|
"9-point-coverage",
|
|
]
|
|
|
|
[body]
|
|
text = """
|
|
Security audit of the agent-substrate Rust workspace: classify each
|
|
touched crate HIGH / MEDIUM / LOW, run the 9-point differential
|
|
checklist on HIGH surfaces, perform variant analysis (exact → structural
|
|
→ semantic grep), and supply-chain-check every new dep via
|
|
OSV.dev / GitHub Advisories. Every finding gets [HIGH|MEDIUM|LOW] plus
|
|
a concrete reproduction path. No 'might' / 'probably' — prove or drop.
|
|
"""
|