Florian BRUNIAUX
|
34b2ca7200
|
feat(security): add security hardening guide and hooks v3.6.0
- Add guide/security-hardening.md (~10K) covering:
- MCP vetting workflow with CVE-2025-53109/53110, 54135, 54136
- Prompt injection evasion techniques (Unicode, ANSI, null bytes)
- Secret detection tool comparison (Gitleaks, TruffleHog, GitGuardian)
- Incident response procedures
- Add 3 new security hooks:
- unicode-injection-scanner.sh: zero-width, RTL, ANSI escape detection
- repo-integrity-scanner.sh: scan README/package.json for injection
- mcp-config-integrity.sh: verify MCP config hash
- Update existing hooks:
- prompt-injection-detector.sh: +ANSI, +null bytes, +nested cmd
- output-secrets-scanner.sh: +env leakage, +generic tokens
- Update cross-references in ultimate-guide.md (§7.4, §8.6)
- Move MCP Security Hardening to Done in IDEAS.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-15 07:39:53 +01:00 |
|
Florian BRUNIAUX
|
8a4d116e2e
|
feat(docs): add LLM Handbook + Google Whitepaper integration v3.3.0
Advanced Guardrails:
- prompt-injection-detector.sh (PreToolUse)
- output-validator.sh (PostToolUse heuristics)
- claudemd-scanner.sh (SessionStart injection detection)
- output-secrets-scanner.sh (PostToolUse secrets leak prevention)
Observability & Monitoring:
- session-logger.sh (JSONL activity logging)
- session-stats.sh (cost tracking & analysis)
- guide/observability.md (full documentation)
LLM-as-a-Judge Evaluation:
- output-evaluator.md agent (Haiku)
- /validate-changes command
- pre-commit-evaluator.sh (opt-in git hook)
Google Agent Whitepaper Integration:
- Context Triage Guide (Section 2.2.4)
- CLAUDE.md Injection Warning (Section 3.1.3)
- Agent Validation Checklist (Section 4.2.4)
- MCP Security: Tool Shadowing & Confused Deputy (Section 8.6)
- Session vs Memory patterns (Section 3.3.3)
Stats: 10 new files, 8 modified, 5 new guide sections
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-14 21:00:49 +01:00 |
|