Commit Graph

1 Commits

Author SHA1 Message Date
bastien
97415e9aea feat(harden): add web hardening audit skill
New /harden skill runs a narrow-scope security audit covering
HTTPS/TLS transport, HSTS, security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy),
cookie flags, canonical URLs, custom 404, and server config
hardening (.htaccess, nginx, netlify, vercel, cloudflare, next
config, astro middleware).

Reuses the seo-analyzer agent with a strict IN/OUT scope filter so
the report stays focused on hardening — no meta/OG/JSON-LD/sitemap/
CWV noise. Those remain owned by /seo and /geo.

FULL mode queries three independent third-party validators and
embeds their verdict in HARDEN.md:
  - Mozilla Observatory (API v2 JSON, ~10s)
  - SecurityHeaders.com (HTML scrape, ~5s)
  - SSL Labs (API v3 async, poll up to 180s, cached via maxAge=24)

Divergence between code audit and external validators is surfaced
as a finding (config drift, CDN header overrides, conditional
middleware).

Flags: --local, --full, --fix, --no-external.

Routing rule added to CLAUDE.md; cso description narrowed to its
actual scope (secrets, deps CVE, OWASP code-level) to disambiguate
from /harden.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 20:32:48 +02:00