agent-bot/takt
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
takt/builtins/en/facets/output-contracts/security-review.md
nrslib 4e89fe1c23 feat: reviewers↔fix ループ収束を支援するレポート履歴・ループ監視・参照方針の整備 
- phase-runner: レポートを上書きせずタイムスタンプ付きで同ディレクトリに保存し、fix が過去指摘の傾向を追跡できるよう改善
- output-contracts: persists/reopened/family_tag フィールドを追加してレビュー指摘の継続性を明示
- pieces: 全ビルトインピースに reviewers↔fix の loop_monitors を追加し、発散ループを自動検知
- fix.md: 過去レポートの参照方法を「Glob で {レポート名}.* を検索、最大2件読む」と具体化
- loop-monitor-reviewers-fix.md: ループモニタ判定用の共通インストラクションを新規追加
2026-03-04 11:32:19 +09:00

2.0 KiB
Raw Blame History 

# Security Review

## Result: APPROVE / REJECT

## Severity: None / Low / Medium / High / Critical

## Check Results
| Category | Result | Notes |
|----------|--------|-------|
| Injection | ✅ | - |
| Authentication & Authorization | ✅ | - |
| Data Protection | ✅ | - |
| Dependencies | ✅ | - |

## Current Iteration Findings (new)
| # | finding_id | family_tag | Severity | Type | Location | Issue | Fix Suggestion |
|---|------------|------------|----------|------|----------|-------|----------------|
| 1 | SEC-NEW-src-db-L42 | injection-risk | High | SQLi | `src/db.ts:42` | Raw query string | Use parameterized queries |

## Carry-over Findings (persists)
| # | finding_id | family_tag | Previous Evidence | Current Evidence | Issue | Fix Suggestion |
|---|------------|------------|-------------------|------------------|-------|----------------|
| 1 | SEC-PERSIST-src-auth-L18 | injection-risk | `src/auth.ts:18` | `src/auth.ts:18` | Weak validation persists | Harden validation |

## Resolved Findings (resolved)
| finding_id | Resolution Evidence |
|------------|---------------------|
| SEC-RESOLVED-src-db-L10 | `src/db.ts:10` now uses bound parameters |

## Reopened Findings (reopened)
| # | finding_id | family_tag | Prior Resolution Evidence | Recurrence Evidence | Issue | Fix Suggestion |
|---|------------|------------|--------------------------|---------------------|-------|----------------|
| 1 | SEC-REOPENED-src-auth-L55 | injection-risk | `Previously fixed at src/auth.ts:20` | `Recurred at src/auth.ts:55` | Issue description | Fix approach |

## Warnings (non-blocking)
- {Security recommendations}

## Rejection Gate
- REJECT is valid only when at least one finding exists in `new`, `persists`, or `reopened`
- Findings without `finding_id` are invalid

Cognitive load reduction rules:

  • No issues → Checklist only (10 lines or fewer)
  • Warnings only → + Warnings in 1-2 lines (15 lines or fewer)
  • Vulnerabilities found → + finding tables (30 lines or fewer)