security-mcp 1.0.4 → 1.1.0

package/README.md

@@ -45,7 +45,7 @@ security-mcp actively hardens every surface of your software:
 ## Quick Start
 
 ```bash
-npx security-mcp install
+npx -y security-mcp@latest install
 ```
 
 That's it. The tool auto-detects your editor and writes the MCP config. Restart your editor -- done.
@@ -53,15 +53,43 @@ That's it. The tool auto-detects your editor and writes the MCP config. Restart
 To target a specific editor:
 
 ```bash
-npx security-mcp install --claude-code
-npx security-mcp install --cursor
-npx security-mcp install --vscode
+npx -y security-mcp@latest install --claude-code
+npx -y security-mcp@latest install --cursor
+npx -y security-mcp@latest install --vscode
 ```
 
 Preview without writing anything:
 
 ```bash
-npx security-mcp install --dry-run
+npx -y security-mcp@latest install --dry-run
+```
+
+### Global Install
+
+Install the package globally, then configure editors to call the global binary directly:
+
+```bash
+npm install -g security-mcp@latest
+security-mcp install-global
+```
+
+Preview the global install flow without writing:
+
+```bash
+security-mcp install-global --dry-run
+```
+
+### Update Behavior
+
+- `npx -y security-mcp@latest ...` always runs the latest published npm version.
+- Global installs (`npm install -g security-mcp`) do not auto-upgrade by themselves.
+- The CLI now checks npm for new releases and prints an update prompt when a newer version is available.
+
+Global update command:
+
+```bash
+npm install -g security-mcp@latest
+security-mcp install-global
 ```
 
 In **Claude Code**, activate the security engineer:
@@ -78,28 +106,36 @@ Your AI will now **find and fix** security issues instead of just mentioning the
 
 When you invoke `/senior-security-engineer` or call any security-mcp MCP tool, your AI shifts into the role of a Senior Security Engineer. It will:
 
-1. **Scan your code** for vulnerabilities, misconfigurations, and security anti-patterns
-2. **Fix what it finds** -- not just flag it; it rewrites the insecure code with the secure version
-3. **Enforce policies** -- set up input validation, auth middleware, security headers, and rate limiting
-4. **Block dangerous patterns** -- refuse to implement code that introduces known vulnerabilities
-5. **Explain everything in plain English** -- no security jargon required
+1. **Ask scan scope first** -- folder-by-folder, file-by-file, or recent changes
+2. **Start a review run** -- carry a `runId` for ordered execution and attestation
+3. **Scan your code** for vulnerabilities, misconfigurations, and security anti-patterns
+4. **Fix what it finds** -- not just flag it; it rewrites the insecure code with the secure version
+5. **Enforce policies** -- set up input validation, auth middleware, security headers, and rate limiting
+6. **Block dangerous patterns** -- refuse to implement code that introduces known vulnerabilities
+7. **Produce an attestation** -- emit a confidence summary and integrity hash for the completed review
 
 ### MCP Tools (Your AI Uses These Automatically)
 
 | Tool | What It Does |
 | --- | --- |
+| `security.start_review` | Starts a stateful review run and returns the `runId` used for ordered execution and attestation |
 | `security.get_system_prompt` | Loads the full security directive into your AI session -- activates the Senior Security Engineer mode |
 | `security.threat_model` | Generates a complete threat model for any feature before a single line of code is written |
 | `security.checklist` | Returns a hardened pre-ship checklist specific to your surface (web, API, mobile, AI, cloud) |
+| `security.scan_strategy` | Forces scan mode selection (`folder_by_folder`, `file_by_file`, `recent_changes`) and builds an exhaustive review plan |
 | `security.generate_policy` | Writes a `security-policy.json` for your project that the gate enforces on every PR |
-| `security.run_pr_gate` | Scans your current code diff and **blocks merge** if it introduces CRITICAL or HIGH vulnerabilities |
+| `security.terraform_hardening_blueprint` | Produces an advanced Terraform hardening baseline (network, IAM, data, logging, CI controls) |
+| `security.generate_opa_rego` | Generates preventive OPA/Rego policies for Terraform plans, CI pipelines, and Kubernetes admission (requires explicit consent) |
+| `security.self_heal_loop` | Proposes self-healing improvements, but requires explicit human approval before any change |
+| `security.attest_review` | Writes an auditable review attestation with integrity hash and confidence summary |
+| `security.run_pr_gate` | Scans recent changes, selected folders, or selected files and **blocks merge** on CRITICAL/HIGH vulnerabilities; requires `runId` in MCP usage |
 | `repo.read_file` | Reads files from your workspace for analysis |
 | `repo.search` | Searches your codebase for vulnerable patterns |
 
 ### Security Gate (Blocks Bad Code from Shipping)
 
 ```bash
-npx security-mcp ci:pr-gate
+npx -y security-mcp@latest ci:pr-gate
 ```
 
 Add this to your CI pipeline. It scans every PR and **blocks the merge** if it finds:
@@ -158,14 +194,17 @@ When your AI has security-mcp active, it will **fix these automatically** -- not
 
 | Editor | Install Command | Config Location |
 | --- | --- | --- |
-| Claude Code | `npx security-mcp install --claude-code` | `~/.claude/settings.json` |
-| Cursor (global) | `npx security-mcp install --cursor` | `~/.cursor/mcp.json` |
-| Cursor (workspace) | `npx security-mcp install --cursor` | `.cursor/mcp.json` |
-| VS Code | `npx security-mcp install --vscode` | User `settings.json` |
+| Claude Code | `npx -y security-mcp@latest install --claude-code` | `~/.claude/settings.json` |
+| Claude Code (global binary) | `security-mcp install-global --claude-code` | `~/.claude/settings.json` |
+| Cursor (global) | `npx -y security-mcp@latest install --cursor` | `~/.cursor/mcp.json` |
+| Cursor (global binary) | `security-mcp install-global --cursor` | `~/.cursor/mcp.json` |
+| Cursor (workspace) | `npx -y security-mcp@latest install --cursor` | `.cursor/mcp.json` |
+| VS Code | `npx -y security-mcp@latest install --vscode` | User `settings.json` |
+| VS Code (global binary) | `security-mcp install-global --vscode` | User `settings.json` |
 | GitHub Copilot | Manual config (see below) | `.vscode/settings.json` |
 | Codex | Manual config (see below) | Editor config |
 | Replit | Manual config (see below) | `.replit` config |
-| Any MCP-compatible | `npx security-mcp config` | Paste into editor config |
+| Any MCP-compatible | `npx -y security-mcp@latest config` or `security-mcp config --use-global-binary` | Paste into editor config |
 
 ---
 
@@ -203,7 +242,20 @@ security-mcp applies all of them on your behalf:
   "mcpServers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
+    }
+  }
+}
+```
+
+### Claude Code With Global Binary (`~/.claude/settings.json`)
+
+```json
+{
+  "mcpServers": {
+    "security-mcp": {
+      "command": "security-mcp",
+      "args": ["serve"]
     }
   }
 }
@@ -216,7 +268,7 @@ security-mcp applies all of them on your behalf:
   "mcpServers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
     }
   }
 }
@@ -229,7 +281,7 @@ security-mcp applies all of them on your behalf:
   "mcp.servers": {
     "security-mcp": {
       "command": "npx",
-      "args": ["-y", "security-mcp", "serve"]
+      "args": ["-y", "security-mcp@latest", "serve"]
     }
   }
 }
@@ -238,7 +290,8 @@ security-mcp applies all of them on your behalf:
 Print the config snippet for any editor:
 
 ```bash
-npx security-mcp config
+npx -y security-mcp@latest config
+security-mcp config --use-global-binary
 ```
 
 ---
@@ -250,6 +303,9 @@ Copy the default policy into your project:
 ```bash
 cp node_modules/security-mcp/defaults/security-policy.json .mcp/policies/security-policy.json
 cp node_modules/security-mcp/defaults/evidence-map.json .mcp/mappings/evidence-map.json
+cp node_modules/security-mcp/defaults/control-catalog.json .mcp/catalog/control-catalog.json
+cp node_modules/security-mcp/defaults/security-tools.json .mcp/scanners/security-tools.json
+cp node_modules/security-mcp/defaults/security-exceptions.json .mcp/exceptions/security-exceptions.json
 ```
 
 Or generate one tailored to your project:

package/defaults/checklists/ai.json

@@ -0,0 +1,25 @@
+{
+  "surface": "ai",
+  "items": [
+    { "id": "ai_input_sanitization", "description": "All AI inputs sanitized and validated before being passed to models", "critical": true },
+    { "id": "ai_prompt_separation", "description": "System prompt structurally separated from user content — no string concatenation", "critical": true },
+    { "id": "ai_rag_untrusted", "description": "Indirect prompt injection: retrieved RAG context treated as untrusted and isolated", "critical": true },
+    { "id": "ai_output_schema", "description": "Model outputs validated against JSON schema before acting on them", "critical": true },
+    { "id": "ai_pii_scan", "description": "Output PII scan in place — no SSN, card numbers, tokens in model responses", "critical": true },
+    { "id": "ai_rate_limiting", "description": "AI endpoints rate-limited independently from regular API — token budgets enforced", "critical": true },
+    { "id": "ai_access_logging", "description": "Model access logging enabled — user, timestamp, token counts, model version logged", "critical": false },
+    { "id": "ai_redteam_done", "description": "Red-team test cases executed — jailbreak, injection, PII exfil probes reviewed", "critical": true },
+    { "id": "ai_tool_allowlist", "description": "AI agent tool calls routed through allowlist — no unconstrained tool execution", "critical": true },
+    { "id": "ai_human_in_loop", "description": "Human-in-the-loop approval required for high-impact agentic actions (delete, send, execute)", "critical": true },
+    { "id": "ai_no_eval_output", "description": "Model output never passed to eval() or executed as code", "critical": true },
+    { "id": "ai_no_shell_exec", "description": "Model output never passed directly to shell commands — allowlisted templates only", "critical": true },
+    { "id": "ai_data_minimization", "description": "Only minimum necessary data included in prompts — no bulk data injection", "critical": false },
+    { "id": "ai_model_versioning", "description": "Model version pinned — changes to model version go through security review", "critical": false },
+    { "id": "ai_abuse_monitoring", "description": "Abuse monitoring in place — anomaly detection on token usage and response patterns", "critical": false },
+    { "id": "ai_threat_model", "description": "AI-specific threat model completed — MITRE ATLAS and OWASP LLM Top 10 reviewed", "critical": true },
+    { "id": "ai_rag_authz", "description": "RAG retrieval enforces authorization — documents filtered by user permissions", "critical": true },
+    { "id": "ai_no_pii_in_prompts", "description": "No PII, credentials, or secrets in prompt templates", "critical": true },
+    { "id": "ai_fallback_handling", "description": "Model failures handled gracefully — no sensitive error details exposed to users", "critical": false },
+    { "id": "ai_owasp_llm_top10", "description": "OWASP LLM Top 10 controls reviewed and addressed for this AI surface", "critical": true }
+  ]
+}

package/defaults/checklists/api.json

@@ -0,0 +1,27 @@
+{
+  "surface": "api",
+  "items": [
+    { "id": "api_authn_required", "description": "All new endpoints require authentication (JWT RS256/ES256 validated, not HS256)", "critical": true },
+    { "id": "api_authz_server_side", "description": "Authorization checked server-side for every resource operation — IDOR prevention confirmed", "critical": true },
+    { "id": "api_input_validation", "description": "Server-side schema validation on all new inputs (Zod/Valibot/Yup/Joi)", "critical": true },
+    { "id": "api_rate_limiting", "description": "Rate limiting configured on all new endpoints — per-user and per-IP", "critical": true },
+    { "id": "api_cors_allowlist", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
+    { "id": "api_request_size", "description": "Request size limits enforced — no unbounded body parsing", "critical": false },
+    { "id": "api_ssrf_protection", "description": "SSRF protection on any server-side HTTP client — block private IPs and metadata endpoints", "critical": true },
+    { "id": "api_webhook_sig", "description": "Webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
+    { "id": "api_openapi_updated", "description": "OpenAPI spec updated for all new endpoints", "critical": false },
+    { "id": "api_csrf", "description": "CSRF protections present on all state-mutating browser-accessible endpoints", "critical": true },
+    { "id": "api_error_messages", "description": "Error responses reviewed — no stack traces, internal paths, or schema details", "critical": false },
+    { "id": "api_logging", "description": "Security events logged for all auth decisions — no PII or secrets in logs", "critical": false },
+    { "id": "api_jwt_expiry", "description": "JWT expiry enforced — access tokens max 15 minutes, refresh tokens rotated", "critical": true },
+    { "id": "api_sql_injection", "description": "No raw SQL string concatenation — parameterized queries or ORM used throughout", "critical": true },
+    { "id": "api_mass_assignment", "description": "Mass assignment prevention — explicit field allowlists, not object spread from request body", "critical": true },
+    { "id": "api_sensitive_data", "description": "Sensitive data (PII, credentials) not included in API responses unless required", "critical": true },
+    { "id": "api_versioning", "description": "API versioning strategy in place — old versions have defined deprecation timeline", "critical": false },
+    { "id": "api_dependency_scan", "description": "Backend dependencies scanned — no CRITICAL CVEs unresolved", "critical": true },
+    { "id": "api_secrets_scan", "description": "Secrets scan clean — no hardcoded credentials or API keys", "critical": true },
+    { "id": "api_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
+    { "id": "api_threat_model", "description": "Threat model completed and reviewed for this API surface change", "critical": true },
+    { "id": "api_health_endpoint", "description": "Health/readiness endpoints do not expose sensitive version or config info", "critical": false }
+  ]
+}

package/defaults/checklists/infra.json

@@ -0,0 +1,27 @@
+{
+  "surface": "infra",
+  "items": [
+    { "id": "infra_no_public_ingress", "description": "No 0.0.0.0/0 ingress rules in any firewall or security group", "critical": true },
+    { "id": "infra_private_endpoints", "description": "All managed services accessed via VPC endpoints or private connectivity", "critical": true },
+    { "id": "infra_no_public_storage", "description": "No world-readable storage buckets or containers", "critical": true },
+    { "id": "infra_secrets_manager", "description": "All secrets stored in secret manager — not in env files, CI logs, or container images", "critical": true },
+    { "id": "infra_iam_least_privilege", "description": "IAM roles follow least privilege — no wildcard permissions or admin roles", "critical": true },
+    { "id": "infra_network_segmentation", "description": "Network segmentation reviewed — web, app, and data tiers isolated", "critical": true },
+    { "id": "infra_waf_rules", "description": "WAF rules updated if new public endpoints added", "critical": false },
+    { "id": "infra_audit_logging", "description": "Cloud audit logging confirmed for all new resources", "critical": true },
+    { "id": "infra_iac_scan", "description": "IaC scan passed (Checkov/tfsec/Terrascan) with no HIGH/CRITICAL findings", "critical": true },
+    { "id": "infra_container_scan", "description": "Container scan passed — no CRITICAL CVEs with available fix", "critical": true },
+    { "id": "infra_tf_state_encrypted", "description": "Terraform state stored with encryption and locking — restricted access", "critical": true },
+    { "id": "infra_tf_versions_pinned", "description": "Provider and module versions pinned to exact versions — no floating ranges", "critical": false },
+    { "id": "infra_drift_detection", "description": "Drift detection enabled — unauthorized changes trigger alerts", "critical": false },
+    { "id": "infra_backup_verified", "description": "Backups configured and restore tested for all data stores", "critical": true },
+    { "id": "infra_tls_config", "description": "TLS 1.3 configured — TLS 1.0/1.1 disabled on all endpoints", "critical": true },
+    { "id": "infra_encryption_at_rest", "description": "Encryption at rest with CMEK/KMS for all data stores", "critical": true },
+    { "id": "infra_mfa_enforced", "description": "MFA enforced for all console and cloud provider access", "critical": true },
+    { "id": "infra_sbom_generated", "description": "SBOM generated for all container images included in this change", "critical": false },
+    { "id": "infra_provenance", "description": "SLSA provenance attestation generated for release artifacts", "critical": false },
+    { "id": "infra_threat_model", "description": "Threat model completed and reviewed for this infrastructure change", "critical": true },
+    { "id": "infra_zero_trust", "description": "Zero Trust controls applied — explicit authentication for all service-to-service calls", "critical": true },
+    { "id": "infra_ddos_protection", "description": "DDoS protection enabled for public-facing load balancers", "critical": false }
+  ]
+}

package/defaults/checklists/mobile.json

@@ -0,0 +1,25 @@
+{
+  "surface": "mobile",
+  "items": [
+    { "id": "mobile_ios_ats", "description": "iOS: NSAllowsArbitraryLoads is false — ATS strictly enforced", "critical": true },
+    { "id": "mobile_android_debuggable", "description": "Android: android:debuggable=false in release build manifest", "critical": true },
+    { "id": "mobile_android_cleartext", "description": "Android: usesCleartextTraffic=false — TLS enforced for all network traffic", "critical": true },
+    { "id": "mobile_cert_pinning", "description": "Certificate pinning implemented for high-value API calls", "critical": true },
+    { "id": "mobile_secure_storage", "description": "Sensitive data not stored in SharedPreferences, external storage, or plist in plaintext", "critical": true },
+    { "id": "mobile_keychain_keystore", "description": "Secrets stored in iOS Keychain / Android Keystore — not in code or config files", "critical": true },
+    { "id": "mobile_biometric_auth", "description": "Biometric authentication properly tied to Keychain/Keystore — not bypassable", "critical": false },
+    { "id": "mobile_screenshot_prevention", "description": "Screenshot prevention enabled for sensitive screens (payment, auth)", "critical": false },
+    { "id": "mobile_clipboard_protection", "description": "Sensitive fields (passwords, card numbers) block clipboard access", "critical": false },
+    { "id": "mobile_network_security_config", "description": "Android Network Security Config restricts cleartext and pins certificates", "critical": true },
+    { "id": "mobile_obfuscation", "description": "Release build uses code obfuscation (ProGuard/R8 for Android, Swift symbol stripping for iOS)", "critical": false },
+    { "id": "mobile_root_jailbreak_detection", "description": "Root/jailbreak detection implemented for high-risk operations", "critical": false },
+    { "id": "mobile_deep_links", "description": "Deep links validated — no open redirect or intent injection via deep link handling", "critical": true },
+    { "id": "mobile_api_keys_absent", "description": "No API keys, secrets, or credentials embedded in app binary or resources", "critical": true },
+    { "id": "mobile_masvs_l2", "description": "OWASP MASVS L2 checklist completed for release build", "critical": true },
+    { "id": "mobile_dependency_scan", "description": "Mobile dependencies scanned for known CVEs", "critical": true },
+    { "id": "mobile_threat_model", "description": "Threat model completed and reviewed for this mobile surface change", "critical": true },
+    { "id": "mobile_data_residency", "description": "Data residency requirements met — no user data stored on device beyond session", "critical": false },
+    { "id": "mobile_backup_prevention", "description": "allowBackup=false in Android manifest — sensitive data not included in backups", "critical": true },
+    { "id": "mobile_logging", "description": "No sensitive data logged in production builds — crash reporting sanitized", "critical": true }
+  ]
+}

package/defaults/checklists/payments.json

@@ -0,0 +1,25 @@
+{
+  "surface": "payments",
+  "items": [
+    { "id": "pci_no_pan_in_logs", "description": "No card numbers, CVV, or PAN in any log, database, cache, or error message", "critical": true },
+    { "id": "pci_webhook_verified", "description": "Payment processor webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
+    { "id": "pci_scope_documented", "description": "PCI scope clearly defined and documented — CDE boundaries explicit", "critical": true },
+    { "id": "pci_network_segmented", "description": "Payment-adjacent systems network-segmented from non-payment systems", "critical": true },
+    { "id": "pci_audit_trail", "description": "Complete audit trail maintained for all payment operations — tamper-evident logs", "critical": true },
+    { "id": "pci_no_raw_card_storage", "description": "Raw card data never stored — tokenization used throughout", "critical": true },
+    { "id": "pci_tls_required", "description": "TLS 1.2+ required on all payment data flows — no fallback to older protocols", "critical": true },
+    { "id": "pci_strong_crypto", "description": "Strong cryptography used — no weak ciphers, MD5, SHA1 for security purposes", "critical": true },
+    { "id": "pci_access_control", "description": "Access to payment data restricted to minimum necessary roles — least privilege", "critical": true },
+    { "id": "pci_vulnerability_mgmt", "description": "Payment system dependencies scanned — no CRITICAL vulnerabilities unresolved", "critical": true },
+    { "id": "pci_waf_in_place", "description": "WAF in place and tuned for payment endpoints — OWASP rule sets active", "critical": true },
+    { "id": "pci_ids_ips", "description": "IDS/IPS monitoring payment data flows with alerting configured", "critical": false },
+    { "id": "pci_file_integrity", "description": "File integrity monitoring on payment system files — alerts on unauthorized change", "critical": false },
+    { "id": "pci_vendor_managed", "description": "Payment processing handled by PCI-compliant vendor (Stripe/Braintree/Adyen) — not custom", "critical": true },
+    { "id": "pci_pen_test", "description": "Penetration test conducted within the last 12 months for payment scope", "critical": false },
+    { "id": "pci_anti_fraud", "description": "Anti-fraud controls in place — velocity checks, geographic anomaly detection", "critical": true },
+    { "id": "pci_chargeback_monitoring", "description": "Chargeback monitoring and alerting configured with defined response process", "critical": false },
+    { "id": "pci_data_retention", "description": "Payment data retention policy enforced — data purged per PCI DSS schedule", "critical": true },
+    { "id": "pci_ir_playbook", "description": "Payment fraud and PCI breach IR playbooks exist and are current", "critical": true },
+    { "id": "pci_threat_model", "description": "Threat model completed and reviewed for this payment surface change", "critical": true }
+  ]
+}

package/defaults/checklists/web.json

@@ -0,0 +1,30 @@
+{
+  "surface": "web",
+  "items": [
+    { "id": "web_csp_nonce", "description": "Content-Security-Policy uses nonce-based control — no unsafe-inline or unsafe-eval", "critical": true },
+    { "id": "web_hsts", "description": "Strict-Transport-Security with includeSubDomains and preload, max-age >= 1 year", "critical": true },
+    { "id": "web_xframe", "description": "X-Frame-Options: DENY or SAMEORIGIN", "critical": true },
+    { "id": "web_xcto", "description": "X-Content-Type-Options: nosniff on all responses", "critical": true },
+    { "id": "web_referrer", "description": "Referrer-Policy: strict-origin-when-cross-origin", "critical": false },
+    { "id": "web_permissions", "description": "Permissions-Policy restricts camera, microphone, geolocation to self or none", "critical": false },
+    { "id": "web_no_inline_js", "description": "No inline JavaScript or inline event handlers (onclick, onerror, etc.)", "critical": true },
+    { "id": "web_sri", "description": "Subresource Integrity (SRI) on all third-party scripts and stylesheets", "critical": true },
+    { "id": "web_csrf", "description": "CSRF protection (SameSite cookies + CSRF tokens) on all state-changing endpoints", "critical": true },
+    { "id": "web_xss_no_dsi", "description": "dangerouslySetInnerHTML absent or sanitized with proven HTML sanitizer", "critical": true },
+    { "id": "web_secure_cookies", "description": "Session cookies have HttpOnly, Secure, SameSite=Strict flags", "critical": true },
+    { "id": "web_cors", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
+    { "id": "web_error_messages", "description": "Error messages reviewed — no stack traces, schema details, or enum leakage", "critical": false },
+    { "id": "web_open_redirect", "description": "No open redirect vulnerabilities — all redirects use allowlisted destinations", "critical": true },
+    { "id": "web_clickjacking", "description": "Clickjacking prevention verified in staging (X-Frame-Options + CSP frame-ancestors)", "critical": false },
+    { "id": "web_subresource_integrity", "description": "All CDN resources have SRI hashes verified and up-to-date", "critical": false },
+    { "id": "web_auth_headers", "description": "Authorization tokens not stored in localStorage — use HttpOnly cookies", "critical": true },
+    { "id": "web_rate_limiting", "description": "Rate limiting configured on login, registration, and password-reset endpoints", "critical": true },
+    { "id": "web_ssrf_guard", "description": "SSRF protection on server-side HTTP calls — private IP ranges blocked", "critical": true },
+    { "id": "web_dependency_scan", "description": "Frontend dependencies scanned for CVEs — no CRITICAL/HIGH unresolved", "critical": true },
+    { "id": "web_threat_model", "description": "Threat model completed and reviewed for this web surface change", "critical": true },
+    { "id": "web_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
+    { "id": "web_secrets_scan", "description": "Secrets scan clean — no credentials or tokens in source code", "critical": true },
+    { "id": "web_logging", "description": "Required security events logged — no PII, tokens, or secrets in logs", "critical": false },
+    { "id": "web_staging_verified", "description": "Security headers verified in staging environment with automated check", "critical": false }
+  ]
+}