Day 1 Deliverables
Everything that ships with the plugin on day 1, plus the build priority roadmap.
Skills (user-invocable commands)
| Skill | What it does | DX value |
|---|---|---|
/bastion:init | Scaffold security/ directory, create bastion.yaml | One command from zero to working |
/bastion:verify | Run all Layer 4 checks, output structured results | Single command replaces 4 manual steps |
/bastion:scope | Show which vectors apply to staged/changed files | Instant security context |
/bastion:integrate-vector | Accept agent proposal, generate vector + test + rule | "Yes" becomes 5 artifacts |
/bastion:propose | Submit pending proposals to core framework | One command, zero template-filling |
/bastion:propose --dry-run | Preview what would be submitted | See the PR before it's created |
/bastion:sync | Pull framework updates, match new vectors to project | Stay current without reading changelogs |
/bastion:status | Show pending proposals, sync state, contribution stats | Dashboard of security posture |
/bastion:audit | Run all 4 auditor agents on changed files | Full domain sweep in one command |
/bastion:audit --full | Run all auditors on all project files | Quarterly deep sweep |
/bastion:research | Run intelligence-sync (Job 1 + Job 2) | Discover new threats and sources |
/bastion:coverage | Show vector coverage report with gaps | "Where are we exposed?" |
/bastion:compliance | Check standards compliance (OWASP, NIST, etc.) | Answer "are we compliant?" with evidence |
/bastion:explain AV-048 | Explain a specific vector: what, why, how to fix | New developer understands any vector instantly |
/bastion:diff | Compare local vectors against core framework | See what's novel, missing, or outdated |
Hooks (automatic triggers)
| Hook | Event | What it does | DX value |
|---|---|---|---|
| Post-edit security check | PostToolUse on Write/Edit of *.daml | Runs scope on changed file | See applicable vectors instantly |
| Pre-commit gate | PreToolUse on Bash(git commit) | Quick semgrep scan, blocks on CRITICAL | Catches issues before git history |
| Post-integrate nudge | PostToolUse on /bastion:integrate-vector | Novelty check, nudges upstream proposal | Drives community contributions |
| Post-sync report | After /bastion:sync | Shows new matching vectors | New content is immediately actionable |
| Stale sync alert | SessionStart if last sync > 30 days | Reminds user to sync | Prevents drift from core |
| Pending proposals reminder | SessionStart if pending queue non-empty | Shows count with submit command | Keeps contribution pipeline moving |
| Coverage regression | PostToolUse on vector YAML edits | Re-runs coverage check | Prevents accidental coverage loss |
Agents (AI-powered analysis)
| Agent | Layer | Trigger | What it produces |
|---|---|---|---|
| authorization-auditor | 2 | /bastion:audit, auth pattern changes | Vector proposals for controller/signatory/access issues |
| arithmetic-auditor | 2 | /bastion:audit, numeric code changes | Vector proposals for division/overflow/precision issues |
| temporal-auditor | 2 | /bastion:audit, time/deadline changes | Vector proposals for deadline/expiry/staleness issues |
| state-auditor | 2 | /bastion:audit, lifecycle code changes | Vector proposals for state machine/archive issues |
| composition-auditor | 2.5 | /bastion:audit, after domain auditors | Cross-domain composite attack chain proposals (CHAIN/AMPLIFY/BYPASS) |
| intelligence-sync | 0 | /bastion:research, weekly schedule | New vector + source proposals |
| standards-sync | 0 | /bastion:research, after releases | Standards updates, advisory-driven proposals |
Multi-Model Orchestration
| Component | What it does | Status |
|---|---|---|
| Provider abstraction | Unified interface for Anthropic, Google, OpenAI | Implemented, tested |
| Parallel execution | Runs identical prompts across all providers simultaneously | Implemented (15.8s for 3 providers) |
| Confidence scoring | HIGH (all agree), MEDIUM (majority), LOW (single model) | Implemented, 8 unit tests |
| Blind spot detection | Flags single-model findings for investigation | Implemented, proven with real findings |
.env key management | API keys in gitignored .env, auto-loaded | Implemented |
/bastion:multi-audit | Run full adversarial review cycle | Implemented |
Makefile Targets
| Target | Equivalent skill | CI-friendly |
|---|---|---|
make bastion-init | /bastion:init | Yes |
make bastion-verify | /bastion:verify | Yes (exit 0/1) |
make bastion-verify-quick | /bastion:verify --quick | Yes |
make bastion-scope | /bastion:scope | Yes |
make bastion-propose | /bastion:propose | Interactive |
make bastion-propose-pending | /bastion:propose --all | Semi |
make bastion-propose-dry-run | /bastion:propose --dry-run | Yes |
make bastion-status | /bastion:status | Yes |
make bastion-sync | /bastion:sync | Interactive |
make bastion-security | Full scan suite | Yes |
make bastion-pre-commit | Quick gate | Yes |
MCP Tools
| Tool | Used by | Purpose |
|---|---|---|
bastion_scan | Agents, CI | Run semgrep, return structured results |
bastion_verify | Agents, CI | Full verification with JSON output |
bastion_scope | Post-edit hook, agents | Match files to applicable vectors |
bastion_vector_status | /bastion:coverage | Coverage report per vector |
bastion_integrate | /bastion:integrate-vector | Create artifacts from accepted proposal |
bastion_propose | /bastion:propose | Sanitize and build PR payload |
bastion_sync | /bastion:sync | Check registry, pull updates |
bastion_standards | /bastion:compliance | Standards mapping check |
bastion_explain | /bastion:explain | Retrieve and format vector details |
bastion_novelty_check | Post-integrate hook | Compare item against core catalog |
Structured Results Format
{
"run_id": "2026-03-21-a1b2c3",
"timestamp": "2026-03-21T14:30:00Z",
"framework_version": "2.1.0",
"project": "canton-exchange",
"summary": {
"vectors_total": 47,
"vectors_covered": 38,
"vectors_missing": 6,
"vectors_partial": 3,
"coverage_pct": 80.9,
"semgrep_findings": 2,
"tests_passed": 34,
"tests_failed": 1,
"standards_compliance": {
"owasp-top-10": "85%",
"nist-800-53": "72%"
}
},
"vectors": [
{
"id": "AV-001",
"domain": "authorization",
"status": "COVERED",
"test": "testSelfTransferPrevention",
"test_result": "PASS",
"semgrep_rule": "daml-self-transfer",
"semgrep_result": "CLEAN",
"last_verified": "2026-03-21T14:30:00Z"
}
]
}
End-to-End Flow: A New Threat Emerges
Build Priority Roadmap
Priority 1 — Foundation (COMPLETE)
-
scripts/config.py— shared bastion.yaml config loader with dynamic domain discovery -
verify.pyrefactored — reads config,--jsonoutput writessecurity/results/latest.json -
scope.pyrefactored — reads config, no hardcoded domain lists -
security/results/output format and writer - 5 focused auditor agent definitions (auth, arithmetic, temporal, state, composition)
- intelligence-sync agent definition
- 134-source intelligence catalog
- Semgrep rules (DAML + web)
- Attack vector schema + examples (including 5 composite chain examples)
- MCP server (DAML/Canton dev tools)
- Init script (scaffolds all 5 domains + composition)
- Makefile targets
- bastion.yaml template (with models section for multi-model config)
Priority 2 — Core Skills (COMPLETE)
-
/bastion:init,/bastion:verify,/bastion:verify-quick,/bastion:scopeskills -
/bastion:integrate-vectorskill +scripts/integrate_vector.py -
/bastion:explain,/bastion:coverage,/bastion:audit,/bastion:researchskills -
/bastion:multi-auditskill (multi-model adversarial review) - Test skeleton generator (in integrate_vector.py)
- Semgrep rule stub generator (in integrate_vector.py)
-
/bastion:status,/bastion:propose,/bastion:sync,/bastion:scanskills -
/bastion:secrets,/bastion:vuln,/bastion:validate,/bastion:check-duplicates,/bastion:docsskills
Priority 2.5 — Multi-Model Orchestration (COMPLETE)
-
scripts/providers.py— provider abstraction (Anthropic, Google, OpenAI) -
scripts/orchestrator.py— parallel execution, YAML parsing, merge, confidence scoring -
.env-based API key management (gitignored, auto-loaded) - bastion.yaml
models:section with provider config, orchestration settings, thresholds
Priority 2.5 — Compositional Learning (COMPLETE)
-
agents/composition-auditor.md— cross-domain chain discovery agent -
vectors/examples/composition.yaml— 5 reference composite vectors (CHAIN, AMPLIFY, BYPASS) - Composition domain in init, verify, scope, index template
- Latent chain regression detection in verify.py
- Schema extension (composition_type, constituent_vectors)
Priority 3 — Hooks (PARTIAL)
- Post-edit security check (PostToolUse on Write/Edit of *.daml)
- Pre-commit gate (PreToolUse on git commit, blocks on CRITICAL)
- Session start: stale sync alert, pending proposals reminder, CRITICAL missing warning
- Post-integrate nudge (novelty check)
- Post-sync report (new matching vectors)
- Coverage regression warning (on vector YAML edits)
Priority 3.5 — Test Suite (COMPLETE)
- 48 unit tests (config, parsing, integration, composition, orchestrator logic)
- 17 functional tests (all scripts as subprocesses, hooks, idempotency)
- 27 integration tests (real API calls to Claude, Gemini, GPT — all passing)
- Test runner with tiered execution (
--unit,--functional,--integration) - Test fixtures with controlled vector data across all 5 domains
Priority 4 — Distribution + Ecosystem (PARTIAL)
-
.claude-plugin/plugin.json(v1.2.0) -
.claude-plugin/marketplace.json -
/bastion:complianceskill -
/bastion:diffskill - proposal-builder agent
- MCP security tools (10 tools)
-
vectors/community/directory - GitHub PR templates + CODEOWNERS + rulesets
-
standards/directory with initial mappings -
standards-syncagent
Priority 5 — Polish
- Migrate
google.generativeai→google.genai(deprecated SDK) - CI pipeline for framework itself
- Source scoring applied to existing 134 sources
- Update patent disclosure with test evidence