data/commands/builtin/security_review_command library
Classes
- ConfidenceThresholds
- Confidence score thresholds.
- SecurityReviewCommand
- The /security-review command — performs a comprehensive security review of pending changes on the current branch.
Enums
- SecurityCategory
- Security vulnerability categories examined during review.
- Severity
- Vulnerability severity levels.
Constants
- gitDiffCmd → const String
- Shell command to get the full diff for the branch.
- gitDiffNamesCmd → const String
- Shell command to get files modified on the branch.
- gitLogCmd → const String
- Shell command to get commit log for the branch.
- gitStatusCmd → const String
- Shell command to get git status.
-
hardExclusions
→ const List<
String> - Hard exclusion patterns — automatically exclude findings matching these.
-
precedents
→ const List<
String> - Precedent rules for common patterns.
-
securityReviewAllowedTools
→ const Set<
String> - The allowed tools for the security-review command (from frontmatter).
-
signalQualityCriteria
→ const List<
String> - Signal quality criteria for remaining findings.
Functions
-
securityCategoryLabel(
SecurityCategory category) → String - Get a human-readable label for a security category.
-
severityLabel(
Severity severity) → String - Get the severity label string.