fix: tighten small-model audit guardrails

2026-05-08 00:01:24 +00:00 · 2026-01-20 23:45:50 +00:00
parent 4fad74738a
commit 51dfd6efdb
6 changed files with 229 additions and 0 deletions
--- a/src/security/audit.ts
+++ b/src/security/audit.ts
@@ -14,6 +14,7 @@ import {
  collectHooksHardeningFindings,
  collectIncludeFilePermFindings,
  collectModelHygieneFindings,
+  collectSmallModelRiskFindings,
  collectPluginsTrustFindings,
  collectSecretsInConfigFindings,
  collectStateDeepFilesystemFindings,
@@ -805,6 +806,7 @@ export async function runSecurityAudit(opts: SecurityAuditOptions): Promise<Secu
  findings.push(...collectHooksHardeningFindings(cfg));
  findings.push(...collectSecretsInConfigFindings(cfg));
  findings.push(...collectModelHygieneFindings(cfg));
+  findings.push(...collectSmallModelRiskFindings({ cfg, env }));
  findings.push(...collectExposureMatrixFindings(cfg));

  const configSnapshot =