This document defines what the WatchLLM kernel must defend against on the local write path.
- Example:
const apiKey = "sk_live_..."; - Risk: credential exposure in source control and artifact pipelines.
- Deterministic rule mapping: secret-literal rule with AST context checks.
- Example: assigning a known secret value literal instead of reading from env.
- Risk: bypass of safe secret retrieval patterns.
- Deterministic rule mapping: secret rule allows known safe retrieval contexts and blocks assignment-like dangerous contexts.
- Example:
import { execSync } from "child_process"; - Risk: arbitrary command execution or sandbox escape.
- Deterministic rule mapping: forbidden-import rule with explicit denylist.
- Example: importing privileged modules where policy forbids them.
- Risk: destructive file operations or unauthorized host interaction.
- Deterministic rule mapping: policy-driven forbidden module and path checks.
- Example: auth service importing
db/internaldirectly. - Risk: coupling, privilege leakage, and policy bypass.
- Deterministic rule mapping: boundary rule using declared allowed/forbidden import surfaces.
- Example: protected DB mutation before auth guard in handler scope.
- Risk: unauthorized data mutation.
- Deterministic rule mapping: auth-flow call-order analysis in handler scope.
- Example: indirect structure that attempts to hide unsafe order or imports.
- Risk: superficially valid code that violates safety intent.
- Deterministic rule mapping: AST-structural checks and explicit inconclusive handling where proof is incomplete.
- Example: string match in comments or safe contexts triggering noisy blocks.
- Risk: trust erosion and disablement pressure.
- Deterministic rule mapping: structure-aware checks with constrained scope and fixture-backed regression tests.