Skill Index

loa-freeside/

audit-deployment

community[command]

Security audit of deployment infrastructure. Reviews server setup, configs, hardening, secrets management.

$/plugin install loa-freeside

details

Audit Deployment Infrastructure

Purpose

Security audit of deployment infrastructure as part of the DevOps feedback loop. Reviews server setup scripts, configurations, security hardening, and operational documentation.

Invocation

/audit-deployment
/audit-deployment background

Agent

Launches auditing-security from skills/auditing-security/.

See: skills/auditing-security/SKILL.md for full workflow details.

Feedback Loop

DevOps creates infrastructure
      ↓
Writes grimoires/loa/a2a/deployment-report.md
      ↓
/audit-deployment
      ↓
Auditor writes grimoires/loa/a2a/deployment-feedback.md
      ↓
CHANGES_REQUIRED          APPROVED
      ↓                       ↓
DevOps fixes issues    Proceed to deployment
      ↓
(repeat until approved)

Workflow

  1. Read DevOps Report: Review grimoires/loa/a2a/deployment-report.md
  2. Check Previous Feedback: Verify previous issues were addressed
  3. Audit Infrastructure: Review scripts, configs, docs
  4. Decision: Approve or request changes
  5. Output: Write feedback to grimoires/loa/a2a/deployment-feedback.md

Arguments

ArgumentDescriptionRequired
backgroundRun as subagent for parallel executionNo

Outputs

PathDescription
grimoires/loa/a2a/deployment-feedback.mdAudit results

Audit Checklist

Server Setup Scripts

  • Command injection vulnerabilities
  • Hardcoded secrets
  • Insecure file permissions
  • Missing error handling
  • Unsafe sudo usage
  • Untrusted download sources

Configuration Files

  • Running as root
  • Overly permissive permissions
  • Missing resource limits
  • Weak TLS configurations
  • Missing security headers

Security Hardening

  • SSH hardening (key-only auth, no root login)
  • Firewall configuration (UFW deny-by-default)
  • fail2ban configuration
  • Automatic security updates
  • Audit logging

Secrets Management

  • Secrets NOT hardcoded
  • Environment template exists
  • Secrets file permissions restricted
  • Secrets excluded from git

Network Security

  • Minimal ports exposed
  • TLS 1.2+ only
  • HTTPS redirect

Operational Security

  • Backup procedure documented
  • Secret rotation documented
  • Incident response plan exists
  • Rollback procedure documented

Decision Outcomes

Approval ("APPROVED - LET'S FUCKING GO")

When infrastructure passes audit:

  • Writes approval to deployment-feedback.md
  • Deployment readiness: READY
  • Next step: Production deployment

Changes Required ("CHANGES_REQUIRED")

When issues found:

  • Writes detailed feedback to deployment-feedback.md
  • Includes severity and remediation steps
  • Next step: DevOps fixes issues

technical

github
0xHoneyJar/loa-freeside
stars
7
license
NOASSERTION
contributors
6
last commit
2026-04-30T00:44:24Z
file
.claude/commands/audit-deployment.md

related