mirror of
https://github.com/glittercowboy/get-shit-done
synced 2026-04-25 17:25:23 +02:00
2154e6bb07
Adds /gsd:secure-phase command and gsd-security-auditor agent as a threat-model-anchored security gate parallel to Nyquist validation. New files: - agents/gsd-security-auditor.md — verifies PLAN.md threat mitigations exist in implemented code; SECURED/OPEN_THREATS/ESCALATE returns - commands/gsd/secure-phase.md — retroactive command, mirrors validate-phase - get-shit-done/workflows/secure-phase.md — enforcing gate: threats_open > 0 blocks phase advancement; accepted risks log prevents resurface - get-shit-done/templates/SECURITY.md — per-phase threat register artifact Modified: - config.json — security_enforcement (absent=enabled), security_asvs_level, security_block_on parallel to nyquist_validation pattern - VALIDATION.md — Threat Ref + Secure Behavior columns in verification map - gsd-planner.md — <threat_model> block in PLAN.md format + quality gate - gsd-executor.md — Rule 2 threat model reference + ## Threat Flags scan - gsd-phase-researcher.md — ## Security Domain mandatory research section - plan-phase.md — step 5.55 Security Threat Model Gate - execute-phase.md — security gate announcement in aggregate step - verify-work.md — /gsd:secure-phase surfaced in completion routing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
831 B
831 B
name, description, argument-hint, allowed-tools
| name | description | argument-hint | allowed-tools | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| gsd:secure-phase | Retroactively verify threat mitigations for a completed phase | [phase number] |
|
Output: updated SECURITY.md.
<execution_context> @~/.claude/get-shit-done/workflows/secure-phase.md </execution_context>
Phase: $ARGUMENTS — optional, defaults to last completed phase. Execute @~/.claude/get-shit-done/workflows/secure-phase.md. Preserve all workflow gates.