azaion/detections
1
0
Fork 0
mirror of https://github.com/azaion/detections.git synced 2026-04-23 01:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhance security auditing capabilities by introducing a comprehensive 5-phase OWASP-based security audit process, including dependency scanning, static analysis, and a consolidated report with severity-ranked findings. Update autopilot workflows to incorporate an optional security audit step before deployment, and refine documentation across related skills for clarity and usability.

Browse Source
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-03-22 18:03:47 +02:00
parent 3165a88f0b
commit 091d9a8fb0
13 changed files with 482 additions and 1976 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.cursor/skills/autopilot/flows/existing-code.md
+26 -3
View File
@@ -14,6 +14,7 @@ Workflow for projects with an existing codebase. Starts with documentation, prod
| 2f | New Task | new-task/SKILL.md | Steps 18 (loop) |
| 2g | Implement | implement/SKILL.md | (batch-driven, no fixed sub-steps) |
| 2h | Run Tests | (autopilot-managed) | Unit tests → Integration/blackbox tests |
| 2hb | Security Audit | security/SKILL.md | Phase 15 (optional) |
| 2i | Deploy | deploy/SKILL.md | Steps 17 |
After Step 2i, the existing-code workflow is complete.
@@ -119,7 +120,7 @@ Action: Run the full test suite to verify the implementation before deployment.
2. **Integration / blackbox tests**: if `docker-compose.test.yml` or an equivalent test environment exists, spin it up and run the integration test suite
3. **Report results**: present a summary of passed/failed/skipped tests
If all tests pass → auto-chain to Step 2i (Deploy).
If all tests pass → auto-chain to Step 2hb (Security Audit).
If tests fail → present using Choose format:
@@ -137,8 +138,29 @@ If tests fail → present using Choose format:
---
**Step 2hb — Security Audit (optional)**
Condition: the autopilot state shows Step 2h (Run Tests) is completed AND the autopilot state does NOT show Step 2hb (Security Audit) as completed or skipped AND (`_docs/04_deploy/` does not exist or is incomplete)
Action: Present using Choose format:
```
══════════════════════════════════════
DECISION REQUIRED: Run security audit before deploy?
══════════════════════════════════════
A) Run security audit (recommended for production deployments)
B) Skip — proceed directly to deploy
══════════════════════════════════════
Recommendation: A — catches vulnerabilities before production
══════════════════════════════════════
```
- If user picks A → Read and execute `.cursor/skills/security/SKILL.md`. After completion, auto-chain to Step 2i (Deploy).
- If user picks B → Mark Step 2hb as `skipped` in the state file, auto-chain to Step 2i (Deploy).
---
**Step 2i — Deploy**
Condition: the autopilot state shows Step 2h (Run Tests) is completed AND (`_docs/04_deploy/` does not exist or is incomplete)
Condition: the autopilot state shows Step 2h (Run Tests) is completed AND (Step 2hb is completed or skipped) AND (`_docs/04_deploy/` does not exist or is incomplete)
Action: Read and execute `.cursor/skills/deploy/SKILL.md`
@@ -177,5 +199,6 @@ Action: The project completed a full cycle. Present status and loop back to New
| Refactor (Step 2e) | Auto-chain → New Task (Step 2f) |
| New Task (Step 2f) | **Session boundary** — suggest new conversation before Implement |
| Implement (Step 2g) | Auto-chain → Run Tests (Step 2h) |
| Run Tests (Step 2h, all pass) | Auto-chain → Deploy (Step 2i) |
| Run Tests (Step 2h, all pass) | Auto-chain → Security Audit choice (Step 2hb) |
| Security Audit (Step 2hb, done or skipped) | Auto-chain → Deploy (Step 2i) |
| Deploy (Step 2i) | **Workflow complete** — existing-code flow done |
.cursor/skills/autopilot/flows/greenfield.md
+29 -6
View File
@@ -1,6 +1,6 @@
# Greenfield Workflow
Workflow for new projects built from scratch. Flows linearly: Problem → Research → Plan → Decompose → Implement → Run Tests → Deploy.
Workflow for new projects built from scratch. Flows linearly: Problem → Research → Plan → Decompose → Implement → Run Tests → Security Audit (optional) → Deploy.
## Step Reference Table
@@ -8,10 +8,11 @@ Workflow for new projects built from scratch. Flows linearly: Problem → Resear
|------|-----------|------------------------|---------------------------------------|
| 0 | Problem | problem/SKILL.md | Phase 14 |
| 1 | Research | research/SKILL.md | Mode A: Phase 14 · Mode B: Step 08 |
| 2 | Plan | plan/SKILL.md | Step 16 |
| 2 | Plan | plan/SKILL.md | Step 16 + Final |
| 3 | Decompose | decompose/SKILL.md | Step 14 |
| 4 | Implement | implement/SKILL.md | (batch-driven, no fixed sub-steps) |
| 5 | Run Tests | (autopilot-managed) | Unit tests → Integration/blackbox tests |
| 5b | Security Audit | security/SKILL.md | Phase 15 (optional) |
| 6 | Deploy | deploy/SKILL.md | Step 17 |
## Detection Rules
@@ -76,7 +77,7 @@ If `_docs/02_document/` exists but is incomplete (has some artifacts but no `FIN
---
**Step 3 — Decompose**
Condition: `_docs/02_document/` contains `architecture.md` AND `_docs/02_document/components/` has at least one component AND `_docs/02_tasks/` does not exist or has no task files (excluding `_dependencies_table.md`) AND (workspace has no source code files OR the user explicitly chose normal workflow in Step 2c)
Condition: `_docs/02_document/` contains `architecture.md` AND `_docs/02_document/components/` has at least one component AND `_docs/02_tasks/` does not exist or has no task files (excluding `_dependencies_table.md`)
Action: Read and execute `.cursor/skills/decompose/SKILL.md`
@@ -102,7 +103,7 @@ Action: Run the full test suite to verify the implementation before deployment.
2. **Integration / blackbox tests**: if `docker-compose.test.yml` or an equivalent test environment exists, spin it up and run the integration test suite
3. **Report results**: present a summary of passed/failed/skipped tests
If all tests pass → auto-chain to Step 6 (Deploy).
If all tests pass → auto-chain to Step 5b (Security Audit).
If tests fail → present using Choose format:
@@ -120,8 +121,29 @@ If tests fail → present using Choose format:
---
**Step 5b — Security Audit (optional)**
Condition: the autopilot state shows Step 5 (Run Tests) is completed AND the autopilot state does NOT show Step 5b (Security Audit) as completed or skipped AND (`_docs/04_deploy/` does not exist or is incomplete)
Action: Present using Choose format:
```
══════════════════════════════════════
DECISION REQUIRED: Run security audit before deploy?
══════════════════════════════════════
A) Run security audit (recommended for production deployments)
B) Skip — proceed directly to deploy
══════════════════════════════════════
Recommendation: A — catches vulnerabilities before production
══════════════════════════════════════
```
- If user picks A → Read and execute `.cursor/skills/security/SKILL.md`. After completion, auto-chain to Step 6 (Deploy).
- If user picks B → Mark Step 5b as `skipped` in the state file, auto-chain to Step 6 (Deploy).
---
**Step 6 — Deploy**
Condition: the autopilot state shows Step 5 (Run Tests) is completed AND (`_docs/04_deploy/` does not exist or is incomplete)
Condition: the autopilot state shows Step 5 (Run Tests) is completed AND (Step 5b is completed or skipped) AND (`_docs/04_deploy/` does not exist or is incomplete)
Action: Read and execute `.cursor/skills/deploy/SKILL.md`
@@ -142,5 +164,6 @@ Action: Report project completion with summary. If the user runs autopilot again
| Plan | Auto-chain → Decompose |
| Decompose | **Session boundary** — suggest new conversation before Implement |
| Implement | Auto-chain → Run Tests (Step 5) |
| Run Tests (all pass) | Auto-chain → Deploy (Step 6) |
| Run Tests (all pass) | Auto-chain → Security Audit choice (Step 5b) |
| Security Audit (done or skipped) | Auto-chain → Deploy (Step 6) |
| Deploy | Report completion |