Enhance security auditing capabilities by introducing a comprehensive 5-phase OWASP-based security audit process, including dependency scanning, static analysis, and a consolidated report with severity-ranked findings. Update autopilot workflows to incorporate an optional security audit step before deployment, and refine documentation across related skills for clarity and usability.

2026-04-22 09:16:33 +00:00 · 2026-03-22 18:03:47 +02:00
parent 3165a88f0b
commit 091d9a8fb0
13 changed files with 482 additions and 1976 deletions
@@ -55,7 +55,7 @@ Read `steps/01_artifact-management.md` for directory structure, save timing, sav

 ## Progress Tracking

-At the start of execution, create a TodoWrite with all steps (1 through 6). Update status as each step completes.
+At the start of execution, create a TodoWrite with all steps (1 through 6 plus Final). Update status as each step completes.

 ## Workflow

@@ -125,3 +125,31 @@ Read and follow `steps/07_quality-checklist.md`.
 | File structure within templates | PROCEED |
 | Contradictions between input files | ASK user |
 | Risk mitigation requires architecture change | ASK user |
+
+## Methodology Quick Reference
+
+```
+┌────────────────────────────────────────────────────────────────┐
+│              Solution Planning (6-Step + Final)                  │
+├────────────────────────────────────────────────────────────────┤
+│ PREREQ: Data Gate (BLOCKING)                                    │
+│   → verify AC, restrictions, input_data, solution exist         │
+│                                                                │
+│ 1. Integration Tests   → blackbox-test-spec/SKILL.md            │
+│    [BLOCKING: user confirms test coverage]                     │
+│ 2. Solution Analysis   → architecture, data model, deployment   │
+│    [BLOCKING: user confirms architecture]                      │
+│ 3. Component Decomp    → component specs + interfaces           │
+│    [BLOCKING: user confirms components]                        │
+│ 4. Review & Risk       → risk register, iterations              │
+│    [BLOCKING: user confirms mitigations]                       │
+│ 5. Test Specifications → per-component test specs               │
+│ 6. Jira Epics          → epic per component + bootstrap         │
+│    ─────────────────────────────────────────────────           │
+│ Final: Quality Checklist → FINAL_report.md                      │
+├────────────────────────────────────────────────────────────────┤
+│ Principles: Single Responsibility · Dumb code, smart data       │
+│             Save immediately · Ask don't assume                │
+│             Plan don't code                                    │
+└────────────────────────────────────────────────────────────────┘
+```