c/claude-archeflow-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6cb7dad6007d9817aecad8d28f980e411d813e09
claude-archeflow-plugin/examples/security-review.md
Christian Nennemann 21becd8b58 chore: remove ArcheHelix branding, use plain PDCA language 
The archetypes and shadows are distinctive enough — no need for
a fancy name on top of the standard PDCA cycle terminology.
2026-04-02 18:09:28 +00:00

59 lines
2.2 KiB
Markdown
Raw Blame History

# Example: Security Review (Thorough Workflow)
## Task
"Review the new file upload endpoint for security issues"
## Workflow: thorough (3 cycles max, all reviewers)
### Cycle 1
**Plan Phase:**
1. Explorer maps the upload flow: multipart parsing → temp storage → virus scan → permanent storage → DB record
2. Creator identifies review focus areas: file type validation, path traversal, size limits, content-type sniffing
**Do Phase:**
3. Maker writes security test suite covering all identified vectors
**Check Phase (all 4 reviewers, parallel):**
4. Guardian: REJECTED
- CRITICAL: No file extension allowlist — user can upload .php, .sh, .exe
- CRITICAL: Temp directory uses predictable naming (race condition for symlink attack)
- WARNING: Missing Content-Disposition header on download (XSS via HTML files)
5. Skeptic: REJECTED
- CRITICAL: "What if the virus scanner is down?" — no circuit breaker, uploads just pass through
6. Sage: APPROVED with warnings
- WARNING: Upload handler is 200 lines — should be split into validation, storage, and recording
7. Trickster: REJECTED
- CRITICAL: Uploaded a 0-byte file with `.jpg` extension → 500 error (null pointer in image processor)
- CRITICAL: Uploaded file named `../../etc/passwd` → path traversal confirmed
**Act:** 4 CRITICAL findings. Cycle again.
### Cycle 2
After Creator revises and Maker fixes all findings...
4. Guardian: APPROVED — allowlist active, temp dir uses crypto random, Content-Disposition set
5. Skeptic: APPROVED — circuit breaker added, uploads rejected when scanner is down
6. Sage: APPROVED — handler refactored into 3 modules
7. Trickster: REJECTED
- WARNING: Unicode filename normalization issue — `file\u202e.jpg` displays as `gpj.elif` in some UIs
**Act:** No CRITICAL. One WARNING from Trickster. Cycle once more.
### Cycle 3
8. Maker adds Unicode normalization for filenames
9. All reviewers: APPROVED
**Act:** Merge. Upload endpoint is secure.
## Result
- Path traversal fixed
- File type allowlist added
- Virus scanner circuit breaker added
- Zero-byte file handling added
- Unicode filename normalization added
- 3 PDCA cycles, thorough workflow
- 5 CRITICAL findings caught before production
Reference in New Issue View Git Blame Copy Permalink