Files

Christian Nennemann 21becd8b58 chore: remove ArcheHelix branding, use plain PDCA language

The archetypes and shadows are distinctive enough — no need for
a fancy name on top of the standard PDCA cycle terminology.

2026-04-02 18:09:28 +00:00

Example: Security Review (Thorough Workflow)

Task

"Review the new file upload endpoint for security issues"

Plan Phase:

Explorer maps the upload flow: multipart parsing → temp storage → virus scan → permanent storage → DB record
Creator identifies review focus areas: file type validation, path traversal, size limits, content-type sniffing

Do Phase: 3. Maker writes security test suite covering all identified vectors

Check Phase (all 4 reviewers, parallel): 4. Guardian: REJECTED

CRITICAL: No file extension allowlist — user can upload .php, .sh, .exe
CRITICAL: Temp directory uses predictable naming (race condition for symlink attack)
WARNING: Missing Content-Disposition header on download (XSS via HTML files)

Skeptic: REJECTED
- CRITICAL: "What if the virus scanner is down?" — no circuit breaker, uploads just pass through
Sage: APPROVED with warnings
- WARNING: Upload handler is 200 lines — should be split into validation, storage, and recording
Trickster: REJECTED
- CRITICAL: Uploaded a 0-byte file with .jpg extension → 500 error (null pointer in image processor)
- CRITICAL: Uploaded file named ../../etc/passwd → path traversal confirmed

Act: 4 CRITICAL findings. Cycle again.

After Creator revises and Maker fixes all findings...

Guardian: APPROVED — allowlist active, temp dir uses crypto random, Content-Disposition set
Skeptic: APPROVED — circuit breaker added, uploads rejected when scanner is down
Sage: APPROVED — handler refactored into 3 modules
Trickster: REJECTED
- WARNING: Unicode filename normalization issue — file\u202e.jpg displays as gpj.elif in some UIs

Act: No CRITICAL. One WARNING from Trickster. Cycle once more.

Act: Merge. Upload endpoint is secure.