Christian Nennemann
52d9d8dd05
Ready-to-use project templates with team, workflow, domain, and config: - writing-short-story: fiction 5-15k words, custom archetypes, sonnet for prose - backend-feature: standard PDCA, full team, haiku for reviews - security-review: thorough 3-cycle, all reviewers incl. trickster - quick-fix: minimal 1-cycle, creator+maker+guardian only
33 lines
1.4 KiB
YAML
33 lines
1.4 KiB
YAML
# Team: Security Review
|
|
# Full team with Trickster for adversarial testing. All five reviewer archetypes
|
|
# participate in Check phase for maximum security coverage.
|
|
# Use for: auth changes, public API, payment flows, data handling, dependencies.
|
|
|
|
name: security-review
|
|
description: "Security-focused review: full team with adversarial Trickster"
|
|
domain: code
|
|
|
|
# Plan: explorer maps attack surface and data flows,
|
|
# creator identifies security requirements and risk areas.
|
|
plan: [explorer, creator]
|
|
|
|
# Do: maker is not used — this is a review workflow, not implementation.
|
|
# If fixes are needed, maker applies them in cycle 2+.
|
|
do: [maker]
|
|
|
|
# Check: all five reviewers for thorough coverage.
|
|
# guardian — security vulnerabilities, auth, injection, breaking changes
|
|
# sage — code quality, pattern consistency, error handling completeness
|
|
# skeptic — design assumptions, alternative approaches, edge cases
|
|
# trickster — adversarial testing: malformed input, race conditions, abuse paths
|
|
check: [guardian, sage, skeptic, trickster]
|
|
|
|
exit: all_approved
|
|
max_cycles: ${max_cycles}
|
|
|
|
# Notes:
|
|
# - Trickster is the key differentiator: actively tries to break the code
|
|
# - Guardian fast-path (A2) is disabled for thorough workflows on first cycle
|
|
# - Trickster is mandatory on first pass per orchestration rules
|
|
# - If reviewing existing code (not new changes), Explorer scopes the review area
|