catalog: add tekimax-security community extension#2215
catalog: add tekimax-security community extension#2215kaman1 wants to merge 2 commits intogithub:mainfrom
Conversation
Adds a catalog.community.json entry for TEKIMAX Secure SDD (speckit-security), an Apache-2.0 Spec Kit extension that layers six security gates onto the spec-driven development lifecycle: STRIDE threat modeling, AI guardrails, data contracts, model governance, red teaming, and a post-implementation audit for inline prompts, committed secrets, and direct SDK imports outside the AI gateway. Provides 8 slash commands and wires into 5 Spec Kit phase hooks (after_specify, after_plan, before_implement, after_implement, before_analyze). Repository: https://github.com/TEKIMAX/speckit-security Docs: https://speckit.tekimax.com Release: v0.2.5 License: Apache-2.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds the TEKIMAX Secure SDD community extension (tekimax-security) to the Spec Kit community extensions catalog so users can discover and install it via the standard catalog mechanism.
Changes:
- Bump
extensions/catalog.community.jsontop-levelupdated_at. - Add a new
tekimax-securityentry with metadata (repo/docs/download URL, version, tags, requires/provides).
Show a summary per file
| File | Description |
|---|---|
| extensions/catalog.community.json | Adds the new community extension entry and updates catalog timestamp metadata. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
mnriem
left a comment
mnriem
left a comment
There was a problem hiding this comment.
Please address Copilot feedback and make sure to also add a row in the Community extension section in the main README (alphabetically ordered)
v0.2.6 adds a grounded docs chat (Ask AI) at speckit.tekimax.com/chat powered by Llama 3.3 70B on Cloudflare Workers AI, plus a native Cloudflare Workers rate limiter on the chat endpoint (20 req/60s per IP, no external services). v0.2.5 (rolled into this version on the fork) added config read-back for audit.sh and gate-check.sh so user entries in tekimax-security-config.yml actually extend the built-in secret patterns, inline-prompt patterns, and SDK allowlist instead of being ignored. Release: https://github.com/TEKIMAX/speckit-security/releases/tag/v0.2.6 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Bumped this PR to v0.2.6 (commit
Release notes: https://github.com/TEKIMAX/speckit-security/releases/tag/v0.2.6 The catalog |
There was a problem hiding this comment.
Pull request overview
Adds a new community extension entry to extensions/catalog.community.json for TEKIMAX Secure SDD and updates the catalog’s top-level updated_at timestamp.
Changes:
- Bumped
extensions/catalog.community.jsontop-levelupdated_at. - Added a new
tekimax-securityextension entry (metadata, download URL, tags, provides/requires).
Show a summary per file
| File | Description |
|---|---|
| extensions/catalog.community.json | Updates catalog timestamp and registers the new tekimax-security community extension entry. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
| "version": "0.2.6", | ||
| "download_url": "https://github.com/TEKIMAX/speckit-security/archive/refs/tags/v0.2.6.zip", | ||
| "repository": "https://github.com/TEKIMAX/speckit-security", |
There was a problem hiding this comment.
PR description states the release being added is v0.2.5, but the catalog entry sets version to 0.2.6 and the download_url points at the v0.2.6 tag. Please make these consistent (either update the PR description/verification links to v0.2.6, or change the catalog entry back to v0.2.5) so consumers download the intended release.
mnriem
left a comment
mnriem
left a comment
There was a problem hiding this comment.
Can you update the PR description and then we should be good to go
Summary
Adds a
catalog.community.jsonentry for TEKIMAX Secure SDD (speckit-security), an Apache-2.0 Spec Kit extension that layers six security gates onto the spec-driven development lifecycle.What it adds for Spec Kit users
8 slash commands under
speckit.tekimax-security.*:data-contract— declare sources, schemas, PII strategy, bias audit, drift thresholdsthreat-model— generate a STRIDE threat model for the active specmodel-governance— pin model version, define eval baselines, rollback planguardrails— generate versioned system prompt + guardrail YAMLgate-check— run all six gates against the active spec, emit verdictaudit— post-implementation scan (inline prompts, secrets, direct SDK imports)red-team— generate adversarial scenarios;--runhits staging with safety guardsinstall-rules— install development rules into docs, constitution, and agent context5 phase hooks wired in:
after_specifydata-contractafter_planthreat-modelbefore_implementgate-checkafter_implementauditbefore_analyzered-teamSix gates (A–F) run via
gate-check.sh: Data Contract, Threat Model, Model Governance, Guardrails, Red Team, Inline Content Scan.Dependencies
bash,grep,sed,git, andpython3— all of which ship with macOS and Linux. Nonpm install, nopip install, no third-party Python packages. Agent-neutral (Claude Code, Copilot, Cursor, Gemini CLI, OpenCode, Windsurf, and every other agent Spec Kit supports).Scope honesty
speckit-securityis one layer of a broader security program, not a replacement for SAST, dependency scanning, runtime monitoring, or your existing compliance tooling. The docs call this out explicitly on the home page and in the FAQ.Diff
Adds one entry (
tekimax-security) in alphabetical order and bumps the catalogupdated_at. Existing entries and their ordering are untouched. Diff:+36 / -1.Verification
https://github.com/TEKIMAX/speckit-security/archive/refs/tags/v0.2.5.zip) resolves