feat: Update security-audit aspect and add shiny-secure example (gt-8tmz.5)

- Fix security-audit.formula.json to match Go schema (advice as array) - Update pointcuts and targets for exact matching - Add shiny-secure.formula.json demonstrating aspect composition 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-25 12:15:31 -08:00
parent eaffc26fc4
commit 197a33af02
2 changed files with 48 additions and 30 deletions
--- a/.beads/formulas/security-audit.formula.json
+++ b/.beads/formulas/security-audit.formula.json
@@ -4,39 +4,47 @@
  "description": "Cross-cutting security concern. Applies security scanning before and after implementation steps.",
  "version": 1,
  "pointcuts": [
-    {"glob": "*.implement"},
-    {"glob": "*.submit"}
+    {"glob": "implement"},
+    {"glob": "submit"}
  ],
-  "advice": {
-    "around": {
-      "before": [
-        {
-          "id": "security-prescan",
-          "description": "Pre-implementation security check. Review for secrets/credentials in scope. Check dependencies for known vulnerabilities.",
-          "args": {
-            "target": "{step.id}"
+  "advice": [
+    {
+      "target": "implement",
+      "around": {
+        "before": [
+          {
+            "id": "{step.id}-security-prescan",
+            "title": "Security prescan for {step.id}",
+            "description": "Pre-implementation security check. Review for secrets/credentials in scope. Check dependencies for known vulnerabilities."
          }
-        }
-      ],
-      "after": [
-        {
-          "id": "security-postscan",
-          "description": "Post-implementation security scan. Scan new code for vulnerabilities (SAST). Check for hardcoded secrets. Review for OWASP Top 10 issues.",
-          "args": {
-            "target": "{step.id}"
-          },
-          "output": {
-            "approved": "boolean",
-            "findings": "list"
+        ],
+        "after": [
+          {
+            "id": "{step.id}-security-postscan",
+            "title": "Security postscan for {step.id}",
+            "description": "Post-implementation security scan. Scan new code for vulnerabilities (SAST). Check for hardcoded secrets. Review for OWASP Top 10 issues."
          }
-        },
-        {
-          "gate": {
-            "condition": "security-postscan.output.approved == true",
-            "message": "Security approval required before proceeding"
+        ]
+      }
+    },
+    {
+      "target": "submit",
+      "around": {
+        "before": [
+          {
+            "id": "{step.id}-security-prescan",
+            "title": "Security prescan for {step.id}",
+            "description": "Pre-submission security check. Final vulnerability scan before merge."
          }
-        }
-      ]
+        ],
+        "after": [
+          {
+            "id": "{step.id}-security-postscan",
+            "title": "Security postscan for {step.id}",
+            "description": "Post-submission security verification. Confirm no new vulnerabilities introduced."
+          }
+        ]
+      }
    }
-  }
+  ]
 }
--- a/.beads/formulas/shiny-secure.formula.json
+++ b/.beads/formulas/shiny-secure.formula.json
@@ -0,0 +1,10 @@
+{
+  "formula": "shiny-secure",
+  "type": "workflow",
+  "description": "Shiny workflow with security audit aspect applied.",
+  "version": 1,
+  "extends": ["shiny"],
+  "compose": {
+    "aspects": ["security-audit"]
+  }
+}