feat: Update security-audit aspect and add shiny-secure example (gt-8tmz.5)

- Fix security-audit.formula.json to match Go schema (advice as array) - Update pointcuts and targets for exact matching - Add shiny-secure.formula.json demonstrating aspect composition 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-25 12:15:31 -08:00
parent eaffc26fc4
commit 197a33af02
2 changed files with 48 additions and 30 deletions
--- a/.beads/formulas/security-audit.formula.json
+++ b/.beads/formulas/security-audit.formula.json
@@ -4,39 +4,47 @@
  "description": "Cross-cutting security concern. Applies security scanning before and after implementation steps.",
  "version": 1,
  "pointcuts": [
-    {"glob": "*.implement"},
+    {"glob": "implement"},
-    {"glob": "*.submit"}
+    {"glob": "submit"}
  ],
-  "advice": {
+  "advice": [
-    "around": {
+    {
-      "before": [
+      "target": "implement",
-        {
+      "around": {
-          "id": "security-prescan",
+        "before": [
-          "description": "Pre-implementation security check. Review for secrets/credentials in scope. Check dependencies for known vulnerabilities.",
+          {
-          "args": {
+            "id": "{step.id}-security-prescan",
-            "target": "{step.id}"
+            "title": "Security prescan for {step.id}",
            "description": "Pre-implementation security check. Review for secrets/credentials in scope. Check dependencies for known vulnerabilities."
          }
-        }
+        ],
-      ],
+        "after": [
-      "after": [
+          {
-        {
+            "id": "{step.id}-security-postscan",
-          "id": "security-postscan",
+            "title": "Security postscan for {step.id}",
-          "description": "Post-implementation security scan. Scan new code for vulnerabilities (SAST). Check for hardcoded secrets. Review for OWASP Top 10 issues.",
+            "description": "Post-implementation security scan. Scan new code for vulnerabilities (SAST). Check for hardcoded secrets. Review for OWASP Top 10 issues."
          "args": {
            "target": "{step.id}"
          },
          "output": {
            "approved": "boolean",
            "findings": "list"
          }
-        },
+        ]
-        {
+      }
-          "gate": {
+    },
-            "condition": "security-postscan.output.approved == true",
+    {
-            "message": "Security approval required before proceeding"
+      "target": "submit",
      "around": {
        "before": [
          {
            "id": "{step.id}-security-prescan",
            "title": "Security prescan for {step.id}",
            "description": "Pre-submission security check. Final vulnerability scan before merge."
          }
-        }
+        ],
-      ]
+        "after": [
          {
            "id": "{step.id}-security-postscan",
            "title": "Security postscan for {step.id}",
            "description": "Post-submission security verification. Confirm no new vulnerabilities introduced."
          }
        ]
      }
    }
-  }
+  ]
 }
--- a/.beads/formulas/shiny-secure.formula.json
+++ b/.beads/formulas/shiny-secure.formula.json
@@ -0,0 +1,10 @@
 {
  "formula": "shiny-secure",
  "type": "workflow",
  "description": "Shiny workflow with security audit aspect applied.",
  "version": 1,
  "extends": ["shiny"],
  "compose": {
    "aspects": ["security-audit"]
  }
 }