93d9726bbc
Updates to molecule-algebra.md: - Added Formulas and Cooking section - Four-tier model: Formula → cook → Proto → pour/wisp → Mol/Wisp - Breaking Bad × Mad Max naming (Let's cook!) - Updated vision diagram New example formulas: - shiny.formula.yaml (Engineer in a Box) - rule-of-five.formula.yaml (Jeffrey's Rule expansion macro) - security-audit.formula.yaml (AOP aspect) - shiny-enterprise.formula.yaml (composed example)
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
# security-audit.formula.yaml
|
|
# AOP aspect for security scanning at implementation boundaries
|
|
|
|
formula: security-audit
|
|
type: aspect
|
|
description: |
|
|
Cross-cutting security concern. Applies security scanning
|
|
before and after implementation steps.
|
|
|
|
This is an ASPECT - it doesn't run standalone. Apply it
|
|
to other formulas using --with-aspect.
|
|
version: 1
|
|
|
|
pointcuts:
|
|
- glob: "*.implement"
|
|
- glob: "*.submit"
|
|
|
|
advice:
|
|
around:
|
|
before:
|
|
- id: security-prescan
|
|
description: |
|
|
Pre-implementation security check.
|
|
|
|
- Review for secrets/credentials in scope
|
|
- Check dependencies for known vulnerabilities
|
|
- Verify security requirements are understood
|
|
args:
|
|
target: "{step.id}"
|
|
|
|
after:
|
|
- id: security-postscan
|
|
description: |
|
|
Post-implementation security scan.
|
|
|
|
- Scan new code for vulnerabilities (SAST)
|
|
- Check for hardcoded secrets
|
|
- Verify auth/authz patterns
|
|
- Review for OWASP Top 10 issues
|
|
args:
|
|
target: "{step.id}"
|
|
output:
|
|
approved: boolean
|
|
findings: list
|
|
|
|
- gate:
|
|
condition: "security-postscan.output.approved == true"
|
|
message: "Security approval required before proceeding"
|