mirror of
https://github.com/wshobson/agents.git
synced 2026-03-18 17:47:16 +00:00
feat: comprehensive upgrade of 32 tools and workflows
Major quality improvements across all tools and workflows: - Expanded from 1,952 to 23,686 lines (12.1x growth) - Added 89 complete code examples with production-ready implementations - Integrated modern 2024/2025 technologies and best practices - Established consistent structure across all files - Added 64 reference workflows with real-world scenarios Phase 1 - Critical Workflows (4 files): - git-workflow: 9→118 lines - Complete git workflow orchestration - legacy-modernize: 10→110 lines - Strangler fig pattern implementation - multi-platform: 10→181 lines - API-first cross-platform development - improve-agent: 13→292 lines - Systematic agent optimization Phase 2 - Unstructured Tools (8 files): - issue: 33→636 lines - GitHub issue resolution expert - prompt-optimize: 49→1,207 lines - Advanced prompt engineering - data-pipeline: 56→2,312 lines - Production-ready pipeline architecture - data-validation: 56→1,674 lines - Comprehensive validation framework - error-analysis: 56→1,154 lines - Modern observability and debugging - langchain-agent: 56→2,735 lines - LangChain 0.1+ with LangGraph - ai-review: 63→1,597 lines - AI-powered code review system - deploy-checklist: 71→1,631 lines - GitOps and progressive delivery Phase 3 - Mid-Length Tools (4 files): - tdd-red: 111→1,763 lines - Property-based testing and decision frameworks - tdd-green: 130→842 lines - Implementation patterns and type-driven development - tdd-refactor: 174→1,860 lines - SOLID examples and architecture refactoring - refactor-clean: 267→886 lines - AI code review and static analysis integration Phase 4 - Short Workflows (7 files): - ml-pipeline: 43→292 lines - MLOps with experiment tracking - smart-fix: 44→834 lines - Intelligent debugging with AI assistance - full-stack-feature: 58→113 lines - API-first full-stack development - security-hardening: 63→118 lines - DevSecOps with zero-trust - data-driven-feature: 70→160 lines - A/B testing and analytics - performance-optimization: 70→111 lines - APM and Core Web Vitals - full-review: 76→124 lines - Multi-phase comprehensive review Phase 5 - Small Files (9 files): - onboard: 24→394 lines - Remote-first onboarding specialist - multi-agent-review: 63→194 lines - Multi-agent orchestration - context-save: 65→155 lines - Context management with vector DBs - context-restore: 65→157 lines - Context restoration and RAG - smart-debug: 65→1,727 lines - AI-assisted debugging with observability - standup-notes: 68→765 lines - Async-first with Git integration - multi-agent-optimize: 85→189 lines - Performance optimization framework - incident-response: 80→146 lines - SRE practices and incident command - feature-development: 84→144 lines - End-to-end feature workflow Technologies integrated: - AI/ML: GitHub Copilot, Claude Code, LangChain 0.1+, Voyage AI embeddings - Observability: OpenTelemetry, DataDog, Sentry, Honeycomb, Prometheus - DevSecOps: Snyk, Trivy, Semgrep, CodeQL, OWASP Top 10 - Cloud: Kubernetes, GitOps (ArgoCD/Flux), AWS/Azure/GCP - Frameworks: React 19, Next.js 15, FastAPI, Django 5, Pydantic v2 - Data: Apache Spark, Airflow, Delta Lake, Great Expectations All files now include: - Clear role statements and expertise definitions - Structured Context/Requirements sections - 6-8 major instruction sections (tools) or 3-4 phases (workflows) - Multiple complete code examples in various languages - Modern framework integrations - Real-world reference implementations
This commit is contained in:
Seth Hobson
@@ -1,68 +1,118 @@
|
||||
---
|
||||
model: sonnet
|
||||
---
|
||||
Implement comprehensive security hardening with defense-in-depth strategy through coordinated multi-agent orchestration:
|
||||
|
||||
Implement security-first architecture and hardening measures with coordinated agent orchestration:
|
||||
[Extended thinking: This workflow implements a defense-in-depth security strategy across all application layers. It coordinates specialized security agents to perform comprehensive assessments, implement layered security controls, and establish continuous security monitoring. The approach follows modern DevSecOps principles with shift-left security, automated scanning, and compliance validation. Each phase builds upon previous findings to create a resilient security posture that addresses both current vulnerabilities and future threats.]
|
||||
|
||||
[Extended thinking: This workflow prioritizes security at every layer of the application stack. Multiple agents work together to identify vulnerabilities, implement secure patterns, and ensure compliance with security best practices.]
|
||||
## Phase 1: Comprehensive Security Assessment
|
||||
|
||||
## Phase 1: Security Assessment
|
||||
|
||||
### 1. Initial Security Audit
|
||||
### 1. Initial Vulnerability Scanning
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Perform comprehensive security audit on: $ARGUMENTS. Identify vulnerabilities, compliance gaps, and security risks across all components."
|
||||
- Output: Vulnerability report, risk assessment, compliance gaps
|
||||
- Prompt: "Perform comprehensive security assessment on: $ARGUMENTS. Execute SAST analysis with Semgrep/SonarQube, DAST scanning with OWASP ZAP, dependency audit with Snyk/Trivy, secrets detection with GitLeaks/TruffleHog. Generate SBOM for supply chain analysis. Identify OWASP Top 10 vulnerabilities, CWE weaknesses, and CVE exposures."
|
||||
- Output: Detailed vulnerability report with CVSS scores, exploitability analysis, attack surface mapping, secrets exposure report, SBOM inventory
|
||||
- Context: Initial baseline for all remediation efforts
|
||||
|
||||
### 2. Architecture Security Review
|
||||
- Use Task tool with subagent_type="backend-architect"
|
||||
- Prompt: "Review and redesign architecture for security: $ARGUMENTS. Focus on secure service boundaries, data isolation, and defense in depth. Use findings from security audit."
|
||||
- Output: Secure architecture design, service isolation strategy, data flow diagrams
|
||||
|
||||
## Phase 2: Security Implementation
|
||||
|
||||
### 3. Backend Security Hardening
|
||||
- Use Task tool with subagent_type="backend-architect"
|
||||
- Prompt: "Implement backend security measures for: $ARGUMENTS. Include authentication, authorization, input validation, and secure data handling based on security audit findings."
|
||||
- Output: Secure API implementations, auth middleware, validation layers
|
||||
|
||||
### 4. Infrastructure Security
|
||||
- Use Task tool with subagent_type="devops-troubleshooter"
|
||||
- Prompt: "Implement infrastructure security for: $ARGUMENTS. Configure firewalls, secure secrets management, implement least privilege access, and set up security monitoring."
|
||||
- Output: Infrastructure security configs, secrets management, monitoring setup
|
||||
|
||||
### 5. Frontend Security
|
||||
- Use Task tool with subagent_type="frontend-developer"
|
||||
- Prompt: "Implement frontend security measures for: $ARGUMENTS. Include CSP headers, XSS prevention, secure authentication flows, and sensitive data handling."
|
||||
- Output: Secure frontend code, CSP policies, auth integration
|
||||
|
||||
## Phase 3: Compliance and Testing
|
||||
|
||||
### 6. Compliance Verification
|
||||
### 2. Threat Modeling and Risk Analysis
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Verify compliance with security standards for: $ARGUMENTS. Check OWASP Top 10, GDPR, SOC2, or other relevant standards. Validate all security implementations."
|
||||
- Output: Compliance report, remediation requirements
|
||||
- Prompt: "Conduct threat modeling using STRIDE methodology for: $ARGUMENTS. Analyze attack vectors, create attack trees, assess business impact of identified vulnerabilities. Map threats to MITRE ATT&CK framework. Prioritize risks based on likelihood and impact."
|
||||
- Output: Threat model diagrams, risk matrix with prioritized vulnerabilities, attack scenario documentation, business impact analysis
|
||||
- Context: Uses vulnerability scan results to inform threat priorities
|
||||
|
||||
### 7. Security Testing
|
||||
- Use Task tool with subagent_type="test-automator"
|
||||
- Prompt: "Create security test suites for: $ARGUMENTS. Include penetration tests, security regression tests, and automated vulnerability scanning."
|
||||
- Output: Security test suite, penetration test results, CI/CD integration
|
||||
### 3. Architecture Security Review
|
||||
- Use Task tool with subagent_type="backend-architect"
|
||||
- Prompt: "Review architecture for security weaknesses in: $ARGUMENTS. Evaluate service boundaries, data flow security, authentication/authorization architecture, encryption implementation, network segmentation. Design zero-trust architecture patterns. Reference threat model and vulnerability findings."
|
||||
- Output: Security architecture assessment, zero-trust design recommendations, service mesh security requirements, data classification matrix
|
||||
- Context: Incorporates threat model to address architectural vulnerabilities
|
||||
|
||||
## Phase 4: Deployment and Monitoring
|
||||
## Phase 2: Vulnerability Remediation
|
||||
|
||||
### 8. Secure Deployment
|
||||
### 4. Critical Vulnerability Fixes
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Coordinate immediate remediation of critical vulnerabilities (CVSS 7+) in: $ARGUMENTS. Fix SQL injections with parameterized queries, XSS with output encoding, authentication bypasses with secure session management, insecure deserialization with input validation. Apply security patches for CVEs."
|
||||
- Output: Patched code with vulnerability fixes, security patch documentation, regression test requirements
|
||||
- Context: Addresses high-priority items from vulnerability assessment
|
||||
|
||||
### 5. Backend Security Hardening
|
||||
- Use Task tool with subagent_type="backend-security-coder"
|
||||
- Prompt: "Implement comprehensive backend security controls for: $ARGUMENTS. Add input validation with OWASP ESAPI, implement rate limiting and DDoS protection, secure API endpoints with OAuth2/JWT validation, add encryption for data at rest/transit using AES-256/TLS 1.3. Implement secure logging without PII exposure."
|
||||
- Output: Hardened API endpoints, validation middleware, encryption implementation, secure configuration templates
|
||||
- Context: Builds upon vulnerability fixes with preventive controls
|
||||
|
||||
### 6. Frontend Security Implementation
|
||||
- Use Task tool with subagent_type="frontend-security-coder"
|
||||
- Prompt: "Implement frontend security measures for: $ARGUMENTS. Configure CSP headers with nonce-based policies, implement XSS prevention with DOMPurify, secure authentication flows with PKCE OAuth2, add SRI for external resources, implement secure cookie handling with SameSite/HttpOnly/Secure flags."
|
||||
- Output: Secure frontend components, CSP policy configuration, authentication flow implementation, security headers configuration
|
||||
- Context: Complements backend security with client-side protections
|
||||
|
||||
### 7. Mobile Security Hardening
|
||||
- Use Task tool with subagent_type="mobile-security-coder"
|
||||
- Prompt: "Implement mobile app security for: $ARGUMENTS. Add certificate pinning, implement biometric authentication, secure local storage with encryption, obfuscate code with ProGuard/R8, implement anti-tampering and root/jailbreak detection, secure IPC communications."
|
||||
- Output: Hardened mobile application, security configuration files, obfuscation rules, certificate pinning implementation
|
||||
- Context: Extends security to mobile platforms if applicable
|
||||
|
||||
## Phase 3: Security Controls Implementation
|
||||
|
||||
### 8. Authentication and Authorization Enhancement
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Implement modern authentication system for: $ARGUMENTS. Deploy OAuth2/OIDC with PKCE, implement MFA with TOTP/WebAuthn/FIDO2, add risk-based authentication, implement RBAC/ABAC with principle of least privilege, add session management with secure token rotation."
|
||||
- Output: Authentication service configuration, MFA implementation, authorization policies, session management system
|
||||
- Context: Strengthens access controls based on architecture review
|
||||
|
||||
### 9. Infrastructure Security Controls
|
||||
- Use Task tool with subagent_type="deployment-engineer"
|
||||
- Prompt: "Implement secure deployment pipeline for: $ARGUMENTS. Include security gates, vulnerability scanning in CI/CD, and secure configuration management."
|
||||
- Output: Secure CI/CD pipeline, deployment security checks, rollback procedures
|
||||
- Prompt: "Deploy infrastructure security controls for: $ARGUMENTS. Configure WAF rules for OWASP protection, implement network segmentation with micro-segmentation, deploy IDS/IPS systems, configure cloud security groups and NACLs, implement DDoS protection with rate limiting and geo-blocking."
|
||||
- Output: WAF configuration, network security policies, IDS/IPS rules, cloud security configurations
|
||||
- Context: Implements network-level defenses
|
||||
|
||||
### 9. Security Monitoring Setup
|
||||
### 10. Secrets Management Implementation
|
||||
- Use Task tool with subagent_type="deployment-engineer"
|
||||
- Prompt: "Implement enterprise secrets management for: $ARGUMENTS. Deploy HashiCorp Vault or AWS Secrets Manager, implement secret rotation policies, remove hardcoded secrets, configure least-privilege IAM roles, implement encryption key management with HSM support."
|
||||
- Output: Secrets management configuration, rotation policies, IAM role definitions, key management procedures
|
||||
- Context: Eliminates secrets exposure vulnerabilities
|
||||
|
||||
## Phase 4: Validation and Compliance
|
||||
|
||||
### 11. Penetration Testing and Validation
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Execute comprehensive penetration testing for: $ARGUMENTS. Perform authenticated and unauthenticated testing, API security testing, business logic testing, privilege escalation attempts. Use Burp Suite, Metasploit, and custom exploits. Validate all security controls effectiveness."
|
||||
- Output: Penetration test report, proof-of-concept exploits, remediation validation, security control effectiveness metrics
|
||||
- Context: Validates all implemented security measures
|
||||
|
||||
### 12. Compliance and Standards Verification
|
||||
- Use Task tool with subagent_type="security-auditor"
|
||||
- Prompt: "Verify compliance with security frameworks for: $ARGUMENTS. Validate against OWASP ASVS Level 2, CIS Benchmarks, SOC2 Type II requirements, GDPR/CCPA privacy controls, HIPAA/PCI-DSS if applicable. Generate compliance attestation reports."
|
||||
- Output: Compliance assessment report, gap analysis, remediation requirements, audit evidence collection
|
||||
- Context: Ensures regulatory and industry standard compliance
|
||||
|
||||
### 13. Security Monitoring and SIEM Integration
|
||||
- Use Task tool with subagent_type="devops-troubleshooter"
|
||||
- Prompt: "Set up security monitoring and incident response for: $ARGUMENTS. Include intrusion detection, log analysis, and automated alerting."
|
||||
- Output: Security monitoring dashboards, alert rules, incident response procedures
|
||||
- Prompt: "Implement security monitoring and SIEM for: $ARGUMENTS. Deploy Splunk/ELK/Sentinel integration, configure security event correlation, implement behavioral analytics for anomaly detection, set up automated incident response playbooks, create security dashboards and alerting."
|
||||
- Output: SIEM configuration, correlation rules, incident response playbooks, security dashboards, alert definitions
|
||||
- Context: Establishes continuous security monitoring
|
||||
|
||||
## Configuration Options
|
||||
- scanning_depth: "quick" | "standard" | "comprehensive" (default: comprehensive)
|
||||
- compliance_frameworks: ["OWASP", "CIS", "SOC2", "GDPR", "HIPAA", "PCI-DSS"]
|
||||
- remediation_priority: "cvss_score" | "exploitability" | "business_impact"
|
||||
- monitoring_integration: "splunk" | "elastic" | "sentinel" | "custom"
|
||||
- authentication_methods: ["oauth2", "saml", "mfa", "biometric", "passwordless"]
|
||||
|
||||
## Success Criteria
|
||||
- All critical vulnerabilities (CVSS 7+) remediated
|
||||
- OWASP Top 10 vulnerabilities addressed
|
||||
- Zero high-risk findings in penetration testing
|
||||
- Compliance frameworks validation passed
|
||||
- Security monitoring detecting and alerting on threats
|
||||
- Incident response time < 15 minutes for critical alerts
|
||||
- SBOM generated and vulnerabilities tracked
|
||||
- All secrets managed through secure vault
|
||||
- Authentication implements MFA and secure session management
|
||||
- Security tests integrated into CI/CD pipeline
|
||||
|
||||
## Coordination Notes
|
||||
- Security findings from each phase inform subsequent implementations
|
||||
- All agents must prioritize security in their recommendations
|
||||
- Regular security reviews between phases ensure nothing is missed
|
||||
- Document all security decisions and trade-offs
|
||||
- Each phase provides detailed findings that inform subsequent phases
|
||||
- Security-auditor agent coordinates with domain-specific agents for fixes
|
||||
- All code changes undergo security review before implementation
|
||||
- Continuous feedback loop between assessment and remediation
|
||||
- Security findings tracked in centralized vulnerability management system
|
||||
- Regular security reviews scheduled post-implementation
|
||||
|
||||
Security hardening target: $ARGUMENTS
|
||||
Reference in New Issue
Block a user