Skip to content

docs(agents): add security analysis protocol to principal-engineer-reviewer#711

Merged
johntmyers merged 2 commits intomainfrom
enhance-security-review-agent/jm
Mar 31, 2026
Merged

docs(agents): add security analysis protocol to principal-engineer-reviewer#711
johntmyers merged 2 commits intomainfrom
enhance-security-review-agent/jm

Conversation

@johntmyers
Copy link
Copy Markdown
Collaborator

@johntmyers johntmyers commented Mar 31, 2026

Summary

Adds concrete security analysis guidance to the principal-engineer-reviewer agent, including framework references (CWE, OWASP ASVS, OWASP Top 10 for LLM, CAPEC), a prescriptive threat modeling protocol, and a security checklist. The new guidance activates contextually for security-sensitive reviews only.

Changes

  • Enhanced the Security priority with explicit framework references (CWE, OWASP ASVS Level 3, OWASP Top 10 for LLM Applications, CAPEC)
  • Added a "Security analysis" section with a 5-step protocol: threat modeling, weakness mapping with CWE IDs, sandbox integrity checks (Landlock/seccomp/YAML policy), input sanitization rules, and dependency auditing
  • Added a security checklist covering CWE-78/88, CWE-94, CWE-22, CWE-269, OWASP LLM06, and supply chain risks
  • Scoped activation to security-sensitive areas (sandbox runtime, policy engine, network egress, auth, credential handling, untrusted input) to avoid over-applying on non-security PRs

Testing

  • Verified file reads correctly and sections flow coherently
  • mise run pre-commit passes
  • Unit tests added/updated

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@johntmyers
docs(agents): add security analysis protocol to principal-engineer-re…
12611ee 
…viewer

Add concrete security guidance including CWE/OWASP/CAPEC framework
references, a threat modeling protocol for security-sensitive reviews,
sandbox integrity checks, and a security checklist. Scoped to activate
only when reviewing changes that touch security-sensitive areas.
@johntmyers johntmyers requested a review from a team as a code owner March 31, 2026 20:35
@johntmyers johntmyers self-assigned this Mar 31, 2026
@johntmyers
docs(agents): sync security analysis protocol to opencode agent defin…
60e916f 
…ition

Mirror the same security enhancements from the claude agent definition
to the opencode principal-engineer-reviewer agent.
@johntmyers johntmyers merged commit 3b4c1d4 into main Mar 31, 2026
9 checks passed
@johntmyers johntmyers deleted the enhance-security-review-agent/jm branch March 31, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pimlock pimlock pimlock approved these changes

Assignees

@johntmyers johntmyers

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@johntmyers @pimlock