From e2a411408800559b162ccce35d4cde2df7e571ad Mon Sep 17 00:00:00 2001 From: Ash Brener Date: Wed, 22 Apr 2026 11:35:39 +0200 Subject: [PATCH 1/4] feat(catalog): add red-team extension Adds the `red-team` community extension to the catalog: - Adversarial review of functional specs before /speckit.plan locks in architecture. - Complements /speckit.clarify (correctness) and /speckit.analyze (consistency) with parallel adversarial lens agents. - One command: speckit.red-team.run - MIT licensed; requires spec-kit >= 0.7.0. Origin: this extension was originally proposed as a core command (github/spec-kit#2303). Per maintainer guidance (mnriem's comment on that PR), it's been restructured as a community extension hosted at https://github.com/ashbrener/spec-kit-red-team. Dogfood-validated on a 500-line functional spec: 5 lens agents dispatched in parallel returned 25 findings in ~1.5 min wall-clock, 19 of which met the meaningful-finding bar (severity >= HIGH AND novel adversarial angle that clarify/analyze structurally cannot catch). Full detail in the extension's CHANGELOG. --- extensions/catalog.community.json | 34 ++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 53bea347ca..ae71548b2e 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1,6 +1,6 @@ { "schema_version": "1.0", - "updated_at": "2026-04-21T00:00:00Z", + "updated_at": "2026-04-22T00:00:00Z", "catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json", "extensions": { "aide": { @@ -1523,6 +1523,38 @@ "created_at": "2026-03-14T00:00:00Z", "updated_at": "2026-03-14T00:00:00Z" }, + "red-team": { + "name": "Red Team", + "id": "red-team", + "description": "Adversarial review of functional specs before /speckit.plan locks in architecture. Dispatches 3-5 parallel lens agents, aggregates findings into a structured report, and walks the maintainer through spec-fix / new-OQ / accepted-risk / out-of-scope resolution.", + "author": "Ash Brener", + "version": "1.0.0", + "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.0/red-team-v1.0.0.zip", + "repository": "https://github.com/ashbrener/spec-kit-red-team", + "homepage": "https://github.com/ashbrener/spec-kit-red-team", + "documentation": "https://github.com/ashbrener/spec-kit-red-team/blob/main/README.md", + "changelog": "https://github.com/ashbrener/spec-kit-red-team/blob/main/CHANGELOG.md", + "license": "MIT", + "requires": { + "speckit_version": ">=0.7.0" + }, + "provides": { + "commands": 1, + "hooks": 0 + }, + "tags": [ + "adversarial-review", + "quality-gate", + "spec-hardening", + "pre-plan", + "audit" + ], + "verified": false, + "downloads": 0, + "stars": 0, + "created_at": "2026-04-22T00:00:00Z", + "updated_at": "2026-04-22T00:00:00Z" + }, "refine": { "name": "Spec Refine", "id": "refine", From e3499915c99d8a83c155206b05fb11f08d70884c Mon Sep 17 00:00:00 2001 From: Ash Brener Date: Wed, 22 Apr 2026 11:56:18 +0200 Subject: [PATCH 2/4] catalog: shorten red-team description to fit <200 char schema limit Resolves Copilot review comment on #2306. Previous description (259 chars) exceeded the extensions/EXTENSION-PUBLISHING-GUIDE.md Appendix schema ceiling. Shortened to 188 chars, keeping the distinctive value proposition (adversarial, complements clarify/analyze) and moving the per-phase mechanics to the extension's own README. --- extensions/catalog.community.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index ae71548b2e..7c0ccaf697 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1526,7 +1526,7 @@ "red-team": { "name": "Red Team", "id": "red-team", - "description": "Adversarial review of functional specs before /speckit.plan locks in architecture. Dispatches 3-5 parallel lens agents, aggregates findings into a structured report, and walks the maintainer through spec-fix / new-OQ / accepted-risk / out-of-scope resolution.", + "description": "Adversarial review of functional specs before /speckit.plan. Parallel adversarial lens agents catch hostile actors, silent failures, and regulatory blind spots that clarify/analyze cannot.", "author": "Ash Brener", "version": "1.0.0", "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.0/red-team-v1.0.0.zip", From bb2ee40ef220e3e15e632ffd0eb85bc784c8b303 Mon Sep 17 00:00:00 2001 From: Ash Brener Date: Wed, 22 Apr 2026 13:31:00 +0200 Subject: [PATCH 3/4] catalog: bump red-team to v1.0.1 (lower required spec-kit version) Follow-up to v1.0.0 catalog entry: - version: 1.0.0 -> 1.0.1 - download_url: points at v1.0.1 release asset - requires.speckit_version: >=0.7.0 -> >=0.1.0 The v1.0.0 requirement was too strict and blocked installation on common 0.6.x field versions (confirmed via local install attempt). The extension uses no 0.7.x-specific APIs; matches community norm (reconcile, refine, others use >=0.1.0). --- extensions/catalog.community.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 7c0ccaf697..782dfe9da6 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1528,15 +1528,15 @@ "id": "red-team", "description": "Adversarial review of functional specs before /speckit.plan. Parallel adversarial lens agents catch hostile actors, silent failures, and regulatory blind spots that clarify/analyze cannot.", "author": "Ash Brener", - "version": "1.0.0", - "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.0/red-team-v1.0.0.zip", + "version": "1.0.1", + "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.1/red-team-v1.0.1.zip", "repository": "https://github.com/ashbrener/spec-kit-red-team", "homepage": "https://github.com/ashbrener/spec-kit-red-team", "documentation": "https://github.com/ashbrener/spec-kit-red-team/blob/main/README.md", "changelog": "https://github.com/ashbrener/spec-kit-red-team/blob/main/CHANGELOG.md", "license": "MIT", "requires": { - "speckit_version": ">=0.7.0" + "speckit_version": ">=0.1.0" }, "provides": { "commands": 1, From 26232e4e69d3e897b6629fd2bdbdfa7657a7dcbf Mon Sep 17 00:00:00 2001 From: Ash Brener Date: Wed, 22 Apr 2026 15:21:27 +0200 Subject: [PATCH 4/4] catalog: bump red-team to v1.0.2 (adds mandatory before_plan gate) v1.0.2 ships a /speckit.red-team.gate command wired as a mandatory before_plan hook so /speckit.plan auto-invokes it on every run against qualifying specs. Non-qualifying specs return PROCEED silently; qualifying specs without findings on record return HALT with explicit remediation (run /speckit.red-team.run, or opt out via --skip-red-team-gate: which is recorded as an Accepted Risk [red-team-skipped] in the plan). Catalog metadata delta: - version: 1.0.1 -> 1.0.2 - download_url: v1.0.2/red-team-v1.0.2.zip - provides.commands: 1 -> 2 (adds speckit.red-team.gate) - provides.hooks: 0 -> 1 (adds before_plan hook) No breaking changes. Projects that do not want the gate simply do not install the extension. --- extensions/catalog.community.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json index 782dfe9da6..98175ce3b4 100644 --- a/extensions/catalog.community.json +++ b/extensions/catalog.community.json @@ -1528,8 +1528,8 @@ "id": "red-team", "description": "Adversarial review of functional specs before /speckit.plan. Parallel adversarial lens agents catch hostile actors, silent failures, and regulatory blind spots that clarify/analyze cannot.", "author": "Ash Brener", - "version": "1.0.1", - "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.1/red-team-v1.0.1.zip", + "version": "1.0.2", + "download_url": "https://github.com/ashbrener/spec-kit-red-team/releases/download/v1.0.2/red-team-v1.0.2.zip", "repository": "https://github.com/ashbrener/spec-kit-red-team", "homepage": "https://github.com/ashbrener/spec-kit-red-team", "documentation": "https://github.com/ashbrener/spec-kit-red-team/blob/main/README.md", @@ -1539,8 +1539,8 @@ "speckit_version": ">=0.1.0" }, "provides": { - "commands": 1, - "hooks": 0 + "commands": 2, + "hooks": 1 }, "tags": [ "adversarial-review",