Best For
Best for features touching auth, input handling, secrets, compliance, or external exposure.
- Threat model before implementation
- Use anti-pattern references while coding
- Run scanner and review before merge
Documentation
SECURITY • v1.9.0.21Security Guide
Security operating model for AI-generated code with anti-pattern defense and scan discipline.
SECURITY Context Profile53Core agents
61Claude skills
64Copilot agents
60Cursor rules
60Codex skills
61Gemini skills
Anti-Patterns To Avoid
These behaviors reduce framework signal and increase rework risk.
- Security treated as post-merge task
- Hardcoded secrets or weak defaults
- No remediation plan for findings
Adoption Plan
- Map risk areas in PRD
- Implement with secure defaults
- Run security scans and tests
- Document mitigations and residual risk
/security audit
/security-scanner
/review
/anvil
Primary References
Operational Checklist
- Version alignment confirmed (v1.9.0.21)
- Execution evidence captured in stories or PR
- Gate validations completed before merge/deploy