@hegemonart/get-design-done 1.28.0 → 1.28.6

package/skills/quality-gate/threat-modeling.md

@@ -0,0 +1,101 @@
+---
+name: threat-modeling
+type: heuristic
+version: 1.0.0
+phase: 28.5
+tags: [threat-modeling, stride, audit, security, trust-boundary, disposition]
+last_updated: 2026-05-18
+---
+
+# Threat Modeling
+
+Audit-side STRIDE / threat-modeling reference. Centralizes the categories, trust-boundary
+identification heuristics, and disposition framework (mitigate / accept / transfer) so
+consumer skills can cross-link rather than inline. Extracted as part of Phase 28.5 from
+inline content in `skills/quality-gate/SKILL.md` (the four-tier classification) and the
+shared verifier / audit family. See `./audit-scoring.md` for the design-side scoring
+framework, which uses STRIDE as one of its lenses.
+
+## When to use
+
+Apply STRIDE during:
+
+- **Verify entry** (Stage 5) when the changeset touches a trust boundary (auth, ingress,
+  deserialization, subprocess spawn).
+- **Audit pillar runs** when a heuristic flags potential security surface.
+- **Plan-phase risk-register population** when the plan touches user input, network
+  endpoints, file IO from user paths, or persisted state.
+- **Threat register on plans that ship new endpoints** — assign one of {mitigate, accept,
+  transfer} to every identified threat before the plan ships.
+
+## STRIDE categories
+
+| Letter | Threat                  | Audit lens                                         |
+|--------|-------------------------|----------------------------------------------------|
+| S      | Spoofing                | Auth surfaces — login, session, token issuance     |
+| T      | Tampering               | Data integrity — write paths, persisted state      |
+| R      | Repudiation             | Audit trails / logging — proof of action           |
+| I      | Information Disclosure  | PII / secret leakage — logs, errors, side channels |
+| D      | Denial of Service       | Resource exhaustion — unbounded loops, large reads |
+| E      | Elevation of Privilege  | AuthZ bypass — role checks, capability tokens      |
+
+## Trust boundaries
+
+A trust boundary is a point where untrusted input crosses into trusted code. Identify
+trust boundaries before applying STRIDE — each boundary is one analysis sweep.
+
+Identification heuristics:
+
+- **Network ingress** — HTTP, gRPC, WebSocket, MCP transport, any TCP/UDP listen socket.
+- **File reads from user-writable paths** — uploads, `$HOME` configs, user-supplied paths
+  from CLI args, drag-drop.
+- **Subprocess spawns with user-supplied args** — `exec`/`spawn` where any argv element
+  is reachable from user input (URL params, env vars, config keys).
+- **Deserialization of persisted format** — JSON, YAML, MsgPack, Protobuf, custom
+  formats. The deserializer is the boundary, regardless of where the bytes came from.
+- **Third-party SDK callouts** — when gdd hands data to a peer-CLI, the data leaves the
+  trust boundary; treat the return path as untrusted on re-entry.
+
+## Disposition framework
+
+Every identified threat MUST carry a disposition before the plan ships. Three values:
+
+| Disposition | When to use                                                                  |
+|-------------|------------------------------------------------------------------------------|
+| Mitigate    | Threat has both impact and likelihood; ASVS L1 requires the control. Build  |
+|             | the control as part of the plan; cite the test that proves it.               |
+| Accept      | Low impact AND low likelihood. Documented rationale in the threat register;  |
+|             | no code change required. Re-visit if the threat-surface scope grows.         |
+| Transfer    | Third-party owns the control surface (e.g., the OS, the runtime, a peer's   |
+|             | sandbox). Document the boundary; do not re-implement the control.            |
+
+Mitigations on Plan tasks are correctness requirements — the executor applies Rule 2
+(missing critical functionality) if a mitigation disposition is present but the
+implementation lacks the control.
+
+## Threat register schema
+
+When a plan carries a `<threat_model>` block in its frontmatter, each entry follows:
+
+```yaml
+- id: T-01
+  category: spoofing       # S, T, R, I, D, or E
+  surface: auth/login      # path or component the threat hits
+  description: "<one-line description>"
+  disposition: mitigate    # mitigate, accept, or transfer
+  control: "rate-limit + ASVS V2.2.1 password policy"   # required when mitigate
+  rationale: "<why accept/transfer>"                    # required when accept/transfer
+```
+
+Multiple threats per plan are normal. The disposition column is the load-bearing field —
+the executor scans it; the verifier scans it.
+
+## Cross-references
+
+- `./audit-scoring.md` — design-side audit-scoring rubric; STRIDE is one of its lenses.
+- `./anti-patterns.md` — concrete anti-patterns mapped to STRIDE categories where
+  applicable (e.g., `eval`-on-user-input → Tampering + EoP).
+- `./accessibility.md` — accessibility is the orthogonal lens; threat-modeling does not
+  cover it.
+- ASVS (OWASP Application Security Verification Standard) — external authority for the
+  control catalog. Cited in plan threat-registers as `ASVS V<chapter>.<section>`.

package/skills/quick/SKILL.md

@@ -3,6 +3,7 @@ name: gdd-quick
 description: "Run the pipeline with optional agents skipped for speed. Skips: phase-researcher, design-assumptions-analyzer, design-integration-checker. Keeps: planner, executor, verifier, auditor."
 argument-hint: "[--skip <agent-name>] [stage]"
 tools: Read, Task
+disable-model-invocation: true
 ---
 
 # /gdd:quick

package/skills/reapply-patches/SKILL.md

@@ -3,6 +3,7 @@ name: gdd-reapply-patches
 description: "Reapply user modifications to reference/ files after a plugin update. Detects customizations via git diff against pristine baseline."
 argument-hint: "[--dry-run]"
 tools: Read, Write, Bash
+disable-model-invocation: true
 ---
 
 # gdd-reapply-patches

package/skills/recall/SKILL.md

@@ -3,6 +3,7 @@ name: gdd-recall
 description: "Search cross-cycle memory: decisions, learnings, experience archives. Returns ranked matches."
 argument-hint: "<query> [--reindex]"
 tools: Read, Write, Bash
+disable-model-invocation: true
 ---
 
 @reference/retrieval-contract.md

package/skills/resume/SKILL.md

@@ -3,6 +3,7 @@ name: gdd-resume
 description: "Restore session context from a numbered checkpoint. Lists available checkpoints when no argument given."
 argument-hint: "[<N>]"
 tools: Read, Write, Bash, Glob, AskUserQuestion, mcp__gdd_state__get, mcp__gdd_state__set_status, mcp__gdd_state__resolve_blocker, mcp__gdd_state__checkpoint, mcp__gdd_status, mcp__gdd_phase_current, mcp__gdd_plans_list, mcp__gdd_decisions_list
+disable-model-invocation: true
 ---
 
 @reference/retrieval-contract.md

package/skills/review-backlog/SKILL.md

@@ -2,6 +2,7 @@
 name: gdd-review-backlog
 description: "Review parked backlog items and promote any to active cycle todo."
 tools: Read, Write, AskUserQuestion
+disable-model-invocation: true
 ---
 
 # /gdd:review-backlog

package/skills/router/SKILL.md

@@ -53,71 +53,15 @@ Existing consumers reading any subset of the older fields keep working unchanged
 
 ## Path Selection Heuristic
 
-The router emits both `path` (legacy 3-tier enum) and `complexity_class` (Phase 25 4-tier enum). The canonical mapping is:
-
-| complexity_class | path | Behavior |
-|------------------|------|----------|
-| `S` | `fast` (short-circuited) | Skip router itself, skip cache-manager, skip telemetry write. Deterministic no-op decision. |
-| `M` | `fast` | Single Haiku + no checkers. |
-| `L` | `quick` | Sonnet mappers + Haiku verify. |
-| `XL` | `full` | Opus planners + full quality gates. Recommends worktree-isolation default + mandatory inter-stage checkpoint + reflector auto-spawn. |
-
-Bucket assignment:
-
-| Signal | complexity_class | path |
-|--------|------------------|------|
-| Command is `/gdd:help`, `/gdd:stats`, `/gdd:note`, `/gdd:health`, single-Haiku skill | `S` | `fast` (short-circuited — see below) |
-| Command is `/gdd:scan`, `/gdd:brief`, `/gdd:sketch`, `/gdd:spike`, `/gdd:fast` | `M` | `fast` |
-| Command spawns exactly one agent (no orchestration), not in S list | `M` | `fast` |
-| Command is `/gdd:explore`, `/gdd:discover`, standalone `/gdd:verify`, standalone `/gdd:plan` | `L` | `quick` |
-| Command spawns parallel mappers but no planners/auditors (`/gdd:discover` in `--auto` mode) | `L` | `quick` |
-| Command is `/gdd:next`, `/gdd:do`, `/gdd:autonomous`, end-to-end Brief→Verify, anything spawning planners + auditors + verifiers in series | `XL` | `full` |
-| Command spawns planners, auditors, verifiers, or integration-checkers (`/gdd:plan`, `/gdd:verify`, `/gdd:audit`) and is not standalone | `XL` | `full` |
-| `--dry-run` flag present on any command | downgrade one tier (XL→L→M→S; `path` follows the mapping table) |
-
-### S-class short-circuit
-
-When `complexity_class` would be `S`, the router itself **does not run** for that invocation — the deterministic skip list is encoded in the `/gdd:*` SKILL.md entry of the matching command. The budget-enforcer hook treats "no router decision payload + matching command name" as the S-class signal and skips enforcement entirely (no telemetry row, no cache lookup, no event emission). When the router *is* invoked explicitly (e.g., debugging) it still emits `complexity_class: "S"` in the JSON for observability, but the runtime path is the no-op.
+The router emits `path` (3-tier: `fast|quick|full`, legacy enum, stable for back-compat) AND `complexity_class` (4-tier: `S|M|L|XL`, Phase 25 / D-04 additive). Full mapping table, bucket-assignment signal list, `--dry-run` downgrade rule, and the S-class short-circuit semantics live in `./router-rules.md#path-selection-heuristic`. The S-class short-circuit is load-bearing: when `complexity_class` would be `S`, the router does not run; the deterministic skip list lives in the `/gdd:*` SKILL.md entry, and the budget-enforcer hook treats "no payload + matching command name" as the S signal.
 
 ## Cost Estimation Algorithm
 
-```
-total = 0
-for each agent in planned spawn graph:
-  tier = resolve_tier(agent)   # budget.json tier_overrides > agent frontmatter default-tier
-  (in_tok, out_tok) = token_range_from_size_budget(agent.size_budget)  # from reference/model-prices.md
-  (in_rate, out_rate) = price_from_tier(tier)
-  total += (in_tok / 1e6) * in_rate + (out_tok / 1e6) * out_rate
-return total
-```
+Standard cost-estimation pseudocode (sum over planned spawn graph; per-agent `(in_tok / 1e6) * in_rate + (out_tok / 1e6) * out_rate` using `./reference/model-prices.md`) lives in `./router-rules.md#cost-estimation-algorithm`.
 
 ## Runtime-aware model resolution
 
-The router emits `resolved_models` alongside `model_tier_overrides` so downstream consumers (budget-enforcer cost computation, Phase 22 cost telemetry, Phase 23.5 bandit posterior store) can read the **concrete model ID** for the active runtime without re-deriving it from the tier name. The resolution is per-agent and additive — `model_tier_overrides` keeps its `opus|sonnet|haiku` enum for back-compat across all 14 runtimes, and `resolved_models` runs the runtime-specific translation on top of it.
-
-Computation contract (per D-07):
-
-```
-runtime = runtimeDetect.detect() ?? 'claude'
-for each agent in planned spawn graph:
-  tier = resolve_tier(agent)                          # same merge as model_tier_overrides
-  resolved_models[agent] = tierResolver.resolve(runtime, tier)
-                                                       # → concrete model string OR null
-```
-
-Implementation surfaces (Phase 26 / Wave A):
-
-- `scripts/lib/runtime-detect.cjs` — `detect() → runtime-id | null`. Reads the same `*_CONFIG_DIR` / `*_HOME` env-vars Phase 24's installer uses (single source of truth in `scripts/lib/install/runtimes.cjs`). Returns `null` when no recognized runtime env-var is set; the router falls back to `'claude'` so the resolver always has a runtime ID to work with.
-- `scripts/lib/tier-resolver.cjs` — `resolve(runtime, tier, opts?) → model | null`. Translates `opus|sonnet|haiku` to the concrete model the runtime understands using the `reference/runtime-models.md` mapping (Phase 26 / Wave A). Fallback chain (D-04): runtime-specific entry → `claude` row default with `tier_resolution_fallback` event → `null` with `tier_resolution_failed` event. Never throws; `null` is a valid output the consumer must handle.
-
-Per-agent emission rules:
-
-- One key per agent in the planned spawn graph (same key set the cost-estimation loop iterates over). Keys MUST match agent names exactly so consumers can join `resolved_models` against `model_tier_overrides` and the spawn graph by name.
-- Value is the concrete model string returned by `tier-resolver.resolve(runtime, tier)`.
-- When the resolver returns `null` (missing tier-map row, missing tier, garbage input), the value is JSON `null` — NOT omitted, NOT the empty string. Consumers (budget-enforcer, telemetry) MUST handle `null`: typically by skipping the cost row for that spawn and emitting their own diagnostic event, never by crashing.
-- When `complexity_class` is `S` and the router itself short-circuits (see **S-class short-circuit** above), no payload is emitted at all and `resolved_models` does not exist for that invocation — the budget-enforcer's "no router decision payload" branch already handles this case.
-
-Back-compat assertion: a router invocation in a Claude runtime (or any environment where `runtime-detect.detect()` returns `null` and the router falls back to `'claude'`) produces `resolved_models` values that are the canonical Anthropic model IDs (`claude-opus-4-7`, `claude-sonnet-4-6`, `claude-haiku-4-5`) for the corresponding tiers. Pre-Phase-26 consumers that ignore `resolved_models` see the same `model_tier_overrides` they always saw (Plan 26-09 owns the runtime fixture diff that asserts this).
+Computation contract for `resolved_models`, implementation surfaces (`scripts/lib/runtime-detect.cjs` + `scripts/lib/tier-resolver.cjs`), per-agent emission rules (including the JSON-`null` contract), and the Claude-runtime back-compat assertion live in `./router-rules.md#runtime-aware-model-resolution`. Top-line: `model_tier_overrides` keeps its `opus|sonnet|haiku` enum for back-compat; `resolved_models` runs the per-runtime translation additively on top.
 
 ## Cache-Hit Detection
 

package/skills/router/router-rules.md

@@ -0,0 +1,84 @@
+---
+name: router-rules
+type: heuristic
+version: 1.0.0
+phase: 28.5
+tags: [router, path-selection, complexity-class, model-tier, runtime-resolution, cost-estimation]
+last_updated: 2026-05-18
+---
+
+# Router Path-Selection + Runtime Resolution Rules
+
+Extracted from `skills/router/SKILL.md` per Phase 28.5 D-10 (extract-then-link, never delete
+content). The router SKILL keeps its invocation contract, output schema versioning table,
+integration point, and failure modes. The path-selection heuristic tables, the cost
+estimation algorithm, and the runtime-aware model resolution computation contract live
+here so the SKILL stays under the 100-line cap.
+
+## Path Selection Heuristic
+
+The router emits both `path` (legacy 3-tier enum) and `complexity_class` (Phase 25 4-tier enum). The canonical mapping is:
+
+| complexity_class | path | Behavior |
+|------------------|------|----------|
+| `S` | `fast` (short-circuited) | Skip router itself, skip cache-manager, skip telemetry write. Deterministic no-op decision. |
+| `M` | `fast` | Single Haiku + no checkers. |
+| `L` | `quick` | Sonnet mappers + Haiku verify. |
+| `XL` | `full` | Opus planners + full quality gates. Recommends worktree-isolation default + mandatory inter-stage checkpoint + reflector auto-spawn. |
+
+Bucket assignment:
+
+| Signal | complexity_class | path |
+|--------|------------------|------|
+| Command is `/gdd:help`, `/gdd:stats`, `/gdd:note`, `/gdd:health`, single-Haiku skill | `S` | `fast` (short-circuited — see below) |
+| Command is `/gdd:scan`, `/gdd:brief`, `/gdd:sketch`, `/gdd:spike`, `/gdd:fast` | `M` | `fast` |
+| Command spawns exactly one agent (no orchestration), not in S list | `M` | `fast` |
+| Command is `/gdd:explore`, `/gdd:discover`, standalone `/gdd:verify`, standalone `/gdd:plan` | `L` | `quick` |
+| Command spawns parallel mappers but no planners/auditors (`/gdd:discover` in `--auto` mode) | `L` | `quick` |
+| Command is `/gdd:next`, `/gdd:do`, `/gdd:autonomous`, end-to-end Brief→Verify, anything spawning planners + auditors + verifiers in series | `XL` | `full` |
+| Command spawns planners, auditors, verifiers, or integration-checkers (`/gdd:plan`, `/gdd:verify`, `/gdd:audit`) and is not standalone | `XL` | `full` |
+| `--dry-run` flag present on any command | downgrade one tier (XL→L→M→S; `path` follows the mapping table) |
+
+### S-class short-circuit
+
+When `complexity_class` would be `S`, the router itself **does not run** for that invocation — the deterministic skip list is encoded in the `/gdd:*` SKILL.md entry of the matching command. The budget-enforcer hook treats "no router decision payload + matching command name" as the S-class signal and skips enforcement entirely (no telemetry row, no cache lookup, no event emission). When the router *is* invoked explicitly (e.g., debugging) it still emits `complexity_class: "S"` in the JSON for observability, but the runtime path is the no-op.
+
+## Cost Estimation Algorithm
+
+```
+total = 0
+for each agent in planned spawn graph:
+  tier = resolve_tier(agent)   # budget.json tier_overrides > agent frontmatter default-tier
+  (in_tok, out_tok) = token_range_from_size_budget(agent.size_budget)  # from reference/model-prices.md
+  (in_rate, out_rate) = price_from_tier(tier)
+  total += (in_tok / 1e6) * in_rate + (out_tok / 1e6) * out_rate
+return total
+```
+
+## Runtime-aware model resolution
+
+The router emits `resolved_models` alongside `model_tier_overrides` so downstream consumers (budget-enforcer cost computation, Phase 22 cost telemetry, Phase 23.5 bandit posterior store) can read the **concrete model ID** for the active runtime without re-deriving it from the tier name. The resolution is per-agent and additive — `model_tier_overrides` keeps its `opus|sonnet|haiku` enum for back-compat across all 14 runtimes, and `resolved_models` runs the runtime-specific translation on top of it.
+
+Computation contract (per D-07):
+
+```
+runtime = runtimeDetect.detect() ?? 'claude'
+for each agent in planned spawn graph:
+  tier = resolve_tier(agent)                          # same merge as model_tier_overrides
+  resolved_models[agent] = tierResolver.resolve(runtime, tier)
+                                                       # → concrete model string OR null
+```
+
+Implementation surfaces (Phase 26 / Wave A):
+
+- `scripts/lib/runtime-detect.cjs` — `detect() → runtime-id | null`. Reads the same `*_CONFIG_DIR` / `*_HOME` env-vars Phase 24's installer uses (single source of truth in `scripts/lib/install/runtimes.cjs`). Returns `null` when no recognized runtime env-var is set; the router falls back to `'claude'` so the resolver always has a runtime ID to work with.
+- `scripts/lib/tier-resolver.cjs` — `resolve(runtime, tier, opts?) → model | null`. Translates `opus|sonnet|haiku` to the concrete model the runtime understands using the `./runtime-models.md` mapping (Phase 26 / Wave A). Fallback chain (D-04): runtime-specific entry → `claude` row default with `tier_resolution_fallback` event → `null` with `tier_resolution_failed` event. Never throws; `null` is a valid output the consumer must handle.
+
+Per-agent emission rules:
+
+- One key per agent in the planned spawn graph (same key set the cost-estimation loop iterates over). Keys MUST match agent names exactly so consumers can join `resolved_models` against `model_tier_overrides` and the spawn graph by name.
+- Value is the concrete model string returned by `tier-resolver.resolve(runtime, tier)`.
+- When the resolver returns `null` (missing tier-map row, missing tier, garbage input), the value is JSON `null` — NOT omitted, NOT the empty string. Consumers (budget-enforcer, telemetry) MUST handle `null`: typically by skipping the cost row for that spawn and emitting their own diagnostic event, never by crashing.
+- When `complexity_class` is `S` and the router itself short-circuits (see **S-class short-circuit** above), no payload is emitted at all and `resolved_models` does not exist for that invocation — the budget-enforcer's "no router decision payload" branch already handles this case.
+
+Back-compat assertion: a router invocation in a Claude runtime (or any environment where `runtime-detect.detect()` returns `null` and the router falls back to `'claude'`) produces `resolved_models` values that are the canonical Anthropic model IDs (`claude-opus-4-7`, `claude-sonnet-4-6`, `claude-haiku-4-5`) for the corresponding tiers. Pre-Phase-26 consumers that ignore `resolved_models` see the same `model_tier_overrides` they always saw (Plan 26-09 owns the runtime fixture diff that asserts this).