@lhi/tdd-audit 1.0.0 → 1.1.1

package/README.md

@@ -1,48 +1,109 @@
 # @lhi/tdd-audit
 
-Anti-Gravity Skill for TDD Remediation. This package securely patches code vulnerabilities by utilizing a Test-Driven Remediation (Red-Green-Refactor) protocol.
+Anti-Gravity Skill for TDD Remediation. Patches security vulnerabilities by applying a Test-Driven Remediation (Red-Green-Refactor) protocol — you prove the hole exists, apply the fix, and prove it's closed.
+
+## What happens on install
+
+Running the installer does five things immediately:
+
+1. **Scans your codebase** for common vulnerability patterns (SQL injection, IDOR, XSS, command injection, path traversal, broken auth) and prints findings to stdout
+2. **Scaffolds `__tests__/security/`** with a framework-matched boilerplate exploit test
+3. **Adds `test:security`** to your `package.json` scripts (Node.js projects)
+4. **Creates `.github/workflows/security-tests.yml`** so the CI gate exists from day one
+5. **Installs the `/tdd-audit` workflow shortcode** for your agent
 
 ## Installation
 
-You can install this skill globally so that it is available to the Anti-Gravity agent across all of your projects:
+Install globally so the skill is available across all your projects:
 
 ```bash
 npx @lhi/tdd-audit
 ```
 
-Or run it directly if you have cloned the repository:
+Or clone and run directly:
 
 ```bash
 node index.js
 ```
 
-### Local Installation
+### Flags
 
-If you prefer to install the skill and its workflow strictly to your current workspace instead of globally, use the `--local` flag:
+| Flag | Description |
+|---|---|
+| `--local` | Install skill files to the current project directory instead of `~` |
+| `--claude` | Use `.claude/` instead of `.agents/` as the skill directory |
+| `--with-hooks` | Install a pre-commit hook that blocks commits if security tests fail |
+| `--skip-scan` | Skip the automatic vulnerability scan on install |
 
+**Install to a Claude Code project with pre-commit protection:**
 ```bash
-npx @lhi/tdd-audit --local
-# or
-node index.js --local
+npx @lhi/tdd-audit --local --claude --with-hooks
 ```
 
-This will create an `.agents` folder in your current directory. 
+### Framework Detection
 
-*Note: Regardless of whether you install globally or locally, the boilerplate security tests will always be scaffolded into your current project's directory at `__tests__/security`.*
+The installer automatically detects your project's test framework and scaffolds the right boilerplate:
+
+| Detected | Boilerplate | `test:security` command |
+|---|---|---|
+| `jest` / `supertest` | `sample.exploit.test.js` | `jest --testPathPattern=__tests__/security` |
+| `vitest` | `sample.exploit.test.vitest.js` | `vitest run __tests__/security` |
+| `mocha` | `sample.exploit.test.js` | `mocha '__tests__/security/**/*.spec.js'` |
+| `pytest.ini` / `pyproject.toml` | `sample.exploit.test.pytest.py` | `pytest tests/security/ -v` |
+| `go.mod` | `sample.exploit.test.go` | `go test ./security/... -v` |
 
 ## Usage
 
-Once installed, you can trigger the autonomous audit in your Anti-Gravity chat using the provided slash command:
+Once installed, trigger the autonomous audit in your agent:
 
 ```text
 /tdd-audit
 ```
 
-This will instruct the agent to:
-1. Explore the designated structure to find any vulnerabilities.
-2. Exploit the vulnerability with a failing test (Red).
-3. Patch the flaw to make the test pass (Green).
-4. Ensure no regressions occur (Refactor).
+The agent will:
+1. Scan the codebase and present a severity-ranked findings report (CRITICAL / HIGH / MEDIUM / LOW)
+2. Wait for your confirmation before making any changes
+3. For each confirmed vulnerability, apply the full Red-Green-Refactor loop:
+   - **Red** — write an exploit test that fails, proving the vulnerability exists
+   - **Green** — apply the targeted patch, making the test pass
+   - **Refactor** — run the full suite to confirm no regressions
+4. Deliver a final Remediation Summary table
+
+The agent works one vulnerability at a time and does not advance until the current one is fully proven closed.
+
+## Running security tests manually
+
+```bash
+# Node.js
+npm run test:security
+
+# Python
+pytest tests/security/ -v
+
+# Go
+go test ./security/... -v
+```
+
+## CI/CD
+
+The installer creates `.github/workflows/security-tests.yml` for your stack. It runs on every pull request targeting `main` — any exploit test that regresses will block the merge.
+
+To add this gate to an existing CI pipeline manually:
+
+```yaml
+- name: Run security exploit tests
+  run: npm run test:security   # or pytest tests/security/, or go test ./security/...
+```
+
+## Pre-commit Hook
+
+The `--with-hooks` flag appends a security gate to `.git/hooks/pre-commit`. Commits are blocked if any exploit test fails:
+
+```
+❌ Security tests failed. Commit blocked.
+```
+
+The hook is non-destructive — it appends to any existing hook content rather than overwriting it.
 
 ## License
 

package/SKILL.md

@@ -9,13 +9,13 @@ Applying Test-Driven Development (TDD) to code that has already been generated r
 
 ## Autonomous Audit Mode
 If the user asks you to "Run the TDD Remediation Auto-Audit" or asks you to implement this on your own:
-1. **Explore**: Proactively use your tools (like `grep_search`, `view_file`, and `list_dir`) to scan the user's repository. Focus on `controllers/`, `routes/`, `api/`, and database files. Search for anti-patterns: missing authorization checks, unparameterized SQL queries, and lack of sanitization.
-2. **Plan**: Identify the active vulnerabilities and outline them to the user.
-3. **Self-Implement**: For *each* vulnerability found, autonomously execute the complete 3-phase protocol:
+1. **Explore**: Proactively use `Glob`, `Grep`, and `Read` to scan the repository. Focus on `controllers/`, `routes/`, `api/`, `middleware/`, and database files. Search for anti-patterns: unparameterized SQL queries, missing ownership checks, unsafe HTML rendering, and command injection sinks. Full search patterns are in [auto-audit.md](./prompts/auto-audit.md).
+2. **Plan**: Present a structured list of vulnerabilities (grouped by severity: CRITICAL / HIGH / MEDIUM / LOW) and get confirmation before making any changes.
+3. **Self-Implement**: For *each* confirmed vulnerability, autonomously execute the complete 3-phase protocol:
    - **[Phase 1 (Red)](./prompts/red-phase.md)**: Write the exploit test ensuring it fails.
    - **[Phase 2 (Green)](./prompts/green-phase.md)**: Write the security patch ensuring the test passes.
-   - **[Phase 3 (Refactor)](./prompts/refactor-phase.md)**: Clean the code and ensure no business logic broke.
-Move methodically through the vulnerabilities one by one.
+   - **[Phase 3 (Refactor)](./prompts/refactor-phase.md)**: Run the full test suite and ensure no business logic broke.
+Move methodically through vulnerabilities one by one, CRITICAL-first. Do not advance until the current vulnerability is fully remediated.
 
 ---
 

package/index.js

@@ -4,56 +4,268 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 
-const isLocal = process.argv.includes('--local');
+const args = process.argv.slice(2);
+const isLocal = args.includes('--local');
+const isClaude = args.includes('--claude');
+const withHooks = args.includes('--with-hooks');
+const skipScan = args.includes('--skip-scan');
+
 const agentBaseDir = isLocal ? process.cwd() : os.homedir();
+const agentDirName = isClaude ? '.claude' : '.agents';
+const projectDir = process.cwd();
+
+const targetSkillDir = path.join(agentBaseDir, agentDirName, 'skills', 'tdd-remediation');
+const targetWorkflowDir = path.join(agentBaseDir, agentDirName, 'workflows');
+
+// ─── 1. Framework Detection ──────────────────────────────────────────────────
+
+function detectFramework() {
+  const pkgPath = path.join(projectDir, 'package.json');
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+      const deps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+      if (deps.vitest) return 'vitest';
+      if (deps.jest || deps.supertest) return 'jest';
+      if (deps.mocha) return 'mocha';
+    } catch {}
+  }
+  if (
+    fs.existsSync(path.join(projectDir, 'pytest.ini')) ||
+    fs.existsSync(path.join(projectDir, 'pyproject.toml')) ||
+    fs.existsSync(path.join(projectDir, 'setup.py')) ||
+    fs.existsSync(path.join(projectDir, 'requirements.txt'))
+  ) return 'pytest';
+  if (fs.existsSync(path.join(projectDir, 'go.mod'))) return 'go';
+  return 'jest';
+}
+
+const framework = detectFramework();
+
+// ─── 2. Test Directory Detection ─────────────────────────────────────────────
+
+function detectTestBaseDir() {
+  // Respect an existing convention before inventing one
+  const candidates = ['__tests__', 'tests', 'test', 'spec'];
+  for (const dir of candidates) {
+    if (fs.existsSync(path.join(projectDir, dir))) return dir;
+  }
+  // Framework-informed defaults when no directory exists yet
+  if (framework === 'pytest') return 'tests';
+  if (framework === 'go') return 'test';
+  return '__tests__';
+}
 
-const targetSkillDir = path.join(agentBaseDir, '.agents', 'skills', 'tdd-remediation');
-const targetWorkflowDir = path.join(agentBaseDir, '.agents', 'workflows');
-const targetTestDir = path.join(process.cwd(), '__tests__', 'security');
+const testBaseDir = detectTestBaseDir();
+const targetTestDir = path.join(projectDir, testBaseDir, 'security');
 
-console.log(`Installing TDD Remediation Skill (${isLocal ? 'Local' : 'Global'})...`);
+// ─── 3. Quick Scan ───────────────────────────────────────────────────────────
 
-// 1. Install the Skill
-if (!fs.existsSync(targetSkillDir)) {
-  fs.mkdirSync(targetSkillDir, { recursive: true });
+const VULN_PATTERNS = [
+  { name: 'SQL Injection',     severity: 'CRITICAL', pattern: /(`SELECT[^`]*\$\{|"SELECT[^"]*"\s*\+|execute\(f"|cursor\.execute\(.*%s|\.query\(`[^`]*\$\{)/i },
+  { name: 'Command Injection', severity: 'CRITICAL', pattern: /\bexec(Sync)?\s*\(.*req\.(params|body|query)|subprocess\.(run|Popen|call)\([^)]*shell\s*=\s*True/i },
+  { name: 'IDOR',              severity: 'HIGH',     pattern: /findById\s*\(\s*req\.(params|body|query)\.|findOne\s*\(\s*\{[^}]*id\s*:\s*req\.(params|body|query)/i },
+  { name: 'XSS',               severity: 'HIGH',     pattern: /[^/]innerHTML\s*=(?!=)|dangerouslySetInnerHTML\s*=\s*\{\{|document\.write\s*\(|res\.send\s*\(`[^`]*\$\{req\./i },
+  { name: 'Path Traversal',    severity: 'HIGH',     pattern: /(readFile|sendFile|createReadStream|open)\s*\(.*req\.(params|body|query)|path\.join\s*\([^)]*req\.(params|body|query)/i },
+  { name: 'Broken Auth',       severity: 'HIGH',     pattern: /jwt\.decode\s*\((?![^;]*\.verify)|verify\s*:\s*false|secret\s*=\s*['"][a-z0-9]{1,20}['"]/i },
+];
+
+const SCAN_EXTENSIONS = new Set(['.js', '.ts', '.jsx', '.tsx', '.mjs', '.py', '.go']);
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', 'out', '__pycache__', 'venv', '.venv', 'vendor']);
+
+function* walkFiles(dir) {
+  let entries;
+  try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+  for (const entry of entries) {
+    if (SKIP_DIRS.has(entry.name)) continue;
+    const fullPath = path.join(dir, entry.name);
+    if (entry.isDirectory()) yield* walkFiles(fullPath);
+    else if (SCAN_EXTENSIONS.has(path.extname(entry.name))) yield fullPath;
+  }
 }
 
-// Copy the specific skill files and directories
-const filesToCopy = ['SKILL.md', 'prompts', 'templates'];
-for (const item of filesToCopy) {
-  const sourcePath = path.join(__dirname, item);
-  const targetPath = path.join(targetSkillDir, item);
-  if (fs.existsSync(sourcePath)) {
-    fs.cpSync(sourcePath, targetPath, { recursive: true });
+function quickScan() {
+  const findings = [];
+  for (const filePath of walkFiles(projectDir)) {
+    let lines;
+    try { lines = fs.readFileSync(filePath, 'utf8').split('\n'); } catch { continue; }
+    for (let i = 0; i < lines.length; i++) {
+      for (const vuln of VULN_PATTERNS) {
+        if (vuln.pattern.test(lines[i])) {
+          findings.push({
+            severity: vuln.severity,
+            name: vuln.name,
+            file: path.relative(projectDir, filePath),
+            line: i + 1,
+            snippet: lines[i].trim().slice(0, 80),
+          });
+          break; // one finding per line
+        }
+      }
+    }
   }
+  return findings;
 }
 
-// 2. Scaffold the security-tests directory
+function printFindings(findings) {
+  if (findings.length === 0) {
+    console.log('   ✅ No obvious vulnerability patterns detected.\n');
+    return;
+  }
+  const bySeverity = { CRITICAL: [], HIGH: [], MEDIUM: [], LOW: [] };
+  for (const f of findings) (bySeverity[f.severity] || bySeverity.LOW).push(f);
+  const icons = { CRITICAL: '🔴', HIGH: '🟠', MEDIUM: '🟡', LOW: '🔵' };
+
+  console.log(`\n   Found ${findings.length} potential issue(s):\n`);
+  for (const [sev, list] of Object.entries(bySeverity)) {
+    if (!list.length) continue;
+    for (const f of list) {
+      console.log(`   ${icons[sev]} [${sev}] ${f.name} — ${f.file}:${f.line}`);
+      console.log(`         ${f.snippet}`);
+    }
+  }
+  console.log('\n   Run /tdd-audit in your agent to remediate.\n');
+}
+
+// ─── 4. Install Skill Files ───────────────────────────────────────────────────
+
+console.log(`\nInstalling TDD Remediation Skill (${isLocal ? 'local' : 'global'}, framework: ${framework}, test dir: ${testBaseDir}/)...\n`);
+
+if (!fs.existsSync(targetSkillDir)) fs.mkdirSync(targetSkillDir, { recursive: true });
+
+for (const item of ['SKILL.md', 'prompts', 'templates']) {
+  const src = path.join(__dirname, item);
+  const dest = path.join(targetSkillDir, item);
+  if (fs.existsSync(src)) fs.cpSync(src, dest, { recursive: true });
+}
+
+// ─── 5. Scaffold Security Test Boilerplate ────────────────────────────────────
+
 if (!fs.existsSync(targetTestDir)) {
   fs.mkdirSync(targetTestDir, { recursive: true });
-  console.log(`Created security test directory at ${targetTestDir}`);
+  console.log(`✅ Created ${path.relative(projectDir, targetTestDir)}/`);
 }
 
-const sourceTestFile = path.join(__dirname, 'templates', 'sample.exploit.test.js');
-const targetTestFile = path.join(targetTestDir, 'sample.exploit.test.js');
+const testTemplateMap = {
+  jest:   'sample.exploit.test.js',
+  vitest: 'sample.exploit.test.vitest.js',
+  mocha:  'sample.exploit.test.js',
+  pytest: 'sample.exploit.test.pytest.py',
+  go:     'sample.exploit.test.go',
+};
+
+const testTemplateName = testTemplateMap[framework];
+const srcTest = path.join(__dirname, 'templates', testTemplateName);
+const destTest = path.join(targetTestDir, testTemplateName);
+
+if (!fs.existsSync(destTest) && fs.existsSync(srcTest)) {
+  fs.copyFileSync(srcTest, destTest);
+  console.log(`✅ Scaffolded ${path.relative(projectDir, destTest)}`);
+}
 
-if (!fs.existsSync(targetTestFile)) {
-  fs.copyFileSync(sourceTestFile, targetTestFile);
-  console.log(`Scaffolded boilerplate exploit test at ${targetTestFile}`);
+// ─── 6. Install Workflow Shortcode ────────────────────────────────────────────
+
+if (!fs.existsSync(targetWorkflowDir)) fs.mkdirSync(targetWorkflowDir, { recursive: true });
+const srcWorkflow = path.join(__dirname, 'workflows', 'tdd-audit.md');
+const destWorkflow = path.join(targetWorkflowDir, 'tdd-audit.md');
+if (fs.existsSync(srcWorkflow)) {
+  fs.copyFileSync(srcWorkflow, destWorkflow);
+  console.log(`✅ Installed /tdd-audit workflow shortcode`);
+}
+
+// ─── 7. Inject test:security into package.json ────────────────────────────────
+
+const pkgPath = path.join(projectDir, 'package.json');
+if (framework !== 'pytest' && framework !== 'go' && fs.existsSync(pkgPath)) {
+  try {
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    if (!pkg.scripts?.['test:security']) {
+      pkg.scripts = pkg.scripts || {};
+      const secDir = `${testBaseDir}/security`;
+      pkg.scripts['test:security'] = {
+        jest:   `jest --testPathPattern=${secDir} --forceExit`,
+        vitest: `vitest run ${secDir}`,
+        mocha:  `mocha '${secDir}/**/*.spec.js'`,
+      }[framework] || `jest --testPathPattern=${secDir} --forceExit`;
+      fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+      console.log(`✅ Added "test:security" script to package.json`);
+    } else {
+      console.log(`   "test:security" already in package.json — skipped`);
+    }
+  } catch (e) {
+    console.warn(`   ⚠️  Could not update package.json: ${e.message}`);
+  }
 }
 
-// 3. Install the workflow shortcode
-if (!fs.existsSync(targetWorkflowDir)) {
-  fs.mkdirSync(targetWorkflowDir, { recursive: true });
+// ─── 8. Scaffold CI Workflow ─────────────────────────────────────────────────
+
+const ciWorkflowDir = path.join(projectDir, '.github', 'workflows');
+const ciWorkflowPath = path.join(ciWorkflowDir, 'security-tests.yml');
+
+if (!fs.existsSync(ciWorkflowPath)) {
+  const ciTemplateMap = {
+    jest:   'security-tests.node.yml',
+    vitest: 'security-tests.node.yml',
+    mocha:  'security-tests.node.yml',
+    pytest: 'security-tests.python.yml',
+    go:     'security-tests.go.yml',
+  };
+  const ciTemplatePath = path.join(__dirname, 'templates', 'workflows', ciTemplateMap[framework]);
+  if (fs.existsSync(ciTemplatePath)) {
+    fs.mkdirSync(ciWorkflowDir, { recursive: true });
+    fs.copyFileSync(ciTemplatePath, ciWorkflowPath);
+    console.log(`✅ Scaffolded .github/workflows/security-tests.yml`);
+  }
+} else {
+  console.log(`   .github/workflows/security-tests.yml already exists — skipped`);
+}
+
+// ─── 9. Pre-commit Hook (opt-in) ─────────────────────────────────────────────
+
+if (withHooks) {
+  const gitDir = path.join(projectDir, '.git');
+  if (fs.existsSync(gitDir)) {
+    const hooksDir = path.join(gitDir, 'hooks');
+    if (!fs.existsSync(hooksDir)) fs.mkdirSync(hooksDir);
+    const hookPath = path.join(hooksDir, 'pre-commit');
+
+    const testCmd = {
+      pytest: 'pytest tests/security/ -q',
+      go:     'go test ./security/... -v',
+    }[framework] || 'npm run test:security --silent';
+
+    const injection = [
+      '# tdd-remediation: security gate',
+      testCmd,
+      'if [ $? -ne 0 ]; then',
+      '  printf "\\n\\033[0;31m❌ Security tests failed. Commit blocked.\\033[0m\\n"',
+      '  exit 1',
+      'fi',
+      '',
+    ].join('\n');
+
+    const existing = fs.existsSync(hookPath) ? fs.readFileSync(hookPath, 'utf8') : '#!/bin/sh\n';
+    if (existing.includes('tdd-remediation')) {
+      console.log(`   Pre-commit hook already has security gate — skipped`);
+    } else {
+      const newContent = existing.trimEnd() + '\n\n' + injection;
+      fs.writeFileSync(hookPath, newContent);
+      fs.chmodSync(hookPath, '755');
+      console.log(`✅ Installed pre-commit hook (.git/hooks/pre-commit)`);
+    }
+  } else {
+    console.warn(`   ⚠️  No .git directory found — skipping pre-commit hook`);
+  }
 }
 
-const sourceWorkflowFile = path.join(__dirname, 'workflows', 'tdd-audit.md');
-const targetWorkflowFile = path.join(targetWorkflowDir, 'tdd-audit.md');
+// ─── 10. Quick Scan ──────────────────────────────────────────────────────────
 
-if (fs.existsSync(sourceWorkflowFile)) {
-  fs.copyFileSync(sourceWorkflowFile, targetWorkflowFile);
-  console.log(`Installed shortcode workflow at ${targetWorkflowFile}`);
+if (!skipScan) {
+  process.stdout.write('\n🔍 Scanning for vulnerability patterns...');
+  const findings = quickScan();
+  process.stdout.write('\n');
+  printFindings(findings);
 }
 
-console.log(`Successfully installed TDD Remediation skill to ${targetSkillDir}`);
-console.log('You can now use `/tdd-audit` in your Anti-Gravity chat!');
+console.log(`\nSkill installed to ${path.relative(os.homedir(), targetSkillDir)}`);
+console.log('Run /tdd-audit in your agent to begin remediation.\n');

package/package.json

@@ -1,13 +1,40 @@
 {
   "name": "@lhi/tdd-audit",
-  "version": "1.0.0",
-  "description": "Anti-Gravity Skill for TDD Remediation",
+  "version": "1.1.1",
+  "description": "Anti-Gravity Skill for TDD Remediation. Patches security vulnerabilities using a Red-Green-Refactor protocol with automated exploit tests.",
   "main": "index.js",
   "bin": {
-    "tdd-audit": "./index.js"
+    "tdd-audit": "index.js"
   },
+  "files": [
+    "index.js",
+    "SKILL.md",
+    "prompts/",
+    "templates/",
+    "workflows/",
+    "README.md",
+    "LICENSE"
+  ],
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "node index.js --local --skip-scan && echo 'Smoke test passed'",
+    "test:security": "jest --testPathPattern=__tests__/security --forceExit"
+  },
+  "keywords": [
+    "security",
+    "tdd",
+    "test-driven-development",
+    "vulnerability",
+    "remediation",
+    "exploit",
+    "red-green-refactor",
+    "owasp",
+    "audit",
+    "claude",
+    "ai-agent",
+    "skill"
+  ],
+  "engines": {
+    "node": ">=16.7.0"
   },
   "author": "Kyra Lee",
   "license": "MIT"

package/prompts/auto-audit.md

@@ -1,19 +1,120 @@
 # TDD Remediation: Auto-Audit Mode
 
-When invoked in Auto-Audit mode, you must proactively secure the user's entire repository without waiting for explicit files to be provided.
+When invoked in Auto-Audit mode, proactively secure the user's entire repository without waiting for explicit files to be provided.
 
 ## Phase 0: Discovery
-1. **Explore the Architecture**: Use your `list_dir` and `view_file` tools to understand the project structure. Look for directories named `controllers`, `routes`, `api`, `services`, or `models`.
-2. **Search for Anti-Patterns**: Use your `grep_search` tool to look for common vulnerabilities:
-   - *SQL Injection*: Search for raw query strings, e.g., `` `SELECT * FROM users WHERE id = ${req.body.id}` ``
-   - *IDOR*: Search for direct lookups without tenant or user ID checks.
-   - *XSS*: Search for raw HTML rendering `innerHTML`, `dangerouslySetInnerHTML`, or similar sinks.
-3. **Present Findings**: Provide a list of identified vulnerabilities to the user before proceeding.
-
-## Phase 1 to 3: Remediation Engine
-For each vulnerability approved for fixing, you must rigorously apply the RED-GREEN-REFACTOR protocol:
-1. **[RED](./red-phase.md)**: Write the exploit test in `__tests__/security/` and run it to prove the vulnerability exists.
-2. **[GREEN](./green-phase.md)**: Write the patch and run the tests to prove the exploit is blocked.
-3. **[REFACTOR](./refactor-phase.md)**: Ensure standard functionality is maintained and existing tests pass.
-
-Do not move to the next vulnerability until the current one is fully remediated and tested.
+
+### 0a. Explore the Architecture
+Use `Glob` and `Read` to understand the project structure. Focus on:
+- `controllers/`, `routes/`, `api/`, `handlers/` — request entry points
+- `services/`, `models/`, `db/`, `repositories/` — data access
+- `middleware/`, `utils/`, `helpers/`, `lib/` — shared utilities
+- Config files: `*.env`, `config.js`, `settings.py` — secrets and security settings
+
+### 0b. Search for Anti-Patterns
+Use `Grep` with the following patterns to surface candidates. Read the matched files to confirm before reporting.
+
+**SQL Injection**
+```
+`SELECT.*\$\{          # template literal SQL (JS/TS)
+"SELECT.*" \+          # string concatenation SQL (Java/Python/JS)
+execute\(f"           # f-string SQL (Python)
+cursor\.execute\(.*%  # %-formatted SQL (Python)
+raw\(                 # Django raw() queries
+\.query\(`            # tagged template DB calls
+```
+
+**IDOR / Missing Ownership Checks**
+```
+findById\(req\.       # lookup directly from request params without user scope
+params\.id            # request param used in a DB lookup
+req\.body\.userId     # trusting client-supplied user ID
+findOne\(\{.*id:.*req # DB findOne keyed only to request param
+```
+
+**XSS / Unsafe Rendering**
+```
+innerHTML\s*=         # direct DOM write
+dangerouslySetInnerHTML  # React unsafe HTML
+\.write\(             # document.write
+res\.send\(.*req\.    # reflecting request data directly into response
+render_template_string  # Flask dynamic template with user input
+```
+
+**Command Injection**
+```
+exec\(.*req\.         # exec with request data
+execSync\(.*req\.     # execSync with request data
+shell=True            # Python subprocess with shell=True
+child_process         # review all child_process usages
+```
+
+**Path Traversal**
+```
+readFile.*req\.       # file read from request param
+sendFile.*req\.       # file send from request param
+join.*req\.params     # path.join with user input
+open\(.*request\.     # Python file open with request data
+```
+
+**Broken Authentication**
+```
+jwt\.decode\(         # JWT decoded but not verified
+verify.*false         # verification disabled
+secret.*=.*['"]      # hardcoded secrets
+Bearer.*hardcoded    # hardcoded tokens
+```
+
+**Missing Rate Limiting**
+```
+router\.(post|put|delete)  # mutation routes (check for rate-limit middleware)
+app\.post\(           # POST handlers (check for rate-limit middleware)
+```
+
+### 0c. Present Findings
+Before touching any code, output a structured **Audit Report** with this format:
+
+```
+## Audit Findings
+
+### CRITICAL
+- [ ] [SQLi] `src/routes/users.js:34` — raw template literal in SELECT query
+- [ ] [IDOR] `src/controllers/docs.js:87` — findById(req.params.id) with no ownership check
+
+### HIGH
+- [ ] [XSS] `src/api/comments.js:52` — req.body.content reflected via res.send()
+- [ ] [CmdInj] `src/utils/export.js:19` — exec() called with req.body.filename
+
+### MEDIUM
+- [ ] [PathTraversal] `src/routes/files.js:41` — path.join with req.params.name, no bounds check
+- [ ] [BrokenAuth] `src/middleware/auth.js:12` — JWT decoded without signature verification
+
+### LOW / INFORMATIONAL
+- [ ] [RateLimit] `src/routes/auth.js` — /login endpoint has no rate limiting
+```
+
+Ask the user to confirm the list before beginning remediation. If they say "fix all" or "proceed", work through them top-down (CRITICAL first).
+
+---
+
+## Phase 1–3: Remediation Engine
+
+For **each** confirmed vulnerability, rigorously apply the RED-GREEN-REFACTOR protocol in order:
+
+1. **[RED](./red-phase.md)**: Write the exploit test in the project's security test directory (e.g., `tests/security/`, `__tests__/security/`, `test/security/` — wherever the installer scaffolded the boilerplate) and run it to prove the vulnerability exists (test must fail).
+2. **[GREEN](./green-phase.md)**: Apply the targeted patch. Run the exploit test — it must now pass.
+3. **[REFACTOR](./refactor-phase.md)**: Run the full test suite. All tests must be green before moving on.
+
+**Do not move to the next vulnerability until the current one is fully remediated and all tests pass.**
+
+After all vulnerabilities are addressed, output a final **Remediation Summary**:
+
+```
+## Remediation Summary
+
+| Vulnerability | File | Status | Test File |
+|---|---|---|---|
+| SQLi | src/routes/users.js:34 | ✅ Fixed | __tests__/security/sqli-users.test.js |
+| IDOR | src/controllers/docs.js:87 | ✅ Fixed | __tests__/security/idor-docs.test.js |
+| XSS  | src/api/comments.js:52  | ✅ Fixed | __tests__/security/xss-comments.test.js |
+```

package/prompts/green-phase.md

@@ -1,12 +1,210 @@
 # TDD Remediation: The Patch (Green Phase)
 
-Once the failing test is committed to the codebase, it is time to write the remediation code.
+Once the failing exploit test is committed, write the minimum code required to make it pass. Do not over-engineer — a targeted fix is safer than a rewrite.
 
 ## Action
-Apply the AI-generated security patch to the relevant routes, database configurations, sanitization utilities, or controllers.
+Apply a security patch to the relevant routes, middleware, database layer, or sanitization utilities. Run the test suite. The exploit test from Phase 1 (Red) must now pass.
 
 ## Protocol
-Run the test suite again. The exploit test from **Phase 1 (Red)** must now be blocked gracefully resulting in a passing test suite.
+1. Identify the **root cause** — not just the symptom. A 500 error is not a security fix.
+2. Apply the narrowest patch that closes the vulnerability.
+3. Run the full test suite. The exploit test must pass AND all pre-existing tests must remain green.
+4. If the test still fails, your patch is incomplete — do not move on.
 
 ## Goal
-Prove definitively that the specific vulnerability is patched without relying on manual clicking, guessing, or superficial UI changes. If the test still fails, your security fix is incomplete.
+Prove definitively that the specific vulnerability is closed without relying on manual testing, guessing, or superficial UI changes.
+
+---
+
+## Vulnerability-Specific Patch Strategies
+
+### IDOR (Insecure Direct Object Reference) / Tenant Isolation
+
+**Root cause:** Resource lookups that use a user-supplied ID without verifying ownership.
+
+**Fix:** Scope every database query to the authenticated user's ID or tenant ID. Never trust the client.
+
+```javascript
+// BEFORE (vulnerable)
+const record = await db.records.findById(req.params.id);
+
+// AFTER (patched)
+const record = await db.records.findOne({
+  id: req.params.id,
+  userId: req.user.id, // enforce ownership at query level
+});
+if (!record) return res.status(403).json({ error: 'Forbidden' });
+```
+
+```python
+# BEFORE (vulnerable)
+record = db.query(Record).filter(Record.id == record_id).first()
+
+# AFTER (patched)
+record = db.query(Record).filter(
+    Record.id == record_id,
+    Record.user_id == current_user.id  # enforce ownership
+).first()
+if not record:
+    raise HTTPException(status_code=403, detail="Forbidden")
+```
+
+**Libraries:** Built-in ORM scoping; no extra library needed.
+
+---
+
+### XSS (Cross-Site Scripting)
+
+**Root cause:** User input is reflected into HTML, JS, or DOM without encoding or sanitization.
+
+**Fix options (choose the appropriate layer):**
+- **Storage:** Sanitize on write using a safe library.
+- **Rendering:** Escape on output; never use `innerHTML` with user data.
+- **API responses:** Set `Content-Type: application/json` strictly; never reflect raw input.
+
+```javascript
+// BEFORE (vulnerable — Express)
+res.send(`<p>Hello ${req.query.name}</p>`);
+
+// AFTER — Option A: escape on output
+const escapeHtml = require('escape-html');
+res.send(`<p>Hello ${escapeHtml(req.query.name)}</p>`);
+
+// AFTER — Option B: sanitize rich HTML (for WYSIWYG content)
+const DOMPurify = require('isomorphic-dompurify');
+const clean = DOMPurify.sanitize(req.body.content, { ALLOWED_TAGS: ['b', 'i', 'em'] });
+res.json({ content: clean });
+```
+
+```python
+# BEFORE (vulnerable — Flask/Jinja2 with autoescape disabled)
+return render_template_string(f"<p>{user_input}</p>")
+
+# AFTER — Jinja2 autoescape handles it; force it on
+from markupsafe import escape
+return f"<p>{escape(user_input)}</p>"
+
+# For sanitizing rich HTML
+import bleach
+clean = bleach.clean(user_input, tags=['b', 'i', 'em'], strip=True)
+```
+
+**Libraries:** `escape-html`, `isomorphic-dompurify` (Node); `markupsafe`, `bleach` (Python).
+
+---
+
+### SQL Injection
+
+**Root cause:** User input is concatenated directly into a SQL query string.
+
+**Fix:** Use parameterized queries or ORM methods exclusively. Never build SQL strings from user input.
+
+```javascript
+// BEFORE (vulnerable)
+const result = await db.query(`SELECT * FROM users WHERE email = '${email}'`);
+
+// AFTER — parameterized (node-postgres / pg)
+const result = await db.query('SELECT * FROM users WHERE email = $1', [email]);
+
+// AFTER — ORM (Sequelize / Prisma)
+const user = await User.findOne({ where: { email } }); // safe by default
+```
+
+```python
+# BEFORE (vulnerable)
+cursor.execute(f"SELECT * FROM users WHERE email = '{email}'")
+
+# AFTER — parameterized
+cursor.execute("SELECT * FROM users WHERE email = %s", (email,))
+
+# AFTER — ORM (SQLAlchemy)
+user = db.query(User).filter(User.email == email).first()
+```
+
+**Libraries:** Use your existing ORM. Never use raw string interpolation for queries.
+
+---
+
+### Command Injection
+
+**Root cause:** User input is passed to `exec`, `spawn`, `subprocess.run(shell=True)`, or similar without validation.
+
+**Fix:** Use argument arrays (never shell strings), allowlists, or eliminate the shell call entirely.
+
+```javascript
+// BEFORE (vulnerable)
+const { exec } = require('child_process');
+exec(`convert ${req.body.filename} output.png`); // shell injection possible
+
+// AFTER — use execFile/spawn with argument array (no shell)
+const { execFile } = require('child_process');
+const safeName = path.basename(req.body.filename); // strip path traversal too
+execFile('convert', [safeName, 'output.png']); // no shell expansion
+```
+
+```python
+# BEFORE (vulnerable)
+subprocess.run(f"ffmpeg -i {filename} output.mp4", shell=True)
+
+# AFTER — argument list, no shell
+import subprocess, os
+safe_name = os.path.basename(filename)
+subprocess.run(["ffmpeg", "-i", safe_name, "output.mp4"])  # shell=False by default
+```
+
+---
+
+### Path Traversal
+
+**Root cause:** User-supplied file paths are used to read/write files without normalization or bounds checking.
+
+**Fix:** Normalize the path and assert it stays within the allowed directory.
+
+```javascript
+// BEFORE (vulnerable)
+const filePath = path.join(__dirname, 'uploads', req.params.filename);
+res.sendFile(filePath); // '../../../etc/passwd' bypass possible
+
+// AFTER
+const UPLOADS_DIR = path.resolve(__dirname, 'uploads');
+const requested = path.resolve(UPLOADS_DIR, req.params.filename);
+if (!requested.startsWith(UPLOADS_DIR + path.sep)) {
+  return res.status(400).json({ error: 'Invalid path' });
+}
+res.sendFile(requested);
+```
+
+```python
+# AFTER (Python)
+import os
+UPLOADS_DIR = os.path.realpath("uploads")
+requested = os.path.realpath(os.path.join(UPLOADS_DIR, filename))
+if not requested.startswith(UPLOADS_DIR + os.sep):
+    raise HTTPException(status_code=400, detail="Invalid path")
+```
+
+---
+
+### Broken Authentication / Missing Authorization Middleware
+
+**Root cause:** Routes lack authentication checks, or JWTs/sessions are not validated on sensitive endpoints.
+
+**Fix:** Apply authentication middleware globally and opt routes out explicitly, rather than opting in per route.
+
+```javascript
+// AFTER — Express: apply auth globally, then define public routes above it
+app.get('/health', (req, res) => res.send('ok')); // public
+app.use(requireAuth); // all routes below are protected
+
+// Middleware
+function requireAuth(req, res, next) {
+  const token = req.headers.authorization?.split(' ')[1];
+  if (!token) return res.status(401).json({ error: 'Unauthorized' });
+  try {
+    req.user = jwt.verify(token, process.env.JWT_SECRET);
+    next();
+  } catch {
+    return res.status(401).json({ error: 'Invalid token' });
+  }
+}
+```

package/prompts/red-phase.md

@@ -17,32 +17,106 @@ Establish a measurable baseline. You now have a weaponized test case.
 ## Vulnerability-Specific Strategies
 
 ### IDOR (Insecure Direct Object Reference) / Tenant Isolation
-Assert that User A receives a 403 Forbidden or 404 Not Found when trying to manipulate User B's resources.
-* **Jest/Supertest:** `expect(response.status).toBe(403);`
-* **Playwright:** Verify the UI displays an unauthorized banner instead of loading the other user's dashboard.
+Authenticate as User B and request a resource that belongs to User A using its ID directly.
+Assert a 403 Forbidden or 404 Not Found — not a 200 returning someone else's data.
+```javascript
+// Jest/Supertest
+const res = await request(app)
+  .get(`/api/documents/${userA_doc_id}`)
+  .set('Authorization', `Bearer ${userB_token}`);
+expect(res.status).toBe(403); // currently returns 200 with userA's data — RED
+```
+```python
+# PyTest
+def test_idor_exploit(client, user_b_token, user_a_resource_id):
+    res = client.get(f'/api/documents/{user_a_resource_id}',
+                     headers={'Authorization': f'Bearer {user_b_token}'})
+    assert res.status_code == 403  # currently 200 — RED
+```
 
 ### XSS (Cross-Site Scripting)
-Submit an aggressive payload like `<script>alert(1)</script>` or `<img src=x onerror=alert(1)>`.
-* **Jest/Supertest:** Assert that the raw response body either HTML-escapes the payload (`&lt;script&gt;`) or rejects the input entirely.
-* **Playwright:** Attempt to inject the payload in a form field and verify that the script is not evaluated in the DOM.
+Submit `<script>alert(1)</script>` or `<img src=x onerror=alert(1)>` as user input.
+Assert the raw response body either HTML-escapes the payload or rejects the input entirely.
+```javascript
+const payload = '<script>alert(1)</script>';
+const res = await request(app).post('/api/comments').send({ body: payload });
+// Should be escaped in the response — currently reflected raw — RED
+expect(res.body.comment.body).not.toContain('<script>');
+expect(res.body.comment.body).toContain('&lt;script&gt;');
+```
 
 ### SQL Injection
-Submit payloads attempting tautologies (e.g., `' OR 1=1 --`) or union-based extraction.
-* **Assertion:** Expect a 400 Bad Request or parameter rejection, and verify that the database did not actually execute the malformed query or return all records.
+Submit tautology payloads (`' OR '1'='1`) or union-based extraction attempts.
+Assert a 400 Bad Request or that the response does not return all records.
+```javascript
+const res = await request(app)
+  .get('/api/users')
+  .query({ email: "' OR '1'='1" });
+expect(res.status).toBe(400);         // currently 200 with all user records — RED
+expect(res.body.users).toBeUndefined();
+```
+```python
+def test_sql_injection(client):
+    res = client.get('/api/users', params={'email': "' OR '1'='1"})
+    assert res.status_code == 400  # currently 200 returning all users — RED
+```
+
+### Command Injection
+Submit shell metacharacters in input that gets passed to a shell command.
+Assert the dangerous characters are rejected (400) — not executed.
+```javascript
+const res = await request(app)
+  .post('/api/export')
+  .send({ filename: 'report.pdf; rm -rf /tmp/test' });
+expect(res.status).toBe(400); // currently executes the command — RED
+```
+
+### Path Traversal
+Submit a `../` sequence in a file path parameter.
+Assert a 400 Bad Request or that the server does not serve files outside the uploads directory.
+```javascript
+const res = await request(app)
+  .get('/api/files/download')
+  .query({ name: '../../../etc/passwd' });
+expect(res.status).toBe(400); // currently returns file contents — RED
+```
+
+### Broken Authentication (Unprotected Route)
+Call a protected endpoint with no Authorization header.
+Assert a 401 Unauthorized — not a 200 with data.
+```javascript
+const res = await request(app).get('/api/admin/users'); // no auth header
+expect(res.status).toBe(401); // currently returns 200 — RED
+```
 
 ---
 
-## Framework Templates to Provide
+## Framework Templates
 
 ### Jest / Supertest (Node.js)
 ```javascript
-const response = await request(app).post('/api/endpoint').send({ exploit: true });
-expect(response.status).toBe(403); // Fails because it currently returns 200
+const request = require('supertest');
+const app = require('../../app');
+
+describe('[VulnType] - Red Phase', () => {
+  it('SHOULD block [exploit description]', async () => {
+    const res = await request(app)
+      .post('/api/vulnerable-endpoint')
+      .send({ input: '<exploit payload>' });
+
+    expect(res.status).toBe(403); // currently 200 — this test MUST fail (Red)
+    expect(res.body.data).not.toContain('<exploit payload>');
+  });
+});
 ```
 
-### PyTest (Python)
+### PyTest (Python / FastAPI / Flask)
 ```python
-def test_idor_exploit(client, user_b_token):
-    response = client.get('/api/user_a_resource/', headers={'Authorization': f'Bearer {user_b_token}'})
-    assert response.status_code == 403 # Fails because it currently returns 200
+def test_vuln_type_exploit(client, attacker_token):
+    response = client.post(
+        '/api/vulnerable-endpoint',
+        json={'input': '<exploit payload>'},
+        headers={'Authorization': f'Bearer {attacker_token}'}
+    )
+    assert response.status_code == 403  # currently 200 — RED
 ```

package/prompts/refactor-phase.md

@@ -1,14 +1,47 @@
 # TDD Remediation: Regression & Refactor (Refactor Phase)
 
-Security fixes can sometimes be heavy-handed and break core functionality. Now that the perimeter is secure, we must ensure the application still functions.
+Security fixes can be heavy-handed and break legitimate functionality. The perimeter is now secure — confirm nothing else broke, then clean up.
 
 ## Action
-Run standard functional tests alongside the new security tests. 
+Run the **full** test suite: security tests + all pre-existing functional/integration tests.
 
 ## Protocol
-1. Clean up the code and remove redundancies.
-2. Ensure the intended business logic remains completely intact. 
-3. If a functional test breaks, **revert the patch** and prompt the AI to try a different security approach. Security that breaks functionality is not a successful patch.
+
+### Step 1: Verify the Green baseline
+```bash
+npm test          # or pytest, go test ./..., etc.
+```
+All tests must be green. If any pre-existing functional test now fails, **stop and revert the security patch.** A security fix that breaks functionality is a failed fix — return to Phase 2 with a narrower approach.
+
+### Step 2: Check for regressions by category
+Go through this checklist before closing the vulnerability:
+
+- [ ] **Happy-path flows still work** — legitimate users can still access their own resources
+- [ ] **Error messages are safe** — no stack traces, internal paths, or sensitive data leaked in error responses
+- [ ] **Auth bypass not introduced** — the fix doesn't create a new unprotected code path
+- [ ] **Performance acceptable** — the patch doesn't add unbounded DB queries or blocking I/O
+- [ ] **No secrets in code** — patch doesn't hardcode keys, tokens, or credentials
+
+### Step 3: Clean the patch
+- Remove any debugging `console.log` or `print` statements added during patching
+- Extract reusable security logic into middleware or utility functions if it appears in more than one place
+- Add a brief comment only if the security rationale is non-obvious (e.g., `// Scope query to owner to prevent IDOR`)
+
+### Step 4: Lock it in
+- Ensure the exploit test in `__tests__/security/` has a clear, descriptive name
+- Confirm the test file will be picked up by your CI security test job
+- If applicable, add the CVE reference or ticket ID as a comment in the test
 
 ## Goal
-Maintain the speed and functionality of the rapid prototype while successfully hardening the perimeter. The ultimate goal is a fully passing test suite (security tests + functional tests).
+A fully passing test suite (security tests + functional tests) with clean, reviewable code. The vulnerability is provably closed and provably non-regressive.
+
+---
+
+## When to revert and retry
+
+Revert the patch (git checkout -- <file>) and return to Phase 2 if:
+- A functional test fails after applying the security fix
+- The fix introduces a new 401/403 for a legitimate user flow
+- Performance degrades measurably under load (e.g., O(n) queries replacing O(1))
+
+When you retry, describe the constraint to the AI: *"The previous fix broke X — find a narrower approach that still closes the vulnerability."*

package/templates/sample.exploit.test.go

@@ -0,0 +1,50 @@
+// TDD Remediation: Red Phase Sample Test (Go)
+//
+// Replace the boilerplate below with the specific exploit you are trying to verify.
+// This test MUST fail initially (Red Phase). Once you apply the security fix,
+// this test MUST pass (Green Phase).
+//
+// Place this file in: security/exploit_test.go (or __tests__/security/)
+// Run with: go test ./security/... -v
+
+package security_test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	// Update with your module path:
+	// "github.com/your-org/your-app/server"
+)
+
+func TestShouldNotAllowExploitationOfVulnerability(t *testing.T) {
+	// 1. Arrange: set up your router/handler
+	// router := server.NewRouter()
+	// server := httptest.NewServer(router)
+	// defer server.Close()
+
+	// 2. Act: send the exploit payload
+	exploitPayload := `{"input": "exploit payload here"}`
+	req, err := http.NewRequest(
+		http.MethodPost,
+		"/api/vulnerable-endpoint",
+		strings.NewReader(exploitPayload),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer attacker-token-here")
+
+	rr := httptest.NewRecorder()
+	// router.ServeHTTP(rr, req)
+
+	// 3. Assert: the system MUST block the exploit (currently returns 200 — RED)
+	if rr.Code != http.StatusForbidden {
+		t.Errorf("expected 403 Forbidden, got %d — vulnerability not blocked (Red Phase)", rr.Code)
+	}
+
+	t.Skip("Replace this boilerplate with your specific exploit test, then remove this Skip")
+}

package/templates/sample.exploit.test.pytest.py

@@ -0,0 +1,68 @@
+"""
+TDD Remediation: Red Phase Sample Test (PyTest)
+
+Replace the boilerplate below with the specific exploit you are trying to verify.
+This test MUST fail initially (Red Phase). Once you apply the security fix,
+this test MUST pass (Green Phase).
+
+Usage with FastAPI:
+    from fastapi.testclient import TestClient
+    from app.main import app
+    client = TestClient(app)
+
+Usage with Flask:
+    from app import create_app
+    client = create_app().test_client()
+"""
+
+import pytest
+
+
+# Update this fixture to match your app setup
+@pytest.fixture
+def client():
+    # FastAPI example:
+    # from fastapi.testclient import TestClient
+    # from app.main import app
+    # return TestClient(app)
+
+    # Flask example:
+    # from app import create_app
+    # app = create_app({"TESTING": True})
+    # return app.test_client()
+
+    raise NotImplementedError("Configure the client fixture for your framework")
+
+
+@pytest.fixture
+def attacker_token():
+    """Return a valid auth token for a different user (the attacker)."""
+    # Return a JWT or session token for user B when testing IDOR against user A
+    return "attacker-token-here"
+
+
+class TestSecurityRedPhase:
+
+    def test_should_not_allow_exploitation_of_vulnerability(self, client, attacker_token):
+        """
+        SHOULD NOT allow unauthorized exploitation of [VULNERABILITY].
+        This test MUST FAIL before the patch is applied.
+        """
+        # 1. Arrange the exploit payload
+        exploit_payload = {
+            # "input": "' OR '1'='1",   # SQL injection example
+            # "name": "<script>alert(1)</script>",  # XSS example
+        }
+
+        # 2. Act: Execute the exploit against the system
+        response = client.post(
+            "/api/vulnerable-endpoint",
+            json=exploit_payload,
+            headers={"Authorization": f"Bearer {attacker_token}"},
+        )
+
+        # 3. Assert: The system MUST block the exploit gracefully (403, 400, or sanitized response)
+        assert response.status_code == 403  # currently returns 200 — RED
+
+        # For XSS or SQLi, ensure the payload is not reflected:
+        # assert exploit_payload["input"] not in response.text

package/templates/sample.exploit.test.vitest.js

@@ -0,0 +1,35 @@
+/**
+ * TDD Remediation: Red Phase Sample Test (Vitest)
+ *
+ * Replace the boilerplate below with the specific exploit you are trying to verify.
+ * This test MUST fail initially (Red Phase). Once you apply the security fix,
+ * this test MUST pass (Green Phase).
+ */
+
+import { describe, it, expect } from 'vitest';
+import supertest from 'supertest';
+import app from '../../app'; // update with the path to your app
+
+const request = supertest(app);
+
+describe('Security Vulnerability Remediation - Red Phase', () => {
+
+  it('SHOULD NOT allow unauthorized exploitation of [VULNERABILITY]', async () => {
+    // 1. Arrange the exploit payload
+    const exploitPayload = {
+      // e.g. input: "1; DROP TABLE users"
+    };
+
+    // 2. Act: Execute the exploit against the system
+    const response = await request
+      .post('/api/vulnerable-endpoint')
+      .send(exploitPayload);
+
+    // 3. Assert: The system MUST block the exploit gracefully (e.g. 403, 400, sanitization)
+    expect(response.status).toBe(403);
+
+    // For XSS or SQLi, ensure the response body does NOT reflect the payload
+    // expect(response.body.data).not.toContain(exploitPayload.input);
+  });
+
+});

package/templates/workflows/security-tests.go.yml

@@ -0,0 +1,22 @@
+name: Security Tests
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  security-tests:
+    name: Exploit Test Suite
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Run security exploit tests
+        run: go test ./security/... -v

package/templates/workflows/security-tests.node.yml

@@ -0,0 +1,26 @@
+name: Security Tests
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  security-tests:
+    name: Exploit Test Suite
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run security exploit tests
+        run: npm run test:security

package/templates/workflows/security-tests.python.yml

@@ -0,0 +1,25 @@
+name: Security Tests
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  security-tests:
+    name: Exploit Test Suite
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Run security exploit tests
+        run: pytest tests/security/ -v

package/workflows/tdd-audit.md

@@ -1,6 +1,16 @@
 ---
 description: Run the complete TDD Remediation Autonomous Audit
 ---
-Please use the TDD Remediation Protocol Auto-Audit skill (`.agents/skills/tdd-remediation/SKILL.md`) to secure this repository.
+Please use the TDD Remediation Protocol Auto-Audit skill (located in the `skills/tdd-remediation` folder) to secure this repository.
 
-Begin by exploring the structure to find any vulnerabilities or anti-patterns in the codebase. Then, for every issue you find, show me the list of vulnerabilities, and rigorously apply the Red-Green-Refactor loop to write the exploit tests, patch the flaws, and ensure no regressions occurred.
+Follow the full Auto-Audit protocol from `auto-audit.md`:
+
+1. **Explore** the codebase using Glob, Grep, and Read. Focus on controllers, routes, middleware, and database layers. Search for the vulnerability patterns defined in Phase 0 of the auto-audit prompt.
+2. **Present** a structured Audit Report, grouped by severity (CRITICAL / HIGH / MEDIUM / LOW), and wait for my confirmation before making any changes.
+3. **Remediate** each confirmed vulnerability one at a time, top-down by severity, applying the full Red-Green-Refactor loop:
+   - Write the exploit test (Red — must fail)
+   - Apply the patch (Green — test must pass)
+   - Run the full suite (Refactor — no regressions)
+4. **Report** a final Remediation Summary table when all issues are addressed.
+
+Do not skip steps. Do not advance to the next vulnerability until the current one is fully proven closed by a passing test.