@thedecipherist/mdd 1.8.2 → 1.8.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -236,13 +236,14 @@ Every feature doc and ops runbook has a `tags:` field (4–8 domain-concept keyw
|
|
|
236
236
|
|
|
237
237
|
---
|
|
238
238
|
|
|
239
|
-
## All
|
|
239
|
+
## All 27 Modes at a Glance
|
|
240
240
|
|
|
241
241
|
```
|
|
242
242
|
/mdd <feature description> Build Mode - Document, plan, and implement
|
|
243
243
|
/mdd bug <description> Bug Mode - Fix bugs tracked in feature docs
|
|
244
244
|
/mdd manual [--force] Manual Mode - Generate a print-ready user manual
|
|
245
245
|
/mdd audit [section] Audit Mode - Scan code for violations and drift
|
|
246
|
+
/mdd security-rules Scan deps for vulnerabilities, generate stack rule files
|
|
246
247
|
/mdd status Overview: docs, tests, audit state, initiatives
|
|
247
248
|
/mdd scan Detect features whose source files changed
|
|
248
249
|
/mdd update <feature-id> Re-sync a feature doc after code changes
|
|
@@ -864,6 +865,7 @@ Every `.mdd/docs/<NN>-<feature-name>.md` file uses this YAML frontmatter:
|
|
|
864
865
|
| `tags` | 4–8 domain-concept keywords surfaced in `.startup.md` so Claude can detect when a prompt relates to this feature (e.g. `[auth, jwt, login, sessions]`) |
|
|
865
866
|
| `path` | Slash-delimited breadcrumb showing where this feature lives in the product (e.g. `Auth/Login`, `E-commerce/Cart/Checkout`). Used by dashboards and listing tools to group docs into a human-readable tree. Distinct from `depends_on` — this is for navigation, not build order. |
|
|
866
867
|
| `known_issues` | Issues discovered during audits or implementation |
|
|
868
|
+
| `security_read_sites` | Optional. List of `file:line` entries where user-supplied file paths are read. Phase A1 cross-checks each against path-confinement calls - a listed site with no guard is a P1 finding. Leave empty or omit if the feature has no file-read attack surface. |
|
|
867
869
|
|
|
868
870
|
**`depends_on` rules:**
|
|
869
871
|
- Feature docs only - never list task docs (one-off, frozen, no ongoing contract)
|
|
@@ -1011,7 +1013,7 @@ MDD creates `.mdd/settings.json` on first run. It controls which rule files load
|
|
|
1011
1013
|
|
|
1012
1014
|
**`phaseLogging: true` (default)** - Controls whether MDD writes phase timing data via `mdd-log-phase.sh`. Set to `false` to suppress all phase log output.
|
|
1013
1015
|
|
|
1014
|
-
**`securityScan: false` (default)** -
|
|
1016
|
+
**`securityScan: false` (default)** - Set to `true` to enable the security rule generator. See the section below.
|
|
1015
1017
|
|
|
1016
1018
|
### Stack-Specific Rule Files
|
|
1017
1019
|
|
|
@@ -1022,6 +1024,7 @@ mdd-rules-typescript.md # TypeScript-specific audit criteria and build checkli
|
|
|
1022
1024
|
mdd-rules-express.md # Express error handling, middleware, route validation rules
|
|
1023
1025
|
mdd-rules-jwt.md # JWT decode safety, expiry checks, secret validation
|
|
1024
1026
|
mdd-rules-prisma.md # Prisma query safety, transaction patterns, migration checks
|
|
1027
|
+
mdd-rules-mcp.md # MCP tool input validation and rejection test enforcement
|
|
1025
1028
|
```
|
|
1026
1029
|
|
|
1027
1030
|
Rules are additive - they append criteria to the existing phase rather than replacing anything. If a rule file doesn't exist for a stack entry, MDD warns once and continues. A misconfigured or missing `settings.json` never halts a session.
|