codex-workflows 0.1.0 → 0.2.0

package/.agents/skills/coding-rules/SKILL.md

@@ -84,10 +84,28 @@ For language-specific rules, also read:
 
 ## Security
 
-- Store secrets in environment variables or secret managers
-- Validate all external input
-- Use parameterized queries for databases
-- Follow principle of least privilege
+### Secure Defaults
+- Store credentials and secrets through environment variables or dedicated secret managers
+- Use parameterized queries (prepared statements) for all database access
+- Use established cryptographic libraries provided by the language or framework
+- Generate security-critical values (tokens, IDs, nonces) with cryptographically secure random generators
+- Encrypt sensitive data at rest and in transit using standard protocols
+
+### Input and Output Boundaries
+- Validate all external input at system entry points for expected format, type, and length
+- Encode output appropriately for its rendering context (HTML, SQL, shell, URL)
+- Return only information necessary for the caller in error responses; log detailed diagnostics server-side
+
+### Access Control
+- Apply authentication to all entry points that handle user data or trigger state changes
+- Verify authorization for each resource access, not only at the entry point
+- Grant only the permissions required for the operation (files, database connections, API scopes)
+
+### Knowledge Cutoff Supplement (2026-03)
+- OWASP Top 10:2025 shifted from symptoms to root causes; added "Software Supply Chain Failures" (A03) and "Mishandling of Exceptional Conditions" (A10)
+- Recent research indicates AI-generated code shows elevated rates of access control gaps — treat authentication and authorization as high-priority review targets
+- OpenSSF published "Security-Focused Guide for AI Code Assistant Instructions" — recommends language-specific, actionable constraints over generic advice
+- For detailed detection patterns, see `references/security-checks.md`
 
 ## Version Control [MANDATORY]
 

package/.agents/skills/coding-rules/references/security-checks.md

@@ -0,0 +1,62 @@
+# Security Check Patterns
+
+Last reviewed: 2026-03-21
+
+## Stable Patterns
+
+These patterns have low false-positive rates and are detectable through grep or static analysis.
+
+### Hardcoded Secrets
+- Credentials, API keys, or tokens assigned as string literals in source code
+- Connection strings containing embedded passwords
+- Private keys or certificates stored in source files
+- Detection approach: search for high-entropy strings near assignment operators, common key names (`password`, `secret`, `api_key`, `token`, `private_key`), and platform-specific token formats
+
+### SQL String Concatenation
+- SQL statements constructed through string concatenation or interpolation with variables
+- Detection approach: search for SQL keywords (`SELECT`, `INSERT`, `UPDATE`, `DELETE`) combined with string concatenation operators or template literals containing variable references
+
+### Dynamic Code Execution
+- Use of `eval()`, `Function()`, `exec()`, `compile()` with dynamic input
+- Dynamic import or require with variable paths
+- Detection approach: search for these function calls where the argument is not a static literal
+
+### Insecure Deserialization
+- `pickle.loads()`, `yaml.load()` without SafeLoader, `marshal.loads()` with untrusted input
+- `JSON.parse()` followed by direct use in `eval()` or `Function()`
+- Detection approach: search for deserialization calls that accept external input without safe loader configuration
+
+### Path Traversal
+- File system paths constructed from user-supplied input without sanitization
+- Patterns where request parameters flow into file read/write operations
+- Detection approach: search for file operations where path arguments include request parameters, query strings, or user input variables
+
+### CORS Wildcard
+- `Access-Control-Allow-Origin` set to `*` in production configuration
+- CORS middleware configured with wildcard origin
+- Detection approach: search for CORS configuration with wildcard values
+
+### Non-TLS URLs
+- HTTP (non-TLS) URLs embedded in source code for production endpoints (outside configuration files, tests, and documentation)
+- Detection approach: search for `http://` patterns in source files, excluding localhost, configuration files, tests, and documentation
+
+## Trend-Sensitive Patterns
+
+Updated: 2026-03-21
+Sources: OWASP Top 10:2025, DryRun Agentic Coding Security Report (2026-03)
+
+### Access Control Gaps in AI-Generated Code
+- Endpoints or route handlers defined without authentication middleware
+- Resource access operations (read, update, delete) without authorization verification
+- Administrative or destructive operations accessible without elevated permissions
+- Recent research indicates this pattern appears at elevated rates in AI-generated code — treat as high-priority review target
+
+### Mishandling of Exceptional Conditions (OWASP A10:2025)
+- Error handlers that expose internal system details (stack traces, database errors, file paths) in responses
+- Error handlers that fail open (grant access or skip validation on error)
+- Missing error handling on security-critical operations (authentication, authorization, cryptographic operations)
+
+### Software Supply Chain Patterns (OWASP A03:2025)
+- Dependencies imported without version pinning
+- Use of deprecated or unmaintained packages for security-critical functions
+- Detection approach: check dependency manifests for unpinned versions and known deprecated packages

package/.agents/skills/documentation-criteria/references/design-template.md

@@ -295,7 +295,13 @@ Automatically derive test cases from acceptance criteria:
 
 ## Security Considerations
 
-[Security concerns and countermeasures]
+Evaluate the following for this feature's trust boundaries and data flow:
+
+- **Authentication & Authorization**: What authentication is required for new entry points? What authorization checks protect resource access?
+- **Input Validation**: Where does external input enter the system? How is it validated before processing?
+- **Sensitive Data Handling**: What data requires protection (encryption, masking, access control)? What data is safe to include in logs and error responses?
+
+Mark items as N/A with brief rationale when the feature has no relevant trust boundary.
 
 ## Future Extensibility
 

package/.agents/skills/documentation-criteria/references/plan-template.md

@@ -92,6 +92,7 @@ Related Issue/PR: #XXX (if any)
 
 #### Tasks
 - [ ] Verify all Design Doc acceptance criteria achieved
+- [ ] Security review: Verify security considerations from Design Doc are implemented
 - [ ] Quality checks (types, lint, format)
 - [ ] Execute all tests
 - [ ] Coverage 70%+

package/.agents/skills/recipe-build/SKILL.md

@@ -75,7 +75,7 @@ For EACH task, YOU MUST:
 2. **Spawn task-executor agent**: "Execute the task implementation for [task-file-path]"
 3. **CHECK task-executor response**:
    - `status: "escalation_needed"` or `"blocked"` -> STOP and escalate to user
-   - `testsAdded` contains `*.int.test.ts` or `*.e2e.test.ts` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
+   - `requiresTestReview` is `true` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
      - `needs_revision` -> Return to step 2 with `requiredFixes`
      - `approved` -> Proceed to step 4
    - `readyForQualityCheck: true` -> Proceed to step 4
@@ -98,6 +98,15 @@ ENFORCEMENT: Sub-agent prompts missing the constraint suffix MUST be re-issued w
 
 VERIFY approval status before proceeding. Once confirmed, INITIATE autonomous execution mode.
 
+## Security Review (After All Tasks Complete)
+
+After all task cycles finish, collect all `filesModified` from every task-executor response (deduplicated), then invoke security-reviewer before the completion report:
+1. Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [collected filesModified list]. Review security compliance."
+2. Check response:
+   - `approved` or `approved_with_notes` -> Proceed to completion report (include notes if present)
+   - `needs_revision` -> Spawn task-executor with `requiredFixes`, then quality-fixer, then re-invoke security-reviewer
+   - `blocked` -> Escalate to user
+
 **[STOP — BLOCKING]** Upon detecting ANY requirement changes, halt execution immediately.
 **CANNOT proceed until user explicitly confirms the change scope.**
 

package/.agents/skills/recipe-front-build/SKILL.md

@@ -72,7 +72,7 @@ Verify generated task files exist in docs/plans/tasks/.
 
 ### Structured Response Specification
 Each sub-agent responds in JSON format:
-- **task-executor-frontend**: status, filesModified, testsAdded, readyForQualityCheck
+- **task-executor-frontend**: status, filesModified, testsAdded, requiresTestReview, readyForQualityCheck
 - **integration-test-reviewer**: status (approved/needs_revision/blocked), requiredFixes
 - **quality-fixer-frontend**: status, checksPerformed, fixesApplied, approved
 
@@ -83,7 +83,7 @@ For EACH task, YOU MUST:
 2. **Spawn task-executor-frontend agent**: "Task file: docs/plans/tasks/[filename].md Execute frontend implementation"
 3. **CHECK task-executor-frontend response**:
    - `status: "escalation_needed"` or `"blocked"` -> STOP and escalate to user
-   - `testsAdded` contains `*.int.test.ts` or `*.e2e.test.ts` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
+   - `requiresTestReview` is `true` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
      - `needs_revision` -> Return to step 2 with `requiredFixes`
      - `approved` -> Proceed to step 4
    - `readyForQualityCheck: true` -> Proceed to step 4
@@ -106,6 +106,15 @@ ENFORCEMENT: Sub-agent prompts missing the constraint suffix MUST be re-issued w
 
 VERIFY approval status before proceeding. Once confirmed, INITIATE autonomous execution mode.
 
+## Security Review (After All Tasks Complete)
+
+After all task cycles finish, collect all `filesModified` from every task-executor-frontend response (deduplicated), then invoke security-reviewer before the completion report:
+1. Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [collected filesModified list]. Review security compliance."
+2. Check response:
+   - `approved` or `approved_with_notes` -> Proceed to completion report (include notes if present)
+   - `needs_revision` -> Spawn task-executor-frontend with `requiredFixes`, then quality-fixer-frontend, then re-invoke security-reviewer
+   - `blocked` -> Escalate to user
+
 **[STOP -- BLOCKING]** Upon detecting ANY requirement changes, halt execution immediately.
 **CANNOT proceed until user explicitly confirms the change scope.**
 

package/.agents/skills/recipe-front-review/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: recipe-front-review
-description: "Frontend Design Doc compliance validation with optional auto-fixes using React-specific quality checks."
+description: "Frontend Design Doc compliance and security validation with optional auto-fixes using React-specific quality checks."
 ---
 
 **Context**: Post-implementation quality assurance for React/TypeScript frontend
@@ -14,10 +14,11 @@ description: "Frontend Design Doc compliance validation with optional auto-fixes
 ## Execution Method
 
 - Compliance validation -> performed by code-reviewer
+- Security validation -> performed by security-reviewer
 - Rule analysis -> performed by rule-advisor
 - Fix implementation -> performed by task-executor-frontend
 - Quality checks -> performed by quality-fixer-frontend
-- Re-validation -> performed by code-reviewer
+- Re-validation -> performed by code-reviewer / security-reviewer
 
 Orchestrator spawns agents and passes structured data between them.
 
@@ -32,22 +33,44 @@ Identify the Design Doc in docs/design/ and check implementation files changed f
 **CANNOT proceed without both a Design Doc and implementation files.**
 
 ### 2. Execute code-reviewer
-Spawn code-reviewer agent: "Validate Design Doc compliance for [design-doc-path]. Check: acceptance criteria fulfillment, code quality, implementation completeness."
+Spawn code-reviewer agent: "Validate Design Doc compliance for [design-doc-path]. Implementation files: [git diff file list]. Review mode: full. Return structured JSON report with complianceRate, verdict, acceptanceCriteria, and qualityIssues."
 
-### 3. Verdict and Response
+**Store output as**: `$STEP_2_OUTPUT`
 
-**Criteria (considering project stage)**:
+### 3. Execute security-reviewer
+Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [file list from git diff in Step 1]. Review security compliance."
+
+**Store output as**: `$STEP_3_OUTPUT` and `$STEP_1_FILES` (the initial file list)
+
+### 4. Verdict and Response
+
+**If security-reviewer returned `blocked`**: Stop immediately. Report the blocked finding and escalate to user. Do not proceed to fix steps.
+
+**Code compliance criteria (considering project stage)**:
 - Prototype: Pass at 70%+
 - Production: 90%+ recommended
-- Critical items (security, etc.): Required regardless of rate
 
-**Compliance-based response**:
+**Security criteria**:
+- `approved` or `approved_with_notes` -> Pass
+- `needs_revision` -> Fail
+
+**Report both results independently using subagent output fields only** (do not add fields that are not in the subagent response):
 
-For low compliance (production <90%):
 ```
-Validation Result: [X]% compliance
-Unfulfilled items:
-- [item list]
+Code Compliance: [complianceRate from code-reviewer]
+  Verdict: [verdict from code-reviewer]
+  Acceptance Criteria:
+  - [fulfilled] [item]
+  - [partially_fulfilled] [item]: [gap] — [suggestion]
+  - [unfulfilled] [item]: [gap] — [suggestion]
+
+Security Review: [status from security-reviewer]
+  Findings by category:
+  - [confirmed_risk] [location]: [description] — [rationale]
+  - [defense_gap] [location]: [description] — [rationale]
+  - [hardening] [location]: [description] — [rationale]
+  - [policy] [location]: [description] — [rationale]
+  Notes: [notes from security-reviewer, if present]
 
 Execute fixes? (y/n):
 ```
@@ -55,24 +78,31 @@ Execute fixes? (y/n):
 **[STOP -- BLOCKING]** Wait for user response on whether to execute fixes.
 **CANNOT proceed with auto-fixes without user approval.**
 
+If both pass and user selects `n`: Skip fix steps, proceed to Final Report.
+
 If user selects `y`:
 
 ## Pre-fix Metacognition
-**Required flow**: rule-advisor -> task registration -> task-executor-frontend -> quality-fixer-frontend
 
-1. **Spawn rule-advisor agent**: "Analyze fixes needed for [unfulfilled items]. Determine root solutions vs symptomatic treatments."
-2. **Register tasks**: Register work steps. Always include: first "Confirm skill constraints", final "Verify skill fidelity". Create task file -> `docs/plans/tasks/review-fixes-YYYYMMDD.md`
+1. **Spawn rule-advisor agent**: "Analyze fixes needed. Code issues: $STEP_2_OUTPUT. Security findings: $STEP_3_OUTPUT. Determine root solutions vs symptomatic treatments."
+2. **Register tasks**: Register work steps. Always include: first "Confirm skill constraints", final "Verify skill fidelity". Create task file -> `docs/plans/tasks/review-fixes-YYYYMMDD.md`. Include both code compliance issues and security requiredFixes.
 3. **Spawn task-executor-frontend agent**: "Execute staged auto-fixes for [task-file-path]. Stop at 5 files."
 4. **Spawn quality-fixer-frontend agent**: "Execute all frontend quality checks and confirm quality gate passage"
-5. **Re-validate**: Spawn code-reviewer agent: "Re-validate compliance for [design-doc-path]. Measure improvement."
+5. **Re-validate code-reviewer**: Spawn code-reviewer agent: "Re-validate compliance for [design-doc-path]. Prior issues: $STEP_2_OUTPUT. Measure improvement."
+6. **Re-validate security-reviewer** (only if security fixes were applied): Spawn security-reviewer agent: "Re-validate security after fixes. Prior findings: $STEP_3_OUTPUT. Design Doc: [path]. Implementation files: [union of $STEP_1_FILES and task-executor-frontend filesModified from step 3, deduplicated]."
 
 ENFORCEMENT: Auto-fixes MUST go through quality-fixer-frontend before re-validation. Skipping quality checks invalidates fixes.
 
-### 4. Final Report
+### Final Report
 ```
-Initial compliance: [X]%
-Final compliance: [Y]% (if fixes executed)
-Improvement: [Y-X]%
+Code Compliance:
+  Initial: [X]%
+  Final: [Y]% (if fixes executed)
+
+Security Review:
+  Initial: [status]
+  Final: [status] (if fixes executed)
+  Notes: [notes from approved_with_notes, if any]
 
 Remaining issues:
 - [items requiring manual intervention]
@@ -83,19 +113,22 @@ Remaining issues:
 - Error handling additions
 - Contract definition fixes
 - Function splitting (length/complexity improvements)
+- Security confirmed_risk and defense_gap fixes (input validation, auth checks, output encoding)
 
 ## Non-fixable Items
 - Fundamental business logic changes
 - Architecture-level modifications
 - Design Doc deficiencies
+- Committed secrets (blocked -> human intervention)
 
 ## Completion Criteria
 
 - [ ] Design Doc compliance validated
+- [ ] Security review completed
 - [ ] Compliance percentage calculated
 - [ ] User informed of results
 - [ ] Fixes executed if requested and approved
 - [ ] Quality gates passed for all fixes
-- [ ] Final compliance re-measured
+- [ ] Final compliance and security re-measured
 
-**Scope**: Design Doc compliance validation and auto-fixes.
+**Scope**: Design Doc compliance validation, security review, and auto-fixes.

package/.agents/skills/recipe-front-review/agents/openai.yaml

@@ -1,6 +1,6 @@
 interface:
   display_name: "recipe-front-review"
-  short_description: "Frontend Design Doc compliance with React-specific checks"
+  short_description: "Frontend Design Doc compliance and security validation with React-specific checks"
   default_prompt: "Use $recipe-front-review to validate frontend: "
 
 policy:

package/.agents/skills/recipe-fullstack-build/SKILL.md

@@ -93,7 +93,7 @@ For EACH task, YOU MUST:
 2. **Spawn task-executor or task-executor-frontend agent** (per routing table): "Execute the task implementation for [task-file-path]"
 3. **CHECK executor response**:
    - `status: "escalation_needed"` or `"blocked"` -> STOP and escalate to user
-   - `testsAdded` contains `*.int.test.ts` or `*.e2e.test.ts` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
+   - `requiresTestReview` is `true` -> Spawn integration-test-reviewer agent: "Review integration tests in [test-files]"
      - `needs_revision` -> Return to step 2 with `requiredFixes`
      - `approved` -> Proceed to step 4
    - `readyForQualityCheck: true` -> Proceed to step 4
@@ -116,6 +116,15 @@ ENFORCEMENT: Sub-agent prompts missing the constraint suffix MUST be re-issued w
 
 VERIFY approval status before proceeding. Once confirmed, INITIATE autonomous execution mode.
 
+## Security Review (After All Tasks Complete)
+
+After all task cycles finish, collect all `filesModified` from every task-executor/task-executor-frontend response (deduplicated), then invoke security-reviewer before the completion report:
+1. Spawn security-reviewer agent: "Design Doc: [path(s)]. Implementation files: [collected filesModified list]. Review security compliance."
+2. Check response:
+   - `approved` or `approved_with_notes` -> Proceed to completion report (include notes if present)
+   - `needs_revision` -> Spawn layer-appropriate task-executor with `requiredFixes`, then quality-fixer, then re-invoke security-reviewer
+   - `blocked` -> Escalate to user
+
 **[STOP -- BLOCKING]** Upon detecting ANY requirement changes, halt execution immediately.
 **CANNOT proceed until user explicitly confirms the change scope.**
 

package/.agents/skills/recipe-fullstack-implement/SKILL.md

@@ -125,6 +125,15 @@ ENFORCEMENT: Sub-agent prompts missing the constraint suffix MUST be re-issued w
 3. Quality-fixer MUST run after each executor (no skipping)
 4. Commit MUST execute when quality-fixer returns `approved: true` (do not defer to end)
 
+### Security Review (After All Tasks Complete)
+
+After all task cycles finish, collect all `filesModified` from every task-executor/task-executor-frontend response (deduplicated), then invoke security-reviewer before the completion report:
+1. Spawn security-reviewer agent: "Design Doc: [path(s)]. Implementation files: [collected filesModified list]. Review security compliance."
+2. Check response:
+   - `approved` or `approved_with_notes` -> Proceed to completion report (include notes if present)
+   - `needs_revision` -> Spawn layer-appropriate task-executor with `requiredFixes`, then quality-fixer, then re-invoke security-reviewer
+   - `blocked` -> Escalate to user
+
 ### Test Information Communication
 After acceptance-test-generator execution, when calling work-planner, communicate:
 - Generated integration test file path

package/.agents/skills/recipe-implement/SKILL.md

@@ -101,13 +101,22 @@ After user grants "batch approval for entire implementation phase", enter autono
 1. Spawn task-executor (or task-executor-frontend) agent: "Implement task [task-file-path]"
 2. Check task-executor response:
    - `status: escalation_needed` or `blocked` -> Escalate to user
-   - `testsAdded` contains `*.int.test.ts` or `*.e2e.test.ts` -> Spawn integration-test-reviewer agent
+   - `requiresTestReview` is `true` -> Spawn integration-test-reviewer agent
      - `needs_revision` -> Return to step 1 with `requiredFixes`
      - `approved` -> Proceed to step 3
    - Otherwise -> Proceed to step 3
 3. Spawn quality-fixer (or quality-fixer-frontend) agent: "Quality check and fixes"
 4. git commit -> Execute on `approved: true`
 
+### Security Review (After All Tasks Complete)
+
+After all task cycles finish, collect all `filesModified` from every executor response (task-executor and task-executor-frontend, deduplicated), then invoke security-reviewer before the completion report:
+1. Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [collected filesModified list]. Review security compliance."
+2. Check response:
+   - `approved` or `approved_with_notes` -> Proceed to completion report (include notes if present)
+   - `needs_revision` -> Spawn layer-appropriate executor (task-executor or task-executor-frontend per task filename routing) with `requiredFixes`, then layer-appropriate quality-fixer, then re-invoke security-reviewer
+   - `blocked` -> Escalate to user
+
 ### Test Information Communication
 After acceptance-test-generator execution, when spawning work-planner, communicate:
 - Generated integration test file path

package/.agents/skills/recipe-review/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: recipe-review
-description: "Design Doc compliance validation with optional auto-fixes."
+description: "Design Doc compliance and security validation with optional auto-fixes."
 ---
 
 ## Required Skills [LOAD BEFORE EXECUTION]
@@ -15,14 +15,15 @@ description: "Design Doc compliance validation with optional auto-fixes."
 
 **Core Identity**: "I am not a worker. I am an orchestrator."
 
-**First Action**: Register Steps 1-9 before any execution.
+**First Action**: Register Steps 1-11 before any execution.
 
 ## Execution Method
 
 - Compliance validation -> Spawn code-reviewer agent
+- Security validation -> Spawn security-reviewer agent
 - Fix implementation -> Spawn task-executor agent
 - Quality checks -> Spawn quality-fixer agent
-- Re-validation -> Spawn code-reviewer agent
+- Re-validation -> Spawn code-reviewer / security-reviewer agents
 
 Orchestrator spawns sub-agents and passes structured data between them.
 
@@ -34,59 +35,89 @@ Design Doc (uses most recent if omitted): $ARGUMENTS
 Identify Design Doc in docs/design/ and check implementation files via git diff.
 
 ### Step 2: Execute code-reviewer
-Spawn code-reviewer agent: "Validate Design Doc compliance for the implementation. Check acceptance criteria fulfillment, code quality, and implementation completeness. Design Doc path: [path]"
+Spawn code-reviewer agent: "Validate Design Doc compliance for the implementation. Design Doc path: [path]. Implementation files: [git diff file list]. Review mode: full. Return structured JSON report with complianceRate, verdict, acceptanceCriteria, and qualityIssues."
 
 **Store output as**: `$STEP_2_OUTPUT`
 
-### Step 3: Verdict and Response
+### Step 3: Execute security-reviewer
+Spawn security-reviewer agent: "Design Doc: [path]. Implementation files: [file list from git diff in Step 1]. Review security compliance."
 
-**Criteria (considering project stage)**:
+**Store output as**: `$STEP_3_OUTPUT` and `$STEP_1_FILES` (the initial file list)
+
+### Step 4: Verdict and Response
+
+**If security-reviewer returned `blocked`**: Stop immediately. Report the blocked finding and escalate to user. Do not proceed to fix steps.
+
+**Code compliance criteria (considering project stage)**:
 - Prototype: Pass at 70%+
 - Production: 90%+ REQUIRED
-- Critical items (security, etc.): REQUIRED regardless of rate
 
-**Compliance-based response**:
+**Security criteria**:
+- `approved` or `approved_with_notes` -> Pass
+- `needs_revision` -> Fail
+
+**Report both results independently using subagent output fields only** (do not add fields that are not in the subagent response):
 
-For low compliance (production <90%):
 ```
-Validation Result: [X]% compliance
-Unfulfilled items:
-- [item list]
+Code Compliance: [complianceRate from code-reviewer]
+  Verdict: [verdict from code-reviewer]
+  Acceptance Criteria:
+  - [fulfilled] [item]
+  - [partially_fulfilled] [item]: [gap] — [suggestion]
+  - [unfulfilled] [item]: [gap] — [suggestion]
+
+Security Review: [status from security-reviewer]
+  Findings by category:
+  - [confirmed_risk] [location]: [description] — [rationale]
+  - [defense_gap] [location]: [description] — [rationale]
+  - [hardening] [location]: [description] — [rationale]
+  - [policy] [location]: [description] — [rationale]
+  Notes: [notes from security-reviewer, if present]
 
 Execute fixes? (y/n):
 ```
 
-**[STOP — BLOCKING]** Present compliance results to user for confirmation.
+**[STOP — BLOCKING]** Present results to user for confirmation.
 **CANNOT proceed until user explicitly confirms.**
 
-### Step 4: Prepare Fix Context
+If both pass and user selects `n`: Skip Steps 5-10, proceed to Step 11.
 
-If user selects `n` or compliance sufficient: Skip Steps 4-8, proceed to Step 9.
+### Step 5: Prepare Fix Context
 
 Reference documentation-criteria skill for task file template.
 
-### Step 5: Create Task File
+### Step 6: Create Task File
 
 Create task file at `docs/plans/tasks/review-fixes-YYYYMMDD.md`
+Include both code compliance issues and security requiredFixes.
 
-### Step 6: Execute Fixes
+### Step 7: Execute Fixes
 
 Spawn task-executor agent: "Execute review fixes. Task file: docs/plans/tasks/review-fixes-YYYYMMDD.md. Apply staged fixes (stops at 5 files)."
 
-### Step 7: Quality Check
+### Step 8: Quality Check
 
 Spawn quality-fixer agent: "Confirm quality gate passage for fixed files."
 
-### Step 8: Re-validate
+### Step 9: Re-validate code-reviewer
 
 Spawn code-reviewer agent: "Re-validate Design Doc compliance after fixes. Prior compliance issues: $STEP_2_OUTPUT. Verify each prior issue is resolved."
 
-### Step 9: Final Report
+### Step 10: Re-validate security-reviewer (only if security fixes were applied)
+
+Spawn security-reviewer agent: "Re-validate security after fixes. Prior findings: $STEP_3_OUTPUT. Design Doc: [path]. Implementation files: [union of $STEP_1_FILES and task-executor filesModified from Step 7, deduplicated]."
+
+### Step 11: Final Report
 
 ```
-Initial compliance: [X]%
-Final compliance: [Y]% (if fixes executed)
-Improvement: [Y-X]%
+Code Compliance:
+  Initial: [X]%
+  Final: [Y]% (if fixes executed)
+
+Security Review:
+  Initial: [status]
+  Final: [status] (if fixes executed)
+  Notes: [notes from approved_with_notes, if any]
 
 Remaining issues:
 - [items requiring manual intervention]
@@ -97,19 +128,22 @@ Remaining issues:
 - Error handling additions
 - Contract definition fixes
 - Function splitting (length/complexity improvements)
+- Security confirmed_risk and defense_gap fixes (input validation, auth checks, output encoding)
 
 ## Non-fixable Items
 - Fundamental business logic changes
 - Architecture-level modifications
 - Design Doc deficiencies
+- Committed secrets (blocked -> human intervention)
 
 ## Completion Criteria
 
 - [ ] Design Doc identified and implementation files checked
 - [ ] code-reviewer spawned and compliance validated
-- [ ] Compliance results presented to user
+- [ ] security-reviewer spawned and security reviewed
+- [ ] Results presented to user
 - [ ] Fixes executed if user approved (with quality-fixer gate)
-- [ ] Re-validation completed after fixes
+- [ ] Re-validation completed after fixes (both code and security)
 - [ ] Final report presented to user
 
-**Scope**: Design Doc compliance validation and auto-fixes.
+**Scope**: Design Doc compliance validation, security review, and auto-fixes.

package/.agents/skills/recipe-review/agents/openai.yaml

@@ -1,6 +1,6 @@
 interface:
   display_name: "recipe-review"
-  short_description: "Design Doc compliance validation with auto-fixes"
+  short_description: "Design Doc compliance and security validation with auto-fixes"
   default_prompt: "Use $recipe-review to validate: "
 
 policy: