specky-sdd 3.1.0 → 3.2.1

package/CHANGELOG.md

@@ -5,6 +5,57 @@ All notable changes to Specky are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.0] - 2026-04-12
+
+### Enterprise Security Hardening
+
+#### Rate Limiting (opt-in)
+- **`RateLimiter` service**: Token bucket algorithm — no external deps, pure TypeScript
+- HTTP transport now supports `rate_limit.enabled: true` in `.specky/config.yml`
+- Config: `max_requests_per_minute` (default 60), `burst` (default 10)
+- Returns HTTP 429 with `Retry-After` header when limit exceeded
+- stdio mode bypasses rate limiting by design (single-session, process-isolated)
+
+#### State File Integrity
+- **`StateMachine.saveState()`** now writes HMAC-SHA256 signature to `.sdd-state.json.sig`
+- **`StateMachine.loadState()`** verifies signature on every load — tamper warning to stderr on mismatch
+- Key: `SDD_STATE_KEY` env var, or derived from workspace path using SHA-256
+- Missing `.sig` treated as unverified (no warning) — backward-compatible with pre-v3.2.0 state files
+
+#### Enhanced Audit Logger
+- **Hash-chaining**: every `AuditEntry` includes `previous_hash` (SHA-256 of previous line, seed `specky-audit-v1`)
+- **Log rotation**: rotates `.audit.jsonl` → `.audit.jsonl.1` when `audit.max_file_size_mb` exceeded (default 10 MB)
+- **Syslog export**: RFC 5424 format written to `.audit.syslog` when `audit.export_format: syslog`
+- **OTLP stub**: `audit.export_format: otlp` logs placeholder — implementation in next release
+
+#### RBAC Foundation (opt-in)
+- **`RbacEngine` service**: `viewer` / `contributor` / `admin` roles; disabled by default
+- **`sdd_check_access`** (NEW tool #57): Returns active role, per-tool access check, full role summary
+- Role enforcement via `SDD_ROLE` env var or `rbac.default_role` in config
+- Viewer: read-only tools only; Contributor: all except `sdd_create_pr`; Admin: all 57 tools
+- Config: `rbac.enabled: true`, `rbac.default_role: contributor`
+
+#### Config Extension
+- `.specky/config.yml` now supports nested blocks: `rate_limit:`, `audit:`, `rbac:`
+- Parser upgraded to handle indented YAML child keys (dot-notation flattening)
+- All new options opt-in with safe defaults — existing behavior unchanged from v3.1.0
+
+### NPM-as-Default Migration
+- Global install (`npm install -g specky-sdd`) is now the recommended installation method
+- npx retained as an "alternative" option for per-workspace and convenience use
+- All docs updated: README.md, GETTING-STARTED.md, SYSTEM-DESIGN.md, ONBOARDING.md, SECURITY.md
+- New "Enterprise Installation Methods" section in GETTING-STARTED.md
+- New "NPX Supply Chain Risk" + "MCP Security Framework Compliance" sections in SECURITY.md
+
+### Security Documentation
+- **CoSAI MCP Security White Paper** — full T-01 through T-12 threat coverage table in SECURITY.md
+- **OWASP MCP Top 10** — M1 through M10 coverage table in SECURITY.md
+
+### Tests
+- 561 tests (+54): `rate-limiter.test.ts` (11), `state-integrity.test.ts` (8), `audit-enhanced.test.ts` (12), `rbac-engine.test.ts` (15), plus existing suite maintained at 100%
+
+---
+
 ## [3.1.0] - 2026-04-12
 
 ### Intelligence Layer (Specs 003–007)

package/README.md

@@ -2,11 +2,11 @@
   <br>
   <img src="media/specky-brand-logo.svg" alt="Specky" height="80">
   <br><br>
-  <p><strong>56 MCP tools. 10-phase pipeline. Works in any IDE.</strong></p>
+  <p><strong>57 MCP tools. 10-phase pipeline. Works in any IDE.</strong></p>
   <p>Agentic Spec-Driven Development</p>
 
   <p>
-    <img src="https://img.shields.io/badge/tools-56_MCP-7c3aed?style=flat-square" alt="56 Tools"/>
+    <img src="https://img.shields.io/badge/tools-57_MCP-7c3aed?style=flat-square" alt="57 Tools"/>
     <img src="https://img.shields.io/badge/phases-10_enforced-6d28d9?style=flat-square" alt="10 Phases"/>
     <img src="https://img.shields.io/badge/diagrams-17_types-5b21b6?style=flat-square" alt="17 Diagrams"/>
     <img src="https://img.shields.io/badge/compliance-6_frameworks-4c1d95?style=flat-square" alt="6 Compliance"/>
@@ -21,7 +21,7 @@
   </p>
 
   <p>
-    <a href="https://paulasilvatech.github.io/specky/">Website</a> ·
+    <a href="https://paulasilvatech.github.io/specky-site/">Website</a> ·
     <a href="GETTING-STARTED.md">Getting Started</a> ·
     <a href="https://www.npmjs.com/package/specky-sdd">npm</a> ·
     <a href="SECURITY.md">Security</a>
@@ -41,17 +41,17 @@
 | | [Input Methods](#input-methods-6-ways-to-start) | 6 ways to feed Specky |
 | | [Three Project Types](#three-project-types-one-pipeline) | Greenfield, Brownfield, Modernization |
 | **Pipeline** | [Pipeline and LGTM Gates](#pipeline-and-lgtm-gates) | 10 phases with human review gates |
-| | [All 56 Tools](#all-53-tools) | Complete tool reference by category |
+| | [All 57 Tools](#all-57-tools) | Complete tool reference by category |
 | | [EARS Notation](#ears-notation) | The 6 requirement patterns |
 | **Enterprise** | [Compliance Frameworks](#compliance-frameworks) | HIPAA, SOC2, GDPR, PCI-DSS, ISO 27001 |
 | | [Enterprise Ready](#enterprise-ready) | Security, audit trail, quality gates |
 | **Platform** | [The SDD Platform](#the-spec-driven-development-platform) | Built on Spec-Kit, everything included |
-| | [Roadmap](#roadmap) | v3.0 current, v3.1+ planned |
+| | [Roadmap](#roadmap) | v3.2 current, v3.3+ planned |
 
 
 ## What is Specky?
 
-Specky is an open-source **MCP server** that turns the [Spec-Kit](https://github.com/paulasilvatech/spec-kit) SDD methodology into a **programmable enforcement engine** with 53 validated tools. It provides a deterministic pipeline from **any input** (meeting transcripts, documents, Figma designs, or natural language prompts) through specifications, architecture, infrastructure as code, implementation, and deployment.
+Specky is an open-source **MCP server** that turns the [Spec-Kit](https://github.com/paulasilvatech/spec-kit) SDD methodology into a **programmable enforcement engine** with 57 validated tools. It provides a deterministic pipeline from **any input** (meeting transcripts, documents, Figma designs, or natural language prompts) through specifications, architecture, infrastructure as code, implementation, and deployment.
 
 **Spec-Kit** provides the methodology: EARS notation, gated pipeline phases, constitution model, quality patterns. **Specky** reimplements all of it as MCP tools and adds programmatic enforcement: a state machine that blocks phase-skipping, an EARS validator, cross-artifact analysis, compliance engines, test generation, and MCP-to-MCP routing.
 
@@ -98,8 +98,8 @@ Specky adds a **deterministic engine** between your intent and your code:
 
 | Capability | Specky |
 |---|---|
-| Any input (PDF, DOCX, PPTX, transcript, Figma) to spec | 56 MCP tools handle all input formats |
-| EARS validation (programmatic, not AI guessing) | 5 patterns enforced at schema level |
+| Any input (PDF, DOCX, PPTX, transcript, Figma) to spec | 57 MCP tools handle all input formats |
+| EARS validation (programmatic, not AI guessing) | 6 patterns enforced at schema level |
 | Enforced pipeline (not suggestions) | 10 phases with actual gates that block advancement |
 | 17 diagram types generated automatically | C4 (4 levels), sequence, ER, activity, use case, DFD, deployment, network |
 | Infrastructure as Code | Terraform, Bicep, Dockerfile from DESIGN.md |
@@ -132,65 +132,65 @@ Specky adds a **deterministic engine** between your intent and your code:
 ### Step 2: Install
 
 <details open>
-<summary><strong>Per Workspace: Per Workspace (recommended)</strong></summary>
+<summary><strong>Global (recommended): Install once, use everywhere</strong></summary>
 
-No global install needed. You add a config file to the repo and `npx` handles the rest.
+Install globally so `specky-sdd` is always available — no re-download on every run:
 
-**For VS Code with GitHub Copilot** create `.vscode/mcp.json` in the repo root:
+```bash
+npm install -g specky-sdd
+```
 
+Then configure your IDE to use the global install:
+
+**VS Code** (`.vscode/mcp.json`):
 ```json
 {
   "servers": {
     "specky": {
-      "command": "npx",
-      "args": ["-y", "specky-sdd"],
-      "env": {
-        "SDD_WORKSPACE": "${workspaceFolder}"
-      }
+      "type": "stdio",
+      "command": "specky-sdd"
     }
   }
 }
 ```
 
-**For Claude Code** run this once inside the repo:
-
+**Claude Code**:
 ```bash
-claude mcp add specky -- npx -y specky-sdd
+claude mcp add specky -- specky-sdd
 ```
 
-**For Cursor** add to MCP settings (Settings > MCP Servers):
+**Claude Desktop** (`claude_desktop_config.json`):
+
+| OS | Config location |
+|----|----------------|
+| macOS | `~/Library/Application Support/Claude/claude_desktop_config.json` |
+| Linux | `~/.config/Claude/claude_desktop_config.json` |
+| Windows | `%APPDATA%\Claude\claude_desktop_config.json` |
 
 ```json
 {
-  "specky": {
-    "command": "npx",
-    "args": ["-y", "specky-sdd"]
+  "mcpServers": {
+    "specky": {
+      "command": "specky-sdd"
+    }
   }
 }
 ```
 
-> **Tip:** Commit the config file to Git so every team member gets Specky automatically when they clone the repo.
-
 </details>
 
 <details>
-<summary><strong>Global: Global (once, all repos)</strong></summary>
-
-Install globally and Specky is available everywhere on your machine:
-
-```bash
-npm install -g specky-sdd
-```
+<summary><strong>Per Workspace (alternative): npx, no global install</strong></summary>
 
-Then configure your IDE to use the global install:
+Add a config file to the repo so teammates get Specky automatically on clone — no global install needed.
 
 **VS Code** (`.vscode/mcp.json`):
 ```json
 {
   "servers": {
     "specky": {
-      "command": "specky-sdd",
-      "env": { "SDD_WORKSPACE": "${workspaceFolder}" }
+      "type": "stdio",
+      "command": "specky-sdd"
     }
   }
 }
@@ -201,24 +201,7 @@ Then configure your IDE to use the global install:
 claude mcp add specky -- specky-sdd
 ```
 
-**Claude Desktop** (`claude_desktop_config.json`):
-
-| OS | Config location |
-|----|----------------|
-| macOS | `~/Library/Application Support/Claude/claude_desktop_config.json` |
-| Linux | `~/.config/Claude/claude_desktop_config.json` |
-| Windows | `%APPDATA%\Claude\claude_desktop_config.json` |
-
-```json
-{
-  "mcpServers": {
-    "specky": {
-      "command": "specky-sdd",
-      "env": { "SDD_WORKSPACE": "/path/to/your/project" }
-    }
-  }
-}
-```
+> Commit `.vscode/mcp.json` to Git so every team member gets Specky automatically.
 
 </details>
 
@@ -255,7 +238,7 @@ Open your AI IDE and type:
 > What tools does Specky have?
 ```
 
-The AI should list the 53 SDD tools. If you see them, Specky is working.
+The AI should list the 57 SDD tools. If you see them, Specky is working.
 
 ### Try It Now
 
@@ -541,7 +524,7 @@ The AI calls:
 
 The AI calls `sdd_export_work_items` + `sdd_create_pr` → generates work item payloads and PR body with full spec traceability.
 
-> **Next:** **Next:** Learn about [EARS notation](#ears-notation) to understand the requirement patterns, or see [All 56 Tools](#all-53-tools) for a complete reference.
+> **Next:** **Next:** Learn about [EARS notation](#ears-notation) to understand the requirement patterns, or see [All 57 Tools](#all-57-tools) for a complete reference.
 
 
 ## Brownfield Project: Add Features to Existing Code
@@ -734,9 +717,9 @@ The AI calls `sdd_advance_phase` → moves the pipeline forward if all prerequis
 All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live). See [Input Methods](#input-methods-6-ways-to-start) for how to feed data into the pipeline.
 
 
-## All 56 Tools
+## All 57 Tools
 
-### Input and Conversion (5)
+### Input and Conversion (6)
 
 | Tool | Description |
 |------|-------------|
@@ -744,9 +727,10 @@ All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live).
 | `sdd_import_transcript` | Parse meeting transcripts (Teams, Zoom, Google Meet) |
 | `sdd_auto_pipeline` | Any input to complete spec pipeline (all documents) |
 | `sdd_batch_import` | Process folder of mixed documents |
+| `sdd_batch_transcripts` | Process folder of meeting transcripts |
 | `sdd_figma_to_spec` | Figma design to requirements specification |
 
-### Pipeline Core (8)
+### Pipeline Core (9)
 
 | Tool | Description |
 |------|-------------|
@@ -756,6 +740,7 @@ All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live).
 | `sdd_clarify` | Resolve ambiguities with decision tree |
 | `sdd_write_design` | 12-section system design (C4 model) with sequence diagrams, ERD, API flow |
 | `sdd_write_tasks` | Task breakdown with dependency graph |
+| `sdd_write_bugfix` | Bugfix specification from issue description |
 | `sdd_run_analysis` | Quality gate analysis with coverage heatmap |
 | `sdd_advance_phase` | Move to next pipeline phase |
 
@@ -794,7 +779,7 @@ All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live).
 | `sdd_setup_codespaces` | GitHub Codespaces configuration |
 | `sdd_generate_devcontainer` | .devcontainer/devcontainer.json generation |
 
-### Integration and Export (5)
+### Integration and Export (7)
 
 | Tool | Description |
 |------|-------------|
@@ -803,17 +788,20 @@ All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live).
 | `sdd_create_pr` | PR payload with spec summary |
 | `sdd_implement` | Ordered implementation plan with checkpoints |
 | `sdd_research` | Resolve unknowns in RESEARCH.md |
+| `sdd_check_sync` | Detect drift between specification and implementation |
+| `sdd_detect_drift` | Intent drift detection with amendment suggestions |
 
-### Documentation (4)
+### Documentation (5)
 
 | Tool | Description |
 |------|-------------|
 | `sdd_generate_docs` | Complete auto-documentation |
+| `sdd_generate_all_docs` | Generate all documentation types in parallel |
 | `sdd_generate_api_docs` | API documentation from design |
 | `sdd_generate_runbook` | Operational runbook |
 | `sdd_generate_onboarding` | Developer onboarding guide |
 
-### Utility (5)
+### Utility (8)
 
 | Tool | Description |
 |------|-------------|
@@ -822,6 +810,9 @@ All artifacts are saved in [`.specs/NNN-feature/`](#where-specifications-live).
 | `sdd_scan_codebase` | Detect tech stack and structure |
 | `sdd_metrics` | Project metrics dashboard |
 | `sdd_amend` | Amend project constitution |
+| `sdd_context_status` | Context tiering status (Hot/Domain/Cold) |
+| `sdd_model_routing` | Model routing guidance for current task |
+| `sdd_check_access` | RBAC access check for current role |
 
 ### Testing (3)
 
@@ -883,13 +874,14 @@ Together they form the **SDD layer** of the GitHub + Microsoft enterprise platfo
 {
   "servers": {
     "specky": {
-      "command": "npx",
-      "args": ["-y", "specky-sdd"]
+      "type": "stdio",
+      "command": "specky-sdd"
     }
   }
 }
 ```
 
+> **Note:** This example assumes `specky-sdd` is installed globally (`npm install -g specky-sdd`). See the [Quick Start](#quick-start) section for per-workspace and Docker alternatives.
 
 ## Project Configuration
 
@@ -1001,7 +993,7 @@ Specky is built with enterprise adoption in mind.
 - **Zod `.strict()` validation** — every tool input is schema-validated; unknown fields rejected
 - **security-scan hook** blocks commits containing hardcoded secrets (exit code 2)
 - See [SECURITY.md](SECURITY.md) for full OWASP Top 10 coverage
-- See [docs/SYSTEM-DESIGN.md](docs/SYSTEM-DESIGN.md) for complete security architecture
+- See [SECURITY.md](SECURITY.md) for complete security architecture
 
 ### Security Best Practices
 
@@ -1057,46 +1049,29 @@ Every pipeline phase produces a traceable artifact in `.specs/NNN-feature/`. The
 - **EARS Validator** — programmatic requirement quality enforcement
 - **Cross-Artifact Analysis** — automatic alignment checking between spec, design, and tasks
 - **Phase Enforcement** — state machine blocks phase-skipping; required files gate advancement
-- **321 unit tests** — CI enforces thresholds on every push
+- **Comprehensive test suite** — CI enforces thresholds on every push
 
 
 ## Development
 
 ```bash
-# Clone and setup
-git clone https://github.com/paulasilvatech/specky.git
-cd specky
-npm install
-
-# Build
-npm run build
-
-# Run tests (292 tests coverage)
-npm test
-
-# Run tests with coverage report
-npm run test:coverage
-
-# Development mode (auto-reload on file changes)
-npm run dev
+# Install globally
+npm install -g specky-sdd
 
 # Verify MCP handshake (quick smoke test)
-echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}' | node dist/index.js 2>/dev/null
-
-# Build and run with Docker locally
-docker build -t specky-sdd:dev .
-docker run -p 3200:3200 -v $(pwd):/workspace specky-sdd:dev
-curl http://localhost:3200/health
+echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}' | specky-sdd 2>/dev/null
 ```
 
+For contributors, see [CONTRIBUTING.md](CONTRIBUTING.md).
+
 
 ## Roadmap
 
-### v3.0 (current)
+### v3.2 (current)
 
 | Capability | Status |
 |------------|--------|
-| 56 MCP tools across 10 enforced pipeline phases | Stable |
+| 57 MCP tools across 10 enforced pipeline phases | Stable |
 | Phase validation on every tool with gate enforcement | Stable |
 | 17 software engineering diagram types (C4, sequence, ER, DFD, deployment, network) | Stable |
 | 12-section system design template (C4 model, security, infrastructure) | Stable |
@@ -1105,15 +1080,22 @@ curl http://localhost:3200/health
 | Turnkey spec from natural language (`sdd_turnkey_spec`) | Stable |
 | Property-based testing with fast-check and Hypothesis (`sdd_generate_pbt`) | Stable |
 | Checkpoint/restore for spec artifacts | Stable |
-| 7 automation hooks (security-scan blocks on secrets) | Stable |
+| Intelligence layer: model routing hints on all tools | Stable |
+| Context tiering: Hot/Domain/Cold with token savings | Stable |
+| Cognitive debt metrics at LGTM gates | Stable |
+| Test traceability: REQ-ID → test coverage mapping | Stable |
+| Intent drift detection with amendment suggestions | Stable |
+| 10 automation hooks (2 blocking) | Stable |
 | 12 Claude Code commands + 5 Copilot agents | Stable |
 | 6 compliance frameworks (HIPAA, SOC2, GDPR, PCI-DSS, ISO 27001) | Stable |
 | 6 input types (transcript, PDF, DOCX, Figma, codebase, raw text) | Stable |
 | Test generation for 6 frameworks (vitest, jest, playwright, pytest, junit, xunit) | Stable |
 | MCP-to-MCP routing (GitHub, Azure DevOps, Jira, Terraform, Figma, Docker) | Stable |
-| 321 unit tests | Stable |
+| SBOM + cosign signing on Docker image | Stable |
+| JSONL audit logger (optional) | Stable |
+| Comprehensive test suite | Stable |
 
-### v3.1+ (planned)
+### v3.3+ (planned)
 
 | Feature | Description |
 |---------|-------------|
@@ -1121,10 +1103,9 @@ curl http://localhost:3200/health
 | Observability | OpenTelemetry metrics and structured logging |
 | Internationalization | Spec templates in PT-BR, ES, FR, DE, JA |
 | Automated shrinking | fast-check/Hypothesis shrinking feedback into spec refinement |
-| RBAC | Role-based access control for phase advancement |
-| Persistent audit log | Centralized audit trail beyond `.sdd-state.json` |
+| Centralized audit log | SIEM-integrated tamper-evident audit trail |
 | Multi-tenant | Isolated workspaces for multiple teams |
-| Analytics dashboard | Specification quality metrics over time |
+| SSO / SAML | Federated identity for enterprise auth |
 
 Have a feature request? [Open an issue](https://github.com/paulasilvatech/specky/issues).
 

package/SECURITY.md

@@ -26,7 +26,7 @@ If you discover a security vulnerability in Specky, please report it responsibly
 
 ### Input Validation
 
-All 53 MCP tool inputs are validated using [Zod](https://zod.dev/) schemas with `.strict()` mode. No unknown fields are accepted. This prevents injection of unexpected parameters through the MCP JSON-RPC interface.
+All 56 MCP tool inputs are validated using [Zod](https://zod.dev/) schemas with `.strict()` mode. No unknown fields are accepted. This prevents injection of unexpected parameters through the MCP JSON-RPC interface.
 
 ```
 AI Client → JSON-RPC → Zod .strict() validation → Service layer
@@ -116,7 +116,7 @@ When using HTTP transport mode (`--http`), bind to `localhost` only. Do not expo
 
 | Practice | Details |
 |----------|---------|
-| **Use stdio mode by default** | `npx specky-sdd` — no network exposure, process-level isolation |
+| **Use stdio mode by default** | `specky-sdd` (global install) — no network exposure, process-level isolation |
 | **Never expose HTTP mode publicly** | `--http` mode has no authentication or TLS. If you need remote access, place behind a reverse proxy (nginx, Caddy, Traefik) with TLS and authentication |
 | **Protect `.specs/` directory** | Contains architecture details, API contracts, security models. Add to `.gitignore` for sensitive projects, or use a private repository |
 | **Protect `.checkpoints/`** | Contains full copies of all spec artifacts. Treat like source code |
@@ -183,3 +183,62 @@ These are **architectural guarantees**, not configuration options:
 - **Never logs sensitive data** — logs go to stderr, contain only operational messages
 
 See [docs/SYSTEM-DESIGN.md](docs/SYSTEM-DESIGN.md) for the complete security architecture with threat model.
+
+## NPX Supply Chain Risk
+
+Running `npx specky-sdd` without a pinned version downloads the latest package from npm on every invocation. This creates a supply-chain exposure: a compromised npm registry entry or a typosquat could execute malicious code in your environment before Specky even starts.
+
+**Recommended mitigations:**
+
+| Approach | Risk reduction | Notes |
+|----------|---------------|-------|
+| `npm install -g specky-sdd` | **High** — fetches once, runs offline after | Recommended default |
+| `npm install -g specky-sdd@3.2.0` | **Higher** — version-pinned, no silent upgrades | Best for reproducible environments |
+| Docker (`ghcr.io/paulasilvatech/specky:3.2.0`) | **Highest** — immutable image by digest | Best for CI/CD and air-gapped |
+| `npx specky-sdd` (unversioned) | **Baseline** — re-downloads on each invocation | Avoid in production pipelines |
+
+**Workspace isolation pattern** (CI/CD):
+
+```bash
+# Install into a local vendor directory — no global write permissions needed
+npm install specky-sdd@3.2.0 --prefix ./vendor --ignore-scripts
+./vendor/node_modules/.bin/specky-sdd
+```
+
+The `--ignore-scripts` flag prevents npm lifecycle scripts from running during install, which is a common supply-chain attack vector.
+
+## MCP Security Framework Compliance
+
+### CoSAI MCP Security White Paper — Threat Category Coverage
+
+Specky addresses the 12 threat categories from the CoSAI MCP Security White Paper:
+
+| ID | Threat Category | Specky Mitigation |
+|----|----------------|-------------------|
+| T-01 | Tool Poisoning | Zod `.strict()` on all 57 tool inputs — no unknown fields accepted |
+| T-02 | Prompt Injection via Tool Results | No user-controlled data interpolated into tool responses |
+| T-03 | Excessive Tool Permissions | Thin Tools pattern — each tool does exactly one operation |
+| T-04 | Insecure Data Storage | FileManager enforces workspace boundary; no secrets in files |
+| T-05 | Insufficient Input Validation | All inputs validated with Zod schemas before reaching service layer |
+| T-06 | Uncontrolled Resource Consumption | Rate limiter (opt-in) for HTTP mode; stdio is single-session |
+| T-07 | Broken Access Control | RBAC engine (opt-in) — viewer/contributor/admin roles; path sanitization |
+| T-08 | Supply Chain Compromise | 2 runtime deps only; Dependabot enabled; global install recommended |
+| T-09 | Credential Leakage | No secrets in logs (stderr only); no credentials in spec artifacts |
+| T-10 | Insecure Communication | stdio mode has zero network exposure; HTTP mode binds to localhost |
+| T-11 | State Manipulation | HMAC-SHA256 signature on `.sdd-state.json`; tamper detection on load |
+| T-12 | Audit Trail Integrity | Hash-chained JSONL audit log; rotation; syslog/OTLP export (opt-in) |
+
+### OWASP MCP Top 10 Coverage
+
+| # | OWASP MCP Risk | Specky Mitigation |
+|---|---------------|-------------------|
+| M1 | Prompt Injection | No dynamic content in tool descriptions; outputs are structured JSON |
+| M2 | Insecure Tool Design | Thin Tools / Fat Services — tools are pure input/output wrappers |
+| M3 | Excessive Agency | No shell execution, no outbound network, no code eval |
+| M4 | Insufficient Authentication | HTTP mode delegates to reverse proxy; stdio is process-isolated |
+| M5 | Broken Object-Level Authorization | RBAC engine enforces per-tool access by role (opt-in) |
+| M6 | Sensitive Data Exposure | FileManager path boundary; no credential logging; workspace-scoped I/O |
+| M7 | Insecure Plugin Composition | Fixed tool set at startup — no dynamic plugin loading |
+| M8 | Improper Error Handling | All service errors caught; tools return structured error responses |
+| M9 | Insufficient Logging | Hash-chained audit trail; syslog export available |
+| M10 | Vulnerable Dependencies | 2 runtime deps; `npm audit` in CI; Dependabot on GitHub |

package/dist/config.d.ts

@@ -3,10 +3,23 @@ export interface SpeckyConfig {
     default_framework?: string;
     compliance_frameworks?: string[];
     audit_enabled?: boolean;
+    rate_limit?: {
+        enabled?: boolean;
+        max_requests_per_minute?: number;
+        burst?: number;
+    };
+    audit?: {
+        export_format?: "jsonl" | "syslog" | "otlp";
+        max_file_size_mb?: number;
+    };
+    rbac?: {
+        enabled?: boolean;
+        default_role?: "viewer" | "contributor" | "admin";
+    };
 }
 /**
  * Load `.specky/config.yml` from workspace root. Returns defaults if not found.
- * Uses simple YAML key-value parsing (no dependency on yaml library).
+ * Handles both flat keys (key: value) and nested blocks (key:\n  sub: value).
  */
 export declare function loadConfig(workspaceRoot: string): Required<SpeckyConfig>;
 //# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AASD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,GAAG,QAAQ,CAAC,YAAY,CAAC,CAcxE"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;IACjC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,UAAU,CAAC,EAAE;QACX,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,uBAAuB,CAAC,EAAE,MAAM,CAAC;QACjC,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,KAAK,CAAC,EAAE;QACN,aAAa,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAC5C,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,CAAC;IACF,IAAI,CAAC,EAAE;QACL,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,QAAQ,GAAG,aAAa,GAAG,OAAO,CAAC;KACnD,CAAC;CACH;AAYD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,GAAG,QAAQ,CAAC,YAAY,CAAC,CA6DxE"}