aiwg
Version:
Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo
91 lines (90 loc) • 3.98 kB
JSON
{
"id": "security-engineering",
"type": "framework",
"name": "Security Engineering",
"version": "0.1.0",
"description": "Applied security framework for cryptographic primitive selection, chain-of-trust design, secret handling at runtime, supply-chain trust, npm supply-chain hardening, physical-access threat modeling, and authentication-factor architecture. Pattern-based, product-agnostic — composes with sdlc-complete's threat-modeling and audit agents rather than replacing them.",
"modeAliases": [
"security-eng",
"secure-dev",
"applied-security"
],
"entry": {
"agents": "agents",
"skills": "skills",
"templates": "templates",
"rules": "rules"
},
"workspace": {
"subdirs": [
"decisions",
"chain-of-trust",
"factors",
"degraded-modes",
"physical-threats",
"supply-chain",
"reviews"
]
},
"standards": [
"NIST SP 800-57 (Key Management)",
"NIST SP 800-63B (Authentication)",
"NIST SP 800-108 (KDFs)",
"NIST SP 800-208 (Stateful Hash-Based Signatures)",
"RFC 5869 (HKDF)",
"RFC 9106 (Argon2)",
"RFC 8446 (TLS 1.3)",
"OWASP ASVS 4.0",
"OWASP Cryptographic Storage Cheat Sheet",
"FIPS 140-3"
],
"metadata": {
"created": "2026-05-03",
"last_updated": "2026-05-13",
"total_agents": 0,
"total_commands": 0,
"total_skills": 15,
"total_rules": 6,
"status": "active"
},
"memory": {
"creates": [
{ "path": ".aiwg/security-engineering/", "description": "Security engineering root directory" },
{ "path": ".aiwg/security-engineering/decisions/", "description": "Cryptographic and design decision records" },
{ "path": ".aiwg/security-engineering/chain-of-trust/", "description": "Bootstrap and verification chain designs" },
{ "path": ".aiwg/security-engineering/factors/", "description": "Authentication factor design rationale" },
{ "path": ".aiwg/security-engineering/degraded-modes/", "description": "Fail-closed/fail-open behavior matrices" },
{ "path": ".aiwg/security-engineering/physical-threats/", "description": "Physical-access threat scenarios" },
{ "path": ".aiwg/security-engineering/supply-chain/", "description": "Supply-chain trust artifacts (pinning, repro builds)" },
{ "path": ".aiwg/security-engineering/reviews/", "description": "Applied-security review reports" }
],
"topology": {
"namespace": ".aiwg/security-engineering",
"index": ".aiwg/security-engineering/index.md",
"log": ".aiwg/security-engineering/.log.jsonl",
"crossRefStyle": "at-mention"
}
},
"boundary": {
"owns": [
"Cryptographic primitive selection (AEAD, KDF, MAC, signature)",
"Chain-of-trust / bootstrap integrity",
"Authentication factor architecture",
"Degraded-mode (fail-closed/fail-open) design",
"Runtime secret handling (fd passing, scratch surface, error paths)",
"Supply-chain trust beyond CVE scanning",
"npm supply-chain hardening patterns (release-age gates, dep-source policy, trusted-publishing review)",
"Physical-access threat modeling"
],
"delegatesTo": {
"sdlc-complete/security-architect": "STRIDE threat modeling at system altitude",
"sdlc-complete/security-auditor": "OWASP Top 10, CVE scanning, secrets-in-repo, SAST/DAST",
"sdlc-complete/security-gatekeeper": "Phase-gate compliance and control coverage",
"forensics-complete": "Post-incident analysis and IOC enrichment"
}
},
"catalog_format": {
"style": "suggested-default-with-research-path",
"description": "Each skill that names tools/libraries provides (1) a suggested default with selection rationale, (2) a short menu of vetted alternatives with selection criteria, and (3) a research-path block describing how to evaluate newer or domain-specific options. Skills never hard-pick a vendor product."
}
}