As more teams adopt Spec‑Driven Development (SDD), we should evolve CodeGuard to better align with this.
Today, SDD typically spans multiple stages:
-Specify
-Plan
-Task definition
-Implement ( --> Here Code-Guard is effective and used)
Currently, CodeGuard primarily can operate in the implementation phase, where it enforces secure coding practices during code generation. While this is critical, it represents only a subset of the SDD lifecycle.
However, security-by-design principles require coverage across all phases, not just implementation.
We can extend code guard rules/skills for supporting below points:
-What security guidance exists during the Specify phase (I feel at high level security principals but may be more)?
-How are threats, trust boundaries, and constraints captured during the Plan phase? (Threat modeling, architecture guardrails)
-Are there security-aware task definitions during the Task phase?
-Implement (agent consider mainly Codeguard rules at this stage)
As more teams adopt Spec‑Driven Development (SDD), we should evolve CodeGuard to better align with this.
Today, SDD typically spans multiple stages:
-Specify
-Plan
-Task definition
-Implement ( --> Here Code-Guard is effective and used)
Currently, CodeGuard primarily can operate in the implementation phase, where it enforces secure coding practices during code generation. While this is critical, it represents only a subset of the SDD lifecycle.
However, security-by-design principles require coverage across all phases, not just implementation.
We can extend code guard rules/skills for supporting below points:
-What security guidance exists during the Specify phase (I feel at high level security principals but may be more)?
-How are threats, trust boundaries, and constraints captured during the Plan phase? (Threat modeling, architecture guardrails)
-Are there security-aware task definitions during the Task phase?
-Implement (agent consider mainly Codeguard rules at this stage)