Author new softwaredev ways: threat-modeling, standards, RFC expansion #28
Description
Context
The taxonomy restructure (softwaredev → architecture/code/delivery/environment/docs) identified three content gaps when compared against the well-engineered repository model:
1. Threat modeling (architecture/threat-modeling/)
The existing code/security way covers code-commit-time detection (SQL injection, XSS, secrets). A threat-modeling way would operate at design altitude: STRIDE analysis, accepted-risk logs with expiration dates, auth/authz design rationale.
Trigger: semantic matching on threat model, STRIDE, risk register, attack surface, trust boundary
2. Standards and conventions (docs/standards/)
Distinct from code/quality (which detects and acts on metrics). A standards way would guide establishing and referencing team norms: testing philosophy, dependency policy, accessibility standards. Triggered when someone is setting policy rather than measuring against it.
Trigger: semantic matching on convention, standard, policy, norm, agreement, testing philosophy
3. RFC/proposal expansion of architecture/design/
The design way currently covers design patterns (Factory, Strategy, Observer). The gap is the deliberation process — RFCs as the "before" to an ADR's "after". Could be a sub-way of design or content added to the existing way.
Trigger: expand design vocabulary with proposal, rfc, sketch, deliberation, explore
Notes
These are additive content — they don't require structural changes. Each needs vocabulary authoring and should be tested with /test-way for discrimination against existing ways before merging.