You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Umbrella for the M8 declarative, auditable security framework: a single machine- and human-readable security posture, a gowdk audit command that checks it against a baseline and declared policies, frontend audits, and an IR-driven integration-test runner. Designed to be auditable by a human or an LLM, and explicitly anti-magic (the audit never runs as part of gowdk build; every finding cites a code + file:line; severity lives only in the diagnostic registry).
internal/securitymanifest: pure IR-derived posture → gowdk-security.json (routes, endpoints, contracts; guards, CSRF, body limit, public/default-deny, source).
internal/auditspec: composable policy model (named policies, extends, route/endpoint/frontend selectors), evaluation engine, and a built-in baseline encoding the security.md production-readiness gates.
gowdk audit command (human + --json, non-zero exit on error findings) and build-time emission of gowdk-security.json.
Umbrella for the M8 declarative, auditable security framework: a single machine- and human-readable security posture, a
gowdk auditcommand that checks it against a baseline and declared policies, frontend audits, and an IR-driven integration-test runner. Designed to be auditable by a human or an LLM, and explicitly anti-magic (the audit never runs as part ofgowdk build; every finding cites a code +file:line; severity lives only in the diagnostic registry).Shipped (slice 1) — PR #360
internal/securitymanifest: pure IR-derived posture →gowdk-security.json(routes, endpoints, contracts; guards, CSRF, body limit, public/default-deny, source).internal/auditspec: composable policy model (named policies,extends, route/endpoint/frontend selectors), evaluation engine, and a built-in baseline encoding thesecurity.mdproduction-readiness gates.gowdk auditcommand (human +--json, non-zero exit on error findings) and build-time emission ofgowdk-security.json.audit_*/policy_*diagnostic codes,gowdk explain-able.Remaining
*.audit.gwdkfile kind + declared composable policies (parser → IR → engine).runtime/testkit, generated_test.go,gowdk audit --emit-tests/--run, and aruntime/appsecurity-header capability.docs/language/audit.md.Design decisions (locked)
policy {}+ separatetest {}in a dedicated*.audit.gwdkfile kind; baseline runs with zero config.gowdk audit, never blocksgowdk build._test.gothe user owns;--runis a convenience.Related
PR #360. Refs #179 (testkit), #182 (features from IR metadata), #120 (CSRF tests), #119 (fail-closed secret). Spec:
docs/product/security-audit-spec.md.