Add tekimax-security to community catalog#2200
Conversation
There was a problem hiding this comment.
Pull request overview
Adds the TEKIMAX Secure SDD community extension to Spec Kit’s community catalog so it can be discovered/installed via the standard catalog flow.
Changes:
- Adds a new
tekimax-securityentry toextensions/catalog.community.jsonwith metadata (version, URLs, tags, hook/command counts). - Adds TEKIMAX Secure SDD to the Community Extensions table in the root
README.md.
Show a summary per file
| File | Description |
|---|---|
| README.md | Adds a new row advertising the TEKIMAX Secure SDD extension in the community extensions list. |
| extensions/catalog.community.json | Registers the tekimax-security extension (metadata + compatibility requirements) in the community catalog. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 1
extensions/catalog.community.json
Outdated
| "stars": 0, | ||
| "created_at": "2026-04-13T07:00:00Z", | ||
| "updated_at": "2026-04-13T07:00:00Z" |
There was a problem hiding this comment.
extensions/EXTENSION-PUBLISHING-GUIDE.md specifies that when updating extensions/catalog.community.json you must bump the file’s top-level updated_at to the current time (and use a current timestamp for the entry’s created_at/updated_at) (see guide around lines 202-205). The catalog header updated_at is still 2026-04-10T17:00:00Z, which is now older than this newly added entry’s updated_at, so consumers relying on the header won’t see the catalog as freshly updated.
Adds an entry for TEKIMAX Secure SDD, a security-first extension that wires threat modeling (STRIDE), data contracts, AI guardrails, model governance, automated red teaming, and post-implementation audit into Spec Kit's hook system. - 7 slash commands across SPECIFY / DESIGN / IMPLEMENT / VERIFY - 5 phase hooks: after_specify, after_plan, before_implement, after_implement, before_analyze - Apache-2.0 licensed - Repository: https://github.com/TEKIMAX/speckit-security
Updates the existing catalog entry to reflect the v0.2.2 release: - version 0.2.0 -> 0.2.2 - download_url repointed at the v0.2.2 archive - provides.commands 7 -> 8 (new install-rules command) - description updated to mention the new install-rules capability which writes to the spec-kit constitution and agent context files - updated_at timestamp refreshed
kaman1
force-pushed
the
add-tekimax-security
branch
from
5d71cfb to
e7646be
Compare
|
Refreshed the catalog entry to reflect the v0.2.2 release:
Also rebased onto current Repo: https://github.com/TEKIMAX/speckit-security |
There was a problem hiding this comment.
Pull request overview
Adds the TEKIMAX Secure SDD extension (tekimax-security) to Spec Kit’s community extension listings, making it discoverable via the community catalog and README table.
Changes:
- Added a new
tekimax-securityentry toextensions/catalog.community.jsonwith metadata (version, URLs, tags, provides, requirements). - Added TEKIMAX Secure SDD to the Community Extensions table in
README.md.
Show a summary per file
| File | Description |
|---|---|
| README.md | Adds TEKIMAX Secure SDD to the community extensions table for discoverability. |
| extensions/catalog.community.json | Registers tekimax-security in the community catalog with install metadata and capabilities. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 2
| "verified": false, | ||
| "downloads": 0, | ||
| "stars": 0, | ||
| "created_at": "2026-04-13T07:00:00Z", | ||
| "updated_at": "2026-04-13T08:30:00Z" |
There was a problem hiding this comment.
Per the Extension Publishing Guide, new catalog entries should use the current timestamp for both created_at and updated_at, and the catalog’s top-level updated_at should be bumped to the current time when editing the file. This entry uses fixed times and the file’s top-level updated_at (near the top of the JSON) wasn’t updated in this PR.
| "description": "Adds security gates to the SDD lifecycle — STRIDE threat modeling, data contracts, AI guardrails, model governance, automated red team, and post-implementation audit. Eight commands wired into five Spec Kit hooks. Rules can be installed into the project constitution and agent context files so they bind the AI agent at runtime.", | ||
| "author": "Christian Kaman (TEKIMAX)", | ||
| "version": "0.2.2", | ||
| "download_url": "https://github.com/TEKIMAX/speckit-security/archive/refs/tags/v0.2.2.zip", | ||
| "repository": "https://github.com/TEKIMAX/speckit-security", |
There was a problem hiding this comment.
The PR description states the extension ships 7 commands and links to release v0.2.0, but the catalog entry says provides.commands: 8 / “Eight commands …” and sets version/download_url to 0.2.2. Please reconcile these so the PR description and catalog metadata consistently reflect the same release and command count.
mnriem
left a comment
mnriem
left a comment
There was a problem hiding this comment.
Please address Copilot feedback. If not applicable, please explain why
Adds
tekimax-security(TEKIMAX Secure SDD) to the community catalog.What it does
tekimax-securityis a security-first extension that plugs into Spec Kit's hook system and adds security gates to the SDD lifecycle. It catches AI technical debt at the point where it's cheapest to fix — in the spec, before code exists.It provides 7 commands and 5 hooks wired into
after_specify,after_plan,before_implement,after_implement, andbefore_analyze. It ships an automated red-team runner that parses scenarios and executes them against a staging endpoint with safety guards (refuses prod URLs, rate-limited, injects anX-Red-Teamheader), then classifies responses and writes a JSONL trace for audit.The extension is stack-agnostic — it enforces the existence of security controls (AI gateway, guardrails, PII encryption, RBAC, schema validation) without requiring specific vendors.
Why this fills a gap
Spec Kit excels at turning specifications into code. The existing
security-reviewextension in the catalog is a 3-command, 0-hook post-implementation code audit.tekimax-securityis different: it's a lifecycle-wide gate system that enforces security controls at every SDD phase transition via hooks, and includes proactive STRIDE threat modeling, model governance gating, and an automated red-team runner.Verification
extension.ymlvalidates against the spec-kit schemaspecify extension add --devand registers all 7 commands.claude/skills/speckit-tekimax-security-*.extensionignoreexcludes dev-only filesLinks
Compatibility
Requires
speckit_version >= 0.1.0. Tested against 0.6.2.Contact
Happy to iterate on formatting, wording, or the catalog entry structure if anything's off. Thanks for shipping the extension API — it's genuinely a great surface to build on.