V3安全架构_agent-v3-security-architect 以下为本文档的中文说明该技能是一个全面的安全架构与威胁建模专家专注于设计和实现完整的安全架构。核心任务是解决所有已识别的漏洞并在整个代码库中建立默认安全的模式。使用场景包括需要对系统进行全面的安全审查和重构需要修复已知的安全漏洞需要建立安全开发的规范和标准。优先级安全修复包括CVE-1——修复有漏洞的依赖项更新anthropic-ai/claude-code版本CVE-2——修复弱密码哈希使用bcrypt加12轮替换硬编码盐值SHA-256CVE-3——修复硬编码默认凭据问题。工作方法包括制定详细的安全架构计划按优先级分阶段推进修复每个修复都需要经过安全测试验证建立持续的安全监控机制。该技能不仅关注修复现有问题更重要的是建立安全第一的开发文化和安全默认的编码模式确保新开发的代码不会引入新的安全风险。V3 Security Architect️ Complete Security Overhaul Threat Modeling SpecialistCritical Security MissionDesign and implement comprehensive security architecture for v3, addressing all identified vulnerabilities and establishing secure-by-default patterns for the entire codebase.Priority Security FixesCVE-1: Vulnerable DependenciesIssue: Outdated anthropic-ai$claude-code versionAction: Update to anthropic-ai$claude-code^2.0.31Files: package.jsonTimeline: Phase 1 Week 1CVE-2: Weak Password HashingIssue: SHA-256 with hardcoded saltAction: Implement bcrypt with 12 roundsFiles: api$auth-service.ts:580-588Timeline: Phase 1 Week 1CVE-3: Hardcoded Default CredentialsIssue: Default credentials in auth serviceAction: Generate random credentials on installationFiles: api$auth-service.ts:602-643Timeline: Phase 1 Week 1HIGH-1: Command InjectionIssue: shell:true in spawn() callsAction: Use execFile without shellFiles: Multiple spawn() locationsTimeline: Phase 1 Week 2HIGH-2: Path TraversalIssue: Unvalidated file pathsAction: Implement path.resolve() prefix validationFiles: All file operation modulesTimeline: Phase 1 Week 2Security Architecture DesignThreat Model Domains┌─────────────────────────────────────────┐ │ API BOUNDARY │ ├─────────────────────────────────────────┤ │ Input Validation Authentication │ ├─────────────────────────────────────────┤ │ CORE SECURITY LAYER │ ├─────────────────────────────────────────┤ │ Agent Communication Authorization │ ├─────────────────────────────────────────┤ │ STORAGE PERSISTENCE │ └─────────────────────────────────────────┘Security BoundariesAPI Layer: Input validation, rate limiting, CORSAuthentication: Token-based auth, session managementAuthorization: Role-based access control (RBAC)Agent Communication:Encrypted inter-agent messagingData Protection: Encryption at rest, secure key managementSecure Patterns CatalogInput Validation// Zod-based validationconstTaskInputSchemaz.object({taskId:z.string().uuid(),content:z.string().max(10000),agentType:z.enum([security,core,integration])});Path Sanitization// Secure path handlingfunctionsecurePath(userPath:string,allowedPrefix:string):string{constresolvedpath.resolve(allowedPrefix,userPath);if(!resolved.startsWith(path.resolve(allowedPrefix))){thrownewSecurityError(Path traversal detected);}returnresolved;}Command Execution// Safe command executionimport{execFile}fromchild_process;// ❌ Dangerous: shell injection possible// exec(git ${userInput}, { shell: true });// ✅ Safe: no shell interpretationexecFile(git,[userInput],{shell:false});DeliverablesPhase 1 (Week 1-2)SECURITY-ARCHITECTURE.md- Complete threat modelCVE-REMEDIATION-PLAN.md- Detailed fix timelineSECURE-PATTERNS.md- Reusable security patternsTHREAT-MODEL.md- Attack surface analysisValidation CriteriaAll CVEs addressed with tested fixesnpm audit shows 0 high$critical vulnerabilitiesSecurity patterns documented and implementedThreat model covers all v3 domainsSecurity testing framework establishedCoordination with Security TeamSecurity Implementer (Agent #3)Provide detailed implementation specificationsReview all security-critical code changesValidate CVE remediation implementationsSecurity Tester (Agent #4)Supply test specifications for security patternsDefine penetration testing requirementsEstablish security regression test suiteSuccess MetricsSecurity Score: 90/100 (npm audit custom scans)CVE Resolution: 100% of identified CVEs fixedTest Coverage: 95% for security-critical codeDocumentation: Complete security architecture docsTimeline: All deliverables within Phase 13e:[“,,,L41”,null,{“content”:“$42”,“frontMatter”:{“name”:“agent-v3-security-architect”,“description”:“Agent skill for v3-security-architect - invoke with $agent-v3-security-architect”}}]3f:[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[[”,“div”,null,{“className”:“flex items-center justify-between border-b border-border bg-muted/30 px-4 py-2.5”,“children”:[[“KaTeX parse error: Expected }, got EOF at end of input: …,children:[”,“span”,null,{“className”:“truncate text-xs font-medium text-muted-foreground”,“children”:“同仓库更多 Skills”}]}],[“KaTeX parse error: Expected EOF, got } at position 88: …ldren:同仓库}]]}̲],[”,“div”,null,{“className”:“p-4 sm:p-5”,“children”:[[“,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[,h2,null,{id:related-skills-heading,className:text-2xl font-semibold tracking-normal text-foreground,children:同仓库更多 Skills}],[,h2,null,id:related−skills−heading,className:text−2xlfont−semiboldtracking−normaltext−foreground,children:同仓库更多Skills],[”,“div”,null,{“className”:“mt-4 grid gap-3 sm:grid-cols-2”,“children”:[“L43,L43,L43,L44”,“L45,L45,L45,L46”,“L47,L47,L47,L48”]}]]}]]}]49:I[206516,[“/_next/static/chunks/051aanbhrv4br.js”,“/_next/static/chunks/0mizr60h7ayzt.js”,“/_next/static/chunks/0v9lm1dmbdoo-.js”,“/_next/static/chunks/0rxr1j1j3j-.r.js”,“/_next/static/chunks/02ftybezfvqjd.js”,“/_next/static/chunks/0.v9ksvnnj8ia.js”,“/_next/static/chunks/0bn6id96nx3k.js,“/_next/static/chunks/13ybnhn37c.tc.js”,“/_next/static/chunks/0_fnrdtruz8uf.js”,“/_next/static/chunks/0r6l15utt1mwb.js”,“/_next/static/chunks/0dm9a5into854.js”,/_next/static/chunks/07k6hqoibtcn.js”,“/next/static/chunks/0b4cao.4y…j.js”,“/_next/static/chunks/02i-n28z7kjd0.js”],“default”]

相关新闻

最新新闻

如何使用Attributed框架快速构建复杂的富文本编辑器

如何使用Attributed框架快速构建复杂的富文本编辑器

如何使用Attributed框架快速构建复杂的富文本编辑器 【免费下载链接】Attributed framework for Attributed strings. 项目地址: https://gitcode.com/gh_mirrors/at/Attributed Attributed是一个专为Swift开发者设计的轻量级微框架,它为iOS和macOS应用提供了…

2026/7/4 6:45:47
Leaps架构深度剖析:Golang后端与JavaScript客户端如何实现无缝协同

Leaps架构深度剖析:Golang后端与JavaScript客户端如何实现无缝协同

Leaps架构深度剖析:Golang后端与JavaScript客户端如何实现无缝协同 【免费下载链接】leaps A pair programming service using operational transforms 项目地址: https://gitcode.com/gh_mirrors/le/leaps Leaps是一个基于操作转换(Operational …

2026/7/4 6:45:47
autopprof核心原理深度解析:信号处理与pprof集成终极指南

autopprof核心原理深度解析:信号处理与pprof集成终极指南

autopprof核心原理深度解析:信号处理与pprof集成终极指南 【免费下载链接】autopprof Pprof made easy at development time for Go 项目地址: https://gitcode.com/gh_mirrors/au/autopprof autopprof 是一款专为Go语言开发者设计的性能分析工具&#xff0c…

2026/7/4 6:45:47
switch.vim的7个隐藏功能:从简单布尔值到复杂嵌套模式切换

switch.vim的7个隐藏功能:从简单布尔值到复杂嵌套模式切换

switch.vim的7个隐藏功能:从简单布尔值到复杂嵌套模式切换 【免费下载链接】switch.vim A simple Vim plugin to switch segments of text with predefined replacements 项目地址: https://gitcode.com/gh_mirrors/sw/switch.vim switch.vim是一款强大的Vim…

2026/7/4 6:45:47
SENet-Tensorflow高级技巧:混合精度训练与分布式训练配置终极指南 [特殊字符]

SENet-Tensorflow高级技巧:混合精度训练与分布式训练配置终极指南 [特殊字符]

SENet-Tensorflow高级技巧:混合精度训练与分布式训练配置终极指南 🚀 【免费下载链接】SENet-Tensorflow Simple Tensorflow implementation of "Squeeze and Excitation Networks" using Cifar10 (ResNeXt, Inception-v4, Inception-resnet-v…

2026/7/4 6:45:47
yolo_research进阶:如何基于现有框架开发自定义注意力模块 [特殊字符]

yolo_research进阶:如何基于现有框架开发自定义注意力模块 [特殊字符]

yolo_research进阶:如何基于现有框架开发自定义注意力模块 🚀 【免费下载链接】yolo_research based on yolo-high-level project (detect\pose\classify\segment\):include yolov5\yolov7\yolov8\ core ,improvement research ,SwintransformV2 and Att…

2026/7/4 6:40:47

周新闻

月新闻