security-design
Security Design
Make the security model an architectural decision, not a bug-fixing exercise after implementation.
Context
Security design identifies what must be protected, who might abuse the system, and which controls must exist at each boundary. It sits upstream of security audit: the goal here is to design the defenses, not just inspect the code later.
In Prodcraft, security design is most valuable when the system adds new trust boundaries, handles sensitive data, or depends on brownfield coexistence where old and new controls may differ.
Inputs
- architecture-doc -- Defines the system boundaries, deployment topology, and interaction patterns.
- api-contract -- Identifies externally visible actions, data entry points, and policy-sensitive operations.
Process
Step 1: Mark Assets and Trust Boundaries
More from yknothing/prodcraft
system-design
Use when reviewed requirements or specifications are ready and the team must decide high-level architecture, component boundaries, integration seams, or brownfield coexistence strategy before API design, technology selection, or task planning.
6ci-cd
Use when a reviewed implementation slice needs an automated build, test, and deployment pipeline, especially when brownfield rollback, release-boundary checks, contract/integration gates, and staged delivery must be explicit before shipping.
6intake
The mandatory gateway for all new engineering work. Triage and route new products, apps, features, migrations, tech-debt, or any 'not sure where to start' request to the correct lifecycle path. Use before starting design or implementation. Do not use for ongoing tasks, specific debugging, or PR reviews.
6feature-development
Use when a reviewed task slice has tests or acceptance targets and the team must turn it into a small, mergeable implementation increment without expanding scope, breaking contracts, or hiding release-boundary risk.
6monitoring-observability
Use when a live service or newly delivered release needs actionable telemetry, dashboards, and alerts that expose real user-impactful boundaries, especially when brownfield coexistence rules, unsupported-flow safety, rollback health, or queue/backfill behavior must be visible before incidents escalate.
6incident-response
Use when a live production issue needs coordinated containment, severity triage, stakeholder communication, and evidence capture, especially when a recent release, brownfield coexistence rules, rollback decisions, or unresolved contract boundaries must be handled before root-cause work.
6