feat: smart-suggest ROI script + hook tuning + guide updates (Mar 16)
- Add examples/scripts/smart-suggest-roi.py: stdlib-only analyzer correlating suggestion log with session JSONL files to measure command acceptance rate. 4 acceptance signals, tier breakdown, daily trend, --json/--since/--no-sessions CLI. - Tune Aristote smart-suggest hook: tighten 5 over-firing triggers (/tech:commit, /tech:sonarqube, /tech:dupes, /check-conventions a11y, /tech:worktree) - Guide: identity re-injection hook, context engineering maturity grid, code review workflow, 1M context window GA update, Spring Break promo, security audit patterns - Resource evaluations: Nick Tune hooks (3/5), VicKayro security audit (2/5), Karl Mazier CLAUDE.md templates, Paul Rayner ContextFlow, Siddhant agent trace, Andrew Yng context hub, JP Caparas 1M context window Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Florian BRUNIAUX
parent
d9cff74d71
commit
da8bc09f2d
19 changed files with 1963 additions and 6 deletions
|
|
@ -35,6 +35,11 @@ Perform security audits with isolated context, focusing on vulnerability detecti
|
|||
- [ ] Threat modeling considered
|
||||
- [ ] Security requirements defined
|
||||
- [ ] Principle of least privilege
|
||||
- [ ] Paywall/billing limits enforced server-side (not client-side)
|
||||
- [ ] Subscription status read from DB, not from a client-supplied token or claim
|
||||
- [ ] Payment webhook signatures verified (Stripe `stripe.webhooks.constructEvent`, Paddle equivalent)
|
||||
- [ ] No endpoint bypasses billing verification (e.g., admin routes that skip plan checks)
|
||||
- [ ] No race condition on session/resource creation that could allow free usage beyond limits (CWE-362)
|
||||
|
||||
### A05: Security Misconfiguration
|
||||
- [ ] Default credentials changed
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue