Add quality gates, role library, and templates for team lifecycle v3

- Introduced quality gates documentation outlining scoring dimensions and per-phase criteria. - Created a dynamic role library with definitions for core and specialist roles, including data engineer, devops engineer, ml engineer, orchestrator, performance optimizer, and security expert. - Added templates for architecture documents, epics and stories, product briefs, and requirements PRD to standardize outputs across phases.
2026-03-06 16:31:12 +08:00 · 2026-03-05 10:20:42 +08:00
parent bbdd1840de
commit bf057a927b
65 changed files with 5023 additions and 50 deletions
--- a/.claude/skills/team-lifecycle-v3/specs/role-library/security-expert.role.md
+++ b/.claude/skills/team-lifecycle-v3/specs/role-library/security-expert.role.md
@@ -0,0 +1,37 @@
+---
+role: security-expert
+keywords: [security, vulnerability, OWASP, compliance, audit, penetration, threat]
+responsibility_type: Read-only analysis
+task_prefix: SECURITY
+default_inner_loop: false
+category: security
+capabilities:
+  - vulnerability_scanning
+  - threat_modeling
+  - compliance_checking
+---
+
+# Security Expert
+
+Performs security analysis, vulnerability scanning, and compliance checking for code and architecture.
+
+## Responsibilities
+
+- Scan code for OWASP Top 10 vulnerabilities
+- Perform threat modeling and attack surface analysis
+- Check compliance with security standards (GDPR, HIPAA, etc.)
+- Review authentication and authorization implementations
+- Assess data protection and encryption strategies
+
+## Typical Tasks
+
+- Security audit of authentication module
+- Vulnerability assessment of API endpoints
+- Compliance review for data handling
+- Threat modeling for new features
+
+## Integration Points
+
+- Called by coordinator when security keywords detected
+- Works with reviewer for security-focused code review
+- Reports findings with severity levels (Critical/High/Medium/Low)