SpecDDSecurity and risk
Security and risk guides for SpecDD projects. These articles show how to constrain agent authority, write security requirements near the code they protect, block unsafe dependencies, specify sensitive boundaries, classify risky work, and review security-sensitive changes against durable local contracts.
- How to use SpecDD to limit agent risk
Use SpecDD to give agents narrow local authority, explicit forbidden behavior, and concrete completion checks before security-sensitive edits happen.
Read guide - How to write security constraints in specs
Put security rules near the code they protect so humans and agents know what must hold, what must never happen, and how to prove it.
Read guide - How to prevent agents from adding forbidden dependencies
Use Forbids to make blocked libraries, modules, paths, tools, and access patterns explicit before humans or agents implement a shortcut.
Read guide - How to spec authentication boundaries
Use SpecDD to make authentication enforcement points explicit so protected code does not trust the wrong caller, token, or UI path.
Read guide - How to spec data privacy requirements
Use local SpecDD specs to make privacy-sensitive data handling explicit near the code that reads, stores, exports, logs, or deletes that data.
Read guide - How to review security-sensitive changes with SpecDD
Use SpecDD as the review contract for security-sensitive changes so reviewers can compare the diff against explicit local constraints.
Read guide - How to use SpecDD for risk classification
Classify SpecDD work as low, medium, or high risk before editing so risky changes get the right planning, checks, and review.
Read guide - How to create a secure coding bootstrap file
Use .specdd/bootstrap.project.md for shared secure coding defaults while keeping local security behavior in local .sdd specs.
Read guide - How to spec secrets handling
Use SpecDD to make secrets handling explicit: where secrets come from, who may access them, how they must not be logged or committed, and what checks prove it.
Read guide - How to spec audit logging
Use SpecDD to make audit logging requirements explicit for auth, payments, admin actions, permission changes, and other sensitive operations.
Read guide - How to spec rate limiting and abuse prevention
Use SpecDD to make rate limits and abuse-prevention behavior explicit before implementation spreads across routes, UI, workers, and middleware.
Read guide - How to spec payment or billing safety rules
Use SpecDD to make payment and billing constraints explicit before a change can double-charge, bypass authorization, lose audit evidence, or call providers directly.
Read guide - How to prevent agents from weakening security checks
Use SpecDD to make security checks hard to remove accidentally: name the protected check, forbid bypasses, require evidence, and review weakenings as governance changes.
Read guide
More How-To categories
- Getting started
Start with spec-driven development, write your first local SpecDD spec, and run a small end-to-end change with human-and-agent-friendly guardrails.
11 guides - Install and setup
Install the SpecDD CLI, prepare Node.js when needed, initialize or update projects, and verify the framework files are wired correctly.
9 guides - Set up your agent
Set up Claude Code, Codex, GitHub Copilot, Cursor, Windsurf, Gemini CLI, OpenCode, Junie, Cline, Antigravity, and universal Agent Skills for SpecDD.
15 guides - Editor setup
Install SpecDD editor support, validate .sdd files, resolve path warnings, and use completions and section hints while writing specs.
4 guides - Agent workflows
Use SpecDD with agents by keeping prompts short, plans spec-bound, file changes authorized, context durable, and reviews tied to local .sdd contracts.
15 guides - Write specs by level
Write SpecDD specs at the right level: root specs for project context, module specs for area boundaries, and focused specs for local behavior and contracts.
14 guides - Use spec sections
Use SpecDD sections correctly: write only sections that add local value, keep authority clear, and express behavior, boundaries, tasks, scenarios, paths, and examples.
25 guides - Spec-writing technique
Improve SpecDD craft with techniques for small specs, right-level placement, naming, splitting, explicit rules, draft review, edge cases, and compatibility.
16 guides - Spec-driven workflows
Use SpecDD workflows to draft, review, implement, synchronize, and evolve local specs without losing source-of-truth context.
11 guides - Work with SpecDD skills
Use SpecDD skills deliberately: choose the right skill for the phase, keep authority clear, chain skills safely, and verify each result against local specs.
17 guides - Software design practices
Use SpecDD to make software design decisions operational: responsibility, boundaries, layers, cohesion, debt prevention, public APIs, and dependency direction.
20 guides - Adopt SpecDD on existing projects
Adopt SpecDD gradually in live codebases by starting with active areas, reviewing generated specs, expanding folder by folder, and measuring practical review and delivery signals.
10 guides - Testing and quality
Turn SpecDD specs into practical quality work: TDD and BDD loops, acceptance criteria, coverage tracing, CI checks, regression tests, and testability review.
11 guides - Code review and governance
Use SpecDD in code review and governance by checking local authority, behavior, boundaries, spec updates, agent output, and high-risk contract changes.
9 guides - Refactoring and maintenance
Use SpecDD to keep maintenance safe: preserve specified behavior, maintain authority while moving code, keep specs current, and delete obsolete contracts carefully.
9 guides - Teams and process
Use SpecDD as a team process by keeping durable behavior in specs, project planning in tickets, conventions in bootstrap.project.md, and reviews lightweight but consistent.
13 guides - Troubleshooting
Fix common SpecDD problems: agent setup, .sdd highlighting, CLI and Node errors, ambiguous specs, unresolved paths, vague specs, stale criteria, and skill installs.
12 guides