feat: add YAML frontmatter, bitcoin-conventions skill, path rules, and Gitea CI
- Added YAML frontmatter to all 8 polish-* skills and sweep skill so Claude can auto-invoke them - New bitcoin-conventions skill with PROUX UX methodology, sats display, address validation, Tor preferences, Lightning patterns - Path-specific rules for containers (security hardening) and frontend (Vue/glassmorphism conventions) - Gitea Actions: nightly security review and weekly dependency audit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
45
.gitea/workflows/nightly-security.yml
Normal file
45
.gitea/workflows/nightly-security.yml
Normal file
@@ -0,0 +1,45 @@
|
||||
name: Nightly Security Review
|
||||
on:
|
||||
schedule:
|
||||
- cron: '47 1 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
security-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Claude Code
|
||||
run: npm install -g @anthropic-ai/claude-code
|
||||
|
||||
- name: Run security review on recent changes
|
||||
env:
|
||||
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
||||
run: |
|
||||
CHANGED=$(git diff --name-only HEAD~1..HEAD 2>/dev/null || echo "")
|
||||
if [ -z "$CHANGED" ]; then
|
||||
echo "No recent changes to review"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
claude --print "Run a security review focused on these recently changed files:
|
||||
$CHANGED
|
||||
|
||||
Check for:
|
||||
- Constant-time comparison violations in crypto code
|
||||
- Private key material in logs or error messages
|
||||
- Floating-point Bitcoin amounts (must be integer sats)
|
||||
- eval() or unsafe blocks without SAFETY comments
|
||||
- Hardcoded credentials or secrets
|
||||
- Missing input validation at API boundaries
|
||||
|
||||
Output a structured report with severity levels.
|
||||
If any CRITICAL issues found, exit with code 1." > security-report.txt 2>&1
|
||||
|
||||
cat security-report.txt
|
||||
|
||||
if grep -qi "critical" security-report.txt; then
|
||||
echo "::error::Critical security issues found — review security-report.txt"
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user