Phase 3: TDD Specification
What this phase does
Write a failing test that proves the top vulnerability exists. This is the red phase — do not touch the application code.
Instructions
- •
Read
SECURITY_PLAN.md. Pick the topPending(notDONE) item from the ranked backlog. - •
Write a test that reproduces the vulnerability.
- •Create a new test file (e.g.
tests/security/exploit_repro.test.ts) - •The test should FAIL right now — it's proving the vulnerability exists
- •Do NOT fix the code. That's Phase 4.
- •Create a new test file (e.g.
- •
Run the test. Confirm it fails for the right reason (the vulnerability, not a syntax error).
- •
Stop. Report the test file path and what it proves.
The next step is Phase 4: /4-security-fix