toh-framework

The Security Engineer skill within the Toh Framework provides a rigorous, automated security layer for developers utilizing AI-driven coding agents. It follows the philosophy of "Trust, but verify," ensuring that code generated by AI is audited for common vulnerabilities before reaching production. This tool is designed for solo developers, solopreneurs, and engineering teams using IDEs like Claude Code, Cursor, and Gemini CLI, who require rapid security verification without manual overhead.

• Performs Level 1 Quick Checks to identify hardcoded secrets, API keys, dangerous imports, and obvious injection vectors like SQL or XSS in under five seconds.

• Conducts Level 2 Full Audits covering complex threats such as authorization flaws, insecure cookie settings, dependency vulnerabilities, and command injection risks.

• Utilizes pattern-based detection to scan specific file types including .ts, .tsx, .js, .jsx, and .env configuration files while intelligently ignoring build artifacts and dependency folders.

• Generates human-readable security reports that categorize findings into Critical and Warning statuses, providing direct actionable fixes.

• Integrates seamlessly into the Toh-framework command suite (e.g., /toh-protect), allowing developers to execute security scans within the same terminal environment they use for development.

• Enforces proactive security practices by identifying unsafe React HTML rendering, deprecated cryptographic algorithms, and ESLint security rule bypasses.

• To trigger a scan, use the designated command /toh-protect or incorporate checks into the /toh-dev and /toh-test workflows.

• The tool is optimized for TypeScript and Next.js environments but remains flexible for other Node.js-based projects.

• Users should configure their environments to ensure the framework can access relevant source files while ignoring /node_modules, /.git, and /dist directories.

• The output includes file path references and line numbers to facilitate immediate remediation of vulnerabilities.

• While the tool provides robust detection, it is intended as a supplementary security layer rather than a replacement for full-scale application penetration testing.