From vcsdd
Runs VCSDD Phase 5 formal hardening: invokes vcsdd-verifier for proof obligations using Kani/hypothesis/fast-check, Semgrep security checks, and purity boundary audits.
npx claudepluginhub sc30gsw/vcsdd-claude-code --plugin vcsddThis skill uses the workspace's default tool permissions.
Runs formal hardening (Phase 5). Invokes the vcsdd-verifier agent to execute language-appropriate verification tools against the proof obligations defined in Phase 1b, run security hardening checks, and audit the purity boundary. Produces `verification-report.md`, `security-report.md`, and `purity-audit.md`.
Guides Phase 5 formal hardening with tool selection, proof harness patterns for Rust (Kani/proptest), Python (hypothesis), TypeScript (fast-check), security/purity audits, and verification interpretation.
Validates completed implementations against specs via 6 gates, generating coverage matrices to verify proofs, file changes, standards, and credential safety.
Guides through Trail of Bits' 5-step secure development workflow for smart contracts. Runs Slither scans, checks upgradeability/ERC conformance/token integration, generates security diagrams, documents fuzzing properties, reviews manual areas.
Share bugs, ideas, or general feedback.
Runs formal hardening (Phase 5). Invokes the vcsdd-verifier agent to execute language-appropriate verification tools against the proof obligations defined in Phase 1b, run security hardening checks, and audit the purity boundary. Produces verification-report.md, security-report.md, and purity-audit.md.
Run once the feature is already at phase 5. This happens either after adversarial review PASS (3 -> 5) or after Phase 4 explicitly routes the current sprint's findings to Phase 5 (3 -> 4 -> 5) for proof-gap / invariant-only hardening work.
state.json.proofObligationsverification/security-results/verification/security-report.mdspecs/verification-architecture.mdverification/purity-audit.mdverification/proof-harnesses/verification/fuzz-results/ or verification/mutation-results/## Proof Obligations, ## Summaryproved; a required obligation left as skipped blocks Phase 6verification/security-report.md must include ## Tooling and ## Summaryverification/purity-audit.md must include ## Declared Boundaries, ## Observed Boundaries, and ## Summaryverification/security-results/ must contain at least one captured output file, even if the tools were not applicableprovedverification/verification-report.md exists and was written after entering Phase 5verification/security-report.md exists and was written after entering Phase 5verification/purity-audit.md exists and was written after entering Phase 5verification/security-results/ contains at least one captured output artifact written after entering Phase 5state.json.language (canonical; set by initFeature(..., language) at /vcsdd-init).vcsdd/index.json → features.<name>.language (denormalized cache)Use getLanguageForFeature(featureName) from scripts/lib/vcsdd-state.js for (1)+(2).
Load tool hints from the installed plugin copy of manifests/language-profiles.json (tiers, install commands, red/green/coverage commands) for the resolved language.
/vcsdd-harden
/vcsdd-harden --tier 1 # run only Tier 1 tools (property tests/fuzzing)
/vcsdd-harden --skip-optional # skip non-required obligations