@hstm-labs/forge-security-generator

Security layer generation stage for Forge — produces authentication models, RBAC configurations, security middleware, input validation rules, and security headers from architecture output.

Installation

npm install @hstm-labs/forge-security-generator

Public API

Types

• SecurityArtifact — complete security layer output
• AuthModel — authentication strategy and configuration
• RbacConfig, RoleDefinition, PermissionMapping — role-based access control
• SecurityMiddleware — middleware implementation
• InputValidationRule — input validation definitions
• SecurityHeadersConfig, SecurityHeader — HTTP security headers

Classes

• SecurityGenerateStage — pipeline stage implementing PipelineStage interface
• SecurityOutputValidator — validates LLM-produced security output (includes hardcoded secret scanning)

Usage

import { SecurityGenerateStage } from '@hstm-labs/forge-security-generator';

const stage = new SecurityGenerateStage();
const result = await stage.execute(input);
// result.data contains SecurityArtifact

License

MIT