From a24efbdaceedf55dbb47aa14c4731a2f0e2928f6 Mon Sep 17 00:00:00 2001
From: Christian Kaman <Christiank@tekimax.com>
Date: Thu, 16 Apr 2026 22:26:43 -0500
Subject: [PATCH] catalog: add tekimax-security v0.3.1 community extension

Adds the TEKIMAX Secure SDD extension to
extensions/catalog.community.json and the Community Extensions
table in README.md (alphabetical, between Superpowers Bridge and
TinySpec per maintainer guidance on PR #2215).

Catalog entry:
- version: 0.3.1 (current shipped release)
- created_at == updated_at == 2026-04-16 (first-publish timestamps
  match per Copilot review feedback on PR #2215)
- download_url points at the v0.3.1 release tag
- provides: 9 commands, 5 hooks
- license: Apache-2.0

Repo:    https://github.com/TEKIMAX/speckit-security
Release: https://github.com/TEKIMAX/speckit-security/releases/tag/v0.3.1

Addresses github/spec-kit#2215 review comments (@mnriem,
@copilot-pull-request-reviewer):
- README row added in Community Extensions section (alphabetical).
- created_at / updated_at on the entry match on first publish.
- PR description, catalog entry version, and download_url are
  consistent at v0.3.1.
---
 README.md                         |  1 +
 extensions/catalog.community.json | 36 ++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 119f0c8a0..c5555e0dc 100644
--- a/README.md
+++ b/README.md
@@ -250,6 +250,7 @@ The following community-contributed extensions are available in [`catalog.commun
 | Staff Review Extension | Staff-engineer-level code review that validates implementation against spec, checks security, performance, and test coverage | `code` | Read-only | [spec-kit-staff-review](https://github.com/arunt14/spec-kit-staff-review) |
 | Status Report | Project status, feature progress, and next-action recommendations for spec-driven workflows | `visibility` | Read-only | [Open-Agent-Tools/spec-kit-status](https://github.com/Open-Agent-Tools/spec-kit-status) |
 | Superpowers Bridge | Orchestrates obra/superpowers skills within the spec-kit SDD workflow across the full lifecycle (clarification, TDD, review, verification, critique, debugging, branch completion) | `process` | Read+Write | [superpowers-bridge](https://github.com/RbBtSn0w/spec-kit-extensions/tree/main/superpowers-bridge) |
+| TEKIMAX Secure SDD | Security-first extension — threat modeling (STRIDE), red teaming, AI guardrails, data contracts, model governance, polyglot inline-content scan, dependency CVE scan (Gate G), tamper-evident hash-chain audit logs | `process` | Read+Write | [speckit-security](https://github.com/TEKIMAX/speckit-security) |
 | TinySpec | Lightweight single-file workflow for small tasks — skip the heavy multi-step SDD process | `process` | Read+Write | [spec-kit-tinyspec](https://github.com/Quratulain-bilal/spec-kit-tinyspec) |
 | V-Model Extension Pack | Enforces V-Model paired generation of development specs and test specs with full traceability | `docs` | Read+Write | [spec-kit-v-model](https://github.com/leocamello/spec-kit-v-model) |
 | Verify Extension | Post-implementation quality gate that validates implemented code against specification artifacts | `code` | Read-only | [spec-kit-verify](https://github.com/ismaelJimenez/spec-kit-verify) |
diff --git a/extensions/catalog.community.json b/extensions/catalog.community.json
index 17bf6f70e..9213a0920 100644
--- a/extensions/catalog.community.json
+++ b/extensions/catalog.community.json
@@ -1,6 +1,6 @@
 {
   "schema_version": "1.0",
-  "updated_at": "2026-04-16T18:00:00Z",
+  "updated_at": "2026-04-16T18:40:00Z",
   "catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json",
   "extensions": {
     "aide": {
@@ -1963,6 +1963,40 @@
       "created_at": "2026-03-02T00:00:00Z",
       "updated_at": "2026-03-02T00:00:00Z"
     },
+    "tekimax-security": {
+      "name": "TEKIMAX Secure SDD",
+      "id": "tekimax-security",
+      "description": "Security-first extension for Spec Kit — threat modeling (STRIDE), red teaming, AI guardrails, data contracts, model governance, polyglot inline-content scan, dependency CVE scan (Gate G via osv-scanner / pnpm / npm / yarn), and project-root-confined scripts with tamper-evident hash-chain audit logs.",
+      "author": "Christian Kaman (TEKIMAX)",
+      "version": "0.3.1",
+      "license": "Apache-2.0",
+      "homepage": "https://speckit.tekimax.com",
+      "repository": "https://github.com/TEKIMAX/speckit-security",
+      "documentation": "https://speckit.tekimax.com",
+      "changelog": "https://github.com/TEKIMAX/speckit-security/blob/main/CHANGELOG.md",
+      "download_url": "https://github.com/TEKIMAX/speckit-security/archive/refs/tags/v0.3.1.zip",
+      "requires": {
+        "speckit_version": ">=0.1.0"
+      },
+      "provides": {
+        "commands": 9,
+        "hooks": 5
+      },
+      "tags": [
+        "security",
+        "threat-modeling",
+        "red-team",
+        "guardrails",
+        "ai-safety",
+        "compliance",
+        "tekimax"
+      ],
+      "verified": false,
+      "downloads": 0,
+      "stars": 0,
+      "created_at": "2026-04-16T00:00:00Z",
+      "updated_at": "2026-04-16T00:00:00Z"
+    },
     "tinyspec": {
       "name": "TinySpec",
       "id": "tinyspec",