Getting Started
Install Spec Kit, install the extension, and run your first gated feature in 10 minutes.
Prerequisites
- macOS or Linux (Windows via WSL or Git Bash)
uv,brew install uv- git and bash (both already present on macOS / most Linux)
- An AI agent supported by Spec Kit, Claude Code, Copilot, Gemini CLI, Cursor, OpenCode, Windsurf, or one of 15+ others
1. Install Spec Kit
uv tool install specify-cli --from git+https://github.com/github/spec-kit.git
specify version2. Clone the extension
You only need to do this once per machine. The extension is installed in dev mode from a local clone, no npm install required.
mkdir -p ~/tekimax && cd ~/tekimax
git clone https://github.com/TEKIMAX/speckit-security.git3. Initialize Spec Kit inside your project
speckit-security works in any Spec Kit project. You can start a
new project or add Spec Kit to an existing one.
New project
specify init my-ai-app --ai claude
cd my-ai-appExisting project (e.g. a Vite app)
cd ~/path/to/your-existing-project
specify init . --ai claudeReplace claude with your agent of choice: copilot, gemini,
cursor-agent, opencode, windsurf, etc.
4. Install the extension
specify extension add --dev ~/tekimax/speckit-security
specify extension listYou should see:
✓ TEKIMAX Secure SDD (v0.2.6)
Security-first extension for Spec Kit
Commands: 8 | Hooks: 5 | Status: Enabled5. Copy the config template
cp .specify/extensions/tekimax-security/config/tekimax-security-config.template.yml \
.specify/extensions/tekimax-security/tekimax-security-config.ymlThe defaults are safe. Customize later, see Customization.
6. Install development rules (optional but recommended)
bash .specify/extensions/tekimax-security/scripts/bash/install-rules.shThis writes a DEVELOPMENT-RULES.md into your project, appends the
rules to .specify/memory/constitution.md (so every AI agent reads
them at session start), and writes the short rules block to your
agent-specific context file (CLAUDE.md, AGENTS.md, etc.).
7. Use it in your AI agent
Open your project in Claude Code, Copilot, Cursor, or whichever agent you initialized with. New slash commands are available:
/speckit.specify add user authentication with passkeys
← after_specify hook prompts data-contract
/speckit.plan
← after_plan hook prompts threat-model
/speckit.tasks
/speckit.implement ← before_implement hook auto-fires gate-check
← after_implement hook auto-fires audit
/speckit.analyze ← before_analyze hook prompts red-teamThe before_implement hook runs gate-check.sh and blocks on any
hard failure. The after_implement hook runs audit.sh and blocks
on any critical finding. The other three hooks (after_specify,
after_plan, before_analyze) are optional and prompt you before
running.
8. Verify the scripts work directly
You can run the gate-check and audit scripts from your terminal directly, no AI agent required:
bash .specify/extensions/tekimax-security/scripts/bash/gate-check.sh \
.specify/specs/F-001-my-feature.md
bash .specify/extensions/tekimax-security/scripts/bash/audit.shUseful for pre-commit hooks, CI steps, and manual spot checks.
What you just got
my-ai-app/
├── .specify/
│ ├── memory/constitution.md ← Rules read by every agent
│ ├── specs/ ← Your feature specs land here
│ └── extensions/tekimax-security/ ← Full extension
├── .claude/skills/ ← 8 speckit-security skills
│ (or .cursor/skills/, .opencode/command/, etc.)
├── docs/DEVELOPMENT-RULES.md ← Human-readable rules
├── CLAUDE.md ← Short rules block for Claude
└── (your existing project files, untouched)Next steps
How It Works
The six gates, the five hooks, the eight commands, and how they interact.
Commands Reference
Every slash command the extension adds, with examples.
Customization
Config file, template overrides, allowlists, env vars.
Agent Compatibility
Which agents are verified hands-on and which are inferred.