Skip to main content

/bluespec.harden

🔧 Apply the plan's fixes to your code, safely and one at a time.

Depends on plan, and changes your code

Harden builds on /bluespec.plan. It is the one phase that changes your code.

Run it​

/bluespec.harden

How it works​

The plan already decided each fix, so harden just applies it. Since this is the one phase that touches your code, it goes carefully: it shows you each change and asks first, applies one fix at a time so every change stays easy to review, and never weakens a control to make a fix fit. For example, the upload fix:

  • File uploads (Status: Applied)
    • What changed: checks the file's real type and size, rejects anything unexpected, renames it on save, and stores it where it cannot be run as code.
    • Where: the handleUpload function, plus the storage helper it calls.

If a fix cannot be fully applied, harden does what it safely can and marks the rest Partial or Blocked, leaving it open.

Applied is not verified

Applied does not mean proven yet. That is what verify is for.

tip
  • It builds entirely on the plan. If a fix or file was never planned, it tells you to run /bluespec.plan on it first.
  • It confirms before changing anything and never makes a destructive change without asking.
  • Running it again reconciles the record: reverted changes drop off, newly applied fixes come in.
  • The hardening record lives in .bluespec/memory/harden.md.

Next​

Prove each fix holds: /bluespec.verify.