Skip to content

[Extension]: Add brownkit #2510

Open
Open
[Extension]: Add brownkit#2510
@MaksimShevtsov

Description

@MaksimShevtsov
MaksimShevtsov
opened on May 10, 2026

Extension ID

brownkit

Extension Name

BrownKit — Brownfield Discovery for Spec-Kit

Version

1.0.1

Description

Evidence-driven capability discovery, security and QA risk assessment for existing codebases.

Author

Maksim Shautsou

Repository URL

https://github.com/MaksimShevtsov/BrownKit

Download URL

https://github.com/MaksimShevtsov/BrownKit/archive/refs/tags/v1.0.1.zip

License

MIT

Homepage (optional)

https://github.com/MaksimShevtsov/BrownKit/blob/main/README.md

Documentation URL (optional)

https://github.com/MaksimShevtsov/BrownKit/blob/main/README.md

Changelog URL (optional)

https://github.com/MaksimShevtsov/BrownKit/blob/main/CHANGELOG.md

Required Spec Kit Version

=0.1.0

Required Tools (optional)

  • python (>=3.8) - optional (used by core helper scripts; bash shims work without it)
  • bash - optional (shims; PowerShell equivalents are also provided)

Number of Commands

10

Number of Hooks (optional)

5

Tags

brownfield, discovery, security, qa, capabilities

Key Features

  • Evidence-driven brownfield capability discovery using the EDCR (Evidence-Driven Capability Recognition) methodology
  • Full ten-command pipeline: init → scan → discover → report → assess → generate → finish
  • STRIDE threat modeling with QA risk scoring and unified risk assessment
  • Three continuous-use commands: enrich (surface capability context before specify/clarify), gate (check open threats before implementation), validate (check acceptance criteria against evidence tree)
  • Five lifecycle hooks: before_specify, before_clarify, before_implement, after_implement, before_constitution
  • Six helper scripts (Python core + bash + PowerShell shims): detect-stack, list-manifests, parse-coverage, find-secrets, git-churn, validate-evidence

Testing Checklist

  • Extension installs successfully via download URL
  • All commands execute without errors
  • Documentation is complete and accurate
  • No security vulnerabilities identified
  • Tested on at least one real project

Submission Requirements

  • Valid extension.yml manifest included
  • README.md with installation and usage instructions
  • LICENSE file included
  • GitHub release created with version tag
  • All command files exist and are properly formatted
  • Extension ID follows naming conventions (lowercase-with-hyphens)

Testing Details

Tested on:

  • Linux (WSL2) with Spec Kit v0.1.x

Test project: Real Python/FastAPI codebase

Test scenarios:

  1. Installed extension via specify extension add brownkit --from <download_url>
  2. Ran the full EDCR pipeline (init → scan → discover → report → assess → generate → finish) on a real codebase
  3. Verified all ten commands load and produce expected outputs
  4. Confirmed all five hooks fire at the correct lifecycle points
  5. Ran all six helper scripts against the sample fixture under docs/examples/

Example Usage

# Install
specify extension add brownkit --from https://github.com/MaksimShevtsov/BrownKit/archive/refs/tags/v1.0.1.zip

# Initialize brownfield project context
/speckit.brownkit.init

# Scan for capability, security, and QA signals
/speckit.brownkit.scan

# Discover and verify capabilities; build domain model
/speckit.brownkit.discover

# Generate stakeholder, architect, and SDET reports
/speckit.brownkit.report

# STRIDE threat modeling + QA risk scoring
/speckit.brownkit.assess

# Generate AI contexts, security prompts, and spec seeds
/speckit.brownkit.generate

# Validate acceptance criteria and package deliverables
/speckit.brownkit.finish

Proposed Catalog Entry

{
  "id": "brownkit",
  "name": "BrownKit — Brownfield Discovery for Spec-Kit",
  "description": "Evidence-driven capability discovery, security and QA risk assessment for existing codebases.",
  "author": "Maksim Shautsou",
  "version": "1.0.1",
  "download_url": "https://github.com/MaksimShevtsov/BrownKit/archive/refs/tags/v1.0.1.zip",
  "repository": "https://github.com/MaksimShevtsov/BrownKit",
  "homepage": "https://github.com/MaksimShevtsov/BrownKit/blob/main/README.md",
  "documentation": "https://github.com/MaksimShevtsov/BrownKit/blob/main/README.md",
  "changelog": "https://github.com/MaksimShevtsov/BrownKit/blob/main/CHANGELOG.md",
  "license": "MIT",
  "requires": {
    "speckit_version": ">=0.1.0"
  },
  "provides": {
    "commands": 10,
    "hooks": 5
  },
  "tags": ["brownfield", "discovery", "security", "qa", "capabilities"],
  "verified": false,
  "downloads": 0,
  "stars": 0,
  "created_at": "2026-05-10T00:00:00Z",
  "updated_at": "2026-05-10T00:00:00Z"
}

Additional Context

BrownKit packages the EDCR (Evidence-Driven Capability Recognition) brownfield methodology as a Spec Kit extension. It is designed for teams who need to understand an existing codebase before writing specifications — surfacing capabilities, security threats, and QA risk before any feature work begins.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions