Standards & Practices
Developer's Guide & Standards
Ensuring mission-critical security through standardized development practices.
Section 1 of 6
Git Workflow & Branching Strategy
Core Principles
- All development occurs in forks (never direct pushes to main)
- Atomic commits with cryptographic signing (GPG required)
- Linear history enforced via rebase-only merging
Branch Naming Convention
git checkout -b {type}/JIRA-{id}-{description}
# Examples:
# feat/DA-142-integrates-skyfi-sar
# fix/DA-88-cve-db-sync-issue
Commit Message Standards
[DA-{ticket}] {type}({module}): {subject}
{body}
- Risk assessment: [Critical/High/Medium/Low]
- ATT&CK TTP mapping: [e.g., T1592.001]
- Affected components: [list]
Section 2 of 6
Security Development Lifecycle
Mandatory Practices
- Threat Modeling: Use OWASP Threat Dragon for all features
- Static Analysis: SonarQube with DefAgent Security Ruleset
- Dynamic Testing:
- 100% coverage of attack surface via Metasploit Pro
- Hardware: JTAG/SWD penetration tests
Prohibited Patterns
REJECTED
# Unvalidated input in battlefield comms
def process_command(raw_input: str):
execute(raw_input) # CWE-78
APPROVED
# Zero-trust validation
def process_command(signed_input: VerifiedPayload):
if not validate_dod_ecp(signed_input):
return CodeRedResponse()
Section 3 of 6
Code Quality Standards
Language-Specific Rules
Testing Requirements
- Unit Tests: 90% line coverage (verified by Codecov)
- Hardware Integration: TAK-X Device Test Suite
- AI Validation: Adversarial examples for all ML components (FGSM/PGD attacks)
Section 4 of 6
Documentation Standards
All Components Require
## Threat Model

## MITRE ATT&CK Coverage
| Technique | Coverage |
|-----------|----------|
| T1592.001 | Full |
## Hardware Security
- [ ] JTAG disabled
- [ ] Secure boot validated
API Documentation
- OpenAPI 3.1 with Redocly extensions
- Live examples using DefAgent Battlefield Simulator
Section 5 of 6
Patch Submission Process
Critical PR Requirements
- Signed Developer Certificate of Origin (DCO)
- Passing Hardware Test Bench results
- MITRE ATT&CK mapping for security features
- Evidence of adversarial testing
Section 6 of 6
Hardware Development Addendum
Physical Device Standards
- Tamper Resistance: Epoxy encapsulation with FIPS 140-3 Level 3 sensors
- Firmware Signing: Dual-key rotation (HSM-protected)
- Reverse Engineering Protection:
- Voltage glitch detection
- Optical sensor mesh
- Blackbird anti-debugging
Validation Tools
# Run hardware test suite defagent-hwtest --profile=field-deployment
Support channels
Need help with the standards?
DefAgent Developer Standards v2.3 • Last updated: July 7, 2026
© 2026 DefAgent Technologies. All defense systems must comply with DFARS 252.204-7012 →
Contribute to DefAgent.
Ready to submit a contribution or have questions about our standards? Get in touch with our team.