mirror of
https://github.com/mblanke/Goose-Core.git
synced 2026-03-01 14:10:22 -05:00
58 lines
1.3 KiB
Markdown
58 lines
1.3 KiB
Markdown
# Bad Examples (What Not to Do)
|
|
|
|
This document exists to prevent common mistakes by humans and AI agents.
|
|
If something resembles an example below, it is likely wrong.
|
|
|
|
---
|
|
|
|
## Bad Example: Duplicate Concepts
|
|
|
|
❌ Defining a new "Issue", "Signal", or "Event" object inside an app
|
|
✅ Use Finding or Alert as defined in goose-core
|
|
|
|
---
|
|
|
|
## Bad Example: Hidden Alerts
|
|
|
|
❌ Treating high-severity findings as implicit alerts
|
|
❌ Triggering actions without explicit alert creation
|
|
✅ Alerts are explicit and traceable
|
|
|
|
---
|
|
|
|
## Bad Example: Analysis in GooseStrike
|
|
|
|
❌ Adding detection or correlation logic to GooseStrike
|
|
✅ GooseStrike consumes analysis, it does not perform it
|
|
|
|
---
|
|
|
|
## Bad Example: Execution in ThreatHunt
|
|
|
|
❌ Triggering tools, scripts, or remediation from ThreatHunt
|
|
✅ ThreatHunt analyzes and explains only
|
|
|
|
---
|
|
|
|
## Bad Example: UI Drift
|
|
|
|
❌ Different severity colors per application
|
|
❌ Different table behavior per application
|
|
✅ Shared UX patterns apply everywhere
|
|
|
|
---
|
|
|
|
## Bad Example: Over-Automation
|
|
|
|
❌ Autonomous action without review
|
|
❌ Long-running background agents acting independently
|
|
✅ Human intent and approval are always present
|
|
|
|
---
|
|
|
|
## Bad Example: Breaking Contracts
|
|
|
|
❌ Adding fields to Findings without updating goose-core
|
|
❌ Ignoring shared terminology
|
|
✅ Shared contracts are authoritative
|