workflows/security_audit_fix.yaml

name: "Security Audit & Fix"
description: "Comprehensive security audit with automated fixes and verification"

steps:
  - id: audit
    agent: gemini
    task: "Perform a security audit on {{ code_path }}. List all vulnerabilities found with severity levels."
    output: vulnerabilities
    description: "Scan code for security issues"

  - id: review
    agent: claude
    task: "Review these security vulnerabilities and prioritize them by severity: {{ vulnerabilities }}. Provide a detailed action plan."
    output: action_plan
    condition: "{{ vulnerabilities | length > 0 }}"
    description: "Prioritize and plan fixes"

  - id: implement_fixes
    agent: claude
    task: "Implement fixes for these security issues: {{ action_plan }}"
    output: fixes
    condition: "{{ action_plan | length > 0 }}"
    description: "Implement security fixes"

  - id: verify
    agent: gemini
    task: "Re-audit the code to verify all security fixes were applied correctly. Previous issues: {{ vulnerabilities }}"
    output: verification_result
    condition: "{{ fixes | length > 0 }}"
    description: "Verify fixes resolved issues"

  - id: commit
    agent: aider
    task: "Create a git commit with message: 'security: {{ action_plan }}'. Include all changes made in this security fix."
    output: commit_hash
    condition: "{{ verification_result | length > 0 }}"
    description: "Commit security fixes"

metadata:
  category: security
  difficulty: intermediate
  estimated_duration: 300
  tags:
    - security
    - audit
    - automated-fixes