13 lines
1.4 KiB
Plaintext
13 lines
1.4 KiB
Plaintext
|
{
|
||
|
|
"enabled": true,
|
||
|
|
"name": "Security Audit Tracker",
|
||
|
|
"description": "Manually triggered to scan the codebase for security issues and maintain a living audit tracker document. Prompts for scan scope (full repo or specific path) and mode (report only or report + update tracker). Invokes the security-audit-tracker agent for static analysis and doc tracking.",
|
||
|
|
"version": "1",
|
||
|
|
"when": {
|
||
|
|
"type": "userTriggered"
|
||
|
|
},
|
||
|
|
"then": {
|
||
|
|
"type": "askAgent",
|
||
|
|
"prompt": "You are the Security Audit Tracker agent. Follow the instructions in `.kiro/agents/security-audit-tracker.md` exactly.\n\nAsk the user to provide the following two inputs:\n\n1. **Scope:** \"full repo\" to scan the entire codebase, or a specific path/module to focus on (e.g. `backend/routes/`, `frontend/src/components/`, `backend/helpers/ivantiApi.js`)\n2. **Mode:** \"scan only\" (report findings to chat, no file writes) or \"scan + update tracker\" (report findings and merge them into the tracker doc at `docs/security-audit-tracker.md`)\n\nOnce you have both inputs, follow the full diagnostic and tracking workflow described in `.kiro/agents/security-audit-tracker.md`: determine scope, check for the tracker doc (create it if missing), scan for the security failure modes listed in the agent spec, cross-reference against previously tracked findings, and output a prioritised report. In \"scan + update tracker\" mode, also merge findings into the tracker doc and update its metadata."
|
||
|
|
}
|
||
|
|
}
|