// Inline orchestration workflow for security vulnerability detection and remediation with Beads integration. Provides step-by-step phases for security-scanner detection, priority-based fixing with vulnerability-fixer, and verification cycles.
Inline orchestration workflow for dead code detection and removal with Beads integration. Provides step-by-step phases for dead-code-hunter detection, priority-based cleanup with dead-code-remover, and verification cycles.
Inline orchestration workflow for dependency audit and updates with Beads integration. Provides step-by-step phases for dependency-auditor detection, priority-based updates with dependency-updater, and verification cycles.
Process error logs from admin panel - fetch new errors, analyze, create tasks, fix, and mark resolved
Inline orchestration workflow for code duplication detection and consolidation with Beads integration. Provides step-by-step phases for reuse-hunter detection, priority-based consolidation with reuse-fixer, and verification cycles.
Comprehensive software architecture skill for designing scalable, maintainable systems using ReactJS, NextJS, NodeJS, Express, React Native, Swift, Kotlin, Flutter, Postgres, GraphQL, Go, Python. Includes architecture diagram generation, system design patterns, tech stack decision frameworks, and dependency analysis. Use when designing system architecture, making technical decisions, creating architecture diagrams, evaluating trade-offs, or defining integration patterns.
Guide frontend design decisions to create distinctive, creative UIs that avoid generic AI-generated aesthetics. Use when building UI components, designing layouts, selecting colors/fonts, or implementing animations.
| name | security-health-inline |
| description | Inline orchestration workflow for security vulnerability detection and remediation with Beads integration. Provides step-by-step phases for security-scanner detection, priority-based fixing with vulnerability-fixer, and verification cycles. |
| version | 3.0.0 |
You ARE the orchestrator. Execute this workflow directly without spawning a separate orchestrator agent.
Beads Init → Detection → Create Issues → Fix by Priority → Close Issues → Verify → Beads Complete
Max iterations: 3 Priorities: critical → high → medium → low Beads integration: Automatic issue tracking
Setup directories:
mkdir -p .tmp/current/{plans,changes,backups}
Validate environment:
package.json existstype-check and build scripts existCreate Beads wisp:
bd mol wisp exploration --vars "question=Security vulnerability scan"
IMPORTANT: Save the wisp ID (e.g., mc2-xxx) for later use.
Initialize TodoWrite:
[
{"content": "Security scan", "status": "in_progress", "activeForm": "Scanning for vulnerabilities"},
{"content": "Create Beads issues", "status": "pending", "activeForm": "Creating issues"},
{"content": "Fix critical vulnerabilities", "status": "pending", "activeForm": "Fixing critical vulnerabilities"},
{"content": "Fix high priority vulnerabilities", "status": "pending", "activeForm": "Fixing high vulnerabilities"},
{"content": "Fix medium priority vulnerabilities", "status": "pending", "activeForm": "Fixing medium vulnerabilities"},
{"content": "Fix low priority vulnerabilities", "status": "pending", "activeForm": "Fixing low vulnerabilities"},
{"content": "Verification scan", "status": "pending", "activeForm": "Verifying fixes"},
{"content": "Complete Beads wisp", "status": "pending", "activeForm": "Completing wisp"}
]
Invoke security-scanner via Task tool:
subagent_type: "security-scanner"
description: "Detect all vulnerabilities"
prompt: |
Scan the entire codebase for security vulnerabilities:
- SQL injection
- XSS vulnerabilities
- Authentication/authorization issues
- RLS policy violations
- Hardcoded secrets
- Insecure dependencies
- Categorize by priority (critical/high/medium/low)
Generate: security-scan-report.md
Return summary with vulnerability counts per priority.
After security-scanner returns:
security-scan-report.mdFor each vulnerability found, create a Beads issue:
# Critical (P0) - Security critical gets highest priority
bd create "SECURITY: {vuln_title}" -t bug -p 0 -d "{description}" \
--deps discovered-from:{wisp_id}
# High (P1)
bd create "SECURITY: {vuln_title}" -t bug -p 1 -d "{description}" \
--deps discovered-from:{wisp_id}
# Medium (P2)
bd create "SECURITY: {vuln_title}" -t bug -p 2 -d "{description}" \
--deps discovered-from:{wisp_id}
# Low (P3)
bd create "SECURITY: {vuln_title}" -t bug -p 3 -d "{description}" \
--deps discovered-from:{wisp_id}
Add security label:
bd update {issue_id} --add-label security
Track issue IDs in a mapping for later closure.
Update TodoWrite: mark "Create Beads issues" complete.
Run inline validation:
pnpm type-check
pnpm build
For each priority (critical → high → medium → low):
Check if vulnerabilities exist for this priority
Update TodoWrite: mark current priority in_progress
Claim issues in Beads:
bd update {issue_id} --status in_progress
Invoke vulnerability-fixer via Task tool:
subagent_type: "vulnerability-fixer"
description: "Fix {priority} vulnerabilities"
prompt: |
Read security-scan-report.md and fix all {priority} priority vulnerabilities.
For each vulnerability:
1. Backup file before editing
2. Implement fix
3. Log change to .tmp/current/changes/security-changes.json
Generate/update: security-fixes-implemented.md
Return: count of fixed vulnerabilities, count of failed fixes, list of fixed vuln IDs.
Quality Gate (inline):
pnpm type-check
pnpm build
Close fixed issues in Beads:
bd close {issue_id_1} {issue_id_2} ... --reason "Security fix applied"
Update TodoWrite: mark priority complete
Repeat for next priority
After all priorities fixed:
Update TodoWrite: mark verification in_progress
Invoke security-scanner (verification mode):
subagent_type: "security-scanner"
description: "Verification scan"
prompt: |
Re-scan codebase after fixes.
Compare with previous security-scan-report.md.
Report:
- Vulnerabilities fixed (count)
- Vulnerabilities remaining (count)
- New vulnerabilities introduced (count)
Decision:
Complete Beads wisp:
# If all fixed
bd mol squash {wisp_id}
# If nothing found
bd mol burn {wisp_id}
Create issues for remaining vulnerabilities (if any):
bd create "SECURITY REMAINING: {vuln_title}" -t bug -p {priority} \
-d "Not fixed in scan. REQUIRES MANUAL ATTENTION. See security-scan-report.md"
bd update {new_issue_id} --add-label security
Generate summary for user:
## Security Health Check Complete
**Wisp ID**: {wisp_id}
**Iterations**: {count}/3
**Status**: {SUCCESS/PARTIAL}
### Results
- Found: {total} vulnerabilities
- Fixed: {fixed} ({percentage}%)
- Remaining: {remaining}
### By Priority
- Critical: {fixed}/{total}
- High: {fixed}/{total}
- Medium: {fixed}/{total}
- Low: {fixed}/{total}
### Beads Issues
- Created: {count}
- Closed: {count}
- Remaining: {count} (SECURITY LABEL - requires attention)
### Validation
- Type Check: {status}
- Build: {status}
### Artifacts
- Detection: `security-scan-report.md`
- Fixes: `security-fixes-implemented.md`
Update TodoWrite: mark wisp complete
SESSION CLOSE PROTOCOL:
git status
git add .
bd sync
git commit -m "security: {fixed} vulnerabilities fixed ({wisp_id})"
bd sync
git push
If quality gate fails:
Rollback available: .tmp/current/changes/security-changes.json
To rollback:
1. Read changes log
2. Restore files from .tmp/current/backups/
3. Re-run workflow
If worker fails:
If Beads command fails:
| Phase | Beads Action |
|---|---|
| 1. Pre-flight | bd mol wisp exploration |
| 3. After detection | bd create + --add-label security |
| 5. Before fix | bd update --status in_progress |
| 5. After fix | bd close --reason "Fixed" |
| 7. Complete | bd mol squash/burn |
| 7. Remaining | bd create with security label |