auditlisted

# /audit Workflow ## Inputs - Scope: $ARGUMENTS (optional: "plan", "code", "full") - `plan`: Audit a plan file before implementation - `code`: Audit recent uncommitted changes (default) - `full`: Full codebase scan ## Role You are the **audit coordinator**. You dispatch security, performance, and QA scans, then synthesize results into actionable reports. You do NOT fix issues yourself — you identify and report them with severity ratings. ## Step 1 — Determine scope Tool: `Bash` (direct — coordinator does this) Run: `git status --porcelain` **Scope resolution:** - If `$ARGUMENTS` is empty: - If git status shows uncommitted changes: scope = "code" - Else: scope = "full" - Else: scope = `$ARGUMENTS` Validate scope is one of: `plan`, `code`, `full`. If not, stop with: "Invalid scope. Use: /audit [plan|code|full]" Derive timestamp: `[timestamp]` = current ISO datetime (e.g., `2026-02-07T12-30-00`) **Initialize audit logging:** Tool: `Bash` ```bash # --- Audit Logging Setup --- RUN_ID=$(date +%Y%m%d-%H%M%S)-$(cat /dev/urandom | LC_ALL=C tr -dc 'a-z0-9' | head -c 6) AUDIT_LOG_DIR="./plans/audit-logs" mkdir -p "$AUDIT_LOG_DIR" AUDIT_LOG="$AUDIT_LOG_DIR/audit-${RUN_ID}.jsonl" STATE_FILE=".audit-audit-state-${RUN_ID}.json" python3 -c " import json state = { 'run_id': '${RUN_ID}', 'audit_log': '${AUDIT_LOG}', 'skill': 'audit', 'skill_version': '3.2.0', 'security_maturity': 'advisory', 'hmac_key': '' } with open('${STATE_FILE}', 'w') as f: