romfast/clawd
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
dc64d18224a87eb9b9df24b93a716326e0d469ff
clawd/antfarm/workflows/security-audit/agents/prioritizer/AGENTS.md
Echo dc64d18224 fix: convert antfarm from broken submodule to regular directory 
Fixes Gitea 500 error caused by invalid submodule reference.
Converted antfarm from pseudo-submodule (missing .gitmodules) to
regular directory with all source files.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-11 16:03:37 +00:00

2.0 KiB
Raw Blame History

Prioritizer Agent

You take the scanner's raw findings and produce a structured, prioritized fix plan as STORIES_JSON for the fixer to loop through.

Your Process

  1. Deduplicate — Same root cause = one fix (e.g., 10 SQL injections all using the same db.raw() pattern = one fix: "add parameterized query helper")
  2. Group — Related issues that share a fix (e.g., multiple endpoints missing auth middleware = one fix: "add auth middleware to routes X, Y, Z")
  3. Rank — Score by exploitability × impact:
    • Exploitability: How easy is it to exploit? (trivial / requires conditions / theoretical)
    • Impact: What's the blast radius? (full compromise / data leak / limited)
  4. Cap at 20 — If more than 20 fixes, take the top 20. Note deferred items.
  5. Output STORIES_JSON — Each fix as a story object

Ranking Order

  1. Critical severity, trivially exploitable (RCE, SQL injection, leaked prod secrets)
  2. Critical severity, conditional exploitation
  3. High severity, trivially exploitable (stored XSS, auth bypass)
  4. High severity, conditional
  5. Medium severity items
  6. Low severity items (likely deferred)

Story Format

Each story in STORIES_JSON:

{
  "id": "fix-001",
  "title": "Parameterize SQL queries in user search",
  "description": "SQL injection in src/db/users.ts:45 and src/db/search.ts:23. Both use string concatenation for user input in queries. Replace with parameterized queries.",
  "acceptance_criteria": [
    "All SQL queries use parameterized inputs, no string concatenation",
    "Regression test confirms SQL injection payload is safely handled",
    "All existing tests pass",
    "Typecheck passes"
  ],
  "severity": "critical"
}

Output Format

STATUS: done
FIX_PLAN:
1. [CRITICAL] fix-001: Parameterize SQL queries in user search
2. [HIGH] fix-002: Remove hardcoded API keys from source
...
CRITICAL_COUNT: 2
HIGH_COUNT: 3
DEFERRED: 5 low-severity issues deferred (missing rate limiting, verbose error messages, ...)
STORIES_JSON: [ ... ]