forked from fa/breadcrumb-the-shire
Moves the agent workflow system from agent-system/ to .agents/ (dotfile convention). Restructured from 5-role to 7-role pipeline: adds Analyst and splits Reviewer into Code Reviewer + Security Reviewer. Removes all old workflow run artifacts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
62 lines
1.8 KiB
JSON
62 lines
1.8 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"title": "Security Reviewer Output",
|
|
"type": "object",
|
|
"required": ["task_id", "verdict", "checked_guard_ids", "findings"],
|
|
"properties": {
|
|
"task_id": { "type": "string", "minLength": 1 },
|
|
"verdict": { "type": "string", "enum": ["pass", "fail"] },
|
|
"checked_guard_ids": {
|
|
"type": "array",
|
|
"minItems": 1,
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^GR-SEC-[0-9]{3}$"
|
|
}
|
|
},
|
|
"findings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": ["id", "severity", "rule_ref", "summary", "file"],
|
|
"properties": {
|
|
"id": { "type": "string", "minLength": 1 },
|
|
"severity": {
|
|
"type": "string",
|
|
"enum": ["low", "medium", "high", "critical"],
|
|
"description": "critical=exploitable in prod, high=likely exploitable, medium=defense-in-depth gap, low=minor hardening"
|
|
},
|
|
"rule_ref": {
|
|
"type": "string",
|
|
"pattern": "^GR-SEC-[0-9]{3}$"
|
|
},
|
|
"summary": { "type": "string", "minLength": 1 },
|
|
"file": { "type": "string", "minLength": 1 },
|
|
"line_range": { "type": "string", "description": "e.g. '42-58'" },
|
|
"fix_required": { "type": "string" }
|
|
},
|
|
"additionalProperties": false
|
|
}
|
|
}
|
|
},
|
|
"allOf": [
|
|
{
|
|
"if": {
|
|
"properties": {
|
|
"findings": {
|
|
"contains": {
|
|
"type": "object",
|
|
"properties": { "severity": { "enum": ["critical", "high"] } },
|
|
"required": ["severity"]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"then": {
|
|
"properties": { "verdict": { "const": "fail" } }
|
|
}
|
|
}
|
|
],
|
|
"additionalProperties": false
|
|
}
|