Full audit-fix-commit pipeline — audit → save report → fix approved findings → verify → commit batches
Orchestrator for full audit-fix-commit pipeline. Execute steps in order. No skipping. No commit without explicit user approval.
Spawn auditor agent via Agent tool with exact instruction:
Run phases 1-3 of your audit workflow (Automated Checks, Manual Review, Report). Do NOT proceed to Phase 4 or beyond — stop after producing the report. Save the full structured report to
audit-report.mdin the project root, then return a brief summary of findings (count by severity: BLOCKER / MAJOR / MINOR / NIT).
Wait for agent return before continuing.
Read audit-report.md. Mark ALL findings (BLOCKER, MAJOR, MINOR, NIT) for engineer delegation. No user interaction. Zero findings → jump to Step 5.
Spawn agent via Agent tool. Pass ALL approved findings in one bundle:
engineeraudit-report.md)Wait for engineer return. Read changed files to confirm fixes applied.
Run full verification pipeline per CLAUDE.md § Verification:
pnpm checkpnpm typecheck (if src/, tests/, or config files changed)pnpm test (same condition)pnpm sonar (same condition)cd telemetry-backend && pnpm typecheck && pnpm test (if telemetry-backend/ changed)Any step fails: STOP. Report failure. No commit. User resolves and re-invokes.
Run git diff --stat HEAD and git diff HEAD. Nothing changed → report "no changes to commit" and stop.
Group changes into logical conventional commit batches:
fix(config):, refactor(appliance):, etc.)Present proposed batches with:
Wait for explicit user approval before committing. User may adjust grouping, edit messages, or drop batches.
Per approved batch, in order:
Never git push. Leave to user.
After all commits: one-line summary (N commits, N findings fixed).