← Skills Library
Audit & Review

Audit Swarm Resolve

Resolve open audit findings by dispatching parallel fix agents. Reads audit reports, fixes P0→P1→P2 issues, runs tests, creates PRs, and updates audit docs.

How It Works

Audit Swarm Resolve · Workflow
One fix agent per project resolves findings, tests, and opens PRs.
TriggerResolve audit findings · One project or all projects with open items
1
Survey open items
Scan code-audits/*/MASTER-SUMMARY.md for unresolved P0/P1/P2
2One fix agent per projectPARALLEL
Fix Agent · project A
Fixes P0→P1→P2, runs tests, marks status
Fix Agent · project B
Minimal fixes · wont-fix needs a decision
Fix Agent · project N
Updates MASTER-SUMMARY, commits per finding
Parallel · never split a project
3
Tests + status verifiedGATE
No rows left open · full suite green per project
failSend the fix agent back to finish
4
Review and merge
Verify fixes minimal · CI green · merge or request corrections
One PR per project · Audit findings resolved · MASTER-SUMMARY marked fixed/wont-fix
  1. Resolve audit findings: One project or all projects with open items
  2. Survey open items: Scan code-audits/*/MASTER-SUMMARY.md for unresolved P0/P1/P2
  3. One fix agent per project
  4. Tests + status verified: No rows left open · full suite green per project
  5. Review and merge: Verify fixes minimal · CI green · merge or request corrections
  6. One PR per project: Audit findings resolved · MASTER-SUMMARY marked fixed/wont-fix
ↆ download card

Invocation Triggers

/audit-swarm-resolveresolve auditfix auditresolve all audits

Use Cases

  • Clear the backlog of open audit findings across all projects
  • Fix P0/P1 security or quality issues after an audit run
  • Systematic resolution with parallel fix agents per project

The Problem

An audit report is worthless if nobody works it. The MASTER-SUMMARY sits in code-audits/ with thirty open findings, and every week the list gets longer because resolving it by hand means context-switching across security, architecture, and test gaps one file at a time. Worse, an undisciplined fix run skips the ordering, refactors surrounding code it was never asked to touch, and marks findings resolved when the tests merely still pass.

What It Does

  1. 1
    Survey open items

    Scan every code-audits/*/MASTER-SUMMARY.md and count rows that are not yet marked fixed or wont-fix. With --status, it prints the open-item table per project and stops without touching anything.

  2. 2
    Dispatch one fix agent per project

    Each project with open findings gets exactly one fix agent, in parallel. One agent per project is a hard rule — cross-project agents cause merge conflicts and cross-contaminate test results, making the resolution untraceable.

  3. 3
    Fix in strict P0 to P2 order

    Each agent reads the file:line, understands the root cause, and applies a minimal fix — no refactoring surrounding code. Order is strict: a P0 fix can invalidate a P1/P2 in related code, so the sequence is never skipped.

  4. 4
    Verify and mark wont-fix honestly

    Tests run after each fix to confirm no regression. Findings that need a product decision or are out of scope get marked wont-fix with the exact reason — never a partial fix dressed up as resolved, which just hides the issue from the next audit.

  5. 5
    Update the summary and open a PR

    Each finding's status flips from open to fixed or wont-fix in MASTER-SUMMARY.md, the full suite runs, and the agent opens one PR per project titled for the audit resolution. It reports findings fixed, findings deferred, and the PR link.

  6. 6
    Review and merge

    You review each PR for correct, minimal fixes, confirm CI is green — not just local runs — and merge or request corrections. The skill stops at the PR; the merge decision stays with you.

What You Get / What It Doesn't Do

What you get
  • One PR per project resolving its open audit findings
  • P0, P1, and P2 fixes applied in strict priority order, minimally scoped
  • Test runs confirming no regression on each fix
  • MASTER-SUMMARY.md updated to fixed or wont-fix on every row
  • A report per project of findings fixed, findings deferred, and the PR link
What it doesn't do
  • Auto-merge the fix PRs — you review and merge each one
  • Split one project across multiple agents — one agent per project, always
  • Refactor surrounding code — fixes are minimal and scoped to the finding
  • Mark a finding resolved just because tests pass — the actual issue must be addressed

Tips

Tests passing is not correctness

Green tests prove no regression, not that the finding is fixed. Verify the specific vulnerability or issue described in the row is actually addressed, not just that surrounding tests stayed green.

Wont-fix beats a partial fix

If a finding needs a product decision, mark it wont-fix with the exact decision needed. A half-fix that looks resolved hides the open issue from the next audit cycle.

One agent per project, no exceptions

Cross-project fix agents collide on merges and cross-contaminate test results. The one-agent-per-project rule is what keeps every resolution traceable to its own PR.

Get the Skill

Elite SkillELITE

Unlock the full Audit Swarm Resolve SKILL.md — drop it into ~/.claude/skills/ and trigger it by name.

What you unlock
  • One PR per project resolving its open audit findings
  • P0, P1, and P2 fixes applied in strict priority order, minimally scoped
  • Test runs confirming no regression on each fix
  • MASTER-SUMMARY.md updated to fixed or wont-fix on every row
...

Commonly Used With

Audit & ReviewAudit SwarmComprehensive multi-agent code audit. Dispatches domain-specialized agents in parallel, writes findings to structured reports, and creates tickets for P0/P1 issues.
Skills Library

29 more production skills ready to install.

Browse All Skills