audit_issue_local_iter.yaml

# SPDX-FileCopyrightText: GitHub, Inc.
# SPDX-License-Identifier: MIT

seclab-taskflow-agent:
  filetype: taskflow
  version: "1.0"
model_config: seclab_taskflows.configs.model_config

globals:
  repo:
  use_advisory:
# Taskflow to audit some potential issues.
taskflow:
  - task:
      must_complete: true
      exclude_from_context: true
      agents:
        - seclab_taskflow_agent.personalities.assistant
      model: general_tasks
      user_prompt: |
        Fetch all component issues for the repo {{ globals.repo }} using the get_component_issues_for_repo tool.
      toolboxes:
        - seclab_taskflows.toolboxes.repo_context
  - task:
      must_complete: false
      max_steps: 100
      repeat_prompt: true
      async: true
      agents:
        - seclab_taskflows.personalities.web_application_security_expert
      model: code_analysis
      user_prompt: |
        The issue is in repo {{ result.repo }} with id {{ result.issue_id }}. The component is under the directory
        {{ result.location }} with component_id {{ result.component_id }}. The notes of the component is:

        {{ result.component_notes }}
        
        You should use this to understand the intended purpose of the component and take it into account when
        you audit the issue.

        The type of the issue is {{ result.issue_type }} and here is the notes of the issue:

        {{ result.issue_notes }}

        {% if globals.use_advisory == 'true' %}
        {% include 'seclab_taskflows.prompts.audit.known_security_advisories' %}
        {% endif %}

        {% include 'seclab_taskflows.prompts.audit.audit_issue' %}
      toolboxes:
        - seclab_taskflows.toolboxes.repo_context
        - seclab_taskflows.toolboxes.local_file_viewer
        - seclab_taskflows.toolboxes.ghsa