auto-audit

auto-audit

An autonomous security auditor for Claude Code. Point it at a GitHub repo; it scans for security vulnerabilities, triages false positives, writes a proof of concept, fixes each confirmed bug in its own PR, independently reviews the fix, and merges when the review is clean. It keeps doing that until the queue is drained, then rescans, until you stop it or the session ends.

Quick install

auto-audit is available from the wrxck-claude-plugins marketplace. From Claude Code:

/plugin marketplace add wrxck/claude-plugins
/plugin install auto-audit@wrxck-claude-plugins

Full requirements and alternative install paths are in the Install section below.

How it works

1. /auto-audit:start <repo>
2. init workspace -> audit-security (subagent scans repo) -> findings queue
3. /loop /auto-audit:tick -> pick next pending finding

one lifecycle stage per tick:
    discovered      -> triaging     (security-triage subagent)
    triaging        -> confirmed or false_positive
    confirmed       -> poc_written  (poc-builder subagent)
    poc_written     -> fix_committed (security-fixer subagent; new branch, commit)
    fix_committed   -> pr_opened   (branch push + gh pr create)
    pr_opened       -> reviewing   (security-reviewer subagent, independent, no prior context)
    reviewing       -> pr_approved or pr_rejected
    pr_approved     -> merged      (gh pr merge --squash; if merge_policy=auto)
    pr_approved     -> skipped     (if merge_policy=manual; left for a human to merge)
    pr_rejected     -> confirmed   (fixer gets another go, bounded by max_fix_iterations)

tick ends after one stage; the /loop invokes it again.

Each tick advances exactly one finding by one stage. That makes the loop cheap to interrupt and makes the independent-review checkpoint a real checkpoint rather than theatre.

Commands

Command	Purpose
/auto-audit:start <repo> [modules=security] [policy=manual|auto]	Clone, scan, start the loop (policy defaults to manual). If another audit is already active, repoints the active pointer to the new repo; the previous repo's state stays on disk.
/auto-audit:tick	Advance one finding by one stage. Normally the /loop calls this for you.
/auto-audit:status [--all | <slug>]	Status of the active repo by default. Pass a slug for a specific repo, or --all for a one-line summary across every repo.
/auto-audit:resume [slug]	Resume after /auto-audit:stop or session restart. Eagerly recovers any findings stuck mid-tick.
/auto-audit:stop [slug]	Drop the active-repo pointer; press Esc to cancel the /loop. Pass a slug to scope which repo to stop.
/auto-audit:report [--all | <slug>]	Generate a self-contained HTML audit report (summary stats, per-finding detail, full activity log). Output at ${repo_dir}/reports/<timestamp>.html. Print-friendly so PDF / DOCX / PPTX conversion via weasyprint / chromium / pandoc is a one-shot follow-up.
/auto-audit:feedback <kind> <note> [json-extra]	Record operator feedback against the active repo. Kinds: fix_pattern_rejected, fix_pattern_approved, human_revert, triage_override, reviewer_disagreed, note. Triager and fixer subagents read the log on every future tick and weigh past entries; the reviewer does not read it to preserve independent-review.

Arguments

• repo — GitHub URL (https://github.com/owner/name, [email protected]:owner/name.git) or shorthand owner/name.
• modules — comma-separated. Today only security is implemented.
• policy:
  • manual (default) — stop at pr_approved and mark the finding skipped. A human must merge.
  • auto — merge each PR automatically after an independent reviewer approves. Opt-in only; see the Security section before enabling.

audit_library_surface config flag

Set to true in ${AUTO_AUDIT_DATA}/repos/<slug>/config.json to make the triager treat publicly-exported but currently-uncalled API surface as confirmed rather than false_positive. Default is false (only flag exploitable runtime paths). Use true for libraries / SDKs / shared modules where future callers cannot be assumed safe; use false for application code where reachability is fully knowable. Severity of library-surface findings is automatically dropped one tier (e.g. critical → medium) since exploitability requires a future caller. The flag exists because triagers running independently kept disagreeing on the same dead-code question, flipping verdict run-to-run; codifying it makes the posture explicit and reproducible.

Design choices worth knowing