Audit Remediation Skill

ROOT AGENT ONLY - Called by /audit command after user approves fixes.

Purpose: Apply approved remediation actions to fix audit violations

Trigger: After user selects remediation options in resolution phase

Input:

remediation_plan[] - approved fixes from resolution phase
templates - updated templates from template-update skill
repoType - repository type (library/consumer)

Output:

applied_fixes[] - list of fixes applied successfully
failed_fixes[] - list of fixes that failed with errors
files_modified[] - list of files changed
summary - remediation results for report

Workflow Steps

1. Parse Remediation Plan

Extract fix metadata from remediation_plan
Group by type: config, template, code, file-creation
Determine which agents/skills to invoke
Build execution queue ordered by dependency

2. For Each Approved Remediation:

Remediation Type	Agent/Skill	Action
Config file update	Domain-specific config agent	Apply template to config file, re-audit
Template sync	File write (templates/)	Copy updated template to correct location
Code fix	coder-agent	Apply code changes, validate syntax
File creation	template-based	Create file from template with vars

3. Execute Fixes in Order

For each fix in remediation_plan:

  a. Identify target file location
  b. Determine remediation type
  c. Apply fix using appropriate agent/tool
  d. Validate fix was applied:
     - File exists and contains expected content
     - No syntax errors introduced
     - Related configs still valid
  e. Track result (success/failure/warning)

4. Handle Failures Gracefully

If fix fails: record error, continue with remaining fixes
Do NOT stop on first failure (batch all possible fixes)
Collect failure messages for user review

5. Track All Modifications

Record each file modified with before/after state
Note remediation type and agent used
Track applied_fixes vs failed_fixes separately

6. Return Summary

{
  "applied_fixes": [
    {
      "type": "config",
      "file": ".eslintrc.js",
      "agent": "eslint-agent",
      "status": "success"
    }
  ],
  "failed_fixes": [
    {
      "type": "code",
      "file": "src/auth.ts",
      "agent": "coder-agent",
      "error": "Syntax validation failed: unexpected token"
    }
  ],
  "files_modified": 5,
  "summary": "Applied 7/8 fixes. 1 fix failed - requires manual review."
}

Remediation Type Patterns

Config File Update

Pattern:

Spawn appropriate config agent with template
Agent validates template applies correctly
Agent writes config to correct location
Agent runs self-audit on new config
Track success/failure

Example:

Remediation: Fix .eslintrc.js
→ Spawn eslint-agent with template
→ Agent validates and applies
→ Agent audits result
→ Track: "config/.eslintrc.js: success"

Template Sync

Pattern:

Copy template from remediation_plan to correct location
Validate file was written
No further validation needed (metadata updated, not functional change)

Example:

Remediation: Sync TypeScript template
→ Copy plugins/metasaver-core/skills/config/workspace/typescript-configuration/templates/...
→ to packages/web/tsconfig.json
→ Track: "template-sync/tsconfig.json: success"

Code Fix

Pattern:

Spawn coder-agent with specific fix description
Agent applies code changes to file
Validate syntax (no parse errors)
Run relevant linting/formatting
Track success/failure with error messages

Example:

Remediation: Fix missing error handling in auth.ts
→ Spawn coder-agent with fix description
→ Agent modifies file
→ Validate TypeScript: pnpm tsc --noEmit
→ Track: "code/src/auth.ts: success" or "code/src/auth.ts: failed (error: ...)"

File Creation

Pattern:

Load template for new file
Substitute variables (paths, names, etc.)
Write to target location
Validate file exists
Track success/failure

Example:

Remediation: Create missing src/index.ts
→ Load template from vitest-config skill
→ Substitute variables
→ Write to src/index.ts
→ Track: "file-creation/src/index.ts: success"

Agent Routing Matrix

Fix Type	Agent	When To Use
.eslintrc.js	eslint-agent	Config violations
.prettierrc	prettier-agent	Formatting violations
tsconfig.json	typescript-agent	TypeScript violations
vitest.config.ts	vitest-agent	Test config violations
tailwind.config.js	tailwind-agent	Tailwind violations
pnpm-workspace.yaml	pnpm-workspace-agent	Workspace violations
Code changes	coder-agent	Logic/syntax fixes
New files	coder-agent (with template)	File creation

Error Handling Strategy

Critical Errors (STOP):

File system errors (permission denied, disk full)
Agent crash during execution
Syntax validation failure on new code

Non-Critical (CONTINUE):

Config file update with warnings (lint warnings, etc.)
Optional file already exists
Template sync skipped (file already matches)

User Review Required:

Code fix completed but logic needs verification
Multiple fixes affected same file (conflicts)
Rollback needed (fix broke something else)

State Management

Before Starting:

Snapshot current state of all target files
Record original versions for rollback if needed

During Execution:

Log each fix attempt (timestamp, agent, result)
Write lock to prevent concurrent modifications
Track partial progress in case of interruption

After Completion:

Release lock
Provide summary of changes
Save audit-remediation log for review

Integration with Other Skills

Before This Skill:

audit-workflow - detects violations
remediation-options - presents user choices
User approves specific fixes (HITL)

This Skill:

Applies all approved fixes
Uses config/domain agents for implementation
Tracks results

After This Skill:

repomix-cache-refresh - if files modified
report-phase - generates final report
Re-audit (if user requests verification)

Output Format for /audit Command

Success Summary:

Remediation Execution Results
═══════════════════════════════════════

Applied Fixes (7):
  ✅ Config update: .eslintrc.js
  ✅ Config update: .prettierrc
  ✅ Template sync: tsconfig.json
  ✅ Code fix: src/auth.ts
  ✅ File creation: src/types/index.ts
  ✅ Config update: vitest.config.ts
  ✅ Template sync: tailwind.config.js

Failed Fixes (1):
  ❌ Code fix: src/service.ts
     Error: Function signature mismatch with tests

Files Modified: 7

Next Steps:
  1. Review failed fix manually
  2. Run "pnpm audit" to verify
  3. Push changes to review

Configuration

Setting	Value	Rationale
Model for agents	haiku	Fast execution for rule-based fixes
Validation on writes	Yes	Prevent invalid config files
Stop on first failure	No	Apply all fixable issues
Snapshot state before	Yes	Enable rollback if needed
Log all changes	Yes	Audit trail required

Example Remediation Plan

{
  "remediation_plan": [
    {
      "id": "fix-001",
      "type": "config",
      "configType": "eslint",
      "file": ".eslintrc.js",
      "action": "conform_to_template",
      "template": "eslint-config-template-v1",
      "priority": "high"
    },
    {
      "id": "fix-002",
      "type": "code",
      "file": "src/auth.service.ts",
      "description": "Add missing try-catch block in login method",
      "priority": "high"
    },
    {
      "id": "fix-003",
      "type": "template-sync",
      "file": "tsconfig.json",
      "source": "plugins/metasaver-core/skills/.../tsconfig.template.json",
      "priority": "medium"
    },
    {
      "id": "fix-004",
      "type": "file-creation",
      "file": "src/types/auth.types.ts",
      "template": "typescript-types-template",
      "priority": "low"
    }
  ],
  "templates": {
    "eslint-config-template-v1": {
      /* template content */
    },
    "typescript-types-template": {
      /* template content */
    }
  }
}

Used By

/audit command (after user approves fixes)
/ms audit command (for complex audits)
Multi-phase workflows requiring batch remediation

audit-remediation

Audit Remediation Skill

Workflow Steps

Remediation Type Patterns

Config File Update

Template Sync

Code Fix

File Creation

Agent Routing Matrix

Error Handling Strategy

State Management

Integration with Other Skills

Output Format for /audit Command

Configuration

Example Remediation Plan

Used By

Related Skills