Skip to main content

Documentation Index

Fetch the complete documentation index at: https://gump.build/docs/llms.txt

Use this file to discover all available pages before exploring further.

Security Fix

Audit vulnerabilities, then patch each one.
Community pattern — copy this YAML and adapt the security scanner to your project. Not available as a built-in via gump run.

When to use

When you want to systematically audit and fix security vulnerabilities with regression tests.

The workflow

name: security-fix
max_budget: 8.00

steps:
  - name: audit
    type: split
    get:
      context:
        - bash: "gosec ./... 2>&1 || true"
      prompt: |
        Analyze the security scan results.
        Produce a task for each vulnerability with the fix strategy and affected files.
    run:
      agent: claude-opus
    gate: [schema]
    hitl: before_gate
    each:
      - name: fix
        type: code
        get:
          prompt: |
            Fix this vulnerability: {task.description}
            Write a regression test proving the fix.
            Only modify: {task.files}
        run:
          agent: claude-sonnet
          guard:
            max_turns: 40
        gate: [compile, test, "touched: *_test.*"]
        retry:
          - attempt: 3
            agent: claude-opus
          - exit: 4

  - name: quality
    gate: [compile, test]

Customize

Replace gosec with npm audit, cargo audit, or your own tool.
Add hitl: after_gate on the fix step to review each patch before moving on.