{"id":50751211,"url":"https://github.com/bradselph/zero-trust-audit-team","last_synced_at":"2026-06-11T01:04:20.147Z","repository":{"id":355616297,"uuid":"1217487838","full_name":"bradselph/zero-trust-audit-team","owner":"bradselph","description":"Eight specialized agents and seven slash commands transform your existing codebase into a fully tracked improvement pipeline.  The code auditor verifies one file at a time with explicit evidence—no fabrication, no vague claims. Findings persist across /clear in .claude/audit-state/.  Commands: /audit:init, /audit:run, /audit:continue, /audit:triage","archived":false,"fork":false,"pushed_at":"2026-05-04T12:54:33.000Z","size":49,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-04T14:36:02.752Z","etag":null,"topics":["agent","agents-code-quality","claude-code","code-audit","orchestrator","plugins","static-analysis","team","workflows","zero-trust"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bradselph.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit-state/README.md","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-21T23:59:11.000Z","updated_at":"2026-05-04T12:54:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bradselph/zero-trust-audit-team","commit_stats":null,"previous_names":["bradselph/zero-trust-audit-team"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/bradselph/zero-trust-audit-team","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradselph%2Fzero-trust-audit-team","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradselph%2Fzero-trust-audit-team/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradselph%2Fzero-trust-audit-team/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradselph%2Fzero-trust-audit-team/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bradselph","download_url":"https://codeload.github.com/bradselph/zero-trust-audit-team/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bradselph%2Fzero-trust-audit-team/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34177449,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agents-code-quality","claude-code","code-audit","orchestrator","plugins","static-analysis","team","workflows","zero-trust"],"created_at":"2026-06-11T01:04:19.543Z","updated_at":"2026-06-11T01:04:20.139Z","avatar_url":"https://github.com/bradselph.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Zero-Trust Audit Team\n\nA Claude Code plugin that turns your existing codebase into a fully-tracked improvement pipeline: **plan -\u003e audit -\u003e triage -\u003e fix -\u003e test -\u003e re-verify**, with persistent state that survives `/clear` and context resets.\n\n## Install\n\n```\n/plugin install https://github.com/bradselph/zero-trust-audit-team\n```\n\nOr load locally for testing:\n\n```bash\ngit clone https://github.com/bradselph/zero-trust-audit-team\nclaude --plugin-dir ./zero-trust-audit-team\n```\n\n## Quickstart\n\n```\n/audit:init src/\n/audit:run\n/audit:triage\n/audit:fix\n/audit:summary\n```\n\n## Commands\n\n| Command | Description |\n|---|---|\n| `/audit:init [paths]` | Define scope, build the file manifest |\n| `/audit:run` | Audit files one-by-one (stops at `STATUS: PARTIAL`) |\n| `/audit:continue` | Resume a paused audit at the last resume marker |\n| `/audit:triage` | Convert raw findings into a prioritized fix plan |\n| `/audit:fix [FND-id]` | Run one finding through fix -\u003e test -\u003e re-verify |\n| `/audit:status` | Snapshot: coverage %, open findings by severity, next action |\n| `/audit:summary` | Final report (only valid after full manifest coverage) |\n\n## The team\n\nEight specialized agents coordinate through a shared state ledger in `.claude/audit-state/`. Each has a narrow, evidence-enforced role:\n\n| Agent | Role | Writes code? |\n|---|---|---|\n| `audit-orchestrator` | Coordinator -- dispatches all other agents, owns state | State files only |\n| `audit-planner` | Builds the file manifest, defines scope | No |\n| `code-auditor` | Zero-trust per-file verifier -- one file per invocation, explicit evidence required | No |\n| `triage-analyst` | Dedupes findings, scores by severity x confidence x blast radius | No |\n| `fix-implementer` | Applies one triaged fix at a time -- minimal change, no scope creep | Yes |\n| `test-engineer` | Runs existing tests; writes a regression test per fix | Tests only |\n| `re-verifier` | Independent re-audit of the changed region -- confirms or rejects with evidence | No |\n| `docs-reconciler` | Resolves code/doc contradictions flagged by the auditor | Docs only |\n\n## The flow\n\n```\n/audit:init   -\u003e  define scope, build manifest\n/audit:run    -\u003e  code-auditor audits files one-by-one, writes findings/FND-*.json\n/audit:triage -\u003e  triage-analyst ranks and groups findings into a fix plan\n/audit:fix    -\u003e  fix-implementer -\u003e test-engineer -\u003e re-verifier (one finding per run)\n/audit:summary -\u003e final report: coverage table, themes, unresolved inventory\n```\n\nEach phase is a separate command. Nothing happens automatically between phases -- you stay in control of when to move forward.\n\n## State layout\n\nAll state lives in `.claude/audit-state/` in your project as plain JSON and Markdown -- diffable, reviewable, readable without tooling.\n\n```\n.claude/audit-state/\n+-- scope.json           IN_SCOPE, OUT_OF_SCOPE, LANGUAGES, sensitive_paths\n+-- manifest.json        Every in-scope file: path, size, line count, audit order\n+-- coverage.json        Per-file status (not-started / PARTIAL / COMPLETE) + rollups\n+-- findings/            FND-0001.json, FND-0002.json, ... -- one file per finding\n+-- triage.json          Ordered remediation plan with scores and fix-unit groupings\n+-- log/\n|   +-- audit-\u003cfile\u003e.md  Per-file execution traces from code-auditor\n|   +-- fix-FND-NNNN.md  Fix record: before/after + test results + re-verifier verdict\n+-- README.md            Schema reference for every state file\n```\n\nThe `audit-state/README.md` schema reference is included in this plugin for reference. The orchestrator writes it to your project during `/audit:init`.\n\n## Design choices\n\n**Why one file per audit invocation.** The `code-auditor` audits exactly one file per call (or emits `STATUS: PARTIAL` with a resume line when the file exceeds the context window). This makes `/audit:run` resumable across multiple sessions on any repo size.\n\n**Why findings are files, not chat history.** Chat transcripts don't survive `/clear`. `findings/FND-0042.json` does. Every agent reads from this ledger days later with full fidelity.\n\n**Why one finding per fix invocation.** Batching unrelated fixes is where regressions hide. Each fix-unit gets its own complete trace: locate -\u003e edit -\u003e lint/typecheck -\u003e regression test -\u003e independent re-verification.\n\n**Why the auditor cannot write.** The `code-auditor` has read-only tools. It literally cannot fix what it finds -- no incentive to downplay findings for a cleaner diff.\n\n**Why re-verification is a separate agent.** The agent that applied the fix is the wrong agent to certify it. The `re-verifier` starts from a clean context and must produce an independent execution trace.\n\n## Customizing\n\n**Severity thresholds** -- edit `agents/triage-analyst.md`, step 5 (auto-fix eligibility rules).\n\n**Per-language hazard checklists** -- create `.claude/audit-state/appendix/\u003clanguage\u003e.md` in your project. The `code-auditor` picks it up during the hazard check pass.\n\n**Sensitive path overrides** -- add `sensitive_paths` to `scope.json`. The triage-analyst routes anything matching those paths to human review.\n\n**Pre-existing findings** -- drop JSON into `.claude/audit-state/findings/` matching the schema in `audit-state/README.md`. The triage-analyst folds them into the plan.\n\n## When not to use this\n\n- **Single-file fixes**: overkill -- use plain Claude Code.\n- **Greenfield projects**: the auditor's value is on accumulated code with real issues.\n- **If you want instant results**: the chunking protocol is intentional. Each phase is checkpointed so nothing is lost if context resets.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradselph%2Fzero-trust-audit-team","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbradselph%2Fzero-trust-audit-team","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbradselph%2Fzero-trust-audit-team/lists"}