Skip to content

Security Audit

Reference

Security-audit's public surface is the SecurityAuditWorkflow class, re-exported from attune.workflows. WorkflowResult comes from attune.workflows as well.

SecurityAuditWorkflowattune.workflows.security_audit

Symbol Purpose
SecurityAuditWorkflow(*, system_prompt_suffix="", **kwargs) Construct the workflow. system_prompt_suffix (keyword-only) is appended to the orchestrator's system prompt; the empty default preserves stock behavior. Other kwargs pass to BaseWorkflow.
SecurityAuditWorkflow.execute(**kwargs) Async. Run the audit. Honors path (str, required) and depth ("quick" / "standard" / "deep", default "standard"); other kwargs are ignored. Returns a WorkflowResult.
SecurityAuditWorkflow.name The registered slug, "security-audit".
SecurityAuditWorkflow.stages ["agent-audit"]; the stage runs at the CAPABLE model tier.

Depth → budget

Depth Max turns Behavior
quick 10 A fast pass on a small path.
standard 20 The default — balanced coverage and cost.
deep 40 Thorough; additionally engages a token-aware budget and extended thinking.

The four subagents

Subagent Domain
vuln-scanner Injection, eval/exec, XSS, path traversal, command injection, insecure deserialization.
secret-detector Hardcoded credentials, API keys, tokens, private keys, sensitive env vars in source.
auth-reviewer Missing auth, broken access control, session weaknesses, privilege escalation.
remediation-planner Prioritized fix plan grouped by effort, with time estimates and dependencies.

WorkflowResult fields read after an audit

Field Type Meaning
success bool Whether the audit completed.
final_output Any The synthesized report — a serialized report when findings parse, else the raw markdown.
summary str \| None Short posture summary.
suggestions list[NextAction] Prioritized remediation actions.
cost_report CostReport Cost / usage for the run.
provider str The provider that served the run.
metadata dict Echoes path, depth, max_turns, and subagent_transcripts; carries SDK error fields on failure.
error / error_type str \| None Failure reason and category ("config" / "runtime" / "provider" / "timeout" / "validation").

Entry points

Surface Invocation
Skill /security-audit in a Claude Code conversation.
CLI attune workflow run security-audit --path <p> [--depth quick\|standard\|deep] [--json] [--cheap].
MCP tool security_audit — one required path argument; runs at standard depth (the handler does not pass depth).
Python await SecurityAuditWorkflow().execute(path=<p>, depth=<d>).