security-cyclelisted

# /security-cycle — Iterative Security Hardening Run red-team → blue-team → red-team cycles until the code is a bunker. ## Usage ``` /security-cycle # Full cycle on current project /security-cycle --max-iterations 5 # Limit iterations /security-cycle $ARGUMENTS # Cycle on specific path ``` ## Pipeline ### Iteration N: 1. Run `/red-team` → generates red-team report at `tasks/audit/red-team-{date}-{N}.md` 2. Count CRITICAL + HIGH findings in the report 3. If 0: **STOP** — code is hardened 4. If > 0: Run `/blue-team` → fixes findings, generates `tasks/audit/blue-team-{date}-{N}.md` 5. Run `/red-team` again → verify fixes hold + find new issues 6. Repeat until CRITICAL + HIGH = 0 or max iterations reached (default: 10) ### Stopping criteria - **SUCCESS**: Red-team finds 0 CRITICAL and 0 HIGH findings - **MAX ITERATIONS**: Limit reached — generate final report with remaining risks documented - **NO PROGRESS**: Two consecutive red-team reports with identical findings — stop, flag for manual review ### After all iterations: Generate: `tasks/audit/security-cycle-{date}.md` ```markdown # Security Cycle Report — {date} ## Iterations: {N} | Iteration | Critical | High | Medium | Low | Fixed | |-----------|----------|------|--------|-----|-------| | 1 (red) | 3 | 5 | 12 | 8 | — | | 1 (blue) | — | — | — | — | 8 fixed | | 2 (red) | 0 | 1 | 9 | 6 | — | | 2 (blue) | — | — | —