agents/workflows/security-hardening.md

model

model
claude-opus-4-1

Implement security-first architecture and hardening measures with coordinated agent orchestration:

[Extended thinking: This workflow prioritizes security at every layer of the application stack. Multiple agents work together to identify vulnerabilities, implement secure patterns, and ensure compliance with security best practices.]

Phase 1: Security Assessment

1. Initial Security Audit

• Use Task tool with subagent_type="security-auditor"
• Prompt: "Perform comprehensive security audit on: $ARGUMENTS. Identify vulnerabilities, compliance gaps, and security risks across all components."
• Output: Vulnerability report, risk assessment, compliance gaps

2. Architecture Security Review

• Use Task tool with subagent_type="backend-architect"
• Prompt: "Review and redesign architecture for security: $ARGUMENTS. Focus on secure service boundaries, data isolation, and defense in depth. Use findings from security audit."
• Output: Secure architecture design, service isolation strategy, data flow diagrams

Phase 2: Security Implementation

3. Backend Security Hardening

• Use Task tool with subagent_type="backend-architect"
• Prompt: "Implement backend security measures for: $ARGUMENTS. Include authentication, authorization, input validation, and secure data handling based on security audit findings."
• Output: Secure API implementations, auth middleware, validation layers

4. Infrastructure Security

• Use Task tool with subagent_type="devops-troubleshooter"
• Prompt: "Implement infrastructure security for: $ARGUMENTS. Configure firewalls, secure secrets management, implement least privilege access, and set up security monitoring."
• Output: Infrastructure security configs, secrets management, monitoring setup

5. Frontend Security

• Use Task tool with subagent_type="frontend-developer"
• Prompt: "Implement frontend security measures for: $ARGUMENTS. Include CSP headers, XSS prevention, secure authentication flows, and sensitive data handling."
• Output: Secure frontend code, CSP policies, auth integration

Phase 3: Compliance and Testing

6. Compliance Verification

• Use Task tool with subagent_type="security-auditor"
• Prompt: "Verify compliance with security standards for: $ARGUMENTS. Check OWASP Top 10, GDPR, SOC2, or other relevant standards. Validate all security implementations."
• Output: Compliance report, remediation requirements

7. Security Testing

• Use Task tool with subagent_type="test-automator"
• Prompt: "Create security test suites for: $ARGUMENTS. Include penetration tests, security regression tests, and automated vulnerability scanning."
• Output: Security test suite, penetration test results, CI/CD integration

Phase 4: Deployment and Monitoring

8. Secure Deployment

• Use Task tool with subagent_type="deployment-engineer"
• Prompt: "Implement secure deployment pipeline for: $ARGUMENTS. Include security gates, vulnerability scanning in CI/CD, and secure configuration management."
• Output: Secure CI/CD pipeline, deployment security checks, rollback procedures

9. Security Monitoring Setup

• Use Task tool with subagent_type="devops-troubleshooter"
• Prompt: "Set up security monitoring and incident response for: $ARGUMENTS. Include intrusion detection, log analysis, and automated alerting."
• Output: Security monitoring dashboards, alert rules, incident response procedures

Coordination Notes

• Security findings from each phase inform subsequent implementations
• All agents must prioritize security in their recommendations
• Regular security reviews between phases ensure nothing is missed
• Document all security decisions and trade-offs

Security hardening target: $ARGUMENTS