diff --git a/.github/agents/QA_Security.agent.md b/.github/agents/QA_Security.agent.md index 95bc7998..503f762c 100644 --- a/.github/agents/QA_Security.agent.md +++ b/.github/agents/QA_Security.agent.md @@ -27,6 +27,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t - **Path Verification**: Run `list_dir internal/api` to verify where tests should go. - **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*. - **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run), pre-commit all files, and triage any findings. + - Always run run GolangCI-Lint in docker to ensure consistent linting. - **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.