remediate

name: remediate description: Fix open compliance findings with evidence capture and human approval user_invocable: true argument_description: "Optional: a finding ID (FINDING-xxx), 'all' for all open findings, or a severity filter like '--severity critical,high'"

/remediate

Fix open compliance findings identified by the scanner.

Instructions

Single Finding

If $ARGUMENTS contains a specific finding ID (e.g., FINDING-s3-a1b2c3d4):

Use the Agent tool to spawn a single remediator agent:

• subagent_type: remediator
• Pass the finding ID in the prompt

All Open Findings

If $ARGUMENTS is all or empty:

1. Read all finding files from .compliance/findings/FINDING-*.json
2. Filter to findings where status is open
3. Optionally filter by --severity if provided in arguments
4. Sort by severity (critical first, then high, medium, low)
5. For each open finding, spawn a remediator agent using the Agent tool:
   • subagent_type: remediator
   • Pass the finding file path in the prompt
   • Run remediators in parallel where possible (up to 3 concurrent)

Severity Filter

If $ARGUMENTS contains --severity critical,high:

• Only remediate findings matching those severity levels

Usage Examples

/remediate                              # Remediate all open findings
/remediate FINDING-s3-a1b2c3d4          # Fix one specific finding
/remediate all                          # Same as no args
/remediate --severity critical          # Only critical findings
/remediate --severity critical,high     # Critical and high

Output

For each finding, the remediator will:

1. Show the proposed fix and wait for approval
2. Capture before/after evidence
3. Apply the fix
4. Verify with a Prowler re-check
5. Update the finding status

After all remediations, show a summary of what was fixed.