---
# .github/workflows/security-guard.md  ·  GitHub Agentic Workflow (gh-aw)
# QRefAI AI Coding Field Guide, Part 3 (Q3.6) · also a "ten highest-leverage" item
#
# Outer-loop security pass on every PR. READ-ONLY token; findings posted via the
# add-comment safe output only. Compile with:  gh aw compile --strict
#
# This complements — does not replace — Claude inner-loop hooks. Hooks gate the
# developer's edits live; this guards what actually lands in a PR.
on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: read

safe-outputs:
  add-comment:
    max: 1
  add-labels:
    max: 1
    allowed: [security-review-needed]
---

# Security guard

Review the PR diff for security regressions:
  - hard-coded secrets, tokens, or credentials  → flag as CRITICAL
  - auth / authorization gaps
  - injection (SQL, command, template)
  - unsafe deserialization, SSRF in outbound calls
  - new dependencies with known-bad reputations

If you find anything, post ONE comment with a checklist of findings, each as
severity + file:line + risk + suggested fix, and apply `security-review-needed`.
If the diff is clean, post nothing and apply no label.

Never approve, merge, or modify the PR. This workflow only observes and reports.