---
name: security:watch
description: Continuous security monitoring — runs diff on a recurring interval
allowed-tools: Bash, Read, Skill
model: sonnet
---

# /security watch [path] [--interval 6h]

Set up continuous security monitoring. Establishes a baseline, then runs `/security diff` on a recurring interval to detect regressions.

## Step 1: Parse Arguments

Extract from `$ARGUMENTS`:
- **path** — first non-flag argument (default `.`)
- **--interval \<value\>** — loop interval like `6h`, `30m`, `1h` (default `6h`)

## Step 2: Establish Baseline

Determine plugin root (parent of this `commands/` folder) and resolve the target path.

```bash
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --save-baseline
```

Parse stdout JSON. Display:

```
## Security Watch: <target>

**Baseline established** at <timestamp>
**Findings:** XC XH XM XL XI | **Risk Score:** X/100 | **Verdict:** ALLOW/WARNING/BLOCK

Starting watch with interval: <interval>
```

If the verdict is BLOCK, add a warning: "Initial scan shows BLOCK verdict — you will be alerted to any new findings above this baseline."

## Step 3: Start Loop

Use the **Skill** tool to invoke the built-in `/loop` skill:
- skill: `loop`
- args: `<interval> /security diff <target>`

This runs `/security diff <target>` every `<interval>`. Each diff compares against the latest baseline and saves a new one — a rolling window of changes.

## Step 4: Advisory

After starting the loop, display:

```
**Watch active.** `/security diff <target>` runs every <interval>.

To run as a system cron job instead:
  node <plugin-root>/scanners/watch-cron.mjs

To stop watching: Escape or Ctrl+C
```