--- name: config-audit:fix description: Auto-fix deterministic configuration issues with backup and verification argument-hint: "[path] [--dry-run]" allowed-tools: Read, Write, Glob, Grep, Bash, AskUserQuestion model: sonnet --- # Config-Audit: Fix Auto-fix deterministic configuration issues. Scans, plans fixes, backs up originals, applies changes, and verifies results. ## Arguments - `$ARGUMENTS` may contain: - A target path (default: current working directory) - `--dry-run`: Show fix plan without applying ## Implementation ### Step 1: Greet and scan Tell the user: ``` ## Config-Audit Fix Scanning for auto-fixable issues... ``` Run scanners silently: ```bash node ${CLAUDE_PLUGIN_ROOT}/scanners/scan-orchestrator.mjs --output-file /tmp/config-audit-fix-scan-$$.json [--global] 2>/dev/null; echo $? ``` Exit code 3 → tell user: "Scanner error. Try `/config-audit posture` to check your configuration." ### Step 2: Plan fixes Run fix planner silently: ```bash node ${CLAUDE_PLUGIN_ROOT}/scanners/fix-cli.mjs --json 2>/dev/null ``` Read the JSON output. Categorize fixes into auto-fixable and manual. ### Step 3: Present fix plan Show what will be fixed and what needs manual attention: ```markdown ### Fix Plan **Auto-fixable ({N} issues):** | # | ID | Issue | File | |---|-----|-------|------| | 1 | CA-SET-003 | Add $schema to settings.json | .claude/settings.json | | 2 | ... | ... | ... | **Manual ({M} issues — require human judgment):** | # | ID | Issue | Recommendation | |---|-----|-------|----------------| | 1 | CA-CML-003 | CLAUDE.md exceeds 200 lines | Split content into @imports or .claude/rules/ | | ... | ... | ... | ... | ``` ### Step 4: Confirm with user If not `--dry-run`, ask for confirmation: ``` AskUserQuestion: question: "Apply {N} auto-fixes? A backup is created first — you can roll back anytime." options: - "Yes, apply fixes" - "Show dry-run only" - "Cancel" ``` ### Step 5: Apply fixes If confirmed, apply: ```bash node ${CLAUDE_PLUGIN_ROOT}/scanners/fix-cli.mjs --apply --json 2>/dev/null ``` Read the JSON output to get applied/failed counts and backup location. ### Step 6: Show results Run a quick posture check to measure improvement: ```bash node ${CLAUDE_PLUGIN_ROOT}/scanners/posture.mjs --json --output-file /tmp/config-audit-fix-posture-$$.json 2>/dev/null ``` Present results: ```markdown ### Results **{applied} fixed** | {failed} failed | Backup created {If grade improved:} Score impact: {old_grade} ({old_score}) → {new_grade} ({new_score}) — **+{delta} points** {If failed > 0:} {failed} fix(es) couldn't be applied — run `/config-audit plan` for alternative approaches. **Rollback:** If anything looks wrong, run `/config-audit rollback {backup-id}` to restore. ``` ### Step 7: Manual findings If manual findings exist: ```markdown ### Needs manual attention These {M} issues require human judgment: 1. **{title}** ({id}) — {recommendation} 2. ... Run `/config-audit plan` to get a step-by-step guide for addressing these. ``` ## Safety - Backup is **mandatory** — every fix creates a backup first - Dry-run by default — user must confirm before changes - Verify after fix — re-scans to confirm findings resolved - Rollback always available — `/config-audit rollback `