/dependency-audit¶
Role: Dep auditor Pipeline position: fortress
Per-dependency audit pass (direct + transitive) for license, CVE, and freshness.
Canonical invocation¶
/dependency-audit
With arguments:
/dependency-audit [path/to/plan-suite/] [phase-id] [--dry-run]
Inputs¶
Host repository dependency manifests
Outputs¶
Dependency findings + REPORT.md
Downstream¶
Phase 23 of the review fortress
Workflow phases¶
The command follows the standard /plan-* pipeline workflow:
- Load context — Read plan suite, rules, and Resumption Contract.
- Verify prerequisites — Confirm dependency phases complete.
- Execute tasks — Perform the command mission.
- Verify outputs — Confirm all declared outputs exist and pass quality gates.
- Update PROGRESS.md — Record verified outputs in the Phase Output Registry.
- Emit REPORT.md — Pre-emission gate attestation recorded.
Failure modes¶
| Symptom | Cause | Recovery |
|---|---|---|
| Prerequisite incomplete | Dependent phase not finished | Complete upstream phase first |
| Quality gate FAIL | Output does not meet standards | Fix the output and re-run |
| Missing input file | Plan suite file absent | Run /plan-generate to create it |
Examples¶
# Dry-run to preview what would happen
/dependency-audit --dry-run
# Execute against a named plan suite
/dependency-audit path/to/plan-suite/