Enhance security auditing capabilities by introducing a comprehensive 5-phase OWASP-based security audit process, including dependency scanning, static analysis, and a consolidated report with severity-ranked findings. Update autopilot workflows to incorporate an optional security audit step before deployment, and refine documentation across related skills for clarity and usability.

.cursor/skills/autopilot/protocols.md

@@ -106,6 +106,101 @@ All error situations that require user input MUST use the **Choose A / B / C / D
 | User wants to go back to a previous step | Use Choose format: A) re-run (with overwrite warning), B) stay on current step |
 | User asks "where am I?" without wanting to continue | Show Status Summary only, do not start execution |
 
+## Error Recovery Protocol
+
+### Stuck Detection
+
+When executing a sub-skill, monitor for these signals:
+
+- Same artifact overwritten 3+ times without meaningful change
+- Sub-skill repeatedly asks the same question after receiving an answer
+- No new artifacts saved for an extended period despite active execution
+
+### Recovery Actions (ordered)
+
+1. **Re-read state**: read `_docs/_autopilot_state.md` and cross-check against `_docs/` folders
+2. **Retry current sub-step**: re-read the sub-skill's SKILL.md and restart from the current sub-step
+3. **Escalate**: after 2 failed retries, present diagnostic summary to user using Choose format:
+
+```
+══════════════════════════════════════
+ RECOVERY: [skill name] stuck at [sub-step]
+══════════════════════════════════════
+ A) Retry with fresh context (new conversation)
+ B) Skip this sub-step with warning
+ C) Abort and fix manually
+══════════════════════════════════════
+ Recommendation: A — fresh context often resolves stuck loops
+══════════════════════════════════════
+```
+
+### Circuit Breaker
+
+If the same autopilot step fails 3 consecutive times across conversations:
+
+- Record the failure pattern in the state file's `Blockers` section
+- Do NOT auto-retry on next invocation
+- Present the blocker and ask user for guidance before attempting again
+
+## Context Management Protocol
+
+### Principle
+
+Disk is memory. Never rely on in-context accumulation — read from `_docs/` artifacts, not from conversation history.
+
+### Minimal Re-Read Set Per Skill
+
+When re-entering a skill (new conversation or context refresh):
+
+- Always read: `_docs/_autopilot_state.md`
+- Always read: the active skill's `SKILL.md`
+- Conditionally read: only the `_docs/` artifacts the current sub-step requires (listed in each skill's Context Resolution section)
+- Never bulk-read: do not load all `_docs/` files at once
+
+### Mid-Skill Interruption
+
+If context is filling up during a long skill (e.g., document, implement):
+
+1. Save current sub-step progress to the skill's artifact directory
+2. Update `_docs/_autopilot_state.md` with exact sub-step position
+3. Suggest a new conversation: "Context is getting long — recommend continuing in a fresh conversation for better results"
+4. On re-entry, the skill's resumability protocol picks up from the saved sub-step
+
+### Large Artifact Handling
+
+When a skill needs to read large files (e.g., full solution.md, architecture.md):
+
+- Read only the sections relevant to the current sub-step
+- Use search tools (Grep, SemanticSearch) to find specific sections rather than reading entire files
+- Summarize key decisions from prior steps in the state file so they don't need to be re-read
+
+## Rollback Protocol
+
+### Implementation Steps (git-based)
+
+Handled by `/implement` skill — each batch commit is a rollback checkpoint via `git revert`.
+
+### Planning/Documentation Steps (artifact-based)
+
+For steps that produce `_docs/` artifacts (problem, research, plan, decompose, document):
+
+1. **Before overwriting**: if re-running a step that already has artifacts, the sub-skill's prerequisite check asks the user (resume/overwrite/skip)
+2. **Rollback to previous step**: use Choose format:
+
+```
+══════════════════════════════════════
+ ROLLBACK: Re-run [step name]?
+══════════════════════════════════════
+ A) Re-run the step (overwrites current artifacts)
+ B) Stay on current step
+══════════════════════════════════════
+ Warning: This will overwrite files in _docs/[folder]/
+══════════════════════════════════════
+```
+
+3. **Git safety net**: artifacts are committed with each autopilot step completion. To roll back: `git log --oneline _docs/` to find the commit, then `git checkout <commit> -- _docs/<folder>/`
+4. **State file rollback**: when rolling back artifacts, also update `_docs/_autopilot_state.md` to reflect the rolled-back step (set it to `in_progress`, clear completed date)
+
 ## Status Summary
 
 On every invocation, before executing any skill, present a status summary built from the state file (with folder scan fallback). Use the template matching the active flow (see Flow Resolution in SKILL.md).
@@ -122,6 +217,7 @@ On every invocation, before executing any skill, present a status summary built
  Step 3   Decompose           [DONE (N tasks) / IN PROGRESS / NOT STARTED]
  Step 4   Implement           [DONE / IN PROGRESS (batch M of ~N) / NOT STARTED]
  Step 5   Run Tests           [DONE (N passed, M failed) / IN PROGRESS / NOT STARTED]
+ Step 5b  Security Audit      [DONE / SKIPPED / IN PROGRESS / NOT STARTED]
  Step 6   Deploy              [DONE / IN PROGRESS / NOT STARTED]
 ═══════════════════════════════════════════════════
  Current: Step N — Name
@@ -144,6 +240,7 @@ On every invocation, before executing any skill, present a status summary built
  Step 2f  New Task            [DONE (N tasks) / IN PROGRESS / NOT STARTED]
  Step 2g  Implement           [DONE / IN PROGRESS (batch M of ~N) / NOT STARTED]
  Step 2h  Run Tests           [DONE (N passed, M failed) / IN PROGRESS / NOT STARTED]
+ Step 2hb Security Audit      [DONE / SKIPPED / IN PROGRESS / NOT STARTED]
  Step 2i  Deploy              [DONE / IN PROGRESS / NOT STARTED]
 ═══════════════════════════════════════════════════
  Current: Step N — Name