Skills
skills/bitwarden/ai-plugins/workflow-fix

workflow-fix

Installation
SKILL.md

Rules

  • No mutating API calls without confirmation. gh api GET requests are allowed freely. Any call using -X POST, -X PUT, -X PATCH, or -X DELETE must be shown to the user and approved before execution.
  • Never force-push, delete branches, or delete repositories.
  • Only modify files under .github/. Do not touch application code, scripts, or configuration outside of workflow files.
  • Show a diff and get confirmation before every commit.
  • All PRs must be created as drafts.
  • Flag uncertainty. If a finding is ambiguous or a fix could break a workflow, stop and ask rather than guessing.

Step 1: Verify Prerequisites

Check if bwwl is available:

bwwl --version

If the command is not found, stop and inform the user that bwwl must be installed before continuing. Do not attempt to install it.

Step 2: Determine Scope

Parse the user's request to determine what to fix:

  • Single file or directory: Operate on the current repo only.
  • Multiple repos (e.g., "server, clients, android"): Operate on each repo sequentially. Ask the user for the base directory where their repos are cloned. For each repo, look for its local clone at <base-dir>/<repo>. If a clone is not found, inform the user and skip that repo.
  • No specific target: Fix all findings in .github/workflows/ of the current directory.

If the user has not run the workflow-audit skill first, run the linter now to identify findings before proceeding.

Step 3: For Each Repo in Scope

Repeat Steps 4–7 for each repo. Announce which repo is being worked on.

Step 4: Create a Fix Branch

Only create the fix branch if there are findings to fix:

git checkout -b fix/workflow-linter-findings

Step 5: Apply Fixes

Consult the bitwarden-workflow-linter-rules skill for the correct fix for each rule.

For mechanical findings: Apply all fixes without prompting.

Exception — step_pinned: Before applying each hash pin, follow the step_pinned fix procedure from the bitwarden-workflow-linter-rules skill (resolve SHA via gh api, show verification link, wait for user confirmation).

For judgment findings: For each one, pause and present the finding clearly. Ask the user which option they want (per the bitwarden-workflow-linter-rules skill), then apply their choice.

Step 6: Verify Fixes

Re-run the linter to confirm all findings are resolved:

bwwl lint -f .github/workflows/

If errors remain, analyze and fix them. Repeat until clean.

Step 7: Review and Create PR

After all fixes are applied:

  1. Show a git diff of all changes made.
  2. Ask the user to confirm they want to proceed with a PR.
  3. If confirmed:
git add .github/workflows/
git commit -m "Fix workflow linter findings"
gh pr create \
  --title "Fix workflow linter findings" \
  --body "Automated fixes for findings from the Bitwarden workflow linter (bwwl)." \
  --draft

Step 8: Summary

After processing all repos, output a summary table:

Repo Findings Fixed PRs Created Skipped / Notes
... ... ... ...
Weekly Installs
6
Repository
bitwarden/ai-plugins
GitHub Stars
84
First Seen
2 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn