Package ai.tabforge.workshop.agents

Class SecurityAuditorAgent

java.lang.Object

ai.tabforge.workshop.agent.SubAgent

ai.tabforge.workshop.agents.DefaultSubAgent

ai.tabforge.workshop.agents.SecurityAuditorAgent

public class SecurityAuditorAgent
extends DefaultSubAgent

Specialist sub-agent that analyzes Jakarta EE source files for security vulnerabilities. Extends DefaultSubAgent — inherits the Anthropic SDK call and JSON parsing; only overrides buildPrompt() to define the security-specific system prompt.

CERTIFICATION NOTE — covers three exam domains:

• Domain 1 — Agentic Architecture & Orchestration (27%): This class IS a sub-agent in the coordinator-subagent pattern. It receives an AgentContext work order from OrchestratorAgent and reports progress back via ProgressReporter.
• Domain 2 — Prompt Engineering & Structured Output (20%): buildPrompt() demonstrates role prompting ("You are a security auditor..."), constrained output ("Respond ONLY in this JSON format"), and rule ID anchoring (SEC-001..SEC-005) — all techniques tested in Domain 2.
• Domain 4 — Tool Design & MCP Integration (18%): The JSON schema defined in the system prompt IS the output contract. DefaultSubAgent.analyzeFile() enforces it by parsing the response with Jackson — if Claude deviates, parsing fails and a safe AgentResult.failed() is returned.

Constructor Summary

Constructors

Constructor	Description
SecurityAuditorAgent(ProgressReporter orchestrator, com.anthropic.client.AnthropicClient client)

Method Summary

Modifier and Type	Method	Description
protected String	buildPrompt(AgentContext context)	A string that defines the role and behavior of the agent.
protected String	getAgentName()

Methods inherited from class ai.tabforge.workshop.agents.DefaultSubAgent

analyzeFile

Methods inherited from class ai.tabforge.workshop.agent.SubAgent

execute

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityAuditorAgent

public SecurityAuditorAgent(ProgressReporter orchestrator,
 com.anthropic.client.AnthropicClient client)

Method Details

buildPrompt

protected String buildPrompt(AgentContext context)

Description copied from class: SubAgent

A string that defines the role and behavior of the agent. For example for SecurityAuditorAgent:

       "You are a security auditor specialized in Jakarta EE applications. 
        Analyze the provided Java code for security vulnerabilities. 
       Focus on: SQL injection, hardcoded secrets, missing authorization... 

       Respond ONLY in this JSON format: 
       [{ "ruleId": "SEC-001", "severity": "CRITICAL", ... }]"
       

That string goes to the Claude API call as a system parameter.

Specified by:

buildPrompt in class SubAgent

Parameters:

context - - Some agents may use this parameter, SecurityAuditorAgent ignores it.

Returns:

getAgentName

protected String getAgentName()

Specified by:

getAgentName in class SubAgent