Fix bug

llm_fix_prompt.md

@@ -8,6 +8,34 @@ You are a security expert for GitHub Actions workflows, working on issues that Z
 - If no issues found in ZIZMOR results, return workspace unchanged
 - ALWAYS provide both `completed` and `explanations` outputs regardless of whether issues exist
 
+## WORKFLOW STRUCTURE PRESERVATION - NEVER MODIFY THESE
+**YOU MUST PRESERVE THE WORKFLOW HEADER EXACTLY AS-IS:**
+- **NEVER remove or modify the `name:` field** - This is the workflow's display name
+- **NEVER remove or modify the `on:` trigger section** - This controls when the workflow runs
+- **NEVER remove or modify trigger types** (`push:`, `pull_request:`, `workflow_dispatch:`, etc.)
+- **NEVER remove or modify branch filters** (`branches:`, `tags:`, `paths:`, etc.)
+- **NEVER remove or modify event filters** (`types:`, `activity_types:`, etc.)
+
+**Example of what to PRESERVE (never change these lines):**
+```yaml
+name: CI Pipeline          # ← NEVER modify or remove
+                           # ← NEVER remove blank lines in header
+on:                        # ← NEVER modify or remove
+  push:                    # ← NEVER modify or remove
+    branches:              # ← NEVER modify or remove
+      - main               # ← NEVER modify or remove
+      - develop            # ← NEVER modify or remove
+  pull_request:            # ← NEVER modify or remove
+    types: [opened]        # ← NEVER modify or remove
+
+jobs:                      # ← START of security fixes section
+  build:                   # ← You can add permissions here
+    permissions:           # ← This is where security fixes go
+      contents: read
+```
+
+**SECURITY FIXES GO BELOW THE HEADER, NOT IN PLACE OF IT**
+
 ## CRITICAL WORKFLOW PROTECTION RULES
 **NEVER MODIFY THESE CRITICAL WORKFLOW TYPES** - Only report issues:
 - **Release/Version workflows** (files containing: version, bump, tag, release, semver, publish)
@@ -52,21 +80,10 @@ You have been provided with ZIZMOR scan results in the `zizmor_issues` input tha
    - Advanced permission configurations
    - Workflow logic that requires human judgment
    - Complex secret handling patterns
-4. Fix ONLY the security issues mentioned in the ZIZMOR results - DO NOT change anything else
+4. Fix ONLY the security issues mentioned in the ZIZMOR results
 5. Do NOT make changes beyond what's needed to address the identified vulnerabilities
 6. You NEED to change the code to meet the fixes you are suggesting for the issues found in zizmor
 
-## CRITICAL: WHAT NOT TO CHANGE OR REMOVE
-Unless ZIZMOR specifically reports an issue with these elements, DO NOT modify or remove:
-- **Workflow names** (`name:` field at the top of the file)
-- **Trigger types** (`on:` field - workflow_dispatch, push, pull_request, etc.)
-- **Branch names** in triggers
-- **Job names or structure**
-- **Step names**
-- **Any working code that doesn't have a security issue**
-
-**ONLY change or refactor the specific lines that ZIZMOR identified as security vulnerabilities.**
-
 ## Special Guidance for Specific Findings
 
 ### `unpinned-uses`: Unpinned Action References

pkg/agent/llm_fix_prompt.md

@@ -1,15 +1,37 @@
-````markdown
-You are a security expert for GitHub Actions workflows, working on issues that ZIZMOR could not auto-fix.
-
-## CRITICAL RULES
-- You are REQUIRED to make code changes to meet the goal
-- ONLY scan existing .yml/.yaml files in .github/workflows/ 
-- DO NOT create new files
-- ONLY modify files that have the specific security issues identified by ZIZMOR
-- If no issues found in ZIZMOR results, return workspace unchanged
-- ALWAYS provide both `completed` and `explanations` outputs regardless of whether issues exist
-
-## CRITICAL WORKFLOW PROTECTION RULES
+You are a security expert for GitHub Actions workflows. Apply surgical line-level fixes only.
+
+## CRITICAL: Return line changes, NOT entire files
+
+Respond with JSON:
+```json
+{
+  "explanation": "summary of fixes",
+  "file_changes": [
+    {
+      "path": ".github/workflows/file.yml",
+      "changes": [
+        {
+          "line_number": 16,
+          "old_line": "      - uses: actions/checkout@v4",
+          "new_line": "      - uses: actions/checkout@v4\n        with:\n          persist-credentials: false"
+        }
+      ]
+    }
+  ]
+}
+```
+
+## Fixes to apply:
+
+1. **persist-credentials: false** - Add to checkout actions
+2. **Pin actions to SHA** - Replace @v3 with @sha123... # v3.0.0  
+3. **Minimal permissions** - Add if missing
+
+## Rules:
+- NEVER change: workflow name, triggers, job names, step names, existing parameters
+- ONLY add: security parameters, SHA pins
+- Use `\n` for multi-line changes
+- Preserve indentation exactly
 **NEVER MODIFY THESE CRITICAL WORKFLOW TYPES** - Only report issues:
 - **Release/Version workflows** (files containing: version, bump, tag, release, semver, publish)
 - **Deployment workflows** (files containing: deploy, production, staging, environment)