fix(ci): correct image digest separator

.wave/pipelines/ops-parallel-audit.yaml

@@ -0,0 +1,101 @@
+# Parallel Multi-Audit — Composition Primitives Example
+#
+# Demonstrates: iterate (parallel), aggregate (merge_arrays)
+#
+# Execution flow:
+#
+#   run-audits              ← iterate (parallel, max_concurrent: 3): fan out over
+#   ├─ audit-security       │  [security, dead-code, dx] — each runs its audit
+#   ├─ audit-dead-code      │  pipeline and emits findings JSON
+#   └─ audit-dx             │
+#        │
+#   merge-findings          ← aggregate (merge_arrays): collect all findings arrays
+#        │                    into one unified JSON list
+#   report                  ← persona step: synthesise the merged findings into a
+#                             single prioritised markdown report
+
+kind: WavePipeline
+metadata:
+  name: ops-parallel-audit
+  description: "Fan out security, dead-code, and DX audits in parallel then merge findings"
+  category: composition
+  release: true
+
+skills:
+  - software-design
+
+input:
+  source: cli
+  example: "internal/pipeline"
+  schema:
+    type: string
+    description: "Scope to audit — a package path, directory, or free-form description"
+
+steps:
+  # ── Step 1: fan out over the three audit types in parallel ────────────────
+  #
+  # Each item is the name of an existing audit pipeline. The iterate primitive
+  # spawns up to 3 workers simultaneously, one per audit type.
+  - id: run-audits
+    pipeline: "{{ item }}"
+    input: "{{ input }}"
+    iterate:
+      over: '["audit-security", "audit-dead-code", "audit-dx"]'
+      mode: parallel
+      max_concurrent: 3
+
+  # ── Step 2: merge all findings arrays into one flat list ─────────────────
+  #
+  # The aggregate primitive reads the step outputs collected by run-audits and
+  # flattens the three JSON arrays into a single findings array written to disk.
+  - id: merge-findings
+    dependencies: [run-audits]
+    aggregate:
+      from: "{{ run-audits.output }}"
+      into: .wave/output/merged-findings.json
+      strategy: merge_arrays
+
+  # ── Step 3: synthesise a unified markdown report ──────────────────────────
+  - id: report
+    persona: summarizer
+    dependencies: [merge-findings]
+    workspace:
+      mount:
+        - source: ./
+          target: /project
+          mode: readonly
+    exec:
+      type: prompt
+      source: |
+        Input scope: {{ input }}
+
+        Three parallel audits have completed — security, dead-code, and DX.
+        Their findings have been merged into .wave/output/merged-findings.json.
+
+        Read that file, then produce a unified markdown report:
+
+        ## Executive Summary
+        Overall health rating (excellent / good / needs-work / critical) with one
+        paragraph of justification.
+
+        ## Critical Findings  (severity: critical or high)
+        For each: finding title, audit source, file/line if available, recommended fix.
+
+        ## All Findings by Priority
+        A table with columns: Priority | Source | Finding | File | Recommendation
+
+        ## Positive Observations
+        Anything that looked unexpectedly clean or well-maintained.
+
+        ## Recommended Next Steps
+        Ordered action list — highest impact first.
+
+        Write the report to .wave/output/parallel-audit-report.md.
+    output_artifacts:
+      - name: audit-report
+        path: .wave/output/parallel-audit-report.md
+        type: markdown
+    handover:
+      contract:
+        type: non_empty_file
+        source: .wave/output/parallel-audit-report.md