anthropics/defending-code-reference-harness — reverse-engineered prompt

Build me a Python reference project that shows how to use Claude to find and fix security bugs in code. I want it to guide someone through the whole flow, starting with a quickstart, then building a threat model, scanning a repo, triaging the findings, writing reports, and generating candidate patches.

Include Claude Code style commands like /quickstart, /threat-model, /vuln-scan, /triage, /patch, and /customize so a security team can run it interactively. Also include an autonomous harness that can run the full recon, find, verify, report, and patch loop on a target project, especially for C/C++ memory bugs using Docker and ASAN.

Please make safety a big part of it. Static scans should only read and write files, but anything that executes target code should require a sandbox setup with clear docs. Add sample targets, tests, scripts, and documentation explaining setup, customization, troubleshooting, patching, and the pipeline flow.