# 5.2 Pipeline Cascade: Review → Security → Deploy

# Pipeline Cascade

## Step 4: Pipeline Triggers REVIEW

After BUILD completes, the Pipeline Engine fires:

```
pipeline-engine.js advance 4001
  → Stage: BUILD complete
  → Creating REVIEW task for Proveo
```

**New MC task created:**
```
#4006 [M] [open] [—] [BENTO-REVIEW] Code review of project scaffold (parent: #4001)
```

Pi-Orchestrator picks it up → routes to **Proveo** (audit firm):

Proveo's agent reviews:
- ✅ Project structure follows conventions
- ⚠️ Missing .env.example
- ⚠️ No health check endpoint
- ✅ Docker setup correct

**Result:** REVIEW passes with minor findings.

## Step 5: Pipeline Triggers SECURITY

```
pipeline-engine.js advance 4006
  → Stage: REVIEW complete (pass)
  → Creating SECURITY task for Securion
```

**New MC task:**
```
#4007 [M] [open] [—] [BENTO-SECURITY] Security audit of project scaffold (parent: #4006)
```

Securion's agent checks:
- ✅ No hardcoded secrets
- ✅ CORS configured correctly
- ⚠️ CSP headers missing
- ⚠️ Rate limiting not implemented

**Result:** SECURITY passes with findings → creates follow-up BUILD task for fixes.

## Step 6: Parallel Processing

While the scaffold goes through the pipeline, the other tasks are also being processed:

```
[22:05] Task #4002 (DB schema)    → CodeCraft → Kimi K2.5
[22:08] Task #4003 (Landing page) → Vizu      → qwen2.5-coder:32b
[22:10] Task #4004 (Auth API)     → CodeCraft → Kimi K2.5
[22:13] Task #4005 (Meal UI)      → Vizu      → qwen2.5-coder:32b
```

**Note:** Vizu handles the frontend (landing page, meal UI), CodeCraft handles the backend (DB, API). Each gets their company-specific soul and blueprints.

## Step 7: OPS Stage (Deploy)

If a task is tagged for deployment:

```
pipeline-engine.js advance 4007
  → Stage: SECURITY complete
  → Task has deploy trigger
  → Creating OPS task for FlowForge
```

FlowForge creates:
- Docker build pipeline
- GitHub Actions CI/CD
- Staging environment config
- Health check monitoring

## Step 8: DOCS Stage

Finally, Lexicon creates documentation:
- Privacy Policy (GDPR-compliant for Nordic market)
- Terms of Service
- API documentation
- User guides