# Implementation Plan: Base ClusterWorkflowTemplate

## Objective
Create the foundational Argo `ClusterWorkflowTemplate` for the security pipeline. It must use semantic versioning (e.g., `amp-security-pipeline-v1.0.0`) so projects can pin to a stable version.

## Requirements
- Define a `ClusterWorkflowTemplate` resource.
- Name the template with a semver tag (e.g., `name: amp-security-pipeline-v1.0.0`).
- Define inputs/parameters:
  - `working-dir` (default: `.`)
  - `fail-on-cvss` (default: `7.0`)
  - `repo-url` (required)
  - `git-revision` (default: `main`)
- Define the DAG (Directed Acyclic Graph) structure that will orchestrate the phases (Clone -> Parallel Scanners -> Sinks/Enforcement).

## Agent Instructions
1. Create `helm/templates/clusterworkflowtemplate.yaml`.
2. Ensure the template is structured to accept the parameters and orchestrate downstream DAG tasks.
3. Keep the actual task implementations (like git clone or scanners) as empty stubs for now; they will be filled by subsequent steps.