# Implementation Plan: Policy Enforcement

## Objective
Implement the final task that parses the aggregated results and decides whether to Pass or Fail the Argo Workflow based on the `fail-on-cvss` input threshold.

## Requirements
- Define a task template named `enforce-policy`.
- Depend on the completion of the upload tasks (Phase 3 Steps 1 & 2).
- Mount the shared PVC at `/workspace`.
- Read the input parameter `fail-on-cvss` (e.g., `7.0`).
- Run a script (Python, jq, etc.) to parse all the reports in `/workspace/reports/`.
- If any vulnerability is found with a CVSS score >= the threshold, print an error summary and exit with a non-zero code (causing the Argo Workflow to fail).
- If no vulnerabilities exceed the threshold, print a success summary and exit with 0.

## Agent Instructions
1. Add the `enforce-policy` template to the `ClusterWorkflowTemplate`.
2. Write the parsing logic inside the task (e.g., extracting CVSS scores from SARIF and JSON formats).
3. Ensure this step acts as the final gatekeeper for the pipeline.