nyxCorenyxCore

Your First Workflow

User4 min read

Your First Workflow

This guide walks through building a real multi-step workflow using the SecureBot security analysis scenario. You'll see how personas, memory injection, and digest compression work together.

The Scenario

You want to run a recurring security review of a codebase. SecureBot is a persona you've configured as a security expert. Over time, SecureBot accumulates experience points and you can track which configurations produce the best findings.

Step 1: Create a Persona

Go to Admin > Personas > New Persona.

Configure it:

  • Name: SecureBot
  • System Prompt: You are a security expert specializing in OWASP Top 10 vulnerabilities, authentication flaws, and secure coding practices. Be specific, cite vulnerability classes, and always include remediation suggestions.
  • Traits: thorough, cautious, detail-oriented
  • Specializations: OWASP Top 10, authentication, input validation

Save it. SecureBot starts at Level 1 with 0 XP.

Step 2: Create a Multi-Step Workflow

Go to Workflows > New Workflow. Add three steps:

Step 1 — Scan (LLM step, persona: SecureBot)

Perform a security scan of the following code. Identify:
1. Authentication and authorization issues
2. Input validation gaps
3. Data exposure risks
4. Hardcoded secrets or credentials

Code to review:
{{input}}

Step 2 — Prioritize (LLM step, no persona override)

Based on the security scan:
{{steps.Scan.content}}

Prioritize the findings by severity (CRITICAL, HIGH, MEDIUM, LOW).
For each finding above MEDIUM severity, provide a concrete remediation step.

Step 3 — Summary (Review step)

Create an executive summary of the security review:

Findings: {{steps.Prioritize.content}}
Known patterns from past reviews: {{memory}}

Include: total issue count by severity, top 3 action items, and any patterns
that match previously seen issues.

The {{steps.Scan.content}} variable automatically uses the digest of Step 1's output if it exceeds 2000 characters — keeping the total context within budget. {{memory}} injects any workflow insights you've linked from past reviews.

Step 3: Run It

Set the input to a code snippet you want to review. Click Run.

Watch the steps execute in real time via the SSE stream. Each step's output appears as it's generated.

When the workflow finishes:

  • SecureBot gains 10 XP (one usage event per workflow)
  • If Step 1 output exceeded 2000 chars, a digest was automatically generated via Claude Haiku
  • The review step pauses for your approval before marking complete

Step 4: Save Insights

After the review step completes, you'll see a list of extracted key points with severity ratings. Select the ones worth keeping and click Save Insights.

Saved insights are:

  • Stored as vector-embedded records in the database
  • Searchable via hybrid semantic + full-text search
  • Available for injection into future workflows via the MemoryPicker

Step 5: Watch SecureBot Grow

After 10 uses, SecureBot reaches Level 2. After 25 uses, Level 3. The level and XP are tracked automatically.

You can also check the success rate — the ratio of completed steps to total steps across all workflows where SecureBot participated.

Level 2: 100 XP (10 usages)
Level 3: 250 XP (25 usages)
Success rate: completed_steps / total_steps

Step 6: Link a Project for Deeper Context

Link a GitHub repository to a project and connect the workflow to that project. Now you can use:

  • {{project.wisdom}} — auto-injects consolidation patterns and code analysis findings from the project
  • {{claudemd}} — injects the repo's CLAUDE.md or README.md
  • {{fileTree}} — injects the directory listing (capped at 500 entries)

A sync loads all of this automatically. Your next workflow run has full context about the codebase without you having to copy-paste anything.

What You've Built

A workflow that:

  • Uses a specialized security expert persona that gains experience over time
  • Chains steps with automatic digest compression to stay within token budgets
  • Injects accumulated memory from past reviews
  • Extracts and persists structured findings for future reuse
  • Tracks cost, energy, and time-saved metrics for every run

This is the nyxCore pattern: each run learns, each insight compounds.

Previous
Quick Start
Next
Key Concepts