Skip to content

feat(agent): ingest live security findings via a platform-security-surveyor agent#2057

Merged
devantler merged 1 commit into
mainfrom
claude/definition-security-surveyor
Jul 5, 2026
Merged

feat(agent): ingest live security findings via a platform-security-surveyor agent#2057
devantler merged 1 commit into
mainfrom
claude/definition-security-surveyor

Conversation

@devantler

Copy link
Copy Markdown
Contributor

🤖 Generated by the Daily AI Assistant

Why

The Kubescape stack rotted to invisible-broken without the daily engineer noticing, because its hourly survey is GitHub-only — live posture/CVE/runtime findings never reach the backlog unless a human files them. Merged #2052 added the standing objective and the fix-vs-except ladder; this delivers the remaining ingestion path.

What

Adds a read-only platform-security-surveyor agent (liveness-first — a zero/empty reading is treated as a broken scanner, never as clean) and wires it in: a cadence-gated Survey spawn, a security rung in the Operate ladder, and a security definition-of-done in product-engineering. Instruction-only change; no new write capability, guardrails only tighten.

Fixes #2051

…s ingestion into the run loop

Delivers the remaining scope of #2051: a read-only, liveness-first live-security
survey agent (kubectl --context admin@prod, three Kubescape surfaces, skeleton-LIST
probe rule, broken-scanner detection), a cadence-gated Survey spawn + Operate-ladder
security rung in portfolio-maintenance, and a Security & compliance posture
definition-of-done section in product-engineering.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a new .claude/agents/platform-security-surveyor.md subagent that runs a bounded, read-only Kubescape liveness pass across posture, CVE, and runtime surfaces, emitting a single "Security digest" message. Three skill files are updated: portfolio-maintenance/SKILL.md gains a cadence-gated Survey step spawning the surveyor and a new operate step ingesting its deltas into hotfix or security-epic issues (with subsequent step renumbering); product-engineering/SKILL.md adds a security & compliance posture section with a fix-vs-except ladder and PR definition-of-done; products/platform/SKILL.md delegates its Survey step to the new agent.

Possibly related issues


Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (1 error)

Check name Status Explanation Resolution
Linked Issues check ❌ Error The PR covers the surveyor, workflow wiring, and DoD, but the requested root contract update is not present in the changed files. Add the AGENTS.md security-posture update so the root contract reflects live findings ingestion and the standing security objective.
✅ Passed checks (4 passed)
Check name Status Explanation
Out of Scope Changes check ✅ Passed The edits stay focused on the requested security-ingestion workflow and related instruction files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check ✅ Passed The title clearly summarizes the main change: adding a platform-security-surveyor agent for live security findings.
Description check ✅ Passed The description directly matches the changeset, explaining the surveyor agent, wiring, and security workflow updates.

Comment @coderabbitai help to get the list of available commands.

@devantler devantler marked this pull request as ready for review July 5, 2026 12:58
@devantler devantler merged commit 9e53212 into main Jul 5, 2026
12 checks passed
@devantler devantler deleted the claude/definition-security-surveyor branch July 5, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat(agent): make the daily engineer continuously drive Kubescape security to 100% (survey + fix-vs-except ladder + standing objective)

1 participant