feat(agent): ingest live security findings via a platform-security-surveyor agent#2057
Conversation
…s ingestion into the run loop Delivers the remaining scope of #2051: a read-only, liveness-first live-security survey agent (kubectl --context admin@prod, three Kubescape surfaces, skeleton-LIST probe rule, broken-scanner detection), a cadence-gated Survey spawn + Operate-ladder security rung in portfolio-maintenance, and a Security & compliance posture definition-of-done section in product-engineering. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
📝 WalkthroughWalkthroughThis PR adds a new Possibly related issues
Caution Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional.
❌ Failed checks (1 error)
✅ Passed checks (4 passed)
Comment |
Why
The Kubescape stack rotted to invisible-broken without the daily engineer noticing, because its hourly survey is GitHub-only — live posture/CVE/runtime findings never reach the backlog unless a human files them. Merged #2052 added the standing objective and the fix-vs-except ladder; this delivers the remaining ingestion path.
What
Adds a read-only
platform-security-surveyoragent (liveness-first — a zero/empty reading is treated as a broken scanner, never as clean) and wires it in: a cadence-gated Survey spawn, a security rung in the Operate ladder, and a security definition-of-done in product-engineering. Instruction-only change; no new write capability, guardrails only tighten.Fixes #2051