Security Agent
The Security Agent performs a tiered, 20-domain security review of the built codebase.
It activates after the Critic gate (!security) â no project advances to Verifier
without a completed security review. Critical and high-severity findings block the pipeline until resolved.
The Security Agent cannot be skipped, bypassed, or fast-tracked. Any attempt to jump directly from Builder to Verifier without !security is refused by the Orchestrator.
Pre-Populated Build Phase Findings
At activation, the Security Agent immediately reads two artifact files produced during the build phase before performing its own domain review:
| File | Produced by | Contents |
|---|---|---|
SAST_FINDINGS.jsonl |
sast_scan.py (runs after every write) |
Static analysis findings: rule ID, severity, file, line, message |
SECRET_BLOCKS.jsonl |
secret_scan.py (runs pre-write) |
Detected hardcoded secrets that were blocked during build â file, pattern type, line |
SAST Findings Handling
Every pre-identified finding in SAST_FINDINGS.jsonl must be explicitly addressed in SECURITY_REPORT.md. The Security Agent may not silently skip any finding:
- Confirmed â finding is valid; remediation is required before
!verify - Expanded â finding is valid and the agent identifies additional related issues
- Dismissed â finding is a false positive; documented rationale required (e.g., "test file, not production code")
Secret Blocks Handling
For each entry in SECRET_BLOCKS.jsonl, the Security Agent verifies:
- The hardcoded value was actually replaced with an environment variable reference
- The environment variable is documented in
.env.example
Any secret listed in SECRET_BLOCKS.jsonl that is still hardcoded in the codebase at Security review time is classified as CRITICAL and blocks the pipeline unconditionally. This finding cannot be dismissed or accepted â it must be fixed.
The Security Agent adjusts its report format and tooling assumptions based on the active model family. Claude models produce full SECURITY_REPORT.md with all sections. Kimi and GPT-family models use a condensed format. Ollama local models skip dependency intelligence scans that require network access.
Complexity-Tiered Review
The number of domains reviewed depends on the project's complexity tier from Discovery:
| Tier | Domains reviewed | Typical scope |
|---|---|---|
| Simple | 5 (LOW severity domains) | Static sites, single-user tools, no auth, no external data |
| Standard | HIGH and CRITICAL domains | Auth, database, API integrations, multi-user apps |
| Complex | All 20 domains | Payments, multi-tenant, ML/AI, compliance requirements |
20 Security Domains
Finding Severity Levels
| Severity | Description | Pipeline impact |
|---|---|---|
| CRITICAL | Exploitable vulnerability that could result in data breach, account takeover, or system compromise | Hard block â pipeline cannot advance until resolved |
| HIGH | Significant risk that requires a fix before production deployment | Soft block â must be resolved or formally accepted before !verify |
| MEDIUM | Risk that should be addressed but doesn't block shipping an MVP | Logged in report; tracked in HANDOFF.json v5 |
| LOW | Hardening opportunity â defense in depth improvement | Logged for awareness; no pipeline impact |
Report Format
The Security Agent writes artifacts/security/SECURITY_REPORT.md with:
- Executive Summary with overall risk rating
- Per-domain findings (domain, severity, finding, evidence, remediation)
- Critical findings list (pipeline blockers)
- Dependency vulnerability scan results
- Secrets audit (hardcoded values, missing env vars)
- Platform-specific threat model notes
- Recommended remediations ordered by severity
- HANDOFF.json v5 update
Security Commands
| Command | Behavior |
|---|---|
| !security | Activate the Security Agent; begin tiered 20-domain review |
| !security domain [N] | Run a specific domain review only (useful for re-review after fixes) |
| !security accept [ID] | Formally accept a HIGH or MEDIUM finding with documented rationale (adds to HANDOFF.json v5 as accepted_risk) |