feat(security-agent): add auto remediation

[jeanduplessis]

Summary

Adds Security Agent Auto Remediation, including product spec, user controls, remediation attempt tracking, Cloud Agent orchestration, and PR-facing UI.

Why this change is needed

Security Agent could triage and analyze vulnerable dependencies, but users had no durable way to turn eligible findings into remediation PRs, track attempts, prevent duplicate work, or understand why fix actions were unavailable.

Incoming Security Agent UI changes also refactored finding rows, dialogs, and settings sections, so remediation controls need to match current Kilo design-system structure.

How this is addressed

• Defines Auto Remediation rules in .specs/security-agent.md, ADR/context docs, and planning docs.
• Adds database schema, generated migration, repositories, and lifecycle state for remediation attempts.
• Adds manual and automatic remediation admission, duplicate suppression, cancellation, retry, and Worker processing.
• Connects Cloud Agent remediation execution to Security Agent callbacks and PR-opened/no-changes/failure outcomes.
• Adds manual remediation controls, live polling, PR links, unavailable-state copy, and attempt history in Security Agent findings UI.
• Adds Auto Remediation settings in refactored settings layout.

Human Verification

• Extensive end-to-end local testing of manual and automatic remediation flows.
• Example of Pr opened: fix: upgrade handlebars to 4.7.7 (CVE-2021-23383 / GHSA-765h-qjxv-5f44) security-agent-testbed#2

Browser smoke

Opened http://localhost:3000/security-agent/findings with agent-browser; route loaded and displayed the GitHub installation gate for the current local account.

Reviewer Notes

Human Reviewer Flags

• Manual remediation is allowed after human review for manual-review or unknown-exploitability findings when concrete fix path exists; automatic remediation still requires stricter eligibility.
• Persistent remediation-attempt tables and generated migration need schema, retention, ownership, and GDPR soft-delete review.
• Remediation UI follows incoming Kilo design-system refactor: row actions outside detail button, extracted modal panels, shared settings sections.
• Existing PR remains draft; title remains unchanged by workflow even though scope now exceeds docs.

Code Reviewer Agent

Code Reviewer Notes

• Remediation admission policy lives in @kilocode/worker-utils/security-remediation-policy.
• Manual remediation commands flow through Security Agent routers into security-auto-analysis.
• Callback handling updates remediation attempts separately from analysis lifecycle.
• Finding detail polling includes active remediation attempts so open modal updates after PR creation.
• Row-level View PR stops row propagation and uses incoming row action slot.
• Rebase regenerated branch migration as 0162_sloppy_luke_cage.sql after latest origin/main added 0161_smiling_wallop.sql.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

All previously flagged issues have been resolved in commits 4adf8949c and 657aacedf. The incremental diff introduces clean fixes with no new issues.

Resolved Issues (all 5 flagged items addressed)

File	Issue	Status
packages/db/src/schema.ts:5144	Partial unique index incorrectly covered blocked/no_changes_needed terminal statuses	✅ Fixed — index now covers queued, launching, running, pr_opened only
apps/web/src/routers/organizations/organization-security-agent-router.ts	startRemediation, retryRemediation, cancelRemediation used organizationBillingMutationProcedure	✅ Fixed — downgraded to organizationMemberMutationProcedure
services/security-auto-analysis/src/remediation.ts	Include-existing scan called getRuntimeConfig N times per command	✅ Fixed — runtimeConfig fetched once and passed via new runtimeConfig param
services/security-auto-analysis/src/remediation.ts:1667	Cancellation only sent interruptSession when cloud_agent_session_id was set	✅ Fixed — two early-exit cancellation checks added in launchAttempt before and after the DB transaction
services/security-auto-analysis/src/dispatcher.ts:64	Reconciler dispatching attempts already in queued state	✅ Addressed — reconciler deferred from v1, documented in plan

Other Observations (not in diff, carried forward)

cancelRemediation fire-and-forget improvement (services/security-auto-analysis/src/remediation.ts): interruptCloudAgentSession now wraps the CLOUD_AGENT_NEXT fetch in try/catch and logs non-OK responses. This resolves the previously noted silent swallowing. The response body is still not consumed, but non-OK status is now logged as a warning.

applyAutoRemediationCommand 200-finding limit (services/security-auto-analysis/src/remediation.ts): The scan limit is now extracted as APPLY_AUTO_REMEDIATION_SCAN_LIMIT = 200 constant, truncated flag is computed and logged as a warning when hit, and the result type now includes candidateCount, scanLimit, and truncated fields. Observability gap addressed.

shortDeterministicHash 32-bit FNV-1a (packages/worker-utils/src/security-remediation-policy.ts): Hash remains 32-bit. Low practical risk as noted previously.

Files Reviewed (incremental diff — 7 files)

• .plans/security-agent-auto-remediation.md — doc update only
• apps/web/src/routers/organizations/organization-security-agent-router.ts — 0 issues (WARNING resolved)
• packages/db/src/migrations/0162_long_marvel_apes.sql — generated, 0 issues (WARNING resolved)
• packages/db/src/migrations/meta/0162_snapshot.json — generated, skipped
• packages/db/src/migrations/meta/_journal.json — generated, skipped
• packages/db/src/schema.ts — 0 issues (WARNING resolved)
• packages/worker-utils/src/security-remediation-policy.test.ts — 0 issues (new test correct)
• services/security-auto-analysis/src/remediation.ts — 0 issues (all WARNINGs resolved)

---

_{Reviewed by claude-4.6-sonnet-20260217 · 1,442,221 tokens}

_{Review guidance: REVIEW.md from base branch main}