Skip to content

security-agent-ui-runs

Operate the Security Agent local FastAPI/UI workflow from a pip-installed setup. Use when Codex needs to start or inspect edi-security-agent-ui, refresh vulnerability data in the local SQLite cache, use the natural-language chat workflow, create/monitor/cancel UI runs, or explain local dashboard run behavior without cloning the controller repo.

active
IDE:
codex
Version:
1.0.0
Owner:edi-security-agent
security
ui
fastapi
dashboard
vulnerability
optum
edi

Security Agent UI Runs

Use this skill for local UI, API, chat, and run lifecycle workflows from ~/security-agent. The UI is a local operator console over the same remediation engine used by the CLI.

Preflight

Run from the central workspace. If any command fails, use $security-agent-setup.

cd ~/security-agent
test -f .env
.venv/bin/edi-security-agent --version

Use only the pip-installed CLI/UI from ~/security-agent. Do not call repo-local Python modules, Azure fetcher scripts, or files from edi-security-agent-controller. If setup needs Artifactory credentials, route to $security-agent-setup for the opt-in chat credential forwarding flow or own-Terminal fallback. If plain pip3 or a global edi-security-agent works but .venv/bin/edi-security-agent is missing, do not use the global install. Explain the pip-scope mismatch and route to $security-agent-setup so the package is installed into ~/security-agent/.venv.

Startup

Start the packaged UI from the directory containing .env:

cd ~/security-agent
.venv/bin/edi-security-agent-ui

If you need a fixed host/port for local testing:

cd ~/security-agent
.venv/bin/edi-security-agent-ui --host 127.0.0.1 --port 8127 --no-open-browser

Check health with:

curl -sSf http://127.0.0.1:8127/api/health

UI Data Model

  • Vulnerabilities and UI-created runs are stored in local SQLite under data/agent.db by default.
  • CLI runs are terminal-first and are not backfilled into the UI database.
  • VULN_SOURCE=azure preloads Defender findings on startup; VULN_SOURCE=none starts empty until refresh/import.

Common Operations

  • Refresh Defender findings: POST /api/vulns/refresh?source=azure-defender
  • List/filter vulnerabilities: GET /api/vulns/
  • Import Security Platform findings: POST /api/vulns/refresh/security-platform
  • Create a run: POST /api/runs/
  • List active runs: GET /api/runs/active
  • Inspect run detail/logs: GET /api/runs/{run_id} and GET /api/runs/{run_id}/logs
  • Cancel a run: POST /api/runs/{run_id}/cancel

Natural-Language Chat

Chat uses UAIS/OpenAI only for structured intent planning. It can list issues, show details, preview fixes, confirm/cancel pending actions, or check run status. Fix requests must show a preview and require explicit confirmation before execution starts.

Safety

  • Do not assume the UI is a central service; it runs locally with the user's credentials and filesystem.
  • Do not store Security Platform cookies or DPoP values.
  • Do not bypass the installed CLI/UI by running repo-local scripts or Python modules.
  • Check active repo conflicts before starting overlapping runs.
  • Use the in-app browser only when the user asks to inspect or test the local UI.

Related Assets

security-agent-discovery

active

Discover, inspect, import, refresh, and export Security Agent vulnerability data from a pip-installed setup. Use when Codex needs to list Azure Defender findings, filter by repo/severity/CVE/fixable state, refresh the local UI vulnerability cache, import Security Platform findings through explicit cookie and DPoP values, or explain discovery-only workflows without cloning the controller repo.

codex
security
azure-defender
vulnerability
discovery
cve
+2

Owner: edi-security-agent

security-agent-cca-fix

active

Run or explain Security Agent remediation through GitHub Copilot Cloud Agent from a pip-installed setup. Use when Codex needs to use --executor cca or --executor auto, create remote Copilot/CCA remediation tasks, reason about CCA budget/status, or compare local Codex execution with remote GitHub Cloud Agent execution without cloning the controller repo.

codex
security
cca
github
copilot
remediation
+3

Owner: edi-security-agent

security-agent-local-fix

active

Run local Security Agent remediation from a pip-installed setup with the Codex executor. Use when Codex needs to plan or execute edi-security-agent defender fix with --executor codex or --executor local, dry-run Maven CVE remediation, apply local fixes, create Git branches/PRs, or explain the local autonomous Codex remediation path without cloning the controller repo.

codex
security
maven
cve
remediation
codex
+3

Owner: edi-security-agent

security-agent-setup

active

Set up Security Agent for users who have not cloned the controller repo. Use when Codex needs to create ~/security-agent, create a Python virtual environment, install the pip3 package edi-security-agent, explain private Artifactory package index setup when package install fails, verify edi-security-agent --version, guide local .env creation for Azure Defender and optional GitHub/OpenAI values, verify az login, or troubleshoot private package index configuration.

codex
security
setup
pip
azure-defender
optum
+3

Owner: edi-security-agent

MCP Server Development Standards (Optum)

experimental

Standards, patterns, and guardrails for building Model Context Protocol (MCP) servers compatible with Wall-E, VS Code Copilot, and enterprise systems.

claude
codex
vscode
mcp
sdk
wall-e
security
optum

Owner: epic-platform-sre

Harmony Components

active

Reference for Harmony Design System React components including buttons, modals, panels, form controls, navigation, and data display elements.

claude
codex
vscode
harmony
components
react
ui
accessibility
+1

Owner: pcorazao