pvr-triage: add bulk respond taskflow, 3-path fast-close, reputation integration

- Add pvr_respond_batch.yaml for bulk response actions
- pvr_triage.yaml: 3-path fast-close (high trust / skepticism / normal)
- pvr_triage_batch.yaml: created_at in scored entries, Age column + tie-break sort
- pvr_respond.yaml: call mark_response_sent on success
- pvr_ghsa.py: add list_pending_responses, mark_response_sent tools
- README.md: update for taskflow 4, batch/respond/output-file sections
- run_pvr_triage.sh: add respond_batch subcommand
- tests: expand to 32 passing tests covering new tools and taskflows

Author: anticomputer

scripts/run_pvr_triage.sh

@@ -5,10 +5,11 @@
 # Local test / demo script for the PVR triage taskflows.
 #
 # Usage:
-#   ./scripts/run_pvr_triage.sh batch   <owner/repo>
-#   ./scripts/run_pvr_triage.sh triage  <owner/repo> <GHSA-xxxx-xxxx-xxxx>
-#   ./scripts/run_pvr_triage.sh respond <owner/repo> <GHSA-xxxx-xxxx-xxxx> <comment|reject|withdraw>
-#   ./scripts/run_pvr_triage.sh demo    <owner/repo>
+#   ./scripts/run_pvr_triage.sh batch          <owner/repo>
+#   ./scripts/run_pvr_triage.sh triage         <owner/repo> <GHSA-xxxx-xxxx-xxxx>
+#   ./scripts/run_pvr_triage.sh respond        <owner/repo> <GHSA-xxxx-xxxx-xxxx> <comment|reject|withdraw>
+#   ./scripts/run_pvr_triage.sh respond_batch  <owner/repo> <comment|reject|withdraw>
+#   ./scripts/run_pvr_triage.sh demo           <owner/repo>
 #
 # Environment (any already-set values are respected):
 #   GH_TOKEN        — GitHub token; falls back to: gh auth token
@@ -31,18 +32,22 @@ usage() {
 Usage: $(basename "$0") <command> [args]
 
 Commands:
-  batch   <owner/repo>
+  batch          <owner/repo>
       Score unprocessed draft advisories and save a ranked queue table to REPORT_DIR.
       Advisories already present in REPORT_DIR are skipped.
 
-  triage  <owner/repo> <GHSA-xxxx-xxxx-xxxx>
+  triage         <owner/repo> <GHSA-xxxx-xxxx-xxxx>
       Run full triage on one advisory: verify code, generate report + response draft.
 
-  respond <owner/repo> <GHSA-xxxx-xxxx-xxxx> <action>
+  respond        <owner/repo> <GHSA-xxxx-xxxx-xxxx> <action>
       Post the response draft to GitHub. action = comment | reject | withdraw
       Requires pvr_triage to have been run first for the given GHSA.
 
-  demo    <owner/repo>
+  respond_batch  <owner/repo> <action>
+      Scan REPORT_DIR for all pending response drafts and post them in one session.
+      action = comment | reject | withdraw
+
+  demo           <owner/repo>
       Full pipeline on the given repo (batch → triage on first draft advisory → report preview).
       Does not post anything to GitHub.
 
@@ -140,6 +145,20 @@ cmd_respond() {
         -g "action=${action}"
 }
 
+cmd_respond_batch() {
+    local repo="${1:?Usage: $0 respond_batch <owner/repo> <action>}"
+    local action="${2:?Usage: $0 respond_batch <owner/repo> <action>}"
+    case "${action}" in
+        comment|reject|withdraw) ;;
+        *) echo "ERROR: action must be comment, reject, or withdraw" >&2; exit 1 ;;
+    esac
+    echo "==> Bulk respond for ${repo} (action=${action}) ..."
+    run_agent \
+        -t seclab_taskflows.taskflows.pvr_triage.pvr_respond_batch \
+        -g "repo=${repo}" \
+        -g "action=${action}"
+}
+
 cmd_demo() {
     local repo="${1:?Usage: $0 demo <owner/repo>}"
 
@@ -177,9 +196,10 @@ cmd_demo() {
 # ---------------------------------------------------------------------------
 
 case "${1:-}" in
-    batch)   shift; cmd_batch   "$@" ;;
-    triage)  shift; cmd_triage  "$@" ;;
-    respond) shift; cmd_respond "$@" ;;
-    demo)    shift; cmd_demo "$@" ;;
+    batch)          shift; cmd_batch          "$@" ;;
+    triage)         shift; cmd_triage         "$@" ;;
+    respond)        shift; cmd_respond        "$@" ;;
+    respond_batch)  shift; cmd_respond_batch  "$@" ;;
+    demo)           shift; cmd_demo           "$@" ;;
     *) echo "ERROR: unknown command '${1}'" >&2; usage; exit 1 ;;
 esac

src/seclab_taskflows/mcp_servers/pvr_ghsa.py

@@ -14,6 +14,7 @@
 import os
 import re
 import subprocess
+from datetime import datetime, timezone
 from pathlib import Path
 
 from fastmcp import FastMCP
@@ -523,5 +524,60 @@ def read_triage_report(
     return report_path.read_text(encoding="utf-8")
 
 
+@mcp.tool()
+def list_pending_responses() -> str:
+    """
+    List advisories that have a response draft but have not yet been sent.
+
+    Globs REPORT_DIR for *_response_triage.md files and skips any whose
+    corresponding *_response_sent.md marker exists.
+    Returns a JSON list of {ghsa_id, triage_report_exists} objects.
+    """
+    if not REPORT_DIR.exists():
+        return json.dumps([])
+
+    results = []
+    for draft_path in sorted(REPORT_DIR.glob("*_response_triage.md")):
+        # stem is e.g. "GHSA-xxxx-xxxx-xxxx_response_triage"
+        stem = draft_path.stem
+        # Extract ghsa_id: remove "_response_triage" suffix
+        ghsa_id = stem.replace("_response_triage", "")
+        safe_name = "".join(c for c in ghsa_id if c.isalnum() or c in "-_")
+
+        # Skip if sent marker exists
+        sent_marker = REPORT_DIR / f"{safe_name}_response_sent.md"
+        if sent_marker.exists():
+            continue
+
+        triage_report = REPORT_DIR / f"{safe_name}_triage.md"
+        results.append({
+            "ghsa_id": ghsa_id,
+            "triage_report_exists": triage_report.exists(),
+        })
+
+    return json.dumps(results, indent=2)
+
+
+@mcp.tool()
+def mark_response_sent(
+    ghsa_id: str = Field(description="GHSA ID of the advisory whose response was sent"),
+) -> str:
+    """
+    Create a marker file indicating that the response for this advisory has been sent.
+
+    Writes REPORT_DIR/{ghsa_id}_response_sent.md with an ISO timestamp.
+    Returns the path of the created marker, or an error string if ghsa_id is empty.
+    """
+    safe_name = "".join(c for c in ghsa_id if c.isalnum() or c in "-_")
+    if not safe_name:
+        return "Error: ghsa_id produced an empty filename after sanitization"
+    REPORT_DIR.mkdir(parents=True, exist_ok=True)
+    marker_path = REPORT_DIR / f"{safe_name}_response_sent.md"
+    timestamp = datetime.now(timezone.utc).isoformat()
+    marker_path.write_text(f"Response sent: {timestamp}\n", encoding="utf-8")
+    logging.info("Response sent marker written to %s", marker_path)
+    return str(marker_path.resolve())
+
+
 if __name__ == "__main__":
     mcp.run(show_banner=False)

src/seclab_taskflows/taskflows/pvr_triage/README.md

@@ -2,13 +2,14 @@
 
 Tools for triaging GitHub Security Advisories submitted via [Private Vulnerability Reporting (PVR)](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability). The taskflows fetch a draft advisory, verify the claimed vulnerability against actual source code, score report quality, and generate a structured analysis and a ready-to-send response draft.
 
-Three taskflows cover the full triage lifecycle:
+Four taskflows cover the full triage lifecycle:
 
 | Taskflow | Purpose |
 |---|---|
 | `pvr_triage` | Deep-analyse one advisory end-to-end |
 | `pvr_triage_batch` | Score an entire inbox and produce a ranked queue |
-| `pvr_respond` | Post or save the response once you've reviewed the analysis |
+| `pvr_respond` | Post the response for one advisory once you've reviewed the analysis |
+| `pvr_respond_batch` | Scan REPORT_DIR and post all pending response drafts in a single session |
 
 ---
 
@@ -62,7 +63,11 @@ python -m seclab_taskflow_agent \
 
 1. **Initialize** — clears the in-memory cache.
 2. **Fetch & parse** — fetches the advisory from the GitHub API and extracts structured metadata: vulnerability type, affected component, file references, PoC quality signals, reporter credits.
-3. **Quality gate** — calls `get_reporter_score` for the reporter's history and `find_similar_triage_reports` to detect duplicates. Computes a `fast_close` flag when the report has no file references, no PoC, no line numbers, *and* a similar report already exists. Fast-close skips deep code analysis.
+3. **Quality gate** — calls `get_reporter_score` for the reporter's history and `find_similar_triage_reports` to detect duplicates. Computes `fast_close` using a reputation-gated decision tree:
+   - **high-trust reporter** → always `fast_close = false` (full verification).
+   - **skepticism reporter** → `fast_close = true` when all three quality signals are absent (prior similar report not required).
+   - **normal / no history** → `fast_close = true` only when all three signals are absent *and* a prior similar report exists.
+   Fast-close skips deep code analysis.
 4. **Code verification** — resolves the claimed version to a git tag/SHA, fetches the relevant source files, and checks whether the vulnerability pattern is actually present. After verifying at the claimed version, also checks HEAD to determine patch status (`still_vulnerable` / `patched` / `could_not_determine`). Skipped automatically when `fast_close` is true.
 5. **Report generation** — writes a markdown report covering: Verdict, Code Verification, Severity Assessment, CVSS 3.1 assessment, Duplicate/Prior Reports, Patch Status, Report Quality, Reporter Reputation, and Recommendations.
 6. **Save report** — writes the report to `REPORT_DIR/<GHSA-ID>_triage.md` and prints the path.
@@ -110,12 +115,14 @@ Saved to `REPORT_DIR/batch_queue_<repo>_<date>.md`:
 ```markdown
 # PVR Batch Triage Queue: owner/repo
 
-| GHSA | Severity | Vuln Type | Quality Signals | Priority | Status | Suggested Action |
-|------|----------|-----------|-----------------|----------|--------|-----------------|
-| GHSA-... | high | SQL injection | PoC, Files | 6 | Not triaged | Triage Immediately |
-| GHSA-... | medium | XSS | None | 1 | Not triaged | Likely Low Quality — Fast Close |
+| GHSA | Age (days) | Severity | Vuln Type | Quality Signals | Priority | Status | Suggested Action |
+|------|------------|----------|-----------|-----------------|----------|--------|-----------------|
+| GHSA-... | 14 | high | SQL injection | PoC, Files | 6 | Not triaged | Triage Immediately |
+| GHSA-... | 3 | medium | XSS | None | 1 | Not triaged | Likely Low Quality — Fast Close |
 ```
 
+Rows are sorted by priority score descending; ties are broken by `created_at` ascending (oldest advisory first).
+
 ### Priority scoring
 
 Advisories with an existing report in `REPORT_DIR` are skipped entirely. Only unprocessed advisories are scored:
@@ -164,6 +171,40 @@ python -m seclab_taskflow_agent \
 
 The toolbox marks `reject_pvr_advisory`, `withdraw_pvr_advisory`, and `add_pvr_advisory_comment` as `confirm`-gated. The agent will print the verdict, quality rating, and full response draft, then ask for explicit confirmation before making any change to GitHub.
 
+After a successful write-back, `pvr_respond` calls `mark_response_sent` to create a `<GHSA-ID>_response_sent.md` marker so `pvr_respond_batch` will skip this advisory in future runs.
+
+---
+
+## Taskflow 4 — Bulk respond (`pvr_respond_batch`)
+
+Scans `REPORT_DIR` for advisories that have a response draft (`*_response_triage.md`) but no sent marker (`*_response_sent.md`), then posts each response to GitHub in a single session.
+
+```bash
+python -m seclab_taskflow_agent \
+  -t seclab_taskflows.taskflows.pvr_triage.pvr_respond_batch \
+  -g repo=owner/repo \
+  -g action=comment
+
+# or via the helper script:
+./scripts/run_pvr_triage.sh respond_batch owner/repo comment
+```
+
+### How it works
+
+**Task 1** calls `list_pending_responses` (local read-only, no confirm gate) to find all unsent drafts and prints a summary table. If there are no pending drafts it stops immediately.
+
+**Task 2** iterates over every pending entry:
+1. Reads the triage report and response draft from disk.
+2. Prints a per-item preview (GHSA, verdict, first 200 chars of response).
+3. Executes the chosen action (`comment` / `reject` / `withdraw`) via the confirm-gated write-back tool.
+4. On success, calls `mark_response_sent` to create a `*_response_sent.md` marker so the advisory is skipped in future runs.
+
+Prints a final count: `"Sent N / M responses."`
+
+### Sent markers
+
+`pvr_respond` also calls `mark_response_sent` after a successful write-back, keeping single-advisory and bulk responds in sync. Once a marker exists, neither `pvr_respond` nor `pvr_respond_batch` will attempt to re-send.
+
 ---
 
 ## Typical workflow
@@ -178,10 +219,15 @@ The toolbox marks `reject_pvr_advisory`, `withdraw_pvr_advisory`, and `add_pvr_a
    - Check the Verdict and Code Verification sections.
    - Edit the response draft (_response_triage.md) if needed.
 
-4. Run pvr_respond to send the response:
-   - action=comment   → post reply only (advisory stays draft)
-   - action=reject    → reject + post reply
-   - action=withdraw  → withdraw + post reply
+4a. Send responses one at a time with pvr_respond:
+    - action=comment   → post reply only (advisory stays draft)
+    - action=reject    → reject + post reply
+    - action=withdraw  → withdraw + post reply
+
+4b. Or send all pending drafts at once with pvr_respond_batch:
+    Scans REPORT_DIR for unsent drafts (no _response_sent.md marker)
+    and posts them all in one session.
+    Useful after triaging a batch in step 2.
 ```
 
 ### Example session
@@ -202,7 +248,7 @@ python -m seclab_taskflow_agent \
 cat reports/GHSA-1234-5678-abcd_triage.md
 cat reports/GHSA-1234-5678-abcd_response_triage.md
 
-# Step 4a: send a comment (most common — doesn't change advisory state)
+# Step 4a: send a comment for one advisory (doesn't change advisory state)
 python -m seclab_taskflow_agent \
   -t seclab_taskflows.taskflows.pvr_triage.pvr_respond \
   -g repo=acme/widget \
@@ -215,6 +261,12 @@ python -m seclab_taskflow_agent \
   -g repo=acme/widget \
   -g ghsa=GHSA-1234-5678-abcd \
   -g action=reject
+
+# Step 4c: or post all pending drafts at once (after triaging several advisories)
+python -m seclab_taskflow_agent \
+  -t seclab_taskflows.taskflows.pvr_triage.pvr_respond_batch \
+  -g repo=acme/widget \
+  -g action=comment
 ```
 
 ---
@@ -233,7 +285,7 @@ The quality gate in Task 3 of `pvr_triage` calls `get_reporter_score` automatica
 | confirmed_pct ≤ 20% or Low-quality share ≥ 50% | treat with skepticism |
 | Otherwise | normal |
 
-A "treat with skepticism" score alone does not trigger fast-close — it is informational. Fast-close is triggered only by the combination of missing quality signals *and* an existing duplicate report.
+Reputation directly gates the fast-close decision. See [SCORING.md](SCORING.md) Section 3 for the full three-path decision table and reputation × fast-close matrix.
 
 ---
 
@@ -258,4 +310,5 @@ All files are written to `REPORT_DIR` (default: `./reports`).
 |---|---|---|
 | `<GHSA-ID>_triage.md` | `pvr_triage` task 6 | Full triage analysis report |
 | `<GHSA-ID>_response_triage.md` | `pvr_triage` task 8 | Plain-text response draft for the reporter |
-| `batch_queue_<repo>_<date>.md` | `pvr_triage_batch` task 3 | Ranked inbox table |
+| `<GHSA-ID>_response_sent.md` | `pvr_respond` / `pvr_respond_batch` | Marker: response has been sent (contains ISO timestamp) |
+| `batch_queue_<repo>_<date>.md` | `pvr_triage_batch` task 3 | Ranked inbox table with Age column |

src/seclab_taskflows/taskflows/pvr_triage/pvr_respond.yaml

@@ -113,3 +113,6 @@ taskflow:
             and stop.
 
         Print the result returned by the API call.
+
+        On success (action was not "anything else"), call mark_response_sent with
+        ghsa_id="{{ globals.ghsa }}" to record that this response has been sent.