feat(security-agent): move manual workflows into workers

[jeanduplessis]

Summary

Security Agent manual sync, dismissal, and analysis work now enter durable Worker-backed command paths, while callback delivery stays generic in Cloud Agent Next and finalization remains owned by Security Auto Analysis.

Why this change is needed

Manual Security Agent actions can trigger multi-step GitHub, queue, Cloud Agent, and callback work. Keeping that orchestration on synchronous web paths makes request latency, retries, ownership checks, and terminal state recovery harder to control. The security callback fast path also made cloud-agent-next aware of one product-specific downstream consumer, which blurred service boundaries.

How this is addressed

• Route manual sync, dismissal, and analysis requests through internal Worker clients that return durable queue-admission state instead of implying inline completion.
• Add Security Sync Worker support for manual sync and dismissal queue messages, including ownership enforcement and downstream Dependabot writeback.
• Add Security Auto Analysis Worker support for manual analysis admission, scheduled owner dispatch, callback finalization, sandbox extraction, triage-only completion, auto-dismiss handling, and queue-state transitions.
• Keep cloud-agent-next callback delivery generic: callers provide ordinary HTTP callback targets, and Security Auto Analysis now configures Worker callback ingress while retaining the web route as rollback-compatible ingress.
• Centralize callback lifecycle settlement and stale queue reconciliation so duplicate deliveries, already-terminal findings, and recovered queue rows converge without downgrading durable finding state.
• Share automatic-analysis eligibility and Dependabot dismissal target parsing across Worker/web paths so unknown severity and malformed upstream metadata behave consistently.
• Refresh Security Agent UI state after queued async work so findings, counts, and sync state converge after Worker consumers apply updates.
• Add unit and integration coverage across web handlers, Worker queue consumers, callback recovery, dismissal, launch, policy helpers, and query transitions.

Architecture

flowchart LR
  UI[Security Agent UI] --> WEB[tRPC handlers]
  WEB --> MSC[Manual sync client]
  WEB --> MDC[Manual dismiss client]
  WEB --> MAC[Manual analysis client]

  MSC --> SSIN[Security Sync Worker ingress]
  MDC --> SSIN
  SSIN --> SSQ[security-sync-jobs queue]
  SSCRON[Scheduled sync cron] --> SSQ
  SSQ --> SSC[Security Sync Worker consumer]
  SSC --> GH[GitHub Dependabot API]
  SSC --> DB[(Postgres security state)]

  MAC --> AAIN[Security Auto Analysis Worker ingress]
  AAIN --> MAQ[manual analysis command queue]
  AACRON[Auto-analysis owner dispatcher] --> AOQ[owner analysis queue]
  MAQ --> AAC[Auto Analysis Worker consumers]
  AOQ --> AAC
  AAC -->|triage-only| DB
  AAC -->|sandbox needed| CAN[Cloud Agent Next]

  CAN --> CAQ[Cloud Agent callback delivery queue]
  CAQ --> CBT[HTTP callback target]
  CBT --> AAWEB[Worker callback ingress]
  CBT -. rollback route .-> WEBHOOK[Legacy web callback route]
  AAWEB --> CBQ[auto-analysis callback queue]
  WEBHOOK --> CBQ
  CBQ --> CBF[Auto Analysis callback finalizer]
  CBF --> DB
  CBF --> GH

  DB --> UI

Loading

Human Verification

• Local review pass completed across security, logic, types, data, resources, style, and React focus areas; no actionable critical or warning findings remained after re-check.
• Security Sync Worker coverage remains represented in the branch for dismissal, dispatch, and unknown-severity eligibility behavior.
• Security Auto Analysis Worker tests validated manual starts, callbacks, launch flow, and queue/database reconciliation behavior.
• React Doctor diff scan completed with PASS analyzer status after the latest Security Agent UI changes.

Reviewer Notes

Human Reviewer Flags

• Architectural change: manual web actions now return durable queue admission instead of synchronous terminal results.
• Architectural boundary change: cloud-agent-next no longer knows about Security Auto Analysis delivery mode or service binding; callback destination ownership moves back to the caller.
• Callback routing now targets Security Auto Analysis Worker ingress in configured deployments; the web callback route stays compatibility-only for rollback routing.
• Queue consumers re-check finding ownership before cross-tenant-sensitive mutation paths.
• Callback finalization owns delayed-result recovery, terminal queue transitions, stale-row healing, and optional auto-dismiss writeback.

Code Reviewer Agent

Code Reviewer Notes

• Review worker trust boundaries around services/security-sync/src/dismiss.ts and services/security-auto-analysis/src/manual-analysis.ts.
• Review callback/result recovery path across Cloud Agent Next and Security Auto Analysis Worker for ID contract alignment.
• Review generic callback delivery in services/cloud-agent-next/src/callbacks/delivery.ts plus Security Auto Analysis target construction in services/security-auto-analysis/src/launch.ts.
• Review shared policy/parser boundaries in packages/worker-utils/src/security-auto-analysis-policy.ts and packages/worker-utils/src/dependabot-dismissal-target.ts.
• Review UI queued-admission refresh behavior in Security Agent React state containers.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

All commits reviewed — no new changes since the last review cycle. The PR is clean across 104 files covering the security-agent worker migration, auto-analysis orchestration, dismissal hardening, and the final nullable Dependabot schema fix.

Files Reviewed (104 files — all clean)

Latest commit (fix(security-sync): accept nullable dependabot fields)

• services/security-sync/src/sync.ts — cvss.vector_string and first_patched_version updated to .nullable().optional(); downstream usage already handles null defensively
• services/security-sync/src/sync.test.ts — regression test for nullable vector_string and first_patched_version fields
• .gitignore — adds .env* pattern; tracked files unaffected

Previously reviewed commits (101 files — all clean, carried forward)

• apps/web/src/components/security-agent/SecurityAgentContext.tsx
• apps/web/src/components/security-agent/SecurityAgentPageClient.tsx
• services/security-auto-analysis/src/analysis-start-lifecycle.ts
• services/security-auto-analysis/src/analysis-start-lifecycle.integration.test.ts
• services/security-auto-analysis/src/callbacks.ts
• services/security-auto-analysis/src/callbacks.test.ts
• services/security-auto-analysis/src/db/queries.ts
• services/security-auto-analysis/src/index.ts
• services/security-auto-analysis/src/index.test.ts
• services/security-auto-analysis/src/launch.ts
• services/security-auto-analysis/src/launch.test.ts
• apps/web/src/app/api/internal/security-analysis-callback/[findingId]/route.ts
• apps/web/src/app/api/internal/security-analysis-callback/[findingId]/route.test.ts
• apps/web/src/lib/security-agent/db/security-analysis.ts
• apps/web/src/lib/security-agent/router/shared-handlers.ts
• apps/web/src/lib/security-agent/router/shared-handlers.test.ts
• apps/web/src/routers/organizations/organization-security-agent-router.ts
• apps/web/src/routers/security-agent-router.ts
• apps/web/src/components/security-agent/FindingDetailDialog.tsx
• apps/web/src/components/security-agent/SecurityFindingRow.tsx
• apps/web/src/components/security-agent/index.ts
• apps/web/src/components/security-agent/manual-analysis-admission-copy.test.ts
• apps/web/src/components/security-agent/manual-analysis-admission-copy.ts
• packages/worker-utils/src/security-auto-analysis-policy.ts
• packages/worker-utils/src/security-auto-analysis-policy.test.ts
• packages/worker-utils/src/dependabot-dismissal-target.ts
• packages/worker-utils/package.json
• services/security-sync/src/dismiss.test.ts
• services/security-sync/src/dismiss.ts
• services/security-sync/src/index.ts
• services/security-sync/src/index.test.ts
• services/security-sync/package.json
• services/security-sync/wrangler.jsonc
• services/security-auto-analysis/src/extraction.ts
• services/security-auto-analysis/src/posthog.ts
• services/security-auto-analysis/src/posthog.test.ts
• services/security-auto-analysis/src/session-result.ts
• services/security-auto-analysis/src/token.ts
• services/security-auto-analysis/src/types.ts
• services/security-auto-analysis/src/types.test.ts
• services/security-auto-analysis/src/manual-analysis.ts
• services/security-auto-analysis/src/manual-analysis.test.ts
• services/security-auto-analysis/src/dispatcher.ts
• services/security-auto-analysis/src/auto-dismiss.ts
• services/security-auto-analysis/src/auto-dismiss.test.ts
• services/security-auto-analysis/src/consumer.ts
• services/security-auto-analysis/src/consumer.test.ts
• services/security-auto-analysis/src/db/queries.test.ts
• services/security-auto-analysis/src/db/queries.integration.test.ts
• services/security-auto-analysis/wrangler.jsonc
• services/security-auto-analysis/README.md
• services/security-auto-analysis/package.json
• services/security-auto-analysis/vitest.config.ts
• services/security-auto-analysis/vitest.integration.config.ts
• services/security-auto-analysis/worker-configuration.d.ts
• services/security-sync/README.md
• services/security-sync/vitest.config.ts
• services/security-sync/worker-configuration.d.ts
• services/cloud-agent-next/src/persistence/CloudAgentSession.ts
• services/cloud-agent-next/src/callbacks/delivery.ts
• services/cloud-agent-next/src/callbacks/delivery.test.ts
• services/cloud-agent-next/src/callbacks/queue-consumer.ts
• services/cloud-agent-next/src/callbacks/types.ts
• services/cloud-agent-next/src/server.ts
• services/cloud-agent-next/test/integration/session/callback-notification.test.ts
• services/cloud-agent-next/test/integration/session/legacy-callback-enqueue.test.ts
• apps/web/src/lib/config.server.ts
• apps/web/src/lib/security-agent/services/analysis-service.ts
• apps/web/src/lib/security-agent/services/analysis-service.test.ts
• apps/web/src/lib/security-agent/services/auto-dismiss-service.ts
• apps/web/src/lib/security-agent/services/auto-dismiss-service.test.ts
• apps/web/src/lib/security-agent/services/manual-analysis-client.ts
• apps/web/src/lib/security-agent/services/manual-analysis-client.test.ts
• apps/web/src/lib/security-agent/services/manual-dismiss-client.ts
• apps/web/src/lib/security-agent/services/manual-dismiss-client.test.ts
• apps/web/src/lib/security-agent/services/manual-sync-client.ts
• apps/web/src/lib/security-agent/services/manual-sync-client.test.ts
• apps/web/src/lib/security-agent/services/sync-service.ts
• apps/web/src/lib/security-agent/services/sync-service.test.ts
• apps/web/src/lib/security-agent/db/security-analysis.test.ts
• apps/web/.env.development.local.example
• dev/local/cli.ts
• dev/local/services.ts
• pnpm-workspace.yaml

---

_{Reviewed by claude-sonnet-4.6 · incremental review
Review guidance: REVIEW.md from base branch main}

---

_{Reviewed by claude-4.6-sonnet-20260217 · 307,101 tokens}

_{Review guidance: REVIEW.md from base branch main}

[jrf0110]

I'm noticing a growing number of services that use the INTERNAL_API_SECRET as a shared secret for cloud-to-service communication. While that does make secret rotation a little easier, it also increases the surface area of damage if this secret is compromised.

I'd recommend doing what we do for the abuse service, which is to protect your worker with Cloudflare Access, create a Cloudflare Access Service Token for authenticating with that application, and share that specific token with the cloud service to authenticate with your worker.

[RSO]

Still working on the review, but I'm pretty sure that this PR would leak the INTERNAL_API_TOKEN so I'm requesting changes already.

[RSO]

Approving, but with a PR of this size, I think it's fair to assume that something will break, so let's apply some caution when we merge it.