security-agent-ui-runs
Operate the Security Agent local FastAPI/UI workflow from a pip-installed setup. Use when Codex needs to start or inspect edi-security-agent-ui, refresh vulnerability data in the local SQLite cache, use the natural-language chat workflow, create/monitor/cancel UI runs, or explain local dashboard run behavior without cloning the controller repo.
Security Agent UI Runs
Use this skill for local UI, API, chat, and run lifecycle workflows from ~/security-agent. The UI is a local operator console over the same remediation engine used by the CLI.
Preflight
Run from the central workspace. If any command fails, use $security-agent-setup.
cd ~/security-agent
test -f .env
.venv/bin/edi-security-agent --version
Use only the pip-installed CLI/UI from ~/security-agent. Do not call repo-local Python modules, Azure fetcher scripts, or files from edi-security-agent-controller.
If setup needs Artifactory credentials, route to $security-agent-setup for the opt-in chat credential forwarding flow or own-Terminal fallback.
If plain pip3 or a global edi-security-agent works but .venv/bin/edi-security-agent is missing, do not use the global install. Explain the pip-scope mismatch and route to $security-agent-setup so the package is installed into ~/security-agent/.venv.
Startup
Start the packaged UI from the directory containing .env:
cd ~/security-agent
.venv/bin/edi-security-agent-ui
If you need a fixed host/port for local testing:
cd ~/security-agent
.venv/bin/edi-security-agent-ui --host 127.0.0.1 --port 8127 --no-open-browser
Check health with:
curl -sSf http://127.0.0.1:8127/api/health
UI Data Model
- Vulnerabilities and UI-created runs are stored in local SQLite under
data/agent.dbby default. - CLI runs are terminal-first and are not backfilled into the UI database.
VULN_SOURCE=azurepreloads Defender findings on startup;VULN_SOURCE=nonestarts empty until refresh/import.
Common Operations
- Refresh Defender findings:
POST /api/vulns/refresh?source=azure-defender - List/filter vulnerabilities:
GET /api/vulns/ - Import Security Platform findings:
POST /api/vulns/refresh/security-platform - Create a run:
POST /api/runs/ - List active runs:
GET /api/runs/active - Inspect run detail/logs:
GET /api/runs/{run_id}andGET /api/runs/{run_id}/logs - Cancel a run:
POST /api/runs/{run_id}/cancel
Natural-Language Chat
Chat uses UAIS/OpenAI only for structured intent planning. It can list issues, show details, preview fixes, confirm/cancel pending actions, or check run status. Fix requests must show a preview and require explicit confirmation before execution starts.
Safety
- Do not assume the UI is a central service; it runs locally with the user's credentials and filesystem.
- Do not store Security Platform cookies or DPoP values.
- Do not bypass the installed CLI/UI by running repo-local scripts or Python modules.
- Check active repo conflicts before starting overlapping runs.
- Use the in-app browser only when the user asks to inspect or test the local UI.
Related Assets
security-agent-discovery
Discover, inspect, import, refresh, and export Security Agent vulnerability data from a pip-installed setup. Use when Codex needs to list Azure Defender findings, filter by repo/severity/CVE/fixable state, refresh the local UI vulnerability cache, import Security Platform findings through explicit cookie and DPoP values, or explain discovery-only workflows without cloning the controller repo.
Owner: edi-security-agent
security-agent-cca-fix
Run or explain Security Agent remediation through GitHub Copilot Cloud Agent from a pip-installed setup. Use when Codex needs to use --executor cca or --executor auto, create remote Copilot/CCA remediation tasks, reason about CCA budget/status, or compare local Codex execution with remote GitHub Cloud Agent execution without cloning the controller repo.
Owner: edi-security-agent
security-agent-local-fix
Run local Security Agent remediation from a pip-installed setup with the Codex executor. Use when Codex needs to plan or execute edi-security-agent defender fix with --executor codex or --executor local, dry-run Maven CVE remediation, apply local fixes, create Git branches/PRs, or explain the local autonomous Codex remediation path without cloning the controller repo.
Owner: edi-security-agent
security-agent-setup
Set up Security Agent for users who have not cloned the controller repo. Use when Codex needs to create ~/security-agent, create a Python virtual environment, install the pip3 package edi-security-agent, explain private Artifactory package index setup when package install fails, verify edi-security-agent --version, guide local .env creation for Azure Defender and optional GitHub/OpenAI values, verify az login, or troubleshoot private package index configuration.
Owner: edi-security-agent
MCP Server Development Standards (Optum)
Standards, patterns, and guardrails for building Model Context Protocol (MCP) servers compatible with Wall-E, VS Code Copilot, and enterprise systems.
Owner: epic-platform-sre
Harmony Components
Reference for Harmony Design System React components including buttons, modals, panels, form controls, navigation, and data display elements.
Owner: pcorazao

