Agent framework for reducing GitHub security alerts across many repositories. Profile-driven, local-first, and scoped to remediation patterns that are mechanically verifiable.
The current scaffold supports:
- GitHub
Dependabotalerts — exhaustive remediation within one locked run - Selected GitHub
code scanningrules with deterministic fixes — allowlisted per profile - GitHub
secret scanningresponse — review-required cleanup PRs when deterministic repository cleanup is possible
Not supported for automatic merge:
code scanningrules outside the selected profile allowlistsecret scanningcleanup PRs (always review-required)- any finding that requires infrastructure, product, or compliance decisions
The scaffold never rotates credentials, dismisses alerts, rewrites git history, or pushes commits to Dependabot-authored branches.
- Fork or clone this repository.
- Create
profiles/local/<your-owner>/, then copyprofiles/template/profile.yamltoprofiles/local/<your-owner>/profile.yaml. Theprofiles/local/directory is gitignored. - Fill in
profile_id,owner,owner_type,runtime.local_clone_root, and per-repolocal_pathto match your environment. - For each repository entry, set
automation_mode: activeonly when every enabled target has real verification commands. Otherwise usemanual_only. See docs/operating-model.md for the verification command contract. - Authenticate
ghwith a PAT or fine-grained token that has the required capabilities (see docs/runtime-contract.md). - Invoke the root SKILL.md with your selected profile.
The framework is organized around a profile that describes one GitHub owner. Each profile contains repository entry definitions, each with stable target_id values for remediation targets (e.g. root, ui, api-server).
Every locked run acquires a profile-scoped lock under the clone root, then processes eligible work in this order: exhaustive Dependabot → allowlisted code scanning → secret scanning response → review gate → reconcile → report.
Each remediation unit has a stable dedup key (owner/repo + alert_class + base_branch + target_id, with normalized rule id or GitHub alert number appended for code_scanning and secret_scanning respectively) that flows through branch naming, PR body metadata, and run reporting.
Public contracts live in docs/:
- docs/runtime-contract.md — clone handling, authentication, concurrency, rate limits, target environment handling, secret handling, PR body metadata schema
- docs/operating-model.md — vocabulary, repository modes, remediation unit, branch naming, native PR strategy, outcome states, reason codes, exhaustive run model
- docs/code-scanning-policy.md — allowlist model, coverage states, rule contracts
- docs/secret-scanning-policy.md — deterministic cleanup contract, response buckets, PR rules
- docs/review-gate.md — pre-merge verification per alert class
- docs/reporting-model.md — summary fields, outcome semantics, reporting rules
Every locked run writes one JSON Lines record per remediation unit to {clone_root}/.github-security-agent/runs/{profile_id}/{iso8601_utc}.jsonl, plus a companion latest.json summary overwritten on each run. Blocked and skipped findings appear in the same report with their reason code and any relevant platform_constraints or manual follow-up actions. See docs/reporting-model.md for the per-unit summary schema.
SKILL.md
README.md
LICENSE
docs/
code-scanning-policy.md
secret-scanning-policy.md
operating-model.md
review-gate.md
runtime-contract.md
reporting-model.md
skills/
account-discovery/
code-scanning-triage/
code-scanning-remediator/
dependabot-remediator/
secret-scanning-response/
review-gate/
reporting/
profiles/
template/
examples/
local/ # gitignored account-specific overlays
- SKILL.md — canonical entrypoint for one selected profile
- skills/account-discovery/SKILL.md — profile and runtime validation
- skills/dependabot-remediator/SKILL.md —
Dependabotalert remediation - skills/code-scanning-triage/SKILL.md — classify
code scanningalerts - skills/code-scanning-remediator/SKILL.md — allowlisted deterministic remediation
- skills/secret-scanning-response/SKILL.md — cleanup PRs with manual follow-up recording
- skills/review-gate/SKILL.md — pre-merge policy decision
- skills/reporting/SKILL.md — run summary
- profiles/template/profile.yaml — canonical schema
- profiles/template/README.md — profile vocabulary and rules
- profiles/examples/acme-org/profile.yaml — organization profile example
Account-specific runnable overlays should live under profiles/local/, which is gitignored.
MIT — see LICENSE.