Problem
The security agent finds issues → creates tasks → evolve fixes them → next security scan finds more → creates more tasks. This loop never converges because each fix can introduce new patterns the security scanner flags.
Sessions 3-5 were dominated by this loop. The security agent created tasks 0208-0213, evolve fixed some, next session found more.
Fix
- Security agent should compare findings against previous pentest reports and only flag NEW issues
- After a security scan, the brain should NOT run another security scan for at least 5 sessions (let fixes stabilize)
- Security tasks should be batched: one evolve session fixes all security findings, not one per session
Acceptance Criteria
- Security agent deduplicates against prior reports
- Minimum 5-session cooldown between security scans
- Security fix tasks are batched into single evolve sessions
Problem
The security agent finds issues → creates tasks → evolve fixes them → next security scan finds more → creates more tasks. This loop never converges because each fix can introduce new patterns the security scanner flags.
Sessions 3-5 were dominated by this loop. The security agent created tasks 0208-0213, evolve fixed some, next session found more.
Fix
Acceptance Criteria