add pytorch security agents

[sumantro93]

Adding Kajuu and Sherru the duo which scans, finds and squashes PyTorch Security Flaws

[github-actions]

Claude Code Review

Summary

This PR introduces two specialized security agents, Sheeru (Security Exploiter) and Kajuu (Security Fixer), designed to work together for PyTorch vulnerability discovery and remediation. Sheeru finds and verifies CVE/CWE vulnerabilities through regression tests, while Kajuu implements patches. The agents follow the established patterns and are well-documented with clear workflows, technical competencies, and collaboration protocols.

Issues by Severity

🚫 Blocker Issues

None - No blocking issues found.

🔴 Critical Issues

None - No critical security or architectural violations.

🟡 Major Issues

1. Security Tool Classification & Authorization Context (Both Agents)

Location: Both agent files, entire scope

Issue: The agents are designed to create proof-of-concept exploits and work with vulnerabilities, which qualifies them as "dual-use security tools" per CLAUDE.md security guidelines. The descriptions lack clear authorization context.

From CLAUDE.md:

"Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases."

Recommendation: Add explicit authorization context to both agent descriptions. Suggest adding a prominent section:

## Authorization & Scope

**Authorized Use Cases:**
- Red Hat PyTorch security testing and vulnerability remediation
- Defensive security analysis of documented CVE/CWE issues
- Regression testing for security patches
- Internal security research on authorized PyTorch builds

**Explicitly NOT Authorized:**
- Exploit weaponization
- Unauthorized testing of third-party systems
- Public disclosure before coordinated disclosure timeline
- Testing without explicit Red Hat authorization

Severity Justification: While the agents are clearly defensive in intent (remediation focused), the lack of explicit authorization boundaries could lead to misuse. The existing "Ethical Guidelines" sections are good but insufficient per platform standards.

---

2. Missing Test Coverage for Agent Definitions

Location: No test files present for these agents

Issue: Unlike code components, there are no validation tests to ensure:

• Agent prompts don't contain injection vulnerabilities
• Tool access is correctly scoped
• Collaboration handoff patterns work correctly
• Output formats are parseable

Recommendation: Consider adding:

• Schema validation for agent YAML frontmatter
• Integration tests for Sheeru → Kajuu handoff workflow
• Sample CVE table parsing tests
• Verification that generated patches are syntactically valid

Severity Justification: Agent definitions control autonomous behavior. Without tests, breaking changes to agent format or tool access could go undetected until runtime failures.

---

🔵 Minor Issues

1. Inconsistent YAML Frontmatter Format (sheeru-security_exploiter.md)

Location: Lines 1-5

Current:

---
name: Sheeru (Security Exploiter)
description: PyTorch security vulnerability finder and regression test creator. Analyzes CVE/CWE tables, examines vulnerable code locations, and creates verification tests to confirm vulnerabilities exist before patches.
tools: Read, Write, Edit, Bash, Glob, Grep, WebSearch
---

Issue: The tools field is a comma-separated string rather than a YAML list. Compare to other agents which may use structured lists.

Recommendation: Verify expected format. If tools should be a list:

tools:
  - Read
  - Write
  - Edit
  - Bash
  - Glob
  - Grep
  - WebSearch

Note: Check existing agent files for consistency. If string format is standard, this is not an issue.

---

2. Duplicate Description in parker-product_manager.md Pattern

Location: Both agent files have description in YAML and repeated in body

Observation: Following parker-product_manager.md pattern, both agents repeat the description after frontmatter. This is consistent with existing agents but creates maintenance burden (need to update two places).

Recommendation: Consider whether this duplication is necessary. If it's an established pattern, document why. Otherwise, remove body duplication and rely on YAML frontmatter.

---

3. Hard-coded Paths Assume PyTorch Context

Location:

• sheeru-security_exploiter.md: Line 61 /pytorch/cve_table.csv
• sheeru-security_exploiter.md: Line 73 /pytorch/results/
• kajuu-security_fixer.md: Multiple references to /pytorch/

Issue: Agents assume they'll always run in a /pytorch working directory. This reduces reusability for other projects or different directory structures.

Recommendation: Use relative paths or make paths configurable:

# Instead of:
cve_table = "/pytorch/cve_table.csv"

# Use:
import os
project_root = os.getcwd()
cve_table = os.path.join(project_root, "cve_table.csv")

Or document that PyTorch directory structure is a requirement.

---

4. Code Examples Use Placeholder Comments

Location: Throughout both files

Examples:

• sheeru-security_exploiter.md:118 # CREATE CONDITIONS THAT TRIGGER THE VULNERABILITY
• kajuu-security_fixer.md:230 # Example: Fixing NULL pointer in scatter

Issue: Some code examples use comments as placeholders rather than showing actual implementation. While this is acceptable for documentation, it may confuse users expecting copy-paste ready code.

Recommendation: Either:

1. Keep as placeholders with clear # TODO: or # EXAMPLE: prefixes
2. Provide complete, runnable examples for at least one CVE type

---

5. Missing Integration with Platform Components

Location: Both agents operate independently

Observation: The agents don't reference integration with:

• Platform's TodoWrite tool for tracking vulnerability remediation
• Platform's WebSocket messaging for progress updates
• Platform's artifact storage (PVC) for patch files
• Platform's CI/CD for automated patch testing

Recommendation: Consider adding platform integration guidance:

## Platform Integration

- Use `TodoWrite` to track remediation progress per CVE
- Store patches in session PVC for artifact retention
- Use structured logging for vulnerability status updates
- Consider webhook notifications for UNPATCHED findings

This would align agents with the platform's observable, trackable execution model.

---

Positive Highlights

Excellent Documentation Structure ✅

• Clear personality definitions, communication styles, and competency levels
• Well-organized phases (Discovery → Verification → Remediation)
• Comprehensive code examples for each vulnerability type

Strong Security-First Design ✅

• Ethical guidelines included in both agents
• Clear handoff protocols prevent scope creep
• Emphasis on minimal, targeted fixes (Kajuu)
• Proof-of-concept vs weaponization boundaries stated

Vulnerability Coverage ✅

• Comprehensive CWE coverage (NULL pointers, buffer overflows, integer overflows, memory issues, deserialization, race conditions)
• PyTorch-specific knowledge sections demonstrate domain expertise
• Test patterns for each vulnerability type

Collaboration Model ✅

• Well-defined Sheeru → Kajuu handoff workflow
• Clear responsibilities: find/verify vs fix/validate
• Structured output artifacts (CSV reports, patch files)
• Verification loop (Kajuu fixes, Sheeru re-tests)

Follows Agent Pattern Standards ✅

• YAML frontmatter matches existing agents
• Personality and communication style defined
• Signature phrases for consistency
• Tool access appropriately scoped

---

Recommendations

Priority 1 (Before Merge)

1. Add Authorization Context Section - Clarify authorized use cases per CLAUDE.md security requirements
2. Document Path Assumptions - Either make paths configurable or document PyTorch directory requirement
3. Verify Tools Format - Ensure YAML frontmatter matches platform expectations (list vs string)

Priority 2 (Post-Merge)

4. Add Agent Tests - Create validation tests for agent definitions and workflows
5. Platform Integration Guide - Document how to use TodoWrite, PVC storage, etc. with these agents
6. Complete Code Examples - Provide at least one fully runnable example per vulnerability type
7. Create Sample CVE Table - Include example cve_table.csv in /agents/examples/ for testing

Priority 3 (Future Enhancement)

8. Agent Interaction Logging - Add structured logging for Sheeru → Kajuu handoffs
9. Automated Compliance Reporting - Generate machine-readable security scan results
10. Integration with Security Dashboards - Consider how findings integrate with broader security tooling

---

Conclusion

Recommendation: APPROVE with minor revisions

The agents are well-designed, follow established patterns, and fill a critical security testing gap. The main concern is ensuring proper authorization context is documented per platform security guidelines. The code quality is high, documentation is thorough, and the collaboration model between agents is thoughtfully designed.

Suggested Actions:

1. Add authorization/scope section to both agents (5 min)
2. Verify YAML frontmatter format matches platform expectations (2 min)
3. Document path assumptions in a "Prerequisites" section (3 min)
4. Merge with confidence ✅

The agents demonstrate excellent understanding of security vulnerability patterns and PyTorch internals. This is a valuable addition to the platform's security capabilities.

---

🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

1. CLAUDE.md - Master project instructions, development standards
2. backend-development.md - Go backend, K8s integration patterns
3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
4. security-standards.md - Auth, RBAC, token handling
5. k8s-client-usage.md - User token vs service account patterns
6. error-handling.md - Consistent error patterns
7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.