Security Agent Skill

Use this skill to produce reliable A2UI/Pulse visualizations for the security-agent project and to diagnose pipeline failures quickly.

Quick Intent Routing

Decide target behavior from user wording before writing HTML:

• If the user says Pulse, Visualization section, or agent visualization:
  verify GET /api/a2a/vizit-latest/<terminalId> returns 200 with HTML.
• If the user says A2UI content, A2UI panel, or sidecar content:
  verify POST /api/a2ui-content returns HTML.
• If they only ask for a visualization card:
  write to a2ui_input.log and verify both endpoints when possible.

Canonical Workflow

1) Resolve active terminal and log path

Use API, not assumptions.

curl -sS -m 5 http://127.0.0.1:7690/api/projects

Find the security-agent project, then use:

• activeTerminalId
• sidecarPort
• log path: /home/yousuf/GoogleDrive/PROJECTS/.triclaude/runtime/terminals/<terminalId>/a2ui_input.log

2) Acquire file checkout lock before edits

Before editing any file, checkout it:

curl -sS -X POST http://127.0.0.1:7690/api/coordination/checkout \
  -H "Content-Type: application/json" \
  -d '{"terminalId":"<terminalId>","filePath":"<full_file_path>","projectPath":"/home/yousuf/local_workspaces/security-agent"}'

If success: false, do not edit.

3) Write A2UI block correctly

Rules:

• Always append with >>, never overwrite with >.
• Always wrap HTML with <!-- A2UI:START --> and <!-- A2UI:END -->.
• Add a timestamp comment to avoid sidecar dedupe.

<!-- A2UI:START -->
<!-- ts: 2026-02-16T20:09:01-05:00 -->
<div>...</div>
<!-- A2UI:END -->

4) Verify rendering path

Check both views as needed:

curl -sS -m 5 -X POST http://127.0.0.1:7690/api/a2ui-content \
  -H "Content-Type: application/json" \
  -d '{"terminalId":"<terminalId>"}'

curl -sS -m 5 -w '\nHTTP:%{http_code}\n' \
  http://127.0.0.1:7690/api/a2a/vizit-latest/<terminalId>

Interpretation:

• a2ui-content has HTML + vizit-latest is 204: sidecar/vizit persistence issue for Pulse.
• vizit-latest is 200 with HTML: Pulse has renderable content.

5) Recover when Pulse is blank

Use this sequence:

1. Restart sidecar for that terminal:

curl -sS -X POST http://127.0.0.1:7690/api/restart-sidecar \
  -H "Content-Type: application/json" \
  -d '{"terminalId":"<terminalId>","port":<sidecarPort>}'

2. Append a fresh A2UI block with a unique timestamp.
3. Confirm sidecar created a file in:
   /home/yousuf/GoogleDrive/PROJECTS/.triclaude/runtime/terminals/<terminalId>/a2ui/viz_*.html
4. Recheck vizit-latest for HTTP 200.

6) Release checkout lock

curl -sS -X POST http://127.0.0.1:7690/api/coordination/checkout \
  -H "Content-Type: application/json" \
  -d '{"terminalId":"<terminalId>","filePath":"<full_file_path>","release":true}'

Style Options

Read references/style-guide.md before generating polished visuals.

Default selection for diagnostics:

• RCF Card (Root Cause + Fix)

Other supported options:

• Status Grid
• Incident Timeline
• Minimal Confirm

When the user says they like a prior visualization, reuse the same style family and only update content.

Response Contract

When reporting results to user, always include:

1. Terminal ID used.
2. Which endpoint was failing (a2ui-content or vizit-latest).
3. Fix steps applied.
4. Final verification result with status code.