Research And Verification
SecOpsAI now has a local-first research and verification layer that helps keep investigations, docs, and operational examples current.
Research commands
Use these when you want a source-backed explanation before you change findings, rules, or allowlists:
secopsai research preflight
secopsai research finding SCM-FA4BAE45589358A2 --search-root ~/secopsai
secopsai research package --ecosystem pypi --package litellm --version 1.83.10 --search-root ~/secopsai
The reports are written under reports/research/ by default and can also be attached to an investigation session.
Investigation with research attached
This is the fastest end-to-end workflow for an analyst:
secopsai triage investigate SCM-FA4BAE45589358A2 --search-root ~/secopsai --open-session --with-research --json
That flow can attach:
- triage JSON and Markdown reports
- research JSON and Markdown reports
- session events, plan steps, and approval history
Durable independent research
Use Research Cases when an investigation must outlive one finding or report. Cases add structured subjects, evidence provenance, IOCs, disclosure state, publication readiness, deterministic export, and a review-only Blog Ops handoff.
Preflight before triage or correlation
Use preflight when you want to block low-quality automation runs caused by stale telemetry or bad source coverage:
secopsai research preflight
secopsai correlate --enforce-preflight
secopsai triage orchestrate --search-root ~/secopsai --enforce-preflight
This is especially important when replay telemetry has stopped updating or threat-intel freshness has drifted.
Docs verification
The docs verifier checks that:
- documented
secopsaiexamples still parse against the real CLI - the OpenClaw plugin page still matches the plugin repo’s current tool registry
Run it from the repo root:
python scripts/verify_docs_examples.py
Use this in CI or a daily docs QA check so the site stays aligned with the actual CLI and plugin surface.
Agent runtime
The local agent runtime adds routing, compaction, repeated-loop checks, and isolated job records:
secopsai agent route --task "investigate stale replay telemetry before triage"
secopsai agent compact <SESSION_ID> --json
secopsai agent run-job --name docs-qa -- python scripts/docs_source_agent.py --build
secopsai agent jobs --limit 10
Use agent route before an autonomous workflow to see which tools are read-only, write-gated, or expensive. Use agent compact before resuming a long investigation session. Use agent run-job for adaptive-intel, replay, docs, or regression work that should leave an auditable job record under data/agent_jobs/.
Docs QA agent
The docs QA agent wraps the verifier and optionally runs a docs build, then writes JSON and Markdown reports under reports/docs/:
python scripts/docs_source_agent.py --build
Recommended automation
To keep things fresh:
- Keep your regular SecOpsAI refresh scheduler running.
- Run
secopsai agent run-job --name docs-qa -- python scripts/docs_source_agent.py --buildafter CLI or plugin changes. - Rebuild docs after successful verification:
mkdocs build