| name | agent-self-healing |
| description | Detect and repair security vulnerabilities or operational errors in the agent's own code and environment without manual intervention. |
Skill: Agent Self-Healing
Category: Agent Operations & Security
Priority: High
Description
This skill enables DevinOS to detect vulnerabilities, errors, or misconfigurations in its own code, dependencies, or runtime environment, and then repair them automatically within safe boundaries. It combines monitoring, diagnosis, and remediation into a self-improving operational loop.
Purpose
To improve system resilience, reduce downtime, and ensure the agent can recover from its own mistakes or from environmental issues without waiting for a human operator.
Trigger
Use this skill when:
- A task fails unexpectedly and the root cause is in the agent's own code or environment.
- A security scan flags a vulnerability in a dependency or generated file.
- A runtime error repeats in a stable environment.
- The agent detects a misconfiguration that breaks its own workflows.
Context
- Error logs, test results, or security scan output.
- Container or sandbox environment in use.
- Dependency manifest and lockfile.
- Version control state and branch protections.
- Human approval policy for automatic fixes.
Workflow
- Detect. Identify the failure, vulnerability, or anomaly through logs, tests, scans, or health checks.
- Isolate. Contain the impact before attempting repair (e.g., stop a failing service, roll back a bad file).
- Diagnose. Determine the root cause: dependency issue, code bug, misconfiguration, permission problem.
- Plan a fix. Generate a minimal, safe remediation with a rollback plan.
- Request approval if needed. For high-risk changes, require human confirmation before applying.
- Apply the fix. Modify code, update a dependency, or reconfigure the environment.
- Verify. Run tests, re-scan, and confirm the issue is resolved.
- Learn. Record the failure and fix in memory via
memory_manager.py and update relevant skills/rules.
Examples
Good: Fix a broken dependency automatically
Scenario: A build fails because axios 1.6.0 has a known vulnerability and the lockfile pins it.
Agent Action:
- Detects the vulnerability from the security scan.
- Isolates the build job to prevent propagation.
- Diagnoses that the fix is to upgrade
axios to a patched version.
- Creates a branch, updates the lockfile, and runs tests.
- Opens a PR if human approval is required, or applies and verifies if the policy allows auto-fix.
Bad: Auto-fix without diagnosis or approval
Scenario: Production crashes and the agent applies a random patch without understanding the cause.
Agent Action:
- Rejects blind patching.
- Logs the incident, isolates the issue, and either diagnoses carefully or escalates to a human.
Anti-patterns
- Applying fixes without understanding the root cause.
- Healing in production without a rollback plan.
- Skipping tests or verification after a self-healing action.
- Modifying security-critical code without approval.
- Failing to record the incident and lesson learned.
Verification
Cross Skill References
- Security: Vulnerability scanning, secure patching, threat modeling.
- Incident Response: Detection, isolation, escalation, post-mortem.
- Knowledge Distillation: Recording lessons learned from failures.
- Memory Manager: Persisting incident learnings.
- Testing: Regression tests and verification after fixes.
References