Scheduled Tasks
Recurring Cygent prompts — daily DeFi threat monitoring, weekly audits, PR digests, and codebase health checks.
Overview
A scheduled task is any Cygent prompt, wrapped in a schedule. The same prompts you'd type in Slack to run an audit, summarize PRs, or check for new exploits — you can hand them to a schedule and Cygent runs them unattended, posts the results to a channel, and keeps a run history.
Scheduled tasks are where Cygent stops being a tool you reach for and becomes a teammate with standing responsibilities.
Creating a task
Two ways, both equivalent:
| Surface | How |
|---|---|
| Dashboard | Open Scheduled Tasks on the agent, click Create Task, fill in a name, a prompt, and a schedule |
| Chat | @cygent schedule a weekly audit of my-repo every Monday at 9am EST |
Cygent confirms the schedule and shows the next run time. You can edit, pause, resume, or run-now from either surface.
Daily DeFi threat monitor
This is the scheduled task every protocol team should run, and the one Cyfrin uses as the walkthrough demo.
Prompt:
Scrape rekt.news for new entries posted in the last 24 hours.
For each incident, summarize the vulnerability class and root cause.
Then cross-reference each vulnerability against our codebase —
check if we have similar patterns that could be exploited the same way.
Post findings to #security with severity estimates.
Schedule: daily at 8am EST
What it does, day to day: every morning at 8, Cygent pulls the latest post-mortems from Rekt.news, reads them, extracts the vulnerability class, and greps your codebase (semantically, not just textually) for the same patterns. If a new flash loan exploit just hit another protocol, Cygent tells you whether you're vulnerable to the same thing before the next attacker gets to you.
Why this is the killer feature: the day a new exploit class lands in the wild, every protocol needs to check whether they're vulnerable. Traditionally that means a security engineer reading Rekt.news over coffee, running an internal check, and writing a Slack message. Cygent does all three on a schedule and tells you only when there's something to worry about.
This pattern generalizes. "Check if X new thing affects our codebase" works for CVEs, EIP updates, Chainlink oracle deprecations, and more. Rekt.news is just the most visible source.
Other common schedules
Weekly audit
Run a full CARA audit on my-protocol-repo. Compare to last week's audit:
highlight new findings, newly-resolved findings, and any regressions.
Summary to #security.
Schedule: every Monday at 9am EST.
Most teams run a weekly audit on their main protocol repo. It's the baseline "have we introduced anything new" signal.
PR review digest
List all PRs merged on my-protocol-repo in the last 7 days.
For each, one sentence on what changed and whether it resolved any
Cygent findings. Group by author.
Schedule: every Friday at 4pm EST.
The Friday recap is useful for async teams — everyone gets a signal of what landed that week without scrolling through GitHub.
Codebase health check
Audit my-protocol-repo with focus on:
- dependency updates (check for outdated OpenZeppelin, Chainlink versions)
- test coverage changes since last check
- any TODO/FIXME comments added in the last month
Report to #eng-health.
Schedule: monthly on the 1st at 9am EST.
Health checks catch slow drift — the kind of thing nobody notices day-to-day but hurts six months in.
Bug bounty triage
List all new GitHub issues created in the last 24 hours with the
'security' label. For each, decide if it's legitimate or spam and
post a recommendation to #security.
Schedule: daily at 9am EST.
Protocols with public bug bounties can drown in AI-generated submissions. A daily triage task kills the noise.
Natural-language scheduling
Cygent converts plain English into a cron expression. All of these work:
| Example | Note |
|---|---|
every Monday at 9am EST | Weekly, timezone-aware |
daily at 3:30pm | Defaults to UTC without a TZ |
every 2 hours | Interval |
every weekday at 8am | Mon–Fri only |
monthly on the 1st at 9am | Monthly anchor |
twice a day at 9am and 5pm PT | Multiple times per day |
every 15 minutes | Use sparingly — this is a lot of runs |
Timezone is explicit and per-task. Specify it or Cygent defaults to UTC. The dashboard shows the next run time in your browser's local timezone so there's no ambiguity.
Notifications and output
Every task has two output knobs:
- Notifications. On/off, and which channel (Slack, Discord, Telegram). When off, results are saved to the dashboard only — useful for noisy health checks you want to review weekly, not get pinged about.
- Output format. Optional trailing instruction appended to the prompt, e.g.
bullet list of changed PRs with one-line summaries. Treat it like a formatting directive for the model.
Notification routing respects the same channel rules as manual interactions. If Cygent isn't present in the target channel, it can't post.
Managing tasks from chat
You don't have to open the dashboard to manage tasks. Cygent understands natural language here too:
@cygent list my scheduled tasks@cygent pause the weekly audit@cygent resume the weekly audit@cygent run the weekly audit now(fires immediately, then continues the regular schedule)@cygent change the weekly audit to run daily at 8am@cygent delete the old PR digest task
Chat management is useful when a task is misbehaving and you want to pause it instantly without tabbing out.
Auto-pause after failures
Scheduled tasks auto-pause after 3 consecutive failures. This is deliberate — the common failure modes are a deleted repo, a revoked GitHub token, a broken prompt that always errors — and you don't want Cygent retrying on a loop, generating noise, and chewing through rate limits.
When a task auto-pauses:
- It posts a final message to the notification channel explaining why.
- It shows as Paused (auto) in the dashboard with the failure log.
- You fix whatever's broken (usually a token refresh or a prompt tweak) and click Resume.
Don't disable auto-pause. The failure mode without it is a task that fails every hour for two weeks while you're on PTO and fills your channel with error messages.
Autonomy and scheduled tasks
Scheduled tasks run autonomously — by design. A task that waits for approval defeats the purpose. This means:
- The task completes whatever its prompt says, without asking for confirmation.
- If the prompt would open a PR, the PR gets opened.
- If the prompt would close issues, those issues get closed.
Don't schedule actions you're not comfortable running unattended. A scheduled task that reviews and reports is safe. A scheduled task that fixes and merges is a policy decision — make sure you have other gates (CI, PR review) catching anything the prompt misses.
See Behavior & Autonomy for how this interacts with the agent's autonomy presets.
Run history
Every run of every task is recorded in the dashboard with:
| Field | What it shows |
|---|---|
| Start time + duration | When the task fired and how long it took |
| Status | Succeeded or failed |
| Output | Full output the task produced |
| Errors + warnings | Anything surfaced during execution |
Run history is how you debug "why did Friday's digest miss PR #142" after the fact. It's also how you calibrate — if your daily threat monitor has produced zero hits in two months, the prompt probably needs sharpening.