AgentGuard PR Review

I found one actionable issue in the patch.

1. severity: medium — src/feed/state.ts / src/cli.ts (subscribe path)
   • What can go wrong: The new feed state format only remembers IDs from prior runs, but getSeenAdvisoryIds() is derived from newSeenIds only. A record with empty newSeenIds but non-empty foundIds is persisted, yet contributes nothing to deduplication. More importantly, subscribe now skips saving state entirely when newSeenIds.length === 0 && foundIds.length > 0 is false, so a run that only re-evaluates already-seen advisories (or only detects matches after all advisories are already known) will not update pulledAt/record history. This makes the local ledger incomplete and can cause repeated reprocessing or misleading state after cron runs.
   • Concrete fix: Persist a pull record whenever the feed was queried and any advisories were evaluated, not only when newSeenIds or foundIds are non-empty. Also consider deriving dedupe from the union of all stored record IDs, or explicitly documenting/validating that foundIds never needs to influence skip logic.