[Bug]: Global Defender priority inversion in _update_agent_status bypasses detection on goal step

[verovaleros]

Bug Description

In netsecgame/game/coordinator.py, _update_agent_status checks goal_check before is_detected using if/elif, so a goal-reaching step short-circuits detection evaluation.

Current logic (netsecgame/game/coordinator.py:787-793):

if self.goal_check(agent):
    next_status = AgentStatus.Success
elif self.is_detected(agent):
    next_status = AgentStatus.Fail

Because detection is in an elif, detection is skipped whenever goal_check(agent) is True.

This conflicts with documented behavior in README.md:229:

If the attacker does a successful action in the same step that the defender successfully detects the action, the priority goes to the defender. The reward is a penalty, and the game ends.

Impact:

• Attacker can receive Success on a step where defender detection should cause Fail.
• Reward signal is inconsistent with documented rules.
• Global defender effectiveness is reduced on the most critical (goal) step.

Steps to Reproduce

1. Start the NetSecGame server with use_global_defender: True in task configuration.
2. Connect an attacker agent.
3. Reach a state where one action completes attacker goal.
4. Send the goal-completing action.
5. Observe _update_agent_status returns AgentStatus.Success when goal_check(agent) is true, without evaluating is_detected(agent).

Expected Behavior

Detection must have priority over goal completion when both are true in the same step.

For example:

if self.is_detected(agent):
    next_status = AgentStatus.Fail
elif self.goal_check(agent):
    next_status = AgentStatus.Success
elif self.is_timeout(agent):
    next_status = AgentStatus.TimeoutReached

Version

0.1.0

Installation / Deployment Method

Running locally from source

[verovaleros]

Originally reported by @jsvobo.

[ondrej-lukas]

This behavior is intended. README needs to be fixed to correspond with the code functionality