npm - @h9-foundry/agentforge-cli - Versions diffs - 0.6.0 → 0.7.0 - Mend

@h9-foundry/agentforge-cli 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/.tsbuildinfo +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +109 -11
package/dist/index.js.map +1 -1
package/dist/internal/builtin-agents.d.ts.map +1 -1
package/dist/internal/builtin-agents.js +651 -28
package/dist/internal/builtin-agents.js.map +1 -1
package/package.json +8 -8

package/dist/internal/builtin-agents.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { existsSync, readFileSync } from "node:fs";
 import { join } from "node:path";
-import { agentManifestSchema, agentOutputSchema, designArtifactSchema, implementationArtifactSchema, implementationInventorySchema, qaRequestSchema, planningArtifactSchema } from "@h9-foundry/agentforge-schemas";
+import { agentManifestSchema, agentOutputSchema, designArtifactSchema, implementationArtifactSchema, implementationInventorySchema, qaArtifactSchema, qaEvidenceNormalizationSchema, qaRequestSchema, securityArtifactSchema, securityEvidenceNormalizationSchema, securityRequestSchema, planningArtifactSchema } from "@h9-foundry/agentforge-schemas";
 const contextCollectorAgent = {
     manifest: agentManifestSchema.parse({
         version: 1,
@@ -83,6 +83,71 @@ function buildValidationCommand(packageManager, scriptName, packageName) {
     }
     return `${packageManager} ${scriptName}`;
 }
+function collectValidationCommands(repoRoot, packageManager, packageScopes) {
+    const discoveredValidationCommands = [];
+    const registerScripts = (packageJsonPath, source, packageName) => {
+        const scripts = parsePackageScripts(packageJsonPath);
+        for (const scriptName of Object.keys(scripts)) {
+            const command = buildValidationCommand(packageManager, scriptName, packageName);
+            discoveredValidationCommands.push({
+                command,
+                source,
+                classification: allowedValidationScriptNames.has(scriptName) ? "approval_required" : "deny",
+                reason: allowedValidationScriptNames.has(scriptName)
+                    ? "Discovered from a bounded repository script; execution would still require approval."
+                    : "Command is not in the bounded allowlist for workflow validation."
+            });
+        }
+    };
+    if (!repoRoot) {
+        return discoveredValidationCommands;
+    }
+    registerScripts(join(repoRoot, "package.json"), "package-script");
+    for (const packageScope of packageScopes) {
+        const packageJsonPath = join(repoRoot, packageScope, "package.json");
+        if (!existsSync(packageJsonPath)) {
+            continue;
+        }
+        const parsed = JSON.parse(readFileSync(packageJsonPath, "utf8"));
+        const packageName = isRecord(parsed) && typeof parsed.name === "string" ? parsed.name : packageScope;
+        registerScripts(packageJsonPath, "workspace-script", packageName);
+    }
+    return discoveredValidationCommands;
+}
+function loadBundleArtifactKinds(bundlePath) {
+    if (!existsSync(bundlePath)) {
+        return [];
+    }
+    const parsed = JSON.parse(readFileSync(bundlePath, "utf8"));
+    if (!isRecord(parsed) || !Array.isArray(parsed.lifecycleArtifacts)) {
+        return [];
+    }
+    return parsed.lifecycleArtifacts
+        .map((artifact) => (isRecord(artifact) && typeof artifact.artifactKind === "string" ? artifact.artifactKind : undefined))
+        .filter((artifactKind) => Boolean(artifactKind));
+}
+function loadBundleArtifactPayloadPaths(bundlePath) {
+    if (!existsSync(bundlePath)) {
+        return [];
+    }
+    const parsed = JSON.parse(readFileSync(bundlePath, "utf8"));
+    if (!isRecord(parsed) || !Array.isArray(parsed.lifecycleArtifacts)) {
+        return [];
+    }
+    return parsed.lifecycleArtifacts.flatMap((artifact) => {
+        if (!isRecord(artifact) || !isRecord(artifact.payload)) {
+            return [];
+        }
+        const payload = artifact.payload;
+        if (Array.isArray(payload.affectedPaths)) {
+            return asStringArray(payload.affectedPaths);
+        }
+        if (Array.isArray(payload.evidenceSources)) {
+            return asStringArray(payload.evidenceSources);
+        }
+        return [];
+    });
+}
 function derivePackageScope(pathValue) {
     const segments = pathValue.split("/").filter(Boolean);
     if (segments.length < 2) {
@@ -100,6 +165,45 @@ function getWorkflowInput(stateSlice, key) {
     }
     return stateSlice.workflowInputs[key];
 }
+function buildLifecycleArtifactEnvelopeBase(state, displayName, summary, inputRefs, issueRefs = []) {
+    return {
+        schemaVersion: state.version,
+        workflow: {
+            name: state.workflow,
+            displayName
+        },
+        source: {
+            sourceType: "workflow-run",
+            runId: state.runId,
+            inputRefs: [...inputRefs],
+            issueRefs: [...issueRefs]
+        },
+        status: "complete",
+        generatedAt: new Date().toISOString(),
+        repo: {
+            root: state.repo.root,
+            name: state.repo.name,
+            branch: state.repo.branch
+        },
+        provenance: {
+            generatedBy: "agentforge-runtime",
+            schemaVersion: state.version,
+            executionEnvironment: state.context.ciExecution ? "ci" : "local",
+            repoRoot: state.repo.root
+        },
+        redaction: {
+            applied: true,
+            strategyVersion: "1.0.0",
+            categories: ["github-token", "api-key", "aws-key", "bearer-token", "password", "private-key"]
+        },
+        auditLink: {
+            entryIds: [],
+            findingIds: [],
+            proposedActionIds: []
+        },
+        summary
+    };
+}
 function buildArtifactEnvelopeBase(state, summary, inputRefs, issueRefs) {
     return {
         schemaVersion: state.version,
@@ -593,6 +697,546 @@ const qaIntakeAgent = {
         });
     }
 };
+const securityIntakeAgent = {
+    manifest: agentManifestSchema.parse({
+        version: 1,
+        name: "security-intake",
+        displayName: "Security Intake",
+        category: "security",
+        runtime: {
+            minVersion: "0.1.0",
+            kind: "deterministic"
+        },
+        permissions: {
+            model: false,
+            network: false,
+            tools: [],
+            readPaths: [".agentops/requests/**", ".agentops/runs/**"],
+            writePaths: []
+        },
+        inputs: ["workflowInputs", "repo"],
+        outputs: ["summary", "metadata"],
+        contextPolicy: {
+            sections: ["workflowInputs", "repo", "context"],
+            minimalContext: true
+        },
+        catalog: {
+            domain: "security",
+            supportLevel: "internal",
+            maturity: "mvp",
+            trustScope: "official-core-only"
+        },
+        trust: {
+            tier: "core",
+            source: "official",
+            reviewed: true
+        }
+    }),
+    outputSchema: agentOutputSchema,
+    async execute({ stateSlice }) {
+        const securityRequest = getWorkflowInput(stateSlice, "securityRequest");
+        const requestFile = getWorkflowInput(stateSlice, "requestFile");
+        const referencedArtifactKinds = getWorkflowInput(stateSlice, "securityTargetArtifactKinds") ?? [];
+        if (!securityRequest) {
+            throw new Error("security-review requires a validated security request before runtime execution.");
+        }
+        const targetType = securityRequest.targetRef.endsWith("bundle.json") ? "artifact-bundle" : "local-reference";
+        return agentOutputSchema.parse({
+            summary: `Loaded security request from ${requestFile ?? ".agentops/requests/security.yaml"} targeting ${securityRequest.targetRef}.`,
+            findings: [],
+            proposedActions: [],
+            lifecycleArtifacts: [],
+            requestedTools: [],
+            blockedActionFlags: [],
+            metadata: {
+                ...securityRequestSchema.parse({
+                    ...securityRequest,
+                    evidenceSources: [...new Set([securityRequest.targetRef, ...securityRequest.evidenceSources])]
+                }),
+                targetType,
+                referencedArtifactKinds
+            }
+        });
+    }
+};
+const securityEvidenceNormalizationAgent = {
+    manifest: agentManifestSchema.parse({
+        version: 1,
+        name: "security-evidence-normalizer",
+        displayName: "Security Evidence Normalizer",
+        category: "security",
+        runtime: {
+            minVersion: "0.1.0",
+            kind: "deterministic"
+        },
+        permissions: {
+            model: false,
+            network: false,
+            tools: [],
+            readPaths: [".agentops/requests/**", ".agentops/runs/**", "**/*.json", "**/*.md", "**/package.json"],
+            writePaths: []
+        },
+        inputs: ["workflowInputs", "repo", "agentResults"],
+        outputs: ["summary", "metadata"],
+        contextPolicy: {
+            sections: ["workflowInputs", "repo", "agentResults"],
+            minimalContext: true
+        },
+        catalog: {
+            domain: "security",
+            supportLevel: "internal",
+            maturity: "mvp",
+            trustScope: "official-core-only"
+        },
+        trust: {
+            tier: "core",
+            source: "official",
+            reviewed: true
+        }
+    }),
+    outputSchema: agentOutputSchema,
+    async execute({ stateSlice }) {
+        const securityRequest = getWorkflowInput(stateSlice, "securityRequest");
+        if (!securityRequest) {
+            throw new Error("security-review requires validated security request inputs before evidence normalization.");
+        }
+        const repoRoot = stateSlice.repo?.root;
+        const intakeMetadata = isRecord(stateSlice.agentResults?.intake?.metadata) ? stateSlice.agentResults.intake.metadata : {};
+        const targetType = typeof intakeMetadata.targetType === "string" && intakeMetadata.targetType === "artifact-bundle"
+            ? "artifact-bundle"
+            : "local-reference";
+        const targetPath = repoRoot ? join(repoRoot, securityRequest.targetRef) : securityRequest.targetRef;
+        if (repoRoot && !existsSync(targetPath)) {
+            throw new Error(`Security target reference not found: ${securityRequest.targetRef}`);
+        }
+        const referencedArtifactKinds = targetType === "artifact-bundle" ? loadBundleArtifactKinds(targetPath) : [];
+        const normalizedEvidenceSources = [...new Set([securityRequest.targetRef, ...securityRequest.evidenceSources])];
+        const missingEvidenceSources = normalizedEvidenceSources.filter((pathValue) => repoRoot && !existsSync(join(repoRoot, pathValue)));
+        if (missingEvidenceSources.length > 0) {
+            throw new Error(`Security evidence source not found: ${missingEvidenceSources[0]}`);
+        }
+        const normalizedFocusAreas = securityRequest.focusAreas.length > 0 ? [...new Set(securityRequest.focusAreas)] : ["general-review"];
+        const affectedPackages = targetType === "artifact-bundle"
+            ? [...new Set(loadBundleArtifactPayloadPaths(targetPath).map(derivePackageScope).filter((value) => Boolean(value)))]
+            : [];
+        const securitySignals = [
+            ...(referencedArtifactKinds.length > 0 ? [`Referenced artifact kinds: ${referencedArtifactKinds.join(", ")}`] : []),
+            ...(affectedPackages.length > 0 ? [`Affected packages inferred from bounded artifact payloads: ${affectedPackages.join(", ")}`] : []),
+            ...(normalizedFocusAreas.length > 0 ? [`Requested focus areas: ${normalizedFocusAreas.join(", ")}`] : []),
+            "Security evidence collection remains local, read-only, and bounded to validated references."
+        ];
+        const provenanceRefs = [
+            securityRequest.targetRef,
+            ...securityRequest.evidenceSources,
+            ...referencedArtifactKinds.map((artifactKind) => `${securityRequest.targetRef}#${artifactKind}`)
+        ];
+        const normalization = securityEvidenceNormalizationSchema.parse({
+            targetRef: securityRequest.targetRef,
+            targetType,
+            referencedArtifactKinds,
+            normalizedEvidenceSources,
+            missingEvidenceSources: [],
+            normalizedFocusAreas,
+            securitySignals,
+            provenanceRefs: [...new Set(provenanceRefs)],
+            affectedPackages
+        });
+        return agentOutputSchema.parse({
+            summary: `Normalized security evidence for ${securityRequest.targetRef}.`,
+            findings: [],
+            proposedActions: [],
+            lifecycleArtifacts: [],
+            requestedTools: [],
+            blockedActionFlags: [],
+            metadata: normalization
+        });
+    }
+};
+const securityAnalystAgent = {
+    manifest: agentManifestSchema.parse({
+        version: 1,
+        name: "security-analyst",
+        displayName: "Security Analyst",
+        category: "security",
+        runtime: {
+            minVersion: "0.1.0",
+            kind: "reasoning"
+        },
+        permissions: {
+            model: true,
+            network: false,
+            tools: [],
+            readPaths: ["**/*"],
+            writePaths: []
+        },
+        inputs: ["workflowInputs", "repo", "changes", "agentResults"],
+        outputs: ["lifecycleArtifacts"],
+        contextPolicy: {
+            sections: ["workflowInputs", "repo", "changes", "agentResults"],
+            minimalContext: true
+        },
+        catalog: {
+            domain: "security",
+            supportLevel: "internal",
+            maturity: "mvp",
+            trustScope: "official-core-only"
+        },
+        trust: {
+            tier: "core",
+            source: "official",
+            reviewed: true
+        }
+    }),
+    outputSchema: agentOutputSchema,
+    async execute({ state, stateSlice }) {
+        const securityRequest = getWorkflowInput(stateSlice, "securityRequest");
+        const requestFile = getWorkflowInput(stateSlice, "requestFile");
+        if (!securityRequest) {
+            throw new Error("security-review requires validated security inputs before security analysis.");
+        }
+        const intakeMetadata = isRecord(stateSlice.agentResults?.intake?.metadata) ? stateSlice.agentResults.intake.metadata : {};
+        const evidenceMetadata = securityEvidenceNormalizationSchema.safeParse(stateSlice.agentResults?.evidence?.metadata);
+        const normalizedEvidence = evidenceMetadata.success ? evidenceMetadata.data : undefined;
+        const referencedArtifactKinds = normalizedEvidence?.referencedArtifactKinds ?? asStringArray(intakeMetadata.referencedArtifactKinds);
+        const normalizedFocusAreas = normalizedEvidence?.normalizedFocusAreas ?? asStringArray(intakeMetadata.focusAreas);
+        const normalizedConstraints = asStringArray(intakeMetadata.constraints);
+        const evidenceSources = normalizedEvidence?.normalizedEvidenceSources && normalizedEvidence.normalizedEvidenceSources.length > 0
+            ? normalizedEvidence.normalizedEvidenceSources
+            : asStringArray(intakeMetadata.evidenceSources).length > 0
+                ? asStringArray(intakeMetadata.evidenceSources)
+                : [...new Set([securityRequest.targetRef, ...securityRequest.evidenceSources])];
+        const focusAreas = normalizedFocusAreas.length > 0 ? normalizedFocusAreas : securityRequest.focusAreas;
+        const inferredSeverity = securityRequest.releaseContext === "blocking" ? "high" : securityRequest.releaseContext === "candidate" ? "medium" : "low";
+        const findings = focusAreas.length > 0
+            ? focusAreas.map((focusArea, index) => ({
+                id: `security-finding-${index + 1}`,
+                title: `Inspect ${focusArea} evidence before promotion`,
+                summary: `Security review flagged ${focusArea} for bounded follow-up on ${securityRequest.targetRef}.`,
+                severity: inferredSeverity,
+                rationale: "The MVP security workflow synthesizes a structured report from validated references before deterministic evidence normalization lands.",
+                confidence: 0.76,
+                location: securityRequest.targetRef,
+                tags: ["security", focusArea]
+            }))
+            : [
+                {
+                    id: "security-finding-1",
+                    title: "Inspect referenced security evidence before promotion",
+                    summary: `Security review requires bounded interpretation of the referenced evidence for ${securityRequest.targetRef}.`,
+                    severity: inferredSeverity,
+                    rationale: "The current security workflow is read-only and request-driven, so findings remain tied to validated local references rather than automatic scanning.",
+                    confidence: 0.72,
+                    location: securityRequest.targetRef,
+                    tags: ["security", "evidence"]
+                }
+            ];
+        const mitigations = [
+            ...focusAreas.map((focusArea) => `Review ${focusArea} evidence and document the release impact before promotion.`),
+            ...(normalizedConstraints.length > 0 ? [`Keep security follow-up bounded by: ${normalizedConstraints.join("; ")}.`] : [])
+        ];
+        const followUpWork = [
+            ...(normalizedEvidence?.securitySignals ?? []),
+            ...(referencedArtifactKinds.length > 0
+                ? [`Confirm the security posture for referenced artifacts: ${referencedArtifactKinds.join(", ")}.`]
+                : []),
+            "Use deterministic security evidence normalization outputs before broadening the workflow surface."
+        ];
+        const summary = `Security report prepared for ${securityRequest.targetRef}.`;
+        const securityReport = securityArtifactSchema.parse({
+            ...buildLifecycleArtifactEnvelopeBase(state, "Security Review", summary, [
+                requestFile ?? ".agentops/requests/security.yaml",
+                ...(normalizedEvidence?.provenanceRefs ?? [securityRequest.targetRef, ...securityRequest.evidenceSources])
+            ]),
+            artifactKind: "security-report",
+            lifecycleDomain: "security",
+            redaction: {
+                applied: true,
+                strategyVersion: "1.0.0",
+                categories: ["github-token", "api-key", "aws-key", "bearer-token", "password", "private-key", "security-sensitive"]
+            },
+            payload: {
+                targetRef: securityRequest.targetRef,
+                evidenceSources,
+                findings,
+                severitySummary: `highest severity: ${inferredSeverity}; ${findings.length} synthesized security finding(s).`,
+                mitigations: mitigations.length > 0
+                    ? mitigations
+                    : ["Review the referenced security evidence before promoting this workflow output."],
+                releaseImpact: securityRequest.releaseContext === "blocking"
+                    ? "release-blocking security findings require resolution before promotion."
+                    : securityRequest.releaseContext === "candidate"
+                        ? "candidate release requires explicit security review before promotion."
+                        : "no release context was supplied; security output remains advisory.",
+                followUpWork
+            }
+        });
+        return agentOutputSchema.parse({
+            summary,
+            findings: [],
+            proposedActions: [],
+            lifecycleArtifacts: [securityReport],
+            requestedTools: [],
+            blockedActionFlags: [],
+            confidence: 0.76,
+            metadata: {
+                deterministicInputs: {
+                    targetRef: securityRequest.targetRef,
+                    evidenceSources,
+                    focusAreas,
+                    constraints: normalizedConstraints,
+                    referencedArtifactKinds,
+                    normalizedEvidence: normalizedEvidence ?? null
+                },
+                synthesizedAssessment: {
+                    severitySummary: securityReport.payload.severitySummary,
+                    mitigations: securityReport.payload.mitigations,
+                    followUpWork: securityReport.payload.followUpWork
+                }
+            }
+        });
+    }
+};
+const qaEvidenceNormalizationAgent = {
+    manifest: agentManifestSchema.parse({
+        version: 1,
+        name: "qa-evidence-normalizer",
+        displayName: "QA Evidence Normalizer",
+        category: "qa",
+        runtime: {
+            minVersion: "0.1.0",
+            kind: "deterministic"
+        },
+        permissions: {
+            model: false,
+            network: false,
+            tools: [],
+            readPaths: [".agentops/requests/**", ".agentops/runs/**", "**/package.json", "**/*.json", "**/*.xml", "**/*.log", "**/*.md"],
+            writePaths: []
+        },
+        inputs: ["workflowInputs", "repo", "agentResults"],
+        outputs: ["summary", "metadata"],
+        contextPolicy: {
+            sections: ["workflowInputs", "repo", "agentResults"],
+            minimalContext: true
+        },
+        catalog: {
+            domain: "test",
+            supportLevel: "internal",
+            maturity: "mvp",
+            trustScope: "official-core-only"
+        },
+        trust: {
+            tier: "core",
+            source: "official",
+            reviewed: true
+        }
+    }),
+    outputSchema: agentOutputSchema,
+    async execute({ stateSlice }) {
+        const qaRequest = getWorkflowInput(stateSlice, "qaRequest");
+        if (!qaRequest) {
+            throw new Error("qa-review requires validated QA request inputs before evidence normalization.");
+        }
+        const repoRoot = stateSlice.repo?.root;
+        const packageManager = stateSlice.repo?.packageManager || "pnpm";
+        const intakeMetadata = isRecord(stateSlice.agentResults?.intake?.metadata) ? stateSlice.agentResults.intake.metadata : {};
+        const targetType = typeof intakeMetadata.targetType === "string" ? intakeMetadata.targetType : "local-reference";
+        const targetPath = repoRoot ? join(repoRoot, qaRequest.targetRef) : qaRequest.targetRef;
+        if (repoRoot && !existsSync(targetPath)) {
+            throw new Error(`QA target reference not found: ${qaRequest.targetRef}`);
+        }
+        const referencedArtifactKinds = targetType === "artifact-bundle" ? loadBundleArtifactKinds(targetPath) : [];
+        const normalizedEvidenceSources = [...new Set([qaRequest.targetRef, ...qaRequest.evidenceSources])];
+        const missingEvidenceSources = normalizedEvidenceSources.filter((pathValue) => repoRoot && !existsSync(join(repoRoot, pathValue)));
+        if (missingEvidenceSources.length > 0) {
+            throw new Error(`QA evidence source not found: ${missingEvidenceSources[0]}`);
+        }
+        const bundleAffectedPaths = targetType === "artifact-bundle" && referencedArtifactKinds.includes("implementation-proposal") && existsSync(targetPath)
+            ? asStringArray((() => {
+                const parsed = JSON.parse(readFileSync(targetPath, "utf8"));
+                if (!isRecord(parsed) || !Array.isArray(parsed.lifecycleArtifacts)) {
+                    return [];
+                }
+                const implementationArtifact = parsed.lifecycleArtifacts.find((artifact) => isRecord(artifact) &&
+                    artifact.artifactKind === "implementation-proposal" &&
+                    isRecord(artifact.payload) &&
+                    Array.isArray(artifact.payload.affectedPaths));
+                return implementationArtifact?.payload?.affectedPaths ?? [];
+            })())
+            : [];
+        const affectedPackages = [...new Set(bundleAffectedPaths.map((pathValue) => derivePackageScope(pathValue)).filter((value) => Boolean(value)))];
+        const allowedValidationCommands = collectValidationCommands(repoRoot, packageManager, affectedPackages).filter((entry) => entry.classification === "approval_required");
+        const allowlistedCommands = new Set(allowedValidationCommands.map((entry) => entry.command));
+        const normalizedExecutedChecks = qaRequest.executedChecks.map(normalizeRequestedCommand);
+        const unrecognizedExecutedChecks = normalizedExecutedChecks.filter((command) => !allowlistedCommands.has(command));
+        const normalization = qaEvidenceNormalizationSchema.parse({
+            targetRef: qaRequest.targetRef,
+            targetType,
+            referencedArtifactKinds,
+            normalizedEvidenceSources,
+            missingEvidenceSources: [],
+            normalizedExecutedChecks,
+            unrecognizedExecutedChecks,
+            affectedPackages,
+            allowedValidationCommands
+        });
+        return agentOutputSchema.parse({
+            summary: `Normalized QA evidence across ${normalization.normalizedEvidenceSources.length} source(s) and ${normalization.allowedValidationCommands.length} allowlisted validation command(s).`,
+            findings: [],
+            proposedActions: [],
+            lifecycleArtifacts: [],
+            requestedTools: [],
+            blockedActionFlags: [],
+            metadata: normalization
+        });
+    }
+};
+const qaAnalystAgent = {
+    manifest: agentManifestSchema.parse({
+        version: 1,
+        name: "qa-analyst",
+        displayName: "QA Analyst",
+        category: "qa",
+        runtime: {
+            minVersion: "0.1.0",
+            kind: "reasoning"
+        },
+        permissions: {
+            model: true,
+            network: false,
+            tools: [],
+            readPaths: ["**/*"],
+            writePaths: []
+        },
+        inputs: ["workflowInputs", "repo", "changes", "agentResults"],
+        outputs: ["lifecycleArtifacts"],
+        contextPolicy: {
+            sections: ["workflowInputs", "repo", "changes", "agentResults"],
+            minimalContext: true
+        },
+        catalog: {
+            domain: "test",
+            supportLevel: "internal",
+            maturity: "mvp",
+            trustScope: "official-core-only"
+        },
+        trust: {
+            tier: "core",
+            source: "official",
+            reviewed: true
+        }
+    }),
+    outputSchema: agentOutputSchema,
+    async execute({ state, stateSlice }) {
+        const qaRequest = getWorkflowInput(stateSlice, "qaRequest");
+        const requestFile = getWorkflowInput(stateSlice, "requestFile");
+        if (!qaRequest) {
+            throw new Error("qa-review requires validated QA inputs before QA analysis.");
+        }
+        const intakeMetadata = isRecord(stateSlice.agentResults?.intake?.metadata) ? stateSlice.agentResults.intake.metadata : {};
+        const evidenceMetadata = isRecord(stateSlice.agentResults?.evidence?.metadata) ? stateSlice.agentResults.evidence.metadata : {};
+        const normalizedEvidenceSources = asStringArray(evidenceMetadata.normalizedEvidenceSources);
+        const normalizedExecutedChecks = asStringArray(evidenceMetadata.normalizedExecutedChecks);
+        const normalizedFocusAreas = asStringArray(intakeMetadata.focusAreas);
+        const normalizedConstraints = asStringArray(intakeMetadata.constraints);
+        const missingEvidenceSources = asStringArray(evidenceMetadata.missingEvidenceSources);
+        const unrecognizedExecutedChecks = asStringArray(evidenceMetadata.unrecognizedExecutedChecks);
+        const targetType = typeof evidenceMetadata.targetType === "string"
+            ? evidenceMetadata.targetType
+            : typeof intakeMetadata.targetType === "string"
+                ? intakeMetadata.targetType
+                : "local-reference";
+        const evidenceSources = normalizedEvidenceSources.length > 0
+            ? normalizedEvidenceSources
+            : [...new Set([qaRequest.targetRef, ...qaRequest.evidenceSources])];
+        const executedChecks = normalizedExecutedChecks.length > 0 ? normalizedExecutedChecks : qaRequest.executedChecks;
+        const focusAreas = normalizedFocusAreas.length > 0 ? normalizedFocusAreas : qaRequest.focusAreas;
+        const findings = focusAreas.length > 0
+            ? focusAreas.map((focusArea, index) => ({
+                id: `qa-finding-${index + 1}`,
+                title: `Inspect ${focusArea} evidence before promotion`,
+                summary: `QA review flagged ${focusArea} as an area requiring bounded interpretation for ${qaRequest.targetRef}.`,
+                severity: qaRequest.releaseContext === "blocking" ? "high" : qaRequest.releaseContext === "candidate" ? "medium" : "low",
+                rationale: `The MVP QA workflow remains read-only and request-driven, so ${focusArea} still depends on referenced evidence rather than automatic execution.`,
+                confidence: 0.74,
+                location: qaRequest.targetRef,
+                tags: ["qa", focusArea]
+            }))
+            : [
+                {
+                    id: "qa-finding-1",
+                    title: "Review referenced QA evidence before promotion",
+                    summary: `QA review requires bounded interpretation of the referenced evidence for ${qaRequest.targetRef}.`,
+                    severity: qaRequest.releaseContext === "blocking" ? "high" : "medium",
+                    rationale: "The current QA workflow synthesizes a report from validated references and does not execute arbitrary test commands.",
+                    confidence: 0.71,
+                    location: qaRequest.targetRef,
+                    tags: ["qa", "evidence"]
+                }
+            ];
+        const coverageGaps = [
+            ...(evidenceSources.length === 0 ? ["No QA evidence sources were provided beyond the target reference."] : []),
+            ...missingEvidenceSources.map((pathValue) => `Referenced QA evidence is missing: ${pathValue}`),
+            ...(focusAreas.includes("coverage") ? ["Coverage evidence still needs deterministic normalization before it can be promoted to an official QA signal."] : []),
+            ...(executedChecks.length === 0 ? ["No executed validation checks were recorded in the request."] : []),
+            ...unrecognizedExecutedChecks.map((command) => `Executed check is outside the bounded allowlist and still needs manual interpretation: ${command}`)
+        ];
+        const recommendedNextChecks = [
+            ...executedChecks.map((command) => `Review the recorded output for \`${command}\` before promotion.`),
+            ...focusAreas.map((focusArea) => `Confirm whether ${focusArea} needs additional deterministic QA evidence.`),
+            ...(normalizedConstraints.length > 0 ? [`Keep QA follow-up bounded by: ${normalizedConstraints.join("; ")}.`] : [])
+        ];
+        const summary = `QA report prepared for ${qaRequest.targetRef}.`;
+        const qaReport = qaArtifactSchema.parse({
+            ...buildArtifactEnvelopeBase(state, summary, [requestFile ?? ".agentops/requests/qa.yaml", qaRequest.targetRef, ...qaRequest.evidenceSources], []),
+            artifactKind: "qa-report",
+            lifecycleDomain: "test",
+            workflow: {
+                name: state.workflow,
+                displayName: "QA Review"
+            },
+            payload: {
+                targetRef: qaRequest.targetRef,
+                evidenceSources,
+                executedChecks,
+                findings,
+                coverageGaps,
+                recommendedNextChecks: recommendedNextChecks.length > 0
+                    ? recommendedNextChecks
+                    : ["Capture additional bounded QA evidence before promotion."],
+                releaseImpact: qaRequest.releaseContext === "blocking"
+                    ? "release-blocking QA findings require resolution before promotion."
+                    : qaRequest.releaseContext === "candidate"
+                        ? "candidate release still requires explicit QA review before promotion."
+                        : "no release context was supplied; QA output remains advisory."
+            }
+        });
+        return agentOutputSchema.parse({
+            summary,
+            findings: [],
+            proposedActions: [],
+            lifecycleArtifacts: [qaReport],
+            requestedTools: [],
+            blockedActionFlags: [],
+            confidence: 0.74,
+            metadata: {
+                deterministicInputs: {
+                    targetRef: qaRequest.targetRef,
+                    targetType,
+                    evidenceSources,
+                    executedChecks,
+                    focusAreas,
+                    constraints: normalizedConstraints
+                },
+                synthesizedAssessment: {
+                    releaseContext: qaRequest.releaseContext,
+                    recommendedNextChecks: qaReport.payload.recommendedNextChecks,
+                    coverageGaps: qaReport.payload.coverageGaps
+                }
+            }
+        });
+    }
+};
 const implementationInventoryAgent = {
     manifest: agentManifestSchema.parse({
         version: 1,
@@ -662,33 +1306,7 @@ const implementationInventoryAgent = {
         const policySurfaces = [
             ...new Set(resolvedAffectedPaths.filter((pathValue) => pathValue.includes("policy") || pathValue.includes(".agentops/policy.yaml")))
         ];
-        const discoveredValidationCommands = [];
-        const registerScripts = (packageJsonPath, source, packageName) => {
-            const scripts = parsePackageScripts(packageJsonPath);
-            for (const scriptName of Object.keys(scripts)) {
-                const command = buildValidationCommand(packageManager, scriptName, packageName);
-                discoveredValidationCommands.push({
-                    command,
-                    source,
-                    classification: allowedValidationScriptNames.has(scriptName) ? "approval_required" : "deny",
-                    reason: allowedValidationScriptNames.has(scriptName)
-                        ? "Discovered from a bounded repository script; execution would still require approval."
-                        : "Command is not in the bounded allowlist for implementation validation."
-                });
-            }
-        };
-        if (repoRoot) {
-            registerScripts(join(repoRoot, "package.json"), "package-script");
-            for (const packageScope of affectedPackages) {
-                const packageJsonPath = join(repoRoot, packageScope, "package.json");
-                if (!existsSync(packageJsonPath)) {
-                    continue;
-                }
-                const parsed = JSON.parse(readFileSync(packageJsonPath, "utf8"));
-                const packageName = isRecord(parsed) && typeof parsed.name === "string" ? parsed.name : packageScope;
-                registerScripts(packageJsonPath, "workspace-script", packageName);
-            }
-        }
+        const discoveredValidationCommands = collectValidationCommands(repoRoot, packageManager, affectedPackages);
         const normalizedRequestedCommands = implementationRequest.validationCommands.map(normalizeRequestedCommand);
         const allowlistedCommands = new Set(discoveredValidationCommands
             .filter((entry) => entry.classification === "approval_required")
@@ -1218,6 +1836,11 @@ export function createBuiltinAgentRegistry() {
         ["design-inventory", designInventoryAgent],
         ["implementation-intake", implementationIntakeAgent],
         ["qa-intake", qaIntakeAgent],
+        ["security-intake", securityIntakeAgent],
+        ["security-evidence-normalizer", securityEvidenceNormalizationAgent],
+        ["security-analyst", securityAnalystAgent],
+        ["qa-evidence-normalizer", qaEvidenceNormalizationAgent],
+        ["qa-analyst", qaAnalystAgent],
         ["implementation-inventory", implementationInventoryAgent],
         ["implementation-planner", implementationPlannerAgent],
         ["design-analyst", designAnalystAgent],