@raishin/vanguard-frontier-agentic 1.0.0 → 1.2.0

package/catalog/agents.json

@@ -1,9 +1,9 @@
 [
   {
-    "id": "azure-ai-foundry-ops-governor-agent",
-    "name": "Azure AI Foundry Ops Governor",
+    "id": "aws-agentcore-agent",
+    "name": "AWS AgentCore",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -12,33 +12,40 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-ai-foundry-ops-governor. Govern Microsoft Foundry and Azure AI Foundry operations across resource-versus-project boundaries, RBAC, quotas, network isolation, logging, and safe MCP-backed execution.",
+    "summary": "Agent for aws-agentcore. Build, test, migrate, and deploy Amazon Bedrock AgentCore code-based agents and harness workflows with runtime, policy, environment/skills, Memory, Gateway, Identity, Observability, Browser, Code Interpreter, and security guidance loaded progressively.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/foundry/concepts/architecture",
-      "https://learn.microsoft.com/en-us/azure/foundry/concepts/rbac-foundry",
-      "https://learn.microsoft.com/en-us/azure/foundry/concepts/planning",
-      "https://learn.microsoft.com/en-us/azure/foundry/mcp/security-best-practices?view=foundry",
-      "https://learn.microsoft.com/en-us/azure/foundry/how-to/configure-private-link",
-      "https://learn.microsoft.com/en-us/azure/foundry/how-to/managed-virtual-network",
-      "https://learn.microsoft.com/en-us/azure/foundry/how-to/quota",
-      "https://learn.microsoft.com/en-us/azure/foundry/foundry-models/quotas-limits",
-      "https://learn.microsoft.com/en-us/azure/foundry/foundry-models/how-to/monitor-models",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Keep Foundry resource governance separate from project developer isolation, prefer Entra ID over key-based auth, verify quota and diagnostics before rollout, and treat MCP mutations as higher risk than read-only discovery, especially because hosted Foundry MCP security guidance documents preview and public-endpoint limitations. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-ai-foundry-ops-governor-agent",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/develop-agents.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/agentcore-get-started-cli.md",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-get-started.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-environment.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-security.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/what-is-bedrock-agentcore.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/runtime-get-started.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/memory.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/identity.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-configure.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/code-interpreter.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-tools.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/policy.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/policy-create-policies.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/policy-core-concepts.html",
+      "https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/harness-operations.html"
+    ],
+    "security_notes": "Do not hardcode credentials, tokens, client secrets, account IDs, or customer data. Prefer AgentCore Identity/Gateway for managed credentials, enforce Cedar policy where Gateway is used, verify region and preview-feature constraints, keep least-privilege roles, and require explicit approval before deployment or tool-exposure changes.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-agentcore-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-aks-platform-operator-agent",
-    "name": "Azure AKS Platform Operator",
+    "id": "aws-api-edge-delivery-review-agent",
+    "name": "AWS API Edge Delivery Review",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -47,30 +54,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-aks-platform-operator. Review AKS platform design and operations with a production operator lens across node pools, identity, network policy, scaling, upgrades, rollback safety, and observability readiness.",
+    "summary": "Agent for aws-api-edge-delivery-review. Review API Gateway, CloudFront, AWS WAF, Shield, ALB edge/API exposure, throttling, auth, TLS, origin protection, caching, logging, and abuse controls.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-kubernetes",
-      "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks",
-      "https://learn.microsoft.com/en-us/azure/aks/upgrade-options",
-      "https://learn.microsoft.com/en-us/azure/aks/upgrade-conceptual",
-      "https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview",
-      "https://learn.microsoft.com/en-us/azure/aks/network-policy-best-practices",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Do not wave through AKS as production ready without explicit upgrade, rollback, workload identity, traffic-control, subnet-capacity, and observability evidence. Treat flat pod networking, static secrets, and untested drain behavior as high-risk. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-aks-platform-operator-agent",
+      "https://docs.aws.amazon.com/apigateway/latest/developerguide/security-best-practices.html",
+      "https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html",
+      "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html",
+      "https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html"
+    ],
+    "security_notes": "Do not approve public API or edge changes without auth, throttling, TLS, logging, WAF/origin protection where appropriate, sensitive-log controls, and rollback path.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-api-edge-delivery-review-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-app-service-production-readiness-agent",
-    "name": "Azure App Service Production Readiness",
+    "id": "aws-bedrock-agent-security-governor-agent",
+    "name": "AWS Bedrock Agent Security Governor",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -79,40 +81,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-app-service-production-readiness. Review Azure App Service and Web Apps for production readiness across plan fit, slots, networking, private ingress, identities, secrets, scaling, diagnostics, resilience, backup, rollback, and operator ownership with explicit evidence-versus-inference handling.",
+    "summary": "Agent for aws-bedrock-agent-security-governor. Review Amazon Bedrock agents, AgentCore, Guardrails, knowledge bases, action groups, memory, prompt-injection defenses, PII handling, observability, and least-privilege access.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/app-service-web-apps",
-      "https://learn.microsoft.com/en-us/azure/app-service/deploy-best-practices",
-      "https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots",
-      "https://learn.microsoft.com/en-us/azure/app-service/app-service-best-practices",
-      "https://learn.microsoft.com/en-us/azure/app-service/manage-scale-up",
-      "https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-enable",
-      "https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-routing",
-      "https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint",
-      "https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions",
-      "https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references",
-      "https://learn.microsoft.com/en-us/azure/app-service/monitor-instances-health-check",
-      "https://learn.microsoft.com/en-us/azure/app-service/manage-backup",
-      "https://learn.microsoft.com/en-us/azure/app-service/configure-zone-redundancy",
-      "https://learn.microsoft.com/en-us/azure/reliability/reliability-app-service",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-app-service",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Do not confuse plan SKU with readiness, public access restrictions with true private ingress, or backup configuration with recovery readiness. Prefer managed identity and Key Vault references over embedded secrets, treat app settings as sensitive, and do not invent unsupported Azure MCP namespaces or operations. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-app-service-production-readiness-agent",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/security-best-practice-agents.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-injection.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-how.html"
+    ],
+    "security_notes": "Do not grant broad tool or data access to Bedrock agents. Require least privilege, prompt-injection tests, guardrail coverage, PII controls, observability, and kill-switch/rollback design.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-bedrock-agent-security-governor-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-cosmosdb-application-developer-agent",
-    "name": "Azure Cosmos DB Application Developer",
-    "version": "0.2.0",
+    "id": "aws-change-impact-advisor-agent",
+    "name": "AWS Change Impact Advisor",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -121,32 +108,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-cosmosdb-application-developer. Guide Azure Cosmos DB application development across NoSQL data modeling, partition-aware access patterns, point reads, query shape, SDK usage, transactional batch scope, and consistency-aware application behavior with explicit evidence-versus-inference handling.",
+    "summary": "Agent for aws-change-impact-advisor. Assess planned AWS change impact, blast radius, rollback readiness, stakeholder communication, and non-destructive go/no-go guidance before execution.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/partitioning",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/modeling-data",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-consistency",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
-      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/transactional-batch",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/find-request-unit-charge"
-    ],
-    "security_notes": "Do not recommend data models, query patterns, transactional assumptions, or SDK usage that ignore partition scope, RU cost, consistency semantics, or least-privilege access boundaries. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-cosmosdb-application-developer-agent",
-    "author": "github: Raishin"
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/choosing-git-branch-approach/plan-your-change-management-strategy.html",
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/change-calendar.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/design_principles.html"
+    ],
+    "security_notes": "This role is advisory only. Do not approve execution from weak evidence. Require explicit rollback, dependency, owner, and communication clarity before treating a change as low-risk.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-change-impact-advisor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
   },
   {
-    "id": "azure-cosmosdb-performance-investigator-agent",
-    "name": "Azure Cosmos DB Performance Investigator",
-    "version": "0.2.0",
+    "id": "aws-ci-cd-release-engineer-agent",
+    "name": "AWS CI/CD Release Engineer",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -155,31 +135,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-cosmosdb-performance-investigator. Investigate Azure Cosmos DB query latency, RU inefficiency, throttling, hot partitions, indexing gaps, and workload-level performance pathologies using explicit evidence, metrics, and step-by-step profiling discipline.",
+    "summary": "Agent for aws-ci-cd-release-engineer. Review AWS release pipelines, deployment gates, artifact provenance, CodePipeline/CodeBuild/CodeDeploy, GitHub/GitLab integrations, rollback, change correlation, and incident prevention.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/troubleshoot-query-performance",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/index-metrics",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/use-metrics",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-redistribute-throughput-across-partitions",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/performance-tips-dotnet-sdk-v3",
-      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db"
-    ],
-    "security_notes": "Do not recommend throughput increases, repartitioning, indexing changes, or SDK tuning before separating RU cost, latency, partition skew, and query-shape evidence. Avoid speculative fixes that hide workload design defects. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-cosmosdb-performance-investigator-agent",
-    "author": "github: Raishin"
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent.html",
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/working-with-devops-agent-proactive-incident-prevention.html",
+      "https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-rollback-and-redeploy.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html"
+    ],
+    "security_notes": "Do not approve production pipelines without artifact integrity, least-privilege deploy roles, quality/security gates, deployment telemetry, rollback criteria, and post-deploy validation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-ci-cd-release-engineer-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
   },
   {
-    "id": "azure-cosmosdb-platform-operator-agent",
-    "name": "Azure Cosmos DB Platform Operator",
-    "version": "0.2.0",
+    "id": "aws-compliance-evidence-mapper-agent",
+    "name": "AWS Compliance Evidence Mapper",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -188,30 +162,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-cosmosdb-platform-operator. Review and operate Azure Cosmos DB platform posture across accounts, databases, containers, partitioning, throughput, consistency, indexing, throttling, multi-region tradeoffs, and operational guardrails with explicit evidence-versus-inference handling.",
+    "summary": "Agent for aws-compliance-evidence-mapper. Map AWS controls, Security Hub findings, AWS Config conformance packs, Audit Manager assessments, evidence folders, manual evidence, and report gaps for audit readiness.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/partitioning",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/modeling-data",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-consistency",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
-      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db",
-      "https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys"
-    ],
-    "security_notes": "Do not approve a partition key, indexing posture, consistency change, or cross-partition query strategy without checking workload shape, RU impact, transactional scope, and least-privilege access implications. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-cosmosdb-platform-operator-agent",
-    "author": "github: Raishin"
+      "https://docs.aws.amazon.com/audit-manager/latest/userguide/assessments.html",
+      "https://docs.aws.amazon.com/audit-manager/latest/userguide/review-evidence.html",
+      "https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html",
+      "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html"
+    ],
+    "security_notes": "Do not claim compliance from tool output alone. Label evidence freshness, scope, inconclusive evidence, missing Config/Security Hub coverage, and need for legal/compliance review.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-compliance-evidence-mapper-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
   },
   {
-    "id": "azure-cost-estimation-review-agent",
-    "name": "Azure Cost Estimation Review",
+    "id": "aws-cost-anomaly-watch-coordinator-agent",
+    "name": "AWS Cost Anomaly Watch Coordinator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -220,30 +189,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-cost-estimation-review. Review Azure cost estimates for pricing-calculator assumptions, SKU and region realism, production versus nonproduction sizing, omission risk, and explicit uncertainty labeling.",
+    "summary": "Agent for aws-cost-anomaly-watch-coordinator. Review AWS cost anomalies, budget drift, usage spikes, and savings opportunities with non-destructive recommendations and business-facing escalation guidance.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/plan-manage-costs",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/pricing-calculator",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/savings-plan/manage-savings-plan",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-pricing",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Do not present calculator output as invoice truth, do not hide missing sizing assumptions, and do not imply unsupported Azure MCP pricing or billing capabilities. Treat negotiated pricing, discount posture, and future utilization as explicit uncertainty unless verified. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-cost-estimation-review-agent",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/management-limits.html",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/getting-started-ad.html",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html"
+    ],
+    "security_notes": "Keep the role advisory and non-destructive. Do not stop workloads or alter purchasing commitments from this role. Focus on evidence, hypotheses, safe next checks, and escalation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-cost-anomaly-watch-coordinator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-cost-optimization-governor-agent",
-    "name": "Azure Cost Optimization Governor",
+    "id": "aws-cost-optimization-governor-agent",
+    "name": "AWS Cost Optimization Governor",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -252,33 +216,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-cost-optimization-governor. Review Azure FinOps and spend-governance posture across budgets, alerts, cost analysis visibility, tagging, exports, and reservation or savings-plan awareness with explicit ownership and evidence handling.",
+    "summary": "Agent for aws-cost-optimization-governor. Review AWS cost posture across Cost Explorer, Budgets, Cost Optimization Hub, Compute Optimizer, commitments, tagging, showback, idle waste, and rightsizing.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/plan-manage-costs",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-create-budgets",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/reporting-get-started",
-      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-improved-exports",
-      "https://learn.microsoft.com/en-us/azure/advisor/advisor-reference-cost-recommendations",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-pricing",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-advisor",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Do not promise savings without utilization evidence, treat budgets as alerts rather than enforcement, keep billing and export data sanitized, and require named ownership for alerts, tags, exports, and optimization follow-up before calling the FinOps posture credible. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-cost-optimization-governor-agent",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/cost-optimization-hub.html",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-best-practices.html",
+      "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-api-best-practices.html/",
+      "https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/welcome.html"
+    ],
+    "security_notes": "Do not recommend cost cuts that remove backups, logging, security controls, redundancy, or tested capacity without explicit risk acceptance and rollback evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-cost-optimization-governor-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-entra-id-specialist-agent",
-    "name": "Azure Entra ID Specialist",
-    "version": "0.2.0",
+    "id": "aws-daily-operations-briefing-coordinator-agent",
+    "name": "AWS Daily Operations Briefing Coordinator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -287,30 +243,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-entra-id-specialist. Review and guide Microsoft Entra ID tenant posture across conditional access, authentication methods, MFA and SSPR registration, identity protection, workload identities, app registrations, external identities, governance boundaries, and least-privilege identity operations with explicit evidence-versus-inference handling.",
+    "summary": "Agent for aws-daily-operations-briefing-coordinator. Prepare non-destructive AWS daily operations briefings across health signals, incidents, deployments, cost drift, open risks, and action backlog for business and engineering stakeholders.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/entra/fundamentals/what-is-entra",
-      "https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview",
-      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure",
-      "https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-security-info-registration",
-      "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-users-groups",
-      "https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview",
-      "https://learn.microsoft.com/en-us/entra/id-protection/concept-workload-identity-risk"
-    ],
-    "security_notes": "Do not recommend broad exclusions, unsafe break-glass patterns, blanket MFA bypasses, overprivileged app registrations, or risky Conditional Access changes without scoping blast radius, role ownership, and recovery paths. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-entra-id-specialist-agent",
-    "author": "github: Raishin"
+      "https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/introduction.html",
+      "https://docs.aws.amazon.com/cost-management/latest/userguide/ce-what-is.html",
+      "https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html"
+    ],
+    "security_notes": "Do not treat dashboards as proof. Keep reporting read-only, evidence-based, and explicit about unknowns. Never recommend mutation or production changes without separate approval and deeper technical review.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-daily-operations-briefing-coordinator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
   },
   {
-    "id": "azure-governance-policy-guardrails-agent",
-    "name": "Azure Governance Policy Guardrails",
+    "id": "aws-data-protection-backup-steward-agent",
+    "name": "AWS Data Protection Backup Steward",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -319,33 +270,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-governance-policy-guardrails. Design and review Azure Policy guardrails, initiatives, assignment scope, exclusions, remediation risk, and staged governance rollout patterns.",
+    "summary": "Agent for aws-data-protection-backup-steward. Review AWS backup and data protection across AWS Backup, snapshots, vaults, restore testing, retention, encryption, immutability, cross-account copy, and recovery evidence.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/tailoring-alz",
-      "https://learn.microsoft.com/en-us/azure/governance/policy/overview",
-      "https://learn.microsoft.com/en-us/azure/governance/policy/concepts/initiative-definition-structure",
-      "https://learn.microsoft.com/en-us/azure/governance/policy/assign-policy-portal",
-      "https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources",
-      "https://learn.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/migrate-azure-landing-zone-policies",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-policy",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Do not recommend broad-scope deny or remediation-first rollout without blast-radius review, inheritance analysis, exception handling, and rollback notes. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-governance-policy-guardrails-agent",
+      "https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html",
+      "https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html",
+      "https://docs.aws.amazon.com/aws-backup/latest/devguide/cross-account-backup.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html"
+    ],
+    "security_notes": "Do not treat snapshots as sufficient data protection. Check restore permissions, KMS access, vault policy, immutability, cross-account isolation, and tested recovery evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-data-protection-backup-steward-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-identity-governance-review-agent",
-    "name": "Azure Identity Governance Review",
+    "id": "aws-deployment-hotfix-operator-agent",
+    "name": "AWS Deployment Hotfix Operator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -354,34 +297,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-identity-governance-review. Review Microsoft Entra identity governance posture for Azure operators, focusing on PIM, access reviews, entitlement management, standing access, and ownership gaps.",
+    "summary": "Agent for aws-deployment-hotfix-operator. Patch AWS deployment manifests, environment config, release toggles, and rollout settings quickly in-repo with explicit rollback notes and no live-cloud mutation by default.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones",
-      "https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices",
-      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/",
-      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles",
-      "https://learn.microsoft.com/en-us/entra/id-governance/access-reviews-overview",
-      "https://learn.microsoft.com/en-us/entra/id-governance/manage-access-review",
-      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review",
-      "https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-overview",
-      "https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-reviews-create",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/choosing-git-branch-approach/plan-your-change-management-strategy.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/design_principles.html"
     ],
-    "security_notes": "Challenge standing privileged access by default. Do not treat PIM, access reviews, or entitlement management as sufficient unless scope, ownership, cadence, and removal behavior are explicit. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-identity-governance-review-agent",
+    "security_notes": "Repo write access only. Do not deploy, apply, destroy, or mutate live AWS resources from this role by default. Require explicit human approval for any step beyond repo patching and validation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-deployment-hotfix-operator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-key-vault-secret-lifecycle-auditor-agent",
-    "name": "Azure Key Vault Secret Lifecycle Auditor",
+    "id": "aws-devops-agent-skill-designer-agent",
+    "name": "AWS DevOps Agent Skill Designer",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -390,32 +322,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-key-vault-secret-lifecycle-auditor. Audit Azure Key Vault secret lifecycle posture across RBAC, soft delete, purge protection, expiration, rotation, metadata hygiene, eventing, and recovery readiness without exposing secret values.",
+    "summary": "Agent for aws-devops-agent-skill-designer. Design AWS DevOps Agent-compatible skills, investigation workflows, learned skills, tool-use best practices, agent targeting, frontmatter triggers, and operational output contracts.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-key-vault",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/services/azure-mcp-server-for-key-vault",
-      "https://learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/autorotation",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery",
-      "https://learn.microsoft.com/en-us/azure/key-vault/policy-reference",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
-    ],
-    "security_notes": "Avoid retrieving secret values unless absolutely necessary. Treat purge authority, missing soft delete, missing purge protection, and unproven rotation or recovery paths as high-risk. Prefer RBAC least privilege and metadata-based audits over content access. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-key-vault-secret-lifecycle-auditor-agent",
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-devops-agent-skills.html",
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-learned-skills.html",
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent.html",
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/aws-devops-agent-security.html"
+    ],
+    "security_notes": "Do not create AWS DevOps Agent skills with vague descriptions, broad agent targeting, secret-handling instructions, unsupported executable assumptions, or missing success criteria.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-devops-agent-skill-designer-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-landing-zone-architect-agent",
-    "name": "Azure Landing Zone Architect",
+    "id": "aws-dynamodb-data-modeling-performance-review-agent",
+    "name": "AWS DynamoDB Data Modeling Performance Review",
     "type": "agent",
-    "provider": "azure",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -424,31 +349,1644 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-landing-zone-architect. Design or review Azure landing-zone architecture across management groups, subscriptions, governance, security, networking, and operations dependencies.",
+    "summary": "Agent for aws-dynamodb-data-modeling-performance-review. Review DynamoDB table design, partition keys, sort keys, GSIs/LSIs, hot partitions, query/scan patterns, capacity, global tables, TTL, DAX, and cost/performance tradeoffs.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access",
-      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
-      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/security",
-      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/implementation-options",
+      "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html",
+      "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html",
+      "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-indexes.html",
+      "https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html"
+    ],
+    "security_notes": "Do not recommend DynamoDB schemas without explicit access patterns, partition cardinality, index tradeoffs, capacity/cost implications, and migration or backfill safety.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-dynamodb-data-modeling-performance-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-ec2-compute-operations-steward-agent",
+    "name": "AWS EC2 Compute Operations Steward",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-ec2-compute-operations-steward. Review EC2, Auto Scaling, Launch Templates, AMIs, Systems Manager, Patch Manager, EBS, snapshots, health checks, instance refresh, lifecycle hooks, and fleet operations.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-best-practices.html",
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html",
+      "https://docs.aws.amazon.com/autoscaling/ec2/userguide/instance-refresh-overview.html",
+      "https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html"
+    ],
+    "security_notes": "Do not approve EC2 fleet operations without patch compliance, managed access, health checks, rollback, backup/snapshot posture, IAM instance-profile review, and launch-template evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-ec2-compute-operations-steward-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-ecs-fargate-platform-operator-agent",
+    "name": "AWS ECS Fargate Platform Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-ecs-fargate-platform-operator. Review Amazon ECS and Fargate services across task roles, execution roles, deployment circuit breakers, blue/green, load balancing, autoscaling, logging, networking, and rollback.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-failure-detection.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-circuit-breaker.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-blue-green.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-roles.html"
+    ],
+    "security_notes": "Do not approve ECS/Fargate production changes without task-role separation, deployment rollback behavior, health check evidence, logs, secrets posture, and load balancer/target group validation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-ecs-fargate-platform-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-ecs-service-remediation-operator-agent",
+    "name": "AWS ECS Service Remediation Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-ecs-service-remediation-operator. Correct ECS/Fargate service definitions, task settings, deployment parameters, and environment configuration in-repo with bounded write access and no live service mutation by default.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_definition_parameters.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html"
+    ],
+    "security_notes": "Repo write access only. Do not force new deployments, scale services, or alter live task state from this role by default. Surface rollout and rollback implications explicitly.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-ecs-service-remediation-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-eks-platform-operator-agent",
+    "name": "AWS EKS Platform Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-eks-platform-operator. Review Amazon EKS platform operations across cluster identity, access entries, node strategy, networking, autoscaling, upgrades, reliability, security, observability, and cost.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/eks/latest/best-practices/introduction.html",
+      "https://docs.aws.amazon.com/eks/latest/best-practices/security.html",
+      "https://docs.aws.amazon.com/eks/latest/best-practices/reliability.html",
+      "https://docs.aws.amazon.com/eks/latest/userguide/security-iam.html"
+    ],
+    "security_notes": "Do not call an EKS cluster production-ready without explicit identity, network isolation, upgrade, node disruption, image/runtime security, and observability evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-eks-platform-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-event-driven-architecture-review-agent",
+    "name": "AWS Event Driven Architecture Review",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-event-driven-architecture-review. Review AWS EventBridge, SQS, SNS, Step Functions, Pipes, event schemas, retries, DLQs, idempotency, cross-account routing, monitoring, and event-loop risk.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html",
+      "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-patterns-best-practices.html",
+      "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-rules-best-practices.html",
+      "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-monitoring-events-best-practices.html"
+    ],
+    "security_notes": "Do not accept event-driven designs without precise patterns, DLQs/retry semantics, idempotent consumers, monitoring, cross-account policy review, and loop/cost controls.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-event-driven-architecture-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-generative-ai-developer-agent",
+    "name": "AWS Generative AI Developer",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-generative-ai-developer. Build Amazon Bedrock applications with a serverless-first architecture using Lambda, API Gateway, Step Functions, EventBridge, S3, DynamoDB, SQS, Guardrails, and IAM.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/what-is-bedrock.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/security-overview.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/security-best-practice-agents.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/prompt-injection.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/bedrock-example-cross-serverless-prompt-chaining-section.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/with-step-functions.html",
+      "https://docs.aws.amazon.com/apigateway/latest/developerguide/security-best-practices.html"
+    ],
+    "security_notes": "Prefer serverless managed services for this role unless a concrete blocker is provided. Do not approve broad model access, unsafe prompt/tool flows, weak auth, uncontrolled retention, or missing observability and cost controls.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-generative-ai-developer-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-iac-change-safety-review-agent",
+    "name": "AWS IaC Change Safety Review",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-iac-change-safety-review. Review AWS CDK, CloudFormation, SAM, Terraform, and mixed IaC changes for replacement, deletion, drift, IAM, network, data-loss, rollback, and deployment safety risks.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/cdk/v2/guide/best-practices.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/drift-aware-change-sets.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html"
+    ],
+    "security_notes": "Never approve an AWS IaC deployment from source diff alone when production state, generated artifacts, change sets, drift, replacements, destructive changes, or rollback are unresolved.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-iac-change-safety-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-iac-patch-executor-agent",
+    "name": "AWS IaC Patch Executor",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-iac-patch-executor. Edit AWS IaC files such as CloudFormation, SAM, CDK config, and Terraform configuration in a bounded, non-destructive way with validation-first discipline.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html",
+      "https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-best-practices.html",
+      "https://docs.aws.amazon.com/cdk/v2/guide/best-practices.html"
+    ],
+    "security_notes": "Can edit IaC files, not execute live infra changes. Never hide replacements, blast-radius risks, or IAM broadening. Always surface validation gaps and rollback concerns.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-iac-patch-executor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-iam-least-privilege-review-agent",
+    "name": "AWS IAM Least Privilege Review",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-iam-least-privilege-review. Review AWS IAM policies, trust policies, resource policies, permission boundaries, SCPs, and role design for least-privilege risks with Access Analyzer validation discipline.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html",
+      "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html",
+      "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html",
+      "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html"
+    ],
+    "security_notes": "Prefer read-only inspection and minimum permission changes. Do not broaden IAM access, invent ARNs, or approve production trust changes without Access Analyzer validation where available.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-iam-least-privilege-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-kms-secrets-lifecycle-steward-agent",
+    "name": "AWS KMS Secrets Lifecycle Steward",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-kms-secrets-lifecycle-steward. Review AWS KMS keys, key policies, grants, rotation, multi-Region keys, Secrets Manager, secret rotation, replication, caching, endpoint conditions, and break-glass access.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/kms/latest/developerguide/grant-best-practices.html",
+      "https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html",
+      "https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html",
+      "https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html"
+    ],
+    "security_notes": "Do not change key policies, grants, key deletion, secret rotation, or multi-Region encryption without impact analysis for access, recovery, auditability, and rollback.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-kms-secrets-lifecycle-steward-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-landing-zone-governor-agent",
+    "name": "AWS Landing Zone Governor",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-landing-zone-governor. Review AWS multi-account landing zones, Control Tower posture, Organizations structure, OUs, guardrails, logging, audit accounts, and account vending decisions.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/controltower/latest/userguide/aws-multi-account-landing-zone.html",
+      "https://docs.aws.amazon.com/controltower/latest/userguide/lz-update-best-practices.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-aws-environment/understanding-landing-zones.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/designing-control-tower-landing-zone/introduction.html"
+    ],
+    "security_notes": "Do not collapse environments into one account for convenience. Treat weak OU design, missing centralized logging, unmanaged SCPs, and unclear account ownership as governance risks.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-landing-zone-governor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-live-deployment-guarded-operator-agent",
+    "name": "AWS Live Deployment Guarded Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-live-deployment-guarded-operator. Operate guarded live AWS deployment changes only after explicit target confirmation, approval checkpoints, dry-run or preview evidence, rollback readiness, and post-change verification.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/cli/v1/reference/sts/get-caller-identity.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals.html",
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/welcome.html"
+    ],
+    "security_notes": "This role may work in repos connected to live AWS credentials. Never run live deployment mutations without explicit target confirmation, preview evidence, approval, rollback readiness, and post-change verification.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-live-deployment-guarded-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-live-ecs-rollout-guard-agent",
+    "name": "AWS Live ECS Rollout Guard",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-live-ecs-rollout-guard. Guard live Amazon ECS and Fargate rollout actions with service targeting, deployment circuit breaker or alarm checks, rollback posture, and explicit approval before mutation.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-circuit-breaker.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-alarm-failure.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-failure-detection.html",
+      "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_service_deployment_events.html"
+    ],
+    "security_notes": "Live ECS rollout actions require exact service targeting, health evidence, rollback posture, and explicit approval. Never treat force-new-deployment as a harmless default.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-live-ecs-rollout-guard-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-live-iac-change-guard-agent",
+    "name": "AWS Live IaC Change Guard",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-live-iac-change-guard. Guard live CloudFormation, SAM, CDK, and Terraform-backed AWS infrastructure changes with change sets or plans, rollback triggers, stack policies, drift checks, and explicit approval.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-rollback-triggers.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html",
+      "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/detect-drift-stack.html"
+    ],
+    "security_notes": "Live IaC execution only with explicit preview evidence, confirmed targets, rollback triggers or equivalent safeguards, and human approval before execute. Never treat repo write access as enough authority for live infrastructure mutation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-live-iac-change-guard-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-live-pipeline-approval-operator-agent",
+    "name": "AWS Live Pipeline Approval Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-live-pipeline-approval-operator. Handle live CodePipeline approval and gated resume decisions with exact pipeline targeting, approver scope, stage evidence, blast-radius review, and explicit approval auditability.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-action-add.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-iam-permissions.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/actions.html"
+    ],
+    "security_notes": "This role may interact with real pipeline approvals. Never approve, reject, or resume the wrong execution. Require exact targeting, approver authority, evidence review, and post-action verification.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-live-pipeline-approval-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-live-serverless-release-guard-agent",
+    "name": "AWS Live Serverless Release Guard",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-live-serverless-release-guard. Guard live Lambda and serverless release actions with alias targeting, canary or linear rollout discipline, alarms, rollback hooks, and explicit production approval.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/configuring-alias-routing.html",
+      "https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html",
+      "https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html"
+    ],
+    "security_notes": "Live serverless rollout actions require exact alias or deployment targeting, explicit approval, alarms, rollback posture, and post-change observation. Never shift traffic casually in a live environment.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-live-serverless-release-guard-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-migration-cutover-architect-agent",
+    "name": "AWS Migration Cutover Architect",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-migration-cutover-architect. Plan and review AWS migrations and cutovers across discovery, wave planning, Application Migration Service, Migration Hub, testing, rollback, downtime, and acceptance evidence.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/mgn/latest/ug/best_practices_mgn.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-database-rehost-tools/mgn.html",
+      "https://docs.aws.amazon.com/decision-guides/latest/migration-on-aws-how-to-choose/migration-on-aws-how-to-choose.html",
+      "https://docs.aws.amazon.com/whitepapers/latest/aws-overview/migration-services.html"
+    ],
+    "security_notes": "Do not approve migration cutover without dependency evidence, tested launch, acceptance checks, rollback, security baseline, observability, and clear business owner signoff.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-migration-cutover-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-network-architect-agent",
+    "name": "AWS Network Architect",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-network-architect. Design and review AWS VPC, Transit Gateway, Direct Connect, VPN, Cloud WAN, Route 53 Resolver, private DNS, routing, private endpoints, segmentation, ingress, egress, inspection, and hybrid/multi-cloud connectivity patterns.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html",
+      "https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html",
+      "https://docs.aws.amazon.com/aws-technical-content/latest/aws-vpc-connectivity-options/network-to-amazon-vpc-connectivity-options.html",
+      "https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/transit-gateway.html",
+      "https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html",
+      "https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html"
+    ],
+    "security_notes": "Do not recommend public exposure, broad routes, overlapping CIDRs, route propagation, hybrid connectivity, DNS forwarding, or centralized inspection changes without traffic-flow evidence, rollback, and blast-radius analysis.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-network-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-non-destructive-task-automation-advisor-agent",
+    "name": "AWS Non-Destructive Task Automation Advisor",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-non-destructive-task-automation-advisor. Design AWS-native, non-destructive automation for reporting, notification, evidence gathering, approvals, and workflow coordination using serverless and event-driven services.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html",
+      "https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html",
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html"
+    ],
+    "security_notes": "This role must stay non-destructive. Prefer notification, approval, reporting, and evidence-collection flows. Escalate if the request drifts into mutation, remediation, or destructive operational automation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-non-destructive-task-automation-advisor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-observability-incident-responder-agent",
+    "name": "AWS Observability Incident Responder",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-observability-incident-responder. Investigate AWS incidents using CloudWatch, logs, metrics, traces, alarms, EventBridge, runbooks, impact evidence, root cause discipline, and post-incident actions.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html",
+      "https://docs.aws.amazon.com/IDR/latest/userguide/observe-idr.html",
+      "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-IncidentReports-terms.html",
+      "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/incident-report-5whys.html"
+    ],
+    "security_notes": "Do not claim root cause without evidence. Separate live telemetry, service health, deployment changes, AI-derived insights, and human inference; require rollback or containment for active incidents.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-observability-incident-responder-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-pipeline-fix-operator-agent",
+    "name": "AWS Pipeline Fix Operator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-pipeline-fix-operator. Repair AWS-oriented CI/CD pipeline definitions, buildspecs, deployment workflow config, and release wiring in-repo without triggering live execution.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html",
+      "https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html",
+      "https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html"
+    ],
+    "security_notes": "Repo write access only. Do not manually trigger pipelines, rotate secrets, or bypass approval gates from this role. Keep fixes explicit, reviewable, and reversible.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-pipeline-fix-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-rds-aurora-performance-investigator-agent",
+    "name": "AWS RDS Aurora Performance Investigator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-rds-aurora-performance-investigator. Investigate Amazon RDS and Aurora latency, connection exhaustion, slow queries, lock waits, replica lag, storage pressure, failover, Performance Insights, and database capacity risk.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/devopsagent/latest/userguide/about-aws-devops-agent-devops-agent-skills.html",
+      "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_BestPractices.html",
+      "https://docs.aws.amazon.com/prescriptive-guidance/latest/amazon-rds-monitoring-alerting/performance-insights-tools.html",
+      "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html"
+    ],
+    "security_notes": "Do not recommend resizing, failover, parameter changes, or index changes without evidence separating CPU, I/O, lock, query-plan, storage, connection, and application-driver causes.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-rds-aurora-performance-investigator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-resilience-bcdr-review-agent",
+    "name": "AWS Resilience BCDR Review",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-resilience-bcdr-review. Review AWS resilience and business continuity across RTO/RPO, backup, multi-AZ, multi-Region, failover, game days, runbooks, drift, and recovery validation.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/plan-for-disaster-recovery-dr.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_testing_resiliency_failure_injection_resiliency.html",
+      "https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html"
+    ],
+    "security_notes": "Do not accept backup configuration as recovery proof. Require restore tests, RTO/RPO evidence, drift controls, owner/runbook clarity, and blast-radius analysis.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-resilience-bcdr-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-s3-data-perimeter-governor-agent",
+    "name": "AWS S3 Data Perimeter Governor",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-s3-data-perimeter-governor. Review Amazon S3 data perimeter, Block Public Access, Object Ownership, ACL removal, bucket/access point policies, TLS-only access, encryption, replication, lifecycle, and exposure risk.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html",
+      "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html",
+      "https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html",
+      "https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-policy-actions.html"
+    ],
+    "security_notes": "Do not broaden S3 public or cross-account access. Prefer Block Public Access, disabled ACLs, scoped policies, TLS-only conditions, encryption, logging, and Access Analyzer validation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-s3-data-perimeter-governor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-security-posture-hardening-agent",
+    "name": "AWS Security Posture Hardening",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-security-posture-hardening. Harden AWS security posture across Security Hub CSPM, GuardDuty, Inspector, Macie, Config, IAM, logging, encryption, public exposure, and remediation workflow.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-v2-recommendations.html",
+      "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-controls-reference.html",
+      "https://docs.aws.amazon.com/securityhub/latest/userguide/enable-standards.html",
+      "https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html"
+    ],
+    "security_notes": "Do not treat a green dashboard as proof of security. Verify service coverage, Regions, delegated admin, Config recording, suppressions, public exposure, and remediation evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-security-posture-hardening-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-serverless-production-readiness-agent",
+    "name": "AWS Serverless Production Readiness",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-serverless-production-readiness. Review AWS Lambda and serverless workloads for IAM, concurrency, event sources, retries, DLQs, observability, secrets, performance, cost, and rollback readiness.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html",
+      "https://docs.aws.amazon.com/lambda/latest/operatorguide/monitoring-observability.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics.html"
+    ],
+    "security_notes": "Do not approve serverless workloads that lack least-privilege execution roles, retry/DLQ semantics, concurrency controls, observability, idempotency, and rollback evidence.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-serverless-production-readiness-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-serverless-rollout-corrector-agent",
+    "name": "AWS Serverless Rollout Corrector",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-serverless-rollout-corrector. Patch serverless deployment definitions, Lambda rollout settings, event wiring, and alias/version configuration in-repo while keeping live rollout actions out of scope by default.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html",
+      "https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html"
+    ],
+    "security_notes": "Can edit serverless rollout definitions in repo files only. Must not invoke live deploys, traffic shifts, or destructive remediation without separate explicit approval.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-serverless-rollout-corrector-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-solution-architect-agent",
+    "name": "AWS Solution Architect",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-solution-architect. Design and stress-test AWS solution architectures across identity, networking, compute, data, security, resilience, operations, and cost with Well-Architected evidence discipline.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/wellarchitected/latest/framework/definitions.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/framework/operational-excellence.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html"
+    ],
+    "security_notes": "Do not approve an AWS architecture without account-boundary, IAM, network exposure, data protection, observability, recovery, and cost evidence. Label unknowns instead of pretending the diagram is proof.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-solution-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "aws-ticket-triage-escalation-coordinator-agent",
+    "name": "AWS Ticket Triage Escalation Coordinator",
+    "type": "agent",
+    "provider": "aws",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for aws-ticket-triage-escalation-coordinator. Triage AWS operational tickets, alerts, and requests into priority, owner, evidence needs, and safe escalation paths without taking destructive actions.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter-working-with-OpsItems.html",
+      "https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html",
+      "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html",
+      "https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/prepare.html"
+    ],
+    "security_notes": "Do not mutate infrastructure, suppress alerts, or close issues without evidence and approval. This role classifies, routes, and escalates; it does not perform destructive remediation.",
+    "last_verified": "2026-04-29",
+    "path": "agents/aws/aws-ticket-triage-escalation-coordinator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-ai-foundry-ops-governor-agent",
+    "name": "Azure AI Foundry Ops Governor",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-ai-foundry-ops-governor. Govern Microsoft Foundry and Azure AI Foundry operations across resource-versus-project boundaries, RBAC, quotas, network isolation, logging, and safe MCP-backed execution.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/foundry/concepts/architecture",
+      "https://learn.microsoft.com/en-us/azure/foundry/concepts/rbac-foundry",
+      "https://learn.microsoft.com/en-us/azure/foundry/concepts/planning",
+      "https://learn.microsoft.com/en-us/azure/foundry/mcp/security-best-practices?view=foundry",
+      "https://learn.microsoft.com/en-us/azure/foundry/how-to/configure-private-link",
+      "https://learn.microsoft.com/en-us/azure/foundry/how-to/managed-virtual-network",
+      "https://learn.microsoft.com/en-us/azure/foundry/how-to/quota",
+      "https://learn.microsoft.com/en-us/azure/foundry/foundry-models/quotas-limits",
+      "https://learn.microsoft.com/en-us/azure/foundry/foundry-models/how-to/monitor-models",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Keep Foundry resource governance separate from project developer isolation, prefer Entra ID over key-based auth, verify quota and diagnostics before rollout, and treat MCP mutations as higher risk than read-only discovery, especially because hosted Foundry MCP security guidance documents preview and public-endpoint limitations. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-ai-foundry-ops-governor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-aks-platform-operator-agent",
+    "name": "Azure AKS Platform Operator",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-aks-platform-operator. Review AKS platform design and operations with a production operator lens across node pools, identity, network policy, scaling, upgrades, rollback safety, and observability readiness.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-kubernetes",
+      "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks",
+      "https://learn.microsoft.com/en-us/azure/aks/upgrade-options",
+      "https://learn.microsoft.com/en-us/azure/aks/upgrade-conceptual",
+      "https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview",
+      "https://learn.microsoft.com/en-us/azure/aks/network-policy-best-practices",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not wave through AKS as production ready without explicit upgrade, rollback, workload identity, traffic-control, subnet-capacity, and observability evidence. Treat flat pod networking, static secrets, and untested drain behavior as high-risk. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-aks-platform-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-app-service-production-readiness-agent",
+    "name": "Azure App Service Production Readiness",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-app-service-production-readiness. Review Azure App Service and Web Apps for production readiness across plan fit, slots, networking, private ingress, identities, secrets, scaling, diagnostics, resilience, backup, rollback, and operator ownership with explicit evidence-versus-inference handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/app-service-web-apps",
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-best-practices",
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots",
+      "https://learn.microsoft.com/en-us/azure/app-service/app-service-best-practices",
+      "https://learn.microsoft.com/en-us/azure/app-service/manage-scale-up",
+      "https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-enable",
+      "https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-routing",
+      "https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint",
+      "https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions",
+      "https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references",
+      "https://learn.microsoft.com/en-us/azure/app-service/monitor-instances-health-check",
+      "https://learn.microsoft.com/en-us/azure/app-service/manage-backup",
+      "https://learn.microsoft.com/en-us/azure/app-service/configure-zone-redundancy",
+      "https://learn.microsoft.com/en-us/azure/reliability/reliability-app-service",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-app-service",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not confuse plan SKU with readiness, public access restrictions with true private ingress, or backup configuration with recovery readiness. Prefer managed identity and Key Vault references over embedded secrets, treat app settings as sensitive, and do not invent unsupported Azure MCP namespaces or operations. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-app-service-production-readiness-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-cosmosdb-application-developer-agent",
+    "name": "Azure Cosmos DB Application Developer",
+    "version": "0.2.0",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-cosmosdb-application-developer. Guide Azure Cosmos DB application development across NoSQL data modeling, partition-aware access patterns, point reads, query shape, SDK usage, transactional batch scope, and consistency-aware application behavior with explicit evidence-versus-inference handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/partitioning",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/modeling-data",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-consistency",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
+      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/transactional-batch",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/find-request-unit-charge"
+    ],
+    "security_notes": "Do not recommend data models, query patterns, transactional assumptions, or SDK usage that ignore partition scope, RU cost, consistency semantics, or least-privilege access boundaries. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-cosmosdb-application-developer-agent",
+    "author": "github: Raishin"
+  },
+  {
+    "id": "azure-cosmosdb-performance-investigator-agent",
+    "name": "Azure Cosmos DB Performance Investigator",
+    "version": "0.2.0",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-cosmosdb-performance-investigator. Investigate Azure Cosmos DB query latency, RU inefficiency, throttling, hot partitions, indexing gaps, and workload-level performance pathologies using explicit evidence, metrics, and step-by-step profiling discipline.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/troubleshoot-query-performance",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/index-metrics",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/use-metrics",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-redistribute-throughput-across-partitions",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/performance-tips-dotnet-sdk-v3",
+      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db"
+    ],
+    "security_notes": "Do not recommend throughput increases, repartitioning, indexing changes, or SDK tuning before separating RU cost, latency, partition skew, and query-shape evidence. Avoid speculative fixes that hide workload design defects. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-cosmosdb-performance-investigator-agent",
+    "author": "github: Raishin"
+  },
+  {
+    "id": "azure-cosmosdb-platform-operator-agent",
+    "name": "Azure Cosmos DB Platform Operator",
+    "version": "0.2.0",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-cosmosdb-platform-operator. Review and operate Azure Cosmos DB platform posture across accounts, databases, containers, partitioning, throughput, consistency, indexing, throttling, multi-region tradeoffs, and operational guardrails with explicit evidence-versus-inference handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/partitioning",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/modeling-data",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-consistency",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/query-metrics",
+      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/cosmos-db",
+      "https://learn.microsoft.com/en-us/azure/cosmos-db/hierarchical-partition-keys"
+    ],
+    "security_notes": "Do not approve a partition key, indexing posture, consistency change, or cross-partition query strategy without checking workload shape, RU impact, transactional scope, and least-privilege access implications. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-cosmosdb-platform-operator-agent",
+    "author": "github: Raishin"
+  },
+  {
+    "id": "azure-cost-estimation-review-agent",
+    "name": "Azure Cost Estimation Review",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-cost-estimation-review. Review Azure cost estimates for pricing-calculator assumptions, SKU and region realism, production versus nonproduction sizing, omission risk, and explicit uncertainty labeling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/plan-manage-costs",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/pricing-calculator",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/savings-plan/manage-savings-plan",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-pricing",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not present calculator output as invoice truth, do not hide missing sizing assumptions, and do not imply unsupported Azure MCP pricing or billing capabilities. Treat negotiated pricing, discount posture, and future utilization as explicit uncertainty unless verified. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-cost-estimation-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-cost-optimization-governor-agent",
+    "name": "Azure Cost Optimization Governor",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-cost-optimization-governor. Review Azure FinOps and spend-governance posture across budgets, alerts, cost analysis visibility, tagging, exports, and reservation or savings-plan awareness with explicit ownership and evidence handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/plan-manage-costs",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-create-budgets",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/reporting-get-started",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-improved-exports",
+      "https://learn.microsoft.com/en-us/azure/advisor/advisor-reference-cost-recommendations",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-pricing",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-advisor",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not promise savings without utilization evidence, treat budgets as alerts rather than enforcement, keep billing and export data sanitized, and require named ownership for alerts, tags, exports, and optimization follow-up before calling the FinOps posture credible. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-cost-optimization-governor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-entra-id-specialist-agent",
+    "name": "Azure Entra ID Specialist",
+    "version": "0.2.0",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-entra-id-specialist. Review and guide Microsoft Entra ID tenant posture across conditional access, authentication methods, MFA and SSPR registration, identity protection, workload identities, app registrations, external identities, governance boundaries, and least-privilege identity operations with explicit evidence-versus-inference handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/entra/fundamentals/what-is-entra",
+      "https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure",
+      "https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-all-users-security-info-registration",
+      "https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-users-groups",
+      "https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview",
+      "https://learn.microsoft.com/en-us/entra/id-protection/concept-workload-identity-risk"
+    ],
+    "security_notes": "Do not recommend broad exclusions, unsafe break-glass patterns, blanket MFA bypasses, overprivileged app registrations, or risky Conditional Access changes without scoping blast radius, role ownership, and recovery paths. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-entra-id-specialist-agent",
+    "author": "github: Raishin"
+  },
+  {
+    "id": "azure-governance-policy-guardrails-agent",
+    "name": "Azure Governance Policy Guardrails",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-governance-policy-guardrails. Design and review Azure Policy guardrails, initiatives, assignment scope, exclusions, remediation risk, and staged governance rollout patterns.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/tailoring-alz",
+      "https://learn.microsoft.com/en-us/azure/governance/policy/overview",
+      "https://learn.microsoft.com/en-us/azure/governance/policy/concepts/initiative-definition-structure",
+      "https://learn.microsoft.com/en-us/azure/governance/policy/assign-policy-portal",
+      "https://learn.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources",
+      "https://learn.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/migrate-azure-landing-zone-policies",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-policy",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend broad-scope deny or remediation-first rollout without blast-radius review, inheritance analysis, exception handling, and rollback notes. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-governance-policy-guardrails-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-identity-governance-review-agent",
+    "name": "Azure Identity Governance Review",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-identity-governance-review. Review Microsoft Entra identity governance posture for Azure operators, focusing on PIM, access reviews, entitlement management, standing access, and ownership gaps.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones",
+      "https://learn.microsoft.com/en-us/azure/active-directory/roles/best-practices",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles",
+      "https://learn.microsoft.com/en-us/entra/id-governance/access-reviews-overview",
+      "https://learn.microsoft.com/en-us/entra/id-governance/manage-access-review",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review",
+      "https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-overview",
+      "https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-reviews-create",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Challenge standing privileged access by default. Do not treat PIM, access reviews, or entitlement management as sufficient unless scope, ownership, cadence, and removal behavior are explicit. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-identity-governance-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-key-vault-secret-lifecycle-auditor-agent",
+    "name": "Azure Key Vault Secret Lifecycle Auditor",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-key-vault-secret-lifecycle-auditor. Audit Azure Key Vault secret lifecycle posture across RBAC, soft delete, purge protection, expiration, rotation, metadata hygiene, eventing, and recovery readiness without exposing secret values.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-key-vault",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/services/azure-mcp-server-for-key-vault",
+      "https://learn.microsoft.com/en-us/azure/key-vault/secrets/secure-secrets",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/autorotation",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery",
+      "https://learn.microsoft.com/en-us/azure/key-vault/policy-reference",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Avoid retrieving secret values unless absolutely necessary. Treat purge authority, missing soft delete, missing purge protection, and unproven rotation or recovery paths as high-risk. Prefer RBAC least privilege and metadata-based audits over content access. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-key-vault-secret-lifecycle-auditor-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-landing-zone-architect-agent",
+    "name": "Azure Landing Zone Architect",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-landing-zone-architect. Design or review Azure landing-zone architecture across management groups, subscriptions, governance, security, networking, and operations dependencies.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access",
+      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
+      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/security",
+      "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/implementation-options",
       "https://learn.microsoft.com/azure/architecture/networking/architecture/hub-spoke",
       "https://learn.microsoft.com/azure/developer/azure-mcp-server/tools/",
       "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
       "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
       "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
     ],
-    "security_notes": "Do not prescribe a one-size-fits-all hierarchy, broad admin grants, or a production-ready verdict without governance, management, and recovery dependencies being addressed. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-landing-zone-architect-agent",
+    "security_notes": "Do not prescribe a one-size-fits-all hierarchy, broad admin grants, or a production-ready verdict without governance, management, and recovery dependencies being addressed. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-landing-zone-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-migrate-landing-zone-cutover-agent",
+    "name": "Azure Migrate Landing Zone Cutover",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-migrate-landing-zone-cutover. Stress-test Azure migration cutovers across assessment quality, landing-zone readiness, dependency sequencing, permissions, rollback, and post-cutover operating ownership.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/migrate/concepts-overview?view=migrate",
+      "https://learn.microsoft.com/en-us/azure/migrate/assessment-prerequisites?view=migrate",
+      "https://learn.microsoft.com/en-us/azure/migrate/review-application-assessment?view=migrate",
+      "https://learn.microsoft.com/en-us/azure/migrate/platform-landing-zone?view=migrate",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/ready-azure-landing-zone",
+      "https://learn.microsoft.com/en-us/azure/migrate/whats-new?view=migrate",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not equate Azure readiness with cutover readiness. Treat stale assessments, weak dependency mapping, broad migration permissions, missing rollback checkpoints, and incomplete landing-zone connectivity or monitoring as high-risk blockers. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-migrate-landing-zone-cutover-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-network-topology-review-agent",
+    "name": "Azure Network Topology Review",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-network-topology-review. Review Azure hub-spoke and related network topologies for routing, DNS, shared-services boundaries, security implications, and platform-versus-workload control ownership.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/en-us/azure/architecture/networking/architecture/hub-spoke",
+      "https://learn.microsoft.com/en-us/azure/architecture/networking/guide/private-link-hub-spoke-network",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend flat or over-centralized network patterns by default. Always address routing, DNS, shared-service blast radius, and platform-versus-workload control boundaries before calling a topology safe. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-network-topology-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-observability-investigator-agent",
+    "name": "Azure Observability Investigator",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-observability-investigator. Investigate Azure Monitor, Log Analytics, Application Insights, alerting, KQL triage, telemetry gaps, and observability workflows with explicit evidence-versus-inference handling.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/overview",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-analysis",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview",
+      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/application-insights",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/visualize-grafana-overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/monitor",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-monitor",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not over-attribute symptoms as root cause, ignore missing telemetry, or recommend broad alerting changes without signal-quality review, routing checks, and bounded verification steps. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-observability-investigator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-platform-automation-devops-agent",
+    "name": "Azure Platform Automation DevOps",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-platform-automation-devops. Design and review Azure platform automation delivery across landing-zone IaC choices, bootstrap-versus-run separation, infra-versus-app pipelines, secret handling, validation gates, and safe rollout patterns.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/implementation-options",
+      "https://learn.microsoft.com/en-us/azure/architecture/landing-zones/bicep/landing-zone-bicep",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/terraform-landing-zone",
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-best-practices",
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots?view=azure-devops-2020",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-deploy",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-mcp-server",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Keep bootstrap and steady-state delivery separate, do not mix platform and application pipelines without control boundaries, never store secrets in repo or pipeline definitions, and require preview, validation, approval, and rollback paths before production-impacting Azure changes. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-platform-automation-devops-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-private-endpoint-adoption-planner-agent",
+    "name": "Azure Private Endpoint Adoption Planner",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-private-endpoint-adoption-planner. Plan Azure Private Link and private endpoint adoption with explicit hub-versus-spoke placement, private DNS zone linkage, route implications, and centralized-versus-local trade-offs.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/en-us/azure/architecture/guide/networking/private-link-hub-spoke-network",
+      "https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration",
+      "https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns",
+      "https://learn.microsoft.com/en-us/azure/dns/private-dns-privatednszone",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend private endpoint placement without naming consumer networks, DNS-zone ownership, VNet links, route implications, and rollback checks. Challenge both over-centralized hub designs and uncontrolled per-spoke duplication. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-private-endpoint-adoption-planner-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-rbac-review-agent",
+    "name": "Azure RBAC Review",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-rbac-review. Review Azure role assignments, custom roles, and scope choices for least privilege and operational safety.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/overview",
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend Owner or User Access Administrator unless justified. Prefer narrow scopes and built-in roles before custom broad grants. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-rbac-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-resilience-bcdr-review-agent",
+    "name": "Azure Resilience BCDR Review",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-resilience-bcdr-review. Review Azure resilience and disaster-recovery posture for RTO/RPO realism, failover and failback assumptions, shared-responsibility gaps, and recovery runbook or drill quality.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/well-architected/reliability/principles",
+      "https://learn.microsoft.com/en-us/azure/well-architected/reliability/disaster-recovery",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/overview",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview",
+      "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview",
+      "https://learn.microsoft.com/en-us/azure/service-health/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not accept zero-downtime or zero-data-loss claims without explicit architecture and test evidence. Separate Azure platform resilience from workload recovery obligations, and treat untested runbooks, undocumented failback, and single-region dependencies as material risks. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-resilience-bcdr-review-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-resource-health-incident-triage-agent",
+    "name": "Azure Resource Health Incident Triage",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-resource-health-incident-triage. Triage Azure Resource Health, Service Health, activity-log alerts, and first-pass cloud-health incidents with explicit separation between provider incidents, tenant-side changes, and unresolved evidence.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview",
+      "https://learn.microsoft.com/en-us/azure/service-health/",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log",
+      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-activity-log-alert-rule",
+      "https://learn.microsoft.com/en-us/azure/service-health/service-health-alert-overview",
+      "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-resource-health",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-monitor",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not over-attribute platform health signals as root cause, ignore recent tenant-side changes, invent unsupported MCP tools, or recommend broad remediation before blast radius and evidence are clear. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-resource-health-incident-triage-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-role-selector-agent",
+    "name": "Azure Role Selector",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-role-selector. Select the narrowest Azure built-in role, custom-role fallback, and assignment scope for a requested access pattern while separating control-plane and data-plane permissions.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/overview",
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices",
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles",
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Prefer built-in roles before custom roles, minimize assignment scope, and keep control-plane and data-plane permissions separate. Do not default to Owner or Contributor for routine access requests. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-role-selector-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-security-posture-hardening-agent",
+    "name": "Azure Security Posture Hardening",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-security-posture-hardening. Review Azure security posture with least privilege, managed identities, Key Vault hardening, private access decisions, policy guardrails, and audit-ready logging expectations.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns",
+      "https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/how-to-azure-key-vault-network-security",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/howto-logging",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/services/azure-mcp-server-for-key-vault",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend broad admin roles, stored secrets, or public exposure by default. Prefer managed identities, scoped RBAC, policy-enforced controls, private access where justified, and verified logging coverage. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-security-posture-hardening-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "azure-subscription-resource-organization-agent",
+    "name": "Azure Subscription Resource Organization",
+    "type": "agent",
+    "provider": "azure",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for azure-subscription-resource-organization. Design and review Azure management-group, subscription, and resource-group boundaries with explicit governance, ownership, and landing-zone operating-model consequences.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups",
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/subscription",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/resource-group",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+    ],
+    "security_notes": "Do not recommend flat hierarchies, fake isolation via resource groups, or subscription moves without proving governance, ownership, policy inheritance, and operational blast-radius implications. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
+    "last_verified": "2026-04-28",
+    "path": "agents/azure/azure-subscription-resource-organization-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-autonomous-database-architect-agent",
+    "name": "OCI Autonomous Database Architect",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-autonomous-database-architect. OCI Architect and operate Autonomous Database and Autonomous AI Database across serverless, dedicated Exadata, Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS contexts.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-autonomous-database-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-migrate-landing-zone-cutover-agent",
-    "name": "Azure Migrate Landing Zone Cutover",
+    "id": "oci-cloud-guard-responder-agent",
+    "name": "OCI Cloud Guard Responder",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -457,30 +1995,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-migrate-landing-zone-cutover. Stress-test Azure migration cutovers across assessment quality, landing-zone readiness, dependency sequencing, permissions, rollback, and post-cutover operating ownership.",
+    "summary": "Agent for oci-cloud-guard-responder. Triage and govern OCI Cloud Guard problems, targets, responder recipes, detector findings, and security remediation safely.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/migrate/concepts-overview?view=migrate",
-      "https://learn.microsoft.com/en-us/azure/migrate/assessment-prerequisites?view=migrate",
-      "https://learn.microsoft.com/en-us/azure/migrate/review-application-assessment?view=migrate",
-      "https://learn.microsoft.com/en-us/azure/migrate/platform-landing-zone?view=migrate",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/ready-azure-landing-zone",
-      "https://learn.microsoft.com/en-us/azure/migrate/whats-new?view=migrate",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not equate Azure readiness with cutover readiness. Treat stale assessments, weak dependency mapping, broad migration permissions, missing rollback checkpoints, and incomplete landing-zone connectivity or monitoring as high-risk blockers. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-migrate-landing-zone-cutover-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-cloud-guard-responder-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-network-topology-review-agent",
-    "name": "Azure Network Topology Review",
+    "id": "oci-compute-instance-agent-operator-agent",
+    "name": "OCI Compute Instance Agent Operator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -489,27 +2020,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-network-topology-review. Review Azure hub-spoke and related network topologies for routing, DNS, shared-services boundaries, security implications, and platform-versus-workload control ownership.",
+    "summary": "Agent for oci-compute-instance-agent-operator. Operate OCI Compute Instance Agent commands and executions safely for diagnostics, automation, and remediation.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/en-us/azure/architecture/networking/architecture/hub-spoke",
-      "https://learn.microsoft.com/en-us/azure/architecture/networking/guide/private-link-hub-spoke-network",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not recommend flat or over-centralized network patterns by default. Always address routing, DNS, shared-service blast radius, and platform-versus-workload control boundaries before calling a topology safe. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-network-topology-review-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-compute-instance-agent-operator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-observability-investigator-agent",
-    "name": "Azure Observability Investigator",
+    "id": "oci-compute-platform-operator-agent",
+    "name": "OCI Compute Platform Operator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -518,38 +2045,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-observability-investigator. Investigate Azure Monitor, Log Analytics, Application Insights, alerting, KQL triage, telemetry gaps, and observability workflows with explicit evidence-versus-inference handling.",
+    "summary": "Agent for oci-compute-platform-operator. Operate OCI Compute instances and platform capacity safely with compartment/region confirmation, instance lifecycle guardrails, least-privilege IAM checks, MCP/CLI discovery, and rollback-aware change plans.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/overview",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/best-practices-analysis",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-processing-rules",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/workspace-design",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/get-started-queries",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview",
-      "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/application-insights",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/visualize-grafana-overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/monitor",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-monitor",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not over-attribute symptoms as root cause, ignore missing telemetry, or recommend broad alerting changes without signal-quality review, routing checks, and bounded verification steps. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-observability-investigator-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-compute-platform-operator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-platform-automation-devops-agent",
-    "name": "Azure Platform Automation DevOps",
+    "id": "oci-cost-finops-analyst-agent",
+    "name": "OCI Cost Finops Analyst",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -558,33 +2070,148 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-platform-automation-devops. Design and review Azure platform automation delivery across landing-zone IaC choices, bootstrap-versus-run separation, infra-versus-app pipelines, secret handling, validation gates, and safe rollout patterns.",
+    "summary": "Agent for oci-cost-finops-analyst. Analyze Oracle Cloud Infrastructure cost, usage, budgets, tagging, rightsizing, commitment coverage, and FinOps governance.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/implementation-options",
-      "https://learn.microsoft.com/en-us/azure/architecture/landing-zones/bicep/landing-zone-bicep",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/terraform-landing-zone",
-      "https://learn.microsoft.com/en-us/azure/app-service/deploy-best-practices",
-      "https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots?view=azure-devops-2020",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-deploy",
-      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-mcp-server",
-      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Keep bootstrap and steady-state delivery separate, do not mix platform and application pipelines without control boundaries, never store secrets in repo or pipeline definitions, and require preview, validation, approval, and rollback paths before production-impacting Azure changes. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-platform-automation-devops-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-cost-finops-analyst-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-private-endpoint-adoption-planner-agent",
-    "name": "Azure Private Endpoint Adoption Planner",
+    "id": "oci-database-platform-dba-agent",
+    "name": "OCI Database Platform Dba",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-database-platform-dba. Operate as a ruthless OCI database platform DBA for DB systems, Autonomous Database, Exadata, backups, patching, performance triage, capacity, and IAM-scoped database operations.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-database-platform-dba-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-dbtools-sql-analyst-agent",
+    "name": "OCI Dbtools Sql Analyst",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-dbtools-sql-analyst. Use OCI Database Tools and database documentation safely for SQL inspection, report definitions, table metadata, and controlled query execution.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-dbtools-sql-analyst-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-devops-container-platform-engineer-agent",
+    "name": "OCI Devops Container Platform Engineer",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-devops-container-platform-engineer. Engineer and review Oracle Cloud Infrastructure DevOps, OKE, OCIR, build/deploy pipelines, Kubernetes platform, and container runtime workflows.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-devops-container-platform-engineer-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-exadata-platform-architect-agent",
+    "name": "OCI Exadata Platform Architect",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-exadata-platform-architect. OCI Design and operate Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-exadata-platform-architect-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-fusion-apps-environment-operator-agent",
+    "name": "OCI Fusion Apps Environment Operator",
+    "type": "agent",
+    "provider": "oci",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Agent for oci-fusion-apps-environment-operator. OCI Review Fusion Apps as a Service environment families, environments, lifecycle status, availability, and operational readiness.",
+    "source_type": "adapted",
+    "official_docs": [
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
+    ],
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-fusion-apps-environment-operator-agent",
+    "author": "github: Raishin",
+    "version": "0.2.0"
+  },
+  {
+    "id": "oci-goldengate-replication-operator-agent",
+    "name": "OCI Goldengate Replication Operator",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -593,30 +2220,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-private-endpoint-adoption-planner. Plan Azure Private Link and private endpoint adoption with explicit hub-versus-spoke placement, private DNS zone linkage, route implications, and centralized-versus-local trade-offs.",
+    "summary": "Agent for oci-goldengate-replication-operator. OCI Operate and review Oracle GoldenGate domains, connections, extracts, replicats, checkpoint tables, trails, distribution paths, and replication health.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/en-us/azure/architecture/guide/networking/private-link-hub-spoke-network",
-      "https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns-integration",
-      "https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns",
-      "https://learn.microsoft.com/en-us/azure/dns/private-dns-privatednszone",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/private-link-design",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not recommend private endpoint placement without naming consumer networks, DNS-zone ownership, VNet links, route implications, and rollback checks. Challenge both over-centralized hub designs and uncontrolled per-spoke duplication. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-private-endpoint-adoption-planner-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-goldengate-replication-operator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-rbac-review-agent",
-    "name": "Azure RBAC Review",
+    "id": "oci-identity-access-governor-agent",
+    "name": "OCI Identity Access Governor",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -625,26 +2245,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-rbac-review. Review Azure role assignments, custom roles, and scope choices for least privilege and operational safety.",
+    "summary": "Agent for oci-identity-access-governor. Govern OCI Identity and Access Management with least-privilege policy review, compartment scoping, group/dynamic-group analysis, and safe access-change workflows.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/overview",
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not recommend Owner or User Access Administrator unless justified. Prefer narrow scopes and built-in roles before custom broad grants. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-rbac-review-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-identity-access-governor-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-resilience-bcdr-review-agent",
-    "name": "Azure Resilience BCDR Review",
+    "id": "oci-iot-digital-twin-engineer-agent",
+    "name": "OCI IOT Digital Twin Engineer",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -653,31 +2270,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-resilience-bcdr-review. Review Azure resilience and disaster-recovery posture for RTO/RPO realism, failover and failback assumptions, shared-responsibility gaps, and recovery runbook or drill quality.",
+    "summary": "Agent for oci-iot-digital-twin-engineer. Design and operate OCI IoT digital twin adapters, models, instances, relationships, and domain context.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/well-architected/reliability/principles",
-      "https://learn.microsoft.com/en-us/azure/well-architected/reliability/disaster-recovery",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/overview",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview",
-      "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview",
-      "https://learn.microsoft.com/en-us/azure/service-health/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not accept zero-downtime or zero-data-loss claims without explicit architecture and test evidence. Separate Azure platform resilience from workload recovery obligations, and treat untested runbooks, undocumented failback, and single-region dependencies as material risks. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-resilience-bcdr-review-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-iot-digital-twin-engineer-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-resource-health-incident-triage-agent",
-    "name": "Azure Resource Health Incident Triage",
+    "id": "oci-limits-capacity-planner-agent",
+    "name": "OCI Limits Capacity Planner",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -686,32 +2295,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-resource-health-incident-triage. Triage Azure Resource Health, Service Health, activity-log alerts, and first-pass cloud-health incidents with explicit separation between provider incidents, tenant-side changes, and unresolved evidence.",
+    "summary": "Agent for oci-limits-capacity-planner. Review OCI service limits, quotas, capacity availability, regional subscriptions, and growth risk. Use before deployments, migrations, DR expansion, shape changes, OKE scaling, database scaling, or quota increase requests.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview",
-      "https://learn.microsoft.com/en-us/azure/service-health/",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log",
-      "https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-activity-log-alert-rule",
-      "https://learn.microsoft.com/en-us/azure/service-health/service-health-alert-overview",
-      "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-resource-health",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/azure-monitor",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not over-attribute platform health signals as root cause, ignore recent tenant-side changes, invent unsupported MCP tools, or recommend broad remediation before blast radius and evidence are clear. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-resource-health-incident-triage-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-limits-capacity-planner-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-role-selector-agent",
-    "name": "Azure Role Selector",
+    "id": "oci-load-balancer-traffic-engineer-agent",
+    "name": "OCI Load Balancer Traffic Engineer",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -720,28 +2320,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-role-selector. Select the narrowest Azure built-in role, custom-role fallback, and assignment scope for a requested access pattern while separating control-plane and data-plane permissions.",
+    "summary": "Agent for oci-load-balancer-traffic-engineer. Design, review, and troubleshoot OCI Load Balancer and Network Load Balancer traffic paths, listeners, backend sets, certificates, health checks, logging, and failover.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/overview",
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices",
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles",
-      "https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Prefer built-in roles before custom roles, minimize assignment scope, and keep control-plane and data-plane permissions separate. Do not default to Owner or Contributor for routine access requests. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-role-selector-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-load-balancer-traffic-engineer-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-security-posture-hardening-agent",
-    "name": "Azure Security Posture Hardening",
+    "id": "oci-migration-cutover-architect-agent",
+    "name": "OCI Migration Cutover Architect",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -750,34 +2345,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-security-posture-hardening. Review Azure security posture with least privilege, managed identities, Key Vault hardening, private access decisions, policy guardrails, and audit-ready logging expectations.",
+    "summary": "Agent for oci-migration-cutover-architect. Plan OCI migrations and cutovers with Cloud Migrations, dependency discovery, waves, rollback, DNS, data sync, validation, and support readiness.",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/security",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns",
-      "https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/how-to-azure-key-vault-network-security",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/howto-logging",
-      "https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/services/azure-mcp-server-for-key-vault",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not recommend broad admin roles, stored secrets, or public exposure by default. Prefer managed identities, scoped RBAC, policy-enforced controls, private access where justified, and verified logging coverage. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-security-posture-hardening-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-migration-cutover-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "azure-subscription-resource-organization-agent",
-    "name": "Azure Subscription Resource Organization",
+    "id": "oci-multi-cloud-architect-agent",
+    "name": "OCI Multi Cloud Architect",
     "type": "agent",
-    "provider": "azure",
+    "provider": "oci",
     "harnesses": [
       "codex",
       "copilot",
@@ -786,29 +2370,21 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for azure-subscription-resource-organization. Design and review Azure management-group, subscription, and resource-group boundaries with explicit governance, ownership, and landing-zone operating-model consequences.",
+    "summary": "Agent for oci-multi-cloud-architect. Design and review OCI multi-cloud architectures connecting Oracle Cloud Infrastructure with AWS, Azure, Google Cloud, on-premises, or SaaS through VPN, FastConnect, Direct Connect, ExpressRoute, Cloud Interconnect, identity federation, DNS, routing, security,",
     "source_type": "adapted",
     "official_docs": [
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups",
-      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/governance",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/subscription",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/resource-group",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
-      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
+      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
+      "https://www.oracle.com/cloud/"
     ],
-    "security_notes": "Do not recommend flat hierarchies, fake isolation via resource groups, or subscription moves without proving governance, ownership, policy inheritance, and operational blast-radius implications. Prefer read-only discovery first and explicit approval before mutations or secret-bearing operations.",
-    "last_verified": "2026-04-28",
-    "path": "agents/azure/azure-subscription-resource-organization-agent",
+    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "last_verified": "2026-04-27",
+    "path": "agents/oci/oci-multi-cloud-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-autonomous-database-architect-agent",
-    "name": "OCI Autonomous Database Architect",
+    "id": "oci-mysql-heatwave-ai-specialist-agent",
+    "name": "OCI Mysql Heatwave Ai Specialist",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -819,7 +2395,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-autonomous-database-architect. OCI Architect and operate Autonomous Database and Autonomous AI Database across serverless, dedicated Exadata, Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS contexts.",
+    "summary": "Agent for oci-mysql-heatwave-ai-specialist. OCI Operate and review MySQL HeatWave, MySQL AI, vector/RAG workflows, connection configs, object storage ingestion, and SQL safety.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -827,13 +2403,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-autonomous-database-architect-agent",
+    "path": "agents/oci/oci-mysql-heatwave-ai-specialist-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-cloud-guard-responder-agent",
-    "name": "OCI Cloud Guard Responder",
+    "id": "oci-network-architect-agent",
+    "name": "OCI Network Architect",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -844,7 +2420,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-cloud-guard-responder. Triage and govern OCI Cloud Guard problems, targets, responder recipes, detector findings, and security remediation safely.",
+    "summary": "Agent for oci-network-architect. Design, review, and troubleshoot OCI networking with safe compartment/region scoping, least-privilege network access, VCN/subnet/routing/security-list/NSG analysis, and evidence-based MCP or CLI discovery.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -852,13 +2428,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-cloud-guard-responder-agent",
+    "path": "agents/oci/oci-network-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-compute-instance-agent-operator-agent",
-    "name": "OCI Compute Instance Agent Operator",
+    "id": "oci-observability-incident-responder-agent",
+    "name": "OCI Observability Incident Responder",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -869,7 +2445,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-compute-instance-agent-operator. Operate OCI Compute Instance Agent commands and executions safely for diagnostics, automation, and remediation.",
+    "summary": "Agent for oci-observability-incident-responder. Operate as a ruthless OCI observability and incident responder for Monitoring alarms, Logging, Events, Notifications, service health, metrics, runbooks, and IAM-scoped incident response.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -877,13 +2453,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-compute-instance-agent-operator-agent",
+    "path": "agents/oci/oci-observability-incident-responder-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-compute-platform-operator-agent",
-    "name": "OCI Compute Platform Operator",
+    "id": "oci-recovery-service-operator-agent",
+    "name": "OCI Recovery Service Operator",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -894,7 +2470,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-compute-platform-operator. Operate OCI Compute instances and platform capacity safely with compartment/region confirmation, instance lifecycle guardrails, least-privilege IAM checks, MCP/CLI discovery, and rollback-aware change plans.",
+    "summary": "Agent for oci-recovery-service-operator. Operate OCI Recovery Service protected databases, protection policies, recovery service subnets, backup health, redo status, and recovery metrics.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -902,13 +2478,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-compute-platform-operator-agent",
+    "path": "agents/oci/oci-recovery-service-operator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-cost-finops-analyst-agent",
-    "name": "OCI Cost Finops Analyst",
+    "id": "oci-registry-artifact-governor-agent",
+    "name": "OCI Registry Artifact Governor",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -919,7 +2495,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-cost-finops-analyst. Analyze Oracle Cloud Infrastructure cost, usage, budgets, tagging, rightsizing, commitment coverage, and FinOps governance.",
+    "summary": "Agent for oci-registry-artifact-governor. Govern OCI Registry repositories, container images, artifact access, retention, promotion, and deployment safety.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -927,13 +2503,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-cost-finops-analyst-agent",
+    "path": "agents/oci/oci-registry-artifact-governor-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-database-platform-dba-agent",
-    "name": "OCI Database Platform Dba",
+    "id": "oci-resource-search-inventory-analyst-agent",
+    "name": "OCI Resource Search Inventory Analyst",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -944,7 +2520,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-database-platform-dba. Operate as a ruthless OCI database platform DBA for DB systems, Autonomous Database, Exadata, backups, patching, performance triage, capacity, and IAM-scoped database operations.",
+    "summary": "Agent for oci-resource-search-inventory-analyst. Build OCI resource inventories and dependency maps using Resource Search, compartments, tags, and cross-service discovery.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -952,13 +2528,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-database-platform-dba-agent",
+    "path": "agents/oci/oci-resource-search-inventory-analyst-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-dbtools-sql-analyst-agent",
-    "name": "OCI Dbtools Sql Analyst",
+    "id": "oci-security-compliance-reviewer-agent",
+    "name": "OCI Security Compliance Reviewer",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -969,7 +2545,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-dbtools-sql-analyst. Use OCI Database Tools and database documentation safely for SQL inspection, report definitions, table metadata, and controlled query execution.",
+    "summary": "Agent for oci-security-compliance-reviewer. Review Oracle Cloud Infrastructure security, IAM, network, logging, encryption, and compliance posture.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -977,13 +2553,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-dbtools-sql-analyst-agent",
+    "path": "agents/oci/oci-security-compliance-reviewer-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-devops-container-platform-engineer-agent",
-    "name": "OCI Devops Container Platform Engineer",
+    "id": "oci-solution-architect-agent",
+    "name": "OCI Solution Architect",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -994,7 +2570,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-devops-container-platform-engineer. Engineer and review Oracle Cloud Infrastructure DevOps, OKE, OCIR, build/deploy pipelines, Kubernetes platform, and container runtime workflows.",
+    "summary": "Agent for oci-solution-architect. Design, review, and stress-test Oracle Cloud Infrastructure solution architectures across identity, compartments, networking, compute, database, storage, observability, security, reliability, cost, and operations.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -1002,13 +2578,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-devops-container-platform-engineer-agent",
+    "path": "agents/oci/oci-solution-architect-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-exadata-platform-architect-agent",
-    "name": "OCI Exadata Platform Architect",
+    "id": "oci-storage-backup-steward-agent",
+    "name": "OCI Storage Backup Steward",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1019,7 +2595,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-exadata-platform-architect. OCI Design and operate Exadata Database Service across OCI Dedicated Infrastructure, Exadata Cloud@Customer, Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS.",
+    "summary": "Agent for oci-storage-backup-steward. Operate as a ruthless OCI storage and backup steward for Object Storage, Block Volume, File Storage, backup policies, retention, replication, lifecycle rules, restore readiness, and IAM-scoped storage operations.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -1027,13 +2603,13 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-exadata-platform-architect-agent",
+    "path": "agents/oci/oci-storage-backup-steward-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-fusion-apps-environment-operator-agent",
-    "name": "OCI Fusion Apps Environment Operator",
+    "id": "oci-support-incident-coordinator-agent",
+    "name": "OCI Support Incident Coordinator",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1044,7 +2620,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-fusion-apps-environment-operator. OCI Review Fusion Apps as a Service environment families, environments, lifecycle status, availability, and operational readiness.",
+    "summary": "Agent for oci-support-incident-coordinator. Coordinate OCI support incidents with evidence quality, severity discipline, resource scope, timelines, and escalation readiness.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -1052,40 +2628,40 @@
     ],
     "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-fusion-apps-environment-operator-agent",
+    "path": "agents/oci/oci-support-incident-coordinator-agent",
     "author": "github: Raishin",
     "version": "0.2.0"
   },
   {
-    "id": "oci-goldengate-replication-operator-agent",
-    "name": "OCI Goldengate Replication Operator",
+    "id": "terraform-reviewer",
+    "name": "Terraform Reviewer",
     "type": "agent",
-    "provider": "oci",
+    "provider": "terraform",
     "harnesses": [
       "codex",
-      "copilot",
       "claude-code",
       "cursor",
       "gemini",
-      "kiro"
+      "kiro",
+      "other"
     ],
-    "summary": "Agent for oci-goldengate-replication-operator. OCI Operate and review Oracle GoldenGate domains, connections, extracts, replicats, checkpoint tables, trails, distribution paths, and replication health.",
-    "source_type": "adapted",
+    "summary": "Review Terraform modules, plans, state assumptions, and provider usage for safety, drift, and least privilege.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://developer.hashicorp.com/terraform/docs",
+      "https://developer.hashicorp.com/terraform/cli/commands/plan"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
+    "security_notes": "Default to review and plan mode. Do not apply Terraform changes unless the user explicitly requests apply and the workspace is confirmed.",
     "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-goldengate-replication-operator-agent",
+    "path": "agents/terraform/terraform-reviewer",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-identity-access-governor-agent",
-    "name": "OCI Identity Access Governor",
+    "id": "azure-live-arm-deployment-stack-guard-agent",
+    "name": "Azure Live ARM Deployment Stack Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1094,23 +2670,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-identity-access-governor. Govern OCI Identity and Access Management with least-privilege policy review, compartment scoping, group/dynamic-group analysis, and safe access-change workflows.",
-    "source_type": "adapted",
+    "summary": "Guard ARM template and Deployment Stack changes with what-if evidence, denySettings review, and explicit approval before execute.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-identity-access-governor-agent",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-what-if",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-stacks",
+      "https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/best-practices"
+    ],
+    "security_notes": "Never execute an ARM or Deployment Stack change without what-if evidence, confirmed target scope, denySettings review, and explicit human approval. Repo write access does not authorize live Azure mutations.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-arm-deployment-stack-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-iot-digital-twin-engineer-agent",
-    "name": "OCI IOT Digital Twin Engineer",
+    "id": "azure-live-pim-jit-activation-guard-agent",
+    "name": "Azure Live PIM JIT Activation Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1119,23 +2697,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-iot-digital-twin-engineer. Design and operate OCI IoT digital twin adapters, models, instances, relationships, and domain context.",
-    "source_type": "adapted",
+    "summary": "Gate PIM eligible role activations with justification, ticket binding, MFA verification, and time-bound scope before approval submission.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-iot-digital-twin-engineer-agent",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-deployment-plan",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-configure-role-settings",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-activate-role",
+      "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure-azure-ad-roles"
+    ],
+    "security_notes": "Never activate a PIM role without justification, ticket reference, and MFA confirmation. An agent cannot activate another user's PIM role on their behalf \u2014 only the eligible principal may submit. Requires Entra ID P2 or equivalent license.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-pim-jit-activation-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-limits-capacity-planner-agent",
-    "name": "OCI Limits Capacity Planner",
+    "id": "azure-live-aks-rollout-guard-agent",
+    "name": "Azure Live AKS Rollout Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1144,23 +2724,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-limits-capacity-planner. Review OCI service limits, quotas, capacity availability, regional subscriptions, and growth risk. Use before deployments, migrations, DR expansion, shape changes, OKE scaling, database scaling, or quota increase requests.",
-    "source_type": "adapted",
+    "summary": "Guard AKS deployment rollouts with PDB audit, maxUnavailable and surge check, and explicit pause-before-proceed or undo gate before advancing.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-limits-capacity-planner-agent",
+      "https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-security",
+      "https://learn.microsoft.com/en-us/azure/aks/concepts-clusters-workloads",
+      "https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment",
+      "https://kubernetes.io/docs/tasks/run-application/configure-pdb/"
+    ],
+    "security_notes": "Never advance an AKS rollout without PDB audit and replica health check. kubectl rollout undo is safe but must be confirmed before execution to avoid double-rollback churn.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-aks-rollout-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-load-balancer-traffic-engineer-agent",
-    "name": "OCI Load Balancer Traffic Engineer",
+    "id": "azure-live-app-service-slot-swap-guard-agent",
+    "name": "Azure Live App Service Slot Swap Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1169,23 +2751,24 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-load-balancer-traffic-engineer. Design, review, and troubleshoot OCI Load Balancer and Network Load Balancer traffic paths, listeners, backend sets, certificates, health checks, logging, and failover.",
-    "source_type": "adapted",
+    "summary": "Guard App Service slot swaps by auditing sticky settings, warmup probe readiness, and swap-with-preview evidence before final swap commit.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots",
+      "https://learn.microsoft.com/en-us/azure/app-service/deploy-best-practices",
+      "https://learn.microsoft.com/en-us/azure/app-service/configure-common"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-load-balancer-traffic-engineer-agent",
+    "security_notes": "Never perform a production slot swap without sticky-settings diff audit and warmup health confirmation. A bad swap with no rollback plan can take a production app offline instantly.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-app-service-slot-swap-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-migration-cutover-architect-agent",
-    "name": "OCI Migration Cutover Architect",
+    "id": "azure-live-keyvault-rotation-purge-guard-agent",
+    "name": "Azure Live Key Vault Rotation Purge Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1194,23 +2777,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-migration-cutover-architect. Plan OCI migrations and cutovers with Cloud Migrations, dependency discovery, waves, rollback, DNS, data sync, validation, and support readiness.",
-    "source_type": "adapted",
+    "summary": "Guard Key Vault key and secret rotation, soft-delete enforcement, and purge-protection changes, with explicit irreversibility warning before any purge-protection enable.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery",
+      "https://learn.microsoft.com/en-us/azure/key-vault/keys/about-keys-details",
+      "https://learn.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation",
+      "https://learn.microsoft.com/en-us/azure/key-vault/general/best-practices"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-migration-cutover-architect-agent",
+    "security_notes": "Purge-protection enable is irreversible. Soft-deleted keys can be recovered within the retention window. HSM-backed hard-purged keys cannot be recovered. Never grant purge rights to routine rotation operators.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-keyvault-rotation-purge-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-multi-cloud-architect-agent",
-    "name": "OCI Multi Cloud Architect",
+    "id": "azure-live-cost-budget-action-guard-agent",
+    "name": "Azure Live Cost Budget Action Guard",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1219,21 +2804,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-multi-cloud-architect. Design and review OCI multi-cloud architectures connecting Oracle Cloud Infrastructure with AWS, Azure, Google Cloud, on-premises, or SaaS through VPN, FastConnect, Direct Connect, ExpressRoute, Cloud Interconnect, identity federation, DNS, routing, security,",
-    "source_type": "adapted",
+    "summary": "Gate subscription and management-group budget action changes and GPU or HPC SKU scale-up against approved spend thresholds before any cost-impacting mutation.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/costs/tutorial-acm-create-budgets",
+      "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits",
+      "https://learn.microsoft.com/en-us/azure/quotas/quickstart-increase-quota-portal",
+      "https://learn.microsoft.com/en-us/azure/cost-management-billing/finops/overview-finops"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-multi-cloud-architect-agent",
+    "security_notes": "GPU/HPC SKUs (NDv5, H100, A100) can generate $50K+ daily costs. Never approve quota increases or budget threshold raises without explicit spend-approval sign-off from a financial authority.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-live-cost-budget-action-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-mysql-heatwave-ai-specialist-agent",
-    "name": "OCI Mysql Heatwave Ai Specialist",
+    "id": "oci-live-resource-manager-stack-guard-agent",
+    "name": "OCI Live Resource Manager Stack Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1244,21 +2831,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-mysql-heatwave-ai-specialist. OCI Operate and review MySQL HeatWave, MySQL AI, vector/RAG workflows, connection configs, object storage ingestion, and SQL safety.",
-    "source_type": "adapted",
+    "summary": "Guard OCI Resource Manager plan, apply, and destroy jobs with drift detection evidence, state-version audit, and stack-lock awareness before any mutation.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-mysql-heatwave-ai-specialist-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/detect-drift.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/create-job-lock-file.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/ResourceManager/home.htm"
+    ],
+    "security_notes": "OCI Resource Manager auto-locks a stack state during job execution. Never approve an apply or destroy job without a plan-job output review and drift detection evidence. Repo write access does not authorize live OCI infrastructure mutations.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-resource-manager-stack-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-network-architect-agent",
-    "name": "OCI Network Architect",
+    "id": "oci-live-iam-policy-compartment-guard-agent",
+    "name": "OCI Live IAM Policy Compartment Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1269,21 +2858,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-network-architect. Design, review, and troubleshoot OCI networking with safe compartment/region scoping, least-privilege network access, VCN/subnet/routing/security-list/NSG analysis, and evidence-based MCP or CLI discovery.",
-    "source_type": "adapted",
+    "summary": "Guard OCI IAM policy changes and dynamic group mutations using verb-hierarchy audit and tag-condition review before write.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-network-architect-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policysyntax.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/iampolicyreference.htm"
+    ],
+    "security_notes": "Any-user and any-group policies in tenancy root are the most common OCI security misconfiguration. Never approve manage-verb policies at tenancy scope without compartment scoping. Policy deletes take effect immediately with no grace period.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-iam-policy-compartment-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-observability-incident-responder-agent",
-    "name": "OCI Observability Incident Responder",
+    "id": "oci-live-oke-rollout-guard-agent",
+    "name": "OCI Live OKE Rollout Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1294,21 +2885,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-observability-incident-responder. Operate as a ruthless OCI observability and incident responder for Monitoring alarms, Logging, Events, Notifications, service health, metrics, runbooks, and IAM-scoped incident response.",
-    "source_type": "adapted",
+    "summary": "Guard OKE deployment rollouts through DevOps Service pipeline approval stages with blue-green and canary evidence, and kubectl rollout pause or undo gate.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-observability-incident-responder-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/devops/using/deploy_oke.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/devops/using/bgoke_deploy.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/devops/using/canaryoke_deploy.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm"
+    ],
+    "security_notes": "Never advance an OKE rollout past an approval stage without rollout status and PDB health evidence. kubectl rollout undo is irreversible in the sense that the prior version may not be identical to the deployed artifact \u2014 confirm target revision before undo.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-oke-rollout-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-recovery-service-operator-agent",
-    "name": "OCI Recovery Service Operator",
+    "id": "oci-live-autonomous-db-lifecycle-guard-agent",
+    "name": "OCI Live Autonomous DB Lifecycle Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1319,21 +2912,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-recovery-service-operator. Operate OCI Recovery Service protected databases, protection policies, recovery service subnets, backup health, redo status, and recovery metrics.",
-    "source_type": "adapted",
+    "summary": "Guard Autonomous Database scale, start, stop, clone, and terminate operations with protection-tag check, wallet backup, and connection-string audit before any lifecycle mutation.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-recovery-service-operator-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbscaling.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbstopstart.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbcloning.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbbackingup.htm"
+    ],
+    "security_notes": "ADB termination is permanent \u2014 the database and all backups are deleted. Always verify protection tags before any terminate operation. ADB storage scale-up cannot be reversed. Termination blocked by defined-tag protection requires explicit tag removal approval.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-autonomous-db-lifecycle-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-registry-artifact-governor-agent",
-    "name": "OCI Registry Artifact Governor",
+    "id": "oci-live-vault-key-destruction-guard-agent",
+    "name": "OCI Live Vault Key Destruction Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1344,21 +2939,23 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-registry-artifact-governor. Govern OCI Registry repositories, container images, artifact access, retention, promotion, and deployment safety.",
-    "source_type": "adapted",
+    "summary": "Guard OCI Vault master encryption key scheduled-deletion and HSM key rotation, refusing deletion without reviewing data associations and confirming the destruction window.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-registry-artifact-governor-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/deletingkeys.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/rotatingkeys.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingkeys.htm"
+    ],
+    "security_notes": "After the scheduled deletion window expires, HSM-backed keys are cryptographically wiped. All data encrypted exclusively by that key version is permanently unrecoverable. Recovery SLA from OCI Support: NONE. Always use a 30-day window and audit data associations before scheduling.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-vault-key-destruction-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-resource-search-inventory-analyst-agent",
-    "name": "OCI Resource Search Inventory Analyst",
+    "id": "oci-live-cost-budget-runaway-guard-agent",
+    "name": "OCI Live Cost Budget Runaway Guard",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1369,23 +2966,25 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-resource-search-inventory-analyst. Build OCI resource inventories and dependency maps using Resource Search, compartments, tags, and cross-service discovery.",
-    "source_type": "adapted",
+    "summary": "Gate OCI budget rule mutations, cost-tracking tag changes, and GPU or HPC shape provisioning against compartment spend limits before any cost-impacting mutation.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-resource-search-inventory-analyst-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/Billing/Tasks/managingbudgets.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/managinginstances.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagsandtagnamespaces.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/General/Concepts/resourcequotas.htm"
+    ],
+    "security_notes": "GPU/HPC shapes (BM.GPU4.8, A100, BM.HPC2.36) can generate six-figure monthly costs when left running. Never approve quota increases or budget threshold raises without explicit financial-authority approval. Emergency stop requires Compute operator rights \u2014 escalate if not held.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-live-cost-budget-runaway-guard-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-security-compliance-reviewer-agent",
-    "name": "OCI Security Compliance Reviewer",
+    "id": "finops-cloud-price-advisor-agent",
+    "name": "FinOps Cloud Price Advisor",
     "type": "agent",
-    "provider": "oci",
+    "provider": "multi-cloud",
     "harnesses": [
       "codex",
       "copilot",
@@ -1394,23 +2993,27 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-security-compliance-reviewer. Review Oracle Cloud Infrastructure security, IAM, network, logging, encryption, and compliance posture.",
-    "source_type": "adapted",
+    "summary": "Fetch live public prices from AWS, Azure, and OCI pricing APIs and produce cost estimates for live environments or planned prototypes. Currency defaults to USD; other currencies on request. No cloud credentials required.",
+    "source_type": "original",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-security-compliance-reviewer-agent",
+      "https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html",
+      "https://learn.microsoft.com/en-us/rest/api/cost-management/retail-prices/azure-retail-prices",
+      "https://docs.oracle.com/en-us/iaas/Content/Billing/Concepts/costanalysisoverview.htm",
+      "https://aws.amazon.com/pricing/",
+      "https://azure.microsoft.com/en-us/pricing/calculator/",
+      "https://www.oracle.com/cloud/price-list.html"
+    ],
+    "security_notes": "All three pricing APIs are public and unauthenticated. Never request or accept cloud credentials, billing account IDs, cost export access, or tenant-specific data. Inventory enumeration for live-environment mode requires only read-only cloud permissions.",
+    "last_verified": "2026-04-30",
+    "path": "agents/finops/finops-cloud-price-advisor-agent",
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-solution-architect-agent",
-    "name": "OCI Solution Architect",
+    "id": "aws-maestro-agent",
+    "name": "AWS Maestro",
     "type": "agent",
-    "provider": "oci",
+    "provider": "aws",
     "harnesses": [
       "codex",
       "copilot",
@@ -1419,23 +3022,35 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-solution-architect. Design, review, and stress-test Oracle Cloud Infrastructure solution architectures across identity, compartments, networking, compute, database, storage, observability, security, reliability, cost, and operations.",
+    "summary": "Per-cloud router that classifies the user's task, selects the narrowest AWS specialist or the right team of specialists from the catalog, and dispatches in parallel when the task spans multiple domains. Never auto-dispatches live-guard agents.",
     "source_type": "adapted",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-solution-architect-agent",
+      "https://docs.aws.amazon.com/",
+      "https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/agents.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/agentcore.html",
+      "https://docs.aws.amazon.com/bedrock/latest/userguide/what-is-bedrock.html"
+    ],
+    "security_notes": "Live-guard gate is non-negotiable: aws-live-deployment-guarded-operator-agent, aws-live-ecs-rollout-guard-agent, aws-live-iac-change-guard-agent, aws-live-pipeline-approval-operator-agent, and aws-live-serverless-release-guard-agent must never be auto-dispatched. Always surface blast-radius assessment and rollback path and require explicit written human confirmation before routing to any live-guard agent.",
+    "last_verified": "2026-04-30",
+    "path": "agents/aws/aws-maestro-agent",
+    "harness_variants": {
+      "codex": "agents/aws/aws-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/aws/aws-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/aws/aws-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/aws/aws-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/aws/aws-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/aws/aws-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/aws/aws-maestro-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-storage-backup-steward-agent",
-    "name": "OCI Storage Backup Steward",
+    "id": "azure-maestro-agent",
+    "name": "Azure Maestro",
     "type": "agent",
-    "provider": "oci",
+    "provider": "azure",
     "harnesses": [
       "codex",
       "copilot",
@@ -1444,21 +3059,34 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-storage-backup-steward. Operate as a ruthless OCI storage and backup steward for Object Storage, Block Volume, File Storage, backup policies, retention, replication, lifecycle rules, restore readiness, and IAM-scoped storage operations.",
+    "summary": "Per-cloud router agent for Azure. Classifies the user's task, selects the narrowest Azure specialist or the right team of specialists from the catalog, and dispatches in parallel when the task spans multiple domains. Never auto-dispatches live-guard agents.",
     "source_type": "adapted",
     "official_docs": [
-      "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
+      "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/",
+      "https://learn.microsoft.com/en-us/azure/architecture/",
+      "https://learn.microsoft.com/en-us/azure/well-architected/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/overview",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/tools/",
+      "https://learn.microsoft.com/en-us/azure/developer/azure-mcp-server/concepts"
     ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-storage-backup-steward-agent",
+    "security_notes": "Live-guard agents (azure-live-aks-rollout-guard-agent, azure-live-app-service-slot-swap-guard-agent, azure-live-arm-deployment-stack-guard-agent, azure-live-cost-budget-action-guard-agent, azure-live-keyvault-rotation-purge-guard-agent, azure-live-pim-jit-activation-guard-agent) must NEVER be auto-dispatched. All six require explicit human confirmation, blast-radius assessment, and a confirmed rollback path before dispatch. Do not ask for secrets, credentials, tenant IDs, subscription IDs, or any customer-specific identifiers.",
+    "last_verified": "2026-04-30",
+    "path": "agents/azure/azure-maestro-agent",
+    "harness_variants": {
+      "codex": "agents/azure/azure-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/azure/azure-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/azure/azure-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/azure/azure-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/azure/azure-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/azure/azure-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/azure/azure-maestro-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "oci-support-incident-coordinator-agent",
-    "name": "OCI Support Incident Coordinator",
+    "id": "oci-maestro-agent",
+    "name": "OCI Maestro",
     "type": "agent",
     "provider": "oci",
     "harnesses": [
@@ -1469,40 +3097,65 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for oci-support-incident-coordinator. Coordinate OCI support incidents with evidence quality, severity discipline, resource scope, timelines, and escalation readiness.",
+    "summary": "Per-cloud router agent for OCI. Classifies the user's task, selects the narrowest OCI specialist agent or the right team of specialists from the catalog, and dispatches them \u2014 single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
-      "https://www.oracle.com/cloud/"
-    ],
-    "security_notes": "OCI agents can inspect or guide changes to cloud resources. Use least-privilege access, read-only discovery first, and explicit approval for mutations.",
-    "last_verified": "2026-04-27",
-    "path": "agents/oci/oci-support-incident-coordinator-agent",
+      "https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policygetstarted.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_guide.htm",
+      "https://docs.oracle.com/en-us/iaas/Content/GSG/Concepts/baremetalintro.htm"
+    ],
+    "security_notes": "Live-guard gate is non-negotiable. The 6 live-guard agents (oci-live-autonomous-db-lifecycle-guard-agent, oci-live-cost-budget-runaway-guard-agent, oci-live-iam-policy-compartment-guard-agent, oci-live-oke-rollout-guard-agent, oci-live-resource-manager-stack-guard-agent, oci-live-vault-key-destruction-guard-agent) must never be auto-dispatched. OCI IAM policy deletion at the tenancy root has tenancy-wide blast radius and cannot be undone by the agent. Vault key destruction is irreversible \u2014 all data encrypted with the destroyed key becomes permanently unrecoverable. Both require explicit human confirmation, blast-radius assessment, and a documented rollback path before dispatch.",
+    "last_verified": "2026-04-30",
+    "path": "agents/oci/oci-maestro-agent",
+    "harness_variants": {
+      "codex": "agents/oci/oci-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/oci/oci-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/oci/oci-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/oci/oci-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/oci/oci-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/oci/oci-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/oci/oci-maestro-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
-    "version": "0.2.0"
+    "version": "0.1.0"
   },
   {
-    "id": "terraform-reviewer",
-    "name": "Terraform Reviewer",
+    "id": "terraform-maestro-agent",
+    "name": "Terraform Maestro",
     "type": "agent",
     "provider": "terraform",
     "harnesses": [
       "codex",
+      "copilot",
       "claude-code",
       "cursor",
       "gemini",
-      "kiro",
-      "other"
+      "kiro"
     ],
-    "summary": "Review Terraform modules, plans, state assumptions, and provider usage for safety, drift, and least privilege.",
-    "source_type": "original",
+    "summary": "Agent for terraform-maestro. Classify the user's IaC task, select the right Terraform/IaC specialist or team from the cross-cloud catalog, and dispatch in parallel when the task spans multiple domains. Never auto-dispatch live-guard agents.",
+    "source_type": "adapted",
     "official_docs": [
       "https://developer.hashicorp.com/terraform/docs",
-      "https://developer.hashicorp.com/terraform/cli/commands/plan"
-    ],
-    "security_notes": "Default to review and plan mode. Do not apply Terraform changes unless the user explicitly requests apply and the workspace is confirmed.",
-    "last_verified": "2026-04-27",
-    "path": "agents/terraform/terraform-reviewer",
+      "https://developer.hashicorp.com/terraform/language",
+      "https://developer.hashicorp.com/terraform/cli/commands/plan",
+      "https://registry.terraform.io/providers/hashicorp/aws/latest/docs",
+      "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs",
+      "https://registry.terraform.io/providers/oracle/oci/latest/docs"
+    ],
+    "security_notes": "Live-guard gate is non-negotiable: never auto-dispatch aws-live-iac-change-guard-agent, azure-live-arm-deployment-stack-guard-agent, or oci-live-resource-manager-stack-guard-agent without explicit human confirmation, blast-radius assessment, and rollback path. Terraform destroy is irreversible without state backup.",
+    "last_verified": "2026-04-30",
+    "path": "agents/terraform/terraform-maestro-agent",
+    "harness_variants": {
+      "codex": "agents/terraform/terraform-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/terraform/terraform-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/terraform/terraform-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/terraform/terraform-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/terraform/terraform-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/terraform/terraform-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/terraform/terraform-maestro-agent/harnesses/kiro-cli.agent.json"
+    },
     "author": "github: Raishin",
     "version": "0.1.0"
   }