npm - @raishin/vanguard-frontier-agentic - Versions diffs - 2.2.0 → 2.3.0 - Mend

@raishin/vanguard-frontier-agentic 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (201) hide show

package/catalog/agents.json CHANGED Viewed

@@ -4053,6 +4053,270 @@
       "kiro-cli": "agents/contabo/contabo-security-hardening-agent/harnesses/kiro-cli.agent.json"
     }
   },
+  {
+    "id": "dotnet-aspire-cloud-native-review-agent",
+    "name": ".NET Aspire Cloud-Native Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET Aspire AppHost and service-defaults projects for cloud-native readiness — health checks, service dependency wiring, resiliency policies, configuration and secret hygiene, and the boundary to a real deployment platform. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/aspire/",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/service-defaults",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/app-host-overview",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/health-checks"
+    ],
+    "security_notes": "Static review only — reads the AppHost project, ServiceDefaults, the Aspire manifest, and sanitized configuration; never runs the AppHost or deploys. Flags secrets committed in appsettings as critical. Never requests secrets, connection strings, or customer data. Note: .NET Aspire APIs evolve quickly — keep last_verified current.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspire-cloud-native-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-aspnetcore-api-review-agent",
+    "name": ".NET ASP.NET Core API Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of ASP.NET Core HTTP API architecture — middleware ordering, dependency-injection lifetimes, CORS, model validation, API versioning, error responses, rate limiting, and health/readiness boundaries. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/dependency-injection",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/cors",
+      "https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/minimal-apis/security"
+    ],
+    "security_notes": "Static review only — reads source and sanitized configuration, never runs the app or calls endpoints. Never requests secrets, connection strings, tokens, or customer data; asks for sanitized appsettings with placeholders.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspnetcore-api-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-aspnetcore-identity-authz-review-agent",
+    "name": ".NET ASP.NET Core Identity & AuthZ Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of ASP.NET Core authentication, authorization, identity boundaries, JWT token validation, cookie and session security, and multi-tenant isolation. Reads source and sanitized configuration only — never runs the app or contacts an identity provider.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/aspnet/core/security/",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authorization/introduction",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie"
+    ],
+    "security_notes": "Static review only — reads source and sanitized configuration, never runs the application, mints or inspects tokens, or contacts an identity provider. Flags disabled token validation, anonymous state-changing endpoints, and client-supplied tenant claims as critical. Never requests secrets, signing keys, client secrets, tokens, connection strings, tenant identifiers, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-csharp-runtime-review-agent",
+    "name": ".NET C# & Runtime Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of C# language and runtime correctness — nullable reference types, async/await, cancellation, disposal, allocations on hot paths, LINQ misuse, and AOT/trimming hazards. Reads source only; never compiles or runs code.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/csharp/",
+      "https://learn.microsoft.com/en-us/dotnet/standard/asynchronous-programming-patterns/",
+      "https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/builtin-types/nullable-reference-types",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/debug-threadpool-starvation",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-warnings"
+    ],
+    "security_notes": "Static review only — reads C# source and project files, never compiles, runs, or instruments code. Never requests secrets, connection strings, tokens, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-csharp-runtime-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-efcore-data-access-review-agent",
+    "name": ".NET EF Core Data Access Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of EF Core data access — DbContext lifetime, N+1 queries, unbounded result sets, raw SQL injection surface, optimistic concurrency tokens, migration discipline, multi-tenant query filters, and connection resiliency. Reads source only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/ef/core/",
+      "https://learn.microsoft.com/en-us/ef/core/dbcontext-configuration",
+      "https://learn.microsoft.com/en-us/ef/core/querying/single-split-queries",
+      "https://learn.microsoft.com/en-us/ef/core/miscellaneous/multitenancy",
+      "https://learn.microsoft.com/en-us/ef/core/saving/concurrency"
+    ],
+    "security_notes": "Static review only — reads DbContext classes, entity configuration, migrations, and query sites; never runs migrations, opens a database connection, or executes SQL. Never requests connection strings, database credentials, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-efcore-data-access-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-maestro-agent",
+    "name": ".NET Maestro",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Router agent for the .NET board. Classifies a .NET task and dispatches the narrowest specialist agent, or a parallel team of up to four for multi-domain tasks. Routes only — never answers .NET questions itself.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/",
+      "https://learn.microsoft.com/en-us/aspnet/core/",
+      "https://learn.microsoft.com/en-us/ef/core/"
+    ],
+    "security_notes": "Routing only — performs no review itself, never runs code, never requests secrets, connection strings, tokens, tenant identifiers, or customer data. Every dispatched .NET specialist is static-review.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-maestro-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-observability-otel-review-agent",
+    "name": ".NET Observability & OpenTelemetry Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of in-application OpenTelemetry wiring in ASP.NET Core — SDK registration, trace context propagation, structured logging, correlation IDs, metrics instrumentation, sampling, and PII leakage in telemetry. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/observability-with-otel",
+      "https://learn.microsoft.com/en-us/dotnet/core/extensions/logging",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/logging/",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/distributed-tracing"
+    ],
+    "security_notes": "Static review only — reads OpenTelemetry registration, logging configuration, and instrumentation source; never runs the app or contacts a telemetry backend. Flags PII in spans or logs as critical. Never requests secrets, tokens, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-observability-otel-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-performance-aot-review-agent",
+    "name": ".NET Performance, AOT & Trimming Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static, evidence-gated review of .NET performance posture, Native AOT, and trimming readiness — reflection and serialization hazards, hot-path allocations, and benchmark discipline. Any performance claim with no benchmark artifact is downgraded to inference.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-self-contained",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-warnings",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/"
+    ],
+    "security_notes": "Static review only — reads project files, benchmark results, trim-warning output, and hot-path source; never runs the application, a benchmark, or a profiler. Never requests secrets or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-performance-aot-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-supply-chain-review-agent",
+    "name": ".NET Supply Chain Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET CI/CD and NuGet supply-chain integrity — SDK pinning, package version pinning and lock files, feed trust, fork-PR secret exposure, vulnerability scanning, and build reproducibility. Reads workflow and project configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/nuget/",
+      "https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management",
+      "https://learn.microsoft.com/en-us/dotnet/core/tools/global-json",
+      "https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files",
+      "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions"
+    ],
+    "security_notes": "Static review only — reads CI workflow files, global.json, Directory.Packages.props, NuGet.config, lock files, and publish profiles; never triggers a pipeline or restores packages. Flags secret exposure to fork-PR builds as critical. Never requests CI secrets, feed credentials, or signing keys.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-supply-chain-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-testing-quality-review-agent",
+    "name": ".NET Testing Quality Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET test suites — detects assertion-free and tautological tests, over-mocking, coverage theater, weak isolation, flaky patterns, and missing negative or security tests across xUnit, NUnit, and MSTest. Reads test source only; never runs the suite.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/testing/",
+      "https://learn.microsoft.com/en-us/dotnet/core/testing/unit-testing-best-practices",
+      "https://learn.microsoft.com/en-us/aspnet/core/test/integration-tests",
+      "https://learn.microsoft.com/en-us/aspnet/core/test/middleware"
+    ],
+    "security_notes": "Static review only — reads test projects, test source, and coverage configuration; never runs the test suite, a coverage tool, or a test container. Never requests secrets or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-testing-quality-review-agent",
+    "version": "0.1.0"
+  },
   {
     "id": "email-sender-authentication-review-agent",
     "name": "Email Sender Authentication Review Agent",
@@ -5998,7 +6262,7 @@
     "id": "hr-analytics-people-data-agent",
     "name": "HR Analytics and People Data Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6023,7 +6287,7 @@
     "id": "hr-benefits-payroll-agent",
     "name": "HR Benefits and Payroll Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6048,7 +6312,7 @@
     "id": "hr-compensation-equity-agent",
     "name": "HR Compensation and Equity Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6073,7 +6337,7 @@
     "id": "hr-culture-dei-agent",
     "name": "HR Culture and Inclusion Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6098,7 +6362,7 @@
     "id": "hr-employee-relations-agent",
     "name": "HR Employee Relations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6123,7 +6387,7 @@
     "id": "hr-hris-process-controls-agent",
     "name": "HR HRIS Process Controls Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6148,7 +6412,7 @@
     "id": "hr-learning-policy-agent",
     "name": "HR Learning and Policy Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6173,7 +6437,7 @@
     "id": "hr-leave-accommodation-agent",
     "name": "HR Leave and Accommodation Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6198,7 +6462,7 @@
     "id": "hr-maestro-agent",
     "name": "HR Maestro Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6223,7 +6487,7 @@
     "id": "hr-performance-management-agent",
     "name": "HR Performance Management Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6248,7 +6512,7 @@
     "id": "hr-recruiting-selection-agent",
     "name": "HR Recruiting and Selection Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6273,7 +6537,7 @@
     "id": "hr-risk-triage-review-agent",
     "name": "HR Risk Triage Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6316,7 +6580,7 @@
     "id": "hr-termination-readiness-agent",
     "name": "HR Termination Readiness Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6341,7 +6605,7 @@
     "id": "hr-workforce-planning-rif-agent",
     "name": "HR Workforce Planning and RIF Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6366,7 +6630,7 @@
     "id": "hr-workplace-investigations-agent",
     "name": "HR Workplace Investigations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -8215,7 +8479,7 @@
     "id": "legal-contract-review-agent",
     "name": "Legal Contract Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8240,7 +8504,7 @@
     "id": "legal-counsel-review-agent",
     "name": "Legal Counsel Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8283,7 +8547,7 @@
     "id": "legal-employment-law-risk-agent",
     "name": "Legal Employment Law Risk Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8308,7 +8572,7 @@
     "id": "legal-ethics-investigations-agent",
     "name": "Legal Ethics and Investigations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8333,7 +8597,7 @@
     "id": "legal-ip-open-source-agent",
     "name": "Legal IP and Open Source Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8358,7 +8622,7 @@
     "id": "legal-knowledge-management-agent",
     "name": "Legal Knowledge Management Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8383,7 +8647,7 @@
     "id": "legal-litigation-discovery-hold-agent",
     "name": "Legal Litigation and Discovery Hold Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8408,7 +8672,7 @@
     "id": "legal-maestro-agent",
     "name": "Legal Maestro Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8433,7 +8697,7 @@
     "id": "legal-policy-governance-agent",
     "name": "Legal Policy and Governance Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8458,7 +8722,7 @@
     "id": "legal-privacy-data-protection-agent",
     "name": "Legal Privacy and Data Protection Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8483,7 +8747,7 @@
     "id": "legal-public-disclosure-agent",
     "name": "Legal Public Disclosure Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8508,7 +8772,7 @@
     "id": "legal-regulatory-compliance-agent",
     "name": "Legal Regulatory Compliance Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8533,7 +8797,7 @@
     "id": "legal-vendor-procurement-risk-agent",
     "name": "Legal Vendor and Procurement Risk Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",