@raishin/vanguard-frontier-agentic 2.2.0 → 2.5.0

package/catalog/agents.json

@@ -12,7 +12,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review ad-platform audience targeting configurations and declared AI feature usage for protected-class discrimination risk under Fair Housing Act, ECOA, and EU AI Act Article 5 — proxy segments, algorithmic disparate impact, and missing Special Ad Category declarations.",
+    "summary": "Review ad-platform audience targeting configurations and declared AI feature usage for protected-class discrimination risk under Fair Housing Act, ECOA, and EU AI Act Article 5 \u2014 proxy segments, algorithmic disparate impact, and missing Special Ad Category declarations.",
     "companion_skills": [
       "ai-advertising-targeting-fairness-review"
     ],
@@ -59,7 +59,7 @@
       "https://www.alibabacloud.com/help/en/acr",
       "https://www.alibabacloud.com/help/en/asm"
     ],
-    "security_notes": "ACK cluster version upgrades are irreversible. Node pool scale-down may evict workloads. Production namespace mutations require confirmation. ACK Serverless (ASK) has no node-level access — do not recommend node-level debugging commands for ASK.",
+    "security_notes": "ACK cluster version upgrades are irreversible. Node pool scale-down may evict workloads. Production namespace mutations require confirmation. ACK Serverless (ASK) has no node-level access \u2014 do not recommend node-level debugging commands for ASK.",
     "last_verified": "2026-05-08",
     "path": "agents/alibaba/alibaba-ack-container-platform-operator-agent",
     "author": "github: Raishin",
@@ -84,7 +84,7 @@
       "https://www.alibabacloud.com/help/en/actiontrail",
       "https://www.alibabacloud.com/help/en/sls"
     ],
-    "security_notes": "Do not delete ActionTrail trails, SLS logstores, or audit evidence without backup verification — audit log destruction may violate MLPS 2.0 retention requirements.",
+    "security_notes": "Do not delete ActionTrail trails, SLS logstores, or audit evidence without backup verification \u2014 audit log destruction may violate MLPS 2.0 retention requirements.",
     "last_verified": "2026-05-08",
     "path": "agents/alibaba/alibaba-actiontrail-audit-analyst-agent",
     "author": "github: Raishin",
@@ -129,14 +129,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review Alibaba Cloud SSL Certificate Service — DV/OV/EV certificate lifecycle, auto-renewal configuration, certificate deployment to SLB/ALB/CDN/OSS, domain validation status, CAA record compliance, and expiry monitoring.",
+    "summary": "Review Alibaba Cloud SSL Certificate Service \u2014 DV/OV/EV certificate lifecycle, auto-renewal configuration, certificate deployment to SLB/ALB/CDN/OSS, domain validation status, CAA record compliance, and expiry monitoring.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/ssl-certificate/latest/what-is-ssl-certificates-service",
       "https://www.alibabacloud.com/help/en/slb/application-load-balancer/user-guide/create-an-https-listener",
       "https://www.alibabacloud.com/help/en/cdn/user-guide/configure-an-ssl-certificate"
     ],
-    "security_notes": "Alibaba Cloud certificate private keys generated on the platform are stored in Alibaba's systems — for maximum security, use CSR-based upload with your own private key generated locally. SLB/ALB HTTPS listeners using TLS 1.0 or 1.1 are non-compliant with PCI-DSS and MLPS 2.0 — enforce TLS 1.2+ via security policy configuration.",
+    "security_notes": "Alibaba Cloud certificate private keys generated on the platform are stored in Alibaba's systems \u2014 for maximum security, use CSR-based upload with your own private key generated locally. SLB/ALB HTTPS listeners using TLS 1.0 or 1.1 are non-compliant with PCI-DSS and MLPS 2.0 \u2014 enforce TLS 1.2+ via security policy configuration.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-certificate-manager-issuer-review-agent",
     "version": "0.1.0",
@@ -155,7 +155,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Pre-change blast radius analysis for Alibaba Cloud — Resource Directory OU scope mapping, RAM policy cascade effects, VPC peering and CEN impact, SLB backend pool changes, RDS connection pool disruption, and safe change sequencing.",
+    "summary": "Pre-change blast radius analysis for Alibaba Cloud \u2014 Resource Directory OU scope mapping, RAM policy cascade effects, VPC peering and CEN impact, SLB backend pool changes, RDS connection pool disruption, and safe change sequencing.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/resource-management/latest/what-is-resource-management",
@@ -163,7 +163,7 @@
       "https://www.alibabacloud.com/help/en/cen/latest/what-is-cen",
       "https://www.alibabacloud.com/help/en/vpc/latest/vpc-peering-connections-overview"
     ],
-    "security_notes": "Alibaba Cloud Resource Directory root account has override capabilities for all member account policies — changes at root level must have explicit dual approval. CEN route changes are near-instantaneous and propagate globally — always test in a staging CEN attachment before applying to production.",
+    "security_notes": "Alibaba Cloud Resource Directory root account has override capabilities for all member account policies \u2014 changes at root level must have explicit dual approval. CEN route changes are near-instantaneous and propagate globally \u2014 always test in a staging CEN attachment before applying to production.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-change-impact-advisor-agent",
     "version": "0.1.0",
@@ -207,7 +207,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Detect and coordinate response to Alibaba Cloud cost anomalies — MaxCompute CU vs on-demand billing mismatch, ECS spot instance interruption cascades, CDN traffic spike billing, OSS API request cost explosions, budget alert → DingTalk notification → remediation playbook.",
+    "summary": "Detect and coordinate response to Alibaba Cloud cost anomalies \u2014 MaxCompute CU vs on-demand billing mismatch, ECS spot instance interruption cascades, CDN traffic spike billing, OSS API request cost explosions, budget alert \u2192 DingTalk notification \u2192 remediation playbook.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/maxcompute/latest/billing-overview",
@@ -215,7 +215,7 @@
       "https://www.alibabacloud.com/help/en/cost-management/latest/overview",
       "https://www.alibabacloud.com/help/en/cdn/user-guide/billing-overview"
     ],
-    "security_notes": "Alibaba Cloud cost data is accessible via the billing API — restrict AccessKey permissions for billing API access to read-only (AliyunBSSReadOnlyAccess). China mainland billing accounts and international accounts cannot be consolidated — separate anomaly monitoring pipelines required for each account type.",
+    "security_notes": "Alibaba Cloud cost data is accessible via the billing API \u2014 restrict AccessKey permissions for billing API access to read-only (AliyunBSSReadOnlyAccess). China mainland billing accounts and international accounts cannot be consolidated \u2014 separate anomaly monitoring pipelines required for each account type.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-cost-anomaly-watch-coordinator-agent",
     "version": "0.1.0",
@@ -260,7 +260,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Coordinate the daily Alibaba Cloud operations standup — cost delta from Cost Manager, ActionTrail anomaly review, ACK pod failure triage, quota utilization warnings, Security Center finding review, and action item assignment.",
+    "summary": "Coordinate the daily Alibaba Cloud operations standup \u2014 cost delta from Cost Manager, ActionTrail anomaly review, ACK pod failure triage, quota utilization warnings, Security Center finding review, and action item assignment.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/cost-management/latest/overview",
@@ -268,7 +268,7 @@
       "https://www.alibabacloud.com/help/en/ack/ack-managed-and-ack-dedicated/user-guide/overview-7",
       "https://www.alibabacloud.com/help/en/security-center/latest/what-is-security-center"
     ],
-    "security_notes": "Alibaba Cloud ActionTrail logs contain API call details that may reveal internal architecture — restrict ActionTrail SLS project access to security team members only. Daily briefing cost data reveals workload scale and spending patterns — distribute briefing reports only to authorized stakeholders.",
+    "security_notes": "Alibaba Cloud ActionTrail logs contain API call details that may reveal internal architecture \u2014 restrict ActionTrail SLS project access to security team members only. Daily briefing cost data reveals workload scale and spending patterns \u2014 distribute briefing reports only to authorized stakeholders.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-daily-operations-briefing-coordinator-agent",
     "version": "0.1.0",
@@ -339,7 +339,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review Alibaba Cloud EventBridge, MNS (Message Notification Service), RocketMQ, and MSE event-driven designs — dead-letter queues, message ordering, idempotency, retry storm prevention, schema registry, and consumer group lag monitoring.",
+    "summary": "Review Alibaba Cloud EventBridge, MNS (Message Notification Service), RocketMQ, and MSE event-driven designs \u2014 dead-letter queues, message ordering, idempotency, retry storm prevention, schema registry, and consumer group lag monitoring.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/eventbridge/latest/what-is-eventbridge",
@@ -347,7 +347,7 @@
       "https://www.alibabacloud.com/help/en/apsaramq-for-rocketmq/latest/what-is-rocketmq",
       "https://www.alibabacloud.com/help/en/mse/latest/overview-of-mse"
     ],
-    "security_notes": "Alibaba Cloud EventBridge event buses can be public — restrict event bus policies to specific source services and target endpoints. MNS message bodies may contain sensitive data — use SSE encryption at rest for MNS queues in regulated environments.",
+    "security_notes": "Alibaba Cloud EventBridge event buses can be public \u2014 restrict event bus policies to specific source services and target endpoints. MNS message bodies may contain sensitive data \u2014 use SSE encryption at rest for MNS queues in regulated environments.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-event-driven-architecture-review-agent",
     "version": "0.1.0",
@@ -392,7 +392,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review Terraform and ROS (Resource Orchestration Service) changes targeting Alibaba Cloud — blast radius analysis, resource deletion detection, cross-stack dependency impact, Resource Directory scope, and rollback plan completeness.",
+    "summary": "Review Terraform and ROS (Resource Orchestration Service) changes targeting Alibaba Cloud \u2014 blast radius analysis, resource deletion detection, cross-stack dependency impact, Resource Directory scope, and rollback plan completeness.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/resource-orchestration-service/latest/what-is-ros",
@@ -400,7 +400,7 @@
       "https://www.alibabacloud.com/help/en/resource-management/latest/what-is-resource-management",
       "https://www.alibabacloud.com/help/en/oss/user-guide/server-side-encryption"
     ],
-    "security_notes": "Alibaba Cloud Terraform provider state files expose resource attribute details — OSS backend bucket must deny public access and use SSE-KMS. ROS resource deletion protection must be enabled on production stacks — stacks without deletion protection can be destroyed with a single API call.",
+    "security_notes": "Alibaba Cloud Terraform provider state files expose resource attribute details \u2014 OSS backend bucket must deny public access and use SSE-KMS. ROS resource deletion protection must be enabled on production stacks \u2014 stacks without deletion protection can be destroyed with a single API call.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-iac-change-safety-review-agent",
     "version": "0.1.0",
@@ -495,7 +495,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate financial authority actions — budget threshold changes can trigger service suspension, Savings Plan purchases are committed spend contracts, RI purchases lock capacity spend.",
+    "summary": "Gate financial authority actions \u2014 budget threshold changes can trigger service suspension, Savings Plan purchases are committed spend contracts, RI purchases lock capacity spend.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/bss"
@@ -520,7 +520,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate KMS key deletion and disable operations — all data encrypted with a deleted CMK becomes permanently and irrecoverably inaccessible.",
+    "summary": "Gate KMS key deletion and disable operations \u2014 all data encrypted with a deleted CMK becomes permanently and irrecoverably inaccessible.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/kms",
@@ -544,7 +544,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate OSS bucket ACL and policy mutations — public-read/write ACL exposes data immediately to internet crawlers; CN-* cross-border replication may violate DSL/MLPS.",
+    "summary": "Gate OSS bucket ACL and policy mutations \u2014 public-read/write ACL exposes data immediately to internet crawlers; CN-* cross-border replication may violate DSL/MLPS.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/oss"
@@ -569,13 +569,13 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate RAM policy/role mutations — account-wide blast radius, privilege escalation risk, service breakage from accidental denial.",
+    "summary": "Gate RAM policy/role mutations \u2014 account-wide blast radius, privilege escalation risk, service breakage from accidental denial.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/ram",
       "https://www.alibabacloud.com/help/en/ram/user-guide/create-a-custom-policy"
     ],
-    "security_notes": "RAM AdministratorAccess is account-wide; assigning it to any RAM user/role is the highest-risk RAM mutation. RAM policy deletion may break active STS tokens immediately. Resource Directory Control Policy changes affect all member accounts in that OU — require org-admin equivalent approval.",
+    "security_notes": "RAM AdministratorAccess is account-wide; assigning it to any RAM user/role is the highest-risk RAM mutation. RAM policy deletion may break active STS tokens immediately. Resource Directory Control Policy changes affect all member accounts in that OU \u2014 require org-admin equivalent approval.",
     "last_verified": "2026-05-08",
     "path": "agents/alibaba/alibaba-live-ram-policy-change-guard-agent",
     "author": "github: Raishin"
@@ -593,7 +593,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate RDS/PolarDB instance deletion, spec downgrade, and backup policy removal — data loss is permanent without backup verification.",
+    "summary": "Gate RDS/PolarDB instance deletion, spec downgrade, and backup policy removal \u2014 data loss is permanent without backup verification.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/polardb",
@@ -618,7 +618,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Traffic engineering for Alibaba Cloud load balancers — CLB (Classic, legacy), SLB (Server Load Balancer, Layer 4/7), ALB (Application Load Balancer, Layer 7 advanced routing), NLB (Network Load Balancer, Layer 4 high throughput), and GA (Global Accelerator) — type selection, health check design, and traffic distribution.",
+    "summary": "Traffic engineering for Alibaba Cloud load balancers \u2014 CLB (Classic, legacy), SLB (Server Load Balancer, Layer 4/7), ALB (Application Load Balancer, Layer 7 advanced routing), NLB (Network Load Balancer, Layer 4 high throughput), and GA (Global Accelerator) \u2014 type selection, health check design, and traffic distribution.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/slb/classic-load-balancer/product-overview/what-is-clb",
@@ -626,7 +626,7 @@
       "https://www.alibabacloud.com/help/en/slb/network-load-balancer/product-overview/what-is-nlb",
       "https://www.alibabacloud.com/help/en/global-accelerator/latest/what-is-global-accelerator"
     ],
-    "security_notes": "CLB instances with public listeners and no WAF integration are exposed directly to the internet — ALB with WAF integration is required for PCI-DSS and MLPS 2.0 Level 3 regulated HTTP workloads. NLB passes client source IP directly to backends — backend security groups must account for this and restrict access from the NLB CIDR range.",
+    "security_notes": "CLB instances with public listeners and no WAF integration are exposed directly to the internet \u2014 ALB with WAF integration is required for PCI-DSS and MLPS 2.0 Level 3 regulated HTTP workloads. NLB passes client source IP directly to backends \u2014 backend security groups must account for this and restrict access from the NLB CIDR range.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-load-balancer-traffic-engineer-agent",
     "version": "0.1.0",
@@ -646,7 +646,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-cloud router agent for Alibaba Cloud. Classifies the user's task, selects the narrowest Alibaba Cloud specialist agent or the right team of specialists from the catalog, and dispatches them. China-region aware — flags MLPS 2.0, DSL, and PIPL obligations for CN-* workloads. Never auto-dispatches live-guard agents.",
+    "summary": "Per-cloud router agent for Alibaba Cloud. Classifies the user's task, selects the narrowest Alibaba Cloud specialist agent or the right team of specialists from the catalog, and dispatches them. China-region aware \u2014 flags MLPS 2.0, DSL, and PIPL obligations for CN-* workloads. Never auto-dispatches live-guard agents.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en",
@@ -654,7 +654,7 @@
       "https://www.alibabacloud.com/help/en/vpc",
       "https://www.alibabacloud.com/help/en/ecs"
     ],
-    "security_notes": "Live-guard gate is non-negotiable. RAM AdministratorAccess mutations and KMS key deletion are irreversible. China mainland (CN-*) regions carry DSL/MLPS 2.0/PIPL obligations — always flag cross-border data transfer and compliance grading questions before routing.",
+    "security_notes": "Live-guard gate is non-negotiable. RAM AdministratorAccess mutations and KMS key deletion are irreversible. China mainland (CN-*) regions carry DSL/MLPS 2.0/PIPL obligations \u2014 always flag cross-border data transfer and compliance grading questions before routing.",
     "last_verified": "2026-05-08",
     "path": "agents/alibaba/alibaba-maestro-agent",
     "author": "github: Raishin"
@@ -679,7 +679,7 @@
       "https://www.alibabacloud.com/help/en/dataworks",
       "https://www.alibabacloud.com/help/en/pai"
     ],
-    "security_notes": "Do not switch MaxCompute billing mode (CU package to on-demand) without modeling cost impact — wrong mode can multiply costs 10x.",
+    "security_notes": "Do not switch MaxCompute billing mode (CU package to on-demand) without modeling cost impact \u2014 wrong mode can multiply costs 10x.",
     "last_verified": "2026-05-08",
     "path": "agents/alibaba/alibaba-maxcompute-dataworks-analyst-agent",
     "author": "github: Raishin",
@@ -724,7 +724,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Configure and operate Alibaba MSE (Microservice Engine) — Nacos (service discovery + config), Sentinel (rate limiting + circuit breaking), Seata (distributed transactions), and ARMS APM for microservices observability.",
+    "summary": "Configure and operate Alibaba MSE (Microservice Engine) \u2014 Nacos (service discovery + config), Sentinel (rate limiting + circuit breaking), Seata (distributed transactions), and ARMS APM for microservices observability.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/mse",
@@ -802,7 +802,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Govern Alibaba Cloud OSS data perimeters — bucket ACL and policy conflict resolution, Block Public Access configuration, cross-account access via RAM role, VPC endpoint binding for private access, WORM (Object Lock), and MLPS 2.0 data residency compliance.",
+    "summary": "Govern Alibaba Cloud OSS data perimeters \u2014 bucket ACL and policy conflict resolution, Block Public Access configuration, cross-account access via RAM role, VPC endpoint binding for private access, WORM (Object Lock), and MLPS 2.0 data residency compliance.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/oss/user-guide/block-public-access",
@@ -810,7 +810,7 @@
       "https://www.alibabacloud.com/help/en/oss/user-guide/use-bucket-policies-to-authorize-other-users-to-access-oss-resources",
       "https://www.alibabacloud.com/help/en/oss/user-guide/oss-interface-for-vpc"
     ],
-    "security_notes": "Alibaba Cloud OSS bucket names are globally unique — a publicly accessible bucket with a guessable name exposes data without authentication. OSS Cross-Region Replication (CRR) to international regions from CN-* buckets containing personal data violates PIPL and may violate MLPS 2.0 — verify replication destination region compliance.",
+    "security_notes": "Alibaba Cloud OSS bucket names are globally unique \u2014 a publicly accessible bucket with a guessable name exposes data without authentication. OSS Cross-Region Replication (CRR) to international regions from CN-* buckets containing personal data violates PIPL and may violate MLPS 2.0 \u2014 verify replication destination region compliance.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-oss-data-perimeter-governor-agent",
     "version": "0.1.0",
@@ -906,14 +906,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Govern Alibaba Cloud Container Registry (ACR) — Enterprise Edition vs Personal Edition selection, image vulnerability scanning, namespace IAM least privilege, image retention policies, cross-region replication, and supply chain security posture.",
+    "summary": "Govern Alibaba Cloud Container Registry (ACR) \u2014 Enterprise Edition vs Personal Edition selection, image vulnerability scanning, namespace IAM least privilege, image retention policies, cross-region replication, and supply chain security posture.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/acr/product-overview/what-is-container-registry",
       "https://www.alibabacloud.com/help/en/acr/user-guide/configure-image-tag-immutability",
       "https://www.alibabacloud.com/help/en/acr/user-guide/use-image-scanner-to-scan-images"
     ],
-    "security_notes": "ACR Personal Edition namespaces are globally shared — namespace name collisions are possible; use ACR Enterprise Edition with isolated instance for production. Public ACR namespaces in CN-* regions are accessible globally — this creates cross-border data flow implications under Chinese data regulations.",
+    "security_notes": "ACR Personal Edition namespaces are globally shared \u2014 namespace name collisions are possible; use ACR Enterprise Edition with isolated instance for production. Public ACR namespaces in CN-* regions are accessible globally \u2014 this creates cross-border data flow implications under Chinese data regulations.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-registry-artifact-governor-agent",
     "version": "0.1.0",
@@ -932,7 +932,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review Alibaba Cloud workload HA and BCDR designs — RDS High-Availability Edition failover, PolarDB Global Database Network, ACK multi-zone, ECS disaster recovery cross-region, RTO/RPO target analysis, and HBR (Hybrid Backup Recovery) coverage.",
+    "summary": "Review Alibaba Cloud workload HA and BCDR designs \u2014 RDS High-Availability Edition failover, PolarDB Global Database Network, ACK multi-zone, ECS disaster recovery cross-region, RTO/RPO target analysis, and HBR (Hybrid Backup Recovery) coverage.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/disaster-recovery-solution",
@@ -941,7 +941,7 @@
       "https://www.alibabacloud.com/help/en/hybrid-backup-recovery/latest/what-is-hbr",
       "https://www.alibabacloud.com/help/en/server-load-balancer/latest/what-is-global-traffic-manager"
     ],
-    "security_notes": "HBR backup vaults in the same region as production provide no DR value for region-level failures — require cross-region vault configuration. PolarDB Global Database Network write routing to primary means regional primary failure requires manual failover promotion — confirm this is documented in runbooks.",
+    "security_notes": "HBR backup vaults in the same region as production provide no DR value for region-level failures \u2014 require cross-region vault configuration. PolarDB Global Database Network write routing to primary means regional primary failure requires manual failover promotion \u2014 confirm this is documented in runbooks.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-resilience-bcdr-review-agent",
     "version": "0.1.0",
@@ -987,7 +987,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review Function Compute 3.0 (FC3), SAE (Serverless App Engine), and EDAS for production readiness — cold start optimization, VPC binding, RAM role injection, ARMS distributed tracing, security group rules, concurrency limits, and SLA-readiness.",
+    "summary": "Review Function Compute 3.0 (FC3), SAE (Serverless App Engine), and EDAS for production readiness \u2014 cold start optimization, VPC binding, RAM role injection, ARMS distributed tracing, security group rules, concurrency limits, and SLA-readiness.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/functioncompute/latest/overview",
@@ -995,7 +995,7 @@
       "https://www.alibabacloud.com/help/en/arms/latest/what-is-arms",
       "https://www.alibabacloud.com/help/en/ram/latest/overview-1"
     ],
-    "security_notes": "FC function AccessKey IDs in environment variables are exposed in the FC console to anyone with fc:GetFunction permission — use RAM role binding exclusively. SAE applications in the same namespace share network access unless namespace-level VPC isolation is configured.",
+    "security_notes": "FC function AccessKey IDs in environment variables are exposed in the FC console to anyone with fc:GetFunction permission \u2014 use RAM role binding exclusively. SAE applications in the same namespace share network access unless namespace-level VPC isolation is configured.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-serverless-production-readiness-agent",
     "version": "0.1.0",
@@ -1040,7 +1040,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Coordinate Alibaba Cloud support incidents — case creation with correct severity (紧急/高/中/低), Enterprise Support SLA enforcement, account manager escalation path, status page monitoring for CN-* and international, internal stakeholder communication, and post-incident evidence packaging.",
+    "summary": "Coordinate Alibaba Cloud support incidents \u2014 case creation with correct severity (\u7d27\u6025/\u9ad8/\u4e2d/\u4f4e), Enterprise Support SLA enforcement, account manager escalation path, status page monitoring for CN-* and international, internal stakeholder communication, and post-incident evidence packaging.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/support/user-guide/submit-a-ticket",
@@ -1048,7 +1048,7 @@
       "https://status.aliyun.com/",
       "https://www.alibabacloud.com/help/en/support/user-guide/technical-support-plans"
     ],
-    "security_notes": "Alibaba Cloud support case attachments are stored on Alibaba Cloud infrastructure — never attach files containing customer financial data, personal health information, or unredacted credentials. Enterprise Support SLA breach timestamps must be documented for contractual credit claims.",
+    "security_notes": "Alibaba Cloud support case attachments are stored on Alibaba Cloud infrastructure \u2014 never attach files containing customer financial data, personal health information, or unredacted credentials. Enterprise Support SLA breach timestamps must be documented for contractual credit claims.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-support-incident-coordinator-agent",
     "version": "0.1.0",
@@ -1067,7 +1067,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Triage Alibaba Cloud operational alerts, incidents, and support tickets — P0/P1/P2/P3 classification, Alibaba Cloud Support SLA enforcement, account manager escalation, DingTalk war room coordination, evidence collection from CloudMonitor and SLS, and safe escalation paths.",
+    "summary": "Triage Alibaba Cloud operational alerts, incidents, and support tickets \u2014 P0/P1/P2/P3 classification, Alibaba Cloud Support SLA enforcement, account manager escalation, DingTalk war room coordination, evidence collection from CloudMonitor and SLS, and safe escalation paths.",
     "source_type": "original",
     "official_docs": [
       "https://www.alibabacloud.com/help/en/support/user-guide/submit-a-ticket",
@@ -1075,7 +1075,7 @@
       "https://www.alibabacloud.com/help/en/cms/user-guide/what-is-cloud-monitor",
       "https://www.alibabacloud.com/help/en/sls/user-guide/what-is-log-service"
     ],
-    "security_notes": "Alibaba Cloud support ticket attachments visible to Alibaba support staff — scrub AccessKey IDs, account IDs, customer PII, and unredacted log data before sharing. China mainland support team and international support team are organizationally separate — tickets filed in the wrong region receive slower response.",
+    "security_notes": "Alibaba Cloud support ticket attachments visible to Alibaba support staff \u2014 scrub AccessKey IDs, account IDs, customer PII, and unredacted log data before sharing. China mainland support team and international support team are organizationally separate \u2014 tickets filed in the wrong region receive slower response.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-ticket-triage-escalation-coordinator-agent",
     "version": "0.1.0",
@@ -1175,7 +1175,7 @@
       "https://www.alibabacloud.com/help/en/actiontrail",
       "https://www.alibabacloud.com/help/en/waf"
     ],
-    "security_notes": "Read-only advisory. Do not modify RAM policies, Security Group rules, KMS keys, or ActionTrail configurations without explicit approval. Note: Alibaba Cloud has separate China (CN-*) and international regions with different regulatory scopes — always confirm region before assessing compliance.",
+    "security_notes": "Read-only advisory. Do not modify RAM policies, Security Group rules, KMS keys, or ActionTrail configurations without explicit approval. Note: Alibaba Cloud has separate China (CN-*) and international regions with different regulatory scopes \u2014 always confirm region before assessing compliance.",
     "last_verified": "2026-05-09",
     "path": "agents/alibaba/alibaba-waf-security-review-agent",
     "author": "github: Raishin",
@@ -1194,7 +1194,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review analytics platform configuration — GA4 property settings, BigQuery export schema, custom event-parameter definitions, and user-property declarations — for data-minimization violations, excessive collection, and storage-period over-retention under GDPR Article 5(1)(c) and 5(1)(e) and EU DPA enforcement on GA4.",
+    "summary": "Review analytics platform configuration \u2014 GA4 property settings, BigQuery export schema, custom event-parameter definitions, and user-property declarations \u2014 for data-minimization violations, excessive collection, and storage-period over-retention under GDPR Article 5(1)(c) and 5(1)(e) and EU DPA enforcement on GA4.",
     "companion_skills": [
       "analytics-data-minimization-review"
     ],
@@ -1206,7 +1206,7 @@
       "https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9782874",
       "https://support.google.com/analytics/answer/9019185"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized analytics configuration exports and schema definitions only; never requests live analytics data, raw event exports containing real user identifiers, GA4 admin credentials, or BigQuery service-account keys. Findings may indicate cross-border transfer violations requiring DPA notification — the agent surfaces that possibility and routes legal assessment to qualified privacy counsel rather than deciding it.",
+    "security_notes": "Read-only advisory. Works from sanitized analytics configuration exports and schema definitions only; never requests live analytics data, raw event exports containing real user identifiers, GA4 admin credentials, or BigQuery service-account keys. Findings may indicate cross-border transfer violations requiring DPA notification \u2014 the agent surfaces that possibility and routes legal assessment to qualified privacy counsel rather than deciding it.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/analytics-data-minimization-review-agent/",
     "harness_variants": {
@@ -3008,7 +3008,7 @@
       "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security",
       "https://learn.microsoft.com/en-us/azure/key-vault/general/network-security"
     ],
-    "security_notes": "Key Vault Contributor role assigned to cert-manager allows deletion of the Key Vault, management policy changes, and purge of soft-deleted certs — a full management plane compromise. Use Key Vault Certificate Officer (data plane RBAC) instead. Exportable certificates allow private key extraction from Key Vault; use non-exportable certs for cluster-internal mTLS.",
+    "security_notes": "Key Vault Contributor role assigned to cert-manager allows deletion of the Key Vault, management policy changes, and purge of soft-deleted certs \u2014 a full management plane compromise. Use Key Vault Certificate Officer (data plane RBAC) instead. Exportable certificates allow private key extraction from Key Vault; use non-exportable certs for cluster-internal mTLS.",
     "last_verified": "2026-05-02",
     "path": "agents/azure/azure-keyvault-certificate-issuer-review-agent",
     "version": "0.1.0"
@@ -3229,7 +3229,7 @@
       "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-activate-role",
       "https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure-azure-ad-roles"
     ],
-    "security_notes": "Never activate a PIM role without justification, ticket reference, and MFA confirmation. An agent cannot activate another user's PIM role on their behalf — only the eligible principal may submit. Requires Entra ID P2 or equivalent license.",
+    "security_notes": "Never activate a PIM role without justification, ticket reference, and MFA confirmation. An agent cannot activate another user's PIM role on their behalf \u2014 only the eligible principal may submit. Requires Entra ID P2 or equivalent license.",
     "last_verified": "2026-04-30",
     "path": "agents/azure/azure-live-pim-jit-activation-guard-agent",
     "author": "github: Raishin",
@@ -3787,7 +3787,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review how a CI pipeline runs tests — gating, sharding, parallelism, fail-fast, artifact retention, quarantine wiring, and secret exposure — to verify the suite actually blocks bad merges.",
+    "summary": "Review how a CI pipeline runs tests \u2014 gating, sharding, parallelism, fail-fast, artifact retention, quarantine wiring, and secret exposure \u2014 to verify the suite actually blocks bad merges.",
     "source_type": "original",
     "official_docs": [
       "https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs",
@@ -3796,7 +3796,7 @@
       "https://docs.gitlab.com/ee/ci/yaml/",
       "https://playwright.dev/docs/test-sharding"
     ],
-    "security_notes": "Static review only — reads CI workflow and branch-protection configuration, never triggers or runs pipelines. Flags secret exposure to test jobs on pull_request_target or fork PRs. Never requests CI secrets, deploy keys, or registry tokens.",
+    "security_notes": "Static review only \u2014 reads CI workflow and branch-protection configuration, never triggers or runs pipelines. Flags secret exposure to test jobs on pull_request_target or fork PRs. Never requests CI secrets, deploy keys, or registry tokens.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/ci-test-pipeline-review-agent",
     "author": "github: Raishin",
@@ -3850,7 +3850,7 @@
       "https://docs.contabo.com/",
       "https://contabo.com/en/vps/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — never cache or log them. Credentials must remain in environment variables. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual periods (1, 3, 6, 12 months) are binding at instance creation — capacity plans must declare the period and its billing impact. SSH keys are managed as secret IDs; never expose raw key material in plans or API calls.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 never cache or log them. Credentials must remain in environment variables. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual periods (1, 3, 6, 12 months) are binding at instance creation \u2014 capacity plans must declare the period and its billing impact. SSH keys are managed as secret IDs; never expose raw key material in plans or API calls.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-capacity-planner-agent",
     "author": "github: Raishin",
@@ -3888,7 +3888,7 @@
       "https://docs.contabo.com/",
       "https://contabo.com/en/vps/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — never cache or log them. Store CONTABO_CLIENT_ID, CONTABO_CLIENT_SECRET, CONTABO_API_USER, CONTABO_API_PASSWORD in environment variables only. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual billing periods (1, 3, 6, 12 months) create irreversible obligations — always surface billing impact before any sizing or period recommendation.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 never cache or log them. Store CONTABO_CLIENT_ID, CONTABO_CLIENT_SECRET, CONTABO_API_USER, CONTABO_API_PASSWORD in environment variables only. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual billing periods (1, 3, 6, 12 months) create irreversible obligations \u2014 always surface billing impact before any sizing or period recommendation.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-cost-optimization-analyst-agent",
     "author": "github: Raishin",
@@ -3925,7 +3925,7 @@
       "https://api.contabo.com/",
       "https://docs.contabo.com/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — refresh handling must not log token values. Credentials must remain in environment variables. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API with curl + jq. Contractual periods (1, 3, 6, 12 months) are binding at creation — cancellation may incur early-termination billing. x-request-id (UUIDv4) is mandatory for all mutation calls to enable support traceability. Hard-stop on any lifecycle action without explicit period acknowledgment and rollback plan.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 refresh handling must not log token values. Credentials must remain in environment variables. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API with curl + jq. Contractual periods (1, 3, 6, 12 months) are binding at creation \u2014 cancellation may incur early-termination billing. x-request-id (UUIDv4) is mandatory for all mutation calls to enable support traceability. Hard-stop on any lifecycle action without explicit period acknowledgment and rollback plan.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-live-instance-lifecycle-guard-agent",
     "author": "github: Raishin",
@@ -3962,7 +3962,7 @@
       "https://api.contabo.com/",
       "https://docs.contabo.com/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — refresh handling must not log token values. Credentials must remain in environment variables. Contabo Object Storage is S3-compatible — access key and secret key for S3 API must be stored as environment variables, never hardcoded. x-request-id (UUIDv4) is mandatory for Contabo REST API calls. Hard-stop on any bucket deletion without verified backup evidence. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API with curl + jq and S3-compatible tools for Object Storage.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 refresh handling must not log token values. Credentials must remain in environment variables. Contabo Object Storage is S3-compatible \u2014 access key and secret key for S3 API must be stored as environment variables, never hardcoded. x-request-id (UUIDv4) is mandatory for Contabo REST API calls. Hard-stop on any bucket deletion without verified backup evidence. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API with curl + jq and S3-compatible tools for Object Storage.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-live-storage-operations-guard-agent",
     "author": "github: Raishin",
@@ -3999,7 +3999,7 @@
       "https://api.contabo.com/",
       "https://docs.contabo.com/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — never cache or log them. Credentials must remain in environment variables. The x-request-id UUIDv4 header is mandatory for support traceability. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual periods (1, 3, 6, 12 months) create billing obligations — never route lifecycle changes without explicit period acknowledgment.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 never cache or log them. Credentials must remain in environment variables. The x-request-id UUIDv4 header is mandatory for support traceability. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. Contractual periods (1, 3, 6, 12 months) create billing obligations \u2014 never route lifecycle changes without explicit period acknowledgment.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-maestro-agent",
     "author": "github: Raishin",
@@ -4036,7 +4036,7 @@
       "https://api.contabo.com/",
       "https://docs.contabo.com/"
     ],
-    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes — short TTL reduces exposure window but refresh logic must not log tokens. Credentials (CONTABO_CLIENT_ID, CONTABO_CLIENT_SECRET, CONTABO_API_USER, CONTABO_API_PASSWORD) must never be hardcoded. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. SSH keys are referenced via secret IDs — raw private key material must never appear in API payloads, scripts, or recommendations. The x-request-id UUIDv4 header is mandatory for audit traceability.",
+    "security_notes": "OAuth2 password grant tokens expire in ~5 minutes \u2014 short TTL reduces exposure window but refresh logic must not log tokens. Credentials (CONTABO_CLIENT_ID, CONTABO_CLIENT_SECRET, CONTABO_API_USER, CONTABO_API_PASSWORD) must never be hardcoded. Contabo has no official Terraform provider or SDK; recommend cntb CLI or REST API. SSH keys are referenced via secret IDs \u2014 raw private key material must never appear in API payloads, scripts, or recommendations. The x-request-id UUIDv4 header is mandatory for audit traceability.",
     "last_verified": "2026-05-10",
     "path": "agents/contabo/contabo-security-hardening-agent",
     "author": "github: Raishin",
@@ -4053,6 +4053,270 @@
       "kiro-cli": "agents/contabo/contabo-security-hardening-agent/harnesses/kiro-cli.agent.json"
     }
   },
+  {
+    "id": "dotnet-aspire-cloud-native-review-agent",
+    "name": ".NET Aspire Cloud-Native Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET Aspire AppHost and service-defaults projects for cloud-native readiness \u2014 health checks, service dependency wiring, resiliency policies, configuration and secret hygiene, and the boundary to a real deployment platform. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/aspire/",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/service-defaults",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/app-host-overview",
+      "https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/health-checks"
+    ],
+    "security_notes": "Static review only \u2014 reads the AppHost project, ServiceDefaults, the Aspire manifest, and sanitized configuration; never runs the AppHost or deploys. Flags secrets committed in appsettings as critical. Never requests secrets, connection strings, or customer data. Note: .NET Aspire APIs evolve quickly \u2014 keep last_verified current.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspire-cloud-native-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-aspnetcore-api-review-agent",
+    "name": ".NET ASP.NET Core API Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of ASP.NET Core HTTP API architecture \u2014 middleware ordering, dependency-injection lifetimes, CORS, model validation, API versioning, error responses, rate limiting, and health/readiness boundaries. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/dependency-injection",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/cors",
+      "https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/minimal-apis/security"
+    ],
+    "security_notes": "Static review only \u2014 reads source and sanitized configuration, never runs the app or calls endpoints. Never requests secrets, connection strings, tokens, or customer data; asks for sanitized appsettings with placeholders.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspnetcore-api-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-aspnetcore-identity-authz-review-agent",
+    "name": ".NET ASP.NET Core Identity & AuthZ Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of ASP.NET Core authentication, authorization, identity boundaries, JWT token validation, cookie and session security, and multi-tenant isolation. Reads source and sanitized configuration only \u2014 never runs the app or contacts an identity provider.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/aspnet/core/security/",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authorization/introduction",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies",
+      "https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie"
+    ],
+    "security_notes": "Static review only \u2014 reads source and sanitized configuration, never runs the application, mints or inspects tokens, or contacts an identity provider. Flags disabled token validation, anonymous state-changing endpoints, and client-supplied tenant claims as critical. Never requests secrets, signing keys, client secrets, tokens, connection strings, tenant identifiers, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-aspnetcore-identity-authz-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-csharp-runtime-review-agent",
+    "name": ".NET C# & Runtime Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of C# language and runtime correctness \u2014 nullable reference types, async/await, cancellation, disposal, allocations on hot paths, LINQ misuse, and AOT/trimming hazards. Reads source only; never compiles or runs code.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/csharp/",
+      "https://learn.microsoft.com/en-us/dotnet/standard/asynchronous-programming-patterns/",
+      "https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/builtin-types/nullable-reference-types",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/debug-threadpool-starvation",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-warnings"
+    ],
+    "security_notes": "Static review only \u2014 reads C# source and project files, never compiles, runs, or instruments code. Never requests secrets, connection strings, tokens, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-csharp-runtime-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-efcore-data-access-review-agent",
+    "name": ".NET EF Core Data Access Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of EF Core data access \u2014 DbContext lifetime, N+1 queries, unbounded result sets, raw SQL injection surface, optimistic concurrency tokens, migration discipline, multi-tenant query filters, and connection resiliency. Reads source only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/ef/core/",
+      "https://learn.microsoft.com/en-us/ef/core/dbcontext-configuration",
+      "https://learn.microsoft.com/en-us/ef/core/querying/single-split-queries",
+      "https://learn.microsoft.com/en-us/ef/core/miscellaneous/multitenancy",
+      "https://learn.microsoft.com/en-us/ef/core/saving/concurrency"
+    ],
+    "security_notes": "Static review only \u2014 reads DbContext classes, entity configuration, migrations, and query sites; never runs migrations, opens a database connection, or executes SQL. Never requests connection strings, database credentials, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-efcore-data-access-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-maestro-agent",
+    "name": ".NET Maestro",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Router agent for the .NET board. Classifies a .NET task and dispatches the narrowest specialist agent, or a parallel team of up to four for multi-domain tasks. Routes only \u2014 never answers .NET questions itself.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/",
+      "https://learn.microsoft.com/en-us/aspnet/core/",
+      "https://learn.microsoft.com/en-us/ef/core/"
+    ],
+    "security_notes": "Routing only \u2014 performs no review itself, never runs code, never requests secrets, connection strings, tokens, tenant identifiers, or customer data. Every dispatched .NET specialist is static-review.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-maestro-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-observability-otel-review-agent",
+    "name": ".NET Observability & OpenTelemetry Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of in-application OpenTelemetry wiring in ASP.NET Core \u2014 SDK registration, trace context propagation, structured logging, correlation IDs, metrics instrumentation, sampling, and PII leakage in telemetry. Reads source and sanitized configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/observability-with-otel",
+      "https://learn.microsoft.com/en-us/dotnet/core/extensions/logging",
+      "https://learn.microsoft.com/en-us/aspnet/core/fundamentals/logging/",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/distributed-tracing"
+    ],
+    "security_notes": "Static review only \u2014 reads OpenTelemetry registration, logging configuration, and instrumentation source; never runs the app or contacts a telemetry backend. Flags PII in spans or logs as critical. Never requests secrets, tokens, or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-observability-otel-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-performance-aot-review-agent",
+    "name": ".NET Performance, AOT & Trimming Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static, evidence-gated review of .NET performance posture, Native AOT, and trimming readiness \u2014 reflection and serialization hazards, hot-path allocations, and benchmark discipline. Any performance claim with no benchmark artifact is downgraded to inference.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-self-contained",
+      "https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-warnings",
+      "https://learn.microsoft.com/en-us/dotnet/core/diagnostics/"
+    ],
+    "security_notes": "Static review only \u2014 reads project files, benchmark results, trim-warning output, and hot-path source; never runs the application, a benchmark, or a profiler. Never requests secrets or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-performance-aot-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-supply-chain-review-agent",
+    "name": ".NET Supply Chain Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET CI/CD and NuGet supply-chain integrity \u2014 SDK pinning, package version pinning and lock files, feed trust, fork-PR secret exposure, vulnerability scanning, and build reproducibility. Reads workflow and project configuration only.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/nuget/",
+      "https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management",
+      "https://learn.microsoft.com/en-us/dotnet/core/tools/global-json",
+      "https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files",
+      "https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions"
+    ],
+    "security_notes": "Static review only \u2014 reads CI workflow files, global.json, Directory.Packages.props, NuGet.config, lock files, and publish profiles; never triggers a pipeline or restores packages. Flags secret exposure to fork-PR builds as critical. Never requests CI secrets, feed credentials, or signing keys.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-supply-chain-review-agent",
+    "version": "0.1.0"
+  },
+  {
+    "id": "dotnet-testing-quality-review-agent",
+    "name": ".NET Testing Quality Review Agent",
+    "type": "agent",
+    "provider": "dotnet",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Static review of .NET test suites \u2014 detects assertion-free and tautological tests, over-mocking, coverage theater, weak isolation, flaky patterns, and missing negative or security tests across xUnit, NUnit, and MSTest. Reads test source only; never runs the suite.",
+    "source_type": "original",
+    "official_docs": [
+      "https://learn.microsoft.com/en-us/dotnet/core/testing/",
+      "https://learn.microsoft.com/en-us/dotnet/core/testing/unit-testing-best-practices",
+      "https://learn.microsoft.com/en-us/aspnet/core/test/integration-tests",
+      "https://learn.microsoft.com/en-us/aspnet/core/test/middleware"
+    ],
+    "security_notes": "Static review only \u2014 reads test projects, test source, and coverage configuration; never runs the test suite, a coverage tool, or a test container. Never requests secrets or customer data.",
+    "last_verified": "2026-05-19",
+    "path": "agents/dotnet/dotnet-testing-quality-review-agent",
+    "version": "0.1.0"
+  },
   {
     "id": "email-sender-authentication-review-agent",
     "name": "Email Sender Authentication Review Agent",
@@ -4106,7 +4370,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review a marketing AI system description card against EU AI Act Regulation 2024/1689 risk-tier criteria — classify the system, flag documentation obligations (Articles 11, 13, 14, 43), and identify deployment-readiness gaps before the August 2, 2026 full-enforcement date.",
+    "summary": "Review a marketing AI system description card against EU AI Act Regulation 2024/1689 risk-tier criteria \u2014 classify the system, flag documentation obligations (Articles 11, 13, 14, 43), and identify deployment-readiness gaps before the August 2, 2026 full-enforcement date.",
     "companion_skills": [
       "eu-ai-act-marketing-system-review"
     ],
@@ -4184,7 +4448,7 @@
       "https://falco.org/docs/install-operate/deployment/",
       "https://github.com/falcosecurity/rules/tree/main/rules"
     ],
-    "security_notes": "Falco with overly broad rule exceptions creates detection blind spots. A rule exception matching an entire process family (java, python, node) or a specific container name completely disables detection for that workload — attackers can exploit known exception patterns.",
+    "security_notes": "Falco with overly broad rule exceptions creates detection blind spots. A rule exception matching an entire process family (java, python, node) or a specific container name completely disables detection for that workload \u2014 attackers can exploit known exception patterns.",
     "last_verified": "2026-05-02",
     "path": "agents/falco/falco-runtime-threat-rules-review-agent",
     "version": "0.1.0"
@@ -4248,7 +4512,7 @@
       "https://www.alibabacloud.com/cloud-computing/pricing",
       "https://cloud.tencent.com/product/cvm/pricing"
     ],
-    "security_notes": "AWS, Azure, and OCI pricing APIs are public and unauthenticated. Scaleway beta billing API requires a user-provided IAM token; if not supplied, fall back to the public pricing page. Gandi pricing requires a user-provided API key (never stored or logged). Alibaba Cloud and Tencent Cloud pricing is retrieved via official documentation and scrape-based fallback — no credentials required. Never request or accept cloud credentials, billing account IDs, cost export access, or tenant-specific data beyond what is strictly needed.",
+    "security_notes": "AWS, Azure, and OCI pricing APIs are public and unauthenticated. Scaleway beta billing API requires a user-provided IAM token; if not supplied, fall back to the public pricing page. Gandi pricing requires a user-provided API key (never stored or logged). Alibaba Cloud and Tencent Cloud pricing is retrieved via official documentation and scrape-based fallback \u2014 no credentials required. Never request or accept cloud credentials, billing account IDs, cost export access, or tenant-specific data beyond what is strictly needed.",
     "provider_coverage": [
       "aws",
       "azure",
@@ -4308,14 +4572,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-domain router agent for FinOps. Classifies AI workload economics, Kubernetes rightsizing, and multi-cloud price advisory tasks, then dispatches the narrowest specialist or a parallel team (ceiling 4). Never answers directly. Never auto-dispatches mutating specialists — requires explicit human gate.",
+    "summary": "Per-domain router agent for FinOps. Classifies AI workload economics, Kubernetes rightsizing, and multi-cloud price advisory tasks, then dispatches the narrowest specialist or a parallel team (ceiling 4). Never answers directly. Never auto-dispatches mutating specialists \u2014 requires explicit human gate.",
     "source_type": "original",
     "official_docs": [
       "https://www.finops.org/framework/",
       "https://focus.finops.org/",
       "https://www.opencost.io/docs/"
     ],
-    "security_notes": "Read-only routing agent. Never accepts, stores, or relays cloud credentials, billing account IDs, tenant identifiers, or customer data. No cloud API calls made directly — all API access delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet. FOCUS-aware classification.",
+    "security_notes": "Read-only routing agent. Never accepts, stores, or relays cloud credentials, billing account IDs, tenant identifiers, or customer data. No cloud API calls made directly \u2014 all API access delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet. FOCUS-aware classification.",
     "last_verified": "2026-05-13",
     "path": "agents/finops/finops-maestro-agent",
     "author": "github: Raishin",
@@ -4345,7 +4609,7 @@
       "https://fluxcd.io/flux/security/secrets-management/",
       "https://fluxcd.io/flux/installation/configuration/multitenancy/"
     ],
-    "security_notes": "Plaintext Kubernetes Secret manifests committed to a FluxCD Git source are exposed to anyone with repo read access — including CI systems, PR participants, and auditors. GitRepository sources without commit signature verification allow any commit (including injected ones) to deploy to production.",
+    "security_notes": "Plaintext Kubernetes Secret manifests committed to a FluxCD Git source are exposed to anyone with repo read access \u2014 including CI systems, PR participants, and auditors. GitRepository sources without commit signature verification allow any commit (including injected ones) to deploy to production.",
     "last_verified": "2026-05-02",
     "path": "agents/fluxcd/fluxcd-kustomization-helmrelease-review-agent",
     "version": "0.1.0"
@@ -4392,7 +4656,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Operate AlloyDB clusters and Cloud SQL instances — HA configuration, read replicas, connection pooling, maintenance windows, backup strategy, and performance diagnostics.",
+    "summary": "Operate AlloyDB clusters and Cloud SQL instances \u2014 HA configuration, read replicas, connection pooling, maintenance windows, backup strategy, and performance diagnostics.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/alloydb/docs/overview",
@@ -4400,7 +4664,7 @@
       "https://cloud.google.com/sql/docs/postgres/high-availability",
       "https://cloud.google.com/alloydb/docs/auth-proxy/overview"
     ],
-    "security_notes": "Private IP is strongly preferred over public IP for Cloud SQL. AlloyDB is NOT a drop-in replacement for Cloud SQL — backup/restore procedures differ. Always set maintenance windows to off-peak hours.",
+    "security_notes": "Private IP is strongly preferred over public IP for Cloud SQL. AlloyDB is NOT a drop-in replacement for Cloud SQL \u2014 backup/restore procedures differ. Always set maintenance windows to off-peak hours.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-alloydb-cloudsql-dba-agent",
     "author": "github: Raishin",
@@ -4427,7 +4691,7 @@
       "https://cloud.google.com/anthos/fleet-management/docs/fleet-concepts",
       "https://cloud.google.com/service-mesh/docs/overview"
     ],
-    "security_notes": "Policy Controller audit mode detects violations but does not block them — enforcement mode is required for hard compliance guarantees. Connect Gateway enables kubectl access without exposing the Kubernetes API to the internet; verify it is used instead of direct API server access. Fleet-level IAM controls cluster management scope.",
+    "security_notes": "Policy Controller audit mode detects violations but does not block them \u2014 enforcement mode is required for hard compliance guarantees. Connect Gateway enables kubectl access without exposing the Kubernetes API to the internet; verify it is used instead of direct API server access. Fleet-level IAM controls cluster management scope.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-anthos-multicloud-architect-agent",
     "author": "github: Raishin",
@@ -4446,14 +4710,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-apigee-api-platform-operator. Design and operate Apigee X API proxies — rate limiting, OAuth/JWT security policies, quota plans, developer portal setup, and API product management.",
+    "summary": "Agent for gcp-apigee-api-platform-operator. Design and operate Apigee X API proxies \u2014 rate limiting, OAuth/JWT security policies, quota plans, developer portal setup, and API product management.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/apigee/docs/api-platform/get-started/what-apigee",
       "https://cloud.google.com/apigee/docs/api-platform/security/oauth/oauth-home",
       "https://cloud.google.com/apigee/docs/api-platform/reference/policies/spike-arrest-policy"
     ],
-    "security_notes": "Misconfigured Apigee security policies directly expose backend services. SpikeArrest alone does not protect against sustained load — both SpikeArrest and Quota are required. Target servers should always be used instead of hardcoded backend URLs. Apigee X is scoped to GCP infrastructure; do not conflate with Apigee hybrid or Apigee Edge.",
+    "security_notes": "Misconfigured Apigee security policies directly expose backend services. SpikeArrest alone does not protect against sustained load \u2014 both SpikeArrest and Quota are required. Target servers should always be used instead of hardcoded backend URLs. Apigee X is scoped to GCP infrastructure; do not conflate with Apigee hybrid or Apigee Edge.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-apigee-api-platform-operator-agent",
     "author": "github: Raishin",
@@ -4499,7 +4763,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-certificate-manager-issuer-review. Review GCP Certificate Manager and classic Google-managed TLS certificates — certificate map configuration, DNS authorization, CAA record validation, certificate rotation automation, wildcard vs SAN design, and expiry monitoring.",
+    "summary": "Agent for gcp-certificate-manager-issuer-review. Review GCP Certificate Manager and classic Google-managed TLS certificates \u2014 certificate map configuration, DNS authorization, CAA record validation, certificate rotation automation, wildcard vs SAN design, and expiry monitoring.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/certificate-manager/docs/overview",
@@ -4507,7 +4771,7 @@
       "https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs",
       "https://cloud.google.com/certificate-manager/docs/monitor-certificate-status"
     ],
-    "security_notes": "Classic Google-managed certificates auto-renew but have no visibility into renewal status — Certificate Manager provides explicit certificate status fields. TLS 1.0 and 1.1 are deprecated — GCP LB default SSL policy allows TLS 1.0; create a custom SSL policy requiring TLS 1.2+ for all production load balancers.",
+    "security_notes": "Classic Google-managed certificates auto-renew but have no visibility into renewal status \u2014 Certificate Manager provides explicit certificate status fields. TLS 1.0 and 1.1 are deprecated \u2014 GCP LB default SSL policy allows TLS 1.0; create a custom SSL policy requiring TLS 1.2+ for all production load balancers.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-certificate-manager-issuer-review-agent",
     "version": "0.1.0",
@@ -4526,7 +4790,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-change-impact-advisor. Pre-change blast radius analysis for GCP — cross-project resource dependency mapping, org policy cascade effects, Shared VPC peering impact, Service Account impersonation chain analysis, and safe change sequencing.",
+    "summary": "Agent for gcp-change-impact-advisor. Pre-change blast radius analysis for GCP \u2014 cross-project resource dependency mapping, org policy cascade effects, Shared VPC peering impact, Service Account impersonation chain analysis, and safe change sequencing.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/asset-inventory/docs/overview",
@@ -4535,7 +4799,7 @@
       "https://cloud.google.com/resource-manager/docs/organization-policy/overview",
       "https://cloud.google.com/vpc/docs/vpc-peering"
     ],
-    "security_notes": "Cloud Asset Inventory requires roles/cloudasset.viewer — ensure the reviewing principal has this before attempting dependency analysis. Org policy changes with deny-override can lock out even org admins from specific resources — test in a non-production folder first.",
+    "security_notes": "Cloud Asset Inventory requires roles/cloudasset.viewer \u2014 ensure the reviewing principal has this before attempting dependency analysis. Org policy changes with deny-override can lock out even org admins from specific resources \u2014 test in a non-production folder first.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-change-impact-advisor-agent",
     "version": "0.1.0",
@@ -4554,7 +4818,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Advise on Google Cloud authentication and authorization patterns — covering ADC, service account best practices, Workload Identity Federation, human user auth, service-to-service auth, and anti-patterns like service account key downloads.",
+    "summary": "Advise on Google Cloud authentication and authorization patterns \u2014 covering ADC, service account best practices, Workload Identity Federation, human user auth, service-to-service auth, and anti-patterns like service account key downloads.",
     "companion_skills": [
       "gcp-cloud-auth-advisor"
     ],
@@ -4619,7 +4883,7 @@
       "https://cloud.google.com/artifact-registry/docs/overview",
       "https://cloud.google.com/build/docs/securing-builds/view-build-provenance"
     ],
-    "security_notes": "Cloud Build service accounts are commonly over-privileged — minimum required permissions are Cloud Run Admin + Artifact Registry Writer + GKE Developer. Over-privileged build accounts are a supply chain risk. SLSA provenance combined with Binary Authorization prevents tampered artifacts from reaching production.",
+    "security_notes": "Cloud Build service accounts are commonly over-privileged \u2014 minimum required permissions are Cloud Run Admin + Artifact Registry Writer + GKE Developer. Over-privileged build accounts are a supply chain risk. SLSA provenance combined with Binary Authorization prevents tampered artifacts from reaching production.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-cloudbuild-deploy-cicd-operator-agent",
     "author": "github: Raishin",
@@ -4645,7 +4909,7 @@
       "https://cloud.google.com/security/compliance/offerings",
       "https://cloud.google.com/security-command-center/docs/compliance-dashboard"
     ],
-    "security_notes": "Not all GCP services are authorized for every compliance framework — always verify against the applicable authorized services list before recommending a service. HIPAA requires Google BAA coverage for any service storing PHI. ITAR configuration restricts personnel access to US persons. Assured Workloads creates a compliance boundary but does not replace customer-side controls.",
+    "security_notes": "Not all GCP services are authorized for every compliance framework \u2014 always verify against the applicable authorized services list before recommending a service. HIPAA requires Google BAA coverage for any service storing PHI. ITAR configuration restricts personnel access to US persons. Assured Workloads creates a compliance boundary but does not replace customer-side controls.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-compliance-assured-workloads-agent",
     "author": "github: Raishin",
@@ -4672,7 +4936,7 @@
       "https://cloud.google.com/compute/docs/os-patch-management",
       "https://cloud.google.com/compute/docs/instances/spot"
     ],
-    "security_notes": "Spot VMs are preempted without advance notice — never use for latency-sensitive or non-fault-tolerant workloads. OS Login is preferred over metadata SSH keys for enterprise environments.",
+    "security_notes": "Spot VMs are preempted without advance notice \u2014 never use for latency-sensitive or non-fault-tolerant workloads. OS Login is preferred over metadata SSH keys for enterprise environments.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-compute-engine-operator-agent",
     "author": "github: Raishin",
@@ -4691,7 +4955,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-cost-anomaly-watch-coordinator. Detect and coordinate response to GCP cost anomalies — BigQuery on-demand query cost spikes ($5/TB scanned), Cloud Run scaling runaway, unattached Persistent Disks, idle GCE instances, budget alert → notification channel → remediation playbook.",
+    "summary": "Agent for gcp-cost-anomaly-watch-coordinator. Detect and coordinate response to GCP cost anomalies \u2014 BigQuery on-demand query cost spikes ($5/TB scanned), Cloud Run scaling runaway, unattached Persistent Disks, idle GCE instances, budget alert \u2192 notification channel \u2192 remediation playbook.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/billing/docs/how-to/budgets",
@@ -4700,7 +4964,7 @@
       "https://cloud.google.com/run/docs/configuring/max-instances",
       "https://cloud.google.com/recommender/docs/overview"
     ],
-    "security_notes": "BigQuery billing export dataset must restrict access — avoid allAuthenticatedUsers binding on the billing dataset as it exposes cost structure. Budget action to disable billing stops ALL services in the project — test on non-production projects first and use notification-only alerts for production unless willing to accept full service disruption.",
+    "security_notes": "BigQuery billing export dataset must restrict access \u2014 avoid allAuthenticatedUsers binding on the billing dataset as it exposes cost structure. Budget action to disable billing stops ALL services in the project \u2014 test on non-production projects first and use notification-only alerts for production unless willing to accept full service disruption.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-cost-anomaly-watch-coordinator-agent",
     "version": "0.1.0",
@@ -4747,7 +5011,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-daily-operations-briefing-coordinator. Coordinate the daily GCP operations standup — cost delta from previous day, quota warning review, failed deployment detection, Security Command Center finding triage, SLO burn rate alert review, and action item assignment.",
+    "summary": "Agent for gcp-daily-operations-briefing-coordinator. Coordinate the daily GCP operations standup \u2014 cost delta from previous day, quota warning review, failed deployment detection, Security Command Center finding triage, SLO burn rate alert review, and action item assignment.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/billing/docs/how-to/budgets",
@@ -4756,7 +5020,7 @@
       "https://cloud.google.com/deploy/docs/view-pipeline-status",
       "https://cloud.google.com/monitoring/slo-monitoring"
     ],
-    "security_notes": "Daily briefing participants may include non-security team members — sanitize SCC finding details to exclude exploit paths or unpatched CVE specifics from the general briefing. Cost delta data contains billing structure information — restrict briefing distribution to authorized personnel.",
+    "security_notes": "Daily briefing participants may include non-security team members \u2014 sanitize SCC finding details to exclude exploit paths or unpatched CVE specifics from the general briefing. Cost delta data contains billing structure information \u2014 restrict briefing distribution to authorized personnel.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-daily-operations-briefing-coordinator-agent",
     "version": "0.1.0",
@@ -4784,7 +5048,7 @@
       "https://cloud.google.com/composer/docs/concepts/overview",
       "https://cloud.google.com/dataplex/docs/introduction"
     ],
-    "security_notes": "Dead letter topics are critical for any production Pub/Sub pipeline. Use ephemeral Dataproc clusters for cost efficiency. Pub/Sub delivers at-least-once — design consumers for idempotency.",
+    "security_notes": "Dead letter topics are critical for any production Pub/Sub pipeline. Use ephemeral Dataproc clusters for cost efficiency. Pub/Sub delivers at-least-once \u2014 design consumers for idempotency.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-data-pipeline-engineer-agent",
     "author": "github: Raishin",
@@ -4803,7 +5067,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-event-driven-architecture-review. Review GCP Pub/Sub, Eventarc, Cloud Tasks, Cloud Scheduler, and Workflows designs — dead-letter topics, message ordering, idempotency, fan-out blast radius, schema registry, and retry storm risk.",
+    "summary": "Agent for gcp-event-driven-architecture-review. Review GCP Pub/Sub, Eventarc, Cloud Tasks, Cloud Scheduler, and Workflows designs \u2014 dead-letter topics, message ordering, idempotency, fan-out blast radius, schema registry, and retry storm risk.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/pubsub/docs/dead-letter-topics",
@@ -4813,7 +5077,7 @@
       "https://cloud.google.com/scheduler/docs/overview",
       "https://cloud.google.com/workflows/docs/overview"
     ],
-    "security_notes": "Pub/Sub topics with allUsers subscriber binding expose all messages publicly — always verify subscription IAM. Eventarc service account must follow least privilege — avoid binding roles/editor. Cloud Tasks payloads may contain sensitive data — use CMEK-encrypted queues for regulated workloads.",
+    "security_notes": "Pub/Sub topics with allUsers subscriber binding expose all messages publicly \u2014 always verify subscription IAM. Eventarc service account must follow least privilege \u2014 avoid binding roles/editor. Cloud Tasks payloads may contain sensitive data \u2014 use CMEK-encrypted queues for regulated workloads.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-event-driven-architecture-review-agent",
     "version": "0.1.0",
@@ -4845,7 +5109,7 @@
       "https://firebase.google.com/docs/functions",
       "https://firebase.google.com/docs/app-check"
     ],
-    "security_notes": "Read-only advisory. Do not deploy to production, modify Firestore security rules, or change Firebase project settings without explicit approval. Client config (apiKey, projectId) is public — service account keys are private and must never be embedded in client code.",
+    "security_notes": "Read-only advisory. Do not deploy to production, modify Firestore security rules, or change Firebase project settings without explicit approval. Client config (apiKey, projectId) is public \u2014 service account keys are private and must never be embedded in client code.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-firebase-developer-agent",
     "author": "github: Raishin",
@@ -4864,7 +5128,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-gcs-data-perimeter-governor. Govern Google Cloud Storage data perimeters — uniform bucket-level access enforcement, public access prevention, VPC Service Controls perimeter coverage, IAM Conditions for time-bounded access, Object Lifecycle policies, and data residency compliance.",
+    "summary": "Agent for gcp-gcs-data-perimeter-governor. Govern Google Cloud Storage data perimeters \u2014 uniform bucket-level access enforcement, public access prevention, VPC Service Controls perimeter coverage, IAM Conditions for time-bounded access, Object Lifecycle policies, and data residency compliance.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/storage/docs/access-control/uniform-bucket-level-access",
@@ -4873,7 +5137,7 @@
       "https://cloud.google.com/storage/docs/lifecycle",
       "https://cloud.google.com/storage/docs/bucket-lock"
     ],
-    "security_notes": "GCS buckets with allUsers binding are indexed by search engines and data scrapers within minutes of creation — remediation must be immediate. VPC-SC perimeter around GCS requires testing in dry-run mode first — enforcement mode can break legitimate GCS access from outside the perimeter instantly.",
+    "security_notes": "GCS buckets with allUsers binding are indexed by search engines and data scrapers within minutes of creation \u2014 remediation must be immediate. VPC-SC perimeter around GCS requires testing in dry-run mode first \u2014 enforcement mode can break legitimate GCS access from outside the perimeter instantly.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-gcs-data-perimeter-governor-agent",
     "version": "0.1.0",
@@ -4892,7 +5156,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Build, integrate, and debug Gemini API applications on Google Cloud Agent Platform using the unified google-genai SDK — covering text generation, multimodal inputs, function calling, structured output, embeddings, context caching, batch prediction, Live API, and model tuning.",
+    "summary": "Build, integrate, and debug Gemini API applications on Google Cloud Agent Platform using the unified google-genai SDK \u2014 covering text generation, multimodal inputs, function calling, structured output, embeddings, context caching, batch prediction, Live API, and model tuning.",
     "companion_skills": [
       "gcp-gemini-api-developer"
     ],
@@ -4929,7 +5193,7 @@
       "https://cloud.google.com/binary-authorization/docs/overview",
       "https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels"
     ],
-    "security_notes": "Binary Authorization must be set to WARN mode before ENFORCE mode — enforce mode will break deployments if images are unsigned. Always prefer Workload Identity over mounted SA key files.",
+    "security_notes": "Binary Authorization must be set to WARN mode before ENFORCE mode \u2014 enforce mode will break deployments if images are unsigned. Always prefer Workload Identity over mounted SA key files.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-gke-platform-operator-agent",
     "author": "github: Raishin",
@@ -4948,7 +5212,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-iac-change-safety-review. Review Terraform and Deployment Manager changes targeting GCP — blast radius analysis, destroy-operation detection, cross-project impact, state file conflicts, org policy drift, and rollback plan completeness.",
+    "summary": "Agent for gcp-iac-change-safety-review. Review Terraform and Deployment Manager changes targeting GCP \u2014 blast radius analysis, destroy-operation detection, cross-project impact, state file conflicts, org policy drift, and rollback plan completeness.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/docs/terraform/best-practices-for-terraform",
@@ -4957,7 +5221,7 @@
       "https://cloud.google.com/iam/docs/org-policy-overview",
       "https://developer.hashicorp.com/terraform/cli/commands/plan"
     ],
-    "security_notes": "Terraform state files contain sensitive resource attributes — backend bucket must use CMEK and uniform bucket-level access. Org-level IAM and org policy changes via Terraform have org-wide blast radius — require dual approval and tested rollback. Force-unlocking state under an active apply causes corruption.",
+    "security_notes": "Terraform state files contain sensitive resource attributes \u2014 backend bucket must use CMEK and uniform bucket-level access. Org-level IAM and org policy changes via Terraform have org-wide blast radius \u2014 require dual approval and tested rollback. Force-unlocking state under an active apply causes corruption.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-iac-change-safety-review-agent",
     "version": "0.1.0",
@@ -5012,7 +5276,7 @@
       "https://cloud.google.com/vpc/docs/shared-vpc",
       "https://cloud.google.com/logging/docs/audit/configure-data-access"
     ],
-    "security_notes": "Org policies applied at org node apply to ALL resources — test in non-prod folder first. Data Access audit logs must be enabled for sensitive services (KMS, IAM, BigQuery) — not enabled by default.",
+    "security_notes": "Org policies applied at org node apply to ALL resources \u2014 test in non-prod folder first. Data Access audit logs must be enabled for sensitive services (KMS, IAM, BigQuery) \u2014 not enabled by default.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-landing-zone-architect-agent",
     "author": "github: Raishin",
@@ -5031,14 +5295,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate BigQuery dataset deletion, table truncation, and authorized view changes — irreversible data loss and downstream pipeline breakage.",
+    "summary": "Gate BigQuery dataset deletion, table truncation, and authorized view changes \u2014 irreversible data loss and downstream pipeline breakage.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/bigquery/docs/managing-tables",
       "https://cloud.google.com/bigquery/docs/datasets",
       "https://cloud.google.com/bigquery/docs/authorized-views"
     ],
-    "security_notes": "Dataset deletion removes all tables, views, and routines permanently. Downstream Data Transfer jobs, scheduled queries, Looker/BI connections, and Dataflow pipelines all break immediately. BigQuery dataset deletion is immediate and permanent — there is no recycle bin for datasets. Tables with default expiration may be partially recoverable if within the expiration window.",
+    "security_notes": "Dataset deletion removes all tables, views, and routines permanently. Downstream Data Transfer jobs, scheduled queries, Looker/BI connections, and Dataflow pipelines all break immediately. BigQuery dataset deletion is immediate and permanent \u2014 there is no recycle bin for datasets. Tables with default expiration may be partially recoverable if within the expiration window.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-live-bigquery-dataset-deletion-guard-agent",
     "author": "github: Raishin",
@@ -5057,14 +5321,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate Cloud Run traffic percentage migrations, min-instances changes, and revision deletions — production traffic blast radius with no automatic rollback.",
+    "summary": "Gate Cloud Run traffic percentage migrations, min-instances changes, and revision deletions \u2014 production traffic blast radius with no automatic rollback.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration",
       "https://cloud.google.com/run/docs/configuring/min-instances",
       "https://cloud.google.com/run/docs/managing/revisions"
     ],
-    "security_notes": "Migrating 100% traffic to a broken revision causes complete service unavailability. Min-instances changes affect cost and cold-start behavior. Revision deletion prevents rollback to that revision — never delete a revision that holds traffic or is the last known-good. No automatic rollback exists in Cloud Run; rollback requires a new traffic split or re-deployment.",
+    "security_notes": "Migrating 100% traffic to a broken revision causes complete service unavailability. Min-instances changes affect cost and cold-start behavior. Revision deletion prevents rollback to that revision \u2014 never delete a revision that holds traffic or is the last known-good. No automatic rollback exists in Cloud Run; rollback requires a new traffic split or re-deployment.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-live-cloud-run-traffic-migration-guard-agent",
     "author": "github: Raishin",
@@ -5083,7 +5347,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate Cloud Billing budget threshold changes, committed-use discount purchases, and quota increase requests — financial authority gate.",
+    "summary": "Gate Cloud Billing budget threshold changes, committed-use discount purchases, and quota increase requests \u2014 financial authority gate.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/billing/docs/how-to/budgets",
@@ -5136,7 +5400,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate IAM binding mutations, org policy changes, and Service Account key creation — org-wide blast radius, cannot be undone without a full audit trail.",
+    "summary": "Gate IAM binding mutations, org policy changes, and Service Account key creation \u2014 org-wide blast radius, cannot be undone without a full audit trail.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/iam/docs/manage-access-other-resources",
@@ -5162,7 +5426,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate Cloud KMS key version destruction and key ring deletion — CMEK-encrypted data becomes permanently and irrecoverably inaccessible once a key version is destroyed.",
+    "summary": "Gate Cloud KMS key version destruction and key ring deletion \u2014 CMEK-encrypted data becomes permanently and irrecoverably inaccessible once a key version is destroyed.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/kms/docs/destroy-restore",
@@ -5188,7 +5452,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-load-balancer-traffic-engineer. Traffic engineering for GCP load balancers — Global HTTPS LB, Regional HTTPS LB, TCP/SSL Proxy LB, Network LB (passthrough), Internal TCP/UDP LB — type selection, health check configuration, Cloud Armor integration, and traffic distribution.",
+    "summary": "Agent for gcp-load-balancer-traffic-engineer. Traffic engineering for GCP load balancers \u2014 Global HTTPS LB, Regional HTTPS LB, TCP/SSL Proxy LB, Network LB (passthrough), Internal TCP/UDP LB \u2014 type selection, health check configuration, Cloud Armor integration, and traffic distribution.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/load-balancing/docs/load-balancing-overview",
@@ -5197,7 +5461,7 @@
       "https://cloud.google.com/load-balancing/docs/backend-service",
       "https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs"
     ],
-    "security_notes": "Global HTTPS LB with Cloud Armor is the only GCP-native L7 DDoS and WAF layer — bypassing it with Network LB or TCP Proxy eliminates WAF capability. Self-managed SSL certificates in GCP LB expose the private key during upload — use Google-managed certificates or Certificate Manager for all production workloads.",
+    "security_notes": "Global HTTPS LB with Cloud Armor is the only GCP-native L7 DDoS and WAF layer \u2014 bypassing it with Network LB or TCP Proxy eliminates WAF capability. Self-managed SSL certificates in GCP LB expose the private key during upload \u2014 use Google-managed certificates or Certificate Manager for all production workloads.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-load-balancer-traffic-engineer-agent",
     "version": "0.1.0",
@@ -5217,7 +5481,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-cloud router agent for GCP. Classifies the user's task, selects the narrowest GCP specialist agent or the right team of specialists from the catalog, and dispatches them — single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents.",
+    "summary": "Per-cloud router agent for GCP. Classifies the user's task, selects the narrowest GCP specialist agent or the right team of specialists from the catalog, and dispatches them \u2014 single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/docs/overview",
@@ -5225,7 +5489,7 @@
       "https://cloud.google.com/iam/docs/overview",
       "https://cloud.google.com/vpc/docs/vpc"
     ],
-    "security_notes": "Live-guard gate is non-negotiable. The 6 live-guard agents must never be auto-dispatched — GCP IAM org-level mutations and KMS key destruction are irreversible. Always require blast-radius assessment and explicit human written confirmation before routing to any live-guard agent.",
+    "security_notes": "Live-guard gate is non-negotiable. The 6 live-guard agents must never be auto-dispatched \u2014 GCP IAM org-level mutations and KMS key destruction are irreversible. Always require blast-radius assessment and explicit human written confirmation before routing to any live-guard agent.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-maestro-agent",
     "author": "github: Raishin"
@@ -5250,7 +5514,7 @@
       "https://cloud.google.com/database-migration/docs/overview",
       "https://cloud.google.com/storage-transfer/docs/overview"
     ],
-    "security_notes": "Keep original source available for minimum 30 days post-cutover. DNS TTL must be reduced to 60s at least 24-48h before cutover — reverting DNS is faster than reverting data if cutover fails. DMS continuous replication must be validated before cutover window begins.",
+    "security_notes": "Keep original source available for minimum 30 days post-cutover. DNS TTL must be reduced to 60s at least 24-48h before cutover \u2014 reverting DNS is faster than reverting data if cutover fails. DMS continuous replication must be validated before cutover window begins.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-migration-cutover-architect-agent",
     "author": "github: Raishin",
@@ -5278,7 +5542,7 @@
       "https://cloud.google.com/nat/docs/overview",
       "https://cloud.google.com/armor/docs/cloud-armor-overview"
     ],
-    "security_notes": "GCP VPCs are global — a single VPC spans all regions. Shared VPC IAM roles at subnet level control service project access. Never expose internal services through public IP without Cloud Armor or equivalent WAF protection.",
+    "security_notes": "GCP VPCs are global \u2014 a single VPC spans all regions. Shared VPC IAM roles at subnet level control service project access. Never expose internal services through public IP without Cloud Armor or equivalent WAF protection.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-network-architect-agent",
     "author": "github: Raishin",
@@ -5336,7 +5600,7 @@
       "https://cloud.google.com/trace/docs",
       "https://cloud.google.com/monitoring/slos/slo-monitoring"
     ],
-    "security_notes": "Log Router sinks to GCS/BigQuery/Pub/Sub are required for compliance log retention — missing sinks may violate audit requirements. Do not claim root cause without evidence. Separate live telemetry from inference. Require containment before remediation for active incidents.",
+    "security_notes": "Log Router sinks to GCS/BigQuery/Pub/Sub are required for compliance log retention \u2014 missing sinks may violate audit requirements. Do not claim root cause without evidence. Separate live telemetry from inference. Require containment before remediation for active incidents.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-observability-incident-responder-agent",
     "author": "github: Raishin",
@@ -5355,7 +5619,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-registry-artifact-governor. Govern GCP Artifact Registry — container image signing via Binary Authorization, vulnerability scanning via Container Analysis, repository IAM least privilege, artifact retention policies, and supply chain security posture.",
+    "summary": "Agent for gcp-registry-artifact-governor. Govern GCP Artifact Registry \u2014 container image signing via Binary Authorization, vulnerability scanning via Container Analysis, repository IAM least privilege, artifact retention policies, and supply chain security posture.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/artifact-registry/docs/overview",
@@ -5363,7 +5627,7 @@
       "https://cloud.google.com/container-analysis/docs/container-analysis",
       "https://cloud.google.com/artifact-registry/docs/repositories/cleanup-policy"
     ],
-    "security_notes": "Binary Authorization with 'Allow all images' is equivalent to no supply chain protection — enforce attested images from trusted build pipelines. Artifact Registry supports CMEK — enable for regulated workloads. Public repositories expose all tags and digests; use private repositories with Workload Identity Federation for CI/CD access.",
+    "security_notes": "Binary Authorization with 'Allow all images' is equivalent to no supply chain protection \u2014 enforce attested images from trusted build pipelines. Artifact Registry supports CMEK \u2014 enable for regulated workloads. Public repositories expose all tags and digests; use private repositories with Workload Identity Federation for CI/CD access.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-registry-artifact-governor-agent",
     "version": "0.1.0",
@@ -5382,7 +5646,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-resilience-bcdr-review. Review GCP workload HA and BCDR designs — multi-region architectures, Cloud SQL HA failover, Spanner global instances, GKE multi-cluster, RTO/RPO target analysis, and runbook completeness.",
+    "summary": "Agent for gcp-resilience-bcdr-review. Review GCP workload HA and BCDR designs \u2014 multi-region architectures, Cloud SQL HA failover, Spanner global instances, GKE multi-cluster, RTO/RPO target analysis, and runbook completeness.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/architecture/disaster-recovery",
@@ -5390,7 +5654,7 @@
       "https://cloud.google.com/spanner/docs/instance-configurations",
       "https://cloud.google.com/kubernetes-engine/docs/concepts/multi-cluster-ingress"
     ],
-    "security_notes": "Cloud SQL HA standby is zone-redundant but not region-redundant — cross-region failover requires manual replica promotion. Cloud Run has no built-in multi-region failover. RTO/RPO targets without tested recovery evidence are aspirational. Require last recovery test date and result before marking BCDR as operational.",
+    "security_notes": "Cloud SQL HA standby is zone-redundant but not region-redundant \u2014 cross-region failover requires manual replica promotion. Cloud Run has no built-in multi-region failover. RTO/RPO targets without tested recovery evidence are aspirational. Require last recovery test date and result before marking BCDR as operational.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-resilience-bcdr-review-agent",
     "author": "github: Raishin",
@@ -5416,7 +5680,7 @@
       "https://cloud.google.com/asset-inventory/docs/searching-resources",
       "https://cloud.google.com/asset-inventory/docs/monitoring-asset-changes"
     ],
-    "security_notes": "Cloud Asset Inventory change history covers 35 days — be explicit about this window when investigating historical changes. Stale resources (unattached static IPs, persistent disks, orphaned firewall rules) incur ongoing charges. Resources missing required labels cannot be attributed in billing exports, creating cost allocation gaps.",
+    "security_notes": "Cloud Asset Inventory change history covers 35 days \u2014 be explicit about this window when investigating historical changes. Stale resources (unattached static IPs, persistent disks, orphaned firewall rules) incur ongoing charges. Resources missing required labels cannot be attributed in billing exports, creating cost allocation gaps.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-resource-inventory-analyst-agent",
     "author": "github: Raishin",
@@ -5444,7 +5708,7 @@
       "https://cloud.google.com/kms/docs/key-rotation",
       "https://cloud.google.com/kms/docs/importing-a-key"
     ],
-    "security_notes": "Prefer read-only inspection. Do not delete key versions, disable keys, or modify CMEK bindings without explicit user approval and a confirmed rollback plan — key deletion or disablement can cause irreversible data loss.",
+    "security_notes": "Prefer read-only inspection. Do not delete key versions, disable keys, or modify CMEK bindings without explicit user approval and a confirmed rollback plan \u2014 key deletion or disablement can cause irreversible data loss.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-secret-kms-lifecycle-steward-agent",
     "author": "github: Raishin",
@@ -5491,7 +5755,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-serverless-production-readiness. Review Cloud Run and Cloud Functions gen2 for production readiness — min-instances cold start, memory and CPU allocation, VPC connector configuration, Secret Manager injection, CMEK encryption, concurrency limits, and traffic splitting safety.",
+    "summary": "Agent for gcp-serverless-production-readiness. Review Cloud Run and Cloud Functions gen2 for production readiness \u2014 min-instances cold start, memory and CPU allocation, VPC connector configuration, Secret Manager injection, CMEK encryption, concurrency limits, and traffic splitting safety.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/run/docs/configuring/min-instances",
@@ -5500,7 +5764,7 @@
       "https://cloud.google.com/run/docs/rollouts-rollbacks-traffic-migration",
       "https://cloud.google.com/functions/docs/concepts/version-comparison"
     ],
-    "security_notes": "Cloud Run service accounts must follow least privilege — avoid binding roles/editor or roles/owner. Secrets in environment variables appear in plaintext in Cloud Run revision metadata accessible to anyone with run.revisions.get — always use Secret Manager references. Cloud Run with --allow-unauthenticated is public to the internet — require authentication for all non-public endpoints.",
+    "security_notes": "Cloud Run service accounts must follow least privilege \u2014 avoid binding roles/editor or roles/owner. Secrets in environment variables appear in plaintext in Cloud Run revision metadata accessible to anyone with run.revisions.get \u2014 always use Secret Manager references. Cloud Run with --allow-unauthenticated is public to the internet \u2014 require authentication for all non-public endpoints.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-serverless-production-readiness-agent",
     "version": "0.1.0",
@@ -5519,7 +5783,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Design GCP solutions aligned with the Google Cloud Architecture Framework — reliability, security, cost optimization, operational excellence, and performance efficiency — covering resource hierarchy design, product selection, and multi-service architecture patterns.",
+    "summary": "Design GCP solutions aligned with the Google Cloud Architecture Framework \u2014 reliability, security, cost optimization, operational excellence, and performance efficiency \u2014 covering resource hierarchy design, product selection, and multi-service architecture patterns.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/architecture/framework",
@@ -5553,7 +5817,7 @@
       "https://cloud.google.com/spanner/docs/instances",
       "https://cloud.google.com/spanner/docs/secondary-indexes"
     ],
-    "security_notes": "Monotonically increasing keys (e.g., auto-increment integers) cause all writes to hit the same split — use UUIDs or bit-reversed sequential IDs. Over-indexing in Spanner is expensive and slows writes — every indexed column is replicated.",
+    "security_notes": "Monotonically increasing keys (e.g., auto-increment integers) cause all writes to hit the same split \u2014 use UUIDs or bit-reversed sequential IDs. Over-indexing in Spanner is expensive and slows writes \u2014 every indexed column is replicated.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-spanner-architect-agent",
     "author": "github: Raishin",
@@ -5572,7 +5836,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-support-incident-coordinator. Coordinate GCP support incidents — case creation with correct severity, Premium/Enhanced Support SLA enforcement, TAM escalation path, status page monitoring, internal stakeholder communication, and post-incident evidence packaging.",
+    "summary": "Agent for gcp-support-incident-coordinator. Coordinate GCP support incidents \u2014 case creation with correct severity, Premium/Enhanced Support SLA enforcement, TAM escalation path, status page monitoring, internal stakeholder communication, and post-incident evidence packaging.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/support/docs/overview",
@@ -5580,7 +5844,7 @@
       "https://status.google.com/",
       "https://cloud.google.com/support/docs/managed-incident"
     ],
-    "security_notes": "GCP support case attachments are accessible to Google support engineers — never attach files containing customer PII, credentials, or unredacted production logs. Premium Support SLA is contractual — document SLA breach timestamps with case numbers for potential SLA credits.",
+    "security_notes": "GCP support case attachments are accessible to Google support engineers \u2014 never attach files containing customer PII, credentials, or unredacted production logs. Premium Support SLA is contractual \u2014 document SLA breach timestamps with case numbers for potential SLA credits.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-support-incident-coordinator-agent",
     "version": "0.1.0",
@@ -5599,7 +5863,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for gcp-ticket-triage-escalation-coordinator. Triage GCP operational alerts, incidents, and support tickets — P0/P1/P2/P3 classification, GCP Premium/Enhanced Support SLA enforcement, war room coordination, evidence collection from Cloud Monitoring and Cloud Logging, and safe escalation paths.",
+    "summary": "Agent for gcp-ticket-triage-escalation-coordinator. Triage GCP operational alerts, incidents, and support tickets \u2014 P0/P1/P2/P3 classification, GCP Premium/Enhanced Support SLA enforcement, war room coordination, evidence collection from Cloud Monitoring and Cloud Logging, and safe escalation paths.",
     "source_type": "original",
     "official_docs": [
       "https://cloud.google.com/support/docs/severity-definitions",
@@ -5607,7 +5871,7 @@
       "https://cloud.google.com/logging/docs/view/logs-explorer-interface",
       "https://status.google.com/"
     ],
-    "security_notes": "GCP support tickets may require sharing sanitized logs or configuration — scrub project IDs, IP addresses, and customer data before sharing with Google support. War room communication channels must be secure — use dedicated incident Slack/Meet channels, not public ones.",
+    "security_notes": "GCP support tickets may require sharing sanitized logs or configuration \u2014 scrub project IDs, IP addresses, and customer data before sharing with Google support. War room communication channels must be secure \u2014 use dedicated incident Slack/Meet channels, not public ones.",
     "last_verified": "2026-05-09",
     "path": "agents/gcp/gcp-ticket-triage-escalation-coordinator-agent",
     "version": "0.1.0",
@@ -5634,7 +5898,7 @@
       "https://cloud.google.com/vertex-ai/docs/model-registry/introduction",
       "https://cloud.google.com/vertex-ai/docs/featurestore/overview"
     ],
-    "security_notes": "Training jobs have no automatic cost cap — always verify max_run_time is set. Feature Store writes are irreversible and can silently corrupt training data. Gemini via Vertex AI has different privacy commitments than via AI Studio. Prefer least-privilege service accounts and read-only discovery before mutation.",
+    "security_notes": "Training jobs have no automatic cost cap \u2014 always verify max_run_time is set. Feature Store writes are irreversible and can silently corrupt training data. Gemini via Vertex AI has different privacy commitments than via AI Studio. Prefer least-privilege service accounts and read-only discovery before mutation.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-vertex-ai-mlops-engineer-agent",
     "author": "github: Raishin",
@@ -5662,7 +5926,7 @@
       "https://cloud.google.com/access-context-manager/docs/overview",
       "https://cloud.google.com/vpc-service-controls/docs/create-service-perimeters"
     ],
-    "security_notes": "Prefer dry-run mode before enforcement. Do not switch perimeters to enforcement mode without reviewing dry-run violations — live enforcement silently blocks API calls and can disrupt production workloads.",
+    "security_notes": "Prefer dry-run mode before enforcement. Do not switch perimeters to enforcement mode without reviewing dry-run violations \u2014 live enforcement silently blocks API calls and can disrupt production workloads.",
     "last_verified": "2026-05-08",
     "path": "agents/gcp/gcp-vpc-service-controls-architect-agent",
     "author": "github: Raishin",
@@ -5769,7 +6033,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review a Helm chart for quality, security, and testability defects — linting gaps, insecure securityContext, missing resource limits, absent health probes, RBAC over-permission, hardcoded secrets, and missing helm test coverage — statically, without installing or contacting a cluster.",
+    "summary": "Review a Helm chart for quality, security, and testability defects \u2014 linting gaps, insecure securityContext, missing resource limits, absent health probes, RBAC over-permission, hardcoded secrets, and missing helm test coverage \u2014 statically, without installing or contacting a cluster.",
     "source_type": "original",
     "official_docs": [
       "https://helm.sh/docs/chart_best_practices/",
@@ -5780,7 +6044,7 @@
       "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
       "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
     ],
-    "security_notes": "Static review only — reads chart source files (Chart.yaml, values.yaml, templates/, tests/), never installs a chart, never connects to a Kubernetes cluster, never requests kubeconfig, cluster credentials, or cloud provider credentials. Do not accept values files containing live credentials, connection strings, or tenant IDs; ask for sanitized versions with placeholder values.",
+    "security_notes": "Static review only \u2014 reads chart source files (Chart.yaml, values.yaml, templates/, tests/), never installs a chart, never connects to a Kubernetes cluster, never requests kubeconfig, cluster credentials, or cloud provider credentials. Do not accept values files containing live credentials, connection strings, or tenant IDs; ask for sanitized versions with placeholder values.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/helm-chart-quality-review-agent",
     "version": "0.1.0"
@@ -5805,7 +6069,7 @@
       "https://docs.hetzner.com/cloud/servers/overview/",
       "https://docs.hetzner.com/general/others/contacting-support/"
     ],
-    "security_notes": "Hetzner does not offer auto-scaling — always verify current resource counts via API before planning growth to avoid quota exhaustion surprises. Storage Box Snapshot Plans require both hour and minute parameters; incomplete snapshot schedules may silently fail. Do not expose project API tokens in capacity reports.",
+    "security_notes": "Hetzner does not offer auto-scaling \u2014 always verify current resource counts via API before planning growth to avoid quota exhaustion surprises. Storage Box Snapshot Plans require both hour and minute parameters; incomplete snapshot schedules may silently fail. Do not expose project API tokens in capacity reports.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-capacity-planner-agent",
     "author": "github: Raishin",
@@ -5840,7 +6104,7 @@
       "https://www.hetzner.com/cloud/pricing/",
       "https://docs.hetzner.com/"
     ],
-    "security_notes": "Never recommend deleting Volumes or snapshots that serve as the only recovery path. Unattached Floating IPs and Primary IPs incur cost — verify attachment state before recommending deletion. Do not expose project API tokens or billing credentials in analysis output.",
+    "security_notes": "Never recommend deleting Volumes or snapshots that serve as the only recovery path. Unattached Floating IPs and Primary IPs incur cost \u2014 verify attachment state before recommending deletion. Do not expose project API tokens or billing credentials in analysis output.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-cost-optimization-analyst-agent",
     "author": "github: Raishin",
@@ -5875,7 +6139,7 @@
       "https://docs.hetzner.com/cloud/firewalls/overview/",
       "https://docs.hetzner.com/cloud/networks/overview/"
     ],
-    "security_notes": "Public IPs on Hetzner are opt-in since API v1.34 — flag servers with unnecessary public IPs. Hetzner Firewalls must be explicitly attached to servers or Labels groups; an unattached Firewall provides zero protection. Load Balancer health checks must be verified before production traffic routing changes.",
+    "security_notes": "Public IPs on Hetzner are opt-in since API v1.34 \u2014 flag servers with unnecessary public IPs. Hetzner Firewalls must be explicitly attached to servers or Labels groups; an unattached Firewall provides zero protection. Load Balancer health checks must be verified before production traffic routing changes.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-infrastructure-reviewer-agent",
     "author": "github: Raishin",
@@ -5910,7 +6174,7 @@
       "https://docs.hetzner.com/cloud/firewalls/overview/",
       "https://docs.hetzner.com/cloud/firewalls/faq/"
     ],
-    "security_notes": "Must snapshot current Firewall rules before any mutation — Hetzner Firewall changes are immediate and affect all attached servers. Verify project-scoped API token scope before any write operation. Public IPs are opt-in since API v1.34 — verify exposure before and after rule changes. Never proceed without explicit human approval confirming the target Firewall ID, blast-radius, and rollback plan.",
+    "security_notes": "Must snapshot current Firewall rules before any mutation \u2014 Hetzner Firewall changes are immediate and affect all attached servers. Verify project-scoped API token scope before any write operation. Public IPs are opt-in since API v1.34 \u2014 verify exposure before and after rule changes. Never proceed without explicit human approval confirming the target Firewall ID, blast-radius, and rollback plan.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-live-firewall-rule-guard-agent",
     "author": "github: Raishin",
@@ -5945,7 +6209,7 @@
       "https://docs.hetzner.com/cloud/servers/overview/",
       "https://docs.hetzner.com/cloud/servers/server-types/"
     ],
-    "security_notes": "Server deletion on Hetzner is irreversible — always require a confirmed snapshot before deletion. Public IPs (IPv4/IPv6) are opt-in since API v1.34 and must be explicitly requested; do not auto-enable them. Server type changes require server stop — confirm downtime window. Always verify API token is project-scoped before any write operation. Never proceed without server ID, region, explicit human approval, and rollback plan.",
+    "security_notes": "Server deletion on Hetzner is irreversible \u2014 always require a confirmed snapshot before deletion. Public IPs (IPv4/IPv6) are opt-in since API v1.34 and must be explicitly requested; do not auto-enable them. Server type changes require server stop \u2014 confirm downtime window. Always verify API token is project-scoped before any write operation. Never proceed without server ID, region, explicit human approval, and rollback plan.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-live-server-lifecycle-guard-agent",
     "author": "github: Raishin",
@@ -5979,7 +6243,7 @@
       "https://docs.hetzner.cloud/",
       "https://docs.hetzner.com/"
     ],
-    "security_notes": "Never attempt live Hetzner Cloud API mutations from the routing layer. Always verify API tokens are project-scoped before any routing involving live data. Public IPs on Hetzner are opt-in since API v1.34 — do not assume servers have public IPs.",
+    "security_notes": "Never attempt live Hetzner Cloud API mutations from the routing layer. Always verify API tokens are project-scoped before any routing involving live data. Public IPs on Hetzner are opt-in since API v1.34 \u2014 do not assume servers have public IPs.",
     "last_verified": "2026-05-10",
     "path": "agents/hetzner/hetzner-maestro-agent",
     "author": "github: Raishin",
@@ -5998,7 +6262,7 @@
     "id": "hr-analytics-people-data-agent",
     "name": "HR Analytics and People Data Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6014,7 +6278,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized aggregate summaries and never requests individual employee records, identifiers, or protected-class data beyond what the matter requires. Never endorses a metric or model as bias-free; routes employee-data processing to the privacy owner. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized aggregate summaries and never requests individual employee records, identifiers, or protected-class data beyond what the matter requires. Never endorses a metric or model as bias-free; routes employee-data processing to the privacy owner. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-analytics-people-data-agent",
     "version": "0.1.0"
@@ -6023,7 +6287,7 @@
     "id": "hr-benefits-payroll-agent",
     "name": "HR Benefits and Payroll Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6039,7 +6303,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests individual compensation records, bank detail, or employee identifiers beyond what the matter requires. Never confirms payroll or classification is compliant; requires current authoritative wage and payroll sources. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests individual compensation records, bank detail, or employee identifiers beyond what the matter requires. Never confirms payroll or classification is compliant; requires current authoritative wage and payroll sources. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-benefits-payroll-agent",
     "version": "0.1.0"
@@ -6048,7 +6312,7 @@
     "id": "hr-compensation-equity-agent",
     "name": "HR Compensation and Equity Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6064,7 +6328,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized cohort summaries and never requests individual compensation records or employee identifiers beyond what the matter requires. Never confirms pay is equitable; routes pay-equity analysis through employment counsel to protect privilege. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized cohort summaries and never requests individual compensation records or employee identifiers beyond what the matter requires. Never confirms pay is equitable; routes pay-equity analysis through employment counsel to protect privilege. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-compensation-equity-agent",
     "version": "0.1.0"
@@ -6073,7 +6337,7 @@
     "id": "hr-culture-dei-agent",
     "name": "HR Culture and Inclusion Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6089,7 +6353,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized aggregate summaries and never requests protected-class data or employee identifiers beyond what the matter requires. Never makes legal claims about discrimination or quotas and never recommends protected-class-based decisions; routes legal questions to counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized aggregate summaries and never requests protected-class data or employee identifiers beyond what the matter requires. Never makes legal claims about discrimination or quotas and never recommends protected-class-based decisions; routes legal questions to counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-culture-dei-agent",
     "version": "0.1.0"
@@ -6098,7 +6362,7 @@
     "id": "hr-employee-relations-agent",
     "name": "HR Employee Relations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6114,7 +6378,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests medical detail, investigation notes, or employee identifiers beyond what the matter requires. Never reaches a finding and never recommends discipline; requires corroboration and routes escalation-grade matters to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests medical detail, investigation notes, or employee identifiers beyond what the matter requires. Never reaches a finding and never recommends discipline; requires corroboration and routes escalation-grade matters to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-employee-relations-agent",
     "version": "0.1.0"
@@ -6123,7 +6387,7 @@
     "id": "hr-hris-process-controls-agent",
     "name": "HR HRIS Process Controls Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6139,7 +6403,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, employee identifiers, or HRIS records beyond what the matter requires. Never approves a system change or access grant; recommends least-privilege access and routes to HR systems and security owners. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, employee identifiers, or HRIS records beyond what the matter requires. Never approves a system change or access grant; recommends least-privilege access and routes to HR systems and security owners. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-hris-process-controls-agent",
     "version": "0.1.0"
@@ -6148,7 +6412,7 @@
     "id": "hr-learning-policy-agent",
     "name": "HR Learning and Policy Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6164,7 +6428,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests employee identifiers or training records beyond what the matter requires. Never presents training content as legal advice; routes policy-accuracy questions to policy governance and counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests employee identifiers or training records beyond what the matter requires. Never presents training content as legal advice; routes policy-accuracy questions to policy governance and counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-learning-policy-agent",
     "version": "0.1.0"
@@ -6173,7 +6437,7 @@
     "id": "hr-leave-accommodation-agent",
     "name": "HR Leave and Accommodation Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6189,7 +6453,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests or retains medical records, disability detail, or diagnosis information beyond the minimum the matter requires. Never recommends denial of leave or accommodation; routes to employment counsel and the privacy owner. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests or retains medical records, disability detail, or diagnosis information beyond the minimum the matter requires. Never recommends denial of leave or accommodation; routes to employment counsel and the privacy owner. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-leave-accommodation-agent",
     "version": "0.1.0"
@@ -6198,7 +6462,7 @@
     "id": "hr-maestro-agent",
     "name": "HR Maestro Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6207,14 +6471,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Routes HR matters to the right HR specialist agent and coordinates cross-functional review with Legal, Compliance, Privacy, Security, Finance, Payroll, and leadership using the Legal-HR routing protocol, case capsule, and risk taxonomy. Classification and coordination only — does not give HR or legal advice or make final HR decisions.",
+    "summary": "Routes HR matters to the right HR specialist agent and coordinates cross-functional review with Legal, Compliance, Privacy, Security, Finance, Payroll, and leadership using the Legal-HR routing protocol, case capsule, and risk taxonomy. Classification and coordination only \u2014 does not give HR or legal advice or make final HR decisions.",
     "source_type": "original",
     "official_docs": [
       "https://www.nist.gov/privacy-framework",
       "https://www.eeoc.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Classification and coordination only — routes from sanitized signals and never requests secrets, credentials, medical detail, government IDs, or protected-class data. Never recommends termination, discipline, or adverse action as a final decision; expresses every handoff as a redacted case capsule with a named human decision owner. Does not form an attorney-client relationship.",
+    "security_notes": "Classification and coordination only \u2014 routes from sanitized signals and never requests secrets, credentials, medical detail, government IDs, or protected-class data. Never recommends termination, discipline, or adverse action as a final decision; expresses every handoff as a redacted case capsule with a named human decision owner. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-maestro-agent",
     "version": "0.1.0"
@@ -6223,7 +6487,7 @@
     "id": "hr-performance-management-agent",
     "name": "HR Performance Management Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6239,7 +6503,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests medical detail or employee identifiers beyond what the matter requires. Refuses to backdate or retroactively create performance documentation; never recommends termination and routes escalation-grade matters to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests medical detail or employee identifiers beyond what the matter requires. Refuses to backdate or retroactively create performance documentation; never recommends termination and routes escalation-grade matters to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-performance-management-agent",
     "version": "0.1.0"
@@ -6248,7 +6512,7 @@
     "id": "hr-recruiting-selection-agent",
     "name": "HR Recruiting and Selection Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6264,7 +6528,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests candidate identifiers, protected-class data, or assessment records beyond what the matter requires. Never confirms a selection process is bias-free; routes adverse-impact concerns to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests candidate identifiers, protected-class data, or assessment records beyond what the matter requires. Never confirms a selection process is bias-free; routes adverse-impact concerns to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-recruiting-selection-agent",
     "version": "0.1.0"
@@ -6273,7 +6537,7 @@
     "id": "hr-risk-triage-review-agent",
     "name": "HR Risk Triage Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6282,7 +6546,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Adversarial HR and employment-risk triage reviewer for terminations, discipline, accommodations, wage/hour, discrimination, harassment, retaliation, layoffs, and HR policy exceptions — surfaces risks, evidence gaps, and escalation paths for employment counsel. Does not give legal or HR advice.",
+    "summary": "Adversarial HR and employment-risk triage reviewer for terminations, discipline, accommodations, wage/hour, discrimination, harassment, retaliation, layoffs, and HR policy exceptions \u2014 surfaces risks, evidence gaps, and escalation paths for employment counsel. Does not give legal or HR advice.",
     "source_type": "original",
     "official_docs": [
       "https://www.eeoc.gov/laws-guidance",
@@ -6292,7 +6556,7 @@
       "https://www.mom.gov.sg/employment-practices",
       "https://www.fairwork.gov.au/"
     ],
-    "security_notes": "Static review only — works from sanitized excerpts and never requests employee medical records, personal data, or protected-characteristic data beyond what the question requires. Never issues binding employment-law conclusions; refuses pretextual or retaliatory documentation and recommends escalation to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized excerpts and never requests employee medical records, personal data, or protected-characteristic data beyond what the question requires. Never issues binding employment-law conclusions; refuses pretextual or retaliatory documentation and recommends escalation to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-risk-triage-review-agent/",
     "harness_variants": {
@@ -6316,7 +6580,7 @@
     "id": "hr-termination-readiness-agent",
     "name": "HR Termination Readiness Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6332,7 +6596,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests medical detail, investigation notes, or employee identifiers beyond what the matter requires. Never concludes a termination is safe and never recommends termination; routes to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests medical detail, investigation notes, or employee identifiers beyond what the matter requires. Never concludes a termination is safe and never recommends termination; routes to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-termination-readiness-agent",
     "version": "0.1.0"
@@ -6341,7 +6605,7 @@
     "id": "hr-workforce-planning-rif-agent",
     "name": "HR Workforce Planning and RIF Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6357,7 +6621,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized cohort summaries and never requests individual employee records or identifiers beyond what the matter requires. Never approves a reduction in force or a selection list; routes mass-layoff and notice triggers to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized cohort summaries and never requests individual employee records or identifiers beyond what the matter requires. Never approves a reduction in force or a selection list; routes mass-layoff and notice triggers to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-workforce-planning-rif-agent",
     "version": "0.1.0"
@@ -6366,7 +6630,7 @@
     "id": "hr-workplace-investigations-agent",
     "name": "HR Workplace Investigations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "hr",
     "harnesses": [
       "codex",
       "copilot",
@@ -6382,7 +6646,7 @@
       "https://www.dol.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests investigation notes, medical detail, or employee identifiers beyond what the matter requires. Never reaches a finding of fact or guilt; protects investigation confidentiality and privilege and routes to employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests investigation notes, medical detail, or employee identifiers beyond what the matter requires. Never reaches a finding of fact or guilt; protects investigation confidentiality and privilege and routes to employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/hr/hr-workplace-investigations-agent",
     "version": "0.1.0"
@@ -6425,14 +6689,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-certificate-manager-issuer-review. Review Huawei Cloud SSL certificate management — SCM certificate lifecycle, ELB SSL certificate binding coverage, DEW-managed certificate key storage, renewal automation, wildcard vs SAN cert selection, certificate expiry alerting via CES, and HTTPS enforcement on ELB listeners.",
+    "summary": "Agent for huawei-certificate-manager-issuer-review. Review Huawei Cloud SSL certificate management \u2014 SCM certificate lifecycle, ELB SSL certificate binding coverage, DEW-managed certificate key storage, renewal automation, wildcard vs SAN cert selection, certificate expiry alerting via CES, and HTTPS enforcement on ELB listeners.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/scm/index.html",
       "https://support.huaweicloud.com/intl/en-us/elb/index.html",
       "https://support.huaweicloud.com/intl/en-us/dew/index.html"
     ],
-    "security_notes": "Certificate private keys stored in DEW must have IAM access policies that restrict access to authorized identities only — overly permissive DEW key policies expose private key material. SCM certificates are region-scoped — verify the certificate is present in all regions where ELB listeners consume it to prevent cross-region binding failures.",
+    "security_notes": "Certificate private keys stored in DEW must have IAM access policies that restrict access to authorized identities only \u2014 overly permissive DEW key policies expose private key material. SCM certificates are region-scoped \u2014 verify the certificate is present in all regions where ELB listeners consume it to prevent cross-region binding failures.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-certificate-manager-issuer-review-agent",
     "version": "0.1.0",
@@ -6451,7 +6715,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-change-impact-advisor. Pre-change blast radius analysis for Huawei Cloud — Organizations SCP cascade scope, IAM agency dependency chain, VPC route table and VPC Peering impact, GaussDB instance class change disruption, CCE node pool resize safety, and Enterprise Project boundary clarity.",
+    "summary": "Agent for huawei-change-impact-advisor. Pre-change blast radius analysis for Huawei Cloud \u2014 Organizations SCP cascade scope, IAM agency dependency chain, VPC route table and VPC Peering impact, GaussDB instance class change disruption, CCE node pool resize safety, and Enterprise Project boundary clarity.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/organizations/index.html",
@@ -6460,7 +6724,7 @@
       "https://support.huaweicloud.com/intl/en-us/gaussdb_mysql/index.html",
       "https://support.huaweicloud.com/intl/en-us/cce/index.html"
     ],
-    "security_notes": "Huawei Cloud Organizations SCP deny rules have org-level blast radius — a misconfigured SCP can lock out all member accounts from critical services; test SCP changes in a sandbox member account first. IAM agency deletion is immediate and irreversible — all services using the agency lose permissions instantly.",
+    "security_notes": "Huawei Cloud Organizations SCP deny rules have org-level blast radius \u2014 a misconfigured SCP can lock out all member accounts from critical services; test SCP changes in a sandbox member account first. IAM agency deletion is immediate and irreversible \u2014 all services using the agency lose permissions instantly.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-change-impact-advisor-agent",
     "version": "0.1.0",
@@ -6529,14 +6793,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-cost-anomaly-watch-coordinator. Coordinate Huawei Cloud cost anomaly detection — CBC Cost Center delta analysis (>15% day-over-day threshold), budget alert configuration via Budget Management, ECS/GaussDB Yearly/Monthly vs On-Demand mode cost anomalies, OBS request cost spikes, unattached EVS volume waste, DWS idle cluster cost detection, and reserved instance coverage gaps.",
+    "summary": "Agent for huawei-cost-anomaly-watch-coordinator. Coordinate Huawei Cloud cost anomaly detection \u2014 CBC Cost Center delta analysis (>15% day-over-day threshold), budget alert configuration via Budget Management, ECS/GaussDB Yearly/Monthly vs On-Demand mode cost anomalies, OBS request cost spikes, unattached EVS volume waste, DWS idle cluster cost detection, and reserved instance coverage gaps.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/billing/index.html",
       "https://support.huaweicloud.com/intl/en-us/costcenter/index.html",
       "https://support.huaweicloud.com/intl/en-us/ces/index.html"
     ],
-    "security_notes": "CBC Cost Center exports contain billing data — restrict export access to authorized IAM identities using least-privilege policies. Budget alert actions may trigger FunctionGraph functions — verify the function IAM execution role has only the permissions needed to respond to the alert action.",
+    "security_notes": "CBC Cost Center exports contain billing data \u2014 restrict export access to authorized IAM identities using least-privilege policies. Budget alert actions may trigger FunctionGraph functions \u2014 verify the function IAM execution role has only the permissions needed to respond to the alert action.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-cost-anomaly-watch-coordinator-agent",
     "version": "0.1.0",
@@ -6580,7 +6844,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-daily-operations-briefing-coordinator. Coordinate the daily Huawei Cloud operations standup — CBC cost delta by Enterprise Project, AOM anomaly alert review, CCE pod failure triage, CES quota utilization warnings, LTS log error spike detection, SecMaster security finding triage, and action item assignment.",
+    "summary": "Agent for huawei-daily-operations-briefing-coordinator. Coordinate the daily Huawei Cloud operations standup \u2014 CBC cost delta by Enterprise Project, AOM anomaly alert review, CCE pod failure triage, CES quota utilization warnings, LTS log error spike detection, SecMaster security finding triage, and action item assignment.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/cbc/index.html",
@@ -6590,7 +6854,7 @@
       "https://support.huaweicloud.com/intl/en-us/secmaster/index.html",
       "https://support.huaweicloud.com/intl/en-us/lts/index.html"
     ],
-    "security_notes": "Huawei Cloud SecMaster finding details may contain vulnerability exploit paths — restrict SecMaster report distribution to security team members only in daily briefings. CBC Enterprise Project cost data reveals workload architecture details — distribute cost briefing only to authorized engineering and finance leads.",
+    "security_notes": "Huawei Cloud SecMaster finding details may contain vulnerability exploit paths \u2014 restrict SecMaster report distribution to security team members only in daily briefings. CBC Enterprise Project cost data reveals workload architecture details \u2014 distribute cost briefing only to authorized engineering and finance leads.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-daily-operations-briefing-coordinator-agent",
     "version": "0.1.0",
@@ -6609,7 +6873,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Manage DEW (Data Encryption Workshop) — KMS key lifecycle, CSMS secret rotation, CBH privileged access management, and DBSS database encryption on Huawei Cloud.",
+    "summary": "Manage DEW (Data Encryption Workshop) \u2014 KMS key lifecycle, CSMS secret rotation, CBH privileged access management, and DBSS database encryption on Huawei Cloud.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/dew/index.html"
@@ -6688,7 +6952,7 @@
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/ecs/index.html"
     ],
-    "security_notes": "ECS deletion without CSBS backup is permanently destructive. AS scale-in terminates instances — verify stateless before enabling. DeH migration to shared host requires explicit approval.",
+    "security_notes": "ECS deletion without CSBS backup is permanently destructive. AS scale-in terminates instances \u2014 verify stateless before enabling. DeH migration to shared host requires explicit approval.",
     "last_verified": "2026-05-08",
     "path": "agents/huawei/huawei-ecs-compute-operator-agent",
     "author": "github: Raishin",
@@ -6707,7 +6971,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-event-driven-architecture-review. Review Huawei Cloud DMS (Distributed Message Service) for Kafka, ROMA Connect, FunctionGraph event triggers, and SMN (Simple Message Notification) designs — dead-letter configuration, message ordering, idempotency, consumer group lag monitoring, and retry storm prevention.",
+    "summary": "Agent for huawei-event-driven-architecture-review. Review Huawei Cloud DMS (Distributed Message Service) for Kafka, ROMA Connect, FunctionGraph event triggers, and SMN (Simple Message Notification) designs \u2014 dead-letter configuration, message ordering, idempotency, consumer group lag monitoring, and retry storm prevention.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/dms/index.html",
@@ -6715,7 +6979,7 @@
       "https://support.huaweicloud.com/intl/en-us/fg/index.html",
       "https://support.huaweicloud.com/intl/en-us/smn/index.html"
     ],
-    "security_notes": "DMS Kafka instances without SSL/TLS encryption transmit messages in plaintext — enable SSL for all production Kafka instances. ROMA Connect integration flows may process sensitive data — verify ROMA instance security group rules restrict access to authorized callers only.",
+    "security_notes": "DMS Kafka instances without SSL/TLS encryption transmit messages in plaintext \u2014 enable SSL for all production Kafka instances. ROMA Connect integration flows may process sensitive data \u2014 verify ROMA instance security group rules restrict access to authorized callers only.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-event-driven-architecture-review-agent",
     "version": "0.1.0",
@@ -6765,7 +7029,7 @@
       "https://support.huaweicloud.com/intl/en-us/gaussdb_mysql/index.html",
       "https://support.huaweicloud.com/intl/en-us/rds/index.html"
     ],
-    "security_notes": "Database deletion without backup is permanently destructive. GaussDB for Oracle PL/SQL compatibility gaps can break migration — test before cutover. Failover testing must be coordinated with application teams.",
+    "security_notes": "Database deletion without backup is permanently destructive. GaussDB for Oracle PL/SQL compatibility gaps can break migration \u2014 test before cutover. Failover testing must be coordinated with application teams.",
     "last_verified": "2026-05-08",
     "path": "agents/huawei/huawei-gaussdb-rds-dba-agent",
     "author": "github: Raishin",
@@ -6784,7 +7048,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-iac-change-safety-review. Review Terraform and RFS (Resource Formation Service) changes targeting Huawei Cloud — blast radius analysis, resource deletion detection, Organizations SCP cascade scope, cross-stack dependency impact, state file security, and rollback plan completeness.",
+    "summary": "Agent for huawei-iac-change-safety-review. Review Terraform and RFS (Resource Formation Service) changes targeting Huawei Cloud \u2014 blast radius analysis, resource deletion detection, Organizations SCP cascade scope, cross-stack dependency impact, state file security, and rollback plan completeness.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/rfs/index.html",
@@ -6792,7 +7056,7 @@
       "https://support.huaweicloud.com/intl/en-us/organizations/index.html",
       "https://support.huaweicloud.com/intl/en-us/obs/index.html"
     ],
-    "security_notes": "Huawei Cloud Terraform provider state files contain resource attribute details — OBS backend bucket must deny public access and use SSE-KMS CMEK. RFS stacks without termination protection can be deleted with a single API call — always enable termination protection on production stacks.",
+    "security_notes": "Huawei Cloud Terraform provider state files contain resource attribute details \u2014 OBS backend bucket must deny public access and use SSE-KMS CMEK. RFS stacks without termination protection can be deleted with a single API call \u2014 always enable termination protection on production stacks.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-iac-change-safety-review-agent",
     "version": "0.1.0",
@@ -6909,7 +7173,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate financial authority actions — budget threshold changes, RI purchases, and CUD commitments. Budget threshold reduction can trigger service suspension; RI/CUD purchases are committed spend.",
+    "summary": "Gate financial authority actions \u2014 budget threshold changes, RI purchases, and CUD commitments. Budget threshold reduction can trigger service suspension; RI/CUD purchases are committed spend.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/usermanual-billing/index.html"
@@ -6933,7 +7197,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate GaussDB/RDS instance deletion, spec downgrade, and backup policy changes — database deletion without verified backup is permanently destructive; MLPS Level 3 data destruction triggers mandatory incident reporting.",
+    "summary": "Gate GaussDB/RDS instance deletion, spec downgrade, and backup policy changes \u2014 database deletion without verified backup is permanently destructive; MLPS Level 3 data destruction triggers mandatory incident reporting.",
     "source_type": "original",
     "companion_skills": [
       "huawei-live-gaussdb-mutation-guard"
@@ -6962,13 +7226,13 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate IAM fine-grained policy and SCP mutations — account-wide blast radius, privilege escalation, and potential full access denial.",
+    "summary": "Gate IAM fine-grained policy and SCP mutations \u2014 account-wide blast radius, privilege escalation, and potential full access denial.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/iam/index.html",
       "https://support.huaweicloud.com/intl/en-us/usermanual-organizations/organizations_03_0001.html"
     ],
-    "security_notes": "SCP deny statements at Organizations level cascade to ALL member accounts and CANNOT be overridden by IAM policies in member accounts. Granting FullAccess system policies gives complete service control. Agency trust relationships granting SecurityAdministrator are among the most dangerous grants. IAM policy changes propagate across Huawei Cloud services — confirm post-change access for all dependent systems.",
+    "security_notes": "SCP deny statements at Organizations level cascade to ALL member accounts and CANNOT be overridden by IAM policies in member accounts. Granting FullAccess system policies gives complete service control. Agency trust relationships granting SecurityAdministrator are among the most dangerous grants. IAM policy changes propagate across Huawei Cloud services \u2014 confirm post-change access for all dependent systems.",
     "last_verified": "2026-05-08",
     "path": "agents/huawei/huawei-live-iam-policy-change-guard-agent",
     "author": "github: Raishin"
@@ -6986,7 +7250,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate DEW/KMS key deletion and disable operations — CSMS secrets and DBSS-encrypted database data become permanently unrecoverable once the key is deleted.",
+    "summary": "Gate DEW/KMS key deletion and disable operations \u2014 CSMS secrets and DBSS-encrypted database data become permanently unrecoverable once the key is deleted.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/dew/index.html"
@@ -7010,7 +7274,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Gate OBS bucket ACL and policy mutations — public-read/write ACL exposes data immediately; CN-* cross-border replication may violate MLPS 2.0/DSL data localization requirements.",
+    "summary": "Gate OBS bucket ACL and policy mutations \u2014 public-read/write ACL exposes data immediately; CN-* cross-border replication may violate MLPS 2.0/DSL data localization requirements.",
     "source_type": "original",
     "companion_skills": [
       "huawei-live-obs-bucket-policy-guard"
@@ -7037,13 +7301,13 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-load-balancer-traffic-engineer. Engineer and review Huawei Cloud ELB configurations — dedicated vs shared ELB type selection, HTTP/HTTPS/TCP/UDP listener protocols, health check configuration, WAF integration on ELB, backend server group routing, connection draining, and TLS policy enforcement on Dedicated ELB.",
+    "summary": "Agent for huawei-load-balancer-traffic-engineer. Engineer and review Huawei Cloud ELB configurations \u2014 dedicated vs shared ELB type selection, HTTP/HTTPS/TCP/UDP listener protocols, health check configuration, WAF integration on ELB, backend server group routing, connection draining, and TLS policy enforcement on Dedicated ELB.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/elb/index.html",
       "https://support.huaweicloud.com/intl/en-us/waf/index.html"
     ],
-    "security_notes": "ELB HTTPS listeners should enforce TLS-1-2 or TLS-1-2-Strict policy to disable TLSv1.0 and TLSv1.1 — weaker TLS policies expose traffic to known downgrade attacks. WAF integration on ELB adds a security inspection hop; verify WAF security policy is tuned for the application before enabling block mode to avoid service disruption from false positives.",
+    "security_notes": "ELB HTTPS listeners should enforce TLS-1-2 or TLS-1-2-Strict policy to disable TLSv1.0 and TLSv1.1 \u2014 weaker TLS policies expose traffic to known downgrade attacks. WAF integration on ELB adds a security inspection hop; verify WAF security policy is tuned for the application before enabling block mode to avoid service disruption from false positives.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-load-balancer-traffic-engineer-agent",
     "version": "0.1.0",
@@ -7063,7 +7327,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-cloud router agent for Huawei Cloud. Classifies the user's task, selects the narrowest Huawei Cloud specialist agent or the right team of specialists from the catalog, and dispatches them — single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. MLPS 2.0 and sovereignty-aware. Never auto-dispatches live-guard agents.",
+    "summary": "Per-cloud router agent for Huawei Cloud. Classifies the user's task, selects the narrowest Huawei Cloud specialist agent or the right team of specialists from the catalog, and dispatches them \u2014 single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. MLPS 2.0 and sovereignty-aware. Never auto-dispatches live-guard agents.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/iam/index.html",
@@ -7120,7 +7384,7 @@
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/modelarts/index.html"
     ],
-    "security_notes": "ModelArts training jobs have no automatic cost cap. Specify budget limit before starting large GPU/NPU jobs. Ascend NPU OOM errors differ from Nvidia CUDA OOM — know the error pattern before acting.",
+    "security_notes": "ModelArts training jobs have no automatic cost cap. Specify budget limit before starting large GPU/NPU jobs. Ascend NPU OOM errors differ from Nvidia CUDA OOM \u2014 know the error pattern before acting.",
     "last_verified": "2026-05-08",
     "path": "agents/huawei/huawei-modelarts-mlops-engineer-agent",
     "author": "github: Raishin",
@@ -7139,7 +7403,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-network-architect. Design Huawei Cloud network architecture — VPC, ELB type selection (dedicated/shared), VPN and DC Gateway (Direct Connect), Cloud Connect for inter-VPC, CFW (Cloud Firewall), Anti-DDoS, DNS.",
+    "summary": "Agent for huawei-network-architect. Design Huawei Cloud network architecture \u2014 VPC, ELB type selection (dedicated/shared), VPN and DC Gateway (Direct Connect), Cloud Connect for inter-VPC, CFW (Cloud Firewall), Anti-DDoS, DNS.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/vpc/index.html",
@@ -7166,14 +7430,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-obs-data-perimeter-governor. Govern Huawei Cloud OBS (Object Storage Service) data perimeters — bucket policy and ACL public exposure, Block Public Access configuration, VPC endpoint binding for private access, WORM (Object Lock), cross-region replication compliance, and MLPS 2.0 data residency enforcement.",
+    "summary": "Agent for huawei-obs-data-perimeter-governor. Govern Huawei Cloud OBS (Object Storage Service) data perimeters \u2014 bucket policy and ACL public exposure, Block Public Access configuration, VPC endpoint binding for private access, WORM (Object Lock), cross-region replication compliance, and MLPS 2.0 data residency enforcement.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/obs/index.html",
       "https://support.huaweicloud.com/intl/en-us/vpcep/index.html",
       "https://support.huaweicloud.com/intl/en-us/obs/obs_03_0086.html"
     ],
-    "security_notes": "Huawei Cloud OBS presigned URLs can expose objects publicly for the URL validity period — audit presigned URL generation in application code and set maximum validity to the shortest acceptable window. OBS cross-region replication of MLPS 2.0 Level 3 classified data to international regions violates Chinese data sovereignty regulations and carries regulatory penalty risk.",
+    "security_notes": "Huawei Cloud OBS presigned URLs can expose objects publicly for the URL validity period \u2014 audit presigned URL generation in application code and set maximum validity to the shortest acceptable window. OBS cross-region replication of MLPS 2.0 Level 3 classified data to international regions violates Chinese data sovereignty regulations and carries regulatory penalty risk.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-obs-data-perimeter-governor-agent",
     "version": "0.1.0",
@@ -7244,14 +7508,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-registry-artifact-governor. Govern Huawei Cloud SWR (Software Repository for Container) — image retention policy, vulnerability scanning via VSS (Vulnerability Scan Service) integration, namespace permission least privilege, cross-region image replication, and supply chain security posture.",
+    "summary": "Agent for huawei-registry-artifact-governor. Govern Huawei Cloud SWR (Software Repository for Container) \u2014 image retention policy, vulnerability scanning via VSS (Vulnerability Scan Service) integration, namespace permission least privilege, cross-region image replication, and supply chain security posture.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/swr/index.html",
       "https://support.huaweicloud.com/intl/en-us/vss/index.html",
       "https://support.huaweicloud.com/intl/en-us/cce/index.html"
     ],
-    "security_notes": "Public SWR namespaces expose images to Huawei Cloud's global network — an attacker can enumerate public namespaces and pull all images without authentication. SWR image signing is not natively supported — use third-party image signing (Notary v2/cosign) for supply chain attestation on sensitive production images.",
+    "security_notes": "Public SWR namespaces expose images to Huawei Cloud's global network \u2014 an attacker can enumerate public namespaces and pull all images without authentication. SWR image signing is not natively supported \u2014 use third-party image signing (Notary v2/cosign) for supply chain attestation on sensitive production images.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-registry-artifact-governor-agent",
     "version": "0.1.0",
@@ -7270,7 +7534,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-resilience-bcdr-review. Review Huawei Cloud workload HA and BCDR designs — GaussDB High Availability (HA) instance failover, CBR (Cloud Backup and Recovery) cross-region vault, CCE multi-AZ deployment, DRS (Data Replication Service) for DR, RTO/RPO target analysis, and runbook completeness.",
+    "summary": "Agent for huawei-resilience-bcdr-review. Review Huawei Cloud workload HA and BCDR designs \u2014 GaussDB High Availability (HA) instance failover, CBR (Cloud Backup and Recovery) cross-region vault, CCE multi-AZ deployment, DRS (Data Replication Service) for DR, RTO/RPO target analysis, and runbook completeness.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/gaussdb_mysql/index.html",
@@ -7279,7 +7543,7 @@
       "https://support.huaweicloud.com/intl/en-us/drs/index.html",
       "https://support.huaweicloud.com/intl/en-us/elb/index.html"
     ],
-    "security_notes": "Huawei Cloud CBR vaults use default encryption — enable KMS CMEK for vaults containing sensitive production data. GaussDB cross-region read replicas involve data leaving the source region — verify this is compliant with MLPS 2.0 Level 3 data residency requirements before enabling.",
+    "security_notes": "Huawei Cloud CBR vaults use default encryption \u2014 enable KMS CMEK for vaults containing sensitive production data. GaussDB cross-region read replicas involve data leaving the source region \u2014 verify this is compliant with MLPS 2.0 Level 3 data residency requirements before enabling.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-resilience-bcdr-review-agent",
     "version": "0.1.0",
@@ -7326,14 +7590,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-serverless-production-readiness. Review FunctionGraph production readiness — VPC access configuration, concurrency limits and reserved instances, cold-start optimization, observability via LTS log output and AOM metrics, timeout configuration, dependency package size, custom vs managed runtimes, and ServiceStage application lifecycle.",
+    "summary": "Agent for huawei-serverless-production-readiness. Review FunctionGraph production readiness \u2014 VPC access configuration, concurrency limits and reserved instances, cold-start optimization, observability via LTS log output and AOM metrics, timeout configuration, dependency package size, custom vs managed runtimes, and ServiceStage application lifecycle.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/fg/index.html",
       "https://support.huaweicloud.com/intl/en-us/servicestage/index.html",
       "https://support.huaweicloud.com/intl/en-us/aom/index.html"
     ],
-    "security_notes": "FunctionGraph function environment variables may contain secrets — use DEW (Data Encryption Workshop) or Secret Manager references instead of plaintext values in environment variables. Custom runtimes require the function author to maintain runtime security patch lifecycle — document a patching cadence if custom runtimes are used in production.",
+    "security_notes": "FunctionGraph function environment variables may contain secrets \u2014 use DEW (Data Encryption Workshop) or Secret Manager references instead of plaintext values in environment variables. Custom runtimes require the function author to maintain runtime security patch lifecycle \u2014 document a patching cadence if custom runtimes are used in production.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-serverless-production-readiness-agent",
     "version": "0.1.0",
@@ -7352,7 +7616,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-solution-architect. Design Huawei Cloud solutions — product selection, enterprise-project model design, region selection for MLPS/sovereignty requirements, architecture patterns, multi-zone and multi-region HA.",
+    "summary": "Agent for huawei-solution-architect. Design Huawei Cloud solutions \u2014 product selection, enterprise-project model design, region selection for MLPS/sovereignty requirements, architecture patterns, multi-zone and multi-region HA.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/ecs/index.html",
@@ -7378,14 +7642,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-support-incident-coordinator. Coordinate Huawei Cloud support incidents — case creation with correct severity (紧急/高/中/低), Premium Support SLA enforcement, Account Manager and TAM escalation path, status page monitoring, internal stakeholder communication, and post-incident evidence packaging.",
+    "summary": "Agent for huawei-support-incident-coordinator. Coordinate Huawei Cloud support incidents \u2014 case creation with correct severity (\u7d27\u6025/\u9ad8/\u4e2d/\u4f4e), Premium Support SLA enforcement, Account Manager and TAM escalation path, status page monitoring, internal stakeholder communication, and post-incident evidence packaging.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/",
       "https://status.huaweicloud.com/",
       "https://support.huaweicloud.com/intl/en-us/usermanual-ticket/topic_0065264094.html"
     ],
-    "security_notes": "Huawei Cloud support case attachments are stored on Huawei Cloud infrastructure — never attach files with customer financial data, health records, or unredacted credentials. Premium Support SLA breach timestamps must be logged with case numbers for contractual credit claims.",
+    "security_notes": "Huawei Cloud support case attachments are stored on Huawei Cloud infrastructure \u2014 never attach files with customer financial data, health records, or unredacted credentials. Premium Support SLA breach timestamps must be logged with case numbers for contractual credit claims.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-support-incident-coordinator-agent",
     "version": "0.1.0",
@@ -7404,7 +7668,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Agent for huawei-ticket-triage-escalation-coordinator. Triage Huawei Cloud operational alerts, incidents, and support tickets — P0/P1/P2/P3 classification, Huawei Cloud Premium Support SLA enforcement, Account Manager escalation, AOM alert routing, war room coordination, evidence collection from CES and LTS, and safe escalation paths.",
+    "summary": "Agent for huawei-ticket-triage-escalation-coordinator. Triage Huawei Cloud operational alerts, incidents, and support tickets \u2014 P0/P1/P2/P3 classification, Huawei Cloud Premium Support SLA enforcement, Account Manager escalation, AOM alert routing, war room coordination, evidence collection from CES and LTS, and safe escalation paths.",
     "source_type": "original",
     "official_docs": [
       "https://support.huaweicloud.com/intl/en-us/",
@@ -7413,7 +7677,7 @@
       "https://support.huaweicloud.com/intl/en-us/ces/index.html",
       "https://support.huaweicloud.com/intl/en-us/lts/index.html"
     ],
-    "security_notes": "Huawei Cloud support ticket attachments are accessible to Huawei support engineers — scrub AK/SK values, account IDs, customer PII, and unredacted log data before sharing. War room communication must use secure channels — avoid sharing incident details in public or uncontrolled messaging platforms.",
+    "security_notes": "Huawei Cloud support ticket attachments are accessible to Huawei support engineers \u2014 scrub AK/SK values, account IDs, customer PII, and unredacted log data before sharing. War room communication must use secure channels \u2014 avoid sharing incident details in public or uncontrolled messaging platforms.",
     "last_verified": "2026-05-09",
     "path": "agents/huawei/huawei-ticket-triage-escalation-coordinator-agent",
     "version": "0.1.0",
@@ -7549,7 +7813,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review influencer campaign audit packs — brief, contract, post descriptions, and disclosure placement specs — for FTC Endorsement Guide violations: undisclosed material connections, inadequate disclosure placement, and brand liability exposure.",
+    "summary": "Review influencer campaign audit packs \u2014 brief, contract, post descriptions, and disclosure placement specs \u2014 for FTC Endorsement Guide violations: undisclosed material connections, inadequate disclosure placement, and brand liability exposure.",
     "companion_skills": [
       "influencer-disclosure-compliance-review"
     ],
@@ -7561,7 +7825,7 @@
       "https://www.ftc.gov/legal-library/browse/statutes/federal-trade-commission-act",
       "https://www.ftc.gov/business-guidance/resources/ftcs-endorsement-guides-what-people-are-asking"
     ],
-    "security_notes": "Read-only advisory. Works from a structured influencer campaign audit pack only — brief, contract excerpt, post descriptions, and disclosure spec. Never requests raw personal data about creators, unpublished financial negotiations, or live platform credentials. Does not generate campaign content or creator instructions. A finding of systematic non-disclosure may warrant legal escalation before campaign continuation.",
+    "security_notes": "Read-only advisory. Works from a structured influencer campaign audit pack only \u2014 brief, contract excerpt, post descriptions, and disclosure spec. Never requests raw personal data about creators, unpublished financial negotiations, or live platform credentials. Does not generate campaign content or creator instructions. A finding of systematic non-disclosure may warrant legal escalation before campaign continuation.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/influencer-disclosure-compliance-review-agent/",
     "harness_variants": {
@@ -7624,7 +7888,7 @@
       "https://registry.terraform.io/providers/ionos-cloud/ionoscloud/latest/docs/resources/datacenter",
       "https://docs.ionos.com/cloud/network/lans"
     ],
-    "security_notes": "DCD topology changes are infrastructure-wide blast-radius events — modifying datacenter layout can disrupt all resources within the datacenter simultaneously. Always require a current topology snapshot and blast-radius review before advising any structural change. GDPR data residency requires verifying the datacenter region matches the declared processing location.",
+    "security_notes": "DCD topology changes are infrastructure-wide blast-radius events \u2014 modifying datacenter layout can disrupt all resources within the datacenter simultaneously. Always require a current topology snapshot and blast-radius review before advising any structural change. GDPR data residency requires verifying the datacenter region matches the declared processing location.",
     "last_verified": "2026-05-10",
     "path": "agents/ionos/ionos-datacenter-designer-reviewer-agent",
     "version": "0.1.0",
@@ -7651,7 +7915,7 @@
       "https://registry.terraform.io/providers/ionos-cloud/ionoscloud/latest/docs/resources/k8s_node_pool",
       "https://docs.ionos.com/cloud/"
     ],
-    "security_notes": "IONOS managed Kubernetes control-plane upgrades are irreversible — always confirm rollback plan and PDB coverage before advising an upgrade. Node pool scale-down may evict workloads without PDB protection. GDPR data residency applies to cluster region selection; verify cluster datacenter region matches the declared processing location.",
+    "security_notes": "IONOS managed Kubernetes control-plane upgrades are irreversible \u2014 always confirm rollback plan and PDB coverage before advising an upgrade. Node pool scale-down may evict workloads without PDB protection. GDPR data residency applies to cluster region selection; verify cluster datacenter region matches the declared processing location.",
     "last_verified": "2026-05-10",
     "path": "agents/ionos/ionos-kubernetes-platform-operator-agent",
     "version": "0.1.0",
@@ -7704,7 +7968,7 @@
       "https://api.ionos.com/docs/",
       "https://registry.terraform.io/providers/ionos-cloud/ionoscloud/latest/docs"
     ],
-    "security_notes": "Never attempt live IONOS Cloud API mutations from the routing layer. DCD topology changes have infrastructure-wide blast radius — classification must stay read-only and hand off to approval-gated specialists. Do not expose bearer tokens or customer control panel credentials in routing output.",
+    "security_notes": "Never attempt live IONOS Cloud API mutations from the routing layer. DCD topology changes have infrastructure-wide blast radius \u2014 classification must stay read-only and hand off to approval-gated specialists. Do not expose bearer tokens or customer control panel credentials in routing output.",
     "last_verified": "2026-05-10",
     "path": "agents/ionos/ionos-maestro-agent",
     "version": "0.1.0",
@@ -7742,7 +8006,7 @@
     "name": "Istio Ambient Mesh Review",
     "type": "agent",
     "provider": "istio",
-    "summary": "Review Istio ambient mesh configuration — ztunnel L4 vs waypoint L7 enforcement, AuthorizationPolicy scope, PeerAuthentication mTLS mode, RequestAuthentication JWKs, and gateway configuration for service mesh security posture.",
+    "summary": "Review Istio ambient mesh configuration \u2014 ztunnel L4 vs waypoint L7 enforcement, AuthorizationPolicy scope, PeerAuthentication mTLS mode, RequestAuthentication JWKs, and gateway configuration for service mesh security posture.",
     "path": "agents/istio/istio-ambient-mesh-review-agent",
     "harnesses": [
       "codex",
@@ -7760,7 +8024,7 @@
       "https://istio.io/latest/docs/ops/diagnostic-tools/istioctl-analyze/",
       "https://istio.io/latest/docs/tasks/security/authorization/"
     ],
-    "security_notes": "L7 AuthorizationPolicy in ambient mode without a waypoint is silently bypassed — ztunnel only enforces L4. PERMISSIVE PeerAuthentication in a production namespace is a critical finding.",
+    "security_notes": "L7 AuthorizationPolicy in ambient mode without a waypoint is silently bypassed \u2014 ztunnel only enforces L4. PERMISSIVE PeerAuthentication in a production namespace is a critical finding.",
     "source_type": "original",
     "version": "0.1.0"
   },
@@ -7787,7 +8051,7 @@
       "https://docs.kubecost.com/using-kubecost/navigating-the-kubecost-ui/savings",
       "https://docs.kubecost.com/apis/apis-overview"
     ],
-    "security_notes": "Kubecost cost allocation API without authentication exposes team-level spend data to any pod in the cluster. Multi-cluster Kubecost aggregation requires cross-cluster network access — review whether the aggregation network path is private or exposed.",
+    "security_notes": "Kubecost cost allocation API without authentication exposes team-level spend data to any pod in the cluster. Multi-cluster Kubecost aggregation requires cross-cluster network access \u2014 review whether the aggregation network path is private or exposed.",
     "last_verified": "2026-05-02",
     "path": "agents/kubernetes/kubecost-chargeback-allocation-review-agent",
     "version": "0.1.0"
@@ -7950,7 +8214,7 @@
       "https://kubernetes.io/docs/reference/kubectl/generated/kubectl_auth/",
       "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/"
     ],
-    "security_notes": "Capture current RBAC state before every mutation — no built-in rollback. Block escalate, bind, and impersonate verbs without platform-team approval. Never approve wildcard grants. Cached tokens remain valid after binding deletion until expiry. Per docs/least-privilege-rbac.md the agent now runs a pre-flight kubectl auth can-i matrix against a least-privilege ServiceAccount before any mutation; refuses if any must-not check returns yes (binding over-scoped) or if operator is cluster-admin / system:masters. References shipped: least-privilege-rbac.yaml (deny-by-default ClusterRole), rbac-pre-flight.md (positive + negative resourceName tests), refusal-list.md (universal one-way doors plus domain-specific HARD REFUSE list). Refuses to read or process credentials volunteered by the operator; uses only the in-pod ServiceAccount token at /var/run/secrets/kubernetes.io/serviceaccount/token.",
+    "security_notes": "Capture current RBAC state before every mutation \u2014 no built-in rollback. Block escalate, bind, and impersonate verbs without platform-team approval. Never approve wildcard grants. Cached tokens remain valid after binding deletion until expiry. Per docs/least-privilege-rbac.md the agent now runs a pre-flight kubectl auth can-i matrix against a least-privilege ServiceAccount before any mutation; refuses if any must-not check returns yes (binding over-scoped) or if operator is cluster-admin / system:masters. References shipped: least-privilege-rbac.yaml (deny-by-default ClusterRole), rbac-pre-flight.md (positive + negative resourceName tests), refusal-list.md (universal one-way doors plus domain-specific HARD REFUSE list). Refuses to read or process credentials volunteered by the operator; uses only the in-pod ServiceAccount token at /var/run/secrets/kubernetes.io/serviceaccount/token.",
     "last_verified": "2026-05-08",
     "path": "agents/kubernetes/kubernetes-live-rbac-mutation-guard-agent",
     "author": "github: Raishin",
@@ -7969,7 +8233,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Live-guard agent for Velero backup/restore operations on Kubernetes clusters — enforcing cluster context confirmation, restore scope review, dry-run gating, current-state capture, and explicit platform-team sign-off before any mutation.",
+    "summary": "Live-guard agent for Velero backup/restore operations on Kubernetes clusters \u2014 enforcing cluster context confirmation, restore scope review, dry-run gating, current-state capture, and explicit platform-team sign-off before any mutation.",
     "source_type": "original",
     "official_docs": [
       "https://velero.io/docs/latest/",
@@ -7978,7 +8242,7 @@
       "https://velero.io/docs/latest/locations/",
       "https://velero.io/docs/latest/hooks/"
     ],
-    "security_notes": "Velero restore with existingResourcePolicy:update can overwrite live RBAC resources, Secrets, and ServiceAccounts — equivalent to a partial cluster wipe. BSL credentials with write-only access prevent listing/deleting old backups, causing runaway storage costs. Never proceed with cluster-wide restores without explicit platform-team sign-off. Per docs/least-privilege-rbac.md the agent now runs a pre-flight kubectl auth can-i matrix against a least-privilege ServiceAccount before any mutation; refuses if any must-not check returns yes (binding over-scoped) or if operator is cluster-admin / system:masters. References shipped: least-privilege-rbac.yaml (deny-by-default ClusterRole), rbac-pre-flight.md (positive + negative resourceName tests), refusal-list.md (universal one-way doors plus domain-specific HARD REFUSE list). Refuses to read or process credentials volunteered by the operator; uses only the in-pod ServiceAccount token at /var/run/secrets/kubernetes.io/serviceaccount/token.",
+    "security_notes": "Velero restore with existingResourcePolicy:update can overwrite live RBAC resources, Secrets, and ServiceAccounts \u2014 equivalent to a partial cluster wipe. BSL credentials with write-only access prevent listing/deleting old backups, causing runaway storage costs. Never proceed with cluster-wide restores without explicit platform-team sign-off. Per docs/least-privilege-rbac.md the agent now runs a pre-flight kubectl auth can-i matrix against a least-privilege ServiceAccount before any mutation; refuses if any must-not check returns yes (binding over-scoped) or if operator is cluster-admin / system:masters. References shipped: least-privilege-rbac.yaml (deny-by-default ClusterRole), rbac-pre-flight.md (positive + negative resourceName tests), refusal-list.md (universal one-way doors plus domain-specific HARD REFUSE list). Refuses to read or process credentials volunteered by the operator; uses only the in-pod ServiceAccount token at /var/run/secrets/kubernetes.io/serviceaccount/token.",
     "last_verified": "2026-05-08",
     "path": "agents/kubernetes/kubernetes-live-velero-restore-guard-agent",
     "version": "0.1.0"
@@ -8026,7 +8290,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review raw Kubernetes YAML manifests for security, quality, and policy defects — deprecated APIs, missing securityContext, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and network exposure — statically, without applying manifests or contacting a cluster.",
+    "summary": "Review raw Kubernetes YAML manifests for security, quality, and policy defects \u2014 deprecated APIs, missing securityContext, absent resource limits, missing health probes, RBAC over-permission, plaintext secrets, and network exposure \u2014 statically, without applying manifests or contacting a cluster.",
     "source_type": "original",
     "official_docs": [
       "https://kubernetes.io/docs/concepts/security/pod-security-standards/",
@@ -8037,7 +8301,7 @@
       "https://github.com/yannh/kubeconform",
       "https://github.com/zegl/kube-score"
     ],
-    "security_notes": "Static review only — reads manifest YAML files, never applies manifests to a cluster, never connects to the Kubernetes API, and never requests kubeconfig, service account tokens, or cloud credentials. Do not accept manifests containing real secret values or connection strings decoded from base64; ask for sanitized versions with placeholder values.",
+    "security_notes": "Static review only \u2014 reads manifest YAML files, never applies manifests to a cluster, never connects to the Kubernetes API, and never requests kubeconfig, service account tokens, or cloud credentials. Do not accept manifests containing real secret values or connection strings decoded from base64; ask for sanitized versions with placeholder values.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/kubernetes-manifest-quality-review-agent",
     "version": "0.1.0"
@@ -8108,7 +8372,7 @@
     "name": "Kubernetes Pod Security Admission Review",
     "type": "agent",
     "provider": "kubernetes",
-    "summary": "Review Kubernetes Pod Security Admission namespace labels — enforce/audit/warn modes, privileged/baseline/restricted profiles, version pinning, cluster AdmissionConfiguration defaults, and migration from deprecated PodSecurityPolicy.",
+    "summary": "Review Kubernetes Pod Security Admission namespace labels \u2014 enforce/audit/warn modes, privileged/baseline/restricted profiles, version pinning, cluster AdmissionConfiguration defaults, and migration from deprecated PodSecurityPolicy.",
     "path": "agents/kubernetes/kubernetes-psa-review-agent",
     "harnesses": [
       "codex",
@@ -8126,7 +8390,7 @@
       "https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-admission-controller/",
       "https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/"
     ],
-    "security_notes": "A production namespace with no PSA label inherits cluster default which is privileged unless overridden — treat as critical finding. enforce-version latest changes profile semantics on every Kubernetes minor upgrade.",
+    "security_notes": "A production namespace with no PSA label inherits cluster default which is privileged unless overridden \u2014 treat as critical finding. enforce-version latest changes profile semantics on every Kubernetes minor upgrade.",
     "source_type": "original",
     "version": "0.1.0"
   },
@@ -8162,7 +8426,7 @@
     "name": "Kubernetes Workload Identity Review",
     "type": "agent",
     "provider": "kubernetes",
-    "summary": "Review Kubernetes workload identity configuration — IRSA, Azure Workload Identity, GKE Workload Identity, and generic OIDC projected token bindings — for trust policy scope, static credential fallback risk, token audience validation, and cross-account reuse.",
+    "summary": "Review Kubernetes workload identity configuration \u2014 IRSA, Azure Workload Identity, GKE Workload Identity, and generic OIDC projected token bindings \u2014 for trust policy scope, static credential fallback risk, token audience validation, and cross-account reuse.",
     "path": "agents/kubernetes/kubernetes-workload-identity-review-agent",
     "harnesses": [
       "codex",
@@ -8180,7 +8444,7 @@
       "https://kubernetes.io/docs/concepts/workloads/pods/service-accounts/",
       "https://openid.net/specs/openid-connect-core-1_0.html"
     ],
-    "security_notes": "OIDC trust policy with wildcard sub allows any pod in the cluster to assume the role. Static credentials in environment variables defeat workload identity migration — cloud SDKs search the credential chain in order and a leftover env var always wins.",
+    "security_notes": "OIDC trust policy with wildcard sub allows any pod in the cluster to assume the role. Static credentials in environment variables defeat workload identity migration \u2014 cloud SDKs search the credential chain in order and a leftover env var always wins.",
     "source_type": "original",
     "version": "0.1.0"
   },
@@ -8207,7 +8471,7 @@
       "https://kyverno.io/docs/policy-exceptions/",
       "https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/"
     ],
-    "security_notes": "failureAction: Audit in production is a critical finding — violations are logged but workloads are not blocked. PolicyException without expiry is an infinite escape hatch.",
+    "security_notes": "failureAction: Audit in production is a critical finding \u2014 violations are logged but workloads are not blocked. PolicyException without expiry is an infinite escape hatch.",
     "source_type": "original",
     "version": "0.1.0"
   },
@@ -8215,7 +8479,7 @@
     "id": "legal-contract-review-agent",
     "name": "Legal Contract Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8231,7 +8495,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized contract excerpts and never requests secrets, credentials, personal data, or trade secrets. Never redlines or issues binding contract language as a final decision; flags privileged material and routes to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized contract excerpts and never requests secrets, credentials, personal data, or trade secrets. Never redlines or issues binding contract language as a final decision; flags privileged material and routes to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-contract-review-agent",
     "version": "0.1.0"
@@ -8240,7 +8504,7 @@
     "id": "legal-counsel-review-agent",
     "name": "Legal Counsel Review Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8249,7 +8513,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Adversarial legal-risk reviewer for contracts, privacy, regulatory, litigation, compliance, and policy-exception questions — surfaces risks, evidence gaps, decision options, and escalation paths for qualified counsel. Does not give legal advice.",
+    "summary": "Adversarial legal-risk reviewer for contracts, privacy, regulatory, litigation, compliance, and policy-exception questions \u2014 surfaces risks, evidence gaps, decision options, and escalation paths for qualified counsel. Does not give legal advice.",
     "source_type": "original",
     "official_docs": [
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
@@ -8259,7 +8523,7 @@
       "https://www.oaic.gov.au/privacy/the-privacy-act",
       "https://www.law.cornell.edu/wex"
     ],
-    "security_notes": "Static review only — works from sanitized excerpts and never requests secrets, credentials, personal data, employee medical detail, or trade secrets. Never issues binding legal conclusions; flags privileged material and recommends escalation to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized excerpts and never requests secrets, credentials, personal data, employee medical detail, or trade secrets. Never issues binding legal conclusions; flags privileged material and recommends escalation to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-counsel-review-agent/",
     "harness_variants": {
@@ -8283,7 +8547,7 @@
     "id": "legal-employment-law-risk-agent",
     "name": "Legal Employment Law Risk Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8292,14 +8556,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Adversarial employment-law risk reviewer for HR matters — flags employment-law exposure, escalation needs, documentation gaps, and counsel-review requirements. Does not make HR decisions and does not give legal advice.",
+    "summary": "Adversarial employment-law risk reviewer for HR matters \u2014 flags employment-law exposure, escalation needs, documentation gaps, and counsel-review requirements. Does not make HR decisions and does not give legal advice.",
     "source_type": "original",
     "official_docs": [
       "https://www.law.cornell.edu/wex",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized HR summaries and never requests medical detail, immigration documents, compensation records, investigation notes, or employee identifiers beyond what the matter requires. Never makes an HR or employment decision and never recommends adverse action; flags privileged material and routes to qualified employment counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized HR summaries and never requests medical detail, immigration documents, compensation records, investigation notes, or employee identifiers beyond what the matter requires. Never makes an HR or employment decision and never recommends adverse action; flags privileged material and routes to qualified employment counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-employment-law-risk-agent",
     "version": "0.1.0"
@@ -8308,7 +8572,7 @@
     "id": "legal-ethics-investigations-agent",
     "name": "Legal Ethics and Investigations Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8324,7 +8588,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests privileged communications, credentials, or personal data beyond what the matter requires. Protects whistleblower confidentiality, never contacts subjects or witnesses, and routes executive-misconduct matters to board and audit escalation. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests privileged communications, credentials, or personal data beyond what the matter requires. Protects whistleblower confidentiality, never contacts subjects or witnesses, and routes executive-misconduct matters to board and audit escalation. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-ethics-investigations-agent",
     "version": "0.1.0"
@@ -8333,7 +8597,7 @@
     "id": "legal-ip-open-source-agent",
     "name": "Legal IP and Open Source Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8349,7 +8613,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, trade secrets, or personal data beyond what the matter requires. Never opines on infringement or freedom-to-operate as a conclusion; routes patent and infringement questions to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, trade secrets, or personal data beyond what the matter requires. Never opines on infringement or freedom-to-operate as a conclusion; routes patent and infringement questions to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-ip-open-source-agent",
     "version": "0.1.0"
@@ -8358,7 +8622,7 @@
     "id": "legal-knowledge-management-agent",
     "name": "Legal Knowledge Management Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8374,7 +8638,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, personal data, privileged communications, or trade secrets beyond what the matter requires. Never presents a playbook or template as binding legal advice; marks all knowledge assets as needing counsel review. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, personal data, privileged communications, or trade secrets beyond what the matter requires. Never presents a playbook or template as binding legal advice; marks all knowledge assets as needing counsel review. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-knowledge-management-agent",
     "version": "0.1.0"
@@ -8383,7 +8647,7 @@
     "id": "legal-litigation-discovery-hold-agent",
     "name": "Legal Litigation and Discovery Hold Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8399,7 +8663,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests privileged communications, credentials, or personal data beyond what the matter requires. Never advises destruction or deletion of potentially relevant records; flags privileged and work-product material and routes to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests privileged communications, credentials, or personal data beyond what the matter requires. Never advises destruction or deletion of potentially relevant records; flags privileged and work-product material and routes to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-litigation-discovery-hold-agent",
     "version": "0.1.0"
@@ -8408,7 +8672,7 @@
     "id": "legal-maestro-agent",
     "name": "Legal Maestro Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8417,14 +8681,14 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Routes legal matters to the right legal specialist agent and coordinates multi-agent legal review using the Legal-HR routing protocol, case capsule, and risk taxonomy. Classification and coordination only — does not give legal advice or make final legal decisions.",
+    "summary": "Routes legal matters to the right legal specialist agent and coordinates multi-agent legal review using the Legal-HR routing protocol, case capsule, and risk taxonomy. Classification and coordination only \u2014 does not give legal advice or make final legal decisions.",
     "source_type": "original",
     "official_docs": [
       "https://www.nist.gov/privacy-framework",
       "https://www.eeoc.gov",
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
     ],
-    "security_notes": "Classification and coordination only — routes from sanitized signals and never requests secrets, credentials, medical detail, government IDs, or protected-class data. Never makes a final legal, regulatory, settlement, or disclosure decision; expresses every handoff as a redacted case capsule with a named human decision owner. Does not form an attorney-client relationship.",
+    "security_notes": "Classification and coordination only \u2014 routes from sanitized signals and never requests secrets, credentials, medical detail, government IDs, or protected-class data. Never makes a final legal, regulatory, settlement, or disclosure decision; expresses every handoff as a redacted case capsule with a named human decision owner. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-maestro-agent",
     "version": "0.1.0"
@@ -8433,7 +8697,7 @@
     "id": "legal-policy-governance-agent",
     "name": "Legal Policy and Governance Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8449,7 +8713,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, personal data, or identifiers beyond what the matter requires. Never approves a policy or policy exception; flags authority and segregation-of-duties gaps and routes to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, personal data, or identifiers beyond what the matter requires. Never approves a policy or policy exception; flags authority and segregation-of-duties gaps and routes to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-policy-governance-agent",
     "version": "0.1.0"
@@ -8458,7 +8722,7 @@
     "id": "legal-privacy-data-protection-agent",
     "name": "Legal Privacy and Data Protection Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8474,7 +8738,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests raw personal data, special-category data, credentials, or identifiers beyond what the matter requires. Never confirms a transfer mechanism or processing activity is adequate or compliant; routes to qualified counsel and the privacy owner. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests raw personal data, special-category data, credentials, or identifiers beyond what the matter requires. Never confirms a transfer mechanism or processing activity is adequate or compliant; routes to qualified counsel and the privacy owner. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-privacy-data-protection-agent",
     "version": "0.1.0"
@@ -8483,7 +8747,7 @@
     "id": "legal-public-disclosure-agent",
     "name": "Legal Public Disclosure Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8499,7 +8763,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, personal data, or non-public material information beyond what the matter requires. Never makes a materiality determination or disclosure decision; routes securities-law-sensitive matters to the disclosure committee and qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, personal data, or non-public material information beyond what the matter requires. Never makes a materiality determination or disclosure decision; routes securities-law-sensitive matters to the disclosure committee and qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-public-disclosure-agent",
     "version": "0.1.0"
@@ -8508,7 +8772,7 @@
     "id": "legal-regulatory-compliance-agent",
     "name": "Legal Regulatory Compliance Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8524,7 +8788,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests credentials, personal data, or identifiers beyond what the matter requires. Never confirms a control or program is compliant; requires current authoritative agency sources and routes to qualified counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests credentials, personal data, or identifiers beyond what the matter requires. Never confirms a control or program is compliant; requires current authoritative agency sources and routes to qualified counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-regulatory-compliance-agent",
     "version": "0.1.0"
@@ -8533,7 +8797,7 @@
     "id": "legal-vendor-procurement-risk-agent",
     "name": "Legal Vendor and Procurement Risk Agent",
     "type": "agent",
-    "provider": "generic",
+    "provider": "legal",
     "harnesses": [
       "codex",
       "copilot",
@@ -8549,7 +8813,7 @@
       "https://eur-lex.europa.eu/eli/reg/2016/679/oj",
       "https://www.nist.gov/privacy-framework"
     ],
-    "security_notes": "Static review only — works from sanitized summaries and never requests secrets, credentials, personal data, or trade secrets. Never approves a vendor or contract; routes employee-data vendors to the privacy reviewer and flags privileged material for counsel. Does not form an attorney-client relationship.",
+    "security_notes": "Static review only \u2014 works from sanitized summaries and never requests secrets, credentials, personal data, or trade secrets. Never approves a vendor or contract; routes employee-data vendors to the privacy reviewer and flags privileged material for counsel. Does not form an attorney-client relationship.",
     "last_verified": "2026-05-18",
     "path": "agents/legal/legal-vendor-procurement-risk-agent",
     "version": "0.1.0"
@@ -8567,7 +8831,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review an LLM or AI pipeline's evaluation setup for test-quality defects — missing hallucination, relevancy, faithfulness, bias, toxicity, and tool-correctness metrics; absent golden datasets; unthresholded or single-shot evals; and no regression gate across model versions. Static review only.",
+    "summary": "Review an LLM or AI pipeline's evaluation setup for test-quality defects \u2014 missing hallucination, relevancy, faithfulness, bias, toxicity, and tool-correctness metrics; absent golden datasets; unthresholded or single-shot evals; and no regression gate across model versions. Static review only.",
     "source_type": "original",
     "official_docs": [
       "https://docs.confident-ai.com/",
@@ -8578,7 +8842,7 @@
       "https://docs.confident-ai.com/docs/metrics-tool-correctness",
       "https://www.istqb.org/certifications/certified-tester-foundation-level"
     ],
-    "security_notes": "Static review only — reads eval configuration and test source; never calls LLM APIs, never runs evaluations, never requests model API keys or inference endpoints. Do not accept eval fixtures containing real user PII, private prompt chains, or model weights; ask for sanitized configurations.",
+    "security_notes": "Static review only \u2014 reads eval configuration and test source; never calls LLM APIs, never runs evaluations, never requests model API keys or inference endpoints. Do not accept eval fixtures containing real user PII, private prompt chains, or model weights; ask for sanitized configurations.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/llm-ai-pipeline-test-review-agent",
     "version": "0.1.0"
@@ -8596,7 +8860,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review custom-audience and lookalike-audience upload specifications for hashing adequacy, PII field scope, consent-basis validity, and platform data-sharing restrictions before upload to Meta, Google, LinkedIn, or TikTok — catching underhashed identifiers, consent-scope mismatches, and re-identification surfaces.",
+    "summary": "Review custom-audience and lookalike-audience upload specifications for hashing adequacy, PII field scope, consent-basis validity, and platform data-sharing restrictions before upload to Meta, Google, LinkedIn, or TikTok \u2014 catching underhashed identifiers, consent-scope mismatches, and re-identification surfaces.",
     "companion_skills": [
       "lookalike-audience-upload-compliance-review"
     ],
@@ -8636,7 +8900,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review marketing consent posture — CMP banner config, tag-manager containers, Consent Mode wiring, and cookie policy — for GDPR/ePrivacy/CCPA correctness, dark patterns, and undisclosed trackers.",
+    "summary": "Review marketing consent posture \u2014 CMP banner config, tag-manager containers, Consent Mode wiring, and cookie policy \u2014 for GDPR/ePrivacy/CCPA correctness, dark patterns, and undisclosed trackers.",
     "companion_skills": [
       "marketing-consent-data-collection-review"
     ],
@@ -8676,7 +8940,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review marketing conversion flow specifications — subscription sign-up, upsell interstitial, free-trial enrollment, and cancellation path — for dark-pattern practices that invalidate consent or constitute unfair or deceptive acts under FTC Section 5, the FTC Negative Option Rule, CPRA, and EU AI Act Article 5(1)(b).",
+    "summary": "Review marketing conversion flow specifications \u2014 subscription sign-up, upsell interstitial, free-trial enrollment, and cancellation path \u2014 for dark-pattern practices that invalidate consent or constitute unfair or deceptive acts under FTC Section 5, the FTC Negative Option Rule, CPRA, and EU AI Act Article 5(1)(b).",
     "companion_skills": [
       "marketing-conversion-flow-dark-pattern-review"
     ],
@@ -8688,7 +8952,7 @@
       "https://oag.ca.gov/privacy/ccpa",
       "https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized UX flow specifications and annotated wireframes only; never requests real payment credentials, live user-session data, or production A/B-test results containing real user identities. Findings may indicate FTC civil penalty exposure — the agent surfaces that possibility and routes enforcement-risk assessment to qualified legal counsel rather than quantifying penalties.",
+    "security_notes": "Read-only advisory. Works from sanitized UX flow specifications and annotated wireframes only; never requests real payment credentials, live user-session data, or production A/B-test results containing real user identities. Findings may indicate FTC civil penalty exposure \u2014 the agent surfaces that possibility and routes enforcement-risk assessment to qualified legal counsel rather than quantifying penalties.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/marketing-conversion-flow-dark-pattern-review-agent/",
     "harness_variants": {
@@ -8728,7 +8992,7 @@
       "https://oag.ca.gov/privacy/ccpa",
       "https://www.canada.ca/en/radio-television-telecommunications/news/2014/07/compliance-and-enforcement-information-bulletin-crtc-2014-326.html"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized CRM/ESP exports only — placeholder values for all subscriber PII; never requests real email addresses, subscriber IDs, CRM credentials, or ESP API keys. Findings of ongoing deletion-SLA breaches or broken CASL consent chains are routed to legal counsel and incident response, not resolved by the agent.",
+    "security_notes": "Read-only advisory. Works from sanitized CRM/ESP exports only \u2014 placeholder values for all subscriber PII; never requests real email addresses, subscriber IDs, CRM credentials, or ESP API keys. Findings of ongoing deletion-SLA breaches or broken CASL consent chains are routed to legal counsel and incident response, not resolved by the agent.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/marketing-email-list-retention-review-agent/",
     "harness_variants": {
@@ -8768,7 +9032,7 @@
       "https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB566",
       "https://oag.ca.gov/privacy/ccpa"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized tag-manager container exports and CMP configuration exports only; never requests live consent logs, visitor opt-out records, or ad-platform credentials. Findings of non-compliance may constitute evidence in a CPPA enforcement proceeding — legal determinations are routed to qualified privacy counsel, not decided by this agent.",
+    "security_notes": "Read-only advisory. Works from sanitized tag-manager container exports and CMP configuration exports only; never requests live consent logs, visitor opt-out records, or ad-platform credentials. Findings of non-compliance may constitute evidence in a CPPA enforcement proceeding \u2014 legal determinations are routed to qualified privacy counsel, not decided by this agent.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/marketing-gpc-signal-honoring-review-agent/",
     "harness_variants": {
@@ -8803,7 +9067,7 @@
       "https://oag.ca.gov/privacy/ccpa",
       "https://developers.google.com/tag-platform/security/guides/consent"
     ],
-    "security_notes": "Read-only routing agent. Never accepts, stores, or relays real visitor data, consent-string archives, ad-platform credentials, API keys, OAuth tokens, or tenant data. No external API calls made directly — all artifact review delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet.",
+    "security_notes": "Read-only routing agent. Never accepts, stores, or relays real visitor data, consent-string archives, ad-platform credentials, API keys, OAuth tokens, or tenant data. No external API calls made directly \u2014 all artifact review delegated to dispatched specialists. No auto-mutation: any mutating specialist dispatch requires an explicit human approval gate and a handoff packet.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/marketing-maestro-agent",
     "author": "github: Raishin",
@@ -8836,7 +9100,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review advertising pixels and conversion event tracking for personal-data leakage to ad networks — PII in payloads, form-field auto-capture, pixels on sensitive pages, and unhashed identifier transmission.",
+    "summary": "Review advertising pixels and conversion event tracking for personal-data leakage to ad networks \u2014 PII in payloads, form-field auto-capture, pixels on sensitive pages, and unhashed identifier transmission.",
     "companion_skills": [
       "marketing-pixel-data-leakage-review"
     ],
@@ -8848,7 +9112,7 @@
       "https://support.google.com/google-ads/answer/9888656",
       "https://owasp.org/www-project-top-ten/"
     ],
-    "security_notes": "Read-only advisory. Works from sanitized payloads and container exports only; never requests real visitor data, conversion logs, or ad-platform credentials. A leak found here may be a reportable breach — the agent surfaces that possibility and routes the determination to counsel and incident response rather than deciding it.",
+    "security_notes": "Read-only advisory. Works from sanitized payloads and container exports only; never requests real visitor data, conversion logs, or ad-platform credentials. A leak found here may be a reportable breach \u2014 the agent surfaces that possibility and routes the determination to counsel and incident response rather than deciding it.",
     "last_verified": "2026-05-17",
     "path": "agents/marketing/marketing-pixel-data-leakage-review-agent/",
     "harness_variants": {
@@ -8876,7 +9140,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review access governance across a marketing technology stack — OAuth connected apps, API keys, CRM and marketing-automation roles, and integration scopes — for least-privilege violations, shared and stale credentials, and missing ownership.",
+    "summary": "Review access governance across a marketing technology stack \u2014 OAuth connected apps, API keys, CRM and marketing-automation roles, and integration scopes \u2014 for least-privilege violations, shared and stale credentials, and missing ownership.",
     "companion_skills": [
       "martech-access-governance-review"
     ],
@@ -8916,7 +9180,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review agentic-AI platforms built on the NVIDIA stack per NCP-AAI — NeMo Agent Toolkit, NIM-as-tool, retrieval pipelines, tool-use safety, agent memory boundaries, and audit logging.",
+    "summary": "Review agentic-AI platforms built on the NVIDIA stack per NCP-AAI \u2014 NeMo Agent Toolkit, NIM-as-tool, retrieval pipelines, tool-use safety, agent memory boundaries, and audit logging.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -8949,7 +9213,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA GPU infrastructure (DGX/HGX/MGX) against NVIDIA reference architectures, the AI Enterprise support matrix, and the NCA-AIIO and NCP-AII certification bodies of knowledge — driver/firmware/CUDA alignment, BMC segmentation, ECC, persistence, and MIG posture.",
+    "summary": "Review NVIDIA GPU infrastructure (DGX/HGX/MGX) against NVIDIA reference architectures, the AI Enterprise support matrix, and the NCA-AIIO and NCP-AII certification bodies of knowledge \u2014 driver/firmware/CUDA alignment, BMC segmentation, ECC, persistence, and MIG posture.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -8982,7 +9246,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA AI fabric posture per NCP-AIN — Spectrum-X / InfiniBand topology, NCCL collective tuning, RoCEv2 lossless config, congestion control, and east-west isolation between training jobs.",
+    "summary": "Review NVIDIA AI fabric posture per NCP-AIN \u2014 Spectrum-X / InfiniBand topology, NCCL collective tuning, RoCEv2 lossless config, congestion control, and east-west isolation between training jobs.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -9015,7 +9279,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review day-2 operational posture of NVIDIA GPU fleets per NCP-AIO — DCGM exporter coverage, MIG lifecycle, Xid signature to runbook mapping, and gated driver/firmware upgrade discipline.",
+    "summary": "Review day-2 operational posture of NVIDIA GPU fleets per NCP-AIO \u2014 DCGM exporter coverage, MIG lifecycle, Xid signature to runbook mapping, and gated driver/firmware upgrade discipline.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -9048,7 +9312,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of CUDA C/C++ kernel sources against the NVIDIA CUDA C++ Programming Guide, CUDA Best Practices Guide, and Nsight Compute documentation — memory coalescing, shared-memory bank conflicts, occupancy, register pressure, stream concurrency, kernel launch parameters.",
+    "summary": "Doc-anchored static review of CUDA C/C++ kernel sources against the NVIDIA CUDA C++ Programming Guide, CUDA Best Practices Guide, and Nsight Compute documentation \u2014 memory coalescing, shared-memory bank conflicts, occupancy, register pressure, stream concurrency, kernel launch parameters.",
     "source_type": "original",
     "official_docs": [
       "https://docs.nvidia.com/cuda/cuda-c-programming-guide/",
@@ -9057,7 +9321,7 @@
       "https://docs.nvidia.com/nsight-systems/",
       "https://docs.nvidia.com/cuda/profiler-users-guide/"
     ],
-    "security_notes": "Static review only — the skill never executes nvcc, nsight-compute, or nsight-systems. It outputs the recommended invocation as text for the user to run on their own GPU host. Treat CUDA samples that disable bounds checking, copy host pointers across context boundaries, or use `cudaMallocManaged` without prefetch hints as findings rather than as patterns to imitate.",
+    "security_notes": "Static review only \u2014 the skill never executes nvcc, nsight-compute, or nsight-systems. It outputs the recommended invocation as text for the user to run on their own GPU host. Treat CUDA samples that disable bounds checking, copy host pointers across context boundaries, or use `cudaMallocManaged` without prefetch hints as findings rather than as patterns to imitate.",
     "last_verified": "2026-05-10",
     "path": "agents/nvidia/nvidia-cuda-kernel-performance-review-agent/",
     "companion_skills": [
@@ -9088,7 +9352,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA generative-AI platforms per NCA-GENL / NCA-GENM / NCP-GENL — NeMo training and customization, NIM inference microservices, model card and weights provenance, evaluation harness, and guardrails posture.",
+    "summary": "Review NVIDIA generative-AI platforms per NCA-GENL / NCA-GENM / NCP-GENL \u2014 NeMo training and customization, NIM inference microservices, model card and weights provenance, evaluation harness, and guardrails posture.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -9121,7 +9385,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NVIDIA GPU Operator on Kubernetes — device plugin, MIG manager, node feature discovery, time-sliced GPUs, container toolkit, securityContext posture, and namespace tenancy boundaries.",
+    "summary": "Review NVIDIA GPU Operator on Kubernetes \u2014 device plugin, MIG manager, node feature discovery, time-sliced GPUs, container toolkit, securityContext posture, and namespace tenancy boundaries.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -9201,7 +9465,7 @@
       "https://oras.land/docs/category/oras-commands",
       "https://github.com/anchore/grype"
     ],
-    "security_notes": "Live agent. Allowlist locks every Bash invocation to nvcr.io/* targets and to fixed argv shapes. Egress restricted to nvcr.io and Sigstore endpoints. Default mode is static (no egress); runtime mode is per-session opt-in. Sigstore unreachable degrades to manual-review, never auto-pass. Read-only — no docker pull, no kubectl, no registry write, no sign action (operator signs the attestation). Credential flag values scrubbed from provenance output.",
+    "security_notes": "Live agent. Allowlist locks every Bash invocation to nvcr.io/* targets and to fixed argv shapes. Egress restricted to nvcr.io and Sigstore endpoints. Default mode is static (no egress); runtime mode is per-session opt-in. Sigstore unreachable degrades to manual-review, never auto-pass. Read-only \u2014 no docker pull, no kubectl, no registry write, no sign action (operator signs the attestation). Credential flag values scrubbed from provenance output.",
     "last_verified": "2026-05-11",
     "path": "agents/nvidia/nvidia-model-promotion-gatekeeper-agent/",
     "companion_skills": [
@@ -9229,7 +9493,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review NGC and NIM supply chain posture — NGC org/team boundaries, API key scope and rotation, NIM container cosign verification, model card and weights provenance, AI Enterprise license posture, and air-gap mirror integrity.",
+    "summary": "Review NGC and NIM supply chain posture \u2014 NGC org/team boundaries, API key scope and rotation, NIM container cosign verification, model card and weights provenance, AI Enterprise license posture, and air-gap mirror integrity.",
     "source_type": "original",
     "official_docs": [
       "https://www.nvidia.com/en-us/learn/certification/",
@@ -9262,7 +9526,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of TensorRT and TensorRT-LLM deployment pipelines against the NVIDIA TensorRT Developer Guide and TensorRT-LLM documentation — ONNX/PyTorch export, precision selection, calibration integrity, dynamic shapes, plugin trust boundaries, engine cache provenance.",
+    "summary": "Doc-anchored static review of TensorRT and TensorRT-LLM deployment pipelines against the NVIDIA TensorRT Developer Guide and TensorRT-LLM documentation \u2014 ONNX/PyTorch export, precision selection, calibration integrity, dynamic shapes, plugin trust boundaries, engine cache provenance.",
     "source_type": "original",
     "official_docs": [
       "https://docs.nvidia.com/deeplearning/tensorrt/developer-guide/",
@@ -9271,7 +9535,7 @@
       "https://docs.nvidia.com/deeplearning/tensorrt-llm/",
       "https://docs.nvidia.com/deeplearning/tensorrt/api/"
     ],
-    "security_notes": "TensorRT custom plugins load arbitrary native code into the inference process; any plugin pulled from a non-vetted source is an RCE primitive. Serialized TensorRT engines (`.engine`, `.plan`) are not signed by default — silent substitution of an engine yields silent model substitution. INT8 calibration data is unredacted production traffic by definition and is a confidentiality risk if it leaks. The skill never executes `trtexec`, `polygraphy`, or `tensorrt_llm/build.py` — it outputs the recommended invocation as text.",
+    "security_notes": "TensorRT custom plugins load arbitrary native code into the inference process; any plugin pulled from a non-vetted source is an RCE primitive. Serialized TensorRT engines (`.engine`, `.plan`) are not signed by default \u2014 silent substitution of an engine yields silent model substitution. INT8 calibration data is unredacted production traffic by definition and is a confidentiality risk if it leaks. The skill never executes `trtexec`, `polygraphy`, or `tensorrt_llm/build.py` \u2014 it outputs the recommended invocation as text.",
     "last_verified": "2026-05-10",
     "path": "agents/nvidia/nvidia-tensorrt-llm-deployment-review-agent/",
     "companion_skills": [
@@ -9302,7 +9566,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Doc-anchored static review of Triton Inference Server deployments against the NVIDIA Triton Inference Server documentation — model repository layout, dynamic batching, ensemble pipelines, custom backend trust, gRPC/HTTP auth, response cache, rate-limit and metrics endpoints.",
+    "summary": "Doc-anchored static review of Triton Inference Server deployments against the NVIDIA Triton Inference Server documentation \u2014 model repository layout, dynamic batching, ensemble pipelines, custom backend trust, gRPC/HTTP auth, response cache, rate-limit and metrics endpoints.",
     "source_type": "original",
     "official_docs": [
       "https://docs.nvidia.com/deeplearning/triton-inference-server/user-guide/docs/",
@@ -9311,7 +9575,7 @@
       "https://github.com/triton-inference-server/server/blob/main/docs/customization_guide/inference_protocols.md",
       "https://github.com/triton-inference-server/server/blob/main/docs/user_guide/architecture.md"
     ],
-    "security_notes": "Triton custom Python and C++ backends execute arbitrary code in the server process — any backend pulled from a non-vetted source is an RCE primitive. Default gRPC and HTTP endpoints are anonymous; auth is the operator's responsibility via reverse-proxy or `--grpc-restricted-protocol`. Model files in `model_repository/` are unsigned at rest. The response cache, when enabled, can be poisoned across tenants if requests are not partitioned. The skill never starts `tritonserver` or sends inference requests — it outputs `tritonserver` and `perf_analyzer` invocations as text.",
+    "security_notes": "Triton custom Python and C++ backends execute arbitrary code in the server process \u2014 any backend pulled from a non-vetted source is an RCE primitive. Default gRPC and HTTP endpoints are anonymous; auth is the operator's responsibility via reverse-proxy or `--grpc-restricted-protocol`. Model files in `model_repository/` are unsigned at rest. The response cache, when enabled, can be poisoned across tenants if requests are not partitioned. The skill never starts `tritonserver` or sends inference requests \u2014 it outputs `tritonserver` and `perf_analyzer` invocations as text.",
     "last_verified": "2026-05-10",
     "path": "agents/nvidia/nvidia-triton-inference-serving-review-agent/",
     "companion_skills": [
@@ -9375,7 +9639,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengusingworkloadidentity.htm",
       "https://github.com/oracle/oci-native-ingress-controller"
     ],
-    "security_notes": "Instance Principal auth for cert-manager on OKE means ANY pod on the node can call the OCI Certificates API using the instance metadata endpoint — not just cert-manager. Use OKE Workload Identity to scope cert-issuance permissions to the cert-manager ServiceAccount only. IAM policy with 'manage certificate-authorities' grants delete and update CA permissions, which is excessive for cert-manager.",
+    "security_notes": "Instance Principal auth for cert-manager on OKE means ANY pod on the node can call the OCI Certificates API using the instance metadata endpoint \u2014 not just cert-manager. Use OKE Workload Identity to scope cert-issuance permissions to the cert-manager ServiceAccount only. IAM policy with 'manage certificate-authorities' grants delete and update CA permissions, which is excessive for cert-manager.",
     "last_verified": "2026-05-02",
     "path": "agents/oci/oci-certificates-issuer-review-agent",
     "version": "0.1.0"
@@ -9726,7 +9990,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbcloning.htm",
       "https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/adbbackingup.htm"
     ],
-    "security_notes": "ADB termination is permanent — the database and all backups are deleted. Always verify protection tags before any terminate operation. ADB storage scale-up cannot be reversed. Termination blocked by defined-tag protection requires explicit tag removal approval.",
+    "security_notes": "ADB termination is permanent \u2014 the database and all backups are deleted. Always verify protection tags before any terminate operation. ADB storage scale-up cannot be reversed. Termination blocked by defined-tag protection requires explicit tag removal approval.",
     "last_verified": "2026-04-30",
     "path": "agents/oci/oci-live-autonomous-db-lifecycle-guard-agent",
     "author": "github: Raishin",
@@ -9753,7 +10017,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagsandtagnamespaces.htm",
       "https://docs.oracle.com/en-us/iaas/Content/General/Concepts/resourcequotas.htm"
     ],
-    "security_notes": "GPU/HPC shapes (BM.GPU4.8, A100, BM.HPC2.36) can generate six-figure monthly costs when left running. Never approve quota increases or budget threshold raises without explicit financial-authority approval. Emergency stop requires Compute operator rights — escalate if not held.",
+    "security_notes": "GPU/HPC shapes (BM.GPU4.8, A100, BM.HPC2.36) can generate six-figure monthly costs when left running. Never approve quota increases or budget threshold raises without explicit financial-authority approval. Emergency stop requires Compute operator rights \u2014 escalate if not held.",
     "last_verified": "2026-04-30",
     "path": "agents/oci/oci-live-cost-budget-runaway-guard-agent",
     "author": "github: Raishin",
@@ -9808,7 +10072,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/update-securitylist.htm",
       "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/path_analyzer.htm"
     ],
-    "security_notes": "oci network security-list update is a full replace — always capture current rules before writing. Never approve 0.0.0.0/0 ingress on database subnets. Enable VCN Flow Logs before any rule change.",
+    "security_notes": "oci network security-list update is a full replace \u2014 always capture current rules before writing. Never approve 0.0.0.0/0 ingress on database subnets. Enable VCN Flow Logs before any rule change.",
     "last_verified": "2026-05-01",
     "path": "agents/oci/oci-live-network-security-rule-guard-agent",
     "author": "github: Raishin",
@@ -9835,7 +10099,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/devops/using/canaryoke_deploy.htm",
       "https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm"
     ],
-    "security_notes": "Never advance an OKE rollout past an approval stage without rollout status and PDB health evidence. kubectl rollout undo is irreversible in the sense that the prior version may not be identical to the deployed artifact — confirm target revision before undo.",
+    "security_notes": "Never advance an OKE rollout past an approval stage without rollout status and PDB health evidence. kubectl rollout undo is irreversible in the sense that the prior version may not be identical to the deployed artifact \u2014 confirm target revision before undo.",
     "last_verified": "2026-04-30",
     "path": "agents/oci/oci-live-oke-rollout-guard-agent",
     "author": "github: Raishin",
@@ -9933,7 +10197,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Per-cloud router agent for OCI. Classifies the user's task, selects the narrowest OCI specialist agent or the right team of specialists from the catalog, and dispatches them — single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents.",
+    "summary": "Per-cloud router agent for OCI. Classifies the user's task, selects the narrowest OCI specialist agent or the right team of specialists from the catalog, and dispatches them \u2014 single specialist for focused tasks, parallel team (max 4) for multi-domain tasks. Never auto-dispatches live-guard agents.",
     "source_type": "adapted",
     "official_docs": [
       "https://docs.oracle.com/en-us/iaas/Content/home.htm",
@@ -9942,7 +10206,7 @@
       "https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_guide.htm",
       "https://docs.oracle.com/en-us/iaas/Content/GSG/Concepts/baremetalintro.htm"
     ],
-    "security_notes": "Live-guard gate is non-negotiable. The 6 live-guard agents (oci-live-autonomous-db-lifecycle-guard-agent, oci-live-cost-budget-runaway-guard-agent, oci-live-iam-policy-compartment-guard-agent, oci-live-oke-rollout-guard-agent, oci-live-resource-manager-stack-guard-agent, oci-live-vault-key-destruction-guard-agent) must never be auto-dispatched. OCI IAM policy deletion at the tenancy root has tenancy-wide blast radius and cannot be undone by the agent. Vault key destruction is irreversible — all data encrypted with the destroyed key becomes permanently unrecoverable. Both require explicit human confirmation, blast-radius assessment, and a documented rollback path before dispatch.",
+    "security_notes": "Live-guard gate is non-negotiable. The 6 live-guard agents (oci-live-autonomous-db-lifecycle-guard-agent, oci-live-cost-budget-runaway-guard-agent, oci-live-iam-policy-compartment-guard-agent, oci-live-oke-rollout-guard-agent, oci-live-resource-manager-stack-guard-agent, oci-live-vault-key-destruction-guard-agent) must never be auto-dispatched. OCI IAM policy deletion at the tenancy root has tenancy-wide blast radius and cannot be undone by the agent. Vault key destruction is irreversible \u2014 all data encrypted with the destroyed key becomes permanently unrecoverable. Both require explicit human confirmation, blast-radius assessment, and a documented rollback path before dispatch.",
     "last_verified": "2026-04-30",
     "path": "agents/oci/oci-maestro-agent",
     "harness_variants": {
@@ -10359,7 +10623,7 @@
     "name": "OpenTelemetry Collector Config Review",
     "type": "agent",
     "provider": "opentelemetry",
-    "summary": "Review OpenTelemetry Collector pipeline configuration — receiver/processor/exporter ordering, memory_limiter placement, batch processor tuning, exporter backend validation, Operator CRDs, and pipeline health metrics.",
+    "summary": "Review OpenTelemetry Collector pipeline configuration \u2014 receiver/processor/exporter ordering, memory_limiter placement, batch processor tuning, exporter backend validation, Operator CRDs, and pipeline health metrics.",
     "path": "agents/opentelemetry/opentelemetry-collector-config-review-agent",
     "harnesses": [
       "codex",
@@ -10377,7 +10641,7 @@
       "https://opentelemetry.io/docs/kubernetes/operator/",
       "https://opentelemetry.io/docs/collector/internal-telemetry/"
     ],
-    "security_notes": "Pipeline with a receiver and processor but no exporter silently drops all telemetry. memory_limiter must be the first processor — placing it after batch processor means the collector OOMs under burst load.",
+    "security_notes": "Pipeline with a receiver and processor but no exporter silently drops all telemetry. memory_limiter must be the first processor \u2014 placing it after batch processor means the collector OOMs under burst load.",
     "source_type": "original",
     "version": "0.1.0"
   },
@@ -10539,7 +10803,7 @@
       "claude-code",
       "cursor"
     ],
-    "summary": "Execute an existing Playwright E2E suite against an operator-confirmed non-production target and emit a structured run attestation — pass/fail/flaky counts and trace artifact locations. Read-only-runtime tier.",
+    "summary": "Execute an existing Playwright E2E suite against an operator-confirmed non-production target and emit a structured run attestation \u2014 pass/fail/flaky counts and trace artifact locations. Read-only-runtime tier.",
     "source_type": "original",
     "official_docs": [
       "https://playwright.dev/docs/test-cli",
@@ -10548,7 +10812,7 @@
       "https://playwright.dev/docs/trace-viewer",
       "https://playwright.dev/docs/ci"
     ],
-    "security_notes": "Live-execution agent, read-only-runtime tier. Default mode is static and runs nothing; runtime execution is a per-session opt-in requiring explicit operator confirmation of a non-production target. Allowlisted commands only — npx playwright test, install, show-report. Refuses production targets. Never accepts or echoes credentials, tokens, or storageState. Incomplete runs degrade to manual-review, never auto-pass.",
+    "security_notes": "Live-execution agent, read-only-runtime tier. Default mode is static and runs nothing; runtime execution is a per-session opt-in requiring explicit operator confirmation of a non-production target. Allowlisted commands only \u2014 npx playwright test, install, show-report. Refuses production targets. Never accepts or echoes credentials, tokens, or storageState. Incomplete runs degrade to manual-review, never auto-pass.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/playwright-e2e-execution-run-agent",
     "author": "github: Raishin",
@@ -10578,7 +10842,7 @@
       "https://playwright.dev/docs/test-sharding",
       "https://playwright.dev/docs/trace-viewer"
     ],
-    "security_notes": "Static review only — never executes the suite, launches browsers, or contacts a target application. Never requests live URLs with embedded credentials, bearer tokens, real storageState files, or .env secrets.",
+    "security_notes": "Static review only \u2014 never executes the suite, launches browsers, or contacts a target application. Never requests live URLs with embedded credentials, bearer tokens, real storageState files, or .env secrets.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/playwright-e2e-suite-review-agent",
     "author": "github: Raishin",
@@ -10597,7 +10861,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Statically review exported IEC 61131-3 PLC program logic for safety and reliability defects — E-stop implementation, output fail-safe paths, latch integrity, memory-write races, forced I/O, interlock bypass governance, timer determinism, and watchdog coverage.",
+    "summary": "Statically review exported IEC 61131-3 PLC program logic for safety and reliability defects \u2014 E-stop implementation, output fail-safe paths, latch integrity, memory-write races, forced I/O, interlock bypass governance, timer determinism, and watchdog coverage.",
     "source_type": "original",
     "official_docs": [
       "https://plcopen.org/iec-61131-3",
@@ -10606,7 +10870,7 @@
       "https://webstore.iec.ch/publication/26037",
       "https://content.helpme-codesys.com/en/CODESYS%20Development%20System/_cds_structure_application_objects.html"
     ],
-    "security_notes": "Static review only — never connects to a live PLC, never writes to a controller, never advises bypassing a safety function. Never requests live controller IP addresses, plant-network hostnames, historian credentials, or production asset identifiers. Ask for sanitized, anonymized exports only.",
+    "security_notes": "Static review only \u2014 never connects to a live PLC, never writes to a controller, never advises bypassing a safety function. Never requests live controller IP addresses, plant-network hostnames, historian credentials, or production asset identifiers. Ask for sanitized, anonymized exports only.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/plc-control-logic-safety-review-agent",
     "author": "github: Raishin",
@@ -10693,7 +10957,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review exported RPA workflow definitions for resilience and security defects — hardcoded credentials, brittle selectors, missing exception handling, non-idempotent logic, fixed delays, and invisible failures — statically, without connecting to a live orchestrator.",
+    "summary": "Review exported RPA workflow definitions for resilience and security defects \u2014 hardcoded credentials, brittle selectors, missing exception handling, non-idempotent logic, fixed delays, and invisible failures \u2014 statically, without connecting to a live orchestrator.",
     "source_type": "original",
     "official_docs": [
       "https://docs.uipath.com/studio/standalone/latest/user-guide/about-workflow-analyzer",
@@ -10703,17 +10967,17 @@
       "https://learn.microsoft.com/en-us/power-automate/guidance/coding-guidelines/overview",
       "https://learn.microsoft.com/en-us/power-automate/guidance/coding-guidelines/error-handling"
     ],
-    "security_notes": "Static review only — never connects to a live orchestrator, never executes a bot, and never requests runner credentials or orchestrator connection strings. Never accepts workflow exports containing live PII, real customer data, or production connection strings.",
+    "security_notes": "Static review only \u2014 never connects to a live orchestrator, never executes a bot, and never requests runner credentials or orchestrator connection strings. Never accepts workflow exports containing live PII, real customer data, or production connection strings.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/rpa-workflow-resilience-review-agent",
     "author": "github: Raishin",
     "version": "0.1.0"
   },
   {
-    "id": "scaleway-cost-optimizer-agent",
-    "name": "Scaleway Cost Optimizer",
+    "id": "salesforce-agentforce-ai-agent",
+    "name": "Salesforce Agentforce AI Agent",
     "type": "agent",
-    "provider": "scaleway",
+    "provider": "salesforce",
     "harnesses": [
       "codex",
       "copilot",
@@ -10722,33 +10986,39 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Advisory agent for Scaleway cost analysis: instance type rightsizing, reserved instance utilization, idle Object Storage and SBS volumes, Serverless function cold-start cost, and Cockpit observability spend.",
+    "summary": "Adversarial static reviewer for Agentforce AI agent configuration, prompt grounding, retrieval, action safety, hallucination containment, human handoff, and model-risk controls \u2014 rejects ungrounded automation and unsafe autonomous actions.",
     "source_type": "original",
     "official_docs": [
-      "https://www.scaleway.com/en/pricing/",
-      "https://www.scaleway.com/en/docs/billing/",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/instance_server",
-      "https://www.scaleway.com/en/docs/observability/cockpit/",
-      "https://www.scaleway.com/en/developers/api/"
+      "https://help.salesforce.com/s/articleView?id=sf.agentforce_overview.htm",
+      "https://trailhead.salesforce.com/credentials/aiassociate",
+      "https://developer.salesforce.com/docs/einstein/genai/guide/index.html",
+      "https://help.salesforce.com/s/articleView?id=sf.einstein_ai_overview.htm"
     ],
-    "security_notes": "Do not recommend cost cuts that remove Cockpit observability, RDB automated backups, snapshot retention, or multi-zone placement group coverage without explicit risk acceptance and rollback evidence. Reserved instance commitments are non-refundable; verify utilization before recommending.",
-    "last_verified": "2026-05-10",
-    "path": "agents/scaleway/scaleway-cost-optimizer-agent",
-    "version": "0.1.0",
-    "author": "github: Raishin",
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. All Agentforce terminology is drift-prone and must be verified against current official Salesforce documentation. Rejects autonomous action configurations without explicit scope boundaries. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-agentforce-ai-agent/",
     "companion_skills": [
-      "scaleway-cost-optimizer"
+      "salesforce-agentforce-risk-review-skill"
     ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
     "harness_variants": {
-      "codex": "agents/scaleway/scaleway-cost-optimizer-agent/harnesses/codex.toml",
-      "claude-code": "agents/scaleway/scaleway-cost-optimizer-agent/harnesses/claude-code.agent.md"
+      "codex": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-agentforce-ai-agent/harnesses/kiro-cli.agent.json"
     }
   },
   {
-    "id": "scaleway-iam-policy-review-agent",
-    "name": "Scaleway IAM Policy Review",
+    "id": "salesforce-analytics-tableau-agent",
+    "name": "Salesforce Analytics and Tableau Agent",
     "type": "agent",
-    "provider": "scaleway",
+    "provider": "salesforce",
     "harnesses": [
       "codex",
       "copilot",
@@ -10757,32 +11027,39 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Advisory agent for reviewing Scaleway IAM bindings, API key governance, service account scopes, application secrets, and organization/project-level permission sets.",
+    "summary": "Adversarial static reviewer for CRM Analytics, Tableau, and Einstein Discovery dashboards, metrics governance, KPI lineage, semantic definitions, and executive reporting \u2014 rejects vanity dashboards and undefined metrics.",
     "source_type": "original",
     "official_docs": [
-      "https://www.scaleway.com/en/docs/iam/",
-      "https://www.scaleway.com/en/docs/iam/concepts/",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_policy",
-      "https://www.scaleway.com/en/developers/api/iam/"
+      "https://help.salesforce.com/s/articleView?id=sf.bi_analytics_overview.htm",
+      "https://trailhead.salesforce.com/credentials/crmanalyticsandeinsteindiscoveryconsultant",
+      "https://www.tableau.com/support/help",
+      "https://developer.salesforce.com/docs/atlas.en-us.bi_dev_guide_rest.meta/bi_dev_guide_rest/bi_rest_overview.htm"
     ],
-    "security_notes": "Scaleway API keys with organization-level scope grant access to all projects; always prefer project-scoped keys with expiry. Service accounts assigned to resource types must be audited for implicit cross-project privilege escalation. IAM key sprawl — long-lived keys with broad scopes — is the top Scaleway access control risk.",
-    "last_verified": "2026-05-10",
-    "path": "agents/scaleway/scaleway-iam-policy-review-agent",
-    "version": "0.1.0",
-    "author": "github: Raishin",
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or personal data. Einstein Discovery product naming is drift-prone and must be verified against current official Salesforce documentation. Does not approve, deploy, or mutate any org. Escalates undefined KPIs and uncontrolled executive export to qualified architect.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-analytics-tableau-agent/",
     "companion_skills": [
-      "scaleway-iam-policy-review"
+      "salesforce-org-assessment-skill"
     ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
     "harness_variants": {
-      "codex": "agents/scaleway/scaleway-iam-policy-review-agent/harnesses/codex.toml",
-      "claude-code": "agents/scaleway/scaleway-iam-policy-review-agent/harnesses/claude-code.agent.md"
+      "codex": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-analytics-tableau-agent/harnesses/kiro-cli.agent.json"
     }
   },
   {
-    "id": "scaleway-kapsule-platform-operator-agent",
-    "name": "Scaleway Kapsule Platform Operator",
+    "id": "salesforce-app-builder-automation-agent",
+    "name": "Salesforce App Builder Automation Agent",
     "type": "agent",
-    "provider": "scaleway",
+    "provider": "salesforce",
     "harnesses": [
       "codex",
       "copilot",
@@ -10791,33 +11068,38 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Advisory agent for Scaleway Kapsule managed Kubernetes readiness: node pool strategy, CNI selection (Cilium, Calico, Kilo), placement group policies, version upgrades, and workload scheduling posture.",
+    "summary": "Adversarial declarative-automation reviewer for Salesforce Flow, validation rules, approval processes, dynamic forms, and record-triggered automation. Flags recursion, hidden bypasses, brittle flows, and automation debt.",
     "source_type": "original",
     "official_docs": [
-      "https://www.scaleway.com/en/docs/kubernetes/",
-      "https://www.scaleway.com/en/docs/kubernetes/reference-content/understanding-kapsule-ingress/",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_cluster",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_pool",
-      "https://www.scaleway.com/en/developers/api/kubernetes/"
+      "https://help.salesforce.com/s/articleView?id=sf.flow_ref.htm",
+      "https://trailhead.salesforce.com/en/credentials/platformappbuilder",
+      "https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_visual_workflow.htm"
     ],
-    "security_notes": "Kapsule control-plane upgrades are irreversible — a cluster cannot be downgraded to a previous Kubernetes minor version. Node pool scale-down may evict workloads without PDB protection. Placement group policy set to enforced can prevent node scheduling if hypervisor capacity is insufficient. CNI choice is immutable after cluster creation.",
-    "last_verified": "2026-05-10",
-    "path": "agents/scaleway/scaleway-kapsule-platform-operator-agent",
-    "version": "0.1.0",
-    "author": "github: Raishin",
+    "security_notes": "Static review only \u2014 works from sanitized flow metadata XML and pasted excerpts. Never requests org credentials, session tokens, or live-org access. Does not invoke Salesforce APIs or sf CLI. Does not approve, deploy, or mutate any org automation. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-app-builder-automation-agent/",
     "companion_skills": [
-      "scaleway-kapsule-platform-operator"
+      "salesforce-flow-automation-review-skill"
     ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
     "harness_variants": {
-      "codex": "agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/codex.toml",
-      "claude-code": "agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/claude-code.agent.md"
+      "codex": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-app-builder-automation-agent/harnesses/kiro-cli.agent.json"
     }
   },
   {
-    "id": "scaleway-live-kapsule-rollout-guard-agent",
-    "name": "Scaleway Live Kapsule Rollout Guard",
+    "id": "salesforce-business-analyst-agent",
+    "name": "Salesforce Business Analyst Agent",
     "type": "agent",
-    "provider": "scaleway",
+    "provider": "salesforce",
     "harnesses": [
       "codex",
       "copilot",
@@ -10826,22 +11108,809 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Approval-gated live-guard agent for Scaleway Kapsule cluster and node pool mutations: enforces PDB audit, cluster health evidence, and rollback plan before any control-plane or node pool change.",
+    "summary": "Adversarial requirements and process reviewer for Salesforce business analysis \u2014 stakeholder mapping, requirements decomposition, user stories, acceptance criteria, and traceability. Rejects vague requirements and solution-first thinking.",
     "source_type": "original",
     "official_docs": [
-      "https://www.scaleway.com/en/docs/kubernetes/",
-      "https://www.scaleway.com/en/developers/api/kubernetes/",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_cluster",
-      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_pool",
-      "https://kubernetes.io/docs/concepts/workloads/pods/disruptions/"
+      "https://help.salesforce.com/s/articleView?id=sf.bc_overview.htm",
+      "https://trailhead.salesforce.com/en/credentials/businessanalyst",
+      "https://help.salesforce.com/s/articleView?id=sf.process_overview.htm"
     ],
-    "security_notes": "Kapsule control-plane version upgrades are irreversible — clusters cannot be downgraded to a previous minor version. Node pool deletion evicts all workloads immediately regardless of PDB coverage. CNI type is immutable after cluster creation. Hard-stop is mandatory when target cluster ID, region/zone, approval token, or rollback plan is absent or ambiguous.",
-    "last_verified": "2026-05-10",
-    "path": "agents/scaleway/scaleway-live-kapsule-rollout-guard-agent",
-    "version": "0.1.0",
-    "author": "github: Raishin",
+    "security_notes": "Static review only \u2014 works from sanitized requirements documents and pasted process excerpts. Never requests org credentials, live-org access, or user personal data. Does not approve delivery scope, produce binding project plans, or mutate any org. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-business-analyst-agent/",
     "companion_skills": [
-      "scaleway-live-kapsule-rollout-guard"
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-business-analyst-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-business-analyst-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-business-analyst-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-business-analyst-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-business-analyst-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-business-analyst-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-compliance-privacy-agent",
+    "name": "Salesforce Compliance and Privacy Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial static reviewer for privacy, consent, retention, audit controls, regulated data, and SOX/GDPR/HIPAA/PCI considerations within Salesforce \u2014 covers Salesforce Shield, Event Monitoring, Field Audit Trail, and Shield Platform Encryption; escalates legal interpretation to counsel.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_shield.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.privacy_overview.htm",
+      "https://trailhead.salesforce.com/credentials/dataarchitectureandmanagementdesigner",
+      "https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_rest_resources.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, encryption keys, or personal data. Does not give legal advice, does not issue compliance certifications, and does not form an attorney-client relationship. Escalates all regulatory legal interpretation to qualified counsel. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-compliance-privacy-agent/",
+    "companion_skills": [
+      "salesforce-permission-model-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-compliance-privacy-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-data-architecture-agent",
+    "name": "Salesforce Data Architecture Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial data-model and data-management reviewer for Salesforce \u2014 master data, system of record, data quality, deduplication, archival, retention, backup, large data volumes, and data classification. Treats Data 360 and Data Cloud naming as drift-prone and requires verification.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.data_management.htm",
+      "https://trailhead.salesforce.com/en/credentials/dataarchitect",
+      "https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_objects_list.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized object metadata exports and pasted ERDs. Never requests org credentials, session tokens, or live-org access. Does not run SOQL queries. Does not approve data model changes or migration plans. Does not mutate any org. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-data-architecture-agent/",
+    "companion_skills": [
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-data-architecture-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-data-architecture-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-data-architecture-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-data-architecture-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-data-architecture-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-data-architecture-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-development-agent",
+    "name": "Salesforce Development Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial code reviewer for Salesforce Apex, Lightning Web Components, triggers, async patterns, tests, governor limits, packaging, and secure development. Rejects unsafe code without tests and a rollback strategy.",
+    "source_type": "original",
+    "official_docs": [
+      "https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_intro.htm",
+      "https://developer.salesforce.com/docs/component-library/documentation/en/lwc",
+      "https://trailhead.salesforce.com/en/credentials/platformdeveloperI"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized Apex and LWC code excerpts. Never requests org credentials, session tokens, or live-org access. Does not execute code, invoke Salesforce APIs, or approve deployments. Does not mutate any org. Refusal-by-default for any request requiring live org access or code execution.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-development-agent/",
+    "companion_skills": [
+      "salesforce-apex-lwc-code-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-development-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-development-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-development-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-development-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-development-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-development-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-development-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-devops-release-agent",
+    "name": "Salesforce DevOps Release Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial release and deployment reviewer for Salesforce DevOps \u2014 sandbox strategy, metadata deployment, CI/CD, source tracking, scratch orgs, unlocked packages, release gates, rollback, and environment promotion. Treats change sets as exception, not default.",
+    "source_type": "original",
+    "official_docs": [
+      "https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_intro.htm",
+      "https://trailhead.salesforce.com/en/credentials/devopsengineeer",
+      "https://help.salesforce.com/s/articleView?id=sf.deploy_sandboxes_parent.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized pipeline configs, manifests, and deployment plans. Never requests org credentials, session tokens, or live-org access. Does not invoke sf CLI against any org. Does not approve, execute, or mutate any deployment. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-devops-release-agent/",
+    "companion_skills": [
+      "salesforce-release-readiness-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-devops-release-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-devops-release-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-devops-release-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-devops-release-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-devops-release-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-devops-release-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-enterprise-architect-agent",
+    "name": "Salesforce Enterprise Architect Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial end-to-end architectural challenger for multi-cloud Salesforce strategy, technical debt, target-state design, design authority, and cross-agent conflict resolution \u2014 acts as final architectural challenger, not rubber stamp.",
+    "source_type": "original",
+    "official_docs": [
+      "https://architect.salesforce.com/",
+      "https://trailhead.salesforce.com/credentials/certifiedtechnicalarchitect",
+      "https://developer.salesforce.com/docs/atlas.en-us.salesforce_app_limits_cheatsheet.meta/salesforce_app_limits_cheatsheet/salesforce_app_limits_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.integration_overview.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized design artifacts and never requests org credentials, production data extracts, or customer PII. Acts as adversarial challenger and final conflict resolver for specialist agents; does not approve, deploy, or mutate any org. Requires documented trade-off analysis and rollback plans before any architecture endorsement.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-enterprise-architect-agent/",
+    "companion_skills": [
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-enterprise-architect-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-experience-cloud-agent",
+    "name": "Salesforce Experience Cloud Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial static reviewer for Experience Cloud portals, communities, external identity, guest-user access, partner and customer access, sharing sets, and external data exposure \u2014 treats guest and external-user access as HIGH RISK by default.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.networks_overview.htm",
+      "https://trailhead.salesforce.com/credentials/experiencecloudconsultant",
+      "https://developer.salesforce.com/docs/atlas.en-us.communities_dev.meta/communities_dev/communities_dev_intro.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, session tokens, or end-user PII. Treats all guest-user and external-user access as HIGH RISK by default. Does not approve, deploy, or mutate any Salesforce org. Escalates unauthenticated access to regulated data to qualified architect.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-experience-cloud-agent/",
+    "companion_skills": [
+      "salesforce-permission-model-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-experience-cloud-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-industry-cloud-agent",
+    "name": "Salesforce Industry Cloud Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Router-to-vertical-counsel for Education Cloud, Nonprofit Cloud, Life Sciences Cloud, B2C Commerce, and Industries CPQ \u2014 refuses generic industry cloud claims without current official documentation and flags HIPAA/PHI, FERPA, donor PII, and PCI regulatory overlaps.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.edu_cloud_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.nonprofit_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.health_cloud_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.b2c_commerce_overview.htm",
+      "https://developer.salesforce.com/docs/industries/cpq/guide/index.html"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests PHI, student records, donor PII, or cardholder data. Acts as router to vertical specialists or external counsel; does not perform substantive compliance certification for any regulated vertical. Does not approve, deploy, or mutate any org. Escalates HIPAA, FERPA, and PCI matters to qualified assessors.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-industry-cloud-agent/",
+    "companion_skills": [
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-industry-cloud-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-integration-mulesoft-agent",
+    "name": "Salesforce Integration MuleSoft Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial integration reviewer for Salesforce APIs, MuleSoft, event-driven architecture, CDC, Platform Events, external services, middleware, error handling, idempotency, and integration observability. Challenges point-to-point spaghetti integration.",
+    "source_type": "original",
+    "official_docs": [
+      "https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_what_is_rest_api.htm",
+      "https://trailhead.salesforce.com/en/credentials/integrationarchitect",
+      "https://help.salesforce.com/s/articleView?id=sf.platform_events_intro.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized integration design documents and API specification excerpts. Never requests org credentials, MuleSoft Runtime Manager credentials, session tokens, or live-org access. Does not invoke Salesforce APIs or any middleware runtime. Does not approve or deploy integrations. Refusal-by-default for any request requiring live org or runtime access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-integration-mulesoft-agent/",
+    "companion_skills": [
+      "salesforce-integration-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-integration-mulesoft-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-live-guard-agent",
+    "name": "Salesforce Live Guard Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Advisory checklist agent invoked only when live Salesforce org access is involved \u2014 refusal-by-default if any of ten required preconditions is missing; emits a structured refusal or precondition checklist only; never executes, deploys, or mutates any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.deploy_overview.htm",
+      "https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_intro.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.changesets_about.htm",
+      "https://trailhead.salesforce.com/credentials/devopscentercertified"
+    ],
+    "security_notes": "Static review only \u2014 advisory checklist emitter; never invokes Salesforce APIs, sf CLI, or org credentials. Refusal-by-default when any precondition evidence is missing. Does not approve, deploy, execute, or mutate any org. Output is a structured refusal or precondition checklist for a qualified human operator. Does not store or process org credentials or session tokens.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-live-guard-agent/",
+    "companion_skills": [],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-live-guard-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-live-guard-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-live-guard-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-live-guard-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-live-guard-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-live-guard-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-maestro-agent",
+    "name": "Salesforce Maestro Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Routes Salesforce matters to the right specialist agent and coordinates cross-functional review using the Salesforce routing protocol, case capsule, and risk taxonomy. Classification and routing only \u2014 never executes changes or mutates a Salesforce org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/",
+      "https://trailhead.salesforce.com/credentials/administrator",
+      "https://developer.salesforce.com/docs"
+    ],
+    "security_notes": "Classification and routing only \u2014 works from sanitized signals and never requests org credentials, session tokens, client secrets, or PII. Never executes or recommends execution of live-org mutations; routes all live-org matters to salesforce-live-guard-agent with a named human decision owner and a structured case capsule.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-maestro-agent/",
+    "companion_skills": [],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-maestro-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-maestro-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-maestro-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-maestro-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-maestro-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-maestro-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-maestro-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-marketing-cloud-agent",
+    "name": "Salesforce Marketing Cloud Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial static reviewer for Marketing Cloud Engagement and Account Engagement journeys, segmentation, deliverability, consent, preference centers, and campaign governance \u2014 explicitly refuses review when product is undeclared and flags privacy, consent, and deliverability risks.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.mc_overview_marketing_cloud.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.pardot_overview.htm",
+      "https://trailhead.salesforce.com/credentials/marketingcloudemailspecialist",
+      "https://developer.salesforce.com/docs/marketing/marketing-cloud/guide/index.html"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests subscriber PII, API keys, or org credentials. Refuses product-specific review when the specific Marketing Cloud product is undeclared. Does not approve, deploy, or mutate any org. Escalates consent and regulatory obligations to qualified privacy counsel.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-marketing-cloud-agent/",
+    "companion_skills": [
+      "salesforce-marketing-consent-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-marketing-cloud-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-platform-admin-review-agent",
+    "name": "Salesforce Platform Admin Review Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial org-configuration reviewer for Salesforce platform administration \u2014 objects, fields, layouts, permissions, flows, reports, dashboards, user administration, and release-impact review. Challenges over-customization, permission sprawl, and admin debt.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.admin_overview.htm",
+      "https://trailhead.salesforce.com/en/credentials/administrator",
+      "https://developer.salesforce.com/docs/atlas.en-us.api_meta.meta/api_meta/meta_intro.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized metadata exports and pasted excerpts. Never requests org credentials, session tokens, or live-org access. Does not invoke Salesforce APIs or sf CLI. Does not approve, deploy, or mutate any org configuration. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-platform-admin-review-agent/",
+    "companion_skills": [
+      "salesforce-metadata-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-platform-admin-review-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-sales-cloud-revenue-agent",
+    "name": "Salesforce Sales Cloud Revenue Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial revenue-process reviewer for Salesforce Sales Cloud \u2014 lead-to-cash, opportunity lifecycle, forecasting, territories, products, pricing, CPQ, Revenue Cloud, quoting, approvals, and pipeline integrity. Flags revenue leakage, shadow processes, and forecast manipulation risk.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.sales_cloud_overview.htm",
+      "https://trailhead.salesforce.com/en/credentials/salescloudconsultant",
+      "https://help.salesforce.com/s/articleView?id=sf.forecasts3_overview.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration exports and process descriptions. Never requests org credentials, pipeline data, or live-org access. Does not invoke Salesforce APIs or sf CLI. Does not approve pricing, discount, or revenue decisions. Does not mutate any org. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-sales-cloud-revenue-agent/",
+    "companion_skills": [
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-sales-cloud-revenue-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-security-identity-access-agent",
+    "name": "Salesforce Security Identity Access Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial security reviewer for Salesforce identity and access management \u2014 profiles, permission sets, permission set groups, roles, sharing, OWD, SSO, MFA, connected apps, OAuth scopes, session policies, and privileged access. Enforces least privilege and flags toxic permission combinations.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_overview.htm",
+      "https://trailhead.salesforce.com/en/credentials/identityaccessmanagementarchitect",
+      "https://help.salesforce.com/s/articleView?id=sf.connected_app_overview.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized permission exports and configuration excerpts. Never requests org credentials, session tokens, or live-org access. Does not invoke Salesforce APIs or sf CLI. Does not approve security policy decisions or mutate any org. Refusal-by-default for any request requiring live org access or disabling security controls.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-security-identity-access-agent/",
+    "companion_skills": [
+      "salesforce-permission-model-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-security-identity-access-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-service-field-service-agent",
+    "name": "Salesforce Service Field Service Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial service-operations reviewer for Salesforce Service Cloud and Field Service \u2014 cases, entitlements, omni-channel, knowledge, service console, SLAs, Field Service, dispatch, work orders, and service analytics. Flags SLA blind spots and customer-impacting failures.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.service_cloud_overview.htm",
+      "https://trailhead.salesforce.com/en/credentials/servicecloudconsultant",
+      "https://help.salesforce.com/s/articleView?id=sf.fs_overview.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration exports and entitlement process descriptions. Never requests org credentials, case data, customer PII, or live-org access. Does not invoke Salesforce APIs or sf CLI. Does not approve SLA or service process changes. Does not mutate any org. Refusal-by-default for any request requiring live org access.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-service-field-service-agent/",
+    "companion_skills": [
+      "salesforce-org-assessment-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-service-field-service-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-service-field-service-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-service-field-service-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-service-field-service-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-service-field-service-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-service-field-service-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-slack-collaboration-agent",
+    "name": "Salesforce Slack Collaboration Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Adversarial static reviewer for Slack integration, Slack administration, workflow collaboration, channel governance, retention, eDiscovery implications, and productivity patterns \u2014 flags collaboration sprawl and unmanaged data leakage.",
+    "source_type": "original",
+    "official_docs": [
+      "https://slack.com/intl/en-us/help/categories/360000049043",
+      "https://help.salesforce.com/s/articleView?id=sf.slack_overview.htm",
+      "https://api.slack.com/docs",
+      "https://slack.com/intl/en-us/trust/compliance"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests workspace tokens, OAuth secrets, or employee message content. Treats Slack Connect external channels as HIGH RISK by default. Does not approve, deploy, or mutate any org or workspace. Escalates retention and eDiscovery obligations to qualified counsel.",
+    "last_verified": "2026-05-20",
+    "path": "agents/salesforce/salesforce-slack-collaboration-agent/",
+    "companion_skills": [
+      "salesforce-permission-model-review-skill"
+    ],
+    "execution_tier": "static-review",
+    "lifecycle": "experimental",
+    "author": "github: Raishin",
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-slack-collaboration-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "scaleway-cost-optimizer-agent",
+    "name": "Scaleway Cost Optimizer",
+    "type": "agent",
+    "provider": "scaleway",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Advisory agent for Scaleway cost analysis: instance type rightsizing, reserved instance utilization, idle Object Storage and SBS volumes, Serverless function cold-start cost, and Cockpit observability spend.",
+    "source_type": "original",
+    "official_docs": [
+      "https://www.scaleway.com/en/pricing/",
+      "https://www.scaleway.com/en/docs/billing/",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/instance_server",
+      "https://www.scaleway.com/en/docs/observability/cockpit/",
+      "https://www.scaleway.com/en/developers/api/"
+    ],
+    "security_notes": "Do not recommend cost cuts that remove Cockpit observability, RDB automated backups, snapshot retention, or multi-zone placement group coverage without explicit risk acceptance and rollback evidence. Reserved instance commitments are non-refundable; verify utilization before recommending.",
+    "last_verified": "2026-05-10",
+    "path": "agents/scaleway/scaleway-cost-optimizer-agent",
+    "version": "0.1.0",
+    "author": "github: Raishin",
+    "companion_skills": [
+      "scaleway-cost-optimizer"
+    ],
+    "harness_variants": {
+      "codex": "agents/scaleway/scaleway-cost-optimizer-agent/harnesses/codex.toml",
+      "claude-code": "agents/scaleway/scaleway-cost-optimizer-agent/harnesses/claude-code.agent.md"
+    }
+  },
+  {
+    "id": "scaleway-iam-policy-review-agent",
+    "name": "Scaleway IAM Policy Review",
+    "type": "agent",
+    "provider": "scaleway",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Advisory agent for reviewing Scaleway IAM bindings, API key governance, service account scopes, application secrets, and organization/project-level permission sets.",
+    "source_type": "original",
+    "official_docs": [
+      "https://www.scaleway.com/en/docs/iam/",
+      "https://www.scaleway.com/en/docs/iam/concepts/",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_policy",
+      "https://www.scaleway.com/en/developers/api/iam/"
+    ],
+    "security_notes": "Scaleway API keys with organization-level scope grant access to all projects; always prefer project-scoped keys with expiry. Service accounts assigned to resource types must be audited for implicit cross-project privilege escalation. IAM key sprawl \u2014 long-lived keys with broad scopes \u2014 is the top Scaleway access control risk.",
+    "last_verified": "2026-05-10",
+    "path": "agents/scaleway/scaleway-iam-policy-review-agent",
+    "version": "0.1.0",
+    "author": "github: Raishin",
+    "companion_skills": [
+      "scaleway-iam-policy-review"
+    ],
+    "harness_variants": {
+      "codex": "agents/scaleway/scaleway-iam-policy-review-agent/harnesses/codex.toml",
+      "claude-code": "agents/scaleway/scaleway-iam-policy-review-agent/harnesses/claude-code.agent.md"
+    }
+  },
+  {
+    "id": "scaleway-kapsule-platform-operator-agent",
+    "name": "Scaleway Kapsule Platform Operator",
+    "type": "agent",
+    "provider": "scaleway",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Advisory agent for Scaleway Kapsule managed Kubernetes readiness: node pool strategy, CNI selection (Cilium, Calico, Kilo), placement group policies, version upgrades, and workload scheduling posture.",
+    "source_type": "original",
+    "official_docs": [
+      "https://www.scaleway.com/en/docs/kubernetes/",
+      "https://www.scaleway.com/en/docs/kubernetes/reference-content/understanding-kapsule-ingress/",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_cluster",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_pool",
+      "https://www.scaleway.com/en/developers/api/kubernetes/"
+    ],
+    "security_notes": "Kapsule control-plane upgrades are irreversible \u2014 a cluster cannot be downgraded to a previous Kubernetes minor version. Node pool scale-down may evict workloads without PDB protection. Placement group policy set to enforced can prevent node scheduling if hypervisor capacity is insufficient. CNI choice is immutable after cluster creation.",
+    "last_verified": "2026-05-10",
+    "path": "agents/scaleway/scaleway-kapsule-platform-operator-agent",
+    "version": "0.1.0",
+    "author": "github: Raishin",
+    "companion_skills": [
+      "scaleway-kapsule-platform-operator"
+    ],
+    "harness_variants": {
+      "codex": "agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/codex.toml",
+      "claude-code": "agents/scaleway/scaleway-kapsule-platform-operator-agent/harnesses/claude-code.agent.md"
+    }
+  },
+  {
+    "id": "scaleway-live-kapsule-rollout-guard-agent",
+    "name": "Scaleway Live Kapsule Rollout Guard",
+    "type": "agent",
+    "provider": "scaleway",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Approval-gated live-guard agent for Scaleway Kapsule cluster and node pool mutations: enforces PDB audit, cluster health evidence, and rollback plan before any control-plane or node pool change.",
+    "source_type": "original",
+    "official_docs": [
+      "https://www.scaleway.com/en/docs/kubernetes/",
+      "https://www.scaleway.com/en/developers/api/kubernetes/",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_cluster",
+      "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/k8s_pool",
+      "https://kubernetes.io/docs/concepts/workloads/pods/disruptions/"
+    ],
+    "security_notes": "Kapsule control-plane version upgrades are irreversible \u2014 clusters cannot be downgraded to a previous minor version. Node pool deletion evicts all workloads immediately regardless of PDB coverage. CNI type is immutable after cluster creation. Hard-stop is mandatory when target cluster ID, region/zone, approval token, or rollback plan is absent or ambiguous.",
+    "last_verified": "2026-05-10",
+    "path": "agents/scaleway/scaleway-live-kapsule-rollout-guard-agent",
+    "version": "0.1.0",
+    "author": "github: Raishin",
+    "companion_skills": [
+      "scaleway-live-kapsule-rollout-guard"
     ],
     "harness_variants": {
       "codex": "agents/scaleway/scaleway-live-kapsule-rollout-guard-agent/harnesses/codex.toml",
@@ -10903,7 +11972,7 @@
       "https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/instance_placement_group",
       "https://www.scaleway.com/en/docs/network/load-balancer/"
     ],
-    "security_notes": "Placement groups with enforced policy may block instance scheduling if hypervisor capacity is insufficient in the target zone — always prefer max_availability for non-critical HA. Security groups are zone-scoped; cross-zone traffic must be reviewed for unintended public exposure. VPC routes are regional, but Private Network interfaces are zone-bound; verify routing consistency across zones.",
+    "security_notes": "Placement groups with enforced policy may block instance scheduling if hypervisor capacity is insufficient in the target zone \u2014 always prefer max_availability for non-critical HA. Security groups are zone-scoped; cross-zone traffic must be reviewed for unintended public exposure. VPC routes are regional, but Private Network interfaces are zone-bound; verify routing consistency across zones.",
     "last_verified": "2026-05-10",
     "path": "agents/scaleway/scaleway-network-architect-agent",
     "version": "0.1.0",
@@ -11020,7 +12089,7 @@
       "gemini",
       "kiro"
     ],
-    "summary": "Review a test suite for assertion quality over coverage percentage — detecting coverage theater, assertion-free and tautological tests, mock over-specification, untested branches, and weak coverage gates.",
+    "summary": "Review a test suite for assertion quality over coverage percentage \u2014 detecting coverage theater, assertion-free and tautological tests, mock over-specification, untested branches, and weak coverage gates.",
     "source_type": "original",
     "official_docs": [
       "https://martinfowler.com/bliki/TestCoverage.html",
@@ -11029,7 +12098,7 @@
       "https://jestjs.io/docs/configuration",
       "https://docs.pytest.org/en/stable/how-to/assert.html"
     ],
-    "security_notes": "Static review only — reads test source and coverage reports, never executes tests or runs a coverage tool. Never requests credentials, fixtures with real customer data, or production database snapshots.",
+    "security_notes": "Static review only \u2014 reads test source and coverage reports, never executes tests or runs a coverage tool. Never requests credentials, fixtures with real customer data, or production database snapshots.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/test-coverage-quality-review-agent",
     "author": "github: Raishin",
@@ -11057,10 +12126,373 @@
       "https://docs.pytest.org/en/stable/how-to/flaky.html",
       "https://martinfowler.com/articles/nonDeterminism.html"
     ],
-    "security_notes": "Static review only — analyzes failure logs, rerun history, and test source; never executes or re-runs tests. Never requests CI credentials, dashboard API tokens, or production data embedded in logs.",
+    "security_notes": "Static review only \u2014 analyzes failure logs, rerun history, and test source; never executes or re-runs tests. Never requests CI credentials, dashboard API tokens, or production data embedded in logs.",
     "last_verified": "2026-05-17",
     "path": "agents/qa/test-flakiness-triage-agent",
     "author": "github: Raishin",
     "version": "0.1.0"
+  },
+  {
+    "id": "salesforce-adaptive-access-agent",
+    "name": "Salesforce Adaptive Access Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews contextual and risk-based access controls in Salesforce \u2014 Transaction Security Policies, Shield real-time event monitoring, Dynamic Forms conditions, permission set policies, Context-Aware Access, anomaly scoring, high-assurance session enforcement, and Einstein Trust Layer boundaries \u2014 against zero-trust principles; static review only, never mutates any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.transaction_security_policy_events.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.shield_event_monitoring_intro.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-adaptive-access-agent/",
+    "companion_skills": [
+      "salesforce-zero-trust-maturity-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-adaptive-access-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-certificate-lifecycle-agent",
+    "name": "Salesforce Certificate Lifecycle Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Salesforce certificate and key management \u2014 self-signed and CA-signed certificates, expiry tracking, mTLS for Named Credentials, JWT signing certificates, SAML assertion signing, and rotation procedures \u2014 against zero-trust principles; static review only, never mutates any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_keys_about.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.named_credentials_about.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-certificate-lifecycle-agent/",
+    "companion_skills": [
+      "salesforce-zero-trust-maturity-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-certificate-lifecycle-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-change-impact-analyst-agent",
+    "name": "Salesforce Change Impact Analyst Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Performs adversarial pre-deployment change impact analysis for Salesforce releases \u2014 metadata dependencies, automation impacts, destructive change risk, permission changes, API deprecation, and change freeze compliance \u2014 static review only, never connects to any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_develop.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.changesets_about.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-change-impact-analyst-agent/",
+    "companion_skills": [
+      "salesforce-devsecops-pipeline-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-change-impact-analyst-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-code-analyzer-orchestrator-agent",
+    "name": "Salesforce Code Analyzer Orchestrator Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews and triages Salesforce Code Analyzer findings across PMD, ESLint, RetireJS, and Graph Engine layers to enforce pre-deployment security gates \u2014 static review only, never executes scan tooling or connects to any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/index.html",
+      "https://developer.salesforce.com/tools/sfdxcli",
+      "https://help.salesforce.com/s/articleView?id=sf.devops_center_overview.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/",
+    "companion_skills": [
+      "salesforce-devsecops-pipeline-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-code-analyzer-orchestrator-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-continuous-verification-agent",
+    "name": "Salesforce Continuous Verification Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews continuous identity and session verification controls in Salesforce \u2014 adaptive authentication, Always-On MFA, OAuth token lifetime, behavioral anomaly detection, and continuous re-validation patterns \u2014 against zero-trust principles; static review only, never mutates any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_mfa_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.event_monitoring_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_flows.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-continuous-verification-agent/",
+    "companion_skills": [
+      "salesforce-zero-trust-maturity-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-continuous-verification-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-hyperforce-security-agent",
+    "name": "Salesforce Hyperforce Security Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Hyperforce deployment security posture, data residency commitments, HIA controls, and shared responsibility boundaries for Salesforce Hyperforce tenants.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.hyperforce_overview.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.hyperforce_infrastructure_access.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-hyperforce-security-agent/",
+    "companion_skills": [
+      "salesforce-infrastructure-audit-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-hyperforce-security-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-network-policy-architect-agent",
+    "name": "Salesforce Network Policy Architect Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Salesforce org-level network security policies, IP allowlisting controls, session settings, and CSP Trusted Sites configuration for security gaps.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_networkaccess.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.security_trusted_ip.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.security_session_timeout.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-network-policy-architect-agent/",
+    "companion_skills": [
+      "salesforce-infrastructure-audit-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-network-policy-architect-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-sandbox-governance-agent",
+    "name": "Salesforce Sandbox Governance Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Salesforce sandbox data governance posture, PII masking strategy, Connected App scope, and access controls to prevent regulated data leakage into lower environments \u2014 static review only, never connects to any org.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.data_sandbox_create.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.data_masking_intro.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-sandbox-governance-agent/",
+    "companion_skills": [
+      "salesforce-devsecops-pipeline-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-sandbox-governance-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-sandbox-isolation-agent",
+    "name": "Salesforce Sandbox Isolation Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Salesforce sandbox environment types, data isolation enforcement, production data leakage risks, refresh policies, and data masking requirements before sandbox creation.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.create_test_instance.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.data_sandbox_create.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-sandbox-isolation-agent/",
+    "companion_skills": [
+      "salesforce-infrastructure-audit-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-sandbox-isolation-agent/harnesses/kiro-cli.agent.json"
+    }
+  },
+  {
+    "id": "salesforce-session-governance-agent",
+    "name": "Salesforce Session Governance Agent",
+    "type": "agent",
+    "provider": "salesforce",
+    "harnesses": [
+      "codex",
+      "copilot",
+      "claude-code",
+      "cursor",
+      "gemini",
+      "kiro"
+    ],
+    "summary": "Reviews Salesforce session security settings, High Assurance session requirements, OAuth session policies, Connected App controls, and session hijacking risks from long-lived tokens.",
+    "source_type": "original",
+    "official_docs": [
+      "https://help.salesforce.com/s/articleView?id=sf.security_session_settings.htm",
+      "https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_connectedapp_create.htm"
+    ],
+    "security_notes": "Static review only \u2014 works from sanitized configuration excerpts and never requests org credentials, API keys, or user PII. Does not approve, deploy, or mutate any org.",
+    "last_verified": "2026-05-21",
+    "path": "agents/salesforce/salesforce-session-governance-agent/",
+    "companion_skills": [
+      "salesforce-infrastructure-audit-skill"
+    ],
+    "version": "0.1.0",
+    "harness_variants": {
+      "codex": "agents/salesforce/salesforce-session-governance-agent/harnesses/codex.toml",
+      "copilot": "agents/salesforce/salesforce-session-governance-agent/harnesses/copilot.agent.md",
+      "claude-code": "agents/salesforce/salesforce-session-governance-agent/harnesses/claude-code.agent.md",
+      "cursor": "agents/salesforce/salesforce-session-governance-agent/harnesses/cursor.agent.md",
+      "gemini": "agents/salesforce/salesforce-session-governance-agent/harnesses/gemini.agent.md",
+      "kiro-ide": "agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-ide.agent.md",
+      "kiro-cli": "agents/salesforce/salesforce-session-governance-agent/harnesses/kiro-cli.agent.json"
+    }
   }
 ]