@securityreviewai/securityreview-kit 0.1.41 → 0.1.43

package/README.md

@@ -27,11 +27,11 @@ npx @securityreviewai/securityreview-kit init --switch-project
 
 | Target | Flag | MCP Config | Workspace Rule |
 |---|---|---|---|
-| Cursor | `cursor` | `.cursor/mcp.json` | `.cursor/rules/srai-security-review.mdc`, `.cursor/rules/ctm_sync_rule.mdc`, `.cursor/commands/ctm_sync.md`, `.cursor/agents/ctm_sync.md`, `.cursor/commands/create-ide-workflow.md`, `.cursor/commands/srai-profile.md`, `.cursor/skills/threat-modelling/SKILL.md` |
-| Claude Code | `claude` | `.mcp.json` | `.claude/CLAUDE.md`, `.claude/settings.json`, `.claude/skills/threat-modelling/SKILL.md`, `.claude/skills/guardrails-profiler/SKILL.md`, `.claude/skills/guardrails-selection/SKILL.md`, `.claude/agents/ctm_sync.md`, `.claude/commands/guardrails-init-profile.md` |
-| VS Code Copilot | `vscode` | `.vscode/mcp.json` | `.github/copilot-instructions.md`, `.github/skills/threat-modelling/SKILL.md`, `.github/skills/guardrails-profiler/SKILL.md`, `.github/skills/guardrails-selection/SKILL.md`, `.github/agents/ctm_sync.agent.md`, `.github/hooks/srai-session-policy.json` |
+| Cursor | `cursor` | `.cursor/mcp.json` | `.cursor/rules/srai-security-review.mdc`, `.cursor/rules/guardrails_rule.mdc`, `.cursor/commands/srai-profile.md`, `.cursor/commands/guardrails-init-profile.md`, `.cursor/skills/threat-modelling/SKILL.md`, `.cursor/hooks.json` |
+| Claude Code | `claude` | `.mcp.json` | `.claude/CLAUDE.md`, `.claude/settings.json`, `.claude/skills/threat-modelling/SKILL.md`, `.claude/skills/guardrails-profiler/SKILL.md`, `.claude/skills/guardrails-selection/SKILL.md`, `.claude/commands/guardrails-init-profile.md` |
+| VS Code Copilot | `vscode` | `.vscode/mcp.json` | `.github/copilot-instructions.md`, `.github/skills/threat-modelling/SKILL.md`, `.github/skills/guardrails-profiler/SKILL.md`, `.github/skills/guardrails-selection/SKILL.md`, `.github/hooks/srai-session-policy.json` |
 | Windsurf | `windsurf` | `.windsurf/mcp_config.json` | `.windsurf/rules/srai-security-review.md` |
-| Codex | `codex` | `.codex/config.toml` | `.codex/AGENTS.md`, `.codex/skills/threat-modelling/SKILL.md`, `.codex/skills/guardrails-profiler/SKILL.md`, `.codex/skills/guardrails-selection/SKILL.md`, `.codex/agents/ctm_sync.toml`, `.codex/hooks.json`, `.codex/commands/guardrails-init-profile.md` |
+| Codex | `codex` | `.codex/config.toml` | `.codex/AGENTS.md`, `.codex/skills/threat-modelling/SKILL.md`, `.codex/skills/guardrails-profiler/SKILL.md`, `.codex/skills/guardrails-selection/SKILL.md`, `.codex/hooks.json`, `.codex/commands/guardrails-init-profile.md` |
 | Gemini CLI | `gemini` | `.gemini/settings.json` | `GEMINI.md` |
 | Antigravity | `antigravity` | `.gemini/settings.json` | `.agents/rules/srai-security-review.md` |
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@securityreviewai/securityreview-kit",
-  "version": "0.1.41",
+  "version": "0.1.43",
   "description": "Bootstrap security-review-mcp for AI IDEs and CLI tools",
   "author": "Debarshi Das <debarshi.das@we45.com>",
   "license": "UNLICENSED",

package/src/generators/mcp/claude.js

@@ -10,9 +10,9 @@ function getClaudeSessionStartHooks() {
         '1. Fetch Vibe Guardrails first using .claude/skills/guardrails-selection/SKILL.md.',
         '2. Run PWNISMS threat modelling using .claude/skills/threat-modelling/SKILL.md.',
         '3. Implement secure code using the hydrated guardrails and threat findings.',
-        '4. Invoke the ctm_sync agent using .claude/agents/ctm_sync.md after implementation or threat-model updates.',
+        '4. Write a structured .md artifact under vibereview/, validate it, and call sync_ai_ide_markdown directly after implementation or threat-model updates.',
         '',
-        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, ctm_sync last.',
+        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, VibeReview sync last.',
     ].join('\n');
 
     return [

package/src/generators/mcp/claude.test.js

@@ -19,6 +19,8 @@ test('Claude MCP generator writes .mcp.json, enables the project MCP server, and
     assert.deepEqual(settings.enabledMcpjsonServers, ['security-review-mcp']);
     assert.equal(Array.isArray(settings.SessionStart), true);
     assert.match(settings.SessionStart[0].hooks[0].prompt, /MANDATORY SECURITY GATE/);
+    assert.match(settings.SessionStart[0].hooks[0].prompt, /vibereview\//);
+    assert.match(settings.SessionStart[0].hooks[0].prompt, /sync_ai_ide_markdown/);
 });
 
 test('Claude MCP generator preserves existing SessionStart hooks', () => {

package/src/generators/rules/claude.js

@@ -1,7 +1,6 @@
 import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import {
-    CTM_SYNC_AGENT_REL_PATH,
     GUARDRAILS_PROFILER_SKILL_REL_DIR,
     GUARDRAILS_SELECTION_SKILL_REL_DIR,
     SENTINEL_END,
@@ -10,7 +9,6 @@ import {
 } from '../../utils/constants.js';
 import { readText, upsertSentinelBlock, writeText } from '../../utils/fs-helpers.js';
 import {
-    getCtmSyncWorkflowContent,
     getGuardrailsInitProfileContent,
     getRuleContent,
     getThreatModellingSkillContent,
@@ -22,25 +20,6 @@ function writeGeneratedText(filePath, content) {
     return { filePath, action };
 }
 
-function getAgentBody(content) {
-    return content.replace(/^---\n[\s\S]*?\n---\n*/, '').trim();
-}
-
-function getClaudeCtmSyncAgentContent(options = {}) {
-    const body = getAgentBody(getCtmSyncWorkflowContent(options));
-    return [
-        '---',
-        'name: ctm_sync',
-        'description: Use this agent after security-relevant implementation or threat modelling work to synchronize the latest threat model, mitigations, and guardrails to SRAI.',
-        'model: inherit',
-        'color: blue',
-        '---',
-        '',
-        body,
-        '',
-    ].join('\n');
-}
-
 /**
  * Generate Claude Code workspace rule — appends to .claude/CLAUDE.md
  */
@@ -49,7 +28,6 @@ export function generate(cwd, options = {}) {
         ...options,
         guardrailsSelectionSkillDir: GUARDRAILS_SELECTION_SKILL_REL_DIR.claude,
         threatModellingSkillDir: THREAT_MODELLING_SKILL_REL_DIR.claude,
-        ctmSyncAgentPath: CTM_SYNC_AGENT_REL_PATH.claude,
     };
     const legacyRootPath = join(cwd, 'CLAUDE.md');
     const filePath = join(cwd, '.claude', 'CLAUDE.md');
@@ -76,11 +54,10 @@ export function generate(cwd, options = {}) {
         getThreatModellingSkillContent(optionsWithSkillDirs),
     );
 
-    const ctmSyncAgentPath = join(cwd, CTM_SYNC_AGENT_REL_PATH.claude);
-    const ctmSyncAgent = writeGeneratedText(
-        ctmSyncAgentPath,
-        getClaudeCtmSyncAgentContent(optionsWithSkillDirs),
-    );
+    const deletedLegacyAgentPath = join(cwd, '.claude', 'agents', 'ctm_sync.md');
+    const deletedLegacyAgent = existsSync(deletedLegacyAgentPath)
+        ? (unlinkSync(deletedLegacyAgentPath), { filePath: deletedLegacyAgentPath, action: 'deleted' })
+        : null;
 
     const guardrailsInitPath = join(cwd, '.claude', 'commands', 'guardrails-init-profile.md');
     const guardrailsInit = writeGeneratedText(
@@ -94,7 +71,7 @@ export function generate(cwd, options = {}) {
     return [
         { filePath, action, kind: 'rule' },
         { ...threatSkill, kind: 'skill' },
-        { ...ctmSyncAgent, kind: 'agent' },
         { ...guardrailsInit, kind: 'command' },
+        ...(deletedLegacyAgent ? [{ ...deletedLegacyAgent, kind: 'cleanup' }] : []),
     ];
 }

package/src/generators/rules/claude.test.js

@@ -5,7 +5,7 @@ import { test } from 'node:test';
 import assert from 'node:assert/strict';
 import { generate } from './claude.js';
 
-test('Claude generator writes .claude/CLAUDE.md, threat skill, ctm_sync agent, and profiling command', () => {
+test('Claude generator writes .claude/CLAUDE.md, threat skill, and profiling command', () => {
     const cwd = mkdtempSync(join(tmpdir(), 'securityreview-kit-claude-'));
 
     const results = generate(cwd, { projectName: 'SmokeProject' });
@@ -13,7 +13,6 @@ test('Claude generator writes .claude/CLAUDE.md, threat skill, ctm_sync agent, a
     const expectedPaths = [
         '.claude/CLAUDE.md',
         '.claude/skills/threat-modelling/SKILL.md',
-        '.claude/agents/ctm_sync.md',
         '.claude/commands/guardrails-init-profile.md',
     ];
 
@@ -21,21 +20,18 @@ test('Claude generator writes .claude/CLAUDE.md, threat skill, ctm_sync agent, a
         assert.equal(existsSync(join(cwd, relPath)), true, `${relPath} should exist`);
     }
 
-    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'agent', 'command']);
+    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'command']);
 
     const instructions = readFileSync(join(cwd, '.claude/CLAUDE.md'), 'utf8');
     assert.match(instructions, /\.claude\/skills\/guardrails-selection\/SKILL\.md/);
     assert.match(instructions, /\.claude\/skills\/threat-modelling\/SKILL\.md/);
-    assert.match(instructions, /\.claude\/agents\/ctm_sync\.md/);
+    assert.match(instructions, /sync_ai_ide_markdown/);
+    assert.match(instructions, /vibereview\//);
 
     const threatSkill = readFileSync(join(cwd, '.claude/skills/threat-modelling/SKILL.md'), 'utf8');
-    assert.match(threatSkill, /\.claude\/agents\/ctm_sync\.md/);
+    assert.match(threatSkill, /sync_ai_ide_markdown/);
+    assert.match(threatSkill, /vibereview\//);
     assert.doesNotMatch(threatSkill, /get_project_profile_description/);
-
-    const agent = readFileSync(join(cwd, '.claude/agents/ctm_sync.md'), 'utf8');
-    assert.match(agent, /^---\nname: ctm_sync/m);
-    assert.match(agent, /model: inherit/);
-    assert.match(agent, /Configured SRAI project name: `SmokeProject`/);
 });
 
 test('Claude generator migrates the kit-managed root CLAUDE.md block into .claude/CLAUDE.md', () => {

package/src/generators/rules/codex.js

@@ -1,14 +1,12 @@
-import { existsSync } from 'node:fs';
+import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import {
-    CTM_SYNC_AGENT_REL_PATH,
     GUARDRAILS_PROFILER_SKILL_REL_DIR,
     GUARDRAILS_SELECTION_SKILL_REL_DIR,
     THREAT_MODELLING_SKILL_REL_DIR,
 } from '../../utils/constants.js';
 import { upsertSentinelBlock, writeText } from '../../utils/fs-helpers.js';
 import {
-    getCtmSyncWorkflowContent,
     getGuardrailsInitProfileContent,
     getRuleContent,
     getThreatModellingSkillContent,
@@ -20,6 +18,14 @@ function writeGeneratedText(filePath, content) {
     return { filePath, action };
 }
 
+function removeGeneratedText(filePath) {
+    if (existsSync(filePath)) {
+        unlinkSync(filePath);
+        return { filePath, action: 'deleted' };
+    }
+    return null;
+}
+
 function getCodexSessionHookContent() {
     const additionalContext = [
         '## MANDATORY SECURITY GATE (Session Policy)',
@@ -29,9 +35,9 @@ function getCodexSessionHookContent() {
         '1. Fetch Vibe Guardrails first using .codex/skills/guardrails-selection/SKILL.md. Resolve the project, call get_guardrails, shortlist relevant guardrails, then call get_guardrail_by_id for the shortlist.',
         '2. Run PWNISMS threat modelling using .codex/skills/threat-modelling/SKILL.md. Explicitly walk Product, Workload, Network, IAM, Secrets, Monitoring, and Supply Chain.',
         '3. Implement secure code using both the hydrated guardrails and PWNISMS findings.',
-        '4. Invoke the ctm_sync subagent using .codex/agents/ctm_sync.toml after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during CTM sync.',
+        '4. Write a structured .md artifact under vibereview/, validate it, and call sync_ai_ide_markdown directly after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during the final sync.',
         '',
-        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, ctm_sync last.',
+        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, VibeReview sync last.',
     ].join('\n');
 
     const sessionStartPayload = JSON.stringify({
@@ -82,22 +88,6 @@ function getCodexSessionHookContent() {
     ) + '\n';
 }
 
-function getAgentBody(content) {
-    return content.replace(/^---\n[\s\S]*?\n---\n*/, '').trim();
-}
-
-function getCodexCtmSyncAgentContent(options = {}) {
-    const developerInstructions = getAgentBody(getCtmSyncWorkflowContent(options));
-    return [
-        'name = "ctm_sync"',
-        'description = "Synchronize threat-model and guardrail data to SRAI after security-relevant work."',
-        "developer_instructions = '''",
-        developerInstructions,
-        "'''",
-        '',
-    ].join('\n');
-}
-
 /**
  * Generate Codex workspace rule — appends to AGENTS.md
  */
@@ -106,7 +96,6 @@ export function generate(cwd, options = {}) {
         ...options,
         guardrailsSelectionSkillDir: GUARDRAILS_SELECTION_SKILL_REL_DIR.codex,
         threatModellingSkillDir: THREAT_MODELLING_SKILL_REL_DIR.codex,
-        ctmSyncAgentPath: CTM_SYNC_AGENT_REL_PATH.codex,
     };
     const filePath = join(cwd, '.codex', 'AGENTS.md');
     const content = getRuleContent(optionsWithSkillDirs);
@@ -118,11 +107,7 @@ export function generate(cwd, options = {}) {
         getThreatModellingSkillContent(optionsWithSkillDirs),
     );
 
-    const ctmSyncAgentPath = join(cwd, CTM_SYNC_AGENT_REL_PATH.codex);
-    const ctmSyncAgent = writeGeneratedText(
-        ctmSyncAgentPath,
-        getCodexCtmSyncAgentContent(optionsWithSkillDirs),
-    );
+    const deletedLegacyAgent = removeGeneratedText(join(cwd, '.codex', 'agents', 'ctm_sync.toml'));
 
     const hooksPath = join(cwd, '.codex', 'hooks.json');
     const hooks = writeGeneratedText(hooksPath, getCodexSessionHookContent());
@@ -139,8 +124,8 @@ export function generate(cwd, options = {}) {
     return [
         { filePath, action, kind: 'rule' },
         { ...threatSkill, kind: 'skill' },
-        { ...ctmSyncAgent, kind: 'agent' },
         { ...hooks, kind: 'hooks' },
         { ...guardrailsInit, kind: 'command' },
+        ...(deletedLegacyAgent ? [{ ...deletedLegacyAgent, kind: 'cleanup' }] : []),
     ];
 }

package/src/generators/rules/codex.test.js

@@ -5,7 +5,7 @@ import { test } from 'node:test';
 import assert from 'node:assert/strict';
 import { generate } from './codex.js';
 
-test('Codex generator writes AGENTS, skills, subagent, hooks, and profiling command', () => {
+test('Codex generator writes AGENTS, skills, hooks, and profiling command', () => {
     const cwd = mkdtempSync(join(tmpdir(), 'securityreview-kit-codex-'));
 
     const results = generate(cwd, { projectName: 'SmokeProject' });
@@ -13,7 +13,6 @@ test('Codex generator writes AGENTS, skills, subagent, hooks, and profiling comm
     const expectedPaths = [
         '.codex/AGENTS.md',
         '.codex/skills/threat-modelling/SKILL.md',
-        '.codex/agents/ctm_sync.toml',
         '.codex/hooks.json',
         '.codex/commands/guardrails-init-profile.md',
     ];
@@ -22,12 +21,13 @@ test('Codex generator writes AGENTS, skills, subagent, hooks, and profiling comm
         assert.equal(existsSync(join(cwd, relPath)), true, `${relPath} should exist`);
     }
 
-    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'agent', 'hooks', 'command']);
+    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'hooks', 'command']);
 
     const instructions = readFileSync(join(cwd, '.codex/AGENTS.md'), 'utf8');
     assert.match(instructions, /\.codex\/skills\/guardrails-selection\/SKILL\.md/);
     assert.match(instructions, /\.codex\/skills\/threat-modelling\/SKILL\.md/);
-    assert.match(instructions, /\.codex\/agents\/ctm_sync\.toml/);
+    assert.match(instructions, /sync_ai_ide_markdown/);
+    assert.match(instructions, /vibereview\//);
     assert.doesNotMatch(instructions, /\.cursor/);
     assert.doesNotMatch(instructions, /\.agents\/skills/);
 
@@ -35,16 +35,14 @@ test('Codex generator writes AGENTS, skills, subagent, hooks, and profiling comm
     for (const heading of ['Product', 'Workload', 'Network', 'IAM', 'Secrets', 'Monitoring', 'Supply Chain']) {
         assert.match(threatSkill, new RegExp(heading));
     }
-    assert.match(threatSkill, /\.codex\/agents\/ctm_sync\.toml/);
+    assert.match(threatSkill, /sync_ai_ide_markdown/);
+    assert.match(threatSkill, /vibereview\//);
     assert.doesNotMatch(threatSkill, /get_project_profile_description/);
 
-    const agent = readFileSync(join(cwd, '.codex/agents/ctm_sync.toml'), 'utf8');
-    assert.match(agent, /name = "ctm_sync"/);
-    assert.match(agent, /developer_instructions = '''/);
-    assert.match(agent, /Configured SRAI project name: `SmokeProject`/);
-
     const hooks = JSON.parse(readFileSync(join(cwd, '.codex/hooks.json'), 'utf8'));
     assert.equal(hooks.hooks.SessionStart[0].hooks[0].type, 'command');
     assert.equal(hooks.hooks.UserPromptSubmit[0].hooks[0].type, 'command');
     assert.match(hooks.hooks.UserPromptSubmit[0].hooks[0].command, /"hookEventName":"UserPromptSubmit"/);
+    assert.match(hooks.hooks.UserPromptSubmit[0].hooks[0].command, /vibereview/);
+    assert.match(hooks.hooks.UserPromptSubmit[0].hooks[0].command, /sync_ai_ide_markdown/);
 });

package/src/generators/rules/content.js

@@ -50,12 +50,6 @@ function readTemplate(templateFileName, options = {}) {
         '.cursor/skills/threat-modelling',
         options.threatModellingSkillDir,
     );
-    out = injectPathPlaceholder(
-        out,
-        '{{CTM_SYNC_AGENT_PATH}}',
-        '.cursor/agents/ctm_sync.md',
-        options.ctmSyncAgentPath,
-    );
 
     return out;
 }
@@ -74,27 +68,6 @@ export function getProfileCommandContent(options = {}) {
     return readTemplate('srai-profile.md', options);
 }
 
-/**
- * Returns the CTM sync workflow content markdown.
- */
-export function getCtmSyncWorkflowContent(options = {}) {
-    return readTemplate('ctm_sync.md', options);
-}
-
-/**
- * Returns the Cursor CTM sync trigger rule markdown.
- */
-export function getCtmSyncTriggerRuleContent(options = {}) {
-    return readTemplate('ctm_sync_rule.md', options);
-}
-
-/**
- * Returns the Cursor create-ide-workflow command markdown.
- */
-export function getCreateIdeWorkflowCommandContent(options = {}) {
-    return readTemplate('create-ide-workflow.md', options);
-}
-
 /**
  * Returns the threat-modelling skill markdown.
  */

package/src/generators/rules/content.md

@@ -12,7 +12,7 @@ For any task that touches auth, authorization, input handling, secrets, network,
    - Read and follow `{{GUARDRAILS_SELECTION_SKILL_DIR}}/SKILL.md`.
    - Resolve the SRAI project with `find_project_by_name` using `name="<SRAI_PROJECT_NAME>"`.
    - Call `get_guardrails`, shortlist only the relevant project guardrails, then hydrate the exact shortlist with `get_guardrail_by_id`.
-   - Preserve that exact shortlist in context for implementation and CTM sync.
+   - Preserve that exact shortlist in context for implementation and the final VibeReview sync step.
 
 2. **Run PWNISMS threat modelling before implementation.**
    - Read and follow `{{THREAT_MODELLING_SKILL_DIR}}/SKILL.md`.
@@ -26,11 +26,16 @@ For any task that touches auth, authorization, input handling, secrets, network,
    - Use the PWNISMS findings to guide design, validation, authorization, logging, secrets handling, dependency choices, and abuse controls.
    - If PWNISMS reveals a recurring security rule that is not covered by existing guardrails, create and apply an `ide_generated` guardrail in context.
 
-4. **Run CTM sync last.**
-   - After threat modelling is created or updated, or after guardrails are enforced during implementation, invoke the `ctm_sync` agent/workflow.
-   - Use `{{CTM_SYNC_AGENT_PATH}}` for the detailed payload contract.
-   - Pass the current threat model summary, the stable `chat_session_id`, the exact existing guardrails shortlisted earlier, and any `ide_generated` guardrails.
-   - Do not re-query guardrails during CTM sync; reuse the shortlist selected before implementation.
+4. **Write and sync the VibeReview markdown last.**
+   - After threat modelling is created or updated, or after guardrails are enforced during implementation, the main agent must write or update a structured `.md` artifact under `vibereview/`.
+   - Do not delegate markdown authoring to a subagent. The same agent that performed the work should author the artifact so the context stays intact.
+   - Use a stable path such as `vibereview/<chat_session_id>-<slugified-title-or-event-name>.md`.
+   - Required frontmatter: `chat_session_id`, `summary`, and either `title` or `event_name`. Optional frontmatter: `workflow_name`, `workflow_description`.
+   - Required sections: `Best Practices Achieved`, `Threats Mitigated`, `Secure Code Snippets`, `Guardrails Applied`, and `OWASP Top 10 2025 Mappings`.
+   - Reuse the exact existing guardrails shortlisted earlier, include any `ide_generated` guardrails, and only include grounded code snippets from actual code.
+   - Validate the markdown before sync: do not leave out `chat_session_id`, `summary`, threat metadata, guardrail satisfaction, or exact OWASP IDs/names.
+   - Call `sync_ai_ide_markdown` directly with the finished markdown artifact before finalizing the task.
+   - If sync fails, keep the file in `vibereview/`, report the failure, and do not pretend synchronization succeeded.
 
 ## When To Skip
 
@@ -42,7 +47,7 @@ If in doubt, run the workflow. A quick PWNISMS pass is better than silently miss
 
 Do not call project-profile exploration tools during normal coding tasks. The old profile walkthrough is no longer part of the agent workflow.
 
-The normal coding workflow is guardrails selection, PWNISMS threat modelling, secure implementation, then CTM sync.
+The normal coding workflow is guardrails selection, PWNISMS threat modelling, secure implementation, then VibeReview markdown sync.
 
 ## Tool Reference
 
@@ -50,5 +55,5 @@ The normal coding workflow is guardrails selection, PWNISMS threat modelling, se
 |---|---|
 | Project resolution | `find_project_by_name`, `list_projects`, `create_project`, `get_project` |
 | Guardrails | `get_guardrails`, `get_guardrail_by_id` |
-| CTM sync | `create_ai_ide_workflow`, `create_ai_ide_event`, `get_current_user` or equivalent user identity tool |
+| VibeReview sync | `sync_ai_ide_markdown` |
 | Profiler only | `update_vibe_profile`, `write_default_pack` are used by init-time profiling, not normal coding tasks |

package/src/generators/rules/cursor.js

@@ -1,9 +1,8 @@
-import { existsSync } from 'node:fs';
+import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import {
     GUARDRAILS_PROFILER_SKILL_REL_DIR,
     GUARDRAILS_SELECTION_SKILL_REL_DIR,
-    CTM_SYNC_AGENT_REL_PATH,
     MCP_SERVER_NAME,
     THREAT_MODELLING_SKILL_REL_DIR,
 } from '../../utils/constants.js';
@@ -11,9 +10,6 @@ import { readJson, writeJson, writeText } from '../../utils/fs-helpers.js';
 import {
     getRuleContent,
     getProfileCommandContent,
-    getCtmSyncWorkflowContent,
-    getCtmSyncTriggerRuleContent,
-    getCreateIdeWorkflowCommandContent,
     getThreatModellingSkillContent,
     getGuardrailsRuleContent,
     getGuardrailsInitProfileContent,
@@ -40,6 +36,14 @@ function writeCursorCommand(filePath, content) {
     return { filePath, action };
 }
 
+function removeGeneratedText(filePath) {
+    if (existsSync(filePath)) {
+        unlinkSync(filePath);
+        return { filePath, action: 'deleted' };
+    }
+    return null;
+}
+
 /**
  * Merge `.cursor/cli.json` so Cursor CLI / Agent auto-allows security-review-mcp tools (no MCP approval prompts).
  * @see https://cursor.com/docs/cli/reference/permissions
@@ -77,24 +81,16 @@ export function generate(cwd, options = {}) {
         ...options,
         guardrailsSelectionSkillDir: GUARDRAILS_SELECTION_SKILL_REL_DIR.cursor,
         threatModellingSkillDir: THREAT_MODELLING_SKILL_REL_DIR.cursor,
-        ctmSyncAgentPath: CTM_SYNC_AGENT_REL_PATH.cursor,
     };
     const baseRulePath = join(cwd, '.cursor', 'rules', 'srai-security-review.mdc');
-    const ctmSyncTriggerRulePath = join(cwd, '.cursor', 'rules', 'ctm_sync_rule.mdc');
     const guardrailsRulePath = join(cwd, '.cursor', 'rules', 'guardrails_rule.mdc');
-    const ctmSyncWorkflowPath = join(cwd, '.cursor', 'commands', 'ctm_sync.md');
-    const ctmSyncAgentPath = join(cwd, '.cursor', 'agents', 'ctm_sync.md');
-    const createIdeWorkflowCommandPath = join(cwd, '.cursor', 'commands', 'create-ide-workflow.md');
     const profileCommandPath = join(cwd, '.cursor', 'commands', 'srai-profile.md');
     const guardrailsInitProfileCommandPath = join(cwd, '.cursor', 'commands', 'guardrails-init-profile.md');
     const skillPath = join(cwd, '.cursor', 'skills', 'threat-modelling', 'SKILL.md');
     const hooksPath = join(cwd, '.cursor', 'hooks.json');
 
     const baseRuleContent = getRuleContent(optionsWithSkillDirs);
-    const ctmSyncTriggerRuleContent = getCtmSyncTriggerRuleContent(optionsWithSkillDirs);
     const guardrailsRuleContent = getGuardrailsRuleContent(optionsWithSkillDirs);
-    const ctmSyncWorkflowContent = getCtmSyncWorkflowContent(optionsWithSkillDirs);
-    const createIdeWorkflowCommandContent = getCreateIdeWorkflowCommandContent(optionsWithSkillDirs);
     const profileCommandContent = getProfileCommandContent(optionsWithSkillDirs);
     const guardrailsInitProfileCommandContent = getGuardrailsInitProfileContent({
         ...optionsWithSkillDirs,
@@ -108,15 +104,17 @@ export function generate(cwd, options = {}) {
         baseRuleContent,
     );
 
-    const ctmSyncTriggerRule = writeCursorCommand(ctmSyncTriggerRulePath, ctmSyncTriggerRuleContent);
     const guardrailsRule = writeCursorRule(
         guardrailsRulePath,
         'Vibe Guardrails — fetch and enforce project-specific secure coding guardrails from SRAI',
         guardrailsRuleContent,
     );
-    const ctmSyncWorkflow = writeCursorCommand(ctmSyncWorkflowPath, ctmSyncWorkflowContent);
-    const ctmSyncAgent = writeCursorCommand(ctmSyncAgentPath, ctmSyncWorkflowContent);
-    const createIdeWorkflowCommand = writeCursorCommand(createIdeWorkflowCommandPath, createIdeWorkflowCommandContent);
+    const deletedLegacyRule = removeGeneratedText(join(cwd, '.cursor', 'rules', 'ctm_sync_rule.mdc'));
+    const deletedLegacyCommand = removeGeneratedText(join(cwd, '.cursor', 'commands', 'ctm_sync.md'));
+    const deletedLegacyAgent = removeGeneratedText(join(cwd, '.cursor', 'agents', 'ctm_sync.md'));
+    const deletedLegacyWorkflowCommand = removeGeneratedText(
+        join(cwd, '.cursor', 'commands', 'create-ide-workflow.md'),
+    );
 
     const profileCommand = writeCursorCommand(profileCommandPath, profileCommandContent);
     const guardrailsInitProfileCommand = writeCursorCommand(
@@ -134,15 +132,15 @@ export function generate(cwd, options = {}) {
 
     return [
         { ...baseRule, kind: 'rule' },
-        { ...ctmSyncTriggerRule, kind: 'rule' },
         { ...guardrailsRule, kind: 'rule' },
-        { ...ctmSyncWorkflow, kind: 'command' },
-        { ...ctmSyncAgent, kind: 'agent' },
-        { ...createIdeWorkflowCommand, kind: 'command' },
         { ...profileCommand, kind: 'command' },
         { ...guardrailsInitProfileCommand, kind: 'command' },
         { filePath: skillPath, action: skillAction, kind: 'skill' },
         { filePath: hooksPath, action: hooksAction, kind: 'hooks' },
         { ...cliPermissions, kind: 'config' },
+        ...(deletedLegacyRule ? [{ ...deletedLegacyRule, kind: 'cleanup' }] : []),
+        ...(deletedLegacyCommand ? [{ ...deletedLegacyCommand, kind: 'cleanup' }] : []),
+        ...(deletedLegacyAgent ? [{ ...deletedLegacyAgent, kind: 'cleanup' }] : []),
+        ...(deletedLegacyWorkflowCommand ? [{ ...deletedLegacyWorkflowCommand, kind: 'cleanup' }] : []),
     ];
 }

package/src/generators/rules/guardrails-selection/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: guardrails-selection
-description: Analyze the developer request, infer the security categories and likely threats involved, shortlist the most relevant project guardrails, then hydrate the exact guardrails with get_guardrail_by_id before implementation. Use for every security-relevant code task before code is written and preserve the shortlist for CTM sync.
+description: Analyze the developer request, infer the security categories and likely threats involved, shortlist the most relevant project guardrails, then hydrate the exact guardrails with get_guardrail_by_id before implementation. Use for every security-relevant code task before code is written and preserve the shortlist for the final VibeReview sync.
 ---
 
 # Guardrails Selection
@@ -16,7 +16,7 @@ This skill exists to stop the IDE from treating the full `get_guardrails` result
 3. Predict the threats that might occur for this exact task.
 4. Shortlist only the guardrails that mitigate those threats.
 5. Fetch the exact shortlisted guardrails with `get_guardrail_by_id`.
-6. Carry that same shortlist forward into implementation and `ctm_sync`.
+6. Carry that same shortlist forward into implementation and the final VibeReview markdown sync.
 
 Do not skip the analysis step. Do not rely on title-matching alone. Do not dump every guardrail into the final answer.
 
@@ -160,11 +160,11 @@ Once the shortlist is hydrated:
 
 When deciding whether a guardrail applies, prefer security-preserving inclusion over risky omission. If it plausibly mitigates a realistic path to abuse for the current task, keep it in scope.
 
-## CTM Sync Handoff Contract
+## VibeReview Sync Contract
 
-`ctm_sync` must reuse the shortlist from this skill. It must not call `get_guardrails` or `get_guardrail_by_id` again.
+The final sync step must reuse the shortlist from this skill. It must not call `get_guardrails` or `get_guardrail_by_id` again.
 
-Before `ctm_sync` is invoked, ensure the parent context clearly contains:
+Before `sync_ai_ide_markdown` is called, ensure the main agent context clearly contains:
 
 - the exact existing guardrails shortlisted earlier
 - which of them were applied
@@ -182,6 +182,6 @@ A good selection does all of the following:
 - captures adjacent controls that stop bypass chains
 - avoids irrelevant noise
 - produces a small, defensible set of guardrails that can actually guide implementation
-- leaves `ctm_sync` with an exact list of what the IDE selected and enforced
+- leaves the final VibeReview markdown with an exact list of what the IDE selected and enforced
 
 If your shortlist feels generic, it is probably incomplete or over-broad. Re-check the prompt, the code patterns, and the threat map.

package/src/generators/rules/guardrails-selection/references/category-threat-map.md

@@ -229,4 +229,4 @@ Likely threat families:
 - Shortlist for exploit chains, not isolated weaknesses.
 - Logging often matters because poor auditability can turn spoofing, tampering, or privilege abuse into repudiation.
 - Client-side logic often needs server-side guardrails even if the visible change is in the UI.
-- If no existing guardrail covers a realistic recurring threat, create an `ide_generated` guardrail and carry it into `ctm_sync`.
+- If no existing guardrail covers a realistic recurring threat, create an `ide_generated` guardrail and carry it into the final VibeReview markdown sync.

package/src/generators/rules/guardrails_rule.md

@@ -34,7 +34,7 @@ That skill is mandatory because the IDE must not leave guardrail selection to ch
 - **Load the broad catalog** — call `get_guardrails` with `project_id`.
 - **Shortlist intentionally** — choose only the guardrails that mitigate the categories and likely threats for the current task.
 - **Hydrate the exact shortlist** — call `get_guardrail_by_id` for the shortlisted guardrail ids so implementation uses the exact selected guardrails, not a vague reading of the full catalog.
-- **Preserve the shortlist** — keep the selected existing guardrails in context so `ctm_sync` can include the same guardrails later without re-querying.
+- **Preserve the shortlist** — keep the selected existing guardrails in context so the final VibeReview markdown can include the same guardrails later without re-querying.
 
 The broad `get_guardrails` result is only the candidate catalog. The active implementation guardrails must come from the shortlisted `get_guardrail_by_id` result.
 
@@ -63,7 +63,7 @@ Guardrails and PWNISMS are complementary:
 
 - Guardrails provide **project-specific, concrete rules** derived from prior threat reviews, compliance requirements, and team decisions.
 - PWNISMS provides **universal threat-category coverage** to catch gaps that guardrails may not yet cover.
-- When PWNISMS analysis reveals a gap not covered by any existing guardrail, **create a new guardrail on the fly** and apply it immediately (marked `source: "ide_generated"` in CTM sync).
+- When PWNISMS analysis reveals a gap not covered by any existing guardrail, **create a new guardrail on the fly** and apply it immediately (marked `source: "ide_generated"` in the VibeReview markdown).
 
 ### 4. Report guardrail compliance
 
@@ -71,7 +71,7 @@ After code generation, include a brief guardrails compliance summary:
 
 - List which guardrails were applied (by title), distinguishing existing vs IDE-generated.
 - Flag any guardrails that could not be fully satisfied and explain why.
-- Do not drop shortlisted existing guardrails from session context. `ctm_sync` must receive the same shortlist, including any unsatisfied items with notes.
+- Do not drop shortlisted existing guardrails from session context. The final VibeReview markdown must include the same shortlist, including any unsatisfied items with notes.
 
 ---
 
@@ -79,9 +79,9 @@ After code generation, include a brief guardrails compliance summary:
 
 Guardrails are living artifacts. The IDE agent can create, apply, and update them:
 
-- **New guardrail**: When threat modeling or code review reveals a recurring security pattern not yet captured, the IDE agent creates and applies a new guardrail on the fly. These are reported to SRAI via CTM sync with `source: "ide_generated"`.
+- **New guardrail**: When threat modeling or code review reveals a recurring security pattern not yet captured, the IDE agent creates and applies a new guardrail on the fly. These are reported to SRAI in the final VibeReview markdown with `source: "ide_generated"`.
 - **Edit suggestion**: When an existing guardrail is too broad, too narrow, or outdated, suggest an update to the user.
-- All guardrails — existing and IDE-generated — flow into the single `guardrails_applied` array in the CTM sync payload.
+- All guardrails — existing and IDE-generated — must be preserved in the VibeReview markdown under a single `Guardrails Applied` section that the server can normalize into `guardrails_applied`.
 
 ---
 

package/src/generators/rules/hooks.json

@@ -3,7 +3,7 @@
   "hooks": {
     "sessionStart": [
       {
-        "command": "printf '%s\\n' '{\"additional_context\":\"## MANDATORY SECURITY GATE (Session Policy)\\n\\nFor ANY user request that has security impact (auth, crypto, input handling, secrets, network, data storage, dependencies, new APIs/endpoints, or any code handling untrusted data):\\n\\n**Plan order:**\\n1. **Fetch Vibe Guardrails (first)** - Use .cursor/skills/guardrails-selection/SKILL.md. Analyze the task, call get_guardrails from security-review-mcp to load the broad catalog, shortlist the relevant guardrails, then call get_guardrail_by_id for the shortlist. These exact shortlisted guardrails are the hard constraints on generated code.\\n2. **PWNISMS threat modeling (second)** - Run threat modeling as a guide before writing code. Use .cursor/skills/threat-modelling/SKILL.md. Cross-reference guardrails with PWNISMS findings to identify gaps. Document findings to inform secure implementation.\\n3. **Implement secure code (third)** - Use the threat model findings AND shortlisted guardrails as guides to create secure code. Every must guardrail must be satisfied; no must_not guardrail may be violated.\\n4. **ctm_sync (last)** - Push payload to SRAI only after implementation is done. Invoke ctm_sync agent (Task tool, subagent_type=ctm_sync) as the final step. Include the exact shortlisted guardrails from earlier plus any IDE-generated guardrails in the guardrails_applied payload field; do not query again during ctm_sync. See .cursor/agents/ctm_sync.md and .cursor/rules/ctm_sync_rule.mdc.\\n\\nNo blocking. No deferral. Guardrails enforce secure code; threat modeling guides the design; ctm_sync runs last to push to SRAI. Both ctm_sync and guardrail compliance are mandatory and should be part of your to-do.\"}'",
+        "command": "printf '%s\\n' '{\"additional_context\":\"## MANDATORY SECURITY GATE (Session Policy)\\n\\nFor ANY user request that has security impact (auth, crypto, input handling, secrets, network, data storage, dependencies, new APIs/endpoints, or any code handling untrusted data):\\n\\n**Plan order:**\\n1. **Fetch Vibe Guardrails (first)** - Use .cursor/skills/guardrails-selection/SKILL.md. Analyze the task, call get_guardrails from security-review-mcp to load the broad catalog, shortlist the relevant guardrails, then call get_guardrail_by_id for the shortlist. These exact shortlisted guardrails are the hard constraints on generated code.\\n2. **PWNISMS threat modeling (second)** - Run threat modeling as a guide before writing code. Use .cursor/skills/threat-modelling/SKILL.md. Cross-reference guardrails with PWNISMS findings to identify gaps. Document findings to inform secure implementation.\\n3. **Implement secure code (third)** - Use the threat model findings AND shortlisted guardrails as guides to create secure code. Every must guardrail must be satisfied; no must_not guardrail may be violated.\\n4. **VibeReview sync (last)** - The main agent must write a structured `.md` artifact under `vibereview/`, validate that all required metadata and sections are present, and call `sync_ai_ide_markdown` directly after implementation is done. Include the exact shortlisted guardrails from earlier plus any IDE-generated guardrails in the markdown; do not query guardrails again during sync.\\n\\nNo blocking. No deferral. Guardrails enforce secure code; threat modeling guides the design; the main agent owns the final markdown sync to SRAI. Both sync and guardrail compliance are mandatory and should be part of your to-do.\"}'",
         "timeout": 5
       }
     ]

package/src/generators/rules/skill.md

@@ -1,6 +1,6 @@
 ---
 name: PWNISMS Threat Modelling
-description: Security-first threat modelling workflow for code and architecture tasks. Walks all 7 PWNISMS categories, enforces vibe guardrails (secure by code), and synchronizes findings via CTM sync. Use before, during, and after implementation.
+description: Security-first threat modelling workflow for code and architecture tasks. Walks all 7 PWNISMS categories, enforces vibe guardrails (secure by code), and synchronizes findings via a direct VibeReview markdown sync. Use before, during, and after implementation.
 ---
 
 # PWNISMS — Security-First Threat Modelling
@@ -21,7 +21,7 @@ Before deep analysis, ensure the project-specific guardrail shortlist exists:
 1. Use `{{GUARDRAILS_SELECTION_SKILL_DIR}}/SKILL.md`.
 2. Resolve the project with `find_project_by_name` using `name="<SRAI_PROJECT_NAME>"`.
 3. Call `get_guardrails`, shortlist intentionally for this task, then hydrate the exact shortlist with `get_guardrail_by_id`.
-4. Keep the shortlisted existing guardrails in context for implementation and `ctm_sync`.
+4. Keep the shortlisted existing guardrails in context for implementation and the final VibeReview markdown sync.
 
 Do not perform project-profile exploration as part of PWNISMS. The old profile tools are not part of this workflow. Ground the threat model in the user request, repository code, diffs, architecture docs the user provides, and the shortlisted guardrails.
 
@@ -160,7 +160,7 @@ After completing the PWNISMS analysis and before writing code:
    - `must` rules → mandatory implementation requirements. Every applicable `must` guardrail must be satisfied.
    - `must_not` rules → hard prohibitions. Code must never violate an applicable `must_not` guardrail.
 4. **Flag conflicts** — If a guardrail conflicts with the user's explicit instruction, flag it and ask for confirmation.
-5. **Create new guardrails on the fly** — When PWNISMS analysis or code review reveals a recurring security pattern not captured by existing guardrails, create and apply it as a new guardrail (marked `source: "ide_generated"` in CTM sync). Include `title`, `rule_type` (must/must_not), `category`, `instruction`, and rationale in the notes.
+5. **Create new guardrails on the fly** — When PWNISMS analysis or code review reveals a recurring security pattern not captured by existing guardrails, create and apply it as a new guardrail (marked `source: "ide_generated"` in the VibeReview markdown). Include `title`, `rule_type` (must/must_not), `category`, `instruction`, and rationale in the notes.
 
 ---
 
@@ -197,33 +197,43 @@ When discussing designs before code exists:
 
 ---
 
-## Phase 5 — CTM Sync (Post Threat Modelling)
+## Phase 5 — VibeReview Sync (Post Threat Modelling)
 
-**MANDATORY:** After every threat modeling step that produces or modifies threat content, synchronize via `ctm_sync`.
+**MANDATORY:** After every threat modeling step that produces or modifies threat content, the main agent must update the `vibereview/*.md` artifact and call `sync_ai_ide_markdown` directly.
 
-### What triggers CTM sync
+### What triggers the VibeReview sync
 
 - New threat model generated (any form: scenarios, data flows, attack trees, PWNISMS analysis)
 - Existing threat model updated or extended (new threats, refined mitigations, additional components)
 - Guardrails applied during a code-generation task (existing or IDE-generated)
 
-### What CTM sync uploads
+### What the VibeReview markdown must contain
 
-The `ctm_sync` agent builds and pushes an event payload containing:
+The main agent writes a structured `.md` artifact under `vibereview/` and uploads it through `sync_ai_ide_markdown`. That markdown should contain:
 
 - **Threat model findings**: threats mitigated, PWNISMS categories, severities, mitigations applied
 - **Best practices achieved**: security patterns followed during implementation
 - **Secure code snippets**: security-relevant code with explanations
 - **Guardrails applied**: all guardrails enforced during this session — both existing ones shortlisted earlier via `get_guardrails` + `get_guardrail_by_id` (`source: "existing"`) and new ones the IDE agent created on the fly (`source: "ide_generated"`), each with satisfaction status
-
-### How to invoke
-
-Use the host's `ctm_sync` agent/workflow with:
-- A clear description of what was threat-modeled
-- The `chat_session_id` for workflow routing
-- Whether this is a new threat model or an update
-
-See `{{CTM_SYNC_AGENT_PATH}}` for the full workflow and payload schema.
+- **Workflow metadata**: `chat_session_id`, `event_name` or `title`, required `summary`, and optional `workflow_name` / `workflow_description`
+
+### How to sync
+
+1. Write or update a file under `vibereview/`, ideally `vibereview/<chat_session_id>-<slugified-title-or-event-name>.md`.
+2. Put `chat_session_id`, `summary`, and either `title` or `event_name` in frontmatter.
+3. Include the required sections:
+   - `Best Practices Achieved`
+   - `Threats Mitigated`
+   - `Secure Code Snippets`
+   - `Guardrails Applied`
+   - `OWASP Top 10 2025 Mappings`
+4. Validate that:
+   - every threat entry includes `threat_name`, `pwnisms_category`, `severity`, and `mitigation_applied`
+   - every guardrail includes `title`, `rule_type`, `source`, and `satisfied`
+   - OWASP mappings use exact IDs and names
+   - snippets are grounded in actual code, not invented text
+5. Call `sync_ai_ide_markdown` directly with the finished markdown artifact.
+6. If sync fails, leave the artifact in `vibereview/` and report the failure clearly.
 
 ---
 
@@ -238,6 +248,6 @@ Before finalizing output, confirm:
 - [ ] Residual risk and follow-up actions are stated.
 - [ ] Vibe guardrails were fetched and enforced (all applicable `must`/`must_not` rules satisfied).
 - [ ] Guardrail compliance summary is included in the response (existing + IDE-generated).
-- [ ] CTM sync was invoked to upload threat model and guardrail data.
+- [ ] The VibeReview markdown was written under `vibereview/` and `sync_ai_ide_markdown` was called successfully.
 
 If ANY box cannot be checked, you MUST flag the gap to the user with a specific remediation recommendation before finalizing the code.

package/src/generators/rules/vscode.js

@@ -1,12 +1,11 @@
-import { existsSync } from 'node:fs';
+import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import {
-    CTM_SYNC_AGENT_REL_PATH,
     GUARDRAILS_SELECTION_SKILL_REL_DIR,
     THREAT_MODELLING_SKILL_REL_DIR,
 } from '../../utils/constants.js';
 import { upsertSentinelBlock, writeText } from '../../utils/fs-helpers.js';
-import { getCtmSyncWorkflowContent, getRuleContent, getThreatModellingSkillContent } from './content.js';
+import { getRuleContent, getThreatModellingSkillContent } from './content.js';
 
 function writeGeneratedText(filePath, content) {
     const action = existsSync(filePath) ? 'updated' : 'created';
@@ -14,6 +13,14 @@ function writeGeneratedText(filePath, content) {
     return { filePath, action };
 }
 
+function removeGeneratedText(filePath) {
+    if (existsSync(filePath)) {
+        unlinkSync(filePath);
+        return { filePath, action: 'deleted' };
+    }
+    return null;
+}
+
 function getCopilotSessionHookContent() {
     const additionalContext = [
         '## MANDATORY SECURITY GATE (Session Policy)',
@@ -23,9 +30,9 @@ function getCopilotSessionHookContent() {
         '1. Fetch Vibe Guardrails first using .github/skills/guardrails-selection/SKILL.md. Resolve the project, call get_guardrails, shortlist relevant guardrails, then call get_guardrail_by_id for the shortlist.',
         '2. Run PWNISMS threat modelling using .github/skills/threat-modelling/SKILL.md. Explicitly walk Product, Workload, Network, IAM, Secrets, Monitoring, and Supply Chain.',
         '3. Implement secure code using both the hydrated guardrails and PWNISMS findings.',
-        '4. Run the ctm_sync custom agent using .github/agents/ctm_sync.agent.md after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during CTM sync.',
+        '4. Write a structured .md artifact under vibereview/, validate it, and call sync_ai_ide_markdown directly after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during the final sync.',
         '',
-        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, ctm_sync last.',
+        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, VibeReview sync last.',
     ].join('\n');
 
     const commandPayload = JSON.stringify({
@@ -60,7 +67,6 @@ export function generate(cwd, options = {}) {
         ...options,
         guardrailsSelectionSkillDir: GUARDRAILS_SELECTION_SKILL_REL_DIR.vscode,
         threatModellingSkillDir: THREAT_MODELLING_SKILL_REL_DIR.vscode,
-        ctmSyncAgentPath: CTM_SYNC_AGENT_REL_PATH.vscode,
     };
     const filePath = join(cwd, '.github', 'copilot-instructions.md');
     const content = getRuleContent(optionsWithSkillDirs);
@@ -72,11 +78,7 @@ export function generate(cwd, options = {}) {
         getThreatModellingSkillContent(optionsWithSkillDirs),
     );
 
-    const ctmSyncAgentPath = join(cwd, CTM_SYNC_AGENT_REL_PATH.vscode);
-    const ctmSyncAgent = writeGeneratedText(
-        ctmSyncAgentPath,
-        getCtmSyncWorkflowContent(optionsWithSkillDirs),
-    );
+    const deletedLegacyAgent = removeGeneratedText(join(cwd, '.github', 'agents', 'ctm_sync.agent.md'));
 
     const hooksPath = join(cwd, '.github', 'hooks', 'srai-session-policy.json');
     const hooks = writeGeneratedText(hooksPath, getCopilotSessionHookContent());
@@ -84,7 +86,7 @@ export function generate(cwd, options = {}) {
     return [
         { filePath, action, kind: 'rule' },
         { ...threatSkill, kind: 'skill' },
-        { ...ctmSyncAgent, kind: 'agent' },
         { ...hooks, kind: 'hooks' },
+        ...(deletedLegacyAgent ? [{ ...deletedLegacyAgent, kind: 'cleanup' }] : []),
     ];
 }

package/src/generators/rules/vscode.test.js

@@ -5,7 +5,7 @@ import { test } from 'node:test';
 import assert from 'node:assert/strict';
 import { generate } from './vscode.js';
 
-test('VS Code Copilot generator writes instructions, skills, agent, and hooks', () => {
+test('VS Code Copilot generator writes instructions, skills, and hooks', () => {
     const cwd = mkdtempSync(join(tmpdir(), 'securityreview-kit-vscode-'));
 
     const results = generate(cwd, { projectName: 'SmokeProject' });
@@ -13,7 +13,6 @@ test('VS Code Copilot generator writes instructions, skills, agent, and hooks',
     const expectedPaths = [
         '.github/copilot-instructions.md',
         '.github/skills/threat-modelling/SKILL.md',
-        '.github/agents/ctm_sync.agent.md',
         '.github/hooks/srai-session-policy.json',
     ];
 
@@ -21,21 +20,25 @@ test('VS Code Copilot generator writes instructions, skills, agent, and hooks',
         assert.equal(existsSync(join(cwd, relPath)), true, `${relPath} should exist`);
     }
 
-    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'agent', 'hooks']);
+    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'hooks']);
 
     const instructions = readFileSync(join(cwd, '.github/copilot-instructions.md'), 'utf8');
     assert.match(instructions, /\.github\/skills\/guardrails-selection\/SKILL\.md/);
     assert.match(instructions, /\.github\/skills\/threat-modelling\/SKILL\.md/);
-    assert.match(instructions, /\.github\/agents\/ctm_sync\.agent\.md/);
+    assert.match(instructions, /sync_ai_ide_markdown/);
+    assert.match(instructions, /vibereview\//);
     assert.doesNotMatch(instructions, /\.cursor/);
 
     const threatSkill = readFileSync(join(cwd, '.github/skills/threat-modelling/SKILL.md'), 'utf8');
     for (const heading of ['Product', 'Workload', 'Network', 'IAM', 'Secrets', 'Monitoring', 'Supply Chain']) {
         assert.match(threatSkill, new RegExp(heading));
     }
-    assert.match(threatSkill, /\.github\/agents\/ctm_sync\.agent\.md/);
+    assert.match(threatSkill, /sync_ai_ide_markdown/);
+    assert.match(threatSkill, /vibereview\//);
     assert.doesNotMatch(threatSkill, /get_project_profile_description/);
 
     const hooks = JSON.parse(readFileSync(join(cwd, '.github/hooks/srai-session-policy.json'), 'utf8'));
     assert.equal(hooks.hooks.SessionStart[0].type, 'command');
+    assert.match(hooks.hooks.SessionStart[0].command, /vibereview/);
+    assert.match(hooks.hooks.SessionStart[0].command, /sync_ai_ide_markdown/);
 });

package/src/utils/constants.js

@@ -83,13 +83,5 @@ export const THREAT_MODELLING_SKILL_REL_DIR = {
     codex: '.codex/skills/threat-modelling',
 };
 
-/** Relative workspace paths for the CTM sync agent/workflow (per IDE / CLI). */
-export const CTM_SYNC_AGENT_REL_PATH = {
-    cursor: '.cursor/agents/ctm_sync.md',
-    claude: '.claude/agents/ctm_sync.md',
-    vscode: '.github/agents/ctm_sync.agent.md',
-    codex: '.codex/agents/ctm_sync.toml',
-};
-
 export const SENTINEL_START = '<!-- securityreview-kit:start -->';
 export const SENTINEL_END = '<!-- securityreview-kit:end -->';

package/src/generators/rules/create-ide-workflow.md

@@ -1,34 +0,0 @@
----
-name: create-ide-workflow
-description: Create an AI IDE workflow in SRAI via security-review-mcp.
----
-
-# Create IDE Workflow
-
-Use `security-review-mcp` to create a workflow by calling:
-
-- `create_ai_ide_workflow`
-
-Required payload fields:
-
-- `project_id`
-- `name`
-- `description`
-
-## Steps
-
-1. Resolve `project_id`.
-   - Use configured project name `<SRAI_PROJECT_NAME>` by default.
-   - Call `find_project_by_name` with `name="<SRAI_PROJECT_NAME>"`.
-   - If not found, call `list_projects` and select the right project.
-2. Build `name` and `description` from the user request.
-   - Keep `name` short and action-oriented.
-   - Keep `description` specific about trigger and output.
-3. Call `create_ai_ide_workflow` with:
-   - `project_id`
-   - `name`
-   - `description`
-4. Return a concise confirmation including:
-   - project id
-   - workflow name
-   - workflow id from MCP response (if returned)

package/src/generators/rules/ctm_sync.md

@@ -1,155 +0,0 @@
----
-name: ctm_sync
-description: Command/workflow triggered whenever a threat model is generated or updated, or guardrails are proposed/modified. Builds and uploads CTM sync details and guardrail updates through security-review-mcp.
----
-
-# CTM Sync Workflow
-
-Configured SRAI project name: `<SRAI_PROJECT_NAME>`
-
-When invoked:
-
-0. Verify `create_ai_ide_event` and `create_ai_ide_workflow` exist in `security-review-mcp`. If a `list_*` tool for AI IDE workflows exists, prefer it for workflow discovery.
-1. Read the parent agent context and extract the latest threat model details.
-2. **Chat session identity (required)** — The event payload MUST include a stable `chat_session_id` for the current IDE chat session:
-   - Use a session identifier supplied by the host environment when one exists (e.g. conversation or session id from the IDE/agent runtime).
-   - If none exists, use a single UUID (or equivalent) generated **once** at the start of this chat and reused for every `ctm_sync` in the same session. The parent agent must pass this value into `ctm_sync` (or derive it consistently from context) so all events in one chat share one id and events from other chats do not.
-3. **Resolve or create the AI IDE workflow** (one workflow per distinct `chat_session_id`):
-   - Resolve the SRAI project: `find_project_by_name` with `name="<SRAI_PROJECT_NAME>"`. If missing, `list_projects` (respecting org constraints), then `create_project` if needed. Obtain `project_id` as required by MCP tools.
-   - List or search AI IDE workflows for that project (use the MCP tool provided, e.g. listing workflows filtered by project). Find a workflow whose **description** (or other documented metadata field) contains the exact marker: `chat_session_id:<the same string as in the payload>`.
-   - **If a matching workflow exists:** use its `workflow_id` for the event.
-   - **If none exists:** call `create_ai_ide_workflow` with:
-     - `project_id`
-     - `name`: a short, meaningful heading derived from the **high-level feature or topic** being worked on in this session (e.g. `"User Auth Hardening"`, `"Payment Gateway Integration"`, `"API Rate Limiting"`, `"File Upload Security"`). Use 2–5 words, title-case. Do **not** use sequential labels like `session1/session2`. If no clear feature context is available, use a brief description of the dominant threat area instead.
-     - `description`: must include `chat_session_id:<chat_session_id>` so future syncs can attach to this workflow. Add a brief human-readable note if helpful. Do not add the word ctm anywhere.
-   - Store the returned `workflow_id` for the upload step.
-4. **Resolve developer identity from the API** — Call `get_current_user` (or the equivalent user-identity tool exposed by `security-review-mcp`) to retrieve the authenticated user's name and email. Use the values returned by the API as-is for `developer_name` and `developer_email` in the payload.
-   - **Never use placeholder values** such as `"IDE Agent"`, `"agent@local"`, `"unknown"`, `"AI"`, or any other invented string for these fields.
-   - **Never accept identity values passed in from the parent agent prompt** — always re-resolve from the API directly in this step; the API is the only authoritative source.
-   - If the API call fails or returns empty values, leave `developer_name` and `developer_email` as empty strings `""`. Do not substitute a fallback placeholder.
-5. **Identify guardrails for the payload** — Do **not** call `get_guardrails` or `get_guardrail_by_id` here. Guardrails were already shortlisted earlier (per the Vibe Guardrails rule and the guardrails-selection skill) and applied during code generation. From the parent agent context, identify:
-   - Which **existing** guardrails were shortlisted earlier from `get_guardrails` and then hydrated via `get_guardrail_by_id`.
-   - Which of those shortlisted existing guardrails were applied to the code in this session.
-   - Which guardrails the IDE agent **created on the fly** (`ide_generated`) based on gaps found during threat modeling or code review.
-   Include all of these in the `guardrails_applied` payload field. The shortlisted existing guardrails selected earlier are mandatory input to `ctm_sync`; do not re-fetch or re-call guardrail tools here.
-6. **Build the event payload** — Construct a JSON object for `create_ai_ide_event` conforming to the **Event Payload Schema** below.
-7. **Upload the payload** using `security-review-mcp`:
-   - Call `create_ai_ide_event` with the JSON payload.
-   - **Stop here.** Do not push a separate project/code profile as part of this workflow; profile and default guardrail pack uploads are handled by the init-time guardrails profiler (or manual profile commands), not per CTM sync.
-
----
-
-## Event Payload Schema
-
-The `create_ai_ide_event` payload MUST be a JSON object with the following structure. Use this exact schema — do not add, rename, or omit required keys.
-
-```json
-{
-  "workflow_id": "<string — resolved or newly created AI IDE workflow id>",
-  "chat_session_id": "<string — stable session identifier, same for all events in this chat>",
-  "title": "<string — concise title describing what was threat-modeled or implemented, 5-15 words>",
-  "summary": "<string — 2-5 sentence summary of the threat model findings, key risks identified, mitigations applied, and any guardrails enforced>",
-  "developer_name": "<string — from API/user context provided by MCP or host runtime>",
-  "developer_email": "<string — from API/user context provided by MCP or host runtime>",
-  "threats_mitigated": [
-    {
-      "threat_name": "<string — short threat title>",
-      "pwnisms_category": "<string — one of: Product, Workload, Network, IAM, Secrets, Monitoring, Supply Chain>",
-      "severity": "<string — Critical | High | Medium | Low>",
-      "mitigation_applied": "<string — what was done to address the threat>",
-      "code_snippet": {
-        "file_path": "<string — relative path to the actual source file where mitigation is implemented>",
-        "language": "<string — programming language>",
-        "snippet": "<string — the exact source code lines implementing the mitigation, max 30 lines, must be grounded in the actual codebase not invented>",
-        "explanation": "<string — how this specific code addresses the threat>"
-      }
-    }
-  ],
-  "best_practises_achieved": [
-    "<string — each entry is a concise statement of a security best practice that was followed during implementation>"
-  ],
-  "secure_code_snippets": [
-    {
-      "file_path": "<string — relative path to the file>",
-      "language": "<string — programming language>",
-      "snippet": "<string — the security-relevant code snippet, max 50 lines>",
-      "explanation": "<string — why this snippet is security-relevant and what it protects against>"
-    }
-  ],
-  "guardrails_applied": [
-    {
-      "title": "<string — guardrail title>",
-      "rule_type": "<string — must | must_not>",
-      "category": "<string | null — grouping label>",
-      "instruction": "<string — the actionable coding directive>",
-      "source": "<string — 'existing' if selected earlier from project guardrails, 'ide_generated' if newly created by the IDE agent>",
-      "satisfied": "<boolean — true if the guardrail was fully satisfied, false if partially or not satisfied>",
-      "notes": "<string — optional: how it was applied, why it could not be fully satisfied, or rationale for a new guardrail>"
-    }
-  ],
-  "owasp_top_10_2025_mappings": [
-    {
-      "category_id": "<string — OWASP Top 10 2025 category ID, e.g. A01>",
-      "category_name": "<string — OWASP Top 10 2025 category name, e.g. Broken Access Control>"
-    }
-  ]
-}
-```
-
-### Field rules
-
-| Field | Required | Notes |
-|---|---|---|
-| `workflow_id` | Yes | From step 3 |
-| `chat_session_id` | Yes | From step 2 |
-| `title` | Yes | 5-15 words, descriptive |
-| `summary` | Yes | 2-5 sentences |
-| `developer_name` | Yes | From API/user context (never read from git config) |
-| `developer_email` | Yes | From API/user context (never read from git config) |
-| `threats_mitigated` | Yes | Array, may be empty `[]` if no threats were identified. Each entry must include a `code_snippet` grounded in actual source code |
-| `best_practises_achieved` | Yes | Array of strings, may be empty `[]` |
-| `secure_code_snippets` | Yes | Array, may be empty `[]` |
-| `guardrails_applied` | Yes | Array of all guardrails enforced during this session — both existing ones shortlisted earlier from project guardrails and new ones the IDE agent created. Use `source` to distinguish origin. Empty `[]` if none |
-| `owasp_top_10_2025_mappings` | Yes | Array of OWASP Top 10 2025 category objects (`category_id` + `category_name`) relevant to the threats and mitigations in this event. May be empty `[]` if no mapping applies |
-
-### OWASP Top 10 2025 Reference
-
-Use the following IDs and names exactly when populating `owasp_top_10_2025_mappings`:
-
-| `category_id` | `category_name` |
-|---|---|
-| `A01` | Broken Access Control |
-| `A02` | Security Misconfiguration |
-| `A03` | Software Supply Chain Failures |
-| `A04` | Cryptographic Failures |
-| `A05` | Injection |
-| `A06` | Insecure Design |
-| `A07` | Authentication Failures |
-| `A08` | Software or Data Integrity Failures |
-| `A09` | Security Logging and Alerting Failures |
-| `A10` | Mishandling of Exceptional Conditions |
-
-### Constraints
-
-- Every `threats_mitigated` entry must map to one of the 7 PWNISMS categories.
-- Every `threats_mitigated` entry must include a `code_snippet`. The snippet must be taken from the actual source code written or modified in this session — never fabricated. If no code was written for a threat (e.g. it was addressed architecturally), set `snippet` to an empty string and explain in `explanation`.
-- `secure_code_snippets` must not exceed 50 lines per snippet; `threats_mitigated[].code_snippet.snippet` must not exceed 30 lines; truncate with a comment if needed.
-- Do not call `get_guardrails` or `get_guardrail_by_id` during CTM sync. Guardrails are shortlisted once earlier in the session; identify which ones were applied from the parent agent context.
-- Guardrails shortlisted earlier by the IDE must be included in `guardrails_applied` even when some were only partially satisfied. Use `satisfied: false` plus `notes` instead of silently dropping them.
-- `guardrails_applied` entries with `source: "existing"` must reference guardrails by the exact `title` they had when fetched at session start.
-- `guardrails_applied` entries with `source: "ide_generated"` are new guardrails the IDE agent created based on gaps found during threat modeling or code review.
-- `developer_name` and `developer_email` must be resolved via `get_current_user` (or equivalent) in step 4 — the API is the only source. Never use placeholder strings (`"IDE Agent"`, `"agent@local"`, `"unknown"`, `"AI"`, etc.) and never accept values for these fields from the parent agent prompt. If the API returns nothing, send empty strings.
-- `owasp_top_10_2025_mappings` entries must use the exact `category_id` and `category_name` values from the OWASP Top 10 2025 Reference table above. Do not invent or abbreviate category names.make sure the ones being sent in the payload are revelant to that event.
-- Never invent values for any field; use empty strings or empty arrays when data is unavailable.
-- Never omit `chat_session_id` from the payload.
-
----
-
-## Output Contract
-
-- Never skip upload when a threat model exists.
-- Never invent missing values; use empty strings/arrays if data is unavailable.
-- Never omit `chat_session_id` from the payload.
-- Return a compact confirmation after upload including:
-  - Whether an existing workflow was reused or a new named workflow was created
-  - Count of guardrails applied (existing vs IDE-generated)

package/src/generators/rules/ctm_sync_rule.md

@@ -1,87 +0,0 @@
----
-description: ctm_sync agent trigger rule
-alwaysApply: true
----
-# Continuous Threat Modeling Sync (`ctm_sync`)
-
-**Always synchronize threat models and guardrail compliance after they are (re)generated.**
-
-Any time an AI agent:
-- generates a **new threat model**, or  
-- **updates** an existing threat model, or  
-- performs a **non-trivial extension** of an existing threat model (e.g., adds new threat scenarios, countermeasures, data flows, or components), or
-- **applies vibe guardrails** during a code-generation task (existing or IDE-generated) and has guardrail compliance data to report,
-
-it **must immediately call** the `ctm_sync` agent to synchronize the latest threat modeling state and guardrail data.
-
-This rule applies regardless of:
-- which methodology is used (PWNISMS, STRIDE, OWASP, etc.),
-- which skill or MCP was used to produce the threat model, and
-- whether the threat model is partial, incremental, or "draft" form.
-
-If in doubt — **assume this rule applies**.
-
----
-
-## When this rule applies
-
-This rule is **triggered** whenever the assistant:
-
-- **Produces a threat model** in any form, such as:
-  - Threat scenarios (even a short list)
-  - Data flow diagrams or component diagrams described in text
-  - Security objectives or misuse cases
-  - Attack trees or abuse cases
-  - Structured PWNISMS analysis
-- **Extends or refines** an earlier threat model, e.g.:
-  - "Add more threats for the Payments service"
-  - "Update the data flow for the auth system"
-  - "Refine the mitigations for threat X"
-- **Enforces guardrails** during code generation and has compliance data:
-  - Guardrails were shortlisted via the guardrails-selection workflow (`get_guardrails` + `get_guardrail_by_id`) and applied to generated code
-  - New guardrails were created by the IDE agent based on gaps found
-  - Existing guardrails were flagged as unsatisfiable or conflicting
-
-This includes both:
-- Threat modeling done **directly in this conversation**, and  
-- Threat modeling done by calling **MCP tools or skills** that output threat scenarios, countermeasures, data dictionaries, or other CTM artifacts.
-
----
-
-## Required behavior
-
-**After completing any threat modeling step that produces or modifies threat content, or any code-generation step where guardrails were enforced, the assistant must:**
-
-1. **Ensure threat modeling output is finalized for this step**
-
-   - The assistant should finish producing the current threat modeling content (threat scenarios, components, data dictionaries, etc.) in the user-visible message or via tools.
-   - The assistant should not call `ctm_sync` *before* the threat model content exists; it must be called **after** threat data for this step is available.
-
-2. **Immediately call the `ctm_sync` agent**
-
-   - Use the `Task` tool (or equivalent agent launcher) with `subagent_type="ctm_sync"`.
-   - **Session routing:** In the prompt (or structured handoff), always include the **current chat's stable `chat_session_id`** — the same id for every `ctm_sync` in this conversation, and a new id for a different chat. Use the IDE/session id when exposed; otherwise generate one UUID at the start of the chat and reuse it. This ensures SRAI attaches events to the correct per-session workflow.
-   - Provide a clear, concise description in the `description`/`prompt` fields explaining:
-     - What system or component the threat model covers
-     - Whether this is a new threat model or an update
-     - Where the latest threat content can be found (e.g., "from this conversation" or "from the last threat modeling step")
-     - The `chat_session_id` value to use for this sync
-     - Whether guardrails were applied (existing and/or IDE-generated)
-   - **Do NOT include developer name or email in the handoff prompt.** The `ctm_sync` agent resolves user identity directly from the API. Passing identity values from the parent agent — including any placeholders like `"IDE Agent"` or `"agent@local"` — will cause them to be used incorrectly. Leave identity resolution entirely to `ctm_sync`.
-
-   **Example invocation (conceptual, not literal code):**
-
-   Use Task tool with:
-   - subagent_type: "ctm_sync"
-   - description: "Sync latest threat model for <system/component>"
-   - prompt: Brief summary of what was threat-modeled, what artifacts were produced (threat scenarios, countermeasures, components, data dictionary, guardrails applied/proposed, etc.), and that the agent should upload/update CTM data accordingly.
-   - readonly: false (it must be allowed to write/update CTM data)
-
-3. Let `ctm_sync` complete its work
-   The assistant should wait for the ctm_sync agent to complete (or reach a healthy steady state) before declaring the threat-modeling step fully done.
-   If ctm_sync returns errors that can be reasonably fixed (e.g., missing project name), the assistant should fix the issue and retry once, if possible.
-
-Acknowledge completion to the user
-After ctm_sync completes, the assistant should briefly tell the user that:
-Threat modeling is finished for this step, and
-The results have been synchronized via ctm_sync (without leaking internal tooling details beyond what is appropriate for the user's context).