@securityreviewai/securityreview-kit 0.1.42 → 0.1.44

package/src/generators/rules/guardrails-selection/references/category-threat-map.md

@@ -229,4 +229,4 @@ Likely threat families:
 - Shortlist for exploit chains, not isolated weaknesses.
 - Logging often matters because poor auditability can turn spoofing, tampering, or privilege abuse into repudiation.
 - Client-side logic often needs server-side guardrails even if the visible change is in the UI.
-- If no existing guardrail covers a realistic recurring threat, create an `ide_generated` guardrail and carry it into `ctm_sync`.
+- If no existing guardrail covers a realistic recurring threat, create an `ide_generated` guardrail and carry it into the final VibeReview markdown sync.

package/src/generators/rules/guardrails_rule.md

@@ -34,7 +34,7 @@ That skill is mandatory because the IDE must not leave guardrail selection to ch
 - **Load the broad catalog** — call `get_guardrails` with `project_id`.
 - **Shortlist intentionally** — choose only the guardrails that mitigate the categories and likely threats for the current task.
 - **Hydrate the exact shortlist** — call `get_guardrail_by_id` for the shortlisted guardrail ids so implementation uses the exact selected guardrails, not a vague reading of the full catalog.
-- **Preserve the shortlist** — keep the selected existing guardrails in context so `ctm_sync` can include the same guardrails later without re-querying.
+- **Preserve the shortlist** — keep the selected existing guardrails in context so the final VibeReview markdown can include the same guardrails later without re-querying.
 
 The broad `get_guardrails` result is only the candidate catalog. The active implementation guardrails must come from the shortlisted `get_guardrail_by_id` result.
 
@@ -63,7 +63,7 @@ Guardrails and PWNISMS are complementary:
 
 - Guardrails provide **project-specific, concrete rules** derived from prior threat reviews, compliance requirements, and team decisions.
 - PWNISMS provides **universal threat-category coverage** to catch gaps that guardrails may not yet cover.
-- When PWNISMS analysis reveals a gap not covered by any existing guardrail, **create a new guardrail on the fly** and apply it immediately (marked `source: "ide_generated"` in CTM sync).
+- When PWNISMS analysis reveals a gap not covered by any existing guardrail, **create a new guardrail on the fly** and apply it immediately (marked `source: "ide_generated"` in the VibeReview markdown).
 
 ### 4. Report guardrail compliance
 
@@ -71,7 +71,7 @@ After code generation, include a brief guardrails compliance summary:
 
 - List which guardrails were applied (by title), distinguishing existing vs IDE-generated.
 - Flag any guardrails that could not be fully satisfied and explain why.
-- Do not drop shortlisted existing guardrails from session context. `ctm_sync` must receive the same shortlist, including any unsatisfied items with notes.
+- Do not drop shortlisted existing guardrails from session context. The final VibeReview markdown must include the same shortlist, including any unsatisfied items with notes.
 
 ---
 
@@ -79,9 +79,9 @@ After code generation, include a brief guardrails compliance summary:
 
 Guardrails are living artifacts. The IDE agent can create, apply, and update them:
 
-- **New guardrail**: When threat modeling or code review reveals a recurring security pattern not yet captured, the IDE agent creates and applies a new guardrail on the fly. These are reported to SRAI via CTM sync with `source: "ide_generated"`.
+- **New guardrail**: When threat modeling or code review reveals a recurring security pattern not yet captured, the IDE agent creates and applies a new guardrail on the fly. These are reported to SRAI in the final VibeReview markdown with `source: "ide_generated"`.
 - **Edit suggestion**: When an existing guardrail is too broad, too narrow, or outdated, suggest an update to the user.
-- All guardrails — existing and IDE-generated — must be preserved in the CTM sync markdown under a single `Guardrails Applied` section that the server can normalize into `guardrails_applied`.
+- All guardrails — existing and IDE-generated — must be preserved in the VibeReview markdown under a single `Guardrails Applied` section that the server can normalize into `guardrails_applied`.
 
 ---
 

package/src/generators/rules/hooks.json

@@ -3,7 +3,7 @@
   "hooks": {
     "sessionStart": [
       {
-        "command": "printf '%s\\n' '{\"additional_context\":\"## MANDATORY SECURITY GATE (Session Policy)\\n\\nFor ANY user request that has security impact (auth, crypto, input handling, secrets, network, data storage, dependencies, new APIs/endpoints, or any code handling untrusted data):\\n\\n**Plan order:**\\n1. **Fetch Vibe Guardrails (first)** - Use .cursor/skills/guardrails-selection/SKILL.md. Analyze the task, call get_guardrails from security-review-mcp to load the broad catalog, shortlist the relevant guardrails, then call get_guardrail_by_id for the shortlist. These exact shortlisted guardrails are the hard constraints on generated code.\\n2. **PWNISMS threat modeling (second)** - Run threat modeling as a guide before writing code. Use .cursor/skills/threat-modelling/SKILL.md. Cross-reference guardrails with PWNISMS findings to identify gaps. Document findings to inform secure implementation.\\n3. **Implement secure code (third)** - Use the threat model findings AND shortlisted guardrails as guides to create secure code. Every must guardrail must be satisfied; no must_not guardrail may be violated.\\n4. **ctm_sync (last)** - Write a structured `.md` sync artifact and push it to SRAI only after implementation is done. Invoke ctm_sync agent (Task tool, subagent_type=ctm_sync) as the final step. Include the exact shortlisted guardrails from earlier plus any IDE-generated guardrails in the markdown; do not query again during ctm_sync. See .cursor/agents/ctm_sync.md and .cursor/rules/ctm_sync_rule.mdc.\\n\\nNo blocking. No deferral. Guardrails enforce secure code; threat modeling guides the design; ctm_sync runs last to sync the markdown artifact to SRAI. Both ctm_sync and guardrail compliance are mandatory and should be part of your to-do.\"}'",
+        "command": "printf '%s\\n' '{\"additional_context\":\"## MANDATORY SECURITY GATE (Session Policy)\\n\\nFor ANY user request that has security impact (auth, crypto, input handling, secrets, network, data storage, dependencies, new APIs/endpoints, or any code handling untrusted data):\\n\\n**Plan order:**\\n1. **Fetch Vibe Guardrails (first)** - Use .cursor/skills/guardrails-selection/SKILL.md. Analyze the task, call get_guardrails from security-review-mcp to load the broad catalog, shortlist the relevant guardrails, then call get_guardrail_by_id for the shortlist. These exact shortlisted guardrails are the hard constraints on generated code.\\n2. **PWNISMS threat modeling (second)** - Run threat modeling as a guide before writing code. Use .cursor/skills/threat-modelling/SKILL.md. Cross-reference guardrails with PWNISMS findings to identify gaps. Document findings to inform secure implementation.\\n3. **Implement secure code (third)** - Use the threat model findings AND shortlisted guardrails as guides to create secure code. Every must guardrail must be satisfied; no must_not guardrail may be violated.\\n4. **VibeReview sync (last)** - Read .cursor/skills/vibereview-sync/SKILL.md. The main agent must write a structured `.md` artifact under `vibereview/`, must not read sibling markdown files there just to infer format, must validate that all required metadata and sections are present, and must call `sync_ai_ide_markdown` directly after implementation is done. Include the exact shortlisted guardrails from earlier plus any IDE-generated guardrails in the markdown; do not query guardrails again during sync.\\n\\nNo blocking. No deferral. Guardrails enforce secure code; threat modeling guides the design; the main agent owns the final markdown sync to SRAI. Both sync and guardrail compliance are mandatory and should be part of your to-do.\"}'",
         "timeout": 5
       }
     ]

package/src/generators/rules/skill.md

@@ -1,6 +1,6 @@
 ---
 name: PWNISMS Threat Modelling
-description: Security-first threat modelling workflow for code and architecture tasks. Walks all 7 PWNISMS categories, enforces vibe guardrails (secure by code), and synchronizes findings via CTM sync. Use before, during, and after implementation.
+description: Security-first threat modelling workflow for code and architecture tasks. Walks all 7 PWNISMS categories, enforces vibe guardrails (secure by code), and synchronizes findings via a direct VibeReview markdown sync. Use before, during, and after implementation.
 ---
 
 # PWNISMS — Security-First Threat Modelling
@@ -21,7 +21,7 @@ Before deep analysis, ensure the project-specific guardrail shortlist exists:
 1. Use `{{GUARDRAILS_SELECTION_SKILL_DIR}}/SKILL.md`.
 2. Resolve the project with `find_project_by_name` using `name="<SRAI_PROJECT_NAME>"`.
 3. Call `get_guardrails`, shortlist intentionally for this task, then hydrate the exact shortlist with `get_guardrail_by_id`.
-4. Keep the shortlisted existing guardrails in context for implementation and `ctm_sync`.
+4. Keep the shortlisted existing guardrails in context for implementation and the final VibeReview markdown sync.
 
 Do not perform project-profile exploration as part of PWNISMS. The old profile tools are not part of this workflow. Ground the threat model in the user request, repository code, diffs, architecture docs the user provides, and the shortlisted guardrails.
 
@@ -160,7 +160,7 @@ After completing the PWNISMS analysis and before writing code:
    - `must` rules → mandatory implementation requirements. Every applicable `must` guardrail must be satisfied.
    - `must_not` rules → hard prohibitions. Code must never violate an applicable `must_not` guardrail.
 4. **Flag conflicts** — If a guardrail conflicts with the user's explicit instruction, flag it and ask for confirmation.
-5. **Create new guardrails on the fly** — When PWNISMS analysis or code review reveals a recurring security pattern not captured by existing guardrails, create and apply it as a new guardrail (marked `source: "ide_generated"` in CTM sync). Include `title`, `rule_type` (must/must_not), `category`, `instruction`, and rationale in the notes.
+5. **Create new guardrails on the fly** — When PWNISMS analysis or code review reveals a recurring security pattern not captured by existing guardrails, create and apply it as a new guardrail (marked `source: "ide_generated"` in the VibeReview markdown). Include `title`, `rule_type` (must/must_not), `category`, `instruction`, and rationale in the notes.
 
 ---
 
@@ -197,19 +197,19 @@ When discussing designs before code exists:
 
 ---
 
-## Phase 5 — CTM Sync (Post Threat Modelling)
+## Phase 5 — VibeReview Sync (Post Threat Modelling)
 
-**MANDATORY:** After every threat modeling step that produces or modifies threat content, synchronize via `ctm_sync`.
+**MANDATORY:** After every threat modeling step that produces or modifies threat content, the main agent must update the `vibereview/*.md` artifact and call `sync_ai_ide_markdown` directly.
 
-### What triggers CTM sync
+### What triggers the VibeReview sync
 
 - New threat model generated (any form: scenarios, data flows, attack trees, PWNISMS analysis)
 - Existing threat model updated or extended (new threats, refined mitigations, additional components)
 - Guardrails applied during a code-generation task (existing or IDE-generated)
 
-### What CTM sync uploads
+### What the VibeReview markdown must contain
 
-The `ctm_sync` agent writes a structured `.md` artifact and uploads it through `sync_ai_ide_markdown`. That markdown should contain:
+The main agent writes a structured `.md` artifact under `vibereview/` and uploads it through `sync_ai_ide_markdown`. That markdown should contain:
 
 - **Threat model findings**: threats mitigated, PWNISMS categories, severities, mitigations applied
 - **Best practices achieved**: security patterns followed during implementation
@@ -217,14 +217,25 @@ The `ctm_sync` agent writes a structured `.md` artifact and uploads it through `
 - **Guardrails applied**: all guardrails enforced during this session — both existing ones shortlisted earlier via `get_guardrails` + `get_guardrail_by_id` (`source: "existing"`) and new ones the IDE agent created on the fly (`source: "ide_generated"`), each with satisfaction status
 - **Workflow metadata**: `chat_session_id`, `event_name` or `title`, required `summary`, and optional `workflow_name` / `workflow_description`
 
-### How to invoke
-
-Use the host's `ctm_sync` agent/workflow with:
-- A clear description of what was threat-modeled
-- The `chat_session_id` for workflow routing
-- Whether this is a new threat model or an update
-
-See `{{CTM_SYNC_AGENT_PATH}}` for the full workflow and markdown schema.
+### How to sync
+
+1. Read and follow `{{VIBEREVIEW_SYNC_SKILL_DIR}}/SKILL.md`.
+2. Write or update a file under `vibereview/`, ideally `vibereview/<chat_session_id>-<slugified-title-or-event-name>.md`.
+3. Put `chat_session_id`, `summary`, and either `title` or `event_name` in frontmatter.
+4. Include the required sections:
+   - `Best Practices Achieved`
+   - `Threats Mitigated`
+   - `Secure Code Snippets`
+   - `Guardrails Applied`
+   - `OWASP Top 10 2025 Mappings`
+5. Validate that:
+   - every threat entry includes `threat_name`, `pwnisms_category`, `severity`, and `mitigation_applied`
+   - every guardrail includes `title`, `rule_type`, `source`, and `satisfied`
+   - OWASP mappings use exact IDs and names
+   - snippets are grounded in actual code, not invented text
+    - no sibling `.md` files in `vibereview/` were read just to infer format or content
+6. Call `sync_ai_ide_markdown` directly with the finished markdown artifact.
+7. If sync fails, leave the artifact in `vibereview/` and report the failure clearly.
 
 ---
 
@@ -239,6 +250,6 @@ Before finalizing output, confirm:
 - [ ] Residual risk and follow-up actions are stated.
 - [ ] Vibe guardrails were fetched and enforced (all applicable `must`/`must_not` rules satisfied).
 - [ ] Guardrail compliance summary is included in the response (existing + IDE-generated).
-- [ ] CTM sync was invoked to upload threat model and guardrail data.
+- [ ] The VibeReview markdown was written under `vibereview/` and `sync_ai_ide_markdown` was called successfully.
 
 If ANY box cannot be checked, you MUST flag the gap to the user with a specific remediation recommendation before finalizing the code.

package/src/generators/rules/vibereview-sync/SKILL.md

@@ -0,0 +1,358 @@
+---
+name: vibereview-sync
+description: Write and synchronize a structured VibeReview markdown artifact under vibereview/ for the current security-relevant session. Use after threat modelling or guardrail-enforced implementation.
+---
+
+# VibeReview Markdown Sync
+
+Configured SRAI project name: `<SRAI_PROJECT_NAME>`
+
+Use this skill whenever threat modelling output exists or security guardrail compliance must be synchronized to SRAI.
+
+This skill exists to make the markdown deterministic, grounded, and parseable without depending on a separate subagent. The same agent that performed the work should author the markdown and call `sync_ai_ide_markdown` directly.
+
+## Core Rules
+
+1. Write the artifact under `vibereview/`.
+2. Author the markdown from the current task context only.
+3. Do not read other `.md` files in `vibereview/` to infer structure, copy content, or merge state.
+4. If the current session file path is already known, update that one file directly.
+5. If the current session file does not exist yet, create a new file using a stable name such as:
+
+```text
+vibereview/<chat_session_id>-<slugified-title-or-event-name>.md
+```
+
+6. Validate the markdown before calling `sync_ai_ide_markdown`.
+7. If sync fails, leave the file on disk and report the failure clearly.
+
+## Why You Must Not Read Sibling Files
+
+Other markdown files in `vibereview/` may belong to different sessions, different workflows, or partially complete work. Reading them introduces drift and causes downstream extraction failures.
+
+Treat each VibeReview artifact as self-contained. The current artifact must be fully authorable from:
+
+- the current user request
+- the current session context
+- the threat model produced in this task
+- the exact guardrail shortlist preserved in context
+- the real code snippets touched in this task
+
+## Required Authoring Workflow
+
+### Step 1: Collect the required inputs
+
+Before writing the markdown, confirm you have:
+
+- a stable `chat_session_id`
+- a concise `summary`
+- either `title` or `event_name`
+- the exact existing guardrails shortlisted earlier
+- any `ide_generated` guardrails created during this task
+- grounded threat entries
+- grounded code snippets from actual files
+- exact OWASP Top 10 2025 mappings when applicable
+
+If any required field is missing, resolve it from current context before writing. Do not invent data.
+
+### Step 2: Write YAML frontmatter
+
+The frontmatter should use this shape:
+
+```yaml
+---
+chat_session_id: "cursor-chat-7f3b2f44-8c4d-4d4a-9f1e-2b6a4c91b201"
+workflow_name: "User Auth Hardening"
+workflow_description: "Security improvements for auth flow handling in the current IDE session"
+event_name: "Hardened AI IDE sync ingestion and workflow reuse"
+summary: "This change moved AI IDE sync handling to the server so workflow resolution and event creation happen deterministically after markdown upload. We enforced stable session identity, validated required event fields, and added structured extraction for threats, guardrails, secure code snippets, and OWASP mappings. The endpoint now accepts markdown, returns immediately, and continues processing in the background."
+external_id: "ai-ide-sync-2026-04-21-001"
+---
+```
+
+### Frontmatter rules
+
+- `chat_session_id` is required.
+- `summary` is required.
+- At least one of `event_name` or `title` is required.
+- `workflow_name` is optional.
+- `workflow_description` is optional.
+- `external_id` is optional.
+- If `workflow_name` is omitted, the server may derive it from the title.
+- Do not rely on `developer_name` or `developer_email` in markdown. The server ignores them when authenticated API identity exists.
+
+## Required Markdown Structure
+
+Use this top-level shape:
+
+```md
+# AI IDE Sync Event
+
+## Event Identity
+...
+
+## Summary
+...
+
+# Threats Mitigated
+...
+
+# Best Practices Achieved
+...
+
+# Secure Code Snippets
+...
+
+# Guardrails Applied
+...
+
+# OWASP Top 10 2025 Mappings
+...
+```
+
+The exact heading levels may vary slightly, but the section names should stay stable and obvious.
+
+## Event Identity Section
+
+Preferred structure:
+
+```md
+## Event Identity
+
+- chat_session_id: `cursor-chat-7f3b2f44-8c4d-4d4a-9f1e-2b6a4c91b201`
+- workflow_name: `User Auth Hardening`
+- event_name: `Hardened AI IDE sync ingestion and workflow reuse`
+- external_id: `ai-ide-sync-2026-04-21-001`
+```
+
+## Summary Section
+
+Repeat the summary in prose under `## Summary`.
+
+## Threats Mitigated Section
+
+Each threat entry must include:
+
+- `threat_name`
+- `pwnisms_category`
+- `severity`
+- `mitigation_applied`
+
+When code exists, include a `### Code Snippet` subsection with:
+
+- `file_path`
+- `language`
+- `explanation`
+- a fenced code block containing real code
+
+Preferred example:
+
+````md
+# Threats Mitigated
+
+## Threat 1
+
+- threat_name: Missing session identity can attach events to the wrong workflow
+- pwnisms_category: IAM
+- severity: High
+- mitigation_applied: The server now requires a stable `chat_session_id` and uses it to resolve or create the workflow before persisting the event.
+
+### Code Snippet
+
+- file_path: `app/api/external_ai_ide.py`
+- language: `python`
+- explanation: This prevents ambiguous workflow association and ensures repeated syncs from the same IDE chat session map to the same workflow.
+
+```python
+chat_session_id = str(
+    frontmatter.get("chat_session_id")
+    or extracted.chat_session_id
+    or ""
+).strip()
+
+if not chat_session_id:
+    raise ValueError("chat_session_id could not be resolved from markdown content")
+```
+````
+
+### Threat authoring rules
+
+- Keep each threat clearly separated.
+- Do not collapse multiple threats into one malformed block.
+- Always close fenced code blocks.
+- Never let prose spill into the next threat entry.
+- PWNISMS categories must be one of:
+  - `Product`
+  - `Workload`
+  - `Network`
+  - `IAM`
+  - `Secrets`
+  - `Monitoring`
+  - `Supply Chain`
+- Severity should be one of:
+  - `Critical`
+  - `High`
+  - `Medium`
+  - `Low`
+
+## Best Practices Achieved Section
+
+Use plain bullet items only:
+
+```md
+# Best Practices Achieved
+
+- Used a stable chat_session_id to deterministically reuse or create workflows.
+- Kept workflow and event creation on the server instead of relying on IDE-side orchestration.
+- Validated required event identity fields before persisting security review data.
+```
+
+Do not turn this into freeform paragraphs.
+
+## Secure Code Snippets Section
+
+Each snippet entry should include:
+
+- `file_path`
+- `language`
+- `explanation`
+- a fenced code block with real code
+
+Preferred example:
+
+````md
+# Secure Code Snippets
+
+## Snippet 1
+
+- file_path: `app/api/external_ai_ide.py`
+- language: `python`
+- explanation: This is security-relevant because it isolates background processing from the request lifecycle and ensures the authenticated developer identity is propagated server-side.
+
+```python
+async def _process_ai_ide_markdown_ingestion(
+    *,
+    project_id: int,
+    ingestion_id: str,
+    filename: str,
+    markdown_text: str,
+    developer_name: str,
+    developer_email: str,
+) -> None:
+    logger.info(
+        "Starting AI IDE markdown ingestion %s for project %s",
+        ingestion_id,
+        project_id,
+    )
+```
+````
+
+### Secure snippet rules
+
+- Snippets must be real code, not invented examples.
+- Prefer snippets already cited in threat mitigations when they are strongly relevant.
+- Use fenced code blocks.
+- Keep snippets focused and bounded.
+
+## Guardrails Applied Section
+
+Each guardrail entry must include:
+
+- `title`
+- `rule_type`
+- `category`
+- `instruction`
+- `source`
+- `satisfied`
+- `notes`
+
+Preferred example:
+
+```md
+# Guardrails Applied
+
+## Guardrail 1
+
+- title: Require stable AI IDE session identity
+- rule_type: must
+- category: Identity
+- instruction: Every AI IDE sync markdown must include a stable chat_session_id so workflow association is deterministic.
+- source: existing
+- satisfied: true
+- notes: Enforced during markdown ingestion before workflow lookup or workflow creation.
+```
+
+### Guardrail rules
+
+- `rule_type` must be `must` or `must_not`.
+- `source` must be `existing` or `ide_generated`.
+- `satisfied` must be `true` or `false`.
+- Do not drop shortlisted existing guardrails even when unsatisfied.
+- If a guardrail was not fully satisfied, keep it and explain why in `notes`.
+
+## OWASP Top 10 2025 Mappings Section
+
+Use exact IDs and names. Preferred structures:
+
+```md
+# OWASP Top 10 2025 Mappings
+
+- A07: Authentication Failures
+- A06: Insecure Design
+- A10: Mishandling of Exceptional Conditions
+```
+
+or
+
+```md
+# OWASP Top 10 2025 Mappings
+
+- category_id: A07
+  category_name: Authentication Failures
+- category_id: A06
+  category_name: Insecure Design
+```
+
+Allowed values:
+
+- `A01` Broken Access Control
+- `A02` Security Misconfiguration
+- `A03` Software Supply Chain Failures
+- `A04` Cryptographic Failures
+- `A05` Injection
+- `A06` Insecure Design
+- `A07` Authentication Failures
+- `A08` Software or Data Integrity Failures
+- `A09` Security Logging and Alerting Failures
+- `A10` Mishandling of Exceptional Conditions
+
+## Validation Checklist Before Sync
+
+Before calling `sync_ai_ide_markdown`, verify all of the following:
+
+- The file is under `vibereview/`.
+- You did not read sibling markdown files in `vibereview/`.
+- `chat_session_id` exists in frontmatter.
+- `summary` exists in frontmatter.
+- `event_name` or `title` exists in frontmatter.
+- The `Event Identity` section exists.
+- The `Summary` section exists.
+- The `Threats Mitigated` section exists.
+- The `Best Practices Achieved` section exists.
+- The `Secure Code Snippets` section exists.
+- The `Guardrails Applied` section exists.
+- The `OWASP Top 10 2025 Mappings` section exists.
+- Every threat entry is structurally complete.
+- Every code fence is closed.
+- Every snippet is grounded in real code.
+- Every guardrail entry is structurally complete.
+- OWASP IDs and names are exact.
+
+## Final Step
+
+After validation:
+
+1. Save the markdown artifact under `vibereview/`.
+2. Call `sync_ai_ide_markdown` directly with that file's contents or path, depending on the tool interface exposed by the host.
+3. If sync succeeds, report success briefly.
+4. If sync fails, report failure clearly and leave the markdown artifact intact for retry.

package/src/generators/rules/vscode.js

@@ -1,12 +1,12 @@
-import { existsSync } from 'node:fs';
+import { existsSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import {
-    CTM_SYNC_AGENT_REL_PATH,
     GUARDRAILS_SELECTION_SKILL_REL_DIR,
     THREAT_MODELLING_SKILL_REL_DIR,
+    VIBEREVIEW_SYNC_SKILL_REL_DIR,
 } from '../../utils/constants.js';
 import { upsertSentinelBlock, writeText } from '../../utils/fs-helpers.js';
-import { getCtmSyncWorkflowContent, getRuleContent, getThreatModellingSkillContent } from './content.js';
+import { getRuleContent, getThreatModellingSkillContent, getVibeReviewSyncSkillContent } from './content.js';
 
 function writeGeneratedText(filePath, content) {
     const action = existsSync(filePath) ? 'updated' : 'created';
@@ -14,6 +14,14 @@ function writeGeneratedText(filePath, content) {
     return { filePath, action };
 }
 
+function removeGeneratedText(filePath) {
+    if (existsSync(filePath)) {
+        unlinkSync(filePath);
+        return { filePath, action: 'deleted' };
+    }
+    return null;
+}
+
 function getCopilotSessionHookContent() {
     const additionalContext = [
         '## MANDATORY SECURITY GATE (Session Policy)',
@@ -23,9 +31,9 @@ function getCopilotSessionHookContent() {
         '1. Fetch Vibe Guardrails first using .github/skills/guardrails-selection/SKILL.md. Resolve the project, call get_guardrails, shortlist relevant guardrails, then call get_guardrail_by_id for the shortlist.',
         '2. Run PWNISMS threat modelling using .github/skills/threat-modelling/SKILL.md. Explicitly walk Product, Workload, Network, IAM, Secrets, Monitoring, and Supply Chain.',
         '3. Implement secure code using both the hydrated guardrails and PWNISMS findings.',
-        '4. Run the ctm_sync custom agent using .github/agents/ctm_sync.agent.md after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during CTM sync. The agent should write a structured .md sync artifact and upload it with sync_ai_ide_markdown.',
+        '4. Read .github/skills/vibereview-sync/SKILL.md. Write a structured .md artifact under vibereview/, do not read sibling markdown files there just to infer format, validate it, and call sync_ai_ide_markdown directly after threat modelling or guardrail enforcement. Reuse the exact guardrail shortlist; do not re-query guardrails during the final sync.',
         '',
-        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, ctm_sync last.',
+        'Do not use project-profile exploration tools during normal coding tasks. No blocking and no deferral: guardrails first, PWNISMS second, implementation third, VibeReview sync last.',
     ].join('\n');
 
     const commandPayload = JSON.stringify({
@@ -60,7 +68,7 @@ export function generate(cwd, options = {}) {
         ...options,
         guardrailsSelectionSkillDir: GUARDRAILS_SELECTION_SKILL_REL_DIR.vscode,
         threatModellingSkillDir: THREAT_MODELLING_SKILL_REL_DIR.vscode,
-        ctmSyncAgentPath: CTM_SYNC_AGENT_REL_PATH.vscode,
+        vibereviewSyncSkillDir: VIBEREVIEW_SYNC_SKILL_REL_DIR.vscode,
     };
     const filePath = join(cwd, '.github', 'copilot-instructions.md');
     const content = getRuleContent(optionsWithSkillDirs);
@@ -72,19 +80,22 @@ export function generate(cwd, options = {}) {
         getThreatModellingSkillContent(optionsWithSkillDirs),
     );
 
-    const ctmSyncAgentPath = join(cwd, CTM_SYNC_AGENT_REL_PATH.vscode);
-    const ctmSyncAgent = writeGeneratedText(
-        ctmSyncAgentPath,
-        getCtmSyncWorkflowContent(optionsWithSkillDirs),
+    const vibereviewSyncSkillPath = join(cwd, VIBEREVIEW_SYNC_SKILL_REL_DIR.vscode, 'SKILL.md');
+    const vibereviewSyncSkill = writeGeneratedText(
+        vibereviewSyncSkillPath,
+        getVibeReviewSyncSkillContent(optionsWithSkillDirs),
     );
 
+    const deletedLegacyAgent = removeGeneratedText(join(cwd, '.github', 'agents', 'ctm_sync.agent.md'));
+
     const hooksPath = join(cwd, '.github', 'hooks', 'srai-session-policy.json');
     const hooks = writeGeneratedText(hooksPath, getCopilotSessionHookContent());
 
     return [
         { filePath, action, kind: 'rule' },
         { ...threatSkill, kind: 'skill' },
-        { ...ctmSyncAgent, kind: 'agent' },
+        { ...vibereviewSyncSkill, kind: 'skill' },
         { ...hooks, kind: 'hooks' },
+        ...(deletedLegacyAgent ? [{ ...deletedLegacyAgent, kind: 'cleanup' }] : []),
     ];
 }

package/src/generators/rules/vscode.test.js

@@ -5,7 +5,7 @@ import { test } from 'node:test';
 import assert from 'node:assert/strict';
 import { generate } from './vscode.js';
 
-test('VS Code Copilot generator writes instructions, skills, agent, and hooks', () => {
+test('VS Code Copilot generator writes instructions, skills, and hooks', () => {
     const cwd = mkdtempSync(join(tmpdir(), 'securityreview-kit-vscode-'));
 
     const results = generate(cwd, { projectName: 'SmokeProject' });
@@ -13,7 +13,7 @@ test('VS Code Copilot generator writes instructions, skills, agent, and hooks',
     const expectedPaths = [
         '.github/copilot-instructions.md',
         '.github/skills/threat-modelling/SKILL.md',
-        '.github/agents/ctm_sync.agent.md',
+        '.github/skills/vibereview-sync/SKILL.md',
         '.github/hooks/srai-session-policy.json',
     ];
 
@@ -21,29 +21,32 @@ test('VS Code Copilot generator writes instructions, skills, agent, and hooks',
         assert.equal(existsSync(join(cwd, relPath)), true, `${relPath} should exist`);
     }
 
-    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'agent', 'hooks']);
+    assert.deepEqual(results.map((entry) => entry.kind), ['rule', 'skill', 'skill', 'hooks']);
 
     const instructions = readFileSync(join(cwd, '.github/copilot-instructions.md'), 'utf8');
     assert.match(instructions, /\.github\/skills\/guardrails-selection\/SKILL\.md/);
     assert.match(instructions, /\.github\/skills\/threat-modelling\/SKILL\.md/);
-    assert.match(instructions, /\.github\/agents\/ctm_sync\.agent\.md/);
+    assert.match(instructions, /\.github\/skills\/vibereview-sync\/SKILL\.md/);
+    assert.match(instructions, /sync_ai_ide_markdown/);
+    assert.match(instructions, /vibereview\//);
     assert.doesNotMatch(instructions, /\.cursor/);
 
     const threatSkill = readFileSync(join(cwd, '.github/skills/threat-modelling/SKILL.md'), 'utf8');
     for (const heading of ['Product', 'Workload', 'Network', 'IAM', 'Secrets', 'Monitoring', 'Supply Chain']) {
         assert.match(threatSkill, new RegExp(heading));
     }
-    assert.match(threatSkill, /\.github\/agents\/ctm_sync\.agent\.md/);
+    assert.match(threatSkill, /sync_ai_ide_markdown/);
+    assert.match(threatSkill, /vibereview\//);
     assert.doesNotMatch(threatSkill, /get_project_profile_description/);
 
-    const agent = readFileSync(join(cwd, '.github/agents/ctm_sync.agent.md'), 'utf8');
-    assert.match(agent, /Configured SRAI project name: `SmokeProject`/);
-    assert.match(agent, /sync_ai_ide_markdown/);
-    assert.match(agent, /structured markdown artifact/i);
-    assert.match(agent, /OWASP Top 10 2025 Mappings/);
-    assert.match(agent, /vibereview\//);
-    assert.doesNotMatch(agent, /Call `create_ai_ide_event` with/i);
+    const vibereviewSkill = readFileSync(join(cwd, '.github/skills/vibereview-sync/SKILL.md'), 'utf8');
+    assert.match(vibereviewSkill, /Do not read other/i);
+    assert.match(vibereviewSkill, /sync_ai_ide_markdown/);
+    assert.match(vibereviewSkill, /Guardrails Applied/);
 
     const hooks = JSON.parse(readFileSync(join(cwd, '.github/hooks/srai-session-policy.json'), 'utf8'));
     assert.equal(hooks.hooks.SessionStart[0].type, 'command');
+    assert.match(hooks.hooks.SessionStart[0].command, /vibereview/);
+    assert.match(hooks.hooks.SessionStart[0].command, /sync_ai_ide_markdown/);
+    assert.match(hooks.hooks.SessionStart[0].command, /vibereview-sync\/SKILL\.md/);
 });