@vigolium/piolium 0.0.1

package/skills/zeroize-audit/workflows/phase-1-source-analysis.md

@@ -0,0 +1,144 @@
+# Phase 1 — MCP Resolution and Source Analysis
+
+## Preconditions
+
+- Phase 0 complete: `orchestrator-state.json` exists with `phases.0.status = "complete"`
+- `{workdir}/preflight.json` exists
+- `{workdir}/merged-config.yaml` exists
+
+## Instructions
+
+### Wave 1 — MCP Resolver
+
+Skip if `mcp_mode=off` or `routing.mcp_available=false` or `language_mode=rust` (MCP is C/C++ only).
+
+Write agent inputs to `{workdir}/agent-inputs/mcp-resolver.json`:
+
+```json
+{
+  "sensitive_candidates": "<from preflight.json sensitive_candidates>"
+}
+```
+
+Spawn agent `1-mcp-resolver` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `repo_root` | `{{path}}` |
+| `compile_db` | `{{compile_db}}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `input_file` | `{workdir}/agent-inputs/mcp-resolver.json` |
+| `mcp_timeout_ms` | `{{mcp_timeout_ms}}` |
+
+**After completion**: Read `{workdir}/mcp-evidence/status.json`.
+
+- If `status=failed` and `mcp_mode=require`: **stop the run**.
+- If `status=failed` and `mcp_mode=prefer`: set `mcp_available=false`.
+- If `status=partial` or `status=success`: set `mcp_available=true`.
+
+### Wave 2a — Source Analyzer (C/C++ only)
+
+Skip if `language_mode=rust`.
+
+Write agent inputs to `{workdir}/agent-inputs/source-analyzer.json`:
+
+```json
+{
+  "tu_list": "<from preflight.json tu_list>"
+}
+```
+
+Spawn agent `2-source-analyzer` via `Task` **in the same message as Wave 2b** (parallel launch):
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `repo_root` | `{{path}}` |
+| `compile_db` | `{{compile_db}}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `input_file` | `{workdir}/agent-inputs/source-analyzer.json` |
+| `mcp_available` | Result from Wave 1 |
+| `languages` | `{{languages}}` |
+| `max_tus` | `{{max_tus}}` |
+
+### Wave 2b — Rust Source Analyzer (Rust only)
+
+Skip if `language_mode=c`.
+
+Spawn agent `2b-rust-source-analyzer` via `Task` **in the same message as Wave 2a** (parallel launch):
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `repo_root` | `{{path}}` |
+| `cargo_manifest` | `{{cargo_manifest}}` |
+| `rust_crate_root` | From `preflight.json` |
+| `rust_tu_hash` | From `preflight.json` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `baseDir` | `{baseDir}` |
+
+The `2b-rust-source-analyzer` agent must:
+
+1. Attempt rustdoc JSON generation:
+   ```bash
+   cargo +nightly rustdoc --manifest-path <cargo_manifest> \
+     --document-private-items -- -Z unstable-options --output-format json
+   ```
+   If this fails, warn and skip — proceed with source grep only.
+2. Run semantic audit (if rustdoc JSON succeeded):
+   ```bash
+   uv run {baseDir}/tools/scripts/semantic_audit.py \
+     --rustdoc target/doc/<crate>.json \
+     --cargo-toml <cargo_manifest> \
+     --out {workdir}/source-analysis/rust-semantic-findings.json
+   ```
+3. Run dangerous API scan:
+   ```bash
+   uv run {baseDir}/tools/scripts/find_dangerous_apis.py \
+     --src <rust_crate_root>/src \
+     --out {workdir}/source-analysis/rust-dangerous-api-findings.json
+   ```
+4. Merge outputs into `{workdir}/source-analysis/sensitive-objects.json` (Rust `SO-NNNN` IDs with offset 5000+), `{workdir}/source-analysis/source-findings.json` (IDs `F-RUST-SRC-NNNN`), and `{workdir}/source-analysis/tu-map.json` (adding `{"<cargo_manifest>": "<rust_tu_hash>"}`).
+5. Write `{workdir}/source-analysis/rust-notes.md` summarizing findings and any skipped steps.
+
+**After both Wave 2a and Wave 2b complete**: Read `{workdir}/source-analysis/tu-map.json`.
+
+- If empty (`{}`): no sensitive objects found. Skip to Phase 6 (empty report).
+- Determine entry classes in `tu-map.json`:
+  - **C/C++ entry**: key is a source file path from `compile_commands.json` (typically `.c`, `.cc`, `.cpp`, `.cxx`).
+  - **Rust entry**: key is the `cargo_manifest` path (`.../Cargo.toml`).
+- If no C/C++ entries: skip Wave 3 in Phase 2.
+- If no Rust entry: skip Wave 3R in Phase 2.
+- Otherwise: proceed to Phase 2.
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 1,
+  "routing": {
+    "mcp_available": "<updated value>",
+    "tu_count": "<count of TUs in tu-map.json>"
+  },
+  "phases": {
+    "1": {"status": "complete", "output": "source-analysis/tu-map.json"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| MCP resolver fails + `mcp_mode=require` | Stop the run |
+| MCP resolver fails + `mcp_mode=prefer` | Continue with `mcp_available=false` |
+| Source analyzer (C/C++) fails | Stop C/C++ analysis — no sensitive object list for C/C++ TUs |
+| Rust source analyzer fails | Stop Rust analysis — log failure, continue if C/C++ analysis is also running |
+| No sensitive objects found | Skip Phases 2–5, jump to Phase 6 for empty report |
+
+## Next Phase
+
+Phase 2 — Compiler Analysis (if `tu-map.json` is non-empty)

package/skills/zeroize-audit/workflows/phase-2-compiler-analysis.md

@@ -0,0 +1,139 @@
+# Phase 2 — Compiler Analysis
+
+## Preconditions
+
+- Phase 1 complete: `tu-map.json` is non-empty
+- `{workdir}/source-analysis/sensitive-objects.json` exists
+- `{workdir}/source-analysis/source-findings.json` exists
+
+## Instructions
+
+### Wave 3 — TU Compiler Analyzers (C/C++ only, N parallel)
+
+Skip if `language_mode=rust` or `tu-map.json` has no C/C++ entries.
+
+For each C/C++ TU in `{workdir}/source-analysis/tu-map.json`:
+
+1. Create output directory:
+   ```bash
+   mkdir -p {workdir}/compiler-analysis/<tu_hash>
+   ```
+
+2. Write per-TU agent input to `{workdir}/agent-inputs/tu-<tu_hash>.json`:
+   ```json
+   {
+     "sensitive_objects": "<subset of sensitive-objects.json matching this TU>",
+     "source_findings": "<subset of source-findings.json matching this TU>"
+   }
+   ```
+
+3. Spawn agent `3-tu-compiler-analyzer` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `tu_source` | Source file path (from tu-map key) |
+| `tu_hash` | TU hash (from tu-map value) |
+| `compile_db` | `{{compile_db}}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `input_file` | `{workdir}/agent-inputs/tu-<tu_hash>.json` |
+| `opt_levels` | `{{opt_levels}}` |
+| `enable_asm` | `{{enable_asm}}` |
+| `enable_semantic_ir` | `{{enable_semantic_ir}}` |
+| `enable_cfg` | `{{enable_cfg}}` |
+| `baseDir` | `{baseDir}` |
+
+Launch TU agents in parallel using multiple `Task` calls in a single message. **Batching**: if the TU count exceeds 15, launch in batches of 10–15; wait for each batch before launching the next.
+
+**After all TU agents complete**: Verify `{workdir}/compiler-analysis/<tu_hash>/ir-findings.json` exists for each TU. Log any failed TUs but continue.
+
+### Wave 3R — Rust Compiler Analyzer (single agent)
+
+Skip if any of the following are true:
+- `language_mode=c`
+- `tu-map.json` has no Rust entry (manifest key `.../Cargo.toml`)
+- `sensitive-objects.json` is missing or empty
+- `sensitive-objects.json` has no Rust objects (IDs `SO-5NNN` / `SO-5000+`)
+
+Spawn agent `3b-rust-compiler-analyzer` via `Task` (after Wave 3 completes or is skipped):
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `cargo_manifest` | `{{cargo_manifest}}` |
+| `rust_crate_root` | From `preflight.json` |
+| `rust_tu_hash` | From `preflight.json` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `opt_levels` | `{{opt_levels}}` |
+| `enable_asm` | `{{enable_asm}}` |
+| `input_file` | `{workdir}/agent-inputs/rust-compiler.json` (write Rust-subset of sensitive-objects and source-findings before spawn) |
+| `baseDir` | `{baseDir}` |
+
+The `3b-rust-compiler-analyzer` agent must run these steps in order. On step failures, write status-bearing error objects to the affected output file(s) and continue.
+
+**Step A — MIR analysis:**
+```bash
+{baseDir}/tools/emit_rust_mir.sh --manifest <cargo_manifest> --lib --opt O0 \
+  --out {workdir}/rust-compiler-analysis/<rust_tu_hash>.mir
+uv run {baseDir}/tools/scripts/check_mir_patterns.py \
+  --mir {workdir}/rust-compiler-analysis/<rust_tu_hash>.mir \
+  --secrets {workdir}/source-analysis/sensitive-objects.json \
+  --out {workdir}/rust-compiler-analysis/mir-findings.json
+```
+
+**Step B — LLVM IR analysis (O0 vs O2):**
+```bash
+{baseDir}/tools/emit_rust_ir.sh --manifest <cargo_manifest> --lib --opt O0 \
+  --out {workdir}/rust-compiler-analysis/<rust_tu_hash>.O0.ll
+{baseDir}/tools/emit_rust_ir.sh --manifest <cargo_manifest> --lib --opt O2 \
+  --out {workdir}/rust-compiler-analysis/<rust_tu_hash>.O2.ll
+uv run {baseDir}/tools/scripts/check_llvm_patterns.py \
+  --o0 {workdir}/rust-compiler-analysis/<rust_tu_hash>.O0.ll \
+  --o2 {workdir}/rust-compiler-analysis/<rust_tu_hash>.O2.ll \
+  --out {workdir}/rust-compiler-analysis/ir-findings.json
+```
+
+**Step C — Assembly analysis** (skip if `enable_asm=false` or `emit_rust_asm.sh` missing):
+```bash
+{baseDir}/tools/emit_rust_asm.sh --manifest <cargo_manifest> --lib --opt O2 \
+  --out {workdir}/rust-compiler-analysis/<rust_tu_hash>.O2.s
+uv run {baseDir}/tools/scripts/check_rust_asm.py \
+  --asm {workdir}/rust-compiler-analysis/<rust_tu_hash>.O2.s \
+  --secrets {workdir}/source-analysis/sensitive-objects.json \
+  --out {workdir}/rust-compiler-analysis/asm-findings.json
+```
+
+If assembly tools are missing, write `[]` to `asm-findings.json`.
+
+IR finding IDs: `F-RUST-IR-NNNN`. MIR finding IDs: `F-RUST-MIR-NNNN`. Assembly finding IDs: `F-RUST-ASM-NNNN`.
+
+Write `{workdir}/rust-compiler-analysis/notes.md` summarizing all steps, any failures, and key observations.
+
+**After Wave 3R completes**: Verify `mir-findings.json`, `ir-findings.json`, and `asm-findings.json` exist under `{workdir}/rust-compiler-analysis/`. Log if missing, continue.
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 2,
+  "phases": {
+    "2": {"status": "complete", "tus_succeeded": "<N>", "tus_failed": "<N>"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| One TU agent (C/C++) fails | Continue with remaining TUs |
+| All TU agents (C/C++) fail | Proceed — report assembler produces source-only report |
+| Rust compiler analyzer (Wave 3R) fails | Log failure, continue — report assembler handles missing `rust-compiler-analysis/` |
+| `emit_rust_asm.sh` missing | Write `[]` to `asm-findings.json`, continue — assembly findings skipped |
+| MIR or IR emission fails | Write `[]` to that step's output, continue with remaining steps |
+
+## Next Phase
+
+Phase 3 — Interim Report

package/skills/zeroize-audit/workflows/phase-3-interim-report.md

@@ -0,0 +1,46 @@
+# Phase 3 — Interim Finding Collection
+
+## Preconditions
+
+- Phase 2 complete (or skipped if no compiler analysis needed)
+
+## Instructions
+
+Spawn agent `4-report-composer` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `mcp_available` | From `orchestrator-state.json` routing |
+| `mcp_required_for_advanced` | `{{mcp_required_for_advanced}}` |
+| `baseDir` | `{baseDir}` |
+| `mode` | `interim` |
+
+**After completion**: Verify `{workdir}/report/findings.json` exists. Count findings. If the findings array is empty, skip to Phase 6 for an empty report.
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 3,
+  "routing": {
+    "finding_count": "<count from findings.json>"
+  },
+  "phases": {
+    "3": {"status": "complete", "output": "report/findings.json"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| Report assembler fails | Surface error to user |
+
+## Next Phase
+
+Phase 4 — PoC Generation (if `finding_count > 0`)

package/skills/zeroize-audit/workflows/phase-4-poc-generation.md

@@ -0,0 +1,46 @@
+# Phase 4 — PoC Generation
+
+## Preconditions
+
+- Phase 3 complete: `{workdir}/report/findings.json` exists with at least one finding
+
+## Instructions
+
+Spawn agent `5-poc-generator` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `compile_db` | `{{compile_db}}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `final_report` | `{workdir}/report/findings.json` |
+| `poc_categories` | `{{poc_categories}}` |
+| `poc_output_dir` | `{{poc_output_dir}}` or `{workdir}/poc/` |
+| `baseDir` | `{baseDir}` |
+
+The agent reads each finding and the corresponding source code, then crafts a bespoke PoC program tailored to the specific vulnerability. Each PoC is individually written — not generated from templates.
+
+**After completion**: Verify `{workdir}/poc/poc_manifest.json` exists and contains an entry for each finding.
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 4,
+  "phases": {
+    "4": {"status": "complete", "output": "poc/poc_manifest.json"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| PoC generator fails | Pipeline stalls — surface error to user |
+
+## Next Phase
+
+Phase 5 — PoC Validation & Verification

package/skills/zeroize-audit/workflows/phase-5-poc-validation.md

@@ -0,0 +1,136 @@
+# Phase 5 — PoC Validation & Verification
+
+## Preconditions
+
+- Phase 4 complete: `{workdir}/poc/poc_manifest.json` exists
+
+## Instructions
+
+### Step 5a — Compile and Run All PoCs (agent)
+
+Spawn agent `5b-poc-validator` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+
+**After completion**: Read `{workdir}/poc/poc_validation_results.json`.
+
+If the agent fails, fall back to compiling and running PoCs inline:
+
+```bash
+cd {workdir}/poc && make <makefile_target>
+./<makefile_target>
+echo "Exit code: $?"
+```
+
+### Step 5b — Verify PoCs Prove Their Claims (agent)
+
+Spawn agent `5c-poc-verifier` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `validation_results` | `{workdir}/poc/poc_validation_results.json` |
+
+The verifier reads each PoC source file, the corresponding finding, and the original source code to check that the PoC actually tests the claimed vulnerability. It verifies:
+- Target variable and function match the finding
+- Verification technique is appropriate for the finding category
+- Optimization level is correct
+- Exit code interpretation is not inverted
+- Results are plausible given the finding evidence
+
+**After completion**: Read `{workdir}/poc/poc_verification.json`.
+
+### Step 5c — Present Verification Failures to User
+
+Read `{workdir}/poc/poc_verification.json`. For any PoC with `verified: false`:
+
+1. Use `Read` to show the PoC source file.
+2. Present to the user via `AskUserQuestion` with:
+   - Finding ID and category
+   - PoC file path
+   - Which verification checks failed and why
+   - The verifier's notes
+   - The PoC's runtime result (from `poc_validation_results.json`)
+
+3. Ask the user whether to:
+   - **Accept anyway**: Trust the PoC result despite verification failure
+   - **Reject**: Discard the PoC result (treat as `no_poc` for this finding)
+
+**Block until the user responds for each failed PoC.**
+
+### Step 5d — Merge Results
+
+Combine validation results (from `poc_validation_results.json`), verification results (from `poc_verification.json`), and user decisions (from Step 5c).
+
+Write `{workdir}/poc/poc_final_results.json`:
+
+```json
+{
+  "timestamp": "<ISO-8601>",
+  "results": [
+    {
+      "finding_id": "ZA-0001",
+      "category": "MISSING_SOURCE_ZEROIZE",
+      "poc_file": "poc_za_0001_missing_source_zeroize.c",
+      "compile_success": true,
+      "exit_code": 0,
+      "validation_result": "exploitable",
+      "verification": {
+        "verified": true,
+        "checks": { "...": "pass" },
+        "notes": "PoC correctly targets session_key in handle_key()"
+      }
+    },
+    {
+      "finding_id": "ZA-0003",
+      "category": "OPTIMIZED_AWAY_ZEROIZE",
+      "poc_file": "poc_za_0003_optimized_away_zeroize.c",
+      "compile_success": true,
+      "exit_code": 1,
+      "validation_result": "rejected",
+      "verification": {
+        "verified": false,
+        "checks": { "optimization_level": "fail" },
+        "notes": "Compiled at -O0 but wipe disappears at -O2. User rejected PoC result."
+      }
+    }
+  ]
+}
+```
+
+Validation result mapping:
+
+- `compile_success=true, exit_code=0, verified=true` → `"exploitable"`
+- `compile_success=true, exit_code=1, verified=true` → `"not_exploitable"`
+- `compile_success=true, verified=false, user accepted` → original result (`"exploitable"` or `"not_exploitable"`)
+- `compile_success=true, verified=false, user rejected` → `"rejected"`
+- `compile_success=false` → `"compile_failure"`
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 5,
+  "phases": {
+    "5": {"status": "complete", "output": "poc/poc_final_results.json"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| Validator agent fails | Fall back to inline compilation for all PoCs |
+| Verifier agent fails | Skip verification, use validation results only (warn in report) |
+| Individual PoC compile failure | Record in results, continue with others |
+
+## Next Phase
+
+Phase 6 — Final Report

package/skills/zeroize-audit/workflows/phase-6-final-report.md

@@ -0,0 +1,44 @@
+# Phase 6 — Report Finalization
+
+## Preconditions
+
+- Phase 5 complete (or skipped if zero findings): `poc_final_results.json` exists or findings are empty
+
+## Instructions
+
+Spawn agent `4-report-composer` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `mcp_available` | From `orchestrator-state.json` routing |
+| `mcp_required_for_advanced` | `{{mcp_required_for_advanced}}` |
+| `baseDir` | `{baseDir}` |
+| `mode` | `final` |
+| `poc_results` | `{workdir}/poc/poc_final_results.json` |
+
+**After completion**: Verify `{workdir}/report/final-report.md` and updated `{workdir}/report/findings.json` exist.
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 6,
+  "phases": {
+    "6": {"status": "complete", "output": "report/final-report.md"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| Report assembler fails | Surface error to user |
+
+## Next Phase
+
+Phase 7 — Test Generation (if `enable_runtime_tests=true` and `finding_count > 0`)

package/skills/zeroize-audit/workflows/phase-7-test-generation.md

@@ -0,0 +1,42 @@
+# Phase 7 — Test Generation
+
+## Preconditions
+
+- Phase 6 complete
+- `enable_runtime_tests=true`
+- Finding count > 0
+
+## Instructions
+
+Spawn agent `6-test-generator` via `Task` with:
+
+| Parameter | Value |
+|---|---|
+| `workdir` | `{workdir}` |
+| `compile_db` | `{{compile_db}}` |
+| `config_path` | `{workdir}/merged-config.yaml` |
+| `final_report` | `{workdir}/report/findings.json` |
+| `baseDir` | `{baseDir}` |
+
+## State Update
+
+Update `orchestrator-state.json`:
+
+```json
+{
+  "current_phase": 7,
+  "phases": {
+    "7": {"status": "complete", "output": "tests/"}
+  }
+}
+```
+
+## Error Handling
+
+| Failure | Behavior |
+|---|---|
+| Test generator fails | Report is still available without tests |
+
+## Next Phase
+
+Phase 8 — Return Results (handled inline by dispatcher)

package/themes/piolium-srcery.json

@@ -0,0 +1,94 @@
+{
+	"$schema": "https://raw.githubusercontent.com/badlogic/pi-mono/main/packages/coding-agent/src/modes/interactive/theme/theme-schema.json",
+	"name": "piolium-srcery",
+	"vars": {
+		"bg": "#1c1b19",
+		"fg": "#fce8c3",
+		"black": "#1c1b19",
+		"red": "#ef2f27",
+		"green": "#519f50",
+		"yellow": "#fbb829",
+		"blue": "#2c78bf",
+		"magenta": "#e02c6d",
+		"cyan": "#0aaeb3",
+		"white": "#baa67f",
+		"brblack": "#918175",
+		"brred": "#f75341",
+		"brgreen": "#98bc37",
+		"bryellow": "#fed06e",
+		"brblue": "#68a8e4",
+		"brmagenta": "#ff5c8f",
+		"brcyan": "#2be4d0",
+		"brwhite": "#fce8c3",
+		"selectedBg": "#3a3328",
+		"userMsgBg": "#26231f",
+		"customMsgBg": "#24211e",
+		"toolPendingBg": "#24231f",
+		"toolSuccessBg": "#1f2a1d",
+		"toolErrorBg": "#2f1d1b"
+	},
+	"colors": {
+		"accent": "yellow",
+		"border": "blue",
+		"borderAccent": "cyan",
+		"borderMuted": "brblack",
+		"success": "brgreen",
+		"error": "red",
+		"warning": "bryellow",
+		"muted": "white",
+		"dim": "brblack",
+		"text": "fg",
+		"thinkingText": "white",
+
+		"selectedBg": "selectedBg",
+		"userMessageBg": "userMsgBg",
+		"userMessageText": "fg",
+		"customMessageBg": "customMsgBg",
+		"customMessageText": "fg",
+		"customMessageLabel": "yellow",
+		"toolPendingBg": "toolPendingBg",
+		"toolSuccessBg": "toolSuccessBg",
+		"toolErrorBg": "toolErrorBg",
+		"toolTitle": "brcyan",
+		"toolOutput": "white",
+
+		"mdHeading": "bryellow",
+		"mdLink": "brblue",
+		"mdLinkUrl": "white",
+		"mdCode": "brcyan",
+		"mdCodeBlock": "fg",
+		"mdCodeBlockBorder": "brblack",
+		"mdQuote": "white",
+		"mdQuoteBorder": "brblack",
+		"mdHr": "brblack",
+		"mdListBullet": "yellow",
+
+		"toolDiffAdded": "brgreen",
+		"toolDiffRemoved": "brred",
+		"toolDiffContext": "white",
+
+		"syntaxComment": "brblack",
+		"syntaxKeyword": "magenta",
+		"syntaxFunction": "brblue",
+		"syntaxVariable": "fg",
+		"syntaxString": "brgreen",
+		"syntaxNumber": "bryellow",
+		"syntaxType": "brcyan",
+		"syntaxOperator": "yellow",
+		"syntaxPunctuation": "white",
+
+		"thinkingOff": "brblack",
+		"thinkingMinimal": "white",
+		"thinkingLow": "blue",
+		"thinkingMedium": "cyan",
+		"thinkingHigh": "brblue",
+		"thinkingXhigh": "brblue",
+
+		"bashMode": "yellow"
+	},
+	"export": {
+		"pageBg": "#1c1b19",
+		"cardBg": "#24211e",
+		"infoBg": "#3a3328"
+	}
+}