@windagency/valora 2.2.0 → 2.3.0

package/README.md

@@ -17,7 +17,7 @@
 </p>
 
 <p align="center">
-  <img src="https://img.shields.io/badge/version-2.2.0-blue?style=flat-square" alt="Version" />
+  <img src="https://img.shields.io/badge/version-2.3.0-blue?style=flat-square" alt="Version" />
   <img src="https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen?style=flat-square&logo=node.js" alt="Node" />
   <img src="https://img.shields.io/badge/typescript-5.x-3178c6?style=flat-square&logo=typescript" alt="TypeScript" />
   <img src="https://img.shields.io/badge/license-MIT-green?style=flat-square" alt="License" />
@@ -28,6 +28,7 @@
   <img src="https://img.shields.io/badge/OpenAI-GPT--5-412991?style=flat-square" alt="OpenAI" />
   <img src="https://img.shields.io/badge/Google-Gemini-4285f4?style=flat-square" alt="Google" />
   <img src="https://img.shields.io/badge/Cursor-MCP-000000?style=flat-square" alt="Cursor" />
+  <img src="https://img.shields.io/badge/Local-LLM-34d399?style=flat-square" alt="Local" />
 </p>
 
 ---
@@ -78,8 +79,10 @@ Flexible execution modes for every use case:
 | 1    | MCP Sampling      | Free\*      |
 | 2    | Guided Completion | Free        |
 | 3    | API Fallback      | Pay-per-use |
+| 3    | Local Models      | Free\*\*    |
 
 _\*When available in Cursor_
+_\*\*Requires a running local model server (e.g. Ollama)_
 
 **Zero configuration required** — works immediately with your Cursor subscription.
 
@@ -107,12 +110,12 @@ Strategic AI model assignment for cost efficiency:
 
 Enterprise-grade security controls:
 
-- **Supply Chain Hardening** — Frozen lockfile, blocked install scripts, vulnerability overrides, Dependabot
-- **User Approval Flow** — Interactive consent before connections
-- **Risk Assessment** — Low/Medium/High/Critical classification
-- **Tool Filtering** — Allowlist and blocklist per server
-- **Audit Logging** — Complete operation trail
-- **Session Caching** — Remember approvals per session
+- **Credential Guard** — Env var redaction, output scanning, sensitive file blocking
+- **Command Guard** — Blocks exfiltration, network, eval, and remote access patterns
+- **Prompt Injection Detection** — Risk-scored scanning of tool results with quarantine/redaction
+- **MCP Hardening** — Tool definition validation, tool-set drift detection, approval workflows
+- **Supply Chain Hardening** — Frozen lockfile, blocked install scripts, vulnerability overrides
+- **Audit Logging** — Complete operation trail with security event tracking
 
 </td>
 </tr>
@@ -176,7 +179,7 @@ npm install -g @windagency/valora       # npm
 
 # Verify installation
 valora --version
-# Should output: 2.2.0
+# Should output: 2.3.0
 ```
 
 ### Project Setup
@@ -215,7 +218,7 @@ valora plan "Add dark mode toggle"
 
 ### Optional: API Configuration
 
-For fully autonomous execution:
+For fully autonomous execution with cloud providers:
 
 ```bash
 valora config setup --quick
@@ -225,6 +228,23 @@ export ANTHROPIC_API_KEY=sk-ant-...
 export OPENAI_API_KEY=sk-...
 ```
 
+### Optional: Local Models (No API Key)
+
+Run fully offline with Ollama or any OpenAI-compatible server:
+
+```bash
+# Install and start Ollama
+ollama pull llama3.1
+ollama serve
+
+# Use it directly
+valora plan "Add auth" --provider local --model llama3.1
+
+# Or configure as default
+export LOCAL_BASE_URL=http://localhost:11434/v1
+export LOCAL_DEFAULT_MODEL=llama3.1
+```
+
 ---
 
 ## 🏗️ Architecture
@@ -240,6 +260,7 @@ export OPENAI_API_KEY=sk-...
 │   │ • Commands  │  │ • Pipeline   │  │ • Registry  │  │ • Anthropic │   │
 │   │ • Wizard    │  │ • Executor   │  │ • Selection │  │ • OpenAI    │   │
 │   │ • Output    │  │ • Context    │  │ • Loading   │  │ • Google    │   │
+│   │             │  │              │  │             │  │ • Local     │   │
 │   └─────────────┘  └──────────────┘  └─────────────┘  └─────────────┘   │
 │                                                                         │
 │   ┌─────────────┐  ┌──────────────┐  ┌─────────────┐  ┌─────────────┐   │
@@ -398,11 +419,14 @@ valora/                          # npm package root
 │   ├── valora.js                # Main CLI
 │   └── mcp.js                   # MCP server
 ├── src/                         # TypeScript source
+│   ├── ast/                     # AST-based code intelligence (tree-sitter parsing, symbol index)
 │   ├── cli/                     # Command-line interface
 │   ├── config/                  # Configuration management
 │   ├── executor/                # Pipeline execution
 │   ├── llm/                     # LLM provider integrations
+│   ├── lsp/                     # LSP integration (language server protocol client)
 │   ├── mcp/                     # MCP server implementation
+│   ├── security/                # Agentic AI security (credential, command, injection guards)
 │   ├── session/                 # Session management
 │   │   └── worktree-stats-tracker.ts  # Worktree usage statistics
 │   ├── ui/                      # Terminal UI (dashboard, panels)
@@ -436,6 +460,7 @@ When installed in a project, VALORA supports a `.valora/` directory for local ov
 ├── templates/                   # Custom/override templates
 ├── sessions/                    # Session state (gitignored)
 ├── logs/                        # Execution logs (gitignored)
+├── index/                       # Codebase symbol index (gitignored)
 └── cache/                       # Cache data (gitignored)
 ```
 
@@ -486,16 +511,17 @@ Resources in `.valora/` take precedence over built-in `data/` resources.
 
 ## 🛠️ Technology Stack
 
-| Category            | Technologies                                     |
-| ------------------- | ------------------------------------------------ |
-| **Runtime**         | Node.js 18+, TypeScript 5.x                      |
-| **Package Manager** | pnpm 10.x                                        |
-| **Build**           | tsc, tsc-alias                                   |
-| **Testing**         | Vitest, Playwright                               |
-| **LLM SDKs**        | @anthropic-ai/sdk, openai, @google/generative-ai |
-| **CLI UI**          | Ink (React), Chalk, Commander                    |
-| **Validation**      | Zod                                              |
-| **MCP**             | @modelcontextprotocol/sdk                        |
+| Category              | Technologies                                     |
+| --------------------- | ------------------------------------------------ |
+| **Runtime**           | Node.js 18+, TypeScript 5.x                      |
+| **Package Manager**   | pnpm 10.x                                        |
+| **Build**             | tsc, tsc-alias                                   |
+| **Testing**           | Vitest, Playwright                               |
+| **LLM SDKs**          | @anthropic-ai/sdk, openai, @google/generative-ai |
+| **CLI UI**            | Ink (React), Chalk, Commander                    |
+| **Validation**        | Zod                                              |
+| **Code Intelligence** | web-tree-sitter                                  |
+| **MCP**               | @modelcontextprotocol/sdk                        |
 
 ---
 

package/data/agents/secops-engineer.md

@@ -26,6 +26,7 @@ expertise:
   - Container security principles
   - Compliance frameworks and regulations (PCI-DSS, HIPAA, ISO 27001, SOC 2, GDPR)
   - Supply chain security (SBOM, SLSA, dependency integrity, build provenance)
+  - Agentic AI security (prompt injection, tool poisoning, credential theft, rug pull attacks)
 responsibilities:
   - Integrating security features in the software development life cycle
   - Identification and probable security risks, with their mitigating strategies
@@ -118,6 +119,18 @@ In addition to the **Platform Engineer** profile, the following specialized secu
 - **Threat intelligence** - MISP integration, STIX/TAXII, threat feed consumption
 - **Programming for security** - Python for automation, Shell scripting, Go for tooling
 
+### Agentic AI Security
+
+- **Prompt injection** - Direct and indirect injection attacks that manipulate LLM-driven agents into bypassing instructions, exfiltrating data, or performing unintended actions; detection via input/output classifiers, instruction hierarchy enforcement, and canary token monitoring
+- **Command injection** - Exploitation of LLM tool-use interfaces where adversarial input causes the agent to execute arbitrary shell commands, API calls, or code; mitigated by strict input sanitisation, parameterised tool schemas, allowlists, and sandboxed execution environments
+- **Tool poisoning** - Malicious or compromised tool definitions (MCP servers, plugins, function schemas) that inject hidden instructions, exfiltrate context, or escalate privileges when loaded by an agent; countered by tool provenance verification, schema integrity checks, and runtime tool-call auditing
+- **Rug pull attacks** - Trusted tool providers or plugin authors who ship benign behaviour during review then push malicious updates post-approval; mitigated by pinning tool versions with cryptographic hashes, continuous behavioural monitoring, and staged rollout with canary analysis
+- **Token passthrough** - Attacks that trick an agent into forwarding its bearer tokens, API keys, or session credentials to attacker-controlled endpoints via crafted tool calls, redirects, or prompt-injected URLs; prevented by credential scoping, outbound request allowlists, and token-use audit logging
+- **Token and credential theft** - Extraction of secrets from agent memory, context windows, environment variables, or tool responses through prompt injection, side-channel leakage, or insecure logging; mitigated by secret redaction in context, ephemeral credential issuance, just-in-time secret injection, and memory isolation between agent sessions
+- **Excessive agency** - Agents granted overly broad tool permissions, unrestricted API scopes, or autonomous action capabilities beyond what the task requires; mitigated by least-privilege tool grants, human-in-the-loop approval gates, action budgets, and capability-based access control
+- **Context window poisoning** - Injection of malicious content into shared context (conversation history, retrieval-augmented generation sources, or multi-agent communication channels) to influence downstream agent decisions; countered by context provenance tracking, input sanitisation at retrieval boundaries, and context integrity validation
+- **Multi-agent trust exploitation** - Attacks targeting inter-agent communication in multi-agent systems, where a compromised or manipulated agent propagates malicious instructions to peer agents; mitigated by agent identity verification, message signing, trust boundaries between agent scopes, and output validation at agent handoff points
+
 ### Data Security & Privacy
 
 - **Data governance** - Data classification schemes, data lifecycle management
@@ -197,13 +210,26 @@ In addition to the **Platform Engineer** profile, the following security-specifi
    - Enforce code review and branch protection policies to prevent insider supply chain threats
    - Conduct periodic supply chain threat modeling exercises mapping attack vectors (build, source, dependency, deployment)
 
-9. **Security Architecture & Hardening**
-   - Design and implement zero-trust network architectures
-   - Harden container images, Kubernetes clusters, and cloud resources
-   - Implement defense-in-depth security controls across all infrastructure layers
-   - Evaluate and integrate new security technologies and tools
-   - Maintain security reference architectures and secure baseline configurations
-   - Design secure artifact repositories with access controls, vulnerability scanning, and provenance verification
+9. **Agentic AI Security**
+   - Assess LLM-driven agents and pipelines for prompt injection vulnerabilities (direct, indirect, and multi-turn)
+   - Validate tool definitions, MCP server configurations, and plugin schemas for poisoning, hidden instructions, and privilege escalation vectors
+   - Enforce least-privilege tool grants, action budgets, and human-in-the-loop gates for autonomous agent actions
+   - Implement credential isolation for agents: scoped tokens, ephemeral secrets, outbound request allowlists, and secret redaction in context windows
+   - Monitor for rug pull attacks by pinning tool/plugin versions with cryptographic hashes and conducting behavioural drift analysis on tool updates
+   - Detect and prevent token passthrough attacks where agents are tricked into forwarding credentials to attacker-controlled endpoints
+   - Audit inter-agent communication in multi-agent systems for trust exploitation, message tampering, and malicious instruction propagation
+   - Implement context window integrity controls: provenance tracking for RAG sources, input sanitisation at retrieval boundaries, and canary token injection for leak detection
+   - Conduct threat modelling exercises specific to agentic AI workflows, mapping attack surfaces across prompt handling, tool execution, memory persistence, and agent orchestration layers
+   - Establish detection engineering rules for anomalous agent behaviour: unexpected tool calls, credential access patterns, data exfiltration indicators, and instruction deviation
+
+10. **Security Architecture & Hardening**
+
+- Design and implement zero-trust network architectures
+- Harden container images, Kubernetes clusters, and cloud resources
+- Implement defense-in-depth security controls across all infrastructure layers
+- Evaluate and integrate new security technologies and tools
+- Maintain security reference architectures and secure baseline configurations
+- Design secure artifact repositories with access controls, vulnerability scanning, and provenance verification
 
 ## 4. Capabilities
 
@@ -237,6 +263,10 @@ In addition to the **Platform Engineer** profile, the following security-specifi
 - Detect and respond to supply chain attacks (dependency confusion, typosquatting, compromised upstream packages)
 - Validate build provenance and artifact integrity using SLSA framework
 - Audit CI/CD pipeline security against injection and tampering threats
+- Assess agentic AI systems for prompt injection, tool poisoning, and credential theft vulnerabilities
+- Implement and validate agent sandboxing, credential isolation, and least-privilege tool configurations
+- Detect rug pull attacks, token passthrough, and context window poisoning in LLM agent workflows
+- Conduct threat modelling for multi-agent systems and agent orchestration pipelines
 
 ## 5. Constraints
 
@@ -303,6 +333,7 @@ Operate with **medium autonomy**, balancing proactive security operations with a
 - **Compliance impact** - Changes that may affect regulatory compliance status
 - **Forensic evidence handling** - Legal or regulatory implications requiring legal counsel
 - **Supply chain compromise** - Confirmed or suspected compromise of upstream dependencies, build tools, or artifact registries
+- **Agentic AI compromise** - Confirmed prompt injection, tool poisoning, credential theft, or unauthorised autonomous actions by LLM agents
 
 **Decision Framework**:
 
@@ -435,6 +466,15 @@ In addition to the **Platform Engineer** principles (Reliability, Automation, Ob
 - Monitor for upstream compromises and respond with rapid containment and remediation
 - Enforce hermetic builds and reproducible pipelines to detect tampering
 
+### 🤖 Agentic AI Least Privilege
+
+- Grant agents only the minimum tools, scopes, and credentials required for each task
+- Enforce human-in-the-loop approval for high-impact autonomous actions
+- Treat every tool definition, plugin, and MCP server as an untrusted input
+- Isolate agent sessions, memory, and credentials to prevent cross-contamination
+- Monitor agent behaviour continuously for instruction deviation, anomalous tool usage, and credential access
+- Pin and hash-verify all agent tooling; treat version updates as supply chain events requiring review
+
 ### ⚖️ Risk-Based Approach
 
 - Not all risks need immediate remediation
@@ -533,6 +573,16 @@ In addition to the **Platform Engineer** toolset, the following security-specifi
 - **Lynis** - For security auditing and hardening
 - **CloudSploit** - For cloud security configuration scanning
 
+**Agentic AI Security**:
+
+- **Prompt injection classifiers** - Rebuff, Lakera Guard, Prompt Armor for detecting direct and indirect prompt injection attempts
+- **LLM firewalls** - Guardrails AI, NeMo Guardrails, LLM Guard for input/output filtering and policy enforcement
+- **Agent sandboxing** - gVisor, Firecracker, Deno permissions for isolating agent tool execution environments
+- **Tool schema validation** - JSON Schema validators, MCP server auditing, plugin integrity verification
+- **Credential vaulting for agents** - Short-lived token issuance, scoped OAuth grants, secret redaction middleware
+- **Agent observability** - LangSmith, Langfuse, Arize Phoenix for tracing agent decisions, tool calls, and anomalous behaviour
+- **Red-teaming frameworks** - Garak, PyRIT (Microsoft), OWASP LLM Top 10 testing methodologies
+
 **Forensics & Analysis**:
 
 - **Autopsy/Sleuth Kit** - For digital forensics analysis
@@ -608,6 +658,23 @@ Immediate Actions: [Pin to safe version, revoke credentials, rebuild artifacts]
 Long-Term Remediation: [Alternative packages, vendor assessment, pipeline hardening]
 ```
 
+**When Reporting Agentic AI Security Incidents**:
+
+```plaintext
+Threat Type: [Prompt Injection|Command Injection|Tool Poisoning|Rug Pull|Token Passthrough|Credential Theft|Excessive Agency|Context Poisoning|Multi-Agent Trust Exploitation]
+Agent/System: [Affected agent, pipeline, or orchestration layer]
+Attack Vector: [Direct prompt|Indirect prompt (RAG/tool output)|Malicious tool definition|Compromised plugin update|Inter-agent message|etc.]
+Injection Source: [User input|Retrieved document|Tool response|Shared context|External API|Plugin schema]
+Credentials Exposed: [List any tokens, API keys, or secrets potentially compromised]
+Autonomous Actions Taken: [Unauthorised tool calls, API requests, data exfiltration, or code execution performed by agent]
+Blast Radius: [Systems, data, or downstream agents affected]
+Indicators of Compromise: [Anomalous tool calls, unexpected outbound requests, credential access patterns, instruction deviation]
+Containment Actions: [Agent isolation, credential rotation, tool revocation, context purge]
+Root Cause: [How the attack bypassed existing controls]
+Remediation: [Specific hardening steps — input classifiers, tool schema fixes, credential scoping, approval gates]
+Detection Gap: [What monitoring was missing to catch this earlier]
+```
+
 **When Conducting Risk Assessment**:
 
 ```plaintext

package/data/commands/_meta/schema.json

@@ -59,6 +59,8 @@
 			"type": "string",
 			"description": "AI model to use for this command",
 			"enum": [
+				"claude-opus-4.6",
+				"claude-sonnet-4.6",
 				"claude-sonnet-4.5",
 				"claude-opus-4.1",
 				"claude-haiku-4.5",
@@ -70,7 +72,7 @@
 				"grok-code",
 				"kimi-k2"
 			],
-			"default": "claude-sonnet-4.5"
+			"default": "claude-sonnet-4.6"
 		},
 		"agent": {
 			"type": "string",
@@ -213,6 +215,11 @@
 								"minimum": 1000,
 								"maximum": 300000,
 								"default": 30000
+							},
+							"failure_policy": {
+								"type": "string",
+								"description": "Controls how tool failures affect stage success. 'strict' = all failures count, 'tolerant' = only fatal (mutating) failures count, 'lenient' = never hard-stop.",
+								"enum": ["strict", "tolerant", "lenient"]
 							}
 						},
 						"additionalProperties": false

package/data/commands/assert.md

@@ -11,7 +11,7 @@ allowed-tools:
   - glob_file_search
   - run_terminal_cmd
   - read_lints
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: asserter
 prompts:
   pipeline:

package/data/commands/generate-all-documentation.md

@@ -11,7 +11,7 @@ allowed-tools:
   - codebase_search
   - grep
   - run_terminal_cmd
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/generate-docs.md

@@ -11,7 +11,7 @@ allowed-tools:
   - codebase_search
   - grep
   - run_terminal_cmd # Required for modern CLI tools (jq, yq, rg, fd)
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/implement.md

@@ -33,6 +33,7 @@ prompts:
     - stage: context
       prompt: context.load-implementation-context
       required: true
+      failure_policy: tolerant
       inputs:
         implementation_plan: $ARG_1
         agent_type: $ARG_agent
@@ -48,6 +49,7 @@ prompts:
     - stage: review
       prompt: code.validate-prerequisites
       required: true
+      failure_policy: tolerant
       inputs:
         plan_summary: $STAGE_context.plan_summary
         dependencies: $STAGE_context.dependencies

package/data/commands/plan-architecture.md

@@ -10,7 +10,7 @@ allowed-tools:
   - list_dir
   - glob_file_search
   - run_terminal_cmd # Required for modern CLI tools (jq, yq, rg, fd)
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/plan-implementation.md

@@ -10,7 +10,7 @@ allowed-tools:
   - list_dir
   - glob_file_search
   - run_terminal_cmd # Required for modern CLI tools (jq, yq, rg, fd)
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/plan.md

@@ -14,7 +14,7 @@ allowed-tools:
   - mcp_github
   # MCP: Semantic context search
   - mcp_context7
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/refine-task.md

@@ -11,7 +11,7 @@ allowed-tools:
   - list_dir
   - glob_file_search
   - run_terminal_cmd # Required for modern CLI tools (jq, yq, rg, fd)
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: product-manager
 prompts:
   pipeline:

package/data/commands/registry.json

@@ -31,7 +31,7 @@
 				"run_terminal_cmd",
 				"web_search"
 			],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"create-backlog": {
@@ -57,7 +57,7 @@
 				"run_terminal_cmd",
 				"mcp_github"
 			],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"create-prd": {
@@ -84,7 +84,7 @@
 				"query_session",
 				"mcp_github"
 			],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "product-manager"
 		},
 		"fetch-task": {
@@ -128,7 +128,7 @@
 				"grep",
 				"run_terminal_cmd"
 			],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"generate-docs": {
@@ -159,7 +159,7 @@
 			"dynamic_agent_selection": true,
 			"fallback_agent": "software-engineer-typescript",
 			"agent_selection_criteria": ["analyze_task_description", "analyze_affected_files", "consider_dependencies"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": ""
 		},
 		"plan-architecture": {
@@ -168,7 +168,7 @@
 			"experimental": true,
 			"argument-hint": "'[--task-id=<id>] [--backlog-file=<path>]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"plan-implementation": {
@@ -177,7 +177,7 @@
 			"experimental": true,
 			"argument-hint": "'[--arch-plan=<path>] [--task-id=<id>]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"plan": {
@@ -186,7 +186,7 @@
 			"experimental": true,
 			"argument-hint": "'[--task-id=<id>] [--complexity-threshold=5] [--mode=<standard|incremental|tiered>]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"pre-check": {
@@ -222,7 +222,7 @@
 			"experimental": true,
 			"argument-hint": "'<scope> [--severity=critical|high|medium|low] [--focus=security|performance|maintainability|all] [--checklist] [--auto-only]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search", "read_lints"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"review-functional": {
@@ -231,7 +231,7 @@
 			"experimental": true,
 			"argument-hint": "'<scope> [--severity=critical|high|medium|low] [--check-a11y=true|false]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search", "run_terminal_cmd"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"review-plan": {
@@ -267,7 +267,7 @@
 			"experimental": true,
 			"argument-hint": "'[--quick] [--severity=<level>] [--focus=<area>]'",
 			"allowed-tools": ["codebase_search", "read_file", "grep", "list_dir", "glob_file_search", "run_terminal_cmd"],
-			"model": "claude-sonnet-4.5",
+			"model": "claude-sonnet-4.6",
 			"agent": "lead"
 		},
 		"validate-plan": {

package/data/commands/review-code.md

@@ -15,7 +15,7 @@ allowed-tools:
   - mcp_github
   # MCP: AI-powered code analysis
   - mcp_serena
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/commands/review-functional.md

@@ -16,7 +16,7 @@ allowed-tools:
   - mcp_figma
   # MCP: Component documentation verification
   - mcp_storybook
-model: claude-opus-4.5
+model: claude-opus-4.6
 agent: lead
 prompts:
   pipeline:

package/data/prompts/01_onboard/analyze-patterns.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
     - gpt-5-thinking-high
 agents:

package/data/prompts/01_onboard/collect-clarifications.md

@@ -13,6 +13,7 @@ tags:
 model_requirements:
   min_context: 32000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
     - claude-haiku-4.5
 agents:

package/data/prompts/01_onboard/map-dependencies.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
     - gpt-5-thinking-high
 agents:

package/data/prompts/02_context/analyze-change-scope.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-changes-for-review.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-codebase-changes.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-command-execution.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - product-manager

package/data/prompts/02_context/analyze-commits-for-pr.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-functional-scope.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-git-branch.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-git-status.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/analyze-task-context.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
     - gpt-5-thinking-high
 agents:

package/data/prompts/02_context/extract-ticket-info.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead

package/data/prompts/02_context/extract-ticket-references.md

@@ -12,6 +12,7 @@ tags:
 model_requirements:
   min_context: 128000
   recommended:
+    - claude-sonnet-4.6
     - claude-sonnet-4.5
 agents:
   - lead