agestra 4.14.2 → 4.14.3

package/commands/security.md

@@ -19,7 +19,7 @@ Before anything else, call `setup_status`. If it reports `Setup required: yes` o
 1. Invoke the `agestra:setup` skill (or run `/agestra setup` inline) — provider detection, selection, locale, `setup_apply`.
 2. After the config is written, resume this `/agestra security` command **from Step 1**, preserving `$ARGUMENTS`. Do not ask the user to retype.
 
-Before any provider fan-out, run the shared workspace trust preflight for the exact current project root. If supported providers are blocked, ask once whether to register only this project folder, then call `provider_trust_apply_all` after approval.
+Before any provider fan-out, run the shared workspace trust preflight for the exact current project root. If supported providers are blocked, ask once whether to register only this project folder. This is a security approval gate, not a clarifying question; "keep going" / no-questions instructions are not approval. After approval, call `provider_trust_apply` once per blocked provider. Use `provider_trust_apply_all` only when the host permission model explicitly allows batch trust changes. If approval cannot be obtained, skip blocked providers.
 
 ## Step 1: Determine security scope
 
@@ -50,9 +50,22 @@ Use `AskUserQuestion` when available, or a plain numbered prompt as fallback. Do
 
 Ask separately before any tool-assisted scan that installs tools, contacts package registries, uses network access, or produces large logs. The user must approve the exact tool, command, scope, expected time, privacy/telemetry behavior, and artifact path. If the user declines, continue with manual/code-based review and list the skipped checks as residual risk.
 
-Then ask host-led research notes before provider fan-out: secrets / API key surfaces, auth / authz boundaries, file / command execution paths, network exposure, dependency / supply-chain concerns, unsafe defaults, or `skip`. Ask whether any provider or lens should receive a specific research assignment, or whether team-lead should choose.
+Then ask research notes before provider fan-out: secrets / API key surfaces, auth / authz boundaries, file / command execution paths, network exposure, dependency / supply-chain concerns, unsafe defaults, or `skip`. Ask whether any provider or lens should receive a specific research assignment, or whether team-lead should choose.
 
-## Step 3: Route execution
+## Step 3: Choose 조사 방식
+
+Before provider fan-out, ask once which investigation topology to use unless the user already specified it:
+
+| Option | Description |
+|--------|-------------|
+| **Host-led Research (Recommended)** | The current host prepares bounded security evidence first; providers challenge and debate the prepared findings. Record internally as `host-seeded`. |
+| **Council Research** | Host and providers independently inspect assigned security surfaces before consolidation and debate. |
+| **Provider-seeded Research** | One selected provider creates the first security seed/evidence artifact; host and other providers challenge it. |
+| **Decide automatically** | Use Host-led for bounded audits, Council for broad/full security reviews, and Provider-seeded only when the user named a provider to lead. |
+
+Use `AskUserQuestion` when available, or a plain numbered prompt as fallback. This is a cost/latency gate, not a security clarification. If a host-level no-questions directive prevents asking, choose Host-led Research (`host-seeded`) and report that broader provider investigation was skipped. If Provider-seeded Research is selected and the seed provider is not explicit, record the seed provider as pending; after provider availability is listed, ask which available provider should seed. Do not infer it.
+
+## Step 4: Route execution
 
 Call `environment_check` and `provider_list`.
 
@@ -60,7 +73,7 @@ Call `environment_check` and `provider_list`.
 Stop Agestra orchestration and tell the user to run `/agestra setup` to enable a provider, or ask the current host to run a security review directly outside Agestra. Do not spawn a host specialist from this command.
 
 **Provider-backed path — 1+ external providers available (multi-AI):**
-Hand off to `agestra:agestra-team-lead`. Provider-backed security uses the host research consensus flow:
+Hand off to `agestra:agestra-team-lead`. Provider-backed security uses the selected research topology flow:
 
 ```text
 호스트가 조사한다.
@@ -79,18 +92,19 @@ External AI research and debate run in separate fresh sessions, even when the sa
 - **Tool permission choices:** approved / declined / not asked, with exact approved commands if any
 - **Report artifact path expectation:** `docs/reports/security/YYYY-MM-DD-security-[target].md`
 - **Consensus domain:** `security`
-- **Research notes:** what the host-led investigation should look for (secrets/keys, auth/authz boundaries, file/command execution, network exposure, dependency concerns, unsafe defaults)
+- **Research topology / 조사 방식:** selected in Step 3 (`host-seeded`, `council`, `provider-seeded`, or `automatic`)
+- **Research notes:** what the selected investigation should look for (secrets/keys, auth/authz boundaries, file/command execution, network exposure, dependency concerns, unsafe defaults)
 - **Research assignments:** optional participant/lens rows for `research_assignments`
 - **Available providers:** from `environment_check`; include configured providers when their detected model capability is suitable, using read-only security-review tools unless the user explicitly approves a separate implementation task
 - **Requested providers:** explicit names captured from user wording; otherwise "all available security-capable"
-- **Specialist handoff (host-native security):** when a host-native security lens is needed, team-lead runs that specialist through the active host layer and includes the result in the host-led research/consolidation inputs. Do not use host-specialist handoff to create a bundled research participant.
+- **Specialist handoff (host-native security):** when a host-native security lens is needed, team-lead runs that specialist through the active host layer and includes the result in the selected research/consolidation inputs. Do not use host-specialist handoff to create a bundled research participant.
 - **Locale:** from `setup_status`
 - **Target workspace root:** absolute project folder if the user supplied or implied one; pass it to workspace/debate MCP calls as `workspace_base_dir`
 - **Original user request:** preserve verbatim
 
-Team-lead owns calling `agent_research_consensus_start` with `domain: "security"`, the security `objective`, `participants`, optional `research_assignments`, optional `provider_order`, bounded `max_rounds`, and output document flags. Team-lead must ensure external AI research and debate use separate fresh sessions, must never create a bundled research pseudo-participant, and must never carry research bundles through `source_documents`. Inspect `aggregation_record.json`, `open_debate_items.json`, `round_packet.{round}.{provider}.json`, the aggregation document, and the leader-authored final decision document under `docs/agestra/`. The brigade must not run destructive exploit tests and must not install tools or run heavyweight/networked scans without explicit user approval.
+Team-lead owns resolving the selected research topology, then calling `agent_research_consensus_start` when investigation fan-out is required or `agent_consensus_start` with prepared `initial_aggregation.items` when seed/host evidence is already available. Team-lead must ensure external AI research and debate use separate fresh sessions when a research phase is used, must never create a bundled research pseudo-participant, and must never carry research bundles through `source_documents`. Inspect `aggregation_record.json`, `open_debate_items.json`, `round_packet.{round}.{provider}.json`, the aggregation document, and the leader-authored final decision document under `docs/agestra/`. The brigade must not run destructive exploit tests and must not install tools or run heavyweight/networked scans without explicit user approval.
 
-## Step 4: Present the result
+## Step 5: Present the result
 
 When security review returns:
 - Show SECURITY PASS / PASS WITH HARDENING / SECURITY BLOCK

package/commands/setup.md

@@ -84,7 +84,7 @@ Ask the workspace trust policy question once. Default to `ask` unless the user e
 - `auto-exact`: automatically register only the exact current project root when discovery is clean
 - `never`: never modify provider trust stores
 
-Do not treat "등록하고 계속" / "Trust this project and continue" as consent to store `auto-exact`; that action only applies the current exact root through `provider_trust_apply_all`.
+Do not treat "등록하고 계속" / "Trust this project and continue" as consent to store `auto-exact`; that action only applies the current exact root through `provider_trust_apply` calls for the selected providers. Use `provider_trust_apply_all` only when the host permission model explicitly allows batch trust changes.
 
 Call `setup_apply` with:
 - `enabled_providers`: the selected provider IDs