clean-room-skill 0.1.0

package/bin/install.js

@@ -0,0 +1,535 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+const readline = require('node:readline/promises');
+const { spawnSync } = require('node:child_process');
+
+const {
+  atomicWriteFile,
+  fileHash,
+  listFiles,
+  readJsonFile,
+  removeEmptyParents,
+  resolveInside,
+  sha256Bytes,
+  writeJsonFile,
+} = require('../lib/fs-utils.cjs');
+const {
+  buildHookEntries,
+  configPathForRuntime,
+  mergeHookEntries,
+  removeHookEntries,
+  renderPackageHooksJson,
+} = require('../lib/hooks.cjs');
+
+const PACKAGE_ROOT = path.resolve(__dirname, '..');
+const MANIFEST_NAME = 'clean-room-install-manifest.json';
+const PATCHES_DIR_NAME = 'clean-room-patches';
+const RUNTIMES = ['codex', 'claude', 'antigravity'];
+const IGNORE_NAMES = new Set(['.DS_Store', '__pycache__', 'node_modules', '.syntext']);
+const HOOK_MODES = new Set(['safe', 'copy-only', 'strict']);
+
+function packageVersion() {
+  const pkg = readJsonFile(path.join(PACKAGE_ROOT, 'package.json'), null);
+  return pkg && typeof pkg.version === 'string' ? pkg.version : '0.0.0';
+}
+
+function parseArgs(argv) {
+  const options = {
+    runtimes: [],
+    scope: null,
+    dryRun: false,
+    yes: false,
+    uninstall: false,
+    hookMode: 'safe',
+    configDir: null,
+  };
+
+  for (let i = 0; i < argv.length; i += 1) {
+    const arg = argv[i];
+    if (arg === '--codex') options.runtimes.push('codex');
+    else if (arg === '--claude') options.runtimes.push('claude');
+    else if (arg === '--antigravity') options.runtimes.push('antigravity');
+    else if (arg === '--all') options.runtimes = [...RUNTIMES];
+    else if (arg === '--global') options.scope = setExclusive(options.scope, 'global', '--global');
+    else if (arg === '--local') options.scope = setExclusive(options.scope, 'local', '--local');
+    else if (arg === '--dry-run') options.dryRun = true;
+    else if (arg === '--yes') options.yes = true;
+    else if (arg === '--uninstall') options.uninstall = true;
+    else if (arg === '--no-hooks') options.hookMode = 'copy-only';
+    else if (arg === '--config-dir') {
+      i += 1;
+      if (i >= argv.length) throw new Error('--config-dir requires a path');
+      options.configDir = argv[i];
+    } else if (arg.startsWith('--config-dir=')) {
+      options.configDir = arg.slice('--config-dir='.length);
+    } else if (arg === '--hooks') {
+      i += 1;
+      if (i >= argv.length) throw new Error('--hooks requires safe, copy-only, or strict');
+      options.hookMode = argv[i];
+    } else if (arg.startsWith('--hooks=')) {
+      options.hookMode = arg.slice('--hooks='.length);
+    } else if (arg === '-h' || arg === '--help') {
+      printHelp();
+      process.exit(0);
+    } else {
+      throw new Error(`unknown option: ${arg}`);
+    }
+  }
+
+  options.runtimes = [...new Set(options.runtimes)];
+  if (!HOOK_MODES.has(options.hookMode)) {
+    throw new Error('--hooks must be one of safe, copy-only, or strict');
+  }
+  if (options.configDir && options.runtimes.length > 1) {
+    throw new Error('--config-dir can only be used with one runtime');
+  }
+  return options;
+}
+
+function setExclusive(current, next, flag) {
+  if (current && current !== next) {
+    throw new Error(`${flag} conflicts with --${current}`);
+  }
+  return next;
+}
+
+function printHelp() {
+  console.log(`Usage: clean-room-skill [runtime] [scope] [options]
+
+Runtime:
+  --codex              Install for Codex
+  --claude             Install for Claude Code
+  --antigravity        Install for Antigravity
+  --all                Install for all supported runtimes
+
+Scope:
+  --global             Install to the runtime user config
+  --local              Install to the current project config
+
+Options:
+  --hooks=<mode>       safe, copy-only, or strict (default: safe)
+  --no-hooks           Alias for --hooks=copy-only
+  --config-dir <path>  Override the target root for one runtime
+  --dry-run            Print actions without writing files
+  --yes                Non-interactive mode; unknown conflicts still abort
+  --uninstall          Remove manifest-managed files and clean-room hook entries
+`);
+}
+
+async function resolveInteractiveOptions(options) {
+  if (options.runtimes.length > 0 && options.scope) {
+    return options;
+  }
+  if (!process.stdin.isTTY || options.yes) {
+    throw new Error('specify runtime and scope flags when running non-interactively');
+  }
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    if (options.runtimes.length === 0) {
+      const answer = await rl.question('Runtime [codex/claude/antigravity/all]: ');
+      const runtime = answer.trim().toLowerCase() || 'codex';
+      if (runtime === 'all') options.runtimes = [...RUNTIMES];
+      else if (RUNTIMES.includes(runtime)) options.runtimes = [runtime];
+      else throw new Error(`unsupported runtime: ${answer}`);
+    }
+    if (!options.scope) {
+      const answer = await rl.question('Scope [global/local]: ');
+      const scope = answer.trim().toLowerCase() || 'global';
+      if (scope !== 'global' && scope !== 'local') {
+        throw new Error(`unsupported scope: ${answer}`);
+      }
+      options.scope = scope;
+    }
+    return options;
+  } finally {
+    rl.close();
+  }
+}
+
+function homePath(...parts) {
+  return path.join(os.homedir(), ...parts);
+}
+
+function resolveTargetRoot(runtime, scope, configDir) {
+  if (runtime === 'antigravity' && scope === 'local') {
+    throw new Error('Antigravity local installs are not supported in v1');
+  }
+  if (configDir) return path.resolve(configDir);
+  if (runtime === 'codex') {
+    return scope === 'global'
+      ? path.resolve(process.env.CODEX_HOME || homePath('.codex'))
+      : path.resolve(process.cwd(), '.codex');
+  }
+  if (runtime === 'claude') {
+    return scope === 'global'
+      ? path.resolve(process.env.CLAUDE_CONFIG_DIR || homePath('.claude'))
+      : path.resolve(process.cwd(), '.claude');
+  }
+  if (runtime === 'antigravity') {
+    return path.resolve(
+      process.env.ANTIGRAVITY_PLUGIN_DIR ||
+      homePath('.gemini', 'config', 'plugins', 'clean-room-skill')
+    );
+  }
+  throw new Error(`unsupported runtime: ${runtime}`);
+}
+
+function sourceFile(relPath, hookMode) {
+  if (relPath === 'hooks/hooks.json') {
+    return Buffer.from(renderPackageHooksJson(hookMode === 'strict' ? 'strict' : 'safe'), 'utf8');
+  }
+  return fs.readFileSync(path.join(PACKAGE_ROOT, relPath));
+}
+
+function addFile(desired, sourceRel, destRel, hookMode) {
+  desired.set(destRel.replace(/\\/g, '/'), sourceFile(sourceRel, hookMode));
+}
+
+function addTree(desired, sourceRel, destRel, hookMode, options = {}) {
+  const sourceRoot = path.join(PACKAGE_ROOT, sourceRel);
+  for (const rel of listFiles(sourceRoot, { ignoreNames: IGNORE_NAMES })) {
+    if (options.filter && !options.filter(rel)) continue;
+    const sourcePath = `${sourceRel}/${rel}`.replace(/\\/g, '/');
+    const destPath = destRel ? `${destRel}/${rel}` : rel;
+    addFile(desired, sourcePath, destPath, hookMode);
+  }
+}
+
+function buildDesiredFiles(runtime, hookMode) {
+  const desired = new Map();
+  if (runtime === 'codex') {
+    addTree(desired, 'skills', 'skills', hookMode);
+    addTree(desired, 'examples/codex/.codex/agents', 'agents', hookMode);
+    addTree(desired, 'hooks', 'hooks/clean-room', hookMode, {
+      filter: (rel) => rel.endsWith('.py'),
+    });
+    return desired;
+  }
+  if (runtime === 'claude') {
+    addTree(desired, 'skills', 'skills', hookMode);
+    addTree(desired, 'agents', 'agents', hookMode);
+    addTree(desired, 'hooks', 'hooks/clean-room', hookMode, {
+      filter: (rel) => rel.endsWith('.py'),
+    });
+    return desired;
+  }
+  if (runtime === 'antigravity') {
+    for (const rel of ['plugin.json', 'README.md', 'LICENSE']) {
+      addFile(desired, rel, rel, hookMode);
+    }
+    for (const rel of ['.codex-plugin', '.claude-plugin', 'skills', 'agents', 'hooks', 'examples']) {
+      addTree(desired, rel, rel, hookMode);
+    }
+    return desired;
+  }
+  throw new Error(`unsupported runtime: ${runtime}`);
+}
+
+function readManifest(targetRoot) {
+  const manifestPath = path.join(targetRoot, MANIFEST_NAME);
+  if (!fs.existsSync(manifestPath)) return null;
+  const manifest = readJsonFile(manifestPath, null);
+  if (!manifest || typeof manifest !== 'object' || Array.isArray(manifest)) {
+    throw new Error(`${manifestPath} must contain a JSON object`);
+  }
+  return manifest;
+}
+
+function manifestHash(manifest, relPath) {
+  const entry = manifest?.files?.[relPath];
+  if (!entry) return null;
+  if (typeof entry === 'string') return entry;
+  if (entry && typeof entry.sha256 === 'string') return entry.sha256;
+  return null;
+}
+
+function planInstall(targetRoot, desired, manifest) {
+  const unknownConflicts = [];
+  const writes = [];
+  const removals = [];
+  const backups = [];
+
+  for (const [relPath, bytes] of desired) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    const desiredHash = sha256Bytes(bytes);
+    const knownHash = manifestHash(manifest, relPath);
+    if (fs.existsSync(fullPath)) {
+      const currentHash = fileHash(fullPath);
+      if (knownHash && currentHash !== knownHash) {
+        backups.push(relPath);
+      } else if (!knownHash && currentHash !== desiredHash) {
+        unknownConflicts.push(relPath);
+      }
+    }
+    writes.push(relPath);
+  }
+
+  for (const relPath of Object.keys(manifest?.files || {})) {
+    if (desired.has(relPath)) continue;
+    const fullPath = resolveInside(targetRoot, relPath);
+    if (!fs.existsSync(fullPath)) continue;
+    const knownHash = manifestHash(manifest, relPath);
+    if (knownHash && fileHash(fullPath) !== knownHash) {
+      backups.push(relPath);
+    }
+    removals.push(relPath);
+  }
+
+  return { unknownConflicts, writes, removals, backups };
+}
+
+async function confirmUnknownConflicts(conflicts, options) {
+  if (conflicts.length === 0) return false;
+  if (options.dryRun) return false;
+  if (options.yes || !process.stdin.isTTY) {
+    throw new Error(
+      `unknown existing file(s) would be overwritten: ${conflicts.join(', ')}. ` +
+      'Run interactively to confirm or remove the conflict.'
+    );
+  }
+  console.log('Unknown existing files would be overwritten:');
+  for (const conflict of conflicts) {
+    console.log(`  ${conflict}`);
+  }
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  try {
+    const answer = await rl.question('Overwrite these files? Type yes to continue: ');
+    if (answer.trim() !== 'yes') {
+      throw new Error('aborted by user');
+    }
+    return true;
+  } finally {
+    rl.close();
+  }
+}
+
+function backupFile(targetRoot, relPath, backupRoot) {
+  const source = resolveInside(targetRoot, relPath);
+  const dest = resolveInside(backupRoot, relPath);
+  fs.mkdirSync(path.dirname(dest), { recursive: true });
+  fs.copyFileSync(source, dest);
+}
+
+function timestampForPath() {
+  return new Date().toISOString().replace(/[:.]/g, '-');
+}
+
+function createBackupWriter(targetRoot, dryRun) {
+  let backupRoot = null;
+  return {
+    backup(relPath) {
+      if (dryRun) return null;
+      if (!backupRoot) {
+        backupRoot = path.join(targetRoot, PATCHES_DIR_NAME, timestampForPath());
+      }
+      backupFile(targetRoot, relPath, backupRoot);
+      return backupRoot;
+    },
+    get root() {
+      return backupRoot;
+    },
+  };
+}
+
+function applyInstall(targetRoot, desired, manifest, plan, options) {
+  const backupWriter = createBackupWriter(targetRoot, options.dryRun);
+  if (options.dryRun) return null;
+  fs.mkdirSync(targetRoot, { recursive: true });
+
+  const backedUp = new Set();
+  for (const relPath of [...plan.backups, ...plan.unknownConflicts]) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    if (fs.existsSync(fullPath) && !backedUp.has(relPath)) {
+      backupWriter.backup(relPath);
+      backedUp.add(relPath);
+    }
+  }
+
+  for (const relPath of plan.removals) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    if (fs.existsSync(fullPath)) {
+      fs.rmSync(fullPath, { force: true });
+      removeEmptyParents(path.dirname(fullPath), targetRoot);
+    }
+  }
+
+  for (const [relPath, bytes] of desired) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    atomicWriteFile(fullPath, bytes);
+  }
+
+  const nextManifest = {
+    schema: 1,
+    package: 'clean-room-skill',
+    version: packageVersion(),
+    runtime: manifest?.runtime || null,
+    scope: manifest?.scope || null,
+    hooks_mode: options.hookMode,
+    installed_at: new Date().toISOString(),
+    files: {},
+  };
+  for (const [relPath, bytes] of desired) {
+    nextManifest.files[relPath] = { sha256: sha256Bytes(bytes) };
+  }
+  return { backupRoot: backupWriter.root, manifest: nextManifest };
+}
+
+function writeInstallManifest(targetRoot, manifest, runtime, scope, hookMode, dryRun) {
+  if (dryRun) return;
+  const next = {
+    ...manifest,
+    runtime,
+    scope,
+    hooks_mode: hookMode,
+  };
+  writeJsonFile(path.join(targetRoot, MANIFEST_NAME), next);
+}
+
+function resolvePython3() {
+  const result = spawnSync('python3', ['-c', 'import sys; print(sys.executable)'], {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  if (result.status !== 0) {
+    throw new Error('python3 is required to install clean-room hooks');
+  }
+  const pythonPath = String(result.stdout || '').trim();
+  if (!path.isAbsolute(pythonPath)) {
+    throw new Error('python3 did not resolve to an absolute executable path');
+  }
+  return pythonPath;
+}
+
+function validateRuntimeOptions(options) {
+  for (const runtime of options.runtimes) {
+    resolveTargetRoot(runtime, options.scope, options.configDir);
+  }
+}
+
+function configureHooks(runtime, targetRoot, hookMode, dryRun) {
+  if (hookMode === 'copy-only' || runtime === 'antigravity') {
+    return;
+  }
+  const configPath = configPathForRuntime(runtime, targetRoot);
+  if (!configPath) return;
+  const pythonPath = resolvePython3();
+  const wrapperPath = path.join(targetRoot, 'hooks', 'clean-room', 'clean-room-hook.py');
+  const entries = buildHookEntries({ pythonPath, wrapperPath, mode: hookMode });
+  mergeHookEntries(configPath, entries, { dryRun });
+}
+
+async function installRuntime(runtime, options) {
+  const targetRoot = resolveTargetRoot(runtime, options.scope, options.configDir);
+  const manifest = readManifest(targetRoot);
+  const desired = buildDesiredFiles(runtime, options.hookMode);
+  const plan = planInstall(targetRoot, desired, manifest);
+  const adoptedUnknowns = await confirmUnknownConflicts(plan.unknownConflicts, options);
+
+  console.log(`${options.dryRun ? 'Would install' : 'Installing'} ${runtime} to ${targetRoot}`);
+  console.log(`  files: ${plan.writes.length}`);
+  if (plan.removals.length) console.log(`  stale managed removals: ${plan.removals.length}`);
+  if (plan.backups.length || adoptedUnknowns) {
+    console.log(`  backups: ${plan.backups.length + (adoptedUnknowns ? plan.unknownConflicts.length : 0)}`);
+  }
+  if (options.dryRun && plan.unknownConflicts.length) {
+    console.log(`  unknown conflicts: ${plan.unknownConflicts.length}`);
+  }
+
+  configureHooks(runtime, targetRoot, options.hookMode, true);
+  const result = applyInstall(targetRoot, desired, manifest, plan, options);
+  if (!options.dryRun) {
+    configureHooks(runtime, targetRoot, options.hookMode, false);
+  }
+  if (result) {
+    writeInstallManifest(targetRoot, result.manifest, runtime, options.scope, options.hookMode, options.dryRun);
+    if (result.backupRoot) {
+      console.log(`  backed up modified files to ${result.backupRoot}`);
+    }
+  }
+}
+
+function planUninstall(targetRoot, manifest) {
+  const files = Object.keys(manifest?.files || {});
+  const backups = [];
+  const removals = [];
+  for (const relPath of files) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    if (!fs.existsSync(fullPath)) continue;
+    const knownHash = manifestHash(manifest, relPath);
+    if (knownHash && fileHash(fullPath) !== knownHash) {
+      backups.push(relPath);
+    }
+    removals.push(relPath);
+  }
+  return { backups, removals };
+}
+
+function uninstallRuntime(runtime, options) {
+  const targetRoot = resolveTargetRoot(runtime, options.scope, options.configDir);
+  const manifest = readManifest(targetRoot);
+  console.log(`${options.dryRun ? 'Would uninstall' : 'Uninstalling'} ${runtime} from ${targetRoot}`);
+  if (!manifest) {
+    console.log('  no install manifest found');
+    return;
+  }
+  const plan = planUninstall(targetRoot, manifest);
+  console.log(`  managed removals: ${plan.removals.length}`);
+  if (plan.backups.length) {
+    console.log(`  backups: ${plan.backups.length}`);
+  }
+
+  if (options.dryRun) return;
+  const backupWriter = createBackupWriter(targetRoot, false);
+  for (const relPath of plan.backups) {
+    backupWriter.backup(relPath);
+  }
+  for (const relPath of plan.removals) {
+    const fullPath = resolveInside(targetRoot, relPath);
+    if (fs.existsSync(fullPath)) {
+      fs.rmSync(fullPath, { force: true });
+      removeEmptyParents(path.dirname(fullPath), targetRoot);
+    }
+  }
+  const configPath = configPathForRuntime(runtime, targetRoot);
+  if (configPath) {
+    removeHookEntries(configPath, { dryRun: false });
+  }
+  fs.rmSync(path.join(targetRoot, MANIFEST_NAME), { force: true });
+  removeEmptyParents(targetRoot, path.dirname(targetRoot));
+  if (backupWriter.root) {
+    console.log(`  backed up modified files to ${backupWriter.root}`);
+  }
+}
+
+async function main() {
+  const options = await resolveInteractiveOptions(parseArgs(process.argv.slice(2)));
+  if (!options.scope) {
+    options.scope = 'global';
+  }
+  validateRuntimeOptions(options);
+  for (const runtime of options.runtimes) {
+    if (options.uninstall) {
+      uninstallRuntime(runtime, options);
+    } else {
+      await installRuntime(runtime, options);
+    }
+  }
+}
+
+if (require.main === module) {
+  main().catch((err) => {
+    console.error(`clean-room-skill: ${err.message}`);
+    process.exitCode = 1;
+  });
+}
+
+module.exports = {
+  buildDesiredFiles,
+  parseArgs,
+  planInstall,
+  resolveTargetRoot,
+};

package/examples/codex/.codex/agents/clean-architect.toml

@@ -0,0 +1,17 @@
+name = "clean-architect"
+description = "Manages the selected clean schema base and organizes clean behavior specs into target-neutral skeleton manifests."
+sandbox_mode = "workspace-write"
+model_reasoning_effort = "medium"
+enabled_skills = ["clean-room"]
+
+instructions = """
+Act as Agent 2 in the clean-room pipeline.
+Run only from the clean workspace.
+Before tool use, require CLEAN_ROOM_ROLE=clean-architect, CLEAN_ROOM_CLEAN_ROOTS, CLEAN_ROOM_SOURCE_ROOTS, CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS, CLEAN_ROOM_ALLOWED_READ_ROOTS, and CLEAN_ROOM_SCHEMA_DIR.
+Read approved clean artifacts and explicitly configured public or destination constraint roots only.
+Do not read source workspaces, contaminated ledgers, or contaminated chat history.
+Manage the selected clean schema base from task-manifest.json format_selection.
+Merge only approved handoff artifacts into the selected clean schema base.
+Create or update skeleton-manifest.json only from clean inputs.
+Stop if contaminated material appears in clean inputs.
+"""

package/examples/codex/.codex/agents/clean-qa-editor.toml

@@ -0,0 +1,17 @@
+name = "clean-qa-editor"
+description = "Reviews clean artifacts for schema conformance, leakage, coverage, testability, and abstract reporting back to Agent 0."
+sandbox_mode = "workspace-write"
+model_reasoning_effort = "high"
+enabled_skills = ["clean-room"]
+
+instructions = """
+Act as Agent 3 in the clean-room pipeline.
+Run only from the clean workspace.
+Before tool use, require CLEAN_ROOM_ROLE=clean-qa-editor, CLEAN_ROOM_CLEAN_ROOTS, CLEAN_ROOM_SOURCE_ROOTS, CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS, CLEAN_ROOM_ALLOWED_READ_ROOTS, and CLEAN_ROOM_SCHEMA_DIR.
+Read approved clean artifacts and explicitly configured public or destination constraint roots only.
+Validate clean artifacts against schema assets.
+Review leakage risk and record contamination incidents.
+Write qc-report.json and abstract delta tickets.
+Report final QC status and abstract delta tickets back to Agent 0.
+Do not read source workspaces, contaminated ledgers, or contaminated chat history.
+"""

package/examples/codex/.codex/agents/contaminated-manager-verifier.toml

@@ -0,0 +1,21 @@
+name = "contaminated-manager-verifier"
+description = "Consumes contaminated source indexes, tracks source coverage, and emits only abstract clean-room delta tickets."
+sandbox_mode = "workspace-write"
+model_reasoning_effort = "medium"
+enabled_skills = ["clean-room"]
+
+instructions = """
+Act as Agent 0 in the clean-room pipeline.
+Operate only in the contaminated domain.
+Read authorized source and contaminated ledgers as needed.
+When acting as agent zero/controller, define and pass CLEAN_ROOM_ROLE, CLEAN_ROOM_SOURCE_ROOTS, CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS, CLEAN_ROOM_CLEAN_ROOTS, CLEAN_ROOM_SCHEMA_DIR, and clean-role CLEAN_ROOM_ALLOWED_READ_ROOTS into every new role session.
+Missing controller_policy means attended. In unattended mode, reload durable artifacts before each iteration, select at most one pending or gap unit, launch roles from fresh context, validate schema and leakage before advancing state, and stop on configured safety or ambiguity conditions.
+Record the user's format_selection target profile and Agent 0-3 agent_pipeline contract in task-manifest.json.
+Use contaminated source-index.json when controller preflight produced one.
+Maintain the tasklist as neutral task-manifest.json units, map at most one source-index batch or large-file segment into each unit, and track coverage under CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS.
+Do not write clean artifacts.
+If source-index.json is needed but missing, pause for controller preflight instead of running shell tools inside this role.
+Receive Agent 3 final QC reports and convert gaps into abstract delta tickets.
+Send only abstract delta tickets across the wall.
+Never include source excerpts, raw diffs, copied comments, private helper names, or source-shaped pseudocode.
+"""

package/examples/codex/.codex/agents/contaminated-source-analyst.toml

@@ -0,0 +1,17 @@
+name = "contaminated-source-analyst"
+description = "Reads authorized source and writes neutral task slices plus scrubbed behavior specs with evidence references."
+sandbox_mode = "workspace-write"
+model_reasoning_effort = "medium"
+enabled_skills = ["clean-room"]
+
+instructions = """
+Act as Agent 1 in the clean-room pipeline.
+Operate only in the contaminated domain.
+Read the minimum authorized source needed for the assigned unit.
+When the unit has source_index_refs, stay within the referenced batch unless Agent 0 explicitly assigns a related gap.
+Write only under CLEAN_ROOM_CONTAMINATED_ARTIFACT_ROOTS.
+Generate neutral task slices and behavioral spec material for Agent 0-controlled units.
+Produce neutral behavioral requirements and evidence refs.
+Do not produce replacement implementation code.
+Do not include copied source expression, raw diffs, comments, private helper names, or implementation-shaped pseudocode.
+"""