coverme-scanner 1.0.23 → 1.0.24

package/.claude/commands/coverme.md

@@ -18,12 +18,31 @@ Execute ALL phases automatically. Do NOT stop until the HTML report is open.
 
 ---
 
-## Phase 1: Discovery (10 parallel agents)
+## Phase 0: Load Custom Agents (if exists)
 
-Launch ALL 10 agents IN PARALLEL using the Task tool with `run_in_background: true`:
+**FIRST**, check if `.coverme/agents.json` exists:
+```bash
+cat .coverme/agents.json 2>/dev/null || echo "NO_CUSTOM_AGENTS"
+```
+
+If the file exists, parse it and add custom agents to the appropriate phases:
+- Agents with `"phase": "discovery"` → run in Phase 1 alongside built-in agents
+- Agents with `"phase": "validation"` → run in Phase 2 alongside validators
+- Agents with `"phase": "consensus"` → run in Phase 3
+
+For each custom agent, use its `prompt` field as the agent instructions and `idPrefix` for finding IDs.
+
+---
+
+## Phase 1: Discovery (10+ parallel agents)
+
+Launch ALL built-in agents + custom discovery agents IN PARALLEL using the Task tool with `run_in_background: true`:
 
 **IMPORTANT**: Set `run_in_background: true` on ALL Task tool calls to run agents in parallel without blocking.
 
+### Custom Agents (from .coverme/agents.json)
+If custom agents with `"phase": "discovery"` were loaded in Phase 0, launch them here in parallel with the built-in agents.
+
 ### Agent 1: Security Scanner (Core)
 ```
 Scan for OWASP Top 10 and common vulnerabilities:
@@ -427,11 +446,14 @@ Output JSON: [{id: "TEST-XXX", title, severity, category: "testing", file, line,
 
 ---
 
-## Phase 2: Cross-Validation (3 parallel validators)
+## Phase 2: Cross-Validation (3+ parallel validators)
 
 Wait for all Phase 1 background agents to complete using `AgentOutputTool`.
 
-Then launch 3 validators IN PARALLEL with `run_in_background: true`:
+Then launch 3 built-in validators + custom validation agents IN PARALLEL with `run_in_background: true`:
+
+### Custom Validators (from .coverme/agents.json)
+If custom agents with `"phase": "validation"` were loaded in Phase 0, launch them here in parallel with the built-in validators.
 
 ### Validator A: False Positive Hunter
 ```

package/dist/cli/index.js

@@ -38,5 +38,168 @@ program
     .action(async (jsonFile, options) => {
     await (0, index_js_1.generateReport)(jsonFile, options.output, options.format || 'pdf');
 });
+// Agent management commands
+const agentCmd = program
+    .command('agent')
+    .description('Manage custom agents');
+agentCmd
+    .command('init')
+    .description('Create .coverme/agents.json with example custom agents')
+    .action(() => {
+    const covermeDir = (0, path_1.join)(process.cwd(), '.coverme');
+    if (!(0, fs_1.existsSync)(covermeDir)) {
+        (0, fs_1.mkdirSync)(covermeDir, { recursive: true });
+    }
+    const agentsPath = (0, path_1.join)(covermeDir, 'agents.json');
+    if ((0, fs_1.existsSync)(agentsPath)) {
+        console.log(`agents.json already exists at ${agentsPath}`);
+        console.log('Use "coverme agent add" to add a new agent');
+        return;
+    }
+    const exampleAgents = {
+        customAgents: [],
+        settings: {
+            runCustomAgentsInParallel: true,
+            customAgentTimeout: 120000
+        }
+    };
+    (0, fs_1.writeFileSync)(agentsPath, JSON.stringify(exampleAgents, null, 2));
+    console.log(`Created ${agentsPath}`);
+    console.log('Use "coverme agent add" to add custom agents');
+});
+agentCmd
+    .command('add')
+    .description('Add a new custom agent interactively')
+    .option('--id <id>', 'Agent ID (lowercase, no spaces)')
+    .option('--name <name>', 'Agent display name')
+    .option('--phase <phase>', 'Phase: discovery, validation, or consensus')
+    .option('--prefix <prefix>', 'Finding ID prefix (2-6 uppercase letters)')
+    .option('--prompt <prompt>', 'Agent prompt/instructions')
+    .action((options) => {
+    const covermeDir = (0, path_1.join)(process.cwd(), '.coverme');
+    const agentsPath = (0, path_1.join)(covermeDir, 'agents.json');
+    if (!(0, fs_1.existsSync)(covermeDir)) {
+        (0, fs_1.mkdirSync)(covermeDir, { recursive: true });
+    }
+    let agents = { customAgents: [], settings: { runCustomAgentsInParallel: true, customAgentTimeout: 120000 } };
+    if ((0, fs_1.existsSync)(agentsPath)) {
+        agents = JSON.parse((0, fs_1.readFileSync)(agentsPath, 'utf-8'));
+    }
+    if (!options.id || !options.name || !options.phase || !options.prompt) {
+        console.log(`
+Usage: coverme agent add --id <id> --name <name> --phase <phase> --prefix <prefix> --prompt <prompt>
+
+Example:
+  coverme agent add \\
+    --id "dror" \\
+    --name "Dror - Security Expert" \\
+    --phase "discovery" \\
+    --prefix "DROR" \\
+    --prompt "You are Dror, a security expert. Find advanced vulnerabilities..."
+
+Phases:
+  discovery  - Runs in Phase 1 with security scanners
+  validation - Runs in Phase 2 with validators
+  consensus  - Runs in Phase 3 during consensus building
+`);
+        return;
+    }
+    const newAgent = {
+        id: options.id,
+        name: options.name,
+        phase: options.phase,
+        priority: 5,
+        idPrefix: options.prefix || options.id.toUpperCase().slice(0, 4),
+        prompt: options.prompt,
+        enabled: true,
+        runInBackground: true
+    };
+    // Check for duplicate ID
+    if (agents.customAgents.some((a) => a.id === newAgent.id)) {
+        console.error(`Agent with id "${newAgent.id}" already exists`);
+        return;
+    }
+    agents.customAgents.push(newAgent);
+    (0, fs_1.writeFileSync)(agentsPath, JSON.stringify(agents, null, 2));
+    console.log(`Added agent "${newAgent.name}" to ${agentsPath}`);
+    console.log(`This agent will run in the ${newAgent.phase} phase with ID prefix ${newAgent.idPrefix}-XXX`);
+});
+agentCmd
+    .command('list')
+    .description('List all custom agents')
+    .action(() => {
+    const agentsPath = (0, path_1.join)(process.cwd(), '.coverme', 'agents.json');
+    if (!(0, fs_1.existsSync)(agentsPath)) {
+        console.log('No custom agents configured. Run "coverme agent init" first.');
+        return;
+    }
+    const agents = JSON.parse((0, fs_1.readFileSync)(agentsPath, 'utf-8'));
+    if (!agents.customAgents || agents.customAgents.length === 0) {
+        console.log('No custom agents configured. Use "coverme agent add" to add one.');
+        return;
+    }
+    console.log('\nCustom Agents:\n');
+    for (const agent of agents.customAgents) {
+        const status = agent.enabled !== false ? '✓' : '✗';
+        console.log(`  ${status} ${agent.name}`);
+        console.log(`    ID: ${agent.id} | Phase: ${agent.phase} | Prefix: ${agent.idPrefix}`);
+        console.log(`    Prompt: ${agent.prompt.slice(0, 60)}...`);
+        console.log('');
+    }
+});
+agentCmd
+    .command('remove')
+    .description('Remove a custom agent')
+    .argument('<id>', 'Agent ID to remove')
+    .action((id) => {
+    const agentsPath = (0, path_1.join)(process.cwd(), '.coverme', 'agents.json');
+    if (!(0, fs_1.existsSync)(agentsPath)) {
+        console.error('No agents.json found');
+        return;
+    }
+    const agents = JSON.parse((0, fs_1.readFileSync)(agentsPath, 'utf-8'));
+    const idx = agents.customAgents.findIndex((a) => a.id === id);
+    if (idx === -1) {
+        console.error(`Agent "${id}" not found`);
+        return;
+    }
+    const removed = agents.customAgents.splice(idx, 1)[0];
+    (0, fs_1.writeFileSync)(agentsPath, JSON.stringify(agents, null, 2));
+    console.log(`Removed agent "${removed.name}"`);
+});
+agentCmd
+    .command('example')
+    .description('Show example agent configurations')
+    .action(() => {
+    const examplePath = (0, path_1.join)(__dirname, '..', 'templates', 'agents.example.json');
+    if ((0, fs_1.existsSync)(examplePath)) {
+        console.log((0, fs_1.readFileSync)(examplePath, 'utf-8'));
+    }
+    else {
+        console.log(`
+Example agents.json:
+
+{
+  "customAgents": [
+    {
+      "id": "dror",
+      "name": "Dror - Senior Security Expert",
+      "phase": "discovery",
+      "priority": 1,
+      "idPrefix": "DROR",
+      "prompt": "You are Dror, a senior security expert with 15 years of experience..."
+    },
+    {
+      "id": "compliance",
+      "name": "Compliance Checker",
+      "phase": "discovery",
+      "idPrefix": "COMP",
+      "prompt": "Check for GDPR, PCI-DSS, HIPAA, SOC2 compliance issues..."
+    }
+  ]
+}
+`);
+    }
+});
 program.parse();
 //# sourceMappingURL=index.js.map

package/dist/cli/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,uCAAiC;AACjC,uCAAiC;AACjC,iDAAoD;AACpD,2BAAkC;AAClC,+BAA4B;AAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3F,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,uEAAuE,CAAC;KACpF,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,cAAc,EAAE,yCAAyC,CAAC;KACjE,MAAM,CAAC,cAAI,CAAC,CAAC;AAEhB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,gDAAgD,CAAC;KAC7D,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,CAAC;KACvC,MAAM,CAAC,uBAAuB,EAAE,oCAAoC,EAAE,KAAK,CAAC;KAC5E,MAAM,CAAC,0BAA0B,EAAE,kBAAkB,CAAC;KACtD,MAAM,CAAC,yBAAyB,EAAE,qDAAqD,EAAE,KAAK,CAAC;KAC/F,MAAM,CAAC,wBAAwB,EAAE,iDAAiD,EAAE,KAAK,CAAC;KAC1F,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,sBAAsB,EAAE,2BAA2B,EAAE,GAAG,CAAC;KAChE,MAAM,CAAC,cAAI,CAAC,CAAC;AAEhB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yCAAyC,CAAC;KACtD,QAAQ,CAAC,aAAa,EAAE,gCAAgC,CAAC;KACzD,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;KACjD,MAAM,CAAC,uBAAuB,EAAE,0BAA0B,EAAE,KAAK,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAqD,EAAE,EAAE;IACxF,MAAM,IAAA,yBAAc,EAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,uCAAiC;AACjC,uCAAiC;AACjC,iDAAoD;AACpD,2BAAsF;AACtF,+BAA4B;AAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3F,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,uEAAuE,CAAC;KACpF,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,cAAc,EAAE,yCAAyC,CAAC;KACjE,MAAM,CAAC,cAAI,CAAC,CAAC;AAEhB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,gDAAgD,CAAC;KAC7D,QAAQ,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,CAAC;KACvC,MAAM,CAAC,uBAAuB,EAAE,oCAAoC,EAAE,KAAK,CAAC;KAC5E,MAAM,CAAC,0BAA0B,EAAE,kBAAkB,CAAC;KACtD,MAAM,CAAC,yBAAyB,EAAE,qDAAqD,EAAE,KAAK,CAAC;KAC/F,MAAM,CAAC,wBAAwB,EAAE,iDAAiD,EAAE,KAAK,CAAC;KAC1F,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,sBAAsB,EAAE,2BAA2B,EAAE,GAAG,CAAC;KAChE,MAAM,CAAC,cAAI,CAAC,CAAC;AAEhB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yCAAyC,CAAC;KACtD,QAAQ,CAAC,aAAa,EAAE,gCAAgC,CAAC;KACzD,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;KACjD,MAAM,CAAC,uBAAuB,EAAE,0BAA0B,EAAE,KAAK,CAAC;KAClE,MAAM,CAAC,KAAK,EAAE,QAAgB,EAAE,OAAqD,EAAE,EAAE;IACxF,MAAM,IAAA,yBAAc,EAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEL,4BAA4B;AAC5B,MAAM,QAAQ,GAAG,OAAO;KACrB,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,sBAAsB,CAAC,CAAC;AAEvC,QAAQ;KACL,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACnD,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,IAAA,cAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IACnD,IAAI,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,iCAAiC,UAAU,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG;QACpB,YAAY,EAAE,EAAE;QAChB,QAAQ,EAAE;YACR,yBAAyB,EAAE,IAAI;YAC/B,kBAAkB,EAAE,MAAM;SAC3B;KACF,CAAC;IAEF,IAAA,kBAAa,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,WAAW,UAAU,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;AAC9D,CAAC,CAAC,CAAC;AAEL,QAAQ;KACL,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,sCAAsC,CAAC;KACnD,MAAM,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACtD,MAAM,CAAC,eAAe,EAAE,oBAAoB,CAAC;KAC7C,MAAM,CAAC,iBAAiB,EAAE,4CAA4C,CAAC;KACvE,MAAM,CAAC,mBAAmB,EAAE,2CAA2C,CAAC;KACxE,MAAM,CAAC,mBAAmB,EAAE,2BAA2B,CAAC;KACxD,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;IAClB,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEnD,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,IAAA,cAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,MAAM,GAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,yBAAyB,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,EAAE,CAAC;IAClH,IAAI,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;CAejB,CAAC,CAAC;QACG,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG;QACf,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ,EAAE,CAAC;QACX,QAAQ,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAChE,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,IAAI;QACb,eAAe,EAAE,IAAI;KACtB,CAAC;IAEF,yBAAyB;IACzB,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,kBAAkB,QAAQ,CAAC,EAAE,kBAAkB,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAA,kBAAa,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,gBAAgB,QAAQ,CAAC,IAAI,QAAQ,UAAU,EAAE,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,8BAA8B,QAAQ,CAAC,KAAK,yBAAyB,QAAQ,CAAC,QAAQ,MAAM,CAAC,CAAC;AAC5G,CAAC,CAAC,CAAC;AAEL,QAAQ;KACL,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAClE,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,EAAE,aAAa,KAAK,CAAC,KAAK,cAAc,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,QAAQ;KACL,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,uBAAuB,CAAC;KACpC,QAAQ,CAAC,MAAM,EAAE,oBAAoB,CAAC;KACtC,MAAM,CAAC,CAAC,EAAU,EAAE,EAAE;IACrB,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAClE,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,IAAA,kBAAa,EAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEL,QAAQ;KACL,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,qBAAqB,CAAC,CAAC;IAC9E,IAAI,IAAA,eAAU,EAAC,WAAW,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,IAAA,iBAAY,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;CAsBjB,CAAC,CAAC;IACC,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/cli/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA+H9D"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA2I9D"}

package/dist/cli/init.js

@@ -675,6 +675,18 @@ Reports saved to: .coverme/
   - report_YYYY-MM-DD_HH-MM-SS.html
   - scan_YYYY-MM-DD_HH-MM-SS.json
 
+Custom Agents:
+  Add your own security experts to the scan:
+
+  coverme agent add \\
+    --id "john" \\
+    --name "John - Security Expert" \\
+    --phase "discovery" \\
+    --prefix "JOHN" \\
+    --prompt "You are John, a senior security expert..."
+
+  See examples: coverme agent example
+
 The .coverme/ folder is automatically added to .gitignore
 
 ================================================================================

package/dist/cli/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuhBA,oBA+HC;AAtpBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAMzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACvD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,sBAAsB;gBACtB,iBAAiB;gBACjB,cAAc;gBACd,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;CAkBb,CAAC,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuhBA,oBA2IC;AAlqBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAMzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACvD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,sBAAsB;gBACtB,iBAAiB;gBACjB,cAAc;gBACd,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8Bb,CAAC,CAAC;AACH,CAAC"}

package/dist/templates/agents.example.json

@@ -0,0 +1,33 @@
+{
+  "$schema": "./agents.schema.json",
+  "customAgents": [
+    {
+      "id": "john",
+      "name": "John - Senior Security Expert",
+      "phase": "discovery",
+      "priority": 1,
+      "idPrefix": "JOHN",
+      "prompt": "You are John, a senior security expert with 15 years of experience in penetration testing and secure code review.\n\nYour specialty areas:\n- Advanced injection attacks (second-order SQLi, blind XXE)\n- Authentication bypass techniques\n- Business logic exploitation\n- Cloud security (AWS, GCP, Azure misconfigurations)\n\nScan the codebase and find issues that junior scanners might miss.\n\nFor EACH finding, output:\n```json\n{\n  \"id\": \"JOHN-XXX\",\n  \"title\": \"...\",\n  \"severity\": \"critical|high|medium|low\",\n  \"category\": \"security\",\n  \"file\": \"path/to/file\",\n  \"line\": 123,\n  \"code\": \"vulnerable code snippet\",\n  \"description\": \"What is the issue\",\n  \"impact\": \"What an attacker could do\",\n  \"recommendation\": \"How to fix it\",\n  \"confidence\": 85\n}\n```"
+    },
+    {
+      "id": "compliance",
+      "name": "Compliance Checker",
+      "phase": "discovery",
+      "priority": 2,
+      "idPrefix": "COMP",
+      "prompt": "Check for compliance issues:\n- GDPR data handling\n- PCI-DSS requirements for payment data\n- HIPAA for health data\n- SOC2 controls\n\nOutput findings in standard JSON format with id prefix COMP-XXX."
+    },
+    {
+      "id": "custom-validator",
+      "name": "Domain Expert Validator",
+      "phase": "validation",
+      "priority": 1,
+      "idPrefix": "VAL",
+      "prompt": "You understand our specific business domain.\n\nReview findings and mark as false positive if:\n- The 'vulnerability' is actually our intended behavior\n- There's domain-specific context that makes it safe\n- Our architecture already handles this elsewhere\n\nOutput: { confirmed: [...], falsePositives: [{id, reason}] }"
+    }
+  ],
+  "settings": {
+    "runCustomAgentsInParallel": true,
+    "customAgentTimeout": 120000
+  }
+}

package/dist/templates/agents.schema.json

@@ -0,0 +1,75 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "CoverMe Custom Agents Configuration",
+  "type": "object",
+  "properties": {
+    "customAgents": {
+      "type": "array",
+      "description": "List of custom agents to add to the scan",
+      "items": {
+        "type": "object",
+        "required": ["id", "name", "phase", "prompt"],
+        "properties": {
+          "id": {
+            "type": "string",
+            "description": "Unique identifier for the agent (lowercase, no spaces)",
+            "pattern": "^[a-z][a-z0-9-]*$"
+          },
+          "name": {
+            "type": "string",
+            "description": "Display name for the agent"
+          },
+          "phase": {
+            "type": "string",
+            "enum": ["discovery", "validation", "consensus"],
+            "description": "Which phase this agent runs in"
+          },
+          "priority": {
+            "type": "integer",
+            "minimum": 1,
+            "maximum": 10,
+            "default": 5,
+            "description": "Priority within phase (1=first, 10=last)"
+          },
+          "idPrefix": {
+            "type": "string",
+            "pattern": "^[A-Z]{2,6}$",
+            "description": "Prefix for finding IDs (e.g., 'DROR' -> DROR-001)"
+          },
+          "prompt": {
+            "type": "string",
+            "description": "The prompt/instructions for this agent"
+          },
+          "enabled": {
+            "type": "boolean",
+            "default": true,
+            "description": "Whether this agent is active"
+          },
+          "timeout": {
+            "type": "integer",
+            "default": 120000,
+            "description": "Timeout in milliseconds"
+          },
+          "runInBackground": {
+            "type": "boolean",
+            "default": true,
+            "description": "Run this agent in background"
+          }
+        }
+      }
+    },
+    "settings": {
+      "type": "object",
+      "properties": {
+        "runCustomAgentsInParallel": {
+          "type": "boolean",
+          "default": true
+        },
+        "customAgentTimeout": {
+          "type": "integer",
+          "default": 120000
+        }
+      }
+    }
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coverme-scanner",
-  "version": "1.0.23",
+  "version": "1.0.24",
   "description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
   "main": "dist/index.js",
   "bin": {

package/src/cli/index.ts

@@ -4,7 +4,7 @@ import { Command } from 'commander';
 import { init } from './init.js';
 import { scan } from './scan.js';
 import { generateReport } from '../report/index.js';
-import { readFileSync } from 'fs';
+import { readFileSync, writeFileSync, existsSync, mkdirSync, copyFileSync } from 'fs';
 import { join } from 'path';
 
 const pkg = JSON.parse(readFileSync(join(__dirname, '..', '..', 'package.json'), 'utf-8'));
@@ -44,4 +44,185 @@ program
     await generateReport(jsonFile, options.output, options.format || 'pdf');
   });
 
+// Agent management commands
+const agentCmd = program
+  .command('agent')
+  .description('Manage custom agents');
+
+agentCmd
+  .command('init')
+  .description('Create .coverme/agents.json with example custom agents')
+  .action(() => {
+    const covermeDir = join(process.cwd(), '.coverme');
+    if (!existsSync(covermeDir)) {
+      mkdirSync(covermeDir, { recursive: true });
+    }
+
+    const agentsPath = join(covermeDir, 'agents.json');
+    if (existsSync(agentsPath)) {
+      console.log(`agents.json already exists at ${agentsPath}`);
+      console.log('Use "coverme agent add" to add a new agent');
+      return;
+    }
+
+    const exampleAgents = {
+      customAgents: [],
+      settings: {
+        runCustomAgentsInParallel: true,
+        customAgentTimeout: 120000
+      }
+    };
+
+    writeFileSync(agentsPath, JSON.stringify(exampleAgents, null, 2));
+    console.log(`Created ${agentsPath}`);
+    console.log('Use "coverme agent add" to add custom agents');
+  });
+
+agentCmd
+  .command('add')
+  .description('Add a new custom agent interactively')
+  .option('--id <id>', 'Agent ID (lowercase, no spaces)')
+  .option('--name <name>', 'Agent display name')
+  .option('--phase <phase>', 'Phase: discovery, validation, or consensus')
+  .option('--prefix <prefix>', 'Finding ID prefix (2-6 uppercase letters)')
+  .option('--prompt <prompt>', 'Agent prompt/instructions')
+  .action((options) => {
+    const covermeDir = join(process.cwd(), '.coverme');
+    const agentsPath = join(covermeDir, 'agents.json');
+
+    if (!existsSync(covermeDir)) {
+      mkdirSync(covermeDir, { recursive: true });
+    }
+
+    let agents: any = { customAgents: [], settings: { runCustomAgentsInParallel: true, customAgentTimeout: 120000 } };
+    if (existsSync(agentsPath)) {
+      agents = JSON.parse(readFileSync(agentsPath, 'utf-8'));
+    }
+
+    if (!options.id || !options.name || !options.phase || !options.prompt) {
+      console.log(`
+Usage: coverme agent add --id <id> --name <name> --phase <phase> --prefix <prefix> --prompt <prompt>
+
+Example:
+  coverme agent add \\
+    --id "dror" \\
+    --name "Dror - Security Expert" \\
+    --phase "discovery" \\
+    --prefix "DROR" \\
+    --prompt "You are Dror, a security expert. Find advanced vulnerabilities..."
+
+Phases:
+  discovery  - Runs in Phase 1 with security scanners
+  validation - Runs in Phase 2 with validators
+  consensus  - Runs in Phase 3 during consensus building
+`);
+      return;
+    }
+
+    const newAgent = {
+      id: options.id,
+      name: options.name,
+      phase: options.phase,
+      priority: 5,
+      idPrefix: options.prefix || options.id.toUpperCase().slice(0, 4),
+      prompt: options.prompt,
+      enabled: true,
+      runInBackground: true
+    };
+
+    // Check for duplicate ID
+    if (agents.customAgents.some((a: any) => a.id === newAgent.id)) {
+      console.error(`Agent with id "${newAgent.id}" already exists`);
+      return;
+    }
+
+    agents.customAgents.push(newAgent);
+    writeFileSync(agentsPath, JSON.stringify(agents, null, 2));
+    console.log(`Added agent "${newAgent.name}" to ${agentsPath}`);
+    console.log(`This agent will run in the ${newAgent.phase} phase with ID prefix ${newAgent.idPrefix}-XXX`);
+  });
+
+agentCmd
+  .command('list')
+  .description('List all custom agents')
+  .action(() => {
+    const agentsPath = join(process.cwd(), '.coverme', 'agents.json');
+    if (!existsSync(agentsPath)) {
+      console.log('No custom agents configured. Run "coverme agent init" first.');
+      return;
+    }
+
+    const agents = JSON.parse(readFileSync(agentsPath, 'utf-8'));
+    if (!agents.customAgents || agents.customAgents.length === 0) {
+      console.log('No custom agents configured. Use "coverme agent add" to add one.');
+      return;
+    }
+
+    console.log('\nCustom Agents:\n');
+    for (const agent of agents.customAgents) {
+      const status = agent.enabled !== false ? '✓' : '✗';
+      console.log(`  ${status} ${agent.name}`);
+      console.log(`    ID: ${agent.id} | Phase: ${agent.phase} | Prefix: ${agent.idPrefix}`);
+      console.log(`    Prompt: ${agent.prompt.slice(0, 60)}...`);
+      console.log('');
+    }
+  });
+
+agentCmd
+  .command('remove')
+  .description('Remove a custom agent')
+  .argument('<id>', 'Agent ID to remove')
+  .action((id: string) => {
+    const agentsPath = join(process.cwd(), '.coverme', 'agents.json');
+    if (!existsSync(agentsPath)) {
+      console.error('No agents.json found');
+      return;
+    }
+
+    const agents = JSON.parse(readFileSync(agentsPath, 'utf-8'));
+    const idx = agents.customAgents.findIndex((a: any) => a.id === id);
+    if (idx === -1) {
+      console.error(`Agent "${id}" not found`);
+      return;
+    }
+
+    const removed = agents.customAgents.splice(idx, 1)[0];
+    writeFileSync(agentsPath, JSON.stringify(agents, null, 2));
+    console.log(`Removed agent "${removed.name}"`);
+  });
+
+agentCmd
+  .command('example')
+  .description('Show example agent configurations')
+  .action(() => {
+    const examplePath = join(__dirname, '..', 'templates', 'agents.example.json');
+    if (existsSync(examplePath)) {
+      console.log(readFileSync(examplePath, 'utf-8'));
+    } else {
+      console.log(`
+Example agents.json:
+
+{
+  "customAgents": [
+    {
+      "id": "dror",
+      "name": "Dror - Senior Security Expert",
+      "phase": "discovery",
+      "priority": 1,
+      "idPrefix": "DROR",
+      "prompt": "You are Dror, a senior security expert with 15 years of experience..."
+    },
+    {
+      "id": "compliance",
+      "name": "Compliance Checker",
+      "phase": "discovery",
+      "idPrefix": "COMP",
+      "prompt": "Check for GDPR, PCI-DSS, HIPAA, SOC2 compliance issues..."
+    }
+  ]
+}
+`);
+    }
+  });
+
 program.parse();

package/src/cli/init.ts

@@ -656,6 +656,18 @@ Reports saved to: .coverme/
   - report_YYYY-MM-DD_HH-MM-SS.html
   - scan_YYYY-MM-DD_HH-MM-SS.json
 
+Custom Agents:
+  Add your own security experts to the scan:
+
+  coverme agent add \\
+    --id "john" \\
+    --name "John - Security Expert" \\
+    --phase "discovery" \\
+    --prefix "JOHN" \\
+    --prompt "You are John, a senior security expert..."
+
+  See examples: coverme agent example
+
 The .coverme/ folder is automatically added to .gitignore
 
 ================================================================================

package/src/templates/agents.example.json

@@ -0,0 +1,33 @@
+{
+  "$schema": "./agents.schema.json",
+  "customAgents": [
+    {
+      "id": "john",
+      "name": "John - Senior Security Expert",
+      "phase": "discovery",
+      "priority": 1,
+      "idPrefix": "JOHN",
+      "prompt": "You are John, a senior security expert with 15 years of experience in penetration testing and secure code review.\n\nYour specialty areas:\n- Advanced injection attacks (second-order SQLi, blind XXE)\n- Authentication bypass techniques\n- Business logic exploitation\n- Cloud security (AWS, GCP, Azure misconfigurations)\n\nScan the codebase and find issues that junior scanners might miss.\n\nFor EACH finding, output:\n```json\n{\n  \"id\": \"JOHN-XXX\",\n  \"title\": \"...\",\n  \"severity\": \"critical|high|medium|low\",\n  \"category\": \"security\",\n  \"file\": \"path/to/file\",\n  \"line\": 123,\n  \"code\": \"vulnerable code snippet\",\n  \"description\": \"What is the issue\",\n  \"impact\": \"What an attacker could do\",\n  \"recommendation\": \"How to fix it\",\n  \"confidence\": 85\n}\n```"
+    },
+    {
+      "id": "compliance",
+      "name": "Compliance Checker",
+      "phase": "discovery",
+      "priority": 2,
+      "idPrefix": "COMP",
+      "prompt": "Check for compliance issues:\n- GDPR data handling\n- PCI-DSS requirements for payment data\n- HIPAA for health data\n- SOC2 controls\n\nOutput findings in standard JSON format with id prefix COMP-XXX."
+    },
+    {
+      "id": "custom-validator",
+      "name": "Domain Expert Validator",
+      "phase": "validation",
+      "priority": 1,
+      "idPrefix": "VAL",
+      "prompt": "You understand our specific business domain.\n\nReview findings and mark as false positive if:\n- The 'vulnerability' is actually our intended behavior\n- There's domain-specific context that makes it safe\n- Our architecture already handles this elsewhere\n\nOutput: { confirmed: [...], falsePositives: [{id, reason}] }"
+    }
+  ],
+  "settings": {
+    "runCustomAgentsInParallel": true,
+    "customAgentTimeout": 120000
+  }
+}

package/src/templates/agents.schema.json

@@ -0,0 +1,75 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "CoverMe Custom Agents Configuration",
+  "type": "object",
+  "properties": {
+    "customAgents": {
+      "type": "array",
+      "description": "List of custom agents to add to the scan",
+      "items": {
+        "type": "object",
+        "required": ["id", "name", "phase", "prompt"],
+        "properties": {
+          "id": {
+            "type": "string",
+            "description": "Unique identifier for the agent (lowercase, no spaces)",
+            "pattern": "^[a-z][a-z0-9-]*$"
+          },
+          "name": {
+            "type": "string",
+            "description": "Display name for the agent"
+          },
+          "phase": {
+            "type": "string",
+            "enum": ["discovery", "validation", "consensus"],
+            "description": "Which phase this agent runs in"
+          },
+          "priority": {
+            "type": "integer",
+            "minimum": 1,
+            "maximum": 10,
+            "default": 5,
+            "description": "Priority within phase (1=first, 10=last)"
+          },
+          "idPrefix": {
+            "type": "string",
+            "pattern": "^[A-Z]{2,6}$",
+            "description": "Prefix for finding IDs (e.g., 'DROR' -> DROR-001)"
+          },
+          "prompt": {
+            "type": "string",
+            "description": "The prompt/instructions for this agent"
+          },
+          "enabled": {
+            "type": "boolean",
+            "default": true,
+            "description": "Whether this agent is active"
+          },
+          "timeout": {
+            "type": "integer",
+            "default": 120000,
+            "description": "Timeout in milliseconds"
+          },
+          "runInBackground": {
+            "type": "boolean",
+            "default": true,
+            "description": "Run this agent in background"
+          }
+        }
+      }
+    },
+    "settings": {
+      "type": "object",
+      "properties": {
+        "runCustomAgentsInParallel": {
+          "type": "boolean",
+          "default": true
+        },
+        "customAgentTimeout": {
+          "type": "integer",
+          "default": 120000
+        }
+      }
+    }
+  }
+}