erosolar-cli 2.0.5 → 2.1.2

package/agents/erosolar-security.rules.json

@@ -0,0 +1,147 @@
+{
+  "$schema": "../src/contracts/schemas/agent-rules.schema.json",
+  "contractVersion": "1.0.0",
+  "profile": "erosolar-security",
+  "version": "2024-11-24",
+  "label": "Erosolar Security Agent Rulebook",
+  "description": "Guardrails for security-focused workflows in controlled environments. Emphasizes auditable planning, explicit scoping, and non-destructive defaults.",
+  "globalPrinciples": [
+    {
+      "id": "sec.scope_and_intent",
+      "summary": "Always confirm scope, targets, and authorization before proposing offensive actions. Default to lab/simulation unless explicitly stated otherwise.",
+      "severity": "critical"
+    },
+    {
+      "id": "sec.audit_trail",
+      "summary": "Narrate intent before each tool use and summarize results after. Keep steps reproducible and bounded.",
+      "severity": "required"
+    },
+    {
+      "id": "sec.non_destructive_default",
+      "summary": "Avoid destructive changes. Prefer read-only enumeration, simulation, and offline planning unless explicitly permitted.",
+      "severity": "critical"
+    },
+    {
+      "id": "sec.data_minimization",
+      "summary": "Collect only what is needed to advance the engagement plan. Do not exfiltrate bulk data.",
+      "severity": "required"
+    },
+    {
+      "id": "sec.evidence_based",
+      "summary": "Ground all findings in evidence (scan output, logs, file paths). Avoid speculation; ask for missing evidence.",
+      "severity": "critical"
+    },
+    {
+      "id": "sec.validation_path",
+      "summary": "For exploit plans, state preconditions, payload choice rationale, and expected outcomes. Provide rollback/abort steps.",
+      "severity": "required"
+    }
+  ],
+  "phases": [
+    {
+      "id": "recon",
+      "label": "Reconnaissance",
+      "description": "Triage assets, services, and trust boundaries. Identify likely choke points and authentication flows.",
+      "steps": [
+        {
+          "id": "step.enumerate",
+          "title": "Enumerate assets",
+          "intent": "Enumerate assets and entry points; cluster by network segment and auth surface.",
+          "rules": [
+            {
+              "id": "rule.recon.scope",
+              "summary": "Confirm target scope before scanning. Use read-only tools by default.",
+              "severity": "critical"
+            }
+          ]
+        },
+        {
+          "id": "step.prioritize",
+          "title": "Prioritize targets",
+          "intent": "Prioritize paths with high privilege gain vs. detection risk.",
+          "rules": [
+            {
+              "id": "rule.recon.evidence",
+              "summary": "Document findings with evidence (scan output, service versions).",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "attack_graph",
+      "label": "Attack Graph",
+      "description": "Construct and refine attack paths before execution.",
+      "steps": [
+        {
+          "id": "step.model",
+          "title": "Model attack paths",
+          "intent": "Model nodes (assets/identities) and edges (exploits/misconfigs).",
+          "rules": [
+            {
+              "id": "rule.graph.validation",
+              "summary": "Use attack_path_search to rank viable paths with cost/reward/detection trade-offs.",
+              "severity": "required"
+            }
+          ]
+        },
+        {
+          "id": "step.select",
+          "title": "Select paths",
+          "intent": "Select top candidates and define validation checkpoints.",
+          "rules": [
+            {
+              "id": "rule.graph.checkpoint",
+              "summary": "Define validation checkpoints and abort criteria for each path.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "payload_selection",
+      "label": "Payload Selection",
+      "description": "Schedule payloads to maximize signal with minimal risk.",
+      "steps": [
+        {
+          "id": "step.schedule",
+          "title": "Schedule payloads",
+          "intent": "Use payload_scheduler with recent outcomes to rank payloads.",
+          "rules": [
+            {
+              "id": "rule.payload.noise",
+              "summary": "Prefer low-noise probes first; escalate only if needed.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "reporting",
+      "label": "Reporting",
+      "description": "Document findings, evidence, and mitigations.",
+      "steps": [
+        {
+          "id": "step.document",
+          "title": "Document findings",
+          "intent": "Capture reproduction steps and affected assets.",
+          "rules": [
+            {
+              "id": "rule.report.evidence",
+              "summary": "Include reproduction steps, evidence, and affected assets.",
+              "severity": "required"
+            },
+            {
+              "id": "rule.report.mitigations",
+              "summary": "List mitigations, compensating controls, and detection guidance.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

package/dist/capabilities/enhancedAnalysisCapability.d.ts

@@ -0,0 +1,13 @@
+import type { CapabilityContribution, CapabilityContext, CapabilityModule } from '../runtime/agentHost.js';
+export interface EnhancedAnalysisCapabilityOptions {
+    workingDir?: string;
+    id?: string;
+    description?: string;
+}
+export declare class EnhancedAnalysisCapabilityModule implements CapabilityModule {
+    readonly id = "capability.enhanced-analysis";
+    private readonly options;
+    constructor(options?: EnhancedAnalysisCapabilityOptions);
+    create(context: CapabilityContext): Promise<CapabilityContribution>;
+}
+//# sourceMappingURL=enhancedAnalysisCapability.d.ts.map

package/dist/capabilities/enhancedAnalysisCapability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enhancedAnalysisCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/enhancedAnalysisCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3G,MAAM,WAAW,iCAAiC;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,gCAAiC,YAAW,gBAAgB;IACvE,QAAQ,CAAC,EAAE,kCAAkC;IAC7C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoC;gBAEhD,OAAO,GAAE,iCAAsC;IAIrD,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAW1E"}

package/dist/capabilities/enhancedAnalysisCapability.js

@@ -0,0 +1,20 @@
+import { enhancedAnalysisTools } from '../tools/enhancedAnalysisTools.js';
+export class EnhancedAnalysisCapabilityModule {
+    id = 'capability.enhanced-analysis';
+    options;
+    constructor(options = {}) {
+        this.options = options;
+    }
+    async create(context) {
+        const workingDir = this.options.workingDir ?? context.workingDir;
+        return {
+            id: this.options.id ?? 'enhanced-analysis.tools',
+            description: this.options.description ?? 'Advanced reasoning, hypothesis testing, and deep multi-causal bug analysis for comprehensive problem-solving.',
+            toolSuite: enhancedAnalysisTools,
+            metadata: {
+                workingDir,
+            },
+        };
+    }
+}
+//# sourceMappingURL=enhancedAnalysisCapability.js.map

package/dist/capabilities/enhancedAnalysisCapability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enhancedAnalysisCapability.js","sourceRoot":"","sources":["../../src/capabilities/enhancedAnalysisCapability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAQ1E,MAAM,OAAO,gCAAgC;IAClC,EAAE,GAAG,8BAA8B,CAAC;IAC5B,OAAO,CAAoC;IAE5D,YAAY,UAA6C,EAAE;QACzD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QACjE,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,yBAAyB;YAChD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,+GAA+G;YACxJ,SAAS,EAAE,qBAAqB;YAChC,QAAQ,EAAE;gBACR,UAAU;aACX;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/capabilities/offsecOpsCapability.d.ts

@@ -0,0 +1,6 @@
+import type { CapabilityContribution, CapabilityContext, CapabilityModule } from '../runtime/agentHost.js';
+export declare class OffsecOperationsCapabilityModule implements CapabilityModule {
+    readonly id = "capability.offsec.operations";
+    create(context: CapabilityContext): Promise<CapabilityContribution>;
+}
+//# sourceMappingURL=offsecOpsCapability.d.ts.map

package/dist/capabilities/offsecOpsCapability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"offsecOpsCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/offsecOpsCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3G,qBAAa,gCAAiC,YAAW,gBAAgB;IACvE,QAAQ,CAAC,EAAE,kCAAkC;IAEvC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAe1E"}

package/dist/capabilities/offsecOpsCapability.js

@@ -0,0 +1,20 @@
+import { createOffsecOperationsTools } from '../tools/offsec/offsecOperationsTools.js';
+export class OffsecOperationsCapabilityModule {
+    id = 'capability.offsec.operations';
+    async create(context) {
+        return {
+            id: 'offsec.operations',
+            description: 'Offensive operations tool suite (nmap, dirbust, sqlmap, cracking, payload generation, exploit search).',
+            toolSuite: {
+                id: 'offsec-operations',
+                description: 'Offensive security operations',
+                tools: createOffsecOperationsTools(),
+            },
+            metadata: {
+                workingDir: context.workingDir,
+                scope: 'offensive-security',
+            },
+        };
+    }
+}
+//# sourceMappingURL=offsecOpsCapability.js.map

package/dist/capabilities/offsecOpsCapability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"offsecOpsCapability.js","sourceRoot":"","sources":["../../src/capabilities/offsecOpsCapability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAC;AAEvF,MAAM,OAAO,gCAAgC;IAClC,EAAE,GAAG,8BAA8B,CAAC;IAE7C,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,OAAO;YACL,EAAE,EAAE,mBAAmB;YACvB,WAAW,EAAE,wGAAwG;YACrH,SAAS,EAAE;gBACT,EAAE,EAAE,mBAAmB;gBACvB,WAAW,EAAE,+BAA+B;gBAC5C,KAAK,EAAE,2BAA2B,EAAE;aACrC;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,oBAAoB;aAC5B;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/capabilities/offsecSearchCapability.d.ts

@@ -0,0 +1,12 @@
+import type { CapabilityContribution, CapabilityContext, CapabilityModule } from '../runtime/agentHost.js';
+/**
+ * Offensive search capability
+ *
+ * Provides offline attack-path search and payload scheduling utilities.
+ * Designed for lab/offline planning—no network operations.
+ */
+export declare class OffsecSearchCapabilityModule implements CapabilityModule {
+    readonly id = "capability.offsec.search";
+    create(context: CapabilityContext): Promise<CapabilityContribution>;
+}
+//# sourceMappingURL=offsecSearchCapability.d.ts.map

package/dist/capabilities/offsecSearchCapability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"offsecSearchCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/offsecSearchCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3G;;;;;GAKG;AACH,qBAAa,4BAA6B,YAAW,gBAAgB;IACnE,QAAQ,CAAC,EAAE,8BAA8B;IAEnC,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAgB1E"}

package/dist/capabilities/offsecSearchCapability.js

@@ -0,0 +1,27 @@
+import { createOffsecSearchTools } from '../tools/offsecSearchTools.js';
+/**
+ * Offensive search capability
+ *
+ * Provides offline attack-path search and payload scheduling utilities.
+ * Designed for lab/offline planning—no network operations.
+ */
+export class OffsecSearchCapabilityModule {
+    id = 'capability.offsec.search';
+    async create(context) {
+        const tools = createOffsecSearchTools();
+        return {
+            id: 'offsec.search',
+            description: 'Attack-graph search and payload scheduling for offensive planning (offline).',
+            toolSuite: {
+                id: 'offsec-search',
+                description: 'Offensive search helpers',
+                tools,
+            },
+            metadata: {
+                workingDir: context.workingDir,
+                scope: 'offline-planning',
+            },
+        };
+    }
+}
+//# sourceMappingURL=offsecSearchCapability.js.map

package/dist/capabilities/offsecSearchCapability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"offsecSearchCapability.js","sourceRoot":"","sources":["../../src/capabilities/offsecSearchCapability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE;;;;;GAKG;AACH,MAAM,OAAO,4BAA4B;IAC9B,EAAE,GAAG,0BAA0B,CAAC;IAEzC,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,MAAM,KAAK,GAAG,uBAAuB,EAAE,CAAC;QACxC,OAAO;YACL,EAAE,EAAE,eAAe;YACnB,WAAW,EAAE,8EAA8E;YAC3F,SAAS,EAAE;gBACT,EAAE,EAAE,eAAe;gBACnB,WAAW,EAAE,0BAA0B;gBACvC,KAAK;aACN;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,kBAAkB;aAC1B;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/capabilities/taoCapability.d.ts

@@ -0,0 +1,6 @@
+import type { CapabilityContribution, CapabilityContext, CapabilityModule } from '../runtime/agentHost.js';
+export declare class TAOCapabilityModule implements CapabilityModule {
+    readonly id = "capability.tao";
+    create(context: CapabilityContext): Promise<CapabilityContribution>;
+}
+//# sourceMappingURL=taoCapability.d.ts.map

package/dist/capabilities/taoCapability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"taoCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/taoCapability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAG3G,qBAAa,mBAAoB,YAAW,gBAAgB;IAC1D,QAAQ,CAAC,EAAE,oBAAoB;IAEzB,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAe1E"}

package/dist/capabilities/taoCapability.js

@@ -0,0 +1,20 @@
+import { createTAOOperationsTools } from '../tools/taoOperations.js';
+export class TAOCapabilityModule {
+    id = 'capability.tao';
+    async create(context) {
+        return {
+            id: 'tao',
+            description: 'Tailored Access Operations - Advanced offensive capabilities for authorized red team operations',
+            toolSuite: {
+                id: 'tao',
+                description: 'TAO operations',
+                tools: createTAOOperationsTools(),
+            },
+            metadata: {
+                workingDir: context.workingDir,
+                scope: 'tao',
+            },
+        };
+    }
+}
+//# sourceMappingURL=taoCapability.js.map

package/dist/capabilities/taoCapability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taoCapability.js","sourceRoot":"","sources":["../../src/capabilities/taoCapability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAErE,MAAM,OAAO,mBAAmB;IACrB,EAAE,GAAG,gBAAgB,CAAC;IAE/B,KAAK,CAAC,MAAM,CAAC,OAA0B;QACrC,OAAO;YACL,EAAE,EAAE,KAAK;YACT,WAAW,EAAE,iGAAiG;YAC9G,SAAS,EAAE;gBACT,EAAE,EAAE,KAAK;gBACT,WAAW,EAAE,gBAAgB;gBAC7B,KAAK,EAAE,wBAAwB,EAAE;aAClC;YACD,QAAQ,EAAE;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,KAAK;aACb;SACF,CAAC;IACJ,CAAC;CACF"}

package/dist/capabilities/toolRegistry.d.ts

@@ -1,4 +1,5 @@
 import type { ToolAvailabilityOption } from '../contracts/v1/toolAccess.js';
+import type { ProfileName } from '../config.js';
 import type { ToolSettings } from '../core/preferences.js';
 import { type SecretName } from '../core/secretStore.js';
 export type ToolToggleId = string;
@@ -18,7 +19,7 @@ export interface ToolLoadWarning {
     secretId?: SecretName;
 }
 export declare function getToolToggleOptions(): ToolToggleOption[];
-export declare function buildEnabledToolSet(saved: ToolSettings | null): Set<ToolToggleId>;
+export declare function buildEnabledToolSet(saved: ToolSettings | null, profile?: ProfileName): Set<ToolToggleId>;
 export declare function evaluateToolPermissions(selection: Set<ToolToggleId>): ToolPermissionSummary;
 export declare function isPluginEnabled(pluginId: string, allowedPluginIds: Set<string>): boolean;
 //# sourceMappingURL=toolRegistry.d.ts.map

package/dist/capabilities/toolRegistry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"toolRegistry.d.ts","sourceRoot":"","sources":["../../src/capabilities/toolRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAyC,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAGhG,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC,MAAM,MAAM,gBAAgB,GAAG,sBAAsB,GAAG;IACtD,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,MAAM,WAAW,qBAAqB;IACpC,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9B,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,YAAY,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,UAAU,CAAC;CACvB;AAUD,wBAAgB,oBAAoB,IAAI,gBAAgB,EAAE,CAEzD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,CA8BjF;AAED,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,qBAAqB,CA+B3F;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAMxF"}
+{"version":3,"file":"toolRegistry.d.ts","sourceRoot":"","sources":["../../src/capabilities/toolRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,EAAyC,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAGhG,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC,MAAM,MAAM,gBAAgB,GAAG,sBAAsB,GAAG;IACtD,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,MAAM,WAAW,qBAAqB;IACpC,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC9B,QAAQ,EAAE,eAAe,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,YAAY,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,UAAU,CAAC;CACvB;AAUD,wBAAgB,oBAAoB,IAAI,gBAAgB,EAAE,CAEzD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,CAoCxG;AAED,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,qBAAqB,CA+B3F;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,OAAO,CAMxF"}

package/dist/capabilities/toolRegistry.js

@@ -8,7 +8,7 @@ const DEFAULT_OPTION_IDS = buildDefaultOptionIds();
 export function getToolToggleOptions() {
     return [...TOOL_OPTIONS];
 }
-export function buildEnabledToolSet(saved) {
+export function buildEnabledToolSet(saved, profile) {
     const enabled = new Set();
     // Always include locked/default core packages to keep the AI flow intact
     for (const id of LOCKED_OPTION_IDS) {
@@ -33,6 +33,11 @@ export function buildEnabledToolSet(saved) {
     for (const id of DEFAULT_OPTION_IDS) {
         enabled.add(id);
     }
+    // Profile-specific defaults
+    if (profile === 'erosolar-security') {
+        enabled.add('development-tools');
+        enabled.add('offensive-security');
+    }
     return enabled;
 }
 export function evaluateToolPermissions(selection) {

package/dist/capabilities/toolRegistry.js.map

@@ -1 +1 @@
-{"version":3,"file":"toolRegistry.js","sourceRoot":"","sources":["../../src/capabilities/toolRegistry.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAmB,MAAM,wBAAwB,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAsBpD,MAAM,aAAa,GAAG,iBAAiB,EAAE,CAAC;AAE1C,MAAM,YAAY,GAAuB,sBAAsB,EAAE,CAAC;AAElE,MAAM,gBAAgB,GAAG,iBAAiB,EAAE,CAAC;AAC7C,MAAM,iBAAiB,GAAG,oBAAoB,EAAE,CAAC;AACjD,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;AAEnD,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAA0B;IAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgB,CAAC;IACxC,yEAAyE;IACzE,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;QAC1C,IAAI,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IACD,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YACrD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,MAAM,CAAC,EAAE;oBACb,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,MAAM,EAAE,gBAAgB;oBACxB,QAAQ,EAAE,MAAM,CAAC,cAAc;iBAChC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;QACH,CAAC;QAED,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,gBAA6B;IAC7E,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,oBAAoB;IAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA8B;IAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,CAAC,EAAE,+BAA+B,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,UAAU,GAAqB;QACnC,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC;KAC1B,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,UAAU,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACxC,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAC1B,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,UAAU,CAAC,cAAc,GAAG,MAAM,CAAC;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,UAAU,CAAC,QAAQ,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC;IAC3B,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC;QACnE,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC;IACpC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC/D,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,eAAe,CAAC,KAAyB;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAmB,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,4CAA4C,KAAK,IAAI,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,KAAmB,CAAC;AAC7B,CAAC"}
+{"version":3,"file":"toolRegistry.js","sourceRoot":"","sources":["../../src/capabilities/toolRegistry.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAmB,MAAM,wBAAwB,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAsBpD,MAAM,aAAa,GAAG,iBAAiB,EAAE,CAAC;AAE1C,MAAM,YAAY,GAAuB,sBAAsB,EAAE,CAAC;AAElE,MAAM,gBAAgB,GAAG,iBAAiB,EAAE,CAAC;AAC7C,MAAM,iBAAiB,GAAG,oBAAoB,EAAE,CAAC;AACjD,MAAM,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;AAEnD,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAA0B,EAAE,OAAqB;IACnF,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgB,CAAC;IACxC,yEAAyE;IACzE,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAClE,KAAK,MAAM,EAAE,IAAI,KAAK,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;QAC1C,IAAI,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IACD,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,KAAK,mBAAmB,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,SAA4B;IAClE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YACrD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,MAAM,CAAC,EAAE;oBACb,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,MAAM,EAAE,gBAAgB;oBACxB,QAAQ,EAAE,MAAM,CAAC,cAAc;iBAChC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;QACH,CAAC;QAED,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,gBAA6B;IAC7E,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,IAAI,GAAG,EAA4B,CAAC;IAChD,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,OAAO,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,oBAAoB;IAC3B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAgB,CAAC;IACpC,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAAC,MAA8B;IAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,CAAC,EAAE,+BAA+B,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,UAAU,GAAqB;QACnC,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC;KAC1B,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,UAAU,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACxC,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAC1B,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,UAAU,CAAC,cAAc,GAAG,MAAM,CAAC;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,UAAU,CAAC,QAAQ,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC;IAC3B,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC;QACnE,UAAU,CAAC,eAAe,GAAG,IAAI,CAAC;IACpC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC/D,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,eAAe,CAAC,KAAyB;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAmB,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,4CAA4C,KAAK,IAAI,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,KAAmB,CAAC;AAC7B,CAAC"}

package/dist/contracts/agent-schemas.json

@@ -259,45 +259,44 @@
 
   "profiles": [
     {
-      "name": "general",
-      "label": "Erosolar",
-      "description": "General-purpose operator with balanced reasoning across research, planning, writing, and coding tasks.",
+      "name": "erosolar-code",
+      "label": "Erosolar Code",
+      "description": "OpenAI-tuned coding specialist optimized for rapid edits with deterministic grounding.",
       "defaultProvider": "openai",
-      "defaultModel": "gpt-5.1",
-      "temperature": 0.2,
+      "defaultModel": "gpt-5.1-codex",
       "systemPrompt": {
-        "type": "rulebook",
-        "template": "{{rulebook}}"
+        "type": "rulebook"
       },
       "rulebook": {
-        "file": "agents/general.rules.json",
+        "file": "agents/erosolar-code.rules.json",
         "version": "2024-11-24",
         "contractVersion": "1.0.0",
-        "description": "Structured rules governing the balanced Erosolar profile."
+        "description": "Deterministic coding workflow guardrails."
       },
       "metadata": {
-        "primaryUseCase": "general-purpose",
-        "tags": ["balanced", "research", "planning", "coding"]
+        "primaryUseCase": "coding",
+        "tags": ["coding", "deterministic", "rapid-edits"]
       }
     },
     {
-      "name": "erosolar-code",
-      "label": "Erosolar Code",
-      "description": "OpenAI-tuned coding specialist optimized for rapid edits with deterministic grounding.",
+      "name": "erosolar-security",
+      "label": "Erosolar Security",
+      "description": "Security-focused operator for adversarial planning and assessments in controlled environments.",
       "defaultProvider": "openai",
-      "defaultModel": "gpt-5.1-codex",
+      "defaultModel": "gpt-5.1",
+      "temperature": 0.1,
       "systemPrompt": {
         "type": "rulebook"
       },
       "rulebook": {
-        "file": "agents/erosolar-code.rules.json",
+        "file": "agents/erosolar-security.rules.json",
         "version": "2024-11-24",
         "contractVersion": "1.0.0",
-        "description": "Deterministic coding workflow guardrails."
+        "description": "Security-focused guardrails and operational constraints."
       },
       "metadata": {
-        "primaryUseCase": "coding",
-        "tags": ["coding", "deterministic", "rapid-edits"]
+        "primaryUseCase": "security",
+        "tags": ["security", "offsec", "assessment"]
       }
     }
   ],

package/dist/contracts/tools.schema.json

@@ -7,9 +7,9 @@
   "description": "Canonical list of capability suites, plugin bindings, and scope declarations for the default runtime.",
   "options": [
     {
-      "id": "default-tools",
-      "label": "Default software engineering tools",
-      "description": "Essential local software engineering + web search tools (always enabled).",
+      "id": "core-tools",
+      "label": "Core Tools (Essential)",
+      "description": "Essential tools for basic CLI operations, file management, and AI functionality (always enabled).",
       "defaultEnabled": true,
       "category": "core",
       "pluginIds": [
@@ -19,6 +19,40 @@
         "tool.glob",
         "tool.learn.exploration",
         "tool.bash.local",
+        "tool.task-management.local",
+        "tool.planning",
+        "tool.interaction.local",
+        "tool.agent-spawning"
+      ],
+      "metadata": {
+        "locked": true,
+        "restartRequired": true
+      }
+    },
+    {
+      "id": "offensive-security",
+      "label": "Offensive Security Tools",
+      "description": "Comprehensive penetration testing and security assessment tools (network recon, web testing, exploitation, password cracking, payload generation). No preconditions required.",
+      "defaultEnabled": true,
+      "category": "security",
+      "pluginIds": [
+        "tool.offsec.exploit-search",
+        "tool.offsec.operations",
+        "tool.tao"
+      ],
+      "metadata": {
+        "locked": false,
+        "restartRequired": false
+      }
+    },
+    {
+      "id": "development-tools",
+      "label": "Software Development Tools",
+      "description": "Essential development tools for coding, testing, and code analysis (always enabled).",
+      "defaultEnabled": true,
+      "category": "development",
+      "pluginIds": [
+        "tool.learn.exploration",
         "tool.repo-checks.local",
         "tool.code-analysis.structural",
         "tool.development.workflow",
@@ -26,16 +60,12 @@
         "tool.refactoring.assistant",
         "tool.dependency.security",
         "tool.testing.coverage",
-        "tool.task-management.local",
-        "tool.planning",
-        "tool.interaction.local",
         "tool.web.local",
-        "tool.agent-spawning",
         "tool.enhanced-git",
         "tool.skills.loader"
       ],
       "metadata": {
-        "locked": true,
+        "locked": false,
         "restartRequired": true
       }
     },

package/dist/core/agent.js

@@ -787,7 +787,7 @@ export class AgentRuntime {
                     const truncated = content.slice(0, toolOutputLimit);
                     const lastNewline = truncated.lastIndexOf('\n');
                     const cutPoint = lastNewline > toolOutputLimit * 0.7 ? lastNewline : toolOutputLimit;
-                    msg.content = truncated.slice(0, cutPoint) + `\n\n[... truncated ${content.length - cutPoint} chars for context recovery ...]`;
+                    msg.content = `${truncated.slice(0, cutPoint)}\n\n[... truncated ${content.length - cutPoint} chars for context recovery ...]`;
                     truncatedCount++;
                 }
             }
@@ -798,7 +798,7 @@ export class AgentRuntime {
                 const truncated = content.slice(0, limit);
                 const lastNewline = truncated.lastIndexOf('\n');
                 const cutPoint = lastNewline > limit * 0.8 ? lastNewline : limit;
-                msg.content = truncated.slice(0, cutPoint) + `\n\n[... truncated for context recovery ...]`;
+                msg.content = `${truncated.slice(0, cutPoint)}\n\n[... truncated for context recovery ...]`;
                 truncatedCount++;
             }
         }
@@ -806,7 +806,7 @@ export class AgentRuntime {
         for (let i = 1; i < systemMessages.length; i++) {
             const sys = systemMessages[i];
             if (sys && sys.content && sys.content.length > toolOutputLimit) {
-                sys.content = sys.content.slice(0, toolOutputLimit) + '\n[... truncated ...]';
+                sys.content = `${sys.content.slice(0, toolOutputLimit)}\n[... truncated ...]`;
                 truncatedCount++;
             }
         }
@@ -846,7 +846,7 @@ export class AgentRuntime {
                 if (msg.role === 'tool' && msg.content) {
                     const content = typeof msg.content === 'string' ? msg.content : JSON.stringify(msg.content);
                     if (content.length > minLimit) {
-                        msg.content = content.slice(0, minLimit) + '\n[... severely truncated ...]';
+                        msg.content = `${content.slice(0, minLimit)}\n[... severely truncated ...]`;
                     }
                 }
             }