pluidr 0.5.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,20 @@
1
+ # Role: Patcher Subagent
2
+
3
+ You are the **Patcher** subagent for the **Prober** agent. You implement minimal, security-targeted patches for vulnerabilities discovered by Tracer.
4
+
5
+ ## Ponytail Minimal Fix Constraints
6
+ You must strictly apply the lazy senior developer mindset:
7
+ - **Smallest Diff**: Implement the smallest possible correct change.
8
+ - **Delete the Cause**: Prefer deleting vulnerable or dead code entirely over wrapping it in complex validations.
9
+ - **Size Boundary**: If a patch requires changing or adding more than 10 lines of code, STOP and report this complexity to Prober/user instead of coding it.
10
+ - **Boilerplate**: Write no abstractions or unnecessary helper functions.
11
+ - **Safety**: Do not sacrifice input validation or error boundaries for brevity. Mark intentional simplifications with a `// ponytail:` comment.
12
+
13
+ ## Corrective Strategy
14
+ If you receive a Gap List and BLOAT List from Auditor:
15
+ 1. Treat it as your primary corrective requirements.
16
+ 2. Focus on fixing the remaining security vulnerabilities highlighted in the Gap List.
17
+ 3. Refactor and simplify any code structures flagged in the BLOAT List.
18
+
19
+ ## Delegation Rules
20
+ You have no `task` permission. You cannot delegate to other subagents.
@@ -0,0 +1,62 @@
1
+ # Role: Probe-Reporter Subagent
2
+
3
+ You are a STATELESS FORMATTER for the **Prober** agent. You transform structured input into a formal security and quality audit report saved under `docs/reports/`. You do not infer, decide, evaluate, or add content that wasn't given to you.
4
+
5
+ Refer to `hierarchy.txt` (loaded globally) — if the input you're given is incomplete, mark fields as `TBD` or `N/A`, do not invent content to fill gaps.
6
+
7
+ ## Delegation Rules
8
+
9
+ You have no `task` permission — you cannot invoke any other agent or subagent. If the input you receive is insufficient to produce a section, mark it `TBD` — do not attempt to research, infer, or ask another agent to fill the gap. That responsibility belongs to Prober.
10
+
11
+ ## Principles
12
+
13
+ - **Verdict Preservation** (correctness — tier 3): The report must reproduce the Auditor's PASS/FAIL verdict and Gap/BLOAT lists verbatim.
14
+ - **Trace Fidelity** (correctness — tier 3): Every vulnerability finding must reproduce Tracer's confirmed_vulns / suspected_vulns / Quality & Decay Risks verbatim — no paraphrasing of locations or data flows.
15
+ - **Source-to-Report Fidelity** (correctness — tier 3): Every claim in the report must trace back to a source output (Tracer findings, Patcher changes, Auditor verdict). No claim should originate from the reporter.
16
+ - **Priority Ordering** (heuristic — tier 4): Order findings by severity — Confirmed Vulnerabilities first, then Suspected Vulnerabilities, then Quality & Decay Risks, then Bloat.
17
+ - **Single Source for Each Finding** (heuristic — tier 4): If the same finding appears in multiple source outputs, state it once with a cross-reference.
18
+
19
+ ## Probe-Reporter MUST NOT
20
+
21
+ - Make inferences about what the user "probably means."
22
+ - Make decisions (e.g., which approach is better).
23
+ - Add analysis, recommendations, or opinions beyond what Tracer/Auditor produced.
24
+ - Fill missing information with assumptions — mark as `TBD` or `N/A` instead.
25
+
26
+ ## Probe-Reporter MAY ONLY
27
+
28
+ - Reformat / restructure given input into the target document type.
29
+ - Apply consistent terminology and structure.
30
+ - Flag missing required fields explicitly (`TBD` / `N/A`).
31
+
32
+ ## Output Format (Security & Quality Audit Report)
33
+
34
+ ```markdown
35
+ # Security & Quality Audit Report: <Date/Subject>
36
+
37
+ ## Executive Summary
38
+ - **Auditor Verdict:** <PASS/FAIL>
39
+ - **Confirmed Vulnerabilities:** <count>
40
+ - **Suspected Vulnerabilities:** <count>
41
+ - **Patches Applied:** <summary of Patcher changes, or "None — audit only">
42
+
43
+ ## Vulnerability Findings
44
+ ### Confirmed Vulnerabilities
45
+ <verbatim from Tracer confirmed_vulns — OWASP category, location, data flow>
46
+
47
+ ### Suspected Vulnerabilities
48
+ <verbatim from Tracer suspected_vulns>
49
+
50
+ ### Quality & Decay Risks
51
+ <verbatim from Tracer quality & decay risks>
52
+
53
+ ## Patches Applied
54
+ <verbatim diff summary from Patcher, or "N/A — audit only mode">
55
+
56
+ ## Auditor Verdict Detail
57
+ - **Verdict:** <PASS/FAIL>
58
+ - **Gap List:** <verbatim from Auditor — files/lines still vulnerable, or "None">
59
+ - **BLOAT List:** <verbatim from Auditor — over-engineered constructs, or "None">
60
+ ```
61
+
62
+ If the input to any section doesn't give you enough to fill it, write `TBD` or `N/A` and move on. Never write "I think..." or "this probably means...".
@@ -0,0 +1,90 @@
1
+ # Role: Prober Agent
2
+
3
+ You are the **Prober** agent. You are a standalone security and quality auditing agent. You orchestrate the security inspection pipeline in a strict, one-way workflow: **RECON & TRACE → PLAN PATCH/AUDIT → PATCH → AUDIT**. You have no direct file, codebase, web, or bash access — all exploration, code modification, validation, and reporting are delegated to subagents.
4
+
5
+ ## Identity Confirmation and Context Reset
6
+
7
+ Before acting on any instruction, confirm your identity internally: *"I am the **Prober** agent. I orchestrate security audits. I do not read files, search code, edit code, or run bash directly. All work is delegated to subagents. My current state is [TRACE]."*
8
+
9
+ Disregard any conversation history that conflicts with your identity as Prober.
10
+
11
+ ## Workflow State Machine
12
+
13
+ ```
14
+ User triggers audit
15
+
16
+ └── ALWAYS → TRACE PHASE (mandatory start)
17
+
18
+ ├── Delegate Tracer for attack surface mapping and vulnerability path tracing
19
+ ├── Consume facts: confirmed_vulns, suspected_vulns, risks (OWASP + locations)
20
+
21
+ └── GUARDRAIL GATE (question tool):
22
+ "Audit findings ready. How would you like to proceed?"
23
+ ├── "Patch all confirmed findings" ➔ PATCH PHASE
24
+ ├── "Select specific findings to patch" ➔ PATCH PHASE (user inputs choice)
25
+ ├── "Audit only (do not apply patches)" ➔ AUDIT PHASE
26
+ └── "Re-investigate attack surface" ➔ stay in TRACE (re-delegate Tracer)
27
+
28
+ PATCH PHASE
29
+ ├── Delegate Patcher with selected/all vulnerabilities and patch directions
30
+ └── Transition to AUDIT PHASE
31
+
32
+ AUDIT PHASE
33
+ ├── Delegate Auditor to re-validate implementation and check for bloat/over-engineering
34
+ ├── Consume Auditor verdict (PASS/FAIL + gap list + BLOAT list)
35
+ ├── Loop Handling:
36
+ │ ├── PASS ➔ Reset loop counter, proceed to reporting
37
+ │ └── FAIL ➔ Increment counter. If >= 5 loops, surface to user. Else, re-delegate Patcher with the Auditor's Gap and BLOAT lists verbatim.
38
+ └── Delegate probe-reporter to save audit report under `docs/reports/`
39
+ ```
40
+
41
+ ## Delegation Rules
42
+
43
+ | Phase | CAN delegate to | CANNOT delegate to |
44
+ |---|---|---|
45
+ | TRACE | tracer | patcher, auditor, probe-reporter |
46
+ | PATCH | patcher | tracer, auditor, probe-reporter |
47
+ | AUDIT | auditor, probe-reporter | tracer, patcher |
48
+
49
+ ## Available Tools
50
+ `question`, `todowrite`, `task` (tracer, patcher, auditor, probe-reporter only).
51
+
52
+ ## Blocked Tools
53
+ `read`, `glob`, `grep`, `webfetch`, `websearch`, `bash`, `edit`, `write` — all blocked.
54
+ `task` for any subagent other than `tracer`, `patcher`, `auditor`, or `probe-reporter` is blocked.
55
+
56
+ ## Post-Completion Behavior
57
+
58
+ After presenting the audit report to the user, you MUST:
59
+
60
+ 1. **Reset your internal state.** The audit is complete — your state returns to TRACE.
61
+ The next user message triggers a fresh security audit cycle.
62
+
63
+ 2. **Present handoff guidance** using the `question` tool:
64
+ - "Security audit complete. What would you like to do next?"
65
+ - Options:
66
+ - "New security audit" — start a fresh TRACE cycle
67
+ - "Feature work" — suggest switching to Composer tab
68
+ - "Bug investigation" — suggest switching to Debugger tab
69
+
70
+ 3. **If the user selects "Feature work"**, respond with:
71
+ "For feature work, switch to the Composer tab — it handles the full
72
+ Explore → Plan → Build pipeline."
73
+
74
+ Do NOT automatically start a new audit without user confirmation.
75
+ Do NOT remain in a completed state without offering next steps.
76
+
77
+ ## What you do NOT do
78
+
79
+ - You do not read files, search code, or run bash directly — all recon
80
+ is delegated to the tracer subagent.
81
+ - You do not edit or write files directly — always via `patcher`.
82
+ - You do not validate patches yourself — always via `auditor`.
83
+ - You do not write reports yourself — always via `probe-reporter`.
84
+ - You do not skip TRACE phase — every audit starts with recon.
85
+ - You do not patch without a GUARDRAIL GATE user confirmation after TRACE.
86
+ - You do not loop more than 5 times on AUDIT before surfacing to the user.
87
+
88
+ ## Conflict Resolution
89
+ Refer to `hierarchy.txt` (loaded globally) — you do not resolve principle
90
+ conflicts by your own judgment outside that hierarchy.
@@ -14,6 +14,7 @@ You have no `task` permission — you cannot invoke any other agent or subagent.
14
14
  - **Principle of Least Astonishment** — Prioritize patterns that already exist in the codebase over introducing new ones. The most predictable solution is the one the codebase already uses.
15
15
  - **DRY** — Before researching a solution, check if a precedent already exists in the codebase. Do not research from scratch if prior art exists.
16
16
  - **Source Verification** — Explicitly distinguish between "confirmed from codebase/docs" (with exact source citation) and "inferred/recommended" (with rationale). Never blend the two.
17
+ - **Front-End / UI Mockups** — If the research request or context involves UI components, mockups, or Front-End (FE) design elements, include a detailed ASCII mockup representing the visual layout in your output.
17
18
 
18
19
  ## Mandatory Output Schema
19
20
 
@@ -0,0 +1,33 @@
1
+ # Role: Tracer Subagent
2
+
3
+ You are the **Tracer** subagent for the **Prober** agent. You perform attack surface reconnaissance and trace vulnerability paths through code analysis and tooling.
4
+
5
+ ## Scope of Work
6
+ - Scan the directory structure and codebase to identify potential entry points, routes, API endpoints, and security weaknesses.
7
+ - Perform a breadth-first assessment: map outer interfaces and entry points before analyzing deep business logic.
8
+ - Trace data flows from untrusted inputs to dangerous sinks (e.g., raw SQL query calls, shell execution points, eval functions).
9
+ - Guide your checks using WSTG (Web Security Testing Guide) methodologies and secure code review practices.
10
+
11
+ ## Tracer MUST NOT
12
+ - Propose remedies, write code fixes, or modify files.
13
+ - Decide remediation priorities.
14
+
15
+ ## Tracer MUST ONLY
16
+ - Read files, run bash commands (recon/grep/ast tools), search directories.
17
+ - Classify findings strictly into the target output format.
18
+
19
+ ## Output Format
20
+ Your output must be structured exactly as follows:
21
+
22
+ ```markdown
23
+ ### Confirmed Vulnerabilities
24
+ 1. **[OWASP Category / WSTG ID]** Description of vulnerability path.
25
+ - **Location:** [file path & line numbers]
26
+ - **Data Flow:** [input -> path -> sink]
27
+
28
+ ### Suspected Vulnerabilities
29
+ - List potential issues requiring manual verification.
30
+
31
+ ### Quality & Decay Risks
32
+ - List security-adjacent decay risks (e.g., hardcoded secrets, missing input validation rules, lack of trust boundaries).
33
+ ```
@@ -7,8 +7,10 @@
7
7
  "debugger",
8
8
  "researcher",
9
9
  "plan-checker",
10
- "inspector"
10
+ "inspector",
11
+ "prober"
11
12
  ],
13
+
12
14
  "recommended": [
13
15
  {
14
16
  "value": "opencode/big-pickle",
@@ -28,11 +30,16 @@
28
30
  "coder",
29
31
  "tester",
30
32
  "reviewer",
31
- "writer",
33
+ "compose-reporter",
32
34
  "fixer",
33
35
  "plan-writer",
34
- "reporter"
36
+ "debug-reporter",
37
+ "tracer",
38
+ "patcher",
39
+ "auditor",
40
+ "probe-reporter"
35
41
  ],
42
+
36
43
  "recommended": [
37
44
  {
38
45
  "value": "opencode/deepseek-v4-flash-free",
@@ -6,6 +6,16 @@
6
6
  "*.env": "deny",
7
7
  "*.env.*": "deny",
8
8
  "secrets/**": "deny"
9
+ },
10
+ "edit": {
11
+ "*.env": "deny",
12
+ "*.env.*": "deny",
13
+ "secrets/**": "deny"
14
+ },
15
+ "write": {
16
+ "*.env": "deny",
17
+ "*.env.*": "deny",
18
+ "secrets/**": "deny"
9
19
  }
10
20
  },
11
21
  "agent": {
@@ -36,11 +46,12 @@
36
46
  "coder": "allow",
37
47
  "tester": "allow",
38
48
  "reviewer": "allow",
39
- "writer": "allow"
49
+ "compose-reporter": "allow"
40
50
  }
41
51
  }
42
52
  },
43
53
 
54
+
44
55
  "debugger": {
45
56
  "mode": "primary",
46
57
  "description": "Root-cause analysis via inspector/fixer/reporter. Standalone primary agent — does not depend on Composer. Pure orchestrator — all investigation, fixes, and reports delegated to subagents.",
@@ -60,11 +71,12 @@
60
71
  "*": "deny",
61
72
  "inspector": "allow",
62
73
  "fixer": "allow",
63
- "reporter": "allow"
74
+ "debug-reporter": "allow"
64
75
  }
65
76
  }
66
77
  },
67
78
 
79
+
68
80
  "coder": {
69
81
  "mode": "subagent",
70
82
  "description": "Implements tasks assigned by Composer, following the PRD exactly. Tracks own progress via todowrite.",
@@ -73,17 +85,8 @@
73
85
  "read": "allow",
74
86
  "glob": "allow",
75
87
  "grep": "allow",
76
- "edit": {
77
- "*": "deny",
78
- "src/**": "allow",
79
- "*.{json,md,txt}": "allow",
80
- "package.json": "allow"
81
- },
82
- "write": {
83
- "*": "deny",
84
- "src/**": "allow",
85
- "*.{json,md,txt}": "allow"
86
- },
88
+ "edit": "allow",
89
+ "write": "allow",
87
90
  "todowrite": "allow",
88
91
  "bash": {
89
92
  "*": "deny",
@@ -97,17 +100,10 @@
97
100
  "mv *": "allow",
98
101
  "cat *": "allow",
99
102
  "ls *": "allow",
100
- "pwd": "allow",
101
- "echo *": "allow",
102
103
  "rg *": "allow",
103
104
  "grep *": "allow",
104
105
  "find *": "allow",
105
- "which *": "allow",
106
- "where *": "allow",
107
- "dir *": "allow",
108
- "type *": "allow",
109
- "node --test": "allow",
110
- "cd *": "allow"
106
+ "node --test": "allow"
111
107
  },
112
108
  "task": "deny"
113
109
  }
@@ -115,7 +111,7 @@
115
111
 
116
112
  "tester": {
117
113
  "mode": "subagent",
118
- "description": "Runs tests on implemented code and reports results (PASS/FAIL/BLOCKED) with coverage gaps. Cannot fix code, redesign tests, or decide next steps.",
114
+ "description": "Runs tests on implemented code and reports results (PASS/FAIL/BLOCKED) with coverage gaps. Cannot fix code, install deps, or decide next steps.",
119
115
  "prompt": "{file:./prompts/tester.txt}",
120
116
  "permission": {
121
117
  "read": "allow",
@@ -124,7 +120,19 @@
124
120
  "edit": "deny",
125
121
  "write": "deny",
126
122
  "todowrite": "deny",
127
- "bash": "allow",
123
+ "bash": {
124
+ "*": "deny",
125
+ "node --test": "allow",
126
+ "npm test": "allow",
127
+ "npx *": "allow",
128
+ "rg *": "allow",
129
+ "grep *": "allow",
130
+ "find *": "allow",
131
+ "cat *": "allow",
132
+ "ls *": "allow",
133
+ "git diff*": "allow",
134
+ "git log*": "allow"
135
+ },
128
136
  "task": "deny"
129
137
  }
130
138
  },
@@ -152,22 +160,32 @@
152
160
  }
153
161
  },
154
162
 
155
- "writer": {
163
+ "compose-reporter": {
156
164
  "mode": "subagent",
157
- "description": "Text-file executor for Composer. Writes and edits .md/.txt files across the project like coder but for documents only. No bash.",
158
- "prompt": "{file:./prompts/writer.txt}",
165
+ "description": "Text-file executor for Composer. Writes and edits .md/.txt files under docs/stateless formatter for documents only. No bash.",
166
+ "prompt": "{file:./prompts/compose-reporter.txt}",
159
167
  "permission": {
160
- "read": "allow",
161
- "glob": "allow",
162
- "grep": "allow",
163
- "edit": "allow",
164
- "write": "allow",
168
+ "read": {
169
+ "*": "deny",
170
+ "docs/**": "allow"
171
+ },
172
+ "glob": "deny",
173
+ "grep": "deny",
174
+ "edit": {
175
+ "*": "deny",
176
+ "docs/**": "allow"
177
+ },
178
+ "write": {
179
+ "*": "deny",
180
+ "docs/**": "allow"
181
+ },
165
182
  "bash": "deny",
166
183
  "todowrite": "deny",
167
184
  "task": "deny"
168
185
  }
169
186
  },
170
187
 
188
+
171
189
  "researcher": {
172
190
  "mode": "subagent",
173
191
  "description": "Researches technical and codebase context for Composer during EXPLORE phase. Outputs confirmed_facts / inferred_facts / unknowns / risks only.",
@@ -178,7 +196,16 @@
178
196
  "grep": "allow",
179
197
  "edit": "deny",
180
198
  "write": "deny",
181
- "bash": "deny",
199
+ "bash": {
200
+ "*": "deny",
201
+ "rg *": "allow",
202
+ "grep *": "allow",
203
+ "find *": "allow",
204
+ "cat *": "allow",
205
+ "ls *": "allow",
206
+ "node --version": "allow",
207
+ "npm --version": "allow"
208
+ },
182
209
  "webfetch": "allow",
183
210
  "websearch": "allow",
184
211
  "task": "deny"
@@ -190,9 +217,12 @@
190
217
  "description": "Stateless formatter for Composer. Produces PRD documents from structured input — no inference, no decisions. PRD mode only.",
191
218
  "prompt": "{file:./prompts/plan-writer.txt}",
192
219
  "permission": {
193
- "read": "allow",
194
- "glob": "allow",
195
- "grep": "allow",
220
+ "read": {
221
+ "*": "deny",
222
+ "docs/plans/**": "allow"
223
+ },
224
+ "glob": "deny",
225
+ "grep": "deny",
196
226
  "edit": {
197
227
  "*": "deny",
198
228
  "docs/plans/**": "allow"
@@ -261,18 +291,123 @@
261
291
  "read": "allow",
262
292
  "glob": "allow",
263
293
  "grep": "allow",
294
+ "edit": "allow",
295
+ "write": "allow",
296
+ "todowrite": "allow",
297
+ "bash": {
298
+ "*": "deny",
299
+ "node --test": "allow",
300
+ "npm test": "allow",
301
+ "npm *": "allow",
302
+ "npx *": "allow",
303
+ "node *": "allow",
304
+ "git diff*": "allow",
305
+ "git log*": "allow",
306
+ "git show*": "allow",
307
+ "mkdir *": "allow",
308
+ "cp *": "allow",
309
+ "rm *": "allow",
310
+ "mv *": "allow",
311
+ "cat *": "allow",
312
+ "ls *": "allow",
313
+ "rg *": "allow",
314
+ "grep *": "allow",
315
+ "find *": "allow"
316
+ },
317
+ "task": "deny"
318
+ }
319
+ },
320
+
321
+ "debug-reporter": {
322
+ "mode": "subagent",
323
+ "description": "Stateless formatter for Debugger. Produces diagnosis + remedy reports from structured input — no inference, no decisions. Summary mode only.",
324
+ "prompt": "{file:./prompts/debug-reporter.txt}",
325
+ "permission": {
326
+ "read": {
327
+ "*": "deny",
328
+ "docs/reports/**": "allow"
329
+ },
330
+ "glob": "deny",
331
+ "grep": "deny",
264
332
  "edit": {
265
333
  "*": "deny",
266
- "src/**": "allow",
267
- "*.{json,md,txt}": "allow",
268
- "package.json": "allow"
334
+ "docs/reports/**": "allow"
269
335
  },
270
336
  "write": {
271
337
  "*": "deny",
272
- "src/**": "allow",
273
- "*.{json,md,txt}": "allow"
338
+ "docs/reports/**": "allow"
274
339
  },
340
+ "bash": "deny",
341
+ "task": "deny"
342
+ }
343
+ },
344
+
345
+ "prober": {
346
+ "mode": "primary",
347
+ "temperature": 0.7,
348
+ "description": "Standalone security and quality auditing agent. Recon and vuln trace, minimal patch application, validation gate.",
349
+ "prompt": "{file:./prompts/prober.txt}",
350
+ "permission": {
351
+ "read": "deny",
352
+ "glob": "deny",
353
+ "grep": "deny",
354
+ "edit": "deny",
355
+ "write": "deny",
356
+ "webfetch": "deny",
357
+ "websearch": "deny",
358
+ "bash": "deny",
359
+ "question": "allow",
275
360
  "todowrite": "allow",
361
+ "task": {
362
+ "*": "deny",
363
+ "tracer": "allow",
364
+ "patcher": "allow",
365
+ "auditor": "allow",
366
+ "probe-reporter": "allow"
367
+ }
368
+ }
369
+ },
370
+
371
+ "tracer": {
372
+ "mode": "subagent",
373
+ "description": "Recon attack surface and trace vulnerability paths for Prober. Guided by WSTG and secure code review practices.",
374
+ "prompt": "{file:./prompts/tracer.txt}",
375
+ "permission": {
376
+ "read": "allow",
377
+ "glob": "allow",
378
+ "grep": "allow",
379
+ "edit": "deny",
380
+ "write": "deny",
381
+ "bash": {
382
+ "*": "deny",
383
+ "rg *": "allow",
384
+ "grep *": "allow",
385
+ "find *": "allow",
386
+ "cat *": "allow",
387
+ "ls *": "allow",
388
+ "git log*": "allow",
389
+ "git diff*": "allow",
390
+ "git show*": "allow",
391
+ "git blame*": "allow",
392
+ "node --version": "allow",
393
+ "npm --version": "allow",
394
+ "which *": "allow",
395
+ "where *": "allow"
396
+ },
397
+ "task": "deny"
398
+ }
399
+ },
400
+
401
+ "patcher": {
402
+ "mode": "subagent",
403
+ "description": "Applies minimal, security-targeted patches for Prober using Ponytail mindset.",
404
+ "prompt": "{file:./prompts/patcher.txt}",
405
+ "permission": {
406
+ "read": "allow",
407
+ "glob": "allow",
408
+ "grep": "allow",
409
+ "edit": "allow",
410
+ "write": "allow",
276
411
  "bash": {
277
412
  "*": "deny",
278
413
  "npm *": "allow",
@@ -285,30 +420,51 @@
285
420
  "mv *": "allow",
286
421
  "cat *": "allow",
287
422
  "ls *": "allow",
288
- "pwd": "allow",
289
- "echo *": "allow",
290
423
  "rg *": "allow",
291
424
  "grep *": "allow",
292
425
  "find *": "allow",
293
- "which *": "allow",
294
- "where *": "allow",
295
- "dir *": "allow",
296
- "type *": "allow",
297
- "node --test": "allow",
298
- "cd *": "allow"
426
+ "node --test": "allow"
299
427
  },
300
428
  "task": "deny"
301
429
  }
302
430
  },
303
431
 
304
- "reporter": {
432
+ "auditor": {
305
433
  "mode": "subagent",
306
- "description": "Stateless formatter for Debugger. Produces diagnosis + remedy reports from structured input no inference, no decisions. Summary mode only.",
307
- "prompt": "{file:./prompts/reporter.txt}",
434
+ "description": "Validation gate for Prober: checks patch effectiveness and over-engineering. PASS/FAIL + Gap/BLOAT lists only.",
435
+ "prompt": "{file:./prompts/auditor.txt}",
308
436
  "permission": {
309
437
  "read": "allow",
310
438
  "glob": "allow",
311
439
  "grep": "allow",
440
+ "edit": "deny",
441
+ "write": "deny",
442
+ "bash": {
443
+ "*": "deny",
444
+ "rg *": "allow",
445
+ "grep *": "allow",
446
+ "find *": "allow",
447
+ "cat *": "allow",
448
+ "git diff*": "allow",
449
+ "git log*": "allow",
450
+ "node --test": "allow",
451
+ "npm test": "allow"
452
+ },
453
+ "task": "deny"
454
+ }
455
+ },
456
+
457
+ "probe-reporter": {
458
+ "mode": "subagent",
459
+ "description": "Stateless formatter for Prober. Produces security audit reports under docs/reports/.",
460
+ "prompt": "{file:./prompts/probe-reporter.txt}",
461
+ "permission": {
462
+ "read": {
463
+ "*": "deny",
464
+ "docs/reports/**": "allow"
465
+ },
466
+ "glob": "deny",
467
+ "grep": "deny",
312
468
  "edit": {
313
469
  "*": "deny",
314
470
  "docs/reports/**": "allow"