Skip to content

Add security-reviewer subagent #51

Description

@thomas-bartlett

Goal

A security-reviewer subagent that uses the CodeGuard rules to search a
repository for violations and reports findings as SARIF.

Behaviour

  1. Detect languages present in the repo and select the applicable rules.
  2. For each selected rule: load it, search the repo for violations, collect
    candidate hits.
  3. Triage each candidate in context (confirmed / false-positive /
    needs-human); re-verify every cited file:line.
  4. Write SARIF 2.1.0 to a findings file; return the file path and a short
    human summary listing which rules were checked.

v1 acceptance

  • sources/agents/security-reviewer/AGENT.md
  • references/rules/ and references/lang-rules.json available to the
    agent at runtime
  • Wired into the converter and emitted to dist/
  • Smoke test against 2-3 known-vulnerable snippets

Constraints

  • Must not modify repository source; the findings file is the only write
  • Author the core (name, description, body) to be portable across agent
    hosts; omit model; platform-specific frontmatter is additive

Out of scope for v1

Deterministic pre-scan script · enforcement hooks · false-positive
suppression · diff-scoped mode.

Refs

Discussion #36 ·
Subagent docs ·
Agent Skills spec

Metadata

Metadata

Labels

enhancementNew feature or request

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions