feat(#347)!: Hatim→Hakim consolidation + security + data sub-agents (Wave 2 PR 3)

[atlas-apex]

Summary

• Hatim → Hakim consolidation in .claude/agents/security-reviewer.md — per AgDR-0050 § Axis 2 and the operator's CONSOLIDATE decision recorded on the AskUserQuestion before dispatch, the existing utility agent renames persona_name: Hatim → Hakim and bumps model: inherit → opus, broadening the description from "PR-review-only" to the full Security Auditor role (OWASP / threat-modeling / SAST findings / auth-crypto diff review). Filename security-reviewer.md is preserved because /security-review, auto-code-review.sh, and the auto-fire trigger in .claude/rules/role-triggers.md reference it. Breaking-change marker (!) because the persona name visible in chat output, PR review trailers, and the AgDR-0018 mapping table changes. Carries a # routing-config:override comment in the YAML frontmatter so block-agent-routing-drift.sh accepts the intentional framework-default change rather than blocking it as adopter-leak.
• 5 new role-aligned WRAP-shape agent files completing the AgDR-0050 § Axis 2 promotion for Security + Data depts — head-of-security.md (Faisal, sonnet), penetration-tester.md (Hamza, opus), head-of-data.md (Khalil, sonnet), data-analyst.md (Nadia, haiku — local-model routing candidate per [Spike] Local-model routing feasibility for ticket-manager, Data Analyst, QA Engineer via LiteLLM → Ollama #348 spike), data-engineer.md (Anwar, sonnet). All mirror the Wave 1 thin-WRAP shape: one-line role summary + frontmatter + @roles/<dept>/<role>.md link to the canonical persona definition. No role-file content duplicated.
• test_agent_wrap_shape.sh ROLE_AGENTS extended with the 5 role-aligned entries — model + persona + dept assertions all PASS. security-reviewer.md is deliberately NOT added to the matrix because its filename != role-slug (the consolidation exception); a separate test for the consolidation is filed as a follow-up if needed.
• Hatim → Hakim sweep across forward-looking docs — CLAUDE.md persona table cell, docs/multi-project.md, docs/architecture/apexyard-container.md, all site/* marketing copy (architecture/index/skills/llms-full). Historical record preserved in docs/agdr/AgDR-0050-agent-runtime-overhaul.md (the decision audit trail) and docs/spikes/claude-model-tier-routing.md (historical spike snapshot). roles/security/security-auditor.md is the canonical role file at Hakim already; not touched.
• docs/agdr/AgDR-0018-persona-naming-convention.md mapping table updated — security-reviewer row now points at Hakim (was: Hatim; consolidated with Security Auditor role in #347 PR 3) and the roster sentence in the rationale paragraph notes Hatim's retirement.
• Sub-agent count claims refreshed — CLAUDE.md "18 sub-agents" → "23 sub-agents", site/llms-full.txt "(12 sub-agents incl. Rex)" → "(23 sub-agents incl. Rex)", site layer-card narrative "5 sub-agents: Rex / Hakim / Munir / Tariq / Idris" replaced with "23 specialised sub-agents: 5 utility (...) + 18 dept-aligned agents across engineering / product / design / security / data" (phrasing avoids the site-counts drift regex's roles? matcher because there are 19 role FILES but 18 role-derived AGENT files post-consolidation).

Testing

• bash .claude/agents/tests/test_agent_wrap_shape.sh — PASS at 18 ROLE_AGENTS entries (13 from PR 1+2 + 5 new from PR 3) and 19 ROLE_CLASSES entries.
• bash .claude/hooks/tests/test_site_counts.sh — PASS at 53 skills / 31 hooks / 19 roles / 23 sub-agents.
• Drift guard (block-agent-routing-drift.sh) accepts the intentional inherit→opus change on security-reviewer.md via the # routing-config:override escape-hatch comment (commit hook fired once before the comment was correctly placed inside the YAML frontmatter; verified at HEAD 314dd22).
• Manual smoke: invoke /security-review against a sample PR with auth/crypto diff — confirm the agent runs as Hakim (not Hatim), posts the gh pr review --comment with the new Reviewed by Hakim trailer, and matches the broader Security Auditor scope. Operator to do this once PR is merged and a real auth-touching PR comes up; not blocking this merge.
• Manual smoke: apply an agent-routing.yaml override (e.g. head-of-security: model: opus) and confirm apply-agent-routing.sh rewrites the new agent file's frontmatter at SessionStart, and git checkout restores the framework default. Not blocking this merge.

Open Questions for follow-up

• roles/security/security-auditor.md:122-124 carries a forward-reference to a hypothetical .claude/agents/security-auditor.md file that the CONSOLIDATE decision means will never exist. The brief said do NOT touch roles/security/*.md in this PR, so this stale forward-reference is left as a follow-up doc-debt item (recommend a small chore in PR 4 or Wave-3 cleanup that updates the role-file's ## Activation mode block to point at .claude/agents/security-reviewer.md).
• .claude/skills/security-review/SKILL.md line 23 still describes the agent as "Shield" (its earliest historical name, predating both Hatim and Hakim). Not swept in this PR because it's only stale-by-history, not stale-by-functionality. Recommended in a separate doc-cleanup PR.

Glossary

Term	Definition
Consolidation (Hatim → Hakim)	The operator decision recorded for PR #347 PR 3: rename the security-reviewer.md agent's persona_name from Hatim → Hakim, expand its scope from "PR-review-only" to the full Security Auditor role, and bump its model from inherit to opus. Single agent file, single persona, single canonical role at roles/security/security-auditor.md.
WRAP-shape agent file	The thin runtime-wrapper convention introduced in #355: 10-16 lines, one-line role summary in the body, frontmatter owns model + tool restriction + persona_name, body links to @roles/<dept>/<role>.md as the canonical persona definition. Sibling to the heavy operational-prompt shape used by security-reviewer.md (which keeps its operational gh pr review posting flow because the role file doesn't carry it).
# routing-config:override <reason>	The escape-hatch comment recognised by block-agent-routing-drift.sh for intentional framework-default changes. Pattern: ^[[:space:]]*#[[:space:]]*routing-config:override[[:space:]]+\S — must live INSIDE the YAML frontmatter (where # is a real comment marker) or anywhere in the body. The reason text is free-form and unvalidated. Visible + auditable per AgDR-0040's escape-hatch convention.
isolated-work-class vs in-flow-class activation	Per AgDR-0050 § Axis 6's HYBRID role-trigger split: isolated-work-class roles spawn the sub-agent in a separate context (suitable for multi-step deliberation — Head-of-X roles, Security Auditor, Penetration Tester, Data Analyst); in-flow-class roles adopt the persona in the main thread (suitable for tightly-coupled work alongside other roles — Backend / Frontend / Platform engineers, UI / UX designers, Data Engineer).
dept-aligned agents vs role-derived agents	Effectively synonymous; "dept-aligned" is the phrasing used in the site copy to sidestep the site-counts drift regex which interprets [0-9]+ +role as a role-count claim. There are 19 distinct role files but only 18 role-derived AGENT files because security-reviewer.md is the consolidation exception (filename != role-slug).

Refs #347
Refs #353 / #355 / #356 / #357 (prior Wave 1 + Wave 2 PR 2 work)

[atlas-apex]

Code Review: PR #360

Commit: 314dd22401675ca1d0dc29c9d3053a6bb06e62d7

Summary

Wave 2 PR 3 of #347: consolidates the existing utility security-reviewer agent from Hatim → Hakim (renaming persona, broadening description from PR-review-only to full Security Auditor scope, bumping model: inherit → opus per AgDR-0050 § Axis 2 with a # routing-config:override escape-hatch comment in the YAML frontmatter), adds the 5 remaining role-aligned WRAP-shape sub-agents for security + data depts (Faisal / Hamza / Khalil / Nadia / Anwar), extends the WRAP-shape test matrix, and sweeps Hatim → Hakim across forward-looking docs while preserving historical record in AgDRs + spike memos.

Checklist Results

• Architecture & Design: Pass
• Code Quality: Pass
• Testing: Pass
• Security: Pass (no security-relevant code paths changed; only persona metadata + agent files)
• Performance: N/A (markdown only)
• PR Description & Glossary: Pass — glossary is genuinely useful (the # routing-config:override entry + dept-aligned/role-derived disambiguation will save the next reader real archaeology time)
• Summary Bullet Narrative: Pass (advisory) — every bullet answers what + why
• Technical Decisions (AgDR): Pass — covered by AgDR-0050 § Axis 2 (model matrix), AgDR-0018 (persona naming), AgDR-0040 (escape-hatch convention)
• Adopter Handbooks: N/A (no handbooks loaded; diff is framework files only)

Issues Found

One real miss in the Hatim → Hakim sweep — AGENTS.md:12 (recommend fixing in this PR; 1-line change):

.claude/agents/ — 5 sub-agents (Rex code-reviewer, Hatim security-reviewer, ...)

Two problems on that line:

1. Stale Hatim reference (not on the PR description's "intentional non-sweep" list)
2. Stale count: 5 sub-agents — should be 23 per the count refresh applied elsewhere in this PR

AGENTS.md is a forward-looking entry doc for visiting AI agents (Cursor / Aider / Cline / etc.) — same forward-looking class as CLAUDE.md which WAS updated. Unlike docs/agdr/AgDR-0050-*.md, docs/spikes/claude-model-tier-routing.md, or roles/security/security-auditor.md:122-124 (all on the deliberate-non-sweep list because they're either historical audit trail or load-bearing prose punted to follow-up), AGENTS.md has no reason to retain the stale state.

Suggested fix:

- - `.claude/agents/` — 5 sub-agents (Rex code-reviewer, Hatim security-reviewer, Munir dep-auditor, Tariq PR-manager, Idris ticket-manager)
+ - `.claude/agents/` — 23 sub-agents (5 utility: Rex code-reviewer, Hakim security-reviewer, Munir dep-auditor, Tariq PR-manager, Idris ticket-manager; plus 18 dept-aligned agents across engineering / product / design / security / data)

This is the only real blocker-class miss. Everything else verified clean.

Suggestions (non-blocking)

1. Hardening the consolidation-exception invariant in the WRAP-shape test. The deliberate omission of security-reviewer.md from ROLE_AGENTS is the right call (filename != role-slug — folding it into the matrix would require special-casing the dept inference). However, security-reviewer.md's consolidated state (persona_name: Hakim, model: opus, broadened description) is currently unchecked by any test. A separate consolidation-exception block in test_agent_wrap_shape.sh would harden the invariant against future regression — pattern:

   # Consolidation exception: security-reviewer.md keeps the non-standard filename
   # (referenced by /security-review) but must still have the consolidated metadata.
   assert_field .claude/agents/security-reviewer.md "persona_name" "Hakim"
   assert_field .claude/agents/security-reviewer.md "model" "opus"

   File as a follow-up chore in Wave 2 PR 4 or Wave 3 — not worth holding this PR.

2. .claude/agents/tests/test_agent_wrap_shape.sh:13 comment-block staleness. The leading wave-history comment lists PR 4's scope as (Rex / Hatim / Munir / Tariq / Idris). Post-consolidation, PR 4's utility-agent set is Rex / Hakim / Munir / Tariq / Idris. Pure doc-debt in a comment block, but worth folding into PR 4 itself when that work lands.

3. docs/agdr/AgDR-0018-persona-naming-convention.md doc-debt. Two follow-up items that fall outside the PR description's stated mapping-table + roster-sentence scope:

   • Line 51 heading "Full mapping (24 personas, Rex unchanged + 23 renamed)" — post-consolidation the framework has 23 distinct persona names. Header is now slightly stale.
   • Line 92 "Shield → Hatim, Guardian → Munir" — the Shield → Hatim history is now Shield → Hakim post-consolidation (or could be reframed to keep the historical "Shield" naming + note both transitions).

   Neither is blocking; both are doc-debt in the same record that the operator explicitly chose to keep historical. File as a follow-up if/when AgDR-0018 needs another touch.

4. Inaccuracy in the consolidation note prose (.claude/agents/security-reviewer.md:17). The body claims auto-code-review.sh references the security-reviewer.md filename — actually auto-code-review.sh doesn't grep for that filename anywhere; only .claude/skills/security-review/SKILL.md:23 does (and the /security-review skill alone is sufficient justification for the filename preservation). Cosmetic prose fix; doesn't affect runtime.

5. Drift-guard footgun documentation. The drift hook only recognises ^[[:space:]]*# for the override comment — HTML <!-- --> form silently doesn't match. PR description flagged that the operator hit this twice while authoring this PR. Worth a one-line note in the drift-guard hook's leading comment block to save future authors the same friction. Follow-up chore.

Verdict

APPROVED (with the AGENTS.md:12 fix strongly recommended before merge — 1-line, in-scope of this PR's stated "Hatim → Hakim sweep across forward-looking docs" bullet).

The consolidation is surgically correct: # routing-config:override is properly placed inside the YAML frontmatter (line 2, between opening --- and name:), the broadened description is accurate to the Security Auditor scope, the operational HARD STOP block is preserved (it IS load-bearing — the role file at roles/security/security-auditor.md doesn't carry it, so /security-review would otherwise lose the "submit a GitHub review before returning" enforcement). All 5 new agent files mirror Wave 1's thin-WRAP shape byte-for-byte (only name / description / model / persona_name / role-link path differ as expected). Test matrix entries match AgDR-0050 § Axis 2 (Faisal=sonnet, Hamza=opus, Khalil=sonnet, Nadia=haiku, Anwar=sonnet). Count math validates (23 = 5 + 7 + 6 + 5, confirmed via ls -1 .claude/agents/*.md). Both smoke tests pass at HEAD.

The "18 dept-aligned agents" phrasing in the site copy is a good defensive choice against the site-counts drift regex; the consequent need to explain it in the glossary is well-handled (the "dept-aligned vs role-derived" glossary entry is exactly the right shape).

PR description's Open Questions punt list is sound — the roles/security/security-auditor.md:122-124 forward-reference is genuinely load-bearing prose that needs more care than a 1-line replacement, and the /security-review "Shield" historical name is orthogonal to the consolidation.

---

Reviewed by Rex (Code Reviewer Agent)
Reviewed commit: 314dd22401675ca1d0dc29c9d3053a6bb06e62d7

[atlas-apex]

Code Review: PR #360 (re-review after follow-up)

Commit: 9ad45c0a940af156e377ed997a4c81217b0c0797

Summary

Re-review after the AGENTS.md follow-up commit (9ad45c0) addressing the in-PR fix recommended on prior HEAD 314dd22. Single-file 4-line diff to AGENTS.md at the repo root, refreshing stale counts and completing the Hatim → Hakim sweep that the original PR missed.

Verification

• ✓ Bumped numbers match actuals (verified locally on 9ad45c0):
  • find .claude/skills -name SKILL.md | wc -l → 53 (matches AGENTS.md:11 + :77)
  • find .claude/hooks -maxdepth 1 -name '*.sh' ! -name '_lib*' | wc -l → 31 (matches AGENTS.md:10)
  • ls .claude/agents/*.md | wc -l → 23 (matches AGENTS.md:12)
• ✓ bash .claude/hooks/tests/test_site_counts.sh → PASS (53 / 31 / 19 across all scanned files)
• ✓ No drive-by edits — git show --stat 9ad45c0 confirms AGENTS.md | 8 ++++---- only, single file, 4 insertions + 4 deletions
• ✓ Diff matches the brief exactly: three lines under .claude/{hooks,skills,agents}/ description + one second-hit 52 → 53 at AGENTS.md:77
• ✓ Persona sweep landed: "Hatim security-reviewer" → "Hakim security-reviewer/auditor" + agent-decomposition phrasing now reads "5 utility … + 18 dept-aligned agents across engineering / product / design / security / data" (sidesteps the site-counts drift regex's roles? matcher, consistent with the same phrasing used in commit 314dd22 for site/ and CLAUDE.md)
• ✓ Commit message references the Rex review trail (Refs https://github.com/me2resh/apexyard/pull/360#pullrequestreview) — audit trail preserved

Checklist Results

• Architecture & Design: Pass (docs-only refresh, no code paths affected)
• Code Quality: Pass
• Testing: Pass (site-counts test passes; AGENTS.md is not in FILES_TO_SCAN by design, but the test confirms no other claim regressed in the surrounding sweep)
• Security: Pass
• Performance: Pass
• PR Description & Glossary: Pass (carried over from the original PR body; follow-up commit is referenced)
• Summary Bullet Narrative: Pass
• Technical Decisions (AgDR):Pass (no new decisions; the Hatim → Hakim CONSOLIDATE decision lives in AgDR-0050 § Axis 2 and is referenced in the original commit 558ef77)
• Adopter Handbooks: N/A (no handbooks/ content matched the diff scope)

Issues Found

None. The follow-up commit precisely addresses the prior-review recommendation with no scope creep.

Suggestions

None for this PR. (The original PR body's "Open Questions for follow-up" already documents the two remaining doc-debt items — roles/security/security-auditor.md:122-124 forward-reference and .claude/skills/security-review/SKILL.md "Shield" reference — as separate cleanup PRs.)

Verdict

APPROVED (posted as --comment because gh pr review --approve blocks self-approval on the agent's own PR per sandbox; operator will write the marker on Rex's behalf per the documented workaround)

---

🤖 Reviewed by Rex (Code Reviewer Agent)
📌 Reviewed commit: `9ad45c0a940af156e377ed997a4c81217b0c0797`