Goal
A security-reviewer subagent that uses the CodeGuard rules to search a
repository for violations and reports findings as SARIF.
Behaviour
- Detect languages present in the repo and select the applicable rules.
- For each selected rule: load it, search the repo for violations, collect
candidate hits.
- Triage each candidate in context (confirmed / false-positive /
needs-human); re-verify every cited file:line.
- Write SARIF 2.1.0 to a findings file; return the file path and a short
human summary listing which rules were checked.
v1 acceptance
Constraints
- Must not modify repository source; the findings file is the only write
- Author the core (name, description, body) to be portable across agent
hosts; omit model; platform-specific frontmatter is additive
Out of scope for v1
Deterministic pre-scan script · enforcement hooks · false-positive
suppression · diff-scoped mode.
Refs
Discussion #36 ·
Subagent docs ·
Agent Skills spec
Goal
A
security-reviewersubagent that uses the CodeGuard rules to search arepository for violations and reports findings as SARIF.
Behaviour
candidate hits.
needs-human); re-verify every cited file:line.
human summary listing which rules were checked.
v1 acceptance
sources/agents/security-reviewer/AGENT.mdreferences/rules/andreferences/lang-rules.jsonavailable to theagent at runtime
dist/Constraints
hosts; omit
model; platform-specific frontmatter is additiveOut of scope for v1
Deterministic pre-scan script · enforcement hooks · false-positive
suppression · diff-scoped mode.
Refs
Discussion #36 ·
Subagent docs ·
Agent Skills spec