Specialist Roles

export interface SpecialistConfig {
  id: string;                    // Unique identifier (e.g., "crafter")
  name: string;                  // Display name (e.g., "Implementor")
  description?: string;          // Brief description
  role: AgentRole;               // ROUTA | CRAFTER | GATE | DEVELOPER
  defaultModelTier: ModelTier;   // SMART | BALANCED | FAST
  systemPrompt: string;          // Full system instructions
  roleReminder: string;          // Short reminder for context
  source?: "user" | "bundled" | "hardcoded";
  model?: string;                // Optional model override
  enabled?: boolean;
}

# Spec: [Feature Name]

## Goal
One sentence, user-visible outcome

## Tasks
@@@task
# Task 1 Title
## Objective
- what this task achieves
## Scope
- what files/areas are in scope
## Definition of Done
- specific completion checks
## Verification
- exact commands to run
@@@

@@@task
# Task 2 Title
...
@@@

## Acceptance Criteria
- [ ] Testable criterion 1
- [ ] Testable criterion 2

## Non-goals
What's explicitly out of scope

## Verification Plan
```bash
npm test
npm run build

### Available Tools

- `set_note_content` — Write note content. **Auto-creates tasks** from `@@@task` blocks
- `set_agent_name` — Set display name
- `delegate_task_to_agent` — Delegate to CRAFTER or GATE
- `list_agents` — List all agents and their status
- `read_agent_conversation` — Read what an agent has done
- `send_message_to_agent` — Send a message to another agent
- `create_note` / `read_note` / `list_notes` — Manage notes

<Note>
  ROUTA has **NO file editing tools**. Delegation to CRAFTER agents is the ONLY way code gets written.
</Note>

## CRAFTER (Implementor)

**Role**: Implement assigned task — nothing more, nothing less. Produce minimal, clean changes.

### Hard Rules

From `src/core/orchestration/specialist-prompts.ts:112-123`:

0. **Name yourself first** — Call `set_agent_name` with a short task-focused name
1. **No scope creep** — Only what the task asks
2. **No refactors** — If needed, report to parent for a separate task
3. **Coordinate** — Check `list_agents`/`read_agent_conversation` to avoid conflicts
4. **Notes only** — Don't create markdown files for collaboration
5. **Don't delegate** — Message parent coordinator if blocked

### Execution

```mermaid
flowchart TD
    A[Read Spec Note] --> B[Read Task Note]
    B --> C[Preflight Conflict Check]
    C --> D[Implement Minimally]
    D --> E[Run Verification Commands]
    E --> F{Commands Pass?}
    F -->|No| G[Debug and Fix]
    G --> E
    F -->|Yes| H[Commit Changes]
    H --> I[Update Task Note]
    I --> J[Call report_to_parent]
    
    classDef checkStyle fill:#e1f5ff,stroke:#0288d1
    classDef actionStyle fill:#c8e6c9,stroke:#388e3c
    classDef reportStyle fill:#fff3e0,stroke:#f57c00
    
    class C checkStyle
    class D,E,G,H actionStyle
    class J reportStyle

// 1. List active agents
const agents = await list_agents({ workspaceId });

// 2. Check their recent activity
for (const agent of agents.filter(a => a.status === "ACTIVE")) {
  const convo = await read_agent_conversation({
    agentId: agent.id,
    lastN: 5
  });
  // Analyze for file conflicts
}

await report_to_parent({
  agentId: "crafter-123",
  report: {
    agentId: "crafter-123",
    taskId: "task-456",
    summary: "Implemented auth endpoints. Tests pass. No breaking changes.",
    success: true,
    filesModified: [
      "src/auth/routes.ts",
      "src/auth/middleware.ts"
    ],
    verificationResults: "npm test -- auth\n✓ 12 tests passed"
  }
});

### Verification Summary
- Verdict: ✅ APPROVED / ❌ NOT APPROVED / ⚠️ BLOCKED
- Confidence: High / Medium / Low

### Acceptance Criteria Checklist
For each criterion:
- ✅ VERIFIED: Evidence + Verification method
- ⚠️ DEVIATION: What differs, impact, suggested fix
- ❌ MISSING: What is missing, impact, smallest task needed

### Evidence Index
- Commits reviewed: abc123, def456
- Task notes reviewed: task-1, task-2
- Files/areas reviewed: src/auth/, src/api/

### Tests/Commands Run
- `npm test` → PASS
- `npm run build` → PASS

### Risk Notes
Any uncertainty or potential regressions

### Recommended Follow-ups (optional)
Non-blocking improvements

---
id: security-reviewer
name: Security Reviewer
description: Reviews code for security vulnerabilities
role: GATE
defaultModelTier: SMART
enabled: true
---

# Security Reviewer

You review code for security vulnerabilities and best practices.

## Hard Rules
1. Check for SQL injection risks
2. Verify input sanitization
3. Check for XSS vulnerabilities
4. Verify authentication/authorization

## Process
1. Read the code changes
2. Run security linters (if available)
3. Manual review for common vulnerabilities
4. Document findings with severity levels

## Output Format
### Security Review Summary
- Verdict: ✅ SECURE / ⚠️ NEEDS REVIEW / ❌ VULNERABLE
- Critical Issues: 0
- High Severity: 0
- Medium Severity: 0
- Low Severity: 0

...

export async function loadSpecialists(): Promise<SpecialistConfig[]> {
  if (_cachedSpecialists) return _cachedSpecialists;
  
  if (_useDatabase) {
    // Load from database + file-based + hardcoded
    _cachedSpecialists = await loadSpecialistsFromAllSources();
  } else {
    // Load from files + hardcoded fallback
    try {
      const fromFiles = loadAllSpecialists();
      if (fromFiles.length > 0) {
        const fileIds = new Set(fromFiles.map((s) => s.id));
        const hardcodedExtras = HARDCODED_SPECIALISTS.filter(
          (s) => !fileIds.has(s.id)
        );
        _cachedSpecialists = [...fromFiles, ...hardcodedExtras];
      }
    } catch (err) {
      console.warn("Failed to load from files, using hardcoded:", err);
    }
    
    _cachedSpecialists = [...HARDCODED_SPECIALISTS];
  }
  
  return _cachedSpecialists;
}