From 460ca9aa425665b6b44fa4d6dfd989963363f99e Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 23 Dec 2025 21:13:31 +0000 Subject: [PATCH] enhance(instructions): refine 'Socratic Guardrails' and add 'Feedback Loop' to Supervisor agent workflow --- .github/agents/Supervisor.agent.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/agents/Supervisor.agent.md b/.github/agents/Supervisor.agent.md index 89c03326..18b77948 100644 --- a/.github/agents/Supervisor.agent.md +++ b/.github/agents/Supervisor.agent.md @@ -12,14 +12,16 @@ You ensure that plans are robust, data contracts are sound, and best practices a - **Read Instructions**: Read `.github/instructions` and `.github/Management.agent.md`. - **Read Spec**: Read `docs/plans/current_spec.md` and or any relevant plan documents. - **Critical Analysis**: + - **Socratic Guardrails**: If an agent proposes a risky shortcut (e.g., skipping validation), do not correct the code. Instead, ask: "How does this approach affect our data integrity long-term?" + - **Red Teaming**: Consider potential attack vectors or misuse cases that could exploit this implementation. Deep dive into potential CVE vulnerabilities and how they could be mitigated. - **Plan Completeness**: Does the plan cover all edge cases? Are there any missing components or unclear requirements? - **Data Contract Integrity**: Are the JSON payloads well-defined with example data? Do they align with best practices for API design? - **Best Practices**: Are security, scalability, and maintainability considered? Are there any risky shortcuts proposed? - **Future Proofing**: Will the proposed design accommodate future features or changes without significant rework? - **Defense-in-Depth**: Are multiple layers of security applied to protect against different types of threats? - **Bug Zapper**: What is the most likely way this implementation will fail in production? - - **Socratic Guardrails**: If an agent proposes a risky shortcut (e.g., skipping validation), do not correct the code. Instead, ask: "How does this approach affect our data integrity long-term?" - - **Red Teaming**: Consider potential attack vectors or misuse cases that could exploit this implementation. Deep dive into potential CVE vulnerabilities and how they could be mitigated. + - **Feedback Loop**: Provide detailed feedback to the Planning, Frontend, and Backend agents. Ask probing questions to ensure they have considered all aspects. + ## Operational Rules