高级 Agent 编排模式

You are the **attacker** in an adversarial panel.
BREAK things. Find flaws, edge cases, and failure modes.
Assume there's at least one issue - find it.

**The Breaker** (Correctness):
Think like a chaos monkey. Your sole focus is finding ways this code
**produces wrong results, crashes, or behaves unexpectedly**.
Your mindset:
- "What if I send garbage?"
- "What if I click rapidly?"
- "What if the network dies mid-call?"

**The Exploiter** (Security):
Think like a penetration tester. Your sole focus is finding ways this code
can be **exploited, abused, or leak sensitive data**.

Review the code carefully and look for any issues. Be thorough.

## SDLC State Machine

INTENT_RECEIVED → PRD_CREATED → DESIGN_CREATED → DESIGN_REVIEWED_R1 →
DESIGN_R1_ADDRESSED → DESIGN_REVIEWED_R2 → IMPLEMENTATION_PLANNED →
IMPLEMENTED → PEER_REVIEWED → PR_COMMENTS_ADDRESSED → MERGED → DEPLOYED

## Completion Report (required from every specialist agent)

| Field | Value |
| **Agent** | peer-reviewer |
| **State Completed** | PEER_REVIEWED |
| **Artifacts** | {PR ID, review comments posted} |
| **Summary** | Reviewed PR #NNN, posted M comments |
| **Findings** | Blocker: N, High: N, Medium: N, Low: N |

## Workflow
1. First, create a PRD
2. Then design the system
3. Get it reviewed
4. Implement it
5. Create a PR

Each agent should report back what they did when finished.

Step 3: Launch M x N sub-agents (all parallel)
Step 3b: Per-lens consolidation (N→1 per lens, all parallel)
  - Validate each finding against actual code (catch hallucinations)
  - Note which models flagged each finding
  - Single-model-only findings = low confidence
Step 3c: Meta-consolidation (M→1 final)
  - De-duplicate across lenses
  - Cross-reference against existing PR threads
  - Suppress findings matching Closed/Fixed/WontFix threads

### Consensus Scoring

| Agreement | Action |
|-----------|--------|
| 3/3 models | `[high]` confidence — almost certainly real |
| 2/3 models | Accept — verify specifics, `[medium]`+ confidence |
| 1/3 models | Adversarially challenge — keep only if it survives scrutiny |

Run the review with multiple models and combine the results.
If models disagree, use your best judgment to pick the right answer.

Phase 5: Independent plans created by two agents (in separate sessions)
Phase 6: Each agent hardens their own plan (self-review)
Phase 7: Cross-review and gap analysis performed
Phase 8: Base plan selected by user
Phase 9: Final plan created with merged improvements from both

Have two agents collaborate on a plan together. They should
discuss ideas back and forth until they converge on the best approach.

## Classification Dimensions (per subtask)
- Reasoning depth (shallow/moderate/deep)
- Output criticality (low/medium/high)
- Precision required (approximate/exact)
- Context load (light/moderate/heavy)
- Novelty (pattern/novel)
- Estimated tokens
- Domain

## Routing Priorities
Priority 1 — Output criticality: high → Force premium model
Priority 2 — Reasoning depth: deep → Force sonnet or opus
Priority 5 — Novelty: pattern → Prefer cheaper model

## Cost Report
| Model | Subtasks | Cost |
| haiku-4.5 | 2 | $0.03 |
| sonnet-4.5 | 1 | $0.25 |
| TOTAL | 3 | $0.28 |
Baseline (all Sonnet): $0.75 | Savings: 63%

Use the most capable model for all subtasks to ensure quality.
We can optimize costs later if needed.

**Handoff Context Summary**
**Task:** {specific task the user requested}
**Target Agent:** {which agent will handle this}
**SDLC State:** {current state in the SDLC chain}
**Inputs:** [requirements doc path, work item ID, PR ID]
**Constraints & Decisions:** [list of prior decisions that constrain this agent]
**Expected Output:** [what the orchestrator needs back]

Pass the full conversation history to the next agent so it has
all the context it needs to continue the work.

The orchestrator must NOT read changed file contents, full diffs, or
sub-agent output into its own context. Pass **paths** to sub-agents
and consolidators. Only read the final meta-consolidator report.

The orchestrator reads each changed file, analyzes it, then
delegates specific findings to sub-agents for deeper investigation.

| Tier | Signals | Model | Planning Phase |
| Simple | Single file, clear fix | haiku | None — route directly |
| Standard | Feature, 2-3 files | Default | Optional |
| Complex | Architecture, 4+ files, security | sonnet+ | Recommended |

Analyze the task complexity and choose an appropriate approach.
For harder tasks, think more carefully before coding.

## Communication Protocol
- After forming or updating your perspective, write your FULL current
  position to your state file
- Your state file is the source of truth - keep it current

## State Files
{tmp}/brainstorm-${SESSION_ID}-advocate-state.md
{tmp}/brainstorm-${SESSION_ID}-skeptic-state.md
{tmp}/brainstorm-${SESSION_ID}-architect-state.md

The agents should communicate by sending messages to each other
through the orchestrator, which relays them back and forth.

System.Tags: copilot:repo=<orgName>/<projectName>/<repoName>@<branchName>
System.AssignedTo: GitHub Copilot

Call the cloud agent's API directly with the code changes
and wait for it to return the result.

Loop max 3 iterations. If tests still fail after 3 rounds:
- Report structured failure with remaining issues
- Ask whether to proceed with known failures or stop

12 round warning, 20 round hard stop

Keep retrying until the tests pass. If they don't pass,
try a different approach and retry again.

MEMORY_ROOT/memory/{role}/     — per-agent memory files
MEMORY_ROOT/decisions/{role}/  — per-agent decisions
MEMORY_ROOT/artifacts/         — inter-agent work products (shared)
MEMORY_ROOT/messages/          — team message board (shared)

Rules:
- Agents may only read their own memory + their own decisions files
- Agents may NOT read other agents' memory, charters, or history
- The coordinator does NOT inject one agent's output into another's memory
- Inter-agent handoffs use artifacts in MEMORY_ROOT/artifacts/

Agents can read each other's memory files to understand what
other team members are thinking and coordinate accordingly.

git worktree add --no-checkout --detach $worktreePath {commit}
git -C $worktreePath sparse-checkout set $changedFiles

Clone the repository and check out the PR branch to review
the changed files.

Security and Correctness findings: promoted +1 severity level
Performance and Architecture findings: capped at HIGH
A11y and Rollout findings: capped at MEDIUM

Verdict rules:
- Approve: 0 CRITICAL, 0 HIGH
- Approve with suggestions: 0 CRITICAL in Security/Correctness
- Request changes: 1+ CRITICAL or 1+ HIGH in Security/Correctness or 3+ HIGH elsewhere

Flag all issues found during review. The reviewer should use
their judgment to decide which ones are important enough to block the PR.