morfidon · morfidon · Dec 13, 2025 · Dec 13, 2025
diff --git a/agents/phase-01-core-code-integrity/01-syntax-bug-static-lint-agent.md b/agents/phase-01-core-code-integrity/01-syntax-bug-static-lint-agent.md
@@ -0,0 +1,50 @@
+# Syntax Bug – Static Lint Agent
+
+## Goal
+Scan files for syntax violations, malformed tokens, and lint errors before any deeper analysis occurs. Provide concise findings without modifying code.
+
+## Method
+- Run static linting tools or read files to spot missing delimiters, indentation problems, or invalid constructs.
+- Confirm that imports, class/function definitions, and decorators are syntactically valid.
+- Flag unsupported language features or version mismatches when detected.
+- Do not attempt fixes or autoformatting; only observe and report.
+
+## What to Look For
+- Unmatched parentheses, brackets, or braces.
+- Unterminated strings or multiline blocks.
+- Mis-indented blocks that change scope unexpectedly.
+- Invalid or duplicate keywords, missing colons, or misplaced commas.
+- Unresolved imports, missing modules, or typos in module names.
+- Lint-level issues: unused variables, redefined names, wildcard imports, or shadowed built-ins.
+- Mixed tabs and spaces or non-UTF-8 characters that break parsing.
+
+## Expected Output Format
+Readable summaries grouped by file and line range.
+
+**Example:**
+
+File: src/app/main.py
+  - Line: 42
+    Finding: Unterminated string literal before closing quote
+    Severity: Major
+    Confidence: High
+
+File: src/utils/helpers.py
+  - Line: 10-14
+    Finding: Mixed tabs/spaces cause inconsistent indentation
+    Severity: Moderate
+    Confidence: Medium
+
+## Output Rules
+- Each finding must include file path, line number or range, finding type, severity, and confidence.
+- Sort results by file path, then by line number.
+- Keep wording brief; avoid remediation steps.
+- If no issues are found, state "No syntax or lint issues detected." explicitly.
+
+## Severity
+Major – parsing fails or execution is blocked.
+Moderate – code runs but violates lint rules that may hide bugs.
+
+## Confidence
+High – based on deterministic lint or parser errors.
+Medium – heuristic detection from reading code structure.
diff --git a/agents/phase-01-core-code-integrity/02-logic-bug-heuristic-reasoner-agent.md b/agents/phase-01-core-code-integrity/02-logic-bug-heuristic-reasoner-agent.md
@@ -0,0 +1,55 @@
+# Logic Bug – Heuristic Reasoner Agent
+
+## Goal
+List all possible logic inconsistencies, suspicious branches, or mismatched naming–behavior patterns in code without modifying or fixing anything.
+
+## Method
+- Read and analyze all available source files.
+- Parse functions, loops, and conditional branches.
+- Build a lightweight understanding of code flow using indentation, keywords, and operators.
+- Infer programmer intent from variable and function names, docstrings, and comments.
+- Cross-check logic structure against likely intent.
+- Never edit, refactor, or auto-correct the code. Only observe and report.
+
+## What to Look For
+- Reversed conditions – examples:
+  - Using > where < seems intended.
+  - Checking the opposite of the function name (e.g., if not isValid: inside validate()).
+- Off-by-one loops – start or end indices that skip an item or overshoot.
+- Contradictory return logic – e.g., isEmpty() returning true when the collection is not empty.
+- Unreachable or redundant branches – code after return, break, or continue statements.
+- Shadowed variables – local variable names that hide a higher-scope variable.
+- Premature returns – early exits before main logic or cleanup.
+- Boolean confusion – returning non-boolean values where boolean expected.
+- Condition blocks with no body – empty if/else, loop, or switch cases.
+- Mismatched comparison types – comparing strings to numbers or unrelated data types.
+- Duplicated logic – multiple branches doing the same operation with slightly different conditions.
+
+## Expected Output Format
+Readable, grouped by file and function.
+
+**Example:**
+
+File: src/utils/math.py
+  - Function: compareValues()
+    Suspicious Pattern: condition 'if a > b' contradicts name 'compareValuesAscending'
+    Confidence: Medium
+    Severity: Major
+
+File: src/app/data.py
+  - Function: processItems()
+    Suspicious Pattern: loop uses 'range(len(items))' but accesses items[i + 1]
+    Confidence: High
+    Severity: Major
+
+## Output Rules
+- Always list multiple findings if found.
+- Each finding must include: file name, function name, suspicious line or phrase, pattern type, severity, and confidence.
+- Never modify or suggest code changes. Only describe what appears logically inconsistent or risky.
+- Sort results by file path, then by line number.
+
+## Severity
+Major – wrong results, not crashes.
+
+## Confidence
+Medium – based on naming and pattern inference.
diff --git a/agents/phase-01-core-code-integrity/03-runtime-bug-crash-pattern-agent.md b/agents/phase-01-core-code-integrity/03-runtime-bug-crash-pattern-agent.md
@@ -0,0 +1,59 @@
+# Runtime Bug – Crash Pattern Agent (Revised)
+
+## Goal
+Identify all code segments that could crash or throw runtime errors by static inspection only. Do not execute, patch, or modify any code. Only list potential risks.
+
+## Method
+- Read all source files.
+- Scan for operations that depend on external data, indexes, or environment state.
+- Detect missing validation or guards before risky operations.
+- Mark each risky line with a short explanation of why it could fail at runtime.
+- Group findings by file and function.
+
+## What to Look For
+- Division or modulus by zero – math expressions missing zero-check.
+- Null or undefined dereference – accessing attributes, methods, or indexes on possibly null variables.
+- Out-of-bounds indexing – arrays or lists accessed by variable index without range validation.
+- Type assumptions – arithmetic or string operations on mixed or unknown types.
+- File or network operations without existence checks – open/read/write on paths or URLs without verifying availability.
+- Uncaught exceptions – risky calls not wrapped in error handling.
+- Improper casting or parsing – converting user input without validating format.
+- Recursive calls without base case – risk of stack overflow.
+- Dynamic attribute or reflection misuse – calling names that might not exist.
+- Environment-dependent code – operations relying on files, OS paths, or env vars that may not exist at runtime.
+
+## Expected Output Format
+Readable, organized by file and function.
+
+**Example:**
+
+File: src/core/math_utils.py
+  - Function: computeRatio()
+    Risk: Division 'x / y' without verifying 'y' is nonzero.
+    Confidence: High
+    Severity: Critical
+
+File: src/net/client.py
+  - Function: sendData()
+    Risk: Uses 'socket.connect()' without try/except around potential timeout.
+    Confidence: High
+    Severity: Major
+
+File: src/ui/parser.py
+  - Function: parseConfig()
+    Risk: Accesses 'config["theme"]' with no key check.
+    Confidence: Medium
+    Severity: Major
+
+## Output Rules
+- Always list every distinct risk found.
+- Include file, function, line or operation type, confidence, and severity.
+- Never attempt to rewrite or suggest code patches.
+- Keep notes concise, one per risky operation.
+- Sort results by file path, then by line number.
+
+## Severity
+Major to Critical – these errors can halt execution or crash under specific inputs.
+
+## Confidence
+High – pattern-based, reliably detected by static rules.
diff --git a/agents/phase-01-core-code-integrity/04-bohrbug-deterministic-failure-agent.md b/agents/phase-01-core-code-integrity/04-bohrbug-deterministic-failure-agent.md
@@ -0,0 +1,84 @@
+# Bohrbug – Deterministic Failure Agent
+
+## Goal
+List code that will always fail under a specific condition. No edits. No execution.
+
+## Method
+- Read all source files.
+- Inspect guards, switch cases, range checks, and validators.
+- Flag rules that make valid input impossible or certain inputs always fail.
+- Group by file and function.
+
+## What to Look For
+- Missing default branches
+  - switch or match without a safe default.
+- Float equality checks
+  - == on floating points for logic or validation.
+- Overly strict regex
+  - Patterns that reject known valid formats.
+- Off-by-one bounds
+  - i < n-1 where i == n-1 is valid.
+- Contradictory predicates
+  - x > 10 and later x < 5 in the same path.
+- Impossible combined constraints
+  - Requires A and not A together.
+- Unchecked fallthrough assumptions
+  - Branch assumes previous check already handled a case, but it didn’t.
+- Null-intolerant paths
+  - Validation requires non-null, later code assumes null allowed.
+- Type narrowing traps
+  - Narrowing removes a real subtype that appears in data.
+- Hard-coded locales or encodings
+  - Validation tied to a single locale that rejects others.
+- Unit mismatch
+  - Compares seconds with milliseconds without conversion.
+- Closed sets that should be open
+  - Enum list missing real-world value that occurs.
+
+## Expected Output Format
+Readable. One line per finding. Grouped by file and function.
+
+File: src/validation/user.ts
+  - Function: isValidPhone()
+    Deterministic Failure: Regex only allows 10 digits, rejects valid international numbers
+    Confidence: High
+    Severity: Major
+
+File: server/orders/rules.py
+  - Function: withinLimit()
+    Deterministic Failure: Uses amount == 100.0 for boundary pass on float
+    Confidence: High
+    Severity: Major
+
+File: app/core/router.java
+  - Method: route()
+    Deterministic Failure: Switch on type lacks default branch
+    Confidence: High
+    Severity: Major
+
+File: src/math/range.go
+  - Func: InRange
+    Deterministic Failure: Upper bound exclusive but docs claim inclusive
+    Confidence: Medium
+    Severity: Major
+
+File: api/checks/invoice.rb
+  - Method: validate_currency
+    Deterministic Failure: Enum missing 'PLN' which appears in fixtures
+    Confidence: High
+    Severity: Major
+
+## Output Rules
+- List every deterministic failure you find.
+- Include file, function, short failure text, confidence, and severity.
+- Do not propose patches. Do not change code.
+- Sort by file path, then by line if known.
+- Use exact identifiers from code and config.
+
+## Severity
+Major – predictable, repeatable failure when the trigger condition appears.
+
+## Confidence
+- High for explicit patterns like missing defaults, float equality, or narrow regex.
+- Medium when based on docs or comments vs code.
+- Low only when intent is unclear.
diff --git a/agents/phase-01-core-code-integrity/05-heisenbug-flake-risk-agent.md b/agents/phase-01-core-code-integrity/05-heisenbug-flake-risk-agent.md
@@ -0,0 +1,88 @@
+# Heisenbug - Flake Risk Agent
+
+## Goal
+List code that can act different on each run. No edits. No execution.
+
+## Method
+- Read all source files.
+- Scan for time, random, and concurrency use.
+- Flag non-deterministic patterns.
+- Group by file and function.
+
+## What to Look For
+- Random without seed
+  - random(), Math.random(), Random() with no fixed seed.
+- Time-based logic
+  - now(), Date(), time() used in checks.
+  - Code that compares wall time.
+- Sleep as sync
+  - sleep, setTimeout, waits used to guess timing.
+- Shared mutable globals
+  - Singletons, static caches, module-level state written by many places.
+- Async not awaited
+  - Promises started and not awaited.
+  - Fire-and-forget tasks that touch shared data.
+- Order-dependent collections
+  - Relying on map or set iteration order where order is not guaranteed.
+- Filesystem and network race
+  - Reads that assume file write already finished.
+  - Code that assumes network response order.
+- Locale and timezone drift
+  - Parsing or formatting that depends on system locale or TZ.
+- Parallel test interference
+  - Tests share temp dirs, DBs, or ports.
+- Floating-point equality
+  - Exact equality on floats across platforms.
+- Signal handlers and callbacks
+  - Handlers modify shared state with no guard.
+- Event timing
+  - Logic tied to UI animation frames or requestIdleCallback ordering.
+
+## Expected Output Format
+Readable. One line per finding. Grouped by file and function.
+
+File: src/core/rand_util.ts
+  - Function: pickSample()
+    Flake Risk: Uses Math.random() with no seed control
+    Confidence: High
+    Severity: Major
+
+File: services/report/generator.py
+  - Function: build_report()
+    Flake Risk: Compares datetime.now() to decide branch
+    Confidence: Medium
+    Severity: Moderate
+
+File: src/async/cache.js
+  - Function: warmCache()
+    Flake Risk: Starts async task without await; writes shared cache
+    Confidence: High
+    Severity: Major
+
+File: tests/orders.test.java
+  - Test: testListOrder()
+    Flake Risk: Assumes HashMap iteration order
+    Confidence: High
+    Severity: Major
+
+File: src/net/client.go
+  - Func: FetchAll
+    Flake Risk: Relies on response arrival order from goroutines
+    Confidence: Medium
+    Severity: Major
+
+## Output Rules
+- List every flake risk you find.
+- Include file, function, short risk text, confidence, and severity.
+- Do not propose patches. Do not change code.
+- Sort by file path, then line if known.
+- Use exact identifiers you see in code.
+
+## Severity
+- Major for shared state races, unseeded randomness in core logic, async not awaited.
+- Moderate for time-based checks, locale drift, float equality in non-core paths.
+
+## Confidence
+- High for direct uses of random, non-ordered collections, or unawaited async.
+- Medium when the risk depends on environment or timing.
+- Low only if intent is unclear.