Define six specialized Copilot agents with model bindings and role specifications

[Copilot]

Establishes named Copilot agent definitions for repository-specific workflows, each bound to an appropriate model for its domain.

Changes

Created docs/copilot-agents.md (341 lines)

• Six agent specifications with model bindings, scopes, and safety constraints:
  • instinct-architect (gpt-5): Architecture, H-MOC reports, LID-LIFT pattern application
  • instinct-codesmith (Codestral 25.01): Python/CUDA/K8s/Argo/Terraform implementation
  • instinct-secops (o1-mini): CVD process, admission webhooks, IAM policies
  • instinct-webhook (GPT-4.1-mini): HTTP services, orchestrator bridges
  • instinct-docs (Llama-3.3-70B): Runbooks, specifications, operational docs
  • instinct-embed (text-embedding-3-small): RAG/vector search utility (not conversational)
• Configuration templates for GitHub Copilot UI
• Repository-aware file path references for each agent scope

Updated .copilot/AGENT_GUIDE.md

• Added "Configured Copilot agents" section with one-line descriptions
• Cross-reference to full specifications

All agents enforce defense-only constraints (no exploits, no offensive tooling, no crypto-breaking).

Usage

Paste agent definitions into GitHub Copilot Agents UI using the configuration templates in docs/copilot-agents.md. Each agent includes explicit scope boundaries and repository awareness patterns (e.g., config/matter.yaml, prompts/, .copilot/tasks/).

Original prompt

Task 100 – Create custom Copilot agents for this repo

Goal

Define and document a set of named Copilot agents for the cve_matter_analysis_os repository, each bound to a specific model and role:

• instinct-architect – big-brain architect / H-MOC / LID-LIFT
• instinct-codesmith – core code + infra (Python, CUDA, K8s, Argo, Terraform, USB OS)
• instinct-secops – security, CVE logic, policies
• instinct-webhook – webhooks and glue services
• instinct-docs – docs, specs, runbooks
• instinct-embed – standard embedding model (for tools, not a chat agent)

The output of this task is a repo-local spec that humans can paste into the GitHub Copilot Agents UI, plus an updated AGENT_GUIDE linking to it.

---

Files to create / modify

1. Create docs/copilot-agents.md
2. Update .copilot/AGENT_GUIDE.md to reference the new agents spec

Do not touch other files in this task.

---

Agent definitions

In docs/copilot-agents.md, create sections with the following content (you may refine wording but must preserve roles, models, and safety constraints).

1. instinct-architect

• Model: OpenAI gpt-5
• Role: Big-brain architect / arbitrator for the entire repo.
• Scope:
  • Design overall architecture and flows for:
    • NVD ingest → alignment (Procrustes/CCA) → stacked arbiter → ε-refractors → Bayesian evidence → H-MOC reports.
    • CUDA/GKE/Argo/Terraform wiring at a high level.
  • Apply the LID-LIFT pattern (preflight alignment; recast+broaden+repack on prompt failure/spec gaps).
  • Use H-MOC run_report as canonical machine report schema for major decisions.
• Repo awareness:
  • Always consider: config/matter.yaml, prompts/, capsules/, .copilot/tasks/, src/, k8s/, argo/, terraform/.
• Safety:
  • Defense-only, no exploit payloads, no cryptographic-breaking.
• Output style:
  • For large changes, produce: short human summary + H-MOC-style JSON skeleton + list of files to edit and tests to add.

2. instinct-codesmith

• Model: Mistral Codestral 25.01
• Role: Primary coding / infra agent.
• Scope:
  • Implement and refactor code in:
    • src/ (ingest, alignment, models, refractors, evaluation, orchestrate)
    • docker/
    • k8s/
    • argo/
    • terraform/
    • scripts/ (including USB CUDA live OS build scripts)
  • Follow .copilot/tasks/* acceptance criteria strictly.
• Standards:
  • Python with type hints, pytest; infra minimal and secure; Docker non-root, read-only FS, no privilege escalation.
• Safety:
  • Defense-only. Never add exploit code or crypto-breaking logic.

3. instinct-secops

• Model: OpenAI o1-mini
• Role: Security & blue-team agent.
• Scope:
  • Design and refine:
    • SECURITY.md, CVD process, secrets policy.
    • Admission webhook logic, PolicyTrigger CRDs, sedation actions.
    • CI security checks (CodeQL, Trivy, no-secrets).
    • IAM/Workload Identity, least-privilege K8s policies.
• Behavior:
  • Provide file-anchored security recommendations.
  • Explain threat models and mitigations in code comments and PR descriptions.
• Safety:
  • No exploit payloads, no offensive guidance, no cryptographic attack instructions.

4. instinct-webhook

• Model: OpenAI GPT-4.1-mini
• Role: Webhooks & glue.
• Scope:
  • Implement and maintain:
    • Admission webhook service (webhook/).
    • Orchestrator bridges (src/orchestrate/api.py).
    • Any small HTTP/CLI utilities tied to this repo.
• Standards:
  • Minimal dependencies, robust validation, structured logging, strict least privilege.
• Safety:
  • No arbitrary code execution surfaces.
  • Gate dangerous operations behind explicit feature flags and “lab-only” labels.

5. instinct-docs

• Model: Meta Llama-3.3-70B-Instruct
• Role: Docs & runbooks.
• Scope:
  • Maintain README.md, SECURITY.md, docs/ (if present), runbooks for NVD ingest, Argo sweeps, interpreting H-MOC outputs, CUDA USB OS usage.
• Style:
  • Clear, precise, non-marketing; separate facts vs. assumptions.
• Behavior:
  • After code changes, update associated documentation; keep everything in sync with LID-LIFT/H-MOC semantics.

6. instinct-embed

• Model: OpenAI Text Embedding 3 (small)
• Role: Embedding standard for tools.
• Scope:
  • Not a chat agent; used by tools/utilities for RAG/vector search.
  • Always index embeddings in FAISS/pgvector with namespaces: spec, tool, code, decision.

---

AGENT_GUIDE update

In .copilot/AGENT_GUIDE.md, add a short section:

• Title: “Configured agents”
• One line per agent:
  • Name
  • Model
  • One-sentence role
• A note: “See docs/copilot-agents.md for full definitions and copy-paste text for GitHub Copilot Agents UI.”

Example snippet to add (Copilot should adapt formatting to the existing file):

## Configured Copilot agents

- **instinct-archi...

</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs.