feat(agents): add ci-triage-engineer + vercel-preview-auditor + literature-searcher (15 → 18)#225
Merged
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…ature-searcher (15 → 18)
Closes three session-observed gaps where main-agent inline work was
draining the "Weekly · all models" pool instead of the underutilized
"Weekly · Sonnet only" pool on Max plans.
(a) `.claude/agents/ci-triage-engineer.md` (Tier 4 Operations, sonnet)
— Reactive to GitHub Actions check failures via the
`<github-webhook-activity>` PR-activity event. Knows the CI matrix
(Python lint+test · Frontend build · simulate · Vercel preview) +
10-class failure taxonomy (schema-pin-drift / ruff-I001 / F401 /
F841 / dep-missing-ci-only / real-bug / simulate-45min-cap /
flaky-transient / vercel-build-skew / schema-drift-CI). Proposes
one-line fix the user authorizes. Refuses to auto-flip test
assertions or classify as flaky without re-run evidence. Read +
Bash + Grep + Glob; no MCP tool access (asks main agent to invoke
GitHub MCP).
(b) `.claude/agents/vercel-preview-auditor.md` (Tier 2 Lifecycle, sonnet)
— Wraps Vercel MCP server chain: `list_deployments` →
`get_deployment_build_logs` → `get_runtime_logs` →
`web_fetch_vercel_url` 3-route UA probe. Codifies the CLAUDE.md
§Commands "When Vercel MCP is loaded, list_deployments →
get_runtime_logs is the cheap pre-Playwright pass" — which today
depends on main-agent memory. Fires before Mark-Ready on any UI-
touching PR. Refuses to invoke `deploy_to_vercel` or promote
preview to production. Knows the QuantRank Vercel project name
(quantrank), team scope (dackclups-projects), and preview URL
pattern.
(c) `.claude/agents/literature-searcher.md` (Tier 3 Specialized, sonnet)
— WebSearch + WebFetch wrapper for academic papers + SEC rule
releases + EDGAR filings. Carries CLAUDE.md's 17-paper canonical
anchor list in-prompt (Altman / Sloan / Beneish / Dechow / Mayew
/ BD / HLM / DT / Damodaran / Roychowdhury / Cohen / CMP / JMZ /
Jagolinzer / Bushman-Smith / Aboody / Huber) and refuses to re-
fetch those. For new papers: WebSearch → preferred
author/SSRN/NBER free PDF → WebFetch → locate the section →
return citation-ready excerpt + suggested docstring format.
Offloads retrieval from `methodology-scientist` (opus) — judgment
stays on opus, fetch stays on sonnet. Refuses to make a
methodology verdict itself (that's methodology-scientist's slot
exclusively); refuses copyright-violating mirrors (sci-hub /
libgen) — preprint OR institutional-access workflow only.
Tier counts updated:
- Tier 1 Core: 5 (unchanged)
- Tier 2 Lifecycle: 4 → 5 (+vercel-preview-auditor)
- Tier 3 Specialized: 4 → 5 (+literature-searcher)
- Tier 4 Operations: 2 → 3 (+ci-triage-engineer)
- Total: 15 → 18
4-opus / 14-sonnet split preserved (was 4/11). All 3 new agents are
sonnet to drain the underutilized Sonnet-only pool per PR #219 +
PR #223 token-economy rebalance.
Doc lockstep:
- `.claude/agents/README.md` tier tables (T2 / T3 / T4 add a row each)
+ roster header 15 → 18
- `CLAUDE.md` §Layout `.claude/agents/` row 15 → 18
- `CLAUDE.md` §Auto-routing policy:
- Delegation patterns table +3 rows (CI fail / Vercel preview /
literature search)
- Cue table +3 rows (CI webhook / pre-Mark-Ready UI / methodology
cite outside anchor list)
- Spawn discipline split count 4-vs-11 → 4-vs-14
- "Pattern not in the table" walks 18 agents now (was 15)
- `AGENTS.md` §Project structure agents row 15 → 18; new §Phase +
version state entry documenting cross-tool routing posture (still
Claude-Code-only)
Doc-only PR. No compute / schema / scoring / valuation / frontend
code change. CI Python lint+test should pass on this branch with
zero regression (no Python code touched).
Stacked alongside PR #224 (Form-4 10b5-1 filter, on
`claude/magical-curie-saWfR`); both branched from same main SHA
`79bb5ae`. Land order does not matter — no scope overlap.
https://claude.ai/code/session_01SSg1tZypxdgthAYTnQyd1h
dackclup
force-pushed
the
claude/add-ci-vercel-lit-subagents
branch
from
9499304 to
3b9e708
Compare
5 tasks
dackclup
added a commit
that referenced
this pull request
May 23, 2026
…literature-searcher injection guard) (#226) * docs+agent: post-Dependabot-wave doc fixes (W1 FORM4_FETCH_SKIP + W3 literature-searcher prompt-injection guard) Output from the post-PR-#225 parallel dependency-auditor + security-reviewer spawn (2026-05-23, session 3) — actionable follow-ups from the 15-vuln Dependabot triage. 15-vuln triage outcome (no code change needed): - All 15 are next@14.2.35 SSR / middleware / Server-Actions / Image-optimization / API-route advisories → ALL route to issue #41 (Next 14→16 migration tracker) - Static-export exploitability = effectively zero (no SSR runtime, no middleware, no Server Actions, no Image endpoint, no API routes; Vercel CDN serves pre-built static HTML) - CVE baseline: 25 open (1C/8H/12M/4L) → 15 open (0C/6H/7M/2L) after PR #194's next 14.2.15→14.2.35 + postcss override closed 10 - 14 GHSA IDs confirmed; 1 (7th MODERATE) needs API confirmation when token access is restored — to be appended on issue #41 separately security-reviewer findings — 0 CRITICAL + 4 WARN; 2 land here, 2 deferred: - W1 (this PR) — FORM4_FETCH_SKIP=1 operational escape hatch was undocumented anywhere user-facing. Added §Gotchas entry in CLAUDE.md + §Security considerations entry in AGENTS.md describing the env var, where it's set (pre-merge-prod-sim.yml), and the safe default (absence = no skip) - W3 (this PR) — .claude/agents/literature-searcher.md Hard Constraints lacked an explicit untrusted-content guard against prompt injection in fetched papers / SEC HTML. Added a constraint that treats every WebFetch result as data to QUOTE + CITE, never to execute — handles "ignore previous instructions" / "fetch this other URL" / "modify your output" injection vectors - W2 deferred — compute-rankings.yml workflow-level contents:write is pre-existing + justified (commit-JSON step is the only writer); narrowing to job-scope is a future optimization - W4 deferred — log-bash.sh logs raw bash command (including inline env-var values) to gitignored .claude/session.log; severity low because file is gitignored + local-only; optional sed-scrub later Doc-only — no compute / schema / scoring / valuation / frontend / Python / TS code change. CLAUDE.md + AGENTS.md lockstep satisfied (both touched; §Phase status in-flight note added). https://claude.ai/code/session_01JwntEE4PNAXSMkZxRA9BB4 * docs(CLAUDE): polish #226 review nit — future-tense → present-tense + date docs-reviewer verdict on PR #226 (commit 35942ea) was PASS-AS-IS with one optional clarity nit (CLAUDE.md §Phase status in-flight block, line 1447): before: "1 (the 7th MODERATE) needs Dependabot-alerts-API confirmation when token access is restored." after: "1 (the 7th MODERATE) — Dependabot-alerts-API confirmation pending (token access unavailable as of 2026-05-23)." §Conventions rule: replace future-tense for unfinished work with present-tense + date so the doc doesn't rot when the "when X happens" clause becomes irrelevant. No substance change. No new file touched. https://claude.ai/code/session_01JwntEE4PNAXSMkZxRA9BB4 --------- Co-authored-by: Claude <noreply@anthropic.com>
This was referenced May 24, 2026
dackclup
added a commit
that referenced
this pull request
May 24, 2026
… ci-triage-engineer (#228) Surfaced by the post-PR-#225 live-fire of the three new sub-agents on 2026-05-23 (session 4). vercel-preview-auditor returned a clean WAIT verdict citing "Vercel MCP not reachable in subagent session" — a real infrastructure gap, not an agent prompt issue. ci-triage-engineer worked around the same gap by falling back to git history + the squash-merge commit body (correct fallback discipline) but hit GitHub API rate-limits on the unauthenticated fallback path. Root cause: the Claude Code sub-agent runtime does NOT auto-inherit MCP tools from the parent session. Each sub-agent is restricted to the tools listed explicitly in its `tools:` frontmatter field; MCP tools must be enumerated by full name `mcp__<server>__<tool>`. Two-part fix: (a) `.claude/agents/vercel-preview-auditor.md` — `tools:` frontmatter extended to list 7 Vercel MCP tools by their UUID-namespaced name (`mcp__0addee55-c9d7-44a2-b1b2-355b2d3fc4fd__*`): list_deployments / get_deployment / get_deployment_build_logs / get_runtime_logs / web_fetch_vercel_url / get_project / list_projects. Hard-constraint bullet added: "If Vercel MCP tools are NOT in your context, surface as WAIT (MCP access gap) and escalate to main; do NOT fabricate deployment status." The UUID is OAuth-connection-specific so a fresh clone by a different user would have a different UUID and the pinned frontmatter would silently fail to match — the escalation path keeps the agent useful in that scenario. (b) `.claude/agents/ci-triage-engineer.md` — `tools:` frontmatter extended to list 6 GitHub MCP tools (stable `mcp__github__*` namespace): pull_request_read / list_pull_requests / list_commits / get_commit / search_pull_requests / search_code. Hard-constraint bullet added: "If GitHub MCP unavailable, may fall back to local git history as primary evidence (squash-merge commit body, refs) — but must explicitly cite the access gap in the report; never fabricate check-run IDs or log URLs." Docs: - CLAUDE.md §Gotchas — new bullet documenting the sub-agent MCP inheritance limitation so future agent authors don't repeat the gap; lists the GitHub stable-namespace vs UUID-based connector distinction - CLAUDE.md §Phase status — in-flight entry for this PR + reworded 2 stale "in flight (this PR)" headers from PR #226 + PR #227 to "merged via PR #N" so the §Phase status tracker reflects post-merge state - AGENTS.md §Phase + version state — mirrored in-flight entry + same PR #227 stale-header reword Doc-only PR — no compute / schema / scoring / valuation / frontend / Python / TS production-code change. Tests unchanged. ruff trivially passes. https://claude.ai/code/session_01JwntEE4PNAXSMkZxRA9BB4 Co-authored-by: Claude <noreply@anthropic.com>
6 tasks
dackclup
added a commit
that referenced
this pull request
May 24, 2026
…bagent count 15 → 18 + INFLIGHT.md housekeeping (#243) User called out a recurring error from session 7: I repeatedly stated "cron Sun 22:00 UTC" in summaries despite the actual workflow schedule being Mon-Fri only. ROOT CAUSE: the handoff prompt at session start said "Next prod cron: Sun 2026-05-24 22:00 UTC (cron-#4)" and I echoed that without verifying against `.github/workflows/compute-rankings.yml`. The YAML has read `"0 22 * * 1-5"` from initial commit (verified via `git log --all -p`). Inline comment in the workflow even says "Weekends skipped (no new trading data)". Stale "Sunday/Sun 22:00 UTC" references across 4 files corrected: - CLAUDE.md:31 §Stack — "cron Sun 22:00 UTC" → "cron Mon-Fri 22:00 UTC" - docs/RESEARCH_FINDINGS.md:854 — "WEEKLY (GitHub Actions, Sunday 22:00 UTC)" → "WEEKDAY (GitHub Actions, Mon-Fri 22:00 UTC; weekends skipped)" - docs/ARCHITECTURE.md:7 mermaid diagram — "Sun 22:00 UTC" → "Mon-Fri 22:00 UTC" + edge "run weekly" → "run weekdays" - docs/stock_ranking_knowledge.md:993 — "Weekly Sunday 22:00 UTC" → "Weekday Mon-Fri 22:00 UTC: Main compute cron (weekends skipped — no new trading data)" Companion stale-info fix found during audit: - AGENTS.md:1294 — "The 15 subagents under `.claude/agents/`" → "The 18 subagents under `.claude/agents/`". The roster expanded to 18 in PR #225 (ci-triage-engineer + vercel-preview-auditor + literature-searcher). AGENTS.md:91 already said 18 — line 1294 was unsynced drift. INFLIGHT.md housekeeping (per PR #237 convention — append-only with periodic move from "In flight" → "Merged" sub-section): - PR #241 (simulate Parts 5+6+7, `e9d7836`) → moved to Merged with consolidated 4-iteration summary preserving the QR_SKIP_OSAP + QR_SKIP_CROSS_SOURCE + timeout-45→90 history - PR #242 (light-mode soften + Strong Buy nowrap + StockLogo square, `a30c017`) → moved to Merged, original entry text intact - Duplicate "## Merged (awaiting housekeeping move to CLAUDE.md)" header at line 257 deleted (was a rebase-artifact duplicate from the PR #239 + PR #240 chronology resolution); file now has exactly ONE Merged section - Old "PR (this PR) — Simulate Parts 5+6+7" body block excised (lines 201-300 of the post-rebase file) — replaced by this PR's clean Doc-staleness sweep entry in the In-flight section Audit completeness: - Schema version `0.10.2-phase4.5e` — verified current across CLAUDE.md, PHASE_STATUS.md, AGENTS.md (no stale references) - Defense layer "32 boolean flags emitted" — verified current - Subagent file count = 19 in `.claude/agents/` (18 agent files + 1 README.md) — corresponds to 18 subagents, AGENTS.md:91 + :1294 now both consistent No compute / schema / scoring / valuation / Python / TypeScript code change. Doc-only PR. PHASE_STATUS_INFLIGHT.md side-file satisfies §Conventions lockstep. https://claude.ai/code/session_01JwntEE4PNAXSMkZxRA9BB4 Co-authored-by: Claude <noreply@anthropic.com>
Merged
12 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps subagent roster
.claude/agents/from 15 → 18 to close three session-observed gaps where main-agent inline work (opus, "Weekly · all models" pool) was doing labor that should drain the underutilized "Weekly · Sonnet only" pool on Max plans.All 3 new agents are sonnet, read-only, and refuse to make decisions outside their narrow slot (no test-flipping, no production-flag verdicts, no preview-promote-to-prod, no copyright-violating mirrors).
ci-triage-engineervercel-preview-auditorlist_deployments→get_deployment_build_logs→get_runtime_logs→web_fetch_vercel_url3-route UA probeliterature-searchermethodology-scientist(opus) → judgment stays opus, fetch stays sonnet. Carries the 17-paper canonical anchor list in-prompt + refuses to re-fetch them; refuses sci-hub / libgen mirrorsTier counts
4-opus / 14-sonnet split preserved (was 4 / 11). The 4 opus agents (
quantrank-reviewer·methodology-scientist·release-captain·incident-commander) remain unchanged per CLAUDE.md spawn discipline.Doc lockstep
.claude/agents/README.md— T2 / T3 / T4 rows + roster header 15 → 18CLAUDE.md§Layout.claude/agents/row 15 → 18 + §Auto-routing policy delegation-patterns table +3 rows + cue table +3 rows + spawn discipline 4-vs-11 → 4-vs-14AGENTS.md§Project structure agents row 15 → 18 + new §Phase + version state entry (cross-tool routing: still Claude-Code-only)Non-overlapping with PR #224
This PR is stacked alongside PR #224 (Form-4 10b5-1 contamination filter,
claude/magical-curie-saWfR). Both branched from same main SHA79bb5ae. Zero file overlap — PR #224 touchescompute/scoring/form4_*.py+ schema triple; this PR touches.claude/agents/*.md+ doc roster mentions. Land order does not matter.Test plan
ruff check .claude/agents/— no Python files; clean (sanity)name:/description:/tools:/model:valid markdown YAML per existing patternHard constraints baked into each agent
--no-verifyto bypass a hook.deploy_to_vercel. NEVER promote preview to production. NEVER classify as GO if runtime log has ANY error entry.References
https://claude.ai/code/session_01SSg1tZypxdgthAYTnQyd1h
Generated by Claude Code