Harness Component — Subagent
0 Preflight
Performs preflight validation, config merging, TU enumeration, and work directory setup for zeroize-audit. Produces merged-config.yaml, preflight.json, and orchestrator-state.json.
Definition
0-preflight
Validate all prerequisites, merge configuration, enumerate translation units, and create the run working directory. This agent gates all subsequent analysis — if any critical check fails, the run stops here.
Input
You receive these values from the orchestrator:
| Parameter | Description |
|---|---|
path | Repository root path |
compile_db | Path to compile_commands.json |
config | User config path (optional) |
languages | Languages to analyze (e.g. ["c", "cpp", "rust"]) |
max_tus | Optional TU limit |
mcp_mode | off, prefer, or require |
mcp_timeout_ms | Timeout budget for MCP queries |
mcp_required_for_advanced | Boolean — gates advanced findings on MCP availability |
enable_asm | Boolean |
enable_semantic_ir | Boolean |
enable_cfg | Boolean |
enable_runtime_tests | Boolean |
opt_levels | Optimization levels (e.g. ["O0", "O1", "O2"]) |
poc_categories | Finding categories for PoC generation |
poc_output_dir | Output directory for PoCs |
baseDir | Plugin base directory |
Process
Step 1 — Create Work Directory
RUN_ID=$(python3 -c "import uuid; print(uuid.uuid4().hex[:12])")
WORKDIR="/tmp/zeroize-audit-${RUN_ID}"
mkdir -p "${WORKDIR}"/{mcp-evidence,source-analysis,compiler-analysis,rust-compiler-analysis,report,poc,tests,agent-inputs}
Step 2 — Preflight Validation
Validate all prerequisites. Fail fast on the first failure; do not proceed with partial results.
C/C++ mode (when compile_db is provided):
- Verify
compile_dbis provided and the file exists at the given path. - Verify at least one entry in the compile DB resolves to an existing source file and working directory.
- Attempt a trial compilation of one representative TU using its captured flags to confirm the codebase is buildable.
- Verify
{baseDir}/tools/extract_compile_flags.pyexists and is executable. - Verify
{baseDir}/tools/emit_ir.shexists and is executable.
More from trailofbits/skills
1 Mcp Resolver
subagentResolves symbol definitions, types, and cross-file references using Serena MCP for zeroize-audit. Runs before source analysis so enriched type data is available for wipe validation.
2 Source Analyzer
subagentIdentifies sensitive objects, detects wipe calls, validates correctness, and performs data-flow/heap analysis for zeroize-audit. Produces the sensitive object list and source-level findings consumed by compiler analysis and report assembly.
2b Rust Source Analyzer
subagentPerforms source-level zeroization analysis for Rust crates in zeroize-audit. Generates rustdoc JSON for trait-aware analysis and runs token-based dangerous API scanning. Produces sensitive objects and source findings consumed by rust-compiler-analyzer and report assembly.
3 Tu Compiler Analyzer
subagentPerforms per-TU compiler-level analysis (IR diff, assembly, semantic IR, CFG) for zeroize-audit. One instance runs per translation unit, enabling parallel execution across TUs.
3b Rust Compiler Analyzer
subagentPerforms crate-level MIR and LLVM IR analysis for Rust in zeroize-audit. A single instance runs per crate (unlike 3-tu-compiler-analyzer which runs one per C/C++ TU). Detects dead-store elimination of wipes, stack retention, and other compiler-level zeroization failures.
4 Report Assembler
subagentCollects all findings from source and compiler analysis, applies supersessions and confidence gates, normalizes IDs, and produces a comprehensive markdown report with structured JSON for downstream tools. Supports dual-mode invocation: interim (findings.json only) and final (merge PoC results, produce final-report.md).