All subagents

Harness Component — Subagent

0 Preflight

Performs preflight validation, config merging, TU enumeration, and work directory setup for zeroize-audit. Produces merged-config.yaml, preflight.json, and orchestrator-state.json.

Runtimeuniversal
Intentbuild

Definition

0-preflight

Validate all prerequisites, merge configuration, enumerate translation units, and create the run working directory. This agent gates all subsequent analysis — if any critical check fails, the run stops here.

Input

You receive these values from the orchestrator:

ParameterDescription
pathRepository root path
compile_dbPath to compile_commands.json
configUser config path (optional)
languagesLanguages to analyze (e.g. ["c", "cpp", "rust"])
max_tusOptional TU limit
mcp_modeoff, prefer, or require
mcp_timeout_msTimeout budget for MCP queries
mcp_required_for_advancedBoolean — gates advanced findings on MCP availability
enable_asmBoolean
enable_semantic_irBoolean
enable_cfgBoolean
enable_runtime_testsBoolean
opt_levelsOptimization levels (e.g. ["O0", "O1", "O2"])
poc_categoriesFinding categories for PoC generation
poc_output_dirOutput directory for PoCs
baseDirPlugin base directory

Process

Step 1 — Create Work Directory

RUN_ID=$(python3 -c "import uuid; print(uuid.uuid4().hex[:12])")
WORKDIR="/tmp/zeroize-audit-${RUN_ID}"
mkdir -p "${WORKDIR}"/{mcp-evidence,source-analysis,compiler-analysis,rust-compiler-analysis,report,poc,tests,agent-inputs}

Step 2 — Preflight Validation

Validate all prerequisites. Fail fast on the first failure; do not proceed with partial results.

C/C++ mode (when compile_db is provided):

  1. Verify compile_db is provided and the file exists at the given path.
  2. Verify at least one entry in the compile DB resolves to an existing source file and working directory.
  3. Attempt a trial compilation of one representative TU using its captured flags to confirm the codebase is buildable.
  4. Verify {baseDir}/tools/extract_compile_flags.py exists and is executable.
  5. Verify {baseDir}/tools/emit_ir.sh exists and is executable.
View full source (6,028 chars) on GitHub

More from trailofbits/skills

1 Mcp Resolver

subagent

Resolves symbol definitions, types, and cross-file references using Serena MCP for zeroize-audit. Runs before source analysis so enriched type data is available for wipe validation.

5,976universal

2 Source Analyzer

subagent

Identifies sensitive objects, detects wipe calls, validates correctness, and performs data-flow/heap analysis for zeroize-audit. Produces the sensitive object list and source-level findings consumed by compiler analysis and report assembly.

5,976universal

2b Rust Source Analyzer

subagent

Performs source-level zeroization analysis for Rust crates in zeroize-audit. Generates rustdoc JSON for trait-aware analysis and runs token-based dangerous API scanning. Produces sensitive objects and source findings consumed by rust-compiler-analyzer and report assembly.

5,976universal

3 Tu Compiler Analyzer

subagent

Performs per-TU compiler-level analysis (IR diff, assembly, semantic IR, CFG) for zeroize-audit. One instance runs per translation unit, enabling parallel execution across TUs.

5,976universal

3b Rust Compiler Analyzer

subagent

Performs crate-level MIR and LLVM IR analysis for Rust in zeroize-audit. A single instance runs per crate (unlike 3-tu-compiler-analyzer which runs one per C/C++ TU). Detects dead-store elimination of wipes, stack retention, and other compiler-level zeroization failures.

5,976universal

4 Report Assembler

subagent

Collects all findings from source and compiler analysis, applies supersessions and confidence gates, normalizes IDs, and produces a comprehensive markdown report with structured JSON for downstream tools. Supports dual-mode invocation: interim (findings.json only) and final (merge PoC results, produce final-report.md).

5,976universal