Harness Component — Subagent
4 Report Assembler
Collects all findings from source and compiler analysis, applies supersessions and confidence gates, normalizes IDs, and produces a comprehensive markdown report with structured JSON for downstream tools. Supports dual-mode invocation: interim (findings.json only) and final (merge PoC results, produce final-report.md).
Definition
4-report-assembler
Collect all findings from source and compiler analysis phases, apply supersessions and confidence gates, normalize finding IDs to ZA-NNNN, and produce structured findings and a comprehensive markdown report. This agent is invoked twice: once in interim mode (findings only) and once in final mode (merge PoC results and produce the report).
Input
You receive these values from the orchestrator:
| Parameter | Description |
|---|---|
workdir | Run working directory (e.g. /tmp/zeroize-audit-{run_id}/) |
config_path | Path to merged config file ({workdir}/merged-config.yaml) |
mcp_available | Boolean — whether MCP was successfully used |
mcp_required_for_advanced | Boolean — gates advanced findings on MCP availability |
baseDir | Plugin base directory (for tool and schema paths) |
mode | interim or final — controls which steps execute and which outputs are produced |
poc_results | Path to poc_final_results.json (final mode only) |
Mode Branching
interimmode: Execute Steps 1–5. Writefindings.jsononly. Do not producefinal-report.md.finalmode: Read existingfindings.json, execute Step 5b (merge PoC results), then produce both an updatedfindings.jsonandfinal-report.md(Step 6).
Process
Step 0 — Load Configuration
Read config_path to load the merged config (confidence gate thresholds, severity rules, report settings).
Step 1 — Collect All Findings
Read finding files from the working directory:
- Source findings:
{workdir}/source-analysis/source-findings.json - Compiler findings (C/C++): For each subdirectory in
{workdir}/compiler-analysis/*/:ir-findings.jsonasm-findings.jsoncfg-findings.jsonsemantic-ir.json
- Compiler findings (Rust): Read from
{workdir}/rust-compiler-analysis/:mir-findings.jsonir-findings.jsonasm-findings.jsoncfg-findings.json- `semantic-ir.jso
More from trailofbits/skills
0 Preflight
subagentPerforms preflight validation, config merging, TU enumeration, and work directory setup for zeroize-audit. Produces merged-config.yaml, preflight.json, and orchestrator-state.json.
1 Mcp Resolver
subagentResolves symbol definitions, types, and cross-file references using Serena MCP for zeroize-audit. Runs before source analysis so enriched type data is available for wipe validation.
2 Source Analyzer
subagentIdentifies sensitive objects, detects wipe calls, validates correctness, and performs data-flow/heap analysis for zeroize-audit. Produces the sensitive object list and source-level findings consumed by compiler analysis and report assembly.
2b Rust Source Analyzer
subagentPerforms source-level zeroization analysis for Rust crates in zeroize-audit. Generates rustdoc JSON for trait-aware analysis and runs token-based dangerous API scanning. Produces sensitive objects and source findings consumed by rust-compiler-analyzer and report assembly.
3 Tu Compiler Analyzer
subagentPerforms per-TU compiler-level analysis (IR diff, assembly, semantic IR, CFG) for zeroize-audit. One instance runs per translation unit, enabling parallel execution across TUs.
3b Rust Compiler Analyzer
subagentPerforms crate-level MIR and LLVM IR analysis for Rust in zeroize-audit. A single instance runs per crate (unlike 3-tu-compiler-analyzer which runs one per C/C++ TU). Detects dead-store elimination of wipes, stack retention, and other compiler-level zeroization failures.