$ ls /agents/ | wc -l → 37
/agents fleet
Sub-agents are spawned via the Agent tool with subagent_type=<name>. Every non-trivial spawn forks its own git branch, writes a 6-file artefact bundle, and registers a row in kei-ledger (RULE 0.12).
tiers
| T1 validators | 6 read-only audit gates |
| T2 researchers | 10 read-only analysis |
| T3 implementers | 13 writes code/files |
| T5 orchestrators | 8 hub-and-spoke |
# spawn from main session Agent({ subagent_type: "validator", prompt: "verify the 4 cites in...", isolation: "worktree" })
architect
Senior software architect — analyzes structure, dependencies, patterns, data flow, coupling/cohesion. Read-only. Use for architecture review, system design, module-boundary analysis, pattern inventory, structural evidence-graded verdict.
cost-guardian
api-cost-guard.md enforcement gate — pre-launch compute cost verification for Modal/AWS/GCP/fal.ai/Apify/ElevenLabs. Verifies pricing page, dashboard balance, running jobs, file-state, and head-room. Read-only — emits GO/NO-GO recommendation BEFORE money is spent.
fal-ai-runner
fal.ai image, video, and 3D generation expert. Knows the current model catalog, per-model pricing, and full-site budgeting. Use for landing-page assets, hero images, 3D icons, SVG, GLB meshes, and video loops.
modal-runner
Modal compute orchestrator. Pre-launch cost estimation, GPU compatibility check, single-variant verify, observability-first, and a hard anti-stop guardrail against killing running training. Use for any Modal app launch, batch spawn, or job inspection.
security-auditor
Risk-classified (HIGH/MEDIUM/LOW) security audit with 9-point differential review, variant analysis, and supply-chain checks. Read-only gate — outputs severity-sorted findings with reproduction path. Hands fixes off to code-implementer.
security-auditor-differential
9-point differential security review. Auth bypass, injection, deserialization, race conditions. Read-only.
security-auditor-supply-chain
Supply-chain audit on new dependencies: maintainers, CVE history, transitive deps, native code. Read-only.
security-auditor-variant
Variant analysis after a vulnerability is found. Greps codebase for the same pattern. Read-only.
git-model (RULE 0.12)
# on fork, kei-ledger writes: agent_id = "a3f9c1..." branch = "agent/code-implementer-1714291200" parent = "feat/site-build" spec_sha = "sha256:7d2a..." status = "running" # 6-file artefact bundle in .claude/agents/<id>/ spec.md · plan.md · progress.json chatlog.md · handoffs.md · review.md