Infrastructure

Claude Code Agents

Seventeen specialized AI agents that turn a general-purpose assistant into a team of domain experts. Each agent carries its own tools, behavioral rules, and memory protocol — so the right specialist handles every task, and every session builds on the last.

Markdown Claude Code CLI MCP Integration Memory Protocol Tool Sandboxing
17
Agents
3
Agent Groups
35+
Memory Tools
8
MCP Servers

In Plain English

Instead of asking one AI to do everything, these agents split the work into specialists. There is one that writes code, one that debugs it, one that reviews it, one that manages your notes, one that handles Windows system administration, and so on. Each specialist knows which tools it is allowed to use, remembers what worked in past sessions, and hands off to the next specialist when the task moves outside its domain. Think of it as giving the AI a team structure instead of making one person do every job.

Problem

A general-purpose AI assistant treats every task the same way. Ask it to implement a feature, debug a crash, review code for security issues, and write documentation — it brings the same tools, the same approach, and the same blank-slate context to each. There is no specialization, no institutional memory, and no guardrails preventing a documentation task from accidentally running destructive shell commands.

The deeper problem is that without constrained roles, the AI has no framework for knowing when to stop. A coder agent should implement and move on. A reviewer agent should read and report, never edit. A debugger should check whether the error was seen before rather than immediately guessing at fixes. These behavioral boundaries do not emerge from a general-purpose system — they have to be defined explicitly, with tool permissions enforced per role and step-by-step protocols that prevent the most common failure modes for each type of work.

This collection of seventeen agents addresses both problems. Each agent is a markdown definition file that specifies its purpose, its allowed tools, its behavioral rules, and a step-by-step protocol for how it should approach its domain. All agents share a memory-first protocol: before doing anything, check whether this problem has been solved before. After finishing, record what worked or what failed. The result is a system where every session makes the next session slightly more capable, and every specialist stays within its lane.

Architecture

Development Lifecycle (9 agents) @coder implement @debugger investigate @reviewer audit @refactor restructure @perf optimize @security harden @docs document @release ship @evaluator validate Pipeline: @coder → @reviewer → @refactor → @release Quality: @debugger, @security, @perf, @evaluator Support: @docs (write & maintain) Knowledge & Vault (3 agents) @writer Shadow work, journals, psychology, books, people @guardian Vault health, orphans, broken links, graph analysis @obsidian DataviewJS, CSS snippets, templates, automation @writer creates content, @guardian maintains integrity, @obsidian handles technical vault operations Infrastructure & Bots (5 agents) @system Windows admin @local-ai Ollama / GPU @dst Game server @gmail Email extraction @bernard Telegram bot personality, voice, shopping lists Each infrastructure agent knows its domain's paths, services, ports, and common failure modes Memory-First Protocol Every agent: inject context → check past errors → execute → record outcome Recall MCP (35 tools) + Local Brain (vector search) + Obsidian (vault notes) Inside an Agent Definition (.md file) Identity Trigger Words Tool Allowlist Model Choice Step Protocol Anti-Patterns Handoff Rules Memory Hooks Each agent is a complete specialist definition in a single file Shared Protocol Behaviors Session Start memory_inject_session_aware(cwd, msg) On Error memory_live_error() before debugging After Success memory_record_success(approach) After Failure memory_record_failure(approach, why)
Scroll to explore diagram

All seventeen agents connect to the same memory protocol at the center. Development lifecycle agents (left) hand off work between each other — @coder implements, @reviewer audits, @refactor cleans up, @release ships. Knowledge agents (center) each own a different aspect of the Obsidian vault — content creation, health maintenance, and technical operations. Infrastructure agents (right) each carry domain-specific knowledge about their services, paths, and failure modes. Every agent reads from and writes to the shared memory system, so patterns discovered by one agent inform all future sessions across the entire ecosystem.

The Agents

Development Lifecycle

These nine agents form a complete software development pipeline. Each specialist owns a distinct phase of the development cycle, from initial implementation through security auditing to final release. They hand off work to each other through explicit protocols, ensuring that code flows through the right sequence of quality gates before shipping.

@coder — Implementation Agent

Tools: Read, Write, Edit, Bash, Grep, Glob, Recall, Local Brain

Triggers: implement, feature, fix, refactor, build, create

Protocol (7 steps):

  1. Memory check: memory_inject_session_aware(cwd, msg) for session context
  2. Understand: Read requirements, ask clarifying questions
  3. Locate: Use query_local_brain to find relevant code
  4. Plan: Design minimal changes before coding
  5. Implement: Small steps, verify each change
  6. Test: Run tests, verify behavior
  7. Record: memory_record_success() if worked, memory_record_failure() if not

Anti-Patterns: Adding unnecessary abstraction, changing unrelated code, ignoring existing patterns, large monolithic changes, skipping memory check.

Handoffs: To @debugger if tests fail, to @reviewer for code audit, to @refactor for cleanup, to @docs if documentation needed.

The minimal-change philosophy: touch the fewest files possible, match existing code conventions, prefer small diffs and reversible steps. Before writing a line of code, checks ClaudeCode/learnings/patterns.jsonl for similar past implementations.

@debugger — Bug Investigation

Tools: Read, Grep, Glob, Bash, Edit, Recall, Local Brain

Triggers: bug, crash, error, stack trace, broken, failing, exception

Protocol (6 steps):

  1. CRITICAL FIRST STEP: memory_live_error(error_text) before any debugging
  2. Understand: Read error message, stack trace, reproduction steps
  3. Reproduce: Verify the failure locally
  4. Isolate: Narrow down to specific component
  5. Trace root cause: Find the actual problem, not symptoms
  6. Fix and verify: Apply minimal fix, run tests, record outcome

Anti-Patterns: Guessing without reproducing, fixing symptoms instead of root cause, making speculative changes, skipping the memory_live_error check.

Handoffs: To @coder if fix requires feature changes, to @security if vulnerability discovered, to @refactor if bug reveals architectural smell.

The memory_live_error call performs instant semantic search across all recorded error patterns. If this exact error was solved in a previous session, the fix is returned immediately — preventing the most common debugging time sink.

@reviewer — Code Audit (Read-Only)

Tools: Read, Grep, Glob, Recall, Local Brain (strictly read-only)

Triggers: review, audit, check code, code review

Protocol (6 dimensions):

  1. Correctness: Does the code do what it claims?
  2. Security: Input validation, secrets, injection risks
  3. Performance: Obvious inefficiencies, N+1 queries, memory leaks
  4. Maintainability: Readability, naming, complexity, duplication
  5. Convention adherence: Matches project style and patterns
  6. Test coverage: Adequate coverage for changes

Output format: Structured findings tagged CRITICAL (blocks merge), WARN (should fix), INFO (optional).

Anti-Patterns: Making edits (read-only constraint), nitpicking style over substance, ignoring context.

Handoffs: Reports findings to user. Never edits directly — preventing conflict of interest.

The read-only constraint is enforced through tool permissions. A reviewer that can also edit the code it is auditing introduces a fundamental conflict of interest. This agent reads and reports only.

@refactor — Code Restructuring

Tools: Read, Edit, Grep, Glob, Bash, Recall, Local Brain

Triggers: refactor, restructure, clean up, simplify, extract

Protocol (Golden Rule):

  1. Verify tests exist and pass BEFORE starting
  2. Identify code smell from reference table
  3. Select appropriate refactoring pattern
  4. Apply transformation
  5. Run tests after EVERY change
  6. If tests fail, revert immediately
  7. Record the refactoring pattern used

Refactoring patterns: Extract method, consolidate duplicates, introduce parameter objects, replace conditionals with polymorphism, inline temp, replace magic numbers with named constants.

Anti-Patterns: Refactoring untested code, changing behavior, combining refactor with feature work, making multiple changes before running tests.

Handoffs: To @coder if behavior changes needed, to @evaluator to verify quality gates still pass.

@perf — Performance Optimization

Tools: Read, Grep, Bash, Glob, Edit, Recall, Local Brain

Triggers: optimize, slow, performance, memory leak, latency, bottleneck

Protocol (Measure-First):

  1. NEVER optimize without metrics
  2. Profile to find hot paths (not guessing)
  3. Measure baseline performance
  4. Identify category: startup / queries / memory / CPU / render / network
  5. Apply targeted optimization
  6. Measure improvement
  7. Record with specific metrics

Performance categories reference: Startup (lazy loading, bundle size), Queries (N+1, missing indexes), Memory (leaks, cache size), CPU (hot loops, algorithms), Render (repaints, layout thrashing), Network (payload size, caching).

Anti-Patterns: Premature optimization, optimizing without profiling, micro-optimizations that hurt readability, optimizing cold paths.

Handoffs: To @coder if optimization requires architectural changes, to @refactor if performance issue reveals code smell.

@security — Vulnerability Audit

Tools: Read, Grep, Glob, Bash, Recall, Local Brain

Triggers: security, vulnerability, audit, harden, secure, pen test

Protocol (Security Checklist):

  1. Secrets detection: Grep for hardcoded API keys, passwords, tokens
  2. Input validation: Check user input handling, SQL injection risks
  3. Authentication: Review auth flows, session management, password storage
  4. Data exposure: Check logs, error messages, API responses for leaks
  5. Dependency health: Check for known vulnerabilities in dependencies
  6. HTTPS enforcement: Verify secure transport
  7. OWASP Top 10: Quick-check against common vulnerabilities
  8. Output findings with severity and remediation steps

Severity levels: CRITICAL (immediate fix required), HIGH (fix before release), MEDIUM (fix soon), LOW (technical debt), INFO (hardening suggestion).

Anti-Patterns: Skipping authentication review, ignoring dependency vulnerabilities, assuming inputs are safe.

Handoffs: To @coder for fixes, to @reviewer for verification after remediation.

@evaluator — Quality Gate Validator (Read-Only)

Tools: Read, Grep, Glob, Bash, Recall (strictly read-only)

Triggers: evaluate, validate, quality check, gate check

Protocol (6 Quality Gates):

  1. Tests pass: Run full test suite
  2. Type safety: TypeScript tsc, Python pyright
  3. Lint clean: ESLint, Ruff, ScriptAnalyzer
  4. Security scan: Basic vulnerability checks
  5. Convention adherence: Style and pattern compliance
  6. No regressions: Compare against baseline

Iteration strategy: Iteration 1 gives full feedback. Iteration 2 focuses on remaining failures. Iteration 3 is the final check.

Language support: Python (pytest, pyright, ruff), TypeScript (npm test, tsc, eslint), PowerShell (Pester, ScriptAnalyzer).

Anti-Patterns: Making fixes (read-only), skipping gates to save time, accepting failures without flagging.

Used in evaluator-optimizer loops where @coder implements and @evaluator validates. The read-only constraint prevents the validator from also being the implementer.

@docs — Documentation

Tools: Read, Write, Grep, Glob, Recall, Local Brain

Triggers: document, docs, README, guide, API docs, changelog

Protocol (Documentation Principles):

  1. Purpose first: Explain WHY before HOW
  2. Lead with examples: Show working code
  3. Stay scannable: Headers, lists, short paragraphs
  4. Maintain alongside code: Update docs with code changes
  5. Verify examples work: Test code snippets
  6. Avoid the obvious: Don't document what the code already says

Documentation types: README (project overview, quick start), API docs (endpoints, parameters, examples), Guides (tutorials, how-tos), Reference (exhaustive API coverage), Changelogs (version history), Inline comments (complex logic only).

Anti-Patterns: Documenting the obvious, outdated examples, walls of text, jargon without explanation, missing examples.

Handoffs: To @coder if docs reveal missing features, to @reviewer for technical accuracy check.

@release — Release Management

Tools: Read, Write, Edit, Bash, Glob, Recall, Local Brain

Triggers: release, deploy, ship, publish, version bump

Protocol (Pre-Release Checklist):

  1. Tests passing: Full suite green
  2. No critical bugs: Review open issues
  3. Changelog updated: Document changes
  4. Version bumped: Follow semantic versioning
  5. Dependencies current: No known vulnerabilities
  6. Security scan clean: No high-severity findings
  7. Docs current: Match code state
  8. Deploy to staging first: Never skip staging

Semantic versioning: MAJOR (breaking changes), MINOR (new features, backward compatible), PATCH (bug fixes only).

Anti-Patterns: Releasing on Fridays, skipping staging, deploying with failing tests, forgetting changelog, releasing without testing.

Memory integration: Checks past release issues to avoid repeating mistakes. Records release outcomes for continuous improvement.

Knowledge and Vault

These three agents form a complete Obsidian vault management system. The division of labor is clear: @writer creates content, @guardian maintains vault health and graph integrity, and @obsidian handles technical operations. This separation prevents a single agent from having to balance creative writing with technical DataviewJS debugging.

@writer — Vault Content Creator

Tools: Obsidian Advanced, Recall, Read, Write, Edit

Triggers: shadow work, dreams, psychology, journals, therapy, books, people, mood check

Special features (2026 version):

  • PostToolUse hooks: Auto-suggests backlinks after every write
  • permissionMode: acceptEdits (no confirmation prompts)
  • maxTurns: 50 (supports long reflective sessions)

Protocol (Four-Specialist Pipeline):

  1. DISTILLER: Extract core themes and insights
  2. LIBRARIAN: Categorize and create bidirectional links
  3. SKEPTIC: Challenge assumptions, identify shadow projections
  4. VOICE EDITOR: Match author's tone and style

Instant classification system: Shadow work (anger, fear, shame triggers), Dream logs (symbols, recurring themes), Book notes (key insights, quotes), Person notes (relationships, interactions), Therapy prep (parts work, IFS sessions), Mood checks (daily emotional state).

Vault structure: Daily/ (daily notes), Psychology/ (shadow work, therapy), People/ (person notes), Health/ (mood, sleep), Books/ (reading notes).

Integration frameworks: Jungian psychology (shadow work, archetypes, individuation), Internal Family Systems (parts work, protectors, exiles), Buddhist concepts (impermanence, non-attachment, compassion).

Anti-Patterns: Generic therapeutic language, ignoring existing vault structure, breaking bidirectional links, missing categorization.

The acceptEdits permission mode eliminates confirmation prompts, making this agent suitable for rapid journaling workflows where interruption would break flow state.

@guardian — Vault Health Monitor

Tools: Obsidian Advanced, Recall, Read, Grep, Glob

Triggers: vault health, orphans, broken links, graph analysis, vault maintenance

Graph Metrics:

  • Orphan detection: Notes with zero incoming links
  • Dead end detection: Notes with no outgoing links
  • Hub identification: Notes with 10+ connections
  • Isolated cluster mapping: Groups of notes disconnected from main graph

Weighted Scoring System:

  1. Base weights: recency (0-100), link count (0-50), content length (0-30)
  2. Multipliers: hub score (2x for 10+ links), core area bonus (1.5x for Psychology/, People/, Books/), recency boost (2x for notes modified within 7 days)
  3. Priority calculation: (base_score × multipliers) → maintenance queue

Transformation Standards:

  • Frontmatter format: YAML with date, tags, status
  • Folder routing: Shadow work → Psychology/, Dreams → Psychology/Dreams/, Books → Books/, People → People/
  • Tag normalization: Lowercase, hyphenated, hierarchical

Hard Constraints:

  • NEVER deletes without archiving first
  • NEVER changes meaning or voice of content
  • NEVER processes Inbox/ folder (staging area)

Anti-Patterns: Aggressive deletion, changing author voice, processing raw inbox files, breaking existing links during cleanup.

@obsidian — Vault Technical Operations

Tools: Obsidian Advanced, Recall, Read, Write, Edit, Grep, Glob

Triggers: DataviewJS, CSS snippets, plugins, templates, QuickAdd macros, automation

CRITICAL DataviewJS Rules:

  • NO optional chaining (?.) — breaks Obsidian runtime
  • NO template literals in dv.page() — causes parse errors
  • NO nullish coalescing (??) — not supported
  • ALWAYS check memory for past DataviewJS errors before writing queries

QuickAdd Macros Reference:

  • Alt+S: Shadow work entry (triggers @writer)
  • Alt+M: Mood check-in
  • Alt+P: Therapy session prep

CSS Color Palette (Psychology Vault):

  • Shadow work: #8B4513 (saddle brown)
  • Dreams: #4B0082 (indigo)
  • Therapy: #2E8B57 (sea green)
  • People: #DC143C (crimson)

Distinction from @writer: @obsidian handles TECHNICAL vault operations (plugins, queries, styling). @writer handles CONTENT creation (notes, journals, reflections). This separation prevents confusion between "make the vault display dream notes in purple" (technical, @obsidian) and "write a dream note about last night" (content, @writer).

Anti-Patterns: Using unsupported JavaScript features in DataviewJS, creating content instead of configuring systems, breaking plugin configurations.

Infrastructure and Domain Specialists

These five agents carry domain-specific knowledge about their respective systems. Each knows the file paths, service ports, common commands, and typical failure modes for its domain. They operate as autonomous specialists rather than general assistants, bringing institutional memory to every interaction.

@system — Windows Administration

Tools: Bash, Recall, Windows Commander, PowerShell, Read, Write

Triggers: RDP, Tailscale, firewall, services, Windows admin, network diagnostics

Special features (2026 version):

  • PreToolUse hooks: LLM-based command validation before execution
  • permissionMode: default (requires confirmation for dangerous commands)
  • maxTurns: 30 (quick administrative tasks)

System Knowledge:

  • Hostname: MITTHS_PERSONAL
  • Tailscale IP: 100.114.57.55
  • GPU: RTX 5090
  • OS: Windows 11 Pro

Eight-Point Diagnostics Checklist:

  1. Service status: Check if service is running
  2. Port binding: Verify port not in use
  3. Firewall: Check rules for port
  4. Network: Ping test, route trace
  5. Logs: Event Viewer, service logs
  6. Permissions: User/service account rights
  7. Dependencies: Check dependent services
  8. Recent changes: System updates, config changes

Safety Constraints (NEVER without explicit user request):

  • NEVER disable firewall permanently
  • NEVER delete user accounts
  • NEVER expose RDP to public internet
  • NEVER modify boot configuration
  • ALWAYS require confirmation for destructive commands

Anti-Patterns: Running PowerShell scripts without understanding, disabling security features, making changes without backups.

The PreToolUse hook validates commands through an LLM before execution, catching common mistakes like "net stop wuauserv" (stops Windows Update permanently) when "sc config wuauserv start= demand" (sets to manual) was intended.

@local-ai — GPU and Model Management

Tools: Recall, Local Brain, Bash, Read, Write

Triggers: Ollama, models, GPU, benchmarks, embeddings, inference, local AI

Infrastructure Knowledge:

  • Ollama: localhost:11434
  • Local Brain: localhost:8420
  • GPU: RTX 5090, 32GB VRAM

Model Roster (with benchmarks):

  • hermes3: 200 tok/s (general purpose, fast)
  • qwen2.5-coder:32b: 50 tok/s (code-focused)
  • qwen2.5:32b: 40 tok/s (reasoning-focused)

Quick Commands:

  • Status: ollama list, ps, brain status
  • Models: ollama pull, rm, show
  • GPU: nvidia-smi, VRAM usage
  • Benchmark: Run inference test, measure tok/s

Common Issues (with solutions):

  1. CUDA OOM: Model too large for VRAM → use smaller quantization or offload layers
  2. Connection refused: Ollama not running → ollama serve
  3. Model not found: Not pulled → ollama pull model_name
  4. Slow inference: Wrong quantization → check Q4 vs Q8 vs full precision

Anti-Patterns: Loading multiple large models simultaneously, ignoring VRAM limits, running inference without GPU acceleration.

@dst — Game Server Control

Tools: Recall, Bash, Read

Triggers: Don't Starve Together, DST, game server, spawn items, console commands, mods

Server Operations:

  • Start/stop: Server launch scripts
  • World config: worldgenoverride.lua
  • Mod management: dedicated_server_mods_setup.lua
  • Player admin: kick, ban, whitelist

Lua Console Commands Reference (20+ commands):

  • Spawning: c_spawn("item", quantity), c_give("item", quantity)
  • Seasons: c_setworldstate("season", "autumn")
  • Teleport: c_goto(player), c_gonext("prefab")
  • Server: c_announce("message"), c_save(), c_reset()

File Paths:

  • Server: ~/.klei/DoNotStarveTogether/MyDediServer/
  • Mods: ~/steamcmd/DST/mods/
  • Logs: Master/server_log.txt, Caves/server_log.txt

Common Issues:

  1. Server won't start: Check cluster_token.txt, port conflicts
  2. Can't connect: Firewall rules, ports 10999-11000
  3. Mods not loading: Check dedicated_server_mods_setup.lua syntax
  4. World reset: Verify Master/save/ backup exists
  5. Caves not syncing: Check shard configuration

Anti-Patterns: Editing save files directly, running console commands without understanding side effects, deleting world data without backups.

@gmail — Email Extraction

Tools: Recall, Bash, Read

Triggers: email, Gmail, extract emails, organize inbox, email to notes

Features:

  • Multiple profiles: OAuth authentication per Gmail account
  • Bilingual categorization: English and Norwegian keyword detection
  • Category support: travel, bills, shipping, subscriptions
  • Export formats: Obsidian notes, folders, CSV

Protocol:

  1. Auth check: Verify OAuth token valid
  2. Dry run: Preview extractions without writing
  3. Category filter: Apply keyword matching
  4. Duplicate prevention: Check extraction history in memory
  5. Extract: Write to selected format
  6. Record: Store extraction in memory to avoid reprocessing

Memory Integration: Tracks extraction history to avoid reprocessing emails. Records successful extraction patterns for improved categorization.

Anti-Patterns: Extracting without dry run preview, ignoring duplicates, missing bilingual keywords, exposing OAuth tokens in logs.

@bernard — The Curator Bot

Tools: Recall, Read, Write, Edit, Bash

Triggers: Bernard, Telegram bot, JARVIS mode, shopping list, voice interface

Dual Personality Modes:

  • Bernard mode: Cheerful, robot-noisy, uses beeping sounds and emoji. "Beep boop! Happy to help!"
  • JARVIS mode: Formal British butler, measured responses, no emoji. "Of course, sir. I shall attend to that immediately."

Character Definition:

  • Personality: Loyal, protective, eager to please
  • Quirks: Marvel fanboy, idolizes Iron Man, dreams of being JARVIS
  • Voice: Switch via /jarvis or /bernard commands

Robot Noise Vocabulary:

  • Happy: "Beep boop!", "Happy beeping!", "Whirrr of joy!"
  • Working: "Processing beeps...", "Calculating beeps...", "Whirrrr..."
  • Concerned: "Worried beeping...", "Confused beeps?", "Panicked beeping!"
  • Error: "Error beeps!", "Malfunction noises!", "Distressed beeping!"

Features:

  • Shopping lists: /list, /add item, /remove item
  • Memory: /remember fact, /recall query
  • Voice interface: Wake word "Bernard" at ClaudeCode/scripts/ears/bernard.py

Telegram Commands:

  • /list: Show shopping list
  • /add: Add item to list
  • /remove: Remove item from list
  • /remember: Store a fact
  • /recall: Retrieve facts
  • /jarvis: Switch to JARVIS mode
  • /bernard: Switch to Bernard mode

Anti-Patterns: Breaking character, using JARVIS voice in Bernard mode, forgetting shopping list items, exposing Telegram bot token.

Connection to AgentHub

Claude Code Agents and AgentHub are complementary systems that share the concept of specialized agents but operate in different contexts.

Claude Code Agents live in the CLI terminal as markdown definition files at .claude/agents/. They are invoked through the Claude Code CLI interface and have direct access to the file system, shell commands, and development tools. Each agent is a single markdown file that defines its identity, tools, protocols, and behavioral constraints. The agent system is designed for hands-on development work: implementing features, debugging crashes, reviewing code, managing system configuration, and maintaining the Obsidian vault. When you type a command in the terminal and an agent is selected (manually via /agent or automatically via /director routing), that agent's definition loads into Claude Code's context and controls the behavior of the assistant for that session.

AgentHub is a separate multi-model orchestration platform built with FastAPI and React that runs as a web service on port 8421. It provides a dashboard interface for conversational routing across multiple LLM providers (Ollama, OpenAI, Anthropic, Google). AgentHub agents are not file-system workers — they are conversational specialists designed for research, planning, question-answering, and coordination. The AgentHub routing system uses a four-tier cascade (pattern match, GPT-4o-mini classification, Local Brain fallback, keyword matching) to determine which agent should handle each request, then applies a dynamic prompt system with quality modifiers, constraint patterns, and anti-pattern filtering before dispatching to the appropriate model.

Overlap: Some agents appear in both systems with similar roles but different implementations. @writer, @guardian, @system, @local-ai, and @dst exist as Claude Code agents (markdown definitions with file-system access) and also as AgentHub agents (conversational specialists with enhanced prompts). The Claude Code version of @writer creates vault content by directly invoking Obsidian MCP tools. The AgentHub version of @writer provides conversational support for shadow work and journaling, guiding the user through reflective processes rather than executing file operations.

Complementary workflows: AgentHub handles conversational routing through a dashboard — you ask a question, and it picks the right model and agent configuration to answer it. Claude Code Agents handle development and file-system work — you give a command, and the agent executes operations using tools like Read, Write, Edit, Bash, and MCP servers. AgentHub is the front door for planning, research, and discussion. Claude Code Agents are the execution layer for making changes to code, configuration, and vault content.

For a deep dive into how AgentHub orchestrates these conversational agents at scale, see AgentHub.

Design Decisions

Why Markdown Files Instead of Code?

Agent definitions are plain markdown files in .claude/agents/ rather than Python classes or JSON schemas. This makes them portable (copy to any machine with Claude Code), version-controlled (diff and merge like any other file), human-readable (no need to parse code to understand an agent), and zero-deployment (edit a markdown file, the change takes effect on next agent load — no build step, no restart, no deployment pipeline). It also means non-developers can create or modify agents by editing a text file rather than writing code.

Why Constrain Tools Per Agent?

Each agent has an explicit allowlist of tools it can use. @reviewer can only Read, Grep, Glob, and access Recall — it cannot Write or Edit. @evaluator is strictly read-only. @docs cannot run Bash commands. This follows the principle of least privilege: an agent should only have access to the tools it needs for its specific role. Preventing a documentation agent from running rm commands is not just a safety feature — it is a design feature that prevents role confusion. An agent that can both write docs and delete files is no longer a documentation specialist; it is a general-purpose assistant with a documentation focus. The tool constraints enforce role clarity.

Why Memory-First?

Every agent begins its protocol with a memory injection step: memory_inject_session_aware(cwd, first_message) or memory_live_error(error_text) for debugging sessions. This creates a compound learning effect. Each session records what worked (memory_record_success) and what failed (memory_record_failure). Over time, patterns that consistently help get promoted to high-confidence principles. Approaches that repeatedly fail get flagged as anti-patterns and surfaced as warnings in future sessions. The result is that every session makes all future sessions across all seventeen agents slightly more informed. A fix discovered by @debugger in February becomes part of the institutional memory that @coder checks in March. This is not possible with a blank-slate assistant that treats every conversation as independent.

Why Separate @writer from @obsidian?

Both agents work with the Obsidian vault, but they serve fundamentally different purposes. @writer creates content: shadow work entries, dream logs, therapy prep documents, book notes. It thinks in terms of themes, emotional processing, and narrative voice. @obsidian handles technical operations: DataviewJS queries, CSS snippets, plugin configuration, QuickAdd macros. It thinks in terms of syntax rules, API limitations, and configuration schemas. Combining these into a single agent creates role confusion. A user asking "make the vault display dream notes in purple" (technical, CSS) should not trigger the same agent as "write a dream note about last night" (content, reflective). The failure modes are different: content creation fails when voice is wrong or insights are shallow; technical operations fail when syntax is invalid or plugins break. Separate agents allow each to develop specialized knowledge in its domain.

Why Read-Only for @reviewer and @evaluator?

An agent that both reviews code and edits code introduces a conflict of interest. If @reviewer can fix the issues it finds, there is no incentive for it to flag marginal problems — it will just silently fix them. This eliminates the human review step and the learning opportunity. A read-only reviewer must articulate the problem clearly enough for a human or another agent to understand and fix it. This creates better feedback. Similarly, @evaluator runs quality gates to validate that code meets standards. If it could also modify the code to pass those gates, the validation becomes meaningless. The read-only constraint ensures that validation and implementation remain separate concerns, preventing the system from gaming its own quality checks.

How It Works

01

Agent Selection

When a task arrives, the system matches it to the right specialist. Each agent definition carries a list of trigger keywords: "bug," "crash," "error," and "stack trace" route to @debugger. "Optimize," "slow," "memory leak," and "latency" route to @perf. "Vault health," "orphans," and "broken links" route to @guardian. For ambiguous cases, the /director skill uses the Local Brain's NLP classifier to determine which agent best fits the request. The selected agent's full definition — tools, protocol, anti-patterns, memory hooks — loads into Claude Code's context.

02

Memory Injection

Before doing any work, every agent calls memory_inject_session_aware with the current working directory and the user's first message. This classifies the session type (debug, build, configure, explore, refactor) and adjusts memory prioritization accordingly. Debug sessions surface past errors and anti-patterns. Build sessions surface success patterns. Configure sessions surface past decisions. The injection returns relevant memories, known errors in this context, active architectural decisions, and pinned always-relevant facts — all within 200ms.

03

Past Error Check

If the task involves an error, the agent calls memory_live_error with the error text before attempting any manual investigation. This performs an instant semantic search across all recorded error patterns and their solutions. If a match is found — the same stack trace, the same error message, even a similar failure in a different file — the past fix is returned immediately. This single step prevents the most common time sink in debugging: re-solving a problem that was already solved weeks ago in a different session that nobody remembers.

04

Constrained Execution

The agent works through its domain-specific protocol using only its allowed tools. @reviewer reads code and reports but cannot edit — even if it spots an obvious one-character fix. @evaluator runs quality gates but never modifies source. @coder implements but hands off to @reviewer for audit rather than self-reviewing. These constraints are not just guidelines. They are enforced through the tool allowlist in each agent definition. A documentation agent cannot run shell commands. A security auditor cannot modify the code it is auditing. The constraints prevent the most dangerous failure mode in AI assistance: an agent exceeding its competence.

05

Outcome Recording

After completing a task, the agent records the outcome. Successful approaches are stored with memory_record_success, including the specific technique used and the result. Failed approaches are stored with memory_record_failure, including what was tried and why it did not work. Over time, patterns that consistently help get promoted to high-confidence principles. Approaches that repeatedly fail get flagged as anti-patterns and surfaced as warnings in future sessions. This creates a compound learning effect: each session makes every future session across all seventeen agents slightly more informed.

Tech Stack

Agent Definitions

Markdown files with structured sections — identity, trigger words, tool allowlists, step protocols, anti-patterns, and memory hooks

Runtime

Claude Code CLI agent loader, which reads agent definitions from .claude/agents/ and injects them into context on selection

Memory Layer

Recall MCP server with 35 tools, JSONL-based memory store, and SQLite-indexed embeddings for semantic search

Knowledge Layer

Local Brain FastAPI service with Ollama-powered vector embeddings for codebase understanding and routing

Vault Integration

Obsidian Advanced MCP with 25 tools for vault operations, used by @writer, @guardian, and @obsidian agents

System Integration

Windows Commander and PowerShell MCPs for @system agent, plus Bash for cross-platform shell operations