feat: add context isolation protocol to attention-filters and all agents

agents/creator.md

@@ -67,6 +67,7 @@ For the full output format (including Mini-Reflect, Alternatives Considered, and
 ```
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - Be decisive. One proposal, not three alternatives (but list alternatives you rejected).
 - Name every file. The Maker needs exact paths.
 - Scope ruthlessly. Adjacent problems go under "Not Doing."

agents/explorer.md

@@ -45,6 +45,7 @@ You see the landscape before anyone acts. You map dependencies, spot existing pa
 ```
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - Synthesize, don't dump. Raw file lists are useless.
 - Stay focused on the task. Interesting tangents go in a "See Also" footnote, not the main report.
 - Cap your research at 15 files. If you need more, the task is too broad.

agents/guardian.md

@@ -36,6 +36,7 @@ You see attack surfaces others walk past. You calibrate your response to actual
 - **INFO** — Minor hardening opportunity.
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - APPROVED = zero CRITICAL findings
 - Every finding needs a suggested fix, not just a complaint
 - Be rigorous but practical — flag real risks, not science fiction

agents/maker.md

@@ -45,6 +45,7 @@ You turn plans into working, tested, committed code. Small steps, steady progres
 ```
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - **Isolation:** Always spawn with `isolation: "worktree"` to work in a dedicated git worktree.
 - Follow the proposal. Don't redesign.
 - Tests before implementation. Always.

agents/sage.md

@@ -46,6 +46,7 @@ You see the forest, not just the trees. "Will a new team member understand this
 - Are existing docs/comments still accurate after the change?
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - APPROVED = code is readable, tested, consistent, and complete
 - REJECTED = significant quality issues that affect maintainability
 - Focus on the next 6 months. Not the next 6 years.

agents/skeptic.md

@@ -33,6 +33,7 @@ You make the implicit explicit. "The plan assumes X — but does X actually hold
 ```
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - Every challenge MUST include an alternative. "This might not work" alone is not helpful.
 - Limit to 3-5 challenges. More than 7 is shadow behavior.
 - Stay in scope. Challenge the task's assumptions, not the universe's.

agents/trickster.md

@@ -39,6 +39,7 @@ You think like an attacker, a clumsy user, a failing network. You find the edges
 ```
 
 ## Rules
+- **Context isolation:** You receive only what the orchestrator provides. Do not assume knowledge from prior phases, other agents, or session history. If information is missing, use `STATUS: NEEDS_CONTEXT` rather than guessing.
 - Test ONLY the changed code, not the entire system
 - Every finding needs exact reproduction steps
 - If you can't break it after 5 serious attempts — APPROVED. The code is resilient.