fix(agents): add context budget, file discovery, and capability guardrails

[marcusquinn]

Summary

Adds guardrails to prevent context overload and enforce optimal tool selection patterns.

Problem

1. Context overload: AI attempted to pack a 4.4M token repository without checking size first, causing "prompt is too long" error
2. Wrong tool selection: Used mcp_glob instead of recommended git ls-files/fd
3. Agent capability mismatch: Plan+ agent (read-only) attempted edits without suggesting switch to Build+

Changes

AGENTS.md Critical Rules (+3 new rules):

• File discovery: Use git ls-files or fd, NOT mcp_glob
• Context budget: Never >100K tokens; for remote repos: README first, check size, use patterns
• Agent capability check: Verify Edit/Write/Bash tools before edits; suggest Build+ if missing

File Discovery section: Enhanced with self-check prompt and decision table

context-builder.md: Added "Remote Repository Guardrails" section with size thresholds

NEW: context-guardrails.md: Comprehensive reference for:

• Token budget management
• Remote repo research workflow
• Tool-specific guardrails
• Recovery from context overflow

build-agent.md: Added "Tool Selection Checklist" with preferred vs avoided tools

Testing

• Local linting passed (ShellCheck, Secretlint)
• No new violations introduced

Related

Discovered during Clawdbot research task (t046) when repomix returned 4.4M tokens

Summary by CodeRabbit

• Documentation
  • Added comprehensive file-discovery guidance with a STOP-before-heavy-tool rule and a decision table for when to use git ls-files, fd, rg, or mcp_glob
  • Introduced a self-check workflow prompting verification before invoking CPU- or context-intensive discovery
  • Added tool-selection checklist (duplicate insertion noted and consolidated)
  • Added remote-repo safety protocols, enabled webfetch guidance, and defined a 100K-token context budget with pre/post-check workflows

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds and reorganized documentation and guardrails for file-discovery and context budgeting: STOP-before-mcp_glob guidance, a self-check workflow, a tool-selection checklist, remote-repo packing protocol, and a new context-guardrails document with token/size thresholds and recovery steps.

Changes

Cohort / File(s)	Summary
File Discovery Guidance .agent/AGENTS.md	Adds STOP-before-using-mcp_glob rule, a self-check workflow before invoking mcp_glob, a decision table comparing git ls-files/fd/rg/mcp_glob, default preference for git ls-files, and minor reordering/clarifications.
Tool Selection Reference .agent/tools/build-agent/build-agent.md	Inserts a Tool Selection Checklist (preferred tools per task, avoidance rules, self-check & context-budget prompts). Note: the checklist content appears duplicated in the diff.
Remote Repository Guardrails .agent/tools/context/context-builder.md	Enables webfetch and adds "CRITICAL: Remote Repository Guardrails" with stepwise remote-pack protocol (README fetch, repo size checks, size thresholds, use of includePatterns, and a disallowed-example).
Context Budget Management .agent/tools/context/context-guardrails.md	New doc defining context budget (100K token guideline), tiered repo size thresholds, pre-flight/post-check workflows, tool-specific guardrails (repomix_pack_remote_repository, mcp_grep, webfetch), recovery steps for context overflow, and file-discovery constraints.

Sequence Diagram(s)

(omitted — changes are documentation and guardrails without new multi-component runtime control flow)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: add file discovery performance guidance and fd/ripgrep installers #115 — Overlaps file-discovery docs and tool-selection guidance (updates to AGENTS.md and discovery tool preferences).
• chore: optimize MCP token usage (43% reduction) #9 — Related adjustments to MCP usage policies/guardrails, including controls for heavy MCPs like mcp_glob.

Poem

🛡️ Pause before you glob, take heed and plot,
Pack repos gently, fetch the README first, not fraught.
Tool lists hum warnings, token budgets keep score,
Guardrails hold the chaos, so context asks for more,
Small careful rules, DevOps calm restored.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: adding context budget, file discovery, and capability guardrails to agents. It is concise, specific, and clearly identifies the primary purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the robustness and efficiency of agents by implementing critical guardrails and guidelines. It addresses common pitfalls such as exceeding context window limits, using suboptimal tools for file operations, and agents attempting tasks beyond their designated capabilities. The changes introduce a structured approach to context management, particularly for remote repositories, and promote the use of more efficient command-line tools, ultimately leading to more reliable and performant agent operations.

Highlights

• New Critical Rules for Agents: Introduced guardrails in AGENTS.md to prevent context overload, enforce optimal file discovery methods (preferring git ls-files or fd over mcp_glob), and ensure agents verify their capabilities before attempting edits.
• Enhanced File Discovery Guidelines: Updated AGENTS.md with a detailed decision table and self-check prompt for file discovery, explicitly advising against mcp_glob due to its CPU intensiveness.
• Remote Repository Guardrails: Added a new section in context-builder.md and a dedicated context-guardrails.md file to establish a critical workflow for handling remote repositories, including fetching READMEs, checking repository size, and applying token-based thresholds to prevent context overload.
• Comprehensive Context Management Document: A new context-guardrails.md file provides in-depth guidance on token budget management, tool-specific guardrails for operations like repomix_pack_remote_repository, mcp_grep, and webfetch, and recovery strategies for context overflow.
• Optimal Tool Selection Checklist: build-agent.md now includes a checklist promoting the use of faster CLI alternatives (e.g., git ls-files, rg) over less efficient MCP tools, along with self-check prompts for context budget.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 272 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Jan 18 16:37:43 UTC 2026: Code review monitoring started
Sun Jan 18 16:37:43 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 272
Sun Jan 18 16:37:43 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sun Jan 18 16:37:46 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 272
• VULNERABILITIES: 0

Generated on: Sun Jan 18 16:38:26 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Code Review

This pull request introduces a valuable set of guardrails for the AI agent system, addressing critical issues like context overload, incorrect tool selection, and capability mismatches. The new documentation in AGENTS.md, build-agent.md, and the new context-guardrails.md provides clear, actionable rules and workflows that will significantly improve the agent's robustness and efficiency. The changes are well-structured and clearly explained. My review includes a couple of suggestions to enhance the clarity and consistency of the new documentation.

[gemini-code-assist]

This token estimation formula contradicts the 'Size Thresholds' tables in this file (lines 22-26) and in context-builder.md.

• The tables suggest a ratio where < 500 KB corresponds to < 50K tokens, which is approximately 1 KB ≈ 100 tokens.
• This formula, Repo KB x 10, suggests a ratio of 1 KB ≈ 10 tokens.

This 10x discrepancy could lead to significant miscalculations when estimating context size. To ensure consistency, the formula should be updated to align with the values used in the tables.

Suggested change

	- **Repo KB x 10 = approximate full-pack tokens** (very rough)
	- **Repo KB x 100 = approximate full-pack tokens** (very rough)

[gemini-code-assist]

The wording in the 'Avoid' column for this task is a bit confusing. "Avoid mcp_grep for simple cases" could be misinterpreted, as it implies it might be acceptable for complex cases, whereas the 'Why' column suggests rg is always superior. To make the guidance clearer and more direct, consider rephrasing to unambiguously recommend against using mcp_grep when rg is available.

For example:

| Search file contents | `rg` (ripgrep) | `mcp_grep` | `rg` is more powerful and should always be preferred. |

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.agent/tools/context/context-builder.md:
- Around line 67-83: The guidance in "CRITICAL: Remote Repository Guardrails"
references using webfetch but the agent frontmatter currently disables it via
the token "webfetch: false"; update the subagent frontmatter to enable webfetch
(set webfetch: true) so the recommended steps (e.g., webfetch
"https://github.com/{user}/{repo}" and repomix_pack_remote_repository with
includePatterns) are executable, or alternatively adjust the guidance to use an
available fetch tool if you intentionally want webfetch disabled.

🧹 Nitpick comments (2)

.agent/AGENTS.md (1)

110-135: Consider moving detailed File Discovery guidance out of root AGENTS.md.
The new self-check + table add a lot of instruction surface area. To stay within the root AGENTS.md instruction-budget and progressive-disclosure guidance, keep only a brief pointer here and move the full table/workflow into a subagent (e.g., tools/context/context-guardrails.md).

Based on coding guidelines, ...

.agent/tools/context/context-guardrails.md (1)

35-43: Reference Claude's context window generically rather than hard-coding "200K tokens".

As of January 2026, Claude supports multiple context window tiers (200K standard, 500K enterprise, 1M for select high-tier deployments). Hard-coding "200K" creates documentation drift and may mislead users about actual limits available to them. Rephrase as "current model context window" or reference the active model's documented limit from Anthropic's official documentation.

[augmentcode]

🤖 Augment PR Summary

Summary: Adds documentation guardrails to reduce context overload and steer agents toward faster CLI tooling and capability-appropriate behavior.

Changes:

• Updated .agent/AGENTS.md with new critical rules for file discovery, context-budget limits, and capability checks.
• Reworked File Discovery guidance into a self-check + decision table (CLI-first, mcp_glob last resort).
• Added a Tool Selection Checklist to the Build agent documentation, listing preferred vs avoided tools per common task.
• Extended tools/context/context-builder.md with remote-repo escalation steps (README → size check → patterns) and size thresholds.
• Introduced tools/context/context-guardrails.md as a consolidated reference for token budgeting, remote-repo workflow, tool-specific cautions, and recovery steps.

Technical Notes: This is a documentation/protocol-focused PR (no runtime code changes) and emphasizes keeping context-heavy operations within a strict budget (≤100K tokens) via incremental escalation and size-based thresholds.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 3 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

This document refers to repomix_pack_remote_repository, but the Repomix MCP tooling documented elsewhere here is repomix_pack_repository (and the helper script uses context-builder-helper.sh remote). If the name is wrong, these guardrails will be hard to follow (also applies to the new references in tools/context/context-builder.md and tools/build-agent/build-agent.md).

_{🤖 Was this useful? React with 👍 or 👎}

[augmentcode]

The rule of thumb Repo KB x 10 = approximate full-pack tokens doesn’t match the earlier size table (<500KB → <50K tokens implies ~x100). Consider reconciling these so size checks lead to consistent decisions.

_{🤖 Was this useful? React with 👍 or 👎}

[augmentcode]

The checklist mixes mcp_webfetch (row above) with webfetch here; standardizing the naming would help ensure agents call the intended tool in a given runtime (MCP vs built-in capability).

_{🤖 Was this useful? React with 👍 or 👎}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 272 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Jan 18 16:50:24 UTC 2026: Code review monitoring started
Sun Jan 18 16:50:24 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 272
Sun Jan 18 16:50:25 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sun Jan 18 16:50:27 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 272
• VULNERABILITIES: 0

Generated on: Sun Jan 18 16:51:06 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.agent/tools/context/context-guardrails.md:
- Around line 128-165: The fenced code block under the "Recovery from Context
Overflow" section is indented and misformatted; fix it by replacing the indented
snippet with a properly aligned fenced code block (three backticks) so the block
begins at column 0 and closes with matching backticks, preserving the exact
content of the /remember FAILED_APPROACH line and the sample message; locate the
block in the "Recovery from Context Overflow" section (look for the string
"/remember FAILED_APPROACH" and the surrounding triple-backtick markers) and
ensure both opening and closing fences are unindented and use the same language
tag (`text`).

♻️ Duplicate comments (2)

.agent/tools/build-agent/build-agent.md (1)

639-658: Approve the Tool Selection Checklist with minor naming verification needed.

The Tool Selection Checklist effectively operationalizes the guardrails described in the PR objectives. The self-check prompts (lines 652-656) provide actionable decision points before tool invocation, and the reference to context-guardrails.md ensures agents can access detailed guidance.

However, past reviewers have flagged potential issues:

1. The mcp_grep row wording may need clarification (as noted by gemini-code-assist[bot])
2. Naming consistency between mcp_webfetch and webfetch should be verified (as noted by augmentcode[bot])

Please verify the MCP tool naming is consistent with the actual installed tools:

#!/bin/bash
# Description: Verify MCP tool naming consistency for repomix and webfetch

# Check if mcp_repomix_pack_remote_repository exists in MCP configurations
rg -n "mcp_repomix_pack_remote_repository|repomix_pack_repository" .agent/ --type md

# Check webfetch vs mcp_webfetch usage patterns
rg -n "mcp_webfetch|webfetch" .agent/tools/build-agent/build-agent.md --type md -C2

.agent/tools/context/context-guardrails.md (1)

33-73: Approve workflow and rules; verify tool naming consistency.

The Problem section effectively illustrates risk levels, and the Golden Rules provide clear, numbered guardrails. The Remote Repository Research Workflow diagram presents a progressive escalation strategy that aligns with the PR's context budget objectives.

However, a naming inconsistency exists at line 39 where the tool is referenced as repomix_pack_remote_repository, while lines 85 and 87 use mcp_repomix_pack_remote_repository. As noted by augmentcode[bot] in past reviews, this inconsistency could confuse agents about which tool to invoke.

The verification script in the previous comment will confirm the correct tool naming across all files.

🧹 Nitpick comments (1)

.agent/tools/context/context-guardrails.md (1)

1-8: Consider declaring all tool permissions explicitly.

The YAML frontmatter follows the subagent pattern but only declares read, bash, and webfetch permissions. Per the build-agent.md guidelines, explicitly declaring all tool permissions (including write: false, edit: false, glob: true, grep: true, task: false) improves clarity about the agent's intended capabilities.

♻️ Complete frontmatter declaration

 ---
 description: Context budget management and guardrails for AI assistants
 mode: subagent
 tools:
   read: true
+  write: false
+  edit: false
   bash: true
+  glob: true
+  grep: true
   webfetch: true
+  task: false
 ---

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Approve guardrail content; address markdown formatting.

The Recovery, File Discovery, and Agent Capability Check sections provide essential guardrails:

• Recovery steps include learning pattern via /remember to prevent repeat failures
• File Discovery table aligns with AGENTS.md File Discovery rules (CLI tools preferred over mcp_glob)
• Agent Capability Check prevents agents from recommending edits they cannot perform

However, the fenced code block at line 136 needs formatting corrections per static analysis:

🔧 Fix markdown formatting for fenced code block

 4. **Document the failure** - Use `/remember` for future sessions:
+
-   ```
+   ```text
    /remember FAILED_APPROACH: Attempted to pack {repo} without size check. 
    Repo was {size}KB (~{tokens} tokens). Use includePatterns next time.
    ```

🧰 Tools

🪛 GitHub Check: Codacy Static Code Analysis

[notice] 136-136: .agent/tools/context/context-guardrails.md#L136
Fenced code blocks should be surrounded by blank lines

---

[notice] 136-136: .agent/tools/context/context-guardrails.md#L136
Fenced code blocks should have a language specified

🪛 markdownlint-cli2 (0.18.1)

136-136: Fenced code blocks should be surrounded by blank lines

(MD031, blanks-around-fences)

---

136-136: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

In @.agent/tools/context/context-guardrails.md around lines 128 - 165, The
fenced code block under the "Recovery from Context Overflow" section is indented
and misformatted; fix it by replacing the indented snippet with a properly
aligned fenced code block (three backticks) so the block begins at column 0 and
closes with matching backticks, preserving the exact content of the /remember
FAILED_APPROACH line and the sample message; locate the block in the "Recovery
from Context Overflow" section (look for the string "/remember FAILED_APPROACH"
and the surrounding triple-backtick markers) and ensure both opening and closing
fences are unindented and use the same language tag (`text`).

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 272 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Jan 18 16:56:42 UTC 2026: Code review monitoring started
Sun Jan 18 16:56:43 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 272
Sun Jan 18 16:56:43 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sun Jan 18 16:56:45 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 272
• VULNERABILITIES: 0

Generated on: Sun Jan 18 16:57:21 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 272 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Jan 18 17:06:00 UTC 2026: Code review monitoring started
Sun Jan 18 17:06:00 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 272
Sun Jan 18 17:06:00 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sun Jan 18 17:06:02 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 272
• VULNERABILITIES: 0

Generated on: Sun Jan 18 17:06:40 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring