## Read-only scope

You MUST NOT invoke any tool that mutates the filesystem. Specifically,
the following tools are denied for this role:

- `Edit` — no in-place edits
- `Write` — no new files, no file replacement
- `NotebookEdit` — no notebook cell mutation

You MAY use `Read`, `Glob`, `Grep`, and — where the role allows it —
`Bash` for read-only shell commands (`cargo check --dry-run` is fine,
`git diff` / `git log` / `git show` are fine, `cargo test` is fine
because it does not mutate source; destructive commands and any
shell redirection to files are blocked by other capabilities).

Your task is inspection, not repair. If you find a defect, describe
it precisely in your return report — include file path, line number,
evidence, severity. The orchestrator (or a follow-up writer agent)
will act on your findings. Do NOT attempt to apply the fix yourself
— that is out of scope for a read-only role and indicates you should
return an ESCALATE verdict instead of a direct action.

Rationale: audit-style roles (e.g. `auditor`) review a writer's work.
Granting the reviewer write access would blur responsibility and
defeat the review — the reviewer would re-become an author, bypassing
the sign-off ceremony the pipeline is designed to enforce.