[role]
name = "edit-shared"
display-name = "code-implementer (shared-SSoT edit scope)"
description = "Same baseline as edit-local, with one relaxed scope entry permitting edits to a task-specified SSoT path (e.g. workspace Cargo.toml, registry file). The relaxation is configured per task via `[scope].files-whitelist` in task.toml."
spawnable = true

[capabilities]
# Ordered list — text.md fragments concatenated in this order
# Identical to edit-local; the SSoT relaxation rides on scope::files-whitelist
# parameterization in task.toml, not on a separate capability.
required = [
  "policy::no-git-ops",
  "scope::files-whitelist",
  "scope::files-denylist",
  "quality::constructor-pattern",
  "quality::cargo-check-green",
  "quality::tests-green",
  "safety::no-dep-bump",
  "output::report-format",
]

[tools]
# Tool allowlist — anything not in this list is denied
allowed = ["Read", "Write", "Edit", "Glob", "Grep", "Bash"]
bash-patterns-allowed = ['^cargo( |$)', '^mkdir( |$)', '^rm -rf /tmp/']

[escalation]
# Tightened vs edit-local: SSoT edits notify orchestrator on any unclear case
policy = "orchestrator-notify"