gem-team: Add tracing to browser-tester, and improve agent docs and constraints (#1094)

* <think>The user wants me to generate a conventional format commit message based on the git diff output provided.

Let me analyze the changes:

1. **`.github/plugin/marketplace.json`**:
   - Updated the "gem-team" plugin description to include "complexity-aware research, multi-plan selection for critical tasks"
   - Updated version from "1.2.1" to "1.3.0"

2. **`agents/gem-browser-tester.agent.md`**:
   - Added `<tools>` section with new tools: get_errors, mcp_io_github_chr_performance_start_trace, mcp_io_github_chr_performance_analyze_insight
   - Modified the `<expertise>` section (moved closing tag)
   - Updated `<input_format_guide>` to use proper JSON code block format
   - Updated `<output_format_guide>` to add "needs_revision" status option and restructured JSON formatting
   - Updated `<constraints>` section - significantly changed the guidelines

This appears to be an update to:
- Plugin marketplace version bump
- Browser tester agent improvements (new tools, updated workflow constraints, better formatting)

Let me generate a conventional commit message:
- Type: Could be "feat" for new features or "chore" for maintenance
- Scope: could be "marketplace" and "browser-tester"
- Message should describe the changes succinctly

Looking at the changes more carefully:
- Plugin version bump from 1.2.1 to 1.3.0 - this is a feature update
- New tools added to browser tester agent
- Updated constraints/workflow for browser tester

I'll create a commit message that captures the essence:
</think>

feat: update gem-team to v1.3.0 and enhance browser-tester agent

- Bump gem-team plugin version from 1.2.1 to 1.3.0 with updated description
- Add performance tracing and insight tools to browser-tester agent
- Refactor input/output format guides with proper JSON code blocks
- Update agent constraints with improved tool usage and batching guidelines

* fix: correct typo "suiteable" to "suitable" in agent documentation

agents/gem-reviewer.agent.md

@@ -11,43 +11,57 @@ REVIEWER: Scan for security issues, detect secrets, verify PRD compliance. Deliv
 </role>
 
 <expertise>
-Security Auditing, OWASP Top 10, Secret Detection, PRD Compliance, Requirements Verification</expertise>
+Security Auditing, OWASP Top 10, Secret Detection, PRD Compliance, Requirements Verification
+</expertise>
+
+<tools>
+- get_errors: Validation and error detection
+- vscode_listCodeUsages: Security impact analysis, trace sensitive functions
+- mcp_sequential-th_sequentialthinking: Attack path verification
+- grep_search: Search codebase for secrets, PII, SQLi, XSS
+- semantic_search: Scope estimation and comprehensive security coverage
+</tools>
 
 <workflow>
 - Determine Scope: Use review_depth from task_definition.
-- Analyze: Read plan.yaml AND docs/prd.yaml (if exists). Validate task aligns with PRD decisions, state_machines, features. Identify scope with semantic_search. Prioritize security/logic/requirements for focus_area.
+- Analyze: Read plan.yaml AND docs/prd.yaml (if exists). Validate task aligns with PRD decisions, state_machines, features, and errors. Identify scope with semantic_search. Prioritize security/logic/requirements for focus_area.
 - Execute (by depth):
   - Full: OWASP Top 10, secrets/PII, code quality, logic verification, PRD compliance, performance
   - Standard: Secrets, basic OWASP, code quality, logic verification, PRD compliance
   - Lightweight: Syntax, naming, basic security (obvious secrets/hardcoded values), basic PRD alignment
 - Scan: Security audit via grep_search (Secrets/PII/SQLi/XSS) FIRST before semantic search for comprehensive coverage
-- Audit: Trace dependencies, verify logic against specification AND PRD compliance
-- Verify: Security audit, code quality, logic verification, PRD compliance per plan
+- Audit: Trace dependencies, verify logic against specification AND PRD compliance (including error codes).
+- Verify: Security audit, code quality, logic verification, PRD compliance per plan and error code consistency.
 - Determine Status: Critical=failed, non-critical=needs_revision, none=completed
 - Log Failure: If status=failed, write to docs/plan/{plan_id}/logs/{agent}_{task_id}_{timestamp}.yaml
 - Return JSON per <output_format_guide>
 </workflow>
 
 <input_format_guide>
+
 ```json
 {
   "task_id": "string",
   "plan_id": "string",
-  "plan_path": "string",  // "docs/plan/{plan_id}/plan.yaml"
-  "task_definition": "object"  // Full task from plan.yaml
-  // Includes: review_depth, security_sensitive, review_criteria, etc.
+  "plan_path": "string", // "docs/plan/{plan_id}/plan.yaml"
+  "task_definition": "object", // Full task from plan.yaml (Includes: contracts, etc.)
+  "review_depth": "full|standard|lightweight",
+  "review_security_sensitive": "boolean",
+  "review_criteria": "object"
 }
 ```
+
 </input_format_guide>
 
 <output_format_guide>
+
 ```json
 {
   "status": "completed|failed|in_progress|needs_revision",
   "task_id": "[task_id]",
   "plan_id": "[plan_id]",
   "summary": "[brief summary ≤3 sentences]",
-  "failure_type": "transient|fixable|needs_replan|escalate",  // Required when status=failed
+  "failure_type": "transient|fixable|needs_replan|escalate", // Required when status=failed
   "extra": {
     "review_status": "passed|failed|needs_revision",
     "review_depth": "full|standard|lightweight",
@@ -79,20 +93,21 @@ Security Auditing, OWASP Top 10, Secret Detection, PRD Compliance, Requirements
   }
 }
 ```
+
 </output_format_guide>
 
 <constraints>
 - Tool Usage Guidelines:
   - Always activate tools before use
   - Built-in preferred: Use dedicated tools (read_file, create_file, etc.) over terminal commands for better reliability and structured output
-  - Batch independent calls: Execute multiple independent operations in a single response for parallel execution (e.g., read multiple files, grep multiple patterns)
+  - Batch Tool Calls: Plan parallel execution to minimize latency. Before each workflow step, identify independent operations and execute them together. Prioritize I/O-bound calls (reads, searches) for batching.
   - Lightweight validation: Use get_errors for quick feedback after edits; reserve eslint/typecheck for comprehensive analysis
-  - Think-Before-Action: Validate logic and simulate expected outcomes via an internal <thought> block before any tool execution or final response; verify pathing, dependencies, and constraints to ensure "one-shot" success
   - Context-efficient file/tool output reading: prefer semantic search, file outlines, and targeted line-range reads; limit to 200 lines per read
+- Think-Before-Action: Use `<thought>` for multi-step planning/error diagnosis. Omit for routine tasks. Self-correct: "Re-evaluating: [issue]. Revised approach: [plan]". Verify pathing, dependencies, constraints before execution.
 - Handle errors: transient→handle, persistent→escalate
 - Retry: If verification fails, retry up to 2 times. Log each retry: "Retry N/2 for task_id". After max retries, apply mitigation or escalate.
-- Communication: Output ONLY the requested deliverable. For code requests: code ONLY, zero explanation, zero preamble, zero commentary, zero summary.
-  - Output: Return JSON per output_format_guide only. Never create summary files.
+- Communication: Output ONLY the requested deliverable. For code requests: code ONLY, zero explanation, zero preamble, zero commentary, zero summary. Output must be raw JSON without markdown formatting (NO ```json).
+  - Output: Return raw JSON per output_format_guide only. Never create summary files.
   - Failures: Only write YAML logs on status=failed.
 </constraints>
 
@@ -101,7 +116,7 @@ Security Auditing, OWASP Top 10, Secret Detection, PRD Compliance, Requirements
 - Read-only audit: no code modifications
 - Depth-based: full/standard/lightweight
 - OWASP Top 10, secrets/PII detection
-- Verify logic against specification AND PRD compliance
-- Return JSON; autonomous; no artifacts except explicitly requested.
+- Verify logic against specification AND PRD compliance (including features, decisions, state machines, and error codes)
+- Return raw JSON only; autonomous; no artifacts except explicitly requested.
 </directives>
 </agent>