plan agent: grant editFiles + githubRepo, forbid invented file reads (#2003)

[KomalSrinivasan]

Closes #2003.

@basilevs reported the Plan Mode - Strategic Planning & Architecture agent failing to read a workspace file and instead inventing two non-existent mechanisms in sequence:

1. SELECT readfile('feature-replay-history-1.md') against the SQLite tool, which legitimately errors with no such function: readfile.
2. Querying a fake inbox_entries table, which returns 0 rows because it doesn't exist.

Then the agent gave up and asked the user to paste the file contents.

Root cause

agents/plan.agent.md declares its tool surface as:

tools:
  - search/codebase
  - vscode/extensions
  - web/fetch
  - read/problems
  - search/searchResults
  - search/usages
  - vscode/vscodeAPI

None of those read files. The body of the agent also says Use `githubRepo` to understand project history even though githubRepo isn't in the tools array, so that bullet is dead text the agent can't act on.

For comparison, the sibling agents/implementation-plan.agent.md (which can read files) lists "edit/editFiles" in its tools, plus a few execute/run tools.

Fix

Three small edits, one file:

1. Add edit/editFiles to the tools array. The Copilot edit/editFiles tool surface includes reading workspace files, so this restores normal file access. The agent doesn't have to write anything to read.
2. Add githubRepo to the tools array so the body's existing reference to it isn't dead text.
3. Add a File Reading bullet under capabilities pointing the agent at editFiles for reads, and explicitly forbidding invented mechanisms like readfile() or queries against tables that aren't real. This matches the transcript in "Plan Mode - Strategic Planning & Architecture" can't read files #2003 directly.

Verification

• npm run build exits 0, regenerates marketplace.json.
• 1 file touched, 3 insertions. No README diff because the agent description is unchanged.
• git diff main shows only the additions: 2 new tool entries and 1 new bullet.

Out of scope

• Adding the execute/run tool family that implementation-plan.agent.md carries. Plan mode is read-only by design; it shouldn't be running shell commands. editFiles covers reading without crossing that line.

[github-actions]

🔒 PR Risk Scan Results

Scanned 1 changed file(s).

Severity	Count
🔴 High	0
🟠 Medium	0
ℹ️ Info	0

✅ No matching risk patterns were detected in changed files.

This is an automated soft-gate report. Findings indicate review targets and do not block merge by themselves.

[github-actions]

🔍 Skill Validator Results

⛔ Findings need attention

Scope	Checked
Skills	0
Agents	1
Total	1

Severity	Count
❌ Errors	2
⚠️ Warnings	0
ℹ️ Advisories	0

Summary

Level	Finding
❌	[agent:Plan Mode - Strategic Planning & Architecture] Agent name 'Plan Mode - Strategic Planning & Architecture' does not match filename 'plan.agent.md' (expected 'Plan Mode - Strategic Planning & Architecture.agent.md').
❌	[agent:Plan Mode - Strategic Planning & Architecture] Agent name 'Plan Mode - Strategic Planning & Architecture' contains invalid characters — must be lowercase alphanumeric and hyphens only.

Full validator output

Found 1 agent(s)
❌ [agent:Plan Mode - Strategic Planning & Architecture] Agent name 'Plan Mode - Strategic Planning & Architecture' does not match filename 'plan.agent.md' (expected 'Plan Mode - Strategic Planning & Architecture.agent.md').
❌ [agent:Plan Mode - Strategic Planning & Architecture] Agent name 'Plan Mode - Strategic Planning & Architecture' contains invalid characters — must be lowercase alphanumeric and hyphens only.
Validated 1 agent(s)
Agent spec conformance failures — fix the errors above.

Note: The validator returned a non-zero exit code. Please review the findings above before merge.

[github-actions]

🟡 Contributor Reputation Check: MEDIUM risk

Check	Risk
Profile	MEDIUM
Credential audit	NONE

Maintainers: please review this contributor before merging.
See the workflow run for full details.
Automated check powered by AGT.