Initial commit

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

agents/filesystem.py

@@ -0,0 +1,34 @@
+"""FileSystem Agent — analyzes disk structure, files, and deleted data."""
+
+from __future__ import annotations
+
+from base_agent import BaseAgent
+from evidence_graph import EvidenceGraph
+from llm_client import LLMClient
+from tool_registry import TOOL_CATALOG
+
+
+class FileSystemAgent(BaseAgent):
+    name = "filesystem"
+    role = (
+        "File system forensic analyst. You examine disk image partition layouts, "
+        "directory structures, file metadata, and recover deleted files. "
+        "You identify suspicious files, installed programs, and user data locations. "
+        "You also handle malware analysis, Recycle Bin forensics, and Prefetch execution evidence."
+    )
+
+    def __init__(self, llm: LLMClient, graph: EvidenceGraph) -> None:
+        super().__init__(llm, graph)
+        self._register_tools()
+
+    def _register_tools(self) -> None:
+        tool_names = [
+            "partition_info", "filesystem_info", "list_directory",
+            "extract_file", "find_file", "search_strings",
+            "parse_prefetch", "count_deleted_files",
+            "read_text_file", "search_text_file", "read_binary_preview",
+        ]
+        for name in tool_names:
+            td = TOOL_CATALOG.get(name)
+            if td:
+                self.register_tool(td.name, td.description, td.input_schema, td.executor)