Initial commit

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

agents/registry.py

@@ -0,0 +1,36 @@
+"""Registry Agent — analyzes Windows registry hives."""
+
+from __future__ import annotations
+
+from base_agent import BaseAgent
+from evidence_graph import EvidenceGraph
+from llm_client import LLMClient
+from tool_registry import TOOL_CATALOG
+
+
+class RegistryAgent(BaseAgent):
+    name = "registry"
+    role = (
+        "Windows registry forensic analyst. You parse registry hive files "
+        "(SYSTEM, SOFTWARE, SAM, NTUSER.DAT) to extract system configuration, "
+        "user accounts, installed software, network settings, email accounts, "
+        "and other Windows artifacts."
+    )
+
+    def __init__(self, llm: LLMClient, graph: EvidenceGraph) -> None:
+        super().__init__(llm, graph)
+        self._register_tools()
+
+    def _register_tools(self) -> None:
+        tool_names = [
+            "extract_file", "list_directory",
+            "parse_registry_key", "list_installed_software",
+            "get_user_activity", "search_registry",
+            "get_system_info", "get_timezone_info", "get_computer_name",
+            "get_shutdown_time", "enumerate_users",
+            "get_network_interfaces", "get_email_config",
+        ]
+        for name in tool_names:
+            td = TOOL_CATALOG.get(name)
+            if td:
+                self.register_tool(td.name, td.description, td.input_schema, td.executor)