@bastani/atomic 0.6.5 → 0.6.6-1

package/src/sdk/workflows/builtin/open-claude-design/opencode/index.ts

@@ -151,7 +151,10 @@ export default defineWorkflow({
             description: "Locate design files and tokens",
           },
           {},
-          { title: "ds-locator" },
+          {
+            title: "ds-locator",
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -171,7 +174,10 @@ export default defineWorkflow({
             description: "Analyze design tokens and patterns",
           },
           {},
-          { title: "ds-analyzer" },
+          {
+            title: "ds-analyzer",
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -191,7 +197,10 @@ export default defineWorkflow({
             description: "Find existing design patterns",
           },
           {},
-          { title: "ds-patterns" },
+          {
+            title: "ds-patterns",
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -214,7 +223,10 @@ export default defineWorkflow({
           description: "Build design system with user approval (HIL)",
         },
         {},
-        { title: "design-system-builder" },
+        {
+          title: "design-system-builder",
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -253,7 +265,10 @@ export default defineWorkflow({
               description: "Capture web reference via playwright",
             },
             {},
-            { title: "web-capture" },
+            {
+              title: "web-capture",
+              permission: [{ permission: "*", pattern: "*", action: "allow" }],
+            },
             async (s) => {
               const result = await s.client.session.prompt({
                 sessionID: s.session.id,
@@ -283,7 +298,10 @@ export default defineWorkflow({
               description: "Parse reference document",
             },
             {},
-            { title: "file-parser" },
+            {
+              title: "file-parser",
+              permission: [{ permission: "*", pattern: "*", action: "allow" }],
+            },
             async (s) => {
               const result = await s.client.session.prompt({
                 sessionID: s.session.id,
@@ -317,7 +335,10 @@ export default defineWorkflow({
     await ctx.stage(
       { name: "generator", description: "Generate first design version" },
       {},
-      { title: "generator" },
+      {
+        title: "generator",
+        permission: [{ permission: "*", pattern: "*", action: "allow" }],
+      },
       async (s) => {
         const result = await s.client.session.prompt({
           sessionID: s.session.id,
@@ -351,7 +372,10 @@ export default defineWorkflow({
           description: `Collect refinement feedback (iteration ${iteration})`,
         },
         {},
-        { title: `user-feedback-${iteration}` },
+        {
+          title: `user-feedback-${iteration}`,
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -384,7 +408,10 @@ export default defineWorkflow({
             description: `Design critique (iteration ${iteration})`,
           },
           {},
-          { title: `critique-${iteration}` },
+          {
+            title: `critique-${iteration}`,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -411,7 +438,10 @@ export default defineWorkflow({
             description: `Visual validation (iteration ${iteration})`,
           },
           {},
-          { title: `screenshot-${iteration}` },
+          {
+            title: `screenshot-${iteration}`,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -450,7 +480,10 @@ export default defineWorkflow({
           description: `Apply refinements (iteration ${iteration})`,
         },
         {},
-        { title: `apply-changes-${iteration}` },
+        {
+          title: `apply-changes-${iteration}`,
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -495,7 +528,10 @@ export default defineWorkflow({
           description: "Remove banned anti-patterns before export",
         },
         {},
-        { title: "forced-fix" },
+        {
+          title: "forced-fix",
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -539,7 +575,10 @@ export default defineWorkflow({
         description: "Export design and create handoff bundle",
       },
       {},
-      { title: "exporter" },
+      {
+        title: "exporter",
+        permission: [{ permission: "*", pattern: "*", action: "allow" }],
+      },
       async (s) => {
         const result = await s.client.session.prompt({
           sessionID: s.session.id,

package/src/sdk/workflows/builtin/ralph/claude/index.ts

@@ -28,6 +28,7 @@ import { defineWorkflow, extractAssistantText } from "../../../index.ts";
 import {
   buildPlannerPrompt,
   buildOrchestratorPrompt,
+  buildCodeSimplifierPrompt,
   buildInfraDiscoveryPrompts,
   buildReviewPrompt,
   filterActionable,
@@ -94,7 +95,7 @@ export default defineWorkflow({
 
     for (let iteration = 1; iteration <= maxLoops; iteration++) {
       // ── Plan ────────────────────────────────────────────────────────────
-      await ctx.stage(
+      const planner = await ctx.stage(
         { name: `planner-${iteration}` },
         {
           chatFlags: [
@@ -106,13 +107,14 @@ export default defineWorkflow({
         },
         {},
         async (s) => {
-          await s.session.query(
+          const result = await s.session.query(
             buildPlannerPrompt(prompt, {
               iteration,
               reviewReport: reviewReport || undefined,
             }),
           );
           s.save(s.sessionId);
+          return extractAssistantText(result, 0);
         },
       );
 
@@ -129,7 +131,33 @@ export default defineWorkflow({
         },
         {},
         async (s) => {
-          await s.session.query(buildOrchestratorPrompt(prompt));
+          await s.session.query(
+            buildOrchestratorPrompt(prompt, {
+              plannerNotes: planner.result,
+            }),
+          );
+          s.save(s.sessionId);
+        },
+      );
+
+      // ── Code Simplifier ─────────────────────────────────────────────────
+      await ctx.stage(
+        { name: `code-simplifier-${iteration}` },
+        {
+          chatFlags: [
+            "--agent",
+            "code-simplifier",
+            "--allow-dangerously-skip-permissions",
+            "--dangerously-skip-permissions",
+          ],
+        },
+        {},
+        async (s) => {
+          await s.session.query(
+            buildCodeSimplifierPrompt(prompt, {
+              plannerNotes: planner.result,
+            }),
+          );
           s.save(s.sessionId);
         },
       );

package/src/sdk/workflows/builtin/ralph/copilot/index.ts

@@ -27,6 +27,7 @@ import type { SessionEvent } from "@github/copilot-sdk";
 import {
   buildPlannerPrompt,
   buildOrchestratorPrompt,
+  buildCodeSimplifierPrompt,
   buildInfraDiscoveryPrompts,
   buildReviewPrompt,
   filterActionable,
@@ -140,6 +141,21 @@ export default defineWorkflow({
         },
       );
 
+      // ── Code Simplifier ───────────────────────────────────────────────
+      await ctx.stage(
+        { name: `code-simplifier-${iteration}` },
+        {},
+        { agent: "code-simplifier" },
+        async (s) => {
+          await s.session.send({
+            prompt: buildCodeSimplifierPrompt(userPromptText, {
+              plannerNotes: planner.result,
+            }),
+          });
+          s.save(await s.session.getMessages());
+        },
+      );
+
       // ── Infrastructure Discovery (three parallel sub-agent stages) ──
       const changeset = await captureBranchChangeset();
       const discoveryPrompts = buildInfraDiscoveryPrompts();

package/src/sdk/workflows/builtin/ralph/helpers/prompts.ts

@@ -554,6 +554,60 @@ Do NOT compress the worker's task subject, description, or persisted task
 records — those must remain self-contained and unambiguous.`);
 }
 
+// ============================================================================
+// CODE SIMPLIFIER
+// ============================================================================
+
+export interface CodeSimplifierContext {
+  /** Optional planner output (RFC markdown or absolute path to spec). */
+  plannerNotes?: string;
+}
+
+/**
+ * Build the code-simplifier prompt. Run by the `code-simplifier` sub-agent
+ * to inspect only the orchestrator's changes on the current branch and
+ * refine them for clarity, consistency, and maintainability — without
+ * altering functionality or test behaviour.
+ *
+ * @param spec - The user's original specification, used as context/fallback
+ *   when planner output is missing or ambiguous.
+ * @param context - Optional planner handoff (spec path or inline RFC markdown).
+ */
+export function buildCodeSimplifierPrompt(
+  spec: string,
+  context: CodeSimplifierContext = {},
+): string {
+  const plannerNotes = context.plannerNotes?.trim() ?? "";
+  const plannerSection =
+    plannerNotes.length > 0
+      ? `<planner_output>
+${plannerNotes}
+</planner_output>`
+      : `<planner_output>
+(empty — fall back to the Original User Specification below)
+</planner_output>`;
+
+  return withCaveman(`Inspect the orchestrator's changes on the current branch and simplify the implementation for clarity, consistency, and maintainability.
+
+## Design Input (authoritative)
+
+${plannerSection}
+
+## Original User Specification (context / fallback)
+
+<specification>
+${spec}
+</specification>
+
+## Instructions
+
+1. **Scope to branch changes only.** Run \`git diff\` and \`git status\` to identify every file the orchestrator touched. Do NOT modify files outside that set.
+2. **Simplify and refine.** Within the changed files, improve clarity, consistency, naming, and structure. Remove dead code, unnecessary comments, and redundant abstractions. Prefer simple, direct implementations.
+3. **Preserve all functionality and test behaviour.** No feature regressions, no removed tests, no altered public interfaces unless the change is strictly cosmetic (e.g. rename of an internal variable).
+4. **Keep changes minimal and focused.** No scope creep. Do not rewrite working code that is already clear. Touch only what genuinely benefits from simplification.
+5. **Verify after edits.** Run \`bun typecheck\` and \`bun lint\` from the repository root after all edits are complete. Fix any errors they surface before finishing.`);
+}
+
 // ============================================================================
 // INFRASTRUCTURE DISCOVERY
 // ============================================================================
@@ -592,7 +646,7 @@ one-line description of each.
 - **Build config**: tsconfig.json, webpack.config.*, vite.config.*, esbuild.*, rollup.config.*, Makefile, etc.
 - **Test config**: jest.config.*, vitest.config.*, playwright.config.*, .mocharc.*, pytest.ini, etc.
 - **Lint / format config**: .eslintrc.*, eslint.config.*, biome.json, .prettierrc.*, oxlint.json, etc.
-- **CI/CD workflows**: .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile, .circleci/config.yml, etc.
+- **CI/CD workflows (REQUIRED)**: .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile, .circleci/config.yml, azure-pipelines.yml, etc. List every workflow file separately — reviewers need full coverage.
 - **Agent config files**: CLAUDE.md, AGENTS.md, .claude/*, .github/copilot-instructions.md (these often document project commands)
 
 ## Output format
@@ -625,7 +679,12 @@ which commands to run to verify an implementation.
    executes" list.
 4. Read CLAUDE.md / AGENTS.md if present — they often document the
    canonical commands for contributors.
-5. Identify the test framework(s) in use and how to invoke them.
+5. **Audit CI workflows.** When the \`gh\` CLI is available (check via \`command -v gh\`), run:
+   - \`gh workflow list\` to enumerate active workflows.
+   - \`gh run list --limit 5\` to see the most recent runs and their statuses.
+   - \`gh workflow view <name>\` for any workflow whose name suggests it gates merges.
+   When \`gh\` is unavailable or unauthenticated, fall back to reading the workflow YAML files directly. Capture: workflow names, triggers (push / pull_request / schedule / workflow_dispatch), job names, the exact \`run:\` commands per job, and recent run statuses.
+6. Identify the test framework(s) in use and how to invoke them.
 
 ## Output format
 
@@ -644,6 +703,10 @@ which commands to run to verify an implementation.
 
 ## CI Commands (from workflow files)
 - \`<command>\` — <source file and context>
+
+## CI / GitHub Actions
+- Workflow: \`<name>\` — triggers: \`<push|pr|schedule|...>\` — jobs: \`<job names>\`
+- Recent runs (when \`gh\` available): \`<conclusion>\` on \`<branch>\` (\`<run id>\`)
 \`\`\`
 
 Be specific — include the exact invocation string (e.g. \`bun test\`, not
@@ -670,6 +733,10 @@ but HOW they are used in practice.
    order CI runs them.
 5. **Dependency install pattern**: How are dependencies installed before
    build/test (e.g. \`bun install\`, \`npm ci\`)?
+6. **CI audit patterns**: Map out the CI structure so reviewers can audit it. Identify matrix builds, job dependencies (\`needs:\`), conditional runs (\`if:\`), required checks, and which jobs gate merges. When \`gh\` is available, surface example commands a reviewer could use:
+   - \`gh run view <id> --log-failed\` — inspect a failed run.
+   - \`gh pr checks\` — see check status on the current PR.
+   - \`gh workflow view <name> --yaml\` — view the canonical workflow definition.
 
 ## Output format
 
@@ -679,7 +746,7 @@ For each pattern found, report:
 - A brief explanation of when/how it's used
 
 End with a brief trailing summary of the overall build/test workflow order
-(e.g. "install → typecheck → lint → test → build").`),
+(e.g. "install → typecheck → lint → test → build"). Also summarise CI workflow order: which workflows fire on what triggers, in what order jobs run within each.`),
   };
 }
 

package/src/sdk/workflows/builtin/ralph/opencode/index.ts

@@ -24,6 +24,7 @@ import { defineWorkflow } from "../../../index.ts";
 import {
   buildPlannerPrompt,
   buildOrchestratorPrompt,
+  buildCodeSimplifierPrompt,
   buildInfraDiscoveryPrompts,
   buildReviewPrompt,
   filterActionable,
@@ -98,7 +99,10 @@ export default defineWorkflow({
       const planner = await ctx.stage(
         { name: `planner-${iteration}` },
         {},
-        { title: `planner-${iteration}` },
+        {
+          title: `planner-${iteration}`,
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -122,7 +126,10 @@ export default defineWorkflow({
       await ctx.stage(
         { name: `orchestrator-${iteration}` },
         {},
-        { title: `orchestrator-${iteration}` },
+        {
+          title: `orchestrator-${iteration}`,
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
         async (s) => {
           const result = await s.client.session.prompt({
             sessionID: s.session.id,
@@ -140,6 +147,31 @@ export default defineWorkflow({
         },
       );
 
+      // ── Code Simplifier ───────────────────────────────────────────────
+      await ctx.stage(
+        { name: `code-simplifier-${iteration}` },
+        {},
+        {
+          title: `code-simplifier-${iteration}`,
+          permission: [{ permission: "*", pattern: "*", action: "allow" }],
+        },
+        async (s) => {
+          const result = await s.client.session.prompt({
+            sessionID: s.session.id,
+            parts: [
+              {
+                type: "text",
+                text: buildCodeSimplifierPrompt(prompt, {
+                  plannerNotes: planner.result,
+                }),
+              },
+            ],
+            agent: "code-simplifier",
+          });
+          s.save(result.data!);
+        },
+      );
+
       // ── Infrastructure Discovery (three parallel sub-agent stages) ────
       const changeset = await captureBranchChangeset();
       const discoveryPrompts = buildInfraDiscoveryPrompts();
@@ -148,7 +180,10 @@ export default defineWorkflow({
         ctx.stage(
           { name: `infra-locate-${iteration}`, headless: true },
           {},
-          { title: `infra-locate-${iteration}` },
+          {
+            title: `infra-locate-${iteration}`,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -162,7 +197,10 @@ export default defineWorkflow({
         ctx.stage(
           { name: `infra-analyze-${iteration}`, headless: true },
           {},
-          { title: `infra-analyze-${iteration}` },
+          {
+            title: `infra-analyze-${iteration}`,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -176,7 +214,10 @@ export default defineWorkflow({
         ctx.stage(
           { name: `infra-patterns-${iteration}`, headless: true },
           {},
-          { title: `infra-patterns-${iteration}` },
+          {
+            title: `infra-patterns-${iteration}`,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,
@@ -206,7 +247,10 @@ export default defineWorkflow({
         ctx.stage(
           { name },
           {},
-          { title: name },
+          {
+            title: name,
+            permission: [{ permission: "*", pattern: "*", action: "allow" }],
+          },
           async (s) => {
             const result = await s.client.session.prompt({
               sessionID: s.session.id,

package/src/services/system/auth.test.ts

@@ -38,7 +38,13 @@ let copilotGetAuthStatus = mock<() => Promise<CopilotAuthStatus>>(async () => ({
   login: "octocat",
 }));
 
+// Captures the options passed to `new CopilotClient(...)` on each call.
+let lastCopilotConstructorOptions: unknown = undefined;
+
 class FakeCopilotClient {
+  constructor(options: unknown) {
+    lastCopilotConstructorOptions = options;
+  }
   async start(): Promise<void> {
     await copilotStart();
   }
@@ -114,6 +120,7 @@ afterAll(() => {
 const { checkAgentAuth, printAuthError } = await import("./auth.ts");
 
 beforeEach(() => {
+  lastCopilotConstructorOptions = undefined;
   copilotStart.mockClear();
   copilotStart.mockImplementation(async () => {});
   copilotStop.mockClear();
@@ -173,6 +180,52 @@ describe("checkAgentAuth(copilot)", () => {
     // The stop failure must not shadow the probe result.
     expect(result.detail).not.toContain("stop crashed");
   });
+
+  test("constructs CopilotClient with COPILOT_CLI_PATH as cliPath and NODE_NO_WARNINGS=1 in env", async () => {
+    const origCliPath = process.env["COPILOT_CLI_PATH"];
+    process.env["COPILOT_CLI_PATH"] = "/explicit/bin/copilot";
+    try {
+      await checkAgentAuth("copilot");
+      const opts = lastCopilotConstructorOptions as {
+        cliPath?: string;
+        env?: Record<string, string | undefined>;
+      };
+      expect(opts).toBeDefined();
+      expect(opts.cliPath).toBe("/explicit/bin/copilot");
+      expect(opts.env?.["NODE_NO_WARNINGS"]).toBe("1");
+    } finally {
+      if (origCliPath === undefined) delete process.env["COPILOT_CLI_PATH"];
+      else process.env["COPILOT_CLI_PATH"] = origCliPath;
+    }
+  });
+
+  test("constructs CopilotClient via centralized launch options — env.NODE_NO_WARNINGS=1 present even when COPILOT_CLI_PATH is unset", async () => {
+    // When COPILOT_CLI_PATH is absent the auth probe delegates entirely to
+    // copilotSdkLaunchOptions(), which always injects NODE_NO_WARNINGS=1
+    // via copilotSubprocessEnv(). No cliPath should appear in the options
+    // because resolveCopilotCliPath() returns undefined when the env var is
+    // not set and no standalone binary is found on PATH.
+    const origCliPath = process.env["COPILOT_CLI_PATH"];
+    delete process.env["COPILOT_CLI_PATH"];
+    try {
+      await checkAgentAuth("copilot");
+      const opts = lastCopilotConstructorOptions as {
+        cliPath?: string;
+        env?: Record<string, string | undefined>;
+      };
+      expect(opts).toBeDefined();
+      // Centralized env must always include NODE_NO_WARNINGS regardless of cliPath.
+      expect(opts.env?.["NODE_NO_WARNINGS"]).toBe("1");
+      // cliPath must not be injected from a stale or undefined resolution.
+      // (It may be defined if a copilot binary happens to be on PATH in the
+      // test environment, but it must never be "/explicit/bin/copilot" which
+      // is only set by the sibling test above.)
+      expect(opts.cliPath).not.toBe("/explicit/bin/copilot");
+    } finally {
+      if (origCliPath === undefined) delete process.env["COPILOT_CLI_PATH"];
+      else process.env["COPILOT_CLI_PATH"] = origCliPath;
+    }
+  });
 });
 
 describe("checkAgentAuth(claude)", () => {

package/src/services/system/auth.ts

@@ -17,7 +17,8 @@
 
 import type { AgentKey } from "../config/index.ts";
 import { COLORS } from "../../theme/colors.ts";
-import { copilotSubprocessEnv } from "../../sdk/providers/copilot.ts";
+import { copilotSdkLaunchOptions } from "../../sdk/providers/copilot.ts";
+import { withAtomicTempEnv } from "../../lib/atomic-temp.ts";
 
 export interface AuthCheckResult {
   /** True when the SDK reports the user is authenticated. */
@@ -72,7 +73,7 @@ const AUTH_PROMPTS: Record<AgentKey, { name: string; loginHint: string }> = {
 
 async function checkCopilotAuth(): Promise<AuthCheckResult> {
   const { CopilotClient } = await import("@github/copilot-sdk");
-  const client = new CopilotClient({ env: copilotSubprocessEnv() });
+  const client = new CopilotClient(copilotSdkLaunchOptions());
   try {
     await client.start();
     const status = await client.getAuthStatus();
@@ -105,33 +106,35 @@ async function checkClaudeAuth(): Promise<AuthCheckResult> {
   // actually delivered.
   async function* emptyStream(): AsyncGenerator<never, void, void> {}
 
-  const q = query({
-    prompt: emptyStream(),
-    options: {
-      pathToClaudeCodeExecutable: resolveHeadlessClaudeBin(),
-    },
-  });
+  return await withAtomicTempEnv(async () => {
+    const q = query({
+      prompt: emptyStream(),
+      options: {
+        pathToClaudeCodeExecutable: resolveHeadlessClaudeBin(),
+      },
+    });
 
-  try {
-    const init = await q.initializationResult();
-    const account = init.account ?? {};
-    const loggedIn = Boolean(
-      account.email || account.tokenSource || account.apiKeySource,
-    );
-    return {
-      loggedIn,
-      identity: account.email,
-    };
-  } catch (err) {
-    return {
-      loggedIn: false,
-      detail: err instanceof Error ? err.message : String(err),
-    };
-  } finally {
     try {
-      q.close();
-    } catch {
-      // Best effort — the subprocess is torn down on process exit anyway.
+      const init = await q.initializationResult();
+      const account = init.account ?? {};
+      const loggedIn = Boolean(
+        account.email || account.tokenSource || account.apiKeySource,
+      );
+      return {
+        loggedIn,
+        identity: account.email,
+      };
+    } catch (err) {
+      return {
+        loggedIn: false,
+        detail: err instanceof Error ? err.message : String(err),
+      };
+    } finally {
+      try {
+        q.close();
+      } catch {
+        // Best effort — the subprocess is torn down on process exit anyway.
+      }
     }
-  }
+  });
 }

package/src/services/system/detect.ts

@@ -24,7 +24,7 @@ export function isCommandInstalled(cmd: string): boolean {
  * @returns The absolute path to the command, or null if not found
  */
 export function getCommandPath(cmd: string): string | null {
-  return Bun.which(cmd);
+  return Bun.which(cmd, { PATH: process.env["PATH"] ?? "" });
 }
 
 /**