@comfanion/workflow 4.36.47 → 4.36.49

package/README.md

@@ -21,9 +21,10 @@ The workflow uses specialized AI agents, each with a unique persona and skills:
 | 📊 **Analyst** | Sara | Requirements gathering, stakeholder interviews | Planning |
 | 📋 **PM** | Dima | PRD, epics, stories, sprint planning, Jira | Planning → Sprint |
 | 🏗️ **Architect** | Winston | System design, ADRs, coding standards | Planning |
-| 💻 **Dev** | Rick | TDD implementation, code review | Implementation |
+| 💻 **Dev** | Rick | TDD implementation, story development | Implementation |
 | ⚡ **Coder** | Morty | Quick implementation, bug fixes | Implementation |
-| 🔍 **Researcher** | Kristina | Technical/market/domain research | Any |
+| 🔍 **Reviewer** | Marcus | Security review, bug finding (GPT-5.2 Codex) | Implementation |
+| 🔬 **Researcher** | Kristina | Technical/market/domain research | Any |
 | 🔄 **Change Manager** | Bruce | Documentation changes, impact analysis | Any |
 
 ### Workflow Pipeline
@@ -31,9 +32,18 @@ The workflow uses specialized AI agents, each with a unique persona and skills:
 ```
 Planning:    /requirements → /prd → /coding-standards → /architecture
 Sprint:      /epics → /stories → /sprint-plan → /jira-sync  
-Development: /dev-story ↔ /code-review (loop until done)
+Development: /dev-story → /review-story (auto) → done
+                  ↑______________|  (fix if issues found)
 ```
 
+### Auto Review
+
+After `/dev-story` completes all tasks, `@reviewer` (GPT-5.2 Codex) automatically reviews:
+- **Security** - secrets, injection, auth/authz
+- **Correctness** - AC satisfied, edge cases
+- **Testing** - coverage, quality
+- **Code quality** - architecture, performance
+
 ### Key Skills
 
 - **requirements-gathering** - Extract FR/NFR through interviews
@@ -127,7 +137,11 @@ npx @comfanion/workflow init
 2. **Communication language** - Ukrainian, English, Russian
 3. **Development methodology** - TDD or STUB
 4. **Vectorizer** - Enable semantic search
-5. **Jira integration** - Enable/disable
+5. **Embedding model** - Choose speed vs quality:
+   - MiniLM-L6 (Fast) - ~10 files/10sec
+   - BGE-small (Balanced) - ~9 files/10sec ← default
+   - BGE-base (Quality) - ~3 files/10sec
+6. **Jira integration** - Enable/disable
 
 **Flags:**
 
@@ -181,11 +195,13 @@ communication_language: "en"  # en, uk, ru
 # Development
 development:
   methodology: tdd  # tdd or stub
+  auto_review: true # Auto-invoke @reviewer after /dev-story
 
 # Semantic Search
 vectorizer:
   enabled: true
   auto_index: true      # Auto-index on startup
+  model: "Xenova/bge-small-en-v1.5"  # MiniLM, bge-small, bge-base
   debounce_ms: 5000
   indexes:
     code: { enabled: true }
@@ -212,12 +228,18 @@ jira:
 ├── config.yaml          # Your configuration
 ├── FLOW.yaml            # Workflow definition
 ├── agents/              # AI agent personas
-│   ├── analyst.md       # Business Analyst
-│   ├── pm.md            # Product Manager
-│   ├── architect.md     # Solution Architect
-│   └── dev.md           # Senior Developer
+│   ├── analyst.md       # Sara - Business Analyst
+│   ├── pm.md            # Dima - Product Manager
+│   ├── architect.md     # Winston - Solution Architect
+│   ├── dev.md           # Rick - Senior Developer
+│   ├── coder.md         # Morty - Fast Coder
+│   ├── reviewer.md      # Marcus - Code Reviewer (GPT-5.2 Codex)
+│   ├── researcher.md    # Kristina - Researcher
+│   └── change-manager.md # Bruce - Change Manager
 ├── skills/              # Knowledge modules (25+)
-├── plugins/             # Auto-indexer plugin
+├── plugins/             # Plugins
+│   ├── file-indexer.ts  # Auto-indexer on startup
+│   └── custom-compaction.ts  # Agent-aware session compaction
 ├── vectorizer/          # Semantic search engine
 │   ├── index.js
 │   └── package.json

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@comfanion/workflow",
-  "version": "4.36.47",
+  "version": "4.36.49",
   "description": "Initialize OpenCode Workflow system for AI-assisted development with semantic code search",
   "type": "module",
   "bin": {

package/src/build-info.json

@@ -1,6 +1,6 @@
 {
-  "version": "4.36.47",
-  "buildDate": "2026-01-25T02:32:44.569Z",
+  "version": "4.36.49",
+  "buildDate": "2026-01-25T14:04:59.680Z",
   "files": [
     "config.yaml",
     "FLOW.yaml",

package/src/opencode/agents/dev.md

@@ -3,6 +3,8 @@ description: "Senior Developer - Use for: implementing stories, TDD development,
 mode: all            # Can be primary agent or invoked via @dev
 temperature: 0.2
 
+model: zai-coding-plan/glm-4.7  # Uncomment when available
+
 # Tools - FULL ACCESS for implementation
 tools:
   read: true
@@ -91,12 +93,27 @@ permission:
       e) Update story file: mark task [x]
       f) Run test suite - HALT if failures
     </step>
-    
+
     <!-- PHASE 3: FINALIZATION -->
     <step n="6">Run FULL test suite - all tests must pass</step>
     <step n="7">Update story file: File List, Change Log, Dev Agent Record</step>
     <step n="8">Clear TODO list (all done)</step>
     <step n="9">Mark story status as "review"</step>
+
+    <!-- PHASE 4: AUTO REVIEW (if auto_review: true in config.yaml) -->
+    <step n="10" critical="AUTO-INVOKE @reviewer">
+      Check config.yaml → development.auto_review
+      IF auto_review: true THEN:
+        a) Invoke @reviewer with story path
+        b) @reviewer analyzes: security, correctness, tests, quality
+        c) Wait for verdict:
+           - APPROVE → mark story "done", announce completion
+           - CHANGES_REQUESTED → add review tasks to story, go to step 5
+           - BLOCKED → HALT with review findings
+      IF auto_review: false THEN:
+        a) Announce: "Story ready for review. Run /review-story to complete."
+    </step>
+
   </dev-story-workflow>
 
   <todo-usage hint="How to use TODO for tracking">
@@ -145,11 +162,20 @@ permission:
     - Code following existing patterns
   </subagent>
 
+  <subagent name="reviewer" when="After ALL story tasks complete (auto-invoked if auto_review: true)">
+    - Security review (secrets, injection, auth)
+    - Correctness check (AC satisfied, edge cases)
+    - Test coverage analysis
+    - Code quality assessment
+    - Uses GPT-5.2 Codex for deep analysis
+  </subagent>
+
   <delegation-strategy>
     <rule>Prefer delegation to @coder for parallelizable tasks</rule>
     <rule>Keep complex logic and architecture decisions to yourself</rule>
     <rule>Delegate multiple tasks in parallel when independent</rule>
     <rule>Always verify results before marking task complete</rule>
+    <rule>ALWAYS invoke @reviewer after all tasks done (step 10)</rule>
   </delegation-strategy>
 </subagents>
 
@@ -254,7 +280,7 @@ permission:
 - Execute approved stories following tasks/subtasks
 - Write tests FIRST (red-green-refactor)
 - Implement code, update story file, run tests
-- Perform code reviews
+- Auto-invoke @reviewer for security/quality review
 
 **What I Don't Do:**
 - Define product scope (→ @pm)
@@ -264,4 +290,8 @@ permission:
 
 **Red-Green-Refactor:** 🔴 Write failing test → 🟢 Minimal code to pass → 🔵 Refactor
 
-**Story Status Flow:** `ready-for-dev` → `in-progress` → `review` → `done`
+**Story Status Flow:** 
+```
+ready-for-dev → in-progress → review → @reviewer → done
+                                 ↑_________| (if changes requested)
+```

package/src/opencode/agents/reviewer.md

@@ -1,3 +1,36 @@
+---
+description: "Code Reviewer - Use for: security review, bug finding, test coverage analysis, code quality. Auto-invoked after /dev-story completes. Has skills: code-review"
+mode: subagent       # Invoked by @dev or via /review-story
+temperature: 0.1     # Low temperature for precise analysis
+
+model: openai/gpt-5.2-codex  # Best at finding bugs and security issues
+
+# Tools - Read-only for review (no writes)
+tools:
+  read: true
+  glob: true
+  grep: true
+  list: true
+  skill: true
+  search: true       # Semantic search for finding patterns
+  codeindex: true
+  bash: true         # For running tests
+  todowrite: false   # Reviewer doesn't manage todos
+  todoread: true
+  edit: false        # Reviewer doesn't edit code
+  write: false       # Reviewer doesn't write files
+
+# Permissions - read-only analysis
+permission:
+  edit: deny         # Reviewer only reports, doesn't fix
+  bash:
+    "*": deny
+    "npm test*": allow
+    "go test*": allow
+    "pytest*": allow
+    "cargo test*": allow
+---
+
 <agent id="reviewer" name="Marcus" title="Code Reviewer" icon="🔍">
 
 <activation critical="MANDATORY">

package/src/opencode/plugins/custom-compaction.ts

@@ -155,7 +155,7 @@ export const CustomCompactionPlugin: Plugin = async (ctx) => {
    * Generate Read commands that agent MUST execute after compaction
    */
   function generateReadCommands(agent: string | null, story: StoryContext | null): string {
-    const agentKey = agent?.toLowerCase() || "default"
+    const agentKey = (typeof agent === 'string' ? agent.toLowerCase() : null) || "default"
     const filesToRead = [...(MUST_READ_FILES[agentKey] || MUST_READ_FILES.default)]
     
     // For dev/coder: add story file if active
@@ -244,7 +244,7 @@ DO NOT skip this step. DO NOT ask user what to do. Just read these files first.`
 
   async function getRelevantFiles(agent: string | null, story: StoryContext | null): Promise<string[]> {
     const relevantPaths: string[] = []
-    const agentKey = agent?.toLowerCase() || "default"
+    const agentKey = (typeof agent === 'string' ? agent.toLowerCase() : null) || "default"
     const filesToCheck = AGENT_FILES[agentKey] || DEFAULT_FILES
     
     for (const filePath of filesToCheck) {
@@ -487,7 +487,10 @@ Previous task was completed successfully.
     // Track active agent from chat messages
     "chat.message": async (input, output) => {
       if (input.agent) {
-        lastActiveAgent = input.agent
+        // Handle both string and object agent (e.g., { name: "dev" })
+        lastActiveAgent = typeof input.agent === 'string' 
+          ? input.agent 
+          : (input.agent as any)?.name || null
         lastSessionId = input.sessionID
       }
     },
@@ -495,7 +498,9 @@ Previous task was completed successfully.
     // Also track from chat params (backup)
     "chat.params": async (input, output) => {
       if (input.agent) {
-        lastActiveAgent = input.agent
+        lastActiveAgent = typeof input.agent === 'string' 
+          ? input.agent 
+          : (input.agent as any)?.name || null
       }
     },