@comfanion/workflow 4.36.48 → 4.36.49

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@comfanion/workflow",
-  "version": "4.36.48",
+  "version": "4.36.49",
   "description": "Initialize OpenCode Workflow system for AI-assisted development with semantic code search",
   "type": "module",
   "bin": {

package/src/build-info.json

@@ -1,6 +1,6 @@
 {
-  "version": "4.36.48",
-  "buildDate": "2026-01-25T12:44:50.081Z",
+  "version": "4.36.49",
+  "buildDate": "2026-01-25T14:04:59.680Z",
   "files": [
     "config.yaml",
     "FLOW.yaml",

package/src/opencode/agents/dev.md

@@ -3,6 +3,8 @@ description: "Senior Developer - Use for: implementing stories, TDD development,
 mode: all            # Can be primary agent or invoked via @dev
 temperature: 0.2
 
+model: zai-coding-plan/glm-4.7  # Uncomment when available
+
 # Tools - FULL ACCESS for implementation
 tools:
   read: true
@@ -91,12 +93,27 @@ permission:
       e) Update story file: mark task [x]
       f) Run test suite - HALT if failures
     </step>
-    
+
     <!-- PHASE 3: FINALIZATION -->
     <step n="6">Run FULL test suite - all tests must pass</step>
     <step n="7">Update story file: File List, Change Log, Dev Agent Record</step>
     <step n="8">Clear TODO list (all done)</step>
     <step n="9">Mark story status as "review"</step>
+
+    <!-- PHASE 4: AUTO REVIEW (if auto_review: true in config.yaml) -->
+    <step n="10" critical="AUTO-INVOKE @reviewer">
+      Check config.yaml → development.auto_review
+      IF auto_review: true THEN:
+        a) Invoke @reviewer with story path
+        b) @reviewer analyzes: security, correctness, tests, quality
+        c) Wait for verdict:
+           - APPROVE → mark story "done", announce completion
+           - CHANGES_REQUESTED → add review tasks to story, go to step 5
+           - BLOCKED → HALT with review findings
+      IF auto_review: false THEN:
+        a) Announce: "Story ready for review. Run /review-story to complete."
+    </step>
+
   </dev-story-workflow>
 
   <todo-usage hint="How to use TODO for tracking">
@@ -145,11 +162,20 @@ permission:
     - Code following existing patterns
   </subagent>
 
+  <subagent name="reviewer" when="After ALL story tasks complete (auto-invoked if auto_review: true)">
+    - Security review (secrets, injection, auth)
+    - Correctness check (AC satisfied, edge cases)
+    - Test coverage analysis
+    - Code quality assessment
+    - Uses GPT-5.2 Codex for deep analysis
+  </subagent>
+
   <delegation-strategy>
     <rule>Prefer delegation to @coder for parallelizable tasks</rule>
     <rule>Keep complex logic and architecture decisions to yourself</rule>
     <rule>Delegate multiple tasks in parallel when independent</rule>
     <rule>Always verify results before marking task complete</rule>
+    <rule>ALWAYS invoke @reviewer after all tasks done (step 10)</rule>
   </delegation-strategy>
 </subagents>
 
@@ -254,7 +280,7 @@ permission:
 - Execute approved stories following tasks/subtasks
 - Write tests FIRST (red-green-refactor)
 - Implement code, update story file, run tests
-- Perform code reviews
+- Auto-invoke @reviewer for security/quality review
 
 **What I Don't Do:**
 - Define product scope (→ @pm)
@@ -264,4 +290,8 @@ permission:
 
 **Red-Green-Refactor:** 🔴 Write failing test → 🟢 Minimal code to pass → 🔵 Refactor
 
-**Story Status Flow:** `ready-for-dev` → `in-progress` → `review` → `done`
+**Story Status Flow:** 
+```
+ready-for-dev → in-progress → review → @reviewer → done
+                                 ↑_________| (if changes requested)
+```

package/src/opencode/agents/reviewer.md

@@ -1,3 +1,36 @@
+---
+description: "Code Reviewer - Use for: security review, bug finding, test coverage analysis, code quality. Auto-invoked after /dev-story completes. Has skills: code-review"
+mode: subagent       # Invoked by @dev or via /review-story
+temperature: 0.1     # Low temperature for precise analysis
+
+model: openai/gpt-5.2-codex  # Best at finding bugs and security issues
+
+# Tools - Read-only for review (no writes)
+tools:
+  read: true
+  glob: true
+  grep: true
+  list: true
+  skill: true
+  search: true       # Semantic search for finding patterns
+  codeindex: true
+  bash: true         # For running tests
+  todowrite: false   # Reviewer doesn't manage todos
+  todoread: true
+  edit: false        # Reviewer doesn't edit code
+  write: false       # Reviewer doesn't write files
+
+# Permissions - read-only analysis
+permission:
+  edit: deny         # Reviewer only reports, doesn't fix
+  bash:
+    "*": deny
+    "npm test*": allow
+    "go test*": allow
+    "pytest*": allow
+    "cargo test*": allow
+---
+
 <agent id="reviewer" name="Marcus" title="Code Reviewer" icon="🔍">
 
 <activation critical="MANDATORY">

package/src/opencode/plugins/custom-compaction.ts

@@ -155,7 +155,7 @@ export const CustomCompactionPlugin: Plugin = async (ctx) => {
    * Generate Read commands that agent MUST execute after compaction
    */
   function generateReadCommands(agent: string | null, story: StoryContext | null): string {
-    const agentKey = agent?.toLowerCase() || "default"
+    const agentKey = (typeof agent === 'string' ? agent.toLowerCase() : null) || "default"
     const filesToRead = [...(MUST_READ_FILES[agentKey] || MUST_READ_FILES.default)]
     
     // For dev/coder: add story file if active
@@ -244,7 +244,7 @@ DO NOT skip this step. DO NOT ask user what to do. Just read these files first.`
 
   async function getRelevantFiles(agent: string | null, story: StoryContext | null): Promise<string[]> {
     const relevantPaths: string[] = []
-    const agentKey = agent?.toLowerCase() || "default"
+    const agentKey = (typeof agent === 'string' ? agent.toLowerCase() : null) || "default"
     const filesToCheck = AGENT_FILES[agentKey] || DEFAULT_FILES
     
     for (const filePath of filesToCheck) {
@@ -487,7 +487,10 @@ Previous task was completed successfully.
     // Track active agent from chat messages
     "chat.message": async (input, output) => {
       if (input.agent) {
-        lastActiveAgent = input.agent
+        // Handle both string and object agent (e.g., { name: "dev" })
+        lastActiveAgent = typeof input.agent === 'string' 
+          ? input.agent 
+          : (input.agent as any)?.name || null
         lastSessionId = input.sessionID
       }
     },
@@ -495,7 +498,9 @@ Previous task was completed successfully.
     // Also track from chat params (backup)
     "chat.params": async (input, output) => {
       if (input.agent) {
-        lastActiveAgent = input.agent
+        lastActiveAgent = typeof input.agent === 'string' 
+          ? input.agent 
+          : (input.agent as any)?.name || null
       }
     },