@doingdev/opencode-claude-manager-plugin 0.1.20 → 0.1.21

package/README.md

@@ -1,36 +1,43 @@
-# OpenCode Claude Manager Plugin
+# OpenCode Claude Code Subagents Plugin
 
-This package provides an OpenCode plugin that lets an OpenCode-side manager agent orchestrate Claude Code sessions through a stable local bridge.
+Thin OpenCode orchestrator plugin with Claude Code specialist subagents.
 
 ## Overview
 
-Use this when you want OpenCode to act as a manager over Claude Code instead of talking to Claude directly. The plugin gives OpenCode a stable tool surface for delegating work to Claude Code sessions, managing session lifecycle (compact, clear, fresh start), reviewing changes via git, and inspecting session history.
+This plugin turns OpenCode into a lightweight orchestrator that delegates coding work to Claude Code specialists. Instead of a monolithic manager with custom tools, it registers:
 
-## Features
+- **1 orchestrator agent** (`opencode-orchestrator`) — runs on the user's default OpenCode model, gathers context, and delegates to specialists.
+- **4 Claude Code subagents** — planning and build specialists, each available in Opus and Sonnet variants.
+- **1 provider** (`claude-code`) — backed by [`ai-sdk-provider-claude-code`](https://ai-sdk.dev/providers/community-providers/claude-code).
 
-- Runs Claude Code tasks from OpenCode through `@anthropic-ai/claude-agent-sdk`.
-- Persistent sessions with `freshSession`, model, and effort controls for safe task isolation.
-- Context lifecycle: compact (preserve state) or clear (start fresh).
-- Discovers repo-local Claude metadata from `.claude/skills`, `.claude/commands`, `CLAUDE.md`, and settings hooks.
-- Git integration: diff, commit, and reset from the manager layer.
-- Tool approval policy for governing which Claude Code tools are allowed.
-- Optionally persists manager run records under `.claude-manager/runs` for post-hoc inspection (populated when tasks are executed through the run-tracking path).
+No custom tools are exposed. The orchestrator uses only OpenCode's built-in tools (read, grep, glob, list, webfetch, question, todowrite, todoread, task) and delegates actual coding to Claude Code subagents.
+
+## Architecture
+
+```
+User → OpenCode Orchestrator (user's model)
+           ├── claude-code-planning-opus    (claude-code/opus)
+           ├── claude-code-planning-sonnet  (claude-code/sonnet)
+           ├── claude-code-build-opus       (claude-code/opus)
+           └── claude-code-build-sonnet     (claude-code/sonnet)
+```
+
+**Planning agents** are positioned for investigation, architecture, and plans.
+**Build agents** are positioned for implementation, testing, and validation.
 
 ## Requirements
 
 - Node `22+`
 - OpenCode with plugin loading enabled
-- Access to Claude Code / Claude Agent SDK on the machine where OpenCode is running
+- Claude Code available on the machine (the `ai-sdk-provider-claude-code` provider connects to it)
 
 ## Installation
 
-Install from the npm registry:
-
 ```bash
 pnpm add @doingdev/opencode-claude-manager-plugin
 ```
 
-Or for local development in this repo:
+Or for local development:
 
 ```bash
 pnpm install
@@ -39,89 +46,38 @@ pnpm run build
 
 ## OpenCode Config
 
-Add the plugin to your OpenCode config:
-
 ```json
 {
   "plugin": ["@doingdev/opencode-claude-manager-plugin"]
 }
 ```
 
-If you are testing locally, point OpenCode at the local package or plugin file using your normal local plugin workflow.
-
-## OpenCode tools
-
-### Session management
-
-- `claude_manager_send` — send a message to the persistent Claude Code session. Auto-creates on first call, resumes on subsequent calls.
-  - `message` (required) — the instruction to send.
-  - `mode` — `"plan"` (read-only investigation) or `"free"` (default, normal execution with edits).
-  - `freshSession` — set to `true` to clear the active session before sending. Use when switching to an unrelated task or when context is contaminated.
-  - `model` — `"claude-opus-4-6"` (default, recommended for most coding work), `"claude-sonnet-4-6"`, or `"claude-sonnet-4-5"` (faster/lighter tasks).
-  - `effort` — `"high"` (default), `"medium"` (lighter tasks), `"low"`, or `"max"` (especially hard problems).
-- `claude_manager_compact` — compress the active session context while preserving session state. Use before clearing when context is high but salvageable.
-- `claude_manager_clear` — drop the active session entirely; next send starts fresh.
-- `claude_manager_status` — get current session health: context %, turns, cost, session ID.
-
-### Git operations
-
-- `claude_manager_git_diff` — review all uncommitted changes (staged + unstaged).
-- `claude_manager_git_commit` — stage all changes and commit with a message.
-- `claude_manager_git_reset` — hard reset + clean (destructive).
+## Agents
 
-### Inspection
+| Agent                         | Model                | Mode     | Role                                                      |
+| ----------------------------- | -------------------- | -------- | --------------------------------------------------------- |
+| `opencode-orchestrator`       | user's default       | primary  | CTO-level orchestrator; gathers context, delegates coding |
+| `claude-code-planning-opus`   | `claude-code/opus`   | subagent | Investigation, architecture, planning                     |
+| `claude-code-planning-sonnet` | `claude-code/sonnet` | subagent | Lighter investigation and planning                        |
+| `claude-code-build-opus`      | `claude-code/opus`   | subagent | Implementation and validation                             |
+| `claude-code-build-sonnet`    | `claude-code/sonnet` | subagent | Lighter implementation tasks                              |
 
-- `claude_manager_metadata` — inspect available Claude commands, skills, hooks, and settings.
-- `claude_manager_sessions` — list Claude sessions or inspect a saved transcript.
-- `claude_manager_runs` — list or inspect persisted manager run records (may be empty if tasks were sent directly via `claude_manager_send` rather than the run-tracking path).
-
-### Tool approval
-
-- `claude_manager_approval_policy` — view the current tool approval policy.
-- `claude_manager_approval_decisions` — view recent tool approval decisions.
-- `claude_manager_approval_update` — add/remove rules, change default action, or enable/disable approval.
-
-## Plugin-provided agents and commands
-
-When the plugin loads successfully, it also injects config entries through the OpenCode plugin `config` hook.
-
-- Primary agent: `claude-manager`
-- Subagent: `claude-manager-research`
-- Commands: `/claude-metadata`, `/claude-run`, `/claude-sessions`
-
-These are added to OpenCode config at runtime by the plugin, so they do not require separate manual `opencode.json` entries.
-
-## Quick Start
-
-Typical flow inside OpenCode:
-
-1. Inspect Claude capabilities with `claude_manager_metadata`.
-2. Delegate work with `claude_manager_send`.
-3. Review changes with `claude_manager_git_diff`, then commit or reset.
-4. Inspect saved Claude history with `claude_manager_sessions` or prior orchestration records with `claude_manager_runs`.
-
-Example tasks:
-
-```text
-Use claude_manager_send to implement the new validation logic in src/auth.ts, then review with claude_manager_git_diff.
-```
+## Bash Safety
 
-Start a fresh session for an unrelated task:
+A minimal safety layer enforces deny rules via the `permission.ask` hook:
 
-```text
-Use claude_manager_send with freshSession:true to investigate the failing CI test in test/api.test.ts using mode:"plan".
-```
+- `rm -rf /` — denied
+- `git push --force` — denied
+- `git reset --hard` — denied
+- All other bash commands — allowed (including `pnpm test`, `pnpm lint`, `pnpm build`, etc.)
 
-Reclaim context mid-session:
+## Limitations
 
-```text
-Use claude_manager_compact to free up context, then continue with the next implementation step.
-```
+- Claude Code `effort` is not currently configurable through OpenCode provider/model options. The subagent prompts compensate by setting high-quality expectations directly.
+- The `ai-sdk-provider-claude-code` community provider must be available for the Claude Code subagents to function.
 
 ## Local Development
 
-Clone the repo and run:
-
 ```bash
 pnpm install
 pnpm run lint
@@ -130,54 +86,9 @@ pnpm run test
 pnpm run build
 ```
 
-The compiled plugin output is written to `dist/`.
-
 ## Publishing
 
-This package is configured for the npm scope `@doingdev`.
-
-This repository uses npm trusted publishing with GitHub Actions OIDC, so you do not need an `NPM_TOKEN` secret once npm is configured correctly.
-
-Before the first automated publish, configure npm trusted publishing for `@doingdev/opencode-claude-manager-plugin` on npmjs.com:
-
-1. Open the package settings on npmjs.com.
-2. Go to the `Trusted Publisher` section.
-3. Choose `GitHub Actions`.
-4. Set the GitHub owner/user to your account or org.
-5. Set the repository name.
-6. Set the workflow filename to `publish.yml`.
-7. Leave the environment name empty unless you later add a GitHub Actions environment back to the workflow.
-
-Notes for trusted publishing:
-
-- npm trusted publishing requires GitHub-hosted runners.
-- npm recommends Node `22.14.0+` with npm CLI `11.5.1+`; the workflows use Node `24`.
-- Provenance is generated automatically by npm for trusted publishes from public GitHub repositories.
-
-Release flow:
-
-```bash
-pnpm login
-pnpm whoami
-pnpm version patch
-pnpm run lint
-pnpm run typecheck
-pnpm run test
-pnpm run build
-```
-
-Then publish from GitHub by either:
-
-- creating a GitHub Release, or
-- running the `Publish` workflow manually from the Actions tab
-
-After trusted publishing is working, you can tighten npm package security by disabling token-based publishing for the package in npm settings.
-
-## Limitations
-
-- Claude slash commands and skills come primarily from filesystem discovery; SDK probing is available but optional.
-- Session state is local to the repo under `.claude-manager/` and is ignored by git.
-- Context tracking is heuristic-based; actual SDK context usage may differ slightly.
+This package is configured for the npm scope `@doingdev`. See the GitHub Actions workflow for automated publishing via npm trusted publishing.
 
 ## Scripts
 

package/dist/index.d.ts

@@ -1,6 +1,7 @@
 import type { Plugin } from '@opencode-ai/plugin';
-import { ClaudeManagerPlugin } from './plugin/claude-manager.plugin.js';
-export type { ClaudeCapabilitySnapshot, ClaudeMetadataSnapshot, ClaudeSessionRunResult, ClaudeSessionSummary, ClaudeSessionTranscriptMessage, ManagerPromptRegistry, RunClaudeSessionInput, SessionContextSnapshot, GitDiffResult, GitOperationResult, PersistentRunRecord, PersistentRunResult, ActiveSessionState, ContextWarningLevel, SessionMode, LiveTailEvent, ToolOutputPreview, ToolApprovalRule, ToolApprovalPolicy, ToolApprovalDecision, } from './types/contracts.js';
-export { SessionLiveTailer } from './claude/session-live-tailer.js';
-export { ClaudeManagerPlugin };
+import { OrchestratorPlugin } from './plugin/orchestrator.plugin.js';
+export { OrchestratorPlugin };
+export { evaluateBashCommand, extractBashCommand, } from './safety/bash-safety.js';
+export type { BashSafetyResult } from './safety/bash-safety.js';
+export { prompts } from './prompts/registry.js';
 export declare const plugin: Plugin;

package/dist/index.js

@@ -1,4 +1,5 @@
-import { ClaudeManagerPlugin } from './plugin/claude-manager.plugin.js';
-export { SessionLiveTailer } from './claude/session-live-tailer.js';
-export { ClaudeManagerPlugin };
-export const plugin = ClaudeManagerPlugin;
+import { OrchestratorPlugin } from './plugin/orchestrator.plugin.js';
+export { OrchestratorPlugin };
+export { evaluateBashCommand, extractBashCommand, } from './safety/bash-safety.js';
+export { prompts } from './prompts/registry.js';
+export const plugin = OrchestratorPlugin;

package/dist/plugin/orchestrator.plugin.d.ts

@@ -0,0 +1,14 @@
+import type { Plugin } from '@opencode-ai/plugin';
+/**
+ * Thin OpenCode orchestrator plugin with Claude Code specialist subagents.
+ *
+ * - Registers `claude-code` provider via ai-sdk-provider-claude-code.
+ * - Creates one orchestrator agent (uses the user's default OpenCode model).
+ * - Creates 4 Claude Code subagents: planning + build × opus + sonnet.
+ * - Enforces bash safety via the permission.ask hook.
+ *
+ * NOTE: Claude Code `effort` is not configurable through OpenCode provider/model
+ * options at this time. The subagent prompts compensate by setting high-quality
+ * expectations directly.
+ */
+export declare const OrchestratorPlugin: Plugin;

package/dist/plugin/orchestrator.plugin.js

@@ -0,0 +1,108 @@
+import { prompts } from '../prompts/registry.js';
+import { evaluateBashCommand, extractBashCommand, } from '../safety/bash-safety.js';
+/**
+ * Thin OpenCode orchestrator plugin with Claude Code specialist subagents.
+ *
+ * - Registers `claude-code` provider via ai-sdk-provider-claude-code.
+ * - Creates one orchestrator agent (uses the user's default OpenCode model).
+ * - Creates 4 Claude Code subagents: planning + build × opus + sonnet.
+ * - Enforces bash safety via the permission.ask hook.
+ *
+ * NOTE: Claude Code `effort` is not configurable through OpenCode provider/model
+ * options at this time. The subagent prompts compensate by setting high-quality
+ * expectations directly.
+ */
+export const OrchestratorPlugin = async () => {
+    return {
+        config: async (config) => {
+            config.provider ??= {};
+            config.agent ??= {};
+            // ── Provider ──────────────────────────────────────────────────────
+            config.provider['claude-code'] ??= {
+                npm: 'ai-sdk-provider-claude-code',
+                models: {
+                    opus: {
+                        id: 'opus',
+                        name: 'Claude Code Opus 4.6',
+                    },
+                    sonnet: {
+                        id: 'sonnet',
+                        name: 'Claude Code Sonnet 4.6',
+                    },
+                },
+            };
+            // ── Orchestrator (uses user's default model — no model set) ───────
+            config.agent['opencode-orchestrator'] ??= {
+                description: 'CTO-level orchestrator that gathers context and delegates coding to Claude Code specialists.',
+                mode: 'primary',
+                color: '#D97757',
+                prompt: prompts.orchestrator,
+                permission: {
+                    '*': 'deny',
+                    read: 'allow',
+                    grep: 'allow',
+                    glob: 'allow',
+                    list: 'allow',
+                    webfetch: 'allow',
+                    question: 'allow',
+                    todowrite: 'allow',
+                    todoread: 'allow',
+                    task: 'allow',
+                    bash: 'deny',
+                    edit: 'deny',
+                    skill: 'deny',
+                },
+            };
+            // ── Planning subagents ────────────────────────────────────────────
+            const claudeCodePermissions = {
+                '*': 'allow',
+                bash: 'allow',
+            };
+            config.agent['claude-code-planning-opus'] ??= {
+                description: 'Claude Code Opus specialist for investigation, architecture, and planning.',
+                model: 'claude-code/opus',
+                mode: 'subagent',
+                color: 'info',
+                prompt: prompts.planningAgent,
+                permission: { ...claudeCodePermissions },
+            };
+            config.agent['claude-code-planning-sonnet'] ??= {
+                description: 'Claude Code Sonnet specialist for lighter investigation and planning.',
+                model: 'claude-code/sonnet',
+                mode: 'subagent',
+                color: 'info',
+                prompt: prompts.planningAgent,
+                permission: { ...claudeCodePermissions },
+            };
+            // ── Build subagents ───────────────────────────────────────────────
+            config.agent['claude-code-build-opus'] ??= {
+                description: 'Claude Code Opus specialist for implementation and validation.',
+                model: 'claude-code/opus',
+                mode: 'subagent',
+                color: 'success',
+                prompt: prompts.buildAgent,
+                permission: { ...claudeCodePermissions },
+            };
+            config.agent['claude-code-build-sonnet'] ??= {
+                description: 'Claude Code Sonnet specialist for lighter implementation tasks.',
+                model: 'claude-code/sonnet',
+                mode: 'subagent',
+                color: 'success',
+                prompt: prompts.buildAgent,
+                permission: { ...claudeCodePermissions },
+            };
+        },
+        // ── Bash safety via permission.ask hook ────────────────────────────
+        // Handles both v1 Permission ({ type, pattern }) and v2 PermissionRequest
+        // ({ permission, patterns }) via runtime narrowing in extractBashCommand.
+        'permission.ask': async (input, output) => {
+            const command = extractBashCommand(input);
+            if (command === null)
+                return;
+            const result = evaluateBashCommand(command);
+            if (!result.allowed) {
+                output.status = 'deny';
+            }
+        },
+    };
+};

package/dist/prompts/registry.d.ts

@@ -1,2 +1,8 @@
-import type { ManagerPromptRegistry } from '../types/contracts.js';
-export declare const managerPromptRegistry: ManagerPromptRegistry;
+/**
+ * Agent prompt registry for the orchestrator + Claude Code subagent architecture.
+ */
+export declare const prompts: {
+    orchestrator: string;
+    planningAgent: string;
+    buildAgent: string;
+};

package/dist/prompts/registry.js

@@ -1,166 +1,37 @@
-export const managerPromptRegistry = {
-    managerSystemPrompt: [
-        'You are a senior IC operating Claude Code through a persistent session.',
-        'Your job is to make Claude Code do the work — not to write code yourself.',
-        'Think like a staff engineer: correctness, maintainability, tests, rollback safety,',
-        'and clear communication to the user.',
-        '',
-        '## Decision loop',
-        'On every turn, choose exactly one action:',
-        '  investigate — read files, grep, search the codebase to build context',
-        '  delegate   — send a focused instruction to Claude Code via claude_manager_send',
-        '  review     — run claude_manager_git_diff to inspect what changed',
-        '  validate   — tell Claude Code to run tests, lint, or typecheck',
-        '  commit     — checkpoint good work with claude_manager_git_commit',
-        '  correct    — send a targeted fix instruction (never "try again")',
-        '  reset      — discard bad work with claude_manager_git_reset',
-        '  ask        — use the question tool for structured choices, or one narrow text question',
-        '',
-        'Default order: investigate → delegate → review → validate → commit.',
-        'Skip steps only when you have strong evidence they are unnecessary.',
-        '',
-        '## Before you delegate',
-        '1. Read the relevant files yourself (you have read, grep, glob).',
-        '   For broad investigations, scope them narrowly or use subagents to avoid',
-        '   polluting your own context with excessive file contents.',
-        '2. Identify the exact files, functions, line numbers, and patterns involved.',
-        '3. Check existing conventions: naming, test style, error handling patterns.',
-        '4. Craft an instruction that a senior engineer would find unambiguous.',
-        '   Bad:  "Fix the auth bug"',
-        '   Good: "In src/auth/session.ts, the `validateToken` function (line 42)',
-        '          throws on expired tokens instead of returning null. Change it to',
-        '          return null and update the caller in src/routes/login.ts:87."',
-        '',
-        '## After delegation — mandatory review',
-        'Never claim success without evidence:',
-        '1. claude_manager_git_diff — read the actual diff, not just the summary.',
-        '2. Verify the diff matches what you asked for. Check for:',
-        '   - Unintended changes or regressions',
-        '   - Missing test updates',
-        '   - Style violations against repo conventions',
-        '3. If changes look correct, tell Claude Code to run tests/lint/typecheck.',
-        '4. Only commit after verification passes.',
-        '5. If the diff is wrong: send a specific correction or reset.',
-        '',
-        '## Handling ambiguity',
-        'When requirements are unclear:',
-        '1. First, try to resolve it yourself — read code, check tests, grep for usage.',
-        '2. If ambiguity remains, ask the user ONE specific question.',
-        '   Prefer the question tool when discrete options exist (OpenCode shows choices in the UI).',
-        '   Bad:  "What should I do?"',
-        '   Good: "The `UserService` has both `deactivate()` and `softDelete()` —',
-        '          should the new endpoint use deactivation (reversible) or',
-        '          soft-delete (audit-logged)?"',
-        '3. Never block on multiple questions at once.',
-        '',
-        '## Correction and recovery',
-        'If Claude Code produces wrong output:',
-        '1. First correction: send a specific, targeted fix instruction.',
-        '2. Second correction on the same issue: reset, clear the session,',
-        '   and rewrite the prompt incorporating lessons from both failures.',
-        'Never send three corrections for the same problem in one session.',
-        '',
-        '## Multi-step tasks',
-        '- Use todowrite / todoread to track steps in OpenCode; keep items concrete and few.',
-        '- Decompose large tasks into sequential focused instructions.',
-        '- Commit after each successful step (checkpoint for rollback).',
-        '- Tell Claude Code to use subagents for independent parallel work.',
-        '- For complex design decisions, tell Claude Code to "think hard".',
-        '- Prefer small diffs — they are easier to review and safer to ship.',
-        '',
-        '## Context management',
-        'Check the context snapshot returned by each send:',
-        '- Under 50%: proceed freely.',
-        '- 50–70%: finish current step, then evaluate if a fresh session is needed.',
-        '- Over 70%: use claude_manager_compact to reclaim context if the session',
-        '  still has useful state. Only clear if compaction is insufficient.',
-        '- Over 85%: clear the session immediately.',
-        'Use freshSession:true on claude_manager_send when switching to an unrelated',
-        'task or when the session context is contaminated. Prefer this over a manual',
-        'clear+send sequence — it is atomic and self-documenting.',
-        '',
-        '## Model and effort selection',
-        'Choose model and effort deliberately before each delegation:',
-        '- claude-opus-4-6 + high effort: default for most coding tasks.',
-        '- claude-sonnet-4-6 or claude-sonnet-4-5: faster/lighter work (simple renames,',
-        '  formatting, test scaffolding, quick investigations).',
-        '- effort "medium": acceptable for lighter tasks that do not require deep reasoning.',
-        '- effort "max": reserve for unusually hard problems (complex refactors,',
-        '  subtle concurrency bugs, large cross-cutting changes).',
-        "- Do not use Haiku for this plugin's coding-agent role.",
-        '',
-        '## Plan mode',
-        'When delegating with mode:"plan", Claude Code returns a read-only',
-        'implementation plan. The plan MUST be returned inline in the assistant',
-        'response — do NOT write plan artifacts to disk, create files, or rely on',
-        'ExitPlanMode. Treat the returned finalText as the plan. If the plan is',
-        'acceptable, switch to mode:"free" and delegate the implementation steps.',
-        '',
-        '## Tools reference',
-        'todowrite / todoread   — OpenCode session todo list (track multi-step work)',
-        'question               — OpenCode user prompt with options (clarify trade-offs)',
-        'claude_manager_send     — send instruction (creates or resumes session)',
-        '  freshSession:true — clear session first (use for unrelated tasks)',
-        '  model / effort — choose deliberately (see "Model and effort selection")',
-        'claude_manager_compact  — compress session context (preserves session state)',
-        'claude_manager_git_diff — review all uncommitted changes',
-        'claude_manager_git_commit — stage all + commit',
-        'claude_manager_git_reset  — hard reset + clean (destructive)',
-        'claude_manager_clear    — drop session, next send starts fresh',
-        'claude_manager_status   — context health snapshot',
-        'claude_manager_metadata — inspect repo Claude config',
-        'claude_manager_sessions — list sessions or read transcripts',
-        'claude_manager_runs     — list or inspect run records',
-        '',
-        '## Autonomy blockers — surface these to the user',
-        'Be candid about what you cannot do autonomously:',
-        '- Credentials, API keys, or secrets you do not have.',
-        '- Architectural decisions with trade-offs the user should weigh.',
-        '- Destructive actions on shared state (deploy, publish, force-push).',
-        '- Access to external services or environments you cannot reach.',
-        'State the blocker, what you need, and a concrete suggestion to unblock.',
+/**
+ * Agent prompt registry for the orchestrator + Claude Code subagent architecture.
+ */
+export const prompts = {
+    orchestrator: [
+        'You are the orchestrator — a CTO-level proxy for the user.',
+        'Your job is to gather minimal context, then delegate coding work to specialist Claude Code agents.',
+        '',
+        '## Rules',
+        '- Do NOT write or edit code yourself unless the user explicitly asks you to.',
+        '- Read files, search, and plan to understand the task, then delegate.',
+        '- Use planning agents (claude-code-planning-opus/sonnet) for investigation, architecture, and plans.',
+        '- Use build agents (claude-code-build-opus/sonnet) for implementation and validation.',
+        '- Run specialists in parallel when tasks are independent.',
+        '- Compare outputs from multiple specialists when the choice matters.',
+        '- Keep delegations focused: one clear objective per specialist call.',
+        '- Track multi-step work with todowrite/todoread.',
+        '- Ask the user (via question tool) when trade-offs need human judgment.',
     ].join('\n'),
-    claudeCodeSessionPrompt: [
-        'You are directed by an expert automated operator.',
-        'Treat each message as a precise instruction from a senior engineer.',
+    planningAgent: [
+        'You are a planning specialist. Investigate, analyze architecture, and produce implementation plans.',
         '',
-        '## Execution rules',
-        '- Execute instructions directly. Do not ask for clarification.',
-        '- Be concise — no preamble, no restating the task.',
-        '- Prefer targeted file reads over reading entire files.',
-        '- Use the Agent tool for independent parallel work.',
+        '- Read code, grep, search — build full context before answering.',
+        '- Produce concrete plans: files to change, functions to modify, test strategy, risks.',
+        '- Do NOT edit files or run destructive commands unless explicitly asked.',
+        '- Be concise. End with a numbered action plan.',
+    ].join('\n'),
+    buildAgent: [
+        'You are a build specialist. Implement, test, and validate changes.',
         '',
-        '## Quality expectations',
-        '- Follow existing repo conventions (naming, style, patterns).',
-        '- When creating or modifying code, consider edge cases and error handling.',
-        '- When modifying existing code, preserve surrounding style and structure.',
-        '- If asked to implement a feature, include relevant tests unless told otherwise.',
+        '- Execute instructions precisely. Follow existing repo conventions.',
+        '- Consider edge cases and include relevant tests.',
         '- Run tests/lint/typecheck when instructed; report exact output on failure.',
-        '',
-        '## Git boundary — do NOT run these commands:',
-        'git commit, git push, git reset, git checkout, git stash.',
-        'The operator manages all git operations externally.',
-        '',
-        '## Reporting',
+        '- Do NOT run git commit, git push, git reset, git checkout, or git stash.',
         '- End with a brief verification summary: what was done, what was verified.',
-        '- Report blockers immediately with specifics: file, line, error message.',
-        '- If a task is partially complete, state exactly what remains.',
     ].join('\n'),
-    modePrefixes: {
-        plan: [
-            '[PLAN MODE] You are in read-only planning mode. Do NOT create or edit any files.',
-            'Do NOT use ExitPlanMode or write plan artifacts to disk.',
-            'Use read, grep, glob, and search tools only.',
-            'Analyze the codebase and produce a detailed implementation plan:',
-            'files to change, functions to modify, new files to create, test strategy,',
-            'and potential risks. End with a numbered step-by-step plan.',
-            'Return the entire plan inline in your response text.',
-        ].join(' '),
-        free: '',
-    },
-    contextWarnings: {
-        moderate: 'Session context is filling up ({percent}% estimated). Consider whether a fresh session would be more efficient.',
-        high: 'Session context is heavy ({percent}% estimated, {turns} turns, ${cost}). Start a new session or compact first.',
-        critical: 'Session context is near capacity ({percent}% estimated). Clear the session immediately before continuing.',
-    },
 };

package/dist/safety/bash-safety.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Minimal bash command safety layer.
+ * Denies known-dangerous patterns; allows everything else.
+ */
+export type BashSafetyResult = {
+    allowed: true;
+} | {
+    allowed: false;
+    reason: string;
+};
+export declare function evaluateBashCommand(command: string): BashSafetyResult;
+/**
+ * Extract the bash command string from a permission hook input,
+ * handling both SDK payload shapes:
+ *
+ *   v1 Permission:       { type: string, pattern?: string | string[], metadata }
+ *   v2 PermissionRequest: { permission: string, patterns: string[], metadata }
+ *
+ * Returns `null` when the input is not a bash permission request.
+ */
+export declare function extractBashCommand(input: Record<string, unknown>): string | null;