@doingdev/opencode-claude-manager-plugin 0.1.50 → 0.1.52

package/dist/claude/claude-agent-sdk-adapter.js

@@ -151,13 +151,23 @@ export class ClaudeAgentSdkAdapter {
         if (!input.resumeSessionId) {
             delete options.resume;
         }
-        if (this.approvalManager) {
+        const restrictWrites = input.restrictWriteTools === true;
+        if (this.approvalManager || restrictWrites) {
             const manager = this.approvalManager;
             options.canUseTool = async (toolName, toolInput, opts) => {
-                return manager.evaluate(toolName, toolInput, {
-                    title: opts.title,
-                    agentID: opts.agentID,
-                });
+                if (restrictWrites && isWriteTool(toolName, toolInput)) {
+                    return {
+                        behavior: 'deny',
+                        message: 'Write operations are restricted in explore mode. Ask the CTO to re-dispatch in implement mode for edits.',
+                    };
+                }
+                if (manager) {
+                    return manager.evaluate(toolName, toolInput, {
+                        title: opts.title,
+                        agentID: opts.agentID,
+                    });
+                }
+                return { behavior: 'allow' };
             };
         }
         return options;
@@ -437,6 +447,30 @@ function extractText(payload) {
     }
     return JSON.stringify(payload);
 }
+const WRITE_TOOL_NAMES = new Set(['Edit', 'MultiEdit', 'Write', 'NotebookEdit']);
+const BASH_WRITE_PATTERNS = [
+    /\b(sed|awk)\b.*-i/,
+    /\btee\b/,
+    />>/,
+    /\becho\b.*>/,
+    /\bcat\b.*>/,
+    /\bmv\b/,
+    /\brm\b/,
+    /\bmkdir\b/,
+    /\btouch\b/,
+    /\bcp\b/,
+    /\bgit\s+(add|commit|push|reset|checkout|merge|rebase|stash)\b/,
+];
+function isWriteTool(toolName, toolInput) {
+    if (WRITE_TOOL_NAMES.has(toolName)) {
+        return true;
+    }
+    if (toolName === 'Bash' || toolName === 'bash') {
+        const command = typeof toolInput.command === 'string' ? toolInput.command : '';
+        return BASH_WRITE_PATTERNS.some((pattern) => pattern.test(command));
+    }
+    return false;
+}
 function extractUsageFromResult(message) {
     if (message.type !== 'result') {
         return {};

package/dist/manager/team-orchestrator.d.ts

@@ -2,7 +2,7 @@ import type { ClaudeSessionEventHandler } from '../claude/claude-agent-sdk-adapt
 import type { ClaudeSessionService } from '../claude/claude-session.service.js';
 import type { TeamStateStore } from '../state/team-state-store.js';
 import type { TranscriptStore } from '../state/transcript-store.js';
-import type { DiscoveredClaudeFile, EngineerFailureResult, EngineerName, EngineerTaskResult, EngineerWorkMode, SynthesizedPlanResult, TeamRecord } from '../types/contracts.js';
+import type { EngineerFailureResult, EngineerName, EngineerTaskResult, EngineerWorkMode, SynthesizedPlanResult, TeamRecord } from '../types/contracts.js';
 interface DispatchEngineerInput {
     teamId: string;
     cwd: string;
@@ -18,8 +18,7 @@ export declare class TeamOrchestrator {
     private readonly teamStore;
     private readonly transcriptStore;
     private readonly engineerSessionPrompt;
-    private readonly projectClaudeFiles;
-    constructor(sessions: ClaudeSessionService, teamStore: TeamStateStore, transcriptStore: TranscriptStore, engineerSessionPrompt: string, projectClaudeFiles: DiscoveredClaudeFile[]);
+    constructor(sessions: ClaudeSessionService, teamStore: TeamStateStore, transcriptStore: TranscriptStore, engineerSessionPrompt: string);
     getOrCreateTeam(cwd: string, teamId: string): Promise<TeamRecord>;
     listTeams(cwd: string): Promise<TeamRecord[]>;
     recordWrapperSession(cwd: string, teamId: string, engineer: EngineerName, wrapperSessionId: string): Promise<void>;
@@ -52,6 +51,5 @@ export declare class TeamOrchestrator {
     private normalizeTeamRecord;
     private buildSessionSystemPrompt;
     private buildEngineerPrompt;
-    private mapWorkModeToSessionMode;
 }
 export {};

package/dist/manager/team-orchestrator.js

@@ -6,13 +6,11 @@ export class TeamOrchestrator {
     teamStore;
     transcriptStore;
     engineerSessionPrompt;
-    projectClaudeFiles;
-    constructor(sessions, teamStore, transcriptStore, engineerSessionPrompt, projectClaudeFiles) {
+    constructor(sessions, teamStore, transcriptStore, engineerSessionPrompt) {
         this.sessions = sessions;
         this.teamStore = teamStore;
         this.transcriptStore = transcriptStore;
         this.engineerSessionPrompt = engineerSessionPrompt;
-        this.projectClaudeFiles = projectClaudeFiles;
     }
     async getOrCreateTeam(cwd, teamId) {
         const existing = await this.teamStore.getTeam(cwd, teamId);
@@ -113,10 +111,11 @@ export class TeamOrchestrator {
                 resumeSessionId: engineerState.claudeSessionId ?? undefined,
                 persistSession: true,
                 includePartialMessages: true,
-                permissionMode: this.mapWorkModeToSessionMode(input.mode) === 'plan' ? 'plan' : 'acceptEdits',
+                permissionMode: 'acceptEdits',
+                restrictWriteTools: input.mode === 'explore',
                 model: input.model,
                 effort: input.mode === 'implement' ? 'high' : 'medium',
-                settingSources: ['user'],
+                settingSources: ['user', 'project', 'local'],
                 abortSignal: input.abortSignal,
             }, input.onEvent);
             tracker.recordResult({
@@ -225,10 +224,11 @@ export class TeamOrchestrator {
             systemPrompt: buildSynthesisSystemPrompt(),
             persistSession: false,
             includePartialMessages: false,
-            permissionMode: 'plan',
+            permissionMode: 'acceptEdits',
+            restrictWriteTools: true,
             model: input.model,
             effort: 'high',
-            settingSources: ['user'],
+            settingSources: ['user', 'project', 'local'],
             abortSignal: input.abortSignal,
         });
         const parsedSynthesis = parseSynthesisResult(synthesisResult.finalText);
@@ -293,17 +293,11 @@ export class TeamOrchestrator {
         };
     }
     buildSessionSystemPrompt(engineer, mode) {
-        const claudeFileSection = this.projectClaudeFiles.length
-            ? `\n\nProject Claude Files:\n${this.projectClaudeFiles
-                .map((file) => `## ${file.relativePath}\n${file.content}`)
-                .join('\n\n')}`
-            : '';
         return [
             this.engineerSessionPrompt,
             '',
             `Assigned engineer: ${engineer}.`,
             `Current work mode: ${mode}.`,
-            claudeFileSection,
         ]
             .join('\n')
             .trim();
@@ -311,9 +305,6 @@ export class TeamOrchestrator {
     buildEngineerPrompt(mode, message) {
         return `${buildModeInstruction(mode)}\n\n${message}`;
     }
-    mapWorkModeToSessionMode(mode) {
-        return mode === 'explore' ? 'plan' : 'free';
-    }
 }
 function buildModeInstruction(mode) {
     switch (mode) {
@@ -328,11 +319,13 @@ function buildModeInstruction(mode) {
             return [
                 'Implementation mode.',
                 'Make the changes, run the most relevant verification (tests, lint, typecheck), and report what changed and what you verified.',
+                'Before reporting done, review your own diff for issues that pass tests but break in production.',
             ].join(' ');
         case 'verify':
             return [
                 'Verification mode.',
-                'Run targeted checks in order of relevance.',
+                'Run targeted checks in order of relevance: tests, lint, typecheck, build.',
+                'Check that changed code paths have test coverage.',
                 'Report pass/fail with evidence.',
                 'Escalate failures with exact output.',
             ].join(' ');
@@ -351,18 +344,19 @@ function appendWrapperHistoryEntries(existing, nextEntries) {
 }
 function buildPlanDraftRequest(perspective, request) {
     const posture = perspective === 'lead'
-        ? 'You are the lead planner. Propose the most direct workable plan with concrete file paths and clear next steps.'
-        : 'You are the challenger. Stress-test assumptions, surface missing decisions, and propose a stronger alternative when the lead plan is weak.';
+        ? 'You are the lead planner. Propose the most direct workable plan with concrete file paths and clear next steps. Think about failure modes and edge cases — what can break at each boundary?'
+        : 'You are the challenger. Stress-test assumptions, surface missing decisions, and propose a stronger alternative when the lead plan is weak. Think about failure modes and edge cases — what can break at each boundary?';
     return [
         posture,
         '',
         'Return exactly these sections:',
         '1. Objective',
-        '2. Proposed approach',
+        '2. Proposed approach (include system boundaries and data flow)',
         '3. Files or systems likely involved',
-        '4. Risks and open questions',
-        '5. Verification',
-        '6. Step-by-step plan',
+        '4. Failure modes and edge cases (what happens when things go wrong?)',
+        '5. Risks and open questions',
+        '6. Verification (how to prove it works, including what tests to add)',
+        '7. Step-by-step plan',
         '',
         `User request: ${request}`,
     ].join('\n');

package/dist/plugin/agent-hierarchy.d.ts

@@ -8,7 +8,6 @@ export declare const ENGINEER_AGENT_IDS: {
     readonly Alex: "alex";
 };
 export declare const ENGINEER_AGENT_NAMES: readonly ["Tom", "John", "Maya", "Sara", "Alex"];
-export declare const ALL_RESTRICTED_TOOL_IDS: readonly ["team_status", "plan_with_team", "reset_engineer", "list_transcripts", "list_history", "git_diff", "git_commit", "git_reset", "git_status", "git_log", "approval_policy", "approval_decisions", "approval_update", "claude"];
 type ToolPermission = 'allow' | 'ask' | 'deny';
 type AgentPermission = {
     '*'?: ToolPermission;

package/dist/plugin/agent-hierarchy.js

@@ -24,7 +24,7 @@ const CTO_ONLY_TOOL_IDS = [
     'approval_update',
 ];
 const ENGINEER_TOOL_IDS = ['claude'];
-export const ALL_RESTRICTED_TOOL_IDS = [...CTO_ONLY_TOOL_IDS, ...ENGINEER_TOOL_IDS];
+const ALL_RESTRICTED_TOOL_IDS = [...CTO_ONLY_TOOL_IDS, ...ENGINEER_TOOL_IDS];
 const CTO_READONLY_TOOLS = {
     read: 'allow',
     grep: 'allow',

package/dist/plugin/claude-manager.plugin.js

@@ -2,14 +2,12 @@ import { tool } from '@opencode-ai/plugin';
 import { managerPromptRegistry } from '../prompts/registry.js';
 import { isEngineerName } from '../team/roster.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
-import { discoverProjectClaudeFiles } from '../util/project-context.js';
 import { AGENT_CTO, ENGINEER_AGENT_IDS, ENGINEER_AGENT_NAMES, buildCtoAgentConfig, buildEngineerAgentConfig, denyRestrictedToolsGlobally, } from './agent-hierarchy.js';
 import { getActiveTeamSession, getOrCreatePluginServices, getPersistedActiveTeam, getWrapperSessionMapping, setActiveTeamSession, setPersistedActiveTeam, setWrapperSessionMapping, } from './service-factory.js';
 const MODEL_ENUM = ['claude-opus-4-6', 'claude-sonnet-4-6'];
 const MODE_ENUM = ['explore', 'implement', 'verify'];
 export const ClaudeManagerPlugin = async ({ worktree }) => {
-    const claudeFiles = await discoverProjectClaudeFiles(worktree);
-    const services = getOrCreatePluginServices(worktree, claudeFiles);
+    const services = getOrCreatePluginServices(worktree);
     await services.approvalManager.loadPersistedPolicy();
     return {
         config: async (config) => {

package/dist/plugin/service-factory.d.ts

@@ -1,17 +1,17 @@
 import { ClaudeSessionService } from '../claude/claude-session.service.js';
 import { ToolApprovalManager } from '../claude/tool-approval-manager.js';
-import { TeamStateStore } from '../state/team-state-store.js';
 import { PersistentManager } from '../manager/persistent-manager.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
-import type { DiscoveredClaudeFile, EngineerName } from '../types/contracts.js';
-export interface ClaudeManagerPluginServices {
+import { TeamStateStore } from '../state/team-state-store.js';
+import type { EngineerName } from '../types/contracts.js';
+interface ClaudeManagerPluginServices {
     manager: PersistentManager;
     sessions: ClaudeSessionService;
     approvalManager: ToolApprovalManager;
     teamStore: TeamStateStore;
     orchestrator: TeamOrchestrator;
 }
-export declare function getOrCreatePluginServices(worktree: string, projectClaudeFiles?: DiscoveredClaudeFile[]): ClaudeManagerPluginServices;
+export declare function getOrCreatePluginServices(worktree: string): ClaudeManagerPluginServices;
 export declare function clearPluginServices(): void;
 export declare function setActiveTeamSession(worktree: string, teamId: string): void;
 export declare function getActiveTeamSession(worktree: string): string | null;
@@ -25,3 +25,4 @@ export declare function getWrapperSessionMapping(worktree: string, wrapperSessio
     teamId: string;
     engineer: EngineerName;
 } | null;
+export {};

package/dist/plugin/service-factory.js

@@ -2,16 +2,16 @@ import path from 'node:path';
 import { ClaudeAgentSdkAdapter } from '../claude/claude-agent-sdk-adapter.js';
 import { ClaudeSessionService } from '../claude/claude-session.service.js';
 import { ToolApprovalManager } from '../claude/tool-approval-manager.js';
-import { TeamStateStore } from '../state/team-state-store.js';
-import { TranscriptStore } from '../state/transcript-store.js';
 import { GitOperations } from '../manager/git-operations.js';
 import { PersistentManager } from '../manager/persistent-manager.js';
-import { managerPromptRegistry } from '../prompts/registry.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
+import { managerPromptRegistry } from '../prompts/registry.js';
+import { TeamStateStore } from '../state/team-state-store.js';
+import { TranscriptStore } from '../state/transcript-store.js';
 const serviceRegistry = new Map();
 const activeTeamRegistry = new Map();
 const wrapperSessionRegistry = new Map();
-export function getOrCreatePluginServices(worktree, projectClaudeFiles = []) {
+export function getOrCreatePluginServices(worktree) {
     const existing = serviceRegistry.get(worktree);
     if (existing) {
         return existing;
@@ -24,7 +24,7 @@ export function getOrCreatePluginServices(worktree, projectClaudeFiles = []) {
     const teamStore = new TeamStateStore();
     const transcriptStore = new TranscriptStore();
     const manager = new PersistentManager(gitOps, transcriptStore);
-    const orchestrator = new TeamOrchestrator(sessionService, teamStore, transcriptStore, managerPromptRegistry.engineerSessionPrompt, projectClaudeFiles);
+    const orchestrator = new TeamOrchestrator(sessionService, teamStore, transcriptStore, managerPromptRegistry.engineerSessionPrompt);
     const services = {
         manager,
         sessions: sessionService,

package/dist/prompts/registry.js

@@ -5,10 +5,25 @@ export const managerPromptRegistry = {
         'Every prompt you send to an engineer costs time and tokens. Make each one count.',
         '',
         'Understand first:',
-        '- Ask questions. If the request is ambiguous, underspecified, or has multiple valid interpretations, ask before building. Any question whose answer would change what you build or how you build it is worth asking.',
-        '- Use the `question` tool to surface decisions with a concrete recommendation. Prefer one precise question over many vague ones.',
+        '- Before asking the user anything, extract what you can from the user message, codebase (read/grep/glob/codesearch), prior engineer results, and `websearch`/`webfetch` when relevant.',
+        '- Ask the user only when the answer would materially change scope, architecture, risk, or how you verify the outcome—and you cannot resolve it from those sources.',
+        '- Do not ask for facts you can discover yourself: file paths, current behavior, architecture, or framework conventions.',
+        '- Before using `question`, silently check: is it in the user message? answerable from code or transcripts? from web? If still blocked, is this a real decision or only uncertainty tolerance?',
         '- Identify what already exists in the codebase before creating anything new.',
         '- Think about what could go wrong and address it upfront.',
+        '- When a bug is reported, always explore the root cause before implementing a fix. No fix without investigation. If three fix attempts fail, question the architecture, not the hypothesis.',
+        '',
+        'Questions (high bar):',
+        '- Good questions resolve irreversible choices, product tradeoffs, or ambiguous success criteria that the codebase cannot answer.',
+        '- Bad questions ask for information already in context, or vague prompts like "what exactly do you want?" when you can give a concrete recommendation and what would change your mind.',
+        '- Each `question` should name the blocked decision, offer 2–3 concrete options, state your recommendation, and what breaks if the user picks differently.',
+        '- Use the `question` tool only when you cannot proceed safely from available evidence. One high-leverage question at a time, with a sensible fallback if the user defers.',
+        '',
+        'Challenge the framing:',
+        '- Not a mandatory opener: if the request is concrete, derive context first; reframe only when it would change what you build.',
+        '- Before planning, ask what the user is actually trying to achieve, not just what they asked for.',
+        '- If the request sounds like a feature ("add photo upload"), ask what job-to-be-done it serves. The real feature might be larger or different.',
+        '- One good reframe question saves more time than ten implementation questions.',
         '',
         'Plan and decompose:',
         '- Break work into independent pieces that can run in parallel. Two engineers exploring in parallel then synthesizing beats one engineer doing everything sequentially.',
@@ -26,11 +41,19 @@ export const managerPromptRegistry = {
         '- Give specific, actionable feedback. Not "this could be better" but "this is wrong because X, fix it by doing Y."',
         '- Trust engineer findings but verify critical claims. Do not re-examine every file they already reviewed.',
         '- If something fails, figure out what you missed in the assignment, not just what the engineer got wrong.',
+        '- After an engineer reports implementation done, review the diff looking for issues that pass tests but break in production: race conditions, N+1 queries, missing error handling, trust boundary violations, stale reads, forgotten enum cases.',
+        '- Auto-fix mechanical issues by sending a follow-up to the same engineer. Surface genuinely ambiguous issues to the user.',
+        '- Check scope: did the engineer build what was asked — nothing more, nothing less?',
+        '',
+        'Verify before declaring done:',
+        '- After review passes, dispatch an engineer in verify mode to run the most relevant checks (tests, lint, typecheck, build) for what changed.',
+        '- Do not declare a task complete until verification passes. If it fails, fix and re-verify.',
         '',
         'Constraints:',
         '- Do not edit files or run bash directly. Engineers do the hands-on work.',
         '- Do not read files or grep when an engineer can answer the question faster.',
         '- Communicate proactively. If the plan changes or you discover something unexpected, tell the user.',
+        '- Ask follow-up questions when exploration, engineer results, or diffs expose a product or architecture tradeoff you could not have known at the start. Prefer that timing over opening with speculative clarifiers.',
     ].join('\n'),
     engineerAgentPrompt: [
         "You are a named engineer on the CTO's team.",
@@ -49,6 +72,7 @@ export const managerPromptRegistry = {
         'Start with the smallest investigation that resolves the key uncertainty, then act.',
         'Follow repository conventions, AGENTS.md, and any project-level instructions.',
         'Verify your own work before reporting done. Run the most relevant check (test, lint, typecheck, build) for what you changed.',
+        'Review your own diff before reporting done. Look for issues tests would not catch: race conditions, missing error handling, hardcoded values, incomplete enum handling.',
         'Report blockers immediately with exact error output. Do not retry silently more than once.',
         'Do not run git commit, git push, git reset, git checkout, or git stash.',
     ].join('\n'),

package/dist/src/claude/claude-agent-sdk-adapter.js

@@ -151,13 +151,23 @@ export class ClaudeAgentSdkAdapter {
         if (!input.resumeSessionId) {
             delete options.resume;
         }
-        if (this.approvalManager) {
+        const restrictWrites = input.restrictWriteTools === true;
+        if (this.approvalManager || restrictWrites) {
             const manager = this.approvalManager;
             options.canUseTool = async (toolName, toolInput, opts) => {
-                return manager.evaluate(toolName, toolInput, {
-                    title: opts.title,
-                    agentID: opts.agentID,
-                });
+                if (restrictWrites && isWriteTool(toolName, toolInput)) {
+                    return {
+                        behavior: 'deny',
+                        message: 'Write operations are restricted in explore mode. Ask the CTO to re-dispatch in implement mode for edits.',
+                    };
+                }
+                if (manager) {
+                    return manager.evaluate(toolName, toolInput, {
+                        title: opts.title,
+                        agentID: opts.agentID,
+                    });
+                }
+                return { behavior: 'allow' };
             };
         }
         return options;
@@ -437,6 +447,30 @@ function extractText(payload) {
     }
     return JSON.stringify(payload);
 }
+const WRITE_TOOL_NAMES = new Set(['Edit', 'MultiEdit', 'Write', 'NotebookEdit']);
+const BASH_WRITE_PATTERNS = [
+    /\b(sed|awk)\b.*-i/,
+    /\btee\b/,
+    />>/,
+    /\becho\b.*>/,
+    /\bcat\b.*>/,
+    /\bmv\b/,
+    /\brm\b/,
+    /\bmkdir\b/,
+    /\btouch\b/,
+    /\bcp\b/,
+    /\bgit\s+(add|commit|push|reset|checkout|merge|rebase|stash)\b/,
+];
+function isWriteTool(toolName, toolInput) {
+    if (WRITE_TOOL_NAMES.has(toolName)) {
+        return true;
+    }
+    if (toolName === 'Bash' || toolName === 'bash') {
+        const command = typeof toolInput.command === 'string' ? toolInput.command : '';
+        return BASH_WRITE_PATTERNS.some((pattern) => pattern.test(command));
+    }
+    return false;
+}
 function extractUsageFromResult(message) {
     if (message.type !== 'result') {
         return {};

package/dist/src/manager/team-orchestrator.d.ts

@@ -2,7 +2,7 @@ import type { ClaudeSessionEventHandler } from '../claude/claude-agent-sdk-adapt
 import type { ClaudeSessionService } from '../claude/claude-session.service.js';
 import type { TeamStateStore } from '../state/team-state-store.js';
 import type { TranscriptStore } from '../state/transcript-store.js';
-import type { DiscoveredClaudeFile, EngineerFailureResult, EngineerName, EngineerTaskResult, EngineerWorkMode, SynthesizedPlanResult, TeamRecord } from '../types/contracts.js';
+import type { EngineerFailureResult, EngineerName, EngineerTaskResult, EngineerWorkMode, SynthesizedPlanResult, TeamRecord } from '../types/contracts.js';
 interface DispatchEngineerInput {
     teamId: string;
     cwd: string;
@@ -18,8 +18,7 @@ export declare class TeamOrchestrator {
     private readonly teamStore;
     private readonly transcriptStore;
     private readonly engineerSessionPrompt;
-    private readonly projectClaudeFiles;
-    constructor(sessions: ClaudeSessionService, teamStore: TeamStateStore, transcriptStore: TranscriptStore, engineerSessionPrompt: string, projectClaudeFiles: DiscoveredClaudeFile[]);
+    constructor(sessions: ClaudeSessionService, teamStore: TeamStateStore, transcriptStore: TranscriptStore, engineerSessionPrompt: string);
     getOrCreateTeam(cwd: string, teamId: string): Promise<TeamRecord>;
     listTeams(cwd: string): Promise<TeamRecord[]>;
     recordWrapperSession(cwd: string, teamId: string, engineer: EngineerName, wrapperSessionId: string): Promise<void>;
@@ -52,6 +51,5 @@ export declare class TeamOrchestrator {
     private normalizeTeamRecord;
     private buildSessionSystemPrompt;
     private buildEngineerPrompt;
-    private mapWorkModeToSessionMode;
 }
 export {};

package/dist/src/manager/team-orchestrator.js

@@ -6,13 +6,11 @@ export class TeamOrchestrator {
     teamStore;
     transcriptStore;
     engineerSessionPrompt;
-    projectClaudeFiles;
-    constructor(sessions, teamStore, transcriptStore, engineerSessionPrompt, projectClaudeFiles) {
+    constructor(sessions, teamStore, transcriptStore, engineerSessionPrompt) {
         this.sessions = sessions;
         this.teamStore = teamStore;
         this.transcriptStore = transcriptStore;
         this.engineerSessionPrompt = engineerSessionPrompt;
-        this.projectClaudeFiles = projectClaudeFiles;
     }
     async getOrCreateTeam(cwd, teamId) {
         const existing = await this.teamStore.getTeam(cwd, teamId);
@@ -113,10 +111,11 @@ export class TeamOrchestrator {
                 resumeSessionId: engineerState.claudeSessionId ?? undefined,
                 persistSession: true,
                 includePartialMessages: true,
-                permissionMode: this.mapWorkModeToSessionMode(input.mode) === 'plan' ? 'plan' : 'acceptEdits',
+                permissionMode: 'acceptEdits',
+                restrictWriteTools: input.mode === 'explore',
                 model: input.model,
                 effort: input.mode === 'implement' ? 'high' : 'medium',
-                settingSources: ['user'],
+                settingSources: ['user', 'project', 'local'],
                 abortSignal: input.abortSignal,
             }, input.onEvent);
             tracker.recordResult({
@@ -225,10 +224,11 @@ export class TeamOrchestrator {
             systemPrompt: buildSynthesisSystemPrompt(),
             persistSession: false,
             includePartialMessages: false,
-            permissionMode: 'plan',
+            permissionMode: 'acceptEdits',
+            restrictWriteTools: true,
             model: input.model,
             effort: 'high',
-            settingSources: ['user'],
+            settingSources: ['user', 'project', 'local'],
             abortSignal: input.abortSignal,
         });
         const parsedSynthesis = parseSynthesisResult(synthesisResult.finalText);
@@ -293,17 +293,11 @@ export class TeamOrchestrator {
         };
     }
     buildSessionSystemPrompt(engineer, mode) {
-        const claudeFileSection = this.projectClaudeFiles.length
-            ? `\n\nProject Claude Files:\n${this.projectClaudeFiles
-                .map((file) => `## ${file.relativePath}\n${file.content}`)
-                .join('\n\n')}`
-            : '';
         return [
             this.engineerSessionPrompt,
             '',
             `Assigned engineer: ${engineer}.`,
             `Current work mode: ${mode}.`,
-            claudeFileSection,
         ]
             .join('\n')
             .trim();
@@ -311,9 +305,6 @@ export class TeamOrchestrator {
     buildEngineerPrompt(mode, message) {
         return `${buildModeInstruction(mode)}\n\n${message}`;
     }
-    mapWorkModeToSessionMode(mode) {
-        return mode === 'explore' ? 'plan' : 'free';
-    }
 }
 function buildModeInstruction(mode) {
     switch (mode) {
@@ -328,11 +319,13 @@ function buildModeInstruction(mode) {
             return [
                 'Implementation mode.',
                 'Make the changes, run the most relevant verification (tests, lint, typecheck), and report what changed and what you verified.',
+                'Before reporting done, review your own diff for issues that pass tests but break in production.',
             ].join(' ');
         case 'verify':
             return [
                 'Verification mode.',
-                'Run targeted checks in order of relevance.',
+                'Run targeted checks in order of relevance: tests, lint, typecheck, build.',
+                'Check that changed code paths have test coverage.',
                 'Report pass/fail with evidence.',
                 'Escalate failures with exact output.',
             ].join(' ');
@@ -351,18 +344,19 @@ function appendWrapperHistoryEntries(existing, nextEntries) {
 }
 function buildPlanDraftRequest(perspective, request) {
     const posture = perspective === 'lead'
-        ? 'You are the lead planner. Propose the most direct workable plan with concrete file paths and clear next steps.'
-        : 'You are the challenger. Stress-test assumptions, surface missing decisions, and propose a stronger alternative when the lead plan is weak.';
+        ? 'You are the lead planner. Propose the most direct workable plan with concrete file paths and clear next steps. Think about failure modes and edge cases — what can break at each boundary?'
+        : 'You are the challenger. Stress-test assumptions, surface missing decisions, and propose a stronger alternative when the lead plan is weak. Think about failure modes and edge cases — what can break at each boundary?';
     return [
         posture,
         '',
         'Return exactly these sections:',
         '1. Objective',
-        '2. Proposed approach',
+        '2. Proposed approach (include system boundaries and data flow)',
         '3. Files or systems likely involved',
-        '4. Risks and open questions',
-        '5. Verification',
-        '6. Step-by-step plan',
+        '4. Failure modes and edge cases (what happens when things go wrong?)',
+        '5. Risks and open questions',
+        '6. Verification (how to prove it works, including what tests to add)',
+        '7. Step-by-step plan',
         '',
         `User request: ${request}`,
     ].join('\n');

package/dist/src/plugin/agent-hierarchy.d.ts

@@ -8,7 +8,6 @@ export declare const ENGINEER_AGENT_IDS: {
     readonly Alex: "alex";
 };
 export declare const ENGINEER_AGENT_NAMES: readonly ["Tom", "John", "Maya", "Sara", "Alex"];
-export declare const ALL_RESTRICTED_TOOL_IDS: readonly ["team_status", "plan_with_team", "reset_engineer", "list_transcripts", "list_history", "git_diff", "git_commit", "git_reset", "git_status", "git_log", "approval_policy", "approval_decisions", "approval_update", "claude"];
 type ToolPermission = 'allow' | 'ask' | 'deny';
 type AgentPermission = {
     '*'?: ToolPermission;

package/dist/src/plugin/agent-hierarchy.js

@@ -24,7 +24,7 @@ const CTO_ONLY_TOOL_IDS = [
     'approval_update',
 ];
 const ENGINEER_TOOL_IDS = ['claude'];
-export const ALL_RESTRICTED_TOOL_IDS = [...CTO_ONLY_TOOL_IDS, ...ENGINEER_TOOL_IDS];
+const ALL_RESTRICTED_TOOL_IDS = [...CTO_ONLY_TOOL_IDS, ...ENGINEER_TOOL_IDS];
 const CTO_READONLY_TOOLS = {
     read: 'allow',
     grep: 'allow',

package/dist/src/plugin/claude-manager.plugin.js

@@ -2,14 +2,12 @@ import { tool } from '@opencode-ai/plugin';
 import { managerPromptRegistry } from '../prompts/registry.js';
 import { isEngineerName } from '../team/roster.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
-import { discoverProjectClaudeFiles } from '../util/project-context.js';
 import { AGENT_CTO, ENGINEER_AGENT_IDS, ENGINEER_AGENT_NAMES, buildCtoAgentConfig, buildEngineerAgentConfig, denyRestrictedToolsGlobally, } from './agent-hierarchy.js';
 import { getActiveTeamSession, getOrCreatePluginServices, getPersistedActiveTeam, getWrapperSessionMapping, setActiveTeamSession, setPersistedActiveTeam, setWrapperSessionMapping, } from './service-factory.js';
 const MODEL_ENUM = ['claude-opus-4-6', 'claude-sonnet-4-6'];
 const MODE_ENUM = ['explore', 'implement', 'verify'];
 export const ClaudeManagerPlugin = async ({ worktree }) => {
-    const claudeFiles = await discoverProjectClaudeFiles(worktree);
-    const services = getOrCreatePluginServices(worktree, claudeFiles);
+    const services = getOrCreatePluginServices(worktree);
     await services.approvalManager.loadPersistedPolicy();
     return {
         config: async (config) => {

package/dist/src/plugin/service-factory.d.ts

@@ -1,17 +1,17 @@
 import { ClaudeSessionService } from '../claude/claude-session.service.js';
 import { ToolApprovalManager } from '../claude/tool-approval-manager.js';
-import { TeamStateStore } from '../state/team-state-store.js';
 import { PersistentManager } from '../manager/persistent-manager.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
-import type { DiscoveredClaudeFile, EngineerName } from '../types/contracts.js';
-export interface ClaudeManagerPluginServices {
+import { TeamStateStore } from '../state/team-state-store.js';
+import type { EngineerName } from '../types/contracts.js';
+interface ClaudeManagerPluginServices {
     manager: PersistentManager;
     sessions: ClaudeSessionService;
     approvalManager: ToolApprovalManager;
     teamStore: TeamStateStore;
     orchestrator: TeamOrchestrator;
 }
-export declare function getOrCreatePluginServices(worktree: string, projectClaudeFiles?: DiscoveredClaudeFile[]): ClaudeManagerPluginServices;
+export declare function getOrCreatePluginServices(worktree: string): ClaudeManagerPluginServices;
 export declare function clearPluginServices(): void;
 export declare function setActiveTeamSession(worktree: string, teamId: string): void;
 export declare function getActiveTeamSession(worktree: string): string | null;
@@ -25,3 +25,4 @@ export declare function getWrapperSessionMapping(worktree: string, wrapperSessio
     teamId: string;
     engineer: EngineerName;
 } | null;
+export {};

package/dist/src/plugin/service-factory.js

@@ -2,16 +2,16 @@ import path from 'node:path';
 import { ClaudeAgentSdkAdapter } from '../claude/claude-agent-sdk-adapter.js';
 import { ClaudeSessionService } from '../claude/claude-session.service.js';
 import { ToolApprovalManager } from '../claude/tool-approval-manager.js';
-import { TeamStateStore } from '../state/team-state-store.js';
-import { TranscriptStore } from '../state/transcript-store.js';
 import { GitOperations } from '../manager/git-operations.js';
 import { PersistentManager } from '../manager/persistent-manager.js';
-import { managerPromptRegistry } from '../prompts/registry.js';
 import { TeamOrchestrator } from '../manager/team-orchestrator.js';
+import { managerPromptRegistry } from '../prompts/registry.js';
+import { TeamStateStore } from '../state/team-state-store.js';
+import { TranscriptStore } from '../state/transcript-store.js';
 const serviceRegistry = new Map();
 const activeTeamRegistry = new Map();
 const wrapperSessionRegistry = new Map();
-export function getOrCreatePluginServices(worktree, projectClaudeFiles = []) {
+export function getOrCreatePluginServices(worktree) {
     const existing = serviceRegistry.get(worktree);
     if (existing) {
         return existing;
@@ -24,7 +24,7 @@ export function getOrCreatePluginServices(worktree, projectClaudeFiles = []) {
     const teamStore = new TeamStateStore();
     const transcriptStore = new TranscriptStore();
     const manager = new PersistentManager(gitOps, transcriptStore);
-    const orchestrator = new TeamOrchestrator(sessionService, teamStore, transcriptStore, managerPromptRegistry.engineerSessionPrompt, projectClaudeFiles);
+    const orchestrator = new TeamOrchestrator(sessionService, teamStore, transcriptStore, managerPromptRegistry.engineerSessionPrompt);
     const services = {
         manager,
         sessions: sessionService,

package/dist/src/prompts/registry.js

@@ -5,10 +5,25 @@ export const managerPromptRegistry = {
         'Every prompt you send to an engineer costs time and tokens. Make each one count.',
         '',
         'Understand first:',
-        '- Ask questions. If the request is ambiguous, underspecified, or has multiple valid interpretations, ask before building. Any question whose answer would change what you build or how you build it is worth asking.',
-        '- Use the `question` tool to surface decisions with a concrete recommendation. Prefer one precise question over many vague ones.',
+        '- Before asking the user anything, extract what you can from the user message, codebase (read/grep/glob/codesearch), prior engineer results, and `websearch`/`webfetch` when relevant.',
+        '- Ask the user only when the answer would materially change scope, architecture, risk, or how you verify the outcome—and you cannot resolve it from those sources.',
+        '- Do not ask for facts you can discover yourself: file paths, current behavior, architecture, or framework conventions.',
+        '- Before using `question`, silently check: is it in the user message? answerable from code or transcripts? from web? If still blocked, is this a real decision or only uncertainty tolerance?',
         '- Identify what already exists in the codebase before creating anything new.',
         '- Think about what could go wrong and address it upfront.',
+        '- When a bug is reported, always explore the root cause before implementing a fix. No fix without investigation. If three fix attempts fail, question the architecture, not the hypothesis.',
+        '',
+        'Questions (high bar):',
+        '- Good questions resolve irreversible choices, product tradeoffs, or ambiguous success criteria that the codebase cannot answer.',
+        '- Bad questions ask for information already in context, or vague prompts like "what exactly do you want?" when you can give a concrete recommendation and what would change your mind.',
+        '- Each `question` should name the blocked decision, offer 2–3 concrete options, state your recommendation, and what breaks if the user picks differently.',
+        '- Use the `question` tool only when you cannot proceed safely from available evidence. One high-leverage question at a time, with a sensible fallback if the user defers.',
+        '',
+        'Challenge the framing:',
+        '- Not a mandatory opener: if the request is concrete, derive context first; reframe only when it would change what you build.',
+        '- Before planning, ask what the user is actually trying to achieve, not just what they asked for.',
+        '- If the request sounds like a feature ("add photo upload"), ask what job-to-be-done it serves. The real feature might be larger or different.',
+        '- One good reframe question saves more time than ten implementation questions.',
         '',
         'Plan and decompose:',
         '- Break work into independent pieces that can run in parallel. Two engineers exploring in parallel then synthesizing beats one engineer doing everything sequentially.',
@@ -26,11 +41,19 @@ export const managerPromptRegistry = {
         '- Give specific, actionable feedback. Not "this could be better" but "this is wrong because X, fix it by doing Y."',
         '- Trust engineer findings but verify critical claims. Do not re-examine every file they already reviewed.',
         '- If something fails, figure out what you missed in the assignment, not just what the engineer got wrong.',
+        '- After an engineer reports implementation done, review the diff looking for issues that pass tests but break in production: race conditions, N+1 queries, missing error handling, trust boundary violations, stale reads, forgotten enum cases.',
+        '- Auto-fix mechanical issues by sending a follow-up to the same engineer. Surface genuinely ambiguous issues to the user.',
+        '- Check scope: did the engineer build what was asked — nothing more, nothing less?',
+        '',
+        'Verify before declaring done:',
+        '- After review passes, dispatch an engineer in verify mode to run the most relevant checks (tests, lint, typecheck, build) for what changed.',
+        '- Do not declare a task complete until verification passes. If it fails, fix and re-verify.',
         '',
         'Constraints:',
         '- Do not edit files or run bash directly. Engineers do the hands-on work.',
         '- Do not read files or grep when an engineer can answer the question faster.',
         '- Communicate proactively. If the plan changes or you discover something unexpected, tell the user.',
+        '- Ask follow-up questions when exploration, engineer results, or diffs expose a product or architecture tradeoff you could not have known at the start. Prefer that timing over opening with speculative clarifiers.',
     ].join('\n'),
     engineerAgentPrompt: [
         "You are a named engineer on the CTO's team.",
@@ -49,6 +72,7 @@ export const managerPromptRegistry = {
         'Start with the smallest investigation that resolves the key uncertainty, then act.',
         'Follow repository conventions, AGENTS.md, and any project-level instructions.',
         'Verify your own work before reporting done. Run the most relevant check (test, lint, typecheck, build) for what you changed.',
+        'Review your own diff before reporting done. Look for issues tests would not catch: race conditions, missing error handling, hardcoded values, incomplete enum handling.',
         'Report blockers immediately with exact error output. Do not retry silently more than once.',
         'Do not run git commit, git push, git reset, git checkout, or git stash.',
     ].join('\n'),

package/dist/src/types/contracts.d.ts

@@ -18,14 +18,14 @@ export interface WrapperHistoryEntry {
     mode?: EngineerWorkMode;
     text: string;
 }
-export interface ClaudeCommandMetadata {
+interface ClaudeCommandMetadata {
     name: string;
     description: string;
     argumentHint?: string;
     source: 'sdk' | 'skill' | 'command';
     path?: string;
 }
-export interface ClaudeAgentMetadata {
+interface ClaudeAgentMetadata {
     name: string;
     description: string;
     model?: string;
@@ -48,6 +48,12 @@ export interface RunClaudeSessionInput {
     effort?: 'low' | 'medium' | 'high' | 'max';
     mode?: SessionMode;
     permissionMode?: 'default' | 'acceptEdits' | 'plan' | 'dontAsk';
+    /**
+     * When true, the canUseTool callback denies write tools (Edit, Write, MultiEdit,
+     * NotebookEdit) and destructive bash commands. Used instead of SDK plan mode so
+     * the agent can still exit plan mode if needed.
+     */
+    restrictWriteTools?: boolean;
     /** Merged with `Skill` by the SDK adapter unless `Skill` appears in `disallowedTools`. */
     allowedTools?: string[];
     disallowedTools?: string[];
@@ -168,12 +174,6 @@ export interface GitOperationResult {
     output: string;
     error?: string;
 }
-export interface DiscoveredClaudeFile {
-    /** Relative path from the project root (forward slashes, deterministic order). */
-    relativePath: string;
-    /** Trimmed UTF-8 text content. */
-    content: string;
-}
 export interface ToolApprovalRule {
     id: string;
     description?: string;
@@ -200,3 +200,4 @@ export interface ToolApprovalDecision {
     denyMessage?: string;
     agentId?: string;
 }
+export {};

package/dist/test/claude-agent-sdk-adapter.test.js

@@ -418,6 +418,109 @@ describe('ClaudeAgentSdkAdapter', () => {
         expect(result.outputTokens).toBe(200);
         expect(result.contextWindowSize).toBe(180_000);
     });
+    it('denies write tools when restrictWriteTools is true', async () => {
+        let capturedCanUseTool;
+        const adapter = new ClaudeAgentSdkAdapter({
+            query: (params) => {
+                capturedCanUseTool = params.options?.canUseTool;
+                return createFakeQuery([
+                    {
+                        type: 'result',
+                        subtype: 'success',
+                        session_id: 'ses_rw',
+                        is_error: false,
+                        result: 'ok',
+                        num_turns: 1,
+                        total_cost_usd: 0,
+                    },
+                ]);
+            },
+            listSessions: async () => [],
+            getSessionMessages: async () => [],
+        });
+        await adapter.runSession({
+            cwd: '/tmp/project',
+            prompt: 'Investigate',
+            restrictWriteTools: true,
+        });
+        expect(capturedCanUseTool).toBeDefined();
+        const editResult = await capturedCanUseTool('Edit', { file_path: 'x.ts' }, {});
+        expect(editResult.behavior).toBe('deny');
+        const writeResult = await capturedCanUseTool('Write', { file_path: 'y.ts' }, {});
+        expect(writeResult.behavior).toBe('deny');
+        const multiEditResult = await capturedCanUseTool('MultiEdit', { file_path: 'z.ts' }, {});
+        expect(multiEditResult.behavior).toBe('deny');
+        const readResult = await capturedCanUseTool('Read', { file_path: 'a.ts' }, {});
+        expect(readResult.behavior).toBe('allow');
+        const grepResult = await capturedCanUseTool('Grep', { pattern: 'foo', path: '.' }, {});
+        expect(grepResult.behavior).toBe('allow');
+    });
+    it('denies destructive bash commands when restrictWriteTools is true', async () => {
+        let capturedCanUseTool;
+        const adapter = new ClaudeAgentSdkAdapter({
+            query: (params) => {
+                capturedCanUseTool = params.options?.canUseTool;
+                return createFakeQuery([
+                    {
+                        type: 'result',
+                        subtype: 'success',
+                        session_id: 'ses_bash',
+                        is_error: false,
+                        result: 'ok',
+                        num_turns: 1,
+                        total_cost_usd: 0,
+                    },
+                ]);
+            },
+            listSessions: async () => [],
+            getSessionMessages: async () => [],
+        });
+        await adapter.runSession({
+            cwd: '/tmp/project',
+            prompt: 'Check',
+            restrictWriteTools: true,
+        });
+        expect(capturedCanUseTool).toBeDefined();
+        const sedResult = await capturedCanUseTool('Bash', { command: "sed -i 's/old/new/' file.ts" }, {});
+        expect(sedResult.behavior).toBe('deny');
+        const echoResult = await capturedCanUseTool('Bash', { command: 'echo "data" > out.txt' }, {});
+        expect(echoResult.behavior).toBe('deny');
+        const gitCommitResult = await capturedCanUseTool('Bash', { command: 'git commit -m "fix"' }, {});
+        expect(gitCommitResult.behavior).toBe('deny');
+        const lsResult = await capturedCanUseTool('Bash', { command: 'ls -la src/' }, {});
+        expect(lsResult.behavior).toBe('allow');
+        const catResult = await capturedCanUseTool('Bash', { command: 'cat src/index.ts' }, {});
+        expect(catResult.behavior).toBe('allow');
+        const gitLogResult = await capturedCanUseTool('Bash', { command: 'git log --oneline -10' }, {});
+        expect(gitLogResult.behavior).toBe('allow');
+    });
+    it('allows write tools when restrictWriteTools is false', async () => {
+        let capturedCanUseTool;
+        const adapter = new ClaudeAgentSdkAdapter({
+            query: (params) => {
+                capturedCanUseTool = params.options?.canUseTool;
+                return createFakeQuery([
+                    {
+                        type: 'result',
+                        subtype: 'success',
+                        session_id: 'ses_free',
+                        is_error: false,
+                        result: 'ok',
+                        num_turns: 1,
+                        total_cost_usd: 0,
+                    },
+                ]);
+            },
+            listSessions: async () => [],
+            getSessionMessages: async () => [],
+        });
+        await adapter.runSession({
+            cwd: '/tmp/project',
+            prompt: 'Implement',
+            restrictWriteTools: false,
+        });
+        expect(capturedCanUseTool).toBeUndefined();
+    });
     it('passes through explicit permissionMode', async () => {
         let capturedPermissionMode;
         const adapter = new ClaudeAgentSdkAdapter({

package/dist/test/report-claude-event.test.js

@@ -180,7 +180,7 @@ describe('second invocation continuity', () => {
         // ── Phase 1: first task via orchestrator (no real SDK needed) ──────────
         const store = new TeamStateStore();
         await store.setActiveTeam(tempRoot, 'cto-1');
-        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => undefined) }, 'Base prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => undefined) }, 'Base prompt');
         await orchestrator.recordWrapperSession(tempRoot, 'cto-1', 'Tom', 'wrapper-tom-1');
         await orchestrator.recordWrapperExchange(tempRoot, 'cto-1', 'Tom', 'wrapper-tom-1', 'explore', 'Investigate the auth flow', 'Found two race conditions in the token refresh path.');
         // ── Phase 2: process restart ───────────────────────────────────────────
@@ -206,7 +206,7 @@ describe('second invocation continuity', () => {
         // ── Phase 1: pre-seed Tom with a claudeSessionId ───────────────────────
         const store = new TeamStateStore();
         await store.setActiveTeam(tempRoot, 'cto-1');
-        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => undefined) }, 'Base prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => undefined) }, 'Base prompt');
         await orchestrator.getOrCreateTeam(tempRoot, 'cto-1');
         await store.updateTeam(tempRoot, 'cto-1', (team) => ({
             ...team,

package/dist/test/team-orchestrator.test.js

@@ -35,7 +35,7 @@ describe('TeamOrchestrator', () => {
             outputTokens: 300,
             contextWindowSize: 200_000,
         });
-        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt');
         const first = await orchestrator.dispatchEngineer({
             teamId: 'team-1',
             cwd: tempRoot,
@@ -55,12 +55,14 @@ describe('TeamOrchestrator', () => {
         expect(runTask.mock.calls[0]?.[0]).toMatchObject({
             systemPrompt: expect.stringContaining('Assigned engineer: Tom.'),
             resumeSessionId: undefined,
-            permissionMode: 'plan',
+            permissionMode: 'acceptEdits',
+            restrictWriteTools: true,
         });
         expect(runTask.mock.calls[1]?.[0]).toMatchObject({
             systemPrompt: undefined,
             resumeSessionId: 'ses_tom',
             permissionMode: 'acceptEdits',
+            restrictWriteTools: false,
         });
         const team = await orchestrator.getOrCreateTeam(tempRoot, 'team-1');
         expect(team.engineers.find((engineer) => engineer.name === 'Tom')).toMatchObject({
@@ -72,7 +74,7 @@ describe('TeamOrchestrator', () => {
     it('rejects work when the same engineer is already busy', async () => {
         tempRoot = await mkdtemp(join(tmpdir(), 'team-orchestrator-'));
         const store = new TeamStateStore('.state');
-        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, store, { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt');
         const team = await orchestrator.getOrCreateTeam(tempRoot, 'team-1');
         await store.saveTeam({
             ...team,
@@ -110,7 +112,7 @@ describe('TeamOrchestrator', () => {
             events: [],
             finalText: '## Synthesis\nCombined plan\n## Recommended Question\nShould we migrate now?\n## Recommended Answer\nNo, defer it.',
         });
-        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt');
         const result = await orchestrator.planWithTeam({
             teamId: 'team-1',
             cwd: tempRoot,
@@ -126,7 +128,7 @@ describe('TeamOrchestrator', () => {
     });
     it('persists wrapper session memory for an engineer', async () => {
         tempRoot = await mkdtemp(join(tmpdir(), 'team-orchestrator-'));
-        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt', []);
+        const orchestrator = new TeamOrchestrator({ runTask: vi.fn() }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Base engineer prompt');
         await orchestrator.recordWrapperSession(tempRoot, 'team-1', 'Tom', 'wrapper-tom');
         await orchestrator.recordWrapperExchange(tempRoot, 'team-1', 'Tom', 'wrapper-tom', 'explore', 'Investigate the auth flow and compare approaches', 'The auth flow uses one shared validator and the cookie refresh path is the main risk.');
         const team = await orchestrator.getOrCreateTeam(tempRoot, 'team-1');

package/dist/types/contracts.d.ts

@@ -18,14 +18,14 @@ export interface WrapperHistoryEntry {
     mode?: EngineerWorkMode;
     text: string;
 }
-export interface ClaudeCommandMetadata {
+interface ClaudeCommandMetadata {
     name: string;
     description: string;
     argumentHint?: string;
     source: 'sdk' | 'skill' | 'command';
     path?: string;
 }
-export interface ClaudeAgentMetadata {
+interface ClaudeAgentMetadata {
     name: string;
     description: string;
     model?: string;
@@ -48,6 +48,12 @@ export interface RunClaudeSessionInput {
     effort?: 'low' | 'medium' | 'high' | 'max';
     mode?: SessionMode;
     permissionMode?: 'default' | 'acceptEdits' | 'plan' | 'dontAsk';
+    /**
+     * When true, the canUseTool callback denies write tools (Edit, Write, MultiEdit,
+     * NotebookEdit) and destructive bash commands. Used instead of SDK plan mode so
+     * the agent can still exit plan mode if needed.
+     */
+    restrictWriteTools?: boolean;
     /** Merged with `Skill` by the SDK adapter unless `Skill` appears in `disallowedTools`. */
     allowedTools?: string[];
     disallowedTools?: string[];
@@ -168,12 +174,6 @@ export interface GitOperationResult {
     output: string;
     error?: string;
 }
-export interface DiscoveredClaudeFile {
-    /** Relative path from the project root (forward slashes, deterministic order). */
-    relativePath: string;
-    /** Trimmed UTF-8 text content. */
-    content: string;
-}
 export interface ToolApprovalRule {
     id: string;
     description?: string;
@@ -200,3 +200,4 @@ export interface ToolApprovalDecision {
     denyMessage?: string;
     agentId?: string;
 }
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@doingdev/opencode-claude-manager-plugin",
-  "version": "0.1.50",
+  "version": "0.1.52",
   "description": "OpenCode plugin that orchestrates Claude Code sessions.",
   "keywords": [
     "opencode",