@glrs-dev/cli 0.0.1 → 0.1.1

package/dist/vendor/harness-opencode/dist/chunk-XCZ3NOXR.js

@@ -0,0 +1,703 @@
+// src/agents/shared/index.ts
+import { readFileSync } from "fs";
+import { fileURLToPath } from "url";
+import { dirname, join } from "path";
+var HERE = dirname(fileURLToPath(import.meta.url));
+function readMd(name) {
+  const candidates = [
+    join(HERE, name),
+    // dev: src/agents/shared/
+    join(HERE, "agents", "shared", name),
+    // dist: dist/ → dist/agents/shared/
+    join(HERE, "..", "..", "..", "src", "agents", "shared", name)
+    // fallback dev
+  ];
+  for (const p of candidates) {
+    try {
+      return readFileSync(p, "utf8");
+    } catch {
+    }
+  }
+  throw new Error(`Could not find shared file: ${name}`);
+}
+var WORKFLOW_MECHANICS_RULE = readMd("workflow-mechanics.md");
+
+// src/agents/index.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname2, join as join2 } from "path";
+var HERE2 = dirname2(fileURLToPath2(import.meta.url));
+function readPrompt(name) {
+  const candidates = [
+    join2(HERE2, "prompts", name),
+    // dev: src/agents/prompts/
+    join2(HERE2, "agents", "prompts", name),
+    // dist: dist/ → dist/agents/prompts/
+    join2(HERE2, "..", "..", "src", "agents", "prompts", name)
+    // fallback dev
+  ];
+  for (const p of candidates) {
+    try {
+      return readFileSync2(p, "utf8");
+    } catch {
+    }
+  }
+  throw new Error(`Could not find prompt file: ${name}`);
+}
+var primePrompt = readPrompt("prime.md");
+var planPrompt = readPrompt("plan.md");
+var buildPrompt = readPrompt("build.md");
+var qaReviewerPrompt = readPrompt("qa-reviewer.md");
+var qaThoroughPrompt = readPrompt("qa-thorough.md");
+var planReviewerPrompt = readPrompt("plan-reviewer.md");
+var codeSearcherPrompt = readPrompt("code-searcher.md");
+var gapAnalyzerPrompt = readPrompt("gap-analyzer.md");
+var architectureAdvisorPrompt = readPrompt("architecture-advisor.md");
+var docsMaintainerPrompt = readPrompt("docs-maintainer.md");
+var libReaderPrompt = readPrompt("lib-reader.md");
+var agentsMdWriterPrompt = readPrompt("agents-md-writer.md");
+var pilotBuilderPrompt = readPrompt("pilot-builder.md");
+var pilotPlannerPrompt = readPrompt("pilot-planner.md");
+var researchPrompt = readPrompt("research.md");
+function stripFrontmatter(md) {
+  if (!md.startsWith("---")) return md;
+  const end = md.indexOf("\n---", 3);
+  if (end === -1) return md;
+  return md.slice(end + 4).trimStart();
+}
+function parseFrontmatter(md) {
+  if (!md.startsWith("---")) return {};
+  const end = md.indexOf("\n---", 3);
+  if (end === -1) return {};
+  const block = md.slice(4, end);
+  const result = {};
+  let currentKey = null;
+  let currentValue = [];
+  const flush = () => {
+    if (currentKey) {
+      result[currentKey] = currentValue.join(" ").trim();
+    }
+  };
+  for (const line of block.split("\n")) {
+    if (currentKey && (line.startsWith("  ") || line.startsWith("	"))) {
+      currentValue.push(line.trim());
+      continue;
+    }
+    const colon = line.indexOf(":");
+    if (colon === -1) {
+      flush();
+      currentKey = null;
+      currentValue = [];
+      continue;
+    }
+    flush();
+    currentKey = line.slice(0, colon).trim();
+    const value = line.slice(colon + 1).trim();
+    currentValue = value ? [value] : [];
+  }
+  flush();
+  return result;
+}
+function injectWorkflowMechanics(prompt) {
+  return prompt.replace("{WORKFLOW_MECHANICS_RULE}", WORKFLOW_MECHANICS_RULE);
+}
+function agentFromPrompt(raw, overrides = {}) {
+  const fm = parseFrontmatter(raw);
+  const body = stripFrontmatter(raw);
+  const prompt = injectWorkflowMechanics(body);
+  const base = {
+    description: fm["description"] ?? "",
+    mode: fm["mode"] ?? "subagent",
+    model: fm["model"] ?? void 0,
+    prompt
+  };
+  return { ...base, ...overrides };
+}
+var CORE_BASH_ALLOW_LIST = {
+  // File inspection — safe read-only commands the reviewers use heavily.
+  "ls *": "allow",
+  "cat *": "allow",
+  "head *": "allow",
+  "tail *": "allow",
+  "wc *": "allow",
+  "grep *": "allow",
+  "rg *": "allow",
+  "find *": "allow",
+  "file *": "allow",
+  "stat *": "allow",
+  "which *": "allow",
+  "whereis *": "allow",
+  "basename *": "allow",
+  "dirname *": "allow",
+  "realpath *": "allow",
+  "readlink *": "allow",
+  "diff *": "allow",
+  "sort *": "allow",
+  "uniq *": "allow",
+  "xxd *": "allow",
+  "tree *": "allow",
+  "date *": "allow",
+  "echo *": "allow",
+  // Git read-only subcommands (explicit rather than `git *` so we don't
+  // accidentally whitelist `git push` variants the destructive-deny
+  // table counteracts via longer-pattern matches — but clarity > trust).
+  "git status *": "allow",
+  "git log *": "allow",
+  "git diff *": "allow",
+  "git show *": "allow",
+  "git branch *": "allow",
+  "git merge-base *": "allow",
+  "git rev-parse *": "allow",
+  "git rev-list *": "allow",
+  "git blame *": "allow",
+  "git config --get *": "allow",
+  "git config --get": "allow",
+  "git remote *": "allow",
+  "git stash list *": "allow",
+  "git stash list": "allow",
+  "git ls-files *": "allow",
+  "git describe *": "allow",
+  "git tag *": "allow",
+  "git fetch *": "allow",
+  // Package/build tooling — the reviewers run lint/test/typecheck.
+  "pnpm lint *": "allow",
+  "pnpm test *": "allow",
+  "pnpm typecheck *": "allow",
+  "pnpm build *": "allow",
+  "pnpm run *": "allow",
+  "pnpm install *": "allow",
+  "pnpm --filter *": "allow",
+  "pnpm -w *": "allow",
+  "bun run *": "allow",
+  "bun test *": "allow",
+  "bun install *": "allow",
+  "bunx *": "allow",
+  "npm run *": "allow",
+  "npm test *": "allow",
+  "npx *": "allow",
+  "yarn *": "allow",
+  "tsc *": "allow",
+  "eslint *": "allow",
+  "prettier *": "allow",
+  "biome *": "allow",
+  // Our own CLI — the plan agent and qa-reviewer both call plan-check/plan-dir.
+  "bunx @glrs-dev/harness-plugin-opencode *": "allow",
+  "glrs-oc *": "allow",
+  // GitHub CLI — read-only gh calls are fine; destructive `gh pr merge`
+  // is gated at the PRIME level by human intent (user runs /ship).
+  "gh pr view *": "allow",
+  "gh pr list *": "allow",
+  "gh issue view *": "allow",
+  "gh issue list *": "allow",
+  "gh api *": "allow"
+};
+var CORE_DESTRUCTIVE_BASH_DENIES = {
+  "rm -rf /*": "deny",
+  "rm -rf ~*": "deny",
+  "chmod *": "deny",
+  "chown *": "deny",
+  "sudo *": "deny",
+  "git push --force*": "deny",
+  "git push -f *": "deny",
+  "git push * --force*": "deny",
+  "git push * -f": "deny",
+  "git push * main*": "deny",
+  "git push * master*": "deny",
+  // --force-with-lease is the safe variant — explicit allow rule sorts
+  // after the broad --force deny so the lease variant survives.
+  "git push --force-with-lease*": "allow",
+  "git push * --force-with-lease*": "allow"
+};
+var PRIME_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    // git clean & git reset --hard are allowed for prime because
+    // /fresh runs them after its own question-tool confirmation gate;
+    // a permission-layer prompt on top is redundant noise (see issue #54).
+    // BUILD keeps the stricter default (deny/ask).
+    "git clean *": "allow",
+    "git reset --hard*": "allow"
+  },
+  webfetch: "allow",
+  // Per-tool permissions (index signature on AgentConfig allows these)
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "allow",
+  linear: "allow"
+};
+var PLAN_PERMISSIONS = {
+  edit: "allow",
+  // Plan agent is read-only aside from writing under the plan dir — but
+  // it does need to RESOLVE the plan dir via the `plan-dir` CLI
+  // subcommand (returns an absolute path derived from the worktree's
+  // repo-folder key; see src/plan-paths.ts and src/cli.ts). The object-
+  // form denies bash broadly and re-allows only `bunx
+  // @glrs-dev/harness-plugin-opencode plan-dir[...]`. No other bash invocation
+  // is permitted, so the read-only-aside-from-plans invariant holds.
+  bash: {
+    "*": "deny",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir *": "allow",
+    "glrs-oc plan-dir": "allow",
+    "glrs-oc plan-dir *": "allow"
+  },
+  webfetch: "allow",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var BUILD_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    // Build is stricter than prime on mutation: no `git clean`
+    // (build shouldn't wipe worktree mid-execution), and
+    // `git reset --hard` must prompt explicitly.
+    "git clean *": "deny",
+    "git reset --hard*": "ask"
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "allow",
+  linear: "allow"
+};
+var QA_REVIEWER_PERMISSIONS = {
+  edit: "deny",
+  // Object-form bash: the scalar `"allow"` shape loses to OpenCode's
+  // upstream subagent-default `{bash, *, ask}` via last-match-wins (see
+  // the root-cause comment near PRIME_PERMISSIONS). Enumerated
+  // specific patterns in CORE_BASH_ALLOW_LIST sort AFTER the upstream
+  // wildcard ask and win for the commands they match. `"*": "allow"`
+  // is kept as a backstop but may still lose to the upstream rule for
+  // commands not in the enumerated list; those are the known blind spot.
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "allow",
+  linear: "deny"
+};
+var QA_THOROUGH_PERMISSIONS = {
+  edit: "deny",
+  // Same object-form as QA_REVIEWER_PERMISSIONS — see the shape rationale
+  // there. qa-thorough re-runs the full suite unconditionally (per its
+  // prompt), so it touches the same command surface as qa-reviewer and
+  // needs the identical bash allow-list.
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "allow",
+  linear: "deny"
+};
+var PLAN_REVIEWER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var GAP_ANALYZER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "deny",
+  playwright: "deny",
+  linear: "allow"
+};
+var CODE_SEARCHER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "deny",
+  comment_check: "deny",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "deny",
+  playwright: "deny",
+  linear: "deny"
+};
+var ARCHITECTURE_ADVISOR_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var LIB_READER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "deny",
+  comment_check: "deny",
+  question: "allow",
+  serena: "deny",
+  memory: "allow",
+  git: "deny",
+  playwright: "deny",
+  linear: "deny"
+};
+var AGENTS_MD_WRITER_PERMISSIONS = {
+  edit: "allow",
+  bash: "ask",
+  // preserve ask-semantics from frontmatter
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var PILOT_BUILDER_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    // Pilot-specific destructive denies — the builder NEVER commits,
+    // pushes, switches branches, or opens PRs. The worker does this
+    // for the agent.
+    "git commit*": "deny",
+    "git push*": "deny",
+    "git tag*": "deny",
+    "git checkout *": "deny",
+    "git switch *": "deny",
+    "git branch *": "deny",
+    "git restore --source*": "deny",
+    "git reset *": "deny",
+    "gh pr *": "deny",
+    "gh release *": "deny"
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  // Builder is unattended — must never call the question tool. (The
+  // worker enforces this via the prompt + STOP protocol; permission
+  // denial is a backstop.)
+  question: "deny",
+  serena: "allow",
+  memory: "deny",
+  // pilot tasks are stateless; no per-session memory.
+  git: "allow",
+  // read-only git tools (status, log, diff).
+  playwright: "deny",
+  linear: "deny"
+};
+var PILOT_PLANNER_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "deny",
+    // Read-only inspection — same surface as PLAN_PERMISSIONS, plus a few.
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "git status *": "allow",
+    "git log *": "allow",
+    "git diff *": "allow",
+    "git show *": "allow",
+    "git branch *": "allow",
+    "git rev-parse *": "allow",
+    // Pilot CLI: validate, plan-dir for self-check + path resolution.
+    "bunx @glrs-dev/harness-plugin-opencode pilot validate *": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode pilot validate": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode pilot plan-dir": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode pilot plan-dir *": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir *": "allow",
+    "glrs-oc pilot validate *": "allow",
+    "glrs-oc pilot validate": "allow",
+    "glrs-oc pilot plan-dir": "allow",
+    "glrs-oc pilot plan-dir *": "allow",
+    "glrs-oc plan-dir": "allow",
+    "glrs-oc plan-dir *": "allow"
+  },
+  // No webfetch by default — the planner reads tickets via the linear
+  // MCP. If the user invokes with a GitHub URL, they need the linear
+  // / webfetch combination explicitly. Mark deny here and the operator
+  // can override per-session.
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  // no need to typecheck; we're writing YAML.
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  // the planner CAN ask the human (interactive).
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  // read-only git tools.
+  playwright: "deny",
+  linear: "allow"
+};
+var RESEARCH_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var AGENT_TIERS = {
+  prime: "deep",
+  plan: "deep",
+  "qa-thorough": "deep",
+  "architecture-advisor": "deep",
+  "plan-reviewer": "deep",
+  "gap-analyzer": "deep",
+  "pilot-planner": "deep",
+  research: "deep",
+  build: "mid",
+  "qa-reviewer": "mid",
+  "docs-maintainer": "mid",
+  "lib-reader": "mid",
+  "agents-md-writer": "mid",
+  "pilot-builder": "mid",
+  "code-searcher": "fast"
+};
+function createAgents() {
+  return {
+    // Primary agents
+    prime: agentFromPrompt(primePrompt, {
+      description: "End-to-end PRIME (Primary Routing and Intelligence Management Entity). Takes a request from intent to ready-to-ship in one session. Default primary agent.",
+      mode: "primary",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.2,
+      permission: PRIME_PERMISSIONS
+    }),
+    plan: agentFromPrompt(planPrompt, {
+      description: "Interactive planner. Orchestrates gap analysis and adversarial review. Produces a written plan in the repo-shared plan directory (resolve via `bunx @glrs-dev/harness-plugin-opencode plan-dir`).",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: PLAN_PERMISSIONS
+    }),
+    build: agentFromPrompt(buildPrompt, {
+      description: "Executes a written plan. Runs tests inline, gates completion on QA review.",
+      mode: "all",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.1,
+      permission: BUILD_PERMISSIONS
+    }),
+    // Subagents — model/mode/description from frontmatter, permissions
+    // via overrides (see permission blocks above). docs-maintainer has no
+    // frontmatter permission declaration and keeps that behavior.
+    "qa-reviewer": agentFromPrompt(qaReviewerPrompt, {
+      permission: QA_REVIEWER_PERMISSIONS
+    }),
+    "qa-thorough": agentFromPrompt(qaThoroughPrompt, {
+      permission: QA_THOROUGH_PERMISSIONS
+    }),
+    "plan-reviewer": agentFromPrompt(planReviewerPrompt, {
+      permission: PLAN_REVIEWER_PERMISSIONS
+    }),
+    "code-searcher": agentFromPrompt(codeSearcherPrompt, {
+      permission: CODE_SEARCHER_PERMISSIONS
+    }),
+    "gap-analyzer": agentFromPrompt(gapAnalyzerPrompt, {
+      permission: GAP_ANALYZER_PERMISSIONS
+    }),
+    "architecture-advisor": agentFromPrompt(architectureAdvisorPrompt, {
+      permission: ARCHITECTURE_ADVISOR_PERMISSIONS
+    }),
+    "docs-maintainer": agentFromPrompt(docsMaintainerPrompt),
+    "lib-reader": agentFromPrompt(libReaderPrompt, {
+      permission: LIB_READER_PERMISSIONS
+    }),
+    "agents-md-writer": agentFromPrompt(agentsMdWriterPrompt, {
+      permission: AGENTS_MD_WRITER_PERMISSIONS
+    }),
+    // Pilot subsystem agents (Phase F1 + F2). The frontmatter sets
+    // mode/model/description; temperature is passed via override
+    // because `agentFromPrompt` doesn't currently parse the
+    // temperature field (and we don't want to change that helper for
+    // every agent at once — out of scope for F1/F2).
+    "pilot-builder": agentFromPrompt(pilotBuilderPrompt, {
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.1,
+      permission: PILOT_BUILDER_PERMISSIONS
+    }),
+    "pilot-planner": agentFromPrompt(pilotPlannerPrompt, {
+      mode: "subagent",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: PILOT_PLANNER_PERMISSIONS
+    }),
+    // Research agent — mode:all for both primary invocation and task-tool dispatch
+    research: agentFromPrompt(researchPrompt, {
+      description: "Research orchestrator \u2014 decomposes a research query into parallel workstreams, dispatches research skills (research / research-web / research-local / research-auto) as subagents, reviews findings for gaps, iterates, and synthesizes. Use when the user asks to investigate, explore, deep-dive, or understand a complex topic that needs multiple workstreams.",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: RESEARCH_PERMISSIONS
+    })
+  };
+}
+
+// src/model-validator.ts
+var CATWALK_PROVIDER_PATTERN = /^(?:bedrock|vertex|vertexai)\//;
+var LEGACY_PRE_100_PATTERN = /^(bedrock|vertex|vertexai)\/claude-(opus|sonnet|haiku)(-\d+)?$/;
+var LEGACY_TO_MODELS_DEV = {
+  // --- Pre-PR-#100 Bedrock (no subpath) ---
+  "bedrock/claude-opus": "amazon-bedrock/global.anthropic.claude-opus-4-7",
+  "bedrock/claude-opus-4": "amazon-bedrock/global.anthropic.claude-opus-4-7",
+  "bedrock/claude-sonnet": "amazon-bedrock/global.anthropic.claude-sonnet-4-6",
+  "bedrock/claude-sonnet-4": "amazon-bedrock/global.anthropic.claude-sonnet-4-6",
+  "bedrock/claude-haiku": "amazon-bedrock/global.anthropic.claude-haiku-4-5-20251001-v1:0",
+  "bedrock/claude-haiku-4": "amazon-bedrock/global.anthropic.claude-haiku-4-5-20251001-v1:0",
+  // --- Pre-Models.dev Bedrock (had subpath, but wrong provider prefix) ---
+  "bedrock/anthropic.claude-opus-4-6": "amazon-bedrock/global.anthropic.claude-opus-4-7",
+  "bedrock/anthropic.claude-opus-4-7": "amazon-bedrock/global.anthropic.claude-opus-4-7",
+  "bedrock/anthropic.claude-sonnet-4-6": "amazon-bedrock/global.anthropic.claude-sonnet-4-6",
+  "bedrock/anthropic.claude-haiku-4-5-20251001-v1:0": "amazon-bedrock/global.anthropic.claude-haiku-4-5-20251001-v1:0",
+  // --- Pre-PR-#100 Vertex (no @date suffix) ---
+  "vertex/claude-opus": "google-vertex-anthropic/claude-opus-4-7@default",
+  "vertex/claude-opus-4": "google-vertex-anthropic/claude-opus-4-7@default",
+  "vertex/claude-sonnet": "google-vertex-anthropic/claude-sonnet-4-6@default",
+  "vertex/claude-sonnet-4": "google-vertex-anthropic/claude-sonnet-4-6@default",
+  "vertex/claude-haiku": "google-vertex-anthropic/claude-haiku-4-5@20251001",
+  "vertex/claude-haiku-4": "google-vertex-anthropic/claude-haiku-4-5@20251001",
+  "vertexai/claude-opus": "google-vertex-anthropic/claude-opus-4-7@default",
+  "vertexai/claude-opus-4": "google-vertex-anthropic/claude-opus-4-7@default",
+  "vertexai/claude-sonnet": "google-vertex-anthropic/claude-sonnet-4-6@default",
+  "vertexai/claude-sonnet-4": "google-vertex-anthropic/claude-sonnet-4-6@default",
+  "vertexai/claude-haiku": "google-vertex-anthropic/claude-haiku-4-5@20251001",
+  "vertexai/claude-haiku-4": "google-vertex-anthropic/claude-haiku-4-5@20251001",
+  // --- Pre-Models.dev Vertex (had @date suffix, wrong provider prefix) ---
+  "vertexai/claude-opus-4-6@20250610": "google-vertex-anthropic/claude-opus-4-6@default",
+  "vertexai/claude-opus-4-7@20250610": "google-vertex-anthropic/claude-opus-4-7@default",
+  "vertexai/claude-sonnet-4-6@20250725": "google-vertex-anthropic/claude-sonnet-4-6@default",
+  "vertexai/claude-haiku-4-5@20251001": "google-vertex-anthropic/claude-haiku-4-5@20251001"
+};
+function validateModelOverride(id) {
+  if (typeof id !== "string") return { valid: true };
+  if (id.length === 0) return { valid: true };
+  if (CATWALK_PROVIDER_PATTERN.test(id)) {
+    const suggestion = LEGACY_TO_MODELS_DEV[id] ?? "run `bunx @glrs-dev/harness-plugin-opencode install` to pick a current preset";
+    const reason = LEGACY_PRE_100_PATTERN.test(id) ? `"${id}" is a pre-PR-#100 model ID format that does not resolve in OpenCode. Bedrock IDs need the \`amazon-bedrock\` provider prefix (not \`bedrock\`); Vertex Claude IDs need the \`google-vertex-anthropic\` provider prefix (not \`vertex\` / \`vertexai\`).` : `"${id}" uses a provider prefix (\`${id.split("/")[0]}\`) that does not exist in OpenCode's runtime. AWS Bedrock's provider ID is \`amazon-bedrock\`; Vertex Claude's is \`google-vertex-anthropic\`.`;
+    return { valid: false, reason, suggestion };
+  }
+  return { valid: true };
+}
+function formatModelOverrideWarning(id, source, suggestion) {
+  const suggestionText = suggestion ? ` Suggested replacement: \`${suggestion}\`.` : "";
+  return `[@glrs-dev/harness-plugin-opencode] Warning: invalid model override "${id}" (from ${source}).${suggestionText} Run \`bunx @glrs-dev/harness-plugin-opencode doctor\` for details.`;
+}
+
+export {
+  AGENT_TIERS,
+  createAgents,
+  validateModelOverride,
+  formatModelOverrideWarning
+};