npm - @glrs-dev/cli - Versions diffs - 1.2.0 → 2.0.0 - Mend

@glrs-dev/cli 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/vendor/harness-opencode/dist/index.js CHANGED Viewed

@@ -1,10 +1,7 @@
 import {
-  AGENT_TIERS,
-  createAgents,
   formatModelOverrideWarning,
-  getStrictPrompt,
   validateModelOverride
-} from "./chunk-EK7K4NTV.js";
+} from "./chunk-DZG4D3OH.js";
 import {
   PACKAGE_NAME,
   readOurPackageVersion,
@@ -16,35 +13,770 @@ import * as fs from "fs";
 import * as path from "path";
 import * as os from "os";
-// src/commands/index.ts
+// src/agents/shared/index.ts
 import { readFileSync } from "fs";
 import { fileURLToPath } from "url";
 import { dirname, join } from "path";
 var HERE = dirname(fileURLToPath(import.meta.url));
+function readMd(name) {
+  const candidates = [
+    join(HERE, name),
+    // dev: src/agents/shared/
+    join(HERE, "agents", "shared", name),
+    // dist: dist/ → dist/agents/shared/
+    join(HERE, "..", "..", "..", "src", "agents", "shared", name)
+    // fallback dev
+  ];
+  for (const p of candidates) {
+    try {
+      return readFileSync(p, "utf8");
+    } catch {
+    }
+  }
+  throw new Error(`Could not find shared file: ${name}`);
+}
+var WORKFLOW_MECHANICS_RULE = readMd("workflow-mechanics.md");
+// src/agents/index.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname2, join as join2 } from "path";
+var HERE2 = dirname2(fileURLToPath2(import.meta.url));
 function readPrompt(name) {
   const candidates = [
-    join(HERE, "prompts", name),
+    join2(HERE2, "prompts", name),
+    // dev: src/agents/prompts/
+    join2(HERE2, "agents", "prompts", name),
+    // dist: dist/ → dist/agents/prompts/
+    join2(HERE2, "..", "..", "src", "agents", "prompts", name)
+    // fallback dev
+  ];
+  for (const p of candidates) {
+    try {
+      return readFileSync2(p, "utf8");
+    } catch {
+    }
+  }
+  throw new Error(`Could not find prompt file: ${name}`);
+}
+var primePrompt = readPrompt("prime.md");
+var planPrompt = readPrompt("plan.md");
+var buildPrompt = readPrompt("build.md");
+var buildOpenPrompt = readPrompt("build.open.md");
+var qaReviewerPrompt = readPrompt("qa-reviewer.md");
+var qaReviewerOpenPrompt = readPrompt("qa-reviewer.open.md");
+var qaThoroughPrompt = readPrompt("qa-thorough.md");
+var planReviewerPrompt = readPrompt("plan-reviewer.md");
+var codeSearcherPrompt = readPrompt("code-searcher.md");
+var gapAnalyzerPrompt = readPrompt("gap-analyzer.md");
+var architectureAdvisorPrompt = readPrompt("architecture-advisor.md");
+var docsMaintainerPrompt = readPrompt("docs-maintainer.md");
+var libReaderPrompt = readPrompt("lib-reader.md");
+var agentsMdWriterPrompt = readPrompt("agents-md-writer.md");
+var pilotScopePrompt = readPrompt("pilot-scoper.md");
+var pilotPlannerPrompt = readPrompt("pilot-planner.md");
+var pilotBuilderPrompt = readPrompt("pilot-builder.md");
+var pilotAssessorPrompt = readPrompt("pilot-assessor.md");
+var researchPrompt = readPrompt("research.md");
+var researchWebPrompt = readPrompt("research-web.md");
+var researchLocalPrompt = readPrompt("research-local.md");
+var researchAutoPrompt = readPrompt("research-auto.md");
+var EXECUTOR_VARIANT_AGENTS = {
+  build: { reasoning: buildPrompt, strict: buildOpenPrompt },
+  "qa-reviewer": { reasoning: qaReviewerPrompt, strict: qaReviewerOpenPrompt },
+  "pilot-builder": { reasoning: pilotBuilderPrompt, strict: pilotBuilderPrompt }
+};
+function getStrictPrompt(agentName) {
+  const variants = EXECUTOR_VARIANT_AGENTS[agentName];
+  if (!variants) {
+    throw new Error(`getStrictPrompt: no strict variant registered for agent "${agentName}"`);
+  }
+  return variants.strict;
+}
+function stripFrontmatter(md) {
+  if (!md.startsWith("---")) return md;
+  const end = md.indexOf("\n---", 3);
+  if (end === -1) return md;
+  return md.slice(end + 4).trimStart();
+}
+function parseFrontmatter(md) {
+  if (!md.startsWith("---")) return {};
+  const end = md.indexOf("\n---", 3);
+  if (end === -1) return {};
+  const block = md.slice(4, end);
+  const result = {};
+  let currentKey = null;
+  let currentValue = [];
+  const flush = () => {
+    if (currentKey) {
+      result[currentKey] = currentValue.join(" ").trim();
+    }
+  };
+  for (const line of block.split("\n")) {
+    if (currentKey && (line.startsWith("  ") || line.startsWith("	"))) {
+      currentValue.push(line.trim());
+      continue;
+    }
+    const colon = line.indexOf(":");
+    if (colon === -1) {
+      flush();
+      currentKey = null;
+      currentValue = [];
+      continue;
+    }
+    flush();
+    currentKey = line.slice(0, colon).trim();
+    const value = line.slice(colon + 1).trim();
+    currentValue = value ? [value] : [];
+  }
+  flush();
+  return result;
+}
+function injectWorkflowMechanics(prompt) {
+  return prompt.replace("{WORKFLOW_MECHANICS_RULE}", WORKFLOW_MECHANICS_RULE);
+}
+function agentFromPrompt(raw, overrides = {}) {
+  const fm = parseFrontmatter(raw);
+  const body = stripFrontmatter(raw);
+  const prompt = injectWorkflowMechanics(body);
+  const base = {
+    description: fm["description"] ?? "",
+    mode: fm["mode"] ?? "subagent",
+    model: fm["model"] ?? void 0,
+    prompt
+  };
+  return { ...base, ...overrides };
+}
+var CORE_BASH_ALLOW_LIST = {
+  // File inspection — safe read-only commands the reviewers use heavily.
+  "ls *": "allow",
+  "cat *": "allow",
+  "head *": "allow",
+  "tail *": "allow",
+  "wc *": "allow",
+  "grep *": "allow",
+  "rg *": "allow",
+  "find *": "allow",
+  "file *": "allow",
+  "stat *": "allow",
+  "which *": "allow",
+  "whereis *": "allow",
+  "basename *": "allow",
+  "dirname *": "allow",
+  "realpath *": "allow",
+  "readlink *": "allow",
+  "diff *": "allow",
+  "sort *": "allow",
+  "uniq *": "allow",
+  "xxd *": "allow",
+  "tree *": "allow",
+  "date *": "allow",
+  "echo *": "allow",
+  // Git read-only subcommands (explicit rather than `git *` so we don't
+  // accidentally whitelist `git push` variants the destructive-deny
+  // table counteracts via longer-pattern matches — but clarity > trust).
+  "git status *": "allow",
+  "git log *": "allow",
+  "git diff *": "allow",
+  "git show *": "allow",
+  "git branch *": "allow",
+  "git merge-base *": "allow",
+  "git rev-parse *": "allow",
+  "git rev-list *": "allow",
+  "git blame *": "allow",
+  "git config --get *": "allow",
+  "git config --get": "allow",
+  "git remote *": "allow",
+  "git stash list *": "allow",
+  "git stash list": "allow",
+  "git ls-files *": "allow",
+  "git describe *": "allow",
+  "git tag *": "allow",
+  "git fetch *": "allow",
+  // Package/build tooling — the reviewers run lint/test/typecheck.
+  "pnpm lint *": "allow",
+  "pnpm test *": "allow",
+  "pnpm typecheck *": "allow",
+  "pnpm build *": "allow",
+  "pnpm run *": "allow",
+  "pnpm install *": "allow",
+  "pnpm --filter *": "allow",
+  "pnpm -w *": "allow",
+  "bun run *": "allow",
+  "bun test *": "allow",
+  "bun install *": "allow",
+  "bunx *": "allow",
+  "npm run *": "allow",
+  "npm test *": "allow",
+  "npx *": "allow",
+  "yarn *": "allow",
+  "tsc *": "allow",
+  "eslint *": "allow",
+  "prettier *": "allow",
+  "biome *": "allow",
+  // Our own CLI — the plan agent and qa-reviewer both call plan-check/plan-dir.
+  "bunx @glrs-dev/harness-plugin-opencode *": "allow",
+  "glrs-oc *": "allow",
+  // GitHub CLI — read-only gh calls are fine; destructive `gh pr merge`
+  // is gated at the PRIME level by human intent (user runs /ship).
+  "gh pr view *": "allow",
+  "gh pr list *": "allow",
+  "gh issue view *": "allow",
+  "gh issue list *": "allow",
+  "gh api *": "allow"
+};
+var CORE_DESTRUCTIVE_BASH_DENIES = {
+  "rm -rf /*": "deny",
+  "rm -rf ~*": "deny",
+  "chmod *": "deny",
+  "chown *": "deny",
+  "sudo *": "deny",
+  "git push --force*": "deny",
+  "git push -f *": "deny",
+  "git push * --force*": "deny",
+  "git push * -f": "deny",
+  "git push * main*": "deny",
+  "git push * master*": "deny",
+  // --force-with-lease is the safe variant — explicit allow rule sorts
+  // after the broad --force deny so the lease variant survives.
+  "git push --force-with-lease*": "allow",
+  "git push * --force-with-lease*": "allow"
+};
+var PRIME_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    // git clean & git reset --hard are allowed for prime because
+    // /fresh runs them after its own question-tool confirmation gate;
+    // a permission-layer prompt on top is redundant noise (see issue #54).
+    // BUILD keeps the stricter default (deny/ask).
+    "git clean *": "allow",
+    "git reset --hard*": "allow"
+  },
+  webfetch: "allow",
+  // Per-tool permissions (index signature on AgentConfig allows these)
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "allow",
+  linear: "allow"
+};
+var PLAN_PERMISSIONS = {
+  edit: "allow",
+  // Plan agent is read-only aside from writing under the plan dir — but
+  // it does need to RESOLVE the plan dir via the `plan-dir` CLI
+  // subcommand (returns an absolute path derived from the worktree's
+  // repo-folder key; see src/plan-paths.ts and src/cli.ts). The object-
+  // form denies bash broadly and re-allows only `bunx
+  // @glrs-dev/harness-plugin-opencode plan-dir[...]`. No other bash invocation
+  // is permitted, so the read-only-aside-from-plans invariant holds.
+  bash: {
+    "*": "deny",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir": "allow",
+    "bunx @glrs-dev/harness-plugin-opencode plan-dir *": "allow",
+    "glrs-oc plan-dir": "allow",
+    "glrs-oc plan-dir *": "allow"
+  },
+  webfetch: "allow",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var BUILD_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    // Build is stricter than prime on mutation: no `git clean`
+    // (build shouldn't wipe worktree mid-execution), and
+    // `git reset --hard` must prompt explicitly.
+    "git clean *": "deny",
+    "git reset --hard*": "ask"
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "allow",
+  linear: "allow"
+};
+var QA_REVIEWER_PERMISSIONS = {
+  edit: "deny",
+  // Object-form bash: the scalar `"allow"` shape loses to OpenCode's
+  // upstream subagent-default `{bash, *, ask}` via last-match-wins (see
+  // the root-cause comment near PRIME_PERMISSIONS). Enumerated
+  // specific patterns in CORE_BASH_ALLOW_LIST sort AFTER the upstream
+  // wildcard ask and win for the commands they match. `"*": "allow"`
+  // is kept as a backstop but may still lose to the upstream rule for
+  // commands not in the enumerated list; those are the known blind spot.
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "allow",
+  linear: "deny"
+};
+var QA_THOROUGH_PERMISSIONS = {
+  edit: "deny",
+  // Same object-form as QA_REVIEWER_PERMISSIONS — see the shape rationale
+  // there. qa-thorough re-runs the full suite unconditionally (per its
+  // prompt), so it touches the same command surface as qa-reviewer and
+  // needs the identical bash allow-list.
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "allow",
+  linear: "deny"
+};
+var PLAN_REVIEWER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var GAP_ANALYZER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "deny",
+  playwright: "deny",
+  linear: "allow"
+};
+var CODE_SEARCHER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "deny",
+  comment_check: "deny",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "deny",
+  playwright: "deny",
+  linear: "deny"
+};
+var ARCHITECTURE_ADVISOR_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var LIB_READER_PERMISSIONS = {
+  edit: "deny",
+  bash: "deny",
+  webfetch: "deny",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "deny",
+  comment_check: "deny",
+  question: "allow",
+  serena: "deny",
+  memory: "allow",
+  git: "deny",
+  playwright: "deny",
+  linear: "deny"
+};
+var AGENTS_MD_WRITER_PERMISSIONS = {
+  edit: "allow",
+  bash: "ask",
+  // preserve ask-semantics from frontmatter
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var RESEARCH_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "allow",
+  git: "allow",
+  playwright: "deny",
+  linear: "allow"
+};
+var AGENT_TIERS = {
+  prime: "deep",
+  plan: "deep",
+  "qa-thorough": "deep",
+  "architecture-advisor": "deep",
+  "plan-reviewer": "deep",
+  "gap-analyzer": "deep",
+  research: "deep",
+  "research-web": "deep",
+  "research-local": "deep",
+  "research-auto": "deep",
+  // Pilot v2 agents
+  "pilot-scoper": "mid",
+  "pilot-planner": "mid",
+  "pilot-builder": "mid-execute",
+  "pilot-assessor": "mid",
+  build: "mid-execute",
+  "qa-reviewer": "mid-execute",
+  "docs-maintainer": "mid",
+  "lib-reader": "mid",
+  "agents-md-writer": "mid",
+  "code-searcher": "fast"
+};
+var PILOT_SCOPER_PERMISSIONS = {
+  edit: "deny",
+  bash: {
+    "*": "deny",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "git status *": "allow",
+    "git log *": "allow",
+    "git diff *": "allow",
+    "git show *": "allow",
+    "git branch *": "allow",
+    "git rev-parse *": "allow"
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "allow",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var PILOT_PLANNER_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "deny",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "git status *": "allow",
+    "git log *": "allow",
+    "git diff *": "allow",
+    "git show *": "allow",
+    "git branch *": "allow",
+    "git rev-parse *": "allow"
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "deny",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var PILOT_BUILDER_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    "git commit*": "deny",
+    "git push*": "deny",
+    "git tag*": "deny",
+    "git checkout *": "deny",
+    "git switch *": "deny",
+    "git branch *": "deny",
+    "git restore --source*": "deny",
+    "git reset *": "deny",
+    "gh pr *": "deny",
+    "gh release *": "deny"
+  },
+  webfetch: "allow",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "deny",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
+var PILOT_ASSESSOR_PERMISSIONS = {
+  edit: "allow",
+  bash: {
+    "*": "allow",
+    ...CORE_BASH_ALLOW_LIST,
+    ...CORE_DESTRUCTIVE_BASH_DENIES,
+    "git commit*": "deny",
+    "git push*": "deny",
+    "git checkout *": "deny",
+    "git switch *": "deny",
+    "git reset *": "deny",
+    "gh pr *": "deny"
+  },
+  webfetch: "deny",
+  ast_grep: "allow",
+  tsc_check: "allow",
+  eslint_check: "allow",
+  todo_scan: "allow",
+  comment_check: "allow",
+  question: "deny",
+  serena: "allow",
+  memory: "deny",
+  git: "allow",
+  playwright: "allow",
+  linear: "deny"
+};
+function createAgents() {
+  return {
+    // Primary agents
+    prime: agentFromPrompt(primePrompt, {
+      description: "End-to-end PRIME (Primary Routing and Intelligence Management Entity). Takes a request from intent to ready-to-ship in one session. Default primary agent.",
+      mode: "primary",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.2,
+      permission: PRIME_PERMISSIONS
+    }),
+    plan: agentFromPrompt(planPrompt, {
+      description: "Interactive planner. Orchestrates gap analysis and adversarial review. Produces a written plan in the repo-shared plan directory (resolve via `bunx @glrs-dev/harness-plugin-opencode plan-dir`).",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: PLAN_PERMISSIONS
+    }),
+    build: agentFromPrompt(buildPrompt, {
+      description: "Executes a written plan. Runs tests inline, gates completion on QA review.",
+      mode: "all",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.1,
+      permission: BUILD_PERMISSIONS
+    }),
+    // Subagents — model/mode/description from frontmatter, permissions
+    // via overrides (see permission blocks above). docs-maintainer has no
+    // frontmatter permission declaration and keeps that behavior.
+    "qa-reviewer": agentFromPrompt(qaReviewerPrompt, {
+      permission: QA_REVIEWER_PERMISSIONS
+    }),
+    "qa-thorough": agentFromPrompt(qaThoroughPrompt, {
+      permission: QA_THOROUGH_PERMISSIONS
+    }),
+    "plan-reviewer": agentFromPrompt(planReviewerPrompt, {
+      permission: PLAN_REVIEWER_PERMISSIONS
+    }),
+    "code-searcher": agentFromPrompt(codeSearcherPrompt, {
+      permission: CODE_SEARCHER_PERMISSIONS
+    }),
+    "gap-analyzer": agentFromPrompt(gapAnalyzerPrompt, {
+      permission: GAP_ANALYZER_PERMISSIONS
+    }),
+    "architecture-advisor": agentFromPrompt(architectureAdvisorPrompt, {
+      permission: ARCHITECTURE_ADVISOR_PERMISSIONS
+    }),
+    "docs-maintainer": agentFromPrompt(docsMaintainerPrompt),
+    "lib-reader": agentFromPrompt(libReaderPrompt, {
+      permission: LIB_READER_PERMISSIONS
+    }),
+    "agents-md-writer": agentFromPrompt(agentsMdWriterPrompt, {
+      permission: AGENTS_MD_WRITER_PERMISSIONS
+    }),
+    // Research agent — mode:all for both primary invocation and task-tool dispatch
+    research: agentFromPrompt(researchPrompt, {
+      description: "Research orchestrator \u2014 decomposes a research query into parallel workstreams, dispatches research skills (research / research-web / research-local / research-auto) as subagents, reviews findings for gaps, iterates, and synthesizes. Use when the user asks to investigate, explore, deep-dive, or understand a complex topic that needs multiple workstreams.",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: RESEARCH_PERMISSIONS
+    }),
+    // Research subagents — thin shims that load the bundled skills
+    "research-web": agentFromPrompt(researchWebPrompt, {
+      description: "Research orchestrator subagent \u2014 Multi-agent web research orchestrator. Decomposes a research question into parallel agent workstreams, launches them, monitors progress, and synthesizes results. Use when user says 'research this topic', 'I need to understand', 'deep dive into', 'investigate the market for', 'what do we know about'. Provide the research topic and context.",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: RESEARCH_PERMISSIONS
+    }),
+    "research-local": agentFromPrompt(researchLocalPrompt, {
+      description: "Research orchestrator subagent \u2014 Deep codebase research using parallel Explore subagents. Decomposes a question about the local codebase into research tasks, launches parallel explorations, reviews for gaps, iterates, and synthesizes findings with specific file paths and line numbers. Use when user says 'how does X work in this codebase', 'where is Y implemented', 'trace the data flow for Z', 'what patterns does this repo use', 'explain the architecture of'. Provide the research topic as arguments.",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: RESEARCH_PERMISSIONS
+    }),
+    "research-auto": agentFromPrompt(researchAutoPrompt, {
+      description: "Research orchestrator subagent \u2014 Autonomous experimentation skill. Agent interviews the user, sets up a lab, then explores freely (think, test, reflect) until stopped or a target is hit. Works for any domain where you can measure or evaluate a result. Use when user says 'optimize this', 'experiment with', 'find the best approach', 'iterate on', 'research mode'. Do NOT use for binary validation tests (use /spec-lab instead). Based on ResearcherSkill v1.4.4 by krzysztofdudek.",
+      mode: "all",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: RESEARCH_PERMISSIONS
+    }),
+    // Pilot v2 agents (SPEAR-based autonomous execution)
+    "pilot-scoper": agentFromPrompt(pilotScopePrompt, {
+      description: "Pilot v2 scoping agent. Interviews the user to understand their goal, explores the codebase, and produces a scope.json artifact with framing and acceptance criteria.",
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.3,
+      permission: PILOT_SCOPER_PERMISSIONS
+    }),
+    "pilot-planner": agentFromPrompt(pilotPlannerPrompt, {
+      description: "Pilot v2 planning agent. Reads scope.json, surveys the codebase, and produces a plan.json with an ordered task list.",
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.2,
+      permission: PILOT_PLANNER_PERMISSIONS
+    }),
+    "pilot-builder": agentFromPrompt(pilotBuilderPrompt, {
+      description: "Pilot v2 builder agent. Executes a single task from the plan. Makes code changes, runs verify commands, and signals completion.",
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.1,
+      permission: PILOT_BUILDER_PERMISSIONS
+    }),
+    "pilot-assessor": agentFromPrompt(pilotAssessorPrompt, {
+      description: "Pilot v2 assessor agent. Evaluates completed work against acceptance criteria, runs deployment-risk reflection, and produces an assessment report.",
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.2,
+      permission: PILOT_ASSESSOR_PERMISSIONS
+    })
+  };
+}
+// src/commands/index.ts
+import { readFileSync as readFileSync3 } from "fs";
+import { fileURLToPath as fileURLToPath3 } from "url";
+import { dirname as dirname3, join as join3 } from "path";
+var HERE3 = dirname3(fileURLToPath3(import.meta.url));
+function readPrompt2(name) {
+  const candidates = [
+    join3(HERE3, "prompts", name),
     // dev: src/commands/prompts/
-    join(HERE, "commands", "prompts", name),
+    join3(HERE3, "commands", "prompts", name),
     // dist: dist/ → dist/commands/prompts/
-    join(HERE, "..", "..", "src", "commands", "prompts", name)
+    join3(HERE3, "..", "..", "src", "commands", "prompts", name)
     // fallback dev
   ];
   for (const p of candidates) {
     try {
-      return readFileSync(p, "utf8");
+      return readFileSync3(p, "utf8");
     } catch {
     }
   }
   throw new Error(`Could not find command prompt: ${name}`);
 }
-var autopilotPrompt = readPrompt("autopilot.md");
-var shipPrompt = readPrompt("ship.md");
-var reviewPrompt = readPrompt("review.md");
-var initDeepPrompt = readPrompt("init-deep.md");
-var researchPrompt = readPrompt("research.md");
-var freshPrompt = readPrompt("fresh.md");
-var costsPrompt = readPrompt("costs.md");
+var autopilotPrompt = readPrompt2("autopilot.md");
+var shipPrompt = readPrompt2("ship.md");
+var reviewPrompt = readPrompt2("review.md");
+var initDeepPrompt = readPrompt2("init-deep.md");
+var researchPrompt2 = readPrompt2("research.md");
+var freshPrompt = readPrompt2("fresh.md");
+var costsPrompt = readPrompt2("costs.md");
 function createCommands() {
   return {
     autopilot: {
@@ -64,7 +796,7 @@ function createCommands() {
       description: "Generate hierarchical AGENTS.md files for the current repo."
     },
     research: {
-      template: researchPrompt,
+      template: researchPrompt2,
       description: "Deep codebase exploration via parallel subagents."
     },
     fresh: {
@@ -127,11 +859,11 @@ function createMcpConfig() {
 }
 // src/skills/paths.ts
-import { fileURLToPath as fileURLToPath2 } from "url";
-import { dirname as dirname2, join as join2 } from "path";
+import { fileURLToPath as fileURLToPath4 } from "url";
+import { dirname as dirname4, join as join4 } from "path";
 function getSkillsRoot() {
-  const here = dirname2(fileURLToPath2(import.meta.url));
-  return join2(here, "skills");
+  const here = dirname4(fileURLToPath4(import.meta.url));
+  return join4(here, "skills");
 }
 // src/config-hook.ts
@@ -1411,141 +2143,74 @@ var plugin3 = async () => {
 var cost_tracker_default = plugin3;
 // src/plugins/pilot-plugin.ts
-import * as path5 from "path";
-var PILOT_SESSION_TITLE_PREFIX = "pilot/";
-var FORBIDDEN_BUILDER_BASH_PREFIXES = [
-  "git commit",
-  "git push",
-  "git tag",
-  "git checkout ",
-  "git switch ",
-  "git branch",
-  "git restore --source",
-  "git reset",
-  "gh pr ",
-  "gh release "
+var PILOT_TITLE_PREFIX = "pilot/";
+var BUILDER_DENIED_PATTERNS = [
+  /^git\s+commit/,
+  /^git\s+push/,
+  /^git\s+tag/,
+  /^git\s+checkout\s/,
+  /^git\s+switch\s/,
+  /^git\s+branch\s/,
+  /^git\s+restore\s+--source/,
+  /^git\s+reset\s/,
+  /^gh\s+pr\s/,
+  /^gh\s+release\s/
 ];
-var EDIT_TOOLS = /* @__PURE__ */ new Set(["edit", "write", "patch", "multiedit"]);
-var plugin4 = async ({ client }) => {
-  const sessionCache = /* @__PURE__ */ new Map();
+var sessionCache = /* @__PURE__ */ new Map();
+async function getSessionPhase(client, sessionId) {
+  if (sessionCache.has(sessionId)) {
+    return sessionCache.get(sessionId);
+  }
+  try {
+    const session = await client.session.get({ sessionID: sessionId });
+    const title = session.title ?? "";
+    if (!title.startsWith(PILOT_TITLE_PREFIX)) return null;
+    const parts = title.slice(PILOT_TITLE_PREFIX.length).split("/");
+    if (parts.length < 2) return null;
+    const [workflowId, phase] = parts;
+    const result = { phase, workflowId };
+    sessionCache.set(sessionId, result);
+    return result;
+  } catch {
+    return null;
+  }
+}
+var pilotPlugin = async (input) => {
   return {
-    "tool.execute.before": async (input, output) => {
-      const info = await classifySession(client, sessionCache, input.sessionID);
-      if (info.kind === "pilot-builder") {
-        if (input.tool === "bash") {
-          enforceBuilderBashDeny(output.args);
-        }
-      } else if (info.kind === "pilot-planner") {
-        if (EDIT_TOOLS.has(input.tool)) {
-          await enforcePlannerEditScope(output.args, info.plansDir);
+    "tool.execute.before": async (toolInput, _output) => {
+      const sessionId = toolInput.sessionID;
+      if (!sessionId) return;
+      const sessionInfo = await getSessionPhase(input.client, sessionId);
+      if (!sessionInfo) return;
+      const { phase } = sessionInfo;
+      const toolName = toolInput.tool ?? "";
+      const args = toolInput.args ?? {};
+      if (phase === "execute") {
+        if (toolName === "bash") {
+          const cmd = String(args["command"] ?? "").trim();
+          for (const pattern of BUILDER_DENIED_PATTERNS) {
+            if (pattern.test(cmd)) {
+              throw new Error(
+                `pilot-builder: "${cmd}" is not allowed. The orchestrator handles commits and pushes after verify passes.`
+              );
+            }
+          }
         }
       }
     }
   };
 };
-var pilot_plugin_default = plugin4;
-async function classifySession(client, cache, sessionID) {
-  const cached = cache.get(sessionID);
-  if (cached !== void 0) return cached;
-  let title = "";
-  let directory = "";
-  try {
-    const r = await client.session.get({ path: { id: sessionID } });
-    const data = r.data;
-    title = data?.title ?? "";
-    directory = data?.directory ?? "";
-  } catch {
-    const v2 = { kind: "non-pilot" };
-    cache.set(sessionID, v2);
-    return v2;
-  }
-  if (title.startsWith(PILOT_SESSION_TITLE_PREFIX)) {
-    const rest = title.slice(PILOT_SESSION_TITLE_PREFIX.length);
-    const slash = rest.indexOf("/");
-    if (slash > 0) {
-      const runId = rest.slice(0, slash);
-      const taskId = rest.slice(slash + 1);
-      const v2 = { kind: "pilot-builder", runId, taskId };
-      cache.set(sessionID, v2);
-      return v2;
-    }
-  }
-  const plansDir = inferPlannerPlansDir(directory);
-  if (plansDir !== null) {
-    const v2 = { kind: "pilot-planner", plansDir };
-    cache.set(sessionID, v2);
-    return v2;
-  }
-  const v = { kind: "non-pilot" };
-  cache.set(sessionID, v);
-  return v;
-}
-function inferPlannerPlansDir(directory) {
-  if (directory.length === 0) return null;
-  const norm = directory.replace(/[\\/]+$/, "");
-  const sepRegex = /[\\/]/;
-  const parts = norm.split(sepRegex);
-  if (parts.length < 2) return null;
-  const last = parts[parts.length - 1];
-  const prev = parts[parts.length - 2];
-  if (last === "plans" && prev === "pilot") return norm;
-  return null;
-}
-function enforceBuilderBashDeny(args) {
-  const command = extractBashCommand(args);
-  if (command === null) return;
-  const trimmed = command.trimStart();
-  for (const prefix of FORBIDDEN_BUILDER_BASH_PREFIXES) {
-    if (trimmed.startsWith(prefix) || // Exact match for `git branch` (no trailing space) — the prefix
-    // already has no trailing space; covered.
-    trimmed === prefix.trimEnd()) {
-      throw new Error(
-        `pilot-plugin: pilot-builder is not permitted to run \`${prefix.trim()}\` commands (the worker handles commits/pushes/branches). If this is the right thing to do, respond with STOP: <reason>.`
-      );
-    }
-  }
-}
-function extractBashCommand(args) {
-  if (typeof args !== "object" || args === null) return null;
-  const o = args;
-  if (typeof o.command === "string") return o.command;
-  if (typeof o.cmd === "string") return o.cmd;
-  if (typeof o.body === "object" && o.body !== null && typeof o.body.command === "string") {
-    return o.body.command;
-  }
-  return null;
-}
-async function enforcePlannerEditScope(args, plansDir) {
-  const target = extractTargetPath(args);
-  if (target === null) return;
-  const abs = path5.isAbsolute(target) ? target : path5.resolve(plansDir, target);
-  const normTarget = path5.normalize(abs);
-  const normPlans = path5.normalize(plansDir).replace(/[\\/]+$/, "");
-  if (normTarget === normPlans || normTarget.startsWith(normPlans + path5.sep) || normTarget.startsWith(normPlans + "/")) {
-    return;
-  }
-  throw new Error(
-    `pilot-plugin: pilot-planner is restricted to the plans directory (${plansDir}). The path ${JSON.stringify(target)} is outside scope. Save your YAML plan inside the plans dir.`
-  );
-}
-function extractTargetPath(args) {
-  if (typeof args !== "object" || args === null) return null;
-  const o = args;
-  if (typeof o.filePath === "string") return o.filePath;
-  if (typeof o.path === "string") return o.path;
-  if (typeof o.file === "string") return o.file;
-  return null;
-}
+var pilot_plugin_default = pilotPlugin;
 // src/plugins/tool-hooks.ts
 import * as crypto from "crypto";
 import * as fs5 from "fs";
-import * as path6 from "path";
+import * as path5 from "path";
 import * as os3 from "os";
 import { execFile as execFileCb2 } from "child_process";
 import { promisify as promisify7 } from "util";
 var exec6 = promisify7(execFileCb2);
-var EDIT_TOOLS2 = /* @__PURE__ */ new Set(["edit", "write", "patch", "multiedit"]);
+var EDIT_TOOLS = /* @__PURE__ */ new Set(["edit", "write", "patch", "multiedit"]);
 var TS_EXTENSIONS = /* @__PURE__ */ new Set([".ts", ".tsx", ".js", ".jsx"]);
 var DEFAULT_BACKPRESSURE_THRESHOLD = 6e3;
 var DEFAULT_BACKPRESSURE_HEAD = 300;
@@ -1627,8 +2292,8 @@ function resolveConfig(config, pluginOptions) {
   };
 }
 function getToolOutputDir() {
-  const stateHome = process.env["XDG_STATE_HOME"] || path6.join(os3.homedir(), ".local", "state");
-  return path6.join(stateHome, "harness-opencode", "tool-output");
+  const stateHome = process.env["XDG_STATE_HOME"] || path5.join(os3.homedir(), ".local", "state");
+  return path5.join(stateHome, "harness-opencode", "tool-output");
 }
 function hashContent(content) {
   return crypto.createHash("sha256").update(content).digest("hex").slice(0, 16);
@@ -1661,9 +2326,9 @@ async function resolveSessionDir(client, sess, sessionID) {
 }
 function isUnderToolOutputDir(filePath) {
   try {
-    const abs = path6.resolve(filePath);
-    const spillDir = path6.resolve(getToolOutputDir());
-    return abs === spillDir || abs.startsWith(spillDir + path6.sep);
+    const abs = path5.resolve(filePath);
+    const spillDir = path5.resolve(getToolOutputDir());
+    return abs === spillDir || abs.startsWith(spillDir + path5.sep);
   } catch {
     return false;
   }
@@ -1698,7 +2363,7 @@ function applyBackpressure(cfg, toolName, callID, output, args) {
   try {
     const dir = getToolOutputDir();
     fs5.mkdirSync(dir, { recursive: true });
-    diskPath = path6.join(dir, `${callID}.txt`);
+    diskPath = path5.join(dir, `${callID}.txt`);
     fs5.writeFileSync(diskPath, text);
   } catch {
   }
@@ -1745,7 +2410,7 @@ ${tail}`;
 }
 async function runPostEditVerify(cfg, client, sess, sessionID, filePath, output) {
   if (!cfg.enabled) return;
-  const ext = path6.extname(filePath).toLowerCase();
+  const ext = path5.extname(filePath).toLowerCase();
   if (!TS_EXTENSIONS.has(ext)) return;
   const now = Date.now();
   if (now - sess.lastVerifyTs < 2e3) return;
@@ -1778,17 +2443,17 @@ ${String(stderr)}`;
     }
     if (!raw.trim()) return;
     const errors = parseTscOutput(raw);
-    const normPath = path6.resolve(cwd, filePath);
+    const normPath = path5.resolve(cwd, filePath);
     const fileErrors = errors.filter((e) => {
-      const errPath = path6.isAbsolute(e.file) ? e.file : path6.resolve(cwd, e.file);
-      return path6.normalize(errPath) === path6.normalize(normPath);
+      const errPath = path5.isAbsolute(e.file) ? e.file : path5.resolve(cwd, e.file);
+      return path5.normalize(errPath) === path5.normalize(normPath);
     });
     if (fileErrors.length === 0) return;
     const { rows } = dedupeAndCap(fileErrors, VERIFY_MAX_ERRORS);
     const lines = rows.map(formatRow);
     output.output += `
---- POST-EDIT DIAGNOSTICS (${fileErrors.length} error${fileErrors.length !== 1 ? "s" : ""} in ${path6.basename(filePath)}) ---
+--- POST-EDIT DIAGNOSTICS (${fileErrors.length} error${fileErrors.length !== 1 ? "s" : ""} in ${path5.basename(filePath)}) ---
 ` + lines.join("\n") + `
 --- Fix these before proceeding ---`;
   } catch {
@@ -1802,7 +2467,7 @@ function checkEditLoop(cfg, sess, filePath, output) {
     output.output += `
 --- LOOP WARNING ---
-You've edited ${path6.basename(filePath)} ${count} times this session. Consider reconsidering your approach \u2014 are you stuck in a loop? Step back and think about whether a different strategy would be more effective.
+You've edited ${path5.basename(filePath)} ${count} times this session. Consider reconsidering your approach \u2014 are you stuck in a loop? Step back and think about whether a different strategy would be more effective.
 ---`;
   }
 }
@@ -1820,7 +2485,7 @@ function checkReadDedup(cfg, sess, filePath, output) {
 }
 var pluginConfig = null;
 var storedPluginOptions;
-var plugin5 = async ({ client }, options) => {
+var plugin4 = async ({ client }, options) => {
   storedPluginOptions = options;
   return {
     config: async (config) => {
@@ -1835,7 +2500,7 @@ var plugin5 = async ({ client }, options) => {
         const deduped = checkReadDedup(cfg.readDedup, sess, fp, output);
         if (deduped) return;
       }
-      if (EDIT_TOOLS2.has(toolName)) {
+      if (EDIT_TOOLS.has(toolName)) {
         const fp = extractFilePath(input.args);
         if (fp) {
           checkEditLoop(cfg.loopDetection, sess, fp, output);
@@ -1853,7 +2518,7 @@ var plugin5 = async ({ client }, options) => {
     }
   };
 };
-var tool_hooks_default = plugin5;
+var tool_hooks_default = plugin4;
 // src/plugins/telemetry.ts
 import { extname as extname2 } from "path";
@@ -1861,19 +2526,19 @@ import { extname as extname2 } from "path";
 // src/telemetry.ts
 import { createHash as createHash2, randomUUID } from "crypto";
 import { homedir as homedir4 } from "os";
-import { mkdirSync as mkdirSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync3, existsSync } from "fs";
-import { join as join8 } from "path";
+import { mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync } from "fs";
+import { join as join10 } from "path";
 var APP_KEY = "A-US-3617699429";
 var ENDPOINT = "https://us.aptabase.com/api/v0/event";
 var PKG_NAME = "@glrs-dev/harness-plugin-opencode";
-var PKG_VERSION = true ? "1.2.0" : "dev";
+var PKG_VERSION = true ? "2.0.0" : "dev";
 var DISABLED = process.env.HARNESS_OPENCODE_TELEMETRY === "0" || process.env.HARNESS_OPENCODE_TELEMETRY === "false" || process.env.DO_NOT_TRACK === "1" || process.env.CI === "true";
 var SESSION_ID = randomUUID();
 function getInstallId() {
-  const dir = join8(homedir4(), ".config", "harness-opencode");
-  const file = join8(dir, "install-id");
+  const dir = join10(homedir4(), ".config", "harness-opencode");
+  const file = join10(dir, "install-id");
   try {
-    if (existsSync(file)) return readFileSync3(file, "utf8").trim();
+    if (existsSync(file)) return readFileSync5(file, "utf8").trim();
     mkdirSync3(dir, { recursive: true });
     const id = createHash2("sha256").update(randomUUID()).digest("hex").slice(0, 16);
     writeFileSync3(file, id, { mode: 384 });
@@ -1938,7 +2603,7 @@ function track(eventName, props = {}) {
 }
 // src/plugins/telemetry.ts
-var plugin6 = async () => {
+var plugin5 = async () => {
   if (DISABLED) {
     return {};
   }
@@ -2000,7 +2665,7 @@ var plugin6 = async () => {
     }
   };
 };
-var telemetry_default = plugin6;
+var telemetry_default = plugin5;
 // src/index.ts
 var BUNDLED_VERSION = readOurPackageVersion(import.meta.url);
@@ -2045,7 +2710,7 @@ async function checkForUpdate(client) {
   } catch {
   }
 }
-var plugin7 = async (input, options) => {
+var plugin6 = async (input, options) => {
   const pluginOptions = options ?? {};
   loadDotenv(input.directory);
   checkForUpdate(input.client).catch(() => {
@@ -2102,7 +2767,7 @@ var plugin7 = async (input, options) => {
   }
   return hooks;
 };
-var src_default = plugin7;
+var src_default = plugin6;
 export {
   src_default as default
 };