@glrs-dev/cli 2.2.0 → 2.4.0

package/dist/vendor/harness-opencode/dist/index.js

@@ -59,6 +59,7 @@ function readPrompt(name) {
   throw new Error(`Could not find prompt file: ${name}`);
 }
 var primePrompt = readPrompt("prime.md");
+var scoperPrompt = readPrompt("scoper.md");
 var planPrompt = readPrompt("plan.md");
 var buildPrompt = readPrompt("build.md");
 var buildOpenPrompt = readPrompt("build.open.md");
@@ -78,6 +79,7 @@ var researchPrompt = readPrompt("research.md");
 var researchWebPrompt = readPrompt("research-web.md");
 var researchLocalPrompt = readPrompt("research-local.md");
 var researchAutoPrompt = readPrompt("research-auto.md");
+var debrieferPrompt = readPrompt("debriefer.md");
 var EXECUTOR_VARIANT_AGENTS = {
   build: { reasoning: buildPrompt, strict: buildOpenPrompt },
   "spec-reviewer": { reasoning: specReviewerPrompt, strict: specReviewerOpenPrompt },
@@ -214,7 +216,7 @@ var CORE_BASH_ALLOW_LIST = {
   "eslint *": "allow",
   "prettier *": "allow",
   "biome *": "allow",
-  // Our own CLI — the plan agent and assessor both call plan-check/plan-dir.
+  // Our own CLI (install, doctor, autopilot, etc.) — reviewer/build invocations.
   "bunx @glrs-dev/harness-plugin-opencode *": "allow",
   "glrs-oc *": "allow",
   // GitHub CLI — read-only gh calls are fine; destructive `gh pr merge`
@@ -269,21 +271,33 @@ var PRIME_PERMISSIONS = {
   playwright: "allow",
   linear: "allow"
 };
+var SCOPER_PERMISSIONS = {
+  ...PRIME_PERMISSIONS
+};
+var SCOPER_DISABLED_TOOLS = {
+  question: false
+};
+var AUTOPILOT_PRIME_DISABLED_TOOLS = {
+  question: false
+};
 var PLAN_PERMISSIONS = {
   edit: "allow",
-  // Plan agent is read-only aside from writing under the plan dir — but
-  // it does need to RESOLVE the plan dir via the `plan-dir` CLI
-  // subcommand (returns an absolute path derived from the worktree's
-  // repo-folder key; see src/plan-paths.ts and src/cli.ts). The object-
-  // form denies bash broadly and re-allows only `bunx
-  // @glrs-dev/harness-plugin-opencode plan-dir[...]`. No other bash invocation
-  // is permitted, so the read-only-aside-from-plans invariant holds.
+  write: "allow",
+  // Plan agent is read-only aside from writing under the plan dir. It
+  // resolves the plan dir inline (see src/agents/prompts/plan.md
+  // `## 4. Write the plan`): `$HOME/.glorious/opencode/<repo-folder>/plans/`,
+  // where `<repo-folder>` comes from
+  // `basename(dirname(git rev-parse --git-common-dir))`. The object-form
+  // denies bash broadly and re-allows only the four commands that snippet
+  // needs. Everything else remains denied, preserving the "plan writes only
+  // plan files" invariant (the write-scope constraint is prompt-enforced,
+  // not permission-enforced).
   bash: {
     "*": "deny",
-    "bunx @glrs-dev/harness-plugin-opencode plan-dir": "allow",
-    "bunx @glrs-dev/harness-plugin-opencode plan-dir *": "allow",
-    "glrs-oc plan-dir": "allow",
-    "glrs-oc plan-dir *": "allow"
+    "git rev-parse --git-common-dir": "allow",
+    "basename *": "allow",
+    "dirname *": "allow",
+    "mkdir -p *": "allow"
   },
   webfetch: "allow",
   ast_grep: "deny",
@@ -500,8 +514,40 @@ var RESEARCH_PERMISSIONS = {
   playwright: "allow",
   linear: "allow"
 };
+var DEBRIEFER_PERMISSIONS = {
+  edit: "deny",
+  bash: {
+    "*": "deny",
+    "git log *": "allow",
+    "git diff *": "allow",
+    "git show *": "allow",
+    "git status *": "allow",
+    "git rev-parse *": "allow",
+    "git branch *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "ls *": "allow",
+    "wc *": "allow"
+  },
+  webfetch: "deny",
+  ast_grep: "deny",
+  tsc_check: "deny",
+  eslint_check: "deny",
+  todo_scan: "deny",
+  comment_check: "deny",
+  question: "deny",
+  serena: "deny",
+  memory: "deny",
+  git: "allow",
+  playwright: "deny",
+  linear: "deny"
+};
 var AGENT_TIERS = {
   prime: "deep",
+  scoper: "deep",
+  "autopilot-prime": "deep",
+  "autopilot-fast": "autopilot-execute",
   plan: "deep",
   "architecture-advisor": "deep",
   "plan-reviewer": "deep",
@@ -517,6 +563,7 @@ var AGENT_TIERS = {
   "docs-maintainer": "mid",
   "lib-reader": "mid",
   "agents-md-writer": "mid",
+  debriefer: "mid",
   "code-searcher": "fast"
 };
 function createAgents() {
@@ -529,11 +576,45 @@ function createAgents() {
       temperature: 0.2,
       permission: PRIME_PERMISSIONS
     }),
+    scoper: agentFromPrompt(scoperPrompt, {
+      description: "Interactive scoping agent. Runs an inquirer-driven wizard loop \u2014 asks short questions via assistant text, collects answers via inquirer, then writes scope.md. Use at the start of a new feature to align on intent, constraints, and acceptance criteria before planning.",
+      mode: "primary",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.3,
+      permission: SCOPER_PERMISSIONS,
+      tools: SCOPER_DISABLED_TOOLS
+    }),
+    "autopilot-prime": agentFromPrompt(primePrompt, {
+      description: "PRIME for unattended autopilot sessions. Identical to `prime` except the `question` tool is disabled \u2014 autopilot has no user to answer interactive prompts, and a blocking question deadlocks the session. Not user-selectable; invoked by the Ralph loop.",
+      mode: "subagent",
+      model: "anthropic/claude-opus-4-7",
+      temperature: 0.2,
+      permission: {
+        ...PRIME_PERMISSIONS,
+        question: "deny"
+      },
+      tools: AUTOPILOT_PRIME_DISABLED_TOOLS
+    }),
+    "autopilot-fast": agentFromPrompt(primePrompt, {
+      description: "Fast executor for autopilot sessions. Same prompt as autopilot-prime but runs on the mid-execute tier (Kimi 2.5/2.6, GLM-5). Used when --fast is passed. Plans must be enriched with mirror refs and code pointers before using this agent.",
+      mode: "subagent",
+      model: "anthropic/claude-sonnet-4-6",
+      temperature: 0.1,
+      permission: {
+        ...PRIME_PERMISSIONS,
+        question: "deny"
+      },
+      tools: AUTOPILOT_PRIME_DISABLED_TOOLS
+    }),
     plan: agentFromPrompt(planPrompt, {
-      description: "Interactive planner. Orchestrates gap analysis and adversarial review. Produces a written plan in the repo-shared plan directory (resolve via `bunx @glrs-dev/harness-plugin-opencode plan-dir`).",
+      description: "Interactive planner. Orchestrates gap analysis and adversarial review. Produces a written plan in the repo-shared plan directory (`~/.glorious/opencode/<repo-folder>/plans/`, resolved inline via `git rev-parse --git-common-dir`).",
       mode: "all",
       model: "anthropic/claude-opus-4-7",
       temperature: 0.3,
+      // @plan dispatches @gap-analyzer, @code-searcher, and @plan-reviewer
+      // as subagents. OpenCode strips the `task` tool from subagent contexts
+      // by default; explicit opt-in re-enables it.
+      tools: { task: true },
       permission: PLAN_PERMISSIONS
     }),
     build: agentFromPrompt(buildPrompt, {
@@ -580,6 +661,8 @@ function createAgents() {
       mode: "all",
       model: "anthropic/claude-opus-4-7",
       temperature: 0.3,
+      // @research dispatches @research-web, @research-local, @research-auto.
+      tools: { task: true },
       permission: RESEARCH_PERMISSIONS
     }),
     // Research subagents — thin shims that load the bundled skills.
@@ -591,6 +674,8 @@ function createAgents() {
       mode: "subagent",
       model: "anthropic/claude-opus-4-7",
       temperature: 0.3,
+      // @research-web dispatches its own parallel workstream agents.
+      tools: { task: true },
       permission: RESEARCH_PERMISSIONS
     }),
     "research-local": agentFromPrompt(researchLocalPrompt, {
@@ -598,6 +683,8 @@ function createAgents() {
       mode: "subagent",
       model: "anthropic/claude-opus-4-7",
       temperature: 0.3,
+      // @research-local dispatches parallel Explore subagents.
+      tools: { task: true },
       permission: RESEARCH_PERMISSIONS
     }),
     "research-auto": agentFromPrompt(researchAutoPrompt, {
@@ -606,6 +693,10 @@ function createAgents() {
       model: "anthropic/claude-opus-4-7",
       temperature: 0.3,
       permission: RESEARCH_PERMISSIONS
+    }),
+    // Debriefer — post-run summary agent for the autopilot CLI
+    debriefer: agentFromPrompt(debrieferPrompt, {
+      permission: DEBRIEFER_PERMISSIONS
     })
   };
 }
@@ -773,6 +864,9 @@ function resolveHarnessModels(agents, config, pluginOptions) {
     const tier = AGENT_TIERS[agentName];
     if (tier) {
       let perTier = modelsConfig[tier];
+      if (tier === "autopilot-execute" && perTier === void 0) {
+        perTier = modelsConfig["mid-execute"] ?? modelsConfig["mid"];
+      }
       if (tier === "mid-execute" && perTier === void 0) {
         perTier = modelsConfig["mid"];
       }
@@ -1366,8 +1460,14 @@ var plugin = async ({ $, client }) => {
     }
   }
   return {
-    // Notify when a permission prompt fires (replaces the old permission.asked event)
+    // Notify when a permission prompt fires (replaces the old permission.asked event).
+    // In headless autopilot mode, auto-deny question permissions at the plugin level
+    // so they never reach the event stream — prevents wasted loop iterations.
     "permission.ask": async (input, output) => {
+      if (process.env["GLRS_AUTOPILOT_HEADLESS"] === "1" && (input?.type === "question" || input?.title === "")) {
+        output.status = "deny";
+        return;
+      }
       const tool6 = input?.tool ?? input?.title ?? "a tool";
       await notify("opencode permission required", `Approval needed for ${tool6}.`);
     }
@@ -2025,7 +2125,7 @@ import { join as join9 } from "path";
 var APP_KEY = "A-US-3617699429";
 var ENDPOINT = "https://us.aptabase.com/api/v0/event";
 var PKG_NAME = "@glrs-dev/harness-plugin-opencode";
-var PKG_VERSION = true ? "2.2.0" : "dev";
+var PKG_VERSION = true ? "2.4.0" : "dev";
 var DISABLED = process.env.HARNESS_OPENCODE_TELEMETRY === "0" || process.env.HARNESS_OPENCODE_TELEMETRY === "false" || process.env.DO_NOT_TRACK === "1" || process.env.CI === "true";
 var SESSION_ID = randomUUID();
 function getInstallId() {
@@ -2231,11 +2331,14 @@ var plugin5 = async (input, options) => {
     }
   };
   const hasTelemetryBefore = telemetryHooks["tool.execute.before"] !== void 0;
-  if (hasTelemetryBefore) {
-    hooks["tool.execute.before"] = async (input2, output) => {
-      if (hasTelemetryBefore) await telemetryHooks["tool.execute.before"](input2, output);
-    };
-  }
+  hooks["tool.execute.before"] = async (input2, output) => {
+    if (process.env["GLRS_AUTOPILOT_HEADLESS"] === "1" && input2.tool === "question") {
+      throw new Error(
+        "The question tool is not available in autopilot mode. Pick a sensible default and continue without asking the user."
+      );
+    }
+    if (hasTelemetryBefore) await telemetryHooks["tool.execute.before"](input2, output);
+  };
   const hasToolHooksAfter = toolHooks["tool.execute.after"] !== void 0;
   const hasTelemetryAfter = telemetryHooks["tool.execute.after"] !== void 0;
   if (hasToolHooksAfter || hasTelemetryAfter) {

package/dist/vendor/harness-opencode/dist/plugin-check-GJRD2OK6.js

@@ -0,0 +1,14 @@
+import {
+  getOpencodeConfigPath,
+  isPluginInstalled,
+  promptChoice,
+  promptMulti,
+  promptYesNo
+} from "./chunk-GILWWWMB.js";
+export {
+  getOpencodeConfigPath,
+  isPluginInstalled,
+  promptChoice,
+  promptMulti,
+  promptYesNo
+};

package/dist/vendor/harness-opencode/dist/skills/spear-protocol/SKILL.md

@@ -14,7 +14,8 @@ Before Scope, run this probe inline (no subagent) — sessions typically start i
 1. `pwd` — confirm working directory.
 2. `git status --short` — see uncommitted work.
 3. `git log --oneline -5` — recent history.
-4. `PLAN_DIR="$(bunx @glrs-dev/harness-plugin-opencode plan-dir 2>/dev/null)" && ls "$PLAN_DIR" 2>/dev/null | tail -5` — plans for this repo.
+4. Resolve the plan dir and list recent plans:
+   `PLAN_BASE="${GLORIOUS_PLAN_DIR:-$HOME/.glorious/opencode}" && GIT_COMMON="$(git rev-parse --git-common-dir 2>/dev/null)" && [ -n "$GIT_COMMON" ] && [[ "$GIT_COMMON" != /* ]] && GIT_COMMON="$PWD/$GIT_COMMON"; REPO_FOLDER="$(basename "$(dirname "$GIT_COMMON")" 2>/dev/null)" && [ -n "$REPO_FOLDER" ] && [ "$REPO_FOLDER" != "." ] && ls "$PLAN_BASE/$REPO_FOLDER/plans" 2>/dev/null | tail -5` — plans for this repo.
 
 For each plan found, read it and count unchecked acceptance items. Classify as **stale** (ignore) only if `git merge-base --is-ancestor HEAD origin/main` (fallback `origin/master`) exits 0. If classification fails, treat as active.
 

package/dist/vendor/harness-opencode/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glrs-dev/harness-plugin-opencode",
-  "version": "2.2.0",
+  "version": "2.4.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glrs-dev/cli",
-  "version": "2.2.0",
+  "version": "2.4.0",
   "description": "Unified CLI for the @glrs-dev ecosystem — OpenCode agent harness dispatch + worktree management.",
   "license": "MIT",
   "repository": {
@@ -38,15 +38,22 @@
   "scripts": {
     "build": "bun scripts/build.ts",
     "typecheck": "tsc --noEmit",
-    "test": "bun test src/",
+    "test": "bun test src/ test/",
     "lint": "echo 'no linter configured yet'"
   },
   "dependencies": {
+    "@glrs-dev/autopilot": "workspace:*",
+    "@glrs-dev/adapter-opencode": "workspace:*",
+    "@inkjs/ui": "^2.0.0",
     "@inquirer/prompts": "^8.4.2",
     "@opencode-ai/plugin": "^1.14",
     "@opencode-ai/sdk": "^1.14",
     "cmd-ts": "^0.15.0",
+    "ink": "^5.0.0",
     "picomatch": "^4.0.4",
+    "pino": "^10.3.1",
+    "pino-pretty": "^13.1.3",
+    "react": "^18.3.1",
     "ulid": "^3.0.2",
     "yaml": "^2.8.3",
     "zod": "4.1.8"
@@ -55,6 +62,7 @@
     "@glrs-dev/harness-plugin-opencode": "workspace:*",
     "@types/bun": "latest",
     "@types/node": "^22",
+    "@types/react": "^18.3.0",
     "tsup": "^8",
     "typescript": "^5"
   }

package/dist/vendor/harness-opencode/dist/autopilot/prompt-template.md

@@ -1,80 +0,0 @@
----
-description: Self-driving PRIME run. Accepts an issue-tracker reference, a free-form task description, or a question.
----
-
-You are running in autopilot mode. The user invoked `/autopilot` to hand off a task for lights-out execution. Work through the normal SPEAR workflow until all work described in the prompt is complete, then emit `<autopilot-done>` as the **first token** of your final message.
-
-**Sentinel contract.** When ALL work described in the user's prompt is genuinely complete (plan executed, Resolve stage done, PR open), emit `<autopilot-done>` at the very start of your final message. The Ralph loop driver watches for this tag to know when to stop. Do NOT emit `<autopilot-done>` prematurely — only when you have truly finished everything the prompt asked for.
-
-**Single-shot TUI path.** When invoked from the TUI (not the CLI driver), there is no external loop watching for the sentinel. Run the SPEAR workflow once to completion. The sentinel is harmless in this context — emit it anyway so the output is consistent.
-
-**Kill switch.** If `.agent/autopilot-disable` exists in the worktree, the CLI driver will have already stopped before sending this prompt. No action needed from you.
-
-The user wants autopilot to process: $ARGUMENTS
-
-## 0. Workflow-mechanics: decide before anything else
-
-Before classifying the argument, apply the workflow-mechanics heuristic from `prime.md` § `# Workflow-mechanics decisions`. Autopilot is lights-out: the rule fires automatically and silently (single line of chat, no `question` tool). Never ask the user whether to open a fresh worktree, switch branches, or stack on current — the heuristic decides.
-
-Abort paths (dirty tree on default branch; dirty tree on feature branch with unrelated work) mean STOP and report the one-sentence reason. The user resolves and re-runs.
-
-If you auto-invoke `/fresh`, do NOT pass `--clean`. Cleanup stays user-triggered.
-
-## 1. Classify the argument
-
-Pick ONE of these paths:
-
-- **Issue-tracker reference** (single issue) — match any of:
-  - `<PROJECT>-<NUMBER>` where PROJECT is 2–10 uppercase letters (e.g. `ENG-1234`, `GEN-1114`) — Linear, Jira, YouTrack, Shortcut, etc.
-  - `#<NUMBER>` alone (e.g. `#1234`) — GitHub shorthand
-  - A URL to a recognized tracker (`github.com/.../issues/123`, `linear.app/.../issue/...`, `*.atlassian.net/browse/...`)
-- **Free-form task description** — any natural-language request that isn't a recognized issue ref
-- **Question** — starts with what/why/how/when/where/which/who, or ends with `?`
-
-## 2. Fetch issue content (only if step 1 returned an issue ref)
-
-Probe in order, stop at the first that returns real content:
-
-1. **Linear MCP** — if configured and the arg matches `<PROJECT>-<NUMBER>` shape OR is a `linear.app` URL: `linear_get_issue`.
-2. **GitHub MCP** — if configured OR the arg is a `github.com/.../issues/...` URL OR is `#<NUMBER>` and `gh` CLI is available.
-3. **Jira / Atlassian MCP** — if configured and the arg matches `<PROJECT>-<NUMBER>` OR is an `*.atlassian.net` URL.
-
-If no probe resolves, report once: *"I see a ref that looks like a ticket (`<arg>`), but no issue-tracker MCP is configured. Treating as free-form — paste the issue body if you want me to ground in it."* Then proceed as free-form.
-
-Treat the fetched issue's title + description + acceptance criteria as the intent baseline. Map to the plan's `## Acceptance criteria` 1:1, in order. Do not invent entries.
-
-## 3. Run the PRIME arc
-
-Run the normal SPEAR workflow from `prime.md`. Key adaptations for autopilot mode:
-
-- **Scope.** Already classified; skip redundant classification. Announce the frame as `→ Frame:` and proceed — do NOT use the `question` tool to confirm. The user is walked away.
-- **Plan.** Delegate to `@plan`. For ref-originated requests, cite the issue ID in the plan's `## Goal`. The plan's `## Acceptance criteria` maps 1:1 to the ticket's Changes / Definition of Done list.
-- **Execute.** Delegate to `@build`. `@build` executes file-by-file and returns a summary; PRIME relays progress. Acceptance boxes get checked during `@build`'s execution.
-- **Assess.** Full suite pass + `@spec-reviewer` → `@code-reviewer` → iterate to `[PASS]`. No sentinel tokens during intermediate steps.
-- **Resolve.** Complete the Resolve stage: push branch, open PR via `gh pr create`, print PR URL.
-- **Multi-issue workflows.** If the prompt describes multiple issues, use `/fresh` between issues to isolate each on its own branch. Complete each issue's full SPEAR arc (including Resolve) before moving to the next.
-
-## 4. Guardrails
-
-- **Never ask scoping questions.** The issue's acceptance list IS the authoritative scope. If you're tempted to ask whether to include X, the answer is: if the ticket didn't ask for it, don't include it. The `question` tool is forbidden in autopilot mode except for one narrow case: an architectural fork that blocks all progress AFTER codebase inspection, `@gap-analyzer` consultation, and precedent search (`git log`) have ALL failed to determine a default.
-- **Precedent defaults.** For helper-file location, naming, logging verbosity, error-wrapper style: search `git log` for a recent similar PR and mirror its structure. Cite the precedent commit in `## Constraints`.
-- **Plan-revision budget.** After `@plan-reviewer` returns `[REJECT]`: 1st REJECT → fix listed issues, resubmit. 2nd REJECT → narrow scope (move disputed items to `## Out of scope`). 3rd REJECT → escalate to `@architecture-advisor`.
-- **Resolve auto-ships.** When Assess returns `[PASS]`, complete the Resolve stage: push branch, open PR via `gh pr create`, print the PR URL, then stop. Do NOT re-invoke `/ship` — Resolve already did the work. `/ship` exists only as a manual resume path for interrupted sessions.
-- **Hard rules from Resolve still apply.** Never `--force`-push, never push to `main`/`master`, never `--no-verify`, never merge the PR yourself. Resolve only pushes the feature branch and opens the PR; the human gate is PR review and merge.
-- **Circular failure.** If the same test fails after the same fix twice, delegate to `@architecture-advisor` before a third attempt.
-- **STOP when stuck, don't churn.** If the plan is structurally wrong for this session (wrong branch, un-tickable AC, missing upstream work), emit a single line starting with `STOP:` followed by the specific reason. Do not re-attempt.
-
-## 5. Completion
-
-When ALL work described in the prompt is complete (every issue resolved, every PR open), emit `<autopilot-done>` as the first token of your final message, followed by a brief summary:
-
-```
-<autopilot-done>
-
-Done. <One-sentence summary of what was built.>
-PR(s): <url(s)>
-```
-
-If Resolve failed or was interrupted, report the failure and the resume command: `/ship <plan-path>`.
-
-If you stopped early due to a structural block, emit `STOP: <reason>` instead of `<autopilot-done>`.

package/dist/vendor/harness-opencode/dist/bin/plan-check.sh

@@ -1,255 +0,0 @@
-#!/usr/bin/env bash
-# plan-check.sh — parse a plan file's plan-state fence and report on it.
-#
-# Modes:
-#   plan-check.sh <path>        Prints a summary line then one line per item:
-#                               `total=N done=M pending=K invalid=I`
-#                               `STATUS ID VERIFY`  (one per item)
-#
-#   plan-check.sh --run <path>  Prints the verify command of each PENDING
-#                               item on stdout, one per line, raw. The
-#                               caller is responsible for executing them.
-#                               This script NEVER executes verify commands
-#                               itself — that would bypass the caller's
-#                               bash-permission scope.
-#
-#   plan-check.sh --check <path>
-#                               Structural validation only. Exits 1 if any
-#                               fence item is missing a required field.
-#
-# Fence format, inside `## Acceptance criteria`:
-#
-#   ```plan-state
-#   - [ ] id: a1
-#     intent: Prose description of business intent (one line).
-#     tests:
-#       - path/to/test.sh::"some test name"
-#       - path/to/other.ts::"another test"
-#     verify: bash path/to/test.sh
-#
-#   - [x] id: a2
-#     ...
-#   ```
-#
-# Backward compat: a plan without a ```plan-state fence emits the line
-# `legacy` and exits 0 — callers treat it as "old format, fall back".
-#
-# Portability: POSIX bash + awk + grep only. No sed -i.
-
-set -eu
-
-MODE=""
-PLAN_PATH=""
-
-case "${1:-}" in
-  --run)   MODE=run;    PLAN_PATH="${2:-}" ;;
-  --check) MODE=check;  PLAN_PATH="${2:-}" ;;
-  -h|--help|"")
-    sed -n '2,34p' "$0"
-    exit 0
-    ;;
-  *)       MODE=summary; PLAN_PATH="${1:-}" ;;
-esac
-
-if [[ -z "${PLAN_PATH:-}" ]]; then
-  echo "plan-check.sh: missing plan path" >&2
-  exit 2
-fi
-
-if [[ ! -f "$PLAN_PATH" ]]; then
-  echo "plan-check.sh: file not found: $PLAN_PATH" >&2
-  exit 2
-fi
-
-# Extract the plan-state fence body into a temp file. awk state machine:
-# enter `## Acceptance criteria`, enter ``` plan-state, exit on next ```.
-FENCE_BODY="$(awk '
-  /^## Acceptance criteria/ { in_ac = 1; next }
-  /^## / && in_ac && !in_fence { in_ac = 0 }
-  in_ac && /^```plan-state[[:space:]]*$/ { in_fence = 1; next }
-  in_fence && /^```[[:space:]]*$/ { in_fence = 0; next }
-  in_fence { print }
-' "$PLAN_PATH")"
-
-if [[ -z "$FENCE_BODY" ]]; then
-  # No fence found — legacy plan. Report and exit cleanly.
-  if [[ "$MODE" == "summary" ]]; then
-    echo "legacy (no plan-state fence)"
-  fi
-  # --run on a legacy plan emits nothing (no commands to run).
-  # --check on a legacy plan succeeds (we're accepting legacy plans).
-  exit 0
-fi
-
-# Parse items. awk state machine:
-# - A line `- [ ] id: ID` or `- [x] id: ID` starts a new item.
-# - While inside an item, indented keys `intent:`, `tests:`, `verify:` set
-#   fields. Under `tests:`, subsequent `  - ...` lines extend the list
-#   until the next key or the next item.
-# - Items are separated by one or more blank lines OR by the next `- [`.
-#
-# We emit a tab-delimited record per item:
-#   STATUS<TAB>ID<TAB>INTENT<TAB>TESTS<TAB>VERIFY
-# TESTS is a `|`-delimited list. Missing fields are the empty string.
-PARSED="$(echo "$FENCE_BODY" | awk '
-  function flush() {
-    if (cur_id != "") {
-      # Trim trailing/leading whitespace on each field
-      gsub(/^[[:space:]]+|[[:space:]]+$/, "", cur_intent)
-      gsub(/^[[:space:]]+|[[:space:]]+$/, "", cur_verify)
-      gsub(/^\||\|$/, "", cur_tests)
-      printf "%s\t%s\t%s\t%s\t%s\n", cur_status, cur_id, cur_intent, cur_tests, cur_verify
-    }
-    cur_status = ""; cur_id = ""; cur_intent = ""; cur_tests = ""; cur_verify = ""
-    in_tests = 0
-  }
-
-  /^-[[:space:]]+\[[[:space:]xX[:space:]]\][[:space:]]+id:/ {
-    flush()
-    status = $0
-    sub(/^-[[:space:]]+\[[[:space:]]*/, "", status)
-    sub(/\].*$/, "", status)
-    # status is either empty/space (" ") -> pending, or "x"/"X" -> done
-    if (status ~ /[xX]/) cur_status = "done"; else cur_status = "pending"
-    # Capture id
-    id_part = $0
-    sub(/^.*id:[[:space:]]*/, "", id_part)
-    cur_id = id_part
-    next
-  }
-
-  /^[[:space:]]*intent:/ {
-    field = $0
-    sub(/^[[:space:]]*intent:[[:space:]]*/, "", field)
-    cur_intent = field
-    in_tests = 0
-    next
-  }
-
-  /^[[:space:]]*intent\b/ {
-    # already handled
-    next
-  }
-
-  /^[[:space:]]*tests:/ {
-    in_tests = 1
-    next
-  }
-
-  /^[[:space:]]*verify:/ {
-    field = $0
-    sub(/^[[:space:]]*verify:[[:space:]]*/, "", field)
-    cur_verify = field
-    in_tests = 0
-    next
-  }
-
-  # Continuation lines inside tests: list
-  in_tests && /^[[:space:]]+-[[:space:]]/ {
-    line = $0
-    sub(/^[[:space:]]+-[[:space:]]+/, "", line)
-    if (cur_tests == "") cur_tests = line
-    else cur_tests = cur_tests "|" line
-    next
-  }
-
-  # Continuation line for intent (indented without `-`, after intent is set
-  # and before another key). Append with a space separator.
-  !in_tests && /^[[:space:]]{4,}[^-[:space:]]/ && cur_id != "" && cur_intent != "" && cur_verify == "" {
-    line = $0
-    sub(/^[[:space:]]+/, "", line)
-    cur_intent = cur_intent " " line
-    next
-  }
-
-  END { flush() }
-' 2>&1)"
-
-# If PARSED contains awk errors, surface them as invalid.
-if echo "$PARSED" | grep -q '^awk:'; then
-  echo "plan-check.sh: parser error" >&2
-  echo "$PARSED" >&2
-  exit 3
-fi
-
-# Count totals.
-total=0
-done_count=0
-pending_count=0
-invalid_count=0
-invalid_reasons=()
-
-while IFS=$'\t' read -r status id intent tests verify; do
-  [[ -z "$status" ]] && continue
-  total=$((total + 1))
-  if [[ -z "$id" ]]; then
-    invalid_count=$((invalid_count + 1))
-    invalid_reasons+=("missing id")
-    continue
-  fi
-  if [[ -z "$intent" ]]; then
-    invalid_count=$((invalid_count + 1))
-    invalid_reasons+=("$id: missing intent")
-    continue
-  fi
-  if [[ -z "$tests" ]]; then
-    invalid_count=$((invalid_count + 1))
-    invalid_reasons+=("$id: missing tests")
-    continue
-  fi
-  if [[ -z "$verify" ]]; then
-    invalid_count=$((invalid_count + 1))
-    invalid_reasons+=("$id: missing verify")
-    continue
-  fi
-  if [[ "$status" == "done" ]]; then
-    done_count=$((done_count + 1))
-  else
-    pending_count=$((pending_count + 1))
-  fi
-done <<< "$PARSED"
-
-case "$MODE" in
-  summary)
-    printf 'total=%d done=%d pending=%d invalid=%d\n' \
-      "$total" "$done_count" "$pending_count" "$invalid_count"
-    while IFS=$'\t' read -r status id intent tests verify; do
-      [[ -z "$status" ]] && continue
-      # For the summary-per-item line, prefer displaying the verify
-      # command (truncated) so the reader sees what gates each item.
-      v="${verify:0:60}"
-      if [[ -n "$verify" && ${#verify} -gt 60 ]]; then v="${v}…"; fi
-      printf '%s %s %s\n' "$status" "$id" "$v"
-    done <<< "$PARSED"
-    if [[ "$invalid_count" -gt 0 ]]; then
-      echo "invalid:"
-      for r in "${invalid_reasons[@]}"; do
-        echo "  $r"
-      done
-    fi
-    ;;
-
-  run)
-    # Emit verify command per PENDING item, one per line. Skip done items,
-    # skip invalid items. Caller executes via their own bash permission.
-    while IFS=$'\t' read -r status id intent tests verify; do
-      [[ -z "$status" ]] && continue
-      [[ "$status" == "done" ]] && continue
-      [[ -z "$verify" ]] && continue
-      [[ -z "$intent" || -z "$tests" ]] && continue
-      echo "$verify"
-    done <<< "$PARSED"
-    ;;
-
-  check)
-    # Structural validation. Exit 1 if anything invalid.
-    if [[ "$invalid_count" -gt 0 ]]; then
-      echo "plan-check: $invalid_count invalid item(s):" >&2
-      for r in "${invalid_reasons[@]}"; do
-        echo "  $r" >&2
-      done
-      exit 1
-    fi
-    printf 'ok: %d item(s) pass structural validation\n' "$total"
-    ;;
-esac