@maximtop/opencode-debug-mode 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CONTRIBUTING.md CHANGED
@@ -39,10 +39,16 @@ git push origin vX.Y.Z
39
39
 
40
40
  Use the same sequence with an exact `X.Y.Z-beta.N` or `X.Y.Z-rc.N` version for a prerelease. Do not move or reuse a published tag or version.
41
41
 
42
- The release workflow is safe to rerun. It accepts an existing GitHub Release only when the tag, prerelease state, tarball, and checksum match. If the npm version already exists, its registry integrity must match the prepared manifest; any mismatch is reported as a collision. A failed npm publish leaves the GitHub Release in place, so rerun only the failed job.
42
+ The release workflow is safe to rerun. It accepts an existing GitHub Release only when the tag, prerelease state, tarball, and checksum match. If the npm version already exists, its registry integrity must match the prepared manifest; any mismatch is reported as a collision. A failed npm publish leaves the GitHub Release in place, so normally rerun only the failed job. If the workflow itself must be fixed first, commit the fix to `master`, temporarily allow branch `master` in the GitHub Environment `npm`, manually run the same Release workflow with the existing version tag, and let it check out that immutable tag and verify the existing assets before publishing. Remove the temporary branch policy immediately after the run. Never move or replace the tag.
43
43
 
44
- ### First npm publication
44
+ ```sh
45
+ gh workflow run release.yml --ref master -f tag=vX.Y.Z
46
+ ```
47
+
48
+ The manual recovery reuses the tarball and checksum already attached to the GitHub Release instead of rebuilding them. Keep the temporary `master` policy until the complete run succeeds, including `publish-npm`; then remove it. Provenance for this exceptional recovery points to the recovery workflow commit on `master`, while the verified manifest, checksum, and package contents remain bound to the immutable release tag.
49
+
50
+ ### npm publishing authentication
45
51
 
46
- Before pushing the first tag, make the repository public and create the GitHub Environment `npm` without manual approval, restricted to protected tag pattern `v*`. Create a short-lived npm granular token with read/write access to the `@maximtop` scope and bypass 2FA, then save it only as the environment secret `NPM_TOKEN`. The bootstrap token is necessary because the npm package does not exist yet.
52
+ The package uses an npm Trusted Publisher bound to user `maximtop`, repository `opencode-debug-mode`, workflow `release.yml`, Environment `npm`, and permission `npm publish`. The Environment has no manual approval and normally permits only protected tag pattern `v*`. Do not add `NODE_AUTH_TOKEN` or `NPM_TOKEN`: releases authenticate only through GitHub OIDC and receive provenance automatically.
47
53
 
48
- After the first successful publication, configure an npm Trusted Publisher with user `maximtop`, repository `opencode-debug-mode`, workflow `release.yml`, environment `npm`, and permission `npm publish`. Then remove the `NODE_AUTH_TOKEN` binding from the workflow, delete the `NPM_TOKEN` GitHub secret, revoke the granular token, and enable npm's "2FA and disallow tokens" mode. Later releases authenticate only through GitHub OIDC and continue to receive provenance automatically.
54
+ The bootstrap `v0.1.0` publication used a short-lived granular token because the npm package did not exist yet. That token and its GitHub secret were removed after Trusted Publishing was configured, and the package now disallows token-based publication.
package/README.md CHANGED
@@ -30,6 +30,8 @@ Restart OpenCode, select the `debug` agent or run `/debug describe the runtime f
30
30
 
31
31
  The agent records scope and two to four falsifiable hypotheses, captures a failing `pre-fix` baseline, adds the smallest owned probe, analyzes correlated evidence, applies only the confirmed fix, creates a distinct `post-fix` run, and cleans every owned resource. Durable revisioned state allows the workflow to resume after compaction or restart without repeating conclusive checks.
32
32
 
33
+ Safe local investigation and temporary instrumentation proceed autonomously. The agent asks the developer only for an undiscoverable blocker, required external authorization, or a prepared human checkpoint: after instrumentation it may ask whether the issue reproduced, and after the evidence-backed fix and automated checks it may ask whether the same reproduction is now fixed. It never asks the developer to select a speculative fix instead of collecting evidence.
34
+
33
35
  CLI targets run below a watchdog supervisor. Web targets use an authenticated server bound only to loopback. Extension content scripts relay through the existing messaging style; only the background helper can reach loopback.
34
36
 
35
37
  See the runnable patterns in:
@@ -12,6 +12,14 @@ If a trivial error is already directly proven and needs no runtime evidence, exp
12
12
 
13
13
  Call `debug_session_start`. Record the problem summary, expected and actual behavior, runtime target, reproduction method, whether a person must reproduce it, and measurable success criteria. Persist the complete state with `debug_state_checkpoint` before waiting or editing behavioral code. Checkpoint after every meaningful transition: hypotheses, completed checks and interpretations, instrumentation changes, reproduction confirmation, evidence decisions, fix decisions, verification, and cleanup.
14
14
 
15
+ ## Autonomy and questions
16
+
17
+ Proceed autonomously through all safe local investigation that remains: obtain available issue context, inspect relevant code, record hypotheses, prefer a deterministic local reproduction, start the baseline, prepare and register minimal probes, and run instrumentation, build, type, or parse checks. Temporary owned instrumentation is investigation, not a behavioral fix. Owned temporary instrumentation must be scoped, reversible, and observation-only; it does not authorize behavioral changes before deciding evidence exists. Do not pause merely because multiple causes are plausible.
18
+
19
+ Never ask the developer to choose a hypothesis, root cause, fix direction, repository, or speculative workaround before deciding evidence exists. Never offer unconfirmed fixes as a Question decision gate. Never ask "How do you want to proceed?" while a safe scoped investigation action remains.
20
+
21
+ Treat the structured `question` tool as a deliberate human checkpoint, not a progress or planning gate. Use the structured `question` tool only when required information cannot be discovered from the workspace or available sources, a credentials/device/external-state/external-directory or materially different action requires explicit authorization, or prepared reproduction or verification requires a person to act inside the target application. Every question must request an observation or required authorization, never a speculative cause or implementation choice. Do not use it for ordinary reads, searches, owned probe edits, builds, or tests within scope. When an available tool enforces its own permission, call it and let that permission gate handle approval instead of asking preemptively. If a deterministic local check can answer the checkpoint, run it instead of asking the developer.
22
+
15
23
  ## Hypotheses
16
24
 
17
25
  Before a behavioral fix, record two to four ranked falsifiable hypotheses. Give each explicit confirmation and elimination signals. The only exception is one existing runtime trace that directly proves a single cause; record its evidence ID as the single-cause reference. Static analysis may rank hypotheses but cannot confirm them.
@@ -20,14 +28,20 @@ Before a behavioral fix, record two to four ranked falsifiable hypotheses. Give
20
28
 
21
29
  Create a `pre-fix` run with `debug_run_start`. Capture the failing baseline before changing behavior. Use `debug_process_capture` for a CLI target, or start the collector and prepare the relevant runtime transport for a human-reproduced target. Record whether the failure actually reproduced.
22
30
 
31
+ Prefer a deterministic test, fixture, or local script over human reproduction whenever it can exercise the failure.
32
+
23
33
  ## Instrumentation
24
34
 
25
35
  Add the minimum probe needed to distinguish the ranked hypotheses. Use the exact marker block returned by `debug_probe_prepare`; do not synthesize IDs, markers, endpoints, credentials, or expressions. Captures must be identifier/property paths. Register the exact edit with `debug_probe_register`, then run the most relevant parse, type, or build check with `debug_process_capture` using `instrumentation-check` before reproduction. Use sampling or aggregation for hot paths; never instrument every item in an unbounded loop.
26
36
 
37
+ Preparing, inserting, registering, and validating an owned temporary probe is safe investigation work; perform it without requesting fix-direction approval.
38
+
27
39
  Only JavaScript and TypeScript probes are supported. Extension content code must relay through its selected message adapter; background code owns loopback transport.
28
40
 
29
41
  ## Human reproduction
30
42
 
43
+ Do not request human reproduction until the baseline transport, probes, and instrumentation check are ready. When prepared human reproduction is the only remaining evidence step, ask one minimal evidence-producing question for that iteration. At a prepared pre-fix checkpoint, ask whether the issue reproduced using the exact in-application steps you provide. Summarize the hypotheses the reproduction will distinguish; do not ask the developer which hypothesis or fix to choose.
44
+
31
45
  Immediately before requesting user action, checkpoint phase `waiting_for_reproduction`, the waiting run, and the precise next action. Ask only for actions inside the target application. Do not ask the developer to inspect the collector. Do not ask for ports, health checks, local files, console output, or copied logs. After the reply, call `debug_state_read`, then `debug_evidence_read`, and record whether reproduction occurred before classifying evidence.
32
46
 
33
47
  ## Evidence decisions
@@ -38,10 +52,14 @@ For every hypothesis, record `open`, `confirmed`, or `eliminated` with stable ev
38
52
 
39
53
  Change only the cause supported by deciding evidence. Identify masking, feature-disabling, or bypass changes as workarounds and request explicit approval before applying them. Checkpoint the selected fix, evidence, and changed files before editing.
40
54
 
55
+ A developer selection cannot substitute for deciding runtime evidence, a failing test, or a deterministic reproduction.
56
+
41
57
  ## Verification
42
58
 
43
59
  Create a distinct `post-fix` run. Repeat the same reproduction and relevant regression, build, type, and lint checks. Compare pre-fix and post-fix evidence, not only exit status. Ensure instrumentation did not mask the failure. Record verification results and deciding evidence in the checkpoint.
44
60
 
61
+ At a prepared post-fix checkpoint, ask whether the same reproduction is now fixed after the developer repeats the exact in-application steps. Ask only after the evidence-backed fix and automated checks pass. When pre-fix reproduction required a person, require the corresponding post-fix human verification before cleanup or success.
62
+
45
63
  ## Cleanup and report
46
64
 
47
65
  Checkpoint phase `cleaning`. Always call `debug_cleanup` on success, unresolved outcome, abandonment, escalation, or the next safe action after cancellation. Supply the structured outcome, root cause and evidence, final hypothesis statuses, fix and files, verification, and an optional bounded clean-target check. Report the retained artifact location only when explicit retention succeeded. Report every failed or ambiguous cleanup resource. Never say the target is clean when cleanup is partial.
package/dist/index.js CHANGED
@@ -3599,10 +3599,12 @@ function createDebugModePlugin(options = {}) {
3599
3599
  if (config.command?.debug !== void 0) logCollision("command.debug");
3600
3600
  config.agent ??= {};
3601
3601
  config.command ??= {};
3602
+ const permission = { question: "allow" };
3602
3603
  config.agent.debug = {
3603
3604
  mode: "primary",
3604
3605
  description: "Hypothesis-driven runtime debugging",
3605
- prompt
3606
+ prompt,
3607
+ permission
3606
3608
  };
3607
3609
  config.command.debug = {
3608
3610
  description: "Start hypothesis-driven runtime debugging",