@open-agent-toolkit/cli 0.1.43 → 0.1.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/assets/agents/oat-reviewer.md +2 -2
- package/assets/config/dispatch-matrix-recommendation.json +23 -0
- package/assets/docs/cli-utilities/config-and-local-state.md +7 -0
- package/assets/docs/cli-utilities/configuration.md +104 -25
- package/assets/docs/cli-utilities/workflow-gates.md +79 -16
- package/assets/docs/contributing/code.md +10 -4
- package/assets/docs/contributing/hooks-and-safety.md +23 -0
- package/assets/docs/provider-sync/config.md +5 -1
- package/assets/docs/provider-sync/manifest-and-drift.md +6 -1
- package/assets/docs/provider-sync/providers.md +6 -3
- package/assets/docs/provider-sync/scope-and-surface.md +2 -1
- package/assets/docs/reference/oat-directory-structure.md +2 -2
- package/assets/docs/workflows/projects/dispatch-ceiling.md +110 -27
- package/assets/docs/workflows/projects/implementation-execution.md +20 -13
- package/assets/public-package-versions.json +4 -4
- package/assets/skills/oat-project-implement/SKILL.md +155 -58
- package/assets/skills/oat-project-plan/SKILL.md +22 -3
- package/assets/skills/oat-project-quick-start/SKILL.md +54 -23
- package/assets/templates/state.md +5 -0
- package/dist/commands/config/index.d.ts +6 -0
- package/dist/commands/config/index.d.ts.map +1 -1
- package/dist/commands/config/index.js +429 -20
- package/dist/commands/doctor/index.d.ts +6 -1
- package/dist/commands/doctor/index.d.ts.map +1 -1
- package/dist/commands/doctor/index.js +209 -19
- package/dist/commands/gate/index.d.ts +39 -2
- package/dist/commands/gate/index.d.ts.map +1 -1
- package/dist/commands/gate/index.js +343 -30
- package/dist/commands/internal/cursor-current-target.d.ts +37 -0
- package/dist/commands/internal/cursor-current-target.d.ts.map +1 -0
- package/dist/commands/internal/cursor-current-target.js +228 -0
- package/dist/commands/internal/index.d.ts.map +1 -1
- package/dist/commands/internal/index.js +2 -0
- package/dist/commands/project/dispatch-ceiling/index.d.ts.map +1 -1
- package/dist/commands/project/dispatch-ceiling/index.js +487 -17
- package/dist/commands/providers/codex/index.d.ts +4 -0
- package/dist/commands/providers/codex/index.d.ts.map +1 -0
- package/dist/commands/providers/codex/index.js +7 -0
- package/dist/commands/providers/codex/materialize.d.ts +5 -0
- package/dist/commands/providers/codex/materialize.d.ts.map +1 -0
- package/dist/commands/providers/codex/materialize.js +152 -0
- package/dist/commands/providers/index.d.ts +2 -2
- package/dist/commands/providers/index.d.ts.map +1 -1
- package/dist/commands/providers/index.js +4 -2
- package/dist/commands/providers/providers.types.d.ts +23 -0
- package/dist/commands/providers/providers.types.d.ts.map +1 -1
- package/dist/commands/shared/codex-strays.d.ts.map +1 -1
- package/dist/commands/shared/codex-strays.js +11 -1
- package/dist/commands/status/index.d.ts +4 -1
- package/dist/commands/status/index.d.ts.map +1 -1
- package/dist/commands/status/index.js +1 -1
- package/dist/commands/sync/index.d.ts.map +1 -1
- package/dist/commands/sync/index.js +1 -1
- package/dist/commands/sync/sync.types.d.ts +4 -1
- package/dist/commands/sync/sync.types.d.ts.map +1 -1
- package/dist/config/dispatch-ceiling-preset.d.ts +4 -0
- package/dist/config/dispatch-ceiling-preset.d.ts.map +1 -1
- package/dist/config/dispatch-ceiling-preset.js +3 -0
- package/dist/config/dispatch-policy-options.d.ts +20 -0
- package/dist/config/dispatch-policy-options.d.ts.map +1 -0
- package/dist/config/dispatch-policy-options.js +96 -0
- package/dist/config/oat-config.d.ts +21 -5
- package/dist/config/oat-config.d.ts.map +1 -1
- package/dist/config/oat-config.js +118 -10
- package/dist/config/resolve.js +12 -0
- package/dist/manifest/manifest.types.d.ts +12 -12
- package/dist/providers/ceiling/registry.d.ts +7 -5
- package/dist/providers/ceiling/registry.d.ts.map +1 -1
- package/dist/providers/ceiling/registry.js +32 -5
- package/dist/providers/codex/codec/config-merge.d.ts +6 -0
- package/dist/providers/codex/codec/config-merge.d.ts.map +1 -1
- package/dist/providers/codex/codec/config-merge.js +7 -0
- package/dist/providers/codex/codec/materialize.d.ts +16 -0
- package/dist/providers/codex/codec/materialize.d.ts.map +1 -0
- package/dist/providers/codex/codec/materialize.js +57 -0
- package/dist/providers/codex/codec/shared.d.ts +1 -0
- package/dist/providers/codex/codec/shared.d.ts.map +1 -1
- package/dist/providers/codex/codec/shared.js +9 -1
- package/dist/providers/codex/codec/sync-extension.d.ts +7 -1
- package/dist/providers/codex/codec/sync-extension.d.ts.map +1 -1
- package/dist/providers/codex/codec/sync-extension.js +183 -46
- package/dist/providers/identity/availability.d.ts +45 -0
- package/dist/providers/identity/availability.d.ts.map +1 -0
- package/dist/providers/identity/availability.js +353 -0
- package/dist/providers/identity/family.d.ts +13 -0
- package/dist/providers/identity/family.d.ts.map +1 -0
- package/dist/providers/identity/family.js +32 -0
- package/dist/providers/identity/provenance.d.ts +21 -0
- package/dist/providers/identity/provenance.d.ts.map +1 -0
- package/dist/providers/identity/provenance.js +65 -0
- package/dist/providers/identity/stamp.d.ts +35 -0
- package/dist/providers/identity/stamp.d.ts.map +1 -0
- package/dist/providers/identity/stamp.js +171 -0
- package/package.json +2 -2
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: oat-reviewer
|
|
3
|
-
version: 1.1.
|
|
3
|
+
version: 1.1.5
|
|
4
4
|
description: Unified reviewer for OAT projects - mode-aware verification of requirements/design alignment and code quality. Writes a review artifact to disk by default, or returns structured findings in-memory when dispatched in structured-output mode.
|
|
5
5
|
tools: Read, Bash, Grep, Glob, Write
|
|
6
6
|
color: yellow
|
|
@@ -68,7 +68,7 @@ You will be given a "Review Scope" block including:
|
|
|
68
68
|
|
|
69
69
|
The orchestrator owns dispatch control. Do not read `plan.md` Dispatch Profile rows to self-select a tier.
|
|
70
70
|
|
|
71
|
-
For Codex, deterministic review dispatch under a capped managed policy uses
|
|
71
|
+
For Codex, deterministic review dispatch under a capped managed policy uses the materialized Codex role name returned by `providers.codex.dispatchArgs.variant`; the orchestrator also supplies `providers.codex.selection.target` context when available and should derive `model_axis` and `effort_axis` from resolver output. Managed `Uncapped` and inherit/default policies have no reviewer target, so the base `oat-reviewer` role is used only when the resolver returns no `dispatchArgs.variant`, as a provider-default/unpinned fallback. If you are running as the base role, report any provided `provider_default_effort` as context but do not treat it as managed uncapped selection or an OAT cap. Use base `oat-reviewer` only when the resolver returns no `dispatchArgs.variant`.
|
|
72
72
|
|
|
73
73
|
For Claude Code, review dispatch is model-axis based and the effort axis is `not-applicable`.
|
|
74
74
|
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "2026-07-07.1",
|
|
3
|
+
"providers": {
|
|
4
|
+
"codex": {
|
|
5
|
+
"economy": "low",
|
|
6
|
+
"balanced": "medium",
|
|
7
|
+
"high": "high",
|
|
8
|
+
"frontier": "xhigh"
|
|
9
|
+
},
|
|
10
|
+
"claude": {
|
|
11
|
+
"economy": "haiku",
|
|
12
|
+
"balanced": "sonnet",
|
|
13
|
+
"high": "opus",
|
|
14
|
+
"frontier": "fable"
|
|
15
|
+
},
|
|
16
|
+
"cursor": {
|
|
17
|
+
"economy": "composer-2.5",
|
|
18
|
+
"balanced": "composer-2.5-fast",
|
|
19
|
+
"high": "gpt-5.5-high",
|
|
20
|
+
"frontier": "fable-5"
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
}
|
|
@@ -113,6 +113,13 @@ Use `oat config` for repo runtime config inspection and supported key mutation.
|
|
|
113
113
|
|
|
114
114
|
Use `oat config dump --json` when you need the whole resolved config in one machine-readable response rather than a single key or a human-oriented list view.
|
|
115
115
|
|
|
116
|
+
Dispatch policy keys are part of this surface, but provider-specific generation
|
|
117
|
+
still belongs to provider commands. Use `oat config describe
|
|
118
|
+
workflow.dispatchPolicy.policy` to inspect capped managed, managed uncapped,
|
|
119
|
+
inherit/default, and unresolved behavior; use `oat providers codex materialize`
|
|
120
|
+
or `oat sync --scope project` to create materialized Codex roles from explicit
|
|
121
|
+
model+effort targets.
|
|
122
|
+
|
|
116
123
|
Archive lifecycle settings live here as shared repo config:
|
|
117
124
|
|
|
118
125
|
- `archive.s3Uri`
|
|
@@ -173,8 +173,8 @@ oat config describe activeIdea
|
|
|
173
173
|
Dispatch policy is the workflow setting that tells OAT whether to manage
|
|
174
174
|
subagent model/effort selection and, if so, which managed policy to use.
|
|
175
175
|
|
|
176
|
-
For the full conceptual model - managed capped tiers,
|
|
177
|
-
`Inherit Host Defaults`, and provider-specific enforcement - see
|
|
176
|
+
For the full conceptual model - managed capped tiers, dispatch matrix cells,
|
|
177
|
+
managed `Uncapped`, `Inherit Host Defaults`, and provider-specific enforcement - see
|
|
178
178
|
[Dispatch Policy](../workflows/projects/dispatch-ceiling.md).
|
|
179
179
|
|
|
180
180
|
### Config keys
|
|
@@ -196,35 +196,109 @@ Managed policies compile to:
|
|
|
196
196
|
| `frontier` | `xhigh` | `fable` |
|
|
197
197
|
| `uncapped` | none | none |
|
|
198
198
|
|
|
199
|
-
|
|
199
|
+
Dispatch matrix and legacy compatibility keys:
|
|
200
200
|
|
|
201
|
-
| Key
|
|
202
|
-
|
|
|
203
|
-
| `workflow.dispatchCeiling.preset`
|
|
204
|
-
| `workflow.dispatchCeiling.providers
|
|
205
|
-
| `workflow.dispatchCeiling.providers
|
|
201
|
+
| Key | Values | Purpose |
|
|
202
|
+
| ------------------------------------------------------ | --------------------------------------- | -------------------------------------------------------------------------------------- |
|
|
203
|
+
| `workflow.dispatchCeiling.preset` | `balanced`, `maximum`, `cost-conscious` | Legacy preset alias; `maximum` maps to `high`, `cost-conscious` to `economy` |
|
|
204
|
+
| `workflow.dispatchCeiling.providers.<provider>` | bare value or tier map | Provider column; bare Codex/Claude values remain legacy capped targets |
|
|
205
|
+
| `workflow.dispatchCeiling.providers.<provider>.<tier>` | bare value or ordered route | One matrix cell for `economy`, `balanced`, `high`, or `frontier` |
|
|
206
|
+
| `workflow.dispatchCeiling.recommendationVersion` | string | Version stamp written by `oat config adopt dispatch-matrix`; used for drift visibility |
|
|
206
207
|
|
|
207
|
-
|
|
208
|
-
|
|
208
|
+
Examples:
|
|
209
|
+
|
|
210
|
+
```bash
|
|
211
|
+
oat config adopt dispatch-matrix --shared
|
|
212
|
+
oat config set workflow.dispatchCeiling.providers.cursor.balanced composer-2.5 --shared
|
|
213
|
+
oat config set workflow.dispatchCeiling.providers.codex high --shared
|
|
214
|
+
oat config set workflow.dispatchCeiling.providers.claude opus --shared
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
For ordered routes, edit the config JSON so a tier cell is an array. Route
|
|
218
|
+
entries are either bare slugs or objects with `harness`, `model`, and optional
|
|
219
|
+
`effort`:
|
|
220
|
+
|
|
221
|
+
```json
|
|
222
|
+
{
|
|
223
|
+
"workflow": {
|
|
224
|
+
"dispatchCeiling": {
|
|
225
|
+
"providers": {
|
|
226
|
+
"cursor": {
|
|
227
|
+
"high": [
|
|
228
|
+
"composer-2.5",
|
|
229
|
+
{ "harness": "cursor", "model": "gpt-5.5-xhigh" }
|
|
230
|
+
]
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
```
|
|
237
|
+
|
|
238
|
+
`Uncapped` is explicit managed state: OAT still selects the preferred
|
|
239
|
+
provider-specific dispatch target, but does not apply a maximum cap. Do not
|
|
240
|
+
represent it by leaving policy state absent. To request no OAT model/effort
|
|
241
|
+
selection, set:
|
|
209
242
|
|
|
210
243
|
```bash
|
|
211
244
|
oat config set workflow.dispatchPolicy.mode inherit
|
|
212
245
|
```
|
|
213
246
|
|
|
247
|
+
If no managed policy, legacy cap, or inherit/default mode resolves during an
|
|
248
|
+
implementation preflight, the policy remains unresolved. Interactive
|
|
249
|
+
implementation may ask once and persist a choice; non-interactive
|
|
250
|
+
implementation blocks rather than silently falling back to host defaults.
|
|
251
|
+
|
|
214
252
|
### How enforcement works
|
|
215
253
|
|
|
216
254
|
OAT applies managed policies where the provider exposes a reliable mechanism.
|
|
217
|
-
|
|
255
|
+
Providers without an adapter receive them as advisory/unsupported.
|
|
256
|
+
|
|
257
|
+
| Provider | Mechanism | Enforcement mode |
|
|
258
|
+
| -------- | ------------------------------------ | ------------------------------- |
|
|
259
|
+
| Codex | Materialized model+effort role names | `enforced` |
|
|
260
|
+
| Claude | Task `model` parameter | `enforced` |
|
|
261
|
+
| Cursor | `--model` argument / Task `model` | `enforced` when a cell resolves |
|
|
262
|
+
| Others | None (informational only) | `advisory` / `unsupported` |
|
|
263
|
+
|
|
264
|
+
Codex managed dispatch compiles an explicit `model` plus reasoning `effort`
|
|
265
|
+
target into a materialized OAT role name, for example
|
|
266
|
+
`oat-phase-implementer-gpt-5-6-terra-xhigh`. OAT-managed Codex roles are not
|
|
267
|
+
the old hard-coded effort-only pins; they come from resolver targets, dispatch
|
|
268
|
+
matrix cells, or an explicit materialization command. Base roles such as
|
|
269
|
+
`oat-phase-implementer` and `oat-reviewer` are fallback paths that follow the
|
|
270
|
+
provider default effort when inherit/default behavior is selected or no
|
|
271
|
+
materialized target resolves.
|
|
218
272
|
|
|
219
|
-
| Provider | Mechanism | Enforcement mode |
|
|
220
|
-
| -------- | ------------------------- | -------------------------- |
|
|
221
|
-
| Codex | Pinned role variants | `enforced` |
|
|
222
|
-
| Claude | Task `model` parameter | `enforced` |
|
|
223
|
-
| Others | None (informational only) | `advisory` / `unsupported` |
|
|
224
|
-
|
|
225
|
-
Codex uses effort (`low < medium < high < xhigh`) and pinned OAT role variants.
|
|
226
273
|
Claude uses Task `model` (`haiku < sonnet < opus < fable`) and keeps
|
|
227
|
-
`effort_axis=not-applicable`.
|
|
274
|
+
`effort_axis=not-applicable`. Cursor and other model-arg providers use opaque
|
|
275
|
+
matrix slugs; OAT validates availability when a provider oracle is available,
|
|
276
|
+
but the configured matrix owns tier meaning. For Cursor subagents, validation
|
|
277
|
+
checks the model can actually be used by Task subagent dispatch, not just that
|
|
278
|
+
the broad `cursor-agent models` catalog lists the slug.
|
|
279
|
+
|
|
280
|
+
### Codex role materialization
|
|
281
|
+
|
|
282
|
+
Use `oat providers codex materialize` when you need to materialize one
|
|
283
|
+
canonical agent as a Codex role outside a full sync run:
|
|
284
|
+
|
|
285
|
+
```bash
|
|
286
|
+
oat providers codex materialize oat-reviewer --model gpt-5.6-terra --effort xhigh --dry-run
|
|
287
|
+
oat providers codex materialize oat-phase-implementer --model gpt-5.6-terra --effort high
|
|
288
|
+
```
|
|
289
|
+
|
|
290
|
+
Required inputs are the canonical agent name, `--model <model-id>`, and
|
|
291
|
+
`--effort <reasoning-effort>`. The command defaults to project scope, reads
|
|
292
|
+
`.agents/agents/<agent-name>.md`, writes `.codex/agents/<role>.toml`, and
|
|
293
|
+
upserts `.codex/config.toml` unless `--dry-run` is present. `--agent-path` can
|
|
294
|
+
point at a specific canonical agent markdown file, and `--role-name` can
|
|
295
|
+
override the generated role name.
|
|
296
|
+
|
|
297
|
+
Normal project sync also materializes Codex roles for configured matrix targets:
|
|
298
|
+
|
|
299
|
+
```bash
|
|
300
|
+
oat sync --scope project
|
|
301
|
+
```
|
|
228
302
|
|
|
229
303
|
**Verify-on-upgrade:** when the requested tier exceeds the current orchestrator
|
|
230
304
|
tier (an upgrade request), the resolver sets `verifyOnDispatch: true`. The skill
|
|
@@ -249,12 +323,14 @@ oat project dispatch-ceiling resolve --provider codex --json
|
|
|
249
323
|
oat project dispatch-ceiling resolve --provider codex --role implementer --preferred medium --json
|
|
250
324
|
oat project dispatch-ceiling resolve --provider claude --role implementer --preferred sonnet --orchestrator-tier sonnet --json
|
|
251
325
|
oat project dispatch-ceiling resolve --provider claude --orchestrator-tier sonnet --json
|
|
326
|
+
oat project dispatch-ceiling resolve --provider cursor --role implementer --preferred high --escalation-level 0 --json
|
|
252
327
|
```
|
|
253
328
|
|
|
254
329
|
The resolver checks effective config first, then project `state.md`
|
|
255
|
-
`oat_dispatch_policy` frontmatter,
|
|
256
|
-
For Codex it also reports
|
|
257
|
-
|
|
330
|
+
`oat_dispatch_policy` frontmatter, including sparse `matrix` overrides, then
|
|
331
|
+
legacy `oat_dispatch_ceiling`. For Codex it also reports
|
|
332
|
+
`providerDefaultEffort`, which is informational only for explicit
|
|
333
|
+
inherit/default behavior or base/unpinned fallback paths.
|
|
258
334
|
|
|
259
335
|
For non-interactive preflight checks, use:
|
|
260
336
|
|
|
@@ -284,10 +360,11 @@ Workflow preference keys live under the `workflow.*` namespace:
|
|
|
284
360
|
- `workflow.autoArtifactReview.plan` — boolean, default `true`. Automatically run the bounded artifact-review loop for generated `plan.md` files before implementation handoff. Set to `false` only when you intentionally want to skip the plan artifact review.
|
|
285
361
|
- `workflow.autoArtifactReview.analysis` — boolean, default `true`. Automatically run the bounded accuracy-review loop for generated docs and agent-instructions analysis artifacts before the matching apply workflow consumes them.
|
|
286
362
|
- `workflow.dispatchPolicy.mode` — `managed` or `inherit`. `managed` means OAT selects model/effort controls from `workflow.dispatchPolicy.policy`; `inherit` means OAT leaves controls to host/provider defaults.
|
|
287
|
-
- `workflow.dispatchPolicy.policy` — `economy`, `balanced`, `high`, `frontier`, or `uncapped`. `economy` through `frontier` are capped managed policies; `uncapped` keeps OAT-managed preferred selection without provider caps.
|
|
363
|
+
- `workflow.dispatchPolicy.policy` — `economy`, `balanced`, `high`, `frontier`, or `uncapped`. `economy` through `frontier` are capped managed policies; `uncapped` keeps OAT-managed preferred selection without provider caps. It is distinct from `workflow.dispatchPolicy.mode=inherit`, which leaves controls to the host/provider.
|
|
288
364
|
- `workflow.dispatchCeiling.preset` — legacy compatibility alias (`balanced`, `maximum`, or `cost-conscious`) for capped managed policy setup.
|
|
289
|
-
- `workflow.dispatchCeiling.providers
|
|
290
|
-
- `workflow.dispatchCeiling.providers
|
|
365
|
+
- `workflow.dispatchCeiling.providers.<provider>` — dispatch matrix provider column or legacy bare provider target.
|
|
366
|
+
- `workflow.dispatchCeiling.providers.<provider>.<tier>` — one matrix cell for `economy`, `balanced`, `high`, or `frontier`.
|
|
367
|
+
- `workflow.dispatchCeiling.recommendationVersion` — version of the adopted recommended matrix.
|
|
291
368
|
- `workflow.gates.skills` / `workflow.gates.execTargets` — structured per-skill final gate commands and exec-target registry. Use `oat gate set`, `oat gate target set`, `oat gate review`, and `oat gate cross-provider-exec`; do not use `oat config set` for these objects.
|
|
292
369
|
|
|
293
370
|
### Auto artifact-review preferences
|
|
@@ -324,6 +401,7 @@ oat config set workflow.autoReviewAtHillCheckpoints true --user
|
|
|
324
401
|
oat config set workflow.autoNarrowReReviewScope true --user
|
|
325
402
|
oat config set workflow.designMode selective --user
|
|
326
403
|
oat config set workflow.dispatchCeiling.preset balanced --user
|
|
404
|
+
oat config adopt dispatch-matrix --user
|
|
327
405
|
oat config set workflow.autoArtifactReview.plan true --user
|
|
328
406
|
oat config set workflow.autoArtifactReview.analysis true --user
|
|
329
407
|
|
|
@@ -331,6 +409,7 @@ oat config set workflow.autoArtifactReview.analysis true --user
|
|
|
331
409
|
oat config set workflow.createPrOnComplete false --shared
|
|
332
410
|
oat config set workflow.designMode collaborative --shared
|
|
333
411
|
oat config set workflow.dispatchCeiling.preset balanced --shared
|
|
412
|
+
oat config set workflow.dispatchCeiling.providers.cursor.high composer-2.5 --shared
|
|
334
413
|
oat config set workflow.autoArtifactReview.plan false --shared
|
|
335
414
|
|
|
336
415
|
# Repo-local: personal override for this repo (default when no flag)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
title: Workflow Gates
|
|
3
|
-
description: Configure per-skill final commands and
|
|
3
|
+
description: Configure per-skill final commands and family-aware review dispatch with oat gate.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# Workflow Gates
|
|
@@ -16,6 +16,13 @@ selects an exec target, runs the prompt, and exits with the child process
|
|
|
16
16
|
status. Use `oat gate review` when the command is specifically an OAT review
|
|
17
17
|
gate that should inspect the produced review artifact.
|
|
18
18
|
|
|
19
|
+
:::note Release note: default avoidance changed
|
|
20
|
+
Gate dispatch now defaults to `--avoid same-family`, not `same-runtime`.
|
|
21
|
+
For multi-family providers such as Cursor, this prevents a gate from reviewing
|
|
22
|
+
with the same model family that produced the work. Use `--avoid none` only when
|
|
23
|
+
you intentionally allow same-family review.
|
|
24
|
+
:::
|
|
25
|
+
|
|
19
26
|
## Gate config
|
|
20
27
|
|
|
21
28
|
Gate config lives under `workflow.gates.skills` and is keyed by skill name.
|
|
@@ -129,9 +136,9 @@ contract.
|
|
|
129
136
|
## Exec targets
|
|
130
137
|
|
|
131
138
|
`oat gate cross-provider-exec` chooses from `workflow.gates.execTargets`.
|
|
132
|
-
Targets are keyed by opaque id. OAT uses
|
|
133
|
-
|
|
134
|
-
id.
|
|
139
|
+
Targets are keyed by opaque id. OAT uses the declared runtime, commands,
|
|
140
|
+
priority, optional `models` list, and any pinned `--model` already present in
|
|
141
|
+
the command. It does not infer provider semantics from the target id.
|
|
135
142
|
|
|
136
143
|
Built-in targets:
|
|
137
144
|
|
|
@@ -162,6 +169,34 @@ oat gate target set claude-opus \
|
|
|
162
169
|
JSON argv is intentional: provider commands often contain flags such as `-p` or
|
|
163
170
|
`--model`, which would be ambiguous as variadic CLI options.
|
|
164
171
|
|
|
172
|
+
Targets may also define a `models` list directly in config. During selection,
|
|
173
|
+
OAT expands that target into `(target, model)` candidates, preserves the target
|
|
174
|
+
priority and model list order, and appends `--model <winner>` to the command.
|
|
175
|
+
A long-form target that already pins `--model` in `baseCommand` is treated as
|
|
176
|
+
that candidate's model and is not double-pinned.
|
|
177
|
+
|
|
178
|
+
```json
|
|
179
|
+
{
|
|
180
|
+
"workflow": {
|
|
181
|
+
"gates": {
|
|
182
|
+
"execTargets": {
|
|
183
|
+
"cursor-family-gate": {
|
|
184
|
+
"runtime": "cursor",
|
|
185
|
+
"baseCommand": ["cursor-agent", "-p", "--force"],
|
|
186
|
+
"models": ["composer-2.5", "gpt-5.5-xhigh", "claude-opus-4-8"],
|
|
187
|
+
"availabilityCommand": [
|
|
188
|
+
"sh",
|
|
189
|
+
"-c",
|
|
190
|
+
"command -v cursor-agent || command -v agent"
|
|
191
|
+
],
|
|
192
|
+
"priority": 95
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
```
|
|
199
|
+
|
|
165
200
|
### Trusted target examples
|
|
166
201
|
|
|
167
202
|
Use these examples only in trusted environments where the provider process may
|
|
@@ -275,12 +310,15 @@ oat gate cross-provider-exec "Use oat-project-review-provide to review the curre
|
|
|
275
310
|
By default the dispatcher:
|
|
276
311
|
|
|
277
312
|
1. Resolves built-in and configured exec targets.
|
|
278
|
-
2.
|
|
279
|
-
3.
|
|
280
|
-
4.
|
|
313
|
+
2. Expands target `models` into candidate `(target, model)` pairs.
|
|
314
|
+
3. Detects the current runtime with host detection commands.
|
|
315
|
+
4. Resolves producer identity from `--producer-identity` or dispatch stamps when
|
|
316
|
+
available.
|
|
317
|
+
5. Applies `--avoid same-family`.
|
|
318
|
+
6. Checks candidate availability in descending priority order, with target id as
|
|
281
319
|
the tie-breaker.
|
|
282
|
-
|
|
283
|
-
|
|
320
|
+
7. Runs the chosen `baseCommand` with the selected model and prompt appended.
|
|
321
|
+
8. Exits with the child process status.
|
|
284
322
|
|
|
285
323
|
Use `--target <id>` to pin one target and skip detection/avoidance:
|
|
286
324
|
|
|
@@ -289,12 +327,32 @@ oat gate cross-provider-exec --target claude-opus "Review the current project"
|
|
|
289
327
|
```
|
|
290
328
|
|
|
291
329
|
Use `--avoid none` only when you intentionally allow the current runtime to be
|
|
292
|
-
selected:
|
|
330
|
+
selected or same-family review to run:
|
|
293
331
|
|
|
294
332
|
```bash
|
|
295
333
|
oat gate cross-provider-exec --avoid none "Run this gate on any available target"
|
|
296
334
|
```
|
|
297
335
|
|
|
336
|
+
Use `--producer-identity <value>:<provenance>` to route manually from a known
|
|
337
|
+
producer when no project dispatch stamp exists:
|
|
338
|
+
|
|
339
|
+
```bash
|
|
340
|
+
oat gate review \
|
|
341
|
+
--producer-identity gpt-5.5-xhigh:declared \
|
|
342
|
+
--review-type code \
|
|
343
|
+
--review-scope final \
|
|
344
|
+
"Use oat-project-review-provide code final to review the current project"
|
|
345
|
+
```
|
|
346
|
+
|
|
347
|
+
Gate JSON output includes `diversity` metadata with the requested avoid mode,
|
|
348
|
+
producer identity/provenance/confidence, reviewer target/model/family, and the
|
|
349
|
+
achieved level:
|
|
350
|
+
|
|
351
|
+
- `different-family`
|
|
352
|
+
- `degraded-to-different-slug`
|
|
353
|
+
- `same-family - no diverse target available`
|
|
354
|
+
- `unknown-producer`
|
|
355
|
+
|
|
298
356
|
## Failure behavior
|
|
299
357
|
|
|
300
358
|
Gate failure behavior is owned by the gate-aware skill:
|
|
@@ -309,11 +367,16 @@ Gate failure behavior is owned by the gate-aware skill:
|
|
|
309
367
|
available target. Once a target actually runs, its exit code is the gate result;
|
|
310
368
|
OAT does not try another target after a failed review.
|
|
311
369
|
|
|
370
|
+
Gate target execution has a child-process timeout (default 10 minutes, override
|
|
371
|
+
with `OAT_GATE_EXEC_TIMEOUT_MS`). When a review target times out, JSON output
|
|
372
|
+
reports `status: review_failed`, `outcome: review_did_not_complete`,
|
|
373
|
+
`timedOut: true`, and the timeout value so automation can distinguish a hung
|
|
374
|
+
provider prompt from a completed review with findings.
|
|
375
|
+
|
|
312
376
|
## Current limits
|
|
313
377
|
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
different
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
`--target <id>`.
|
|
378
|
+
Family diversity is selected before dispatch. If the selected provider command
|
|
379
|
+
starts and then fails, OAT does not try another target after dispatch. If no
|
|
380
|
+
different-family target is available, OAT warns, records the degraded achieved
|
|
381
|
+
level, and runs the best available target rather than pretending diversity was
|
|
382
|
+
achieved.
|
|
@@ -12,15 +12,21 @@ Use this page when you are changing the OAT codebase itself rather than only edi
|
|
|
12
12
|
Install and verify the workspace from the repo root:
|
|
13
13
|
|
|
14
14
|
```bash
|
|
15
|
-
|
|
16
|
-
pnpm
|
|
17
|
-
pnpm
|
|
15
|
+
nvm use
|
|
16
|
+
corepack pnpm install
|
|
17
|
+
corepack pnpm build
|
|
18
|
+
corepack pnpm run cli -- help
|
|
18
19
|
```
|
|
19
20
|
|
|
21
|
+
The repo pins Node in `.nvmrc` and the package manager in `package.json`
|
|
22
|
+
(`packageManager`). If your machine has multiple Node or pnpm installs, prefer
|
|
23
|
+
Corepack from the active `.nvmrc` Node so workspace commands use the same pnpm
|
|
24
|
+
version as the hooks and CI.
|
|
25
|
+
|
|
20
26
|
For worktree-based implementation, initialize the worktree before starting the CLI workflow:
|
|
21
27
|
|
|
22
28
|
```bash
|
|
23
|
-
pnpm run worktree:init
|
|
29
|
+
corepack pnpm run worktree:init
|
|
24
30
|
```
|
|
25
31
|
|
|
26
32
|
## Monorepo Structure
|
|
@@ -20,6 +20,29 @@ The hook is non-blocking: it never fails the commit, even when managed drift is
|
|
|
20
20
|
|
|
21
21
|
OAT installs the hook into Git's currently active hook directory. When a consumer repo keeps hooks in a repo-managed folder such as `.githooks/`, Git must be configured to use that path before install, or OAT must configure it during the hook prompt flow.
|
|
22
22
|
|
|
23
|
+
## OAT repo developer hooks
|
|
24
|
+
|
|
25
|
+
The `open-agent-toolkit` repository also ships its own managed hook scripts under
|
|
26
|
+
`tools/git-hooks/`. These are contributor hooks for this repo, separate from the
|
|
27
|
+
consumer hook snippet that `oat init` installs into other repositories.
|
|
28
|
+
|
|
29
|
+
The repo hooks source `tools/git-hooks/repo-toolchain.sh` before running pnpm
|
|
30
|
+
commands. The helper changes to the repo root, loads `.nvmrc` through nvm when
|
|
31
|
+
available, and then prefers Corepack pnpm. This keeps `commit-msg`,
|
|
32
|
+
`pre-commit`, `pre-push`, and `post-checkout` on the same Node/pnpm toolchain
|
|
33
|
+
even when a developer shell has multiple versions installed.
|
|
34
|
+
|
|
35
|
+
The repo's `pre-commit` OAT status check uses the repo-local source CLI when the
|
|
36
|
+
OAT source tree is present:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
corepack pnpm run --silent cli:source -- status --scope project --hook
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
That avoids false sync drift from a stale globally installed `oat` while still
|
|
43
|
+
leaving the consumer-repo hook contract unchanged: generated hooks in other
|
|
44
|
+
repos continue to call `oat status --scope project --hook`.
|
|
45
|
+
|
|
23
46
|
## Safety contracts
|
|
24
47
|
|
|
25
48
|
- `sync` mutates by default; use `--dry-run` to preview.
|
|
@@ -95,7 +95,11 @@ canonical `.agents/skills` inventory.
|
|
|
95
95
|
- unset: provider falls back to directory detection.
|
|
96
96
|
- `defaultStrategy` is used when no provider-specific `strategy` is set.
|
|
97
97
|
- At runtime, config is normalized so `providers` is always present in memory.
|
|
98
|
-
- Codex project sync also manages generated
|
|
98
|
+
- Codex project sync also manages generated materialized roles derived from
|
|
99
|
+
canonical agents and explicit model+effort targets. Dispatch-aware roles such
|
|
100
|
+
as `oat-phase-implementer-gpt-5-6-terra-xhigh` and
|
|
101
|
+
`oat-reviewer-gpt-5-6-terra-xhigh` are managed outputs and should not be
|
|
102
|
+
adopted as stray roles.
|
|
99
103
|
|
|
100
104
|
## Recommended management flow
|
|
101
105
|
|
|
@@ -69,7 +69,12 @@ After adoption, `oat sync` regenerates the managed provider copies from the cano
|
|
|
69
69
|
|
|
70
70
|
### Generated provider roles
|
|
71
71
|
|
|
72
|
-
Some Codex roles are **generated-derived**
|
|
72
|
+
Some Codex roles are **generated-derived** - produced by the Codex sync
|
|
73
|
+
extension rather than mapped 1:1 from a canonical `.agents/agents/*.md` file.
|
|
74
|
+
Materialized dispatch roles are the current example: a matrix target or
|
|
75
|
+
`oat providers codex materialize` command supplies a canonical agent, model, and
|
|
76
|
+
reasoning effort, and OAT writes a role such as
|
|
77
|
+
`oat-phase-implementer-gpt-5-6-terra-xhigh`.
|
|
73
78
|
|
|
74
79
|
`oat status` and `oat init` treat any role listed in the Codex extension plan's `managedRoles` set as managed, so generated variants are **not** reported as `stray` and are **not** offered for adoption — even though they have no canonical `.agents` source. A genuinely orphaned Codex role (no canonical source and not in `managedRoles`) is still flagged.
|
|
75
80
|
|
|
@@ -18,6 +18,8 @@ description: 'Provider-specific path mappings for Claude, Cursor, Copilot, Gemin
|
|
|
18
18
|
- Project: `.agents/skills` -> `.cursor/skills`, `.agents/agents` -> `.cursor/agents`, `.agents/rules` -> `.cursor/rules`
|
|
19
19
|
- User: `~/.agents/skills` -> `~/.cursor/skills`, `~/.agents/agents` -> `~/.cursor/agents`
|
|
20
20
|
- Subagent invocation in Cursor is prompt-driven (`/name` or natural mention), not `subagent_type`
|
|
21
|
+
- OAT-controlled Cursor dispatch uses the generic `.cursor/agents/<name>.md` file plus the Task-level `model` argument selected from the dispatch matrix. A `model` frontmatter value is only a default/fallback mechanism.
|
|
22
|
+
- Cursor model validation checks whether the selected model is eligible for subagent Task dispatch; the broad `cursor-agent models` catalog alone is not enough proof.
|
|
21
23
|
- Rule files render as `.cursor/rules/*.mdc`
|
|
22
24
|
|
|
23
25
|
=== "Copilot"
|
|
@@ -42,9 +44,10 @@ description: 'Provider-specific path mappings for Claude, Cursor, Copilot, Gemin
|
|
|
42
44
|
- `.codex/agents/<role>.toml`
|
|
43
45
|
- `.codex/config.toml` (`[features] multi_agent = true`, `[agents.<role>]` upserts)
|
|
44
46
|
- Codex role files include OAT managed provenance headers and are regenerated by `oat sync --scope project`
|
|
45
|
-
- The Codex sync extension also generates effort
|
|
47
|
+
- The Codex sync extension also generates materialized roles from explicit model+effort targets, such as `oat-phase-implementer-gpt-5-6-terra-xhigh` or `oat-reviewer-gpt-5-6-terra-xhigh`, alongside canonical-derived base roles. These generated variants are managed by `oat sync` and are not treated as strays (see Manifest and Drift -> Generated provider roles)
|
|
48
|
+
- A single role can be materialized directly with `oat providers codex materialize <agent-name> --model <model-id> --effort <reasoning-effort>`; `--agent-path` selects a specific canonical markdown agent, `--role-name` overrides the generated role name, and `--scope user` writes a one-off user-scope role.
|
|
46
49
|
- Aggregate Codex config drift metadata (`aggregateConfigHash`) is emitted in sync/status codex extension output and intentionally not stored as a separate manifest row
|
|
47
|
-
- User-scope Codex role generation (`~/.codex`) remains deferred
|
|
50
|
+
- User-scope Codex role generation via provider sync (`~/.codex`) remains deferred
|
|
48
51
|
- Codex multi-agent dispatch uses config-defined roles (`[agents.<name>]`) and `agent_type`
|
|
49
52
|
- Codex subagent workflows require `[features] multi_agent = true` in active Codex config layers
|
|
50
53
|
|
|
@@ -53,7 +56,7 @@ description: 'Provider-specific path mappings for Claude, Cursor, Copilot, Gemin
|
|
|
53
56
|
- Project scope: skills + agents + rules
|
|
54
57
|
- User scope: skills + agents (provider mappings vary by adapter)
|
|
55
58
|
- Rules are project-scoped only in this release
|
|
56
|
-
- Codex user-scope role generation under `~/.codex` remains deferred in this release
|
|
59
|
+
- Codex user-scope role generation under `~/.codex` via provider sync remains deferred in this release; direct one-off materialization can use `--scope user`
|
|
57
60
|
|
|
58
61
|
## Adoption model
|
|
59
62
|
|
|
@@ -34,6 +34,7 @@ Rules are currently project-scoped canonical content. Unlike skills and agents,
|
|
|
34
34
|
- `oat providers list`
|
|
35
35
|
- `oat providers inspect`
|
|
36
36
|
- `oat providers set`
|
|
37
|
+
- `oat providers codex materialize`
|
|
37
38
|
|
|
38
39
|
## Adjacent CLI commands (commonly used with provider interop)
|
|
39
40
|
|
|
@@ -46,7 +47,7 @@ Rules are currently project-scoped canonical content. Unlike skills and agents,
|
|
|
46
47
|
- Project provider enablement is stored in `.oat/sync/config.json` (`providers.<name>.enabled`).
|
|
47
48
|
- `oat init --scope project` (interactive) prompts for supported providers and persists explicit true/false values.
|
|
48
49
|
- `oat sync --scope project` uses config-aware provider activation and can prompt to remediate detected mismatches.
|
|
49
|
-
- Codex project-scope subagent sync is generated output (`.codex/agents/*.toml` + `.codex/config.toml`) computed at command layer after path-mapping sync. Generated Codex roles
|
|
50
|
+
- Codex project-scope subagent sync is generated output (`.codex/agents/*.toml` + `.codex/config.toml`) computed at command layer after path-mapping sync. Generated Codex roles - including materialized model+effort implementer and reviewer variants - are tracked as managed by `oat status` and `oat init`, not as strays.
|
|
50
51
|
- Codex aggregate config drift is reported via sync/status extension metadata (`aggregateConfigHash`); it is not persisted as a separate manifest schema entry.
|
|
51
52
|
- Codex user-scope role generation remains intentionally deferred in this release.
|
|
52
53
|
|
|
@@ -107,9 +107,9 @@ Current schema keys:
|
|
|
107
107
|
| `git.defaultBranch` | `string` | `"main"` | Default branch for PR creation. Auto-detected during `oat init` via `gh repo view` or `origin/HEAD`. Used by `oat-project-pr-final` and `oat-project-pr-progress`. |
|
|
108
108
|
| `workflow.autoReviewAtHillCheckpoints` | `boolean` | unset | When `true`, completing a HiLL checkpoint automatically runs the extra lifecycle review. Does not control Tier 1 per-phase `oat-reviewer` gates. Can be overridden per-project via `oat_auto_review_at_hill_checkpoints` in `plan.md` frontmatter. Legacy `autoReviewAtCheckpoints` remains a fallback. |
|
|
109
109
|
| `workflow.dispatchPolicy.mode` | `string` | unset | Dispatch policy mode: `managed` lets OAT select model/effort controls; `inherit` leaves controls to the host/provider defaults. |
|
|
110
|
-
| `workflow.dispatchPolicy.policy` | `string` | unset | Managed dispatch policy: `economy`, `balanced`, `high`, `frontier`, or `uncapped`. Capped policies compile to provider targets; `uncapped` keeps OAT-managed preferred selection without provider caps.
|
|
110
|
+
| `workflow.dispatchPolicy.policy` | `string` | unset | Managed dispatch policy: `economy`, `balanced`, `high`, `frontier`, or `uncapped`. Capped policies compile to provider targets; `uncapped` keeps OAT-managed preferred selection without provider caps. `inherit` mode is separate and leaves controls to the host/provider. |
|
|
111
111
|
| `workflow.dispatchCeiling.preset` | `string` | unset | Legacy compatibility preset for capped managed policy setup (`balanced`, `maximum`, `cost-conscious`). `maximum` maps to `high`; `cost-conscious` maps to `economy`. |
|
|
112
|
-
| `workflow.dispatchCeiling.providers.codex` | `string` | unset | Legacy concrete Codex capped target (`low`, `medium`, `high`, or `xhigh`). Codex provider default effort is informational only for explicit inherit/default behavior or base/unpinned fallback paths.
|
|
112
|
+
| `workflow.dispatchCeiling.providers.codex` | `string` | unset | Legacy concrete Codex capped target (`low`, `medium`, `high`, or `xhigh`). New managed Codex dispatch resolves explicit model+effort targets to materialized role names; provider default effort is informational only for explicit inherit/default behavior or base/unpinned fallback paths. |
|
|
113
113
|
| `workflow.dispatchCeiling.providers.claude` | `string` | unset | Legacy concrete Claude capped target (`haiku`, `sonnet`, `opus`, or `fable`). Claude has no separate per-dispatch effort axis. The flat keys `workflow.dispatchCeiling.codex` and `workflow.dispatchCeiling.claude` were removed (no migration). |
|
|
114
114
|
| `workflow.gates.skills` | `object` | unset | Per-skill final gate config keyed by skill name. Managed with `oat gate set/unset`; gate-aware skills declare `oat_gateable: true`. |
|
|
115
115
|
| `workflow.gates.execTargets` | `object` | built-ins | Cross-runtime exec target registry keyed by opaque target id. Managed with `oat gate target set/unset`; built-ins cover Codex, Claude, and Cursor defaults. |
|