@ranger1/dx 0.1.32 → 0.1.34

package/@opencode/agents/claude-reviewer.md

@@ -31,8 +31,8 @@ tools:
 - findings id 必须以 `CLD-` 开头
 
 ## Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
+
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## reviewFile 格式（强制）
 

package/@opencode/agents/codex-reviewer.md

@@ -32,9 +32,8 @@ tools:
 - findings id 必须以 `CDX-` 开头
 
 ## Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
 
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## reviewFile 格式（强制）
 

package/@opencode/agents/gemini-reviewer.md

@@ -31,9 +31,8 @@ tools:
 - findings id 必须以 `GMN-` 开头
 
 ## Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
 
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## reviewFile 格式（强制）
 

package/@opencode/agents/pr-context.md

@@ -20,11 +20,11 @@ tools:
 
 ## 输出（强制）
 
-脚本会写入 `~/.opencode/cache/`，stdout 只输出单一 JSON（可 `JSON.parse()`）。
+脚本会写入项目内 `./.cache/`，stdout 只输出单一 JSON（可 `JSON.parse()`）。
 
 ## Cache 约定（强制）
 
-
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## 调用脚本（强制）
 
@@ -44,3 +44,27 @@ python3 ~/.opencode/agents/pr_context.py --pr <PR_NUMBER> --round <ROUND>
 - **失败/异常时**：
   - 若脚本 stdout 已输出合法 JSON（包含 `error` 或其他字段）→ 仍然**原样返回该 JSON**。
   - 若脚本未输出合法 JSON / 退出异常 → 仅输出一行 JSON：`{"error":"PR_CONTEXT_AGENT_FAILED"}`（必要时可加 `detail` 字段）。
+
+## GitHub 认证校验（重要）
+
+脚本会在调用 `gh repo view/gh pr view` 之前校验 GitHub CLI 已认证。
+
+- 为了避免 `gh auth status` 在“其他 host（例如 enterprise）认证异常”时误判，脚本会优先从 `git remote origin` 推断 host，并使用：
+  - `gh auth status --hostname <host>`
+- 推断失败时默认使用 `github.com`。
+
+可能出现的错误：
+
+- `{"error":"GH_CLI_NOT_FOUND"}`：找不到 `gh` 命令（PATH 内未安装/不可执行）
+  - 处理：安装 GitHub CLI：https://cli.github.com/
+- `{"error":"GH_NOT_AUTHENTICATED"}`：当前 repo 的 host 未认证
+  - 处理：`gh auth login --hostname <host>`
+
+本地排查命令（在同一个 shell 环境运行）：
+
+```bash
+git remote get-url origin
+gh auth status
+gh auth status --hostname github.com
+env | grep '^GH_'
+```

package/@opencode/agents/pr-fix.md

@@ -26,13 +26,13 @@ tools:
 ## 前置条件
 
 ### Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
+
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ### 必需输入
 
 - **PR 编号**：调用者必须在 prompt 中明确提供（如：`请修复 PR #123`）
-- **fixFile**：调用者必须在 prompt 中提供问题清单文件名（basename）（Structured Handoff）
+- **fixFile**：调用者必须在 prompt 中提供问题清单文件路径（repo 相对路径，例：`./.cache/fix-...md`）（Structured Handoff）
 
 ### 失败快速退出
 

package/@opencode/agents/pr-precheck.md

@@ -10,9 +10,8 @@ tools:
 # PR Precheck
 
 ## Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
 
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## 输入（prompt 必须包含）
 
@@ -38,6 +37,30 @@ python3 ~/.opencode/agents/pr_precheck.py <PR_NUMBER>
   - 若脚本 stdout 已输出合法 JSON（包含 `error` 或其他字段）→ 仍然**原样返回该 JSON**。
   - 若脚本未输出合法 JSON / 退出异常 → 仅输出一行 JSON：`{"error":"PR_PRECHECK_AGENT_FAILED"}`（必要时可加 `detail` 字段）。
 
+## GitHub 认证校验（重要）
+
+脚本会在执行 `gh pr view/checkout` 之前校验 GitHub CLI 已认证。
+
+- 为了避免 `gh auth status` 在“其他 host（例如 enterprise）认证异常”时误判，脚本会优先从 `git remote origin` 推断 host，并使用：
+  - `gh auth status --hostname <host>`
+- 推断失败时默认使用 `github.com`。
+
+可能出现的错误：
+
+- `{"error":"GH_CLI_NOT_FOUND"}`：找不到 `gh` 命令（PATH 内未安装/不可执行）
+  - 处理：安装 GitHub CLI：https://cli.github.com/
+- `{"error":"GH_NOT_AUTHENTICATED"}`：当前 repo 的 host 未认证
+  - 处理：`gh auth login --hostname <host>`
+
+本地排查命令（在同一个 shell 环境运行）：
+
+```bash
+git remote get-url origin
+gh auth status
+gh auth status --hostname github.com
+env | grep '^GH_'
+```
+
 ## 仅当出现 merge 冲突时怎么处理
 
 当脚本输出 `{"error":"PR_MERGE_CONFLICTS_UNRESOLVED"}` 时：

package/@opencode/agents/pr-review-aggregate.md

@@ -10,8 +10,8 @@ tools:
 # PR Review Aggregator
 
 ## Cache 约定（强制）
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
+
+- 缓存目录固定为 `./.cache/`；交接一律传 `./.cache/<file>`（repo 相对路径），禁止 basename-only（如 `foo.md`）。
 
 ## 输入（两种模式）
 

package/@opencode/agents/pr_context.py

@@ -2,19 +2,52 @@
 # PR context builder (deterministic).
 # - Reads PR metadata + recent comments via gh
 # - Reads changed files via git diff (no patch)
-# - Writes Markdown context file to ~/.opencode/cache/
+# - Writes Markdown context file to project cache: ./.cache/
 # - Prints exactly one JSON object to stdout
 
 import argparse
 import hashlib
 import json
 import os
+import re
 import subprocess
 import sys
+from urllib.parse import urlparse
 from pathlib import Path
 
 
-CACHE_DIR = Path.home() / ".opencode" / "cache"
+def _repo_root():
+    # Prefer git top-level so the cache follows the current repo.
+    try:
+        p = subprocess.run(
+            ["git", "rev-parse", "--show-toplevel"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.DEVNULL,
+            text=True,
+        )
+        out = (p.stdout or "").strip()
+        if p.returncode == 0 and out:
+            return Path(out)
+    except Exception:
+        pass
+    return Path.cwd()
+
+
+def _cache_dir(repo_root):
+    return (repo_root / ".cache").resolve()
+
+
+def _repo_relpath(repo_root, p):
+    try:
+        rel = p.resolve().relative_to(repo_root.resolve())
+        return "./" + rel.as_posix()
+    except Exception:
+        # Fallback to basename-only.
+        return os.path.basename(str(p))
+
+
+REPO_ROOT = _repo_root()
+CACHE_DIR = _cache_dir(REPO_ROOT)
 MARKER_SUBSTR = "<!-- pr-review-loop-marker"
 
 
@@ -24,8 +57,41 @@ def _json_out(obj):
 
 
 def _run_capture(cmd):
-    p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
-    return p.returncode, p.stdout, p.stderr
+    try:
+        p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+        return p.returncode, p.stdout, p.stderr
+    except FileNotFoundError as e:
+        return 127, "", str(e)
+
+
+def _detect_git_remote_host():
+    # Best-effort parse from origin remote.
+    rc, origin_url, _ = _run_capture(["git", "remote", "get-url", "origin"])
+    if rc != 0:
+        rc, origin_url, _ = _run_capture(["git", "config", "--get", "remote.origin.url"])
+    if rc != 0:
+        return None
+
+    url = (origin_url or "").strip()
+    if not url:
+        return None
+
+    # Examples:
+    # - git@github.com:owner/repo.git
+    # - ssh://git@github.company.com/owner/repo.git
+    # - https://github.com/owner/repo.git
+    if url.startswith("git@"):  # SCP-like syntax
+        m = re.match(r"^git@([^:]+):", url)
+        return m.group(1) if m else None
+
+    if url.startswith("ssh://") or url.startswith("https://") or url.startswith("http://"):
+        try:
+            parsed = urlparse(url)
+            return parsed.hostname
+        except Exception:
+            return None
+
+    return None
 
 
 def _clip(s, n):
@@ -95,9 +161,31 @@ def main(argv):
         _json_out({"error": "NOT_A_GIT_REPO"})
         return 1
 
-    if subprocess.run(["gh", "auth", "status"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode != 0:
-        _json_out({"error": "GH_NOT_AUTHENTICATED"})
+    host = _detect_git_remote_host() or "github.com"
+    rc, gh_out, gh_err = _run_capture(["gh", "auth", "status", "--hostname", host])
+    if rc == 127:
+        _json_out({
+            "error": "GH_CLI_NOT_FOUND",
+            "detail": "gh not found in PATH",
+            "suggestion": "Install GitHub CLI: https://cli.github.com/",
+        })
         return 1
+    if rc != 0:
+        # If host detection is wrong, a global check might still succeed.
+        rc2, gh_out2, gh_err2 = _run_capture(["gh", "auth", "status"])
+        if rc2 == 0:
+            pass
+        else:
+            detail = (gh_err or gh_out or "").strip()
+            if len(detail) > 4000:
+                detail = detail[-4000:]
+            _json_out({
+                "error": "GH_NOT_AUTHENTICATED",
+                "host": host,
+                "detail": detail,
+                "suggestion": f"Run: gh auth login --hostname {host}",
+            })
+            return 1
 
     rc, owner_repo, _ = _run_capture(["gh", "repo", "view", "--json", "nameWithOwner", "--jq", ".nameWithOwner"])
     owner_repo = owner_repo.strip() if rc == 0 else ""
@@ -195,7 +283,8 @@ def main(argv):
             "repo": {"nameWithOwner": owner_repo},
             "headOid": head_oid,
             "existingMarkerCount": marker_count,
-            "contextFile": context_file,
+            # Handoff should be repo-relative path so downstream agents can read it directly.
+            "contextFile": _repo_relpath(REPO_ROOT, context_path),
         }
     )
     return 0

package/@opencode/agents/pr_precheck.py

@@ -8,20 +8,31 @@
 # - If mergeable == CONFLICTING: return {"error":"PR_MERGE_CONFLICTS_UNRESOLVED"}
 # - Run dx cache clear
 # - Run dx lint and dx build all concurrently
-# - On failure, write fixFile to ~/.opencode/cache/ and return {"ok":false,"fixFile":"..."}
+# - On failure, write fixFile to project cache: ./.cache/
+#   and return {"ok":false,"fixFile":"./.cache/..."}
 # - On success, return {"ok":true}
 #
 # Stdout contract: print exactly one JSON object and nothing else.
 
 import json
+import os
 import re
 import secrets
 import subprocess
 import sys
+from urllib.parse import urlparse
 from pathlib import Path
 
 
 def run(cmd, *, cwd=None, stdout_path=None, stderr_path=None):
+    try:
+        return _run(cmd, cwd=cwd, stdout_path=stdout_path, stderr_path=stderr_path)
+    except FileNotFoundError as e:
+        # Match common shell semantics for "command not found".
+        return 127
+
+
+def _run(cmd, *, cwd=None, stdout_path=None, stderr_path=None):
     if stdout_path and stderr_path and stdout_path == stderr_path:
         with open(stdout_path, "wb") as f:
             p = subprocess.run(cmd, cwd=cwd, stdout=f, stderr=f)
@@ -45,8 +56,70 @@ def run(cmd, *, cwd=None, stdout_path=None, stderr_path=None):
 
 
 def run_capture(cmd, *, cwd=None):
-    p = subprocess.run(cmd, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
-    return p.returncode, p.stdout, p.stderr
+    try:
+        p = subprocess.run(cmd, cwd=cwd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+        return p.returncode, p.stdout, p.stderr
+    except FileNotFoundError as e:
+        return 127, "", str(e)
+
+
+def _detect_git_remote_host():
+    # Best-effort parse from origin remote.
+    rc, origin_url, _ = run_capture(["git", "remote", "get-url", "origin"])
+    if rc != 0:
+        rc, origin_url, _ = run_capture(["git", "config", "--get", "remote.origin.url"])
+    if rc != 0:
+        return None
+
+    url = (origin_url or "").strip()
+    if not url:
+        return None
+
+    # Examples:
+    # - git@github.com:owner/repo.git
+    # - ssh://git@github.company.com/owner/repo.git
+    # - https://github.com/owner/repo.git
+    if url.startswith("git@"):  # SCP-like syntax
+        # git@host:owner/repo(.git)
+        m = re.match(r"^git@([^:]+):", url)
+        return m.group(1) if m else None
+
+    if url.startswith("ssh://") or url.startswith("https://") or url.startswith("http://"):
+        try:
+            parsed = urlparse(url)
+            return parsed.hostname
+        except Exception:
+            return None
+
+    return None
+
+
+def repo_root():
+    try:
+        p = subprocess.run(
+            ["git", "rev-parse", "--show-toplevel"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.DEVNULL,
+            text=True,
+        )
+        out = (p.stdout or "").strip()
+        if p.returncode == 0 and out:
+            return Path(out)
+    except Exception:
+        pass
+    return Path.cwd()
+
+
+def cache_dir(repo_root_path):
+    return (repo_root_path / ".cache").resolve()
+
+
+def repo_relpath(repo_root_path, p):
+    try:
+        rel = p.resolve().relative_to(repo_root_path.resolve())
+        return "./" + rel.as_posix()
+    except Exception:
+        return str(p)
 
 
 def tail_text(path, max_lines=200, max_chars=12000):
@@ -101,9 +174,25 @@ def main():
         print(json.dumps({"error": "NOT_A_GIT_REPO"}))
         return 1
 
-    rc = run(["gh", "auth", "status"])
+    host = _detect_git_remote_host() or "github.com"
+    rc, gh_out, gh_err = run_capture(["gh", "auth", "status", "--hostname", host])
+    if rc == 127:
+        print(json.dumps({
+            "error": "GH_CLI_NOT_FOUND",
+            "detail": "gh not found in PATH",
+            "suggestion": "Install GitHub CLI: https://cli.github.com/",
+        }))
+        return 1
     if rc != 0:
-        print(json.dumps({"error": "GH_NOT_AUTHENTICATED"}))
+        detail = (gh_err or gh_out or "").strip()
+        if len(detail) > 4000:
+            detail = detail[-4000:]
+        print(json.dumps({
+            "error": "GH_NOT_AUTHENTICATED",
+            "host": host,
+            "detail": detail,
+            "suggestion": f"Run: gh auth login --hostname {host}",
+        }))
         return 1
 
     rc, pr_json, _ = run_capture(["gh", "pr", "view", pr, "--json", "headRefName,baseRefName,mergeable"])
@@ -155,7 +244,8 @@ def main():
         return 1
 
     run_id = secrets.token_hex(4)
-    cache = Path.home() / ".opencode" / "cache"
+    root = repo_root()
+    cache = cache_dir(root)
     cache.mkdir(parents=True, exist_ok=True)
     
     cache_clear_log = cache / f"precheck-pr{pr}-{run_id}-cache-clear.log"
@@ -168,9 +258,9 @@ def main():
         "headRefName": head,
         "baseRefName": base,
         "mergeable": mergeable,
-        "cacheClearLog": str(cache_clear_log),
-        "lintLog": str(lint_log),
-        "buildLog": str(build_log),
+        "cacheClearLog": repo_relpath(root, cache_clear_log),
+        "lintLog": repo_relpath(root, lint_log),
+        "buildLog": repo_relpath(root, build_log),
     }, indent=2) + "\n")
 
     cache_rc = run(["dx", "cache", "clear"], stdout_path=str(cache_clear_log), stderr_path=str(cache_clear_log))
@@ -186,10 +276,10 @@ def main():
             "line": None,
             "title": "dx cache clear failed",
             "description": log_tail,
-            "suggestion": f"Open log: {cache_clear_log}",
+            "suggestion": f"Open log: {repo_relpath(root, cache_clear_log)}",
         }]
         write_fixfile(str(fix_path), issues)
-        print(json.dumps({"ok": False, "fixFile": fix_file}))
+        print(json.dumps({"ok": False, "fixFile": repo_relpath(root, fix_path)}))
         return 1
 
     import threading
@@ -226,7 +316,7 @@ def main():
             "line": line,
             "title": "dx lint failed",
             "description": log_tail,
-            "suggestion": f"Open log: {lint_log}",
+            "suggestion": f"Open log: {repo_relpath(root, lint_log)}",
         })
         i += 1
     if results.get("build", 1) != 0:
@@ -240,11 +330,11 @@ def main():
             "line": line,
             "title": "dx build all failed",
             "description": log_tail,
-            "suggestion": f"Open log: {build_log}",
+            "suggestion": f"Open log: {repo_relpath(root, build_log)}",
         })
 
     write_fixfile(str(fix_path), issues)
-    print(json.dumps({"ok": False, "fixFile": fix_file}))
+    print(json.dumps({"ok": False, "fixFile": repo_relpath(root, fix_path)}))
     return 1
 
 

package/@opencode/agents/pr_review_aggregate.py

@@ -2,12 +2,12 @@
 # Deterministic PR review aggregation (script owns all rules).
 #
 # Workflow:
-# - Mode A: read contextFile + reviewFile(s) from ~/.opencode/cache/, parse findings, merge duplicates,
+# - Mode A: read contextFile + reviewFile(s) from project cache: ./.cache/, parse findings, merge duplicates,
 #   post a single PR comment, and optionally generate a fixFile for pr-fix.
 # - Mode B: read fixReportFile from cache and post it as a PR comment.
 #
 # Input rules:
-# - Callers pass only basenames (no paths). This script reads/writes under ~/.opencode/cache/.
+# - Callers should pass repo-relative paths (e.g. ./.cache/foo.md). For backward-compat, basenames are also accepted.
 # - Duplicate groups come from LLM but are passed as an argument (NOT written to disk).
 #   - Prefer: --duplicate-groups-b64 <base64(json)>
 #   - Also supported: --duplicate-groups-json '<json>'
@@ -20,7 +20,7 @@
 #
 # PR comment rules:
 # - Every comment must include marker: <!-- pr-review-loop-marker -->
-# - Comment body must NOT contain local filesystem paths (this script scrubs ~/.opencode/cache and $HOME).
+# - Comment body must NOT contain local filesystem paths (this script scrubs cache paths, $HOME, and repo absolute paths).
 #
 # fixFile rules:
 # - fixFile includes ONLY P0/P1/P2 findings.
@@ -38,7 +38,76 @@ from pathlib import Path
 
 
 MARKER = "<!-- pr-review-loop-marker -->"
-CACHE_DIR = Path.home() / ".opencode" / "cache"
+
+
+def _repo_root():
+    try:
+        p = subprocess.run(
+            ["git", "rev-parse", "--show-toplevel"],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.DEVNULL,
+            text=True,
+        )
+        out = (p.stdout or "").strip()
+        if p.returncode == 0 and out:
+            return Path(out)
+    except Exception:
+        pass
+    return Path.cwd()
+
+
+def _cache_dir(repo_root):
+    return (repo_root / ".cache").resolve()
+
+
+def _is_safe_relpath(p):
+    if p.is_absolute():
+        return False
+    if any(part in ("..",) for part in p.parts):
+        return False
+    return True
+
+
+def _resolve_ref(repo_root, cache_dir, ref):
+    if not ref:
+        return None
+    s = str(ref).strip()
+    if not s:
+        return None
+
+    # If caller already passes a repo-relative path like ./.cache/foo.md
+    looks_like_path = ("/" in s) or ("\\" in s) or s.startswith(".")
+    if looks_like_path:
+        p = Path(s)
+        if p.is_absolute():
+            # Only allow absolute paths under cache_dir.
+            try:
+                p2 = p.resolve()
+                p2.relative_to(cache_dir.resolve())
+                return p2
+            except Exception:
+                return None
+        if not _is_safe_relpath(p):
+            return None
+        return (repo_root / p).resolve()
+
+    # Backward-compat: accept basename-only.
+    b = _safe_basename(s)
+    if not b:
+        return None
+    return (cache_dir / b).resolve()
+
+
+def _repo_relpath(repo_root, p):
+    try:
+        rel = p.resolve().relative_to(repo_root.resolve())
+        return "./" + rel.as_posix()
+    except Exception:
+        return os.path.basename(str(p))
+
+
+REPO_ROOT = _repo_root()
+CACHE_DIR = _cache_dir(REPO_ROOT)
 
 
 def _json_out(obj):
@@ -57,14 +126,19 @@ def _safe_basename(name):
     return base
 
 
-def _read_cache_text(basename):
-    p = CACHE_DIR / basename
+def _read_cache_text(ref):
+    p = _resolve_ref(REPO_ROOT, CACHE_DIR, ref)
+    if not p:
+        raise FileNotFoundError("INVALID_CACHE_REF")
     return p.read_text(encoding="utf-8", errors="replace")
 
 
-def _write_cache_text(basename, content):
+def _write_cache_text(ref, content):
+    p = _resolve_ref(REPO_ROOT, CACHE_DIR, ref)
+    if not p:
+        raise ValueError("INVALID_CACHE_REF")
     CACHE_DIR.mkdir(parents=True, exist_ok=True)
-    p = CACHE_DIR / basename
+    p.parent.mkdir(parents=True, exist_ok=True)
     p.write_text(content, encoding="utf-8", newline="\n")
 
 
@@ -88,13 +162,21 @@ def _sanitize_for_comment(text):
         text = str(text)
 
     home = str(Path.home())
-    cache_abs = str(CACHE_DIR)
+    cache_abs = str(CACHE_DIR.resolve())
+    repo_abs = str(REPO_ROOT.resolve())
 
+    # Backward-compat scrub.
     text = text.replace("~/.opencode/cache/", "[cache]/")
-    text = text.replace(cache_abs + "/", "[cache]/")
     if home:
         text = text.replace(home + "/.opencode/cache/", "[cache]/")
 
+    # New cache scrub.
+    text = text.replace(cache_abs + "/", "[cache]/")
+
+    # Avoid leaking absolute local repo paths.
+    if repo_abs:
+        text = text.replace(repo_abs + "/", "")
+
     return text
 
 
@@ -236,8 +318,14 @@ def _counts(findings):
     return c
 
 
-def _post_pr_comment(pr_number, body_basename):
-    body_path = str(CACHE_DIR / body_basename)
+def _post_pr_comment(pr_number, body_ref):
+    if isinstance(body_ref, Path):
+        p = body_ref
+    else:
+        p = _resolve_ref(REPO_ROOT, CACHE_DIR, body_ref)
+    if not p:
+        return False
+    body_path = str(p)
     rc = subprocess.run(
         ["gh", "pr", "comment", str(pr_number), "--body-file", body_path],
         stdout=subprocess.DEVNULL,
@@ -334,20 +422,25 @@ def main(argv):
     round_num = args.round
     run_id = str(args.run_id)
 
-    fix_report_file = _safe_basename(args.fix_report_file) if args.fix_report_file else None
-    context_file = _safe_basename(args.context_file) if args.context_file else None
+    fix_report_file = (args.fix_report_file or "").strip() or None
+    context_file = (args.context_file or "").strip() or None
     review_files = []
     for rf in args.review_file or []:
-        b = _safe_basename(rf)
-        if b:
-            review_files.append(b)
+        s = (rf or "").strip()
+        if s:
+            review_files.append(s)
 
     if fix_report_file:
+        fix_p = _resolve_ref(REPO_ROOT, CACHE_DIR, fix_report_file)
+        if not fix_p or not fix_p.exists():
+            _json_out({"error": "FIX_REPORT_FILE_NOT_FOUND"})
+            return 1
         fix_md = _read_cache_text(fix_report_file)
         body = _render_mode_b_comment(pr_number, round_num, run_id, fix_md)
-        body_file = f"review-aggregate-fix-comment-pr{pr_number}-r{round_num}-{run_id}.md"
-        _write_cache_text(body_file, body)
-        if not _post_pr_comment(pr_number, body_file):
+        body_basename = f"review-aggregate-fix-comment-pr{pr_number}-r{round_num}-{run_id}.md"
+        body_ref = _repo_relpath(REPO_ROOT, CACHE_DIR / body_basename)
+        _write_cache_text(body_ref, body)
+        if not _post_pr_comment(pr_number, body_ref):
             _json_out({"error": "GH_PR_COMMENT_FAILED"})
             return 1
         _json_out({"ok": True})
@@ -360,6 +453,21 @@ def main(argv):
         _json_out({"error": "MISSING_REVIEW_FILES"})
         return 1
 
+    ctx_p = _resolve_ref(REPO_ROOT, CACHE_DIR, context_file)
+    if not ctx_p or not ctx_p.exists():
+        _json_out({"error": "CONTEXT_FILE_NOT_FOUND"})
+        return 1
+
+    valid_review_files = []
+    for rf in review_files:
+        p = _resolve_ref(REPO_ROOT, CACHE_DIR, rf)
+        if p and p.exists():
+            valid_review_files.append(rf)
+    review_files = valid_review_files
+    if not review_files:
+        _json_out({"error": "REVIEW_FILES_NOT_FOUND"})
+        return 1
+
     raw_reviews = []
     all_findings = []
     for rf in review_files:
@@ -377,9 +485,10 @@ def main(argv):
     stop = len(must_fix) == 0
 
     body = _render_mode_a_comment(pr_number, round_num, run_id, counts, must_fix, merged_map, raw_reviews)
-    body_file = f"review-aggregate-comment-pr{pr_number}-r{round_num}-{run_id}.md"
-    _write_cache_text(body_file, body)
-    if not _post_pr_comment(pr_number, body_file):
+    body_basename = f"review-aggregate-comment-pr{pr_number}-r{round_num}-{run_id}.md"
+    body_ref = _repo_relpath(REPO_ROOT, CACHE_DIR / body_basename)
+    _write_cache_text(body_ref, body)
+    if not _post_pr_comment(pr_number, body_ref):
         _json_out({"error": "GH_PR_COMMENT_FAILED"})
         return 1
 
@@ -415,8 +524,9 @@ def main(argv):
         lines.append(f"  description: {desc}")
         lines.append(f"  suggestion: {sugg}")
 
-    _write_cache_text(fix_file, "\n".join(lines) + "\n")
-    _json_out({"stop": False, "fixFile": fix_file})
+    fix_ref = _repo_relpath(REPO_ROOT, CACHE_DIR / fix_file)
+    _write_cache_text(fix_ref, "\n".join(lines) + "\n")
+    _json_out({"stop": False, "fixFile": fix_ref})
     return 0
 
 

package/@opencode/commands/pr-review-loop.md

@@ -12,8 +12,8 @@ agent: sisyphus
 
 ## Cache 约定（强制）
 
-- 本流程所有中间文件都存放在 `~/.opencode/cache/`
-- agent/命令之间仅传递文件名（basename），不传目录
+- 本流程所有中间文件都存放在项目内：`./.cache/`
+- agent/命令之间传递**repo 相对路径**（例如：`./.cache/pr-context-...md`），不要只传 basename
 
 ## 固定 subagent_type（直接用 Task 调用，不要反复确认）
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ranger1/dx",
-  "version": "0.1.32",
+  "version": "0.1.34",
   "type": "module",
   "license": "MIT",
   "repository": {