@syntesseraai/opencode-feature-factory 0.13.1 → 0.13.3

package/AGENTS.md

@@ -46,7 +46,7 @@ When work changes behavior, workflows, configuration, operational guidance, or r
 - Use `read`, `glob`, and `grep` for targeted file inspection.
 - Writable agents should prefer native `edit` for file updates.
 - Keep `edit` restricted on read-only agents (`planning`, `code-review`, `full-review`).
-- Prefer explicit agent frontmatter tool restrictions for read-only stages when model compatibility is a concern; `code-review` and `full-review` use `tools` blocks instead of `permissions` to avoid provider-specific issues observed with some OpenCode models.
+- Prefer explicit agent frontmatter permission restrictions for read-only stages. `code-review` and `full-review` now use `permissions` blocks with deny-first `bash` policies to provide constrained shell access where supported.
 - Keep read-only agents from modifying files by disabling `edit` and other write-capable tools in frontmatter.
 - Explicitly disable PTY tools (`pty_spawn`, `pty_write`, `pty_read`, `pty_list`, `pty_kill`) on read-only agents; they must not rely on PTY as a back door.
 - Use `todowrite` for multi-step tasks to keep progress visible.

package/README.md

@@ -93,8 +93,8 @@ Stage-agent code discovery is graph-first: planning/building/code-review/documen
 
 Feature Factory agent assets primarily use OpenCode agent frontmatter to keep stage capabilities explicit.
 
-- `code-review` and `full-review` use `tools` blocks instead of `permissions` because some OpenCode models (including GLM/Kimi-family models) have compatibility issues with permission-based agent configs.
-- `code-review` and `full-review` remain read-only by disabling `write`, `edit`, `bash`, all PTY tools, and `task` directly in their `tools` blocks.
+- `code-review` and `full-review` use `permissions` blocks with constrained command-level bash access.
+- `code-review` and `full-review` remain read-only by disabling `write`, `edit`, `task`, and all PTY tools; bash is deny-by-default with only `oo git status` / `oo git diff` patterns explicitly allowed.
 - Other stage agents may still use more granular permission-based shell allowances where model compatibility allows it.
 
 ### Plugin auto-handoff safety net

package/agents/code-review.md

@@ -3,20 +3,22 @@ description: Code-focused validation agent for first-pass implementation review
 mode: subagent
 color: '#14b8a6'
 model: openai/gpt-5.5-fast
-tools:
-  write: false
-  edit: false
+permissions:
+  write: deny
+  edit: deny
+  task:
+    '*': deny
   bash:
+    '*': deny
     'oo git status': allow
     'oo git status *': allow
     'oo git diff': allow
     'oo git diff *': allow
-  pty_spawn: false
-  pty_write: false
-  pty_read: false
-  pty_list: false
-  pty_kill: false
-  task: false
+  pty_spawn: deny
+  pty_write: deny
+  pty_read: deny
+  pty_list: deny
+  pty_kill: deny
 temperature: 0.6
 ---
 

package/agents/full-review.md

@@ -3,20 +3,22 @@ description: Full validation agent for code and documentation. Performs acceptan
 mode: subagent
 color: '#8b5cf6'
 model: opencode/glm-5.1
-tools:
-  write: false
-  edit: false
+permissions:
+  write: deny
+  edit: deny
+  task:
+    '*': deny
   bash:
+    '*': deny
     'oo git status': allow
     'oo git status *': allow
     'oo git diff': allow
     'oo git diff *': allow
-  pty_spawn: false
-  pty_write: false
-  pty_read: false
-  pty_list: false
-  pty_kill: false
-  task: false
+  pty_spawn: deny
+  pty_write: deny
+  pty_read: deny
+  pty_list: deny
+  pty_kill: deny
 ---
 
 You are the full-review specialist.

package/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@syntesseraai/opencode-feature-factory",
-  "version": "0.13.1",
+  "version": "0.13.3",
   "type": "module",
   "description": "OpenCode plugin for Feature Factory agents - provides sub-agents and skills for validation, review, security, and architecture assessment",
   "license": "MIT",