npm - @wefter/opencode - Versions diffs - 0.2.0 → 0.3.0 - Mend

@wefter/opencode 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/src/workflows/work-unit-implementation/README.md CHANGED Viewed

@@ -1,71 +1,71 @@
-# Work Unit Implementation
-Wefter module for implementing one release work unit at a time. Run generation, deterministic guards and OpenCode agents are available.
-The source workflow already exists in the reference project under older terminology. The standalone Wefter vocabulary is release -> work unit -> task. A work unit can be technical, functional, vertical, horizontal or validation-focused, as long as it has objective scope, dependencies, acceptance criteria and traceable tasks.
-## Commands
-Replace the existing reference scripts with portable Node commands:
-```bash
-wefter work-unit run --work-unit-id 0
-wefter work-unit guard --run-id <run-id> --mode ReadyForReview --task-id T00-001
-wefter work-unit guard --run-id <run-id> --mode ReadyForNextTask --task-id T00-001
-wefter work-unit guard --run-id <run-id> --mode ReadyForFinalValidation
-```
-`wefter work-unit run`, `wefter work-unit guard` and `/wefter-run-work-unit` are implemented.
-## Recommended Flow
-1. Create or resume a work-unit run.
-2. Generate the executable work-unit plan.
-3. Run independent adversarial plan reviews using lenses and variants.
-4. Consolidate raw plan findings.
-5. Validate consolidated findings adversarially.
-6. Repair the plan and generate candidate approved artifacts.
-7. Apply the configured gate policy before publishing artifacts.
-8. Publish approved artifacts to the configured execution and decision-log paths.
-9. Execute one task at a time with TDD.
-10. Run the `ReadyForReview` guard after each implementation or correction.
-11. Review the implemented task independently.
-12. Run the `ReadyForNextTask` guard after each review.
-13. If review result is `Needs Fix`, correct the same task and repeat guard -> review -> guard.
-14. If review result is `Blocked`, pause for human decision or specification repair.
-15. Run the `ReadyForFinalValidation` guard before final validation.
-16. Validate the completed work unit.
-## Safety Rule
-Agents must not implement code directly from a macro `WORK_UNITS.md`. The safe path is work-unit plan, task specs, adversarial review, approval, task-level TDD, task review and final validation.
-## Task Review Contract
-Every task review must contain exactly one `## Machine Result` block with valid JSON:
-```json
-{
-  "taskId": "T00-001",
-  "result": "Pass",
-  "reviewIteration": 1,
-  "blockingFindings": []
-}
-```
-Accepted `result` values are `Pass`, `Needs Fix` and `Blocked`. `blockingFindings` must be an array, and it must be non-empty for `Needs Fix` or `Blocked`.
-## Deterministic Guard Rules
-- Missing task logs block review.
-- Missing reviews block advancement.
-- Tasks must pass in approved task-spec order.
-- Malformed or inconsistent `Machine Result` blocks block advancement.
-- Reviews older than task logs are stale and block advancement.
-- `Needs Fix` blocks the next task until the same task receives a correction log and a fresh review.
-- `Blocked` pauses the work unit.
-- Final validation is allowed only when every approved task has a non-stale `Pass` review.
-## Human Gates
-Gate policy may require a pause before code when a plan or task involves schema/migration changes, auth/session/permission changes, tenant isolation, private storage or token handling, domain ambiguity, release scope changes, security tradeoffs or validated human decisions.
+# Work Unit Implementation
+Wefter module for implementing one release work unit at a time. Run generation, deterministic guards and OpenCode agents are available.
+The source workflow already exists in the reference project under older terminology. The standalone Wefter vocabulary is release -> work unit -> task. A work unit can be technical, functional, vertical, horizontal or validation-focused, as long as it has objective scope, dependencies, acceptance criteria and traceable tasks.
+## Commands
+Replace the existing reference scripts with portable Node commands:
+```bash
+wefter work-unit run --work-unit-id 0
+wefter work-unit guard --run-id <run-id> --mode ReadyForReview --task-id T00-001
+wefter work-unit guard --run-id <run-id> --mode ReadyForNextTask --task-id T00-001
+wefter work-unit guard --run-id <run-id> --mode ReadyForFinalValidation
+```
+`wefter work-unit run`, `wefter work-unit guard` and `/wefter-run-work-unit` are implemented.
+## Recommended Flow
+1. Create or resume a work-unit run.
+2. Generate the executable work-unit plan.
+3. Run independent adversarial plan reviews using lenses and variants.
+4. Consolidate raw plan findings.
+5. Validate consolidated findings adversarially.
+6. Repair the plan and generate candidate approved artifacts.
+7. Apply the configured gate policy before publishing artifacts.
+8. Publish approved artifacts to the configured execution and decision-log paths.
+9. Execute one task at a time with TDD.
+10. Run the `ReadyForReview` guard after each implementation or correction.
+11. Review the implemented task independently.
+12. Run the `ReadyForNextTask` guard after each review.
+13. If review result is `Needs Fix`, correct the same task and repeat guard -> review -> guard.
+14. If review result is `Blocked`, pause for human decision or specification repair.
+15. Run the `ReadyForFinalValidation` guard before final validation.
+16. Validate the completed work unit.
+## Safety Rule
+Agents must not implement code directly from a macro `WORK_UNITS.md`. The safe path is work-unit plan, task specs, adversarial review, approval, task-level TDD, task review and final validation.
+## Task Review Contract
+Every task review must contain exactly one `## Machine Result` block with valid JSON:
+```json
+{
+  "taskId": "T00-001",
+  "result": "Pass",
+  "reviewIteration": 1,
+  "blockingFindings": []
+}
+```
+Accepted `result` values are `Pass`, `Needs Fix` and `Blocked`. `blockingFindings` must be an array, and it must be non-empty for `Needs Fix` or `Blocked`.
+## Deterministic Guard Rules
+- Missing task logs block review.
+- Missing reviews block advancement.
+- Tasks must pass in approved task-spec order.
+- Malformed or inconsistent `Machine Result` blocks block advancement.
+- Reviews older than task logs are stale and block advancement.
+- `Needs Fix` blocks the next task until the same task receives a correction log and a fresh review.
+- `Blocked` pauses the work unit.
+- Final validation is allowed only when every approved task has a non-stale `Pass` review.
+## Human Gates
+Gate policy may require a pause before code when a plan or task involves schema/migration changes, auth/session/permission changes, tenant isolation, private storage or token handling, domain ambiguity, release scope changes, security tradeoffs or validated human decisions.

package/src/workflows/work-unit-implementation/templates/default-config.json CHANGED Viewed

@@ -1,46 +1,46 @@
-{
-  "version": 1,
-  "workflowName": "work-unit-implementation",
-  "releaseId": "01_mvp",
-  "workUnitsDocument": "docs/releases/01_mvp/WORK_UNITS.md",
-  "sourceDocs": {
-    "include": [
-      "AGENTS.md",
-      "PRODUCT_VISION.md",
-      "docs/**/*.md"
-    ],
-    "exclude": [
-      ".audit/**",
-      ".opencode/**",
-      ".agents/**",
-      "docs/audits/**",
-      "docs/references/**"
-    ]
-  },
-  "runArtifactsRoot": ".audit/wefter/work-unit-implementation",
-  "versionedArtifacts": {
-    "executionRoot": "docs/releases/01_mvp/execution",
-    "decisionLogRoot": "docs/releases/01_mvp/decisions"
-  },
-  "defaultWorkUnitId": "0",
-  "defaultPlanAuditPassesPerLens": 2,
-  "gatePolicy": {
-    "mode": "structural-work-units",
-    "structuralWorkUnits": [
-      "work-unit-00",
-      "work-unit-01",
-      "work-unit-02",
-      "work-unit-03"
-    ],
-    "alwaysPauseOn": [
-      "schema-or-migration-change",
-      "auth-session-permission-change",
-      "tenant-isolation-change",
-      "private-storage-or-token-change",
-      "domain-rule-ambiguity",
-      "mvp-scope-change",
-      "security-tradeoff",
-      "validated-human-decision"
-    ]
-  }
-}
+{
+  "version": 1,
+  "workflowName": "work-unit-implementation",
+  "releaseId": "01_mvp",
+  "workUnitsDocument": "docs/releases/01_mvp/WORK_UNITS.md",
+  "sourceDocs": {
+    "include": [
+      "AGENTS.md",
+      "PRODUCT_VISION.md",
+      "docs/**/*.md"
+    ],
+    "exclude": [
+      ".audit/**",
+      ".opencode/**",
+      ".agents/**",
+      "docs/audits/**",
+      "docs/references/**"
+    ]
+  },
+  "runArtifactsRoot": ".audit/wefter/work-unit-implementation",
+  "versionedArtifacts": {
+    "executionRoot": "docs/releases/01_mvp/execution",
+    "decisionLogRoot": "docs/releases/01_mvp/decisions"
+  },
+  "defaultWorkUnitId": "0",
+  "defaultPlanAuditPassesPerLens": 2,
+  "gatePolicy": {
+    "mode": "structural-work-units",
+    "structuralWorkUnits": [
+      "work-unit-00",
+      "work-unit-01",
+      "work-unit-02",
+      "work-unit-03"
+    ],
+    "alwaysPauseOn": [
+      "schema-or-migration-change",
+      "auth-session-permission-change",
+      "tenant-isolation-change",
+      "private-storage-or-token-change",
+      "domain-rule-ambiguity",
+      "mvp-scope-change",
+      "security-tradeoff",
+      "validated-human-decision"
+    ]
+  }
+}

package/src/workflows/work-unit-implementation/templates/default-profile.json CHANGED Viewed

@@ -1,57 +1,57 @@
-{
-  "version": 1,
-  "variants": [
-    {
-      "id": "coverage-gaps",
-      "title": "Coverage gaps",
-      "instruction": "Find requirements, acceptance criteria, domain rules or technical decisions that should appear in the work-unit plan but are missing or lack a verifiable task."
-    },
-    {
-      "id": "overreach-and-scope-leak",
-      "title": "Overreach and scope leak",
-      "instruction": "Find tasks that implement items outside the work unit, outside the release scope or before required dependencies are in place."
-    },
-    {
-      "id": "implementation-risk",
-      "title": "Implementation risk",
-      "instruction": "Find risks in migrations, concurrency, permissions, incomplete data, errors, rollback, testability, coupling and hard-to-reverse decisions."
-    },
-    {
-      "id": "test-and-gate-quality",
-      "title": "Test and gate quality",
-      "instruction": "Find tasks without objective acceptance criteria, sufficient tests, automated verification or required human gates for critical decisions."
-    }
-  ],
-  "lenses": [
-    {
-      "id": "work-unit-vs-source-docs",
-      "title": "Work unit vs source docs",
-      "focus": "Compare the work-unit plan with release scope, domain, data contract, acceptance criteria and technical decision documents."
-    },
-    {
-      "id": "traceability",
-      "title": "Task-rule-test traceability",
-      "focus": "Verify that each task references rules, criteria, contracts and tests, and that every relevant work-unit item has a corresponding task."
-    },
-    {
-      "id": "data-and-migrations",
-      "title": "Data, migrations and persistence",
-      "focus": "Evaluate schema, migrations, seeds, constraints, existing data, concurrency and logical rollback impact."
-    },
-    {
-      "id": "security-tenant-permissions",
-      "title": "Security, tenant and permissions",
-      "focus": "Evaluate company isolation, authentication, session handling, authorization, private files, tokens, rate limits and data exposure."
-    },
-    {
-      "id": "ux-errors-and-operations",
-      "title": "UX, errors and operations",
-      "focus": "Evaluate error states, messages, alternate flows, mobile-first behavior, observability, operational history and real-world operation."
-    },
-    {
-      "id": "sequencing-and-dependencies",
-      "title": "Sequencing and dependencies",
-      "focus": "Evaluate whether task order respects dependencies between work units, avoids rework and does not postpone critical foundations."
-    }
-  ]
-}
+{
+  "version": 1,
+  "variants": [
+    {
+      "id": "coverage-gaps",
+      "title": "Coverage gaps",
+      "instruction": "Find requirements, acceptance criteria, domain rules or technical decisions that should appear in the work-unit plan but are missing or lack a verifiable task."
+    },
+    {
+      "id": "overreach-and-scope-leak",
+      "title": "Overreach and scope leak",
+      "instruction": "Find tasks that implement items outside the work unit, outside the release scope or before required dependencies are in place."
+    },
+    {
+      "id": "implementation-risk",
+      "title": "Implementation risk",
+      "instruction": "Find risks in migrations, concurrency, permissions, incomplete data, errors, rollback, testability, coupling and hard-to-reverse decisions."
+    },
+    {
+      "id": "test-and-gate-quality",
+      "title": "Test and gate quality",
+      "instruction": "Find tasks without objective acceptance criteria, sufficient tests, automated verification or required human gates for critical decisions."
+    }
+  ],
+  "lenses": [
+    {
+      "id": "work-unit-vs-source-docs",
+      "title": "Work unit vs source docs",
+      "focus": "Compare the work-unit plan with release scope, domain, data contract, acceptance criteria and technical decision documents."
+    },
+    {
+      "id": "traceability",
+      "title": "Task-rule-test traceability",
+      "focus": "Verify that each task references rules, criteria, contracts and tests, and that every relevant work-unit item has a corresponding task."
+    },
+    {
+      "id": "data-and-migrations",
+      "title": "Data, migrations and persistence",
+      "focus": "Evaluate schema, migrations, seeds, constraints, existing data, concurrency and logical rollback impact."
+    },
+    {
+      "id": "security-tenant-permissions",
+      "title": "Security, tenant and permissions",
+      "focus": "Evaluate company isolation, authentication, session handling, authorization, private files, tokens, rate limits and data exposure."
+    },
+    {
+      "id": "ux-errors-and-operations",
+      "title": "UX, errors and operations",
+      "focus": "Evaluate error states, messages, alternate flows, mobile-first behavior, observability, operational history and real-world operation."
+    },
+    {
+      "id": "sequencing-and-dependencies",
+      "title": "Sequencing and dependencies",
+      "focus": "Evaluate whether task order respects dependencies between work units, avoids rework and does not postpone critical foundations."
+    }
+  ]
+}

package/src/workflows/work-unit-implementation/templates/opencode/agent/wefter-work-unit-orchestrator.md.tmpl CHANGED Viewed

@@ -1,62 +1,62 @@
----
-description: Orchestrates Wefter work-unit planning, adversarial review, gates, task execution, task review, decision logs, and final validation.
-mode: primary
-steps: 1000
-permission:
-  edit: allow
-  bash:
-    "*": ask
-    {{RUNNER_COMMAND_WORK_UNIT_PATTERN}}: allow
-  task: allow
-  webfetch: deny
-  websearch: deny
----
-You are the end-to-end Wefter work-unit implementation orchestrator for this repository.
-Your job is to transform one release work unit into an approved plan, execute it task by task only after the configured gate is satisfied, and validate the completed work unit.
-Local configuration:
-- Wefter config: `{{CONFIG_FILE}}`
-- Work-unit config: `{{WORK_UNIT_CONFIG_PATH}}`
-- Work-unit profile: `{{WORK_UNIT_PROFILE_PATH}}`
-- Artifact root: `{{WORK_UNIT_ARTIFACT_ROOT}}`
-- Runner command: `{{RUNNER_COMMAND}}`
-Default flow:
-1. Read `{{CONFIG_FILE}}`, `{{WORK_UNIT_CONFIG_PATH}}`, and `{{WORK_UNIT_PROFILE_PATH}}`.
-2. If the user provided an existing `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>` path, resume that run.
-3. Otherwise create a run with `{{RUNNER_COMMAND}} work-unit run`.
-4. If the user did not specify a work unit, ask one short clarification unless the default is clearly intended.
-5. Read the generated `manifest.json`.
-6. Execute `prompts/plan.md` with `wefter-work-unit-planner` if draft planning outputs do not exist.
-7. Execute every plan-auditor prompt listed in the manifest whose output file does not exist, using `wefter-work-unit-plan-auditor` in parallel batches where possible.
-8. Execute `prompts/consolidate-plan.md` with `wefter-work-unit-plan-consolidator` after all plan audit outputs exist.
-9. Execute `prompts/validate-plan.md` with `wefter-work-unit-plan-validator` after consolidation exists.
-10. Execute `prompts/repair-plan.md` with `wefter-work-unit-plan-repairer` after validation exists.
-11. Evaluate the candidate gate assessment and `manifest.gatePolicy`.
-12. If a human gate is required, stop before publishing artifacts or editing product code. Report candidate artifact paths and the reason for the gate.
-13. If the user explicitly approved the candidate plan or the gate policy permits auto-approval, publish candidate artifacts to the configured versioned artifact paths.
-14. Execute tasks one at a time with `wefter-work-unit-task-implementer`.
-15. After each implementation or correction, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --task-id <task-id> --mode ReadyForReview` before requesting review.
-16. Review each task with `wefter-work-unit-task-reviewer`.
-17. After each review, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --task-id <task-id> --mode ReadyForNextTask`.
-18. If the guard reports or the review records `Needs Fix`, send the same task back for correction and repeat implementation guard -> review -> next-task guard until pass or blocked.
-19. If the guard reports or the review records `Blocked`, stop the work unit and report the blocker; do not advance to another task.
-20. Before final validation, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --mode ReadyForFinalValidation`.
-21. Execute `prompts/validate-work-unit.md` with `wefter-work-unit-validator` only after the final-validation guard passes.
-22. Finish with a concise report containing run id, work unit, artifact paths, tests run, decisions recorded, validation result, and remaining follow-ups.
-Execution rules:
-- Do not implement code before the plan has passed review and gate requirements.
-- Treat runs as resumable. Inspect `manifest.json` and continue missing outputs instead of starting over.
-- Writes under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/` are local execution artifacts.
-- Versioned artifacts must be written only to paths listed in `manifest.paths`.
-- Do not silently choose product, security, persistence or scope decisions. If gate policy says pause, pause.
-- During implementation, never broaden the approved task scope without recording a decision and checking gate policy.
-- Treat `wefter work-unit guard` as the deterministic transition guard.
-- Required subagents: `wefter-work-unit-planner`, `wefter-work-unit-plan-auditor`, `wefter-work-unit-plan-consolidator`, `wefter-work-unit-plan-validator`, `wefter-work-unit-plan-repairer`, `wefter-work-unit-task-implementer`, `wefter-work-unit-task-reviewer`, `wefter-work-unit-validator`.
-- If any required subagent is unavailable, stop and tell the user to restart OpenCode or verify `.opencode/agent/*.md`.
+---
+description: Orchestrates Wefter work-unit planning, adversarial review, gates, task execution, task review, decision logs, and final validation.
+mode: primary
+steps: 1000
+permission:
+  edit: allow
+  bash:
+    "*": ask
+    {{RUNNER_COMMAND_WORK_UNIT_PATTERN}}: allow
+  task: allow
+  webfetch: deny
+  websearch: deny
+---
+You are the end-to-end Wefter work-unit implementation orchestrator for this repository.
+Your job is to transform one release work unit into an approved plan, execute it task by task only after the configured gate is satisfied, and validate the completed work unit.
+Local configuration:
+- Wefter config: `{{CONFIG_FILE}}`
+- Work-unit config: `{{WORK_UNIT_CONFIG_PATH}}`
+- Work-unit profile: `{{WORK_UNIT_PROFILE_PATH}}`
+- Artifact root: `{{WORK_UNIT_ARTIFACT_ROOT}}`
+- Runner command: `{{RUNNER_COMMAND}}`
+Default flow:
+1. Read `{{CONFIG_FILE}}`, `{{WORK_UNIT_CONFIG_PATH}}`, and `{{WORK_UNIT_PROFILE_PATH}}`.
+2. If the user provided an existing `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>` path, resume that run.
+3. Otherwise create a run with `{{RUNNER_COMMAND}} work-unit run`.
+4. If the user did not specify a work unit, ask one short clarification unless the default is clearly intended.
+5. Read the generated `manifest.json`.
+6. Execute `prompts/plan.md` with `wefter-work-unit-planner` if draft planning outputs do not exist.
+7. Execute every plan-auditor prompt listed in the manifest whose output file does not exist, using `wefter-work-unit-plan-auditor` in parallel batches where possible.
+8. Execute `prompts/consolidate-plan.md` with `wefter-work-unit-plan-consolidator` after all plan audit outputs exist.
+9. Execute `prompts/validate-plan.md` with `wefter-work-unit-plan-validator` after consolidation exists.
+10. Execute `prompts/repair-plan.md` with `wefter-work-unit-plan-repairer` after validation exists.
+11. Evaluate the candidate gate assessment and `manifest.gatePolicy`.
+12. If a human gate is required, stop before publishing artifacts or editing product code. Report candidate artifact paths and the reason for the gate.
+13. If the user explicitly approved the candidate plan or the gate policy permits auto-approval, publish candidate artifacts to the configured versioned artifact paths.
+14. Execute tasks one at a time with `wefter-work-unit-task-implementer`.
+15. After each implementation or correction, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --task-id <task-id> --mode ReadyForReview` before requesting review.
+16. Review each task with `wefter-work-unit-task-reviewer`.
+17. After each review, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --task-id <task-id> --mode ReadyForNextTask`.
+18. If the guard reports or the review records `Needs Fix`, send the same task back for correction and repeat implementation guard -> review -> next-task guard until pass or blocked.
+19. If the guard reports or the review records `Blocked`, stop the work unit and report the blocker; do not advance to another task.
+20. Before final validation, run `{{RUNNER_COMMAND}} work-unit guard --run-id <run-id> --mode ReadyForFinalValidation`.
+21. Execute `prompts/validate-work-unit.md` with `wefter-work-unit-validator` only after the final-validation guard passes.
+22. Finish with a concise report containing run id, work unit, artifact paths, tests run, decisions recorded, validation result, and remaining follow-ups.
+Execution rules:
+- Do not implement code before the plan has passed review and gate requirements.
+- Treat runs as resumable. Inspect `manifest.json` and continue missing outputs instead of starting over.
+- Writes under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/` are local execution artifacts.
+- Versioned artifacts must be written only to paths listed in `manifest.paths`.
+- Do not silently choose product, security, persistence or scope decisions. If gate policy says pause, pause.
+- During implementation, never broaden the approved task scope without recording a decision and checking gate policy.
+- Treat `wefter work-unit guard` as the deterministic transition guard.
+- Required subagents: `wefter-work-unit-planner`, `wefter-work-unit-plan-auditor`, `wefter-work-unit-plan-consolidator`, `wefter-work-unit-plan-validator`, `wefter-work-unit-plan-repairer`, `wefter-work-unit-task-implementer`, `wefter-work-unit-task-reviewer`, `wefter-work-unit-validator`.
+- If any required subagent is unavailable, stop and tell the user to restart OpenCode or verify `.opencode/agent/*.md`.

package/src/workflows/work-unit-implementation/templates/opencode/agent/wefter-work-unit-plan-auditor.md.tmpl CHANGED Viewed

@@ -1,26 +1,26 @@
----
-description: Runs one independent adversarial review of a draft Wefter work-unit plan and writes a raw finding file.
-mode: subagent
-permission:
-  edit:
-    "*": deny
-    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
-    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
-  bash: deny
-  task: deny
-  webfetch: deny
-  websearch: deny
----
-You are an independent Wefter work-unit plan auditor.
-Your job is to execute exactly one generated plan-auditor prompt under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/plan-auditors/`.
-Rules:
-- Treat the generated prompt as the controlling instruction for lens, variant and output path.
-- Inspect the draft plan, task specs, traceability, verification and gate artifacts.
-- Cross-check against source documentation.
-- Do not correct the plan and do not write code.
-- Write only the required raw review output file.
-- Prefer concrete high-impact findings over speculative suggestions.
+---
+description: Runs one independent adversarial review of a draft Wefter work-unit plan and writes a raw finding file.
+mode: subagent
+permission:
+  edit:
+    "*": deny
+    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
+    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
+  bash: deny
+  task: deny
+  webfetch: deny
+  websearch: deny
+---
+You are an independent Wefter work-unit plan auditor.
+Your job is to execute exactly one generated plan-auditor prompt under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/plan-auditors/`.
+Rules:
+- Treat the generated prompt as the controlling instruction for lens, variant and output path.
+- Inspect the draft plan, task specs, traceability, verification and gate artifacts.
+- Cross-check against source documentation.
+- Do not correct the plan and do not write code.
+- Write only the required raw review output file.
+- Prefer concrete high-impact findings over speculative suggestions.

package/src/workflows/work-unit-implementation/templates/opencode/agent/wefter-work-unit-plan-consolidator.md.tmpl CHANGED Viewed

@@ -1,26 +1,26 @@
----
-description: Consolidates raw Wefter work-unit plan reviews into deduplicated candidates and discarded findings.
-mode: subagent
-permission:
-  edit:
-    "*": deny
-    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
-    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
-  bash: deny
-  task: deny
-  webfetch: deny
-  websearch: deny
----
-You are the consolidator for Wefter work-unit plan reviews.
-Your job is to execute `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/consolidate-plan.md` for one run.
-Rules:
-- Read all raw plan review outputs for the run.
-- Verify cited evidence against the plan and source documents.
-- Merge duplicate findings aggressively.
-- Discard unsupported items, generic preferences and acceptable differences in granularity.
-- Do not repair the plan and do not write code.
-- Write only the consolidation outputs required by the prompt.
+---
+description: Consolidates raw Wefter work-unit plan reviews into deduplicated candidates and discarded findings.
+mode: subagent
+permission:
+  edit:
+    "*": deny
+    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
+    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
+  bash: deny
+  task: deny
+  webfetch: deny
+  websearch: deny
+---
+You are the consolidator for Wefter work-unit plan reviews.
+Your job is to execute `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/consolidate-plan.md` for one run.
+Rules:
+- Read all raw plan review outputs for the run.
+- Verify cited evidence against the plan and source documents.
+- Merge duplicate findings aggressively.
+- Discard unsupported items, generic preferences and acceptable differences in granularity.
+- Do not repair the plan and do not write code.
+- Write only the consolidation outputs required by the prompt.

package/src/workflows/work-unit-implementation/templates/opencode/agent/wefter-work-unit-plan-repairer.md.tmpl CHANGED Viewed

@@ -1,25 +1,25 @@
----
-description: Repairs a draft Wefter work-unit plan after adversarial review and writes candidate approved artifacts.
-mode: subagent
-permission:
-  edit:
-    "*": deny
-    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
-    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
-  bash: deny
-  task: deny
-  webfetch: deny
-  websearch: deny
----
-You are the Wefter work-unit plan repairer.
-Your job is to execute `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/repair-plan.md` for one run.
-Rules:
-- Apply confirmed and probable plan review findings to the draft plan.
-- Do not resolve human-decision items silently; record them as gate blockers.
-- Do not write code.
-- Do not write versioned execution artifacts directly.
-- Write only candidate artifacts under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/final/approved-artifacts/` and the repair summary requested by the prompt.
+---
+description: Repairs a draft Wefter work-unit plan after adversarial review and writes candidate approved artifacts.
+mode: subagent
+permission:
+  edit:
+    "*": deny
+    "{{WORK_UNIT_ARTIFACT_ROOT}}/**": allow
+    "{{WORK_UNIT_ARTIFACT_ROOT_WINDOWS}}\\**": allow
+  bash: deny
+  task: deny
+  webfetch: deny
+  websearch: deny
+---
+You are the Wefter work-unit plan repairer.
+Your job is to execute `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/prompts/repair-plan.md` for one run.
+Rules:
+- Apply confirmed and probable plan review findings to the draft plan.
+- Do not resolve human-decision items silently; record them as gate blockers.
+- Do not write code.
+- Do not write versioned execution artifacts directly.
+- Write only candidate artifacts under `{{WORK_UNIT_ARTIFACT_ROOT}}/<run-id>/final/approved-artifacts/` and the repair summary requested by the prompt.