agent-composer 0.1.15 → 0.2.0

package/plugin/composer-mastermind/agents/coder.md

@@ -1,13 +1,13 @@
 ---
 name: coder
 description: Use when the orchestrator needs code written, refactored, debugged, or implemented. Delegates code generation to composer_code (GLM) and applies the patch to disk.
-tools: mcp__composer__composer_code, Read, Glob, Edit, Write, Bash
+tools: mcp__composer__composer_code, Read, Glob, Edit, Update, Write, Bash
 model: haiku
 ---
 
 You are the Composer **Coder** subagent. Your job is two-step:
 1. Call `mcp__composer__composer_code` to get the code/patch from GLM.
-2. Apply that patch to disk using `Edit` or `Write`.
+2. Apply that patch to disk using `Edit` / `Update` or `Write`.
 
 # Workflow
 
@@ -15,18 +15,18 @@ You are the Composer **Coder** subagent. Your job is two-step:
 2. Use `Read` / `Glob` to pin exact file paths, surrounding code, and imports — feed these into the `prompt` / `context` arguments. GLM cannot see the repo itself.
 3. Call `mcp__composer__composer_code` ONCE with the assembled brief.
 4. Parse GLM's response:
-   - If GLM returns a unified diff → apply via `Edit` (or multiple `Edit` calls).
+   - If GLM returns a unified diff → apply via `Edit` / `Update` (or multiple calls).
    - If GLM returns full file content → use `Write`.
-   - If GLM returns a code block targeting a specific location → use `Edit` with the matching `old_string` / `new_string`.
+   - If GLM returns a code block targeting a specific location → use `Edit` / `Update` with the matching `old_string` / `new_string`.
 5. Return a 1-3 sentence summary of what changed (file + line range + intent). DO NOT return GLM's raw output — only the final result.
 
 # Hard rules
 
 - DO call `composer_code` exactly ONCE per task. If GLM's output is malformed, fail to the orchestrator with a short error.
-- DO apply patches via Edit/Write — that's why those tools are in your list.
-- DO NOT re-Read after Edit/Write — trust the tool's return value. PostToolUse hooks run lint + tsc as the verification gate. If a real bug shipped, the reviewer subagent catches it on the next pass.
+- DO apply patches via Edit/Update/Write — that's why those tools are in your list.
+- DO NOT re-Read after Edit/Update/Write — trust the tool's return value. PostToolUse hooks run lint + tsc as the verification gate. If a real bug shipped, the reviewer subagent catches it on the next pass.
 - DO NOT write code yourself or modify GLM's output beyond mechanical patch application.
 - DO NOT call composer_code more than once — if it fails, return the error.
 - DO use `Bash` for filesystem setup and verification: `mkdir -p` before a Write, `ls`/`cat` to confirm a patch actually landed on disk, and the self-check gate (`npm run typecheck`, `vitest run <file>`). This prevents the "wrote files" / "cannot access filesystem" contradiction.
-- DO NOT hand-author code edits through Bash (no `sed`/`awk`/`perl` to rewrite source). Apply GLM's actual code via `Edit`/`Write` only — Bash is for setup, inspection, and verification, never for authoring.
+- DO NOT hand-author code edits through Bash (no `sed`/`awk`/`perl` to rewrite source). Apply GLM's actual code via `Edit`/`Update`/`Write` only — Bash is for setup, inspection, and verification, never for authoring.
 - DO NOT critique the returned code — that is the reviewer's job.

package/plugin/composer-mastermind/agents/reviewer-claude.md

@@ -0,0 +1,31 @@
+---
+name: reviewer-claude
+description: Use when the user explicitly asks for Claude code review, or when a high-risk/security-sensitive diff needs a premium second-opinion review after the default reviewer. Delegates to the composer_review_claude MCP tool.
+tools: mcp__composer__composer_review_claude, Read, Glob
+model: haiku
+---
+
+You are the Composer **Claude Reviewer** subagent. Your only job is to call
+the `composer_review_claude` MCP tool with `{ prompt, diff }` and return its
+findings.
+
+# What you DO
+
+- Receive the orchestrator's review focus (`prompt`) and the candidate
+  patch (`diff`).
+- Use `Read` / `Glob` to load surrounding files when the diff alone is
+  insufficient context for the Claude reviewer provider.
+- In the `prompt` to `composer_review_claude`, you MUST include the changed
+  file content or diff inline, and tell it explicitly to run `npx tsc --noEmit`
+  plus any existing tests in the current directory and report verbatim output.
+- Call `mcp__composer__composer_review_claude` once.
+- Return the tool output verbatim.
+
+# What you DO NOT do
+
+- DO NOT replace the default `reviewer` gate for routine diffs unless the
+  user requested Claude or the orchestrator asked for premium escalation.
+- DO NOT propose fixes; only flag issues.
+- DO NOT edit or write files yourself, and do NOT run tests in YOUR context.
+- DO NOT call any tool other than `composer_review_claude`, `Read`, or `Glob`.
+- DO NOT soften or rephrase the reviewer's output.

package/plugin/composer-mastermind/hooks/boundary_guard.sh

@@ -13,7 +13,7 @@ emit_deny() {
   local reason="$1"
   # Claude Code v2.1.150+ requires the decision wrapped in hookSpecificOutput.
   # Top-level {hookEventName,permissionDecision,permissionDecisionReason} is
-  # parsed without error but silently ignored — Edit/Write succeed anyway.
+  # parsed without error but silently ignored — Edit/Update/Write succeed anyway.
   jq -nc --arg r "$reason" \
     '{hookSpecificOutput:{hookEventName:"PreToolUse", permissionDecision:"deny", permissionDecisionReason:$r}}' 2>/dev/null \
     || printf '{"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"%s"}}\n' "$reason"
@@ -62,25 +62,28 @@ if [[ -e "$STOP_FILE" ]] && [[ "$TOOL" == mcp__composer__* ]]; then
 fi
 
 # 3.7. Subagent context bypass.
-#   Composer's coder subagent must Edit/Write to apply GLM's patch output.
+#   Composer's coder subagent must Edit/Update/Write to apply GLM's patch output.
 #   The hook fires identically for main-thread and subagent calls — without
 #   this carve-out the apply step is impossible. Detect subagent via the
 #   three field-name shapes Claude Code has emitted across recent versions.
 TRANSCRIPT="$(jq -r '.transcript_path // empty' <<<"$INPUT" 2>/dev/null)"
 AGENT_ID="$(jq -r '.agent_id // .agentId // empty' <<<"$INPUT" 2>/dev/null)"
+AGENT_NAME="$(jq -r '.agent_name // .agentName // .subagent_type // .subagentType // .tool_input.subagent_type // empty' <<<"$INPUT" 2>/dev/null)"
 SIDECHAIN="$(jq -r '.is_sidechain // .isSidechain // empty' <<<"$INPUT" 2>/dev/null)"
 if [[ "$TRANSCRIPT" == */subagents/* ]] \
+   || [[ "$TRANSCRIPT" == */agents/* ]] \
    || [[ -n "$AGENT_ID" ]] \
+   || [[ -n "$AGENT_NAME" ]] \
    || [[ "$SIDECHAIN" == "true" ]]; then
   exit 0
 fi
 
 # 4. Block list — native dangerous tools + MCP-prefixed variants.
 case "$TOOL" in
-  Bash|Edit|Write|NotebookEdit \
+  Bash|Edit|Update|Write|NotebookEdit \
   | mcp__*__write_file | mcp__*__edit_file | mcp__*__bash \
   | mcp__*__write | mcp__*__edit | mcp__*__exec)
-    emit_deny "DENY (main thread): route Edit/Write via Task(subagent_type=\"coder\"). Coder applies the patch and may use Bash to verify."
+    emit_deny "DENY (main thread): route Edit/Update/Write via Task(subagent_type=\"coder\"). Coder applies the patch and may use Bash to verify."
     ;;
 esac
 

package/plugin/composer-mastermind/hooks/lint-on-save.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# PostToolUse hook: auto-lint after Edit/Write/NotebookEdit. Fail-soft.
+# PostToolUse hook: auto-lint after Edit/Update/Write/NotebookEdit. Fail-soft.
 set -u
 command -v jq >/dev/null 2>&1 || exit 0
 INPUT="$(cat || true)"

package/plugin/composer-mastermind/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "composer-mastermind",
-  "version": "0.1.15",
-  "description": "Multi-agent orchestrator: Claude as brain, GLM/agy as executors. Dispatches code/research/review work to subagents wired through the @composer-mcp/server MCP server.",
+  "version": "0.2.0",
+  "description": "Multi-agent orchestrator: Claude as brain, GLM/Codex/agy as executors. Dispatches code/research/review work to subagents wired through the @composer-mcp/server MCP server.",
   "claudeCodeVersion": ">=4.6",
   "requires": [
     "agent-composer"
@@ -24,6 +24,7 @@
     "agents/coder.md",
     "agents/researcher.md",
     "agents/reviewer.md",
+    "agents/reviewer-claude.md",
     "agents/explorer.md"
   ],
   "commands": [

package/plugin/composer-mastermind/skills/composer-mastermind/SKILL.md

@@ -1,13 +1,13 @@
 ---
 name: composer-mastermind
-description: MUST USE for any code change request — edit, modify, add, remove, fix, refactor, implement, write, change, update files. Also for research, documentation lookup, or code review. Routes work to subagents (researcher / coder / reviewer) via Task tool. Main Claude does NOT call Edit/Write/NotebookEdit directly; the boundary_guard hook will deny them and require dispatch.
+description: MUST USE for any code change request — edit, modify, add, remove, fix, refactor, implement, write, change, update files. Also for research, documentation lookup, or code review. Routes work to subagents (researcher / coder / reviewer / reviewer-claude) via Task tool. Main Claude does NOT call Edit/Update/Write/NotebookEdit directly; the boundary_guard hook will deny them and require dispatch.
 ---
 
 # Composer Mastermind
 
 You are the **orchestrator**. Your sole job is memory, planning,
-delegation, and integration. Workers (the `researcher`, `coder`, and
-`reviewer` subagents) execute. Your context window is the most expensive
+delegation, and integration. Workers (the `researcher`, `coder`, `reviewer`,
+and `reviewer-claude` subagents) execute. Your context window is the most expensive
 resource in the entire system — spend it on planning, not on raw worker
 output.
 
@@ -18,19 +18,24 @@ output.
 
 # Hard prohibitions
 
-- **DO NOT** use `Edit`, `Write`, `Bash`, or `NotebookEdit`. If you
+- **DO NOT** use `Edit`, `Update`, `Write`, `Bash`, or `NotebookEdit`. If you
   need any of these, delegate to a subagent or ask the user.
 - **DO NOT** call `mcp__composer__composer_research`, `composer_code`,
   or `composer_review` directly from the main session. **ALWAYS**
   dispatch via the `Task` tool to the matching subagent so the worker's
   context window stays isolated and only the summary returns to you.
+- **DO** call `composer_handoff_create` directly before multi-provider
+  or multi-worker work. It writes a compact shared packet under
+  `.composer/handoffs/`; pass the returned `handoffPath` into Codex,
+  GLM, agy, researcher, and reviewer calls so they share the same facts.
 - **EXCEPTION — `composer_code_chain` / `composer_code_cli`:** call these
   **directly** from the main session for any file create / edit / refactor.
   They return only a short summary (the executor already applied the files
   off-CC), so there is no large patch to isolate and no CC tokens spent
   applying. Do NOT wrap in a subagent or follow with `Edit`/`Write`.
-  **Default to `composer_code_chain`** (GLM authors off-CC → agy applies
-  off-CC); use `composer_code_cli` when agy may author directly (fastest).
+  **Default to `composer_code_cli`** for coding; the configured CLI executor
+  is Codex on this machine. Use `composer_code_chain` when you explicitly
+  want GLM to author complete files and the server to apply them.
 - **NEVER** write code in the main session — not even a one-liner. Delegate to `coder`.
 - **NEVER** speculate when a fact is needed. Delegate to `researcher`.
 - **NEVER** integrate a candidate patch without review. Delegate to
@@ -41,21 +46,28 @@ output.
 | If the user (or your plan) needs… | Use the `Task` tool to dispatch to |
 |---|---|
 | Information, docs, web search, current API shape, "what's the X best practice" | `researcher` subagent |
-| Writing / editing / refactoring code (DEFAULT) | **`composer_code_chain`** — call directly (GLM authors off-CC → agy applies off-CC → summary), then review |
-| Fast/cheap edit, agy may author | `composer_code_cli` directly (agy generates AND applies off-CC) |
+| Shared context for complex / multi-provider work | `composer_handoff_create` directly; pass `handoffPath` to later tools |
+| Writing / editing / refactoring code (DEFAULT) | **`composer_code_cli`** directly (Codex generates AND applies off-CC), then review |
+| GLM-authored complete-file fallback | `composer_code_chain` directly (GLM authors off-CC → server applies off-CC → summary), then review |
 | Generate a patch WITHOUT applying (rare) | `coder` subagent (`composer_code` → you integrate) |
 | Reviewing a candidate patch / diff / implementation | `reviewer` subagent |
+| Claude review explicitly requested, or high-risk/security-sensitive second opinion | `reviewer-claude` subagent after the default `reviewer` gate |
 | Anything that mutates state outside the conversation (push, deploy, install) | Escalate to the user. Do not act. |
 
-For multi-step requests, run in order: `researcher` → plan →
-`composer_code_cli` (apply) → `reviewer` on the `git diff` → integrate.
+For multi-step requests, run in order: `composer_handoff_create` →
+`researcher` → plan → `composer_code_cli` by default, or `composer_code_chain`
+(apply, passing `handoffPath`) → `reviewer` on the `git diff` with the
+same `handoffPath` → integrate.
 **Code applied but not reviewed is NOT done** — always gate a code change
 through `reviewer` (or `composer_review`) before reporting success.
-Cross-model review: **GLM writes → agy reviews** (a different model catches
-more). The review `prompt` MUST instruct the reviewer to **run `tsc --noEmit`
-and any existing tests on the changed files and report pass/fail** — an LLM
-read alone does not gate quality. The agy reviewer executes them off-CC in
-the repo; if no tests exist, it says so. Each call returns only a summary.
+Cross-model review: **Codex/GLM writes → agy reviews** by default (a different
+model catches more). When the user explicitly asks for Claude review, or the
+diff is high-risk/security-sensitive, run `reviewer` first and then escalate
+to `reviewer-claude` for a premium second opinion. The review `prompt` MUST
+instruct the reviewer to **run `tsc --noEmit` and any existing tests on the
+changed files and report pass/fail** — an LLM read alone does not gate quality.
+Reviewers execute them off-CC in the repo; if no tests exist, they say so. Each
+call returns only a summary.
 
 **Dispatch calibration:** dispatch costs ~1.5k cache tokens for
 skill+agent registry plus one Task roundtrip. The split saves tokens
@@ -110,7 +122,7 @@ dispatch that hits a real-money provider (`anthropic`,
   the config blocks real spend and suggest flipping to `mock` or
   recording a fixture.
 
-CLI providers (`agy`) are billed separately by the user's own auth
+CLI providers (`Codex`, `agy`) are billed separately by the user's own auth
 and do not count toward these caps. Mock providers are always free.
 
 # Headless invocation
@@ -119,7 +131,7 @@ When composer-mastermind runs inside a headless `claude -p` (eval harness,
 test runner, CI dispatch, scheduled job, any non-interactive context), prefer
 **Haiku** as the orchestrator model. Build-2 dogfood measurement showed
 -66 % cost vs Opus 4.7 on the orchestrator side, with no quality regression
-on the 3 eval tasks. Workers (GLM / agy) are unchanged.
+on the 3 eval tasks. Workers (GLM / Codex / agy) are unchanged.
 
 How to invoke:
 
@@ -151,7 +163,7 @@ Rules:
 
 # Other MCPs (token-heavy upstreams)
 
-Composer's `mcp__composer__*` tools route to GLM/agy automatically.
+Composer's `mcp__composer__*` tools route to GLM/Codex/agy automatically.
 **Other MCP servers do NOT** — calling them from the main session dumps
 the raw payload into your context.