auditor-lambda 0.3.14 → 0.3.16

package/README.md

@@ -30,7 +30,8 @@ npm install -g auditor-lambda
 
 That makes `audit-code` available on `PATH`. During package install, the package
 also writes user-level command/skill assets for hosts we can seed safely, including
-the Claude command file and global Codex skill bundle.
+the Claude command file, the global Codex skill bundle, and the global OpenCode
+slash command entry in `~/.config/opencode/opencode.json`.
 
 After that, invoke `/audit-code` in a supported host. The prompt self-bootstraps
 the current repository by running:
@@ -53,7 +54,7 @@ That bootstraps repo-local `/audit-code` surfaces for the hosts we can automate
 
 - Codex `AGENTS.md` fallback guidance for the global skill surface
 - Claude Desktop local MCP bundle artifacts and project template guidance
-- OpenCode command, skill, and `opencode.json` surfaces
+- OpenCode `opencode.json` with the `/audit-code` slash command and auditor MCP server
 - VS Code prompt, custom agent, Copilot instructions, and `.vscode/mcp.json`
 - Antigravity planning-mode guidance plus the shared repo-local MCP launcher
 

package/audit-code-wrapper-lib.mjs

@@ -533,10 +533,18 @@ function renderCodexAutomationRecipe() {
   ].join('\n');
 }
 
-function renderOpenCodeProjectConfig(root) {
+function renderOpenCodeProjectConfig(root, promptBody) {
   const launcher = replaceBackslashes(toRepoRelativePath(root, join(root, '.audit-code', 'install', MCP_LAUNCHER_FILENAME)));
   return {
     $schema: 'https://opencode.ai/config.json',
+    command: {
+      'audit-code': {
+        template: promptBody.trimStart(),
+        description: 'Autonomous local loop code auditing',
+        agent: 'auditor',
+        subtask: false,
+      },
+    },
     mcp: {
       auditor: {
         type: 'local',
@@ -599,11 +607,15 @@ function objectValue(value) {
     : {};
 }
 
-function buildMergedOpenCodeProjectConfig(existing, root) {
-  const generated = renderOpenCodeProjectConfig(root);
+function buildMergedOpenCodeProjectConfig(existing, root, promptBody) {
+  const generated = renderOpenCodeProjectConfig(root, promptBody);
   return {
     ...existing,
     $schema: existing.$schema ?? generated.$schema,
+    command: {
+      ...objectValue(existing.command),
+      'audit-code': generated.command['audit-code'],
+    },
     mcp: {
       ...objectValue(existing.mcp),
       auditor: generated.mcp.auditor,
@@ -1084,17 +1096,15 @@ const INSTALL_HOST_DEFINITIONS = {
     support_level: 'supported',
     setup_kind: 'command+agent+mcp',
     summary:
-      'Use the generated OpenCode command and project config so `/audit-code` and the local auditor MCP server are available together.',
-    primary_path_key: 'opencodeCommandPath',
+      'Use the generated `opencode.json` so the `/audit-code` slash command and the local auditor MCP server are both available.',
+    primary_path_key: 'opencodeConfigPath',
     supporting_path_keys: [
-      'opencodeConfigPath',
-      'opencodeSkillPath',
       'agentsInstructionsPath',
       'mcpLauncherPath',
     ],
     steps: [
       'Open this repository in OpenCode.',
-      'Let OpenCode load the generated `opencode.json` so the auditor MCP server is available.',
+      'Let OpenCode load the generated `opencode.json` — it registers the `/audit-code` slash command and the auditor MCP server.',
       'Invoke `/audit-code` and keep the audit loop on the auditor MCP tools.',
     ],
     profile: {
@@ -1792,63 +1802,28 @@ async function verifyInstalledBootstrap(argv) {
         break;
       }
       case 'opencode':
-        await collectVerifyCheck(checks, 'opencode_command', async () => {
-          const content = await readFile(assetPaths.opencodeCommandPath, 'utf8');
-          if (!content.includes('agent: auditor')) {
-            throw new Error(`OpenCode command file is missing the auditor agent frontmatter: ${assetPaths.opencodeCommandPath}`);
-          }
-          const { body: commandBody } = splitFrontmatter(content);
-          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
-          if (commandBody !== sourceBody.trimStart()) {
-            throw new Error(
-              `OpenCode command prompt body is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
-            );
-          }
-          return {
-            summary: 'OpenCode command file is present and uses the source prompt body.',
-            path: assetPaths.opencodeCommandPath,
-          };
-        });
-        await collectVerifyCheck(checks, 'opencode_skill', async () => {
-          const content = (await readFile(assetPaths.opencodeSkillPath, 'utf8')).replace(/\r\n/g, '\n');
-          const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
-          if (content !== sourceSkill) {
-            throw new Error(
-              `OpenCode skill is out of sync with the source skill. Run "audit-code install --host opencode" or "audit-code install".`,
-            );
-          }
-          return {
-            summary: 'OpenCode skill is present and matches the source skill.',
-            path: assetPaths.opencodeSkillPath,
-          };
-        });
-        await collectVerifyCheck(checks, 'opencode_prompt', async () => {
-          const content = await readFile(assetPaths.opencodePromptPath, 'utf8');
-          const sourcePrompt = await readFile(promptAssetPath, 'utf8');
-          if (content !== sourcePrompt) {
-            throw new Error(
-              `OpenCode prompt is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
-            );
-          }
-          return {
-            summary: 'OpenCode prompt is present and matches the source prompt.',
-            path: assetPaths.opencodePromptPath,
-          };
-        });
         await collectVerifyCheck(checks, 'opencode_config', async () => {
           const config = await readJson(assetPaths.opencodeConfigPath, 'OpenCode project config');
-          const command = config?.mcp?.auditor?.command;
-          if (!Array.isArray(command) || command[0] !== 'node') {
+          const mcpCommand = config?.mcp?.auditor?.command;
+          if (!Array.isArray(mcpCommand) || mcpCommand[0] !== 'node') {
             throw new Error('OpenCode config must set mcp.auditor.command as a Node command array.');
           }
-          if (command[1] !== '.audit-code/install/run-mcp-server.mjs') {
-            throw new Error(`OpenCode config must point at .audit-code/install/${MCP_LAUNCHER_FILENAME}, got ${command[1] ?? 'missing'}.`);
+          if (mcpCommand[1] !== '.audit-code/install/run-mcp-server.mjs') {
+            throw new Error(`OpenCode config must point at .audit-code/install/${MCP_LAUNCHER_FILENAME}, got ${mcpCommand[1] ?? 'missing'}.`);
           }
           if (config?.mcp?.auditor?.type !== 'local') {
             throw new Error(`OpenCode config must set mcp.auditor.type to "local", got ${config?.mcp?.auditor?.type ?? 'missing'}.`);
           }
+          const commandConfig = config?.command?.['audit-code'];
+          if (!commandConfig?.template) {
+            throw new Error('OpenCode config is missing command["audit-code"].template — the /audit-code slash command will not surface. Run "audit-code install".');
+          }
+          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
+          if (commandConfig.template !== sourceBody.trimStart()) {
+            throw new Error('OpenCode config command["audit-code"].template is out of sync with the source prompt. Run "audit-code install".');
+          }
           return {
-            summary: 'OpenCode project config parsed successfully.',
+            summary: 'OpenCode project config has MCP server and /audit-code slash command.',
             path: assetPaths.opencodeConfigPath,
           };
         });
@@ -2022,20 +1997,12 @@ async function detectBootstrapRefreshReason(root, host) {
         break;
       }
       case 'opencode': {
-        const opencodeSkill = await readTextIfExists(assetPaths.opencodeSkillPath);
-        if (opencodeSkill?.replace(/\r\n/g, '\n') !== sourceSkill) {
-          return 'stale_host_asset:opencode:skill';
-        }
-        const opencodePrompt = await readTextIfExists(assetPaths.opencodePromptPath);
-        if (opencodePrompt !== sourcePrompt) {
-          return 'stale_host_asset:opencode:prompt';
+        const opencodeConfig = await readJson(assetPaths.opencodeConfigPath, 'OpenCode config').catch(() => null);
+        if (opencodeConfig?.command?.['audit-code']?.template !== sourcePromptBody.trimStart()) {
+          return 'stale_host_asset:opencode:config_command';
         }
-        const opencodeCommand = await readTextIfExists(assetPaths.opencodeCommandPath);
-        if (opencodeCommand === null) {
-          return 'missing_host_asset:opencode:command';
-        }
-        if (splitFrontmatter(opencodeCommand).body !== sourcePromptBody.trimStart()) {
-          return 'stale_host_asset:opencode:command';
+        if (await fileExists(join(root, '.opencode', 'commands', 'audit-code.md'))) {
+          return 'stale_host_asset:opencode:legacy_command_file';
         }
         break;
       }
@@ -2164,18 +2131,9 @@ async function installBootstrap(argv, options = {}) {
     claudeDesktopMcpbPath: profile.writeClaudeDesktop
       ? join(root, '.audit-code', 'install', 'claude-desktop', 'auditor-lambda.mcpb')
       : null,
-    opencodeCommandPath: profile.writeOpenCode
-      ? join(root, '.opencode', 'commands', 'audit-code.md')
-      : null,
     opencodeConfigPath: profile.writeOpenCode
       ? join(root, 'opencode.json')
       : null,
-    opencodeSkillPath: profile.writeOpenCode
-      ? join(root, '.opencode', 'skills', 'audit-code', 'SKILL.md')
-      : null,
-    opencodePromptPath: profile.writeOpenCode
-      ? join(root, '.opencode', 'skills', 'audit-code', 'audit-code.prompt.md')
-      : null,
     vscodePromptPath: profile.writeVSCode
       ? join(root, '.github', 'prompts', 'audit-code.prompt.md')
       : null,
@@ -2285,36 +2243,24 @@ async function installBootstrap(argv, options = {}) {
   }
 
   if (profile.writeOpenCode) {
-    results.push(
-      await writeGeneratedMarkdown(
-        assetPaths.opencodeCommandPath,
-        renderPromptFile(
-          {
-            description: 'Autonomous local loop code auditing',
-            agent: 'auditor',
-            subtask: false,
-          },
-          promptBody,
-        ),
-      ),
-    );
-    results.push(
-      await writeGeneratedMarkdown(
-        assetPaths.opencodeSkillPath,
-        skillSource,
-      ),
-    );
-    results.push(
-      await writeGeneratedMarkdown(
-        assetPaths.opencodePromptPath,
-        promptSource,
-      ),
-    );
+    // Remove legacy command/skill/prompt files unconditionally — these paths are exclusively
+    // owned by the auditor-lambda installer and keeping any version of them causes OpenCode to
+    // load the wrong slash command regardless of prompt content.
+    for (const legacyPath of [
+      join(root, '.opencode', 'commands', 'audit-code.md'),
+      join(root, '.opencode', 'skills', 'audit-code', 'SKILL.md'),
+      join(root, '.opencode', 'skills', 'audit-code', 'audit-code.prompt.md'),
+    ]) {
+      if (await fileExists(legacyPath)) {
+        await unlink(legacyPath);
+        results.push({ path: legacyPath, mode: 'removed' });
+      }
+    }
     results.push(
       await writeMergedGeneratedJson(
         assetPaths.opencodeConfigPath,
         'OpenCode project config',
-        (existing) => buildMergedOpenCodeProjectConfig(existing, root),
+        (existing) => buildMergedOpenCodeProjectConfig(existing, root, promptBody),
       ),
     );
   }
@@ -2415,7 +2361,7 @@ async function installBootstrap(argv, options = {}) {
     files: results,
     slash_command_surfaces: {
       vscode_prompt: assetPaths.vscodePromptPath,
-      opencode_command: assetPaths.opencodeCommandPath,
+      opencode_config: assetPaths.opencodeConfigPath,
     },
     instruction_surfaces: {
       agents: assetPaths.agentsInstructionsPath,

package/docs/operator-guide.md

@@ -43,7 +43,7 @@ Host-specific files may include:
 
 - Codex: managed `AGENTS.md` fallback guidance
 - Claude Desktop: project template, remote MCP connector, local MCP bundle
-- OpenCode: command file, skill bundle, and `opencode.json`
+- OpenCode: `opencode.json` with `/audit-code` slash command and auditor MCP server
 - VS Code/Copilot: prompt, custom agent, instructions, and `.vscode/mcp.json`
 - Antigravity: planning-mode and MCP-oriented guidance
 
@@ -62,8 +62,9 @@ repo-local `AGENTS.md` fallback guidance.
 Claude Desktop is treated as an MCP-first host. Use the generated project
 template and local bundle artifacts when installing the integration.
 
-OpenCode and VS Code use repo-local prompt, command, and MCP configuration
-files generated by `audit-code ensure` or `audit-code install`.
+OpenCode uses `opencode.json` (generated by `audit-code ensure` or `audit-code
+install`) which registers the `/audit-code` slash command and the auditor MCP
+server together. VS Code uses repo-local prompt and MCP configuration files.
 
 Antigravity should be treated as a workflow-and-artifacts host until it has a
 stable project-local config surface. Use generated planning-mode guidance,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.14",
+  "version": "0.3.16",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/scripts/postinstall.mjs

@@ -25,6 +25,40 @@ function writeGeneratedFile(path, content) {
   return action;
 }
 
+function splitFrontmatter(text) {
+  const normalized = text.replace(/\r\n/g, '\n');
+  const match = normalized.match(/^---\n([\s\S]*?)\n---\n?/u);
+  if (!match) return { body: normalized };
+  return { body: normalized.slice(match[0].length) };
+}
+
+function mergeOpenCodeGlobalConfig(existing, promptBody) {
+  const parsed = existing ? JSON.parse(existing) : {};
+  return {
+    ...parsed,
+    command: {
+      ...(parsed.command && typeof parsed.command === 'object' && !Array.isArray(parsed.command)
+        ? parsed.command
+        : {}),
+      'audit-code': {
+        template: promptBody.trimStart(),
+        description: 'Autonomous local loop code auditing',
+        agent: 'auditor',
+        subtask: false,
+      },
+    },
+  };
+}
+
+function installMergedJson(path, buildMerged) {
+  const existing = existsSync(path) ? readFileSync(path, 'utf8') : null;
+  const merged = buildMerged(existing);
+  const action = existing ? 'updated' : 'installed';
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, JSON.stringify(merged, null, 2) + '\n', 'utf8');
+  return action;
+}
+
 const promptSource = readRequiredSource(promptSourceFile, 'prompt');
 const skillSource = readRequiredSource(skillSourceFile, 'skill');
 
@@ -32,6 +66,8 @@ if (!promptSource || !skillSource) {
   process.exit(0);
 }
 
+const promptBody = splitFrontmatter(promptSource.toString('utf8')).body;
+
 const installs = [
   {
     label: 'Claude command',
@@ -62,3 +98,16 @@ for (const install of installs) {
     console.warn(`    ${install.path}`);
   }
 }
+
+// Install OpenCode global command via merged config
+const opencodeGlobalConfig = join(homedir(), '.config', 'opencode', 'opencode.json');
+try {
+  const action = installMergedJson(opencodeGlobalConfig, (existing) =>
+    mergeOpenCodeGlobalConfig(existing, promptBody),
+  );
+  console.log(`audit-code: ${action} global OpenCode command in ${opencodeGlobalConfig}`);
+} catch (err) {
+  console.warn(`audit-code: could not install global OpenCode command (${err.message})`);
+  console.warn(`  To install manually, add "command": { "audit-code": { "template": "...", "agent": "auditor" } } to:`);
+  console.warn(`    ${opencodeGlobalConfig}`);
+}