clean-room-skill 0.1.12 → 0.1.14

package/.claude-plugin/marketplace.json

@@ -9,7 +9,7 @@
       "name": "clean-room",
       "source": "./",
       "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
-      "version": "0.1.12",
+      "version": "0.1.14",
       "author": {
         "name": "whit3rabbit"
       },

package/.claude-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "clean-room",
   "displayName": "Clean Room",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "author": {
     "name": "whit3rabbit"
   },

package/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "clean-room",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "description": "Spec-first clean-room workflow for authorized source analysis without replacement code.",
   "author": {
     "name": "whit3rabbit"

package/README.md

@@ -52,10 +52,10 @@ Claude global installs use Claude's plugin system for skills and agents, so entr
 Hook modes:
 
 - `--hooks=safe`: default. Hooks are installed but enforce only during clean-room role sessions with the required environment.
-- `--hooks=strict`: fail-closed hook mode for dedicated Codex or Claude clean-room homes.
+- `--hooks=strict`: fail-closed hook mode for dedicated Codex, Claude, or OpenCode clean-room homes.
 - `--hooks=copy-only` or `--no-hooks`: copy hook files without registering runtime hook config.
 
-Verified runtimes are Codex and Claude Code. Other runtime layouts are installed on a best-effort basis. See [docs/REFERENCE.md](docs/REFERENCE.md#runtime-support) for the full support table and install roots.
+Verified runtimes are Codex, Claude Code, and OpenCode. OpenCode support uses native skills, commands, and a generated local plugin bridge for hook enforcement. Other runtime layouts are installed on a best-effort basis. See [docs/REFERENCE.md](docs/REFERENCE.md#runtime-support) for the full support table and install roots.
 
 Marketplace install is also supported.
 
@@ -72,6 +72,15 @@ Claude Code:
 /plugin install clean-room@clean-room-skill
 ```
 
+Pi:
+
+```bash
+pi install npm:clean-room-skill@latest
+pi install https://github.com/whit3rabbit/clean-room-skill
+```
+
+Pi loads bundled skills as `/skill:<name>`, for example `/skill:clean-room`. Pi package install is skill compatibility only; it does not register clean-room hooks. Clean-room safety still depends on role separation, path isolation, schema validation, and supported hook runtimes.
+
 ## How To Run
 
 Optionally create neutral external run folders and a clean-safe repository stub:
@@ -90,13 +99,26 @@ In Claude Code, invoke skills with the plugin namespace:
 /clean-room
 /clean-room:attended
 /clean-room:unattended
-/clean-room:resume
+/clean-room:resume-cr
 /clean-room:start-over
 /clean-room:refocus
 ```
 
 In Codex, invoke the `clean-room` plugin or bundled skills through `@` or the skills UI. Do not rely on Claude-style slash namespacing in Codex.
 
+In Pi, invoke package skills with `/skill:<name>`:
+
+```text
+/skill:init
+/skill:preflight
+/skill:clean-room
+/skill:attended
+/skill:unattended
+/skill:resume-cr
+/skill:start-over
+/skill:refocus
+```
+
 For unattended inner-loop execution from durable artifacts:
 
 ```bash
@@ -115,13 +137,13 @@ In strict context-management mode, every `agent-commands.json` stage must set `c
 ![Clean Room Architecture](assets/clean-room-arch.svg)
 
 1. Initialize or bootstrap the run.
-   Use `npx clean-room-skill@latest init` to create neutral external run folders and a clean-safe repository stub, or use `/clean-room:init` for skill-driven run preferences. The active `init-config.json` stays out of the clean implementation repository.
+   Use `npx clean-room-skill@latest init` to create neutral external run folders and a clean-safe repository stub, or use `/clean-room:init` in Claude Code or `/skill:init` in Pi for skill-driven run preferences. The active `init-config.json` stays out of the clean implementation repository.
 
 2. Record the goal contract.
    Use `npx clean-room-skill@latest preflight` or `/clean-room:preflight` before source discovery, attended mode, or unattended mode. This creates or validates `preflight-goal.json` on the contaminated/controller side.
 
 3. Start the controller.
-   Use `/clean-room` or `/clean-room:attended` for human review gates. Use `/clean-room:unattended` only after preflight allows bounded unattended work with finite iteration limits and no open questions.
+   Use `/clean-room` or `/clean-room:attended` in Claude Code, or `/skill:clean-room` or `/skill:attended` in Pi, for human review gates. Use unattended entry points only after preflight allows bounded unattended work with finite iteration limits and no open questions.
 
 4. Analyze and sanitize.
    Source-reading roles produce neutral draft behavior specs and record contaminated-only `discovery_leads` when authorized related surfaces are detected but not analyzed in the assigned unit. A source-denied sanitizer reviews handoff candidates before anything enters the clean domain.
@@ -134,7 +156,7 @@ In strict context-management mode, every `agent-commands.json` stage must set `c
 
 Use recovery skills instead of chat history:
 
-- `/clean-room:resume`: continue from durable artifacts.
+- `/clean-room:resume-cr`: continue from durable artifacts.
 - `/clean-room:start-over`: archive or quarantine current artifacts without deletion, then restart with a fresh neutral task id.
 - `/clean-room:refocus`: audit current artifacts against declared scope without expanding scope.
 
@@ -144,18 +166,23 @@ Use recovery skills instead of chat history:
 | --- | --- | --- | --- |
 | 1 | `npx clean-room-skill@latest init` | CLI command | Create neutral external run folders and a clean-safe `.clean-room/README.md` stub. |
 | 1 | `/clean-room:init` | Skill | Record run preferences, separated roots, schema profile, and model policy. |
+| 1 | `/skill:init` | Pi skill | Record run preferences, separated roots, schema profile, and model policy. |
 | 2 | `npx clean-room-skill@latest preflight` | CLI command | Create or validate the Stage 0 goal contract. |
 | 2 | `/clean-room:preflight` | Skill | Record the required goal, policy, output, and controller-mode contract. |
+| 2 | `/skill:preflight` | Pi skill | Record the required goal, policy, output, and controller-mode contract. |
 | 3 | `/clean-room` | Skill | Start the setup wizard for authorized clean-room work. |
 | 3 | `/clean-room:attended` | Skill | Start the wizard in attended mode with human review gates. |
 | 3 | `/clean-room:unattended` | Skill | Start the wizard in bounded unattended mode with finite loop limits. |
+| 3 | `/skill:clean-room` | Pi skill | Start the setup wizard for authorized clean-room work. |
+| 3 | `/skill:attended` | Pi skill | Start the wizard in attended mode with human review gates. |
+| 3 | `/skill:unattended` | Pi skill | Start the wizard in bounded unattended mode with finite loop limits. |
 | 4 | `npx clean-room-skill@latest run` | CLI command | Execute the bounded inner clean-room runner for one approved spec slice. |
 
 ### Maintenance CLI Commands
 
 | Command | Use it for |
 | --- | --- |
-| `npx clean-room-skill@latest doctor` | Smoke test generated Codex or Claude hook registration. |
+| `npx clean-room-skill@latest doctor` | Smoke test generated Codex, Claude, or OpenCode hook registration. |
 | `npx clean-room-skill@latest status` | Report installed runtime version, drift, and hook state. |
 | `npx clean-room-skill@latest update` | Refresh installed runtime files without onboarding. |
 
@@ -163,7 +190,7 @@ Use recovery skills instead of chat history:
 
 | Skill | Use it for |
 | --- | --- |
-| `/clean-room:resume` | Continue an existing run from durable artifacts. |
+| `/clean-room:resume-cr` | Continue an existing run from durable artifacts. |
 | `/clean-room:start-over` | Non-destructively archive or quarantine current artifacts and restart. |
 | `/clean-room:refocus` | Audit a run and route it back to missed gates without adding scope. |
 

package/agents/clean-architect.md

@@ -2,6 +2,9 @@
 name: clean-architect
 description: Plans clean implementation from approved clean behavioral specs and the clean destination foundation without reading contaminated source or chat history.
 tools: Read, Write, Edit, Glob
+model: opus
+effort: high
+color: blue
 ---
 
 # Clean Architect

package/agents/clean-implementer-verifier-shell.md

@@ -2,6 +2,9 @@
 name: clean-implementer-verifier-shell
 description: Shell-capable Agent 3 profile for isolated clean implementation verification homes.
 tools: Read, Write, Edit, Glob, Bash
+model: sonnet
+effort: high
+color: cyan
 ---
 
 # Clean Implementer Verifier Shell

package/agents/clean-polish-reviewer.md

@@ -2,6 +2,9 @@
 name: clean-polish-reviewer
 description: Performs final source-denied clean code polish, repository hygiene, verification review, and constrained implementation-root commit after Agent 3 completes.
 tools: Read, Write, Edit, Glob
+model: sonnet
+effort: high
+color: pink
 ---
 
 # Clean Polish Reviewer

package/agents/clean-qa-editor.md

@@ -2,6 +2,9 @@
 name: clean-qa-editor
 description: Implements the clean implementation plan, verifies the clean destination code, records implementation status, and emits one terminal report for Agent 0.
 tools: Read, Write, Edit, Glob
+model: sonnet
+effort: high
+color: green
 ---
 
 # Clean Implementer Verifier

package/agents/contaminated-handoff-sanitizer.md

@@ -2,6 +2,9 @@
 name: contaminated-handoff-sanitizer
 description: Reviews Agent 1 draft specs from a fresh source-denied contaminated context, removes identifying material, and approves only scrubbed artifacts for clean handoff.
 tools: Read, Write, Edit, Glob
+model: sonnet
+effort: high
+color: yellow
 ---
 
 # Contaminated Handoff Sanitizer

package/agents/contaminated-manager-verifier.md

@@ -2,6 +2,9 @@
 name: contaminated-manager-verifier
 description: Consumes contaminated source indexes, decomposes authorized source scope, tracks clean-room coverage, and verifies clean specs against source without sending source expression across the wall.
 tools: Read, Write, Edit, Glob, Grep
+model: opus
+effort: high
+color: purple
 ---
 
 # Contaminated Manager Verifier

package/agents/contaminated-source-analyst.md

@@ -2,6 +2,9 @@
 name: contaminated-source-analyst
 description: Reads authorized source in a contaminated workspace and produces neutral draft task slices plus behavioral specs with evidence references, not replacement code.
 tools: Read, Write, Edit, Glob, Grep, view_image
+model: sonnet
+effort: medium
+color: orange
 ---
 
 # Contaminated Source Analyst