devlyn-cli 1.0.1 → 1.1.1

package/CLAUDE.md

@@ -63,6 +63,7 @@ Optional flags:
 - `--skip-review` — skip team-review phase
 - `--skip-clean` — skip clean phase
 - `--skip-docs` — skip update-docs phase
+- `--with-codex [evaluate|review|both]` — use OpenAI Codex as cross-model evaluator/reviewer (requires codex-mcp-server)
 
 ## Manual Pipeline (Step-by-Step Control)
 

package/README.md

@@ -6,9 +6,9 @@
   <img alt="DEVLYN" src="assets/logo.svg" width="540" />
 </picture>
 
-### The Skills & Commands Toolkit for Claude Code
+### Context Engineering & Harness Engineering Toolkit for Claude Code
 
-**Ship better code with battle-tested AI workflows — debugging, code review, UI design, product specs, and more.**
+**Structured prompts, agent orchestration, and automated pipelines — debugging, code review, UI design, product specs, and more.**
 
 [![npm version](https://img.shields.io/npm/v/devlyn-cli.svg)](https://www.npmjs.com/package/devlyn-cli)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
@@ -24,13 +24,26 @@
 
 [Claude Code](https://docs.anthropic.com/en/docs/claude-code) is powerful out of the box — but teams need **consistent, repeatable workflows**. Without shared conventions, every developer prompts differently, reviews differently, and debugs differently.
 
-devlyn-cli solves this by installing a curated `.claude/` configuration into any project:
+devlyn-cli solves this with two complementary engineering approaches:
+
+### Context Engineering
+
+Structured prompts and role-based instructions that shape _what the AI knows and how it thinks_ for each task.
 
 - **16 slash commands** for debugging, code review, UI design, documentation, and more
 - **5 core skills** that activate automatically based on conversation context
-- **Agent team workflows** that spawn specialized AI teammates for complex tasks
+- **Agent team workflows** that spawn specialized AI teammates with role-specific expertise
 - **Product & feature spec templates** for structured planning
-- **Commit conventions** for consistent git history
+
+### Harness Engineering
+
+Pipeline orchestration that controls _how agents execute_ — permissions, state management, multi-phase workflows, and cross-model evaluation.
+
+- **`/devlyn:auto-resolve`** — 8-phase automated pipeline (build → evaluate → fix loop → simplify → review → security → clean → docs)
+- **`bypassPermissions` mode** for autonomous subagent execution
+- **File-based state machine** — agents communicate via `.claude/done-criteria.md` and `EVAL-FINDINGS.md`
+- **Git checkpoints** at each phase for rollback safety
+- **Cross-model evaluation** via `--with-codex` flag (OpenAI Codex as independent evaluator)
 
 **Zero dependencies. One command. Works with any project.**
 
@@ -76,7 +89,7 @@ Slash commands are invoked directly in Claude Code conversations (e.g., type `/d
 |---|---|
 | `/devlyn:resolve` | Systematic bug fixing with root-cause analysis and test-driven validation |
 | `/devlyn:team-resolve` | Spawns a full agent team — root cause analyst, test engineer, security auditor — to investigate complex issues |
-| `/devlyn:auto-resolve` | Fully automated pipeline for any task — bugs, features, refactors, chores. Build → evaluate → fix loop → simplify → review → clean → docs. One command, zero human intervention |
+| `/devlyn:auto-resolve` | Fully automated pipeline for any task — bugs, features, refactors, chores. Build → evaluate → fix loop → simplify → review → clean → docs. One command, zero human intervention. Supports `--with-codex` for cross-model evaluation via OpenAI Codex |
 
 ### Code Review & Quality
 
@@ -146,7 +159,7 @@ One command runs the full cycle — no human intervention needed:
 | **Clean** | Remove dead code and unused dependencies |
 | **Docs** | Sync documentation with changes |
 
-Each phase runs as a separate subagent (fresh context), communicates via files, and commits a git checkpoint for rollback safety. Skip phases with flags: `--skip-review`, `--skip-clean`, `--skip-docs`, `--max-rounds 3`.
+Each phase runs as a separate subagent (fresh context), communicates via files, and commits a git checkpoint for rollback safety. Skip phases with flags: `--skip-review`, `--skip-clean`, `--skip-docs`, `--max-rounds 3`, `--with-codex` (cross-model evaluation via OpenAI Codex).
 
 ### Manual Workflow
 
@@ -208,6 +221,9 @@ Copied directly into your `.claude/skills/` directory.
 | `prompt-engineering` | Claude 4 prompt optimization using official Anthropic best practices |
 | `better-auth-setup` | Production-ready Better Auth + Hono + Drizzle + PostgreSQL auth setup |
 | `pyx-scan` | Check whether an AI agent skill is safe before installing |
+| `dokkit` | Document template filling for DOCX/HWPX — ingest, fill, review, export |
+| `devlyn:pencil-pull` | Pull Pencil designs into code with exact visual fidelity |
+| `devlyn:pencil-push` | Push codebase UI to Pencil canvas for design sync |
 
 ### Community Packs
 
@@ -219,6 +235,7 @@ Installed via the [skills CLI](https://github.com/anthropics/skills) (`npx skill
 | `supabase/agent-skills` | Supabase integration patterns |
 | `coreyhaines31/marketingskills` | Marketing automation and content skills |
 | `anthropics/skills` | Official Anthropic skill-creator with eval framework and description optimizer |
+| `Leonxlnx/taste-skill` | Premium frontend design skills — modern layouts, animations, and visual refinement |
 
 > **Want to add a pack?** Open a PR adding your pack to the `OPTIONAL_ADDONS` array in [`bin/devlyn.js`](bin/devlyn.js).
 

package/config/skills/devlyn:auto-resolve/SKILL.md

@@ -20,21 +20,26 @@ $ARGUMENTS
    - `--security-review` (auto) — run dedicated security audit. Auto-detects: runs when changes touch auth, secrets, user data, API endpoints, env/config, or crypto. Force with `--security-review always` or skip with `--security-review skip`
    - `--skip-clean` (false) — skip clean phase
    - `--skip-docs` (false) — skip update-docs phase
+   - `--with-codex` (false) — use OpenAI Codex as a cross-model evaluator/reviewer via `mcp__codex-cli__*` MCP tools. Accepts: `evaluate`, `review`, or `both` (default when flag is present without value). When enabled, Codex provides an independent second opinion from a different model family, creating a GAN-like dynamic where Claude builds and Codex critiques.
 
    Flags can be passed naturally: `/devlyn:auto-resolve fix the auth bug --max-rounds 3 --skip-docs`
+   Codex examples: `--with-codex` (both), `--with-codex evaluate`, `--with-codex review`
    If no flags are present, use defaults.
 
-3. Announce the pipeline plan:
+3. **If `--with-codex` is enabled**: Read `references/codex-integration.md` and run the "PRE-FLIGHT CHECK" section to verify Codex MCP server availability before proceeding.
+
+4. Announce the pipeline plan:
 ```
 Auto-resolve pipeline starting
 Task: [extracted task description]
 Phases: Build → Evaluate → [Fix loop if needed] → Simplify → [Review] → [Security] → [Clean] → [Docs]
 Max evaluation rounds: [N]
+Cross-model evaluation (Codex): [evaluate / review / both / disabled]
 ```
 
 ## PHASE 1: BUILD
 
-Spawn a subagent using the Agent tool to investigate and implement the fix. The subagent does NOT have access to skills, so include all necessary instructions inline.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` to investigate and implement the fix. The subagent does NOT have access to skills, so include all necessary instructions inline.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -72,7 +77,7 @@ The task is: [paste the task description here]
 
 ## PHASE 2: EVALUATE
 
-Spawn a subagent using the Agent tool to evaluate the work. Include all evaluation instructions inline.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` to evaluate the work. Include all evaluation instructions inline.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -120,18 +125,19 @@ Do NOT delete `.claude/done-criteria.md` or `.claude/EVAL-FINDINGS.md` — the o
 **After the agent completes**:
 1. Read `.claude/EVAL-FINDINGS.md`
 2. Extract the verdict
-3. Branch on verdict:
+3. **If `--with-codex` includes `evaluate` or `both`**: Read `references/codex-integration.md` and follow the "PHASE 2-CODEX: CROSS-MODEL EVALUATE" section. This runs Codex as a second evaluator and merges findings into `EVAL-FINDINGS.md`.
+4. Branch on verdict (from the merged findings if Codex was used):
    - `PASS` → skip to PHASE 3
    - `PASS WITH ISSUES` → skip to PHASE 3 (issues are shippable)
    - `NEEDS WORK` → go to PHASE 2.5 (fix loop)
    - `BLOCKED` → go to PHASE 2.5 (fix loop)
-4. If `.claude/EVAL-FINDINGS.md` was not created, treat as PASS WITH ISSUES and log a warning
+5. If `.claude/EVAL-FINDINGS.md` was not created, treat as PASS WITH ISSUES and log a warning
 
 ## PHASE 2.5: FIX LOOP (conditional)
 
 Track the current round number. If `round >= max-rounds`, stop the loop and proceed to PHASE 3 with a warning that unresolved findings remain.
 
-Spawn a subagent using the Agent tool to fix the evaluation findings.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` to fix the evaluation findings.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -148,7 +154,7 @@ For each finding: read the referenced file:line, understand the issue, implement
 
 ## PHASE 3: SIMPLIFY
 
-Spawn a subagent using the Agent tool for a quick cleanup pass.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` for a quick cleanup pass.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -161,7 +167,7 @@ Review the recently changed files (use `git diff HEAD~1` to see what changed). L
 
 Skip if `--skip-review` was set.
 
-Spawn a subagent using the Agent tool for a multi-perspective review.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` for a multi-perspective review.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -171,7 +177,9 @@ Each reviewer evaluates from their perspective, sends findings with file:line ev
 
 Clean up the team after completion.
 
-**After the agent completes**:
+**If `--with-codex` includes `review` or `both`**: Read `references/codex-integration.md` and follow the "PHASE 4B: CODEX REVIEW" section. This runs Codex's independent code review and reconciles findings with the Claude team review.
+
+**After the review phase completes**:
 1. If CRITICAL issues remain unfixed, log a warning in the final report
 2. **Checkpoint**: Run `git add -A && git commit -m "chore(pipeline): review fixes complete"` if there are changes
 
@@ -185,7 +193,7 @@ Determine whether to run this phase:
   - Also run `git diff main` and scan for patterns: `API_KEY`, `SECRET`, `TOKEN`, `PASSWORD`, `PRIVATE_KEY`, `Bearer`, `jwt`, `bcrypt`, `crypto`, `env.`, `process.env`
   - If any match → run. If no matches → skip and note "Security review skipped — no security-sensitive changes detected."
 
-Spawn a subagent using the Agent tool for a dedicated security audit.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` for a dedicated security audit.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -213,7 +221,7 @@ Fix any CRITICAL findings directly. For HIGH findings, fix if straightforward, o
 
 Skip if `--skip-clean` was set.
 
-Spawn a subagent using the Agent tool.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"`.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -226,7 +234,7 @@ Scan the codebase for dead code, unused dependencies, and code hygiene issues in
 
 Skip if `--skip-docs` was set.
 
-Spawn a subagent using the Agent tool.
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"`.
 
 Agent prompt — pass this to the Agent tool:
 
@@ -256,10 +264,12 @@ After all phases complete:
 | Phase | Status | Notes |
 |-------|--------|-------|
 | Build (team-resolve) | [completed] | [brief summary] |
-| Evaluate | [PASS/NEEDS WORK after N rounds] | [verdict + key findings] |
+| Evaluate (Claude) | [PASS/NEEDS WORK after N rounds] | [verdict + key findings] |
+| Evaluate (Codex) | [completed / skipped] | [Codex-only findings count, merged verdict] |
 | Fix rounds | [N rounds / skipped] | [what was fixed] |
 | Simplify | [completed / skipped] | [changes made] |
-| Review (team-review) | [completed / skipped] | [findings summary] |
+| Review (Claude team) | [completed / skipped] | [findings summary] |
+| Review (Codex) | [completed / skipped] | [Codex-only findings, agreed findings] |
 | Security review | [completed / skipped / auto-skipped] | [findings or "no security-sensitive changes"] |
 | Clean | [completed / skipped] | [items cleaned] |
 | Docs (update-docs) | [completed / skipped] | [docs updated] |

package/config/skills/devlyn:auto-resolve/references/codex-integration.md

@@ -0,0 +1,103 @@
+# Codex Cross-Model Integration
+
+Instructions for using OpenAI Codex as an independent evaluator/reviewer in the auto-resolve pipeline. Only read this file when `--with-codex` is enabled.
+
+Codex is accessed via `mcp__codex-cli__*` MCP tools (provided by codex-mcp-server). This creates a GAN-like adversarial dynamic — Claude builds and Codex critiques, reducing shared blind spots between model families.
+
+---
+
+## PRE-FLIGHT CHECK
+
+Before starting the pipeline, verify the Codex MCP server is available by calling `mcp__codex-cli__ping`.
+
+- **If ping succeeds**: continue normally.
+- **If ping fails or `mcp__codex-cli__ping` tool is not found**: warn the user and ask how to proceed:
+  ```
+  ⚠ Codex MCP server not detected. --with-codex requires codex-mcp-server.
+
+  To install:
+    npm i -g @openai/codex
+    claude mcp add codex-cli -- npx -y codex-mcp-server
+
+  Options:
+    [1] Continue without --with-codex (Claude-only evaluation/review)
+    [2] Abort pipeline
+  ```
+  If the user chooses [1], disable `--with-codex` and continue. If [2], stop.
+
+---
+
+## PHASE 2-CODEX: CROSS-MODEL EVALUATE
+
+Run after the Claude evaluator (Phase 2) completes, only if `--with-codex` includes `evaluate` or `both`.
+
+### Step 1 — Get Codex's evaluation
+
+Call `mcp__codex-cli__codex` with:
+- `prompt`: Include the full content of `.claude/done-criteria.md` and the output of `git diff HEAD~1`. Ask Codex to evaluate the changes against the done criteria and report issues by severity (CRITICAL, HIGH, MEDIUM, LOW) with file:line references.
+- `workingDirectory`: the project root
+- `sandbox`: `"read-only"` (Codex should only read, not modify files)
+- `reasoningEffort`: `"high"`
+
+Example prompt to pass:
+```
+You are an independent code evaluator. Grade the following code changes against the done criteria below. Be strict — when in doubt, flag it.
+
+## Done Criteria
+[paste contents of .claude/done-criteria.md]
+
+## Code Changes
+[paste output of git diff HEAD~1]
+
+For each criterion, mark VERIFIED (with evidence) or FAILED (with file:line and what's wrong).
+Then list all issues found grouped by severity: CRITICAL, HIGH, MEDIUM, LOW.
+For each issue provide: file:line, description, and suggested fix.
+End with a verdict: PASS, PASS WITH ISSUES, NEEDS WORK, or BLOCKED.
+```
+
+### Step 2 — Merge findings
+
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` to merge Claude's and Codex's evaluations.
+
+Agent prompt:
+
+Read `.claude/EVAL-FINDINGS.md` (Claude's evaluation) and the Codex evaluation output below. Merge them into a single unified `.claude/EVAL-FINDINGS.md` following the existing format. Rules:
+- Take the MORE SEVERE verdict between the two evaluators
+- Deduplicate findings that reference the same file:line or describe the same issue
+- When both evaluators flag the same issue, keep the more detailed description
+- Prefix Codex-only findings with `[codex]` so the fix loop knows the source
+- Preserve the exact structure: Verdict, Done Criteria Results, Findings Requiring Action (CRITICAL/HIGH), Cross-Cutting Patterns
+
+Codex evaluation:
+[paste Codex's response here]
+
+---
+
+## PHASE 4B: CODEX REVIEW
+
+Run after the Claude team review (Phase 4A) completes, only if `--with-codex` includes `review` or `both`.
+
+### Step 1 — Run Codex review
+
+Call `mcp__codex-cli__review` with:
+- `base`: `"main"` — review all changes since main
+- `workingDirectory`: the project root
+- `title`: `"Cross-model review (Codex)"`
+
+This runs OpenAI Codex's built-in code review against the diff. The review tool returns structured findings automatically — no custom prompt needed.
+
+### Step 2 — Reconcile both reviews
+
+Spawn a subagent using the Agent tool with `mode: "bypassPermissions"` to reconcile both reviews.
+
+Agent prompt:
+
+Two independent reviews have been conducted on recent changes — one by a Claude team review and one by OpenAI Codex. Reconcile them:
+
+Claude team review findings: [paste Phase 4A agent's output summary]
+Codex review findings: [paste mcp__codex-cli__review output]
+
+1. Deduplicate findings that describe the same issue
+2. For unique Codex findings not caught by Claude's team, prefix with `[codex]` and assess severity
+3. Fix any CRITICAL issues directly. For HIGH issues, fix if straightforward.
+4. Write a brief reconciliation summary to stdout listing: findings from both (agreed), Claude-only, Codex-only, and what was fixed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devlyn-cli",
-  "version": "1.0.1",
+  "version": "1.1.1",
   "description": "Claude Code configuration toolkit for teams",
   "bin": {
     "devlyn": "bin/devlyn.js"