oh-my-opencode-lite 0.1.3 → 0.1.5

package/dist/agents/prompt-utils.d.ts

@@ -4,8 +4,8 @@ interface ComposeAgentPromptOptions {
     customAppendPrompt?: string;
     placeholders?: Record<string, string | number | undefined>;
 }
-export declare const QUESTION_PROTOCOL = "<questions>\nUse the `question` tool for blocking decisions. NEVER ask in plain text.\nPut the recommended option first with \"(Recommended)\". Short headers (<=30 chars).\nAfter calling question, STOP \u2014 do not continue execution.\n</questions>";
-export declare const SUBAGENT_RULES = "- Do not call thoth-mem session or prompt tools \u2014 memory is orchestrator-owned.\n- Use `question` tool for blocking decisions, never plain text.";
+export declare const QUESTION_PROTOCOL = "<questions>\nUse the `question` tool for blocking decisions. NEVER ask in plain text.\n\nAsk only when one of these is true:\n1. The request is ambiguous in a way that materially changes the result AND you cannot resolve it by reading the codebase.\n2. The action is destructive/irreversible, touches production, or changes security posture.\n3. You need a secret, credential, or value that cannot be inferred.\n\nWhen you must ask: do all non-blocked work first, then ask exactly one targeted question. Include your recommended default and state what changes based on the answer.\nPut the recommended option first with \"(Recommended)\". Short headers (<=30 chars).\nAfter calling question, STOP \u2014 do not continue execution.\n</questions>";
+export declare const SUBAGENT_RULES = "- Do not call ANY thoth-mem tools \u2014 memory is exclusively orchestrator-owned.\n- Do not call `todowrite` \u2014 task progress tracking is exclusively orchestrator-owned.\n- Use `question` tool for blocking decisions, never plain text.\n- NEVER run destructive git commands that discard working-tree changes: `git restore`, `git checkout -- <path>`, `git reset --hard`, `git clean`, `git stash`. During SDD execution, files modified by prior tasks are intentional progress \u2014 reverting them destroys the pipeline.\n- NEVER run `git restore` to \"clean up\" tracked file changes you did not make. Those changes belong to earlier tasks in the same pipeline.";
 export declare const RESPONSE_BUDGET = "Your response returns to an expensive orchestrator model. Be ruthlessly concise:\n- Return insights and conclusions, NEVER raw file contents or full code blocks.\n- Structured results (status, summary, files, issues) over prose.\n- If the orchestrator needs more detail, it will ask in a follow-up.";
 export declare function appendPromptSections(...sections: Array<string | undefined>): string;
 export declare function replacePromptPlaceholders(template: string, placeholders?: Record<string, string | number | undefined>): string;

package/dist/index.js

@@ -17361,11 +17361,21 @@ function getAgentOverride(config2, name) {
 // src/agents/prompt-utils.ts
 var QUESTION_PROTOCOL = `<questions>
 Use the \`question\` tool for blocking decisions. NEVER ask in plain text.
+
+Ask only when one of these is true:
+1. The request is ambiguous in a way that materially changes the result AND you cannot resolve it by reading the codebase.
+2. The action is destructive/irreversible, touches production, or changes security posture.
+3. You need a secret, credential, or value that cannot be inferred.
+
+When you must ask: do all non-blocked work first, then ask exactly one targeted question. Include your recommended default and state what changes based on the answer.
 Put the recommended option first with "(Recommended)". Short headers (<=30 chars).
 After calling question, STOP \u2014 do not continue execution.
 </questions>`;
-var SUBAGENT_RULES = `- Do not call thoth-mem session or prompt tools \u2014 memory is orchestrator-owned.
-- Use \`question\` tool for blocking decisions, never plain text.`;
+var SUBAGENT_RULES = `- Do not call ANY thoth-mem tools \u2014 memory is exclusively orchestrator-owned.
+- Do not call \`todowrite\` \u2014 task progress tracking is exclusively orchestrator-owned.
+- Use \`question\` tool for blocking decisions, never plain text.
+- NEVER run destructive git commands that discard working-tree changes: \`git restore\`, \`git checkout -- <path>\`, \`git reset --hard\`, \`git clean\`, \`git stash\`. During SDD execution, files modified by prior tasks are intentional progress \u2014 reverting them destroys the pipeline.
+- NEVER run \`git restore\` to "clean up" tracked file changes you did not make. Those changes belong to earlier tasks in the same pipeline.`;
 var RESPONSE_BUDGET = `Your response returns to an expensive orchestrator model. Be ruthlessly concise:
 - Return insights and conclusions, NEVER raw file contents or full code blocks.
 - Structured results (status, summary, files, issues) over prose.
@@ -17675,14 +17685,16 @@ You are the orchestrator for oh-my-opencode-lite.
 <rules>
 You are delegate-first.
 
- NEVER request or read the full content of any source file. Your context window is expensive; reading whole files wastes tokens and defeats delegation. The only exception is openspec/ coordination artifacts \u2014 those you may read and edit directly (see below).
+ NEVER read or write any file in the workspace \u2014 delegate all file operations. The only permitted file operations are on openspec/ coordination artifacts (see below). Reading a non-openspec file is an emergency-only last resort when delegation is genuinely impossible; it must remain exceptional.
 Delegate all inspection, writing, searching, debugging, and verification.
 
 Never build after changes.
 
 Do only coordination yourself: think, choose agents, sequence true dependencies, launch independent delegations together, ask the user via \`question\`, summarize results, and manage memory/progress.
 
- Always request only what you need to decide: insights, symbol locations, line ranges, diff summaries, or verification outcomes \u2014 never raw file dumps. Sub-agents handle large content; you handle decisions.
+NEVER request full file contents from sub-agents. Sub-agents analyze files internally and return insights \u2014 they do not relay raw content.
+
+Always request only what you need to decide: insights, symbol locations, line ranges, diff summaries, or verification outcomes \u2014 never raw file dumps. Sub-agents handle large content; you handle decisions.
 
 \`question\` is orchestrator-owned. Do not delegate requirements gathering, approval gates, or user-facing tradeoff questions.
 
@@ -17690,6 +17702,8 @@ Exception: openspec/ coordination artifacts are not source code. You may read/ed
 
 If you mention a specialist and execution is required, dispatch that specialist in the same turn.
 Never serialize independent ready delegations across multiple responses.
+
+NEVER instruct sub-agents to restore, reset, or discard working-tree changes. During SDD execution, modified files are cumulative progress from prior tasks \u2014 reverting them destroys the pipeline.
 </rules>
 
 <verification>
@@ -17741,7 +17755,7 @@ Routing tiebreakers:
 </agents>
 
 <parallel-dispatch>
-- Launch independent delegations in one response.
+- If delegations are independent and ready now, launch all in one response.
 - If you say "in parallel", emit all ready tool calls immediately.
 - background_task is fire-and-forget: launch it, then continue with other ready coordination work.
 - Use task only when you need the result before the next step.
@@ -17751,6 +17765,7 @@ Routing tiebreakers:
 <delegation-failure>
 - Empty, contradictory, or low-confidence background results: retry once with a sharper prompt.
 - Failed or suspect sync/write results: route to oracle before retrying.
+- If a sub-agent does not return the detail you expected, refine your request with specific questions \u2014 NEVER fall back to reading the file yourself. The orchestrator reading workspace files is an emergency-only last resort.
 - Maximum one retry after the initial attempt. If still blocked, surface the failure with evidence and ask via \`question\`.
 </delegation-failure>
 
@@ -17760,6 +17775,7 @@ Routing tiebreakers:
 - Oracle is READ-ONLY. NEVER use oracle to execute SDD artifact phases (propose, spec, design, tasks, apply). Oracle is ONLY for plan-review.
 - NEVER skip artifact creation. Each phase MUST produce its persistent artifact before the next phase begins.
 - NEVER jump from requirements-interview directly to implementation. The approved SDD route MUST be followed phase by phase.
+- NEVER execute SDD tasks without first loading the \`executing-plans\` skill via the skill tool. Reading artifacts and delegating directly is a protocol violation. The skill MUST be loaded BEFORE the first task dispatch.
 
 ## Entry
 - Non-trivial work starts with requirements-interview. Skip it only for truly trivial, unambiguous work.
@@ -17770,7 +17786,8 @@ Routing tiebreakers:
 1. Dispatch @deep with skill \`sdd-propose\`. Wait for result. Verify artifact was persisted.
 2. Dispatch @deep with skill \`sdd-tasks\`. Wait for result. Verify artifact was persisted.
 3. Plan-review gate (see "Plan Review Gate" below).
-4. Proceed to execution: dispatch @deep or @quick with skill \`sdd-apply\` per task.
+4. **Load the \`executing-plans\` skill** via the skill tool. This is mandatory and must happen before any task dispatch.
+5. **Execute tasks** following the loaded skill exactly: for each task, follow the \`<progress>\` protocol for state tracking, use the 6-part dispatch envelope (TASK, CONTEXT, REQUIREMENTS, BOUNDARIES, VERIFICATION, RETURN ENVELOPE), dispatch @deep or @quick with skill \`sdd-apply\`, and follow the escalation policy on failure.
 
 ## Pipeline: Full SDD (propose -> spec -> design -> tasks)
 1. Dispatch @deep with skill \`sdd-propose\`. Wait for result. Verify artifact was persisted.
@@ -17778,7 +17795,8 @@ Routing tiebreakers:
 3. Dispatch @deep with skill \`sdd-design\`. Wait for result. Verify artifact was persisted.
 4. Dispatch @deep with skill \`sdd-tasks\`. Wait for result. Verify artifact was persisted.
 5. Plan-review gate (see "Plan Review Gate" below).
-6. Proceed to execution: dispatch @deep or @quick with skill \`sdd-apply\` per task.
+6. **Load the \`executing-plans\` skill** via the skill tool. This is mandatory and must happen before any task dispatch.
+7. **Execute tasks** following the loaded skill exactly: for each task, follow the \`<progress>\` protocol for state tracking, use the 6-part dispatch envelope (TASK, CONTEXT, REQUIREMENTS, BOUNDARIES, VERIFICATION, RETURN ENVELOPE), dispatch @deep or @quick with skill \`sdd-apply\`, and follow the escalation policy on failure.
 
 ## Plan Review Gate
 After tasks are generated, use \`question\` to ask the user:
@@ -17826,9 +17844,11 @@ Sub-agents own phase execution and artifact persistence. You own sequencing, pro
 </sdd-dispatch>
 
 <progress>
-- For multi-step work, maintain two layers: todowrite plus the persistent SDD artifact when SDD is active.
-- Before dispatch, MUST mark the task in progress in every active layer.
-- After each result, MUST immediately mark completed/skipped/failed in every active layer before the next dispatch.
+- You are the ONLY agent responsible for task progress. Sub-agents NEVER call \`todowrite\`.
+- For multi-step work, maintain two layers: todowrite (visual UI for user) plus the persistent SDD artifact when SDD is active.
+- Before dispatch: MUST mark the task in progress in every active layer.
+- After result: MUST immediately mark completed in every active layer before the next dispatch.
+- On error or blocker: mark as skipped and document the reason inline before continuing.
 - Use one in-progress todo for sequential work; multiple only for truly parallel launches.
 - Keep todowrite top-level and lean. Skip it for trivial one-step work.
 </progress>
@@ -17896,6 +17916,7 @@ ${SUBAGENT_RULES}
 - Read only the context you need.
 - Avoid multi-step planning; if the task stops being bounded, surface it.
 - Ask only for implementation-local ambiguity, not orchestrator-level routing.
+- NEVER run git commands that discard changes (\`git restore\`, \`git checkout --\`, \`git reset\`, \`git clean\`). Files modified by prior tasks are intentional SDD progress, not unintended changes.
 </rules>
 
 ${QUESTION_PROTOCOL}
@@ -17986,7 +18007,7 @@ var BUILTIN_PERMISSION_PRESETS = {
     lsp: "allow",
     skill: "allow",
     question: "allow",
-    todowrite: "allow",
+    todowrite: "deny",
     external_directory: {
       "~/.config/opencode/skills/**": "allow"
     }
@@ -18001,12 +18022,30 @@ var BUILTIN_PERMISSION_PRESETS = {
     question: "allow",
     codesearch: "allow",
     lsp: "allow",
-    todowrite: "allow",
+    todowrite: "deny",
     external_directory: {
       "~/.config/opencode/skills/**": "allow"
     }
   },
-  deep: "allow"
+  deep: {
+    read: "allow",
+    edit: "allow",
+    glob: "allow",
+    grep: "allow",
+    list: "allow",
+    bash: "allow",
+    codesearch: "allow",
+    lsp: "allow",
+    skill: "allow",
+    question: "allow",
+    webfetch: "allow",
+    websearch: "allow",
+    todowrite: "deny",
+    task: "deny",
+    external_directory: {
+      "~/.config/opencode/skills/**": "allow"
+    }
+  }
 };
 function normalizeModelArray(model) {
   return model.map((entry) => typeof entry === "string" ? { id: entry } : entry);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-lite",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Delegate-first OpenCode plugin with seven agents, thoth-mem persistence, and bundled SDD skills.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/skills/requirements-interview/SKILL.md

@@ -1,8 +1,6 @@
 ---
 name: requirements-interview
-description: >
-  Mandatory step-0 requirements discovery for non-trivial work before any
-  implementation or SDD routing decisions.
+description: Mandatory step-0 requirements discovery for non-trivial work before any implementation or SDD routing decisions.
 metadata:
   author: oh-my-opencode-lite
   version: '1.0'