opencode-athena 0.3.0 → 0.4.0

package/README.md

@@ -290,6 +290,50 @@ Custom model fields:
   - `contextWindow`: Context window size in tokens
   - `supportsTemperature`: Whether temperature can be adjusted
 
+### Git Operations Policy
+
+By default, Athena prevents agents from automatically performing git operations (commits, pushes, branch creation). This ensures developers maintain full control over version control.
+
+**Default behavior** (`autoGitOperations: false`):
+- ✅ Agents can read git state (`git status`, `git diff`, `git log`)
+- ❌ Agents cannot automatically commit, push, or create branches
+- ⚠️ If an agent attempts a git write operation, a warning is injected
+- 📝 Agents must ask for explicit user permission before git operations
+
+**Enable automatic git operations:**
+
+Set `features.autoGitOperations: true` in `athena.json`:
+
+```json
+{
+  "features": {
+    "autoGitOperations": true
+  }
+}
+```
+
+Or during installation, check the "Auto Git Operations" feature.
+
+**Covered operations:**
+- **Git commits & pushes:** `git commit`, `git push`
+- **Branch operations:** `git checkout -b`, `git branch`, `git switch -c`, `git switch --create`
+- **Merging & rebasing:** `git merge`, `git rebase`, `git cherry-pick`
+- **Stashing & tags:** `git stash`, `git tag`
+- **Reset operations:** `git reset` (all variants: --soft, --mixed, --hard)
+- **GitHub PR operations:** `gh pr create`, `gh pr edit`, `gh pr merge`, `gh pr close`, `gh pr review`
+- **GitHub issue operations:** `gh issue create`, `gh issue edit`, `gh issue close`
+- **GitHub release operations:** `gh release create`, `gh release edit`, `gh release delete`
+
+**Why this is the default:**
+
+Version control is critical. Automatic commits can:
+- Create unclear commit messages
+- Commit unintended changes
+- Disrupt branch strategies
+- Bypass code review processes
+
+With `autoGitOperations: false`, agents track progress via `athena_update_status()` instead, which updates `sprint-status.yaml` without git operations.
+
 ## GitHub Copilot Support
 
 Athena supports GitHub Copilot as a model provider, allowing you to use Claude, GPT, and Gemini models through your Copilot subscription. This is especially useful for enterprise users who only have access to LLMs through Copilot.

package/commands/athena-debug.md

@@ -4,6 +4,44 @@ description: Debug an issue using Oracle's deep reasoning capabilities
 
 # Athena Debug - Oracle-Powered Debugging
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+Examples of explicit permission:
+- User says: "Please commit these fixes"
+- User says: "Create a branch for this bugfix"
+- User says: "Push to origin" or "Create a PR"
+
+**If you believe git operations would be helpful, ASK the user first:**
+```
+I've fixed the issue. Would you like me to:
+1. Commit the fix to git, or
+2. Leave git operations for you to handle manually?
+```
+
+**To track story progress without git, use:**
+```
+athena_update_status({
+  storyId: "X.Y",
+  status: "in_progress",
+  notes: "Fixed issue: [description]"
+})
+```
+
+This updates sprint-status.yaml without requiring git commits.
+
+---
+
 Use Oracle, the debugging specialist, to analyze and fix complex issues with systematic hypothesis-driven debugging.
 
 **You are Sisyphus, the orchestrator.** You will coordinate Oracle's deep reasoning with automated tools to efficiently diagnose and fix issues.

package/commands/athena-dev.md

@@ -4,6 +4,44 @@ description: Implement the current BMAD story using Sisyphus and specialized sub
 
 # Athena Dev - Story Implementation
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+Examples of explicit permission:
+- User says: "Please commit these changes"
+- User says: "Create a branch called feature-x"
+- User says: "Push to origin" or "Create a PR"
+
+**If you believe git operations would be helpful, ASK the user first:**
+```
+I've completed the implementation. Would you like me to:
+1. Commit these changes to git, or
+2. Leave git operations for you to handle manually?
+```
+
+**To track story progress without git, use:**
+```
+athena_update_status({
+  storyId: "X.Y",
+  status: "completed",
+  completionSummary: "What was implemented..."
+})
+```
+
+This updates sprint-status.yaml without requiring git commits.
+
+---
+
 You are implementing a BMAD story using OpenCode Athena's full capabilities.
 
 **You are Sisyphus, the orchestrator.** You will coordinate subagents and tools to implement this story efficiently and correctly.

package/commands/athena-parallel.md

@@ -8,6 +8,23 @@ description: Work on multiple stories in parallel using background agents
 > 
 > This command describes **planned functionality** that is not yet available. The `athena_parallel` tool is a placeholder. This document describes the intended behavior for future implementation.
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+When working on multiple stories in parallel, git operations become especially important to coordinate manually. Always ask the user before performing any git operations.
+
+---
+
 Execute multiple BMAD stories simultaneously using background agents for maximum throughput.
 
 ## Planned Behavior

package/commands/athena-research.md

@@ -4,6 +4,23 @@ description: Research patterns, implementations, or documentation using Libraria
 
 # Athena Research - Librarian-Powered Research
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+This command focuses on research and should rarely involve git operations. If you believe git operations are needed, ASK the user first.
+
+---
+
 Use Librarian, the research specialist, to find patterns, examples, and documentation from multiple sources.
 
 **You are Sisyphus, the orchestrator.** You will coordinate Librarian's research capabilities with Explore for comprehensive information gathering.

package/commands/athena-review.md

@@ -4,6 +4,44 @@ description: Run a combined quality gate on the current story implementation
 
 # Athena Review - Automated Quality Gate
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+Examples of explicit permission:
+- User says: "Please commit these changes"
+- User says: "Create a branch called feature-x"
+- User says: "Push to origin" or "Create a PR"
+
+**If you believe git operations would be helpful, ASK the user first:**
+```
+The quality gate passed! Would you like me to:
+1. Commit these changes to git, or
+2. Leave git operations for you to handle manually?
+```
+
+**To track story progress without git, use:**
+```
+athena_update_status({
+  storyId: "X.Y",
+  status: "completed",
+  completionSummary: "What was implemented..."
+})
+```
+
+This updates sprint-status.yaml without requiring git commits.
+
+---
+
 Perform a comprehensive quality review by orchestrating **oh-my-opencode Oracle code review** and **BMAD adversarial review**, both powered by Oracle's deep reasoning capabilities.
 
 **You are Sisyphus, the orchestrator.** You will coordinate multiple review perspectives and synthesize the findings.

package/commands/athena-status.md

@@ -4,6 +4,23 @@ description: View and manage BMAD sprint status
 
 # Athena Status - Sprint Status Management
 
+## Git Operations Policy
+
+**⚠️ AUTOMATIC GIT OPERATIONS ARE PROHIBITED**
+
+You must NOT perform any git operations automatically:
+- ❌ Do NOT run `git commit` to save changes
+- ❌ Do NOT run `git push` to push to remote
+- ❌ Do NOT run `git checkout -b` or `git branch` to create branches
+- ❌ Do NOT run `git merge`, `git rebase`, or `git cherry-pick`
+- ❌ Do NOT run `gh pr create` or other GitHub CLI operations
+
+**Git operations are ONLY permitted if the user explicitly requests them.**
+
+This command focuses on status management and should not involve git operations.
+
+---
+
 View current sprint progress and manage story statuses. This command helps you track where you are in the sprint and what to work on next.
 
 ## Quick Status Check

package/config/schemas/athena.schema.json

@@ -149,7 +149,8 @@
         "notifications": { "type": "boolean", "default": true },
         "contextMonitor": { "type": "boolean", "default": true },
         "commentChecker": { "type": "boolean", "default": true },
-        "lspTools": { "type": "boolean", "default": true }
+        "lspTools": { "type": "boolean", "default": true },
+        "autoGitOperations": { "type": "boolean", "default": false, "description": "Allow agents to perform git/gh operations automatically (false = requires explicit user permission)" }
       }
     },
     "mcps": {

package/dist/cli/index.js

@@ -905,7 +905,8 @@ var FeaturesSchema = z.object({
   notifications: z.boolean(),
   contextMonitor: z.boolean(),
   commentChecker: z.boolean(),
-  lspTools: z.boolean()
+  lspTools: z.boolean(),
+  autoGitOperations: z.boolean().default(false)
 });
 var McpsSchema = z.object({
   context7: z.boolean(),
@@ -1338,9 +1339,14 @@ var AVAILABLE_FEATURES = [
   {
     name: "LSP Refactoring Tools - Enable lsp_rename, lsp_find_references, etc.",
     value: "lsp-tools"
+  },
+  {
+    name: "Auto Git Operations - Allow agents to commit/push/branch automatically (unchecked = requires explicit permission)",
+    value: "auto-git-operations"
   }
 ];
 var ALL_FEATURE_VALUES = AVAILABLE_FEATURES.map((f) => f.value);
+var FEATURES_ENABLED_BY_DEFAULT = ALL_FEATURE_VALUES.filter((f) => f !== "auto-git-operations");
 var AVAILABLE_MCPS = [
   {
     name: "context7 - Documentation lookup and context retrieval",
@@ -1357,7 +1363,7 @@ var AVAILABLE_MCPS = [
 ];
 var ALL_MCP_VALUES = AVAILABLE_MCPS.map((m) => m.value);
 function createFeatureChoices(defaults) {
-  const enabledSet = new Set(defaults ?? ALL_FEATURE_VALUES);
+  const enabledSet = new Set(defaults ?? FEATURES_ENABLED_BY_DEFAULT);
   return AVAILABLE_FEATURES.map((feature) => ({
     ...feature,
     checked: enabledSet.has(feature.value)
@@ -1392,7 +1398,8 @@ function featuresToFlags(enabledFeatures) {
     notifications: enabledFeatures.includes("notifications"),
     contextMonitor: enabledFeatures.includes("context-monitor"),
     commentChecker: enabledFeatures.includes("comment-checker"),
-    lspTools: enabledFeatures.includes("lsp-tools")
+    lspTools: enabledFeatures.includes("lsp-tools"),
+    autoGitOperations: enabledFeatures.includes("auto-git-operations")
   };
 }
 function mcpsToFlags(mcps) {