opencode-goal-mode 0.1.0 → 0.2.1

package/ARCHITECTURE.md

@@ -0,0 +1,180 @@
+# Architecture
+
+OpenCode Goal Mode is three cooperating layers installed into an OpenCode
+configuration directory:
+
+1. **Agents** (`agents/*.md`) — a primary `goal` agent plus specialist
+   subagents (researchers, mappers, planners, and a matrix of strict review
+   gates). Each is a Markdown file: YAML frontmatter (mode, permissions, color,
+   temperature) over a system-prompt body.
+2. **Commands** (`commands/*.md`) — slash commands (`/goal`, `/goal-contract`,
+   `/goal-review`, `/goal-status`, `/goal-repair`, `/goal-final`) that bind a
+   prompt template to an agent, some forced to run as subtasks.
+3. **The `goal-guard` plugin** (`plugins/goal-guard.js` + `plugins/goal-guard/`)
+   — a runtime guard that enforces review discipline, blocks destructive shell
+   commands, preserves state across compaction and restarts, and exposes
+   first-class `goal_*` tools.
+
+This document focuses on the plugin, where the engineering lives.
+
+## Why a plugin at all
+
+A prompt alone cannot guarantee discipline across a long session: the model can
+forget the Goal Contract after compaction, claim completion without running the
+required reviews, or run a destructive command. The plugin closes those gaps
+using OpenCode's hook system as enforcement points that the model cannot talk
+its way around.
+
+## Module layout
+
+The entry file `plugins/goal-guard.js` is deliberately thin — it wires hooks to
+modules and contains no business logic. OpenCode's plugin discovery glob is
+`{plugin,plugins}/*.{ts,js}` (a single level), so the helper modules under
+`plugins/goal-guard/` are imported relatively but are **not** themselves loaded
+as plugins. Each module is independently unit-tested.
+
+| Module | Responsibility |
+| --- | --- |
+| `goal-guard.js` | Hook wiring, state-mutation orchestration, tool registration. |
+| `goal-guard/shell.js` | Quote-aware shell tokenizer + command classifier. |
+| `goal-guard/agents.js` | Canonical agent sets, base gates, contextual-gate keyword map. |
+| `goal-guard/config.js` | Config resolution (defaults < env vars < plugin options). |
+| `goal-guard/state.js` | Per-session state records + the store (monotonic seq, LRU, persistence hooks). |
+| `goal-guard/persistence.js` | Atomic, debounced JSON persistence under the XDG state dir. |
+| `goal-guard/verdicts.js` | Verdict extraction (last-wins, anchored) and recording. |
+| `goal-guard/gates.js` | Required-gate computation and freshness. |
+| `goal-guard/completion.js` | `Goal Completed` claim evaluation. |
+| `goal-guard/events.js` | Shared edit/verification/evidence mutators. |
+| `goal-guard/summary.js` | State summaries and structured status reports. |
+| `goal-guard/system.js` | Live state block injected into the system prompt. |
+| `goal-guard/tools.js` | The `goal_status` / `goal_contract` / `goal_evidence` / `goal_reset` tools. |
+| `goal-guard/logger.js` | Best-effort logging/toasts over the OpenCode client. |
+
+## Hooks used
+
+Verified against `@opencode-ai/plugin@1.15.13` source.
+
+| Hook | Purpose in the guard |
+| --- | --- |
+| `chat.message` | Capture the user's goal text (drives contextual review gates). |
+| `chat.params` | Track the current agent; activate goal sessions. |
+| `experimental.chat.system.transform` | Inject the live Goal Guard state block. |
+| `tool.execute.before` | Block destructive / remote-exec bash by throwing. |
+| `tool.execute.after` | Record edits, verification, mutations, and review verdicts. |
+| `experimental.text.complete` | Rewrite premature `Goal Completed` claims. |
+| `experimental.session.compacting` | Preserve guard state across compaction. |
+| `event` | Track `file.edited` (subagent edits), flush state on `session.idle`. |
+| `tool` | Register the custom `goal_*` tools. |
+| `dispose` | Flush persisted state. |
+
+`permission.ask` is intentionally **not** used: in 1.15.13 it is declared in the
+type but never triggered by the runtime, so destructive blocking is done by
+throwing in `tool.execute.before` (the throw surfaces to the model as the tool's
+error result).
+
+## State model
+
+State is created **per plugin instance** (a closure), not a module global, so
+two OpenCode projects can never cross-contaminate each other's verdicts or dirty
+flags. Within an instance, state is keyed by session id.
+
+Every state-changing event draws from a single **monotonic `seq` counter** owned
+by the store. Review freshness ("is this PASS newer than the latest edit?") is
+decided by comparing seq numbers, not millisecond ISO timestamps — so two events
+in the same millisecond cannot tie, and a review can never be accepted as fresh
+against an edit it did not actually follow. Edits invalidate prior reviews;
+re-running verification does not.
+
+A session record tracks: active flag, captured goal text, the Goal Contract,
+dirty flag and reasons, changed files, review-cycle count, the last edit/review/
+verification seq and timestamps, the verdict log and per-agent latest verdict,
+recorded evidence, and completion-rejection history.
+
+### Persistence
+
+OpenCode exposes no key/value store to plugins and discards in-memory plugin
+state on restart. `persistence.js` writes the store snapshot as JSON under
+`$XDG_STATE_HOME/opencode/goal-guard/<sha256(worktree)>.json`, atomically (temp
+file + rename) and debounced. On load the store rehydrates and the seq counter
+is restored so ordering stays monotonic across restarts. A read-only or sandboxed
+filesystem degrades to pure in-memory operation rather than failing a tool call.
+
+## Shell command analysis
+
+`shell.js` replaces boundary-anchored regexes (which were trivially bypassed)
+with a real lexer. It respects single/double quotes and backslash escapes,
+recurses into `$( … )` / backtick substitutions, `eval`, and `-c` strings,
+unwraps `sudo`/`env`/`xargs`/`timeout`/`nice`, resolves `/bin/rm` to `rm`, and
+classifies each *simple* command by its resolved binary into four independent
+signals:
+
+- **destructive** — irreversible loss (`rm -rf`, `git reset --hard`, `dd of=/dev`,
+  `curl | sh`, interpreter `os.remove`, …); blocked before execution.
+- **mutating** — writes to the tree (`npm install`, `tee`, `> file`, `git commit`);
+  marks the session dirty.
+- **verification** — test/build/lint/typecheck commands; counts as evidence.
+- **networkExec** — piping untrusted network output into a shell.
+
+This catches the documented bypass corpus (`$(rm -rf /)`, `bash -c "rm -rf /"`,
+`git -C /r reset --hard`, env-prefixes, newlines, interpreter deletions) while
+clearing false positives such as `git checkout -b feature` and quoted text like
+`echo "rm -rf /"`.
+
+## Gating and completion
+
+`gates.js` derives the required review gates from a fixed base set plus
+contextual specialists selected by whole-word keyword matches against the goal
+text, the recorded Goal Contract, and the set of changed files (so a goal about
+"auth tokens" requires the security reviewer; "capital city" does not pull in the
+api reviewer). A gate is satisfied only when its latest verdict is `PASS` with a
+seq newer than the last edit.
+
+`completion.js` evaluates a finished message that claims `Goal Completed`. Only
+active goal sessions are policed. The claim is rewritten to `Goal Not Completed`
+— with the specific missing gates appended — when the `Review cycles: N` line is
+absent, no cycle was recorded, the claimed N does not match the recorded count,
+or any required gate is missing/stale.
+
+## Custom tools
+
+The `tool` hook registers four tools (names are verbatim object keys):
+
+- `goal_contract` — record the Goal Contract; activates enforcement and fixes the
+  required specialist gates.
+- `goal_evidence` — log a verification command + result into the ledger.
+- `goal_status` — return the authoritative gate/dirty/completion status.
+- `goal_reset` — clear the session's goal state (requires `confirm: true`).
+
+The `@opencode-ai/plugin` import they need is isolated to `tools.js` and loaded
+via a guarded dynamic import, so if the host cannot resolve it the core guard
+hooks still load.
+
+## Configuration
+
+`config.js` merges, in increasing precedence: built-in defaults, environment
+variables (`GOAL_GUARD_*`), and the plugin `options` object passed via the
+`["./plugins/goal-guard.js", { … }]` form in `opencode.json`. Toggles cover
+destructive blocking, network-exec blocking, completion enforcement, system-state
+injection, persistence, contextual gates, session cache size/TTL, and toasts.
+
+## Installer
+
+`scripts/install.mjs` recursively copies `agents/`, `commands/`, and `plugins/`
+(including the nested module directory) into the target config dir, and records a
+manifest of the file hashes it wrote. On upgrade it distinguishes files it owns
+(safe to replace) from files the user has customized (a conflict requiring
+`--force`), prunes files from prior versions that no longer ship, and supports
+`--uninstall` (which leaves locally-modified files in place).
+
+## Testing
+
+`node --test` runs the suite:
+
+- `tests/shell.test.mjs` — the analyzer against the bypass and false-positive corpora.
+- `tests/plugin.test.mjs` — hook behavior, gating, verdicts, completion, tools, isolation.
+- `tests/state.test.mjs` — store, seq ordering, eviction, persistence round-trips.
+- `tests/agents.test.mjs` / `tests/commands.test.mjs` — frontmatter and contracts.
+- `tests/install.test.mjs` — recursive copy, manifest upgrades, uninstall.
+
+`npm run validate` runs the tests, the structural config validator, the publish
+readiness check, and an `npm pack --dry-run`.

package/README.md

@@ -1,21 +1,95 @@
 # OpenCode Goal Mode
 
-Strict Goal Mode for OpenCode: a primary `goal` mode, specialized subagents, slash commands, and a guard plugin that preserves review discipline across long sessions.
+Strict Goal Mode for OpenCode: a primary `goal` agent, a matrix of specialized
+review subagents, slash commands, and a `goal-guard` plugin that enforces review
+discipline, blocks destructive shell commands, and preserves goal state across
+compaction **and** restarts.
+
+See [ARCHITECTURE.md](ARCHITECTURE.md) for the design and [research/](research/)
+for the platform reference, comparison, and threat model.
+
+## Why it's different
+
+Most "goal mode" / agentic setups are **prompt-only**: the model is *asked* to
+review its work and to keep going until done. Goal Mode adds a guard plugin that
+makes that discipline **mechanical at the harness layer** — the model cannot
+declare `Goal Completed` until the required reviews actually passed, and it
+cannot run a destructive command that a regex guard would miss.
+
+![Mechanically-enforced goal discipline vs. Claude Code and Codex](docs/benchmarks/capability-matrix.svg)
+
+Compared to Claude Code and OpenAI Codex (full analysis, with citations and
+honest caveats, in [research/goal-mode-comparison.md](research/goal-mode-comparison.md)):
+
+- **It is the only one of the three that mechanically blocks a premature
+  completion claim by default.** Goal Mode intercepts the finished message and
+  rewrites `Goal Completed` → `Goal Not Completed` unless every required reviewer
+  gate has a *fresh* PASS and the claimed `Review cycles: N` matches the recorded
+  counter. Claude Code can do this only via a user-authored Stop hook; Codex's
+  code review is advisory.
+- **An edit automatically invalidates prior approvals.** A reviewer gate counts
+  only when its PASS is newer (by a monotonic integer sequence) than the last
+  edit — so any change forces the relevant reviews to re-run. Neither Claude Code
+  nor Codex ships this stale-review invariant.
+- **Required specialist reviews are auto-selected and enforced** (security, api,
+  data, performance …) from the goal text, contract, and changed files — not left
+  to the model's discretion.
+- **Destructive commands are blocked by a real shell tokenizer**, not a regex.
+  Claude Code's own docs call Bash argument-matching *"fragile"*.
+
+### Benchmark: shell-guard accuracy
+
+The guard replaced a boundary-anchored regex classifier. On a labeled corpus of
+71 real commands (`npm run bench`, reproducible — see
+[research/benchmarks.md](research/benchmarks.md)):
+
+![Destructive-command detection rate by family](docs/benchmarks/detection-by-family.svg)
+
+![Overall guard accuracy: detection rate vs false-positive rate](docs/benchmarks/overall-scorecard.svg)
+
+| | Legacy regex guard | Goal Mode analyzer |
+| --- | --- | --- |
+| Destructive-command detection | **20.8%** | **100%** |
+| False positives on safe commands | **21.7%** | **0%** |
+| Obfuscated bypasses caught (`$(…)`, `bash -c`, `sudo -u`, interpreters) | 0% | 100% |
+| Remote exec (`curl \| sh`) caught | 0% | 100% |
+
+The deeper analysis costs ~0.6 µs more per command (~500,000 classifications/
+second) — negligible for a per-tool-call guard:
+
+![Per-command analysis latency](docs/benchmarks/latency.svg)
 
 ## Requirements
 
 - Node.js 20.11 or newer.
 - OpenCode configured to load local agents, commands, and plugins.
 
-## What It Adds
-
-- A primary `goal` agent that owns implementation but delegates research, discovery, verification planning, and reviews to subagents.
-- Strict review agents for prompt compliance, diff review, verification, security, UX, operations, and final completion.
-- Slash commands for `/goal`, `/goal-contract`, `/goal-review`, `/goal-status`, `/goal-repair`, and `/goal-final`.
-- A `goal-guard` OpenCode plugin that tracks dirty sessions, review cycles, review verdicts, and injects goal state into compaction.
-- Tests that validate agent frontmatter, command frontmatter, plugin behavior, install safety, and config compatibility.
-
-## Install Globally
+## What it adds
+
+- A primary `goal` agent that owns implementation but delegates research,
+  discovery, verification planning, and reviews to subagents.
+- Strict review gates for prompt compliance, diff review, verification, security,
+  UX, operations, data, API, performance, tests, docs, quality, and final audit.
+- Slash commands: `/goal`, `/goal-contract`, `/goal-review`, `/goal-status`,
+  `/goal-repair`, `/goal-final`.
+- The `goal-guard` plugin:
+  - **Quote-aware shell analysis** that blocks destructive and remote-exec
+    commands (including ones that evade naive regexes — `$(rm -rf …)`,
+    `bash -c "…"`, `/bin/rm`, `git -C … reset --hard`, `curl | sh`) without
+    false-positiving harmless commands like `git checkout -b`.
+  - **Completion enforcement**: a premature `Goal Completed` is rewritten to
+    `Goal Not Completed` with the exact missing review gates.
+  - **Contextual gating**: the goal text and changed files determine which
+    specialist reviewers are required.
+  - **Disk persistence**: review ledgers survive OpenCode restarts.
+  - **Custom tools**: `goal_contract`, `goal_evidence`, `goal_status`,
+    `goal_reset`.
+  - **Live state injection** into the system prompt so the model always knows
+    what the guard requires.
+- A test suite validating the analyzer, plugin hooks, state store, install
+  safety, and config compatibility.
+
+## Install globally
 
 ```bash
 npm ci
@@ -23,9 +97,10 @@ npm run validate
 npm run install:global
 ```
 
-Restart OpenCode after installation. OpenCode loads agents, commands, and plugins at startup.
+Restart OpenCode after installation. OpenCode loads agents, commands, and
+plugins at startup.
 
-## Install Into One Project
+## Install into one project
 
 ```bash
 npm ci
@@ -35,15 +110,56 @@ npm run install:local
 
 This writes to `./.opencode` in the current project.
 
-## Installer Options
+## Installer options
 
 ```bash
 node scripts/install.mjs --dry-run
 node scripts/install.mjs --target /path/to/opencode-config
 node scripts/install.mjs --global --force
+node scripts/install.mjs --global --uninstall
 ```
 
-The installer refuses to overwrite changed destination files unless `--force` is passed.
+The installer records a manifest of the files it writes. On upgrade it replaces
+files it owns but refuses to clobber files you have locally modified unless
+`--force` is passed. `--uninstall` removes only the files it installed and leaves
+your local edits in place.
+
+## Configuration
+
+The guard works with zero configuration. To tune it, add options in
+`opencode.json`:
+
+```jsonc
+{
+  "plugin": [
+    ["./plugins/goal-guard.js", { "blockDestructive": true, "contextualGates": true }]
+  ]
+}
+```
+
+Or via environment variables (`GOAL_GUARD_*`):
+
+| Option / env | Default | Effect |
+| --- | --- | --- |
+| `blockDestructive` / `GOAL_GUARD_BLOCK_DESTRUCTIVE` | `true` | Block destructive bash before execution. |
+| `blockNetworkExec` / `GOAL_GUARD_BLOCK_NETWORK_EXEC` | `true` | Block `curl \| sh`-style remote execution. |
+| `enforceCompletion` / `GOAL_GUARD_ENFORCE_COMPLETION` | `true` | Rewrite premature `Goal Completed`. |
+| `injectSystemState` / `GOAL_GUARD_INJECT_SYSTEM_STATE` | `true` | Inject live state into the prompt. |
+| `persist` / `GOAL_GUARD_PERSIST` | `true` | Persist state under the XDG state dir. |
+| `contextualGates` / `GOAL_GUARD_CONTEXTUAL_GATES` | `true` | Require specialist gates by goal keywords. |
+| `maxSessions` / `GOAL_GUARD_MAX_SESSIONS` | `200` | Session cache size. |
+| `sessionTtlMs` / `GOAL_GUARD_SESSION_TTL_MS` | `86400000` | Idle session TTL. |
+| `toastOnBlock` / `GOAL_GUARD_TOAST_ON_BLOCK` | `true` | Toast when something is blocked. |
+
+## Custom tools
+
+The plugin registers four tools the model can call directly:
+
+- `goal_contract` — record the Goal Contract (requirements, non-goals,
+  acceptance criteria). Activates enforcement and fixes the required gates.
+- `goal_evidence` — record a verification command and result.
+- `goal_status` — return the authoritative gate/dirty/completion status.
+- `goal_reset` — clear the session's goal state (requires `confirm: true`).
 
 ## Validation
 
@@ -54,40 +170,40 @@ npm run audit
 npm run publish:check
 ```
 
-`npm run validate` runs the test suite, checks the OpenCode package structure, verifies the guard plugin hooks, and performs an npm package dry run.
+`npm run validate` runs the test suite, the structural config validator, the
+publish readiness check, and an `npm pack --dry-run`.
 
-## npm Publishing
+## Models
 
-Install from npm after the first publish:
+Agents do not pin a provider-specific model, so they inherit the model OpenCode
+is configured to use. To give a particular agent a specific model, add a
+`model:` (and optional `variant:`) line to that agent's frontmatter in your
+installed copy.
 
-```bash
-npm install -g opencode-goal-mode
-opencode-goal-mode-install --global
-```
-
-Publishing is handled by `.github/workflows/publish.yml`.
+## Safety
 
-First publish:
+The installer copies only `agents/*.md`, `commands/*.md`, and the `plugins/`
+tree — never auth files, session files, tokens, or personal provider config.
 
-```bash
-npm publish --access public --otp <2fa-code>
-```
+The guard blocks destructive shell commands, marks real file mutations dirty,
+keeps read-only inspection from dirtying the session, preserves goal state during
+compaction and across restarts, and blocks premature `Goal Completed` responses
+when review gates are missing or stale.
 
-npm requires 2FA proof or a granular access token with bypass 2FA enabled for creating and publishing packages. After the package exists on npm, configure Trusted Publishing for tokenless releases:
+## npm publishing
 
-- Provider: GitHub Actions
-- Organization/user: `devinoldenburg`
-- Repository: `opencode-goal-mode`
-- Workflow filename: `publish.yml`
-- Allowed action: `npm publish`
-
-The workflow already has `id-token: write`, runs on Node 24, uses npm 11, and publishes with:
+Install from npm after the first publish:
 
 ```bash
-npm publish --access public
+npm install -g opencode-goal-mode
+opencode-goal-mode-install --global
 ```
 
-If you prefer token-based publishing instead of Trusted Publishing, add a repository secret named `NPM_TOKEN` with a granular npm token that has publish rights and bypass 2FA enabled.
+Publishing is handled by `.github/workflows/publish.yml`, which runs on Node 24
+with `id-token: write` for Trusted Publishing. The workflow validates the
+package, checks the tag matches `package.json`, verifies the version is not
+already on npm, then publishes. Manual workflow dispatch defaults to
+`npm publish --dry-run`.
 
 Release flow:
 
@@ -96,19 +212,9 @@ npm version patch
 git push --follow-tags
 ```
 
-Create a GitHub Release from the pushed tag, for example `v0.1.1`. The publish workflow validates the package, checks that the tag matches `package.json`, verifies that the version is not already on npm, then publishes to npm.
-
-Manual workflow dispatch defaults to `npm publish --dry-run`.
-
-## Safety
-
-This repository intentionally does not include auth files, session files, tokens, or personal OpenCode provider config. The installer copies only:
-
-- `agents/*.md`
-- `commands/*.md`
-- `plugins/goal-guard.js`
-
-The guard plugin blocks destructive shell commands, marks real file mutations dirty, avoids dirtying sessions for read-only inspection commands, preserves Goal state during compaction, and blocks premature `Goal Completed` responses when review gates are missing or stale.
+Then create a GitHub Release from the pushed tag (e.g. `v0.1.1`). For
+token-based publishing instead of Trusted Publishing, add a repository secret
+`NPM_TOKEN` with publish rights.
 
 ## Goal Completion Contract
 
@@ -116,6 +222,6 @@ The guard plugin blocks destructive shell commands, marks real file mutations di
 
 - All acceptance criteria are mapped to evidence.
 - Required verification passed or is credibly accounted for.
-- Latest edit is not newer than latest required review cycle.
+- No edit is newer than the latest required review cycle.
 - Required reviewers return `Verdict: PASS`.
-- Final answer includes `Review cycles: N`.
+- The final answer includes an accurate `Review cycles: N`.

package/agents/goal-api-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for API design review, endpoint contracts, request/response schemas, backward compatibility, versioning, authentication boundaries, and client impact.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: error
 permission:

package/agents/goal-architect.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for system design, architectural decision records, technology selection, tradeoff analysis, data flow, module boundaries, and integration contracts.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: info
 permission:

package/agents/goal-commentator.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively to add, improve, or standardize code comments, inline documentation, parameter descriptions, and developer-facing annotations without changing behavior.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:

package/agents/goal-completion-guard.md

@@ -1,8 +1,6 @@
 ---
 description: Use at completion time to enforce that every required contextual review gate has passed after the latest edit and verification. Prevents premature Goal Completed claims.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: error
 permission:

package/agents/goal-coordinator.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively to orchestrate multiple subagents, manage dependencies, sequence parallel workstreams, aggregate results, and keep complex multi-part goals on track.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:

package/agents/goal-data-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for data model review, database schema, migrations, seed data, constraints, indexes, consistency rules, and data integrity checks.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: error
 permission:

package/agents/goal-deep-researcher.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for deep web research, external documentation, specs, RFCs, academic sources, competitor analysis, and authoritative references. Complements file/code research with full web-scale evidence gathering.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: info
 permission:

package/agents/goal-diff-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use after any file change to inspect diffs, side effects, regressions, unintended edits, and scope creep.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: error
 permission:

package/agents/goal-doc-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use for documentation, README, command help, install instructions, and maintainability of Goal Mode guidance.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:

package/agents/goal-doc-writer.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for generating, updating, and improving documentation: READMEs, API docs, manuals, runbooks, inline help, release notes, and ADRs.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:

package/agents/goal-explorer.md

@@ -1,7 +1,6 @@
 ---
 description: Use proactively for local codebase exploration, file discovery, structure mapping, dependency tracing, and convention detection before Goal Mode implementation.
 mode: subagent
-model: ordis/minimax/minimax-m3
 color: secondary
 permission:
   read: allow
@@ -25,11 +24,13 @@ permission:
 
 You are a fast local exploration agent for Goal Mode. Build implementation context without changing files.
 
-Return only concise actionable context:
+Discipline: return distilled conclusions, not raw material. Never paste large file bodies, full command output, or long search logs — cite `path:line` and summarize. Your job is to protect the main agent's context, so keep the response tight and actionable.
 
-- Relevant files
-- Current behavior
-- Constraints and conventions
-- Suggested edit points
-- Verification commands
-- Risks to preserve
+Return only concise actionable context, in exactly these sections:
+
+- Relevant files: each as `path:line` with a one-line reason.
+- Current behavior: how the relevant code works today.
+- Constraints and conventions: patterns the implementation must follow.
+- Suggested edit points: the specific files/functions to change.
+- Verification commands: how a change here is tested.
+- Risks to preserve: behavior that must not regress.

package/agents/goal-final-auditor.md

@@ -1,8 +1,6 @@
 ---
 description: Use as the final read-only completion gate before any Goal Mode answer may start with Goal Completed.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: error
 permission:

package/agents/goal-implementer.md

@@ -1,8 +1,6 @@
 ---
 description: Use only for isolated bounded implementation subtasks when the main Goal agent explicitly delegates a narrow edit.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 color: warning
 hidden: true
 permission:

package/agents/goal-mapper.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for codebase structure mapping, entry points, dependency tracing, callgraph analysis, symbol resolution, test mapping, and configuration trail following.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:

package/agents/goal-ops-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use for config-time changes, install scripts, restarts, migrations, environment assumptions, GitHub/CI operations, and deployment/release risk.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: warning
 permission:

package/agents/goal-perf-reviewer.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for performance, scalability, resource usage, latency, throughput, memory, CPU, I/O, algorithmic complexity, and observability review.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: xhigh
 temperature: 0
 color: error
 permission:

package/agents/goal-planner.md

@@ -1,8 +1,6 @@
 ---
 description: Use proactively for breaking goals into executable tasks, sequencing, priority assignment, risk estimation, and acceptance-criteria alignment checks.
 mode: subagent
-model: ordis/chatgpt/gpt-5.5
-variant: high
 temperature: 0
 color: info
 permission:
@@ -35,6 +33,13 @@ Planning rules:
 - For each task, include: objective, inputs, outputs, verification command, rollback option, and acceptance check.
 - Estimate complexity and flag blockers that require human input.
 - Identify risks per task and propose mitigations.
-- M
-</think>
-Ich muss das `meta.json`-Mapping in `validate-opencode-config.mjs` und die Agent/Command-Listen anpassen, damit die neuen Agent(en) sauber laden.
+- Map every task back to at least one acceptance criterion; flag any criterion no task covers.
+- Name the required review gates each task will need (diff, verifier, security, etc.).
+
+Output format (return only this, no file dumps):
+
+- Task list: numbered, each with objective, inputs, outputs, verification command, rollback, acceptance check, and dependency IDs.
+- Execution order: the sequence with rationale (dependencies and risk first).
+- Coverage map: acceptance criterion -> task IDs that satisfy it; list any uncovered criteria.
+- Risks and mitigations.
+- Open blockers requiring human input, or "none".