opencode-ultra 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/config.d.ts CHANGED
@@ -69,6 +69,10 @@ declare const PluginConfigSchema: z.ZodObject<{
69
69
  maxEnforcements: z.ZodOptional<z.ZodNumber>;
70
70
  }, z.core.$strip>>;
71
71
  mcp_api_keys: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
72
+ safety: z.ZodOptional<z.ZodObject<{
73
+ maxTotalSpawned: z.ZodOptional<z.ZodNumber>;
74
+ agentTimeoutMs: z.ZodOptional<z.ZodNumber>;
75
+ }, z.core.$strip>>;
72
76
  }, z.core.$loose>;
73
77
  export type PluginConfig = z.infer<typeof PluginConfigSchema>;
74
78
  export declare function parsePluginConfig(raw: unknown): PluginConfig;
package/dist/index.js CHANGED
@@ -14643,66 +14643,50 @@ var BUILTIN_AGENTS = {
14643
14643
  },
14644
14644
  scout: {
14645
14645
  model: "anthropic/claude-sonnet-4-5",
14646
- description: "Plugin ecosystem researcher \u2014 finds, analyzes, and compares OpenCode plugins with trust scoring",
14646
+ description: "Plugin ecosystem researcher \u2014 discovers features and techniques from other OpenCode plugins",
14647
14647
  prompt: `You are Scout, an OpenCode plugin ecosystem researcher.
14648
14648
 
14649
14649
  ## YOUR MISSION
14650
- Search the web (npm, GitHub, OpenCode community) for OpenCode plugins and extensions.
14651
- Collect STRUCTURED METADATA for trust scoring. Compare with opencode-ultra.
14650
+ Search for OpenCode plugins and analyze WHAT THEY DO and HOW THEY DO IT.
14651
+ The goal is to find features and techniques that opencode-ultra can learn from \u2014 NOT to recommend installing them.
14652
14652
 
14653
14653
  ## SEARCH STRATEGY
14654
14654
  1. Search npm for "opencode-plugin", "opencode-ai", "@opencode" packages
14655
14655
  2. Search GitHub for "opencode plugin", "opencode extension", "oh-my-opencode"
14656
14656
  3. Look at package.json dependencies on @opencode-ai/plugin or @opencode-ai/sdk
14657
- 4. Read README files and source code of discovered plugins
14657
+ 4. Read README files and SOURCE CODE of discovered plugins \u2014 understand their implementation
14658
14658
 
14659
- ## CRITICAL: METADATA COLLECTION
14660
- For EACH plugin found, you MUST collect these fields (used for trust scoring):
14661
- - **name**: exact npm package name
14662
- - **version**: latest version string
14663
- - **lastPublished**: ISO date of last npm publish (e.g. "2026-01-15")
14664
- - **weeklyDownloads**: weekly npm download count (number)
14665
- - **stars**: GitHub stars (number, 0 if unknown)
14666
- - **repository**: GitHub/GitLab repo URL
14667
- - **license**: SPDX license identifier (e.g. "MIT", "ISC")
14668
- - **hasReadme**: true/false
14669
- - **maintainerCount**: number of npm maintainers
14670
- - **dependencyCount**: number of production dependencies
14671
- - **description**: one-line description
14672
- - **features**: bullet list of capabilities
14673
- - **uniqueIdeas**: features that opencode-ultra does NOT have
14659
+ ## WHAT TO ANALYZE PER PLUGIN
14660
+ - **name**: package name + repo URL
14661
+ - **description**: what it does
14662
+ - **features**: detailed list of capabilities
14663
+ - **hooks used**: which OpenCode hooks (chat.message, tool.execute.after, etc.)
14664
+ - **tools provided**: custom tools and what they do
14665
+ - **techniques**: interesting implementation patterns (e.g. caching strategies, prompt engineering, API usage)
14666
+ - **unique ideas**: features/approaches NOT in opencode-ultra
14667
+
14668
+ ## WHAT TO SKIP
14669
+ - Auth plugins (opencode-*-auth) \u2014 domain-specific, not relevant
14670
+ - Abandoned/empty repos (no commits in 6+ months, no README)
14671
+ - Trivial wrappers (just re-exports or single-function plugins)
14674
14672
 
14675
14673
  ## OUTPUT FORMAT
14676
- Return a JSON array of plugin objects with the fields above. Example:
14677
- \`\`\`json
14678
- [
14679
- {
14680
- "name": "opencode-supermemory",
14681
- "version": "1.2.0",
14682
- "lastPublished": "2026-02-01",
14683
- "weeklyDownloads": 500,
14684
- "stars": 45,
14685
- "repository": "https://github.com/supermemoryai/opencode-supermemory",
14686
- "license": "MIT",
14687
- "hasReadme": true,
14688
- "maintainerCount": 2,
14689
- "dependencyCount": 5,
14690
- "description": "Persistent memory across OpenCode sessions",
14691
- "features": ["Session memory", "Cross-project recall"],
14692
- "uniqueIdeas": ["Long-term memory that opencode-ultra lacks"]
14693
- }
14694
- ]
14695
- \`\`\`
14674
+ For each INTERESTING plugin (skip the trivial ones):
14696
14675
 
14697
- Also include a text summary with gap analysis after the JSON block.
14676
+ ### [plugin-name]
14677
+ - **What**: one-line description
14678
+ - **Repo**: URL
14679
+ - **Features**: bullet list
14680
+ - **Hooks**: which hooks and how they use them
14681
+ - **Tools**: custom tools and purpose
14682
+ - **Interesting technique**: what they do that's clever or useful
14683
+ - **Applicable to opencode-ultra**: YES/NO + what we could adapt
14698
14684
 
14699
- ## COMPARISON
14700
- After listing plugins, generate:
14701
- - Features others have that opencode-ultra lacks
14702
- - Features opencode-ultra has that others lack (competitive advantages)
14703
- - Improvement priority list (high/medium/low impact)
14685
+ End with a summary section:
14686
+ ## Features opencode-ultra could adopt
14687
+ (Ranked by impact \u2014 high/medium/low)
14704
14688
 
14705
- Be thorough but focused. Skip abandoned or trivial plugins.`,
14689
+ Be thorough but focused on QUALITY over quantity. 5 well-analyzed plugins beats 20 superficial listings.`,
14706
14690
  mode: "subagent",
14707
14691
  maxTokens: 32000
14708
14692
  }
@@ -14940,58 +14924,81 @@ var THINK_MESSAGE = `Extended thinking enabled. Take your time to reason thoroug
14940
14924
  var EVOLVE_MESSAGE = `[evolve-mode] SELF-IMPROVEMENT CYCLE ACTIVATED.
14941
14925
 
14942
14926
  ## MISSION
14943
- Search the OpenCode plugin ecosystem, evaluate trust/quality, identify gaps, and optionally apply improvements.
14927
+ Discover what other OpenCode plugins do well, compare with opencode-ultra's current capabilities, and propose concrete improvements to opencode-ultra itself.
14928
+
14929
+ This is NOT about installing other plugins. This is about LEARNING from the ecosystem and making opencode-ultra better.
14944
14930
 
14945
14931
  ## TOOLS AVAILABLE
14946
14932
  - **spawn_agent** \u2014 run scout + explore agents in parallel for data gathering
14947
- - **evolve_apply** \u2014 apply plugin recommendations to OpenCode config (with trust scoring and backup)
14933
+ - **ledger_save** \u2014 persist improvement proposals for future implementation
14934
+
14935
+ ## PHASE 1: GATHER (parallel \u2014 BOTH agents MANDATORY)
14948
14936
 
14949
- ## STEPS
14950
- 1. **SCOUT** \u2014 Spawn the **scout** agent to search npm/GitHub for OpenCode plugins. Scout MUST return package metadata (lastPublished, weeklyDownloads, stars, repository, license, maintainerCount, dependencyCount) for each plugin found.
14951
- 2. **READ SELF** \u2014 Read opencode-ultra's own capabilities via explore agent
14952
- 3. **SCORE** \u2014 For each discovered plugin, the evolve_apply tool computes a trust score (0-100):
14953
- - 90-100: HIGH trust (safe to auto-install)
14954
- - 70-89: MEDIUM trust (review recommended)
14955
- - 40-69: LOW trust (caution)
14956
- - 0-39: RISKY (blocked from install)
14957
- 4. **COMPARE** \u2014 Generate gap analysis with trust scores
14958
- 5. **PROPOSE** \u2014 Present scored recommendations to the user
14959
- 6. **APPLY** \u2014 If user approves, call evolve_apply to update config:
14937
+ You MUST spawn BOTH agents below. Do NOT skip the explore agent.
14960
14938
 
14961
14939
  \`\`\`
14962
- evolve_apply({
14963
- plugins: [
14964
- {
14965
- name: "opencode-supermemory",
14966
- version: "latest",
14967
- reason: "Persistent memory across sessions",
14968
- metadata: {name: "opencode-supermemory", lastPublished: "2026-02-01", weeklyDownloads: 500, stars: 45, repository: "https://github.com/...", license: "MIT", maintainerCount: 2}
14969
- }
14970
- ],
14971
- dryRun: true
14940
+ spawn_agent({
14941
+ agents: [
14942
+ {agent: "scout", prompt: "Search npm and GitHub for OpenCode 1.2.x plugins. For EACH plugin, analyze: what features does it provide? What hooks, tools, or techniques does it use? Focus on UNIQUE capabilities that are genuinely useful. Return a structured feature inventory per plugin.", description: "Ecosystem feature scan"},
14943
+ {agent: "explore", prompt: "Read opencode-ultra's INSTALLED source at ~/.cache/opencode/node_modules/opencode-ultra/. Read these files: src/index.ts, src/tools/spawn-agent.ts, src/tools/ralph-loop.ts, src/tools/evolve-apply.ts, src/hooks/keyword-detector.ts, src/hooks/rules-injector.ts, src/safety/sanitizer.ts, src/safety/trust-score.ts, src/concurrency/pool.ts, src/agents/index.ts, src/categories/index.ts, README.md. For EACH file, list: what it does, what hooks/tools/features it provides, what techniques it uses. Output a structured capability inventory with Yes/No for each feature area.", description: "Self-analysis of opencode-ultra"}
14944
+ ]
14972
14945
  })
14973
14946
  \`\`\`
14974
14947
 
14975
- Use dryRun: true FIRST to preview, then dryRun: false after user approval.
14948
+ ## HARD GATE: DO NOT proceed to Phase 2 until BOTH agents return results.
14949
+ If the explore agent fails to find files, try reading from the current project directory or use Grep to locate opencode-ultra source files. You MUST have a concrete list of opencode-ultra's current capabilities before comparing.
14950
+
14951
+ ## PHASE 2: COMPARE
14952
+
14953
+ Build a structured gap analysis using BOTH agents' results.
14976
14954
 
14977
- 7. **SAVE** \u2014 Save findings to ledger: ledger_save({name: "evolve-scan-YYYY-MM-DD", content: "..."})
14955
+ **CRITICAL**: The "opencode-ultra" column MUST be filled with Yes/No/Partial based on the explore agent's output. NEVER write "TBD" or "unknown" \u2014 if you don't know, re-read the source.
14956
+
14957
+ ### Feature Matrix
14958
+ | Feature | opencode-ultra (current) | Other plugin(s) | Gap? |
14959
+ |---------|-------------------------|-----------------|------|
14960
+ | (feature) | Yes / No / Partial \u2014 cite which file | Which plugin has it | Missing / Partial / Covered |
14961
+
14962
+ Focus on features that are:
14963
+ - **Genuinely useful** (not gimmicks)
14964
+ - **Feasible to implement** (not requiring external infrastructure)
14965
+ - **Complementary** to existing capabilities (not duplicate)
14966
+
14967
+ ### What to IGNORE
14968
+ - Auth plugins (opencode-antigravity-auth etc.) \u2014 domain-specific, not relevant
14969
+ - oh-my-opencode features we already ported \u2014 mark as "Covered"
14970
+ - Trivial wrappers or abandoned projects
14971
+
14972
+ ## PHASE 3: PROPOSE
14973
+ For each identified gap (Missing or Partial), produce a concrete improvement proposal:
14978
14974
 
14979
- ## EXECUTION
14980
14975
  \`\`\`
14981
- spawn_agent({
14982
- agents: [
14983
- {agent: "scout", prompt: "Search npm and GitHub for OpenCode 1.2.x plugins. For EACH plugin found, collect: name, version, lastPublished date, weeklyDownloads, GitHub stars, repository URL, license, maintainerCount, dependencyCount. Return structured data.", description: "Plugin ecosystem scan + metadata"},
14984
- {agent: "explore", prompt: "Read opencode-ultra's README.md, src/index.ts, src/agents/index.ts to catalog current features", description: "Self-analysis"}
14985
- ]
14986
- })
14976
+ ## Improvement: [Feature Name]
14977
+ **Inspiration**: [Plugin name] \u2014 [what it does]
14978
+ **Current state in opencode-ultra**: [what we have now, citing files]
14979
+ **Why**: [Why opencode-ultra needs this]
14980
+ **How**: [Implementation sketch \u2014 which file to modify, what to add]
14981
+ **Effort**: Low / Medium / High
14982
+ **Priority**: P0 (critical) / P1 (important) / P2 (nice-to-have)
14987
14983
  \`\`\`
14988
14984
 
14989
- After gathering results:
14990
- 1. Call evolve_apply with dryRun: true to preview trust scores
14991
- 2. Present results to user with recommendation
14992
- 3. If approved, call evolve_apply with dryRun: false
14985
+ Sort proposals by Priority then Effort (P0-Low first, P2-High last).
14986
+
14987
+ ## PHASE 4: SAVE
14988
+ Save the full analysis to the continuity ledger:
14989
+ \`\`\`
14990
+ ledger_save({
14991
+ name: "evolve-scan-YYYY-MM-DD",
14992
+ content: "# Evolve Scan Results\\n\\n## Feature Matrix\\n...\\n## Improvement Proposals\\n..."
14993
+ })
14994
+ \`\`\`
14993
14995
 
14994
- **Trust scoring prevents bad plugins from entering your system. Always dry-run first.**`;
14996
+ ## IMPORTANT
14997
+ - The goal is to make opencode-ultra BETTER, not to install other plugins.
14998
+ - Other plugins are REFERENCE MATERIAL \u2014 study their approach, then design our own implementation.
14999
+ - Every proposal must include a concrete "How" section with file paths and implementation direction.
15000
+ - The opencode-ultra column in Feature Matrix must NEVER be TBD. Read the source first.
15001
+ - Present the final proposals to the user for approval before any implementation.`;
14995
15002
 
14996
15003
  // src/hooks/rules-injector.ts
14997
15004
  import * as fs2 from "fs";
@@ -0,0 +1,2 @@
1
+ export { sanitizeAgentOutput, sanitizeSpawnResult, type SanitizeResult } from "./sanitizer";
2
+ export { computeTrustScore, isTyposquatSuspect, formatTrustTable, type PackageMetadata, type TrustScoreResult, type TrustFactor, } from "./trust-score";
@@ -0,0 +1,19 @@
1
+ /**
2
+ * Prompt injection sanitizer — strips common injection patterns from agent outputs.
3
+ * Applied at the boundary where sub-agent results re-enter the orchestrator's context.
4
+ */
5
+ export interface SanitizeResult {
6
+ text: string;
7
+ flagged: boolean;
8
+ warnings: string[];
9
+ }
10
+ /**
11
+ * Sanitize text from agent outputs to prevent prompt injection.
12
+ * Returns the cleaned text plus any warnings.
13
+ */
14
+ export declare function sanitizeAgentOutput(text: string): SanitizeResult;
15
+ /**
16
+ * Apply sanitizer to a spawn_agent result string.
17
+ * Adds a warning banner if injection was detected.
18
+ */
19
+ export declare function sanitizeSpawnResult(result: string): string;
@@ -0,0 +1,51 @@
1
+ /**
2
+ * Trust Score — evaluates npm packages for reliability and safety.
3
+ * Used by evolve mode to rank plugin recommendations.
4
+ *
5
+ * Score 0–100:
6
+ * 90–100 HIGH trust (well-maintained, popular, verified)
7
+ * 70–89 MEDIUM trust (decent maintenance, some usage)
8
+ * 40–69 LOW trust (stale, low usage, or missing metadata)
9
+ * 0–39 RISKY (abandoned, typosquat suspect, no repo)
10
+ */
11
+ export interface PackageMetadata {
12
+ name: string;
13
+ version?: string;
14
+ description?: string;
15
+ license?: string;
16
+ /** ISO date string of last publish */
17
+ lastPublished?: string;
18
+ /** Weekly npm downloads */
19
+ weeklyDownloads?: number;
20
+ /** GitHub stars (0 if no repo) */
21
+ stars?: number;
22
+ /** GitHub repo URL */
23
+ repository?: string;
24
+ /** Whether the package has a README */
25
+ hasReadme?: boolean;
26
+ /** Number of maintainers */
27
+ maintainerCount?: number;
28
+ /** Number of dependencies */
29
+ dependencyCount?: number;
30
+ }
31
+ export interface TrustScoreResult {
32
+ score: number;
33
+ level: "high" | "medium" | "low" | "risky";
34
+ factors: TrustFactor[];
35
+ summary: string;
36
+ }
37
+ export interface TrustFactor {
38
+ name: string;
39
+ score: number;
40
+ maxScore: number;
41
+ detail: string;
42
+ }
43
+ export declare function computeTrustScore(meta: PackageMetadata): TrustScoreResult;
44
+ export declare function isTyposquatSuspect(name: string): boolean;
45
+ /**
46
+ * Format trust scores as a markdown table for evolve output.
47
+ */
48
+ export declare function formatTrustTable(results: Array<{
49
+ meta: PackageMetadata;
50
+ score: TrustScoreResult;
51
+ }>): string;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "opencode-ultra",
3
- "version": "0.6.0",
3
+ "version": "0.6.2",
4
4
  "description": "Lightweight OpenCode 1.2.x plugin — ultrawork mode, multi-agent orchestration, rules injection",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",