opencodekit 0.10.0 → 0.11.1

package/dist/template/.opencode/command/revert-feature.md

@@ -1,127 +1,409 @@
 ---
-description: Smart git-aware revert for a bead/feature
-argument-hint: "<bead-id> [--phase=N] [--task=N] [--soft]"
+description: Smart git-aware revert for a bead/feature with safety checks
+argument-hint: "<bead-id> [--phase=N] [--task=N] [--soft] [--dry-run] [--interactive]"
 agent: build
 model: proxypal/gemini-3-flash-preview
 ---
 
 # Revert Feature: $ARGUMENTS
 
-**Load skill:** `skill({ name: "verification-before-completion" })`
+**Load skills:**
 
-Intelligently revert changes for a bead with git awareness.
+```typescript
+skill({ name: "beads" }); // Session protocol
+skill({ name: "verification-before-completion" });
+```
+
+Intelligently revert changes for a bead with comprehensive safety checks.
+
+## Parse Arguments
 
-## Instructions
+| Argument               | Default  | Description                       |
+| ---------------------- | -------- | --------------------------------- |
+| Bead ID                | required | Feature to revert                 |
+| `--phase=N`            | all      | Revert only specific phase        |
+| `--task=N`             | all      | Revert only specific task         |
+| `--soft`               | false    | Stage reverts without committing  |
+| `--dry-run`            | false    | Preview changes without executing |
+| `--interactive`        | false    | Choose which commits to revert    |
+| `--include-migrations` | false    | Also revert database migrations   |
 
-Parse from `$ARGUMENTS`:
+---
+
+## Phase 1: Pre-Revert Checklist
 
-- Bead ID (required)
-- `--phase=N`: Revert only specific phase
-- `--task=N`: Revert only specific task
-- `--soft`: Stage reverts without committing
+Before any action, verify:
 
-## Workflow
+```bash
+# Check for uncommitted changes
+git status --short
 
-### Step 1: Analyze Bead History
+# Check CI status
+gh run list --limit 1
+
+# Check if on correct branch
+git branch --show-current
+```
+
+### Safety Gates
+
+| Check              | Pass                   | Action if Fail             |
+| ------------------ | ---------------------- | -------------------------- |
+| Clean working tree | No uncommitted changes | Stash or commit first      |
+| CI passing         | Latest run succeeded   | Warn, confirm continue     |
+| Not on main/master | On feature branch      | Require `--force` for main |
+| Bead exists        | `bd_show` returns data | Abort with error           |
+
+---
+
+## Phase 2: Analyze Bead History
 
 ```typescript
 bd_show({ id: "[bead-id]" });
 ```
 
-Identify:
+```bash
+# Find all commits for this bead
+git log --oneline --all --grep="[bead-id]"
+
+# Show affected files
+git log --name-only --grep="[bead-id]" --pretty=format:""
+
+# Count changes
+git log --shortstat --grep="[bead-id]"
+```
+
+### Impact Report
+
+```
+Revert Analysis: [bead-id]
+━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Bead: [title]
+Status: [in_progress/closed]
+Created: [date]
+
+Commits found: 5
+├── abc1234 feat: add login form (Phase 1)
+├── def5678 feat: add validation (Phase 1)
+├── ghi9012 feat: JWT tokens (Phase 2)
+├── jkl3456 test: add auth tests (Phase 3)
+└── mno7890 docs: update README (Phase 3)
+
+Files affected: 12
+├── src/auth/login.ts (created)
+├── src/auth/jwt.ts (created)
+├── src/api/routes.ts (modified)
+├── tests/auth.test.ts (created)
+└── ... 8 more files
+
+Lines: +456 / -23
+```
+
+---
+
+## Phase 3: Check Downstream Impact
+
+Before reverting, check what depends on this:
+
+```typescript
+// Check for dependent beads
+bd_ls({ status: "all", limit: 50, offset: 0 });
+// Filter for beads that depend on this one
+```
+
+```bash
+# Check for imports of new files
+grep -r "from './auth/" src/ --include="*.ts"
+
+# Check for references in other features
+git log --oneline --all -- src/auth/ | grep -v "[bead-id]"
+```
+
+### Downstream Report
+
+```
+Downstream Impact Analysis
+━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Dependent beads:
+⚠ bd-xyz789: "User dashboard" imports from src/auth/
+⚠ bd-uvw456: "Profile page" uses JWT utilities
+
+Other code referencing these files:
+- src/api/middleware.ts:15 imports { verifyToken }
+- src/pages/profile.tsx:8 imports { useAuth }
+
+Database migrations:
+- 001_create_users.sql (would need revert)
+- 002_add_sessions.sql (would need revert)
+
+Feature flags:
+- AUTH_ENABLED flag in production
+
+CAUTION: Reverting may break dependent features.
+Proceed? (yes/abort/revert-cascade)
+```
+
+---
 
-- All commits associated with this bead
-- Files changed per phase/task
-- Current phase and task
+## Phase 4: Determine Revert Scope
 
-### Step 2: Determine Revert Scope
+| Scope       | Flag            | What Gets Reverted               |
+| ----------- | --------------- | -------------------------------- |
+| Full        | (default)       | All commits for bead             |
+| Phase       | `--phase=N`     | Only commits tagged with phase N |
+| Task        | `--task=N`      | Only commits for specific task   |
+| Interactive | `--interactive` | User selects commits             |
 
-**Full revert (no flags):**
+### Interactive Mode
 
-- All commits for this bead
-- Reset bead status to initial
+```
+Select commits to revert:
+━━━━━━━━━━━━━━━━━━━━━━━━
 
-**Phase revert (--phase=N):**
+[x] abc1234 feat: add login form
+[x] def5678 feat: add validation
+[ ] ghi9012 feat: JWT tokens (skip - needed by other features)
+[x] jkl3456 test: add auth tests
+[ ] mno7890 docs: update README (skip - harmless)
 
-- Only commits tagged with phase N
-- Reset bead to previous phase
+Selected: 3 commits
+Press Enter to continue, or 'a' to abort
+```
 
-**Task revert (--task=N):**
+---
 
-- Only commits for specific task
-- Keep bead in current phase
+## Phase 5: Create Backup
 
-### Step 3: Git Analysis
+Before reverting, create safety backup:
 
 ```bash
-# Find commits for this bead
-git log --oneline --all --grep="[bead-id]"
+# Create backup branch
+git branch backup/[bead-id]-pre-revert
+
+# Or stash current state
+git stash push -m "pre-revert-[bead-id]"
+```
+
+```
+Backup Created
+━━━━━━━━━━━━━━
+
+Branch: backup/[bead-id]-pre-revert
+Commit: [current-sha]
+
+To undo this revert later:
+  git checkout backup/[bead-id]-pre-revert
+  git cherry-pick [reverted-commits]
+```
+
+---
+
+## Phase 6: Handle Database Migrations
+
+If `--include-migrations` or migrations detected:
 
-# Show files that would be affected
-git diff --stat [commit-range]
+```bash
+# Check for migration files in commits
+git log --name-only --grep="[bead-id]" -- "**/migrations/**"
+```
+
+### Migration Revert Strategy
+
+| Scenario                       | Action                         |
+| ------------------------------ | ------------------------------ |
+| Migrations not yet run in prod | Safe to delete migration files |
+| Migrations run in prod         | Need down migration            |
+| No down migration exists       | Manual intervention required   |
+
+```bash
+# Run down migrations (if applicable)
+npm run migrate:down -- --to=[pre-feature-version]
+# or
+python manage.py migrate [app] [previous_migration]
+```
+
+**CAUTION:** Database reverts can cause data loss. Always backup first.
+
+---
+
+## Phase 7: Handle Feature Flags
+
+If feature is behind a flag:
+
+```bash
+# Disable feature flag first
+# This prevents errors while code is being reverted
+
+# Example: Update feature flag config
+echo "AUTH_ENABLED=false" >> .env
 ```
 
-Present:
+### Feature Flag Checklist
 
-- Commits to revert
-- Files affected
-- Potential conflicts
+- [ ] Disable flag in development
+- [ ] Disable flag in staging
+- [ ] Disable flag in production
+- [ ] THEN revert code
 
-### Step 4: Confirm and Execute
+---
 
-Ask for confirmation before reverting.
+## Phase 8: Execute Revert
 
-**Hard revert (default):**
+### Dry Run (--dry-run)
+
+```bash
+# Show what WOULD be reverted
+git revert --no-commit [commits...] --dry-run 2>&1 || \
+git diff [oldest-commit]^..[newest-commit] --stat
+```
+
+```
+DRY RUN - No changes made
+━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Would revert:
+├── abc1234 feat: add login form
+├── def5678 feat: add validation
+└── jkl3456 test: add auth tests
+
+Files that would be modified:
+├── src/auth/login.ts (deleted)
+├── src/api/routes.ts (restored to previous)
+└── tests/auth.test.ts (deleted)
+
+Run without --dry-run to execute.
+```
+
+### Soft Revert (--soft)
 
 ```bash
 git revert --no-commit [commits...]
-git commit -m "revert: [bead-id] [scope]"
+# Changes staged but not committed
 ```
 
-**Soft revert (--soft):**
+### Hard Revert (default)
 
 ```bash
 git revert --no-commit [commits...]
-# Leave changes staged for review
+git commit -m "revert([bead-id]): [scope description]
+
+Reverts commits: [list]
+Reason: [user-provided or default]
+
+Backup branch: backup/[bead-id]-pre-revert"
+```
+
+---
+
+## Phase 9: Handle Conflicts
+
+If conflicts occur:
+
 ```
+Conflicts Detected
+━━━━━━━━━━━━━━━━━━
 
-### Step 5: Update Bead
+Conflicting files:
+├── src/api/routes.ts
+└── src/config/index.ts
 
-Update bead status by adding a note via `bd_msg` about the revert.
+Options:
+1. Abort revert (git revert --abort)
+2. Resolve manually and continue
+3. Accept theirs (keep current)
+4. Accept ours (use reverted)
 
-## Safety Checks
+Select option (1/2/3/4):
+```
+
+### Conflict Resolution Guidance
 
-Before reverting:
+```bash
+# To abort
+git revert --abort
 
-- [ ] Check for uncommitted changes
-- [ ] Verify bead exists and has commits
-- [ ] Check for dependent beads
-- [ ] Identify potential merge conflicts
+# To resolve manually
+# Edit conflicting files, then:
+git add [resolved-files]
+git revert --continue
 
-If conflicts detected:
+# To accept one side
+git checkout --theirs [file]  # Keep current
+git checkout --ours [file]    # Use reverted
+```
 
-1. List conflicting files
-2. Offer to abort or continue with manual resolution
-3. Provide conflict resolution guidance
+---
+
+## Phase 10: Update Bead Status
+
+```typescript
+bd_msg({
+  subj: "Reverted: [bead-id]",
+  body: "Feature reverted at [timestamp]\nReason: [reason]\nBackup: backup/[bead-id]-pre-revert",
+  to: "all",
+  importance: "normal",
+  global: false,
+});
+
+// Optionally close or re-open bead
+bd_update({ id: "[bead-id]", status: "open" });
+```
+
+---
 
 ## Output
 
-Report:
+```
+Revert Complete: [bead-id]
+━━━━━━━━━━━━━━━━━━━━━━━━━━
 
-- Commits reverted
-- Files restored
-- Bead status updated
-- Next steps
+Commits reverted: 3
+Files restored: 8
+Lines removed: +456 / -23 → net -433
 
-## Related Commands
+Revert commit: [new-sha]
+Backup branch: backup/[bead-id]-pre-revert
+
+Bead status: Updated to 'open'
+
+To undo this revert:
+  git revert [new-sha]
+  # or
+  git cherry-pick [original-commits]
+
+Next steps:
+├── Verify app works: npm test
+├── Check dependent features
+└── Re-implement if needed: /implement [bead-id]
+```
+
+---
+
+## Undo the Revert
+
+If the revert was wrong:
 
 ```bash
-# View bead history
-bd_show({ id: "[bead-id]" })
+# Option 1: Revert the revert
+git revert [revert-commit-sha]
 
-# Check current status
-bd_status({ include_agents: false })
+# Option 2: Cherry-pick original commits
+git cherry-pick [original-commits...]
 
-# Re-implement after revert
-/implement [bead-id]
+# Option 3: Restore from backup branch
+git checkout backup/[bead-id]-pre-revert -- .
+git commit -m "restore: [bead-id] from backup"
 ```
+
+---
+
+## Related Commands
+
+| Need                 | Command                        |
+| -------------------- | ------------------------------ |
+| View bead history    | `bd_show({ id: "[bead-id]" })` |
+| Re-implement feature | `/implement [bead-id]`         |
+| Check status         | `/status [bead-id]`            |
+| Create new feature   | `/new-feature`                 |

package/dist/template/.opencode/command/review-codebase.md

@@ -1,13 +1,208 @@
 ---
-description: Review code for quality and compliance
-argument-hint: "[path or task-id]"
+description: Review code for quality, security, and compliance
+argument-hint: "[path|bead-id|pr-number|'all'] [--quick|--thorough]"
 agent: review
 ---
 
 # Review: $ARGUMENTS
 
+## Load Beads Skill
+
+```typescript
+skill({ name: "beads" });
+```
+
+## Phase 1: Determine Scope
+
+Parse `$ARGUMENTS` to determine what to review:
+
+| Input                    | Scope                  | How to Get Code                             |
+| ------------------------ | ---------------------- | ------------------------------------------- |
+| File/directory path      | That path only         | `read` or `glob` + `read`                   |
+| Bead ID (e.g., `bd-123`) | Implementation vs spec | `bd_show()` then `git diff` from spec       |
+| PR number (e.g., `#45`)  | PR changes             | `gh pr diff 45`                             |
+| `all` or empty           | Recent changes         | `git diff main...HEAD` or `git diff HEAD~5` |
+
+If bead exists, load spec from `.beads/artifacts/$ID/spec.md` and review against constraints.
+
+## Phase 2: Automated Analysis
+
+Run these checks first (batch for speed):
+
+```
+# Type/lint errors
+lsp_diagnostics() for each changed file
+npm run type-check || tsc --noEmit
+npm run lint || true
+
+# Anti-pattern detection with ast-grep
+ast-grep pattern="console.log($$$)"           # Debug statements
+ast-grep pattern="any"                         # TypeScript any
+ast-grep pattern="// TODO" OR grep "TODO|FIXME|HACK|XXX"
+ast-grep pattern="password = \"$$$\""          # Hardcoded secrets
+
+# Test status
+npm test || pytest || cargo test
+```
+
+Collect all automated findings before manual review.
+
+## Phase 3: Manual Review Categories
+
 skill({ name: "requesting-code-review" })
 
-If bead exists, review against `.beads/artifacts/$ARGUMENTS/spec.md` constraints.
+Review each category with specific focus:
+
+### Security
+
+- Authentication/authorization checks on all endpoints
+- Input validation and sanitization
+- No secrets in code (API keys, passwords, tokens)
+- SQL/command injection prevention
+- XSS prevention (output encoding)
+
+### Performance
+
+- N+1 query patterns
+- Unbounded loops or recursion
+- Missing pagination on large datasets
+- Expensive operations in hot paths
+- Missing caching where appropriate
+
+### Maintainability
+
+- Cyclomatic complexity (functions > 10 branches)
+- DRY violations (duplicated logic)
+- Dead code or unreachable branches
+- Naming clarity (can you understand without comments?)
+- Single Responsibility violations
+
+### Error Handling
+
+- All async operations have error handling
+- Errors are logged with context
+- User-facing errors are sanitized (no stack traces)
+- Graceful degradation where appropriate
+
+### Testing
+
+- Test coverage on new/changed code
+- Tests verify behavior, not implementation
+- Edge cases covered (empty, null, boundary)
+- No excessive mocking (tests actually test something)
+
+### Type Safety (TypeScript/typed languages)
+
+- No `any` types without justification
+- Proper null/undefined handling
+- Generic types used appropriately
+- Return types explicit on public APIs
+
+## Phase 4: Create Tracking Issues
+
+For each Critical or Important finding:
+
+```
+bd_add({
+  title: "[Review] <brief issue description>",
+  desc: "File: <path>:<line>\nIssue: <what's wrong>\nFix: <how to fix>",
+  type: "bug",
+  pri: 1,  # Critical=0, Important=1, Minor=2
+  tags: ["review", "security|perf|maintainability"]
+})
+```
+
+Skip creating beads for Minor issues (just report them).
+
+## Phase 5: Output Format
+
+### Summary
+
+| Metric             | Value   |
+| ------------------ | ------- |
+| Files reviewed     | X       |
+| Lines changed      | +X / -Y |
+| Critical issues    | X       |
+| Important issues   | X       |
+| Minor issues       | X       |
+| Automated findings | X       |
+
+### Automated Findings
+
+```
+[LSP] src/auth.ts:45 - Type 'string' is not assignable to type 'User'
+[AST] src/utils.ts:12 - console.log detected
+[GREP] src/config.ts:8 - TODO: implement rate limiting
+```
+
+### Manual Findings
+
+#### Critical (Must Fix Before Merge)
+
+| File:Line        | Issue                                | Category | Fix                            |
+| ---------------- | ------------------------------------ | -------- | ------------------------------ |
+| `src/auth.ts:45` | Missing auth check on admin endpoint | Security | Add `requireAuth()` middleware |
+
+#### Important (Should Fix)
+
+| File:Line      | Issue                  | Category    | Fix                          |
+| -------------- | ---------------------- | ----------- | ---------------------------- |
+| `src/db.ts:89` | N+1 query in user list | Performance | Use `include` or batch query |
+
+#### Minor (Nice to Have)
+
+| File:Line         | Issue                    | Category        | Fix                         |
+| ----------------- | ------------------------ | --------------- | --------------------------- |
+| `src/utils.ts:12` | Console.log left in code | Maintainability | Remove or use proper logger |
+
+### Strengths
+
+- [What's done well - be specific with file:line]
+
+### Recommendations
+
+- [Improvements beyond immediate fixes]
+
+### Verdict
+
+**Ready to merge:** Yes | No | With Fixes
+
+**Reasoning:** [1-2 sentences explaining the decision]
+
+**Beads created:** [List bead IDs for Critical/Important findings, or "None"]
+
+---
+
+## Depth Levels
+
+**--quick** (~5-10 min): Automated checks + skim changed files, focus on Critical only
+**--thorough** (default, ~15-30 min): Full automated + manual review of all categories
+**--security**: Focus only on security category with deeper analysis
+
+## Examples
+
+```bash
+# Review a specific file
+/review-codebase src/auth/login.ts
+
+# Review against a bead spec
+/review-codebase bd-feature-auth
+
+# Review a PR
+/review-codebase #45
+
+# Quick review of recent changes
+/review-codebase all --quick
+
+# Security-focused review
+/review-codebase src/api/ --security
+```
+
+## Anti-Patterns (Don't Do This)
 
-Otherwise, general code quality review.
+- "LGTM" without actually reviewing
+- Marking style issues as Critical
+- Reviewing code you didn't read
+- Vague feedback ("improve error handling" - WHERE? HOW?)
+- Skipping automated checks "to save time"
+- Not creating beads for real issues (they get forgotten)