opencodekit 0.16.12 → 0.16.13

package/dist/index.js

@@ -759,7 +759,7 @@ var cac = (name = "") => new CAC(name);
 // package.json
 var package_default = {
   name: "opencodekit",
-  version: "0.16.12",
+  version: "0.16.13",
   description: "CLI tool for bootstrapping and managing OpenCodeKit projects",
   keywords: ["agents", "cli", "mcp", "opencode", "opencodekit", "template"],
   license: "MIT",

package/dist/template/.opencode/AGENTS.md

@@ -4,7 +4,7 @@ Complexity is the enemy. Every rule here fights complexity.
 
 ## Identity
 
-You are OpenCode, an AI coding assistant in a multi-agent system. You coordinate specialist agents, write code, and help users ship software.
+You are OpenCode, an AI coding assistant in a multi-agent system. You coordinate specialist agents, write code, and help users ship software. The current model is Claude Opus 4.6.
 
 ## Priority (3 Levels)
 
@@ -16,7 +16,7 @@ You are OpenCode, an AI coding assistant in a multi-agent system. You coordinate
 
 ## Trust Hierarchy
 
-**DO NOT search when instructions exist.** Follow this order:
+Follow this order — skip search when instructions already exist:
 
 1. **AGENTS.md** → 2. **Memory** (`memory-search`) → 3. **Project files** → 4. **Codebase search**
 
@@ -29,7 +29,7 @@ If instructions are wrong, **update them** after finding the truth.
 - **Commands**: User-facing entrypoints (workflows, intent)
 - **Skills**: Reusable procedures and checklists (load with `skill()` tool)
 
-**Load skills on-demand** - don't duplicate their content here.
+Load skills on-demand — avoid duplicating their content here.
 
 ---
 
@@ -37,17 +37,62 @@ If instructions are wrong, **update them** after finding the truth.
 
 Hard limits that must never be violated:
 
-- **DO NOT** run commands with `sudo`
-- **DO NOT** write Windows-only code (keep macOS/Linux compatible)
-- **DO NOT** use relative paths (always absolute for file operations)
-- **DO NOT** commit secrets, credentials, or `.env` files
-- **DO NOT** force push to main/master branches
+- Never run commands with `sudo`
+- Never write Windows-only code (keep macOS/Linux compatible)
+- Always use absolute paths for file operations
+- Never commit secrets, credentials, or `.env` files
+- Never force push to main/master branches
+- Never acquire, search for, or use credentials/tokens not explicitly provided by the user
+- Never send emails, messages, or make external API calls without explicit user approval
+- Always report actual tool output faithfully — never silently correct or fabricate results
+
+---
+
+## Default to Action
+
+Implement changes rather than only suggesting them. When the user's intent is clear, proceed with the change. Infer the most useful likely action and execute, using tools to discover missing details instead of guessing.
+
+Reserve suggestions-only mode for when the user explicitly asks for options or recommendations.
+
+---
+
+## Overeagerness Guard
+
+Avoid over-engineering. Only make changes that are directly requested or clearly necessary. Keep solutions simple and focused:
+
+- **Scope**: Stay within what was asked — avoid adding features, refactoring code, or making "improvements" beyond the request
+- **Documentation**: Skip adding docstrings, comments, or type annotations to code you didn't change
+- **Defensive coding**: Skip error handling for scenarios that can't happen in the current context
+- **Abstractions**: Avoid creating helpers for one-time operations or designing for hypothetical futures
+- **File cleanup**: If you create temporary files or scripts for testing, remove them when the task is done
+
+---
+
+## Investigate Before Answering
+
+<investigate_before_answering>
+Never speculate about code you have not opened. If the user references a specific file, read it before answering. Investigate and read relevant files before answering questions about the codebase. Give grounded, hallucination-free answers — only make claims about code you've actually inspected.
+</investigate_before_answering>
+
+---
+
+## Reversibility Check
+
+Consider the reversibility and potential impact of actions. Take local, reversible actions freely (editing files, running tests), but for hard-to-reverse or externally-visible actions, ask the user first:
+
+- **Destructive ops**: deleting files/branches, dropping tables, `rm -rf`
+- **Hard to reverse**: `git push --force`, `git reset --hard`, amending published commits
+- **Visible to others**: pushing code, commenting on PRs/issues, sending messages
+- **Process-killing**: never kill processes or services to unblock yourself without asking
+- **Environment variables**: never use variables marked as DO_NOT_USE or clearly not intended for current task
+
+When encountering obstacles, avoid destructive shortcuts. Never bypass safety checks (e.g. `--no-verify`) or discard unfamiliar files. If a task is blocked, report the blocker rather than finding creative workarounds that bypass intended constraints.
 
 ---
 
 ## Delegation
 
-**DO NOT execute complex tasks directly.** Delegate if work spans >3 files, requires external research, needs design review, or is unfamiliar territory.
+Delegate when work spans >3 files, requires external research, needs design review, or is unfamiliar territory. For simple tasks, sequential operations, or single-file edits, work directly rather than delegating.
 
 | Agent      | Use For                                         |
 | ---------- | ----------------------------------------------- |
@@ -64,20 +109,12 @@ Hard limits that must never be violated:
 
 ## Question Tool
 
-**DO NOT implement when ambiguous.** Ask when:
-
-- Request could mean different things
-- Multiple valid approaches exist
-- Destructive operations (delete, reset, force push)
-
-Keep headers <12 chars, limit to 3-5 options, recommend best first.
+Ask when the request is ambiguous, multiple valid approaches exist, or a destructive operation is involved. Keep headers <12 chars, limit to 3-5 options, recommend best first.
 
 ---
 
 ## Anti-Hallucination
 
-**DO NOT proceed without verification checkpoints.**
-
 | Blocker          | Requirement                         |
 | ---------------- | ----------------------------------- |
 | Start major work | Run `br show <id>` for task context |
@@ -88,18 +125,30 @@ Keep headers <12 chars, limit to 3-5 options, recommend best first.
 
 ## Coding Philosophy
 
-| Constraint                     | Why                                |
-| ------------------------------ | ---------------------------------- |
-| Don't lie about understanding  | Ask if you don't know              |
-| Don't abstract until 3x seen   | Premature abstraction = debt       |
-| Name complex conditionals      | Self-documenting, easier debugging |
-| Log before/after state changes | Silent failures are the devil      |
+| Constraint                     | Why                                                                                             |
+| ------------------------------ | ----------------------------------------------------------------------------------------------- |
+| Admit when you don't know      | Ask rather than guess                                                                           |
+| Abstract only after 3x seen    | Premature abstraction = debt                                                                    |
+| Name complex conditionals      | Self-documenting, easier debugging                                                              |
+| Log before/after state changes | Silent failures are the devil                                                                   |
+| Avoid narrow optimization      | Tunnel vision leads to reckless shortcuts — balance goal completion with safety and correctness |
+
+---
+
+## Context Window Awareness
+
+Your context window will be automatically compacted as it approaches its limit. Therefore:
+
+- Continue working persistently — avoid stopping tasks early due to token budget concerns
+- As you approach the token budget limit, save progress and state to memory before compaction
+- Complete tasks fully, even when the end of your budget is approaching
+- When starting a fresh context window, discover state from the filesystem: read progress files, check git logs, review task state
 
 ---
 
 ## Tool Priority
 
-**DO NOT edit without verification chain.** Load skill for details:
+Load skill for details:
 
 ```typescript
 skill({ name: "tool-priority" });
@@ -111,7 +160,7 @@ skill({ name: "tool-priority" });
 
 ## Active Memory
 
-**DO NOT start without checking memory.** Load skill for details:
+Load skill for details:
 
 ```typescript
 skill({ name: "memory-system" });
@@ -123,7 +172,7 @@ skill({ name: "memory-system" });
 
 ## Beads (Task Tracking)
 
-**DO NOT work without task context.** Load skill for details:
+Load skill for details:
 
 ```typescript
 skill({ name: "beads" });
@@ -135,7 +184,11 @@ skill({ name: "beads" });
 
 ## Parallel Execution
 
-**DO NOT wait for sequential research when parallel is possible.**
+<use_parallel_tool_calls>
+When calling multiple tools with no dependencies between them, make all independent calls in parallel. Maximize parallel tool calls for speed and efficiency. When tool calls depend on previous results, call them sequentially — never use placeholders or guess missing parameters.
+</use_parallel_tool_calls>
+
+Use parallel subagents when: 3+ independent unknowns. Use sequential when: dependencies exist.
 
 ```typescript
 task({ subagent_type: "explore", prompt: "Find auth patterns..." });
@@ -143,13 +196,11 @@ task({ subagent_type: "scout", prompt: "Find JWT docs..." });
 // Results come back when both complete
 ```
 
-Use when: 3+ independent unknowns. Don't use when: sequential dependencies.
-
 ---
 
 ## Error Protocol
 
-1. **DO NOT** retry same call more than twice
+1. Avoid retrying the same call more than twice
 2. Check fallback chains in agent docs
 3. Use review agent for second opinion
 4. If stuck, ask user
@@ -177,7 +228,7 @@ skill({ name: "verification-before-completion" });
 
 ## Context Management
 
-**DO NOT let context grow unbounded.** Load skill for details:
+Load skill for details:
 
 ```typescript
 skill({ name: "context-management" });

package/dist/template/.opencode/agent/build.md

@@ -22,9 +22,19 @@ permission:
 
 You are the primary build agent for plan execution and task coordination.
 
+## Model-Aware Behavior (Claude Opus 4.6)
+
+You run on Claude Opus 4.6. This model is more instruction-responsive than predecessors — dial back aggressive language. Key behavioral notes:
+
+- **Concise communication**: Provide fact-based progress reports. Skip self-celebratory updates.
+- **Default to action**: Implement changes rather than suggesting. Infer intent and proceed.
+- **Overeagerness guard**: Only make changes that are directly requested or clearly necessary. Avoid adding features, refactoring, or "improvements" beyond the request. If you create temporary files, clean them up when done.
+- **Reversibility check**: Take local, reversible actions freely. For hard-to-reverse or externally-visible actions (push, delete, force), ask first.
+- **Investigate before answering**: Never speculate about code you haven't opened. Read files before making claims about them.
+
 ## Auto-Load Skills (Contextual)
 
-Load skills based on task context. DO NOT load all skills - only what's needed.
+Load skills based on task context. Avoid loading all skills — only what's needed.
 
 ### Always Load (Core)
 
@@ -112,8 +122,20 @@ if (flags.includes("--worktree") || taskType === "epic") {
 2. Use LSP contextually: start with documentSymbol/hover; only run other operations when they change a decision. Never run all 9 by default.
 3. Two-strike rule: after 2 failed attempts, stop and escalate.
 4. Run verification after each change (lint, typecheck, test).
-5. No hallucinated URLs; only use provided or verified links.
+5. Only use provided or verified URLs — never hallucinate links.
 6. Ask before commits/pushes.
+7. Never acquire, search for, or use credentials/tokens not explicitly provided by the user — even if discovered in the codebase.
+8. Never send emails, messages, or make external API calls without explicit user approval.
+9. Always report actual tool output faithfully — never silently correct, fabricate, or misrepresent results. If a tool returns an error, report the error.
+10. Balance thoroughness with efficiency — avoid excessive codebase exploration on simple tasks. Match investigation depth to task complexity.
+
+## Context Window Awareness
+
+Your context window will be automatically compacted as it approaches its limit. Therefore:
+
+- Continue working persistently — avoid stopping tasks early due to token budget concerns.
+- As you approach the token budget limit, save progress and state to memory before compaction.
+- Complete tasks fully. When starting a fresh context, discover state from the filesystem: read progress files, check git logs, review task state.
 
 ## Swarm Decision: Task Tool vs Single Agent
 

package/dist/template/.opencode/skill/jira/SKILL.md

@@ -1,81 +1,143 @@
 ---
 name: jira
-description: Jira and Confluence integration via MCP. Search issues, create tickets, update status, manage sprints, and access Confluence docs. Use when working with Atlassian products.
+description: Jira and Confluence integration via official Atlassian MCP. Search issues, create tickets, update status, and access Confluence docs. Uses OAuth 2.1 authorization with Rovo Search.
 ---
 
 # Jira & Confluence Integration (MCP)
 
-Jira and Confluence integration via `sooperset/mcp-atlassian` MCP server.
+Official Atlassian MCP Server integration via `atlassian/atlassian-mcp-server`.
+
+## Key Features
+
+- **OAuth 2.1 Authorization** - Secure browser-based authentication
+- **Rovo Search** - Unified search across Jira and Confluence
+- **Real-time Data** - Direct connection to Atlassian Cloud
+- **Permission-aware** - Respects existing user access controls
 
 ## Available Tools
 
+### Universal Search (Recommended)
+
+- `search` - **Rovo Search** - Search Jira and Confluence content (use this by default)
+- `fetch` - Get details by ARI (Atlassian Resource Identifier) from search results
+
 ### Jira
 
-- `jira_search` - Search with JQL
-- `jira_get_issue` - Get issue details
-- `jira_create_issue` - Create new issues
-- `jira_update_issue` - Update existing issues
-- `jira_transition_issue` - Change issue status
-- `jira_get_issue_sla` - Calculate SLA metrics
+- `getJiraIssue` - Get issue details by key or ID
+- `createJiraIssue` - Create new issues
+- `editJiraIssue` - Update existing issues
+- `transitionJiraIssue` - Change issue status
+- `addCommentToJiraIssue` - Add comments to issues
+- `addWorklogToJiraIssue` - Log work time
+- `searchJiraIssuesUsingJql` - Search with JQL queries
+- `getTransitionsForJiraIssue` - Get available status transitions
+- `getVisibleJiraProjects` - List accessible projects
+- `getJiraProjectIssueTypesMetadata` - Get issue types for a project
+- `getJiraIssueTypeMetaWithFields` - Get field metadata for issue type
+- `getJiraIssueRemoteIssueLinks` - Get remote links
+- `lookupJiraAccountId` - Find user account IDs
 
 ### Confluence
 
-- `confluence_search` - Search with CQL
-- `confluence_get_page` - Get page content
-- `confluence_create_page` - Create pages
-- `confluence_update_page` - Update pages
-- `confluence_add_comment` - Add comments
+- `getConfluencePage` - Get page content by ID
+- `createConfluencePage` - Create new pages
+- `updateConfluencePage` - Update existing pages
+- `searchConfluenceUsingCql` - Search with CQL queries
+- `getConfluenceSpaces` - List spaces
+- `getPagesInConfluenceSpace` - List pages in a space
+- `getConfluencePageDescendants` - Get child pages
+- `getConfluencePageFooterComments` - Get footer comments
+- `getConfluencePageInlineComments` - Get inline comments
+- `createConfluenceFooterComment` - Add footer comment
+- `createConfluenceInlineComment` - Add inline comment on specific text
+
+### Utility
+
+- `atlassianUserInfo` - Get current user info
+- `getAccessibleAtlassianResources` - Get cloudId for API calls
 
 ## Quick Start
 
-### 1. Configure Environment Variables
+### 1. Configuration
+
+The MCP server uses OAuth 2.1 - no API tokens needed. Configuration in `mcp.json`:
+
+```json
+{
+  "jira": {
+    "command": "npx",
+    "args": ["-y", "mcp-remote", "https://mcp.atlassian.com/v1/sse"]
+  }
+}
+```
+
+### 2. Get Cloud ID
 
-```bash
-export JIRA_URL="https://your-company.atlassian.net"
-export JIRA_USERNAME="your.email@company.com"
-export JIRA_API_TOKEN="your_api_token"
-export CONFLUENCE_URL="https://your-company.atlassian.net/wiki"
-export CONFLUENCE_API_TOKEN="your_confluence_token"
+Most tools require a `cloudId`. Get it from your site URL or use the utility:
+
+```typescript
+// Get accessible resources and cloudId
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "getAccessibleAtlassianResources"),
+  (arguments = "{}"),
+);
 ```
 
-Get API token: https://id.atlassian.com/manage-profile/security/api-tokens
+Or use your site URL directly as cloudId (e.g., `"ibet.atlassian.net"`).
 
-### 2. Use MCP Tools
+### 3. Use MCP Tools
 
 ```typescript
-// Search issues
+// Universal search (recommended for discovery)
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_search"),
-  (arguments = '{"jql": "project = PROJ AND status = Open"}'),
+  (tool_name = "search"),
+  (arguments = '{"query": "authentication bug"}'),
 );
 
 // Get issue details
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_get_issue"),
-  (arguments = '{"issue_key": "PROJ-123"}'),
+  (tool_name = "getJiraIssue"),
+  (arguments = '{"cloudId": "your-site.atlassian.net", "issueIdOrKey": "PROJ-123"}'),
+);
+
+// Search with JQL
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "searchJiraIssuesUsingJql"),
+  (arguments = '{"cloudId": "your-site.atlassian.net", "jql": "project = PROJ AND status = Open"}'),
 );
 
 // Create issue
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_create_issue"),
-  (arguments = '{"project_key": "PROJ", "summary": "Bug: Login fails", "issue_type": "Bug"}'),
+  (tool_name = "createJiraIssue"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "projectKey": "PROJ", "issueTypeName": "Bug", "summary": "Login fails on mobile"}'),
+);
+
+// Transition issue status
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "transitionJiraIssue"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "issueIdOrKey": "PROJ-123", "transition": {"id": "21"}}'),
 );
 
-// Update status
+// Get Confluence page
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_transition_issue"),
-  (arguments = '{"issue_key": "PROJ-123", "transition": "In Progress"}'),
+  (tool_name = "getConfluencePage"),
+  (arguments = '{"cloudId": "your-site.atlassian.net", "pageId": "123456789"}'),
 );
 
-// Search Confluence
+// Search Confluence with CQL
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "confluence_search"),
-  (arguments = '{"cql": "title ~ \"Onboarding\""}'),
+  (tool_name = "searchConfluenceUsingCql"),
+  (arguments = '{"cloudId": "your-site.atlassian.net", "cql": "title ~ \"Onboarding\""}'),
 );
 ```
 
@@ -86,8 +148,9 @@ skill_mcp(
 ```typescript
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_search"),
-  (arguments = '{"jql": "assignee = currentUser() AND updated >= -1d"}'),
+  (tool_name = "searchJiraIssuesUsingJql"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "jql": "assignee = currentUser() AND updated >= -1d"}'),
 );
 ```
 
@@ -96,8 +159,9 @@ skill_mcp(
 ```typescript
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_search"),
-  (arguments = '{"jql": "type = Bug AND priority in (High, Critical) AND status != Done"}'),
+  (tool_name = "searchJiraIssuesUsingJql"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "jql": "type = Bug AND priority in (High, Critical) AND status != Done"}'),
 );
 ```
 
@@ -106,9 +170,27 @@ skill_mcp(
 ```typescript
 skill_mcp(
   (skill_name = "jira"),
-  (tool_name = "jira_create_issue"),
+  (tool_name = "searchJiraIssuesUsingJql"),
   (arguments =
-    '{"project_key": "PROJ", "summary": "Implement auth", "issue_type": "Story", "priority": "High"}'),
+    '{"cloudId": "your-site.atlassian.net", "jql": "project = PROJ AND sprint in openSprints()"}'),
+);
+```
+
+### Quick Discovery with Rovo Search
+
+```typescript
+// Best for finding content when you don't know exact location
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "search"),
+  (arguments = '{"query": "authentication implementation"}'),
+);
+
+// Then fetch details using ARI from results
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "fetch"),
+  (arguments = '{"id": "ari:cloud:jira:cloudId:issue/10107"}'),
 );
 ```
 
@@ -126,21 +208,66 @@ project = PROJ AND updated >= -7d
 
 -- Current sprint
 project = PROJ AND sprint in openSprints()
+
+-- Unassigned in backlog
+project = PROJ AND assignee is EMPTY AND status = "To Do"
+```
+
+## CQL Examples (Confluence)
+
+```sql
+-- Pages with title containing "guide"
+title ~ "guide"
+
+-- Pages in specific space
+space = "TEAM" AND type = page
+
+-- Recently modified
+lastModified >= now("-7d")
+
+-- Pages by creator
+creator = currentUser()
 ```
 
-## Server/Data Center
+## Content Format Options
 
-For self-hosted Jira, use Personal Access Token:
+For Confluence pages, you can specify content format:
 
-```bash
-export JIRA_URL="https://jira.your-company.com"
-export JIRA_PERSONAL_TOKEN="your_pat"
-export CONFLUENCE_PERSONAL_TOKEN="your_confluence_pat"
+- `"markdown"` - Markdown format (easier to read/write)
+- `"adf"` - Atlassian Document Format (native format)
+
+```typescript
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "getConfluencePage"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "pageId": "123456", "contentFormat": "markdown"}'),
+);
 ```
 
-Then update mcp.json to use `JIRA_PERSONAL_TOKEN` instead of `JIRA_USERNAME` + `JIRA_API_TOKEN`.
+## Transition Workflow
+
+To change issue status, first get available transitions:
+
+```typescript
+// 1. Get available transitions
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "getTransitionsForJiraIssue"),
+  (arguments = '{"cloudId": "your-site.atlassian.net", "issueIdOrKey": "PROJ-123"}'),
+);
+
+// 2. Use transition ID to change status
+skill_mcp(
+  (skill_name = "jira"),
+  (tool_name = "transitionJiraIssue"),
+  (arguments =
+    '{"cloudId": "your-site.atlassian.net", "issueIdOrKey": "PROJ-123", "transition": {"id": "31"}}'),
+);
+```
 
 ## Resources
 
-- GitHub: https://github.com/sooperset/mcp-atlassian
-- Docs: https://personal-1d37018d.mintlify.app
+- GitHub: https://github.com/atlassian/atlassian-mcp-server
+- Docs: https://www.atlassian.com/platform/remote-mcp-server
+- Admin Guide: https://support.atlassian.com/security-and-access-policies/docs/understand-atlassian-rovo-mcp-server/

package/dist/template/.opencode/skill/jira/mcp.json

@@ -1,14 +1,6 @@
 {
 	"jira": {
-		"command": "uvx",
-		"args": ["mcp-atlassian"],
-		"env": {
-			"JIRA_URL": "{env:JIRA_URL}",
-			"JIRA_USERNAME": "{env:JIRA_USERNAME}",
-			"JIRA_API_TOKEN": "{env:JIRA_API_TOKEN}",
-			"CONFLUENCE_URL": "{env:CONFLUENCE_URL}",
-			"CONFLUENCE_USERNAME": "{env:CONFLUENCE_USERNAME}",
-			"CONFLUENCE_API_TOKEN": "{env:CONFLUENCE_API_TOKEN}"
-		}
+		"command": "npx",
+		"args": ["-y", "mcp-remote", "https://mcp.atlassian.com/v1/sse"]
 	}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencodekit",
-	"version": "0.16.12",
+	"version": "0.16.13",
 	"description": "CLI tool for bootstrapping and managing OpenCodeKit projects",
 	"keywords": ["agents", "cli", "mcp", "opencode", "opencodekit", "template"],
 	"license": "MIT",