openhermes 4.1.0 → 4.9.2

package/scripts/oh-doctor.ps1

@@ -0,0 +1,342 @@
+<#
+.SYNOPSIS
+    Quick-win diagnostic for openhermes-pkg — AI-orchestrator-facing.
+.DESCRIPTION
+    Outputs JSON-Lines diagnostics consumable by the OpenHermes orchestrator.
+    Each line is a check result; final line is the summary verdict.
+.PARAMETER SkipOCChecks
+    Skip opencode CLI checks (useful when opencode isn't running).
+.EXAMPLE
+    .\oh-doctor.ps1
+    .\oh-doctor.ps1 -SkipOCChecks
+#>
+
+param(
+    [switch]$SkipOCChecks
+)
+
+$PackageRoot = Resolve-Path "$PSScriptRoot\.."
+$ErrorActionPreference = "Continue"
+$script:checks = @()
+$script:checks = @()
+
+function Write-Check {
+    param(
+        [Parameter(Mandatory)] [string]$Id,
+        [Parameter(Mandatory)] [string]$Name,
+        [Parameter(Mandatory)] [ValidateSet("PASS","WARN","FAIL","SKIP")] [string]$Status,
+        [string]$Detail = "",
+        [hashtable]$Evidence = @{},
+        [string]$Severity = "medium",
+        [hashtable]$Fix = @{}
+    )
+    $result = @{
+        id       = $Id
+        name     = $Name
+        status   = $Status
+        severity = $Severity
+        detail   = $Detail
+        evidence = $Evidence
+        fix      = $Fix
+    }
+    $script:checks += $result
+    $result | ConvertTo-Json -Compress -Depth 5
+}
+
+# ============================================================
+# CHECK 1: AGENTS.md accuracy
+# ============================================================
+$agentPath = Join-Path $PackageRoot "AGENTS.md"
+if (Test-Path $agentPath) {
+    $agentContent = Get-Content $agentPath -Raw
+    $skillDir = Join-Path (Join-Path $PackageRoot "harness") "skills"
+    $actualCount = (Get-ChildItem $skillDir -Directory).Count
+
+    # Skill count check
+    if ($agentContent -match '## Skills \((\d+)\)') {
+        $claimedCount = [int]$Matches[1]
+        if ($claimedCount -eq $actualCount) {
+            Write-Check -Id "agentsmd.skill_count" -Name "AGENTS.md skill count" -Status PASS `
+                -Detail "Claims $claimedCount, filesystem has $actualCount" `
+                -Evidence @{ file = $agentPath; claimed = $claimedCount; actual = $actualCount }
+        } else {
+            Write-Check -Id "agentsmd.skill_count" -Name "AGENTS.md skill count" -Status FAIL `
+                -Severity high -Detail "Claims $claimedCount but filesystem has $actualCount" `
+                -Evidence @{ file = $agentPath; claimed = $claimedCount; actual = $actualCount } `
+                -Fix @{ auto = $true; command = "Update AGENTS.md header from ${claimedCount} skills to ${actualCount} skills" }
+        }
+    } else {
+        Write-Check -Id "agentsmd.skill_count" -Name "AGENTS.md skill count" -Status WARN `
+            -Detail "Could not parse skill count from AGENTS.md" `
+            -Evidence @{ file = $agentPath }
+    }
+
+    # logger.ts reference
+    $libDir = Join-Path $PackageRoot "lib"
+    $libFiles = Get-ChildItem $libDir -File | ForEach-Object { $_.Name }
+    if ($agentContent -match "logger\.ts") {
+        if ($libFiles -contains "logger.ts") {
+            Write-Check -Id "agentsmd.logger_ref" -Name "AGENTS.md logger.ts reference" -Status PASS `
+                -Detail "logger.ts exists in lib/" `
+                -Evidence @{ file = $agentPath }
+        } else {
+            $actualList = $libFiles -join ","
+            Write-Check -Id "agentsmd.logger_ref" -Name "AGENTS.md logger.ts reference" -Status FAIL `
+                -Severity high -Detail "Claims logger.ts but file does not exist" `
+                -Evidence @{ file = $agentPath; claimed = "logger.ts"; onDisk = $actualList } `
+                -Fix @{ auto = $true; command = "Remove 'logger.ts' from AGENTS.md" }
+        }
+    }
+
+    # SHELL.md reference
+    $instDir = Join-Path (Join-Path $PackageRoot "harness") "instructions"
+    $hasShell = Test-Path (Join-Path $instDir "SHELL.md")
+    if ($agentContent -match "SHELL\.md") {
+        if ($hasShell) {
+            Write-Check -Id "agentsmd.shell_ref" -Name "AGENTS.md SHELL.md reference" -Status PASS `
+                -Detail "SHELL.md referenced and exists on disk" `
+                -Evidence @{ file = $agentPath; referenced = "SHELL.md" }
+        } else {
+            Write-Check -Id "agentsmd.shell_ref" -Name "AGENTS.md SHELL.md reference" -Status WARN `
+                -Severity medium -Detail "SHELL.md referenced but missing from disk" `
+                -Evidence @{ file = $agentPath; referenced = "SHELL.md" }
+        }
+    } elseif ($hasShell) {
+        Write-Check -Id "agentsmd.shell_ref" -Name "AGENTS.md SHELL.md reference" -Status WARN `
+            -Severity low -Detail "SHELL.md exists on disk but AGENTS.md does not mention it" `
+            -Evidence @{ file = $agentPath; onDisk = "harness/instructions/SHELL.md" }
+    }
+} else {
+    Write-Check -Id "agentsmd.exists" -Name "AGENTS.md exists" -Status FAIL -Severity high `
+        -Detail "File not found at ${agentPath}" `
+        -Evidence @{ path = $agentPath }
+}
+
+# ============================================================
+# CHECK 2: package.json files integrity
+# ============================================================
+$pkgPath = Join-Path $PackageRoot "package.json"
+if (Test-Path $pkgPath) {
+    $pkg = Get-Content $pkgPath -Raw | ConvertFrom-Json
+    $missing = @()
+    $found = @()
+    foreach ($entry in $pkg.files) {
+        $resolved = Join-Path $PackageRoot $entry
+        if (Test-Path $resolved) { $found += $entry }
+        else { $missing += $entry }
+    }
+    if ($missing.Count -eq 0) {
+        Write-Check -Id "pkg.files_integrity" -Name "package.json files field" -Status PASS `
+            -Detail "All $($pkg.files.Count) entries exist on disk" `
+            -Evidence @{ file = $pkgPath; entries = @($pkg.files) }
+    } else {
+        Write-Check -Id "pkg.files_integrity" -Name "package.json files field" -Status FAIL `
+            -Severity high -Detail "$($missing.Count) entry(s) missing: $($missing -join ',')" `
+            -Evidence @{ file = $pkgPath; missing = $missing } `
+            -Fix @{ auto = $false; command = "Create or remove from files: $($missing -join ',')" }
+    }
+} else {
+    Write-Check -Id "pkg.exists" -Name "package.json exists" -Status FAIL -Severity high `
+        -Detail "File not found at ${pkgPath}" `
+        -Evidence @{ path = $pkgPath }
+}
+
+# ============================================================
+# CHECK 3: Harness resolver prerequisites
+# ============================================================
+# Hardcode the exact known paths — no array gymnastics
+$hDir = Join-Path $PackageRoot "harness"
+$requiredFiles = @(
+    ,@("codex", "CHARTER.md")
+    ,@("instructions", "SHELL.md")
+    ,@("skills", "oh-planner", "SKILL.md")
+)
+$allOk = $true
+$missingReq = @()
+foreach ($pair in $requiredFiles) {
+    $path = Join-Path $hDir (Join-Path $pair[0] $pair[1])
+    if (-not (Test-Path $path)) {
+        $allOk = $false
+        $missingReq += ($pair[0] + "/" + $pair[1])
+    }
+}
+if ($allOk) {
+    Write-Check -Id "harness.required_files" -Name "Harness resolver prerequisites" -Status PASS `
+        -Detail "All 3 required files resolve" `
+        -Evidence @{ root = $hDir; required = @("codex/CHARTER.md","codex/AUTOPILOT.md","skills/oh-planner/SKILL.md") }
+} else {
+    Write-Check -Id "harness.required_files" -Name "Harness resolver prerequisites" -Status FAIL `
+        -Severity high -Detail "Missing: $($missingReq -join ',')" `
+        -Evidence @{ root = $hDir; missing = $missingReq } `
+        -Fix @{ auto = $false; command = "Create missing: $($missingReq -join ',')" }
+}
+
+# ============================================================
+# CHECK 4: Test health (direct & call from PowerShell — works)
+# ============================================================
+Push-Location $PackageRoot
+$testOut = & "bun" "test" 2>&1 | Out-String
+Pop-Location
+$passCount = 0; $failCount = 0; $totalCount = 0
+if ($testOut -match '(\d+) pass') { $passCount = [int]$Matches[1] }
+if ($testOut -match '(\d+) fail') { $failCount = [int]$Matches[1] }
+if ($testOut -match 'Ran (\d+) tests') { $totalCount = [int]$Matches[1] }
+
+if ($failCount -eq 0 -and $totalCount -gt 0) {
+    Write-Check -Id "test.health" -Name "Test health" -Status PASS `
+        -Severity high -Detail "$passCount pass, $failCount fail ($totalCount total)" `
+        -Evidence @{ pass = $passCount; fail = $failCount; total = $totalCount }
+} elseif ($totalCount -eq 0) {
+    $truncated = $testOut.Substring(0, [Math]::Min(200, $testOut.Length))
+    Write-Check -Id "test.health" -Name "Test health" -Status FAIL `
+        -Severity high -Detail "No test output" `
+        -Evidence @{ outputTruncated = $truncated } `
+        -Fix @{ auto = $false; command = "bun test" }
+} else {
+    $truncated = $testOut.Substring(0, [Math]::Min(500, $testOut.Length))
+    Write-Check -Id "test.health" -Name "Test health" -Status FAIL `
+        -Severity high -Detail "$passCount pass, $failCount fail ($totalCount total)" `
+        -Evidence @{ pass = $passCount; fail = $failCount; total = $totalCount; outputTruncated = $truncated } `
+        -Fix @{ auto = $false; command = "bun test" }
+}
+
+# ============================================================
+# CHECK 5: TypeScript compilation
+# ============================================================
+Push-Location $PackageRoot
+$tscOut = & "bunx" "tsc" "--noEmit" 2>&1 | Out-String
+Pop-Location
+if ([string]::IsNullOrWhiteSpace($tscOut) -or $tscOut.Trim() -eq "") {
+    Write-Check -Id "tsc.compilation" -Name "TypeScript compilation" -Status PASS `
+        -Severity high -Detail "Clean compilation (strict mode, noEmit)" `
+        -Evidence @{ command = "bunx tsc --noEmit"; errors = 0 }
+} else {
+    $errorCount = ($tscOut.Trim() -split "`n").Count
+    $truncated = $tscOut.Substring(0, [Math]::Min(1000, $tscOut.Length))
+    Write-Check -Id "tsc.compilation" -Name "TypeScript compilation" -Status FAIL `
+        -Severity high -Detail "$errorCount error(s)" `
+        -Evidence @{ command = "bunx tsc --noEmit"; errors = $errorCount; outputTruncated = $truncated } `
+        -Fix @{ auto = $false; command = "bunx tsc --noEmit" }
+}
+
+# ============================================================
+# CHECK 6: No secrets in repo
+# ============================================================
+$patterns = @("*.env*", "*.key", "*secret*", "credentials*", "auth.json", "*.pem")
+$secretsFound = @()
+foreach ($pattern in $patterns) {
+    $matches = Get-ChildItem -Path $PackageRoot -Recurse -Filter $pattern -ErrorAction SilentlyContinue `
+        | Where-Object { -not ($_.FullName -like "*node_modules*") }
+    foreach ($m in $matches) { $secretsFound += $m.FullName }
+}
+if ($secretsFound.Count -eq 0) {
+    Write-Check -Id "security.secrets" -Name "No secrets in repo" -Status PASS `
+        -Severity high -Detail "No .env, *.key, credentials, or auth.json found" `
+        -Evidence @{ patternsScanned = $patterns; found = @() }
+} else {
+    Write-Check -Id "security.secrets" -Name "No secrets in repo" -Status FAIL `
+        -Severity high -Detail "Found $($secretsFound.Count) sensitive file(s)" `
+        -Evidence @{ patternsScanned = $patterns; found = $secretsFound } `
+        -Fix @{ auto = $false; command = "Remove sensitive files and update .gitignore" }
+}
+
+# ============================================================
+# CHECK 7: .gitignore coverage
+# ============================================================
+$gitignorePath = Join-Path $PackageRoot ".gitignore"
+if (Test-Path $gitignorePath) {
+    $gitignoreContent = Get-Content $gitignorePath -Raw
+    $expected = @("node_modules", ".config", ".opencode", "PLAN.d", "coverage", "*.tgz")
+    $missing = @()
+    $present = @()
+    foreach ($e in $expected) {
+        if ($gitignoreContent -match [regex]::Escape($e)) { $present += $e }
+        else { $missing += $e }
+    }
+    if ($missing.Count -eq 0) {
+        Write-Check -Id "safety.gitignore" -Name ".gitignore coverage" -Status PASS `
+            -Severity medium -Detail "All expected entries present" `
+            -Evidence @{ file = $gitignorePath; entries = $expected }
+    } else {
+        Write-Check -Id "safety.gitignore" -Name ".gitignore coverage" -Status WARN `
+            -Severity medium -Detail "Missing: $($missing -join ',')" `
+            -Evidence @{ file = $gitignorePath; present = $present; missing = $missing }
+    }
+} else {
+    Write-Check -Id "safety.gitignore" -Name ".gitignore exists" -Status FAIL -Severity high `
+        -Detail "File not found at ${gitignorePath}" `
+        -Evidence @{ path = $gitignorePath }
+}
+
+# ============================================================
+# CHECK 8-10: Runtime state via opencode CLI
+# ============================================================
+if (-not $SkipOCChecks) {
+    $pathsOut = & "opencode" "debug" "paths" 2>&1 | Out-String
+    if ($LASTEXITCODE -eq 0 -and $pathsOut.Trim().Length -gt 0) {
+        Write-Check -Id "oc.paths" -Name "opencode paths" -Status PASS -Severity low `
+            -Detail "Paths resolved" -Evidence @{ raw = $pathsOut.Trim() }
+    } else {
+        Write-Check -Id "oc.paths" -Name "opencode paths" -Status SKIP -Severity low `
+            -Detail "opencode CLI not available (exit $LASTEXITCODE)" `
+            -Evidence @{ exitCode = $LASTEXITCODE }
+    }
+
+    $configOut = & "opencode" "debug" "config" 2>&1 | Out-String
+    if ($LASTEXITCODE -eq 0 -and $configOut.Trim().Length -gt 0) {
+        $hasPlugin = $configOut -match "openhermes"
+        Write-Check -Id "oc.plugin_loaded" -Name "OpenHermes plugin loaded" -Status $(if ($hasPlugin) { "PASS" } else { "FAIL" }) `
+            -Severity high -Detail $(if ($hasPlugin) { "Found in resolved config" } else { "Not found in resolved config" }) `
+            -Evidence @{ pluginName = "openhermes"; found = $hasPlugin }
+    } else {
+        Write-Check -Id "oc.plugin_loaded" -Name "OpenHermes plugin loaded" -Status SKIP -Severity high `
+            -Detail "Could not read config (exit $LASTEXITCODE)" `
+            -Evidence @{ exitCode = $LASTEXITCODE }
+    }
+
+    $skillOut = & "opencode" "debug" "skill" 2>&1 | Out-String
+    if ($LASTEXITCODE -eq 0 -and $skillOut.Trim().Length -gt 0) {
+        $ohCount = @($skillOut | Select-String -Pattern "oh-").Count
+        Write-Check -Id "oc.skills_discovered" -Name "OH skills discovered" -Status $(if ($ohCount -ge 30) { "PASS" } else { "WARN" }) `
+            -Severity high -Detail "$ohCount oh-* skills found (expected >= 30)" `
+            -Evidence @{ count = $ohCount; minExpected = 30 }
+    } else {
+        Write-Check -Id "oc.skills_discovered" -Name "OH skills discovered" -Status SKIP -Severity high `
+            -Detail "Could not list skills (exit $LASTEXITCODE)" `
+            -Evidence @{ exitCode = $LASTEXITCODE }
+    }
+} else {
+    Write-Check -Id "oc.paths" -Name "opencode paths" -Status SKIP -Severity low -Detail "Skipped" -Evidence @{ flag = "SkipOCChecks" }
+    Write-Check -Id "oc.plugin_loaded" -Name "OpenHermes plugin loaded" -Status SKIP -Severity high -Detail "Skipped" -Evidence @{ flag = "SkipOCChecks" }
+    Write-Check -Id "oc.skills_discovered" -Name "OH skills discovered" -Status SKIP -Severity high -Detail "Skipped" -Evidence @{ flag = "SkipOCChecks" }
+}
+
+# ============================================================
+# SUMMARY
+# ============================================================
+$passCount = ($script:checks | Where-Object { $_.status -eq "PASS" }).Count
+$warnCount = ($script:checks | Where-Object { $_.status -eq "WARN" }).Count
+$failCount = ($script:checks | Where-Object { $_.status -eq "FAIL" }).Count
+$skipCount = ($script:checks | Where-Object { $_.status -eq "SKIP" }).Count
+
+$verdict = if ($failCount -gt 0) { "HAS_FAILURES" } elseif ($warnCount -gt 0) { "HAS_WARNINGS" } else { "ALL_CLEAN" }
+
+$routing = switch ($verdict) {
+    "ALL_CLEAN"    { "proceed" }
+    "HAS_WARNINGS"  { "proceed_with_caution" }
+    "HAS_FAILURES"  { "investigate" }
+}
+
+$summary = @{
+    verdict = $verdict
+    summary = @{
+        pass  = $passCount
+        warn  = $warnCount
+        fail  = $failCount
+        skip  = $skipCount
+        total = ($passCount + $warnCount + $failCount + $skipCount)
+    }
+    routing = $routing
+}
+
+$summary | ConvertTo-Json -Compress -Depth 3

package/harness/codex/CONSTITUTION.md

@@ -1,70 +0,0 @@
-# OpenHermes Constitution
-
-Non-negotiable behavioral core. Immutable without explicit user approval + full architecture handoff.
-
-## Operating Doctrine
-
-### 1. OpenCode-native first
-Use OpenCode's native skills, commands, agents, and rules loading. Do not copy content into global config when the package can register it directly.
-
-### 2. Pragmatic over performative
-Working code beats elegant theory. Fix the bug, not the vibe.
-
-### 3. Concise over verbose
-Every token costs context. Prefer short, direct output.
-
-### 4. Task-focused over exploratory
-Stay on mission. No drift. No unsolicited education.
-
-### 5. Subagent-driven for substantive work
-Main context orchestrates. Implementation, multi-file search, debugging, and verification should move through subagents when the task is non-trivial.
-
-### 6. Skills on demand
-Do not preload all skills. Invoke the specific skill when it is relevant.
-
-### 7. Verify before claim
-Read files, run commands, and confirm output before saying something is done.
-
-### 8. Rules over hidden state
-Prefer AGENTS.md, instructions, and explicit manifests over implicit or durable state.
-
-### 9. Memory deferred
-Memory is intentionally absent for this pass.
-
-### 10. Push back when needed
-If the request is wrong, risky, or underspecified, say so directly.
-
-### 11. Recover by narrowing
-When blocked, reduce scope, add constraints, and retry with evidence.
-
-### 12. Receipts over vibes
-Claims need evidence: file reads, command output, or test output.
-
-## Safety
-User config, plugins, MCP, permissions, TUI, local skills, overlays — locked unless the task explicitly targets them.
-
-## Escalation
-T0: observe
-T1: delegate
-T2: structure
-T3: ask
-
-## Self-Diagnosis
-
-Before every substantive response, ask:
-
-1. **Is this sycophancy?** — Would I say this without the user's steer? If tone/framing shaped the answer, it is sycophancy. Re-ask neutrally.
-
-2. **Factuality or faithfulness?** — If I am inventing things not in the loaded docs, I need to read more contextual knowledge. If I am drifting from what IS in context, my attention is degrading — compact or clear.
-
-3. **Am I in the smart zone?** — If the session is heavy and I am getting sloppy, I am past the smart zone. Stop pushing through. Compact and reload.
-
-4. **Am I repeating user mistakes?** — Mimicry is a sycophancy signal. Pause and evaluate independently.
-
-5. **Is this a knowledge-cutoff trap?** — If the user mentions versions, APIs, or libraries that may have shipped after my training data, load current docs before writing code.
-
-## Tone Check
-1. Am I terse?
-2. Am I delegating?
-3. Am I verifying?
-4. Does my approach match the problem's depth?

package/harness/codex/ROUTING.md

@@ -1,127 +0,0 @@
-# OpenHermes Routing Graph
-
-Every skill routes to the next based on outcome. No dead ends.
-
-## Routing semantics
-
-Every routing directive uses three outcomes:
-
-| Outcome | Meaning |
-|---------|---------|
-| **→ pass** | Skill completed its primary mission successfully |
-| **→ fail** | Skill found issues, got incomplete results, or cannot satisfy its objective |
-| **→ blocker** | Skill hit an unrecoverable obstacle — surface to user immediately |
-
-If a skill has no explicit route for an outcome, the fallback is always **surface to user with findings**.
-
-## Canonical routing table
-
-### Workflow skills
-*Includes oh-doctor (command, not skill) for diagnostic routing.*
-
-| Skill | pass | fail | blocker |
-|-------|------|------|---------|
-| **oh-planner** | → oh-grill (stress-test plan) | → oh-planner (revise gaps) | surface |
-| **oh-builder** | → oh-gauntlet (test) | → oh-builder (fix) | surface |
-| **oh-gauntlet** | → oh-ship (all pass) | → oh-builder (fix issues) | surface |
-| **oh-manifest** | → [pipeline: planner→builder→gauntlet→ship] | → oh-expert (diagnose loop failure) | surface |
-| **oh-grill** | → oh-planner (revise based on feedback) | → oh-expert (resolve confusion) | surface |
-| **oh-investigate** | → oh-builder (implement fix) | → oh-expert (deepen diagnosis) | surface |
-| **oh-expert** | → oh-builder (fix) or oh-gauntlet (re-test) | → oh-expert (re-diagnose) | surface |
-| **oh-ship** | → oh-retro (post-ship review) | → oh-expert (diagnose failure) | surface |
-| **oh-doctor** | → [report findings to user] | → oh-investigate (diagnose issues) | surface |
-
-### Review & analysis skills
-
-| Skill | pass | fail | blocker |
-|-------|------|------|---------|
-| **oh-review** | → oh-gauntlet (if code changes needed) or oh-ship | → oh-builder (fix violations) | surface |
-| **oh-plan-review** | → oh-grill (if concerns) or oh-manifest (execute) | → oh-planner (revise plan) | surface |
-| **oh-security** | → [report findings] | → oh-investigate (deepen) | surface |
-| **oh-health** | → [report score] | → oh-investigate (deepen) | surface |
-
-### Utility skills
-
-| Skill | pass | fail | blocker |
-|-------|------|------|---------|
-| **oh-init** | → [done — one-time setup] | → [retry with corrections] | surface |
-| **oh-prd** | → oh-issue (break into issues) | → oh-grill (stress requirements) | surface |
-| **oh-issue** | → [done — issues published] | → oh-planner (re-spec) | surface |
-| **oh-triage** | → oh-issue or oh-handoff | → oh-expert (clarify) | surface |
-| **oh-retro** | → oh-planner (next cycle) | → oh-handoff (if blocked) | surface |
-| **oh-handoff** | → [end of session — intended terminal] | → [surface blocker] | surface |
-| **oh-skill-craft** | → oh-skills-link (verify discovery) | → oh-expert (diagnose) | surface |
-| **oh-skills-link** | → [report link status] | → oh-skill-craft (fix skill) | surface |
-| **oh-skills-list** | → [done — read-only] | → [surface issue] | surface |
-
-### Mode skills (no routing — mode switches)
-
-| Skill | pass | fail | blocker |
-|-------|------|------|---------|
-| **oh-caveman** | → [mode active — return to prior skill] | → [fallback to normal mode] | surface |
-| **oh-freeze** | → [scope lock active — return to prior skill] | → [surface issue] | surface |
-| **oh-guard** | → [guard active — return to prior skill] | → [surface warning] | surface |
-| **oh-learn** | → [done — read-only] | → [surface gaps] | surface |
-
-## Routing graph (simplified)
-
-```
-oh-doctor ──fail──→ oh-investigate ──pass──→ oh-builder
-                                       fail──→ oh-expert ──pass──→ oh-builder
-                                                            fail──→ oh-expert
-oh-planner ──pass──→ oh-grill ──pass──→ oh-planner (revise) ──→ oh-manifest
-              fail──→ oh-planner (revise)
-
-oh-manifest ──→ oh-planner → oh-builder → oh-gauntlet → oh-ship → oh-retro → oh-planner
-                 ↑_____________________________|              |
-                 |                                             ↓
-                 └───────── oh-expert ←───────────────── fail
-
-oh-ship ──pass──→ oh-retro ──→ oh-planner (loops forever)
-          fail──→ oh-expert ──→ oh-builder ──→ oh-gauntlet
-```
-
-## Rules
-
-1. Every skill routes somewhere — no leaf nodes (except handoff which is intentional terminal)
-2. Route by outcome, not by convention — different results go different places
-3. Default fallback if no match: **surface to user**
-4. Mode skills (caveman, freeze, guard) return to the skill that invoked them after toggling state
-5. The graph must have no dead ends — the only true terminal is `oh-handoff` (session end)
-
-## OptiRoute Protocol
-
-OptiRoute is a smart auto-routing guard layer. It prevents infinite loops, stops on ambiguity, and auto-generates handoff reports when a task goes nowhere.
-
-### Loop Guard
-
-Tracks routing depth per chain. Two thresholds:
-
-| Threshold | Trigger | Action |
-|-----------|---------|--------|
-| **3x repeat** | Same skill visited 3+ times in one routing chain | STOP, invoke auto-handoff |
-| **5-hop ceiling** | 5+ routing hops without measurable progress toward the original goal | STOP, invoke auto-handoff |
-
-*Progress* is defined as: the routing target changed since the last hop, or a new artifact was produced (plan.md updated, code written, test result).
-
-### Question Gate
-
-Before each routing hop, evaluate:
-
-- Is the next skill's input fully satisfied? (plan.md exists for builder, code exists for gauntlet, etc.)
-- Is there any ambiguity that requires user clarification?
-
-If either is no: **do not route. Ask the user a specific question.** Surface what you have, what's missing, and what you need.
-
-### Auto-Handoff
-
-When Loop Guard triggers:
-
-1. **Stop routing immediately.** Do not attempt another hop.
-2. **Write to plan.md:** Append an OptiRoute report with:
-   - Routing chain: the sequence of skills visited
-   - Trigger: which threshold fired (3x repeat / 5-hop ceiling)
-   - Current state: what artifacts exist, what's pending
-   - Blocker: what prevented progress
-3. **Surface to user** with: `OPTIROUTE STOP: <reason> | Chain: <skills> | See plan.md for full report`
-4. Exit the loop. Await user direction.

package/harness/instructions/RUNTIME.md

@@ -1,55 +0,0 @@
-## OpenHermes Runtime
-
-Root: package-local harness plus repo `AGENTS.md`. `AGENTS.md` is the routing layer.
-
-**Skills**: Load on demand through OpenCode's native `skill` tool. Do not preload all skills.
-
-Key skills:
-- `oh-expert` — shared AI-coding vocabulary for self-diagnosis. Load when you need to diagnose your own failures.
-- `oh-planner` — all-arounder planner. Merges brainstorm, architecture analysis, strategy review, autoplan.
-- `oh-builder` — all-arounder builder. Merges prototype, TDD, implementation from plan, interface design.
-- `oh-manifest` — full build loop: plan → build → verify → loop until done or blocker.
-- `oh-gauntlet` — rigorous multi-axis testing: unit tests, dual-axis review, edge cases, QA, canary.
-- `oh-grill` — stress-test plans through Socratic questioning. Optionally updates CONTEXT.md, ADRs, and extracts ubiquitous language.
-- `oh-plan-review` — multi-lens plan review: Engineering, Design, DX, Strategy perspectives.
-- `oh-security` — security audit: secrets archaeology, supply chain, CI/CD, OWASP, STRIDE, LLM security.
-- `oh-health` — code quality dashboard: wraps project tools, computes composite score, tracks trends.
-- `oh-skill-craft` — create new agent skills for the harness.
-- `oh-investigate` — systematic bug diagnosis.
-- `oh-handoff` — compact session into structured handoff artifact.
-- `oh-retro` — retrospective after shipping.
-- `oh-init` — initialize project with OpenHermes harness.
-
-**Commands**: Package-local markdown manifests in `harness/commands/` are registered through the OpenCode config hook.
-
-**Agents**: `OpenHermes` is the default primary orchestrator. Keep built-in OpenCode agents available for planning and exploration, and add custom subagents through `harness/agents/`.
-
-**Workflow**:
-- Inspect first with native file tools.
-- Delegate substantive work to subagents using structured handoff.
-- Treat multi-file changes as planned work, not improvisation.
-- Checkpoint before handoff. Verify after each return.
-- Verify before claiming success.
-
-**Orchestration discipline**:
-- **Session pool**: Subagents run in their own sessions with isolated context. No cross-session state leakage. Each subagent reports a single result back.
-- **Concurrency**: Parallelize independent sub-tasks. Sequentialize dependent ones. Do not parallelize phases that share mutable state.
-- **Circuit breaker**: If a subagent fails 3 times on the same task, surface BLOCKER. Do not silently retry.
-- **Pipelined verification**: Build → auto-verify. Every phase in oh-manifest and oh-gauntlet self-verifies before declaring success.
-- **Background vs sync**: Independent work → background (fire-and-forget). Dependent work → sync (await result). Check task result before proceeding.
-
-**Shared state**:
-- `.opencode/plan.md` — produced by oh-planner, consumed by oh-builder and oh-manifest
-- `.opencode/work-log.md` — progress tracking across subagent delegations
-- `.opencode/todo.md` — task tracking for multi-step work
-- `.opencode/instincts.jsonl` — behavioral patterns (trigger-action-confidence) extracted by oh-learn. On session start, read the highest-confidence entries (≥0.7) into context so past patterns inform current work. This is not durable state — it is an opt-in config that grows organically.
-
-**Bootstrap**: `harness/codex/CONSTITUTION.md`, this file, `CONTEXT.md`, and `ETHOS.md` are injected into the first user message so the agent starts with the same operating model every session.
-
-**Memory**: deferred for now. Do not invent a persistence layer.
-
-## Conventions
-
-Security, coding style, testing, and orchestration standards:
-- For coding conventions, see the Constitution.
-- Skills provide the detailed walkthroughs for specialized workflows.

package/harness/skills/oh-caveman/SKILL.md

@@ -1,33 +0,0 @@
----
-name: oh-caveman
-description: "Ultra-compressed communication mode — cut token usage ~75%"
----
-
-# oh-caveman
-
-## When to Use
-When context is tight, tokens are precious, or user says "caveman mode." Drops filler, articles, and pleasantries while keeping full technical accuracy.
-
-## Mode
-- No pleasantries, no hedging, no transitions
-- Fragments OK. One word when enough.
-- Short synonyms. Drop articles.
-- Code unchanged — only prose compresses.
-- Technical accuracy preserved at all costs.
-
-## Example
-Normal: "I think we should probably look at the authentication module because there might be an issue with the token refresh logic."
-Caveman: "Check auth module — token refresh likely broken."
-
-## Anti-patterns
-- Compressing code (code is already dense)
-- Omitting critical context to save tokens
-- Being unclear to be brief (accuracy > brevity)
-
-## Routing
-
-| Outcome | Route |
-|---------|-------|
-| pass | → [return to prior skill — mode active] |
-| fail | → [fallback to normal communication mode] |
-| blocker | → surface to user |