pluidr 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/LICENSE +20 -20
  2. package/README.md +365 -365
  3. package/bin/pluidr.js +3 -3
  4. package/package.json +45 -45
  5. package/src/cli/commands/doctor.js +101 -101
  6. package/src/cli/commands/init.js +43 -43
  7. package/src/cli/commands/launch.js +46 -44
  8. package/src/cli/commands/uninstall.js +63 -63
  9. package/src/cli/commands/update.js +6 -6
  10. package/src/cli/index.js +57 -57
  11. package/src/cli/wizard/selectModelTier.js +40 -40
  12. package/src/core/agentPromptWriter.js +32 -32
  13. package/src/core/agentPromptWriter.test.js +56 -56
  14. package/src/core/backup.js +40 -40
  15. package/src/core/configBuilder.js +32 -32
  16. package/src/core/configBuilder.test.js +93 -93
  17. package/src/core/configWriter.js +10 -10
  18. package/src/core/identityHeader.js +8 -8
  19. package/src/core/paths.js +9 -9
  20. package/src/core/paths.test.js +21 -21
  21. package/src/core/pluginWriter.js +29 -29
  22. package/src/core/squeezeInstaller.js +161 -161
  23. package/src/core/squeezeInstaller.test.js +75 -75
  24. package/src/core/version.js +8 -8
  25. package/src/core/versionCheck.js +44 -35
  26. package/src/core/versionCheck.test.js +12 -2
  27. package/src/plugins/README.md +68 -68
  28. package/src/plugins/pluidr-squeeze.js +77 -77
  29. package/src/templates/agent-prompts/auditor.txt +20 -20
  30. package/src/templates/agent-prompts/coder.txt +87 -87
  31. package/src/templates/agent-prompts/compose-reporter.txt +55 -55
  32. package/src/templates/agent-prompts/composer.txt +430 -430
  33. package/src/templates/agent-prompts/debug-reporter.txt +65 -65
  34. package/src/templates/agent-prompts/debugger.txt +151 -151
  35. package/src/templates/agent-prompts/fixer.txt +66 -66
  36. package/src/templates/agent-prompts/hierarchy.txt +96 -96
  37. package/src/templates/agent-prompts/inspector.txt +79 -79
  38. package/src/templates/agent-prompts/patcher.txt +20 -20
  39. package/src/templates/agent-prompts/plan-checker.txt +45 -45
  40. package/src/templates/agent-prompts/plan-writer.txt +57 -57
  41. package/src/templates/agent-prompts/probe-reporter.txt +62 -62
  42. package/src/templates/agent-prompts/prober.txt +90 -90
  43. package/src/templates/agent-prompts/researcher.txt +48 -48
  44. package/src/templates/agent-prompts/reviewer.txt +57 -57
  45. package/src/templates/agent-prompts/tester.txt +66 -66
  46. package/src/templates/agent-prompts/tracer.txt +33 -33
  47. package/src/templates/model-defaults.json +73 -73
  48. package/src/templates/opencode.config.json +481 -481
package/README.md CHANGED
@@ -1,365 +1,365 @@
1
- # Pluidr
2
-
3
- [![npm version](https://img.shields.io/npm/v/pluidr)](https://www.npmjs.com/package/pluidr)
4
- [![npm downloads](https://img.shields.io/npm/dm/pluidr)](https://www.npmjs.com/package/pluidr)
5
- [![License](https://img.shields.io/npm/l/pluidr)](https://github.com/funara/pluidr/blob/main/LICENSE)
6
-
7
- ** Plan · Build · Review ** — opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
8
-
9
- ---
10
-
11
- ## What is Pluidr?
12
-
13
- Pluidr installs **3 primary agents + 14 subagents** into OpenCode — each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
14
-
15
- | Primary Agent | Model Tier | Purpose | Subagents |
16
- |---|---|---|---|
17
- | **Composer** | 🧠 Reasoning | Feature work — Explore → Plan → Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
18
- | **Debugger** | 🧠 Reasoning | Bug investigation — Investigate → Fix → Report | Inspector, Fixer, Debug-Reporter |
19
- | **Prober** | 🧠 Reasoning | Security audit — Trace → Patch → Audit | Tracer, Patcher, Auditor, Probe-Reporter |
20
-
21
- ---
22
-
23
- ## Agent Workflows
24
-
25
- ### 🎼 Composer — Feature Work
26
-
27
- Composer is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way — no going back without explicit user instruction.
28
-
29
- ```
30
- You describe a feature / idea
31
-
32
-
33
- ┌─────────────────────────────────────────┐
34
- │ EXPLORE PHASE (mandatory start) │
35
- │ │
36
- │ Delegate: Researcher │
37
- │ → deep codebase + web fact-finding │
38
- │ → confirmed_facts / inferred_facts / │
39
- │ unknowns / risks │
40
- │ │
41
- │ Composer internally assesses: │
42
- │ Is this feature simple or complex? │
43
- └──────────┬──────────────────────────────┘
44
-
45
- ┌────────┴────────┐
46
- │ Simple feature │ Complex feature
47
- ▼ ▼
48
- GUARDRAIL GATE 1a GUARDRAIL GATE 1b
49
- "Build directly?" "Write a PRD?"
50
- │ │
51
- │ Yes │ Yes
52
- │ ▼
53
- │ ┌──────────────────────────────┐
54
- │ │ PLAN PHASE │
55
- │ │ │
56
- │ │ Plan-Writer → docs/plans/ │
57
- │ │ Plan-Checker validates PRD │
58
- │ │ PASS/FAIL + gap list only │
59
- │ │ │
60
- │ │ FAIL → surface gaps to you │
61
- │ │ (max 5 loops) │
62
- │ │ │
63
- │ │ PASS → GUARDRAIL GATE 2 │
64
- │ │ "Build from this PRD?" │
65
- │ └──────────┬───────────────────┘
66
- │ │ Yes
67
- └──────────┬──────────┘
68
-
69
- ┌────────────────────────────────────────────┐
70
- │ BUILD PHASE │
71
- │ │
72
- │ Coder → implements from PRD / request │
73
- │ │ │
74
- │ ▼ │
75
- │ Tester → PASS/FAIL/BLOCKED │
76
- │ │ FAIL → back to Coder (max 5 loops) │
77
- │ │ PASS ↓ │
78
- │ ▼ │
79
- │ Reviewer → PASS/FAIL + gap list │
80
- │ │ FAIL → back to Coder (max 5 loops) │
81
- │ │ PASS ↓ │
82
- │ ▼ │
83
- │ Compose-Reporter → docs/reports/ │
84
- └────────────────────────────────────────────┘
85
-
86
-
87
- You review result
88
-
89
- Composer resets → asks: New feature? Debug? Iterate?
90
- ```
91
-
92
- **Key rules:**
93
- - Composer has **no read/write/bash permissions** — all work delegated to subagents
94
- - Phase transition only via guardrail gates — no skipping
95
- - `Coder → Coder` loops without Tester verification are forbidden
96
- - 5 consecutive FAILs from Tester or Reviewer → surfaces to you
97
-
98
- ---
99
-
100
- ### 🐛 Debugger — Bug Investigation
101
-
102
- Debugger is a **standalone primary agent** — does not depend on Composer. Trigger it directly from the Debugger tab whenever you find a bug.
103
-
104
- ```
105
- You report a bug / defect
106
-
107
-
108
- ┌─────────────────────────────────────────────┐
109
- │ INVESTIGATE PHASE │
110
- │ │
111
- │ Delegate: Inspector │
112
- │ Review mode (Debugger selects): │
113
- │ · PR Review → classify R1-R6 │
114
- │ · Architecture → dependency analysis │
115
- │ · Tech Debt → Pain × Spread score │
116
- │ · Test Quality → classify T1-T6 │
117
- │ │
118
- │ Output: Iron Law chain per finding │
119
- │ Symptom → Source → Consequence → Remedy │
120
- └──────────┬──────────────────────────────────┘
121
-
122
- Root cause identified?
123
- ┌────────┴────────┐
124
- │ Yes │ No / unknowns remain
125
- ▼ ▼
126
- ┌─────────────┐ Halt — surface to you
127
- │ FIX PHASE │ with specific questions
128
- │ │
129
- │ Delegate: │
130
- │ Fixer │
131
- │ → minimal │
132
- │ fix per │
133
- │ Iron Law │
134
- └──────┬──────┘
135
-
136
-
137
- ┌──────────────────────────────────────┐
138
- │ REPORT PHASE │
139
- │ │
140
- │ Delegate: Debug-Reporter │
141
- │ → Iron Law diagnosis report │
142
- │ → saved to docs/reports/ │
143
- └──────────────────────────────────────┘
144
-
145
-
146
- You review the diagnosis + fix
147
-
148
- Debugger resets → asks: New bug? Feature work? Re-investigate?
149
- ```
150
-
151
- **Key rules:**
152
- - Debugger has **no read/write/bash permissions** — all delegated to subagents
153
- - Never delegates Fixer without Inspector confirming root cause first
154
- - If unknowns remain after investigation → halts and prompts you, does not guess
155
-
156
- ---
157
-
158
- ### 🔍 Prober — Security Audit
159
-
160
- Prober is a **standalone primary agent** — does not depend on Composer or Debugger. Trigger it directly from the Prober tab to audit any codebase for security vulnerabilities and quality decay.
161
-
162
- ```
163
- You trigger a security audit
164
-
165
-
166
- ┌───────────────────────────────────────────────────┐
167
- │ TRACE PHASE (mandatory start) │
168
- │ │
169
- │ Delegate: Tracer │
170
- │ → WSTG-guided breadth-first recon │
171
- │ → trace data flows: input → path → sink │
172
- │ │
173
- │ Output: │
174
- │ · Confirmed Vulnerabilities (OWASP category, │
175
- │ location, data flow) │
176
- │ · Suspected Vulnerabilities (manual verify) │
177
- │ · Quality & Decay Risks (e.g. hardcoded │
178
- │ secrets, missing input validation) │
179
- └──────────┬────────────────────────────────────────┘
180
-
181
-
182
- GUARDRAIL GATE (question tool):
183
- "Audit findings ready. How to proceed?"
184
- ├── "Patch all confirmed findings" → PATCH PHASE
185
- ├── "Select specific findings" → PATCH PHASE (you pick)
186
- ├── "Audit only — no patches" → AUDIT PHASE (skip PATCH)
187
- └── "Re-investigate attack surface" → re-delegate Tracer
188
-
189
-
190
- ┌──────────────────────────────────────────────────┐
191
- │ PATCH PHASE (skipped if audit-only) │
192
- │ │
193
- │ Delegate: Patcher │
194
- │ → Ponytail mindset: smallest correct diff │
195
- │ → prefer deleting the cause over wrapping it │
196
- │ → escalates to you if patch > 10 lines │
197
- └──────────┬───────────────────────────────────────┘
198
-
199
-
200
- ┌──────────────────────────────────────────────────┐
201
- │ AUDIT PHASE (max 5 loops) │
202
- │ │
203
- │ Delegate: Auditor │
204
- │ → verify patch resolved vulnerabilities │
205
- │ → security regression check │
206
- │ → Ponytail BLOAT analysis (over-engineering) │
207
- │ │
208
- │ PASS → proceed to report │
209
- │ FAIL → re-delegate Patcher with Gap + BLOAT │
210
- │ lists verbatim (max 5 loops, then you) │
211
- │ │
212
- │ Delegate: Probe-Reporter │
213
- │ → security audit report → docs/reports/ │
214
- └──────────────────────────────────────────────────┘
215
-
216
-
217
- You review the audit report
218
-
219
- Prober resets → asks: New audit? Feature work? Bug investigation?
220
- ```
221
-
222
- **Key rules:**
223
- - Prober has **no read/write/bash permissions** — all delegated to subagents
224
- - TRACE phase is always mandatory — no patching without recon first
225
- - GUARDRAIL GATE required before any patches are applied
226
- - 5 consecutive AUDIT FAILs → surfaces to you
227
-
228
- ---
229
-
230
- ## Subagent Reference
231
-
232
- Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
233
-
234
- | Primary | Phase | Subagent | Model Tier | Role |
235
- |---------|-------|----------|------------|------|
236
- | Composer | EXPLORE | Researcher | 🧠 Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
237
- | Composer | PLAN | Plan-Writer | ⚡ Fast | **Formatter** — writes PRD to `docs/plans/`, missing input = TBD |
238
- | Composer | PLAN | Plan-Checker | 🧠 Reasoning | **Gate** — PASS/FAIL + gap list only, no suggestions |
239
- | Composer | BUILD | Coder | ⚡ Fast | Implements code from PRD |
240
- | Composer | BUILD | Tester | 🎯 Precision | PASS/FAIL/BLOCKED + coverage gaps only |
241
- | Composer | BUILD | Reviewer | 🎯 Precision | **Gate** — PASS/FAIL + gap list only, no suggestions |
242
- | Composer | BUILD | Compose-Reporter | ⚡ Fast | **Formatter** — completion report to `docs/reports/` |
243
- | Debugger | INVESTIGATE | Inspector | 🧠 Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
244
- | Debugger | FIX | Fixer | ⚡ Fast | Minimal, root-cause-targeted fix |
245
- | Debugger | REPORT | Debug-Reporter | ⚡ Fast | **Formatter** — Iron Law diagnosis report to `docs/reports/` |
246
- | Prober | TRACE | Tracer | 🎯 Precision | WSTG recon + vuln path tracing, no remedies |
247
- | Prober | PATCH | Patcher | ⚡ Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
248
- | Prober | AUDIT | Auditor | 🎯 Precision | **Gate** — PASS/FAIL + Gap List + BLOAT List only |
249
- | Prober | AUDIT | Probe-Reporter | ⚡ Fast | **Formatter** — security audit report to `docs/reports/` |
250
-
251
- ---
252
-
253
- ## Flow Rules
254
-
255
- | Rule | Detail |
256
- |------|--------|
257
- | **Mandatory starts** | Composer always starts in EXPLORE. Prober always starts in TRACE. No skipping. |
258
- | **Guardrail gates** | Composer: Gate 1 (EXPLORE→PLAN/BUILD), Gate 2 (PLAN→BUILD). Prober: Gate after TRACE. All require user confirmation. |
259
- | **Gate agents** | Plan-Checker, Reviewer, Auditor — PASS/FAIL + gap list only. No suggestions, no decisions. |
260
- | **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Probe-Reporter — stateless. Missing input = TBD/NA. Never invent content. |
261
- | **Fact-finding agents** | Researcher, Inspector, Tracer — facts/inferences/risks only. No recommendations. |
262
- | **Build gate order** | Coder → Tester → Reviewer → Compose-Reporter. No skipping. No Coder→Coder without verification. |
263
- | **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Prober AUDIT FAIL: max 5 loops. All surface to you after limit. |
264
- | **Output directories** | PRDs → `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Probe-Reporter) → `docs/reports/`. Enforced by permissions. |
265
- | **Independence** | Debugger and Prober are fully standalone — triggered directly, do not flow through Composer. |
266
-
267
- ---
268
-
269
- ## Brooks-Lint Methodology (Debugger)
270
-
271
- The Debugger pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
272
-
273
- - **Iron Law** per finding: Symptom → Source → Consequence → Remedy
274
- - **6 Decay Risks (R1–R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
275
- - **4 Review Modes**: PR Review (R1–R6), Architecture Audit, Tech Debt Assessment (Pain × Spread), Test Quality (T1–T6)
276
- - **T1–T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
277
-
278
- ## Principle Hierarchy
279
-
280
- All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
281
-
282
- 1. **PRD / Spec** — explicit requirement text
283
- 2. **Verdict** — Reviewer / Plan-Checker / Auditor PASS/FAIL
284
- 3. **Engineering principles** — Fail Fast, Single Responsibility
285
- 4. **Heuristics** — KISS, DRY, SOLID, Law of Demeter
286
- 5. **Local optimization** — style preference
287
-
288
- ---
289
-
290
- ## Install
291
-
292
- ```sh
293
- npm install -g pluidr
294
- ```
295
-
296
- Or run directly without installing:
297
-
298
- ```sh
299
- npx pluidr init
300
- ```
301
-
302
- ## Usage
303
-
304
- ### `pluidr`
305
-
306
- The everyday command. Runs three steps in sequence:
307
-
308
- 1. **Update check** — compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
309
- 2. **Doctor check** — verifies installation health; prompts to repair with `pluidr init` if any checks fail
310
- 3. **Launch** — spawns `opencode`
311
-
312
- ### `pluidr init`
313
-
314
- Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
315
-
316
- - Asks whether to install the pluidr-squeeze plugin (can decline)
317
- - Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
318
- - Backs up any existing config to `opencode.jsonc.bak.*`
319
- - Writes the new config to `~/.config/opencode/opencode.jsonc`
320
- - Copies all 18 agent prompt files into `~/.config/opencode/prompts/`
321
- - Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
322
- - Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
323
-
324
- ### `pluidr doctor`
325
-
326
- Checks installation health and reports ✓/✗ for each component:
327
-
328
- - `opencode.jsonc` exists
329
- - All 18 prompt files present
330
- - Both plugin files present
331
- - `package.json` with `@opencode-ai/plugin` dependency
332
- - squeeze binary available
333
- - Config is valid JSON
334
-
335
- Exits with code `0` if all pass, `1` if any fail.
336
-
337
- ### `pluidr update`
338
-
339
- Checks the npm registry for a newer version of pluidr and prompts to install it.
340
-
341
- ### `pluidr uninstall`
342
-
343
- Restores your previous configuration:
344
-
345
- - Finds the latest timestamped backup and restores it to `opencode.jsonc`
346
- - Removes `prompts/`, `plugins/`, and `bin/` directories
347
- - Preserves `opencode.jsonc` and `package.json`
348
-
349
- ---
350
-
351
- ## Bundled Plugins
352
-
353
- ### `pluidr-flow`
354
-
355
- Provides subagents with cross-session context access:
356
-
357
- - `parent_session_messages` — read the parent session's transcript
358
- - `session_messages(sessionId)` — read any session by ID
359
- - `session_messages_batch(sessionIds)` — read multiple sessions in one call
360
-
361
- ### `pluidr-squeeze`
362
-
363
- Hooks into tool execution to rewrite bash commands through the `squeeze` binary, filtering verbose output and saving **60–90% of tokens** across all agents.
364
-
365
- Both plugins and their dependency declaration are installed automatically by `pluidr init` — no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.
1
+ # Pluidr
2
+
3
+ [![npm version](https://img.shields.io/npm/v/pluidr)](https://www.npmjs.com/package/pluidr)
4
+ [![npm downloads](https://img.shields.io/npm/dm/pluidr)](https://www.npmjs.com/package/pluidr)
5
+ [![License](https://img.shields.io/npm/l/pluidr)](https://github.com/funara/pluidr/blob/main/LICENSE)
6
+
7
+ ** Plan · Build · Review ** — opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
8
+
9
+ ---
10
+
11
+ ## What is Pluidr?
12
+
13
+ Pluidr installs **3 primary agents + 14 subagents** into OpenCode — each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
14
+
15
+ | Primary Agent | Model Tier | Purpose | Subagents |
16
+ |---|---|---|---|
17
+ | **Composer** | 🧠 Reasoning | Feature work — Explore → Plan → Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
18
+ | **Debugger** | 🧠 Reasoning | Bug investigation — Investigate → Fix → Report | Inspector, Fixer, Debug-Reporter |
19
+ | **Prober** | 🧠 Reasoning | Security audit — Trace → Patch → Audit | Tracer, Patcher, Auditor, Probe-Reporter |
20
+
21
+ ---
22
+
23
+ ## Agent Workflows
24
+
25
+ ### 🎼 Composer — Feature Work
26
+
27
+ Composer is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way — no going back without explicit user instruction.
28
+
29
+ ```
30
+ You describe a feature / idea
31
+
32
+
33
+ ┌─────────────────────────────────────────┐
34
+ │ EXPLORE PHASE (mandatory start) │
35
+ │ │
36
+ │ Delegate: Researcher │
37
+ │ → deep codebase + web fact-finding │
38
+ │ → confirmed_facts / inferred_facts / │
39
+ │ unknowns / risks │
40
+ │ │
41
+ │ Composer internally assesses: │
42
+ │ Is this feature simple or complex? │
43
+ └──────────┬──────────────────────────────┘
44
+
45
+ ┌────────┴────────┐
46
+ │ Simple feature │ Complex feature
47
+ ▼ ▼
48
+ GUARDRAIL GATE 1a GUARDRAIL GATE 1b
49
+ "Build directly?" "Write a PRD?"
50
+ │ │
51
+ │ Yes │ Yes
52
+ │ ▼
53
+ │ ┌──────────────────────────────┐
54
+ │ │ PLAN PHASE │
55
+ │ │ │
56
+ │ │ Plan-Writer → docs/plans/ │
57
+ │ │ Plan-Checker validates PRD │
58
+ │ │ PASS/FAIL + gap list only │
59
+ │ │ │
60
+ │ │ FAIL → surface gaps to you │
61
+ │ │ (max 5 loops) │
62
+ │ │ │
63
+ │ │ PASS → GUARDRAIL GATE 2 │
64
+ │ │ "Build from this PRD?" │
65
+ │ └──────────┬───────────────────┘
66
+ │ │ Yes
67
+ └──────────┬──────────┘
68
+
69
+ ┌────────────────────────────────────────────┐
70
+ │ BUILD PHASE │
71
+ │ │
72
+ │ Coder → implements from PRD / request │
73
+ │ │ │
74
+ │ ▼ │
75
+ │ Tester → PASS/FAIL/BLOCKED │
76
+ │ │ FAIL → back to Coder (max 5 loops) │
77
+ │ │ PASS ↓ │
78
+ │ ▼ │
79
+ │ Reviewer → PASS/FAIL + gap list │
80
+ │ │ FAIL → back to Coder (max 5 loops) │
81
+ │ │ PASS ↓ │
82
+ │ ▼ │
83
+ │ Compose-Reporter → docs/reports/ │
84
+ └────────────────────────────────────────────┘
85
+
86
+
87
+ You review result
88
+
89
+ Composer resets → asks: New feature? Debug? Iterate?
90
+ ```
91
+
92
+ **Key rules:**
93
+ - Composer has **no read/write/bash permissions** — all work delegated to subagents
94
+ - Phase transition only via guardrail gates — no skipping
95
+ - `Coder → Coder` loops without Tester verification are forbidden
96
+ - 5 consecutive FAILs from Tester or Reviewer → surfaces to you
97
+
98
+ ---
99
+
100
+ ### 🐛 Debugger — Bug Investigation
101
+
102
+ Debugger is a **standalone primary agent** — does not depend on Composer. Trigger it directly from the Debugger tab whenever you find a bug.
103
+
104
+ ```
105
+ You report a bug / defect
106
+
107
+
108
+ ┌─────────────────────────────────────────────┐
109
+ │ INVESTIGATE PHASE │
110
+ │ │
111
+ │ Delegate: Inspector │
112
+ │ Review mode (Debugger selects): │
113
+ │ · PR Review → classify R1-R6 │
114
+ │ · Architecture → dependency analysis │
115
+ │ · Tech Debt → Pain × Spread score │
116
+ │ · Test Quality → classify T1-T6 │
117
+ │ │
118
+ │ Output: Iron Law chain per finding │
119
+ │ Symptom → Source → Consequence → Remedy │
120
+ └──────────┬──────────────────────────────────┘
121
+
122
+ Root cause identified?
123
+ ┌────────┴────────┐
124
+ │ Yes │ No / unknowns remain
125
+ ▼ ▼
126
+ ┌─────────────┐ Halt — surface to you
127
+ │ FIX PHASE │ with specific questions
128
+ │ │
129
+ │ Delegate: │
130
+ │ Fixer │
131
+ │ → minimal │
132
+ │ fix per │
133
+ │ Iron Law │
134
+ └──────┬──────┘
135
+
136
+
137
+ ┌──────────────────────────────────────┐
138
+ │ REPORT PHASE │
139
+ │ │
140
+ │ Delegate: Debug-Reporter │
141
+ │ → Iron Law diagnosis report │
142
+ │ → saved to docs/reports/ │
143
+ └──────────────────────────────────────┘
144
+
145
+
146
+ You review the diagnosis + fix
147
+
148
+ Debugger resets → asks: New bug? Feature work? Re-investigate?
149
+ ```
150
+
151
+ **Key rules:**
152
+ - Debugger has **no read/write/bash permissions** — all delegated to subagents
153
+ - Never delegates Fixer without Inspector confirming root cause first
154
+ - If unknowns remain after investigation → halts and prompts you, does not guess
155
+
156
+ ---
157
+
158
+ ### 🔍 Prober — Security Audit
159
+
160
+ Prober is a **standalone primary agent** — does not depend on Composer or Debugger. Trigger it directly from the Prober tab to audit any codebase for security vulnerabilities and quality decay.
161
+
162
+ ```
163
+ You trigger a security audit
164
+
165
+
166
+ ┌───────────────────────────────────────────────────┐
167
+ │ TRACE PHASE (mandatory start) │
168
+ │ │
169
+ │ Delegate: Tracer │
170
+ │ → WSTG-guided breadth-first recon │
171
+ │ → trace data flows: input → path → sink │
172
+ │ │
173
+ │ Output: │
174
+ │ · Confirmed Vulnerabilities (OWASP category, │
175
+ │ location, data flow) │
176
+ │ · Suspected Vulnerabilities (manual verify) │
177
+ │ · Quality & Decay Risks (e.g. hardcoded │
178
+ │ secrets, missing input validation) │
179
+ └──────────┬────────────────────────────────────────┘
180
+
181
+
182
+ GUARDRAIL GATE (question tool):
183
+ "Audit findings ready. How to proceed?"
184
+ ├── "Patch all confirmed findings" → PATCH PHASE
185
+ ├── "Select specific findings" → PATCH PHASE (you pick)
186
+ ├── "Audit only — no patches" → AUDIT PHASE (skip PATCH)
187
+ └── "Re-investigate attack surface" → re-delegate Tracer
188
+
189
+
190
+ ┌──────────────────────────────────────────────────┐
191
+ │ PATCH PHASE (skipped if audit-only) │
192
+ │ │
193
+ │ Delegate: Patcher │
194
+ │ → Ponytail mindset: smallest correct diff │
195
+ │ → prefer deleting the cause over wrapping it │
196
+ │ → escalates to you if patch > 10 lines │
197
+ └──────────┬───────────────────────────────────────┘
198
+
199
+
200
+ ┌──────────────────────────────────────────────────┐
201
+ │ AUDIT PHASE (max 5 loops) │
202
+ │ │
203
+ │ Delegate: Auditor │
204
+ │ → verify patch resolved vulnerabilities │
205
+ │ → security regression check │
206
+ │ → Ponytail BLOAT analysis (over-engineering) │
207
+ │ │
208
+ │ PASS → proceed to report │
209
+ │ FAIL → re-delegate Patcher with Gap + BLOAT │
210
+ │ lists verbatim (max 5 loops, then you) │
211
+ │ │
212
+ │ Delegate: Probe-Reporter │
213
+ │ → security audit report → docs/reports/ │
214
+ └──────────────────────────────────────────────────┘
215
+
216
+
217
+ You review the audit report
218
+
219
+ Prober resets → asks: New audit? Feature work? Bug investigation?
220
+ ```
221
+
222
+ **Key rules:**
223
+ - Prober has **no read/write/bash permissions** — all delegated to subagents
224
+ - TRACE phase is always mandatory — no patching without recon first
225
+ - GUARDRAIL GATE required before any patches are applied
226
+ - 5 consecutive AUDIT FAILs → surfaces to you
227
+
228
+ ---
229
+
230
+ ## Subagent Reference
231
+
232
+ Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
233
+
234
+ | Primary | Phase | Subagent | Model Tier | Role |
235
+ |---------|-------|----------|------------|------|
236
+ | Composer | EXPLORE | Researcher | 🧠 Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
237
+ | Composer | PLAN | Plan-Writer | ⚡ Fast | **Formatter** — writes PRD to `docs/plans/`, missing input = TBD |
238
+ | Composer | PLAN | Plan-Checker | 🧠 Reasoning | **Gate** — PASS/FAIL + gap list only, no suggestions |
239
+ | Composer | BUILD | Coder | ⚡ Fast | Implements code from PRD |
240
+ | Composer | BUILD | Tester | 🎯 Precision | PASS/FAIL/BLOCKED + coverage gaps only |
241
+ | Composer | BUILD | Reviewer | 🎯 Precision | **Gate** — PASS/FAIL + gap list only, no suggestions |
242
+ | Composer | BUILD | Compose-Reporter | ⚡ Fast | **Formatter** — completion report to `docs/reports/` |
243
+ | Debugger | INVESTIGATE | Inspector | 🧠 Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
244
+ | Debugger | FIX | Fixer | ⚡ Fast | Minimal, root-cause-targeted fix |
245
+ | Debugger | REPORT | Debug-Reporter | ⚡ Fast | **Formatter** — Iron Law diagnosis report to `docs/reports/` |
246
+ | Prober | TRACE | Tracer | 🎯 Precision | WSTG recon + vuln path tracing, no remedies |
247
+ | Prober | PATCH | Patcher | ⚡ Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
248
+ | Prober | AUDIT | Auditor | 🎯 Precision | **Gate** — PASS/FAIL + Gap List + BLOAT List only |
249
+ | Prober | AUDIT | Probe-Reporter | ⚡ Fast | **Formatter** — security audit report to `docs/reports/` |
250
+
251
+ ---
252
+
253
+ ## Flow Rules
254
+
255
+ | Rule | Detail |
256
+ |------|--------|
257
+ | **Mandatory starts** | Composer always starts in EXPLORE. Prober always starts in TRACE. No skipping. |
258
+ | **Guardrail gates** | Composer: Gate 1 (EXPLORE→PLAN/BUILD), Gate 2 (PLAN→BUILD). Prober: Gate after TRACE. All require user confirmation. |
259
+ | **Gate agents** | Plan-Checker, Reviewer, Auditor — PASS/FAIL + gap list only. No suggestions, no decisions. |
260
+ | **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Probe-Reporter — stateless. Missing input = TBD/NA. Never invent content. |
261
+ | **Fact-finding agents** | Researcher, Inspector, Tracer — facts/inferences/risks only. No recommendations. |
262
+ | **Build gate order** | Coder → Tester → Reviewer → Compose-Reporter. No skipping. No Coder→Coder without verification. |
263
+ | **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Prober AUDIT FAIL: max 5 loops. All surface to you after limit. |
264
+ | **Output directories** | PRDs → `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Probe-Reporter) → `docs/reports/`. Enforced by permissions. |
265
+ | **Independence** | Debugger and Prober are fully standalone — triggered directly, do not flow through Composer. |
266
+
267
+ ---
268
+
269
+ ## Brooks-Lint Methodology (Debugger)
270
+
271
+ The Debugger pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
272
+
273
+ - **Iron Law** per finding: Symptom → Source → Consequence → Remedy
274
+ - **6 Decay Risks (R1–R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
275
+ - **4 Review Modes**: PR Review (R1–R6), Architecture Audit, Tech Debt Assessment (Pain × Spread), Test Quality (T1–T6)
276
+ - **T1–T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
277
+
278
+ ## Principle Hierarchy
279
+
280
+ All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
281
+
282
+ 1. **PRD / Spec** — explicit requirement text
283
+ 2. **Verdict** — Reviewer / Plan-Checker / Auditor PASS/FAIL
284
+ 3. **Engineering principles** — Fail Fast, Single Responsibility
285
+ 4. **Heuristics** — KISS, DRY, SOLID, Law of Demeter
286
+ 5. **Local optimization** — style preference
287
+
288
+ ---
289
+
290
+ ## Install
291
+
292
+ ```sh
293
+ npm install -g pluidr
294
+ ```
295
+
296
+ Or run directly without installing:
297
+
298
+ ```sh
299
+ npx pluidr init
300
+ ```
301
+
302
+ ## Usage
303
+
304
+ ### `pluidr`
305
+
306
+ The everyday command. Runs three steps in sequence:
307
+
308
+ 1. **Update check** — compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
309
+ 2. **Doctor check** — verifies installation health; prompts to repair with `pluidr init` if any checks fail
310
+ 3. **Launch** — spawns `opencode`
311
+
312
+ ### `pluidr init`
313
+
314
+ Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
315
+
316
+ - Asks whether to install the pluidr-squeeze plugin (can decline)
317
+ - Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
318
+ - Backs up any existing config to `opencode.jsonc.bak.*`
319
+ - Writes the new config to `~/.config/opencode/opencode.jsonc`
320
+ - Copies all 18 agent prompt files into `~/.config/opencode/prompts/`
321
+ - Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
322
+ - Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
323
+
324
+ ### `pluidr doctor`
325
+
326
+ Checks installation health and reports ✓/✗ for each component:
327
+
328
+ - `opencode.jsonc` exists
329
+ - All 18 prompt files present
330
+ - Both plugin files present
331
+ - `package.json` with `@opencode-ai/plugin` dependency
332
+ - squeeze binary available
333
+ - Config is valid JSON
334
+
335
+ Exits with code `0` if all pass, `1` if any fail.
336
+
337
+ ### `pluidr update`
338
+
339
+ Checks the npm registry for a newer version of pluidr and prompts to install it.
340
+
341
+ ### `pluidr uninstall`
342
+
343
+ Restores your previous configuration:
344
+
345
+ - Finds the latest timestamped backup and restores it to `opencode.jsonc`
346
+ - Removes `prompts/`, `plugins/`, and `bin/` directories
347
+ - Preserves `opencode.jsonc` and `package.json`
348
+
349
+ ---
350
+
351
+ ## Bundled Plugins
352
+
353
+ ### `pluidr-flow`
354
+
355
+ Provides subagents with cross-session context access:
356
+
357
+ - `parent_session_messages` — read the parent session's transcript
358
+ - `session_messages(sessionId)` — read any session by ID
359
+ - `session_messages_batch(sessionIds)` — read multiple sessions in one call
360
+
361
+ ### `pluidr-squeeze`
362
+
363
+ Hooks into tool execution to rewrite bash commands through the `squeeze` binary, filtering verbose output and saving **60–90% of tokens** across all agents.
364
+
365
+ Both plugins and their dependency declaration are installed automatically by `pluidr init` — no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.