pluidr 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +20 -20
- package/README.md +365 -365
- package/bin/pluidr.js +3 -3
- package/package.json +45 -45
- package/src/cli/commands/doctor.js +113 -101
- package/src/cli/commands/init.js +47 -43
- package/src/cli/commands/launch.js +46 -44
- package/src/cli/commands/uninstall.js +90 -63
- package/src/cli/commands/update.js +6 -6
- package/src/cli/index.js +57 -57
- package/src/cli/wizard/selectModelTier.js +40 -40
- package/src/core/agentPromptWriter.js +32 -32
- package/src/core/agentPromptWriter.test.js +56 -56
- package/src/core/backup.js +46 -40
- package/src/core/configBuilder.js +32 -32
- package/src/core/configBuilder.test.js +93 -93
- package/src/core/configWriter.js +10 -10
- package/src/core/identityHeader.js +8 -8
- package/src/core/paths.js +11 -9
- package/src/core/paths.test.js +29 -21
- package/src/core/pluginWriter.js +29 -29
- package/src/core/squeezeInstaller.js +158 -161
- package/src/core/squeezeInstaller.test.js +79 -75
- package/src/core/themeWriter.js +12 -0
- package/src/core/themeWriter.test.js +29 -0
- package/src/core/tuiConfigWriter.js +22 -0
- package/src/core/tuiConfigWriter.test.js +38 -0
- package/src/core/version.js +8 -8
- package/src/core/versionCheck.js +44 -35
- package/src/core/versionCheck.test.js +12 -2
- package/src/plugins/README.md +68 -68
- package/src/plugins/pluidr-squeeze.js +77 -77
- package/src/templates/agent-prompts/auditor.txt +20 -20
- package/src/templates/agent-prompts/coder.txt +87 -87
- package/src/templates/agent-prompts/compose-reporter.txt +55 -55
- package/src/templates/agent-prompts/composer.txt +429 -430
- package/src/templates/agent-prompts/debug-reporter.txt +65 -65
- package/src/templates/agent-prompts/debugger.txt +152 -151
- package/src/templates/agent-prompts/fixer.txt +66 -66
- package/src/templates/agent-prompts/hierarchy.txt +96 -96
- package/src/templates/agent-prompts/inspector.txt +79 -79
- package/src/templates/agent-prompts/patcher.txt +20 -20
- package/src/templates/agent-prompts/plan-checker.txt +45 -45
- package/src/templates/agent-prompts/plan-writer.txt +57 -57
- package/src/templates/agent-prompts/probe-reporter.txt +62 -62
- package/src/templates/agent-prompts/prober.txt +94 -90
- package/src/templates/agent-prompts/researcher.txt +48 -48
- package/src/templates/agent-prompts/reviewer.txt +57 -57
- package/src/templates/agent-prompts/tester.txt +66 -66
- package/src/templates/agent-prompts/tracer.txt +33 -33
- package/src/templates/model-defaults.json +73 -73
- package/src/templates/opencode.config.json +482 -481
- package/src/templates/themes/pluidr-contrast.json +177 -0
package/README.md
CHANGED
|
@@ -1,365 +1,365 @@
|
|
|
1
|
-
# Pluidr
|
|
2
|
-
|
|
3
|
-
[](https://www.npmjs.com/package/pluidr)
|
|
4
|
-
[](https://www.npmjs.com/package/pluidr)
|
|
5
|
-
[](https://github.com/funara/pluidr/blob/main/LICENSE)
|
|
6
|
-
|
|
7
|
-
** Plan · Build · Review ** — opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## What is Pluidr?
|
|
12
|
-
|
|
13
|
-
Pluidr installs **3 primary agents + 14 subagents** into OpenCode — each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
|
|
14
|
-
|
|
15
|
-
| Primary Agent | Model Tier | Purpose | Subagents |
|
|
16
|
-
|---|---|---|---|
|
|
17
|
-
| **Composer** | 🧠 Reasoning | Feature work — Explore → Plan → Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
|
|
18
|
-
| **Debugger** | 🧠 Reasoning | Bug investigation — Investigate → Fix → Report | Inspector, Fixer, Debug-Reporter |
|
|
19
|
-
| **Prober** | 🧠 Reasoning | Security audit — Trace → Patch → Audit | Tracer, Patcher, Auditor, Probe-Reporter |
|
|
20
|
-
|
|
21
|
-
---
|
|
22
|
-
|
|
23
|
-
## Agent Workflows
|
|
24
|
-
|
|
25
|
-
### 🎼 Composer — Feature Work
|
|
26
|
-
|
|
27
|
-
Composer is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way — no going back without explicit user instruction.
|
|
28
|
-
|
|
29
|
-
```
|
|
30
|
-
You describe a feature / idea
|
|
31
|
-
│
|
|
32
|
-
▼
|
|
33
|
-
┌─────────────────────────────────────────┐
|
|
34
|
-
│ EXPLORE PHASE (mandatory start) │
|
|
35
|
-
│ │
|
|
36
|
-
│ Delegate: Researcher │
|
|
37
|
-
│ → deep codebase + web fact-finding │
|
|
38
|
-
│ → confirmed_facts / inferred_facts / │
|
|
39
|
-
│ unknowns / risks │
|
|
40
|
-
│ │
|
|
41
|
-
│ Composer internally assesses: │
|
|
42
|
-
│ Is this feature simple or complex? │
|
|
43
|
-
└──────────┬──────────────────────────────┘
|
|
44
|
-
│
|
|
45
|
-
┌────────┴────────┐
|
|
46
|
-
│ Simple feature │ Complex feature
|
|
47
|
-
▼ ▼
|
|
48
|
-
GUARDRAIL GATE 1a GUARDRAIL GATE 1b
|
|
49
|
-
"Build directly?" "Write a PRD?"
|
|
50
|
-
│ │
|
|
51
|
-
│ Yes │ Yes
|
|
52
|
-
│ ▼
|
|
53
|
-
│ ┌──────────────────────────────┐
|
|
54
|
-
│ │ PLAN PHASE │
|
|
55
|
-
│ │ │
|
|
56
|
-
│ │ Plan-Writer → docs/plans/ │
|
|
57
|
-
│ │ Plan-Checker validates PRD │
|
|
58
|
-
│ │ PASS/FAIL + gap list only │
|
|
59
|
-
│ │ │
|
|
60
|
-
│ │ FAIL → surface gaps to you │
|
|
61
|
-
│ │ (max 5 loops) │
|
|
62
|
-
│ │ │
|
|
63
|
-
│ │ PASS → GUARDRAIL GATE 2 │
|
|
64
|
-
│ │ "Build from this PRD?" │
|
|
65
|
-
│ └──────────┬───────────────────┘
|
|
66
|
-
│ │ Yes
|
|
67
|
-
└──────────┬──────────┘
|
|
68
|
-
▼
|
|
69
|
-
┌────────────────────────────────────────────┐
|
|
70
|
-
│ BUILD PHASE │
|
|
71
|
-
│ │
|
|
72
|
-
│ Coder → implements from PRD / request │
|
|
73
|
-
│ │ │
|
|
74
|
-
│ ▼ │
|
|
75
|
-
│ Tester → PASS/FAIL/BLOCKED │
|
|
76
|
-
│ │ FAIL → back to Coder (max 5 loops) │
|
|
77
|
-
│ │ PASS ↓ │
|
|
78
|
-
│ ▼ │
|
|
79
|
-
│ Reviewer → PASS/FAIL + gap list │
|
|
80
|
-
│ │ FAIL → back to Coder (max 5 loops) │
|
|
81
|
-
│ │ PASS ↓ │
|
|
82
|
-
│ ▼ │
|
|
83
|
-
│ Compose-Reporter → docs/reports/ │
|
|
84
|
-
└────────────────────────────────────────────┘
|
|
85
|
-
│
|
|
86
|
-
▼
|
|
87
|
-
You review result
|
|
88
|
-
│
|
|
89
|
-
Composer resets → asks: New feature? Debug? Iterate?
|
|
90
|
-
```
|
|
91
|
-
|
|
92
|
-
**Key rules:**
|
|
93
|
-
- Composer has **no read/write/bash permissions** — all work delegated to subagents
|
|
94
|
-
- Phase transition only via guardrail gates — no skipping
|
|
95
|
-
- `Coder → Coder` loops without Tester verification are forbidden
|
|
96
|
-
- 5 consecutive FAILs from Tester or Reviewer → surfaces to you
|
|
97
|
-
|
|
98
|
-
---
|
|
99
|
-
|
|
100
|
-
### 🐛 Debugger — Bug Investigation
|
|
101
|
-
|
|
102
|
-
Debugger is a **standalone primary agent** — does not depend on Composer. Trigger it directly from the Debugger tab whenever you find a bug.
|
|
103
|
-
|
|
104
|
-
```
|
|
105
|
-
You report a bug / defect
|
|
106
|
-
│
|
|
107
|
-
▼
|
|
108
|
-
┌─────────────────────────────────────────────┐
|
|
109
|
-
│ INVESTIGATE PHASE │
|
|
110
|
-
│ │
|
|
111
|
-
│ Delegate: Inspector │
|
|
112
|
-
│ Review mode (Debugger selects): │
|
|
113
|
-
│ · PR Review → classify R1-R6 │
|
|
114
|
-
│ · Architecture → dependency analysis │
|
|
115
|
-
│ · Tech Debt → Pain × Spread score │
|
|
116
|
-
│ · Test Quality → classify T1-T6 │
|
|
117
|
-
│ │
|
|
118
|
-
│ Output: Iron Law chain per finding │
|
|
119
|
-
│ Symptom → Source → Consequence → Remedy │
|
|
120
|
-
└──────────┬──────────────────────────────────┘
|
|
121
|
-
│
|
|
122
|
-
Root cause identified?
|
|
123
|
-
┌────────┴────────┐
|
|
124
|
-
│ Yes │ No / unknowns remain
|
|
125
|
-
▼ ▼
|
|
126
|
-
┌─────────────┐ Halt — surface to you
|
|
127
|
-
│ FIX PHASE │ with specific questions
|
|
128
|
-
│ │
|
|
129
|
-
│ Delegate: │
|
|
130
|
-
│ Fixer │
|
|
131
|
-
│ → minimal │
|
|
132
|
-
│ fix per │
|
|
133
|
-
│ Iron Law │
|
|
134
|
-
└──────┬──────┘
|
|
135
|
-
│
|
|
136
|
-
▼
|
|
137
|
-
┌──────────────────────────────────────┐
|
|
138
|
-
│ REPORT PHASE │
|
|
139
|
-
│ │
|
|
140
|
-
│ Delegate: Debug-Reporter │
|
|
141
|
-
│ → Iron Law diagnosis report │
|
|
142
|
-
│ → saved to docs/reports/ │
|
|
143
|
-
└──────────────────────────────────────┘
|
|
144
|
-
│
|
|
145
|
-
▼
|
|
146
|
-
You review the diagnosis + fix
|
|
147
|
-
│
|
|
148
|
-
Debugger resets → asks: New bug? Feature work? Re-investigate?
|
|
149
|
-
```
|
|
150
|
-
|
|
151
|
-
**Key rules:**
|
|
152
|
-
- Debugger has **no read/write/bash permissions** — all delegated to subagents
|
|
153
|
-
- Never delegates Fixer without Inspector confirming root cause first
|
|
154
|
-
- If unknowns remain after investigation → halts and prompts you, does not guess
|
|
155
|
-
|
|
156
|
-
---
|
|
157
|
-
|
|
158
|
-
### 🔍 Prober — Security Audit
|
|
159
|
-
|
|
160
|
-
Prober is a **standalone primary agent** — does not depend on Composer or Debugger. Trigger it directly from the Prober tab to audit any codebase for security vulnerabilities and quality decay.
|
|
161
|
-
|
|
162
|
-
```
|
|
163
|
-
You trigger a security audit
|
|
164
|
-
│
|
|
165
|
-
▼
|
|
166
|
-
┌───────────────────────────────────────────────────┐
|
|
167
|
-
│ TRACE PHASE (mandatory start) │
|
|
168
|
-
│ │
|
|
169
|
-
│ Delegate: Tracer │
|
|
170
|
-
│ → WSTG-guided breadth-first recon │
|
|
171
|
-
│ → trace data flows: input → path → sink │
|
|
172
|
-
│ │
|
|
173
|
-
│ Output: │
|
|
174
|
-
│ · Confirmed Vulnerabilities (OWASP category, │
|
|
175
|
-
│ location, data flow) │
|
|
176
|
-
│ · Suspected Vulnerabilities (manual verify) │
|
|
177
|
-
│ · Quality & Decay Risks (e.g. hardcoded │
|
|
178
|
-
│ secrets, missing input validation) │
|
|
179
|
-
└──────────┬────────────────────────────────────────┘
|
|
180
|
-
│
|
|
181
|
-
▼
|
|
182
|
-
GUARDRAIL GATE (question tool):
|
|
183
|
-
"Audit findings ready. How to proceed?"
|
|
184
|
-
├── "Patch all confirmed findings" → PATCH PHASE
|
|
185
|
-
├── "Select specific findings" → PATCH PHASE (you pick)
|
|
186
|
-
├── "Audit only — no patches" → AUDIT PHASE (skip PATCH)
|
|
187
|
-
└── "Re-investigate attack surface" → re-delegate Tracer
|
|
188
|
-
│
|
|
189
|
-
▼
|
|
190
|
-
┌──────────────────────────────────────────────────┐
|
|
191
|
-
│ PATCH PHASE (skipped if audit-only) │
|
|
192
|
-
│ │
|
|
193
|
-
│ Delegate: Patcher │
|
|
194
|
-
│ → Ponytail mindset: smallest correct diff │
|
|
195
|
-
│ → prefer deleting the cause over wrapping it │
|
|
196
|
-
│ → escalates to you if patch > 10 lines │
|
|
197
|
-
└──────────┬───────────────────────────────────────┘
|
|
198
|
-
│
|
|
199
|
-
▼
|
|
200
|
-
┌──────────────────────────────────────────────────┐
|
|
201
|
-
│ AUDIT PHASE (max 5 loops) │
|
|
202
|
-
│ │
|
|
203
|
-
│ Delegate: Auditor │
|
|
204
|
-
│ → verify patch resolved vulnerabilities │
|
|
205
|
-
│ → security regression check │
|
|
206
|
-
│ → Ponytail BLOAT analysis (over-engineering) │
|
|
207
|
-
│ │
|
|
208
|
-
│ PASS → proceed to report │
|
|
209
|
-
│ FAIL → re-delegate Patcher with Gap + BLOAT │
|
|
210
|
-
│ lists verbatim (max 5 loops, then you) │
|
|
211
|
-
│ │
|
|
212
|
-
│ Delegate: Probe-Reporter │
|
|
213
|
-
│ → security audit report → docs/reports/ │
|
|
214
|
-
└──────────────────────────────────────────────────┘
|
|
215
|
-
│
|
|
216
|
-
▼
|
|
217
|
-
You review the audit report
|
|
218
|
-
│
|
|
219
|
-
Prober resets → asks: New audit? Feature work? Bug investigation?
|
|
220
|
-
```
|
|
221
|
-
|
|
222
|
-
**Key rules:**
|
|
223
|
-
- Prober has **no read/write/bash permissions** — all delegated to subagents
|
|
224
|
-
- TRACE phase is always mandatory — no patching without recon first
|
|
225
|
-
- GUARDRAIL GATE required before any patches are applied
|
|
226
|
-
- 5 consecutive AUDIT FAILs → surfaces to you
|
|
227
|
-
|
|
228
|
-
---
|
|
229
|
-
|
|
230
|
-
## Subagent Reference
|
|
231
|
-
|
|
232
|
-
Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
|
|
233
|
-
|
|
234
|
-
| Primary | Phase | Subagent | Model Tier | Role |
|
|
235
|
-
|---------|-------|----------|------------|------|
|
|
236
|
-
| Composer | EXPLORE | Researcher | 🧠 Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
|
|
237
|
-
| Composer | PLAN | Plan-Writer | ⚡ Fast | **Formatter** — writes PRD to `docs/plans/`, missing input = TBD |
|
|
238
|
-
| Composer | PLAN | Plan-Checker | 🧠 Reasoning | **Gate** — PASS/FAIL + gap list only, no suggestions |
|
|
239
|
-
| Composer | BUILD | Coder | ⚡ Fast | Implements code from PRD |
|
|
240
|
-
| Composer | BUILD | Tester | 🎯 Precision | PASS/FAIL/BLOCKED + coverage gaps only |
|
|
241
|
-
| Composer | BUILD | Reviewer | 🎯 Precision | **Gate** — PASS/FAIL + gap list only, no suggestions |
|
|
242
|
-
| Composer | BUILD | Compose-Reporter | ⚡ Fast | **Formatter** — completion report to `docs/reports/` |
|
|
243
|
-
| Debugger | INVESTIGATE | Inspector | 🧠 Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
|
|
244
|
-
| Debugger | FIX | Fixer | ⚡ Fast | Minimal, root-cause-targeted fix |
|
|
245
|
-
| Debugger | REPORT | Debug-Reporter | ⚡ Fast | **Formatter** — Iron Law diagnosis report to `docs/reports/` |
|
|
246
|
-
| Prober | TRACE | Tracer | 🎯 Precision | WSTG recon + vuln path tracing, no remedies |
|
|
247
|
-
| Prober | PATCH | Patcher | ⚡ Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
|
|
248
|
-
| Prober | AUDIT | Auditor | 🎯 Precision | **Gate** — PASS/FAIL + Gap List + BLOAT List only |
|
|
249
|
-
| Prober | AUDIT | Probe-Reporter | ⚡ Fast | **Formatter** — security audit report to `docs/reports/` |
|
|
250
|
-
|
|
251
|
-
---
|
|
252
|
-
|
|
253
|
-
## Flow Rules
|
|
254
|
-
|
|
255
|
-
| Rule | Detail |
|
|
256
|
-
|------|--------|
|
|
257
|
-
| **Mandatory starts** | Composer always starts in EXPLORE. Prober always starts in TRACE. No skipping. |
|
|
258
|
-
| **Guardrail gates** | Composer: Gate 1 (EXPLORE→PLAN/BUILD), Gate 2 (PLAN→BUILD). Prober: Gate after TRACE. All require user confirmation. |
|
|
259
|
-
| **Gate agents** | Plan-Checker, Reviewer, Auditor — PASS/FAIL + gap list only. No suggestions, no decisions. |
|
|
260
|
-
| **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Probe-Reporter — stateless. Missing input = TBD/NA. Never invent content. |
|
|
261
|
-
| **Fact-finding agents** | Researcher, Inspector, Tracer — facts/inferences/risks only. No recommendations. |
|
|
262
|
-
| **Build gate order** | Coder → Tester → Reviewer → Compose-Reporter. No skipping. No Coder→Coder without verification. |
|
|
263
|
-
| **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Prober AUDIT FAIL: max 5 loops. All surface to you after limit. |
|
|
264
|
-
| **Output directories** | PRDs → `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Probe-Reporter) → `docs/reports/`. Enforced by permissions. |
|
|
265
|
-
| **Independence** | Debugger and Prober are fully standalone — triggered directly, do not flow through Composer. |
|
|
266
|
-
|
|
267
|
-
---
|
|
268
|
-
|
|
269
|
-
## Brooks-Lint Methodology (Debugger)
|
|
270
|
-
|
|
271
|
-
The Debugger pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
|
|
272
|
-
|
|
273
|
-
- **Iron Law** per finding: Symptom → Source → Consequence → Remedy
|
|
274
|
-
- **6 Decay Risks (R1–R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
|
|
275
|
-
- **4 Review Modes**: PR Review (R1–R6), Architecture Audit, Tech Debt Assessment (Pain × Spread), Test Quality (T1–T6)
|
|
276
|
-
- **T1–T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
|
|
277
|
-
|
|
278
|
-
## Principle Hierarchy
|
|
279
|
-
|
|
280
|
-
All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
|
|
281
|
-
|
|
282
|
-
1. **PRD / Spec** — explicit requirement text
|
|
283
|
-
2. **Verdict** — Reviewer / Plan-Checker / Auditor PASS/FAIL
|
|
284
|
-
3. **Engineering principles** — Fail Fast, Single Responsibility
|
|
285
|
-
4. **Heuristics** — KISS, DRY, SOLID, Law of Demeter
|
|
286
|
-
5. **Local optimization** — style preference
|
|
287
|
-
|
|
288
|
-
---
|
|
289
|
-
|
|
290
|
-
## Install
|
|
291
|
-
|
|
292
|
-
```sh
|
|
293
|
-
npm install -g pluidr
|
|
294
|
-
```
|
|
295
|
-
|
|
296
|
-
Or run directly without installing:
|
|
297
|
-
|
|
298
|
-
```sh
|
|
299
|
-
npx pluidr init
|
|
300
|
-
```
|
|
301
|
-
|
|
302
|
-
## Usage
|
|
303
|
-
|
|
304
|
-
### `pluidr`
|
|
305
|
-
|
|
306
|
-
The everyday command. Runs three steps in sequence:
|
|
307
|
-
|
|
308
|
-
1. **Update check** — compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
|
|
309
|
-
2. **Doctor check** — verifies installation health; prompts to repair with `pluidr init` if any checks fail
|
|
310
|
-
3. **Launch** — spawns `opencode`
|
|
311
|
-
|
|
312
|
-
### `pluidr init`
|
|
313
|
-
|
|
314
|
-
Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
|
|
315
|
-
|
|
316
|
-
- Asks whether to install the pluidr-squeeze plugin (can decline)
|
|
317
|
-
- Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
|
|
318
|
-
- Backs up any existing config to `opencode.jsonc.bak.*`
|
|
319
|
-
- Writes the new config to `~/.config/opencode/opencode.jsonc`
|
|
320
|
-
- Copies all 18 agent prompt files into `~/.config/opencode/prompts/`
|
|
321
|
-
- Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
|
|
322
|
-
- Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
|
|
323
|
-
|
|
324
|
-
### `pluidr doctor`
|
|
325
|
-
|
|
326
|
-
Checks installation health and reports ✓/✗ for each component:
|
|
327
|
-
|
|
328
|
-
- `opencode.jsonc` exists
|
|
329
|
-
- All 18 prompt files present
|
|
330
|
-
- Both plugin files present
|
|
331
|
-
- `package.json` with `@opencode-ai/plugin` dependency
|
|
332
|
-
- squeeze binary available
|
|
333
|
-
- Config is valid JSON
|
|
334
|
-
|
|
335
|
-
Exits with code `0` if all pass, `1` if any fail.
|
|
336
|
-
|
|
337
|
-
### `pluidr update`
|
|
338
|
-
|
|
339
|
-
Checks the npm registry for a newer version of pluidr and prompts to install it.
|
|
340
|
-
|
|
341
|
-
### `pluidr uninstall`
|
|
342
|
-
|
|
343
|
-
Restores your previous configuration:
|
|
344
|
-
|
|
345
|
-
- Finds the latest timestamped backup and restores it to `opencode.jsonc`
|
|
346
|
-
- Removes `prompts/`, `plugins/`, and `bin/` directories
|
|
347
|
-
- Preserves `opencode.jsonc` and `package.json`
|
|
348
|
-
|
|
349
|
-
---
|
|
350
|
-
|
|
351
|
-
## Bundled Plugins
|
|
352
|
-
|
|
353
|
-
### `pluidr-flow`
|
|
354
|
-
|
|
355
|
-
Provides subagents with cross-session context access:
|
|
356
|
-
|
|
357
|
-
- `parent_session_messages` — read the parent session's transcript
|
|
358
|
-
- `session_messages(sessionId)` — read any session by ID
|
|
359
|
-
- `session_messages_batch(sessionIds)` — read multiple sessions in one call
|
|
360
|
-
|
|
361
|
-
### `pluidr-squeeze`
|
|
362
|
-
|
|
363
|
-
Hooks into tool execution to rewrite bash commands through the `squeeze` binary, filtering verbose output and saving **60–90% of tokens** across all agents.
|
|
364
|
-
|
|
365
|
-
Both plugins and their dependency declaration are installed automatically by `pluidr init` — no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.
|
|
1
|
+
# Pluidr
|
|
2
|
+
|
|
3
|
+
[](https://www.npmjs.com/package/pluidr)
|
|
4
|
+
[](https://www.npmjs.com/package/pluidr)
|
|
5
|
+
[](https://github.com/funara/pluidr/blob/main/LICENSE)
|
|
6
|
+
|
|
7
|
+
** Plan · Build · Review ** — opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## What is Pluidr?
|
|
12
|
+
|
|
13
|
+
Pluidr installs **3 primary agents + 14 subagents** into OpenCode — each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
|
|
14
|
+
|
|
15
|
+
| Primary Agent | Model Tier | Purpose | Subagents |
|
|
16
|
+
|---|---|---|---|
|
|
17
|
+
| **Composer** | 🧠 Reasoning | Feature work — Explore → Plan → Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
|
|
18
|
+
| **Debugger** | 🧠 Reasoning | Bug investigation — Investigate → Fix → Report | Inspector, Fixer, Debug-Reporter |
|
|
19
|
+
| **Prober** | 🧠 Reasoning | Security audit — Trace → Patch → Audit | Tracer, Patcher, Auditor, Probe-Reporter |
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## Agent Workflows
|
|
24
|
+
|
|
25
|
+
### 🎼 Composer — Feature Work
|
|
26
|
+
|
|
27
|
+
Composer is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way — no going back without explicit user instruction.
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
You describe a feature / idea
|
|
31
|
+
│
|
|
32
|
+
▼
|
|
33
|
+
┌─────────────────────────────────────────┐
|
|
34
|
+
│ EXPLORE PHASE (mandatory start) │
|
|
35
|
+
│ │
|
|
36
|
+
│ Delegate: Researcher │
|
|
37
|
+
│ → deep codebase + web fact-finding │
|
|
38
|
+
│ → confirmed_facts / inferred_facts / │
|
|
39
|
+
│ unknowns / risks │
|
|
40
|
+
│ │
|
|
41
|
+
│ Composer internally assesses: │
|
|
42
|
+
│ Is this feature simple or complex? │
|
|
43
|
+
└──────────┬──────────────────────────────┘
|
|
44
|
+
│
|
|
45
|
+
┌────────┴────────┐
|
|
46
|
+
│ Simple feature │ Complex feature
|
|
47
|
+
▼ ▼
|
|
48
|
+
GUARDRAIL GATE 1a GUARDRAIL GATE 1b
|
|
49
|
+
"Build directly?" "Write a PRD?"
|
|
50
|
+
│ │
|
|
51
|
+
│ Yes │ Yes
|
|
52
|
+
│ ▼
|
|
53
|
+
│ ┌──────────────────────────────┐
|
|
54
|
+
│ │ PLAN PHASE │
|
|
55
|
+
│ │ │
|
|
56
|
+
│ │ Plan-Writer → docs/plans/ │
|
|
57
|
+
│ │ Plan-Checker validates PRD │
|
|
58
|
+
│ │ PASS/FAIL + gap list only │
|
|
59
|
+
│ │ │
|
|
60
|
+
│ │ FAIL → surface gaps to you │
|
|
61
|
+
│ │ (max 5 loops) │
|
|
62
|
+
│ │ │
|
|
63
|
+
│ │ PASS → GUARDRAIL GATE 2 │
|
|
64
|
+
│ │ "Build from this PRD?" │
|
|
65
|
+
│ └──────────┬───────────────────┘
|
|
66
|
+
│ │ Yes
|
|
67
|
+
└──────────┬──────────┘
|
|
68
|
+
▼
|
|
69
|
+
┌────────────────────────────────────────────┐
|
|
70
|
+
│ BUILD PHASE │
|
|
71
|
+
│ │
|
|
72
|
+
│ Coder → implements from PRD / request │
|
|
73
|
+
│ │ │
|
|
74
|
+
│ ▼ │
|
|
75
|
+
│ Tester → PASS/FAIL/BLOCKED │
|
|
76
|
+
│ │ FAIL → back to Coder (max 5 loops) │
|
|
77
|
+
│ │ PASS ↓ │
|
|
78
|
+
│ ▼ │
|
|
79
|
+
│ Reviewer → PASS/FAIL + gap list │
|
|
80
|
+
│ │ FAIL → back to Coder (max 5 loops) │
|
|
81
|
+
│ │ PASS ↓ │
|
|
82
|
+
│ ▼ │
|
|
83
|
+
│ Compose-Reporter → docs/reports/ │
|
|
84
|
+
└────────────────────────────────────────────┘
|
|
85
|
+
│
|
|
86
|
+
▼
|
|
87
|
+
You review result
|
|
88
|
+
│
|
|
89
|
+
Composer resets → asks: New feature? Debug? Iterate?
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
**Key rules:**
|
|
93
|
+
- Composer has **no read/write/bash permissions** — all work delegated to subagents
|
|
94
|
+
- Phase transition only via guardrail gates — no skipping
|
|
95
|
+
- `Coder → Coder` loops without Tester verification are forbidden
|
|
96
|
+
- 5 consecutive FAILs from Tester or Reviewer → surfaces to you
|
|
97
|
+
|
|
98
|
+
---
|
|
99
|
+
|
|
100
|
+
### 🐛 Debugger — Bug Investigation
|
|
101
|
+
|
|
102
|
+
Debugger is a **standalone primary agent** — does not depend on Composer. Trigger it directly from the Debugger tab whenever you find a bug.
|
|
103
|
+
|
|
104
|
+
```
|
|
105
|
+
You report a bug / defect
|
|
106
|
+
│
|
|
107
|
+
▼
|
|
108
|
+
┌─────────────────────────────────────────────┐
|
|
109
|
+
│ INVESTIGATE PHASE │
|
|
110
|
+
│ │
|
|
111
|
+
│ Delegate: Inspector │
|
|
112
|
+
│ Review mode (Debugger selects): │
|
|
113
|
+
│ · PR Review → classify R1-R6 │
|
|
114
|
+
│ · Architecture → dependency analysis │
|
|
115
|
+
│ · Tech Debt → Pain × Spread score │
|
|
116
|
+
│ · Test Quality → classify T1-T6 │
|
|
117
|
+
│ │
|
|
118
|
+
│ Output: Iron Law chain per finding │
|
|
119
|
+
│ Symptom → Source → Consequence → Remedy │
|
|
120
|
+
└──────────┬──────────────────────────────────┘
|
|
121
|
+
│
|
|
122
|
+
Root cause identified?
|
|
123
|
+
┌────────┴────────┐
|
|
124
|
+
│ Yes │ No / unknowns remain
|
|
125
|
+
▼ ▼
|
|
126
|
+
┌─────────────┐ Halt — surface to you
|
|
127
|
+
│ FIX PHASE │ with specific questions
|
|
128
|
+
│ │
|
|
129
|
+
│ Delegate: │
|
|
130
|
+
│ Fixer │
|
|
131
|
+
│ → minimal │
|
|
132
|
+
│ fix per │
|
|
133
|
+
│ Iron Law │
|
|
134
|
+
└──────┬──────┘
|
|
135
|
+
│
|
|
136
|
+
▼
|
|
137
|
+
┌──────────────────────────────────────┐
|
|
138
|
+
│ REPORT PHASE │
|
|
139
|
+
│ │
|
|
140
|
+
│ Delegate: Debug-Reporter │
|
|
141
|
+
│ → Iron Law diagnosis report │
|
|
142
|
+
│ → saved to docs/reports/ │
|
|
143
|
+
└──────────────────────────────────────┘
|
|
144
|
+
│
|
|
145
|
+
▼
|
|
146
|
+
You review the diagnosis + fix
|
|
147
|
+
│
|
|
148
|
+
Debugger resets → asks: New bug? Feature work? Re-investigate?
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
**Key rules:**
|
|
152
|
+
- Debugger has **no read/write/bash permissions** — all delegated to subagents
|
|
153
|
+
- Never delegates Fixer without Inspector confirming root cause first
|
|
154
|
+
- If unknowns remain after investigation → halts and prompts you, does not guess
|
|
155
|
+
|
|
156
|
+
---
|
|
157
|
+
|
|
158
|
+
### 🔍 Prober — Security Audit
|
|
159
|
+
|
|
160
|
+
Prober is a **standalone primary agent** — does not depend on Composer or Debugger. Trigger it directly from the Prober tab to audit any codebase for security vulnerabilities and quality decay.
|
|
161
|
+
|
|
162
|
+
```
|
|
163
|
+
You trigger a security audit
|
|
164
|
+
│
|
|
165
|
+
▼
|
|
166
|
+
┌───────────────────────────────────────────────────┐
|
|
167
|
+
│ TRACE PHASE (mandatory start) │
|
|
168
|
+
│ │
|
|
169
|
+
│ Delegate: Tracer │
|
|
170
|
+
│ → WSTG-guided breadth-first recon │
|
|
171
|
+
│ → trace data flows: input → path → sink │
|
|
172
|
+
│ │
|
|
173
|
+
│ Output: │
|
|
174
|
+
│ · Confirmed Vulnerabilities (OWASP category, │
|
|
175
|
+
│ location, data flow) │
|
|
176
|
+
│ · Suspected Vulnerabilities (manual verify) │
|
|
177
|
+
│ · Quality & Decay Risks (e.g. hardcoded │
|
|
178
|
+
│ secrets, missing input validation) │
|
|
179
|
+
└──────────┬────────────────────────────────────────┘
|
|
180
|
+
│
|
|
181
|
+
▼
|
|
182
|
+
GUARDRAIL GATE (question tool):
|
|
183
|
+
"Audit findings ready. How to proceed?"
|
|
184
|
+
├── "Patch all confirmed findings" → PATCH PHASE
|
|
185
|
+
├── "Select specific findings" → PATCH PHASE (you pick)
|
|
186
|
+
├── "Audit only — no patches" → AUDIT PHASE (skip PATCH)
|
|
187
|
+
└── "Re-investigate attack surface" → re-delegate Tracer
|
|
188
|
+
│
|
|
189
|
+
▼
|
|
190
|
+
┌──────────────────────────────────────────────────┐
|
|
191
|
+
│ PATCH PHASE (skipped if audit-only) │
|
|
192
|
+
│ │
|
|
193
|
+
│ Delegate: Patcher │
|
|
194
|
+
│ → Ponytail mindset: smallest correct diff │
|
|
195
|
+
│ → prefer deleting the cause over wrapping it │
|
|
196
|
+
│ → escalates to you if patch > 10 lines │
|
|
197
|
+
└──────────┬───────────────────────────────────────┘
|
|
198
|
+
│
|
|
199
|
+
▼
|
|
200
|
+
┌──────────────────────────────────────────────────┐
|
|
201
|
+
│ AUDIT PHASE (max 5 loops) │
|
|
202
|
+
│ │
|
|
203
|
+
│ Delegate: Auditor │
|
|
204
|
+
│ → verify patch resolved vulnerabilities │
|
|
205
|
+
│ → security regression check │
|
|
206
|
+
│ → Ponytail BLOAT analysis (over-engineering) │
|
|
207
|
+
│ │
|
|
208
|
+
│ PASS → proceed to report │
|
|
209
|
+
│ FAIL → re-delegate Patcher with Gap + BLOAT │
|
|
210
|
+
│ lists verbatim (max 5 loops, then you) │
|
|
211
|
+
│ │
|
|
212
|
+
│ Delegate: Probe-Reporter │
|
|
213
|
+
│ → security audit report → docs/reports/ │
|
|
214
|
+
└──────────────────────────────────────────────────┘
|
|
215
|
+
│
|
|
216
|
+
▼
|
|
217
|
+
You review the audit report
|
|
218
|
+
│
|
|
219
|
+
Prober resets → asks: New audit? Feature work? Bug investigation?
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
**Key rules:**
|
|
223
|
+
- Prober has **no read/write/bash permissions** — all delegated to subagents
|
|
224
|
+
- TRACE phase is always mandatory — no patching without recon first
|
|
225
|
+
- GUARDRAIL GATE required before any patches are applied
|
|
226
|
+
- 5 consecutive AUDIT FAILs → surfaces to you
|
|
227
|
+
|
|
228
|
+
---
|
|
229
|
+
|
|
230
|
+
## Subagent Reference
|
|
231
|
+
|
|
232
|
+
Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
|
|
233
|
+
|
|
234
|
+
| Primary | Phase | Subagent | Model Tier | Role |
|
|
235
|
+
|---------|-------|----------|------------|------|
|
|
236
|
+
| Composer | EXPLORE | Researcher | 🧠 Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
|
|
237
|
+
| Composer | PLAN | Plan-Writer | ⚡ Fast | **Formatter** — writes PRD to `docs/plans/`, missing input = TBD |
|
|
238
|
+
| Composer | PLAN | Plan-Checker | 🧠 Reasoning | **Gate** — PASS/FAIL + gap list only, no suggestions |
|
|
239
|
+
| Composer | BUILD | Coder | ⚡ Fast | Implements code from PRD |
|
|
240
|
+
| Composer | BUILD | Tester | 🎯 Precision | PASS/FAIL/BLOCKED + coverage gaps only |
|
|
241
|
+
| Composer | BUILD | Reviewer | 🎯 Precision | **Gate** — PASS/FAIL + gap list only, no suggestions |
|
|
242
|
+
| Composer | BUILD | Compose-Reporter | ⚡ Fast | **Formatter** — completion report to `docs/reports/` |
|
|
243
|
+
| Debugger | INVESTIGATE | Inspector | 🧠 Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
|
|
244
|
+
| Debugger | FIX | Fixer | ⚡ Fast | Minimal, root-cause-targeted fix |
|
|
245
|
+
| Debugger | REPORT | Debug-Reporter | ⚡ Fast | **Formatter** — Iron Law diagnosis report to `docs/reports/` |
|
|
246
|
+
| Prober | TRACE | Tracer | 🎯 Precision | WSTG recon + vuln path tracing, no remedies |
|
|
247
|
+
| Prober | PATCH | Patcher | ⚡ Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
|
|
248
|
+
| Prober | AUDIT | Auditor | 🎯 Precision | **Gate** — PASS/FAIL + Gap List + BLOAT List only |
|
|
249
|
+
| Prober | AUDIT | Probe-Reporter | ⚡ Fast | **Formatter** — security audit report to `docs/reports/` |
|
|
250
|
+
|
|
251
|
+
---
|
|
252
|
+
|
|
253
|
+
## Flow Rules
|
|
254
|
+
|
|
255
|
+
| Rule | Detail |
|
|
256
|
+
|------|--------|
|
|
257
|
+
| **Mandatory starts** | Composer always starts in EXPLORE. Prober always starts in TRACE. No skipping. |
|
|
258
|
+
| **Guardrail gates** | Composer: Gate 1 (EXPLORE→PLAN/BUILD), Gate 2 (PLAN→BUILD). Prober: Gate after TRACE. All require user confirmation. |
|
|
259
|
+
| **Gate agents** | Plan-Checker, Reviewer, Auditor — PASS/FAIL + gap list only. No suggestions, no decisions. |
|
|
260
|
+
| **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Probe-Reporter — stateless. Missing input = TBD/NA. Never invent content. |
|
|
261
|
+
| **Fact-finding agents** | Researcher, Inspector, Tracer — facts/inferences/risks only. No recommendations. |
|
|
262
|
+
| **Build gate order** | Coder → Tester → Reviewer → Compose-Reporter. No skipping. No Coder→Coder without verification. |
|
|
263
|
+
| **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Prober AUDIT FAIL: max 5 loops. All surface to you after limit. |
|
|
264
|
+
| **Output directories** | PRDs → `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Probe-Reporter) → `docs/reports/`. Enforced by permissions. |
|
|
265
|
+
| **Independence** | Debugger and Prober are fully standalone — triggered directly, do not flow through Composer. |
|
|
266
|
+
|
|
267
|
+
---
|
|
268
|
+
|
|
269
|
+
## Brooks-Lint Methodology (Debugger)
|
|
270
|
+
|
|
271
|
+
The Debugger pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
|
|
272
|
+
|
|
273
|
+
- **Iron Law** per finding: Symptom → Source → Consequence → Remedy
|
|
274
|
+
- **6 Decay Risks (R1–R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
|
|
275
|
+
- **4 Review Modes**: PR Review (R1–R6), Architecture Audit, Tech Debt Assessment (Pain × Spread), Test Quality (T1–T6)
|
|
276
|
+
- **T1–T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
|
|
277
|
+
|
|
278
|
+
## Principle Hierarchy
|
|
279
|
+
|
|
280
|
+
All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
|
|
281
|
+
|
|
282
|
+
1. **PRD / Spec** — explicit requirement text
|
|
283
|
+
2. **Verdict** — Reviewer / Plan-Checker / Auditor PASS/FAIL
|
|
284
|
+
3. **Engineering principles** — Fail Fast, Single Responsibility
|
|
285
|
+
4. **Heuristics** — KISS, DRY, SOLID, Law of Demeter
|
|
286
|
+
5. **Local optimization** — style preference
|
|
287
|
+
|
|
288
|
+
---
|
|
289
|
+
|
|
290
|
+
## Install
|
|
291
|
+
|
|
292
|
+
```sh
|
|
293
|
+
npm install -g pluidr
|
|
294
|
+
```
|
|
295
|
+
|
|
296
|
+
Or run directly without installing:
|
|
297
|
+
|
|
298
|
+
```sh
|
|
299
|
+
npx pluidr init
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
## Usage
|
|
303
|
+
|
|
304
|
+
### `pluidr`
|
|
305
|
+
|
|
306
|
+
The everyday command. Runs three steps in sequence:
|
|
307
|
+
|
|
308
|
+
1. **Update check** — compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
|
|
309
|
+
2. **Doctor check** — verifies installation health; prompts to repair with `pluidr init` if any checks fail
|
|
310
|
+
3. **Launch** — spawns `opencode`
|
|
311
|
+
|
|
312
|
+
### `pluidr init`
|
|
313
|
+
|
|
314
|
+
Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
|
|
315
|
+
|
|
316
|
+
- Asks whether to install the pluidr-squeeze plugin (can decline)
|
|
317
|
+
- Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
|
|
318
|
+
- Backs up any existing config to `opencode.jsonc.bak.*`
|
|
319
|
+
- Writes the new config to `~/.config/opencode/opencode.jsonc`
|
|
320
|
+
- Copies all 18 agent prompt files into `~/.config/opencode/prompts/`
|
|
321
|
+
- Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
|
|
322
|
+
- Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
|
|
323
|
+
|
|
324
|
+
### `pluidr doctor`
|
|
325
|
+
|
|
326
|
+
Checks installation health and reports ✓/✗ for each component:
|
|
327
|
+
|
|
328
|
+
- `opencode.jsonc` exists
|
|
329
|
+
- All 18 prompt files present
|
|
330
|
+
- Both plugin files present
|
|
331
|
+
- `package.json` with `@opencode-ai/plugin` dependency
|
|
332
|
+
- squeeze binary available
|
|
333
|
+
- Config is valid JSON
|
|
334
|
+
|
|
335
|
+
Exits with code `0` if all pass, `1` if any fail.
|
|
336
|
+
|
|
337
|
+
### `pluidr update`
|
|
338
|
+
|
|
339
|
+
Checks the npm registry for a newer version of pluidr and prompts to install it.
|
|
340
|
+
|
|
341
|
+
### `pluidr uninstall`
|
|
342
|
+
|
|
343
|
+
Restores your previous configuration:
|
|
344
|
+
|
|
345
|
+
- Finds the latest timestamped backup and restores it to `opencode.jsonc`
|
|
346
|
+
- Removes `prompts/`, `plugins/`, and `bin/` directories
|
|
347
|
+
- Preserves `opencode.jsonc` and `package.json`
|
|
348
|
+
|
|
349
|
+
---
|
|
350
|
+
|
|
351
|
+
## Bundled Plugins
|
|
352
|
+
|
|
353
|
+
### `pluidr-flow`
|
|
354
|
+
|
|
355
|
+
Provides subagents with cross-session context access:
|
|
356
|
+
|
|
357
|
+
- `parent_session_messages` — read the parent session's transcript
|
|
358
|
+
- `session_messages(sessionId)` — read any session by ID
|
|
359
|
+
- `session_messages_batch(sessionIds)` — read multiple sessions in one call
|
|
360
|
+
|
|
361
|
+
### `pluidr-squeeze`
|
|
362
|
+
|
|
363
|
+
Hooks into tool execution to rewrite bash commands through the `squeeze` binary, filtering verbose output and saving **60–90% of tokens** across all agents.
|
|
364
|
+
|
|
365
|
+
Both plugins and their dependency declaration are installed automatically by `pluidr init` — no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.
|