pluidr 0.7.5 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/LICENSE +20 -20
  2. package/README.md +408 -364
  3. package/bin/pluidr.js +3 -3
  4. package/package.json +1 -1
  5. package/src/cli/commands/doctor.js +137 -134
  6. package/src/cli/commands/init.js +134 -47
  7. package/src/cli/commands/launch.js +101 -50
  8. package/src/cli/commands/theme.js +67 -0
  9. package/src/cli/commands/theme.test.js +28 -0
  10. package/src/cli/commands/uninstall.js +103 -90
  11. package/src/cli/commands/update.js +9 -9
  12. package/src/cli/index.js +63 -57
  13. package/src/cli/wizard/selectModelTier.js +40 -40
  14. package/src/core/agentPromptWriter.js +45 -32
  15. package/src/core/agentPromptWriter.test.js +56 -56
  16. package/src/core/animation.js +83 -0
  17. package/src/core/animation.test.js +118 -0
  18. package/src/core/backup.js +46 -46
  19. package/src/core/commandsWriter.js +26 -0
  20. package/src/core/commandsWriter.test.js +29 -0
  21. package/src/core/configBuilder.js +32 -32
  22. package/src/core/configBuilder.test.js +93 -93
  23. package/src/core/configWriter.js +10 -10
  24. package/src/core/configWriter.test.js +1 -1
  25. package/src/core/identityHeader.js +8 -8
  26. package/src/core/paths.js +13 -11
  27. package/src/core/paths.test.js +33 -29
  28. package/src/core/pluginWriter.js +43 -29
  29. package/src/core/skillsWriter.js +21 -0
  30. package/src/core/skillsWriter.test.js +30 -0
  31. package/src/core/squeezeInstaller.js +158 -158
  32. package/src/core/squeezeInstaller.test.js +79 -79
  33. package/src/core/themeWriter.js +18 -4
  34. package/src/core/themeWriter.test.js +2 -2
  35. package/src/core/tuiConfigWriter.js +3 -2
  36. package/src/core/tuiConfigWriter.test.js +4 -4
  37. package/src/core/version.js +8 -8
  38. package/src/core/versionCheck.js +44 -44
  39. package/src/plugins/README.md +57 -68
  40. package/src/plugins/pluidr-squeeze.js +77 -77
  41. package/src/templates/agent-prompts/analyze.txt +49 -0
  42. package/src/templates/agent-prompts/auditor.txt +20 -20
  43. package/src/templates/agent-prompts/builder.txt +10 -0
  44. package/src/templates/agent-prompts/coder.txt +87 -87
  45. package/src/templates/agent-prompts/compose-reporter.txt +55 -55
  46. package/src/templates/agent-prompts/compose.txt +50 -0
  47. package/src/templates/agent-prompts/composer.txt +414 -420
  48. package/src/templates/agent-prompts/debug-reporter.txt +65 -65
  49. package/src/templates/agent-prompts/debug.txt +49 -0
  50. package/src/templates/agent-prompts/debugger.txt +149 -144
  51. package/src/templates/agent-prompts/explorer.txt +10 -0
  52. package/src/templates/agent-prompts/fixer.txt +66 -66
  53. package/src/templates/agent-prompts/hierarchy.txt +101 -96
  54. package/src/templates/agent-prompts/inspector.txt +79 -79
  55. package/src/templates/agent-prompts/patcher.txt +20 -20
  56. package/src/templates/agent-prompts/plan-checker.txt +45 -45
  57. package/src/templates/agent-prompts/plan-writer.txt +57 -57
  58. package/src/templates/agent-prompts/probe-reporter.txt +62 -62
  59. package/src/templates/agent-prompts/prober.txt +93 -87
  60. package/src/templates/agent-prompts/reporter.txt +10 -0
  61. package/src/templates/agent-prompts/researcher.txt +48 -48
  62. package/src/templates/agent-prompts/reviewer.txt +57 -57
  63. package/src/templates/agent-prompts/tester.txt +66 -66
  64. package/src/templates/agent-prompts/tracer.txt +33 -33
  65. package/src/templates/agent-prompts/verifier.txt +10 -0
  66. package/src/templates/commands/squeeze-dashboard.md +5 -0
  67. package/src/templates/commands/squeeze-health.md +10 -0
  68. package/src/templates/commands/squeeze-quick.md +10 -0
  69. package/src/templates/model-defaults.json +59 -73
  70. package/src/templates/opencode.config.json +243 -572
  71. package/src/templates/skills/brooks-lint-rca/SKILL.md +48 -0
  72. package/src/templates/skills/codebase-fact-finding/SKILL.md +39 -0
  73. package/src/templates/skills/diff-review/SKILL.md +42 -0
  74. package/src/templates/skills/general-coding/SKILL.md +44 -0
  75. package/src/templates/skills/minimal-fixing/SKILL.md +25 -0
  76. package/src/templates/skills/plan-checking/SKILL.md +33 -0
  77. package/src/templates/skills/ponytail-patching/SKILL.md +20 -0
  78. package/src/templates/skills/prd-formatting/SKILL.md +45 -0
  79. package/src/templates/skills/refactoring-patterns/SKILL.md +37 -0
  80. package/src/templates/skills/security-auditing/SKILL.md +35 -0
  81. package/src/templates/skills/security-remediation/SKILL.md +37 -0
  82. package/src/templates/skills/summary-reporting/SKILL.md +83 -0
  83. package/src/templates/skills/test-assurance/SKILL.md +48 -0
  84. package/src/templates/skills/test-mocking-strategy/SKILL.md +18 -0
  85. package/src/templates/skills/ui-design-audit/SKILL.md +23 -0
  86. package/src/templates/skills/ui-design-system/SKILL.md +37 -0
  87. package/src/templates/skills/wstg-recon/SKILL.md +33 -0
  88. package/src/templates/themes/pluidr-colorful.json +241 -0
  89. package/src/templates/themes/pluidr-dark.json +177 -0
  90. package/src/templates/themes/pluidr-light.json +241 -0
package/README.md CHANGED
@@ -1,364 +1,408 @@
1
- # Pluidr
2
-
3
- [![npm version](https://img.shields.io/npm/v/pluidr)](https://www.npmjs.com/package/pluidr)
4
- [![npm downloads](https://img.shields.io/npm/dm/pluidr)](https://www.npmjs.com/package/pluidr)
5
- [![License](https://img.shields.io/npm/l/pluidr)](https://github.com/funara/pluidr/blob/main/LICENSE)
6
-
7
- ** Plan · Build · Review ** opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
8
-
9
- ---
10
-
11
- ## What is Pluidr?
12
-
13
- Pluidr installs **3 primary agents + 14 subagents** into OpenCode — each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
14
-
15
- | Primary Agent | Purpose | Subagents |
16
- |---|---|---|
17
- | **Composer** | Feature work — Explore → Plan → Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
18
- | **Debugger** | Bug investigation — Investigate → Fix → Report | Inspector, Fixer, Debug-Reporter |
19
- | **Prober** | Security audit — Trace → Patch → Audit | Tracer, Patcher, Auditor, Probe-Reporter |
20
-
21
- ---
22
-
23
- ## Agent Workflows
24
-
25
- ### 🎼 Composer — Feature Work
26
-
27
- Composer is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way — no going back without explicit user instruction.
28
-
29
- ```
30
- You describe a feature / idea
31
-
32
-
33
- ┌─────────────────────────────────────────┐
34
- │ EXPLORE PHASE (mandatory start) │
35
- │ │
36
- │ Delegate: Researcher │
37
- │ → deep codebase + web fact-finding │
38
- │ → confirmed-inferred facts / risks │
39
- │ │
40
- │ Composer internally assesses: │
41
- │ Is this feature simple or complex? │
42
- └──────────┬──────────────────────────────┘
43
-
44
- ┌────────┴───────────────┐
45
- │ Simple feature │ Complex feature
46
- ▼ ▼
47
- GUARDRAIL GATE 1a GUARDRAIL GATE 1b
48
- "Build directly?" "Write a PRD?"
49
- │ │
50
- │ Yes │ Yes
51
- │ ▼
52
- │ ┌──────────────────────────────┐
53
- │ │ PLAN PHASE │
54
- │ │ │
55
- │ │ Plan-Writer docs/plans/ │
56
- │ │ Plan-Checker validates PRD │
57
- │ │ PASS/FAIL + gap list only │
58
- │ │ │
59
- │ │ FAIL → surface gaps to you │
60
- │ │ (max 5 loops) │
61
- │ │ │
62
- │ │ PASS → GUARDRAIL GATE 2 │
63
- │ │ "Build from this PRD?" │
64
- │ └─────────────┬────────────────┘
65
- │ │ Yes
66
- └──────────┬─────────────┘
67
-
68
- ┌────────────────────────────────────────────┐
69
- │ BUILD PHASE │
70
- │ │
71
- Coder implements from PRD / request
72
- │ │ │
73
- │ ▼ │
74
- │ Tester → PASS/FAIL/BLOCKED │
75
- │ │ FAIL back to Coder (max 5 loops) │
76
- │ │ PASS ↓ │
77
- │ ▼ │
78
- │ Reviewer PASS/FAIL + gap list │
79
- │ │ FAIL → back to Coder (max 5 loops) │
80
- │ │ PASS ↓ │
81
- │ ▼ │
82
- │ Compose-Reporter → docs/reports/
83
- └────────────────────────────────────────────┘
84
-
85
-
86
- You review result
87
-
88
- Composer resets → asks: New feature? Debug? Iterate?
89
- ```
90
-
91
- **Key rules:**
92
- - Composer has **no read/write/bash permissions** — all work delegated to subagents
93
- - Phase transition only via guardrail gates — no skipping
94
- - `Coder → Coder` loops without Tester verification are forbidden
95
- - 5 consecutive FAILs from Tester or Reviewer → surfaces to you
96
-
97
- ---
98
-
99
- ### 🐛 Debugger — Bug Investigation
100
-
101
- Debugger is a **standalone primary agent** — does not depend on Composer. Trigger it directly from the Debugger tab whenever you find a bug.
102
-
103
- ```
104
- You report a bug / defect
105
-
106
-
107
- ┌─────────────────────────────────────────────┐
108
- INVESTIGATE PHASE │
109
- │ │
110
- │ Delegate: Inspector │
111
- │ Review mode (Debugger selects): │
112
- · PR Review → classify R1-R6 │
113
- │ · Architecture → dependency analysis │
114
- │ · Tech Debt → Pain × Spread score │
115
- │ · Test Quality → classify T1-T6 │
116
- │ │
117
- │ Output: Iron Law chain per finding │
118
- │ Symptom Source Consequence Remedy │
119
- └──────────┬──────────────────────────────────┘
120
-
121
- Root cause identified?
122
- ┌────────┴────────┐
123
- Yes │ No / unknowns remain
124
- ▼ ▼
125
- ┌─────────────┐ Halt surface to you
126
- │ FIX PHASE │ with specific questions
127
- │ │
128
- │ Delegate: │
129
- │ Fixer │
130
- │ → minimal │
131
- │ fix per │
132
- │ Iron Law │
133
- └──────┬──────┘
134
-
135
-
136
- ┌──────────────────────────────────────┐
137
- │ REPORT PHASE │
138
- │ │
139
- │ Delegate: Debug-Reporter │
140
- │ → Iron Law diagnosis report │
141
- │ → saved to docs/reports/ │
142
- └──────────────────────────────────────┘
143
-
144
-
145
- You review the diagnosis + fix
146
-
147
- Debugger resets asks: New bug? Feature work? Re-investigate?
148
- ```
149
-
150
- **Key rules:**
151
- - Debugger has **no read/write/bash permissions** all delegated to subagents
152
- - Never delegates Fixer without Inspector confirming root cause first
153
- - If unknowns remain after investigation → halts and prompts you, does not guess
154
-
155
- ---
156
-
157
- ### 🔍 Prober — Security Audit
158
-
159
- Prober is a **standalone primary agent** — does not depend on Composer or Debugger. Trigger it directly from the Prober tab to audit any codebase for security vulnerabilities and quality decay.
160
-
161
- ```
162
- You trigger a security audit
163
-
164
-
165
- ┌───────────────────────────────────────────────────┐
166
- │ TRACE PHASE (mandatory start) │
167
- │ │
168
- Delegate: Tracer │
169
- │ → WSTG-guided breadth-first recon │
170
- → trace data flows: input → path → sink │
171
- │ │
172
- Output: │
173
- │ · Confirmed Vulnerabilities (OWASP category, │
174
- │ location, data flow) │
175
- │ · Suspected Vulnerabilities (manual verify) │
176
- │ · Quality & Decay Risks (e.g. hardcoded │
177
- │ secrets, missing input validation) │
178
- └──────────┬────────────────────────────────────────┘
179
-
180
-
181
- GUARDRAIL GATE (question tool):
182
- "Audit findings ready. How to proceed?"
183
- ├── "Patch all confirmed findings" → PATCH PHASE
184
- ├── "Select specific findings" → PATCH PHASE (you pick)
185
- ├── "Audit only no patches" → AUDIT PHASE (skip PATCH)
186
- └── "Re-investigate attack surface" → re-delegate Tracer
187
-
188
-
189
- ┌──────────────────────────────────────────────────┐
190
- │ PATCH PHASE (skipped if audit-only) │
191
- │ │
192
- │ Delegate: Patcher │
193
- │ → Ponytail mindset: smallest correct diff │
194
- │ → prefer deleting the cause over wrapping it │
195
- │ → escalates to you if patch > 10 lines │
196
- └──────────┬───────────────────────────────────────┘
197
-
198
-
199
- ┌──────────────────────────────────────────────────┐
200
- │ AUDIT PHASE (max 5 loops) │
201
- │ │
202
- Delegate: Auditor │
203
- │ → verify patch resolved vulnerabilities │
204
- security regression check │
205
- Ponytail BLOAT analysis (over-engineering) │
206
- │ │
207
- PASS → proceed to report │
208
- FAIL → re-delegate Patcher with Gap + BLOAT │
209
- │ lists verbatim (max 5 loops, then you)
210
- │ │
211
- Delegate: Probe-Reporter │
212
- │ → security audit report → docs/reports/ │
213
- └──────────────────────────────────────────────────┘
214
-
215
-
216
- You review the audit report
217
-
218
- Prober resets asks: New audit? Feature work? Bug investigation?
219
- ```
220
-
221
- **Key rules:**
222
- - Prober has **no read/write/bash permissions** — all delegated to subagents
223
- - TRACE phase is always mandatory — no patching without recon first
224
- - GUARDRAIL GATE required before any patches are applied
225
- - 5 consecutive AUDIT FAILs → surfaces to you
226
-
227
- ---
228
-
229
- ## Subagent Reference
230
-
231
- Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
232
-
233
- | Primary | Phase | Subagent | Model Tier | Role |
234
- |---------|-------|----------|------------|------|
235
- | Composer | EXPLORE | Researcher | 🧠 Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
236
- | Composer | PLAN | Plan-Writer | ⚡ Fast | **Formatter** — writes PRD to `docs/plans/`, missing input = TBD |
237
- | Composer | PLAN | Plan-Checker | 🧠 Reasoning | **Gate** — PASS/FAIL + gap list only, no suggestions |
238
- | Composer | BUILD | Coder | ⚡ Fast | Implements code from PRD |
239
- | Composer | BUILD | Tester | 🎯 Precision | PASS/FAIL/BLOCKED + coverage gaps only |
240
- | Composer | BUILD | Reviewer | 🎯 Precision | **Gate** — PASS/FAIL + gap list only, no suggestions |
241
- | Composer | BUILD | Compose-Reporter | ⚡ Fast | **Formatter** — completion report to `docs/reports/` |
242
- | Debugger | INVESTIGATE | Inspector | 🧠 Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
243
- | Debugger | FIX | Fixer | ⚡ Fast | Minimal, root-cause-targeted fix |
244
- | Debugger | REPORT | Debug-Reporter | ⚡ Fast | **Formatter** — Iron Law diagnosis report to `docs/reports/` |
245
- | Prober | TRACE | Tracer | 🎯 Precision | WSTG recon + vuln path tracing, no remedies |
246
- | Prober | PATCH | Patcher | ⚡ Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
247
- | Prober | AUDIT | Auditor | 🎯 Precision | **Gate** — PASS/FAIL + Gap List + BLOAT List only |
248
- | Prober | AUDIT | Probe-Reporter | ⚡ Fast | **Formatter** — security audit report to `docs/reports/` |
249
-
250
- ---
251
-
252
- ## Flow Rules
253
-
254
- | Rule | Detail |
255
- |------|--------|
256
- | **Mandatory starts** | Composer always starts in EXPLORE. Prober always starts in TRACE. No skipping. |
257
- | **Guardrail gates** | Composer: Gate 1 (EXPLORE→PLAN/BUILD), Gate 2 (PLAN→BUILD). Prober: Gate after TRACE. All require user confirmation. |
258
- | **Gate agents** | Plan-Checker, Reviewer, Auditor — PASS/FAIL + gap list only. No suggestions, no decisions. |
259
- | **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Probe-Reporter stateless. Missing input = TBD/NA. Never invent content. |
260
- | **Fact-finding agents** | Researcher, Inspector, Tracer facts/inferences/risks only. No recommendations. |
261
- | **Build gate order** | Coder → Tester → Reviewer → Compose-Reporter. No skipping. No Coder→Coder without verification. |
262
- | **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Prober AUDIT FAIL: max 5 loops. All surface to you after limit. |
263
- | **Output directories** | PRDs → `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Probe-Reporter) → `docs/reports/`. Enforced by permissions. |
264
- | **Independence** | Debugger and Prober are fully standalone — triggered directly, do not flow through Composer. |
265
-
266
- ---
267
-
268
- ## Brooks-Lint Methodology (Debugger)
269
-
270
- The Debugger pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
271
-
272
- - **Iron Law** per finding: Symptom Source Consequence Remedy
273
- - **6 Decay Risks (R1–R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
274
- - **4 Review Modes**: PR Review (R1–R6), Architecture Audit, Tech Debt Assessment (Pain × Spread), Test Quality (T1–T6)
275
- - **T1–T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
276
-
277
- ## Principle Hierarchy
278
-
279
- All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
280
-
281
- 1. **PRD / Spec** explicit requirement text
282
- 2. **Verdict** Reviewer / Plan-Checker / Auditor PASS/FAIL
283
- 3. **Engineering principles** Fail Fast, Single Responsibility
284
- 4. **Heuristics** — KISS, DRY, SOLID, Law of Demeter
285
- 5. **Local optimization** — style preference
286
-
287
- ---
288
-
289
- ## Install
290
-
291
- ```sh
292
- npm install -g pluidr
293
- ```
294
-
295
- ## Usage
296
-
297
- ### `pluidr`
298
-
299
- The everyday command. Runs three steps in sequence:
300
-
301
- 1. **Update check** — compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
302
- 2. **Doctor check** — verifies installation health; prompts to repair with `pluidr init` if any checks fail
303
- 3. **Launch** spawns `opencode`
304
-
305
- ### `pluidr init`
306
-
307
- Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
308
-
309
- - Asks whether to install the pluidr-squeeze plugin (can decline)
310
- - Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
311
- - Backs up any existing config to `opencode.jsonc.bak.*`
312
- - Writes the new config to `~/.config/opencode/opencode.jsonc`
313
- - Copies all 18 agent prompt files into `~/.config/opencode/prompts/`
314
- - Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
315
- - Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
316
-
317
- ### `pluidr doctor`
318
-
319
- Checks installation health and reports ✓/✗ for each component:
320
-
321
- - `opencode.jsonc` exists
322
- - All 18 prompt files present
323
- - Both plugin files present
324
- - `pluidr-contrast` theme configured
325
- - `package.json` with `@opencode-ai/plugin` dependency
326
- - squeeze binary available
327
- - Config is valid JSON
328
-
329
- Exits with code `0` if all pass, `1` if any fail.
330
-
331
- ### `pluidr update`
332
-
333
- Checks the npm registry for a newer version of pluidr and prompts to automatically install the upgrade globally. If an update is successfully completed, the running CLI process exits to let you start fresh on the new version.
334
-
335
- ### `pluidr uninstall`
336
-
337
- Restores your previous configuration:
338
-
339
- - Finds the latest timestamped backup and restores it to `opencode.jsonc`
340
- - Restores `tui.json` from the latest backup (returning the TUI theme to its pre-Pluidr state)
341
- - Removes `prompts/`, `plugins/`, `bin/`, and `themes/pluidr-contrast.json` directories and files
342
- - Preserves `opencode.jsonc` and `package.json`
343
-
344
- ---
345
-
346
- ## Bundled Package
347
-
348
- ### `pluidr-flow`
349
-
350
- Provides subagents with cross-session context access:
351
-
352
- - `parent_session_messages` — read the parent session's transcript
353
- - `session_messages(sessionId)` read any session by ID
354
- - `session_messages_batch(sessionIds)` — read multiple sessions in one call
355
-
356
- ### `pluidr-squeeze`
357
-
358
- Hooks into tool execution to rewrite bash commands through the `squeeze` binary, filtering verbose output and saving **60–90% of tokens** across all agents.
359
-
360
- Both plugins and their dependency declaration are installed automatically by `pluidr init` — no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.
361
-
362
- ### Themes & Colors
363
-
364
- Pluidr comes with a pre-configured OLED high-contrast dark theme called **`pluidr-contrast`** that is automatically applied to your OpenCode terminal interface.
1
+ # Pluidr
2
+
3
+ [![npm version](https://img.shields.io/npm/v/pluidr)](https://www.npmjs.com/package/pluidr)
4
+ [![npm downloads](https://img.shields.io/npm/dm/pluidr)](https://www.npmjs.com/package/pluidr)
5
+ [![License](https://img.shields.io/npm/l/pluidr)](https://github.com/funara/pluidr/blob/main/LICENSE)
6
+
7
+ ** Plan - Build - Review ** -- opinionated engineering workflow installer for [OpenCode](https://opencode.ai).
8
+
9
+ ## TL;DR
10
+
11
+ Pluidr installs an opinionated, strict AI-agent workflow (Compose, Debug, and Analyze) with 14 specialized subagents into **OpenCode**. It enforces structured phases (Explore -> Plan -> Build), interactive guardrail gates, and test verification without ad-hoc delegation.
12
+
13
+ ## Quick Start
14
+
15
+ Get up and running in 3 simple steps:
16
+
17
+ 1. **Install globally:**
18
+ ```bash
19
+ npm install -g pluidr
20
+ ```
21
+
22
+ 2. **Initialize and configure agents:**
23
+ ```bash
24
+ pluidr init
25
+ ```
26
+ *(Select LLM models for reasoning, precision, and fast tiers when prompted)*
27
+
28
+ 3. **Launch OpenCode with Pluidr:**
29
+ ```bash
30
+ pluidr
31
+ ```
32
+
33
+ ---
34
+
35
+ ## What is Pluidr?
36
+
37
+ Pluidr installs **3 primary agents + 14 subagents** into OpenCode -- each primary agent owns its exclusive subagents, scoped permissions, and enforced workflow rules. No shared subagents. No ad-hoc delegation.
38
+
39
+ | Primary Agent | Purpose | Subagents |
40
+ |---|---|---|
41
+ | **Compose** | Feature work -- Explore -> Plan -> Build | Researcher, Plan-Writer, Plan-Checker, Coder, Tester, Reviewer, Compose-Reporter |
42
+ | **Debug** | Bug investigation -- Investigate -> Fix -> Report | Inspector, Fixer, Debug-Reporter |
43
+ | **Analyze** | Security audit -- Trace -> Patch -> Audit | Tracer, Patcher, Auditor, Analyze-Reporter |
44
+
45
+ ---
46
+
47
+ ### Parallel Subagent Swarming
48
+
49
+ To optimize wall-clock execution time, Pluidr's primary agents are empowered to **swarm multiple subagents concurrently** (e.g. running multiple researchers, inspectors, tracers, coders, fixers, patchers, testers, or auditors in parallel) for independent directories, files, or API endpoints. This enables non-linear workflow execution and leverages OpenCode's concurrent process engine.
50
+
51
+ ---
52
+
53
+ ## Agent Workflows
54
+
55
+ ### Compose -- Feature Work
56
+
57
+ Compose is the **single entry point for all feature work**. It runs 3 strict, one-directional phases. Phase direction is one-way -- no going back without explicit user instruction.
58
+
59
+ ```
60
+ You describe a feature / idea
61
+ |
62
+ v
63
+ +-----------------------------------------+
64
+ | EXPLORE PHASE (mandatory start) |
65
+ | |
66
+ | Delegate: Researcher |
67
+ | -> deep codebase + web fact-finding |
68
+ | -> confirmed-inferred facts / risks |
69
+ | |
70
+ | Compose internally assesses: |
71
+ | Is this feature simple or complex? |
72
+ +----------+------------------------------+
73
+ |
74
+ +--------+---------------+
75
+ | Simple feature | Complex feature
76
+ v v
77
+ GUARDRAIL GATE 1a GUARDRAIL GATE 1b
78
+ "Build directly?" "Write a PRD?"
79
+ | |
80
+ | Yes | Yes
81
+ | v
82
+ | +------------------------------+
83
+ | | PLAN PHASE |
84
+ | | |
85
+ | | Plan-Writer -> docs/plans/ |
86
+ | | Plan-Checker validates PRD |
87
+ | | PASS/FAIL + gap list only |
88
+ | | |
89
+ | | FAIL -> surface gaps to you |
90
+ | | (max 5 loops) |
91
+ | | |
92
+ | | PASS -> GUARDRAIL GATE 2 |
93
+ | | "Build from this PRD?" |
94
+ | +-------------+----------------+
95
+ | | Yes
96
+ +----------+-------------+
97
+ v
98
+ +--------------------------------------------+
99
+ | BUILD PHASE |
100
+ | |
101
+ | Coder -> implements from PRD / request |
102
+ | | |
103
+ | v |
104
+ | Tester -> PASS/FAIL/BLOCKED |
105
+ | | FAIL -> back to Coder (max 5 loops) |
106
+ | | PASS v |
107
+ | v |
108
+ | Reviewer -> PASS/FAIL + gap list |
109
+ | | FAIL -> back to Coder (max 5 loops) |
110
+ | | PASS v |
111
+ | v |
112
+ | Compose-Reporter -> docs/reports/ |
113
+ +--------------------------------------------+
114
+ |
115
+ v
116
+ You review result
117
+ |
118
+ Compose resets -> asks: New feature? Debug? Iterate?
119
+ ```
120
+
121
+ **Key rules:**
122
+ - Compose has **no read/write/bash permissions** -- all work delegated to subagents
123
+ - Phase transition only via guardrail gates -- no skipping
124
+ - `Coder -> Coder` loops without Tester verification are forbidden
125
+ - 5 consecutive FAILs from Tester or Reviewer -> surfaces to you
126
+
127
+ ---
128
+
129
+ ### Debug -- Bug Investigation
130
+
131
+ Debug is a **standalone primary agent** -- does not depend on Compose. Trigger it directly from the Debug tab whenever you find a bug.
132
+
133
+ ```
134
+ You report a bug / defect
135
+ |
136
+ v
137
+ GUARDRAIL GATE 1 (question tool):
138
+ "Ready to investigate?"
139
+ | Yes
140
+ v
141
+ +---------------------------------------------+
142
+ | INVESTIGATE PHASE (Inspector subagent) |
143
+ | |
144
+ | Review mode (Debug selects): |
145
+ | - PR Review -> classify R1-R6 |
146
+ | - Architecture -> dependency analysis |
147
+ | - Tech Debt -> Pain x Spread score |
148
+ | - Test Quality -> classify T1-T6 |
149
+ | |
150
+ | Output: Iron Law chain per finding |
151
+ | Symptom -> Source -> Consequence -> Remedy |
152
+ +----------+----------------------------------+
153
+ |
154
+ Root cause identified?
155
+ +--------+--------+
156
+ | Yes | No / unknowns remain
157
+ v v
158
+ GUARDRAIL GATE 2 (question tool):
159
+ "Ready to apply fix?"
160
+ | Yes Halt -- surface to you
161
+ v with specific questions
162
+ +-------------+
163
+ | FIX PHASE | (Fixer subagent)
164
+ +------+------+
165
+ |
166
+ v
167
+ +--------------------------------------+
168
+ | REPORT PHASE |
169
+ | |
170
+ | Delegate: Debug-Reporter |
171
+ | -> Iron Law diagnosis report |
172
+ | -> saved to docs/reports/ |
173
+ +--------------------------------------+
174
+ |
175
+ v
176
+ You review the diagnosis + fix
177
+ |
178
+ Debug resets -> asks (question tool): Finished? Iterate?
179
+ ```
180
+
181
+ **Key rules:**
182
+ - Debug has **no read/write/bash permissions** -- all delegated to subagents
183
+ - Executes only after Gate 1 (Investigation) and Gate 2 (Fix) user confirmations
184
+ - Never delegates Fixer without Inspector confirming root cause first
185
+ - If unknowns remain after investigation -> halts and prompts you, does not guess
186
+
187
+ ---
188
+
189
+ ### Analyze -- Security Audit
190
+
191
+ Analyze is a **standalone primary agent** -- does not depend on Compose or Debug. Trigger it directly from the Analyze tab to audit any codebase for security vulnerabilities and quality decay.
192
+
193
+ ```
194
+ You trigger a security audit
195
+ |
196
+ v
197
+ GUARDRAIL GATE 1 (question tool):
198
+ "Ready to start scan?"
199
+ | Yes
200
+ v
201
+ +---------------------------------------------------+
202
+ | TRACE PHASE (Tracer subagent) |
203
+ | |
204
+ | -> WSTG-guided breadth-first recon |
205
+ | -> trace data flows: input -> path -> sink |
206
+ | |
207
+ | Output: |
208
+ | - Confirmed Vulnerabilities (OWASP category, |
209
+ | location, data flow) |
210
+ | - Suspected Vulnerabilities (manual verify) |
211
+ | - Quality & Decay Risks (e.g. hardcoded |
212
+ | secrets, missing input validation) |
213
+ +----------+----------------------------------------+
214
+ |
215
+ v
216
+ GUARDRAIL GATE 2 (question tool):
217
+ "Audit findings ready. How to proceed?"
218
+ +-- "Patch all confirmed findings" -> PATCH PHASE
219
+ +-- "Select specific findings" -> PATCH PHASE (you pick)
220
+ +-- "Audit only -- no patches" -> AUDIT PHASE (skip PATCH)
221
+ +-- "Re-investigate attack surface" -> re-delegate Tracer
222
+ |
223
+ v
224
+ +--------------------------------------------------+
225
+ | PATCH PHASE (skipped if audit-only) |
226
+ | |
227
+ | Delegate: Patcher |
228
+ | -> Ponytail mindset: smallest correct diff |
229
+ | -> prefer deleting the cause over wrapping it |
230
+ | -> escalates to you if patch > 10 lines |
231
+ +----------+---------------------------------------+
232
+ |
233
+ v
234
+ +--------------------------------------------------+
235
+ | AUDIT PHASE (max 5 loops) |
236
+ | |
237
+ | Delegate: Auditor |
238
+ | -> verify patch resolved vulnerabilities |
239
+ | -> security regression check |
240
+ | | (Auditor subagent) |
241
+ | |
242
+ | PASS -> proceed to report |
243
+ | FAIL -> re-delegate Patcher with Gap + BLOAT |
244
+ | lists verbatim (max 5 loops, then you) |
245
+ | |
246
+ | Delegate: Analyze-Reporter |
247
+ | -> security audit report -> docs/reports/ |
248
+ +--------------------------------------------------+
249
+ |
250
+ v
251
+ You review the audit report
252
+ |
253
+ Analyze resets -> asks (question tool): Finished? Iterate?
254
+ ```
255
+
256
+ **Key rules:**
257
+ - Analyze has **no read/write/bash permissions** -- all delegated to subagents
258
+ - Never starts scanning/tracing without Gate 1 user confirmation
259
+ - Never patches without a GUARDRAIL GATE 2 user confirmation after TRACE
260
+ - 5 consecutive AUDIT FAILs -> surfaces to you
261
+
262
+ ---
263
+
264
+ ## Subagent Reference
265
+
266
+ Each subagent belongs to exactly one primary agent and cannot be invoked by anyone else:
267
+
268
+ | Primary | Phase | Subagent | Model Tier | Role |
269
+ |---------|-------|----------|------------|------|
270
+ | Compose | EXPLORE | Researcher | Reasoning | Fact-finding: confirmed_facts / inferred_facts / unknowns / risks |
271
+ | Compose | PLAN | Plan-Writer | Fast | **Formatter** -- writes PRD to `docs/plans/`, missing input = TBD |
272
+ | Compose | PLAN | Plan-Checker | Reasoning | **Gate** -- PASS/FAIL + gap list only, no suggestions |
273
+ | Compose | BUILD | Coder | Fast | Implements code from PRD |
274
+ | Compose | BUILD | Tester | Precision | PASS/FAIL/BLOCKED + coverage gaps only |
275
+ | Compose | BUILD | Reviewer | Precision | **Gate** -- PASS/FAIL + gap list only, no suggestions |
276
+ | Compose | BUILD | Compose-Reporter | Fast | **Formatter** -- completion report to `docs/reports/` |
277
+ | Debug | INVESTIGATE | Inspector | Reasoning | Brooks-Lint RCA (Iron Law + 6 decay risks + 4 review modes) |
278
+ | Debug | FIX | Fixer | Fast | Minimal, root-cause-targeted fix |
279
+ | Debug | REPORT | Debug-Reporter | Fast | **Formatter** -- Iron Law diagnosis report to `docs/reports/` |
280
+ | Analyze | TRACE | Tracer | Precision | WSTG recon + vuln path tracing, no remedies |
281
+ | Analyze | PATCH | Patcher | Fast | Minimal, security-targeted fix (Ponytail, max 10 lines) |
282
+ | Analyze | AUDIT | Auditor | Precision | **Gate** -- PASS/FAIL + Gap List + BLOAT List only |
283
+ | Analyze | AUDIT | Analyze-Reporter | Fast | **Formatter** -- security audit report to `docs/reports/` |
284
+
285
+ ---
286
+
287
+ ## Flow Rules
288
+
289
+ | Rule | Detail |
290
+ |------|--------|
291
+ | **Mandatory starts** | Compose always starts in EXPLORE. Analyze always starts in TRACE. No skipping. |
292
+ | **Guardrail gates** | Compose: Gate 1 (EXPLORE->PLAN/BUILD), Gate 2 (PLAN->BUILD). Analyze: Gate after TRACE. All require user confirmation. |
293
+ | **Gate agents** | Plan-Checker, Reviewer, Auditor -- PASS/FAIL + gap list only. No suggestions, no decisions. |
294
+ | **Formatter agents** | Plan-Writer, Compose-Reporter, Debug-Reporter, Analyze-Reporter -- stateless. Missing input = TBD/NA. Never invent content. |
295
+ | **Fact-finding agents** | Researcher, Inspector, Tracer -- facts/inferences/risks only. No recommendations. |
296
+ | **Build gate order** | Coder -> Tester -> Reviewer -> Compose-Reporter. No skipping. No Coder->Coder without verification. |
297
+ | **FAIL loops** | Plan-Checker FAIL: max 5 loops. Build FAIL (Tester/Reviewer): max 5 loops. Analyze AUDIT FAIL: max 5 loops. All surface to you after limit. |
298
+ | **Output directories** | PRDs -> `docs/plans/`. Reports (Compose-Reporter, Debug-Reporter, Analyze-Reporter) -> `docs/reports/`. Enforced by permissions. |
299
+ | **Independence** | Debug and Analyze are fully standalone -- triggered directly, do not flow through Compose. |
300
+
301
+ ---
302
+
303
+ ## Brooks-Lint Methodology (Debug)
304
+
305
+ The Debug pipeline uses the [Brooks-Lint](https://hyhmrright.github.io/brooks-lint/guide.html) framework:
306
+
307
+ - **Iron Law** per finding: Symptom -> Source -> Consequence -> Remedy
308
+ - **6 Decay Risks (R1-R6)**: Cognitive Overload, Change Propagation, Knowledge Duplication, Accidental Complexity, Dependency Disorder, Domain Model Distortion
309
+ - **4 Review Modes**: PR Review (R1-R6), Architecture Audit, Tech Debt Assessment (Pain x Spread), Test Quality (T1-T6)
310
+ - **T1-T6 Test Risks**: Test Obscurity, Brittleness, Duplication, Mock Abuse, Coverage Illusion, Architecture Mismatch
311
+
312
+ ## Principle Hierarchy
313
+
314
+ All agents resolve conflicts using this priority order (defined in `hierarchy.txt`):
315
+
316
+ 1. **PRD / Spec** -- explicit requirement text
317
+ 2. **Verdict** -- Reviewer / Plan-Checker / Auditor PASS/FAIL
318
+ 3. **Engineering principles** -- Fail Fast, Single Responsibility
319
+ 4. **Heuristics** -- KISS, DRY, SOLID, Law of Demeter
320
+ 5. **Local optimization** -- style preference
321
+
322
+ ---
323
+
324
+ ## Install
325
+
326
+ ```sh
327
+ npm install -g pluidr
328
+ ```
329
+
330
+ ## Usage
331
+
332
+ ### `pluidr`
333
+
334
+ The everyday command. Runs three steps in sequence:
335
+
336
+ 1. **Update check** -- compares local version against npm registry; prompts to `npm install -g pluidr` if a new version is available
337
+ 2. **Doctor check** -- verifies installation health; prompts to repair with `pluidr init` if any checks fail
338
+ 3. **Launch** -- spawns `opencode`
339
+
340
+ ### `pluidr init`
341
+
342
+ Prompts you to select models for three agent tiers (reasoning, precision, and fast), then:
343
+
344
+ - Builds a complete `opencode.jsonc` config with the chosen models injected into the right agents
345
+ - Backs up any existing config to `opencode.jsonc.bak.*`
346
+ - Writes the new config to `~/.config/opencode/opencode.jsonc`
347
+ - Copies all 8 agent prompt files into `~/.config/opencode/prompts/`
348
+ - Copies `pluidr-flow` and `pluidr-squeeze` plugins into `~/.config/opencode/plugins/`
349
+ - Writes a `package.json` declaring `@opencode-ai/plugin` as a dependency
350
+
351
+ ### `pluidr doctor`
352
+
353
+ Checks installation health and reports pass/fail for each component:
354
+
355
+ - `opencode.jsonc` exists
356
+ - All 8 prompt files present
357
+ - Both plugin files present
358
+ - Theme configured
359
+ - `package.json` with `@opencode-ai/plugin` dependency
360
+ - Config is valid JSON
361
+
362
+ Exits with code `0` if all pass, `1` if any fail.
363
+
364
+ ### `pluidr update`
365
+
366
+ Checks the npm registry for a newer version of pluidr and prompts to automatically install the upgrade globally. If an update is successfully completed, the running CLI process exits to let you start fresh on the new version.
367
+
368
+ ### `pluidr uninstall`
369
+
370
+ Restores your previous configuration:
371
+
372
+ - Finds the latest timestamped backup and restores it to `opencode.jsonc`
373
+ - Restores `tui.json` from the latest backup (returning the TUI theme to its pre-Pluidr state)
374
+ - Removes `prompts/`, `plugins/`, `bin/`, `skills/`, `commands/` directories, and the installed `pluidr` themes
375
+ - Preserves `opencode.jsonc` and `package.json`
376
+
377
+ ### Logo Animation
378
+
379
+ Both `pluidr` and `pluidr init` feature an animated ASCII banner. The animation style can be configured via CLI flag (e.g. `--animation <type>`), environment variable (`PLUIDR_ANIMATION`), or in `~/.config/opencode/tui.json` (as the `"animation"` key).
380
+
381
+ Available animation styles:
382
+
383
+ 1. **float**: The entire logo moves left and right in unison. This keeps the letter shapes intact and is much cleaner/less awkward.
384
+ 2. **wave** (Default): The legacy rolling vertical sine wave (shears rows).
385
+ 3. **pulse**: Static position, but the logo color pulses/glows in unison.
386
+ 4. **none**: Static logo (no animation motion) with static gradient colors.
387
+
388
+ ---
389
+
390
+ ## Bundled Package
391
+
392
+ ### `pluidr-flow`
393
+
394
+ Provides subagents with cross-session context access:
395
+
396
+ - `parent_session_messages` -- read the parent session's transcript
397
+ - `session_messages(sessionId)` -- read any session by ID
398
+ - `session_messages_batch(sessionIds)` -- read multiple sessions in one call
399
+
400
+ ### `pluidr-squeeze`
401
+
402
+ Monitors context fill limits and session health, calculates ResourceHealth and SessionEfficiency metrics, alerts on loop/retry patterns, and enables seamless session continuity/restores for same-project tasks.
403
+
404
+ Both plugins and their dependency declaration are installed automatically by `pluidr init` -- no extra user action required. On OpenCode's first launch, the bundled Bun runtime installs `@opencode-ai/plugin` from the generated `package.json`.
405
+
406
+ ### Themes & Colors
407
+
408
+ Pluidr comes with a pre-configured OLED high-contrast dark theme called **`pluidr-contrast`** that is automatically applied to your OpenCode terminal interface.