supipowers 1.5.0 → 1.5.1

package/README.md

@@ -23,7 +23,7 @@ Run the interactive installer:
 bunx supipowers
 ```
 
-The installer detects your agent, registers the extension, and optionally sets up LSP servers, MCP tools, and the context-mode integration.
+The installer detects your agent, registers the extension, removes legacy external context-mode MCP registrations, and can install missing optional tooling such as LSP servers, `mcpc`, and Playwright CLI.
 
 > [!TIP]
 > Run `/supi:update` at any time to upgrade to the latest version, or `/supi:doctor` to check your setup.
@@ -34,16 +34,15 @@ The installer detects your agent, registers the extension, and optionally sets u
 | ----------------------------------------------------- | --------------------------------------------------------------------- |
 | [Oh My Pi (OMP)](https://github.com/can1357/oh-my-pi) | The coding agent that supipowers extends                              |
 | [Bun](https://bun.sh)                                 | Runtime — required for installation and the built-in SQLite FTS index |
-| [Git](https://git-scm.com)                            | Used by the installer and context-mode setup                          |
+| [Git](https://git-scm.com)                            | Used by the installer and git-based workflows                         |
 
 ### Optional dependencies
 
-The installer scans for these and offers to install any that are missing. Everything works without them, but each one unlocks additional capabilities.
+The installer scans for these and offers to install missing tooling where it can. Everything works without them, but each one unlocks additional capabilities.
 
 | Dependency                            | What it enables                                                       |
 | ------------------------------------- | --------------------------------------------------------------------- |
 | [mcpc](https://github.com/apify/mcpc) | MCP server management via `/supi:mcp`                                 |
-| supi-context-mode                     | Context window protection — large outputs are sandboxed automatically |
 | `typescript-language-server`          | TypeScript/JS diagnostics and references in review gates              |
 | `pyright`                             | Python type checking                                                  |
 | `rust-analyzer`                       | Rust language server                                                  |
@@ -52,7 +51,8 @@ The installer scans for these and offers to install any that are missing. Everyt
 
 > [!NOTE]
 > LSP servers are language-specific — install only the ones that match your project's stack.
-> supi-context-mode is heavily inspired at [context-mode](https://github.com/mksglu/context-mode)
+> Context protection is built into supipowers. No external `context-mode` or `supi-context-mode` dependency is required.
+> The design is inspired by [context-mode](https://github.com/mksglu/context-mode).
 
 ## Commands
 
@@ -71,7 +71,7 @@ The installer scans for these and offers to install any that are missing. Everyt
 | `/supi:optimize-context` | Analyze loaded prompt/context usage and suggest reductions    |
 | `/supi:mcp`              | Manage MCP servers (connect, disconnect, migrate)             |
 | `/supi:config`           | Interactive settings TUI                                      |
-| `/supi:status`           | Check running sub-agents and progress                         |
+| `/supi:status`           | Show project plans and configuration summary                  |
 | `/supi:doctor`           | Diagnose extension health and missing dependencies            |
 | `/supi:generate`        | Documentation drift detection                                |
 | `/supi:update`           | Update supipowers to the latest version                       |
@@ -87,9 +87,20 @@ Most commands steer the AI session. These are TUI-only — they open native dial
 
 **AI code review.** `/supi:review` runs a programmatic AI review pipeline with configurable depth (quick, deep, or multi-agent). It uses headless agent sessions with structured JSON validation, always validates findings before user action, writes the current validated findings to a session `findings.md` document, and then presents three next-step choices: `Fix now`, `Document only`, or `Discuss before fixing`.
 
+**Review agents.** Multi-agent review loads agents from two scopes: global and project.
+
+- Global defaults and global custom agents live under `~/.omp/supipowers/review-agents/`.
+- Project configuration lives under `.omp/supipowers/review-agents/config.yml`.
+- Default built-in agent markdown files are installed globally, not per-project.
+- Project custom agent markdown files can still live under `.omp/supipowers/review-agents/`.
+- Merge precedence is project over global: if the project config mentions an agent name, it shadows the global agent with the same name.
+- A project entry with `enabled: false` suppresses the global agent with that same name instead of falling back to the global copy.
+
+Use `/supi:agents` to inspect the merged set that will actually run.
+
 **PR fixing.** `/supi:fix-pr` fetches PR review comments, critically assesses each one, checks for ripple effects, then fixes or rejects with evidence. Bot reviewers are auto-detected and filtered out.
 
-**Context protection.** When [context-mode](https://github.com/mksglu/context-mode) is detected, supipowers injects routing hooks that protect the agent's context window. Large outputs, file reads, and HTTP calls are automatically routed through sandboxed execution so only summaries enter the conversation.
+**Context protection.** Supipowers always enables built-in context protection through native `ctx_*` tools and routing hooks. Search/find and web-fetch style operations are redirected to sandboxed execution or indexed storage, and oversized tool results are compressed before they reach the conversation.
 
 **Model assignment.** Each action can be assigned a different model and thinking level. `/supi:model` opens a TUI picker backed by OMP's model registry.
 
@@ -177,7 +188,7 @@ Supipowers ships runtime-loaded prompt skills that are also available to the age
 | Skill                   | Used by                 |
 | ----------------------- | ----------------------- |
 | `planning`              | `/supi:plan`            |
-| `code-review`           | `/supi:review`          |
+| `code-review`           | Manual prompting / reusable review guidance |
 | `qa-strategy`           | `/supi:qa`              |
 | `fix-pr`                | `/supi:fix-pr`          |
 | `debugging`             | Agent sessions          |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "supipowers",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Workflow extension for OMP coding agents.",
   "type": "module",
   "scripts": {
@@ -10,9 +10,18 @@
     "build": "tsc -p tsconfig.build.json",
     "prepare": "git config core.hooksPath hooks || true"
   },
+  "engines": {
+    "bun": ">=1.3.10"
+  },
   "keywords": [
+    "omp",
     "omp-extension",
+    "oh-my-pi",
+    "ai-agent",
+    "coding-agent",
     "workflow",
+    "code-review",
+    "planning",
     "agent",
     "supipowers"
   ],
@@ -20,6 +29,11 @@
     "type": "git",
     "url": "https://github.com/ogrodev/supipowers.git"
   },
+  "homepage": "https://supipowers.com",
+  "bugs": {
+    "url": "https://github.com/ogrodev/supipowers/issues"
+  },
+  "author": "ogrodev",
   "license": "MIT",
   "bin": {
     "supipowers": "bin/install.mjs"

package/skills/planning/SKILL.md

@@ -123,7 +123,7 @@ Break into tasks of 2–5 minutes each. Each task must have:
 - **criteria**: acceptance criteria (testable)
 - **complexity**: `small` | `medium` | `large`
 
-Steps use checkbox syntax (`- [ ]`). Include function signatures or pseudocode — not vague descriptions, not full implementations.
+Steps use checkbox syntax (`- [ ]`). Describe what each step changes in prose. Include function signatures or brief pseudocode only when they clarify a non-obvious interface or algorithm. Do NOT include full function bodies, full test bodies, or file-content dumps — the plan describes the work, the execution session writes the code.
 
 **Plan template:**
 
@@ -161,6 +161,7 @@ tags: [<relevant>, <tags>]
 | Wait for user approval at each gate | Combine or skip phases |
 | Include test files in task file lists | Include git commit/push steps for specs |
 | Name research gaps instead of guessing | Present every explored branch (show finalists only) |
+| Describe steps in prose with optional signatures | Include full function bodies, test bodies, or file contents in plans |
 
 ## Final Checklist
 
@@ -171,4 +172,5 @@ tags: [<relevant>, <tags>]
 - [ ] Spec review loop completed (sub-agent approved or user overrode)
 - [ ] User approved spec before implementation plan
 - [ ] Every task has files, criteria, complexity, and checkbox steps
-- [ ] Task steps reference signatures/pseudocode, not vague descriptions
+- [ ] Task steps describe changes in prose; signatures/pseudocode used only when they clarify non-obvious interfaces
+- [ ] No full function bodies, test bodies, or file-content dumps in the plan

package/src/commands/release.ts

@@ -6,9 +6,15 @@ import type { ReleaseChannel, BumpType, ReviewReport, ResolvedModel } from "../t
 import { loadConfig, updateConfig } from "../config/loader.js";
 import { detectChannels } from "../release/detector.js";
 import type { ChannelStatus } from "../release/channels/types.js";
-import { parseConventionalCommits, buildChangelogMarkdown, summarizeChanges } from "../release/changelog.js";
+import {
+  parseConventionalCommits,
+  buildChangelogMarkdown,
+  summarizeChanges,
+  filterOnelineGitLogToPaths,
+} from "../release/changelog.js";
 import {
   getCurrentVersion,
+  getPublishedPackagePaths,
   suggestBump,
   bumpVersion,
   isVersionReleased,
@@ -464,14 +470,20 @@ export async function handleRelease(platform: Platform, ctx: any, args?: string)
         : false;
 
       const sinceArg = lastTag ? `${lastTag}..HEAD` : "HEAD~50..HEAD";
+      const releaseScope = getPublishedPackagePaths(ctx.cwd);
+      const gitLogArgs = releaseScope
+        ? ["log", sinceArg, "--format=%x1e%H%x1f%s", "--name-only"]
+        : ["log", sinceArg, "--oneline"];
       let gitLogOutput: string;
       try {
-        const result = await platform.exec(
-          "git",
-          ["log", sinceArg, "--oneline"],
-          { cwd: ctx.cwd },
-        );
-        gitLogOutput = result.code === 0 ? result.stdout : "";
+        const result = await platform.exec("git", gitLogArgs, { cwd: ctx.cwd });
+        if (result.code !== 0) {
+          gitLogOutput = "";
+        } else if (releaseScope) {
+          gitLogOutput = filterOnelineGitLogToPaths(result.stdout, releaseScope);
+        } else {
+          gitLogOutput = result.stdout;
+        }
       } catch {
         gitLogOutput = "";
       }

package/src/context-mode/knowledge/chunker.ts

@@ -140,15 +140,16 @@ function classifyContent(body: string): "code" | "prose" {
 
 /**
  * Split oversized body at paragraph boundaries (\n\n), never breaking inside code fences.
- * Returns parts each ≤ MAX_CHUNK_SIZE (best effort — a single paragraph exceeding the limit is kept whole).
+ * Hard-caps every part at MAX_CHUNK_SIZE — if no paragraph boundary fits, force-splits at
+ * line boundaries (or raw character offset as last resort).
  */
 function splitOversized(body: string): string[] {
   // Identify paragraph boundaries that are outside code fences
   const splitPoints = findSafeSplitPoints(body);
 
   if (splitPoints.length === 0) {
-    // No safe split points — return as single part
-    return [body];
+    // No safe split points — force-split at line or character boundaries
+    return hardSplit(body);
   }
 
   const parts: string[] = [];
@@ -193,6 +194,44 @@ function splitOversized(body: string): string[] {
     }
   }
 
+  // Hard-cap: any part still exceeding MAX_CHUNK_SIZE gets force-split
+  return parts.flatMap(hardSplit);
+}
+
+/**
+ * Force-split text into parts of at most MAX_CHUNK_SIZE.
+ * Prefers splitting at line boundaries; falls back to raw character offset.
+ */
+function hardSplit(text: string): string[] {
+  if (text.length <= MAX_CHUNK_SIZE) return [text];
+
+  const parts: string[] = [];
+  const lines = text.split("\n");
+  let current = "";
+
+  for (const line of lines) {
+    // If a single line exceeds the limit, chop it at character boundaries
+    if (line.length > MAX_CHUNK_SIZE) {
+      if (current) {
+        parts.push(current);
+        current = "";
+      }
+      for (let i = 0; i < line.length; i += MAX_CHUNK_SIZE) {
+        parts.push(line.slice(i, i + MAX_CHUNK_SIZE));
+      }
+      continue;
+    }
+
+    const sep = current ? "\n" : "";
+    if (current.length + sep.length + line.length > MAX_CHUNK_SIZE) {
+      if (current) parts.push(current);
+      current = line;
+    } else {
+      current = current + sep + line;
+    }
+  }
+
+  if (current) parts.push(current);
   return parts;
 }
 

package/src/context-mode/tools.ts

@@ -15,6 +15,25 @@ import { fetchAndIndex } from "./web/fetcher.js";
 /** Threshold (bytes) above which intent-driven filtering kicks in. */
 const INTENT_THRESHOLD = 5 * 1024;
 
+/**
+ * Hard cap on tool response text. Prevents oversized responses from
+ * exceeding model API limits (10MB). Leaves generous headroom.
+ */
+const MAX_RESPONSE_SIZE = 100 * 1024; // 100KB
+
+/** Truncate tool response text to MAX_RESPONSE_SIZE with a follow-up hint. */
+function capResponseSize(text: string): string {
+  if (text.length <= MAX_RESPONSE_SIZE) return text;
+  const truncated = text.slice(0, MAX_RESPONSE_SIZE);
+  // Cut at last newline to avoid mid-line truncation
+  const lastNewline = truncated.lastIndexOf("\n");
+  const clean = lastNewline > MAX_RESPONSE_SIZE * 0.8 ? truncated.slice(0, lastNewline) : truncated;
+  return (
+    clean +
+    `\n\n[... output truncated at ${(MAX_RESPONSE_SIZE / 1024).toFixed(0)}KB. Use ctx_search(queries) for targeted follow-up.]`
+  );
+}
+
 /** Per-session, in-memory stats. Reset on session restart. */
 interface ToolStats {
   calls: Record<string, number>;
@@ -171,7 +190,7 @@ export function registerContextModeTools(platform: Platform, store: KnowledgeSto
       output = maybeFilterByIntent(output, intent, source, store);
 
       trackCall("ctx_execute", output.length);
-      return { content: [{ type: "text", text: output }] };
+      return { content: [{ type: "text", text: capResponseSize(output) }] };
     },
   });
 
@@ -212,7 +231,7 @@ export function registerContextModeTools(platform: Platform, store: KnowledgeSto
       output = maybeFilterByIntent(output, intent, source, store);
 
       trackCall("ctx_execute_file", output.length);
-      return { content: [{ type: "text", text: output }] };
+      return { content: [{ type: "text", text: capResponseSize(output) }] };
     },
   });
 
@@ -285,7 +304,7 @@ export function registerContextModeTools(platform: Platform, store: KnowledgeSto
       }
 
       trackCall("ctx_batch_execute", text.length);
-      return { content: [{ type: "text", text }] };
+      return { content: [{ type: "text", text: capResponseSize(text) }] };
     },
   });
 
@@ -349,7 +368,7 @@ export function registerContextModeTools(platform: Platform, store: KnowledgeSto
       const output = formatSearchResults(results);
 
       trackCall("ctx_search", output.length);
-      return { content: [{ type: "text", text: output }] };
+      return { content: [{ type: "text", text: capResponseSize(output) }] };
     },
   });
 
@@ -381,7 +400,7 @@ export function registerContextModeTools(platform: Platform, store: KnowledgeSto
       }
 
       trackCall("ctx_fetch_and_index", output.length);
-      return { content: [{ type: "text", text: output }] };
+      return { content: [{ type: "text", text: capResponseSize(output) }] };
     },
   });
 

package/src/planning/plan-content-policy.ts

@@ -0,0 +1,78 @@
+interface PlanReviewCategory {
+  category: string;
+  detail: string;
+  summaryLabel: string;
+}
+
+export const PLAN_REVIEW_CATEGORIES: readonly PlanReviewCategory[] = [
+  {
+    category: "Completeness",
+    detail: "TODO markers, placeholders, incomplete tasks, missing steps",
+    summaryLabel: "completeness",
+  },
+  {
+    category: "Spec Alignment",
+    detail: "Chunk covers relevant spec requirements, no scope creep",
+    summaryLabel: "spec alignment",
+  },
+  {
+    category: "Task Decomposition",
+    detail: "Tasks atomic, clear boundaries, steps actionable",
+    summaryLabel: "task decomposition",
+  },
+  {
+    category: "File Structure",
+    detail: "Files have clear single responsibilities, split by responsibility not layer",
+    summaryLabel: "file structure",
+  },
+  {
+    category: "File Size",
+    detail: "Would any new or modified file likely grow large enough to be hard to reason about?",
+    summaryLabel: "file size rules",
+  },
+  {
+    category: "Checkbox Syntax",
+    detail: "Steps use checkbox (`- [ ]`) syntax for tracking",
+    summaryLabel: "checkbox syntax",
+  },
+  {
+    category: "Chunk Size",
+    detail: "Each chunk under 1000 lines",
+    summaryLabel: "chunk size",
+  },
+  {
+    category: "Code Content",
+    detail:
+      "Plans describe work in prose; code fences limited to signatures, brief pseudocode, or exact commands. No full function bodies, test bodies, or file-content dumps.",
+    summaryLabel: "code-content rules",
+  },
+] as const;
+
+export const PLAN_CODE_CONTENT_REQUIREMENTS = [
+  "Describe what each step changes — do not dump full implementations",
+  "Use function signatures or brief pseudocode only when they clarify a non-obvious interface or algorithm",
+  "Do NOT include full file contents, full function bodies, or full test bodies",
+  "Code fences are allowed only for short signatures, brief pseudocode, or exact commands",
+] as const;
+
+export const PLAN_CODE_CONTENT_CRITICAL_CHECKS = [
+  "Full function bodies, full test bodies, or file-sized code blocks where prose or a signature would suffice",
+  "Code fences that contain implementation rather than interface descriptions",
+] as const;
+
+export const PLAN_CONTENT_POLICY_SUMMARY =
+  "Plans describe the work — they do not generate it. Use prose to explain what changes, code fences only for signatures, brief pseudocode, or exact commands, and never full function bodies, full test bodies, or file-content dumps.";
+
+export const QUICK_PLAN_TASK_CONTENT_REQUIREMENT =
+  "Describe what each task changes in prose. Include function signatures or brief pseudocode only when they clarify a non-obvious interface. Do NOT include full function bodies, full test bodies, or file-content dumps.";
+
+export function formatPlanReviewCategorySummary(): string {
+  return humanJoin(PLAN_REVIEW_CATEGORIES.map((category) => category.summaryLabel));
+}
+
+function humanJoin(values: readonly string[]): string {
+  if (values.length === 0) return "";
+  if (values.length === 1) return values[0];
+  if (values.length === 2) return `${values[0]} and ${values[1]}`;
+  return `${values.slice(0, -1).join(", ")}, and ${values.at(-1)}`;
+}

package/src/planning/plan-reviewer.ts

@@ -1,3 +1,6 @@
+import { PLAN_CODE_CONTENT_CRITICAL_CHECKS, PLAN_REVIEW_CATEGORIES } from "./plan-content-policy.js";
+
+
 /**
  * Build the prompt for dispatching a plan document reviewer sub-agent.
  * Follows the same pattern as supipowers' plan-document-reviewer-prompt.md.
@@ -17,13 +20,9 @@ export function buildPlanReviewerPrompt(
     "",
     "| Category | What to Look For |",
     "|----------|------------------|",
-    "| Completeness | TODO markers, placeholders, incomplete tasks, missing steps |",
-    "| Spec Alignment | Chunk covers relevant spec requirements, no scope creep |",
-    "| Task Decomposition | Tasks atomic, clear boundaries, steps actionable |",
-    "| File Structure | Files have clear single responsibilities, split by responsibility not layer |",
-    "| File Size | Would any new or modified file likely grow large enough to be hard to reason about? |",
-    "| Checkbox Syntax | Steps use checkbox (`- [ ]`) syntax for tracking |",
-    "| Chunk Size | Each chunk under 1000 lines |",
+    ...PLAN_REVIEW_CATEGORIES.map(
+      ({ category, detail }) => `| ${category} | ${detail} |`,
+    ),
     "",
     "## Critical",
     "",
@@ -33,7 +32,8 @@ export function buildPlanReviewerPrompt(
     "- Incomplete task definitions",
     "- Missing verification steps or expected outputs",
     "- Files planned to hold multiple responsibilities or likely to grow unwieldy",
-    "",
+    ...PLAN_CODE_CONTENT_CRITICAL_CHECKS.map((check) => `- ${check}`),
+
     "## Output Format",
     "",
     `## Plan Review — Chunk ${chunkNumber}`,

package/src/planning/plan-writer-prompt.ts

@@ -1,3 +1,5 @@
+import { PLAN_CODE_CONTENT_REQUIREMENTS, formatPlanReviewCategorySummary } from "./plan-content-policy.js";
+
 
 export interface PlanWriterOptions {
   specPath: string;
@@ -24,7 +26,7 @@ export function buildPlanWriterPrompt(options: PlanWriterOptions): string {
     `**Spec document:** ${specPath}`,
     "",
     "Write the plan assuming the implementing engineer has zero context for this codebase.",
-    "Document everything they need: which files to touch, complete code, testing, exact commands.",
+    "Document everything they need: which files to touch, what each change does, testing approach, exact commands.",
     "Give them the whole plan as bite-sized tasks. DRY. YAGNI. TDD.",
     "Keep the plan local-only: do NOT include git add, git commit, git push, or other VCS steps in the plan.",
     "",
@@ -88,31 +90,18 @@ export function buildPlanWriterPrompt(options: PlanWriterOptions): string {
     "- Test: `tests/exact/path/to/test.ts`",
     "",
     "- [ ] **Step 1: Write the failing test**",
-    "",
-    "```typescript",
-    "test('specific behavior', () => {",
-    "  const result = myFunction(input);",
-    "  expect(result).toBe(expected);",
-    "});",
-    "```",
+    "  Add a test that verifies `myFunction(input)` returns the expected result and covers the empty-input edge case.",
     "",
     "- [ ] **Step 2: Run test to verify it fails**",
-    "",
-    "Run: `bun test tests/path/test.ts`",
-    'Expected: FAIL with "myFunction is not defined"',
+    "  Run: `bun test tests/path/test.ts`",
+    "  Expected: FAIL because `myFunction` does not exist yet.",
     "",
     "- [ ] **Step 3: Write minimal implementation**",
-    "",
-    "```typescript",
-    "export function myFunction(input: string): string {",
-    "  return expected;",
-    "}",
-    "```",
+    "  Implement `myFunction(input: string): string` in `src/path/file.ts`. Validate the input, apply the transformation, and export it.",
     "",
     "- [ ] **Step 4: Run test to verify it passes**",
-    "",
-    "Run: `bun test tests/path/test.ts`",
-    "Expected: PASS",
+    "  Run: `bun test tests/path/test.ts`",
+    "  Expected: PASS",
     "````",
     "",
 
@@ -120,7 +109,7 @@ export function buildPlanWriterPrompt(options: PlanWriterOptions): string {
     "### Requirements",
     "",
     "- Exact file paths always",
-    "- Complete code in plan (not 'add validation' — show the actual code)",
+    ...PLAN_CODE_CONTENT_REQUIREMENTS.map((rule) => `- ${rule}`),
     "- Exact commands with expected output",
     "- DRY, YAGNI, TDD",
     "- No git commit, push, or other VCS steps in the plan",
@@ -133,8 +122,7 @@ export function buildPlanWriterPrompt(options: PlanWriterOptions): string {
     "Use `## Chunk N: <name>` headings to delimit chunks. Each chunk should be under 1000 lines and logically self-contained.",
     "",
     "1. Dispatch a plan-document-reviewer sub-agent for each chunk.",
-    "   The reviewer checks: completeness, spec alignment, task decomposition,",
-    "   file structure, file size rules, checkbox syntax, and chunk size.",
+    `   The reviewer checks: ${formatPlanReviewCategorySummary()}.`,
     "   Provide the reviewer with: the plan file path, the spec file path, and the chunk number.",
 
     "",

package/src/planning/system-prompt.ts

@@ -2,6 +2,7 @@ import type { Platform } from "../platform/types.js";
 import { createDebugLogger } from "../debug/logger.js";
 import { getPlanningDebugLogger, getPlanningPromptOptions, isPlanningActive } from "./approval-flow.js";
 import { buildPlanWriterPrompt } from "./plan-writer-prompt.js";
+import { PLAN_CONTENT_POLICY_SUMMARY, QUICK_PLAN_TASK_CONTENT_REQUIREMENT } from "./plan-content-policy.js";
 import { buildSpecReviewerPrompt } from "./spec-reviewer.js";
 
 export interface PlanningSystemPromptOptions {
@@ -162,6 +163,7 @@ function buildFullPlanningSection(options: PlanningSystemPromptOptions): string
     "",
     "## Planning Principles",
     "",
+    `- ${PLAN_CONTENT_POLICY_SUMMARY}`,
     "- One question at a time.",
     "- Multiple-choice is preferred when it speeds decisions.",
     "- Diverge broadly, converge tightly.",
@@ -206,6 +208,7 @@ function buildQuickPlanningSection(options: PlanningSystemPromptOptions): string
     "```",
     "",
     "4. Each task must include name, files, criteria, and complexity (small/medium/large).",
+    `   - ${QUICK_PLAN_TASK_CONTENT_REQUIREMENT}`,
     "5. Save the plan under `.omp/supipowers/plans/YYYY-MM-DD-<feature-name>.md`.",
     "6. After saving, tell the user: `Plan saved to <path>. Review it and approve when ready.`",
     "7. Then stop and wait. The approval UI handles execution handoff.",

package/src/release/changelog.ts

@@ -13,6 +13,71 @@ const CONVENTIONAL_PREFIX =
 // `BREAKING CHANGE:` and `BREAKING-CHANGE:` anywhere in the message line
 const BREAKING_CHANGE_FOOTER = /BREAKING[- ]CHANGE:/;
 
+const GIT_LOG_RECORD_SEPARATOR = "\u001e";
+const GIT_LOG_FIELD_SEPARATOR = "\u001f";
+
+interface GitCommitWithFiles {
+  hash: string;
+  message: string;
+  files: string[];
+}
+
+function normalizeReleasePath(value: string): string {
+  return value.replace(/\\/g, "/").replace(/^\.\/+/, "").replace(/^\/+/, "").replace(/\/+$/, "");
+}
+
+function parseGitLogWithFiles(gitLog: string): GitCommitWithFiles[] {
+  return normalizeLineEndings(gitLog)
+    .split(GIT_LOG_RECORD_SEPARATOR)
+    .map((record) => record.trim())
+    .filter(Boolean)
+    .flatMap((record) => {
+      const lines = record
+        .split("\n")
+        .map((line) => line.trim())
+        .filter(Boolean);
+
+      const header = lines.shift();
+      if (!header) {
+        return [];
+      }
+
+      const [hash, message] = header.split(GIT_LOG_FIELD_SEPARATOR);
+      if (!hash || !message) {
+        return [];
+      }
+
+      return [{
+        hash: hash.trim(),
+        message: message.trim(),
+        files: lines.map(normalizeReleasePath).filter(Boolean),
+      }];
+    });
+}
+
+function isPathInReleaseScope(filePath: string, releaseScope: string[]): boolean {
+  const normalizedFile = normalizeReleasePath(filePath);
+  return releaseScope.some((scopePath) => normalizedFile === scopePath || normalizedFile.startsWith(`${scopePath}/`));
+}
+
+/**
+ * Filter a `git log --format=%x1e%H%x1f%s --name-only` payload down to commits
+ * touching the published package scope, then emit `git log --oneline` text that
+ * can be parsed by `parseConventionalCommits()`.
+ */
+export function filterOnelineGitLogToPaths(gitLog: string, releaseScope: string[]): string {
+  const normalizedScope = [...new Set(releaseScope.map(normalizeReleasePath).filter(Boolean))];
+  if (normalizedScope.length === 0) {
+    return "";
+  }
+
+  return parseGitLogWithFiles(gitLog)
+    .filter((commit) => commit.files.some((file) => isPathInReleaseScope(file, normalizedScope)))
+    .map((commit) => `${commit.hash.slice(0, 7)} ${commit.message}`)
+    .join("\n");
+}
+
+
 /**
  * Parse a single `git log --oneline` line into hash + raw message.
  * Returns null for blank lines or lines too short to contain a real hash.

package/src/release/version.ts

@@ -53,18 +53,47 @@ export function bumpVersion(current: string, bump: BumpType): string {
 }
 
 /**
- * Read the `version` field from `<cwd>/package.json`.
- * Returns `"0.0.0"` when the file is absent or carries no version field.
+ * Read the parsed package.json object from `<cwd>/package.json`. Returns null
+ * when the file is absent or invalid.
  */
-export function getCurrentVersion(cwd: string): string {
+function readPackageJson(cwd: string): { version?: string; files?: unknown } | null {
   const pkgPath = path.join(cwd, "package.json");
   try {
     const raw = fs.readFileSync(pkgPath, "utf-8");
-    const pkg = JSON.parse(raw) as { version?: string };
-    return pkg.version ?? "0.0.0";
+    return JSON.parse(raw) as { version?: string; files?: unknown };
   } catch {
-    return "0.0.0";
+    return null;
+  }
+}
+
+/**
+ * Read the `version` field from `<cwd>/package.json`.
+ * Returns `"0.0.0"` when the file is absent or carries no version field.
+ */
+export function getCurrentVersion(cwd: string): string {
+  return readPackageJson(cwd)?.version ?? "0.0.0";
+}
+
+/**
+ * Return the publishable package paths used to scope release-note commits.
+ * Returns null when the package manifest does not declare a `files` whitelist.
+ */
+export function getPublishedPackagePaths(cwd: string): string[] | null {
+  const files = readPackageJson(cwd)?.files;
+  if (!Array.isArray(files)) {
+    return null;
   }
+
+  const normalized = files
+    .filter((entry): entry is string => typeof entry === "string")
+    .map((entry) => entry.replace(/^\.\//, "").replace(/\/+$/, ""))
+    .filter(Boolean);
+
+  if (normalized.length === 0) {
+    return null;
+  }
+
+  return [...new Set(["package.json", ...normalized])];
 }
 
 interface ParsedReleaseTag {

package/src/review/agent-loader.ts

@@ -143,14 +143,12 @@ export function ensureDefaultReviewAgents(paths: PlatformPaths, cwd: string): vo
   const agentsDir = getReviewAgentsDir(paths, cwd);
   fs.mkdirSync(agentsDir, { recursive: true });
 
-  for (const [fileName, content] of Object.entries(DEFAULT_AGENT_TEMPLATES)) {
-    writeIfMissing(path.join(agentsDir, fileName), content);
-  }
-
+  // Default agent markdown files are installed globally only.
   writeIfMissing(getReviewAgentsConfigPath(paths, cwd), buildDefaultConfigText());
 }
 
 export async function loadReviewAgentsConfig(paths: PlatformPaths, cwd: string): Promise<ReviewAgentsConfig> {
+  ensureGlobalDefaultReviewAgents(paths);
   ensureDefaultReviewAgents(paths, cwd);
   return validateReviewAgentsConfig(await importYamlFile(getReviewAgentsConfigPath(paths, cwd)));
 }
@@ -158,20 +156,25 @@ export async function loadReviewAgentsConfig(paths: PlatformPaths, cwd: string):
 export async function loadReviewAgents(paths: PlatformPaths, cwd: string): Promise<LoadedReviewAgents> {
   const agentsDir = getReviewAgentsDir(paths, cwd);
   const configPath = getReviewAgentsConfigPath(paths, cwd);
+  const globalAgentsDir = getGlobalReviewAgentsDir(paths);
   const config = await loadReviewAgentsConfig(paths, cwd);
 
   const agents = config.agents
     .filter((agent) => agent.enabled)
     .map((agent) => {
-      const filePath = path.join(agentsDir, agent.data);
+      const projectFilePath = path.join(agentsDir, agent.data);
+      const globalFilePath = path.join(globalAgentsDir, agent.data);
+      const filePath = fs.existsSync(projectFilePath) ? projectFilePath : globalFilePath;
       if (!fs.existsSync(filePath)) {
-        throw new Error(`Configured review agent file does not exist: ${filePath}`);
+        throw new Error(
+          `Configured review agent file does not exist in project or global scope: ${agent.data}`
+        );
       }
 
       const definition = parseReviewAgentMarkdown(fs.readFileSync(filePath, "utf-8"), filePath);
       if (definition.name !== agent.name) {
         throw new Error(
-          `Configured agent name \"${agent.name}\" does not match frontmatter name \"${definition.name}\" in ${filePath}.`,
+          `Configured agent name "${agent.name}" does not match frontmatter name "${definition.name}" in ${filePath}.`,
         );
       }
 
@@ -263,16 +266,17 @@ export async function loadMergedReviewAgents(
   const globalResult = await loadGlobalReviewAgents(paths);
   const projectResult = await loadReviewAgents(paths, cwd);
 
+  // Project config is authoritative: any agent named in the project config
+  // (enabled or disabled) shadows the global version with the same name.
+  const projectConfigNames = new Set(projectResult.config.agents.map((a) => a.name));
+  const uniqueGlobalAgents = globalResult.agents.filter((a) => !projectConfigNames.has(a.name));
+
   // Tag project agents with scope
   const projectAgents = projectResult.agents.map((agent) => ({
     ...agent,
     scope: "project" as const,
   }));
 
-  // Project agents override global agents with the same name
-  const projectNames = new Set(projectAgents.map((a) => a.name));
-  const uniqueGlobalAgents = globalResult.agents.filter((a) => !projectNames.has(a.name));
-
   return {
     agentsDir: projectResult.agentsDir,
     configPath: projectResult.configPath,