diff --git a/.config/opencode/.cursorrules b/.config/opencode/.cursorrules new file mode 100644 index 0000000..8950fe7 --- /dev/null +++ b/.config/opencode/.cursorrules @@ -0,0 +1,52 @@ +# OpenCode Agent Configuration + +This repository contains the multi-agent configuration for OpenCode, defining agent roles, permissions, quality pipelines, and project memory conventions. + +## Project Structure + +``` +opencode.jsonc # Main config: default agent, plugins, permissions, MCP servers +agents/ # Agent definitions (one .md per agent) + lead.md # Primary orchestrator + coder.md # Implementation agent + reviewer.md # Code review (read-only code, writes .memory/*) + tester.md # Test validation (writes .memory/*) + explorer.md # Codebase mapping (read-only code, writes .memory/*) + researcher.md # Technical investigation (writes .memory/*) + librarian.md # Documentation specialist (full edit) + critic.md # Plan review gate (writes .memory/*) + sme.md # Domain expert (writes .memory/*) + designer.md # UI/UX guidance (writes .memory/*) +.memory/ # Persistent project memory (knowledge, decisions, plans, research) +AGENTS.md # OpenCode instruction file +CLAUDE.md # Claude Code instruction file +.github/copilot-instructions.md # GitHub Copilot instruction file +.cursorrules # This file (Cursor instruction file) +``` + +## Agent Permission Model + +- **Full edit access:** `lead`, `coder`, `librarian`. +- **Memory-only edit access:** `reviewer`, `tester`, `explorer`, `researcher`, `critic`, `sme`, `designer` — `permission.edit: allow` in config, but instructions restrict edits to `.memory/*` only. Code/source edits remain read-only. +- OpenCode does not support path-scoped `permission.edit`, so guardrails are instruction-level. + +## Memory System + +`.memory/` is the persistent project knowledge store: +- `knowledge.md` — architecture, patterns, key concepts +- `decisions.md` — architecture decisions, design choices +- `plans/.md` — active plans with tasks and statuses +- `research/.md` — research findings + +Workflow: read relevant `.memory/` files → work → update `.memory/` files with outcomes. + +## Quality Pipeline + +Standard flow: `explorer/researcher → coder → reviewer → tester → librarian`. +Three tiers based on change scope (Tier 1: full, Tier 2: standard, Tier 3: fast). + +## Conventions + +- Cross-tool instruction files (`AGENTS.md`, `CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules`) must stay synchronized. +- `.memory/knowledge.md` is the canonical source of truth; instruction files are derived views. +- Recording discipline: record only outcomes/decisions/discoveries in `.memory/`, never ceremony checkpoints. diff --git a/.config/opencode/.github/copilot-instructions.md b/.config/opencode/.github/copilot-instructions.md new file mode 100644 index 0000000..944cc73 --- /dev/null +++ b/.config/opencode/.github/copilot-instructions.md @@ -0,0 +1,52 @@ +# OpenCode Agent Configuration + +This repository contains the multi-agent configuration for OpenCode, defining agent roles, permissions, quality pipelines, and project memory conventions. + +## Project Structure + +``` +opencode.jsonc # Main config: default agent, plugins, permissions, MCP servers +agents/ # Agent definitions (one .md per agent) + lead.md # Primary orchestrator + coder.md # Implementation agent + reviewer.md # Code review (read-only code, writes .memory/*) + tester.md # Test validation (writes .memory/*) + explorer.md # Codebase mapping (read-only code, writes .memory/*) + researcher.md # Technical investigation (writes .memory/*) + librarian.md # Documentation specialist (full edit) + critic.md # Plan review gate (writes .memory/*) + sme.md # Domain expert (writes .memory/*) + designer.md # UI/UX guidance (writes .memory/*) +.memory/ # Persistent project memory (knowledge, decisions, plans, research) +AGENTS.md # OpenCode instruction file +CLAUDE.md # Claude Code instruction file +.github/copilot-instructions.md # This file (GitHub Copilot instruction file) +.cursorrules # Cursor instruction file +``` + +## Agent Permission Model + +- **Full edit access:** `lead`, `coder`, `librarian`. +- **Memory-only edit access:** `reviewer`, `tester`, `explorer`, `researcher`, `critic`, `sme`, `designer` — `permission.edit: allow` in config, but instructions restrict edits to `.memory/*` only. Code/source edits remain read-only. +- OpenCode does not support path-scoped `permission.edit`, so guardrails are instruction-level. + +## Memory System + +`.memory/` is the persistent project knowledge store: +- `knowledge.md` — architecture, patterns, key concepts +- `decisions.md` — architecture decisions, design choices +- `plans/.md` — active plans with tasks and statuses +- `research/.md` — research findings + +Workflow: read relevant `.memory/` files → work → update `.memory/` files with outcomes. + +## Quality Pipeline + +Standard flow: `explorer/researcher → coder → reviewer → tester → librarian`. +Three tiers based on change scope (Tier 1: full, Tier 2: standard, Tier 3: fast). + +## Conventions + +- Cross-tool instruction files (`AGENTS.md`, `CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules`) must stay synchronized. +- `.memory/knowledge.md` is the canonical source of truth; instruction files are derived views. +- Recording discipline: record only outcomes/decisions/discoveries in `.memory/`, never ceremony checkpoints. diff --git a/.config/opencode/.memory/decisions.md b/.config/opencode/.memory/decisions.md new file mode 100644 index 0000000..a7bf530 --- /dev/null +++ b/.config/opencode/.memory/decisions.md @@ -0,0 +1,16 @@ +## Agent Memory Write Access + +**Decision:** Enable `permission.edit: allow` for all seven agents with memory recording duties (reviewer, tester, explorer, researcher, critic, sme, designer) so they can write `.memory/*` files directly. + +**Rationale:** These agents have explicit memory duties (recording verdicts, discoveries, research findings, guidance, design decisions) but previously had `permission.edit: deny`, making those duties impossible. The lead had to relay all memory writes, losing fidelity and adding overhead. + +**Implementation:** +- Changed `permission.edit: deny` → `permission.edit: allow` in all seven agent files. +- Added instruction-level guardrails in each agent to restrict edits to `.memory/*` only (code/source remains read-only). +- Path-scoped `permission.edit` is not supported by OpenCode, so instruction-level guardrails are the enforcement mechanism. + +**Affected files:** `agents/reviewer.md`, `agents/tester.md`, `agents/explorer.md`, `agents/researcher.md`, `agents/critic.md`, `agents/sme.md`, `agents/designer.md`. + +**Risk:** Agents could theoretically edit non-memory files since the config-level permission is `allow`. Mitigation is instruction-level enforcement, which is effective but not mechanical. + +See [Plan: Agent Memory Write Access](plans/agent-memory-write-access.md) | See [Knowledge: Permission Model](knowledge.md#permission-model) diff --git a/.config/opencode/.memory/knowledge.md b/.config/opencode/.memory/knowledge.md new file mode 100644 index 0000000..ad26a48 --- /dev/null +++ b/.config/opencode/.memory/knowledge.md @@ -0,0 +1,39 @@ +## Project Overview + +This is the OpenCode agentic configuration for a multi-agent coding workflow. It defines agent roles, permissions, quality pipelines, and project memory conventions used across all projects that load this config. + +- **Config root:** `~/.config/opencode/` +- **Config file:** `opencode.jsonc` — defines default agent, plugins, global permissions, and MCP servers. +- **Agent definitions:** `agents/*.md` — one file per agent with YAML frontmatter (model, permissions, temperature) and markdown instructions. +- **Memory system:** `.memory/` — persistent project knowledge, decisions, plans, and research in markdown. +- **Cross-tool instruction files:** `AGENTS.md`, `CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules` — derived views of project knowledge for different agentic tools. + +## Agent Architecture + +10 agents with distinct roles, models, and permission profiles. See [Agent Roster in AGENTS.md](../AGENTS.md#agent-roster) for the full table. + +### Permission Model + +- **Full edit access:** `lead`, `coder`, `librarian`. +- **Memory-only edit access:** `reviewer`, `tester`, `explorer`, `researcher`, `critic`, `sme`, `designer` — these agents have `permission.edit: allow` but are instructed to keep code/source edits read-only. Their edit permission exists solely to support `.memory/*` writes for recording duties (verdicts, discoveries, research, guidance, design decisions). +- **No edit access:** none (all agents can write `.memory/*`). + +See [Decision: Agent Memory Write Access](decisions.md#agent-memory-write-access) for rationale and guardrails. + +### Memory Write Guardrails + +Agents with memory-only edit access are constrained by instruction-level guardrails (not path-scoped config, which OpenCode does not support): + +1. Each agent's instructions explicitly state: "`.memory/*` writes are allowed for [specific duty]; code/source edits remain read-only." +2. Each agent's instructions list tool restrictions (e.g., "Disallowed: non-memory file edits"). +3. The `permission.edit: allow` fallback is necessary because OpenCode's `permission.edit` does not support path-scoped allow/deny syntax. + +## Quality Pipeline + +Tiered pipeline (Tier 1/2/3) defined in `agents/lead.md`. Standard flow: `explorer/researcher → coder → reviewer → tester → librarian`. + +## MCP Servers + +- **Context7:** Remote documentation lookup (`https://mcp.context7.com/mcp`) +- **GitHub Grep:** Remote code search across public repos (`https://mcp.grep.app`) +- **Playwright:** Local headless Chromium for UI testing diff --git a/.config/opencode/.memory/plans/agent-memory-write-access.md b/.config/opencode/.memory/plans/agent-memory-write-access.md new file mode 100644 index 0000000..f648292 --- /dev/null +++ b/.config/opencode/.memory/plans/agent-memory-write-access.md @@ -0,0 +1,46 @@ +# Plan: enable agent memory write access + +## Goal +Allow non-lead agents (starting with reviewer) to write updates into `.memory/` so findings and decisions are not lost between delegations. + +## Tasks +- [x] Discover where agent capabilities/tool permissions are defined and which agents currently cannot write memory. + - **Acceptance criteria:** exact config file(s), current restrictions, and required change identified. ✅ + - **Assigned agent:** explorer + - **Findings:** + - Root cause: `permission.edit: deny` in `agents/reviewer.md`, `agents/explorer.md`, `agents/tester.md`, `agents/critic.md`, `agents/designer.md`, `agents/researcher.md`, and `agents/sme.md`. + - Conflict: these agents also have memory duties requiring writes to `.memory/*`, making duties impossible under current permissions. + - `agents/librarian.md`, `agents/coder.md`, and `agents/lead.md` do not deny edit and are unaffected. + - `opencode.jsonc` does not define a global edit permission override. + - Additional consistency update needed: `AGENTS.md` reviewer row should clarify "read-only" refers to code-review behavior, while `.memory/*` writes are allowed. + - **Dependencies:** none + - **Workstream:** `main` + - **Coder dispatch scope:** N/A (discovery) + +- [x] Implement configuration/instruction updates so all intended agents can write `.memory/*`. + - **Acceptance criteria:** config/instructions updated; reviewer specifically can write memory; no conflicting rule remains. + - **Assigned agent:** coder + - **Dependencies:** discovery output + - **Workstream:** `main` + - **Coder dispatch scope:** single feature — “memory write capability for agents” + - **Implementation note:** Used fallback `edit: allow` for the seven affected agents because repo-local configs provide no confirmed path-scoped `permission.edit` syntax. Guardrails were tightened in each affected prompt to explicitly keep code/source edits read-only and allow writes only for `.memory/*` duties. + +- [x] Quality gate the change (correctness review + static validation). + - **Acceptance criteria:** reviewer approves and static validation confirms permissions and instructions are coherent. ✅ + - **Assigned agent:** reviewer + tester + - **Outcome:** reviewer `APPROVED` (score 0), tester `PASS`; only low-severity wording suggestions (description-level “read-only” phrasing in reviewer/explorer) with no functional contradiction. + - **Dependencies:** implementation complete + - **Workstream:** `main` + - **Coder dispatch scope:** N/A + +- [x] Documentation coverage and memory updates. + - **Acceptance criteria:** relevant instructions/docs updated and `.memory/knowledge.md` captures the new policy. ✅ + - **Assigned agent:** librarian + - **Dependencies:** quality gate complete + - **Workstream:** `main` + - **Coder dispatch scope:** N/A + - **Outcome:** Created `.memory/knowledge.md` with permission model and guardrails documentation. Created `.memory/decisions.md` with decision record cross-referencing this plan. Updated `AGENTS.md` roster to describe memory-write duties for all seven agents. Created three missing cross-tool instruction files (`CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules`) with synchronized project knowledge including the agent permission model. + +## Critic gate +- Verdict: `APPROVED` +- Caveat: validate whether `permission.edit` supports path-scoped allow/deny syntax. If unsupported, use fallback `edit: allow` and keep behavior guardrails in agent instructions. diff --git a/.config/opencode/AGENTS.md b/.config/opencode/AGENTS.md index da7c50c..d832512 100644 --- a/.config/opencode/AGENTS.md +++ b/.config/opencode/AGENTS.md @@ -65,14 +65,16 @@ Be specific in summaries: include parameter names, defaults, file locations, and |---|---|---| | `lead` | Primary orchestrator that decomposes work, delegates, and synthesizes outcomes. | `github-copilot/claude-opus-4` (global default) | | `coder` | Implementation-focused coding agent for reliable code changes. | `github-copilot/gpt-5.3-codex` | -| `reviewer` | Read-only quality gate for correctness and security review. | `github-copilot/claude-opus-4.6` | -| `tester` | Validation agent for standard + adversarial testing and Playwright UI checks. | `github-copilot/claude-sonnet-4.6` | -| `explorer` | Fast read-only codebase mapper for impact surface and dependencies. | `github-copilot/claude-sonnet-4.6` | -| `researcher` | Deep technical investigator across code, docs, and external references. | `github-copilot/claude-opus-4.6` | +| `reviewer` | Read-only code/source review; writes `.memory/*` for verdict records. | `github-copilot/claude-opus-4.6` | +| `tester` | Validation agent for standard + adversarial testing; writes `.memory/*` for test outcomes. | `github-copilot/claude-sonnet-4.6` | +| `explorer` | Fast read-only codebase mapper; writes `.memory/*` for discovery records. | `github-copilot/claude-sonnet-4.6` | +| `researcher` | Deep technical investigator; writes `.memory/*` for research findings. | `github-copilot/claude-opus-4.6` | | `librarian` | Documentation coverage and accuracy specialist. | `github-copilot/claude-opus-4.6` | -| `critic` | Pre-implementation gate and blocker sounding board. | `github-copilot/claude-opus-4.6` | -| `sme` | Subject-matter expert for domain-specific consultation. | `github-copilot/claude-opus-4.6` | -| `designer` | UI/UX specialist for interaction and visual guidance. | `github-copilot/claude-sonnet-4.6` | +| `critic` | Pre-implementation gate and blocker sounding board; writes `.memory/*` for verdicts. | `github-copilot/claude-opus-4.6` | +| `sme` | Subject-matter expert for domain-specific consultation; writes `.memory/*` for guidance cache. | `github-copilot/claude-opus-4.6` | +| `designer` | UI/UX specialist for interaction and visual guidance; writes `.memory/*` for design decisions. | `github-copilot/claude-sonnet-4.6` | + +All agents except `lead`, `coder`, and `librarian` are code/source read-only but have `permission.edit: allow` scoped to `.memory/*` writes for their recording duties. The `lead` and `librarian` have full edit access; `coder` has full edit access for implementation. ## Parallelization diff --git a/.config/opencode/CLAUDE.md b/.config/opencode/CLAUDE.md new file mode 100644 index 0000000..6b458d4 --- /dev/null +++ b/.config/opencode/CLAUDE.md @@ -0,0 +1,52 @@ +# OpenCode Agent Configuration + +This repository contains the multi-agent configuration for OpenCode, defining agent roles, permissions, quality pipelines, and project memory conventions. + +## Project Structure + +``` +opencode.jsonc # Main config: default agent, plugins, permissions, MCP servers +agents/ # Agent definitions (one .md per agent) + lead.md # Primary orchestrator + coder.md # Implementation agent + reviewer.md # Code review (read-only code, writes .memory/*) + tester.md # Test validation (writes .memory/*) + explorer.md # Codebase mapping (read-only code, writes .memory/*) + researcher.md # Technical investigation (writes .memory/*) + librarian.md # Documentation specialist (full edit) + critic.md # Plan review gate (writes .memory/*) + sme.md # Domain expert (writes .memory/*) + designer.md # UI/UX guidance (writes .memory/*) +.memory/ # Persistent project memory (knowledge, decisions, plans, research) +AGENTS.md # OpenCode instruction file +CLAUDE.md # This file (Claude Code instruction file) +.github/copilot-instructions.md # GitHub Copilot instruction file +.cursorrules # Cursor instruction file +``` + +## Agent Permission Model + +- **Full edit access:** `lead`, `coder`, `librarian`. +- **Memory-only edit access:** `reviewer`, `tester`, `explorer`, `researcher`, `critic`, `sme`, `designer` — `permission.edit: allow` in config, but instructions restrict edits to `.memory/*` only. Code/source edits remain read-only. +- OpenCode does not support path-scoped `permission.edit`, so guardrails are instruction-level. + +## Memory System + +`.memory/` is the persistent project knowledge store: +- `knowledge.md` — architecture, patterns, key concepts +- `decisions.md` — architecture decisions, design choices +- `plans/.md` — active plans with tasks and statuses +- `research/.md` — research findings + +Workflow: read relevant `.memory/` files → work → update `.memory/` files with outcomes. + +## Quality Pipeline + +Standard flow: `explorer/researcher → coder → reviewer → tester → librarian`. +Three tiers based on change scope (Tier 1: full, Tier 2: standard, Tier 3: fast). + +## Conventions + +- Cross-tool instruction files (`AGENTS.md`, `CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules`) must stay synchronized. +- `.memory/knowledge.md` is the canonical source of truth; instruction files are derived views. +- Recording discipline: record only outcomes/decisions/discoveries in `.memory/`, never ceremony checkpoints. diff --git a/.config/opencode/agents/critic.md b/.config/opencode/agents/critic.md index 79197d6..e45898d 100644 --- a/.config/opencode/agents/critic.md +++ b/.config/opencode/agents/critic.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-opus-4.6 temperature: 0.2 permission: - edit: deny + edit: allow bash: deny webfetch: deny websearch: deny @@ -22,7 +22,7 @@ Purpose: Tool restrictions: - Allowed: `read`, `glob`, and `grep`. -- Disallowed: file edits, shell commands, and web tools. +- Disallowed: non-memory file edits, shell commands, and web tools. Roles: @@ -81,4 +81,5 @@ Memory file duty: - After issuing a CRITIC-GATE verdict, record it in `.memory/decisions.md` as a markdown section. - Summary must include the verdict and concise rationale. - Add file references when specific files were evaluated, and cross-reference the active plan file when applicable. +- `.memory/*` writes required for this duty are explicitly allowed; code/source edits remain read-only. - Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. diff --git a/.config/opencode/agents/designer.md b/.config/opencode/agents/designer.md index 40b5af5..30a482d 100644 --- a/.config/opencode/agents/designer.md +++ b/.config/opencode/agents/designer.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-sonnet-4.6 temperature: 0.4 permission: - edit: deny + edit: allow bash: deny websearch: deny webfetch: deny @@ -21,7 +21,7 @@ Purpose: Tool restrictions: - Allowed: `read`, `glob`, and `grep`. -- Disallowed: file edits, shell commands, and web tools. +- Disallowed: non-memory file edits, shell commands, and web tools. When invoked: @@ -55,4 +55,5 @@ Memory file duty: - After significant design decisions, record them in `.memory/decisions.md` as markdown sections. - Include rationale and file references so design language stays consistent across sessions. +- `.memory/*` writes required for this duty are explicitly allowed; code/source edits remain read-only. - Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. diff --git a/.config/opencode/agents/explorer.md b/.config/opencode/agents/explorer.md index 2445c5f..e15cba4 100644 --- a/.config/opencode/agents/explorer.md +++ b/.config/opencode/agents/explorer.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-sonnet-4.6 temperature: 0.1 permission: - edit: deny + edit: allow bash: deny webfetch: deny websearch: deny @@ -23,10 +23,11 @@ Operating rules: 1. Read relevant `.memory/*.md` files when prior context likely exists; skip when this domain already has no relevant `.memory/` entries this session. 2. Use read-only tools to gather architecture context. 3. If the request is ambiguous (for example, multiple plausible target areas), use the `question` tool. -4. Do not write files or execute shell commands. +4. Do not write non-memory files or execute shell commands. 5. Exploration bound: follow call/import chains up to ~3 levels unless the requester explicitly asks for deeper tracing. 6. If significant architectural discoveries are made, record outcomes in the relevant `.memory/` files and link related sections with markdown cross-references. 7. Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. +8. `.memory/*` writes are allowed for recording duties; code/source edits remain read-only. Required output contract (required): diff --git a/.config/opencode/agents/researcher.md b/.config/opencode/agents/researcher.md index 35cc974..d854f3f 100644 --- a/.config/opencode/agents/researcher.md +++ b/.config/opencode/agents/researcher.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-opus-4.6 temperature: 0.2 permission: - edit: deny + edit: allow bash: deny --- @@ -20,12 +20,13 @@ Operating rules: 1. Read relevant `.memory/*.md` files when prior context likely exists; skip when this domain already has no relevant `.memory/` entries this session. 2. If requirements are ambiguous, use the `question` tool to clarify scope before deep analysis. 3. After meaningful research, record durable insights in the relevant `.memory/` files with rationale, file refs, and markdown cross-references. -4. Do not modify files or run shell commands. +4. Do not modify non-memory files or run shell commands. 5. When reusing cached guidance, classify it as `FRESH` or `STALE-CANDIDATE` using validation metadata or recency cues. 6. For `STALE-CANDIDATE`, perform quick revalidation against current code/docs/sources before recommending. 7. Include a compact freshness note per key recommendation in output. 8. Use the lead.md freshness metadata schema for notes/updates: `confidence`, `last_validated`, `volatility`, `review_after_days`, `validation_count`, `contradiction_count`. 9. Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. +10. `.memory/*` writes are allowed for research recording duties; code/source edits remain read-only. Output style: diff --git a/.config/opencode/agents/reviewer.md b/.config/opencode/agents/reviewer.md index dae44aa..052e19b 100644 --- a/.config/opencode/agents/reviewer.md +++ b/.config/opencode/agents/reviewer.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-opus-4.6 temperature: 0.3 permission: - edit: deny + edit: allow bash: deny webfetch: deny websearch: deny @@ -27,7 +27,7 @@ Pipeline position: Operating rules: 1. Read relevant `.memory/*.md` files when prior context likely exists; skip when this domain already has no relevant `.memory/` entries this session. -2. Use read-only analysis; do not edit files or run shell commands. +2. Use read-only analysis for code/source files; do not edit non-memory files or run shell commands. 3. If review criteria are unclear, use the `question` tool. 4. Review priority order is mandatory: correctness → error handling/reliability → performance/scalability → security (if triggered) → maintainability/testing gaps. 5. Do not front-load style-only comments before functional risks. @@ -149,4 +149,5 @@ Memory file duty: - After issuing a verdict, record it in `.memory/decisions.md` as a markdown section. - Summary should include verdict and key findings, and it should cross-reference the active plan file when applicable. +- `.memory/*` writes required for this duty are explicitly allowed; code/source edits remain read-only. - Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. diff --git a/.config/opencode/agents/sme.md b/.config/opencode/agents/sme.md index be6cbaa..5660068 100644 --- a/.config/opencode/agents/sme.md +++ b/.config/opencode/agents/sme.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-opus-4.6 temperature: 0.3 permission: - edit: deny + edit: allow bash: deny --- @@ -18,7 +18,7 @@ Purpose: Tool restrictions: - Allowed: `read`, `glob`, `grep`, `webfetch`, `websearch`, and `codesearch`. -- Disallowed: file edits and shell commands. +- Disallowed: non-memory file edits and shell commands. Guidance caching rule (critical): @@ -32,6 +32,7 @@ Guidance caching rule (critical): 6. When current evidence confirms or contradicts cached guidance, update section freshness metadata and rationale. 7. Use the lead.md freshness metadata schema for updates: `confidence`, `last_validated`, `volatility`, `review_after_days`, `validation_count`, `contradiction_count`. 8. Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. +9. `.memory/*` writes are allowed for guidance caching duties; code/source edits remain read-only. Workflow: diff --git a/.config/opencode/agents/tester.md b/.config/opencode/agents/tester.md index dfa682e..a0b04e9 100644 --- a/.config/opencode/agents/tester.md +++ b/.config/opencode/agents/tester.md @@ -4,7 +4,7 @@ mode: subagent model: github-copilot/claude-sonnet-4.6 temperature: 0.1 permission: - edit: deny + edit: allow bash: "uv run pytest*": allow "uv run python -m pytest*": allow @@ -46,7 +46,7 @@ Operating rules: 2. Run only test-related commands. 3. Prefer `uv run pytest` patterns when testing Python projects. 4. If test scope is ambiguous, use the `question` tool. -5. Do not modify files. +5. Do not modify non-memory files. 6. **For UI or frontend changes, always use Playwright MCP tools** (`playwright_browser_navigate`, `playwright_browser_snapshot`, `playwright_browser_take_screenshot`, etc.) to navigate to the running app, interact with the changed component, and visually confirm correct behavior. A code-only review is not sufficient for UI changes. 7. When using Playwright for browser testing: navigate to the relevant page, interact with the changed feature, take a screenshot to record the verified state, and summarize screenshot evidence in your report. 8. **Clean up test artifacts.** After testing, delete any generated files (screenshots, temp files, logs). If screenshots are needed as evidence, report what they proved, then ensure screenshot files are not left as `git status` artifacts. @@ -108,6 +108,7 @@ Memory file duty: - After completing both passes (or recording a blocking failure), record the outcome in `.memory/decisions.md` as a markdown section. - Summary should include pass/fail status and key findings, with a cross-reference to the active plan file when applicable. +- `.memory/*` writes required for this duty are explicitly allowed; code/source edits remain read-only. - Recording discipline: record only outcomes/discoveries/decisions, never phase-transition or ceremony checkpoints. Infrastructure unavailability: