fix: enable memory writes for non-implementation agents

.config/opencode/.memory/plans/agent-memory-write-access.md

@@ -0,0 +1,46 @@
+# Plan: enable agent memory write access
+
+## Goal
+Allow non-lead agents (starting with reviewer) to write updates into `.memory/` so findings and decisions are not lost between delegations.
+
+## Tasks
+- [x] Discover where agent capabilities/tool permissions are defined and which agents currently cannot write memory.
+  - **Acceptance criteria:** exact config file(s), current restrictions, and required change identified. ✅
+  - **Assigned agent:** explorer
+  - **Findings:**
+    - Root cause: `permission.edit: deny` in `agents/reviewer.md`, `agents/explorer.md`, `agents/tester.md`, `agents/critic.md`, `agents/designer.md`, `agents/researcher.md`, and `agents/sme.md`.
+    - Conflict: these agents also have memory duties requiring writes to `.memory/*`, making duties impossible under current permissions.
+    - `agents/librarian.md`, `agents/coder.md`, and `agents/lead.md` do not deny edit and are unaffected.
+    - `opencode.jsonc` does not define a global edit permission override.
+    - Additional consistency update needed: `AGENTS.md` reviewer row should clarify "read-only" refers to code-review behavior, while `.memory/*` writes are allowed.
+  - **Dependencies:** none
+  - **Workstream:** `main`
+  - **Coder dispatch scope:** N/A (discovery)
+
+- [x] Implement configuration/instruction updates so all intended agents can write `.memory/*`.
+  - **Acceptance criteria:** config/instructions updated; reviewer specifically can write memory; no conflicting rule remains.
+  - **Assigned agent:** coder
+  - **Dependencies:** discovery output
+  - **Workstream:** `main`
+  - **Coder dispatch scope:** single feature — “memory write capability for agents”
+  - **Implementation note:** Used fallback `edit: allow` for the seven affected agents because repo-local configs provide no confirmed path-scoped `permission.edit` syntax. Guardrails were tightened in each affected prompt to explicitly keep code/source edits read-only and allow writes only for `.memory/*` duties.
+
+- [x] Quality gate the change (correctness review + static validation).
+  - **Acceptance criteria:** reviewer approves and static validation confirms permissions and instructions are coherent. ✅
+  - **Assigned agent:** reviewer + tester
+  - **Outcome:** reviewer `APPROVED` (score 0), tester `PASS`; only low-severity wording suggestions (description-level “read-only” phrasing in reviewer/explorer) with no functional contradiction.
+  - **Dependencies:** implementation complete
+  - **Workstream:** `main`
+  - **Coder dispatch scope:** N/A
+
+- [x] Documentation coverage and memory updates.
+  - **Acceptance criteria:** relevant instructions/docs updated and `.memory/knowledge.md` captures the new policy. ✅
+  - **Assigned agent:** librarian
+  - **Dependencies:** quality gate complete
+  - **Workstream:** `main`
+  - **Coder dispatch scope:** N/A
+  - **Outcome:** Created `.memory/knowledge.md` with permission model and guardrails documentation. Created `.memory/decisions.md` with decision record cross-referencing this plan. Updated `AGENTS.md` roster to describe memory-write duties for all seven agents. Created three missing cross-tool instruction files (`CLAUDE.md`, `.github/copilot-instructions.md`, `.cursorrules`) with synchronized project knowledge including the agent permission model.
+
+## Critic gate
+- Verdict: `APPROVED`
+- Caveat: validate whether `permission.edit` supports path-scoped allow/deny syntax. If unsupported, use fallback `edit: allow` and keep behavior guardrails in agent instructions.