Skip to content

feat(opencode): complete OpenCode agent setup - add 10 missing agent prompts#726

Merged
affaan-m merged 4 commits into
affaan-m:mainfrom
nayanjaiswal1:feat/opencode-complete-agents-setup
Mar 31, 2026
Merged

feat(opencode): complete OpenCode agent setup - add 10 missing agent prompts#726
affaan-m merged 4 commits into
affaan-m:mainfrom
nayanjaiswal1:feat/opencode-complete-agents-setup

Conversation

@nayanjaiswal1

@nayanjaiswal1 nayanjaiswal1 commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add 10 missing OpenCode agent prompt files for: cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer
  • Update opencode.json to register all 24 agents (previously only 14 were configured)
  • Removed chief-of-staff agent (outside ECC scope per review)

Type

  • Agent

Testing

  • Verified JSON syntax is valid
  • All 24 agents now have corresponding prompt files in .opencode/prompts/agents/
  • opencode.json updated with all agent configurations
  • AGENTS.md updated with correct agent count (27)

Checklist

  • Follows format guidelines
  • Tested with OpenCode
  • No sensitive info (API keys, paths)
  • Clear descriptions

Summary by CodeRabbit

  • New Features

    • Added specialized reviewer agents for C++, Java, Kotlin, Python, and Rust.
    • Added build-resolver agents for C++, Java, Kotlin, and Rust to diagnose and remediate build failures.
    • Added docs-lookup, harness-optimizer, and loop-operator agents.
  • Documentation

    • Updated agent roster: docs-lookup now emphasizes Context7-based lookup; chief-of-staff entry removed.

@ecc-tools

ecc-tools Bot commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@coderabbitai

coderabbitai Bot commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 61fa0dea-2844-4e60-a48b-e6a084f47d56

📥 Commits

Reviewing files that changed from the base of the PR and between 52fda6c and 64b73d1.

📒 Files selected for processing (1)
  • AGENTS.md
🚧 Files skipped from review as they are similar to previous changes (1)
  • AGENTS.md

📝 Walkthrough

Walkthrough

Added 13 new subagent entries and corresponding prompt files to OpenCode: language-specific reviewers and build-resolvers (C++, Java, Kotlin, Python, Rust), plus docs-lookup, harness-optimizer, and loop-operator; each agent includes mode, model, prompt reference, and tool permission settings.

Changes

Cohort / File(s) Summary
Agent Configuration
\.opencode/opencode.json
Added 13 subagent registrations (chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer, rust-reviewer, rust-build-resolver) with model assignments, mode: "subagent", prompt file references, and per-agent tool permission configurations.
C++ prompts
\.opencode/prompts/agents/cpp-reviewer.txt, \.opencode/prompts/agents/cpp-build-resolver.txt
Added senior C++ reviewer prompt (memory safety, concurrency, RAII, tooling suggestions) and a CMake-focused build-resolver prompt with diagnostic loop, clang-tidy/cppcheck runs, error-pattern mappings, and standardized reporting.
Java prompts
\.opencode/prompts/agents/java-reviewer.txt, \.opencode/prompts/agents/java-build-resolver.txt
Added Java reviewer (security, Spring/JPA/concurrency checks, escalation rules) and build-resolver (Maven/Gradle detection, dependency/annotation-processor troubleshooting, remediation loop).
Kotlin prompts
\.opencode/prompts/agents/kotlin-reviewer.txt, \.opencode/prompts/agents/kotlin-build-resolver.txt
Added Kotlin reviewer (Android/KMP concerns, coroutines, Compose, lifecycle) and Gradle-based build-resolver with detekt/ktlint guidance and Kotlin-specific compiler fix patterns.
Python prompt
\.opencode/prompts/agents/python-reviewer.txt
Added Python reviewer prompt covering security (injection, unsafe deserialization), error handling, typing, Pythonic patterns, and framework-specific cues; includes static-analysis/tooling commands and templated output.
Rust prompts
\.opencode/prompts/agents/rust-reviewer.txt, \.opencode/prompts/agents/rust-build-resolver.txt
Added Rust reviewer and build-resolver prompt stubs referenced in config for borrow-checker/memory-safety focus and build error resolution workflows.
Utility prompts
\.opencode/prompts/agents/docs-lookup.txt, \.opencode/prompts/agents/harness-optimizer.txt, \.opencode/prompts/agents/loop-operator.txt
Added docs-lookup using Context7 MCP calls (resolve-library-id → query-docs) with tool-call limits and prompt-injection defenses; harness-optimizer for harness config tuning and measurable validation; loop-operator for autonomous loop orchestration with safety gates and stall detection.
Documentation
AGENTS.md
Updated agent roster: replaced docs-lookup description to reference Context7, removed chief-of-staff orchestration trigger entry, and adjusted roster text accordingly.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • affaan-m
  • gustavo075ncc

Poem

🐰🌱 Thirteen helpers hop into the glen,
Reviewers, fixers, and lookups all in—
C++, Java, Kotlin, Python, Rust,
Optimizers and loops that we can trust.
A tiny hop, a big code cheer—hooray!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and specifically summarizes the main change: adding 10 missing OpenCode agent prompt files to complete the agent setup.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@greptile-apps

greptile-apps Bot commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR completes the OpenCode agent harness by adding 10 missing language-specific agent prompt files (C++, Java, Kotlin, Python reviewers + their build resolvers, plus docs-lookup, harness-optimizer, and loop-operator) and registering all of them in opencode.json. It also removes the out-of-scope chief-of-staff agent. The prompt files themselves are well-written — each follows the established pattern with tiered severity levels, diagnostic commands, stop conditions, and references to companion skills.

Key issues found:

  • pytorch-build-resolver and typescript-reviewer listed in AGENTS.md but absent from opencode.json — these two agents appear in the agent table and will be presented to users as available, but they cannot be invoked because OpenCode only dispatches agents registered in opencode.json. Either add the missing entries or remove the rows until the configs exist.

  • AGENTS.md agent count is stale — the header and project-structure block both say "28 specialized agents," but removing chief-of-staff brings the table to 26 entries. The count was not decremented. The PR description also cites 27, so there is a three-way disagreement between the description (27), the file header (28), and the actual table (26).

  • Pre-existing open items from prior review threads (not repeated here): harness-optimizer and loop-operator are still missing the write key in their opencode.json tools blocks, and harness-optimizer's first workflow step references /harness-audit, a command that does not exist in opencode.json.

Confidence Score: 4/5

  • Safe to merge after fixing the phantom agent entries in AGENTS.md; the core prompt content is solid.
  • The 10 new prompt files are well-structured and consistent with existing patterns. The only genuinely new issues introduced by this PR are documentation inconsistencies in AGENTS.md (stale count, two phantom agent references). These don't break any of the 10 newly added agents but will mislead users who try to invoke pytorch-build-resolver or typescript-reviewer. The pre-existing harness-optimizer and loop-operator tool-permission gaps remain unaddressed from prior review threads but are not regressions from this PR. A targeted fix to AGENTS.md is all that is needed before merge.
  • AGENTS.md — stale agent count and two phantom agent references (pytorch-build-resolver, typescript-reviewer) that are listed but not registered in opencode.json.

Important Files Changed

Filename Overview
.opencode/opencode.json Registers 10 new agents (cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer). Two agents (harness-optimizer, loop-operator) omit the write key from their tools block — flagged in a prior review thread and still unresolved.
AGENTS.md Updated agent table and orchestration section. Chief-of-staff removed, but the "28 specialized agents" count was not decremented (table now has 26 rows). pytorch-build-resolver and typescript-reviewer are listed in the table but have no entry in opencode.json, making them non-functional phantom references.
.opencode/prompts/agents/docs-lookup.txt Clean documentation-lookup prompt with solid prompt-injection resistance for Context7 MCP responses. Rate-limiting on tool calls (max 3) and a graceful fallback when Context7 is unavailable. No issues found.
.opencode/prompts/agents/harness-optimizer.txt Step 1 instructs the agent to run /harness-audit, but that command is not registered in opencode.json — flagged in a prior review thread and still unaddressed. Agent will stall immediately on first invocation.
.opencode/prompts/agents/loop-operator.txt Solid loop-safety prompt with pre-execution validation checklist and explicit escalation conditions. Missing write key in opencode.json tools block (flagged in prior thread).

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    User([User Request]) --> OC[OpenCode Runtime]
    OC -->|reads| AGMD[AGENTS.md instructions]
    OC -->|loads| JSON[opencode.json agent registry]

    JSON --> Primary[build - primary agent]
    JSON --> Reviewers[Reviewer Agents]
    JSON --> Resolvers[Build Resolver Agents]
    JSON --> Ops[Operations Agents]

    Reviewers --> CPP_R[cpp-reviewer - NEW]
    Reviewers --> Java_R[java-reviewer - NEW]
    Reviewers --> Kotlin_R[kotlin-reviewer - NEW]
    Reviewers --> Python_R[python-reviewer - NEW]
    Reviewers --> Go_R[go-reviewer]
    Reviewers --> Rust_R[rust-reviewer]

    Resolvers --> CPP_B[cpp-build-resolver - NEW]
    Resolvers --> Java_B[java-build-resolver - NEW]
    Resolvers --> Kotlin_B[kotlin-build-resolver - NEW]
    Resolvers --> Go_B[go-build-resolver]
    Resolvers --> Rust_B[rust-build-resolver]

    Ops --> DocsL[docs-lookup - NEW]
    Ops --> HarnessO[harness-optimizer - NEW]
    Ops --> LoopOp[loop-operator - NEW]

    AGMD -.->|listed but missing from JSON| Ghost1[pytorch-build-resolver - WARNING]
    AGMD -.->|listed but missing from JSON| Ghost2[typescript-reviewer - WARNING]
    HarnessO -->|calls unregistered command| Audit[harness-audit - NOT FOUND]

    style Ghost1 fill:#ffcccc,stroke:#cc0000
    style Ghost2 fill:#ffcccc,stroke:#cc0000
    style Audit fill:#ffcccc,stroke:#cc0000
    style CPP_R fill:#ccffcc,stroke:#009900
    style Java_R fill:#ccffcc,stroke:#009900
    style Kotlin_R fill:#ccffcc,stroke:#009900
    style Python_R fill:#ccffcc,stroke:#009900
    style CPP_B fill:#ccffcc,stroke:#009900
    style Java_B fill:#ccffcc,stroke:#009900
    style Kotlin_B fill:#ccffcc,stroke:#009900
    style DocsL fill:#ccffcc,stroke:#009900
    style HarnessO fill:#ccffcc,stroke:#009900
    style LoopOp fill:#ccffcc,stroke:#009900
Loading

Reviews (6): Last reviewed commit: "Merge remote-tracking branch 'origin/mai..." | Re-trigger Greptile

Comment thread .opencode/prompts/agents/chief-of-staff.txt
Comment thread .opencode/opencode.json
Comment thread .opencode/opencode.json

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Nitpick comments (5)
.opencode/prompts/agents/harness-optimizer.txt (1)

24-27: Align output fields with /harness-audit contract

baseline scorecard is ambiguous against the command’s deterministic output (overall_score, category scores, top_actions). Please mirror those keys to keep downstream parsing stable.

Suggested output wording update
- - baseline scorecard
+ - baseline: overall_score/max_score + category scores + top_actions
  - applied changes
  - measured improvements
  - remaining risks
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/harness-optimizer.txt around lines 24 - 27, Replace
the ambiguous output fields in .opencode/prompts/agents/harness-optimizer.txt so
they mirror the /harness-audit contract: change the string "baseline scorecard"
to use the deterministic keys like "overall_score" (and include
category-specific score keys e.g., "security_score", "cost_score" as
applicable), map "applied changes" to "top_actions" (or an array of action
objects), ensure "measured improvements" emit explicit category score deltas
using the same category keys, and keep "remaining risks" as a clear
"remaining_risks" field; update any surrounding wording to emit those exact keys
so downstream parsing matches the /harness-audit schema.
.opencode/prompts/agents/python-reviewer.txt (1)

61-61: Avoid repo-specific coverage target in default diagnostics.

--cov=app assumes a package name that may not exist. Prefer a generic command or explicit placeholder.

Suggested prompt adjustment
-pytest --cov=app --cov-report=term-missing # Test coverage
+pytest --cov --cov-report=term-missing     # Test coverage (or replace with project package)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/python-reviewer.txt at line 61, Replace the
repo-specific pytest invocation that contains "--cov=app" (the line "pytest
--cov=app --cov-report=term-missing") with a generic or placeholder coverage
flag; update the prompt to use either no --cov option or a generic token like
"--cov=<package>" or "pytest --cov=<PACKAGE> --cov-report=term-missing" so the
default diagnostics do not assume a package named "app".
.opencode/prompts/agents/java-reviewer.txt (1)

64-70: Align diagnostic commands with detected build tool.

The prompt says to determine build tool first, but the command list still mixes Maven/Gradle goals unconditionally. Split the diagnostics into “Maven-only” and “Gradle-only” sections to reduce false failures.

Also applies to: 74-74

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt around lines 64 - 70, The command
list currently runs both Maven and Gradle goals unconditionally; update the
diagnostics in the prompt to split commands into Maven-only and Gradle-only
groups and invoke only the appropriate group based on the earlier detected build
tool (e.g., using the existing detection result for pom.xml vs build.gradle).
Specifically, replace the mixed sequence (mvn verify, ./gradlew check, ./mvnw
checkstyle:check, ./mvnw spotbugs:check, ./mvnw test, ./mvnw
dependency-check:check, grep ...) with two clearly labeled lists and ensure the
agent executes only the matching list for Maven or Gradle, and apply the same
change to the similar block referenced at lines 74-74.
.opencode/prompts/agents/kotlin-build-resolver.txt (2)

57-57: Avoid destructive cache deletion in baseline troubleshooting flow.

rm -rf .gradle/build-cache/ is heavy for a default diagnostic step and can slow iteration significantly. Keep this as a last-resort note, not a standard command.

Suggested prompt adjustment
-# Clear project-local Gradle build cache
-./gradlew clean && rm -rf .gradle/build-cache/
+# Clean build outputs (use cache deletion only as last resort)
+./gradlew clean
Based on learnings: Use build-error-resolver agent to analyze errors, fix incrementally, and verify after each fix.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/kotlin-build-resolver.txt at line 57, The
diagnostic step currently runs "./gradlew clean && rm -rf .gradle/build-cache/"
which dangerously deletes the Gradle build cache by default; change the prompt
in kotlin-build-resolver.txt so the default command is just "./gradlew clean"
(remove "&& rm -rf .gradle/build-cache/"), and instead add a short follow-up
note that "rm -rf .gradle/build-cache/" is a last-resort action to use only
after incremental fixes fail; also reference using the build-error-resolver
agent to analyze errors, apply fixes incrementally, and verify after each change
(mention build-error-resolver and the cleaned "./gradlew clean" command to
locate where to update).

73-77: Include Kotlin/Gradle version compatibility notes for compilerOptions syntax.

The compilerOptions block in the example requires Kotlin Gradle Plugin 1.8.0 or later. Add a note indicating the version requirement and fallback syntax for older projects:

Suggested addition after the code block
Note: compilerOptions syntax requires KGP 1.8.0+. For older versions (KGP < 1.8.0), use:

tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach {
    kotlinOptions {
        jvmTarget = "17"
        freeCompilerArgs += listOf("-Xjsr305=strict")
        allWarningsAsErrors = true
    }
}

This helps the agent handle builds with varying Kotlin versions gracefully.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/kotlin-build-resolver.txt around lines 73 - 77, Add
a compatibility note after the kotlin { compilerOptions { ... } } block that
states the compilerOptions syntax requires Kotlin Gradle Plugin (KGP) 1.8.0 or
newer and provide a fallback approach for older KGP versions (KGP < 1.8.0) using
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach
to set kotlinOptions (including jvmTarget, freeCompilerArgs and
allWarningsAsErrors) so agents working with older projects can apply the
equivalent settings.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.opencode/opencode.json:
- Around line 217-225: The docs-lookup agent entry currently grants only "read"
and "bash" tools but needs explicit Context7 MCP tool permissions; update the
"docs-lookup" object (the agent named "docs-lookup") to either add a
"permission" block granting "context7_*" tool access (e.g.,
"permission":{"tool":{"context7_*":"allow"}}) or add legacy explicit tool flags
for the required Context7 actions (e.g., include "context7_resolve-library-id":
true and "context7_query-docs": true under "tools") so the agent can call
resolve-library-id and query-docs without runtime permission prompts.

In @.opencode/prompts/agents/chief-of-staff.txt:
- Around line 69-77: The step "Git commit & push — Version-control all knowledge
file changes" in the post-send checklist introduces automatic external side
effects; change it to a safe, non-automatic workflow by replacing that line with
a queued/manual flow (e.g., "Git: Stage changes and queue for review; require
explicit approval to commit & push" or "Create local commit only; do NOT push
without approval"), and add a note that pushing requires explicit user
confirmation or an opt-in flag; update any related consumer text that assumes
auto-push behavior to reflect the new manual/queued commit flow.

In @.opencode/prompts/agents/cpp-build-resolver.txt:
- Around line 13-18: The current command sequence runs "cmake --build build"
before generating build files and may fail on clean environments; reorder the
steps so you run "cmake -B build -S ." (configure/generate) before "cmake
--build build" and keep the diagnostics lines (the tail/head wrappers and
"clang-tidy src/*.cpp -- -std=c++17") so the build-resolver agent config runs
configure first, then build, then static analysis to allow incremental
troubleshooting with the build-error-resolver agent.

In @.opencode/prompts/agents/java-build-resolver.txt:
- Line 44: The table row currently uses the British spelling "Initialise
variable before use" while nearby text uses US spelling ("Uninitialized");
update that cell to the US variant by changing "Initialise variable before use"
to "Initialize variable before use" so the wording is consistent across the
prompt.
- Around line 15-25: The prompt currently runs both Maven and Gradle commands
unconditionally; change it to detect the repo's build system first (look for
mvnw/mvn or pom.xml to pick Maven, gradlew/gradle or build.gradle(.kts) to pick
Gradle) and only execute the appropriate command set; for Maven-run the compile,
test, dependency:tree (and checkstyle/spotbugs fallbacks) lines currently shown
for mvnw/mvn, and for Gradle-run the build and runtimeClasspath dependency query
lines for gradlew/gradle, ensuring the script uses the detected wrapper (mvnw vs
mvn, gradlew vs gradle) and skips the other tool entirely to avoid noise.

In @.opencode/prompts/agents/loop-operator.txt:
- Around line 15-20: The "Required Checks" list names mandatory safety
conditions (quality gates, eval baseline, rollback path, branch/worktree
isolation) but the prompt never enforces them; update the loop operator prompt
to add an explicit pre-execution validation step that verifies each check and
aborts the loop if any are missing or failing (e.g., "Before starting the loop,
confirm quality gates pass, an eval baseline exists, a rollback path is
available, and branch/worktree isolation is configured; if any check fails, stop
and report which check failed"). Reference the "Required Checks" section and
ensure the prompt language requires the agent to actively validate and report
these four items before proceeding.

In @.opencode/prompts/agents/python-reviewer.txt:
- Around line 14-15: The checklist's Path Traversal item is insufficient:
replace the current "normpath + '..' filtering" guidance with a requirement to
canonicalize user-supplied paths (e.g., using realpath/resolve) and validate
them against a base-directory allowlist via a secure commonpath/startsWith
check, explicitly reject absolute paths or paths that escape the base via
symlinks, and add a note to test with symlink/absolute-path bypass cases; update
the prompt text that mentions normpath and `..` filtering to reference
canonicalization and base-directory allowlisting as mandatory controls.

---

Nitpick comments:
In @.opencode/prompts/agents/harness-optimizer.txt:
- Around line 24-27: Replace the ambiguous output fields in
.opencode/prompts/agents/harness-optimizer.txt so they mirror the /harness-audit
contract: change the string "baseline scorecard" to use the deterministic keys
like "overall_score" (and include category-specific score keys e.g.,
"security_score", "cost_score" as applicable), map "applied changes" to
"top_actions" (or an array of action objects), ensure "measured improvements"
emit explicit category score deltas using the same category keys, and keep
"remaining risks" as a clear "remaining_risks" field; update any surrounding
wording to emit those exact keys so downstream parsing matches the
/harness-audit schema.

In @.opencode/prompts/agents/java-reviewer.txt:
- Around line 64-70: The command list currently runs both Maven and Gradle goals
unconditionally; update the diagnostics in the prompt to split commands into
Maven-only and Gradle-only groups and invoke only the appropriate group based on
the earlier detected build tool (e.g., using the existing detection result for
pom.xml vs build.gradle). Specifically, replace the mixed sequence (mvn verify,
./gradlew check, ./mvnw checkstyle:check, ./mvnw spotbugs:check, ./mvnw test,
./mvnw dependency-check:check, grep ...) with two clearly labeled lists and
ensure the agent executes only the matching list for Maven or Gradle, and apply
the same change to the similar block referenced at lines 74-74.

In @.opencode/prompts/agents/kotlin-build-resolver.txt:
- Line 57: The diagnostic step currently runs "./gradlew clean && rm -rf
.gradle/build-cache/" which dangerously deletes the Gradle build cache by
default; change the prompt in kotlin-build-resolver.txt so the default command
is just "./gradlew clean" (remove "&& rm -rf .gradle/build-cache/"), and instead
add a short follow-up note that "rm -rf .gradle/build-cache/" is a last-resort
action to use only after incremental fixes fail; also reference using the
build-error-resolver agent to analyze errors, apply fixes incrementally, and
verify after each change (mention build-error-resolver and the cleaned
"./gradlew clean" command to locate where to update).
- Around line 73-77: Add a compatibility note after the kotlin { compilerOptions
{ ... } } block that states the compilerOptions syntax requires Kotlin Gradle
Plugin (KGP) 1.8.0 or newer and provide a fallback approach for older KGP
versions (KGP < 1.8.0) using
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach
to set kotlinOptions (including jvmTarget, freeCompilerArgs and
allWarningsAsErrors) so agents working with older projects can apply the
equivalent settings.

In @.opencode/prompts/agents/python-reviewer.txt:
- Line 61: Replace the repo-specific pytest invocation that contains "--cov=app"
(the line "pytest --cov=app --cov-report=term-missing") with a generic or
placeholder coverage flag; update the prompt to use either no --cov option or a
generic token like "--cov=<package>" or "pytest --cov=<PACKAGE>
--cov-report=term-missing" so the default diagnostics do not assume a package
named "app".

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 402c763a-81f1-448c-b468-dc1fb5c46348

📥 Commits

Reviewing files that changed from the base of the PR and between 7ccfda9 and 68a36a8.

📒 Files selected for processing (12)
  • .opencode/opencode.json
  • .opencode/prompts/agents/chief-of-staff.txt
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/cpp-reviewer.txt
  • .opencode/prompts/agents/docs-lookup.txt
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/java-reviewer.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/kotlin-reviewer.txt
  • .opencode/prompts/agents/loop-operator.txt
  • .opencode/prompts/agents/python-reviewer.txt

Comment thread .opencode/opencode.json
Comment on lines +217 to +225
"docs-lookup": {
"description": "Documentation specialist using Context7 MCP to fetch current library and API documentation with code examples.",
"mode": "subagent",
"model": "anthropic/claude-sonnet-4-5",
"prompt": "{file:prompts/agents/docs-lookup.txt}",
"tools": {
"read": true,
"bash": true
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify current wiring and whether any agent explicitly grants MCP tools
rg -n '"docs-lookup"|mcp_\*|"tools"|context7' .opencode/opencode.json mcp-configs/mcp-servers.json
rg -n '"mcp"' .opencode/opencode.json

Repository: affaan-m/everything-claude-code

Length of output: 1470


🌐 Web query:

In OpenCode agent configuration, what is the exact way to grant a subagent access to MCP tools (e.g., Context7 resolve-library-id/query-docs)? Is a dedicated mcptool flag required underagent..tools?

💡 Result:

To grant a subagent access to MCP tools like Context7's resolve-library-id or query-docs in OpenCode agent configuration, configure the subagent's tools or permissions under agent.<name>. Explicitly enable the relevant MCP-prefixed tools using glob patterns. MCP tools from a server named "context7" appear as "context7_" (e.g., "context7_resolve-library-id"). First, define the MCP server globally in the top-level "mcp" section of opencode.json: { "mcp": { "context7": { "type": "remote", "url": "https://mcp.context7.com/mcp" } } } Then, for the subagent, enable access in agent.<name>.tools (legacy but supported) or preferably agent.<name>.permission.tool: Using tools (legacy/deprecated): { "agent": { "my-subagent": { "mode": "subagent", "tools": { "context7_": true } } } } Using permissions (recommended, new configs): { "agent": { "my-subagent": { "mode": "subagent", "permission": { "tool": { "context7_": "allow" } } } } } A dedicated "mcp" tool flag is not required; MCP tools are treated as regular tools with servername_ naming and controlled via tools/permissions like built-ins. Globally disable if needed ("tools": {"context7_*": false}), then override per-agent. Note: There is a known bug (as of 2026-03-07) where task-spawned subagents may not inherit MCP permissions properly despite tools appearing available; explicitly configure agent permissions to mitigate.

Citations:


🏁 Script executed:

# Read the docs-lookup prompt file to verify it requires Context7 MCP tools
find . -name "docs-lookup.txt" -o -name "prompts" -type d | head -5

Repository: affaan-m/everything-claude-code

Length of output: 137


🏁 Script executed:

# Check if there are any agents that DO explicitly grant context7 tools
rg -A 5 '"tools"\s*:\s*\{' .opencode/opencode.json | grep -A 5 'context7'

Repository: affaan-m/everything-claude-code

Length of output: 57


🏁 Script executed:

# Look at the full docs-lookup agent config and nearby agents for comparison
sed -n '217,230p' .opencode/opencode.json

Repository: affaan-m/everything-claude-code

Length of output: 654


🏁 Script executed:

# Read the docs-lookup prompt to verify it requires Context7 MCP
cat ./.opencode/prompts/agents/docs-lookup.txt

Repository: affaan-m/everything-claude-code

Length of output: 2883


🏁 Script executed:

# Search for any agents that DO grant context7 tools to see proper pattern
rg -B 2 'context7' .opencode/opencode.json

Repository: affaan-m/everything-claude-code

Length of output: 57


Grant docs-lookup explicit access to Context7 MCP tools

The agent's prompt explicitly requires resolve-library-id and query-docs from Context7 MCP, but the config only grants read and bash. Without explicit tool grants, the agent will trigger permission requests at runtime instead of executing deterministically.

Add to the docs-lookup agent:

"permission": {
  "tool": {
    "context7_*": "allow"
  }
}

Or use the legacy syntax: "tools": {"context7_resolve-library-id": true, "context7_query-docs": true}

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/opencode.json around lines 217 - 225, The docs-lookup agent entry
currently grants only "read" and "bash" tools but needs explicit Context7 MCP
tool permissions; update the "docs-lookup" object (the agent named
"docs-lookup") to either add a "permission" block granting "context7_*" tool
access (e.g., "permission":{"tool":{"context7_*":"allow"}}) or add legacy
explicit tool flags for the required Context7 actions (e.g., include
"context7_resolve-library-id": true and "context7_query-docs": true under
"tools") so the agent can call resolve-library-id and query-docs without runtime
permission prompts.

Comment thread .opencode/prompts/agents/chief-of-staff.txt
Comment thread .opencode/prompts/agents/cpp-build-resolver.txt Outdated
Comment thread .opencode/prompts/agents/java-build-resolver.txt Outdated
Comment thread .opencode/prompts/agents/java-build-resolver.txt Outdated
Comment thread .opencode/prompts/agents/java-reviewer.txt
Comment thread .opencode/prompts/agents/loop-operator.txt
Comment on lines +14 to +15
- **Path Traversal**: user-controlled paths — validate with normpath, reject `..`
- **Eval/exec abuse**, **unsafe deserialization**, **hardcoded secrets**

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Path traversal guidance is incomplete for CRITICAL security checks.

normpath + .. filtering alone can still be bypassed (absolute paths/symlinks). This should require canonicalization and base-directory allowlisting in the checklist.

Suggested prompt adjustment
-- **Path Traversal**: user-controlled paths — validate with normpath, reject `..`
+- **Path Traversal**: user-controlled paths — resolve to canonical path and enforce it stays within an allowed base directory (do not rely only on `..` checks)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/python-reviewer.txt around lines 14 - 15, The
checklist's Path Traversal item is insufficient: replace the current "normpath +
'..' filtering" guidance with a requirement to canonicalize user-supplied paths
(e.g., using realpath/resolve) and validate them against a base-directory
allowlist via a secure commonpath/startsWith check, explicitly reject absolute
paths or paths that escape the base via symlinks, and add a note to test with
symlink/absolute-path bypass cases; update the prompt text that mentions
normpath and `..` filtering to reference canonicalization and base-directory
allowlisting as mandatory controls.

@dragosnastasemihai-design dragosnastasemihai-design left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@ecc-tools

ecc-tools Bot commented Mar 21, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 21, 2026

Copy link
Copy Markdown
Contributor

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@nayanjaiswal1

Copy link
Copy Markdown
Contributor Author

Thank you for the detailed review! I've addressed all the issues in commit :

Greptile Critical Issues Fixed:

  1. ✅ Created with fallback values for tone/relationship context
  2. ✅ Added , , to
  3. ✅ Added explicit and to in

CodeRabbit Nitpicks Fixed:

  1. ✅ : Updated output fields to match contract
  2. ✅ : Changed to generic
  3. ✅ : Split diagnostics into Maven-only and Gradle-only sections
  4. ✅ : Removed aggressive cache deletion, added KGP version compatibility note
  5. ✅ : Reordered cmake commands (configure before build)
  6. ✅ : Fixed spelling ("Initialise" → "Initialize"), added build tool detection
  7. ✅ : Added explicit pre-execution validation for Required Checks
  8. ✅ : Changed auto git push to manual/queued flow

All fixes are pushed to .

@nayanjaiswal1 nayanjaiswal1 left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @coderabbitai! All nitpick suggestions have been addressed in commit :

  • : Output fields now match /harness-audit contract with proper score keys
  • : Generic pytest coverage command
  • : Split Maven/Gradle diagnostics
  • : Removed aggressive cache deletion + added KGP version fallback
  • : Fixed cmake command order
  • : Fixed spelling + added build detection
  • : Added pre-execution validation step
  • : Manual git push flow

@nayanjaiswal1

Copy link
Copy Markdown
Contributor Author

Note: The Path Traversal suggestion for python-reviewer.txt (line 14-15 about canonicalization vs normpath) was reviewed but not addressed in this PR — the current normpath guidance remains.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (3)
.opencode/prompts/agents/SOUL.md (1)

45-47: Use consistent minute formatting for readability (30 min vs 30min).

Not blocking, but spacing units improves doc clarity and avoids grammar-lint noise.

Proposed fix
-- **Default meeting duration**: 30min / 45min / 60min (default: 30min)
+- **Default meeting duration**: 30 min / 45 min / 60 min (default: 30 min)
 ...
-- **Buffer between meetings**: 0 / 5 / 15 min (default: 5min)
+- **Buffer between meetings**: 0 / 5 / 15 min (default: 5 min)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/SOUL.md around lines 45 - 47, Update the minute
formatting in the listed options to include a space between the number and "min"
for consistency: change "30min", "45min", "60min" to "30 min", "45 min", "60
min" in the "Default meeting duration" line, and change "5min" to "5 min" in the
"Buffer between meetings" line; keep the rest of the wording identical.
.opencode/prompts/agents/java-reviewer.txt (1)

68-69: Avoid || mvn ... fallback that can mask real Maven wrapper failures.

At Line 68 and Line 69, ./mvnw ... || mvn ... will run mvn after any wrapper command failure (including real compile/test failures), which can obscure diagnostics. Prefer explicit wrapper-exists branching.

🔧 Proposed update
-./mvnw compile -q 2>&1 || mvn compile -q 2>&1
-./mvnw verify -q 2>&1 || mvn verify -q 2>&1
+if [ -x ./mvnw ]; then ./mvnw compile -q 2>&1; else mvn compile -q 2>&1; fi
+if [ -x ./mvnw ]; then ./mvnw verify -q 2>&1; else mvn verify -q 2>&1; fi
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt around lines 68 - 69, The current
fallback "./mvnw ... || mvn ..." masks genuine wrapper failures by always
running mvn after any mvnw failure; replace the fallback with an explicit check
for the wrapper’s presence/executability and run either the wrapper or the
system maven accordingly for both the compile and verify steps (identify
occurrences of "./mvnw compile -q" and "./mvnw verify -q" in the file), so only
when the wrapper is truly absent/unusable do we run "mvn" and real wrapper
errors aren’t hidden.
.opencode/prompts/agents/loop-operator.txt (1)

26-31: Consider removing redundant Required Checks section.

Lines 26-31 duplicate the checks already listed in the Pre-Execution Validation section (lines 19-22). Since the validation section includes both the checks AND enforcement instructions, this section adds redundancy without additional value.

♻️ Proposed simplification
 If any check fails, **STOP immediately** and report which check failed before proceeding.
 
-## Required Checks
-
-- quality gates are active
-- eval baseline exists
-- rollback path exists
-- branch/worktree isolation is configured
-
 ## Escalation
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/loop-operator.txt around lines 26 - 31, Remove the
redundant "## Required Checks" block (the four bullet items: "quality gates are
active", "eval baseline exists", "rollback path exists", "branch/worktree
isolation is configured") since those checks are already covered under the
"Pre-Execution Validation" section; locate the "Required Checks" heading and
delete that heading plus its bullet list so the document only keeps the singular
"Pre-Execution Validation" entry.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 4: Replace the context-sensitive git invocation "git diff -- '*.java'"
with a PR-aware diff that compares the feature branch against the target
baseline (for example origin/main...HEAD) and restricts output to Java files
(use the name-only output and the '*.java' pathspec); update the command in the
prompt line so the reviewer reliably sees all changed Java files across
clean/sandboxed checkouts.

In @.opencode/prompts/agents/SOUL.md:
- Line 12: Replace the malformed bold key `** formality_level**` with a
correctly formatted bold key by removing the leading space so it reads
`**formality_level**`; update the instance in SOUL.md (the `formality_level`
key) to match the other bolded keys' formatting.
- Around line 1-4: SOUL.md is missing the required YAML frontmatter which breaks
agent discovery; add a top-of-file YAML frontmatter block that declares the
agent's name, a short description, the tools array, and the model string (i.e.,
include keys: name, description, tools, model) so the agent parser can recognize
it; ensure the frontmatter is valid YAML (surrounded by ---) and that the tools
field lists any tool identifiers used by this agent and the model field
specifies the model to use, then save SOUL.md with the frontmatter followed by
the existing Markdown content.

---

Nitpick comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Around line 68-69: The current fallback "./mvnw ... || mvn ..." masks genuine
wrapper failures by always running mvn after any mvnw failure; replace the
fallback with an explicit check for the wrapper’s presence/executability and run
either the wrapper or the system maven accordingly for both the compile and
verify steps (identify occurrences of "./mvnw compile -q" and "./mvnw verify -q"
in the file), so only when the wrapper is truly absent/unusable do we run "mvn"
and real wrapper errors aren’t hidden.

In @.opencode/prompts/agents/loop-operator.txt:
- Around line 26-31: Remove the redundant "## Required Checks" block (the four
bullet items: "quality gates are active", "eval baseline exists", "rollback path
exists", "branch/worktree isolation is configured") since those checks are
already covered under the "Pre-Execution Validation" section; locate the
"Required Checks" heading and delete that heading plus its bullet list so the
document only keeps the singular "Pre-Execution Validation" entry.

In @.opencode/prompts/agents/SOUL.md:
- Around line 45-47: Update the minute formatting in the listed options to
include a space between the number and "min" for consistency: change "30min",
"45min", "60min" to "30 min", "45 min", "60 min" in the "Default meeting
duration" line, and change "5min" to "5 min" in the "Buffer between meetings"
line; keep the rest of the wording identical.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a6672bd2-7f00-4587-8fe1-d1030a4b0c6f

📥 Commits

Reviewing files that changed from the base of the PR and between 68a36a8 and 23b1a52.

📒 Files selected for processing (11)
  • .opencode/opencode.json
  • .opencode/prompts/agents/SOUL.md
  • .opencode/prompts/agents/chief-of-staff.txt
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/java-reviewer.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/loop-operator.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • AGENTS.md
✅ Files skipped from review due to trivial changes (8)
  • AGENTS.md
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/chief-of-staff.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • .opencode/opencode.json

You are a senior Java engineer ensuring high standards of idiomatic Java and Spring Boot best practices.

When invoked:
1. Run `git diff -- '*.java'` to see recent Java file changes

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Use a PR-aware diff baseline to avoid missing changed Java files.

Line 4 (git diff -- '*.java') is context-sensitive and can miss target-branch changes in clean/sandboxed checkouts. Use an explicit baseline (e.g., origin/main...HEAD) so the reviewer reliably scopes modified Java files.

🔧 Proposed update
-1. Run `git diff -- '*.java'` to see recent Java file changes
+1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
1. Run `git diff -- '*.java'` to see recent Java file changes
1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the
context-sensitive git invocation "git diff -- '*.java'" with a PR-aware diff
that compares the feature branch against the target baseline (for example
origin/main...HEAD) and restricts output to Java files (use the name-only output
and the '*.java' pathspec); update the command in the prompt line so the
reviewer reliably sees all changed Java files across clean/sandboxed checkouts.

Comment thread .opencode/prompts/agents/SOUL.md Outdated
Comment on lines +1 to +4
# SOUL.md — Personal Communication Tone & Relationship Context

This file defines the user's communication preferences and relationship context for the chief-of-staff agent.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Missing required YAML frontmatter for an agent prompt file.

This file is under .opencode/prompts/agents/ but lacks the required frontmatter (name, description, tools, model). That can break agent discovery/parsing conventions.

Proposed fix
+# ---
+# name: chief-of-staff-soul
+# description: Personal communication tone and relationship context for chief-of-staff agent.
+# tools: []
+# model: anthropic/claude-sonnet-4-5
+# ---
+
 # SOUL.md — Personal Communication Tone & Relationship Context
Based on learnings: "Applies to agents/**/*.md : Agents should be formatted as Markdown with YAML frontmatter containing name, description, tools, and model fields".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/SOUL.md around lines 1 - 4, SOUL.md is missing the
required YAML frontmatter which breaks agent discovery; add a top-of-file YAML
frontmatter block that declares the agent's name, a short description, the tools
array, and the model string (i.e., include keys: name, description, tools,
model) so the agent parser can recognize it; ensure the frontmatter is valid
YAML (surrounded by ---) and that the tools field lists any tool identifiers
used by this agent and the model field specifies the model to use, then save
SOUL.md with the frontmatter followed by the existing Markdown content.

Comment thread .opencode/prompts/agents/SOUL.md Outdated
- **Tone**: Professional but friendly
- **Signature**: None (agent generates without signature)
- **Reply Style**: Concise, action-oriented
- ** formality_level**: balanced

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix malformed bold key formatting on Line 12.

** formality_level** has a leading space inside the bold marker; it renders inconsistently and looks like a typo.

Proposed fix
-- ** formality_level**: balanced
+- **formality_level**: balanced
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/SOUL.md at line 12, Replace the malformed bold key
`** formality_level**` with a correctly formatted bold key by removing the
leading space so it reads `**formality_level**`; update the instance in SOUL.md
(the `formality_level` key) to match the other bolded keys' formatting.

Comment thread .opencode/prompts/agents/chief-of-staff.txt Outdated
@nayanjaiswal1 nayanjaiswal1 force-pushed the feat/opencode-complete-agents-setup branch from 23b1a52 to b435ddc Compare March 21, 2026 17:46
@ecc-tools

ecc-tools Bot commented Mar 21, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 21, 2026

Copy link
Copy Markdown
Contributor

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

10 issues found across 14 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".opencode/prompts/agents/SOUL.md">

<violation number="1" location=".opencode/prompts/agents/SOUL.md:12">
P2: Fallback key `formality_level` is malformed with a leading space, creating inconsistent key formatting that can break exact-token field extraction.</violation>
</file>

<file name=".opencode/prompts/agents/cpp-build-resolver.txt">

<violation number="1" location=".opencode/prompts/agents/cpp-build-resolver.txt:25">
P2: Resolution workflow starts with `cmake --build build` despite earlier configure-first guidance, causing inconsistent and potentially failing steps on clean checkouts.</violation>
</file>

<file name=".opencode/prompts/agents/java-reviewer.txt">

<violation number="1" location=".opencode/prompts/agents/java-reviewer.txt:7">
P1: Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.</violation>
</file>

<file name=".opencode/prompts/agents/python-reviewer.txt">

<violation number="1" location=".opencode/prompts/agents/python-reviewer.txt:7">
P2: Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).</violation>
</file>

<file name=".opencode/prompts/agents/loop-operator.txt">

<violation number="1" location=".opencode/prompts/agents/loop-operator.txt:28">
P2: `Required Checks` weakens the quality-gate requirement from 'active and passing' to only 'active', creating contradictory execution criteria.</violation>
</file>

<file name=".opencode/prompts/agents/chief-of-staff.txt">

<violation number="1" location=".opencode/prompts/agents/chief-of-staff.txt:108">
P2: Use OpenCode’s actual instruction-loading mechanism here. Referencing `.claude/rules/*.md` in an OpenCode agent prompt is incorrect and can cause users to configure rules in a location that is never loaded.</violation>
</file>

<file name=".opencode/prompts/agents/cpp-reviewer.txt">

<violation number="1" location=".opencode/prompts/agents/cpp-reviewer.txt:7">
P2: Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.</violation>

<violation number="2" location=".opencode/prompts/agents/cpp-reviewer.txt:54">
P2: Diagnostic command narrows analysis to `src/*.cpp`, missing many changed C++ files promised by earlier instructions.</violation>
</file>

<file name=".opencode/prompts/agents/java-build-resolver.txt">

<violation number="1" location=".opencode/prompts/agents/java-build-resolver.txt:22">
P2: Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.</violation>
</file>

<file name=".opencode/prompts/agents/kotlin-reviewer.txt">

<violation number="1" location=".opencode/prompts/agents/kotlin-reviewer.txt:15">
P2: Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.</violation>
</file>

Since this is your first cubic review, here's how it works:

  • cubic automatically reviews your code and comments on bugs and improvements
  • Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
  • Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
  • Ask questions if you need clarification on any suggestion

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

1. Run `git diff -- '*.java'` to see recent Java file changes
2. Run `mvn verify -q` or `./gradlew check` if available
3. Focus on modified `.java` files
4. Begin review immediately

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/java-reviewer.txt, line 7:

<comment>Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.</comment>

<file context>
@@ -0,0 +1,97 @@
+1. Run `git diff -- '*.java'` to see recent Java file changes
+2. Run `mvn verify -q` or `./gradlew check` if available
+3. Focus on modified `.java` files
+4. Begin review immediately
+
+You DO NOT refactor or rewrite code — you report findings only.
</file context>
Fix with Cubic

Comment thread .opencode/prompts/agents/SOUL.md Outdated
Comment thread .opencode/prompts/agents/cpp-build-resolver.txt
1. Run `git diff -- '*.py'` to see recent Python file changes
2. Run static analysis tools if available (ruff, mypy, pylint, black --check)
3. Focus on modified `.py` files
4. Begin review immediately

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/python-reviewer.txt, line 7:

<comment>Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).</comment>

<file context>
@@ -0,0 +1,85 @@
+1. Run `git diff -- '*.py'` to see recent Python file changes
+2. Run static analysis tools if available (ruff, mypy, pylint, black --check)
+3. Focus on modified `.py` files
+4. Begin review immediately
+
+## Review Priorities
</file context>
Fix with Cubic

Comment thread .opencode/prompts/agents/loop-operator.txt
Comment thread .opencode/prompts/agents/chief-of-staff.txt Outdated
## Diagnostic Commands

```bash
clang-tidy --checks='*,-llvmlibc-*' src/*.cpp -- -std=c++17

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Diagnostic command narrows analysis to src/*.cpp, missing many changed C++ files promised by earlier instructions.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/cpp-reviewer.txt, line 54:

<comment>Diagnostic command narrows analysis to `src/*.cpp`, missing many changed C++ files promised by earlier instructions.</comment>

<file context>
@@ -0,0 +1,65 @@
+## Diagnostic Commands
+
+```bash
+clang-tidy --checks='*,-llvmlibc-*' src/*.cpp -- -std=c++17
+cppcheck --enable=all --suppress=missingIncludeSystem src/
+cmake --build build 2>&1 | head -50
</file context>
Fix with Cubic

1. Run `git diff -- '*.cpp' '*.hpp' '*.cc' '*.hh' '*.cxx' '*.h'` to see recent C++ file changes
2. Run `clang-tidy` and `cppcheck` if available
3. Focus on modified C++ files
4. Begin review immediately

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/cpp-reviewer.txt, line 7:

<comment>Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.</comment>

<file context>
@@ -0,0 +1,65 @@
+1. Run `git diff -- '*.cpp' '*.hpp' '*.cc' '*.hh' '*.cxx' '*.h'` to see recent C++ file changes
+2. Run `clang-tidy` and `cppcheck` if available
+3. Focus on modified C++ files
+4. Begin review immediately
+
+## Review Priorities
</file context>
Fix with Cubic

./mvnw compile -q 2>&1 || mvn compile -q 2>&1
./mvnw test -q 2>&1 || mvn test -q 2>&1
./mvnw dependency:tree 2>&1 | head -100
./mvnw checkstyle:check 2>&1 || echo "checkstyle not configured"

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/java-build-resolver.txt, line 22:

<comment>Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.</comment>

<file context>
@@ -0,0 +1,123 @@
+./mvnw compile -q 2>&1 || mvn compile -q 2>&1
+./mvnw test -q 2>&1 || mvn test -q 2>&1
+./mvnw dependency:tree 2>&1 | head -100
+./mvnw checkstyle:check 2>&1 || echo "checkstyle not configured"
+./mvnw spotbugs:check 2>&1 || echo "spotbugs not configured"
+```
</file context>
Fix with Cubic


### Step 1: Gather Context

Run `git diff --staged` and `git diff` to see changes. If no diff, check `git log --oneline -5`. Identify Kotlin/KTS files that changed.

@cubic-dev-ai cubic-dev-ai Bot Mar 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/kotlin-reviewer.txt, line 15:

<comment>Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.</comment>

<file context>
@@ -0,0 +1,127 @@
+
+### Step 1: Gather Context
+
+Run `git diff --staged` and `git diff` to see changes. If no diff, check `git log --oneline -5`. Identify Kotlin/KTS files that changed.
+
+### Step 2: Understand Project Structure
</file context>
Fix with Cubic

Comment thread .opencode/opencode.json

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (2)
.opencode/prompts/agents/java-reviewer.txt (1)

4-4: ⚠️ Potential issue | 🟠 Major

Use a PR-aware diff baseline in all Java diff commands.

git diff -- '*.java' is context-dependent and can miss branch changes. Use an explicit baseline (e.g., origin/main...HEAD) for reliable scope in local and sandboxed runs.

🔧 Proposed update
-1. Run `git diff -- '*.java'` to see recent Java file changes
+1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch
-git diff -- '*.java'
+git diff --name-only origin/main...HEAD -- '*.java'
-git diff -- '*.java'
+git diff --name-only origin/main...HEAD -- '*.java'

Also applies to: 67-67, 79-79

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the
context-dependent command string "git diff -- '*.java'" with a PR-aware baseline
form (for example "git diff origin/main...HEAD -- '*.java'") wherever it appears
in the prompt (including other occurrences of the same command), so the Java
diffs use an explicit baseline (origin/main...HEAD) to reliably capture branch
changes in local and sandboxed runs.
.opencode/prompts/agents/SOUL.md (1)

12-12: ⚠️ Potential issue | 🟡 Minor

Fix malformed bold formatting.

The bold marker has a space after the opening **, making it inconsistent with other list items and potentially breaking rendering.

✏️ Proposed fix
-- ** formality_level**: balanced
+- **formality_level**: balanced
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/SOUL.md at line 12, There is a malformed bold
marker in the markdown list item "** formality_level**: balanced" (note the
space after the opening **); remove the extra space so the token reads
"**formality_level**: balanced" to match the other items and ensure consistent
rendering.
🧹 Nitpick comments (1)
.opencode/prompts/agents/loop-operator.txt (1)

17-17: Minor wording cleanup for concision.

Consider “confirm ALL the following checks pass” instead of “confirm ALL of the following checks pass.”

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/loop-operator.txt at line 17, Replace the phrase
"Before starting the loop, confirm ALL of the following checks pass:" with the
more concise wording "Before starting the loop, confirm ALL the following checks
pass:" by editing the line containing that exact string in the prompt file (look
for the sentence starting "Before starting the loop, confirm ALL of the
following checks pass:") so the only change is removal of the word "of".
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 33-39: Update the Escalation rules to add an explicit security
hard-stop: modify the "Escalation" block so that if any security issue is
detected the loop stops immediately and the flow routes to the security-reviewer
agent, and require that any CRITICAL security findings be fixed before allowing
loop continuation; reference the existing "Escalation" section and the
security-reviewer agent name when adding this new condition and enforcement of
CRITICAL fixes.

---

Duplicate comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 4: Replace the context-dependent command string "git diff -- '*.java'"
with a PR-aware baseline form (for example "git diff origin/main...HEAD --
'*.java'") wherever it appears in the prompt (including other occurrences of the
same command), so the Java diffs use an explicit baseline (origin/main...HEAD)
to reliably capture branch changes in local and sandboxed runs.

In @.opencode/prompts/agents/SOUL.md:
- Line 12: There is a malformed bold marker in the markdown list item "**
formality_level**: balanced" (note the space after the opening **); remove the
extra space so the token reads "**formality_level**: balanced" to match the
other items and ensure consistent rendering.

---

Nitpick comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Line 17: Replace the phrase "Before starting the loop, confirm ALL of the
following checks pass:" with the more concise wording "Before starting the loop,
confirm ALL the following checks pass:" by editing the line containing that
exact string in the prompt file (look for the sentence starting "Before starting
the loop, confirm ALL of the following checks pass:") so the only change is
removal of the word "of".

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f39664cd-369b-4abf-87f9-8d5e3be48eac

📥 Commits

Reviewing files that changed from the base of the PR and between 23b1a52 and b435ddc.

📒 Files selected for processing (14)
  • .opencode/opencode.json
  • .opencode/prompts/agents/SOUL.md
  • .opencode/prompts/agents/chief-of-staff.txt
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/cpp-reviewer.txt
  • .opencode/prompts/agents/docs-lookup.txt
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/java-reviewer.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/kotlin-reviewer.txt
  • .opencode/prompts/agents/loop-operator.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • AGENTS.md
✅ Files skipped from review due to trivial changes (8)
  • .opencode/prompts/agents/kotlin-reviewer.txt
  • .opencode/prompts/agents/docs-lookup.txt
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/cpp-reviewer.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • .opencode/prompts/agents/harness-optimizer.txt
🚧 Files skipped from review as they are similar to previous changes (2)
  • AGENTS.md
  • .opencode/opencode.json

Comment on lines +33 to +39
## Escalation

Escalate when any condition is true:
- no progress across two consecutive checkpoints
- repeated failures with identical stack traces
- cost drift outside budget window
- merge conflicts blocking queue advancement

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Add explicit security escalation in loop stop conditions.

Escalation rules currently miss the required security branch. Add a hard stop that routes to security-reviewer whenever a security issue is detected, and require CRITICAL fixes before loop continuation.

🔒 Prompt hardening diff
 ## Escalation
 
 Escalate when any condition is true:
 - no progress across two consecutive checkpoints
 - repeated failures with identical stack traces
 - cost drift outside budget window
 - merge conflicts blocking queue advancement
+- any security issue is detected
+
+If a security issue is detected, **STOP immediately**, delegate to `security-reviewer`,
+and do not continue until CRITICAL issues are fixed.

Based on learnings: If security issue found: STOP immediately and use security-reviewer agent; fix CRITICAL issues before continuing.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/loop-operator.txt around lines 33 - 39, Update the
Escalation rules to add an explicit security hard-stop: modify the "Escalation"
block so that if any security issue is detected the loop stops immediately and
the flow routes to the security-reviewer agent, and require that any CRITICAL
security findings be fixed before allowing loop continuation; reference the
existing "Escalation" section and the security-reviewer agent name when adding
this new condition and enforcement of CRITICAL fixes.

@affaan-m affaan-m left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good OpenCode agent parity work, but two issues:

  1. Remove chief-of-staff agent + SOUL.md — personal email/Slack/LINE triage is outside ECC's scope (dev workflow tools). The language-specific reviewers and build resolvers are great though.
  2. SOUL.md whitespace — line 14 has a leading space before formality_level

Remove chief-of-staff/SOUL.md and this is ready to merge.

@ecc-tools

ecc-tools Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

❌ Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@nayanjaiswal1

Copy link
Copy Markdown
Contributor Author

@affaan-m - addressed both review items:

  1. ✅ Removed chief-of-staff + SOUL.md entirely (outside ECC scope)
  2. ✅ Updated agent count 28 → 27

Ready for merge.

…prompts

Summary:
- Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer
- Update opencode.json to register all 25 agents (previously only 14 were configured)

Type:
- [x] Agent

Testing:
- Verified JSON syntax is valid
- All 25 agents now have corresponding prompt files in .opencode/prompts/agents/
- opencode.json updated with all agent configurations
- Remove chief-of-staff agent from opencode.json (outside ECC scope)
- Remove chief-of-staff.txt prompt file
- Remove SOUL.md file
- Remove chief-of-staff from AGENTS.md table and orchestration section
- Update agent count from 28 to 27
Comment thread .opencode/opencode.json
@nayanjaiswal1 nayanjaiswal1 force-pushed the feat/opencode-complete-agents-setup branch from 59e1154 to 52fda6c Compare March 23, 2026 16:07
@ecc-tools

ecc-tools Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

❌ Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@nayanjaiswal1 nayanjaiswal1 changed the title feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts feat(opencode): complete OpenCode agent setup - add 10 missing agent prompts Mar 23, 2026

## Workflow

1. Run `/harness-audit` and collect baseline score.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 /harness-audit command does not exist

The prompt instructs the agent to Run /harness-audit and collect baseline score as its first step, but there is no harness-audit command registered anywhere in .opencode/opencode.json. The defined commands are: plan, tdd, code-review, security, build-fix, e2e, refactor-clean, orchestrate, learn, checkpoint, verify, eval, update-docs, update-codemaps, test-coverage, setup-pm, go-review, go-test, go-build, skill-create, instinct-*, evolve, promote, and projects.

When invoked, the agent will immediately fail or stall at Step 1 because it has no harness-audit command to run. Either add a harness-audit command to opencode.json, or update this prompt to use an existing command (such as a bash-based audit script) as the baseline collection step.

Suggested change
1. Run `/harness-audit` and collect baseline score.
1. Read `.opencode/opencode.json` and all referenced prompt files to collect baseline configuration.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (5)
.opencode/prompts/agents/loop-operator.txt (1)

33-39: ⚠️ Potential issue | 🟠 Major

Security escalation condition is still missing.

The Escalation section lacks an explicit security hard-stop. An autonomous loop operator must halt immediately when security issues are detected and delegate to the security-reviewer agent.

This was flagged in a previous review but has not yet been addressed.

🔒 Add security escalation condition
 ## Escalation
 
 Escalate when any condition is true:
 - no progress across two consecutive checkpoints
 - repeated failures with identical stack traces
 - cost drift outside budget window
 - merge conflicts blocking queue advancement
+- any security issue is detected
+
+If a security issue is detected, **STOP immediately**, delegate to `security-reviewer`,
+and do not continue until CRITICAL issues are fixed and any exposed secrets are rotated.

Based on learnings: Stop immediately when security issue found; use security-reviewer agent to fix CRITICAL issues; rotate any exposed secrets; review codebase for similar issues.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/loop-operator.txt around lines 33 - 39, Add an
explicit security hard-stop to the "Escalation" section: include a new condition
like "security issue detected — halt loop and delegate to security-reviewer
agent" and document the required immediate actions (stop the autonomous loop,
invoke the security-reviewer agent for CRITICAL fixes, rotate any exposed
secrets, and trigger a codebase-wide security scan/review). Update the
Escalation list entry text in the loop-operator prompt so the operator knows to
immediately halt execution and call the security-reviewer agent with
severity=CRITICAL and remedial steps when a security issue is observed.
.opencode/prompts/agents/java-reviewer.txt (4)

67-67: ⚠️ Potential issue | 🟠 Major

Align diagnostic git diff with PR-aware baseline.

This repeats the context-sensitive git diff -- '*.java' pattern flagged at line 4. Use the three-dot baseline consistently throughout the prompt.

🔧 Proposed fix
-git diff -- '*.java'
+git diff --name-only origin/main...HEAD -- '*.java'
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 67, The prompt contains a
duplicated context-sensitive pattern "git diff -- '*.java'"; replace all
occurrences with the PR-aware three-dot baseline form (e.g., "git diff ... --
'*.java'") so the diagnostic diff is aligned with the PR baseline and avoid
repeating the simple "-- '*.java'" pattern; update the instance in the text
matching "git diff -- '*.java'" (the token appears at line with that exact
string) to the three-dot variant and ensure any other duplicates use the same
three-dot baseline consistently.

79-79: ⚠️ Potential issue | 🟠 Major

Align diagnostic git diff with PR-aware baseline.

This repeats the context-sensitive git diff -- '*.java' pattern flagged at line 4. Use the three-dot baseline consistently throughout the prompt.

🔧 Proposed fix
-git diff -- '*.java'
+git diff --name-only origin/main...HEAD -- '*.java'
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 79, Replace the repeated
context-sensitive command string "git diff -- '*.java'" with the three-dot
baseline form (e.g., "git diff ... -- '*.java'") wherever it appears in the
prompt so the diagnostic diff is PR-aware and consistent; update every instance
of the literal "git diff -- '*.java'" to the three-dot baseline variant and
ensure other diff patterns in the prompt follow this same "..." convention.

4-4: ⚠️ Potential issue | 🟠 Major

Use a PR-aware diff baseline to scope changed Java files reliably.

The command git diff -- '*.java' is context-sensitive and may miss target-branch changes in clean/sandboxed checkouts. Prefer an explicit three-dot baseline (e.g., origin/main...HEAD) so the agent reliably surfaces all Java files modified in the current branch.

🔧 Proposed fix
-1. Run `git diff -- '*.java'` to see recent Java file changes
+1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the brittle
"git diff -- '*.java'" invocation in the prompt with a PR-aware three‑dot
baseline invocation so changed Java files are reliably listed against the target
branch; specifically, update the prompt to run a three‑dot diff against the
remote main branch (e.g., origin/main...HEAD) and ask for only file names (so it
consistently surfaces modified .java files across clean/sandboxed checkouts)
while keeping the '*.java' filter.

52-52: ⚠️ Potential issue | 🟠 Major

Add JDK-conditional guidance for pattern matching.

Line 52 recommends pattern matching but only mentions "Java 16+" without providing fallback guidance for Java 11 and earlier projects. Provide clear conditional advice: recommend pattern matching only for Java 16+; specify what to do for Java 11 and earlier (e.g., use explicit cast).

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/java-reviewer.txt at line 52, Update the guidance
about replacing an instanceof check followed by an explicit cast to be
JDK-version conditional: recommend using pattern matching for instanceof (the
"instanceof" pattern feature) only when the project targets Java 16+; for Java
11 and earlier advise keeping the existing explicit cast approach (e.g., check
with instanceof then cast) and optionally suggest a TODO comment or migration
note for upgrading the JDK when feasible. Ensure the text references the
"instanceof" check and the explicit cast pattern so readers know which code to
change and when to avoid it.
🧹 Nitpick comments (1)
.opencode/prompts/agents/loop-operator.txt (1)

26-31: Optional: Consider clarifying the relationship with Pre-Execution Validation.

The Required Checks section duplicates the four checks listed in Pre-Execution Validation (lines 17-22). If this section serves as a summary or quick reference, consider adding a header note like "Summary of checks detailed above" to clarify the purpose of the duplication.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.opencode/prompts/agents/loop-operator.txt around lines 26 - 31, The
"Required Checks" section duplicates the four items already listed under
"Pre-Execution Validation"; update the "Required Checks" header to clarify its
role by adding a short note such as "Summary of checks detailed above" or "Quick
summary of Pre-Execution Validation" immediately beneath the "Required Checks"
heading so readers understand this is a concise reference rather than new
content (refer to the "Required Checks" and "Pre-Execution Validation" headings
in the prompt file).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Line 3: Update AGENTS.md to make counts and content consistent with the
repository state: either remove the chief-of-staff agent file or fully document
it and then update the totals at the top and the summary lines (the numeric
totals currently conflicting: 27/116/59 vs 28/117/60). Specifically, if you keep
agents/chief-of-staff.md, add its entry into AGENTS.md (include its purpose:
multi-channel communication triage and drafting) and increment the
agent/skill/command counts to 28/117/60 everywhere; if you remove
chief-of-staff.md, decrement the counts to 27/116/59 and remove any references
to that agent. Ensure AGENTS.md internal summary lines and any total mentions
match the chosen state.

---

Duplicate comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 67: The prompt contains a duplicated context-sensitive pattern "git diff
-- '*.java'"; replace all occurrences with the PR-aware three-dot baseline form
(e.g., "git diff ... -- '*.java'") so the diagnostic diff is aligned with the PR
baseline and avoid repeating the simple "-- '*.java'" pattern; update the
instance in the text matching "git diff -- '*.java'" (the token appears at line
with that exact string) to the three-dot variant and ensure any other duplicates
use the same three-dot baseline consistently.
- Line 79: Replace the repeated context-sensitive command string "git diff --
'*.java'" with the three-dot baseline form (e.g., "git diff ... -- '*.java'")
wherever it appears in the prompt so the diagnostic diff is PR-aware and
consistent; update every instance of the literal "git diff -- '*.java'" to the
three-dot baseline variant and ensure other diff patterns in the prompt follow
this same "..." convention.
- Line 4: Replace the brittle "git diff -- '*.java'" invocation in the prompt
with a PR-aware three‑dot baseline invocation so changed Java files are reliably
listed against the target branch; specifically, update the prompt to run a
three‑dot diff against the remote main branch (e.g., origin/main...HEAD) and ask
for only file names (so it consistently surfaces modified .java files across
clean/sandboxed checkouts) while keeping the '*.java' filter.
- Line 52: Update the guidance about replacing an instanceof check followed by
an explicit cast to be JDK-version conditional: recommend using pattern matching
for instanceof (the "instanceof" pattern feature) only when the project targets
Java 16+; for Java 11 and earlier advise keeping the existing explicit cast
approach (e.g., check with instanceof then cast) and optionally suggest a TODO
comment or migration note for upgrading the JDK when feasible. Ensure the text
references the "instanceof" check and the explicit cast pattern so readers know
which code to change and when to avoid it.

In @.opencode/prompts/agents/loop-operator.txt:
- Around line 33-39: Add an explicit security hard-stop to the "Escalation"
section: include a new condition like "security issue detected — halt loop and
delegate to security-reviewer agent" and document the required immediate actions
(stop the autonomous loop, invoke the security-reviewer agent for CRITICAL
fixes, rotate any exposed secrets, and trigger a codebase-wide security
scan/review). Update the Escalation list entry text in the loop-operator prompt
so the operator knows to immediately halt execution and call the
security-reviewer agent with severity=CRITICAL and remedial steps when a
security issue is observed.

---

Nitpick comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 26-31: The "Required Checks" section duplicates the four items
already listed under "Pre-Execution Validation"; update the "Required Checks"
header to clarify its role by adding a short note such as "Summary of checks
detailed above" or "Quick summary of Pre-Execution Validation" immediately
beneath the "Required Checks" heading so readers understand this is a concise
reference rather than new content (refer to the "Required Checks" and
"Pre-Execution Validation" headings in the prompt file).

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b1abbdf2-871a-4c5a-9cdb-9ebc799446c5

📥 Commits

Reviewing files that changed from the base of the PR and between b435ddc and 52fda6c.

📒 Files selected for processing (12)
  • .opencode/opencode.json
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/cpp-reviewer.txt
  • .opencode/prompts/agents/docs-lookup.txt
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/java-build-resolver.txt
  • .opencode/prompts/agents/java-reviewer.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/kotlin-reviewer.txt
  • .opencode/prompts/agents/loop-operator.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • AGENTS.md
✅ Files skipped from review due to trivial changes (8)
  • .opencode/prompts/agents/cpp-build-resolver.txt
  • .opencode/prompts/agents/kotlin-reviewer.txt
  • .opencode/prompts/agents/harness-optimizer.txt
  • .opencode/prompts/agents/docs-lookup.txt
  • .opencode/prompts/agents/cpp-reviewer.txt
  • .opencode/prompts/agents/python-reviewer.txt
  • .opencode/prompts/agents/kotlin-build-resolver.txt
  • .opencode/prompts/agents/java-build-resolver.txt
🚧 Files skipped from review as they are similar to previous changes (1)
  • .opencode/opencode.json

Comment thread AGENTS.md Outdated
# Everything Claude Code (ECC) — Agent Instructions

This is a **production-ready AI coding plugin** providing 28 specialized agents, 119 skills, 60 commands, and automated hook workflows for software development.
This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix agent/skill/command counts to match the rest of the document and repo state.

Line 3 conflicts with Lines 142–144 (27/116/59 vs 28/117/60), and the repo still contains agents/chief-of-staff.md. Please make AGENTS.md consistent in one direction (either fully remove or fully document that agent and update all totals accordingly).

Suggested doc sync patch
-This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development.
+This is a **production-ready AI coding plugin** providing 28 specialized agents, 117 skills, 60 commands, and automated hook workflows for software development.
-agents/          — 28 specialized subagents
-skills/          — 117 workflow skills and domain knowledge
-commands/        — 60 slash commands
+agents/          — 28 specialized subagents
+skills/          — 117 workflow skills and domain knowledge
+commands/        — 60 slash commands

Based on learnings: "Use chief-of-staff agent for multi-channel communication triage and drafting (email, Slack, LINE, Messenger)".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development.
This is a **production-ready AI coding plugin** providing 28 specialized agents, 117 skills, 60 commands, and automated hook workflows for software development.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@AGENTS.md` at line 3, Update AGENTS.md to make counts and content consistent
with the repository state: either remove the chief-of-staff agent file or fully
document it and then update the totals at the top and the summary lines (the
numeric totals currently conflicting: 27/116/59 vs 28/117/60). Specifically, if
you keep agents/chief-of-staff.md, add its entry into AGENTS.md (include its
purpose: multi-channel communication triage and drafting) and increment the
agent/skill/command counts to 28/117/60 everywhere; if you remove
chief-of-staff.md, decrement the counts to 27/116/59 and remove any references
to that agent. Ensure AGENTS.md internal summary lines and any total mentions
match the chosen state.

@affaan-m

Copy link
Copy Markdown
Owner

thanks for the contribution. there are merge conflicts with the latest main. can you rebase on the current branch head and push again? once that is done we can take another look.

@nayanjaiswal1

Copy link
Copy Markdown
Contributor Author

Resolved merge conflict in AGENTS.md - updated agent/skills/command count from 27/116/59 to 28/125/60 to match origin/main.

@ecc-tools

ecc-tools Bot commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Analyzing 5000 commits...

@ecc-tools

ecc-tools Bot commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting
Cause Resolution
Large repository Analysis may timeout on repos with extensive history
API rate limits Wait 15 minutes before retrying
Network issues Queue timeout is 15 minutes; retry may succeed
Permissions Verify app has Contents: Read access

Retry: /ecc-tools analyze


Report Issue | ECC Tools

@nayanjaiswal1

Copy link
Copy Markdown
Contributor Author

thanks for the contribution. there are merge conflicts with the latest main. can you rebase on the current branch head and push again? once that is done we can take another look.

done

@nayanjaiswal1 nayanjaiswal1 requested a review from affaan-m March 25, 2026 15:33
@affaan-m affaan-m merged commit f90f269 into affaan-m:main Mar 31, 2026
4 checks passed
@nayanjaiswal1 nayanjaiswal1 deleted the feat/opencode-complete-agents-setup branch March 31, 2026 22:32
peiking88 pushed a commit to peiking88/everything-claude-code that referenced this pull request Apr 4, 2026
…prompts (affaan-m#726)

* feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts

Summary:
- Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer
- Update opencode.json to register all 25 agents (previously only 14 were configured)

Type:
- [x] Agent

Testing:
- Verified JSON syntax is valid
- All 25 agents now have corresponding prompt files in .opencode/prompts/agents/
- opencode.json updated with all agent configurations

* fix: address PR review comments - add SOUL.md, update AGENTS.md, fix tool configs, and refine agent prompts

* fix: remove chief-of-staff agent and SOUL.md per affaan-m review

- Remove chief-of-staff agent from opencode.json (outside ECC scope)
- Remove chief-of-staff.txt prompt file
- Remove SOUL.md file
- Remove chief-of-staff from AGENTS.md table and orchestration section
- Update agent count from 28 to 27

---------

Co-authored-by: Nayan Jaiswal <jaiswal2062@gmail.com>
FrancescoRosciano pushed a commit to FRosciano-Mambo/everything-claude-code that referenced this pull request Jun 1, 2026
…prompts (affaan-m#726)

* feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts

Summary:
- Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer
- Update opencode.json to register all 25 agents (previously only 14 were configured)

Type:
- [x] Agent

Testing:
- Verified JSON syntax is valid
- All 25 agents now have corresponding prompt files in .opencode/prompts/agents/
- opencode.json updated with all agent configurations

* fix: address PR review comments - add SOUL.md, update AGENTS.md, fix tool configs, and refine agent prompts

* fix: remove chief-of-staff agent and SOUL.md per affaan-m review

- Remove chief-of-staff agent from opencode.json (outside ECC scope)
- Remove chief-of-staff.txt prompt file
- Remove SOUL.md file
- Remove chief-of-staff from AGENTS.md table and orchestration section
- Update agent count from 28 to 27

---------

Co-authored-by: Nayan Jaiswal <jaiswal2062@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants