feat(opencode): complete OpenCode agent setup - add 10 missing agent prompts#726
Conversation
|
Analysis Failed
Troubleshooting
Retry: |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdded 13 new subagent entries and corresponding prompt files to OpenCode: language-specific reviewers and build-resolvers (C++, Java, Kotlin, Python, Rust), plus docs-lookup, harness-optimizer, and loop-operator; each agent includes mode, model, prompt reference, and tool permission settings. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR completes the OpenCode agent harness by adding 10 missing language-specific agent prompt files (C++, Java, Kotlin, Python reviewers + their build resolvers, plus Key issues found:
Confidence Score: 4/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
User([User Request]) --> OC[OpenCode Runtime]
OC -->|reads| AGMD[AGENTS.md instructions]
OC -->|loads| JSON[opencode.json agent registry]
JSON --> Primary[build - primary agent]
JSON --> Reviewers[Reviewer Agents]
JSON --> Resolvers[Build Resolver Agents]
JSON --> Ops[Operations Agents]
Reviewers --> CPP_R[cpp-reviewer - NEW]
Reviewers --> Java_R[java-reviewer - NEW]
Reviewers --> Kotlin_R[kotlin-reviewer - NEW]
Reviewers --> Python_R[python-reviewer - NEW]
Reviewers --> Go_R[go-reviewer]
Reviewers --> Rust_R[rust-reviewer]
Resolvers --> CPP_B[cpp-build-resolver - NEW]
Resolvers --> Java_B[java-build-resolver - NEW]
Resolvers --> Kotlin_B[kotlin-build-resolver - NEW]
Resolvers --> Go_B[go-build-resolver]
Resolvers --> Rust_B[rust-build-resolver]
Ops --> DocsL[docs-lookup - NEW]
Ops --> HarnessO[harness-optimizer - NEW]
Ops --> LoopOp[loop-operator - NEW]
AGMD -.->|listed but missing from JSON| Ghost1[pytorch-build-resolver - WARNING]
AGMD -.->|listed but missing from JSON| Ghost2[typescript-reviewer - WARNING]
HarnessO -->|calls unregistered command| Audit[harness-audit - NOT FOUND]
style Ghost1 fill:#ffcccc,stroke:#cc0000
style Ghost2 fill:#ffcccc,stroke:#cc0000
style Audit fill:#ffcccc,stroke:#cc0000
style CPP_R fill:#ccffcc,stroke:#009900
style Java_R fill:#ccffcc,stroke:#009900
style Kotlin_R fill:#ccffcc,stroke:#009900
style Python_R fill:#ccffcc,stroke:#009900
style CPP_B fill:#ccffcc,stroke:#009900
style Java_B fill:#ccffcc,stroke:#009900
style Kotlin_B fill:#ccffcc,stroke:#009900
style DocsL fill:#ccffcc,stroke:#009900
style HarnessO fill:#ccffcc,stroke:#009900
style LoopOp fill:#ccffcc,stroke:#009900
Reviews (6): Last reviewed commit: "Merge remote-tracking branch 'origin/mai..." | Re-trigger Greptile |
There was a problem hiding this comment.
Actionable comments posted: 8
🧹 Nitpick comments (5)
.opencode/prompts/agents/harness-optimizer.txt (1)
24-27: Align output fields with/harness-auditcontract
baseline scorecardis ambiguous against the command’s deterministic output (overall_score, category scores,top_actions). Please mirror those keys to keep downstream parsing stable.Suggested output wording update
- - baseline scorecard + - baseline: overall_score/max_score + category scores + top_actions - applied changes - measured improvements - remaining risks🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/harness-optimizer.txt around lines 24 - 27, Replace the ambiguous output fields in .opencode/prompts/agents/harness-optimizer.txt so they mirror the /harness-audit contract: change the string "baseline scorecard" to use the deterministic keys like "overall_score" (and include category-specific score keys e.g., "security_score", "cost_score" as applicable), map "applied changes" to "top_actions" (or an array of action objects), ensure "measured improvements" emit explicit category score deltas using the same category keys, and keep "remaining risks" as a clear "remaining_risks" field; update any surrounding wording to emit those exact keys so downstream parsing matches the /harness-audit schema..opencode/prompts/agents/python-reviewer.txt (1)
61-61: Avoid repo-specific coverage target in default diagnostics.
--cov=appassumes a package name that may not exist. Prefer a generic command or explicit placeholder.Suggested prompt adjustment
-pytest --cov=app --cov-report=term-missing # Test coverage +pytest --cov --cov-report=term-missing # Test coverage (or replace with project package)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/python-reviewer.txt at line 61, Replace the repo-specific pytest invocation that contains "--cov=app" (the line "pytest --cov=app --cov-report=term-missing") with a generic or placeholder coverage flag; update the prompt to use either no --cov option or a generic token like "--cov=<package>" or "pytest --cov=<PACKAGE> --cov-report=term-missing" so the default diagnostics do not assume a package named "app"..opencode/prompts/agents/java-reviewer.txt (1)
64-70: Align diagnostic commands with detected build tool.The prompt says to determine build tool first, but the command list still mixes Maven/Gradle goals unconditionally. Split the diagnostics into “Maven-only” and “Gradle-only” sections to reduce false failures.
Also applies to: 74-74
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt around lines 64 - 70, The command list currently runs both Maven and Gradle goals unconditionally; update the diagnostics in the prompt to split commands into Maven-only and Gradle-only groups and invoke only the appropriate group based on the earlier detected build tool (e.g., using the existing detection result for pom.xml vs build.gradle). Specifically, replace the mixed sequence (mvn verify, ./gradlew check, ./mvnw checkstyle:check, ./mvnw spotbugs:check, ./mvnw test, ./mvnw dependency-check:check, grep ...) with two clearly labeled lists and ensure the agent executes only the matching list for Maven or Gradle, and apply the same change to the similar block referenced at lines 74-74..opencode/prompts/agents/kotlin-build-resolver.txt (2)
57-57: Avoid destructive cache deletion in baseline troubleshooting flow.
rm -rf .gradle/build-cache/is heavy for a default diagnostic step and can slow iteration significantly. Keep this as a last-resort note, not a standard command.Based on learnings: Use build-error-resolver agent to analyze errors, fix incrementally, and verify after each fix.Suggested prompt adjustment
-# Clear project-local Gradle build cache -./gradlew clean && rm -rf .gradle/build-cache/ +# Clean build outputs (use cache deletion only as last resort) +./gradlew clean🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/kotlin-build-resolver.txt at line 57, The diagnostic step currently runs "./gradlew clean && rm -rf .gradle/build-cache/" which dangerously deletes the Gradle build cache by default; change the prompt in kotlin-build-resolver.txt so the default command is just "./gradlew clean" (remove "&& rm -rf .gradle/build-cache/"), and instead add a short follow-up note that "rm -rf .gradle/build-cache/" is a last-resort action to use only after incremental fixes fail; also reference using the build-error-resolver agent to analyze errors, apply fixes incrementally, and verify after each change (mention build-error-resolver and the cleaned "./gradlew clean" command to locate where to update).
73-77: Include Kotlin/Gradle version compatibility notes forcompilerOptionssyntax.The
compilerOptionsblock in the example requires Kotlin Gradle Plugin 1.8.0 or later. Add a note indicating the version requirement and fallback syntax for older projects:Suggested addition after the code block
Note: compilerOptions syntax requires KGP 1.8.0+. For older versions (KGP < 1.8.0), use: tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach { kotlinOptions { jvmTarget = "17" freeCompilerArgs += listOf("-Xjsr305=strict") allWarningsAsErrors = true } }This helps the agent handle builds with varying Kotlin versions gracefully.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/kotlin-build-resolver.txt around lines 73 - 77, Add a compatibility note after the kotlin { compilerOptions { ... } } block that states the compilerOptions syntax requires Kotlin Gradle Plugin (KGP) 1.8.0 or newer and provide a fallback approach for older KGP versions (KGP < 1.8.0) using tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach to set kotlinOptions (including jvmTarget, freeCompilerArgs and allWarningsAsErrors) so agents working with older projects can apply the equivalent settings.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.opencode/opencode.json:
- Around line 217-225: The docs-lookup agent entry currently grants only "read"
and "bash" tools but needs explicit Context7 MCP tool permissions; update the
"docs-lookup" object (the agent named "docs-lookup") to either add a
"permission" block granting "context7_*" tool access (e.g.,
"permission":{"tool":{"context7_*":"allow"}}) or add legacy explicit tool flags
for the required Context7 actions (e.g., include "context7_resolve-library-id":
true and "context7_query-docs": true under "tools") so the agent can call
resolve-library-id and query-docs without runtime permission prompts.
In @.opencode/prompts/agents/chief-of-staff.txt:
- Around line 69-77: The step "Git commit & push — Version-control all knowledge
file changes" in the post-send checklist introduces automatic external side
effects; change it to a safe, non-automatic workflow by replacing that line with
a queued/manual flow (e.g., "Git: Stage changes and queue for review; require
explicit approval to commit & push" or "Create local commit only; do NOT push
without approval"), and add a note that pushing requires explicit user
confirmation or an opt-in flag; update any related consumer text that assumes
auto-push behavior to reflect the new manual/queued commit flow.
In @.opencode/prompts/agents/cpp-build-resolver.txt:
- Around line 13-18: The current command sequence runs "cmake --build build"
before generating build files and may fail on clean environments; reorder the
steps so you run "cmake -B build -S ." (configure/generate) before "cmake
--build build" and keep the diagnostics lines (the tail/head wrappers and
"clang-tidy src/*.cpp -- -std=c++17") so the build-resolver agent config runs
configure first, then build, then static analysis to allow incremental
troubleshooting with the build-error-resolver agent.
In @.opencode/prompts/agents/java-build-resolver.txt:
- Line 44: The table row currently uses the British spelling "Initialise
variable before use" while nearby text uses US spelling ("Uninitialized");
update that cell to the US variant by changing "Initialise variable before use"
to "Initialize variable before use" so the wording is consistent across the
prompt.
- Around line 15-25: The prompt currently runs both Maven and Gradle commands
unconditionally; change it to detect the repo's build system first (look for
mvnw/mvn or pom.xml to pick Maven, gradlew/gradle or build.gradle(.kts) to pick
Gradle) and only execute the appropriate command set; for Maven-run the compile,
test, dependency:tree (and checkstyle/spotbugs fallbacks) lines currently shown
for mvnw/mvn, and for Gradle-run the build and runtimeClasspath dependency query
lines for gradlew/gradle, ensuring the script uses the detected wrapper (mvnw vs
mvn, gradlew vs gradle) and skips the other tool entirely to avoid noise.
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 15-20: The "Required Checks" list names mandatory safety
conditions (quality gates, eval baseline, rollback path, branch/worktree
isolation) but the prompt never enforces them; update the loop operator prompt
to add an explicit pre-execution validation step that verifies each check and
aborts the loop if any are missing or failing (e.g., "Before starting the loop,
confirm quality gates pass, an eval baseline exists, a rollback path is
available, and branch/worktree isolation is configured; if any check fails, stop
and report which check failed"). Reference the "Required Checks" section and
ensure the prompt language requires the agent to actively validate and report
these four items before proceeding.
In @.opencode/prompts/agents/python-reviewer.txt:
- Around line 14-15: The checklist's Path Traversal item is insufficient:
replace the current "normpath + '..' filtering" guidance with a requirement to
canonicalize user-supplied paths (e.g., using realpath/resolve) and validate
them against a base-directory allowlist via a secure commonpath/startsWith
check, explicitly reject absolute paths or paths that escape the base via
symlinks, and add a note to test with symlink/absolute-path bypass cases; update
the prompt text that mentions normpath and `..` filtering to reference
canonicalization and base-directory allowlisting as mandatory controls.
---
Nitpick comments:
In @.opencode/prompts/agents/harness-optimizer.txt:
- Around line 24-27: Replace the ambiguous output fields in
.opencode/prompts/agents/harness-optimizer.txt so they mirror the /harness-audit
contract: change the string "baseline scorecard" to use the deterministic keys
like "overall_score" (and include category-specific score keys e.g.,
"security_score", "cost_score" as applicable), map "applied changes" to
"top_actions" (or an array of action objects), ensure "measured improvements"
emit explicit category score deltas using the same category keys, and keep
"remaining risks" as a clear "remaining_risks" field; update any surrounding
wording to emit those exact keys so downstream parsing matches the
/harness-audit schema.
In @.opencode/prompts/agents/java-reviewer.txt:
- Around line 64-70: The command list currently runs both Maven and Gradle goals
unconditionally; update the diagnostics in the prompt to split commands into
Maven-only and Gradle-only groups and invoke only the appropriate group based on
the earlier detected build tool (e.g., using the existing detection result for
pom.xml vs build.gradle). Specifically, replace the mixed sequence (mvn verify,
./gradlew check, ./mvnw checkstyle:check, ./mvnw spotbugs:check, ./mvnw test,
./mvnw dependency-check:check, grep ...) with two clearly labeled lists and
ensure the agent executes only the matching list for Maven or Gradle, and apply
the same change to the similar block referenced at lines 74-74.
In @.opencode/prompts/agents/kotlin-build-resolver.txt:
- Line 57: The diagnostic step currently runs "./gradlew clean && rm -rf
.gradle/build-cache/" which dangerously deletes the Gradle build cache by
default; change the prompt in kotlin-build-resolver.txt so the default command
is just "./gradlew clean" (remove "&& rm -rf .gradle/build-cache/"), and instead
add a short follow-up note that "rm -rf .gradle/build-cache/" is a last-resort
action to use only after incremental fixes fail; also reference using the
build-error-resolver agent to analyze errors, apply fixes incrementally, and
verify after each change (mention build-error-resolver and the cleaned
"./gradlew clean" command to locate where to update).
- Around line 73-77: Add a compatibility note after the kotlin { compilerOptions
{ ... } } block that states the compilerOptions syntax requires Kotlin Gradle
Plugin (KGP) 1.8.0 or newer and provide a fallback approach for older KGP
versions (KGP < 1.8.0) using
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile::class.java).configureEach
to set kotlinOptions (including jvmTarget, freeCompilerArgs and
allWarningsAsErrors) so agents working with older projects can apply the
equivalent settings.
In @.opencode/prompts/agents/python-reviewer.txt:
- Line 61: Replace the repo-specific pytest invocation that contains "--cov=app"
(the line "pytest --cov=app --cov-report=term-missing") with a generic or
placeholder coverage flag; update the prompt to use either no --cov option or a
generic token like "--cov=<package>" or "pytest --cov=<PACKAGE>
--cov-report=term-missing" so the default diagnostics do not assume a package
named "app".
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 402c763a-81f1-448c-b468-dc1fb5c46348
📒 Files selected for processing (12)
.opencode/opencode.json.opencode/prompts/agents/chief-of-staff.txt.opencode/prompts/agents/cpp-build-resolver.txt.opencode/prompts/agents/cpp-reviewer.txt.opencode/prompts/agents/docs-lookup.txt.opencode/prompts/agents/harness-optimizer.txt.opencode/prompts/agents/java-build-resolver.txt.opencode/prompts/agents/java-reviewer.txt.opencode/prompts/agents/kotlin-build-resolver.txt.opencode/prompts/agents/kotlin-reviewer.txt.opencode/prompts/agents/loop-operator.txt.opencode/prompts/agents/python-reviewer.txt
| "docs-lookup": { | ||
| "description": "Documentation specialist using Context7 MCP to fetch current library and API documentation with code examples.", | ||
| "mode": "subagent", | ||
| "model": "anthropic/claude-sonnet-4-5", | ||
| "prompt": "{file:prompts/agents/docs-lookup.txt}", | ||
| "tools": { | ||
| "read": true, | ||
| "bash": true | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify current wiring and whether any agent explicitly grants MCP tools
rg -n '"docs-lookup"|mcp_\*|"tools"|context7' .opencode/opencode.json mcp-configs/mcp-servers.json
rg -n '"mcp"' .opencode/opencode.jsonRepository: affaan-m/everything-claude-code
Length of output: 1470
🌐 Web query:
In OpenCode agent configuration, what is the exact way to grant a subagent access to MCP tools (e.g., Context7 resolve-library-id/query-docs)? Is a dedicated mcptool flag required underagent..tools?
💡 Result:
To grant a subagent access to MCP tools like Context7's resolve-library-id or query-docs in OpenCode agent configuration, configure the subagent's tools or permissions under agent.<name>. Explicitly enable the relevant MCP-prefixed tools using glob patterns. MCP tools from a server named "context7" appear as "context7_" (e.g., "context7_resolve-library-id"). First, define the MCP server globally in the top-level "mcp" section of opencode.json: { "mcp": { "context7": { "type": "remote", "url": "https://mcp.context7.com/mcp" } } } Then, for the subagent, enable access in agent.<name>.tools (legacy but supported) or preferably agent.<name>.permission.tool: Using tools (legacy/deprecated): { "agent": { "my-subagent": { "mode": "subagent", "tools": { "context7_": true } } } } Using permissions (recommended, new configs): { "agent": { "my-subagent": { "mode": "subagent", "permission": { "tool": { "context7_": "allow" } } } } } A dedicated "mcp" tool flag is not required; MCP tools are treated as regular tools with servername_ naming and controlled via tools/permissions like built-ins. Globally disable if needed ("tools": {"context7_*": false}), then override per-agent. Note: There is a known bug (as of 2026-03-07) where task-spawned subagents may not inherit MCP permissions properly despite tools appearing available; explicitly configure agent permissions to mitigate.
Citations:
- 1: https://opencodeguide.com/en/docs/configure/agents/
- 2: https://opencode.ai/docs/agents/
- 3: https://opencode.ai/docs/tools/
- 4: https://dev.opencode.ai/docs/agents/
- 5: [BUG] Subagents spawned via Task tool cannot execute MCP tools despite appearing in tool registry anomalyco/opencode#16491
- 6: https://dev.opencode.ai/docs/mcp-servers/
- 7: https://opencode.ai/docs/mcp-servers/
🏁 Script executed:
# Read the docs-lookup prompt file to verify it requires Context7 MCP tools
find . -name "docs-lookup.txt" -o -name "prompts" -type d | head -5Repository: affaan-m/everything-claude-code
Length of output: 137
🏁 Script executed:
# Check if there are any agents that DO explicitly grant context7 tools
rg -A 5 '"tools"\s*:\s*\{' .opencode/opencode.json | grep -A 5 'context7'Repository: affaan-m/everything-claude-code
Length of output: 57
🏁 Script executed:
# Look at the full docs-lookup agent config and nearby agents for comparison
sed -n '217,230p' .opencode/opencode.jsonRepository: affaan-m/everything-claude-code
Length of output: 654
🏁 Script executed:
# Read the docs-lookup prompt to verify it requires Context7 MCP
cat ./.opencode/prompts/agents/docs-lookup.txtRepository: affaan-m/everything-claude-code
Length of output: 2883
🏁 Script executed:
# Search for any agents that DO grant context7 tools to see proper pattern
rg -B 2 'context7' .opencode/opencode.jsonRepository: affaan-m/everything-claude-code
Length of output: 57
Grant docs-lookup explicit access to Context7 MCP tools
The agent's prompt explicitly requires resolve-library-id and query-docs from Context7 MCP, but the config only grants read and bash. Without explicit tool grants, the agent will trigger permission requests at runtime instead of executing deterministically.
Add to the docs-lookup agent:
"permission": {
"tool": {
"context7_*": "allow"
}
}Or use the legacy syntax: "tools": {"context7_resolve-library-id": true, "context7_query-docs": true}
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/opencode.json around lines 217 - 225, The docs-lookup agent entry
currently grants only "read" and "bash" tools but needs explicit Context7 MCP
tool permissions; update the "docs-lookup" object (the agent named
"docs-lookup") to either add a "permission" block granting "context7_*" tool
access (e.g., "permission":{"tool":{"context7_*":"allow"}}) or add legacy
explicit tool flags for the required Context7 actions (e.g., include
"context7_resolve-library-id": true and "context7_query-docs": true under
"tools") so the agent can call resolve-library-id and query-docs without runtime
permission prompts.
| - **Path Traversal**: user-controlled paths — validate with normpath, reject `..` | ||
| - **Eval/exec abuse**, **unsafe deserialization**, **hardcoded secrets** |
There was a problem hiding this comment.
Path traversal guidance is incomplete for CRITICAL security checks.
normpath + .. filtering alone can still be bypassed (absolute paths/symlinks). This should require canonicalization and base-directory allowlisting in the checklist.
Suggested prompt adjustment
-- **Path Traversal**: user-controlled paths — validate with normpath, reject `..`
+- **Path Traversal**: user-controlled paths — resolve to canonical path and enforce it stays within an allowed base directory (do not rely only on `..` checks)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/prompts/agents/python-reviewer.txt around lines 14 - 15, The
checklist's Path Traversal item is insufficient: replace the current "normpath +
'..' filtering" guidance with a requirement to canonicalize user-supplied paths
(e.g., using realpath/resolve) and validate them against a base-directory
allowlist via a secure commonpath/startsWith check, explicitly reject absolute
paths or paths that escape the base via symlinks, and add a note to test with
symlink/absolute-path bypass cases; update the prompt text that mentions
normpath and `..` filtering to reference canonicalization and base-directory
allowlisting as mandatory controls.
|
Analysis Failed
Troubleshooting
Retry: |
|
Thank you for the detailed review! I've addressed all the issues in commit : Greptile Critical Issues Fixed:
CodeRabbit Nitpicks Fixed:
All fixes are pushed to . |
nayanjaiswal1
left a comment
There was a problem hiding this comment.
Thanks @coderabbitai! All nitpick suggestions have been addressed in commit :
- : Output fields now match /harness-audit contract with proper score keys
- : Generic pytest coverage command
- : Split Maven/Gradle diagnostics
- : Removed aggressive cache deletion + added KGP version fallback
- : Fixed cmake command order
- : Fixed spelling + added build detection
- : Added pre-execution validation step
- : Manual git push flow
|
Note: The Path Traversal suggestion for python-reviewer.txt (line 14-15 about canonicalization vs normpath) was reviewed but not addressed in this PR — the current normpath guidance remains. |
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (3)
.opencode/prompts/agents/SOUL.md (1)
45-47: Use consistent minute formatting for readability (30 minvs30min).Not blocking, but spacing units improves doc clarity and avoids grammar-lint noise.
Proposed fix
-- **Default meeting duration**: 30min / 45min / 60min (default: 30min) +- **Default meeting duration**: 30 min / 45 min / 60 min (default: 30 min) ... -- **Buffer between meetings**: 0 / 5 / 15 min (default: 5min) +- **Buffer between meetings**: 0 / 5 / 15 min (default: 5 min)🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/SOUL.md around lines 45 - 47, Update the minute formatting in the listed options to include a space between the number and "min" for consistency: change "30min", "45min", "60min" to "30 min", "45 min", "60 min" in the "Default meeting duration" line, and change "5min" to "5 min" in the "Buffer between meetings" line; keep the rest of the wording identical..opencode/prompts/agents/java-reviewer.txt (1)
68-69: Avoid|| mvn ...fallback that can mask real Maven wrapper failures.At Line 68 and Line 69,
./mvnw ... || mvn ...will runmvnafter any wrapper command failure (including real compile/test failures), which can obscure diagnostics. Prefer explicit wrapper-exists branching.🔧 Proposed update
-./mvnw compile -q 2>&1 || mvn compile -q 2>&1 -./mvnw verify -q 2>&1 || mvn verify -q 2>&1 +if [ -x ./mvnw ]; then ./mvnw compile -q 2>&1; else mvn compile -q 2>&1; fi +if [ -x ./mvnw ]; then ./mvnw verify -q 2>&1; else mvn verify -q 2>&1; fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt around lines 68 - 69, The current fallback "./mvnw ... || mvn ..." masks genuine wrapper failures by always running mvn after any mvnw failure; replace the fallback with an explicit check for the wrapper’s presence/executability and run either the wrapper or the system maven accordingly for both the compile and verify steps (identify occurrences of "./mvnw compile -q" and "./mvnw verify -q" in the file), so only when the wrapper is truly absent/unusable do we run "mvn" and real wrapper errors aren’t hidden..opencode/prompts/agents/loop-operator.txt (1)
26-31: Consider removing redundant Required Checks section.Lines 26-31 duplicate the checks already listed in the Pre-Execution Validation section (lines 19-22). Since the validation section includes both the checks AND enforcement instructions, this section adds redundancy without additional value.
♻️ Proposed simplification
If any check fails, **STOP immediately** and report which check failed before proceeding. -## Required Checks - -- quality gates are active -- eval baseline exists -- rollback path exists -- branch/worktree isolation is configured - ## Escalation🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/loop-operator.txt around lines 26 - 31, Remove the redundant "## Required Checks" block (the four bullet items: "quality gates are active", "eval baseline exists", "rollback path exists", "branch/worktree isolation is configured") since those checks are already covered under the "Pre-Execution Validation" section; locate the "Required Checks" heading and delete that heading plus its bullet list so the document only keeps the singular "Pre-Execution Validation" entry.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 4: Replace the context-sensitive git invocation "git diff -- '*.java'"
with a PR-aware diff that compares the feature branch against the target
baseline (for example origin/main...HEAD) and restricts output to Java files
(use the name-only output and the '*.java' pathspec); update the command in the
prompt line so the reviewer reliably sees all changed Java files across
clean/sandboxed checkouts.
In @.opencode/prompts/agents/SOUL.md:
- Line 12: Replace the malformed bold key `** formality_level**` with a
correctly formatted bold key by removing the leading space so it reads
`**formality_level**`; update the instance in SOUL.md (the `formality_level`
key) to match the other bolded keys' formatting.
- Around line 1-4: SOUL.md is missing the required YAML frontmatter which breaks
agent discovery; add a top-of-file YAML frontmatter block that declares the
agent's name, a short description, the tools array, and the model string (i.e.,
include keys: name, description, tools, model) so the agent parser can recognize
it; ensure the frontmatter is valid YAML (surrounded by ---) and that the tools
field lists any tool identifiers used by this agent and the model field
specifies the model to use, then save SOUL.md with the frontmatter followed by
the existing Markdown content.
---
Nitpick comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Around line 68-69: The current fallback "./mvnw ... || mvn ..." masks genuine
wrapper failures by always running mvn after any mvnw failure; replace the
fallback with an explicit check for the wrapper’s presence/executability and run
either the wrapper or the system maven accordingly for both the compile and
verify steps (identify occurrences of "./mvnw compile -q" and "./mvnw verify -q"
in the file), so only when the wrapper is truly absent/unusable do we run "mvn"
and real wrapper errors aren’t hidden.
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 26-31: Remove the redundant "## Required Checks" block (the four
bullet items: "quality gates are active", "eval baseline exists", "rollback path
exists", "branch/worktree isolation is configured") since those checks are
already covered under the "Pre-Execution Validation" section; locate the
"Required Checks" heading and delete that heading plus its bullet list so the
document only keeps the singular "Pre-Execution Validation" entry.
In @.opencode/prompts/agents/SOUL.md:
- Around line 45-47: Update the minute formatting in the listed options to
include a space between the number and "min" for consistency: change "30min",
"45min", "60min" to "30 min", "45 min", "60 min" in the "Default meeting
duration" line, and change "5min" to "5 min" in the "Buffer between meetings"
line; keep the rest of the wording identical.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: a6672bd2-7f00-4587-8fe1-d1030a4b0c6f
📒 Files selected for processing (11)
.opencode/opencode.json.opencode/prompts/agents/SOUL.md.opencode/prompts/agents/chief-of-staff.txt.opencode/prompts/agents/cpp-build-resolver.txt.opencode/prompts/agents/harness-optimizer.txt.opencode/prompts/agents/java-build-resolver.txt.opencode/prompts/agents/java-reviewer.txt.opencode/prompts/agents/kotlin-build-resolver.txt.opencode/prompts/agents/loop-operator.txt.opencode/prompts/agents/python-reviewer.txtAGENTS.md
✅ Files skipped from review due to trivial changes (8)
- AGENTS.md
- .opencode/prompts/agents/harness-optimizer.txt
- .opencode/prompts/agents/cpp-build-resolver.txt
- .opencode/prompts/agents/java-build-resolver.txt
- .opencode/prompts/agents/chief-of-staff.txt
- .opencode/prompts/agents/kotlin-build-resolver.txt
- .opencode/prompts/agents/python-reviewer.txt
- .opencode/opencode.json
| You are a senior Java engineer ensuring high standards of idiomatic Java and Spring Boot best practices. | ||
|
|
||
| When invoked: | ||
| 1. Run `git diff -- '*.java'` to see recent Java file changes |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Use a PR-aware diff baseline to avoid missing changed Java files.
Line 4 (git diff -- '*.java') is context-sensitive and can miss target-branch changes in clean/sandboxed checkouts. Use an explicit baseline (e.g., origin/main...HEAD) so the reviewer reliably scopes modified Java files.
🔧 Proposed update
-1. Run `git diff -- '*.java'` to see recent Java file changes
+1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 1. Run `git diff -- '*.java'` to see recent Java file changes | |
| 1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the
context-sensitive git invocation "git diff -- '*.java'" with a PR-aware diff
that compares the feature branch against the target baseline (for example
origin/main...HEAD) and restricts output to Java files (use the name-only output
and the '*.java' pathspec); update the command in the prompt line so the
reviewer reliably sees all changed Java files across clean/sandboxed checkouts.
| # SOUL.md — Personal Communication Tone & Relationship Context | ||
|
|
||
| This file defines the user's communication preferences and relationship context for the chief-of-staff agent. | ||
|
|
There was a problem hiding this comment.
Missing required YAML frontmatter for an agent prompt file.
This file is under .opencode/prompts/agents/ but lacks the required frontmatter (name, description, tools, model). That can break agent discovery/parsing conventions.
Proposed fix
+# ---
+# name: chief-of-staff-soul
+# description: Personal communication tone and relationship context for chief-of-staff agent.
+# tools: []
+# model: anthropic/claude-sonnet-4-5
+# ---
+
# SOUL.md — Personal Communication Tone & Relationship Context🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/prompts/agents/SOUL.md around lines 1 - 4, SOUL.md is missing the
required YAML frontmatter which breaks agent discovery; add a top-of-file YAML
frontmatter block that declares the agent's name, a short description, the tools
array, and the model string (i.e., include keys: name, description, tools,
model) so the agent parser can recognize it; ensure the frontmatter is valid
YAML (surrounded by ---) and that the tools field lists any tool identifiers
used by this agent and the model field specifies the model to use, then save
SOUL.md with the frontmatter followed by the existing Markdown content.
| - **Tone**: Professional but friendly | ||
| - **Signature**: None (agent generates without signature) | ||
| - **Reply Style**: Concise, action-oriented | ||
| - ** formality_level**: balanced |
There was a problem hiding this comment.
Fix malformed bold key formatting on Line 12.
** formality_level** has a leading space inside the bold marker; it renders inconsistently and looks like a typo.
Proposed fix
-- ** formality_level**: balanced
+- **formality_level**: balanced🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/prompts/agents/SOUL.md at line 12, Replace the malformed bold key
`** formality_level**` with a correctly formatted bold key by removing the
leading space so it reads `**formality_level**`; update the instance in SOUL.md
(the `formality_level` key) to match the other bolded keys' formatting.
23b1a52 to
b435ddc
Compare
|
Analysis Failed
Troubleshooting
Retry: |
There was a problem hiding this comment.
10 issues found across 14 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".opencode/prompts/agents/SOUL.md">
<violation number="1" location=".opencode/prompts/agents/SOUL.md:12">
P2: Fallback key `formality_level` is malformed with a leading space, creating inconsistent key formatting that can break exact-token field extraction.</violation>
</file>
<file name=".opencode/prompts/agents/cpp-build-resolver.txt">
<violation number="1" location=".opencode/prompts/agents/cpp-build-resolver.txt:25">
P2: Resolution workflow starts with `cmake --build build` despite earlier configure-first guidance, causing inconsistent and potentially failing steps on clean checkouts.</violation>
</file>
<file name=".opencode/prompts/agents/java-reviewer.txt">
<violation number="1" location=".opencode/prompts/agents/java-reviewer.txt:7">
P1: Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.</violation>
</file>
<file name=".opencode/prompts/agents/python-reviewer.txt">
<violation number="1" location=".opencode/prompts/agents/python-reviewer.txt:7">
P2: Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).</violation>
</file>
<file name=".opencode/prompts/agents/loop-operator.txt">
<violation number="1" location=".opencode/prompts/agents/loop-operator.txt:28">
P2: `Required Checks` weakens the quality-gate requirement from 'active and passing' to only 'active', creating contradictory execution criteria.</violation>
</file>
<file name=".opencode/prompts/agents/chief-of-staff.txt">
<violation number="1" location=".opencode/prompts/agents/chief-of-staff.txt:108">
P2: Use OpenCode’s actual instruction-loading mechanism here. Referencing `.claude/rules/*.md` in an OpenCode agent prompt is incorrect and can cause users to configure rules in a location that is never loaded.</violation>
</file>
<file name=".opencode/prompts/agents/cpp-reviewer.txt">
<violation number="1" location=".opencode/prompts/agents/cpp-reviewer.txt:7">
P2: Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.</violation>
<violation number="2" location=".opencode/prompts/agents/cpp-reviewer.txt:54">
P2: Diagnostic command narrows analysis to `src/*.cpp`, missing many changed C++ files promised by earlier instructions.</violation>
</file>
<file name=".opencode/prompts/agents/java-build-resolver.txt">
<violation number="1" location=".opencode/prompts/agents/java-build-resolver.txt:22">
P2: Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.</violation>
</file>
<file name=".opencode/prompts/agents/kotlin-reviewer.txt">
<violation number="1" location=".opencode/prompts/agents/kotlin-reviewer.txt:15">
P2: Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Add one-off context when rerunning by tagging
@cubic-dev-aiwith guidance or docs links (includingllms.txt) - Ask questions if you need clarification on any suggestion
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| 1. Run `git diff -- '*.java'` to see recent Java file changes | ||
| 2. Run `mvn verify -q` or `./gradlew check` if available | ||
| 3. Focus on modified `.java` files | ||
| 4. Begin review immediately |
There was a problem hiding this comment.
P1: Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/java-reviewer.txt, line 7:
<comment>Reviewer prompt lacks a required checks-pass gate and instructs review to begin unconditionally after running checks.</comment>
<file context>
@@ -0,0 +1,97 @@
+1. Run `git diff -- '*.java'` to see recent Java file changes
+2. Run `mvn verify -q` or `./gradlew check` if available
+3. Focus on modified `.java` files
+4. Begin review immediately
+
+You DO NOT refactor or rewrite code — you report findings only.
</file context>
| 1. Run `git diff -- '*.py'` to see recent Python file changes | ||
| 2. Run static analysis tools if available (ruff, mypy, pylint, black --check) | ||
| 3. Focus on modified `.py` files | ||
| 4. Begin review immediately |
There was a problem hiding this comment.
P2: Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/python-reviewer.txt, line 7:
<comment>Reviewer prompt starts review immediately and omits required pre-review gates (CI green and no merge conflicts).</comment>
<file context>
@@ -0,0 +1,85 @@
+1. Run `git diff -- '*.py'` to see recent Python file changes
+2. Run static analysis tools if available (ruff, mypy, pylint, black --check)
+3. Focus on modified `.py` files
+4. Begin review immediately
+
+## Review Priorities
</file context>
| ## Diagnostic Commands | ||
|
|
||
| ```bash | ||
| clang-tidy --checks='*,-llvmlibc-*' src/*.cpp -- -std=c++17 |
There was a problem hiding this comment.
P2: Diagnostic command narrows analysis to src/*.cpp, missing many changed C++ files promised by earlier instructions.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/cpp-reviewer.txt, line 54:
<comment>Diagnostic command narrows analysis to `src/*.cpp`, missing many changed C++ files promised by earlier instructions.</comment>
<file context>
@@ -0,0 +1,65 @@
+## Diagnostic Commands
+
+```bash
+clang-tidy --checks='*,-llvmlibc-*' src/*.cpp -- -std=c++17
+cppcheck --enable=all --suppress=missingIncludeSystem src/
+cmake --build build 2>&1 | head -50
</file context>
| 1. Run `git diff -- '*.cpp' '*.hpp' '*.cc' '*.hh' '*.cxx' '*.h'` to see recent C++ file changes | ||
| 2. Run `clang-tidy` and `cppcheck` if available | ||
| 3. Focus on modified C++ files | ||
| 4. Begin review immediately |
There was a problem hiding this comment.
P2: Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/cpp-reviewer.txt, line 7:
<comment>Reviewer prompt is missing required preconditions (green CI and conflict-free branch) before starting review.</comment>
<file context>
@@ -0,0 +1,65 @@
+1. Run `git diff -- '*.cpp' '*.hpp' '*.cc' '*.hh' '*.cxx' '*.h'` to see recent C++ file changes
+2. Run `clang-tidy` and `cppcheck` if available
+3. Focus on modified C++ files
+4. Begin review immediately
+
+## Review Priorities
</file context>
| ./mvnw compile -q 2>&1 || mvn compile -q 2>&1 | ||
| ./mvnw test -q 2>&1 || mvn test -q 2>&1 | ||
| ./mvnw dependency:tree 2>&1 | head -100 | ||
| ./mvnw checkstyle:check 2>&1 || echo "checkstyle not configured" |
There was a problem hiding this comment.
P2: Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/java-build-resolver.txt, line 22:
<comment>Quality-check commands incorrectly label any failure as “not configured,” masking real Checkstyle/SpotBugs violations.</comment>
<file context>
@@ -0,0 +1,123 @@
+./mvnw compile -q 2>&1 || mvn compile -q 2>&1
+./mvnw test -q 2>&1 || mvn test -q 2>&1
+./mvnw dependency:tree 2>&1 | head -100
+./mvnw checkstyle:check 2>&1 || echo "checkstyle not configured"
+./mvnw spotbugs:check 2>&1 || echo "spotbugs not configured"
+```
</file context>
|
|
||
| ### Step 1: Gather Context | ||
|
|
||
| Run `git diff --staged` and `git diff` to see changes. If no diff, check `git log --oneline -5`. Identify Kotlin/KTS files that changed. |
There was a problem hiding this comment.
P2: Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .opencode/prompts/agents/kotlin-reviewer.txt, line 15:
<comment>Reviewer workflow lacks required readiness gate for green checks and conflict-free branch before starting code review.</comment>
<file context>
@@ -0,0 +1,127 @@
+
+### Step 1: Gather Context
+
+Run `git diff --staged` and `git diff` to see changes. If no diff, check `git log --oneline -5`. Identify Kotlin/KTS files that changed.
+
+### Step 2: Understand Project Structure
</file context>
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
.opencode/prompts/agents/java-reviewer.txt (1)
4-4:⚠️ Potential issue | 🟠 MajorUse a PR-aware diff baseline in all Java diff commands.
git diff -- '*.java'is context-dependent and can miss branch changes. Use an explicit baseline (e.g.,origin/main...HEAD) for reliable scope in local and sandboxed runs.🔧 Proposed update
-1. Run `git diff -- '*.java'` to see recent Java file changes +1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch-git diff -- '*.java' +git diff --name-only origin/main...HEAD -- '*.java'-git diff -- '*.java' +git diff --name-only origin/main...HEAD -- '*.java'Also applies to: 67-67, 79-79
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the context-dependent command string "git diff -- '*.java'" with a PR-aware baseline form (for example "git diff origin/main...HEAD -- '*.java'") wherever it appears in the prompt (including other occurrences of the same command), so the Java diffs use an explicit baseline (origin/main...HEAD) to reliably capture branch changes in local and sandboxed runs..opencode/prompts/agents/SOUL.md (1)
12-12:⚠️ Potential issue | 🟡 MinorFix malformed bold formatting.
The bold marker has a space after the opening
**, making it inconsistent with other list items and potentially breaking rendering.✏️ Proposed fix
-- ** formality_level**: balanced +- **formality_level**: balanced🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/SOUL.md at line 12, There is a malformed bold marker in the markdown list item "** formality_level**: balanced" (note the space after the opening **); remove the extra space so the token reads "**formality_level**: balanced" to match the other items and ensure consistent rendering.
🧹 Nitpick comments (1)
.opencode/prompts/agents/loop-operator.txt (1)
17-17: Minor wording cleanup for concision.Consider “confirm ALL the following checks pass” instead of “confirm ALL of the following checks pass.”
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/loop-operator.txt at line 17, Replace the phrase "Before starting the loop, confirm ALL of the following checks pass:" with the more concise wording "Before starting the loop, confirm ALL the following checks pass:" by editing the line containing that exact string in the prompt file (look for the sentence starting "Before starting the loop, confirm ALL of the following checks pass:") so the only change is removal of the word "of".
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 33-39: Update the Escalation rules to add an explicit security
hard-stop: modify the "Escalation" block so that if any security issue is
detected the loop stops immediately and the flow routes to the security-reviewer
agent, and require that any CRITICAL security findings be fixed before allowing
loop continuation; reference the existing "Escalation" section and the
security-reviewer agent name when adding this new condition and enforcement of
CRITICAL fixes.
---
Duplicate comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 4: Replace the context-dependent command string "git diff -- '*.java'"
with a PR-aware baseline form (for example "git diff origin/main...HEAD --
'*.java'") wherever it appears in the prompt (including other occurrences of the
same command), so the Java diffs use an explicit baseline (origin/main...HEAD)
to reliably capture branch changes in local and sandboxed runs.
In @.opencode/prompts/agents/SOUL.md:
- Line 12: There is a malformed bold marker in the markdown list item "**
formality_level**: balanced" (note the space after the opening **); remove the
extra space so the token reads "**formality_level**: balanced" to match the
other items and ensure consistent rendering.
---
Nitpick comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Line 17: Replace the phrase "Before starting the loop, confirm ALL of the
following checks pass:" with the more concise wording "Before starting the loop,
confirm ALL the following checks pass:" by editing the line containing that
exact string in the prompt file (look for the sentence starting "Before starting
the loop, confirm ALL of the following checks pass:") so the only change is
removal of the word "of".
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: f39664cd-369b-4abf-87f9-8d5e3be48eac
📒 Files selected for processing (14)
.opencode/opencode.json.opencode/prompts/agents/SOUL.md.opencode/prompts/agents/chief-of-staff.txt.opencode/prompts/agents/cpp-build-resolver.txt.opencode/prompts/agents/cpp-reviewer.txt.opencode/prompts/agents/docs-lookup.txt.opencode/prompts/agents/harness-optimizer.txt.opencode/prompts/agents/java-build-resolver.txt.opencode/prompts/agents/java-reviewer.txt.opencode/prompts/agents/kotlin-build-resolver.txt.opencode/prompts/agents/kotlin-reviewer.txt.opencode/prompts/agents/loop-operator.txt.opencode/prompts/agents/python-reviewer.txtAGENTS.md
✅ Files skipped from review due to trivial changes (8)
- .opencode/prompts/agents/kotlin-reviewer.txt
- .opencode/prompts/agents/docs-lookup.txt
- .opencode/prompts/agents/cpp-build-resolver.txt
- .opencode/prompts/agents/cpp-reviewer.txt
- .opencode/prompts/agents/java-build-resolver.txt
- .opencode/prompts/agents/kotlin-build-resolver.txt
- .opencode/prompts/agents/python-reviewer.txt
- .opencode/prompts/agents/harness-optimizer.txt
🚧 Files skipped from review as they are similar to previous changes (2)
- AGENTS.md
- .opencode/opencode.json
| ## Escalation | ||
|
|
||
| Escalate when any condition is true: | ||
| - no progress across two consecutive checkpoints | ||
| - repeated failures with identical stack traces | ||
| - cost drift outside budget window | ||
| - merge conflicts blocking queue advancement |
There was a problem hiding this comment.
Add explicit security escalation in loop stop conditions.
Escalation rules currently miss the required security branch. Add a hard stop that routes to security-reviewer whenever a security issue is detected, and require CRITICAL fixes before loop continuation.
🔒 Prompt hardening diff
## Escalation
Escalate when any condition is true:
- no progress across two consecutive checkpoints
- repeated failures with identical stack traces
- cost drift outside budget window
- merge conflicts blocking queue advancement
+- any security issue is detected
+
+If a security issue is detected, **STOP immediately**, delegate to `security-reviewer`,
+and do not continue until CRITICAL issues are fixed.Based on learnings: If security issue found: STOP immediately and use security-reviewer agent; fix CRITICAL issues before continuing.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.opencode/prompts/agents/loop-operator.txt around lines 33 - 39, Update the
Escalation rules to add an explicit security hard-stop: modify the "Escalation"
block so that if any security issue is detected the loop stops immediately and
the flow routes to the security-reviewer agent, and require that any CRITICAL
security findings be fixed before allowing loop continuation; reference the
existing "Escalation" section and the security-reviewer agent name when adding
this new condition and enforcement of CRITICAL fixes.
affaan-m
left a comment
There was a problem hiding this comment.
Good OpenCode agent parity work, but two issues:
- Remove chief-of-staff agent + SOUL.md — personal email/Slack/LINE triage is outside ECC's scope (dev workflow tools). The language-specific reviewers and build resolvers are great though.
- SOUL.md whitespace — line 14 has a leading space before
formality_level
Remove chief-of-staff/SOUL.md and this is ready to merge.
|
❌ Analysis Failed
Troubleshooting
Retry: |
|
@affaan-m - addressed both review items:
Ready for merge. |
…prompts Summary: - Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer - Update opencode.json to register all 25 agents (previously only 14 were configured) Type: - [x] Agent Testing: - Verified JSON syntax is valid - All 25 agents now have corresponding prompt files in .opencode/prompts/agents/ - opencode.json updated with all agent configurations
…tool configs, and refine agent prompts
- Remove chief-of-staff agent from opencode.json (outside ECC scope) - Remove chief-of-staff.txt prompt file - Remove SOUL.md file - Remove chief-of-staff from AGENTS.md table and orchestration section - Update agent count from 28 to 27
59e1154 to
52fda6c
Compare
|
❌ Analysis Failed
Troubleshooting
Retry: |
|
|
||
| ## Workflow | ||
|
|
||
| 1. Run `/harness-audit` and collect baseline score. |
There was a problem hiding this comment.
/harness-audit command does not exist
The prompt instructs the agent to Run /harness-audit and collect baseline score as its first step, but there is no harness-audit command registered anywhere in .opencode/opencode.json. The defined commands are: plan, tdd, code-review, security, build-fix, e2e, refactor-clean, orchestrate, learn, checkpoint, verify, eval, update-docs, update-codemaps, test-coverage, setup-pm, go-review, go-test, go-build, skill-create, instinct-*, evolve, promote, and projects.
When invoked, the agent will immediately fail or stall at Step 1 because it has no harness-audit command to run. Either add a harness-audit command to opencode.json, or update this prompt to use an existing command (such as a bash-based audit script) as the baseline collection step.
| 1. Run `/harness-audit` and collect baseline score. | |
| 1. Read `.opencode/opencode.json` and all referenced prompt files to collect baseline configuration. |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (5)
.opencode/prompts/agents/loop-operator.txt (1)
33-39:⚠️ Potential issue | 🟠 MajorSecurity escalation condition is still missing.
The Escalation section lacks an explicit security hard-stop. An autonomous loop operator must halt immediately when security issues are detected and delegate to the
security-revieweragent.This was flagged in a previous review but has not yet been addressed.
🔒 Add security escalation condition
## Escalation Escalate when any condition is true: - no progress across two consecutive checkpoints - repeated failures with identical stack traces - cost drift outside budget window - merge conflicts blocking queue advancement +- any security issue is detected + +If a security issue is detected, **STOP immediately**, delegate to `security-reviewer`, +and do not continue until CRITICAL issues are fixed and any exposed secrets are rotated.Based on learnings: Stop immediately when security issue found; use security-reviewer agent to fix CRITICAL issues; rotate any exposed secrets; review codebase for similar issues.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/loop-operator.txt around lines 33 - 39, Add an explicit security hard-stop to the "Escalation" section: include a new condition like "security issue detected — halt loop and delegate to security-reviewer agent" and document the required immediate actions (stop the autonomous loop, invoke the security-reviewer agent for CRITICAL fixes, rotate any exposed secrets, and trigger a codebase-wide security scan/review). Update the Escalation list entry text in the loop-operator prompt so the operator knows to immediately halt execution and call the security-reviewer agent with severity=CRITICAL and remedial steps when a security issue is observed..opencode/prompts/agents/java-reviewer.txt (4)
67-67:⚠️ Potential issue | 🟠 MajorAlign diagnostic git diff with PR-aware baseline.
This repeats the context-sensitive
git diff -- '*.java'pattern flagged at line 4. Use the three-dot baseline consistently throughout the prompt.🔧 Proposed fix
-git diff -- '*.java' +git diff --name-only origin/main...HEAD -- '*.java'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt at line 67, The prompt contains a duplicated context-sensitive pattern "git diff -- '*.java'"; replace all occurrences with the PR-aware three-dot baseline form (e.g., "git diff ... -- '*.java'") so the diagnostic diff is aligned with the PR baseline and avoid repeating the simple "-- '*.java'" pattern; update the instance in the text matching "git diff -- '*.java'" (the token appears at line with that exact string) to the three-dot variant and ensure any other duplicates use the same three-dot baseline consistently.
79-79:⚠️ Potential issue | 🟠 MajorAlign diagnostic git diff with PR-aware baseline.
This repeats the context-sensitive
git diff -- '*.java'pattern flagged at line 4. Use the three-dot baseline consistently throughout the prompt.🔧 Proposed fix
-git diff -- '*.java' +git diff --name-only origin/main...HEAD -- '*.java'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt at line 79, Replace the repeated context-sensitive command string "git diff -- '*.java'" with the three-dot baseline form (e.g., "git diff ... -- '*.java'") wherever it appears in the prompt so the diagnostic diff is PR-aware and consistent; update every instance of the literal "git diff -- '*.java'" to the three-dot baseline variant and ensure other diff patterns in the prompt follow this same "..." convention.
4-4:⚠️ Potential issue | 🟠 MajorUse a PR-aware diff baseline to scope changed Java files reliably.
The command
git diff -- '*.java'is context-sensitive and may miss target-branch changes in clean/sandboxed checkouts. Prefer an explicit three-dot baseline (e.g.,origin/main...HEAD) so the agent reliably surfaces all Java files modified in the current branch.🔧 Proposed fix
-1. Run `git diff -- '*.java'` to see recent Java file changes +1. Run `git diff --name-only origin/main...HEAD -- '*.java'` to see Java files changed in this branch🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt at line 4, Replace the brittle "git diff -- '*.java'" invocation in the prompt with a PR-aware three‑dot baseline invocation so changed Java files are reliably listed against the target branch; specifically, update the prompt to run a three‑dot diff against the remote main branch (e.g., origin/main...HEAD) and ask for only file names (so it consistently surfaces modified .java files across clean/sandboxed checkouts) while keeping the '*.java' filter.
52-52:⚠️ Potential issue | 🟠 MajorAdd JDK-conditional guidance for pattern matching.
Line 52 recommends pattern matching but only mentions "Java 16+" without providing fallback guidance for Java 11 and earlier projects. Provide clear conditional advice: recommend pattern matching only for Java 16+; specify what to do for Java 11 and earlier (e.g., use explicit cast).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/java-reviewer.txt at line 52, Update the guidance about replacing an instanceof check followed by an explicit cast to be JDK-version conditional: recommend using pattern matching for instanceof (the "instanceof" pattern feature) only when the project targets Java 16+; for Java 11 and earlier advise keeping the existing explicit cast approach (e.g., check with instanceof then cast) and optionally suggest a TODO comment or migration note for upgrading the JDK when feasible. Ensure the text references the "instanceof" check and the explicit cast pattern so readers know which code to change and when to avoid it.
🧹 Nitpick comments (1)
.opencode/prompts/agents/loop-operator.txt (1)
26-31: Optional: Consider clarifying the relationship with Pre-Execution Validation.The Required Checks section duplicates the four checks listed in Pre-Execution Validation (lines 17-22). If this section serves as a summary or quick reference, consider adding a header note like "Summary of checks detailed above" to clarify the purpose of the duplication.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.opencode/prompts/agents/loop-operator.txt around lines 26 - 31, The "Required Checks" section duplicates the four items already listed under "Pre-Execution Validation"; update the "Required Checks" header to clarify its role by adding a short note such as "Summary of checks detailed above" or "Quick summary of Pre-Execution Validation" immediately beneath the "Required Checks" heading so readers understand this is a concise reference rather than new content (refer to the "Required Checks" and "Pre-Execution Validation" headings in the prompt file).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@AGENTS.md`:
- Line 3: Update AGENTS.md to make counts and content consistent with the
repository state: either remove the chief-of-staff agent file or fully document
it and then update the totals at the top and the summary lines (the numeric
totals currently conflicting: 27/116/59 vs 28/117/60). Specifically, if you keep
agents/chief-of-staff.md, add its entry into AGENTS.md (include its purpose:
multi-channel communication triage and drafting) and increment the
agent/skill/command counts to 28/117/60 everywhere; if you remove
chief-of-staff.md, decrement the counts to 27/116/59 and remove any references
to that agent. Ensure AGENTS.md internal summary lines and any total mentions
match the chosen state.
---
Duplicate comments:
In @.opencode/prompts/agents/java-reviewer.txt:
- Line 67: The prompt contains a duplicated context-sensitive pattern "git diff
-- '*.java'"; replace all occurrences with the PR-aware three-dot baseline form
(e.g., "git diff ... -- '*.java'") so the diagnostic diff is aligned with the PR
baseline and avoid repeating the simple "-- '*.java'" pattern; update the
instance in the text matching "git diff -- '*.java'" (the token appears at line
with that exact string) to the three-dot variant and ensure any other duplicates
use the same three-dot baseline consistently.
- Line 79: Replace the repeated context-sensitive command string "git diff --
'*.java'" with the three-dot baseline form (e.g., "git diff ... -- '*.java'")
wherever it appears in the prompt so the diagnostic diff is PR-aware and
consistent; update every instance of the literal "git diff -- '*.java'" to the
three-dot baseline variant and ensure other diff patterns in the prompt follow
this same "..." convention.
- Line 4: Replace the brittle "git diff -- '*.java'" invocation in the prompt
with a PR-aware three‑dot baseline invocation so changed Java files are reliably
listed against the target branch; specifically, update the prompt to run a
three‑dot diff against the remote main branch (e.g., origin/main...HEAD) and ask
for only file names (so it consistently surfaces modified .java files across
clean/sandboxed checkouts) while keeping the '*.java' filter.
- Line 52: Update the guidance about replacing an instanceof check followed by
an explicit cast to be JDK-version conditional: recommend using pattern matching
for instanceof (the "instanceof" pattern feature) only when the project targets
Java 16+; for Java 11 and earlier advise keeping the existing explicit cast
approach (e.g., check with instanceof then cast) and optionally suggest a TODO
comment or migration note for upgrading the JDK when feasible. Ensure the text
references the "instanceof" check and the explicit cast pattern so readers know
which code to change and when to avoid it.
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 33-39: Add an explicit security hard-stop to the "Escalation"
section: include a new condition like "security issue detected — halt loop and
delegate to security-reviewer agent" and document the required immediate actions
(stop the autonomous loop, invoke the security-reviewer agent for CRITICAL
fixes, rotate any exposed secrets, and trigger a codebase-wide security
scan/review). Update the Escalation list entry text in the loop-operator prompt
so the operator knows to immediately halt execution and call the
security-reviewer agent with severity=CRITICAL and remedial steps when a
security issue is observed.
---
Nitpick comments:
In @.opencode/prompts/agents/loop-operator.txt:
- Around line 26-31: The "Required Checks" section duplicates the four items
already listed under "Pre-Execution Validation"; update the "Required Checks"
header to clarify its role by adding a short note such as "Summary of checks
detailed above" or "Quick summary of Pre-Execution Validation" immediately
beneath the "Required Checks" heading so readers understand this is a concise
reference rather than new content (refer to the "Required Checks" and
"Pre-Execution Validation" headings in the prompt file).
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b1abbdf2-871a-4c5a-9cdb-9ebc799446c5
📒 Files selected for processing (12)
.opencode/opencode.json.opencode/prompts/agents/cpp-build-resolver.txt.opencode/prompts/agents/cpp-reviewer.txt.opencode/prompts/agents/docs-lookup.txt.opencode/prompts/agents/harness-optimizer.txt.opencode/prompts/agents/java-build-resolver.txt.opencode/prompts/agents/java-reviewer.txt.opencode/prompts/agents/kotlin-build-resolver.txt.opencode/prompts/agents/kotlin-reviewer.txt.opencode/prompts/agents/loop-operator.txt.opencode/prompts/agents/python-reviewer.txtAGENTS.md
✅ Files skipped from review due to trivial changes (8)
- .opencode/prompts/agents/cpp-build-resolver.txt
- .opencode/prompts/agents/kotlin-reviewer.txt
- .opencode/prompts/agents/harness-optimizer.txt
- .opencode/prompts/agents/docs-lookup.txt
- .opencode/prompts/agents/cpp-reviewer.txt
- .opencode/prompts/agents/python-reviewer.txt
- .opencode/prompts/agents/kotlin-build-resolver.txt
- .opencode/prompts/agents/java-build-resolver.txt
🚧 Files skipped from review as they are similar to previous changes (1)
- .opencode/opencode.json
| # Everything Claude Code (ECC) — Agent Instructions | ||
|
|
||
| This is a **production-ready AI coding plugin** providing 28 specialized agents, 119 skills, 60 commands, and automated hook workflows for software development. | ||
| This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development. |
There was a problem hiding this comment.
Fix agent/skill/command counts to match the rest of the document and repo state.
Line 3 conflicts with Lines 142–144 (27/116/59 vs 28/117/60), and the repo still contains agents/chief-of-staff.md. Please make AGENTS.md consistent in one direction (either fully remove or fully document that agent and update all totals accordingly).
Suggested doc sync patch
-This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development.
+This is a **production-ready AI coding plugin** providing 28 specialized agents, 117 skills, 60 commands, and automated hook workflows for software development.-agents/ — 28 specialized subagents
-skills/ — 117 workflow skills and domain knowledge
-commands/ — 60 slash commands
+agents/ — 28 specialized subagents
+skills/ — 117 workflow skills and domain knowledge
+commands/ — 60 slash commandsBased on learnings: "Use chief-of-staff agent for multi-channel communication triage and drafting (email, Slack, LINE, Messenger)".
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| This is a **production-ready AI coding plugin** providing 27 specialized agents, 116 skills, 59 commands, and automated hook workflows for software development. | |
| This is a **production-ready AI coding plugin** providing 28 specialized agents, 117 skills, 60 commands, and automated hook workflows for software development. |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@AGENTS.md` at line 3, Update AGENTS.md to make counts and content consistent
with the repository state: either remove the chief-of-staff agent file or fully
document it and then update the totals at the top and the summary lines (the
numeric totals currently conflicting: 27/116/59 vs 28/117/60). Specifically, if
you keep agents/chief-of-staff.md, add its entry into AGENTS.md (include its
purpose: multi-channel communication triage and drafting) and increment the
agent/skill/command counts to 28/117/60 everywhere; if you remove
chief-of-staff.md, decrement the counts to 27/116/59 and remove any references
to that agent. Ensure AGENTS.md internal summary lines and any total mentions
match the chosen state.
|
thanks for the contribution. there are merge conflicts with the latest |
…e-agents-setup # Conflicts: # AGENTS.md
|
Resolved merge conflict in AGENTS.md - updated agent/skills/command count from 27/116/59 to 28/125/60 to match origin/main. |
|
Analysis Failed
Troubleshooting
Retry: |
done |
…prompts (affaan-m#726) * feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts Summary: - Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer - Update opencode.json to register all 25 agents (previously only 14 were configured) Type: - [x] Agent Testing: - Verified JSON syntax is valid - All 25 agents now have corresponding prompt files in .opencode/prompts/agents/ - opencode.json updated with all agent configurations * fix: address PR review comments - add SOUL.md, update AGENTS.md, fix tool configs, and refine agent prompts * fix: remove chief-of-staff agent and SOUL.md per affaan-m review - Remove chief-of-staff agent from opencode.json (outside ECC scope) - Remove chief-of-staff.txt prompt file - Remove SOUL.md file - Remove chief-of-staff from AGENTS.md table and orchestration section - Update agent count from 28 to 27 --------- Co-authored-by: Nayan Jaiswal <jaiswal2062@gmail.com>
…prompts (affaan-m#726) * feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts Summary: - Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer - Update opencode.json to register all 25 agents (previously only 14 were configured) Type: - [x] Agent Testing: - Verified JSON syntax is valid - All 25 agents now have corresponding prompt files in .opencode/prompts/agents/ - opencode.json updated with all agent configurations * fix: address PR review comments - add SOUL.md, update AGENTS.md, fix tool configs, and refine agent prompts * fix: remove chief-of-staff agent and SOUL.md per affaan-m review - Remove chief-of-staff agent from opencode.json (outside ECC scope) - Remove chief-of-staff.txt prompt file - Remove SOUL.md file - Remove chief-of-staff from AGENTS.md table and orchestration section - Update agent count from 28 to 27 --------- Co-authored-by: Nayan Jaiswal <jaiswal2062@gmail.com>
Summary
Type
Testing
Checklist
Summary by CodeRabbit
New Features
Documentation