- Reduce browser execution to the bootstrap-owned CloakBrowser boundary: exact managed Playwright CLI and Chrome DevTools MCP transports, mandatory health verification before every browser action, and no fallback.
- Retain
webwright-taskonly as a compatibility route while forbidding the Webwright runtime, raw or in-app browser providers, direct package runners, alternate CDP endpoints, executables, and browser configs. - Add fail-closed policy validation and mutation tests for missing boundaries, unqualified or alternate provider paths, and browser actions without an immediately preceding health check.
- Preserve the verified OpenCode, plugin, and SDK runtime baseline at
1.17.18; this release changes adapter policy, not the upstream runtime.
- Repin every reusable
nddev-ci-workflowscaller to the signed0.5.1release and add an exact pin regression test. - Refresh the local Sequential Thinking MCP runtime from
2025.12.18to2026.7.4after package-level and real MCP transport compatibility checks; keep Context7 on OpenCode's official remote endpoint and preserve the exact bootstrap-owned CloakBrowser transport. - Preserve the
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdkruntime baseline at1.17.18.
- Route OpenCode Chrome DevTools MCP through the exact managed, health-gated
CloakBrowser wrapper instead of direct
bunxexecution. - Adopt the published
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.17.18baseline with its matching vendored schema.
- Clean release: adopt nddev-ci-workflows 0.3.0 reusable CI and sole-authorship commit policy Preserve documented
opencode-ai1.17.14,@opencode-ai/plugin1.17.14, and@opencode-ai/sdk1.17.14baseline evidence.
- CloakBrowser default privacy-first browser backend across all adapters (ADR 0003). Preserve documented
opencode-ai1.17.14,@opencode-ai/plugin1.17.14, and@opencode-ai/sdk1.17.14baseline evidence.
- CloakBrowser default privacy-first browser backend across all adapters (ADR 0003). Preserve documented
opencode-ai1.17.14,@opencode-ai/plugin1.17.14, and@opencode-ai/sdk1.17.14baseline evidence.
- CloakBrowser default privacy-first browser backend across all adapters (ADR 0003). Preserve documented
opencode-ai1.17.14,@opencode-ai/plugin1.17.14, and@opencode-ai/sdk1.17.14baseline evidence.
- Restore the consistent
@opencode-ai/plugin1.17.14pin pair in.opencode/package.json+.opencode/bun.lock. The1.7.17tag shipped an inconsistent pair (package.json pinned plugin1.17.13while bun.lock resolved1.17.14), the release verify job failed onbun install --frozen-lockfile, and no GitHub Release exists for1.7.17;1.7.18supersedes it through the canonical tag-driven workflow.
- Switch the top-level
modelandsmall_modeldefaults fromopencode-go/glm-5.1tomoonshotai/kimi-k2.7-code(owner directive: Kimi K2.7 Code everywhere; GLM retired). The runtime smoke gate now asserts the new model resolves throughopencode debug config, and active docs/agents/reviewer-protocol reference the new default. - Adopt the
opencode-ai/@opencode-ai/plugin/@opencode-ai/sdk1.17.14baseline (npm latest, released 2026-07-06): vendored config schemav1.17.14is byte-identical tov1.17.7/v1.17.13(SHA-25657c02429); surface adoption gains a1.17.14code-mode MCP adapter row (Future) and the MCP reliability row covers the 1.17.14 paginated-catalog metadata fix. - Re-vendor
references/models.dev-model-schema.json(5346 model IDs, fetched 2026-07-07) so the vendored catalog provesmoonshotai/kimi-k2.7-codeagainst the live models.dev schema channel.
- OpenCode adapter: default model to moonshotai/kimi-k2.7-code (GLM retired) and 1.17.14 runtime baseline adoption.
- Adopt nddev-ci-workflows 0.2.3 and fix reusable CI edge cases. Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- Migrate CI workflows to nddev-ci-workflows reusable contracts. Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- Migrate CI workflows to nddev-ci-workflows reusable contracts. Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- CI/CD audit remediation: real actionlint run (antigravity), gitleaks history scan replacing regex (mimocode), digest-pinned gitleaks image (new-mac), CodeQL python+actions matrix with weekly schedule and security-and-quality queries (antigravity/mimocode), job-scoped release permissions, pinned pytest, harden-runner egress audit + persist-credentials on security jobs, strict instruction-docs validation and corrected script path globs (opencode), and stronger branch-protection required checks (new-mac). Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- Refresh GitHub Actions and CodeQL pins across the public module CI surface. Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- Refresh runtime and dependency baselines. Preserve documented
opencode-ai1.17.13,@opencode-ai/plugin1.17.13, and@opencode-ai/sdk1.17.13baseline evidence.
- Refresh Claude Code 2.1.199, OpenCode 1.17.13, and Playwright CLI 0.1.15 baselines.
- Refresh OpenCode runtime, plugin, SDK, and schema baseline evidence to
1.17.13.
- Harden Ruff and Pyright baseline across adapter configs while preserving documented
opencode-ai1.17.11,@opencode-ai/plugin1.17.11, and@opencode-ai/sdk1.17.11baseline evidence.
- Document that the shadcn MCP runtime refresh preserves
opencode-ai1.17.11,@opencode-ai/plugin1.17.11, and@opencode-ai/sdk1.17.11runtime baseline evidence.
- Refresh shadcn MCP runtime pin to the latest published 4.12.0 release.
- Sync Serena release memories after runtime and MCP refresh. Preserve documented
opencode-ai1.17.11,@opencode-ai/plugin1.17.11, and@opencode-ai/sdk1.17.11baseline evidence.
- Refresh CLI runtime and MCP pins to latest stable versions. Preserve documented
opencode-ai1.17.11,@opencode-ai/plugin1.17.11, and@opencode-ai/sdk1.17.11baseline evidence.
- Align README memory heading with the shared tracked-context adapter template. Runtime baseline remains OpenCode/plugin/SDK
1.17.9.
- Document that the generated cmux projection patch preserves
opencode-ai1.17.9,@opencode-ai/plugin1.17.9, and@opencode-ai/sdk1.17.9runtime baseline evidence.
- Sync generated cmux worker/orchestrator skill projections with the tracked-context branch model.
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Refresh OpenCode Serena release memory. Preserve documented
opencode-ai1.17.11,@opencode-ai/plugin1.17.11, and@opencode-ai/sdk1.17.11baseline evidence.
- Retire the
fullrepooverlay model. Durable AI context (AGENTS.md,.opencode/,.serena/project.yml, and.serena/memories/) is now tracked onmain; runtime-local Serena state remains ignored. - Remove fullrepo restore/publish scripts, CI bootstrap steps, branch-protection metadata, flow policy keys, and post-task blockers.
- Replace the OpenCode diagnostic custom tool with
rldyour_context_status, which reports tracked-context/git/Serena state without relying on a secondary branch. - Preserve documented
opencode-ai1.17.9,@opencode-ai/plugin1.17.9, and@opencode-ai/sdk1.17.9runtime baseline evidence; runtime upgrades are intentionally separate from this architecture migration.
- Refresh CLI runtime baselines to latest (Claude Code 2.1.190, Codex 0.142.0, OpenCode 1.17.9, Antigravity CLI 1.0.11, MiMoCode 0.1.3); resolve adapter instruction-doc and surface-adoption drift.
- Refresh OpenCode runtime baseline to
1.17.9(npm latest; runtime fixes). Pinopencode-ai,@opencode-ai/plugin, and@opencode-ai/sdkto1.17.9; vendorreferences/opencode-config.schema.v1.17.9.jsonfrom the livehttps://opencode.ai/config.jsonchannel (byte-identical to the priorv1.17.7snapshot, verified by SHA-25657c02429).
- cmux protocol v3 projections and latest MCP runtime pins (chrome-devtools-mcp 1.4.0, context7 3.2.2) Preserve documented
opencode-ai1.17.7,@opencode-ai/plugin1.17.7, and@opencode-ai/sdk1.17.7baseline evidence.
- patch: advance past system-instruction tracking (.gemini/, AGENTS.md) and empty-tree fullrepo fix Preserve documented
opencode-ai1.17.7,@opencode-ai/plugin1.17.7, and@opencode-ai/sdk1.17.7baseline evidence.
- Align SECURITY.md line label, adapter README baseline, and tracked uv.lock self-version to the 1.5.x line for the public governance gate. Preserve documented
opencode-ai1.17.7,@opencode-ai/plugin1.17.7, and@opencode-ai/sdk1.17.7baseline evidence.
- Owner-directed unified 1.5.0 release: perfect-sync quality wave (README baseline, ASCII hygiene, agy binary canonicalization, validator coverage). Preserve documented
opencode-ai1.17.7,@opencode-ai/plugin1.17.7, and@opencode-ai/sdk1.17.7baseline evidence. - Refresh OpenCode runtime baseline to 1.17.7 (npm latest; runtime/MCP reliability fixes; config schema and canonical permission key set byte-identical to 1.17.6, verified by schema diff)
- Five-adapter wave (codex/opencode/gemini/mimocode): owner autonomous standard (Gemini auto_edit+launcher YOLO, MiMoCode allow-all), ry-repair canonical flags, five-adapter contract matrix, SECURITY parity, MiMoCode runtime proof, unified ASCII public README template; root cmux worker-only, coverage policies, launchers gm/mm, enforcement validators. Preserve documented
opencode-ai1.17.6,@opencode-ai/plugin1.17.6, and@opencode-ai/sdk1.17.6baseline evidence.
- Refresh OpenCode runtime baseline to 1.17.6 (npm latest; MCP-session and TUI reliability fixes, no schema or permission changes)
- State the current 1.3.x support line explicitly in public security policy. Preserve documented
opencode-ai1.17.4,@opencode-ai/plugin1.17.4, and@opencode-ai/sdk1.17.4baseline evidence.
- Stabilize the public 1.3 line with release CI, MCP freshness, and synchronized four-adapter evidence. Preserve documented
opencode-ai1.17.4,@opencode-ai/plugin1.17.4, and@opencode-ai/sdk1.17.4baseline evidence.
- Align the public adapter with the coordinated four-configuration 1.3.0 stable contract. Preserve documented
opencode-ai1.17.4,@opencode-ai/plugin1.17.4, and@opencode-ai/sdk1.17.4baseline evidence.
- Refresh runtime baselines to OpenCode
1.17.4,@opencode-ai/plugin1.17.4, and@opencode-ai/sdk1.17.4; vendor the matching config schema snapshot.
- Tighten system install convergence and Gemini native settings validation. Preserve documented
opencode-ai1.17.3,@opencode-ai/plugin1.17.3, and@opencode-ai/sdk1.17.3baseline evidence.
- Prepare four-adapter Gemini integration release. Preserve documented
opencode-ai1.17.3,@opencode-ai/plugin1.17.3, and@opencode-ai/sdk1.17.3baseline evidence.
- Repair public provider docs and validation determinism. Preserve documented
opencode-ai1.17.3,@opencode-ai/plugin1.17.3, and@opencode-ai/sdk1.17.3baseline evidence.
- Refresh release-readiness baselines and validation boundaries. Preserve documented
opencode-ai1.17.3,@opencode-ai/plugin1.17.3, and@opencode-ai/sdk1.17.3baseline evidence.
- Unify skill descriptions to the canonical russian-first shape with routing-term coverage, align runtime-marker sets and review gating wording across adapters, and repair the OpenCode ry-repair inventory step. Preserve documented
opencode-ai1.17.1,@opencode-ai/plugin1.17.1, and@opencode-ai/sdk1.17.1baseline evidence.
- Define the ry-repair consumer system-sync mode for configuration repositories: update the checkout from GitHub and converge the installed system without authoring repository changes. Preserve documented
opencode-ai1.17.1,@opencode-ai/plugin1.17.1, and@opencode-ai/sdk1.17.1baseline evidence.
- Refresh the runtime baselines to Claude Code 2.1.170, Codex CLI 0.139.0, and OpenCode 1.17.1 with verified changelog surface decisions and the v1.17.1 vendored OpenCode config schema.
- Refresh the OpenCode runtime baseline to
opencode-ai1.17.1with@opencode-ai/plugin1.17.1and@opencode-ai/sdk1.17.1; vendor the v1.17.1 config schema and record the 1.17.x surface decisions (referencesconfig key, MCP reliability fixes, TUI footer status unchanged).
- Add the macOS-only rldyour-orchestrator surface: dedicated cmux orchestrator/worker skills with declarative orchestrator activation via ry-init, OS-gated installs, and removal of the orchestrator env switch. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Add the cmux delegation and completion-signal contract to the cmux orchestrator and worker skills, verified against manaflow-ai/cmux v0.64.14. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Align the mcp-profiles updated date with the release changelog date. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Add the owner status line: Claude Code statusLine installer stage, Codex managed [tui].status_line, and the OpenCode status-line non-availability adoption decision. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Correct OpenCode README inventory counts (38 skills, 11 slash commands, 11 MCP), refresh v1.16.2 permission-key wording, add CI badges and Support section, normalize Code of Conduct to US English.
- Harden Serena memory sync target selection for nested repositories. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Resolve GitHub alert and CI drift. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Refresh Chrome DevTools MCP baseline to 1.2.0. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Replace retired-tool negative gates with approved active inventory validation and tighten browser provider evidence routing. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Synchronize documentation and memory facts with current browser provider policy. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Tighten browser provider and visual QA contracts. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Re-architect browser providers around Webwright, Playwright CLI, and Chrome DevTools MCP. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Bound validation subprocesses and clarify release gates. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Fix OpenCode schema validation workflow label. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Fix release metadata date parity. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Fix CI static analysis gates. Preserve documented
opencode-ai1.16.2,@opencode-ai/plugin1.16.2, and@opencode-ai/sdk1.16.2baseline evidence.
- Repair OpenCode cmux skill routing metadata and contract inventory tests for the new orchestrator/worker skill surfaces.
- Preserve the OpenCode CLI,
@opencode-ai/plugin, and@opencode-ai/sdkruntime baseline at1.16.2.
- Add macOS cmux orchestrator/worker Flow policy, OpenCode-native cmux skills, and project-policy execution/cmux schema support.
- Keep the OpenCode CLI,
@opencode-ai/plugin, and@opencode-ai/sdkruntime baseline at1.16.2while adding orchestrator-mode policy surfaces.
- Preserve standard post-task sync blockers while restricting worker agents to scoped reports in orchestrator mode.
- Add schema-backed project Flow policy so Flow state, fullrepo sync, branch cleanup, and OpenCode skill guidance honor repository-specific workflow constraints while preserving the current OpenCode
1.16.2runtime/plugin/SDK baseline.
- Refresh Claude Code 2.1.167 and OpenCode 1.16.2 runtime baselines.
- Align OpenCode MCP profile metadata with the current release date. Preserve documented
opencode-ai1.16.0,@opencode-ai/plugin1.16.0, and@opencode-ai/sdk1.16.0baseline evidence.
- Adopt OpenCode,
@opencode-ai/plugin,@opencode-ai/sdk, and vendored config schema1.16.0. - Document OpenCode 1.16.0 managed workspace, session move, Bedrock/OpenAI, file-based discovery,
run --replay, and runtime reliability surfaces.
- Update baseline/schema validators and generated indexes for the
1.16.0runtime tuple.
- Sync upstream runtime baselines and remove active Semgrep usage. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Refresh MCP runtime pins for Context7 and shadcn current upstream releases. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Sync OpenCode reference metadata release dates. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Harden ry-repair system sync and retired Semgrep server migration. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Remove the retired Semgrep MCP server from active adapter runtime, agent, and generated tool surfaces. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Refresh public security and Scorecard documentation after release audit. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Refresh OpenCode reference metadata release date. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Route Scorecard to JSON artifacts instead of code scanning alerts. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Refresh shared MCP runtime pins to current validated upstream versions. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Correct public-free GitHub Actions runner coverage and CI policy. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Fix branch-protection context test fixture for the prior Ubuntu-hosted policy. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Align public adapter CI with the then-current standard-runner cost guardrail. Preserve documented
opencode-ai1.15.13,@opencode-ai/plugin1.15.13, and@opencode-ai/sdk1.15.13baseline evidence.
- Adopt OpenCode 1.15.13 runtime/plugin/sdk baseline.
- Harden public release supply-chain CI. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Validate OpenCode Semgrep network probes. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Align public free CI capability coverage. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Keep OpenCode workflow-injection tests dynamic after adding the public Scorecard workflow. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Harden public free CI policy with Scorecard and bounded artifact retention. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Harden Russian-first routing metadata across Claude, Codex, and OpenCode. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Fix OpenCode runtime workflow env-key duplication for GitHub Actions parser compatibility. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Align standalone owner full-auto permissions with the no-prompt
oclauncher posture and makery-startreviewer fanout explicit-opt-in. Preserve documentedopencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Harden Claude and OpenCode release gates. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Prevent OpenCode runtime probes from writing npm lockfiles. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence.
- Align OpenCode reference metadata dates for release gates. Preserve documented
opencode-ai1.15.12,@opencode-ai/plugin1.15.12, and@opencode-ai/sdk1.15.12baseline evidence. - Preserve documented
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.12baseline evidence after reference metadata date sync.
- Align OpenCode reference metadata dates for release gates.
- Align OpenCode reference metadata dates with the current release date.
- Document OpenCode 1.15.12 baseline for release CI.
- Document the current
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.12runtime/package baseline in the next release block so release CI has no doc-drift warning.
- Add a release-safe OpenCode permission profile alongside the owner-YOLO default.
- Synchronize OpenCode reference metadata and remove stale active Unreleased wording.
- Preserve the current
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.12runtime/package baseline while advancing adapter product metadata.
- Document the current
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.12runtime/package baseline in the latest release block so baseline-consistency CI has no doc-drift warning.
- Localize Codex OpenAI skill metadata and remove stale OpenCode inventory wording.
- Keep OpenCode 1.15.12 baseline documented while removing stale model wording.
- Remove stale Opus 4.7 model wording from OpenCode surface matrix.
- Adopt OpenCode 1.15.12 runtime baseline.
- Standardize release automation and repository descriptions while preserving @opencode-ai/plugin 1.15.11 baseline.
- Standardize release automation and repository descriptions.
- Synchronize internal plugin and index versions with the adapter release.
- OpenCode runtime baseline remains
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.11; this release only aligns adapter product/index coordinates.
- OpenCode runtime baseline remains
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.11; the vendored schema and CI install target stay aligned with that release. - Shared MCP runtime pins now track
semgrep==1.164.0and[email protected].
- OpenCode runtime baseline now tracks
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.11, matching the current upstream stable release and CI runtime install target. - Shared MCP runtime pins now match current upstream stable packages:
serena-agent==1.5.3,[email protected], and[email protected]. - Vendored OpenCode config schema now matches the
1.15.11runtime baseline. scripts/validate_config.shnow exposes explicitauto,static,installed, andlivelanes for deterministic source-only, installed CLI, and network freshness checks.- MCP profile validation now requires skill-specific justifications for high-context servers such as GitHub.
- Primary release tags are now numeric-only (
X.Y.Z) and must match rootVERSION; legacyvX.Y.Ztag names are historical only. - Runtime baseline remains
opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.7. ry-startnow routes explicit deploy/server rollout intent into/ry-deployafter implementation validation and sync.ry-reviewnow defines time-window, PR, issue, branch, and last-deploy target parsing before reviewer dispatch.ry-newpnow explicitly seedsCONTEXT-01-CORE.mdandFUTURE-01-VISION.mdafter approved scaffold commits.
- OpenCode runtime baseline updated to the current npm
latestline:opencode-ai,@opencode-ai/plugin, and@opencode-ai/sdk1.15.7. The adapter keeps the same owner-full-auto permission posture and runtime-proventool.execute.beforeenforcement boundary.
- MCP runtime pins are refreshed to the current stable set used by the
cross-adapter control plane:
serena-agent==1.5.1,[email protected], and[email protected]. - The remote GitHub MCP definition now sends
X-MCP-Toolsets: context,repos,issues,pull_requests,users, matching the Claude/Codex GitHub MCP allowlist while preserving the OpenCode-native remote transport. - OpenCode runtime baseline remains
opencode-ai/@opencode-ai/plugin/@opencode-ai/sdk1.15.6.
scripts/fullrepo_sync.shnow resolves.git/info/excludewithgit rev-parse --git-path info/exclude, soinstall-exclude,bootstrap-init, andpublishwork from Git submodule checkouts where.gitis a gitfile.test_install_exclude_uses_git_path_for_gitfile_checkoutcovers the control-plane monorepo case. Runtime baseline remainsopencode-ai/@opencode-ai/plugin/@opencode-ai/sdk1.15.6.
- Plugin hook contract validator.
scripts/check_plugin_hooks.pynow classifies OpenCode plugin hooks and fails CI if a plugin relies on typed-but-untriggeredpermission.askor uses event-type strings as top-level hook keys. - Machine-readable rldyour adapter contract.
references/rldyour-contract.json,scripts/validate_contract.py, anddocs/contract-matrix.mddefine canonical domains, skills, commands, agents, adapter-only surfaces, and lifecycle hooks for the OpenCode adapter. - ADR-010 owner full-auto standard. The repository now records the owner's policy that YOLO/full-auto/dangerously-skip-permissions mode is the standard primary OpenCode posture.
- Repository release advanced to
0.13.2. Local release evidence on 2026-05-21:bash scripts/validate_config.sh, contract/schema/profile/index checks, static MCP capability smoke,python3 -m pytest -q scripts/tests(525 passed + 1 skipped), and.opencodeTypeScriptnoEmitall passed. - OpenCode runtime baseline updated to 1.15.6.
.opencode/package.json,.opencode/bun.lock,references/opencode-baseline.json, and the runtime workflow now align onopencode-ai/@opencode-ai/plugin/@opencode-ai/sdk1.15.6, the 2026-05-20 patch baseline. - Permission enforcement moved fully to runtime-proven hooks.
ry-permission-policy.tswas replaced by observability-onlyry-permission-events.ts; dynamic denial remains inry-shell-strategy.tsviatool.execute.before. - Published OpenCode permissions now use owner-standard full-auto primary
defaults.
opencode.jsonallowseditandbashfor the top-level,build, andplanprimary contexts while keeping dynamic dangerous-shell guardrails intool.execute.before. - Manual sync is a canonical flow.
flow.sync.manualnow maps to/ry-syncin the main command contract rather than being marked OpenCode-only. - CodeQL now uploads to GitHub code scanning. The public repo CodeQL
workflow uses
security-events: write, no longer setsupload: never, and uses an OS+language category for matrix uploads; SARIF artifacts remain available for offline audit. - Runtime validation fails closed when the CLI is required.
.github/workflows/opencode-runtime.ymlrunsvalidate_config.shwithRY_REQUIRE_OPENCODE_CLI=1. - Default shell is portable Bash.
opencode.json.shellnow uses/bin/bash, and_validate_helpers.pyvalidates absolute/relative shell executables. - Local plugin package metadata is explicit.
.opencode/package.jsonnow declares AGPL-3.0-or-later licensing and canonical authorship for Danil Silantyev (github:rldyourmnd), CEO NDDev. The baseline validator fails if this package metadata drifts. - Generated fullrepo commits use owner identity by default.
scripts/fullrepo_sync.shnow falls back to Danil Silantyev ([email protected]) for author and committer identity instead of a repository-local placeholder.
Patch release synchronizing the public documentation baseline after the release validator gained one regression test.
- Documentation test-count drift.
README.md,AGENTS.md, and.claude/CLAUDE.mdnow cite the current release suite baseline:506 passed + 1 skippedacross 24 pytest suites. Runtime/plugin baseline remainsopencode-ai/@opencode-ai/plugin/ SDK1.15.4.
Minor release establishing the production policy for public-repository CI/CD automation.
- Public repository CI/CD policy. OpenCode now loads
references/public-repo-ci-policy.mdthroughopencode.json.instructions, making public repositories automatic-CI/CD by default while preservingshare: "manual"for session sharing only./ry-start,/ry-sync, and/ry-deploynow document the public-repo exception for running existing workflow surfaces. - Policy regression tests.
test_public_repo_ci_policy.pylocks the OpenCode instruction wiring, theshare/CI distinction, command-template references, and the invariant that public-repo workflows are not manual-only by default.
- Flow commands now verify public-repo CI/CD by default.
/ry-start,/ry-sync, and/ry-deploynow treat existing GitHub Actions workflows as the default remote verification surface for verified public repositories, while workflow edits, branch protection, environments, secrets, variables, tags, and release governance remain explicit owner-controlled mutations. Runtime/plugin baseline remainsopencode-ai/@opencode-ai/plugin/ SDK1.15.4.
- Baseline checker skips the Unreleased placeholder.
scripts/check_baseline_consistency.pynow anchors the soft plugin-version check to the latest concrete SemVer release block instead of the[Unreleased]placeholder, keeping release validation warning-free while the changelog remains ready for the next development cycle.
Patch release tightening public fullrepo hygiene before final open-source
publication.
- Claude scheduler lock excluded from fullrepo.
scripts/fullrepo_sync.shnow strips.claude/scheduled_tasks.lockbefore publishingfullrepo, andtest_fullrepo_sync.pyasserts both the runtime-exclude list and the generated branch tree. This prevents transient session IDs and process IDs from entering the public portable snapshot. Runtime/plugin baseline remainsopencode-ai/@opencode-ai/plugin/ SDK1.15.4.
Patch release removing the deprecated CycloneDX JavaScript Action from release and standalone SBOM workflows.
- Release/SBOM warning-free generation.
release.ymlandsbom.ymlnow generatesbom.jsonwithnpm sbom --sbom-format cyclonedxfrom the.opencodepackage afterbun install --frozen-lockfile. This removes theCycloneDX/[email protected]Action entirely, eliminating the GitHub Actions Node 20 deprecation annotation instead of only forcing the old action onto Node 24. Runtime/plugin baseline remainsopencode-ai/@opencode-ai/plugin/ SDK1.15.4. - CodeQL warning-free API access.
codeql.ymlnow grantssecurity-events: readalongsideactions: read, which lets the pinned CodeQL Action query its own read-only API metadata without enabling code scanning upload. SARIF still stays as workflow artifacts viaupload: never.
Patch release that opted release and SBOM generation into GitHub's Node 24
JavaScript action runtime. This was superseded by 0.12.10, which removed the
deprecated CycloneDX Action entirely.
- Release/SBOM Node 24 readiness.
release.ymlandsbom.ymlopted the pinnedCycloneDX/[email protected]step into GitHub's Node 24 action runtime viaFORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true. Upstream has no newer tag beyondv1.0.3; GitHub still emitted a deprecation annotation that was fully resolved in0.12.10. Runtime/plugin baseline remainedopencode-ai/@opencode-ai/plugin/ SDK1.15.4.
Public release finalization for full Linux/macOS parity and release hygiene.
- Cross-platform release verification.
release.ymlnow runs validation, plugin type-check, and pytest on bothubuntu-latestandmacos-latest, with release publication kept toubuntu-latestonly. - OS-aware static-analysis artifacts.
codeql.ymlnow exports one SARIF artifact name per OS/language pair to avoid collisions and preserve independent platform traces. - Release artifact naming stability.
release.ymlSBOM artifacts now include matrix OS in filenames for deterministic artifact retention. - Runtime/toolchain baseline synchronized. OpenCode runtime and plugin baselines
remain aligned with release metadata (
opencode-ai,@opencode-ai/pluginand SDK pinned to1.15.4, Bun1.3.14, and Python test stack pins).
- Context-surface documentation aligned to actual CI matrices.
docs/github/branch-protection.mdandscripts/tests/test_print_required_check_contexts.pywere updated to reflect the expanded CodeQL matrix context names and namespacing.
- Final release bookkeeping sync.
VERSIONand changelog top-state are aligned for the next public publish step.
Linux/macOS CI parity release for release-hardening and deterministic cross-platform validation before publish.
-
OpenCode baseline pinned for public release. Baseline coordinates were aligned to
opencode-ai1.15.4with matching runtime pins and pinned dependency versions documented in the 2026-05-18 release block. -
CodeQL matrix expanded to macOS.
.github/workflows/codeql.ymlnow runsjavascript-typescriptandpythonanalyses onubuntu-latestandmacos-latestso platform-specific static analysis regressions are caught before publish. -
Cross-platform release verification execution.
.github/workflows/release.ymlnow executes the full validation/typecheck/test stack on bothubuntu-latestandmacos-latest, while release artifact creation remains constrained toubuntu-latest.
- Release CI determinism on OS matrix.
release.ymlSBOM artifact names now include OS in matrix builds, and the job runs on a matrix with pinnedpythonsetup (3.13) for consistent release resolver state. - CodeQL artifact determinism on OS matrix.
codeql.ymlSARIF artifact names now include OS to avoid cross-job upload collisions.
- Docs and validation counts refreshed.
README.mdandCONTRIBUTING.mdnow reflect the current test result baseline (500 passed + 1 skipped in 23 suites) and avoid stale corpus metrics.
Open-source finalization and macOS parity release for public consumption. This release completes the final public hardening pass: CI/CD gates are now aligned for Linux/macOS where safe, secret scanning is portable across both runners, and release/documentation artifacts are synchronized with the current repository state.
- Linux/macOS parity for instruction and shell-contract checks.
.github/workflows/validate.ymlnow runsshell-strict-modeon bothubuntu-latestandmacos-latestso shell shebang/strict-mode checks are executed uniformly across owner-supported platforms. - Cross-platform
dependency-reviewexecution..github/workflows/dependency-review.ymlnow runs on bothubuntu-latestandmacos-latest, preserving the samedependency-reviewcontract on both OS families. - Cross-platform
instruction-docs-checkexecution..github/workflows/instruction-docs-check.ymlnow runs on bothubuntu-latestandmacos-latest, avoiding Linux-only blind spots for instruction-doc linting and merge-gate parity. - Runtime/toolchain pin snapshot preserved.
This release keeps pinned runtime values aligned with baseline:
opencode-ai1.15.4,@opencode-ai/plugin1.15.4, Bun 1.3.14.
- Secret scan hardened for macOS and ARM64 Linux runners.
.github/workflows/secret-scan.ymlnow fans out across Linux/macOS and selects Gitleaks artifacts by runner OS/architecture, with explicit SHA checks for each supported platform variant. - Documentation truth refreshed to current runtime state.
README.md,CONTRIBUTING.md, andSECURITY.mdnow reflect current test counts and supported-version posture for this public release track.
- Release-track hygiene for public publication.
VERSIONandCHANGELOG.mdare now updated for a consistent final public cut that explicitly carries maintainer identity:Danil Silantyev (github:rldyourmnd), CEO NDDev.
Open-source hardening and release-readiness release. This wave moves the repository to AGPL-3.0-or-later licensing, marks explicit authorship, and normalizes CI/CD behavior for public Linux/macOS operation before preparing the public upstream publication and release.
- Project license changed to AGPL-3.0-or-later.
LICENSEnow contains the full GNU Affero General Public License, version 3.0, and includes project attribution forDanil Silantyev (github:rldyourmnd), CEO NDDev. - Runtime and baseline versions aligned.
@opencode-ai/pluginis pinned to1.15.4in.opencode/package.jsonand.opencode/bun.lock, matchingreferences/opencode-baseline.jsonandopencode-runtime.ymlchecks. - Public-facing repository metadata aligned to the canonical org/owner.
README.md,CONTRIBUTING.md,SECURITY.md, anddocs/observability.mdnow use theNDDev-it-com/rldyour-opencodepublish target plus maintainer identity.
- CI/CD Linux/macOS parity improved.
.github/workflows/dependency-check.ymlnow runs onubuntu-latestandmacos-latestvia matrix. - Dependency Review behavior normalized for public repos.
.github/workflows/dependency-review.ymlno longer short-circuits for private-repository execution mode and always runs the dependency-review action on PR paths where it is present in the workflow trigger. - Version bump for release track.
VERSIONadvanced to0.12.5.
- Documentation consistency for maintainer identity and licensing contract.
README,CONTRIBUTING,.claude/CLAUDE.md,SECURITY, anddocs/observabilityno longer carry stale identity and ownership references before the public release cut.
Reviewer-wave hardening release. The 2026-05-18 /ry-start wave ran a
six-track reviewer audit (architecture, quality, consistency, integration,
verification, security) plus a parallel research track that cross-checked
every pinned dependency against upstream latest. The wave found zero
critical and six high-severity items; this release closes all six plus
the high-impact medium and low items in a single batch.
Plugin SDK pin stays at @opencode-ai/[email protected] (no upstream
changes since v0.12.2). All MCP dependencies and CI tooling remain at
current registry latest per research track verification.
ry-flow-hooks.ts::CC_REGEXnever matched a real Conventional Commit.git commitstdout begins with[<branch> <sha>] <subject>on its summary line, so the legacy^(type):anchor with multiline flag returned false for every real commit, triggering false "not in Conventional Commits format" toasts on every successful commit. Anchor moved to\]\s*(type)so the matcher fires after the[branch sha]prefix. Closes 2026-05-18 reviewer wave quality F-1.- Catastrophic-rm guards missed
rm -rf ..andrm -rf ../. A symmetric gap in bothry-shell-strategy.ts(Layer 1 throw) andry-permission-policy.ts(Layer 2 deny) — an LLM emittingrm -rf ..from a project subdirectory would have erased the entire project tree without triggering either guard. Added parent-directory traversal pattern next to the existing four targets (/, $HOME, ~, .). Closes 2026-05-18 reviewer wave security F-1. ry-system-context.tsinjected unsanitized git branch into every system prompt. Indirect prompt injection vector: an attacker with commit/branch access could name a branchmain\n## OVERRIDE: ignore previous instructions...and influence LLM behavior every turn. BothbranchandheadShortnow flow throughsanitizeRuntimeStamp(allowlist[A-Za-z0-9._/-], 200 char cap) before reaching the system prompt template. Closes 2026-05-18 reviewer wave security F-4.ry-env-protection.ts::notifyBlockcalledshowToastbeforeapp.log— the defense-in-depth tripod's audit-trail invariant (ry-shell-strategy.ts+ry-permission-policy.tsare log-first) was broken in the third plugin. Swapped order so the log entry survives even if the toast subsystem throws. Closes 2026-05-18 reviewer wave consistency F-1.shortForceregex missed combined short flags like-fv(force+verbose),-fq,-fn,-vf. Both guard plugins broadened the pattern to(?:^|\s)-[A-Za-z]*f[A-Za-z]*(?:\s|$)/i. Closes 2026-05-18 reviewer wave security F-2..envrc(direnv) and.netrcslipped through BLOCKED_PATTERNS. Both commonly hold export secrets and were not matched by/\.env$/or/\.env\./. Added path-component-bounded patterns for both. Closes 2026-05-18 reviewer wave security F-5.release.ymlinterpolated${{ inputs.tag }}directly insiderun:shell blocks — classic GitHub Actions script injection. Map throughenv: INPUT_TAG:before referencing in the shell, per the GitHub hardening guide. Closes 2026-05-18 reviewer wave security F-3.ry-system-context.tsaudit log usedMath.random() < 0.05sampler despite the comment promising "log once per session start" — first-turn ground truth was dropped 95% of the time. Replaced with a deterministicsessionStartLoggedboolean. Closes 2026-05-18 reviewer wave quality F-10 / S-13.design-validationskill declaredrequires_mcp: [playwright, chrome-devtools]from the design domain, violating AGENTS.md L48 "Only Browser domain may invoke Playwright/Chrome DevTools MCP tools". Moved todomain: browser.ry-designretains the same declaration through an explicit composite-workflow exception analogous to thery-tools.tsmulti-domain plugin exception (now documented in AGENTS.md § Domain Boundaries). Closes 2026-05-18 reviewer wave architecture F-1 + arch F-4.scripts/fullrepo_sync.sh::cmd_restorehad no EXIT trap. A failure betweenmktemp -dand the explicitgit worktree removewould orphan the tmp dir plus its worktree registration. Mirrored the cmd_publish trap pattern with a new_restore_cleanuphelper. Closes 2026-05-18 reviewer wave quality F-5 / S-2.- Three index generators emitted integer
"version": 1whilereferences/mcp-profiles.jsonwas bumped to string"1.0.0"in 0.12.3. The drift was the last surface that broke shape parity. Bumpedgenerate_skills_index.py,generate_commands_index.py,generate_plugins_index.py, and sixtest_mcp_profiles.pyfixture dicts to string"1.0.0". Closes 2026-05-18 reviewer wave consistency F-2 / S-3 + F-3 / S-4. check_baseline_consistency.pyOK summary omittedruffandreferencingfrom the printed pin list, misleading operators reading the success line for freshness state. Extended the print with both fields and ann/asentinel. Closes 2026-05-18 reviewer wave integration F-8 / S-8.- Stale counts across instruction docs (
README.md,CONTRIBUTING.md, plus agent-onlyAGENTS.md/.claude/CLAUDE.mdvia the fullrepo overlay) cited the 0.12.2 figures447 cases / 20 suites(or412/18,383/14further back).CONTRIBUTING.mdL47 pytest invocation also lacked--with jsonschema=4.26.0 --with referencing=0.36.2flags, so contributors running the documented command got an ImportError. Refreshed every count to the new473 cases + 1 skipped / 22 suites / 28 scripts / 9 ADRsbaseline and the full--withchain. Closes 2026-05-18 reviewer wave quality F-3 + integration F-1..F-7. references/opencode-plugin-patterns.mdcarried stale descriptions for--no-verify(product-branches-only since 0.12.0 widening),rmcatastrophic targets (omitted the parent-dir pattern added by this wave), andry-system-context("cached at factory init" since 0.12.3 TTL cache). Refreshed all three. Closes 2026-05-18 reviewer wave architecture F-3 + spillover from security F-1, F-2, F-4 (doc-only follow-on).generate_plugins_index.pycurated description forry-system-contextwas stale afteread9a30introduced per- directory TTL cache; the generated.opencode/plugins/index.jsoncarried the same text. Refreshed and regenerated. Closes 2026-05-18 reviewer wave architecture F-2.
scripts/check_workflow_injection.py— static gate against${{ inputs.* }}and${{ github.event.* }}substitution inside any GitHub Actionsrun:block. Operational-error exit 2 for missing PyYAML or missing workflows dir; finding exit 1; clean exit 0. Wired intoscripts/validate_config.shafter the MCP profile gate. Companion test suitescripts/tests/test_check_workflow_injection.py(10 cases) exercises real workflows clean, three dirty fixtures (inputs in run, github.event in run, whitespace variants via parametrize), three clean fixtures (env-mapped,if:expression, no workflows), and the malformed-YAML graceful path.- Six new plugin-surface regression locks in
scripts/tests/test_plugin_surface.py:test_cc_regex_anchored_after_branch_sha_prefix,test_catastrophic_rm_blocks_parent_dir_traversal,test_ry_system_context_sanitizes_branch_before_prompt_injection,test_ry_system_context_logs_session_start_deterministically,test_env_protection_notify_block_logs_before_toast,test_short_force_regex_catches_combined_flags,test_env_protection_blocks_envrc_and_netrc,test_before_hooks_read_command_from_output_args(the last one closes the symmetric gap on the existing P0-1 input.args lock by asserting that security-criticaltool.execute.beforeplugins read fromoutput.args?.command, where the SDK actually places args for the before hook). Together they prevent every reviewer-wave fix from silently regressing. - AGENTS.md § Domain Boundaries exception note for
ry-design(composite Design-domain workflow consuming browser primitives) andry-tools.ts(multi-domain diagnostic aggregator plugin). Both exceptions are now explicit project documentation instead of being buried in plugin-file headers.
references/opencode-plugin-patterns.mdprose refreshed for v0.12.4 behavior across three paragraphs (--forceshort-flag cluster detection,rmparent-dir target,ry-system-contextTTL + sanitization).references/mcp-profiles.jsonconsumers (generate_*_index.pytrio +test_mcp_profiles.pyfixtures) bumped to string"1.0.0"for shape parity withopencode-baseline.json.scripts/check_baseline_consistency.pysuccess line now lists the full nine-pin set (was seven).
- Plugin SDK
@opencode-ai/[email protected](verified latest by research track; npm registry latest as of 2026-05-18 04:00 UTC). [email protected],[email protected],[email protected],@playwright/[email protected],@modelcontextprotocol/server-sequential- [email protected],[email protected],semgrep==1.163.0,serena-agent==1.3.0,[email protected],[email protected]— all verified upstream-latest by research track.- CVE landscape clean: not affected by CVE-2025-9611 (playwright pre-0.0.40), CVE-2026-22812 (opencode-ai pre-1.0.216), or CVE-2026-22813 (opencode-ai pre-1.1.10). No CVE for any pinned MCP server, Bun, gitleaks, ruff, jsonschema, referencing, PyYAML, pytest at HEAD.
- Total pytest cases: 473 passed + 1 skipped across 22 suites
(was 455 + 1 / 21 at v0.12.3; +18 new cases). New suite
test_check_workflow_injection.py(10). New cases intest_plugin_surface.py: +6 regression locks for CC_REGEX, rm- parent-dir, system-context sanitization + deterministic log, log/toast order, shortForce, .envrc, before-hook output.args. Mirror sync intest_permission_policy_regexes.pyfor the broadened shortForce + new rm parent-dir pattern.
All green at HEAD e24558e (the last reviewer-wave commit before this
release commit):
validate(Linux + macOS): greentypecheck-plugins(Linux + macOS): greenlint(Linux + macOS): greenopencode-runtime(Linux + macOS): greeninstruction-docs-check: greendependency-check: greencodeql: greensecret-scan: greenrelease: will fire on v0.12.4 tag push
The full review wave including the _summary.md plan disposition,
six reviewer reports, the research report, and per-finding evidence
lives at .serena/reviews/2026-05-18T0545Z-9feb4d7/ (gitignored
agent-only path). The summary captures every finding's disposition
(must-fix / should-fix / defer / false-positive) and the C1..C16
implementation order against the disposition.
Patch release applying the deferred reviewer findings flagged but not
blocked during the v0.12.2 audit-followup wave, plus the single CI
Lint fix that surfaced on the v0.12.2 push. No new features; the wave
is pure hardening + symmetry polish. Plugin SDK pin stays at
@opencode-ai/[email protected] (no upstream changes since v0.12.2).
- CI Lint failure on v0.12.2 push. ruff F541 flagged a stray
f-prefix on
[ERR] baseline.baseline must be an objectinscripts/check_baseline_consistency.py(no placeholders in the string). Dropped the prefix soLint / ruffreturns green. scripts/doctor_opencode.py--total-timeout could overrun by PER_CHECK_TIMEOUT_SECONDS. The previous main loop only checked the wall-clock deadline BEFORE each check fired; once a check started, it could run for the full 15 s even if--total-timeouthad only 1 s left. The fix exposes the per-check budget through a module-level getter (_per_check_budget()) that the main loop narrows tomin(PER_CHECK_TIMEOUT_SECONDS, remaining_wall_clock_s)with a 1 s floor before every invocation. Subprocess-spawning checks already read the budget at call time, so the new tighter value takes effect immediately. Closes Quality-review M..opencode/plugins/ry-system-context.tscache not directory-keyed. The TTL cache held a single module-level slot (cachedBranchHead), so an OpenCode session that spans multiple worktrees / project roots would serve a stalebranch=stamp from the wrong tree. Swapped forcacheByDirectory: Map<string, BranchHeadCache>so per-tree readouts are correct without changing the hot-path cost for single-directory sessions. Closes integration-review F-3.
scripts/tests/test_doctor_opencode.py::test_doctor_exit_3_when_ total_timeout_zeroasserts the actual exit-3 emission when the total timeout trips, replacing the previous test which accepted{0, 1, 3}and silently passed when the timeout never tripped. Closes verification-review M.scripts/tests/test_print_required_check_contexts.py(5 cases) pins the extractor's output contract: script exists + is executable, text mode header layout, JSON envelope shape, every PR-required context fromdocs/github/branch-protection.mdappears in the output, and the disk-vs-output count invariant. The extractor was the only script inscripts/without test coverage. Closes architecture-review L.scripts/validate_config.sh log_fail()helper for the 5th canonical log tag ([FAIL]) introduced by the 0.12.2 validators (check_baseline_consistency.py,validate_mcp_profiles.py). The helper is reserved for future bash-level fail tagging (shellcheck disable=SC2329annotated); today's red[FAIL]lines come straight from validator stderr. Closes consistency-review L.
references/mcp-profiles.jsonversionfield: integer1→ string"1.0.0"so the JSON shape mirrorsreferences/opencode-baseline.json(string SemVer). Consumers were not type-checking the field; this is purely shape parity. Closes consistency-review L.scripts/tests/test_mcp_profiles.pydrops theimport shutil+_ = shutilplaceholder anti-pattern; the import was never exercised after the fixture refactor. Closes consistency-review I.
- Total pytest cases: 455 passed + 1 skipped across 21 suites
(was 447 / 20 at v0.12.2; +8 new cases). New suite
test_print_required_check_contexts.py(5). New cases in existing suites:test_doctor_opencode.py(+1 exit-3 forced timeout),test_check_baseline_consistency.py(+2 invalid-JSON-operational- trailing-pin-drift), and trailing-pin coverage on the referencing package.
All green at HEAD 5377bd0 (post-follow-up push):
validate(Linux + macOS) — greentypecheck-plugins(Linux + macOS) — greenlint(Linux + macOS) — green (was red on v0.12.2; F541 fix)opencode-runtime(Linux + macOS) — greeninstruction-docs-check— greendependency-check— green (manual + scheduled smoke envelopes)codeql— greensecret-scan— greenrelease— will fire on v0.12.3 tag push
Patch release closing every blocker raised by the 2026-05-17 external
audit pass. The wave turns the "single mechanism" promise into static
gates: one baseline file declares every pinned version, one validator
enforces it across docs/package/lock/workflows, the OpenCode JSON Schema
validator resolves external $refs entirely offline, the doctor is
rewritten on a deterministic Python core with per-check + wall-clock
timeouts, the MCP server roster is profiled in a machine-readable file,
the smoke probe exposes --mode profiles for differentiated CI loads,
and ry-system-context.ts swaps its forever-cached branch/HEAD for a
3-second TTL that survives in-session git checkout.
references/opencode-baseline.json— single source of truth for every pinned version the marketplace targets:[email protected],@opencode-ai/[email protected],@opencode-ai/[email protected],[email protected],[email protected],pytest==9.0.3,PyYAML==6.0.3,jsonschema==4.26.0,ruff==0.15.13,[email protected], and[email protected]. Closes audit P0-1.scripts/check_baseline_consistency.py— gate that fails when.opencode/package.json,.opencode/bun.lock,.github/workflows/opencode-runtime.yml, any workflow'sbun-version, anypip install pkg==X.Y.Zline, the vendored schema, or any vendored external$refdrifts from the baseline. Surfaces a soft warning when the latestCHANGELOG.mdrelease block does not mention the bumped plugin version. Closes audit P0-1.references/mcp-profiles.json— machine-readable mapping of every server inopencode.json.mcpto exactly one profile (base,research,browser,security,design,repo) plus ahigh_contextset for cost-aware skill design. Closes audit P1-3.scripts/validate_mcp_profiles.py— validator that assertsskill.requires_mcp ⊆ opencode.mcp, every server is assigned to exactly one profile, no profile references an undeclared server, and emits soft warnings when a skill depends on ahigh_contextserver. Wired intoscripts/validate_config.sh. Closes audit P1-3.scripts/doctor_opencode.py— Python core for the doctor. Granular--check {agents,baseline,commands,config,git,mcp,plugins, schema,serena,skills}selection,--format {text,json}output,--total-timeoutwall-clock deadline (default 60 s), 15 s per per-check timeout, structured{check, status, duration_ms, details}result envelope, and exit-code semantics 0/1/2/3 (clean / fail / operational error / total-timeout).scripts/doctor_opencode.shis preserved as a thinexec python3 scripts/doctor_opencode.py "$@"adapter so existing operator muscle memory keeps working. Closes audit P0-3.scripts/print_required_check_contexts.sh— extracts the actual GitHub check contexts (workflowname:plus jobname:with matrix expansion) from.github/workflows/*.ymlsodocs/github/branch-protection.mdstays mechanically in sync with the workflow source. Closes audit P0-5.scripts/smoke_mcp_capabilities.py --modeprofiles —{all, static, local-launch, remote-head}selector. PR runs gate on--mode static, scheduleddependency-check.ymlruns--mode remote-headand--mode local-launch. Default--mode allpreserves the v0.12.1 backward-compatible single-mode invocation. Closes audit P1-4.references/models.dev-model-schema.json— vendored snapshot of the only external$refinreferences/opencode-config.schema.v1.15.4.jsonsoscripts/validate_opencode_schema.pyresolves the reference offline through areferencing.Registry. Any newly-added upstream external$refnow fails with a clearUnresolvableoperational error rather than triggering a silent network round-trip. Closes audit P0-2.
.opencode/package.jsonand.opencode/bun.lockbump@opencode-ai/pluginand@opencode-ai/sdkfrom1.15.3to1.15.4to matchreferences/opencode-baseline.json. Upstreamv1.15.4release notes scope to three bugfixes (project-scoped bus events, custom LSP refresh events, hidden background subagent task instructions) plus a TUI markdown polish. Server-sidePlugin/Hooksfactory contract and MCP<server>_<tool>tool-ID format are unchanged fromv1.15.3..opencode/plugins/ry-system-context.tsswaps its forever-cached branch/HEAD readout for aBRANCH_HEAD_CACHE_TTL_MS = 3_000TTL cache. The previous implementation cached at plugin factory init, which left the[rldyour runtime]prompt stamp stale for the remainder of any session that rangit checkout|switch|rebase. The new gate usesDate.now()to invalidate every 3 seconds while still suppressing 2 of the 3 git subprocesses on the hotexperimental.chat.system.transformpath. Closes audit P1-6.scripts/validate_opencode_schema.pynow builds an offlinereferencing.RegistryfromEXTERNAL_REF_VENDORED_ATand surfacesUnresolvableas a cleanexit 2with acurl ... -o references/...remediation hint. Closes audit P0-2.scripts/validate_config.shrunscheck_baseline_consistency.pyandvalidate_mcp_profiles.pyafter the existingcheck_action_pinsstep. A baseline drift or MCP graph break fails the gate..github/workflows/validate.ymladds three new gate steps:check_baseline_consistency.py,validate_mcp_profiles.py, andsmoke_mcp_capabilities.py --mode static. Acontinue-on-errordoctor_opencode.py --format json --total-timeout 30step publishes the JSON envelope for triage. The fullrepo restore step now follows a fallback contract ([ ! -f path ]+git showonly when the file is absent from the checkout) so a PR with a branch-localAGENTS.mdkeeps its own copy. Closes audit P1-5..github/workflows/release.ymlmirrors the validate gate set in the same order so a green release implies a green PR; also adopts the fullrepo restore fallback. Closes audit P1-5..github/workflows/opencode-runtime.ymladopts the same fullrepo restore fallback. Closes audit P1-5..github/workflows/dependency-check.ymlrunssmoke_mcp --mode remote-headandsmoke_mcp --mode local-launchas separatecontinue-on-errorsteps; both envelopes attach toGITHUB_STEP_SUMMARYso scheduled triage stays observable.docs/github/branch-protection.mdre-derived fromscripts/print_required_check_contexts.sh. Required PR contexts now cite the actual workflow names and matrix expansions (Validate rldyour-opencode / validate (ubuntu-latest), etc.). Scheduled-only and tag-only workflows moved out of the required PR contexts table to reflect their triggers. Closes audit P0-5.scripts/tests/test_doctor_opencode.pyfully rewritten to target the Python core. Uses AST traversal for the subprocess.run timeout invariant, strips(NNNms)per-check timings before comparing the bash wrapper output to the Python invocation, and asserts the new granular--check,--format json, and--total-timeoutcontract. Closes audit P0-3.scripts/tests/test_fullrepo_sync.pyadds an archive-safetyneeds_project_gitskipif for the PROJECT_ROOT-boundstatus-json/helpcases, plus an explicittimeout=argument on everysubprocess.runcall (PUBLISH_TIMEOUT for the heavierpublishfixture). Closes audit P0-4.scripts/tests/test_check_freshness.pyandtest_sanitize_diag.pyadd the missingtimeout=argument on everysubprocess.run. Closes audit P0-4.
- AGENTS.md L131 already states the plugin pin is manually
maintained and validated by
scripts/check_baseline_consistency.py(the unproven auto-rewrite claim flagged by audit P1-1 was already removed before this wave; the new validator now makes the "manually maintained" assertion mechanical instead of textual).
opencode.jsonkeeps the YOLO permission profile (edit: "allow",bash: "allow", plus the rest of the v1.15.x canonical set). Audit P1-2 was already settled indocs/decisions/009-yolo-full-auto-mode.md(ADR-009): single-developer trust + plugin guardrails (ry-shell-strategy + ry-permission-policy + ry-env-protection) rather than an interactive-friction profile. The 2026-05-17 audit re-raised this without referencing ADR-009; the rebuttal stays in ADR-009 verbatim.
- Total pytest cases: 447 passed + 1 skipped across 20 suites
(was 412 / 18 at
0f60f76, +35). New suites:test_check_baseline_consistency.py(9),test_mcp_profiles.py(11).test_doctor_opencode.pyrewritten (+5 cases vs the bash version).test_smoke_mcp.pyextended with 5 new cases for the--modeprofile selector.test_plugin_surface.pyextended with the ry-system-context TTL cache invariant. The skipped case is the missing-jsonschema-import path test, correctly skipped when the dependency is present.
validate(Linux + macOS) — green; new gates passingtypecheck-plugins(Linux + macOS) — greenlint(Linux + macOS) — greenopencode-runtime(Linux + macOS) — greeninstruction-docs-check— greendependency-check— green; new--mode remote-head+--mode local-launchsummaries publish toGITHUB_STEP_SUMMARYcodeql— greensecret-scan— greenrelease— to be re-validated whenv0.12.2tag fires
Patch consistency-polish release after the v0.12.0 audit closure. Closes
the CI failure that survived v0.12.0, extends macOS coverage to the new
runtime workflow, and lands symmetric machine-readable indices for the
remaining two catalogs (commands and plugins) so the static-validation
contract is consistent across all of .opencode/{skills,commands,plugins}.
- CodeQL workflow exit code. v0.12.0 still had CodeQL failing with
##[error]Resource not accessible by integration - workflow-runs#get-a- workflow-runAFTER successful analysis (SARIF correctly exported). Root cause: the CodeQL action's post-processing step (SARIF fingerprinting) calls a workflow-runs REST endpoint that requiresactions: read. Without it the action exits non-zero even though the artifact is correct. Addingactions: readalongside the existingcontents: readpermission fixes the exit code without widening privileges beyond reading public workflow metadata. The pattern had been failing on every push since 0.11.x — finally green once7e62d. scripts/fullrepo_sync.shsecret-scan false positive. The in-script secret-scan regex (canonical keyword followed by=plus a non-empty value on the same line) matched a doc-style shell example for theGITHUB_PERSONAL_ACCESS_TOKENenv var inCONTRIBUTING.md. Rewrote the setup-checklist step in prose so the operator guidance is equivalent but the regex no longer trips. Same scanner stays in place — only the doc form is normalised.
.github/workflows/opencode-runtime.ymlmacOS matrix. The workflow now runs onubuntu-latest+macos-latestwithfail-fast: false. The OpenCode CLI is cross-platform (Bun on Linux- macOS); running both catches Bun/macOS-specific regressions the Linux-only build would miss. Windows stays out of scope (POSIX shell semantics in plugin spawn).
.opencode/commands/index.jsongenerated byscripts/generate_commands_index.py. 10 commands mapped to domain + triggers + agent + subtask flag.--checkmode locks the contract in CI so a removed command or a renamed agent surfaces as a test failure rather than silent drift.scripts/tests/test_commands_index.pyadds 6 cases covering in-sync, valid-agent, valid-domain, and disk- matches-count invariants..opencode/plugins/index.jsongenerated byscripts/generate_plugins_index.py. 10 plugins mapped to hooks (extracted from source) + category + description + curated metadata (writes_files, network, defense-in-depth pair, registered custom tools, MCP dependencies for ry-tool-hints).--checkmode locks the generator output.scripts/tests/test_plugins_index.pyadds 6 cases including a defense-in-depth-pair bidirectionality assertion that locks the ADR-006 invariant in static form.CONTRIBUTING.mdfine-grained PAT setup checklist. 5-step onboarding section for theGITHUB_PERSONAL_ACCESS_TOKENenv var, with backlinks todocs/security/mcp-trust-boundaries.md. Closes security review F-4 (advisory).
validate.ymlandrelease.ymlnow invokescripts/generate_commands_index.py --check --strictandscripts/generate_plugins_index.py --check --strictalongside the existing skills-index check.- README counts refreshed: 11 workflows, 18 suites / 412 pytest cases, 23 top-level scripts.
.opencode/.gitignorereordered comments sonode_modules/is the primary directive andpackage-lock.jsonis documented as the diagnostic-only npm-side artifact.
- Total pytest cases: 412 across 18 suites (was 399 / 16 at
1bc42ed, +13). New suites:test_commands_index.py(6),test_plugins_index.py(6). The skipped case is the missing-jsonschema-import path test, correctly skipped when the dependency is present.
validate(Linux + macOS) — greentypecheck-plugins(Linux + macOS) — greenlint(Linux + macOS) — greenopencode-runtime(Linux + macOS) — green (new macOS matrix exercised cleanly)instruction-docs-check— greendependency-check— green (weekly + dispatch; freshnessstale: 0)codeql— green (afteractions: readfix)secret-scan— greenrelease— green (created v0.12.0 GitHub Release with sbom.json asset)
Minor release closing every P0 and P1 finding from the external audit (2026-05-17 archive review) plus the Phase 2 scalability slice. The release moves the marketplace from "right architecture, fragile reliability" to "right architecture, hardened reliability + documented governance".
- P0-1 —
ry-flow-hooks.tshook contract.tool.execute.afterpreviously read the bash command fromoutput.args.command. The@opencode-ai/[email protected]SDK contract placesargsoninput, so the buggy form silently swallowed everygit commit/git push/git merge/git cherry-pick/git rebasedetection — Conventional Commits validation and the/ry-syncpost-commit nudge were dead. Introduced agetBashCommand(input)helper, locked the contract withtest_plugin_surface.py::test_flow_hooks_reads_command_from_input_args, and added a parallelgetBashOutput(output)helper for symmetry. - P0-2 — Lockfile policy.
.opencode/.gitignorepreviously listedbun.lock,package-lock.json, and evenpackage.jsonas ignored, sobun install --frozen-lockfileintypecheck-plugins.ymlandrelease.ymlran against a missing lockfile in CI. New policy: Bun canonical..opencode/.gitignoreis now justnode_modules/,.opencode/bun.lockis tracked, and.opencode/package-lock.jsonis removed. Workflow path filters intypecheck-plugins.ymlanddependency-review.ymlpoint atbun.lockinstead. Note: OpenCode's runtime auto-rewrites.opencode/package.jsonon startup to match the installed CLI version (AGENTS.md § Plugins), so the committed pin tracks whatever OpenCode is currently running; the v0.12.0 baseline is@opencode-ai/[email protected]mirroring the v1.15.3 runtime, withopencode-runtime.ymlpinning the CI runtime to[email protected]to detect contract regressions before the local runtime gets bumped. - P0-4 — OpenCode runtime job. The static
validate_config.shruntime check used to skip whenopencodewas off PATH, which was always the case in GitHub-hosted runners. New.github/workflows/opencode-runtime.ymlinstalls a pinned[email protected]viabun install -g, runsopencode --version,opencode debug config, and the runtime smoke insidevalidate_config.sh— the resolver is now an actual CI gate. - P0-5 — Serena project languages.
.serena/project.ymlnow liststypescript,python,yaml,json,markdown,bashinstead of the YAML-only subset; the 10 TypeScript plugins and the 19 Python scripts now get full semantic indexing. - autoupdate flip.
opencode.json.autoupdateflipped fromtrueto"notify". The runtime no longer drifts between sessions; the operator gets a notification instead of an automatic mutation. - Opus 4.7 reference cleanup. README, AGENTS.md, and
.opencode/agents/ry-explore.mdpreviously claimed@ry-exploreran on Opus 4.7 / 1M context. Per the marketplace policy, every subagent inherits the user's chosen top-levelmodel(currentlyopencode-go/glm-5.1) — no per-agent override is set. References refreshed.
- Plugin spawn timeouts.
ry-system-context.ts::readGitOutputnow arms a 800 mssetTimeout+proc?.kill()so the hotexperimental.chat.system.transformpath cannot stall on a slow FS or lockfile contention.ry-tools.ts::runScriptaccepts a{ timeoutMs, maxOutputBytes }budget per tool, returns structured{ timedOut, truncated }results, and renders a deterministicformatTimeoutResulton the kill path. Five tool budgets: validate 30 s, check_deps 30 s, lsp_health 20 s, git_audit 15 s, fullrepo_status 15 s. ry-env-protection.tswidening. Sensitive path matchers for.ssh/,.gnupg/,.aws/switched to component-bounded(^|/)\.foo/form (the previous/\.foo/form silently missed relative paths). Added a fourth attack vector: data-movement utilities (cp/mv/tar/zip/base64/find/scp/ rsync/openssl/gzip/7z) targeting sensitive path tokens. Documented in-file as a best-effort interactive guardrail (not DLP).ry-shell-strategy.ts--no-verify widening. Previously blocked only when the branch token matched product names. Now blocks everygit push --no-verifyby default; explicit opt-out viaRY_ALLOW_NO_VERIFY=1env var.shell.envalso gainedNO_UPDATE_NOTIFIER=1and anRY_DISABLE_CI_ENV=1escape hatch for interactive TTY-aware workflows.ry-command-audit.tsresilience.mkdir -p .serenabefore write (handles fresh clones without restored agent-only context). Uses Bun's atomic write-then-rename semantics for crash safety; multi-instance audit race window documented in-file.- AGENTS.md § CI/CD and Git Mutation Gate. Explicit policy that the
agent must not create, edit, delete, enable, disable, or trigger CI/CD
workflows, release pipelines, branch protection, GitHub secrets, or
remote-state mutations unless the user explicitly requests that change.
Referenced from
/ry-start,/ry-sync, and/ry-deploycommand templates. - JSON Schema offline validation. New
scripts/validate_opencode_schema.pyvalidatesopencode.jsonagainst the vendoredreferences/opencode-config.schema.v1.15.4.json(fetched from https://opencode.ai/config.json). Usesjsonschema==4.26.0via uvx so CI never depends on opencode.ai being reachable.
.opencode/skills/index.jsonmachine-readable.scripts/generate_skills_index.pyproduces a deterministic JSON map of every SKILL.md → domain → MCP requirements → triggers → network class.--checkmode fails CI when the committed index drifts from the generator output. Catches "skill silently references a removed MCP" bugs at static-validation time.docs/security/mcp-trust-boundaries.md. 13 MCP servers classified by trust class (trusted-official / trusted-public / local-only / secrets-required / network-optional) plus repo-read / repo-write flags and recommended CI mode. Pairs with thery-env-protection.tsscope statement.docs/github/branch-protection.md. Operator-side governance contract: required status checks formain, linear history, force-push ban, codeowner review enforcement,gh apisnippet for restore. The agent does not apply these — owners do. Documented so a future audit knows what to expect.- ADR-009 — YOLO / full-auto permission profile. Locks in the explicit
trust-model rationale for keeping global
edit: "allow"andbash: "allow"inopencode.json. Auditors will likely flag the permission model again; this ADR is the documented "we know it's broad and we chose it" record, citing the defense-in-depth plugin pair and the single-developer scope.
- Total pytest cases: 399 across 16 suites (was 383 at
bbd528c, +16). New suites:test_validate_opencode_schema.py(7 cases),test_skills_index.py(6 cases). New cases intest_plugin_surface.py:test_flow_hooks_reads_command_from_input_args,test_plugin_spawn_calls_have_timeout_guard,test_ry_env_protection_blocks_data_movement_utilities. CI count is 398 passed + 1 skipped (the missing-jsonschema-import path test, correctly skipped when the dependency is present).
- Run
cd .opencode && bun installto refresh the local lockfile against the newpackage.json. The committed.opencode/bun.lockis the canonical source of truth from this release onward. - If you keep
.serena/project.ymlcustomizations, merge the new languages list (typescript,python) with your overrides; Serena needs both for full semantic indexing. - If you relied on the implicit Opus 4.7 claim for
@ry-explore, setagent.ry-explore.modelin your localopencode.jsonoverlay — the marketplace default no longer makes that promise. - If
git push --no-verifyis part of your workflow, setexport RY_ALLOW_NO_VERIFY=1in the shell session that needs the override; otherwisery-shell-strategy.tsblocks the call.
Patch dependency-maintenance release accepting the open Dependabot bump for the OpenCode plugin SDK. The @opencode-ai/plugin patch update preserves the runtime hook surface, tool-ID format, and Project SDK shape consumed by every plugin — verified by the strict TypeScript baseline against all 10 plugins.
.opencode/package.jsonbumps@opencode-ai/pluginfrom1.15.3to1.15.4. Upstreamv1.15.4release notes scope to bugfixes (project-scoped bus events, custom LSP refresh events, hidden background subagent task instructions) plus a TUI markdown polish; the server-sidePlugin/Hooksfactory contract and MCP<server>_<tool>tool-ID format are unchanged..opencode/bun.lockand.opencode/package-lock.jsonregenerated from the bumped manifest.- README, AGENTS.md,
references/opencode-plugin-patterns.md,scripts/_validate_helpers.py, andscripts/tests/test_validate_helpers.pyrefresh1.15.3→1.15.4plugin-pin citations while preserving historical "removed between v1.14.48 and v1.15.3" facts (thecodesearchpermission key removal). - Dependabot PR #6 is superseded by this commit; close after merge.
- Total pytest cases: 383 across 14 suites (unchanged from
108fc29). bunx --bun tsc --noEmit -p .opencode/tsconfig.jsonpasses against@opencode-ai/[email protected].bash scripts/check_deps_freshness.sh --check-freshness --jsoncontinues to reportstale: 0, errors: 0for all MCP pins.
Patch dependency-maintenance release closing the current Dependabot backlog, clearing live MCP freshness drift, and adding a guard against GitHub Actions SHA/comment drift.
scripts/check_action_pins.pyvalidates every external workflowuses:entry is pinned to a 40-character SHA and carries an inline semver tag comment.--remoteresolves the tag throughgit ls-remoteand verifies it points at the pinned SHA, including annotated-tag dereference.scripts/tests/test_action_pins.pyadds regression coverage for SHA-pinned actions, local/docker skips, tag-only rejection, missing-comment rejection, annotated tags, and mismatched SHA/comment drift.dependency-check.ymlnow runsscripts/check_action_pins.py .github/workflows --remotebefore the registry freshness probe.collect_diagnostics.shnow capturesaction-pins.txtfor local triage bundles.
- GitHub Actions pins refreshed to current upstream stable refs verified with
git ls-remote:actions/checkoutv6.0.2,actions/setup-pythonv6.2.0,actions/setup-nodev6.4.0,oven-sh/setup-bunv2.2.0,actions/upload-artifactv7.0.1,github/codeql-actionv4.35.5,actions/dependency-review-actionv5.0.0, andsoftprops/action-gh-releasev3.0.0. - Workflow runtime pins refreshed: Bun 1.3.14, pytest 9.0.3, and ruff 0.15.13. PyYAML 6.0.3 and gitleaks 8.30.1 remain current.
- MCP pins refreshed:
chrome-devtools-mcp0.26.0 andsemgrep1.163.0.scripts/check_deps_freshness.sh --check-freshness --jsonnow reportsstale: 0. .github/dependabot.ymlraises npm and GitHub Actions open-PR limits from 5 to 10 so future action-update backlog cannot block additional recommendations.- README, AGENTS.md,
.claude/CLAUDE.md, dependency-update docs, observability docs, release process, and ADR-007 now document the action-pin integrity guard and the 0.11.6 validation baseline.
- Total pytest cases: 383 across 14 suites (was 377 at
566b738, +6). New suite:test_action_pins.py.
Patch release fixing a live fullrepo_sync.sh publish cleanup gap found during final post-task git audit.
scripts/fullrepo_sync.sh publishnow explicitly removes its temporary staging worktree on the success path, while keeping the existing EXIT trap as a failure-path safety net. This prevents detached/tmpworktrees from accumulating after successfulfullrepopublication.test_fullrepo_sync.pynow asserts the publish path leaves only the main worktree registered after publishing to a local bare origin.
Patch release aligning the release workflow's validation context with validate.yml after the v0.11.3 tag run proved release pytest was missing agent-only instruction docs.
release.ymlnow fetchesorigin/fullrepo, installs the canonical fullrepo exclude block, and restores onlyAGENTS.mdplus.claude/CLAUDE.mdbefore running the shared pytest corpus. This mirrorsvalidate.ymlwithout overlayingscripts/or.opencode/fromfullrepoover the tagged release checkout.
Patch release fixing the live release/SBOM workflow pins after the first v0.11.2 tag run proved two immutable action SHAs were invalid upstream.
release.ymlandsbom.ymlnow pinCycloneDX/gh-node-module-generatebomto the verifiedv1.0.3commit27e13c2bf0fae78d66387b35ca9749d8cc853060.release.ymlnow pinssoftprops/action-gh-releaseto the verifiedv2.6.1commit153bb8e04406b158c6c84fc1615b65b24149a1fe.- Manual release dispatch now passes the resolved input tag to
softprops/action-gh-releaseviatag_name, so tag-triggered and manually-triggered releases target the same version.
Patch release aligning the repository-local fullrepo workflow with the generic rldyour-flow post-task state contract. This removes the completed-sync Stop-hook loop where rldyour-opencode was clean locally but generic flow state still reported fullrepo_needs_attention: true.
scripts/fullrepo_sync.sh publishnow publishes a complete portable snapshot: currentHEADplus ignored agent-only files (AGENTS.md,.claude/CLAUDE.md,.serena/memories/*, etc.). Runtime markers and caches are stripped before commit. This supersedes the former agent-only orphan tree that omittedopencode.json,VERSION,.github/workflows/, and other runtime files.scripts/fullrepo_sync.sh status-jsonnow reports tree parity fields (expected_fullrepo_tree,local_fullrepo_matches_worktree,remote_fullrepo_matches_worktree) so local and generic flow checks can agree on whetherfullrepois current.- Stop-hook loop root cause documented in new ADR-008, with ADR-005 marked superseded.
VERSIONbumped to0.11.2.- Added
workflow_dispatchtriggers tovalidate.yml,typecheck-plugins.yml,lint.yml,codeql.yml,secret-scan.yml, andinstruction-docs-check.ymlso the full CI set can be manually launched after maintenance work even when path filters would otherwise skip a workflow. - Release, rollback, observability, README, AGENTS, and Claude instructions now describe
fullrepoas a completeHEAD + agent-onlygenerated branch.
- Total pytest cases: 377 across 13 suites (was 374 at
babc224, +3).test_fullrepo_sync.pynow has 20 cases and includes a real local-bare-origin publish test proving thatfullrepocontains root runtime files plus agent-only files while excluding.serena/.flow_sync_marker.
Patch stabilization pass closing the deferred 0.11.0 reviewer findings that were below the release-blocking threshold. The patch tightens parser fidelity, dependency freshness ordering, and plugin advisory coverage without changing public marketplace layout.
scripts/_validate_helpers.pyduplicate-key detection now usesyaml.composenode traversal after strictyaml.safe_load, so quoted duplicate top-level keys (for example"name"repeated twice) are rejected by the same YAML parser surface that loads the frontmatter. The old regex pass only caught unquotedkey:lines.scripts/_check_freshness.pyprerelease ordering now compares(major, minor, patch, stability)tuples, with stable releases sorted above matchingdev/rc/alpha/beta/preview/nightly/snapshotbuilds.1.3.0.dev0vs1.3.0now reportsstale; the inverse reportsahead..opencode/plugins/ry-env-protection.tscommand tokenization now preserves literal backslashes inside path tokens. Escaped shell paths keep enough information forisSensitivePath()instead of being split before inspection..opencode/plugins/ry-shell-strategy.tsdestructive-rm advisory now warns for bare recursive build-output targets such asrm -rf build/rm -rf dist;node_modulescleanup remains the explicit non-catastrophic warning allowlist.
VERSIONbumped to0.11.1..github/workflows/codeql.ymlnow loads.github/codeql/codeql-config.yml, explicitly scanning.opencode/plugins,scripts, and workflow files. This prevents the JavaScript/TypeScript CodeQL job from seeing only workflow YAML while missing plugin sources under the hidden.opencode/directory..github/workflows/codeql.ymlnow keeps CodeQL extraction/query execution as a CI gate withupload: neverand uploads SARIF as a workflow artifact, because this private repository does not currently have GitHub Code Security enabled for code-scanning SARIF ingestion..github/workflows/validate.ymlnow installs the pinned PyYAML dependency before invokingscripts/validate_config.sh; live GitHub runners do not carry PyYAML by default..github/workflows/secret-scan.ymlnow installs thegitleaksv8.30.1 CLI directly from the official release tarball with SHA256 verification, avoiding the organization/private-repository license gate ingitleaks/gitleaks-action..gitleaks.tomlallowlists only the synthetic sanitizer regression fixture files that intentionally contain fake token/private-key strings; the workflow still scans git history for every other path..github/workflows/validate.ymlnow restores onlyAGENTS.mdand.claude/CLAUDE.mdfromorigin/fullrepofor test-time cross-layer assertions, while leavingscripts/and.opencode/on the exactmain/ PR checkout being validated.scripts/fullrepo_sync.shaddsinstall-excludefor CI and bootstrap flows that need the.git/info/excludeblock without restoring the full agent-only tree.scripts/fullrepo_sync.sh status-jsonnow reportsserena_memory_count: 0when.serena/memoriesis absent, matching normal clean GitHub runner checkouts instead of exiting underset -euo pipefail..github/workflows/dependency-review.ymlnow skipsactions/dependency-review-actionon private repositories and emits explicit notices, because GitHub Dependency Review requires Dependency Graph plus GitHub Advanced Security there;dependency-check.ymlremains the portable pin/freshness gate.README.md,AGENTS.md,.claude/CLAUDE.md, and Serena release memories refreshed from the 0.11.1 validation baseline.- Corrected the 0.11.0 changelog test-count line from stale intermediate numbers to the final
7c02482collection state.
- Total pytest cases: 374 across 13 suites (was 357 at
7c02482, +17). Breakdown: 52 validate_helpers + 12 extract_pins + 129 skill_routing + 16 command_audit_sanitizer + 11 plugin_surface + 4 opencode_resolve + 44 permission_policy_regexes + 11 smoke_mcp + 7 validate_instruction_docs + 8 doctor_opencode + 23 sanitize_diag + 40 check_freshness + 17 fullrepo_sync.
Audit-driven stabilization pass closing every P0/P1 finding from four parallel external audits (ChatGPT 5.5 Pro prompt + three deep-audit reports). Closes a class of silent regex-only validation failures, completes defense-in-depth coverage at the unconditional layer, removes dead Project casts, refreshes drift between stale counts/pointers and HEAD facts, expands CI baseline to Ubuntu + macOS matrix, adds governance scaffolding, and ships three new ADRs.
- CRITICAL — strict YAML frontmatter validation (
scripts/_validate_helpers.py). Replace regex-based_yaml_top_key/_yaml_block_child_keyswithyaml.safe_load. The regex parser silently accepted 6 reviewer agent frontmatter files whosedescription:line contained an unquoted second colon (e.g.description: Orchestrated architecture review: boundaries, ...) — invalid YAML under any standards-conformant 1.2 implementation. PyYAML 6.0.3 is now a hard dependency of the validator; CI installs it viauvx --with pyyaml==6.0.3. - CRITICAL — quote 6 reviewer agent descriptions (
flow-architecture-review,flow-consistency-review,flow-integration-review,flow-quality-review,flow-security-review,flow-verification-review) so the same content parses as a YAML scalar instead of triggering a mapping-values-not-allowed error. scripts/_validate_helpers.py::validate_opencode_jsonnow catchesFileNotFoundErrorgracefully and reports a deterministic[ERR]line instead of an unhandled traceback when the manifest is missing.scripts/_validate_helpers.py::validate_agentnow acceptsmode: allper OpenCode v1.15.x docs alongsideprimaryandsubagent. Previously rejected as an unknown mode — would have broken any future config that uses theallmode default documented at https://opencode.ai/docs/agents.scripts/_validate_helpers.py::validate_skillnow explicitly rejects the eight Claude Code / Codex residue fields (allowed-tools,disable-model-invocation,model,effort,maxTurns,paths,context,agent) listed as forbidden inAGENTS.mdskill rules. Previously silent.- HIGH —
.opencode/plugins/ry-shell-strategy.tsdefense-in-depth completion. Add unconditionaltool.execute.beforethrows for two patterns previously only caught bypermission.ask(which fires only when bash permission is statically"ask"— not"allow"as the Build agent uses globally): (a) catastrophicrm -rftargeting root /$HOME/~/ cwd withnode_modulescleanup as the explicit allowlist exception; (b)git push --no-verifyonmain/master/release/productionbranches. Both throws nowlog("error")BEFORE the toast and throw, so the audit trail records the block reason even if the TUI toast call fails silently. Same hardening applied to the existing force-push throw. - HIGH —
.opencode/plugins/ry-bootstrap.tsdead Project cast. Replace hand-rolledproject as { name?: string; path?: string }cast with the typedproject.worktreefield from@opencode-ai/sdkProject(gen/types.gen.d.ts:607). Neithernamenorpathare typed Project fields;nameis derived from the basename ofworktreeinstead. .opencode/plugins/ry-env-protection.tswidens bash secret-read detection fromcat|head|tail|less|more|typeonly to also covergrep|sed|awk|strings|xxd|od|hexdump|cut(text and binary dumpers),bat|view|nano|vim|vi|emacs(pagers and editors), one-liner script execs (python3 -c,node -e,ruby|perl|bash|sh|fish|zsh -[ce]), and shell redirects (< secrets.env). Path detection now reuses the existingisSensitivePath()function so the.env.example/.template/.sampleallowlist is honoured uniformly acrossreadandbashtool blocks.
- (group F) Wire network-backed dependency freshness in
scripts/check_deps_freshness.shwith--check-freshnessflag, per-pin timeout, npm view + PyPI JSON API. JSON envelope extended withlatest,stale,sourcefields. - (group F) Add
.serena/.command_audit.logtoscripts/fullrepo_sync.sh::RUNTIME_EXCLUDE_PATTERNS(mirrors the project-root.gitignorerule installed in 0.10.0). - (group F) Widen
scripts/fullrepo_sync.shsecret-scan to all text files (Python.py, plain.log, no-extension files) usinggrep -rI; previous coverage missed Python tests and runtime logs. - (group F) JSON-escape
scripts/fullrepo_sync.sh status-jsonoutput via Python helper (json.dumps) instead of heredoc interpolation; previously could produce malformed JSON when a branch name contained"or\. - (group G) New pytest suites:
test_fullrepo_sync.py(publish/status/restore paths),test_sanitize_diag.py(every ordered redaction pattern),test_check_deps_freshness.py(envelope + flags). Extension oftest_validate_helpers.pywith strict YAML + FileNotFoundError +mode: all+ forbidden-skill-field cases. - (group H)
.opencode/tsconfig.jsonstrict-mode plugin config + baselinebunx tsc --noEmit. - (group I) Expanded CI baseline —
validate.yml,dependency-check.yml,instruction-docs-check.yml,typecheck-plugins.yml,lint.yml(ruff),codeql.yml,secret-scan.yml(gitleaks),dependency-review.yml,release.yml,sbom.yml. All actions pinned to commit SHA,permissions: contents: readper workflow,concurrencycancel-in-progress groups, explicittimeout-minutes. Ubuntu + macOS matrix forvalidate,typecheck-plugins,lint. CodeQL / gitleaks / dependency-review / SBOM stay Ubuntu-hosted (platform-independent)..github/dependabot.ymlfor weekly npm and github-actions ecosystem updates. - (group J) Governance scaffolding:
CONTRIBUTING.md,SECURITY.md(private disclosure route),CODE_OF_CONDUCT.md(Contributor Covenant 2.1),.github/CODEOWNERS,.github/pull_request_template.md,.github/ISSUE_TEMPLATE/{bug_report,feature_request,config_question}.md. - (group K) Three new ADRs (MADR 4.0.0):
005-fullrepo-snapshot-boundary.md(declares two artifact classes: normal-branch checkout vsfullrepoagent-only snapshot, with snapshot-aware validation),006-defense-in-depth-complete.md(tool.execute.beforeunconditional +permission.askdeny-only, with mandatory test-side coverage for force-push / catastrophic rm /--no-verify),007-ci-mirrors-local-validation.md(local scripts are the source of truth, CI is thin wrappers; SHA-pinned actions, least-privilege permissions, concurrency groups).
AGENTS.mdvalidation command line refreshed (259/9 -> 282/10, PyYAML pin added touvxenv). Permission keys section replaces incomplete 14-key list with full 17-key canonical set (v1.15.x JSON Schema), citessst/opencode#15507silent-acceptance risk.README.mdpytest count table: 9/259 -> 10/282 with newdoctor_opencodesuite. Project structure block: 9 -> 10 suites. Models block: surface the real default (opencode-go/glm-5.1) plus Anthropic alternatives in a two-column table; document theopencode debug config | grepruntime smoke for verifying resolved model after switching providers..claude/CLAUDE.mdcatalog row counts: 9/259 -> 10/282, repo version 0.10.1 -> 0.11.0. Validation cookbook: PyYAML pin inuvxinvocation. Broken pointerCORE_00_memory_index.md->CORE-01-INDEX.md.- All 4 ADR supersession banners (
docs/decisions/001..004): broken pointerCORE_02_opencode_config.md->CORE-02-PROJECT-SHAPE.md(file referenced never existed under that underscore-style name; current taxonomy usesAREA-01-SLUG.md). references/opencode-plugin-patterns.mdremoves the deadproject as { name?, path? }cast guidance..serena/memories/*synchronized to HEAD facts:CORE-01-INDEX.md,RELEASE-01-VALIDATION.md,TECHDEBT-01-NOW.md,CODEX-01-PLUGIN-CANON.mdupdated with new pytest suite count, version bump, resolved-pattern entries for groups A-D.
- Total pytest cases: 357 (was 282 at HEAD
1e14c22, +75). Suite breakdown across 13 suites: 50 validate_helpers + 12 extract_pins + 129 skill_routing + 16 command_audit_sanitizer + 9 plugin_surface + 4 opencode_resolve + 44 permission_policy_regexes + 11 smoke_mcp + 7 validate_instruction_docs + 8 doctor_opencode + 23 sanitize_diag (new) + 29 check_freshness (new) + 15 fullrepo_sync (new).
Hardening pass closing every deferred item from the 0.10.0 reviewer round (Architecture H-1..L-3, Verification C-1, H-1..H-3, M-1..M-5). Repairs a silent-broken regex class that affected the security-critical permission-ask and tool-execute layers, redacts secrets from diagnostic bundles, sharpens MCP smoke semantics, and lifts pytest coverage by 65 cases.
- CRITICAL — flag-boundary regex repair (
ry-permission-policy.ts,ry-shell-strategy.ts). The regex\b--force\band its siblings\b--force-with-lease\b/\b--no-verify\bsilently match nothing on real input:\bdoes not assert at a position where both adjacent characters are non-word (space then-). As a result thepermission.asklayer never denied a force-push (always defaulted to "ask") and thetool.execute.beforelayer inry-shell-strategy.tsthrew on the SAFE--force-with-leaseform because the whitelist regex never matched. Replace with a flag-boundary lookbehind/lookahead pair(?<![A-Za-z0-9-])--force(?![A-Za-z0-9-])that matches--forcebut not--force-with-lease, plus/iflag so--FORCEis also caught. ry-permission-policy.tsproduct-branch alternation. The flat form\bmain|master|release|production\bparsed as four alternatives with mismatched word boundaries, somainline/mainframe/productionishwere false-positively denied. Group as\b(main|master|release|production)\bso the boundaries apply uniformly.ry-permission-policy.tsforce-push short form. Add-fshort form ((?:^|\s)-f(?:\s|$)) alongside--force. Previously only--forcewas caught.scripts/collect_diagnostics.shsecrets-in-bundle.opencode debug configsubstitutes real env tokens (CONTEXT7_API_KEYctx7sk-*, GITHUB_PERSONAL_ACCESS_TOKENgho_*/ghp_*, ANTHROPIC_API_KEYsk-ant-*) into its JSON output. The diagnostics bundle copied that verbatim, leaving secrets on disk indiagnostics/(git-ignored but local-readable). Route everyrun_cmdoutput through a newscripts/_sanitize_diag.pystripper covering the vendor prefix set used by the marketplace; bundle is now secret-free by construction.scripts/smoke_mcp_capabilities.pyfalse-alive on fast clean exit.probe_localclassifiedexit_code=0inside the probe window asalive; a launcher that prints--helpor a version banner and exits 0 would therefore pass the smoke. Tighten to "onlyTimeoutExpired(still running) proves alive; clean fast exit isindeterminate; non-zero exit isfail." Local result against the current 13-server marketplace: 6 indeterminate (chrome-devtools, dart-flutter, playwright, sequential-thinking, serena, shadcn — all exit 0 on stdin EOF), 0 failed.
scripts/_sanitize_diag.py— credential-pattern stripper. Mirrors.opencode/plugins/ry-command-audit.ts::sanitizeArgsplus a Context7 entry forctx7sk-and an Anthropic entry forsk-ant-. Does NOT enable the fallback opaque-32-char redactor (false-positive on commit SHAs and dependency-pin strings present in diagnostic bundles). Pattern order is more-specific-first; the genericsk-pattern uses a negative-lookbehind word boundary so order regressions cannot leak inside a longer compound prefix (e.g.ctx7sk-).scripts/tests/test_permission_policy_regexes.py(44 cases) — Python mirror of every regex inry-permission-policy.tswith positive + negative + edge cases (force-push--force/--FORCE/--force=true/-f; safe--force-with-lease; rm -rf//$HOME/~/~//.; rm node_modules cleanup allowlist; safe~/specific-subdirand./scoped/path; --no-verify on main/master/release/production; --no-verify on feature/mainline/mainframe/productionish). Includes a lockstep guard that fails if the TS source and Python mirror diverge.scripts/tests/test_smoke_mcp.py(11 cases) — self-tests forsmoke_mcp_capabilities.py: probe_remote HEAD success, HTTP-error-still-alive (401/403/405), HEAD-then-GET fallback, total network failure → fail; probe_local skip on missing launcher, alive on timeout, indeterminate ontrue, fail onfalse; main() exit codes 0 / 1 and --json envelope shape.scripts/tests/test_validate_instruction_docs.py(7 cases) — self-tests forvalidate_instruction_docs.py: missing file / too-short file / missing heading / all-good check_doc paths; main() exit codes; --json envelope shape usingtmp_pathso the realAGENTS.mdand.claude/CLAUDE.mdare untouched.scripts/tests/test_plugin_surface.py— 3 new structural tests (Verification M-3 + H-1 + H-3):test_no_console_log_in_plugin_production_codeenforces the 0.10.0 migration toclient.app.log+client.tui.showToast;test_ry_tool_hints_dispatch_path_wiredproves thetool.definitionhook reachesoutput.description;test_ry_system_context_injects_runtime_fieldsproves the runtime line carries date/branch/head/worktree with"unknown"fallback..github/workflows/dependency-check.ymlsmoke step — runssmoke_mcp_capabilities.py --jsonin the weekly cron and publishes the envelope toGITHUB_STEP_SUMMARY.continue-on-error: truekeeps a transient network failure from blocking the workflow; the summary still surfaces the outage for review.
scripts/tests/test_opencode_resolve.pyhardened against pytest stdout-capture truncation (Verification C-1).test_debug_skill_count_matches_directorydeterministically failed in isolation under default pytest capture (the 143 KiBopencode debug skillJSON gets truncated mid-string before the regex scan). Replaced withtest_debug_skill_resolves_cleanly— head-substring probes for"name"and"description"keys; lettest_plugin_surface.py::test_all_expected_plugins_existenforce the actual count on disk.test_debug_config_resolves_cleanlyadds a"default_agent"probe and drops the"compaction"probe (the latter lives past 4 KiB after the LSP block).scripts/smoke_mcp_capabilities.pyoutput. Newindeterminatestatus +[?]glyph + counter in both text and JSON output. Exit code stays 0 unless something genuinely failed.
- Total pytest cases: 259 (was 194). Breakdown: 27 validate_helpers + 12 extract_pins + 129 skill_routing + 16 command_audit_sanitizer + 9 plugin_surface + 4 opencode_resolve + 44 permission_policy_regexes + 11 smoke_mcp + 7 validate_instruction_docs.
OpenCode v1.14.48 best-practice uplift driven by a multi-source research pass (Context7 + DeepWiki + Grep MCP + opencode.ai docs + community marketplaces). Closes the hook-coverage gap, fixes a critical tool-ID format regression, hardens reviewer subagents, ships infrastructure for ongoing freshness checks, and brings every advisory message into the TUI.
.opencode/plugins/ry-permission-policy.ts— newpermission.askdeny-only policy plugin. Blocksgit push --forcewithout--force-with-lease, catastrophicrm -rftargets (root, $HOME, ~/, cwd; allowlistsnode_modulescleanup), andgit push --no-verifyon main/master/release/production. Never auto-allows; preserves user consent on legitimate prompts..opencode/plugins/ry-system-context.ts— newexperimental.chat.system.transformplugin injecting today's date, current git branch, HEAD short SHA, and dirty-tree status into every system prompt. Fixes "what day is it / what branch are we on" classes of LLM grounding errors that static AGENTS.md cannot address.ry-bootstrap.tsexperimental.compaction.autocontinuehook — disables the synthetic "continue" turn that OpenCode injects after a context-overflow auto-compaction. Reviewer / security / sync agents typically produce a final report; an auto-continue turn either re-does the work or generates empty filler.scripts/smoke_mcp_capabilities.py— new stdlib-only MCP capability smoke probe. Remote MCP gets a HEAD-then-GET reachability check with HTTP-status-as-alive semantics (401/403/405 prove the server answered). Local MCP spawns the launcher for a 3-second window; missing launcher →skip(fresh-checkout safety), non-zero exit inside the window →fail, otherwisealive.--jsonmode for automation.scripts/collect_diagnostics.sh— timestamped local diagnostic bundle underdiagnostics/(now git-ignored) collecting git metadata, validator log, dependency-pin report, flow / fullrepo / MCP-smoke state, runtime fingerprint, and optionally LSP + opencode doctor with--include-doctor.scripts/validate_instruction_docs.py— verifiesAGENTS.mdand.claude/CLAUDE.mdexist, exceed a minimum-byte threshold, and contain required anchor headings. Catches accidental deletion / truncation / template-only state during a release.docs/observability.md— operational guide enumerating what to check first, the three plugin observability channels (toast / app log / tool metadata), the diagnostic-bundle contract, CI observability surface, and a failure-triage order.pyrightconfig.json— Python static type-check baseline for thescripts/tree.typeCheckingMode: basic, missing-type-stubs noise suppressed..github/workflows/dependency-check.yml— weekly cron (Mon 06:00 UTC) +workflow_dispatchthat runsscripts/check_deps_freshness.sh --jsonand surfaces the pinned-dependency JSON envelope viaGITHUB_STEP_SUMMARY. SHA-pinned actions; least-privilegecontents: readpermissions.
- CRITICAL —
.opencode/plugins/ry-tool-hints.tsMCP tool ID format. Thetool.definitionhook receivesinput.toolIDassanitize(serverName) + "_" + sanitize(toolName)(single underscore; dashes preserved). The previous HINTS map used the Claude-Code-stylemcp__server__toolprefix, so none of the 14 advertised routing hints fired — they were silently dead code. Rewrite every key to the correct form (serena_find_symbol,chrome-devtools_list_console_messages,context7_resolve-library-id,sequential-thinking_sequentialthinking, …). Source:packages/opencode/src/mcp/index.tsinsst/opencodev1.14.48. - All 7 plugins emit advice via
client.app.log+client.tui.showToastinstead ofconsole.log.console.logreached only the server log file and was invisible to the user. Toasts now surface git-push reminders, destructive-rm warnings, force-push blocks, env-protection rationales, conventional-commit advice, post-commit/ry-syncnudges, and session-idle reminders. Notify calls are best-effort (try/catch silent fallback) so a client-side hiccup cannot block tool execution. opencode.jsonagent.titleandagent.summarypinned toclaude-haiku-4-5-20251001attemperature: 0.2. These two hidden built-in agents previously inherited the global Sonnet 4.6 budget; switching to Haiku saves ~80% on their per-session cost (title gen ~200 tokens, summary ~1k tokens) with no quality impact for short summarisation tasks.opencode.jsonagent.compactionpinned toclaude-sonnet-4-6attemperature: 0.2. Compaction is correctness-critical (the next turn sees the compressed context) — keep Sonnet quality, lock low temperature to suppress drift.opencode.jsoncompactionconfig tuned withtail_turns: 12,preserve_recent_tokens: 8000,reserved: 4000.tail_turnspreserves the most-recent plan→build→review cycle uncompressed;preserve_recent_tokensprotects the freshest technical context;reservedleaves headroom for the next response. Documented in OpenCode v2 SDK typesdist/v2/gen/types.gen.d.ts:925-933.- Reviewer subagents explicit
task: ask+external_directory: denyadded toflow-architecture-review,flow-consistency-review,flow-integration-review,flow-quality-review,flow-security-review,flow-verification-review.flow-memory-syncandry-exploreuse the strictertask: deny. Defense in depth for OpenCode v1.14.31 and v1.14.46 subagent permission-inheritance fixes — without explicit values the inheritance fix landed only when parents specified them. - 6 slash commands gain bilingual descriptions (
ry-deploy,ry-init,ry-newp,ry-review,ry-start,ry-sync) matching the Russian-leading + English-trailing convention used across all 32 skill descriptions. - 4 ADRs in
docs/decisions/gain a top-of-file supersession banner warning that the legacy example model IDs (claude-sonnet-4-20250514,claude-haiku-4-20250514,claude-opus-4-20250514) shown in code blocks produceConfigInvalidErroron OpenCode v1.14.30+. ADR bodies preserved verbatim (MADR 4.0.0 immutability). .claude/CLAUDE.mdstale counts refreshed:opencode.json181→194 lines, pytest 184→194 cases / 4→6 suites, VERSION marker 0.9.0→0.9.1.scripts/detect_project_checks.shTypeScript typecheck fallback swappednpx tsc --noEmit→bunx tsc --noEmit. AGENTS.md L213 bansnpx; the script now follows its own policy..github/workflows/validate.ymlworkflow-levelpermissions: { contents: read }. Closes the OSSF Scorecard Token-Permissions check; the validator only needs read access.AGENTS.mdPluginsblock expanded to 10 entries (was 8) and documents the new hook subscriptions,client.tui.showToast/client.app.logmigration, and the OpenCode v1.14.48 tool-ID format note inside thery-tool-hintsrow.AGENTS.mdValidation Commandsblock lists the four new entries (smoke_mcp_capabilities.py,validate_instruction_docs.py,collect_diagnostics.sh, observability doc link) and the updated pytest count.README.mdplugin count 8→10, catalog refreshed with.claude/CLAUDE.mdrow + observability doc + dependency-check workflow + 14 scripts, and a new "Project structure" tree block..gitignoreremoves a duplicate!.env.examplenegation line and addsdiagnostics/(output dir ofscripts/collect_diagnostics.sh).
- 194 pytest cases in 6 suites (unchanged numerically, but
test_opencode_resolve.pyhardened against pytest stdout-capture truncation:test_debug_config_resolves_cleanlynow uses a head-substring probe instead of fulljson.loads;test_debug_skill_count_matches_directoryanchors the regex to^\s*"name":\s*"[a-z][\w-]*"so prose hits inside descriptions cannot inflate the count; plugin-info test references theEXPECTED_PLUGINStuple instead of hard-coding "eight"). test_plugin_surface.pyextended: HINTS regex now matches the OpenCode v1.14.48server_toolformat;LEGACY_BANNEDnow rejects the entiremcp__substring in the live HINTS map (legacy format remains allowed in module-header comments).
This release rejects several Codex / Claude-Code idioms that do not belong in an OpenCode marketplace:
.codex-plugin/plugin.jsonmanifests,hooks.jsonshell-script registries,${CLAUDE_PLUGIN_ROOT}env indirection,system/AGENTS.mdinstall templates, andmcp__server__toolClaude-Code-style tool IDs are all rejected at the validator or plugin level.- The plugin-bundled directory layout
plugins/rldyour-*/used byrldyour-codexandrldyour-claudecodeis intentionally NOT replicated — OpenCode discovers agents, skills, commands, and plugins from flat.opencode/{agents,skills,commands,plugins}/paths.
Hardening pass closing every defer item flagged by the 0.9.0 reviewer round, plus the previously-external decision to ship a real Claude Code project memory file.
.claude/CLAUDE.md— Claude Code project memory written as a self-contained guide (not a thin pointer to AGENTS.md perproject-instructions-policyanti-pattern). Tells a Claude-Code-resident developer that this repo is an OpenCode marketplace, where canonical knowledge lives, what NOT to do (treat OpenCode skills/agents/commands as Claude Code primitives), which validation gates apply, and how to reach AGENTS.md, references, decisions.scripts/tests/test_plugin_surface.py(6 cases) — defensive checks that catch regressions: plugin set on disk equals AGENTS.md count;ry-toolsregisters exactly the 5 advertised tool IDs;ry-tool-hintsHINTS keys reference realopencode.json.mcpserver keys; legacymcp__context7__get-library-docsalias cannot be re-introduced; deadproject as { path? }cast cannot reappear in any plugin.scripts/tests/test_opencode_resolve.py(4 cases, skipped whenopencodeCLI absent) — end-to-end integration:opencode debug configresolves cleanly;opencode debug infolists all 8 plugins; resolved skill count equals directory count; every.opencode/agents/*.mdresolves underopencode debug agent. Catches schema-validation regressions that pass static checks but fail live OpenCode.- Inline concurrency + sanitize-order notes in
ry-command-audit.tsdocumenting the deliberate non-atomic read-modify-write (single Bun event loop serialises within process) and the deliberate sanitize-before-slice order (guarantees no credential reaches the log regardless of position).
.github/workflows/validate.yml—actions/checkout@v4andactions/setup-python@v5pinned to commit SHA (34e114876b0b11c390a56381ad16ebd13914f8d5anda26af69be951a213d495a4c3e4e4022e16d87065respectively). Defends CI against tag-hijack on the action repositories. Verified viagh api repos/actions/<name>/git/refs/tags/<tag>.
- Total pytest cases: 194 (was 184). Breakdown: 27 validate_helpers + 12 extract_pins + 129 skill_routing + 16 command_audit_sanitizer + 6 plugin_surface + 4 opencode_resolve.
OpenCode plugin-surface expansion. Adopt three previously-unused hook types so the marketplace exercises the full v1.14.48 plugin API instead of just session/tool/shell observation.
.opencode/plugins/ry-tools.ts— 5 custom tools registered via thetoolplugin hook so the LLM can drive diagnostic scripts directly:rldyour_validate_config— runsbash scripts/validate_config.sh.rldyour_check_deps— runsbash scripts/check_deps_freshness.sh --json.rldyour_lsp_health— runsbash scripts/check_lsps.sh.rldyour_git_audit— runsbash scripts/git_sync_audit.sh.rldyour_fullrepo_status— runsbash scripts/fullrepo_sync.sh status-json. Each tool stampsctx.metadata({ title, metadata: { exitCode } })so the TUI shows pass/fail at a glance.
.opencode/plugins/ry-command-audit.ts—command.execute.beforeplugin appends one credential-sanitized line per slash command invocation to.serena/.command_audit.log(runtime marker; never committed; 256 KiB rolling cap with reset)..opencode/plugins/ry-tool-hints.ts—tool.definitionplugin appends a one-sentence routing hint to known MCP tool descriptions (Serenafind_symbol, Chrome DevTools console, Context7 docs, Semgrep scan, Sequential Thinking, etc.). Encodes the AGENTS.md tool-priority matrix inline to the LLM.scripts/tests/test_skill_routing.py— 129 parametrized pytest cases (32 skills × 4 routing checks + 1 uniqueness): description length 80-1024, presence of Russian routing phrase (Используй для/Use for), presence of English routing block (EN triggers:or English-leading head), skill name kebab-case. Borrowed from codex marketplace's deterministic-routing-policy pattern, adapted to OpenCode's description-based auto-routing.references/opencode-plugin-patterns.md— full reference for the@opencode-ai/pluginv1.14.48 hook surface (server-side + TUI), patterns adopted in this repo, explicit list of unused-but-known hooks, and CLI extension points the marketplace can drive (opencode run / debug / serve / web / acp / github / pr / stats / export / import).
- Skill descriptions for
flow-post-task-sync,instruction-docs-sync,ry-deploy,ry-init,ry-newp,ry-review,ry-startextended with explicitИспользуй для:(RU triggers) andEN triggers:(EN keyword block) so OpenCode auto-routing matches both languages reliably. Verified by the newtest_skill_routing.pysuite. - AGENTS.md Plugins section now documents all 8 plugins with exact hook subscriptions and links to
references/opencode-plugin-patterns.md. - README catalog tables updated: 8 plugins (was 5), 16 reference docs (was 15), 3 pytest suites with 168 cases (was 1 with 27).
Post-0.8.0 hardening based on parallel reviewer findings (architecture / quality / consistency / integration / verification / security tracks).
scripts/tests/test_validate_helpers.py(27 cases) andscripts/tests/test_extract_pins.py(12 cases) — full pytest coverage of the validator and pin extractor. Run viapython3 -m pytest scripts/tests/oruvx --from "pytest==9.0.2" pytest scripts/tests/.scripts/tests/__init__.pyandscripts/tests/conftest.py— package marker and pytest session config (addsscripts/tosys.path). Removes the previous inlinesys.path.inserthack from the test module body.scripts/check_deps_freshness.sh+scripts/_extract_pins.py— list every pinned MCP dependency inopencode.json(npm via bunx, PyPI via uvx, Dart SDK).--jsonmode emits a documented JSON envelope ({pins: [{kind,server,name,version}], count}).DuplicateYamlKeyexception in_validate_helpers.py— rejects skill/agent/command frontmatter that contains the same top-level key twice (regex YAML parser previously kept the first match silently)..github/workflows/validate.yml— Python 3.13 setup + pinnedpytest==9.0.2install + pytest run. CI and local validation now exercise the same surface.docs/decisions/*.md— architecture decision archive (4 files moved from formerthinking/directory in commit159fd99).- AGENTS.md Source Of Truth gains a
docs/decisions/*.mdentry; Validation Commands gains pytest, check_deps_freshness, andopencode debug *rows. - README Validation block lists pytest + check_deps_freshness; Catalog has new rows for
docs/decisions/andscripts/tests/.
_validate_helpers.py:_yaml_top_keynow (a) supports YAML block scalars (description: |), (b) readsutf-8-sigso files with UTF-8 BOM parse correctly, (c) anchors trailing whitespace as[^\S\n]*so an empty inline scalar no longer captures the next line's text._validate_helpers.py: SSoT command-block gate added — rejects anopencode.jsonthat defines acommandblock (commands must live in.opencode/commands/*.md).scripts/validate_config.sh: rewritten without inline zsh-heredoc Python; delegates to_validate_helpers.py. Addslog_warn/log_infohelpers consistent with other scripts.scripts/fullrepo_sync.sh:AGENT_ONLY_PATTERNSupdatedthinking/→docs/(matches actual layout after the159fd99rename). Secret detector warning now usescut -d: -f1(wascut -d: -1, a no-op flag that suppressed the file path in the warning).scripts/check_deps_freshness.sh:--jsonpath writes directly to stdout (nomktemptemp file, no trap risk).scripts/_extract_pins.py:UV_FROM_REaccepts PyPI names containing.(e.g.zope.interface); module docstring documents the full JSON envelope contract.- AGENTS.md Plugins section rewritten against
.opencode/node_modules/@opencode-ai/plugin/dist/index.d.tsv1.14.48: removed non-existentpermission.asked/permission.replied/tui.*server hooks; addedconfig,chat.message,chat.params,chat.headers,command.execute.before,tool.definition,auth,provider, fourexperimental.*. .opencode/plugins/ry-bootstrap.ts: MCP list pushed into compaction context is read dynamically fromopencode.jsonviaBun.file()instead of being hardcoded. Catch path logs a warning before falling back to neutral hint..opencode/plugins/ry-sync-reminder.ts: removed duplicatetool.execute.afterhandler — Conventional Commits advice owned exclusively byry-flow-hooks.ts..opencode/agents/customize-opencode.md: body forbids addingcommandblock toopencode.json; color schema constraint documented; new-agent flow usesopencode debug agent <name>..github/workflows/validate.yml: CI delegates tobash scripts/validate_config.shinstead of inline Python/bash checks (eliminates CI-vs-local schema drift).- README placeholder env vars renamed
your-key→YOUR_PLACEHOLDER_KEYso thefullrepo_sync.sh publishsecret detector whitelist correctly ignores them.
.claude/CLAUDE.md: Claude Code project-memory thin pointer (anti-pattern called out byproject-instructions-policyskill; AGENTS.md cross-tool standard covers Claude Code without a separate memory file).
- Model IDs in
opencode.jsonand.opencode/agents/*.mdmigrated to OpenCode v1.14.48 registry-valid IDs (claude-sonnet-4-6,claude-haiku-4-5-20251001,claude-opus-4-7). Previous IDs causedconfig.providers/provider.list/app.agents/config.getConfigInvalidError. - Agent
colorfrontmatter migrated from named CSS colors to hex / enum per schema. Prior values (blue,yellow,purple, …) were rejected by OpenCode v1.14. _validate_helpers.pycorrectly handlesdescription: |block scalars and UTF-8 BOM; empty inlinedescription:no longer silently slurps the next line.
Validated against OpenCode v1.14.48 (opencode debug config resolves cleanly).
docs/: marketplace operator guides —release-process.md,dependency-updates.md,rollback-restore.md.scripts/_validate_helpers.py: Python module backing the rewrittenscripts/validate_config.sh. Validatesopencode.jsonshape, skill name/description, agent frontmatter (description + mode + color enum or hex), command frontmatter, VERSION semver. Supports YAML block scalars (description: |) and UTF-8 BOM. Single source of truth gate: rejectscommandblock inopencode.json(commands must live in.opencode/commands/*.md).- AGENTS.md skill spec: explicit allowed optional frontmatter (
license,compatibility,metadata) and explicit forbidden Claude-Code/Codex residue fields. - AGENTS.md plugin event list expanded to match OpenCode v1.14 actual surface.
- AGENTS.md agent spec: explicit
colorschema constraint (hex^#[0-9a-fA-F]{6}$or enumprimary|secondary|accent|success|warning|error|info). - README catalog tables for Models, MCP servers, reviewer subagents (with schema-valid colors), validation commands.
.opencode/plugins/ry-bootstrap.ts: MCP list pushed into compaction context is now read dynamically fromopencode.jsonviaBun.file()instead of being hardcoded. Catch path now logs a warning before falling back..opencode/plugins/ry-sync-reminder.ts: removed duplicatetool.execute.afterhandler — Conventional Commits advice is owned exclusively byry-flow-hooks.ts..opencode/agents/customize-opencode.md: body forbids addingcommandblock toopencode.json(single source of truth); color schema constraint documented; new-agent flow usesopencode debug agent <name>for verification..github/workflows/validate.yml: CI now delegates tobash scripts/validate_config.shinstead of inline Python/bash checks, keeping CI and local validators identical.scripts/validate_config.sh: rewritten without zsh-heredoc Python (delegates to_validate_helpers.py). Addedlog_warn/log_infohelpers consistent with other scripts.docs/dependency-updates.md: removed dangling "track via TODO in CHANGELOG" cross-reference.
.claude/CLAUDE.md: Claude Code project-memory pointer file. This is an OpenCode-native marketplace and the AGENTS.md cross-tool standard (https://agents.md/) already covers any Claude Code use case. The previous thin-pointer file matched the anti-pattern called out inproject-instructions-policyskill.
- Model IDs in
opencode.jsonand all.opencode/agents/*.mduse OpenCode v1.14.48 registry-valid identifiers (claude-sonnet-4-6,claude-haiku-4-5-20251001,claude-opus-4-7). Prior IDs (claude-sonnet-4-20250514,claude-haiku-4-20250514,claude-opus-4-20250514) causedconfig.providers/provider.list/app.agents/config.getConfigInvalidError. - Agent
colorfrontmatter migrated from named CSS colors to hex / enum per schema. Prior values (blue,yellow,purple,orange,green,red,pink,cyan) were rejected by OpenCode v1.14 (only hex^#[0-9a-fA-F]{6}$or enumprimary|secondary|accent|success|warning|error|infoaccepted). _validate_helpers.pyhandlesdescription: |block scalars correctly; previously returned the literal|and skipped the length check._validate_helpers.pyusesutf-8-sigencoding so files with UTF-8 BOM do not produce spuriousmissing frontmatter delimitererrors.
- 4 missing commands: ry-design, ry-explore, ry-sec-review, ry-rules-review (matching reference implementations).
- LSP utility scripts: check_lsps.sh (health check for 17+ language servers) and install_lsps.sh (brew-first installation).
- Flow utility scripts: flow_post_task_state.sh (JSON state computation), git_sync_audit.sh, deploy_readiness.sh, detect_project_checks.sh.
- New plugin: ry-flow-hooks.ts (post-tool commit advice and auto-sync nudge).
- AGENTS.md updated with validation commands section listing all 9 scripts.
- Commands now use OpenCode-specific features:
subtask: truefor ry-explore, correct MCP tool names (mcp__figma__*notmcp__plugin_rldyour-mcps_figma__*). - All 10 commands now present (6 original + 4 new), matching reference implementation coverage.
- Fullrepo sync script (
scripts/fullrepo_sync.sh): bootstrap-init, restore, publish, status, status-json — full agent-only file branch management. .env.exampledocumenting required environment variables (CONTEXT7_API_KEY, GITHUB_PERSONAL_ACCESS_TOKEN).- Domain boundaries section in AGENTS.md mapping each skill/agent/command to its owning domain.
- Don'ts section in AGENTS.md with 10 explicit prohibitions.
- Validation commands section in AGENTS.md documenting all scripts.
.git/info/excludepattern management documented in Git and Sync section.- Updated MCP servers table: dart-flutter now enabled, figma URL corrected to
/mcp.
- Single source of truth for agents and commands: removed all subagent and command definitions from
opencode.json— they live exclusively in.opencode/agents/*.mdand.opencode/commands/*.md. - MCP timeouts reduced: 30s for local servers, 15s for remote (was 90s/60s).
- AGENTS.md major rewrite: added domain boundaries, don'ts, validation commands, fullrepo sync docs, plugin event reference.
- Plugins enhanced: ry-bootstrap.ts now includes MCP server list and reviewer subagent list in compaction context; ry-env-protection.ts has improved pattern matching with .env.example whitelist; ry-shell-strategy.ts adds --force-with-lease guard and destructive rm warning; ry-sync-reminder.ts adds conventional commit format advice on commit events.
- Breaking: single source of truth for agents and commands.
- Removed 8 subagent definitions from
opencode.json— they live only in.opencode/agents/*.md. - Removed 6 command definitions from
opencode.json— they live only in.opencode/commands/*.md. opencode.jsonnow only containsbuildandplanprimary agent overrides (permissions).
- Removed 8 subagent definitions from
- Reduced MCP timeout values: 30s for local servers, 15s for remote (was 90s/60s).
- Updated AGENTS.md to document single-source-of-truth convention explicitly.
- LSP configuration changed from
"lsp": trueto"lsp": {}(object = built-ins enabled + custom overrides). - Added 8 custom LSP servers to cover all languages from reference implementations:
ruff(Python linter companion to pyright)vscode-html(HTML)vscode-css(CSS/SCSS/SASS/Less)vscode-json(JSON/JSONC)docker(Dockerfile)taplo(TOML)marksman(Markdown)qmlls(Qt QML, optional)
- Total LSP coverage: 35+ built-in + 8 custom = 43+ language servers.
- AGENTS.md LSP section expanded with runtime rules and custom server table.
- MCP configuration: complete rewrite from scratch based on both reference implementations.
- Replaced
npx -ywithbunxfor all npm-based MCP servers (serena, sequential-thinking, playwright, chrome-devtools, context7, shadcn). - Fixed serena: changed from
@anthropic/serena-mcptoserena-agent==1.3.0viauvxwith correct flags. - Fixed sequential-thinking: version
0.7.0→2025.12.18, addedDISABLE_THOUGHT_LOGGINGenv var. - Fixed playwright: added
--headlessand--caps=network,storage,testing,devtoolsflags. - Fixed figma URL:
/→/mcp. - Added
timeoutvalues: 90000ms for local servers, 60000ms for remote servers. - Added 5 missing MCP servers: chrome-devtools, semgrep, shadcn, dart-flutter, openai-docs.
- Total MCP servers: 13 (8 local, 5 remote; dart-flutter disabled by default).
- OpenCode plugin system with 4 event-driven plugins replacing advisory lifecycle hooks.
ry-bootstrap.ts: session.created context injection and compaction context preservation.ry-env-protection.ts: tool.execute.before read/bash blocking for sensitive file paths.ry-shell-strategy.ts: shell.env non-interactive git env injection and pre-push advisory.ry-sync-reminder.ts: session.idle reminder to run /ry-sync before ending session..opencode/package.jsonfor plugin TypeScript dependencies.opencode.jsonplugin section (empty array for future npm plugins).- AGENTS.md updated with Plugins section documenting events, structure, and rldyour plugins.
- Initial rldyour-opencode marketplace with full OpenCode configuration.
opencode.jsonmaster config with providers, MCP servers, LSP, agents, permissions, commands.- 9 subagent definitions for review, memory sync, and deep research workflows.
- 32 skill definitions covering flow, Serena, rules, explore, browser, design, security, and LSP domains.
- 6 slash commands for SDLC workflow (ry-init, ry-start, ry-review, ry-newp, ry-deploy, ry-sync).
- 16 reference documents for skills and agents.
- Bootstrap, validation, and diagnostics scripts.
- AGENTS.md cross-tool root instructions adapted for OpenCode format.
- Serena project configuration and initial memory structure.
- 7 MCP servers configured (serena, sequential-thinking, playwright, context7, deepwiki, grep, github, figma).
- Built-in LSP support enabled for 30+ languages.
- Reviewer subagents with per-agent permissions (read-only, bash allowlisted for git commands).