refactor(config): restructure opencode config and clean up obsolete files#2
refactor(config): restructure opencode config and clean up obsolete files#2Jonathan0823 wants to merge 11 commits into
Conversation
📝 WalkthroughWalkthroughThis PR standardizes subagent routing and permissions, migrates workflow command specs into a new ChangesCore Agent and Command System Reorganization
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (2)
commands/context.md (1)
3-3: ⚡ Quick winUse the read-focused agent profile for this command.
This command only discovers and reads context; assigning it to the non-editing profile reduces accidental write capability.
Suggested fix
-agent: build +agent: plan🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@commands/context.md` at line 3, The file currently sets the agent profile to a write-oriented profile ("agent: build"); change that setting to the read-focused agent profile by replacing the "agent: build" entry with the read-only/read-focused profile token (e.g., "agent: read" or the project's canonical read profile name) so the command discovers and reads context without granting editing capabilities—locate the "agent: build" line in commands/context.md and update it accordingly.commands/optimize.md (1)
15-19: ⚡ Quick winConsider adding an explicit approval step.
The workflow suggests fixes (step 4) but doesn't explicitly require user approval before applying them. Given the
buildagent designation and the learnings about approval-first workflows, consider adding a step that presents findings and proposed fixes for approval before execution.Based on learnings, approval should be required before destructive operations and architecture changes.
📋 Suggested workflow enhancement
1. Determine the scope from the user input or current diff. 2. Check for performance bottlenecks, security issues, and edge cases. 3. Prioritize issues by impact. 4. Suggest the smallest effective fix for each major issue. -5. Keep the report specific and actionable. +5. Present findings and ask for approval before applying fixes. +6. Keep the report specific and actionable.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@commands/optimize.md` around lines 15 - 19, Add an explicit approval step after the proposed-fix step: update the workflow steps (around step "Suggest the smallest effective fix for each major issue") to insert a new step that presents findings and proposed fixes to the user and requires explicit approval before applying any changes; ensure this approval is mandatory for destructive operations and architecture changes, records who approved it (audit/log), and requires a clear affirmative action (e.g., "approve" confirmation) before proceeding.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@agent/subagents/core/contextscout.md`:
- Around line 18-19: The ContextScout policy has a conflicting permission where
the top-level permission "task" is set to allow while the explicit rules for
ContextScout forbid task usage; update the policy so it is consistent—either
remove the global "task: \"*\": \"allow\"" entry or change it to "deny"/remove
task from the ContextScout scope, or alternatively modify ContextScout's
specific rules to explicitly allow the intended task actions; make the change in
the ContextScout policy block (look for the "ContextScout" section and the
"task" entry) and apply the same consistent fix to the other occurrences
referenced (lines ~42-43 and ~116-117).
In `@AGENTS.md`:
- Around line 42-45: The fenced example blocks containing lines like `User:
"What's the best way to implement authentication in Go?" → Use `@ExternalScout`
for library docs, or `@ContextScout` for project conventions` currently lack a
language identifier and trip MD040; update each of these triple-backtick fences
to use ```text (i.e., add the `text` language after the opening ```), and apply
the same change to the other example blocks in this section (the blocks showing
the User/→ Use `@ExternalScout/`@ContextScout examples) so all such fenced
examples include the `text` language tag.
In `@commands/commit.md`:
- Around line 35-44: The markdown fenced code block that begins with ``` and
contains "Branch: <branch>" / "Files: <file list>" / "Risk: <low | medium |
high>" should specify a language to satisfy MD040; change the opening fence from
``` to ```text so the block starts with ```text and leave the rest of the block
contents unchanged, then close with the existing ``` fence.
In `@opencode.json`:
- Around line 101-105: The plan agent policy currently allows mutating VCS
commands ("git add*", "git commit*", "git push*", "gh pr*"), which breaks
plan-only safety; update the policy so those keys are not allowed in plan mode
by changing their values from "allow" to "deny" (or removing them) while keeping
non-mutating commands like "ls" allowed; reference the policy keys "git add*",
"git commit*", "git push*", and "gh pr*" when making the change so the plan
agent cannot perform commits, pushes, or PR creation.
---
Nitpick comments:
In `@commands/context.md`:
- Line 3: The file currently sets the agent profile to a write-oriented profile
("agent: build"); change that setting to the read-focused agent profile by
replacing the "agent: build" entry with the read-only/read-focused profile token
(e.g., "agent: read" or the project's canonical read profile name) so the
command discovers and reads context without granting editing capabilities—locate
the "agent: build" line in commands/context.md and update it accordingly.
In `@commands/optimize.md`:
- Around line 15-19: Add an explicit approval step after the proposed-fix step:
update the workflow steps (around step "Suggest the smallest effective fix for
each major issue") to insert a new step that presents findings and proposed
fixes to the user and requires explicit approval before applying any changes;
ensure this approval is mandatory for destructive operations and architecture
changes, records who approved it (audit/log), and requires a clear affirmative
action (e.g., "approve" confirmation) before proceeding.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 5addb68f-4a48-4fc6-9d51-f058cfbff6d4
📒 Files selected for processing (30)
AGENTS.mdREADME.mdagent/core/openagent.mdagent/core/opencoder.mdagent/subagents/core/contextscout.mdcommand/add-context.mdcommand/analyze-patterns.mdcommand/clean.mdcommand/commit.mdcommand/context.mdcommand/openagents/check-context-deps.mdcommand/optimize.mdcommand/test.mdcommand/validate-repo.mdcommands/add-context.mdcommands/analyze-patterns.mdcommands/clean.mdcommands/commit.mdcommands/context.mdcommands/fix.mdcommands/git-commit.mdcommands/optimize.mdcommands/pr.mdcommands/review.mdcommands/spec.mdcommands/test.mdconfig/agent-metadata.jsoncontext/core/navigation.mdcontext/navigation.mdopencode.json
💤 Files with no reviewable changes (14)
- command/clean.md
- command/context.md
- command/validate-repo.md
- config/agent-metadata.json
- command/openagents/check-context-deps.md
- command/optimize.md
- agent/core/opencoder.md
- context/core/navigation.md
- command/commit.md
- agent/core/openagent.md
- commands/git-commit.md
- command/analyze-patterns.md
- command/test.md
- command/add-context.md
| task: | ||
| "*": "deny" | ||
|
|
||
| "*": "allow" |
There was a problem hiding this comment.
ContextScout permissions conflict with its read-only rules.
task is enabled, but the rules explicitly forbid task usage. This makes behavior ambiguous and over-permissive.
Suggested fix
task:
- "*": "allow"
+ "*": "deny"Also applies to: 42-43, 116-117
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@agent/subagents/core/contextscout.md` around lines 18 - 19, The ContextScout
policy has a conflicting permission where the top-level permission "task" is set
to allow while the explicit rules for ContextScout forbid task usage; update the
policy so it is consistent—either remove the global "task: \"*\": \"allow\""
entry or change it to "deny"/remove task from the ContextScout scope, or
alternatively modify ContextScout's specific rules to explicitly allow the
intended task actions; make the change in the ContextScout policy block (look
for the "ContextScout" section and the "task" entry) and apply the same
consistent fix to the other occurrences referenced (lines ~42-43 and ~116-117).
| ``` | ||
| User: "What's the best way to implement authentication in Go?" | ||
| → Use @researcher | ||
| → Use @ExternalScout for library docs, or @ContextScout for project conventions | ||
| ``` |
There was a problem hiding this comment.
Add language identifiers to fenced example blocks.
These fences currently trigger MD040 and can break markdown lint gates.
Suggested fix
-```
+```text
User: "What's the best way to implement authentication in Go?"
→ Use `@ExternalScout` for library docs, or `@ContextScout` for project conventions
Apply the same `text` fence language to the other example blocks in this section.
</details>
Also applies to: 48-51, 54-57, 60-63, 66-69
<details>
<summary>🧰 Tools</summary>
<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>
[warning] 42-42: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
</details>
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @AGENTS.md around lines 42 - 45, The fenced example blocks containing lines
like User: "What's the best way to implement authentication in Go?" → Use @ExternalScoutfor library docs, or@ContextScout for project conventions
currently lack a language identifier and trip MD040; update each of these
triple-backtick fences to use text (i.e., add the `text` language after the opening ), and apply the same change to the other example blocks in this
section (the blocks showing the User/→ Use @ExternalScout/@ContextScout
examples) so all such fenced examples include the text language tag.
</details>
<!-- fingerprinting:phantom:poseidon:hawk -->
<!-- This is an auto-generated comment by CodeRabbit -->
| ``` | ||
| Branch: <branch> | ||
| Files: <file list> | ||
| Risk: <low | medium | high> | ||
|
|
||
| Proposed commit: | ||
| type(scope): description | ||
|
|
||
| <one-line summary of what this commit does and why> | ||
| ``` |
There was a problem hiding this comment.
Specify a language for the commit-draft fenced block.
This block triggers MD040; adding a language keeps markdown lint clean.
Suggested fix
- ```
+ ```text
Branch: <branch>
Files: <file list>
Risk: <low | medium | high>
@@
- ```
+ ```📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| ``` | |
| Branch: <branch> | |
| Files: <file list> | |
| Risk: <low | medium | high> | |
| Proposed commit: | |
| type(scope): description | |
| <one-line summary of what this commit does and why> | |
| ``` |
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 35-35: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@commands/commit.md` around lines 35 - 44, The markdown fenced code block that
begins with ``` and contains "Branch: <branch>" / "Files: <file list>" / "Risk:
<low | medium | high>" should specify a language to satisfy MD040; change the
opening fence from ``` to ```text so the block starts with ```text and leave the
rest of the block contents unchanged, then close with the existing ``` fence.
| "git add*": "allow", | ||
| "git commit*": "allow", | ||
| "git push*": "allow", | ||
| "gh pr*": "allow", | ||
| "ls": "allow", |
There was a problem hiding this comment.
plan agent allows mutating git/PR commands, which breaks plan-only safety.
Allowing commit/push/PR execution in plan mode weakens the guardrail contract and can bypass intended approval flow.
Suggested fix
- "git add*": "allow",
- "git commit*": "allow",
- "git push*": "allow",
- "gh pr*": "allow",
+ "git add*": "deny",
+ "git commit*": "deny",
+ "git push*": "deny",
+ "gh pr*": "deny",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "git add*": "allow", | |
| "git commit*": "allow", | |
| "git push*": "allow", | |
| "gh pr*": "allow", | |
| "ls": "allow", | |
| "git add*": "deny", | |
| "git commit*": "deny", | |
| "git push*": "deny", | |
| "gh pr*": "deny", | |
| "ls": "allow", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@opencode.json` around lines 101 - 105, The plan agent policy currently allows
mutating VCS commands ("git add*", "git commit*", "git push*", "gh pr*"), which
breaks plan-only safety; update the policy so those keys are not allowed in plan
mode by changing their values from "allow" to "deny" (or removing them) while
keeping non-mutating commands like "ls" allowed; reference the policy keys "git
add*", "git commit*", "git push*", and "gh pr*" when making the change so the
plan agent cannot perform commits, pushes, or PR creation.
…and execution guidance
There was a problem hiding this comment.
Actionable comments posted: 6
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
agent/subagents/core/task-manager.md (1)
400-417:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winFix malformed JSON fence delimiters in examples.
These blocks use
`json/`instead of proper triple-backtick fences, which can break rendering and markdown lint.Suggested fix pattern
-`json +```json ... -` +```Also applies to: 503-563, 565-612
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@agent/subagents/core/task-manager.md` around lines 400 - 417, Replace the malformed code fence that begins with "`json" and ends with a single backtick in the "context_files" JSON example (the block containing the "context_files" object) with proper triple-backtick JSON fences (```json ... ```); locate the example by searching for the "context_files" key and the incorrect backtick delimiters in agent/subagents/core/task-manager.md and apply the same fix to the other occurrences referenced (lines ~503-563 and ~565-612) so each example uses ```json at the start and ``` at the end.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@agent/subagents/code/coder-agent.md`:
- Around line 262-266: There are two identical top-level headings "# OpenCode
Agent Configuration" causing MD024; remove the duplicate heading so only a
single "# OpenCode Agent Configuration" remains and consolidate any content
currently under both into that one section (search for the exact heading string
"# OpenCode Agent Configuration" and delete the extra occurrence, keeping the
metadata comments under the remaining heading).
- Around line 8-10: The permission entry permission.bash["*"] = "ask" is too
broad; replace the wildcard with an explicit allowlist of only the exact
commands this subagent needs (e.g., the existing "bash
.opencode/skills/task-management/router.sh complete*" and "bash
.opencode/skills/task-management/router.sh status*" entries) and remove or
change permission.bash["*"] to avoid global shell access; ensure each allowed
key uses the minimal glob required and set other bash entries to "deny" or omit
them to enforce least privilege.
- Around line 92-97: Remove the stale references to
".opencode/config/agent-metadata.json" in the coder-agent.md text (the two
blocks that currently point to that path); either delete those lines or replace
them with the current metadata guidance (e.g., a short note that agent metadata
config was removed and where to find/maintain metadata now), ensuring no
leftover mention of the deleted config file remains.
In `@agent/subagents/core/task-manager.md`:
- Around line 8-10: Update the TaskManager bash permission allowlist by changing
permission.bash["*"] from "ask" to "deny" and keep explicit allow entries for
the needed commands (e.g., the existing "npx ts-node*task-cli*" and "mkdir -p
.tmp/tasks*"); ensure the permission object (permission.bash) only lists those
explicit "allow" entries and defaults to "deny" so TaskManager follows
least-privilege behavior.
In `@context/core/task-management/guides/managing-tasks.md`:
- Around line 21-28: Two fenced code blocks in the "managing-tasks.md" guide
(the numbered task flow block and the directory tree block) are missing language
identifiers and trigger MD040; update both opening fences to include a language
tag (e.g., ```text) so the blocks become ```text ... ``` and ensure any other
similar fenced blocks in the same file (the directory tree example) are updated
likewise.
In `@context/core/workflows/external-context-integration.md`:
- Around line 254-270: The subagent_type value is using the wrong registered
string (subagent_type="TaskManager") which will cause unknown-agent failures;
locate the block that sets subagent_type="TaskManager" (the prompt/metadata
assignment for the task bundle) and change it to the exact registered string
"Task Manager" (or the canonical value defined in the invocation guide) so
delegation succeeds; also scan for any other occurrences of the incorrect
"TaskManager" token in the same metadata and replace them with "Task Manager".
---
Outside diff comments:
In `@agent/subagents/core/task-manager.md`:
- Around line 400-417: Replace the malformed code fence that begins with "`json"
and ends with a single backtick in the "context_files" JSON example (the block
containing the "context_files" object) with proper triple-backtick JSON fences
(```json ... ```); locate the example by searching for the "context_files" key
and the incorrect backtick delimiters in agent/subagents/core/task-manager.md
and apply the same fix to the other occurrences referenced (lines ~503-563 and
~565-612) so each example uses ```json at the start and ``` at the end.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 9e80e80c-76cd-47d5-b88f-985e9fc60e62
📒 Files selected for processing (13)
AGENTS.mdREADME.mdagent/subagents/code/coder-agent.mdagent/subagents/core/task-manager.mdcommands/commit.mdcommands/pr.mdcommands/spec.mdcontext/core/task-management/guides/managing-tasks.mdcontext/core/task-management/guides/splitting-tasks.mdcontext/core/task-management/navigation.mdcontext/core/workflows/external-context-integration.mdcontext/openagents-repo/guides/subagent-invocation.mdskills/task-management/SKILL.md
✅ Files skipped from review due to trivial changes (3)
- context/core/task-management/navigation.md
- skills/task-management/SKILL.md
- README.md
| "*": "ask" | ||
| "bash .opencode/skills/task-management/router.sh complete*": "allow" | ||
| "bash .opencode/skills/task-management/router.sh status*": "allow" |
There was a problem hiding this comment.
Avoid broad wildcard bash permissions for this subagent.
Changing permission.bash["*"] to "ask" materially expands command surface. Prefer explicit allowlist-only commands for least-privilege hardening.
Based on learnings: Apply principle of least privilege for permissions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@agent/subagents/code/coder-agent.md` around lines 8 - 10, The permission
entry permission.bash["*"] = "ask" is too broad; replace the wildcard with an
explicit allowlist of only the exact commands this subagent needs (e.g., the
existing "bash .opencode/skills/task-management/router.sh complete*" and "bash
.opencode/skills/task-management/router.sh status*" entries) and remove or
change permission.bash["*"] to avoid global shell access; ensure each allowed
key uses the minimal glob required and set other bash entries to "deny" or omit
them to enforce least privilege.
| # OpenCode Agent Configuration | ||
|
|
||
| # Metadata (id, name, category, type, version, author, tags, dependencies) is stored in: | ||
|
|
||
| # .opencode/config/agent-metadata.json | ||
|
|
There was a problem hiding this comment.
Remove stale metadata path references to a deleted config file.
Both blocks point to .opencode/config/agent-metadata.json, but this PR removes agent metadata config as obsolete. Keeping these references leaves broken operator instructions.
Also applies to: 262-266
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@agent/subagents/code/coder-agent.md` around lines 92 - 97, Remove the stale
references to ".opencode/config/agent-metadata.json" in the coder-agent.md text
(the two blocks that currently point to that path); either delete those lines or
replace them with the current metadata guidance (e.g., a short note that agent
metadata config was removed and where to find/maintain metadata now), ensuring
no leftover mention of the deleted config file remains.
| # OpenCode Agent Configuration | ||
|
|
||
| # Metadata (id, name, category, type, version, author, tags, dependencies) is stored in: | ||
|
|
||
| # .opencode/config/agent-metadata.json |
There was a problem hiding this comment.
Consolidate duplicated heading block.
# OpenCode Agent Configuration appears twice, which triggers MD024 and adds noise. Keep a single section.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 262-262: Multiple headings with the same content
(MD024, no-duplicate-heading)
[warning] 264-264: Multiple headings with the same content
(MD024, no-duplicate-heading)
[warning] 266-266: Multiple headings with the same content
(MD024, no-duplicate-heading)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@agent/subagents/code/coder-agent.md` around lines 262 - 266, There are two
identical top-level headings "# OpenCode Agent Configuration" causing MD024;
remove the duplicate heading so only a single "# OpenCode Agent Configuration"
remains and consolidate any content currently under both into that one section
(search for the exact heading string "# OpenCode Agent Configuration" and delete
the extra occurrence, keeping the metadata comments under the remaining
heading).
| "*": "ask" | ||
| "npx ts-node*task-cli*": "allow" | ||
| "mkdir -p .tmp/tasks*": "allow" |
There was a problem hiding this comment.
Keep TaskManager bash permissions allowlist-only.
permission.bash["*"] = "ask" broadens capability beyond required task-cli/mkdir/mv operations. Restrict wildcard to deny and keep explicit allows.
Based on learnings: Apply principle of least privilege for permissions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@agent/subagents/core/task-manager.md` around lines 8 - 10, Update the
TaskManager bash permission allowlist by changing permission.bash["*"] from
"ask" to "deny" and keep explicit allow entries for the needed commands (e.g.,
the existing "npx ts-node*task-cli*" and "mkdir -p .tmp/tasks*"); ensure the
permission object (permission.bash) only lists those explicit "allow" entries
and defaults to "deny" so TaskManager follows least-privilege behavior.
| ``` | ||
| 1. Initiation → TaskManager creates task.json + subtasks | ||
| 2. Selection → Find eligible tasks (deps satisfied) | ||
| 3. Execution → Working agent implements task | ||
| 4. Verification → TaskManager validates completion | ||
| 5. Archiving → Move to completed/ when done | ||
| 0. Spec Generation → /spec loads TaskManager and creates spec.md + task bundle | ||
| 1. Initiation → TaskManager creates task.json + subtasks | ||
| 2. Selection → Find eligible tasks (deps satisfied) | ||
| 3. Execution → Working agent implements task | ||
| 4. Verification → TaskManager validates completion | ||
| 5. Archiving → Move to completed/ when done | ||
| ``` |
There was a problem hiding this comment.
Add language identifiers to fenced code blocks (MD040).
These fences are missing a language tag and can fail markdown lint in CI.
Suggested fix
-```
+```text
0. Spec Generation → /spec loads TaskManager and creates spec.md + task bundle
1. Initiation → TaskManager creates task.json + subtasks
2. Selection → Find eligible tasks (deps satisfied)
3. Execution → Working agent implements task
4. Verification → TaskManager validates completion
5. Archiving → Move to completed/ when done
-```
+```
-```
+```text
.tmp/tasks/{feature-slug}/
├── spec.md
├── task.json
├── subtask_01.json
├── subtask_02.json
└── subtask_03.json
-```
+```Also applies to: 48-55
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 21-21: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@context/core/task-management/guides/managing-tasks.md` around lines 21 - 28,
Two fenced code blocks in the "managing-tasks.md" guide (the numbered task flow
block and the directory tree block) are missing language identifiers and trigger
MD040; update both opening fences to include a language tag (e.g., ```text) so
the blocks become ```text ... ``` and ensure any other similar fenced blocks in
the same file (the directory tree example) are updated likewise.
| subagent_type="TaskManager", | ||
| description="Break down Drizzle + Better Auth integration", | ||
| prompt="Load context from .tmp/sessions/2026-01-28-drizzle-auth/context.md | ||
| description="Generate spec and task bundle for Drizzle + Better Auth integration", | ||
| prompt="Use the plan below as the source of truth. | ||
|
|
||
| Read the context file for full requirements, standards, and external documentation. | ||
|
|
||
| Break down this feature into atomic subtasks: | ||
| Turn this feature into a spec.md file and atomic subtasks: | ||
| 1. Drizzle schema setup with modular organization | ||
| 2. Better Auth configuration with Drizzle adapter | ||
| 3. Next.js App Router integration | ||
| 4. Test suite | ||
|
|
||
| For each subtask, include: | ||
| - context_files: Standards from context.md | ||
| - reference_files: Project files to understand | ||
| - context_files: Standards only | ||
| - reference_files: Project files only | ||
| - external_context: External docs to reference | ||
|
|
||
| Create subtask files in tasks/subtasks/drizzle-auth-integration/" | ||
| Create the bundle in .tmp/tasks/drizzle-auth-integration/" | ||
| ) |
There was a problem hiding this comment.
Use the registered subagent type string to avoid failed delegation.
This example still uses subagent_type="TaskManager" (Line 254), but the invocation guide defines "Task Manager" as valid and "TaskManager" as invalid. Update this block to prevent runtime “unknown agent type” failures.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@context/core/workflows/external-context-integration.md` around lines 254 -
270, The subagent_type value is using the wrong registered string
(subagent_type="TaskManager") which will cause unknown-agent failures; locate
the block that sets subagent_type="TaskManager" (the prompt/metadata assignment
for the task bundle) and change it to the exact registered string "Task Manager"
(or the canonical value defined in the invocation guide) so delegation succeeds;
also scan for any other occurrences of the incorrect "TaskManager" token in the
same metadata and replace them with "Task Manager".
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@opencode.json`:
- Around line 125-128: The build agent's "permission" block currently allows
read/edit/write broadly; update the build agent's permission object to
explicitly deny sensitive file patterns (e.g., add deny entries for "**/.env*",
"**/*.key", and "**/*.secret") alongside the existing allow rules so these
denies take precedence; modify the "permission" structure for the build agent
(the "permission" object under the build agent definition) to include those deny
patterns consistent with the root and plan agent permission formats.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| "permission": { | ||
| "skill": { | ||
| "*": "allow" | ||
| "read": "allow", | ||
| "edit": "allow", | ||
| "write": "allow", |
There was a problem hiding this comment.
Build agent lacks sensitive-file protections present in root and plan permissions.
The build agent grants blanket read, edit, and write without denying **/.env*, **/*.key, or **/*.secret. Root permissions (lines 8-14, 40-47) and the plan agent (lines 80-85) explicitly deny these patterns. If agent-level permissions override root—as the explicit bash restrictions suggest—the build agent can access and modify secrets/keys.
Since build is the default agent, this becomes the primary interaction path.
Suggested fix: add sensitive-file denials to build agent
"permission": {
- "read": "allow",
- "edit": "allow",
+ "read": {
+ "*": "allow",
+ "**/.env*": "deny",
+ "**/.env.example": "allow",
+ "**/*.key": "deny",
+ "**/*.secret": "deny"
+ },
+ "edit": {
+ "*": "allow",
+ "**/.env*": "deny",
+ "**/.env.example": "allow",
+ "**/*.key": "deny",
+ "**/*.secret": "deny",
+ "**/node_modules/**": "deny",
+ ".git/**": "deny"
+ },
"write": "allow",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| "permission": { | |
| "skill": { | |
| "*": "allow" | |
| "read": "allow", | |
| "edit": "allow", | |
| "write": "allow", | |
| "permission": { | |
| "read": { | |
| "*": "allow", | |
| "**/.env*": "deny", | |
| "**/.env.example": "allow", | |
| "**/*.key": "deny", | |
| "**/*.secret": "deny" | |
| }, | |
| "edit": { | |
| "*": "allow", | |
| "**/.env*": "deny", | |
| "**/.env.example": "allow", | |
| "**/*.key": "deny", | |
| "**/*.secret": "deny", | |
| "**/node_modules/**": "deny", | |
| ".git/**": "deny" | |
| }, | |
| "write": "allow", |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@opencode.json` around lines 125 - 128, The build agent's "permission" block
currently allows read/edit/write broadly; update the build agent's permission
object to explicitly deny sensitive file patterns (e.g., add deny entries for
"**/.env*", "**/*.key", and "**/*.secret") alongside the existing allow rules so
these denies take precedence; modify the "permission" structure for the build
agent (the "permission" object under the build agent definition) to include
those deny patterns consistent with the root and plan agent permission formats.
1 participant
Related issue
Summary
Scope
Testing
Reviewer focus
Notes
Summary by CodeRabbit
Documentation
Chores