feat: add safe agents and workflow commands#18
Conversation
There was a problem hiding this comment.
Pull request overview
Adds safer default workflow primitives to the guardrails distribution by shipping guarded agents plus explicit workflow-gate commands, and extends scenario coverage to verify routing and permission defaults.
Changes:
- Set
implementas the packaged profile’s default primary agent and add a read-onlyreviewsubagent with restrictive permissions. - Add packaged workflow commands:
/implement,/review,/ship,/handoff(with review/ship/handoff running as subtasks under thereviewagent). - Extend guardrail scenario tests to assert default-agent routing, command wiring, and key permission decisions.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/opencode/test/scenario/guardrails.test.ts | Adds scenario coverage validating shipped agents/commands and expected permission actions. |
| packages/guardrails/README.md | Documents the new safe agents and workflow command gates in the distribution overview. |
| packages/guardrails/profile/opencode.json | Sets default_agent: implement and expands deny rules for risky git/bash patterns at the profile level. |
| packages/guardrails/profile/commands/ship.md | Introduces /ship release-readiness gate command bound to the read-only review subagent. |
| packages/guardrails/profile/commands/review.md | Introduces /review command bound to the read-only review subagent. |
| packages/guardrails/profile/commands/implement.md | Introduces /implement command bound to the guarded primary implement agent. |
| packages/guardrails/profile/commands/handoff.md | Introduces /handoff command bound to the read-only review subagent. |
| packages/guardrails/profile/agents/review.md | Adds the read-only review subagent definition and permissions. |
| packages/guardrails/profile/agents/implement.md | Adds the guarded implement primary agent definition and permissions. |
| packages/guardrails/profile/AGENTS.md | Updates profile guidance to route gating work through read-only workflow commands/agents. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| ## Managed deployment | ||
|
|
||
| Copy [managed/opencode.json](/Users/teradakousuke/Developer/opencode/packages/guardrails/managed/opencode.json) into the system managed config directory: |
There was a problem hiding this comment.
The link target for managed/opencode.json is an absolute path to a developer machine (/Users/...). This will be broken for everyone else and in published docs. Use a repo-relative link (e.g. ./managed/opencode.json or managed/opencode.json) instead.
| Copy [managed/opencode.json](/Users/teradakousuke/Developer/opencode/packages/guardrails/managed/opencode.json) into the system managed config directory: | |
| Copy [managed/opencode.json](managed/opencode.json) into the system managed config directory: |
| - Open risks | ||
| - Recommended next step | ||
|
|
||
| Default scope is the current uncommitted work unless `$ARGUMENTS` narrows it. |
There was a problem hiding this comment.
This command text says scope defaults unless $ARGUMENTS narrows it, but the template does not include the $ARGUMENTS placeholder. As a result, command hints won’t advertise $ARGUMENTS, and the wording is misleading. Either add $ARGUMENTS to the template (preferred if you want explicit narrowing) or reword to refer to “command arguments” generally.
| Default scope is the current uncommitted work unless `$ARGUMENTS` narrows it. | |
| Default scope is the current uncommitted work unless command arguments narrow it. |
| - Blocking gates | ||
| - Next action | ||
|
|
||
| Default scope is the current uncommitted work unless `$ARGUMENTS` narrows it. |
There was a problem hiding this comment.
This command text references $ARGUMENTS for narrowing scope, but the template does not include the $ARGUMENTS placeholder. Either include $ARGUMENTS in the template so it’s explicit/advertised via command hints, or adjust the wording to avoid implying a placeholder is present.
| Default scope is the current uncommitted work unless `$ARGUMENTS` narrows it. | |
| Scope: $ARGUMENTS | |
| Default scope is the current uncommitted work if `$ARGUMENTS` is not provided. |
Summary
implementprimary agent and read-onlyreviewsubagent to the packaged guardrail profile/implement,/review,/ship, and/handoffcommands so workflow gates stay explicit and read-only where intendedVerification
Closes #5