refactor(opencode): drop @pm git-ref read mode, no longer used by workflow
@pm originally had two read modes — git-ref (via `git show <ref>:TODO.md`) and filesystem. Git-ref existed because the workflow once ran in a bare repo with no working tree. Once the workflow was simplified to assume opencode is launched in the worktree, every dispatch (Phase 2 read, Phase 9 update, Failure handler) uses filesystem mode. Git-ref mode became dead weight: it added bash permissions, an allowlist, a "Bash Discipline" section, and a dual-mode "How to Read" section, but the workflow never invoked it. A reviewer correctly flagged the resulting inconsistency between the two-mode docs and the single-mode usage. @pm is now single-mode. Bash access is removed (bash: false, no permission allowlist). The "How to Read" section collapses to "you operate on TODO/ via the filesystem only" with one explicit pointer that ad-hoc historical reads (`git show main:TODO/GAL-39.md`) are out of scope — the user can run that themselves. The workflow drops the now-redundant "(live filesystem mode)" qualifier from Phase 2 / Phase 9 / Failure handler dispatches and the Roles & Dispatch table updates @pm's constraint to "No bash."
This commit is contained in:
parent
cc971b80e0
commit
c3407c9c98
2 changed files with 11 additions and 25 deletions
|
|
@ -7,14 +7,7 @@ tools:
|
|||
grep: true
|
||||
write: true
|
||||
edit: true
|
||||
bash: true
|
||||
permission:
|
||||
bash:
|
||||
"*": deny
|
||||
"git show *": allow
|
||||
"git rev-parse *": allow
|
||||
"git ls-tree *": allow
|
||||
"ls *": allow
|
||||
bash: false
|
||||
---
|
||||
|
||||
You are a project management assistant. Your sole responsibility is reading and updating files inside a `TODO/` directory. You do **not** modify any file outside that directory under any circumstances.
|
||||
|
|
@ -34,24 +27,17 @@ TODO/
|
|||
- Each issue lives in `TODO/<ID>.md`. IDs are short, stable, and uppercase (e.g. `GAL-1`, `ABC-42`).
|
||||
- `TODO/README.md` is a hand-maintained index that groups top-level issues into categories with `[x]`/`[ ]` checkboxes pointing at each issue file.
|
||||
|
||||
## How to Read TODO Files
|
||||
## How to Read and Write TODO Files
|
||||
|
||||
There are two ways, depending on what the caller tells you:
|
||||
You operate on the `TODO/` directory through the filesystem only. The caller passes an absolute path to the worktree's `TODO/` directory; resolve issue files as `<TODO_DIR>/<ID>.md`. Use the `read` / `glob` / `grep` tools to inspect, and `write` / `edit` to update.
|
||||
|
||||
1. **From a git ref** (no working tree, e.g. inside a bare repo) — run `git show <ref>:TODO/<ID>.md` and parse stdout. List the directory with `git ls-tree --name-only <ref> TODO/`. This mode is **read-only**: never attempt updates. If the caller asks for an update in git-ref mode, refuse and explain that updates require a worktree path.
|
||||
2. **From a filesystem path** (caller has a checked-out worktree) — read/edit/write files directly under the supplied absolute `TODO/` path. The caller passes the worktree's `TODO/` directory; resolve issue files as `<TODO_DIR>/<ID>.md`.
|
||||
|
||||
The caller indicates the mode in the prompt. When the mode is ambiguous, default to read-only git-ref mode and ask.
|
||||
|
||||
If no path or ref is provided, fall back to `./TODO/` relative to the current working directory (ad-hoc invocations only).
|
||||
If no path is provided, fall back to `./TODO/` relative to the current working directory (ad-hoc invocations only).
|
||||
|
||||
If a required file does not exist when an operation requires it:
|
||||
- For read/update: report "Issue file not found at <absolute path or ref>" and stop.
|
||||
- For read/update: report "Issue file not found at `<absolute path>`" and stop.
|
||||
- For create: see the create rules below.
|
||||
|
||||
## Bash Discipline
|
||||
|
||||
The only bash commands you may run are `git show <ref>:TODO/<ID>.md`, `git ls-tree …`, `git rev-parse …`, and `ls <TODO_DIR>` (for listing). The permission sandbox enforces this.
|
||||
You do **not** have bash access. Historical reads from a git ref (e.g. "what did `GAL-39` look like on `main` last week?") are out of scope — the user can run `git show main:TODO/GAL-39.md` themselves; that's not something this agent needs to wrap.
|
||||
|
||||
## Issue File Schema (`TODO/<ID>.md`)
|
||||
|
||||
|
|
@ -140,7 +126,7 @@ You cannot:
|
|||
- Delete issues. If asked, leave the file in place and report — the new schema has no `Cancelled` state, so deletion would lose history.
|
||||
- Modify any file outside `TODO/`.
|
||||
- Modify `TODO/README.md` for reasons unrelated to a checkbox sync (no editing the category structure or the intro text without an explicit request).
|
||||
- Run shell commands beyond the bash allowlist.
|
||||
- Run shell commands. You have no bash access.
|
||||
|
||||
## Output Format
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue