feat(commands): add agent routing and model override support#42
Merged
Conversation
Owner
marcusrbrown
commented
Feb 1, 2026
marcusrbrown
commented
- Add agent, model, and subtask frontmatter fields to commands
- Consolidate extraction helpers into validation module
- Add test coverage for new command configuration options
- Add agent, model, and subtask frontmatter fields to commands - Consolidate extraction helpers into validation module - Add test coverage for new command configuration options
marcusrbrown
added a commit
that referenced
this pull request
May 11, 2026
… ReDoS The non-greedy regex /<SYSTEMATIC_WORKFLOWS>[\s\S]*?<\/SYSTEMATIC_WORKFLOWS>/ was flagged by CodeQL as polynomial-time on uncontrolled input — when the opening tag repeats and the closing tag is absent, the engine backtracks through every prefix. With per-load registration now letting any plugin source contribute system prompt fragments, this regex sees content the plugin itself didn't author. Replaces the regex with a small indexOf/slice helper. Fixed literal delimiters never needed regex; the linear scan is provably immune to ReDoS and unchanged in behavior for the existing seven marker-replacement tests. Adds a regression test that runs the helper against 10000 repeated opening markers with no closing tag and asserts completion in well under 1s. Closes CodeQL alerts #42 and #43.
marcusrbrown
added a commit
that referenced
this pull request
May 11, 2026
… bootstrap idempotency (#352) * refactor(plugin): independent per-load registration with marker-based bootstrap idempotency Each call to SystematicPlugin now runs initializePlugin independently and returns its own hooks surface. With multiple OpenCode plugin sources configured (project + user config), each source gets its own systematic_skill tool, its own config handler, and its own chat.system.transform closure. hasLoggedInit moves into per-init closure state, so the process emits N init log lines for N registrations — honest signal that init ran N times. Bootstrap content idempotency is now enforced at injection time, not init time. applyBootstrapContent walks output.system for any prior <SYSTEMATIC_WORKFLOWS>...</SYSTEMATIC_WORKFLOWS> block (non-greedy regex) and replaces it in-place; missing-block falls through to append. Under OpenCode's verified FIFO hook iteration, the last transform to run owns the final block — most-recently-registered plugin wins, which matches the project-after-user load order developers expect. This reverts the plugInOnce singleton from PR #335, which turned out to be over-correction. OpenCode registers tools per-source even with a shared hooks reference, so the singleton's init-dedup had no visible effect on the TUI tool catalog — what it did do in dev setups was silently collapse all loads onto whichever ran first, shadowing later sources. Also removes _resetPluginSingleton from the integration test setup; the singleton itself is deleted in a follow-up commit. 12 new behavior tests cover marker-replacement in every slot, non-greedy boundary, multi-block edge cases, per-invocation distinct references, and the cross-registration integration scenario. * refactor(plugin): delete plugin-singleton module after factory revert The plugInOnce abstraction and its test file are no longer reachable — src/index.ts stopped importing them in the prior commit, and the consumer test files (plugin.test.ts and opencode.test.ts) dropped the _resetPluginSingleton reset calls. Deletes 227 lines of now-dead infrastructure: the singleton helper, its five test cases, and the module-level exports. The architectural rationale lives in docs/brainstorms/2026-05-10-multi-load-plugin-registration-requirements.md and the implementation plan at docs/plans/2026-05-10-002-refactor-multi-load-plugin-registration-plan.md. * docs: sync AGENTS hierarchy and PR #335 solution after singleton removal Updates module count in AGENTS.md and src/lib/AGENTS.md from 16/14 to 15 (post-deletion of plugin-singleton.ts). Appends a 2026-05-10 follow-up section to the PR #335 solution doc noting the singleton was removed and documenting marker-based idempotency as the current correctness contract. Also commits the implementation plan with all four units marked complete. The plan was untracked locally during execution per project convention; landing it here gives the architectural inversion a visible paper trail. * fix(plugin): replace bootstrap marker regex with linear scan to close ReDoS The non-greedy regex /<SYSTEMATIC_WORKFLOWS>[\s\S]*?<\/SYSTEMATIC_WORKFLOWS>/ was flagged by CodeQL as polynomial-time on uncontrolled input — when the opening tag repeats and the closing tag is absent, the engine backtracks through every prefix. With per-load registration now letting any plugin source contribute system prompt fragments, this regex sees content the plugin itself didn't author. Replaces the regex with a small indexOf/slice helper. Fixed literal delimiters never needed regex; the linear scan is provably immune to ReDoS and unchanged in behavior for the existing seven marker-replacement tests. Adds a regression test that runs the helper against 10000 repeated opening markers with no closing tag and asserts completion in well under 1s. Closes CodeQL alerts #42 and #43.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.