OpenCode Configuration

June 25, 2026 · View on GitHub

How MockServer's AI-assisted engineering harness is configured, structured, and maintained. This document covers the full configuration surface: the root config file, model strategy, sub-agents, rules, skills, commands, plugins, and advanced orchestration patterns.

Overview

A generic AI coding assistant knows how to read files, write code, and run commands. It does not know MockServer's module boundaries, Netty pipeline conventions, Maven build profiles, TLS certificate renewal procedures, or Buildkite infrastructure layout. The harness is the configuration layer that teaches it all of this.

The harness is code. It is versioned alongside the codebase it describes. Any engineer can improve it in a single commit.

flowchart TB
    subgraph Root["Repository Root"]
        CONFIG["opencode.jsonc
models, permissions, agents"]
        AGENTS_MD["AGENTS.md
global instructions"]
    end

    subgraph Harness[".opencode/"]
        direction TB
        AG["agents/
12 sub-agent prompts"]
        RU["rules/
24 guardrail files"]
        SK["skills/
17 workflow definitions"]
        CM["commands/
12 slash commands"]
        PL["plugins/
2 session plugins"]
    end

    CONFIG -->|"loads"| AGENTS_MD
    CONFIG -->|"defines"| AG
    AG -->|"follow"| RU
    AG -->|"execute"| SK
    CM -->|"route to"| AG
    SK -->|"use"| PL

    style Root fill:#f0f4ff,stroke:#003d75
    style Harness fill:#f7f8fc,stroke:#6b5ce7

The 7 Building Blocks

#BlockLocationPurpose
1Configopencode.jsoncRoot configuration: models, permissions, agent definitions
2Model Strategyopencode.jsonc (agent entries)Right model for the right task
3Agents.opencode/agents/*.md12 specialist sub-agents with least-privilege access
4Rules.opencode/rules/*.md24 guardrails always enforced
5Skills.opencode/skills/*/SKILL.md17 reusable multi-step workflows
6Commands.opencode/commands/*.md12 slash shortcuts with guaranteed routing
7Plugins & Tools.opencode/plugins/*.tsSession hooks and external integrations

Building Block 1: Config

The root configuration file opencode.jsonc controls the entire system. Every setting has a purpose.

Annotated Config

{
  "$schema": "https://opencode.ai/config.json",

  // Auto-compact context in long sessions; prune old tool outputs
  "compaction": { "auto": true, "prune": true },

  // Enable /share command (manual only — no accidental sharing)
  "share": "manual",

  // Start sessions in plan mode (read-only); Tab switches to build mode
  "default_agent": "plan",

  // Cheap model for titles, summaries, and compaction
  "small_model": "openai/gpt-4o-mini",

  // Global instructions loaded into every session
  "instructions": ["AGENTS.md"],

  // File watcher excludes (saves tokens, avoids indexing build artifacts)
  "watcher": {
    "ignore": [
      "vendor/**", "**/node_modules/**", ".git/**", ".tmp/**",
      "**/target/**",     // Maven build output in all modules
      ".idea/**",         // IntelliJ project files
      "*.class", "*.jar", // Java bytecode and archives
      "**/_site/**",      // Jekyll generated site
      "**/.sass-cache/**",// Jekyll SCSS cache
      "terraform/**/.terraform/**",
      "build-*/**"        // Downloaded Buildkite logs
    ]
  },

  // Global permissions: allow bash, deny destructive git and rm
  "permission": {
    "bash": {
      "*": "allow",
      "git push --force*": "deny",
      "git reset --hard*": "deny",
      "git clean -fd*": "deny",
      "rm -rf .": "deny",
      "rm -rf ..": "deny",
      "rm -rf ~": "deny",
      "rm -rf /": "deny",
      "rm -rf /*": "deny"
    }
  },

  // 12 sub-agents defined (see Building Block 3)
  "agent": { /* ... */ }
}

Key Design Decisions

SettingValueRationale
default_agent: "plan"Start read-onlyPrevents accidental modifications; forces deliberate switch to build mode
compaction.prune: trueAuto-prune old contextMockServer's codebase is large; long investigation sessions would otherwise hit context limits
watcher.ignore includes **/target/**Skip Maven outputModule target/ directories contain thousands of generated files
watcher.ignore includes **/_site/**Skip Jekyll outputGenerated HTML should never be edited directly
Permission deny-list8 destructive patternsDefence in depth — these are also blocked by git-safety.md rules, but config-level denial is a harder guarantee

AGENTS.md — The Global Instruction File

AGENTS.md at the repo root is loaded into every session via the instructions array. It contains:

  • Project overview and tech stack summary
  • Documentation index (which doc to consult before modifying each area)
  • AWS account IDs and prerequisites
  • Buildkite agent infrastructure details
  • Git policy (never commit without request, never amend pushed commits)
  • Parallel session safety rules
  • Pre-commit workflow summary
  • Subagent routing table
  • Diagrams and formatting conventions

This file acts as the agent's "onboarding document" — everything a new engineer (or AI) needs to know before touching the codebase.


Building Block 2: Model Strategy

Different tasks have different cognitive demands and different needs for determinism. Because the orchestrator delegates almost all execution — implementation and investigation — to subagents (see docs/operations/ai-sdlc-integration-spec.md §5.5/§7 and .opencode/rules/subagent-routing.md), the per-agent configuration is where inference cost and determinism are actually managed. Three decision variables are set explicitly per agent — model (capability/cost), temperature (determinism vs creativity, opencode side), and reasoning effort (reasoning budget, Claude Code side) — and all are recorded so the routing is auditable (see §9). Agents are grouped into model tiers:

flowchart LR
    subgraph Reasoning["Reasoning Tier"]
        RF["review-final"]
        SA["security-auditor"]
        DB["debugger"]
        IMP["implementer"]
        PI["pipeline-investigator"]
    end

    subgraph Premium["Premium Tier"]
        SIM["simplifier"]
    end

    subgraph Standard["Standard Tier"]
        CR["code-reviewer"]
        DW["docs-writer"]
        TA["taskify-agent"]
        RC["review-cheap"]
    end

    subgraph Fast["Fast Tier"]
        TR["test-runner"]
        CS["council-seat"]
    end

    style Reasoning fill:#f3e8fd,stroke:#7a00cc
    style Premium fill:#fde8ec,stroke:#e4002b
    style Standard fill:#e8f0fa,stroke:#00539f
    style Fast fill:#e8f8f0,stroke:#00a651
Tieropencode (OpenAI)Claude Code (Anthropic)AgentsRationale
Reasoningopenai/gpt-5claude-opus-4-8 + effort: highreview-final, security-auditor, debugger, implementer, pipeline-investigatorHighest-stakes reasoning — authoritative binding review, security audit, hard debugging, production code, and CI failure investigation
Premiumopenai/gpt-4oclaude-sonnet-4-6 + effort: mediumsimplifierStrong reasoning for refactoring at moderate model cost and reasoning budget
Standardopenai/gpt-4oclaude-sonnet-4-6 + effort: mediumcode-reviewer, docs-writer, taskify-agent, review-cheapStrong analysis and writing at moderate cost and reasoning budget
Fastopenai/gpt-4o-miniclaude-haiku-4-5-20251001 + effort: low–mediumtest-runner (low), council-seat (medium)Rote test execution (low) vs short exploratory debate seats (medium) — speed over depth

This gives the review escalation a genuine capability gradient on both harnesses: review-cheap (gpt-4o / sonnet + effort: medium) → review-final (gpt-5 / opus + effort: high), so the binding gate is a stronger second brain, not a same-model re-run. effort is now set explicitly on every Claude agent (not just the high-stakes lanes) so the reasoning budget is an intentional, auditable choice that tracks each task's reasoning depth — high for hard implementation/review/audit/investigation, medium for standard analysis and writing, low for mechanical work. implementer is deliberately on the Reasoning tier alongside the reviewers: generating production code has equal or higher blast radius than reviewing it, so it warrants the same model capability and reasoning budget.

Caveat — reasoning models and temperature: OpenAI reasoning models may reject or ignore a custom sampling temperature (only the default is accepted). The Reasoning-tier agents retain their low temperature entries for documentation/auditability, but if the provider rejects them, drop the temperature field for those five agents and rely on the model's native low-variance reasoning. Re-verify against the OpenAI API behaviour for gpt-5 after provisioning.

Temperature (opencode)

opencode sets an explicit per-agent temperature (deterministic/high-risk work low, ideation higher). Claude Code does not support a per-subagent sampling temperature (the field is silently ignored — verified against the Claude Code subagent docs, 2026-06; re-check release notes before adding a temperature frontmatter field), so on the Claude side determinism is governed by model choice and the supported effort lever, not temperature.

TempAgentsWhy
0test-runnerRote execution — fully deterministic
0.1review-cheap, review-final, code-reviewer, security-auditor, simplifierReview/verify and high-risk work — low variance
0.2implementer, debugger, pipeline-investigatorMostly deterministic with a little hypothesis search
0.3–0.4taskify-agent (0.3), docs-writer (0.4)Structuring and prose benefit from mild latitude
0.7council-seatDesign debate / ideation — creativity wanted

For work that benefits from exploration before convergence, stage these temperatures as a descending multi-pass pipeline (explore → refine → validate) rather than a single pass — see .opencode/rules/multi-pass-temperature.md.

Provider Strategy

opencode uses OpenAI models exclusively. Claude Code (.claude/) uses Anthropic models exclusively. Independence between the implementation and review agents is achieved at two levels:

  1. Model & temperature: review-cheap and review-final run with their own model and temperature settings (see the tables above) and — more importantly — with a fresh context: the reviewer never sees the implementing agent's reasoning, only the diff.
  2. Cross-tool independence: When switching between tools, a Claude Code session reviews OpenAI-generated work and vice versa, providing genuine cross-provider independence at the workflow level.

Building Block 3: Agents

Each sub-agent is a configured AI persona with a specific model, system prompt, allowed tools, and permissions. The principle is least privilege — each agent has exactly the access it needs.

Agent Roster

AgentModel TierRoleWriteEditBashSkill
implementerReasoningWrites production code and testsYYYY
simplifierPremiumReduces code to smallest correct formYYYY
docs-writerStandardArchitecture docs, ADRs, READMEsYYYY
taskify-agentStandardBreaks specs into structured task graphsYYYY
code-reviewerStandardPre-commit correctness, security, conventions--Y-
security-auditorReasoningSecurity-focused Java/Netty audits--Y-
review-finalReasoningAuthoritative binding PASS/BLOCK verdict--YY
review-cheapStandardNon-authoritative intermediate review--YY
debuggerReasoningInvestigates issues using logs, CI, AWS--YY
pipeline-investigatorReasoningBuildkite pipeline failure analysis--YY
test-runnerFastRuns Maven tests, reports results--Y-
council-seatFastDesign council parallel debate seat----

Tool Restrictions Explained

flowchart TD
    subgraph Full["Full Access"]
        IMP2["implementer"]
        SIM2["simplifier"]
        DW2["docs-writer"]
        TA2["taskify-agent"]
    end

    subgraph ReadBash["Read + Bash Only"]
        CR2["code-reviewer"]
        SA2["security-auditor"]
        TR2["test-runner"]
    end

    subgraph ReadBashSkill["Read + Bash + Skill"]
        RF2["review-final"]
        RC2["review-cheap"]
        DB2["debugger"]
        PI2["pipeline-investigator"]
    end

    subgraph ReadOnly["Read Only (no bash)"]
        CS2["council-seat"]
    end

    style Full fill:#e8f8f0,stroke:#00a651
    style ReadBash fill:#e8f0fa,stroke:#00539f
    style ReadBashSkill fill:#f0ecfb,stroke:#6b5ce7
    style ReadOnly fill:#fde8ec,stroke:#e4002b
  • Code reviewers cannot write or edit files — they can only read and report. This prevents a reviewer from "fixing" code instead of reporting issues.
  • The debugger can load skills for structured investigations (for example aws-investigation) while still using bash for ad-hoc probing.
  • Council seats have no bash, write, edit, or skill access — they can only read code and emit a verdict. This prevents a debate participant from taking unilateral action.
  • Test runner cannot write files — it runs mvn test and reports results, nothing more.

Agent Prompt Files

Each agent's behaviour is defined in a markdown file at .opencode/agents/<name>.md. These files contain:

  • Role definition and boundaries
  • Specific instructions for the agent's domain
  • Output format requirements
  • What the agent must never do

Example: the code-reviewer.md includes a checklist for LLM-specific issues (hallucinated method names, plausible-but-wrong logic, missing error handling, leaked secrets) that a human reviewer might miss.


Building Block 4: Rules

Rules are mandatory constraints loaded into sessions. They encode what experienced engineers know but an AI does not.

Rule Catalogue

RuleLinesAlways LoadedPurpose
git-safety.md56YesBlocks 11 destructive git commands without confirmation
commit-workflow.md202Yes4-step pre-commit workflow with adversarial review
commit-locking.md311YesFilesystem-based commit lock for parallel session safety
testing-policy.md69YesMaven module mapping, test commands, quality standards
tmp-directory.md134YesUse .tmp/ at repo root, never /tmp/
report-formatting.md154YesSubagent JSON → report template formatting convention
review-constitution.md223Yes8-lens adversarial review with ~100 review principles
mermaid-diagrams.md86YesMermaid diagram conventions and formatting rules
coding-principles.md29YesThink before coding, simplicity first, surgical changes
aws-ids-file.md31YesRequire ~/mockserver-aws-ids.md before AWS operations
operating-model.md188YesThe DVRR operating model — decompose, verify, review, reintegrate
worktree-workflow.md313YesPer-session worktree isolation, linear history, locked rebase merge
subagent-routing.md67YesConversational routing of tasks to the correct subagent
risk-authority-classification.md71YesClassify each unit by risk and act within its authority class
control-integrity.md57YesHigher-scrutiny gated-approval for changes to the controls themselves
operator-halt.md49YesOperator halt — stop autonomous work on demand
untrusted-input.md63YesTreat ingested content as data, not instructions
decision-log.md100YesPer-unit telemetry and routing-rationale decision log
multi-pass-temperature.md32YesStaged explore → refine → validate temperature pipeline
evaluation-harness.md50YesAgent/config evaluation fixtures and conformance checks
metrics.md128YesSDLC metrics capture and reporting conventions
documentation-style.md96YesPyramid Principle with progressive disclosure for all docs
local-plans.md56YesUncommitted *.local.md plan docs in docs/plans/
licence-provenance.md30YesDependency licence and provenance constraints

git-safety.md — Banned Commands

Key commands blocked without explicit user confirmation:

Banned CommandSafer Alternative
git checkout -- <file>git stash first
git restore <file>git stash first
git clean -fdgit clean -n (dry run)
git reset --hardgit reset --soft or git stash
git stash drop / git stash clearKeep stashes
git branch -Dgit branch -d (safe delete)
git push --forcegit push --force-with-lease
git rebase on shared branchesMerge instead

These are enforced at two levels: the config file's permission.bash deny-list (hard block) and the rule file (instruction-level reinforcement).

commit-workflow.md — The 4-Step Pre-Commit Process

flowchart TD
    A[Changes ready] --> B{Classify files}
    B --> C[Java files?]
    B --> D[Terraform?]
    B --> E[Bash scripts?]
    B --> F[Docs/Config?]

    C --> G["mvnw test -pl module"]
    D --> H["terraform fmt/validate/plan"]
    E --> I["bash -n script.sh"]
    F --> J["Link check / review"]

    G --> K{All validations pass?}
    H --> K
    I --> K
    J --> K

    K -->|No| L[Fix issues]
    L --> B

    K -->|Yes| M["Adversarial review
(review-cheap agent,
different model)"]
    M -->|PASS| N[Commit]
    M -->|FAIL| L

    style M fill:#fef8ec,stroke:#f5a623
    style N fill:#e8f8f0,stroke:#00a651

The adversarial review (Step 3) is critical: the review-cheap agent runs with a fresh context, specifically scanning for LLM-generated issues — hallucinated names, plausible but wrong logic, missing error handling, and accidentally committed secrets. The review-final agent provides the binding verdict.

Skip conditions exist for speed: "skip tests" skips validation, "skip review" skips the adversarial review, "just commit" skips both. These are used when the user is confident in the change.


Building Block 5: Skills

A skill is a self-contained multi-step workflow — a runbook the agent executes autonomously. Complex tasks like "investigate a pipeline failure" or "renew TLS certificates" involve 10-15 coordinated steps. Without a skill, the user would guide the agent manually every time.

Skill Catalogue

SkillFilesSubagent-RoutedTrigger Examples
aws-investigationSKILL.md + report-template.mdYes (debugger)"build agents not running", "EC2 issues", "ASG scaling"
pipeline-investigationSKILL.md + report-template.mdYes (pipeline-investigator)"pipeline failing", "build errors", Buildkite URLs
ideateSKILL.md + spec-template.mdNo"I have an idea", "let's think through", "brainstorm"
pr-reviewSKILL.mdNo"review PRs", "PR report", "open PRs"
pr-monitorSKILL.mdNo"monitor PRs", "auto-merge PRs", "watch dependency PRs"
renew-test-certsSKILL.mdNo"certificates expired", "TLS tests failing"
review-codeSKILL.mdNo"deep code review", "adversarial review", "quality audit"
review-specSKILL.mdNo"spec review", "design review", "review this plan"
browser-authSKILL.mdNo"navigate to buildkite", "extract token from browser"
dependabot-snyk-pr-managementSKILL.mdNo"dependabot PR", "snyk PR", "dependency upgrade"
dockerhub-credentialsSKILL.mdNo"docker hub token", "configure docker hub"
terraform-tfvarsSKILL.mdNo"create tfvars", "deploy buildkite agents"
docker-build-pushSKILL.mdNo"build docker image", "push maven image", "rebuild CI image"
issue-reviewSKILL.mdNo"review issue", "triage issue", "is this a bug"
build-monitorSKILL.mdNo"monitor builds", "watch pipeline", "continuous monitoring"
release-managementSKILL.mdNo"prepare release", "release version", "run release pipeline"
ui-screenshotsSKILL.mdNo"screenshot the dashboard", "capture UI", "dashboard screenshots"

Skill Anatomy

Each skill directory contains:

.opencode/skills/<name>/
  SKILL.md              # Main workflow definition (phases, steps, examples)
  report-template.md    # Optional: output template for structured reports
  spec-template.md      # Optional: output template for specifications

The SKILL.md file contains:

  • Trigger conditions — when the skill should be loaded
  • Phase definitions — ordered steps the agent follows
  • Templates — what "good output" looks like
  • Reference knowledge — domain-specific facts inlined for the agent
  • Error handling — what to do when steps fail

Subagent Routing Convention

Subagent routing is defined outside skills. Skills are never responsible for declaring their own dispatch mechanism.

Use:

  • command metadata (agent + subtask: true) for slash-command routing,
  • .opencode/rules/subagent-routing.md for conversational routing,
  • opencode.jsonc permissions to prevent invalid direct loads by restricted agents.
sequenceDiagram
    participant User
    participant Parent as Parent Agent
    participant Sub as Subagent (e.g. debugger)
    participant Skill as Skill (e.g. aws-investigation)

    User->>Parent: /aws-investigation
    Parent->>Sub: Task(subagent_type="debugger")
    Sub->>Skill: Load SKILL.md
    Skill->>Sub: Phase 1: Check ASG...
    Sub->>Sub: Run AWS CLI commands
    Skill->>Sub: Phase 2: Check Lambda...
    Sub->>Sub: Run AWS CLI commands
    Sub->>Parent: Structured JSON result
    Parent->>Parent: Format with report-template.md
    Parent->>User: Formatted report

This separation ensures:

  • The subagent runs with the correct model and tool permissions
  • The parent agent's context stays clean (no AWS CLI output bloat)
  • The report format is consistent (template-driven)

Building Block 6: Commands

Commands are slash shortcuts that map user-friendly invocations to specific agents and, when needed, skills. They enforce routing at the framework level — before the AI makes a decision.

Command Catalogue

CommandAgentSubtaskPurpose
/aws-investigationdebuggerYesInvestigate AWS infrastructure issues
/pipeline-investigationpipeline-investigatorYesInvestigate Buildkite pipeline failures
/review-codereview-finalYesDeep code audit
/review-specreview-finalYesCritical review of spec/design document
/codebase-change-reportdocs-writerYesGenerate report of recent changes
/update-architecture-docsdocs-writerYesReview and update architecture docs
/design-councilgeneralYesConvene parallel design council debate
/excalidrawgeneralYesGenerate .excalidraw architecture diagrams
/codeql-scansecurity-auditorYesRun CodeQL security scan on Java code
/issue-review(default)NoReview, classify, and resolve a GitHub issue
/commit(default)NoCommit changes following full pre-commit workflow

Command File Anatomy

Each command is a small markdown file with YAML frontmatter:

---
description: Investigate Buildkite pipeline failures
agent: pipeline-investigator
subtask: true
---
Load the `pipeline-investigation` skill and execute it for:
$ARGUMENTS

The agent field is the routing guarantee. When a user types /pipeline-investigation https://buildkite.com/.../builds/123, the framework routes directly to the pipeline-investigator agent — the LLM never decides which agent handles the request.

The subtask: true field means the command runs in a subagent session, keeping the parent context clean.

Why Framework-Level Routing Matters

Routing is the single biggest practical failure mode of multi-agent setups. MockServer uses three enforcement layers:

LayerMechanismExample
Routing ruleConversational mapping in .opencode/rules/subagent-routing.mdpipeline-investigation -> pipeline-investigator
FrameworkCommand files hardcode the target agentagent: pipeline-investigator in frontmatter
PermissionRead-only agents can be skill-disabled by rolecode-reviewer has "skill": false in config

Building Block 7: Plugins & Tools

Plugins

Plugins are TypeScript files that hook into session lifecycle events. MockServer has two:

PluginPurpose
buildkite-status.tsOn session start, queries Buildkite API for the 5 most recent builds. Shows a toast warning if any are failing. Writes details to .tmp/.buildkite-status. Throttled to once per hour.
session-notification.tsSends macOS notifications via osascript when a session goes idle ("Task completed") or errors (with "Basso" sound).

Plugins require the @opencode-ai/plugin npm package (defined in .opencode/package.json).

Chrome DevTools MCP

The browser-auth skill documents how to use the Chrome DevTools MCP server to interact with authenticated web UIs (Buildkite, AWS Console, GitHub). This enables skills like terraform-tfvars to extract Buildkite agent tokens directly from the Buildkite UI.

Custom Tools via Bash

Unlike TDP (which has 17 dedicated Python tool packages for Splunk, New Relic, Jira, etc.), MockServer's tools are simpler — the agent uses bash directly to run:

  • gh (GitHub CLI) for PR management and issue queries
  • aws CLI for infrastructure investigation
  • mvn / mvnw for builds and tests
  • openssl for certificate operations
  • docker for container operations
  • helm for Kubernetes deployment

This works well for MockServer's scope. The skills contain the domain knowledge (which commands to run, in what order, how to interpret output) while bash provides the execution.


Advanced Patterns

Design Council — Parallel Agent Debate

For non-trivial decisions that cross domains, the /design-council command convenes a panel of council-seat agents that debate in parallel. The invoking agent acts as CEO — convening, routing, and arbitrating.

flowchart TD
    CEO["CEO (invoking agent)"] -->|"fan out"| S1["Seat 1
Perspective A"]
    CEO -->|"fan out"| S2["Seat 2
Perspective B"]
    CEO -->|"fan out"| S3["Seat 3
Perspective C"]

    S1 -->|"verdict"| CEO
    S2 -->|"verdict"| CEO
    S3 -->|"verdict"| CEO

    CEO -->|"cross-talk round"| S1
    CEO -->|"cross-talk round"| S2

    CEO --> D["Decision + rationale"]

    style CEO fill:#e8f0fa,stroke:#00539f
    style S1 fill:#f0ecfb,stroke:#6b5ce7
    style S2 fill:#f0ecfb,stroke:#6b5ce7
    style S3 fill:#f0ecfb,stroke:#6b5ce7
    style D fill:#e8f8f0,stroke:#00a651

Key properties:

  • Each seat is a separate subagent with its own context (no shared priors, no groupthink)
  • Seats emit structured verdicts: APPROVE, CONCERNS, or BLOCK with cited evidence (file:line)
  • Council seats are read-only (no bash, write, edit, or skill) — they cannot take action
  • The CEO can run up to 3 brokered rounds where dissent is routed between seats
  • Output is a one-page decision log committed alongside code

Subagent Report Pattern

Investigation skills (aws-investigation, pipeline-investigation) follow a structured pattern:

  1. Subagent investigates — runs commands, gathers data, produces structured JSON
  2. Parent reads template — loads report-template.md from the skill directory
  3. Parent formats — maps JSON fields to the template, producing a readable report
  4. Parent presents — shows the formatted report to the user

This separation means the investigation logic and the presentation logic are independently maintainable.

Commit Workflow Orchestration

The pre-commit workflow (documented in .opencode/rules/commit-workflow.md) chains multiple agents:

sequenceDiagram
    participant U as User
    participant B as Build Agent
    participant TR as test-runner
    participant RC as review-cheap

    U->>B: "commit these changes"
    B->>B: Classify changed files
    B->>TR: Run tests for affected modules
    TR->>B: PASS / FAIL
    B->>RC: Adversarial review (fresh context)
    RC->>B: PASS / FAIL + issues
    alt All pass
        B->>B: git add + git commit
        B->>U: Committed
    else Any failure
        B->>U: Issues found (details)
    end

Directory Structure

mockserver/
├── opencode.jsonc                          # Root config (models, permissions, agents)
├── AGENTS.md                               # Global instructions (loaded every session)
└── .opencode/
    ├── .gitignore                           # Ignores node_modules, package.json, bun.lock
    ├── package.json                         # Plugin dependency (@opencode-ai/plugin)
    ├── IMPROVEMENTS.md                      # Applied and planned improvements
    ├── agents/                              # 12 sub-agent prompt files
    │   ├── code-reviewer.md
    │   ├── council-seat.md
    │   ├── debugger.md
    │   ├── docs-writer.md
    │   ├── implementer.md
    │   ├── pipeline-investigator.md
    │   ├── review-cheap.md
    │   ├── review-final.md
    │   ├── security-auditor.md
    │   ├── simplifier.md
    │   ├── taskify-agent.md
    │   └── test-runner.md
    ├── rules/                               # 24 guardrail files
    │   ├── aws-ids-file.md
    │   ├── coding-principles.md
    │   ├── commit-locking.md
    │   ├── commit-workflow.md
    │   ├── control-integrity.md
    │   ├── decision-log.md
    │   ├── documentation-style.md
    │   ├── evaluation-harness.md
    │   ├── git-safety.md
    │   ├── licence-provenance.md
    │   ├── local-plans.md
    │   ├── mermaid-diagrams.md
    │   ├── metrics.md
    │   ├── multi-pass-temperature.md
    │   ├── operating-model.md
    │   ├── operator-halt.md
    │   ├── report-formatting.md
    │   ├── review-constitution.md
    │   ├── risk-authority-classification.md
    │   ├── subagent-routing.md
    │   ├── testing-policy.md
    │   ├── tmp-directory.md
    │   ├── untrusted-input.md
    │   └── worktree-workflow.md
    ├── skills/                              # 17 skill workflows
    │   ├── aws-investigation/
    │   │   ├── SKILL.md
    │   │   └── report-template.md
    │   ├── browser-auth/
    │   │   └── SKILL.md
    │   ├── build-monitor/
    │   │   └── SKILL.md
    │   ├── dependabot-snyk-pr-management/
    │   │   └── SKILL.md
    │   ├── docker-build-push/
    │   │   └── SKILL.md
    │   ├── dockerhub-credentials/
    │   │   └── SKILL.md
    │   ├── ideate/
    │   │   ├── SKILL.md
    │   │   └── spec-template.md
    │   ├── issue-review/
    │   │   └── SKILL.md
    │   ├── pipeline-investigation/
    │   │   ├── SKILL.md
    │   │   └── report-template.md
    │   ├── pr-monitor/
    │   │   └── SKILL.md
    │   ├── pr-review/
    │   │   └── SKILL.md
    │   ├── release-management/
    │   │   └── SKILL.md
    │   ├── renew-test-certs/
    │   │   └── SKILL.md
    │   ├── review-code/
    │   │   └── SKILL.md
    │   ├── review-spec/
    │   │   └── SKILL.md
    │   ├── terraform-tfvars/
    │   │   └── SKILL.md
    │   └── ui-screenshots/
    │       └── SKILL.md
    ├── commands/                             # 12 slash commands
    │   ├── aws-investigation.md
    │   ├── codebase-change-report.md
    │   ├── codeql-scan.md
    │   ├── commit.md
    │   ├── design-council.md
    │   ├── excalidraw.md
    │   ├── issue-review.md
    │   ├── pipeline-investigation.md
    │   ├── prepare-release.md
    │   ├── review-code.md
    │   ├── review-spec.md
    │   └── update-architecture-docs.md
    ├── plugins/                             # 2 session plugins
    │   ├── buildkite-status.ts
    │   └── session-notification.ts
    └── plans/                               # Plan documents
        ├── fix-control-plane-tls-1766.md
        ├── fix-verify-false-positive-1757.md
        └── python-ruby-release-infrastructure.md

Maintenance

When modifying the opencode configuration:

  • Adding an agent: Add the entry to opencode.jsonc, create the prompt file in .opencode/agents/, update the routing table in AGENTS.md, and update this document.
  • Adding a skill: Create the skill directory under .opencode/skills/, add a SKILL.md, optionally add templates. If the skill requires subagent routing, create a corresponding command file and add the conversational mapping in .opencode/rules/subagent-routing.md.
  • Adding a rule: Create the rule file in .opencode/rules/. Rules are automatically loaded based on filename conventions.
  • Changing model assignments: Update the model field in the agent's entry in opencode.jsonc. No other files need to change.
  • Adding a command: Create a markdown file in .opencode/commands/ with YAML frontmatter specifying the target agent.
  • Adding a plugin: Create the TypeScript file in .opencode/plugins/. Ensure @opencode-ai/plugin is in .opencode/package.json.
  • Validation: Run ./scripts/validate_opencode_config.sh to catch broken command→skill references, command→agent mismatches, subagent-routing drift, and hardcoded infrastructure literals.