Skip to content

fix: replace backslash with forward slash in /generate-image command #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Delqhi wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix: replace backslash with forward slash in /generate-image command #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4a33cf2
feat(opencode): add sin-box-storage MCP client for Box.com cloud storage
Apr 17, 2026
ea41103
governance: publish canonical repo-governance, pr-watcher, and platfo…
Apr 17, 2026
a45218c
fix(qwen-auth): prevent concurrent sessions from burning single-use r…
Apr 17, 2026
84e9d5c
BUG-OCI-001: Create my-sin-coding-agents.json team config for 6 dedic…
Apr 17, 2026
63c9d76
fix: replace backslash with forward slash in /generate-image command …
Apr 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions local-plugins/opencode-qwen-auth/dist/src/plugin.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

55 changes: 55 additions & 0 deletions my-sin-coding-agents.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"$schema": "https://github.com/Delqhi/upgraded-opencode-stack/blob/main/schemas/team-config.schema.json",
"team_id": "team-coding-agents",
"name": "Team Coding Agents (6 dedicated repos)",
"description": "6 dedicated A2A Coder Agents with individual GitHub repos — split from monolithic OpenSIN-Code for isolated deployments, independent versioning, and crash-storm protection. Established after BUG-OCI-001 (OCI VM disk-full incident, 2026-04-16).",
"manager": "A2A-SIN-Zeus",
"primary_model": "google/antigravity-claude-sonnet-4-6",
"fallback_models": [
"openai/gpt-5.4",
"google/antigravity-gemini-3.1-pro",
"qwen/coder-model"
Comment on lines +7 to +11
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Are "google/antigravity-claude-sonnet-4-6" and "google/antigravity-gemini-3.1-pro" valid Google AI model identifiers as of April 2026?

💡 Result:

No, "google/antigravity-claude-sonnet-4-6" and "google/antigravity-gemini-3.1-pro" are not valid Google AI model identifiers as of April 2026. They appear to be provider-prefixed model IDs used in third-party tools like OpenClaw that integrate with Google's Antigravity IDE/platform, which hosts models such as claude-sonnet-4-6 and gemini-3.1-pro (or variants like gemini-3.1-pro-high/low). Official Google AI model identifiers, per Vertex AI and Gemini documentation, use formats like "gemini-3.1-pro" or "claude-sonnet-4-5" without the "google/antigravity-" prefix, as Antigravity acts as a unified gateway for models from Google, Anthropic, etc.

Citations:

Confirm these model identifiers match your deployment environment.

These model IDs use non-standard formatting:

  • google/antigravity-claude-sonnet-4-6 and google/antigravity-gemini-3.1-pro appear to be OpenClaw/Antigravity platform-specific identifiers rather than standard Google AI endpoints
  • openai/gpt-5.4 has an unusually high version number

If these are intentional for your deployment, confirm they're correct. If deploying with standard APIs, they should be updated to use official model identifiers (e.g., gemini-2.0-flash, gpt-4-turbo).

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@my-sin-coding-agents.json` around lines 7 - 11, The model identifiers in the
configuration (fields primary_model and fallback_models containing
"google/antigravity-claude-sonnet-4-6", "openai/gpt-5.4", and
"google/antigravity-gemini-3.1-pro") look non-standard; confirm these exact IDs
match your deployment registry or replace them with official provider model IDs
(e.g., gemini-2.0-flash, gpt-4-turbo, etc.) used by your runtime, then update
primary_model and/or fallback_models accordingly and validate by running a quick
test call to the model endpoint to ensure the identifiers resolve.

],
"established": "2026-04-17",
"bug_references": [
"BUG-OCI-001"
],
"members": {
"A2A-SIN-Code-Backend": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Backend",
"port": 7863,
"purpose": "Backend specialists — Server, OracleCloud, APIs",
"specialization": "backend-api-server"
},
"A2A-SIN-Code-Command": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Command",
"port": 7861,
"purpose": "Command/CLI agents — shell, automation, scripting",
"specialization": "cli-automation"
},
"A2A-SIN-Code-Frontend": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Frontend",
"port": 7865,
"purpose": "Frontend specialists — UI/UX, React, CSS",
"specialization": "frontend-ui-ux"
},
"A2A-SIN-Code-Fullstack": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Fullstack",
"port": 7864,
"purpose": "Fullstack specialists — end-to-end implementations",
"specialization": "fullstack-end-to-end"
},
"A2A-SIN-Code-Plugin": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Plugin",
"port": 7860,
"purpose": "Plugin developers — MCPs, integrations, auth",
"specialization": "plugins-mcps-integrations"
},
"A2A-SIN-Code-Tool": {
"github": "https://github.com/OpenSIN-AI/A2A-SIN-Code-Tool",
"port": 7862,
"purpose": "Tool builders — CLI utilities, external integrations",
"specialization": "cli-utilities-external-tools"
}
}
}
Comment on lines +1 to +55
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Clarify the relationship between PR title and file content.

The PR title indicates a fix for "replace backslash with forward slash in /generate-image command," but this file (my-sin-coding-agents.json) is a team configuration file with no apparent connection to image generation or path separators.

Please verify:

  • Is this the correct file for this PR?
  • Does the PR contain multiple unrelated changes?
  • Should this be in a separate PR?
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@my-sin-coding-agents.json` around lines 1 - 55, The PR title references
fixing path separators for a /generate-image command but the changed file
my-sin-coding-agents.json is a team configuration (contains keys like "team_id",
"members", and member entries such as "A2A-SIN-Code-Tool" and
"A2A-SIN-Code-Backend"); confirm whether this file truly belongs to the change
set, if the PR accidentally includes unrelated files, and if so either remove
this JSON from the PR or split into a separate PR and update the PR description
to list all affected files and the actual change to the /generate-image command
(or move the path-separator fix into the repo/file that implements
/generate-image).

12 changes: 12 additions & 0 deletions opencode.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -497,6 +497,18 @@
],
"enabled": true
},
"sin-box-storage": {
"type": "local",
"command": [
"python3",
"/Users/jeremy/dev/A2A-SIN-Box-Storage/scripts/mcp-box-storage.py"
],
"environment": {
"BOX_STORAGE_URL": "http://room-09-box-storage:3000",
"BOX_STORAGE_API_KEY": "${BOX_STORAGE_API_KEY}"
},
Comment on lines +506 to +509
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

OpenCode CLI opencode.jsondocs: what is the supported syntax for environment variable references insidemcp..environmentvalues —${VAR}or{env:VAR}?

💡 Result:

The supported syntax for environment variable references inside mcp..environment values in OpenCode CLI's opencode.json is {env:VAR}. OpenCode's configuration files support variable substitution throughout, including in MCP configurations. The official documentation explicitly states: "Use {env:VARIABLE_NAME} to substitute environment variables." Examples show this syntax used in MCP URLs, headers, and command args (e.g., --api-key "{env:CONTEXT7_API_KEY}"), and since environment values are strings processed the same way, it applies there. No sources mention ${VAR} as supported syntax. Hardcoded string values are shown in basic examples (e.g., "MY_ENV_VAR": "my_env_var_value"), but the general variable substitution mechanism uses {env:VAR}. This is confirmed across official config docs, MCP server docs, and GitHub issues/discussions where {env:VAR} is used successfully in MCP contexts.

Citations:

Fix env variable interpolation syntax for MCP API key.

At Line 508, BOX_STORAGE_API_KEY uses ${BOX_STORAGE_API_KEY}, which OpenCode does not support. The correct syntax is {env:BOX_STORAGE_API_KEY}. With the current syntax, the literal string ${BOX_STORAGE_API_KEY} will be passed to the MCP server, causing authentication to fail at runtime.

Fix 
       "environment": {
         "BOX_STORAGE_URL": "http://room-09-box-storage:3000",
-        "BOX_STORAGE_API_KEY": "${BOX_STORAGE_API_KEY}"
+        "BOX_STORAGE_API_KEY": "{env:BOX_STORAGE_API_KEY}"
       },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"environment": {
"BOX_STORAGE_URL": "http://room-09-box-storage:3000",
"BOX_STORAGE_API_KEY": "${BOX_STORAGE_API_KEY}"
},
"environment": {
"BOX_STORAGE_URL": "http://room-09-box-storage:3000",
"BOX_STORAGE_API_KEY": "{env:BOX_STORAGE_API_KEY}"
},
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@opencode.json` around lines 506 - 509, The environment entry for
BOX_STORAGE_API_KEY is using unsupported interpolation syntax
`${BOX_STORAGE_API_KEY}`; update the value in the environment object (the
"BOX_STORAGE_API_KEY" key) to use OpenCode's supported form
`{env:BOX_STORAGE_API_KEY}` so the real MCP API key is injected at runtime
instead of the literal string.

"enabled": true
},
"webauto-nodriver": {
"type": "local",
"command": [
Expand Down
2 changes: 1 addition & 1 deletion skills/gen-thumbnail/scripts/generate_thumbnail_pipeline.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ function latestGeneratedImage() {
}

function runImage(prompt, fileName) {
const message = `\\generate-image ${prompt}; file name should be ${fileName}; save it at .opencode/generated-images`;
const message = `/generate-image ${prompt}; file name should be ${fileName}; save it at .opencode/generated-images`;
execFileSync("opencode", ["run", message, "--model=google/antigravity-gemini-3-flash", "--format", "json"], {
encoding: "utf8",
stdio: ["ignore", "pipe", "pipe"]
Expand Down
71 changes: 71 additions & 0 deletions templates/governance/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
# Governance Contract Templates

> **Canonical templates for sovereign repo governance across the OpenSIN fleet.**
> Version: 2026.04.17 | Issue: upgraded-opencode-stack#26

## Overview

This directory contains **concrete template instances** that any A2A repo can copy to bootstrap its governance stack. The corresponding JSON Schemas live in the parent `templates/` directory.

## Files

| File | Purpose | Copy To |
|------|---------|---------|
| `repo-governance.template.json` | Branch protection, merge rules, fail-closed semantics | `governance/repo-governance.json` |
| `pr-watcher.template.json` | PR review automation, credential scanning, escalation | `governance/pr-watcher.json` |
| `platform-registry.template.json` | Platform intake registry with fail-closed rules | `platforms/registry.json` |

## Usage

### For New Repos (via Factory)

The factory (`create-sin-a2a-agent.mjs`) reads `Template-SIN-Agent/required-files.manifest.json` and copies these templates automatically during repo generation, substituting `{{REPO_SLUG}}` with the actual agent slug.

### For Existing Repos (via Backfill)

```bash
# Copy and customize for your repo
cp templates/governance/repo-governance.template.json governance/repo-governance.json
cp templates/governance/pr-watcher.template.json governance/pr-watcher.json
cp templates/governance/platform-registry.template.json platforms/registry.json

# Replace placeholder with actual repo slug
sed -i '' 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify docs do not contain BSD-only in-place sed syntax without GNU alternative.
# Expected result after fix: either no matches, or both macOS and Linux variants documented.
rg -nP "sed\s+-i\s+''" --type md

Repository: Delqhi/upgraded-opencode-stack

Length of output: 188

🏁 Script executed:

# Search for other sed usages in documentation
rg "sed\s+" templates/governance/README.md -A 1 -B 1

# Check if there are any other platform-specific notes or patterns in the repo
rg -l "macOS|Linux|GNU|BSD" --type md | head -10

# Look for existing sed patterns in shell scripts or docs
rg "sed\s+-i" --type sh -c 5

Repository: Delqhi/upgraded-opencode-stack

Length of output: 1102

🏁 Script executed:

# Get more context around the sed line in the README
cat -n templates/governance/README.md | sed -n '25,40p'

# Check for any platform-specific guidance in the repo
rg "platform|macOS|Linux|cross-platform" templates/governance/README.md

# Look for .sed alternatives or other sed patterns
rg "\-i\." --type md --type sh | head -10

Repository: Delqhi/upgraded-opencode-stack

Length of output: 1471

🏁 Script executed:

# Check if there are shell scripts in the repo with sed usage patterns
fd -e sh -e bash | head -20 | xargs rg "sed\s+-i" --no-heading -A 0 -B 0

# Check the exact context of the sed command in the README
cat -n templates/governance/README.md | sed -n '32,34p'

# Look for any existing cross-platform handling patterns
rg "platform" templates/governance/README.md --context 2

Repository: Delqhi/upgraded-opencode-stack

Length of output: 2700

🏁 Script executed:

# Check if there's any CI/GitHub Actions that might indicate platform support
fd -e yml -e yaml | xargs grep -l "macos\|ubuntu\|linux" | head -5

# Look for any .sedrc or sed configuration
find . -name ".sed*" -o -name "*sed*rc"

# Check if there's any mention of cross-platform or sed alternatives
rg "cross.platform|gsed|perl.*substitute" --type md --type sh

Repository: Delqhi/upgraded-opencode-stack

Length of output: 544

🏁 Script executed:

# Check the CI workflow to see what platform(s) it runs on
cat scripts/ci-workflow-template.yml | head -50

# Look for any OS detection or platform-specific commands in setup
rg "runs-on|runner|uname|darwin" scripts/ci-workflow-template.yml

Repository: Delqhi/upgraded-opencode-stack

Length of output: 514

Provide both macOS/BSD and Linux/GNU sed syntax variants in the documentation.

The sed -i '' command fails on GNU sed (standard on Linux/CI environments). Since the CI runs on ubuntu-latest, users following these docs will encounter errors. Provide both variants:

Suggested docs update 
# Replace placeholder with actual repo slug
-sed -i '' 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
+# macOS / BSD sed
+sed -i '' 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
+# Linux / GNU sed
+sed -i 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
sed -i '' 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
# Replace placeholder with actual repo slug
# macOS / BSD sed
sed -i '' 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
# Linux / GNU sed
sed -i 's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@templates/governance/README.md` at line 33, The README currently uses the
macOS/BSD-only sed invocation `sed -i ''` which fails on GNU sed in CI; update
the line that targets `governance/*.json` and `platforms/*.json` to show both
platform-specific variants by replacing the single `sed -i ''
's/{{REPO_SLUG}}/your-agent-slug/g' governance/*.json platforms/*.json` entry
with two clearly labeled commands: one example for macOS/BSD (using the `-i ''`
form) and one for Linux/GNU (using the `-i` form), and add a short note advising
which to use in CI/environments to prevent failures.

```

### Validation

Validate your governance files against the schemas:

```bash
# Using ajv-cli or similar JSON Schema validator
ajv validate -s templates/repo-governance.schema.json -d governance/repo-governance.json
ajv validate -s templates/pr-watcher.schema.json -d governance/pr-watcher.json
ajv validate -s templates/platform-registry.schema.json -d platforms/registry.json
```

## Schema Reference

| Schema | Location |
|--------|----------|
| `repo-governance.schema.json` | `templates/repo-governance.schema.json` |
| `pr-watcher.schema.json` | `templates/pr-watcher.schema.json` |
| `platform-registry.schema.json` | `templates/platform-registry.schema.json` |
| `work-item.schema.json` | `templates/work-item.schema.json` |

## Template Variables

All templates use `{{REPO_SLUG}}` as the primary substitution variable. The factory replaces this with the agent's actual slug during generation.

## Relationship to Template-SIN-Agent

These templates are the **source of truth** for governance file content. `Template-SIN-Agent` contains its own copies (in `governance/`, `platforms/`) but those are generated FROM these templates. When updating governance contracts, update HERE first, then propagate to Template-SIN-Agent.

## Fail-Closed Rules

All governance contracts follow fail-closed semantics:
- Unknown check results → **block** (not pass)
- Missing required files → **block merge**
- Credential leaks → **block merge immediately**
- Unregistered platforms → **blocked** (no implicit access)
- CI runner timeout → **block** (not skip)
33 changes: 33 additions & 0 deletions templates/governance/platform-registry.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"$comment": "Concrete template instance — copy this file to platforms/registry.json in any A2A repo and replace {{REPO_SLUG}}.",
"$schema": "https://opencode.local/templates/platform-registry.schema.json",
"version": "2026.04.17",
"platforms": [
{
"id": "github-issues",
"name": "GitHub Issues",
"category": "issue-tracker",
"enabled": true,
"status": "active",
"intakeMode": "webhook",
"webhookPath": "/webhooks/github",
"signatureRequired": true,
"authRef": "env:GITHUB_WEBHOOK_SECRET",
"baseUrl": "https://api.github.com",
"eventTypes": ["issues.opened", "issues.edited", "issues.labeled"],
"normalizer": "n8n-workflows/inbound-intake.json",
"dedupeKeyTemplate": "github:{{REPO_SLUG}}:issue:{{externalId}}",
"defaultRepo": "OpenSIN-AI/{{REPO_SLUG}}",
"defaultLabels": ["inbound", "github"],
"watcherRequired": true,
"watcherConfigRef": "governance/pr-watcher.json",
"riskLevel": "low",
"automationPolicy": "issue_plus_pr",
"allowedActions": ["create_issue", "update_issue", "create_branch", "create_pr"],
"forbiddenActions": ["force_push", "delete_branch_main"],
"evidenceRequired": false,
"retentionDays": 365,
"notes": "Default platform for all A2A repos. GitHub Issues are the canonical intake surface."
}
]
}
33 changes: 33 additions & 0 deletions templates/governance/pr-watcher.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"$comment": "Concrete template instance — copy this file to governance/pr-watcher.json in any A2A repo and replace {{REPO_SLUG}}.",
"$schema": "https://opencode.local/templates/pr-watcher.schema.json",
"enabled": true,
"repo": "OpenSIN-AI/{{REPO_SLUG}}",
"prSource": "all",
"ignoreAuthors": [],
"ignoreBots": false,
"noisePrefixes": ["chore(deps):", "ci:"],
"noiseSubstrings": ["bump version", "auto-generated"],
"watcherScript": "scripts/watch-pr-feedback.sh",
"followupCommand": "gh pr review --approve",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Avoid defaulting to unconditional PR approval in shared governance templates.

gh pr review --approve as a template default creates a broad auto-approval path for every adopting repo. Make approval explicit per-repo, and keep the shared default non-approving.

🔧 Safer default 
-  "followupCommand": "gh pr review --approve",
+  "followupCommand": "gh pr review --comment --body \"Auto-review completed; manual approval required.\"",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"followupCommand": "gh pr review --approve",
"followupCommand": "gh pr review --comment --body \"Auto-review completed; manual approval required.\"",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@templates/governance/pr-watcher.template.json` at line 12, The template
currently defaults followupCommand to an unconditional approval
("followupCommand" value "gh pr review --approve"); change this to a
non-approving safe default by either removing the approve flag or clearing the
followupCommand value (e.g., set followupCommand to an empty string or a neutral
command) so adopters must explicitly opt into approving PRs; update the
"followupCommand" entry in the pr-watcher.template.json accordingly (refer to
the followupCommand key in the JSON).

"stateDir": ".pr-watcher-state",
"summaryFile": ".pr-watcher-state/summary.json",
"logFile": ".pr-watcher-state/watcher.log",
"reviewPolicy": {
"autoReviewEnabled": true,
"autoReviewModel": "opencode run --format json",
"credentialScanEnabled": true,
"credentialPatterns": [
"GOOGLE_API_KEY", "OPENAI_API_KEY", "A2A_FLEET_TOKEN",
"sk-", "ghp_", "gho_", "Bearer ", "password", "secret"
],
"requiredFilesCheckEnabled": true,
"requiredFilesManifest": "required-files.manifest.json"
},
"escalation": {
"staleAfterHours": 48,
"abandonedAfterDays": 7,
"telegramBot": "sin-telegrambot",
"telegramChannel": "fleet-alerts"
}
}
31 changes: 31 additions & 0 deletions templates/governance/repo-governance.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"$comment": "Concrete template instance — copy this file to governance/repo-governance.json in any A2A repo and replace {{REPO_SLUG}}.",
"$schema": "https://opencode.local/templates/repo-governance.schema.json",
"repo": "{{REPO_SLUG}}",
"issueFirstRequired": true,
"prWatcherRequired": true,
"strictDispatchMatrixRequired": false,
"platformRegistryRef": "platforms/registry.json",
"prWatcherConfigRef": "governance/pr-watcher.json",
"coderDispatchMatrixRef": null,
"workItemSchemaRef": "https://opencode.local/templates/work-item.schema.json",
"defaultLabels": ["inbound", "a2a"],
"automationFlow": [
"1. External platform sends work via webhook/poller",
"2. n8n normalizes payload to work_item schema",
"3. GitHub issue created/updated in target repo",
"4. Agent picks up issue, creates branch + PR",
"5. PR Watcher validates: required files, credential scan, build check",
"6. On approval: squash merge, auto-delete branch",
"7. Post-merge verification: build, agent card, fleet validator"
],
"failClosedRules": [
"Unregistered platforms are blocked — no implicit access",
"Missing webhook auth blocks intake",
"Missing critical required files blocks merge",
"Credential leak in PR diff blocks merge immediately",
"Unknown check result blocks merge (fail-closed default)",
"CI runner timeout blocks merge"
],
"trackingIssue": null
}