Merge pull request #15 from BaseInfinity/v0.11.2-security-agent

v0.11.2: security agent (model + temp + sandbox)

Author: BaseInfinity

CHANGELOG.md

@@ -2,6 +2,83 @@
 
 All notable changes to opencode-sdlc-wizard.
 
+## [0.11.2] - 2026-05-18
+
+### Added — Security agent (full set: model + temperature + tools-denial sandbox)
+
+The joelhooks community config dedicates a `security` agent to "is this
+code safe" reviews with the same write/edit/patch denial as plan-mode.
+v0.11.2 ships the full surface for it: model triplet (mirrors v0.10.2
+planner), temperature (mirrors v0.11.1), and tool-denial sandbox
+(mirrors v0.10.5 plan).
+
+```bash
+npx opencode-sdlc-wizard pick \
+  --tier proprietary --provider anthropic \
+  --security-tier proprietary --security-provider openai --security-model gpt-5.3-codex \
+  --security-temp 0.1 \
+  --sandbox-security
+```
+
+Yields:
+
+```json
+{
+  "model": "anthropic/claude-opus-4-7",
+  "provider": {
+    "anthropic": { ... },
+    "openai":    { ... }
+  },
+  "agent": {
+    "security": {
+      "model": "openai/gpt-5.3-codex",
+      "temperature": 0.1,
+      "tools": { "write": false, "edit": false, "patch": false }
+    }
+  }
+}
+```
+
+OpenCode routes security-class agent tasks to the dedicated model, with
+deterministic temperature and zero write capability — security reviews
+can never apply a patch by accident.
+
+### New flags
+
+- `--security-tier T --security-provider P [--security-model M]` —
+  triplet (mirrors `--reviewer-*` / `--planner-*`); writes
+  `agent.security.model` + security provider block
+- `--security-temp T` — writes `agent.security.temperature` (mirrors
+  `--coder-temp` / `--planner-temp` / `--reviewer-temp`)
+- `--sandbox-security` — writes `agent.security.tools = {write/edit/patch: false}`
+  (mirrors `--sandbox-plan`)
+
+All flags opt-in, all-or-nothing on the triplet, default-model fallback
+via the same `default_model_for()` shared with coder/reviewer/planner/small.
+
+### Changed
+
+- `scripts/configure-backend.sh`: 5 new flag entries, new
+  `securityMode` block in the node heredoc, new `agent.security` cases
+  in the sandbox + temperature emission blocks
+- `scripts/pick-backend.sh`: new flags, `validate_agent_triplet "security"`
+  call, `default_model_for()` fallback, passthrough block
+
+### Tests
+
+- `tests/test-backend-picker.sh` adds T61–T65 (model writes + tools
+  sandbox + triple-compose + partial-spec rejection + regression guard)
+- `tests/test-pick.sh` adds T39–T40 (full passthrough + regression guard)
+- **395 tests across 12 suites** (was 388 / 12 in v0.11.1)
+
+### Compat
+
+- Opt-in only. v0.10.x / v0.11.0 / v0.11.1 configs unchanged.
+- Composes with every prior flag.
+- **The full v0.11.2 hybrid in one call:** coder + small_model + planner
+  + reviewer + security agents, each with their own model, temperature,
+  and (where applicable) sandbox. Five agents total covered.
+
 ## [0.11.1] - 2026-05-18
 
 ### Added — Per-agent temperatures (`--coder-temp`, `--planner-temp`, `--reviewer-temp`)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-sdlc-wizard",
-  "version": "0.11.1",
+  "version": "0.11.2",
   "description": "SDLC enforcement for OpenCode CLI — privacy-first, any-backend portability with a four-tier backend picker plus an OSS-tier cross-model-review skill so the full SDLC loop can run with zero Anthropic+OpenAI lock-in. Ships JSON Schemas for review artifacts so any consumer (cross-model-review, ditto, CI) can validate. Install with `npx opencode-sdlc-wizard init`. Sibling of agentic-sdlc-wizard and codex-sdlc-wizard.",
   "bin": {
     "opencode-sdlc-wizard": "cli/bin/opencode-sdlc-wizard.js"

scripts/configure-backend.sh

@@ -66,6 +66,14 @@ SANDBOX_PLAN=0
 CODER_TEMP=""
 PLANNER_TEMP=""
 REVIEWER_TEMP=""
+SECURITY_TEMP=""
+# v0.11.2 security agent. Same triplet shape as reviewer/planner;
+# writes agent.security.model + security provider block. Plus the
+# matching --sandbox-security flag for tools.{write,edit,patch}=false.
+SECURITY_TIER=""
+SECURITY_PROVIDER=""
+SECURITY_MODEL=""
+SANDBOX_SECURITY=0
 
 usage() {
   sed -n '2,15p' "$0"
@@ -110,6 +118,15 @@ while [ $# -gt 0 ]; do
     --planner-temp=*) PLANNER_TEMP="${1#*=}" ;;
     --reviewer-temp) shift; REVIEWER_TEMP="${1:-}" ;;
     --reviewer-temp=*) REVIEWER_TEMP="${1#*=}" ;;
+    --security-temp) shift; SECURITY_TEMP="${1:-}" ;;
+    --security-temp=*) SECURITY_TEMP="${1#*=}" ;;
+    --security-tier) shift; SECURITY_TIER="${1:-}" ;;
+    --security-tier=*) SECURITY_TIER="${1#*=}" ;;
+    --security-provider) shift; SECURITY_PROVIDER="${1:-}" ;;
+    --security-provider=*) SECURITY_PROVIDER="${1#*=}" ;;
+    --security-model) shift; SECURITY_MODEL="${1:-}" ;;
+    --security-model=*) SECURITY_MODEL="${1#*=}" ;;
+    --sandbox-security) SANDBOX_SECURITY=1 ;;
     -h|--help) usage; exit 0 ;;
     *) echo "Unknown arg: $1" >&2; usage >&2; exit 2 ;;
   esac
@@ -142,6 +159,16 @@ if [ "$PL_SET" -ne 0 ] && [ "$PL_SET" -ne 3 ]; then
   exit 2
 fi
 
+# v0.11.2 security validation: same all-or-nothing rule.
+SC_SET=0
+[ -n "$SECURITY_TIER" ] && SC_SET=$((SC_SET+1))
+[ -n "$SECURITY_PROVIDER" ] && SC_SET=$((SC_SET+1))
+[ -n "$SECURITY_MODEL" ] && SC_SET=$((SC_SET+1))
+if [ "$SC_SET" -ne 0 ] && [ "$SC_SET" -ne 3 ]; then
+  echo "--security-tier / --security-provider / --security-model must all be set together (or none)" >&2
+  exit 2
+fi
+
 # v0.10.4 small-model validation.
 SM_SET=0
 [ -n "$SMALL_TIER" ] && SM_SET=$((SM_SET+1))
@@ -163,7 +190,9 @@ node - "$TIER" "$PROVIDER" "$MODEL" "$CONFIG_PATH" "$FORCE" "$PRINT_ONLY" \
      "$PLANNER_TIER" "$PLANNER_PROVIDER" "$PLANNER_MODEL" \
      "$SMALL_TIER" "$SMALL_PROVIDER" "$SMALL_MODEL" \
      "$SANDBOX_PLAN" \
-     "$CODER_TEMP" "$PLANNER_TEMP" "$REVIEWER_TEMP" <<'NODE'
+     "$CODER_TEMP" "$PLANNER_TEMP" "$REVIEWER_TEMP" \
+     "$SECURITY_TIER" "$SECURITY_PROVIDER" "$SECURITY_MODEL" \
+     "$SECURITY_TEMP" "$SANDBOX_SECURITY" <<'NODE'
 const fs = require("node:fs");
 const [
   tier, providerArg, model, configPath, forceStr, printOnlyStr,
@@ -173,6 +202,8 @@ const [
   smallTier, smallProviderArg, smallModel,
   sandboxPlanStr,
   coderTempStr, plannerTempStr, reviewerTempStr,
+  securityTier, securityProviderArg, securityModel,
+  securityTempStr, sandboxSecurityStr,
 ] = process.argv.slice(2);
 const force = forceStr === "1";
 const printOnly = printOnlyStr === "1";
@@ -182,12 +213,15 @@ const sandboxDocs = sandboxDocsStr === "1";
 const plannerMode = Boolean(plannerTier && plannerProviderArg && plannerModel);
 const smallMode = Boolean(smallTier && smallProviderArg && smallModel);
 const sandboxPlan = sandboxPlanStr === "1";
+const securityMode = Boolean(securityTier && securityProviderArg && securityModel);
+const sandboxSecurity = sandboxSecurityStr === "1";
 // Parse temperatures only if non-empty; empty string means "not set"
 // (no temperature field emitted). Numbers preserve as numbers in JSON.
 function parseTemp(s) { return s === "" ? null : Number(s); }
 const coderTemp = parseTemp(coderTempStr);
 const plannerTemp = parseTemp(plannerTempStr);
 const reviewerTemp = parseTemp(reviewerTempStr);
+const securityTemp = parseTemp(securityTempStr);
 
 // Canonical provider IDs. Detector emits user-friendly aliases; we accept both
 // and emit the canonical OpenCode/models.dev ID in the written config so model
@@ -530,6 +564,18 @@ if (plannerMode) {
   });
 }
 
+// v0.11.2 Security mode: identical shape to planner. Writes
+// agent.security.model + security provider block. Joelhooks-pattern
+// security agent typically pairs with --sandbox-security below.
+if (securityMode) {
+  const securityProvider = PROVIDER_ALIASES[securityProviderArg] || securityProviderArg;
+  const securityFragment = fragmentFor(securityTier, securityProvider, securityModel);
+  merged.provider = deepMerge(merged.provider, securityFragment.provider || {});
+  merged.agent = deepMerge(merged.agent || existing.agent || {}, {
+    security: { model: securityFragment.model },
+  });
+}
+
 // v0.10.4 small_model: top-level field (not nested under agent). Distinct
 // from agent.plan.model — small_model is OpenCode's cross-cutting hint
 // for "use this when the call is cheap" (title generation, summary
@@ -549,7 +595,7 @@ if (smallMode) {
 // — categorical tool denial, distinct shape from the path-scoped
 // permission.write blocks above. Composes with v0.10.2 planner model
 // (agent.plan ends up with both .model AND .tools when both flags set).
-if (sandboxTestWriter || sandboxDocs || sandboxPlan) {
+if (sandboxTestWriter || sandboxDocs || sandboxPlan || sandboxSecurity) {
   const sandboxAdditions = {};
   if (sandboxTestWriter) {
     sandboxAdditions["test-writer"] = {
@@ -577,18 +623,27 @@ if (sandboxTestWriter || sandboxDocs || sandboxPlan) {
       tools: { write: false, edit: false, patch: false },
     };
   }
+  // v0.11.2: security agent denies the same tools as plan — read +
+  // reason, never write. Joelhooks-pattern; matches the canonical
+  // "security review can't accidentally apply a patch" guarantee.
+  if (sandboxSecurity) {
+    sandboxAdditions["security"] = {
+      tools: { write: false, edit: false, patch: false },
+    };
+  }
   merged.agent = deepMerge(merged.agent || existing.agent || {}, sandboxAdditions);
 }
 
 // v0.11.1 per-agent temperatures. Each non-null value sets the
 // agent.<name>.temperature field; deep-merges with any existing model /
 // tools / permission siblings on that agent. --coder-temp targets the
 // `build` agent (OpenCode's default agent name for code generation).
-if (coderTemp !== null || plannerTemp !== null || reviewerTemp !== null) {
+if (coderTemp !== null || plannerTemp !== null || reviewerTemp !== null || securityTemp !== null) {
   const tempAdditions = {};
   if (coderTemp !== null) tempAdditions["build"] = { temperature: coderTemp };
   if (plannerTemp !== null) tempAdditions["plan"] = { temperature: plannerTemp };
   if (reviewerTemp !== null) tempAdditions["review"] = { temperature: reviewerTemp };
+  if (securityTemp !== null) tempAdditions["security"] = { temperature: securityTemp };
   merged.agent = deepMerge(merged.agent || existing.agent || {}, tempAdditions);
 }
 

scripts/pick-backend.sh

@@ -76,6 +76,12 @@ SANDBOX_PLAN=0
 CODER_TEMP=""
 PLANNER_TEMP=""
 REVIEWER_TEMP=""
+SECURITY_TEMP=""
+# v0.11.2 security agent (model triplet + sandbox flag).
+SECURITY_TIER=""
+SECURITY_PROVIDER=""
+SECURITY_MODEL=""
+SANDBOX_SECURITY=0
 
 while [ $# -gt 0 ]; do
   case "$1" in
@@ -117,6 +123,15 @@ while [ $# -gt 0 ]; do
     --planner-temp=*) PLANNER_TEMP="${1#*=}" ;;
     --reviewer-temp) shift; REVIEWER_TEMP="${1:-}" ;;
     --reviewer-temp=*) REVIEWER_TEMP="${1#*=}" ;;
+    --security-temp) shift; SECURITY_TEMP="${1:-}" ;;
+    --security-temp=*) SECURITY_TEMP="${1#*=}" ;;
+    --security-tier) shift; SECURITY_TIER="${1:-}" ;;
+    --security-tier=*) SECURITY_TIER="${1#*=}" ;;
+    --security-provider) shift; SECURITY_PROVIDER="${1:-}" ;;
+    --security-provider=*) SECURITY_PROVIDER="${1#*=}" ;;
+    --security-model) shift; SECURITY_MODEL="${1:-}" ;;
+    --security-model=*) SECURITY_MODEL="${1#*=}" ;;
+    --sandbox-security) SANDBOX_SECURITY=1 ;;
     -h|--help) usage; exit 0 ;;
     *) echo "Unknown arg: $1" >&2; usage >&2; exit 2 ;;
   esac
@@ -236,6 +251,7 @@ validate_agent_triplet() {
 validate_agent_triplet "reviewer" "$REVIEWER_TIER" "$REVIEWER_PROVIDER" "$REVIEWER_MODEL"
 validate_agent_triplet "planner"  "$PLANNER_TIER"  "$PLANNER_PROVIDER"  "$PLANNER_MODEL"
 validate_agent_triplet "small"    "$SMALL_TIER"    "$SMALL_PROVIDER"    "$SMALL_MODEL"
+validate_agent_triplet "security" "$SECURITY_TIER" "$SECURITY_PROVIDER" "$SECURITY_MODEL"
 
 # Resolve reviewer-model default if --reviewer-tier + --reviewer-provider
 # set but --reviewer-model not. Same default-model map as the coder pin.
@@ -265,6 +281,15 @@ if [ -n "$SMALL_TIER" ] && [ -n "$SMALL_PROVIDER" ] && [ -z "$SMALL_MODEL" ]; th
   }
 fi
 
+# Security agent default-model fallback.
+if [ -n "$SECURITY_TIER" ] && [ -n "$SECURITY_PROVIDER" ] && [ -z "$SECURITY_MODEL" ]; then
+  SECURITY_MODEL="$(default_model_for "$SECURITY_TIER" "$SECURITY_PROVIDER")" || {
+    echo "pick: no default model known for security $SECURITY_TIER/$SECURITY_PROVIDER." >&2
+    echo "  Pass --security-model <name> explicitly." >&2
+    exit 4
+  }
+fi
+
 # Forward to configure-backend.sh. --dry-run becomes --print-only on the
 # configurator (it prints the merged JSON but does not write the file).
 CONFIGURE_ARGS=(--tier "$TIER" --provider "$PROVIDER" --model "$MODEL")
@@ -298,6 +323,15 @@ fi
 [ -n "$CODER_TEMP" ]             && CONFIGURE_ARGS+=(--coder-temp "$CODER_TEMP")
 [ -n "$PLANNER_TEMP" ]           && CONFIGURE_ARGS+=(--planner-temp "$PLANNER_TEMP")
 [ -n "$REVIEWER_TEMP" ]          && CONFIGURE_ARGS+=(--reviewer-temp "$REVIEWER_TEMP")
+[ -n "$SECURITY_TEMP" ]          && CONFIGURE_ARGS+=(--security-temp "$SECURITY_TEMP")
+if [ -n "$SECURITY_TIER" ]; then
+  CONFIGURE_ARGS+=(
+    --security-tier "$SECURITY_TIER"
+    --security-provider "$SECURITY_PROVIDER"
+    --security-model "$SECURITY_MODEL"
+  )
+fi
+[ "$SANDBOX_SECURITY" = "1" ]    && CONFIGURE_ARGS+=(--sandbox-security)
 
 if [ -n "$REVIEWER_TIER" ]; then
   echo "pick: resolved coder $TIER/$PROVIDER → $MODEL + reviewer $REVIEWER_TIER/$REVIEWER_PROVIDER → $REVIEWER_MODEL" >&2