Conversation
BREAKING CHANGE: Major prompt engineering overhaul
This release brings full parity with Codex CLI's prompt selection:
Model-Specific Prompts:
- gpt-5.1-codex-max* → gpt-5.1-codex-max_prompt.md (117 lines, frontend design)
- gpt-5.1-codex*, codex-* → gpt_5_codex_prompt.md (105 lines, focused coding)
- gpt-5.1* → gpt_5_1_prompt.md (368 lines, full behavioral guidance)
Legacy GPT-5.0 → GPT-5.1 Migration:
- gpt-5-codex → gpt-5.1-codex
- gpt-5 → gpt-5.1
- gpt-5-mini, gpt-5-nano → gpt-5.1
- codex-mini-latest → gpt-5.1-codex-mini
New Features:
- ModelFamily type for prompt selection ("codex-max" | "codex" | "gpt-5.1")
- getModelFamily() function for model family detection
- Lazy instruction loading per model family
- Separate caching per model family
- Model family logged in request logs
Fixes:
- OpenCode prompt cache URL (main → dev branch)
- Multi-model session log detection in test script
Test Coverage:
- 191 unit tests (16 new for model family detection)
- 13 integration tests with family verification
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Changed config/full-opencode.json plugin from local file path to npm package name - Added Highlights section to v4.0.0 changelog emphasizing Codex Max support 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add "Plugin Versioning & Updates" section early in README - Explain why pinning is required (Bun lockfile pins "latest") - Show upgrade workflow: change version in config, restart - Provide cache-clearing command for stuck users - Update all config examples to use @4.0.0 - Remove redundant "Updating the Plugin" section 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fix orphaned function_call_output errors during summary/compaction - Add GitHub API rate limit fallback for Codex instructions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
**Fixed**: - Compaction losing context: Only filter orphaned function_call_output items, preserve matched pairs - Agent creation failing: Properly detect streaming vs non-streaming requests - SSE/JSON response handling: Convert SSE→JSON for generateText(), passthrough for streamText() **Added**: - gpt-5.1-chat-latest model support (normalizes to gpt-5.1) **Technical**: - Capture original stream value before transformation - API always gets stream=true, but response handling based on original intent - Orphan detection: only remove function_call_output without matching function_call 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
## Added - GPT 5.2 model family with 4 reasoning presets (low/medium/high/xhigh) - Full image input support for all 16 models via modalities config - GPT 5.2 model family in codex.ts with dedicated prompt handling ## Changed - Model ordering: GPT 5.2 → Codex Max → Codex → Codex Mini → GPT 5.1 - Removed default presets without explicit reasoning suffix - Updated @opencode-ai/plugin to ^1.0.150 (audit fix) - Test script now uses local dist and includes GPT 5.2 tests ## Tests - 193 unit tests + 16 integration tests (all passing) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…fix, and HTML version update This release combines fixes and features from PRs #62, #63, and #64: ### Added - "none" reasoning effort support for GPT-5.2 and GPT-5.1 general purpose models - gpt-5.2-none and gpt-5.1-none model mappings and presets (now 18 total models) - 4 new unit tests for "none" reasoning behavior (197 total tests) ### Fixed - Orphaned function_call_output 400 API errors - now converts orphans to assistant messages to preserve context while avoiding API errors - OAuth HTML version display updated from 1.0.4 to 4.1.0 ### Technical Details - getReasoningConfig() detects GPT-5.1 general purpose models and allows "none" - Codex variants auto-convert "none" to "low" (or "medium" for Codex Mini) - Orphan handling now works regardless of tools presence in request Contributors: @code-yeongyu (PR #63), @kanemontreuil (PR #64), @ben-vargas (PR #62) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Auth reliability + error handling alignment + request integrity fixes
Remap activeIndex based on the selected account key to avoid unexpected account switching when deduplicating stored accounts. Add regression tests for storage normalization and oauth-success copy, and refresh docs/CI labeling.
Rename the npm package/bin to opencode-openai-codex-auth-multiaccount and repoint installer/config/docs to the fork repo. This keeps upstream lean while preserving the multi-account rotation feature set.
|
✅ Actions performedReview triggered.
|
|
@coderabbitai review |
@ndycode I have started the AI code review. It will take a few minutes to complete. |
|
✅ Actions performedReview triggered.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 2 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/pr-governance.yml">
<violation number="1" location=".github/workflows/pr-governance.yml:41">
P1: The markdown stripping is incomplete, so governance checkboxes can still be spoofed inside valid code syntax (e.g., `~~~` fenced blocks or multi-backtick code spans).</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
There was a problem hiding this comment.
2 issues found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="docs/development/TESTING.md">
<violation number="1" location="docs/development/TESTING.md:42">
P3: Update the advisory-matrix description to include the Windows Node 18 lane so the testing guide matches the actual workflow.</violation>
</file>
<file name=".github/workflows/pr-governance.yml">
<violation number="1" location=".github/workflows/pr-governance.yml:40">
P1: Compliance checkbox validation can be bypassed via HTML comments because comment content is not stripped before regex checks.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
Addressed the remaining governance/docs review items in
Reset the PR body back to the human-maintained summary for current head @coderabbitai review |
@ndycode I have started the AI code review. It will take a few minutes to complete. |
|
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
2 issues found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/pr-governance.yml">
<violation number="1" location=".github/workflows/pr-governance.yml:20">
P2: The concurrency key is too specific: including `github.event.action` prevents stale governance runs for the same PR from being canceled.</violation>
</file>
<file name="scripts/ci/docs-check.js">
<violation number="1" location="scripts/ci/docs-check.js:270">
P2: `extractMarkdownLinks` misses shortcut reference links (`[label]`), so those links are not validated and broken docs links can slip through.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
Addressed the shortcut-reference docs-check gap in
Refreshed the PR body for current head @greptile @cubic review |
@ndycode I have started the AI code review. It will take a few minutes to complete. |
There was a problem hiding this comment.
2 issues found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="scripts/ci/docs-check.js">
<violation number="1" location="scripts/ci/docs-check.js:251">
P1: The shortcut-reference regex is too permissive and matches inline/full-reference links, which can cause false broken-link failures in docs-check.</violation>
</file>
<file name=".github/workflows/pr-governance.yml">
<violation number="1" location=".github/workflows/pr-governance.yml:20">
P2: Concurrency is partitioned by event action, so governance runs for the same PR can execute in parallel and race on label updates/state checks.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
|
Addressed the remaining governance/docs-check review items in
Re-ran the full local validation set on the committed head:
Reset the PR body back to the human-maintained summary for current head @coderabbitai review |
|
✅ Actions performedReview triggered.
|
|
Addressed the remaining fresh governance review item in
Re-ran the local validation set on the committed head:
Reset the PR body back to the human-maintained summary for current head @coderabbitai review |
|
✅ Actions performedReview triggered.
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 245-247: The CI job invoking the docs-check script uses "npm run
docs:check", but docs-check.js contains an isDirectRun guard that checks
process.argv[1] against __filename so main() never runs when launched via npm;
update the workflow step that currently runs npm run docs:check to invoke the
script directly with Node (e.g., run node ./scripts/ci/docs-check.js) so the
isDirectRun check passes and main() executes, ensuring the markdown link/CI
badge validation actually runs.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: bad10035-39c7-467e-8c41-32849c519255
📒 Files selected for processing (6)
.github/workflows/ci.yml.github/workflows/pr-advisory.yml.github/workflows/pr-governance.ymldocs/development/TESTING.mdscripts/ci/docs-check.jstest/docs-check.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- test/docs-check.test.ts
Summary
ci.ymlworkflow with smart change detection,required-pr, and workflow lintingTesting
npm run docs:checknpm run lintnpm run typechecknpm run buildnpm testDocs Impact
Compliance Confirmation
maintainer-live-verifiedlabel after independent live verification.Notes
npm run test:coverageandnpm run audit:ciremain advisory because the current baseline still fails the global coverage threshold and reports the existinghonoaudit issue. This PR also touches.github/pull_request_template.md, so theexemptlabel is needed for the existingpr-qualityworkflow.Summary by CodeRabbit
Release Notes
Documentation
Tests
Chores
note: greptile review for oc-chatgpt-multi-auth. cite files like
lib/foo.ts:123. confirm regression tests + windows concurrency/token redaction coverage.Greptile Summary
this PR introduces a complete CI/PR automation layer: a required
ci.ymlworkflow with smart rename-aware change detection and a hardenedrequired-praggregate gate, advisorypr-advisory.ymllanes for coverage, compat-matrix, and dependency audit, apr-governance.ymlworkflow that validates the PR template and manages live-verification labels viapull_request_target, adocs-check.jslink validator using only node built-ins, and accompanying docs/template updates.changesanddetect-dependency-changeboth havetimeout-minutes: 10,required-prfails fast whenCHANGES_RESULT != "success", HTML comments are stripped before link extraction, andscripts/ci/changes now triggerdocs_changed=truepr-governance.ymlcorrectly avoids checking out PR head ref underpull_request_target, uses live label reads viagithub.paginate, and serialises runs (cancel-in-progress: false) to prevent label race conditions — no windows filesystem or token-safety paths are touched by this PRcoverage,compat-matrix,dependency-audit) lack an equivalentDETECT_RESULTguard: ifdetect-dependency-changefails or is cancelled, all three advisory jobs are silently skipped with no step summary written; since these are unrequired this does not block merge, but silent skips are hard to debuggetSectionContentin the governance script builds aRegExpfrom an unescaped heading string — benign with today's hardcoded callers but a latent injection risk if the function is reusedtest/docs-check.test.tsretry cleanup is intentionally broad (retries all errors, not just Windows transient ones), which could leave orphanedtmp/docs-check-*dirs on Windows runners if the retry budget is exhausted by a non-transient error; low severity given runner teardownConfidence Score: 4/5
CHANGES_RESULTcheck, timeouts) and governance workflow correctness (pull_request_targetwithout head checkout, live label reads, serialised concurrency) are all solid. the remaining issues are advisory-lane visibility and a latent regex-injection in a helper function — neither blocks the required CI path or introduces a token/filesystem safety risk on windowspr-advisory.yml(silent skip on detect failure) andpr-governance.yml(unescaped regex ingetSectionContent)Important Files Changed
required-praggregate check; previous thread issues (missing timeout, CHANGES_RESULT guard) are resolveddetect-dependency-changehas a timeout but downstream jobs lack a result guard — a failed detection job silently skips all advisory lanes with no summary outputpull_request_targetwithissues: writeto manage labels and validate PR template; correctly avoids checking out PR head ref;getSectionContentbuilds regex with unescaped heading string — benign today but latent if reusedtypecheck,docs:check, Docs Impact section, and live-verification checklist items aligned with the newpr-governanceworkflow requirementsrequired-prandpr-governanceas the two branch-protection gatesdocs:checkandaudit:ciscripts; no auth, request-routing, or storage paths changed; dependency versions unchangedSequence Diagram
sequenceDiagram participant PR as Pull Request participant CH as changes job participant CJ as code jobs<br/>(lint/typecheck/build/unit-linux/unit-windows) participant DS as docs-sanity participant AL as actionlint participant RP as required-pr gate participant PG as pr-governance<br/>(pull_request_target) participant AD as advisory lanes<br/>(coverage/compat/audit) PR->>CH: trigger on pull_request CH->>CH: classify changed files<br/>(code / docs / workflow) CH-->>CJ: code_changed=true CH-->>DS: docs_changed=true CH-->>AL: workflow_changed=true CJ-->>RP: result DS-->>RP: result AL-->>RP: result CH-->>RP: CHANGES_RESULT (fail-fast if not success) RP->>RP: evaluate gates<br/>exit 1 on any failure Note over RP: branch-protection required check PR->>AD: trigger (advisory, not required) AD->>AD: detect-dependency-change AD-->>AD: coverage / compat-matrix / dependency-audit<br/>(continue-on-error: true) PR->>PG: pull_request_target<br/>(opened/edited/labeled/sync) PG->>PG: fetch live labels via paginate PG->>PG: strip code blocks + HTML comments PG->>PG: validate template sections + checkboxes PG->>PG: detect risky paths (auth/request/storage) PG-->>PR: add/remove needs-live-verification label PG-->>PR: fail if template incomplete Note over PG: branch-protection required checkComments Outside Diff (4)
scripts/ci/docs-check.js, line 244-248 (link)Tilde-fenced code blocks not stripped before link extraction
extractMarkdownLinksonly strips triple-backtick fences but not~~~(tilde) fences, which are valid CommonMark code blocks. any link inside a tilde-fenced block is still extracted and validated:this would cause a false failure in
docs-sanityfor anyone using tilde fences. thestripMarkdownCodeinpr-governance.ymlcorrectly handles both fence characters — the same fix is needed here.|~~~)[\s\S]*?(?:```|~~~)/g, "\n")
.replace(/
[^\n]+`/g, "`code`");.github/workflows/pr-governance.yml, line 292-296 (link)core.summary.write()failure silences governance failuresawait core.summary.addRaw(...).write()is awaited before thecore.setFailedcall. if the GitHub step-summary API is transiently unavailable,write()throws, the exception propagates, andcore.setFailedis never reached. the caller sees a generic network error rather than the compliance failures accumulated infailures[], making governance silent exactly when it should be loudest.wrapping the summary write in a try/catch with a fallback
console.logpreserves governance signal even when the summary endpoint is down:scripts/ci/docs-check.js, line 243-247 (link)non-greedy fence pattern can prematurely close code blocks
the pattern
(?:\{3}|{3})[\s\S]*?(?:`{3}|{3})` is non-greedy and doesn't track fence-char identity. if a fenced code block's body contains a run of exactly 3 backticks (common in contributing/readme docs that demonstrate markdown syntax), the non-greedy match closes early at that interior sequence and everything after it — still inside the real block — is exposed to link extraction. a broken-link reference that appears after the interior triple-backtick will be extracted and reported as a false failure.example that triggers it:
the regex closes the outer block at the inner
```, so[guide](./missing.md)is extracted and validated.pr-governance.yml'sstripMarkdownCodealready handles this correctly with a line-by-line state machine that tracks fence char and length. the same approach should be used here.no test case in
docs-check.test.tscovers code blocks whose bodies contain 3 backtick/tilde sequences..github/workflows/pr-advisory.yml, line 104-108 (link)No failure-propagation guard for
detect-dependency-changeunlike
required-princi.yml(which now correctly fails fast whenCHANGES_RESULT != "success"), the advisory downstream jobs (coverage,compat-matrix,dependency-audit) only gate on the outputs, not on the job result. ifdetect-dependency-changeis cancelled or errors out, all three advisory jobs are silently skipped with no indication in the run summary.since these lanes are explicitly advisory this won't break the required gate, but it does mean a hung or crashed
detect-dependency-changejob produces a deceptively clean advisory run. consider adding aneeds.detect-dependency-change.result == 'success'guard to each advisoryif:condition, or a dedicated advisory summary step, so transient runner failures are visible.Prompt To Fix All With AI
Last reviewed commit: d4974b5