epic: internal AI guardrails thin distribution for Cor-Incorporated

[terisuke]

Summary

Build the Cor-Incorporated internal distribution on top of upstream-friendly OpenCode without turning the fork into a deep product fork.

Why

This follows the philosophy established in claude-code-skills epic #130 and its README/ADRs:

• mechanism over prose for quality and safety
• fastest reliable feedback layer first
• pointer-based instructions instead of bloated always-loaded prompts
• "implemented" is not "working" unless deployment/runtime behavior is verified as a system
• explicit workflow gates for review, CI, and release-sensitive actions

Scope

• wrapper distribution and packaged profile
• managed config for enterprise defaults
• Claude-compatible skill/rule migration strategy
• plugin- and command-based guardrails
• scenario coverage for critical behavior
• provider admission policy

Planning docs in repo

• docs/ai-guardrails/README.md
• docs/ai-guardrails/adr/
• docs/ai-guardrails/issues/
• docs/ai-guardrails/migration/claude-code-skills-inventory.md

Success criteria

• OpenCode core stays close to upstream
• direct-reuse SKILL.md assets remain usable during migration
• org-specific control lives in config/profile/plugins/commands/CI layers
• critical guardrails are scenario-tested or CI-enforced
• no critical workflow depends on hidden local hook deployment steps

Planned workstreams

1. Bootstrap thin distribution
2. Claude asset inventory and import
3. Guardrail plugin MVP
4. Safe agents and commands
5. Provider admission policy
6. Scenario and replay harness

[terisuke]

Child issues:

• guardrails: bootstrap thin distribution #2 guardrails: bootstrap thin distribution
• guardrails: Claude asset inventory and import #3 guardrails: Claude asset inventory and import
• guardrails: plugin MVP for policy enforcement #4 guardrails: plugin MVP for policy enforcement
• guardrails: safe agents and workflow commands #5 guardrails: safe agents and workflow commands
• guardrails: provider admission policy #6 guardrails: provider admission policy
• guardrails: scenario and replay harness #7 guardrails: scenario and replay harness

[terisuke]

Child issues:

• guardrails: bootstrap thin distribution #2 guardrails: bootstrap thin distribution
• guardrails: Claude asset inventory and import #3 guardrails: Claude asset inventory and import
• guardrails: plugin MVP for policy enforcement #4 guardrails: plugin MVP for policy enforcement
• guardrails: safe agents and workflow commands #5 guardrails: safe agents and workflow commands
• guardrails: provider admission policy #6 guardrails: provider admission policy
• guardrails: scenario and replay harness #7 guardrails: scenario and replay harness

[terisuke]

Added README/doc positioning guidance in the working branch so future sessions use the same framing:

• this repository should be described as a Cor-Incorporated fork of OpenCode
• compatibility with upstream should be preserved where practical
• guardrails should ship as a thin internal distribution layer, not a deep rewrite
• renaming the repository or published package should be treated as a separate branding/distribution decision, after install paths, package names, and release ownership are ready together

This keeps the fork legible without breaking the current upstream-compatible shape of the repo.

[terisuke]

MVP readiness is now tracked explicitly in #16. The current planning split is:

• now required before MVP claim: guardrails: safe agents and workflow commands #5, guardrails: provider admission policy #6, guardrails: scenario and replay harness #7, guardrails: plugin hardening wave 2 for MVP floor #13
• later, after MVP floor: guardrails: authoritative CI and release gates after MVP #14, guardrails: broader Claude asset migration beyond MVP floor #12

The local planning mirrors this in docs/ai-guardrails/mvp-readiness.md and the expanded issue pack under docs/ai-guardrails/issues/.

[terisuke]

PR #139 progress update

PR #139 (fix/guardrail-review-findings-phase7) addresses:

Phase 6 (Dogfooding fixes):

• Merge gate regex tightened — git merge-base no longer falsely blocked
• Version baseline regression test added

Phase 7 (Bug fixes / Test coverage):

• 14 new test cases: FactCheck state machine, security patterns, bash mutation, review_state reset, docker secrets, branch protection, team plugin edge cases
• PR feat(guardrail): add git freshness, merge gate, test falsifiability, doc reminder hooks #90 review findings all resolved (5 items)
• Review HIGH-1 (process leak on timeout) fixed with proc.kill()

Verification: 34 tests / 255 expect() / all pass. Build + typecheck + deploy firing verified.