Repeatable repository audits and reviews for opencode
oy gives opencode users a bounded path from deterministic repository inputs to security audits, code-quality reviews, and focused remediation.
Why oy
Visible coverage
Gitignore-aware manifests and ordered chunks replace silent, model-selected sampling. Oversized runs fail closed.
Restricted review
Audit and review agents receive oy evidence tools, not generic shell, edit, search, or web tools.
Reports that survive chat
Markdown and SARIF reports carry stable finding IDs and statuses into reruns and one-finding remediation.
Quick start
curl -fsSL https://oy.adonm.dev/install.sh | sh
# Restart or activate your shell as instructed, then:
oy doctor
oy audit
The full installer uses mise to install oy, opencode, and optional local evidence helpers, then runs global setup. Review the installer before piping it to a shell.
For a minimal manual install:
mise use --global cargo-binstall cargo:oy-cli opencode
oy setup
oy audit
Continue with Getting started or go directly to the workflow guide.
One focused loop
- Audit:
oy auditwritesISSUES.mdor SARIF. - Review:
oy review mainwritesREVIEW.mdfor a target diff. - Remediate:
oy enhance <finding-id>fixes and verifies one finding. - Confirm: rerun the originating audit or review to update its status.
A precise claim
Deterministic inputs, not deterministic conclusions.
oy owns collection, ordering, limits, and report rendering. opencode owns model execution, and model findings vary by model and prompt. “Every chunk” means every collected chunk; documented exclusions still apply.