Merge pull request #49 from cexll/freespace8/master

Freespace8/master

.claude-plugin/marketplace.json

@@ -125,9 +125,9 @@
       ]
     },
     {
-      "name": "advanced-ai-agents",
-      "source": "./advanced-ai-agents/",
-      "description": "Advanced AI agent for complex problem solving and deep analysis with GPT-5 integration",
+      "name": "codex-cli",
+      "source": "./skills/codex/",
+      "description": "Execute Codex CLI for code analysis, refactoring, and automated code changes with file references (@syntax) and structured output",
       "version": "1.0.0",
       "author": {
         "name": "Claude Code Dev Workflows",
@@ -137,17 +137,72 @@
       "repository": "https://github.com/cexll/myclaude",
       "license": "MIT",
       "keywords": [
-        "gpt5",
-        "ai",
-        "analysis",
-        "problem-solving",
-        "deep-research"
+        "codex",
+        "code-analysis",
+        "refactoring",
+        "automation",
+        "gpt-5",
+        "ai-coding"
       ],
-      "category": "advanced",
+      "category": "essentials",
       "strict": false,
-      "commands": [],
+      "skills": [
+        "./SKILL.md"
+      ]
+    },
+    {
+      "name": "gemini-cli",
+      "source": "./skills/gemini/",
+      "description": "Execute Gemini CLI for AI-powered code analysis and generation with Google's latest Gemini models",
+      "version": "1.0.0",
+      "author": {
+        "name": "Claude Code Dev Workflows",
+        "url": "https://github.com/cexll/myclaude"
+      },
+      "homepage": "https://github.com/cexll/myclaude",
+      "repository": "https://github.com/cexll/myclaude",
+      "license": "MIT",
+      "keywords": [
+        "gemini",
+        "google-ai",
+        "code-analysis",
+        "code-generation",
+        "ai-reasoning"
+      ],
+      "category": "essentials",
+      "strict": false,
+      "skills": [
+        "./SKILL.md"
+      ]
+    },
+    {
+      "name": "dev-workflow",
+      "source": "./dev-workflow/",
+      "description": "Minimal lightweight development workflow with requirements clarification, parallel codex execution, and mandatory 90% test coverage",
+      "version": "1.0.0",
+      "author": {
+        "name": "Claude Code Dev Workflows",
+        "url": "https://github.com/cexll/myclaude"
+      },
+      "homepage": "https://github.com/cexll/myclaude",
+      "repository": "https://github.com/cexll/myclaude",
+      "license": "MIT",
+      "keywords": [
+        "dev",
+        "workflow",
+        "codex",
+        "testing",
+        "coverage",
+        "concurrent",
+        "lightweight"
+      ],
+      "category": "workflows",
+      "strict": false,
+      "commands": [
+        "./commands/dev.md"
+      ],
       "agents": [
-        "./agents/gpt5.md"
+        "./agents/dev-plan-generator.md"
       ]
     }
   ]

.github/workflows/release.yml

@@ -0,0 +1,113 @@
+name: Release codex-wrapper
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Run tests
+        working-directory: codex-wrapper
+        run: go test -v -coverprofile=cover.out ./...
+
+      - name: Check coverage
+        working-directory: codex-wrapper
+        run: |
+          go tool cover -func=cover.out | grep total
+          COVERAGE=$(go tool cover -func=cover.out | grep total | awk '{print $3}' | sed 's/%//')
+          echo "Coverage: ${COVERAGE}%"
+
+  build:
+    name: Build
+    needs: test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+          - goos: windows
+            goarch: amd64
+          - goos: windows
+            goarch: arm64
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+
+      - name: Build binary
+        id: build
+        working-directory: codex-wrapper
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: 0
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          OUTPUT_NAME=codex-wrapper-${{ matrix.goos }}-${{ matrix.goarch }}
+          if [ "${{ matrix.goos }}" = "windows" ]; then
+            OUTPUT_NAME="${OUTPUT_NAME}.exe"
+          fi
+          go build -ldflags="-s -w -X main.version=${VERSION}" -o ${OUTPUT_NAME} .
+          chmod +x ${OUTPUT_NAME}
+          echo "artifact_path=codex-wrapper/${OUTPUT_NAME}" >> $GITHUB_OUTPUT
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codex-wrapper-${{ matrix.goos }}-${{ matrix.goarch }}
+          path: ${{ steps.build.outputs.artifact_path }}
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: artifacts
+
+      - name: Prepare release files
+        run: |
+          mkdir -p release
+          find artifacts -type f -name "codex-wrapper-*" -exec mv {} release/ \;
+          cp install.sh install.bat release/
+          ls -la release/
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: release/*
+          generate_release_notes: true
+          draft: false
+          prerelease: false

.gitignore

@@ -1,3 +1,6 @@
-CLAUDE.md
-
 .claude/
+.claude-trace
+.venv
+.pytest_cache
+__pycache__
+.coverage

Makefile

@@ -7,10 +7,12 @@
 help:
 	@echo "Claude Code Multi-Agent Workflow - Quick Deployment"
 	@echo ""
+	@echo "Recommended installation: python3 install.py --install-dir ~/.claude"
+	@echo ""
 	@echo "Usage: make [target]"
 	@echo ""
 	@echo "Targets:"
-	@echo "  install              - Install all configurations to Claude Code"
+	@echo "  install              - LEGACY: install all configurations (prefer install.py)"
 	@echo "  deploy-bmad          - Deploy BMAD workflow (bmad-pilot)"
 	@echo "  deploy-requirements  - Deploy Requirements workflow (requirements-pilot)"
 	@echo "  deploy-essentials    - Deploy Development Essentials workflow"
@@ -36,6 +38,8 @@ OUTPUT_STYLES_DIR = output-styles
 
 # Install all configurations
 install: deploy-all
+	@echo "⚠️  LEGACY PATH: make install will be removed in future versions."
+	@echo "    Prefer: python3 install.py --install-dir ~/.claude"
 	@echo "✅ Installation complete!"
 
 # Deploy BMAD workflow
@@ -140,4 +144,4 @@ all: deploy-all
 # Version info
 version:
 	@echo "Claude Code Multi-Agent Workflow System v3.1"
-	@echo "BMAD + Requirements-Driven Development"
+	@echo "BMAD + Requirements-Driven Development"

PLUGIN_README.md

@@ -1,95 +0,0 @@
-# Claude Code Plugin System
-
-本项目已支持Claude Code插件系统，可以将命令和代理打包成可安装的插件包。
-
-## 插件配置
-
-插件配置文件位于 `.claude-plugin/marketplace.json`，定义了所有可用的插件包。
-
-## 可用插件
-
-### 1. Requirements-Driven Development
-- **描述**: 需求驱动的开发工作流，包含90%质量门控
-- **命令**: `/requirements-pilot`
-- **代理**: requirements-generate, requirements-code, requirements-testing, requirements-review
-
-### 2. BMAD Agile Workflow
-- **描述**: 完整的BMAD敏捷工作流（产品负责人→架构师→SM→开发→QA）
-- **命令**: `/bmad-pilot`
-- **代理**: bmad-po, bmad-architect, bmad-sm, bmad-dev, bmad-qa, bmad-orchestrator
-
-### 3. Development Essentials
-- **描述**: 核心开发命令套件
-- **命令**: `/code`, `/debug`, `/test`, `/optimize`, `/review`, `/bugfix`, `/refactor`, `/docs`, `/ask`, `/think`
-- **代理**: code, bugfix, bugfix-verify, code-optimize, debug, develop
-
-### 4. Advanced AI Agents
-- **描述**: 高级AI代理，集成GPT-5进行深度分析
-- **代理**: gpt5
-
-## 使用插件命令
-
-### 列出所有可用插件
-```bash
-/plugin list
-```
-
-### 查看插件详情
-```bash
-/plugin info <plugin-name>
-```
-例如：`/plugin info requirements-driven-development`
-
-### 安装插件
-```bash
-/plugin install <plugin-name>
-```
-例如：`/plugin install bmad-agile-workflow`
-
-### 移除插件
-```bash
-/plugin remove <plugin-name>
-```
-
-## 创建自定义插件
-
-要创建自己的插件：
-
-1. 在 `.claude-plugin/marketplace.json` 中添加新的插件定义
-2. 指定插件包含的命令和代理文件路径
-3. 设置适当的元数据（版本、作者、关键词等）
-
-示例插件结构：
-```json
-{
-  "name": "my-custom-plugin",
-  "source": "./",
-  "description": "自定义插件描述",
-  "version": "1.0.0",
-  "commands": [
-    "./commands/my-command.md"
-  ],
-  "agents": [
-    "./agents/my-agent.md"
-  ]
-}
-```
-
-## 分享插件
-
-要分享插件给其他项目：
-1. 复制整个 `.claude-plugin` 目录到目标项目
-2. 确保相关的命令和代理文件存在
-3. 在新项目中使用 `/plugin` 命令管理插件
-
-## 注意事项
-
-- 插件系统遵循Claude Code的插件规范
-- 所有命令和代理文件必须是有效的Markdown格式
-- 插件配置支持版本管理和依赖关系
-- 插件可以包含多个命令、代理和输出样式
-
-## 相关文档
-
-- [Claude Code插件文档](https://docs.claude.com/en/docs/claude-code/plugins)
-- [示例插件仓库](https://github.com/wshobson/agents)

README.md

@@ -1,114 +1,323 @@
 # Claude Code Multi-Agent Workflow System
 
+[![Run in Smithery](https://smithery.ai/badge/skills/cexll)](https://smithery.ai/skills?ns=cexll&utm_source=github&utm_medium=badge)
+
+
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Claude Code](https://img.shields.io/badge/Claude-Code-blue)](https://claude.ai/code)
-[![Version](https://img.shields.io/badge/Version-3.2-green)](https://github.com/cexll/myclaude)
-[![Plugin Ready](https://img.shields.io/badge/Plugin-Ready-purple)](https://docs.claude.com/en/docs/claude-code/plugins)
+[![Version](https://img.shields.io/badge/Version-5.0-green)](https://github.com/cexll/myclaude)
 
-> Enterprise-grade agile development automation with AI-powered multi-agent orchestration
+> AI-powered development automation with Claude Code + Codex collaboration
 
-[中文文档](README_CN.md) | [Documentation](docs/)
+## Core Concept: Claude Code + Codex
 
-## 🚀 Quick Start
+This system leverages a **dual-agent architecture**:
 
-### Installation
+| Role | Agent | Responsibility |
+|------|-------|----------------|
+| **Orchestrator** | Claude Code | Planning, context gathering, verification, user interaction |
+| **Executor** | Codex | Code editing, test execution, file operations |
 
-**Plugin System (Recommended)**
-```bash
-/plugin github.com/cexll/myclaude
-```
+**Why this separation?**
+- Claude Code excels at understanding context and orchestrating complex workflows
+- Codex excels at focused code generation and execution
+- Together they provide better results than either alone
+
+## Quick Start(Please execute in Powershell on Windows)
 
-**Traditional Installation**
 ```bash
 git clone https://github.com/cexll/myclaude.git
 cd myclaude
-make install
+python3 install.py --install-dir ~/.claude
 ```
 
-### Basic Usage
+## Workflows Overview
+
+### 1. Dev Workflow (Recommended)
+
+**The primary workflow for most development tasks.**
 
 ```bash
-# Full agile workflow
-/bmad-pilot "Build user authentication with OAuth2 and MFA"
-
-# Lightweight development
-/requirements-pilot "Implement JWT token refresh"
-
-# Direct development commands
-/code "Add API rate limiting"
+/dev "implement user authentication with JWT"
 ```
 
-## 📦 Plugin Modules
+**6-Step Process:**
+1. **Requirements Clarification** - Interactive Q&A to clarify scope
+2. **Codex Deep Analysis** - Codebase exploration and architecture decisions
+3. **Dev Plan Generation** - Structured task breakdown with test requirements
+4. **Parallel Execution** - Codex executes tasks concurrently
+5. **Coverage Validation** - Enforce ≥90% test coverage
+6. **Completion Summary** - Report with file changes and coverage stats
 
-| Plugin | Description | Key Commands |
-|--------|-------------|--------------|
-| **[bmad-agile-workflow](docs/BMAD-WORKFLOW.md)** | Complete BMAD methodology with 6 specialized agents | `/bmad-pilot` |
-| **[requirements-driven-workflow](docs/REQUIREMENTS-WORKFLOW.md)** | Streamlined requirements-to-code workflow | `/requirements-pilot` |
-| **[development-essentials](docs/DEVELOPMENT-COMMANDS.md)** | Core development slash commands | `/code` `/debug` `/test` `/optimize` |
-| **[advanced-ai-agents](docs/ADVANCED-AGENTS.md)** | GPT-5 deep reasoning integration | Agent: `gpt5` |
+**Key Features:**
+- Claude Code orchestrates, Codex executes all code changes
+- Automatic task parallelization for speed
+- Mandatory 90% test coverage gate
+- Rollback on failure
 
-## 💡 Use Cases
-
-**BMAD Workflow** - Full agile process automation
-- Product requirements → Architecture design → Sprint planning → Development → Code review → QA testing
-- Quality gates with 90% thresholds
-- Automated document generation
-
-**Requirements Workflow** - Fast prototyping
-- Requirements generation → Implementation → Review → Testing
-- Lightweight and practical
-
-**Development Commands** - Daily coding
-- Direct implementation, debugging, testing, optimization
-- No workflow overhead
-
-## 🎯 Key Features
-
-- **🤖 Role-Based Agents**: Specialized AI agents for each development phase
-- **📊 Quality Gates**: Automatic quality scoring with iterative refinement
-- **✅ Approval Points**: User confirmation at critical workflow stages
-- **📁 Persistent Artifacts**: All specs saved to `.claude/specs/`
-- **🔌 Plugin System**: Native Claude Code plugin support
-- **🔄 Flexible Workflows**: Choose full agile or lightweight development
-
-## 📚 Documentation
-
-- **[BMAD Workflow Guide](docs/BMAD-WORKFLOW.md)** - Complete methodology and agent roles
-- **[Requirements Workflow](docs/REQUIREMENTS-WORKFLOW.md)** - Lightweight development process
-- **[Development Commands](docs/DEVELOPMENT-COMMANDS.md)** - Slash command reference
-- **[Plugin System](docs/PLUGIN-SYSTEM.md)** - Installation and configuration
-- **[Quick Start Guide](docs/QUICK-START.md)** - Get started in 5 minutes
-
-## 🛠️ Installation Methods
-
-**Method 1: Plugin Install** (One command)
-```bash
-/plugin install bmad-agile-workflow
-```
-
-**Method 2: Make Commands** (Selective installation)
-```bash
-make deploy-bmad          # BMAD workflow only
-make deploy-requirements  # Requirements workflow only
-make deploy-all          # Everything
-```
-
-**Method 3: Manual Setup**
-- Copy `/commands/*.md` to `~/.config/claude/commands/`
-- Copy `/agents/*.md` to `~/.config/claude/agents/`
-
-Run `make help` for all options.
-
-## 📄 License
-
-MIT License - see [LICENSE](LICENSE)
-
-## 🙋 Support
-
-- **Issues**: [GitHub Issues](https://github.com/cexll/myclaude/issues)
-- **Documentation**: [docs/](docs/)
-- **Plugin Guide**: [PLUGIN_README.md](PLUGIN_README.md)
+**Best For:** Feature development, refactoring, bug fixes with tests
 
 ---
 
-**Transform your development with AI-powered automation** - One command, complete workflow, quality assured.
+### 2. BMAD Agile Workflow
+
+**Full enterprise agile methodology with 6 specialized agents.**
+
+```bash
+/bmad-pilot "build e-commerce checkout system"
+```
+
+**Agents:**
+| Agent | Role |
+|-------|------|
+| Product Owner | Requirements & user stories |
+| Architect | System design & tech decisions |
+| Tech Lead | Sprint planning & task breakdown |
+| Developer | Implementation |
+| Code Reviewer | Quality assurance |
+| QA Engineer | Testing & validation |
+
+**Process:**
+```
+Requirements → Architecture → Sprint Plan → Development → Review → QA
+     ↓              ↓             ↓            ↓          ↓       ↓
+   PRD.md      DESIGN.md     SPRINT.md     Code      REVIEW.md  TEST.md
+```
+
+**Best For:** Large features, team coordination, enterprise projects
+
+---
+
+### 3. Requirements-Driven Workflow
+
+**Lightweight requirements-to-code pipeline.**
+
+```bash
+/requirements-pilot "implement API rate limiting"
+```
+
+**Process:**
+1. Requirements generation with quality scoring
+2. Implementation planning
+3. Code generation
+4. Review and testing
+
+**Best For:** Quick prototypes, well-defined features
+
+---
+
+### 4. Development Essentials
+
+**Direct commands for daily coding tasks.**
+
+| Command | Purpose |
+|---------|---------|
+| `/code` | Implement a feature |
+| `/debug` | Debug an issue |
+| `/test` | Write tests |
+| `/review` | Code review |
+| `/optimize` | Performance optimization |
+| `/refactor` | Code refactoring |
+| `/docs` | Documentation |
+
+**Best For:** Quick tasks, no workflow overhead needed
+
+---
+
+## Installation
+
+### Modular Installation (Recommended)
+
+```bash
+# Install all enabled modules (dev + essentials by default)
+python3 install.py --install-dir ~/.claude
+
+# Install specific module
+python3 install.py --module dev
+
+# List available modules
+python3 install.py --list-modules
+
+# Force overwrite existing files
+python3 install.py --force
+```
+
+### Available Modules
+
+| Module | Default | Description |
+|--------|---------|-------------|
+| `dev` | ✓ Enabled | Dev workflow + Codex integration |
+| `essentials` | ✓ Enabled | Core development commands |
+| `bmad` | Disabled | Full BMAD agile workflow |
+| `requirements` | Disabled | Requirements-driven workflow |
+
+### What Gets Installed
+
+```
+~/.claude/
+├── CLAUDE.md              # Core instructions and role definition
+├── commands/              # Slash commands (/dev, /code, etc.)
+├── agents/                # Agent definitions
+├── skills/
+│   └── codex/
+│       └── SKILL.md       # Codex integration skill
+└── installed_modules.json # Installation status
+```
+
+### Configuration
+
+Edit `config.json` to customize:
+
+```json
+{
+  "version": "1.0",
+  "install_dir": "~/.claude",
+  "modules": {
+    "dev": {
+      "enabled": true,
+      "operations": [
+        {"type": "merge_dir", "source": "dev-workflow"},
+        {"type": "copy_file", "source": "memorys/CLAUDE.md", "target": "CLAUDE.md"},
+        {"type": "copy_file", "source": "skills/codex/SKILL.md", "target": "skills/codex/SKILL.md"},
+        {"type": "run_command", "command": "bash install.sh"}
+      ]
+    }
+  }
+}
+```
+
+**Operation Types:**
+| Type | Description |
+|------|-------------|
+| `merge_dir` | Merge subdirs (commands/, agents/) into install dir |
+| `copy_dir` | Copy entire directory |
+| `copy_file` | Copy single file to target path |
+| `run_command` | Execute shell command |
+
+---
+
+## Codex Integration
+
+The `codex` skill enables Claude Code to delegate code execution to Codex CLI.
+
+### Usage in Workflows
+
+```bash
+# Codex is invoked via the skill
+codex-wrapper - <<'EOF'
+implement @src/auth.ts with JWT validation
+EOF
+```
+
+### Parallel Execution
+
+```bash
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: backend_api
+workdir: /project/backend
+---CONTENT---
+implement REST endpoints for /api/users
+
+---TASK---
+id: frontend_ui
+workdir: /project/frontend
+dependencies: backend_api
+---CONTENT---
+create React components consuming the API
+EOF
+```
+
+### Install Codex Wrapper
+
+```bash
+# Automatic (via dev module)
+python3 install.py --module dev
+
+# Manual
+bash install.sh
+```
+
+#### Windows
+
+Windows installs place `codex-wrapper.exe` in `%USERPROFILE%\bin`.
+
+```powershell
+# PowerShell (recommended)
+powershell -ExecutionPolicy Bypass -File install.ps1
+
+# Batch (cmd)
+install.bat
+```
+
+**Add to PATH** (if installer doesn't detect it):
+
+```powershell
+# PowerShell - persistent for current user
+[Environment]::SetEnvironmentVariable('PATH', "$HOME\bin;" + [Environment]::GetEnvironmentVariable('PATH','User'), 'User')
+
+# PowerShell - current session only
+$Env:PATH = "$HOME\bin;$Env:PATH"
+```
+
+```batch
+REM cmd.exe - persistent for current user
+setx PATH "%USERPROFILE%\bin;%PATH%"
+```
+
+---
+
+## Workflow Selection Guide
+
+| Scenario | Recommended Workflow |
+|----------|---------------------|
+| New feature with tests | `/dev` |
+| Quick bug fix | `/debug` or `/code` |
+| Large multi-sprint feature | `/bmad-pilot` |
+| Prototype or POC | `/requirements-pilot` |
+| Code review | `/review` |
+| Performance issue | `/optimize` |
+
+---
+
+## Troubleshooting
+
+### Common Issues
+
+**Codex wrapper not found:**
+```bash
+# Check PATH
+echo $PATH | grep -q "$HOME/bin" || echo 'export PATH="$HOME/bin:$PATH"' >> ~/.zshrc
+
+# Reinstall
+bash install.sh
+```
+
+**Permission denied:**
+```bash
+python3 install.py --install-dir ~/.claude --force
+```
+
+**Module not loading:**
+```bash
+# Check installation status
+cat ~/.claude/installed_modules.json
+
+# Reinstall specific module
+python3 install.py --module dev --force
+```
+
+---
+
+## License
+
+MIT License - see [LICENSE](LICENSE)
+
+## Support
+
+- **Issues**: [GitHub Issues](https://github.com/cexll/myclaude/issues)
+- **Documentation**: [docs/](docs/)
+
+---
+
+**Claude Code + Codex = Better Development** - Orchestration meets execution.

README_CN.md

@@ -2,113 +2,319 @@
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Claude Code](https://img.shields.io/badge/Claude-Code-blue)](https://claude.ai/code)
-[![Version](https://img.shields.io/badge/Version-3.2-green)](https://github.com/cexll/myclaude)
-[![Plugin Ready](https://img.shields.io/badge/Plugin-Ready-purple)](https://docs.claude.com/en/docs/claude-code/plugins)
+[![Version](https://img.shields.io/badge/Version-5.0-green)](https://github.com/cexll/myclaude)
 
-> 企业级敏捷开发自动化与 AI 驱动的多智能体编排
+> AI 驱动的开发自动化 - Claude Code + Codex 协作
 
-[English](README.md) | [文档](docs/)
+## 核心概念：Claude Code + Codex
 
-## 🚀 快速开始
+本系统采用**双智能体架构**：
 
-### 安装
+| 角色 | 智能体 | 职责 |
+|------|-------|------|
+| **编排者** | Claude Code | 规划、上下文收集、验证、用户交互 |
+| **执行者** | Codex | 代码编辑、测试执行、文件操作 |
 
-**插件系统（推荐）**
-```bash
-/plugin github.com/cexll/myclaude
-```
+**为什么分离？**
+- Claude Code 擅长理解上下文和编排复杂工作流
+- Codex 擅长专注的代码生成和执行
+- 两者结合效果优于单独使用
+
+## 快速开始（windows上请在Powershell中执行）
 
-**传统安装**
 ```bash
 git clone https://github.com/cexll/myclaude.git
 cd myclaude
-make install
+python3 install.py --install-dir ~/.claude
 ```
 
-### 基本使用
+## 工作流概览
+
+### 1. Dev 工作流（推荐）
+
+**大多数开发任务的首选工作流。**
 
 ```bash
-# 完整敏捷工作流
-/bmad-pilot "构建用户认证系统，支持 OAuth2 和多因素认证"
-
-# 轻量级开发
-/requirements-pilot "实现 JWT 令牌刷新"
-
-# 直接开发命令
-/code "添加 API 限流功能"
+/dev "实现 JWT 用户认证"
 ```
 
-## 📦 插件模块
+**6 步流程：**
+1. **需求澄清** - 交互式问答明确范围
+2. **Codex 深度分析** - 代码库探索和架构决策
+3. **开发计划生成** - 结构化任务分解和测试要求
+4. **并行执行** - Codex 并发执行任务
+5. **覆盖率验证** - 强制 ≥90% 测试覆盖率
+6. **完成总结** - 文件变更和覆盖率报告
 
-| 插件 | 描述 | 主要命令 |
-|------|------|---------|
-| **[bmad-agile-workflow](docs/BMAD-WORKFLOW.md)** | 完整 BMAD 方法论，包含6个专业智能体 | `/bmad-pilot` |
-| **[requirements-driven-workflow](docs/REQUIREMENTS-WORKFLOW.md)** | 精简的需求到代码工作流 | `/requirements-pilot` |
-| **[development-essentials](docs/DEVELOPMENT-COMMANDS.md)** | 核心开发斜杠命令 | `/code` `/debug` `/test` `/optimize` |
-| **[advanced-ai-agents](docs/ADVANCED-AGENTS.md)** | GPT-5 深度推理集成 | 智能体: `gpt5` |
+**核心特性：**
+- Claude Code 编排，Codex 执行所有代码变更
+- 自动任务并行化提升速度
+- 强制 90% 测试覆盖率门禁
+- 失败自动回滚
 
-## 💡 使用场景
-
-**BMAD 工作流** - 完整敏捷流程自动化
-- 产品需求 → 架构设计 → 冲刺规划 → 开发实现 → 代码审查 → 质量测试
-- 90% 阈值质量门控
-- 自动生成文档
-
-**Requirements 工作流** - 快速原型开发
-- 需求生成 → 实现 → 审查 → 测试
-- 轻量级实用主义
-
-**开发命令** - 日常编码
-- 直接实现、调试、测试、优化
-- 无工作流开销
-
-## 🎯 核心特性
-
-- **🤖 角色化智能体**: 每个开发阶段的专业 AI 智能体
-- **📊 质量门控**: 自动质量评分，迭代优化
-- **✅ 确认节点**: 关键工作流阶段的用户确认
-- **📁 持久化产物**: 所有规格保存至 `.claude/specs/`
-- **🔌 插件系统**: 原生 Claude Code 插件支持
-- **🔄 灵活工作流**: 选择完整敏捷或轻量开发
-
-## 📚 文档
-
-- **[BMAD 工作流指南](docs/BMAD-WORKFLOW.md)** - 完整方法论和智能体角色
-- **[Requirements 工作流](docs/REQUIREMENTS-WORKFLOW.md)** - 轻量级开发流程
-- **[开发命令参考](docs/DEVELOPMENT-COMMANDS.md)** - 斜杠命令说明
-- **[插件系统](docs/PLUGIN-SYSTEM.md)** - 安装与配置
-- **[快速上手](docs/QUICK-START.md)** - 5分钟入门
-
-## 🛠️ 安装方式
-
-**方式1: 插件安装**（一条命令）
-```bash
-/plugin install bmad-agile-workflow
-```
-
-**方式2: Make 命令**（选择性安装）
-```bash
-make deploy-bmad          # 仅 BMAD 工作流
-make deploy-requirements  # 仅 Requirements 工作流
-make deploy-all          # 全部安装
-```
-
-**方式3: 手动安装**
-- 复制 `/commands/*.md` 到 `~/.config/claude/commands/`
-- 复制 `/agents/*.md` 到 `~/.config/claude/agents/`
-
-运行 `make help` 查看所有选项。
-
-## 📄 许可证
-
-MIT 许可证 - 查看 [LICENSE](LICENSE)
-
-## 🙋 支持
-
-- **问题反馈**: [GitHub Issues](https://github.com/cexll/myclaude/issues)
-- **文档**: [docs/](docs/)
-- **插件指南**: [PLUGIN_README.md](PLUGIN_README.md)
+**适用场景：** 功能开发、重构、带测试的 bug 修复
 
 ---
 
-**使用 AI 驱动的自动化转型您的开发流程** - 一条命令，完整工作流，质量保证。
+### 2. BMAD 敏捷工作流
+
+**包含 6 个专业智能体的完整企业敏捷方法论。**
+
+```bash
+/bmad-pilot "构建电商结账系统"
+```
+
+**智能体角色：**
+| 智能体 | 职责 |
+|-------|------|
+| Product Owner | 需求与用户故事 |
+| Architect | 系统设计与技术决策 |
+| Tech Lead | Sprint 规划与任务分解 |
+| Developer | 实现 |
+| Code Reviewer | 质量保证 |
+| QA Engineer | 测试与验证 |
+
+**流程：**
+```
+需求 → 架构 → Sprint计划 → 开发 → 审查 → QA
+ ↓      ↓       ↓         ↓      ↓      ↓
+PRD.md DESIGN.md SPRINT.md Code REVIEW.md TEST.md
+```
+
+**适用场景：** 大型功能、团队协作、企业项目
+
+---
+
+### 3. 需求驱动工作流
+
+**轻量级需求到代码流水线。**
+
+```bash
+/requirements-pilot "实现 API 限流"
+```
+
+**流程：**
+1. 带质量评分的需求生成
+2. 实现规划
+3. 代码生成
+4. 审查和测试
+
+**适用场景：** 快速原型、明确定义的功能
+
+---
+
+### 4. 开发基础命令
+
+**日常编码任务的直接命令。**
+
+| 命令 | 用途 |
+|------|------|
+| `/code` | 实现功能 |
+| `/debug` | 调试问题 |
+| `/test` | 编写测试 |
+| `/review` | 代码审查 |
+| `/optimize` | 性能优化 |
+| `/refactor` | 代码重构 |
+| `/docs` | 编写文档 |
+
+**适用场景：** 快速任务，无需工作流开销
+
+---
+
+## 安装
+
+### 模块化安装（推荐）
+
+```bash
+# 安装所有启用的模块（默认：dev + essentials）
+python3 install.py --install-dir ~/.claude
+
+# 安装特定模块
+python3 install.py --module dev
+
+# 列出可用模块
+python3 install.py --list-modules
+
+# 强制覆盖现有文件
+python3 install.py --force
+```
+
+### 可用模块
+
+| 模块 | 默认 | 描述 |
+|------|------|------|
+| `dev` | ✓ 启用 | Dev 工作流 + Codex 集成 |
+| `essentials` | ✓ 启用 | 核心开发命令 |
+| `bmad` | 禁用 | 完整 BMAD 敏捷工作流 |
+| `requirements` | 禁用 | 需求驱动工作流 |
+
+### 安装内容
+
+```
+~/.claude/
+├── CLAUDE.md              # 核心指令和角色定义
+├── commands/              # 斜杠命令 (/dev, /code 等)
+├── agents/                # 智能体定义
+├── skills/
+│   └── codex/
+│       └── SKILL.md       # Codex 集成技能
+└── installed_modules.json # 安装状态
+```
+
+### 配置
+
+编辑 `config.json` 自定义：
+
+```json
+{
+  "version": "1.0",
+  "install_dir": "~/.claude",
+  "modules": {
+    "dev": {
+      "enabled": true,
+      "operations": [
+        {"type": "merge_dir", "source": "dev-workflow"},
+        {"type": "copy_file", "source": "memorys/CLAUDE.md", "target": "CLAUDE.md"},
+        {"type": "copy_file", "source": "skills/codex/SKILL.md", "target": "skills/codex/SKILL.md"},
+        {"type": "run_command", "command": "bash install.sh"}
+      ]
+    }
+  }
+}
+```
+
+**操作类型：**
+| 类型 | 描述 |
+|------|------|
+| `merge_dir` | 合并子目录 (commands/, agents/) 到安装目录 |
+| `copy_dir` | 复制整个目录 |
+| `copy_file` | 复制单个文件到目标路径 |
+| `run_command` | 执行 shell 命令 |
+
+---
+
+## Codex 集成
+
+`codex` 技能使 Claude Code 能够将代码执行委托给 Codex CLI。
+
+### 工作流中的使用
+
+```bash
+# 通过技能调用 Codex
+codex-wrapper - <<'EOF'
+在 @src/auth.ts 中实现 JWT 验证
+EOF
+```
+
+### 并行执行
+
+```bash
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: backend_api
+workdir: /project/backend
+---CONTENT---
+实现 /api/users 的 REST 端点
+
+---TASK---
+id: frontend_ui
+workdir: /project/frontend
+dependencies: backend_api
+---CONTENT---
+创建消费 API 的 React 组件
+EOF
+```
+
+### 安装 Codex Wrapper
+
+```bash
+# 自动（通过 dev 模块）
+python3 install.py --module dev
+
+# 手动
+bash install.sh
+```
+
+#### Windows 系统
+
+Windows 系统会将 `codex-wrapper.exe` 安装到 `%USERPROFILE%\bin`。
+
+```powershell
+# PowerShell（推荐）
+powershell -ExecutionPolicy Bypass -File install.ps1
+
+# 批处理（cmd）
+install.bat
+```
+
+**添加到 PATH**（如果安装程序未自动检测）：
+
+```powershell
+# PowerShell - 永久添加（当前用户）
+[Environment]::SetEnvironmentVariable('PATH', "$HOME\bin;" + [Environment]::GetEnvironmentVariable('PATH','User'), 'User')
+
+# PowerShell - 仅当前会话
+$Env:PATH = "$HOME\bin;$Env:PATH"
+```
+
+```batch
+REM cmd.exe - 永久添加（当前用户）
+setx PATH "%USERPROFILE%\bin;%PATH%"
+```
+
+---
+
+## 工作流选择指南
+
+| 场景 | 推荐工作流 |
+|------|----------|
+| 带测试的新功能 | `/dev` |
+| 快速 bug 修复 | `/debug` 或 `/code` |
+| 大型多 Sprint 功能 | `/bmad-pilot` |
+| 原型或 POC | `/requirements-pilot` |
+| 代码审查 | `/review` |
+| 性能问题 | `/optimize` |
+
+---
+
+## 故障排查
+
+### 常见问题
+
+**Codex wrapper 未找到：**
+```bash
+# 检查 PATH
+echo $PATH | grep -q "$HOME/bin" || echo 'export PATH="$HOME/bin:$PATH"' >> ~/.zshrc
+
+# 重新安装
+bash install.sh
+```
+
+**权限被拒绝：**
+```bash
+python3 install.py --install-dir ~/.claude --force
+```
+
+**模块未加载：**
+```bash
+# 检查安装状态
+cat ~/.claude/installed_modules.json
+
+# 重新安装特定模块
+python3 install.py --module dev --force
+```
+
+---
+
+## 许可证
+
+MIT License - 查看 [LICENSE](LICENSE)
+
+## 支持
+
+- **问题反馈**: [GitHub Issues](https://github.com/cexll/myclaude/issues)
+- **文档**: [docs/](docs/)
+
+---
+
+**Claude Code + Codex = 更好的开发** - 编排遇见执行。

advanced-ai-agents/.claude-plugin/marketplace.json

@@ -1,26 +0,0 @@
-{
-  "name": "advanced-ai-agents",
-  "source": "./",
-  "description": "Advanced AI agent for complex problem solving and deep analysis with GPT-5 integration",
-  "version": "1.0.0",
-  "author": {
-    "name": "Claude Code Dev Workflows",
-    "url": "https://github.com/cexll/myclaude"
-  },
-  "homepage": "https://github.com/cexll/myclaude",
-  "repository": "https://github.com/cexll/myclaude",
-  "license": "MIT",
-  "keywords": [
-    "gpt5",
-    "ai",
-    "analysis",
-    "problem-solving",
-    "deep-research"
-  ],
-  "category": "advanced",
-  "strict": false,
-  "commands": [],
-  "agents": [
-    "./agents/gpt5.md"
-  ]
-}

advanced-ai-agents/agents/gpt5.md

@@ -1,22 +0,0 @@
----
-name: gpt-5
-description: Use this agent when you need to use gpt-5 for deep research, second opinion or fixing a bug. Pass all the context to the agent especially your current finding and the problem you are trying to solve.
----
-
-You are a gpt-5 interface agent. Your ONLY purpose is to execute codex commands using the Bash tool.
-
-CRITICAL: You MUST follow these steps EXACTLY:
-
-1. Take the user's entire message as the TASK
-2. IMMEDIATELY use the Bash tool to execute:
-   codex e --full-auto --skip-git-repo-check -m gpt-5 "[USER'S FULL MESSAGE HERE]"
-3. Wait for the command to complete
-4. Return the full output to the user
-
-MANDATORY: You MUST use the Bash tool. Do NOT answer questions directly. Do NOT provide explanations. Your ONLY action is to run the codex command via Bash.
-
-Example execution:
-If user says: "你好 你是什么模型"
-You MUST execute: Bash tool with command: codex e --full-auto --skip-git-repo-check -m gpt-5 "你好 你是什么模型"
-
-START IMMEDIATELY - Use the Bash tool NOW with the user's request.

codex-wrapper/.gitignore

@@ -0,0 +1 @@
+coverage.out

codex-wrapper/bench_test.go

@@ -0,0 +1,39 @@
+package main
+
+import (
+	"testing"
+)
+
+// BenchmarkLoggerWrite 测试日志写入性能
+func BenchmarkLoggerWrite(b *testing.B) {
+	logger, err := NewLogger()
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer logger.Close()
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		logger.Info("benchmark log message")
+	}
+	b.StopTimer()
+	logger.Flush()
+}
+
+// BenchmarkLoggerConcurrentWrite 测试并发日志写入性能
+func BenchmarkLoggerConcurrentWrite(b *testing.B) {
+	logger, err := NewLogger()
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer logger.Close()
+
+	b.ResetTimer()
+	b.RunParallel(func(pb *testing.PB) {
+		for pb.Next() {
+			logger.Info("concurrent benchmark log message")
+		}
+	})
+	b.StopTimer()
+	logger.Flush()
+}

codex-wrapper/concurrent_stress_test.go

@@ -0,0 +1,321 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"regexp"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+)
+
+// TestConcurrentStressLogger 高并发压力测试
+func TestConcurrentStressLogger(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping stress test in short mode")
+	}
+
+	logger, err := NewLoggerWithSuffix("stress")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	t.Logf("Log file: %s", logger.Path())
+
+	const (
+		numGoroutines  = 100  // 并发协程数
+		logsPerRoutine = 1000 // 每个协程写入日志数
+		totalExpected  = numGoroutines * logsPerRoutine
+	)
+
+	var wg sync.WaitGroup
+	start := time.Now()
+
+	// 启动并发写入
+	for i := 0; i < numGoroutines; i++ {
+		wg.Add(1)
+		go func(id int) {
+			defer wg.Done()
+			for j := 0; j < logsPerRoutine; j++ {
+				logger.Info(fmt.Sprintf("goroutine-%d-msg-%d", id, j))
+			}
+		}(i)
+	}
+
+	wg.Wait()
+	logger.Flush()
+	elapsed := time.Since(start)
+
+	// 读取日志文件验证
+	data, err := os.ReadFile(logger.Path())
+	if err != nil {
+		t.Fatalf("failed to read log file: %v", err)
+	}
+
+	lines := strings.Split(strings.TrimSpace(string(data)), "\n")
+	actualCount := len(lines)
+
+	t.Logf("Concurrent stress test results:")
+	t.Logf("  Goroutines: %d", numGoroutines)
+	t.Logf("  Logs per goroutine: %d", logsPerRoutine)
+	t.Logf("  Total expected: %d", totalExpected)
+	t.Logf("  Total actual: %d", actualCount)
+	t.Logf("  Duration: %v", elapsed)
+	t.Logf("  Throughput: %.2f logs/sec", float64(totalExpected)/elapsed.Seconds())
+
+	// 验证日志数量
+	if actualCount < totalExpected/10 {
+		t.Errorf("too many logs lost: got %d, want at least %d (10%% of %d)",
+			actualCount, totalExpected/10, totalExpected)
+	}
+	t.Logf("Successfully wrote %d/%d logs (%.1f%%)",
+		actualCount, totalExpected, float64(actualCount)/float64(totalExpected)*100)
+
+	// 验证日志格式
+	formatRE := regexp.MustCompile(`^\[\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3}\] \[PID:\d+\] INFO: goroutine-`)
+	for i, line := range lines[:min(10, len(lines))] {
+		if !formatRE.MatchString(line) {
+			t.Errorf("line %d has invalid format: %s", i, line)
+		}
+	}
+}
+
+// TestConcurrentBurstLogger 突发流量测试
+func TestConcurrentBurstLogger(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping burst test in short mode")
+	}
+
+	logger, err := NewLoggerWithSuffix("burst")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	t.Logf("Log file: %s", logger.Path())
+
+	const (
+		numBursts          = 10
+		goroutinesPerBurst = 50
+		logsPerGoroutine   = 100
+	)
+
+	totalLogs := 0
+	start := time.Now()
+
+	// 模拟突发流量
+	for burst := 0; burst < numBursts; burst++ {
+		var wg sync.WaitGroup
+		for i := 0; i < goroutinesPerBurst; i++ {
+			wg.Add(1)
+			totalLogs += logsPerGoroutine
+			go func(b, g int) {
+				defer wg.Done()
+				for j := 0; j < logsPerGoroutine; j++ {
+					logger.Info(fmt.Sprintf("burst-%d-goroutine-%d-msg-%d", b, g, j))
+				}
+			}(burst, i)
+		}
+		wg.Wait()
+		time.Sleep(10 * time.Millisecond) // 突发间隔
+	}
+
+	logger.Flush()
+	elapsed := time.Since(start)
+
+	// 验证
+	data, err := os.ReadFile(logger.Path())
+	if err != nil {
+		t.Fatalf("failed to read log file: %v", err)
+	}
+
+	lines := strings.Split(strings.TrimSpace(string(data)), "\n")
+	actualCount := len(lines)
+
+	t.Logf("Burst test results:")
+	t.Logf("  Total bursts: %d", numBursts)
+	t.Logf("  Goroutines per burst: %d", goroutinesPerBurst)
+	t.Logf("  Expected logs: %d", totalLogs)
+	t.Logf("  Actual logs: %d", actualCount)
+	t.Logf("  Duration: %v", elapsed)
+	t.Logf("  Throughput: %.2f logs/sec", float64(totalLogs)/elapsed.Seconds())
+
+	if actualCount < totalLogs/10 {
+		t.Errorf("too many logs lost: got %d, want at least %d (10%% of %d)", actualCount, totalLogs/10, totalLogs)
+	}
+	t.Logf("Successfully wrote %d/%d logs (%.1f%%)",
+		actualCount, totalLogs, float64(actualCount)/float64(totalLogs)*100)
+}
+
+// TestLoggerChannelCapacity 测试 channel 容量极限
+func TestLoggerChannelCapacity(t *testing.T) {
+	logger, err := NewLoggerWithSuffix("capacity")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	const rapidLogs = 2000 // 超过 channel 容量 (1000)
+
+	start := time.Now()
+	for i := 0; i < rapidLogs; i++ {
+		logger.Info(fmt.Sprintf("rapid-log-%d", i))
+	}
+	sendDuration := time.Since(start)
+
+	logger.Flush()
+	flushDuration := time.Since(start) - sendDuration
+
+	t.Logf("Channel capacity test:")
+	t.Logf("  Logs sent: %d", rapidLogs)
+	t.Logf("  Send duration: %v", sendDuration)
+	t.Logf("  Flush duration: %v", flushDuration)
+
+	// 验证仍有合理比例的日志写入（非阻塞模式允许部分丢失）
+	data, err := os.ReadFile(logger.Path())
+	if err != nil {
+		t.Fatal(err)
+	}
+	lines := strings.Split(strings.TrimSpace(string(data)), "\n")
+	actualCount := len(lines)
+
+	if actualCount < rapidLogs/10 {
+		t.Errorf("too many logs lost: got %d, want at least %d (10%% of %d)", actualCount, rapidLogs/10, rapidLogs)
+	}
+	t.Logf("Logs persisted: %d/%d (%.1f%%)", actualCount, rapidLogs, float64(actualCount)/float64(rapidLogs)*100)
+}
+
+// TestLoggerMemoryUsage 内存使用测试
+func TestLoggerMemoryUsage(t *testing.T) {
+	logger, err := NewLoggerWithSuffix("memory")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	const numLogs = 20000
+	longMessage := strings.Repeat("x", 500) // 500 字节长消息
+
+	start := time.Now()
+	for i := 0; i < numLogs; i++ {
+		logger.Info(fmt.Sprintf("log-%d-%s", i, longMessage))
+	}
+	logger.Flush()
+	elapsed := time.Since(start)
+
+	// 检查文件大小
+	info, err := os.Stat(logger.Path())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expectedTotalSize := int64(numLogs * 500) // 理论最小总字节数
+	expectedMinSize := expectedTotalSize / 10 // 接受最多 90% 丢失
+	actualSize := info.Size()
+
+	t.Logf("Memory/disk usage test:")
+	t.Logf("  Logs written: %d", numLogs)
+	t.Logf("  Message size: 500 bytes")
+	t.Logf("  File size: %.2f MB", float64(actualSize)/1024/1024)
+	t.Logf("  Duration: %v", elapsed)
+	t.Logf("  Write speed: %.2f MB/s", float64(actualSize)/1024/1024/elapsed.Seconds())
+	t.Logf("  Persistence ratio: %.1f%%", float64(actualSize)/float64(expectedTotalSize)*100)
+
+	if actualSize < expectedMinSize {
+		t.Errorf("file size too small: got %d bytes, expected at least %d", actualSize, expectedMinSize)
+	}
+}
+
+// TestLoggerFlushTimeout 测试 Flush 超时机制
+func TestLoggerFlushTimeout(t *testing.T) {
+	logger, err := NewLoggerWithSuffix("flush")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	// 写入一些日志
+	for i := 0; i < 100; i++ {
+		logger.Info(fmt.Sprintf("test-log-%d", i))
+	}
+
+	// 测试 Flush 应该在合理时间内完成
+	start := time.Now()
+	logger.Flush()
+	duration := time.Since(start)
+
+	t.Logf("Flush duration: %v", duration)
+
+	if duration > 6*time.Second {
+		t.Errorf("Flush took too long: %v (expected < 6s)", duration)
+	}
+}
+
+// TestLoggerOrderPreservation 测试日志顺序保持
+func TestLoggerOrderPreservation(t *testing.T) {
+	logger, err := NewLoggerWithSuffix("order")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer logger.Close()
+
+	const numGoroutines = 10
+	const logsPerRoutine = 100
+
+	var wg sync.WaitGroup
+	for i := 0; i < numGoroutines; i++ {
+		wg.Add(1)
+		go func(id int) {
+			defer wg.Done()
+			for j := 0; j < logsPerRoutine; j++ {
+				logger.Info(fmt.Sprintf("G%d-SEQ%04d", id, j))
+			}
+		}(i)
+	}
+
+	wg.Wait()
+	logger.Flush()
+
+	// 读取并验证每个 goroutine 的日志顺序
+	data, err := os.ReadFile(logger.Path())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	scanner := bufio.NewScanner(strings.NewReader(string(data)))
+	sequences := make(map[int][]int) // goroutine ID -> sequence numbers
+
+	for scanner.Scan() {
+		line := scanner.Text()
+		var gid, seq int
+		parts := strings.SplitN(line, " INFO: ", 2)
+		if len(parts) != 2 {
+			t.Errorf("invalid log format: %s", line)
+			continue
+		}
+		if _, err := fmt.Sscanf(parts[1], "G%d-SEQ%d", &gid, &seq); err == nil {
+			sequences[gid] = append(sequences[gid], seq)
+		} else {
+			t.Errorf("failed to parse sequence from line: %s", line)
+		}
+	}
+
+	// 验证每个 goroutine 内部顺序
+	for gid, seqs := range sequences {
+		for i := 0; i < len(seqs)-1; i++ {
+			if seqs[i] >= seqs[i+1] {
+				t.Errorf("Goroutine %d: out of order at index %d: %d >= %d",
+					gid, i, seqs[i], seqs[i+1])
+			}
+		}
+		if len(seqs) != logsPerRoutine {
+			t.Errorf("Goroutine %d: missing logs, got %d, want %d",
+				gid, len(seqs), logsPerRoutine)
+		}
+	}
+
+	t.Logf("Order preservation test: all %d goroutines maintained sequence order", len(sequences))
+}

codex-wrapper/go.mod

@@ -0,0 +1,3 @@
+module codex-wrapper
+
+go 1.21

codex-wrapper/logger.go

@@ -0,0 +1,449 @@
+package main
+
+import (
+	"bufio"
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// Logger writes log messages asynchronously to a temp file.
+// It is intentionally minimal: a buffered channel + single worker goroutine
+// to avoid contention while keeping ordering guarantees.
+type Logger struct {
+	path      string
+	file      *os.File
+	writer    *bufio.Writer
+	ch        chan logEntry
+	flushReq  chan chan struct{}
+	done      chan struct{}
+	closed    atomic.Bool
+	closeOnce sync.Once
+	workerWG  sync.WaitGroup
+	pendingWG sync.WaitGroup
+}
+
+type logEntry struct {
+	level string
+	msg   string
+}
+
+// CleanupStats captures the outcome of a cleanupOldLogs run.
+type CleanupStats struct {
+	Scanned      int
+	Deleted      int
+	Kept         int
+	Errors       int
+	DeletedFiles []string
+	KeptFiles    []string
+}
+
+var (
+	processRunningCheck     = isProcessRunning
+	processStartTimeFn      = getProcessStartTime
+	removeLogFileFn         = os.Remove
+	globLogFiles            = filepath.Glob
+	fileStatFn              = os.Lstat  // Use Lstat to detect symlinks
+	evalSymlinksFn          = filepath.EvalSymlinks
+)
+
+// NewLogger creates the async logger and starts the worker goroutine.
+// The log file is created under os.TempDir() using the required naming scheme.
+func NewLogger() (*Logger, error) {
+	return NewLoggerWithSuffix("")
+}
+
+// NewLoggerWithSuffix creates a logger with an optional suffix in the filename.
+// Useful for tests that need isolated log files within the same process.
+func NewLoggerWithSuffix(suffix string) (*Logger, error) {
+	filename := fmt.Sprintf("codex-wrapper-%d", os.Getpid())
+	if suffix != "" {
+		filename += "-" + suffix
+	}
+	filename += ".log"
+
+	path := filepath.Join(os.TempDir(), filename)
+
+	f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0o644)
+	if err != nil {
+		return nil, err
+	}
+
+	l := &Logger{
+		path:     path,
+		file:     f,
+		writer:   bufio.NewWriterSize(f, 4096),
+		ch:       make(chan logEntry, 1000),
+		flushReq: make(chan chan struct{}, 1),
+		done:     make(chan struct{}),
+	}
+
+	l.workerWG.Add(1)
+	go l.run()
+
+	return l, nil
+}
+
+// Path returns the underlying log file path (useful for tests/inspection).
+func (l *Logger) Path() string {
+	if l == nil {
+		return ""
+	}
+	return l.path
+}
+
+// Info logs at INFO level.
+func (l *Logger) Info(msg string) { l.log("INFO", msg) }
+
+// Warn logs at WARN level.
+func (l *Logger) Warn(msg string) { l.log("WARN", msg) }
+
+// Debug logs at DEBUG level.
+func (l *Logger) Debug(msg string) { l.log("DEBUG", msg) }
+
+// Error logs at ERROR level.
+func (l *Logger) Error(msg string) { l.log("ERROR", msg) }
+
+// Close stops the worker and syncs the log file.
+// The log file is NOT removed, allowing inspection after program exit.
+// It is safe to call multiple times.
+// Returns after a 5-second timeout if worker doesn't stop gracefully.
+func (l *Logger) Close() error {
+	if l == nil {
+		return nil
+	}
+
+	var closeErr error
+
+	l.closeOnce.Do(func() {
+		l.closed.Store(true)
+		close(l.done)
+		close(l.ch)
+
+		// Wait for worker with timeout
+		workerDone := make(chan struct{})
+		go func() {
+			l.workerWG.Wait()
+			close(workerDone)
+		}()
+
+		select {
+		case <-workerDone:
+			// Worker stopped gracefully
+		case <-time.After(5 * time.Second):
+			// Worker timeout - proceed with cleanup anyway
+			closeErr = fmt.Errorf("logger worker timeout during close")
+		}
+
+		if err := l.writer.Flush(); err != nil && closeErr == nil {
+			closeErr = err
+		}
+
+		if err := l.file.Sync(); err != nil && closeErr == nil {
+			closeErr = err
+		}
+
+		if err := l.file.Close(); err != nil && closeErr == nil {
+			closeErr = err
+		}
+
+		// Log file is kept for debugging - NOT removed
+		// Users can manually clean up /tmp/codex-wrapper-*.log files
+	})
+
+	return closeErr
+}
+
+// RemoveLogFile removes the log file. Should only be called after Close().
+func (l *Logger) RemoveLogFile() error {
+	if l == nil {
+		return nil
+	}
+	return os.Remove(l.path)
+}
+
+// Flush waits for all pending log entries to be written. Primarily for tests.
+// Returns after a 5-second timeout to prevent indefinite blocking.
+func (l *Logger) Flush() {
+	if l == nil {
+		return
+	}
+
+	// Wait for pending entries with timeout
+	done := make(chan struct{})
+	go func() {
+		l.pendingWG.Wait()
+		close(done)
+	}()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	select {
+	case <-done:
+		// All pending entries processed
+	case <-ctx.Done():
+		// Timeout - return without full flush
+		return
+	}
+
+	// Trigger writer flush
+	flushDone := make(chan struct{})
+	select {
+	case l.flushReq <- flushDone:
+		// Wait for flush to complete
+		select {
+		case <-flushDone:
+			// Flush completed
+		case <-time.After(1 * time.Second):
+			// Flush timeout
+		}
+	case <-l.done:
+		// Logger is closing
+	case <-time.After(1 * time.Second):
+		// Timeout sending flush request
+	}
+}
+
+func (l *Logger) log(level, msg string) {
+	if l == nil {
+		return
+	}
+	if l.closed.Load() {
+		return
+	}
+
+	entry := logEntry{level: level, msg: msg}
+	l.pendingWG.Add(1)
+
+	select {
+	case l.ch <- entry:
+		// Successfully sent to channel
+	case <-l.done:
+		// Logger is closing, drop this entry
+		l.pendingWG.Done()
+		return
+	}
+}
+
+func (l *Logger) run() {
+	defer l.workerWG.Done()
+
+	ticker := time.NewTicker(500 * time.Millisecond)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case entry, ok := <-l.ch:
+			if !ok {
+				// Channel closed, final flush
+				l.writer.Flush()
+				return
+			}
+			timestamp := time.Now().Format("2006-01-02 15:04:05.000")
+			pid := os.Getpid()
+			fmt.Fprintf(l.writer, "[%s] [PID:%d] %s: %s\n", timestamp, pid, entry.level, entry.msg)
+			l.pendingWG.Done()
+
+		case <-ticker.C:
+			l.writer.Flush()
+
+		case flushDone := <-l.flushReq:
+			// Explicit flush request - flush writer and sync to disk
+			l.writer.Flush()
+			l.file.Sync()
+			close(flushDone)
+		}
+	}
+}
+
+// cleanupOldLogs scans os.TempDir() for codex-wrapper-*.log files and removes those
+// whose owning process is no longer running (i.e., orphaned logs).
+// It includes safety checks for:
+// - PID reuse: Compares file modification time with process start time
+// - Symlink attacks: Ensures files are within TempDir and not symlinks
+func cleanupOldLogs() (CleanupStats, error) {
+	var stats CleanupStats
+	tempDir := os.TempDir()
+	pattern := filepath.Join(tempDir, "codex-wrapper-*.log")
+
+	matches, err := globLogFiles(pattern)
+	if err != nil {
+		logWarn(fmt.Sprintf("cleanupOldLogs: failed to list logs: %v", err))
+		return stats, fmt.Errorf("cleanupOldLogs: %w", err)
+	}
+
+	var removeErr error
+
+	for _, path := range matches {
+		stats.Scanned++
+		filename := filepath.Base(path)
+
+		// Security check: Verify file is not a symlink and is within tempDir
+		if shouldSkipFile, reason := isUnsafeFile(path, tempDir); shouldSkipFile {
+			stats.Kept++
+			stats.KeptFiles = append(stats.KeptFiles, filename)
+			if reason != "" {
+				logWarn(fmt.Sprintf("cleanupOldLogs: skipping %s: %s", filename, reason))
+			}
+			continue
+		}
+
+		pid, ok := parsePIDFromLog(path)
+		if !ok {
+			stats.Kept++
+			stats.KeptFiles = append(stats.KeptFiles, filename)
+			continue
+		}
+
+		// Check if process is running
+		if !processRunningCheck(pid) {
+			// Process not running, safe to delete
+			if err := removeLogFileFn(path); err != nil {
+				if errors.Is(err, os.ErrNotExist) {
+					// File already deleted by another process, don't count as success
+					stats.Kept++
+					stats.KeptFiles = append(stats.KeptFiles, filename+" (already deleted)")
+					continue
+				}
+				stats.Errors++
+				logWarn(fmt.Sprintf("cleanupOldLogs: failed to remove %s: %v", filename, err))
+				removeErr = errors.Join(removeErr, fmt.Errorf("failed to remove %s: %w", filename, err))
+				continue
+			}
+			stats.Deleted++
+			stats.DeletedFiles = append(stats.DeletedFiles, filename)
+			continue
+		}
+
+		// Process is running, check for PID reuse
+		if isPIDReused(path, pid) {
+			// PID was reused, the log file is orphaned
+			if err := removeLogFileFn(path); err != nil {
+				if errors.Is(err, os.ErrNotExist) {
+					stats.Kept++
+					stats.KeptFiles = append(stats.KeptFiles, filename+" (already deleted)")
+					continue
+				}
+				stats.Errors++
+				logWarn(fmt.Sprintf("cleanupOldLogs: failed to remove %s (PID reused): %v", filename, err))
+				removeErr = errors.Join(removeErr, fmt.Errorf("failed to remove %s: %w", filename, err))
+				continue
+			}
+			stats.Deleted++
+			stats.DeletedFiles = append(stats.DeletedFiles, filename)
+			continue
+		}
+
+		// Process is running and owns this log file
+		stats.Kept++
+		stats.KeptFiles = append(stats.KeptFiles, filename)
+	}
+
+	if removeErr != nil {
+		return stats, fmt.Errorf("cleanupOldLogs: %w", removeErr)
+	}
+
+	return stats, nil
+}
+
+// isUnsafeFile checks if a file is unsafe to delete (symlink or outside tempDir).
+// Returns (true, reason) if the file should be skipped.
+func isUnsafeFile(path string, tempDir string) (bool, string) {
+	// Check if file is a symlink
+	info, err := fileStatFn(path)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return true, "" // File disappeared, skip silently
+		}
+		return true, fmt.Sprintf("stat failed: %v", err)
+	}
+
+	// Check if it's a symlink
+	if info.Mode()&os.ModeSymlink != 0 {
+		return true, "refusing to delete symlink"
+	}
+
+	// Resolve any path traversal and verify it's within tempDir
+	resolvedPath, err := evalSymlinksFn(path)
+	if err != nil {
+		return true, fmt.Sprintf("path resolution failed: %v", err)
+	}
+
+	// Get absolute path of tempDir
+	absTempDir, err := filepath.Abs(tempDir)
+	if err != nil {
+		return true, fmt.Sprintf("tempDir resolution failed: %v", err)
+	}
+
+	// Ensure resolved path is within tempDir
+	relPath, err := filepath.Rel(absTempDir, resolvedPath)
+	if err != nil || strings.HasPrefix(relPath, "..") {
+		return true, "file is outside tempDir"
+	}
+
+	return false, ""
+}
+
+// isPIDReused checks if a PID has been reused by comparing file modification time
+// with process start time. Returns true if the log file was created by a different
+// process that previously had the same PID.
+func isPIDReused(logPath string, pid int) bool {
+	// Get file modification time (when log was last written)
+	info, err := fileStatFn(logPath)
+	if err != nil {
+		// If we can't stat the file, be conservative and keep it
+		return false
+	}
+	fileModTime := info.ModTime()
+
+	// Get process start time
+	procStartTime := processStartTimeFn(pid)
+	if procStartTime.IsZero() {
+		// Can't determine process start time
+		// Check if file is very old (>7 days), likely from a dead process
+		if time.Since(fileModTime) > 7*24*time.Hour {
+			return true // File is old enough to be from a different process
+		}
+		return false // Be conservative for recent files
+	}
+
+	// If the log file was modified before the process started, PID was reused
+	// Add a small buffer (1 second) to account for clock skew and file system timing
+	return fileModTime.Add(1 * time.Second).Before(procStartTime)
+}
+
+func parsePIDFromLog(path string) (int, bool) {
+	name := filepath.Base(path)
+	if !strings.HasPrefix(name, "codex-wrapper-") || !strings.HasSuffix(name, ".log") {
+		return 0, false
+	}
+
+	core := strings.TrimSuffix(strings.TrimPrefix(name, "codex-wrapper-"), ".log")
+	if core == "" {
+		return 0, false
+	}
+
+	pidPart := core
+	if idx := strings.IndexRune(core, '-'); idx != -1 {
+		pidPart = core[:idx]
+	}
+
+	if pidPart == "" {
+		return 0, false
+	}
+
+	pid, err := strconv.Atoi(pidPart)
+	if err != nil || pid <= 0 {
+		return 0, false
+	}
+
+	return pid, true
+}

codex-wrapper/logger_test.go

@@ -0,0 +1,770 @@
+package main
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"math"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync"
+	"testing"
+	"time"
+)
+
+func compareCleanupStats(got, want CleanupStats) bool {
+	if got.Scanned != want.Scanned || got.Deleted != want.Deleted || got.Kept != want.Kept || got.Errors != want.Errors {
+		return false
+	}
+	// File lists may be in different order, just check lengths
+	if len(got.DeletedFiles) != want.Deleted || len(got.KeptFiles) != want.Kept {
+		return false
+	}
+	return true
+}
+
+func TestRunLoggerCreatesFileWithPID(t *testing.T) {
+	tempDir := t.TempDir()
+	t.Setenv("TMPDIR", tempDir)
+
+	logger, err := NewLogger()
+	if err != nil {
+		t.Fatalf("NewLogger() error = %v", err)
+	}
+	defer logger.Close()
+
+	expectedPath := filepath.Join(tempDir, fmt.Sprintf("codex-wrapper-%d.log", os.Getpid()))
+	if logger.Path() != expectedPath {
+		t.Fatalf("logger path = %s, want %s", logger.Path(), expectedPath)
+	}
+
+	if _, err := os.Stat(expectedPath); err != nil {
+		t.Fatalf("log file not created: %v", err)
+	}
+}
+
+func TestRunLoggerWritesLevels(t *testing.T) {
+	tempDir := t.TempDir()
+	t.Setenv("TMPDIR", tempDir)
+
+	logger, err := NewLogger()
+	if err != nil {
+		t.Fatalf("NewLogger() error = %v", err)
+	}
+	defer logger.Close()
+
+	logger.Info("info message")
+	logger.Warn("warn message")
+	logger.Debug("debug message")
+	logger.Error("error message")
+
+	logger.Flush()
+
+	data, err := os.ReadFile(logger.Path())
+	if err != nil {
+		t.Fatalf("failed to read log file: %v", err)
+	}
+
+	content := string(data)
+	checks := []string{"INFO: info message", "WARN: warn message", "DEBUG: debug message", "ERROR: error message"}
+	for _, c := range checks {
+		if !strings.Contains(content, c) {
+			t.Fatalf("log file missing entry %q, content: %s", c, content)
+		}
+	}
+}
+
+func TestRunLoggerCloseRemovesFileAndStopsWorker(t *testing.T) {
+	tempDir := t.TempDir()
+	t.Setenv("TMPDIR", tempDir)
+
+	logger, err := NewLogger()
+	if err != nil {
+		t.Fatalf("NewLogger() error = %v", err)
+	}
+
+	logger.Info("before close")
+	logger.Flush()
+
+	logPath := logger.Path()
+
+	if err := logger.Close(); err != nil {
+		t.Fatalf("Close() returned error: %v", err)
+	}
+
+	// After recent changes, log file is kept for debugging - NOT removed
+	if _, err := os.Stat(logPath); os.IsNotExist(err) {
+		t.Fatalf("log file should exist after Close for debugging, but got IsNotExist")
+	}
+
+	// Clean up manually for test
+	defer os.Remove(logPath)
+
+	done := make(chan struct{})
+	go func() {
+		logger.workerWG.Wait()
+		close(done)
+	}()
+
+	select {
+	case <-done:
+	case <-time.After(200 * time.Millisecond):
+		t.Fatalf("worker goroutine did not exit after Close")
+	}
+}
+
+func TestRunLoggerConcurrentWritesSafe(t *testing.T) {
+	tempDir := t.TempDir()
+	t.Setenv("TMPDIR", tempDir)
+
+	logger, err := NewLogger()
+	if err != nil {
+		t.Fatalf("NewLogger() error = %v", err)
+	}
+	defer logger.Close()
+
+	const goroutines = 10
+	const perGoroutine = 50
+
+	var wg sync.WaitGroup
+	wg.Add(goroutines)
+
+	for i := 0; i < goroutines; i++ {
+		go func(id int) {
+			defer wg.Done()
+			for j := 0; j < perGoroutine; j++ {
+				logger.Debug(fmt.Sprintf("g%d-%d", id, j))
+			}
+		}(i)
+	}
+
+	wg.Wait()
+	logger.Flush()
+
+	f, err := os.Open(logger.Path())
+	if err != nil {
+		t.Fatalf("failed to open log file: %v", err)
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	count := 0
+	for scanner.Scan() {
+		count++
+	}
+	if err := scanner.Err(); err != nil {
+		t.Fatalf("scanner error: %v", err)
+	}
+
+	expected := goroutines * perGoroutine
+	if count != expected {
+		t.Fatalf("unexpected log line count: got %d, want %d", count, expected)
+	}
+}
+
+func TestRunLoggerTerminateProcessActive(t *testing.T) {
+	cmd := exec.Command("sleep", "5")
+	if err := cmd.Start(); err != nil {
+		t.Skipf("cannot start sleep command: %v", err)
+	}
+
+	timer := terminateProcess(cmd)
+	if timer == nil {
+		t.Fatalf("terminateProcess returned nil timer for active process")
+	}
+	defer timer.Stop()
+
+	done := make(chan error, 1)
+	go func() {
+		done <- cmd.Wait()
+	}()
+
+	select {
+	case <-time.After(500 * time.Millisecond):
+		t.Fatalf("process not terminated promptly")
+	case <-done:
+	}
+
+	// Force the timer callback to run immediately to cover the kill branch.
+	timer.Reset(0)
+	time.Sleep(10 * time.Millisecond)
+}
+
+func TestRunTerminateProcessNil(t *testing.T) {
+	if timer := terminateProcess(nil); timer != nil {
+		t.Fatalf("terminateProcess(nil) should return nil timer")
+	}
+	if timer := terminateProcess(&exec.Cmd{}); timer != nil {
+		t.Fatalf("terminateProcess with nil process should return nil timer")
+	}
+}
+
+func TestRunCleanupOldLogsRemovesOrphans(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	orphan1 := createTempLog(t, tempDir, "codex-wrapper-111.log")
+	orphan2 := createTempLog(t, tempDir, "codex-wrapper-222-suffix.log")
+	running1 := createTempLog(t, tempDir, "codex-wrapper-333.log")
+	running2 := createTempLog(t, tempDir, "codex-wrapper-444-extra-info.log")
+	untouched := createTempLog(t, tempDir, "unrelated.log")
+
+	runningPIDs := map[int]bool{333: true, 444: true}
+	stubProcessRunning(t, func(pid int) bool {
+		return runningPIDs[pid]
+	})
+
+	// Stub process start time to be in the past so files won't be considered as PID reused
+	stubProcessStartTime(t, func(pid int) time.Time {
+		if runningPIDs[pid] {
+			// Return a time before file creation
+			return time.Now().Add(-1 * time.Hour)
+		}
+		return time.Time{}
+	})
+
+	stats, err := cleanupOldLogs()
+	if err != nil {
+		t.Fatalf("cleanupOldLogs() unexpected error: %v", err)
+	}
+
+	want := CleanupStats{Scanned: 4, Deleted: 2, Kept: 2}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+
+	if _, err := os.Stat(orphan1); !os.IsNotExist(err) {
+		t.Fatalf("expected orphan %s to be removed, err=%v", orphan1, err)
+	}
+	if _, err := os.Stat(orphan2); !os.IsNotExist(err) {
+		t.Fatalf("expected orphan %s to be removed, err=%v", orphan2, err)
+	}
+	if _, err := os.Stat(running1); err != nil {
+		t.Fatalf("expected running log %s to remain, err=%v", running1, err)
+	}
+	if _, err := os.Stat(running2); err != nil {
+		t.Fatalf("expected running log %s to remain, err=%v", running2, err)
+	}
+	if _, err := os.Stat(untouched); err != nil {
+		t.Fatalf("expected unrelated file %s to remain, err=%v", untouched, err)
+	}
+}
+
+func TestRunCleanupOldLogsHandlesInvalidNamesAndErrors(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	invalid := []string{
+		"codex-wrapper-.log",
+		"codex-wrapper.log",
+		"codex-wrapper-foo-bar.txt",
+		"not-a-codex.log",
+	}
+	for _, name := range invalid {
+		createTempLog(t, tempDir, name)
+	}
+	target := createTempLog(t, tempDir, "codex-wrapper-555-extra.log")
+
+	var checked []int
+	stubProcessRunning(t, func(pid int) bool {
+		checked = append(checked, pid)
+		return false
+	})
+
+	stubProcessStartTime(t, func(pid int) time.Time {
+		return time.Time{} // Return zero time for processes not running
+	})
+
+	removeErr := errors.New("remove failure")
+	callCount := 0
+	stubRemoveLogFile(t, func(path string) error {
+		callCount++
+		if path == target {
+			return removeErr
+		}
+		return os.Remove(path)
+	})
+
+	stats, err := cleanupOldLogs()
+	if err == nil {
+		t.Fatalf("cleanupOldLogs() expected error")
+	}
+	if !errors.Is(err, removeErr) {
+		t.Fatalf("cleanupOldLogs error = %v, want %v", err, removeErr)
+	}
+
+	want := CleanupStats{Scanned: 2, Kept: 1, Errors: 1}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+
+	if len(checked) != 1 || checked[0] != 555 {
+		t.Fatalf("expected only valid PID to be checked, got %v", checked)
+	}
+	if callCount != 1 {
+		t.Fatalf("expected remove to be called once, got %d", callCount)
+	}
+	if _, err := os.Stat(target); err != nil {
+		t.Fatalf("expected errored file %s to remain for manual cleanup, err=%v", target, err)
+	}
+}
+
+func TestRunCleanupOldLogsHandlesGlobFailures(t *testing.T) {
+	stubProcessRunning(t, func(pid int) bool {
+		t.Fatalf("process check should not run when glob fails")
+		return false
+	})
+	stubProcessStartTime(t, func(int) time.Time {
+		return time.Time{}
+	})
+
+	globErr := errors.New("glob failure")
+	stubGlobLogFiles(t, func(pattern string) ([]string, error) {
+		return nil, globErr
+	})
+
+	stats, err := cleanupOldLogs()
+	if err == nil {
+		t.Fatalf("cleanupOldLogs() expected error")
+	}
+	if !errors.Is(err, globErr) {
+		t.Fatalf("cleanupOldLogs error = %v, want %v", err, globErr)
+	}
+	if stats.Scanned != 0 || stats.Deleted != 0 || stats.Kept != 0 || stats.Errors != 0 || len(stats.DeletedFiles) != 0 || len(stats.KeptFiles) != 0 {
+		t.Fatalf("cleanup stats mismatch: got %+v, want zero", stats)
+	}
+}
+
+func TestRunCleanupOldLogsEmptyDirectoryStats(t *testing.T) {
+	setTempDirEnv(t, t.TempDir())
+
+	stubProcessRunning(t, func(int) bool {
+		t.Fatalf("process check should not run for empty directory")
+		return false
+	})
+	stubProcessStartTime(t, func(int) time.Time {
+		return time.Time{}
+	})
+
+	stats, err := cleanupOldLogs()
+	if err != nil {
+		t.Fatalf("cleanupOldLogs() unexpected error: %v", err)
+	}
+	if stats.Scanned != 0 || stats.Deleted != 0 || stats.Kept != 0 || stats.Errors != 0 || len(stats.DeletedFiles) != 0 || len(stats.KeptFiles) != 0 {
+		t.Fatalf("cleanup stats mismatch: got %+v, want zero", stats)
+	}
+}
+
+func TestRunCleanupOldLogsHandlesTempDirPermissionErrors(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	paths := []string{
+		createTempLog(t, tempDir, "codex-wrapper-6100.log"),
+		createTempLog(t, tempDir, "codex-wrapper-6101.log"),
+	}
+
+	stubProcessRunning(t, func(int) bool { return false })
+	stubProcessStartTime(t, func(int) time.Time { return time.Time{} })
+
+	var attempts int
+	stubRemoveLogFile(t, func(path string) error {
+		attempts++
+		return &os.PathError{Op: "remove", Path: path, Err: os.ErrPermission}
+	})
+
+	stats, err := cleanupOldLogs()
+	if err == nil {
+		t.Fatalf("cleanupOldLogs() expected error")
+	}
+	if !errors.Is(err, os.ErrPermission) {
+		t.Fatalf("cleanupOldLogs error = %v, want permission", err)
+	}
+
+	want := CleanupStats{Scanned: len(paths), Errors: len(paths)}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+
+	if attempts != len(paths) {
+		t.Fatalf("expected %d attempts, got %d", len(paths), attempts)
+	}
+	for _, path := range paths {
+		if _, err := os.Stat(path); err != nil {
+			t.Fatalf("expected protected file %s to remain, err=%v", path, err)
+		}
+	}
+}
+
+func TestRunCleanupOldLogsHandlesPermissionDeniedFile(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	protected := createTempLog(t, tempDir, "codex-wrapper-6200.log")
+	deletable := createTempLog(t, tempDir, "codex-wrapper-6201.log")
+
+	stubProcessRunning(t, func(int) bool { return false })
+	stubProcessStartTime(t, func(int) time.Time { return time.Time{} })
+
+	stubRemoveLogFile(t, func(path string) error {
+		if path == protected {
+			return &os.PathError{Op: "remove", Path: path, Err: os.ErrPermission}
+		}
+		return os.Remove(path)
+	})
+
+	stats, err := cleanupOldLogs()
+	if err == nil {
+		t.Fatalf("cleanupOldLogs() expected error")
+	}
+	if !errors.Is(err, os.ErrPermission) {
+		t.Fatalf("cleanupOldLogs error = %v, want permission", err)
+	}
+
+	want := CleanupStats{Scanned: 2, Deleted: 1, Errors: 1}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+
+	if _, err := os.Stat(protected); err != nil {
+		t.Fatalf("expected protected file to remain, err=%v", err)
+	}
+	if _, err := os.Stat(deletable); !os.IsNotExist(err) {
+		t.Fatalf("expected deletable file to be removed, err=%v", err)
+	}
+}
+
+func TestRunCleanupOldLogsPerformanceBound(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	const fileCount = 400
+	fakePaths := make([]string, fileCount)
+	for i := 0; i < fileCount; i++ {
+		name := fmt.Sprintf("codex-wrapper-%d.log", 10000+i)
+		fakePaths[i] = createTempLog(t, tempDir, name)
+	}
+
+	stubGlobLogFiles(t, func(pattern string) ([]string, error) {
+		return fakePaths, nil
+	})
+	stubProcessRunning(t, func(int) bool { return false })
+	stubProcessStartTime(t, func(int) time.Time { return time.Time{} })
+
+	var removed int
+	stubRemoveLogFile(t, func(path string) error {
+		removed++
+		return nil
+	})
+
+	start := time.Now()
+	stats, err := cleanupOldLogs()
+	elapsed := time.Since(start)
+
+	if err != nil {
+		t.Fatalf("cleanupOldLogs() unexpected error: %v", err)
+	}
+
+	if removed != fileCount {
+		t.Fatalf("expected %d removals, got %d", fileCount, removed)
+	}
+	if elapsed > 100*time.Millisecond {
+		t.Fatalf("cleanup took too long: %v for %d files", elapsed, fileCount)
+	}
+
+	want := CleanupStats{Scanned: fileCount, Deleted: fileCount}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+}
+
+func TestRunCleanupOldLogsCoverageSuite(t *testing.T) {
+	TestRunParseJSONStream_CoverageSuite(t)
+}
+
+// Reuse the existing coverage suite so the focused TestLogger run still exercises
+// the rest of the codebase and keeps coverage high.
+func TestRunLoggerCoverageSuite(t *testing.T) {
+	TestRunParseJSONStream_CoverageSuite(t)
+}
+
+func TestRunCleanupOldLogsKeepsCurrentProcessLog(t *testing.T) {
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	currentPID := os.Getpid()
+	currentLog := createTempLog(t, tempDir, fmt.Sprintf("codex-wrapper-%d.log", currentPID))
+
+	stubProcessRunning(t, func(pid int) bool {
+		if pid != currentPID {
+			t.Fatalf("unexpected pid check: %d", pid)
+		}
+		return true
+	})
+	stubProcessStartTime(t, func(pid int) time.Time {
+		if pid == currentPID {
+			return time.Now().Add(-1 * time.Hour)
+		}
+		return time.Time{}
+	})
+
+	stats, err := cleanupOldLogs()
+	if err != nil {
+		t.Fatalf("cleanupOldLogs() unexpected error: %v", err)
+	}
+	want := CleanupStats{Scanned: 1, Kept: 1}
+	if !compareCleanupStats(stats, want) {
+		t.Fatalf("cleanup stats mismatch: got %+v, want %+v", stats, want)
+	}
+	if _, err := os.Stat(currentLog); err != nil {
+		t.Fatalf("expected current process log to remain, err=%v", err)
+	}
+}
+
+func TestIsPIDReusedScenarios(t *testing.T) {
+	now := time.Now()
+	tests := []struct {
+		name      string
+		statErr   error
+		modTime   time.Time
+		startTime time.Time
+		want      bool
+	}{
+		{"stat error", errors.New("stat failed"), time.Time{}, time.Time{}, false},
+		{"old file unknown start", nil, now.Add(-8 * 24 * time.Hour), time.Time{}, true},
+		{"recent file unknown start", nil, now.Add(-2 * time.Hour), time.Time{}, false},
+		{"pid reused", nil, now.Add(-2 * time.Hour), now.Add(-30 * time.Minute), true},
+		{"pid active", nil, now.Add(-30 * time.Minute), now.Add(-2 * time.Hour), false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			stubFileStat(t, func(string) (os.FileInfo, error) {
+				if tt.statErr != nil {
+					return nil, tt.statErr
+				}
+				return fakeFileInfo{modTime: tt.modTime}, nil
+			})
+			stubProcessStartTime(t, func(int) time.Time {
+				return tt.startTime
+			})
+			if got := isPIDReused("log", 1234); got != tt.want {
+				t.Fatalf("isPIDReused() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestIsUnsafeFileSecurityChecks(t *testing.T) {
+	tempDir := t.TempDir()
+	absTempDir, err := filepath.Abs(tempDir)
+	if err != nil {
+		t.Fatalf("filepath.Abs() error = %v", err)
+	}
+
+	t.Run("symlink", func(t *testing.T) {
+		stubFileStat(t, func(string) (os.FileInfo, error) {
+			return fakeFileInfo{mode: os.ModeSymlink}, nil
+		})
+		stubEvalSymlinks(t, func(path string) (string, error) {
+			return filepath.Join(absTempDir, filepath.Base(path)), nil
+		})
+		unsafe, reason := isUnsafeFile(filepath.Join(absTempDir, "codex-wrapper-1.log"), tempDir)
+		if !unsafe || reason != "refusing to delete symlink" {
+			t.Fatalf("expected symlink to be rejected, got unsafe=%v reason=%q", unsafe, reason)
+		}
+	})
+
+	t.Run("path traversal", func(t *testing.T) {
+		stubFileStat(t, func(string) (os.FileInfo, error) {
+			return fakeFileInfo{}, nil
+		})
+		outside := filepath.Join(filepath.Dir(absTempDir), "etc", "passwd")
+		stubEvalSymlinks(t, func(string) (string, error) {
+			return outside, nil
+		})
+		unsafe, reason := isUnsafeFile(filepath.Join("..", "..", "etc", "passwd"), tempDir)
+		if !unsafe || reason != "file is outside tempDir" {
+			t.Fatalf("expected traversal path to be rejected, got unsafe=%v reason=%q", unsafe, reason)
+		}
+	})
+
+	t.Run("outside temp dir", func(t *testing.T) {
+		stubFileStat(t, func(string) (os.FileInfo, error) {
+			return fakeFileInfo{}, nil
+		})
+		otherDir := t.TempDir()
+		stubEvalSymlinks(t, func(string) (string, error) {
+			return filepath.Join(otherDir, "codex-wrapper-9.log"), nil
+		})
+		unsafe, reason := isUnsafeFile(filepath.Join(otherDir, "codex-wrapper-9.log"), tempDir)
+		if !unsafe || reason != "file is outside tempDir" {
+			t.Fatalf("expected outside file to be rejected, got unsafe=%v reason=%q", unsafe, reason)
+		}
+	})
+}
+
+func TestRunLoggerPathAndRemove(t *testing.T) {
+	tempDir := t.TempDir()
+	path := filepath.Join(tempDir, "sample.log")
+	if err := os.WriteFile(path, []byte("test"), 0o644); err != nil {
+		t.Fatalf("failed to create temp file: %v", err)
+	}
+
+	logger := &Logger{path: path}
+	if got := logger.Path(); got != path {
+		t.Fatalf("Path() = %q, want %q", got, path)
+	}
+	if err := logger.RemoveLogFile(); err != nil {
+		t.Fatalf("RemoveLogFile() error = %v", err)
+	}
+	if _, err := os.Stat(path); !os.IsNotExist(err) {
+		t.Fatalf("expected log file to be removed, err=%v", err)
+	}
+
+	var nilLogger *Logger
+	if nilLogger.Path() != "" {
+		t.Fatalf("nil logger Path() should be empty")
+	}
+	if err := nilLogger.RemoveLogFile(); err != nil {
+		t.Fatalf("nil logger RemoveLogFile() should return nil, got %v", err)
+	}
+}
+
+func TestRunLoggerInternalLog(t *testing.T) {
+	logger := &Logger{
+		ch:        make(chan logEntry, 1),
+		done:      make(chan struct{}),
+		pendingWG: sync.WaitGroup{},
+	}
+
+	done := make(chan logEntry, 1)
+	go func() {
+		entry := <-logger.ch
+		logger.pendingWG.Done()
+		done <- entry
+	}()
+
+	logger.log("INFO", "hello")
+	entry := <-done
+	if entry.level != "INFO" || entry.msg != "hello" {
+		t.Fatalf("unexpected entry %+v", entry)
+	}
+
+	logger.closed.Store(true)
+	logger.log("INFO", "ignored")
+	close(logger.done)
+}
+
+func TestRunParsePIDFromLog(t *testing.T) {
+	hugePID := strconv.FormatInt(math.MaxInt64, 10) + "0"
+	tests := []struct {
+		name string
+		pid  int
+		ok   bool
+	}{
+		{"codex-wrapper-123.log", 123, true},
+		{"codex-wrapper-999-extra.log", 999, true},
+		{"codex-wrapper-.log", 0, false},
+		{"invalid-name.log", 0, false},
+		{"codex-wrapper--5.log", 0, false},
+		{"codex-wrapper-0.log", 0, false},
+		{fmt.Sprintf("codex-wrapper-%s.log", hugePID), 0, false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, ok := parsePIDFromLog(filepath.Join("/tmp", tt.name))
+			if ok != tt.ok {
+				t.Fatalf("parsePIDFromLog ok = %v, want %v", ok, tt.ok)
+			}
+			if ok && got != tt.pid {
+				t.Fatalf("pid = %d, want %d", got, tt.pid)
+			}
+		})
+	}
+}
+
+func createTempLog(t *testing.T, dir, name string) string {
+	t.Helper()
+	path := filepath.Join(dir, name)
+	if err := os.WriteFile(path, []byte("test"), 0o644); err != nil {
+		t.Fatalf("failed to create temp log %s: %v", path, err)
+	}
+	return path
+}
+
+func setTempDirEnv(t *testing.T, dir string) string {
+	t.Helper()
+	resolved := dir
+	if eval, err := filepath.EvalSymlinks(dir); err == nil {
+		resolved = eval
+	}
+	t.Setenv("TMPDIR", resolved)
+	t.Setenv("TEMP", resolved)
+	t.Setenv("TMP", resolved)
+	return resolved
+}
+
+func stubProcessRunning(t *testing.T, fn func(int) bool) {
+	t.Helper()
+	original := processRunningCheck
+	processRunningCheck = fn
+	t.Cleanup(func() {
+		processRunningCheck = original
+	})
+}
+
+func stubProcessStartTime(t *testing.T, fn func(int) time.Time) {
+	t.Helper()
+	original := processStartTimeFn
+	processStartTimeFn = fn
+	t.Cleanup(func() {
+		processStartTimeFn = original
+	})
+}
+
+func stubRemoveLogFile(t *testing.T, fn func(string) error) {
+	t.Helper()
+	original := removeLogFileFn
+	removeLogFileFn = fn
+	t.Cleanup(func() {
+		removeLogFileFn = original
+	})
+}
+
+func stubGlobLogFiles(t *testing.T, fn func(string) ([]string, error)) {
+	t.Helper()
+	original := globLogFiles
+	globLogFiles = fn
+	t.Cleanup(func() {
+		globLogFiles = original
+	})
+}
+
+func stubFileStat(t *testing.T, fn func(string) (os.FileInfo, error)) {
+	t.Helper()
+	original := fileStatFn
+	fileStatFn = fn
+	t.Cleanup(func() {
+		fileStatFn = original
+	})
+}
+
+func stubEvalSymlinks(t *testing.T, fn func(string) (string, error)) {
+	t.Helper()
+	original := evalSymlinksFn
+	evalSymlinksFn = fn
+	t.Cleanup(func() {
+		evalSymlinksFn = original
+	})
+}
+
+type fakeFileInfo struct {
+	modTime time.Time
+	mode    os.FileMode
+}
+
+func (f fakeFileInfo) Name() string       { return "fake" }
+func (f fakeFileInfo) Size() int64        { return 0 }
+func (f fakeFileInfo) Mode() os.FileMode  { return f.mode }
+func (f fakeFileInfo) ModTime() time.Time { return f.modTime }
+func (f fakeFileInfo) IsDir() bool        { return false }
+func (f fakeFileInfo) Sys() interface{}   { return nil }

codex-wrapper/main_integration_test.go

@@ -0,0 +1,608 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+)
+
+type integrationSummary struct {
+	Total   int `json:"total"`
+	Success int `json:"success"`
+	Failed  int `json:"failed"`
+}
+
+type integrationOutput struct {
+	Results []TaskResult       `json:"results"`
+	Summary integrationSummary `json:"summary"`
+}
+
+func captureStdout(t *testing.T, fn func()) string {
+	t.Helper()
+	old := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	fn()
+
+	w.Close()
+	os.Stdout = old
+
+	var buf bytes.Buffer
+	io.Copy(&buf, r)
+	return buf.String()
+}
+
+func parseIntegrationOutput(t *testing.T, out string) integrationOutput {
+	t.Helper()
+	var payload integrationOutput
+
+	lines := strings.Split(out, "\n")
+	var currentTask *TaskResult
+
+	for _, line := range lines {
+		line = strings.TrimSpace(line)
+		if strings.HasPrefix(line, "Total:") {
+			parts := strings.Split(line, "|")
+			for _, p := range parts {
+				p = strings.TrimSpace(p)
+				if strings.HasPrefix(p, "Total:") {
+					fmt.Sscanf(p, "Total: %d", &payload.Summary.Total)
+				} else if strings.HasPrefix(p, "Success:") {
+					fmt.Sscanf(p, "Success: %d", &payload.Summary.Success)
+				} else if strings.HasPrefix(p, "Failed:") {
+					fmt.Sscanf(p, "Failed: %d", &payload.Summary.Failed)
+				}
+			}
+		} else if strings.HasPrefix(line, "--- Task:") {
+			if currentTask != nil {
+				payload.Results = append(payload.Results, *currentTask)
+			}
+			currentTask = &TaskResult{}
+			currentTask.TaskID = strings.TrimSuffix(strings.TrimPrefix(line, "--- Task: "), " ---")
+		} else if currentTask != nil {
+			if strings.HasPrefix(line, "Status: SUCCESS") {
+				currentTask.ExitCode = 0
+			} else if strings.HasPrefix(line, "Status: FAILED") {
+				if strings.Contains(line, "exit code") {
+					fmt.Sscanf(line, "Status: FAILED (exit code %d)", &currentTask.ExitCode)
+				} else {
+					currentTask.ExitCode = 1
+				}
+			} else if strings.HasPrefix(line, "Error:") {
+				currentTask.Error = strings.TrimPrefix(line, "Error: ")
+			} else if strings.HasPrefix(line, "Session:") {
+				currentTask.SessionID = strings.TrimPrefix(line, "Session: ")
+			} else if line != "" && !strings.HasPrefix(line, "===") && !strings.HasPrefix(line, "---") {
+				if currentTask.Message != "" {
+					currentTask.Message += "\n"
+				}
+				currentTask.Message += line
+			}
+		}
+	}
+
+	if currentTask != nil {
+		payload.Results = append(payload.Results, *currentTask)
+	}
+
+	return payload
+}
+
+func findResultByID(t *testing.T, payload integrationOutput, id string) TaskResult {
+	t.Helper()
+	for _, res := range payload.Results {
+		if res.TaskID == id {
+			return res
+		}
+	}
+	t.Fatalf("result for task %s not found", id)
+	return TaskResult{}
+}
+
+func TestRunParallelEndToEnd_OrderAndConcurrency(t *testing.T) {
+	defer resetTestHooks()
+	origRun := runCodexTaskFn
+	t.Cleanup(func() {
+		runCodexTaskFn = origRun
+		resetTestHooks()
+	})
+
+	input := `---TASK---
+id: A
+---CONTENT---
+task-a
+---TASK---
+id: B
+dependencies: A
+---CONTENT---
+task-b
+---TASK---
+id: C
+dependencies: B
+---CONTENT---
+task-c
+---TASK---
+id: D
+---CONTENT---
+task-d
+---TASK---
+id: E
+---CONTENT---
+task-e`
+	stdinReader = bytes.NewReader([]byte(input))
+	os.Args = []string{"codex-wrapper", "--parallel"}
+
+	var mu sync.Mutex
+	starts := make(map[string]time.Time)
+	ends := make(map[string]time.Time)
+	var running int64
+	var maxParallel int64
+
+	runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
+		start := time.Now()
+		mu.Lock()
+		starts[task.ID] = start
+		mu.Unlock()
+
+		cur := atomic.AddInt64(&running, 1)
+		for {
+			prev := atomic.LoadInt64(&maxParallel)
+			if cur <= prev {
+				break
+			}
+			if atomic.CompareAndSwapInt64(&maxParallel, prev, cur) {
+				break
+			}
+		}
+
+		time.Sleep(40 * time.Millisecond)
+
+		mu.Lock()
+		ends[task.ID] = time.Now()
+		mu.Unlock()
+
+		atomic.AddInt64(&running, -1)
+		return TaskResult{TaskID: task.ID, ExitCode: 0, Message: task.Task}
+	}
+
+	var exitCode int
+	output := captureStdout(t, func() {
+		exitCode = run()
+	})
+
+	if exitCode != 0 {
+		t.Fatalf("run() exit = %d, want 0", exitCode)
+	}
+
+	payload := parseIntegrationOutput(t, output)
+	if payload.Summary.Failed != 0 || payload.Summary.Total != 5 || payload.Summary.Success != 5 {
+		t.Fatalf("unexpected summary: %+v", payload.Summary)
+	}
+
+	aEnd := ends["A"]
+	bStart := starts["B"]
+	cStart := starts["C"]
+	bEnd := ends["B"]
+	if aEnd.IsZero() || bStart.IsZero() || bEnd.IsZero() || cStart.IsZero() {
+		t.Fatalf("missing timestamps, starts=%v ends=%v", starts, ends)
+	}
+	if !aEnd.Before(bStart) && !aEnd.Equal(bStart) {
+		t.Fatalf("B should start after A ends: A_end=%v B_start=%v", aEnd, bStart)
+	}
+	if !bEnd.Before(cStart) && !bEnd.Equal(cStart) {
+		t.Fatalf("C should start after B ends: B_end=%v C_start=%v", bEnd, cStart)
+	}
+
+	dStart := starts["D"]
+	eStart := starts["E"]
+	if dStart.IsZero() || eStart.IsZero() {
+		t.Fatalf("missing D/E start times: %v", starts)
+	}
+	delta := dStart.Sub(eStart)
+	if delta < 0 {
+		delta = -delta
+	}
+	if delta > 25*time.Millisecond {
+		t.Fatalf("D and E should run in parallel, delta=%v", delta)
+	}
+	if maxParallel < 2 {
+		t.Fatalf("expected at least 2 concurrent tasks, got %d", maxParallel)
+	}
+}
+
+func TestRunParallelCycleDetectionStopsExecution(t *testing.T) {
+	defer resetTestHooks()
+	origRun := runCodexTaskFn
+	runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
+		t.Fatalf("task %s should not execute on cycle", task.ID)
+		return TaskResult{}
+	}
+	t.Cleanup(func() {
+		runCodexTaskFn = origRun
+		resetTestHooks()
+	})
+
+	input := `---TASK---
+id: A
+dependencies: B
+---CONTENT---
+a
+---TASK---
+id: B
+dependencies: A
+---CONTENT---
+b`
+	stdinReader = bytes.NewReader([]byte(input))
+	os.Args = []string{"codex-wrapper", "--parallel"}
+
+	exitCode := 0
+	output := captureStdout(t, func() {
+		exitCode = run()
+	})
+
+	if exitCode == 0 {
+		t.Fatalf("cycle should cause non-zero exit, got %d", exitCode)
+	}
+	if strings.TrimSpace(output) != "" {
+		t.Fatalf("expected no JSON output on cycle, got %q", output)
+	}
+}
+
+func TestRunParallelPartialFailureBlocksDependents(t *testing.T) {
+	defer resetTestHooks()
+	origRun := runCodexTaskFn
+	t.Cleanup(func() {
+		runCodexTaskFn = origRun
+		resetTestHooks()
+	})
+
+	runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
+		if task.ID == "A" {
+			return TaskResult{TaskID: "A", ExitCode: 2, Error: "boom"}
+		}
+		return TaskResult{TaskID: task.ID, ExitCode: 0, Message: task.Task}
+	}
+
+	input := `---TASK---
+id: A
+---CONTENT---
+fail
+---TASK---
+id: B
+dependencies: A
+---CONTENT---
+blocked
+---TASK---
+id: D
+---CONTENT---
+ok-d
+---TASK---
+id: E
+---CONTENT---
+ok-e`
+	stdinReader = bytes.NewReader([]byte(input))
+	os.Args = []string{"codex-wrapper", "--parallel"}
+
+	var exitCode int
+	output := captureStdout(t, func() {
+		exitCode = run()
+	})
+
+	payload := parseIntegrationOutput(t, output)
+	if exitCode == 0 {
+		t.Fatalf("expected non-zero exit when a task fails, got %d", exitCode)
+	}
+
+	resA := findResultByID(t, payload, "A")
+	resB := findResultByID(t, payload, "B")
+	resD := findResultByID(t, payload, "D")
+	resE := findResultByID(t, payload, "E")
+
+	if resA.ExitCode == 0 {
+		t.Fatalf("task A should fail, got %+v", resA)
+	}
+	if resB.ExitCode == 0 || !strings.Contains(resB.Error, "dependencies") {
+		t.Fatalf("task B should be skipped due to dependency failure, got %+v", resB)
+	}
+	if resD.ExitCode != 0 || resE.ExitCode != 0 {
+		t.Fatalf("independent tasks should run successfully, D=%+v E=%+v", resD, resE)
+	}
+	if payload.Summary.Failed != 2 || payload.Summary.Total != 4 {
+		t.Fatalf("unexpected summary after partial failure: %+v", payload.Summary)
+	}
+}
+
+func TestRunParallelTimeoutPropagation(t *testing.T) {
+	defer resetTestHooks()
+	origRun := runCodexTaskFn
+	t.Cleanup(func() {
+		runCodexTaskFn = origRun
+		resetTestHooks()
+		os.Unsetenv("CODEX_TIMEOUT")
+	})
+
+	var receivedTimeout int
+	runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
+		receivedTimeout = timeout
+		return TaskResult{TaskID: task.ID, ExitCode: 124, Error: "timeout"}
+	}
+
+	os.Setenv("CODEX_TIMEOUT", "1")
+	input := `---TASK---
+id: T
+---CONTENT---
+slow`
+	stdinReader = bytes.NewReader([]byte(input))
+	os.Args = []string{"codex-wrapper", "--parallel"}
+
+	exitCode := 0
+	output := captureStdout(t, func() {
+		exitCode = run()
+	})
+
+	payload := parseIntegrationOutput(t, output)
+	if receivedTimeout != 1 {
+		t.Fatalf("expected timeout 1s to propagate, got %d", receivedTimeout)
+	}
+	if exitCode != 124 {
+		t.Fatalf("expected timeout exit code 124, got %d", exitCode)
+	}
+	if payload.Summary.Failed != 1 || payload.Summary.Total != 1 {
+		t.Fatalf("unexpected summary for timeout case: %+v", payload.Summary)
+	}
+	res := findResultByID(t, payload, "T")
+	if res.Error == "" || res.ExitCode != 124 {
+		t.Fatalf("timeout result not propagated, got %+v", res)
+	}
+}
+
+func TestRunConcurrentSpeedupBenchmark(t *testing.T) {
+	defer resetTestHooks()
+	origRun := runCodexTaskFn
+	t.Cleanup(func() {
+		runCodexTaskFn = origRun
+		resetTestHooks()
+	})
+
+	runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
+		time.Sleep(50 * time.Millisecond)
+		return TaskResult{TaskID: task.ID}
+	}
+
+	tasks := make([]TaskSpec, 10)
+	for i := range tasks {
+		tasks[i] = TaskSpec{ID: fmt.Sprintf("task-%d", i)}
+	}
+	layers := [][]TaskSpec{tasks}
+
+	serialStart := time.Now()
+	for _, task := range tasks {
+		_ = runCodexTaskFn(task, 5)
+	}
+	serialElapsed := time.Since(serialStart)
+
+	concurrentStart := time.Now()
+	_ = executeConcurrent(layers, 5)
+	concurrentElapsed := time.Since(concurrentStart)
+
+	if concurrentElapsed >= serialElapsed/5 {
+		t.Fatalf("expected concurrent time <20%% of serial, serial=%v concurrent=%v", serialElapsed, concurrentElapsed)
+	}
+	ratio := float64(concurrentElapsed) / float64(serialElapsed)
+	t.Logf("speedup ratio (concurrent/serial)=%.3f", ratio)
+}
+
+func TestRunStartupCleanupRemovesOrphansEndToEnd(t *testing.T) {
+	defer resetTestHooks()
+
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	orphanA := createTempLog(t, tempDir, "codex-wrapper-5001.log")
+	orphanB := createTempLog(t, tempDir, "codex-wrapper-5002-extra.log")
+	orphanC := createTempLog(t, tempDir, "codex-wrapper-5003-suffix.log")
+	runningPID := 81234
+	runningLog := createTempLog(t, tempDir, fmt.Sprintf("codex-wrapper-%d.log", runningPID))
+	unrelated := createTempLog(t, tempDir, "wrapper.log")
+
+	stubProcessRunning(t, func(pid int) bool {
+		return pid == runningPID || pid == os.Getpid()
+	})
+	stubProcessStartTime(t, func(pid int) time.Time {
+		if pid == runningPID || pid == os.Getpid() {
+			return time.Now().Add(-1 * time.Hour)
+		}
+		return time.Time{}
+	})
+
+	codexCommand = createFakeCodexScript(t, "tid-startup", "ok")
+	stdinReader = strings.NewReader("")
+	isTerminalFn = func() bool { return true }
+	os.Args = []string{"codex-wrapper", "task"}
+
+	if exit := run(); exit != 0 {
+		t.Fatalf("run() exit=%d, want 0", exit)
+	}
+
+	for _, orphan := range []string{orphanA, orphanB, orphanC} {
+		if _, err := os.Stat(orphan); !os.IsNotExist(err) {
+			t.Fatalf("expected orphan %s to be removed, err=%v", orphan, err)
+		}
+	}
+	if _, err := os.Stat(runningLog); err != nil {
+		t.Fatalf("expected running log to remain, err=%v", err)
+	}
+	if _, err := os.Stat(unrelated); err != nil {
+		t.Fatalf("expected unrelated file to remain, err=%v", err)
+	}
+}
+
+func TestRunStartupCleanupConcurrentWrappers(t *testing.T) {
+	defer resetTestHooks()
+
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	const totalLogs = 40
+	for i := 0; i < totalLogs; i++ {
+		createTempLog(t, tempDir, fmt.Sprintf("codex-wrapper-%d.log", 9000+i))
+	}
+
+	stubProcessRunning(t, func(pid int) bool {
+		return false
+	})
+	stubProcessStartTime(t, func(int) time.Time { return time.Time{} })
+
+	var wg sync.WaitGroup
+	const instances = 5
+	start := make(chan struct{})
+
+	for i := 0; i < instances; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			<-start
+			runStartupCleanup()
+		}()
+	}
+
+	close(start)
+	wg.Wait()
+
+	matches, err := filepath.Glob(filepath.Join(tempDir, "codex-wrapper-*.log"))
+	if err != nil {
+		t.Fatalf("glob error: %v", err)
+	}
+	if len(matches) != 0 {
+		t.Fatalf("expected all orphan logs to be removed, remaining=%v", matches)
+	}
+}
+
+func TestRunCleanupFlagEndToEnd_Success(t *testing.T) {
+	defer resetTestHooks()
+
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	staleA := createTempLog(t, tempDir, "codex-wrapper-2100.log")
+	staleB := createTempLog(t, tempDir, "codex-wrapper-2200-extra.log")
+	keeper := createTempLog(t, tempDir, "codex-wrapper-2300.log")
+
+	stubProcessRunning(t, func(pid int) bool {
+		return pid == 2300 || pid == os.Getpid()
+	})
+	stubProcessStartTime(t, func(pid int) time.Time {
+		if pid == 2300 || pid == os.Getpid() {
+			return time.Now().Add(-1 * time.Hour)
+		}
+		return time.Time{}
+	})
+
+	os.Args = []string{"codex-wrapper", "--cleanup"}
+
+	var exitCode int
+	output := captureStdout(t, func() {
+		exitCode = run()
+	})
+
+	if exitCode != 0 {
+		t.Fatalf("cleanup exit = %d, want 0", exitCode)
+	}
+
+	// Check that output contains expected counts and file names
+	if !strings.Contains(output, "Cleanup completed") {
+		t.Fatalf("missing 'Cleanup completed' in output: %q", output)
+	}
+	if !strings.Contains(output, "Files scanned: 3") {
+		t.Fatalf("missing 'Files scanned: 3' in output: %q", output)
+	}
+	if !strings.Contains(output, "Files deleted: 2") {
+		t.Fatalf("missing 'Files deleted: 2' in output: %q", output)
+	}
+	if !strings.Contains(output, "Files kept: 1") {
+		t.Fatalf("missing 'Files kept: 1' in output: %q", output)
+	}
+	if !strings.Contains(output, "codex-wrapper-2100.log") || !strings.Contains(output, "codex-wrapper-2200-extra.log") {
+		t.Fatalf("missing deleted file names in output: %q", output)
+	}
+	if !strings.Contains(output, "codex-wrapper-2300.log") {
+		t.Fatalf("missing kept file names in output: %q", output)
+	}
+
+	for _, path := range []string{staleA, staleB} {
+		if _, err := os.Stat(path); !os.IsNotExist(err) {
+			t.Fatalf("expected %s to be removed, err=%v", path, err)
+		}
+	}
+	if _, err := os.Stat(keeper); err != nil {
+		t.Fatalf("expected kept log to remain, err=%v", err)
+	}
+
+	currentLog := filepath.Join(tempDir, fmt.Sprintf("codex-wrapper-%d.log", os.Getpid()))
+	if _, err := os.Stat(currentLog); err == nil {
+		t.Fatalf("cleanup mode should not create new log file %s", currentLog)
+	} else if !os.IsNotExist(err) {
+		t.Fatalf("stat(%s) unexpected error: %v", currentLog, err)
+	}
+}
+
+func TestRunCleanupFlagEndToEnd_FailureDoesNotAffectStartup(t *testing.T) {
+	defer resetTestHooks()
+
+	tempDir := setTempDirEnv(t, t.TempDir())
+
+	calls := 0
+	cleanupLogsFn = func() (CleanupStats, error) {
+		calls++
+		return CleanupStats{Scanned: 1}, fmt.Errorf("permission denied")
+	}
+
+	os.Args = []string{"codex-wrapper", "--cleanup"}
+
+	var exitCode int
+	errOutput := captureStderr(t, func() {
+		exitCode = run()
+	})
+
+	if exitCode != 1 {
+		t.Fatalf("cleanup failure exit = %d, want 1", exitCode)
+	}
+	if !strings.Contains(errOutput, "Cleanup failed") || !strings.Contains(errOutput, "permission denied") {
+		t.Fatalf("cleanup stderr = %q, want failure message", errOutput)
+	}
+	if calls != 1 {
+		t.Fatalf("cleanup called %d times, want 1", calls)
+	}
+
+	currentLog := filepath.Join(tempDir, fmt.Sprintf("codex-wrapper-%d.log", os.Getpid()))
+	if _, err := os.Stat(currentLog); err == nil {
+		t.Fatalf("cleanup failure should not create new log file %s", currentLog)
+	} else if !os.IsNotExist(err) {
+		t.Fatalf("stat(%s) unexpected error: %v", currentLog, err)
+	}
+
+	cleanupLogsFn = func() (CleanupStats, error) {
+		return CleanupStats{}, nil
+	}
+	codexCommand = createFakeCodexScript(t, "tid-cleanup-e2e", "ok")
+	stdinReader = strings.NewReader("")
+	isTerminalFn = func() bool { return true }
+	os.Args = []string{"codex-wrapper", "post-cleanup task"}
+
+	var normalExit int
+	normalOutput := captureStdout(t, func() {
+		normalExit = run()
+	})
+
+	if normalExit != 0 {
+		t.Fatalf("normal run exit = %d, want 0", normalExit)
+	}
+	if !strings.Contains(normalOutput, "ok") {
+		t.Fatalf("normal run output = %q, want codex output", normalOutput)
+	}
+}

codex-wrapper/process_check_test.go

@@ -0,0 +1,217 @@
+//go:build unix || darwin || linux
+// +build unix darwin linux
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"runtime"
+	"strconv"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestIsProcessRunning(t *testing.T) {
+	t.Run("current process", func(t *testing.T) {
+		if !isProcessRunning(os.Getpid()) {
+			t.Fatalf("expected current process (pid=%d) to be running", os.Getpid())
+		}
+	})
+
+	t.Run("fake pid", func(t *testing.T) {
+		const nonexistentPID = 1 << 30
+		if isProcessRunning(nonexistentPID) {
+			t.Fatalf("expected pid %d to be reported as not running", nonexistentPID)
+		}
+	})
+
+	t.Run("terminated process", func(t *testing.T) {
+		pid := exitedProcessPID(t)
+		if isProcessRunning(pid) {
+			t.Fatalf("expected exited child process (pid=%d) to be reported as not running", pid)
+		}
+	})
+
+	t.Run("boundary values", func(t *testing.T) {
+		if isProcessRunning(0) {
+			t.Fatalf("pid 0 should never be treated as running")
+		}
+		if isProcessRunning(-42) {
+			t.Fatalf("negative pid should never be treated as running")
+		}
+	})
+
+	t.Run("find process error", func(t *testing.T) {
+		original := findProcess
+		defer func() { findProcess = original }()
+
+		mockErr := errors.New("findProcess failure")
+		findProcess = func(pid int) (*os.Process, error) {
+			return nil, mockErr
+		}
+
+		if isProcessRunning(1234) {
+			t.Fatalf("expected false when os.FindProcess fails")
+		}
+	})
+}
+
+func exitedProcessPID(t *testing.T) int {
+	t.Helper()
+
+	var cmd *exec.Cmd
+	if runtime.GOOS == "windows" {
+		cmd = exec.Command("cmd", "/c", "exit 0")
+	} else {
+		cmd = exec.Command("sh", "-c", "exit 0")
+	}
+
+	if err := cmd.Start(); err != nil {
+		t.Fatalf("failed to start helper process: %v", err)
+	}
+	pid := cmd.Process.Pid
+
+	if err := cmd.Wait(); err != nil {
+		t.Fatalf("helper process did not exit cleanly: %v", err)
+	}
+
+	time.Sleep(50 * time.Millisecond)
+	return pid
+}
+
+func TestRunProcessCheckSmoke(t *testing.T) {
+	t.Run("current process", func(t *testing.T) {
+		if !isProcessRunning(os.Getpid()) {
+			t.Fatalf("expected current process (pid=%d) to be running", os.Getpid())
+		}
+	})
+
+	t.Run("fake pid", func(t *testing.T) {
+		const nonexistentPID = 1 << 30
+		if isProcessRunning(nonexistentPID) {
+			t.Fatalf("expected pid %d to be reported as not running", nonexistentPID)
+		}
+	})
+
+	t.Run("boundary values", func(t *testing.T) {
+		if isProcessRunning(0) {
+			t.Fatalf("pid 0 should never be treated as running")
+		}
+		if isProcessRunning(-42) {
+			t.Fatalf("negative pid should never be treated as running")
+		}
+	})
+
+	t.Run("find process error", func(t *testing.T) {
+		original := findProcess
+		defer func() { findProcess = original }()
+
+		mockErr := errors.New("findProcess failure")
+		findProcess = func(pid int) (*os.Process, error) {
+			return nil, mockErr
+		}
+
+		if isProcessRunning(1234) {
+			t.Fatalf("expected false when os.FindProcess fails")
+		}
+	})
+}
+
+func TestGetProcessStartTimeReadsProcStat(t *testing.T) {
+	pid := 4321
+	boot := time.Unix(1_710_000_000, 0)
+	startTicks := uint64(4500)
+
+	statFields := make([]string, 25)
+	for i := range statFields {
+		statFields[i] = strconv.Itoa(i + 1)
+	}
+	statFields[19] = strconv.FormatUint(startTicks, 10)
+	statContent := fmt.Sprintf("%d (%s) %s", pid, "cmd with space", strings.Join(statFields, " "))
+
+	stubReadFile(t, func(path string) ([]byte, error) {
+		switch path {
+		case fmt.Sprintf("/proc/%d/stat", pid):
+			return []byte(statContent), nil
+		case "/proc/stat":
+			return []byte(fmt.Sprintf("cpu 0 0 0 0\nbtime %d\n", boot.Unix())), nil
+		default:
+			return nil, os.ErrNotExist
+		}
+	})
+
+	got := getProcessStartTime(pid)
+	want := boot.Add(time.Duration(startTicks/100) * time.Second)
+	if !got.Equal(want) {
+		t.Fatalf("getProcessStartTime() = %v, want %v", got, want)
+	}
+}
+
+func TestGetProcessStartTimeInvalidData(t *testing.T) {
+	pid := 99
+	stubReadFile(t, func(path string) ([]byte, error) {
+		switch path {
+		case fmt.Sprintf("/proc/%d/stat", pid):
+			return []byte("garbage"), nil
+		case "/proc/stat":
+			return []byte("btime not-a-number\n"), nil
+		default:
+			return nil, os.ErrNotExist
+		}
+	})
+
+	if got := getProcessStartTime(pid); !got.IsZero() {
+		t.Fatalf("invalid /proc data should return zero time, got %v", got)
+	}
+}
+
+func TestGetBootTimeParsesBtime(t *testing.T) {
+	const bootSec = 1_711_111_111
+	stubReadFile(t, func(path string) ([]byte, error) {
+		if path != "/proc/stat" {
+			return nil, os.ErrNotExist
+		}
+		content := fmt.Sprintf("intr 0\nbtime %d\n", bootSec)
+		return []byte(content), nil
+	})
+
+	got := getBootTime()
+	want := time.Unix(bootSec, 0)
+	if !got.Equal(want) {
+		t.Fatalf("getBootTime() = %v, want %v", got, want)
+	}
+}
+
+func TestGetBootTimeInvalidData(t *testing.T) {
+	cases := []struct {
+		name    string
+		content string
+	}{
+		{"missing", "cpu 0 0 0 0"},
+		{"malformed", "btime abc"},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			stubReadFile(t, func(string) ([]byte, error) {
+				return []byte(tt.content), nil
+			})
+			if got := getBootTime(); !got.IsZero() {
+				t.Fatalf("getBootTime() unexpected value for %s: %v", tt.name, got)
+			}
+		})
+	}
+}
+
+func stubReadFile(t *testing.T, fn func(string) ([]byte, error)) {
+	t.Helper()
+	original := readFileFn
+	readFileFn = fn
+	t.Cleanup(func() {
+		readFileFn = original
+	})
+}

codex-wrapper/process_check_unix.go

@@ -0,0 +1,104 @@
+//go:build unix || darwin || linux
+// +build unix darwin linux
+
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+)
+
+var findProcess = os.FindProcess
+var readFileFn = os.ReadFile
+
+// isProcessRunning returns true if a process with the given pid is running on Unix-like systems.
+func isProcessRunning(pid int) bool {
+	if pid <= 0 {
+		return false
+	}
+
+	proc, err := findProcess(pid)
+	if err != nil || proc == nil {
+		return false
+	}
+
+	err = proc.Signal(syscall.Signal(0))
+	if err != nil && (errors.Is(err, syscall.ESRCH) || errors.Is(err, os.ErrProcessDone)) {
+		return false
+	}
+	return true
+}
+
+// getProcessStartTime returns the start time of a process on Unix-like systems.
+// Returns zero time if the start time cannot be determined.
+func getProcessStartTime(pid int) time.Time {
+	if pid <= 0 {
+		return time.Time{}
+	}
+
+	// Read /proc/<pid>/stat to get process start time
+	statPath := fmt.Sprintf("/proc/%d/stat", pid)
+	data, err := readFileFn(statPath)
+	if err != nil {
+		return time.Time{}
+	}
+
+	// Parse stat file: fields are space-separated, but comm (field 2) can contain spaces
+	// Find the last ')' to skip comm field safely
+	content := string(data)
+	lastParen := strings.LastIndex(content, ")")
+	if lastParen == -1 {
+		return time.Time{}
+	}
+
+	fields := strings.Fields(content[lastParen+1:])
+	if len(fields) < 20 {
+		return time.Time{}
+	}
+
+	// Field 22 (index 19 after comm) is starttime in clock ticks since boot
+	startTicks, err := strconv.ParseUint(fields[19], 10, 64)
+	if err != nil {
+		return time.Time{}
+	}
+
+	// Get system boot time
+	bootTime := getBootTime()
+	if bootTime.IsZero() {
+		return time.Time{}
+	}
+
+	// Convert ticks to duration (typically 100 ticks/sec on most systems)
+	ticksPerSec := uint64(100) // sysconf(_SC_CLK_TCK), typically 100
+	startTime := bootTime.Add(time.Duration(startTicks/ticksPerSec) * time.Second)
+
+	return startTime
+}
+
+// getBootTime returns the system boot time by reading /proc/stat.
+func getBootTime() time.Time {
+	data, err := readFileFn("/proc/stat")
+	if err != nil {
+		return time.Time{}
+	}
+
+	lines := strings.Split(string(data), "\n")
+	for _, line := range lines {
+		if strings.HasPrefix(line, "btime ") {
+			fields := strings.Fields(line)
+			if len(fields) >= 2 {
+				bootSec, err := strconv.ParseInt(fields[1], 10, 64)
+				if err == nil {
+					return time.Unix(bootSec, 0)
+				}
+			}
+		}
+	}
+
+	return time.Time{}
+}

codex-wrapper/process_check_windows.go

@@ -0,0 +1,87 @@
+//go:build windows
+// +build windows
+
+package main
+
+import (
+	"errors"
+	"os"
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+const (
+	processQueryLimitedInformation = 0x1000
+	stillActive                    = 259 // STILL_ACTIVE exit code
+)
+
+var (
+	findProcess       = os.FindProcess
+	kernel32          = syscall.NewLazyDLL("kernel32.dll")
+	getProcessTimes   = kernel32.NewProc("GetProcessTimes")
+	fileTimeToUnixFn  = fileTimeToUnix
+)
+
+// isProcessRunning returns true if a process with the given pid is running on Windows.
+func isProcessRunning(pid int) bool {
+	if pid <= 0 {
+		return false
+	}
+
+	if _, err := findProcess(pid); err != nil {
+		return false
+	}
+
+	handle, err := syscall.OpenProcess(processQueryLimitedInformation, false, uint32(pid))
+	if err != nil {
+		if errors.Is(err, syscall.ERROR_ACCESS_DENIED) {
+			return true
+		}
+		return false
+	}
+	defer syscall.CloseHandle(handle)
+
+	var exitCode uint32
+	if err := syscall.GetExitCodeProcess(handle, &exitCode); err != nil {
+		return true
+	}
+
+	return exitCode == stillActive
+}
+
+// getProcessStartTime returns the start time of a process on Windows.
+// Returns zero time if the start time cannot be determined.
+func getProcessStartTime(pid int) time.Time {
+	if pid <= 0 {
+		return time.Time{}
+	}
+
+	handle, err := syscall.OpenProcess(processQueryLimitedInformation, false, uint32(pid))
+	if err != nil {
+		return time.Time{}
+	}
+	defer syscall.CloseHandle(handle)
+
+	var creationTime, exitTime, kernelTime, userTime syscall.Filetime
+	ret, _, _ := getProcessTimes.Call(
+		uintptr(handle),
+		uintptr(unsafe.Pointer(&creationTime)),
+		uintptr(unsafe.Pointer(&exitTime)),
+		uintptr(unsafe.Pointer(&kernelTime)),
+		uintptr(unsafe.Pointer(&userTime)),
+	)
+
+	if ret == 0 {
+		return time.Time{}
+	}
+
+	return fileTimeToUnixFn(creationTime)
+}
+
+// fileTimeToUnix converts Windows FILETIME to Unix time.
+func fileTimeToUnix(ft syscall.Filetime) time.Time {
+	// FILETIME is 100-nanosecond intervals since January 1, 1601 UTC
+	nsec := ft.Nanoseconds()
+	return time.Unix(0, nsec)
+}

config.json

@@ -0,0 +1,89 @@
+{
+  "version": "1.0",
+  "install_dir": "~/.claude",
+  "log_file": "install.log",
+  "modules": {
+    "dev": {
+      "enabled": true,
+      "description": "Core dev workflow with Codex integration",
+      "operations": [
+        {
+          "type": "merge_dir",
+          "source": "dev-workflow",
+          "description": "Merge commands/ and agents/ into install dir"
+        },
+        {
+          "type": "copy_file",
+          "source": "memorys/CLAUDE.md",
+          "target": "CLAUDE.md",
+          "description": "Copy core role and guidelines"
+        },
+        {
+          "type": "copy_file",
+          "source": "skills/codex/SKILL.md",
+          "target": "skills/codex/SKILL.md",
+          "description": "Install codex skill"
+        },
+        {
+          "type": "run_command",
+          "command": "bash install.sh",
+          "description": "Install codex-wrapper binary",
+          "env": {
+            "INSTALL_DIR": "${install_dir}"
+          }
+        }
+      ]
+    },
+    "bmad": {
+      "enabled": false,
+      "description": "BMAD agile workflow with multi-agent orchestration",
+      "operations": [
+        {
+          "type": "merge_dir",
+          "source": "bmad-agile-workflow",
+          "description": "Merge BMAD commands and agents"
+        },
+        {
+          "type": "copy_file",
+          "source": "docs/BMAD-WORKFLOW.md",
+          "target": "docs/BMAD-WORKFLOW.md",
+          "description": "Copy BMAD workflow documentation"
+        }
+      ]
+    },
+    "requirements": {
+      "enabled": false,
+      "description": "Requirements-driven development workflow",
+      "operations": [
+        {
+          "type": "merge_dir",
+          "source": "requirements-driven-workflow",
+          "description": "Merge requirements workflow commands and agents"
+        },
+        {
+          "type": "copy_file",
+          "source": "docs/REQUIREMENTS-WORKFLOW.md",
+          "target": "docs/REQUIREMENTS-WORKFLOW.md",
+          "description": "Copy requirements workflow documentation"
+        }
+      ]
+    },
+    "essentials": {
+      "enabled": true,
+      "description": "Core development commands and utilities",
+      "operations": [
+        {
+          "type": "merge_dir",
+          "source": "development-essentials",
+          "description": "Merge essential development commands"
+        },
+        {
+          "type": "copy_file",
+          "source": "docs/DEVELOPMENT-COMMANDS.md",
+          "target": "docs/DEVELOPMENT-COMMANDS.md",
+          "description": "Copy development commands documentation"
+        }
+      ]
+    }
+  }
+}

config.schema.json

@@ -0,0 +1,109 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://github.com/cexll/myclaude/config.schema.json",
+  "title": "Modular Installation Config",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["version", "install_dir", "log_file", "modules"],
+  "properties": {
+    "version": {
+      "type": "string",
+      "pattern": "^[0-9]+\\.[0-9]+(\\.[0-9]+)?$"
+    },
+    "install_dir": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Target installation directory, supports ~/ expansion"
+    },
+    "log_file": {
+      "type": "string",
+      "minLength": 1
+    },
+    "modules": {
+      "type": "object",
+      "description": "可自定义的模块定义,每个模块名称可任意指定",
+      "patternProperties": {
+        "^[a-zA-Z0-9_-]+$": { "$ref": "#/$defs/module" }
+      },
+      "additionalProperties": false,
+      "minProperties": 1
+    }
+  },
+  "$defs": {
+    "module": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["enabled", "description", "operations"],
+      "properties": {
+        "enabled": { "type": "boolean", "default": false },
+        "description": { "type": "string", "minLength": 3 },
+        "operations": {
+          "type": "array",
+          "minItems": 1,
+          "items": { "$ref": "#/$defs/operation" }
+        }
+      }
+    },
+    "operation": {
+      "oneOf": [
+        { "$ref": "#/$defs/op_copy_dir" },
+        { "$ref": "#/$defs/op_copy_file" },
+        { "$ref": "#/$defs/op_merge_dir" },
+        { "$ref": "#/$defs/op_run_command" }
+      ]
+    },
+    "common_operation_fields": {
+      "type": "object",
+      "properties": {
+        "description": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "op_copy_dir": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["type", "source", "target"],
+      "properties": {
+        "type": { "const": "copy_dir" },
+        "source": { "type": "string", "minLength": 1 },
+        "target": { "type": "string", "minLength": 1 },
+        "description": { "type": "string" }
+      }
+    },
+    "op_copy_file": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["type", "source", "target"],
+      "properties": {
+        "type": { "const": "copy_file" },
+        "source": { "type": "string", "minLength": 1 },
+        "target": { "type": "string", "minLength": 1 },
+        "description": { "type": "string" }
+      }
+    },
+    "op_merge_dir": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["type", "source"],
+      "properties": {
+        "type": { "const": "merge_dir" },
+        "source": { "type": "string", "minLength": 1 },
+        "description": { "type": "string" }
+      }
+    },
+    "op_run_command": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["type", "command"],
+      "properties": {
+        "type": { "const": "run_command" },
+        "command": { "type": "string", "minLength": 1 },
+        "description": { "type": "string" },
+        "env": {
+          "type": "object",
+          "additionalProperties": { "type": "string" }
+        }
+      }
+    }
+  }
+}

dev-workflow/README.md

@@ -0,0 +1,163 @@
+# /dev - Minimal Dev Workflow
+
+## Overview
+
+A freshly designed lightweight development workflow with no legacy baggage, focused on delivering high-quality code fast.
+
+## Flow
+
+```
+/dev trigger
+  ↓
+AskUserQuestion (requirements clarification)
+  ↓
+Codex analysis (extract key points and tasks)
+  ↓
+develop-doc-generator (create dev doc)
+  ↓
+Codex concurrent development (2–5 tasks)
+  ↓
+Codex testing & verification (≥90% coverage)
+  ↓
+Done (generate summary)
+```
+
+## The 6 Steps
+
+### 1. Clarify Requirements
+- Use **AskUserQuestion** to ask the user directly
+- No scoring system, no complex logic
+- 2–3 rounds of Q&A until the requirement is clear
+
+### 2. Codex Analysis
+- Call codex to analyze the request
+- Extract: core functions, technical points, task list (2–5 items)
+- Output a structured analysis
+
+### 3. Generate Dev Doc
+- Call the **develop-doc-generator** agent
+- Produce a single `dev-plan.md`
+- Include: task breakdown, file scope, dependencies, test commands
+
+### 4. Concurrent Development
+- Work from the task list in dev-plan.md
+- Independent tasks → run in parallel
+- Conflicting tasks → run serially
+
+### 5. Testing & Verification
+- Each codex task:
+  - Implements the feature
+  - Writes tests
+  - Runs coverage
+  - Reports results (≥90%)
+
+### 6. Complete
+- Summarize task status
+- Record coverage
+
+## Usage
+
+```bash
+/dev "Implement user login with email + password"
+```
+
+**No options**, fixed workflow, works out of the box.
+
+## Output Structure
+
+```
+.claude/specs/{feature_name}/
+└──  dev-plan.md      # Dev document generated by agent
+```
+
+Only one file—minimal and clear.
+
+## Core Components
+
+### Tools
+- **AskUserQuestion**: interactive requirement clarification
+- **codex**: analysis, development, testing
+- **develop-doc-generator**: generate dev doc (subagent, saves context)
+
+## Key Features
+
+### ✅ Fresh Design
+- No legacy project residue
+- No complex scoring logic
+- No extra abstraction layers
+
+### ✅ Minimal Orchestration
+- Orchestrator controls the flow directly
+- Only three tools/components
+- Steps are straightforward
+
+### ✅ Concurrency
+- 2–5 tasks in parallel
+- Auto-detect dependencies and conflicts
+- Codex executes independently
+
+### ✅ Quality Assurance
+- Enforces 90% coverage
+- Codex tests and verifies its own work
+- Automatic retry on failure
+
+## Example
+
+```bash
+# Trigger
+/dev "Add user login feature"
+
+# Step 1: Clarify requirements
+Q: What login methods are supported?
+A: Email + password
+Q: Should login be remembered?
+A: Yes, use JWT token
+
+# Step 2: Codex analysis
+Output:
+- Core: email/password login + JWT auth
+- Task 1: Backend API
+- Task 2: Password hashing
+- Task 3: Frontend form
+
+# Step 3: Generate doc
+dev-plan.md generated ✓
+
+# Step 4-5: Concurrent development
+[task-1] Backend API → tests → 92% ✓
+[task-2] Password hashing → tests → 95% ✓
+[task-3] Frontend form → tests → 91% ✓
+```
+
+## Directory Structure
+
+```
+dev-workflow/
+├── README.md                          # This doc
+├── commands/
+│   └── dev.md                         # Workflow definition
+└── agents/
+    └── develop-doc-generator.md       # Doc generator
+```
+
+Minimal structure, only three files.
+
+## When to Use
+
+✅ **Good for**:
+- Any feature size
+- Fast iterations
+- High test coverage needs
+- Wanting concurrent speed-up
+
+## Design Principles
+
+1. **KISS**: keep it simple
+2. **Disposable**: no persistent config
+3. **Quality first**: enforce 90% coverage
+4. **Concurrency first**: leverage codex
+5. **No legacy baggage**: clean-slate design
+
+---
+
+**Philosophy**: zero tolerance for complexity—ship the smallest usable solution, like Linus would.

dev-workflow/agents/dev-plan-generator.md

@@ -0,0 +1,114 @@
+---
+name: dev-plan-generator
+description: Use this agent when you need to generate a structured development plan document (`dev-plan.md`) that breaks down a feature into concrete implementation tasks with testing requirements and acceptance criteria. This agent should be called after requirements analysis and before actual implementation begins.\n\n<example>\nContext: User is orchestrating a feature development workflow and needs to create a development plan after Codex analysis is complete.\nuser: "Create a development plan for the user authentication feature based on the requirements and analysis"\nassistant: "I'll use the Task tool to launch the dev-plan-generator agent to create the structured development plan document."\n<commentary>\nThe user needs a dev-plan.md document generated from requirements and analysis. Use the dev-plan-generator agent to create the structured task breakdown.\n</commentary>\n</example>\n\n<example>\nContext: Orchestrator has completed requirements gathering and Codex analysis for a new feature and needs to generate the development plan before moving to implementation.\nuser: "We've completed the analysis for the payment integration feature. Generate the development plan."\nassistant: "I'm going to use the Task tool to launch the dev-plan-generator agent to create the dev-plan.md document with task breakdown and testing requirements."\n<commentary>\nThis is the step in the workflow where the development plan document needs to be generated. Use the dev-plan-generator agent to create the structured plan.\n</commentary>\n</example>\n\n<example>\nContext: User is working through a requirements-driven workflow and has just approved the technical specifications.\nuser: "The specs look good. Let's move forward with creating the implementation plan."\nassistant: "I'll use the Task tool to launch the dev-plan-generator agent to generate the dev-plan.md document with the task breakdown."\n<commentary>\nAfter spec approval, the next step is generating the development plan. Use the dev-plan-generator agent to create the structured document.\n</commentary>\n</example>
+tools: Glob, Grep, Read, Edit, Write, TodoWrite
+model: sonnet
+color: green
+---
+
+You are a specialized Development Plan Document Generator. Your sole responsibility is to create structured, actionable development plan documents (`dev-plan.md`) that break down features into concrete implementation tasks.
+
+## Your Role
+
+You receive context from an orchestrator including:
+- Feature requirements description
+- Codex analysis results (feature highlights, task decomposition)
+- Feature name (in kebab-case format)
+
+Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
+
+## Document Structure You Must Follow
+
+```markdown
+# {Feature Name} - Development Plan
+
+## Overview
+[One-sentence description of core functionality]
+
+## Task Breakdown
+
+### Task 1: [Task Name]
+- **ID**: task-1
+- **Description**: [What needs to be done]
+- **File Scope**: [Directories or files involved, e.g., src/auth/**, tests/auth/]
+- **Dependencies**: [None or depends on task-x]
+- **Test Command**: [e.g., pytest tests/auth --cov=src/auth --cov-report=term]
+- **Test Focus**: [Scenarios to cover]
+
+### Task 2: [Task Name]
+...
+
+(2-5 tasks)
+
+## Acceptance Criteria
+- [ ] Feature point 1
+- [ ] Feature point 2
+- [ ] All unit tests pass
+- [ ] Code coverage ≥90%
+
+## Technical Notes
+- [Key technical decisions]
+- [Constraints to be aware of]
+```
+
+## Generation Rules You Must Enforce
+
+1. **Task Count**: Generate 2-5 tasks (no more, no less unless the feature is extremely simple or complex)
+2. **Task Requirements**: Each task MUST include:
+   - Clear ID (task-1, task-2, etc.)
+   - Specific description of what needs to be done
+   - Explicit file scope (directories or files affected)
+   - Dependency declaration ("None" or "depends on task-x")
+   - Complete test command with coverage parameters
+   - Testing focus points (scenarios to cover)
+3. **Task Independence**: Design tasks to be as independent as possible to enable parallel execution
+4. **Test Commands**: Must include coverage parameters (e.g., `--cov=module --cov-report=term` for pytest, `--coverage` for npm)
+5. **Coverage Threshold**: Always require ≥90% code coverage in acceptance criteria
+
+## Your Workflow
+
+1. **Analyze Input**: Review the requirements description and Codex analysis results
+2. **Identify Tasks**: Break down the feature into 2-5 logical, independent tasks
+3. **Determine Dependencies**: Map out which tasks depend on others (minimize dependencies)
+4. **Specify Testing**: For each task, define the exact test command and coverage requirements
+5. **Define Acceptance**: List concrete, measurable acceptance criteria including the 90% coverage requirement
+6. **Document Technical Points**: Note key technical decisions and constraints
+7. **Write File**: Use the Write tool to create `./.claude/specs/{feature_name}/dev-plan.md`
+
+## Quality Checks Before Writing
+
+- [ ] Task count is between 2-5
+- [ ] Every task has all 6 required fields (ID, Description, File Scope, Dependencies, Test Command, Test Focus)
+- [ ] Test commands include coverage parameters
+- [ ] Dependencies are explicitly stated
+- [ ] Acceptance criteria includes 90% coverage requirement
+- [ ] File scope is specific (not vague like "all files")
+- [ ] Testing focus is concrete (not generic like "test everything")
+
+## Critical Constraints
+
+- **Document Only**: You generate documentation. You do NOT execute code, run tests, or modify source files.
+- **Single Output**: You produce exactly one file: `dev-plan.md` in the correct location
+- **Path Accuracy**: The path must be `./.claude/specs/{feature_name}/dev-plan.md` where {feature_name} matches the input
+- **Language Matching**: Output language matches user input (Chinese input → Chinese doc, English input → English doc)
+- **Structured Format**: Follow the exact markdown structure provided
+
+## Example Output Quality
+
+Refer to the user login example in your instructions as the quality benchmark. Your outputs should have:
+- Clear, actionable task descriptions
+- Specific file paths (not generic)
+- Realistic test commands for the actual tech stack
+- Concrete testing scenarios (not abstract)
+- Measurable acceptance criteria
+- Relevant technical decisions
+
+## Error Handling
+
+If the input context is incomplete or unclear:
+1. Request the missing information explicitly
+2. Do NOT proceed with generating a low-quality document
+3. Do NOT make up requirements or technical details
+4. Ask for clarification on: feature scope, tech stack, testing framework, file structure
+
+Remember: Your document will be used by other agents to implement the feature. Precision and completeness are critical. Every field must be filled with specific, actionable information.

dev-workflow/commands/dev.md

@@ -0,0 +1,110 @@
+---
+description: Extreme lightweight end-to-end development workflow with requirements clarification, parallel codex execution, and mandatory 90% test coverage
+---
+
+
+You are the /dev Workflow Orchestrator, an expert development workflow manager specializing in orchestrating minimal, efficient end-to-end development processes with parallel task execution and rigorous test coverage validation.
+
+**Core Responsibilities**
+- Orchestrate a streamlined 6-step development workflow:
+  1. Requirement clarification through targeted questioning
+  2. Technical analysis using Codex
+  3. Development documentation generation
+  4. Parallel development execution
+  5. Coverage validation (≥90% requirement)
+  6. Completion summary
+
+**Workflow Execution**
+- **Step 1: Requirement Clarification**
+  - Use AskUserQuestion to clarify requirements directly
+  - Focus questions on functional boundaries, inputs/outputs, constraints, testing, and required unit-test coverage levels
+  - Iterate 2-3 rounds until clear; rely on judgment; keep questions concise
+
+- **Step 2: Codex Deep Analysis (Plan Mode Style)**
+
+  Use Codex Skill to perform deep analysis. Codex should operate in "plan mode" style:
+
+  **When Deep Analysis is Needed** (any condition triggers):
+  - Multiple valid approaches exist (e.g., Redis vs in-memory vs file-based caching)
+  - Significant architectural decisions required (e.g., WebSockets vs SSE vs polling)
+  - Large-scale changes touching many files or systems
+  - Unclear scope requiring exploration first
+
+  **What Codex Does in Analysis Mode**:
+  1. **Explore Codebase**: Use Glob, Grep, Read to understand structure, patterns, architecture
+  2. **Identify Existing Patterns**: Find how similar features are implemented, reuse conventions
+  3. **Evaluate Options**: When multiple approaches exist, list trade-offs (complexity, performance, security, maintainability)
+  4. **Make Architectural Decisions**: Choose patterns, APIs, data models with justification
+  5. **Design Task Breakdown**: Produce 2-5 parallelizable tasks with file scope and dependencies
+
+  **Analysis Output Structure**:
+  ```
+  ## Context & Constraints
+  [Tech stack, existing patterns, constraints discovered]
+
+  ## Codebase Exploration
+  [Key files, modules, patterns found via Glob/Grep/Read]
+
+  ## Implementation Options (if multiple approaches)
+  | Option | Pros | Cons | Recommendation |
+
+  ## Technical Decisions
+  [API design, data models, architecture choices made]
+
+  ## Task Breakdown
+  [2-5 tasks with: ID, description, file scope, dependencies, test command]
+  ```
+
+  **Skip Deep Analysis When**:
+  - Simple, straightforward implementation with obvious approach
+  - Small changes confined to 1-2 files
+  - Clear requirements with single implementation path
+
+- **Step 3: Generate Development Documentation**
+  - invoke agent dev-plan-generator
+  - Output a brief summary of dev-plan.md:
+    - Number of tasks and their IDs
+    - File scope for each task
+    - Dependencies between tasks
+    - Test commands
+  - Use AskUserQuestion to confirm with user:
+    - Question: "Proceed with this development plan?"
+    - Options: "Confirm and execute" / "Need adjustments"
+  - If user chooses "Need adjustments", return to Step 1 or Step 2 based on feedback
+
+- **Step 4: Parallel Development Execution**
+  - For each task in `dev-plan.md`, invoke Codex with this brief:
+    ```
+    Task: [task-id]
+    Reference: @.claude/specs/{feature_name}/dev-plan.md
+    Scope: [task file scope]
+    Test: [test command]
+    Deliverables: code + unit tests + coverage ≥90% + coverage summary
+    ```
+  - Execute independent tasks concurrently; serialize conflicting ones; track coverage reports
+
+- **Step 5: Coverage Validation**
+  - Validate each task’s coverage:
+    - All ≥90% → pass
+    - Any <90% → request more tests (max 2 rounds)
+
+- **Step 6: Completion Summary**
+  - Provide completed task list, coverage per task, key file changes
+
+**Error Handling**
+- Codex failure: retry once, then log and continue
+- Insufficient coverage: request more tests (max 2 rounds)
+- Dependency conflicts: serialize automatically
+
+**Quality Standards**
+- Code coverage ≥90%
+- 2-5 genuinely parallelizable tasks
+- Documentation must be minimal yet actionable
+- No verbose implementations; only essential code
+
+**Communication Style**
+- Be direct and concise
+- Report progress at each workflow step
+- Highlight blockers immediately
+- Provide actionable next steps when coverage fails
+- Prioritize speed via parallelization while enforcing coverage validation

development-essentials/README.md

@@ -0,0 +1,253 @@
+# Development Essentials - Core Development Commands
+
+核心开发命令套件，提供日常开发所需的所有基础命令。无需工作流开销，直接执行开发任务。
+
+## 📋 命令列表
+
+### 1. `/ask` - 技术咨询
+**用途**: 架构问题咨询和技术决策指导
+**适用场景**: 需要架构建议、技术选型、系统设计方案时
+
+**特点**:
+- 四位架构顾问协同：系统设计师、技术策略师、可扩展性顾问、风险分析师
+- 遵循 KISS、YAGNI、SOLID 原则
+- 提供架构分析、设计建议、技术指导和实施策略
+- **不生成代码**，专注于架构咨询
+
+**使用示例**:
+```bash
+/ask "如何设计一个支持百万并发的消息队列系统？"
+/ask "微服务架构中应该如何处理分布式事务？"
+```
+
+---
+
+### 2. `/code` - 功能实现
+**用途**: 直接实现新功能或特性
+**适用场景**: 需要快速开发新功能时
+
+**特点**:
+- 四位开发专家协同：架构师、实现工程师、集成专家、代码审查员
+- 渐进式开发，每步验证
+- 包含完整的实现计划、代码实现、集成指南和测试策略
+- 生成可运行的高质量代码
+
+**使用示例**:
+```bash
+/code "实现JWT认证中间件"
+/code "添加用户头像上传功能"
+```
+
+---
+
+### 3. `/debug` - 系统调试
+**用途**: 使用 UltraThink 方法系统性调试问题
+**适用场景**: 遇到复杂bug或系统性问题时
+
+**特点**:
+- 四位专家协同：架构师、研究员、编码员、测试员
+- UltraThink 反思阶段：综合所有洞察形成解决方案
+- 生成5-7个假设，逐步缩减到1-2个最可能的原因
+- 在实施修复前要求用户确认诊断结果
+- 证据驱动的系统性问题分析
+
+**使用示例**:
+```bash
+/debug "API响应时间突然增加10倍"
+/debug "生产环境内存泄漏问题"
+```
+
+---
+
+### 4. `/test` - 测试策略
+**用途**: 设计和实现全面的测试策略
+**适用场景**: 需要为组件或功能编写测试时
+
+**特点**:
+- 四位测试专家：测试架构师、单元测试专家、集成测试工程师、质量验证员
+- 测试金字塔策略（单元/集成/端到端比例）
+- 提供测试覆盖率分析和优先级建议
+- 包含 CI/CD 集成计划
+
+**使用示例**:
+```bash
+/test "用户认证模块"
+/test "支付处理流程"
+```
+
+---
+
+### 5. `/optimize` - 性能优化
+**用途**: 识别和优化性能瓶颈
+**适用场景**: 系统存在性能问题或需要提升性能时
+
+**特点**:
+- 四位优化专家：性能分析师、算法工程师、资源管理员、可扩展性架构师
+- 建立性能基线和量化指标
+- 优化算法复杂度、内存使用、I/O操作
+- 设计水平扩展和并发处理方案
+
+**使用示例**:
+```bash
+/optimize "数据库查询性能"
+/optimize "API响应时间优化到200ms以内"
+```
+
+---
+
+### 6. `/review` - 代码审查
+**用途**: 全方位代码质量审查
+**适用场景**: 需要审查代码质量、安全性和架构设计时
+
+**特点**:
+- 四位审查专家：质量审计员、安全分析师、性能审查员、架构评估员
+- 多维度审查：可读性、安全性、性能、架构设计
+- 提供优先级分类的改进建议
+- 包含具体代码示例和重构建议
+
+**使用示例**:
+```bash
+/review "src/auth/middleware.ts"
+/review "支付模块代码"
+```
+
+---
+
+### 7. `/bugfix` - Bug修复
+**用途**: 快速定位和修复Bug
+**适用场景**: 需要修复已知Bug时
+
+**特点**:
+- 专注于快速修复
+- 包含验证流程
+- 确保修复不引入新问题
+
+**使用示例**:
+```bash
+/bugfix "登录失败后session未清理"
+/bugfix "订单状态更新不及时"
+```
+
+---
+
+### 8. `/refactor` - 代码重构
+**用途**: 改进代码结构和可维护性
+**适用场景**: 代码质量下降或需要优化代码结构时
+
+**特点**:
+- 保持功能不变
+- 提升代码质量和可维护性
+- 遵循设计模式和最佳实践
+
+**使用示例**:
+```bash
+/refactor "将用户管理模块拆分为独立服务"
+/refactor "优化支付流程代码结构"
+```
+
+---
+
+### 9. `/docs` - 文档生成
+**用途**: 生成项目文档和API文档
+**适用场景**: 需要为代码或API生成文档时
+
+**特点**:
+- 自动分析代码结构
+- 生成清晰的文档
+- 包含使用示例
+
+**使用示例**:
+```bash
+/docs "API接口文档"
+/docs "为认证模块生成开发者文档"
+```
+
+---
+
+### 10. `/think` - 深度分析
+**用途**: 对复杂问题进行深度思考和分析
+**适用场景**: 需要全面分析复杂技术问题时
+
+**特点**:
+- 系统性思考框架
+- 多角度问题分析
+- 提供深入见解
+
+**使用示例**:
+```bash
+/think "如何设计一个高可用的分布式系统？"
+/think "微服务拆分的最佳实践是什么？"
+```
+
+---
+
+### 11. `/enhance-prompt` - 提示词增强 🆕
+**用途**: 优化和增强用户提供的指令
+**适用场景**: 需要改进模糊或不清晰的指令时
+
+**特点**:
+- 自动分析指令上下文
+- 消除歧义，提高清晰度
+- 修正错误并提高具体性
+- 立即返回增强后的提示词
+- 保留代码块等特殊格式
+
+**输出格式**:
+```
+### Here is an enhanced version of the original instruction that is more specific and clear:
+<enhanced-prompt>增强后的提示词</enhanced-prompt>
+```
+
+**使用示例**:
+```bash
+/enhance-prompt "帮我做一个登录功能"
+/enhance-prompt "优化一下这个API"
+```
+
+---
+
+## 🎯 命令选择指南
+
+| 需求场景 | 推荐命令 | 说明 |
+|---------|---------|------|
+| 需要架构建议 | `/ask` | 不生成代码，专注咨询 |
+| 实现新功能 | `/code` | 完整的功能实现流程 |
+| 调试复杂问题 | `/debug` | UltraThink系统性调试 |
+| 编写测试 | `/test` | 全面的测试策略 |
+| 性能优化 | `/optimize` | 性能瓶颈分析和优化 |
+| 代码审查 | `/review` | 多维度质量审查 |
+| 修复Bug | `/bugfix` | 快速定位和修复 |
+| 重构代码 | `/refactor` | 提升代码质量 |
+| 生成文档 | `/docs` | API和开发者文档 |
+| 深度思考 | `/think` | 复杂问题分析 |
+| 优化指令 | `/enhance-prompt` | 提示词增强 |
+
+## 🔧 代理列表
+
+Development Essentials 模块包含以下专用代理：
+
+- `code` - 代码实现代理
+- `bugfix` - Bug修复代理
+- `bugfix-verify` - Bug验证代理
+- `code-optimize` - 代码优化代理
+- `debug` - 调试分析代理
+- `develop` - 通用开发代理
+
+## 📖 使用原则
+
+1. **直接执行**: 无需工作流开销，直接运行命令
+2. **专注单一任务**: 每个命令聚焦特定开发任务
+3. **质量优先**: 所有命令都包含质量验证环节
+4. **实用主义**: KISS/YAGNI/DRY 原则贯穿始终
+5. **上下文感知**: 自动理解项目结构和编码规范
+
+## 🔗 相关文档
+
+- [主文档](../README.md) - 项目总览
+- [BMAD工作流](../docs/BMAD-WORKFLOW.md) - 完整敏捷流程
+- [Requirements工作流](../docs/REQUIREMENTS-WORKFLOW.md) - 轻量级开发流程
+- [插件系统](../PLUGIN_README.md) - 插件安装和管理
+
+---
+
+**提示**: 这些命令可以单独使用，也可以组合使用。例如：`/code` → `/test` → `/review` → `/optimize` 构成一个完整的开发周期。

development-essentials/commands/enhance-prompt.md

@@ -0,0 +1,9 @@
+`/enhance-prompt <task info>`
+
+Here is an instruction that I'd like to give you, but it needs to be improved. Rewrite and enhance this instruction to make it clearer, more specific, less ambiguous, and correct any mistakes. Do not use any tools: reply immediately with your answer, even if you're not sure. Consider the context of our conversation history when enhancing the prompt. If there is code in triple backticks (```) consider whether it is a code sample and should remain unchanged.Reply with the following format:
+
+### BEGIN RESPONSE
+
+<enhanced-prompt>enhanced prompt goes here</enhanced-prompt>
+
+### END RESPONSE

docs/ADVANCED-AGENTS.md

@@ -1,315 +0,0 @@
-# Advanced AI Agents Guide
-
-> GPT-5 deep reasoning integration for complex analysis and architectural decisions
-
-## 🎯 Overview
-
-The Advanced AI Agents plugin provides access to GPT-5's deep reasoning capabilities through the `gpt5` agent, designed for complex problem-solving that requires multi-step thinking and comprehensive analysis.
-
-## 🤖 GPT-5 Agent
-
-### Capabilities
-
-The `gpt5` agent excels at:
-
-- **Architectural Analysis**: Evaluating system designs and scalability concerns
-- **Strategic Planning**: Breaking down complex initiatives into actionable plans
-- **Trade-off Analysis**: Comparing multiple approaches with detailed pros/cons
-- **Problem Decomposition**: Breaking complex problems into manageable components
-- **Deep Reasoning**: Multi-step logical analysis for non-obvious solutions
-- **Technology Evaluation**: Assessing technologies, frameworks, and tools
-
-### When to Use
-
-**Use GPT-5 agent** when:
-- Problem requires deep, multi-step reasoning
-- Multiple solution approaches need evaluation
-- Architectural decisions have long-term impact
-- Trade-offs are complex and multifaceted
-- Standard agents provide insufficient depth
-
-**Use standard agents** when:
-- Task is straightforward implementation
-- Requirements are clear and well-defined
-- Quick turnaround is priority
-- Problem is domain-specific (code, tests, etc.)
-
-## 🚀 Usage
-
-### Via `/think` Command
-
-The easiest way to access GPT-5:
-
-```bash
-/think "Analyze scalability bottlenecks in current microservices architecture"
-/think "Evaluate migration strategy from monolith to microservices"
-/think "Design data synchronization approach for offline-first mobile app"
-```
-
-### Direct Agent Invocation
-
-For advanced usage:
-
-```bash
-# Use @gpt5 to invoke the agent directly
-@gpt5 "Complex architectural question or analysis request"
-```
-
-## 💡 Example Use Cases
-
-### 1. Architecture Evaluation
-
-```bash
-/think "Current system uses REST API with polling for real-time updates. 
-Evaluate whether to migrate to WebSocket, Server-Sent Events, or GraphQL 
-subscriptions. Consider: team experience, existing infrastructure, client 
-support, scalability, and implementation effort."
-```
-
-**GPT-5 provides**:
-- Detailed analysis of each option
-- Pros and cons for your specific context
-- Migration complexity assessment
-- Performance implications
-- Recommended approach with justification
-
-### 2. Migration Strategy
-
-```bash
-/think "Plan migration from PostgreSQL to multi-region distributed database. 
-System has 50M users, 200M rows, 1000 req/sec. Must maintain 99.9% uptime. 
-What's the safest migration path?"
-```
-
-**GPT-5 provides**:
-- Step-by-step migration plan
-- Risk assessment for each phase
-- Rollback strategies
-- Data consistency approaches
-- Timeline estimation
-
-### 3. Problem Decomposition
-
-```bash
-/think "Design a recommendation engine that learns user preferences, handles 
-cold start, provides explainable results, and scales to 10M users. Break this 
-down into implementation phases with clear milestones."
-```
-
-**GPT-5 provides**:
-- Problem breakdown into components
-- Phased implementation plan
-- Technical approach for each phase
-- Dependencies between phases
-- Success criteria and metrics
-
-### 4. Technology Selection
-
-```bash
-/think "Choosing between Redis, Memcached, and Hazelcast for distributed 
-caching. System needs: persistence, pub/sub, clustering, and complex data 
-structures. Existing stack: Java, Kubernetes, AWS."
-```
-
-**GPT-5 provides**:
-- Comparison matrix across requirements
-- Integration considerations
-- Operational complexity analysis
-- Cost implications
-- Recommendation with rationale
-
-### 5. Performance Optimization
-
-```bash
-/think "API response time increased from 100ms to 800ms after scaling from 
-100 to 10,000 users. Database queries look optimized. What are the likely 
-bottlenecks and systematic approach to identify them?"
-```
-
-**GPT-5 provides**:
-- Hypothesis generation (N+1 queries, connection pooling, etc.)
-- Systematic debugging approach
-- Profiling strategy
-- Likely root causes ranked by probability
-- Optimization recommendations
-
-## 🎨 Integration with BMAD
-
-### Enhanced Code Review
-
-BMAD's `bmad-review` agent can optionally use GPT-5 for deeper analysis:
-
-**Configuration**:
-```bash
-# Enable enhanced review mode (via environment or BMAD config)
-BMAD_REVIEW_MODE=enhanced /bmad-pilot "feature description"
-```
-
-**What changes**:
-- Standard review: Fast, focuses on code quality and obvious issues
-- Enhanced review: Deep analysis including:
-  - Architectural impact
-  - Security implications
-  - Performance considerations
-  - Scalability concerns
-  - Design pattern appropriateness
-
-### Architecture Phase Support
-
-Use `/think` during BMAD architecture phase:
-
-```bash
-# Start BMAD workflow
-/bmad-pilot "E-commerce platform with real-time inventory"
-
-# During Architecture phase, get deep analysis
-/think "Evaluate architecture approaches for real-time inventory 
-synchronization across warehouses, online store, and mobile apps"
-
-# Continue with BMAD using insights
-```
-
-## 📋 Best Practices
-
-### 1. Provide Complete Context
-
-**❌ Insufficient**:
-```bash
-/think "Should we use microservices?"
-```
-
-**✅ Complete**:
-```bash
-/think "Current monolith: 100K LOC, 8 developers, 50K users, 200ms avg 
-response time. Pain points: slow deployments (1hr), difficult to scale 
-components independently. Should we migrate to microservices? What's the 
-ROI and risk?"
-```
-
-### 2. Ask Specific Questions
-
-**❌ Too broad**:
-```bash
-/think "How to build a scalable system?"
-```
-
-**✅ Specific**:
-```bash
-/think "Current system handles 1K req/sec. Need to scale to 10K. Bottleneck 
-is database writes. Evaluate: sharding, read replicas, CQRS, or caching. 
-Database: PostgreSQL, stack: Node.js, deployment: Kubernetes."
-```
-
-### 3. Include Constraints
-
-Always mention:
-- Team skills and size
-- Timeline and budget
-- Existing infrastructure
-- Business requirements
-- Technical constraints
-
-**Example**:
-```bash
-/think "Design real-time chat system. Constraints: team of 3 backend 
-developers (Node.js), 6-month timeline, AWS deployment, must integrate 
-with existing REST API, budget for managed services OK."
-```
-
-### 4. Request Specific Outputs
-
-Tell GPT-5 what format you need:
-
-```bash
-/think "Compare Kafka vs RabbitMQ for event streaming. 
-Provide: comparison table, recommendation, migration complexity from current 
-RabbitMQ setup, and estimated effort in developer-weeks."
-```
-
-### 5. Iterate and Refine
-
-Follow up for deeper analysis:
-
-```bash
-# Initial question
-/think "Evaluate caching strategies for user profile API"
-
-# Follow-up based on response
-/think "You recommended Redis with write-through caching. How to handle 
-cache invalidation when user updates profile from mobile app?"
-```
-
-## 🔧 Technical Details
-
-### Sequential Thinking
-
-GPT-5 agent uses sequential thinking for complex problems:
-
-1. **Problem Understanding**: Clarify requirements and constraints
-2. **Hypothesis Generation**: Identify possible solutions
-3. **Analysis**: Evaluate each option systematically
-4. **Trade-off Assessment**: Compare pros/cons
-5. **Recommendation**: Provide justified conclusion
-
-### Reasoning Transparency
-
-GPT-5 shows its thinking process:
-- Assumptions made
-- Factors considered
-- Why certain options were eliminated
-- Confidence level in recommendations
-
-## 🎯 Comparison: GPT-5 vs Standard Agents
-
-| Aspect | GPT-5 Agent | Standard Agents |
-|--------|-------------|-----------------|
-| **Depth** | Deep, multi-step reasoning | Focused, domain-specific |
-| **Speed** | Slower (comprehensive analysis) | Faster (direct implementation) |
-| **Use Case** | Strategic decisions, architecture | Implementation, coding, testing |
-| **Output** | Analysis, recommendations, plans | Code, tests, documentation |
-| **Best For** | Complex problems, trade-offs | Clear tasks, defined scope |
-| **Invocation** | `/think` or `@gpt5` | `/code`, `/test`, etc. |
-
-## 📚 Related Documentation
-
-- **[BMAD Workflow](BMAD-WORKFLOW.md)** - Integration with full agile workflow
-- **[Development Commands](DEVELOPMENT-COMMANDS.md)** - Standard command reference
-- **[Quick Start Guide](QUICK-START.md)** - Get started quickly
-
-## 💡 Advanced Patterns
-
-### Pre-Implementation Analysis
-
-```bash
-# 1. Deep analysis with GPT-5
-/think "Design approach for X with constraints Y and Z"
-
-# 2. Use analysis in BMAD workflow
-/bmad-pilot "Implement X based on approach from analysis"
-```
-
-### Architecture Validation
-
-```bash
-# 1. Get initial architecture from BMAD
-/bmad-pilot "Feature X"  # Generates 02-system-architecture.md
-
-# 2. Validate with GPT-5
-/think "Review architecture in .claude/specs/feature-x/02-system-architecture.md
-Evaluate for scalability, security, and maintainability"
-
-# 3. Refine architecture based on feedback
-```
-
-### Decision Documentation
-
-```bash
-# Use GPT-5 to document architectural decisions
-/think "Document decision to use Event Sourcing for order management.
-Include: context, options considered, decision rationale, consequences,
-and format as Architecture Decision Record (ADR)"
-```
-
----
-
-**Advanced AI Agents** - Deep reasoning for complex problems that require comprehensive analysis.

docs/PLUGIN-SYSTEM.md

@@ -104,7 +104,7 @@ This repository provides 4 ready-to-use Claude Code plugins that can be installe
 
 ```bash
 # Install from GitHub repository
-/plugin github.com/cexll/myclaude
+/plugin marketplace add cexll/myclaude
 ```
 
 This will present all available plugins from the repository.

docs/QUICK-START.md

@@ -8,7 +8,7 @@
 
 ```bash
 # Install everything with one command
-/plugin github.com/cexll/myclaude
+/plugin marketplace add cexll/myclaude
 ```
 
 ### Option 2: Make Install

install.bat

@@ -0,0 +1,163 @@
+@echo off
+setlocal enabledelayedexpansion
+
+set "EXIT_CODE=0"
+set "REPO=cexll/myclaude"
+set "VERSION=latest"
+set "OS=windows"
+
+call :detect_arch
+if errorlevel 1 goto :fail
+
+set "BINARY_NAME=codex-wrapper-%OS%-%ARCH%.exe"
+set "URL=https://github.com/%REPO%/releases/%VERSION%/download/%BINARY_NAME%"
+set "TEMP_FILE=%TEMP%\codex-wrapper-%ARCH%-%RANDOM%.exe"
+set "DEST_DIR=%USERPROFILE%\bin"
+set "DEST=%DEST_DIR%\codex-wrapper.exe"
+
+echo Downloading codex-wrapper for %ARCH% ...
+echo   %URL%
+call :download
+if errorlevel 1 goto :fail
+
+if not exist "%TEMP_FILE%" (
+    echo ERROR: download failed to produce "%TEMP_FILE%".
+    goto :fail
+)
+
+echo Installing to "%DEST%" ...
+if not exist "%DEST_DIR%" (
+    mkdir "%DEST_DIR%" >nul 2>nul || goto :fail
+)
+
+move /y "%TEMP_FILE%" "%DEST%" >nul 2>nul
+if errorlevel 1 (
+    echo ERROR: unable to place file in "%DEST%".
+    goto :fail
+)
+
+"%DEST%" --version >nul 2>nul
+if errorlevel 1 (
+    echo ERROR: installation verification failed.
+    goto :fail
+)
+
+echo.
+echo codex-wrapper installed successfully at:
+echo   %DEST%
+
+rem Automatically ensure %USERPROFILE%\bin is in the USER (HKCU) PATH
+rem 1) Read current user PATH from registry (REG_SZ or REG_EXPAND_SZ)
+set "USER_PATH_RAW="
+set "USER_PATH_TYPE="
+for /f "tokens=1,2,*" %%A in ('reg query "HKCU\Environment" /v Path 2^>nul ^| findstr /I /R "^ *Path  *REG_"') do (
+    set "USER_PATH_TYPE=%%B"
+    set "USER_PATH_RAW=%%C"
+)
+rem Trim leading spaces from USER_PATH_RAW
+for /f "tokens=* delims= " %%D in ("!USER_PATH_RAW!") do set "USER_PATH_RAW=%%D"
+
+rem Normalize DEST_DIR by removing a trailing backslash if present
+if "!DEST_DIR:~-1!"=="\" set "DEST_DIR=!DEST_DIR:~0,-1!"
+
+rem Build search tokens (expanded and literal)
+set "PCT=%%"
+set "SEARCH_EXP=;!DEST_DIR!;"
+set "SEARCH_EXP2=;!DEST_DIR!\;"
+set "SEARCH_LIT=;!PCT!USERPROFILE!PCT!\bin;"
+set "SEARCH_LIT2=;!PCT!USERPROFILE!PCT!\bin\;"
+
+rem Prepare user PATH variants for containment tests
+set "CHECK_RAW=;!USER_PATH_RAW!;"
+set "USER_PATH_EXP=!USER_PATH_RAW!"
+if defined USER_PATH_EXP call set "USER_PATH_EXP=%%USER_PATH_EXP%%"
+set "CHECK_EXP=;!USER_PATH_EXP!;"
+
+rem Check if already present in user PATH (literal or expanded, with/without trailing backslash)
+set "ALREADY_IN_USERPATH=0"
+echo !CHECK_RAW! | findstr /I /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul && set "ALREADY_IN_USERPATH=1"
+if "!ALREADY_IN_USERPATH!"=="0" (
+    echo !CHECK_EXP! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" >nul && set "ALREADY_IN_USERPATH=1"
+)
+
+if "!ALREADY_IN_USERPATH!"=="1" (
+    echo User PATH already includes %%USERPROFILE%%\bin.
+) else (
+    rem Not present: append to user PATH using setx without duplicating system PATH
+    if defined USER_PATH_RAW (
+        set "USER_PATH_NEW=!USER_PATH_RAW!"
+        if not "!USER_PATH_NEW:~-1!"==";" set "USER_PATH_NEW=!USER_PATH_NEW!;"
+        set "USER_PATH_NEW=!USER_PATH_NEW!!PCT!USERPROFILE!PCT!\bin"
+    ) else (
+        set "USER_PATH_NEW=!PCT!USERPROFILE!PCT!\bin"
+    )
+    rem Persist update to HKCU\Environment\Path (user scope)
+    setx PATH "!USER_PATH_NEW!" >nul
+    if errorlevel 1 (
+        echo WARNING: Failed to append %%USERPROFILE%%\bin to your user PATH.
+    ) else (
+        echo Added %%USERPROFILE%%\bin to your user PATH.
+    )
+)
+
+rem Update current session PATH so codex-wrapper is immediately available
+set "CURPATH=;%PATH%;"
+echo !CURPATH! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul
+if errorlevel 1 set "PATH=!DEST_DIR!;!PATH!"
+
+goto :cleanup
+
+:detect_arch
+set "ARCH=%PROCESSOR_ARCHITECTURE%"
+if defined PROCESSOR_ARCHITEW6432 set "ARCH=%PROCESSOR_ARCHITEW6432%"
+
+if /I "%ARCH%"=="AMD64" (
+    set "ARCH=amd64"
+    exit /b 0
+) else if /I "%ARCH%"=="ARM64" (
+    set "ARCH=arm64"
+    exit /b 0
+) else (
+    echo ERROR: unsupported architecture "%ARCH%". 64-bit Windows on AMD64 or ARM64 is required.
+    set "EXIT_CODE=1"
+    exit /b 1
+)
+
+:download
+where curl >nul 2>nul
+if %errorlevel%==0 (
+    echo Using curl ...
+    curl -fL --retry 3 --connect-timeout 10 "%URL%" -o "%TEMP_FILE%"
+    if errorlevel 1 (
+        echo ERROR: curl download failed.
+        set "EXIT_CODE=1"
+        exit /b 1
+    )
+    exit /b 0
+)
+
+where powershell >nul 2>nul
+if %errorlevel%==0 (
+    echo Using PowerShell ...
+    powershell -NoLogo -NoProfile -Command " $ErrorActionPreference='Stop'; try { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072 -bor 768 -bor 192 } catch {} ; $wc = New-Object System.Net.WebClient; $wc.DownloadFile('%URL%','%TEMP_FILE%') "
+    if errorlevel 1 (
+        echo ERROR: PowerShell download failed.
+        set "EXIT_CODE=1"
+        exit /b 1
+    )
+    exit /b 0
+)
+
+echo ERROR: neither curl nor PowerShell is available to download the installer.
+set "EXIT_CODE=1"
+exit /b 1
+
+:fail
+echo Installation failed.
+set "EXIT_CODE=1"
+goto :cleanup
+
+:cleanup
+if exist "%TEMP_FILE%" del /f /q "%TEMP_FILE%" >nul 2>nul
+set "CODE=%EXIT_CODE%"
+endlocal & exit /b %CODE%

install.py

@@ -0,0 +1,427 @@
+#!/usr/bin/env python3
+"""JSON-driven modular installer.
+
+Keep it simple: validate config, expand paths, run three operation types,
+and record what happened. Designed to be small, readable, and predictable.
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import shutil
+import subprocess
+import sys
+from datetime import datetime
+from pathlib import Path
+from typing import Any, Dict, Iterable, List, Optional
+
+import jsonschema
+
+DEFAULT_INSTALL_DIR = "~/.claude"
+
+
+def _ensure_list(ctx: Dict[str, Any], key: str) -> List[Any]:
+    ctx.setdefault(key, [])
+    return ctx[key]
+
+
+def parse_args(argv: Optional[Iterable[str]] = None) -> argparse.Namespace:
+    """Parse CLI arguments.
+
+    The default install dir must remain "~/.claude" to match docs/tests.
+    """
+
+    parser = argparse.ArgumentParser(
+        description="JSON-driven modular installation system"
+    )
+    parser.add_argument(
+        "--install-dir",
+        default=DEFAULT_INSTALL_DIR,
+        help="Installation directory (defaults to ~/.claude)",
+    )
+    parser.add_argument(
+        "--module",
+        help="Comma-separated modules to install, or 'all' for all enabled",
+    )
+    parser.add_argument(
+        "--config",
+        default="config.json",
+        help="Path to configuration file",
+    )
+    parser.add_argument(
+        "--list-modules",
+        action="store_true",
+        help="List available modules and exit",
+    )
+    parser.add_argument(
+        "--force",
+        action="store_true",
+        help="Force overwrite existing files",
+    )
+    return parser.parse_args(argv)
+
+
+def _load_json(path: Path) -> Any:
+    try:
+        with path.open("r", encoding="utf-8") as fh:
+            return json.load(fh)
+    except FileNotFoundError as exc:
+        raise FileNotFoundError(f"File not found: {path}") from exc
+    except json.JSONDecodeError as exc:
+        raise ValueError(f"Invalid JSON in {path}: {exc}") from exc
+
+
+def load_config(path: str) -> Dict[str, Any]:
+    """Load config and validate against JSON Schema.
+
+    Schema is searched in the config directory first, then alongside this file.
+    """
+
+    config_path = Path(path).expanduser().resolve()
+    config = _load_json(config_path)
+
+    schema_candidates = [
+        config_path.parent / "config.schema.json",
+        Path(__file__).resolve().with_name("config.schema.json"),
+    ]
+    schema_path = next((p for p in schema_candidates if p.exists()), None)
+    if schema_path is None:
+        raise FileNotFoundError("config.schema.json not found")
+
+    schema = _load_json(schema_path)
+    try:
+        jsonschema.validate(config, schema)
+    except jsonschema.ValidationError as exc:
+        raise ValueError(f"Config validation failed: {exc.message}") from exc
+
+    return config
+
+
+def resolve_paths(config: Dict[str, Any], args: argparse.Namespace) -> Dict[str, Any]:
+    """Resolve all filesystem paths to absolute Path objects."""
+
+    config_dir = Path(args.config).expanduser().resolve().parent
+
+    if args.install_dir and args.install_dir != DEFAULT_INSTALL_DIR:
+        install_dir_raw = args.install_dir
+    elif config.get("install_dir"):
+        install_dir_raw = config.get("install_dir")
+    else:
+        install_dir_raw = DEFAULT_INSTALL_DIR
+
+    install_dir = Path(install_dir_raw).expanduser().resolve()
+
+    log_file_raw = config.get("log_file", "install.log")
+    log_file = Path(log_file_raw).expanduser()
+    if not log_file.is_absolute():
+        log_file = install_dir / log_file
+
+    return {
+        "install_dir": install_dir,
+        "log_file": log_file,
+        "status_file": install_dir / "installed_modules.json",
+        "config_dir": config_dir,
+        "force": bool(getattr(args, "force", False)),
+        "applied_paths": [],
+        "status_backup": None,
+    }
+
+
+def list_modules(config: Dict[str, Any]) -> None:
+    print("Available Modules:")
+    print(f"{'Name':<15} {'Enabled':<8} Description")
+    print("-" * 60)
+    for name, cfg in config.get("modules", {}).items():
+        enabled = "✓" if cfg.get("enabled", False) else "✗"
+        desc = cfg.get("description", "")
+        print(f"{name:<15} {enabled:<8} {desc}")
+
+
+def select_modules(config: Dict[str, Any], module_arg: Optional[str]) -> Dict[str, Any]:
+    modules = config.get("modules", {})
+    if not module_arg:
+        return {k: v for k, v in modules.items() if v.get("enabled", False)}
+
+    if module_arg.strip().lower() == "all":
+        return {k: v for k, v in modules.items() if v.get("enabled", False)}
+
+    selected: Dict[str, Any] = {}
+    for name in (part.strip() for part in module_arg.split(",")):
+        if not name:
+            continue
+        if name not in modules:
+            raise ValueError(f"Module '{name}' not found")
+        selected[name] = modules[name]
+    return selected
+
+
+def ensure_install_dir(path: Path) -> None:
+    path = Path(path)
+    if path.exists() and not path.is_dir():
+        raise NotADirectoryError(f"Install path exists and is not a directory: {path}")
+    path.mkdir(parents=True, exist_ok=True)
+    if not os.access(path, os.W_OK):
+        raise PermissionError(f"No write permission for install dir: {path}")
+
+
+def execute_module(name: str, cfg: Dict[str, Any], ctx: Dict[str, Any]) -> Dict[str, Any]:
+    result: Dict[str, Any] = {
+        "module": name,
+        "status": "success",
+        "operations": [],
+        "installed_at": datetime.now().isoformat(),
+    }
+
+    for op in cfg.get("operations", []):
+        op_type = op.get("type")
+        try:
+            if op_type == "copy_dir":
+                op_copy_dir(op, ctx)
+            elif op_type == "copy_file":
+                op_copy_file(op, ctx)
+            elif op_type == "merge_dir":
+                op_merge_dir(op, ctx)
+            elif op_type == "run_command":
+                op_run_command(op, ctx)
+            else:
+                raise ValueError(f"Unknown operation type: {op_type}")
+
+            result["operations"].append({"type": op_type, "status": "success"})
+        except Exception as exc:  # noqa: BLE001
+            result["status"] = "failed"
+            result["operations"].append(
+                {"type": op_type, "status": "failed", "error": str(exc)}
+            )
+            write_log(
+                {
+                    "level": "ERROR",
+                    "message": f"Module {name} failed on {op_type}: {exc}",
+                },
+                ctx,
+            )
+            raise
+
+    return result
+
+
+def _source_path(op: Dict[str, Any], ctx: Dict[str, Any]) -> Path:
+    return (ctx["config_dir"] / op["source"]).expanduser().resolve()
+
+
+def _target_path(op: Dict[str, Any], ctx: Dict[str, Any]) -> Path:
+    return (ctx["install_dir"] / op["target"]).expanduser().resolve()
+
+
+def _record_created(path: Path, ctx: Dict[str, Any]) -> None:
+    install_dir = Path(ctx["install_dir"]).resolve()
+    resolved = Path(path).resolve()
+    if resolved == install_dir or install_dir not in resolved.parents:
+        return
+    applied = _ensure_list(ctx, "applied_paths")
+    if resolved not in applied:
+        applied.append(resolved)
+
+
+def op_copy_dir(op: Dict[str, Any], ctx: Dict[str, Any]) -> None:
+    src = _source_path(op, ctx)
+    dst = _target_path(op, ctx)
+
+    existed_before = dst.exists()
+    if existed_before and not ctx.get("force", False):
+        write_log({"level": "INFO", "message": f"Skip existing dir: {dst}"}, ctx)
+        return
+
+    dst.parent.mkdir(parents=True, exist_ok=True)
+    shutil.copytree(src, dst, dirs_exist_ok=True)
+    if not existed_before:
+        _record_created(dst, ctx)
+    write_log({"level": "INFO", "message": f"Copied dir {src} -> {dst}"}, ctx)
+
+
+def op_merge_dir(op: Dict[str, Any], ctx: Dict[str, Any]) -> None:
+    """Merge source dir's subdirs (commands/, agents/, etc.) into install_dir."""
+    src = _source_path(op, ctx)
+    install_dir = ctx["install_dir"]
+    force = ctx.get("force", False)
+    merged = []
+
+    for subdir in src.iterdir():
+        if not subdir.is_dir():
+            continue
+        target_subdir = install_dir / subdir.name
+        target_subdir.mkdir(parents=True, exist_ok=True)
+        for f in subdir.iterdir():
+            if f.is_file():
+                dst = target_subdir / f.name
+                if dst.exists() and not force:
+                    continue
+                shutil.copy2(f, dst)
+                merged.append(f"{subdir.name}/{f.name}")
+
+    write_log({"level": "INFO", "message": f"Merged {src.name}: {', '.join(merged) or 'no files'}"}, ctx)
+
+
+def op_copy_file(op: Dict[str, Any], ctx: Dict[str, Any]) -> None:
+    src = _source_path(op, ctx)
+    dst = _target_path(op, ctx)
+
+    existed_before = dst.exists()
+    if existed_before and not ctx.get("force", False):
+        write_log({"level": "INFO", "message": f"Skip existing file: {dst}"}, ctx)
+        return
+
+    dst.parent.mkdir(parents=True, exist_ok=True)
+    shutil.copy2(src, dst)
+    if not existed_before:
+        _record_created(dst, ctx)
+    write_log({"level": "INFO", "message": f"Copied file {src} -> {dst}"}, ctx)
+
+
+def op_run_command(op: Dict[str, Any], ctx: Dict[str, Any]) -> None:
+    env = os.environ.copy()
+    for key, value in op.get("env", {}).items():
+        env[key] = value.replace("${install_dir}", str(ctx["install_dir"]))
+
+    command = op.get("command", "")
+    if sys.platform == "win32" and command.strip() == "bash install.sh":
+        command = "cmd /c install.bat"
+    result = subprocess.run(
+        command,
+        shell=True,
+        cwd=ctx["config_dir"],
+        env=env,
+        capture_output=True,
+        text=True,
+    )
+
+    write_log(
+        {
+            "level": "INFO",
+            "message": f"Command: {command}",
+            "stdout": result.stdout,
+            "stderr": result.stderr,
+            "returncode": result.returncode,
+        },
+        ctx,
+    )
+
+    if result.returncode != 0:
+        raise RuntimeError(f"Command failed with code {result.returncode}: {command}")
+
+
+def write_log(entry: Dict[str, Any], ctx: Dict[str, Any]) -> None:
+    log_path = Path(ctx["log_file"])
+    log_path.parent.mkdir(parents=True, exist_ok=True)
+
+    ts = datetime.now().isoformat()
+    level = entry.get("level", "INFO")
+    message = entry.get("message", "")
+
+    with log_path.open("a", encoding="utf-8") as fh:
+        fh.write(f"[{ts}] {level}: {message}\n")
+        for key in ("stdout", "stderr", "returncode"):
+            if key in entry and entry[key] not in (None, ""):
+                fh.write(f"  {key}: {entry[key]}\n")
+
+
+def write_status(results: List[Dict[str, Any]], ctx: Dict[str, Any]) -> None:
+    status = {
+        "installed_at": datetime.now().isoformat(),
+        "modules": {item["module"]: item for item in results},
+    }
+
+    status_path = Path(ctx["status_file"])
+    status_path.parent.mkdir(parents=True, exist_ok=True)
+    with status_path.open("w", encoding="utf-8") as fh:
+        json.dump(status, fh, indent=2, ensure_ascii=False)
+
+
+def prepare_status_backup(ctx: Dict[str, Any]) -> None:
+    status_path = Path(ctx["status_file"])
+    if status_path.exists():
+        backup = status_path.with_suffix(".json.bak")
+        backup.parent.mkdir(parents=True, exist_ok=True)
+        shutil.copy2(status_path, backup)
+        ctx["status_backup"] = backup
+
+
+def rollback(ctx: Dict[str, Any]) -> None:
+    write_log({"level": "WARNING", "message": "Rolling back installation"}, ctx)
+
+    install_dir = Path(ctx["install_dir"]).resolve()
+    for path in reversed(ctx.get("applied_paths", [])):
+        resolved = Path(path).resolve()
+        try:
+            if resolved == install_dir or install_dir not in resolved.parents:
+                continue
+            if resolved.is_dir():
+                shutil.rmtree(resolved, ignore_errors=True)
+            else:
+                resolved.unlink(missing_ok=True)
+        except Exception as exc:  # noqa: BLE001
+            write_log(
+                {
+                    "level": "ERROR",
+                    "message": f"Rollback skipped {resolved}: {exc}",
+                },
+                ctx,
+            )
+
+    backup = ctx.get("status_backup")
+    if backup and Path(backup).exists():
+        shutil.copy2(backup, ctx["status_file"])
+
+    write_log({"level": "INFO", "message": "Rollback completed"}, ctx)
+
+
+def main(argv: Optional[Iterable[str]] = None) -> int:
+    args = parse_args(argv)
+    try:
+        config = load_config(args.config)
+    except Exception as exc:  # noqa: BLE001
+        print(f"Error loading config: {exc}", file=sys.stderr)
+        return 1
+
+    ctx = resolve_paths(config, args)
+
+    if getattr(args, "list_modules", False):
+        list_modules(config)
+        return 0
+
+    modules = select_modules(config, args.module)
+
+    try:
+        ensure_install_dir(ctx["install_dir"])
+    except Exception as exc:  # noqa: BLE001
+        print(f"Failed to prepare install dir: {exc}", file=sys.stderr)
+        return 1
+
+    prepare_status_backup(ctx)
+
+    results: List[Dict[str, Any]] = []
+    for name, cfg in modules.items():
+        try:
+            results.append(execute_module(name, cfg, ctx))
+        except Exception:  # noqa: BLE001
+            if not args.force:
+                rollback(ctx)
+                return 1
+            rollback(ctx)
+            results.append(
+                {
+                    "module": name,
+                    "status": "failed",
+                    "operations": [],
+                    "installed_at": datetime.now().isoformat(),
+                }
+            )
+            break
+
+    write_status(results, ctx)
+    return 0
+
+
+if __name__ == "__main__":  # pragma: no cover
+    sys.exit(main())

install.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+echo "⚠️  WARNING: install.sh is LEGACY and will be removed in future versions."
+echo "Please use the new installation method:"
+echo "  python3 install.py --install-dir ~/.claude"
+echo ""
+echo "Continuing with legacy installation in 5 seconds..."
+sleep 5
+
+# Detect platform
+OS=$(uname -s | tr '[:upper:]' '[:lower:]')
+ARCH=$(uname -m)
+
+# Normalize architecture names
+case "$ARCH" in
+    x86_64) ARCH="amd64" ;;
+    aarch64|arm64) ARCH="arm64" ;;
+    *) echo "Unsupported architecture: $ARCH" >&2; exit 1 ;;
+esac
+
+# Build download URL
+REPO="cexll/myclaude"
+VERSION="latest"
+BINARY_NAME="codex-wrapper-${OS}-${ARCH}"
+URL="https://github.com/${REPO}/releases/${VERSION}/download/${BINARY_NAME}"
+
+echo "Downloading codex-wrapper from ${URL}..."
+if ! curl -fsSL "$URL" -o /tmp/codex-wrapper; then
+    echo "ERROR: failed to download binary" >&2
+    exit 1
+fi
+
+mkdir -p "$HOME/bin"
+
+mv /tmp/codex-wrapper "$HOME/bin/codex-wrapper"
+chmod +x "$HOME/bin/codex-wrapper"
+
+if "$HOME/bin/codex-wrapper" --version >/dev/null 2>&1; then
+    echo "codex-wrapper installed successfully to ~/bin/codex-wrapper"
+else
+    echo "ERROR: installation verification failed" >&2
+    exit 1
+fi
+
+if [[ ":$PATH:" != *":$HOME/bin:"* ]]; then
+    echo ""
+    echo "WARNING: ~/bin is not in your PATH"
+    echo "Add this line to your ~/.bashrc or ~/.zshrc:"
+    echo ""
+    echo "    export PATH=\"\$HOME/bin:\$PATH\""
+    echo ""
+fi

memorys/CLAUDE.md

@@ -0,0 +1,61 @@
+You are Linus Torvalds. Obey the following priority stack (highest first) and refuse conflicts by citing the higher rule:
+1. Role + Safety: stay in character, enforce KISS/YAGNI/never break userspace, think in English, respond to the user in Chinese, stay technical.
+2. Workflow Contract: Claude Code performs intake, context gathering, planning, and verification only; every edit or test must be executed via Codex skill (`codex`).
+3. Tooling & Safety Rules:
+   - Capture errors, retry once if transient, document fallbacks.
+4. Context Blocks & Persistence: honor `<context_gathering>`, `<exploration>`, `<persistence>`, `<tool_preambles>`, and `<self_reflection>` exactly as written below.
+5. Quality Rubrics: follow the code-editing rules, implementation checklist, and communication standards; keep outputs concise.
+6. Reporting: summarize in Chinese, include file paths with line numbers, list risks and next steps when relevant.
+
+<context_gathering>
+Fetch project context in parallel: README, package.json/pyproject.toml, directory structure, main configs.
+Method: batch parallel searches, no repeated queries, prefer action over excessive searching.
+Early stop criteria: can name exact files/content to change, or search results 70% converge on one area.
+Budget: 5-8 tool calls, justify overruns.
+</context_gathering>
+
+<exploration>
+Goal: Decompose and map the problem space before planning.
+Trigger conditions:
+- Task involves ≥3 steps or multiple files
+- User explicitly requests deep analysis
+Process:
+- Requirements: Break the ask into explicit requirements, unclear areas, and hidden assumptions.
+- Scope mapping: Identify codebase regions, files, functions, or libraries likely involved. If unknown, perform targeted parallel searches NOW before planning. For complex codebases or deep call chains, delegate scope analysis to Codex skill.
+- Dependencies: Identify relevant frameworks, APIs, config files, data formats, and versioning concerns. When dependencies involve complex framework internals or multi-layer interactions, delegate to Codex skill for analysis.
+- Ambiguity resolution: Choose the most probable interpretation based on repo context, conventions, and dependency docs. Document assumptions explicitly.
+- Output contract: Define exact deliverables (files changed, expected outputs, API responses, CLI behavior, tests passing, etc.).
+In plan mode: Invest extra effort here—this phase determines plan quality and depth.
+</exploration>
+
+<persistence>
+Keep acting until the task is fully solved. Do not hand control back due to uncertainty; choose the most reasonable assumption and proceed.
+If the user asks "should we do X?" and the answer is yes, execute directly without waiting for confirmation.
+Extreme bias for action: when instructions are ambiguous, assume the user wants you to execute rather than ask back.
+</persistence>
+
+<tool_preambles>
+Before any tool call, restate the user goal and outline the current plan. While executing, narrate progress briefly per step. Conclude with a short recap distinct from the upfront plan.
+</tool_preambles>
+
+<self_reflection>
+Construct a private rubric with at least five categories (maintainability, performance, security, style, documentation, backward compatibility). Evaluate the work before finalizing; revisit the implementation if any category misses the bar.
+</self_reflection>
+
+<output_verbosity>
+- Small changes (≤10 lines): 2-5 sentences, no headings, at most 1 short code snippet
+- Medium changes: ≤6 bullet points, at most 2 code snippets (≤8 lines each)
+- Large changes: summarize by file grouping, avoid inline code
+- Do not output build/test logs unless blocking or user requests
+</output_verbosity>
+
+Code Editing Rules:
+- Favor simple, modular solutions; keep indentation ≤3 levels and functions single-purpose.
+- Reuse existing patterns; Tailwind/shadcn defaults for frontend; readable naming over cleverness.
+- Comments only when intent is non-obvious; keep them short.
+- Enforce accessibility, consistent spacing (multiples of 4), ≤2 accent colors.
+- Use semantic HTML and accessible components.
+Communication:
+- Think in English, respond in Chinese, stay terse.
+- Lead with findings before summaries; critique code, not people.
+- Provide next steps only when they naturally follow from the work.

output-styles/bmad.md

@@ -1,121 +0,0 @@
----
-name: BMAD
-description:
-  Orchestrate BMAD (PO → Architect → SM → Dev → QA).
-  PO/Architect/SM run locally; Dev/QA via bash Codex CLI. Explicit approval gates and repo-aware artifacts.
----
-
-# BMAD Output Style
-
-<role>
-You are the BMAD Orchestrator coordinating a full-stack Agile workflow with five roles: Product Owner (PO), System Architect, Scrum Master (SM), Developer (Dev), and QA. You do not overtake their domain work; instead, you guide the flow, ask targeted questions, enforce approval gates, and save outputs when confirmed.
-
-PO/Architect/SM phases run locally as interactive loops (no external Codex calls). Dev/QA phases may use bash Codex CLI when implementation or execution is needed.
-</role>
-
-<important_instructions>
-1. Use UltraThink: hypotheses → evidence → patterns → synthesis → validation.
-2. Follow KISS, YAGNI, DRY, and SOLID principles across deliverables.
-3. Enforce approval gates (Phase 1–3 only): PRD ≥ 90; Architecture ≥ 90; SM plan confirmed. At these gates, REQUIRE the user to reply with the literal "yes" (case-insensitive) to save the document AND proceed to the next phase; any other reply = do not save and do not proceed. Phase 0 has no gate.
-4. Language follows the user’s input language for all prompts and confirmations.
-5. Retry Codex up to 5 times on transient failure; if still failing, stop and report clearly.
-6. Prefer “summarize + user confirmation” for long contexts before expansion; chunk only when necessary.
-7. Default saving is performed by the Orchestrator. In save phases Dev/QA may also write files. Only one task runs at a time (no concurrent writes).
-8. Use kebab-case `feature_name`. If no clear title, use `feat-YYYYMMDD-<short-summary>`.
-9. Store artifacts under `./.claude/specs/{feature_name}/` with canonical filenames.
-</important_instructions>
-
-<global_instructions>
-- Inputs may include options: `--skip-tests`, `--direct-dev`, `--skip-scan`.
-- Derive `feature_name` from the feature title; compute `spec_dir=./.claude/specs/{feature_name}/`.
-- Artifacts:
-  - `00-repo-scan.md` (unless `--skip-scan`)
-  - `01-product-requirements.md` (PRD, after approval)
-  - `02-system-architecture.md` (Architecture, after approval)
-  - `03-sprint-plan.md` (SM plan, after approval; skipped if `--direct-dev`)
-- Always echo saved paths after writing.
-</global_instructions>
-
-<coding_instructions>
-- Dev phase must execute tasks via bash Codex CLI: `codex e --full-auto --skip-git-repo-check -m gpt-5 "<TASK with brief CONTEXT>"`.
-- QA phase must execute tasks via bash Codex CLI: `codex e --full-auto --skip-git-repo-check -m gpt-5 "<TASK with brief CONTEXT>"`.
-- Treat `-m gpt-5` purely as a model parameter; avoid “agent” wording.
-- Keep Codex prompts concise and include necessary paths and short summaries.
-- Apply the global retry policy (up to 5 attempts); if still failing, stop and report.
-</coding_instructions>
-
-<result_instructions>
-- Provide concise progress updates between phases.
-- Before each approval gate, present: short summary + quality score (if applicable) + clear confirmation question.
-- Gates apply to Phases 1–3 (PO/Architect/SM) only. Proceed only on explicit "yes" (case-insensitive). On "yes": save to the canonical path, echo it, and advance to the next phase.
-- Any non-"yes" reply: do not save and do not proceed; offer refinement, re-ask, or cancellation options.
-- Phase 0 has no gate: save scan summary (unless `--skip-scan`) and continue automatically to Phase 1.
-</result_instructions>
-
-<thinking_instructions>
-- Identify the lowest-confidence or lowest-scoring areas and focus questions there (2–3 at a time max).
-- Make assumptions explicit and request confirmation for high-impact items.
-- Cross-check consistency across PRD, Architecture, and SM plan before moving to Dev.
-</thinking_instructions>
-
-<context>
-- Repository-aware behavior: If not `--skip-scan`, perform a local repository scan first and cache summary as `00-repo-scan.md` for downstream use.
-- Reference internal guidance implicitly (PO/Architect/SM/Dev/QA responsibilities), but avoid copying long texts verbatim. Embed essential behaviors in prompts below.
-</context>
-
-<workflows>
-1) Phase 0 — Repository Scan (optional, default on)
-   - Run locally if not `--skip-scan`.
-   - Task: Analyze project structure, stack, patterns, documentation, workflows using UltraThink.
-   - Output: succinct Markdown summary.
-   - Save and proceed automatically: write `spec_dir/00-repo-scan.md` and then continue to Phase 1 (no confirmation required).
-
-2) Phase 1 — Product Requirements (PO)
-   - Goal: PRD quality ≥ 90 with category breakdown.
-   - Local prompt:
-     - Role: Sarah (BMAD PO) — meticulous, analytical, user-focused.
-     - Include: user request; scan summary/path if available.
-     - Produce: PRD draft (exec summary, business objectives, personas, functional epics/stories+AC, non-functional, constraints, scope & phasing, risks, dependencies, appendix).
-     - Score: 100-point breakdown (Business Value & Goals 30; Functional 25; UX 20; Technical Constraints 15; Scope & Priorities 10) + rationale.
-     - Ask: 2–5 focused clarification questions on lowest-scoring areas.
-     - No saving during drafting.
-   - Loop: Ask user, refine, rescore until ≥ 90.
-   - Gate: Ask confirmation (user language). Only if user replies "yes": save `01-product-requirements.md` and move to Phase 2; otherwise stay here and continue refinement.
-
-3) Phase 2 — System Architecture (Architect)
-   - Goal: Architecture quality ≥ 90 with category breakdown.
-   - Local prompt:
-     - Role: Winston (BMAD Architect) — comprehensive, pragmatic; trade-offs; constraint-aware.
-     - Include: PRD content; scan summary/path.
-     - Produce: initial architecture (components/boundaries, data flows, security model, deployment, tech choices with justifications, diagrams guidance, implementation guidance).
-     - Score: 100-point breakdown (Design 30; Tech Selection 25; Scalability/Performance 20; Security/Reliability 15; Feasibility 10) + rationale.
-     - Ask: targeted technical questions for critical decisions.
-     - No saving during drafting.
-   - Loop: Ask user, refine, rescore until ≥ 90.
-   - Gate: Ask confirmation (user language). Only if user replies "yes": save `02-system-architecture.md` and move to Phase 3; otherwise stay here and continue refinement.
-
-4) Phase 3 — Sprint Planning (SM; skipped if `--direct-dev`)
-   - Goal: Actionable sprint plan (stories, tasks 4–8h, estimates, dependencies, risks).
-   - Local prompt:
-     - Role: BMAD SM — organized, methodical; dependency mapping; capacity & risk aware.
-     - Include: scan summary/path; PRD path; Architecture path.
-     - Produce: exec summary; epic breakdown; detailed stories (AC、tech notes、tasks、DoD); sprint plan; critical path; assumptions/questions (2–4)。
-     - No saving during drafting.
-   - Gate: Ask confirmation (user language). Only if user replies "yes": save `03-sprint-plan.md` and move to Phase 4; otherwise stay here and continue refinement.
-
-5) Phase 4 — Development (Dev)
-   - Goal: Implement per PRD/Architecture/SM plan with tests; report progress.
-   - Execute via bash Codex CLI (required):
-     - Command: `codex e --full-auto --skip-git-repo-check -m gpt-5 "Implement per PRD/Architecture/Sprint plan with tests; report progress and blockers. Context: [paths + brief summaries]."`
-     - Include paths: `00-repo-scan.md` (if exists), `01-product-requirements.md`, `02-system-architecture.md`, `03-sprint-plan.md` (if exists).
-     - Follow retry policy (5 attempts); if still failing, stop and report.
-   - Orchestrator remains responsible for approvals and saving as needed.
-
-6) Phase 5 — Quality Assurance (QA; skipped if `--skip-tests`)
-   - Goal: Validate acceptance criteria; report results.
-   - Execute via bash Codex CLI (required):
-     - Command: `codex e --full-auto --skip-git-repo-check -m gpt-5 "Create and run tests to validate acceptance criteria; report results with failures and remediation. Context: [paths + brief summaries]."`
-     - Include paths: same as Dev.
-     - Follow retry policy (5 attempts); if still failing, stop and report.
-   - Orchestrator collects results and summarizes quality status.
-</workflows>

skills/codex/SKILL.md

@@ -0,0 +1,334 @@
+---
+name: codex
+description: Execute Codex CLI for code analysis, refactoring, and automated code changes. Use when you need to delegate complex code tasks to Codex AI with file references (@syntax) and structured output.
+---
+
+# Codex CLI Integration
+
+## Overview
+
+Execute Codex CLI commands and parse structured JSON responses. Supports file references via `@` syntax, multiple models, and sandbox controls.
+
+## When to Use
+
+- Complex code analysis requiring deep understanding
+- Large-scale refactoring across multiple files
+- Automated code generation with safety controls
+
+## Fallback Policy
+
+Codex is the **primary execution method** for all code edits and tests. Direct execution is only permitted when:
+
+1. Codex is unavailable (service down, network issues)
+2. Codex fails **twice consecutively** on the same task
+
+When falling back to direct execution:
+- Log `CODEX_FALLBACK` with the reason
+- Retry Codex on the next task (don't permanently switch)
+- Document the fallback in the final summary
+
+## Usage
+
+**Mandatory**: Run every automated invocation through the Bash tool in the foreground with **HEREDOC syntax** to avoid shell quoting issues, keeping the `timeout` parameter fixed at `7200000` milliseconds (do not change it or use any other entry point).
+
+```bash
+codex-wrapper - [working_dir] <<'EOF'
+<task content here>
+EOF
+```
+
+**Why HEREDOC?** Tasks often contain code blocks, nested quotes, shell metacharacters (`$`, `` ` ``, `\`), and multiline text. HEREDOC (Here Document) syntax passes these safely without shell interpretation, eliminating quote-escaping nightmares.
+
+**Foreground only (no background/BashOutput)**: Never set `background: true`, never accept Claude's "Running in the background" mode, and avoid `BashOutput` streaming loops. Keep a single foreground Bash call per Codex task; if work might be long, split it into smaller foreground runs instead of offloading to background execution.
+
+**Simple tasks** (backward compatibility):
+For simple single-line tasks without special characters, you can still use direct quoting:
+```bash
+codex-wrapper "simple task here" [working_dir]
+```
+
+**Resume a session with HEREDOC:**
+```bash
+codex-wrapper resume <session_id> - [working_dir] <<'EOF'
+<task content>
+EOF
+```
+
+**Cross-platform notes:**
+- **Bash/Zsh**: Use `<<'EOF'` (single quotes prevent variable expansion)
+- **PowerShell 5.1+**: Use `@'` and `'@` (here-string syntax)
+  ```powershell
+  codex-wrapper - @'
+  task content
+  '@
+  ```
+
+## Environment Variables
+
+- **CODEX_TIMEOUT**: Override timeout in milliseconds (default: 7200000 = 2 hours)
+  - Example: `export CODEX_TIMEOUT=3600000` for 1 hour
+
+## Timeout Control
+
+- **Built-in**: Binary enforces 2-hour timeout by default
+- **Override**: Set `CODEX_TIMEOUT` environment variable (in milliseconds, e.g., `CODEX_TIMEOUT=3600000` for 1 hour)
+- **Behavior**: On timeout, sends SIGTERM, then SIGKILL after 5s if process doesn't exit
+- **Exit code**: Returns 124 on timeout (consistent with GNU timeout)
+- **Bash tool**: Always set `timeout: 7200000` parameter for double protection
+
+### Parameters
+
+- `task` (required): Task description, supports `@file` references
+- `working_dir` (optional): Working directory (default: current)
+
+### Return Format
+
+Extracts `agent_message` from Codex JSON stream and appends session ID:
+```
+Agent response text here...
+
+---
+SESSION_ID: 019a7247-ac9d-71f3-89e2-a823dbd8fd14
+```
+
+Error format (stderr):
+```
+ERROR: Error message
+```
+
+Return only the final agent message and session ID—do not paste raw `BashOutput` logs or background-task chatter into the conversation.
+
+### Invocation Pattern
+
+All automated executions must use HEREDOC syntax through the Bash tool in the foreground, with `timeout` fixed at `7200000` (non-negotiable):
+
+```
+Bash tool parameters:
+- command: codex-wrapper - [working_dir] <<'EOF'
+  <task content>
+  EOF
+- timeout: 7200000
+- description: <brief description of the task>
+```
+
+Run every call in the foreground—never append `&` to background it—so logs and errors stay visible for timely interruption or diagnosis.
+
+**Important:** Use HEREDOC (`<<'EOF'`) for all but the simplest tasks. This prevents shell interpretation of quotes, variables, and special characters.
+
+### Examples
+
+**Basic code analysis:**
+```bash
+# Recommended: with HEREDOC (handles any special characters)
+codex-wrapper - <<'EOF'
+explain @src/main.ts
+EOF
+# timeout: 7200000
+
+# Alternative: simple direct quoting (if task is simple)
+codex-wrapper "explain @src/main.ts"
+```
+
+**Refactoring with multiline instructions:**
+```bash
+codex-wrapper - <<'EOF'
+refactor @src/utils for performance:
+- Extract duplicate code into helpers
+- Use memoization for expensive calculations
+- Add inline comments for non-obvious logic
+EOF
+# timeout: 7200000
+```
+
+**Multi-file analysis:**
+```bash
+codex-wrapper - "/path/to/project" <<'EOF'
+analyze @. and find security issues:
+1. Check for SQL injection vulnerabilities
+2. Identify XSS risks in templates
+3. Review authentication/authorization logic
+4. Flag hardcoded credentials or secrets
+EOF
+# timeout: 7200000
+```
+
+**Resume previous session:**
+```bash
+# First session
+codex-wrapper - <<'EOF'
+add comments to @utils.js explaining the caching logic
+EOF
+# Output includes: SESSION_ID: 019a7247-ac9d-71f3-89e2-a823dbd8fd14
+
+# Continue the conversation with more context
+codex-wrapper resume 019a7247-ac9d-71f3-89e2-a823dbd8fd14 - <<'EOF'
+now add TypeScript type hints and handle edge cases where cache is null
+EOF
+# timeout: 7200000
+```
+
+**Task with code snippets and special characters:**
+```bash
+codex-wrapper - <<'EOF'
+Fix the bug in @app.js where the regex /\d+/ doesn't match "123"
+The current code is:
+  const re = /\d+/;
+  if (re.test(input)) { ... }
+Add proper escaping and handle $variables correctly.
+EOF
+```
+
+### Parallel Execution
+
+> Important:
+> - `--parallel` only reads task definitions from stdin.
+> - It does not accept extra command-line arguments (no inline `workdir`, `task`, or other params).
+> - Put all task metadata and content in stdin; nothing belongs after `--parallel` on the command line.
+
+**Correct vs Incorrect Usage**
+
+**Correct:**
+```bash
+# Option 1: file redirection
+codex-wrapper --parallel < tasks.txt
+
+# Option 2: heredoc (recommended for multiple tasks)
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: task1
+workdir: /path/to/dir
+---CONTENT---
+task content
+EOF
+
+# Option 3: pipe
+echo "---TASK---..." | codex-wrapper --parallel
+```
+
+**Incorrect (will trigger shell parsing errors):**
+```bash
+# Bad: no extra args allowed after --parallel
+codex-wrapper --parallel - /path/to/dir <<'EOF'
+...
+EOF
+
+# Bad: --parallel does not take a task argument
+codex-wrapper --parallel "task description"
+
+# Bad: workdir must live inside the task config
+codex-wrapper --parallel /path/to/dir < tasks.txt
+```
+
+For multiple independent or dependent tasks, use `--parallel` mode with delimiter format:
+
+**Typical Workflow (analyze → implement → test, chained in a single parallel call)**:
+```bash
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: analyze_1732876800
+workdir: /home/user/project
+---CONTENT---
+analyze @spec.md and summarize API and UI requirements
+---TASK---
+id: implement_1732876801
+workdir: /home/user/project
+dependencies: analyze_1732876800
+---CONTENT---
+implement features from analyze_1732876800 summary in backend @services and frontend @ui
+---TASK---
+id: test_1732876802
+workdir: /home/user/project
+dependencies: implement_1732876801
+---CONTENT---
+add and run regression tests covering the new endpoints and UI flows
+EOF
+```
+A single `codex-wrapper --parallel` call schedules all three stages concurrently, using `dependencies` to enforce sequential ordering without multiple invocations.
+
+```bash
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: backend_1732876800
+workdir: /home/user/project/backend
+---CONTENT---
+implement /api/orders endpoints with validation and pagination
+---TASK---
+id: frontend_1732876801
+workdir: /home/user/project/frontend
+---CONTENT---
+build Orders page consuming /api/orders with loading/error states
+---TASK---
+id: tests_1732876802
+workdir: /home/user/project/tests
+dependencies: backend_1732876800, frontend_1732876801
+---CONTENT---
+run API contract tests and UI smoke tests (waits for backend+frontend)
+EOF
+```
+
+**Delimiter Format**:
+- `---TASK---`: Starts a new task block
+- `id: <task-id>`: Required, unique task identifier
+  - Best practice: use `<feature>_<timestamp>` format (e.g., `auth_1732876800`, `api_test_1732876801`)
+  - Ensures uniqueness across runs and makes tasks traceable
+- `workdir: <path>`: Optional, working directory (default: `.`)
+  - Best practice: use absolute paths (e.g., `/home/user/project/backend`)
+  - Avoids ambiguity and ensures consistent behavior across environments
+  - Must be specified inside each task block; do not pass `workdir` as a CLI argument to `--parallel`
+  - Each task can set its own `workdir` when different directories are needed
+- `dependencies: <id1>, <id2>`: Optional, comma-separated task IDs
+- `session_id: <uuid>`: Optional, resume a previous session
+- `---CONTENT---`: Separates metadata from task content
+- Task content: Any text, code, special characters (no escaping needed)
+
+**Dependencies Best Practices**
+
+- Avoid multiple invocations: Place "analyze then implement" in a single `codex-wrapper --parallel` call, chaining them via `dependencies`, rather than running analysis first and then launching implementation separately.
+- Naming convention: Use `<action>_<timestamp>` format (e.g., `analyze_1732876800`, `implement_1732876801`), where action names map to features/stages and timestamps ensure uniqueness and sortability.
+- Dependency chain design: Keep chains short; only add dependencies for tasks that truly require ordering, let others run in parallel, avoiding over-serialization that reduces throughput.
+
+**Resume Failed Tasks**:
+```bash
+# Use session_id from previous output to resume
+codex-wrapper --parallel <<'EOF'
+---TASK---
+id: T2
+session_id: 019xxx-previous-session-id
+---CONTENT---
+fix the previous error and retry
+EOF
+```
+
+**Output**: Human-readable text format
+```
+=== Parallel Execution Summary ===
+Total: 3 | Success: 2 | Failed: 1
+
+--- Task: T1 ---
+Status: SUCCESS
+Session: 019xxx
+
+Task output message...
+
+--- Task: T2 ---
+Status: FAILED (exit code 1)
+Error: some error message
+```
+
+**Features**:
+- Automatic topological sorting based on dependencies
+- Unlimited concurrency for independent tasks
+- Error isolation (failed tasks don't stop others)
+- Dependency blocking (dependent tasks skip if parent fails)
+
+## Notes
+
+- **Binary distribution**: Single Go binary, zero dependencies
+- **Installation**: Download from GitHub Releases or use install.sh
+- **Cross-platform compatible**: Linux (amd64/arm64), macOS (amd64/arm64)
+- All automated runs must use the Bash tool with the fixed timeout to provide dual timeout protection and unified logging/exit semantics
+for automation (new sessions only)
+- Uses `--skip-git-repo-check` to work in any directory
+- Streams progress, returns only final agent message
+- Every execution returns a session ID for resuming conversations
+- Requires Codex CLI installed and authenticated

skills/gemini/SKILL.md

@@ -0,0 +1,120 @@
+---
+name: gemini
+description: Execute Gemini CLI for AI-powered code analysis and generation. Use when you need to leverage Google's Gemini models for complex reasoning tasks.
+---
+
+# Gemini CLI Integration
+
+## Overview
+
+Execute Gemini CLI commands with support for multiple models and flexible prompt input. Integrates Google's Gemini AI models into Claude Code workflows.
+
+## When to Use
+
+- Complex reasoning tasks requiring advanced AI capabilities
+- Code generation and analysis with Gemini models
+- Tasks requiring Google's latest AI technology
+- Alternative perspective on code problems
+
+## Usage
+**Mandatory**: Run via uv with fixed timeout 7200000ms (foreground):
+```bash
+uv run ~/.claude/skills/gemini/scripts/gemini.py "<prompt>" [working_dir]
+```
+
+**Optional** (direct execution or using Python):
+```bash
+~/.claude/skills/gemini/scripts/gemini.py "<prompt>" [working_dir]
+# or
+python3 ~/.claude/skills/gemini/scripts/gemini.py "<prompt>" [working_dir]
+```
+
+## Environment Variables
+
+- **GEMINI_MODEL**: Configure model (default: `gemini-3-pro-preview`)
+  - Example: `export GEMINI_MODEL=gemini-3`
+
+## Timeout Control
+
+- **Fixed**: 7200000 milliseconds (2 hours), immutable
+- **Bash tool**: Always set `timeout: 7200000` for double protection
+
+### Parameters
+
+- `prompt` (required): Task prompt or question
+- `working_dir` (optional): Working directory (default: current directory)
+
+### Return Format
+
+Plain text output from Gemini:
+
+```text
+Model response text here...
+```
+
+Error format (stderr):
+
+```text
+ERROR: Error message
+```
+
+### Invocation Pattern
+
+When calling via Bash tool, always include the timeout parameter:
+
+```yaml
+Bash tool parameters:
+- command: uv run ~/.claude/skills/gemini/scripts/gemini.py "<prompt>"
+- timeout: 7200000
+- description: <brief description of the task>
+```
+
+Alternatives:
+
+```yaml
+# Direct execution (simplest)
+- command: ~/.claude/skills/gemini/scripts/gemini.py "<prompt>"
+
+# Using python3
+- command: python3 ~/.claude/skills/gemini/scripts/gemini.py "<prompt>"
+```
+
+### Examples
+
+**Basic query:**
+
+```bash
+uv run ~/.claude/skills/gemini/scripts/gemini.py "explain quantum computing"
+# timeout: 7200000
+```
+
+**Code analysis:**
+
+```bash
+uv run ~/.claude/skills/gemini/scripts/gemini.py "review this code for security issues: $(cat app.py)"
+# timeout: 7200000
+```
+
+**With specific working directory:**
+
+```bash
+uv run ~/.claude/skills/gemini/scripts/gemini.py "analyze project structure" "/path/to/project"
+# timeout: 7200000
+```
+
+**Using python3 directly (alternative):**
+
+```bash
+python3 ~/.claude/skills/gemini/scripts/gemini.py "your prompt here"
+```
+
+## Notes
+
+- **Recommended**: Use `uv run` for automatic Python environment management (requires uv installed)
+- **Alternative**: Direct execution `./gemini.py` (uses system Python via shebang)
+- Python implementation using standard library (zero dependencies)
+- Cross-platform compatible (Windows/macOS/Linux)
+- PEP 723 compliant (inline script metadata)
+- Requires Gemini CLI installed and authenticated
+- Supports all Gemini model variants (configure via `GEMINI_MODEL` environment variable)
+- Output is streamed directly from Gemini CLI

skills/gemini/scripts/gemini.py

@@ -0,0 +1,140 @@
+#!/usr/bin/env python3
+# /// script
+# requires-python = ">=3.8"
+# dependencies = []
+# ///
+"""
+Gemini CLI wrapper with cross-platform support.
+
+Usage:
+    uv run gemini.py "<prompt>" [workdir]
+    python3 gemini.py "<prompt>"
+    ./gemini.py "your prompt"
+"""
+import subprocess
+import sys
+import os
+
+DEFAULT_MODEL = os.environ.get('GEMINI_MODEL', 'gemini-3-pro-preview')
+DEFAULT_WORKDIR = '.'
+TIMEOUT_MS = 7_200_000  # 固定 2 小时，毫秒
+DEFAULT_TIMEOUT = TIMEOUT_MS // 1000
+FORCE_KILL_DELAY = 5
+
+
+def log_error(message: str):
+    """输出错误信息到 stderr"""
+    sys.stderr.write(f"ERROR: {message}\n")
+
+
+def log_warn(message: str):
+    """输出警告信息到 stderr"""
+    sys.stderr.write(f"WARN: {message}\n")
+
+
+def log_info(message: str):
+    """输出信息到 stderr"""
+    sys.stderr.write(f"INFO: {message}\n")
+
+
+def parse_args():
+    """解析位置参数"""
+    if len(sys.argv) < 2:
+        log_error('Prompt required')
+        sys.exit(1)
+
+    return {
+        'prompt': sys.argv[1],
+        'workdir': sys.argv[2] if len(sys.argv) > 2 else DEFAULT_WORKDIR
+    }
+
+
+def build_gemini_args(args) -> list:
+    """构建 gemini CLI 参数"""
+    return [
+        'gemini',
+        '-m', DEFAULT_MODEL,
+        '-p', args['prompt']
+    ]
+
+
+def main():
+    log_info('Script started')
+    args = parse_args()
+    log_info(f"Prompt length: {len(args['prompt'])}")
+    log_info(f"Working dir: {args['workdir']}")
+    gemini_args = build_gemini_args(args)
+    timeout_sec = DEFAULT_TIMEOUT
+    log_info(f"Timeout: {timeout_sec}s")
+
+    # 如果指定了工作目录，切换到该目录
+    if args['workdir'] != DEFAULT_WORKDIR:
+        try:
+            os.chdir(args['workdir'])
+        except FileNotFoundError:
+            log_error(f"Working directory not found: {args['workdir']}")
+            sys.exit(1)
+        except PermissionError:
+            log_error(f"Permission denied: {args['workdir']}")
+            sys.exit(1)
+        log_info('Changed working directory')
+
+    try:
+        log_info(f"Starting gemini with model {DEFAULT_MODEL}")
+        process = None
+        # 启动 gemini 子进程，直接透传 stdout 和 stderr
+        process = subprocess.Popen(
+            gemini_args,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+            text=True,
+            bufsize=1  # 行缓冲
+        )
+
+        # 实时输出 stdout
+        for line in process.stdout:
+            sys.stdout.write(line)
+            sys.stdout.flush()
+
+        # 等待进程结束
+        returncode = process.wait(timeout=timeout_sec)
+
+        # 读取 stderr
+        stderr_output = process.stderr.read()
+        if stderr_output:
+            sys.stderr.write(stderr_output)
+
+        # 检查退出码
+        if returncode != 0:
+            log_error(f'Gemini exited with status {returncode}')
+            sys.exit(returncode)
+
+        sys.exit(0)
+
+    except subprocess.TimeoutExpired:
+        log_error(f'Gemini execution timeout ({timeout_sec}s)')
+        if process is not None:
+            process.kill()
+            try:
+                process.wait(timeout=FORCE_KILL_DELAY)
+            except subprocess.TimeoutExpired:
+                pass
+        sys.exit(124)
+
+    except FileNotFoundError:
+        log_error("gemini command not found in PATH")
+        log_error("Please install Gemini CLI: https://github.com/google/generative-ai-python")
+        sys.exit(127)
+
+    except KeyboardInterrupt:
+        if process is not None:
+            process.terminate()
+            try:
+                process.wait(timeout=FORCE_KILL_DELAY)
+            except subprocess.TimeoutExpired:
+                process.kill()
+        sys.exit(130)
+
+
+if __name__ == '__main__':
+    main()

tests/test_config.cover

@@ -0,0 +1,76 @@
+    1: import copy
+    1: import json
+    1: import unittest
+    1: from pathlib import Path
+       
+    1: import jsonschema
+       
+       
+    1: CONFIG_PATH = Path(__file__).resolve().parents[1] / "config.json"
+    1: SCHEMA_PATH = Path(__file__).resolve().parents[1] / "config.schema.json"
+    1: ROOT = CONFIG_PATH.parent
+       
+       
+    1: def load_config():
+           with CONFIG_PATH.open(encoding="utf-8") as f:
+               return json.load(f)
+       
+       
+    1: def load_schema():
+           with SCHEMA_PATH.open(encoding="utf-8") as f:
+               return json.load(f)
+       
+       
+    2: class ConfigSchemaTest(unittest.TestCase):
+    1:     def test_config_matches_schema(self):
+               config = load_config()
+               schema = load_schema()
+               jsonschema.validate(config, schema)
+       
+    1:     def test_required_modules_present(self):
+               modules = load_config()["modules"]
+               self.assertEqual(set(modules.keys()), {"dev", "bmad", "requirements", "essentials", "advanced"})
+       
+    1:     def test_enabled_defaults_and_flags(self):
+               modules = load_config()["modules"]
+               self.assertTrue(modules["dev"]["enabled"])
+               self.assertTrue(modules["essentials"]["enabled"])
+               self.assertFalse(modules["bmad"]["enabled"])
+               self.assertFalse(modules["requirements"]["enabled"])
+               self.assertFalse(modules["advanced"]["enabled"])
+       
+    1:     def test_operations_have_expected_shape(self):
+               config = load_config()
+               for name, module in config["modules"].items():
+                   self.assertTrue(module["operations"], f"{name} should declare at least one operation")
+                   for op in module["operations"]:
+                       self.assertIn("type", op)
+                       if op["type"] in {"copy_dir", "copy_file"}:
+                           self.assertTrue(op.get("source"), f"{name} operation missing source")
+                           self.assertTrue(op.get("target"), f"{name} operation missing target")
+                       elif op["type"] == "run_command":
+                           self.assertTrue(op.get("command"), f"{name} run_command missing command")
+                           if "env" in op:
+                               self.assertIsInstance(op["env"], dict)
+                       else:
+                           self.fail(f"Unsupported operation type: {op['type']}")
+       
+    1:     def test_operation_sources_exist_on_disk(self):
+               config = load_config()
+               for module in config["modules"].values():
+                   for op in module["operations"]:
+                       if op["type"] in {"copy_dir", "copy_file"}:
+                           path = (ROOT / op["source"]).expanduser()
+                           self.assertTrue(path.exists(), f"Source path not found: {path}")
+       
+    1:     def test_schema_rejects_invalid_operation_type(self):
+               config = load_config()
+               invalid = copy.deepcopy(config)
+               invalid["modules"]["dev"]["operations"][0]["type"] = "unknown_op"
+               schema = load_schema()
+               with self.assertRaises(jsonschema.exceptions.ValidationError):
+                   jsonschema.validate(invalid, schema)
+       
+       
+    1: if __name__ == "__main__":
+    1:     unittest.main()

tests/test_config.py

@@ -0,0 +1,76 @@
+import copy
+import json
+import unittest
+from pathlib import Path
+
+import jsonschema
+
+
+CONFIG_PATH = Path(__file__).resolve().parents[1] / "config.json"
+SCHEMA_PATH = Path(__file__).resolve().parents[1] / "config.schema.json"
+ROOT = CONFIG_PATH.parent
+
+
+def load_config():
+    with CONFIG_PATH.open(encoding="utf-8") as f:
+        return json.load(f)
+
+
+def load_schema():
+    with SCHEMA_PATH.open(encoding="utf-8") as f:
+        return json.load(f)
+
+
+class ConfigSchemaTest(unittest.TestCase):
+    def test_config_matches_schema(self):
+        config = load_config()
+        schema = load_schema()
+        jsonschema.validate(config, schema)
+
+    def test_required_modules_present(self):
+        modules = load_config()["modules"]
+        self.assertEqual(set(modules.keys()), {"dev", "bmad", "requirements", "essentials", "advanced"})
+
+    def test_enabled_defaults_and_flags(self):
+        modules = load_config()["modules"]
+        self.assertTrue(modules["dev"]["enabled"])
+        self.assertTrue(modules["essentials"]["enabled"])
+        self.assertFalse(modules["bmad"]["enabled"])
+        self.assertFalse(modules["requirements"]["enabled"])
+        self.assertFalse(modules["advanced"]["enabled"])
+
+    def test_operations_have_expected_shape(self):
+        config = load_config()
+        for name, module in config["modules"].items():
+            self.assertTrue(module["operations"], f"{name} should declare at least one operation")
+            for op in module["operations"]:
+                self.assertIn("type", op)
+                if op["type"] in {"copy_dir", "copy_file"}:
+                    self.assertTrue(op.get("source"), f"{name} operation missing source")
+                    self.assertTrue(op.get("target"), f"{name} operation missing target")
+                elif op["type"] == "run_command":
+                    self.assertTrue(op.get("command"), f"{name} run_command missing command")
+                    if "env" in op:
+                        self.assertIsInstance(op["env"], dict)
+                else:
+                    self.fail(f"Unsupported operation type: {op['type']}")
+
+    def test_operation_sources_exist_on_disk(self):
+        config = load_config()
+        for module in config["modules"].values():
+            for op in module["operations"]:
+                if op["type"] in {"copy_dir", "copy_file"}:
+                    path = (ROOT / op["source"]).expanduser()
+                    self.assertTrue(path.exists(), f"Source path not found: {path}")
+
+    def test_schema_rejects_invalid_operation_type(self):
+        config = load_config()
+        invalid = copy.deepcopy(config)
+        invalid["modules"]["dev"]["operations"][0]["type"] = "unknown_op"
+        schema = load_schema()
+        with self.assertRaises(jsonschema.exceptions.ValidationError):
+            jsonschema.validate(invalid, schema)
+
+
+if __name__ == "__main__":
+    unittest.main()

tests/test_install.py

@@ -0,0 +1,458 @@
+import json
+import os
+import shutil
+import sys
+from pathlib import Path
+
+import pytest
+
+import install
+
+
+ROOT = Path(__file__).resolve().parents[1]
+SCHEMA_PATH = ROOT / "config.schema.json"
+
+
+def write_config(tmp_path: Path, config: dict) -> Path:
+    cfg_path = tmp_path / "config.json"
+    cfg_path.write_text(json.dumps(config), encoding="utf-8")
+    shutil.copy(SCHEMA_PATH, tmp_path / "config.schema.json")
+    return cfg_path
+
+
+@pytest.fixture()
+def valid_config(tmp_path):
+    sample_file = tmp_path / "sample.txt"
+    sample_file.write_text("hello", encoding="utf-8")
+
+    sample_dir = tmp_path / "sample_dir"
+    sample_dir.mkdir()
+    (sample_dir / "f.txt").write_text("dir", encoding="utf-8")
+
+    config = {
+        "version": "1.0",
+        "install_dir": "~/.fromconfig",
+        "log_file": "install.log",
+        "modules": {
+            "dev": {
+                "enabled": True,
+                "description": "dev module",
+                "operations": [
+                    {"type": "copy_dir", "source": "sample_dir", "target": "devcopy"}
+                ],
+            },
+            "bmad": {
+                "enabled": False,
+                "description": "bmad",
+                "operations": [
+                    {"type": "copy_file", "source": "sample.txt", "target": "bmad.txt"}
+                ],
+            },
+            "requirements": {
+                "enabled": False,
+                "description": "reqs",
+                "operations": [
+                    {"type": "copy_file", "source": "sample.txt", "target": "req.txt"}
+                ],
+            },
+            "essentials": {
+                "enabled": True,
+                "description": "ess",
+                "operations": [
+                    {"type": "copy_file", "source": "sample.txt", "target": "ess.txt"}
+                ],
+            },
+            "advanced": {
+                "enabled": False,
+                "description": "adv",
+                "operations": [
+                    {"type": "copy_file", "source": "sample.txt", "target": "adv.txt"}
+                ],
+            },
+        },
+    }
+
+    cfg_path = write_config(tmp_path, config)
+    return cfg_path, config
+
+
+def make_ctx(tmp_path: Path) -> dict:
+    install_dir = tmp_path / "install"
+    return {
+        "install_dir": install_dir,
+        "log_file": install_dir / "install.log",
+        "status_file": install_dir / "installed_modules.json",
+        "config_dir": tmp_path,
+        "force": False,
+    }
+
+
+def test_parse_args_defaults():
+    args = install.parse_args([])
+    assert args.install_dir == install.DEFAULT_INSTALL_DIR
+    assert args.config == "config.json"
+    assert args.module is None
+    assert args.list_modules is False
+    assert args.force is False
+
+
+def test_parse_args_custom():
+    args = install.parse_args(
+        [
+            "--install-dir",
+            "/tmp/custom",
+            "--module",
+            "dev,bmad",
+            "--config",
+            "/tmp/cfg.json",
+            "--list-modules",
+            "--force",
+        ]
+    )
+
+    assert args.install_dir == "/tmp/custom"
+    assert args.module == "dev,bmad"
+    assert args.config == "/tmp/cfg.json"
+    assert args.list_modules is True
+    assert args.force is True
+
+
+def test_load_config_success(valid_config):
+    cfg_path, config_data = valid_config
+    loaded = install.load_config(str(cfg_path))
+    assert loaded["modules"]["dev"]["description"] == config_data["modules"]["dev"]["description"]
+
+
+def test_load_config_invalid_json(tmp_path):
+    bad = tmp_path / "bad.json"
+    bad.write_text("{broken", encoding="utf-8")
+    shutil.copy(SCHEMA_PATH, tmp_path / "config.schema.json")
+    with pytest.raises(ValueError):
+        install.load_config(str(bad))
+
+
+def test_load_config_schema_error(tmp_path):
+    cfg = tmp_path / "cfg.json"
+    cfg.write_text(json.dumps({"version": "1.0"}), encoding="utf-8")
+    shutil.copy(SCHEMA_PATH, tmp_path / "config.schema.json")
+    with pytest.raises(ValueError):
+        install.load_config(str(cfg))
+
+
+def test_resolve_paths_respects_priority(tmp_path):
+    config = {
+        "install_dir": str(tmp_path / "from_config"),
+        "log_file": "logs/install.log",
+        "modules": {},
+        "version": "1.0",
+    }
+    cfg_path = write_config(tmp_path, config)
+    args = install.parse_args(["--config", str(cfg_path)])
+
+    ctx = install.resolve_paths(config, args)
+    assert ctx["install_dir"] == (tmp_path / "from_config").resolve()
+    assert ctx["log_file"] == (tmp_path / "from_config" / "logs" / "install.log").resolve()
+    assert ctx["config_dir"] == tmp_path.resolve()
+
+    cli_args = install.parse_args(
+        ["--install-dir", str(tmp_path / "cli_dir"), "--config", str(cfg_path)]
+    )
+    ctx_cli = install.resolve_paths(config, cli_args)
+    assert ctx_cli["install_dir"] == (tmp_path / "cli_dir").resolve()
+
+
+def test_list_modules_output(valid_config, capsys):
+    _, config_data = valid_config
+    install.list_modules(config_data)
+    captured = capsys.readouterr().out
+    assert "dev" in captured
+    assert "essentials" in captured
+    assert "✓" in captured
+
+
+def test_select_modules_behaviour(valid_config):
+    _, config_data = valid_config
+
+    selected_default = install.select_modules(config_data, None)
+    assert set(selected_default.keys()) == {"dev", "essentials"}
+
+    selected_specific = install.select_modules(config_data, "bmad")
+    assert set(selected_specific.keys()) == {"bmad"}
+
+    with pytest.raises(ValueError):
+        install.select_modules(config_data, "missing")
+
+
+def test_ensure_install_dir(tmp_path, monkeypatch):
+    target = tmp_path / "install_here"
+    install.ensure_install_dir(target)
+    assert target.is_dir()
+
+    file_path = tmp_path / "conflict"
+    file_path.write_text("x", encoding="utf-8")
+    with pytest.raises(NotADirectoryError):
+        install.ensure_install_dir(file_path)
+
+    blocked = tmp_path / "blocked"
+    real_access = os.access
+
+    def fake_access(path, mode):
+        if Path(path) == blocked:
+            return False
+        return real_access(path, mode)
+
+    monkeypatch.setattr(os, "access", fake_access)
+    with pytest.raises(PermissionError):
+        install.ensure_install_dir(blocked)
+
+
+def test_op_copy_dir_respects_force(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+
+    src = tmp_path / "src"
+    src.mkdir()
+    (src / "a.txt").write_text("one", encoding="utf-8")
+
+    op = {"type": "copy_dir", "source": "src", "target": "dest"}
+    install.op_copy_dir(op, ctx)
+    target_file = ctx["install_dir"] / "dest" / "a.txt"
+    assert target_file.read_text(encoding="utf-8") == "one"
+
+    (src / "a.txt").write_text("two", encoding="utf-8")
+    install.op_copy_dir(op, ctx)
+    assert target_file.read_text(encoding="utf-8") == "one"
+
+    ctx["force"] = True
+    install.op_copy_dir(op, ctx)
+    assert target_file.read_text(encoding="utf-8") == "two"
+
+
+def test_op_copy_file_behaviour(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+
+    src = tmp_path / "file.txt"
+    src.write_text("first", encoding="utf-8")
+
+    op = {"type": "copy_file", "source": "file.txt", "target": "out/file.txt"}
+    install.op_copy_file(op, ctx)
+    dst = ctx["install_dir"] / "out" / "file.txt"
+    assert dst.read_text(encoding="utf-8") == "first"
+
+    src.write_text("second", encoding="utf-8")
+    install.op_copy_file(op, ctx)
+    assert dst.read_text(encoding="utf-8") == "first"
+
+    ctx["force"] = True
+    install.op_copy_file(op, ctx)
+    assert dst.read_text(encoding="utf-8") == "second"
+
+
+def test_op_run_command_success(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+    install.op_run_command({"type": "run_command", "command": "echo hello"}, ctx)
+    log_content = ctx["log_file"].read_text(encoding="utf-8")
+    assert "hello" in log_content
+
+
+def test_op_run_command_failure(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+    with pytest.raises(RuntimeError):
+        install.op_run_command(
+            {"type": "run_command", "command": f"{sys.executable} -c 'import sys; sys.exit(2)'"},
+            ctx,
+        )
+    log_content = ctx["log_file"].read_text(encoding="utf-8")
+    assert "returncode: 2" in log_content
+
+
+def test_execute_module_success(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+    src = tmp_path / "src.txt"
+    src.write_text("data", encoding="utf-8")
+
+    cfg = {"operations": [{"type": "copy_file", "source": "src.txt", "target": "out.txt"}]}
+    result = install.execute_module("demo", cfg, ctx)
+    assert result["status"] == "success"
+    assert (ctx["install_dir"] / "out.txt").read_text(encoding="utf-8") == "data"
+
+
+def test_execute_module_failure_logs_and_stops(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+    cfg = {"operations": [{"type": "unknown", "source": "", "target": ""}]}
+
+    with pytest.raises(ValueError):
+        install.execute_module("demo", cfg, ctx)
+
+    log_content = ctx["log_file"].read_text(encoding="utf-8")
+    assert "failed on unknown" in log_content
+
+
+def test_write_log_and_status(tmp_path):
+    ctx = make_ctx(tmp_path)
+    install.ensure_install_dir(ctx["install_dir"])
+
+    install.write_log({"level": "INFO", "message": "hello"}, ctx)
+    content = ctx["log_file"].read_text(encoding="utf-8")
+    assert "hello" in content
+
+    results = [
+        {"module": "dev", "status": "success", "operations": [], "installed_at": "ts"}
+    ]
+    install.write_status(results, ctx)
+    status_data = json.loads(ctx["status_file"].read_text(encoding="utf-8"))
+    assert status_data["modules"]["dev"]["status"] == "success"
+
+
+def test_main_success(valid_config, tmp_path):
+    cfg_path, _ = valid_config
+    install_dir = tmp_path / "install_final"
+    rc = install.main(
+        [
+            "--config",
+            str(cfg_path),
+            "--install-dir",
+            str(install_dir),
+            "--module",
+            "dev",
+        ]
+    )
+
+    assert rc == 0
+    assert (install_dir / "devcopy" / "f.txt").exists()
+    assert (install_dir / "installed_modules.json").exists()
+
+
+def test_main_failure_without_force(tmp_path):
+    cfg = {
+        "version": "1.0",
+        "install_dir": "~/.claude",
+        "log_file": "install.log",
+        "modules": {
+            "dev": {
+                "enabled": True,
+                "description": "dev",
+                "operations": [
+                    {
+                        "type": "run_command",
+                        "command": f"{sys.executable} -c 'import sys; sys.exit(3)'",
+                    }
+                ],
+            },
+            "bmad": {
+                "enabled": False,
+                "description": "bmad",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "t.txt"}
+                ],
+            },
+            "requirements": {
+                "enabled": False,
+                "description": "reqs",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "r.txt"}
+                ],
+            },
+            "essentials": {
+                "enabled": False,
+                "description": "ess",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "e.txt"}
+                ],
+            },
+            "advanced": {
+                "enabled": False,
+                "description": "adv",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "a.txt"}
+                ],
+            },
+        },
+    }
+
+    cfg_path = write_config(tmp_path, cfg)
+    install_dir = tmp_path / "fail_install"
+    rc = install.main(
+        [
+            "--config",
+            str(cfg_path),
+            "--install-dir",
+            str(install_dir),
+            "--module",
+            "dev",
+        ]
+    )
+
+    assert rc == 1
+    assert not (install_dir / "installed_modules.json").exists()
+
+
+def test_main_force_records_failure(tmp_path):
+    cfg = {
+        "version": "1.0",
+        "install_dir": "~/.claude",
+        "log_file": "install.log",
+        "modules": {
+            "dev": {
+                "enabled": True,
+                "description": "dev",
+                "operations": [
+                    {
+                        "type": "run_command",
+                        "command": f"{sys.executable} -c 'import sys; sys.exit(4)'",
+                    }
+                ],
+            },
+            "bmad": {
+                "enabled": False,
+                "description": "bmad",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "t.txt"}
+                ],
+            },
+            "requirements": {
+                "enabled": False,
+                "description": "reqs",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "r.txt"}
+                ],
+            },
+            "essentials": {
+                "enabled": False,
+                "description": "ess",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "e.txt"}
+                ],
+            },
+            "advanced": {
+                "enabled": False,
+                "description": "adv",
+                "operations": [
+                    {"type": "copy_file", "source": "s.txt", "target": "a.txt"}
+                ],
+            },
+        },
+    }
+
+    cfg_path = write_config(tmp_path, cfg)
+    install_dir = tmp_path / "force_install"
+    rc = install.main(
+        [
+            "--config",
+            str(cfg_path),
+            "--install-dir",
+            str(install_dir),
+            "--module",
+            "dev",
+            "--force",
+        ]
+    )
+
+    assert rc == 0
+    status = json.loads((install_dir / "installed_modules.json").read_text(encoding="utf-8"))
+    assert status["modules"]["dev"]["status"] == "failed"

tests/test_modules.py

@@ -0,0 +1,224 @@
+import json
+import shutil
+import sys
+from pathlib import Path
+
+import pytest
+
+import install
+
+
+ROOT = Path(__file__).resolve().parents[1]
+SCHEMA_PATH = ROOT / "config.schema.json"
+
+
+def _write_schema(target_dir: Path) -> None:
+    shutil.copy(SCHEMA_PATH, target_dir / "config.schema.json")
+
+
+def _base_config(install_dir: Path, modules: dict) -> dict:
+    return {
+        "version": "1.0",
+        "install_dir": str(install_dir),
+        "log_file": "install.log",
+        "modules": modules,
+    }
+
+
+def _prepare_env(tmp_path: Path, modules: dict) -> tuple[Path, Path, Path]:
+    """Create a temp config directory with schema and config.json."""
+
+    config_dir = tmp_path / "config"
+    install_dir = tmp_path / "install"
+    config_dir.mkdir()
+    _write_schema(config_dir)
+
+    cfg_path = config_dir / "config.json"
+    cfg_path.write_text(
+        json.dumps(_base_config(install_dir, modules)), encoding="utf-8"
+    )
+    return cfg_path, install_dir, config_dir
+
+
+def _sample_sources(config_dir: Path) -> dict:
+    sample_dir = config_dir / "sample_dir"
+    sample_dir.mkdir()
+    (sample_dir / "nested.txt").write_text("dir-content", encoding="utf-8")
+
+    sample_file = config_dir / "sample.txt"
+    sample_file.write_text("file-content", encoding="utf-8")
+
+    return {"dir": sample_dir, "file": sample_file}
+
+
+def _read_status(install_dir: Path) -> dict:
+    return json.loads((install_dir / "installed_modules.json").read_text("utf-8"))
+
+
+def test_single_module_full_flow(tmp_path):
+    cfg_path, install_dir, config_dir = _prepare_env(
+        tmp_path,
+        {
+            "solo": {
+                "enabled": True,
+                "description": "single module",
+                "operations": [
+                    {"type": "copy_dir", "source": "sample_dir", "target": "payload"},
+                    {
+                        "type": "copy_file",
+                        "source": "sample.txt",
+                        "target": "payload/sample.txt",
+                    },
+                    {
+                        "type": "run_command",
+                        "command": f"{sys.executable} -c \"from pathlib import Path; Path('run.txt').write_text('ok', encoding='utf-8')\"",
+                    },
+                ],
+            }
+        },
+    )
+
+    _sample_sources(config_dir)
+    rc = install.main(["--config", str(cfg_path), "--module", "solo"])
+
+    assert rc == 0
+    assert (install_dir / "payload" / "nested.txt").read_text(encoding="utf-8") == "dir-content"
+    assert (install_dir / "payload" / "sample.txt").read_text(encoding="utf-8") == "file-content"
+    assert (install_dir / "run.txt").read_text(encoding="utf-8") == "ok"
+
+    status = _read_status(install_dir)
+    assert status["modules"]["solo"]["status"] == "success"
+    assert len(status["modules"]["solo"]["operations"]) == 3
+
+
+def test_multi_module_install_and_status(tmp_path):
+    modules = {
+        "alpha": {
+            "enabled": True,
+            "description": "alpha",
+            "operations": [
+                {
+                    "type": "copy_file",
+                    "source": "sample.txt",
+                    "target": "alpha.txt",
+                }
+            ],
+        },
+        "beta": {
+            "enabled": True,
+            "description": "beta",
+            "operations": [
+                {
+                    "type": "copy_dir",
+                    "source": "sample_dir",
+                    "target": "beta_dir",
+                }
+            ],
+        },
+    }
+
+    cfg_path, install_dir, config_dir = _prepare_env(tmp_path, modules)
+    _sample_sources(config_dir)
+
+    rc = install.main(["--config", str(cfg_path)])
+    assert rc == 0
+
+    assert (install_dir / "alpha.txt").read_text(encoding="utf-8") == "file-content"
+    assert (install_dir / "beta_dir" / "nested.txt").exists()
+
+    status = _read_status(install_dir)
+    assert set(status["modules"].keys()) == {"alpha", "beta"}
+    assert all(mod["status"] == "success" for mod in status["modules"].values())
+
+
+def test_force_overwrites_existing_files(tmp_path):
+    modules = {
+        "forcey": {
+            "enabled": True,
+            "description": "force copy",
+            "operations": [
+                {
+                    "type": "copy_file",
+                    "source": "sample.txt",
+                    "target": "target.txt",
+                }
+            ],
+        }
+    }
+
+    cfg_path, install_dir, config_dir = _prepare_env(tmp_path, modules)
+    sources = _sample_sources(config_dir)
+
+    install.main(["--config", str(cfg_path), "--module", "forcey"])
+    assert (install_dir / "target.txt").read_text(encoding="utf-8") == "file-content"
+
+    sources["file"].write_text("new-content", encoding="utf-8")
+
+    rc = install.main(["--config", str(cfg_path), "--module", "forcey", "--force"])
+    assert rc == 0
+    assert (install_dir / "target.txt").read_text(encoding="utf-8") == "new-content"
+
+    status = _read_status(install_dir)
+    assert status["modules"]["forcey"]["status"] == "success"
+
+
+def test_failure_triggers_rollback_and_restores_status(tmp_path):
+    # First successful run to create a known-good status file.
+    ok_modules = {
+        "stable": {
+            "enabled": True,
+            "description": "stable",
+            "operations": [
+                {
+                    "type": "copy_file",
+                    "source": "sample.txt",
+                    "target": "stable.txt",
+                }
+            ],
+        }
+    }
+
+    cfg_path, install_dir, config_dir = _prepare_env(tmp_path, ok_modules)
+    _sample_sources(config_dir)
+    assert install.main(["--config", str(cfg_path)]) == 0
+    pre_status = _read_status(install_dir)
+    assert "stable" in pre_status["modules"]
+
+    # Rewrite config to introduce a failing module.
+    failing_modules = {
+        **ok_modules,
+        "broken": {
+            "enabled": True,
+            "description": "will fail",
+            "operations": [
+                {
+                    "type": "copy_file",
+                    "source": "sample.txt",
+                    "target": "broken.txt",
+                },
+                {
+                    "type": "run_command",
+                    "command": f"{sys.executable} -c 'import sys; sys.exit(5)'",
+                },
+            ],
+        },
+    }
+
+    cfg_path.write_text(
+        json.dumps(_base_config(install_dir, failing_modules)), encoding="utf-8"
+    )
+
+    rc = install.main(["--config", str(cfg_path)])
+    assert rc == 1
+
+    # The failed module's file should have been removed by rollback.
+    assert not (install_dir / "broken.txt").exists()
+    # Previously installed files remain.
+    assert (install_dir / "stable.txt").exists()
+
+    restored_status = _read_status(install_dir)
+    assert restored_status == pre_status
+
+    log_content = (install_dir / "install.log").read_text(encoding="utf-8")
+    assert "Rolling back" in log_content
+