@polygraph/opencode-plugin
Advanced tools
AI agent skills and subagents for Polygraph multi-repo coordination
AI agent skills and subagents for Polygraph multi-repo coordination.
Polygraph is a standalone product for coordinating changes across multiple repositories. It lets AI agents delegate work to child agents in other repos, monitor CI across repos, and manage multi-repo sessions.
The publishable Codex package now exposes an explicit installer CLI:
npx @polygraph/codex-plugin
That command copies the packaged Codex plugin into:
~/.agents/plugins/polygraph
installs the packaged custom Codex subagents into:
$CODEX_HOME/agents
updates the personal Codex marketplace at:
~/.agents/plugins/marketplace.json
so the polygraph plugin points at ./.agents/plugins/polygraph, and enables the plugin in:
$CODEX_HOME/config.toml
CODEX_HOME defaults to ~/.codex when unset.
To verify an install, run:
npx @polygraph/codex-plugin check
The publishable OpenCode package exposes the skills and subagents through OpenCode's native plugin system. Add it to opencode.json:
{
"plugin": ["@polygraph/opencode-plugin"]
}
For repeatable installs, pin the npm version:
{
"plugin": ["@polygraph/opencode-plugin@0.4.18"]
}
The plugin adds its packaged skills/ directory to OpenCode's skill paths and registers the packaged Markdown agents as subagent entries in OpenCode config during startup.
# Install dependencies
npm install
# Regenerate generated artifacts
npm run sync-artifacts
Run the Release PR GitHub Actions workflow with a version bump (patch, minor, or major).
It opens a release PR against main instead of pushing directly.
When that PR is merged, the Stage Release workflow automatically tags the release and publishes the Claude, Codex, and OpenCode npm packages.
A maintainer must then review and approve each staged package with 2FA before it is published to the live registry.
Configure each npm package's trusted publisher to allow npm stage publish from .github/workflows/publish.yml.
For the strictest release flow, do not allow direct npm publish for the trusted publisher and disallow token-based publishing after the staged workflow has been verified.
License information is defined in the package metadata.
FAQs
AI agent skills and subagents for Polygraph multi-repo coordination
The npm package @polygraph/opencode-plugin receives a total of 203 weekly downloads. As such, @polygraph/opencode-plugin popularity was classified as not popular.
We found that @polygraph/opencode-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Replit is integrating Socket Firewall into its AI-powered development experience to help protect builders from malicious open source packages.
Security News
npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.
Research
/Security News
Newer packages in this compromise use native extensions and .pth loaders to execute JavaScript stealers in developer environments.