feat: add bash devloop runtime

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -23,12 +23,12 @@ body:
     id: version
     attributes:
       label: devloop version
-      placeholder: "@satyaborg/devloop 0.1.0"
+      placeholder: "Git commit or release tag"
   - type: textarea
     id: environment
     attributes:
       label: Environment
-      description: Bun version, OS, shell, and configured coder/reviewer agents.
+      description: OS, Bash version, git version, and configured coder/reviewer agents.
   - type: textarea
     id: logs
     attributes:

.github/PULL_REQUEST_TEMPLATE.md

@@ -4,9 +4,7 @@
 
 ## Verification
 
-- [ ] `bun run typecheck`
-- [ ] `bun test`
-- [ ] `bun run package:smoke` when packaging, install docs, or release automation changes
+- [ ] `bash tests/devloop_test.sh`
 
 ## Notes
 

.github/workflows/ci.yml

@@ -11,20 +11,6 @@ permissions:
 jobs:
   test:
     runs-on: ubuntu-latest
-    env:
-      NPM_CONFIG_CACHE: ${{ runner.temp }}/devloop-npm-cache
     steps:
       - uses: actions/checkout@v6
-      - uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: latest
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 24
-          registry-url: https://registry.npmjs.org
-          package-manager-cache: false
-      - run: bun install --frozen-lockfile
-      - run: bun run typecheck
-      - run: bun test
-      - run: npm --cache "$NPM_CONFIG_CACHE" pack --dry-run --json
-      - run: bun run package:smoke
+      - run: bash tests/devloop_test.sh

.github/workflows/release.yml

@@ -18,4 +18,4 @@ jobs:
           token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json
-          # release-please-config.json sets release-type: node and CHANGELOG.md.
+          # release-please-config.json sets release metadata and CHANGELOG.md.

AGENTS.md

@@ -2,26 +2,25 @@
 
 ## Project Structure & Module Organization
 
-This is a Bun and TypeScript CLI project. Core source lives in `src/`: `cli.ts` handles command-line entry, `devloop.ts` contains the loop and parsing logic, and `tui*.ts` owns the OpenTUI interface. Tests live in `tests/` and mirror the main modules, for example `tests/devloop.test.ts` and `tests/tui-view.test.ts`. `templates/spec.md` is the starter spec copied by users, while `scripts/install.ts` installs dependencies and links the local `devloop` binary. Generated runtime output belongs under `.codex/` in target repositories and should not be committed here.
+This is a Bash CLI project. The active runtime is the root `devloop` executable. `install.sh` links it into a local bin directory, `tests/devloop_test.sh` covers the shell runtime, `skills/spec/SKILL.md` is the spec-generation prompt asset, and `templates/spec.md` is the starter spec. Generated runtime output belongs under `.codex/` in target repositories and should not be committed here.
 
 ## Build, Test, and Development Commands
 
-- `bun scripts/install.ts`: install dependencies and link `devloop` into `~/.local/bin` or `DEVLOOP_BIN_DIR`.
-- `bun test`: run the Bun test suite with coverage enabled.
-- `bun run typecheck`: run `tsc --noEmit` against `src/**/*.ts` and `tests/**/*.ts`.
-- `devloop --plain .specs/change.md`: example local CLI invocation from a target git worktree.
+- `bash tests/devloop_test.sh`: run the shell test suite.
+- `./install.sh`: link `devloop` into `~/.local/bin` or `DEVLOOP_BIN_DIR`.
+- `./devloop --plain .specs/change.md`: example local CLI invocation from a target git worktree.
 
 ## Coding Style & Naming Conventions
 
-Use strict TypeScript modules with explicit `.ts` import extensions, matching the existing `moduleResolution: "Bundler"` setup. Keep code formatted with two-space indentation, double quotes, semicolons, and small named functions. Prefer clear camelCase names for variables and functions, PascalCase for exported types, and kebab-case for branch/spec slugs such as `devloop/change`.
+Use readable Bash with small named functions, quoted expansions, explicit status handling, and portable macOS/Linux shell utilities where practical. Prefer kebab-case for branch/spec slugs such as `devloop/change`.
 
 ## Testing Guidelines
 
-Tests use `bun:test`. Name test files `*.test.ts` and keep behavior grouped with `describe` and `test`. `bunfig.toml` requires 100% line, function, and statement coverage for non-test TypeScript files, so update tests with every behavior change. For CLI behavior, prefer fixture-style tests that assert generated files, git state, status codes, and user-visible output.
+Tests use `tests/devloop_test.sh`. Keep behavior fixture-style where possible: assert generated files, git state, status codes, and user-visible output.
 
 ## Commit & Pull Request Guidelines
 
-Git history follows Conventional Commits, for example `fix: surface devloop commit failures` and `chore: cover tui view rendering`. Use concise subjects in imperative style and keep unrelated changes in separate commits. Pull requests should include a short problem summary, the implementation approach, test evidence (`bun test`, `bun run typecheck`), and screenshots or terminal captures when changing TUI behavior.
+Git history follows Conventional Commits, for example `fix: surface devloop commit failures` and `chore: cover shell runtime`. Use concise subjects in imperative style and keep unrelated changes in separate commits. Pull requests should include a short problem summary, the implementation approach, and test evidence (`bash tests/devloop_test.sh`).
 
 ## Agent-Specific Instructions
 

CONTRIBUTING.md

@@ -1,17 +1,14 @@
 # Contributing
 
-devloop is a Bun and TypeScript CLI. Keep changes narrow, typed, and covered by tests.
+devloop is a Bash CLI. Keep changes narrow, readable, and covered by shell tests.
 
 ## Local Setup
 
 ```sh
-bun scripts/install.ts
-bun run typecheck
-bun test
-bun run package:smoke
+bash tests/devloop_test.sh
 ```
 
-`bun test` is configured with 100% line, function, and statement coverage for non-test TypeScript files.
+The active executable is `./devloop`; install locally with `./install.sh`.
 
 ## Pull Requests
 
@@ -23,31 +20,6 @@ bun run package:smoke
 
 ## Release Automation
 
-Release Please manages version bumps from Conventional Commits, opens release PRs, updates `CHANGELOG.md`, and creates GitHub releases when release PRs merge. The repository uses `release-please-config.json` with the `node` release type for `@satyaborg/devloop`.
+Release Please manages version bumps from Conventional Commits, opens release PRs, updates `CHANGELOG.md`, and creates GitHub releases when release PRs merge.
 
 The release workflow can use the default GitHub token, but GitHub-token-created pull requests and releases can have workflow trigger limitations. Maintainers who need CI to run on Release Please PRs should create a fine-grained `RELEASE_PLEASE_TOKEN` with repository contents and pull request permissions, then store it as a GitHub Actions secret. The workflow falls back to the default token when that secret is absent.
-
-## npm Publishing
-
-The package is published as `@satyaborg/devloop`; the installed binary remains `devloop`.
-
-Publishing is handled by `.github/workflows/publish.yml`. It runs after the Release Please workflow completes, verifies that a matching GitHub release exists for the package version, skips versions that are already on npm, reruns typecheck/tests/package checks, and then runs `npm publish`.
-
-The publish workflow uses npm trusted publishing through GitHub Actions OIDC. It intentionally does not use a long-lived `NPM_TOKEN` or `NODE_AUTH_TOKEN`.
-
-One-time npm setup before the first automated publish:
-
-1. Ensure the `@satyaborg` npm scope is owned by the maintainer account.
-2. `@satyaborg/devloop` must be created or first-published by a maintainer as a public package if npm requires an existing package before trusted publishing can be configured.
-3. In npm package settings, add a trusted publisher for GitHub Actions.
-4. Configure owner `satyaborg`, repository `devloop`, workflow filename `publish.yml`, and allowed action `npm publish`.
-5. Leave the environment blank unless the GitHub workflow is later changed to use a protected environment.
-
-For a manual first publish, verify locally first:
-
-```sh
-bun run typecheck
-bun test
-npm --cache /private/tmp/devloop-npm-cache pack --dry-run --json
-bun run package:smoke
-```

README.md

@@ -1,36 +1,28 @@
 [![CI](https://github.com/satyaborg/devloop/actions/workflows/ci.yml/badge.svg)](https://github.com/satyaborg/devloop/actions/workflows/ci.yml)
-[![npm version](https://img.shields.io/npm/v/@satyaborg/devloop.svg)](https://www.npmjs.com/package/@satyaborg/devloop)
-[![license](https://img.shields.io/npm/l/@satyaborg/devloop.svg)](LICENSE)
-[![npm downloads](https://img.shields.io/npm/dm/@satyaborg/devloop.svg)](https://www.npmjs.com/package/@satyaborg/devloop)
+[![license](https://img.shields.io/github/license/satyaborg/devloop.svg)](LICENSE)
 
 # Devloop
 
 **Spec in. Reviewed code out.**
 
-`devloop` runs a local implementation and review loop for agent-written code.
+`devloop` is a single Bash executable that runs a local implementation and review loop for agent-written code.
 
 By default, Codex makes the change, Claude Code reviews it, and Codex retries until the work is accepted, stalled, unclear, or out of passes.
 
 ## Install
 
-Prereqs: Bun 1.2+, git, and the agent CLIs you want to use. The default pairing requires `codex` and `claude`.
+Prereqs: Bash, git, and the agent CLIs you want to use. The default pairing requires `codex` and `claude`.
 
 ```sh
-npm install -g @satyaborg/devloop
+git clone https://github.com/satyaborg/devloop.git
+cd devloop
+./install.sh
 ```
 
 Run without installing:
 
 ```sh
-bunx @satyaborg/devloop --help
-```
-
-Install from source:
-
-```sh
-git clone https://github.com/satyaborg/devloop.git
-cd devloop
-bun scripts/install.ts
+./devloop --help
 ```
 
 ## Quick Start
@@ -78,7 +70,7 @@ devloop [options] <spec.md> [max=5]
 | Option | Meaning |
 | --- | --- |
 | `--plain` | Force plain output, useful for CI |
-| `--tui` | Force the terminal UI |
+| `--tui` | Force simple terminal progress output |
 | `--coder <agent>` | Choose `codex` or `claude` for implementation |
 | `--reviewer <agent>` | Choose `codex` or `claude` for review |
 | `--report-format <format>` | Choose `html` or `markdown` |
@@ -102,13 +94,12 @@ devloop [options] <spec.md> [max=5]
 ## Development
 
 ```sh
-bun scripts/install.ts
-bun run typecheck
-bun test
-bun run package:smoke
+bash -n devloop install.sh
+./devloop --help
+DEVLOOP_BIN_DIR="$(mktemp -d)/bin" ./install.sh
 ```
 
-`bun test` enforces 100% line, function, and statement coverage for the TypeScript core.
+The supported runtime is the root [`devloop`](devloop) Bash script.
 
 ## License
 

SECURITY.md

@@ -2,7 +2,7 @@
 
 ## Security Model
 
-devloop runs local agent CLIs with broad permissions because the configured coder and reviewer need access to inspect and modify a checkout. By default, devloop creates isolated sibling git worktrees before invoking those agents, but the agents still run on your machine with your local credentials, environment variables, PATH, and filesystem permissions.
+devloop is a Bash harness that runs local agent CLIs with broad permissions because the configured coder and reviewer need access to inspect and modify a checkout. By default, devloop creates isolated sibling git worktrees before invoking those agents, but the agents still run on your machine with your local credentials, environment variables, PATH, and filesystem permissions.
 
 devloop writes `.codex/` artifacts for specs, tracks, reviews, reports, logs, and session ids. Treat those files as local development artifacts that may contain prompts, review text, command output, and repository paths.
 
@@ -18,4 +18,4 @@ If that is not available, open a minimal issue that does not include exploit det
 
 ## Supported Versions
 
-Security fixes target the latest released npm package and the `main` branch.
+Security fixes target the root `devloop` executable on the `main` branch and the latest GitHub release.