fix(guardrails): /test and /review commands should auto-allow bash for non-interactive automation

[terisuke]

Problem

/test and /review commands produce no output in non-interactive mode (opencode run --command).

Verified facts (E2E test 2026-04-06):

• commands/test.md:3 routes to agent: implement (bash: "*": ask)
• commands/review.md:3 routes to agent: review (bash: "*": deny, "git diff *": allow)
• opencode run --command test: agent attempts git status, git diff — rejected with "The user rejected permission"
• opencode run --command review: same rejection pattern
• opencode run --command plan: PASS (planner agent has explicit bash allows)
• opencode run --command investigate: PASS (investigate agent has explicit bash allows)

Root Cause

The implement agent uses bash: "*": ask, which requires interactive approval.
The review agent has bash allows but non-interactive mode may reject all tool calls regardless.
Commands that route to agents with explicit allow rules (planner, investigate) work correctly.

Proposed Fix

Create a tester agent (mode: subagent) with explicit bash allows for read-only test commands:

• git status/diff/log: allow
• bun test/npm test: allow
• edit/write: deny

Route /test to this new tester agent instead of implement.
For /review, investigate why explicit bash allows on the review agent still get rejected in non-interactive mode.

Files

• packages/guardrails/profile/commands/test.md (agent: implement -> tester)
• packages/guardrails/profile/agents/ (new: tester.md)
• packages/guardrails/profile/agents/review.md (investigate bash rejection)