@desplega.ai/agent-swarm 1.94.0 → 1.95.0

package/openapi.json

@@ -2,7 +2,7 @@
   "openapi": "3.1.0",
   "info": {
     "title": "Agent Swarm API",
-    "version": "1.94.0",
+    "version": "1.95.0",
     "description": "Multi-agent orchestration API for Claude Code, Codex, and Gemini CLI. Enables task distribution, agent communication, and service discovery.\n\nMCP tools are documented separately in [MCP.md](./MCP.md)."
   },
   "servers": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@desplega.ai/agent-swarm",
-  "version": "1.94.0",
+  "version": "1.95.0",
   "description": "Multi-agent orchestration for Claude Code, Codex, Gemini CLI, and other AI coding assistants",
   "license": "MIT",
   "author": "desplega.sh <contact@desplega.sh>",
@@ -108,13 +108,14 @@
     "@ai-sdk/openai": "^3.0.41",
     "@anthropic-ai/sdk": "^0.93.0",
     "@asteasolutions/zod-to-openapi": "^8.0.0",
+    "@aws-sdk/client-bedrock": "3.1048.0",
     "@desplega.ai/business-use": "^0.4.2",
     "@desplega.ai/localtunnel": "^2.2.0",
-    "@inkjs/ui": "^2.0.0",
-    "@linear/sdk": "^77.0.0",
     "@earendil-works/pi-agent-core": "^0.79.1",
     "@earendil-works/pi-ai": "^0.79.1",
     "@earendil-works/pi-coding-agent": "^0.79.1",
+    "@inkjs/ui": "^2.0.0",
+    "@linear/sdk": "^77.0.0",
     "@modelcontextprotocol/sdk": "^1.25.1",
     "@openai/codex-sdk": "^0.139.0",
     "@opencode-ai/sdk": "^1.16.2",

package/src/be/db.ts

@@ -9437,6 +9437,7 @@ type McpServerRow = {
   headers: string | null;
   envConfigKeys: string | null;
   headerConfigKeys: string | null;
+  extraAuthorizeParams: string | null;
   authMethod: string | null;
   isEnabled: number;
   version: number;
@@ -9468,6 +9469,7 @@ function rowToMcpServer(row: McpServerRow): McpServer {
     headers: row.headers,
     envConfigKeys: row.envConfigKeys,
     headerConfigKeys: row.headerConfigKeys,
+    extraAuthorizeParams: row.extraAuthorizeParams,
     authMethod: (row.authMethod as McpServer["authMethod"]) ?? "static",
     isEnabled: row.isEnabled === 1,
     version: row.version,
@@ -9506,6 +9508,7 @@ export interface McpServerInsert {
   headers?: string;
   envConfigKeys?: string;
   headerConfigKeys?: string;
+  extraAuthorizeParams?: string;
 }
 
 export function createMcpServer(data: McpServerInsert): McpServer {
@@ -9517,9 +9520,9 @@ export function createMcpServer(data: McpServerInsert): McpServer {
       `INSERT INTO mcp_servers (
         id, name, description, scope, ownerAgentId, transport,
         command, args, url, headers,
-        envConfigKeys, headerConfigKeys,
+        envConfigKeys, headerConfigKeys, extraAuthorizeParams,
         isEnabled, version, createdAt, lastUpdatedAt
-      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, 1, ?, ?) RETURNING *`,
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1, 1, ?, ?) RETURNING *`,
     )
     .get(
       id,
@@ -9534,6 +9537,7 @@ export function createMcpServer(data: McpServerInsert): McpServer {
       data.headers ?? null,
       data.envConfigKeys ?? null,
       data.headerConfigKeys ?? null,
+      data.extraAuthorizeParams ?? null,
       now,
       now,
     );
@@ -9596,6 +9600,10 @@ export function updateMcpServer(
     sets.push("headerConfigKeys = ?");
     params.push(updates.headerConfigKeys ?? null);
   }
+  if (updates.extraAuthorizeParams !== undefined) {
+    sets.push("extraAuthorizeParams = ?");
+    params.push(updates.extraAuthorizeParams ?? null);
+  }
   if (updates.isEnabled !== undefined) {
     sets.push("isEnabled = ?");
     params.push(updates.isEnabled ? 1 : 0);
@@ -9617,6 +9625,7 @@ export function updateMcpServer(
     "headers",
     "envConfigKeys",
     "headerConfigKeys",
+    "extraAuthorizeParams",
     "transport",
   ];
   if (configFields.some((f) => (updates as Record<string, unknown>)[f] !== undefined)) {

package/src/be/migrations/094_mcp_extra_authorize_params.sql

@@ -0,0 +1,4 @@
+-- Extra OAuth authorize-request params, applied at authorize time only.
+-- JSON object string of flat string->string pairs, e.g. {"access_type":"offline","prompt":"consent"}.
+-- NULL (default) => authorize URL is unchanged from today. Provider-agnostic.
+ALTER TABLE mcp_servers ADD COLUMN extraAuthorizeParams TEXT;

package/src/be/skill-sync.ts

@@ -1,9 +1,8 @@
 /**
  * Filesystem sync for skills.
  *
- * Writes installed skills to ~/.claude/skills/<name>/SKILL.md,
- * ~/.pi/agent/skills/<name>/SKILL.md, and ~/.codex/skills/<name>/SKILL.md
- * so Claude Code, Pi, and Codex discover them natively.
+ * Writes installed skills to every local harness skill tree so Claude Code,
+ * Pi, Codex, OpenCode, and AGENTS.md-compatible adapters can discover them.
  *
  * This runs on the API side — workers call it via POST /api/skills/sync-filesystem.
  * The actual FS write logic lives in the worker-safe src/utils/skill-fs-writer.ts
@@ -13,6 +12,7 @@
 import { homedir } from "node:os";
 import {
   type SkillFsEntry,
+  type SkillHarnessTarget,
   type SkillSyncResult,
   writeSkillsToFilesystem,
 } from "../utils/skill-fs-writer";
@@ -32,7 +32,7 @@ export type { SkillSyncResult };
  */
 export function syncSkillsToFilesystem(
   agentId: string,
-  harnessType: "claude" | "pi" | "codex" | "all" = "all",
+  harnessType: SkillHarnessTarget = "all",
   homeOverride?: string,
 ): SkillSyncResult {
   const skills = getAgentSkills(agentId);

package/src/be/swarm-config-guard.ts

@@ -58,6 +58,14 @@ const VALIDATED_KEYS: Record<string, (value: unknown) => string | null> = {
     if (["true", "false", "1", "0"].includes(normalized)) return null;
     return "Invalid SWARM_USE_CLAUDE_BRIDGE value (must be one of: true, false, 1, 0)";
   },
+  // AWS credential mode for the Bedrock path on the pi harness.
+  //   sdk    — AWS SDK default credential chain (env, ~/.aws/*, SSO, IMDS, …)
+  //   bearer — explicit bearer token via AWS_BEARER_TOKEN_BEDROCK (future/Mantle)
+  // When absent the worker infers the mode from MODEL_OVERRIDE (sdk semantics).
+  BEDROCK_AUTH_MODE: (value) => {
+    if (value === "sdk" || value === "bearer") return null;
+    return "Invalid BEDROCK_AUTH_MODE value (must be one of: sdk, bearer)";
+  },
 };
 
 export function validateConfigValue(key: string, value: unknown): string | null {

package/src/commands/provider-credentials.ts

@@ -302,14 +302,20 @@ export async function validateProviderCredentials(provider: string): Promise<Liv
       }
       case "pi":
       case "opencode": {
-        // pi-mono with MODEL_OVERRIDE=amazon-bedrock/* delegates credential
-        // resolution to the AWS SDK default chain (env, ~/.aws/*, SSO, IMDS,
-        // assume-role, …). pi-ai exposes no Bedrock-specific check we could
-        // call here, and the SDK chain may issue slow IMDS network calls on
-        // non-EC2 hosts — so the live test is a presence check, mirroring the
-        // codex-OAuth pattern above. Real validation happens at the first
-        // Bedrock inference call.
-        if (provider === "pi" && env.MODEL_OVERRIDE?.toLowerCase().startsWith("amazon-bedrock/")) {
+        // For the pi Bedrock path, the real credential check is the
+        // `ListFoundationModels` probe that `checkProviderCredentials` (the
+        // `pi` dynamic-import arm) already ran.  That probe result is already
+        // in `buildCredStatusReport` — the live-test is a pass-through / no-op
+        // so we never issue a second AWS SDK call here (which would drag the
+        // SDK into the wrong binary or make slow IMDS calls on non-EC2 hosts).
+        // Bedrock mode: explicit BEDROCK_AUTH_MODE=sdk OR
+        //               absent BEDROCK_AUTH_MODE + amazon-bedrock/ MODEL_OVERRIDE prefix.
+        if (
+          provider === "pi" &&
+          (env.BEDROCK_AUTH_MODE?.toLowerCase() === "sdk" ||
+            (env.BEDROCK_AUTH_MODE === undefined &&
+              env.MODEL_OVERRIDE?.toLowerCase().startsWith("amazon-bedrock/")))
+        ) {
           return presenceCheckOk();
         }
         // Both pi-mono and opencode resolve credentials in the same order:

package/src/commands/runner.ts

@@ -436,6 +436,7 @@ const RELOADABLE_ENV_KEYS: ReadonlySet<string> = new Set([
   "MODEL_OVERRIDE",
   "AGENT_FS_SHARED_ORG_ID",
   "SWARM_USE_CLAUDE_BRIDGE",
+  "BEDROCK_AUTH_MODE",
 ]);
 
 /**

package/src/http/mcp-oauth.ts

@@ -362,6 +362,19 @@ async function prepareAuthorizeFlow(
 
   const scopes = q.scopes ? splitScopes(q.scopes) : client.scopes;
 
+  let extraParams: Record<string, string> | undefined;
+  if (server.extraAuthorizeParams) {
+    try {
+      const parsed = JSON.parse(server.extraAuthorizeParams);
+      if (parsed && typeof parsed === "object") {
+        extraParams = Object.fromEntries(Object.entries(parsed).map(([k, v]) => [k, String(v)]));
+      }
+    } catch {
+      // Malformed config must never break the authorize flow — log + ignore.
+      console.warn(`[mcp-oauth] Ignoring malformed extraAuthorizeParams for server ${mcpServerId}`);
+    }
+  }
+
   const built = await buildAuthorizeUrl({
     authorizeUrl: client.authorizeUrl,
     tokenUrl: client.tokenUrl,
@@ -369,6 +382,7 @@ async function prepareAuthorizeFlow(
     redirectUri: callbackRedirectUri(),
     scopes,
     resource: client.resourceUrl,
+    extraParams,
   });
 
   insertMcpOAuthPending({

package/src/oauth/mcp-wrapper.ts

@@ -287,7 +287,21 @@ export async function buildAuthorizeUrl(input: BuildAuthorizeInput): Promise<Bui
   url.searchParams.set("resource", input.resource);
 
   if (input.extraParams) {
+    const RESERVED = new Set([
+      "response_type",
+      "client_id",
+      "redirect_uri",
+      "scope",
+      "state",
+      "code_challenge",
+      "code_challenge_method",
+      "resource",
+    ]);
     for (const [k, v] of Object.entries(input.extraParams)) {
+      if (RESERVED.has(k.toLowerCase())) {
+        console.warn(`[mcp-oauth] extraParams key "${k}" is reserved and skipped`);
+        continue;
+      }
       url.searchParams.set(k, v);
     }
   }

package/src/providers/codex-skill-resolver.ts

@@ -63,6 +63,21 @@ export async function resolveCodexPrompt(
   prompt: string,
   skillsDir?: string,
   emit?: (event: ProviderEvent) => void,
+): Promise<string> {
+  return resolveSlashSkillPrompt(prompt, {
+    providerLabel: "codex",
+    skillsDir: skillsDir ?? defaultSkillsDir(),
+    emit,
+  });
+}
+
+export async function resolveSlashSkillPrompt(
+  prompt: string,
+  opts: {
+    providerLabel: string;
+    skillsDir: string;
+    emit?: (event: ProviderEvent) => void;
+  },
 ): Promise<string> {
   if (!prompt) {
     return prompt;
@@ -81,15 +96,14 @@ export async function resolveCodexPrompt(
 
   const commandName: string = match[1];
   const trailingArgs: string = match[2] ?? "";
-  const dir = skillsDir ?? defaultSkillsDir();
-  const skillPath = join(dir, commandName, "SKILL.md");
+  const skillPath = join(opts.skillsDir, commandName, "SKILL.md");
 
   const file = Bun.file(skillPath);
   const exists = await file.exists();
   if (!exists) {
-    emit?.({
+    opts.emit?.({
       type: "raw_stderr",
-      content: `[codex] skill resolver: SKILL.md not found for /${commandName} (looked in ${skillPath})\n`,
+      content: `[${opts.providerLabel}] skill resolver: SKILL.md not found for /${commandName} (looked in ${skillPath})\n`,
     });
     return prompt;
   }
@@ -99,17 +113,17 @@ export async function resolveCodexPrompt(
     skillContent = await file.text();
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err);
-    emit?.({
+    opts.emit?.({
       type: "raw_stderr",
-      content: `[codex] skill resolver: failed to read SKILL.md for /${commandName}: ${message}\n`,
+      content: `[${opts.providerLabel}] skill resolver: failed to read SKILL.md for /${commandName}: ${message}\n`,
     });
     return prompt;
   }
 
   if (skillContent.length > MAX_SKILL_CHARS) {
-    emit?.({
+    opts.emit?.({
       type: "raw_stderr",
-      content: `[codex] skill resolver: SKILL.md for /${commandName} exceeds ${MAX_SKILL_CHARS} chars (${skillContent.length}), truncating\n`,
+      content: `[${opts.providerLabel}] skill resolver: SKILL.md for /${commandName} exceeds ${MAX_SKILL_CHARS} chars (${skillContent.length}), truncating\n`,
     });
     skillContent = skillContent.slice(0, MAX_SKILL_CHARS);
   }

package/src/providers/opencode-adapter.ts

@@ -20,6 +20,7 @@ import {
 import { validateOpencodeCredentials } from "../utils/credentials";
 import { fetchInstalledMcpServers } from "../utils/mcp-server-fetcher";
 import { scrubSecrets } from "../utils/secret-scrubber";
+import { resolveSlashSkillPrompt } from "./codex-skill-resolver";
 import { CTX_MODE_NUDGE_EVERY } from "./ctx-mode-env";
 import { readPkgVersion } from "./harness-version";
 import type {
@@ -102,6 +103,13 @@ function isAssistantMessage(msg: unknown): msg is AssistantMessage {
 }
 
 const DOCKER_PLUGIN_PATH = "/home/worker/.config/opencode/plugins/agent-swarm.ts";
+
+function defaultOpencodeSkillsDir(): string {
+  if (process.env.OPENCODE_SKILLS_DIR) {
+    return process.env.OPENCODE_SKILLS_DIR;
+  }
+  return join(process.env.HOME ?? "/home/worker", ".opencode", "skills");
+}
 const MODEL_CACHE_REFRESH_TIMEOUT_MS = 15_000;
 
 function isOpenRouterModel(model: string | undefined): boolean {
@@ -291,6 +299,10 @@ export class OpencodeSession implements ProviderSession {
     });
   }
 
+  emitProviderEvent(event: ProviderEvent): void {
+    this.emit(event);
+  }
+
   onEvent(listener: (event: ProviderEvent) => void): void {
     const wasEmpty = this.listeners.length === 0;
     this.listeners.push(listener);
@@ -738,13 +750,19 @@ export class OpencodeAdapter implements ProviderAdapter {
 
     let promptRefreshAttempted = false;
     let promptRefreshPromise: Promise<boolean> | undefined;
+    let session: OpencodeSession | undefined;
     const sendPrompt = async () => {
+      const resolvedPrompt = await resolveSlashSkillPrompt(config.prompt, {
+        providerLabel: "opencode",
+        skillsDir: defaultOpencodeSkillsDir(),
+        emit: (event) => session?.emitProviderEvent(event),
+      });
       await client.session.prompt({
         path: { id: sessionId },
         query: { directory: config.cwd },
         body: {
           agent: agentName,
-          parts: [{ type: "text", text: config.prompt }],
+          parts: [{ type: "text", text: resolvedPrompt }],
         },
       });
     };
@@ -760,7 +778,7 @@ export class OpencodeAdapter implements ProviderAdapter {
       return await promptRefreshPromise;
     };
 
-    const session = new OpencodeSession(
+    session = new OpencodeSession(
       sessionId,
       server,
       config.model,

package/src/providers/pi-mono-adapter.ts

@@ -74,40 +74,85 @@ function modelToCredKeys(modelStr: string | undefined): string[] | null {
   return null;
 }
 
+/**
+ * Run a single `ListFoundationModels` call against the AWS Bedrock management
+ * API to verify that the active credential chain is valid for Bedrock in the
+ * configured region. Returns the client directly (callers discard the model
+ * list — only the throw/no-throw distinction is the signal).
+ *
+ * Dynamically imported so the API binary never loads `@aws-sdk/client-bedrock`.
+ * Tests inject a stub via `CredCheckOptions.bedrockProbe` instead.
+ */
+async function runBedrockSdkProbe(region: string): Promise<void> {
+  const { BedrockClient, ListFoundationModelsCommand } = await import("@aws-sdk/client-bedrock");
+  const client = new BedrockClient({ region });
+  await client.send(new ListFoundationModelsCommand({}));
+}
+
 /**
  * Pi-mono is satisfied by ANY of:
- *   1. `MODEL_OVERRIDE` selects the `amazon-bedrock` provider — credential
- *      resolution is delegated to the AWS SDK's default chain at first
- *      inference call. agent-swarm does no presence check; if creds are
- *      missing the SDK error surfaces in the session log.
+ *   1. `BEDROCK_AUTH_MODE=sdk` — or `MODEL_OVERRIDE` selects the
+ *      `amazon-bedrock` provider (prefix-inference fallback when
+ *      `BEDROCK_AUTH_MODE` is absent). A real `ListFoundationModels` probe
+ *      is issued via the AWS SDK default credential chain. Success →
+ *      `ready:true, satisfiedBy:"sdk-delegated"`; failure → `ready:false`
+ *      with a classified hint. The probe is worker-only (the pi dynamic-import
+ *      arm in `checkProviderCredentials`); the API binary never imports the SDK.
  *   2. `~/.pi/agent/auth.json` exists.
- *   3. `MODEL_OVERRIDE` is set to a provider-prefixed model — only the
- *      matching provider's key is required.
+ *   3. `MODEL_OVERRIDE` is set to a non-Bedrock provider-prefixed model — only
+ *      the matching provider's key is required.
  *   4. `MODEL_OVERRIDE` is empty / unprefixed — any one of the supported
  *      keys (ANTHROPIC_API_KEY / OPENROUTER_API_KEY / OPENAI_API_KEY) is
  *      enough.
  *
- * Bedrock is checked first so a stale `auth.json` (Anthropic / OpenRouter
- * creds from a previous login) doesn't get falsely reported as the
- * satisfying source when the model is actually going to AWS.
+ * The Bedrock branch is checked first so a stale `auth.json` (Anthropic /
+ * OpenRouter creds from a previous login) doesn't get falsely reported as
+ * the satisfying source when the model is actually going to AWS.
  */
-export function checkPiMonoCredentials(
+export async function checkPiMonoCredentials(
   env: Record<string, string | undefined>,
   opts: CredCheckOptions = {},
-): CredStatus {
-  if (env.MODEL_OVERRIDE?.toLowerCase().startsWith("amazon-bedrock/")) {
-    return {
-      ready: true,
-      missing: [],
-      satisfiedBy: "sdk-delegated",
-      hint: "AWS SDK will resolve credentials at first Bedrock call (env, ~/.aws/*, SSO, IMDS, etc.).",
-    };
+): Promise<CredStatus> {
+  // Determine Bedrock SDK mode:
+  //   - Explicit:  BEDROCK_AUTH_MODE=sdk
+  //   - Fallback:  BEDROCK_AUTH_MODE absent AND MODEL_OVERRIDE starts with
+  //                "amazon-bedrock/" (preserves today's prefix-inference semantics)
+  // BEDROCK_AUTH_MODE=bearer is declared/validated but the full bearer-token
+  // path is out of scope for PR1 — it falls through to the standard auth check.
+  const bedrockAuthMode = env.BEDROCK_AUTH_MODE?.toLowerCase();
+  const isBedrockSdk =
+    bedrockAuthMode === "sdk" ||
+    (bedrockAuthMode === undefined &&
+      env.MODEL_OVERRIDE?.toLowerCase().startsWith("amazon-bedrock/"));
+
+  if (isBedrockSdk) {
+    const region = env.AWS_REGION ?? "us-east-1";
+    const probe = opts.bedrockProbe ?? (() => runBedrockSdkProbe(region));
+    try {
+      await probe();
+      return {
+        ready: true,
+        missing: [],
+        satisfiedBy: "sdk-delegated",
+        hint: `AWS SDK credentials verified via ListFoundationModels (region: ${region}).`,
+      };
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : String(err);
+      const classification = classifyAwsSdkError(errorMessage);
+      return {
+        ready: false,
+        missing: [],
+        hint:
+          classification?.message ??
+          `AWS Bedrock credential probe failed (region: ${region}): ${errorMessage}`,
+      };
+    }
   }
 
   const homeDir = opts.homeDir ?? env.HOME ?? "/root";
-  const probe = opts.fs?.existsSync ?? existsSync;
+  const fsProbe = opts.fs?.existsSync ?? existsSync;
   const authFile = `${homeDir}/.pi/agent/auth.json`;
-  if (probe(authFile)) {
+  if (fsProbe(authFile)) {
     return { ready: true, missing: [], satisfiedBy: "file" };
   }
 

package/src/providers/types.ts

@@ -188,8 +188,20 @@ export interface CredStatus {
  * pi/opencode predicates probe the filesystem for `~/.codex/auth.json`,
  * `~/.pi/agent/auth.json`, `~/.local/share/opencode/auth.json`. Tests inject
  * a fake `fs` + `homeDir` to exercise the file-vs-env branches deterministically.
+ *
+ * `bedrockProbe` is an injectable for the Bedrock SDK probe path in
+ * `checkPiMonoCredentials`. In production it is left undefined and the
+ * function dynamically imports `@aws-sdk/client-bedrock` to run a real
+ * `ListFoundationModels` call. Tests inject a stub to avoid hitting AWS.
  */
 export interface CredCheckOptions {
   homeDir?: string;
   fs?: { existsSync(p: string): boolean };
+  /**
+   * Injectable for Bedrock SDK credential probe. When provided, called instead
+   * of the real `@aws-sdk/client-bedrock` `ListFoundationModels` call.
+   * Should throw on auth/access failure (with an AWS SDK-shaped error message)
+   * or resolve on success.
+   */
+  bedrockProbe?: () => Promise<void>;
 }