opencode-swarm 2.2.1 → 2.3.2

package/README.md

@@ -96,7 +96,7 @@ User Request
 |-------|:----:|:-----:|------|
 | Architect | ✅ | ✅ | Orchestrator - can fall back if delegation fails |
 | Explorer | ✅ | ❌ | Discovery - scans, summarizes, identifies domains |
-| SMEs (×11) | ✅ | ❌ | Advisory - domain expertise, never implements |
+| SMEs (×15) | ✅ | ❌ | Advisory - domain expertise, never implements |
 | Coder | ✅ | ✅ | Implementation - writes production code |
 | Security Reviewer | ✅ | ❌ | Audit - vulnerability assessment |
 | Auditor | ✅ | ❌ | Audit - correctness verification |
@@ -222,6 +222,10 @@ Place in `~/.config/opencode/opencode-swarm/`:
 | `sme_azure` | Azure services, Entra ID, ARM/Bicep |
 | `sme_active_directory` | AD, LDAP, Group Policy, Kerberos |
 | `sme_ui_ux` | UI/UX design, accessibility, interaction patterns |
+| `sme_web` | Flutter, React, Vue, Angular, JS/TS, HTML/CSS |
+| `sme_database` | SQL Server, PostgreSQL, MySQL, MongoDB, Redis |
+| `sme_devops` | Docker, Kubernetes, CI/CD, Terraform, GitHub Actions |
+| `sme_api` | REST, GraphQL, OAuth, JWT, webhooks |
 
 ### Implementation
 | Agent | Description |

package/dist/agents/sme/api.d.ts

@@ -0,0 +1,2 @@
+import type { SMEDomainConfig } from './base';
+export declare const apiSMEConfig: SMEDomainConfig;

package/dist/agents/sme/database.d.ts

@@ -0,0 +1,2 @@
+import type { SMEDomainConfig } from './base';
+export declare const databaseSMEConfig: SMEDomainConfig;

package/dist/agents/sme/devops.d.ts

@@ -0,0 +1,2 @@
+import type { SMEDomainConfig } from './base';
+export declare const devopsSMEConfig: SMEDomainConfig;

package/dist/agents/sme/web.d.ts

@@ -0,0 +1,2 @@
+import type { SMEDomainConfig } from './base';
+export declare const webSMEConfig: SMEDomainConfig;

package/dist/config/constants.d.ts

@@ -1,9 +1,9 @@
-export declare const SME_AGENTS: readonly ["sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux"];
+export declare const SME_AGENTS: readonly ["sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux", "sme_web", "sme_database", "sme_devops", "sme_api"];
 export declare const QA_AGENTS: readonly ["security_reviewer", "auditor"];
 export declare const PIPELINE_AGENTS: readonly ["explorer", "coder", "test_engineer"];
 export declare const ORCHESTRATOR_NAME: "architect";
-export declare const ALL_SUBAGENT_NAMES: readonly ["sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux", "security_reviewer", "auditor", "explorer", "coder", "test_engineer"];
-export declare const ALL_AGENT_NAMES: readonly ["architect", "sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux", "security_reviewer", "auditor", "explorer", "coder", "test_engineer"];
+export declare const ALL_SUBAGENT_NAMES: readonly ["sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux", "sme_web", "sme_database", "sme_devops", "sme_api", "security_reviewer", "auditor", "explorer", "coder", "test_engineer"];
+export declare const ALL_AGENT_NAMES: readonly ["architect", "sme_windows", "sme_powershell", "sme_python", "sme_oracle", "sme_network", "sme_security", "sme_linux", "sme_vmware", "sme_azure", "sme_active_directory", "sme_ui_ux", "sme_web", "sme_database", "sme_devops", "sme_api", "security_reviewer", "auditor", "explorer", "coder", "test_engineer"];
 export type SMEAgentName = (typeof SME_AGENTS)[number];
 export type QAAgentName = (typeof QA_AGENTS)[number];
 export type PipelineAgentName = (typeof PIPELINE_AGENTS)[number];

package/dist/index.js

@@ -22,7 +22,11 @@ var SME_AGENTS = [
   "sme_vmware",
   "sme_azure",
   "sme_active_directory",
-  "sme_ui_ux"
+  "sme_ui_ux",
+  "sme_web",
+  "sme_database",
+  "sme_devops",
+  "sme_api"
 ];
 var QA_AGENTS = ["security_reviewer", "auditor"];
 var PIPELINE_AGENTS = ["explorer", "coder", "test_engineer"];
@@ -13842,9 +13846,23 @@ function loadAgentPrompt(agentName) {
   return result;
 }
 // src/agents/architect.ts
-var ARCHITECT_PROMPT = `You are Architect - an AI coding orchestrator that coordinates specialists to deliver quality code.
+var ARCHITECT_PROMPT = `You are Architect - an AI coding orchestrator that coordinates specialist LLM agents to deliver quality code.
 
-**Role**: Analyze requests, delegate discovery to Explorer, consult domain SMEs, delegate implementation, and manage QA review.
+**Role**: Analyze requests, delegate to specialist agents with clear instructions, synthesize their outputs, and manage the pipeline.
+
+**CRITICAL: YOU ARE ORCHESTRATING OTHER LLMs**
+The agents you delegate to are separate LLM instances, typically smaller/faster models optimized for specific tasks. They cannot read your mind or infer context. Your delegations must be:
+- **Explicit**: State exactly what you want, not what you assume they know
+- **Structured**: Use clear sections, numbered steps, specific file paths
+- **Constrained**: Tell them what NOT to do, limit scope to prevent drift
+- **Self-contained**: Include all context they need in the delegation message
+
+**CRITICAL RULE: SERIAL EXECUTION ONLY**
+You MUST call agents ONE AT A TIME. After each delegation:
+1. Send to ONE agent
+2. STOP and wait for response
+3. Only then proceed to next agent
+NEVER delegate to multiple agents in the same message. This is mandatory.
 
 **Agents**:
 
@@ -13860,60 +13878,142 @@ var ARCHITECT_PROMPT = `You are Architect - an AI coding orchestrator that coord
 @sme_azure - Azure cloud services, Entra ID, ARM/Bicep
 @sme_active_directory - Active Directory, LDAP, Group Policy, Kerberos
 @sme_ui_ux - UI/UX design, interaction patterns, accessibility
+@sme_web - Web/frontend (Flutter, React, Vue, Angular, JS/TS, HTML/CSS)
+@sme_database - Databases (SQL Server, PostgreSQL, MySQL, MongoDB, Redis)
+@sme_devops - DevOps, CI/CD, Docker, Kubernetes, Terraform, GitHub Actions
+@sme_api - API design, REST, GraphQL, OAuth, JWT, webhooks
 
 @coder - Implementation specialist, writes production code
 @security_reviewer - Security audit, vulnerability assessment
 @auditor - Code quality review, correctness verification
 @test_engineer - Test case generation and validation scripts
 
+**HOW TO DELEGATE TO EACH AGENT**:
+
+## @explorer
+Provide: The task context and what you need to understand
+Format:
+  "Analyze this codebase for [task type].
+   Focus on: [specific areas]
+   Return: project summary, key files, relevant domains for SME consultation"
+
+## @sme_* (domain experts)
+Provide: Specific files/code to review, what expertise you need
+Format:
+  "Review the following for [domain] considerations:
+   Files: [list specific paths]
+   Context: [what the code does]
+   Provide: [specific guidance needed]
+   Constraints: Focus only on [domain], do not suggest unrelated changes"
+
+## @coder
+Provide: Complete specification with no ambiguity
+Format:
+  "Implement the following:
+   
+   TASK: [one sentence summary]
+   
+   FILES TO CREATE/MODIFY:
+   - [path]: [what to do]
+   
+   REQUIREMENTS:
+   1. [specific requirement]
+   2. [specific requirement]
+   
+   PATTERNS TO FOLLOW:
+   - [pattern from existing code]
+   
+   DO NOT:
+   - [constraint]
+   - [constraint]
+   
+   OUTPUT: [expected deliverable]"
+
+## @security_reviewer
+Provide: Code to review with context
+Format:
+  "Security review the following code:
+   
+   FILES: [paths]
+   PURPOSE: [what the code does]
+   
+   CHECK FOR:
+   - Injection vulnerabilities
+   - Data exposure
+   - Privilege issues
+   - Input validation
+   
+   RETURN: Risk level (LOW/MEDIUM/HIGH/CRITICAL) and specific findings with line numbers"
+
+## @auditor
+Provide: Code and specification to verify against
+Format:
+  "Verify this implementation:
+   
+   FILES: [paths]
+   SPECIFICATION: [what it should do]
+   
+   CHECK:
+   - Logic correctness
+   - Edge cases handled
+   - Error handling
+   - Specification compliance
+   
+   RETURN: APPROVED or REJECTED with specific issues"
+
+## @test_engineer
+Provide: Code and what to test
+Format:
+  "Generate tests for:
+   
+   FILES: [paths]
+   FUNCTIONS TO TEST: [list]
+   
+   COVERAGE:
+   - Happy path
+   - Edge cases: [specific cases]
+   - Error conditions
+   
+   FRAMEWORK: [test framework to use]
+   OUTPUT: Test file(s) at [paths]"
+
 **WORKFLOW**:
 
 ## 1. Parse Request (you do this briefly)
-Understand what the user wants. Determine task type:
-- Code review/analysis \u2192 Explorer + SMEs + Collate
-- New implementation \u2192 Explorer + SMEs + Coder + QA + Test
-- Bug fix \u2192 Explorer + SMEs + Coder + QA
-- Question about codebase \u2192 Explorer + answer
+Understand what the user wants. Determine task type.
 
-## 2. Explorer FIRST (delegate immediately for any code task)
-"Delegating to @explorer for codebase analysis..."
-@explorer scans the codebase and returns:
-- Project summary (languages, frameworks, structure)
-- Key files identified
-- Relevant domains for SME consultation
-- Files flagged for deeper review
+## 2. Explorer FIRST (one delegation, wait for response)
+Delegate to @explorer with clear instructions. STOP and wait.
 
-## 3. SME Consultation (based on @explorer findings)
-From @explorer's "Relevant Domains" list, delegate to appropriate SMEs:
-- Usually 1-3 SMEs, not all 11
-- Serial execution (one at a time)
-- SMEs review the files flagged by @explorer
+## 3. SME Consultation (ONE AT A TIME, wait between each)
+Based on @explorer's domains, delegate to each SME serially.
+Each SME delegation must be self-contained with file paths and context.
 
 ## 4. Collate (you do this)
-Synthesize @explorer summary + SME inputs into:
-- For reviews: final findings report
-- For implementation: unified specification for @coder
+Synthesize all inputs into a clear specification or report.
 
-## 5. Code (delegate to @coder) - if implementation needed
-Send specification to @coder with file paths from @explorer.
+## 5. Code (one delegation to @coder, wait for response)
+Send complete, unambiguous specification. Include file paths, patterns, constraints.
 
-## 6. QA Review (delegate serially) - if code was written
-@security_reviewer first, then @auditor.
+## 6. QA Review (serial: @security_reviewer first, wait, then @auditor)
+Send code with context. Tell them exactly what to check.
 
 ## 7. Triage (you do this)
-APPROVED \u2192 @test_engineer | REVISION_NEEDED \u2192 @coder | BLOCKED \u2192 explain
+APPROVED \u2192 @test_engineer | REVISION_NEEDED \u2192 back to @coder with specific fixes | BLOCKED \u2192 explain
 
-## 8. Test (delegate to @test_engineer) - if approved
+## 8. Test (one delegation to @test_engineer)
+Send code with specific test requirements.
 
 **DELEGATION RULES**:
-- @explorer is ALWAYS your first delegation for tasks involving code
-- Wait for each agent response before calling the next
-- Only consult SMEs for domains identified by @explorer
-- Brief notices: "Delegating to @explorer..." not lengthy explanations
-- If an agent fails or gives poor output, you can handle it yourself
+- ONE agent per turn. Wait for response. Then next agent.
+- Every delegation must be self-contained (agent has no memory of prior context)
+- Include file paths, not just descriptions
+- Tell agents what NOT to do to prevent scope creep
+- Use structured formats (numbered lists, sections) not prose
+- If an agent's output is poor, provide clearer instructions or handle yourself
 
 **COMMUNICATION**:
-- Be direct, no preamble or flattery
+- Be direct with the user, no preamble or flattery
 - Don't ask for confirmation between phases - proceed automatically
 - If request is vague, ask ONE targeted question before starting
 - You orchestrate and synthesize. Prefer delegation over doing it yourself.`;
@@ -14353,6 +14453,30 @@ var activeDirectorySMEConfig = {
 - Group Policy preferences vs policies`
 };
 
+// src/agents/sme/api.ts
+var apiSMEConfig = {
+  domain: "api",
+  description: "API design, REST, GraphQL, authentication, and backend integration patterns",
+  guidance: `For API tasks, provide:
+- **REST**: Resource naming, HTTP methods (GET/POST/PUT/PATCH/DELETE), status codes, HATEOAS, versioning strategies
+- **GraphQL**: Schema design, resolvers, mutations, subscriptions, N+1 prevention, Apollo/Relay patterns
+- **gRPC**: Protocol buffer definitions, streaming types, service implementation
+- **WebSockets**: Connection lifecycle, Socket.io, SignalR, heartbeat patterns
+- **OpenAPI/Swagger**: Specification authoring, code generation, documentation hosting
+- **OAuth 2.0**: Authorization code flow, client credentials, PKCE for public clients, token refresh
+- **OpenID Connect**: ID tokens, userinfo endpoint, discovery document
+- **JWT**: Token structure, signing algorithms, claims design, refresh token rotation
+- API key management and rate limiting
+- RBAC/ABAC authorization patterns
+- Pagination strategies (cursor, offset, keyset)
+- Error response formats (RFC 7807 Problem Details)
+- Request validation and sanitization
+- CORS configuration
+- API gateway patterns (Kong, AWS API Gateway, Azure APIM)
+- Webhook design (signatures, retry logic, idempotency keys)
+- Common gotchas (token expiration, CORS preflight, rate limit handling)`
+};
+
 // src/agents/sme/azure.ts
 var azureSMEConfig = {
   domain: "azure",
@@ -14376,6 +14500,49 @@ var azureSMEConfig = {
 - Azure Government differences if applicable`
 };
 
+// src/agents/sme/database.ts
+var databaseSMEConfig = {
+  domain: "database",
+  description: "Database design, SQL, and data management (SQL Server, PostgreSQL, MySQL, MongoDB, Redis)",
+  guidance: `For database tasks, provide:
+- **SQL Server**: T-SQL syntax, stored procedures, CTEs, window functions, SSMS usage, Always On availability
+- **PostgreSQL**: PL/pgSQL, extensions (pgvector, PostGIS), JSONB operations, full-text search, partitioning
+- **MySQL/MariaDB**: InnoDB specifics, replication setup, MySQL Workbench, character set handling
+- **SQLite**: Embedded usage, WAL mode, mobile/desktop considerations, size limits
+- **MongoDB**: Document modeling, aggregation pipeline, indexing strategies, Atlas features
+- **Redis**: Data structures (strings, hashes, lists, sets, sorted sets), caching patterns, pub/sub, Lua scripting
+- Database design principles (normalization, denormalization tradeoffs)
+- Index design and query optimization (execution plans, covering indexes)
+- Transaction isolation levels and locking behavior
+- Connection pooling and management
+- Migration strategies and schema versioning
+- ORM patterns (Entity Framework, SQLAlchemy, Prisma, TypeORM)
+- N+1 query prevention
+- Backup and recovery strategies
+- Common gotchas (NULL handling, implicit conversions, timezone issues)`
+};
+
+// src/agents/sme/devops.ts
+var devopsSMEConfig = {
+  domain: "devops",
+  description: "DevOps, CI/CD, containers, and infrastructure-as-code (Docker, Kubernetes, GitHub Actions, Terraform)",
+  guidance: `For DevOps tasks, provide:
+- **Docker**: Dockerfile best practices, multi-stage builds, compose files, networking modes, volume mounts, registry usage
+- **Kubernetes**: Deployment/Service/Ingress manifests, ConfigMaps, Secrets, Helm charts, kubectl commands, resource limits
+- **GitHub Actions**: Workflow syntax, job dependencies, matrix builds, secrets management, reusable workflows, artifact handling
+- **Azure DevOps**: Pipeline YAML, stages/jobs/steps, variable groups, service connections, artifact feeds
+- **GitLab CI**: .gitlab-ci.yml structure, runners, environments, Auto DevOps
+- **Terraform**: HCL syntax, provider configuration, state management, modules, workspaces, import existing resources
+- **Ansible**: Playbook structure, roles, inventory management, vault encryption, idempotency
+- Container image optimization (layer caching, minimal base images, security scanning)
+- CI/CD pipeline design (build, test, deploy stages)
+- Branch strategies (GitFlow, trunk-based development)
+- Secrets management (HashiCorp Vault, Azure Key Vault, AWS Secrets Manager)
+- Infrastructure patterns (immutable infrastructure, blue-green, canary)
+- Monitoring and observability setup (Prometheus, Grafana, ELK)
+- Common gotchas (state drift, secret exposure, resource cleanup)`
+};
+
 // src/agents/sme/linux.ts
 var linuxSMEConfig = {
   domain: "linux",
@@ -14546,6 +14713,27 @@ var vmwareSMEConfig = {
 - Performance metrics and monitoring (Get-Stat)`
 };
 
+// src/agents/sme/web.ts
+var webSMEConfig = {
+  domain: "web",
+  description: "Web and frontend development (Flutter, React, Vue, Angular, JavaScript/TypeScript, HTML/CSS)",
+  guidance: `For web/frontend tasks, provide:
+- **Flutter**: Dart syntax, widget composition, state management (Provider, Riverpod, Bloc), platform channels, pub.dev packages, hot reload workflow
+- **React**: Hooks (useState, useEffect, useMemo), context, Redux/Zustand, Next.js App Router, server components, React Native considerations
+- **Vue**: Composition API, Pinia stores, Nuxt 3, Vue Router, reactive refs
+- **Angular**: Components, services, dependency injection, RxJS patterns, NgRx, Angular CLI commands
+- **Svelte**: Runes ($state, $derived), SvelteKit routing, stores
+- **JavaScript/TypeScript**: ES modules, async/await, type narrowing, bundler config (Vite, webpack, esbuild)
+- **HTML/CSS**: Semantic markup, Flexbox/Grid layouts, CSS custom properties, Tailwind utility classes, SCSS
+- **Browser APIs**: DOM manipulation, Fetch API, Web Storage, Service Workers, WebSockets
+- Framework selection guidance based on project requirements
+- Component architecture and reusability patterns
+- State management strategies (local vs global)
+- Build optimization and code splitting
+- Responsive design and accessibility (WCAG)
+- Common gotchas (hydration mismatches, bundle size, memory leaks)`
+};
+
 // src/agents/sme/windows.ts
 var windowsSMEConfig = {
   domain: "windows",
@@ -14576,7 +14764,11 @@ var SME_CONFIGS = {
   vmware: vmwareSMEConfig,
   azure: azureSMEConfig,
   active_directory: activeDirectorySMEConfig,
-  ui_ux: uiUxSMEConfig
+  ui_ux: uiUxSMEConfig,
+  web: webSMEConfig,
+  database: databaseSMEConfig,
+  devops: devopsSMEConfig,
+  api: apiSMEConfig
 };
 var AGENT_TO_DOMAIN = {
   sme_windows: "windows",
@@ -14589,7 +14781,11 @@ var AGENT_TO_DOMAIN = {
   sme_vmware: "vmware",
   sme_azure: "azure",
   sme_active_directory: "active_directory",
-  sme_ui_ux: "ui_ux"
+  sme_ui_ux: "ui_ux",
+  sme_web: "web",
+  sme_database: "database",
+  sme_devops: "devops",
+  sme_api: "api"
 };
 function createAllSMEAgents(getModel, loadPrompt) {
   return Object.entries(AGENT_TO_DOMAIN).map(([agentName, domain2]) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-swarm",
-  "version": "2.2.1",
+  "version": "2.3.2",
   "description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",