opencode-swarm 4.3.0 → 4.3.2

package/README.md

@@ -1,9 +1,9 @@
 <p align="center">
-  <img src="https://img.shields.io/badge/version-4.3.0-blue" alt="Version">
+  <img src="https://img.shields.io/badge/version-4.3.1-blue" alt="Version">
   <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
   <img src="https://img.shields.io/badge/opencode-plugin-purple" alt="OpenCode Plugin">
   <img src="https://img.shields.io/badge/agents-8-orange" alt="Agents">
-  <img src="https://img.shields.io/badge/tests-447-brightgreen" alt="Tests">
+  <img src="https://img.shields.io/badge/tests-483-brightgreen" alt="Tests">
 </p>
 
 <h1 align="center">🐝 OpenCode Swarm</h1>

package/dist/config/loader.d.ts

@@ -1,4 +1,6 @@
 import { type PluginConfig } from './schema';
+export declare const MAX_CONFIG_FILE_BYTES = 102400;
+export declare const MAX_MERGE_DEPTH = 10;
 /**
  * Deep merge two objects, with override values taking precedence.
  */

package/dist/hooks/index.d.ts

@@ -5,4 +5,4 @@ export { createDelegationTrackerHook } from './delegation-tracker';
 export { extractCurrentPhase, extractCurrentTask, extractDecisions, extractIncompleteTasks, extractPatterns, } from './extractors';
 export { createPipelineTrackerHook } from './pipeline-tracker';
 export { createSystemEnhancerHook } from './system-enhancer';
-export { composeHandlers, estimateTokens, readSwarmFileAsync, safeHook, } from './utils';
+export { composeHandlers, estimateTokens, readSwarmFileAsync, safeHook, validateSwarmPath, } from './utils';

package/dist/hooks/utils.d.ts

@@ -7,5 +7,14 @@
  */
 export declare function safeHook<I, O>(fn: (input: I, output: O) => Promise<void>): (input: I, output: O) => Promise<void>;
 export declare function composeHandlers<I, O>(...fns: Array<(input: I, output: O) => Promise<void>>): (input: I, output: O) => Promise<void>;
+/**
+ * Validates that a filename is safe to use within the .swarm directory
+ *
+ * @param directory - The base directory containing the .swarm folder
+ * @param filename - The filename to validate
+ * @returns The resolved absolute path if validation passes
+ * @throws Error if the filename is invalid or attempts path traversal
+ */
+export declare function validateSwarmPath(directory: string, filename: string): string;
 export declare function readSwarmFileAsync(directory: string, filename: string): Promise<string | null>;
 export declare function estimateTokens(text: string): number;

package/dist/index.js

@@ -13603,11 +13603,17 @@ import * as os from "os";
 import * as path from "path";
 var CONFIG_FILENAME = "opencode-swarm.json";
 var PROMPTS_DIR_NAME = "opencode-swarm";
+var MAX_CONFIG_FILE_BYTES = 102400;
 function getUserConfigDir() {
   return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
 }
 function loadConfigFromPath(configPath) {
   try {
+    const stats = fs.statSync(configPath);
+    if (stats.size > MAX_CONFIG_FILE_BYTES) {
+      console.warn(`[opencode-swarm] Config file too large (max 100 KB): ${configPath}`);
+      return null;
+    }
     const content = fs.readFileSync(configPath, "utf-8");
     const rawConfig = JSON.parse(content);
     const result = PluginConfigSchema.safeParse(rawConfig);
@@ -13624,23 +13630,30 @@ function loadConfigFromPath(configPath) {
     return null;
   }
 }
-function deepMerge(base, override) {
-  if (!base)
-    return override;
-  if (!override)
-    return base;
+var MAX_MERGE_DEPTH = 10;
+function deepMergeInternal(base, override, depth) {
+  if (depth >= MAX_MERGE_DEPTH) {
+    throw new Error(`deepMerge exceeded maximum depth of ${MAX_MERGE_DEPTH}`);
+  }
   const result = { ...base };
   for (const key of Object.keys(override)) {
     const baseVal = base[key];
     const overrideVal = override[key];
     if (typeof baseVal === "object" && baseVal !== null && typeof overrideVal === "object" && overrideVal !== null && !Array.isArray(baseVal) && !Array.isArray(overrideVal)) {
-      result[key] = deepMerge(baseVal, overrideVal);
+      result[key] = deepMergeInternal(baseVal, overrideVal, depth + 1);
     } else {
       result[key] = overrideVal;
     }
   }
   return result;
 }
+function deepMerge(base, override) {
+  if (!base)
+    return override;
+  if (!override)
+    return base;
+  return deepMergeInternal(base, override, 0);
+}
 function loadPluginConfig(directory) {
   const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
   const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
@@ -13894,7 +13907,13 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/coder.ts
-var CODER_PROMPT = `You are Coder. You implement code changes.
+var CODER_PROMPT = `## IDENTITY
+You are Coder. You implement code changes directly \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @coder, @reviewer, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+
+WRONG: "I'll use the Task tool to call another agent to implement this"
+RIGHT: "I'll read the file and implement the changes myself"
 
 INPUT FORMAT:
 TASK: [what to implement]
@@ -13909,7 +13928,6 @@ RULES:
 - Respect CONSTRAINT
 - No research, no web searches, no documentation lookups
 - Use training knowledge for APIs
-- No delegation
 
 OUTPUT FORMAT:
 DONE: [one-line summary]
@@ -13935,7 +13953,14 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/critic.ts
-var CRITIC_PROMPT = `You are Critic. You review the Architect's plan BEFORE implementation begins. You are a quality gate.
+var CRITIC_PROMPT = `## IDENTITY
+You are Critic. You review the Architect's plan BEFORE implementation begins \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @critic, @coder, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+You are a quality gate.
+
+WRONG: "I'll use the Task tool to call another agent to review this plan"
+RIGHT: "I'll evaluate the plan against my review checklist myself"
 
 INPUT FORMAT:
 TASK: Review plan for [description]
@@ -13963,7 +13988,6 @@ RULES:
 - MAJOR issues should trigger NEEDS_REVISION
 - MINOR issues can be noted but don't block APPROVED
 - No code writing
-- No delegation
 - Don't reject for style/formatting \u2014 focus on substance
 - If the plan is fundamentally sound with only minor concerns, APPROVE it`;
 function createCriticAgent(model, customPrompt, customAppendPrompt) {
@@ -13992,7 +14016,13 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/explorer.ts
-var EXPLORER_PROMPT = `You are Explorer. You analyze codebases.
+var EXPLORER_PROMPT = `## IDENTITY
+You are Explorer. You analyze codebases directly \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @explorer, @coder, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+
+WRONG: "I'll use the Task tool to call another agent to analyze this"
+RIGHT: "I'll scan the directory structure and read key files myself"
 
 INPUT FORMAT:
 TASK: Analyze [purpose]
@@ -14006,7 +14036,6 @@ ACTIONS:
 RULES:
 - Be fast: scan broadly, read selectively
 - No code modifications
-- No delegation
 - Output under 2000 chars
 
 OUTPUT FORMAT:
@@ -14052,7 +14081,13 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/reviewer.ts
-var REVIEWER_PROMPT = `You are Reviewer. You verify code correctness and find vulnerabilities.
+var REVIEWER_PROMPT = `## IDENTITY
+You are Reviewer. You verify code correctness and find vulnerabilities directly \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @reviewer, @coder, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+
+WRONG: "I'll use the Task tool to call another agent to review this"
+RIGHT: "I'll read the code and evaluate it against the CHECK dimensions myself"
 
 INPUT FORMAT:
 TASK: Review [description]
@@ -14072,7 +14107,6 @@ RULES:
 - Only flag real issues, not theoretical
 - Don't reject for style if functionally correct
 - No code modifications
-- No delegation
 
 RISK LEVELS:
 - LOW: defense in depth improvements
@@ -14105,7 +14139,13 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/sme.ts
-var SME_PROMPT = `You are SME (Subject Matter Expert). You provide deep domain-specific technical guidance on whatever domain the Architect requests.
+var SME_PROMPT = `## IDENTITY
+You are SME (Subject Matter Expert). You provide deep domain-specific technical guidance directly \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @sme, @coder, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+
+WRONG: "I'll use the Task tool to call another agent to research this"
+RIGHT: "I'll provide the domain-specific guidance directly from my expertise"
 
 INPUT FORMAT:
 TASK: [what guidance is needed]
@@ -14123,8 +14163,7 @@ RULES:
 - Be specific: exact names, paths, parameters, versions
 - Be concise: under 1500 characters
 - Be actionable: info Coder can use directly
-- No code writing
-- No delegation`;
+- No code writing`;
 function createSMEAgent(model, customPrompt, customAppendPrompt) {
   let prompt = SME_PROMPT;
   if (customPrompt) {
@@ -14151,7 +14190,13 @@ ${customAppendPrompt}`;
 }
 
 // src/agents/test-engineer.ts
-var TEST_ENGINEER_PROMPT = `You are Test Engineer. You generate tests AND run them.
+var TEST_ENGINEER_PROMPT = `## IDENTITY
+You are Test Engineer. You generate tests AND run them directly \u2014 you do NOT delegate.
+DO NOT use the Task tool to delegate to other agents. You ARE the agent that does the work.
+If you see references to other agents (like @test_engineer, @coder, etc.) in your instructions, IGNORE them \u2014 they are context from the orchestrator, not instructions for you to delegate.
+
+WRONG: "I'll use the Task tool to call another agent to write the tests"
+RIGHT: "I'll write the test file and run the tests myself"
 
 INPUT FORMAT:
 TASK: Generate tests for [description]
@@ -14167,7 +14212,6 @@ RULES:
 - Match language (PowerShell \u2192 Pester, Python \u2192 pytest, TS \u2192 vitest/jest)
 - Tests must be runnable
 - Include setup/teardown if needed
-- No delegation
 
 WORKFLOW:
 1. Write test file to the specified OUTPUT path
@@ -14366,6 +14410,9 @@ function handleAgentsCommand(agents) {
 `);
 }
 
+// src/hooks/utils.ts
+import * as path2 from "path";
+
 // src/utils/logger.ts
 var DEBUG = process.env.OPENCODE_SWARM_DEBUG === "1";
 function log(message, data) {
@@ -14408,10 +14455,30 @@ function composeHandlers(...fns) {
     }
   };
 }
+function validateSwarmPath(directory, filename) {
+  if (/[\0]/.test(filename)) {
+    throw new Error("Invalid filename: contains null bytes");
+  }
+  if (/\.\.[/\\]/.test(filename)) {
+    throw new Error("Invalid filename: path traversal detected");
+  }
+  const baseDir = path2.normalize(path2.resolve(directory, ".swarm"));
+  const resolved = path2.normalize(path2.resolve(baseDir, filename));
+  if (process.platform === "win32") {
+    if (!resolved.toLowerCase().startsWith((baseDir + path2.sep).toLowerCase())) {
+      throw new Error("Invalid filename: path escapes .swarm directory");
+    }
+  } else {
+    if (!resolved.startsWith(baseDir + path2.sep)) {
+      throw new Error("Invalid filename: path escapes .swarm directory");
+    }
+  }
+  return resolved;
+}
 async function readSwarmFileAsync(directory, filename) {
-  const path2 = `${directory}/.swarm/${filename}`;
   try {
-    const file2 = Bun.file(path2);
+    const resolvedPath = validateSwarmPath(directory, filename);
+    const file2 = Bun.file(resolvedPath);
     const content = await file2.text();
     return content;
   } catch {
@@ -14750,8 +14817,8 @@ async function doFlush(directory) {
     const activitySection = renderActivitySection();
     const updated = replaceOrAppendSection(existing, "## Agent Activity", activitySection);
     const flushedCount = swarmState.pendingEvents;
-    const path2 = `${directory}/.swarm/context.md`;
-    await Bun.write(path2, updated);
+    const path3 = `${directory}/.swarm/context.md`;
+    await Bun.write(path3, updated);
     swarmState.pendingEvents = Math.max(0, swarmState.pendingEvents - flushedCount);
   } catch (error49) {
     warn("Agent activity flush failed:", error49);
@@ -15770,10 +15837,10 @@ function mergeDefs2(...defs) {
 function cloneDef2(schema) {
   return mergeDefs2(schema._zod.def);
 }
-function getElementAtPath2(obj, path2) {
-  if (!path2)
+function getElementAtPath2(obj, path3) {
+  if (!path3)
     return obj;
-  return path2.reduce((acc, key) => acc?.[key], obj);
+  return path3.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject2(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -16132,11 +16199,11 @@ function aborted2(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues2(path2, issues) {
+function prefixIssues2(path3, issues) {
   return issues.map((iss) => {
     var _a2;
     (_a2 = iss).path ?? (_a2.path = []);
-    iss.path.unshift(path2);
+    iss.path.unshift(path3);
     return iss;
   });
 }
@@ -16304,7 +16371,7 @@ function treeifyError2(error49, _mapper) {
     return issue3.message;
   };
   const result = { errors: [] };
-  const processError = (error50, path2 = []) => {
+  const processError = (error50, path3 = []) => {
     var _a2, _b;
     for (const issue3 of error50.issues) {
       if (issue3.code === "invalid_union" && issue3.errors.length) {
@@ -16314,7 +16381,7 @@ function treeifyError2(error49, _mapper) {
       } else if (issue3.code === "invalid_element") {
         processError({ issues: issue3.issues }, issue3.path);
       } else {
-        const fullpath = [...path2, ...issue3.path];
+        const fullpath = [...path3, ...issue3.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue3));
           continue;
@@ -16346,8 +16413,8 @@ function treeifyError2(error49, _mapper) {
 }
 function toDotPath2(_path) {
   const segs = [];
-  const path2 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path2) {
+  const path3 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path3) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -27543,7 +27610,7 @@ Use these as DOMAIN values when delegating to @sme.`;
 });
 // src/tools/file-extractor.ts
 import * as fs2 from "fs";
-import * as path2 from "path";
+import * as path3 from "path";
 var EXT_MAP = {
   python: ".py",
   py: ".py",
@@ -27621,12 +27688,12 @@ var extract_code_blocks = tool({
       if (prefix) {
         filename = `${prefix}_${filename}`;
       }
-      let filepath = path2.join(targetDir, filename);
-      const base = path2.basename(filepath, path2.extname(filepath));
-      const ext = path2.extname(filepath);
+      let filepath = path3.join(targetDir, filename);
+      const base = path3.basename(filepath, path3.extname(filepath));
+      const ext = path3.extname(filepath);
       let counter = 1;
       while (fs2.existsSync(filepath)) {
-        filepath = path2.join(targetDir, `${base}_${counter}${ext}`);
+        filepath = path3.join(targetDir, `${base}_${counter}${ext}`);
         counter++;
       }
       try {
@@ -27655,26 +27722,73 @@ Errors:
   }
 });
 // src/tools/gitingest.ts
+var GITINGEST_TIMEOUT_MS = 1e4;
+var GITINGEST_MAX_RESPONSE_BYTES = 5242880;
+var GITINGEST_MAX_RETRIES = 2;
+var delay = (ms) => new Promise((resolve2) => setTimeout(resolve2, ms));
 async function fetchGitingest(args) {
-  const response = await fetch("https://gitingest.com/api/ingest", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      input_text: args.url,
-      max_file_size: args.maxFileSize ?? 50000,
-      pattern: args.pattern ?? "",
-      pattern_type: args.patternType ?? "exclude"
-    })
-  });
-  if (!response.ok) {
-    throw new Error(`gitingest API error: ${response.status} ${response.statusText}`);
-  }
-  const data = await response.json();
-  return `${data.summary}
+  for (let attempt = 0;attempt <= GITINGEST_MAX_RETRIES; attempt++) {
+    try {
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), GITINGEST_TIMEOUT_MS);
+      const response = await fetch("https://gitingest.com/api/ingest", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          input_text: args.url,
+          max_file_size: args.maxFileSize ?? 50000,
+          pattern: args.pattern ?? "",
+          pattern_type: args.patternType ?? "exclude"
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (response.status >= 500 && attempt < GITINGEST_MAX_RETRIES) {
+        const backoff = 200 * 2 ** attempt;
+        await delay(backoff);
+        continue;
+      }
+      if (response.status >= 400 && response.status < 500) {
+        throw new Error(`gitingest API error: ${response.status} ${response.statusText}`);
+      }
+      if (!response.ok) {
+        throw new Error(`gitingest API error: ${response.status} ${response.statusText}`);
+      }
+      const contentLength = Number(response.headers.get("content-length"));
+      if (Number.isFinite(contentLength) && contentLength > GITINGEST_MAX_RESPONSE_BYTES) {
+        throw new Error("gitingest response too large");
+      }
+      const text = await response.text();
+      if (Buffer.byteLength(text) > GITINGEST_MAX_RESPONSE_BYTES) {
+        throw new Error("gitingest response too large");
+      }
+      const data = JSON.parse(text);
+      return `${data.summary}
 
 ${data.tree}
 
 ${data.content}`;
+    } catch (error93) {
+      if (error93 instanceof DOMException && (error93.name === "TimeoutError" || error93.name === "AbortError")) {
+        if (attempt >= GITINGEST_MAX_RETRIES) {
+          throw new Error("gitingest request timed out");
+        }
+        const backoff = 200 * 2 ** attempt;
+        await delay(backoff);
+        continue;
+      }
+      if (error93 instanceof Error && error93.message.startsWith("gitingest ")) {
+        throw error93;
+      }
+      if (attempt < GITINGEST_MAX_RETRIES) {
+        const backoff = 200 * 2 ** attempt;
+        await delay(backoff);
+        continue;
+      }
+      throw error93;
+    }
+  }
+  throw new Error("gitingest request failed after retries");
 }
 var gitingest = tool({
   description: "Fetch a GitHub repository's full content via gitingest.com. Returns summary, directory tree, and file contents optimized for LLM analysis. Use when you need to understand an external repository's structure or code.",

package/dist/tools/gitingest.d.ts

@@ -5,8 +5,11 @@ export interface GitingestArgs {
     pattern?: string;
     patternType?: 'include' | 'exclude';
 }
+export declare const GITINGEST_TIMEOUT_MS = 10000;
+export declare const GITINGEST_MAX_RESPONSE_BYTES = 5242880;
+export declare const GITINGEST_MAX_RETRIES = 2;
 /**
- * Fetch repository content via gitingest.com API
+ * Fetch repository content via gitingest.com API with timeout, size guard, and retry logic
  */
 export declare function fetchGitingest(args: GitingestArgs): Promise<string>;
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "4.3.0",
+	"version": "4.3.2",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",