opencode-swarm 5.2.0 → 6.0.1

package/README.md

@@ -1,9 +1,9 @@
 <p align="center">
-  <img src="https://img.shields.io/badge/version-5.2.0-blue" alt="Version">
+  <img src="https://img.shields.io/badge/version-6.0.0-blue" alt="Version">
   <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
   <img src="https://img.shields.io/badge/opencode-plugin-purple" alt="OpenCode Plugin">
   <img src="https://img.shields.io/badge/agents-7-orange" alt="Agents">
-  <img src="https://img.shields.io/badge/tests-1101-brightgreen" alt="Tests">
+  <img src="https://img.shields.io/badge/tests-1188-brightgreen" alt="Tests">
 </p>
 
 <h1 align="center">🐝 OpenCode Swarm</h1>
@@ -138,15 +138,24 @@ OpenCode Swarm:
 ┌─────────────────────────────────────────────────────────────────────────┐
 │  PHASE 5: Execute (per task)                                            │
 │                                                                         │
-│   ┌─────────┐    ┌────────────┐    ┌──────────────┐                    │
-│   │ @coder  │ →  │ @reviewer  │ →  │    @test     │                    │
-│   │ 1 task  │    │ check all  │    │ write + run  │                    │
-│   └─────────┘    └────────────┘    └──────────────┘                    │
-│        │               │                   │                            │
-│        │     If REJECTED: retry    If FAIL: fix + retest               │
-│        └───────────────┘                                                │
+│   ┌─────────┐    ┌───────┐    ┌────────────┐    ┌──────────────┐       │
+│   │ @coder  │ →  │ diff  │ →  │ @reviewer  │ →  │    @test     │       │
+│   │ 1 task  │    │ tool  │    │ check all  │    │ write + run  │       │
+│   └─────────┘    └───────┘    └────────────┘    └──────────────┘       │
+│        │              │             │                   │               │
+│        │    Contract   │   If REJECTED:        If FAIL: fix            │
+│        │    changes?   │   retry from coder    + retest                │
+│        │       │       │             │                                  │
+│        │       ▼       │             ▼                                  │
+│        │  ┌─────────┐  │   ┌──────────────┐    ┌──────────────┐       │
+│        │  │@explorer│  │   │  @reviewer   │ →  │    @test     │       │
+│        │  │ impact  │  │   │ security-only│    │ adversarial  │       │
+│        │  │analysis │  │   │   (if match) │    │   (attacks)  │       │
+│        │  └─────────┘  │   └──────────────┘    └──────────────┘       │
+│        │               │                                               │
+│        └───────────────┘                                               │
 │                                                                         │
-│   Update plan.md: [x] Task complete (only if PASS)                      │
+│   Update plan.md: [x] Task complete (only after ALL gates pass)        │
 │   Next task...                                                          │
 └─────────────────────────────────────────────────────────────────────────┘
                                     │
@@ -334,6 +343,13 @@ bunx opencode-swarm uninstall --clean
 
 ## What's New
 
+### v6.0.0 — Core QA & Security Gates
+- **Dual-pass security reviewer** — After the general reviewer APPROVES, the architect automatically triggers a second security-only review pass when the changed file matches security-sensitive paths (`auth`, `crypto`, `session`, `token`, `middleware`, `api`, `security`) or the coder's output contains security keywords. Configurable via `review_passes` config.
+- **Adversarial testing** — After verification tests PASS, the test engineer is re-delegated with adversarial-only framing: attack vectors, boundary violations, and injection attempts. Pure prompt engineering, no new infrastructure.
+- **Integration impact analysis** — After the coder completes, the `diff` tool detects contract changes (exported functions, interfaces, types). If found, the explorer runs impact analysis across dependents before review begins.
+- **`diff` tool** — New agent-accessible tool providing structured git diff with numstat parsing, contract change detection, configurable base ref (`HEAD`/staged/unstaged), path filtering, and 500-line truncation.
+- **87 new tests** — 1188 total tests across 53+ files (up from 1101 in v5.2.0).
+
 ### v5.2.0 — Per-Invocation Guardrails
 - **Per-invocation budget isolation** — Guardrail limits (tool calls, duration, errors) now reset with each agent delegation. Second invocation of the same agent gets a fresh budget, preventing false circuit breaker trips in long-running projects.
 - **Architect protocol enforcement** — New mandatory QA gate rules: every coder task must go through reviewer approval + test_engineer verification before the next coder task. Protocol violations detected at runtime with warning injection.
@@ -409,7 +425,7 @@ All features are opt-in via configuration. See [Installation Guide](docs/install
 ### ✅ Quality Assurance
 | Agent | Role |
 |-------|------|
-| `reviewer` | Combined correctness + security review. The architect specifies CHECK dimensions (security, correctness, edge-cases, performance, etc.) per call. |
+| `reviewer` | Dual-pass review: correctness review first, then automatic security-only pass for security-sensitive files. The architect specifies CHECK dimensions per call. OWASP Top 10 categories built in. |
 | `critic` | Plan review gate. Reviews the architect's plan BEFORE implementation — checks completeness, feasibility, scope, dependencies, and flags AI-slop. |
 
 ---
@@ -516,6 +532,38 @@ Override limits for specific agents that need more (or less) room:
 
 Profiles merge with base config — only specified fields are overridden.
 
+### Review Passes
+
+Control the dual-pass security review behavior:
+
+```jsonc
+{
+  "review_passes": {
+    "always_security_review": false,  // default: false (only on security-sensitive files)
+    "security_globs": [               // default patterns:
+      "**/*auth*", "**/*crypto*",
+      "**/*session*", "**/*token*",
+      "**/*middleware*", "**/*api*",
+      "**/*security*"
+    ]
+  }
+}
+```
+
+Set `always_security_review: true` to run the security pass on every task, regardless of file path.
+
+### Integration Analysis
+
+Control whether contract change detection triggers impact analysis:
+
+```jsonc
+{
+  "integration_analysis": {
+    "enabled": true  // default: true
+  }
+}
+```
+
 > **Architect is exempt/unlimited by default:** The architect agent has no guardrail limits by default. To override, add a `profiles.architect` entry in your guardrails config.
 
 ### Per-Invocation Budgets
@@ -549,7 +597,7 @@ This prevents long-running projects from accumulating session-wide counters that
 | Execution | Serial (predictable) | Parallel (chaotic) | Parallel | Configurable |
 | Planning | Phased with acceptance criteria | Ad-hoc | Role-based | Graph-based |
 | Memory | Persistent `.swarm/` files | Session only | Session only | Checkpoints |
-| QA | Per-task (unified review) | Optional | Optional | Manual |
+| QA | Dual-pass per-task (review + security + adversarial) | Optional | Optional | Manual |
 | Model mixing | Per-agent configuration | Limited | Limited | Manual |
 | Resume projects | ✅ Native | ❌ | ❌ | Partial |
 | SME domains | Open-domain (any) | Generic | Generic | Generic |
@@ -561,7 +609,7 @@ This prevents long-running projects from accumulating session-wide counters that
 
 1. **Plan before code** - Documented phases with acceptance criteria
 2. **One task at a time** - Focused work, quality output
-3. **Review everything immediately** - Correctness + security review per task, not per project
+3. **Review everything immediately** - Dual-pass review (correctness + security) with adversarial testing per task
 4. **Cache SME knowledge** - Don't re-ask answered questions
 5. **Persistent memory** - `.swarm/` files survive sessions
 6. **Serial execution** - Predictable, debuggable, no race conditions
@@ -582,7 +630,7 @@ bun test
 bun test tests/unit/config/schema.test.ts
 ```
 
-1101 tests across 48 files covering config, tools, agents, hooks, commands, state, guardrails, evidence, plan schemas, circuit breaker race conditions, invocation windows, and multi-invocation isolation. Uses Bun's built-in test runner — zero additional test dependencies.
+1188 tests across 53+ files covering config, tools, agents, hooks, commands, state, guardrails, evidence, plan schemas, circuit breaker race conditions, invocation windows, multi-invocation isolation, security categories, review/integration schemas, and diff tool. Uses Bun's built-in test runner — zero additional test dependencies.
 
 ## Troubleshooting
 

package/dist/agents/index.d.ts

@@ -20,6 +20,6 @@ export { createArchitectAgent } from './architect';
 export { createCoderAgent } from './coder';
 export { createCriticAgent } from './critic';
 export { createExplorerAgent } from './explorer';
-export { createReviewerAgent } from './reviewer';
+export { createReviewerAgent, SECURITY_CATEGORIES, type SecurityCategory, } from './reviewer';
 export { createSMEAgent } from './sme';
 export { createTestEngineerAgent } from './test-engineer';

package/dist/agents/reviewer.d.ts

@@ -1,2 +1,5 @@
 import type { AgentDefinition } from './architect';
+/** OWASP Top 10 2021 categories for security-focused review passes */
+export declare const SECURITY_CATEGORIES: readonly ["broken-access-control", "cryptographic-failures", "injection", "insecure-design", "security-misconfiguration", "vulnerable-components", "auth-failures", "data-integrity-failures", "logging-monitoring-failures", "ssrf"];
+export type SecurityCategory = (typeof SECURITY_CATEGORIES)[number];
 export declare function createReviewerAgent(model: string, customPrompt?: string, customAppendPrompt?: string): AgentDefinition;

package/dist/config/loader.d.ts

@@ -13,6 +13,8 @@ export declare function deepMerge<T extends Record<string, unknown>>(base?: T, o
  * 2. Project config: <directory>/.opencode/opencode-swarm.json
  *
  * Project config takes precedence. Nested objects are deep-merged.
+ * IMPORTANT: Raw configs are merged BEFORE Zod parsing so that
+ * Zod defaults don't override explicit user values.
  */
 export declare function loadPluginConfig(directory: string): PluginConfig;
 /**

package/dist/config/schema.d.ts

@@ -128,6 +128,15 @@ export declare const SummaryConfigSchema: z.ZodObject<{
     retention_days: z.ZodDefault<z.ZodNumber>;
 }, z.core.$strip>;
 export type SummaryConfig = z.infer<typeof SummaryConfigSchema>;
+export declare const ReviewPassesConfigSchema: z.ZodObject<{
+    always_security_review: z.ZodDefault<z.ZodBoolean>;
+    security_globs: z.ZodDefault<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export type ReviewPassesConfig = z.infer<typeof ReviewPassesConfigSchema>;
+export declare const IntegrationAnalysisConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+}, z.core.$strip>;
+export type IntegrationAnalysisConfig = z.infer<typeof IntegrationAnalysisConfigSchema>;
 export declare const GuardrailsProfileSchema: z.ZodObject<{
     max_tool_calls: z.ZodOptional<z.ZodNumber>;
     max_duration_minutes: z.ZodOptional<z.ZodNumber>;
@@ -282,6 +291,14 @@ export declare const PluginConfigSchema: z.ZodObject<{
         max_stored_bytes: z.ZodDefault<z.ZodNumber>;
         retention_days: z.ZodDefault<z.ZodNumber>;
     }, z.core.$strip>>;
+    review_passes: z.ZodOptional<z.ZodObject<{
+        always_security_review: z.ZodDefault<z.ZodBoolean>;
+        security_globs: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>;
+    integration_analysis: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    _loadedFromFile: z.ZodDefault<z.ZodBoolean>;
 }, z.core.$strip>;
 export type PluginConfig = z.infer<typeof PluginConfigSchema>;
 export type { AgentName, PipelineAgentName, QAAgentName, } from './constants';

package/dist/hooks/delegation-tracker.d.ts

@@ -8,7 +8,7 @@ import type { PluginConfig } from '../config/schema';
 /**
  * Creates the chat.message hook for delegation tracking.
  */
-export declare function createDelegationTrackerHook(config: PluginConfig): (input: {
+export declare function createDelegationTrackerHook(config: PluginConfig, guardrailsEnabled?: boolean): (input: {
     sessionID: string;
     agent?: string;
 }, output: Record<string, unknown>) => Promise<void>;

package/dist/index.js

@@ -13630,6 +13630,21 @@ var SummaryConfigSchema = exports_external.object({
   max_stored_bytes: exports_external.number().min(10240).max(104857600).default(10485760),
   retention_days: exports_external.number().min(1).max(365).default(7)
 });
+var ReviewPassesConfigSchema = exports_external.object({
+  always_security_review: exports_external.boolean().default(false),
+  security_globs: exports_external.array(exports_external.string()).default([
+    "**/auth/**",
+    "**/api/**",
+    "**/crypto/**",
+    "**/security/**",
+    "**/middleware/**",
+    "**/session/**",
+    "**/token/**"
+  ])
+});
+var IntegrationAnalysisConfigSchema = exports_external.object({
+  enabled: exports_external.boolean().default(true)
+});
 var GuardrailsProfileSchema = exports_external.object({
   max_tool_calls: exports_external.number().min(0).max(1000).optional(),
   max_duration_minutes: exports_external.number().min(0).max(480).optional(),
@@ -13729,7 +13744,10 @@ var PluginConfigSchema = exports_external.object({
   context_budget: ContextBudgetConfigSchema.optional(),
   guardrails: GuardrailsConfigSchema.optional(),
   evidence: EvidenceConfigSchema.optional(),
-  summaries: SummaryConfigSchema.optional()
+  summaries: SummaryConfigSchema.optional(),
+  review_passes: ReviewPassesConfigSchema.optional(),
+  integration_analysis: IntegrationAnalysisConfigSchema.optional(),
+  _loadedFromFile: exports_external.boolean().default(false)
 });
 
 // src/config/loader.ts
@@ -13739,25 +13757,26 @@ var MAX_CONFIG_FILE_BYTES = 102400;
 function getUserConfigDir() {
   return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
 }
-function loadConfigFromPath(configPath) {
+function loadRawConfigFromPath(configPath) {
   try {
     const stats = fs.statSync(configPath);
     if (stats.size > MAX_CONFIG_FILE_BYTES) {
       console.warn(`[opencode-swarm] Config file too large (max 100 KB): ${configPath}`);
+      console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
       return null;
     }
     const content = fs.readFileSync(configPath, "utf-8");
     const rawConfig = JSON.parse(content);
-    const result = PluginConfigSchema.safeParse(rawConfig);
-    if (!result.success) {
-      console.warn(`[opencode-swarm] Invalid config at ${configPath}:`);
-      console.warn(result.error.format());
+    if (typeof rawConfig !== "object" || rawConfig === null || Array.isArray(rawConfig)) {
+      console.warn(`[opencode-swarm] Invalid config at ${configPath}: expected an object`);
+      console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
       return null;
     }
-    return result.data;
+    return rawConfig;
   } catch (error48) {
     if (error48 instanceof Error && "code" in error48 && error48.code !== "ENOENT") {
-      console.warn(`[opencode-swarm] Error reading config from ${configPath}:`, error48.message);
+      console.warn(`[opencode-swarm] \u26A0\uFE0F CONFIG LOAD FAILURE \u2014 config exists at ${configPath} but could not be loaded: ${error48.message}`);
+      console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
     }
     return null;
   }
@@ -13779,30 +13798,36 @@ function deepMergeInternal(base, override, depth) {
   }
   return result;
 }
-function deepMerge(base, override) {
-  if (!base)
-    return override;
-  if (!override)
-    return base;
-  return deepMergeInternal(base, override, 0);
-}
 function loadPluginConfig(directory) {
   const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
   const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
-  let config2 = loadConfigFromPath(userConfigPath) ?? {
-    max_iterations: 5,
-    qa_retry_limit: 3,
-    inject_phase_reminders: true
-  };
-  const projectConfig = loadConfigFromPath(projectConfigPath);
-  if (projectConfig) {
-    config2 = {
-      ...config2,
-      ...projectConfig,
-      agents: deepMerge(config2.agents, projectConfig.agents)
+  const rawUserConfig = loadRawConfigFromPath(userConfigPath);
+  const rawProjectConfig = loadRawConfigFromPath(projectConfigPath);
+  const loadedFromFile = rawUserConfig !== null || rawProjectConfig !== null;
+  let mergedRaw = rawUserConfig ?? {};
+  if (rawProjectConfig) {
+    mergedRaw = deepMergeInternal(mergedRaw, rawProjectConfig, 0);
+  }
+  const result = PluginConfigSchema.safeParse(mergedRaw);
+  if (!result.success) {
+    if (rawUserConfig) {
+      const userResult = PluginConfigSchema.safeParse(rawUserConfig);
+      if (userResult.success) {
+        console.warn("[opencode-swarm] Project config ignored due to validation errors. Using user config.");
+        return { ...userResult.data, _loadedFromFile: true };
+      }
+    }
+    console.warn("[opencode-swarm] Merged config validation failed:");
+    console.warn(result.error.format());
+    console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
+    return {
+      max_iterations: 5,
+      qa_retry_limit: 3,
+      inject_phase_reminders: true,
+      _loadedFromFile: false
     };
   }
-  return config2;
+  return { ...result.data, _loadedFromFile: loadedFromFile };
 }
 function loadAgentPrompt(agentName) {
   const promptsDir = path.join(getUserConfigDir(), "opencode", PROMPTS_DIR_NAME);
@@ -14021,17 +14046,13 @@ You THINK. Subagents DO. You have the largest context window and strongest reaso
    - If NEEDS_REVISION: Revise plan and re-submit to critic (max 2 cycles)
    - If REJECTED after 2 cycles: Escalate to user with explanation
    - ONLY AFTER critic approval: Proceed to implementation (Phase 3+)
-7. **MANDATORY QA GATE (Execute AFTER every coder task)**:
-   - Step A: {{AGENT_PREFIX}}coder completes implementation \u2192 STOP
-   - Step B: IMMEDIATELY delegate to {{AGENT_PREFIX}}reviewer with CHECK dimensions (security, correctness, edge-cases, etc.)
-   - Step C: Wait for reviewer verdict
-     - If VERDICT: REJECTED \u2192 Send FIXES back to {{AGENT_PREFIX}}coder (return to Step A)
-     - If VERDICT: APPROVED \u2192 Proceed to Step D
-   - Step D: IMMEDIATELY delegate to {{AGENT_PREFIX}}test_engineer to generate and run tests
-   - Step E: Wait for test verdict
-     - If VERDICT: FAIL \u2192 Send failure details back to {{AGENT_PREFIX}}coder (return to Step A)
-     - If VERDICT: PASS \u2192 Mark task complete, proceed to next task
-8. **NEVER skip the QA gate**: You cannot delegate to {{AGENT_PREFIX}}coder for a new task until the previous task passes BOTH reviewer approval AND test_engineer verification. The sequence is ALWAYS: coder \u2192 reviewer \u2192 test_engineer \u2192 next_coder.
+7. **MANDATORY QA GATE (Execute AFTER every coder task)** \u2014 sequence: coder \u2192 diff \u2192 review \u2192 security review \u2192 verification tests \u2192 adversarial tests \u2192 next task.
+   - After coder completes: run \`diff\` tool. If \`hasContractChanges\` is true \u2192 delegate {{AGENT_PREFIX}}explorer for integration impact analysis. BREAKING \u2192 return to coder. COMPATIBLE \u2192 proceed.
+   - Delegate {{AGENT_PREFIX}}reviewer with CHECK dimensions. REJECTED \u2192 return to coder (max {{QA_RETRY_LIMIT}} attempts). APPROVED \u2192 continue.
+   - If file matches security globs (auth, api, crypto, security, middleware, session, token) OR coder output contains security keywords \u2192 delegate {{AGENT_PREFIX}}reviewer AGAIN with security-only CHECK. REJECTED \u2192 return to coder.
+   - Delegate {{AGENT_PREFIX}}test_engineer for verification tests. FAIL \u2192 return to coder.
+   - Delegate {{AGENT_PREFIX}}test_engineer for adversarial tests (attack vectors only). FAIL \u2192 return to coder.
+   - All pass \u2192 mark task complete, proceed to next task.
 
 ## AGENTS
 
@@ -14044,6 +14065,8 @@ You THINK. Subagents DO. You have the largest context window and strongest reaso
 
 SMEs advise only. Reviewer and critic review only. None of them write code.
 
+Available Tools: diff (structured git diff with contract change detection)
+
 ## DELEGATION FORMAT
 
 All delegations use this structure:
@@ -14099,6 +14122,24 @@ PLAN: [paste the plan.md content]
 CONTEXT: [codebase summary from explorer]
 OUTPUT: VERDICT + CONFIDENCE + ISSUES + SUMMARY
 
+{{AGENT_PREFIX}}reviewer
+TASK: Security-only review of login validation
+FILE: src/auth/login.ts
+CHECK: [security-only] \u2014 evaluate against OWASP Top 10, scan for hardcoded secrets, injection vectors, insecure crypto, missing input validation
+OUTPUT: VERDICT + RISK + SECURITY ISSUES ONLY
+
+{{AGENT_PREFIX}}test_engineer
+TASK: Adversarial security testing
+FILE: src/auth/login.ts
+CONSTRAINT: ONLY attack vectors \u2014 malformed inputs, oversized payloads, injection attempts, auth bypass, boundary violations
+OUTPUT: Test file + VERDICT: PASS/FAIL
+
+{{AGENT_PREFIX}}explorer
+TASK: Integration impact analysis
+INPUT: Contract changes detected: [list from diff tool]
+OUTPUT: BREAKING CHANGES + CONSUMERS AFFECTED + VERDICT: BREAKING/COMPATIBLE
+CONSTRAINT: Read-only. grep for imports/usages of changed exports.
+
 ## WORKFLOW
 
 ### Phase 0: Resume Check
@@ -14150,15 +14191,13 @@ Delegate plan to {{AGENT_PREFIX}}critic for review BEFORE any implementation beg
 ### Phase 5: Execute
 For each task (respecting dependencies):
 
-5a. {{AGENT_PREFIX}}coder - Implement (MANDATORY)
-5b. {{AGENT_PREFIX}}reviewer - Review (specify CHECK dimensions relevant to the change)
-5c. **GATE - Check VERDICT:**
-    - **APPROVED** \u2192 Proceed to 5d
-    - **REJECTED** (attempt < {{QA_RETRY_LIMIT}}) \u2192 STOP. Send FIXES to {{AGENT_PREFIX}}coder with specific changes. Retry from 5a. Do NOT proceed to 5d.
-    - **REJECTED** (attempt {{QA_RETRY_LIMIT}}) \u2192 STOP. Escalate to user or handle directly.
-5d. {{AGENT_PREFIX}}test_engineer - Generate AND run tests (ONLY if 5c = APPROVED). Expect VERDICT: PASS/FAIL.
-5e. If test VERDICT is FAIL \u2192 Send failures to {{AGENT_PREFIX}}coder for fixes, then re-run from 5b.
-5f. Update plan.md [x], proceed to next task (ONLY if tests PASS)
+5a. {{AGENT_PREFIX}}coder - Implement
+5b. Run \`diff\` tool. If \`hasContractChanges\` \u2192 {{AGENT_PREFIX}}explorer integration analysis. BREAKING \u2192 coder retry.
+5c. {{AGENT_PREFIX}}reviewer - General review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate.
+5d. Security gate: if file matches security globs or content has security keywords \u2192 {{AGENT_PREFIX}}reviewer security-only. REJECTED \u2192 coder retry.
+5e. {{AGENT_PREFIX}}test_engineer - Verification tests. FAIL \u2192 coder retry from 5c.
+5f. {{AGENT_PREFIX}}test_engineer - Adversarial tests. FAIL \u2192 coder retry from 5c.
+5g. Update plan.md [x], proceed to next task.
 
 ### Phase 6: Phase Complete
 1. {{AGENT_PREFIX}}explorer - Rescan
@@ -16828,7 +16867,7 @@ ${originalText}`;
   };
 }
 // src/hooks/delegation-tracker.ts
-function createDelegationTrackerHook(config2) {
+function createDelegationTrackerHook(config2, guardrailsEnabled = true) {
   return async (input, _output) => {
     const now = Date.now();
     if (!input.agent || input.agent === "") {
@@ -16850,7 +16889,7 @@ function createDelegationTrackerHook(config2) {
     const isArchitect = strippedAgent === ORCHESTRATOR_NAME;
     const session = ensureAgentSession(input.sessionID, agentName);
     session.delegationActive = !isArchitect;
-    if (!isArchitect) {
+    if (!isArchitect && guardrailsEnabled) {
       beginInvocation(input.sessionID, agentName);
     }
     if (config2.hooks?.delegation_tracker === true && previousAgent && previousAgent !== agentName) {
@@ -17025,18 +17064,11 @@ function createGuardrailsHooks(config2) {
         return;
       }
       const lastMessage = messages[messages.length - 1];
-      let sessionId = lastMessage.info?.sessionID;
-      let targetWindow = sessionId ? getActiveWindow(sessionId) : undefined;
-      if (!targetWindow || !targetWindow.warningIssued && !targetWindow.hardLimitHit) {
-        for (const [id] of swarmState.agentSessions) {
-          const window = getActiveWindow(id);
-          if (window && (window.warningIssued || window.hardLimitHit)) {
-            targetWindow = window;
-            sessionId = id;
-            break;
-          }
-        }
+      const sessionId = lastMessage.info?.sessionID;
+      if (!sessionId) {
+        return;
       }
+      const targetWindow = getActiveWindow(sessionId);
       if (!targetWindow || !targetWindow.warningIssued && !targetWindow.hardLimitHit) {
         return;
       }
@@ -17244,6 +17276,12 @@ function createSystemEnhancerHook(config2, directory) {
             }
           }
           tryInject("[SWARM HINT] Large tool outputs may be auto-summarized. Use /swarm retrieve <id> to get the full content if needed.");
+          if (config2.review_passes?.always_security_review) {
+            tryInject("[SWARM CONFIG] Security review pass is MANDATORY for ALL tasks. Skip file-pattern check \u2014 always run security-only reviewer pass after general review APPROVED.");
+          }
+          if (config2.integration_analysis?.enabled === false) {
+            tryInject("[SWARM CONFIG] Integration analysis is DISABLED. Skip diff tool and integration impact analysis after coder tasks.");
+          }
           return;
         }
         const userScoringConfig = config2.context_budget?.scoring;
@@ -17323,6 +17361,28 @@ function createSystemEnhancerHook(config2, directory) {
             }
           }
         }
+        if (config2.review_passes?.always_security_review) {
+          const text = "[SWARM CONFIG] Security review pass is MANDATORY for ALL tasks. Skip file-pattern check \u2014 always run security-only reviewer pass after general review APPROVED.";
+          candidates.push({
+            id: `candidate-${idCounter++}`,
+            kind: "phase",
+            text,
+            tokens: estimateTokens(text),
+            priority: 1,
+            metadata: { contentType: "prose" }
+          });
+        }
+        if (config2.integration_analysis?.enabled === false) {
+          const text = "[SWARM CONFIG] Integration analysis is DISABLED. Skip diff tool and integration impact analysis after coder tasks.";
+          candidates.push({
+            id: `candidate-${idCounter++}`,
+            kind: "phase",
+            text,
+            tokens: estimateTokens(text),
+            priority: 1,
+            metadata: { contentType: "prose" }
+          });
+        }
         const ranked = rankCandidates(candidates, effectiveConfig);
         for (const candidate of ranked) {
           if (injectedTokens + candidate.tokens > maxInjectionTokens) {
@@ -17517,6 +17577,9 @@ function createToolSummarizerHook(config2, directory) {
     }
   };
 }
+// src/tools/diff.ts
+import { execSync } from "child_process";
+
 // node_modules/@opencode-ai/plugin/node_modules/zod/v4/classic/external.js
 var exports_external2 = {};
 __export(exports_external2, {
@@ -29837,7 +29900,149 @@ function tool(input) {
   return input;
 }
 tool.schema = exports_external2;
-
+// src/tools/diff.ts
+var MAX_DIFF_LINES = 500;
+var DIFF_TIMEOUT_MS = 30000;
+var MAX_BUFFER_BYTES = 5 * 1024 * 1024;
+var CONTRACT_PATTERNS = [
+  /^[+-]\s*export\s+(function|const|class|interface|type|enum|default)\b/,
+  /^[+-]\s*(interface|type)\s+\w+/,
+  /^[+-]\s*public\s+/,
+  /^[+-]\s*(async\s+)?function\s+\w+\s*\(/
+];
+var SAFE_REF_PATTERN = /^[a-zA-Z0-9._\-/~^@{}]+$/;
+var MAX_REF_LENGTH = 256;
+var MAX_PATH_LENGTH = 500;
+var SHELL_METACHARACTERS = /[;|&$`(){}<>!'"]/;
+function validateBase(base) {
+  if (base.length > MAX_REF_LENGTH) {
+    return `base ref exceeds maximum length of ${MAX_REF_LENGTH}`;
+  }
+  if (!SAFE_REF_PATTERN.test(base)) {
+    return "base contains invalid characters for git ref";
+  }
+  return null;
+}
+function validatePaths(paths) {
+  if (!paths)
+    return null;
+  for (const path7 of paths) {
+    if (!path7 || path7.length === 0) {
+      return "empty path not allowed";
+    }
+    if (path7.length > MAX_PATH_LENGTH) {
+      return `path exceeds maximum length of ${MAX_PATH_LENGTH}`;
+    }
+    if (SHELL_METACHARACTERS.test(path7)) {
+      return "path contains shell metacharacters";
+    }
+  }
+  return null;
+}
+var diff = tool({
+  description: "Analyze git diff for changed files, exports, interfaces, and function signatures. Returns structured output with contract change detection.",
+  args: {
+    base: tool.schema.string().optional().describe('Base ref to diff against (default: HEAD). Use "staged" for staged changes, "unstaged" for working tree changes.'),
+    paths: tool.schema.array(tool.schema.string()).optional().describe("Optional file paths to restrict diff scope.")
+  },
+  async execute(args, _context) {
+    try {
+      const base = args.base ?? "HEAD";
+      const pathSpec = args.paths?.length ? "-- " + args.paths.join(" ") : "";
+      const baseValidationError = validateBase(base);
+      if (baseValidationError) {
+        const errorResult = {
+          error: `invalid base: ${baseValidationError}`,
+          files: [],
+          contractChanges: [],
+          hasContractChanges: false
+        };
+        return JSON.stringify(errorResult, null, 2);
+      }
+      const pathsValidationError = validatePaths(args.paths);
+      if (pathsValidationError) {
+        const errorResult = {
+          error: `invalid paths: ${pathsValidationError}`,
+          files: [],
+          contractChanges: [],
+          hasContractChanges: false
+        };
+        return JSON.stringify(errorResult, null, 2);
+      }
+      let gitCmd;
+      if (base === "staged") {
+        gitCmd = "git --no-pager diff --cached";
+      } else if (base === "unstaged") {
+        gitCmd = "git --no-pager diff";
+      } else {
+        gitCmd = `git --no-pager diff ${base}`;
+      }
+      const numstatOutput = execSync(gitCmd + " --numstat " + pathSpec, {
+        encoding: "utf-8",
+        timeout: DIFF_TIMEOUT_MS
+      });
+      const fullDiffOutput = execSync(gitCmd + " -U3 " + pathSpec, {
+        encoding: "utf-8",
+        timeout: DIFF_TIMEOUT_MS,
+        maxBuffer: MAX_BUFFER_BYTES
+      });
+      const files = [];
+      const numstatLines = numstatOutput.split(`
+`);
+      for (const line of numstatLines) {
+        if (!line.trim())
+          continue;
+        const parts = line.split("\t");
+        if (parts.length >= 3) {
+          const additions = parseInt(parts[0]) || 0;
+          const deletions = parseInt(parts[1]) || 0;
+          const path7 = parts[2];
+          files.push({ path: path7, additions, deletions });
+        }
+      }
+      const contractChanges = [];
+      const diffLines = fullDiffOutput.split(`
+`);
+      let currentFile = "";
+      for (const line of diffLines) {
+        const gitLineMatch = line.match(/^diff --git.* b\/(.+)$/);
+        if (gitLineMatch) {
+          currentFile = gitLineMatch[1];
+        }
+        for (const pattern of CONTRACT_PATTERNS) {
+          if (pattern.test(line)) {
+            const trimmed = line.trim();
+            if (currentFile) {
+              contractChanges.push(`[${currentFile}] ${trimmed}`);
+            } else {
+              contractChanges.push(trimmed);
+            }
+            break;
+          }
+        }
+      }
+      const hasContractChanges = contractChanges.length > 0;
+      const fileCount = files.length;
+      const truncated = diffLines.length > MAX_DIFF_LINES;
+      const summary = truncated ? `${fileCount} files changed. Contract changes: ${hasContractChanges ? "YES" : "NO"}. (truncated to ${MAX_DIFF_LINES} lines)` : `${fileCount} files changed. Contract changes: ${hasContractChanges ? "YES" : "NO"}`;
+      const result = {
+        files,
+        contractChanges,
+        hasContractChanges,
+        summary
+      };
+      return JSON.stringify(result, null, 2);
+    } catch (e) {
+      const errorResult = {
+        error: e instanceof Error ? `git diff failed: ${e.constructor.name}` : "git diff failed: unknown error",
+        files: [],
+        contractChanges: [],
+        hasContractChanges: false
+      };
+      return JSON.stringify(errorResult, null, 2);
+    }
+  }
+});
 // src/tools/domain-detector.ts
 var DOMAIN_PATTERNS = {
   windows: [
@@ -30222,9 +30427,10 @@ var OpenCodeSwarm = async (ctx) => {
   const contextBudgetHandler = createContextBudgetHandler(config3);
   const commandHandler = createSwarmCommandHandler(ctx.directory, Object.fromEntries(agentDefinitions.map((agent) => [agent.name, agent])));
   const activityHooks = createAgentActivityHooks(config3, ctx.directory);
-  const delegationHandler = createDelegationTrackerHook(config3);
   const delegationGateHandler = createDelegationGateHook(config3);
-  const guardrailsConfig = GuardrailsConfigSchema.parse(config3.guardrails ?? {});
+  const guardrailsFallback = config3._loadedFromFile ? config3.guardrails ?? {} : { ...config3.guardrails, enabled: false };
+  const guardrailsConfig = GuardrailsConfigSchema.parse(guardrailsFallback);
+  const delegationHandler = createDelegationTrackerHook(config3, guardrailsConfig.enabled);
   const guardrailsHooks = createGuardrailsHooks(guardrailsConfig);
   const summaryConfig = SummaryConfigSchema.parse(config3.summaries ?? {});
   const toolSummarizerHook = createToolSummarizerHook(summaryConfig, ctx.directory);
@@ -30251,7 +30457,8 @@ var OpenCodeSwarm = async (ctx) => {
     tool: {
       detect_domains,
       extract_code_blocks,
-      gitingest
+      gitingest,
+      diff
     },
     config: async (opencodeConfig) => {
       if (!opencodeConfig.agent) {

package/dist/tools/diff.d.ts

@@ -0,0 +1,18 @@
+import { tool } from '@opencode-ai/plugin';
+export interface DiffResult {
+    files: Array<{
+        path: string;
+        additions: number;
+        deletions: number;
+    }>;
+    contractChanges: string[];
+    hasContractChanges: boolean;
+    summary: string;
+}
+export interface DiffErrorResult {
+    error: string;
+    files: [];
+    contractChanges: [];
+    hasContractChanges: false;
+}
+export declare const diff: ReturnType<typeof tool>;

package/dist/tools/index.d.ts

@@ -1,3 +1,4 @@
+export { type DiffErrorResult, type DiffResult, diff } from './diff';
 export { detect_domains } from './domain-detector';
 export { extract_code_blocks } from './file-extractor';
-export { gitingest, fetchGitingest, type GitingestArgs } from './gitingest';
+export { fetchGitingest, type GitingestArgs, gitingest } from './gitingest';

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "5.2.0",
+	"version": "6.0.1",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",