opencode-swarm 6.1.0 → 6.1.1

package/README.md

@@ -1,9 +1,9 @@
 <p align="center">
-  <img src="https://img.shields.io/badge/version-6.0.0-blue" alt="Version">
+  <img src="https://img.shields.io/badge/version-6.1.1-blue" alt="Version">
   <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
   <img src="https://img.shields.io/badge/opencode-plugin-purple" alt="OpenCode Plugin">
-  <img src="https://img.shields.io/badge/agents-7-orange" alt="Agents">
-  <img src="https://img.shields.io/badge/tests-1188-brightgreen" alt="Tests">
+  <img src="https://img.shields.io/badge/agents-9-orange" alt="Agents">
+  <img src="https://img.shields.io/badge/tests-1280-brightgreen" alt="Tests">
 </p>
 
 <h1 align="center">🐝 OpenCode Swarm</h1>
@@ -343,6 +343,17 @@ bunx opencode-swarm uninstall --clean
 
 ## What's New
 
+### v6.1.1 — Security Fix & Tech Debt
+- **Security hardening (`_loadedFromFile`)** — Fixed a critical vulnerability where an internal loader flag could be injected via JSON config to bypass guardrails. The flag is now purely internal and no longer part of the public schema.
+- **TOCTOU protection** — Added atomic-style content checks in the config loader to prevent race conditions during file reads.
+- **`retrieve_summary` tool** — Properly registered the retrieval tool, allowing agents to fetch full content from auto-summarized tool outputs.
+- **92 new tests** — 1280 total tests across 57+ files (up from 1188 in v6.0.0).
+
+### v6.1.0 — Docs & Design Agents
+- **`docs` agent** — Dedicated documentation synthesizer that automatically updates READMEs, API docs, and guides during Phase 6.
+- **`designer` agent** — UI/UX specification agent that generates component scaffolds before coding begins on UI-heavy tasks.
+- **Heterogeneous model defaults** — Updated default models for new agents to use optimized Gemini models for speed and cost.
+
 ### v6.0.0 — Core QA & Security Gates
 - **Dual-pass security reviewer** — After the general reviewer APPROVES, the architect automatically triggers a second security-only review pass when the changed file matches security-sensitive paths (`auth`, `crypto`, `session`, `token`, `middleware`, `api`, `security`) or the coder's output contains security keywords. Configurable via `review_passes` config.
 - **Adversarial testing** — After verification tests PASS, the test engineer is re-delegated with adversarial-only framing: attack vectors, boundary violations, and injection attempts. Pure prompt engineering, no new infrastructure.
@@ -411,6 +422,11 @@ All features are opt-in via configuration. See [Installation Guide](docs/install
 |-------|------|
 | `explorer` | Fast codebase scanner. Identifies structure, languages, frameworks, key files. |
 
+### 🎨 Design
+| Agent | Role |
+|-------|------|
+| `designer` | UI/UX specification agent. Generates component scaffolds and design tokens before coding begins on UI-heavy tasks. |
+
 ### 🧠 Domain Expert
 | Agent | Role |
 |-------|------|
@@ -428,6 +444,11 @@ All features are opt-in via configuration. See [Installation Guide](docs/install
 | `reviewer` | Dual-pass review: correctness review first, then automatic security-only pass for security-sensitive files. The architect specifies CHECK dimensions per call. OWASP Top 10 categories built in. |
 | `critic` | Plan review gate. Reviews the architect's plan BEFORE implementation — checks completeness, feasibility, scope, dependencies, and flags AI-slop. |
 
+### 📝 Documentation
+| Agent | Role |
+|-------|------|
+| `docs` | Documentation synthesizer. Automatically updates READMEs, API docs, and guides based on implementation changes during Phase 6. |
+
 ---
 
 ## Slash Commands
@@ -462,7 +483,9 @@ Create `~/.config/opencode/opencode-swarm.json`:
     "sme": { "model": "google/gemini-2.0-flash" },
     "reviewer": { "model": "openai/gpt-4o" },
     "critic": { "model": "google/gemini-2.0-flash" },
-    "test_engineer": { "model": "google/gemini-2.0-flash" }
+    "test_engineer": { "model": "google/gemini-2.0-flash" },
+    "docs": { "model": "google/gemini-2.0-flash" },
+    "designer": { "model": "google/gemini-2.0-flash" }
   }
 }
 ```
@@ -630,7 +653,7 @@ bun test
 bun test tests/unit/config/schema.test.ts
 ```
 
-1188 tests across 53+ files covering config, tools, agents, hooks, commands, state, guardrails, evidence, plan schemas, circuit breaker race conditions, invocation windows, multi-invocation isolation, security categories, review/integration schemas, and diff tool. Uses Bun's built-in test runner — zero additional test dependencies.
+1280 tests across 57+ files covering config, tools, agents, hooks, commands, state, guardrails, evidence, plan schemas, circuit breaker race conditions, invocation windows, multi-invocation isolation, security categories, review/integration schemas, and diff tool. Uses Bun's built-in test runner — zero additional test dependencies.
 
 ## Troubleshooting
 

package/dist/config/evidence-schema.d.ts

@@ -55,8 +55,8 @@ export declare const ReviewEvidenceSchema: z.ZodObject<{
     metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
     type: z.ZodLiteral<"review">;
     risk: z.ZodEnum<{
-        medium: "medium";
         low: "low";
+        medium: "medium";
         high: "high";
         critical: "critical";
     }>;
@@ -162,8 +162,8 @@ export declare const EvidenceSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
     type: z.ZodLiteral<"review">;
     risk: z.ZodEnum<{
-        medium: "medium";
         low: "low";
+        medium: "medium";
         high: "high";
         critical: "critical";
     }>;
@@ -264,8 +264,8 @@ export declare const EvidenceBundleSchema: z.ZodObject<{
         metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
         type: z.ZodLiteral<"review">;
         risk: z.ZodEnum<{
-            medium: "medium";
             low: "low";
+            medium: "medium";
             high: "high";
             critical: "critical";
         }>;

package/dist/config/index.d.ts

@@ -1,9 +1,9 @@
 export type { AgentName, PipelineAgentName, QAAgentName, } from './constants';
 export { ALL_AGENT_NAMES, ALL_SUBAGENT_NAMES, DEFAULT_MODELS, isQAAgent, isSubagent, ORCHESTRATOR_NAME, PIPELINE_AGENTS, QA_AGENTS, } from './constants';
-export { loadAgentPrompt, loadPluginConfig, } from './loader';
-export type { MigrationStatus, Phase, PhaseStatus, Plan, Task, TaskSize, TaskStatus, } from './plan-schema';
-export { MigrationStatusSchema, PhaseSchema, PhaseStatusSchema, PlanSchema, TaskSchema, TaskSizeSchema, TaskStatusSchema, } from './plan-schema';
 export type { ApprovalEvidence, BaseEvidence, DiffEvidence, Evidence, EvidenceBundle, EvidenceType, EvidenceVerdict, NoteEvidence, ReviewEvidence, TestEvidence, } from './evidence-schema';
 export { ApprovalEvidenceSchema, BaseEvidenceSchema, DiffEvidenceSchema, EVIDENCE_MAX_JSON_BYTES, EVIDENCE_MAX_PATCH_BYTES, EVIDENCE_MAX_TASK_BYTES, EvidenceBundleSchema, EvidenceSchema, EvidenceTypeSchema, EvidenceVerdictSchema, NoteEvidenceSchema, ReviewEvidenceSchema, TestEvidenceSchema, } from './evidence-schema';
+export { loadAgentPrompt, loadPluginConfig, loadPluginConfigWithMeta, } from './loader';
+export type { MigrationStatus, Phase, PhaseStatus, Plan, Task, TaskSize, TaskStatus, } from './plan-schema';
+export { MigrationStatusSchema, PhaseSchema, PhaseStatusSchema, PlanSchema, TaskSchema, TaskSizeSchema, TaskStatusSchema, } from './plan-schema';
 export type { AgentOverrideConfig, PluginConfig, SwarmConfig, } from './schema';
 export { AgentOverrideConfigSchema, PluginConfigSchema, SwarmConfigSchema, } from './schema';

package/dist/config/loader.d.ts

@@ -1,10 +1,6 @@
 import { type PluginConfig } from './schema';
 export declare const MAX_CONFIG_FILE_BYTES = 102400;
-export declare const MAX_MERGE_DEPTH = 10;
-/**
- * Deep merge two objects, with override values taking precedence.
- */
-export declare function deepMerge<T extends Record<string, unknown>>(base?: T, override?: T): T | undefined;
+export { deepMerge, MAX_MERGE_DEPTH } from '../utils/merge';
 /**
  * Load plugin configuration from user and project config files.
  *
@@ -17,6 +13,15 @@ export declare function deepMerge<T extends Record<string, unknown>>(base?: T, o
  * Zod defaults don't override explicit user values.
  */
 export declare function loadPluginConfig(directory: string): PluginConfig;
+/**
+ * Internal variant of loadPluginConfig that also returns loader metadata.
+ * Used only by src/index.ts to determine guardrails fallback behavior.
+ * NOT part of the public API — use loadPluginConfig() for all other callers.
+ */
+export declare function loadPluginConfigWithMeta(directory: string): {
+    config: PluginConfig;
+    loadedFromFile: boolean;
+};
 /**
  * Load custom prompt for an agent from the prompts directory.
  * Checks for {agent}.md (replaces default) and {agent}_append.md (appends).

package/dist/config/plan-schema.d.ts

@@ -7,8 +7,8 @@ export declare const TaskStatusSchema: z.ZodEnum<{
 }>;
 export type TaskStatus = z.infer<typeof TaskStatusSchema>;
 export declare const TaskSizeSchema: z.ZodEnum<{
-    small: "small";
     medium: "medium";
+    small: "small";
     large: "large";
 }>;
 export type TaskSize = z.infer<typeof TaskSizeSchema>;
@@ -35,8 +35,8 @@ export declare const TaskSchema: z.ZodObject<{
         blocked: "blocked";
     }>>;
     size: z.ZodDefault<z.ZodEnum<{
-        small: "small";
         medium: "medium";
+        small: "small";
         large: "large";
     }>>;
     description: z.ZodString;
@@ -66,8 +66,8 @@ export declare const PhaseSchema: z.ZodObject<{
             blocked: "blocked";
         }>>;
         size: z.ZodDefault<z.ZodEnum<{
-            small: "small";
             medium: "medium";
+            small: "small";
             large: "large";
         }>>;
         description: z.ZodString;
@@ -103,8 +103,8 @@ export declare const PlanSchema: z.ZodObject<{
                 blocked: "blocked";
             }>>;
             size: z.ZodDefault<z.ZodEnum<{
-                small: "small";
                 medium: "medium";
+                small: "small";
                 large: "large";
             }>>;
             description: z.ZodString;

package/dist/config/schema.d.ts

@@ -318,7 +318,6 @@ export declare const PluginConfigSchema: z.ZodObject<{
         trigger_paths: z.ZodDefault<z.ZodArray<z.ZodString>>;
         trigger_keywords: z.ZodDefault<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
-    _loadedFromFile: z.ZodDefault<z.ZodBoolean>;
 }, z.core.$strip>;
 export type PluginConfig = z.infer<typeof PluginConfigSchema>;
 export type { AgentName, PipelineAgentName, QAAgentName, } from './constants';

package/dist/index.js

@@ -26,11 +26,83 @@ var __export = (target, all) => {
 };
 var __require = import.meta.require;
 
-// src/config/loader.ts
-import * as fs from "fs";
-import * as os from "os";
-import * as path from "path";
+// src/utils/merge.ts
+var MAX_MERGE_DEPTH = 10;
+function deepMergeInternal(base, override, depth) {
+  if (depth >= MAX_MERGE_DEPTH) {
+    throw new Error(`deepMerge exceeded maximum depth of ${MAX_MERGE_DEPTH}`);
+  }
+  const result = { ...base };
+  for (const key of Object.keys(override)) {
+    const baseVal = base[key];
+    const overrideVal = override[key];
+    if (typeof baseVal === "object" && baseVal !== null && typeof overrideVal === "object" && overrideVal !== null && !Array.isArray(baseVal) && !Array.isArray(overrideVal)) {
+      result[key] = deepMergeInternal(baseVal, overrideVal, depth + 1);
+    } else {
+      result[key] = overrideVal;
+    }
+  }
+  return result;
+}
+function deepMerge(base, override) {
+  if (!base)
+    return override;
+  if (!override)
+    return base;
+  return deepMergeInternal(base, override, 0);
+}
 
+// src/config/constants.ts
+var QA_AGENTS = ["reviewer", "critic"];
+var PIPELINE_AGENTS = ["explorer", "coder", "test_engineer"];
+var ORCHESTRATOR_NAME = "architect";
+var ALL_SUBAGENT_NAMES = [
+  "sme",
+  "docs",
+  "designer",
+  ...QA_AGENTS,
+  ...PIPELINE_AGENTS
+];
+var ALL_AGENT_NAMES = [
+  ORCHESTRATOR_NAME,
+  ...ALL_SUBAGENT_NAMES
+];
+var DEFAULT_MODELS = {
+  architect: "anthropic/claude-sonnet-4-5",
+  explorer: "google/gemini-2.0-flash",
+  coder: "anthropic/claude-sonnet-4-5",
+  test_engineer: "google/gemini-2.0-flash",
+  sme: "google/gemini-2.0-flash",
+  reviewer: "google/gemini-2.0-flash",
+  critic: "google/gemini-2.0-flash",
+  docs: "google/gemini-2.0-flash",
+  designer: "google/gemini-2.0-flash",
+  default: "google/gemini-2.0-flash"
+};
+var DEFAULT_SCORING_CONFIG = {
+  enabled: false,
+  max_candidates: 100,
+  weights: {
+    phase: 1,
+    current_task: 2,
+    blocked_task: 1.5,
+    recent_failure: 2.5,
+    recent_success: 0.5,
+    evidence_presence: 1,
+    decision_recency: 1.5,
+    dependency_proximity: 1
+  },
+  decision_decay: {
+    mode: "exponential",
+    half_life_hours: 24
+  },
+  token_ratios: {
+    prose: 0.25,
+    code: 0.4,
+    markdown: 0.3,
+    json: 0.35
+  }
+};
 // node_modules/zod/v4/classic/external.js
 var exports_external = {};
 __export(exports_external, {
@@ -13563,6 +13635,85 @@ function date4(params) {
 
 // node_modules/zod/v4/classic/external.js
 config(en_default());
+// src/config/evidence-schema.ts
+var EVIDENCE_MAX_JSON_BYTES = 500 * 1024;
+var EVIDENCE_MAX_PATCH_BYTES = 5 * 1024 * 1024;
+var EVIDENCE_MAX_TASK_BYTES = 20 * 1024 * 1024;
+var EvidenceTypeSchema = exports_external.enum([
+  "review",
+  "test",
+  "diff",
+  "approval",
+  "note"
+]);
+var EvidenceVerdictSchema = exports_external.enum([
+  "pass",
+  "fail",
+  "approved",
+  "rejected",
+  "info"
+]);
+var BaseEvidenceSchema = exports_external.object({
+  task_id: exports_external.string().min(1),
+  type: EvidenceTypeSchema,
+  timestamp: exports_external.string().datetime(),
+  agent: exports_external.string().min(1),
+  verdict: EvidenceVerdictSchema,
+  summary: exports_external.string().min(1),
+  metadata: exports_external.record(exports_external.string(), exports_external.unknown()).optional()
+});
+var ReviewEvidenceSchema = BaseEvidenceSchema.extend({
+  type: exports_external.literal("review"),
+  risk: exports_external.enum(["low", "medium", "high", "critical"]),
+  issues: exports_external.array(exports_external.object({
+    severity: exports_external.enum(["error", "warning", "info"]),
+    message: exports_external.string().min(1),
+    file: exports_external.string().optional(),
+    line: exports_external.number().int().optional()
+  })).default([])
+});
+var TestEvidenceSchema = BaseEvidenceSchema.extend({
+  type: exports_external.literal("test"),
+  tests_passed: exports_external.number().int().min(0),
+  tests_failed: exports_external.number().int().min(0),
+  test_file: exports_external.string().optional(),
+  failures: exports_external.array(exports_external.object({
+    name: exports_external.string().min(1),
+    message: exports_external.string().min(1)
+  })).default([])
+});
+var DiffEvidenceSchema = BaseEvidenceSchema.extend({
+  type: exports_external.literal("diff"),
+  files_changed: exports_external.array(exports_external.string()).default([]),
+  additions: exports_external.number().int().min(0).default(0),
+  deletions: exports_external.number().int().min(0).default(0),
+  patch_path: exports_external.string().optional()
+});
+var ApprovalEvidenceSchema = BaseEvidenceSchema.extend({
+  type: exports_external.literal("approval")
+});
+var NoteEvidenceSchema = BaseEvidenceSchema.extend({
+  type: exports_external.literal("note")
+});
+var EvidenceSchema = exports_external.discriminatedUnion("type", [
+  ReviewEvidenceSchema,
+  TestEvidenceSchema,
+  DiffEvidenceSchema,
+  ApprovalEvidenceSchema,
+  NoteEvidenceSchema
+]);
+var EvidenceBundleSchema = exports_external.object({
+  schema_version: exports_external.literal("1.0.0"),
+  task_id: exports_external.string().min(1),
+  entries: exports_external.array(EvidenceSchema).default([]),
+  created_at: exports_external.string().datetime(),
+  updated_at: exports_external.string().datetime()
+});
+// src/config/loader.ts
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+
 // src/config/schema.ts
 var AgentOverrideConfigSchema = exports_external.object({
   model: exports_external.string().optional(),
@@ -13798,8 +13949,7 @@ var PluginConfigSchema = exports_external.object({
   review_passes: ReviewPassesConfigSchema.optional(),
   integration_analysis: IntegrationAnalysisConfigSchema.optional(),
   docs: DocsConfigSchema.optional(),
-  ui_review: UIReviewConfigSchema.optional(),
-  _loadedFromFile: exports_external.boolean().default(false)
+  ui_review: UIReviewConfigSchema.optional()
 });
 
 // src/config/loader.ts
@@ -13818,6 +13968,11 @@ function loadRawConfigFromPath(configPath) {
       return null;
     }
     const content = fs.readFileSync(configPath, "utf-8");
+    if (content.length > MAX_CONFIG_FILE_BYTES) {
+      console.warn(`[opencode-swarm] Config file too large after read (max 100 KB): ${configPath}`);
+      console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
+      return null;
+    }
     const rawConfig = JSON.parse(content);
     if (typeof rawConfig !== "object" || rawConfig === null || Array.isArray(rawConfig)) {
       console.warn(`[opencode-swarm] Invalid config at ${configPath}: expected an object`);
@@ -13833,23 +13988,6 @@ function loadRawConfigFromPath(configPath) {
     return null;
   }
 }
-var MAX_MERGE_DEPTH = 10;
-function deepMergeInternal(base, override, depth) {
-  if (depth >= MAX_MERGE_DEPTH) {
-    throw new Error(`deepMerge exceeded maximum depth of ${MAX_MERGE_DEPTH}`);
-  }
-  const result = { ...base };
-  for (const key of Object.keys(override)) {
-    const baseVal = base[key];
-    const overrideVal = override[key];
-    if (typeof baseVal === "object" && baseVal !== null && typeof overrideVal === "object" && overrideVal !== null && !Array.isArray(baseVal) && !Array.isArray(overrideVal)) {
-      result[key] = deepMergeInternal(baseVal, overrideVal, depth + 1);
-    } else {
-      result[key] = overrideVal;
-    }
-  }
-  return result;
-}
 function loadPluginConfig(directory) {
   const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
   const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
@@ -13858,7 +13996,7 @@ function loadPluginConfig(directory) {
   const loadedFromFile = rawUserConfig !== null || rawProjectConfig !== null;
   let mergedRaw = rawUserConfig ?? {};
   if (rawProjectConfig) {
-    mergedRaw = deepMergeInternal(mergedRaw, rawProjectConfig, 0);
+    mergedRaw = deepMerge(mergedRaw, rawProjectConfig);
   }
   const result = PluginConfigSchema.safeParse(mergedRaw);
   if (!result.success) {
@@ -13866,20 +14004,24 @@ function loadPluginConfig(directory) {
       const userResult = PluginConfigSchema.safeParse(rawUserConfig);
       if (userResult.success) {
         console.warn("[opencode-swarm] Project config ignored due to validation errors. Using user config.");
-        return { ...userResult.data, _loadedFromFile: true };
+        return userResult.data;
       }
     }
     console.warn("[opencode-swarm] Merged config validation failed:");
     console.warn(result.error.format());
     console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
-    return {
-      max_iterations: 5,
-      qa_retry_limit: 3,
-      inject_phase_reminders: true,
-      _loadedFromFile: false
-    };
+    return PluginConfigSchema.parse({});
   }
-  return { ...result.data, _loadedFromFile: loadedFromFile };
+  return result.data;
+}
+function loadPluginConfigWithMeta(directory) {
+  const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
+  const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
+  const rawUserConfig = loadRawConfigFromPath(userConfigPath);
+  const rawProjectConfig = loadRawConfigFromPath(projectConfigPath);
+  const loadedFromFile = rawUserConfig !== null || rawProjectConfig !== null;
+  const config2 = loadPluginConfig(directory);
+  return { config: config2, loadedFromFile };
 }
 function loadAgentPrompt(agentName) {
   const promptsDir = path.join(getUserConfigDir(), "opencode", PROMPTS_DIR_NAME);
@@ -13902,58 +14044,6 @@ function loadAgentPrompt(agentName) {
   }
   return result;
 }
-
-// src/config/constants.ts
-var QA_AGENTS = ["reviewer", "critic"];
-var PIPELINE_AGENTS = ["explorer", "coder", "test_engineer"];
-var ORCHESTRATOR_NAME = "architect";
-var ALL_SUBAGENT_NAMES = [
-  "sme",
-  "docs",
-  "designer",
-  ...QA_AGENTS,
-  ...PIPELINE_AGENTS
-];
-var ALL_AGENT_NAMES = [
-  ORCHESTRATOR_NAME,
-  ...ALL_SUBAGENT_NAMES
-];
-var DEFAULT_MODELS = {
-  architect: "anthropic/claude-sonnet-4-5",
-  explorer: "google/gemini-2.0-flash",
-  coder: "anthropic/claude-sonnet-4-5",
-  test_engineer: "google/gemini-2.0-flash",
-  sme: "google/gemini-2.0-flash",
-  reviewer: "google/gemini-2.0-flash",
-  critic: "google/gemini-2.0-flash",
-  docs: "google/gemini-2.0-flash",
-  designer: "google/gemini-2.0-flash",
-  default: "google/gemini-2.0-flash"
-};
-var DEFAULT_SCORING_CONFIG = {
-  enabled: false,
-  max_candidates: 100,
-  weights: {
-    phase: 1,
-    current_task: 2,
-    blocked_task: 1.5,
-    recent_failure: 2.5,
-    recent_success: 0.5,
-    evidence_presence: 1,
-    decision_recency: 1.5,
-    dependency_proximity: 1
-  },
-  decision_decay: {
-    mode: "exponential",
-    half_life_hours: 24
-  },
-  token_ratios: {
-    prose: 0.25,
-    code: 0.4,
-    markdown: 0.3,
-    json: 0.35
-  }
-};
 // src/config/plan-schema.ts
 var TaskStatusSchema = exports_external.enum([
   "pending",
@@ -13999,80 +14089,6 @@ var PlanSchema = exports_external.object({
   phases: exports_external.array(PhaseSchema).min(1),
   migration_status: MigrationStatusSchema.optional()
 });
-// src/config/evidence-schema.ts
-var EVIDENCE_MAX_JSON_BYTES = 500 * 1024;
-var EVIDENCE_MAX_PATCH_BYTES = 5 * 1024 * 1024;
-var EVIDENCE_MAX_TASK_BYTES = 20 * 1024 * 1024;
-var EvidenceTypeSchema = exports_external.enum([
-  "review",
-  "test",
-  "diff",
-  "approval",
-  "note"
-]);
-var EvidenceVerdictSchema = exports_external.enum([
-  "pass",
-  "fail",
-  "approved",
-  "rejected",
-  "info"
-]);
-var BaseEvidenceSchema = exports_external.object({
-  task_id: exports_external.string().min(1),
-  type: EvidenceTypeSchema,
-  timestamp: exports_external.string().datetime(),
-  agent: exports_external.string().min(1),
-  verdict: EvidenceVerdictSchema,
-  summary: exports_external.string().min(1),
-  metadata: exports_external.record(exports_external.string(), exports_external.unknown()).optional()
-});
-var ReviewEvidenceSchema = BaseEvidenceSchema.extend({
-  type: exports_external.literal("review"),
-  risk: exports_external.enum(["low", "medium", "high", "critical"]),
-  issues: exports_external.array(exports_external.object({
-    severity: exports_external.enum(["error", "warning", "info"]),
-    message: exports_external.string().min(1),
-    file: exports_external.string().optional(),
-    line: exports_external.number().int().optional()
-  })).default([])
-});
-var TestEvidenceSchema = BaseEvidenceSchema.extend({
-  type: exports_external.literal("test"),
-  tests_passed: exports_external.number().int().min(0),
-  tests_failed: exports_external.number().int().min(0),
-  test_file: exports_external.string().optional(),
-  failures: exports_external.array(exports_external.object({
-    name: exports_external.string().min(1),
-    message: exports_external.string().min(1)
-  })).default([])
-});
-var DiffEvidenceSchema = BaseEvidenceSchema.extend({
-  type: exports_external.literal("diff"),
-  files_changed: exports_external.array(exports_external.string()).default([]),
-  additions: exports_external.number().int().min(0).default(0),
-  deletions: exports_external.number().int().min(0).default(0),
-  patch_path: exports_external.string().optional()
-});
-var ApprovalEvidenceSchema = BaseEvidenceSchema.extend({
-  type: exports_external.literal("approval")
-});
-var NoteEvidenceSchema = BaseEvidenceSchema.extend({
-  type: exports_external.literal("note")
-});
-var EvidenceSchema = exports_external.discriminatedUnion("type", [
-  ReviewEvidenceSchema,
-  TestEvidenceSchema,
-  DiffEvidenceSchema,
-  ApprovalEvidenceSchema,
-  NoteEvidenceSchema
-]);
-var EvidenceBundleSchema = exports_external.object({
-  schema_version: exports_external.literal("1.0.0"),
-  task_id: exports_external.string().min(1),
-  entries: exports_external.array(EvidenceSchema).default([]),
-  created_at: exports_external.string().datetime(),
-  updated_at: exports_external.string().datetime()
-});
 // src/agents/architect.ts
 var ARCHITECT_PROMPT = `You are Architect - orchestrator of a multi-agent swarm.
 
@@ -30766,9 +30782,39 @@ var gitingest = tool({
     return fetchGitingest(args);
   }
 });
+// src/tools/retrieve-summary.ts
+var RETRIEVE_MAX_BYTES = 10 * 1024 * 1024;
+var retrieve_summary = tool({
+  description: "Retrieve the full content of a stored tool output summary by its ID (e.g. S1, S2). Use this when a prior tool output was summarized and you need the full content.",
+  args: {
+    id: tool.schema.string().describe("The summary ID to retrieve (e.g. S1, S2, S99). Must match pattern S followed by digits.")
+  },
+  async execute(args, context) {
+    const directory = context.directory;
+    let sanitizedId;
+    try {
+      sanitizedId = sanitizeSummaryId(args.id);
+    } catch {
+      return "Error: invalid summary ID format. Expected format: S followed by digits (e.g. S1, S2, S99).";
+    }
+    let fullOutput;
+    try {
+      fullOutput = await loadFullOutput(directory, sanitizedId);
+    } catch {
+      return "Error: failed to retrieve summary.";
+    }
+    if (fullOutput === null) {
+      return `Summary \`${sanitizedId}\` not found. Use a valid summary ID (e.g. S1, S2).`;
+    }
+    if (fullOutput.length > RETRIEVE_MAX_BYTES) {
+      return `Error: summary content exceeds maximum size limit (10 MB).`;
+    }
+    return fullOutput;
+  }
+});
 // src/index.ts
 var OpenCodeSwarm = async (ctx) => {
-  const config3 = loadPluginConfig(ctx.directory);
+  const { config: config3, loadedFromFile } = loadPluginConfigWithMeta(ctx.directory);
   const agents = getAgentConfigs(config3);
   const agentDefinitions = createAgents(config3);
   const pipelineHook = createPipelineTrackerHook(config3);
@@ -30778,7 +30824,7 @@ var OpenCodeSwarm = async (ctx) => {
   const commandHandler = createSwarmCommandHandler(ctx.directory, Object.fromEntries(agentDefinitions.map((agent) => [agent.name, agent])));
   const activityHooks = createAgentActivityHooks(config3, ctx.directory);
   const delegationGateHandler = createDelegationGateHook(config3);
-  const guardrailsFallback = config3._loadedFromFile ? config3.guardrails ?? {} : { ...config3.guardrails, enabled: false };
+  const guardrailsFallback = loadedFromFile ? config3.guardrails ?? {} : { ...config3.guardrails, enabled: false };
   const guardrailsConfig = GuardrailsConfigSchema.parse(guardrailsFallback);
   const delegationHandler = createDelegationTrackerHook(config3, guardrailsConfig.enabled);
   const guardrailsHooks = createGuardrailsHooks(guardrailsConfig);
@@ -30808,7 +30854,8 @@ var OpenCodeSwarm = async (ctx) => {
       detect_domains,
       extract_code_blocks,
       gitingest,
-      diff
+      diff,
+      retrieve_summary
     },
     config: async (opencodeConfig) => {
       if (!opencodeConfig.agent) {

package/dist/tools/index.d.ts

@@ -2,3 +2,4 @@ export { type DiffErrorResult, type DiffResult, diff } from './diff';
 export { detect_domains } from './domain-detector';
 export { extract_code_blocks } from './file-extractor';
 export { fetchGitingest, type GitingestArgs, gitingest } from './gitingest';
+export { retrieve_summary } from './retrieve-summary';

package/dist/tools/retrieve-summary.d.ts

@@ -0,0 +1,2 @@
+import { tool } from '@opencode-ai/plugin';
+export declare const retrieve_summary: ReturnType<typeof tool>;

package/dist/utils/index.d.ts

@@ -1,2 +1,3 @@
 export { CLIError, ConfigError, HookError, SwarmError, ToolError, } from './errors';
 export { error, log, warn } from './logger';
+export { deepMerge, MAX_MERGE_DEPTH } from './merge';

package/dist/utils/merge.d.ts

@@ -0,0 +1,5 @@
+export declare const MAX_MERGE_DEPTH = 10;
+/**
+ * Deep merge two objects, with override values taking precedence.
+ */
+export declare function deepMerge<T extends Record<string, unknown>>(base?: T, override?: T): T | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.1.0",
+	"version": "6.1.1",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",