opencode-swarm 6.1.1 → 6.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -1
- package/dist/index.js +6 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<p align="center">
|
|
2
|
-
<img src="https://img.shields.io/badge/version-6.1.
|
|
2
|
+
<img src="https://img.shields.io/badge/version-6.1.2-blue" alt="Version">
|
|
3
3
|
<img src="https://img.shields.io/badge/license-MIT-green" alt="License">
|
|
4
4
|
<img src="https://img.shields.io/badge/opencode-plugin-purple" alt="OpenCode Plugin">
|
|
5
5
|
<img src="https://img.shields.io/badge/agents-9-orange" alt="Agents">
|
|
@@ -343,6 +343,12 @@ bunx opencode-swarm uninstall --clean
|
|
|
343
343
|
|
|
344
344
|
## What's New
|
|
345
345
|
|
|
346
|
+
### v6.1.2 — Guardrails Remediation
|
|
347
|
+
- **Fail-safe config validation** — Config validation failures now disable guardrails as a safety precaution (previously Zod defaults could silently re-enable them).
|
|
348
|
+
- **Architect exemption fix** — Architect/orchestrator sessions can no longer inherit 30-minute base limits during delegation race conditions.
|
|
349
|
+
- **Explicit disable always wins** — `guardrails.enabled: false` in config is now always honored, even when the config was loaded from file.
|
|
350
|
+
- **Internal map synchronization** — `startAgentSession()` now keeps `activeAgent` and `agentSessions` maps in sync for consistent state tracking.
|
|
351
|
+
|
|
346
352
|
### v6.1.1 — Security Fix & Tech Debt
|
|
347
353
|
- **Security hardening (`_loadedFromFile`)** — Fixed a critical vulnerability where an internal loader flag could be injected via JSON config to bypass guardrails. The flag is now purely internal and no longer part of the public schema.
|
|
348
354
|
- **TOCTOU protection** — Added atomic-style content checks in the config loader to prevent race conditions during file reads.
|
package/dist/index.js
CHANGED
|
@@ -14010,7 +14010,9 @@ function loadPluginConfig(directory) {
|
|
|
14010
14010
|
console.warn("[opencode-swarm] Merged config validation failed:");
|
|
14011
14011
|
console.warn(result.error.format());
|
|
14012
14012
|
console.warn("[opencode-swarm] \u26A0\uFE0F Guardrails will be DISABLED as a safety precaution. Fix the config file to restore normal operation.");
|
|
14013
|
-
return PluginConfigSchema.parse({
|
|
14013
|
+
return PluginConfigSchema.parse({
|
|
14014
|
+
guardrails: { enabled: false }
|
|
14015
|
+
});
|
|
14014
14016
|
}
|
|
14015
14017
|
return result.data;
|
|
14016
14018
|
}
|
|
@@ -15450,6 +15452,7 @@ function startAgentSession(sessionId, agentName, staleDurationMs = 7200000) {
|
|
|
15450
15452
|
windows: {}
|
|
15451
15453
|
};
|
|
15452
15454
|
swarmState.agentSessions.set(sessionId, sessionState);
|
|
15455
|
+
swarmState.activeAgent.set(sessionId, agentName);
|
|
15453
15456
|
}
|
|
15454
15457
|
function ensureAgentSession(sessionId, agentName) {
|
|
15455
15458
|
const now = Date.now();
|
|
@@ -17268,7 +17271,7 @@ function createGuardrailsHooks(config2) {
|
|
|
17268
17271
|
return;
|
|
17269
17272
|
}
|
|
17270
17273
|
}
|
|
17271
|
-
const agentName = swarmState.activeAgent.get(input.sessionID);
|
|
17274
|
+
const agentName = swarmState.activeAgent.get(input.sessionID) ?? ORCHESTRATOR_NAME;
|
|
17272
17275
|
const session = ensureAgentSession(input.sessionID, agentName);
|
|
17273
17276
|
const resolvedName = stripKnownSwarmPrefix(session.agentName);
|
|
17274
17277
|
if (resolvedName === ORCHESTRATOR_NAME) {
|
|
@@ -30824,7 +30827,7 @@ var OpenCodeSwarm = async (ctx) => {
|
|
|
30824
30827
|
const commandHandler = createSwarmCommandHandler(ctx.directory, Object.fromEntries(agentDefinitions.map((agent) => [agent.name, agent])));
|
|
30825
30828
|
const activityHooks = createAgentActivityHooks(config3, ctx.directory);
|
|
30826
30829
|
const delegationGateHandler = createDelegationGateHook(config3);
|
|
30827
|
-
const guardrailsFallback = loadedFromFile ? config3.guardrails ?? {} : { ...config3.guardrails, enabled: false };
|
|
30830
|
+
const guardrailsFallback = config3.guardrails?.enabled === false ? { ...config3.guardrails, enabled: false } : loadedFromFile ? config3.guardrails ?? {} : { ...config3.guardrails, enabled: false };
|
|
30828
30831
|
const guardrailsConfig = GuardrailsConfigSchema.parse(guardrailsFallback);
|
|
30829
30832
|
const delegationHandler = createDelegationTrackerHook(config3, guardrailsConfig.enabled);
|
|
30830
30833
|
const guardrailsHooks = createGuardrailsHooks(guardrailsConfig);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "opencode-swarm",
|
|
3
|
-
"version": "6.1.
|
|
3
|
+
"version": "6.1.2",
|
|
4
4
|
"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|