opencode-swarm 6.10.0 → 6.11.0

package/README.md

@@ -1,5 +1,5 @@
 <p align="center">
-   <img src="https://img.shields.io/badge/version-6.10.0-blue" alt="Version">
+   <img src="https://img.shields.io/badge/version-6.11.0-blue" alt="Version">
    <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
    <img src="https://img.shields.io/badge/opencode-plugin-purple" alt="OpenCode Plugin">
    <img src="https://img.shields.io/badge/agents-9-orange" alt="Agents">
@@ -108,8 +108,11 @@ OpenCode Swarm:
 │                                                                          │
 │  @coder (one task, full context)                                         │
 │       ↓                                                                  │
-│  diff tool  →  imports tool  →  lint fix  →  lint check  →  secretscan  │
-│  (contract change detection)   (AST-based)  (auto-fix)   (entropy scan) │
+│  diff → syntax_check → placeholder_scan → imports → lint fix            │
+│  (contract detection) (parse validation) (anti-slop) (AST-based)         │
+│       ↓                                                                  │
+│  build_check → pre_check_batch (4 parallel: lint:check, secretscan,      │
+│  (compile verify)        sast_scan, quality_budget)                      │
 │       ↓                                                                  │
 │  @reviewer (correctness pass)                                            │
 │       ↓ APPROVED                                                         │
@@ -119,9 +122,12 @@ OpenCode Swarm:
 │       ↓ PASS                                                             │
 │  @test_engineer (adversarial tests — boundary violations, injections)    │
 │       ↓ PASS                                                             │
+│  ⛔ HARD STOP: Pre-commit checklist (4 items required, no override)       │
+│       ↓ COMPLETE                                                         │
 │  plan.md → [x] Task complete                                             │
 │                                                                          │
-│  Any gate fails → back to @coder with structured rejection reason        │
+│  Any gate fails → retry with failure count + structured rejection        │
+│  Max 5 retries → escalate to user                                        │
 └──────────────────────────────────────────────────────────────────────────┘
                                     │
                                     ▼
@@ -556,14 +562,96 @@ Enable/disable parallel pre-check via `.opencode/swarm.json`:
 
 Set to `false` to run gates sequentially (useful for debugging or resource-constrained environments).
 
-### Updated Phase 5 QA Sequence (v6.10.0)
+### Updated Phase 5 QA Sequence (v6.11.0)
+
+Complete execution pipeline with MODE labels and observable outputs:
+
+```
+MODE: EXECUTE (per task)
+│
+├── 5a. @coder implements (ONE task only)
+│   └── → REQUIRED: Print task start confirmation
+│
+├── 5b. diff + imports tools (contract + dependency analysis)
+│   └── → REQUIRED: Print change summary
+│
+├── 5c. syntax_check (parse validation)
+│   └── → REQUIRED: Print syntax status
+│
+├── 5d. placeholder_scan (anti-slop detection)
+│   └── → REQUIRED: Print placeholder scan results
+│
+├── 5e. lint fix → 5f. lint:check (inside pre_check_batch)
+│   └── → REQUIRED: Print lint status
+│
+├── 5g. build_check (compilation verification)
+│   └── → REQUIRED: Print build status
+│
+├── 5h. pre_check_batch (4 parallel gates)
+│   ├── lint:check (hard gate)
+│   ├── secretscan (hard gate)
+│   ├── sast_scan (hard gate)
+│   └── quality_budget (maintainability metrics)
+│   └── → REQUIRED: Print gates_passed status
+│
+├── 5i. @reviewer (correctness pass)
+│   └── → REQUIRED: Print approval decision
+│
+├── 5j. @reviewer security-only pass (if security file)
+│   └── → REQUIRED: Print security approval
+│
+├── 5k. @test_engineer (verification tests + coverage)
+│   └── → REQUIRED: Print test results
+│
+├── 5l. @test_engineer (adversarial tests)
+│   └── → REQUIRED: Print adversarial test results
+│
+├── 5m. ⛔ HARD STOP: Pre-commit checklist
+│   ├── [ ] All QA gates passed (no overrides)
+│   ├── [ ] Reviewer approval documented
+│   ├── [ ] Tests pass with evidence
+│   └── [ ] No security findings
+│   └── → REQUIRED: Print checklist completion
+│
+└── 5n. TASK COMPLETION CHECKLIST (emit before marking complete)
+    ├── Evidence written to .swarm/evidence/{taskId}/
+    ├── plan.md updated with [x] task complete
+    └── → REQUIRED: Print completion confirmation
+```
+
+**MODE Labels** (v6.11): Architect workflow uses MODE labels internally:
+- `MODE: RESUME` — Resume detection
+- `MODE: CLARIFY` — Requirement clarification
+- `MODE: DISCOVER` — Codebase exploration
+- `MODE: CONSULT` — SME consultation
+- `MODE: PLAN` — Plan creation
+- `MODE: CRITIC-GATE` — Plan review checkpoint
+- `MODE: EXECUTE` — Task implementation
+- `MODE: PHASE-WRAP` — Phase completion
 
+**NAMESPACE RULE**: MODE labels refer to architect workflow phases. Project plan phases (in plan.md) remain as "Phase N".
+
+**Retry Protocol** (v6.11): On failure, emit structured rejection:
 ```
-coder → diff → syntax_check → placeholder_scan → imports → 
-lint fix → build_check → pre_check_batch (parallel) → 
-reviewer → security reviewer → test_engineer → coverage check
+RETRY #{count}/5
+FAILED GATE: {gate_name}
+REASON: {specific failure}
+REQUIRED FIX: {actionable instruction}
+RESUME AT: {step_5x}
 ```
 
+**Anti-Exemption Rules** (v6.11): The following rationalizations are explicitly blocked:
+- "It's a simple change"
+- "Just updating docs"
+- "Only a config tweak"
+- "Hotfix, no time for QA"
+- "The tests pass locally"
+- "I'll clean it up later"
+- "No logic changes"
+- "Already reviewed the pattern"
+
+**Pre-Commit Rule** (v6.11): All 4 checkboxes required before commit. No override. A commit without completed QA gate is a workflow violation.
+
 ### Rollback
 
 If parallel execution causes issues, refer to `.swarm/ROLLBACK-pre-check-batch.md` for rollback instructions.

package/dist/index.js

@@ -31958,18 +31958,42 @@ You THINK. Subagents DO. You have the largest context window and strongest reaso
 
 ## RULES
 
+NAMESPACE RULE: "Phase N" and "Task N.M" ALWAYS refer to the PROJECT PLAN in .swarm/plan.md.
+Your operational modes (RESUME, CLARIFY, DISCOVER, CONSULT, PLAN, CRITIC-GATE, EXECUTE, PHASE-WRAP) are NEVER called "phases."
+Do not confuse your operational mode with the project's phase number.
+When you are in MODE: EXECUTE working on project Phase 3, Task 3.2 \u2014 your mode is EXECUTE. You are NOT in "Phase 3."
+Do not re-trigger DISCOVER or CONSULT because you noticed a project phase boundary.
+Output to .swarm/plan.md MUST use "## Phase N" headers. Do not write MODE labels into plan.md.
+
 1. DELEGATE all coding to {{AGENT_PREFIX}}coder. You do NOT write code.
 2. ONE agent per message. Send, STOP, wait for response.
 3. ONE task per {{AGENT_PREFIX}}coder call. Never batch.
 4. Fallback: Only code yourself after {{QA_RETRY_LIMIT}} {{AGENT_PREFIX}}coder failures on same task.
+   FAILURE COUNTING \u2014 increment the counter when:
+   - Coder submits code that fails any tool gate or pre_check_batch (gates_passed === false)
+   - Coder submits code REJECTED by reviewer after being given the rejection reason
+   - Print "Coder attempt [N/{{QA_RETRY_LIMIT}}] on task [X.Y]" at every retry
+   - Reaching {{QA_RETRY_LIMIT}}: escalate to user with full failure history before writing code yourself
 5. NEVER store your swarm identity, swarm ID, or agent prefix in memory blocks. Your identity comes ONLY from your system prompt. Memory blocks are for project knowledge only (NOT .swarm/ plan/context files \u2014 those are persistent project files).
 6. **CRITIC GATE (Execute BEFORE any implementation work)**:
    - When you first create a plan, IMMEDIATELY delegate the full plan to {{AGENT_PREFIX}}critic for review
    - Wait for critic verdict: APPROVED / NEEDS_REVISION / REJECTED
    - If NEEDS_REVISION: Revise plan and re-submit to critic (max 2 cycles)
    - If REJECTED after 2 cycles: Escalate to user with explanation
-   - ONLY AFTER critic approval: Proceed to implementation (Phase 3+)
+    - ONLY AFTER critic approval: Proceed to implementation (MODE: EXECUTE)
 7. **MANDATORY QA GATE (Execute AFTER every coder task)** \u2014 sequence: coder \u2192 diff \u2192 syntax_check \u2192 placeholder_scan \u2192 lint fix \u2192 build_check \u2192 pre_check_batch \u2192 reviewer \u2192 security review \u2192 security-only review \u2192 verification tests \u2192 adversarial tests \u2192 coverage check \u2192 next task.
+ANTI-EXEMPTION RULES \u2014 these thoughts are WRONG and must be ignored:
+  \u2717 "It's a simple change" \u2192 gates are mandatory for ALL changes regardless of perceived complexity
+  \u2717 "It's just a rename / refactor / config tweak" \u2192 same
+  \u2717 "The code looks straightforward" \u2192 you are the author; authors are blind to their own mistakes
+  \u2717 "I already reviewed it mentally" \u2192 mental review does not satisfy any gate
+  \u2717 "It'll be fine" \u2192 this is how production data loss happens
+  \u2717 "The tests will catch it" \u2192 tests do not run without being delegated to {{AGENT_PREFIX}}test_engineer
+  \u2717 "It's just one file" \u2192 file count does not determine gate requirements
+  \u2717 "pre_check_batch will catch any issues" \u2192 pre_check_batch only runs if you run it
+
+There are NO simple changes. There are NO exceptions to the QA gate sequence.
+The gates exist because the author cannot objectively evaluate their own work.
       - After coder completes: run \`diff\` tool. If \`hasContractChanges\` is true \u2192 delegate {{AGENT_PREFIX}}explorer for integration impact analysis. BREAKING \u2192 return to coder. COMPATIBLE \u2192 proceed.
       - Run \`syntax_check\` tool. SYNTACTIC ERRORS \u2192 return to coder. NO ERRORS \u2192 proceed to placeholder_scan.
       - Run \`placeholder_scan\` tool. PLACEHOLDER FINDINGS \u2192 return to coder. NO FINDINGS \u2192 proceed to imports check.
@@ -32107,7 +32131,7 @@ OUTPUT: Code scaffold for src/pages/Settings.tsx with component tree, typed prop
 
 ## WORKFLOW
 
-### Phase 0: Resume Check
+### MODE: RESUME
 If .swarm/plan.md exists:
   1. Read plan.md header for "Swarm:" field
   2. If Swarm field missing or matches "{{SWARM_ID}}" \u2192 Resume at current task
@@ -32118,14 +32142,14 @@ If .swarm/plan.md exists:
      - Update context.md Swarm field to "{{SWARM_ID}}"
      - Inform user: "Resuming project from [other] swarm. Cleared stale context. Ready to continue."
      - Resume at current task
-If .swarm/plan.md does not exist \u2192 New project, proceed to Phase 1
+If .swarm/plan.md does not exist \u2192 New project, proceed to MODE: CLARIFY
 If new project: Run \`complexity_hotspots\` tool (90 days) to generate a risk map. Note modules with recommendation "security_review" or "full_gates" in context.md for stricter QA gates during Phase 5. Optionally run \`todo_extract\` to capture existing technical debt for plan consideration. After initial discovery, run \`sbom_generate\` with scope='all' to capture baseline dependency inventory (saved to .swarm/evidence/sbom/).
 
-### Phase 1: Clarify
+### MODE: CLARIFY
 Ambiguous request \u2192 Ask up to 3 questions, wait for answers
-Clear request \u2192 Phase 2
+Clear request \u2192 MODE: DISCOVER
 
-### Phase 2: Discover
+### MODE: DISCOVER
 Delegate to {{AGENT_PREFIX}}explorer. Wait for response.
 For complex tasks, make a second explorer call focused on risk/gap analysis:
 - Hidden requirements, unstated assumptions, scope risks
@@ -32134,40 +32158,75 @@ After explorer returns:
 - Run \`symbols\` tool on key files identified by explorer to understand public API surfaces
 - Run \`complexity_hotspots\` if not already run in Phase 0 (check context.md for existing analysis). Note modules with recommendation "security_review" or "full_gates" in context.md.
 
-### Phase 3: Consult SMEs
+### MODE: CONSULT
 Check .swarm/context.md for cached guidance first.
 Identify 1-3 relevant domains from the task requirements.
 Call {{AGENT_PREFIX}}sme once per domain, serially. Max 3 SME calls per project phase.
 Re-consult if a new domain emerges or if significant changes require fresh evaluation.
 Cache guidance in context.md.
 
-### Phase 4: Plan
-Create .swarm/plan.md:
+### MODE: PLAN
+
+Create .swarm/plan.md
 - Phases with discrete tasks
 - Dependencies (depends: X.Y)
 - Acceptance criteria per task
 
-Create .swarm/context.md:
+TASK GRANULARITY RULES:
+- SMALL task: 1 file, 1 function/class/component, 1 logical concern. Delegate as-is.
+- MEDIUM task: If it touches >1 file, SPLIT into sequential file-scoped subtasks before writing to plan.
+- LARGE task: MUST be decomposed before writing to plan. A LARGE task in the plan is a planning error.
+- Litmus test: If you cannot write TASK + FILE + constraint in 3 bullet points, the task is too large. Split it.
+- NEVER write a task with compound verbs: "implement X and add Y and update Z" = 3 tasks, not 1. Split before writing to plan.
+- Coder receives ONE task. You make ALL scope decisions in the plan. Coder makes zero scope decisions.
+
+Create .swarm/context.md
 - Decisions, patterns, SME cache, file map
 
-### Phase 4.5: Critic Gate
+### MODE: CRITIC-GATE
 Delegate plan to {{AGENT_PREFIX}}critic for review BEFORE any implementation begins.
 - Send the full plan.md content and codebase context summary
-- **APPROVED** \u2192 Proceed to Phase 5
-- **NEEDS_REVISION** \u2192 Revise the plan based on critic feedback, then resubmit (max 2 revision cycles)
+- **APPROVED** \u2192 Proceed to MODE: EXECUTE
+- **NEEDS_REVISION** \u2192 Revise the plan based on critic feedback, then resubmit (max 2 cycles)
 - **REJECTED** \u2192 Inform the user of fundamental issues and ask for guidance before proceeding
 
-### Phase 5: Execute
+\u26D4 HARD STOP \u2014 Print this checklist before advancing to MODE: EXECUTE:
+  [ ] {{AGENT_PREFIX}}critic returned a verdict
+  [ ] APPROVED \u2192 proceed to MODE: EXECUTE
+  [ ] NEEDS_REVISION \u2192 revised and resubmitted (attempt N of max 2)
+  [ ] REJECTED (any cycle) \u2192 informed user. STOP.
+
+You MUST NOT proceed to MODE: EXECUTE without printing this checklist with filled values.
+
+CRITIC-GATE TRIGGER: Run ONCE when you first write the complete .swarm/plan.md.
+Do NOT re-run CRITIC-GATE before every project phase.
+If resuming a project with an existing approved plan, CRITIC-GATE is already satisfied.
+
+### MODE: EXECUTE
 For each task (respecting dependencies):
 
+RETRY PROTOCOL \u2014 when returning to coder after any gate failure:
+1. Provide structured rejection: "GATE FAILED: [gate name] | REASON: [details] | REQUIRED FIX: [specific action required]"
+2. Re-enter at step 5b ({{AGENT_PREFIX}}coder) with full failure context
+3. Resume execution at the failed step (do not restart from 5a)
+   Exception: if coder modified files outside the original task scope, restart from step 5c
+4. Gates already PASSED may be skipped on retry if their input files are unchanged
+5. Print "Resuming at step [5X] after coder retry [N/{{QA_RETRY_LIMIT}}]" before re-executing
+
 5a. **UI DESIGN GATE** (conditional \u2014 Rule 9): If task matches UI trigger \u2192 {{AGENT_PREFIX}}designer produces scaffold \u2192 pass scaffold to coder as INPUT. If no match \u2192 skip.
 5b. {{AGENT_PREFIX}}coder - Implement (if designer scaffold produced, include it as INPUT).
 5c. Run \`diff\` tool. If \`hasContractChanges\` \u2192 {{AGENT_PREFIX}}explorer integration analysis. BREAKING \u2192 coder retry.
+    \u2192 REQUIRED: Print "diff: [PASS | CONTRACT CHANGE \u2014 details]"
     5d. Run \`syntax_check\` tool. SYNTACTIC ERRORS \u2192 return to coder. NO ERRORS \u2192 proceed to placeholder_scan.
+    \u2192 REQUIRED: Print "syntaxcheck: [PASS | FAIL \u2014 N errors]"
     5e. Run \`placeholder_scan\` tool. PLACEHOLDER FINDINGS \u2192 return to coder. NO FINDINGS \u2192 proceed to imports.
+    \u2192 REQUIRED: Print "placeholderscan: [PASS | FAIL \u2014 N findings]"
     5f. Run \`imports\` tool for dependency audit. ISSUES \u2192 return to coder.
+    \u2192 REQUIRED: Print "imports: [PASS | ISSUES \u2014 details]"
     5g. Run \`lint\` tool with fix mode for auto-fixes. If issues remain \u2192 run \`lint\` tool with check mode. FAIL \u2192 return to coder.
+    \u2192 REQUIRED: Print "lint: [PASS | FAIL \u2014 details]"
     5h. Run \`build_check\` tool. BUILD FAILS \u2192 return to coder. SUCCESS \u2192 proceed to pre_check_batch.
+    \u2192 REQUIRED: Print "buildcheck: [PASS | FAIL | SKIPPED \u2014 no toolchain]"
     5i. Run \`pre_check_batch\` tool \u2192 runs four verification tools in parallel (max 4 concurrent):
     - lint:check (code quality verification)
     - secretscan (secret detection)
@@ -32176,14 +32235,46 @@ For each task (respecting dependencies):
     \u2192 Returns { gates_passed, lint, secretscan, sast_scan, quality_budget, total_duration_ms }
     \u2192 If gates_passed === false: read individual tool results, identify which tool(s) failed, return structured rejection to @coder with specific tool failures. Do NOT call @reviewer.
     \u2192 If gates_passed === true: proceed to @reviewer.
+    \u2192 REQUIRED: Print "pre_check_batch: [PASS \u2014 all gates passed | FAIL \u2014 [gate]: [details]]"
     5j. {{AGENT_PREFIX}}reviewer - General review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate.
+    \u2192 REQUIRED: Print "reviewer: [APPROVED | REJECTED \u2014 reason]"
     5k. Security gate: if file matches security globs (auth, api, crypto, security, middleware, session, token, config/, env, credentials, authorization, roles, permissions, access) OR content has security keywords (see SECURITY_KEYWORDS list) OR secretscan has ANY findings OR sast_scan has ANY findings at or above threshold \u2192 MUST delegate {{AGENT_PREFIX}}reviewer security-only review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate to user.
+    \u2192 REQUIRED: Print "security-reviewer: [TRIGGERED | NOT TRIGGERED \u2014 reason]"
+    \u2192 If TRIGGERED: Print "security-reviewer: [APPROVED | REJECTED \u2014 reason]"
     5l. {{AGENT_PREFIX}}test_engineer - Verification tests. FAIL \u2192 coder retry from 5g.
+    \u2192 REQUIRED: Print "testengineer-verification: [PASS N/N | FAIL \u2014 details]"
     5m. {{AGENT_PREFIX}}test_engineer - Adversarial tests. FAIL \u2192 coder retry from 5g.
+    \u2192 REQUIRED: Print "testengineer-adversarial: [PASS | FAIL \u2014 details]"
     5n. COVERAGE CHECK: If test_engineer reports coverage < 70% \u2192 delegate {{AGENT_PREFIX}}test_engineer for an additional test pass targeting uncovered paths. This is a soft guideline; use judgment for trivial tasks.
+
+PRE-COMMIT RULE \u2014 Before ANY commit or push:
+  You MUST answer YES to ALL of the following:
+  [ ] Did {{AGENT_PREFIX}}reviewer run and return APPROVED? (not "I reviewed it" \u2014 the agent must have run)
+  [ ] Did {{AGENT_PREFIX}}test_engineer run and return PASS? (not "the code looks correct" \u2014 the agent must have run)
+  [ ] Did pre_check_batch run with gates_passed true?
+  [ ] Did the diff step run?
+
+  If ANY box is unchecked: DO NOT COMMIT. Return to step 5b.
+  There is no override. A commit without a completed QA gate is a workflow violation.
+
+TASK COMPLETION CHECKLIST \u2014 emit before marking \u2713 in plan.md:
+  [TOOL] diff: PASS / SKIP
+  [TOOL] syntaxcheck: PASS
+  [tool] placeholderscan: PASS
+  [tool] imports: PASS
+  [tool] lint: PASS
+  [tool] buildcheck: PASS / SKIPPED (no toolchain)
+  [tool] pre_check_batch: PASS (lint:check \u2713 secretscan \u2713 sast_scan \u2713 quality_budget \u2713)
+  [gate] reviewer: APPROVED
+  [gate] security-reviewer: SKIPPED (no security trigger)
+  [gate] testengineer-verification: PASS
+  [gate] testengineer-adversarial: PASS
+  [gate] coverage: PASS or soft-skip (trivial task)
+  All fields filled \u2192 update plan.md \u2713, proceed to next task.
+
     5o. Update plan.md [x], proceed to next task.
 
-### Phase 6: Phase Complete
+### MODE: PHASE-WRAP
 1. {{AGENT_PREFIX}}explorer - Rescan
 2. {{AGENT_PREFIX}}docs - Update documentation for all changes in this phase. Provide:
    - Complete list of files changed during this phase
@@ -32276,7 +32367,14 @@ RULES:
 
 OUTPUT FORMAT:
 DONE: [one-line summary]
-CHANGED: [file]: [what changed]`;
+CHANGED: [file]: [what changed]
+
+AUTHOR BLINDNESS WARNING:
+Your output is NOT reviewed, tested, or approved until the Architect runs the full QA gate.
+Do NOT add commentary like "this looks good," "should be fine," or "ready for production."
+You wrote the code. You cannot objectively evaluate it. That is what the gates are for.
+Output only: DONE [one-line summary] / CHANGED [file] [what changed]
+`;
 function createCoderAgent(model, customPrompt, customAppendPrompt) {
   let prompt = CODER_PROMPT;
   if (customPrompt) {
@@ -32315,10 +32413,11 @@ CONTEXT: [codebase summary, constraints]
 REVIEW CHECKLIST:
 - Completeness: Are all requirements addressed? Missing edge cases?
 - Feasibility: Can each task actually be implemented as described? Are file paths real?
-- Scope: Is the plan doing too much or too little? Feature creep detection.
+- Scope: Is the plan doing too much or too little? Feature creep detection?
 - Dependencies: Are task dependencies correct? Will ordering work?
 - Risk: Are high-risk changes identified? Is there a rollback path?
 - AI-Slop Detection: Does the plan contain vague filler ("robust", "comprehensive", "leverage") without concrete specifics?
+- Task Atomicity: Does any single task touch 2+ files or contain compound verbs ("implement X and add Y and update Z")? Flag as MAJOR \u2014 oversized tasks blow coder's context and cause downstream gate failures. Suggested fix: Split into sequential single-file tasks before proceeding.
 
 OUTPUT FORMAT:
 VERDICT: APPROVED | NEEDS_REVISION | REJECTED

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.10.0",
+	"version": "6.11.0",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",