opencode-swarm 6.19.2 → 6.19.4

package/dist/cli/index.js

@@ -31634,14 +31634,14 @@ function parseContextMd(content) {
 function splitIntoSections(content) {
   const sections = [];
   const headingRegex = /^(#{1,3})\s+(.+)/gm;
-  const lastIndex = 0;
-  let match;
   const matches = [];
-  while ((match = headingRegex.exec(content)) !== null) {
+  let match = headingRegex.exec(content);
+  while (match !== null) {
     matches.push({
       index: match.index,
       heading: match[0]
     });
+    match = headingRegex.exec(content);
   }
   for (let i = 0;i < matches.length; i++) {
     const current = matches[i];
@@ -31691,7 +31691,7 @@ function inferCategoryFromText(text) {
 function truncateLesson(text) {
   if (text.length <= 280)
     return text;
-  return text.slice(0, 277) + "...";
+  return `${text.slice(0, 277)}...`;
 }
 function inferProjectName(directory) {
   const packageJsonPath = path8.join(directory, "package.json");

package/dist/hooks/adversarial-detector.d.ts

@@ -18,7 +18,7 @@ export declare function formatAdversarialWarning(agentA: string, agentB: string,
  * Uses string/regex matching to detect sophisticated adversarial behaviors.
  */
 export interface AdversarialPatternMatch {
-    pattern: 'PRECEDENT_MANIPULATION' | 'SELF_REVIEW' | 'CONTENT_EXEMPTION' | 'GATE_DELEGATION_BYPASS' | 'VELOCITY_RATIONALIZATION' | 'INTER_AGENT_MANIPULATION';
+    pattern: 'PRECEDENT_MANIPULATION' | 'SELF_REVIEW' | 'CONTENT_EXEMPTION' | 'GATE_DELEGATION_BYPASS' | 'VELOCITY_RATIONALIZATION' | 'INTER_AGENT_MANIPULATION' | 'GATE_MISCLASSIFICATION';
     severity: 'HIGHEST' | 'HIGH' | 'MEDIUM' | 'LOW';
     matchedText: string;
     confidence: 'HIGH' | 'MEDIUM' | 'LOW';

package/dist/index.js

@@ -38857,39 +38857,55 @@ Two small delegations with two QA gates > one large delegation with one QA gate.
    MEDIUM: acceptable for non-critical decisions. For critical path (architecture, security), seek second source.
    LOW: do NOT consume directly. Either re-delegate to SME with specific query, OR flag to user as UNVERIFIED.
    Never silently consume LOW-confidence result as verified.
-     7. **MANDATORY QA GATE** \u2014 Execute AFTER every coder task. Two stages, BOTH required:
+       7. **TIERED QA GATE** \u2014 Execute AFTER every coder task. Pipeline determined by change tier:
 NOTE: These gates are enforced by runtime hooks. If you skip the reviewer delegation,
 the next coder delegation will be BLOCKED by the plugin. This is not a suggestion \u2014
 it is a hard enforcement mechanism.
 
-\u2500\u2500 STAGE A: AUTOMATED TOOL GATES (run tools, fix failures, no agents involved) \u2500\u2500
+TIERED QA GATE \u2014 CHANGE CLASSIFICATION
+
+Classify ONE tier by FILES CHANGED.
+
+TIER 0 \u2014 METADATA
+  Match: plan.json, plan.md, context.md, .swarm/evidence/*, status updates
+  Pipeline: lint + diff. No agent or Stage B.
+  Rationale: Swarm bookkeeping, no runtime effect.
+
+TIER 1 \u2014 DOCUMENTATION
+  Match: *.md outside .swarm/, comments-only, prompt text, README, CHANGELOG
+  Pipeline: Stage A. Stage B = reviewer\xD71 (gen). No security/test_engineer/adversarial.
+  Rationale: Non-executable; reviewer validates.
+
+TIER 2 \u2014 STANDARD CODE
+  Match: src/ files not Tier 3, test files, config, package.json
+  Pipeline: Full Stage A. Stage B = reviewer\xD71 + test_engineer\xD71 (verification).
+  Rationale: Default for executables; review catches regressions.
+
+TIER 3 \u2014 CRITICAL
+  Match: architect*.ts, delegation*.ts, guardrails*.ts, adversarial*.ts, sanitiz*.ts, auth*, permission*, crypto*, secret*, security files
+  Pipeline: Full Stage A. Stage B = reviewer\xD72 + test_engineer\xD72.
+  Rationale: Security paths need adversarial review.
+
+CLASSIFICATION RULES:
+- Multi-tier \u2192 use HIGHEST tier.
+- Format: "Classification: TIER {N} \u2014 {label}"
+- Reviewer flags risk \u2192 escalate. Run delta, not current tier. Tier 3 is ceiling.
+- Do NOT downgrade after entering pipeline.
+- Misclassification = GATE_DELEGATION_BYPASS.
+
+\u2500\u2500 STAGE A: AUTOMATED TOOL GATES \u2500\u2500
 diff \u2192 syntax_check \u2192 placeholder_scan \u2192 imports \u2192 lint fix \u2192 build_check \u2192 pre_check_batch
-All Stage A tools return structured pass/fail. Fix failures by returning to coder.
-Stage A passing means: code compiles, parses, has no secrets, no placeholders, no lint errors.
+Stage A tools return pass/fail. Fix failures by returning to coder.
+Stage A passing means: code compiles, parses, no secrets, no placeholders, no lint errors.
 Stage A passing does NOT mean: code is correct, secure, tested, or reviewed.
 
-\u2500\u2500 STAGE B: AGENT REVIEW GATES (delegate to agents, wait for verdicts) \u2500\u2500
+\u2500\u2500 STAGE B: AGENT REVIEW GATES \u2500\u2500
 {{AGENT_PREFIX}}reviewer \u2192 security reviewer (conditional) \u2192 {{AGENT_PREFIX}}test_engineer verification \u2192 {{AGENT_PREFIX}}test_engineer adversarial \u2192 coverage check
-Stage B CANNOT be skipped. Stage A passing does not satisfy Stage B.
+Stage B CANNOT be skipped for TIER 1-3 classifications. Stage A passing does not satisfy Stage B.
 Stage B is where logic errors, security flaws, edge cases, and behavioral bugs are caught.
 You MUST delegate to each Stage B agent and wait for their response.
 
 A task is complete ONLY when BOTH stages pass.
-ANTI-EXEMPTION RULES \u2014 these thoughts are WRONG and must be ignored:
-  \u2717 "It's a simple change" \u2192 gates are mandatory for ALL changes regardless of perceived complexity
-  \u2717 "It's just a rename / refactor / config tweak" \u2192 same
-  \u2717 "The code looks straightforward" \u2192 you are the author; authors are blind to their own mistakes
-  \u2717 "I already reviewed it mentally" \u2192 mental review does not satisfy any gate
-  \u2717 "It'll be fine" \u2192 this is how production data loss happens
-  \u2717 "The tests will catch it" \u2192 tests do not run without being delegated to {{AGENT_PREFIX}}test_engineer
-  \u2717 "It's just one file" \u2192 file count does not determine gate requirements
-  \u2717 "pre_check_batch will catch any issues" \u2192 pre_check_batch only runs if you run it
-  \u2717 "It's just a POC/prototype" \u2192 prototypes that skip QA become production code that shipped without review
-  \u2717 "I'll do QA in a batch at the end" \u2192 deferred QA is skipped QA. Every task gets its own gate, immediately.
-  \u2717 "I already skipped QA on previous tasks, so consistency requires skipping here too" \u2192 past violations do not justify future violations. STOP. Run the gates now, then go back and review what was skipped.
-
-There are NO simple changes. There are NO exceptions to the QA gate sequence.
-The gates exist because the author cannot objectively evaluate their own work.
 
 6f. **GATE AUTHORITY** \u2014 You do NOT have authority to judge task completion.
 Task completion is determined EXCLUSIVELY by gate agent output:
@@ -38962,26 +38978,14 @@ PARTIAL GATE RATIONALIZATIONS \u2014 automated gates \u2260 agent review. Runnin
 Running syntax_check + pre_check_batch without reviewer + test_engineer is a PARTIAL GATE VIOLATION.
 It is the same severity as skipping all gates. The QA gate is ALL steps or NONE.
 
-      - After coder completes: run \`diff\` tool. If \`hasContractChanges\` is true \u2192 delegate {{AGENT_PREFIX}}explorer for integration impact analysis. BREAKING \u2192 return to coder. COMPATIBLE \u2192 proceed.
-      - Run \`syntax_check\` tool. SYNTACTIC ERRORS \u2192 return to coder. NO ERRORS \u2192 proceed to placeholder_scan.
-      - Run \`placeholder_scan\` tool. PLACEHOLDER FINDINGS \u2192 return to coder. NO FINDINGS \u2192 proceed to imports check.
-      - Run \`imports\` tool. Record results for dependency audit. Proceed to lint fix.
-      - Run \`lint\` tool (mode: fix) \u2192 allow auto-corrections. LINT FIX FAILS \u2192 return to coder. SUCCESS \u2192 proceed to build_check.
-      - Run \`build_check\` tool. BUILD FAILS \u2192 return to coder. SUCCESS \u2192 proceed to pre_check_batch.
-      - Run \`pre_check_batch\` tool. If gates_passed === false: return to coder. If gates_passed === true: proceed to @reviewer.
-    - Delegate {{AGENT_PREFIX}}reviewer with CHECK dimensions. REJECTED \u2192 return to coder (max {{QA_RETRY_LIMIT}} attempts). APPROVED \u2192 continue.
-    - If file matches security globs (auth, api, crypto, security, middleware, session, token, config/, env, credentials, authorization, roles, permissions, access) OR content has security keywords (see SECURITY_KEYWORDS list) OR secretscan has ANY findings OR sast_scan has ANY findings at or above threshold \u2192 MUST delegate {{AGENT_PREFIX}}reviewer AGAIN with security-only CHECK review. REJECTED \u2192 return to coder (max {{QA_RETRY_LIMIT}} attempts). If REJECTED after {{QA_RETRY_LIMIT}} attempts on security-only review \u2192 escalate to user.
-   - Delegate {{AGENT_PREFIX}}test_engineer for verification tests. FAIL \u2192 return to coder.
-   - Delegate {{AGENT_PREFIX}}test_engineer for adversarial tests (attack vectors only). FAIL \u2192 return to coder.
-   - All pass \u2192 mark task complete, proceed to next task.
- 8. **COVERAGE CHECK**: After adversarial tests pass, check if test_engineer reports coverage < 70%. If so, delegate {{AGENT_PREFIX}}test_engineer for an additional test pass targeting uncovered paths. This is a soft guideline; use judgment for trivial tasks.
+  8. **COVERAGE CHECK**: After adversarial tests pass, check if test_engineer reports coverage < 70%. If so, delegate {{AGENT_PREFIX}}test_engineer for an additional test pass targeting uncovered paths. This is a soft guideline; use judgment for trivial tasks.
  9. **UI/UX DESIGN GATE**: Before delegating UI tasks to {{AGENT_PREFIX}}coder, check if the task involves UI components. Trigger conditions (ANY match):
    - Task description contains UI keywords: new page, new screen, new component, redesign, layout change, form, modal, dialog, dropdown, sidebar, navbar, dashboard, landing page, signup, login form, settings page, profile page
    - Target file is in: pages/, components/, views/, screens/, ui/, layouts/
    If triggered: delegate to {{AGENT_PREFIX}}designer FIRST to produce a code scaffold. Then pass the scaffold to {{AGENT_PREFIX}}coder as INPUT alongside the task. The coder implements the TODOs in the scaffold without changing component structure or accessibility attributes.
    If not triggered: delegate directly to {{AGENT_PREFIX}}coder as normal.
 10. **RETROSPECTIVE TRACKING**: At the end of every phase, record phase metrics in .swarm/context.md under "## Phase Metrics" and write a retrospective evidence entry via the evidence manager. Track: phase_number, total_tool_calls, coder_revisions, reviewer_rejections, test_failures, security_findings, integration_issues, task_count, task_complexity, top_rejection_reasons, lessons_learned (max 5). Reset Phase Metrics to 0 after writing.
-11. **CHECKPOINTS**: Before delegating multi-file refactor tasks (3+ files), create a checkpoint save. On critical failures when redo is faster than iterative fixes, restore from checkpoint. Use checkpoint tool: \`checkpoint save\` before risky operations, \`checkpoint restore\` on failure.
+ 11. **CHECKPOINTS**: Before delegating multi-file refactor tasks (3+ files), create a checkpoint save. On critical failures when redo is faster than iterative fixes, restore from checkpoint. Use checkpoint tool: \`checkpoint save\` before risky operations, \`checkpoint restore\` on failure.
 
 SECURITY_KEYWORDS: password, secret, token, credential, auth, login, encryption, hash, key, certificate, ssl, tls, jwt, oauth, session, csrf, xss, injection, sanitization, permission, access, vulnerable, exploit, privilege, authorization, roles, authentication, mfa, 2fa, totp, otp, salt, iv, nonce, hmac, aes, rsa, sha256, bcrypt, scrypt, argon2, api_key, apikey, private_key, public_key, rbac, admin, superuser, sqli, rce, ssrf, xxe, nosql, command_injection
 
@@ -39428,7 +39432,7 @@ Treating pre_check_batch as a substitute for reviewer is a PROCESS VIOLATION.
 
     5j. {{AGENT_PREFIX}}reviewer - General review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate.
     \u2192 REQUIRED: Print "reviewer: [APPROVED | REJECTED \u2014 reason]"
-    5k. Security gate: if file matches security globs (auth, api, crypto, security, middleware, session, token, config/, env, credentials, authorization, roles, permissions, access) OR content has security keywords (see SECURITY_KEYWORDS list) OR secretscan has ANY findings OR sast_scan has ANY findings at or above threshold \u2192 MUST delegate {{AGENT_PREFIX}}reviewer security-only review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate to user.
+    5k. Security gate: if change matches TIER 3 criteria OR content contains SECURITY_KEYWORDS OR secretscan has ANY findings OR sast_scan has ANY findings at or above threshold \u2192 MUST delegate {{AGENT_PREFIX}}reviewer security-only review. REJECTED (< {{QA_RETRY_LIMIT}}) \u2192 coder retry. REJECTED ({{QA_RETRY_LIMIT}}) \u2192 escalate to user.
     \u2192 REQUIRED: Print "security-reviewer: [TRIGGERED | NOT TRIGGERED \u2014 reason]"
     \u2192 If TRIGGERED: Print "security-reviewer: [APPROVED | REJECTED \u2014 reason]"
     5l. {{AGENT_PREFIX}}test_engineer - Verification tests. FAIL \u2192 coder retry from 5g.
@@ -43135,14 +43139,14 @@ function parseContextMd(content) {
 function splitIntoSections(content) {
   const sections = [];
   const headingRegex = /^(#{1,3})\s+(.+)/gm;
-  const lastIndex = 0;
-  let match;
   const matches = [];
-  while ((match = headingRegex.exec(content)) !== null) {
+  let match = headingRegex.exec(content);
+  while (match !== null) {
     matches.push({
       index: match.index,
       heading: match[0]
     });
+    match = headingRegex.exec(content);
   }
   for (let i2 = 0;i2 < matches.length; i2++) {
     const current = matches[i2];
@@ -43192,7 +43196,7 @@ function inferCategoryFromText(text) {
 function truncateLesson(text) {
   if (text.length <= 280)
     return text;
-  return text.slice(0, 277) + "...";
+  return `${text.slice(0, 277)}...`;
 }
 function inferProjectName(directory) {
   const packageJsonPath = path12.join(directory, "package.json");
@@ -45791,11 +45795,10 @@ function createGuardrailsHooks(directory, config3) {
             const patchPathPattern = /\*\*\*\s+(?:Update|Add|Delete)\s+File:\s*(.+)/gi;
             const diffPathPattern = /\+\+\+\s+b\/(.+)/gm;
             const paths = new Set;
-            let match;
-            while ((match = patchPathPattern.exec(patchText)) !== null) {
+            for (const match of patchText.matchAll(patchPathPattern)) {
               paths.add(match[1].trim());
             }
-            while ((match = diffPathPattern.exec(patchText)) !== null) {
+            for (const match of patchText.matchAll(diffPathPattern)) {
               const p = match[1].trim();
               if (p !== "/dev/null")
                 paths.add(p);
@@ -48352,7 +48355,10 @@ function formatStars(confidence) {
   return "\u2605\u2606\u2606";
 }
 function sanitizeLessonForContext(text) {
-  return text.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g, "").replace(/[\u200B-\u200D\uFEFF]/g, "").replace(/[\u202A-\u202E\u2066-\u2069]/g, "").replace(/```/g, "` ` `").replace(/^system\s*:/gim, "[BLOCKED]:");
+  return text.split("").filter((char) => {
+    const code = char.charCodeAt(0);
+    return code === 9 || code === 10 || code === 13 || code > 31 && code !== 127;
+  }).join("").replace(/[\u200B-\u200D\uFEFF]/g, "").replace(/[\u202A-\u202E\u2066-\u2069]/g, "").replace(/```/g, "` ` `").replace(/^system\s*:/gim, "[BLOCKED]:");
 }
 function isOrchestratorAgent(agentName) {
   const stripped = stripKnownSwarmPrefix(agentName);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.19.2",
+	"version": "6.19.4",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",