opencode-swarm 6.19.8 → 6.20.1

package/README.md

@@ -852,7 +852,7 @@ This release adds runtime detection hooks to catch and warn about architect work
 - **Partial gate tracking**: Detects when QA gates are skipped
 - **Self-fix detection**: Warns when an agent fixes its own gate failure (should delegate to fresh agent)
 - **Batch detection**: Catches "implement X and add Y" batching in task requests
-- **Zero-delegation detection**: Warns when tasks complete without any coder delegation
+- **Zero-delegation detection**: Warns when tasks complete without any coder delegation; supports parsing delegation envelopes from JSON or KEY: VALUE text format for validation.
 
 These hooks are advisory (warnings only) and help maintain workflow discipline during long sessions.
 

package/dist/cli/index.js

@@ -32646,9 +32646,9 @@ function validateArgs(args) {
     return false;
   return true;
 }
-function getLinterCommand(linter, mode) {
+function getLinterCommand(linter, mode, projectDir) {
   const isWindows = process.platform === "win32";
-  const binDir = path11.join(process.cwd(), "node_modules", ".bin");
+  const binDir = path11.join(projectDir, "node_modules", ".bin");
   const biomeBin = isWindows ? path11.join(binDir, "biome.EXE") : path11.join(binDir, "biome");
   const eslintBin = isWindows ? path11.join(binDir, "eslint.cmd") : path11.join(binDir, "eslint");
   switch (linter) {
@@ -32825,8 +32825,8 @@ async function detectAvailableLinter() {
   } catch {}
   return null;
 }
-async function runLint(linter, mode) {
-  const command = getLinterCommand(linter, mode);
+async function runLint(linter, mode, directory) {
+  const command = getLinterCommand(linter, mode, directory);
   const commandStr = command.join(" ");
   if (commandStr.length > MAX_COMMAND_LENGTH) {
     return {
@@ -32840,7 +32840,8 @@ async function runLint(linter, mode) {
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
-      stderr: "pipe"
+      stderr: "pipe",
+      cwd: directory
     });
     const [stdout, stderr] = await Promise.all([
       new Response(proc.stdout).text(),
@@ -32954,11 +32955,19 @@ var lint = createSwarmTool({
       };
       return JSON.stringify(errorResult2, null, 2);
     }
+    if (!directory || typeof directory !== "string" || directory.trim() === "") {
+      const errorResult2 = {
+        success: false,
+        mode: "check",
+        error: "project directory is required but was not provided"
+      };
+      return JSON.stringify(errorResult2, null, 2);
+    }
     const { mode } = args;
     const cwd = directory;
     const linter = await detectAvailableLinter();
     if (linter) {
-      const result = await runLint(linter, mode);
+      const result = await runLint(linter, mode, directory);
       return JSON.stringify(result, null, 2);
     }
     const additionalLinter = detectAdditionalLinter(cwd);

package/dist/commands/checkpoint.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Handle /swarm checkpoint command
+ * Creates, lists, restores, or deletes checkpoints with optional label
+ */
+export declare function handleCheckpointCommand(directory: string, args: string[]): Promise<string>;

package/dist/context/role-filter.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Role-Scoped Context Injection Filter
+ * Filters context entries based on [FOR: ...] tags for role-based context delivery.
+ */
+/**
+ * Context entry with role metadata
+ */
+export interface ContextEntry {
+    role: 'user' | 'assistant' | 'system';
+    content: string;
+    name?: string;
+}
+/**
+ * Filter context entries based on target role and [FOR: ...] tags.
+ *
+ * Filtering rules:
+ * - Entries with [FOR: ALL] are included for all agents
+ * - Entries with [FOR: specific_agents] are included only for named agents
+ * - Entries without [FOR: ...] tag are included for all agents (backward compatibility)
+ * - System prompts, delegation envelopes, plan content, and knowledge entries are never filtered
+ *
+ * @param entries - Array of context entries to filter
+ * @param targetRole - The target agent role to filter for
+ * @param directory - Optional project directory for metrics logging (defaults to cwd)
+ * @returns Filtered array of context entries
+ */
+export declare function filterByRole(entries: ContextEntry[], targetRole: string, directory?: string): ContextEntry[];

package/dist/context/zone-classifier.d.ts

@@ -0,0 +1,17 @@
+export type FileZone = 'production' | 'test' | 'config' | 'generated' | 'docs' | 'build';
+export interface ZoneClassification {
+    filePath: string;
+    zone: FileZone;
+    confidence: 'high' | 'medium';
+    reason: string;
+}
+export interface ZonePolicy {
+    qaDepth: 'full' | 'standard' | 'light' | 'skip';
+    lintRequired: boolean;
+    testRequired: boolean;
+    reviewRequired: boolean;
+    securityReviewRequired: boolean;
+}
+export declare function classifyFile(filePath: string): ZoneClassification;
+export declare function classifyFiles(filePaths: string[]): ZoneClassification[];
+export declare function getZonePolicy(zone: FileZone): ZonePolicy;

package/dist/diff/ast-diff.d.ts

@@ -0,0 +1,20 @@
+export interface ASTChange {
+    type: 'added' | 'modified' | 'removed';
+    category: 'function' | 'class' | 'type' | 'export' | 'import' | 'variable' | 'other';
+    name: string;
+    lineStart: number;
+    lineEnd: number;
+    signature?: string;
+}
+export interface ASTDiffResult {
+    filePath: string;
+    language: string | null;
+    changes: ASTChange[];
+    durationMs: number;
+    usedAST: boolean;
+    error?: string;
+}
+/**
+ * Compute AST-level diff between old and new file content
+ */
+export declare function computeASTDiff(filePath: string, oldContent: string, newContent: string): Promise<ASTDiffResult>;

package/dist/git/branch.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Check if we're in a git repository
+ */
+export declare function isGitRepo(cwd: string): boolean;
+/**
+ * Get current branch name
+ */
+export declare function getCurrentBranch(cwd: string): string;
+/**
+ * Create a new branch
+ * @param cwd - Working directory
+ * @param branchName - Name of the branch to create
+ * @param remote - Remote name (default: 'origin')
+ */
+export declare function createBranch(cwd: string, branchName: string, remote?: string): void;
+/**
+ * Get list of changed files compared to main/master
+ * @param cwd - Working directory
+ * @param branch - Base branch to compare against (optional, auto-detected if not provided)
+ * @returns Array of changed file paths, or empty array if error occurs
+ */
+export declare function getChangedFiles(cwd: string, branch?: string): string[];
+/**
+ * Get default base branch (main or master)
+ */
+export declare function getDefaultBaseBranch(cwd: string): string;
+/**
+ * Stage specific files for commit
+ * @param cwd - Working directory
+ * @param files - Array of file paths to stage (must not be empty)
+ * @throws Error if files array is empty
+ */
+export declare function stageFiles(cwd: string, files: string[]): void;
+/**
+ * Stage all files in the working directory
+ * @param cwd - Working directory
+ */
+export declare function stageAll(cwd: string): void;
+/**
+ * Commit changes
+ */
+export declare function commitChanges(cwd: string, message: string): void;
+/**
+ * Get current commit SHA
+ */
+export declare function getCurrentSha(cwd: string): string;
+/**
+ * Check if there are uncommitted changes
+ */
+export declare function hasUncommittedChanges(cwd: string): boolean;

package/dist/git/index.d.ts

@@ -0,0 +1,22 @@
+import { createBranch, isGitRepo } from './branch.js';
+import { isAuthenticated, isGhAvailable } from './pr.js';
+export interface PRWorkflowOptions {
+    title: string;
+    body?: string;
+    branch?: string;
+}
+export interface PRWorkflowResult {
+    success: boolean;
+    url?: string;
+    number?: number;
+    error?: string;
+}
+/**
+ * Full PR workflow: create branch → commit → push → create PR
+ */
+export declare function runPRWorkflow(cwd: string, options: PRWorkflowOptions): Promise<PRWorkflowResult>;
+/**
+ * Generate evidence summary without creating PR
+ */
+export declare function prepareEvidence(cwd: string): string;
+export { isGhAvailable, isAuthenticated, isGitRepo, createBranch };

package/dist/git/pr.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Sanitize input string to prevent command injection
+ * Removes or escapes shell metacharacters
+ */
+export declare function sanitizeInput(input: string): string;
+/**
+ * Check if gh CLI is available
+ */
+export declare function isGhAvailable(cwd: string): boolean;
+/**
+ * Check if authenticated with gh
+ */
+export declare function isAuthenticated(cwd: string): boolean;
+/**
+ * Create evidence.md summary
+ */
+export declare function generateEvidenceMd(cwd: string): string;
+/**
+ * Create a pull request
+ */
+export declare function createPullRequest(cwd: string, title: string, body?: string, baseBranch?: string): Promise<{
+    url: string;
+    number: number;
+}>;
+/**
+ * Commit and push current changes
+ */
+export declare function commitAndPush(cwd: string, message: string): void;

package/dist/hooks/delegation-gate.d.ts

@@ -5,6 +5,22 @@
  * Uses experimental.chat.messages.transform to provide non-blocking guidance.
  */
 import type { PluginConfig } from '../config';
+import type { DelegationEnvelope, EnvelopeValidationResult } from '../types/delegation.js';
+/**
+ * Parses a string to extract a DelegationEnvelope.
+ * Returns null if no valid envelope is found.
+ * Never throws - all errors are caught and result in null.
+ */
+export declare function parseDelegationEnvelope(content: string): DelegationEnvelope | null;
+interface ValidationContext {
+    planTasks: string[];
+    validAgents: string[];
+}
+/**
+ * Validates a DelegationEnvelope against the current plan and agent list.
+ * Returns { valid: true } on success, or { valid: false; reason: string } on failure.
+ */
+export declare function validateDelegationEnvelope(envelope: unknown, context: ValidationContext): EnvelopeValidationResult;
 interface MessageInfo {
     role: string;
     agent?: string;

package/dist/hooks/knowledge-store.d.ts

@@ -1,5 +1,6 @@
 /** Core storage layer for the opencode-swarm v6.17 two-tier knowledge system. */
 import type { RejectedLesson } from './knowledge-types.js';
+export declare function getPlatformConfigDir(): string;
 export declare function resolveSwarmKnowledgePath(directory: string): string;
 export declare function resolveSwarmRejectedPath(directory: string): string;
 export declare function resolveHiveKnowledgePath(): string;

package/dist/index.js

@@ -32236,9 +32236,9 @@ function validateArgs(args2) {
     return false;
   return true;
 }
-function getLinterCommand(linter, mode) {
+function getLinterCommand(linter, mode, projectDir) {
   const isWindows = process.platform === "win32";
-  const binDir = path18.join(process.cwd(), "node_modules", ".bin");
+  const binDir = path18.join(projectDir, "node_modules", ".bin");
   const biomeBin = isWindows ? path18.join(binDir, "biome.EXE") : path18.join(binDir, "biome");
   const eslintBin = isWindows ? path18.join(binDir, "eslint.cmd") : path18.join(binDir, "eslint");
   switch (linter) {
@@ -32415,8 +32415,8 @@ async function detectAvailableLinter() {
   } catch {}
   return null;
 }
-async function runLint(linter, mode) {
-  const command = getLinterCommand(linter, mode);
+async function runLint(linter, mode, directory) {
+  const command = getLinterCommand(linter, mode, directory);
   const commandStr = command.join(" ");
   if (commandStr.length > MAX_COMMAND_LENGTH) {
     return {
@@ -32430,7 +32430,8 @@ async function runLint(linter, mode) {
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
-      stderr: "pipe"
+      stderr: "pipe",
+      cwd: directory
     });
     const [stdout, stderr] = await Promise.all([
       new Response(proc.stdout).text(),
@@ -32550,11 +32551,19 @@ var init_lint = __esm(() => {
         };
         return JSON.stringify(errorResult2, null, 2);
       }
+      if (!directory || typeof directory !== "string" || directory.trim() === "") {
+        const errorResult2 = {
+          success: false,
+          mode: "check",
+          error: "project directory is required but was not provided"
+        };
+        return JSON.stringify(errorResult2, null, 2);
+      }
       const { mode } = args2;
       const cwd = directory;
       const linter = await detectAvailableLinter();
       if (linter) {
-        const result = await runLint(linter, mode);
+        const result = await runLint(linter, mode, directory);
         return JSON.stringify(result, null, 2);
       }
       const additionalLinter = detectAdditionalLinter(cwd);
@@ -34357,10 +34366,10 @@ async function runVersionCheck(dir, _timeoutMs) {
     };
   }
 }
-async function runLintCheck(_dir, linter, timeoutMs) {
+async function runLintCheck(dir, linter, timeoutMs) {
   const startTime = Date.now();
   try {
-    const lintPromise = runLint(linter, "check");
+    const lintPromise = runLint(linter, "check", dir);
     const timeoutPromise = new Promise((_, reject) => {
       setTimeout(() => {
         reject(new Error(`Lint check timed out after ${timeoutMs}ms`));
@@ -44993,7 +45002,7 @@ async function handleKnowledgeListCommand(directory, _args) {
       "|------|----------|------------|---------------------|"
     ];
     for (const entry of entries) {
-      const truncatedLesson = entry.lesson.length > 60 ? entry.lesson.slice(0, 57) + "..." : entry.lesson;
+      const truncatedLesson = entry.lesson.length > 60 ? `${entry.lesson.slice(0, 57)}...` : entry.lesson;
       const confidencePct = Math.round(entry.confidence * 100);
       lines.push(`| ${entry.id.slice(0, 8)}... | ${entry.category} | ${confidencePct}% | ${truncatedLesson} |`);
     }
@@ -45605,7 +45614,7 @@ async function handleRollbackCommand(directory, args2) {
 `);
   }
   const targetPhase = parseInt(phaseArg, 10);
-  if (isNaN(targetPhase) || targetPhase < 1) {
+  if (Number.isNaN(targetPhase) || targetPhase < 1) {
     return "Error: Phase number must be a positive integer.";
   }
   const manifestPath = validateSwarmPath(directory, "checkpoints/manifest.json");
@@ -45650,7 +45659,7 @@ async function handleRollbackCommand(directory, args2) {
     timestamp: new Date().toISOString()
   };
   try {
-    fs12.appendFileSync(eventsPath, JSON.stringify(rollbackEvent) + `
+    fs12.appendFileSync(eventsPath, `${JSON.stringify(rollbackEvent)}
 `);
   } catch (error93) {
     console.error("Failed to write rollback event:", error93);
@@ -51240,7 +51249,7 @@ function validateExtensions(extensions) {
   }
   return { valid: true, value: extensions, error: null };
 }
-async function getGitChurn(days) {
+async function getGitChurn(days, directory) {
   const churnMap = new Map;
   const proc = Bun.spawn([
     "git",
@@ -51250,7 +51259,8 @@ async function getGitChurn(days) {
     "--pretty=format:"
   ], {
     stdout: "pipe",
-    stderr: "pipe"
+    stderr: "pipe",
+    cwd: directory
   });
   const stdout = await new Response(proc.stdout).text();
   await proc.exited;
@@ -51315,8 +51325,8 @@ function getComplexityForFile(filePath) {
     return null;
   }
 }
-async function analyzeHotspots(days, topN, extensions) {
-  const churnMap = await getGitChurn(days);
+async function analyzeHotspots(days, topN, extensions, directory) {
+  const churnMap = await getGitChurn(days, directory);
   const extSet = new Set(extensions.map((e) => e.startsWith(".") ? e : `.${e}`));
   const filteredChurn = new Map;
   for (const [file3, count] of churnMap) {
@@ -51326,7 +51336,7 @@ async function analyzeHotspots(days, topN, extensions) {
     }
   }
   const hotspots = [];
-  const cwd = process.cwd();
+  const cwd = directory;
   let analyzedFiles = 0;
   for (const [file3, churnCount] of filteredChurn) {
     let fullPath = file3;
@@ -51378,7 +51388,22 @@ var complexity_hotspots = createSwarmTool({
     top_n: tool.schema.number().optional().describe("Number of top hotspots to return (default: 20, valid range: 1-100)"),
     extensions: tool.schema.string().optional().describe('Comma-separated extensions to include (default: "ts,tsx,js,jsx,py,rs,ps1")')
   },
-  async execute(args2, _directory) {
+  async execute(args2, directory) {
+    if (!directory || typeof directory !== "string" || directory.trim() === "") {
+      const errorResult = {
+        error: "project directory is required but was not provided",
+        analyzedFiles: 0,
+        period: "0 days",
+        hotspots: [],
+        summary: {
+          fullGates: 0,
+          securityReview: 0,
+          enhancedReview: 0,
+          standard: 0
+        }
+      };
+      return JSON.stringify(errorResult, null, 2);
+    }
     let daysInput;
     let topNInput;
     let extensionsInput;
@@ -51442,7 +51467,7 @@ var complexity_hotspots = createSwarmTool({
     const topN = topNValidation.value;
     const extensions = extensionsValidation.value.split(",").map((e) => e.trim());
     try {
-      const result = await analyzeHotspots(days, topN, extensions);
+      const result = await analyzeHotspots(days, topN, extensions, directory);
       return JSON.stringify(result, null, 2);
     } catch (e) {
       const errorResult = {
@@ -51477,7 +51502,7 @@ var SAFE_REF_PATTERN = /^[a-zA-Z0-9._\-/~^@{}]+$/;
 var MAX_REF_LENGTH = 256;
 var MAX_PATH_LENGTH = 500;
 var SHELL_METACHARACTERS2 = /[;|&$`(){}<>!'"]/;
-var CONTROL_CHAR_PATTERN2 = new RegExp("[\\u0000-\\u001F\\u007F]");
+var CONTROL_CHAR_PATTERN2 = /[\u0000-\u001F\u007F]/;
 function validateBase(base) {
   if (base.length > MAX_REF_LENGTH) {
     return `base ref exceeds maximum length of ${MAX_REF_LENGTH}`;
@@ -51515,8 +51540,17 @@ var diff = tool({
     base: tool.schema.string().optional().describe('Base ref to diff against (default: HEAD). Use "staged" for staged changes, "unstaged" for working tree changes.'),
     paths: tool.schema.array(tool.schema.string()).optional().describe("Optional file paths to restrict diff scope.")
   },
-  async execute(args2, _context) {
+  async execute(args2, context) {
     try {
+      if (!context.directory || typeof context.directory !== "string" || context.directory.trim() === "") {
+        const errorResult = {
+          error: "project directory is required but was not provided",
+          files: [],
+          contractChanges: [],
+          hasContractChanges: false
+        };
+        return JSON.stringify(errorResult, null, 2);
+      }
       const base = args2.base ?? "HEAD";
       const baseValidationError = validateBase(base);
       if (baseValidationError) {
@@ -51555,12 +51589,14 @@ var diff = tool({
       const numstatOutput = execFileSync("git", numstatArgs, {
         encoding: "utf-8",
         timeout: DIFF_TIMEOUT_MS,
-        maxBuffer: MAX_BUFFER_BYTES
+        maxBuffer: MAX_BUFFER_BYTES,
+        cwd: context.directory
       });
       const fullDiffOutput = execFileSync("git", fullDiffArgs, {
         encoding: "utf-8",
         timeout: DIFF_TIMEOUT_MS,
-        maxBuffer: MAX_BUFFER_BYTES
+        maxBuffer: MAX_BUFFER_BYTES,
+        cwd: context.directory
       });
       const files = [];
       const numstatLines = numstatOutput.split(`
@@ -51610,7 +51646,7 @@ var diff = tool({
       return JSON.stringify(result, null, 2);
     } catch (e) {
       const errorResult = {
-        error: e instanceof Error ? `git diff failed: ${e.constructor.name}` : "git diff failed: unknown error",
+        error: e instanceof Error ? `git diff failed: ${e.message}` : "git diff failed: unknown error",
         files: [],
         contractChanges: [],
         hasContractChanges: false
@@ -52906,9 +52942,9 @@ function validateArgs3(args2) {
   }
   return true;
 }
-function detectEcosystems() {
+function detectEcosystems(directory) {
   const ecosystems = [];
-  const cwd = process.cwd();
+  const cwd = directory;
   if (fs23.existsSync(path34.join(cwd, "package.json"))) {
     ecosystems.push("npm");
   }
@@ -52935,13 +52971,13 @@ function detectEcosystems() {
   }
   return ecosystems;
 }
-async function runNpmAudit() {
+async function runNpmAudit(directory) {
   const command = ["npm", "audit", "--json"];
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53058,13 +53094,13 @@ function mapNpmSeverity(severity) {
       return "info";
   }
 }
-async function runPipAudit() {
+async function runPipAudit(directory) {
   const command = ["pip-audit", "--format=json"];
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53189,13 +53225,13 @@ async function runPipAudit() {
     };
   }
 }
-async function runCargoAudit() {
+async function runCargoAudit(directory) {
   const command = ["cargo", "audit", "--json"];
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53303,7 +53339,7 @@ function mapCargoSeverity(cvss) {
     return "moderate";
   return "low";
 }
-async function runGoAudit() {
+async function runGoAudit(directory) {
   const command = ["govulncheck", "-json", "./..."];
   if (!isCommandAvailable("govulncheck")) {
     warn("[pkg-audit] govulncheck not found, skipping Go audit");
@@ -53322,7 +53358,7 @@ async function runGoAudit() {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53433,7 +53469,7 @@ async function runGoAudit() {
     };
   }
 }
-async function runDotnetAudit() {
+async function runDotnetAudit(directory) {
   const command = [
     "dotnet",
     "list",
@@ -53458,7 +53494,7 @@ async function runDotnetAudit() {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53557,7 +53593,7 @@ function mapDotnetSeverity(severity) {
       return "info";
   }
 }
-async function runBundleAudit() {
+async function runBundleAudit(directory) {
   const useBundleExec = !isCommandAvailable("bundle-audit") && isCommandAvailable("bundle");
   if (!isCommandAvailable("bundle-audit") && !isCommandAvailable("bundle")) {
     warn("[pkg-audit] bundle-audit not found, skipping Ruby audit");
@@ -53577,7 +53613,7 @@ async function runBundleAudit() {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53704,7 +53740,7 @@ function mapBundleSeverity(adv) {
     return "moderate";
   return "low";
 }
-async function runDartAudit() {
+async function runDartAudit(directory) {
   const dartBin = isCommandAvailable("dart") ? "dart" : isCommandAvailable("flutter") ? "flutter" : null;
   if (!dartBin) {
     warn("[pkg-audit] dart/flutter not found, skipping Dart audit");
@@ -53724,7 +53760,7 @@ async function runDartAudit() {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
       stderr: "pipe",
-      cwd: process.cwd()
+      cwd: directory
     });
     const timeoutPromise = new Promise((resolve12) => setTimeout(() => resolve12("timeout"), AUDIT_TIMEOUT_MS));
     const result = await Promise.race([
@@ -53823,8 +53859,8 @@ async function runDartAudit() {
     };
   }
 }
-async function runAutoAudit() {
-  const ecosystems = detectEcosystems();
+async function runAutoAudit(directory) {
+  const ecosystems = detectEcosystems(directory);
   if (ecosystems.length === 0) {
     return {
       ecosystems: [],
@@ -53839,25 +53875,25 @@ async function runAutoAudit() {
   for (const eco of ecosystems) {
     switch (eco) {
       case "npm":
-        results.push(await runNpmAudit());
+        results.push(await runNpmAudit(directory));
         break;
       case "pip":
-        results.push(await runPipAudit());
+        results.push(await runPipAudit(directory));
         break;
       case "cargo":
-        results.push(await runCargoAudit());
+        results.push(await runCargoAudit(directory));
         break;
       case "go":
-        results.push(await runGoAudit());
+        results.push(await runGoAudit(directory));
         break;
       case "dotnet":
-        results.push(await runDotnetAudit());
+        results.push(await runDotnetAudit(directory));
         break;
       case "ruby":
-        results.push(await runBundleAudit());
+        results.push(await runBundleAudit(directory));
         break;
       case "dart":
-        results.push(await runDartAudit());
+        results.push(await runDartAudit(directory));
         break;
     }
   }
@@ -53883,40 +53919,46 @@ var pkg_audit = createSwarmTool({
   args: {
     ecosystem: tool.schema.enum(["auto", "npm", "pip", "cargo", "go", "dotnet", "ruby", "dart"]).default("auto").describe('Package ecosystem to audit: "auto" (detect from project files), "npm", "pip", "cargo", "go" (govulncheck), "dotnet" (dotnet list package), "ruby" (bundle-audit), or "dart" (dart pub outdated)')
   },
-  async execute(args2, _directory) {
+  async execute(args2, directory) {
     if (!validateArgs3(args2)) {
       const errorResult = {
         error: 'Invalid arguments: ecosystem must be "auto", "npm", "pip", "cargo", "go", "dotnet", "ruby", or "dart"'
       };
       return JSON.stringify(errorResult, null, 2);
     }
+    if (!directory || typeof directory !== "string" || directory.trim() === "") {
+      const errorResult = {
+        error: "project directory is required but was not provided"
+      };
+      return JSON.stringify(errorResult, null, 2);
+    }
     const obj = args2;
     const ecosystem = obj.ecosystem || "auto";
     let result;
     switch (ecosystem) {
       case "auto":
-        result = await runAutoAudit();
+        result = await runAutoAudit(directory);
         break;
       case "npm":
-        result = await runNpmAudit();
+        result = await runNpmAudit(directory);
         break;
       case "pip":
-        result = await runPipAudit();
+        result = await runPipAudit(directory);
         break;
       case "cargo":
-        result = await runCargoAudit();
+        result = await runCargoAudit(directory);
         break;
       case "go":
-        result = await runGoAudit();
+        result = await runGoAudit(directory);
         break;
       case "dotnet":
-        result = await runDotnetAudit();
+        result = await runDotnetAudit(directory);
         break;
       case "ruby":
-        result = await runBundleAudit();
+        result = await runBundleAudit(directory);
         break;
       case "dart":
-        result = await runDartAudit();
+        result = await runDartAudit(directory);
         break;
     }
     return JSON.stringify(result, null, 2);
@@ -56088,7 +56130,7 @@ async function runLintWrapped(files, directory, _config) {
         duration_ms: Number(process.hrtime.bigint() - start2) / 1e6
       };
     }
-    const result = await runWithTimeout(runLint(linter, "check"), TOOL_TIMEOUT_MS);
+    const result = await runWithTimeout(runLint(linter, "check", directory), TOOL_TIMEOUT_MS);
     return {
       ran: true,
       result,
@@ -56104,7 +56146,7 @@ async function runLintWrapped(files, directory, _config) {
 }
 async function runLintOnFiles(linter, files, workspaceDir) {
   const isWindows = process.platform === "win32";
-  const binDir = path37.join(process.cwd(), "node_modules", ".bin");
+  const binDir = path37.join(workspaceDir, "node_modules", ".bin");
   const validatedFiles = [];
   for (const file3 of files) {
     if (typeof file3 !== "string") {
@@ -56137,7 +56179,8 @@ async function runLintOnFiles(linter, files, workspaceDir) {
   try {
     const proc = Bun.spawn(command, {
       stdout: "pipe",
-      stderr: "pipe"
+      stderr: "pipe",
+      cwd: workspaceDir
     });
     const [stdout, stderr] = await Promise.all([
       new Response(proc.stdout).text(),
@@ -56528,7 +56571,7 @@ var pre_check_batch = createSwarmTool({
     directory: tool.schema.string().describe('Directory to run checks in (e.g., "." or "./src")'),
     sast_threshold: tool.schema.enum(["low", "medium", "high", "critical"]).optional().describe("Minimum severity for SAST findings to cause failure (default: medium)")
   },
-  async execute(args2, _directory) {
+  async execute(args2, directory) {
     if (!args2 || typeof args2 !== "object") {
       const errorResult = {
         gates_passed: false,
@@ -56544,6 +56587,33 @@ var pre_check_batch = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
+    if (!directory || typeof directory !== "string" || directory.trim() === "") {
+      const errorResult = {
+        gates_passed: false,
+        lint: {
+          ran: false,
+          error: "project directory is required but was not provided",
+          duration_ms: 0
+        },
+        secretscan: {
+          ran: false,
+          error: "project directory is required but was not provided",
+          duration_ms: 0
+        },
+        sast_scan: {
+          ran: false,
+          error: "project directory is required but was not provided",
+          duration_ms: 0
+        },
+        quality_budget: {
+          ran: false,
+          error: "project directory is required but was not provided",
+          duration_ms: 0
+        },
+        total_duration_ms: 0
+      };
+      return JSON.stringify(errorResult, null, 2);
+    }
     const typedArgs = args2;
     if (!typedArgs.directory) {
       const errorResult = {

package/dist/knowledge/identity.d.ts

@@ -0,0 +1,25 @@
+/** Project Identity Management for opencode-swarm.
+ * Handles creation and retrieval of project identity files.
+ */
+export interface ProjectIdentity {
+    projectHash: string;
+    projectName: string;
+    repoUrl?: string;
+    absolutePath: string;
+    createdAt: string;
+    swarmVersion: string;
+}
+/**
+ * Get identity file path for a project hash.
+ * Path: {platform-config-dir}/projects/{projectHash}/identity.json
+ */
+export declare function resolveIdentityPath(projectHash: string): string;
+/**
+ * Read existing identity.json or return null if it doesn't exist.
+ */
+export declare function readProjectIdentity(projectHash: string): Promise<ProjectIdentity | null>;
+/**
+ * Create or update identity.json for a project.
+ * Uses atomic write pattern (write to temp file, then rename).
+ */
+export declare function writeProjectIdentity(directory: string, projectHash: string, projectName: string): Promise<ProjectIdentity>;

package/dist/knowledge/index.d.ts

@@ -0,0 +1,2 @@
+/** Knowledge system exports for opencode-swarm. */
+export * from './identity.js';

package/dist/output/agent-writer.d.ts

@@ -0,0 +1,27 @@
+export type AgentType = 'architect' | 'coder' | 'reviewer' | 'test_engineer' | 'explorer' | 'sme' | 'critic' | 'docs' | 'designer';
+export type OutputType = 'review' | 'test' | 'research' | 'analysis' | 'summary';
+export interface AgentOutputMetadata {
+    agent: AgentType;
+    type: OutputType;
+    taskId: string;
+    phase: number;
+    timestamp: string;
+    durationMs?: number;
+    success?: boolean;
+}
+/**
+ * Write agent output to persistent storage
+ * Output: .swarm/outputs/phase-N/task-N.M/{agent}-{type}-{timestamp}.md
+ */
+export declare function writeAgentOutput(directory: string, metadata: AgentOutputMetadata, content: string): Promise<string>;
+/**
+ * Read agent output from persistent storage
+ */
+export declare function readAgentOutput(directory: string, phase: number, taskId: string): Promise<{
+    metadata: AgentOutputMetadata;
+    content: string;
+}[]>;
+/**
+ * List all agent outputs for a phase
+ */
+export declare function listAgentOutputs(directory: string, phase?: number): Promise<AgentOutputMetadata[]>;

package/dist/output/index.d.ts

@@ -0,0 +1 @@
+export { type AgentOutputMetadata, type AgentType, listAgentOutputs, type OutputType, readAgentOutput, writeAgentOutput, } from './agent-writer';

package/dist/parallel/dependency-graph.d.ts

@@ -0,0 +1,34 @@
+export interface TaskNode {
+    id: string;
+    phase: number;
+    description: string;
+    depends: string[];
+    dependents: string[];
+    status: 'pending' | 'in_progress' | 'complete' | 'blocked';
+}
+export interface DependencyGraph {
+    tasks: Map<string, TaskNode>;
+    phases: Map<number, string[]>;
+    roots: string[];
+    leaves: string[];
+}
+/**
+ * Parse plan.json and build dependency graph
+ */
+export declare function parseDependencyGraph(planPath: string): DependencyGraph;
+/**
+ * Get tasks that can run in parallel (no unresolved dependencies)
+ */
+export declare function getRunnableTasks(graph: DependencyGraph): string[];
+/**
+ * Check if a task is blocked (has incomplete dependencies)
+ */
+export declare function isTaskBlocked(graph: DependencyGraph, taskId: string): boolean;
+/**
+ * Get execution order (topological sort)
+ */
+export declare function getExecutionOrder(graph: DependencyGraph): string[];
+/**
+ * Find all paths from root to a task
+ */
+export declare function getDependencyChain(graph: DependencyGraph, taskId: string): string[];

package/dist/parallel/file-locks.d.ts

@@ -0,0 +1,33 @@
+export interface FileLock {
+    filePath: string;
+    agent: string;
+    taskId: string;
+    timestamp: string;
+    expiresAt: number;
+}
+/**
+ * Try to acquire a lock on a file
+ */
+export declare function tryAcquireLock(directory: string, filePath: string, agent: string, taskId: string): {
+    acquired: true;
+    lock: FileLock;
+} | {
+    acquired: false;
+    existing?: FileLock;
+};
+/**
+ * Release a lock on a file
+ */
+export declare function releaseLock(directory: string, filePath: string, taskId: string): boolean;
+/**
+ * Check if a file is locked
+ */
+export declare function isLocked(directory: string, filePath: string): FileLock | null;
+/**
+ * Clean up expired locks
+ */
+export declare function cleanupExpiredLocks(directory: string): number;
+/**
+ * List all active locks
+ */
+export declare function listActiveLocks(directory: string): FileLock[];

package/dist/parallel/index.d.ts

@@ -0,0 +1,4 @@
+export { type DependencyGraph, getDependencyChain, getExecutionOrder, getRunnableTasks, isTaskBlocked, parseDependencyGraph, type TaskNode, } from './dependency-graph.js';
+export { cleanupExpiredLocks, type FileLock, isLocked, listActiveLocks, releaseLock, tryAcquireLock, } from './file-locks.js';
+export { extractMetaSummaries, getLatestTaskSummary, indexMetaSummaries, type MetaSummaryEntry, querySummaries, } from './meta-indexer.js';
+export { type ComplexityMetrics, computeComplexity, type ReviewDepth, type ReviewRouting, routeReview, routeReviewForChanges, shouldParallelizeReview, } from './review-router.js';

package/dist/parallel/meta-indexer.d.ts

@@ -0,0 +1,32 @@
+export interface MetaSummaryEntry {
+    timestamp: string;
+    phase?: number;
+    taskId?: string;
+    agent?: string;
+    summary: string;
+    source?: string;
+}
+/**
+ * Extract meta.summary from event JSONL files
+ */
+export declare function extractMetaSummaries(eventsPath: string): MetaSummaryEntry[];
+/**
+ * Index meta summaries to external knowledge store
+ */
+export declare function indexMetaSummaries(directory: string, externalKnowledgeDir?: string): Promise<{
+    indexed: number;
+    path: string;
+}>;
+/**
+ * Query indexed summaries
+ */
+export declare function querySummaries(directory: string, options?: {
+    phase?: number;
+    taskId?: string;
+    agent?: string;
+    since?: string;
+}): MetaSummaryEntry[];
+/**
+ * Get latest summary for a task
+ */
+export declare function getLatestTaskSummary(directory: string, taskId: string): MetaSummaryEntry | undefined;

package/dist/parallel/review-router.d.ts

@@ -0,0 +1,29 @@
+export type ReviewDepth = 'single' | 'double';
+export interface ReviewRouting {
+    reviewerCount: number;
+    testEngineerCount: number;
+    depth: ReviewDepth;
+    reason: string;
+}
+export interface ComplexityMetrics {
+    fileCount: number;
+    functionCount: number;
+    astChangeCount: number;
+    maxFileComplexity: number;
+}
+/**
+ * Compute complexity metrics for a set of files
+ */
+export declare function computeComplexity(directory: string, changedFiles: string[]): Promise<ComplexityMetrics>;
+/**
+ * Determine review routing based on complexity
+ */
+export declare function routeReview(metrics: ComplexityMetrics): ReviewRouting;
+/**
+ * Route review with full analysis
+ */
+export declare function routeReviewForChanges(directory: string, changedFiles: string[]): Promise<ReviewRouting>;
+/**
+ * Check if review should be parallelized
+ */
+export declare function shouldParallelizeReview(routing: ReviewRouting): boolean;

package/dist/skills/index.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Skill definition with versioning and per-agent overlays
+ */
+export interface AgentOverlay {
+    agent: string;
+    prompt?: string;
+    model?: string;
+}
+export interface SkillDefinition {
+    id: string;
+    name: string;
+    description: string;
+    SKILL_VERSION: number;
+    basePrompt?: string;
+    agents?: AgentOverlay[];
+}
+export declare const skills: SkillDefinition[];
+export declare const AGENT_OVERLAYS: Record<string, AgentOverlay[]>;
+/**
+ * Get skill by ID
+ */
+export declare function getSkill(id: string): SkillDefinition | undefined;
+/**
+ * Get agent overlay for a skill
+ */
+export declare function getAgentOverlay(skillId: string, agent: string): AgentOverlay | undefined;
+/**
+ * Resolve effective prompt for an agent on a skill
+ */
+export declare function resolveAgentPrompt(skillId: string, agent: string, defaultPrompt: string): string;

package/dist/tools/lint.d.ts

@@ -29,7 +29,7 @@ export declare function containsControlChars(str: string): boolean;
 export declare function validateArgs(args: unknown): args is {
     mode: 'fix' | 'check';
 };
-export declare function getLinterCommand(linter: SupportedLinter, mode: 'fix' | 'check'): string[];
+export declare function getLinterCommand(linter: SupportedLinter, mode: 'fix' | 'check', projectDir: string): string[];
 /**
  * Build the shell command for an additional (non-JS/TS) linter.
  * cppcheck has no --fix mode; csharp and some others behave differently.
@@ -41,7 +41,7 @@ export declare function getAdditionalLinterCommand(linter: AdditionalLinter, mod
  */
 export declare function detectAdditionalLinter(cwd: string): 'ruff' | 'clippy' | 'golangci-lint' | 'checkstyle' | 'ktlint' | 'dotnet-format' | 'cppcheck' | 'swiftlint' | 'dart-analyze' | 'rubocop' | null;
 export declare function detectAvailableLinter(): Promise<SupportedLinter | null>;
-export declare function runLint(linter: SupportedLinter, mode: 'fix' | 'check'): Promise<LintResult>;
+export declare function runLint(linter: SupportedLinter, mode: 'fix' | 'check', directory: string): Promise<LintResult>;
 /**
  * Run an additional (non-JS/TS) linter.
  * Follows the same structure as runLint() but uses getAdditionalLinterCommand().

package/dist/types/delegation.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Delegation Envelope Types
+ * Interface for passing delegated tasks between agents
+ */
+export interface DelegationEnvelope {
+    taskId: string;
+    targetAgent: string;
+    action: string;
+    commandType: 'task' | 'slash_command';
+    files: string[];
+    acceptanceCriteria: string[];
+    technicalContext: string;
+    errorStrategy?: 'FAIL_FAST' | 'BEST_EFFORT';
+    platformNotes?: string;
+}
+/**
+ * Validation result types
+ */
+export type EnvelopeValidationResult = {
+    valid: true;
+} | {
+    valid: false;
+    reason: string;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.19.8",
+	"version": "6.20.1",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",