opencode-swarm 6.25.7 → 6.25.8

package/dist/cli/index.js

@@ -14275,10 +14275,13 @@ function sanitizeTaskId(taskId) {
   if (taskId.includes("..") || taskId.includes("../") || taskId.includes("..\\")) {
     throw new Error("Invalid task ID: path traversal detected");
   }
-  if (!TASK_ID_REGEX.test(taskId)) {
-    throw new Error(`Invalid task ID: must match pattern ^[\\w-]+(\\.[\\w-]+)*$, got "${taskId}"`);
+  if (TASK_ID_REGEX.test(taskId)) {
+    return taskId;
   }
-  return taskId;
+  if (RETRO_TASK_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  throw new Error(`Invalid task ID: must match pattern ^\\d+\\.\\d+(\\.\\d+)*$ or ^retro-\\d+$, got "${taskId}"`);
 }
 async function saveEvidence(directory, taskId, evidence) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
@@ -14488,13 +14491,14 @@ async function archiveEvidence(directory, maxAgeDays, maxBundles) {
   }
   return archived;
 }
-var TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
+var TASK_ID_REGEX, RETRO_TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
 var init_manager = __esm(() => {
   init_zod();
   init_evidence_schema();
   init_utils2();
   init_utils();
-  TASK_ID_REGEX = /^[\w-]+(\.[\w-]+)*$/;
+  TASK_ID_REGEX = /^\d+\.\d+(\.\d+)*$/;
+  RETRO_TASK_ID_REGEX = /^retro-\d+$/;
   LEGACY_TASK_COMPLEXITY_MAP = {
     low: "simple",
     medium: "moderate",
@@ -30959,7 +30963,10 @@ function serializeAgentSession(s) {
     lastCompletedPhaseAgentsDispatched,
     qaSkipCount: s.qaSkipCount ?? 0,
     qaSkipTaskIds: s.qaSkipTaskIds ?? [],
-    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map)
+    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map),
+    ...s.scopeViolationDetected !== undefined && {
+      scopeViolationDetected: s.scopeViolationDetected
+    }
   };
 }
 async function writeSnapshot(directory, state) {

package/dist/evidence/manager.d.ts

@@ -34,8 +34,10 @@ export declare function isBuildEvidence(evidence: Evidence): evidence is BuildEv
 export declare function isQualityBudgetEvidence(evidence: Evidence): evidence is QualityBudgetEvidence;
 /**
  * Validate and sanitize task ID.
- * Must match regex ^[\w-]+(\.[\w-]+)*$
- * Rejects: .., ../, null bytes, control characters, empty string
+ * Accepts two formats:
+ * 1. Canonical N.M or N.M.P numeric format (matches TASK_ID_REGEX)
+ * 2. Retrospective format: retro-<number> (matches RETRO_TASK_ID_REGEX)
+ * Rejects: .., ../, null bytes, control characters, empty string, other non-numeric IDs
  * @throws Error with descriptive message on failure
  */
 export declare function sanitizeTaskId(taskId: string): string;

package/dist/gate-evidence.d.ts

@@ -21,6 +21,19 @@ export interface TaskEvidence {
     gates: Record<string, GateEvidence>;
 }
 export declare const DEFAULT_REQUIRED_GATES: string[];
+/**
+ * Canonical task-id validation helper.
+ * Returns true if the taskId is a valid numeric format (N.M or N.M.P),
+ * false otherwise.
+ *
+ * Validates:
+ * - Non-empty string
+ * - Matches N.M or N.M.P numeric pattern (e.g., "1.1", "1.2.3")
+ * - No path traversal (..)
+ * - No path separators (/, \)
+ * - No null bytes
+ */
+export declare function isValidTaskId(taskId: string): boolean;
 /**
  * Maps the first-dispatched agent type to the initial required_gates array.
  * Unknown agent types fall back to the safe default ["reviewer", "test_engineer"].

package/dist/index.js

@@ -15368,10 +15368,13 @@ function sanitizeTaskId(taskId) {
   if (taskId.includes("..") || taskId.includes("../") || taskId.includes("..\\")) {
     throw new Error("Invalid task ID: path traversal detected");
   }
-  if (!TASK_ID_REGEX.test(taskId)) {
-    throw new Error(`Invalid task ID: must match pattern ^[\\w-]+(\\.[\\w-]+)*$, got "${taskId}"`);
+  if (TASK_ID_REGEX.test(taskId)) {
+    return taskId;
   }
-  return taskId;
+  if (RETRO_TASK_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  throw new Error(`Invalid task ID: must match pattern ^\\d+\\.\\d+(\\.\\d+)*$ or ^retro-\\d+$, got "${taskId}"`);
 }
 async function saveEvidence(directory, taskId, evidence) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
@@ -15581,7 +15584,7 @@ async function archiveEvidence(directory, maxAgeDays, maxBundles) {
   }
   return archived;
 }
-var VALID_EVIDENCE_TYPES, TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
+var VALID_EVIDENCE_TYPES, TASK_ID_REGEX, RETRO_TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
 var init_manager = __esm(() => {
   init_zod();
   init_evidence_schema();
@@ -15601,7 +15604,8 @@ var init_manager = __esm(() => {
     "build",
     "quality_budget"
   ];
-  TASK_ID_REGEX = /^[\w-]+(\.[\w-]+)*$/;
+  TASK_ID_REGEX = /^\d+\.\d+(\.\d+)*$/;
+  RETRO_TASK_ID_REGEX = /^retro-\d+$/;
   LEGACY_TASK_COMPLEXITY_MAP = {
     low: "simple",
     medium: "moderate",
@@ -35895,6 +35899,7 @@ __export(exports_gate_evidence, {
   recordGateEvidence: () => recordGateEvidence,
   recordAgentDispatch: () => recordAgentDispatch,
   readTaskEvidence: () => readTaskEvidence,
+  isValidTaskId: () => isValidTaskId2,
   hasPassedAllGates: () => hasPassedAllGates,
   expandRequiredGates: () => expandRequiredGates,
   deriveRequiredGates: () => deriveRequiredGates,
@@ -35902,8 +35907,21 @@ __export(exports_gate_evidence, {
 });
 import { mkdirSync as mkdirSync8, readFileSync as readFileSync13, renameSync as renameSync7, unlinkSync as unlinkSync4 } from "fs";
 import * as path27 from "path";
+function isValidTaskId2(taskId) {
+  if (!taskId)
+    return false;
+  if (taskId.includes(".."))
+    return false;
+  if (taskId.includes("/"))
+    return false;
+  if (taskId.includes("\\"))
+    return false;
+  if (taskId.includes("\x00"))
+    return false;
+  return TASK_ID_PATTERN.test(taskId);
+}
 function assertValidTaskId(taskId) {
-  if (!taskId || taskId.includes("..") || taskId.includes("/") || taskId.includes("\\") || taskId.includes("\x00") || !TASK_ID_PATTERN.test(taskId)) {
+  if (!isValidTaskId2(taskId)) {
     throw new Error(`Invalid taskId: "${taskId}". Must match N.M or N.M.P (e.g. "1.1", "1.2.3").`);
   }
 }
@@ -46050,7 +46068,10 @@ function serializeAgentSession(s) {
     lastCompletedPhaseAgentsDispatched,
     qaSkipCount: s.qaSkipCount ?? 0,
     qaSkipTaskIds: s.qaSkipTaskIds ?? [],
-    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map)
+    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map),
+    ...s.scopeViolationDetected !== undefined && {
+      scopeViolationDetected: s.scopeViolationDetected
+    }
   };
 }
 async function writeSnapshot(directory, state) {
@@ -52795,6 +52816,7 @@ function deserializeAgentSession(s) {
     lastGateOutcome: null,
     declaredCoderScope: null,
     lastScopeViolation: null,
+    scopeViolationDetected: s.scopeViolationDetected,
     modifiedFilesThisCoderTask: []
   };
 }
@@ -53073,6 +53095,20 @@ init_create_tool();
 import * as fs19 from "fs";
 import * as path32 from "path";
 var EVIDENCE_DIR = ".swarm/evidence";
+var TASK_ID_PATTERN2 = /^\d+\.\d+(\.\d+)*$/;
+function isValidTaskId3(taskId) {
+  if (!taskId)
+    return false;
+  if (taskId.includes(".."))
+    return false;
+  if (taskId.includes("/"))
+    return false;
+  if (taskId.includes("\\"))
+    return false;
+  if (taskId.includes("\x00"))
+    return false;
+  return TASK_ID_PATTERN2.test(taskId);
+}
 function isPathWithinSwarm(filePath, workspaceRoot) {
   const normalizedWorkspace = path32.resolve(workspaceRoot);
   const swarmPath = path32.join(normalizedWorkspace, ".swarm", "evidence");
@@ -53103,7 +53139,7 @@ function readEvidenceFile(evidencePath) {
 var check_gate_status = createSwarmTool({
   description: "Read-only tool to check the gate status of a specific task. Reads .swarm/evidence/{taskId}.json and returns structured JSON describing required, passed, and missing gates.",
   args: {
-    task_id: tool.schema.string().min(1).regex(/^\d+\.\d+(\.\d+)?$/, "Task ID must be in N.M or N.M.P format").describe('The task ID to check gate status for (e.g., "1.1", "2.3.1")')
+    task_id: tool.schema.string().min(1).regex(/^\d+\.\d+(\.\d+)*$/, 'Task ID must be in N.M or N.M.P format (e.g., "1.1", "1.2.3", "1.2.3.4")').describe('The task ID to check gate status for (e.g., "1.1", "2.3.1")')
   },
   async execute(args2, directory) {
     let taskIdInput;
@@ -53125,8 +53161,7 @@ var check_gate_status = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
-    const taskIdPattern = /^\d+\.\d+(\.\d+)?$/;
-    if (!taskIdPattern.test(taskIdInput)) {
+    if (!isValidTaskId3(taskIdInput)) {
       const errorResult = {
         taskId: taskIdInput,
         status: "no_evidence",
@@ -53134,7 +53169,7 @@ var check_gate_status = createSwarmTool({
         passed_gates: [],
         missing_gates: [],
         gates: {},
-        message: `Invalid task_id format: "${taskIdInput}". Must match pattern N.M or N.M.P (e.g., "1.1", "1.2.3")`
+        message: `Invalid task_id format: "${taskIdInput}". Must match N.M or N.M.P (e.g. "1.1", "1.2.3", "1.2.3.4")`
       };
       return JSON.stringify(errorResult, null, 2);
     }
@@ -53846,7 +53881,7 @@ async function executeDeclareScope(args2, fallbackDir) {
         errors: ["Invalid working_directory: null bytes are not allowed"]
       };
     }
-    if (process.platform === "win32") {
+    {
       const devicePathPattern = /^\\\\|^(NUL|CON|AUX|COM[1-9]|LPT[1-9])(\..*)?$/i;
       if (devicePathPattern.test(args2.working_directory)) {
         return {

package/dist/session/snapshot-writer.d.ts

@@ -37,6 +37,8 @@ export interface SerializedAgentSession {
     qaSkipCount: number;
     qaSkipTaskIds: string[];
     taskWorkflowStates?: Record<string, string>;
+    /** Flag for one-shot scope violation warning injection (omitted when undefined for additive-only schema) */
+    scopeViolationDetected?: boolean;
 }
 /**
  * Minimal interface for serialized InvocationWindow

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.25.7",
+	"version": "6.25.8",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",