npm - opencode-swarm - Versions diffs - 6.25.7 → 6.25.9 - Mend

opencode-swarm 6.25.7 → 6.25.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/index.js +17 -6
package/dist/evidence/manager.d.ts +5 -2
package/dist/gate-evidence.d.ts +13 -0
package/dist/index.js +51 -12
package/dist/session/snapshot-writer.d.ts +2 -0
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -14275,10 +14275,16 @@ function sanitizeTaskId(taskId) {
   if (taskId.includes("..") || taskId.includes("../") || taskId.includes("..\\")) {
     throw new Error("Invalid task ID: path traversal detected");
   }
-  if (!TASK_ID_REGEX.test(taskId)) {
-    throw new Error(`Invalid task ID: must match pattern ^[\\w-]+(\\.[\\w-]+)*$, got "${taskId}"`);
+  if (TASK_ID_REGEX.test(taskId)) {
+    return taskId;
   }
-  return taskId;
+  if (RETRO_TASK_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  if (INTERNAL_TOOL_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  throw new Error(`Invalid task ID: must match pattern ^\\d+\\.\\d+(\\.\\d+)*$, ^retro-\\d+$, or ^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build)$, got "${taskId}"`);
 }
 async function saveEvidence(directory, taskId, evidence) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
@@ -14488,13 +14494,15 @@ async function archiveEvidence(directory, maxAgeDays, maxBundles) {
   }
   return archived;
 }
-var TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
+var TASK_ID_REGEX, RETRO_TASK_ID_REGEX, INTERNAL_TOOL_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
 var init_manager = __esm(() => {
   init_zod();
   init_evidence_schema();
   init_utils2();
   init_utils();
-  TASK_ID_REGEX = /^[\w-]+(\.[\w-]+)*$/;
+  TASK_ID_REGEX = /^\d+\.\d+(\.\d+)*$/;
+  RETRO_TASK_ID_REGEX = /^retro-\d+$/;
+  INTERNAL_TOOL_ID_REGEX = /^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build)$/;
   LEGACY_TASK_COMPLEXITY_MAP = {
     low: "simple",
     medium: "moderate",
@@ -30959,7 +30967,10 @@ function serializeAgentSession(s) {
     lastCompletedPhaseAgentsDispatched,
     qaSkipCount: s.qaSkipCount ?? 0,
     qaSkipTaskIds: s.qaSkipTaskIds ?? [],
-    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map)
+    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map),
+    ...s.scopeViolationDetected !== undefined && {
+      scopeViolationDetected: s.scopeViolationDetected
+    }
   };
 }
 async function writeSnapshot(directory, state) {

package/dist/evidence/manager.d.ts CHANGED Viewed

@@ -34,8 +34,11 @@ export declare function isBuildEvidence(evidence: Evidence): evidence is BuildEv
 export declare function isQualityBudgetEvidence(evidence: Evidence): evidence is QualityBudgetEvidence;
 /**
  * Validate and sanitize task ID.
- * Must match regex ^[\w-]+(\.[\w-]+)*$
- * Rejects: .., ../, null bytes, control characters, empty string
+ * Accepts three formats:
+ * 1. Canonical N.M or N.M.P numeric format (matches TASK_ID_REGEX)
+ * 2. Retrospective format: retro-<number> (matches RETRO_TASK_ID_REGEX)
+ * 3. Internal automated-tool format: specific tool IDs (sast_scan, quality_budget, syntax_check, placeholder_scan, sbom_generate, build)
+ * Rejects: .., ../, null bytes, control characters, empty string, other non-numeric IDs
  * @throws Error with descriptive message on failure
  */
 export declare function sanitizeTaskId(taskId: string): string;

package/dist/gate-evidence.d.ts CHANGED Viewed

@@ -21,6 +21,19 @@ export interface TaskEvidence {
     gates: Record<string, GateEvidence>;
 }
 export declare const DEFAULT_REQUIRED_GATES: string[];
+/**
+ * Canonical task-id validation helper.
+ * Returns true if the taskId is a valid numeric format (N.M or N.M.P),
+ * false otherwise.
+ *
+ * Validates:
+ * - Non-empty string
+ * - Matches N.M or N.M.P numeric pattern (e.g., "1.1", "1.2.3")
+ * - No path traversal (..)
+ * - No path separators (/, \)
+ * - No null bytes
+ */
+export declare function isValidTaskId(taskId: string): boolean;
 /**
  * Maps the first-dispatched agent type to the initial required_gates array.
  * Unknown agent types fall back to the safe default ["reviewer", "test_engineer"].

package/dist/index.js CHANGED Viewed

@@ -15368,10 +15368,16 @@ function sanitizeTaskId(taskId) {
   if (taskId.includes("..") || taskId.includes("../") || taskId.includes("..\\")) {
     throw new Error("Invalid task ID: path traversal detected");
   }
-  if (!TASK_ID_REGEX.test(taskId)) {
-    throw new Error(`Invalid task ID: must match pattern ^[\\w-]+(\\.[\\w-]+)*$, got "${taskId}"`);
+  if (TASK_ID_REGEX.test(taskId)) {
+    return taskId;
   }
-  return taskId;
+  if (RETRO_TASK_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  if (INTERNAL_TOOL_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  throw new Error(`Invalid task ID: must match pattern ^\\d+\\.\\d+(\\.\\d+)*$, ^retro-\\d+$, or ^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build)$, got "${taskId}"`);
 }
 async function saveEvidence(directory, taskId, evidence) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
@@ -15581,7 +15587,7 @@ async function archiveEvidence(directory, maxAgeDays, maxBundles) {
   }
   return archived;
 }
-var VALID_EVIDENCE_TYPES, TASK_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
+var VALID_EVIDENCE_TYPES, TASK_ID_REGEX, RETRO_TASK_ID_REGEX, INTERNAL_TOOL_ID_REGEX, LEGACY_TASK_COMPLEXITY_MAP;
 var init_manager = __esm(() => {
   init_zod();
   init_evidence_schema();
@@ -15601,7 +15607,9 @@ var init_manager = __esm(() => {
     "build",
     "quality_budget"
   ];
-  TASK_ID_REGEX = /^[\w-]+(\.[\w-]+)*$/;
+  TASK_ID_REGEX = /^\d+\.\d+(\.\d+)*$/;
+  RETRO_TASK_ID_REGEX = /^retro-\d+$/;
+  INTERNAL_TOOL_ID_REGEX = /^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build)$/;
   LEGACY_TASK_COMPLEXITY_MAP = {
     low: "simple",
     medium: "moderate",
@@ -35895,6 +35903,7 @@ __export(exports_gate_evidence, {
   recordGateEvidence: () => recordGateEvidence,
   recordAgentDispatch: () => recordAgentDispatch,
   readTaskEvidence: () => readTaskEvidence,
+  isValidTaskId: () => isValidTaskId2,
   hasPassedAllGates: () => hasPassedAllGates,
   expandRequiredGates: () => expandRequiredGates,
   deriveRequiredGates: () => deriveRequiredGates,
@@ -35902,8 +35911,21 @@ __export(exports_gate_evidence, {
 });
 import { mkdirSync as mkdirSync8, readFileSync as readFileSync13, renameSync as renameSync7, unlinkSync as unlinkSync4 } from "fs";
 import * as path27 from "path";
+function isValidTaskId2(taskId) {
+  if (!taskId)
+    return false;
+  if (taskId.includes(".."))
+    return false;
+  if (taskId.includes("/"))
+    return false;
+  if (taskId.includes("\\"))
+    return false;
+  if (taskId.includes("\x00"))
+    return false;
+  return TASK_ID_PATTERN.test(taskId);
+}
 function assertValidTaskId(taskId) {
-  if (!taskId || taskId.includes("..") || taskId.includes("/") || taskId.includes("\\") || taskId.includes("\x00") || !TASK_ID_PATTERN.test(taskId)) {
+  if (!isValidTaskId2(taskId)) {
     throw new Error(`Invalid taskId: "${taskId}". Must match N.M or N.M.P (e.g. "1.1", "1.2.3").`);
   }
 }
@@ -46050,7 +46072,10 @@ function serializeAgentSession(s) {
     lastCompletedPhaseAgentsDispatched,
     qaSkipCount: s.qaSkipCount ?? 0,
     qaSkipTaskIds: s.qaSkipTaskIds ?? [],
-    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map)
+    taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map),
+    ...s.scopeViolationDetected !== undefined && {
+      scopeViolationDetected: s.scopeViolationDetected
+    }
   };
 }
 async function writeSnapshot(directory, state) {
@@ -52795,6 +52820,7 @@ function deserializeAgentSession(s) {
     lastGateOutcome: null,
     declaredCoderScope: null,
     lastScopeViolation: null,
+    scopeViolationDetected: s.scopeViolationDetected,
     modifiedFilesThisCoderTask: []
   };
 }
@@ -53073,6 +53099,20 @@ init_create_tool();
 import * as fs19 from "fs";
 import * as path32 from "path";
 var EVIDENCE_DIR = ".swarm/evidence";
+var TASK_ID_PATTERN2 = /^\d+\.\d+(\.\d+)*$/;
+function isValidTaskId3(taskId) {
+  if (!taskId)
+    return false;
+  if (taskId.includes(".."))
+    return false;
+  if (taskId.includes("/"))
+    return false;
+  if (taskId.includes("\\"))
+    return false;
+  if (taskId.includes("\x00"))
+    return false;
+  return TASK_ID_PATTERN2.test(taskId);
+}
 function isPathWithinSwarm(filePath, workspaceRoot) {
   const normalizedWorkspace = path32.resolve(workspaceRoot);
   const swarmPath = path32.join(normalizedWorkspace, ".swarm", "evidence");
@@ -53103,7 +53143,7 @@ function readEvidenceFile(evidencePath) {
 var check_gate_status = createSwarmTool({
   description: "Read-only tool to check the gate status of a specific task. Reads .swarm/evidence/{taskId}.json and returns structured JSON describing required, passed, and missing gates.",
   args: {
-    task_id: tool.schema.string().min(1).regex(/^\d+\.\d+(\.\d+)?$/, "Task ID must be in N.M or N.M.P format").describe('The task ID to check gate status for (e.g., "1.1", "2.3.1")')
+    task_id: tool.schema.string().min(1).regex(/^\d+\.\d+(\.\d+)*$/, 'Task ID must be in N.M or N.M.P format (e.g., "1.1", "1.2.3", "1.2.3.4")').describe('The task ID to check gate status for (e.g., "1.1", "2.3.1")')
   },
   async execute(args2, directory) {
     let taskIdInput;
@@ -53125,8 +53165,7 @@ var check_gate_status = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
-    const taskIdPattern = /^\d+\.\d+(\.\d+)?$/;
-    if (!taskIdPattern.test(taskIdInput)) {
+    if (!isValidTaskId3(taskIdInput)) {
       const errorResult = {
         taskId: taskIdInput,
         status: "no_evidence",
@@ -53134,7 +53173,7 @@ var check_gate_status = createSwarmTool({
         passed_gates: [],
         missing_gates: [],
         gates: {},
-        message: `Invalid task_id format: "${taskIdInput}". Must match pattern N.M or N.M.P (e.g., "1.1", "1.2.3")`
+        message: `Invalid task_id format: "${taskIdInput}". Must match N.M or N.M.P (e.g. "1.1", "1.2.3", "1.2.3.4")`
       };
       return JSON.stringify(errorResult, null, 2);
     }
@@ -53846,7 +53885,7 @@ async function executeDeclareScope(args2, fallbackDir) {
         errors: ["Invalid working_directory: null bytes are not allowed"]
       };
     }
-    if (process.platform === "win32") {
+    {
       const devicePathPattern = /^\\\\|^(NUL|CON|AUX|COM[1-9]|LPT[1-9])(\..*)?$/i;
       if (devicePathPattern.test(args2.working_directory)) {
         return {

package/dist/session/snapshot-writer.d.ts CHANGED Viewed

@@ -37,6 +37,8 @@ export interface SerializedAgentSession {
     qaSkipCount: number;
     qaSkipTaskIds: string[];
     taskWorkflowStates?: Record<string, string>;
+    /** Flag for one-shot scope violation warning injection (omitted when undefined for additive-only schema) */
+    scopeViolationDetected?: boolean;
 }
 /**
  * Minimal interface for serialized InvocationWindow

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.25.7",
+	"version": "6.25.9",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",