opencode-swarm 6.33.1 → 6.33.2

package/README.md

@@ -252,6 +252,55 @@ For production use, mix providers to maximize quality across writing vs. reviewi
 | MiniMax | `minimax-coding-plan/<model>` | `minimax-coding-plan/MiniMax-M2.5` |
 | Kimi | `kimi-for-coding/<model>` | `kimi-for-coding/k2p5` |
 
+### Model Fallback (v6.33)
+
+When a transient model error occurs (rate limit, 429, 503, timeout, overloaded, model not found), Swarm can automatically switch to a fallback model.
+
+**Configuration:**
+
+```json
+{
+  "agents": {
+    "coder": {
+      "model": "anthropic/claude-opus-4-6",
+      "fallback_models": [
+        "anthropic/claude-sonnet-4-5",
+        "opencode/gpt-5-nano"
+      ]
+    }
+  }
+}
+```
+
+- **`fallback_models`** — Optional array of up to 3 fallback model identifiers. When the primary model fails with a transient error, Swarm injects a `MODEL FALLBACK` advisory and the next retry uses the next fallback model in the list.
+- **Advisory injection** — When a transient error is detected, a `MODEL FALLBACK` advisory is injected into the architect's context: *"Transient model error detected (attempt N). The agent model may be rate-limited, overloaded, or temporarily unavailable. Consider retrying with a fallback model or waiting before retrying."*
+- **Exhaustion guard** — After exhausting all fallbacks (`modelFallbackExhausted = true`), further transient errors do not spam additional advisories.
+- **Reset on success** — Both `model_fallback_index` and `modelFallbackExhausted` reset to 0/false on the next successful tool execution.
+
+### Bounded Coder Revisions (v6.33)
+
+When a task requires multiple coder attempts (e.g., reviewer rejections), Swarm tracks how many times the coder has been re-delegated for the same task and warns when limits are approached.
+
+**Configuration:**
+
+```json
+{
+  "guardrails": {
+    "max_coder_revisions": 5
+  }
+}
+```
+
+| Parameter | Type | Default | Description |
+|-----------|------|---------|-------------|
+| `max_coder_revisions` | integer | `5` | Maximum coder re-delegations per task before advisory warning (1–20) |
+
+**Behavior:**
+- **`coderRevisions` counter** — Incremented each time the coder delegation completes for the same task (reset on new task)
+- **`revisionLimitHit` flag** — Set when `coderRevisions >= max_coder_revisions`
+- **Advisory injection** — When the limit is hit, a `CODER REVISION LIMIT` advisory is injected: *"Agent has been revised N times (max: M) for task X. Escalate to user or consider a fundamentally different approach."*
+- **Persistence** — Both `coderRevisions` and `revisionLimitHit` are serialized/deserialized in session snapshots
+
 ## Useful Commands
 
 | Command | What It Does |
@@ -419,7 +468,8 @@ Every completed task writes structured evidence to `.swarm/evidence/`:
 | review | Verdict, risk level, specific issues |
 | test | Pass/fail counts, coverage %, failure messages |
 | diff | Files changed, additions/deletions |
-| retrospective | Phase metrics, lessons learned (injected into next phase) |
+| retrospective | Phase metrics, lessons learned, error taxonomy classification (injected into next phase) |
+| secretscan | Secret scan results: findings count, files scanned, skipped files (v6.33) |
 
 </details>
 
@@ -659,11 +709,11 @@ Config file location: `~/.config/opencode/opencode-swarm.json` (global) or `.ope
 {
   "agents": {
     "architect": { "model": "anthropic/claude-opus-4-6" },
-    "coder": { "model": "minimax-coding-plan/MiniMax-M2.5" },
+    "coder": { "model": "minimax-coding-plan/MiniMax-M2.5", "fallback_models": ["minimax-coding-plan/MiniMax-M2.1"] },
     "explorer": { "model": "minimax-coding-plan/MiniMax-M2.1" },
     "sme": { "model": "kimi-for-coding/k2p5" },
     "critic": { "model": "zai-coding-plan/glm-5" },
-    "reviewer": { "model": "zai-coding-plan/glm-5" },
+    "reviewer": { "model": "zai-coding-plan/glm-5", "fallback_models": ["opencode/big-pickle"] },
     "test_engineer": { "model": "minimax-coding-plan/MiniMax-M2.5" },
     "docs": { "model": "zai-coding-plan/glm-4.7-flash" },
     "designer": { "model": "kimi-for-coding/k2p5" }
@@ -857,14 +907,14 @@ Swarm limits which tools each agent can access based on their role. This prevent
 
 | Agent | Tools | Count | Rationale |
 |-------|-------|:---:|-----------|
-| **architect** | All 21 tools | 21 | Orchestrator needs full visibility |
+| **architect** | All 23 tools | 23 | Orchestrator needs full visibility |
 | **reviewer** | diff, imports, lint, pkg_audit, pre_check_batch, secretscan, symbols, complexity_hotspots, retrieve_summary, extract_code_blocks, test_runner | 11 | Security-focused QA |
 | **coder** | diff, imports, lint, symbols, extract_code_blocks, retrieve_summary | 6 | Write-focused, minimal read tools |
 | **test_engineer** | test_runner, diff, symbols, extract_code_blocks, retrieve_summary, imports, complexity_hotspots, pkg_audit | 8 | Testing and verification |
 | **explorer** | complexity_hotspots, detect_domains, extract_code_blocks, gitingest, imports, retrieve_summary, schema_drift, symbols, todo_extract | 9 | Discovery and analysis |
 | **sme** | complexity_hotspots, detect_domains, extract_code_blocks, imports, retrieve_summary, schema_drift, symbols | 7 | Domain expertise research |
 | **critic** | complexity_hotspots, detect_domains, imports, retrieve_summary, symbols | 5 | Plan review, minimal toolset |
-| **docs** | detect_domains, extract_code_blocks, gitingest, imports, retrieve_summary, schema_drift, symbols, todo_extract | 8 | Documentation synthesis |
+| **docs** | detect_domains, doc_extract, doc_scan, extract_code_blocks, gitingest, imports, retrieve_summary, schema_drift, symbols, todo_extract | 10 | Documentation synthesis and discovery |
 | **designer** | extract_code_blocks, retrieve_summary, symbols | 3 | UI-focused, minimal toolset |
 
 ### Configuration
@@ -924,13 +974,17 @@ The following tools can be assigned to agents via overrides:
 | `checkpoint` | Save/restore git checkpoints |
 | `check_gate_status` | Read-only query of task gate status |
 | `complexity_hotspots` | Identify high-risk code areas |
+| `declare_scope` | Pre-declare the file scope for the next coder delegation (architect-only); violations trigger warnings |
 | `detect_domains` | Detect SME domains from text |
 | `diff` | Analyze git diffs and changes |
+| `doc_extract` | Extract actionable constraints from project documentation relevant to current task (Jaccard bigram scoring + dedup) |
+| `doc_scan` | Scan project documentation and build index manifest at `.swarm/doc-manifest.json` (mtime-based caching) |
 | `evidence_check` | Verify task evidence |
 | `extract_code_blocks` | Extract code from markdown |
 | `gitingest` | Ingest external repositories |
 | `imports` | Analyze import relationships |
 | `lint` | Run project linters |
+| `phase_complete` | Enforces phase completion, verifies required agents, logs events, resets state |
 | `pkg_audit` | Security audit of dependencies |
 | `pre_check_batch` | Parallel pre-checks (lint, secrets, SAST, quality) |
 | `retrieve_summary` | Retrieve summarized tool outputs |
@@ -941,8 +995,6 @@ The following tools can be assigned to agents via overrides:
 | `update_task_status` | Mark plan tasks as pending/in_progress/completed/blocked; track phase progress |
 | `todo_extract` | Extract TODO/FIXME comments |
 | `write_retro` | Document phase retrospectives via the phase_complete workflow; capture lessons learned |
-| `phase_complete` | Enforces phase completion, verifies required agents, logs events, resets state |
-| `declare_scope` | Pre-declare the file scope for the next coder delegation (architect-only); violations trigger warnings |
 
 ---
 

package/dist/cli/index.js

@@ -13940,7 +13940,7 @@ function deepMerge(base, override) {
 var MAX_MERGE_DEPTH = 10;
 
 // src/config/evidence-schema.ts
-var EVIDENCE_MAX_JSON_BYTES, EVIDENCE_MAX_PATCH_BYTES, EVIDENCE_MAX_TASK_BYTES, EvidenceTypeSchema, EvidenceVerdictSchema, BaseEvidenceSchema, ReviewEvidenceSchema, TestEvidenceSchema, DiffEvidenceSchema, ApprovalEvidenceSchema, NoteEvidenceSchema, RetrospectiveEvidenceSchema, SyntaxEvidenceSchema, PlaceholderEvidenceSchema, SastEvidenceSchema, SbomEvidenceSchema, BuildEvidenceSchema, QualityBudgetEvidenceSchema, EvidenceSchema, EvidenceBundleSchema;
+var EVIDENCE_MAX_JSON_BYTES, EVIDENCE_MAX_PATCH_BYTES, EVIDENCE_MAX_TASK_BYTES, EvidenceTypeSchema, EvidenceVerdictSchema, BaseEvidenceSchema, ReviewEvidenceSchema, TestEvidenceSchema, DiffEvidenceSchema, ApprovalEvidenceSchema, NoteEvidenceSchema, RetrospectiveEvidenceSchema, SyntaxEvidenceSchema, PlaceholderEvidenceSchema, SastEvidenceSchema, SbomEvidenceSchema, BuildEvidenceSchema, QualityBudgetEvidenceSchema, SecretscanEvidenceSchema, EvidenceSchema, EvidenceBundleSchema;
 var init_evidence_schema = __esm(() => {
   init_zod();
   EVIDENCE_MAX_JSON_BYTES = 500 * 1024;
@@ -13958,7 +13958,8 @@ var init_evidence_schema = __esm(() => {
     "sast",
     "sbom",
     "build",
-    "quality_budget"
+    "quality_budget",
+    "secretscan"
   ]);
   EvidenceVerdictSchema = exports_external.enum([
     "pass",
@@ -14039,7 +14040,14 @@ var init_evidence_schema = __esm(() => {
       approach: exports_external.string().min(1),
       result: exports_external.enum(["success", "failure", "partial"]),
       abandoned_reason: exports_external.string().optional()
-    })).max(10).default([])
+    })).max(10).default([]),
+    error_taxonomy: exports_external.array(exports_external.enum([
+      "planning_error",
+      "interface_mismatch",
+      "logic_error",
+      "scope_creep",
+      "gate_evasion"
+    ])).default([])
   });
   SyntaxEvidenceSchema = BaseEvidenceSchema.extend({
     type: exports_external.literal("syntax"),
@@ -14150,6 +14158,13 @@ var init_evidence_schema = __esm(() => {
     })).default([]),
     files_analyzed: exports_external.array(exports_external.string())
   });
+  SecretscanEvidenceSchema = BaseEvidenceSchema.extend({
+    type: exports_external.literal("secretscan"),
+    findings_count: exports_external.number().int().min(0).default(0),
+    scan_directory: exports_external.string().optional(),
+    files_scanned: exports_external.number().int().min(0).default(0),
+    skipped_files: exports_external.number().int().min(0).default(0)
+  });
   EvidenceSchema = exports_external.discriminatedUnion("type", [
     ReviewEvidenceSchema,
     TestEvidenceSchema,
@@ -14162,7 +14177,8 @@ var init_evidence_schema = __esm(() => {
     SastEvidenceSchema,
     SbomEvidenceSchema,
     BuildEvidenceSchema,
-    QualityBudgetEvidenceSchema
+    QualityBudgetEvidenceSchema,
+    SecretscanEvidenceSchema
   ]);
   EvidenceBundleSchema = exports_external.object({
     schema_version: exports_external.literal("1.0.0"),
@@ -14517,11 +14533,12 @@ var init_manager = __esm(() => {
     "sast",
     "sbom",
     "build",
-    "quality_budget"
+    "quality_budget",
+    "secretscan"
   ];
   TASK_ID_REGEX = /^\d+\.\d+(\.\d+)*$/;
   RETRO_TASK_ID_REGEX = /^retro-\d+$/;
-  INTERNAL_TOOL_ID_REGEX = /^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build)$/;
+  INTERNAL_TOOL_ID_REGEX = /^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build|secretscan)$/;
   LEGACY_TASK_COMPLEXITY_MAP = {
     low: "simple",
     medium: "moderate",
@@ -17723,7 +17740,8 @@ for (const [agentName, tools] of Object.entries(AGENT_TOOL_MAP)) {
 var AgentOverrideConfigSchema = exports_external.object({
   model: exports_external.string().optional(),
   temperature: exports_external.number().min(0).max(2).optional(),
-  disabled: exports_external.boolean().optional()
+  disabled: exports_external.boolean().optional(),
+  fallback_models: exports_external.array(exports_external.string()).max(3).optional()
 });
 var SwarmConfigSchema = exports_external.object({
   name: exports_external.string().optional(),
@@ -18064,6 +18082,7 @@ var GuardrailsConfigSchema = exports_external.object({
   warning_threshold: exports_external.number().min(0.1).max(0.9).default(0.75),
   idle_timeout_minutes: exports_external.number().min(5).max(240).default(60),
   no_op_warning_threshold: exports_external.number().min(1).max(100).default(15),
+  max_coder_revisions: exports_external.number().int().min(1).max(20).default(5),
   qa_gates: exports_external.object({
     required_tools: exports_external.array(exports_external.string().min(1)).default([
       "diff",
@@ -33996,7 +34015,11 @@ function serializeAgentSession(s) {
     taskWorkflowStates: Object.fromEntries(s.taskWorkflowStates ?? new Map),
     ...s.scopeViolationDetected !== undefined && {
       scopeViolationDetected: s.scopeViolationDetected
-    }
+    },
+    model_fallback_index: s.model_fallback_index ?? 0,
+    modelFallbackExhausted: s.modelFallbackExhausted ?? false,
+    coderRevisions: s.coderRevisions ?? 0,
+    revisionLimitHit: s.revisionLimitHit ?? false
   };
 }
 async function writeSnapshot(directory, state) {
@@ -34020,7 +34043,9 @@ async function writeSnapshot(directory, state) {
     await Bun.write(tempPath, content);
     renameSync4(tempPath, resolvedPath);
   } catch (error93) {
-    console.warn("[snapshot-writer] write failed:", error93 instanceof Error ? error93.message : String(error93));
+    if (process.env.DEBUG_SWARM) {
+      console.warn("[snapshot-writer] write failed:", error93 instanceof Error ? error93.message : String(error93));
+    }
   }
 }
 async function flushPendingSnapshot(directory) {
@@ -40040,8 +40065,46 @@ async function executeWriteRetro(args, directory) {
     top_rejection_reasons: args.top_rejection_reasons ?? [],
     lessons_learned: (args.lessons_learned ?? []).slice(0, 5),
     user_directives: [],
-    approaches_tried: []
+    approaches_tried: [],
+    error_taxonomy: []
   };
+  const taxonomy = [];
+  try {
+    for (const taskSuffix of ["1", "2", "3", "4", "5"]) {
+      const phaseTaskId = `${phase}.${taskSuffix}`;
+      const result = await loadEvidence(directory, phaseTaskId);
+      if (result.status !== "found")
+        continue;
+      const bundle = result.bundle;
+      for (const entry of bundle.entries) {
+        const e = entry;
+        if (e.type === "review" && e.verdict === "fail") {
+          const reasonParts = [];
+          if (typeof e.summary === "string")
+            reasonParts.push(e.summary);
+          if (Array.isArray(e.issues)) {
+            for (const iss of e.issues) {
+              if (typeof iss.message === "string")
+                reasonParts.push(iss.message);
+            }
+          }
+          const reason = reasonParts.join(" ");
+          if (/signature|type|contract|interface/i.test(reason)) {
+            taxonomy.push("interface_mismatch");
+          } else {
+            taxonomy.push("logic_error");
+          }
+        } else if (e.type === "test" && e.verdict === "fail") {
+          taxonomy.push("logic_error");
+        } else if (e.agent === "scope_guard" && e.verdict === "fail") {
+          taxonomy.push("scope_creep");
+        } else if (e.agent === "loop_detector" && e.verdict === "fail") {
+          taxonomy.push("gate_evasion");
+        }
+      }
+    }
+  } catch {}
+  retroEntry.error_taxonomy = [...new Set(taxonomy)];
   try {
     await saveEvidence(directory, taskId, retroEntry);
     return JSON.stringify({

package/dist/config/evidence-schema.d.ts

@@ -4,6 +4,7 @@ export declare const EVIDENCE_MAX_PATCH_BYTES: number;
 export declare const EVIDENCE_MAX_TASK_BYTES: number;
 export declare const EvidenceTypeSchema: z.ZodEnum<{
     diff: "diff";
+    secretscan: "secretscan";
     quality_budget: "quality_budget";
     placeholder: "placeholder";
     test: "test";
@@ -29,6 +30,7 @@ export declare const BaseEvidenceSchema: z.ZodObject<{
     task_id: z.ZodString;
     type: z.ZodEnum<{
         diff: "diff";
+        secretscan: "secretscan";
         quality_budget: "quality_budget";
         placeholder: "placeholder";
         test: "test";
@@ -217,6 +219,13 @@ export declare const RetrospectiveEvidenceSchema: z.ZodObject<{
         }>;
         abandoned_reason: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>>;
+    error_taxonomy: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+        planning_error: "planning_error";
+        interface_mismatch: "interface_mismatch";
+        logic_error: "logic_error";
+        scope_creep: "scope_creep";
+        gate_evasion: "gate_evasion";
+    }>>>;
 }, z.core.$strip>;
 export type RetrospectiveEvidence = z.infer<typeof RetrospectiveEvidenceSchema>;
 export declare const SyntaxEvidenceSchema: z.ZodObject<{
@@ -434,6 +443,26 @@ export declare const QualityBudgetEvidenceSchema: z.ZodObject<{
     files_analyzed: z.ZodArray<z.ZodString>;
 }, z.core.$strip>;
 export type QualityBudgetEvidence = z.infer<typeof QualityBudgetEvidenceSchema>;
+export declare const SecretscanEvidenceSchema: z.ZodObject<{
+    task_id: z.ZodString;
+    timestamp: z.ZodString;
+    agent: z.ZodString;
+    verdict: z.ZodEnum<{
+        pass: "pass";
+        fail: "fail";
+        approved: "approved";
+        rejected: "rejected";
+        info: "info";
+    }>;
+    summary: z.ZodString;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    type: z.ZodLiteral<"secretscan">;
+    findings_count: z.ZodDefault<z.ZodNumber>;
+    scan_directory: z.ZodOptional<z.ZodString>;
+    files_scanned: z.ZodDefault<z.ZodNumber>;
+    skipped_files: z.ZodDefault<z.ZodNumber>;
+}, z.core.$strip>;
+export type SecretscanEvidence = z.infer<typeof SecretscanEvidenceSchema>;
 export declare const EvidenceSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     task_id: z.ZodString;
     timestamp: z.ZodString;
@@ -587,6 +616,13 @@ export declare const EvidenceSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
         }>;
         abandoned_reason: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>>;
+    error_taxonomy: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+        planning_error: "planning_error";
+        interface_mismatch: "interface_mismatch";
+        logic_error: "logic_error";
+        scope_creep: "scope_creep";
+        gate_evasion: "gate_evasion";
+    }>>>;
 }, z.core.$strip>, z.ZodObject<{
     task_id: z.ZodString;
     timestamp: z.ZodString;
@@ -790,6 +826,24 @@ export declare const EvidenceSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
         files: z.ZodArray<z.ZodString>;
     }, z.core.$strip>>>;
     files_analyzed: z.ZodArray<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    task_id: z.ZodString;
+    timestamp: z.ZodString;
+    agent: z.ZodString;
+    verdict: z.ZodEnum<{
+        pass: "pass";
+        fail: "fail";
+        approved: "approved";
+        rejected: "rejected";
+        info: "info";
+    }>;
+    summary: z.ZodString;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    type: z.ZodLiteral<"secretscan">;
+    findings_count: z.ZodDefault<z.ZodNumber>;
+    scan_directory: z.ZodOptional<z.ZodString>;
+    files_scanned: z.ZodDefault<z.ZodNumber>;
+    skipped_files: z.ZodDefault<z.ZodNumber>;
 }, z.core.$strip>], "type">;
 export type Evidence = z.infer<typeof EvidenceSchema>;
 export declare const EvidenceBundleSchema: z.ZodObject<{
@@ -948,6 +1002,13 @@ export declare const EvidenceBundleSchema: z.ZodObject<{
             }>;
             abandoned_reason: z.ZodOptional<z.ZodString>;
         }, z.core.$strip>>>;
+        error_taxonomy: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+            planning_error: "planning_error";
+            interface_mismatch: "interface_mismatch";
+            logic_error: "logic_error";
+            scope_creep: "scope_creep";
+            gate_evasion: "gate_evasion";
+        }>>>;
     }, z.core.$strip>, z.ZodObject<{
         task_id: z.ZodString;
         timestamp: z.ZodString;
@@ -1151,6 +1212,24 @@ export declare const EvidenceBundleSchema: z.ZodObject<{
             files: z.ZodArray<z.ZodString>;
         }, z.core.$strip>>>;
         files_analyzed: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        task_id: z.ZodString;
+        timestamp: z.ZodString;
+        agent: z.ZodString;
+        verdict: z.ZodEnum<{
+            pass: "pass";
+            fail: "fail";
+            approved: "approved";
+            rejected: "rejected";
+            info: "info";
+        }>;
+        summary: z.ZodString;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        type: z.ZodLiteral<"secretscan">;
+        findings_count: z.ZodDefault<z.ZodNumber>;
+        scan_directory: z.ZodOptional<z.ZodString>;
+        files_scanned: z.ZodDefault<z.ZodNumber>;
+        skipped_files: z.ZodDefault<z.ZodNumber>;
     }, z.core.$strip>], "type">>>;
     created_at: z.ZodString;
     updated_at: z.ZodString;

package/dist/config/schema.d.ts

@@ -18,6 +18,7 @@ export declare const AgentOverrideConfigSchema: z.ZodObject<{
     model: z.ZodOptional<z.ZodString>;
     temperature: z.ZodOptional<z.ZodNumber>;
     disabled: z.ZodOptional<z.ZodBoolean>;
+    fallback_models: z.ZodOptional<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;
 export type AgentOverrideConfig = z.infer<typeof AgentOverrideConfigSchema>;
 export declare const SwarmConfigSchema: z.ZodObject<{
@@ -26,6 +27,7 @@ export declare const SwarmConfigSchema: z.ZodObject<{
         model: z.ZodOptional<z.ZodString>;
         temperature: z.ZodOptional<z.ZodNumber>;
         disabled: z.ZodOptional<z.ZodBoolean>;
+        fallback_models: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
 export type SwarmConfig = z.infer<typeof SwarmConfigSchema>;
@@ -314,6 +316,7 @@ export declare const GuardrailsConfigSchema: z.ZodObject<{
     warning_threshold: z.ZodDefault<z.ZodNumber>;
     idle_timeout_minutes: z.ZodDefault<z.ZodNumber>;
     no_op_warning_threshold: z.ZodDefault<z.ZodNumber>;
+    max_coder_revisions: z.ZodDefault<z.ZodNumber>;
     qa_gates: z.ZodOptional<z.ZodObject<{
         required_tools: z.ZodDefault<z.ZodArray<z.ZodString>>;
         require_reviewer_test_engineer: z.ZodDefault<z.ZodBoolean>;
@@ -468,6 +471,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
         model: z.ZodOptional<z.ZodString>;
         temperature: z.ZodOptional<z.ZodNumber>;
         disabled: z.ZodOptional<z.ZodBoolean>;
+        fallback_models: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>>;
     swarms: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
         name: z.ZodOptional<z.ZodString>;
@@ -475,6 +479,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
             model: z.ZodOptional<z.ZodString>;
             temperature: z.ZodOptional<z.ZodNumber>;
             disabled: z.ZodOptional<z.ZodBoolean>;
+            fallback_models: z.ZodOptional<z.ZodArray<z.ZodString>>;
         }, z.core.$strip>>>;
     }, z.core.$strip>>>;
     max_iterations: z.ZodDefault<z.ZodNumber>;
@@ -592,6 +597,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
         warning_threshold: z.ZodDefault<z.ZodNumber>;
         idle_timeout_minutes: z.ZodDefault<z.ZodNumber>;
         no_op_warning_threshold: z.ZodDefault<z.ZodNumber>;
+        max_coder_revisions: z.ZodDefault<z.ZodNumber>;
         qa_gates: z.ZodOptional<z.ZodObject<{
             required_tools: z.ZodDefault<z.ZodArray<z.ZodString>>;
             require_reviewer_test_engineer: z.ZodDefault<z.ZodBoolean>;

package/dist/evidence/manager.d.ts

@@ -1,4 +1,4 @@
-import { type BuildEvidence, type Evidence, type EvidenceBundle, type PlaceholderEvidence, type QualityBudgetEvidence, type SastEvidence, type SbomEvidence, type SyntaxEvidence } from '../config/evidence-schema';
+import { type BuildEvidence, type Evidence, type EvidenceBundle, type PlaceholderEvidence, type QualityBudgetEvidence, type SastEvidence, type SbomEvidence, type SecretscanEvidence, type SyntaxEvidence } from '../config/evidence-schema';
 /**
  * Discriminated union returned by loadEvidence.
  * - 'found': file exists and passed Zod schema validation
@@ -15,9 +15,9 @@ export type LoadEvidenceResult = {
     errors: string[];
 };
 /**
- * All valid evidence types (12 total)
+ * All valid evidence types (13 total)
  */
-export declare const VALID_EVIDENCE_TYPES: readonly ["review", "test", "diff", "approval", "note", "retrospective", "syntax", "placeholder", "sast", "sbom", "build", "quality_budget"];
+export declare const VALID_EVIDENCE_TYPES: readonly ["review", "test", "diff", "approval", "note", "retrospective", "syntax", "placeholder", "sast", "sbom", "build", "quality_budget", "secretscan"];
 /**
  * Check if a string is a valid evidence type.
  * Returns true if the type is recognized, false otherwise.
@@ -32,12 +32,16 @@ export declare function isSastEvidence(evidence: Evidence): evidence is SastEvid
 export declare function isSbomEvidence(evidence: Evidence): evidence is SbomEvidence;
 export declare function isBuildEvidence(evidence: Evidence): evidence is BuildEvidence;
 export declare function isQualityBudgetEvidence(evidence: Evidence): evidence is QualityBudgetEvidence;
+/**
+ * Type guard for secretscan evidence
+ */
+export declare function isSecretscanEvidence(evidence: Evidence): evidence is SecretscanEvidence;
 /**
  * Validate and sanitize task ID.
  * Accepts three formats:
  * 1. Canonical N.M or N.M.P numeric format (matches TASK_ID_REGEX)
  * 2. Retrospective format: retro-<number> (matches RETRO_TASK_ID_REGEX)
- * 3. Internal automated-tool format: specific tool IDs (sast_scan, quality_budget, syntax_check, placeholder_scan, sbom_generate, build)
+ * 3. Internal automated-tool format: specific tool IDs (sast_scan, quality_budget, syntax_check, placeholder_scan, sbom_generate, build, secretscan)
  * Rejects: .., ../, null bytes, control characters, empty string, other non-numeric IDs
  * @throws Error with descriptive message on failure
  */

package/dist/hooks/delegation-gate.getEvidenceTaskId.test.d.ts

@@ -0,0 +1,20 @@
+/**
+ * delegation-gate.getEvidenceTaskId.test.ts
+ *
+ * Verification tests for the async conversion of getEvidenceTaskId.
+ * Tests the function behavior by recreating its logic in isolation since
+ * the function is private (not exported) and depends on fs.promises.
+ *
+ * Covers:
+ * 1. Function returns a Promise (is async)
+ * 2. Function resolves to correct task ID when currentTaskId is set
+ * 3. Function resolves to correct task ID when lastCoderDelegationTaskId is set
+ * 4. Function falls back to taskWorkflowStates when above are null
+ * 5. Function returns null when plan.json doesn't exist (ENOENT)
+ * 6. Function returns null when plan.json has no in_progress tasks
+ * 7. Function returns null when session has direct task_id (early return path via currentTaskId)
+ * 8. Path traversal is blocked (security hardening)
+ * 9. Malformed JSON returns null
+ * 10. Empty/invalid directory returns null
+ */
+export {};