opencode-swarm 6.38.0 → 6.40.1

package/README.md

@@ -27,7 +27,7 @@ Most AI coding tools let one model write code and ask that same model whether th
 ### Key Features
 
 - 🏗️ **11 specialized agents** — architect, coder, reviewer, test engineer, critic, critic_sounding_board, critic_drift_verifier, explorer, SME, docs, designer
-- 🔒 **Gated pipeline** — code never ships without reviewer + test engineer approval
+- 🔒 **Gated pipeline** — code never ships without reviewer + test engineer approval (bypassed in turbo mode)
 - 🔄 **Phase completion gates** — completion-verify and drift verifier gates enforced before phase completion (bypassed in turbo mode)
 - 🔁 **Resumable sessions** — all state saved to `.swarm/`; pick up any project any day
 - 🌐 **11 languages** — TypeScript, Python, Go, Rust, Java, Kotlin, C#, C/C++, Swift, Dart, Ruby

package/dist/cli/index.js

@@ -14590,7 +14590,8 @@ var init_plan_schema = __esm(() => {
     id: exports_external.number().int().min(1),
     name: exports_external.string().min(1),
     status: PhaseStatusSchema.default("pending"),
-    tasks: exports_external.array(TaskSchema).default([])
+    tasks: exports_external.array(TaskSchema).default([]),
+    required_agents: exports_external.array(exports_external.string()).optional()
   });
   PlanSchema = exports_external.object({
     schema_version: exports_external.literal("1.0.0"),
@@ -17319,8 +17320,8 @@ function getTaskBlockers(task, summary, status) {
   }
   return blockers;
 }
-async function buildTaskSummary(task, taskId) {
-  const result = await loadEvidence(".", taskId);
+async function buildTaskSummary(directory, task, taskId) {
+  const result = await loadEvidence(directory, taskId);
   const bundle = result.status === "found" ? result.bundle : null;
   const phase = task?.phase ?? 0;
   const status = getTaskStatus(task, bundle);
@@ -17349,18 +17350,18 @@ async function buildTaskSummary(task, taskId) {
     lastEvidenceTimestamp: lastTimestamp
   };
 }
-async function buildPhaseSummary(phase) {
-  const taskIds = await listEvidenceTaskIds(".");
+async function buildPhaseSummary(directory, phase) {
+  const taskIds = await listEvidenceTaskIds(directory);
   const phaseTaskIds = new Set(phase.tasks.map((t) => t.id));
   const taskSummaries = [];
   const _taskMap = new Map(phase.tasks.map((t) => [t.id, t]));
   for (const task of phase.tasks) {
-    const summary = await buildTaskSummary(task, task.id);
+    const summary = await buildTaskSummary(directory, task, task.id);
     taskSummaries.push(summary);
   }
   const extraTaskIds = taskIds.filter((id) => !phaseTaskIds.has(id));
   for (const taskId of extraTaskIds) {
-    const summary = await buildTaskSummary(undefined, taskId);
+    const summary = await buildTaskSummary(directory, undefined, taskId);
     if (summary.phase === phase.id) {
       taskSummaries.push(summary);
     }
@@ -17461,7 +17462,7 @@ async function buildEvidenceSummary(directory, currentPhase) {
   let totalTasks = 0;
   let completedTasks = 0;
   for (const phase of phasesToProcess) {
-    const summary = await buildPhaseSummary(phase);
+    const summary = await buildPhaseSummary(directory, phase);
     phaseSummaries.push(summary);
     totalTasks += summary.totalTasks;
     completedTasks += summary.completedTasks;
@@ -17620,7 +17621,13 @@ var TOOL_NAMES = [
   "update_task_status",
   "write_retro",
   "declare_scope",
-  "knowledge_query"
+  "knowledge_query",
+  "doc_scan",
+  "doc_extract",
+  "curator_analyze",
+  "knowledgeAdd",
+  "knowledgeRecall",
+  "knowledgeRemove"
 ];
 var TOOL_NAME_SET = new Set(TOOL_NAMES);
 
@@ -17645,6 +17652,7 @@ var AGENT_TOOL_MAP = {
   architect: [
     "checkpoint",
     "check_gate_status",
+    "completion_verify",
     "complexity_hotspots",
     "detect_domains",
     "evidence_check",
@@ -17656,6 +17664,7 @@ var AGENT_TOOL_MAP = {
     "diff",
     "pkg_audit",
     "pre_check_batch",
+    "quality_budget",
     "retrieve_summary",
     "save_plan",
     "schema_drift",
@@ -17665,7 +17674,19 @@ var AGENT_TOOL_MAP = {
     "todo_extract",
     "update_task_status",
     "write_retro",
-    "declare_scope"
+    "declare_scope",
+    "sast_scan",
+    "sbom_generate",
+    "build_check",
+    "syntax_check",
+    "placeholder_scan",
+    "phase_complete",
+    "doc_scan",
+    "doc_extract",
+    "curator_analyze",
+    "knowledgeAdd",
+    "knowledgeRecall",
+    "knowledgeRemove"
   ],
   explorer: [
     "complexity_hotspots",
@@ -17676,7 +17697,9 @@ var AGENT_TOOL_MAP = {
     "retrieve_summary",
     "schema_drift",
     "symbols",
-    "todo_extract"
+    "todo_extract",
+    "doc_scan",
+    "knowledgeRecall"
   ],
   coder: [
     "diff",
@@ -17684,7 +17707,11 @@ var AGENT_TOOL_MAP = {
     "lint",
     "symbols",
     "extract_code_blocks",
-    "retrieve_summary"
+    "retrieve_summary",
+    "build_check",
+    "syntax_check",
+    "knowledgeAdd",
+    "knowledgeRecall"
   ],
   test_engineer: [
     "test_runner",
@@ -17694,7 +17721,9 @@ var AGENT_TOOL_MAP = {
     "retrieve_summary",
     "imports",
     "complexity_hotspots",
-    "pkg_audit"
+    "pkg_audit",
+    "build_check",
+    "syntax_check"
   ],
   sme: [
     "complexity_hotspots",
@@ -17703,7 +17732,8 @@ var AGENT_TOOL_MAP = {
     "imports",
     "retrieve_summary",
     "schema_drift",
-    "symbols"
+    "symbols",
+    "knowledgeRecall"
   ],
   reviewer: [
     "diff",
@@ -17716,28 +17746,34 @@ var AGENT_TOOL_MAP = {
     "complexity_hotspots",
     "retrieve_summary",
     "extract_code_blocks",
-    "test_runner"
+    "test_runner",
+    "sast_scan",
+    "placeholder_scan",
+    "knowledgeRecall"
   ],
   critic: [
     "complexity_hotspots",
     "detect_domains",
     "imports",
     "retrieve_summary",
-    "symbols"
+    "symbols",
+    "knowledgeRecall"
   ],
   critic_sounding_board: [
     "complexity_hotspots",
     "detect_domains",
     "imports",
     "retrieve_summary",
-    "symbols"
+    "symbols",
+    "knowledgeRecall"
   ],
   critic_drift_verifier: [
     "complexity_hotspots",
     "detect_domains",
     "imports",
     "retrieve_summary",
-    "symbols"
+    "symbols",
+    "knowledgeRecall"
   ],
   docs: [
     "detect_domains",
@@ -17747,9 +17783,15 @@ var AGENT_TOOL_MAP = {
     "retrieve_summary",
     "schema_drift",
     "symbols",
-    "todo_extract"
+    "todo_extract",
+    "knowledgeRecall"
   ],
-  designer: ["extract_code_blocks", "retrieve_summary", "symbols"]
+  designer: [
+    "extract_code_blocks",
+    "retrieve_summary",
+    "symbols",
+    "knowledgeRecall"
+  ]
 };
 for (const [agentName, tools] of Object.entries(AGENT_TOOL_MAP)) {
   const invalidTools = tools.filter((tool) => !TOOL_NAME_SET.has(tool));
@@ -18138,8 +18180,8 @@ var PlanCursorConfigSchema = exports_external.object({
 });
 var CheckpointConfigSchema = exports_external.object({
   enabled: exports_external.boolean().default(true),
-  auto_checkpoint_threshold: exports_external.number().min(1).max(20).default(3)
-});
+  auto_checkpoint_threshold: exports_external.number().int().min(1).max(20).default(3)
+}).strict();
 var AutomationModeSchema = exports_external.enum(["manual", "hybrid", "auto"]);
 var AutomationCapabilitiesSchema = exports_external.object({
   plan_sync: exports_external.boolean().default(true),
@@ -18259,7 +18301,8 @@ var PluginConfigSchema = exports_external.object({
     block_on_threshold: exports_external.boolean().default(false).describe("If true, block phase completion when threshold exceeded. Default: advisory only.")
   }).optional(),
   incremental_verify: IncrementalVerifyConfigSchema.optional(),
-  compaction_service: CompactionConfigSchema.optional()
+  compaction_service: CompactionConfigSchema.optional(),
+  turbo_mode: exports_external.boolean().default(false).optional()
 });
 
 // src/config/loader.ts
@@ -18362,6 +18405,15 @@ function loadPluginConfig(directory) {
   }
   return result.data;
 }
+function loadPluginConfigWithMeta(directory) {
+  const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
+  const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
+  const userResult = loadRawConfigFromPath(userConfigPath);
+  const projectResult = loadRawConfigFromPath(projectConfigPath);
+  const loadedFromFile = userResult.fileExisted || projectResult.fileExisted;
+  const config2 = loadPluginConfig(directory);
+  return { config: config2, loadedFromFile };
+}
 
 // src/commands/archive.ts
 init_manager();
@@ -18784,6 +18836,9 @@ async function handleBenchmarkCommand(directory, args) {
 `);
 }
 
+// src/commands/checkpoint.ts
+init_zod();
+
 // src/tools/checkpoint.ts
 import { spawnSync } from "child_process";
 import * as fs3 from "fs";
@@ -31109,6 +31164,10 @@ function tool(input) {
   return input;
 }
 tool.schema = exports_external2;
+
+// src/config/index.ts
+init_evidence_schema();
+init_plan_schema();
 // src/tools/create-tool.ts
 function createSwarmTool(opts) {
   return tool({
@@ -31233,6 +31292,11 @@ function isGitRepo() {
 }
 function handleSave(label, directory) {
   try {
+    let maxCheckpoints = 20;
+    try {
+      const { config: config3 } = loadPluginConfigWithMeta(directory);
+      maxCheckpoints = config3.checkpoint?.auto_checkpoint_threshold ?? maxCheckpoints;
+    } catch {}
     const log2 = readCheckpointLog(directory);
     const existingCheckpoint = log2.checkpoints.find((c) => c.label === label);
     if (existingCheckpoint) {
@@ -31352,7 +31416,7 @@ var checkpoint = createSwarmTool({
     let label;
     try {
       action = String(args.action);
-      label = args.label !== undefined ? String(args.label) : undefined;
+      label = args.label !== undefined && args.label !== null ? String(args.label) : undefined;
     } catch {
       return JSON.stringify({
         action: "unknown",
@@ -31405,6 +31469,22 @@ var checkpoint = createSwarmTool({
 });
 
 // src/commands/checkpoint.ts
+var CheckpointResultSchema = exports_external.object({
+  action: exports_external.string().optional(),
+  success: exports_external.boolean(),
+  error: exports_external.string().optional(),
+  checkpoints: exports_external.array(exports_external.unknown()).optional()
+}).passthrough();
+function safeParseResult(result) {
+  const parsed = CheckpointResultSchema.safeParse(JSON.parse(result));
+  if (!parsed.success) {
+    return {
+      success: false,
+      error: `Invalid response: ${parsed.error.message}`
+    };
+  }
+  return parsed.data;
+}
 async function handleCheckpointCommand(directory, args) {
   const subcommand = args[0] || "list";
   const label = args[1];
@@ -31427,7 +31507,7 @@ async function handleSave2(directory, label) {
     const result = await checkpoint.execute({ action: "save", label }, {
       directory
     });
-    const parsed = JSON.parse(result);
+    const parsed = safeParseResult(result);
     if (parsed.success) {
       return `\u2713 Checkpoint saved: "${label}"`;
     } else {
@@ -31446,7 +31526,7 @@ async function handleRestore2(directory, label) {
     const result = await checkpoint.execute({ action: "restore", label }, {
       directory
     });
-    const parsed = JSON.parse(result);
+    const parsed = safeParseResult(result);
     if (parsed.success) {
       return `\u2713 Restored to checkpoint: "${label}"`;
     } else {
@@ -31465,7 +31545,7 @@ async function handleDelete2(directory, label) {
     const result = await checkpoint.execute({ action: "delete", label }, {
       directory
     });
-    const parsed = JSON.parse(result);
+    const parsed = safeParseResult(result);
     if (parsed.success) {
       return `\u2713 Checkpoint deleted: "${label}"`;
     } else {
@@ -31481,7 +31561,7 @@ async function handleList2(directory) {
     const result = await checkpoint.execute({ action: "list" }, {
       directory
     });
-    const parsed = JSON.parse(result);
+    const parsed = safeParseResult(result);
     if (!parsed.success) {
       return `Error: ${parsed.error || "Failed to list checkpoints"}`;
     }
@@ -34179,7 +34259,8 @@ async function extractFromLegacy(directory) {
       mappedStatus = "complete";
     else if (status === "IN PROGRESS")
       mappedStatus = "in_progress";
-    const headerLineIndex = lines.indexOf(match[0]);
+    const headerLineIndex = planContent.substring(0, match.index).split(`
+`).length - 1;
     let completed = 0;
     let total = 0;
     if (headerLineIndex !== -1) {
@@ -34574,9 +34655,9 @@ async function getPlanData(directory, phaseArg) {
       return {
         hasPlan: true,
         fullMarkdown,
-        requestedPhase: NaN,
+        requestedPhase: null,
         phaseMarkdown: null,
-        errorMessage: null,
+        errorMessage: `Invalid phase number: "${phaseArg}"`,
         isLegacy: false
       };
     }
@@ -34627,9 +34708,9 @@ async function getPlanData(directory, phaseArg) {
     return {
       hasPlan: true,
       fullMarkdown: planContent,
-      requestedPhase: NaN,
+      requestedPhase: null,
       phaseMarkdown: null,
-      errorMessage: null,
+      errorMessage: `Invalid phase number: "${phaseArg}"`,
       isLegacy: true
     };
   }
@@ -35568,6 +35649,59 @@ LANGUAGE_REGISTRY.register({
     ]
   }
 });
+LANGUAGE_REGISTRY.register({
+  id: "php",
+  displayName: "PHP",
+  tier: 3,
+  extensions: [".php", ".phtml"],
+  treeSitter: { grammarId: "php", wasmFile: "tree-sitter-php.wasm" },
+  build: {
+    detectFiles: ["composer.json"],
+    commands: []
+  },
+  test: {
+    detectFiles: ["phpunit.xml", "phpunit.xml.dist"],
+    frameworks: [
+      {
+        name: "PHPUnit",
+        detect: "phpunit.xml",
+        cmd: "vendor/bin/phpunit",
+        priority: 1
+      }
+    ]
+  },
+  lint: {
+    detectFiles: [".php-cs-fixer.php", "phpcs.xml"],
+    linters: [
+      {
+        name: "PHP-CS-Fixer",
+        detect: ".php-cs-fixer.php",
+        cmd: "vendor/bin/php-cs-fixer fix --dry-run --diff",
+        priority: 1
+      }
+    ]
+  },
+  audit: {
+    detectFiles: ["composer.lock"],
+    command: "composer audit --format=json",
+    outputFormat: "json"
+  },
+  sast: { nativeRuleSet: "php", semgrepSupport: "ga" },
+  prompts: {
+    coderConstraints: [
+      "Follow PSR-12 coding standards",
+      "Use strict types declaration: declare(strict_types=1)",
+      "Prefer type hints and return type declarations on all functions",
+      "Use dependency injection over static methods and singletons"
+    ],
+    reviewerChecklist: [
+      "Verify no user input reaches SQL queries without parameterised binding",
+      "Check for XSS \u2014 all output must be escaped with htmlspecialchars()",
+      "Confirm no eval(), exec(), or shell_exec() with user-controlled input",
+      "Validate proper error handling \u2014 no bare catch blocks that swallow errors"
+    ]
+  }
+});
 
 // src/lang/detector.ts
 async function detectProjectLanguages(projectDir) {
@@ -35947,6 +36081,38 @@ var build_discovery = tool({
 
 // src/tools/lint.ts
 init_utils();
+
+// src/utils/path-security.ts
+function containsPathTraversal(str) {
+  if (/\.\.[/\\]/.test(str))
+    return true;
+  if (/(?:^|[/\\])\.\.(?:[/\\]|$)/.test(str))
+    return true;
+  if (/%2e%2e/i.test(str))
+    return true;
+  if (/%2e\./i.test(str))
+    return true;
+  if (/%2e/i.test(str) && /\.\./.test(str))
+    return true;
+  if (/%252e%252e/i.test(str))
+    return true;
+  if (/\uff0e/.test(str))
+    return true;
+  if (/\u3002/.test(str))
+    return true;
+  if (/\uff65/.test(str))
+    return true;
+  if (/%2f/i.test(str))
+    return true;
+  if (/%5c/i.test(str))
+    return true;
+  return false;
+}
+function containsControlChars(str) {
+  return /[\0\t\r\n]/.test(str);
+}
+
+// src/tools/lint.ts
 var MAX_OUTPUT_BYTES = 512000;
 var MAX_COMMAND_LENGTH = 500;
 function validateArgs(args) {
@@ -36119,7 +36285,7 @@ async function detectAvailableLinter(directory) {
 async function _detectAvailableLinter(_projectDir, biomeBin, eslintBin) {
   const DETECT_TIMEOUT = 2000;
   try {
-    const biomeProc = Bun.spawn(["npx", "biome", "--version"], {
+    const biomeProc = Bun.spawn([biomeBin, "--version"], {
       stdout: "pipe",
       stderr: "pipe"
     });
@@ -36133,7 +36299,7 @@ async function _detectAvailableLinter(_projectDir, biomeBin, eslintBin) {
     }
   } catch {}
   try {
-    const eslintProc = Bun.spawn(["npx", "eslint", "--version"], {
+    const eslintProc = Bun.spawn([eslintBin, "--version"], {
       stdout: "pipe",
       stderr: "pipe"
     });
@@ -36516,19 +36682,6 @@ function isHighEntropyString(str) {
   const entropy = calculateShannonEntropy(str);
   return entropy > 4;
 }
-function containsPathTraversal(str) {
-  if (/\.\.[/\\]/.test(str))
-    return true;
-  if (/[/\\]\.\.$/.test(str) || str === "..")
-    return true;
-  if (/\.\.[/\\]/.test(path18.normalize(str.replace(/\*/g, "x"))))
-    return true;
-  if (str.includes("%2e%2e") || str.includes("%2E%2E"))
-    return true;
-  if (str.includes("..") && /%2e/i.test(str))
-    return true;
-  return false;
-}
 function validateExcludePattern(exc) {
   if (exc.length === 0)
     return null;
@@ -36581,9 +36734,6 @@ function isExcluded(entry, relPath, exactNames, globPatterns) {
   }
   return false;
 }
-function containsControlChars(str) {
-  return /[\0\t\r\n]/.test(str);
-}
 function validateDirectoryInput(dir) {
   if (!dir || dir.length === 0) {
     return "directory is required";
@@ -37024,31 +37174,6 @@ var MAX_COMMAND_LENGTH2 = 500;
 var DEFAULT_TIMEOUT_MS = 60000;
 var MAX_TIMEOUT_MS = 300000;
 var MAX_SAFE_TEST_FILES = 50;
-function containsPathTraversal2(str) {
-  if (/\.\.[/\\]/.test(str))
-    return true;
-  if (/(?:^|[/\\])\.\.(?:[/\\]|$)/.test(str))
-    return true;
-  if (/%2e%2e/i.test(str))
-    return true;
-  if (/%2e\./i.test(str))
-    return true;
-  if (/%2e/i.test(str) && /\.\./.test(str))
-    return true;
-  if (/%252e%252e/i.test(str))
-    return true;
-  if (/\uff0e/.test(str))
-    return true;
-  if (/\u3002/.test(str))
-    return true;
-  if (/\uff65/.test(str))
-    return true;
-  if (/%2f/i.test(str))
-    return true;
-  if (/%5c/i.test(str))
-    return true;
-  return false;
-}
 function isAbsolutePath(str) {
   if (str.startsWith("/"))
     return true;
@@ -37060,9 +37185,6 @@ function isAbsolutePath(str) {
     return true;
   return false;
 }
-function containsControlChars2(str) {
-  return /[\x00-\x08\x0a\x0b\x0c\x0d\x0e-\x1f\x7f\x80-\x9f]/.test(str);
-}
 var POWERSHELL_METACHARACTERS = /[|;&`$(){}[\]<>"'#*?\x00-\x1f]/;
 function containsPowerShellMetacharacters(str) {
   return POWERSHELL_METACHARACTERS.test(str);
@@ -37084,9 +37206,9 @@ function validateArgs2(args) {
         return false;
       if (isAbsolutePath(f))
         return false;
-      if (containsPathTraversal2(f))
+      if (containsPathTraversal(f))
         return false;
-      if (containsControlChars2(f))
+      if (containsControlChars(f))
         return false;
       if (containsPowerShellMetacharacters(f))
         return false;
@@ -37909,7 +38031,7 @@ var test_runner = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
-    if (containsControlChars2(workingDir)) {
+    if (containsControlChars(workingDir)) {
       const errorResult = {
         success: false,
         framework: "none",
@@ -37918,7 +38040,7 @@ var test_runner = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
-    if (containsPathTraversal2(workingDir)) {
+    if (containsPathTraversal(workingDir)) {
       const errorResult = {
         success: false,
         framework: "none",
@@ -38194,12 +38316,13 @@ async function runLintCheck(dir, linter, timeoutMs) {
   const startTime = Date.now();
   try {
     const lintPromise = runLint(linter, "check", dir);
+    let timeoutId;
     const timeoutPromise = new Promise((_, reject) => {
-      setTimeout(() => {
+      timeoutId = setTimeout(() => {
         reject(new Error(`Lint check timed out after ${timeoutMs}ms`));
       }, timeoutMs);
     });
-    const result = await Promise.race([lintPromise, timeoutPromise]);
+    const result = await Promise.race([lintPromise, timeoutPromise]).finally(() => clearTimeout(timeoutId));
     if (!result.success) {
       return {
         type: "lint",
@@ -39709,12 +39832,32 @@ function makeInitialState() {
     lastSnapshotAt: null
   };
 }
-var state = makeInitialState();
-function getCompactionMetrics() {
-  return {
-    compactionCount: state.observationCount + state.reflectionCount + state.emergencyCount,
-    lastSnapshotAt: state.lastSnapshotAt
-  };
+var sessionStates = new Map;
+function getSessionState(sessionId) {
+  let state = sessionStates.get(sessionId);
+  if (!state) {
+    state = makeInitialState();
+    sessionStates.set(sessionId, state);
+  }
+  return state;
+}
+function getCompactionMetrics(sessionId) {
+  if (sessionId) {
+    const state = getSessionState(sessionId);
+    return {
+      compactionCount: state.observationCount + state.reflectionCount + state.emergencyCount,
+      lastSnapshotAt: state.lastSnapshotAt
+    };
+  }
+  let total = 0;
+  let lastSnapshot = null;
+  for (const state of sessionStates.values()) {
+    total += state.observationCount + state.reflectionCount + state.emergencyCount;
+    if (state.lastSnapshotAt && (!lastSnapshot || state.lastSnapshotAt > lastSnapshot)) {
+      lastSnapshot = state.lastSnapshotAt;
+    }
+  }
+  return { compactionCount: total, lastSnapshotAt: lastSnapshot };
 }
 
 // src/services/context-budget-service.ts
@@ -39877,6 +40020,7 @@ async function handleTurboCommand(_directory, args, sessionID) {
 }
 
 // src/tools/write-retro.ts
+init_evidence_schema();
 init_manager();
 async function executeWriteRetro(args, directory) {
   const phase = args.phase;
@@ -40110,8 +40254,9 @@ async function executeWriteRetro(args, directory) {
   };
   const taxonomy = [];
   try {
-    for (const taskSuffix of ["1", "2", "3", "4", "5"]) {
-      const phaseTaskId = `${phase}.${taskSuffix}`;
+    const allTaskIds = await listEvidenceTaskIds(directory);
+    const phaseTaskIds = allTaskIds.filter((id) => id.startsWith(`${phase}.`));
+    for (const phaseTaskId of phaseTaskIds) {
       const result = await loadEvidence(directory, phaseTaskId);
       if (result.status !== "found")
         continue;
@@ -40145,6 +40290,13 @@ async function executeWriteRetro(args, directory) {
     }
   } catch {}
   retroEntry.error_taxonomy = [...new Set(taxonomy)];
+  const validationResult = RetrospectiveEvidenceSchema.safeParse(retroEntry);
+  if (!validationResult.success) {
+    return JSON.stringify({
+      success: false,
+      error: `Retrospective entry failed validation: ${validationResult.error.message}`
+    }, null, 2);
+  }
   try {
     await saveEvidence(directory, taskId, retroEntry);
     return JSON.stringify({
@@ -40209,7 +40361,7 @@ var write_retro = createSwarmTool({
   }
 });
 
-// src/commands/write_retro.ts
+// src/commands/write-retro.ts
 async function handleWriteRetroCommand(directory, args) {
   if (args.length === 0 || !args[0] || args[0].trim() === "") {
     return `## Usage: /swarm write-retro <json>

package/dist/commands/index.d.ts

@@ -29,7 +29,7 @@ export { handleSpecifyCommand } from './specify';
 export { handleStatusCommand } from './status';
 export { handleSyncPlanCommand } from './sync-plan';
 export { handleTurboCommand } from './turbo';
-export { handleWriteRetroCommand } from './write_retro';
+export { handleWriteRetroCommand } from './write-retro';
 /**
  * Creates a command.execute.before handler for /swarm commands.
  * Uses factory pattern to close over directory and agents.