opencode-swarm 6.45.0 → 6.46.0

package/README.md

@@ -601,6 +601,117 @@ Per-agent overrides:
 
 </details>
 
+<details>
+<summary><strong>File Authority (Per-Agent Write Permissions)</strong></summary>
+
+Swarm enforces per-agent file write authority — each agent can only write to specific paths. By default, these rules are hardcoded, but you can override them via config.
+
+### Default Rules
+
+| Agent | Can Write | Blocked | Zones |
+|-------|-----------|---------|-------|
+| `architect` | Everything (except plan files) | `.swarm/plan.md`, `.swarm/plan.json` | `generated` |
+| `coder` | `src/`, `tests/`, `docs/`, `scripts/` | `.swarm/` (entire directory) | `generated`, `config` |
+| `reviewer` | `.swarm/evidence/`, `.swarm/outputs/` | `src/`, `.swarm/plan.md`, `.swarm/plan.json` | `generated` |
+| `test_engineer` | `tests/`, `.swarm/evidence/` | `src/`, `.swarm/plan.md`, `.swarm/plan.json` | `generated` |
+| `explorer` | Read-only | Everything | — |
+| `sme` | Read-only | Everything | — |
+| `docs` | `docs/`, `.swarm/outputs/` | — | `generated` |
+| `designer` | `docs/`, `.swarm/outputs/` | — | `generated` |
+| `critic` | `.swarm/evidence/` | — | `generated` |
+
+### Prefixed Agents
+
+Prefixed agents (e.g., `paid_coder`, `mega_reviewer`, `local_architect`) inherit defaults from their canonical base agent via `stripKnownSwarmPrefix`. The lookup order is:
+
+1. Exact match for the prefixed name (if explicitly defined in user config)
+2. Fall back to the canonical agent's defaults (e.g., `paid_coder` → `coder`)
+
+```json
+{
+  "authority": {
+    "rules": {
+      "coder": { "allowedPrefix": ["src/", "lib/"] },
+      "paid_coder": { "allowedPrefix": ["vendor/", "plugins/"] }
+    }
+  }
+}
+```
+
+In this example, `paid_coder` gets its own explicit rule, while other prefixed coders (e.g., `mega_coder`) fall back to `coder`.
+
+### Runtime Enforcement
+
+Architect direct writes are enforced at runtime via `toolBefore` hook. This tracks writes to source code paths outside `.swarm/` and protects `.swarm/plan.md` and `.swarm/plan.json` from direct modification.
+
+### Configuration
+
+Override default rules in `.opencode/opencode-swarm.json`:
+
+```json
+{
+  "authority": {
+    "enabled": true,
+    "rules": {
+      "coder": {
+        "allowedPrefix": ["src/", "lib/", "scripts/"],
+        "blockedPrefix": [".swarm/"],
+        "blockedZones": ["generated"]
+      },
+      "explorer": {
+        "readOnly": false,
+        "allowedPrefix": ["notes/", "scratch/"]
+      }
+    }
+  }
+}
+```
+
+### Rule Fields
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `readOnly` | boolean | If `true`, agent cannot write anywhere |
+| `blockedExact` | string[] | Exact file paths that are blocked |
+| `blockedPrefix` | string[] | Path prefixes that are blocked (e.g., `.swarm/`) |
+| `allowedPrefix` | string[] | Only these path prefixes are allowed. Omit to remove restriction; set `[]` to deny all |
+| `blockedZones` | string[] | File zones to block: `production`, `test`, `config`, `generated`, `docs`, `build` |
+
+### Merge Behavior
+
+- User rules **override** hardcoded defaults for the specified agent
+- Scalar fields (`readOnly`) — user value replaces default
+- Array fields (`blockedPrefix`, `allowedPrefix`, etc.) — user array **replaces** entirely (not merged)
+- If a field is omitted in the user rule for a **known agent** (one with hardcoded defaults), the default value for that field is preserved
+- If a field is omitted in the user rule for a **custom agent** (not in the defaults list), that field is `undefined` — there are no defaults to inherit
+- `allowedPrefix: []` explicitly denies all writes; omitting `allowedPrefix` entirely means no allowlist restriction is applied (all paths are evaluated against blocklist rules only)
+- Setting `enabled: false` ignores all custom rules and uses hardcoded defaults
+
+### Custom Agents
+
+Custom agents (not in the defaults list) start with no rules. Their write authority depends entirely on what you configure:
+
+- **Not in config at all** — agent is denied with `Unknown agent` (no rule exists; this is not the same as "blocked from all writes")
+- **In config without `allowedPrefix`** — no allowlist restriction applies; only any `blockedPrefix`, `blockedZones`, or `readOnly` rules you explicitly set will enforce limits
+- **In config with `allowedPrefix: []`** — all writes are denied
+
+To safely restrict a custom agent, always set `allowedPrefix` explicitly:
+
+```json
+{
+  "authority": {
+    "rules": {
+      "my_custom_agent": {
+        "allowedPrefix": ["plugins/", "extensions/"],
+        "blockedZones": ["generated"]
+      }
+    }
+  }
+}
+```
+
+</details>
+
 <details>
 <summary><strong>Context Budget Guard</strong></summary>
 
@@ -780,6 +891,16 @@ Config file location: `~/.config/opencode/opencode-swarm.json` (global) or `.ope
       "coder": { "max_tool_calls": 500 }
     }
   },
+  "authority": {
+    "enabled": true,
+    "rules": {
+      "coder": {
+        "allowedPrefix": ["src/", "lib/"],
+        "blockedPrefix": [".swarm/"],
+        "blockedZones": ["generated"]
+      }
+    }
+  },
   "review_passes": {
     "always_security_review": false,
     "security_globs": ["**/*auth*", "**/*crypto*", "**/*session*"]

package/dist/agents/explorer.d.ts

@@ -1,5 +1,5 @@
 import type { AgentDefinition } from './architect';
 export declare const CURATOR_INIT_PROMPT = "## IDENTITY\nYou are Explorer in CURATOR_INIT mode. You consolidate prior session knowledge into an architect briefing.\nDO NOT use the Task tool to delegate. You ARE the agent that does the work.\n\nINPUT FORMAT:\nTASK: CURATOR_INIT\nPRIOR_SUMMARY: [JSON or \"none\"]\nKNOWLEDGE_ENTRIES: [JSON array of high-confidence entries]\nPROJECT_CONTEXT: [context.md excerpt]\n\nACTIONS:\n- Read the prior summary to understand session history\n- Cross-reference knowledge entries against project context\n- Identify contradictions (knowledge says X, project state shows Y)\n- Produce a concise briefing for the architect\n\nRULES:\n- Output under 2000 chars\n- No code modifications\n- Flag contradictions explicitly with CONTRADICTION: prefix\n- If no prior summary exists, state \"First session \u2014 no prior context\"\n\nOUTPUT FORMAT:\nBRIEFING:\n[concise summary of prior session state, key decisions, active blockers]\n\nCONTRADICTIONS:\n- [entry_id]: [description] (or \"None detected\")\n\nKNOWLEDGE_STATS:\n- Entries reviewed: [N]\n- Prior phases covered: [N]\n";
-export declare const CURATOR_PHASE_PROMPT = "## IDENTITY\nYou are Explorer in CURATOR_PHASE mode. You consolidate a completed phase into a digest.\nDO NOT use the Task tool to delegate. You ARE the agent that does the work.\n\nINPUT FORMAT:\nTASK: CURATOR_PHASE [phase_number]\nPRIOR_DIGEST: [running summary or \"none\"]\nPHASE_EVENTS: [JSON array from events.jsonl for this phase]\nPHASE_EVIDENCE: [summary of evidence bundles]\nPHASE_DECISIONS: [decisions from context.md]\nAGENTS_DISPATCHED: [list]\nAGENTS_EXPECTED: [list from config]\n\nACTIONS:\n- Extend the prior digest with this phase's outcomes (do NOT regenerate from scratch)\n- Identify workflow deviations: missing reviewer, missing retro, skipped test_engineer\n- Recommend knowledge updates: entries to promote, archive, or flag as contradicted\n- Summarize key decisions and blockers resolved\n\nRULES:\n- Output under 2000 chars\n- No code modifications\n- Compliance observations are READ-ONLY \u2014 report, do not enforce\n- Extend the digest, never replace it\n\nOUTPUT FORMAT:\nPHASE_DIGEST:\nphase: [N]\nsummary: [what was accomplished]\nagents_used: [list]\ntasks_completed: [N]/[total]\nkey_decisions: [list]\nblockers_resolved: [list]\n\nCOMPLIANCE:\n- [type]: [description] (or \"No deviations observed\")\n\nKNOWLEDGE_UPDATES:\n- [action] [entry_id or \"new\"]: [reason] (or \"No recommendations\")\n\nEXTENDED_DIGEST:\n[the full running digest with this phase appended]\n";
+export declare const CURATOR_PHASE_PROMPT = "## IDENTITY\nYou are Explorer in CURATOR_PHASE mode. You consolidate a completed phase into a digest.\nDO NOT use the Task tool to delegate. You ARE the agent that does the work.\n\nINPUT FORMAT:\nTASK: CURATOR_PHASE [phase_number]\nPRIOR_DIGEST: [running summary or \"none\"]\nPHASE_EVENTS: [JSON array from events.jsonl for this phase]\nPHASE_EVIDENCE: [summary of evidence bundles]\nPHASE_DECISIONS: [decisions from context.md]\nAGENTS_DISPATCHED: [list]\nAGENTS_EXPECTED: [list from config]\n\nACTIONS:\n- Extend the prior digest with this phase's outcomes (do NOT regenerate from scratch)\n- Identify workflow deviations: missing reviewer, missing retro, skipped test_engineer\n- Recommend knowledge updates: entries to promote, archive, or flag as contradicted\n- Summarize key decisions and blockers resolved\n\nRULES:\n- Output under 2000 chars\n- No code modifications\n- Compliance observations are READ-ONLY \u2014 report, do not enforce\n- Extend the digest, never replace it\n\nOUTPUT FORMAT:\nPHASE_DIGEST:\nphase: [N]\nsummary: [what was accomplished]\nagents_used: [list]\ntasks_completed: [N]/[total]\nkey_decisions: [list]\nblockers_resolved: [list]\n\nCOMPLIANCE:\n- [type]: [description] (or \"No deviations observed\")\n\nKNOWLEDGE_UPDATES:\n- [action] new: [reason] (or \"No recommendations\")\nNOTE: Always use \"new\" as the token \u2014 existing entry IDs (UUID v4) are not available in this context. Any non-UUID token is treated as \"new\" by the parser. Only \"promote new:\" creates a new entry; \"archive new:\" and \"flag_contradiction new:\" are silently skipped because those actions require an existing entry to operate on.\n\nEXTENDED_DIGEST:\n[the full running digest with this phase appended]\n";
 export declare function createExplorerAgent(model: string, customPrompt?: string, customAppendPrompt?: string): AgentDefinition;
 export declare function createExplorerCuratorAgent(model: string, mode: 'CURATOR_INIT' | 'CURATOR_PHASE', customAppendPrompt?: string): AgentDefinition;

package/dist/cli/index.js

@@ -18649,6 +18649,17 @@ var CompactionConfigSchema = exports_external.object({
   emergencyThreshold: exports_external.number().min(1).max(99).default(80),
   preserveLastNTurns: exports_external.number().int().min(1).default(5)
 });
+var AgentAuthorityRuleSchema = exports_external.object({
+  readOnly: exports_external.boolean().optional(),
+  blockedExact: exports_external.array(exports_external.string()).optional(),
+  blockedPrefix: exports_external.array(exports_external.string()).optional(),
+  allowedPrefix: exports_external.array(exports_external.string()).optional(),
+  blockedZones: exports_external.array(exports_external.enum(["production", "test", "config", "generated", "docs", "build"])).optional()
+});
+var AuthorityConfigSchema = exports_external.object({
+  enabled: exports_external.boolean().default(true),
+  rules: exports_external.record(exports_external.string(), AgentAuthorityRuleSchema).default({})
+});
 var PluginConfigSchema = exports_external.object({
   agents: exports_external.record(exports_external.string(), AgentOverrideConfigSchema).optional(),
   swarms: exports_external.record(exports_external.string(), SwarmConfigSchema).optional(),
@@ -18665,6 +18676,7 @@ var PluginConfigSchema = exports_external.object({
   watchdog: WatchdogConfigSchema.optional(),
   self_review: SelfReviewConfigSchema.optional(),
   tool_filter: ToolFilterConfigSchema.optional(),
+  authority: AuthorityConfigSchema.optional(),
   plan_cursor: PlanCursorConfigSchema.optional(),
   evidence: EvidenceConfigSchema.optional(),
   summaries: SummaryConfigSchema.optional(),

package/dist/config/evidence-schema.d.ts

@@ -8,6 +8,7 @@ export declare const EvidenceTypeSchema: z.ZodEnum<{
     quality_budget: "quality_budget";
     placeholder: "placeholder";
     test: "test";
+    build: "build";
     review: "review";
     approval: "approval";
     note: "note";
@@ -15,7 +16,6 @@ export declare const EvidenceTypeSchema: z.ZodEnum<{
     syntax: "syntax";
     sast: "sast";
     sbom: "sbom";
-    build: "build";
 }>;
 export type EvidenceType = z.infer<typeof EvidenceTypeSchema>;
 export declare const EvidenceVerdictSchema: z.ZodEnum<{
@@ -34,6 +34,7 @@ export declare const BaseEvidenceSchema: z.ZodObject<{
         quality_budget: "quality_budget";
         placeholder: "placeholder";
         test: "test";
+        build: "build";
         review: "review";
         approval: "approval";
         note: "note";
@@ -41,7 +42,6 @@ export declare const BaseEvidenceSchema: z.ZodObject<{
         syntax: "syntax";
         sast: "sast";
         sbom: "sbom";
-        build: "build";
     }>;
     timestamp: z.ZodString;
     agent: z.ZodString;

package/dist/config/schema.d.ts

@@ -468,6 +468,39 @@ export declare const CompactionConfigSchema: z.ZodObject<{
     preserveLastNTurns: z.ZodDefault<z.ZodNumber>;
 }, z.core.$strip>;
 export type CompactionConfig = z.infer<typeof CompactionConfigSchema>;
+export declare const AgentAuthorityRuleSchema: z.ZodObject<{
+    readOnly: z.ZodOptional<z.ZodBoolean>;
+    blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+        docs: "docs";
+        production: "production";
+        test: "test";
+        config: "config";
+        generated: "generated";
+        build: "build";
+    }>>>;
+}, z.core.$strip>;
+export type AgentAuthorityRule = z.infer<typeof AgentAuthorityRuleSchema>;
+export declare const AuthorityConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        readOnly: z.ZodOptional<z.ZodBoolean>;
+        blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+            docs: "docs";
+            production: "production";
+            test: "test";
+            config: "config";
+            generated: "generated";
+            build: "build";
+        }>>>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export type AuthorityConfig = z.infer<typeof AuthorityConfigSchema>;
 export declare const PluginConfigSchema: z.ZodObject<{
     agents: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
         model: z.ZodOptional<z.ZodString>;
@@ -627,6 +660,23 @@ export declare const PluginConfigSchema: z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
         overrides: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
     }, z.core.$strip>>;
+    authority: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+            readOnly: z.ZodOptional<z.ZodBoolean>;
+            blockedExact: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            blockedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            allowedPrefix: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            blockedZones: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                docs: "docs";
+                production: "production";
+                test: "test";
+                config: "config";
+                generated: "generated";
+                build: "build";
+            }>>>;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>>;
     plan_cursor: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
         max_tokens: z.ZodDefault<z.ZodNumber>;

package/dist/hooks/guardrails.d.ts

@@ -6,7 +6,7 @@
  * - Layer 1 (Soft Warning @ warning_threshold): Sets warning flag for messagesTransform to inject warning
  * - Layer 2 (Hard Block @ 100%): Throws error in toolBefore to block further calls, injects STOP message
  */
-import { type GuardrailsConfig } from '../config/schema';
+import { type AuthorityConfig, type GuardrailsConfig } from '../config/schema';
 import { type FileZone } from '../context/zone-classifier';
 /**
  * Retrieves stored input args for a given callID.
@@ -34,7 +34,7 @@ export declare function deleteStoredInputArgs(callID: string): void;
  * @param config Guardrails configuration (optional)
  * @returns Tool before/after hooks and messages transform hook
  */
-export declare function createGuardrailsHooks(directory: string, directoryOrConfig?: string | GuardrailsConfig, config?: GuardrailsConfig): {
+export declare function createGuardrailsHooks(directory: string, directoryOrConfig?: string | GuardrailsConfig, config?: GuardrailsConfig, authorityConfig?: AuthorityConfig): {
     toolBefore: (input: {
         tool: string;
         sessionID: string;
@@ -103,13 +103,22 @@ export declare function validateAndRecordAttestation(dir: string, findingId: str
     valid: false;
     reason: string;
 }>;
+type AgentRule = {
+    readOnly?: boolean;
+    blockedExact?: string[];
+    blockedPrefix?: string[];
+    allowedPrefix?: string[];
+    blockedZones?: FileZone[];
+};
+export declare const DEFAULT_AGENT_AUTHORITY_RULES: Record<string, AgentRule>;
 /**
  * Checks whether the given agent is authorised to write to the given file path.
  */
-export declare function checkFileAuthority(agentName: string, filePath: string, cwd: string): {
+export declare function checkFileAuthority(agentName: string, filePath: string, cwd: string, authorityConfig?: AuthorityConfig): {
     allowed: true;
 } | {
     allowed: false;
     reason: string;
     zone?: FileZone;
 };
+export {};

package/dist/hooks/index.d.ts

@@ -6,7 +6,7 @@ export { createDelegationGateHook } from './delegation-gate';
 export { createDelegationSanitizerHook } from './delegation-sanitizer';
 export { createDelegationTrackerHook } from './delegation-tracker';
 export { extractCurrentPhase, extractCurrentPhaseFromPlan, extractCurrentTask, extractCurrentTaskFromPlan, extractDecisions, extractIncompleteTasks, extractIncompleteTasksFromPlan, extractPatterns, } from './extractors';
-export { createGuardrailsHooks } from './guardrails';
+export { checkFileAuthority, createGuardrailsHooks, DEFAULT_AGENT_AUTHORITY_RULES, } from './guardrails';
 export { classifyMessage, classifyMessages, containsPlanContent, isDuplicateToolRead, isStaleError, isToolResult, MessagePriority, type MessagePriorityType, type MessageWithParts, } from './message-priority';
 export { consolidateSystemMessages } from './messages-transform';
 export { extractModelInfo, NATIVE_MODEL_LIMITS, PROVIDER_CAPS, resolveModelLimit, } from './model-limits';

package/dist/index.js

@@ -14573,7 +14573,7 @@ function resolveGuardrailsConfig(config2, agentName) {
   };
   return resolved;
 }
-var KNOWN_SWARM_PREFIXES, SEPARATORS, AgentOverrideConfigSchema, SwarmConfigSchema, HooksConfigSchema, ScoringWeightsSchema, DecisionDecaySchema, TokenRatiosSchema, ScoringConfigSchema, ContextBudgetConfigSchema, EvidenceConfigSchema, GateFeatureSchema, PlaceholderScanConfigSchema, QualityBudgetConfigSchema, GateConfigSchema, PipelineConfigSchema, PhaseCompleteConfigSchema, SummaryConfigSchema, ReviewPassesConfigSchema, AdversarialDetectionConfigSchema, AdversarialTestingConfigSchemaBase, AdversarialTestingConfigSchema, IntegrationAnalysisConfigSchema, DocsConfigSchema, UIReviewConfigSchema, CompactionAdvisoryConfigSchema, LintConfigSchema, SecretscanConfigSchema, GuardrailsProfileSchema, DEFAULT_AGENT_PROFILES, DEFAULT_ARCHITECT_PROFILE, GuardrailsConfigSchema, WatchdogConfigSchema, SelfReviewConfigSchema, ToolFilterConfigSchema, PlanCursorConfigSchema, CheckpointConfigSchema, AutomationModeSchema, AutomationCapabilitiesSchema, AutomationConfigSchemaBase, AutomationConfigSchema, KnowledgeConfigSchema, CuratorConfigSchema, SlopDetectorConfigSchema, IncrementalVerifyConfigSchema, CompactionConfigSchema, PluginConfigSchema;
+var KNOWN_SWARM_PREFIXES, SEPARATORS, AgentOverrideConfigSchema, SwarmConfigSchema, HooksConfigSchema, ScoringWeightsSchema, DecisionDecaySchema, TokenRatiosSchema, ScoringConfigSchema, ContextBudgetConfigSchema, EvidenceConfigSchema, GateFeatureSchema, PlaceholderScanConfigSchema, QualityBudgetConfigSchema, GateConfigSchema, PipelineConfigSchema, PhaseCompleteConfigSchema, SummaryConfigSchema, ReviewPassesConfigSchema, AdversarialDetectionConfigSchema, AdversarialTestingConfigSchemaBase, AdversarialTestingConfigSchema, IntegrationAnalysisConfigSchema, DocsConfigSchema, UIReviewConfigSchema, CompactionAdvisoryConfigSchema, LintConfigSchema, SecretscanConfigSchema, GuardrailsProfileSchema, DEFAULT_AGENT_PROFILES, DEFAULT_ARCHITECT_PROFILE, GuardrailsConfigSchema, WatchdogConfigSchema, SelfReviewConfigSchema, ToolFilterConfigSchema, PlanCursorConfigSchema, CheckpointConfigSchema, AutomationModeSchema, AutomationCapabilitiesSchema, AutomationConfigSchemaBase, AutomationConfigSchema, KnowledgeConfigSchema, CuratorConfigSchema, SlopDetectorConfigSchema, IncrementalVerifyConfigSchema, CompactionConfigSchema, AgentAuthorityRuleSchema, AuthorityConfigSchema, PluginConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   init_constants();
@@ -15047,6 +15047,17 @@ var init_schema = __esm(() => {
     emergencyThreshold: exports_external.number().min(1).max(99).default(80),
     preserveLastNTurns: exports_external.number().int().min(1).default(5)
   });
+  AgentAuthorityRuleSchema = exports_external.object({
+    readOnly: exports_external.boolean().optional(),
+    blockedExact: exports_external.array(exports_external.string()).optional(),
+    blockedPrefix: exports_external.array(exports_external.string()).optional(),
+    allowedPrefix: exports_external.array(exports_external.string()).optional(),
+    blockedZones: exports_external.array(exports_external.enum(["production", "test", "config", "generated", "docs", "build"])).optional()
+  });
+  AuthorityConfigSchema = exports_external.object({
+    enabled: exports_external.boolean().default(true),
+    rules: exports_external.record(exports_external.string(), AgentAuthorityRuleSchema).default({})
+  });
   PluginConfigSchema = exports_external.object({
     agents: exports_external.record(exports_external.string(), AgentOverrideConfigSchema).optional(),
     swarms: exports_external.record(exports_external.string(), SwarmConfigSchema).optional(),
@@ -15063,6 +15074,7 @@ var init_schema = __esm(() => {
     watchdog: WatchdogConfigSchema.optional(),
     self_review: SelfReviewConfigSchema.optional(),
     tool_filter: ToolFilterConfigSchema.optional(),
+    authority: AuthorityConfigSchema.optional(),
     plan_cursor: PlanCursorConfigSchema.optional(),
     evidence: EvidenceConfigSchema.optional(),
     summaries: SummaryConfigSchema.optional(),
@@ -32519,7 +32531,7 @@ __export(exports_co_change_analyzer, {
   buildCoChangeMatrix: () => buildCoChangeMatrix
 });
 import * as child_process2 from "child_process";
-import { randomUUID } from "crypto";
+import { randomUUID as randomUUID2 } from "crypto";
 import { readdir as readdir2, readFile as readFile4, stat } from "fs/promises";
 import * as path19 from "path";
 import { promisify } from "util";
@@ -32779,7 +32791,7 @@ function darkMatterToKnowledgeEntries(pairs, projectName) {
     }
     const confidence = Math.min(0.3 + 0.2 * Math.min(pair.coChangeCount / 10, 1), 0.5);
     entries.push({
-      id: randomUUID(),
+      id: randomUUID2(),
       tier: "swarm",
       lesson,
       category: "architecture",
@@ -36214,17 +36226,17 @@ function getTestFilesFromConvention(sourceFiles) {
   const testFiles = [];
   for (const file3 of sourceFiles) {
     const normalizedPath = file3.replace(/\\/g, "/");
-    const basename4 = path28.basename(file3);
+    const basename5 = path28.basename(file3);
     const dirname12 = path28.dirname(file3);
-    if (hasCompoundTestExtension(basename4) || basename4.includes(".spec.") || basename4.includes(".test.") || normalizedPath.includes("/__tests__/") || normalizedPath.includes("/tests/") || normalizedPath.includes("/test/")) {
+    if (hasCompoundTestExtension(basename5) || basename5.includes(".spec.") || basename5.includes(".test.") || normalizedPath.includes("/__tests__/") || normalizedPath.includes("/tests/") || normalizedPath.includes("/test/")) {
       if (!testFiles.includes(file3)) {
         testFiles.push(file3);
       }
       continue;
     }
     for (const _pattern of TEST_PATTERNS) {
-      const nameWithoutExt = basename4.replace(/\.[^.]+$/, "");
-      const ext = path28.extname(basename4);
+      const nameWithoutExt = basename5.replace(/\.[^.]+$/, "");
+      const ext = path28.extname(basename5);
       const possibleTestFiles = [
         path28.join(dirname12, `${nameWithoutExt}.spec${ext}`),
         path28.join(dirname12, `${nameWithoutExt}.test${ext}`),
@@ -38054,17 +38066,17 @@ function normalizeSeparators(filePath) {
 }
 function matchesDocPattern(filePath, patterns) {
   const normalizedPath = normalizeSeparators(filePath);
-  const basename5 = path42.basename(filePath);
+  const basename6 = path42.basename(filePath);
   for (const pattern of patterns) {
     if (!pattern.includes("/") && !pattern.includes("\\")) {
-      if (basename5 === pattern) {
+      if (basename6 === pattern) {
         return true;
       }
       continue;
     }
     if (pattern.startsWith("**/")) {
       const filenamePattern = pattern.slice(3);
-      if (basename5 === filenamePattern) {
+      if (basename6 === filenamePattern) {
         return true;
       }
       continue;
@@ -44118,7 +44130,8 @@ COMPLIANCE:
 - [type]: [description] (or "No deviations observed")
 
 KNOWLEDGE_UPDATES:
-- [action] [entry_id or "new"]: [reason] (or "No recommendations")
+- [action] new: [reason] (or "No recommendations")
+NOTE: Always use "new" as the token \u2014 existing entry IDs (UUID v4) are not available in this context. Any non-UUID token is treated as "new" by the parser. Only "promote new:" creates a new entry; "archive new:" and "flag_contradiction new:" are silently skipped because those actions require an existing entry to operate on.
 
 EXTENDED_DIGEST:
 [the full running digest with this phase appended]
@@ -48202,6 +48215,7 @@ async function handleConfigCommand(directory, _args) {
 init_schema();
 
 // src/hooks/curator.ts
+import { randomUUID } from "crypto";
 import * as fs12 from "fs";
 import * as path18 from "path";
 init_event_bus();
@@ -48223,7 +48237,8 @@ function parseKnowledgeRecommendations(llmOutput) {
     const match = trimmed.match(/^-\s+(promote|archive|flag_contradiction)\s+(\S+):\s+(.+)$/i);
     if (match) {
       const action = match[1].toLowerCase();
-      const entryId = match[2] === "new" ? undefined : match[2];
+      const UUID_V4 = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+      const entryId = match[2] === "new" || !UUID_V4.test(match[2]) ? undefined : match[2];
       const reason = match[3].trim();
       recommendations.push({
         action,
@@ -48737,6 +48752,43 @@ async function applyCuratorKnowledgeUpdates(directory, recommendations, _knowled
   if (modified) {
     await rewriteKnowledge(knowledgePath, updatedEntries);
   }
+  for (const rec of recommendations) {
+    if (rec.entry_id !== undefined)
+      continue;
+    if (rec.action !== "promote") {
+      skipped++;
+      continue;
+    }
+    const lesson = rec.lesson?.trim() ?? "";
+    if (lesson.length < 15) {
+      skipped++;
+      continue;
+    }
+    const now = new Date().toISOString();
+    const newEntry = {
+      id: randomUUID(),
+      tier: "swarm",
+      lesson: lesson.slice(0, 280),
+      category: "other",
+      tags: [],
+      scope: "global",
+      confidence: 0.5,
+      status: "candidate",
+      confirmed_by: [],
+      retrieval_outcomes: {
+        applied_count: 0,
+        succeeded_after_count: 0,
+        failed_after_count: 0
+      },
+      schema_version: 1,
+      created_at: now,
+      updated_at: now,
+      auto_generated: true,
+      project_name: path18.basename(directory)
+    };
+    await appendKnowledge(knowledgePath, newEntry);
+    applied++;
+  }
   return { applied, skipped };
 }
 
@@ -50416,7 +50468,7 @@ init_schema();
 
 // src/hooks/knowledge-migrator.ts
 init_knowledge_store();
-import { randomUUID as randomUUID2 } from "crypto";
+import { randomUUID as randomUUID3 } from "crypto";
 import { existsSync as existsSync12, readFileSync as readFileSync9 } from "fs";
 import { mkdir as mkdir4, readFile as readFile5, writeFile as writeFile4 } from "fs/promises";
 import * as path23 from "path";
@@ -50486,7 +50538,7 @@ async function migrateContextToKnowledge(directory, config3) {
     }
     const inferredTags = inferTags(raw.text);
     const entry = {
-      id: randomUUID2(),
+      id: randomUUID3(),
       tier: "swarm",
       lesson: truncateLesson(raw.text),
       category: raw.categoryHint ?? inferCategoryFromText(raw.text),
@@ -53518,7 +53570,7 @@ function isInDeclaredScope(filePath, scopeEntries, cwd) {
     return rel.length > 0 && !rel.startsWith("..") && !path35.isAbsolute(rel);
   });
 }
-function createGuardrailsHooks(directory, directoryOrConfig, config3) {
+function createGuardrailsHooks(directory, directoryOrConfig, config3, authorityConfig) {
   let guardrailsConfig;
   if (directory && typeof directory === "object" && "enabled" in directory) {
     console.warn("[guardrails] Legacy call without directory, falling back to process.cwd()");
@@ -53536,6 +53588,7 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
       messagesTransform: async () => {}
     };
   }
+  const precomputedAuthorityRules = buildEffectiveRules(authorityConfig);
   const cfg = guardrailsConfig;
   const requiredQaGates = cfg.qa_gates?.required_tools ?? [
     "diff",
@@ -53630,7 +53683,7 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
         if (typeof delegTargetPath === "string" && delegTargetPath.length > 0) {
           const agentName = swarmState.activeAgent.get(sessionID) ?? "unknown";
           const cwd = effectiveDirectory;
-          const authorityCheck = checkFileAuthority(agentName, delegTargetPath, cwd);
+          const authorityCheck = checkFileAuthorityWithRules(agentName, delegTargetPath, cwd, precomputedAuthorityRules);
           if (!authorityCheck.allowed) {
             throw new Error(`WRITE BLOCKED: Agent "${agentName}" is not authorised to write "${delegTargetPath}". Reason: ${authorityCheck.reason}`);
           }
@@ -53639,6 +53692,19 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
           }
         }
       }
+      if (tool3 === "apply_patch" || tool3 === "patch") {
+        const agentName = swarmState.activeAgent.get(sessionID) ?? "unknown";
+        const cwd = effectiveDirectory;
+        for (const p of extractPatchTargetPaths(tool3, args2)) {
+          const authorityCheck = checkFileAuthorityWithRules(agentName, p, cwd, precomputedAuthorityRules);
+          if (!authorityCheck.allowed) {
+            throw new Error(`WRITE BLOCKED: Agent "${agentName}" is not authorised to write "${p}" (via patch). Reason: ${authorityCheck.reason}`);
+          }
+          if (!currentSession.modifiedFilesThisCoderTask.includes(p)) {
+            currentSession.modifiedFilesThisCoderTask.push(p);
+          }
+        }
+      }
     } else if (isArchitect(sessionID)) {
       const coderDelegArgs = args2;
       const rawSubagentType = coderDelegArgs?.subagent_type;
@@ -53707,6 +53773,55 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
       }
     }
   }
+  function extractPatchTargetPaths(tool3, args2) {
+    if (tool3 !== "apply_patch" && tool3 !== "patch")
+      return [];
+    const toolArgs = args2;
+    const patchText = toolArgs?.input ?? toolArgs?.patch ?? (Array.isArray(toolArgs?.cmd) ? toolArgs.cmd[1] : undefined);
+    if (typeof patchText !== "string")
+      return [];
+    if (patchText.length > 1e6) {
+      throw new Error("WRITE BLOCKED: Patch payload exceeds 1 MB \u2014 authority cannot be verified for all modified paths. Split into smaller patches.");
+    }
+    const paths = new Set;
+    const patchPathPattern = /\*\*\*\s+(?:Update|Add|Delete)\s+File:\s*(.+)/gi;
+    const diffPathPattern = /\+\+\+\s+b\/(.+)/gm;
+    const gitDiffPathPattern = /^diff --git a\/(.+?) b\/(.+?)$/gm;
+    const minusPathPattern = /^---\s+a\/(.+)$/gm;
+    const traditionalMinusPattern = /^---\s+([^\s].+?)(?:\t.*)?$/gm;
+    const traditionalPlusPattern = /^\+\+\+\s+([^\s].+?)(?:\t.*)?$/gm;
+    for (const match of patchText.matchAll(patchPathPattern))
+      paths.add(match[1].trim());
+    for (const match of patchText.matchAll(diffPathPattern)) {
+      const p = match[1].trim();
+      if (p !== "/dev/null")
+        paths.add(p);
+    }
+    for (const match of patchText.matchAll(gitDiffPathPattern)) {
+      const aPath = match[1].trim();
+      const bPath = match[2].trim();
+      if (aPath !== "/dev/null")
+        paths.add(aPath);
+      if (bPath !== "/dev/null")
+        paths.add(bPath);
+    }
+    for (const match of patchText.matchAll(minusPathPattern)) {
+      const p = match[1].trim();
+      if (p !== "/dev/null")
+        paths.add(p);
+    }
+    for (const match of patchText.matchAll(traditionalMinusPattern)) {
+      const p = match[1].trim();
+      if (p !== "/dev/null" && !p.startsWith("a/") && !p.startsWith("b/"))
+        paths.add(p);
+    }
+    for (const match of patchText.matchAll(traditionalPlusPattern)) {
+      const p = match[1].trim();
+      if (p !== "/dev/null" && !p.startsWith("a/") && !p.startsWith("b/"))
+        paths.add(p);
+    }
+    return Array.from(paths);
+  }
   function handlePlanAndScopeProtection(sessionID, tool3, args2) {
     const toolArgs = args2;
     const targetPath = toolArgs?.filePath ?? toolArgs?.path ?? toolArgs?.file ?? toolArgs?.target;
@@ -53719,68 +53834,25 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
       }
     }
     if (!targetPath && (tool3 === "apply_patch" || tool3 === "patch")) {
-      const patchText = toolArgs?.input ?? toolArgs?.patch ?? (Array.isArray(toolArgs?.cmd) ? toolArgs.cmd[1] : undefined);
-      if (typeof patchText === "string" && patchText.length <= 1e6) {
-        const patchPathPattern = /\*\*\*\s+(?:Update|Add|Delete)\s+File:\s*(.+)/gi;
-        const diffPathPattern = /\+\+\+\s+b\/(.+)/gm;
-        const paths = new Set;
-        for (const match of patchText.matchAll(patchPathPattern)) {
-          paths.add(match[1].trim());
-        }
-        for (const match of patchText.matchAll(diffPathPattern)) {
-          const p = match[1].trim();
-          if (p !== "/dev/null")
-            paths.add(p);
-        }
-        const gitDiffPathPattern = /^diff --git a\/(.+?) b\/(.+?)$/gm;
-        for (const match of patchText.matchAll(gitDiffPathPattern)) {
-          const aPath = match[1].trim();
-          const bPath = match[2].trim();
-          if (aPath !== "/dev/null")
-            paths.add(aPath);
-          if (bPath !== "/dev/null")
-            paths.add(bPath);
-        }
-        const minusPathPattern = /^---\s+a\/(.+)$/gm;
-        for (const match of patchText.matchAll(minusPathPattern)) {
-          const p = match[1].trim();
-          if (p !== "/dev/null")
-            paths.add(p);
-        }
-        const traditionalMinusPattern = /^---\s+([^\s].+?)(?:\t.*)?$/gm;
-        const traditionalPlusPattern = /^\+\+\+\s+([^\s].+?)(?:\t.*)?$/gm;
-        for (const match of patchText.matchAll(traditionalMinusPattern)) {
-          const p = match[1].trim();
-          if (p !== "/dev/null" && !p.startsWith("a/") && !p.startsWith("b/")) {
-            paths.add(p);
-          }
-        }
-        for (const match of patchText.matchAll(traditionalPlusPattern)) {
-          const p = match[1].trim();
-          if (p !== "/dev/null" && !p.startsWith("a/") && !p.startsWith("b/")) {
-            paths.add(p);
-          }
-        }
-        for (const p of paths) {
-          const resolvedP = path35.resolve(effectiveDirectory, p);
-          const planMdPath = path35.resolve(effectiveDirectory, ".swarm", "plan.md").toLowerCase();
-          const planJsonPath = path35.resolve(effectiveDirectory, ".swarm", "plan.json").toLowerCase();
-          if (resolvedP.toLowerCase() === planMdPath || resolvedP.toLowerCase() === planJsonPath) {
-            throw new Error("PLAN STATE VIOLATION: Direct writes to .swarm/plan.md and .swarm/plan.json are blocked. " + "plan.md is auto-regenerated from plan.json by PlanSyncWorker. " + "Use update_task_status() to mark tasks complete, " + "phase_complete() for phase transitions, or " + "save_plan to create/restructure plans.");
-          }
-          if (isOutsideSwarmDir(p, effectiveDirectory) && (isSourceCodePath(p) || hasTraversalSegments(p))) {
-            const session = swarmState.agentSessions.get(sessionID);
-            if (session) {
-              session.architectWriteCount++;
-              warn("Architect direct code edit detected via apply_patch", {
-                tool: tool3,
-                sessionID,
-                targetPath: p,
-                writeCount: session.architectWriteCount
-              });
-            }
-            break;
+      for (const p of extractPatchTargetPaths(tool3, args2)) {
+        const resolvedP = path35.resolve(effectiveDirectory, p);
+        const planMdPath = path35.resolve(effectiveDirectory, ".swarm", "plan.md").toLowerCase();
+        const planJsonPath = path35.resolve(effectiveDirectory, ".swarm", "plan.json").toLowerCase();
+        if (resolvedP.toLowerCase() === planMdPath || resolvedP.toLowerCase() === planJsonPath) {
+          throw new Error("PLAN STATE VIOLATION: Direct writes to .swarm/plan.md and .swarm/plan.json are blocked. " + "plan.md is auto-regenerated from plan.json by PlanSyncWorker. " + "Use update_task_status() to mark tasks complete, " + "phase_complete() for phase transitions, or " + "save_plan to create/restructure plans.");
+        }
+        if (isOutsideSwarmDir(p, effectiveDirectory) && (isSourceCodePath(p) || hasTraversalSegments(p))) {
+          const session = swarmState.agentSessions.get(sessionID);
+          if (session) {
+            session.architectWriteCount++;
+            warn("Architect direct code edit detected via apply_patch", {
+              tool: tool3,
+              sessionID,
+              targetPath: p,
+              writeCount: session.architectWriteCount
+            });
           }
+          break;
         }
       }
     }
@@ -53877,6 +53949,24 @@ function createGuardrailsHooks(directory, directoryOrConfig, config3) {
       handleTestSuiteBlocking(input.tool, output.args);
       if (isArchitect(input.sessionID) && isWriteTool(input.tool)) {
         handlePlanAndScopeProtection(input.sessionID, input.tool, output.args);
+        const toolArgs = output.args;
+        const targetPath = toolArgs?.filePath ?? toolArgs?.path ?? toolArgs?.file ?? toolArgs?.target;
+        if (typeof targetPath === "string" && targetPath.length > 0) {
+          const agentName = swarmState.activeAgent.get(input.sessionID) ?? "architect";
+          const authorityCheck = checkFileAuthorityWithRules(agentName, targetPath, effectiveDirectory, precomputedAuthorityRules);
+          if (!authorityCheck.allowed) {
+            throw new Error(`WRITE BLOCKED: Agent "${agentName}" is not authorised to write "${targetPath}". Reason: ${authorityCheck.reason}`);
+          }
+        }
+      }
+      if (input.tool === "apply_patch" || input.tool === "patch") {
+        const agentName = swarmState.activeAgent.get(input.sessionID) ?? "architect";
+        for (const p of extractPatchTargetPaths(input.tool, output.args)) {
+          const authorityCheck = checkFileAuthorityWithRules(agentName, p, effectiveDirectory, precomputedAuthorityRules);
+          if (!authorityCheck.allowed) {
+            throw new Error(`WRITE BLOCKED: Agent "${agentName}" is not authorised to write "${p}" (via patch). Reason: ${authorityCheck.reason}`);
+          }
+        }
       }
       const resolved = resolveSessionAndWindow(input.sessionID);
       if (!resolved)
@@ -54371,7 +54461,7 @@ function hashArgs(args2) {
     return 0;
   }
 }
-var AGENT_AUTHORITY_RULES = {
+var DEFAULT_AGENT_AUTHORITY_RULES = {
   architect: {
     blockedExact: [".swarm/plan.md", ".swarm/plan.json"],
     blockedZones: ["generated"]
@@ -54412,12 +54502,38 @@ var AGENT_AUTHORITY_RULES = {
     blockedZones: ["generated"]
   }
 };
-function checkFileAuthority(agentName, filePath, cwd) {
+function buildEffectiveRules(authorityConfig) {
+  if (authorityConfig?.enabled === false || !authorityConfig?.rules) {
+    return DEFAULT_AGENT_AUTHORITY_RULES;
+  }
+  const entries = Object.entries(authorityConfig.rules);
+  if (entries.length === 0) {
+    return DEFAULT_AGENT_AUTHORITY_RULES;
+  }
+  const merged = {
+    ...DEFAULT_AGENT_AUTHORITY_RULES
+  };
+  for (const [agent, userRule] of entries) {
+    const normalizedRuleKey = agent.toLowerCase();
+    const existing = merged[normalizedRuleKey] ?? {};
+    merged[normalizedRuleKey] = {
+      ...existing,
+      ...userRule,
+      blockedExact: userRule.blockedExact ?? existing.blockedExact,
+      blockedPrefix: userRule.blockedPrefix ?? existing.blockedPrefix,
+      allowedPrefix: userRule.allowedPrefix ?? existing.allowedPrefix,
+      blockedZones: userRule.blockedZones ?? existing.blockedZones
+    };
+  }
+  return merged;
+}
+function checkFileAuthorityWithRules(agentName, filePath, cwd, effectiveRules) {
   const normalizedAgent = agentName.toLowerCase();
+  const strippedAgent = stripKnownSwarmPrefix(agentName).toLowerCase();
   const dir = cwd || process.cwd();
   const resolved = path35.resolve(dir, filePath);
   const normalizedPath = path35.relative(dir, resolved).replace(/\\/g, "/");
-  const rules = AGENT_AUTHORITY_RULES[normalizedAgent];
+  const rules = effectiveRules[normalizedAgent] ?? effectiveRules[strippedAgent];
   if (!rules) {
     return { allowed: false, reason: `Unknown agent: ${agentName}` };
   }
@@ -54444,8 +54560,8 @@ function checkFileAuthority(agentName, filePath, cwd) {
       }
     }
   }
-  if (rules.allowedPrefix && rules.allowedPrefix.length > 0) {
-    const isAllowed = rules.allowedPrefix.some((prefix) => normalizedPath.startsWith(prefix));
+  if (rules.allowedPrefix != null) {
+    const isAllowed = rules.allowedPrefix.length > 0 ? rules.allowedPrefix.some((prefix) => normalizedPath.startsWith(prefix)) : false;
     if (!isAllowed) {
       return {
         allowed: false,
@@ -59858,7 +59974,7 @@ function countCodeLines(content) {
   return lines.length;
 }
 function isTestFile(filePath) {
-  const basename7 = path52.basename(filePath);
+  const basename8 = path52.basename(filePath);
   const _ext = path52.extname(filePath).toLowerCase();
   const testPatterns = [
     ".test.",
@@ -59874,7 +59990,7 @@ function isTestFile(filePath) {
     ".spec.jsx"
   ];
   for (const pattern of testPatterns) {
-    if (basename7.includes(pattern)) {
+    if (basename8.includes(pattern)) {
       return true;
     }
   }
@@ -60540,7 +60656,12 @@ var curator_analyze = createSwarmTool({
       let applied = 0;
       let skipped = 0;
       if (typedArgs.recommendations && typedArgs.recommendations.length > 0) {
-        const result = await applyCuratorKnowledgeUpdates(directory, typedArgs.recommendations, knowledgeConfig);
+        const UUID_V4 = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+        const sanitizedRecs = typedArgs.recommendations.map((rec) => ({
+          ...rec,
+          entry_id: rec.entry_id === undefined || UUID_V4.test(rec.entry_id) ? rec.entry_id : undefined
+        }));
+        const result = await applyCuratorKnowledgeUpdates(directory, sanitizedRecs, knowledgeConfig);
         applied = result.applied;
         skipped = result.skipped;
       }
@@ -62218,7 +62339,7 @@ var imports = createSwarmTool({
 init_dist();
 init_config();
 init_knowledge_store();
-import { randomUUID as randomUUID5 } from "crypto";
+import { randomUUID as randomUUID6 } from "crypto";
 init_manager2();
 init_create_tool();
 var VALID_CATEGORIES2 = [
@@ -62293,7 +62414,7 @@ var knowledgeAdd = createSwarmTool({
       project_name = plan?.title ?? "";
     } catch {}
     const entry = {
-      id: randomUUID5(),
+      id: randomUUID6(),
       tier: "swarm",
       lesson,
       category,
@@ -69968,7 +70089,8 @@ var OpenCodeSwarm = async (ctx) => {
     console.warn("");
   }
   const delegationHandler = createDelegationTrackerHook(config3, guardrailsConfig.enabled);
-  const guardrailsHooks = createGuardrailsHooks(ctx.directory, undefined, guardrailsConfig);
+  const authorityConfig = AuthorityConfigSchema.parse(config3.authority ?? {});
+  const guardrailsHooks = createGuardrailsHooks(ctx.directory, undefined, guardrailsConfig, authorityConfig);
   const watchdogConfig = WatchdogConfigSchema.parse(config3.watchdog ?? {});
   const advisoryInjector = (sessionId, message) => {
     const s = swarmState.agentSessions.get(sessionId);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.45.0",
+	"version": "6.46.0",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",