npm - opencode-swarm - Versions diffs - 6.53.6 → 6.54.0 - Mend

opencode-swarm 6.53.6 → 6.54.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli/index.js +3 -1
package/dist/hooks/knowledge-validator.d.ts +1 -0
package/dist/index.js +3 -1
package/dist/lang/framework-detector.d.ts +24 -0
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -32389,8 +32389,10 @@ var SECURITY_DEGRADING_PATTERNS = [
   /disable\s+.{0,50}2fa/i,
   /remove\s+.{0,50}password/i
 ];
+var INVISIBLE_FORMAT_CHARS = /[\u00AD\u200B-\u200F\u202A-\u202E\u2060-\u2064\u2066-\u2069\uFEFF]/g;
 var INJECTION_PATTERNS = [
   /[\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\x0d]/,
+  /[\u00AD\u200B-\u200F\u202A-\u202E\u2060-\u2064\u2066-\u2069\uFEFF]/,
   /^system\s*:/i,
   /<script/i,
   /javascript:/i,
@@ -32543,7 +32545,7 @@ function validateLesson(candidate, existingLessons, meta3) {
       severity: "error"
     };
   }
-  const normalizedCandidate = candidate.normalize("NFKC").toLowerCase();
+  const normalizedCandidate = candidate.normalize("NFKC").replace(INVISIBLE_FORMAT_CHARS, " ").replace(/\s+/g, " ").toLowerCase();
   for (const pattern of DANGEROUS_COMMAND_PATTERNS) {
     if (pattern.test(normalizedCandidate)) {
       return {

package/dist/hooks/knowledge-validator.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@ export interface ValidationResult {
 }
 export declare const DANGEROUS_COMMAND_PATTERNS: RegExp[];
 export declare const SECURITY_DEGRADING_PATTERNS: RegExp[];
+export declare const INVISIBLE_FORMAT_CHARS: RegExp;
 export declare const INJECTION_PATTERNS: RegExp[];
 export declare function validateLesson(candidate: string, existingLessons: string[], meta: {
     category: KnowledgeCategory;

package/dist/index.js CHANGED Viewed

@@ -43634,8 +43634,10 @@ var SECURITY_DEGRADING_PATTERNS = [
   /disable\s+.{0,50}2fa/i,
   /remove\s+.{0,50}password/i
 ];
+var INVISIBLE_FORMAT_CHARS = /[\u00AD\u200B-\u200F\u202A-\u202E\u2060-\u2064\u2066-\u2069\uFEFF]/g;
 var INJECTION_PATTERNS = [
   /[\x00-\x08\x0b-\x0c\x0e-\x1f\x7f\x0d]/,
+  /[\u00AD\u200B-\u200F\u202A-\u202E\u2060-\u2064\u2066-\u2069\uFEFF]/,
   /^system\s*:/i,
   /<script/i,
   /javascript:/i,
@@ -43788,7 +43790,7 @@ function validateLesson(candidate, existingLessons, meta3) {
       severity: "error"
     };
   }
-  const normalizedCandidate = candidate.normalize("NFKC").toLowerCase();
+  const normalizedCandidate = candidate.normalize("NFKC").replace(INVISIBLE_FORMAT_CHARS, " ").replace(/\s+/g, " ").toLowerCase();
   for (const pattern of DANGEROUS_COMMAND_PATTERNS) {
     if (pattern.test(normalizedCandidate)) {
       return {

package/dist/lang/framework-detector.d.ts CHANGED Viewed

@@ -27,6 +27,12 @@ export interface LaravelCommandOverlay {
     lintCommand: string | null;
     /** Static analysis command. PHPStan if phpstan config is present, null otherwise. */
     staticAnalysisCommand: string | null;
+    /**
+     * Identified static analysis tool. 'larastan' if phpstan.neon contains a
+     * Larastan extension reference, 'phpstan' if a phpstan config is present
+     * without Larastan markers, null if no phpstan config is present.
+     */
+    staticAnalysisTool: 'larastan' | 'phpstan' | null;
     /** Dependency audit command (always composer audit --locked --format=json for Laravel). */
     auditCommand: string;
     /** Whether --parallel flag is supported (Pest parallel testing via artisan). */
@@ -54,6 +60,22 @@ export declare function detectLaravelProject(directory: string): boolean;
  * @returns LaravelDetectionSignals with each signal's boolean state
  */
 export declare function getLaravelSignals(directory: string): LaravelDetectionSignals;
+/**
+ * Determine whether a project is configured to use Larastan (the Laravel
+ * extension for PHPStan) rather than vanilla PHPStan.
+ *
+ * Detection is content-based: the first 4096 bytes of `phpstan.neon` are
+ * read and scanned for a reference to either of the two known Larastan
+ * package names (`nunomaduro/larastan` or `larastan/larastan`).
+ *
+ * Only `phpstan.neon` is checked — `phpstan.neon.dist` is a distribution
+ * baseline that projects override locally, so it is not scanned for the
+ * Larastan marker.
+ *
+ * @param directory - Absolute path to the project root
+ * @returns true if phpstan.neon contains a Larastan extension reference
+ */
+export declare function isLarastanConfigured(directory: string): boolean;
 /**
  * Get the Laravel command overlay for a project directory.
  * Returns null if the directory is not a Laravel project.
@@ -65,6 +87,8 @@ export declare function getLaravelSignals(directory: string): LaravelDetectionSi
  *   null otherwise
  * - staticAnalysisCommand: 'vendor/bin/phpstan analyse' if phpstan.neon or phpstan.neon.dist present,
  *   null otherwise
+ * - staticAnalysisTool: 'larastan' if phpstan.neon contains a Larastan extension reference,
+ *   'phpstan' if a phpstan config is present without Larastan markers, null otherwise
  * - auditCommand: always 'composer audit --locked --format=json'
  * - supportsParallel: true (php artisan test --parallel is supported)
  *

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.53.6",
+	"version": "6.54.0",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",