npm - opencode-swarm - Versions diffs - 6.66.0 → 6.67.0 - Mend

opencode-swarm 6.66.0 → 6.67.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli/index.js +1 -1
package/dist/council/__tests__/council-evidence-writer.adversarial.test.d.ts +6 -0
package/dist/council/types.d.ts +10 -1
package/dist/index.js +41 -4
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -18535,9 +18535,9 @@ var AGENT_TOOL_MAP = {
     "checkpoint",
     "check_gate_status",
     "completion_verify",
+    "complexity_hotspots",
     "convene_council",
     "declare_council_criteria",
-    "complexity_hotspots",
     "detect_domains",
     "evidence_check",
     "extract_code_blocks",

package/dist/council/__tests__/council-evidence-writer.adversarial.test.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Adversarial security tests for safeAssignOwnProps.
+ * Tests prototype pollution attacks, constructor pollution, array smuggling,
+ * and boundary violations.
+ */
+export {};

package/dist/council/types.d.ts CHANGED Viewed

@@ -48,6 +48,8 @@ export interface CouncilSynthesis {
     /** 1-indexed */
     roundNumber: number;
     allCriteriaMet: boolean;
+    /** true when called with an empty verdicts array — the APPROVE is vacuous */
+    emptyVerdictsWarning?: boolean;
 }
 export interface CouncilCriteriaItem {
     id: string;
@@ -71,7 +73,14 @@ export interface CouncilConfig {
     vetoPriority: boolean;
     /** Default false — when true, convene_council rejects unless all 5 member verdicts are provided */
     requireAllMembers: boolean;
-    /** Optional webhook URL or handler name invoked when maxRounds is reached without APPROVE. Declared for forward compatibility; no behavior is implemented yet. */
+    /**
+     * Optional webhook URL or handler name for auto-escalation when maxRounds is
+     * reached without APPROVE. Reserved for forward compatibility — NOT yet
+     * implemented. Currently, maxRounds exhaustion surfaces a user-facing message
+     * via `buildUnifiedFeedbackMd` in council-service.ts (see the "Escalate to
+     * user" block), and the architect must relay it to the user. Future wiring
+     * options: critic_oversight agent, HTTP webhook, or configurable handler.
+     */
     escalateOnMaxRounds?: string;
 }
 export declare const COUNCIL_DEFAULTS: CouncilConfig;

package/dist/index.js CHANGED Viewed

@@ -175,9 +175,9 @@ var init_constants = __esm(() => {
       "checkpoint",
       "check_gate_status",
       "completion_verify",
+      "complexity_hotspots",
       "convene_council",
       "declare_council_criteria",
-      "complexity_hotspots",
       "detect_domains",
       "evidence_check",
       "extract_code_blocks",
@@ -68371,7 +68371,13 @@ ${body2}`);
 }
 // src/council/council-evidence-writer.ts
-import { existsSync as existsSync36, mkdirSync as mkdirSync16, readFileSync as readFileSync35, writeFileSync as writeFileSync11 } from "fs";
+import {
+  appendFileSync as appendFileSync7,
+  existsSync as existsSync36,
+  mkdirSync as mkdirSync16,
+  readFileSync as readFileSync35,
+  writeFileSync as writeFileSync11
+} from "fs";
 import { join as join59 } from "path";
 var EVIDENCE_DIR2 = ".swarm/evidence";
 var VALID_TASK_ID = /^\d+\.\d+(\.\d+)*$/;
@@ -68382,7 +68388,23 @@ function safeAssignOwnProps(target, source) {
   for (const key of Object.keys(source)) {
     if (FORBIDDEN_KEYS.has(key))
       continue;
-    target[key] = source[key];
+    const value = source[key];
+    if (value !== null && typeof value === "object" && !Array.isArray(value)) {
+      const nested = Object.create(null);
+      safeAssignOwnProps(nested, value);
+      target[key] = nested;
+    } else if (Array.isArray(value)) {
+      target[key] = value.map((item) => {
+        if (item !== null && typeof item === "object" && !Array.isArray(item)) {
+          const nested = Object.create(null);
+          safeAssignOwnProps(nested, item);
+          return nested;
+        }
+        return item;
+      });
+    } else {
+      target[key] = value;
+    }
   }
   return target;
 }
@@ -68420,6 +68442,20 @@ function writeCouncilEvidence(workingDir, synthesis) {
   safeAssignOwnProps(updated, existingRoot);
   updated.gates = mergedGates;
   writeFileSync11(filePath, JSON.stringify(updated, null, 2));
+  try {
+    const councilDir = join59(workingDir, ".swarm", "council");
+    mkdirSync16(councilDir, { recursive: true });
+    const auditLine = JSON.stringify({
+      round: synthesis.roundNumber,
+      verdict: synthesis.overallVerdict,
+      timestamp: synthesis.timestamp,
+      vetoedBy: synthesis.vetoedBy
+    });
+    appendFileSync7(join59(councilDir, `${synthesis.taskId}.rounds.jsonl`), `${auditLine}
+`);
+  } catch (auditError) {
+    console.warn(`writeCouncilEvidence: failed to append round-history audit log: ${auditError instanceof Error ? auditError.message : String(auditError)}`);
+  }
 }
 // src/council/types.ts
@@ -68469,7 +68505,8 @@ function synthesizeCouncilVerdicts(taskId, swarmId, verdicts, criteria, roundNum
     advisoryFindings,
     unifiedFeedbackMd,
     roundNumber,
-    allCriteriaMet
+    allCriteriaMet,
+    ...verdicts.length === 0 && { emptyVerdictsWarning: true }
   };
 }
 function detectConflicts(verdicts) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.66.0",
+	"version": "6.67.0",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",