opencode-swarm 6.67.1 → 6.68.0

package/dist/cli/index.js

@@ -18507,7 +18507,9 @@ var TOOL_NAMES = [
   "suggest_patch",
   "req_coverage",
   "get_approved_plan",
-  "repo_map"
+  "repo_map",
+  "get_qa_gate_profile",
+  "set_qa_gates"
 ];
 var TOOL_NAME_SET = new Set(TOOL_NAMES);
 
@@ -18577,7 +18579,9 @@ var AGENT_TOOL_MAP = {
     "knowledge_remove",
     "co_change_analyzer",
     "suggest_patch",
-    "repo_map"
+    "repo_map",
+    "get_qa_gate_profile",
+    "set_qa_gates"
   ],
   explorer: [
     "complexity_hotspots",
@@ -19818,6 +19822,24 @@ async function handleBenchmarkCommand(directory, args) {
 `);
 }
 
+// src/commands/brainstorm.ts
+function sanitizeTopic(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  const MAX_TOPIC_LEN = 2000;
+  if (normalized.length <= MAX_TOPIC_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_TOPIC_LEN)}\u2026`;
+}
+async function handleBrainstormCommand(_directory, args) {
+  const description = sanitizeTopic(args.join(" "));
+  if (description) {
+    return `[MODE: BRAINSTORM] ${description}`;
+  }
+  return "[MODE: BRAINSTORM] Please enter MODE: BRAINSTORM and begin the structured brainstorm workflow (CONTEXT SCAN \u2192 DIALOGUE \u2192 APPROACHES \u2192 DESIGN SECTIONS \u2192 SPEC WRITE + SELF-REVIEW \u2192 QA GATE SELECTION \u2192 TRANSITION).";
+}
+
 // src/commands/checkpoint.ts
 init_zod();
 
@@ -41493,6 +41515,324 @@ async function handlePromoteCommand(directory, args) {
   }
 }
 
+// src/db/qa-gate-profile.ts
+import { createHash as createHash4 } from "crypto";
+
+// src/db/project-db.ts
+import { Database } from "bun:sqlite";
+import { existsSync as existsSync16, mkdirSync as mkdirSync7 } from "fs";
+import { join as join22, resolve as resolve11 } from "path";
+var MIGRATIONS = [
+  {
+    version: 1,
+    name: "create_project_constraints",
+    sql: `CREATE TABLE project_constraints (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			constraint_type TEXT NOT NULL,
+			content TEXT NOT NULL,
+			created_at TEXT NOT NULL DEFAULT (datetime('now'))
+		)`
+  },
+  {
+    version: 2,
+    name: "create_qa_gate_profile",
+    sql: `CREATE TABLE qa_gate_profile (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			plan_id TEXT NOT NULL UNIQUE,
+			created_at TEXT NOT NULL DEFAULT (datetime('now')),
+			project_type TEXT,
+			gates TEXT NOT NULL DEFAULT '{}',
+			locked_at TEXT,
+			locked_by_snapshot_seq INTEGER
+		)`
+  },
+  {
+    version: 3,
+    name: "create_qa_gate_profile_immutability_trigger",
+    sql: `CREATE TRIGGER IF NOT EXISTS trg_qa_gate_profile_no_update_after_lock
+			BEFORE UPDATE ON qa_gate_profile
+			WHEN OLD.locked_at IS NOT NULL
+			BEGIN
+				SELECT RAISE(ABORT, 'qa_gate_profile row is locked and cannot be modified after critic approval');
+			END`
+  }
+];
+var _projectDbs = new Map;
+function runProjectMigrations(db) {
+  db.run(`CREATE TABLE IF NOT EXISTS schema_migrations (
+		version INTEGER PRIMARY KEY,
+		name TEXT NOT NULL,
+		applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+	)`);
+  const row = db.query("SELECT MAX(version) as version FROM schema_migrations").get();
+  const currentVersion = row?.version ?? 0;
+  for (const migration of MIGRATIONS) {
+    if (migration.version <= currentVersion)
+      continue;
+    const apply = db.transaction(() => {
+      db.run(migration.sql);
+      db.run("INSERT INTO schema_migrations (version, name) VALUES (?, ?)", [
+        migration.version,
+        migration.name
+      ]);
+    });
+    apply();
+  }
+}
+function projectDbPath(directory) {
+  return join22(resolve11(directory), ".swarm", "swarm.db");
+}
+function projectDbExists(directory) {
+  return existsSync16(projectDbPath(directory));
+}
+function getProjectDb(directory) {
+  const key = resolve11(directory);
+  const existing = _projectDbs.get(key);
+  if (existing)
+    return existing;
+  const swarmDir = join22(key, ".swarm");
+  mkdirSync7(swarmDir, { recursive: true });
+  const db = new Database(join22(swarmDir, "swarm.db"));
+  db.run("PRAGMA journal_mode = WAL;");
+  db.run("PRAGMA synchronous = NORMAL;");
+  db.run("PRAGMA busy_timeout = 5000;");
+  db.run("PRAGMA foreign_keys = ON;");
+  runProjectMigrations(db);
+  _projectDbs.set(key, db);
+  return db;
+}
+
+// src/db/qa-gate-profile.ts
+var DEFAULT_QA_GATES = {
+  reviewer: true,
+  test_engineer: true,
+  council_mode: false,
+  sme_enabled: true,
+  critic_pre_plan: true,
+  hallucination_guard: false,
+  sast_enabled: true
+};
+function rowToProfile(row) {
+  let parsed = {};
+  try {
+    parsed = JSON.parse(row.gates);
+  } catch {
+    parsed = {};
+  }
+  const gates = { ...DEFAULT_QA_GATES, ...parsed };
+  return {
+    id: row.id,
+    plan_id: row.plan_id,
+    created_at: row.created_at,
+    project_type: row.project_type,
+    gates,
+    locked_at: row.locked_at,
+    locked_by_snapshot_seq: row.locked_by_snapshot_seq
+  };
+}
+function getProfile(directory, planId) {
+  if (!projectDbExists(directory))
+    return null;
+  const db = getProjectDb(directory);
+  const row = db.query("SELECT * FROM qa_gate_profile WHERE plan_id = ?").get(planId);
+  return row ? rowToProfile(row) : null;
+}
+function getOrCreateProfile(directory, planId, projectType) {
+  const existing = getProfile(directory, planId);
+  if (existing)
+    return existing;
+  const db = getProjectDb(directory);
+  const gatesJson = JSON.stringify(DEFAULT_QA_GATES);
+  const insert = db.transaction(() => {
+    db.run("INSERT INTO qa_gate_profile (plan_id, project_type, gates) VALUES (?, ?, ?)", [planId, projectType ?? null, gatesJson]);
+  });
+  try {
+    insert();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (!msg.toLowerCase().includes("unique")) {
+      throw err;
+    }
+  }
+  const after = getProfile(directory, planId);
+  if (!after) {
+    throw new Error(`Failed to create or load QA gate profile for plan_id=${planId}`);
+  }
+  return after;
+}
+function setGates(directory, planId, gates) {
+  const current = getProfile(directory, planId);
+  if (!current) {
+    throw new Error(`No QA gate profile found for plan_id=${planId} \u2014 call getOrCreateProfile first`);
+  }
+  if (current.locked_at !== null) {
+    throw new Error("Cannot modify gates: QA gate profile is locked after critic approval");
+  }
+  const merged = { ...current.gates };
+  for (const key of Object.keys(gates)) {
+    const incoming = gates[key];
+    if (incoming === undefined)
+      continue;
+    if (incoming === false && current.gates[key] === true) {
+      throw new Error(`Cannot disable gate '${key}': sessions can only ratchet tighter`);
+    }
+    if (incoming === true) {
+      merged[key] = true;
+    }
+  }
+  const db = getProjectDb(directory);
+  db.run("UPDATE qa_gate_profile SET gates = ? WHERE plan_id = ?", [
+    JSON.stringify(merged),
+    planId
+  ]);
+  const updated = getProfile(directory, planId);
+  if (!updated) {
+    throw new Error(`Failed to re-read QA gate profile after update for plan_id=${planId}`);
+  }
+  return updated;
+}
+function computeProfileHash(profile) {
+  const payload = JSON.stringify({
+    plan_id: profile.plan_id,
+    gates: profile.gates
+  });
+  return createHash4("sha256").update(payload).digest("hex");
+}
+function getEffectiveGates(profile, sessionOverrides) {
+  const merged = { ...profile.gates };
+  for (const key of Object.keys(sessionOverrides)) {
+    if (sessionOverrides[key] === true) {
+      merged[key] = true;
+    }
+  }
+  return merged;
+}
+
+// src/commands/qa-gates.ts
+init_manager();
+var ALL_GATE_NAMES = [
+  "reviewer",
+  "test_engineer",
+  "council_mode",
+  "sme_enabled",
+  "critic_pre_plan",
+  "hallucination_guard",
+  "sast_enabled"
+];
+function derivePlanId(plan) {
+  return `${plan.swarm}-${plan.title}`.replace(/[^a-zA-Z0-9-_]/g, "_");
+}
+function isGateName(name) {
+  return ALL_GATE_NAMES.includes(name);
+}
+function formatGates(gates) {
+  return ALL_GATE_NAMES.map((g) => `  - ${g}: ${gates[g] ? "on" : "off"}`).join(`
+`);
+}
+async function handleQaGatesCommand(directory, args, sessionID) {
+  const plan = await loadPlanJsonOnly(directory);
+  if (!plan) {
+    return "Error: plan.json not found or invalid. Create a plan first (e.g. /swarm specify or save_plan).";
+  }
+  const planId = derivePlanId(plan);
+  const subcommand = args[0]?.toLowerCase();
+  const gateArgs = args.slice(1);
+  if (!subcommand || subcommand === "show" || subcommand === "status") {
+    const profile = getProfile(directory, planId);
+    const spec = profile ? profile.gates : DEFAULT_QA_GATES;
+    const session = sessionID ? getAgentSession(sessionID) : null;
+    const overrides = session?.qaGateSessionOverrides ?? {};
+    const effective = profile ? getEffectiveGates(profile, overrides) : { ...DEFAULT_QA_GATES, ...overrides };
+    const lines = [];
+    lines.push(`QA Gate Profile for plan_id=${planId}`);
+    if (!profile) {
+      lines.push("  (no profile persisted yet \u2014 showing defaults)");
+    } else {
+      lines.push(`  locked: ${profile.locked_at ? `yes @ ${profile.locked_at} (seq ${profile.locked_by_snapshot_seq ?? "?"})` : "no"}`);
+      lines.push(`  profile_hash: ${computeProfileHash(profile)}`);
+    }
+    lines.push("Spec-level gates:");
+    lines.push(formatGates(spec));
+    lines.push("Session overrides (ratchet-tighter only):");
+    if (Object.keys(overrides).length === 0) {
+      lines.push("  (none)");
+    } else {
+      for (const k of ALL_GATE_NAMES) {
+        if (overrides[k] === true)
+          lines.push(`  - ${k}: on (override)`);
+      }
+    }
+    lines.push("Effective gates:");
+    lines.push(formatGates(effective));
+    return lines.join(`
+`);
+  }
+  if (subcommand === "enable") {
+    if (gateArgs.length === 0) {
+      return "Usage: /swarm qa-gates enable <gate> [<gate> ...]";
+    }
+    const invalid = gateArgs.filter((g) => !isGateName(g));
+    if (invalid.length > 0) {
+      return `Error: unknown gate(s): ${invalid.join(", ")}. Valid gates: ${ALL_GATE_NAMES.join(", ")}`;
+    }
+    getOrCreateProfile(directory, planId);
+    const patch = {};
+    for (const g of gateArgs) {
+      if (isGateName(g))
+        patch[g] = true;
+    }
+    try {
+      const updated = setGates(directory, planId, patch);
+      return [
+        `Enabled gates persisted for plan_id=${planId}:`,
+        formatGates(updated.gates),
+        `profile_hash: ${computeProfileHash(updated)}`
+      ].join(`
+`);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return `Error: ${msg}`;
+    }
+  }
+  if (subcommand === "override") {
+    if (!sessionID) {
+      return "Error: session overrides require an active session context.";
+    }
+    if (gateArgs.length === 0) {
+      return "Usage: /swarm qa-gates override <gate> [<gate> ...]";
+    }
+    const invalid = gateArgs.filter((g) => !isGateName(g));
+    if (invalid.length > 0) {
+      return `Error: unknown gate(s): ${invalid.join(", ")}. Valid gates: ${ALL_GATE_NAMES.join(", ")}`;
+    }
+    const session = getAgentSession(sessionID);
+    if (!session) {
+      return "Error: no active session found for override.";
+    }
+    const current = session.qaGateSessionOverrides ?? {};
+    const next = { ...current };
+    for (const g of gateArgs) {
+      if (isGateName(g))
+        next[g] = true;
+    }
+    session.qaGateSessionOverrides = next;
+    return [
+      `Session overrides updated for plan_id=${planId}:`,
+      Object.keys(next).filter((k) => next[k] === true).map((k) => `  - ${k}: on`).join(`
+`) || "  (none)"
+    ].join(`
+`);
+  }
+  return [
+    "Usage:",
+    "  /swarm qa-gates                    show current profile + effective gates",
+    "  /swarm qa-gates enable <gate>...   persist-enable gate(s) (rejected if locked)",
+    "  /swarm qa-gates override <gate>... session-only enable (ratchet-tighter)",
+    `Valid gates: ${ALL_GATE_NAMES.join(", ")}`
+  ].join(`
+`);
+}
+
 // src/commands/reset.ts
 import * as fs16 from "fs";
 
@@ -41549,13 +41889,13 @@ class CircuitBreaker {
     if (this.config.callTimeoutMs <= 0) {
       return fn();
     }
-    return new Promise((resolve11, reject) => {
+    return new Promise((resolve12, reject) => {
       const timeout = setTimeout(() => {
         reject(new Error(`Call timeout after ${this.config.callTimeoutMs}ms`));
       }, this.config.callTimeoutMs);
       fn().then((result) => {
         clearTimeout(timeout);
-        resolve11(result);
+        resolve12(result);
       }).catch((error93) => {
         clearTimeout(timeout);
         reject(error93);
@@ -41839,7 +42179,7 @@ class AutomationQueue {
 
 // src/background/worker.ts
 function sleep(ms) {
-  return new Promise((resolve11) => setTimeout(resolve11, ms));
+  return new Promise((resolve12) => setTimeout(resolve12, ms));
 }
 
 class WorkerManager {
@@ -42930,6 +43270,18 @@ var COMMAND_REGISTRY = {
     description: "Generate or import a feature specification [description]",
     args: "[description-text]"
   },
+  brainstorm: {
+    handler: (ctx) => handleBrainstormCommand(ctx.directory, ctx.args),
+    description: "Enter architect MODE: BRAINSTORM \u2014 structured seven-phase planning workflow [topic]",
+    args: "[topic-text]",
+    details: "Triggers the architect to run the brainstorm workflow: CONTEXT SCAN, single-question DIALOGUE, APPROACHES, DESIGN SECTIONS, SPEC WRITE + SELF-REVIEW, QA GATE SELECTION, TRANSITION. Use for new plans where requirements need to be drawn out before writing spec.md / plan.md."
+  },
+  "qa-gates": {
+    handler: (ctx) => handleQaGatesCommand(ctx.directory, ctx.args, ctx.sessionID),
+    description: "View or modify QA gate profile for the current plan [enable|override <gate>...]",
+    args: "[show|enable|override] <gate>...",
+    details: "show: display spec-level, session-override, and effective QA gates for the current plan. enable: persist gate(s) into the locked-once profile (architect; rejected after critic approval lock). override: session-only ratchet-tighter enable. Valid gates: reviewer, test_engineer, council_mode, sme_enabled, critic_pre_plan, hallucination_guard, sast_enabled."
+  },
   promote: {
     handler: (ctx) => handlePromoteCommand(ctx.directory, ctx.args),
     description: "Manually promote lesson to hive knowledge",

package/dist/commands/brainstorm.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Handle /swarm brainstorm command.
+ *
+ * Returns a trigger prompt instructing the architect to enter
+ * MODE: BRAINSTORM — the seven-phase planning workflow defined in the
+ * architect prompt: CONTEXT SCAN → DIALOGUE → APPROACHES → DESIGN SECTIONS
+ * → SPEC WRITE + SELF-REVIEW → QA GATE SELECTION → TRANSITION.
+ *
+ * Any arguments become the initial topic/problem statement for the
+ * architect to reason about. The topic is sanitized to prevent prompt
+ * injection of rival MODE: headers or newline-based control sequences.
+ */
+export declare function handleBrainstormCommand(_directory: string, args: string[]): Promise<string>;

package/dist/commands/brainstorm.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/index.d.ts

@@ -4,6 +4,7 @@ export { handleAgentsCommand } from './agents';
 export { handleAnalyzeCommand } from './analyze';
 export { handleArchiveCommand } from './archive';
 export { handleBenchmarkCommand } from './benchmark';
+export { handleBrainstormCommand } from './brainstorm';
 export { handleCheckpointCommand } from './checkpoint';
 export { handleClarifyCommand } from './clarify';
 export { handleCloseCommand } from './close';
@@ -21,6 +22,7 @@ export { handleKnowledgeListCommand, handleKnowledgeMigrateCommand, handleKnowle
 export { handlePlanCommand } from './plan';
 export { handlePreflightCommand } from './preflight';
 export { handlePromoteCommand } from './promote';
+export { handleQaGatesCommand } from './qa-gates';
 export type { CommandContext, CommandEntry, RegisteredCommand, } from './registry.js';
 export { COMMAND_REGISTRY, resolveCommand, VALID_COMMANDS, } from './registry.js';
 export { handleResetCommand } from './reset';

package/dist/commands/qa-gates.d.ts

@@ -0,0 +1,15 @@
+/**
+ * /swarm qa-gates command.
+ *
+ * View, enable, or add session overrides for QA gates tied to the current
+ * plan's QA gate profile. Read-only display when called without arguments;
+ * ratchet-tighter enable/override when called with `enable <gate>...` or
+ * `override <gate>...`.
+ *
+ *   /swarm qa-gates                     -> show profile + effective gates
+ *   /swarm qa-gates enable <gate>...    -> persist into profile (architect)
+ *   /swarm qa-gates override <gate>...  -> session-only override
+ *
+ * Refuses to persist into a locked profile.
+ */
+export declare function handleQaGatesCommand(directory: string, args: string[], sessionID: string): Promise<string>;

package/dist/commands/qa-gates.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/registry.d.ts

@@ -150,6 +150,18 @@ export declare const COMMAND_REGISTRY: {
         readonly description: "Generate or import a feature specification [description]";
         readonly args: "[description-text]";
     };
+    readonly brainstorm: {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "Enter architect MODE: BRAINSTORM — structured seven-phase planning workflow [topic]";
+        readonly args: "[topic-text]";
+        readonly details: "Triggers the architect to run the brainstorm workflow: CONTEXT SCAN, single-question DIALOGUE, APPROACHES, DESIGN SECTIONS, SPEC WRITE + SELF-REVIEW, QA GATE SELECTION, TRANSITION. Use for new plans where requirements need to be drawn out before writing spec.md / plan.md.";
+    };
+    readonly 'qa-gates': {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "View or modify QA gate profile for the current plan [enable|override <gate>...]";
+        readonly args: "[show|enable|override] <gate>...";
+        readonly details: "show: display spec-level, session-override, and effective QA gates for the current plan. enable: persist gate(s) into the locked-once profile (architect; rejected after critic approval lock). override: session-only ratchet-tighter enable. Valid gates: reviewer, test_engineer, council_mode, sme_enabled, critic_pre_plan, hallucination_guard, sast_enabled.";
+    };
     readonly promote: {
         readonly handler: (ctx: CommandContext) => Promise<string>;
         readonly description: "Manually promote lesson to hive knowledge";

package/dist/db/global-db.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Global SQLite database singleton for opencode-swarm.
+ *
+ * Owns `global-rules.db` in the platform config directory. Stores cross-project
+ * rules and agent prompt sections. Per-project QA gate profiles live in the
+ * project DB (see `./project-db.ts`), not here.
+ */
+import { Database } from 'bun:sqlite';
+/**
+ * Run all pending migrations on the provided database.
+ * Idempotent: existing migrations are not re-applied.
+ */
+export declare function runGlobalMigrations(db: Database): void;
+/**
+ * Return the process-wide singleton global database, creating it on first call.
+ * Directory is created if it does not exist. WAL mode is enabled immediately.
+ */
+export declare function getGlobalDb(): Database;
+/**
+ * Close and clear the global database singleton. Test-only.
+ */
+export declare function closeGlobalDb(): void;

package/dist/db/global-db.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Tests for src/db/global-db.ts.
+ *
+ * Uses XDG_CONFIG_HOME override so getPlatformConfigDir() resolves into
+ * a temp directory (Linux only — this test suite is gated accordingly).
+ */
+export {};

package/dist/db/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Barrel re-exports for the opencode-swarm SQLite database layer.
+ *
+ * - `global-db`: process-wide singleton for cross-project rules and
+ *   agent prompt sections (`global-rules.db` in the platform config dir).
+ * - `project-db`: per-project database cache (`.swarm/swarm.db`), keyed by
+ *   normalized directory path.
+ * - `qa-gate-profile`: service layer for per-plan QA gate profiles stored
+ *   in the project DB.
+ */
+export { closeGlobalDb, getGlobalDb, runGlobalMigrations, } from './global-db.js';
+export { closeAllProjectDbs, closeProjectDb, getProjectDb, projectDbExists, projectDbPath, runProjectMigrations, } from './project-db.js';
+export { computeProfileHash, DEFAULT_QA_GATES, getEffectiveGates, getOrCreateProfile, getProfile, lockProfile, type QaGateProfile, type QaGates, setGates, } from './qa-gate-profile.js';

package/dist/db/project-db.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Per-project SQLite database for opencode-swarm.
+ *
+ * Owns `.swarm/swarm.db` in each project directory. Stores per-project
+ * constraints and QA gate profiles. One cached instance per normalized
+ * directory path.
+ */
+import { Database } from 'bun:sqlite';
+/**
+ * Run all pending migrations on the provided database.
+ * Idempotent: existing migrations are not re-applied.
+ */
+export declare function runProjectMigrations(db: Database): void;
+/**
+ * Return the absolute path to `.swarm/swarm.db` for the given directory.
+ * Does not create the file or any parent directory.
+ */
+export declare function projectDbPath(directory: string): string;
+/**
+ * Return true iff the project DB file already exists on disk. Does not
+ * open the DB, create `.swarm/`, or run migrations. Intended for
+ * read-only callers (e.g. `getProfile`) that must avoid mutating the
+ * workspace just to check for a missing record.
+ */
+export declare function projectDbExists(directory: string): boolean;
+/**
+ * Return the cached project database for the given directory, opening it
+ * if needed. Creates `.swarm/` if absent and enables WAL + foreign keys.
+ */
+export declare function getProjectDb(directory: string): Database;
+/**
+ * Close and remove the cached project database for the given directory.
+ * Test-only.
+ */
+export declare function closeProjectDb(directory: string): void;
+/**
+ * Close and remove all cached project databases.
+ * Test-only.
+ */
+export declare function closeAllProjectDbs(): void;

package/dist/db/project-db.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for src/db/project-db.ts.
+ */
+export {};

package/dist/db/qa-gate-profile.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Service layer for the `qa_gate_profile` table in the per-project database.
+ *
+ * A QA gate profile is keyed by plan_id and captures which QA gates are
+ * enabled for that plan. Profiles are locked after critic approval; once
+ * locked, row updates are rejected by a SQLite trigger and by this service.
+ * Sessions can only ratchet gates tighter (enable more), never disable them.
+ */
+/**
+ * QA gate flags. All seven gates are tracked explicitly.
+ */
+export interface QaGates {
+    reviewer: boolean;
+    test_engineer: boolean;
+    council_mode: boolean;
+    sme_enabled: boolean;
+    critic_pre_plan: boolean;
+    hallucination_guard: boolean;
+    sast_enabled: boolean;
+}
+/**
+ * Default QA gate configuration for newly-created profiles.
+ */
+export declare const DEFAULT_QA_GATES: QaGates;
+/**
+ * Row-level representation of a persisted QA gate profile.
+ */
+export interface QaGateProfile {
+    id: number;
+    plan_id: string;
+    created_at: string;
+    project_type: string | null;
+    gates: QaGates;
+    locked_at: string | null;
+    locked_by_snapshot_seq: number | null;
+}
+/**
+ * Fetch the profile for `planId` or return null if none exists.
+ *
+ * Read-only: if `.swarm/swarm.db` does not exist yet, returns null
+ * without creating the DB file or running migrations. This keeps callers
+ * on read-only paths (`get_approved_plan`, `get_qa_gate_profile`, the
+ * `qa-gates show` command) from silently mutating the workspace just by
+ * looking for a profile. Write paths (`getOrCreateProfile`, `setGates`,
+ * `lockProfile`) continue to initialize the DB on demand.
+ */
+export declare function getProfile(directory: string, planId: string): QaGateProfile | null;
+/**
+ * Return the existing profile for `planId`, or create a new one seeded with
+ * `DEFAULT_QA_GATES` if none exists. Tolerates races on the UNIQUE index.
+ */
+export declare function getOrCreateProfile(directory: string, planId: string, projectType?: string): QaGateProfile;
+/**
+ * Update gates for `planId`. Gates can only be ratcheted tighter —
+ * attempting to disable a currently-enabled gate throws. Throws if the
+ * profile is locked.
+ */
+export declare function setGates(directory: string, planId: string, gates: Partial<QaGates>): QaGateProfile;
+/**
+ * Lock the profile for `planId`, recording the snapshot seq that anchors it.
+ * Idempotent: locking an already-locked profile returns it unchanged.
+ */
+export declare function lockProfile(directory: string, planId: string, snapshotSeq: number): QaGateProfile;
+/**
+ * Compute a SHA-256 hex digest over the stable identity of a profile.
+ * Used by `get_approved_plan` for drift detection.
+ */
+export declare function computeProfileHash(profile: QaGateProfile): string;
+/**
+ * Merge session-level gate overrides on top of the spec-level profile.
+ * Session overrides can only ratchet gates tighter (set to true); false
+ * values in overrides are ignored.
+ *
+ * IMPORTANT — caller responsibility: this function is the *computation*
+ * of effective gates, not an enforcement point. Enforcement consumers
+ * (reviewer dispatch, SAST runner, council convene paths, etc.) must
+ * call this at their own check sites, passing the current profile from
+ * `getProfile` and the agent session's `qaGateSessionOverrides ?? {}`.
+ * Reading raw `profile.gates` directly from an enforcement site will
+ * silently ignore operator-applied session overrides. Session overrides
+ * are currently surfaced via `/swarm qa-gates show`; wiring additional
+ * enforcement consumers is tracked as follow-up work and does not affect
+ * spec-level gate correctness on the approved-plan path.
+ *
+ * Session overrides are intentionally ephemeral — they live only in
+ * in-memory `AgentSessionState.qaGateSessionOverrides` and are NOT
+ * persisted to the session snapshot. Process restart clears them.
+ */
+export declare function getEffectiveGates(profile: QaGateProfile, sessionOverrides: Partial<QaGates>): QaGates;

package/dist/db/qa-gate-profile.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for src/db/qa-gate-profile.ts.
+ */
+export {};