opencode-swarm 6.67.1 → 6.68.1

package/dist/commands/brainstorm.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Handle /swarm brainstorm command.
+ *
+ * Returns a trigger prompt instructing the architect to enter
+ * MODE: BRAINSTORM — the seven-phase planning workflow defined in the
+ * architect prompt: CONTEXT SCAN → DIALOGUE → APPROACHES → DESIGN SECTIONS
+ * → SPEC WRITE + SELF-REVIEW → QA GATE SELECTION → TRANSITION.
+ *
+ * Any arguments become the initial topic/problem statement for the
+ * architect to reason about. The topic is sanitized to prevent prompt
+ * injection of rival MODE: headers or newline-based control sequences.
+ */
+export declare function handleBrainstormCommand(_directory: string, args: string[]): Promise<string>;

package/dist/commands/brainstorm.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/index.d.ts

@@ -4,6 +4,7 @@ export { handleAgentsCommand } from './agents';
 export { handleAnalyzeCommand } from './analyze';
 export { handleArchiveCommand } from './archive';
 export { handleBenchmarkCommand } from './benchmark';
+export { handleBrainstormCommand } from './brainstorm';
 export { handleCheckpointCommand } from './checkpoint';
 export { handleClarifyCommand } from './clarify';
 export { handleCloseCommand } from './close';
@@ -21,6 +22,7 @@ export { handleKnowledgeListCommand, handleKnowledgeMigrateCommand, handleKnowle
 export { handlePlanCommand } from './plan';
 export { handlePreflightCommand } from './preflight';
 export { handlePromoteCommand } from './promote';
+export { handleQaGatesCommand } from './qa-gates';
 export type { CommandContext, CommandEntry, RegisteredCommand, } from './registry.js';
 export { COMMAND_REGISTRY, resolveCommand, VALID_COMMANDS, } from './registry.js';
 export { handleResetCommand } from './reset';

package/dist/commands/qa-gates.d.ts

@@ -0,0 +1,15 @@
+/**
+ * /swarm qa-gates command.
+ *
+ * View, enable, or add session overrides for QA gates tied to the current
+ * plan's QA gate profile. Read-only display when called without arguments;
+ * ratchet-tighter enable/override when called with `enable <gate>...` or
+ * `override <gate>...`.
+ *
+ *   /swarm qa-gates                     -> show profile + effective gates
+ *   /swarm qa-gates enable <gate>...    -> persist into profile (architect)
+ *   /swarm qa-gates override <gate>...  -> session-only override
+ *
+ * Refuses to persist into a locked profile.
+ */
+export declare function handleQaGatesCommand(directory: string, args: string[], sessionID: string): Promise<string>;

package/dist/commands/qa-gates.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/commands/registry.d.ts

@@ -150,6 +150,18 @@ export declare const COMMAND_REGISTRY: {
         readonly description: "Generate or import a feature specification [description]";
         readonly args: "[description-text]";
     };
+    readonly brainstorm: {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "Enter architect MODE: BRAINSTORM — structured seven-phase planning workflow [topic]";
+        readonly args: "[topic-text]";
+        readonly details: "Triggers the architect to run the brainstorm workflow: CONTEXT SCAN, single-question DIALOGUE, APPROACHES, DESIGN SECTIONS, SPEC WRITE + SELF-REVIEW, QA GATE SELECTION, TRANSITION. Use for new plans where requirements need to be drawn out before writing spec.md / plan.md.";
+    };
+    readonly 'qa-gates': {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "View or modify QA gate profile for the current plan [enable|override <gate>...]";
+        readonly args: "[show|enable|override] <gate>...";
+        readonly details: "show: display spec-level, session-override, and effective QA gates for the current plan. enable: persist gate(s) into the locked-once profile (architect; rejected after critic approval lock). override: session-only ratchet-tighter enable. Valid gates: reviewer, test_engineer, council_mode, sme_enabled, critic_pre_plan, hallucination_guard, sast_enabled.";
+    };
     readonly promote: {
         readonly handler: (ctx: CommandContext) => Promise<string>;
         readonly description: "Manually promote lesson to hive knowledge";

package/dist/db/global-db.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Global SQLite database singleton for opencode-swarm.
+ *
+ * Owns `global-rules.db` in the platform config directory. Stores cross-project
+ * rules and agent prompt sections. Per-project QA gate profiles live in the
+ * project DB (see `./project-db.ts`), not here.
+ */
+import { Database } from 'bun:sqlite';
+/**
+ * Run all pending migrations on the provided database.
+ * Idempotent: existing migrations are not re-applied.
+ */
+export declare function runGlobalMigrations(db: Database): void;
+/**
+ * Return the process-wide singleton global database, creating it on first call.
+ * Directory is created if it does not exist. WAL mode is enabled immediately.
+ */
+export declare function getGlobalDb(): Database;
+/**
+ * Close and clear the global database singleton. Test-only.
+ */
+export declare function closeGlobalDb(): void;

package/dist/db/global-db.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Tests for src/db/global-db.ts.
+ *
+ * Uses XDG_CONFIG_HOME override so getPlatformConfigDir() resolves into
+ * a temp directory (Linux only — this test suite is gated accordingly).
+ */
+export {};

package/dist/db/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Barrel re-exports for the opencode-swarm SQLite database layer.
+ *
+ * - `global-db`: process-wide singleton for cross-project rules and
+ *   agent prompt sections (`global-rules.db` in the platform config dir).
+ * - `project-db`: per-project database cache (`.swarm/swarm.db`), keyed by
+ *   normalized directory path.
+ * - `qa-gate-profile`: service layer for per-plan QA gate profiles stored
+ *   in the project DB.
+ */
+export { closeGlobalDb, getGlobalDb, runGlobalMigrations, } from './global-db.js';
+export { closeAllProjectDbs, closeProjectDb, getProjectDb, projectDbExists, projectDbPath, runProjectMigrations, } from './project-db.js';
+export { computeProfileHash, DEFAULT_QA_GATES, getEffectiveGates, getOrCreateProfile, getProfile, lockProfile, type QaGateProfile, type QaGates, setGates, } from './qa-gate-profile.js';

package/dist/db/project-db.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Per-project SQLite database for opencode-swarm.
+ *
+ * Owns `.swarm/swarm.db` in each project directory. Stores per-project
+ * constraints and QA gate profiles. One cached instance per normalized
+ * directory path.
+ */
+import { Database } from 'bun:sqlite';
+/**
+ * Run all pending migrations on the provided database.
+ * Idempotent: existing migrations are not re-applied.
+ */
+export declare function runProjectMigrations(db: Database): void;
+/**
+ * Return the absolute path to `.swarm/swarm.db` for the given directory.
+ * Does not create the file or any parent directory.
+ */
+export declare function projectDbPath(directory: string): string;
+/**
+ * Return true iff the project DB file already exists on disk. Does not
+ * open the DB, create `.swarm/`, or run migrations. Intended for
+ * read-only callers (e.g. `getProfile`) that must avoid mutating the
+ * workspace just to check for a missing record.
+ */
+export declare function projectDbExists(directory: string): boolean;
+/**
+ * Return the cached project database for the given directory, opening it
+ * if needed. Creates `.swarm/` if absent and enables WAL + foreign keys.
+ */
+export declare function getProjectDb(directory: string): Database;
+/**
+ * Close and remove the cached project database for the given directory.
+ * Test-only.
+ */
+export declare function closeProjectDb(directory: string): void;
+/**
+ * Close and remove all cached project databases.
+ * Test-only.
+ */
+export declare function closeAllProjectDbs(): void;

package/dist/db/project-db.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for src/db/project-db.ts.
+ */
+export {};

package/dist/db/qa-gate-profile.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Service layer for the `qa_gate_profile` table in the per-project database.
+ *
+ * A QA gate profile is keyed by plan_id and captures which QA gates are
+ * enabled for that plan. Profiles are locked after critic approval; once
+ * locked, row updates are rejected by a SQLite trigger and by this service.
+ * Sessions can only ratchet gates tighter (enable more), never disable them.
+ */
+/**
+ * QA gate flags. All seven gates are tracked explicitly.
+ */
+export interface QaGates {
+    reviewer: boolean;
+    test_engineer: boolean;
+    council_mode: boolean;
+    sme_enabled: boolean;
+    critic_pre_plan: boolean;
+    hallucination_guard: boolean;
+    sast_enabled: boolean;
+}
+/**
+ * Default QA gate configuration for newly-created profiles.
+ */
+export declare const DEFAULT_QA_GATES: QaGates;
+/**
+ * Row-level representation of a persisted QA gate profile.
+ */
+export interface QaGateProfile {
+    id: number;
+    plan_id: string;
+    created_at: string;
+    project_type: string | null;
+    gates: QaGates;
+    locked_at: string | null;
+    locked_by_snapshot_seq: number | null;
+}
+/**
+ * Fetch the profile for `planId` or return null if none exists.
+ *
+ * Read-only: if `.swarm/swarm.db` does not exist yet, returns null
+ * without creating the DB file or running migrations. This keeps callers
+ * on read-only paths (`get_approved_plan`, `get_qa_gate_profile`, the
+ * `qa-gates show` command) from silently mutating the workspace just by
+ * looking for a profile. Write paths (`getOrCreateProfile`, `setGates`,
+ * `lockProfile`) continue to initialize the DB on demand.
+ */
+export declare function getProfile(directory: string, planId: string): QaGateProfile | null;
+/**
+ * Return the existing profile for `planId`, or create a new one seeded with
+ * `DEFAULT_QA_GATES` if none exists. Tolerates races on the UNIQUE index.
+ */
+export declare function getOrCreateProfile(directory: string, planId: string, projectType?: string): QaGateProfile;
+/**
+ * Update gates for `planId`. Gates can only be ratcheted tighter —
+ * attempting to disable a currently-enabled gate throws. Throws if the
+ * profile is locked.
+ */
+export declare function setGates(directory: string, planId: string, gates: Partial<QaGates>): QaGateProfile;
+/**
+ * Lock the profile for `planId`, recording the snapshot seq that anchors it.
+ * Idempotent: locking an already-locked profile returns it unchanged.
+ */
+export declare function lockProfile(directory: string, planId: string, snapshotSeq: number): QaGateProfile;
+/**
+ * Compute a SHA-256 hex digest over the stable identity of a profile.
+ * Used by `get_approved_plan` for drift detection.
+ */
+export declare function computeProfileHash(profile: QaGateProfile): string;
+/**
+ * Merge session-level gate overrides on top of the spec-level profile.
+ * Session overrides can only ratchet gates tighter (set to true); false
+ * values in overrides are ignored.
+ *
+ * IMPORTANT — caller responsibility: this function is the *computation*
+ * of effective gates, not an enforcement point. Enforcement consumers
+ * (reviewer dispatch, SAST runner, council convene paths, etc.) must
+ * call this at their own check sites, passing the current profile from
+ * `getProfile` and the agent session's `qaGateSessionOverrides ?? {}`.
+ * Reading raw `profile.gates` directly from an enforcement site will
+ * silently ignore operator-applied session overrides. Session overrides
+ * are currently surfaced via `/swarm qa-gates show`; wiring additional
+ * enforcement consumers is tracked as follow-up work and does not affect
+ * spec-level gate correctness on the approved-plan path.
+ *
+ * Session overrides are intentionally ephemeral — they live only in
+ * in-memory `AgentSessionState.qaGateSessionOverrides` and are NOT
+ * persisted to the session snapshot. Process restart clears them.
+ */
+export declare function getEffectiveGates(profile: QaGateProfile, sessionOverrides: Partial<QaGates>): QaGates;

package/dist/db/qa-gate-profile.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests for src/db/qa-gate-profile.ts.
+ */
+export {};

package/dist/diff/__tests__/semantic-classifier.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/diff/__tests__/summary-generator.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/diff/semantic-classifier.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Semantic classifier for AST changes.
+ * Classifies AST changes into semantic categories with risk ranking.
+ * @module diff/semantic-classifier
+ */
+import type { ASTDiffResult } from '../diff/ast-diff.js';
+/**
+ * Semantic categories for classified changes.
+ * Describes the nature of the change from a code impact perspective.
+ */
+export type ChangeCategory = 'SIGNATURE_CHANGE' | 'API_CHANGE' | 'GUARD_REMOVED' | 'LOGIC_CHANGE' | 'DELETED_FUNCTION' | 'NEW_FUNCTION' | 'REFACTOR' | 'COSMETIC' | 'UNCLASSIFIED';
+/**
+ * Risk level associated with a classified change.
+ * Indicates the potential impact severity of the change.
+ */
+export type RiskLevel = 'Critical' | 'High' | 'Medium' | 'Low';
+/**
+ * A classified AST change with semantic categorization and risk assessment.
+ */
+export interface ClassifiedChange {
+    /** Semantic category of the change */
+    category: ChangeCategory;
+    /** Risk level indicating potential impact severity */
+    riskLevel: RiskLevel;
+    /** Path to the file containing this change */
+    filePath: string;
+    /** Name of the symbol (function, class, etc.) affected */
+    symbolName: string;
+    /** Type of change operation */
+    changeType: 'added' | 'modified' | 'removed';
+    /** Starting line number of the change */
+    lineStart: number;
+    /** Ending line number of the change */
+    lineEnd: number;
+    /** Human-readable description of what was detected */
+    description: string;
+    /** Original AST change signature detail (if available) */
+    signature?: string;
+}
+/**
+ * Classify an array of AST diff results into semantic categories with risk levels.
+ *
+ * @param astDiffs - Array of ASTDiffResult from the AST differ
+ * @returns Array of ClassifiedChange with semantic categorization
+ *
+ * @example
+ * ```typescript
+ * const diffs = await astDiff(oldCode, newCode);
+ * const classified = classifyChanges(diffs);
+ * for (const change of classified) {
+ *   console.log(`[${change.riskLevel}] ${change.category}: ${change.symbolName}`);
+ * }
+ * ```
+ */
+export declare function classifyChanges(astDiffs: ASTDiffResult[]): ClassifiedChange[];

package/dist/diff/summary-generator.d.ts

@@ -0,0 +1,33 @@
+import type { ChangeCategory, ClassifiedChange, RiskLevel } from './semantic-classifier.js';
+/**
+ * Structured summary of classified semantic diff changes.
+ * Provides multiple views for different review workflows.
+ */
+export interface SemanticDiffSummary {
+    /** Number of files with changes */
+    totalFiles: number;
+    /** Total number of classified changes */
+    totalChanges: number;
+    /** Changes grouped by risk level */
+    byRisk: Record<RiskLevel, ClassifiedChange[]>;
+    /** Changes grouped by category */
+    byCategory: Record<ChangeCategory, ClassifiedChange[]>;
+    /** Quick access to Critical items for gate checks */
+    criticalItems: ClassifiedChange[];
+}
+/**
+ * Generates a structured summary from classified changes.
+ * Provides by-risk and by-category groupings plus critical item quick access.
+ *
+ * @param changes - Array of classified changes to summarize
+ * @returns SemanticDiffSummary with all grouping views
+ */
+export declare function generateSummary(changes: ClassifiedChange[]): SemanticDiffSummary;
+/**
+ * Generates reviewer-ready markdown summary from a SemanticDiffSummary.
+ * Format groups by risk level with file:category annotations.
+ *
+ * @param summary - The structured summary to render as markdown
+ * @returns Markdown-formatted string ready for PR review
+ */
+export declare function generateSummaryMarkdown(summary: SemanticDiffSummary): string;