opencode-swarm 6.8.1 → 6.9.0

package/dist/lang/index.d.ts

@@ -0,0 +1,2 @@
+export * from './registry';
+export * from './runtime';

package/dist/lang/registry.d.ts

@@ -0,0 +1,24 @@
+import { type Parser } from './runtime';
+export interface LanguageDefinition {
+    id: string;
+    extensions: string[];
+    commentNodes: string[];
+}
+export declare const languageDefinitions: LanguageDefinition[];
+export declare function getLanguageForExtension(extension: string): LanguageDefinition | undefined;
+export declare function listSupportedLanguages(): readonly LanguageDefinition[];
+/**
+ * Get a parser for a specific file path
+ * Determines language from file extension, loads grammar, returns configured parser
+ *
+ * @param filePath - Absolute or relative path to the file
+ * @returns Parser instance or null if language not supported
+ */
+export declare function getParserForFile(filePath: string): Promise<Parser | null>;
+/**
+ * Check if a file path has a supported language extension
+ *
+ * @param filePath - Path to check
+ * @returns true if extension is supported
+ */
+export declare function isSupportedFile(filePath: string): boolean;

package/dist/lang/runtime.d.ts

@@ -0,0 +1,35 @@
+import type { Parser as ParserType } from 'web-tree-sitter';
+export type Parser = ParserType;
+/**
+ * Parser cache to avoid reloading grammars multiple times per session
+ */
+export declare const parserCache: Map<string, ParserType>;
+/**
+ * Initialize a parser for the given language
+ * Loads WASM from dist/lang/grammars/ (copied during build)
+ *
+ * @param languageId - Language identifier (e.g., 'javascript', 'python')
+ * @returns Configured Parser instance
+ * @throws Error if WASM file not found or failed to load
+ */
+export declare function loadGrammar(languageId: string): Promise<ParserType>;
+/**
+ * Check if a language grammar is available (WASM file exists)
+ * Does not load the grammar, just checks existence
+ *
+ * @param languageId - Language identifier
+ * @returns true if grammar is available
+ */
+export declare function isGrammarAvailable(languageId: string): Promise<boolean>;
+/**
+ * Clear the parser cache (useful for testing)
+ */
+export declare function clearParserCache(): void;
+/**
+ * Get list of initialized languages
+ */
+export declare function getInitializedLanguages(): string[];
+/**
+ * Get list of supported language IDs
+ */
+export declare function getSupportedLanguages(): string[];

package/dist/quality/index.d.ts

@@ -0,0 +1 @@
+export { computeQualityMetrics, type QualityMetrics, type QualityViolation, } from './metrics';

package/dist/quality/metrics.d.ts

@@ -0,0 +1,20 @@
+import type { QualityBudgetConfig } from '../config/schema';
+export interface QualityMetrics {
+    complexity_delta: number;
+    public_api_delta: number;
+    duplication_ratio: number;
+    test_to_code_ratio: number;
+    files_analyzed: string[];
+    thresholds: QualityBudgetConfig;
+    violations: QualityViolation[];
+}
+export interface QualityViolation {
+    type: 'complexity' | 'api' | 'duplication' | 'test_ratio';
+    message: string;
+    severity: 'error' | 'warning';
+    files: string[];
+}
+/**
+ * Compute quality metrics for changed files
+ */
+export declare function computeQualityMetrics(changedFiles: string[], thresholds: QualityBudgetConfig, workingDir: string): Promise<QualityMetrics>;

package/dist/sast/rules/c.d.ts

@@ -0,0 +1,9 @@
+/**
+ * C/C++ SAST Rules
+ * Detects common security vulnerabilities in C/C++ code
+ */
+import type { SastRule } from './index';
+/**
+ * C/C++ security rules
+ */
+export declare const cRules: SastRule[];

package/dist/sast/rules/csharp.d.ts

@@ -0,0 +1,9 @@
+/**
+ * C# SAST Rules
+ * Detects common security vulnerabilities in C# code
+ */
+import type { SastRule } from './index';
+/**
+ * C# security rules
+ */
+export declare const csharpRules: SastRule[];

package/dist/sast/rules/go.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Go SAST Rules
+ * Detects common security vulnerabilities in Go code
+ */
+import type { SastRule } from './index';
+/**
+ * Go security rules
+ */
+export declare const goRules: SastRule[];

package/dist/sast/rules/index.d.ts

@@ -0,0 +1,72 @@
+/**
+ * SAST Rule Engine - Main entry point
+ * Provides rule registration, loading, and execution for static security analysis
+ */
+export interface SastRule {
+    id: string;
+    name: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    languages: string[];
+    description: string;
+    remediation?: string;
+    query?: string;
+    pattern?: RegExp;
+    validate?: (match: SastMatch, context: SastContext) => boolean;
+}
+export interface SastMatch {
+    text: string;
+    line: number;
+    column: number;
+    endLine?: number;
+    endColumn?: number;
+    captures?: Record<string, string>;
+}
+export interface SastContext {
+    filePath: string;
+    content: string;
+    language: string;
+    parser?: any;
+    tree?: any;
+}
+export interface SastFinding {
+    rule_id: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    message: string;
+    location: {
+        file: string;
+        line: number;
+        column?: number;
+    };
+    remediation?: string;
+    excerpt?: string;
+}
+/**
+ * Get all registered rules
+ */
+export declare function getAllRules(): SastRule[];
+/**
+ * Get rules for a specific language
+ */
+export declare function getRulesForLanguage(language: string): SastRule[];
+/**
+ * Get rule by ID
+ */
+export declare function getRuleById(id: string): SastRule | undefined;
+/**
+ * Execute rules synchronously (pattern matching only)
+ * This is the primary execution method for offline SAST
+ */
+export declare function executeRulesSync(filePath: string, content: string, language: string): SastFinding[];
+/**
+ * Execute rules against a file (async version with tree-sitter support)
+ * Falls back to pattern matching if tree-sitter is unavailable
+ */
+export declare function executeRules(filePath: string, content: string, language: string): Promise<SastFinding[]>;
+/**
+ * Get statistics about rules
+ */
+export declare function getRuleStats(): {
+    total: number;
+    bySeverity: Record<string, number>;
+    byLanguage: Record<string, number>;
+};

package/dist/sast/rules/java.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Java SAST Rules
+ * Detects common security vulnerabilities in Java code
+ */
+import type { SastRule } from './index';
+/**
+ * Java security rules
+ */
+export declare const javaRules: SastRule[];

package/dist/sast/rules/javascript.d.ts

@@ -0,0 +1,9 @@
+/**
+ * JavaScript/TypeScript SAST Rules
+ * Detects common security vulnerabilities in JS/TS code
+ */
+import type { SastRule } from './index';
+/**
+ * JavaScript/TypeScript security rules
+ */
+export declare const javascriptRules: SastRule[];

package/dist/sast/rules/php.d.ts

@@ -0,0 +1,9 @@
+/**
+ * PHP SAST Rules
+ * Detects common security vulnerabilities in PHP code
+ */
+import type { SastRule } from './index';
+/**
+ * PHP security rules
+ */
+export declare const phpRules: SastRule[];

package/dist/sast/rules/python.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Python SAST Rules
+ * Detects common security vulnerabilities in Python code
+ */
+import type { SastRule } from './index';
+/**
+ * Python security rules
+ */
+export declare const pythonRules: SastRule[];

package/dist/sast/semgrep.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Semgrep Integration for Tier B SAST Enhancement
+ * Provides optional Semgrep detection and invocation for advanced static analysis
+ */
+import type { SastFinding } from './rules/index.js';
+/**
+ * Semgrep CLI options
+ */
+export interface SemgrepOptions {
+    /** Files or directories to scan */
+    files: string[];
+    /** Directory containing Semgrep rules (default: .swarm/semgrep-rules/) */
+    rulesDir?: string;
+    /** Timeout in milliseconds (default: 30000) */
+    timeoutMs?: number;
+    /** Working directory for Semgrep execution */
+    cwd?: string;
+}
+/**
+ * Result from Semgrep execution
+ */
+export interface SemgrepResult {
+    /** Whether Semgrep is available on the system */
+    available: boolean;
+    /** Array of security findings from Semgrep */
+    findings: SastFinding[];
+    /** Error message if Semgrep failed */
+    error?: string;
+    /** Engine label for the findings */
+    engine: 'tier_a' | 'tier_a+tier_b';
+}
+/**
+ * Check if Semgrep CLI is available on the system
+ * Uses caching to avoid shelling out on every check
+ * @returns true if Semgrep is available, false otherwise
+ */
+export declare function isSemgrepAvailable(): boolean;
+/**
+ * Check if Semgrep is available (async version for consistency)
+ * @returns Promise resolving to availability status
+ */
+export declare function checkSemgrepAvailable(): Promise<boolean>;
+/**
+ * Reset the Semgrep availability cache (useful for testing)
+ */
+export declare function resetSemgrepCache(): void;
+/**
+ * Run Semgrep on specified files
+ * @param options - Semgrep options
+ * @returns Promise resolving to SemgrepResult
+ */
+export declare function runSemgrep(options: SemgrepOptions): Promise<SemgrepResult>;
+/**
+ * Get the default rules directory path
+ * @param projectRoot - Optional project root directory
+ * @returns Absolute path to rules directory
+ */
+export declare function getRulesDirectory(projectRoot?: string): string;
+/**
+ * Check if bundled rules directory exists
+ * @param projectRoot - Optional project root directory
+ * @returns true if rules directory exists
+ */
+export declare function hasBundledRules(projectRoot?: string): boolean;

package/dist/sbom/cyclonedx.d.ts

@@ -0,0 +1,101 @@
+/**
+ * CycloneDX SBOM Emitter
+ *
+ * Generates CycloneDX BOM format (v1.5 spec)
+ */
+import type { SbomComponent } from './detectors/index.js';
+import { type Ecosystem } from './detectors/index.js';
+/**
+ * CycloneDX Component
+ * Corresponds to a software dependency
+ */
+export interface CycloneDXComponent {
+    /** Component type */
+    type: 'library' | 'framework' | 'application';
+    /** Package name */
+    name: string;
+    /** Package version */
+    version: string;
+    /** Package URL (PURL) */
+    purl?: string;
+    /** License information */
+    licenses?: [{
+        license: {
+            id?: string;
+            name?: string;
+        };
+    }];
+}
+/**
+ * CycloneDX Metadata
+ */
+export interface CycloneDXMetadata {
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Tools used to create the BOM */
+    tools: [
+        {
+            /** Tool vendor */
+            vendor: string;
+            /** Tool name */
+            name: string;
+            /** Tool version */
+            version: string;
+        }
+    ];
+}
+/**
+ * CycloneDX BOM Document
+ * Conforms to CycloneDX v1.5 specification
+ */
+export interface CycloneDXBom {
+    /** BOM format identifier */
+    bomFormat: 'CycloneDX';
+    /** CycloneDX specification version */
+    specVersion: '1.5';
+    /** Incremental BOM version */
+    version: number;
+    /** BOM metadata */
+    metadata: CycloneDXMetadata;
+    /** List of components */
+    components: CycloneDXComponent[];
+}
+/**
+ * Options for generating CycloneDX BOM
+ */
+export interface CycloneDXOptions {
+    /** Custom tool name (default: 'sbom_generate') */
+    toolName?: string;
+    /** Custom tool version (default: '6.9.0') */
+    toolVersion?: string;
+    /** BOM version number (default: 1) */
+    bomVersion?: number;
+}
+/**
+ * Generate a CycloneDX BOM from SBOM components
+ *
+ * @param components - List of SBOM components
+ * @param options - Optional configuration
+ * @returns CycloneDX BOM object
+ */
+export declare function generateCycloneDX(components: SbomComponent[], options?: CycloneDXOptions): CycloneDXBom;
+/**
+ * Serialize a CycloneDX BOM to a JSON string
+ *
+ * @param bom - CycloneDX BOM object
+ * @returns JSON string representation
+ */
+export declare function serializeCycloneDX(bom: CycloneDXBom): string;
+/**
+ * Generate PURL for a component based on its ecosystem
+ * This is a convenience function that can be used externally
+ *
+ * @param ecosystem - The package ecosystem
+ * @param name - Package name
+ * @param version - Package version
+ * @param namespace - Optional namespace (for golang, maven, swift)
+ * @returns Package URL
+ */
+export declare function generateComponentPurl(ecosystem: Ecosystem, name: string, version: string, namespace?: string): string;
+export type { Ecosystem, SbomComponent } from './detectors/index.js';
+export { generatePurl } from './detectors/index.js';

package/dist/sbom/detectors/dart.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Dart/Flutter Detector
+ *
+ * Supports: pubspec.yaml, pubspec.lock
+ */
+import type { Detector } from './index.js';
+export declare const dartDetectors: Detector[];

package/dist/sbom/detectors/dotnet.d.ts

@@ -0,0 +1,7 @@
+/**
+ * .NET Detector
+ *
+ * Supports: packages.lock.json, paket.lock
+ */
+import type { Detector } from './index.js';
+export declare const dotnetDetectors: Detector[];

package/dist/sbom/detectors/go.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Go Detector
+ *
+ * Supports: go.mod, go.sum
+ */
+import type { Detector } from './index.js';
+export declare const goDetectors: Detector[];

package/dist/sbom/detectors/index.d.ts

@@ -0,0 +1,53 @@
+/**
+ * SBOM Detector Registry and Common Types
+ *
+ * Provides detectors for extracting dependency information from
+ * manifest and lock files across 8 ecosystems.
+ */
+export interface SbomComponent {
+    /** Package name */
+    name: string;
+    /** Package version */
+    version: string;
+    /** Component type */
+    type: 'library' | 'framework' | 'application';
+    /** Package URL (PURL) per SPDX spec */
+    purl?: string;
+    /** Detected license (best effort) */
+    license?: string;
+}
+/** Detector interface for parsing manifest/lock files */
+export interface Detector {
+    /** Human-readable detector name */
+    name: string;
+    /** File glob patterns this detector handles */
+    patterns: string[];
+    /** Parse a file and extract components */
+    detect: (filePath: string, content: string) => SbomComponent[];
+}
+/** Ecosystem identifiers */
+export type Ecosystem = 'npm' | 'pypi' | 'cargo' | 'golang' | 'maven' | 'nuget' | 'swift' | 'pub';
+/** Map of ecosystem to its detectors */
+export interface EcosystemDetector {
+    ecosystem: Ecosystem;
+    detectors: Detector[];
+}
+/**
+ * Generate a Package URL (PURL) per SPDX specification
+ * Format: pkg:<type>/<namespace>/<name>@<version>
+ */
+export declare function generatePurl(ecosystem: Ecosystem, name: string, version: string, namespace?: string): string;
+/**
+ * Detect ecosystem from file path
+ */
+export declare function detectEcosystemFromPath(filePath: string): Ecosystem | null;
+/** All registered detectors */
+export declare const allDetectors: Detector[];
+/**
+ * Find detectors matching a file path
+ */
+export declare function findDetectorsForFile(filePath: string): Detector[];
+/**
+ * Detect components from a file using appropriate detectors
+ */
+export declare function detectComponents(filePath: string, content: string): SbomComponent[];

package/dist/sbom/detectors/java.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Java Detector
+ *
+ * Supports: pom.xml, gradle.lockfile
+ */
+import type { Detector } from './index.js';
+export declare const javaDetectors: Detector[];

package/dist/sbom/detectors/nodejs.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Node.js Detector
+ *
+ * Supports: package.json, package-lock.json, yarn.lock, pnpm-lock.yaml
+ */
+import type { Detector } from './index.js';
+export declare const nodejsDetectors: Detector[];

package/dist/sbom/detectors/python.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Python Detector
+ *
+ * Supports: requirements.txt, poetry.lock, Pipfile.lock
+ */
+import type { Detector } from './index.js';
+export declare const pythonDetectors: Detector[];

package/dist/sbom/detectors/rust.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Rust Detector
+ *
+ * Supports: Cargo.toml, Cargo.lock
+ */
+import type { Detector } from './index.js';
+export declare const rustDetectors: Detector[];

package/dist/sbom/detectors/swift.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Swift Detector
+ *
+ * Supports: Package.resolved
+ */
+import type { Detector } from './index.js';
+export declare const swiftDetectors: Detector[];

package/dist/services/config-doctor.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/{src/state.d.ts → state.d.ts}

@@ -6,7 +6,6 @@
  * chat.message, system-enhancer) to share state like active agents, tool call tracking,
  * and delegation chains.
  */
-export declare const MAX_DELEGATION_CHAIN_SESSIONS = 1000;
 /**
  * Represents a single tool call entry for tracking purposes
  */
@@ -109,10 +108,6 @@ export declare const swarmState: {
  * Reset all state to initial values - useful for testing
  */
 export declare function resetSwarmState(): void;
-/**
- * Ensure toolAggregates stays below the configured cap by evicting the oldest entry.
- */
-export declare function enforceToolAggregateCapacity(key: string): void;
 /**
  * Start a new agent session with initialized guardrail state.
  * Also removes any stale sessions older than staleDurationMs.

package/dist/tools/build-check.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Build Check Tool
+ *
+ * Discovers and runs build commands for various ecosystems in a project directory.
+ */
+import { tool } from '@opencode-ai/plugin';
+import type { EvidenceVerdict } from '../config/evidence-schema';
+export declare const DEFAULT_TIMEOUT_MS = 300000;
+export declare const MAX_OUTPUT_BYTES: number;
+export declare const MAX_OUTPUT_LINES = 100;
+export interface BuildCheckInput {
+    /** Scope: 'changed' or 'all' */
+    scope: 'changed' | 'all';
+    /** List of changed files when scope is 'changed' */
+    changed_files?: string[];
+    /** Mode: 'build', 'typecheck', or 'both' (default: 'both') */
+    mode?: 'build' | 'typecheck' | 'both';
+}
+export interface BuildRun {
+    kind: 'build' | 'typecheck' | 'test';
+    command: string;
+    cwd: string;
+    exit_code: number;
+    duration_ms: number;
+    stdout_tail: string;
+    stderr_tail: string;
+}
+export interface BuildCheckResult {
+    verdict: EvidenceVerdict;
+    runs: BuildRun[];
+    summary: {
+        files_scanned: number;
+        runs_count: number;
+        failed_count: number;
+        skipped_reason?: string;
+    };
+}
+/**
+ * Truncate output to last maxLines lines, but not more than maxBytes
+ */
+export declare function truncateOutput(output: string, maxLines?: number, maxBytes?: number): string;
+/**
+ * Parse command to determine its kind
+ */
+export declare function getCommandKind(command: string): 'build' | 'typecheck' | 'test';
+/**
+ * Run build check: discover and execute build commands
+ */
+export declare function runBuildCheck(workingDir: string, input: BuildCheckInput): Promise<BuildCheckResult>;
+export declare const build_check: ReturnType<typeof tool>;

package/dist/{src/tools → tools}/gitingest.d.ts

@@ -8,11 +8,10 @@ export interface GitingestArgs {
 export declare const GITINGEST_TIMEOUT_MS = 10000;
 export declare const GITINGEST_MAX_RESPONSE_BYTES = 5242880;
 export declare const GITINGEST_MAX_RETRIES = 2;
-export declare const GITINGEST_DEFAULT_ENDPOINT = "https://gitingest.com/api/ingest";
 /**
  * Fetch repository content via gitingest.com API with timeout, size guard, and retry logic
  */
-export declare function fetchGitingest(args: GitingestArgs, endpoint?: string): Promise<string>;
+export declare function fetchGitingest(args: GitingestArgs): Promise<string>;
 /**
  * Gitingest tool for fetching GitHub repository contents
  */