npm - opencode-swarm - Versions diffs - 6.84.6 → 6.84.7 - Mend

opencode-swarm 6.84.6 → 6.84.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/hooks/repo-graph-builder.d.ts +11 -3
package/dist/index.js +66 -4
package/dist/utils/gitignore-warning.d.ts +17 -0
package/package.json +1 -1

package/dist/hooks/repo-graph-builder.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@
  * Write-trigger hook that incrementally updates the graph when write tools are called.
  * Wrapped in try/catch — failures are logged but never block plugin initialization.
  */
+import { type RepoGraph } from '../tools/repo-graph';
 export interface RepoGraphBuilderHook {
     init(): Promise<void>;
     toolAfter(input: {
@@ -17,8 +18,15 @@ export interface RepoGraphBuilderHook {
     }): Promise<void>;
 }
 export interface RepoGraphDeps {
-    buildWorkspaceGraph: (workspace: string, options?: any) => any;
-    saveGraph: (workspace: string, graph: any) => Promise<void>;
-    updateGraphForFiles: (workspace: string, files: string[], options?: any) => Promise<any>;
+    buildWorkspaceGraph: (workspace: string, options?: {
+        maxFileSizeBytes?: number;
+        maxFiles?: number;
+    }) => RepoGraph;
+    saveGraph: (workspace: string, graph: RepoGraph, options?: {
+        createAtomic?: boolean;
+    }) => Promise<void>;
+    updateGraphForFiles: (workspace: string, files: string[], options?: {
+        forceRebuild?: boolean;
+    }) => Promise<RepoGraph>;
 }
 export declare function createRepoGraphBuilderHook(workspaceRoot: string, deps?: Partial<RepoGraphDeps>): RepoGraphBuilderHook;

package/dist/index.js CHANGED Viewed

@@ -23112,11 +23112,11 @@ function dcExtractPowerShellTargets(segment) {
 function redactShellCommand(cmd) {
   if (typeof cmd !== "string")
     return "";
-  let out2 = cmd.replace(/\b([A-Z_]*(?:TOKEN|SECRET|PASSWORD|PASSWD|API[_]?KEY|APIKEY|AUTH|CREDENTIAL|PRIVATE[_]?KEY|ACCESS[_]?KEY)[A-Z_0-9]*)\s*=\s*(\S+)/gi, "$1=[REDACTED]");
+  let out2 = cmd.replace(/\b([A-Z_]*(?:TOKEN|SECRET|PASSWORD|PASSWD|API[_]?KEY|APIKEY|AUTH|CREDENTIAL|PRIVATE[_]?KEY|ACCESS[_]?KEY|_KEY)[A-Z_0-9]*)\s*=\s*(\S+)/gi, "$1=[REDACTED]");
   out2 = out2.replace(/--([a-zA-Z-]*(?:token|secret|password|passwd|api[_-]?key|apikey|auth|credential|private[_-]?key|access[_-]?key)[a-zA-Z-]*)=(\S+)/gi, "--$1=[REDACTED]");
   out2 = out2.replace(/(--[a-zA-Z-]*(?:token|secret|password|passwd|api[_-]?key|apikey|auth|credential|private[_-]?key|access[_-]?key)[a-zA-Z-]*)(\s+)(?!--)(\S+)/gi, "$1$2[REDACTED]");
   out2 = out2.replace(/\b(Bearer|Basic)\s+[A-Za-z0-9+/=._-]{4,}/gi, "$1 [REDACTED]");
-  out2 = out2.replace(/(-H\s+['"]?(?:Authorization|X-API-Key|X-Auth-Token):\s*)([^'">\s][^'">\n]*)(['"]?)/gi, "$1[REDACTED]$3");
+  out2 = out2.replace(/(-H\s+['"]?(?:Authorization|X-API-Key|X-Auth-Token|[A-Za-z][A-Za-z-]*-(?:key|token|secret|auth|credential)):\s*)([^'">\s][^'">\n]*)(['"]?)/gi, "$1[REDACTED]$3");
   return out2;
 }
 function createGuardrailsHooks(directory, directoryOrConfig, config2, authorityConfig) {
@@ -62828,7 +62828,7 @@ var init_curator_drift = __esm(() => {
 // src/index.ts
 init_agents();
-import * as path103 from "path";
+import * as path104 from "path";
 // src/background/index.ts
 init_event_bus();
@@ -88084,6 +88084,67 @@ init_write_retro();
 // src/index.ts
 init_utils();
+// src/utils/gitignore-warning.ts
+import * as fs87 from "fs";
+import * as path103 from "path";
+var _gitignoreWarningEmitted = false;
+function findGitRoot(startDir) {
+  let current = startDir;
+  while (true) {
+    try {
+      const gitPath = path103.join(current, ".git");
+      const stat4 = fs87.statSync(gitPath);
+      if (stat4.isDirectory()) {
+        return current;
+      }
+    } catch {}
+    const parent = path103.dirname(current);
+    if (parent === current) {
+      return null;
+    }
+    current = parent;
+  }
+}
+function fileCoversSwarm(content) {
+  for (const rawLine of content.split(`
+`)) {
+    const line = rawLine.trim();
+    if (line.startsWith("#") || line.length === 0)
+      continue;
+    if (line === ".swarm" || line === ".swarm/")
+      return true;
+  }
+  return false;
+}
+function readFileSafe(filePath) {
+  try {
+    return fs87.readFileSync(filePath, "utf8");
+  } catch {
+    return null;
+  }
+}
+function warnIfSwarmNotGitignored(directory) {
+  if (_gitignoreWarningEmitted)
+    return;
+  try {
+    const gitRoot = findGitRoot(directory);
+    if (!gitRoot)
+      return;
+    const gitignoreContent = readFileSafe(path103.join(gitRoot, ".gitignore"));
+    if (gitignoreContent !== null && fileCoversSwarm(gitignoreContent)) {
+      _gitignoreWarningEmitted = true;
+      return;
+    }
+    const excludeContent = readFileSafe(path103.join(gitRoot, ".git", "info", "exclude"));
+    if (excludeContent !== null && fileCoversSwarm(excludeContent)) {
+      _gitignoreWarningEmitted = true;
+      return;
+    }
+    _gitignoreWarningEmitted = true;
+    console.warn('[opencode-swarm] WARNING: .swarm/ is not in your .gitignore. Shell audit logs may contain API keys. Add ".swarm/" to your .gitignore to prevent accidental commits.');
+  } catch {}
+}
 // src/utils/tool-output.ts
 function truncateToolOutput(output, maxLines, toolName, tailLines = 10) {
   if (!output) {
@@ -88130,6 +88191,7 @@ var OpenCodeSwarm = async (ctx) => {
   swarmState.opencodeClient = ctx.client;
   await loadSnapshot(ctx.directory);
   initTelemetry(ctx.directory);
+  warnIfSwarmNotGitignored(ctx.directory);
   const repoGraphHook = createRepoGraphBuilderHook(ctx.directory);
   repoGraphHook.init().catch(() => {});
   const agents = getAgentConfigs(config3, ctx.directory);
@@ -88249,7 +88311,7 @@ var OpenCodeSwarm = async (ctx) => {
     const { PreflightTriggerManager: PTM } = await Promise.resolve().then(() => (init_trigger(), exports_trigger));
     preflightTriggerManager = new PTM(automationConfig);
     const { AutomationStatusArtifact: ASA } = await Promise.resolve().then(() => (init_status_artifact(), exports_status_artifact));
-    const swarmDir = path103.resolve(ctx.directory, ".swarm");
+    const swarmDir = path104.resolve(ctx.directory, ".swarm");
     statusArtifact = new ASA(swarmDir);
     statusArtifact.updateConfig(automationConfig.mode, automationConfig.capabilities);
     if (automationConfig.capabilities?.evidence_auto_summaries === true) {

package/dist/utils/gitignore-warning.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Module-level flag so the warning fires at most once per process.
+ * Exported for test reset purposes only — do not use in production code.
+ */
+export declare let _gitignoreWarningEmitted: boolean;
+/**
+ * Reset the deduplication flag. Exposed for test isolation only.
+ */
+export declare function resetGitignoreWarningState(): void;
+/**
+ * Checks whether `.swarm/` is covered by `.gitignore` or `.git/info/exclude`
+ * in the git repo rooted at or above `directory`. If not covered, emits a
+ * single `console.warn`. Fires at most once per process.
+ *
+ * Never throws — any file-system error silently skips the check.
+ */
+export declare function warnIfSwarmNotGitignored(directory: string): void;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.84.6",
+	"version": "6.84.7",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",