opencode-swarm 7.0.0-beta.1 → 7.0.1

package/dist/tools/repo-graph.d.ts

@@ -0,0 +1,226 @@
+/**
+ * Repo graph storage module for persisting code dependency graphs.
+ * Stores module-level in-memory cache and safe load/save to .swarm/repo-graph.json.
+ *
+ * Security: All file operations use validateSwarmPath to reject workspace-escaping paths.
+ * Uses atomic temp+rename writes to prevent partial writes.
+ */
+/**
+ * A node in the dependency graph representing a source file.
+ */
+export interface GraphNode {
+    /** Resolved absolute path to the source file */
+    filePath: string;
+    /** Normalized module name (relative path from workspace root) */
+    moduleName: string;
+    /** Exported symbols from this file */
+    exports: string[];
+    /** Imported module specifiers */
+    imports: string[];
+    /** Language/extension of the file */
+    language: string;
+    /** Last modified timestamp */
+    mtime: string;
+}
+/**
+ * An edge in the dependency graph representing a dependency relationship.
+ */
+export interface GraphEdge {
+    /** Source file path */
+    source: string;
+    /** Target file path (resolved) */
+    target: string;
+    /** Import specifier used */
+    importSpecifier: string;
+    /** Type of import */
+    importType: 'default' | 'named' | 'namespace' | 'require' | 'sideeffect';
+}
+/**
+ * The complete dependency graph for a workspace.
+ */
+export interface RepoGraph {
+    /** Schema version for future compatibility */
+    schema_version: string;
+    /** Workspace root directory */
+    workspaceRoot: string;
+    /** Graph nodes keyed by resolved file path */
+    nodes: Record<string, GraphNode>;
+    /** Graph edges representing dependencies */
+    edges: GraphEdge[];
+    /** Graph metadata */
+    metadata: {
+        generatedAt: string;
+        generator: string;
+        nodeCount: number;
+        edgeCount: number;
+    };
+}
+/**
+ * Validate that a workspace directory is safe to use.
+ * Accepts both absolute and relative paths.
+ *
+ * @param workspace - The workspace directory (path, absolute or relative, e.g. "/home/user/project" or "my-project")
+ * @throws Error if the workspace is invalid
+ */
+export declare function validateWorkspace(workspace: string): void;
+/**
+ * Validate a graph node before adding to the graph.
+ * @param node - The node to validate
+ * @throws Error if the node is invalid
+ */
+export declare function validateGraphNode(node: GraphNode): void;
+/**
+ * Validate a graph edge before adding to the graph.
+ * @param edge - The edge to validate
+ * @throws Error if the edge is invalid
+ */
+export declare function validateGraphEdge(edge: GraphEdge): void;
+/**
+ * Resolve a module specifier relative to a source file within a workspace.
+ *
+ * CONTRACT for bare specifiers:
+ * - Bare specifiers (e.g., 'lodash', 'zod', '@scope/pkg') return null because
+ *   they require node_modules traversal to resolve, which is outside the scope
+ *   of this module's responsibilities.
+ * - Callers should treat null as "unresolvable at graph-build time" and may
+ *   defer resolution to runtime or external tools.
+ *
+ * CONTRACT for workspace format:
+ * - workspaceRoot is normally a relative path (e.g., "my-project") validated by
+ *   validateWorkspace, but when called by buildWorkspaceGraph it may be an
+ *   absolute scan root path. Both forms are accepted - the function handles
+ *   path boundary checks consistently regardless of which form is provided.
+ * - sourceFile must be an absolute path
+ * - Returns absolute path if resolved, null otherwise
+ *
+ * @param workspaceRoot - The workspace root directory (relative or absolute path)
+ * @param sourceFile - The file containing the import (absolute path)
+ * @param specifier - The module specifier from the import statement
+ * @returns Resolved absolute path or null if unresolvable
+ */
+export declare function resolveModuleSpecifier(workspaceRoot: string, sourceFile: string, specifier: string): string | null;
+/**
+ * Create an empty graph for a workspace.
+ * @param workspaceRoot - The workspace root directory
+ * @returns Empty RepoGraph structure
+ */
+export declare function createEmptyGraph(workspaceRoot: string): RepoGraph;
+/**
+ * Add or update a node in the graph.
+ * @param graph - The graph to modify
+ * @param node - The node to add/update
+ */
+export declare function upsertNode(graph: RepoGraph, node: GraphNode): void;
+/**
+ * Add an edge to the graph.
+ * @param graph - The graph to modify
+ * @param edge - The edge to add
+ */
+export declare function addEdge(graph: RepoGraph, edge: GraphEdge): void;
+/**
+ * Get the cached graph for a workspace.
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @returns The cached graph or undefined if not cached
+ */
+export declare function getCachedGraph(workspace: string): RepoGraph | undefined;
+/**
+ * Set the cached graph for a workspace.
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @param graph - The graph to cache
+ * @param mtime - Optional file mtime to track for cache invalidation
+ */
+export declare function setCachedGraph(workspace: string, graph: RepoGraph, mtime?: number): void;
+/**
+ * Mark a workspace's cache as dirty (modified since last save).
+ * @param workspace - The workspace directory (absolute or relative path)
+ */
+export declare function markDirty(workspace: string): void;
+/**
+ * Check if a workspace's cache is dirty.
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @returns True if the cache has been modified since last save
+ */
+export declare function isDirty(workspace: string): boolean;
+/**
+ * Clear the cache for a workspace.
+ * @param workspace - The workspace directory (absolute or relative path)
+ */
+export declare function clearCache(workspace: string): void;
+/**
+ * Get the validated path for the repo-graph.json file.
+ * Resolves symlinks via realpath before validation to prevent
+ * workspace-escaping attacks via symlink manipulation.
+ *
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @returns Absolute path to repo-graph.json
+ * @throws Error if path validation fails or resolved path escapes workspace
+ */
+export declare function getGraphPath(workspace: string): string;
+/**
+ * Load the graph from .swarm/repo-graph.json.
+ * Uses the in-memory cache if available, not dirty, and file mtime unchanged.
+ *
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @returns The loaded graph or null if not found
+ * @throws Error if file exists but is invalid/corrupted
+ */
+export declare function loadGraph(workspace: string): Promise<RepoGraph | null>;
+/**
+ * Save the graph to .swarm/repo-graph.json atomically.
+ * Uses temp file + rename pattern to prevent partial writes.
+ *
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @param graph - The graph to save
+ * @param options.createAtomic - If true, fails if file already exists (for atomic create)
+ * @throws Error if validation fails, write fails, or file exists when createAtomic=true
+ */
+export declare function saveGraph(workspace: string, graph: RepoGraph, options?: {
+    createAtomic?: boolean;
+}): Promise<void>;
+/**
+ * Load or create a graph for a workspace atomically.
+ * Returns existing graph or creates a new empty one.
+ * Handles concurrent creation by treating a create-fail as "graph exists".
+ *
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @returns The existing or new graph
+ */
+export declare function loadOrCreateGraph(workspace: string): Promise<RepoGraph>;
+/**
+ * Save the cached graph for a workspace if it's dirty.
+ *
+ * @param workspace - The workspace directory (absolute or relative path)
+ * @throws Error if workspace is dirty but cache is missing (inconsistent state)
+ * @throws Error if save fails
+ */
+export declare function saveIfDirty(workspace: string): Promise<void>;
+/**
+ * Build a complete dependency graph for a workspace by scanning all source files.
+ *
+ * The scan is deterministic: files are processed in sorted order, and edges
+ * are added in a stable order based on source file and import specifier.
+ *
+ * @param workspaceRoot - Workspace root directory (absolute or relative path)
+ * @param options - Optional scan configuration
+ * @param options.maxFileSizeBytes - Maximum file size to scan (default 1MB)
+ * @returns Complete RepoGraph with nodes and edges
+ * @throws Error if workspace validation fails
+ */
+export declare function buildWorkspaceGraph(workspaceRoot: string, options?: {
+    maxFileSizeBytes?: number;
+    maxFiles?: number;
+}): RepoGraph;
+/**
+ * Incrementally update the graph for a set of changed files.
+ * Re-scans only the specified files, updates their nodes and edges,
+ * and falls back to a full rebuild if the incremental pass cannot be validated.
+ *
+ * @param workspaceRoot - Workspace root directory (relative path)
+ * @param filePaths - Array of absolute file paths that changed
+ * @param options - Optional configuration
+ * @param options.forceRebuild - Force a full rebuild instead of incremental
+ * @returns Updated RepoGraph
+ */
+export declare function updateGraphForFiles(workspaceRoot: string, filePaths: string[], options?: {
+    forceRebuild?: boolean;
+}): Promise<RepoGraph>;

package/dist/tools/repo-map.d.ts

@@ -0,0 +1,2 @@
+import { createSwarmTool } from './create-tool';
+export declare const repo_map: ReturnType<typeof createSwarmTool>;

package/dist/tools/req-coverage.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Requirement coverage tool for analyzing FR requirements against touched files.
+ * Reads .swarm/spec.md for FR-### requirements and checks coverage against
+ * files touched during a phase via evidence files.
+ */
+import type { tool } from '@opencode-ai/plugin';
+declare const OBLIGATION_KEYWORDS: readonly ["MUST", "SHOULD", "SHALL"];
+type ObligationLevel = (typeof OBLIGATION_KEYWORDS)[number];
+interface Requirement {
+    id: string;
+    obligation: ObligationLevel | null;
+    text: string;
+    status: 'covered' | 'missing';
+    filesSearched: string[];
+}
+interface RequirementMatch {
+    id: string;
+    obligation: ObligationLevel | null;
+    text: string;
+}
+/**
+ * Extract all FR-### requirements from spec content.
+ * For each requirement, identifies obligation level (MUST/SHOULD/SHALL) and text.
+ */
+export declare function extractRequirements(specContent: string): RequirementMatch[];
+/**
+ * Extract obligation level (MUST/SHOULD/SHALL) and requirement text from a line.
+ */
+export declare function extractObligationAndText(id: string, lineText: string): RequirementMatch | null;
+/**
+ * Read evidence files from .swarm/evidence/{taskId}/ directory structure.
+ * Returns list of source files that were touched during the specified phase.
+ * Evidence is stored at .swarm/evidence/<taskId>/evidence.json (e.g., 1.1, 2.3.1).
+ * Only directories with numeric task IDs matching the phase prefix are processed.
+ */
+export declare function readTouchedFiles(evidenceDir: string, phase: number, cwd: string): string[];
+/**
+ * Search a file for keywords from a requirement.
+ * Returns true if any keyword is found.
+ */
+export declare function searchFileForKeywords(filePath: string, keywords: string[], cwd: string): boolean;
+/**
+ * Analyze coverage for a requirement against touched files.
+ */
+export declare function analyzeRequirementCoverage(requirement: RequirementMatch, touchedFiles: string[], cwd: string): Requirement;
+export declare const req_coverage: ReturnType<typeof tool>;
+export {};

package/dist/tools/resolve-working-directory.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Shared utility for resolving working_directory across swarm tools.
+ *
+ * Tools that read .swarm/ state (plan.json, evidence/) must resolve paths
+ * relative to the actual project root, not process.cwd(). When the MCP host's
+ * CWD differs from the project root (e.g. CWD=RAGAPPv2, project=RAGAPPv3),
+ * tools that lack a working_directory parameter silently read stale data from
+ * the wrong directory.
+ *
+ * This helper provides consistent validation and resolution, matching the
+ * pattern already used by save_plan and update_task_status.
+ */
+export interface ResolveResult {
+    success: true;
+    directory: string;
+}
+export interface ResolveError {
+    success: false;
+    message: string;
+}
+/**
+ * Resolve the effective working directory for a swarm tool.
+ *
+ * Priority: explicit working_directory param > injected directory (from createSwarmTool).
+ *
+ * When working_directory is provided, it is validated for:
+ * - Null-byte injection
+ * - Path traversal sequences (..)
+ * - Windows device paths
+ * - Existence on disk
+ *
+ * @param workingDirectory - Explicit working_directory from tool args (caller-controlled)
+ * @param fallbackDirectory - Injected directory from createSwarmTool (ctx.directory ?? process.cwd())
+ */
+export declare function resolveWorkingDirectory(workingDirectory: string | undefined | null, fallbackDirectory: string): ResolveResult | ResolveError;

package/dist/tools/resolve-working-directory.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/retrieve-summary.d.ts

@@ -0,0 +1,2 @@
+import { createSwarmTool } from './create-tool';
+export declare const retrieve_summary: ReturnType<typeof createSwarmTool>;

package/dist/tools/sast-baseline.d.ts

@@ -0,0 +1,126 @@
+/**
+ * SAST Baseline — phase-scoped snapshot of pre-existing security findings.
+ *
+ * Enables baseline diffing so only NEW findings (introduced since baseline capture)
+ * drive the fail verdict in subsequent sast_scan calls.
+ *
+ * Storage: .swarm/evidence/{phase}/sast-baseline.json
+ *   Mirrors the phase-scoped convention used by write-drift-evidence.ts and
+ *   write-hallucination-evidence.ts (path.join('evidence', String(phase), filename)
+ *   passed to validateSwarmPath).
+ *
+ * Fingerprint format (stable):
+ *   `${relFile}|${rule_id}|${sha256(3lineWindow).slice(0,16)}|#${occurrenceIndex}`
+ *
+ * Fingerprint format (unstable — file unreadable or path escapes workspace):
+ *   `${relFile}|${rule_id}|L${line}|UNSTABLE|#${occurrenceIndex}`
+ *   Unstable fingerprints are ALWAYS treated as NEW findings (fail-closed).
+ *
+ * Merge semantics:
+ *   On every capture for a set of files, ALL prior fingerprints for those files
+ *   are removed (full prune, engine-agnostic) before inserting current findings.
+ *   This prevents stale cross-engine fingerprints from causing false-pass verdicts.
+ */
+import type { SastScanFinding } from './sast-scan';
+export declare const BASELINE_SCHEMA_VERSION: "1.0.0";
+/** Maximum findings to store in baseline (heuristic — open for tuning). */
+export declare const MAX_BASELINE_FINDINGS = 2000;
+export interface SastBaselineFile {
+    schema_version: '1.0.0';
+    phase: number;
+    created_at: string;
+    updated_at: string;
+    engine: 'tier_a' | 'tier_a+tier_b';
+    /** Canonical relative paths of files indexed into this baseline. */
+    files_indexed: string[];
+    /** Fingerprint strings for all indexed findings. */
+    fingerprints: string[];
+    /** Full findings snapshot (for auditing / debugging). */
+    findings_snapshot: SastScanFinding[];
+    /** True if the snapshot was truncated at MAX_BASELINE_FINDINGS. */
+    truncated: boolean;
+}
+export type LoadBaselineResult = {
+    status: 'found';
+    fingerprints: Set<string>;
+    bundle: SastBaselineFile;
+} | {
+    status: 'not_found';
+} | {
+    status: 'invalid_schema';
+    errors: string[];
+};
+export interface FingerprintResult {
+    fingerprint: string;
+    /** False when the file was unreadable or the path escapes the workspace. */
+    stable: boolean;
+}
+export interface IndexedFinding {
+    finding: SastScanFinding;
+    index: number;
+    stable: boolean;
+    fingerprint: string;
+}
+export type CaptureResult = {
+    status: 'written';
+    path: string;
+    fingerprint_count: number;
+} | {
+    status: 'merged';
+    path: string;
+    fingerprint_count: number;
+} | {
+    status: 'error';
+    message: string;
+};
+/**
+ * Return the canonical relative path for a finding file.
+ * Mirrors the normalization in pre-check-batch.ts classifySastFindings.
+ */
+export declare function normalizeFindingPath(directory: string, file: string): string;
+/**
+ * Compute a stable or unstable fingerprint for a single finding.
+ *
+ * Stable uses a 3-line content window (N-1, N, N+1) so the fingerprint
+ * survives line-number shifts caused by insertions above the finding.
+ *
+ * Unstable is produced when the file cannot be read or the path escapes
+ * the workspace — such findings are always classified NEW (fail-closed).
+ */
+export declare function fingerprintFinding(finding: SastScanFinding, directory: string, occurrenceIndex: number): FingerprintResult;
+/**
+ * Assign occurrence indices to a batch of findings.
+ *
+ * Two findings that produce the same (relFile, rule_id, contentHash) tuple
+ * — e.g., copy-pasted vulnerable lines — receive different indices so they
+ * get distinct fingerprints and can be individually classified.
+ */
+export declare function assignOccurrenceIndices(findings: SastScanFinding[], directory: string): IndexedFinding[];
+/**
+ * Capture or merge SAST findings into the phase-scoped baseline.
+ *
+ * Merge semantics:
+ *   For every file in `scannedFiles`, ALL prior fingerprints for that file are
+ *   removed from the baseline before inserting the current scan's fingerprints.
+ *   This full-prune (engine-agnostic) prevents stale cross-engine entries from
+ *   causing false-pass verdicts on later full-engine diff scans.
+ *
+ * Severity threshold:
+ *   Callers MUST pass ALL findings regardless of severity threshold so the
+ *   baseline captures the full pre-existing surface. Threshold filtering is
+ *   the diff caller's responsibility.
+ *
+ * Idempotency:
+ *   Calling twice with identical inputs produces an identical baseline file.
+ *   Calling with a new file set adds/replaces only those files' fingerprints.
+ */
+export declare function captureOrMergeBaseline(directory: string, phase: number, findings: SastScanFinding[], engine: 'tier_a' | 'tier_a+tier_b', scannedFiles: string[], opts?: {
+    force?: boolean;
+}): Promise<CaptureResult>;
+/**
+ * Load the SAST baseline for a given phase.
+ *
+ * Returns 'not_found' when no baseline file exists (first run for phase).
+ * Returns 'invalid_schema' when the file is present but unparseable.
+ */
+export declare function loadBaseline(directory: string, phase: number): LoadBaselineResult;

package/dist/tools/sast-scan.d.ts

@@ -0,0 +1,87 @@
+/**
+ * SAST Scan Tool - Static Application Security Testing
+ * Integrates Tier A rules (offline) and optional Semgrep (Tier B)
+ */
+import type { ToolDefinition } from '@opencode-ai/plugin/tool';
+import type { PluginConfig } from '../config';
+import type { EvidenceVerdict } from '../config/evidence-schema';
+export interface SastScanInput {
+    /** List of files to scan */
+    changed_files: string[];
+    /** Minimum severity that causes failure (default: 'medium') */
+    severity_threshold?: 'low' | 'medium' | 'high' | 'critical';
+    /**
+     * When true, capture/merge a phase-scoped baseline snapshot and return
+     * status:'baseline_captured'. Subsequent scans with the same phase will
+     * diff against this baseline so only NEW findings drive the fail verdict.
+     *
+     * Capture mode ignores severity_threshold — all severities are recorded.
+     * Requires `phase` to be provided.
+     */
+    capture_baseline?: boolean;
+    /**
+     * Current phase number (positive integer, >= 1). Required when
+     * capture_baseline is true. When provided without capture_baseline, enables
+     * baseline diff mode: only findings absent from the phase baseline fail.
+     */
+    phase?: number;
+}
+export interface SastScanResult {
+    /** Overall verdict: pass if no findings above threshold, fail otherwise */
+    verdict: EvidenceVerdict;
+    /** Array of security findings */
+    findings: SastScanFinding[];
+    /** Summary information */
+    summary: {
+        /** Engine used for scanning */
+        engine: 'tier_a' | 'tier_a+tier_b';
+        /** Number of files scanned */
+        files_scanned: number;
+        /** Total number of findings */
+        findings_count: number;
+        /** Breakdown of findings by severity */
+        findings_by_severity: {
+            critical: number;
+            high: number;
+            medium: number;
+            low: number;
+        };
+    };
+    /** 'baseline_captured' when capture_baseline:true succeeded */
+    status?: 'baseline_captured' | 'baseline_merged';
+    /** Number of findings recorded in the baseline (capture mode only) */
+    finding_count?: number;
+    /** Findings NOT present in the baseline (diff mode only) */
+    new_findings?: SastScanFinding[];
+    /** Findings that match the baseline (diff mode only) */
+    pre_existing_findings?: SastScanFinding[];
+    /** True when a baseline was loaded and diff mode was active */
+    baseline_used?: boolean;
+    /** True when pre_existing_findings were truncated to fit result limits */
+    truncated_pre_existing?: boolean;
+}
+export interface SastScanFinding {
+    rule_id: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    message: string;
+    location: {
+        file: string;
+        line: number;
+        column?: number;
+    };
+    remediation?: string;
+}
+/**
+ * SAST Scan tool - Static Application Security Testing
+ * Scans changed files for security vulnerabilities using:
+ * - Tier A: Built-in pattern-based rules (always runs)
+ * - Tier B: Semgrep (optional, if available on PATH)
+ */
+export declare function sastScan(input: SastScanInput, directory: string, config?: PluginConfig): Promise<SastScanResult>;
+/**
+ * SAST Scan tool - Static Application Security Testing
+ * Scans changed files for security vulnerabilities using:
+ * - Tier A: Built-in pattern-based rules (always runs)
+ * - Tier B: Semgrep (optional, if available on PATH)
+ */
+export declare const sast_scan: ToolDefinition;

package/dist/tools/save-plan.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Save plan tool for persisting validated implementation plans.
+ * Allows the Architect agent to save structured plans to .swarm/plan.json and .swarm/plan.md.
+ */
+import type { ToolDefinition } from '@opencode-ai/plugin/tool';
+/**
+ * Arguments for the save_plan tool
+ */
+export interface SavePlanArgs {
+    title: string;
+    swarm_id: string;
+    phases: Array<{
+        id: number;
+        name: string;
+        tasks: Array<{
+            id: string;
+            description: string;
+            size?: 'small' | 'medium' | 'large';
+            depends?: string[];
+            acceptance?: string;
+        }>;
+    }>;
+    /**
+     * Must be the project root directory. When provided, it anchors all .swarm directory
+     * creation and plan file operations to the project root (issue #577).
+     * Omit to use the fallback directory (injected by createSwarmTool, typically process.cwd()).
+     */
+    working_directory?: string;
+    /**
+     * When true, all task statuses are reset to 'pending' and existing completed
+     * statuses are NOT preserved.  Use this when creating a fresh revision of a
+     * plan where prior completion state should no longer apply (e.g., re-planning
+     * after a failed phase).  Defaults to false (existing statuses preserved).
+     */
+    reset_statuses?: boolean;
+    /**
+     * Architect-facing concurrency controls for this plan.
+     * When execution_profile.locked is true the profile is immutable — subsequent
+     * save_plan calls that try to change it will be rejected (fail-closed).
+     * Omit to leave the current profile unchanged.
+     */
+    execution_profile?: {
+        parallelization_enabled?: boolean;
+        max_concurrent_tasks?: number;
+        council_parallel?: boolean;
+        locked?: boolean;
+    };
+}
+/**
+ * Result from executing save_plan
+ */
+export interface SavePlanResult {
+    success: boolean;
+    message: string;
+    plan_path?: string;
+    phases_count?: number;
+    tasks_count?: number;
+    errors?: string[];
+    warnings?: string[];
+    recovery_guidance?: string;
+    /** The resolved execution_profile that was persisted, if any. */
+    execution_profile?: {
+        parallelization_enabled: boolean;
+        max_concurrent_tasks: number;
+        council_parallel: boolean;
+        locked: boolean;
+    };
+}
+/**
+ * Detect template placeholder content (e.g., [task], [Project], [description], [N]).
+ * These patterns indicate the LLM reproduced template examples literally rather than
+ * filling in real content from the specification.
+ * @param args - The save plan arguments to validate
+ * @returns Array of issue strings describing found placeholders
+ */
+export declare function detectPlaceholderContent(args: SavePlanArgs): string[];
+/**
+ * Validate target workspace path.
+ * Rejects missing, empty, whitespace-only, and traversal-style paths.
+ * @param target - The target workspace path to validate
+ * @param source - Description of the source (for error messages)
+ * @returns Error message if invalid, undefined if valid
+ */
+export declare function validateTargetWorkspace(target: string | undefined, source: string): string | undefined;
+/**
+ * Execute the save_plan tool.
+ * Validates for placeholder content, builds a Plan object, and saves to disk.
+ * @param args - The save plan arguments
+ * @returns SavePlanResult with success status and details
+ */
+export declare function executeSavePlan(args: SavePlanArgs, fallbackDir?: string): Promise<SavePlanResult>;
+/**
+ * Tool definition for save_plan
+ */
+export declare const save_plan: ToolDefinition;

package/dist/tools/save-plan.subdirectory-rejection.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/sbom-generate.d.ts

@@ -0,0 +1,26 @@
+/**
+ * SBOM Generate Tool
+ *
+ * Generates Software Bill of Materials (SBOM) by scanning project
+ * for manifest/lock files and generating CycloneDX format output.
+ */
+import type { tool } from '@opencode-ai/plugin';
+export interface SbomGenerateInput {
+    /** Scope of the scan: 'changed' for modified files only, 'all' for entire project */
+    scope: 'changed' | 'all';
+    /** Optional output directory (default: .swarm/evidence/sbom/) */
+    output_dir?: string;
+    /** Required if scope='changed': list of changed files */
+    changed_files?: string[];
+}
+export interface SbomGenerateResult {
+    /** Verdict: 'pass' if SBOM generated successfully, 'skip' if no manifests found */
+    verdict: 'pass' | 'skip';
+    /** Array of manifest/lock file paths discovered */
+    files: string[];
+    /** Number of components in the SBOM */
+    components_count: number;
+    /** Path to the generated SBOM file */
+    output_path: string;
+}
+export declare const sbom_generate: ReturnType<typeof tool>;

package/dist/tools/schema-drift.d.ts

@@ -0,0 +1,2 @@
+import type { tool } from '@opencode-ai/plugin';
+export declare const schema_drift: ReturnType<typeof tool>;

package/dist/tools/search.adversarial.test.d.ts

@@ -0,0 +1 @@
+export {};