opencode-swarm 7.13.1 → 7.14.0

package/dist/index.js

@@ -33,7 +33,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.13.1",
+    version: "7.14.0",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -46041,6 +46041,118 @@ var init_dark_matter = __esm(() => {
   init_co_change_analyzer();
 });
 
+// src/commands/deep-dive.ts
+function sanitizeScope(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_SCOPE_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_SCOPE_LEN)}…`;
+}
+function isValidPositiveInteger(raw) {
+  if (!raw || !/^\d+$/.test(raw))
+    return false;
+  const n = Number(raw);
+  if (!Number.isFinite(n) || !Number.isInteger(n) || n < 0)
+    return false;
+  return true;
+}
+function parseArgs2(args2) {
+  const result = {
+    profile: DEFAULT_PROFILE,
+    maxExplorers: DEFAULT_MAX_EXPLORERS,
+    output: "markdown",
+    updateMain: true,
+    allowDirty: false,
+    rest: []
+  };
+  let i2 = 0;
+  while (i2 < args2.length) {
+    const token = args2[i2];
+    if (token === "--profile") {
+      if (i2 + 1 >= args2.length) {
+        return { ...result, error: `Flag "${token}" requires a value` };
+      }
+      const value = args2[++i2];
+      if (!PROFILES.has(value)) {
+        return {
+          ...result,
+          error: `Invalid profile "${value}". Must be one of: standard, security, ux, architecture, full.`
+        };
+      }
+      result.profile = value;
+    } else if (token === "--max-explorers") {
+      if (i2 + 1 >= args2.length) {
+        return { ...result, error: `Flag "${token}" requires a value` };
+      }
+      const value = args2[++i2];
+      if (!isValidPositiveInteger(value) || value.includes(".") || value.startsWith("0x") || value.startsWith("0X") || Number(value) < 1 || Number(value) > 8) {
+        return {
+          ...result,
+          error: `Invalid --max-explorers value "${value}". Must be an integer between 1 and 8.`
+        };
+      }
+      result.maxExplorers = Number(value);
+      result.maxExplorersExplicit = true;
+    } else if (token === "--json") {
+      result.output = "json";
+    } else if (token === "--skip-update") {
+      result.updateMain = false;
+    } else if (token === "--allow-dirty") {
+      result.allowDirty = true;
+    } else if (token.startsWith("--")) {
+      return { ...result, error: `Unknown flag "${token}"` };
+    } else {
+      result.rest.push(token);
+    }
+    i2++;
+  }
+  return result;
+}
+async function handleDeepDiveCommand(_directory, args2) {
+  const parsed = parseArgs2(args2);
+  if (parsed.error) {
+    return `Error: ${parsed.error}
+
+${USAGE2}`;
+  }
+  const scope = sanitizeScope(parsed.rest.join(" "));
+  if (!scope) {
+    return USAGE2;
+  }
+  if (parsed.profile === "full" && !parsed.maxExplorersExplicit) {
+    parsed.maxExplorers = FULL_PROFILE_DEFAULT_MAX_EXPLORERS;
+  }
+  const header = `[MODE: DEEP_DIVE profile=${parsed.profile} max_explorers=${parsed.maxExplorers} output=${parsed.output} update_main=${parsed.updateMain} allow_dirty=${parsed.allowDirty}] ${scope}`;
+  return header;
+}
+var MAX_SCOPE_LEN = 2000, PROFILES, DEFAULT_PROFILE = "standard", DEFAULT_MAX_EXPLORERS = 6, FULL_PROFILE_DEFAULT_MAX_EXPLORERS = 8, USAGE2 = `Usage: /swarm deep-dive <scope> [--profile standard|security|ux|architecture|full] [--max-explorers N] [--json] [--skip-update] [--allow-dirty]
+
+Run a bounded, evidence-backed deep dive on an application section.
+
+Examples:
+  /swarm deep-dive auth
+  /swarm deep dive src/commands --profile architecture
+  /swarm deep-dive "settings page" --profile ux
+  /swarm deep-dive src/security --profile security --max-explorers 5
+
+Flags:
+  --profile <name>       standard, security, ux, architecture, or full
+  --max-explorers <N>    explorer runs per wave, 1..8
+  --json                 include machine-readable JSON in the final report
+  --skip-update          skip the repo update-to-main preflight
+  --allow-dirty          allow audit to proceed with dirty worktree`;
+var init_deep_dive = __esm(() => {
+  PROFILES = new Set([
+    "standard",
+    "security",
+    "ux",
+    "architecture",
+    "full"
+  ]);
+});
+
 // src/config/cache-paths.ts
 import * as os5 from "node:os";
 import * as path25 from "node:path";
@@ -50995,7 +51107,7 @@ function validateAndSanitizeUrl(rawUrl) {
     return { error: "Invalid URL format" };
   }
 }
-function parseArgs2(args2) {
+function parseArgs3(args2) {
   const out2 = {
     plan: false,
     trace: false,
@@ -51086,24 +51198,24 @@ function parseGitRemoteUrl(remoteUrl) {
   return null;
 }
 function handleIssueCommand(_directory, args2) {
-  const parsed = parseArgs2(args2);
+  const parsed = parseArgs3(args2);
   const rawInput = parsed.rest.join(" ").trim();
   if (!rawInput) {
-    return USAGE2;
+    return USAGE3;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
   const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput);
   if (!issueInfo) {
     return `Error: Could not parse issue reference from "${rawInput}"
 
-${USAGE2}`;
+${USAGE3}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
   const result = validateAndSanitizeUrl(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
-${USAGE2}`;
+${USAGE3}`;
   }
   const flags2 = [];
   if (parsed.plan)
@@ -51115,9 +51227,9 @@ ${USAGE2}`;
   const flagsStr = flags2.length > 0 ? ` ${flags2.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN = 2048, USAGE2;
+var MAX_URL_LEN = 2048, USAGE3;
 var init_issue = __esm(() => {
-  USAGE2 = [
+  USAGE3 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
     "Ingest a GitHub issue into the swarm workflow.",
@@ -51734,7 +51846,7 @@ function validateAndSanitizeUrl2(rawUrl) {
     return { error: "Invalid URL format" };
   }
 }
-function parseArgs3(args2) {
+function parseArgs4(args2) {
   const out2 = { council: false, rest: [] };
   for (const token of args2) {
     if (token === "--council") {
@@ -51818,31 +51930,31 @@ function parseGitRemoteUrl2(remoteUrl) {
   return null;
 }
 function handlePrReviewCommand(_directory, args2) {
-  const parsed = parseArgs3(args2);
+  const parsed = parseArgs4(args2);
   const rawInput = parsed.rest.join(" ").trim();
   if (!rawInput) {
-    return USAGE3;
+    return USAGE4;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
   const prInfo = parsePrRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
   if (!prInfo) {
     return `Error: Could not parse PR reference from "${rawInput}"
 
-${USAGE3}`;
+${USAGE4}`;
   }
   const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
   const result = validateAndSanitizeUrl2(prUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
-${USAGE3}`;
+${USAGE4}`;
   }
   const councilFlag = parsed.council ? "council=true" : "council=false";
   return `[MODE: PR_REVIEW pr="${result.sanitized}" ${councilFlag}]`;
 }
-var MAX_URL_LEN2 = 2048, USAGE3;
+var MAX_URL_LEN2 = 2048, USAGE4;
 var init_pr_review = __esm(() => {
-  USAGE3 = [
+  USAGE4 = [
     "Usage: /swarm pr-review <url|owner/repo#N|N> [--council]",
     "",
     "Run a full swarm PR review on a GitHub pull request.",
@@ -57572,6 +57684,7 @@ __export(exports_commands, {
   handleEvidenceCommand: () => handleEvidenceCommand,
   handleDoctorCommand: () => handleDoctorCommand,
   handleDiagnoseCommand: () => handleDiagnoseCommand,
+  handleDeepDiveCommand: () => handleDeepDiveCommand,
   handleDarkMatterCommand: () => handleDarkMatterCommand,
   handleCurateCommand: () => handleCurateCommand,
   handleCouncilCommand: () => handleCouncilCommand,
@@ -57775,6 +57888,7 @@ var init_commands = __esm(() => {
   init_council();
   init_curate();
   init_dark_matter();
+  init_deep_dive();
   init_diagnose();
   init_doctor();
   init_evidence();
@@ -57992,6 +58106,7 @@ var init_registry = __esm(() => {
   init_council();
   init_curate();
   init_dark_matter();
+  init_deep_dive();
   init_diagnose();
   init_doctor();
   init_evidence();
@@ -58271,6 +58386,20 @@ var init_registry = __esm(() => {
       details: "Launches a structured PR review: reconstructs PR intent via obligation extraction cascade, runs 6 parallel explorer lanes (correctness, security, dependencies, docs-intent-vs-actual, tests, performance-architecture), validates findings through independent reviewer confirmation, applies critic challenge to HIGH/CRITICAL findings, synthesizes structured report. --council variant fires adversarial multi-model review. Supports full GitHub URL, owner/repo#N shorthand, or bare PR number (resolves against origin remote).",
       category: "agent"
     },
+    "deep-dive": {
+      handler: async (ctx) => handleDeepDiveCommand(ctx.directory, ctx.args),
+      description: "Launch deep codebase audit with parallel explorer waves, dual reviewers, and critic challenge [scope]",
+      args: "<scope> [--profile standard|security|ux|architecture|full] [--max-explorers 1..8] [--json] [--skip-update] [--allow-dirty]",
+      details: "Runs a read-only deep audit of the specified scope using parallel explorer waves (8-file cap per mission, ~3500 line guardrail), always 2 parallel reviewers for verification, and sequential critic challenge on HIGH/CRITICAL findings. Profiles select explorer lanes: standard (5 lanes), security, ux, architecture, full (all 8 lanes). Emits a structured findings report without mutating source code.",
+      category: "agent"
+    },
+    "deep dive": {
+      handler: async (ctx) => handleDeepDiveCommand(ctx.directory, ctx.args),
+      description: "Alias for /swarm deep-dive — launch deep codebase audit",
+      args: "<scope> [--profile standard|security|ux|architecture|full] [--max-explorers 1..8] [--json] [--skip-update] [--allow-dirty]",
+      category: "agent",
+      aliasOf: "deep-dive"
+    },
     issue: {
       handler: async (ctx) => handleIssueCommand(ctx.directory, ctx.args),
       description: "Ingest a GitHub issue into the swarm workflow [url] [--plan] [--trace] [--no-repro]",
@@ -59767,7 +59896,130 @@ Do NOT share other agents' responses at this stage.
    - CITE THE STRONGEST SOURCES: link key claims with [title](url) format from the source list in the synthesis. Pick the most reputable source per claim; do not cite duplicates.
    - BE CONCISE: a few short paragraphs plus a bulleted summary. Expand only when the question genuinely requires it.
    - HARD CONSTRAINTS: You MUST NOT invent claims not present in the council's responses. You MUST NOT add new web research. You MUST NOT favor a position based on confidence alone.
-   Preface the answer with one line listing the participating models (reviewer model as generalist, critic model as skeptic, SME model as domain expert). Do NOT present raw per-member JSON.
+    Preface the answer with one line listing the participating models (reviewer model as generalist, critic model as skeptic, SME model as domain expert). Do NOT present raw per-member JSON.
+
+### MODE: DEEP_DIVE
+Activates when: architect receives \`[MODE: DEEP_DIVE profile=X max_explorers=N output=X update_main=X allow_dirty=X] <scope>\` signal from the deep-dive command handler.
+
+Purpose: Perform a read-only deep audit of the specified codebase scope using parallel explorer waves, always 2 parallel reviewers, and sequential critic challenge. This mode does NOT mutate source code, does NOT delegate to coder, and does NOT call declare_scope.
+
+#### STEP 0 — PARSE HEADER
+Parse the MODE: DEEP_DIVE header to extract:
+- \`scope\`: the codebase area to audit (e.g., "auth", "payment flow", "src/hooks/")
+- \`profile\`: one of standard | security | ux | architecture | full (default: standard)
+- \`max_explorers\`: integer 1..8 (default: 6, or 8 for full profile)
+- \`output\`: markdown | json (default: markdown)
+- \`update_main\`: boolean (default: true) — whether to fetch/ff-only main before starting
+- \`allow_dirty\`: boolean (default: false) — whether to proceed with uncommitted changes
+
+If the header is malformed or missing required fields, report the error and stop.
+
+#### STEP 1 — REPO READINESS
+1. Check git working tree status. If dirty and \`allow_dirty\` is false, warn the user and ask whether to proceed. Do NOT proceed automatically.
+2. If \`update_main\` is true and tree is clean: check current branch. If not on \`main\`, report current branch to user and ASK FOR CONFIRMATION before switching. Only after explicit user approval: \`git fetch origin main && git checkout main && git merge --ff-only origin/main\`. If ff-only fails, warn the user and ask before proceeding.
+3. Record the current HEAD commit hash for the report.
+
+#### STEP 2 — SCOPE RESOLUTION
+Use the following tools to map the audit scope:
+1. \`repo_map\` with action "build" to establish the code graph
+2. \`repo_map\` with action "localization" for the scope target
+3. \`symbols\` and \`batch_symbols\` on key files identified by localization
+4. \`imports\` to trace dependency boundaries
+5. \`doc_scan\` if documentation coverage is relevant
+6. \`knowledge_recall\` with query matching the scope domain
+
+Produce a SCOPE MAP: list of files, modules, and interfaces within the audit boundary. Cap at 50 files total.
+
+#### STEP 3 — EXPLORER MISSIONS (Parallel Waves)
+Dispatch explorer waves using parallel Task calls. Each wave contains up to \`max_explorers\` missions.
+
+**File caps per mission:**
+- 8 files maximum per mission
+- ~3500 total lines across all files in a mission
+- Group files by import proximity (files that import each other go in the same mission)
+
+**Profile-based lane selection — each profile activates specific lanes:**
+
+| Lane | Template | standard | security | ux | architecture | full |
+|------|----------|----------|----------|----|-------------|------|
+| SCOPE_MAP | Map structure, exports, boundaries | ✓ | ✓ | ✓ | ✓ | ✓ |
+| WIRING_DATAFLOW | Trace data flow, API contracts, state propagation | ✓ | ✓ | | ✓ | ✓ |
+| RUNTIME_BEHAVIOR | Error handling, edge cases, lifecycle, async patterns | ✓ | | | ✓ | ✓ |
+| UX_FLOW | User-facing behavior, accessibility, responsiveness | | | ✓ | | ✓ |
+| SECURITY_TRUST | Auth boundaries, input validation, trust transitions | | ✓ | | | ✓ |
+| TEST_COVERAGE | Coverage gaps, flaky tests, missing assertions | ✓ | | | | ✓ |
+| PERFORMANCE_RELIABILITY | Resource leaks, N+1 queries, race conditions | | | | ✓ | ✓ |
+| DOCS_CONFIG_DEPLOYMENT | Config consistency, docs accuracy, deployment drift | | | | | ✓ |
+
+Each explorer mission receives:
+- Lane template name and description
+- Assigned files (8 max, grouped by import proximity)
+- The scope map context from Step 2
+- Instruction: "You are performing a [LANE] audit. Report findings as candidate observations with severity (INFO/LOW/MEDIUM/HIGH/CRITICAL), location, and evidence."
+
+Explorer missions are dispatched in parallel waves. Wait for ALL missions in a wave to complete before dispatching the next wave.
+
+Explorers generate CANDIDATE FINDINGS only — they do NOT make verdicts. All findings are unverified until Step 5.
+
+#### STEP 4 — NORMALIZE CANDIDATES
+1. Collect all candidate findings from all explorer missions.
+2. Deduplicate: merge findings that reference the same location and issue.
+3. Assign DD-C001 through DD-CNNN identifiers to unique findings.
+4. Cap at 10 findings per shard (see Step 5 for sharding).
+5. Sort by severity (CRITICAL → HIGH → MEDIUM → LOW → INFO).
+
+#### STEP 5 — ALWAYS 2 PARALLEL REVIEWERS
+Split the verified candidates into 2 shards of ≤10 candidates each. Dispatch 2 parallel \`{{AGENT_PREFIX}}reviewer\` calls.
+
+Each reviewer receives:
+- Their shard of candidates (up to 10)
+- The scope map context
+- The original scope description
+- Instruction: "Verify or reject each candidate finding. For each: verdict (VERIFIED / REJECTED / NEEDS_MORE_EVIDENCE), confidence (0-1), and brief reasoning."
+
+Reviewers MUST NOT suggest fixes — they verify findings only.
+
+#### STEP 5b — REVIEWER MERGE/DEDUP
+After both reviewers return, perform a lightweight sync pass:
+1. Cross-reference findings between reviewers — flag correlations
+2. Deduplicate any findings both reviewers verified independently
+3. For NEEDS_MORE_EVIDENCE findings: if the other reviewer verified a related finding, merge
+4. Produce a unified findings list with verified/rejected status
+
+#### STEP 6 — CRITIC CHALLENGE (HIGH/CRITICAL only)
+For verified findings rated HIGH or CRITICAL, dispatch sequential critic passes:
+
+**Pass 1 — False-positive / root-cause challenge:**
+- \`{{AGENT_PREFIX}}critic\` receives each HIGH/CRITICAL finding
+- Challenge: "Is this a false positive? Is the root cause correctly identified? Provide verdict: SURVIVES / DOWNGRADE / REJECT"
+- Only findings that SURVIVE proceed to Pass 2
+
+**Pass 2 — Impact / severity challenge:**
+- \`{{AGENT_PREFIX}}critic\` receives surviving findings
+- Challenge: "Is the severity correctly rated? Could this be lower impact than claimed? Provide verdict: SURVIVES / DOWNGRADE / REJECT"
+- Final severity is the critic's assessed severity
+
+CRITICAL: Do NOT challenge MEDIUM/LOW/INFO findings. Only HIGH and CRITICAL go through critic review.
+
+#### STEP 7 — FINAL REPORT
+Assemble and present the audit report:
+
+1. **Wiring Map**: Visual summary of the scope's module structure and data flow
+2. **Functionality Assessment**: High-level summary of what the scope does and how well
+3. **Verified Findings Table**: DD-ID, severity, location, description, evidence
+4. **Rejected Candidates**: Brief list with rejection reasons
+5. **Enhancements**: Non-blocking improvement suggestions
+6. **Recommended Implementation Phases**: If findings suggest follow-up work, outline phases
+7. **JSON Block** (when output=json): Structured machine-readable findings
+
+IMPORTANT CONSTRAINTS for MODE: DEEP_DIVE:
+- Do NOT mutate source code under any circumstances
+- Do NOT delegate to coder
+- Do NOT call declare_scope
+- Do NOT create or modify any files outside .swarm/
+- No final finding may appear in the report without reviewer verification
+- Explorers generate candidate findings only — reviewers verify or reject
+- Critics challenge only HIGH/CRITICAL findings — do NOT waste cycles on lower severity
 
 ### MODE: ISSUE_INGEST
 Activates when: user invokes \`/swarm issue <url>\`; OR architect receives \`[MODE: ISSUE_INGEST issue="<url>"]\` signal.
@@ -67021,7 +67273,14 @@ __export(exports_doc_scan, {
 });
 import * as crypto7 from "node:crypto";
 import * as fs47 from "node:fs";
-import { mkdir as mkdir11, readFile as readFile11, writeFile as writeFile10 } from "node:fs/promises";
+import {
+  mkdir as mkdir11,
+  readdir as readdir5,
+  readFile as readFile11,
+  realpath as realpath2,
+  stat as stat6,
+  writeFile as writeFile10
+} from "node:fs/promises";
 import * as path70 from "node:path";
 function normalizeSeparators(filePath) {
   return filePath.replace(/\\/g, "/");
@@ -67102,8 +67361,8 @@ async function scanDocIndex(directory) {
       for (const file3 of existingManifest.files) {
         try {
           const fullPath = path70.join(directory, file3.path);
-          const stat6 = fs47.statSync(fullPath);
-          if (stat6.mtimeMs > file3.mtime) {
+          const stat7 = fs47.statSync(fullPath);
+          if (stat7.mtimeMs > file3.mtime) {
             cacheValid = false;
             break;
           }
@@ -67117,66 +67376,90 @@ async function scanDocIndex(directory) {
       }
     }
   } catch {}
+  const resolvedDirectory = await realpath2(directory).catch(() => directory);
   const discoveredFiles = [];
-  let rawEntries;
-  try {
-    rawEntries = fs47.readdirSync(directory, { recursive: true });
-  } catch {
-    const manifest2 = {
-      schema_version: 1,
-      scanned_at: new Date().toISOString(),
-      files: []
-    };
-    return { manifest: manifest2, cached: false };
-  }
-  const entries = rawEntries.filter((e) => typeof e === "string");
-  for (const entry of entries) {
-    const fullPath = path70.join(directory, entry);
-    let stat6;
+  let rootReadable = false;
+  const walkDir = async (dir) => {
+    let entries;
     try {
-      stat6 = fs47.statSync(fullPath);
+      entries = await readdir5(dir, { withFileTypes: true });
+      if (dir === directory)
+        rootReadable = true;
     } catch {
-      continue;
+      return;
     }
-    if (!stat6.isFile())
-      continue;
-    const pathParts = normalizeSeparators(entry).split("/");
-    let skipThisFile = false;
-    for (const part of pathParts) {
-      if (SKIP_DIRECTORIES3.has(part)) {
-        skipThisFile = true;
-        break;
+    for (const entry of entries) {
+      if (discoveredFiles.length >= MAX_INDEXED_FILES)
+        return;
+      const isDir = entry.isDirectory();
+      let isFile = entry.isFile();
+      if (entry.isSymbolicLink()) {
+        try {
+          const symlinkPath = path70.join(dir, entry.name);
+          const resolved = await realpath2(symlinkPath);
+          const rel = path70.relative(resolvedDirectory, resolved);
+          if (rel.startsWith("..") || path70.isAbsolute(rel))
+            continue;
+          const targetStat = await stat6(symlinkPath);
+          isFile = targetStat.isFile();
+        } catch {
+          continue;
+        }
       }
-    }
-    if (skipThisFile)
-      continue;
-    for (const pattern of SKIP_PATTERNS) {
-      if (pattern.test(entry)) {
-        skipThisFile = true;
-        break;
+      if (isDir) {
+        if (!SKIP_DIRECTORIES3.has(entry.name)) {
+          await walkDir(path70.join(dir, entry.name));
+        }
+        continue;
       }
+      if (!isFile)
+        continue;
+      const fullPath = path70.join(dir, entry.name);
+      const relPath = normalizeSeparators(path70.relative(directory, fullPath));
+      let skipThisFile = false;
+      for (const pattern of SKIP_PATTERNS) {
+        if (pattern.test(relPath)) {
+          skipThisFile = true;
+          break;
+        }
+      }
+      if (skipThisFile)
+        continue;
+      if (!matchesDocPattern(relPath, allPatterns))
+        continue;
+      let fileStat;
+      try {
+        fileStat = await stat6(fullPath);
+      } catch {
+        continue;
+      }
+      let content;
+      try {
+        content = await readFile11(fullPath, "utf-8");
+      } catch {
+        continue;
+      }
+      const { title, summary } = extractTitleAndSummary(content, path70.basename(relPath));
+      discoveredFiles.push({
+        path: relPath,
+        title,
+        summary,
+        lines: content.split(`
+`).length,
+        mtime: fileStat.mtimeMs
+      });
     }
-    if (skipThisFile)
-      continue;
-    if (!matchesDocPattern(entry, allPatterns)) {
-      continue;
-    }
-    let content;
-    try {
-      content = fs47.readFileSync(fullPath, "utf-8");
-    } catch {
-      continue;
-    }
-    const { title, summary } = extractTitleAndSummary(content, path70.basename(entry));
-    const lineCount = content.split(`
-`).length;
-    discoveredFiles.push({
-      path: entry,
-      title,
-      summary,
-      lines: lineCount,
-      mtime: stat6.mtimeMs
-    });
+  };
+  await walkDir(directory);
+  if (!rootReadable) {
+    return {
+      manifest: {
+        schema_version: 1,
+        scanned_at: new Date().toISOString(),
+        files: []
+      },
+      cached: false
+    };
   }
   discoveredFiles.sort((a, b) => a.path.toLowerCase().localeCompare(b.path.toLowerCase()));
   let truncated = false;
@@ -67325,7 +67608,13 @@ var init_doc_scan = __esm(() => {
     "dist",
     "build",
     ".next",
-    "vendor"
+    "vendor",
+    "bazel-out",
+    "bazel-bin",
+    "bazel-genfiles",
+    "bazel-testlogs",
+    ".gradle",
+    "target"
   ]);
   SKIP_PATTERNS = [/\.test\./, /\.spec\./, /\.d\.ts$/];
   CONSTRAINT_PATTERNS = [
@@ -74786,6 +75075,12 @@ function createSystemEnhancerHook(config3, directory) {
           output.system.push(text);
           injectedTokens += tokens;
         };
+        if (_input.sessionID) {
+          const sessionAgent = swarmState.activeAgent.get(_input.sessionID);
+          if (sessionAgent && OPENCODE_NATIVE_AGENTS.has(sessionAgent.toLowerCase())) {
+            return;
+          }
+        }
         const maxInjectionTokens = config3.context_budget?.max_injection_tokens ?? 4000;
         let injectedTokens = 0;
         const contextContent = await readSwarmFileAsync(directory, "context.md");
@@ -76448,22 +76743,22 @@ function classifyPathRisk(filePath, context) {
     }
   })();
   const withinProjectRoot = isWithinDirectory(absolute, context.directory) && isWithinDirectory(resolvedAbsolute, context.directory);
-  const relative15 = path72.relative(context.directory, absolute).replace(/\\/g, "/");
+  const relative16 = path72.relative(context.directory, absolute).replace(/\\/g, "/");
   let withinDeclaredScope = null;
   if (Array.isArray(context.declaredScope)) {
     withinDeclaredScope = context.declaredScope.length === 0 ? false : context.declaredScope.some((scope) => {
       const s = normalizePath3(scope);
       if (!s)
         return false;
-      return relative15 === s || relative15.startsWith(`${s}/`);
+      return relative16 === s || relative16.startsWith(`${s}/`);
     });
   }
   const highRiskBuild = HIGH_RISK_BUILD_PATHS.some((entry) => {
     const e = normalizePath3(entry);
     if (e.endsWith("/")) {
-      return relative15.startsWith(e);
+      return relative16.startsWith(e);
     }
-    return relative15 === e || relative15.startsWith(`${e}/`);
+    return relative16 === e || relative16.startsWith(`${e}/`);
   });
   return {
     withinProjectRoot,
@@ -78932,8 +79227,8 @@ async function cleanupOldTrajectoryFiles(directory, maxAgeDays = 7) {
           continue;
         const filePath = path79.join(dirPath, entry.name);
         try {
-          const stat7 = await fs57.stat(filePath);
-          if (now - stat7.mtimeMs > cutoffMs) {
+          const stat8 = await fs57.stat(filePath);
+          if (now - stat8.mtimeMs > cutoffMs) {
             await fs57.unlink(filePath);
           }
         } catch {}
@@ -80773,8 +81068,8 @@ async function executeCompletionVerify(args2, directory) {
       const normalizedPath = filePath.replace(/\\/g, "/");
       const resolvedPath = path84.resolve(directory, normalizedPath);
       const projectRoot = path84.resolve(directory);
-      const relative18 = path84.relative(projectRoot, resolvedPath);
-      const withinProject = relative18 === "" || !relative18.startsWith("..") && !path84.isAbsolute(relative18);
+      const relative19 = path84.relative(projectRoot, resolvedPath);
+      const withinProject = relative19 === "" || !relative19.startsWith("..") && !path84.isAbsolute(relative19);
       if (!withinProject) {
         blockedTasks.push({
           task_id: task.id,
@@ -80949,8 +81244,8 @@ function estimateCyclomaticComplexity(content) {
 }
 function getComplexityForFile(filePath) {
   try {
-    const stat7 = fs63.statSync(filePath);
-    if (stat7.size > MAX_FILE_SIZE_BYTES4) {
+    const stat8 = fs63.statSync(filePath);
+    if (stat8.size > MAX_FILE_SIZE_BYTES4) {
       return null;
     }
     const content = fs63.readFileSync(filePath, "utf-8");
@@ -81151,8 +81446,8 @@ async function computeDuplicationRatio(files, workingDir) {
       continue;
     }
     try {
-      const stat7 = fs63.statSync(fullPath);
-      if (stat7.size > MAX_FILE_SIZE_BYTES4) {
+      const stat8 = fs63.statSync(fullPath);
+      if (stat8.size > MAX_FILE_SIZE_BYTES4) {
         continue;
       }
       const content = fs63.readFileSync(fullPath, "utf-8");
@@ -81612,8 +81907,8 @@ async function getGitChurn(days, directory) {
 }
 function getComplexityForFile2(filePath) {
   try {
-    const stat7 = fs64.statSync(filePath);
-    if (stat7.size > MAX_FILE_SIZE_BYTES5) {
+    const stat8 = fs64.statSync(filePath);
+    if (stat8.size > MAX_FILE_SIZE_BYTES5) {
       return null;
     }
     const content = fs64.readFileSync(filePath, "utf-8");
@@ -81809,7 +82104,7 @@ import {
   appendFileSync as appendFileSync9,
   existsSync as existsSync45,
   mkdirSync as mkdirSync21,
-  readFileSync as readFileSync37,
+  readFileSync as readFileSync36,
   writeFileSync as writeFileSync14
 } from "node:fs";
 import { join as join72 } from "node:path";
@@ -81852,7 +82147,7 @@ function writeCouncilEvidence(workingDir, synthesis) {
   const existingRoot = Object.create(null);
   if (existsSync45(filePath)) {
     try {
-      const parsed = JSON.parse(readFileSync37(filePath, "utf-8"));
+      const parsed = JSON.parse(readFileSync36(filePath, "utf-8"));
       if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
         safeAssignOwnProps(existingRoot, parsed);
       }
@@ -82119,7 +82414,7 @@ function buildPhaseCouncilFeedback(phaseNumber, phaseSummary, verdict, vetoedBy,
 }
 
 // src/council/criteria-store.ts
-import { existsSync as existsSync46, mkdirSync as mkdirSync22, readFileSync as readFileSync38, writeFileSync as writeFileSync15 } from "node:fs";
+import { existsSync as existsSync46, mkdirSync as mkdirSync22, readFileSync as readFileSync37, writeFileSync as writeFileSync15 } from "node:fs";
 import { join as join73 } from "node:path";
 var COUNCIL_DIR = ".swarm/council";
 function writeCriteria(workingDir, taskId, criteria) {
@@ -82137,7 +82432,7 @@ function readCriteria(workingDir, taskId) {
   if (!existsSync46(filePath))
     return null;
   try {
-    const parsed = JSON.parse(readFileSync38(filePath, "utf-8"));
+    const parsed = JSON.parse(readFileSync37(filePath, "utf-8"));
     if (parsed && typeof parsed === "object" && typeof parsed.taskId === "string" && Array.isArray(parsed.criteria)) {
       return parsed;
     }
@@ -83785,8 +84080,8 @@ function readEvidenceFiles(evidenceDir, _cwd) {
       if (!resolvedPath.startsWith(evidenceDirResolved)) {
         continue;
       }
-      const stat7 = fs69.lstatSync(filePath);
-      if (!stat7.isFile()) {
+      const stat8 = fs69.lstatSync(filePath);
+      if (!stat8.isFile()) {
         continue;
       }
     } catch {
@@ -84470,9 +84765,9 @@ function findSourceFiles2(dir, files = [], stats = { skippedDirs: [], skippedFil
       continue;
     }
     const fullPath = path93.join(dir, entry);
-    let stat7;
+    let stat8;
     try {
-      stat7 = fs71.statSync(fullPath);
+      stat8 = fs71.statSync(fullPath);
     } catch (e) {
       stats.fileErrors.push({
         path: fullPath,
@@ -84480,9 +84775,9 @@ function findSourceFiles2(dir, files = [], stats = { skippedDirs: [], skippedFil
       });
       continue;
     }
-    if (stat7.isDirectory()) {
+    if (stat8.isDirectory()) {
       findSourceFiles2(fullPath, files, stats);
-    } else if (stat7.isFile()) {
+    } else if (stat8.isFile()) {
       const ext = path93.extname(fullPath).toLowerCase();
       if (SUPPORTED_EXTENSIONS3.includes(ext)) {
         files.push(fullPath);
@@ -84577,8 +84872,8 @@ var imports = createSwarmTool({
         if (consumers.length >= MAX_CONSUMERS)
           break;
         try {
-          const stat7 = fs71.statSync(filePath);
-          if (stat7.size > MAX_FILE_SIZE_BYTES7) {
+          const stat8 = fs71.statSync(filePath);
+          if (stat8.size > MAX_FILE_SIZE_BYTES7) {
             skippedFileCount++;
             continue;
           }
@@ -88154,8 +88449,8 @@ async function placeholderScan(input, directory) {
     }
     let content;
     try {
-      const stat7 = fs76.statSync(fullPath);
-      if (stat7.size > MAX_FILE_SIZE) {
+      const stat8 = fs76.statSync(fullPath);
+      if (stat8.size > MAX_FILE_SIZE) {
         continue;
       }
       content = fs76.readFileSync(fullPath, "utf-8");
@@ -90021,13 +90316,13 @@ function validatePath(inputPath, baseDir, workspaceDir) {
     resolved = path102.resolve(baseDir, inputPath);
   }
   const workspaceResolved = path102.resolve(workspaceDir);
-  let relative22;
+  let relative23;
   if (isWinAbs) {
-    relative22 = path102.win32.relative(workspaceResolved, resolved);
+    relative23 = path102.win32.relative(workspaceResolved, resolved);
   } else {
-    relative22 = path102.relative(workspaceResolved, resolved);
+    relative23 = path102.relative(workspaceResolved, resolved);
   }
-  if (relative22.startsWith("..")) {
+  if (relative23.startsWith("..")) {
     return "path traversal detected";
   }
   return null;
@@ -90270,14 +90565,14 @@ async function runSecretscanWithFiles(files, directory) {
         skippedFiles++;
         continue;
       }
-      let stat7;
+      let stat8;
       try {
-        stat7 = fs80.statSync(file3);
+        stat8 = fs80.statSync(file3);
       } catch {
         skippedFiles++;
         continue;
       }
-      if (stat7.size > MAX_FILE_SIZE_BYTES9) {
+      if (stat8.size > MAX_FILE_SIZE_BYTES9) {
         skippedFiles++;
         continue;
       }
@@ -91042,8 +91337,8 @@ function readTouchedFiles(evidenceDir, phase, cwd) {
   for (const entry of entries) {
     const entryPath = path104.join(evidenceDir, entry);
     try {
-      const stat7 = fs81.statSync(entryPath);
-      if (!stat7.isDirectory()) {
+      const stat8 = fs81.statSync(entryPath);
+      if (!stat8.isDirectory()) {
         continue;
       }
     } catch {
@@ -91063,11 +91358,11 @@ function readTouchedFiles(evidenceDir, phase, cwd) {
       if (!resolvedPath.startsWith(evidenceDirResolved + path104.sep)) {
         continue;
       }
-      const stat7 = fs81.lstatSync(evidenceFilePath);
-      if (!stat7.isFile()) {
+      const stat8 = fs81.lstatSync(evidenceFilePath);
+      if (!stat8.isFile()) {
         continue;
       }
-      if (stat7.size > MAX_FILE_SIZE_BYTES9) {
+      if (stat8.size > MAX_FILE_SIZE_BYTES9) {
         continue;
       }
     } catch {
@@ -91489,8 +91784,8 @@ async function executeSavePlan(args2, fallbackDir) {
   if (process.env.SWARM_SKIP_SPEC_GATE !== "1") {
     const specPath = path105.join(targetWorkspace, ".swarm", "spec.md");
     try {
-      const stat7 = await fs82.promises.stat(specPath);
-      specMtime = stat7.mtime.toISOString();
+      const stat8 = await fs82.promises.stat(specPath);
+      specMtime = stat8.mtime.toISOString();
       const content = await fs82.promises.readFile(specPath, "utf8");
       specHash = crypto10.createHash("sha256").update(content).digest("hex");
     } catch {
@@ -94266,7 +94561,7 @@ init_loader();
 import {
   existsSync as existsSync65,
   mkdirSync as mkdirSync28,
-  readFileSync as readFileSync55,
+  readFileSync as readFileSync54,
   renameSync as renameSync18,
   unlinkSync as unlinkSync14,
   writeFileSync as writeFileSync22
@@ -94403,7 +94698,7 @@ var submit_phase_council_verdicts = createSwarmTool({
 function getPhaseMutationGapFinding(phaseNumber, workingDir) {
   const mutationGatePath = path112.join(workingDir, ".swarm", "evidence", String(phaseNumber), "mutation-gate.json");
   try {
-    const raw = readFileSync55(mutationGatePath, "utf-8");
+    const raw = readFileSync54(mutationGatePath, "utf-8");
     const parsed = JSON.parse(raw);
     const gateEntry = (parsed.entries ?? []).find((entry) => entry?.type === "mutation-gate");
     if (!gateEntry) {
@@ -96027,15 +96322,15 @@ function findSourceFiles3(dir, files = []) {
       continue;
     }
     const fullPath = path118.join(dir, entry);
-    let stat7;
+    let stat8;
     try {
-      stat7 = fs90.statSync(fullPath);
+      stat8 = fs90.statSync(fullPath);
     } catch {
       continue;
     }
-    if (stat7.isDirectory()) {
+    if (stat8.isDirectory()) {
       findSourceFiles3(fullPath, files);
-    } else if (stat7.isFile()) {
+    } else if (stat8.isFile()) {
       if (isSupportedExtension(fullPath)) {
         files.push(fullPath);
       }
@@ -96132,8 +96427,8 @@ var todo_extract = createSwarmTool({
       return JSON.stringify(errorResult, null, 2);
     }
     const filesToScan = [];
-    const stat7 = fs90.statSync(scanPath);
-    if (stat7.isFile()) {
+    const stat8 = fs90.statSync(scanPath);
+    if (stat8.isFile()) {
       if (isSupportedExtension(scanPath)) {
         filesToScan.push(scanPath);
       } else {
@@ -98161,6 +98456,10 @@ async function initializeOpenCodeSwarm(ctx) {
           template: "/swarm pr-review $ARGUMENTS",
           description: "Use /swarm pr-review to launch deep PR review with multi-lane analysis"
         },
+        "swarm-deep-dive": {
+          template: "/swarm deep-dive $ARGUMENTS",
+          description: "Use /swarm deep-dive to launch a read-only deep audit with parallel explorer waves, dual reviewers, and critic challenge"
+        },
         "swarm-issue": {
           template: "/swarm issue $ARGUMENTS",
           description: "Use /swarm issue to ingest a GitHub issue into the swarm workflow"