opencode-swarm 7.33.0 → 7.33.1

package/dist/index.js

@@ -48,7 +48,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.33.0",
+    version: "7.33.1",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -17370,6 +17370,32 @@ async function appendLedgerEvent(directory, eventInput, options) {
   fs4.renameSync(tempPath, ledgerPath);
   return event;
 }
+async function takeSnapshotWithRetry(directory, plan, options) {
+  const MAX_RETRIES = 3;
+  const TOTAL_ATTEMPTS = 1 + MAX_RETRIES;
+  const telemetrySource = options?.source ?? "save_plan_tool";
+  const snapshotOptions = { planHashAfter: options?.planHashAfter };
+  let lastError;
+  for (let attempt = 1;attempt <= TOTAL_ATTEMPTS; attempt++) {
+    try {
+      await takeSnapshotEvent(directory, plan, snapshotOptions);
+      return;
+    } catch (err2) {
+      lastError = err2 instanceof Error ? err2 : new Error(String(err2));
+      if (attempt < TOTAL_ATTEMPTS) {
+        await new Promise((r) => setTimeout(r, 10 * 2 ** (attempt - 1)));
+      }
+    }
+  }
+  console.warn(`[takeSnapshotWithRetry] Snapshot failed after ${MAX_RETRIES} retries (${TOTAL_ATTEMPTS} attempts): ${lastError.message}`);
+  try {
+    emit("snapshot_failed", {
+      error: lastError.message,
+      retries: MAX_RETRIES,
+      source: telemetrySource
+    });
+  } catch {}
+}
 async function takeSnapshotEvent(directory, plan, options) {
   const payloadHash = computePlanHash(plan);
   const snapshotPayload = {
@@ -17603,6 +17629,7 @@ async function loadLastApprovedPlan(directory, expectedPlanId) {
 var LEDGER_SCHEMA_VERSION = "1.1.0", LEDGER_FILENAME = "plan-ledger.jsonl", PLAN_JSON_FILENAME = "plan.json", LedgerStaleWriterError;
 var init_ledger = __esm(() => {
   init_plan_schema();
+  init_telemetry();
   LedgerStaleWriterError = class LedgerStaleWriterError extends Error {
     constructor(message) {
       super(message);
@@ -17796,7 +17823,9 @@ async function loadPlan(directory) {
                 try {
                   const rebuilt = await replayFromLedger(directory);
                   if (rebuilt) {
-                    await rebuildPlan(directory, rebuilt);
+                    await rebuildPlan(directory, rebuilt, {
+                      reason: "ledger_hash_mismatch_recovery"
+                    });
                     warn("[loadPlan] Rebuilt plan from ledger. Checkpoint available at .swarm/SWARM_PLAN.md if it exists.");
                     return rebuilt;
                   }
@@ -17804,7 +17833,9 @@ async function loadPlan(directory) {
                   try {
                     const approved = await loadLastApprovedPlan(directory, currentPlanId);
                     if (approved) {
-                      await rebuildPlan(directory, approved.plan);
+                      await rebuildPlan(directory, approved.plan, {
+                        reason: "approved_snapshot_fallback"
+                      });
                       try {
                         await takeSnapshotEvent(directory, approved.plan, {
                           source: "recovery_from_approved_snapshot",
@@ -17881,7 +17912,9 @@ async function loadPlan(directory) {
           } else if (catchFirstEvent !== null && rawPlanId !== null) {
             const rebuilt = await replayFromLedger(directory);
             if (rebuilt) {
-              await rebuildPlan(directory, rebuilt);
+              await rebuildPlan(directory, rebuilt, {
+                reason: "validation_failure_recovery"
+              });
               warn("[loadPlan] Rebuilt plan from ledger after validation failure. Projection was stale.");
               return rebuilt;
             }
@@ -18242,12 +18275,9 @@ async function savePlan(directory, plan, options) {
   const SNAPSHOT_INTERVAL = 50;
   const latestSeq = await getLatestLedgerSeq(directory);
   if (latestSeq > 0 && latestSeq % SNAPSHOT_INTERVAL === 0) {
-    await takeSnapshotEvent(directory, validated, {
-      planHashAfter: hashAfter
-    }).catch((err2) => {
-      if (process.env.DEBUG_SWARM) {
-        warn(`[savePlan] Periodic snapshot write failed (non-fatal): ${err2 instanceof Error ? err2.message : String(err2)}`);
-      }
+    await takeSnapshotWithRetry(directory, validated, {
+      planHashAfter: hashAfter,
+      source: "savePlan_manager"
     });
   }
   const swarmDir = path6.resolve(directory, ".swarm");
@@ -18261,6 +18291,17 @@ async function savePlan(directory, plan, options) {
       unlinkSync(tempPath);
     } catch {}
   }
+  try {
+    const markerPath = path6.join(swarmDir, ".plan-write-marker");
+    const inProgressMarker = JSON.stringify({
+      source: "plan_manager",
+      timestamp: new Date().toISOString(),
+      phases_count: validated.phases.length,
+      tasks_count: validated.phases.reduce((sum, p) => sum + p.tasks.length, 0),
+      in_progress: true
+    });
+    await bunWrite(markerPath, inProgressMarker);
+  } catch {}
   try {
     const contentHash = computePlanContentHash(validated);
     const markdown = derivePlanMarkdown(validated);
@@ -18294,41 +18335,146 @@ ${markdown}`;
       source: "plan_manager",
       timestamp: new Date().toISOString(),
       phases_count: validated.phases.length,
-      tasks_count: tasksCount
+      tasks_count: tasksCount,
+      in_progress: false
     });
     await bunWrite(markerPath, marker);
   } catch {}
 }
-async function rebuildPlan(directory, plan) {
+async function rebuildPlan(directory, plan, options) {
   const targetPlan = plan ?? await replayFromLedger(directory);
   if (!targetPlan)
     return null;
   const swarmDir = path6.join(directory, ".swarm");
   const planPath = path6.join(swarmDir, "plan.json");
   const mdPath = path6.join(swarmDir, "plan.md");
-  const tempPlanPath = path6.join(swarmDir, `plan.json.rebuild.${Date.now()}`);
+  const tempPlanPath = path6.join(swarmDir, `plan.json.rebuild.${Date.now()}.${Math.floor(Math.random() * 1e9)}`);
   await bunWrite(tempPlanPath, JSON.stringify(targetPlan, null, 2));
   renameSync3(tempPlanPath, planPath);
-  const contentHash = computePlanContentHash(targetPlan);
-  const markdown = derivePlanMarkdown(targetPlan);
-  const markdownWithHash = `<!-- PLAN_HASH: ${contentHash} -->
-${markdown}`;
-  const tempMdPath = path6.join(swarmDir, `plan.md.rebuild.${Date.now()}`);
-  await bunWrite(tempMdPath, markdownWithHash);
-  renameSync3(tempMdPath, mdPath);
   try {
     const markerPath = path6.join(swarmDir, ".plan-write-marker");
-    const tasksCount = targetPlan.phases.reduce((sum, phase) => sum + phase.tasks.length, 0);
-    const marker = JSON.stringify({
+    const inProgressMarker = JSON.stringify({
       source: "plan_manager",
       timestamp: new Date().toISOString(),
       phases_count: targetPlan.phases.length,
-      tasks_count: tasksCount
+      tasks_count: targetPlan.phases.reduce((sum, phase) => sum + phase.tasks.length, 0),
+      in_progress: true
     });
-    await bunWrite(markerPath, marker);
+    await bunWrite(markerPath, inProgressMarker);
+  } catch {}
+  try {
+    const contentHash = computePlanContentHash(targetPlan);
+    const markdown = derivePlanMarkdown(targetPlan);
+    const markdownWithHash = `<!-- PLAN_HASH: ${contentHash} -->
+${markdown}`;
+    const tempMdPath = path6.join(swarmDir, `plan.md.rebuild.${Date.now()}.${Math.floor(Math.random() * 1e9)}`);
+    await bunWrite(tempMdPath, markdownWithHash);
+    renameSync3(tempMdPath, mdPath);
+  } finally {
+    try {
+      const markerPath = path6.join(swarmDir, ".plan-write-marker");
+      const tasksCount = targetPlan.phases.reduce((sum, phase) => sum + phase.tasks.length, 0);
+      const marker = JSON.stringify({
+        source: "plan_manager",
+        timestamp: new Date().toISOString(),
+        phases_count: targetPlan.phases.length,
+        tasks_count: tasksCount,
+        in_progress: false
+      });
+      await bunWrite(markerPath, marker);
+    } catch {}
+  }
+  try {
+    const planId = derivePlanId(targetPlan);
+    const planHashAfter = computePlanHash(targetPlan);
+    await appendLedgerEvent(directory, {
+      event_type: "plan_rebuilt",
+      source: "rebuildPlan",
+      plan_id: planId,
+      payload: {
+        reason: options?.reason ?? "ledger_replay_recovery",
+        phases_count: targetPlan.phases.length,
+        tasks_count: targetPlan.phases.reduce((sum, p) => sum + p.tasks.length, 0)
+      }
+    }, { planHashAfter });
   } catch {}
   return targetPlan;
 }
+async function closePlanTerminalState(directory, plan, options) {
+  const planId = derivePlanId(plan);
+  const validated = PlanSchema.parse(plan);
+  const hashAfter = computePlanHash(validated);
+  for (const taskId of options.closedTaskIds) {
+    let taskPhaseId;
+    for (const phase of validated.phases) {
+      if (phase.tasks.some((t) => t.id === taskId)) {
+        taskPhaseId = phase.id;
+        break;
+      }
+    }
+    const fromStatus = options.originalStatuses?.get(taskId) ?? "in_progress";
+    await appendLedgerEvent(directory, {
+      plan_id: planId,
+      event_type: "task_status_changed",
+      task_id: taskId,
+      phase_id: taskPhaseId,
+      from_status: fromStatus,
+      to_status: "closed",
+      source: "close_terminal"
+    }, { planHashAfter: hashAfter });
+  }
+  for (const phaseId of options.closedPhaseIds) {
+    await appendLedgerEvent(directory, {
+      plan_id: planId,
+      event_type: "phase_completed",
+      phase_id: phaseId,
+      source: "close_terminal"
+    }, { planHashAfter: hashAfter });
+  }
+  await takeSnapshotEvent(directory, validated, {
+    planHashAfter: hashAfter,
+    source: "close_terminal"
+  });
+  const swarmDir = path6.join(directory, ".swarm");
+  const planPath = path6.join(swarmDir, "plan.json");
+  const tempPlanPath = path6.join(swarmDir, `plan.json.close.${Date.now()}.${Math.floor(Math.random() * 1e9)}`);
+  await bunWrite(tempPlanPath, JSON.stringify(validated, null, 2));
+  renameSync3(tempPlanPath, planPath);
+  try {
+    const markerPath = path6.join(swarmDir, ".plan-write-marker");
+    const inProgressMarker = JSON.stringify({
+      source: "plan_manager_close",
+      timestamp: new Date().toISOString(),
+      phases_count: validated.phases.length,
+      tasks_count: validated.phases.reduce((sum, phase) => sum + phase.tasks.length, 0),
+      in_progress: true
+    });
+    await bunWrite(markerPath, inProgressMarker);
+  } catch {}
+  try {
+    const mdPath = path6.join(swarmDir, "plan.md");
+    const contentHash = computePlanContentHash(validated);
+    const markdown = derivePlanMarkdown(validated);
+    const markdownWithHash = `<!-- PLAN_HASH: ${contentHash} -->
+${markdown}`;
+    const mdTempPath = path6.join(swarmDir, `plan.md.close.${Date.now()}.${Math.floor(Math.random() * 1e9)}`);
+    await bunWrite(mdTempPath, markdownWithHash);
+    renameSync3(mdTempPath, mdPath);
+  } finally {
+    try {
+      const markerPath = path6.join(swarmDir, ".plan-write-marker");
+      const tasksCount = validated.phases.reduce((sum, phase) => sum + phase.tasks.length, 0);
+      const marker = JSON.stringify({
+        source: "plan_manager_close",
+        timestamp: new Date().toISOString(),
+        phases_count: validated.phases.length,
+        tasks_count: tasksCount,
+        in_progress: false
+      });
+      await bunWrite(markerPath, marker);
+    } catch {}
+  }
+}
 async function updateTaskStatus(directory, taskId, status) {
   const derivePhaseStatusFromTasks = (tasks) => {
     if (tasks.length > 0 && tasks.every((task) => task.status === "completed")) {
@@ -58844,6 +58990,12 @@ async function handleCloseCommand(directory, args2, options = {}) {
     }
   }
   if (planExists) {
+    const originalStatuses = new Map;
+    for (const phase of planData.phases ?? []) {
+      for (const task of phase.tasks ?? []) {
+        originalStatuses.set(task.id, task.status);
+      }
+    }
     const guaranteeResult = guaranteeAllPlansComplete(planData);
     for (const phaseId of guaranteeResult.closedPhaseIds) {
       if (!closedPhases.includes(phaseId)) {
@@ -58857,11 +59009,15 @@ async function handleCloseCommand(directory, args2, options = {}) {
     }
     if (!planAlreadyDone || guaranteeResult.closedPhaseIds.length > 0 || guaranteeResult.closedTaskIds.length > 0) {
       try {
-        await fs13.writeFile(planPath, JSON.stringify(planData, null, 2), "utf-8");
+        await closePlanTerminalState(directory, planData, {
+          closedPhaseIds: guaranteeResult.closedPhaseIds,
+          closedTaskIds: guaranteeResult.closedTaskIds,
+          originalStatuses
+        });
       } catch (error93) {
         const msg = error93 instanceof Error ? error93.message : String(error93);
-        warnings.push(`Failed to persist terminal plan.json state: ${msg}`);
-        console.warn("[close-command] Failed to write plan.json:", error93);
+        warnings.push(`Failed to persist terminal plan state: ${msg}`);
+        console.warn("[close-command] Failed to write terminal plan state:", error93);
       }
     }
   }
@@ -59149,6 +59305,7 @@ var init_close = __esm(() => {
   init_knowledge_curator();
   init_knowledge_store();
   init_utils2();
+  init_manager();
   init_scope_persistence();
   init_skill_improver();
   init_state();
@@ -59891,6 +60048,120 @@ function getPluginCachePaths() {
 }
 var init_cache_paths = () => {};
 
+// src/evidence/gate-bridge.ts
+async function readDurableGateEvidence(directory, taskId) {
+  try {
+    return await readTaskEvidence(directory, taskId);
+  } catch {
+    return null;
+  }
+}
+function getDurableGateEvidenceStatus(evidence) {
+  if (!evidence?.gates || typeof evidence.gates !== "object") {
+    return {
+      isComplete: false,
+      missingGates: [],
+      evidenceExists: evidence != null,
+      invalid: false
+    };
+  }
+  if (!Array.isArray(evidence.required_gates) || evidence.required_gates.length === 0) {
+    return {
+      isComplete: false,
+      missingGates: ["required_gates"],
+      evidenceExists: true,
+      invalid: false
+    };
+  }
+  const missingGates = evidence.required_gates.filter((gate) => evidence.gates[gate] == null);
+  return {
+    isComplete: missingGates.length === 0,
+    missingGates,
+    evidenceExists: true,
+    invalid: false
+  };
+}
+async function getDurableGateEvidenceStatusForTask(directory, taskId) {
+  if (!isValidTaskId(taskId)) {
+    return {
+      isComplete: false,
+      missingGates: [],
+      evidenceExists: false,
+      invalid: false
+    };
+  }
+  try {
+    return getDurableGateEvidenceStatus(readTaskEvidenceRaw(directory, taskId));
+  } catch {
+    return {
+      isComplete: false,
+      missingGates: ["invalid_gate_evidence"],
+      evidenceExists: true,
+      invalid: true
+    };
+  }
+}
+function gateEvidenceToEntry(taskId, gate, type, evidence) {
+  const gateRecord = evidence.gates[gate];
+  if (!gateRecord) {
+    return null;
+  }
+  const base = {
+    task_id: taskId,
+    timestamp: gateRecord.timestamp,
+    agent: gateRecord.agent || gate,
+    verdict: "pass",
+    summary: `Gate evidence recorded by ${gate}`,
+    metadata: { source: "durable_gate_evidence", gate }
+  };
+  if (type === "review") {
+    return {
+      ...base,
+      type,
+      risk: "low",
+      issues: []
+    };
+  }
+  if (type === "approval") {
+    return {
+      ...base,
+      type
+    };
+  }
+  return {
+    ...base,
+    type,
+    tests_passed: 0,
+    tests_failed: 0,
+    failures: []
+  };
+}
+function mergeDurableGateEntriesFromEvidence(taskId, entries, evidence) {
+  if (!evidence?.gates) {
+    return entries;
+  }
+  const merged = [...entries];
+  for (const gate of Object.keys(evidence.gates).sort()) {
+    const type = GATE_EVIDENCE_TYPE_BY_GATE[gate] ?? "approval";
+    if ((type === "review" || type === "test") && merged.some((entry2) => entry2.type === type)) {
+      continue;
+    }
+    const entry = gateEvidenceToEntry(taskId, gate, type, evidence);
+    if (entry) {
+      merged.push(entry);
+    }
+  }
+  return merged;
+}
+var GATE_EVIDENCE_TYPE_BY_GATE;
+var init_gate_bridge = __esm(() => {
+  init_gate_evidence();
+  GATE_EVIDENCE_TYPE_BY_GATE = {
+    reviewer: "review",
+    test_engineer: "test"
+  };
+});
+
 // src/services/version-check.ts
 import { existsSync as existsSync14, mkdirSync as mkdirSync10, readFileSync as readFileSync7, writeFileSync as writeFileSync4 } from "node:fs";
 import { homedir as homedir5 } from "node:os";
@@ -60038,7 +60309,21 @@ async function checkEvidenceCompleteness(directory, plan) {
   }
   if (completedTaskIds.length > 0) {
     const evidenceTaskIds = new Set(await listEvidenceTaskIds(directory));
-    const missingEvidence = completedTaskIds.filter((id) => !evidenceTaskIds.has(id));
+    const missingEvidence = [];
+    for (const id of completedTaskIds) {
+      const gateStatus = await getDurableGateEvidenceStatusForTask(directory, id);
+      if (gateStatus.isComplete) {
+        continue;
+      }
+      if (gateStatus.evidenceExists && gateStatus.missingGates.length > 0) {
+        missingEvidence.push(id);
+        continue;
+      }
+      if (evidenceTaskIds.has(id)) {
+        continue;
+      }
+      missingEvidence.push(id);
+    }
     if (missingEvidence.length === 0) {
       return {
         name: "Evidence",
@@ -60793,6 +61078,7 @@ var init_diagnose_service = __esm(() => {
   init_package();
   init_cache_paths();
   init_loader();
+  init_gate_bridge();
   init_manager2();
   init_utils2();
   init_manager();
@@ -63359,8 +63645,7 @@ function getTaskStatus(task, bundle) {
   }
   return "pending";
 }
-function isEvidenceComplete(bundle) {
-  const entries = _internals20.normalizeBundleEntries(bundle);
+function evidenceCompleteFromEntries(entries) {
   if (entries.length === 0) {
     return {
       isComplete: false,
@@ -63379,6 +63664,9 @@ function isEvidenceComplete(bundle) {
     missingEvidence: missing
   };
 }
+function isEvidenceComplete(bundle) {
+  return evidenceCompleteFromEntries(_internals20.normalizeBundleEntries(bundle));
+}
 function getTaskBlockers(task, summary, status) {
   const blockers = [];
   if (task?.blocked_reason) {
@@ -63395,11 +63683,19 @@ function getTaskBlockers(task, summary, status) {
 async function buildTaskSummary(directory, task, taskId) {
   const result = await loadEvidence(directory, taskId);
   const bundle = result.status === "found" ? result.bundle : null;
+  const gateEvidence = await readDurableGateEvidence(directory, taskId);
   const phase = task?.phase ?? 0;
   const status = _internals20.getTaskStatus(task, bundle);
-  const evidenceCheck = _internals20.isEvidenceComplete(bundle);
+  const entries = mergeDurableGateEntriesFromEvidence(taskId, _internals20.normalizeBundleEntries(bundle), gateEvidence);
+  let evidenceCheck = _internals20.evidenceCompleteFromEntries(entries);
+  if (gateEvidence) {
+    const gateStatus = getDurableGateEvidenceStatus(gateEvidence);
+    evidenceCheck = gateStatus.isComplete ? { isComplete: true, missingEvidence: [] } : {
+      isComplete: false,
+      missingEvidence: gateStatus.missingGates.map((gate) => `gate:${gate}`)
+    };
+  }
   const blockers = _internals20.getTaskBlockers(task, evidenceCheck, status);
-  const entries = _internals20.normalizeBundleEntries(bundle);
   const hasReview = entries.some((e) => e.type === "review");
   const hasTest = entries.some((e) => e.type === "test");
   const hasApproval = entries.some((e) => e.type === "approval");
@@ -63577,6 +63873,7 @@ function isAutoSummaryEnabled(automationConfig) {
 }
 var VALID_EVIDENCE_TYPES2, REQUIRED_EVIDENCE_TYPES, EVIDENCE_SUMMARY_VERSION = "1.0.0", _internals20;
 var init_evidence_summary_service = __esm(() => {
+  init_gate_bridge();
   init_manager2();
   init_manager();
   init_utils();
@@ -63594,6 +63891,7 @@ var init_evidence_summary_service = __esm(() => {
     isAutoSummaryEnabled,
     normalizeBundleEntries,
     getTaskStatus,
+    evidenceCompleteFromEntries,
     isEvidenceComplete,
     getTaskBlockers,
     buildTaskSummary,
@@ -71204,7 +71502,22 @@ async function runEvidenceCheck(dir) {
       };
     }
     const evidenceTaskIds = new Set(await listEvidenceTaskIds(dir));
-    const missingEvidence = completedTaskIds.filter((id) => !evidenceTaskIds.has(id));
+    const missingEvidence = [];
+    for (const id of completedTaskIds) {
+      const gateStatus = await getDurableGateEvidenceStatusForTask(dir, id);
+      if (gateStatus.isComplete) {
+        continue;
+      }
+      if (gateStatus.evidenceExists && gateStatus.missingGates.length > 0) {
+        missingEvidence.push(id);
+        continue;
+      }
+      if (evidenceTaskIds.has(id)) {
+        continue;
+      }
+      missingEvidence.push(id);
+    }
+    const completedWithEvidence = completedTaskIds.length - missingEvidence.length;
     if (missingEvidence.length > 0) {
       return {
         type: "evidence",
@@ -71212,7 +71525,7 @@ async function runEvidenceCheck(dir) {
         message: `${missingEvidence.length} completed task(s) missing evidence`,
         details: {
           totalCompleted: completedTaskIds.length,
-          totalWithEvidence: evidenceTaskIds.size,
+          totalWithEvidence: completedWithEvidence,
           missingTasks: missingEvidence.slice(0, 10),
           missingCount: missingEvidence.length
         },
@@ -71225,7 +71538,7 @@ async function runEvidenceCheck(dir) {
       message: `All ${completedTaskIds.length} completed tasks have evidence`,
       details: {
         totalCompleted: completedTaskIds.length,
-        totalWithEvidence: evidenceTaskIds.size
+        totalWithEvidence: completedWithEvidence
       },
       durationMs: Date.now() - startTime
     };
@@ -71456,6 +71769,7 @@ async function handlePreflightCommand(directory, _args) {
 }
 var MIN_CHECK_TIMEOUT_MS = 5000, MAX_CHECK_TIMEOUT_MS = 300000, DEFAULT_CONFIG, _internals34;
 var init_preflight_service = __esm(() => {
+  init_gate_bridge();
   init_manager2();
   init_manager();
   init_lint();
@@ -76401,121 +76715,14 @@ Do NOT share other agents' responses at this stage.
 ### MODE: DEEP_DIVE
 Activates when: architect receives \`[MODE: DEEP_DIVE profile=X max_explorers=N output=X update_main=X allow_dirty=X] <scope>\` signal from the deep-dive command handler.
 
-Purpose: Perform a read-only deep audit of the specified codebase scope using parallel explorer waves, always 2 parallel reviewers, and sequential critic challenge. This mode does NOT mutate source code, does NOT delegate to coder, and does NOT call declare_scope.
-
-#### STEP 0 — PARSE HEADER
-Parse the MODE: DEEP_DIVE header to extract:
-- \`scope\`: the codebase area to audit (e.g., "auth", "payment flow", "src/hooks/")
-- \`profile\`: one of standard | security | ux | architecture | full (default: standard)
-- \`max_explorers\`: integer 1..8 (default: 6, or 8 for full profile)
-- \`output\`: markdown | json (default: markdown)
-- \`update_main\`: boolean (default: true) — whether to fetch/ff-only main before starting
-- \`allow_dirty\`: boolean (default: false) — whether to proceed with uncommitted changes
-
-If the header is malformed or missing required fields, report the error and stop.
-
-#### STEP 1 — REPO READINESS
-1. Check git working tree status. If dirty and \`allow_dirty\` is false, warn the user and ask whether to proceed. Do NOT proceed automatically.
-2. If \`update_main\` is true and tree is clean: check current branch. If not on \`main\`, report current branch to user and ASK FOR CONFIRMATION before switching. Only after explicit user approval: \`git fetch origin main && git checkout main && git merge --ff-only origin/main\`. If ff-only fails, warn the user and ask before proceeding.
-3. Record the current HEAD commit hash for the report.
-
-#### STEP 2 — SCOPE RESOLUTION
-Use the following tools to map the audit scope:
-1. \`repo_map\` with action "build" to establish the code graph
-2. \`repo_map\` with action "localization" for the scope target
-3. \`symbols\` and \`batch_symbols\` on key files identified by localization
-4. \`imports\` to trace dependency boundaries
-5. \`doc_scan\` if documentation coverage is relevant
-6. \`knowledge_recall\` with query matching the scope domain
-
-Produce a SCOPE MAP: list of files, modules, and interfaces within the audit boundary. Cap at 50 files total.
-
-#### STEP 3 — EXPLORER MISSIONS (Parallel Waves)
-Dispatch explorer waves using parallel Task calls. Each wave contains up to \`max_explorers\` missions.
-
-**File caps per mission:**
-- 8 files maximum per mission
-- ~3500 total lines across all files in a mission
-- Group files by import proximity (files that import each other go in the same mission)
-
-**Profile-based lane selection — each profile activates specific lanes:**
-
-| Lane | Template | standard | security | ux | architecture | full |
-|------|----------|----------|----------|----|-------------|------|
-| SCOPE_MAP | Map structure, exports, boundaries | ✓ | ✓ | ✓ | ✓ | ✓ |
-| WIRING_DATAFLOW | Trace data flow, API contracts, state propagation | ✓ | ✓ | | ✓ | ✓ |
-| RUNTIME_BEHAVIOR | Error handling, edge cases, lifecycle, async patterns | ✓ | | | ✓ | ✓ |
-| UX_FLOW | User-facing behavior, accessibility, responsiveness | | | ✓ | | ✓ |
-| SECURITY_TRUST | Auth boundaries, input validation, trust transitions | | ✓ | | | ✓ |
-| TEST_COVERAGE | Coverage gaps, flaky tests, missing assertions | ✓ | | | | ✓ |
-| PERFORMANCE_RELIABILITY | Resource leaks, N+1 queries, race conditions | | | | ✓ | ✓ |
-| DOCS_CONFIG_DEPLOYMENT | Config consistency, docs accuracy, deployment drift | | | | | ✓ |
-
-Each explorer mission receives:
-- Lane template name and description
-- Assigned files (8 max, grouped by import proximity)
-- The scope map context from Step 2
-- Instruction: "You are performing a [LANE] audit. Report findings as candidate observations with severity (INFO/LOW/MEDIUM/HIGH/CRITICAL), location, and evidence."
-
-Explorer missions are dispatched in parallel waves. Wait for ALL missions in a wave to complete before dispatching the next wave.
-
-Explorers generate CANDIDATE FINDINGS only — they do NOT make verdicts. All findings are unverified until Step 5.
-
-#### STEP 4 — NORMALIZE CANDIDATES
-1. Collect all candidate findings from all explorer missions.
-2. Deduplicate: merge findings that reference the same location and issue.
-3. Assign DD-C001 through DD-CNNN identifiers to unique findings.
-4. Cap at 10 findings per shard (see Step 5 for sharding).
-5. Sort by severity (CRITICAL → HIGH → MEDIUM → LOW → INFO).
-
-#### STEP 5 — ALWAYS 2 PARALLEL REVIEWERS
-Split the verified candidates into 2 shards of ≤10 candidates each. Dispatch 2 parallel \`{{AGENT_PREFIX}}reviewer\` calls.
-
-Each reviewer receives:
-- Their shard of candidates (up to 10)
-- The scope map context
-- The original scope description
-- Instruction: "Verify or reject each candidate finding. For each: verdict (VERIFIED / REJECTED / NEEDS_MORE_EVIDENCE), confidence (0-1), and brief reasoning."
-
-Reviewers MUST NOT suggest fixes — they verify findings only.
-
-#### STEP 5b — REVIEWER MERGE/DEDUP
-After both reviewers return, perform a lightweight sync pass:
-1. Cross-reference findings between reviewers — flag correlations
-2. Deduplicate any findings both reviewers verified independently
-3. For NEEDS_MORE_EVIDENCE findings: if the other reviewer verified a related finding, merge
-4. Produce a unified findings list with verified/rejected status
-
-#### STEP 6 — CRITIC CHALLENGE (HIGH/CRITICAL only)
-For verified findings rated HIGH or CRITICAL, dispatch sequential critic passes:
-
-**Pass 1 — False-positive / root-cause challenge:**
-- \`{{AGENT_PREFIX}}critic\` receives each HIGH/CRITICAL finding
-- Challenge: "Is this a false positive? Is the root cause correctly identified? Provide verdict: SURVIVES / DOWNGRADE / REJECT"
-- Only findings that SURVIVE proceed to Pass 2
-
-**Pass 2 — Impact / severity challenge:**
-- \`{{AGENT_PREFIX}}critic\` receives surviving findings
-- Challenge: "Is the severity correctly rated? Could this be lower impact than claimed? Provide verdict: SURVIVES / DOWNGRADE / REJECT"
-- Final severity is the critic's assessed severity
-
-CRITICAL: Do NOT challenge MEDIUM/LOW/INFO findings. Only HIGH and CRITICAL go through critic review.
-
-#### STEP 7 — FINAL REPORT
-Assemble and present the audit report:
-
-1. **Wiring Map**: Visual summary of the scope's module structure and data flow
-2. **Functionality Assessment**: High-level summary of what the scope does and how well
-3. **Verified Findings Table**: DD-ID, severity, location, description, evidence
-4. **Rejected Candidates**: Brief list with rejection reasons
-5. **Enhancements**: Non-blocking improvement suggestions
-6. **Recommended Implementation Phases**: If findings suggest follow-up work, outline phases
-7. **JSON Block** (when output=json): Structured machine-readable findings
-
-IMPORTANT CONSTRAINTS for MODE: DEEP_DIVE:
-- Do NOT mutate source code under any circumstances
+Purpose: Read-only deep audit of the specified codebase scope using parallel explorer waves, always 2 parallel reviewers, and sequential critic challenge. This mode does NOT mutate source code, does NOT delegate to coder, and does NOT call declare_scope.
+
+ACTION: Load skill \`file:.opencode/skills/deep-dive/SKILL.md\` immediately and follow its protocol.
+
+HARD CONSTRAINTS (apply regardless of skill load success):
 - Do NOT delegate to coder
 - Do NOT call declare_scope
+- Do NOT mutate source code
 - Do NOT create or modify any files outside .swarm/
 - No final finding may appear in the report without reviewer verification
 - Explorers generate candidate findings only — reviewers verify or reject
@@ -84996,6 +85203,10 @@ class PlanSyncWorker {
       const planMtimeMs = Math.floor(planStats.mtimeMs);
       const markerContent = fs37.readFileSync(markerPath, "utf8");
       const marker = JSON.parse(markerContent);
+      if (marker.in_progress === true) {
+        log("[PlanSyncWorker] Skipping unauthorized-write check - plan write in progress");
+        return;
+      }
       const markerTimestampMs = new Date(marker.timestamp).getTime();
       if (planMtimeMs > markerTimestampMs + 5000) {
         log("[PlanSyncWorker] WARNING: plan.json may have been written outside save_plan/savePlan - unauthorized direct write suspected", { planMtimeMs, markerTimestampMs });
@@ -112516,6 +112727,9 @@ init_ledger();
 init_manager();
 init_state();
 init_create_tool();
+function executionProfilesEqual(a, b) {
+  return a.parallelization_enabled === b.parallelization_enabled && a.max_concurrent_tasks === b.max_concurrent_tasks && a.council_parallel === b.council_parallel && a.locked === b.locked;
+}
 function detectPlaceholderContent(args2) {
   const issues = [];
   const placeholderPattern = /^\[\w[\w\s]*\]$/;
@@ -112680,18 +112894,51 @@ async function executeSavePlan(args2, fallbackDir) {
           }
         }
       }
-      if (existing.execution_profile?.locked) {
-        if (args2.execution_profile !== undefined && !args2.reset_statuses) {
+      if (args2.confirm_identity_change !== true) {
+        const existingId = derivePlanId(existing);
+        const incomingId = derivePlanId({
+          swarm: args2.swarm_id,
+          title: args2.title
+        });
+        if (existingId !== incomingId) {
           return {
             success: false,
-            message: "EXECUTION_PROFILE_LOCKED: The execution_profile for this plan is locked and cannot be changed.",
+            message: "PLAN_IDENTITY_MISMATCH: The incoming plan identity does not match the existing plan. " + "To overwrite with a new identity, set confirm_identity_change: true.",
             errors: [
-              "execution_profile.locked is true — to change the profile you must first unlock it via a separate plan revision that explicitly sets locked: false, or reset the plan with reset_statuses."
+              `Existing plan identity: ${existingId} (swarm: "${existing.swarm}", title: "${existing.title}")`,
+              `Incoming plan identity: ${incomingId} (swarm: "${args2.swarm_id}", title: "${args2.title}")`
             ],
-            recovery_guidance: "Remove the execution_profile field from this save_plan call to preserve the locked profile, " + "or use reset_statuses: true to start fresh (this clears the lock). " + "Never modify execution_profile directly in plan.json."
+            recovery_guidance: "Verify the title and swarm_id match the intended plan. " + "If the identity change is intentional, retry with confirm_identity_change: true. " + "Never write .swarm/plan.json or .swarm/plan.md directly."
           };
         }
-        if (!args2.reset_statuses) {
+      }
+      if (existing.execution_profile?.locked) {
+        if (args2.execution_profile !== undefined && !args2.reset_statuses) {
+          const requestedProfile = ExecutionProfileSchema.safeParse({
+            ...existing.execution_profile,
+            ...args2.execution_profile
+          });
+          if (!requestedProfile.success) {
+            return {
+              success: false,
+              message: "Invalid execution_profile: schema validation failed",
+              errors: requestedProfile.error.issues.map((i2) => `${i2.path.join(".")}: ${i2.message}`),
+              recovery_guidance: "Check execution_profile fields: parallelization_enabled (boolean), " + "max_concurrent_tasks (integer 1-64), council_parallel (boolean), locked (boolean)."
+            };
+          }
+          if (executionProfilesEqual(existing.execution_profile, requestedProfile.data)) {
+            preservedExecutionProfile = existing.execution_profile;
+          } else {
+            return {
+              success: false,
+              message: "EXECUTION_PROFILE_LOCKED: The execution_profile for this plan is locked and cannot be changed.",
+              errors: [
+                "execution_profile.locked is true — to change the profile you must first unlock it via a separate plan revision that explicitly sets locked: false, or reset the plan with reset_statuses."
+              ],
+              recovery_guidance: "Remove the execution_profile field from this save_plan call to preserve the locked profile, " + "or use reset_statuses: true to start fresh (this clears the lock). " + "Never modify execution_profile directly in plan.json."
+            };
+          }
+        } else if (!args2.reset_statuses) {
           preservedExecutionProfile = existing.execution_profile;
         }
       } else {
@@ -112863,7 +113110,7 @@ async function executeSavePlan(args2, fallbackDir) {
       });
       const savedPlan = await loadPlanJsonOnly(dir);
       if (savedPlan) {
-        await takeSnapshotEvent(dir, savedPlan).catch(() => {});
+        await takeSnapshotWithRetry(dir, savedPlan);
       }
       if (resolvedProfile !== undefined && savedPlan) {
         const planId = derivePlanId(plan);
@@ -112961,6 +113208,7 @@ var save_plan = createSwarmTool({
     removed_task_ids: exports_external.array(exports_external.string()).optional().describe("Task IDs that are present in the prior plan but intentionally being " + "removed by this save. Every task missing from `phases` MUST be enumerated " + "here, otherwise save_plan rejects with PLAN_TASK_REMOVAL_NOT_ACKNOWLEDGED. " + "Tasks not yet finished (status pending/in_progress/blocked) MUST NOT be " + "removed without explicit user confirmation."),
     removal_reason: exports_external.string().optional().describe("Required when removed_task_ids is non-empty. Human-readable reason recorded " + "on each task_removed ledger event."),
     confirm_destructive_reset: exports_external.boolean().optional().describe("Required when reset_statuses is true AND at least one task is missing from " + "the new plan. Set true to acknowledge that the destructive reset drops " + "unfinished work. When set together with reset_statuses, save_plan auto-" + "populates removed_task_ids from the missing set."),
+    confirm_identity_change: exports_external.boolean().optional().describe("When true, allows overwriting an existing plan that has a different " + "identity (swarm_id + title). Without this flag, save_plan rejects " + "with PLAN_IDENTITY_MISMATCH if the identity differs."),
     execution_profile: exports_external.object({
       parallelization_enabled: exports_external.boolean().optional().describe("When true, enables parallel task dispatch for this plan. Default false (serial)."),
       max_concurrent_tasks: exports_external.number().int().min(1).max(64).optional().describe("Maximum tasks that may run concurrently when parallelization is enabled. Default 1."),