opencode-swarm 7.49.1 → 7.50.1

package/README.md

@@ -39,8 +39,8 @@ Most AI coding tools let one model write code and ask that same model whether th
 - 🔁 **Resumable sessions** — all state saved to `.swarm/`; pick up any project any day
 - 🌐 **20 languages** — TypeScript, Python, Go, Rust, Java, Kotlin, C/C++, C#, Ruby, Swift, Dart, PHP, JavaScript, CSS, Bash, PowerShell, INI, Regex (extending: see [docs/adding-a-language.md](docs/adding-a-language.md))
 - 🛡️ **Built-in security** — SAST, secrets scanning, dependency audit per task
+- 🔒 **Scope enforcement** — Validates write targets against declared scope with cross-process persistence, TTL expiry, and scope-aware destructive command blocking. **Handles both single-string and array-based path arguments** (`files[]`, `paths[]`, `targetFiles[]`) to prevent scope bypass via multi-file tool calls.
 - 📝 **Shell write detection** — Static analysis of POSIX/PowerShell/cmd commands to detect file writes (redirects, builtins, in-place editors, network downloads, archive extraction, git destructive ops) before execution
-- 🔒 **Scope enforcement** — Validates write targets against declared scope with cross-process persistence, TTL expiry, and scope-aware destructive command blocking
 - 🆓 **Free tier** — works with OpenCode Zen's free model roster
 - ⚙️ **Fully configurable** — override any agent's model, disable agents, tune guardrails
 

package/dist/cli/index.js

@@ -52,7 +52,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.49.1",
+    version: "7.50.1",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -16987,6 +16987,10 @@ var init_tool_metadata = __esm(() => {
     lean_turbo_status: {
       description: "returns Lean Turbo configuration and active status for the current session",
       agents: ["architect"]
+    },
+    apply_patch: {
+      description: "Apply a unified diff patch to workspace files with exact context matching, atomic writes, and path validation",
+      agents: ["coder"]
     }
   };
   TOOL_NAMES = Object.keys(TOOL_METADATA);
@@ -52410,10 +52414,33 @@ function classifyAndCluster(testResults, history) {
 }
 
 // src/test-impact/flaky-detector.ts
+function computeCombinedFlakyScore(recent) {
+  const totalRuns = recent.length;
+  if (totalRuns < 2) {
+    return { alternationCount: 0, flakyScore: 0 };
+  }
+  let alternationCount = 0;
+  let passCount = 0;
+  for (let i = 0;i < recent.length; i++) {
+    if (recent[i].result === "pass") {
+      passCount++;
+    }
+    if (i > 0 && recent[i].result !== recent[i - 1].result) {
+      alternationCount++;
+    }
+  }
+  const alternationScore = alternationCount / totalRuns;
+  const passRate = passCount / totalRuns;
+  const passRateVarianceScore = 4 * passRate * (1 - passRate);
+  return {
+    alternationCount,
+    flakyScore: (alternationScore + passRateVarianceScore) / 2
+  };
+}
 function detectFlakyTests(allHistory) {
   const grouped = new Map;
   for (const record3 of allHistory) {
-    const key = `${record3.testFile.toLowerCase()}|${record3.testName.toLowerCase()}`;
+    const key = `${record3.testFile.toLowerCase()}\x00${record3.testName.toLowerCase()}`;
     if (!grouped.has(key)) {
       grouped.set(key, {
         records: [],
@@ -52435,13 +52462,7 @@ function detectFlakyTests(allHistory) {
     if (totalRuns < 2) {
       continue;
     }
-    let alternationCount = 0;
-    for (let i = 1;i < recent.length; i++) {
-      if (recent[i].result !== recent[i - 1].result) {
-        alternationCount++;
-      }
-    }
-    const flakyScore = totalRuns >= 2 ? alternationCount / totalRuns : 0;
+    const { alternationCount, flakyScore } = computeCombinedFlakyScore(recent);
     const isQuarantined = flakyScore > FLAKY_THRESHOLD && totalRuns >= MIN_RUNS_FOR_QUARANTINE;
     const recentResults = recent.map((r) => r.result);
     const testFile = entry.originalFile;

package/dist/hooks/scope-guard.d.ts

@@ -41,3 +41,27 @@ export declare function createScopeGuardHook(config: Partial<ScopeGuardConfig>,
  * @returns true if the file is within scope, false otherwise
  */
 export declare function isFileInScope(filePath: string, scopeEntries: string[], directory?: string): boolean;
+/**
+ * Sanitize a raw file path string to prevent log injection and null-byte attacks.
+ * Replaces C0 control characters (0x00-0x1F), DEL (0x7F), C1 control characters
+ * (0x80-0x9F), and strips remaining ANSI CSI sequences.
+ *
+ * All matched control characters are replaced with underscores rather than removed,
+ * so that the resulting string can still be passed to `path.resolve()` without
+ * triggering `ERR_INVALID_ARG_VALUE` on embedded null bytes.
+ *
+ * Extracted from the original inline sanitization in the scope guard
+ * to support reuse across single-path and multi-path code paths.
+ *
+ * @param raw - The unsanitized file path string
+ * @returns The sanitized file path string safe for logging and scope matching
+ */
+declare function sanitizePath(raw: string): string;
+/**
+ * Internal implementation details exposed for unit testing.
+ * DO NOT use these in production code.
+ */
+export declare const _internals: {
+    sanitizePath: typeof sanitizePath;
+};
+export {};