opencode-swarm 7.63.0 → 7.65.0

package/dist/memory/schema.d.ts

@@ -213,9 +213,9 @@ export declare const MemoryProposalSchema: z.ZodObject<{
     rationale: z.ZodString;
     evidenceRefs: z.ZodArray<z.ZodString>;
     status: z.ZodEnum<{
-        approved: "approved";
-        rejected: "rejected";
         pending: "pending";
+        rejected: "rejected";
+        approved: "approved";
         applied: "applied";
         superseded: "superseded";
     }>;

package/dist/services/external-skill-store.d.ts

@@ -0,0 +1,96 @@
+/**
+ * External skill candidate quarantine store.
+ *
+ * Manages external skill candidates persisted as individual JSON files under
+ * `.swarm/skills/candidates/<uuid>.json`.  Each candidate goes through a
+ * quarantine lifecycle (pending → in_review → quarantined → passed/rejected →
+ * promoted/revoked) before it can be activated as a generated skill.
+ *
+ * All writes are atomic (temp-file + rename) via `atomicWriteFile` from the
+ * evidence subsystem.  File-system I/O is funnelled through `_internals` so
+ * that tests can replace individual operations without cross-module mock
+ * leakage (Bun's `mock.module` is intentionally avoided for I/O seams).
+ *
+ * Invariants:
+ *   - Candidate IDs are UUID v4 (cryptographically random), never derived from
+ *     user input, to prevent path-traversal attacks.
+ *   - `passed`, `promoted`, and `revoked` candidates are NEVER evicted.
+ *   - The store directory is derived from the injected `directory` parameter
+ *     (typically `ctx.directory`); no `process.cwd()` calls.
+ */
+import * as crypto from 'node:crypto';
+import * as fs from 'node:fs/promises';
+import type { ExternalSkillCandidate, ExternalSkillCandidateEvaluationVerdict } from '../config/schema';
+import { atomicWriteFile } from '../evidence/task-file';
+/** Configuration for the store. */
+export interface ExternalSkillStoreConfig {
+    /** Maximum number of candidates before FIFO eviction kicks in. */
+    max_candidates: number;
+}
+/** Optional filters for listing candidates. */
+export interface ExternalSkillListFilter {
+    /** Restrict to candidates with this evaluation verdict. */
+    verdict?: ExternalSkillCandidateEvaluationVerdict;
+    /** Restrict to candidates from this source type (e.g. 'github'). */
+    source_type?: string;
+    /** Restrict to candidates with this exact source URL. */
+    source_url?: string;
+    /** ISO datetime — only return candidates fetched at or after this time. */
+    since?: string;
+}
+/** Patch fields accepted by `update`. */
+export type ExternalSkillCandidatePatch = Partial<Pick<ExternalSkillCandidate, 'evaluation_verdict' | 'risk_flags' | 'evaluation_history' | 'skill_name' | 'skill_description'>>;
+/**
+ * Public interface returned by the factory function.
+ *
+ * Every method is scoped to the store directory derived at creation time.
+ */
+export interface ExternalSkillStore {
+    /** Create a new candidate and persist it atomically. */
+    add(candidate: Omit<ExternalSkillCandidate, 'id'>): Promise<ExternalSkillCandidate>;
+    /** Read a single candidate by UUID. Returns `null` if not found. */
+    get(id: string): Promise<ExternalSkillCandidate | null>;
+    /** List candidates with optional filters, sorted by `fetched_at` descending. */
+    list(filter?: ExternalSkillListFilter): Promise<ExternalSkillCandidate[]>;
+    /** Patch an existing candidate (read-modify-write). Appends to `evaluation_history`. */
+    update(id: string, patch: ExternalSkillCandidatePatch): Promise<ExternalSkillCandidate | null>;
+    /** Remove a candidate file. Returns `true` if the file existed and was deleted. */
+    delete(id: string): Promise<boolean>;
+    /**
+     * Evict the oldest `pending` or `rejected` candidates when the store
+     * exceeds `max_candidates`.  Never evicts `passed`, `promoted`, or
+     * `revoked` candidates.  Returns the number of evicted files.
+     */
+    evictIfNeeded(): Promise<number>;
+}
+/**
+ * Dependency-injection seam for testing.
+ *
+ * Tests can temporarily replace individual entries to exercise failure paths
+ * (e.g. file-not-found, permission errors) without `mock.module` leakage.
+ * Restore each entry in `afterEach` via the saved original reference.
+ */
+export declare const _internals: {
+    /** UUID generator — default is `crypto.randomUUID()`. */
+    randomUUID: typeof crypto.randomUUID;
+    /** Async filesystem operations. */
+    fs: {
+        mkdir: typeof fs.mkdir;
+        readFile: typeof fs.readFile;
+        readdir: typeof fs.readdir;
+        unlink: typeof fs.unlink;
+    };
+    /** Atomic write primitive (temp-file + rename). */
+    atomicWriteFile: typeof atomicWriteFile;
+};
+/**
+ * Create an `ExternalSkillStore` scoped to the given project root directory.
+ *
+ * The store persists candidate files under
+ * `<directory>/.swarm/skills/candidates/<uuid>.json`.
+ *
+ * @param directory — Project root (typically `ctx.directory`). Must NOT contain
+ *                   user-controlled path components.
+ * @param config   — Store configuration including capacity limits.
+ */
+export declare function createExternalSkillStore(directory: string, config: ExternalSkillStoreConfig): ExternalSkillStore;

package/dist/services/external-skill-validator.d.ts

@@ -0,0 +1,160 @@
+/**
+ * Validation gates for external skill candidates.
+ *
+ * Provides shared types and individual gate functions that scan candidate
+ * fields for security threats (prompt injection, unsafe instructions,
+ * provenance integrity).  Each gate returns a structured `ValidationGateResult`
+ * that the curation pipeline can use to block, warn, or pass a candidate.
+ *
+ * Gate 1 — `scanPromptInjection`: static regex-based detection of prompt-
+ * injection patterns, prototype pollution, script injection, and obfuscated
+ * content in candidate fields.  Severity is modulated by the candidate's trust
+ * level (FR-004).
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillCandidate } from '../config/schema';
+/** Result from a single validation gate scan. */
+export interface ValidationGateResult {
+    /** Which gate produced this result. */
+    gate: 'prompt_injection' | 'unsafe_instructions' | 'provenance_integrity';
+    /** Overall pass/fail/warn verdict. */
+    verdict: 'pass' | 'fail' | 'warn';
+    /** Individual findings from the scan. */
+    findings: ValidationFinding[];
+    /** The candidate fields that were scanned. */
+    fields_scanned: string[];
+}
+/** A single finding from a validation gate. */
+export interface ValidationFinding {
+    /** What was detected. */
+    pattern: string;
+    /** Which candidate field triggered the finding. */
+    field: string;
+    /** Human-readable description. */
+    description: string;
+    /**
+     * Severity: 'error' blocks promotion, 'warning' is advisory
+     * (unless trust_level=low).
+     */
+    severity: 'error' | 'warning';
+    /** The matched text snippet (truncated to 100 chars for safety). */
+    match: string;
+}
+/** Result of running all validation gates against a candidate. */
+export interface CandidateEvaluationResult {
+    /** Individual gate results. */
+    gate_results: ValidationGateResult[];
+    /** Aggregated verdict across all gates. */
+    overall_verdict: 'passed' | 'quarantined';
+    /** All findings from all gates combined. */
+    all_findings: ValidationFinding[];
+    /** Risk flags derived from findings (unique pattern names). */
+    risk_flags: string[];
+}
+/** Describes a single detection pattern used by the prompt-injection gate. */
+export interface PromptInjectionPattern {
+    /** Regex to test against field text. */
+    pattern: RegExp;
+    /** Human-readable name for the pattern. */
+    name: string;
+    /** Description shown in findings. */
+    description: string;
+    /** Base severity before trust-level modulation. */
+    severity: 'error' | 'warning';
+}
+/**
+ * Static regex patterns for the prompt-injection gate (FR-004).
+ *
+ * ERROR-severity patterns always block promotion.  WARNING-severity patterns
+ * are modulated by the candidate's trust level:
+ *   - trust_level='low'  → warnings promoted to errors
+ *   - trust_level='medium'/'high' → warnings stay warnings
+ */
+export declare const PROMPT_INJECTION_PATTERNS: PromptInjectionPattern[];
+/** Describes a single detection pattern used by the unsafe-instruction gate. */
+export interface UnsafeInstructionPattern {
+    /** Regex to test against field text. */
+    pattern: RegExp;
+    /** Human-readable name for the pattern. */
+    name: string;
+    /** Description shown in findings. */
+    description: string;
+    /** Base severity before trust-level modulation. */
+    severity: 'error' | 'warning';
+}
+/**
+ * Static regex patterns for the unsafe-instruction gate.
+ *
+ * Extends the DANGEROUS_COMMAND_PATTERNS and SECURITY_DEGRADING_PATTERNS from
+ * knowledge-validator.ts with additional destructive command, privilege
+ * escalation, shell execution, security bypass, and data exfiltration patterns.
+ *
+ * ERROR-severity patterns always block promotion.  WARNING-severity patterns
+ * are modulated by the candidate's trust level:
+ *   - trust_level='low'  → warnings promoted to errors
+ *   - trust_level='medium'/'high' → warnings stay warnings
+ */
+export declare const UNSAFE_INSTRUCTION_PATTERNS: UnsafeInstructionPattern[];
+/** Rate limit defaults for validation operations (FR-007). */
+export declare const VALIDATION_RATE_LIMITS: {
+    /** Maximum candidates per discovery invocation. */
+    readonly max_candidates_per_discovery: 50;
+    /** Maximum concurrent fetch operations. */
+    readonly max_concurrent_fetches: 5;
+    /** Timeout for individual fetch operations in milliseconds. */
+    readonly fetch_timeout_ms: 30000;
+};
+/**
+ * Scan an external skill candidate for prompt-injection patterns.
+ *
+ * Returns a `ValidationGateResult` with gate=`'prompt_injection'`.
+ * The verdict is modulated by `trustLevel`:
+ *   - `'low'`: warnings promoted to errors → verdict is `'fail'` if any finding.
+ *   - `'medium'`/`'high'`: warnings stay warnings → verdict is `'warn'` if only
+ *     warnings, `'fail'` if any error-severity finding.
+ */
+export declare function scanPromptInjection(candidate: ExternalSkillCandidate, trustLevel?: 'low' | 'medium' | 'high'): ValidationGateResult;
+/**
+ * Scan an external skill candidate for unsafe instruction patterns.
+ *
+ * Covers destructive commands, privilege escalation, shell execution
+ * vectors, security bypass instructions, and data exfiltration indicators.
+ *
+ * Returns a `ValidationGateResult` with gate=`'unsafe_instructions'`.
+ * The verdict is modulated by `trustLevel`:
+ *   - `'low'`: warnings promoted to errors → verdict is `'fail'` if any finding.
+ *   - `'medium'`/`'high'`: warnings stay warnings → verdict is `'warn'` if only
+ *     warnings, `'fail'` if any error-severity finding.
+ */
+export declare function scanUnsafeInstructions(candidate: ExternalSkillCandidate, trustLevel?: 'low' | 'medium' | 'high'): ValidationGateResult;
+/**
+ * Scan an external skill candidate for provenance field integrity.
+ *
+ * Validates SHA-256 hash format, fetched_at timing (not in future, not stale),
+ * source_url validity, publisher presence, and content-hash verification.
+ *
+ * Returns a `ValidationGateResult` with gate=`'provenance_integrity'`.
+ * The verdict is modulated by `trustLevel`:
+ *   - `'low'`: warnings promoted to errors → verdict is `'fail'` if any finding.
+ *   - `'medium'`/`'high'`: warnings stay warnings → verdict is `'warn'` if only
+ *     warnings, `'fail'` if any error-severity finding.
+ */
+export declare function scanProvenanceIntegrity(candidate: ExternalSkillCandidate, trustLevel?: 'low' | 'medium' | 'high', ttlDays?: number): ValidationGateResult;
+/**
+ * Run all three validation gates against a candidate and produce an
+ * aggregated evaluation result (FR-004, FR-007).
+ *
+ * Gates are run sequentially: prompt-injection → unsafe-instructions →
+ * provenance-integrity.  Any gate that returns `'fail'` causes the overall
+ * verdict to be `'quarantined'`.  Warnings are advisory unless trust_level
+ * is `'low'` (which promotes them to errors inside each gate).
+ */
+export declare function evaluateCandidate(candidate: ExternalSkillCandidate, options?: {
+    trust_level?: 'low' | 'medium' | 'high';
+    ttl_days?: number;
+}): CandidateEvaluationResult;
+export declare const _internals: {
+    getTimestamp: () => string;
+    computeSha256: (content: string) => string;
+};

package/dist/summaries/schema.d.ts

@@ -115,6 +115,16 @@ export declare const KnowledgeRecommendationSchema: z.ZodObject<{
     evidence_refs: z.ZodDefault<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;
 export type KnowledgeRecommendation = z.infer<typeof KnowledgeRecommendationSchema>;
+/**
+ * Provenance metadata for evidence: agent identity, session binding, and capture timestamp.
+ * Optional for backwards compatibility; when present and in gate mode, gates verify these fields.
+ */
+export declare const EvidenceProvenanceSchema: z.ZodObject<{
+    agent_name: z.ZodOptional<z.ZodString>;
+    session_id: z.ZodOptional<z.ZodString>;
+    captured_at: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type EvidenceProvenance = z.infer<typeof EvidenceProvenanceSchema>;
 export declare const ArchitectureSupervisorReportSchema: z.ZodObject<{
     schema_version: z.ZodLiteral<"1.0.0">;
     phase: z.ZodNumber;
@@ -144,5 +154,10 @@ export declare const ArchitectureSupervisorReportSchema: z.ZodObject<{
         evidence_refs: z.ZodDefault<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>>;
     created_at: z.ZodString;
+    provenance: z.ZodOptional<z.ZodObject<{
+        agent_name: z.ZodOptional<z.ZodString>;
+        session_id: z.ZodOptional<z.ZodString>;
+        captured_at: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 export type ArchitectureSupervisorReport = z.infer<typeof ArchitectureSupervisorReportSchema>;

package/dist/summaries/store.d.ts

@@ -43,6 +43,11 @@ export interface RawSupervisorEntry {
     verdict?: string;
     findings?: unknown[];
     knowledge_recommendations?: unknown[];
+    provenance?: {
+        agent_name?: string;
+        session_id?: string;
+        captured_at?: string;
+    };
 }
 /**
  * Read the supervisor report sidecar raw (no zod), returning the supervisor entry or

package/dist/tools/external-skill-delete.d.ts

@@ -0,0 +1,16 @@
+/**
+ * external_skill_delete — Delete an external skill candidate from the quarantine store.
+ *
+ * Removes a candidate by ID.  If the candidate was previously promoted, the
+ * promoted skill in `.opencode/skills/generated/` is NOT affected — it must be
+ * separately retired or revoked.  Returns a disabled message when
+ * external_skills.curation_enabled is false.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+};
+export declare const external_skill_delete: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-discover.d.ts

@@ -0,0 +1,21 @@
+/**
+ * external_skill_discover — Discover external skill candidates from configured sources.
+ *
+ * Fetches skill content from URLs or accepts manual imports, validates them
+ * through the security gates (prompt-injection, unsafe-instructions,
+ * provenance-integrity), and stores them as quarantined candidates in the
+ * external skill store.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    fetchContent: (_url: string, _timeoutMs: number) => Promise<{
+        content: string;
+        finalUrl: string;
+    }>;
+    getTimestamp: () => string;
+    computeSha256: (content: string) => string;
+    uuid: () => string;
+};
+export declare const external_skill_discover: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-inspect.d.ts

@@ -0,0 +1,15 @@
+/**
+ * external_skill_inspect — Inspect a specific external skill candidate by ID.
+ *
+ * Read-only tool that returns the full candidate record including provenance,
+ * skill_body, and evaluation_history.  Returns a disabled message when
+ * external_skills.curation_enabled is false.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+};
+export declare const external_skill_inspect: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-list.d.ts

@@ -0,0 +1,15 @@
+/**
+ * external_skill_list — List external skill candidates in the quarantine store.
+ *
+ * Read-only tool that returns candidate summaries filtered by evaluation verdict,
+ * source type, or date range.  Returns a disabled message when
+ * external_skills.curation_enabled is false.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+};
+export declare const external_skill_list: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-promote.d.ts

@@ -0,0 +1,20 @@
+/**
+ * external_skill_promote — Promote a validated external skill candidate to an
+ * active generated skill.
+ *
+ * Re-runs all three validation gates (TOCTOU re-validation).  Requires explicit
+ * user approval (`approver='user'`).  Writes SKILL.md to
+ * `.opencode/skills/generated/<slug>/` with provenance frontmatter.  Stamps the
+ * candidate as promoted and creates an audit record.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+    getTimestamp: () => string;
+    fileExists: (filePath: string) => Promise<boolean>;
+    writeSkillFile: (filePath: string, content: string) => Promise<void>;
+};
+export declare const external_skill_promote: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-reject.d.ts

@@ -0,0 +1,15 @@
+/**
+ * external_skill_reject — Reject an external skill candidate after evaluation.
+ *
+ * Marks a candidate as rejected with a user-provided reason.  Records the
+ * state transition in evaluation_history with timestamp, actor, and reason.
+ * Returns a disabled message when external_skills.curation_enabled is false.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+};
+export declare const external_skill_reject: ReturnType<typeof createSwarmTool>;

package/dist/tools/external-skill-revoke.d.ts

@@ -0,0 +1,17 @@
+/**
+ * external_skill_revoke — Revoke a previously promoted external skill.
+ *
+ * Atomically retires the SKILL.md from `.opencode/skills/generated/<slug>/`
+ * and stamps the candidate with evaluation_verdict: 'revoked'.  The candidate
+ * stays in quarantine for forensic audit.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import type { ExternalSkillsConfig } from '../config/schema.js';
+import { createSwarmTool } from './create-tool.js';
+export declare const _internals: {
+    loadConfig: (directory: string) => ExternalSkillsConfig | undefined;
+    getTimestamp: () => string;
+    retireSkillFile: (filePath: string) => Promise<boolean>;
+};
+export declare const external_skill_revoke: ReturnType<typeof createSwarmTool>;

package/dist/tools/index.d.ts

@@ -18,6 +18,13 @@ export { diff_summary } from './diff-summary';
 export { doc_extract, doc_scan } from './doc-scan';
 export { detect_domains } from './domain-detector';
 export { evidence_check } from './evidence-check';
+export { external_skill_delete } from './external-skill-delete';
+export { external_skill_discover } from './external-skill-discover';
+export { external_skill_inspect } from './external-skill-inspect';
+export { external_skill_list } from './external-skill-list';
+export { external_skill_promote } from './external-skill-promote';
+export { external_skill_reject } from './external-skill-reject';
+export { external_skill_revoke } from './external-skill-revoke';
 export { extract_code_blocks } from './file-extractor';
 export { get_approved_plan } from './get-approved-plan';
 export { get_qa_gate_profile } from './get-qa-gate-profile';

package/dist/tools/manifest.d.ts

@@ -108,4 +108,11 @@ export declare const TOOL_MANIFEST: {
     lean_turbo_run_phase: () => ToolDefinition;
     lean_turbo_status: () => ToolDefinition;
     apply_patch: () => ToolDefinition;
+    external_skill_discover: () => ToolDefinition;
+    external_skill_list: () => ToolDefinition;
+    external_skill_inspect: () => ToolDefinition;
+    external_skill_promote: () => ToolDefinition;
+    external_skill_reject: () => ToolDefinition;
+    external_skill_delete: () => ToolDefinition;
+    external_skill_revoke: () => ToolDefinition;
 };

package/dist/tools/plugin-registration.d.ts

@@ -10,6 +10,7 @@
  */
 import type { ToolDefinition } from '@opencode-ai/plugin/tool';
 import type { AgentDefinition } from '../agents/index.js';
+import type { PluginConfig } from '../config/index.js';
 /**
  * Construct the plugin tool object: one handler per manifest entry, with
  * `swarm_command` overridden by its dependency-injected instance.
@@ -17,5 +18,7 @@ import type { AgentDefinition } from '../agents/index.js';
  * The manifest's `swarm_command` handler is the static (no-DI) form used only
  * for derivation; the real instance needs the agent definition map, which is
  * only available at plugin-init time.
+ *
+ * Knowledge tools are conditionally excluded when config.knowledge.enabled = false.
  */
-export declare function buildPluginToolObject(agents: Record<string, AgentDefinition>): Record<string, ToolDefinition>;
+export declare function buildPluginToolObject(agents: Record<string, AgentDefinition>, config?: PluginConfig): Record<string, ToolDefinition>;

package/dist/tools/submit-phase-council-verdicts.d.ts

@@ -37,5 +37,7 @@ export declare const ArgsSchema: z.ZodObject<{
         durationMs: z.ZodNumber;
     }, z.core.$strip>>;
     working_directory: z.ZodOptional<z.ZodString>;
+    provenanceAgentName: z.ZodOptional<z.ZodString>;
+    provenanceSessionId: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 export declare const submit_phase_council_verdicts: ReturnType<typeof tool>;

package/dist/tools/tool-metadata.d.ts

@@ -363,6 +363,34 @@ export declare const TOOL_METADATA: {
         description: string;
         agents: "coder"[];
     };
+    external_skill_discover: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_list: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_inspect: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_promote: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_reject: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_delete: {
+        description: string;
+        agents: never[];
+    };
+    external_skill_revoke: {
+        description: string;
+        agents: never[];
+    };
 };
 /** Union type of all valid tool names (the metadata keys). */
 export type ToolName = keyof typeof TOOL_METADATA;

package/dist/tools/write-drift-evidence.d.ts

@@ -16,6 +16,10 @@ export interface WriteDriftEvidenceArgs {
     summary: string;
     /** Requirement coverage report from req_coverage tool */
     requirementCoverage?: string;
+    /** Agent name that produced this evidence (optional provenance) */
+    provenanceAgentName?: string;
+    /** Session ID of the agent that produced this evidence (optional provenance) */
+    provenanceSessionId?: string;
 }
 /**
  * Execute the write_drift_evidence tool.

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.63.0",
+	"version": "7.65.0",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",