opencode-swarm 7.66.0 → 7.66.2

package/.opencode/skills/swarm-pr-feedback/SKILL.md

@@ -5,6 +5,8 @@ description: >
   Use when addressing pasted PR feedback, GitHub review comments or threads,
   requested changes, CI/check failures, merge conflicts, stale PR branches, or
   PR follow-up work that must close all known issues without dropping findings.
+  Supports multi-round bot reviews (the repository's bot posts a new review
+  after every push) via the iterative pattern documented in the body.
 ---
 
 # Swarm PR Feedback
@@ -14,6 +16,51 @@ Use this skill to close known PR feedback. This is not a fresh broad PR review.
 feedback surfaces, verifies each claim, clusters related problems, fixes confirmed
 issues, validates the branch, and reports closure status for every item.
 
+## Multi-Round Bot Reviews (Iterative Pattern)
+
+The repository's bot reviewer (`hermes-pr-review` / Qwen3.6 + Gemma-4 dual-model)
+posts a new review comment after **every push** to the PR branch, not just the
+final state. Expect N rounds of review for N pushes, and budget for it.
+
+**Round N+1 deltas vs Round N:**
+- Fresh `FB-###` ledger IDs for new findings (do not reuse IDs from earlier rounds)
+- Findings from prior rounds that remain unfixed will reappear with the same evidence
+- Findings you marked DISPROVED with new evidence may reappear if the bot disagrees
+- New findings may be introduced that the prior round did not see (the bot's read scope
+  is the new commit, not the full diff history)
+
+**Operating principles for multi-round triage:**
+
+1. **Continue the ledger, do not start over.** Append to the same `FB-###` counter
+   across rounds. Track each finding's state per round (open, fixed, disproved,
+   awaiting-decision, repeated).
+2. **Carry forward unresolved items.** Findings you marked `PARTIAL` or `NEEDS_USER_DECISION`
+   in round N will still be open in round N+1. The closure ledger should show their
+   evolution (e.g., "PARTIAL round 1 → CONFIRMED round 2 after evidence collected").
+3. **Apply the 3-strikes-then-defense-in-depth rule.** When the same finding is
+   raised 3+ times across rounds, prefer to add the suggested code change with a
+   defense-in-depth rationale comment rather than continue to debate. One extra
+   condition is cheap; per-round debate is expensive. Document the parent-vs-inner
+   relationship inline so future readers see the rationale.
+4. **Verify bot fix-direction suggestions against actual file structure.** Bots
+   read files linearly and can miss parent-block guards. For any "add an X check"
+   suggestion, read the surrounding function/block to confirm the check is genuinely
+   missing or already exists at a higher scope.
+5. **Each round produces its own closure ledger as a PR comment.** Prefix with
+   "Round N" so the bot and reviewers can see progression. Maintain a running
+   summary table at the end of each comment showing totals across rounds
+   (confirmed+fixed / disproved / partial / awaiting-decision).
+6. **Stop the cycle deliberately.** If a finding is disproved with code evidence 3+
+   times and the bot keeps re-raising it, leave the comment, post the closure
+   ledger with the cumulative evidence, and surface the disagreement to the user
+   rather than continuing to push fixes. The user can resolve persistent
+   reviewer-AI disagreement.
+
+**Why this matters:** Without the multi-round pattern, each round looks like
+"start over, re-triage everything." With it, the rounds become incremental:
+each round's work is bounded by new findings + carried-forward items only.
+This matches how the bot actually behaves and avoids wasted cycles.
+
 ## Operating Stance
 
 Treat every review comment, CI failure, bot summary, PR body claim, and pasted note

package/dist/cli/index.js

@@ -52,7 +52,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.66.0",
+    version: "7.66.2",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -56309,8 +56309,20 @@ import * as fs24 from "fs";
 import * as path50 from "path";
 function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
   if (workingDirectory == null || workingDirectory === "") {
+    if (typeof fallbackDirectory !== "string" || fallbackDirectory === "") {
+      return {
+        success: false,
+        message: "Invalid working_directory: no explicit working_directory was provided and fallbackDirectory is missing or not a string"
+      };
+    }
     return { success: true, directory: fallbackDirectory };
   }
+  if (typeof workingDirectory !== "string") {
+    return {
+      success: false,
+      message: "Invalid working_directory: path must be a string"
+    };
+  }
   if (workingDirectory.includes("\x00")) {
     return {
       success: false,
@@ -56326,14 +56338,14 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
       };
     }
   }
-  const normalizedDir = path50.normalize(workingDirectory);
-  const pathParts = normalizedDir.split(path50.sep);
-  if (pathParts.includes("..")) {
+  const rawPathParts = workingDirectory.split(path50.sep);
+  if (rawPathParts.includes("..")) {
     return {
       success: false,
       message: "Invalid working_directory: path traversal sequences (..) are not allowed"
     };
   }
+  const normalizedDir = path50.normalize(workingDirectory);
   const resolvedDir = path50.resolve(normalizedDir);
   let statResult;
   try {
@@ -56350,6 +56362,9 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
       message: `Invalid working_directory: path "${resolvedDir}" is not a directory`
     };
   }
+  if (typeof fallbackDirectory !== "string" || fallbackDirectory === "") {
+    return { success: true, directory: resolvedDir };
+  }
   const resolvedFallback = path50.resolve(fallbackDirectory);
   let fallbackExists = false;
   try {
@@ -56358,23 +56373,14 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
   } catch {
     fallbackExists = false;
   }
-  if (workingDirectory != null && workingDirectory !== "") {
-    if (fallbackExists) {
-      const isSubdirectory = resolvedDir.startsWith(resolvedFallback + path50.sep);
-      if (isSubdirectory) {
-        return {
-          success: false,
-          message: `Invalid working_directory: "${workingDirectory}" resolves to "${resolvedDir}" ` + `which is a subdirectory of fallback "${resolvedFallback}". ` + `Pass the project root path or omit working_directory entirely.`
-        };
-      }
+  if (fallbackExists) {
+    const isSubdirectory = resolvedDir.startsWith(resolvedFallback + path50.sep);
+    if (isSubdirectory) {
+      return {
+        success: false,
+        message: `Invalid working_directory: "${workingDirectory}" resolves to "${resolvedDir}" ` + `which is a subdirectory of fallback "${resolvedFallback}". ` + `Pass the project root path or omit working_directory entirely.`
+      };
     }
-    return { success: true, directory: resolvedDir };
-  }
-  if (resolvedDir !== resolvedFallback) {
-    return {
-      success: false,
-      message: `Invalid working_directory: path resolves to "${resolvedDir}" but fallbackDirectory ` + `"${resolvedFallback}" is not the project root. ` + `This may indicate CWD mismatch. Pass the project root path explicitly.`
-    };
   }
   return { success: true, directory: resolvedDir };
 }

package/dist/index.js

@@ -69,7 +69,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.66.0",
+    version: "7.66.2",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -80614,8 +80614,20 @@ import * as fs35 from "node:fs";
 import * as path67 from "node:path";
 function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
   if (workingDirectory == null || workingDirectory === "") {
+    if (typeof fallbackDirectory !== "string" || fallbackDirectory === "") {
+      return {
+        success: false,
+        message: "Invalid working_directory: no explicit working_directory was provided and fallbackDirectory is missing or not a string"
+      };
+    }
     return { success: true, directory: fallbackDirectory };
   }
+  if (typeof workingDirectory !== "string") {
+    return {
+      success: false,
+      message: "Invalid working_directory: path must be a string"
+    };
+  }
   if (workingDirectory.includes("\x00")) {
     return {
       success: false,
@@ -80631,14 +80643,14 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
       };
     }
   }
-  const normalizedDir = path67.normalize(workingDirectory);
-  const pathParts = normalizedDir.split(path67.sep);
-  if (pathParts.includes("..")) {
+  const rawPathParts = workingDirectory.split(path67.sep);
+  if (rawPathParts.includes("..")) {
     return {
       success: false,
       message: "Invalid working_directory: path traversal sequences (..) are not allowed"
     };
   }
+  const normalizedDir = path67.normalize(workingDirectory);
   const resolvedDir = path67.resolve(normalizedDir);
   let statResult;
   try {
@@ -80655,6 +80667,9 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
       message: `Invalid working_directory: path "${resolvedDir}" is not a directory`
     };
   }
+  if (typeof fallbackDirectory !== "string" || fallbackDirectory === "") {
+    return { success: true, directory: resolvedDir };
+  }
   const resolvedFallback = path67.resolve(fallbackDirectory);
   let fallbackExists = false;
   try {
@@ -80663,23 +80678,14 @@ function resolveWorkingDirectory(workingDirectory, fallbackDirectory) {
   } catch {
     fallbackExists = false;
   }
-  if (workingDirectory != null && workingDirectory !== "") {
-    if (fallbackExists) {
-      const isSubdirectory = resolvedDir.startsWith(resolvedFallback + path67.sep);
-      if (isSubdirectory) {
-        return {
-          success: false,
-          message: `Invalid working_directory: "${workingDirectory}" resolves to "${resolvedDir}" ` + `which is a subdirectory of fallback "${resolvedFallback}". ` + `Pass the project root path or omit working_directory entirely.`
-        };
-      }
+  if (fallbackExists) {
+    const isSubdirectory = resolvedDir.startsWith(resolvedFallback + path67.sep);
+    if (isSubdirectory) {
+      return {
+        success: false,
+        message: `Invalid working_directory: "${workingDirectory}" resolves to "${resolvedDir}" ` + `which is a subdirectory of fallback "${resolvedFallback}". ` + `Pass the project root path or omit working_directory entirely.`
+      };
     }
-    return { success: true, directory: resolvedDir };
-  }
-  if (resolvedDir !== resolvedFallback) {
-    return {
-      success: false,
-      message: `Invalid working_directory: path resolves to "${resolvedDir}" but fallbackDirectory ` + `"${resolvedFallback}" is not the project root. ` + `This may indicate CWD mismatch. Pass the project root path explicitly.`
-    };
   }
   return { success: true, directory: resolvedDir };
 }
@@ -98007,7 +98013,7 @@ var init_design_doc_drift = __esm(() => {
 var exports_project_context = {};
 __export(exports_project_context, {
   buildProjectContext: () => buildProjectContext,
-  _internals: () => _internals90,
+  _internals: () => _internals91,
   LANG_BACKEND_DETECTION_TIMEOUT_MS: () => LANG_BACKEND_DETECTION_TIMEOUT_MS
 });
 import * as fs135 from "node:fs";
@@ -98091,7 +98097,7 @@ function selectLintCommand(backend, directory) {
   return null;
 }
 async function buildProjectContext(directory) {
-  const backend = await _internals90.pickBackend(directory);
+  const backend = await _internals91.pickBackend(directory);
   if (!backend)
     return null;
   const ctx = emptyProjectContext();
@@ -98130,17 +98136,17 @@ async function buildProjectContext(directory) {
   if (backend.prompts.reviewerChecklist.length > 0) {
     ctx.REVIEWER_CHECKLIST = bulletList(backend.prompts.reviewerChecklist);
   }
-  const profiles = _internals90.pickedProfiles(directory);
+  const profiles = _internals91.pickedProfiles(directory);
   if (profiles.length > 1) {
     ctx.PROJECT_CONTEXT_SECONDARY_LANGUAGES = profiles.slice(1).map((p) => p.id).join(", ");
   }
   return ctx;
 }
-var LANG_BACKEND_DETECTION_TIMEOUT_MS = 300, _internals90;
+var LANG_BACKEND_DETECTION_TIMEOUT_MS = 300, _internals91;
 var init_project_context = __esm(() => {
   init_dispatch();
   init_framework_detector();
-  _internals90 = {
+  _internals91 = {
     pickBackend,
     pickedProfiles
   };
@@ -135965,6 +135971,11 @@ function verifyLeanTurboTaskCompletion(directory, taskId, sessionID) {
 init_task_id();
 init_create_tool();
 init_resolve_working_directory();
+var _internals89 = {
+  tryAcquireLock,
+  updateTaskStatus,
+  resolveWorkingDirectory
+};
 var VALID_STATUSES2 = [
   "pending",
   "in_progress",
@@ -136057,7 +136068,7 @@ function checkReviewerGate(taskId, workingDirectory, stageBParallelEnabled = fal
     }
     let resolvedDir;
     if (fallbackDir) {
-      const resolveResult = resolveWorkingDirectory(workingDirectory, fallbackDir);
+      const resolveResult = _internals89.resolveWorkingDirectory(workingDirectory, fallbackDir);
       if (resolveResult.success) {
         resolvedDir = resolveResult.directory;
       } else {
@@ -136404,14 +136415,7 @@ async function executeUpdateTaskStatus(args2, fallbackDir, ctx) {
     }
   }
   let directory;
-  if (!args2.working_directory && !fallbackDir) {
-    return {
-      success: false,
-      message: "No working_directory provided and fallbackDir is undefined",
-      errors: ["Cannot resolve directory for task status update"]
-    };
-  }
-  const resolveResult = resolveWorkingDirectory(args2.working_directory ?? fallbackDir, fallbackDir);
+  const resolveResult = _internals89.resolveWorkingDirectory(args2.working_directory, fallbackDir);
   if (!resolveResult.success) {
     return {
       success: false,
@@ -136504,7 +136508,7 @@ async function executeUpdateTaskStatus(args2, fallbackDir, ctx) {
   }
   let lockResult;
   try {
-    lockResult = await tryAcquireLock(directory, planFilePath, agentName, lockTaskId);
+    lockResult = await _internals89.tryAcquireLock(directory, planFilePath, agentName, lockTaskId);
   } catch (error93) {
     return {
       success: false,
@@ -136523,7 +136527,7 @@ async function executeUpdateTaskStatus(args2, fallbackDir, ctx) {
     };
   }
   try {
-    const updatedPlan = await updateTaskStatus(directory, args2.task_id, args2.status);
+    const updatedPlan = await _internals89.updateTaskStatus(directory, args2.task_id, args2.status);
     if (args2.status === "completed") {
       for (const [_sessionId, session] of swarmState.agentSessions) {
         if (!(session.taskWorkflowStates instanceof Map)) {
@@ -136947,7 +136951,7 @@ var web_search = createSwarmTool({
 });
 async function captureSearchEvidence(directory, query, results) {
   try {
-    const written = await _internals89.writeEvidenceDocuments(directory, results.map((result) => ({
+    const written = await _internals90.writeEvidenceDocuments(directory, results.map((result) => ({
       sourceType: "web_search",
       query,
       title: result.title,
@@ -136975,7 +136979,7 @@ async function captureSearchEvidence(directory, query, results) {
     };
   }
 }
-var _internals89 = {
+var _internals90 = {
   writeEvidenceDocuments
 };
 
@@ -138029,22 +138033,22 @@ async function initializeOpenCodeSwarm(ctx) {
   const guardrailsFallback = config3.guardrails?.enabled === false ? { ...config3.guardrails, enabled: false } : config3.guardrails ?? {};
   const guardrailsConfig = GuardrailsConfigSchema.parse(guardrailsFallback);
   if (loadedFromFile && guardrailsConfig.enabled === false) {
-    console.warn("");
-    console.warn("══════════════════════════════════════════════════════════════");
-    console.warn("[opencode-swarm] \uD83D\uDD34 SECURITY WARNING: GUARDRAILS ARE DISABLED");
-    console.warn("══════════════════════════════════════════════════════════════");
-    console.warn("Guardrails have been explicitly disabled in user configuration.");
-    console.warn("This disables safety measures including:");
-    console.warn("  - Tool call limits");
-    console.warn("  - Duration limits");
-    console.warn("  - Repetition detection");
-    console.warn("  - Error rate limits");
-    console.warn("  - Idle timeouts");
-    console.warn("");
-    console.warn("Only disable guardrails if you fully understand the security implications.");
-    console.warn('To re-enable guardrails, set "guardrails.enabled" to true in your config.');
-    console.warn("══════════════════════════════════════════════════════════════");
-    console.warn("");
+    warn("");
+    warn("══════════════════════════════════════════════════════════════");
+    warn("[opencode-swarm] \uD83D\uDD34 SECURITY WARNING: GUARDRAILS ARE DISABLED");
+    warn("══════════════════════════════════════════════════════════════");
+    warn("Guardrails have been explicitly disabled in user configuration.");
+    warn("This disables safety measures including:");
+    warn("  - Tool call limits");
+    warn("  - Duration limits");
+    warn("  - Repetition detection");
+    warn("  - Error rate limits");
+    warn("  - Idle timeouts");
+    warn("");
+    warn("Only disable guardrails if you fully understand the security implications.");
+    warn('To re-enable guardrails, set "guardrails.enabled" to true in your config.');
+    warn("══════════════════════════════════════════════════════════════");
+    warn("");
   }
   const delegationHandler = createDelegationTrackerHook(config3, guardrailsConfig.enabled);
   const authorityConfig = AuthorityConfigSchema.parse(config3.authority ?? {});

package/dist/tools/resolve-working-directory.d.ts

@@ -39,4 +39,4 @@ export interface ResolveError {
  * @param workingDirectory - Explicit working_directory from tool args (caller-controlled)
  * @param fallbackDirectory - Injected directory from createSwarmTool (ctx.directory ?? process.cwd())
  */
-export declare function resolveWorkingDirectory(workingDirectory: string | undefined | null, fallbackDirectory: string): ResolveResult | ResolveError;
+export declare function resolveWorkingDirectory(workingDirectory: string | undefined | null, fallbackDirectory?: string | null): ResolveResult | ResolveError;

package/dist/tools/update-task-status.d.ts

@@ -3,6 +3,19 @@
  * Allows agents to mark tasks as pending, in_progress, completed, or blocked.
  */
 import type { ToolContext, ToolDefinition } from '@opencode-ai/plugin/tool';
+import { tryAcquireLock } from '../parallel/file-locks.js';
+import { updateTaskStatus } from '../plan/manager';
+import { resolveWorkingDirectory } from './resolve-working-directory';
+/**
+ * Internal seams for test injection.
+ * Tests should save/restore these in beforeEach/afterEach rather than using
+ * module-scope vi.mock, which leaks across files in Bun's shared test runner.
+ */
+export declare const _internals: {
+    readonly tryAcquireLock: typeof tryAcquireLock;
+    readonly updateTaskStatus: typeof updateTaskStatus;
+    readonly resolveWorkingDirectory: typeof resolveWorkingDirectory;
+};
 /**
  * Arguments for the update_task_status tool
  */

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.66.0",
+	"version": "7.66.2",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",