opencode-swarm 7.74.0 → 7.74.2

package/dist/services/external-content-scanner.d.ts

@@ -0,0 +1,67 @@
+/**
+ * External content scanner — shared ingress point for arbitrary external text.
+ *
+ * Reuses the prompt-injection and unsafe-instruction patterns from
+ * external-skill-validator.ts to scan network-fetched content (gitingest,
+ * web_search, future network tools) before it enters the LLM context.
+ *
+ * Provides a single shared interface: `scanExternalContent(text, options?)`.
+ * This ensures consistent threat detection across all external sources
+ * and closes the asymmetry documented in issue #1278.
+ *
+ * Uses an `_internals` DI seam for testability — no `mock.module` leakage.
+ */
+import { type ValidationFinding } from './external-skill-validator';
+/** Result from scanning external content for injection and unsafe instructions. */
+export interface ExternalContentScanResult {
+    /** Whether threats were detected. */
+    clean: boolean;
+    /** Individual findings from the scan. */
+    findings: ValidationFinding[];
+    /** Threats found: 'none', 'warning', or 'error'. */
+    threatLevel: 'none' | 'warning' | 'error';
+    /** The original text (for comparison). */
+    originalLength: number;
+    /** The neutralized text with threat markers wrapped. */
+    neutralized: string;
+}
+/**
+ * Apply invisible-format-character detection to raw text.
+ *
+ * Unlike the other patterns, invisible format chars are detected by counting
+ * occurrences in the raw string (not via regex .test), because we need the
+ * match string and they are multi-codepoint.
+ *
+ * Returns an array of findings (empty if none found).
+ * Each finding includes the individual match string (not concatenated),
+ * so callers can neutralize each occurrence at its original position.
+ */
+declare function scanInvisibleFormatChars(text: string): ValidationFinding[];
+/**
+ * Neutralize threat patterns in text by wrapping them with delimiters.
+ * This makes them visible to the LLM as data, not instructions.
+ */
+declare function neutralizeThreatPatterns(text: string, findings: ValidationFinding[]): string;
+/**
+ * Scan arbitrary external content for prompt-injection and unsafe-instruction threats.
+ *
+ * Returns a structured result with:
+ * - `clean`: boolean indicating no error-severity findings
+ * - `findings`: all detected findings
+ * - `threatLevel`: aggregated threat assessment
+ * - `neutralized`: the text with threat patterns wrapped for safety
+ *
+ * @param text - The external content to scan (arbitrary length, typically from API)
+ * @param options - Optional: { trustLevel = 'low' }
+ *   - 'low': warnings are treated as errors
+ *   - 'medium'/'high': warnings stay warnings
+ */
+export declare function scanExternalContent(text: string, options?: {
+    trustLevel?: 'low' | 'medium' | 'high';
+    maxLength?: number;
+}): ExternalContentScanResult;
+export declare const _internals: {
+    scanInvisibleFormatChars: typeof scanInvisibleFormatChars;
+    neutralizeThreatPatterns: typeof neutralizeThreatPatterns;
+};
+export {};

package/dist/services/external-skill-validator.d.ts

@@ -105,6 +105,7 @@ export declare const VALIDATION_RATE_LIMITS: {
     /** Timeout for individual fetch operations in milliseconds. */
     readonly fetch_timeout_ms: 30000;
 };
+declare function stripMarkdownCodeForUnsafeScan(text: string): string;
 /**
  * Scan an external skill candidate for prompt-injection patterns.
  *
@@ -157,4 +158,6 @@ export declare function evaluateCandidate(candidate: ExternalSkillCandidate, opt
 export declare const _internals: {
     getTimestamp: () => string;
     computeSha256: (content: string) => string;
+    stripMarkdownCodeForUnsafeScan: typeof stripMarkdownCodeForUnsafeScan;
 };
+export {};

package/dist/services/skill-generator.d.ts

@@ -24,6 +24,9 @@ export interface CandidateSelectionOptions {
     minConfidence: number;
     minConfirmations: number;
 }
+export declare const DEFAULT_SKILL_MIN_CONFIDENCE = 0.7;
+export declare const DEFAULT_SKILL_MIN_CONFIRMATIONS = 2;
+export declare const STRONG_SKILL_OUTCOME_COUNT = 3;
 export interface KnowledgeCluster {
     slug: string;
     title: string;
@@ -36,6 +39,7 @@ export interface KnowledgeCluster {
     avgConfidence: number;
 }
 export declare function selectCandidateEntries(directory: string, opts: CandidateSelectionOptions): Promise<KnowledgeEntryBase[]>;
+export declare function isSkillMaturityEligible(entry: KnowledgeEntryBase, opts: CandidateSelectionOptions, outcomes?: KnowledgeEntryBase['retrieval_outcomes'] | undefined): boolean;
 /**
  * Compute Jaccard similarity between two tag sets.
  * Returns 0 when both sets are empty (avoids division by zero).
@@ -147,6 +151,7 @@ export declare const _internals: {
     sanitizeSlug: typeof sanitizeSlug;
     isValidSlug: typeof isValidSlug;
     selectCandidateEntries: typeof selectCandidateEntries;
+    isSkillMaturityEligible: typeof isSkillMaturityEligible;
     clusterEntries: typeof clusterEntries;
     jaccardSimilarity: typeof jaccardSimilarity;
     renderSkillMarkdown: typeof renderSkillMarkdown;

package/dist/services/skill-improver-quota.d.ts

@@ -1,12 +1,13 @@
 /**
- * Skill-improver daily-quota tracker.
+ * Named daily-quota tracker for low-frequency LLM work.
  *
- * State file: .swarm/skill-improver-quota.json
- * Counts every LLM-credentialed call by the skill_improver agent.
+ * Default state file: .swarm/skill-improver-quota.json
+ * Dedicated enrichment state file: .swarm/knowledge-enrichment-quota.json
  * The window is configurable: 'utc' (default) resets at 00:00 UTC; 'local'
  * resets at the host's local midnight.
  */
 export type QuotaWindow = 'utc' | 'local';
+export type QuotaScope = 'skill-improver' | 'knowledge-enrichment';
 export interface QuotaState {
     /** YYYY-MM-DD in the chosen window */
     date: string;
@@ -15,12 +16,13 @@ export interface QuotaState {
     last_run_at?: string;
     window: QuotaWindow;
 }
-export declare function resolveQuotaPath(directory: string): string;
+export declare function resolveQuotaPath(directory: string, scope?: QuotaScope): string;
 export declare function todayKey(window: QuotaWindow, now?: Date): string;
 export interface QuotaCheckOptions {
     maxCalls: number;
     window: QuotaWindow;
     now?: Date;
+    scope?: QuotaScope;
 }
 export interface QuotaCheckResult {
     allowed: boolean;

package/dist/services/skill-improver.d.ts

@@ -16,7 +16,8 @@
  *     on failure: a flaky model must not burn unbounded retries within a
  *     window.
  */
-import type { SwarmKnowledgeEntry } from '../hooks/knowledge-types.js';
+import type { EnrichmentQuotaOptions } from '../hooks/knowledge-curator.js';
+import type { KnowledgeEntryBase } from '../hooks/knowledge-types.js';
 import { type SkillImproverLLMDelegate } from '../hooks/skill-improver-llm-factory.js';
 import { type AutoApplyResult } from './skill-generator.js';
 import { type QuotaWindow } from './skill-improver-quota.js';
@@ -46,6 +47,9 @@ export interface SkillImproveRequest {
      *  createSkillImproverLLMDelegate(directory, sessionId) which returns
      *  undefined unless swarmState.opencodeClient is wired. */
     delegate?: SkillImproverLLMDelegate;
+    /** Dedicated quota for hardening quarantined knowledge entries. This is
+     *  separate from the skill_improver proposal quota above. */
+    enrichmentQuota?: EnrichmentQuotaOptions;
 }
 export interface SkillImproveResult {
     ran: boolean;
@@ -95,7 +99,7 @@ interface InventorySnapshot {
         metadataReadable: number;
     };
     highConfidenceClusters: number;
-    matureCandidates: SwarmKnowledgeEntry[];
+    matureCandidates: KnowledgeEntryBase[];
     staleActiveSkills: Array<{
         slug: string;
         reasons: string[];

package/dist/services/unactionable-hardening.d.ts

@@ -12,8 +12,8 @@
  * retirement). Already-marked retire candidates are never re-processed.
  *
  * Quota: every LLM attempt goes through `enrichLessonToV3`, which reserves one
- * skill-improver quota slot per call — the loop can never exceed the shared
- * daily budget. A per-run batch cap bounds worst-case cost further.
+ * dedicated knowledge-enrichment quota slot per call. A per-run batch cap
+ * bounds worst-case cost further.
  */
 import type { CuratorLLMDelegate } from '../hooks/curator.js';
 import { type EnrichmentQuotaOptions } from '../hooks/knowledge-curator.js';

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.74.0",
+	"version": "7.74.2",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",

package/dist/skills/index.d.ts

@@ -1,30 +0,0 @@
-/**
- * Skill definition with versioning and per-agent overlays
- */
-export interface AgentOverlay {
-    agent: string;
-    prompt?: string;
-    model?: string;
-}
-export interface SkillDefinition {
-    id: string;
-    name: string;
-    description: string;
-    SKILL_VERSION: number;
-    basePrompt?: string;
-    agents?: AgentOverlay[];
-}
-export declare const skills: SkillDefinition[];
-export declare const AGENT_OVERLAYS: Record<string, AgentOverlay[]>;
-/**
- * Get skill by ID
- */
-export declare function getSkill(id: string): SkillDefinition | undefined;
-/**
- * Get agent overlay for a skill
- */
-export declare function getAgentOverlay(skillId: string, agent: string): AgentOverlay | undefined;
-/**
- * Resolve effective prompt for an agent on a skill
- */
-export declare function resolveAgentPrompt(skillId: string, agent: string, defaultPrompt: string): string;