opencode-swarm 7.74.3 → 7.76.0

package/dist/cli/index.js

@@ -52,10 +52,17 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.74.3",
+    version: "7.76.0",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
+    exports: {
+      ".": {
+        types: "./dist/index.d.ts",
+        default: "./dist/index.js"
+      },
+      "./package.json": "./package.json"
+    },
     bin: {
       "opencode-swarm": "./dist/cli/index.js"
     },
@@ -17493,7 +17500,7 @@ var init_tool_metadata = __esm(() => {
       agents: ["critic_drift_verifier", "critic", "critic_oversight"]
     },
     repo_map: {
-      description: "query the repo code graph: importers, dependencies, blast radius, and localization context for structural awareness before refactoring",
+      description: "query the repo code graph: importers, dependencies, blast radius, localization, ontology facts, package boundaries, and heuristic preflight packets before refactoring; ontology findings are advisory, not formal proofs",
       agents: [
         "architect",
         "critic_sounding_board",
@@ -18015,6 +18022,7 @@ __export(exports_schema, {
   AutomationModeSchema: () => AutomationModeSchema,
   AutomationConfigSchema: () => AutomationConfigSchema,
   AutomationCapabilitiesSchema: () => AutomationCapabilitiesSchema,
+  AutoReviewConfigSchema: () => AutoReviewConfigSchema,
   AuthorityConfigSchema: () => AuthorityConfigSchema,
   ArchitecturalSupervisionConfigSchema: () => ArchitecturalSupervisionConfigSchema,
   AgentThinkingConfigSchema: () => AgentThinkingConfigSchema,
@@ -18100,7 +18108,7 @@ function resolveExternalSkillsConfig(input) {
   };
   return merged;
 }
-var _internals5, SEPARATORS, CANONICAL_ROLES_LONGEST_FIRST, CANONICAL_ROLES_SET, AgentReasoningConfigSchema, AgentThinkingConfigSchema, AgentOverrideConfigSchema, SwarmConfigSchema, HooksConfigSchema, ScoringWeightsSchema, DecisionDecaySchema, TokenRatiosSchema, ScoringConfigSchema, ContextBudgetConfigSchema, EvidenceConfigSchema, GateFeatureSchema, PlaceholderScanConfigSchema, QualityBudgetConfigSchema, GateConfigSchema, PipelineConfigSchema, PhaseCompleteConfigSchema, SummaryConfigSchema, ReviewPassesConfigSchema, AdversarialDetectionConfigSchema, AdversarialTestingConfigSchemaBase, AdversarialTestingConfigSchema, IntegrationAnalysisConfigSchema, DocsConfigSchema, DesignDocsConfigSchema, UIReviewConfigSchema, CompactionAdvisoryConfigSchema, LintConfigSchema, SecretscanConfigSchema, GuardrailsProfileSchema, DEFAULT_AGENT_PROFILES, DEFAULT_ARCHITECT_PROFILE, GuardrailsConfigSchema, WatchdogConfigSchema, SelfReviewConfigSchema, ToolFilterConfigSchema, PlanCursorConfigSchema, ContextMapConfigSchema, CheckpointConfigSchema, AutomationModeSchema, AutomationCapabilitiesSchema, AutomationConfigSchemaBase, AutomationConfigSchema, KnowledgeConfigSchema, MemoryConfigSchema, CuratorConfigSchema, ArchitecturalSupervisionConfigSchema, KnowledgeApplicationConfigSchema, SkillPropagationConfigSchema, SkillImproverConfigSchema, SpecWriterConfigSchema, SlopDetectorConfigSchema, IncrementalVerifyConfigSchema, CompactionConfigSchema, PrmConfigSchema, AgentAuthorityRuleSchema, AuthorityConfigSchema, GeneralCouncilMemberConfigSchema, GeneralCouncilConfigSchema, CouncilConfigSchema, PrMonitorConfigSchema, ParallelizationConfigSchema, WorktreeIsolationConfigSchema, LeanTurboConfigSchema, StandardTurboConfigSchema, LeanTurboStrategyConfigSchema, TurboConfigSchema, ExternalSkillCandidateSourceTypeSchema, ExternalSkillCandidateEvaluationVerdictSchema, DiscoverySourceSchema, ExternalSkillCandidateSchema, ExternalSkillsConfigSchema, DEFAULT_EXTERNAL_SKILLS_CONFIG, PluginConfigSchema;
+var _internals5, SEPARATORS, CANONICAL_ROLES_LONGEST_FIRST, CANONICAL_ROLES_SET, AgentReasoningConfigSchema, AgentThinkingConfigSchema, AgentOverrideConfigSchema, SwarmConfigSchema, HooksConfigSchema, ScoringWeightsSchema, DecisionDecaySchema, TokenRatiosSchema, ScoringConfigSchema, ContextBudgetConfigSchema, EvidenceConfigSchema, GateFeatureSchema, PlaceholderScanConfigSchema, QualityBudgetConfigSchema, GateConfigSchema, PipelineConfigSchema, PhaseCompleteConfigSchema, SummaryConfigSchema, ReviewPassesConfigSchema, AutoReviewConfigSchema, AdversarialDetectionConfigSchema, AdversarialTestingConfigSchemaBase, AdversarialTestingConfigSchema, IntegrationAnalysisConfigSchema, DocsConfigSchema, DesignDocsConfigSchema, UIReviewConfigSchema, CompactionAdvisoryConfigSchema, LintConfigSchema, SecretscanConfigSchema, GuardrailsProfileSchema, DEFAULT_AGENT_PROFILES, DEFAULT_ARCHITECT_PROFILE, GuardrailsConfigSchema, WatchdogConfigSchema, SelfReviewConfigSchema, ToolFilterConfigSchema, PlanCursorConfigSchema, ContextMapConfigSchema, CheckpointConfigSchema, AutomationModeSchema, AutomationCapabilitiesSchema, AutomationConfigSchemaBase, AutomationConfigSchema, KnowledgeConfigSchema, MemoryConfigSchema, CuratorConfigSchema, ArchitecturalSupervisionConfigSchema, KnowledgeApplicationConfigSchema, SkillPropagationConfigSchema, SkillImproverConfigSchema, SpecWriterConfigSchema, SlopDetectorConfigSchema, IncrementalVerifyConfigSchema, CompactionConfigSchema, PrmConfigSchema, AgentAuthorityRuleSchema, AuthorityConfigSchema, GeneralCouncilMemberConfigSchema, GeneralCouncilConfigSchema, CouncilConfigSchema, PrMonitorConfigSchema, ParallelizationConfigSchema, WorktreeIsolationConfigSchema, LeanTurboConfigSchema, StandardTurboConfigSchema, LeanTurboStrategyConfigSchema, TurboConfigSchema, ExternalSkillCandidateSourceTypeSchema, ExternalSkillCandidateEvaluationVerdictSchema, DiscoverySourceSchema, ExternalSkillCandidateSchema, ExternalSkillsConfigSchema, DEFAULT_EXTERNAL_SKILLS_CONFIG, PluginConfigSchema;
 var init_schema = __esm(() => {
   init_zod();
   init_constants();
@@ -18288,6 +18296,12 @@ var init_schema = __esm(() => {
       "**/token/**"
     ])
   });
+  AutoReviewConfigSchema = exports_external.object({
+    enabled: exports_external.boolean().default(false),
+    trigger: exports_external.enum(["task_completion", "phase_boundary", "both"]).default("phase_boundary"),
+    timeout_ms: exports_external.number().int().min(1e4).max(1800000).default(300000),
+    max_diff_kb: exports_external.number().int().min(16).max(2048).default(256)
+  });
   AdversarialDetectionConfigSchema = exports_external.object({
     enabled: exports_external.boolean().default(true),
     policy: exports_external.enum(["warn", "gate", "ignore"]).default("warn"),
@@ -18971,6 +18985,7 @@ var init_schema = __esm(() => {
     guardrails: GuardrailsConfigSchema.optional(),
     watchdog: WatchdogConfigSchema.optional(),
     self_review: SelfReviewConfigSchema.optional(),
+    auto_review: AutoReviewConfigSchema.optional(),
     tool_filter: ToolFilterConfigSchema.optional(),
     authority: AuthorityConfigSchema.optional(),
     plan_cursor: PlanCursorConfigSchema.optional(),
@@ -19021,6 +19036,7 @@ var init_schema = __esm(() => {
     version_check: exports_external.boolean().default(true).optional(),
     full_auto: exports_external.object({
       enabled: exports_external.boolean().default(false),
+      locked: exports_external.boolean().default(false),
       critic_model: exports_external.string().optional(),
       max_interactions_per_phase: exports_external.number().int().min(5).max(200).default(50),
       deadlock_threshold: exports_external.number().int().min(2).max(10).default(3),
@@ -19034,6 +19050,7 @@ var init_schema = __esm(() => {
         protected_paths: exports_external.array(exports_external.string()).default([
           ".git",
           ".github/workflows",
+          ".opencode",
           ".swarm",
           "package.json",
           "package-lock.json",
@@ -19061,6 +19078,7 @@ var init_schema = __esm(() => {
         protected_paths: [
           ".git",
           ".github/workflows",
+          ".opencode",
           ".swarm",
           "package.json",
           "package-lock.json",
@@ -19112,6 +19130,7 @@ var init_schema = __esm(() => {
       }))
     }).optional().default(() => ({
       enabled: false,
+      locked: false,
       max_interactions_per_phase: 50,
       deadlock_threshold: 3,
       escalation_mode: "pause",
@@ -19124,6 +19143,7 @@ var init_schema = __esm(() => {
         protected_paths: [
           ".git",
           ".github/workflows",
+          ".opencode",
           ".swarm",
           "package.json",
           "package-lock.json",
@@ -19319,6 +19339,15 @@ function sanitizeExternalSkillsConfig(raw) {
   delete cleaned.external_skills;
   return cleaned;
 }
+function rawFullAutoLocked(raw) {
+  if (!raw || typeof raw !== "object")
+    return false;
+  const fullAuto = raw.full_auto;
+  if (!fullAuto || typeof fullAuto !== "object" || Array.isArray(fullAuto)) {
+    return false;
+  }
+  return fullAuto.locked === true;
+}
 function loadPluginConfig(directory) {
   const userConfigPath = path7.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
   const projectConfigPath = path7.join(directory, ".opencode", CONFIG_FILENAME);
@@ -19332,6 +19361,13 @@ function loadPluginConfig(directory) {
   if (rawProjectConfig) {
     mergedRaw = deepMerge(mergedRaw, rawProjectConfig);
   }
+  if (rawFullAutoLocked(rawUserConfig) || rawFullAutoLocked(rawProjectConfig)) {
+    const fullAutoRaw = mergedRaw.full_auto && typeof mergedRaw.full_auto === "object" && !Array.isArray(mergedRaw.full_auto) ? mergedRaw.full_auto : {};
+    mergedRaw = {
+      ...mergedRaw,
+      full_auto: { ...fullAutoRaw, locked: true }
+    };
+  }
   mergedRaw = migratePresetsConfig(mergedRaw);
   mergedRaw = sanitizeExternalSkillsConfig(mergedRaw);
   const result = PluginConfigSchema.safeParse(mergedRaw);
@@ -19364,8 +19400,9 @@ function loadPluginConfigWithMeta(directory) {
   const userResult = loadRawConfigFromPath(userConfigPath);
   const projectResult = loadRawConfigFromPath(projectConfigPath);
   const loadedFromFile = userResult.fileExisted || projectResult.fileExisted;
+  const configHadErrors = userResult.hadError || projectResult.hadError;
   const config2 = loadPluginConfig(directory);
-  return { config: config2, loadedFromFile };
+  return { config: config2, loadedFromFile, configHadErrors };
 }
 var CONFIG_FILENAME = "opencode-swarm.json", MAX_CONFIG_FILE_BYTES = 102400;
 var init_loader = __esm(() => {
@@ -51242,6 +51279,25 @@ function emptyCounters() {
     consecutiveNoProgressTurns: 0
   };
 }
+function sanitizeRunState(raw) {
+  if (!raw || typeof raw !== "object" || Array.isArray(raw))
+    return null;
+  const r = raw;
+  if (typeof r.sessionID !== "string" || !r.sessionID)
+    return null;
+  const mode = VALID_RUN_MODES.has(r.mode) ? r.mode : "supervised";
+  const status = VALID_RUN_STATUSES.has(r.status) ? r.status : "idle";
+  return { ...raw, mode, status };
+}
+function sanitizeSessions(raw) {
+  const result = {};
+  for (const [id, session] of Object.entries(raw)) {
+    const sanitized = sanitizeRunState(session);
+    if (sanitized)
+      result[id] = sanitized;
+  }
+  return result;
+}
 function emptyState(sessionID, mode = "supervised") {
   const now = nowISO();
   return {
@@ -51306,26 +51362,45 @@ function clearStateUnreadable() {
   stateUnreadable = false;
   stateUnreadableReason = "";
 }
+function isFullAutoStateUnreadable() {
+  return { unreadable: stateUnreadable, reason: stateUnreadableReason };
+}
 function readPersisted(directory) {
   try {
     const filePath = validateSwarmPath(directory, STATE_FILE);
-    if (!fs15.existsSync(filePath)) {
+    let stats;
+    try {
+      stats = fs15.statSync(filePath);
+    } catch {
       clearStateUnreadable();
+      readCache.delete(filePath);
       return emptyPersisted();
     }
+    const cached3 = readCache.get(filePath);
+    if (cached3 && cached3.mtimeMs === stats.mtimeMs && cached3.size === stats.size) {
+      clearStateUnreadable();
+      return structuredClone(cached3.state);
+    }
     const raw = fs15.readFileSync(filePath, "utf-8");
     const parsed = JSON.parse(raw);
     if (!parsed || typeof parsed !== "object" || Array.isArray(parsed) || parsed.version !== 2 || !parsed.sessions || typeof parsed.sessions !== "object" || Array.isArray(parsed.sessions)) {
       markStateUnreadable(`malformed shape (version=${parsed?.version}, sessions type=${Array.isArray(parsed?.sessions) ? "array" : typeof parsed?.sessions})`);
+      readCache.delete(filePath);
       return emptyPersisted();
     }
     clearStateUnreadable();
-    return {
+    const state = {
       version: 2,
       updatedAt: parsed.updatedAt ?? nowISO(),
       oversightSequence: typeof parsed.oversightSequence === "number" ? parsed.oversightSequence : 0,
-      sessions: parsed.sessions
+      sessions: sanitizeSessions(parsed.sessions)
     };
+    readCache.set(filePath, {
+      mtimeMs: stats.mtimeMs,
+      size: stats.size,
+      state: structuredClone(state)
+    });
+    return state;
   } catch (error93) {
     const reason = error93 instanceof Error ? error93.message : String(error93);
     error(`[full-auto/state] Failed to read ${STATE_FILE}: ${reason} \u2014 attempting .bak recovery`);
@@ -51341,7 +51416,7 @@ function readPersisted(directory) {
             version: 2,
             updatedAt: parsed.updatedAt ?? nowISO(),
             oversightSequence: typeof parsed.oversightSequence === "number" ? parsed.oversightSequence : 0,
-            sessions: parsed.sessions
+            sessions: sanitizeSessions(parsed.sessions)
           };
         }
       }
@@ -51349,6 +51424,7 @@ function readPersisted(directory) {
       error(`[full-auto/state] .bak recovery also failed: ${bakError instanceof Error ? bakError.message : String(bakError)}`);
     }
     markStateUnreadable(`canonical=${reason}; .bak=missing-or-corrupt`);
+    readCache.clear();
     return emptyPersisted();
   }
 }
@@ -51386,6 +51462,7 @@ function writePersisted(directory, persisted) {
       }
     } catch {}
     fs15.renameSync(tmpPath, filePath);
+    readCache.delete(filePath);
     const readback = fs15.readFileSync(filePath, "utf-8");
     const parsed = JSON.parse(readback);
     if (parsed?.version !== 2) {
@@ -51397,6 +51474,10 @@ function writePersisted(directory, persisted) {
     throw new Error(`Full-Auto state persistence failed: ${msg}`);
   }
 }
+function loadFullAutoRunState(directory, sessionID) {
+  const persisted = readPersisted(directory);
+  return persisted.sessions[sessionID];
+}
 function startFullAutoRun(directory, sessionID, config3, options = {}) {
   return withStateLock(directory, () => {
     const persisted = readPersisted(directory);
@@ -51428,14 +51509,15 @@ function startFullAutoRun(directory, sessionID, config3, options = {}) {
     return state;
   });
 }
-function pauseFullAutoRun(directory, sessionID, reason) {
+function disarmFullAutoRun(directory, sessionID, reason) {
   return withStateLock(directory, () => {
     const persisted = readPersisted(directory);
     const state = persisted.sessions[sessionID];
     if (!state)
       return;
-    state.status = "paused";
+    state.status = "idle";
     state.pauseReason = reason;
+    state.terminateReason = undefined;
     state.updatedAt = nowISO();
     persisted.sessions[sessionID] = state;
     writePersisted(directory, persisted);
@@ -51456,15 +51538,26 @@ function terminateFullAutoRun(directory, sessionID, reason) {
     return state;
   });
 }
-var import_proper_lockfile8, lockfile8, STATE_FILE = "full-auto-state.json", stateUnreadable = false, stateUnreadableReason = "";
+var import_proper_lockfile8, lockfile8, STATE_FILE = "full-auto-state.json", VALID_RUN_MODES, VALID_RUN_STATUSES, stateUnreadable = false, stateUnreadableReason = "", readCache;
 var init_state2 = __esm(() => {
   init_utils2();
   init_logger();
   import_proper_lockfile8 = __toESM(require_proper_lockfile(), 1);
   lockfile8 = import_proper_lockfile8.default;
+  VALID_RUN_MODES = new Set(["assisted", "supervised", "strict"]);
+  VALID_RUN_STATUSES = new Set([
+    "idle",
+    "running",
+    "paused",
+    "terminated"
+  ]);
+  readCache = new Map;
 });
 
 // src/commands/full-auto.ts
+function isValidMode(value) {
+  return VALID_MODES.includes(value);
+}
 async function handleFullAutoCommand(directory, args, sessionID) {
   if (!sessionID || sessionID.trim() === "") {
     return "Error: No active session context. Full-Auto Mode requires an active session. Use /swarm-full-auto from within an OpenCode session, or start a session first.";
@@ -51474,39 +51567,63 @@ async function handleFullAutoCommand(directory, args, sessionID) {
     return "Error: No active session. Full-Auto Mode requires an active session to operate.";
   }
   const arg = args[0]?.toLowerCase();
+  if (arg === "status") {
+    return buildStatusReport(directory, sessionID, session.fullAutoMode);
+  }
   let newFullAutoMode;
+  let modeOverride;
   if (arg === "on") {
     newFullAutoMode = true;
+    const modeArg = args[1]?.toLowerCase();
+    if (modeArg) {
+      if (!isValidMode(modeArg)) {
+        return `Error: invalid Full-Auto mode '${args[1]}'. Valid modes: ${VALID_MODES.join(", ")}.`;
+      }
+      modeOverride = modeArg;
+    }
   } else if (arg === "off") {
     newFullAutoMode = false;
+  } else if (arg && isValidMode(arg)) {
+    newFullAutoMode = true;
+    modeOverride = arg;
   } else {
     newFullAutoMode = !session.fullAutoMode;
   }
-  if (newFullAutoMode && !swarmState.fullAutoEnabledInConfig) {
-    return "Error: Full-Auto Mode cannot be enabled because full_auto.enabled is not set to true in the swarm plugin config. The autonomous oversight hook is inactive without config-level enablement. Set full_auto.enabled = true in your opencode-swarm config and restart.";
-  }
   let v2Status = "unavailable";
   let modeLabel = "supervised";
   let denialMaxConsecutive = 3;
   let denialMaxTotal = 20;
   let failClosed = true;
   let durableError;
+  let criticModelAdvisory = "";
   try {
-    const { config: config3 } = loadPluginConfigWithMeta(directory);
+    const { config: config3, configHadErrors } = loadPluginConfigWithMeta(directory);
     const fullAutoConfig = config3.full_auto;
-    modeLabel = fullAutoConfig?.mode ?? "supervised";
+    if (newFullAutoMode && configHadErrors) {
+      return "Error: Full-Auto Mode cannot be enabled \u2014 a swarm plugin config file exists but could not be loaded, so full_auto.locked cannot be verified. Fix the config file (see warnings above) and retry.";
+    }
+    if (newFullAutoMode && fullAutoConfig?.locked === true) {
+      return "Error: Full-Auto Mode is locked for this project (full_auto.locked is true in the swarm plugin config). Runtime activation is disabled by configuration; remove the lock to use /swarm full-auto on.";
+    }
+    const effectiveMode = modeOverride ?? fullAutoConfig?.mode ?? "supervised";
+    modeLabel = effectiveMode;
     denialMaxConsecutive = fullAutoConfig?.denials?.max_consecutive ?? 3;
     denialMaxTotal = fullAutoConfig?.denials?.max_total ?? 20;
     failClosed = fullAutoConfig?.fail_closed !== false;
     if (newFullAutoMode) {
-      startFullAutoRun(directory, sessionID, fullAutoConfig);
+      startFullAutoRun(directory, sessionID, fullAutoConfig ? { ...fullAutoConfig, mode: effectiveMode } : undefined);
       v2Status = "running";
+      const criticModel = fullAutoConfig?.critic_model ?? config3.agents?.critic?.model;
+      const architectModel = config3.agents?.architect?.model;
+      if (criticModel && architectModel && criticModel === architectModel) {
+        criticModelAdvisory = " WARNING: critic model matches architect model \u2014 set full_auto.critic_model (or agents.critic.model) to a different model for independent oversight.";
+      }
     } else {
-      const paused = pauseFullAutoRun(directory, sessionID, "/swarm full-auto off");
-      if (!paused) {
+      const disarmed = disarmFullAutoRun(directory, sessionID, "/swarm full-auto off");
+      if (!disarmed) {
         terminateFullAutoRun(directory, sessionID, "never started");
       }
-      v2Status = "paused";
+      v2Status = "idle";
     }
   } catch (error93) {
     durableError = error93 instanceof Error ? error93.message : String(error93);
@@ -51535,13 +51652,54 @@ async function handleFullAutoCommand(directory, args, sessionID) {
     "Full-Auto Mode enabled",
     `(v2 mode=${modeLabel}, fail_closed=${failClosed},`,
     `denials max ${denialMaxConsecutive} consecutive / ${denialMaxTotal} total)`
-  ].join(" ");
+  ].join(" ") + criticModelAdvisory;
+}
+function buildStatusReport(directory, sessionID, sessionFlag) {
+  const lines = [];
+  lines.push(`Full-Auto session flag: ${sessionFlag ? "on" : "off"}`);
+  try {
+    const { config: config3, configHadErrors } = loadPluginConfigWithMeta(directory);
+    if (configHadErrors) {
+      lines.push("Config: UNREADABLE (a config file exists but could not be loaded; `full_auto.locked` cannot be verified, so runtime activation refuses by fail-closed default). Fix the config file to restore normal status.");
+    }
+    if (config3.full_auto?.locked === true) {
+      lines.push("Config: locked (runtime activation disabled via full_auto.locked)");
+    }
+  } catch {}
+  try {
+    const runState = loadFullAutoRunState(directory, sessionID);
+    const stateHealth = isFullAutoStateUnreadable();
+    if (stateHealth.unreadable) {
+      lines.push(`Durable run-state: UNREADABLE (${stateHealth.reason}). Non-read-only tools are blocked fail-closed until .swarm/full-auto-state.json (or .bak) is restored or deleted.`);
+    } else if (!runState) {
+      lines.push("Durable run-state: none (no Full-Auto run for this session)");
+    } else {
+      lines.push(`Durable run-state: ${runState.status} (mode=${runState.mode})`);
+      if (runState.pauseReason) {
+        lines.push(`Pause reason: ${runState.pauseReason}`);
+      }
+      if (runState.terminateReason) {
+        lines.push(`Terminate reason: ${runState.terminateReason}`);
+      }
+      lines.push(`Counters: ${runState.counters.toolCalls} tool calls, ${runState.counters.architectTurns} architect turns, ${runState.counters.oversightChecks} oversight checks`);
+      lines.push(`Denials: ${runState.denialCounters.consecutive} consecutive / ${runState.denialCounters.total} total`);
+      if (runState.lastOversightVerdict) {
+        lines.push(`Last oversight verdict: ${runState.lastOversightVerdict}${runState.lastOversightAt ? ` at ${runState.lastOversightAt}` : ""}`);
+      }
+    }
+  } catch (error93) {
+    lines.push(`Durable run-state: unreadable (${error93 instanceof Error ? error93.message : String(error93)})`);
+  }
+  return lines.join(`
+`);
 }
+var VALID_MODES;
 var init_full_auto = __esm(() => {
   init_config();
   init_state2();
   init_state();
   init_logger();
+  VALID_MODES = ["assisted", "supervised", "strict"];
 });
 
 // src/services/handoff-service.ts
@@ -57314,7 +57472,18 @@ function containsPathTraversal(str) {
   return false;
 }
 function containsControlChars(str) {
-  return /[\0\t\r\n]/.test(str);
+  for (const ch of str) {
+    const code = ch.codePointAt(0);
+    if (code === undefined)
+      continue;
+    if (code <= 31 || code >= 127 && code <= 159)
+      return true;
+    if (code >= 8234 && code <= 8238)
+      return true;
+    if (code >= 8294 && code <= 8297)
+      return true;
+  }
+  return false;
 }
 var init_path_security = () => {};
 
@@ -66676,9 +66845,9 @@ Subcommands:
     },
     "full-auto": {
       handler: (ctx) => handleFullAutoCommand(ctx.directory, ctx.args, ctx.sessionID),
-      description: "Toggle Full-Auto Mode for the active session [on|off]",
-      args: "on, off",
-      details: 'Toggles Full-Auto Mode which enables autonomous execution without confirmation prompts. When enabled, the architect proceeds through implementation steps automatically. Session-scoped \u2014 resets on new session. Use "on" or "off" to set explicitly, or toggle with no argument.',
+      description: "Toggle Full-Auto Mode for the active session [on [mode]|off|status]",
+      args: "on [assisted|supervised|strict], off, status",
+      details: 'First-class toggle for Full-Auto Mode \u2014 autonomous execution with the critic reviewing escalations on your behalf. No config-level enablement is required: "on" activates immediately (unless full_auto.locked is true in config), "off" disarms the run and returns the session to normal interactive operation, "status" reports the durable run state. ' + 'An optional mode after "on" overrides full_auto.mode for this run: assisted (critic consulted only on policy escalations), supervised (default \u2014 risky/high-impact actions reviewed by the critic), strict (ALL plan mutations reviewed by the critic). ' + "While active, the critic answers architect questions and reviews phase boundaries, delegations, and risky actions on your behalf; only ESCALATE_TO_HUMAN verdicts halt the run for your input. The run state is durable (.swarm/full-auto-state.json) and survives restarts; toggle with no argument flips the current state.",
       category: "utility"
     },
     "auto-proceed": {

package/dist/commands/full-auto.d.ts

@@ -1,12 +1,24 @@
 /**
  * Handles the /swarm full-auto command.
- * Toggles Full-Auto Mode on or off for the active session.
+ * First-class session toggle for Full-Auto Mode: on / off / status / bare toggle.
+ *
+ * Full-Auto no longer requires `full_auto.enabled: true` in the plugin config —
+ * the v2 hooks are always armed and gated at runtime by the durable per-session
+ * run state, so activation is a pure runtime decision (like switching permission
+ * modes in other agent CLIs). Administrators can set `full_auto.locked: true`
+ * to refuse runtime activation entirely.
+ *
+ * `on` accepts an optional mode argument (`assisted` | `supervised` | `strict`)
+ * that overrides `full_auto.mode` for this run. In every mode the critic
+ * reviews escalations on the user's behalf; `strict` routes ALL plan mutations
+ * through the critic, `supervised` (default) routes risky/high-impact actions,
+ * `assisted` only consults the critic when the deterministic policy escalates.
  *
  * In Full-Auto v2 this also creates a durable run-state record under
  * .swarm/full-auto-state.json so the permission/oversight infrastructure can
  * fail-closed across hooks and across process restarts.
  *
- * H2 fix: durable write happens BEFORE flipping the legacy
+ * H2 fix (preserved): durable write happens BEFORE flipping the legacy
  * `session.fullAutoMode` flag. If the durable write fails, the command
  * surfaces the error in its return string and does NOT enable the legacy
  * reactive intercept — preventing a silent fail-open where reactive checks
@@ -14,7 +26,7 @@
  * durable run.
  *
  * @param directory - Project directory (used to persist Full-Auto run state)
- * @param args - Optional argument: "on" | "off" | undefined (toggle behavior)
+ * @param args - "on [mode]" | "off" | "status" | undefined (toggle behavior)
  * @param sessionID - Session ID for accessing active session state
  * @returns Feedback message about Full-Auto Mode state
  */

package/dist/commands/registry.d.ts

@@ -501,9 +501,9 @@ export declare const COMMAND_REGISTRY: {
     };
     readonly 'full-auto': {
         readonly handler: (ctx: CommandContext) => Promise<string>;
-        readonly description: "Toggle Full-Auto Mode for the active session [on|off]";
-        readonly args: "on, off";
-        readonly details: "Toggles Full-Auto Mode which enables autonomous execution without confirmation prompts. When enabled, the architect proceeds through implementation steps automatically. Session-scoped — resets on new session. Use \"on\" or \"off\" to set explicitly, or toggle with no argument.";
+        readonly description: "Toggle Full-Auto Mode for the active session [on [mode]|off|status]";
+        readonly args: "on [assisted|supervised|strict], off, status";
+        readonly details: string;
         readonly category: "utility";
     };
     readonly 'auto-proceed': {

package/dist/config/loader.d.ts

@@ -1,17 +1,6 @@
 import { type PluginConfig } from './schema';
 export declare const MAX_CONFIG_FILE_BYTES = 102400;
 export { deepMerge, MAX_MERGE_DEPTH } from '../utils/merge';
-/**
- * Load plugin configuration from user and project config files.
- *
- * Config locations:
- * 1. User config: ~/.config/opencode/opencode-swarm.json
- * 2. Project config: <directory>/.opencode/opencode-swarm.json
- *
- * Project config takes precedence. Nested objects are deep-merged.
- * IMPORTANT: Raw configs are merged BEFORE Zod parsing so that
- * Zod defaults don't override explicit user values.
- */
 export declare function loadPluginConfig(directory: string): PluginConfig;
 /**
  * Internal variant of loadPluginConfig that also returns loader metadata.
@@ -21,6 +10,11 @@ export declare function loadPluginConfig(directory: string): PluginConfig;
 export declare function loadPluginConfigWithMeta(directory: string): {
     config: PluginConfig;
     loadedFromFile: boolean;
+    /** True when a config file existed but could not be loaded (corrupt JSON,
+     *  oversized, permission error). Consumers with fail-closed semantics —
+     *  e.g. the Full-Auto `locked` activation guard — must treat this as
+     *  "config unknown", not "config defaults". */
+    configHadErrors: boolean;
 };
 /**
  * Async variant of `loadPluginConfigWithMeta`. Used by the plugin entry
@@ -29,6 +23,7 @@ export declare function loadPluginConfigWithMeta(directory: string): {
 export declare function loadPluginConfigWithMetaAsync(directory: string): Promise<{
     config: PluginConfig;
     loadedFromFile: boolean;
+    configHadErrors: boolean;
 }>;
 /**
  * Load custom prompt for an agent from the prompts directory.

package/dist/config/schema.d.ts

@@ -333,6 +333,17 @@ export declare const ReviewPassesConfigSchema: z.ZodObject<{
     security_globs: z.ZodDefault<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;
 export type ReviewPassesConfig = z.infer<typeof ReviewPassesConfigSchema>;
+export declare const AutoReviewConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    trigger: z.ZodDefault<z.ZodEnum<{
+        task_completion: "task_completion";
+        phase_boundary: "phase_boundary";
+        both: "both";
+    }>>;
+    timeout_ms: z.ZodDefault<z.ZodNumber>;
+    max_diff_kb: z.ZodDefault<z.ZodNumber>;
+}, z.core.$strip>;
+export type AutoReviewConfig = z.infer<typeof AutoReviewConfigSchema>;
 export declare const AdversarialDetectionConfigSchema: z.ZodObject<{
     enabled: z.ZodDefault<z.ZodBoolean>;
     policy: z.ZodDefault<z.ZodEnum<{
@@ -1392,6 +1403,16 @@ export declare const PluginConfigSchema: z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
         skip_in_turbo: z.ZodDefault<z.ZodBoolean>;
     }, z.core.$strip>>;
+    auto_review: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        trigger: z.ZodDefault<z.ZodEnum<{
+            task_completion: "task_completion";
+            phase_boundary: "phase_boundary";
+            both: "both";
+        }>>;
+        timeout_ms: z.ZodDefault<z.ZodNumber>;
+        max_diff_kb: z.ZodDefault<z.ZodNumber>;
+    }, z.core.$strip>>;
     tool_filter: z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
         overrides: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString>>>;
@@ -1858,6 +1879,7 @@ export declare const PluginConfigSchema: z.ZodObject<{
     version_check: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
     full_auto: z.ZodDefault<z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodBoolean>;
+        locked: z.ZodDefault<z.ZodBoolean>;
         critic_model: z.ZodOptional<z.ZodString>;
         max_interactions_per_phase: z.ZodDefault<z.ZodNumber>;
         deadlock_threshold: z.ZodDefault<z.ZodNumber>;

package/dist/full-auto/state.d.ts

@@ -88,6 +88,18 @@ export declare function startFullAutoRun(directory: string, sessionID: string, c
     taskID?: string;
 }): FullAutoRunState;
 export declare function pauseFullAutoRun(directory: string, sessionID: string, reason: string): FullAutoRunState | undefined;
+/**
+ * Disarm a Full-Auto run in response to an explicit user `off`.
+ *
+ * Unlike `pauseFullAutoRun` / `terminateFullAutoRun` (system-initiated halts
+ * that fail-closed-block non-read-only tools until the user re-enables),
+ * disarming returns the session to normal interactive operation: the record
+ * transitions to `'idle'`, which every enforcement path treats as
+ * "no active Full-Auto run". Counters and denial history are preserved for
+ * audit. (Adversarial review F3: `off` must not be a one-way door into a
+ * write-blocked session.)
+ */
+export declare function disarmFullAutoRun(directory: string, sessionID: string, reason: string): FullAutoRunState | undefined;
 export declare function terminateFullAutoRun(directory: string, sessionID: string, reason: string): FullAutoRunState | undefined;
 export declare function isFullAutoRunActive(directory: string, sessionID: string): boolean;
 export type FullAutoCounterKey = keyof FullAutoCounters;