opencode-swarm 7.82.2 → 7.84.0

package/dist/cli/index-e7h9bb6v.js

@@ -0,0 +1,233 @@
+// @bun
+import {
+  atomicWriteFile,
+  taskEvidencePath,
+  withTaskEvidenceLock
+} from "./index-fjwwrwr5.js";
+import {
+  exports_external
+} from "./index-293f68mj.js";
+import {
+  telemetry
+} from "./index-p0ye10nd.js";
+
+// src/gate-evidence.ts
+import { mkdirSync, readFileSync, realpathSync } from "fs";
+import * as path from "path";
+
+// src/validation/task-id.ts
+var STRICT_TASK_ID_PATTERN = /^\d+\.\d+(\.\d+)*$/;
+var RETRO_TASK_ID_REGEX = /^retro-\d+$/;
+var INTERNAL_TOOL_ID_REGEX = /^(?:sast_scan|quality_budget|syntax_check|placeholder_scan|sbom_generate|build|secretscan)$/;
+var GENERAL_TASK_ID_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9._-]*$/;
+function checkUnsafeChars(taskId) {
+  if (!taskId || taskId.length === 0) {
+    return "Invalid task ID: empty string";
+  }
+  if (/\0/.test(taskId)) {
+    return "Invalid task ID: contains null bytes";
+  }
+  for (let i = 0;i < taskId.length; i++) {
+    if (taskId.charCodeAt(i) < 32) {
+      return "Invalid task ID: contains control characters";
+    }
+  }
+  if (taskId.includes("..") || taskId.includes("/") || taskId.includes("\\")) {
+    return "Invalid task ID: path traversal detected";
+  }
+  return;
+}
+function isStrictTaskId(taskId) {
+  if (!taskId)
+    return false;
+  const unsafeMsg = checkUnsafeChars(taskId);
+  if (unsafeMsg)
+    return false;
+  return STRICT_TASK_ID_PATTERN.test(taskId);
+}
+function assertStrictTaskId(taskId) {
+  if (!isStrictTaskId(taskId)) {
+    throw new Error(`Invalid taskId: "${taskId}". Must match N.M or N.M.P (e.g. "1.1", "1.2.3").`);
+  }
+}
+function sanitizeTaskId(taskId) {
+  const unsafeMsg = checkUnsafeChars(taskId);
+  if (unsafeMsg) {
+    throw new Error(unsafeMsg);
+  }
+  if (STRICT_TASK_ID_PATTERN.test(taskId) || RETRO_TASK_ID_REGEX.test(taskId) || INTERNAL_TOOL_ID_REGEX.test(taskId) || GENERAL_TASK_ID_REGEX.test(taskId)) {
+    return taskId;
+  }
+  throw new Error(`Invalid task ID: must be alphanumeric (ASCII) with optional hyphens, underscores, or dots, got "${taskId}"`);
+}
+
+// src/gate-evidence.ts
+var GateEvidenceSchema = exports_external.object({
+  sessionId: exports_external.string(),
+  timestamp: exports_external.string(),
+  agent: exports_external.string()
+}).passthrough();
+var TaskEvidenceSchema = exports_external.object({
+  taskId: exports_external.string(),
+  required_gates: exports_external.array(exports_external.string()).default([]),
+  gates: exports_external.record(exports_external.string(), GateEvidenceSchema),
+  turbo: exports_external.boolean().optional()
+});
+var DEFAULT_REQUIRED_GATES = ["reviewer", "test_engineer"];
+function isValidTaskId(taskId) {
+  return isStrictTaskId(taskId);
+}
+function assertValidTaskId(taskId) {
+  assertStrictTaskId(taskId);
+}
+function deriveRequiredGates(agentType) {
+  switch (agentType) {
+    case "coder":
+      return ["reviewer", "test_engineer"];
+    case "docs":
+      return ["docs"];
+    case "designer":
+      return ["designer", "reviewer", "test_engineer"];
+    case "explorer":
+      return ["explorer"];
+    case "sme":
+      return ["sme"];
+    case "reviewer":
+      return ["reviewer"];
+    case "test_engineer":
+      return ["test_engineer"];
+    case "critic":
+      return ["critic"];
+    case "critic_sounding_board":
+      return ["critic_sounding_board"];
+    case "critic_drift_verifier":
+      return ["critic_drift_verifier"];
+    case "critic_hallucination_verifier":
+      return ["critic_hallucination_verifier"];
+    case "critic_architecture_supervisor":
+      return ["critic_architecture_supervisor"];
+    default:
+      return ["reviewer", "test_engineer"];
+  }
+}
+function expandRequiredGates(existingGates, newAgentType) {
+  const newGates = deriveRequiredGates(newAgentType);
+  const combined = [...new Set([...existingGates ?? [], ...newGates])];
+  return combined.sort();
+}
+function getEvidenceDir(directory) {
+  const swarmDir = path.resolve(directory, ".swarm");
+  const evidenceDir = path.join(swarmDir, "evidence");
+  mkdirSync(evidenceDir, { recursive: true });
+  let resolvedSwarmDir;
+  let resolvedEvidenceDir;
+  try {
+    resolvedSwarmDir = path.normalize(realpathSync(swarmDir));
+    resolvedEvidenceDir = path.normalize(realpathSync(evidenceDir));
+  } catch (error) {
+    throw new Error(`Unable to resolve evidence directory: ${error.message}`);
+  }
+  const swarmPrefix = `${resolvedSwarmDir}${path.sep}`;
+  const withinSwarmBoundary = process.platform === "win32" ? resolvedEvidenceDir.toLowerCase().startsWith(swarmPrefix.toLowerCase()) : resolvedEvidenceDir.startsWith(swarmPrefix);
+  if (!withinSwarmBoundary) {
+    throw new Error(`Evidence path escapes .swarm boundary: ${resolvedEvidenceDir}`);
+  }
+  return resolvedEvidenceDir;
+}
+function getEvidencePath(directory, taskId) {
+  assertValidTaskId(taskId);
+  return taskEvidencePath(directory, taskId);
+}
+function readExisting(evidencePath, taskId) {
+  try {
+    const raw = readFileSync(evidencePath, "utf-8");
+    return TaskEvidenceSchema.parse(JSON.parse(raw));
+  } catch (error) {
+    if (error.code === "ENOENT")
+      return null;
+    telemetry.gateParseError(taskId, error);
+    throw error;
+  }
+}
+async function recordGateEvidence(directory, taskId, gate, sessionId, turbo) {
+  assertValidTaskId(taskId);
+  await withTaskEvidenceLock(directory, taskId, gate, async () => {
+    const resolvedEvidenceDir = getEvidenceDir(directory);
+    const evidencePath = path.join(resolvedEvidenceDir, `${taskId}.json`);
+    let existing = null;
+    try {
+      existing = readExisting(evidencePath, taskId);
+    } catch (error) {
+      telemetry.gateParseError(taskId, error);
+      throw error;
+    }
+    const requiredGates = existing ? expandRequiredGates(existing.required_gates, gate) : deriveRequiredGates(gate);
+    const updated = {
+      taskId,
+      required_gates: requiredGates,
+      turbo: turbo === true ? true : existing?.turbo,
+      gates: {
+        ...existing?.gates ?? {},
+        [gate]: {
+          sessionId,
+          timestamp: new Date().toISOString(),
+          agent: gate
+        }
+      }
+    };
+    await atomicWriteFile(evidencePath, JSON.stringify(updated, null, 2));
+  });
+  telemetry.gatePassed(sessionId, gate, taskId);
+}
+async function recordAgentDispatch(directory, taskId, agentType, turbo) {
+  assertValidTaskId(taskId);
+  await withTaskEvidenceLock(directory, taskId, agentType, async () => {
+    const resolvedEvidenceDir = getEvidenceDir(directory);
+    const evidencePath = path.join(resolvedEvidenceDir, `${taskId}.json`);
+    let existing = null;
+    try {
+      existing = readExisting(evidencePath, taskId);
+    } catch (error) {
+      telemetry.gateParseError(taskId, error);
+      throw error;
+    }
+    const requiredGates = existing ? expandRequiredGates(existing.required_gates, agentType) : deriveRequiredGates(agentType);
+    const updated = {
+      taskId,
+      required_gates: requiredGates,
+      turbo: turbo === true ? true : existing?.turbo,
+      gates: existing?.gates ?? {}
+    };
+    await atomicWriteFile(evidencePath, JSON.stringify(updated, null, 2));
+  });
+}
+async function readTaskEvidence(directory, taskId) {
+  try {
+    assertValidTaskId(taskId);
+    return readExisting(getEvidencePath(directory, taskId), taskId);
+  } catch {
+    return null;
+  }
+}
+function readTaskEvidenceRaw(directory, taskId) {
+  assertValidTaskId(taskId);
+  const evidencePath = getEvidencePath(directory, taskId);
+  try {
+    const raw = readFileSync(evidencePath, "utf-8");
+    return TaskEvidenceSchema.parse(JSON.parse(raw));
+  } catch (error) {
+    if (error.code === "ENOENT")
+      return null;
+    throw error;
+  }
+}
+async function hasPassedAllGates(directory, taskId) {
+  const evidence = await readTaskEvidence(directory, taskId);
+  if (!evidence)
+    return false;
+  if (!Array.isArray(evidence.required_gates) || evidence.required_gates.length === 0)
+    return false;
+  return evidence.required_gates.every((gate) => evidence.gates[gate] != null);
+}
+
+export { sanitizeTaskId, DEFAULT_REQUIRED_GATES, isValidTaskId, deriveRequiredGates, expandRequiredGates, recordGateEvidence, recordAgentDispatch, readTaskEvidence, readTaskEvidenceRaw, hasPassedAllGates };