opencode-swarm 7.83.0 → 7.85.0

package/dist/cli/workspace-snapshot-w58jr2ga.js

@@ -0,0 +1,90 @@
+// @bun
+import"./index-a76rekgs.js";
+
+// src/background/workspace-snapshot.ts
+import * as child_process from "child_process";
+import { createHash } from "crypto";
+import * as path from "path";
+var GIT_SNAPSHOT_TIMEOUT_MS = 3000;
+var GIT_SNAPSHOT_MAX_BUFFER = 512 * 1024;
+function runGit(directory, args) {
+  const result = _internals.spawnSync("git", ["-C", directory, ...args], {
+    cwd: directory,
+    encoding: "utf-8",
+    timeout: GIT_SNAPSHOT_TIMEOUT_MS,
+    maxBuffer: GIT_SNAPSHOT_MAX_BUFFER,
+    stdio: ["ignore", "pipe", "pipe"]
+  });
+  if (result.error || result.status !== 0)
+    return null;
+  return typeof result.stdout === "string" ? result.stdout.trimEnd() : null;
+}
+function captureWorkspaceSnapshot(directory, optionsOrScope = null, prHeadShaArg = null) {
+  const scope = typeof optionsOrScope === "object" && optionsOrScope !== null ? optionsOrScope.scope ?? null : optionsOrScope;
+  const prHeadSha = (() => {
+    if (typeof optionsOrScope !== "object" || optionsOrScope === null) {
+      return prHeadShaArg;
+    }
+    if (optionsOrScope.resolveCurrentPrHeadSha) {
+      return runGit(directory, ["rev-parse", "@{upstream}"]);
+    }
+    return optionsOrScope.prHeadSha ?? null;
+  })();
+  const gitHead = runGit(directory, ["rev-parse", "HEAD"]);
+  const porcelain = runGit(directory, [
+    "status",
+    "--porcelain=v1",
+    "--untracked-files=all"
+  ]);
+  return {
+    directory: path.resolve(directory),
+    gitHead,
+    dirtyHash: porcelain === null ? null : digest(porcelain),
+    prHeadSha,
+    scope
+  };
+}
+function workspaceSnapshotMatches(expected, current) {
+  if (!expected)
+    return { ok: true };
+  if (path.resolve(expected.directory) !== path.resolve(current.directory)) {
+    return {
+      ok: false,
+      reason: `directory changed: expected ${expected.directory}, got ${current.directory}`
+    };
+  }
+  const checks = ["gitHead", "dirtyHash", "prHeadSha"];
+  for (const key of checks) {
+    const expectedValue = expected[key];
+    if (expectedValue === null)
+      continue;
+    if (current[key] !== expectedValue) {
+      return {
+        ok: false,
+        reason: `${key} changed: expected ${expectedValue}, got ${current[key] ?? "unknown"}`
+      };
+    }
+  }
+  return { ok: true };
+}
+var compareWorkspaceSnapshot = workspaceSnapshotMatches;
+function compareWorkspaceSnapshots(expected, current) {
+  const result = workspaceSnapshotMatches(expected, current);
+  if (result.ok)
+    return { stale: false };
+  return { stale: true, reason: result.reason };
+}
+function digest(text) {
+  return createHash("sha256").update(text).digest("hex");
+}
+var _internals = {
+  spawnSync: child_process.spawnSync
+};
+export {
+  workspaceSnapshotMatches,
+  digest,
+  compareWorkspaceSnapshots,
+  compareWorkspaceSnapshot,
+  captureWorkspaceSnapshot,
+  _internals
+};

package/dist/commands/guardrail-explain.d.ts

@@ -0,0 +1 @@
+export { handleGuardrailExplain } from '../services/guardrail-explain-service';

package/dist/commands/guardrail-log.d.ts

@@ -0,0 +1 @@
+export { handleGuardrailLog } from '../services/guardrail-log-service';

package/dist/commands/index.d.ts

@@ -26,6 +26,8 @@ export { handleDoctorCommand } from './doctor';
 export { handleEvidenceCommand, handleEvidenceSummaryCommand, } from './evidence';
 export { handleExportCommand } from './export';
 export { handleFullAutoCommand } from './full-auto';
+export { handleGuardrailExplain } from './guardrail-explain';
+export { handleGuardrailLog } from './guardrail-log';
 export { handleHandoffCommand } from './handoff';
 export { handleHistoryCommand } from './history';
 export { handleKnowledgeListCommand, handleKnowledgeMigrateCommand, handleKnowledgeQuarantineCommand, handleKnowledgeRestoreCommand, handleKnowledgeRetryHardeningCommand, handleKnowledgeUnactionableCommand, } from './knowledge';

package/dist/commands/registry.d.ts

@@ -168,6 +168,20 @@ export declare const COMMAND_REGISTRY: {
         readonly aliasOf: "diagnose";
         readonly deprecated: true;
     };
+    readonly 'guardrail explain': {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "Dry-run: show what the guardrails would do to a command or write target (executes nothing)";
+        readonly category: "diagnostics";
+        readonly toolPolicy: "agent";
+        readonly toolNoArgs: false;
+    };
+    readonly 'guardrail-log': {
+        readonly handler: (ctx: CommandContext) => Promise<string>;
+        readonly description: "Read the guardrail decision log (use --blocks-only for blocks)";
+        readonly category: "diagnostics";
+        readonly toolPolicy: "agent";
+        readonly toolNoArgs: false;
+    };
     readonly preflight: {
         readonly handler: (ctx: CommandContext) => Promise<string>;
         readonly description: "Run preflight automation checks";

package/dist/hooks/guardrails/audit-log.d.ts

@@ -0,0 +1,114 @@
+/**
+ * Unified Guardrail Decision Audit Log
+ *
+ * Additive JSONL schema for guardrail decisions. Each append writes one
+ * validated JSON line to the configured audit path under `.swarm/session/`.
+ *
+ * The existing shell audit entry shape is preserved byte-for-byte when
+ * `type: 'shell'` is used (fields: ts, sessionID, agent, tool, command).
+ *
+ * Path redaction: there is no cross-cutting path-redaction helper in this
+ * module today. Callers MAY pass a pre-redacted path via `redactPath(...)`
+ * before constructing the entry; the module itself does not mutate path
+ * strings beyond normalizing separators. Future hardening: add a shared
+ * path-redaction utility and call it here.
+ */
+import * as fs from 'node:fs/promises';
+export declare const _internals: {
+    mkdir: typeof fs.mkdir;
+    appendFile: typeof fs.appendFile;
+};
+/**
+ * Discriminated union of guardrail decision types.
+ *
+ * Invariants:
+ * - `ts` is an ISO-8601 datetime string.
+ * - `sessionID` is the swarm session identifier.
+ * - `agent` is the role string (e.g. "architect", "coder").
+ * - `tool` is the original tool name as invoked.
+ */
+export type GuardrailDecisionType = 'shell' | 'file_write' | 'scope_violation' | 'destructive_block' | 'sandbox_wrap' | 'sandbox_skip';
+export interface ShellDecision {
+    type: 'shell';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    command: string;
+}
+export interface FileWriteDecision {
+    type: 'file_write';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    path: string;
+    reason: string;
+    resolvedScope: string;
+}
+export interface ScopeViolationDecision {
+    type: 'scope_violation';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    path: string;
+    declaredScope: string;
+    resolvedScope: string;
+    action: string;
+}
+export interface DestructiveBlockDecision {
+    type: 'destructive_block';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    command: string;
+    destructiveCategory: string;
+}
+export interface SandboxWrapDecision {
+    type: 'sandbox_wrap';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    command: string;
+    executorMechanism: string;
+}
+export interface SandboxSkipDecision {
+    type: 'sandbox_skip';
+    ts: string;
+    sessionID: string;
+    agent: string;
+    tool: string;
+    command: string;
+    executorMechanism: string;
+    skipReason: string;
+}
+export type GuardrailDecisionEntry = ShellDecision | FileWriteDecision | ScopeViolationDecision | DestructiveBlockDecision | SandboxWrapDecision | SandboxSkipDecision;
+/**
+ * Best-effort path redaction for audit logs.
+ *
+ * Replaces leading home/profile segments with a tilde placeholder so
+ * absolute paths do not leak user-specific directory names.
+ *
+ * This is intentionally minimal — callers remain responsible for
+ * stripping any domain-specific secrets that may appear in path segments.
+ */
+export declare function redactPath(filePath: string): string;
+export interface AppendGuardrailDecisionOptions {
+    auditPath: string;
+    enabled: boolean;
+}
+/**
+ * Append a validated guardrail decision entry to the JSONL audit log.
+ *
+ * - Writes exactly one JSON line per call (`JSON.stringify(entry) + '\n'`).
+ * - Skips silently when `enabled` is false.
+ * - Skips malformed entries after debug logging; never throws.
+ * - `.swarm/` containment is enforced by the caller-supplied `auditPath`.
+ *
+ * @param entry Decision entry to persist.
+ * @param ctx Audit destination and enablement flag.
+ */
+export declare function appendGuardrailDecision(entry: GuardrailDecisionEntry, ctx: AppendGuardrailDecisionOptions): Promise<void>;