Skip to content

Releases: unohee/OpenSwarm

v0.17.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 04:52
526d776

Added

  • Same-project parallel agents — the daemon can now run multiple agents on one project concurrently. The DecisionEngine's hard "one task per project per cycle" rule (whose justifying comment was stale) is replaced by round-robin selection: every pass adds at most one task per project, so no project monopolizes the slots, and later passes fill the remaining slots from the same projects. Active only when the scheduler can actually isolate the runs (allowSameProjectConcurrent + worktreeMode); file-overlapping tasks within a project are still deferred by the knowledge-graph conflict detection — which this change finally exercises (it was dead code). Verified live: 4 tasks from one project running in parallel worktrees. (INT-2318)

Changed

  • Per-project 5h task cap removed — the rolling-window cap (dailyTaskCap, default 6) silently stalled a project after a productive burst (throttled with an idle scheduler and no error). Like the previously-removed global pace gate, throughput is now governed only by the cron schedule and the Linear rate limiter. Completion records (daily-pace.json) are kept as cost/throughput telemetry. The dailyTaskCap config field is gone; stale keys in existing configs are ignored. (INT-2317)

Fixed

  • Vendored dirs no longer poison conflict detection — with same-project parallelism live, the KG conflict detector deferred 4/5 tasks as "conflicting" via vendored google-cloud-sdk/ files (a.py, run.py, api.py substring-matched every issue text). The scanner now skips vendored trees (google-cloud-sdk, third_party, vendor(s)), and issue-impact filename matching requires a whole-word boundary and ≥3 chars. A poisoned cached graph shrank 14MB → 52KB on rescan. (INT-2320)
  • Project cancellation path normalization~ expansion and relative-path resolution before the exact-or-descendant match, plus a fix for a latent traversal bypass (/dev/WAVE/../WAVE-next was cancelled by disabling /dev/WAVE). Thanks to @ag-linden. (#192) An empty/blank cancellation path now cancels nothing instead of resolving to the daemon's cwd. (#197)

v0.16.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 01:53
3e1acc1

Security

  • taskState store hardened — prototype-pollution-safe task map (null-prototype via schema preprocess), fail-closed on a corrupt persisted state file (no silent overwrite), Linear sync-comment trust filter (marker/prefix + author allowlist, OPENSWARM_TASK_STATE_TRUSTED_COMMENT_USERS for extras) with an issueId mismatch guard against cross-issue poisoning. (INT-2316)
  • Telemetry privacy tightenedcommand/adapter/event labels are sanitized to a strict token shape so dynamic strings can never leak paths or prompt text; installId is shape-validated; the send timeout is unref'd so fire-and-forget telemetry cannot keep the process alive. (INT-2316)
  • Web dashboard auth: linear-time bearer parse — replaced a polynomially-backtracking Bearer header regex (CodeQL js/polynomial-redos) with a regex-free parse. (INT-2316)
  • BS detector catches env-fallback secretsprocess.env.X || "hardcoded-secret" is now flagged (any line mentioning process.env used to be excluded wholesale). (INT-2316)

Changed

  • Audit hardening batch landed — two full-codebase openswarm review --max --fix passes (~130 files) applied per-area fixes: R5 Linear reconcile extended to done→reopened transitions, fix-loop worker errors surfaced (all-failed round stops early), readOnly adapter option plumbed through the tool layer, locale key coverage, GraphQL resolver and memory-ops cleanups — plus 13 new test files (suite 1326 → 1389). (INT-2316)

v0.15.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 01:17
1027258

Added

  • openswarm fix is now multi-language — check resolution auto-detects the project's ecosystem instead of requiring package.json scripts. First non-empty source wins: an explicit "checks" map in openswarm.json (key → shell command — the escape hatch for any language and for mixed repos), package.json scripts, Cargo.toml (Rust: cargo check --all-targets + cargo test by default; clippy/build via --checks lint,build), or Python markers (ruff check . / mypy . / pytest, each included only when the repo is configured for the tool; --checks bypasses the gating). Previously Rust/Python projects always exited with No checks resolved. (INT-2303)

v0.14.0

Choose a tag to compare

@github-actions github-actions released this 01 Jul 08:18
a6b10e1

Added

  • Auto-release on version bump — a push to main that changes package.json now runs the gate (lint / typecheck / build) and automatically publishes to npm + tags + creates a GitHub release (notes sliced from this file). The release flow is just "merge a version-bump PR". Idempotent. Requires a repo secret NPM_TOKEN. (INT-2270)
  • CLI update notifier — when the running version is behind npm's latest, the CLI prints a two-line "update available" notice. 24h cached (~/.openswarm/update-check.json) so it's near-instant and non-blocking; skips non-TTY / CI / --version / NO_UPDATE_NOTIFIER. (INT-2270)

Changed

  • checkHandler colors unified onto the shared NO_COLOR/TTY-safe helper (src/support/colors), finishing the CLI/TUI status-consistency work — ~108 hand-rolled ANSI sites now go through c / status. Output is byte-identical when piped. (INT-2260)
  • CI test job promoted to a hard gate (the suite is green), and lint is now warning-free (36 → 0).

Fixed

  • Stale service.test.ts provider-override tests — the reapply lives inside the autonomous-start block; the tests drove it with a non-autonomous config. Fixed → the full suite is green (1315 passing). (INT-2271)
  • postbuild chmod +x dist/cli.js — a clean rm -rf dist && build no longer leaves the global CLI unexecutable ("permission denied").

v0.13.0 — CLI agent runs grow repo knowledge

Choose a tag to compare

@unohee unohee released this 01 Jul 04:56
1478132

Added

  • CLI agent runs now grow the per-repo knowledge memoryopenswarm run, openswarm fix, and openswarm review --max record into repo knowledge (previously only the autonomous daemon did), so a standalone run makes the codebase memory grow and gets recalled into the next worker/reviewer prompt. run records the task outcome (success pattern / review-rejection pitfall), fix records what made the checks pass, and review --max records the verdict + top follow-ups as one capped constraint (≤10, so hundreds of findings can't flood the memory). Default on; --no-learn opts out per command. (INT-2268)

npm i -g @intrect/openswarm@0.13.0

v0.12.0 — openswarm fix (CI/test gate fan-out auto-fix)

Choose a tag to compare

@unohee unohee released this 01 Jul 04:17
7843991

Added

  • openswarm fix — brings review --max's fan-out to the objective checks. Runs the project's checks (lint / typecheck / build / test from package.json; --checks to subset), groups failures by file into areas, fans a fix-worker out over each area, then re-runs the checks until green (or the --rounds budget, default 3). Edits land in the working tree — you review the diff. Unlike review --max --fix, the deterministic checks let the loop verify its own work and converge; it stops on no-progress and exits non-zero while red. --concurrency <n>, --adapter <name>. (INT-2267)

npm i -g @intrect/openswarm@0.12.0

v0.11.0 — review --max --fix, saturating audit, unified status UI

Choose a tag to compare

@unohee unohee released this 01 Jul 03:30
9b3fefc

Wider, faster codebase audits — the audit can now fix what it finds — plus a unified CLI/TUI status design.

Added

  • review --max --fix — after the audit, a worker per flagged (revise/reject) area applies the reviewer's findings to its files. Edits land in the working tree only (no commit, no re-review) so you review the diff first. Same --concurrency as the review. (INT-2249)
  • Concurrency-saturating area distribution — a 2-directory repo used only 2 reviewer subagents even at --concurrency 8; areas now auto-split until the fan-out fills the pool (floored at one file/area), no-op when the directory partition already saturates it. (INT-2249)

Changed

  • Unified CLI/TUI status design — glyphs (◐ ✓ ✗ ⚠ ✎) and the braille spinner are single-sourced and consumed by both the Ink TUI and plain console output. The worker now shows the same animated spinner heartbeat as the reviewer (was static), review --max verdict/--fix output is colored consistently (ANSI-free when piped / NO_COLOR), and drifting glyphs + duplicate spinner sets are collapsed. (INT-2260)
  • Multi-lens reviewer removed — a synthetic planted-defect A/B showed zero detection uplift over the single reviewer and complete lens overlap, so the 3× cost bought nothing. Reproducible harness at benchmarks/reviewLensAB.ts. (INT-2230)

Fixed

  • Project cancellation no longer aborts sibling paths — disabling /dev/WAVE could abort a task under /dev/WAVE-next; now matches the exact or a real descendant path only. Thanks @ag-linden. (#182)

npm i -g @intrect/openswarm@0.11.0

v0.10.2 — review --max is language-agnostic

Choose a tag to compare

@unohee unohee released this 30 Jun 15:18
3038ae8

Patch: review --max now works on any language, not just JS/TS/Python.

Fixed

  • No production source files to audit on Rust/Go/JVM/C/… reposSOURCE_EXTENSIONS only knew JS/TS/Python. Now covers Rust, Go, JVM (Java/Kotlin/Scala/Groovy), C/C++/C#, Ruby, PHP, Swift, Obj-C, Elixir, Clojure, OCaml, Haskell, Dart, Lua, Julia, Zig, Nim — with language test-file exclusions and build dirs (target/, pycache, …). Verified on a real Rust repo. (INT-2240)

npm: @intrect/openswarm@0.10.2.

v0.10.1 — PM synthesis JSON + orphan-issue fixes

Choose a tag to compare

@unohee unohee released this 30 Jun 15:09
70896a5

Patch for two bugs found running review --max on a real repo.

Fixed

  • PM synthesis JSON parsing — codex-responses emits the ```json block as an escaped JSON string (literal \n / "), which raw JSON.parse rejected, so synthesis produced no issues. Now decodes escaped JSON before parsing. (INT-2239)
  • Orphan audit issue — warn (with a pointer to openswarm add) when a repo has no openswarm.json project mapping, instead of silently filing the master issue without a project. (INT-2239)

npm: @intrect/openswarm@0.10.1.

v0.10.0 — review pipeline, session persistence, daemon/TUI fixes

Choose a tag to compare

@unohee unohee released this 30 Jun 14:20
75a420e

Full-codebase review pipeline (multi-agent audit → report → PM triage → Linear), chat session persistence, and a batch of daemon / TUI / adapter fixes.

Added

  • review --max — full-codebase audit fanning reviewer subagents over areas (area isolation + dedup), markdown report at .openswarm/audit/, and PM-synthesized Linear issues by default (master + ≤10 cohesive sub-issues, not one-per-follow-up). --no-linear, --issues-per-area, --fallback, --out.
  • Codex usage-limit handling + automatic claude fallback (Claude subscription).
  • Chat session persistence + openswarm resume; /goal clear.
  • Execution cwd context; daemon project-selection persistence; planner rich-markdown sub-tasks; edit_file fuzzy fallback.

Fixed

  • Daemon kept running after disabling all projects.
  • Multi-team config createIssue ("teamId must be a UUID").
  • Ink TUI color consistency; Hangul input doubling; STUCK infra-error counting; Linear overview doubling.

npm: @intrect/openswarm@0.10.0. Full notes in CHANGELOG.md.