Releases: unohee/OpenSwarm
Releases · unohee/OpenSwarm
Release list
v0.17.0
Added
- Same-project parallel agents — the daemon can now run multiple agents on one project concurrently. The DecisionEngine's hard "one task per project per cycle" rule (whose justifying comment was stale) is replaced by round-robin selection: every pass adds at most one task per project, so no project monopolizes the slots, and later passes fill the remaining slots from the same projects. Active only when the scheduler can actually isolate the runs (
allowSameProjectConcurrent+worktreeMode); file-overlapping tasks within a project are still deferred by the knowledge-graph conflict detection — which this change finally exercises (it was dead code). Verified live: 4 tasks from one project running in parallel worktrees. (INT-2318)
Changed
- Per-project 5h task cap removed — the rolling-window cap (
dailyTaskCap, default 6) silently stalled a project after a productive burst (throttled with an idle scheduler and no error). Like the previously-removed global pace gate, throughput is now governed only by the cron schedule and the Linear rate limiter. Completion records (daily-pace.json) are kept as cost/throughput telemetry. ThedailyTaskCapconfig field is gone; stale keys in existing configs are ignored. (INT-2317)
Fixed
- Vendored dirs no longer poison conflict detection — with same-project parallelism live, the KG conflict detector deferred 4/5 tasks as "conflicting" via vendored
google-cloud-sdk/files (a.py,run.py,api.pysubstring-matched every issue text). The scanner now skips vendored trees (google-cloud-sdk,third_party,vendor(s)), and issue-impact filename matching requires a whole-word boundary and ≥3 chars. A poisoned cached graph shrank 14MB → 52KB on rescan. (INT-2320) - Project cancellation path normalization —
~expansion and relative-path resolution before the exact-or-descendant match, plus a fix for a latent traversal bypass (/dev/WAVE/../WAVE-nextwas cancelled by disabling/dev/WAVE). Thanks to @ag-linden. (#192) An empty/blank cancellation path now cancels nothing instead of resolving to the daemon's cwd. (#197)
v0.16.0
Security
- taskState store hardened — prototype-pollution-safe task map (null-prototype via schema preprocess), fail-closed on a corrupt persisted state file (no silent overwrite), Linear sync-comment trust filter (marker/prefix + author allowlist,
OPENSWARM_TASK_STATE_TRUSTED_COMMENT_USERSfor extras) with an issueId mismatch guard against cross-issue poisoning. (INT-2316) - Telemetry privacy tightened —
command/adapter/eventlabels are sanitized to a strict token shape so dynamic strings can never leak paths or prompt text;installIdis shape-validated; the send timeout is unref'd so fire-and-forget telemetry cannot keep the process alive. (INT-2316) - Web dashboard auth: linear-time bearer parse — replaced a polynomially-backtracking
Bearerheader regex (CodeQLjs/polynomial-redos) with a regex-free parse. (INT-2316) - BS detector catches env-fallback secrets —
process.env.X || "hardcoded-secret"is now flagged (any line mentioningprocess.envused to be excluded wholesale). (INT-2316)
Changed
- Audit hardening batch landed — two full-codebase
openswarm review --max --fixpasses (~130 files) applied per-area fixes: R5 Linear reconcile extended to done→reopened transitions, fix-loop worker errors surfaced (all-failed round stops early),readOnlyadapter option plumbed through the tool layer, locale key coverage, GraphQL resolver and memory-ops cleanups — plus 13 new test files (suite 1326 → 1389). (INT-2316)
v0.15.0
Added
openswarm fixis now multi-language — check resolution auto-detects the project's ecosystem instead of requiringpackage.jsonscripts. First non-empty source wins: an explicit"checks"map inopenswarm.json(key → shell command — the escape hatch for any language and for mixed repos),package.jsonscripts,Cargo.toml(Rust:cargo check --all-targets+cargo testby default;clippy/buildvia--checks lint,build), or Python markers (ruff check ./mypy ./pytest, each included only when the repo is configured for the tool;--checksbypasses the gating). Previously Rust/Python projects always exited withNo checks resolved. (INT-2303)
v0.14.0
Added
- Auto-release on version bump — a push to
mainthat changespackage.jsonnow runs the gate (lint / typecheck / build) and automatically publishes to npm + tags + creates a GitHub release (notes sliced from this file). The release flow is just "merge a version-bump PR". Idempotent. Requires a repo secretNPM_TOKEN. (INT-2270) - CLI update notifier — when the running version is behind npm's latest, the CLI prints a two-line "update available" notice. 24h cached (
~/.openswarm/update-check.json) so it's near-instant and non-blocking; skips non-TTY / CI /--version/NO_UPDATE_NOTIFIER. (INT-2270)
Changed
checkHandlercolors unified onto the shared NO_COLOR/TTY-safe helper (src/support/colors), finishing the CLI/TUI status-consistency work — ~108 hand-rolled ANSI sites now go throughc/status. Output is byte-identical when piped. (INT-2260)- CI
testjob promoted to a hard gate (the suite is green), and lint is now warning-free (36 → 0).
Fixed
- Stale
service.test.tsprovider-override tests — the reapply lives inside the autonomous-start block; the tests drove it with a non-autonomous config. Fixed → the full suite is green (1315 passing). (INT-2271) postbuildchmod +x dist/cli.js— a cleanrm -rf dist && buildno longer leaves the global CLI unexecutable ("permission denied").
v0.13.0 — CLI agent runs grow repo knowledge
Added
- CLI agent runs now grow the per-repo knowledge memory —
openswarm run,openswarm fix, andopenswarm review --maxrecord into repo knowledge (previously only the autonomous daemon did), so a standalone run makes the codebase memory grow and gets recalled into the next worker/reviewer prompt.runrecords the task outcome (success pattern / review-rejection pitfall),fixrecords what made the checks pass, andreview --maxrecords the verdict + top follow-ups as one capped constraint (≤10, so hundreds of findings can't flood the memory). Default on;--no-learnopts out per command. (INT-2268)
npm i -g @intrect/openswarm@0.13.0
v0.12.0 — openswarm fix (CI/test gate fan-out auto-fix)
Added
openswarm fix— bringsreview --max's fan-out to the objective checks. Runs the project's checks (lint / typecheck / build / test frompackage.json;--checksto subset), groups failures by file into areas, fans a fix-worker out over each area, then re-runs the checks until green (or the--roundsbudget, default 3). Edits land in the working tree — you review the diff. Unlikereview --max --fix, the deterministic checks let the loop verify its own work and converge; it stops on no-progress and exits non-zero while red.--concurrency <n>,--adapter <name>. (INT-2267)
npm i -g @intrect/openswarm@0.12.0
v0.11.0 — review --max --fix, saturating audit, unified status UI
Wider, faster codebase audits — the audit can now fix what it finds — plus a unified CLI/TUI status design.
Added
review --max --fix— after the audit, a worker per flagged (revise/reject) area applies the reviewer's findings to its files. Edits land in the working tree only (no commit, no re-review) so you review the diff first. Same--concurrencyas the review. (INT-2249)- Concurrency-saturating area distribution — a 2-directory repo used only 2 reviewer subagents even at
--concurrency 8; areas now auto-split until the fan-out fills the pool (floored at one file/area), no-op when the directory partition already saturates it. (INT-2249)
Changed
- Unified CLI/TUI status design — glyphs (
◐ ✓ ✗ ⚠ ✎) and the braille spinner are single-sourced and consumed by both the Ink TUI and plain console output. The worker now shows the same animated spinner heartbeat as the reviewer (was static),review --maxverdict/--fixoutput is colored consistently (ANSI-free when piped /NO_COLOR), and drifting glyphs + duplicate spinner sets are collapsed. (INT-2260) - Multi-lens reviewer removed — a synthetic planted-defect A/B showed zero detection uplift over the single reviewer and complete lens overlap, so the 3× cost bought nothing. Reproducible harness at
benchmarks/reviewLensAB.ts. (INT-2230)
Fixed
- Project cancellation no longer aborts sibling paths — disabling
/dev/WAVEcould abort a task under/dev/WAVE-next; now matches the exact or a real descendant path only. Thanks @ag-linden. (#182)
npm i -g @intrect/openswarm@0.11.0
v0.10.2 — review --max is language-agnostic
Patch: review --max now works on any language, not just JS/TS/Python.
Fixed
No production source files to auditon Rust/Go/JVM/C/… repos —SOURCE_EXTENSIONSonly knew JS/TS/Python. Now covers Rust, Go, JVM (Java/Kotlin/Scala/Groovy), C/C++/C#, Ruby, PHP, Swift, Obj-C, Elixir, Clojure, OCaml, Haskell, Dart, Lua, Julia, Zig, Nim — with language test-file exclusions and build dirs (target/, pycache, …). Verified on a real Rust repo. (INT-2240)
npm: @intrect/openswarm@0.10.2.
v0.10.1 — PM synthesis JSON + orphan-issue fixes
Patch for two bugs found running review --max on a real repo.
Fixed
- PM synthesis JSON parsing — codex-responses emits the ```json block as an escaped JSON string (literal \n / "), which raw JSON.parse rejected, so synthesis produced no issues. Now decodes escaped JSON before parsing. (INT-2239)
- Orphan audit issue — warn (with a pointer to
openswarm add) when a repo has noopenswarm.jsonproject mapping, instead of silently filing the master issue without a project. (INT-2239)
npm: @intrect/openswarm@0.10.1.
v0.10.0 — review pipeline, session persistence, daemon/TUI fixes
Full-codebase review pipeline (multi-agent audit → report → PM triage → Linear), chat session persistence, and a batch of daemon / TUI / adapter fixes.
Added
review --max— full-codebase audit fanning reviewer subagents over areas (area isolation + dedup), markdown report at.openswarm/audit/, and PM-synthesized Linear issues by default (master + ≤10 cohesive sub-issues, not one-per-follow-up).--no-linear,--issues-per-area,--fallback,--out.- Codex usage-limit handling + automatic claude fallback (Claude subscription).
- Chat session persistence +
openswarm resume;/goal clear. - Execution cwd context; daemon project-selection persistence; planner rich-markdown sub-tasks;
edit_filefuzzy fallback.
Fixed
- Daemon kept running after disabling all projects.
- Multi-team config
createIssue("teamId must be a UUID"). - Ink TUI color consistency; Hangul input doubling; STUCK infra-error counting; Linear overview doubling.
npm: @intrect/openswarm@0.10.0. Full notes in CHANGELOG.md.