Skip to content

v1.4.8 — first npm release: /sDo namespace + the operational toolkit

Latest

Choose a tag to compare

@JannieP JannieP released this 06 Jul 15:36

First npm release. npx swarmdo@latest is live — the umbrella (swarmdo@1.4.8) and the standalone CLI (@swarmdo/cli@1.4.8, self-contained via vendored staging) both publish from the new SwarmDo organization.

Headlines since v1.3.0: every slash command namespaced under /sDo: (skills /sdo-), the operational toolkit (usage analytics + budget guard, ops HUD, TDD repair, worktree isolation, transcript export, conventional-commit changelog, MCP doctor, desktop-notify hook recipes), the 5-tier config preset ladder, the Obsidian memory-vault roundtrip, and config lint.


⚠ Breaking Changes

  • org: move to the SwarmDo organization — JannieP/swarmdo → SwarmDo/swarmdo (1.4.7) (3cf16f695)
  • commands: namespace every swarmdo slash command under sDo (1.4.0) (dfe87f2f0)
  • changelog: release notes from conventional commits (1.3.28) (81a508804)

Features

  • config: config lint — static validation of config surfaces (1.4.6) (2dbe1da9a)
  • memory: Obsidian vault IMPORT — memory import -f obsidian roundtrip (1.4.4) (bf57a10e3)
  • memory: Obsidian markdown-vault export — memory export -f obsidian (1.4.3) (8a265b5f0)
  • commands: namespace every swarmdo slash command under sDo (1.4.0) (dfe87f2f0)
  • usage: usage guard — budget/rate-limit policy over spend (1.3.30) (071a4a083)
  • hooks: hooks recipe — install Claude Code hook recipes (1.3.29) (dd99c5707)
  • changelog: release notes from conventional commits (1.3.28) (81a508804)
  • init: configuration preset ladder + caveman/ponytail guide (1.3.27) (50a6f84f1)
  • usage: usage cache — prompt-cache efficiency + $ saved (1.3.26) (25d28bd84)
  • mcp: mcp doctor — validate configured MCP servers statically (1.3.25) (70404dd62)
  • transcript: export Claude Code sessions to Markdown (1.3.24) (0cffd5557)
  • notify: real desktop notifications for hooks notify (1.3.23) (0b03f9438)
  • usage: usage errors — tool-failure analytics from transcripts (1.3.22) (33e64d6fe)
  • worktree: isolated git worktrees for parallel work (1.3.21) (bbf0a5fa4)
  • task: parse-prd — decompose a spec into the task DAG (1.3.20) (c45b643c8)
  • usage: quantify uncounted spend when models are unpriced (1.3.19) (7e6a60a5e)
  • memory: SWARMDO_REQUIRE_REAL_EMBEDDINGS strict mode — hash fallbacks throw instead of degrading silently (a26ad159f)
  • memory: revectorize — repair hash-era embeddings with real ONNX vectors (c1b147ebe)
  • cli: swarmdo hud — single-pane operational view (block burn, tasks, daemon, memory) (71be65b33)
  • usage: 5-hour billing blocks view with live burn rate (f69c973d0)
  • task: dependency-aware task graph — ready/blocked queries, dispatcher gating (30cd218ad)
  • cli: swarmdo repair — Test-Driven Repair via bounded headless claude loop (9f31fdc5d)
  • daemon: backup worker (13th, default-on) + honest optimize telemetry + SWARMDO_HEADLESS kill-switch (686eb2a18)
  • memory: WAL-safe backup subcommand — snapshot, keep-N rotation, restore (59354748d)
  • cli: swarmdo usage — Claude Code token/cost analytics from local transcripts (838aac202)
  • cli: swarmdo efficiency on|off|status — post-init toggle for caveman+ponytail skills (2241da129)
  • brand: marketing logo set — swarm-delta mark + full lockups, dark/light/transparent, SVG + PNG (512/1024/2560) (074b9c8a1)
  • support: Buy Me a Coffee — repo Sponsor button (FUNDING.yml), README badges, website nav + footer button (slug: buymeacoffee.com/swarmdo) (303745d86)
  • agents: ponytail persona flag for spawned agents (25f0294f9)

Bug Fixes

  • cli: make @swarmdo/cli standalone-installable from npm (1.4.2) (984458243)
  • statusline: regenerate committed statusline.cjs artifact to match generator (pre-existing drift-guard failure) (83421b1a6)
  • security: bound functionPatterns in swarmvector DIST too (143 completeness) (2ad7a11e1)
  • security: actually close 5 re-confirmed CodeQL alerts (141,143,230-232) (f339fc333)
  • security: harden two test-file sanitizers/regex — no bump (f70d68b26)
  • security: sanitization/url/escaping fixes in vendored swarmvector + agentic-flow — 1.3.16 (fab3e4436)
  • security: bound 10 flagged ReDoS regexes across cli/codex/swarmvector — 1.3.15 (9f8b2cfb7)
  • security: argv-form syntax check in swarmvector bin/cli — 1.3.14 (e7d137945)
  • security: linear-time regexes in vendored agentic-flow dist — 1.3.13 (9b9deebcc)
  • security: block scriptable data: URIs in swarmvocal markdown hrefs (59f8b33cd)
  • security: 2 V8-reproducible first-party ReDoS — 1.3.12 (533471e04)
  • security: argv-form git/exec in vendored forks — 1.3.11 (3d42b915c)
  • security: crypto-strong session IDs in vendored agentdb + swarmdo-swarm — 1.3.10 (08bf23a55)
  • security: linear-time regexes in vendored swarmvector — 1.3.9 (99fb4c931)
  • security: CORS wildcard+credentials, no-op replace, esp32 argv exec (9b19fe3b8)
  • security: complete incomplete sanitizers (loop + escape-order) — 1.3.8 (95fa27eb6)
  • security: helmet CSP + vbscript: scheme + entity-decode order — 1.3.7 (7811037ab)
  • security: guard prototype-polluting assignments — bump 1.3.6 (ea2e744b6)
  • security: crypto-strong IDs in integration/mcp-tools/plugins/cloud-fn (e4a790996)
  • security: crypto-strong session/terminal IDs in cli + mcp — bump 1.3.5 (353dc6341)
  • security: remove dead script/handler strips in browser sanitizer — bump α6 (8090e301c)
  • security: linear-time regexes in gastown-bridge + prime-radiant plugins (1c78e405b)
  • security: linear-time regexes in aidefence/browser/guidance — bump 1.3.4 (4cb547413)
  • security: linear-time regexes across mcp/shared/memory/plugins — bump 1.3.3 (a73dabdbd)
  • security: linear-time regexes in codex loop/migrations/validators — bump alpha.10 (eec848d49)
  • security: linear-time swarmvector analyzers (ast/coverage/diff) — bump 1.3.2 (f456b2d8b)
  • security: linear-time regexes in cli parser/doctor/init/graph-analyzer — bump 1.3.1 (e91d3acf3)
  • security: shell-free git invocations in release-manager + Windows npm-arg guard (72bc4e96a)
  • security: constant console format strings, key-prefix redaction, regex-injection guard (6c7c802ad)
  • security: uniform verification codes + crypto-strength session ids (931a7ca04)
  • security: least-privilege permissions blocks in all 17 workflows lacking them (a23208511)
  • plugins: marketplace-valid author objects for vendored caveman/ponytail manifests (d0755a22b)
  • ci: repair rename-corrupted integrity hashes in four lockfiles (fd7a7930e)
  • memory: restore real ONNX embeddings — semantic memory search was silently hash-based (342ee8977)
  • parser: mirror camelCased flags to kebab twins — un-breaks ~120 dead flag reads (ae71933b9)
  • daemon: consolidate worker does real work — TTL expiry, EWC Fisher, run ledger (25c406877)

Documentation

  • all: Operational Toolkit surfaced in README, USERGUIDE, and site (1.4.5) (cc1ca99a9)
  • release: 1.4.1 — README/site/CLAUDE.md for the sDo release; fix attribution URLs (9dae62984)
  • fix stale claude-flow-era version references in CLAUDE.md (75c48e84b)
  • site+readme: dedicated Caveman & Ponytail integration section — before/after demo, agent persona, toggle matrix, MIT credits (319f11453)
  • live GitHub stars badge (repo is now public) (1d78205bc)
  • swarmdo compress in README quick start (e2e-verified 33% reduction) (a94b34c51)