v7.79.5

7.79.5 (2026-06-18)

Bug Fixes

• prm: harden trajectory, curator, and learning flows (8446abc)

v7.79.4

7.79.4 (2026-06-18)

Bug Fixes

• npm: update repository URL for provenance verification after repo move (9a289de)
• npm: update repository URL for provenance verification after repo move (e22794e)

v7.79.3

7.79.3 (2026-06-18)

Bug Fixes

• planning: offer general council before plan writing (c27cb76)

v7.79.2

7.79.2 (2026-06-18)

Bug Fixes

• ci: add preload-based keepalive to wrapper for universal Bun #32056 fix (e832e9a)
• ci: per-file wall-clock timeout wrapper for Windows merge-queue shard hangs (#1403) (a7bc92d)
• ci: per-file wall-clock timeout wrapper for Windows merge-queue shard hangs (#1403) (9f11a90)
• ci: rename test fixtures to avoid CI auto-discovery (#1403) (f2ace34)
• tests: add Bun #32056 keepalive workaround to Windows-hanging test files (0e05d34)

v7.79.1

CI: Two-tier CI with automatic test sharding

What changed

The CI pipeline (ci.yml) was restructured to reduce PR feedback time from ~40 minutes to ~12 minutes and to prepare for merge queue adoption.

Two-tier CI: Merge-queue-only jobs (integration, smoke, php-validation, rust-sandbox-runner) now gate all their steps with if: github.event_name == 'merge_group'. On pull_request, those jobs run but all steps are skipped, so the job completes in ~10 seconds while still satisfying required status checks. On merge_group, the full validation runs. Jobs that were always fast (quality, package-check, security) continue running on both events unchanged.

Automatic round-robin test sharding: The 20 hand-maintained test steps (which duplicated ~111 files and silently skipped ~177 files) have been replaced with automatic file discovery via find tests/unit -name '*.test.ts' -type f | sort distributed across 4 parallel shards using modulo assignment. All test files are covered with zero duplication.

Dynamic OS matrix: Unit tests run on ubuntu-only for PRs and the full 3-OS matrix for merge queue runs.

Why

1. Cascading CI restarts: When one PR merges, branch updates cascade to all open PRs, each restarting a 40+ min CI run. Enabling the merge queue (see below) stops the cascades entirely.
2. CI duration: The critical path through quality → unit (3-OS matrix, 140+ sequential files) → integration → smoke was 40+ minutes. Sharding and the two-tier split bring PR feedback to ~12 minutes.

Migration steps (admin required)

The unit job matrix gains a shard dimension, changing required check names:

• Old: unit (ubuntu-latest), unit (macos-latest), unit (windows-latest)
• New: unit (ubuntu-latest, 1) through unit (ubuntu-latest, 4) (PR tier); unit (ubuntu-latest, 1) through unit (windows-latest, 4) (merge queue tier)

Branch protection migration (atomic path preferred — add new checks before removing old to avoid a protection gap):

1. Add new required checks: unit (ubuntu-latest, 1) through unit (ubuntu-latest, 4), plus quality, package-check, security
2. Merge this PR
3. Remove old unit (...) required checks
4. The merge-queue-only jobs keep their existing names

To eliminate cascading CI restarts (Problem #1), also:

• Enable the GitHub merge queue on main in branch protection settings
• Disable "Require branches to be up to date before merging" (the merge queue handles freshness validation)

Known caveats

• PR runs no longer run integration, smoke, php-validation, or rust-sandbox-runner. Cross-platform and integration bugs are caught at merge queue time instead of during development.
• macOS and Windows unit test failures are only surfaced in the merge queue, not on individual PRs.
• repro-704 (plugin init deadline verification, AGENTS.md invariant 1) runs in the smoke job and is deferred to merge queue only.
• Unit job timeout reduced from 90m (pre-sharding, PR #1245) to 40m per shard. Windows merge-queue shards are estimated at 20-25 min; monitor first runs and adjust if needed.

7.79.1 (2026-06-17)

Performance Improvements

• ci: two-tier CI with automatic test sharding for faster PR feedback (#1395) (5f4cd84)

---

This PR was generated with Release Please. See documentation.

v7.79.0

Context usage reduction: summarizer threshold, pre_check_batch docs, tool-gating, and knowledge_ack retirement

What changed

1. Summarizer threshold lowered (Issue #1323)

SummaryConfigSchema.threshold_bytes default changed from 102,400 bytes (100 KB) to 16,384 bytes (16 KB). With the existing 1.25× hysteresis factor, summarization now fires at approximately 20 KB instead of approximately 128 KB.

This means tool outputs in the 10–60 KB range — produced by tools like search, sast_scan, pkg_audit, secretscan, and symbols over large code trees — are now summarized in-context with retrievable summaries, rather than persisting in full to the plan ledger. Full retrieval via retrieve_summary (with offset/limit) is preserved unchanged.

2. pre_check_batch documented as preferred Stage A aggregator

Added guidance to the architect prompt's Stage A section documenting pre_check_batch as the recommended approach for post-implementation verification. pre_check_batch runs lint:check + secretscan + sast_scan + quality_budget in parallel (up to 4 concurrent), giving faster and more comprehensive feedback than running those tools sequentially.

3. Retired deprecated knowledge_ack tool (Issue #1323)

The deprecated single-outcome knowledge_ack tool has been retired in favor of its batched successor knowledge_receipt. The retirement is additive-only:

• Removed from: tool registration, barrel exports, manifest, plugin registration, and architect prompt references.
• Preserved: legacy reader paths in knowledge-events.ts and state.ts so existing .swarm/knowledge-application.jsonl records in user projects remain readable. The source file (knowledge-ack.ts) is retained but no longer exported.
• knowledge_receipt is now the sole knowledge-acknowledgment mechanism, supporting batched applied/ignored/contradicted entries plus new-lesson persistence.

The architect base tool count is now 66 (was 78 before this PR — 11 tools gated behind feature flags + 1 retired).

4. Stale LeanTurboConfigSchema test corrected

The worktree_isolation test for LeanTurboConfigSchema was updated. The feature is now implemented in the lean turbo runner; the test had not been updated to reflect this and was still asserting that the field should be rejected.

5. Feature-flag gating of council and turbo tools (Issue #1323, #1388)

The architect agent's unconditional tool surface has been reduced from 78 to 66 tools. Council (~7) and turbo (6) tools are now gated behind their feature flags using the existing conditional-merge pattern (same as memory and external-skill tools):

• Council-mode tools (submit_council_verdicts, submit_phase_council_verdicts, declare_council_criteria, write_final_council_evidence) are granted only when council.enabled is true.
• General-council research tools (convene_general_council, web_search, web_fetch) are granted only when council.general.enabled is true.
• Lean turbo tools (lean_turbo_*) are granted only when a turbo configuration block is present.

No capability is lost — every gated tool remains available when its feature is enabled. The web_search tool retains its grants to sme/researcher/skill_improver agents.

Why

Large tool outputs (10–60 KB) were being stored in full in the plan ledger even when they could be summarized. This inflated context size without adding proportionate value for subsequent reasoning steps. The lower threshold makes summarization fire earlier and more often for these mid-sized outputs, keeping context leaner without losing access to the full content via retrieve_summary.

pre_check_batch was already a production tool but was not clearly flagged as the preferred Stage A verification path in the architect's workflow. Surfacing it reduces the chance architects use slower sequential alternatives.

The knowledge_ack tool was deprecated in favor of knowledge_receipt (#1323). The single-outcome acknowledgment pattern was superseded by the batched receipt pattern which supports multiple outcomes (applied/ignored/contradicted) plus new-lesson persistence in a single call.

The unconditional tool surface for the architect agent included tools for features that may never be enabled in a given environment (council mode, lean turbo) plus a deprecated tool (knowledge_ack). Gating deprecated and feature-gated tools reduces confusion about available capabilities and aligns with the existing pattern used for memory and external-skill tools (#1388).

Migration

No configuration changes required. Existing configs continue to work unchanged.

Breaking changes

None.

Behavioral change

The tool_filter.overrides.architect conflict guard that previously threw an error when council tools were omitted from a user override (with council.enabled=true) has been replaced with auto-merge. Council tools are now always available when council.enabled=true, regardless of override contents. Users who relied on the throw behavior to exclude council tools should set council.enabled=false instead.

7.79.0 (2026-06-17)

Features

• tools: reduce architect tool surface and lower summarizer threshold (#1393) (d098499)

---

This PR was generated with Release Please. See documentation.

v7.78.8

/swarm finalize git detection and subprocess safety fix

What changed

• checkpoint.ts subprocess safety — The same gitExec fix was applied to src/tools/checkpoint.ts (now uses stdio: ['ignore','pipe','pipe'], windowsHide: true, and checks result.error before result.status). It also now passes an explicit cwd to git subprocesses instead of relying on inherited process.cwd. The src/git/branch.ts gitExec already had this hardening on main.
• Help text correction — src/commands/registry.ts, docs/commands.md, and README.md were updated. /swarm finalize no longer claims "safe git ff-only to main"; it now accurately describes the destructive git reset --hard / git clean -fd alignment behavior with a cautious fallback.

Why

The checkpoint.ts cwd fix removes reliance on inherited process.cwd, which is fragile in plugin-hosted contexts where the host process cwd may not be the project root. saveCheckpointRecord was calling isGitRepo() and getCurrentSha() without a directory argument, so it would resolve to the wrong path in plugin-hosted contexts.

The help-text correction prevents users from being misled about finalize's behavior. Finalize aligns the working tree with the approved plan using destructive git commands; describing it as a "safe ff-only merge" was inaccurate and could cause data loss.

Migration steps

None. The fix is transparent to users. If you have scripts or documentation that assumed /swarm finalize performs a safe ff-only merge, update them to reflect the actual destructive cleanup behavior.

Known caveats

• /swarm finalize still performs destructive cleanup (git reset --hard and git clean -fd) to align the working tree with the approved plan. Ensure uncommitted work is stashed or committed before running finalize.
• The subprocess fix does not change the finalize git flow itself; it only corrects repository detection and error reporting.
• On Windows, windowsHide: true suppresses the console window that may otherwise flash when git subprocesses are spawned from a GUI/TUI host.

7.78.8 (2026-06-17)

Bug Fixes

• git: correct finalize git detection and subprocess safety (#1396) (b3fb3ce)

---

This PR was generated with Release Please. See documentation.

v7.78.7

PR #1245 follow-up — /clear alias and dark-matter-wiring _internals seam

What changed

/clear alias added to CC_COMMAND_MAP (root cause: PR #1245 lost the alias)

PR #1245 introduced CC_COMMAND_MAP in src/commands/conflict-registry.ts as a Map
keyed by the bare CC command name (e.g. plan for /plan, reset for /reset).
The PR removed the hand-maintained 'clear' → 'reset' mapping that the previous
hard-block branch in cc-command-intercept.ts relied on. As a result, /clear
fell through to a warning-only native-command log path instead of being
hard-blocked like /reset.

This follow-up registers clear as an explicit alias key in CC_COMMAND_MAP
during the existing initialization loop, pointing to the same CommandConflict
entry as reset. The misleading comment in cc-command-intercept.ts:138
("CC_COMMAND_MAP handles both direct commands and aliases like /clear → /reset")
has been corrected to reflect what the map actually does.

_internals DI seam in system-enhancer.ts (root cause: PR #1245's test refactor didn't take effect)

PR #1245 migrated tests/integration/dark-matter-wiring.test.ts from
mock.module() to _internals DI seam mutation. The migration didn't work:
10 of 14 tests failed because system-enhancer.ts imported the named
functions (detectDarkMatter, formatDarkMatterOutput, etc.) which are bound
at module load time. Mutating _internals.detectDarkMatter only changes the
seam object's property, not the named export reference, so the production
code kept calling the original implementation.

This follow-up refactors system-enhancer.ts to import _internals as coChangeInternals and _internals as knowledgeStoreInternals and call them at
call time (coChangeInternals.detectDarkMatter(...) instead of
detectDarkMatter(...)). The named-export-to-seam indirection was the missing
piece of the active-seam pattern that the migration intended. This eliminates
the cross-test pollution that mock.module() would have caused without
regressing the test's mock-via-seam intent.

The dark-matter-wiring.test.ts file also had a broken test design: mocks
were applied at module load but the afterEach restored the originals,
leaving only the first test in the file with the mocks. This follow-up
removes the per-test restoration and uses process.on('exit') for file-exit
teardown so the seam mocks persist for the file's tests but don't leak
into other test files.

Adversarial tests for /clear interception

Added 4 new adversarial tests in
tests/adversarial/cc-command-intercept.adversarial.test.ts to guard against
the /clear regression:

• /clear is hard-blocked as alias for /reset
• /CLEAR (uppercase) is hard-blocked
• /clear with leading whitespace is hard-blocked
• Triple-backtick block containing /clear is NOT detected (preserves the
  code-fence escape behavior)

Why

PR #1245 was a Copilot bot PR that intended to:

1. Wire CC_COMMAND_MAP for case-insensitive and whitespace-padded detection
2. Replace hardcoded tool count assertions
3. Eliminate mock.module() cross-test contamination

Items 1 and 3 had regressions introduced by the change:

• Item 1 lost the /clear alias handling
• Item 3's test refactor didn't actually take effect because the production
  code didn't use active seams

This follow-up preserves the PR's stated intent (per the writing-tests skill
Invariant 7 — DI seam over mock.module) while fixing the regressions that
the local /swarm-pr-review identified.

Migration

No user-facing migration needed. All changes are internal.

Invariant audit

• 1 (plugin init): not touched — system-enhancer.ts refactor changes only
  how functions are read (static import of _internals vs named exports);
  no new I/O, no new computation at init time. Plugin loads in bounded
  time: node --input-type=module -e "await import('./dist/index.js')"
  returns PLUGIN LOADS OK (exit 0).
• 2 (runtime portability): not touched — no new bun: imports, no changes
  to default export shape, no new top-level awaits.
• 3 (subprocesses): not touched — no spawn/exec/subprocess changes.
• 4 (.swarm containment): not touched — no new .swarm/ paths written.
• 5 (plan durability): not touched — no plan schema or status-shape
  changes.
• 6 (test_runner safety): not touched — focused test files used for
  validation, no broad test_runner scopes.
• 7 (test writing): touched — tests/integration/dark-matter-wiring.test.ts
  uses _internals DI seam per the writing-tests skill Invariant 7.
  tests/adversarial/cc-command-intercept.adversarial.test.ts uses
  bun:test. No mock.module introduced. Confirmed by direct
  file reads and test execution.
• 8 (session state): not touched.
• 9 (guardrails/retry): touched — cc-command-intercept.ts hard-block
  branch for bareCmd === 'clear' is now reachable (was dead code
  before this fix). Verified by adversarial test
  "ADVERSARIAL: cc-command-intercept hook evasion tests > ATTACK VECTOR:
  /clear alias for /reset (PR #1245 regression guard) > /clear is
  hard-blocked as alias for /reset".
• 10 (chat/system msg): not touched.
• 11 (tool registration): not touched — no new tools registered; only
  the CC_COMMAND_MAP initialization loop (which builds a lookup
  table for the existing cc-command-intercept hook) was extended.
• 12 (release/cache): touched — release fragment created (this file).
  dist/ not committed. No version files hand-edited.

Test plan

• bun test tests/integration/dark-matter-wiring.test.ts — 14 pass / 0
  fail (was 10 pass / 4 fail before this fix)
• bun test tests/adversarial/cc-command-intercept.adversarial.test.ts
  — 28 pass / 0 fail (was 24 pass / 0 fail before this fix; 4 new
  /clear tests added)
• bun test tests/adversarial/architect-check-gate-status-whitelist.adversarial.test.ts
  — 39 pass / 0 fail (PR #1245 Category 2 test, unchanged)
• bun test tests/unit/commands/dark-matter.test.ts + dark-matter.adversarial.test.ts + dark-matter.knowledge-persistence.test.ts
  — 46 pass / 0 fail (system-enhancer consumers, unchanged)
• bun test tests/adversarial/handoff-security-adversarial.test.ts —
  (system-enhancer consumer) all pass
• bun test tests/integration/retrospective-gate.test.ts —
  (system-enhancer consumer) all pass
• bun run typecheck — exit 0 (tsc --noEmit clean)
• bunx biome check . — 0 errors (2 pre-existing warnings in
  tests/unit/turbo/lean/runner-parenting.test.ts unrelated to
  this change)
• node --input-type=module -e "await import('./dist/index.js')" —
  PLUGIN LOADS OK (exit 0)
• bun run build — exit 0 (5.0 MB index.js, 2.26 MB CLI index.js,
  20 grammar files copied to dist/lang/grammars/)

Pre-existing failures (unrelated, in scope for separate fix)

• tests/unit/commands/simulate.test.ts: pre-existing
  SyntaxError: Export named '_internals' not found in module 'src/tools/co-change-analyzer.ts'.
  This is because src/commands/simulate.ts:1 imports _internals but
  the test's mock.module(...) factory only provides detectDarkMatter.
  The same _internals DI seam pattern that this PR applies to
  dark-matter-wiring.test.ts would also fix this — add
  _internals: { detectDarkMatter: mockDetectDarkMatter } to the
  mock factory. Out of scope for this PR which targets the specific
  regressions the local /swarm-pr-review identified.
• tests/integration/pre-check-batch.test.ts: 2 pre-existing failures
  related to lint/sast_scan tools not being installed in the local
  environment (consistent with the pre-flight advisory about missing
  ruff/cargo/etc. binaries). Unrelated to this change.
• tests/unit/commands/ and other directories: ~158 pre-existing
  failures verified to exist on the PR's HEAD before this change via
  git stash baseline comparison. Unrelated to this change.

7.78.7 (2026-06-17)

Bug Fixes

• resolve 106 pre-existing test failures across three categories (#1245) (5a6cee1)

---

This PR was generated with Release Please. See documentation.

v7.78.6

Summary

• Fix /swarm close git alignment so a missing git executable is reported
  separately from a non-git directory, and transient git errors are reported
  separately from both.
• Preserve the existing reset behavior when the workspace is a real git repo.
• Update the adjacent close test suite to use canonical plan fixtures and a
  ledger-backed terminal-state helper.

Why

The close command was conflating git lookup failures ("git binary not found",
"spawnSync timeout") with "not a git repository," which hid the real failure
mode and forced manual archiving/reset handling.

The adjacent test suite had drifted from the current plan schema and ledger
identity rules, so it could no longer prove the terminal-write path accurately.

Migration

No migration required. The isGitRepo() function is retained as a thin wrapper
over the new getGitRepositoryStatus() so that callers outside the close path
are unaffected.

Caveats

• scripts/repro-704.mjs times out in both the branch worktree and a clean
  origin/main worktree in this environment; it is tracked as a pre-existing
  validation issue and is not part of this change.

7.78.6 (2026-06-17)

Bug Fixes

• close: distinguish git lookup failures (#1254) (37eb88f)

---

This PR was generated with Release Please. See documentation.

v7.78.5

chore(main): release 7.78.5 (#1394)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>