npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

swarm-orchestrator

v7.0.0-alpha.0

Published

Falsification battery and signed attestation for AI-authored code. Worker and reviewer steps run on isolated branches, each step verified before merge, with audit-ready run artifacts.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

bradkinnardbradkinnard

Keywords

clifalsificationattestationverificationquality-gatesorchestratoragent-orchestratorswarmaiswe-benchcopilotcopilot-cliclaude-codecodex

Readme

Swarm Orchestrator

Independent verification battery for patches written by AI coding agents.

License Version Node CI Stars

Quick Start · How It Works · Documentation · Contributing

Wraps third-party coding-agent CLIs (Copilot, Claude Code, Codex), runs worker and reviewer steps on isolated git branches, and applies a five-layer falsification battery to each agent-authored patch. Hard gates block patches that fail intent or regression checks; advisory layers feed a composite score.

You run this around an agent CLI, not instead of one. The agent produces the patch; the orchestrator tries to break it. Patches that survive merge to main; patches that don't are rolled back with a verification report.

Features

  • Five-layer falsification battery. Intent verification, regression and mutation testing, cheat detection, property-based testing, and signed attestation. Layers 1 and 2 are hard gates; layers 3 to 5 feed an advisory composite score. Implementations live under src/verification/.
  • Isolated worker and reviewer steps. Each step runs on its own git branch and worktree. Worker writes; reviewer is read-only and synthesises differential tests or reviews the diff against an active policy.
  • Analyzer-gated parallelism. A static dependency analyser (src/scheduling/dependency-analyzer.ts) decides which steps can run in parallel. The planner does not declare independence.
  • Quality-gate engine. Nine built-in gates (scaffoldDefaults, duplicateBlocks, hardcodedConfig, readmeClaims, testIsolation, runtimeChecks, accessibility, testCoverage, testFileProtection) registered in src/quality-gates/registry.ts. Projects register custom gates via .swarm/gates/index.js.
  • Signed attestation. In-toto SLSA v1.0 attestation, cosign keyless via Fulcio plus OIDC, attached as a git note. Implementation: src/verification/attestation.ts and cosign-attestation.ts.
  • Audit-ready run artifacts. Every execution writes runs/<execution-id>/ with session-state.json, metrics.json, cost-attribution.json, per-step share.md transcripts, and per-step verification reports. Secrets are redacted at end of run.
  • Multiple agent backends. Adapters for Copilot CLI, Claude Code, Codex, and Claude Code Teams behind a shared process supervisor.

Quick Start

Prerequisites

| Requirement | Version | Notes | |---|---|---| | Node.js | >= 20 | Engines-enforced. CI runs 20 and 22. | | git | >= 2.40 | Worktrees are required; older git is not tested. | | One agent CLI | latest | One of: copilot, claude, codex. Must be installed and authenticated separately. | | Docker | latest | Optional. Required only for SWE-bench evaluation containers. |

Install

The npm package is not published yet. Install from source:

git clone https://github.com/moonrunnerkc/swarm-orchestrator.git
cd swarm-orchestrator
npm install
npm run build
node dist/src/cli.js --help

First run

node dist/src/cli.js run --goal "Add a /health endpoint that returns 200 OK" \
  --tool claude-code --target ./my-repo

Expected output shape:

[cli:swarm] Total Steps: 3
[cli:swarm] Cost Estimate: 3-5 premium requests
[orchestrator] Starting Parallel Swarm Execution
[orchestrator]   Step 1 (worker) on branch: swarm/<run-id>/step-1-worker
[orchestrator]   Step 1 (worker) - Agent working...
[orchestrator]   Step 1 verified, merging...
[cli:swarm] SWARM EXECUTION COMPLETE
[cli:swarm]   Completed: 3/3
[cli:swarm]   Artifacts: ./runs/<run-id>/

How It Works

The CLI takes a goal, calls swarm bootstrap or swarm plan to produce a plan file, then swarm swarm <planfile> runs each step. A worker step is a git branch and worktree where the configured agent CLI executes against the goal; the worker writes a /share transcript and commits its changes. A reviewer step is read-only, runs either before the worker (synthesises a differential test from the goal's FAIL_TO_PASS description) or after (reviews the diff against a configured policy: general, security, or accessibility).

After each step, the verifier runs. The active per-step path is src/verifier-engine.ts, which parses the transcript, cross-references hook-recorded file evidence, and runs outcome checks (git_diff, file_existence, build_exec, test_exec) against the worktree. The v7 falsification battery code lives under src/verification/ and is wired in for differential gating, mutation testing, cheat detection, property testing, and attestation; the migration to make it the sole per-step path is in progress.

Steps that pass verification merge to main via octopus merge; steps that fail are rolled back. After all step branches merge, the nine-gate quality engine scans the merged result and writes a report. Quality-gate findings are advisory in the current code: they do not block the merge path.

For deeper detail, see ARCHITECTURE.md and docs/verification.md.

Supported Agents

| Agent CLI | Status | Notes | |---|---|---| | copilot | shipped | GitHub Copilot CLI. Cold-start spawn per step. Adapter: src/adapters/copilot-adapter.ts. | | claude-code | shipped | Anthropic Claude Code CLI. Supports persistent interactive sessions. Adapter: src/adapters/claude-code-adapter.ts. | | claude-code-teams | shipped | Claude Code in teams configuration. Adapter: src/adapters/claude-code-teams.ts. | | codex | shipped | OpenAI Codex CLI. Spawns codex exec with sandbox bypass for git worktrees. Adapter: src/adapters/codex-adapter.ts. |

Pass --tool <name> to select. The agent CLI must be installed and authenticated by the user; the orchestrator does not bundle credentials.

Configuration

verification:
  mutation:
    failBelow: 0.6
    warnBelow: 0.8
  composite:
    threshold: 0.7
    weights:
      cheatDetector: 0.4
      propertyGate: 0.4
      attestation: 0.2
    advisoryGatePenalty: 0.02

Full reference: docs/configuration.md.

enabled: true
failOnIssues: true
autoAddRefactorStepOnDuplicateBlocks: true
autoAddReadmeTruthStepOnReadmeClaims: true
autoAddScaffoldFixStepOnScaffoldDefaults: true
autoAddConfigFixStepOnHardcodedConfig: true
autoAddAccessibilityFixStepOnAccessibility: true
autoAddTestCoverageStepOnTestCoverage: true

Full reference: docs/quality-gates.md.

Worker and reviewer roles are defined in agents/worker.agent.md and agents/reviewer.agent.md. Project overrides live in config/default-agents.yaml; install-level and .github/agents/*.agent.md are the lower-precedence sources.

Full reference: docs/configuration.md.

CLI Reference

| Command | Description | |---|---| | swarm bootstrap <path(s)> "<goal>" | Analyses target repos and writes a plan. | | swarm plan <goal> | Generates a plan from a goal description. | | swarm execute <planfile> | Executes a saved plan step-by-step. | | swarm swarm <planfile> | Executes a plan with verified branch and worktree workflow. | | swarm run --goal "<description>" | Plan and execute in one step. | | swarm quick "<task>" | Single-agent quick-fix mode. | | swarm gates [path] | Runs quality gates against a repo. | | swarm status <execid> | Shows execution status. | | swarm report <run-id> | Generates a structured run report. | | swarm audit <session-id> | Generates a Markdown audit report. | | swarm metrics <session-id> | Shows metrics summary for a session. | | swarm attest verify <commit> | Verifies the swarm attestation git note on a commit. | | swarm demo <scenario> | Runs a pre-configured demo scenario. | | swarm templates | Lists available plan templates. | | swarm recipes | Lists available recipes. |

Full flag reference: docs/cli.md.

Documentation

| Section | What's covered | |---|---| | Architecture | Module layout, scheduling, merge strategy, governance. | | Verification | Per-step verifier, outcome checks, transcript checks, hook evidence. | | Adapters | Per-CLI capabilities, options, and process supervision. | | Quality gates | The nine built-in gates and how to register custom ones. | | Configuration | Config file precedence, schema, and overrides. | | CLI | Full command and flag reference. | | Benchmarks | SWE-bench harness, scoring, and methodology. | | Contributing | Development setup, code style, PR workflow. |

Contributing

PRs welcome. Code style is enforced: named exports only, kebab-case filenames, no any types in src/, full JSDoc on public functions, 300-line file soft limit, structured logger only (no console.* in src/). Before any PR: npm test, then node dist/src/cli.js gates ., then a descriptive conventional-commit message. The full standards are in CONTRIBUTING.md.

git clone https://github.com/moonrunnerkc/swarm-orchestrator.git
cd swarm-orchestrator
npm install
npm test

License

ISC © 2026 Bradley R. Kinnard / moonrunnerkc