1.0.32

1.0.32

• New swival skills command to install, remove, and list agent skills from the command line instead of copying directories by hand. swival skills add <name-or-URL> installs into the current project, --global into the every-project set, and swival skills delete / swival skills list round out the management commands.
• Pointing add at a git repository clones it shallowly, finds its top-level skills/ directory (or a single skill at the repo root), and installs what it finds. You can pin a ref with --ref <branch|tag|commit> (or <URL>#ref) and rename the collection with --as <name>.
• Downloaded collections land in a staging library at ~/.config/swival/library/skills/, which the agent does not load from. add --global <URL> stages there without switching anything on, keeping a review step between downloading a third party's repo and making it active in every session. Once a collection is staged, install individual skills from it by name (swival skills add deploy, or collection/skill to disambiguate).
• Installing a skill never executes anything, and external metaskills still require --metaskills all before they run. Swival flags when an installed skill ships a SKILL.star, and clones run with credential prompts disabled, redirects refused, non-git protocols blocked, and private or internal addresses refused.

1.0.31

1.0.31

• Streaming now shows the model's thinking as it arrives.
• Significant improvements to context management and compaction have been implemented.
• When a model isn't found on the server, the error is now actually helpful: it lists the models the server reports, suggests the closest match to what you typed, and, if the server happens to serve exactly one model, quietly switches to it and retries instead of failing.
• /audit and documentation improvements have been made.

1.0.30

1.0.30

• Swival now supports Apple Foundation Models as an LLM backend via --provider applefm. Point it at an fm serve instance (defaults to http://127.0.0.1:1976/v1) and choose --model system for the on-device model or --model pcc for Private Cloud Compute.
• The interactive setup wizard (--init / onboarding) now includes an MLX option for mlx_lm, omlx, mtpmlx, etc.
• You can now enter literal newlines in the REPL with Shift+Enter instead of having to remember Ctrl+J.
• write_file and edit_file both return a [checksum=...] trailer on every successful invocation. The agent can now chain consecutive file writes and edits without a follow-up read_file to obtain the latest checksum, making multi-step file workflows more efficient.
• Interrupting a tool call mid-dispatch (Ctrl+C) no longer wedges the session on Anthropic-format providers like Bedrock. Orphaned tool-use blocks in the conversation history are now backfilled with a synthetic tool result, so a single accidental interruption no longer forces a full restart. Thanks to Cameron Walters.
• read_file, read_multiple_files, run_command, and run_shell_command now reject boolean values for integer parameters (offset, limit) and non-string elements in argv arrays with clear error: messages, instead of relying on Python's bool-is-int quirk or crashing later.

1.0.29

1.0.29

• /audit now tries to inline function definitions alongside their callers, so that more relevant information is packed together and held in the context.
• On macOS, Swival now keeps the machine awake during turns, so the machine no longer drops into idle sleep in the middle of a long task. The assertion is released as soon as the turn finishes.
• Command approval prompts (--commands ask) are no longer swallowed by the live progress display. The spinner and progress bar are suspended while Swival waits for your answer, so the question and its key hints stay on screen.

1.0.28

1.0.28

• /audit gained an adjudication phase that runs between verification and artifact generation. Each verified finding faces a panel of three independent reviewers, each told to refute it from a different angle (reachability, threat model, severity), and only findings confirmed by a majority make it into reports and patches. Survivors get their severity recalibrated down to the realistic worst case, and dropped findings are listed in the README with the reason, so the gap between verified and written counts is always explained.
• New --max-output-lines and --max-output-kb options (also available as config keys and Session parameters) make tool output caps tunable. The first sets the default number of lines a file read returns, the second the byte cap applied to file reads, directory listings, grep, outline, and fetched URLs.
• Child processes spawned by Swival no longer inherit the bundled virtualenv bin/ in their PATH. Packaged installs (such as Homebrew) used to leak that directory into every command the agent ran, which could shadow the user's own toolchain, most visibly a rustup-managed cargo being hijacked by a brew-installed Rust.
• The README.md index that /audit writes into audit-findings/ is now much more readable: a proper title, a summary with a severity breakdown, and sentence-case section headers with common security acronyms spelled correctly.
• GEAP reliability fixes: the bundled LiteLLM has been updated to a version that restores GEAP routing, and background summarization calls no longer fail with credential errors.

1.0.27

1.0.27

• Swival now auto-detects model context windows when --max-context-tokens is omitted. Hosted providers use LiteLLM's model registry, llama.cpp reads the server's runtime n_ctx, and OpenAI-compatible servers can advertise their limit via /v1/models.
• The outline tool can now survey directories and batches of files, selecting source files, listing subdirectories, and reporting omissions so agents can map a codebase before reading full files.
• Command output is cleaner and safer: ANSI/terminal control sequences and repeated blank lines are collapsed before they enter the transcript.
• edit_file now recovers when a supplied line_number is stale but the requested match is unique, making edits less brittle after nearby line shifts.
• /audit now explicitly searches for state-amplification denial-of-service patterns and verifies them with an evidence ledger, improving coverage for parser, decoder, queue, and resource-amplification bugs without inflating severity.
• Malformed tool-call arguments now receive repair feedback instead of being mistaken for context overflow, avoiding unnecessary compaction and noisy failure reports.

1.0.26

1.0.26

• Shell commands now show live stderr progress while they run: short commands get a spinner, and timed commands show a progress bar against their timeout. The command timeout cap has also been raised from 120 seconds to 240 seconds.
• Streaming assistant output now prints and refreshes progressively instead of using a narrow scrolling marquee, making long responses easier to read as they arrive.
• Reasoning content is preserved by default when providers expose it, improving follow-up turns for reasoning-capable routes while still stripping it for strict OpenAI-compatible endpoints that reject the field.
• Swival now exports swival.__version__, so scripts and integrations can inspect the installed package version directly.
• Swival can now keep estimating tokens when tiktoken cannot load its encoding offline, instead of failing before a request is sent.

1.0.25

1.0.25

• Swival now has built-in support for the Nono sandbox. Just pass --sandbox nono (and optional flags like --nono-profile, --nono-block-net, --nono-rollback, --nono-credential, etc.) to re-exec the process inside a Nono-managed sandbox with OS-enforced filesystem and network isolation. Provider-specific credential directories (GEAP, Bedrock) and temp directories are granted read access automatically.
• run_command and run_shell_command accept a new background parameter. When true, the command is launched detached and the tool returns immediately with the PID and a log file path — useful for long-running servers, watchers, and tasks that outlive a single tool call.
• The ACP server now advertises available slash commands via an available_commands_update notification after session creation, and prompts that begin with / or ! are dispatched as commands the same way the REPL would.
• DeepSeek models routed through api.deepseek.com now receive reasoning content in tool-calling turns.

1.0.24

1.0.24

• /audit now writes a README.md index into audit-findings/ whenever artifacts land.
• Spurious Pydantic serializer and LiteLLM warnings no longer leak into stderr at startup.

1.0.23

1.0.23

• Swival now supports Google Enterprise Application Platform (GEAP) as a provider. Pass --provider geap --gcp-project <id> --location <region> --model <gemini-model> and Swival routes through Vertex AI under the hood, using your Google Cloud application-default credentials or a service account from GOOGLE_APPLICATION_CREDENTIALS.
• The /audit live terminal UI now stays visible and updating through the verifier and patch-generation phases instead of going dark while a subagent runs, and the heartbeat line now shows the current turn number so long-running phases no longer look stalled.