Do away with --enable-autopin and --disable-autopin. The only new package manager commands are pin and unpin.
There are two pinfiles: a private one and a shared one. The shared one is adjacent to Package.swift, as in the existing proposal. The private one is stored in some quasi-hidden location not likely to be checked in, e.g. a dotfile, and is an implementation detail.
swift package pin foo 1.2.3 writes a dependency version to the shared pinfile; swift package unpin foo removes it from the shared one. Running swift package pin foo with no version number copies the entry from the private pinfile to the shared one, with its current version.
swift package update only searches for new versions of packages listed in the private pinfile; --repin is required to update packages in the shared one.
In the shared pinfile, there is a boolean setting that determines whether newly downloaded dependencies are added to the shared pinfile. Both swift package pin --all and swift package pin --new set it to true; the corresponding unpin commands both set it to false. It is true by default.