opencode-swarm 6.40.4 → 6.40.6

package/dist/cli/index.js

@@ -32825,6 +32825,7 @@ async function handleDarkMatterCommand(directory, args) {
 import { execSync } from "child_process";
 import { existsSync as existsSync4, readdirSync as readdirSync2, readFileSync as readFileSync3, statSync as statSync3 } from "fs";
 import path12 from "path";
+import { fileURLToPath } from "url";
 init_manager();
 init_utils2();
 init_manager2();
@@ -33165,8 +33166,9 @@ async function checkGrammarWasmFiles() {
     "tree-sitter-swift.wasm",
     "tree-sitter-dart.wasm"
   ];
-  const isDev = import.meta.dir.includes("src/services") || import.meta.dir.includes("src\\services");
-  const grammarDir = isDev ? path12.join(import.meta.dir, "../../dist/lang/grammars/") : path12.join(import.meta.dir, "../lang/grammars/");
+  const thisDir = path12.dirname(fileURLToPath(import.meta.url));
+  const isSource = thisDir.replace(/\\/g, "/").endsWith("/src/services");
+  const grammarDir = isSource ? path12.join(thisDir, "..", "lang", "grammars") : path12.join(thisDir, "lang", "grammars");
   const missing = [];
   for (const file3 of grammarFiles) {
     if (!existsSync4(path12.join(grammarDir, file3))) {

package/dist/index.js

@@ -40679,12 +40679,24 @@ ${JSON.stringify(symbolNames, null, 2)}`);
 });
 
 // src/lang/runtime.ts
-import { fileURLToPath } from "url";
+import * as path47 from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
 async function initTreeSitter() {
   if (treeSitterInitialized) {
     return;
   }
-  await Parser.init();
+  const thisDir = path47.dirname(fileURLToPath2(import.meta.url));
+  const isSource = thisDir.replace(/\\/g, "/").endsWith("/src/lang");
+  if (isSource) {
+    await Parser.init();
+  } else {
+    const grammarsDir = getGrammarsDirAbsolute();
+    await Parser.init({
+      locateFile(scriptName) {
+        return path47.join(grammarsDir, scriptName);
+      }
+    });
+  }
   treeSitterInitialized = true;
 }
 function sanitizeLanguageId(languageId) {
@@ -40701,12 +40713,10 @@ function getWasmFileName(languageId) {
   }
   return `tree-sitter-${sanitized}.wasm`;
 }
-function getGrammarsPath() {
-  const isProduction = !import.meta.url.includes("src/");
-  if (isProduction) {
-    return "./lang/grammars/";
-  }
-  return "../../dist/lang/grammars/";
+function getGrammarsDirAbsolute() {
+  const thisDir = path47.dirname(fileURLToPath2(import.meta.url));
+  const isSource = thisDir.replace(/\\/g, "/").endsWith("/src/lang");
+  return isSource ? path47.join(thisDir, "grammars") : path47.join(thisDir, "lang", "grammars");
 }
 async function loadGrammar(languageId) {
   if (typeof languageId !== "string" || languageId.length > 100) {
@@ -40722,8 +40732,7 @@ async function loadGrammar(languageId) {
   await initTreeSitter();
   const parser = new Parser;
   const wasmFileName = getWasmFileName(normalizedId);
-  const grammarsPath = getGrammarsPath();
-  const wasmPath = fileURLToPath(new URL(`${grammarsPath}${wasmFileName}`, import.meta.url));
+  const wasmPath = path47.join(getGrammarsDirAbsolute(), wasmFileName);
   const { existsSync: existsSync29 } = await import("fs");
   if (!existsSync29(wasmPath)) {
     throw new Error(`Grammar file not found for ${languageId}: ${wasmPath}
@@ -40766,7 +40775,7 @@ var init_runtime = __esm(() => {
 });
 
 // src/index.ts
-import * as path62 from "path";
+import * as path63 from "path";
 
 // src/agents/index.ts
 init_config();
@@ -42001,8 +42010,9 @@ All other gates: failure \u2192 return to coder. No self-fixes. No workarounds.
     - quality_budget (maintainability metrics)
     \u2192 Returns { gates_passed, lint, secretscan, sast_scan, quality_budget, total_duration_ms }
     \u2192 If gates_passed === false: read individual tool results, identify which tool(s) failed, return structured rejection to {{AGENT_PREFIX}}coder with specific tool failures. Do NOT call {{AGENT_PREFIX}}reviewer.
-    \u2192 If gates_passed === true: proceed to {{AGENT_PREFIX}}reviewer.
-    \u2192 REQUIRED: Print "pre_check_batch: [PASS \u2014 all gates passed | FAIL \u2014 [gate]: [details]]"
+    \u2192 If gates_passed === true AND sast_preexisting_findings is present: proceed to {{AGENT_PREFIX}}reviewer. Include the pre-existing SAST findings in the reviewer delegation context with instruction: "SAST TRIAGE REQUIRED: The following HIGH/CRITICAL SAST findings exist on unchanged lines in this changeset. Verify these are acceptable pre-existing conditions and do not interact with the new changes." Do NOT return to coder for pre-existing findings on unchanged code.
+    \u2192 If gates_passed === true (no sast_preexisting_findings): proceed to {{AGENT_PREFIX}}reviewer.
+    \u2192 REQUIRED: Print "pre_check_batch: [PASS \u2014 all gates passed | PASS \u2014 pre-existing SAST findings on unchanged lines (N findings, reviewer triage) | FAIL \u2014 [gate]: [details]]"
 
 \u26A0\uFE0F pre_check_batch SCOPE BOUNDARY:
 pre_check_batch runs FOUR automated tools: lint:check, secretscan, sast_scan, quality_budget.
@@ -46948,6 +46958,7 @@ init_manager2();
 import { execSync } from "child_process";
 import { existsSync as existsSync8, readdirSync as readdirSync2, readFileSync as readFileSync5, statSync as statSync5 } from "fs";
 import path18 from "path";
+import { fileURLToPath } from "url";
 function validateTaskDag(plan) {
   const allTaskIds = new Set;
   for (const phase of plan.phases) {
@@ -47285,8 +47296,9 @@ async function checkGrammarWasmFiles() {
     "tree-sitter-swift.wasm",
     "tree-sitter-dart.wasm"
   ];
-  const isDev = import.meta.dir.includes("src/services") || import.meta.dir.includes("src\\services");
-  const grammarDir = isDev ? path18.join(import.meta.dir, "../../dist/lang/grammars/") : path18.join(import.meta.dir, "../lang/grammars/");
+  const thisDir = path18.dirname(fileURLToPath(import.meta.url));
+  const isSource = thisDir.replace(/\\/g, "/").endsWith("/src/services");
+  const grammarDir = isSource ? path18.join(thisDir, "..", "lang", "grammars") : path18.join(thisDir, "lang", "grammars");
   const missing = [];
   for (const file3 of grammarFiles) {
     if (!existsSync8(path18.join(grammarDir, file3))) {
@@ -59020,20 +59032,20 @@ function validateBase(base) {
 function validatePaths(paths) {
   if (!paths)
     return null;
-  for (const path47 of paths) {
-    if (!path47 || path47.length === 0) {
+  for (const path48 of paths) {
+    if (!path48 || path48.length === 0) {
       return "empty path not allowed";
     }
-    if (path47.length > MAX_PATH_LENGTH) {
+    if (path48.length > MAX_PATH_LENGTH) {
       return `path exceeds maximum length of ${MAX_PATH_LENGTH}`;
     }
-    if (SHELL_METACHARACTERS2.test(path47)) {
+    if (SHELL_METACHARACTERS2.test(path48)) {
       return "path contains shell metacharacters";
     }
-    if (path47.startsWith("-")) {
+    if (path48.startsWith("-")) {
       return 'path cannot start with "-" (option-like arguments not allowed)';
     }
-    if (CONTROL_CHAR_PATTERN2.test(path47)) {
+    if (CONTROL_CHAR_PATTERN2.test(path48)) {
       return "path contains control characters";
     }
   }
@@ -59114,8 +59126,8 @@ var diff = createSwarmTool({
         if (parts2.length >= 3) {
           const additions = parseInt(parts2[0], 10) || 0;
           const deletions = parseInt(parts2[1], 10) || 0;
-          const path47 = parts2[2];
-          files.push({ path: path47, additions, deletions });
+          const path48 = parts2[2];
+          files.push({ path: path48, additions, deletions });
         }
       }
       const contractChanges = [];
@@ -59398,7 +59410,7 @@ Use these as DOMAIN values when delegating to @sme.`;
 init_dist();
 init_create_tool();
 import * as fs36 from "fs";
-import * as path47 from "path";
+import * as path48 from "path";
 var MAX_FILE_SIZE_BYTES4 = 1024 * 1024;
 var MAX_EVIDENCE_FILES = 1000;
 var EVIDENCE_DIR2 = ".swarm/evidence";
@@ -59425,9 +59437,9 @@ function validateRequiredTypes(input) {
   return null;
 }
 function isPathWithinSwarm2(filePath, cwd) {
-  const normalizedCwd = path47.resolve(cwd);
-  const swarmPath = path47.join(normalizedCwd, ".swarm");
-  const normalizedPath = path47.resolve(filePath);
+  const normalizedCwd = path48.resolve(cwd);
+  const swarmPath = path48.join(normalizedCwd, ".swarm");
+  const normalizedPath = path48.resolve(filePath);
   return normalizedPath.startsWith(swarmPath);
 }
 function parseCompletedTasks(planContent) {
@@ -59457,10 +59469,10 @@ function readEvidenceFiles(evidenceDir, _cwd) {
     if (!VALID_EVIDENCE_FILENAME_REGEX.test(filename)) {
       continue;
     }
-    const filePath = path47.join(evidenceDir, filename);
+    const filePath = path48.join(evidenceDir, filename);
     try {
-      const resolvedPath = path47.resolve(filePath);
-      const evidenceDirResolved = path47.resolve(evidenceDir);
+      const resolvedPath = path48.resolve(filePath);
+      const evidenceDirResolved = path48.resolve(evidenceDir);
       if (!resolvedPath.startsWith(evidenceDirResolved)) {
         continue;
       }
@@ -59578,7 +59590,7 @@ var evidence_check = createSwarmTool({
       return JSON.stringify(errorResult, null, 2);
     }
     const requiredTypes = requiredTypesValue.split(",").map((t) => t.trim()).filter((t) => t.length > 0).map(normalizeEvidenceType);
-    const planPath = path47.join(cwd, PLAN_FILE);
+    const planPath = path48.join(cwd, PLAN_FILE);
     if (!isPathWithinSwarm2(planPath, cwd)) {
       const errorResult = {
         error: "plan file path validation failed",
@@ -59610,7 +59622,7 @@ var evidence_check = createSwarmTool({
       };
       return JSON.stringify(result2, null, 2);
     }
-    const evidenceDir = path47.join(cwd, EVIDENCE_DIR2);
+    const evidenceDir = path48.join(cwd, EVIDENCE_DIR2);
     const evidence = readEvidenceFiles(evidenceDir, cwd);
     const { tasksWithFullEvidence, gaps } = analyzeGaps(completedTasks, evidence, requiredTypes);
     const completeness = completedTasks.length > 0 ? Math.round(tasksWithFullEvidence.length / completedTasks.length * 100) / 100 : 1;
@@ -59628,7 +59640,7 @@ var evidence_check = createSwarmTool({
 init_tool();
 init_create_tool();
 import * as fs37 from "fs";
-import * as path48 from "path";
+import * as path49 from "path";
 var EXT_MAP = {
   python: ".py",
   py: ".py",
@@ -59709,12 +59721,12 @@ var extract_code_blocks = createSwarmTool({
       if (prefix) {
         filename = `${prefix}_${filename}`;
       }
-      let filepath = path48.join(targetDir, filename);
-      const base = path48.basename(filepath, path48.extname(filepath));
-      const ext = path48.extname(filepath);
+      let filepath = path49.join(targetDir, filename);
+      const base = path49.basename(filepath, path49.extname(filepath));
+      const ext = path49.extname(filepath);
       let counter = 1;
       while (fs37.existsSync(filepath)) {
-        filepath = path48.join(targetDir, `${base}_${counter}${ext}`);
+        filepath = path49.join(targetDir, `${base}_${counter}${ext}`);
         counter++;
       }
       try {
@@ -59835,7 +59847,7 @@ var gitingest = createSwarmTool({
 init_dist();
 init_create_tool();
 import * as fs38 from "fs";
-import * as path49 from "path";
+import * as path50 from "path";
 var MAX_FILE_PATH_LENGTH2 = 500;
 var MAX_SYMBOL_LENGTH = 256;
 var MAX_FILE_SIZE_BYTES5 = 1024 * 1024;
@@ -59883,7 +59895,7 @@ function validateSymbolInput(symbol3) {
   return null;
 }
 function isBinaryFile2(filePath, buffer) {
-  const ext = path49.extname(filePath).toLowerCase();
+  const ext = path50.extname(filePath).toLowerCase();
   if (ext === ".json" || ext === ".md" || ext === ".txt") {
     return false;
   }
@@ -59907,15 +59919,15 @@ function parseImports(content, targetFile, targetSymbol) {
   const imports = [];
   let _resolvedTarget;
   try {
-    _resolvedTarget = path49.resolve(targetFile);
+    _resolvedTarget = path50.resolve(targetFile);
   } catch {
     _resolvedTarget = targetFile;
   }
-  const targetBasename = path49.basename(targetFile, path49.extname(targetFile));
+  const targetBasename = path50.basename(targetFile, path50.extname(targetFile));
   const targetWithExt = targetFile;
   const targetWithoutExt = targetFile.replace(/\.(ts|tsx|js|jsx|mjs|cjs)$/i, "");
-  const normalizedTargetWithExt = path49.normalize(targetWithExt).replace(/\\/g, "/");
-  const normalizedTargetWithoutExt = path49.normalize(targetWithoutExt).replace(/\\/g, "/");
+  const normalizedTargetWithExt = path50.normalize(targetWithExt).replace(/\\/g, "/");
+  const normalizedTargetWithoutExt = path50.normalize(targetWithoutExt).replace(/\\/g, "/");
   const importRegex = /import\s+(?:\{[\s\S]*?\}|(?:\*\s+as\s+\w+)|\w+)\s+from\s+['"`]([^'"`]+)['"`]|import\s+['"`]([^'"`]+)['"`]|require\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/g;
   for (let match = importRegex.exec(content);match !== null; match = importRegex.exec(content)) {
     const modulePath = match[1] || match[2] || match[3];
@@ -59938,9 +59950,9 @@ function parseImports(content, targetFile, targetSymbol) {
     }
     const _normalizedModule = modulePath.replace(/^\.\//, "").replace(/^\.\.\\/, "../");
     let isMatch = false;
-    const _targetDir = path49.dirname(targetFile);
-    const targetExt = path49.extname(targetFile);
-    const targetBasenameNoExt = path49.basename(targetFile, targetExt);
+    const _targetDir = path50.dirname(targetFile);
+    const targetExt = path50.extname(targetFile);
+    const targetBasenameNoExt = path50.basename(targetFile, targetExt);
     const moduleNormalized = modulePath.replace(/\\/g, "/").replace(/^\.\//, "");
     const moduleName = modulePath.split(/[/\\]/).pop() || "";
     const moduleNameNoExt = moduleName.replace(/\.(ts|tsx|js|jsx|mjs|cjs)$/i, "");
@@ -60008,10 +60020,10 @@ function findSourceFiles(dir, files = [], stats = { skippedDirs: [], skippedFile
   entries.sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
   for (const entry of entries) {
     if (SKIP_DIRECTORIES3.has(entry)) {
-      stats.skippedDirs.push(path49.join(dir, entry));
+      stats.skippedDirs.push(path50.join(dir, entry));
       continue;
     }
-    const fullPath = path49.join(dir, entry);
+    const fullPath = path50.join(dir, entry);
     let stat2;
     try {
       stat2 = fs38.statSync(fullPath);
@@ -60025,7 +60037,7 @@ function findSourceFiles(dir, files = [], stats = { skippedDirs: [], skippedFile
     if (stat2.isDirectory()) {
       findSourceFiles(fullPath, files, stats);
     } else if (stat2.isFile()) {
-      const ext = path49.extname(fullPath).toLowerCase();
+      const ext = path50.extname(fullPath).toLowerCase();
       if (SUPPORTED_EXTENSIONS.includes(ext)) {
         files.push(fullPath);
       }
@@ -60082,7 +60094,7 @@ var imports = createSwarmTool({
       return JSON.stringify(errorResult, null, 2);
     }
     try {
-      const targetFile = path49.resolve(file3);
+      const targetFile = path50.resolve(file3);
       if (!fs38.existsSync(targetFile)) {
         const errorResult = {
           error: `target file not found: ${file3}`,
@@ -60104,7 +60116,7 @@ var imports = createSwarmTool({
         };
         return JSON.stringify(errorResult, null, 2);
       }
-      const baseDir = path49.dirname(targetFile);
+      const baseDir = path50.dirname(targetFile);
       const scanStats = {
         skippedDirs: [],
         skippedFiles: 0,
@@ -60714,7 +60726,7 @@ init_config();
 init_schema();
 init_manager();
 import * as fs39 from "fs";
-import * as path50 from "path";
+import * as path51 from "path";
 init_utils2();
 init_telemetry();
 init_create_tool();
@@ -60934,7 +60946,7 @@ async function executePhaseComplete(args2, workingDirectory, directory) {
       safeWarn(`[phase_complete] Completion verify error (non-blocking):`, completionError);
     }
     try {
-      const driftEvidencePath = path50.join(dir, ".swarm", "evidence", String(phase), "drift-verifier.json");
+      const driftEvidencePath = path51.join(dir, ".swarm", "evidence", String(phase), "drift-verifier.json");
       let driftVerdictFound = false;
       let driftVerdictApproved = false;
       try {
@@ -60968,7 +60980,7 @@ async function executePhaseComplete(args2, workingDirectory, directory) {
         driftVerdictFound = false;
       }
       if (!driftVerdictFound) {
-        const specPath = path50.join(dir, ".swarm", "spec.md");
+        const specPath = path51.join(dir, ".swarm", "spec.md");
         const specExists = fs39.existsSync(specPath);
         if (!specExists) {
           let incompleteTaskCount = 0;
@@ -61042,7 +61054,7 @@ async function executePhaseComplete(args2, workingDirectory, directory) {
   };
   if (retroFound && retroEntry?.lessons_learned && retroEntry.lessons_learned.length > 0) {
     try {
-      const projectName = path50.basename(dir);
+      const projectName = path51.basename(dir);
       const curationResult = await curateAndStoreSwarm(retroEntry.lessons_learned, projectName, { phase_number: phase }, dir, knowledgeConfig);
       if (curationResult) {
         const sessionState = swarmState.agentSessions.get(sessionID);
@@ -61252,7 +61264,7 @@ init_discovery();
 init_utils();
 init_create_tool();
 import * as fs40 from "fs";
-import * as path51 from "path";
+import * as path52 from "path";
 var MAX_OUTPUT_BYTES5 = 52428800;
 var AUDIT_TIMEOUT_MS = 120000;
 function isValidEcosystem(value) {
@@ -61270,16 +61282,16 @@ function validateArgs3(args2) {
 function detectEcosystems(directory) {
   const ecosystems = [];
   const cwd = directory;
-  if (fs40.existsSync(path51.join(cwd, "package.json"))) {
+  if (fs40.existsSync(path52.join(cwd, "package.json"))) {
     ecosystems.push("npm");
   }
-  if (fs40.existsSync(path51.join(cwd, "pyproject.toml")) || fs40.existsSync(path51.join(cwd, "requirements.txt"))) {
+  if (fs40.existsSync(path52.join(cwd, "pyproject.toml")) || fs40.existsSync(path52.join(cwd, "requirements.txt"))) {
     ecosystems.push("pip");
   }
-  if (fs40.existsSync(path51.join(cwd, "Cargo.toml"))) {
+  if (fs40.existsSync(path52.join(cwd, "Cargo.toml"))) {
     ecosystems.push("cargo");
   }
-  if (fs40.existsSync(path51.join(cwd, "go.mod"))) {
+  if (fs40.existsSync(path52.join(cwd, "go.mod"))) {
     ecosystems.push("go");
   }
   try {
@@ -61288,10 +61300,10 @@ function detectEcosystems(directory) {
       ecosystems.push("dotnet");
     }
   } catch {}
-  if (fs40.existsSync(path51.join(cwd, "Gemfile")) || fs40.existsSync(path51.join(cwd, "Gemfile.lock"))) {
+  if (fs40.existsSync(path52.join(cwd, "Gemfile")) || fs40.existsSync(path52.join(cwd, "Gemfile.lock"))) {
     ecosystems.push("ruby");
   }
-  if (fs40.existsSync(path51.join(cwd, "pubspec.yaml"))) {
+  if (fs40.existsSync(path52.join(cwd, "pubspec.yaml"))) {
     ecosystems.push("dart");
   }
   return ecosystems;
@@ -62313,7 +62325,7 @@ var SUPPORTED_PARSER_EXTENSIONS = new Set([
 // src/tools/pre-check-batch.ts
 init_dist();
 import * as fs42 from "fs";
-import * as path53 from "path";
+import * as path54 from "path";
 
 // node_modules/yocto-queue/index.js
 class Node2 {
@@ -62588,7 +62600,7 @@ init_dist();
 init_manager();
 init_detector();
 import * as fs41 from "fs";
-import * as path52 from "path";
+import * as path53 from "path";
 import { extname as extname10 } from "path";
 
 // src/sast/rules/c.ts
@@ -63554,7 +63566,7 @@ async function sastScan(input, directory, config3) {
       _filesSkipped++;
       continue;
     }
-    const resolvedPath = path52.isAbsolute(filePath) ? filePath : path52.resolve(directory, filePath);
+    const resolvedPath = path53.isAbsolute(filePath) ? filePath : path53.resolve(directory, filePath);
     if (!fs41.existsSync(resolvedPath)) {
       _filesSkipped++;
       continue;
@@ -63753,18 +63765,18 @@ function validatePath(inputPath, baseDir, workspaceDir) {
   let resolved;
   const isWinAbs = isWindowsAbsolutePath(inputPath);
   if (isWinAbs) {
-    resolved = path53.win32.resolve(inputPath);
-  } else if (path53.isAbsolute(inputPath)) {
-    resolved = path53.resolve(inputPath);
+    resolved = path54.win32.resolve(inputPath);
+  } else if (path54.isAbsolute(inputPath)) {
+    resolved = path54.resolve(inputPath);
   } else {
-    resolved = path53.resolve(baseDir, inputPath);
+    resolved = path54.resolve(baseDir, inputPath);
   }
-  const workspaceResolved = path53.resolve(workspaceDir);
+  const workspaceResolved = path54.resolve(workspaceDir);
   let relative6;
   if (isWinAbs) {
-    relative6 = path53.win32.relative(workspaceResolved, resolved);
+    relative6 = path54.win32.relative(workspaceResolved, resolved);
   } else {
-    relative6 = path53.relative(workspaceResolved, resolved);
+    relative6 = path54.relative(workspaceResolved, resolved);
   }
   if (relative6.startsWith("..")) {
     return "path traversal detected";
@@ -63825,13 +63837,13 @@ async function runLintWrapped(files, directory, _config) {
 }
 async function runLintOnFiles(linter, files, workspaceDir) {
   const isWindows = process.platform === "win32";
-  const binDir = path53.join(workspaceDir, "node_modules", ".bin");
+  const binDir = path54.join(workspaceDir, "node_modules", ".bin");
   const validatedFiles = [];
   for (const file3 of files) {
     if (typeof file3 !== "string") {
       continue;
     }
-    const resolvedPath = path53.resolve(file3);
+    const resolvedPath = path54.resolve(file3);
     const validationError = validatePath(resolvedPath, workspaceDir, workspaceDir);
     if (validationError) {
       continue;
@@ -63849,10 +63861,10 @@ async function runLintOnFiles(linter, files, workspaceDir) {
   }
   let command;
   if (linter === "biome") {
-    const biomeBin = isWindows ? path53.join(binDir, "biome.EXE") : path53.join(binDir, "biome");
+    const biomeBin = isWindows ? path54.join(binDir, "biome.EXE") : path54.join(binDir, "biome");
     command = [biomeBin, "check", ...validatedFiles];
   } else {
-    const eslintBin = isWindows ? path53.join(binDir, "eslint.cmd") : path53.join(binDir, "eslint");
+    const eslintBin = isWindows ? path54.join(binDir, "eslint.cmd") : path54.join(binDir, "eslint");
     command = [eslintBin, ...validatedFiles];
   }
   try {
@@ -63989,7 +64001,7 @@ async function runSecretscanWithFiles(files, directory) {
         skippedFiles++;
         continue;
       }
-      const resolvedPath = path53.resolve(file3);
+      const resolvedPath = path54.resolve(file3);
       const validationError = validatePath(resolvedPath, directory, directory);
       if (validationError) {
         skippedFiles++;
@@ -64007,7 +64019,7 @@ async function runSecretscanWithFiles(files, directory) {
       };
     }
     for (const file3 of validatedFiles) {
-      const ext = path53.extname(file3).toLowerCase();
+      const ext = path54.extname(file3).toLowerCase();
       if (DEFAULT_EXCLUDE_EXTENSIONS2.has(ext)) {
         skippedFiles++;
         continue;
@@ -64125,6 +64137,99 @@ async function runQualityBudgetWrapped(changedFiles, directory, _config) {
     };
   }
 }
+var GATE_SEVERITIES = new Set(["high", "critical"]);
+async function runGitDiff(args2, directory) {
+  try {
+    const proc = Bun.spawn(["git", "diff", ...args2], {
+      cwd: directory,
+      stdout: "pipe",
+      stderr: "pipe"
+    });
+    const [exitCode, stdout] = await Promise.all([
+      proc.exited,
+      new Response(proc.stdout).text()
+    ]);
+    if (exitCode !== 0)
+      return null;
+    const trimmed = stdout.trim();
+    return trimmed.length > 0 ? trimmed : null;
+  } catch {
+    return null;
+  }
+}
+function parseDiffLineRanges(diffOutput) {
+  const result = new Map;
+  let currentFile = null;
+  for (const line of diffOutput.split(`
+`)) {
+    if (line.startsWith("+++ b/")) {
+      currentFile = line.slice(6).trim();
+      if (!result.has(currentFile)) {
+        result.set(currentFile, new Set);
+      }
+      continue;
+    }
+    if (line.startsWith("@@") && currentFile) {
+      const match = line.match(/^@@ [^+]*\+(\d+)(?:,(\d+))? @@/);
+      if (match) {
+        const start2 = parseInt(match[1], 10);
+        const count = match[2] !== undefined ? parseInt(match[2], 10) : 1;
+        const lines = result.get(currentFile);
+        for (let i2 = start2;i2 < start2 + count; i2++) {
+          lines.add(i2);
+        }
+      }
+    }
+  }
+  return result;
+}
+async function getChangedLineRanges(directory) {
+  try {
+    for (const baseBranch of ["origin/main", "origin/master", "main", "master"]) {
+      const mergeBaseProc = Bun.spawn(["git", "merge-base", baseBranch, "HEAD"], { cwd: directory, stdout: "pipe", stderr: "pipe" });
+      const [mbExit, mbOut] = await Promise.all([
+        mergeBaseProc.exited,
+        new Response(mergeBaseProc.stdout).text()
+      ]);
+      if (mbExit === 0 && mbOut.trim()) {
+        const mergeBase = mbOut.trim();
+        const diffOut = await runGitDiff(["-U0", `${mergeBase}..HEAD`], directory);
+        if (diffOut) {
+          return parseDiffLineRanges(diffOut);
+        }
+      }
+    }
+    const diffHead1 = await runGitDiff(["-U0", "HEAD~1"], directory);
+    if (diffHead1) {
+      return parseDiffLineRanges(diffHead1);
+    }
+    const diffHead = await runGitDiff(["-U0", "HEAD"], directory);
+    if (diffHead) {
+      return parseDiffLineRanges(diffHead);
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function classifySastFindings(findings, changedLineRanges, directory) {
+  if (!changedLineRanges || changedLineRanges.size === 0) {
+    return { newFindings: findings, preexistingFindings: [] };
+  }
+  const newFindings = [];
+  const preexistingFindings = [];
+  for (const finding of findings) {
+    const filePath = finding.location.file;
+    const normalised = path54.relative(directory, filePath).replace(/\\/g, "/");
+    const changedLines = changedLineRanges.get(normalised);
+    if (changedLines && changedLines.has(finding.location.line)) {
+      newFindings.push(finding);
+    } else {
+      preexistingFindings.push(finding);
+    }
+  }
+  return { newFindings, preexistingFindings };
+}
 async function runPreCheckBatch(input, workspaceDir, contextDir) {
   const effectiveWorkspaceDir = workspaceDir || input.directory || contextDir;
   const { files, directory, sast_threshold = "medium", config: config3 } = input;
@@ -64166,7 +64271,7 @@ async function runPreCheckBatch(input, workspaceDir, contextDir) {
       warn(`pre_check_batch: Invalid file path: ${file3}`);
       continue;
     }
-    changedFiles.push(path53.resolve(directory, file3));
+    changedFiles.push(path54.resolve(directory, file3));
   }
   if (changedFiles.length === 0) {
     warn("pre_check_batch: No valid files after validation, skipping all tools (fail-closed)");
@@ -64233,10 +64338,24 @@ async function runPreCheckBatch(input, workspaceDir, contextDir) {
       warn(`Failed to persist secretscan evidence: ${e instanceof Error ? e.message : String(e)}`);
     }
   }
+  let sastPreexistingFindings;
   if (sastScanResult.ran && sastScanResult.result) {
     if (sastScanResult.result.verdict === "fail") {
-      gatesPassed = false;
-      warn("pre_check_batch: SAST scan found vulnerabilities - GATE FAILED");
+      const gateFindings = sastScanResult.result.findings.filter((f) => GATE_SEVERITIES.has(f.severity));
+      if (gateFindings.length > 0) {
+        const changedLineRanges = await getChangedLineRanges(directory);
+        const { newFindings, preexistingFindings } = classifySastFindings(gateFindings, changedLineRanges, directory);
+        if (newFindings.length > 0) {
+          gatesPassed = false;
+          warn(`pre_check_batch: SAST scan found ${newFindings.length} new HIGH/CRITICAL finding(s) on changed lines - GATE FAILED`);
+        } else if (preexistingFindings.length > 0) {
+          sastPreexistingFindings = preexistingFindings;
+          warn(`pre_check_batch: SAST scan found ${preexistingFindings.length} pre-existing HIGH/CRITICAL finding(s) on unchanged lines - passing to reviewer for triage`);
+        }
+      } else {
+        gatesPassed = false;
+        warn("pre_check_batch: SAST scan found vulnerabilities - GATE FAILED");
+      }
     }
   } else if (sastScanResult.error) {
     gatesPassed = false;
@@ -64255,7 +64374,10 @@ async function runPreCheckBatch(input, workspaceDir, contextDir) {
     secretscan: secretscanResult,
     sast_scan: sastScanResult,
     quality_budget: qualityBudgetResult,
-    total_duration_ms: Math.round(totalDuration)
+    total_duration_ms: Math.round(totalDuration),
+    ...sastPreexistingFindings && sastPreexistingFindings.length > 0 && {
+      sast_preexisting_findings: sastPreexistingFindings
+    }
   };
   const outputSize = JSON.stringify(result).length;
   if (outputSize > MAX_COMBINED_BYTES) {
@@ -64337,7 +64459,7 @@ var pre_check_batch = createSwarmTool({
       };
       return JSON.stringify(errorResult, null, 2);
     }
-    const resolvedDirectory = path53.resolve(typedArgs.directory);
+    const resolvedDirectory = path54.resolve(typedArgs.directory);
     const workspaceAnchor = resolvedDirectory;
     const dirError = validateDirectory2(resolvedDirectory, workspaceAnchor);
     if (dirError) {
@@ -64444,24 +64566,24 @@ ${paginatedContent}`;
 // src/tools/save-plan.ts
 init_tool();
 import * as fs44 from "fs";
-import * as path55 from "path";
+import * as path56 from "path";
 
 // src/parallel/file-locks.ts
 import * as fs43 from "fs";
-import * as path54 from "path";
+import * as path55 from "path";
 var LOCKS_DIR = ".swarm/locks";
 var LOCK_TIMEOUT_MS = 5 * 60 * 1000;
 function getLockFilePath(directory, filePath) {
-  const normalized = path54.resolve(directory, filePath);
-  if (!normalized.startsWith(path54.resolve(directory))) {
+  const normalized = path55.resolve(directory, filePath);
+  if (!normalized.startsWith(path55.resolve(directory))) {
     throw new Error("Invalid file path: path traversal not allowed");
   }
   const hash3 = Buffer.from(normalized).toString("base64").replace(/[/+=]/g, "_");
-  return path54.join(directory, LOCKS_DIR, `${hash3}.lock`);
+  return path55.join(directory, LOCKS_DIR, `${hash3}.lock`);
 }
 function tryAcquireLock(directory, filePath, agent, taskId) {
   const lockPath = getLockFilePath(directory, filePath);
-  const locksDir = path54.dirname(lockPath);
+  const locksDir = path55.dirname(lockPath);
   if (!fs43.existsSync(locksDir)) {
     fs43.mkdirSync(locksDir, { recursive: true });
   }
@@ -64627,7 +64749,7 @@ async function executeSavePlan(args2, fallbackDir) {
     try {
       await savePlan(dir, plan);
       try {
-        const markerPath = path55.join(dir, ".swarm", ".plan-write-marker");
+        const markerPath = path56.join(dir, ".swarm", ".plan-write-marker");
         const marker = JSON.stringify({
           source: "save_plan",
           timestamp: new Date().toISOString(),
@@ -64650,7 +64772,7 @@ async function executeSavePlan(args2, fallbackDir) {
       return {
         success: true,
         message: "Plan saved successfully",
-        plan_path: path55.join(dir, ".swarm", "plan.json"),
+        plan_path: path56.join(dir, ".swarm", "plan.json"),
         phases_count: plan.phases.length,
         tasks_count: tasksCount,
         ...warnings.length > 0 ? { warnings } : {}
@@ -64693,7 +64815,7 @@ var save_plan = createSwarmTool({
 init_dist();
 init_manager();
 import * as fs45 from "fs";
-import * as path56 from "path";
+import * as path57 from "path";
 
 // src/sbom/detectors/index.ts
 init_utils();
@@ -65543,7 +65665,7 @@ function findManifestFiles(rootDir) {
     try {
       const entries = fs45.readdirSync(dir, { withFileTypes: true });
       for (const entry of entries) {
-        const fullPath = path56.join(dir, entry.name);
+        const fullPath = path57.join(dir, entry.name);
         if (entry.name.startsWith(".") || entry.name === "node_modules" || entry.name === "dist" || entry.name === "build" || entry.name === "target") {
           continue;
         }
@@ -65552,7 +65674,7 @@ function findManifestFiles(rootDir) {
         } else if (entry.isFile()) {
           for (const pattern of patterns) {
             if (simpleGlobToRegex(pattern).test(entry.name)) {
-              manifestFiles.push(path56.relative(rootDir, fullPath));
+              manifestFiles.push(path57.relative(rootDir, fullPath));
               break;
             }
           }
@@ -65570,11 +65692,11 @@ function findManifestFilesInDirs(directories, workingDir) {
     try {
       const entries = fs45.readdirSync(dir, { withFileTypes: true });
       for (const entry of entries) {
-        const fullPath = path56.join(dir, entry.name);
+        const fullPath = path57.join(dir, entry.name);
         if (entry.isFile()) {
           for (const pattern of patterns) {
             if (simpleGlobToRegex(pattern).test(entry.name)) {
-              found.push(path56.relative(workingDir, fullPath));
+              found.push(path57.relative(workingDir, fullPath));
               break;
             }
           }
@@ -65587,11 +65709,11 @@ function findManifestFilesInDirs(directories, workingDir) {
 function getDirectoriesFromChangedFiles(changedFiles, workingDir) {
   const dirs = new Set;
   for (const file3 of changedFiles) {
-    let currentDir = path56.dirname(file3);
+    let currentDir = path57.dirname(file3);
     while (true) {
-      if (currentDir && currentDir !== "." && currentDir !== path56.sep) {
-        dirs.add(path56.join(workingDir, currentDir));
-        const parent = path56.dirname(currentDir);
+      if (currentDir && currentDir !== "." && currentDir !== path57.sep) {
+        dirs.add(path57.join(workingDir, currentDir));
+        const parent = path57.dirname(currentDir);
         if (parent === currentDir)
           break;
         currentDir = parent;
@@ -65675,7 +65797,7 @@ var sbom_generate = createSwarmTool({
     const changedFiles = obj.changed_files;
     const relativeOutputDir = obj.output_dir || DEFAULT_OUTPUT_DIR;
     const workingDir = directory;
-    const outputDir = path56.isAbsolute(relativeOutputDir) ? relativeOutputDir : path56.join(workingDir, relativeOutputDir);
+    const outputDir = path57.isAbsolute(relativeOutputDir) ? relativeOutputDir : path57.join(workingDir, relativeOutputDir);
     let manifestFiles = [];
     if (scope === "all") {
       manifestFiles = findManifestFiles(workingDir);
@@ -65698,7 +65820,7 @@ var sbom_generate = createSwarmTool({
     const processedFiles = [];
     for (const manifestFile of manifestFiles) {
       try {
-        const fullPath = path56.isAbsolute(manifestFile) ? manifestFile : path56.join(workingDir, manifestFile);
+        const fullPath = path57.isAbsolute(manifestFile) ? manifestFile : path57.join(workingDir, manifestFile);
         if (!fs45.existsSync(fullPath)) {
           continue;
         }
@@ -65715,7 +65837,7 @@ var sbom_generate = createSwarmTool({
     const bom = generateCycloneDX(allComponents);
     const bomJson = serializeCycloneDX(bom);
     const filename = generateSbomFilename();
-    const outputPath = path56.join(outputDir, filename);
+    const outputPath = path57.join(outputDir, filename);
     fs45.writeFileSync(outputPath, bomJson, "utf-8");
     const verdict = processedFiles.length > 0 ? "pass" : "pass";
     try {
@@ -65759,7 +65881,7 @@ var sbom_generate = createSwarmTool({
 init_dist();
 init_create_tool();
 import * as fs46 from "fs";
-import * as path57 from "path";
+import * as path58 from "path";
 var SPEC_CANDIDATES = [
   "openapi.json",
   "openapi.yaml",
@@ -65791,12 +65913,12 @@ function normalizePath2(p) {
 }
 function discoverSpecFile(cwd, specFileArg) {
   if (specFileArg) {
-    const resolvedPath = path57.resolve(cwd, specFileArg);
-    const normalizedCwd = cwd.endsWith(path57.sep) ? cwd : cwd + path57.sep;
+    const resolvedPath = path58.resolve(cwd, specFileArg);
+    const normalizedCwd = cwd.endsWith(path58.sep) ? cwd : cwd + path58.sep;
     if (!resolvedPath.startsWith(normalizedCwd) && resolvedPath !== cwd) {
       throw new Error("Invalid spec_file: path traversal detected");
     }
-    const ext = path57.extname(resolvedPath).toLowerCase();
+    const ext = path58.extname(resolvedPath).toLowerCase();
     if (!ALLOWED_EXTENSIONS.includes(ext)) {
       throw new Error(`Invalid spec_file: must end in .json, .yaml, or .yml, got ${ext}`);
     }
@@ -65810,7 +65932,7 @@ function discoverSpecFile(cwd, specFileArg) {
     return resolvedPath;
   }
   for (const candidate of SPEC_CANDIDATES) {
-    const candidatePath = path57.resolve(cwd, candidate);
+    const candidatePath = path58.resolve(cwd, candidate);
     if (fs46.existsSync(candidatePath)) {
       const stats = fs46.statSync(candidatePath);
       if (stats.size <= MAX_SPEC_SIZE) {
@@ -65822,7 +65944,7 @@ function discoverSpecFile(cwd, specFileArg) {
 }
 function parseSpec(specFile) {
   const content = fs46.readFileSync(specFile, "utf-8");
-  const ext = path57.extname(specFile).toLowerCase();
+  const ext = path58.extname(specFile).toLowerCase();
   if (ext === ".json") {
     return parseJsonSpec(content);
   }
@@ -65898,7 +66020,7 @@ function extractRoutes(cwd) {
       return;
     }
     for (const entry of entries) {
-      const fullPath = path57.join(dir, entry.name);
+      const fullPath = path58.join(dir, entry.name);
       if (entry.isSymbolicLink()) {
         continue;
       }
@@ -65908,7 +66030,7 @@ function extractRoutes(cwd) {
         }
         walkDir(fullPath);
       } else if (entry.isFile()) {
-        const ext = path57.extname(entry.name).toLowerCase();
+        const ext = path58.extname(entry.name).toLowerCase();
         const baseName = entry.name.toLowerCase();
         if (![".ts", ".js", ".mjs"].includes(ext)) {
           continue;
@@ -66078,7 +66200,7 @@ init_secretscan();
 init_tool();
 init_create_tool();
 import * as fs47 from "fs";
-import * as path58 from "path";
+import * as path59 from "path";
 var MAX_FILE_SIZE_BYTES7 = 1024 * 1024;
 var WINDOWS_RESERVED_NAMES = /^(con|prn|aux|nul|com[1-9]|lpt[1-9])(\.|:|$)/i;
 function containsWindowsAttacks(str) {
@@ -66095,11 +66217,11 @@ function containsWindowsAttacks(str) {
 }
 function isPathInWorkspace(filePath, workspace) {
   try {
-    const resolvedPath = path58.resolve(workspace, filePath);
+    const resolvedPath = path59.resolve(workspace, filePath);
     const realWorkspace = fs47.realpathSync(workspace);
     const realResolvedPath = fs47.realpathSync(resolvedPath);
-    const relativePath = path58.relative(realWorkspace, realResolvedPath);
-    if (relativePath.startsWith("..") || path58.isAbsolute(relativePath)) {
+    const relativePath = path59.relative(realWorkspace, realResolvedPath);
+    if (relativePath.startsWith("..") || path59.isAbsolute(relativePath)) {
       return false;
     }
     return true;
@@ -66111,7 +66233,7 @@ function validatePathForRead(filePath, workspace) {
   return isPathInWorkspace(filePath, workspace);
 }
 function extractTSSymbols(filePath, cwd) {
-  const fullPath = path58.join(cwd, filePath);
+  const fullPath = path59.join(cwd, filePath);
   if (!validatePathForRead(fullPath, cwd)) {
     return [];
   }
@@ -66263,7 +66385,7 @@ function extractTSSymbols(filePath, cwd) {
   });
 }
 function extractPythonSymbols(filePath, cwd) {
-  const fullPath = path58.join(cwd, filePath);
+  const fullPath = path59.join(cwd, filePath);
   if (!validatePathForRead(fullPath, cwd)) {
     return [];
   }
@@ -66346,7 +66468,7 @@ var symbols = createSwarmTool({
       }, null, 2);
     }
     const cwd = directory;
-    const ext = path58.extname(file3);
+    const ext = path59.extname(file3);
     if (containsControlChars(file3)) {
       return JSON.stringify({
         file: file3,
@@ -66418,7 +66540,7 @@ init_dist();
 init_utils();
 init_create_tool();
 import * as fs48 from "fs";
-import * as path59 from "path";
+import * as path60 from "path";
 var MAX_TEXT_LENGTH = 200;
 var MAX_FILE_SIZE_BYTES8 = 1024 * 1024;
 var SUPPORTED_EXTENSIONS2 = new Set([
@@ -66483,9 +66605,9 @@ function validatePathsInput(paths, cwd) {
     return { error: "paths contains path traversal", resolvedPath: null };
   }
   try {
-    const resolvedPath = path59.resolve(paths);
-    const normalizedCwd = path59.resolve(cwd);
-    const normalizedResolved = path59.resolve(resolvedPath);
+    const resolvedPath = path60.resolve(paths);
+    const normalizedCwd = path60.resolve(cwd);
+    const normalizedResolved = path60.resolve(resolvedPath);
     if (!normalizedResolved.startsWith(normalizedCwd)) {
       return {
         error: "paths must be within the current working directory",
@@ -66501,7 +66623,7 @@ function validatePathsInput(paths, cwd) {
   }
 }
 function isSupportedExtension(filePath) {
-  const ext = path59.extname(filePath).toLowerCase();
+  const ext = path60.extname(filePath).toLowerCase();
   return SUPPORTED_EXTENSIONS2.has(ext);
 }
 function findSourceFiles2(dir, files = []) {
@@ -66516,7 +66638,7 @@ function findSourceFiles2(dir, files = []) {
     if (SKIP_DIRECTORIES4.has(entry)) {
       continue;
     }
-    const fullPath = path59.join(dir, entry);
+    const fullPath = path60.join(dir, entry);
     let stat2;
     try {
       stat2 = fs48.statSync(fullPath);
@@ -66628,7 +66750,7 @@ var todo_extract = createSwarmTool({
         filesToScan.push(scanPath);
       } else {
         const errorResult = {
-          error: `unsupported file extension: ${path59.extname(scanPath)}`,
+          error: `unsupported file extension: ${path60.extname(scanPath)}`,
           total: 0,
           byPriority: { high: 0, medium: 0, low: 0 },
           entries: []
@@ -66675,14 +66797,14 @@ init_tool();
 init_schema();
 init_gate_evidence();
 import * as fs50 from "fs";
-import * as path61 from "path";
+import * as path62 from "path";
 
 // src/hooks/diff-scope.ts
 import * as fs49 from "fs";
-import * as path60 from "path";
+import * as path61 from "path";
 function getDeclaredScope(taskId, directory) {
   try {
-    const planPath = path60.join(directory, ".swarm", "plan.json");
+    const planPath = path61.join(directory, ".swarm", "plan.json");
     if (!fs49.existsSync(planPath))
       return null;
     const raw = fs49.readFileSync(planPath, "utf-8");
@@ -66798,7 +66920,7 @@ var TIER_3_PATTERNS = [
 ];
 function matchesTier3Pattern(files) {
   for (const file3 of files) {
-    const fileName = path61.basename(file3);
+    const fileName = path62.basename(file3);
     for (const pattern of TIER_3_PATTERNS) {
       if (pattern.test(fileName)) {
         return true;
@@ -66812,7 +66934,7 @@ function checkReviewerGate(taskId, workingDirectory) {
     if (hasActiveTurboMode()) {
       const resolvedDir2 = workingDirectory;
       try {
-        const planPath = path61.join(resolvedDir2, ".swarm", "plan.json");
+        const planPath = path62.join(resolvedDir2, ".swarm", "plan.json");
         const planRaw = fs50.readFileSync(planPath, "utf-8");
         const plan = JSON.parse(planRaw);
         for (const planPhase of plan.phases ?? []) {
@@ -66879,7 +67001,7 @@ function checkReviewerGate(taskId, workingDirectory) {
     }
     try {
       const resolvedDir2 = workingDirectory;
-      const planPath = path61.join(resolvedDir2, ".swarm", "plan.json");
+      const planPath = path62.join(resolvedDir2, ".swarm", "plan.json");
       const planRaw = fs50.readFileSync(planPath, "utf-8");
       const plan = JSON.parse(planRaw);
       for (const planPhase of plan.phases ?? []) {
@@ -67062,8 +67184,8 @@ async function executeUpdateTaskStatus(args2, fallbackDir) {
         };
       }
     }
-    normalizedDir = path61.normalize(args2.working_directory);
-    const pathParts = normalizedDir.split(path61.sep);
+    normalizedDir = path62.normalize(args2.working_directory);
+    const pathParts = normalizedDir.split(path62.sep);
     if (pathParts.includes("..")) {
       return {
         success: false,
@@ -67073,10 +67195,10 @@ async function executeUpdateTaskStatus(args2, fallbackDir) {
         ]
       };
     }
-    const resolvedDir = path61.resolve(normalizedDir);
+    const resolvedDir = path62.resolve(normalizedDir);
     try {
       const realPath = fs50.realpathSync(resolvedDir);
-      const planPath = path61.join(realPath, ".swarm", "plan.json");
+      const planPath = path62.join(realPath, ".swarm", "plan.json");
       if (!fs50.existsSync(planPath)) {
         return {
           success: false,
@@ -67110,7 +67232,7 @@ async function executeUpdateTaskStatus(args2, fallbackDir) {
     recoverTaskStateFromDelegations(args2.task_id);
     let phaseRequiresReviewer = true;
     try {
-      const planPath = path61.join(directory, ".swarm", "plan.json");
+      const planPath = path62.join(directory, ".swarm", "plan.json");
       const planRaw = fs50.readFileSync(planPath, "utf-8");
       const plan = JSON.parse(planRaw);
       const taskPhase = plan.phases.find((p) => p.tasks.some((t) => t.id === args2.task_id));
@@ -67318,7 +67440,7 @@ var OpenCodeSwarm = async (ctx) => {
     const { PreflightTriggerManager: PTM } = await Promise.resolve().then(() => (init_trigger(), exports_trigger));
     preflightTriggerManager = new PTM(automationConfig);
     const { AutomationStatusArtifact: ASA } = await Promise.resolve().then(() => (init_status_artifact(), exports_status_artifact));
-    const swarmDir = path62.resolve(ctx.directory, ".swarm");
+    const swarmDir = path63.resolve(ctx.directory, ".swarm");
     statusArtifact = new ASA(swarmDir);
     statusArtifact.updateConfig(automationConfig.mode, automationConfig.capabilities);
     if (automationConfig.capabilities?.evidence_auto_summaries === true) {

package/dist/tools/pre-check-batch.d.ts

@@ -7,7 +7,7 @@ import { tool } from '@opencode-ai/plugin';
 import type { PluginConfig } from '../config';
 import type { LintResult } from './lint';
 import type { QualityBudgetResult } from './quality-budget';
-import type { SastScanResult } from './sast-scan';
+import type { SastScanFinding, SastScanResult } from './sast-scan';
 import type { SecretscanErrorResult, SecretscanResult } from './secretscan';
 export interface PreCheckBatchInput {
     /** List of specific files to check (optional) */
@@ -42,7 +42,32 @@ export interface PreCheckBatchResult {
     quality_budget: ToolResult<QualityBudgetResult>;
     /** Total duration in milliseconds */
     total_duration_ms: number;
+    /** Pre-existing SAST findings on unchanged lines, requiring reviewer triage */
+    sast_preexisting_findings?: SastScanFinding[];
 }
+/**
+ * Parse unified diff output (with -U0) to extract added/modified line numbers per file.
+ * Returns a Map from normalised file path → Set of changed line numbers.
+ */
+export declare function parseDiffLineRanges(diffOutput: string): Map<string, Set<number>>;
+/**
+ * Get changed line ranges for the current branch vs its base.
+ * Tries three strategies in order:
+ * 1. merge-base diff against main/master (captures all branch changes, works after commit)
+ * 2. HEAD~1 (single-commit diff, works after commit)
+ * 3. HEAD (unstaged/staged changes, works before commit)
+ * Returns null if git is unavailable or no changes found.
+ */
+export declare function getChangedLineRanges(directory: string): Promise<Map<string, Set<number>> | null>;
+/**
+ * Classify SAST findings as "new" (on changed lines) or "pre-existing" (unchanged lines).
+ * A finding is "new" if its file+line intersects the changed line ranges from git diff.
+ * If line ranges cannot be determined (git unavailable), all findings are treated as new (fail-closed).
+ */
+export declare function classifySastFindings(findings: SastScanFinding[], changedLineRanges: Map<string, Set<number>> | null, directory: string): {
+    newFindings: SastScanFinding[];
+    preexistingFindings: SastScanFinding[];
+};
 /**
  * Run all 4 pre-check tools in parallel with concurrency limit
  * @param input - The pre-check batch input

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "6.40.4",
+	"version": "6.40.6",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",