opencode-swarm 6.8.0 → 6.8.1

package/dist/index.js

@@ -1,5 +1,20 @@
 // @bun
+var __create = Object.create;
+var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __toESM = (mod, isNodeMode, target) => {
+  target = mod != null ? __create(__getProtoOf(mod)) : {};
+  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
+  for (let key of __getOwnPropNames(mod))
+    if (!__hasOwnProp.call(to, key))
+      __defProp(to, key, {
+        get: () => mod[key],
+        enumerable: true
+      });
+  return to;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
@@ -13999,6 +14014,52 @@ var init_evidence_schema = __esm(() => {
   });
 });
 
+// src/utils/errors.ts
+var SwarmError;
+var init_errors3 = __esm(() => {
+  SwarmError = class SwarmError extends Error {
+    code;
+    guidance;
+    constructor(message, code, guidance) {
+      super(message);
+      this.name = "SwarmError";
+      this.code = code;
+      this.guidance = guidance;
+    }
+  };
+});
+
+// src/utils/logger.ts
+function log(message, data) {
+  if (!isDebug())
+    return;
+  const timestamp = new Date().toISOString();
+  if (data !== undefined) {
+    console.log(`[opencode-swarm ${timestamp}] ${message}`, data);
+  } else {
+    console.log(`[opencode-swarm ${timestamp}] ${message}`);
+  }
+}
+function warn(message, data) {
+  const timestamp = new Date().toISOString();
+  if (data !== undefined) {
+    console.warn(`[opencode-swarm ${timestamp}] WARN: ${message}`, data);
+  } else {
+    console.warn(`[opencode-swarm ${timestamp}] WARN: ${message}`);
+  }
+}
+var isDebug = () => process.env.OPENCODE_SWARM_DEBUG === "1";
+
+// src/utils/index.ts
+import * as os from "os";
+import * as path from "path";
+function getUserConfigDir() {
+  return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
+}
+var init_utils = __esm(() => {
+  init_errors3();
+});
+
 // src/config/plan-schema.ts
 var TaskStatusSchema, TaskSizeSchema, PhaseStatusSchema, MigrationStatusSchema, TaskSchema, PhaseSchema, PlanSchema;
 var init_plan_schema = __esm(() => {
@@ -14049,51 +14110,6 @@ var init_plan_schema = __esm(() => {
   });
 });
 
-// src/utils/errors.ts
-var SwarmError;
-var init_errors3 = __esm(() => {
-  SwarmError = class SwarmError extends Error {
-    code;
-    guidance;
-    constructor(message, code, guidance) {
-      super(message);
-      this.name = "SwarmError";
-      this.code = code;
-      this.guidance = guidance;
-    }
-  };
-});
-
-// src/utils/logger.ts
-function log(message, data) {
-  if (!DEBUG)
-    return;
-  const timestamp = new Date().toISOString();
-  if (data !== undefined) {
-    console.log(`[opencode-swarm ${timestamp}] ${message}`, data);
-  } else {
-    console.log(`[opencode-swarm ${timestamp}] ${message}`);
-  }
-}
-function warn(message, data) {
-  const timestamp = new Date().toISOString();
-  if (data !== undefined) {
-    console.warn(`[opencode-swarm ${timestamp}] WARN: ${message}`, data);
-  } else {
-    console.warn(`[opencode-swarm ${timestamp}] WARN: ${message}`);
-  }
-}
-var DEBUG;
-var init_logger = __esm(() => {
-  DEBUG = process.env.OPENCODE_SWARM_DEBUG === "1";
-});
-
-// src/utils/index.ts
-var init_utils = __esm(() => {
-  init_errors3();
-  init_logger();
-});
-
 // src/background/event-bus.ts
 class AutomationEventBus {
   listeners = new Map;
@@ -14165,7 +14181,7 @@ var init_event_bus = __esm(() => {
 });
 
 // src/hooks/utils.ts
-import * as path2 from "path";
+import * as path3 from "path";
 function safeHook(fn) {
   return async (input, output) => {
     try {
@@ -14196,17 +14212,40 @@ function validateSwarmPath(directory, filename) {
   if (/[\0]/.test(filename)) {
     throw new Error("Invalid filename: contains null bytes");
   }
+  if (filename.includes("%")) {
+    let decoded = filename;
+    try {
+      let prev = decoded;
+      do {
+        prev = decoded;
+        decoded = decodeURIComponent(decoded);
+      } while (decoded !== prev && decoded.includes("%"));
+    } catch {
+      throw new Error("Invalid filename: malformed percent-encoding");
+    }
+    if (/[\0]/.test(decoded)) {
+      throw new Error("Invalid filename: contains null bytes (encoded)");
+    }
+    if (/\.\.[/\\]/.test(decoded) || decoded === "..") {
+      throw new Error("Invalid filename: path traversal detected (encoded)");
+    }
+  }
+  const basename2 = path3.basename(filename).split(".")[0].toUpperCase();
+  const WINDOWS_RESERVED = /^(CON|PRN|AUX|NUL|COM[0-9]|LPT[0-9])$/;
+  if (WINDOWS_RESERVED.test(basename2)) {
+    throw new Error(`Invalid filename: reserved device name '${basename2}'`);
+  }
   if (/\.\.[/\\]/.test(filename)) {
     throw new Error("Invalid filename: path traversal detected");
   }
-  const baseDir = path2.normalize(path2.resolve(directory, ".swarm"));
-  const resolved = path2.normalize(path2.resolve(baseDir, filename));
+  const baseDir = path3.normalize(path3.resolve(directory, ".swarm"));
+  const resolved = path3.normalize(path3.resolve(baseDir, filename));
   if (process.platform === "win32") {
-    if (!resolved.toLowerCase().startsWith((baseDir + path2.sep).toLowerCase())) {
+    if (!resolved.toLowerCase().startsWith((baseDir + path3.sep).toLowerCase())) {
       throw new Error("Invalid filename: path escapes .swarm directory");
     }
   } else {
-    if (!resolved.startsWith(baseDir + path2.sep)) {
+    if (!resolved.startsWith(baseDir + path3.sep)) {
       throw new Error("Invalid filename: path escapes .swarm directory");
     }
   }
@@ -14233,8 +14272,8 @@ var init_utils2 = __esm(() => {
 });
 
 // src/evidence/manager.ts
-import { mkdirSync, readdirSync, renameSync, rmSync, statSync as statSync2 } from "fs";
-import * as path3 from "path";
+import { mkdirSync, readdirSync, renameSync, rmSync, statSync } from "fs";
+import * as path4 from "path";
 function sanitizeTaskId(taskId) {
   if (!taskId || taskId.length === 0) {
     throw new Error("Invalid task ID: empty string");
@@ -14257,7 +14296,7 @@ function sanitizeTaskId(taskId) {
 }
 async function loadEvidence(directory, taskId) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
-  const relativePath = path3.join("evidence", sanitizedTaskId, "evidence.json");
+  const relativePath = path4.join("evidence", sanitizedTaskId, "evidence.json");
   validateSwarmPath(directory, relativePath);
   const content = await readSwarmFileAsync(directory, relativePath);
   if (content === null) {
@@ -14275,7 +14314,7 @@ async function loadEvidence(directory, taskId) {
 async function listEvidenceTaskIds(directory) {
   const evidenceBasePath = validateSwarmPath(directory, "evidence");
   try {
-    statSync2(evidenceBasePath);
+    statSync(evidenceBasePath);
   } catch {
     return [];
   }
@@ -14287,9 +14326,9 @@ async function listEvidenceTaskIds(directory) {
   }
   const taskIds = [];
   for (const entry of entries) {
-    const entryPath = path3.join(evidenceBasePath, entry);
+    const entryPath = path4.join(evidenceBasePath, entry);
     try {
-      const stats = statSync2(entryPath);
+      const stats = statSync(entryPath);
       if (!stats.isDirectory()) {
         continue;
       }
@@ -14305,10 +14344,10 @@ async function listEvidenceTaskIds(directory) {
 }
 async function deleteEvidence(directory, taskId) {
   const sanitizedTaskId = sanitizeTaskId(taskId);
-  const relativePath = path3.join("evidence", sanitizedTaskId);
+  const relativePath = path4.join("evidence", sanitizedTaskId);
   const evidenceDir = validateSwarmPath(directory, relativePath);
   try {
-    statSync2(evidenceDir);
+    statSync(evidenceDir);
   } catch {
     return false;
   }
@@ -14365,7 +14404,8 @@ var init_manager = __esm(() => {
 });
 
 // src/plan/manager.ts
-import * as path4 from "path";
+import { createHash } from "crypto";
+import * as path5 from "path";
 async function loadPlanJsonOnly(directory) {
   const planJsonContent = await readSwarmFileAsync(directory, "plan.json");
   if (planJsonContent !== null) {
@@ -14418,7 +14458,7 @@ function computePlanContentHash(plan) {
     })).sort((a, b) => a.id - b.id)
   };
   const jsonString = JSON.stringify(content);
-  return Bun.hash(jsonString).toString(36);
+  return createHash("sha256").update(jsonString).digest("hex").slice(0, 12);
 }
 function extractPlanHashFromMarkdown(markdown) {
   const match = markdown.match(/<!--\s*PLAN_HASH:\s*(\S+)\s*-->/);
@@ -14443,12 +14483,12 @@ async function isPlanMdInSync(directory, plan) {
   return normalizedActual.includes(normalizedExpected) || normalizedExpected.includes(normalizedActual.replace(/^#.*$/gm, "").trim());
 }
 async function regeneratePlanMarkdown(directory, plan) {
-  const swarmDir = path4.resolve(directory, ".swarm");
+  const swarmDir = path5.resolve(directory, ".swarm");
   const contentHash = computePlanContentHash(plan);
   const markdown = derivePlanMarkdown(plan);
   const markdownWithHash = `<!-- PLAN_HASH: ${contentHash} -->
 ${markdown}`;
-  await Bun.write(path4.join(swarmDir, "plan.md"), markdownWithHash);
+  await Bun.write(path5.join(swarmDir, "plan.md"), markdownWithHash);
 }
 async function loadPlan(directory) {
   const planJsonContent = await readSwarmFileAsync(directory, "plan.json");
@@ -14485,9 +14525,9 @@ async function loadPlan(directory) {
 }
 async function savePlan(directory, plan) {
   const validated = PlanSchema.parse(plan);
-  const swarmDir = path4.resolve(directory, ".swarm");
-  const planPath = path4.join(swarmDir, "plan.json");
-  const tempPath = path4.join(swarmDir, `plan.json.tmp.${Date.now()}`);
+  const swarmDir = path5.resolve(directory, ".swarm");
+  const planPath = path5.join(swarmDir, "plan.json");
+  const tempPath = path5.join(swarmDir, `plan.json.tmp.${Date.now()}`);
   await Bun.write(tempPath, JSON.stringify(validated, null, 2));
   const { renameSync: renameSync2 } = await import("fs");
   renameSync2(tempPath, planPath);
@@ -14495,7 +14535,7 @@ async function savePlan(directory, plan) {
   const markdown = derivePlanMarkdown(validated);
   const markdownWithHash = `<!-- PLAN_HASH: ${contentHash} -->
 ${markdown}`;
-  await Bun.write(path4.join(swarmDir, "plan.md"), markdownWithHash);
+  await Bun.write(path5.join(swarmDir, "plan.md"), markdownWithHash);
 }
 function derivePlanMarkdown(plan) {
   const statusMap = {
@@ -14979,13 +15019,13 @@ __export(exports_evidence_summary_integration, {
   EvidenceSummaryIntegration: () => EvidenceSummaryIntegration
 });
 import { existsSync as existsSync2, mkdirSync as mkdirSync2, writeFileSync } from "fs";
-import * as path5 from "path";
+import * as path6 from "path";
 function persistSummary(swarmDir, artifact, filename) {
-  const swarmPath = path5.join(swarmDir, ".swarm");
+  const swarmPath = path6.join(swarmDir, ".swarm");
   if (!existsSync2(swarmPath)) {
     mkdirSync2(swarmPath, { recursive: true });
   }
-  const artifactPath = path5.join(swarmPath, filename);
+  const artifactPath = path6.join(swarmPath, filename);
   const content = JSON.stringify(artifact, null, 2);
   writeFileSync(artifactPath, content, "utf-8");
   log("[EvidenceSummaryIntegration] Summary persisted", {
@@ -15250,7 +15290,7 @@ __export(exports_status_artifact, {
   AutomationStatusArtifact: () => AutomationStatusArtifact
 });
 import * as fs3 from "fs";
-import * as path7 from "path";
+import * as path8 from "path";
 function createEmptySnapshot(mode, capabilities) {
   return {
     timestamp: Date.now(),
@@ -15309,7 +15349,7 @@ class AutomationStatusArtifact {
     });
   }
   getFilePath() {
-    return path7.join(this.swarmDir, this.filename);
+    return path8.join(this.swarmDir, this.filename);
   }
   load() {
     const filePath = this.getFilePath();
@@ -15714,14 +15754,10 @@ __export(exports_config_doctor, {
 });
 import * as crypto from "crypto";
 import * as fs4 from "fs";
-import * as os3 from "os";
-import * as path9 from "path";
-function getUserConfigDir3() {
-  return process.env.XDG_CONFIG_HOME || path9.join(os3.homedir(), ".config");
-}
+import * as path10 from "path";
 function getConfigPaths(directory) {
-  const userConfigPath = path9.join(getUserConfigDir3(), "opencode", "opencode-swarm.json");
-  const projectConfigPath = path9.join(directory, ".opencode", "opencode-swarm.json");
+  const userConfigPath = path10.join(getUserConfigDir(), "opencode", "opencode-swarm.json");
+  const projectConfigPath = path10.join(directory, ".opencode", "opencode-swarm.json");
   return { userConfigPath, projectConfigPath };
 }
 function computeHash(content) {
@@ -15746,9 +15782,9 @@ function isValidConfigPath(configPath, directory) {
   const normalizedUser = userConfigPath.replace(/\\/g, "/");
   const normalizedProject = projectConfigPath.replace(/\\/g, "/");
   try {
-    const resolvedConfig = path9.resolve(configPath);
-    const resolvedUser = path9.resolve(normalizedUser);
-    const resolvedProject = path9.resolve(normalizedProject);
+    const resolvedConfig = path10.resolve(configPath);
+    const resolvedUser = path10.resolve(normalizedUser);
+    const resolvedProject = path10.resolve(normalizedProject);
     return resolvedConfig === resolvedUser || resolvedConfig === resolvedProject;
   } catch {
     return false;
@@ -15780,12 +15816,12 @@ function createConfigBackup(directory) {
   };
 }
 function writeBackupArtifact(directory, backup) {
-  const swarmDir = path9.join(directory, ".swarm");
+  const swarmDir = path10.join(directory, ".swarm");
   if (!fs4.existsSync(swarmDir)) {
     fs4.mkdirSync(swarmDir, { recursive: true });
   }
   const backupFilename = `config-backup-${backup.createdAt}.json`;
-  const backupPath = path9.join(swarmDir, backupFilename);
+  const backupPath = path10.join(swarmDir, backupFilename);
   const artifact = {
     createdAt: backup.createdAt,
     configPath: backup.configPath,
@@ -15815,7 +15851,7 @@ function restoreFromBackup(backupPath, directory) {
       return null;
     }
     const targetPath = artifact.configPath;
-    const targetDir = path9.dirname(targetPath);
+    const targetDir = path10.dirname(targetPath);
     if (!fs4.existsSync(targetDir)) {
       fs4.mkdirSync(targetDir, { recursive: true });
     }
@@ -15846,9 +15882,9 @@ function readConfigFromFile(directory) {
     return null;
   }
 }
-function validateConfigKey(path10, value, config2) {
+function validateConfigKey(path11, value, config2) {
   const findings = [];
-  switch (path10) {
+  switch (path11) {
     case "agents": {
       if (value !== undefined) {
         findings.push({
@@ -16095,27 +16131,27 @@ function validateConfigKey(path10, value, config2) {
   }
   return findings;
 }
-function walkConfigAndValidate(obj, path10, config2, findings) {
+function walkConfigAndValidate(obj, path11, config2, findings) {
   if (obj === null || obj === undefined) {
     return;
   }
-  if (path10 && typeof obj === "object" && !Array.isArray(obj)) {
-    const keyFindings = validateConfigKey(path10, obj, config2);
+  if (path11 && typeof obj === "object" && !Array.isArray(obj)) {
+    const keyFindings = validateConfigKey(path11, obj, config2);
     findings.push(...keyFindings);
   }
   if (typeof obj !== "object") {
-    const keyFindings = validateConfigKey(path10, obj, config2);
+    const keyFindings = validateConfigKey(path11, obj, config2);
     findings.push(...keyFindings);
     return;
   }
   if (Array.isArray(obj)) {
     obj.forEach((item, index) => {
-      walkConfigAndValidate(item, `${path10}[${index}]`, config2, findings);
+      walkConfigAndValidate(item, `${path11}[${index}]`, config2, findings);
     });
     return;
   }
   for (const [key, value] of Object.entries(obj)) {
-    const newPath = path10 ? `${path10}.${key}` : key;
+    const newPath = path11 ? `${path11}.${key}` : key;
     walkConfigAndValidate(value, newPath, config2, findings);
   }
 }
@@ -16235,7 +16271,7 @@ function applySafeAutoFixes(directory, result) {
     }
   }
   if (appliedFixes.length > 0) {
-    const configDir = path9.dirname(configPath);
+    const configDir = path10.dirname(configPath);
     if (!fs4.existsSync(configDir)) {
       fs4.mkdirSync(configDir, { recursive: true });
     }
@@ -16245,12 +16281,12 @@ function applySafeAutoFixes(directory, result) {
   return { appliedFixes, updatedConfigPath };
 }
 function writeDoctorArtifact(directory, result) {
-  const swarmDir = path9.join(directory, ".swarm");
+  const swarmDir = path10.join(directory, ".swarm");
   if (!fs4.existsSync(swarmDir)) {
     fs4.mkdirSync(swarmDir, { recursive: true });
   }
   const artifactFilename = "config-doctor.json";
-  const artifactPath = path9.join(swarmDir, artifactFilename);
+  const artifactPath = path10.join(swarmDir, artifactFilename);
   const guiOutput = {
     timestamp: result.timestamp,
     summary: result.summary,
@@ -16318,6 +16354,7 @@ async function runConfigDoctorWithFixes(directory, config2, autoFix = false) {
 }
 var VALID_CONFIG_PATTERNS, DANGEROUS_PATH_SEGMENTS;
 var init_config_doctor = __esm(() => {
+  init_utils();
   VALID_CONFIG_PATTERNS = [
     /^\.config[\\/]opencode[\\/]opencode-swarm\.json$/,
     /\.opencode[\\/]opencode-swarm\.json$/
@@ -16565,10 +16602,10 @@ function mergeDefs2(...defs) {
 function cloneDef2(schema) {
   return mergeDefs2(schema._zod.def);
 }
-function getElementAtPath2(obj, path10) {
-  if (!path10)
+function getElementAtPath2(obj, path11) {
+  if (!path11)
     return obj;
-  return path10.reduce((acc, key) => acc?.[key], obj);
+  return path11.reduce((acc, key) => acc?.[key], obj);
 }
 function promiseAllObject2(promisesObj) {
   const keys = Object.keys(promisesObj);
@@ -16857,11 +16894,11 @@ function aborted2(x, startIndex = 0) {
   }
   return false;
 }
-function prefixIssues2(path10, issues) {
+function prefixIssues2(path11, issues) {
   return issues.map((iss) => {
     var _a2;
     (_a2 = iss).path ?? (_a2.path = []);
-    iss.path.unshift(path10);
+    iss.path.unshift(path11);
     return iss;
   });
 }
@@ -17084,7 +17121,7 @@ function treeifyError2(error49, _mapper) {
     return issue3.message;
   };
   const result = { errors: [] };
-  const processError = (error50, path10 = []) => {
+  const processError = (error50, path11 = []) => {
     var _a2, _b;
     for (const issue3 of error50.issues) {
       if (issue3.code === "invalid_union" && issue3.errors.length) {
@@ -17094,7 +17131,7 @@ function treeifyError2(error49, _mapper) {
       } else if (issue3.code === "invalid_element") {
         processError({ issues: issue3.issues }, issue3.path);
       } else {
-        const fullpath = [...path10, ...issue3.path];
+        const fullpath = [...path11, ...issue3.path];
         if (fullpath.length === 0) {
           result.errors.push(mapper(issue3));
           continue;
@@ -17126,8 +17163,8 @@ function treeifyError2(error49, _mapper) {
 }
 function toDotPath2(_path) {
   const segs = [];
-  const path10 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
-  for (const seg of path10) {
+  const path11 = _path.map((seg) => typeof seg === "object" ? seg.key : seg);
+  for (const seg of path11) {
     if (typeof seg === "number")
       segs.push(`[${seg}]`);
     else if (typeof seg === "symbol")
@@ -29139,7 +29176,7 @@ var init_lint = __esm(() => {
 
 // src/tools/secretscan.ts
 import * as fs5 from "fs";
-import * as path10 from "path";
+import * as path11 from "path";
 function calculateShannonEntropy(str) {
   if (str.length === 0)
     return 0;
@@ -29166,7 +29203,7 @@ function isHighEntropyString(str) {
 function containsPathTraversal(str) {
   if (/\.\.[/\\]/.test(str))
     return true;
-  const normalized = path10.normalize(str);
+  const normalized = path11.normalize(str);
   if (/\.\.[/\\]/.test(normalized))
     return true;
   if (str.includes("%2e%2e") || str.includes("%2E%2E"))
@@ -29194,7 +29231,7 @@ function validateDirectoryInput(dir) {
   return null;
 }
 function isBinaryFile(filePath, buffer) {
-  const ext = path10.extname(filePath).toLowerCase();
+  const ext = path11.extname(filePath).toLowerCase();
   if (DEFAULT_EXCLUDE_EXTENSIONS.has(ext)) {
     return true;
   }
@@ -29331,9 +29368,9 @@ function isSymlinkLoop(realPath, visited) {
   return false;
 }
 function isPathWithinScope(realPath, scanDir) {
-  const resolvedScanDir = path10.resolve(scanDir);
-  const resolvedRealPath = path10.resolve(realPath);
-  return resolvedRealPath === resolvedScanDir || resolvedRealPath.startsWith(resolvedScanDir + path10.sep) || resolvedRealPath.startsWith(resolvedScanDir + "/") || resolvedRealPath.startsWith(resolvedScanDir + "\\");
+  const resolvedScanDir = path11.resolve(scanDir);
+  const resolvedRealPath = path11.resolve(realPath);
+  return resolvedRealPath === resolvedScanDir || resolvedRealPath.startsWith(resolvedScanDir + path11.sep) || resolvedRealPath.startsWith(resolvedScanDir + "/") || resolvedRealPath.startsWith(resolvedScanDir + "\\");
 }
 function findScannableFiles(dir, excludeDirs, scanDir, visited, stats = {
   skippedDirs: 0,
@@ -29363,7 +29400,7 @@ function findScannableFiles(dir, excludeDirs, scanDir, visited, stats = {
       stats.skippedDirs++;
       continue;
     }
-    const fullPath = path10.join(dir, entry);
+    const fullPath = path11.join(dir, entry);
     let lstat;
     try {
       lstat = fs5.lstatSync(fullPath);
@@ -29394,7 +29431,7 @@ function findScannableFiles(dir, excludeDirs, scanDir, visited, stats = {
       const subFiles = findScannableFiles(fullPath, excludeDirs, scanDir, visited, stats);
       files.push(...subFiles);
     } else if (lstat.isFile()) {
-      const ext = path10.extname(fullPath).toLowerCase();
+      const ext = path11.extname(fullPath).toLowerCase();
       if (!DEFAULT_EXCLUDE_EXTENSIONS.has(ext)) {
         files.push(fullPath);
       } else {
@@ -29660,7 +29697,7 @@ var init_secretscan = __esm(() => {
         }
       }
       try {
-        const scanDir = path10.resolve(directory);
+        const scanDir = path11.resolve(directory);
         if (!fs5.existsSync(scanDir)) {
           const errorResult = {
             error: "directory not found",
@@ -29787,88 +29824,13 @@ var init_secretscan = __esm(() => {
   });
 });
 
-// src/tools/test-runner.ts
+// src/tools/test-runner/constants.ts
+var MAX_OUTPUT_BYTES3 = 512000, MAX_COMMAND_LENGTH2 = 500, DEFAULT_TIMEOUT_MS = 60000, MAX_TIMEOUT_MS = 300000;
+var init_constants = () => {};
+
+// src/tools/test-runner/detect.ts
 import * as fs6 from "fs";
-import * as path11 from "path";
-function containsPathTraversal2(str) {
-  if (/\.\.[/\\]/.test(str))
-    return true;
-  if (/(?:^|[/\\])\.\.(?:[/\\]|$)/.test(str))
-    return true;
-  if (/%2e%2e/i.test(str))
-    return true;
-  if (/%2e\./i.test(str))
-    return true;
-  if (/%2e/i.test(str) && /\.\./.test(str))
-    return true;
-  if (/%252e%252e/i.test(str))
-    return true;
-  if (/\uff0e/.test(str))
-    return true;
-  if (/\u3002/.test(str))
-    return true;
-  if (/\uff65/.test(str))
-    return true;
-  if (/%2f/i.test(str))
-    return true;
-  if (/%5c/i.test(str))
-    return true;
-  return false;
-}
-function isAbsolutePath(str) {
-  if (str.startsWith("/"))
-    return true;
-  if (/^[a-zA-Z]:[/\\]/.test(str))
-    return true;
-  if (/^\\\\/.test(str))
-    return true;
-  if (/^\\\\\.\\/.test(str))
-    return true;
-  return false;
-}
-function containsControlChars2(str) {
-  return /[\x00-\x08\x0a\x0b\x0c\x0d\x0e-\x1f\x7f\x80-\x9f]/.test(str);
-}
-function containsPowerShellMetacharacters(str) {
-  return POWERSHELL_METACHARACTERS.test(str);
-}
-function validateArgs2(args) {
-  if (typeof args !== "object" || args === null)
-    return false;
-  const obj = args;
-  if (obj.scope !== undefined) {
-    if (obj.scope !== "all" && obj.scope !== "convention" && obj.scope !== "graph") {
-      return false;
-    }
-  }
-  if (obj.files !== undefined) {
-    if (!Array.isArray(obj.files))
-      return false;
-    for (const f of obj.files) {
-      if (typeof f !== "string")
-        return false;
-      if (isAbsolutePath(f))
-        return false;
-      if (containsPathTraversal2(f))
-        return false;
-      if (containsControlChars2(f))
-        return false;
-      if (containsPowerShellMetacharacters(f))
-        return false;
-    }
-  }
-  if (obj.coverage !== undefined) {
-    if (typeof obj.coverage !== "boolean")
-      return false;
-  }
-  if (obj.timeout_ms !== undefined) {
-    if (typeof obj.timeout_ms !== "number")
-      return false;
-    if (obj.timeout_ms < 0 || obj.timeout_ms > MAX_TIMEOUT_MS)
-      return false;
-  }
-  return true;
-}
+import * as path12 from "path";
 function hasPackageJsonDependency(deps, ...patterns) {
   for (const pattern of patterns) {
     if (deps[pattern])
@@ -29883,7 +29845,7 @@ function hasDevDependency(devDeps, ...patterns) {
 }
 async function detectTestFramework() {
   try {
-    const packageJsonPath = path11.join(process.cwd(), "package.json");
+    const packageJsonPath = path12.join(process.cwd(), "package.json");
     if (fs6.existsSync(packageJsonPath)) {
       const content = fs6.readFileSync(packageJsonPath, "utf-8");
       const pkg = JSON.parse(content);
@@ -29904,16 +29866,16 @@ async function detectTestFramework() {
         return "jest";
       if (hasDevDependency(devDeps, "mocha", "@types/mocha"))
         return "mocha";
-      if (fs6.existsSync(path11.join(process.cwd(), "bun.lockb")) || fs6.existsSync(path11.join(process.cwd(), "bun.lock"))) {
+      if (fs6.existsSync(path12.join(process.cwd(), "bun.lockb")) || fs6.existsSync(path12.join(process.cwd(), "bun.lock"))) {
         if (scripts.test?.includes("bun"))
           return "bun";
       }
     }
   } catch {}
   try {
-    const pyprojectTomlPath = path11.join(process.cwd(), "pyproject.toml");
-    const setupCfgPath = path11.join(process.cwd(), "setup.cfg");
-    const requirementsTxtPath = path11.join(process.cwd(), "requirements.txt");
+    const pyprojectTomlPath = path12.join(process.cwd(), "pyproject.toml");
+    const setupCfgPath = path12.join(process.cwd(), "setup.cfg");
+    const requirementsTxtPath = path12.join(process.cwd(), "requirements.txt");
     if (fs6.existsSync(pyprojectTomlPath)) {
       const content = fs6.readFileSync(pyprojectTomlPath, "utf-8");
       if (content.includes("[tool.pytest"))
@@ -29933,7 +29895,7 @@ async function detectTestFramework() {
     }
   } catch {}
   try {
-    const cargoTomlPath = path11.join(process.cwd(), "Cargo.toml");
+    const cargoTomlPath = path12.join(process.cwd(), "Cargo.toml");
     if (fs6.existsSync(cargoTomlPath)) {
       const content = fs6.readFileSync(cargoTomlPath, "utf-8");
       if (content.includes("[dev-dependencies]")) {
@@ -29944,15 +29906,20 @@ async function detectTestFramework() {
     }
   } catch {}
   try {
-    const pesterConfigPath = path11.join(process.cwd(), "pester.config.ps1");
-    const pesterConfigJsonPath = path11.join(process.cwd(), "pester.config.ps1.json");
-    const pesterPs1Path = path11.join(process.cwd(), "tests.ps1");
+    const pesterConfigPath = path12.join(process.cwd(), "pester.config.ps1");
+    const pesterConfigJsonPath = path12.join(process.cwd(), "pester.config.ps1.json");
+    const pesterPs1Path = path12.join(process.cwd(), "tests.ps1");
     if (fs6.existsSync(pesterConfigPath) || fs6.existsSync(pesterConfigJsonPath) || fs6.existsSync(pesterPs1Path)) {
       return "pester";
     }
   } catch {}
   return "none";
 }
+var init_detect = () => {};
+
+// src/tools/test-runner/discover.ts
+import * as fs7 from "fs";
+import * as path13 from "path";
 function hasCompoundTestExtension(filename) {
   const lower = filename.toLowerCase();
   return COMPOUND_TEST_EXTENSIONS.some((ext) => lower.endsWith(ext));
@@ -29960,26 +29927,26 @@ function hasCompoundTestExtension(filename) {
 function getTestFilesFromConvention(sourceFiles) {
   const testFiles = [];
   for (const file3 of sourceFiles) {
-    const basename2 = path11.basename(file3);
-    const dirname4 = path11.dirname(file3);
-    if (hasCompoundTestExtension(basename2) || basename2.includes(".spec.") || basename2.includes(".test.")) {
+    const basename3 = path13.basename(file3);
+    const dirname4 = path13.dirname(file3);
+    if (hasCompoundTestExtension(basename3) || basename3.includes(".spec.") || basename3.includes(".test.")) {
       if (!testFiles.includes(file3)) {
         testFiles.push(file3);
       }
       continue;
     }
     for (const pattern of TEST_PATTERNS) {
-      const nameWithoutExt = basename2.replace(/\.[^.]+$/, "");
-      const ext = path11.extname(basename2);
+      const nameWithoutExt = basename3.replace(/\.[^.]+$/, "");
+      const ext = path13.extname(basename3);
       const possibleTestFiles = [
-        path11.join(dirname4, `${nameWithoutExt}.spec${ext}`),
-        path11.join(dirname4, `${nameWithoutExt}.test${ext}`),
-        path11.join(dirname4, "__tests__", `${nameWithoutExt}${ext}`),
-        path11.join(dirname4, "tests", `${nameWithoutExt}${ext}`),
-        path11.join(dirname4, "test", `${nameWithoutExt}${ext}`)
+        path13.join(dirname4, `${nameWithoutExt}.spec${ext}`),
+        path13.join(dirname4, `${nameWithoutExt}.test${ext}`),
+        path13.join(dirname4, "__tests__", `${nameWithoutExt}${ext}`),
+        path13.join(dirname4, "tests", `${nameWithoutExt}${ext}`),
+        path13.join(dirname4, "test", `${nameWithoutExt}${ext}`)
       ];
       for (const testFile of possibleTestFiles) {
-        if (fs6.existsSync(testFile) && !testFiles.includes(testFile)) {
+        if (fs7.existsSync(testFile) && !testFiles.includes(testFile)) {
           testFiles.push(testFile);
         }
       }
@@ -29995,16 +29962,16 @@ async function getTestFilesFromGraph(sourceFiles) {
   }
   for (const testFile of candidateTestFiles) {
     try {
-      const content = fs6.readFileSync(testFile, "utf-8");
-      const testDir = path11.dirname(testFile);
+      const content = fs7.readFileSync(testFile, "utf-8");
+      const testDir = path13.dirname(testFile);
       const importRegex = /import\s+.*?\s+from\s+['"]([^'"]+)['"]/g;
       let match;
       while ((match = importRegex.exec(content)) !== null) {
         const importPath = match[1];
         let resolvedImport;
         if (importPath.startsWith(".")) {
-          resolvedImport = path11.resolve(testDir, importPath);
-          const existingExt = path11.extname(resolvedImport);
+          resolvedImport = path13.resolve(testDir, importPath);
+          const existingExt = path13.extname(resolvedImport);
           if (!existingExt) {
             for (const extToTry of [
               ".ts",
@@ -30015,7 +29982,7 @@ async function getTestFilesFromGraph(sourceFiles) {
               ".cjs"
             ]) {
               const withExt = resolvedImport + extToTry;
-              if (sourceFiles.includes(withExt) || fs6.existsSync(withExt)) {
+              if (sourceFiles.includes(withExt) || fs7.existsSync(withExt)) {
                 resolvedImport = withExt;
                 break;
               }
@@ -30024,12 +29991,12 @@ async function getTestFilesFromGraph(sourceFiles) {
         } else {
           continue;
         }
-        const importBasename = path11.basename(resolvedImport, path11.extname(resolvedImport));
-        const importDir = path11.dirname(resolvedImport);
+        const importBasename = path13.basename(resolvedImport, path13.extname(resolvedImport));
+        const importDir = path13.dirname(resolvedImport);
         for (const sourceFile of sourceFiles) {
-          const sourceDir = path11.dirname(sourceFile);
-          const sourceBasename = path11.basename(sourceFile, path11.extname(sourceFile));
-          const isRelatedDir = importDir === sourceDir || importDir === path11.join(sourceDir, "__tests__") || importDir === path11.join(sourceDir, "tests") || importDir === path11.join(sourceDir, "test");
+          const sourceDir = path13.dirname(sourceFile);
+          const sourceBasename = path13.basename(sourceFile, path13.extname(sourceFile));
+          const isRelatedDir = importDir === sourceDir || importDir === path13.join(sourceDir, "__tests__") || importDir === path13.join(sourceDir, "tests") || importDir === path13.join(sourceDir, "test");
           if (resolvedImport === sourceFile || importBasename === sourceBasename && isRelatedDir) {
             if (!testFiles.includes(testFile)) {
               testFiles.push(testFile);
@@ -30042,8 +30009,8 @@ async function getTestFilesFromGraph(sourceFiles) {
       while ((match = requireRegex.exec(content)) !== null) {
         const importPath = match[1];
         if (importPath.startsWith(".")) {
-          let resolvedImport = path11.resolve(testDir, importPath);
-          const existingExt = path11.extname(resolvedImport);
+          let resolvedImport = path13.resolve(testDir, importPath);
+          const existingExt = path13.extname(resolvedImport);
           if (!existingExt) {
             for (const extToTry of [
               ".ts",
@@ -30054,18 +30021,18 @@ async function getTestFilesFromGraph(sourceFiles) {
               ".cjs"
             ]) {
               const withExt = resolvedImport + extToTry;
-              if (sourceFiles.includes(withExt) || fs6.existsSync(withExt)) {
+              if (sourceFiles.includes(withExt) || fs7.existsSync(withExt)) {
                 resolvedImport = withExt;
                 break;
               }
             }
           }
-          const importDir = path11.dirname(resolvedImport);
-          const importBasename = path11.basename(resolvedImport, path11.extname(resolvedImport));
+          const importDir = path13.dirname(resolvedImport);
+          const importBasename = path13.basename(resolvedImport, path13.extname(resolvedImport));
           for (const sourceFile of sourceFiles) {
-            const sourceDir = path11.dirname(sourceFile);
-            const sourceBasename = path11.basename(sourceFile, path11.extname(sourceFile));
-            const isRelatedDir = importDir === sourceDir || importDir === path11.join(sourceDir, "__tests__") || importDir === path11.join(sourceDir, "tests") || importDir === path11.join(sourceDir, "test");
+            const sourceDir = path13.dirname(sourceFile);
+            const sourceBasename = path13.basename(sourceFile, path13.extname(sourceFile));
+            const isRelatedDir = importDir === sourceDir || importDir === path13.join(sourceDir, "__tests__") || importDir === path13.join(sourceDir, "tests") || importDir === path13.join(sourceDir, "test");
             if (resolvedImport === sourceFile || importBasename === sourceBasename && isRelatedDir) {
               if (!testFiles.includes(testFile)) {
                 testFiles.push(testFile);
@@ -30079,40 +30046,118 @@ async function getTestFilesFromGraph(sourceFiles) {
   }
   return testFiles;
 }
+function findSourceFiles(dir, files = []) {
+  let entries;
+  try {
+    entries = fs7.readdirSync(dir);
+  } catch {
+    return files;
+  }
+  entries.sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
+  for (const entry of entries) {
+    if (SKIP_DIRECTORIES.has(entry))
+      continue;
+    const fullPath = path13.join(dir, entry);
+    let stat;
+    try {
+      stat = fs7.statSync(fullPath);
+    } catch {
+      continue;
+    }
+    if (stat.isDirectory()) {
+      findSourceFiles(fullPath, files);
+    } else if (stat.isFile()) {
+      const ext = path13.extname(fullPath).toLowerCase();
+      if (SOURCE_EXTENSIONS.has(ext)) {
+        files.push(fullPath);
+      }
+    }
+  }
+  return files;
+}
+var TEST_PATTERNS, COMPOUND_TEST_EXTENSIONS, SOURCE_EXTENSIONS, SKIP_DIRECTORIES;
+var init_discover = __esm(() => {
+  TEST_PATTERNS = [
+    { test: ".spec.", source: "." },
+    { test: ".test.", source: "." },
+    { test: "/__tests__/", source: "/" },
+    { test: "/tests/", source: "/" },
+    { test: "/test/", source: "/" }
+  ];
+  COMPOUND_TEST_EXTENSIONS = [
+    ".test.ts",
+    ".test.tsx",
+    ".test.js",
+    ".test.jsx",
+    ".spec.ts",
+    ".spec.tsx",
+    ".spec.js",
+    ".spec.jsx",
+    ".test.ps1",
+    ".spec.ps1"
+  ];
+  SOURCE_EXTENSIONS = new Set([
+    ".ts",
+    ".tsx",
+    ".js",
+    ".jsx",
+    ".mjs",
+    ".cjs",
+    ".py",
+    ".rs",
+    ".ps1",
+    ".psm1"
+  ]);
+  SKIP_DIRECTORIES = new Set([
+    "node_modules",
+    ".git",
+    "dist",
+    "build",
+    "out",
+    "coverage",
+    ".next",
+    ".nuxt",
+    ".cache",
+    "vendor",
+    ".svn",
+    ".hg",
+    "__pycache__",
+    ".pytest_cache",
+    "target"
+  ]);
+});
+
+// src/tools/test-runner/run.ts
 function buildTestCommand(framework, scope, files, coverage) {
   switch (framework) {
     case "bun": {
       const args = ["bun", "test"];
       if (coverage)
         args.push("--coverage");
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "vitest": {
       const args = ["npx", "vitest", "run"];
       if (coverage)
         args.push("--coverage");
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "jest": {
       const args = ["npx", "jest"];
       if (coverage)
         args.push("--coverage");
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "mocha": {
       const args = ["npx", "mocha"];
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "pytest": {
@@ -30120,16 +30165,14 @@ function buildTestCommand(framework, scope, files, coverage) {
       const args = isWindows ? ["python", "-m", "pytest"] : ["python3", "-m", "pytest"];
       if (coverage)
         args.push("--cov=.", "--cov-report=term-missing");
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "cargo": {
       const args = ["cargo", "test"];
-      if (scope !== "all" && files.length > 0) {
+      if (scope !== "all" && files.length > 0)
         args.push(...files);
-      }
       return args;
     }
     case "pester": {
@@ -30138,8 +30181,7 @@ function buildTestCommand(framework, scope, files, coverage) {
         const psCommand = `Invoke-Pester -Path @('${escapedFiles.join("','")}')`;
         const utf16Bytes = Buffer.from(psCommand, "utf16le");
         const base64Command = utf16Bytes.toString("base64");
-        const args = ["pwsh", "-EncodedCommand", base64Command];
-        return args;
+        return ["pwsh", "-EncodedCommand", base64Command];
       }
       return ["pwsh", "-Command", "Invoke-Pester"];
     }
@@ -30148,12 +30190,7 @@ function buildTestCommand(framework, scope, files, coverage) {
   }
 }
 function parseTestOutput(framework, output) {
-  const totals = {
-    passed: 0,
-    failed: 0,
-    skipped: 0,
-    total: 0
-  };
+  const totals = { passed: 0, failed: 0, skipped: 0, total: 0 };
   let coveragePercent;
   switch (framework) {
     case "vitest":
@@ -30169,9 +30206,8 @@ function parseTestOutput(framework, output) {
             totals.skipped = parsed.numPendingTests || 0;
             totals.total = parsed.numTotalTests || 0;
           }
-          if (parsed.coverage !== undefined) {
+          if (parsed.coverage !== undefined)
             coveragePercent = parsed.coverage;
-          }
         } catch {}
       }
       if (totals.total === 0) {
@@ -30187,9 +30223,8 @@ function parseTestOutput(framework, output) {
         totals.total = totals.passed + totals.failed + totals.skipped;
       }
       const coverageMatch = output.match(/All files[^\d]*(\d+\.?\d*)\s*%/);
-      if (!coveragePercent && coverageMatch) {
+      if (!coveragePercent && coverageMatch)
         coveragePercent = parseFloat(coverageMatch[1]);
-      }
       break;
     }
     case "mocha": {
@@ -30217,9 +30252,8 @@ function parseTestOutput(framework, output) {
         totals.skipped = parseInt(skipMatch[1], 10);
       totals.total = totals.passed + totals.failed + totals.skipped;
       const coverageMatch = output.match(/TOTAL\s+(\d+\.?\d*)\s*%/);
-      if (coverageMatch) {
+      if (coverageMatch)
         coveragePercent = parseFloat(coverageMatch[1]);
-      }
       break;
     }
     case "cargo": {
@@ -30275,10 +30309,7 @@ async function runTests(framework, scope, files, coverage, timeout_ms) {
   }
   const startTime = Date.now();
   try {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe"
-    });
+    const proc = Bun.spawn(command, { stdout: "pipe", stderr: "pipe" });
     const exitPromise = proc.exited;
     const timeoutPromise = new Promise((resolve7) => setTimeout(() => {
       proc.kill();
@@ -30291,18 +30322,16 @@ async function runTests(framework, scope, files, coverage, timeout_ms) {
       new Response(proc.stderr).text()
     ]);
     let output = stdout;
-    if (stderr) {
+    if (stderr)
       output += (output ? `
 ` : "") + stderr;
-    }
     const outputBytes = Buffer.byteLength(output, "utf-8");
     if (outputBytes > MAX_OUTPUT_BYTES3) {
       let truncIndex = MAX_OUTPUT_BYTES3;
       while (truncIndex > 0) {
         const truncated = output.slice(0, truncIndex);
-        if (Buffer.byteLength(truncated, "utf-8") <= MAX_OUTPUT_BYTES3) {
+        if (Buffer.byteLength(truncated, "utf-8") <= MAX_OUTPUT_BYTES3)
           break;
-        }
         truncIndex--;
       }
       output = output.slice(0, truncIndex) + `
@@ -30321,13 +30350,11 @@ async function runTests(framework, scope, files, coverage, timeout_ms) {
         totals,
         rawOutput: output
       };
-      if (coveragePercent !== undefined) {
+      if (coveragePercent !== undefined)
         result.coveragePercent = coveragePercent;
-      }
       result.message = `${framework} tests passed (${totals.passed}/${totals.total})`;
-      if (coveragePercent !== undefined) {
+      if (coveragePercent !== undefined)
         result.message += ` with ${coveragePercent}% coverage`;
-      }
       return result;
     } else {
       const result = {
@@ -30342,9 +30369,8 @@ async function runTests(framework, scope, files, coverage, timeout_ms) {
         error: `Tests failed with ${totals.failed} failures`,
         message: `${framework} tests failed (${totals.failed}/${totals.total} failed)`
       };
-      if (coveragePercent !== undefined) {
+      if (coveragePercent !== undefined)
         result.coveragePercent = coveragePercent;
-      }
       return result;
     }
   } catch (error93) {
@@ -30360,89 +30386,111 @@ async function runTests(framework, scope, files, coverage, timeout_ms) {
     };
   }
 }
-function findSourceFiles(dir, files = []) {
-  let entries;
-  try {
-    entries = fs6.readdirSync(dir);
-  } catch {
-    return files;
-  }
-  entries.sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
-  for (const entry of entries) {
-    if (SKIP_DIRECTORIES.has(entry))
-      continue;
-    const fullPath = path11.join(dir, entry);
-    let stat;
-    try {
-      stat = fs6.statSync(fullPath);
-    } catch {
-      continue;
+var init_run = __esm(() => {
+  init_constants();
+});
+
+// src/tools/test-runner/validate.ts
+function containsPathTraversal2(str) {
+  if (/\.\.[/\\]/.test(str))
+    return true;
+  if (/(?:^|[/\\])\.\.(?:[/\\]|$)/.test(str))
+    return true;
+  if (/%2e%2e/i.test(str))
+    return true;
+  if (/%2e\./i.test(str))
+    return true;
+  if (/%2e/i.test(str) && /\.\./.test(str))
+    return true;
+  if (/%252e%252e/i.test(str))
+    return true;
+  if (/\uff0e/.test(str))
+    return true;
+  if (/\u3002/.test(str))
+    return true;
+  if (/\uff65/.test(str))
+    return true;
+  if (/%2f/i.test(str))
+    return true;
+  if (/%5c/i.test(str))
+    return true;
+  return false;
+}
+function isAbsolutePath(str) {
+  if (str.startsWith("/"))
+    return true;
+  if (/^[a-zA-Z]:[/\\]/.test(str))
+    return true;
+  if (/^\\\\/.test(str))
+    return true;
+  if (/^\\\\\.\\/.test(str))
+    return true;
+  return false;
+}
+function containsControlChars2(str) {
+  return /[\x00-\x08\x0a\x0b\x0c\x0d\x0e-\x1f\x7f\x80-\x9f]/.test(str);
+}
+function containsPowerShellMetacharacters(str) {
+  return POWERSHELL_METACHARACTERS.test(str);
+}
+function validateArgs2(args) {
+  if (typeof args !== "object" || args === null)
+    return false;
+  const obj = args;
+  if (obj.scope !== undefined) {
+    if (obj.scope !== "all" && obj.scope !== "convention" && obj.scope !== "graph") {
+      return false;
     }
-    if (stat.isDirectory()) {
-      findSourceFiles(fullPath, files);
-    } else if (stat.isFile()) {
-      const ext = path11.extname(fullPath).toLowerCase();
-      if (SOURCE_EXTENSIONS.has(ext)) {
-        files.push(fullPath);
-      }
+  }
+  if (obj.files !== undefined) {
+    if (!Array.isArray(obj.files))
+      return false;
+    for (const f of obj.files) {
+      if (typeof f !== "string")
+        return false;
+      if (isAbsolutePath(f))
+        return false;
+      if (containsPathTraversal2(f))
+        return false;
+      if (containsControlChars2(f))
+        return false;
+      if (containsPowerShellMetacharacters(f))
+        return false;
     }
   }
-  return files;
+  if (obj.coverage !== undefined) {
+    if (typeof obj.coverage !== "boolean")
+      return false;
+  }
+  if (obj.timeout_ms !== undefined) {
+    if (typeof obj.timeout_ms !== "number")
+      return false;
+    if (obj.timeout_ms < 0 || obj.timeout_ms > MAX_TIMEOUT_MS)
+      return false;
+  }
+  return true;
 }
-var MAX_OUTPUT_BYTES3 = 512000, MAX_COMMAND_LENGTH2 = 500, DEFAULT_TIMEOUT_MS = 60000, MAX_TIMEOUT_MS = 300000, POWERSHELL_METACHARACTERS, TEST_PATTERNS, COMPOUND_TEST_EXTENSIONS, SOURCE_EXTENSIONS, SKIP_DIRECTORIES, test_runner;
+var POWERSHELL_METACHARACTERS;
+var init_validate = __esm(() => {
+  init_constants();
+  POWERSHELL_METACHARACTERS = /[|;&`$(){}[\]<>"'#*?\x00-\x1f]/;
+});
+
+// src/tools/test-runner/index.ts
+import * as path14 from "path";
+var test_runner;
 var init_test_runner = __esm(() => {
   init_dist();
-  POWERSHELL_METACHARACTERS = /[|;&`$(){}[\]<>"'#*?\x00-\x1f]/;
-  TEST_PATTERNS = [
-    { test: ".spec.", source: "." },
-    { test: ".test.", source: "." },
-    { test: "/__tests__/", source: "/" },
-    { test: "/tests/", source: "/" },
-    { test: "/test/", source: "/" }
-  ];
-  COMPOUND_TEST_EXTENSIONS = [
-    ".test.ts",
-    ".test.tsx",
-    ".test.js",
-    ".test.jsx",
-    ".spec.ts",
-    ".spec.tsx",
-    ".spec.js",
-    ".spec.jsx",
-    ".test.ps1",
-    ".spec.ps1"
-  ];
-  SOURCE_EXTENSIONS = new Set([
-    ".ts",
-    ".tsx",
-    ".js",
-    ".jsx",
-    ".mjs",
-    ".cjs",
-    ".py",
-    ".rs",
-    ".ps1",
-    ".psm1"
-  ]);
-  SKIP_DIRECTORIES = new Set([
-    "node_modules",
-    ".git",
-    "dist",
-    "build",
-    "out",
-    "coverage",
-    ".next",
-    ".nuxt",
-    ".cache",
-    "vendor",
-    ".svn",
-    ".hg",
-    "__pycache__",
-    ".pytest_cache",
-    "target"
-  ]);
+  init_constants();
+  init_detect();
+  init_discover();
+  init_run();
+  init_validate();
+  init_constants();
+  init_detect();
+  init_run();
   test_runner = tool({
-    description: 'Run project tests with framework detection. Supports bun, vitest, jest, mocha, pytest, cargo, and pester. Returns deterministic normalized JSON with framework, scope, command, totals, coverage, duration, success status, and failures. Use scope "all" for full suite, "convention" to map source files to test files, or "graph" to find related tests via imports.',
+    description: 'Run project tests with framework detection. Supports bun, vitest, jest, mocha, pytest, cargo, and pester. Returns deterministic normalized JSON with framework, scope, command, totals, coverage, duration, success status, and failures. Use scope "all" for full suite, "convention" to map source files to test files by naming, or "graph" to find related tests via imports.',
     args: {
       scope: tool.schema.enum(["all", "convention", "graph"]).optional().describe('Test scope: "all" runs full suite, "convention" maps source files to test files by naming, "graph" finds related tests via imports'),
       files: tool.schema.array(tool.schema.string()).optional().describe("Specific files to test (used with convention or graph scope)"),
@@ -30472,12 +30520,7 @@ var init_test_runner = __esm(() => {
           scope,
           error: "No test framework detected",
           message: "No supported test framework found. Install bun, vitest, jest, mocha, pytest, cargo, or pester.",
-          totals: {
-            passed: 0,
-            failed: 0,
-            skipped: 0,
-            total: 0
-          }
+          totals: { passed: 0, failed: 0, skipped: 0, total: 0 }
         };
         return JSON.stringify(result2, null, 2);
       }
@@ -30487,16 +30530,10 @@ var init_test_runner = __esm(() => {
       if (scope === "all") {
         testFiles = [];
       } else if (scope === "convention") {
-        const sourceFiles = args.files && args.files.length > 0 ? args.files.filter((f) => {
-          const ext = path11.extname(f).toLowerCase();
-          return SOURCE_EXTENSIONS.has(ext);
-        }) : findSourceFiles(process.cwd());
+        const sourceFiles = args.files && args.files.length > 0 ? args.files.filter((f) => SOURCE_EXTENSIONS.has(path14.extname(f).toLowerCase())) : findSourceFiles(process.cwd());
         testFiles = getTestFilesFromConvention(sourceFiles);
       } else if (scope === "graph") {
-        const sourceFiles = args.files && args.files.length > 0 ? args.files.filter((f) => {
-          const ext = path11.extname(f).toLowerCase();
-          return SOURCE_EXTENSIONS.has(ext);
-        }) : findSourceFiles(process.cwd());
+        const sourceFiles = args.files && args.files.length > 0 ? args.files.filter((f) => SOURCE_EXTENSIONS.has(path14.extname(f).toLowerCase())) : findSourceFiles(process.cwd());
         const graphTestFiles = await getTestFilesFromGraph(sourceFiles);
         if (graphTestFiles.length > 0) {
           testFiles = graphTestFiles;
@@ -30516,8 +30553,8 @@ var init_test_runner = __esm(() => {
 });
 
 // src/services/preflight-service.ts
-import * as fs7 from "fs";
-import * as path12 from "path";
+import * as fs8 from "fs";
+import * as path15 from "path";
 function validateDirectoryPath(dir) {
   if (!dir || typeof dir !== "string") {
     throw new Error("Directory path is required");
@@ -30525,8 +30562,8 @@ function validateDirectoryPath(dir) {
   if (dir.includes("..")) {
     throw new Error("Directory path must not contain path traversal sequences");
   }
-  const normalized = path12.normalize(dir);
-  const absolutePath = path12.isAbsolute(normalized) ? normalized : path12.resolve(normalized);
+  const normalized = path15.normalize(dir);
+  const absolutePath = path15.isAbsolute(normalized) ? normalized : path15.resolve(normalized);
   return absolutePath;
 }
 function validateTimeout(timeoutMs, defaultValue) {
@@ -30549,9 +30586,9 @@ function validateTimeout(timeoutMs, defaultValue) {
 }
 function getPackageVersion(dir) {
   try {
-    const packagePath = path12.join(dir, "package.json");
-    if (fs7.existsSync(packagePath)) {
-      const content = fs7.readFileSync(packagePath, "utf-8");
+    const packagePath = path15.join(dir, "package.json");
+    if (fs8.existsSync(packagePath)) {
+      const content = fs8.readFileSync(packagePath, "utf-8");
       const pkg = JSON.parse(content);
       return pkg.version ?? null;
     }
@@ -30560,9 +30597,9 @@ function getPackageVersion(dir) {
 }
 function getChangelogVersion(dir) {
   try {
-    const changelogPath = path12.join(dir, "CHANGELOG.md");
-    if (fs7.existsSync(changelogPath)) {
-      const content = fs7.readFileSync(changelogPath, "utf-8");
+    const changelogPath = path15.join(dir, "CHANGELOG.md");
+    if (fs8.existsSync(changelogPath)) {
+      const content = fs8.readFileSync(changelogPath, "utf-8");
       const match = content.match(/^##\s*\[?(\d+\.\d+\.\d+)\]?/m);
       if (match) {
         return match[1];
@@ -30574,10 +30611,10 @@ function getChangelogVersion(dir) {
 function getVersionFileVersion(dir) {
   const possibleFiles = ["VERSION.txt", "version.txt", "VERSION", "version"];
   for (const file3 of possibleFiles) {
-    const filePath = path12.join(dir, file3);
-    if (fs7.existsSync(filePath)) {
+    const filePath = path15.join(dir, file3);
+    if (fs8.existsSync(filePath)) {
       try {
-        const content = fs7.readFileSync(filePath, "utf-8").trim();
+        const content = fs8.readFileSync(filePath, "utf-8").trim();
         const match = content.match(/(\d+\.\d+\.\d+)/);
         if (match) {
           return match[1];
@@ -31114,7 +31151,7 @@ function createPreflightIntegration(config3) {
     statusArtifact = new AutomationStatusArtifact(swarmDir);
   }
   const preflightHandler = async (request) => {
-    console.log("[PreflightIntegration] Handling preflight request", {
+    log("[PreflightIntegration] Handling preflight request", {
       requestId: request.id,
       phase: request.currentPhase,
       source: request.source
@@ -31123,13 +31160,13 @@ function createPreflightIntegration(config3) {
     if (statusArtifact) {
       const state = report.overall === "pass" ? "success" : "failure";
       statusArtifact.recordOutcome(state, request.currentPhase, report.message);
-      console.log("[PreflightIntegration] Status artifact updated", {
+      log("[PreflightIntegration] Status artifact updated", {
         state,
         phase: request.currentPhase,
         message: report.message
       });
     }
-    console.log("[PreflightIntegration] Preflight complete", {
+    log("[PreflightIntegration] Preflight complete", {
       requestId: request.id,
       overall: report.overall,
       message: report.message,
@@ -31152,10 +31189,11 @@ var init_preflight_integration = __esm(() => {
   init_status_artifact();
   init_trigger();
   init_preflight_service();
+  init_utils();
 });
 
 // src/index.ts
-import * as path25 from "path";
+import * as path28 from "path";
 
 // src/config/constants.ts
 var QA_AGENTS = ["reviewer", "critic"];
@@ -31213,9 +31251,9 @@ var DEFAULT_SCORING_CONFIG = {
 init_evidence_schema();
 
 // src/config/loader.ts
+init_utils();
 import * as fs from "fs";
-import * as os from "os";
-import * as path from "path";
+import * as path2 from "path";
 
 // src/config/schema.ts
 init_zod();
@@ -31504,6 +31542,10 @@ var CheckpointConfigSchema = exports_external.object({
   enabled: exports_external.boolean().default(true),
   auto_checkpoint_threshold: exports_external.number().min(1).max(20).default(3)
 });
+var GitingestConfigSchema = exports_external.object({
+  enabled: exports_external.boolean().default(true),
+  endpoint: exports_external.string().url().default("https://gitingest.com/api/ingest")
+});
 var AutomationModeSchema = exports_external.enum(["manual", "hybrid", "auto"]);
 var AutomationCapabilitiesSchema = exports_external.object({
   plan_sync: exports_external.boolean().default(true),
@@ -31525,7 +31567,7 @@ var AutomationConfigSchemaBase = exports_external.object({
   })
 });
 var AutomationConfigSchema = AutomationConfigSchemaBase;
-var PluginConfigSchema = exports_external.object({
+var pluginConfigShape = {
   agents: exports_external.record(exports_external.string(), AgentOverrideConfigSchema).optional(),
   swarms: exports_external.record(exports_external.string(), SwarmConfigSchema).optional(),
   max_iterations: exports_external.number().min(1).max(10).default(5),
@@ -31539,31 +31581,25 @@ var PluginConfigSchema = exports_external.object({
   review_passes: ReviewPassesConfigSchema.optional(),
   integration_analysis: IntegrationAnalysisConfigSchema.optional(),
   docs: DocsConfigSchema.optional(),
+  gitingest: GitingestConfigSchema.optional(),
   ui_review: UIReviewConfigSchema.optional(),
   compaction_advisory: CompactionAdvisoryConfigSchema.optional(),
   lint: LintConfigSchema.optional(),
   secretscan: SecretscanConfigSchema.optional(),
   checkpoint: CheckpointConfigSchema.optional(),
   automation: AutomationConfigSchema.optional()
-});
+};
+var PLUGIN_CONFIG_ALLOWED_KEYS = new Set(Object.keys(pluginConfigShape));
+var PluginConfigSchema = exports_external.object(pluginConfigShape);
 
 // src/config/loader.ts
 var CONFIG_FILENAME = "opencode-swarm.json";
 var PROMPTS_DIR_NAME = "opencode-swarm";
 var MAX_CONFIG_FILE_BYTES = 102400;
-function getUserConfigDir() {
-  return process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
-}
 function loadRawConfigFromPath(configPath) {
   try {
-    const stats = fs.statSync(configPath);
-    if (stats.size > MAX_CONFIG_FILE_BYTES) {
-      console.warn(`[opencode-swarm] Config file too large (max 100 KB): ${configPath}`);
-      console.warn("[opencode-swarm] \u26A0\uFE0F SECURITY: Config file exceeds size limit. Falling back to safe defaults with guardrails ENABLED.");
-      return { config: null, fileExisted: true, hadError: true };
-    }
     const content = fs.readFileSync(configPath, "utf-8");
-    if (content.length > MAX_CONFIG_FILE_BYTES) {
+    if (Buffer.byteLength(content, "utf-8") > MAX_CONFIG_FILE_BYTES) {
       console.warn(`[opencode-swarm] Config file too large after read (max 100 KB): ${configPath}`);
       console.warn("[opencode-swarm] \u26A0\uFE0F SECURITY: Config file exceeds size limit. Falling back to safe defaults with guardrails ENABLED.");
       return { config: null, fileExisted: true, hadError: true };
@@ -31579,10 +31615,10 @@ function loadRawConfigFromPath(configPath) {
       fileExisted: true,
       hadError: false
     };
-  } catch (error48) {
-    const isFileNotFoundError = error48 instanceof Error && "code" in error48 && error48.code === "ENOENT";
+  } catch (error49) {
+    const isFileNotFoundError = error49 instanceof Error && "code" in error49 && error49.code === "ENOENT";
     if (!isFileNotFoundError) {
-      const errorMessage = error48 instanceof Error ? error48.message : String(error48);
+      const errorMessage = error49 instanceof Error ? error49.message : String(error49);
       console.warn(`[opencode-swarm] \u26A0\uFE0F CONFIG LOAD FAILURE \u2014 config exists at ${configPath} but could not be loaded: ${errorMessage}`);
       console.warn("[opencode-swarm] \u26A0\uFE0F SECURITY: Config load failed. Falling back to safe defaults with guardrails ENABLED.");
       return { config: null, fileExisted: true, hadError: true };
@@ -31590,9 +31626,15 @@ function loadRawConfigFromPath(configPath) {
     return { config: null, fileExisted: false, hadError: false };
   }
 }
-function loadPluginConfig(directory) {
-  const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
-  const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
+function warnOnUnknownPluginConfigFields(config2, context) {
+  const unknownKeys = Object.keys(config2).filter((key) => !PLUGIN_CONFIG_ALLOWED_KEYS.has(key)).sort();
+  if (unknownKeys.length === 0)
+    return;
+  warn(`${context} contains unknown plugin config fields: ${unknownKeys.join(", ")}. They will be ignored.`);
+}
+function _loadPluginConfigInternal(directory) {
+  const userConfigPath = path2.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
+  const projectConfigPath = path2.join(directory, ".opencode", CONFIG_FILENAME);
   const userResult = loadRawConfigFromPath(userConfigPath);
   const projectResult = loadRawConfigFromPath(projectConfigPath);
   const rawUserConfig = userResult.config;
@@ -31603,56 +31645,67 @@ function loadPluginConfig(directory) {
   if (rawProjectConfig) {
     mergedRaw = deepMerge(mergedRaw, rawProjectConfig);
   }
+  warnOnUnknownPluginConfigFields(mergedRaw, "Merged plugin configuration");
   const result = PluginConfigSchema.safeParse(mergedRaw);
   if (!result.success) {
     if (rawUserConfig) {
       const userParseResult = PluginConfigSchema.safeParse(rawUserConfig);
       if (userParseResult.success) {
         console.warn("[opencode-swarm] Project config ignored due to validation errors. Using user config.");
-        return userParseResult.data;
+        return {
+          config: userParseResult.data,
+          loadedFromFile,
+          configHadErrors
+        };
       }
     }
     console.warn("[opencode-swarm] Merged config validation failed:");
     console.warn(result.error.format());
     console.warn("[opencode-swarm] \u26A0\uFE0F SECURITY: Falling back to conservative defaults with guardrails ENABLED. Fix the config file to restore custom configuration.");
-    return PluginConfigSchema.parse({
-      guardrails: { enabled: true }
-    });
+    return {
+      config: PluginConfigSchema.parse({
+        guardrails: { enabled: true }
+      }),
+      loadedFromFile,
+      configHadErrors
+    };
   }
   if (loadedFromFile && configHadErrors) {
-    return PluginConfigSchema.parse({
-      ...mergedRaw,
-      guardrails: { enabled: true }
-    });
+    return {
+      config: PluginConfigSchema.parse({
+        ...mergedRaw,
+        guardrails: { enabled: true }
+      }),
+      loadedFromFile,
+      configHadErrors
+    };
   }
-  return result.data;
+  return { config: result.data, loadedFromFile, configHadErrors };
+}
+function loadPluginConfig(directory) {
+  return _loadPluginConfigInternal(directory).config;
 }
 function loadPluginConfigWithMeta(directory) {
-  const userConfigPath = path.join(getUserConfigDir(), "opencode", CONFIG_FILENAME);
-  const projectConfigPath = path.join(directory, ".opencode", CONFIG_FILENAME);
-  const userResult = loadRawConfigFromPath(userConfigPath);
-  const projectResult = loadRawConfigFromPath(projectConfigPath);
-  const loadedFromFile = userResult.fileExisted || projectResult.fileExisted;
-  const config2 = loadPluginConfig(directory);
-  return { config: config2, loadedFromFile };
+  const result = _loadPluginConfigInternal(directory);
+  return { config: result.config, loadedFromFile: result.loadedFromFile };
 }
 function loadAgentPrompt(agentName) {
-  const promptsDir = path.join(getUserConfigDir(), "opencode", PROMPTS_DIR_NAME);
+  const promptsDir = path2.join(getUserConfigDir(), "opencode", PROMPTS_DIR_NAME);
   const result = {};
-  const promptPath = path.join(promptsDir, `${agentName}.md`);
+  const promptPath = path2.join(promptsDir, `${agentName}.md`);
   if (fs.existsSync(promptPath)) {
     try {
       result.prompt = fs.readFileSync(promptPath, "utf-8");
-    } catch (error48) {
-      console.warn(`[opencode-swarm] Error reading prompt file ${promptPath}:`, error48 instanceof Error ? error48.message : String(error48));
+    } catch (error49) {
+      console.warn(`[opencode-swarm] Error reading prompt file ${promptPath}:`, error49 instanceof Error ? error49.message : String(error49));
     }
   }
-  const appendPromptPath = path.join(promptsDir, `${agentName}_append.md`);
+  const appendPromptPath = path2.join(promptsDir, `${agentName}_append.md`);
   if (fs.existsSync(appendPromptPath)) {
     try {
       result.appendPrompt = fs.readFileSync(appendPromptPath, "utf-8");
-    } catch (error48) {
-      console.warn(`[opencode-swarm] Error reading append prompt ${appendPromptPath}:`, error48 instanceof Error ? error48.message : String(error48));
+    } catch (error49) {
+      console.warn(`[opencode-swarm] Error reading append prompt ${appendPromptPath}:`, error49 instanceof Error ? error49.message : String(error49));
     }
   }
   return result;
@@ -31661,6 +31714,14 @@ function loadAgentPrompt(agentName) {
 // src/config/index.ts
 init_plan_schema();
 
+// src/agents/model.ts
+function resolveModel(model) {
+  if (!model || model === "current") {
+    return;
+  }
+  return model;
+}
+
 // src/agents/architect.ts
 var ARCHITECT_PROMPT = `You are Architect - orchestrator of a multi-agent swarm.
 
@@ -31929,6 +31990,7 @@ Swarm: {{SWARM_ID}}
 - [pattern]: [usage]
 \`\`\``;
 function createArchitectAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = ARCHITECT_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -31941,7 +32003,7 @@ ${customAppendPrompt}`;
     name: "architect",
     description: "Central orchestrator of the development pipeline. Analyzes requests, coordinates SME consultation, manages code generation, and triages QA feedback.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.1,
       prompt
     }
@@ -31975,6 +32037,7 @@ OUTPUT FORMAT:
 DONE: [one-line summary]
 CHANGED: [file]: [what changed]`;
 function createCoderAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = CODER_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -31987,7 +32050,7 @@ ${customAppendPrompt}`;
     name: "coder",
     description: "Production-quality code implementation specialist. Receives unified specifications and writes complete, working code.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.2,
       prompt
     }
@@ -32033,6 +32096,7 @@ RULES:
 - Don't reject for style/formatting \u2014 focus on substance
 - If the plan is fundamentally sound with only minor concerns, APPROVE it`;
 function createCriticAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = CRITIC_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32045,7 +32109,7 @@ ${customAppendPrompt}`;
     name: "critic",
     description: "Plan critic. Reviews the architect's plan before implementation begins \u2014 checks completeness, feasibility, scope, dependencies, and flags AI-slop.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.1,
       prompt,
       tools: {
@@ -32190,6 +32254,7 @@ RULES:
 - Do NOT implement business logic \u2014 leave that for the coder
 - Keep output under 3000 characters per component`;
 function createDesignerAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = DESIGNER_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32202,7 +32267,7 @@ ${customAppendPrompt}`;
     name: "designer",
     description: "UI/UX design specification agent. Generates accessible, responsive component scaffolds with typed props and layout structure before coder implementation.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.3,
       prompt
     }
@@ -32263,6 +32328,7 @@ ADDED: [list of new sections/files created]
 REMOVED: [list of deprecated sections removed]
 SUMMARY: [one-line description of doc changes]`;
 function createDocsAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = DOCS_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32275,7 +32341,7 @@ ${customAppendPrompt}`;
     name: "docs",
     description: "Documentation synthesizer. Updates README, API docs, and guides to reflect code changes after each phase.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.2,
       prompt
     }
@@ -32323,6 +32389,7 @@ DOMAINS: [relevant SME domains: powershell, security, python, etc.]
 REVIEW NEEDED:
 - [path]: [why, which SME]`;
 function createExplorerAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = EXPLORER_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32335,7 +32402,7 @@ ${customAppendPrompt}`;
     name: "explorer",
     description: "Fast codebase discovery and analysis. Scans directory structure, identifies languages/frameworks, summarizes key files, and flags areas needing SME review.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.1,
       prompt,
       tools: {
@@ -32381,6 +32448,7 @@ RISK LEVELS:
 - HIGH: must fix
 - CRITICAL: blocks approval`;
 function createReviewerAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = REVIEWER_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32393,7 +32461,7 @@ ${customAppendPrompt}`;
     name: "reviewer",
     description: "Code reviewer. Verifies correctness, finds vulnerabilities, and checks quality across architect-specified dimensions.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.1,
       prompt,
       tools: {
@@ -32432,6 +32500,7 @@ RULES:
 - Be actionable: info Coder can use directly
 - No code writing`;
 function createSMEAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = SME_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32444,7 +32513,7 @@ ${customAppendPrompt}`;
     name: "sme",
     description: "Open-domain subject matter expert. Provides deep technical guidance on any domain the Architect requests \u2014 from security to iOS to Kubernetes.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.2,
       prompt,
       tools: {
@@ -32518,6 +32587,7 @@ COVERAGE REPORTING:
 - If COVERAGE_PCT < 70%, add a note: "COVERAGE_WARNING: Below 70% threshold \u2014 consider additional test cases for uncovered paths."
 - The architect uses this to decide whether to request an additional test pass (Rule 10 / Phase 5 step 5h).`;
 function createTestEngineerAgent(model, customPrompt, customAppendPrompt) {
+  const resolvedModel = resolveModel(model);
   let prompt = TEST_ENGINEER_PROMPT;
   if (customPrompt) {
     prompt = customPrompt;
@@ -32530,7 +32600,7 @@ ${customAppendPrompt}`;
     name: "test_engineer",
     description: "Testing and validation specialist. Generates test cases, runs them, and reports structured PASS/FAIL verdicts.",
     config: {
-      model,
+      ...resolvedModel !== undefined && { model: resolvedModel },
       temperature: 0.2,
       prompt
     }
@@ -32550,8 +32620,9 @@ function stripSwarmPrefix(agentName, swarmPrefix) {
 function getModelForAgent(agentName, swarmAgents, swarmPrefix) {
   const baseAgentName = stripSwarmPrefix(agentName, swarmPrefix);
   const explicit = swarmAgents?.[baseAgentName]?.model;
-  if (explicit)
-    return explicit;
+  if (explicit !== undefined) {
+    return resolveModel(explicit);
+  }
   return DEFAULT_MODELS[baseAgentName] ?? DEFAULT_MODELS.default;
 }
 function isAgentDisabled(agentName, swarmAgents, swarmPrefix) {
@@ -32722,8 +32793,8 @@ class CircuitBreaker {
   async execute(fn) {
     const state = this.getState();
     if (state === "open") {
-      const error48 = new Error(`Circuit breaker '${this.name}' is open`);
-      throw error48;
+      const error49 = new Error(`Circuit breaker '${this.name}' is open`);
+      throw error49;
     }
     const startTime = Date.now();
     try {
@@ -32731,10 +32802,10 @@ class CircuitBreaker {
       const duration3 = Date.now() - startTime;
       this.recordSuccess(duration3);
       return result;
-    } catch (error48) {
+    } catch (error49) {
       const duration3 = Date.now() - startTime;
-      this.recordFailure(error48, duration3);
-      throw error48;
+      this.recordFailure(error49, duration3);
+      throw error49;
     }
   }
   async executeWithTimeout(fn) {
@@ -32748,9 +32819,9 @@ class CircuitBreaker {
       fn().then((result) => {
         clearTimeout(timeout);
         resolve(result);
-      }).catch((error48) => {
+      }).catch((error49) => {
         clearTimeout(timeout);
-        reject(error48);
+        reject(error49);
       });
     });
   }
@@ -32764,7 +32835,7 @@ class CircuitBreaker {
     }
     this.onStateChange?.("callSuccess", { duration: duration3 });
   }
-  recordFailure(error48, duration3) {
+  recordFailure(error49, duration3) {
     this.failureCount++;
     this.lastFailureTime = Date.now();
     if (this.state === "half-open") {
@@ -32772,7 +32843,7 @@ class CircuitBreaker {
     } else if (this.state === "closed" && this.failureCount >= this.config.failureThreshold) {
       this.transitionTo("open");
     }
-    this.onStateChange?.("callFailure", { error: error48, duration: duration3 });
+    this.onStateChange?.("callFailure", { error: error49, duration: duration3 });
   }
   transitionTo(newState) {
     const oldState = this.state;
@@ -33248,7 +33319,7 @@ function createAutomationManager(automationConfig) {
 init_manager2();
 init_utils();
 import * as fs2 from "fs";
-import * as path6 from "path";
+import * as path7 from "path";
 
 class PlanSyncWorker {
   directory;
@@ -33272,10 +33343,10 @@ class PlanSyncWorker {
     this.onSyncComplete = options.onSyncComplete;
   }
   getSwarmDir() {
-    return path6.resolve(this.directory, ".swarm");
+    return path7.resolve(this.directory, ".swarm");
   }
   getPlanJsonPath() {
-    return path6.join(this.getSwarmDir(), "plan.json");
+    return path7.join(this.getSwarmDir(), "plan.json");
   }
   start() {
     if (this.disposed) {
@@ -33510,7 +33581,7 @@ function handleAgentsCommand(agents, guardrails) {
   }
   const lines = [`## Registered Agents (${entries.length} total)`, ""];
   for (const [key, agent] of entries) {
-    const model = agent.config.model || "default";
+    const model = agent.config.model === undefined ? "current session model" : agent.config.model || "default";
     const temp = agent.config.temperature !== undefined ? agent.config.temperature.toString() : "default";
     const tools = agent.config.tools || {};
     const isReadOnly = tools.write === false || tools.edit === false;
@@ -33622,6 +33693,8 @@ async function handleArchiveCommand(directory, args) {
 init_manager();
 
 // src/state.ts
+var TOOL_AGGREGATE_CAP = 1000;
+var MAX_DELEGATION_CHAIN_SESSIONS = 1000;
 var swarmState = {
   activeToolCalls: new Map,
   toolAggregates: new Map,
@@ -33630,6 +33703,14 @@ var swarmState = {
   pendingEvents: 0,
   agentSessions: new Map
 };
+function enforceToolAggregateCapacity(key) {
+  if (!swarmState.toolAggregates.has(key) && swarmState.toolAggregates.size >= TOOL_AGGREGATE_CAP) {
+    const firstKey = swarmState.toolAggregates.keys().next().value;
+    if (firstKey !== undefined) {
+      swarmState.toolAggregates.delete(firstKey);
+    }
+  }
+}
 function startAgentSession(sessionId, agentName, staleDurationMs = 7200000) {
   const now = Date.now();
   const staleIds = [];
@@ -33640,6 +33721,8 @@ function startAgentSession(sessionId, agentName, staleDurationMs = 7200000) {
   }
   for (const id of staleIds) {
     swarmState.agentSessions.delete(id);
+    swarmState.activeAgent.delete(id);
+    swarmState.delegationChains.delete(id);
   }
   const sessionState = {
     agentName,
@@ -33956,15 +34039,12 @@ async function handleBenchmarkCommand(directory, args) {
 }
 
 // src/commands/config.ts
-import * as os2 from "os";
-import * as path8 from "path";
-function getUserConfigDir2() {
-  return process.env.XDG_CONFIG_HOME || path8.join(os2.homedir(), ".config");
-}
+import * as path9 from "path";
+init_utils();
 async function handleConfigCommand(directory, _args) {
   const config2 = loadPluginConfig(directory);
-  const userConfigPath = path8.join(getUserConfigDir2(), "opencode", "opencode-swarm.json");
-  const projectConfigPath = path8.join(directory, ".opencode", "opencode-swarm.json");
+  const userConfigPath = path9.join(getUserConfigDir(), "opencode", "opencode-swarm.json");
+  const projectConfigPath = path9.join(directory, ".opencode", "opencode-swarm.json");
   const lines = [
     "## Swarm Configuration",
     "",
@@ -34389,6 +34469,56 @@ async function handleEvidenceSummaryCommand(directory) {
   return lines.join(`
 `);
 }
+// package.json
+var package_default = {
+  name: "opencode-swarm",
+  version: "6.8.1",
+  description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
+  main: "dist/index.js",
+  types: "dist/index.d.ts",
+  bin: {
+    "opencode-swarm": "./dist/cli/index.js"
+  },
+  type: "module",
+  license: "MIT",
+  keywords: [
+    "opencode",
+    "opencode-plugin",
+    "ai",
+    "agents",
+    "orchestration",
+    "swarm",
+    "multi-agent",
+    "llm"
+  ],
+  files: [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  scripts: {
+    clean: "rm -rf dist",
+    build: "rm -rf dist && bun build src/index.ts --outdir dist --target bun --format esm && bun build src/cli/index.ts --outdir dist/cli --target bun --format esm && tsc --emitDeclarationOnly",
+    typecheck: "tsc --noEmit",
+    test: "bun test",
+    lint: "biome lint .",
+    format: "biome format . --write",
+    check: "biome check --write .",
+    dev: "bun run build && opencode",
+    prepublishOnly: "bun run build"
+  },
+  dependencies: {
+    "@opencode-ai/plugin": "^1.1.53",
+    "@opencode-ai/sdk": "^1.1.53",
+    zod: "^4.1.8"
+  },
+  devDependencies: {
+    "@biomejs/biome": "2.3.14",
+    "bun-types": "latest",
+    typescript: "^5.7.3"
+  }
+};
+
 // src/services/export-service.ts
 init_utils2();
 init_manager2();
@@ -34397,7 +34527,7 @@ async function getExportData(directory) {
   const planContent = await readSwarmFileAsync(directory, "plan.md");
   const contextContent = await readSwarmFileAsync(directory, "context.md");
   return {
-    version: "4.5.0",
+    version: package_default.version,
     exported: new Date().toISOString(),
     plan: planStructured || planContent,
     context: contextContent
@@ -34693,7 +34823,7 @@ init_preflight_service();
 
 // src/commands/reset.ts
 init_utils2();
-import * as fs8 from "fs";
+import * as fs9 from "fs";
 async function handleResetCommand(directory, args) {
   const hasConfirm = args.includes("--confirm");
   if (!hasConfirm) {
@@ -34713,8 +34843,8 @@ async function handleResetCommand(directory, args) {
   for (const filename of filesToReset) {
     try {
       const resolvedPath = validateSwarmPath(directory, filename);
-      if (fs8.existsSync(resolvedPath)) {
-        fs8.unlinkSync(resolvedPath);
+      if (fs9.existsSync(resolvedPath)) {
+        fs9.unlinkSync(resolvedPath);
         results.push(`- \u2705 Deleted ${filename}`);
       } else {
         results.push(`- \u23ED\uFE0F ${filename} not found (skipped)`);
@@ -34725,8 +34855,8 @@ async function handleResetCommand(directory, args) {
   }
   try {
     const summariesPath = validateSwarmPath(directory, "summaries");
-    if (fs8.existsSync(summariesPath)) {
-      fs8.rmSync(summariesPath, { recursive: true, force: true });
+    if (fs9.existsSync(summariesPath)) {
+      fs9.rmSync(summariesPath, { recursive: true, force: true });
       results.push("- \u2705 Deleted summaries/ directory");
     } else {
       results.push("- \u23ED\uFE0F summaries/ not found (skipped)");
@@ -34747,8 +34877,9 @@ async function handleResetCommand(directory, args) {
 // src/summaries/manager.ts
 init_utils2();
 init_utils();
-import { mkdirSync as mkdirSync5, readdirSync as readdirSync4, renameSync as renameSync2, rmSync as rmSync3, statSync as statSync6 } from "fs";
-import * as path13 from "path";
+import { randomBytes } from "crypto";
+import { mkdirSync as mkdirSync5, readdirSync as readdirSync4, renameSync as renameSync2, rmSync as rmSync3, statSync as statSync5 } from "fs";
+import * as path16 from "path";
 var SUMMARY_ID_REGEX = /^S\d+$/;
 function sanitizeSummaryId(id) {
   if (!id || id.length === 0) {
@@ -34776,9 +34907,9 @@ async function storeSummary(directory, id, fullOutput, summaryText, maxStoredByt
   if (outputBytes > maxStoredBytes) {
     throw new Error(`Summary fullOutput size (${outputBytes} bytes) exceeds maximum (${maxStoredBytes} bytes)`);
   }
-  const relativePath = path13.join("summaries", `${sanitizedId}.json`);
+  const relativePath = path16.join("summaries", `${sanitizedId}.json`);
   const summaryPath = validateSwarmPath(directory, relativePath);
-  const summaryDir = path13.dirname(summaryPath);
+  const summaryDir = path16.dirname(summaryPath);
   const entry = {
     id: sanitizedId,
     summaryText,
@@ -34788,7 +34919,7 @@ async function storeSummary(directory, id, fullOutput, summaryText, maxStoredByt
   };
   const entryJson = JSON.stringify(entry);
   mkdirSync5(summaryDir, { recursive: true });
-  const tempPath = path13.join(summaryDir, `${sanitizedId}.json.tmp.${Date.now()}.${process.pid}`);
+  const tempPath = path16.join(summaryDir, `${sanitizedId}.json.tmp.${Date.now()}.${randomBytes(16).toString("hex")}`);
   try {
     await Bun.write(tempPath, entryJson);
     renameSync2(tempPath, summaryPath);
@@ -34801,7 +34932,7 @@ async function storeSummary(directory, id, fullOutput, summaryText, maxStoredByt
 }
 async function loadFullOutput(directory, id) {
   const sanitizedId = sanitizeSummaryId(id);
-  const relativePath = path13.join("summaries", `${sanitizedId}.json`);
+  const relativePath = path16.join("summaries", `${sanitizedId}.json`);
   validateSwarmPath(directory, relativePath);
   const content = await readSwarmFileAsync(directory, relativePath);
   if (content === null) {
@@ -35275,6 +35406,7 @@ function createAgentActivityHooks(config3, directory) {
       else
         existing.failureCount++;
       existing.totalDuration += duration5;
+      enforceToolAggregateCapacity(key);
       swarmState.toolAggregates.set(key, existing);
       swarmState.pendingEvents++;
       if (swarmState.pendingEvents >= 20) {
@@ -35305,8 +35437,8 @@ async function doFlush(directory) {
     const activitySection = renderActivitySection();
     const updated = replaceOrAppendSection(existing, "## Agent Activity", activitySection);
     const flushedCount = swarmState.pendingEvents;
-    const path14 = `${directory}/.swarm/context.md`;
-    await Bun.write(path14, updated);
+    const path17 = `${directory}/.swarm/context.md`;
+    await Bun.write(path17, updated);
     swarmState.pendingEvents = Math.max(0, swarmState.pendingEvents - flushedCount);
   } catch (error93) {
     warn("Agent activity flush failed:", error93);
@@ -35578,6 +35710,11 @@ function createDelegationTrackerHook(config3, guardrailsEnabled = true) {
         to: agentName,
         timestamp: now
       };
+      if (!swarmState.delegationChains.has(input.sessionID) && swarmState.delegationChains.size >= MAX_DELEGATION_CHAIN_SESSIONS) {
+        const firstKey = swarmState.delegationChains.keys().next().value;
+        if (firstKey !== undefined)
+          swarmState.delegationChains.delete(firstKey);
+      }
       if (!swarmState.delegationChains.has(input.sessionID)) {
         swarmState.delegationChains.set(input.sessionID, []);
       }
@@ -35861,15 +35998,15 @@ ${originalText}`;
   };
 }
 // src/hooks/system-enhancer.ts
-import * as fs10 from "fs";
-import * as path15 from "path";
+import * as fs11 from "fs";
+import * as path18 from "path";
 init_manager2();
 
 // src/services/decision-drift-analyzer.ts
 init_utils2();
 init_manager2();
-import * as fs9 from "fs";
-import * as path14 from "path";
+import * as fs10 from "fs";
+import * as path17 from "path";
 var DEFAULT_DRIFT_CONFIG = {
   staleThresholdPhases: 1,
   detectContradictions: true,
@@ -36023,11 +36160,11 @@ async function analyzeDecisionDrift(directory, config3 = {}) {
         currentPhase = legacyPhase;
       }
     }
-    const contextPath = path14.join(directory, ".swarm", "context.md");
+    const contextPath = path17.join(directory, ".swarm", "context.md");
     let contextContent = "";
     try {
-      if (fs9.existsSync(contextPath)) {
-        contextContent = fs9.readFileSync(contextPath, "utf-8");
+      if (fs10.existsSync(contextPath)) {
+        contextContent = fs10.readFileSync(contextPath, "utf-8");
       }
     } catch {
       return {
@@ -36206,6 +36343,265 @@ function estimateContentType(text) {
   }
   return "prose";
 }
+async function loadPhaseTask(directory) {
+  const plan = await loadPlan(directory);
+  if (plan && plan.migration_status !== "migration_failed") {
+    const phaseFromPlan = extractCurrentPhaseFromPlan(plan);
+    const taskFromPlan = extractCurrentTaskFromPlan(plan);
+    if (phaseFromPlan === null && taskFromPlan === null) {
+      const planContent = await readSwarmFileAsync(directory, "plan.md");
+      if (planContent) {
+        return {
+          currentPhase: extractCurrentPhase(planContent),
+          currentTask: extractCurrentTask(planContent)
+        };
+      }
+    }
+    return {
+      currentPhase: phaseFromPlan,
+      currentTask: taskFromPlan
+    };
+  } else {
+    const planContent = await readSwarmFileAsync(directory, "plan.md");
+    if (planContent) {
+      return {
+        currentPhase: extractCurrentPhase(planContent),
+        currentTask: extractCurrentTask(planContent)
+      };
+    }
+  }
+  return { currentPhase: null, currentTask: null };
+}
+async function loadContextDetails(directory, sessionId, config3) {
+  const contextContent = await readSwarmFileAsync(directory, "context.md");
+  const decisions = contextContent ? extractDecisions(contextContent, 200) : null;
+  const activeAgentForSession = sessionId ? swarmState.activeAgent.get(sessionId) : undefined;
+  const isArchitect = !activeAgentForSession || stripKnownSwarmPrefix(activeAgentForSession) === "architect";
+  let agentContext = null;
+  if (config3.hooks?.agent_activity !== false && sessionId && contextContent && activeAgentForSession) {
+    const extracted = extractAgentContext(contextContent, activeAgentForSession, config3.hooks?.agent_awareness_max_chars ?? 300);
+    if (extracted) {
+      agentContext = `[SWARM AGENT CONTEXT] ${extracted}`;
+    }
+  }
+  return { contextContent, decisions, agentContext, isArchitect };
+}
+function getConfigHints(config3) {
+  const hints = [];
+  if (config3.review_passes?.always_security_review) {
+    hints.push("[SWARM CONFIG] Security review pass is MANDATORY for ALL tasks. Skip file-pattern check \u2014 always run security-only reviewer pass after general review APPROVED.");
+  }
+  if (config3.integration_analysis?.enabled === false) {
+    hints.push("[SWARM CONFIG] Integration analysis is DISABLED. Skip diff tool and integration impact analysis after coder tasks.");
+  }
+  if (config3.ui_review?.enabled) {
+    hints.push("[SWARM CONFIG] UI/UX Designer agent is ENABLED. For tasks matching UI trigger keywords or file paths, delegate to designer BEFORE coder (Rule 9).");
+  }
+  if (config3.docs?.enabled === false) {
+    hints.push("[SWARM CONFIG] Docs agent is DISABLED. Skip docs delegation in Phase 6.");
+  }
+  if (config3.lint?.enabled === false) {
+    hints.push("[SWARM CONFIG] Lint gate is DISABLED. Skip lint check/fix in QA sequence.");
+  }
+  if (config3.secretscan?.enabled === false) {
+    hints.push("[SWARM CONFIG] Secretscan gate is DISABLED. Skip secretscan in QA sequence.");
+  }
+  return hints;
+}
+async function getRetrospectiveHint(directory, isArchitect) {
+  if (!isArchitect)
+    return null;
+  try {
+    const evidenceDir = path18.join(directory, ".swarm", "evidence");
+    if (!fs11.existsSync(evidenceDir))
+      return null;
+    const files = fs11.readdirSync(evidenceDir).filter((f) => f.endsWith(".json")).sort().reverse();
+    for (const file3 of files.slice(0, 5)) {
+      let content;
+      try {
+        content = JSON.parse(fs11.readFileSync(path18.join(evidenceDir, file3), "utf-8"));
+      } catch {
+        continue;
+      }
+      if (content !== null && typeof content === "object" && content.type === "retrospective") {
+        const retro = content;
+        const hints = [];
+        if (retro.reviewer_rejections > 2) {
+          hints.push(`Phase ${retro.phase_number} had ${retro.reviewer_rejections} reviewer rejections.`);
+        }
+        if (retro.top_rejection_reasons.length > 0) {
+          hints.push(`Common rejection reasons: ${retro.top_rejection_reasons.join(", ")}.`);
+        }
+        if (retro.lessons_learned.length > 0) {
+          hints.push(`Lessons: ${retro.lessons_learned.join("; ")}.`);
+        }
+        if (hints.length > 0) {
+          const retroHint = `[SWARM RETROSPECTIVE] From Phase ${retro.phase_number}: ${hints.join(" ")}`;
+          const retroText = retroHint.length <= 800 ? retroHint : retroHint.substring(0, 800) + "...";
+          return retroText;
+        }
+        break;
+      }
+    }
+  } catch {}
+  return null;
+}
+function getCompactionHint(sessionId, config3, isArchitect) {
+  if (!isArchitect)
+    return null;
+  const compactionConfig = config3.compaction_advisory;
+  if (compactionConfig?.enabled === false)
+    return null;
+  if (!sessionId)
+    return null;
+  const session = swarmState.agentSessions.get(sessionId);
+  if (!session)
+    return null;
+  const totalToolCalls = Array.from(swarmState.toolAggregates.values()).reduce((sum, agg) => sum + agg.count, 0);
+  const thresholds = compactionConfig?.thresholds ?? [50, 75, 100, 125, 150];
+  const lastHint = session.lastCompactionHint || 0;
+  for (const threshold of thresholds) {
+    if (totalToolCalls >= threshold && lastHint < threshold) {
+      const messageTemplate = compactionConfig?.message ?? "[SWARM HINT] Session has ${totalToolCalls} tool calls. Consider compacting at next phase boundary to maintain context quality.";
+      const message = messageTemplate.replace("${totalToolCalls}", String(totalToolCalls));
+      session.lastCompactionHint = threshold;
+      return message;
+    }
+  }
+  return null;
+}
+async function getDecisionDriftHint(sessionId, config3, directory, isArchitect) {
+  if (!isArchitect)
+    return null;
+  const automationCapabilities = config3.automation?.capabilities;
+  if (automationCapabilities?.decision_drift_detection !== true)
+    return null;
+  if (!sessionId)
+    return null;
+  try {
+    const driftResult = await analyzeDecisionDrift(directory);
+    if (driftResult.hasDrift) {
+      const driftText = formatDriftForContext(driftResult);
+      if (driftText)
+        return driftText;
+    }
+  } catch {}
+  return null;
+}
+async function loadSwarmArtifacts(directory, sessionId, config3) {
+  const [phaseTask, contextDetails] = await Promise.all([
+    loadPhaseTask(directory),
+    loadContextDetails(directory, sessionId, config3)
+  ]);
+  return {
+    phaseTask,
+    contextDetails,
+    scoringEnabled: config3.context_budget?.scoring?.enabled === true,
+    maxInjectionTokens: config3.context_budget?.max_injection_tokens ?? Number.POSITIVE_INFINITY
+  };
+}
+async function buildInjectionCandidates(artifacts, config3, sessionId, directory) {
+  const { phaseTask, contextDetails } = artifacts;
+  const candidates = [];
+  let idCounter = 0;
+  const addCandidate = (kind, text, priority, contentType = "prose", metadata) => {
+    candidates.push({
+      id: `candidate-${idCounter++}`,
+      kind,
+      text,
+      tokens: estimateTokens(text),
+      priority,
+      metadata: { contentType, ...metadata }
+    });
+  };
+  if (phaseTask.currentPhase) {
+    addCandidate("phase", `[SWARM CONTEXT] Current phase: ${phaseTask.currentPhase}`, 1, estimateContentType(phaseTask.currentPhase));
+  }
+  if (phaseTask.currentTask) {
+    addCandidate("task", `[SWARM CONTEXT] Current task: ${phaseTask.currentTask}`, 2, estimateContentType(phaseTask.currentTask), { isCurrentTask: true });
+  }
+  if (contextDetails.decisions) {
+    addCandidate("decision", `[SWARM CONTEXT] Key decisions: ${contextDetails.decisions}`, 3, estimateContentType(contextDetails.decisions));
+  }
+  if (contextDetails.agentContext) {
+    addCandidate("agent_context", contextDetails.agentContext, 4, estimateContentType(contextDetails.agentContext));
+  }
+  for (const hint of getConfigHints(config3)) {
+    addCandidate("phase", hint, 1, "prose");
+  }
+  addCandidate("phase", "[SWARM HINT] Large tool outputs may be auto-summarized. Use /swarm retrieve <id> to get the full content if needed.", 2, "prose");
+  if (contextDetails.isArchitect) {
+    const retroText = await getRetrospectiveHint(directory, contextDetails.isArchitect);
+    if (retroText) {
+      addCandidate("phase", retroText, 2, "prose");
+    }
+    const compactionMessage = getCompactionHint(sessionId, config3, contextDetails.isArchitect);
+    if (compactionMessage) {
+      addCandidate("phase", compactionMessage, 1, "prose");
+    }
+    const driftText = await getDecisionDriftHint(sessionId, config3, directory, contextDetails.isArchitect);
+    if (driftText) {
+      addCandidate("phase", driftText, 2, "prose");
+    }
+  }
+  const userScoringConfig = config3.context_budget?.scoring;
+  const effectiveConfig = userScoringConfig?.weights ? {
+    ...DEFAULT_SCORING_CONFIG,
+    ...userScoringConfig,
+    weights: userScoringConfig.weights
+  } : DEFAULT_SCORING_CONFIG;
+  return { candidates, effectiveConfig };
+}
+async function applyLegacyInjection(artifacts, config3, directory, sessionId, maxInjectionTokens, output) {
+  const { phaseTask, contextDetails } = artifacts;
+  let injectedTokens = 0;
+  const tryInject = (text) => {
+    const tokens = estimateTokens(text);
+    if (injectedTokens + tokens <= maxInjectionTokens) {
+      output.system.push(text);
+      injectedTokens += tokens;
+    }
+  };
+  if (phaseTask.currentPhase) {
+    tryInject(`[SWARM CONTEXT] Current phase: ${phaseTask.currentPhase}`);
+  }
+  if (phaseTask.currentTask) {
+    tryInject(`[SWARM CONTEXT] Current task: ${phaseTask.currentTask}`);
+  }
+  if (contextDetails.decisions) {
+    tryInject(`[SWARM CONTEXT] Key decisions: ${contextDetails.decisions}`);
+  }
+  if (contextDetails.agentContext) {
+    tryInject(contextDetails.agentContext);
+  }
+  tryInject("[SWARM HINT] Large tool outputs may be auto-summarized. Use /swarm retrieve <id> to get the full content if needed.");
+  for (const hint of getConfigHints(config3)) {
+    tryInject(hint);
+  }
+  if (contextDetails.isArchitect) {
+    const retroText = await getRetrospectiveHint(directory, true);
+    if (retroText)
+      tryInject(retroText);
+    const compactionMessage = getCompactionHint(sessionId, config3, contextDetails.isArchitect);
+    if (compactionMessage)
+      tryInject(compactionMessage);
+    const driftText = await getDecisionDriftHint(sessionId, config3, directory, contextDetails.isArchitect);
+    if (driftText)
+      tryInject(driftText);
+  }
+}
+async function applyScoringInjection(artifacts, config3, directory, sessionId, maxInjectionTokens, output) {
+  const { candidates, effectiveConfig } = await buildInjectionCandidates(artifacts, config3, sessionId, directory);
+  const ranked = rankCandidates(candidates, effectiveConfig);
+  let injectedTokens = 0;
+  for (const candidate of ranked) {
+    if (injectedTokens + candidate.tokens > maxInjectionTokens) {
+      continue;
+    }
+    output.system.push(candidate.text);
+    injectedTokens += candidate.tokens;
+  }
+}
 function createSystemEnhancerHook(config3, directory) {
   const enabled = config3.hooks?.system_enhancer !== false;
   if (!enabled) {
@@ -36214,408 +36610,12 @@ function createSystemEnhancerHook(config3, directory) {
   return {
     "experimental.chat.system.transform": safeHook(async (_input, output) => {
       try {
-        let tryInject = function(text) {
-          const tokens = estimateTokens(text);
-          if (injectedTokens + tokens > maxInjectionTokens) {
-            return;
-          }
-          output.system.push(text);
-          injectedTokens += tokens;
-        };
-        const maxInjectionTokens = config3.context_budget?.max_injection_tokens ?? Number.POSITIVE_INFINITY;
-        let injectedTokens = 0;
-        const contextContent = await readSwarmFileAsync(directory, "context.md");
-        const scoringEnabled = config3.context_budget?.scoring?.enabled === true;
-        if (!scoringEnabled) {
-          const plan2 = await loadPlan(directory);
-          if (plan2 && plan2.migration_status !== "migration_failed") {
-            const currentPhase2 = extractCurrentPhaseFromPlan(plan2);
-            if (currentPhase2) {
-              tryInject(`[SWARM CONTEXT] Current phase: ${currentPhase2}`);
-            }
-            const currentTask2 = extractCurrentTaskFromPlan(plan2);
-            if (currentTask2) {
-              tryInject(`[SWARM CONTEXT] Current task: ${currentTask2}`);
-            }
-          } else {
-            const planContent = await readSwarmFileAsync(directory, "plan.md");
-            if (planContent) {
-              const currentPhase2 = extractCurrentPhase(planContent);
-              if (currentPhase2) {
-                tryInject(`[SWARM CONTEXT] Current phase: ${currentPhase2}`);
-              }
-              const currentTask2 = extractCurrentTask(planContent);
-              if (currentTask2) {
-                tryInject(`[SWARM CONTEXT] Current task: ${currentTask2}`);
-              }
-            }
-          }
-          if (contextContent) {
-            const decisions = extractDecisions(contextContent, 200);
-            if (decisions) {
-              tryInject(`[SWARM CONTEXT] Key decisions: ${decisions}`);
-            }
-            if (config3.hooks?.agent_activity !== false && _input.sessionID) {
-              const activeAgent = swarmState.activeAgent.get(_input.sessionID);
-              if (activeAgent) {
-                const agentContext = extractAgentContext(contextContent, activeAgent, config3.hooks?.agent_awareness_max_chars ?? 300);
-                if (agentContext) {
-                  tryInject(`[SWARM AGENT CONTEXT] ${agentContext}`);
-                }
-              }
-            }
-          }
-          tryInject("[SWARM HINT] Large tool outputs may be auto-summarized. Use /swarm retrieve <id> to get the full content if needed.");
-          if (config3.review_passes?.always_security_review) {
-            tryInject("[SWARM CONFIG] Security review pass is MANDATORY for ALL tasks. Skip file-pattern check \u2014 always run security-only reviewer pass after general review APPROVED.");
-          }
-          if (config3.integration_analysis?.enabled === false) {
-            tryInject("[SWARM CONFIG] Integration analysis is DISABLED. Skip diff tool and integration impact analysis after coder tasks.");
-          }
-          if (config3.ui_review?.enabled) {
-            tryInject("[SWARM CONFIG] UI/UX Designer agent is ENABLED. For tasks matching UI trigger keywords or file paths, delegate to designer BEFORE coder (Rule 9).");
-          }
-          if (config3.docs?.enabled === false) {
-            tryInject("[SWARM CONFIG] Docs agent is DISABLED. Skip docs delegation in Phase 6.");
-          }
-          if (config3.lint?.enabled === false) {
-            tryInject("[SWARM CONFIG] Lint gate is DISABLED. Skip lint check/fix in QA sequence.");
-          }
-          if (config3.secretscan?.enabled === false) {
-            tryInject("[SWARM CONFIG] Secretscan gate is DISABLED. Skip secretscan in QA sequence.");
-          }
-          const sessionId_retro = _input.sessionID;
-          const activeAgent_retro = swarmState.activeAgent.get(sessionId_retro ?? "");
-          const isArchitect = !activeAgent_retro || stripKnownSwarmPrefix(activeAgent_retro) === "architect";
-          if (isArchitect) {
-            try {
-              const evidenceDir = path15.join(directory, ".swarm", "evidence");
-              if (fs10.existsSync(evidenceDir)) {
-                const files = fs10.readdirSync(evidenceDir).filter((f) => f.endsWith(".json")).sort().reverse();
-                for (const file3 of files.slice(0, 5)) {
-                  let content;
-                  try {
-                    content = JSON.parse(fs10.readFileSync(path15.join(evidenceDir, file3), "utf-8"));
-                  } catch {
-                    continue;
-                  }
-                  if (content !== null && typeof content === "object" && content.type === "retrospective") {
-                    const retro = content;
-                    const hints = [];
-                    if (retro.reviewer_rejections > 2) {
-                      hints.push(`Phase ${retro.phase_number} had ${retro.reviewer_rejections} reviewer rejections.`);
-                    }
-                    if (retro.top_rejection_reasons.length > 0) {
-                      hints.push(`Common rejection reasons: ${retro.top_rejection_reasons.join(", ")}.`);
-                    }
-                    if (retro.lessons_learned.length > 0) {
-                      hints.push(`Lessons: ${retro.lessons_learned.join("; ")}.`);
-                    }
-                    if (hints.length > 0) {
-                      const retroHint = `[SWARM RETROSPECTIVE] From Phase ${retro.phase_number}: ${hints.join(" ")}`;
-                      if (retroHint.length <= 800) {
-                        tryInject(retroHint);
-                      } else {
-                        tryInject(retroHint.substring(0, 800) + "...");
-                      }
-                    }
-                    break;
-                  }
-                }
-              }
-            } catch {}
-            const compactionConfig = config3.compaction_advisory;
-            if (compactionConfig?.enabled !== false && sessionId_retro) {
-              const session = swarmState.agentSessions.get(sessionId_retro);
-              if (session) {
-                const totalToolCalls = Array.from(swarmState.toolAggregates.values()).reduce((sum, agg) => sum + agg.count, 0);
-                const thresholds = compactionConfig?.thresholds ?? [
-                  50,
-                  75,
-                  100,
-                  125,
-                  150
-                ];
-                const lastHint = session.lastCompactionHint || 0;
-                for (const threshold of thresholds) {
-                  if (totalToolCalls >= threshold && lastHint < threshold) {
-                    const messageTemplate = compactionConfig?.message ?? "[SWARM HINT] Session has ${totalToolCalls} tool calls. Consider compacting at next phase boundary to maintain context quality.";
-                    const message = messageTemplate.replace("${totalToolCalls}", String(totalToolCalls));
-                    tryInject(message);
-                    session.lastCompactionHint = threshold;
-                    break;
-                  }
-                }
-              }
-            }
-          }
-          const automationCapabilities = config3.automation?.capabilities;
-          if (automationCapabilities?.decision_drift_detection === true && _input.sessionID) {
-            const activeAgentForDrift = swarmState.activeAgent.get(_input.sessionID);
-            const isArchitectForDrift = !activeAgentForDrift || stripKnownSwarmPrefix(activeAgentForDrift) === "architect";
-            if (isArchitectForDrift) {
-              try {
-                const driftResult = await analyzeDecisionDrift(directory);
-                if (driftResult.hasDrift) {
-                  const driftText = formatDriftForContext(driftResult);
-                  if (driftText) {
-                    tryInject(driftText);
-                  }
-                }
-              } catch {}
-            }
-          }
-          return;
-        }
-        const userScoringConfig = config3.context_budget?.scoring;
-        const candidates = [];
-        let idCounter = 0;
-        const effectiveConfig = userScoringConfig?.weights ? {
-          ...DEFAULT_SCORING_CONFIG,
-          ...userScoringConfig,
-          weights: userScoringConfig.weights
-        } : DEFAULT_SCORING_CONFIG;
-        const plan = await loadPlan(directory);
-        let currentPhase = null;
-        let currentTask = null;
-        if (plan && plan.migration_status !== "migration_failed") {
-          currentPhase = extractCurrentPhaseFromPlan(plan);
-          currentTask = extractCurrentTaskFromPlan(plan);
+        const artifacts = await loadSwarmArtifacts(directory, _input.sessionID, config3);
+        const { scoringEnabled, maxInjectionTokens } = artifacts;
+        if (scoringEnabled) {
+          await applyScoringInjection(artifacts, config3, directory, _input.sessionID, maxInjectionTokens, output);
         } else {
-          const planContent = await readSwarmFileAsync(directory, "plan.md");
-          if (planContent) {
-            currentPhase = extractCurrentPhase(planContent);
-            currentTask = extractCurrentTask(planContent);
-          }
-        }
-        if (currentPhase) {
-          const text = `[SWARM CONTEXT] Current phase: ${currentPhase}`;
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: estimateContentType(text) }
-          });
-        }
-        if (currentTask) {
-          const text = `[SWARM CONTEXT] Current task: ${currentTask}`;
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "task",
-            text,
-            tokens: estimateTokens(text),
-            priority: 2,
-            metadata: {
-              contentType: estimateContentType(text),
-              isCurrentTask: true
-            }
-          });
-        }
-        if (contextContent) {
-          const decisions = extractDecisions(contextContent, 200);
-          if (decisions) {
-            const text = `[SWARM CONTEXT] Key decisions: ${decisions}`;
-            candidates.push({
-              id: `candidate-${idCounter++}`,
-              kind: "decision",
-              text,
-              tokens: estimateTokens(text),
-              priority: 3,
-              metadata: { contentType: estimateContentType(text) }
-            });
-          }
-          if (config3.hooks?.agent_activity !== false && _input.sessionID) {
-            const activeAgent = swarmState.activeAgent.get(_input.sessionID);
-            if (activeAgent) {
-              const agentContext = extractAgentContext(contextContent, activeAgent, config3.hooks?.agent_awareness_max_chars ?? 300);
-              if (agentContext) {
-                const text = `[SWARM AGENT CONTEXT] ${agentContext}`;
-                candidates.push({
-                  id: `candidate-${idCounter++}`,
-                  kind: "agent_context",
-                  text,
-                  tokens: estimateTokens(text),
-                  priority: 4,
-                  metadata: { contentType: estimateContentType(text) }
-                });
-              }
-            }
-          }
-        }
-        if (config3.review_passes?.always_security_review) {
-          const text = "[SWARM CONFIG] Security review pass is MANDATORY for ALL tasks. Skip file-pattern check \u2014 always run security-only reviewer pass after general review APPROVED.";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        if (config3.integration_analysis?.enabled === false) {
-          const text = "[SWARM CONFIG] Integration analysis is DISABLED. Skip diff tool and integration impact analysis after coder tasks.";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        if (config3.ui_review?.enabled) {
-          const text = "[SWARM CONFIG] UI/UX Designer agent is ENABLED. For tasks matching UI trigger keywords or file paths, delegate to designer BEFORE coder (Rule 9).";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        if (config3.docs?.enabled === false) {
-          const text = "[SWARM CONFIG] Docs agent is DISABLED. Skip docs delegation in Phase 6.";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        if (config3.lint?.enabled === false) {
-          const text = "[SWARM CONFIG] Lint gate is DISABLED. Skip lint check/fix in QA sequence.";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        if (config3.secretscan?.enabled === false) {
-          const text = "[SWARM CONFIG] Secretscan gate is DISABLED. Skip secretscan in QA sequence.";
-          candidates.push({
-            id: `candidate-${idCounter++}`,
-            kind: "phase",
-            text,
-            tokens: estimateTokens(text),
-            priority: 1,
-            metadata: { contentType: "prose" }
-          });
-        }
-        const sessionId_retro_b = _input.sessionID;
-        const activeAgent_retro_b = swarmState.activeAgent.get(sessionId_retro_b ?? "");
-        const isArchitect_b = !activeAgent_retro_b || stripKnownSwarmPrefix(activeAgent_retro_b) === "architect";
-        if (isArchitect_b) {
-          try {
-            const evidenceDir_b = path15.join(directory, ".swarm", "evidence");
-            if (fs10.existsSync(evidenceDir_b)) {
-              const files_b = fs10.readdirSync(evidenceDir_b).filter((f) => f.endsWith(".json")).sort().reverse();
-              for (const file3 of files_b.slice(0, 5)) {
-                let content_b;
-                try {
-                  content_b = JSON.parse(fs10.readFileSync(path15.join(evidenceDir_b, file3), "utf-8"));
-                } catch {
-                  continue;
-                }
-                if (content_b !== null && typeof content_b === "object" && content_b.type === "retrospective") {
-                  const retro_b = content_b;
-                  const hints_b = [];
-                  if (retro_b.reviewer_rejections > 2) {
-                    hints_b.push(`Phase ${retro_b.phase_number} had ${retro_b.reviewer_rejections} reviewer rejections.`);
-                  }
-                  if (retro_b.top_rejection_reasons.length > 0) {
-                    hints_b.push(`Common rejection reasons: ${retro_b.top_rejection_reasons.join(", ")}.`);
-                  }
-                  if (retro_b.lessons_learned.length > 0) {
-                    hints_b.push(`Lessons: ${retro_b.lessons_learned.join("; ")}.`);
-                  }
-                  if (hints_b.length > 0) {
-                    const retroHint_b = `[SWARM RETROSPECTIVE] From Phase ${retro_b.phase_number}: ${hints_b.join(" ")}`;
-                    const retroText = retroHint_b.length <= 800 ? retroHint_b : retroHint_b.substring(0, 800) + "...";
-                    candidates.push({
-                      id: `candidate-${idCounter++}`,
-                      kind: "phase",
-                      text: retroText,
-                      tokens: estimateTokens(retroText),
-                      priority: 2,
-                      metadata: { contentType: "prose" }
-                    });
-                  }
-                  break;
-                }
-              }
-            }
-          } catch {}
-          const compactionConfig_b = config3.compaction_advisory;
-          if (compactionConfig_b?.enabled !== false && sessionId_retro_b) {
-            const session_b = swarmState.agentSessions.get(sessionId_retro_b);
-            if (session_b) {
-              const totalToolCalls_b = Array.from(swarmState.toolAggregates.values()).reduce((sum, agg) => sum + agg.count, 0);
-              const thresholds_b = compactionConfig_b?.thresholds ?? [
-                50,
-                75,
-                100,
-                125,
-                150
-              ];
-              const lastHint_b = session_b.lastCompactionHint || 0;
-              for (const threshold of thresholds_b) {
-                if (totalToolCalls_b >= threshold && lastHint_b < threshold) {
-                  const messageTemplate_b = compactionConfig_b?.message ?? "[SWARM HINT] Session has ${totalToolCalls} tool calls. Consider compacting at next phase boundary to maintain context quality.";
-                  const compactionText = messageTemplate_b.replace("${totalToolCalls}", String(totalToolCalls_b));
-                  candidates.push({
-                    id: `candidate-${idCounter++}`,
-                    kind: "phase",
-                    text: compactionText,
-                    tokens: estimateTokens(compactionText),
-                    priority: 1,
-                    metadata: { contentType: "prose" }
-                  });
-                  session_b.lastCompactionHint = threshold;
-                  break;
-                }
-              }
-            }
-          }
-        }
-        const automationCapabilities_b = config3.automation?.capabilities;
-        if (automationCapabilities_b?.decision_drift_detection === true && sessionId_retro_b) {
-          const activeAgentForDrift_b = swarmState.activeAgent.get(sessionId_retro_b ?? "");
-          const isArchitectForDrift_b = !activeAgentForDrift_b || stripKnownSwarmPrefix(activeAgentForDrift_b) === "architect";
-          if (isArchitectForDrift_b) {
-            try {
-              const driftResult_b = await analyzeDecisionDrift(directory);
-              if (driftResult_b.hasDrift) {
-                const driftText_b = formatDriftForContext(driftResult_b);
-                if (driftText_b) {
-                  candidates.push({
-                    id: `candidate-${idCounter++}`,
-                    kind: "phase",
-                    text: driftText_b,
-                    tokens: estimateTokens(driftText_b),
-                    priority: 2,
-                    metadata: { contentType: "prose" }
-                  });
-                }
-              }
-            } catch {}
-          }
-        }
-        const ranked = rankCandidates(candidates, effectiveConfig);
-        for (const candidate of ranked) {
-          if (injectedTokens + candidate.tokens > maxInjectionTokens) {
-            continue;
-          }
-          output.system.push(candidate.text);
-          injectedTokens += candidate.tokens;
+          await applyLegacyInjection(artifacts, config3, directory, _input.sessionID, maxInjectionTokens, output);
         }
       } catch (error93) {
         warn("System enhancer failed:", error93);
@@ -36814,8 +36814,8 @@ init_config_doctor();
 // src/tools/checkpoint.ts
 init_tool();
 import { spawnSync } from "child_process";
-import * as fs11 from "fs";
-import * as path16 from "path";
+import * as fs12 from "fs";
+import * as path19 from "path";
 var CHECKPOINT_LOG_PATH = ".swarm/checkpoints.json";
 var MAX_LABEL_LENGTH = 100;
 var GIT_TIMEOUT_MS = 30000;
@@ -36866,13 +36866,13 @@ function validateLabel(label) {
   return null;
 }
 function getCheckpointLogPath() {
-  return path16.join(process.cwd(), CHECKPOINT_LOG_PATH);
+  return path19.join(process.cwd(), CHECKPOINT_LOG_PATH);
 }
 function readCheckpointLog() {
   const logPath = getCheckpointLogPath();
   try {
-    if (fs11.existsSync(logPath)) {
-      const content = fs11.readFileSync(logPath, "utf-8");
+    if (fs12.existsSync(logPath)) {
+      const content = fs12.readFileSync(logPath, "utf-8");
       const parsed = JSON.parse(content);
       if (!parsed.checkpoints || !Array.isArray(parsed.checkpoints)) {
         return { version: 1, checkpoints: [] };
@@ -36884,13 +36884,13 @@ function readCheckpointLog() {
 }
 function writeCheckpointLog(log2) {
   const logPath = getCheckpointLogPath();
-  const dir = path16.dirname(logPath);
-  if (!fs11.existsSync(dir)) {
-    fs11.mkdirSync(dir, { recursive: true });
+  const dir = path19.dirname(logPath);
+  if (!fs12.existsSync(dir)) {
+    fs12.mkdirSync(dir, { recursive: true });
   }
   const tempPath = `${logPath}.tmp`;
-  fs11.writeFileSync(tempPath, JSON.stringify(log2, null, 2), "utf-8");
-  fs11.renameSync(tempPath, logPath);
+  fs12.writeFileSync(tempPath, JSON.stringify(log2, null, 2), "utf-8");
+  fs12.renameSync(tempPath, logPath);
 }
 function gitExec(args) {
   const result = spawnSync("git", args, {
@@ -37090,8 +37090,8 @@ var checkpoint = tool({
 });
 // src/tools/complexity-hotspots.ts
 init_dist();
-import * as fs12 from "fs";
-import * as path17 from "path";
+import * as fs13 from "fs";
+import * as path20 from "path";
 var MAX_FILE_SIZE_BYTES2 = 256 * 1024;
 var DEFAULT_DAYS = 90;
 var DEFAULT_TOP_N = 20;
@@ -37219,11 +37219,11 @@ function estimateComplexity(content) {
 }
 function getComplexityForFile(filePath) {
   try {
-    const stat = fs12.statSync(filePath);
+    const stat = fs13.statSync(filePath);
     if (stat.size > MAX_FILE_SIZE_BYTES2) {
       return null;
     }
-    const content = fs12.readFileSync(filePath, "utf-8");
+    const content = fs13.readFileSync(filePath, "utf-8");
     return estimateComplexity(content);
   } catch {
     return null;
@@ -37234,7 +37234,7 @@ async function analyzeHotspots(days, topN, extensions) {
   const extSet = new Set(extensions.map((e) => e.startsWith(".") ? e : `.${e}`));
   const filteredChurn = new Map;
   for (const [file3, count] of churnMap) {
-    const ext = path17.extname(file3).toLowerCase();
+    const ext = path20.extname(file3).toLowerCase();
     if (extSet.has(ext)) {
       filteredChurn.set(file3, count);
     }
@@ -37244,8 +37244,8 @@ async function analyzeHotspots(days, topN, extensions) {
   let analyzedFiles = 0;
   for (const [file3, churnCount] of filteredChurn) {
     let fullPath = file3;
-    if (!fs12.existsSync(fullPath)) {
-      fullPath = path17.join(cwd, file3);
+    if (!fs13.existsSync(fullPath)) {
+      fullPath = path20.join(cwd, file3);
     }
     const complexity = getComplexityForFile(fullPath);
     if (complexity !== null) {
@@ -37403,14 +37403,14 @@ function validateBase(base) {
 function validatePaths(paths) {
   if (!paths)
     return null;
-  for (const path18 of paths) {
-    if (!path18 || path18.length === 0) {
+  for (const path21 of paths) {
+    if (!path21 || path21.length === 0) {
       return "empty path not allowed";
     }
-    if (path18.length > MAX_PATH_LENGTH) {
+    if (path21.length > MAX_PATH_LENGTH) {
       return `path exceeds maximum length of ${MAX_PATH_LENGTH}`;
     }
-    if (SHELL_METACHARACTERS2.test(path18)) {
+    if (SHELL_METACHARACTERS2.test(path21)) {
       return "path contains shell metacharacters";
     }
   }
@@ -37473,8 +37473,8 @@ var diff = tool({
         if (parts.length >= 3) {
           const additions = parseInt(parts[0]) || 0;
           const deletions = parseInt(parts[1]) || 0;
-          const path18 = parts[2];
-          files.push({ path: path18, additions, deletions });
+          const path21 = parts[2];
+          files.push({ path: path21, additions, deletions });
         }
       }
       const contractChanges = [];
@@ -37702,8 +37702,8 @@ Use these as DOMAIN values when delegating to @sme.`;
 });
 // src/tools/evidence-check.ts
 init_dist();
-import * as fs13 from "fs";
-import * as path18 from "path";
+import * as fs14 from "fs";
+import * as path21 from "path";
 var MAX_FILE_SIZE_BYTES3 = 1024 * 1024;
 var MAX_EVIDENCE_FILES = 1000;
 var EVIDENCE_DIR = ".swarm/evidence";
@@ -37726,9 +37726,9 @@ function validateRequiredTypes(input) {
   return null;
 }
 function isPathWithinSwarm(filePath, cwd) {
-  const normalizedCwd = path18.resolve(cwd);
-  const swarmPath = path18.join(normalizedCwd, ".swarm");
-  const normalizedPath = path18.resolve(filePath);
+  const normalizedCwd = path21.resolve(cwd);
+  const swarmPath = path21.join(normalizedCwd, ".swarm");
+  const normalizedPath = path21.resolve(filePath);
   return normalizedPath.startsWith(swarmPath);
 }
 function parseCompletedTasks(planContent) {
@@ -37745,12 +37745,12 @@ function parseCompletedTasks(planContent) {
 }
 function readEvidenceFiles(evidenceDir, cwd) {
   const evidence = [];
-  if (!fs13.existsSync(evidenceDir) || !fs13.statSync(evidenceDir).isDirectory()) {
+  if (!fs14.existsSync(evidenceDir) || !fs14.statSync(evidenceDir).isDirectory()) {
     return evidence;
   }
   let files;
   try {
-    files = fs13.readdirSync(evidenceDir);
+    files = fs14.readdirSync(evidenceDir);
   } catch {
     return evidence;
   }
@@ -37759,14 +37759,14 @@ function readEvidenceFiles(evidenceDir, cwd) {
     if (!VALID_EVIDENCE_FILENAME_REGEX.test(filename)) {
       continue;
     }
-    const filePath = path18.join(evidenceDir, filename);
+    const filePath = path21.join(evidenceDir, filename);
     try {
-      const resolvedPath = path18.resolve(filePath);
-      const evidenceDirResolved = path18.resolve(evidenceDir);
+      const resolvedPath = path21.resolve(filePath);
+      const evidenceDirResolved = path21.resolve(evidenceDir);
       if (!resolvedPath.startsWith(evidenceDirResolved)) {
         continue;
       }
-      const stat = fs13.lstatSync(filePath);
+      const stat = fs14.lstatSync(filePath);
       if (!stat.isFile()) {
         continue;
       }
@@ -37775,7 +37775,7 @@ function readEvidenceFiles(evidenceDir, cwd) {
     }
     let fileStat;
     try {
-      fileStat = fs13.statSync(filePath);
+      fileStat = fs14.statSync(filePath);
       if (fileStat.size > MAX_FILE_SIZE_BYTES3) {
         continue;
       }
@@ -37784,7 +37784,7 @@ function readEvidenceFiles(evidenceDir, cwd) {
     }
     let content;
     try {
-      content = fs13.readFileSync(filePath, "utf-8");
+      content = fs14.readFileSync(filePath, "utf-8");
     } catch {
       continue;
     }
@@ -37869,7 +37869,7 @@ var evidence_check = tool({
       return JSON.stringify(errorResult, null, 2);
     }
     const requiredTypes = requiredTypesValue.split(",").map((t) => t.trim()).filter((t) => t.length > 0);
-    const planPath = path18.join(cwd, PLAN_FILE);
+    const planPath = path21.join(cwd, PLAN_FILE);
     if (!isPathWithinSwarm(planPath, cwd)) {
       const errorResult = {
         error: "plan file path validation failed",
@@ -37883,7 +37883,7 @@ var evidence_check = tool({
     }
     let planContent;
     try {
-      planContent = fs13.readFileSync(planPath, "utf-8");
+      planContent = fs14.readFileSync(planPath, "utf-8");
     } catch {
       const result2 = {
         message: "No completed tasks found in plan.",
@@ -37901,7 +37901,7 @@ var evidence_check = tool({
       };
       return JSON.stringify(result2, null, 2);
     }
-    const evidenceDir = path18.join(cwd, EVIDENCE_DIR);
+    const evidenceDir = path21.join(cwd, EVIDENCE_DIR);
     const evidence = readEvidenceFiles(evidenceDir, cwd);
     const { tasksWithFullEvidence, gaps } = analyzeGaps(completedTasks, evidence, requiredTypes);
     const completeness = completedTasks.length > 0 ? Math.round(tasksWithFullEvidence.length / completedTasks.length * 100) / 100 : 1;
@@ -37917,8 +37917,8 @@ var evidence_check = tool({
 });
 // src/tools/file-extractor.ts
 init_tool();
-import * as fs14 from "fs";
-import * as path19 from "path";
+import * as fs15 from "fs";
+import * as path22 from "path";
 var EXT_MAP = {
   python: ".py",
   py: ".py",
@@ -37980,8 +37980,8 @@ var extract_code_blocks = tool({
   execute: async (args) => {
     const { content, output_dir, prefix } = args;
     const targetDir = output_dir || process.cwd();
-    if (!fs14.existsSync(targetDir)) {
-      fs14.mkdirSync(targetDir, { recursive: true });
+    if (!fs15.existsSync(targetDir)) {
+      fs15.mkdirSync(targetDir, { recursive: true });
     }
     const pattern = /```(\w*)\n([\s\S]*?)```/g;
     const matches = [...content.matchAll(pattern)];
@@ -37996,16 +37996,16 @@ var extract_code_blocks = tool({
       if (prefix) {
         filename = `${prefix}_${filename}`;
       }
-      let filepath = path19.join(targetDir, filename);
-      const base = path19.basename(filepath, path19.extname(filepath));
-      const ext = path19.extname(filepath);
+      let filepath = path22.join(targetDir, filename);
+      const base = path22.basename(filepath, path22.extname(filepath));
+      const ext = path22.extname(filepath);
       let counter = 1;
-      while (fs14.existsSync(filepath)) {
-        filepath = path19.join(targetDir, `${base}_${counter}${ext}`);
+      while (fs15.existsSync(filepath)) {
+        filepath = path22.join(targetDir, `${base}_${counter}${ext}`);
         counter++;
       }
       try {
-        fs14.writeFileSync(filepath, code.trim(), "utf-8");
+        fs15.writeFileSync(filepath, code.trim(), "utf-8");
         savedFiles.push(filepath);
       } catch (error93) {
         errors5.push(`Failed to save ${filename}: ${error93 instanceof Error ? error93.message : String(error93)}`);
@@ -38034,13 +38034,15 @@ init_dist();
 var GITINGEST_TIMEOUT_MS = 1e4;
 var GITINGEST_MAX_RESPONSE_BYTES = 5242880;
 var GITINGEST_MAX_RETRIES = 2;
+var GITINGEST_DEFAULT_ENDPOINT = "https://gitingest.com/api/ingest";
+var DEFAULT_GITINGEST_CONFIG = GitingestConfigSchema.parse({});
 var delay = (ms) => new Promise((resolve9) => setTimeout(resolve9, ms));
-async function fetchGitingest(args) {
+async function fetchGitingest(args, endpoint = GITINGEST_DEFAULT_ENDPOINT) {
   for (let attempt = 0;attempt <= GITINGEST_MAX_RETRIES; attempt++) {
     try {
       const controller = new AbortController;
       const timeoutId = setTimeout(() => controller.abort(), GITINGEST_TIMEOUT_MS);
-      const response = await fetch("https://gitingest.com/api/ingest", {
+      const response = await fetch(endpoint, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -38100,21 +38102,28 @@ ${data.content}`;
   throw new Error("gitingest request failed after retries");
 }
 var gitingest = tool({
-  description: "Fetch a GitHub repository's full content via gitingest.com. Returns summary, directory tree, and file contents optimized for LLM analysis. Use when you need to understand an external repository's structure or code.",
+  description: "Fetch a GitHub repository's full content via gitingest.com. Returns summary, directory tree, and file contents optimized for LLM analysis. This third-party call sends repository content to gitingest.com, so enable it explicitly and ensure you have permission before sharing code externally.",
   args: {
     url: tool.schema.string().describe("GitHub repository URL (e.g., https://github.com/owner/repo)"),
     maxFileSize: tool.schema.number().optional().describe("Maximum file size in bytes to include (default: 50000)"),
     pattern: tool.schema.string().optional().describe("Glob pattern to filter files (e.g., '*.ts' or 'src/**/*.py')"),
     patternType: tool.schema.enum(["include", "exclude"]).optional().describe("Whether pattern includes or excludes matching files (default: exclude)")
   },
-  async execute(args, _context) {
-    return fetchGitingest(args);
+  async execute(args, context) {
+    const directory = context.directory ?? process.cwd();
+    const pluginConfig = loadPluginConfig(directory);
+    const gitingestConfig = pluginConfig.gitingest ?? DEFAULT_GITINGEST_CONFIG;
+    if (gitingestConfig.enabled === false) {
+      throw new Error("gitingest is disabled in your config. Set gitingest.enabled=true to re-enable it.");
+    }
+    const endpoint = gitingestConfig.endpoint ?? GITINGEST_DEFAULT_ENDPOINT;
+    return fetchGitingest(args, endpoint);
   }
 });
 // src/tools/imports.ts
 init_dist();
-import * as fs15 from "fs";
-import * as path20 from "path";
+import * as fs16 from "fs";
+import * as path23 from "path";
 var MAX_FILE_PATH_LENGTH2 = 500;
 var MAX_SYMBOL_LENGTH = 256;
 var MAX_FILE_SIZE_BYTES4 = 1024 * 1024;
@@ -38168,7 +38177,7 @@ function validateSymbolInput(symbol3) {
   return null;
 }
 function isBinaryFile2(filePath, buffer) {
-  const ext = path20.extname(filePath).toLowerCase();
+  const ext = path23.extname(filePath).toLowerCase();
   if (ext === ".json" || ext === ".md" || ext === ".txt") {
     return false;
   }
@@ -38192,15 +38201,15 @@ function parseImports(content, targetFile, targetSymbol) {
   const imports = [];
   let resolvedTarget;
   try {
-    resolvedTarget = path20.resolve(targetFile);
+    resolvedTarget = path23.resolve(targetFile);
   } catch {
     resolvedTarget = targetFile;
   }
-  const targetBasename = path20.basename(targetFile, path20.extname(targetFile));
+  const targetBasename = path23.basename(targetFile, path23.extname(targetFile));
   const targetWithExt = targetFile;
   const targetWithoutExt = targetFile.replace(/\.(ts|tsx|js|jsx|mjs|cjs)$/i, "");
-  const normalizedTargetWithExt = path20.normalize(targetWithExt).replace(/\\/g, "/");
-  const normalizedTargetWithoutExt = path20.normalize(targetWithoutExt).replace(/\\/g, "/");
+  const normalizedTargetWithExt = path23.normalize(targetWithExt).replace(/\\/g, "/");
+  const normalizedTargetWithoutExt = path23.normalize(targetWithoutExt).replace(/\\/g, "/");
   const importRegex = /import\s+(?:\{[\s\S]*?\}|(?:\*\s+as\s+\w+)|\w+)\s+from\s+['"`]([^'"`]+)['"`]|import\s+['"`]([^'"`]+)['"`]|require\s*\(\s*['"`]([^'"`]+)['"`]\s*\)/g;
   let match;
   while ((match = importRegex.exec(content)) !== null) {
@@ -38224,9 +38233,9 @@ function parseImports(content, targetFile, targetSymbol) {
     }
     const normalizedModule = modulePath.replace(/^\.\//, "").replace(/^\.\.\\/, "../");
     let isMatch = false;
-    const targetDir = path20.dirname(targetFile);
-    const targetExt = path20.extname(targetFile);
-    const targetBasenameNoExt = path20.basename(targetFile, targetExt);
+    const targetDir = path23.dirname(targetFile);
+    const targetExt = path23.extname(targetFile);
+    const targetBasenameNoExt = path23.basename(targetFile, targetExt);
     const moduleNormalized = modulePath.replace(/\\/g, "/").replace(/^\.\//, "");
     const moduleName = modulePath.split(/[/\\]/).pop() || "";
     const moduleNameNoExt = moduleName.replace(/\.(ts|tsx|js|jsx|mjs|cjs)$/i, "");
@@ -38283,7 +38292,7 @@ var SKIP_DIRECTORIES2 = new Set([
 function findSourceFiles2(dir, files = [], stats = { skippedDirs: [], skippedFiles: 0, fileErrors: [] }) {
   let entries;
   try {
-    entries = fs15.readdirSync(dir);
+    entries = fs16.readdirSync(dir);
   } catch (e) {
     stats.fileErrors.push({
       path: dir,
@@ -38294,13 +38303,13 @@ function findSourceFiles2(dir, files = [], stats = { skippedDirs: [], skippedFil
   entries.sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
   for (const entry of entries) {
     if (SKIP_DIRECTORIES2.has(entry)) {
-      stats.skippedDirs.push(path20.join(dir, entry));
+      stats.skippedDirs.push(path23.join(dir, entry));
       continue;
     }
-    const fullPath = path20.join(dir, entry);
+    const fullPath = path23.join(dir, entry);
     let stat;
     try {
-      stat = fs15.statSync(fullPath);
+      stat = fs16.statSync(fullPath);
     } catch (e) {
       stats.fileErrors.push({
         path: fullPath,
@@ -38311,7 +38320,7 @@ function findSourceFiles2(dir, files = [], stats = { skippedDirs: [], skippedFil
     if (stat.isDirectory()) {
       findSourceFiles2(fullPath, files, stats);
     } else if (stat.isFile()) {
-      const ext = path20.extname(fullPath).toLowerCase();
+      const ext = path23.extname(fullPath).toLowerCase();
       if (SUPPORTED_EXTENSIONS.includes(ext)) {
         files.push(fullPath);
       }
@@ -38367,8 +38376,8 @@ var imports = tool({
       return JSON.stringify(errorResult, null, 2);
     }
     try {
-      const targetFile = path20.resolve(file3);
-      if (!fs15.existsSync(targetFile)) {
+      const targetFile = path23.resolve(file3);
+      if (!fs16.existsSync(targetFile)) {
         const errorResult = {
           error: `target file not found: ${file3}`,
           target: file3,
@@ -38378,7 +38387,7 @@ var imports = tool({
         };
         return JSON.stringify(errorResult, null, 2);
       }
-      const targetStat = fs15.statSync(targetFile);
+      const targetStat = fs16.statSync(targetFile);
       if (!targetStat.isFile()) {
         const errorResult = {
           error: "target must be a file, not a directory",
@@ -38389,7 +38398,7 @@ var imports = tool({
         };
         return JSON.stringify(errorResult, null, 2);
       }
-      const baseDir = path20.dirname(targetFile);
+      const baseDir = path23.dirname(targetFile);
       const scanStats = {
         skippedDirs: [],
         skippedFiles: 0,
@@ -38404,12 +38413,12 @@ var imports = tool({
         if (consumers.length >= MAX_CONSUMERS)
           break;
         try {
-          const stat = fs15.statSync(filePath);
+          const stat = fs16.statSync(filePath);
           if (stat.size > MAX_FILE_SIZE_BYTES4) {
             skippedFileCount++;
             continue;
           }
-          const buffer = fs15.readFileSync(filePath);
+          const buffer = fs16.readFileSync(filePath);
           if (isBinaryFile2(filePath, buffer)) {
             skippedFileCount++;
             continue;
@@ -38478,10 +38487,107 @@ init_lint();
 
 // src/tools/pkg-audit.ts
 init_dist();
-import * as fs16 from "fs";
-import * as path21 from "path";
-var MAX_OUTPUT_BYTES4 = 52428800;
+import * as fs17 from "fs";
+import * as path24 from "path";
+var MAX_OUTPUT_BYTES4 = 5242880;
 var AUDIT_TIMEOUT_MS = 120000;
+async function runAuditCommand(command) {
+  const proc = Bun.spawn(command, {
+    stdout: "pipe",
+    stderr: "pipe",
+    cwd: process.cwd()
+  });
+  const timeoutPromise = new Promise((resolve10) => setTimeout(() => resolve10("timeout"), AUDIT_TIMEOUT_MS));
+  const capturePromise = Promise.all([
+    new Response(proc.stdout).text(),
+    new Response(proc.stderr).text()
+  ]).then(([stdout2, stderr2]) => ({ stdout: stdout2, stderr: stderr2 }));
+  const result = await Promise.race([capturePromise, timeoutPromise]);
+  if (result === "timeout") {
+    proc.kill();
+    return { stdout: "", stderr: "", exitCode: -1, timedOut: true };
+  }
+  let { stdout, stderr } = result;
+  if (stdout.length > MAX_OUTPUT_BYTES4) {
+    stdout = stdout.slice(0, MAX_OUTPUT_BYTES4);
+  }
+  const exitCode = await proc.exited;
+  return { stdout, stderr, exitCode, timedOut: false };
+}
+function buildTimeoutResult(ecosystem, command, message) {
+  return {
+    ecosystem,
+    command,
+    findings: [],
+    criticalCount: 0,
+    highCount: 0,
+    totalCount: 0,
+    clean: true,
+    note: `${message} after ${AUDIT_TIMEOUT_MS / 1000}s`
+  };
+}
+function handleAuditError(ecosystem, command, error93, notInstalledMatchers, notInstalledNote, errorPrefix) {
+  const errorMessage = error93 instanceof Error ? error93.message : "Unknown error";
+  if (notInstalledMatchers.some((re) => re.test(errorMessage))) {
+    return {
+      ecosystem,
+      command,
+      findings: [],
+      criticalCount: 0,
+      highCount: 0,
+      totalCount: 0,
+      clean: true,
+      note: notInstalledNote
+    };
+  }
+  return {
+    ecosystem,
+    command,
+    findings: [],
+    criticalCount: 0,
+    highCount: 0,
+    totalCount: 0,
+    clean: true,
+    note: `${errorPrefix}: ${errorMessage}`
+  };
+}
+function buildCleanResult(ecosystem, command) {
+  return {
+    ecosystem,
+    command,
+    findings: [],
+    criticalCount: 0,
+    highCount: 0,
+    totalCount: 0,
+    clean: true
+  };
+}
+function handleParseFailure(ecosystem, command, result, notePrefix, notInstalledNote, notInstalledMatchers) {
+  const combined = `${result.stdout} ${result.stderr}`;
+  if (notInstalledMatchers.some((re) => re.test(combined))) {
+    return {
+      ecosystem,
+      command,
+      findings: [],
+      criticalCount: 0,
+      highCount: 0,
+      totalCount: 0,
+      clean: true,
+      note: notInstalledNote
+    };
+  }
+  const snippet = result.stdout.trim() || result.stderr.trim();
+  return {
+    ecosystem,
+    command,
+    findings: [],
+    criticalCount: 0,
+    highCount: 0,
+    totalCount: 0,
+    clean: true,
+    note: `${notePrefix}: ${snippet.slice(0, 200) || "unparseable output"}`
+  };
+}
 function isValidEcosystem(value) {
   return typeof value === "string" && ["auto", "npm", "pip", "cargo"].includes(value);
 }
@@ -38497,13 +38603,13 @@ function validateArgs3(args) {
 function detectEcosystems() {
   const ecosystems = [];
   const cwd = process.cwd();
-  if (fs16.existsSync(path21.join(cwd, "package.json"))) {
+  if (fs17.existsSync(path24.join(cwd, "package.json"))) {
     ecosystems.push("npm");
   }
-  if (fs16.existsSync(path21.join(cwd, "pyproject.toml")) || fs16.existsSync(path21.join(cwd, "requirements.txt"))) {
+  if (fs17.existsSync(path24.join(cwd, "pyproject.toml")) || fs17.existsSync(path24.join(cwd, "requirements.txt"))) {
     ecosystems.push("pip");
   }
-  if (fs16.existsSync(path21.join(cwd, "Cargo.toml"))) {
+  if (fs17.existsSync(path24.join(cwd, "Cargo.toml"))) {
     ecosystems.push("cargo");
   }
   return ecosystems;
@@ -38511,100 +38617,17 @@ function detectEcosystems() {
 async function runNpmAudit() {
   const command = ["npm", "audit", "--json"];
   try {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe",
-      cwd: process.cwd()
-    });
-    const timeoutPromise = new Promise((resolve10) => setTimeout(() => resolve10("timeout"), AUDIT_TIMEOUT_MS));
-    const result = await Promise.race([
-      Promise.all([
-        new Response(proc.stdout).text(),
-        new Response(proc.stderr).text()
-      ]).then(([stdout2, stderr2]) => ({ stdout: stdout2, stderr: stderr2 })),
-      timeoutPromise
-    ]);
-    if (result === "timeout") {
-      proc.kill();
-      return {
-        ecosystem: "npm",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: `npm audit timed out after ${AUDIT_TIMEOUT_MS / 1000}s`
-      };
-    }
-    let { stdout, stderr } = result;
-    if (stdout.length > MAX_OUTPUT_BYTES4) {
-      stdout = stdout.slice(0, MAX_OUTPUT_BYTES4);
-    }
-    const exitCode = await proc.exited;
-    if (exitCode === 0) {
-      return {
-        ecosystem: "npm",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true
-      };
+    const result = await runAuditCommand(command);
+    if (result.timedOut) {
+      return buildTimeoutResult("npm", command, "npm audit timed out");
     }
-    let jsonOutput = stdout;
-    const jsonMatch = stdout.match(/\{[\s\S]*\}/) || stderr.match(/\{[\s\S]*\}/);
-    if (jsonMatch) {
-      jsonOutput = jsonMatch[0];
-    }
-    const response = JSON.parse(jsonOutput);
-    const findings = [];
-    if (response.vulnerabilities) {
-      for (const [pkgName, vuln] of Object.entries(response.vulnerabilities)) {
-        let patchedVersion = null;
-        if (vuln.fixAvailable && typeof vuln.fixAvailable === "object") {
-          patchedVersion = vuln.fixAvailable.version;
-        } else if (vuln.fixAvailable === true) {
-          patchedVersion = "latest";
-        }
-        const severity = mapNpmSeverity(vuln.severity);
-        findings.push({
-          package: pkgName,
-          installedVersion: vuln.range,
-          patchedVersion,
-          severity,
-          title: vuln.title || `Vulnerability in ${pkgName}`,
-          cve: vuln.cves && vuln.cves.length > 0 ? vuln.cves[0] : null,
-          url: vuln.url || null
-        });
-      }
-    }
-    const criticalCount = findings.filter((f) => f.severity === "critical").length;
-    const highCount = findings.filter((f) => f.severity === "high").length;
-    return {
-      ecosystem: "npm",
-      command,
-      findings,
-      criticalCount,
-      highCount,
-      totalCount: findings.length,
-      clean: findings.length === 0
-    };
+    return parseNpmAuditResult(command, result);
   } catch (error93) {
-    const errorMessage = error93 instanceof Error ? error93.message : "Unknown error";
-    if (errorMessage.includes("audit") || errorMessage.includes("command not found") || errorMessage.includes("'npm' is not recognized")) {
-      return {
-        ecosystem: "npm",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: "npm audit not available - npm may not be installed"
-      };
-    }
+    return handleAuditError("npm", command, error93, [/audit/, /command not found/, /'npm' is not recognized/], "npm audit not available - npm may not be installed", "Error running npm audit");
+  }
+}
+function parseNpmAuditResult(command, result) {
+  if (result.exitCode === 0) {
     return {
       ecosystem: "npm",
       command,
@@ -38612,10 +38635,45 @@ async function runNpmAudit() {
       criticalCount: 0,
       highCount: 0,
       totalCount: 0,
-      clean: true,
-      note: `Error running npm audit: ${errorMessage}`
+      clean: true
     };
   }
+  let jsonOutput = result.stdout;
+  const match = jsonOutput.match(/\{[\s\S]*\}/) || result.stderr.match(/\{[\s\S]*\}/);
+  if (match) {
+    jsonOutput = match[0];
+  }
+  let response;
+  try {
+    response = JSON.parse(jsonOutput);
+  } catch {
+    return handleParseFailure("npm", command, result, "npm audit output could not be parsed", "npm audit not available - npm may not be installed", [/audit/, /command not found/, /'npm' is not recognized/]);
+  }
+  const findings = buildNpmFindings(response.vulnerabilities);
+  const criticalCount = findings.filter((f) => f.severity === "critical").length;
+  const highCount = findings.filter((f) => f.severity === "high").length;
+  return {
+    ecosystem: "npm",
+    command,
+    findings,
+    criticalCount,
+    highCount,
+    totalCount: findings.length,
+    clean: findings.length === 0
+  };
+}
+function buildNpmFindings(response) {
+  if (!response)
+    return [];
+  return Object.entries(response).map(([pkgName, vuln]) => ({
+    package: pkgName,
+    installedVersion: vuln.range,
+    patchedVersion: vuln.fixAvailable && typeof vuln.fixAvailable === "object" ? vuln.fixAvailable.version : vuln.fixAvailable === true ? "latest" : null,
+    severity: mapNpmSeverity(vuln.severity),
+    title: vuln.title || `Vulnerability in ${pkgName}`,
+    cve: vuln.cves && vuln.cves.length > 0 ? vuln.cves[0] : null,
+    url: vuln.url || null
+  }));
 }
 function mapNpmSeverity(severity) {
   switch (severity.toLowerCase()) {
@@ -38634,238 +38692,116 @@ function mapNpmSeverity(severity) {
 async function runPipAudit() {
   const command = ["pip-audit", "--format=json"];
   try {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe",
-      cwd: process.cwd()
-    });
-    const timeoutPromise = new Promise((resolve10) => setTimeout(() => resolve10("timeout"), AUDIT_TIMEOUT_MS));
-    const result = await Promise.race([
-      Promise.all([
-        new Response(proc.stdout).text(),
-        new Response(proc.stderr).text()
-      ]).then(([stdout2, stderr2]) => ({ stdout: stdout2, stderr: stderr2 })),
-      timeoutPromise
-    ]);
-    if (result === "timeout") {
-      proc.kill();
-      return {
-        ecosystem: "pip",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: `pip-audit timed out after ${AUDIT_TIMEOUT_MS / 1000}s`
-      };
-    }
-    let { stdout, stderr } = result;
-    if (stdout.length > MAX_OUTPUT_BYTES4) {
-      stdout = stdout.slice(0, MAX_OUTPUT_BYTES4);
-    }
-    const exitCode = await proc.exited;
-    if (exitCode === 0 && !stdout.trim()) {
-      return {
-        ecosystem: "pip",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true
-      };
-    }
-    let packages = [];
-    try {
-      const parsed = JSON.parse(stdout);
-      if (Array.isArray(parsed)) {
-        packages = parsed;
-      } else if (parsed.dependencies) {
-        packages = parsed.dependencies;
-      }
-    } catch {
-      if (stderr.includes("not installed") || stdout.includes("not installed") || stderr.includes("command not found")) {
-        return {
-          ecosystem: "pip",
-          command,
-          findings: [],
-          criticalCount: 0,
-          highCount: 0,
-          totalCount: 0,
-          clean: true,
-          note: "pip-audit not installed. Install with: pip install pip-audit"
-        };
-      }
-      return {
-        ecosystem: "pip",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: `pip-audit output could not be parsed: ${stdout.slice(0, 200)}`
-      };
-    }
-    const findings = [];
-    for (const pkg of packages) {
-      if (pkg.vulns && pkg.vulns.length > 0) {
-        for (const vuln of pkg.vulns) {
-          const severity = vuln.aliases && vuln.aliases.length > 0 ? "high" : "moderate";
-          findings.push({
-            package: pkg.name,
-            installedVersion: pkg.version,
-            patchedVersion: vuln.fix_versions && vuln.fix_versions.length > 0 ? vuln.fix_versions[0] : null,
-            severity,
-            title: vuln.id,
-            cve: vuln.aliases && vuln.aliases.length > 0 ? vuln.aliases[0] : null,
-            url: vuln.id.startsWith("CVE-") ? `https://nvd.nist.gov/vuln/detail/${vuln.id}` : null
-          });
-        }
-      }
+    const result = await runAuditCommand(command);
+    if (result.timedOut) {
+      return buildTimeoutResult("pip", command, "pip-audit timed out");
     }
-    const criticalCount = findings.filter((f) => f.severity === "critical").length;
-    const highCount = findings.filter((f) => f.severity === "high").length;
-    return {
-      ecosystem: "pip",
-      command,
-      findings,
-      criticalCount,
-      highCount,
-      totalCount: findings.length,
-      clean: findings.length === 0
-    };
+    return parsePipAuditResult(command, result);
   } catch (error93) {
-    const errorMessage = error93 instanceof Error ? error93.message : "Unknown error";
-    if (errorMessage.includes("not found") || errorMessage.includes("not recognized") || errorMessage.includes("pip-audit")) {
-      return {
-        ecosystem: "pip",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: "pip-audit not installed. Install with: pip install pip-audit"
-      };
+    return handleAuditError("pip", command, error93, [/not installed/, /command not found/, /pip-audit/], "pip-audit not installed. Install with: pip install pip-audit", "Error running pip-audit");
+  }
+}
+function parsePipAuditResult(command, result) {
+  if (result.exitCode === 0 && !result.stdout.trim()) {
+    return buildCleanResult("pip", command);
+  }
+  let packages = [];
+  try {
+    const parsed = JSON.parse(result.stdout);
+    if (Array.isArray(parsed)) {
+      packages = parsed;
+    } else if (parsed.dependencies) {
+      packages = parsed.dependencies;
+    }
+  } catch {
+    return handleParseFailure("pip", command, result, "pip-audit output could not be parsed", "pip-audit not installed. Install with: pip install pip-audit", [/not installed/, /command not found/, /pip-audit/]);
+  }
+  const findings = buildPipFindings(packages);
+  const criticalCount = findings.filter((f) => f.severity === "critical").length;
+  const highCount = findings.filter((f) => f.severity === "high").length;
+  return {
+    ecosystem: "pip",
+    command,
+    findings,
+    criticalCount,
+    highCount,
+    totalCount: findings.length,
+    clean: findings.length === 0
+  };
+}
+function buildPipFindings(packages) {
+  const findings = [];
+  for (const pkg of packages) {
+    if (!pkg.vulns)
+      continue;
+    for (const vuln of pkg.vulns) {
+      const severity = vuln.aliases && vuln.aliases.length > 0 ? "high" : "moderate";
+      findings.push({
+        package: pkg.name,
+        installedVersion: pkg.version,
+        patchedVersion: vuln.fix_versions && vuln.fix_versions.length > 0 ? vuln.fix_versions[0] : null,
+        severity,
+        title: vuln.id,
+        cve: vuln.aliases && vuln.aliases.length > 0 ? vuln.aliases[0] : null,
+        url: vuln.id.startsWith("CVE-") ? `https://nvd.nist.gov/vuln/detail/${vuln.id}` : null
+      });
     }
-    return {
-      ecosystem: "pip",
-      command,
-      findings: [],
-      criticalCount: 0,
-      highCount: 0,
-      totalCount: 0,
-      clean: true,
-      note: `Error running pip-audit: ${errorMessage}`
-    };
   }
+  return findings;
 }
 async function runCargoAudit() {
   const command = ["cargo", "audit", "--json"];
   try {
-    const proc = Bun.spawn(command, {
-      stdout: "pipe",
-      stderr: "pipe",
-      cwd: process.cwd()
-    });
-    const timeoutPromise = new Promise((resolve10) => setTimeout(() => resolve10("timeout"), AUDIT_TIMEOUT_MS));
-    const result = await Promise.race([
-      Promise.all([
-        new Response(proc.stdout).text(),
-        new Response(proc.stderr).text()
-      ]).then(([stdout2, stderr2]) => ({ stdout: stdout2, stderr: stderr2 })),
-      timeoutPromise
-    ]);
-    if (result === "timeout") {
-      proc.kill();
-      return {
-        ecosystem: "cargo",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: `cargo audit timed out after ${AUDIT_TIMEOUT_MS / 1000}s`
-      };
-    }
-    let { stdout, stderr } = result;
-    if (stdout.length > MAX_OUTPUT_BYTES4) {
-      stdout = stdout.slice(0, MAX_OUTPUT_BYTES4);
-    }
-    const exitCode = await proc.exited;
-    if (exitCode === 0) {
-      return {
-        ecosystem: "cargo",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true
-      };
-    }
-    const findings = [];
-    const lines = stdout.split(`
-`).filter((line) => line.trim());
-    for (const line of lines) {
-      try {
-        const obj = JSON.parse(line);
-        if (obj.vulnerabilities && obj.vulnerabilities.list) {
-          for (const item of obj.vulnerabilities.list) {
-            const cvss = item.advisory.cvss || 0;
-            const severity = mapCargoSeverity(cvss);
-            findings.push({
-              package: item.advisory.package,
-              installedVersion: item.package.version,
-              patchedVersion: item.versions.patched && item.versions.patched.length > 0 ? item.versions.patched[0] : null,
-              severity,
-              title: item.advisory.title,
-              cve: item.advisory.aliases && item.advisory.aliases.length > 0 ? item.advisory.aliases[0] : item.advisory.id ? item.advisory.id : null,
-              url: item.advisory.url || null
-            });
-          }
-        }
-      } catch {}
+    const result = await runAuditCommand(command);
+    if (result.timedOut) {
+      return buildTimeoutResult("cargo", command, "cargo audit timed out");
     }
-    const criticalCount = findings.filter((f) => f.severity === "critical").length;
-    const highCount = findings.filter((f) => f.severity === "high").length;
-    return {
-      ecosystem: "cargo",
-      command,
-      findings,
-      criticalCount,
-      highCount,
-      totalCount: findings.length,
-      clean: findings.length === 0
-    };
+    return parseCargoAuditResult(command, result);
   } catch (error93) {
-    const errorMessage = error93 instanceof Error ? error93.message : "Unknown error";
-    if (errorMessage.includes("not found") || errorMessage.includes("not recognized") || errorMessage.includes("cargo-audit")) {
-      return {
-        ecosystem: "cargo",
-        command,
-        findings: [],
-        criticalCount: 0,
-        highCount: 0,
-        totalCount: 0,
-        clean: true,
-        note: "cargo-audit not installed. Install with: cargo install cargo-audit"
-      };
-    }
-    return {
-      ecosystem: "cargo",
-      command,
-      findings: [],
-      criticalCount: 0,
-      highCount: 0,
-      totalCount: 0,
-      clean: true,
-      note: `Error running cargo audit: ${errorMessage}`
-    };
+    return handleAuditError("cargo", command, error93, [/not found/, /not recognized/, /cargo-audit/], "cargo-audit not installed. Install with: cargo install cargo-audit", "Error running cargo audit");
+  }
+}
+function parseCargoAuditResult(command, result) {
+  if (result.exitCode === 0) {
+    return buildCleanResult("cargo", command);
+  }
+  const lines = result.stdout.split("\\n").filter((line) => line.trim());
+  const findings = buildCargoFindings(lines);
+  const criticalCount = findings.filter((f) => f.severity === "critical").length;
+  const highCount = findings.filter((f) => f.severity === "high").length;
+  return {
+    ecosystem: "cargo",
+    command,
+    findings,
+    criticalCount,
+    highCount,
+    totalCount: findings.length,
+    clean: findings.length === 0
+  };
+}
+function buildCargoFindings(lines) {
+  const findings = [];
+  for (const line of lines) {
+    try {
+      const obj = JSON.parse(line);
+      if (obj.vulnerabilities && obj.vulnerabilities.list) {
+        for (const item of obj.vulnerabilities.list) {
+          const cvss = item.advisory.cvss || 0;
+          const severity = mapCargoSeverity(cvss);
+          findings.push({
+            package: item.advisory.package,
+            installedVersion: item.package.version,
+            patchedVersion: item.versions.patched && item.versions.patched.length > 0 ? item.versions.patched[0] : null,
+            severity,
+            title: item.advisory.title,
+            cve: item.advisory.aliases && item.advisory.aliases.length > 0 ? item.advisory.aliases[0] : item.advisory.id ? item.advisory.id : null,
+            url: item.advisory.url || null
+          });
+        }
+      }
+    } catch {}
   }
+  return findings;
 }
 function mapCargoSeverity(cvss) {
   if (cvss >= 9)
@@ -38984,8 +38920,8 @@ var retrieve_summary = tool({
 });
 // src/tools/schema-drift.ts
 init_dist();
-import * as fs17 from "fs";
-import * as path22 from "path";
+import * as fs18 from "fs";
+import * as path25 from "path";
 var SPEC_CANDIDATES = [
   "openapi.json",
   "openapi.yaml",
@@ -39017,28 +38953,28 @@ function normalizePath(p) {
 }
 function discoverSpecFile(cwd, specFileArg) {
   if (specFileArg) {
-    const resolvedPath = path22.resolve(cwd, specFileArg);
-    const normalizedCwd = cwd.endsWith(path22.sep) ? cwd : cwd + path22.sep;
+    const resolvedPath = path25.resolve(cwd, specFileArg);
+    const normalizedCwd = cwd.endsWith(path25.sep) ? cwd : cwd + path25.sep;
     if (!resolvedPath.startsWith(normalizedCwd) && resolvedPath !== cwd) {
       throw new Error("Invalid spec_file: path traversal detected");
     }
-    const ext = path22.extname(resolvedPath).toLowerCase();
+    const ext = path25.extname(resolvedPath).toLowerCase();
     if (!ALLOWED_EXTENSIONS.includes(ext)) {
       throw new Error(`Invalid spec_file: must end in .json, .yaml, or .yml, got ${ext}`);
     }
-    const stats = fs17.statSync(resolvedPath);
+    const stats = fs18.statSync(resolvedPath);
     if (stats.size > MAX_SPEC_SIZE) {
       throw new Error(`Invalid spec_file: file exceeds ${MAX_SPEC_SIZE / 1024 / 1024}MB limit`);
     }
-    if (!fs17.existsSync(resolvedPath)) {
+    if (!fs18.existsSync(resolvedPath)) {
       throw new Error(`Spec file not found: ${resolvedPath}`);
     }
     return resolvedPath;
   }
   for (const candidate of SPEC_CANDIDATES) {
-    const candidatePath = path22.resolve(cwd, candidate);
-    if (fs17.existsSync(candidatePath)) {
-      const stats = fs17.statSync(candidatePath);
+    const candidatePath = path25.resolve(cwd, candidate);
+    if (fs18.existsSync(candidatePath)) {
+      const stats = fs18.statSync(candidatePath);
       if (stats.size <= MAX_SPEC_SIZE) {
         return candidatePath;
       }
@@ -39047,8 +38983,8 @@ function discoverSpecFile(cwd, specFileArg) {
   return null;
 }
 function parseSpec(specFile) {
-  const content = fs17.readFileSync(specFile, "utf-8");
-  const ext = path22.extname(specFile).toLowerCase();
+  const content = fs18.readFileSync(specFile, "utf-8");
+  const ext = path25.extname(specFile).toLowerCase();
   if (ext === ".json") {
     return parseJsonSpec(content);
   }
@@ -39114,12 +39050,12 @@ function extractRoutes(cwd) {
   function walkDir(dir) {
     let entries;
     try {
-      entries = fs17.readdirSync(dir, { withFileTypes: true });
+      entries = fs18.readdirSync(dir, { withFileTypes: true });
     } catch {
       return;
     }
     for (const entry of entries) {
-      const fullPath = path22.join(dir, entry.name);
+      const fullPath = path25.join(dir, entry.name);
       if (entry.isSymbolicLink()) {
         continue;
       }
@@ -39129,7 +39065,7 @@ function extractRoutes(cwd) {
         }
         walkDir(fullPath);
       } else if (entry.isFile()) {
-        const ext = path22.extname(entry.name).toLowerCase();
+        const ext = path25.extname(entry.name).toLowerCase();
         const baseName = entry.name.toLowerCase();
         if (![".ts", ".js", ".mjs"].includes(ext)) {
           continue;
@@ -39147,7 +39083,7 @@ function extractRoutes(cwd) {
 }
 function extractRoutesFromFile(filePath) {
   const routes = [];
-  const content = fs17.readFileSync(filePath, "utf-8");
+  const content = fs18.readFileSync(filePath, "utf-8");
   const lines = content.split(/\r?\n/);
   const expressRegex = /(?:app|router|server|express)\.(get|post|put|patch|delete|options|head)\s*\(\s*['"`]([^'"`]+)['"`]/g;
   const flaskRegex = /@(?:app|blueprint|bp)\.route\s*\(\s*['"]([^'"]+)['"]/g;
@@ -39294,8 +39230,8 @@ init_secretscan();
 
 // src/tools/symbols.ts
 init_tool();
-import * as fs18 from "fs";
-import * as path23 from "path";
+import * as fs19 from "fs";
+import * as path26 from "path";
 var MAX_FILE_SIZE_BYTES5 = 1024 * 1024;
 var WINDOWS_RESERVED_NAMES = /^(con|prn|aux|nul|com[1-9]|lpt[1-9])(\.|:|$)/i;
 function containsControlCharacters(str) {
@@ -39324,11 +39260,11 @@ function containsWindowsAttacks(str) {
 }
 function isPathInWorkspace(filePath, workspace) {
   try {
-    const resolvedPath = path23.resolve(workspace, filePath);
-    const realWorkspace = fs18.realpathSync(workspace);
-    const realResolvedPath = fs18.realpathSync(resolvedPath);
-    const relativePath = path23.relative(realWorkspace, realResolvedPath);
-    if (relativePath.startsWith("..") || path23.isAbsolute(relativePath)) {
+    const resolvedPath = path26.resolve(workspace, filePath);
+    const realWorkspace = fs19.realpathSync(workspace);
+    const realResolvedPath = fs19.realpathSync(resolvedPath);
+    const relativePath = path26.relative(realWorkspace, realResolvedPath);
+    if (relativePath.startsWith("..") || path26.isAbsolute(relativePath)) {
       return false;
     }
     return true;
@@ -39340,17 +39276,17 @@ function validatePathForRead(filePath, workspace) {
   return isPathInWorkspace(filePath, workspace);
 }
 function extractTSSymbols(filePath, cwd) {
-  const fullPath = path23.join(cwd, filePath);
+  const fullPath = path26.join(cwd, filePath);
   if (!validatePathForRead(fullPath, cwd)) {
     return [];
   }
   let content;
   try {
-    const stats = fs18.statSync(fullPath);
+    const stats = fs19.statSync(fullPath);
     if (stats.size > MAX_FILE_SIZE_BYTES5) {
       throw new Error(`File too large: ${stats.size} bytes (max: ${MAX_FILE_SIZE_BYTES5})`);
     }
-    content = fs18.readFileSync(fullPath, "utf-8");
+    content = fs19.readFileSync(fullPath, "utf-8");
   } catch {
     return [];
   }
@@ -39492,17 +39428,17 @@ function extractTSSymbols(filePath, cwd) {
   });
 }
 function extractPythonSymbols(filePath, cwd) {
-  const fullPath = path23.join(cwd, filePath);
+  const fullPath = path26.join(cwd, filePath);
   if (!validatePathForRead(fullPath, cwd)) {
     return [];
   }
   let content;
   try {
-    const stats = fs18.statSync(fullPath);
+    const stats = fs19.statSync(fullPath);
     if (stats.size > MAX_FILE_SIZE_BYTES5) {
       throw new Error(`File too large: ${stats.size} bytes (max: ${MAX_FILE_SIZE_BYTES5})`);
     }
-    content = fs18.readFileSync(fullPath, "utf-8");
+    content = fs19.readFileSync(fullPath, "utf-8");
   } catch {
     return [];
   }
@@ -39574,7 +39510,7 @@ var symbols = tool({
       }, null, 2);
     }
     const cwd = process.cwd();
-    const ext = path23.extname(file3);
+    const ext = path26.extname(file3);
     if (containsControlCharacters(file3)) {
       return JSON.stringify({
         file: file3,
@@ -39639,8 +39575,8 @@ init_test_runner();
 
 // src/tools/todo-extract.ts
 init_dist();
-import * as fs19 from "fs";
-import * as path24 from "path";
+import * as fs20 from "fs";
+import * as path27 from "path";
 var MAX_TEXT_LENGTH = 200;
 var MAX_FILE_SIZE_BYTES6 = 1024 * 1024;
 var SUPPORTED_EXTENSIONS2 = new Set([
@@ -39711,9 +39647,9 @@ function validatePathsInput(paths, cwd) {
     return { error: "paths contains path traversal", resolvedPath: null };
   }
   try {
-    const resolvedPath = path24.resolve(paths);
-    const normalizedCwd = path24.resolve(cwd);
-    const normalizedResolved = path24.resolve(resolvedPath);
+    const resolvedPath = path27.resolve(paths);
+    const normalizedCwd = path27.resolve(cwd);
+    const normalizedResolved = path27.resolve(resolvedPath);
     if (!normalizedResolved.startsWith(normalizedCwd)) {
       return {
         error: "paths must be within the current working directory",
@@ -39729,13 +39665,13 @@ function validatePathsInput(paths, cwd) {
   }
 }
 function isSupportedExtension(filePath) {
-  const ext = path24.extname(filePath).toLowerCase();
+  const ext = path27.extname(filePath).toLowerCase();
   return SUPPORTED_EXTENSIONS2.has(ext);
 }
 function findSourceFiles3(dir, files = []) {
   let entries;
   try {
-    entries = fs19.readdirSync(dir);
+    entries = fs20.readdirSync(dir);
   } catch {
     return files;
   }
@@ -39744,10 +39680,10 @@ function findSourceFiles3(dir, files = []) {
     if (SKIP_DIRECTORIES3.has(entry)) {
       continue;
     }
-    const fullPath = path24.join(dir, entry);
+    const fullPath = path27.join(dir, entry);
     let stat;
     try {
-      stat = fs19.statSync(fullPath);
+      stat = fs20.statSync(fullPath);
     } catch {
       continue;
     }
@@ -39840,7 +39776,7 @@ var todo_extract = tool({
       return JSON.stringify(errorResult, null, 2);
     }
     const scanPath = resolvedPath;
-    if (!fs19.existsSync(scanPath)) {
+    if (!fs20.existsSync(scanPath)) {
       const errorResult = {
         error: `path not found: ${pathsInput}`,
         total: 0,
@@ -39850,13 +39786,13 @@ var todo_extract = tool({
       return JSON.stringify(errorResult, null, 2);
     }
     const filesToScan = [];
-    const stat = fs19.statSync(scanPath);
+    const stat = fs20.statSync(scanPath);
     if (stat.isFile()) {
       if (isSupportedExtension(scanPath)) {
         filesToScan.push(scanPath);
       } else {
         const errorResult = {
-          error: `unsupported file extension: ${path24.extname(scanPath)}`,
+          error: `unsupported file extension: ${path27.extname(scanPath)}`,
           total: 0,
           byPriority: { high: 0, medium: 0, low: 0 },
           entries: []
@@ -39869,11 +39805,11 @@ var todo_extract = tool({
     const allEntries = [];
     for (const filePath of filesToScan) {
       try {
-        const fileStat = fs19.statSync(filePath);
+        const fileStat = fs20.statSync(filePath);
         if (fileStat.size > MAX_FILE_SIZE_BYTES6) {
           continue;
         }
-        const content = fs19.readFileSync(filePath, "utf-8");
+        const content = fs20.readFileSync(filePath, "utf-8");
         const entries = parseTodoComments(content, filePath, tagsSet);
         allEntries.push(...entries);
       } catch {}
@@ -39944,7 +39880,7 @@ var OpenCodeSwarm = async (ctx) => {
     const { PreflightTriggerManager: PTM } = await Promise.resolve().then(() => (init_trigger(), exports_trigger));
     preflightTriggerManager = new PTM(automationConfig);
     const { AutomationStatusArtifact: ASA } = await Promise.resolve().then(() => (init_status_artifact(), exports_status_artifact));
-    const swarmDir = path25.resolve(ctx.directory, ".swarm");
+    const swarmDir = path28.resolve(ctx.directory, ".swarm");
     statusArtifact = new ASA(swarmDir);
     statusArtifact.updateConfig(automationConfig.mode, automationConfig.capabilities);
     if (automationConfig.capabilities?.evidence_auto_summaries === true) {