opencode-swarm 7.68.1 → 7.68.2

package/dist/cli/index.js

@@ -52,7 +52,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.68.1",
+    version: "7.68.2",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -49731,7 +49731,7 @@ var init_history = __esm(() => {
   init_history_service();
 });
 
-// src/commands/issue.ts
+// src/commands/pr-ref.ts
 import { execSync as execSync2 } from "child_process";
 function sanitizeUrl(raw) {
   let urlStr = raw.trim();
@@ -49750,6 +49750,22 @@ function sanitizeUrl(raw) {
   }
   return urlStr.trim();
 }
+function sanitizeInstructions(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
+}
+function hasNonAsciiHostname(hostname5) {
+  for (const ch of hostname5) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && cp > 127)
+      return true;
+  }
+  return false;
+}
 function isPrivateHost(url3) {
   const host = url3.hostname.toLowerCase();
   if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
@@ -49782,13 +49798,182 @@ function validateAndSanitizeUrl(rawUrl) {
   if (!sanitized.startsWith("https://")) {
     return { error: "URL must use HTTPS scheme" };
   }
+  try {
+    const url3 = new URL(sanitized);
+    if (hasNonAsciiHostname(url3.hostname)) {
+      return { error: "Non-ASCII hostnames are not allowed" };
+    }
+    if (isPrivateHost(url3)) {
+      return { error: "Private or localhost URLs are not allowed" };
+    }
+    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
+    if (!githubPrPattern.test(sanitized)) {
+      return {
+        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
+      };
+    }
+    return { sanitized };
+  } catch {
+    return { error: "Invalid URL format" };
+  }
+}
+function parsePrRef(input, cwd) {
+  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
+  if (urlMatch) {
+    return {
+      owner: urlMatch[1],
+      repo: urlMatch[2],
+      number: parseInt(urlMatch[3], 10)
+    };
+  }
+  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
+  if (shorthandMatch) {
+    return {
+      owner: shorthandMatch[1],
+      repo: shorthandMatch[2],
+      number: parseInt(shorthandMatch[3], 10)
+    };
+  }
+  const bareMatch = input.match(/^(\d+)$/);
+  if (bareMatch) {
+    const prNumber = parseInt(bareMatch[1], 10);
+    const remoteUrl = detectGitRemote(cwd);
+    if (!remoteUrl) {
+      return null;
+    }
+    const parsed = parseGitRemoteUrl(remoteUrl);
+    if (!parsed) {
+      return null;
+    }
+    return {
+      owner: parsed.owner,
+      repo: parsed.repo,
+      number: prNumber
+    };
+  }
+  return null;
+}
+function detectGitRemote(cwd) {
+  try {
+    const remoteUrl = _internals23.execSync("git remote get-url origin", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 5000,
+      ...cwd ? { cwd } : {}
+    }).trim();
+    return remoteUrl || null;
+  } catch {
+    return null;
+  }
+}
+function parseGitRemoteUrl(remoteUrl) {
+  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
+  if (httpsMatch) {
+    return {
+      owner: httpsMatch[1],
+      repo: httpsMatch[2].replace(/\.git$/, "")
+    };
+  }
+  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
+  if (sshMatch) {
+    return {
+      owner: sshMatch[1],
+      repo: sshMatch[2].replace(/\.git$/, "")
+    };
+  }
+  const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
+  if (pathMatch) {
+    return {
+      owner: pathMatch[1],
+      repo: pathMatch[2].replace(/\.git$/, "")
+    };
+  }
+  return null;
+}
+function looksLikePrRef(token) {
+  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
+}
+function resolvePrCommandInput(rest, cwd) {
+  if (rest.length === 0) {
+    return null;
+  }
+  const refToken = rest[0];
+  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
+  const isFullUrl = /^https?:\/\//i.test(refToken);
+  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
+  if (!prInfo) {
+    return { error: `Could not parse PR reference from "${refToken}"` };
+  }
+  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
+  const result = validateAndSanitizeUrl(prUrl);
+  if ("error" in result) {
+    return { error: result.error };
+  }
+  return { prUrl: result.sanitized, instructions };
+}
+var _internals23, MAX_URL_LEN = 2048, MAX_INSTRUCTIONS_LEN = 1000;
+var init_pr_ref = __esm(() => {
+  _internals23 = { execSync: execSync2 };
+});
+
+// src/commands/issue.ts
+import { execSync as execSync3 } from "child_process";
+function sanitizeUrl2(raw) {
+  let urlStr = raw.trim();
+  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const fragmentIdx = urlStr.indexOf("#");
+  if (fragmentIdx !== -1) {
+    urlStr = urlStr.slice(0, fragmentIdx);
+  }
+  const queryIdx = urlStr.indexOf("?");
+  if (queryIdx !== -1) {
+    urlStr = urlStr.slice(0, queryIdx);
+  }
+  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
+  if (urlStr.length > MAX_URL_LEN2) {
+    urlStr = urlStr.slice(0, MAX_URL_LEN2);
+  }
+  return urlStr.trim();
+}
+function isPrivateHost2(url3) {
+  const host = url3.hostname.toLowerCase();
+  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
+    return true;
+  }
+  if (host.startsWith("localhost") || host === "localhost.com") {
+    return true;
+  }
+  const ipv4Private = /^10\./;
+  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
+  const ipv4192 = /^192\.168\./;
+  const ipv6Private = /^fe80:/i;
+  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
+  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
+    return true;
+  }
+  if (host.startsWith("::ffff:")) {
+    const inner = host.slice(7);
+    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
+      return true;
+    }
+  }
+  return false;
+}
+function validateAndSanitizeUrl2(rawUrl) {
+  const sanitized = sanitizeUrl2(rawUrl);
+  if (!sanitized) {
+    return { error: "Empty URL" };
+  }
+  if (!sanitized.startsWith("https://")) {
+    return { error: "URL must use HTTPS scheme" };
+  }
   try {
     const url3 = new URL(sanitized);
     const hostname5 = url3.hostname;
     if (/[\u0080-\u{10FFFF}]/u.test(hostname5)) {
       return { error: "Non-ASCII hostnames are not allowed" };
     }
-    if (isPrivateHost(url3)) {
+    if (isPrivateHost2(url3)) {
       return { error: "Private or localhost URLs are not allowed" };
     }
     const githubIssuePattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/([0-9]+)\/?$/;
@@ -49847,7 +50032,7 @@ function parseIssueRef(input) {
   const bareMatch = input.match(/^(\d+)$/);
   if (bareMatch) {
     const issueNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote();
+    const remoteUrl = detectGitRemote2();
     if (!remoteUrl) {
       return null;
     }
@@ -49863,9 +50048,9 @@ function parseIssueRef(input) {
   }
   return null;
 }
-function detectGitRemote() {
+function detectGitRemote2() {
   try {
-    const remoteUrl = execSync2("git remote get-url origin", {
+    const remoteUrl = execSync3("git remote get-url origin", {
       encoding: "utf-8",
       stdio: ["pipe", "pipe", "pipe"],
       timeout: 5000
@@ -49875,23 +50060,6 @@ function detectGitRemote() {
     return null;
   }
 }
-function parseGitRemoteUrl(remoteUrl) {
-  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
-  if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
-  if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
-  }
-  return null;
-}
 function handleIssueCommand(_directory, args) {
   const parsed = parseArgs5(args);
   const rawInput = parsed.rest.join(" ").trim();
@@ -49899,14 +50067,14 @@ function handleIssueCommand(_directory, args) {
     return USAGE5;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
-  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput);
+  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
   if (!issueInfo) {
     return `Error: Could not parse issue reference from "${rawInput}"
 
 ${USAGE5}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
-  const result = validateAndSanitizeUrl(issueUrl);
+  const result = validateAndSanitizeUrl2(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
@@ -49922,8 +50090,9 @@ ${USAGE5}`;
   const flagsStr = flags.length > 0 ? ` ${flags.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN = 2048, USAGE5;
+var MAX_URL_LEN2 = 2048, USAGE5;
 var init_issue = __esm(() => {
+  init_pr_ref();
   USAGE5 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
@@ -49991,9 +50160,9 @@ async function migrateContextToKnowledge(directory, config3) {
       skippedReason: "empty-context"
     };
   }
-  const rawEntries = _internals23.parseContextMd(contextContent);
+  const rawEntries = _internals24.parseContextMd(contextContent);
   if (rawEntries.length === 0) {
-    await _internals23.writeSentinel(sentinelPath, 0, 0);
+    await _internals24.writeSentinel(sentinelPath, 0, 0);
     return {
       migrated: true,
       entriesMigrated: 0,
@@ -50004,10 +50173,10 @@ async function migrateContextToKnowledge(directory, config3) {
   const existing = await readKnowledge(knowledgePath);
   let migrated = 0;
   let dropped = 0;
-  const projectName = _internals23.inferProjectName(directory);
+  const projectName = _internals24.inferProjectName(directory);
   for (const raw of rawEntries) {
     if (config3.validation_enabled !== false) {
-      const category = raw.categoryHint ?? _internals23.inferCategoryFromText(raw.text);
+      const category = raw.categoryHint ?? _internals24.inferCategoryFromText(raw.text);
       const result = validateLesson(raw.text, existing.map((e) => e.lesson), {
         category,
         scope: "global",
@@ -50027,8 +50196,8 @@ async function migrateContextToKnowledge(directory, config3) {
     const entry = {
       id: randomUUID3(),
       tier: "swarm",
-      lesson: _internals23.truncateLesson(raw.text),
-      category: raw.categoryHint ?? _internals23.inferCategoryFromText(raw.text),
+      lesson: _internals24.truncateLesson(raw.text),
+      category: raw.categoryHint ?? _internals24.inferCategoryFromText(raw.text),
       tags: [...inferredTags, `migration:${raw.sourceSection}`],
       scope: "global",
       confidence: 0.3,
@@ -50051,7 +50220,7 @@ async function migrateContextToKnowledge(directory, config3) {
   if (migrated > 0) {
     await rewriteKnowledge(knowledgePath, existing);
   }
-  await _internals23.writeSentinel(sentinelPath, migrated, dropped);
+  await _internals24.writeSentinel(sentinelPath, migrated, dropped);
   log(`[knowledge-migrator] Migrated ${migrated} entries, dropped ${dropped}`);
   return {
     migrated: true,
@@ -50061,7 +50230,7 @@ async function migrateContextToKnowledge(directory, config3) {
   };
 }
 async function migrateHiveKnowledgeLegacy(config3) {
-  const legacyHivePath = _internals23.resolveLegacyHiveKnowledgePath();
+  const legacyHivePath = _internals24.resolveLegacyHiveKnowledgePath();
   const canonicalHivePath = resolveHiveKnowledgePath();
   const sentinelPath = path37.join(path37.dirname(canonicalHivePath), ".hive-knowledge-migrated");
   if (existsSync25(sentinelPath)) {
@@ -50084,7 +50253,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
   }
   const legacyEntries = await readKnowledge(legacyHivePath);
   if (legacyEntries.length === 0) {
-    await _internals23.writeSentinel(sentinelPath, 0, 0);
+    await _internals24.writeSentinel(sentinelPath, 0, 0);
     return {
       migrated: true,
       entriesMigrated: 0,
@@ -50132,7 +50301,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
       const newHiveEntry = {
         id: resolvedId,
         tier: "hive",
-        lesson: _internals23.truncateLesson(lesson),
+        lesson: _internals24.truncateLesson(lesson),
         category,
         tags: ["migration:legacy-hive"],
         scope: scopeTag,
@@ -50151,7 +50320,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
         encounter_score: 1
       };
       try {
-        await _internals23.appendKnowledge(canonicalHivePath, newHiveEntry);
+        await _internals24.appendKnowledge(canonicalHivePath, newHiveEntry);
         existingHiveEntries.push(newHiveEntry);
         migrated++;
       } catch (appendError) {
@@ -50167,7 +50336,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
       dropped++;
     }
   }
-  await _internals23.writeSentinel(sentinelPath, migrated, dropped);
+  await _internals24.writeSentinel(sentinelPath, migrated, dropped);
   log(`[knowledge-migrator] Migrated ${migrated} legacy hive entries, dropped ${dropped}`);
   return {
     migrated: true,
@@ -50178,7 +50347,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
   };
 }
 function parseContextMd(content) {
-  const sections = _internals23.splitIntoSections(content);
+  const sections = _internals24.splitIntoSections(content);
   const entries = [];
   const seen = new Set;
   const sectionPatterns = [
@@ -50194,7 +50363,7 @@ function parseContextMd(content) {
     const match = sectionPatterns.find((sp) => sp.pattern.test(section.heading));
     if (!match)
       continue;
-    const bullets = _internals23.extractBullets(section.body);
+    const bullets = _internals24.extractBullets(section.body);
     for (const bullet of bullets) {
       if (bullet.length < 15)
         continue;
@@ -50203,9 +50372,9 @@ function parseContextMd(content) {
         continue;
       seen.add(normalized);
       entries.push({
-        text: _internals23.truncateLesson(bullet),
+        text: _internals24.truncateLesson(bullet),
         sourceSection: match.sourceSection,
-        categoryHint: _internals23.inferCategoryFromText(bullet)
+        categoryHint: _internals24.inferCategoryFromText(bullet)
       });
     }
   }
@@ -50311,12 +50480,12 @@ function resolveLegacyHiveKnowledgePath() {
   }
   return path37.join(dataDir, "hive-knowledge.jsonl");
 }
-var _internals23;
+var _internals24;
 var init_knowledge_migrator = __esm(() => {
   init_logger();
   init_knowledge_store();
   init_knowledge_validator();
-  _internals23 = {
+  _internals24 = {
     appendKnowledge,
     migrateContextToKnowledge,
     migrateKnowledgeToExternal,
@@ -53833,9 +54002,9 @@ var init_memory2 = __esm(() => {
 
 // src/services/plan-service.ts
 async function getPlanData(directory, phaseArg) {
-  const plan = await _internals24.loadPlanJsonOnly(directory);
+  const plan = await _internals25.loadPlanJsonOnly(directory);
   if (plan) {
-    const fullMarkdown = _internals24.derivePlanMarkdown(plan);
+    const fullMarkdown = _internals25.derivePlanMarkdown(plan);
     if (phaseArg === undefined || phaseArg === null || phaseArg === "") {
       return {
         hasPlan: true,
@@ -53878,7 +54047,7 @@ async function getPlanData(directory, phaseArg) {
       isLegacy: false
     };
   }
-  const planContent = await _internals24.readSwarmFileAsync(directory, "plan.md");
+  const planContent = await _internals25.readSwarmFileAsync(directory, "plan.md");
   if (!planContent) {
     return {
       hasPlan: false,
@@ -53974,11 +54143,11 @@ async function handlePlanCommand(directory, args) {
   const planData = await getPlanData(directory, phaseArg);
   return formatPlanMarkdown(planData);
 }
-var _internals24;
+var _internals25;
 var init_plan_service = __esm(() => {
   init_utils2();
   init_manager();
-  _internals24 = {
+  _internals25 = {
     loadPlanJsonOnly,
     derivePlanMarkdown,
     readSwarmFileAsync
@@ -53990,191 +54159,6 @@ var init_plan = __esm(() => {
   init_plan_service();
 });
 
-// src/commands/pr-ref.ts
-import { execSync as execSync3 } from "child_process";
-function sanitizeUrl2(raw) {
-  let urlStr = raw.trim();
-  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const fragmentIdx = urlStr.indexOf("#");
-  if (fragmentIdx !== -1) {
-    urlStr = urlStr.slice(0, fragmentIdx);
-  }
-  const queryIdx = urlStr.indexOf("?");
-  if (queryIdx !== -1) {
-    urlStr = urlStr.slice(0, queryIdx);
-  }
-  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
-  if (urlStr.length > MAX_URL_LEN2) {
-    urlStr = urlStr.slice(0, MAX_URL_LEN2);
-  }
-  return urlStr.trim();
-}
-function sanitizeInstructions(raw) {
-  const collapsed = raw.replace(/\s+/g, " ").trim();
-  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const normalized = stripped.replace(/\s+/g, " ").trim();
-  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
-    return normalized;
-  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
-}
-function hasNonAsciiHostname(hostname5) {
-  for (const ch of hostname5) {
-    const cp = ch.codePointAt(0);
-    if (cp !== undefined && cp > 127)
-      return true;
-  }
-  return false;
-}
-function isPrivateHost2(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
-    return true;
-  }
-  if (host.startsWith("localhost") || host === "localhost.com") {
-    return true;
-  }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
-    return true;
-  }
-  if (host.startsWith("::ffff:")) {
-    const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
-      return true;
-    }
-  }
-  return false;
-}
-function validateAndSanitizeUrl2(rawUrl) {
-  const sanitized = sanitizeUrl2(rawUrl);
-  if (!sanitized) {
-    return { error: "Empty URL" };
-  }
-  if (!sanitized.startsWith("https://")) {
-    return { error: "URL must use HTTPS scheme" };
-  }
-  try {
-    const url3 = new URL(sanitized);
-    if (hasNonAsciiHostname(url3.hostname)) {
-      return { error: "Non-ASCII hostnames are not allowed" };
-    }
-    if (isPrivateHost2(url3)) {
-      return { error: "Private or localhost URLs are not allowed" };
-    }
-    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
-    if (!githubPrPattern.test(sanitized)) {
-      return {
-        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
-      };
-    }
-    return { sanitized };
-  } catch {
-    return { error: "Invalid URL format" };
-  }
-}
-function parsePrRef(input, cwd) {
-  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
-  if (urlMatch) {
-    return {
-      owner: urlMatch[1],
-      repo: urlMatch[2],
-      number: parseInt(urlMatch[3], 10)
-    };
-  }
-  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
-  if (shorthandMatch) {
-    return {
-      owner: shorthandMatch[1],
-      repo: shorthandMatch[2],
-      number: parseInt(shorthandMatch[3], 10)
-    };
-  }
-  const bareMatch = input.match(/^(\d+)$/);
-  if (bareMatch) {
-    const prNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote2(cwd);
-    if (!remoteUrl) {
-      return null;
-    }
-    const parsed = parseGitRemoteUrl2(remoteUrl);
-    if (!parsed) {
-      return null;
-    }
-    return {
-      owner: parsed.owner,
-      repo: parsed.repo,
-      number: prNumber
-    };
-  }
-  return null;
-}
-function detectGitRemote2(cwd) {
-  try {
-    const remoteUrl = _internals25.execSync("git remote get-url origin", {
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 5000,
-      ...cwd ? { cwd } : {}
-    }).trim();
-    return remoteUrl || null;
-  } catch {
-    return null;
-  }
-}
-function parseGitRemoteUrl2(remoteUrl) {
-  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
-  if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
-  if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
-  if (pathMatch) {
-    return {
-      owner: pathMatch[1],
-      repo: pathMatch[2].replace(/\.git$/, "")
-    };
-  }
-  return null;
-}
-function looksLikePrRef(token) {
-  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
-}
-function resolvePrCommandInput(rest, cwd) {
-  if (rest.length === 0) {
-    return null;
-  }
-  const refToken = rest[0];
-  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
-  const isFullUrl = /^https?:\/\//i.test(refToken);
-  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl2(refToken) : refToken, cwd);
-  if (!prInfo) {
-    return { error: `Could not parse PR reference from "${refToken}"` };
-  }
-  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
-  const result = validateAndSanitizeUrl2(prUrl);
-  if ("error" in result) {
-    return { error: result.error };
-  }
-  return { prUrl: result.sanitized, instructions };
-}
-var _internals25, MAX_URL_LEN2 = 2048, MAX_INSTRUCTIONS_LEN = 1000;
-var init_pr_ref = __esm(() => {
-  _internals25 = { execSync: execSync3 };
-});
-
 // src/commands/pr-feedback.ts
 function handlePrFeedbackCommand(directory, args) {
   const rest = args.filter((t) => t.trim().length > 0);

package/dist/index.js

@@ -69,7 +69,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.68.1",
+    version: "7.68.2",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -73712,7 +73712,7 @@ var init_history = __esm(() => {
   init_history_service();
 });
 
-// src/commands/issue.ts
+// src/commands/pr-ref.ts
 import { execSync as execSync2 } from "node:child_process";
 function sanitizeUrl(raw) {
   let urlStr = raw.trim();
@@ -73731,6 +73731,22 @@ function sanitizeUrl(raw) {
   }
   return urlStr.trim();
 }
+function sanitizeInstructions(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}…`;
+}
+function hasNonAsciiHostname(hostname5) {
+  for (const ch of hostname5) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && cp > 127)
+      return true;
+  }
+  return false;
+}
 function isPrivateHost(url3) {
   const host = url3.hostname.toLowerCase();
   if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
@@ -73763,13 +73779,182 @@ function validateAndSanitizeUrl(rawUrl) {
   if (!sanitized.startsWith("https://")) {
     return { error: "URL must use HTTPS scheme" };
   }
+  try {
+    const url3 = new URL(sanitized);
+    if (hasNonAsciiHostname(url3.hostname)) {
+      return { error: "Non-ASCII hostnames are not allowed" };
+    }
+    if (isPrivateHost(url3)) {
+      return { error: "Private or localhost URLs are not allowed" };
+    }
+    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
+    if (!githubPrPattern.test(sanitized)) {
+      return {
+        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
+      };
+    }
+    return { sanitized };
+  } catch {
+    return { error: "Invalid URL format" };
+  }
+}
+function parsePrRef(input, cwd) {
+  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
+  if (urlMatch) {
+    return {
+      owner: urlMatch[1],
+      repo: urlMatch[2],
+      number: parseInt(urlMatch[3], 10)
+    };
+  }
+  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
+  if (shorthandMatch) {
+    return {
+      owner: shorthandMatch[1],
+      repo: shorthandMatch[2],
+      number: parseInt(shorthandMatch[3], 10)
+    };
+  }
+  const bareMatch = input.match(/^(\d+)$/);
+  if (bareMatch) {
+    const prNumber = parseInt(bareMatch[1], 10);
+    const remoteUrl = detectGitRemote(cwd);
+    if (!remoteUrl) {
+      return null;
+    }
+    const parsed = parseGitRemoteUrl(remoteUrl);
+    if (!parsed) {
+      return null;
+    }
+    return {
+      owner: parsed.owner,
+      repo: parsed.repo,
+      number: prNumber
+    };
+  }
+  return null;
+}
+function detectGitRemote(cwd) {
+  try {
+    const remoteUrl = _internals35.execSync("git remote get-url origin", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 5000,
+      ...cwd ? { cwd } : {}
+    }).trim();
+    return remoteUrl || null;
+  } catch {
+    return null;
+  }
+}
+function parseGitRemoteUrl(remoteUrl) {
+  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
+  if (httpsMatch) {
+    return {
+      owner: httpsMatch[1],
+      repo: httpsMatch[2].replace(/\.git$/, "")
+    };
+  }
+  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
+  if (sshMatch) {
+    return {
+      owner: sshMatch[1],
+      repo: sshMatch[2].replace(/\.git$/, "")
+    };
+  }
+  const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
+  if (pathMatch) {
+    return {
+      owner: pathMatch[1],
+      repo: pathMatch[2].replace(/\.git$/, "")
+    };
+  }
+  return null;
+}
+function looksLikePrRef(token) {
+  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
+}
+function resolvePrCommandInput(rest, cwd) {
+  if (rest.length === 0) {
+    return null;
+  }
+  const refToken = rest[0];
+  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
+  const isFullUrl = /^https?:\/\//i.test(refToken);
+  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
+  if (!prInfo) {
+    return { error: `Could not parse PR reference from "${refToken}"` };
+  }
+  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
+  const result = validateAndSanitizeUrl(prUrl);
+  if ("error" in result) {
+    return { error: result.error };
+  }
+  return { prUrl: result.sanitized, instructions };
+}
+var _internals35, MAX_URL_LEN = 2048, MAX_INSTRUCTIONS_LEN = 1000;
+var init_pr_ref = __esm(() => {
+  _internals35 = { execSync: execSync2 };
+});
+
+// src/commands/issue.ts
+import { execSync as execSync3 } from "node:child_process";
+function sanitizeUrl2(raw) {
+  let urlStr = raw.trim();
+  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const fragmentIdx = urlStr.indexOf("#");
+  if (fragmentIdx !== -1) {
+    urlStr = urlStr.slice(0, fragmentIdx);
+  }
+  const queryIdx = urlStr.indexOf("?");
+  if (queryIdx !== -1) {
+    urlStr = urlStr.slice(0, queryIdx);
+  }
+  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
+  if (urlStr.length > MAX_URL_LEN2) {
+    urlStr = urlStr.slice(0, MAX_URL_LEN2);
+  }
+  return urlStr.trim();
+}
+function isPrivateHost2(url3) {
+  const host = url3.hostname.toLowerCase();
+  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
+    return true;
+  }
+  if (host.startsWith("localhost") || host === "localhost.com") {
+    return true;
+  }
+  const ipv4Private = /^10\./;
+  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
+  const ipv4192 = /^192\.168\./;
+  const ipv6Private = /^fe80:/i;
+  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
+  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
+    return true;
+  }
+  if (host.startsWith("::ffff:")) {
+    const inner = host.slice(7);
+    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
+      return true;
+    }
+  }
+  return false;
+}
+function validateAndSanitizeUrl2(rawUrl) {
+  const sanitized = sanitizeUrl2(rawUrl);
+  if (!sanitized) {
+    return { error: "Empty URL" };
+  }
+  if (!sanitized.startsWith("https://")) {
+    return { error: "URL must use HTTPS scheme" };
+  }
   try {
     const url3 = new URL(sanitized);
     const hostname5 = url3.hostname;
     if (/[\u0080-\u{10FFFF}]/u.test(hostname5)) {
       return { error: "Non-ASCII hostnames are not allowed" };
     }
-    if (isPrivateHost(url3)) {
+    if (isPrivateHost2(url3)) {
       return { error: "Private or localhost URLs are not allowed" };
     }
     const githubIssuePattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/([0-9]+)\/?$/;
@@ -73828,7 +74013,7 @@ function parseIssueRef(input) {
   const bareMatch = input.match(/^(\d+)$/);
   if (bareMatch) {
     const issueNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote();
+    const remoteUrl = detectGitRemote2();
     if (!remoteUrl) {
       return null;
     }
@@ -73844,9 +74029,9 @@ function parseIssueRef(input) {
   }
   return null;
 }
-function detectGitRemote() {
+function detectGitRemote2() {
   try {
-    const remoteUrl = execSync2("git remote get-url origin", {
+    const remoteUrl = execSync3("git remote get-url origin", {
       encoding: "utf-8",
       stdio: ["pipe", "pipe", "pipe"],
       timeout: 5000
@@ -73856,23 +74041,6 @@ function detectGitRemote() {
     return null;
   }
 }
-function parseGitRemoteUrl(remoteUrl) {
-  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
-  if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
-  if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
-  }
-  return null;
-}
 function handleIssueCommand(_directory, args2) {
   const parsed = parseArgs5(args2);
   const rawInput = parsed.rest.join(" ").trim();
@@ -73880,14 +74048,14 @@ function handleIssueCommand(_directory, args2) {
     return USAGE5;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
-  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput);
+  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
   if (!issueInfo) {
     return `Error: Could not parse issue reference from "${rawInput}"
 
 ${USAGE5}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
-  const result = validateAndSanitizeUrl(issueUrl);
+  const result = validateAndSanitizeUrl2(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
@@ -73903,8 +74071,9 @@ ${USAGE5}`;
   const flagsStr = flags2.length > 0 ? ` ${flags2.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN = 2048, USAGE5;
+var MAX_URL_LEN2 = 2048, USAGE5;
 var init_issue = __esm(() => {
+  init_pr_ref();
   USAGE5 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
@@ -73972,9 +74141,9 @@ async function migrateContextToKnowledge(directory, config3) {
       skippedReason: "empty-context"
     };
   }
-  const rawEntries = _internals35.parseContextMd(contextContent);
+  const rawEntries = _internals36.parseContextMd(contextContent);
   if (rawEntries.length === 0) {
-    await _internals35.writeSentinel(sentinelPath, 0, 0);
+    await _internals36.writeSentinel(sentinelPath, 0, 0);
     return {
       migrated: true,
       entriesMigrated: 0,
@@ -73985,10 +74154,10 @@ async function migrateContextToKnowledge(directory, config3) {
   const existing = await readKnowledge(knowledgePath);
   let migrated = 0;
   let dropped = 0;
-  const projectName = _internals35.inferProjectName(directory);
+  const projectName = _internals36.inferProjectName(directory);
   for (const raw of rawEntries) {
     if (config3.validation_enabled !== false) {
-      const category = raw.categoryHint ?? _internals35.inferCategoryFromText(raw.text);
+      const category = raw.categoryHint ?? _internals36.inferCategoryFromText(raw.text);
       const result = validateLesson(raw.text, existing.map((e) => e.lesson), {
         category,
         scope: "global",
@@ -74008,8 +74177,8 @@ async function migrateContextToKnowledge(directory, config3) {
     const entry = {
       id: randomUUID6(),
       tier: "swarm",
-      lesson: _internals35.truncateLesson(raw.text),
-      category: raw.categoryHint ?? _internals35.inferCategoryFromText(raw.text),
+      lesson: _internals36.truncateLesson(raw.text),
+      category: raw.categoryHint ?? _internals36.inferCategoryFromText(raw.text),
       tags: [...inferredTags, `migration:${raw.sourceSection}`],
       scope: "global",
       confidence: 0.3,
@@ -74032,7 +74201,7 @@ async function migrateContextToKnowledge(directory, config3) {
   if (migrated > 0) {
     await rewriteKnowledge(knowledgePath, existing);
   }
-  await _internals35.writeSentinel(sentinelPath, migrated, dropped);
+  await _internals36.writeSentinel(sentinelPath, migrated, dropped);
   log(`[knowledge-migrator] Migrated ${migrated} entries, dropped ${dropped}`);
   return {
     migrated: true,
@@ -74042,7 +74211,7 @@ async function migrateContextToKnowledge(directory, config3) {
   };
 }
 async function migrateHiveKnowledgeLegacy(config3) {
-  const legacyHivePath = _internals35.resolveLegacyHiveKnowledgePath();
+  const legacyHivePath = _internals36.resolveLegacyHiveKnowledgePath();
   const canonicalHivePath = resolveHiveKnowledgePath();
   const sentinelPath = path53.join(path53.dirname(canonicalHivePath), ".hive-knowledge-migrated");
   if (existsSync32(sentinelPath)) {
@@ -74065,7 +74234,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
   }
   const legacyEntries = await readKnowledge(legacyHivePath);
   if (legacyEntries.length === 0) {
-    await _internals35.writeSentinel(sentinelPath, 0, 0);
+    await _internals36.writeSentinel(sentinelPath, 0, 0);
     return {
       migrated: true,
       entriesMigrated: 0,
@@ -74113,7 +74282,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
       const newHiveEntry = {
         id: resolvedId,
         tier: "hive",
-        lesson: _internals35.truncateLesson(lesson),
+        lesson: _internals36.truncateLesson(lesson),
         category,
         tags: ["migration:legacy-hive"],
         scope: scopeTag,
@@ -74132,7 +74301,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
         encounter_score: 1
       };
       try {
-        await _internals35.appendKnowledge(canonicalHivePath, newHiveEntry);
+        await _internals36.appendKnowledge(canonicalHivePath, newHiveEntry);
         existingHiveEntries.push(newHiveEntry);
         migrated++;
       } catch (appendError) {
@@ -74148,7 +74317,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
       dropped++;
     }
   }
-  await _internals35.writeSentinel(sentinelPath, migrated, dropped);
+  await _internals36.writeSentinel(sentinelPath, migrated, dropped);
   log(`[knowledge-migrator] Migrated ${migrated} legacy hive entries, dropped ${dropped}`);
   return {
     migrated: true,
@@ -74159,7 +74328,7 @@ async function migrateHiveKnowledgeLegacy(config3) {
   };
 }
 function parseContextMd(content) {
-  const sections = _internals35.splitIntoSections(content);
+  const sections = _internals36.splitIntoSections(content);
   const entries = [];
   const seen = new Set;
   const sectionPatterns = [
@@ -74175,7 +74344,7 @@ function parseContextMd(content) {
     const match = sectionPatterns.find((sp) => sp.pattern.test(section.heading));
     if (!match)
       continue;
-    const bullets = _internals35.extractBullets(section.body);
+    const bullets = _internals36.extractBullets(section.body);
     for (const bullet of bullets) {
       if (bullet.length < 15)
         continue;
@@ -74184,9 +74353,9 @@ function parseContextMd(content) {
         continue;
       seen.add(normalized);
       entries.push({
-        text: _internals35.truncateLesson(bullet),
+        text: _internals36.truncateLesson(bullet),
         sourceSection: match.sourceSection,
-        categoryHint: _internals35.inferCategoryFromText(bullet)
+        categoryHint: _internals36.inferCategoryFromText(bullet)
       });
     }
   }
@@ -74292,12 +74461,12 @@ function resolveLegacyHiveKnowledgePath() {
   }
   return path53.join(dataDir, "hive-knowledge.jsonl");
 }
-var _internals35;
+var _internals36;
 var init_knowledge_migrator = __esm(() => {
   init_logger();
   init_knowledge_store();
   init_knowledge_validator();
-  _internals35 = {
+  _internals36 = {
     appendKnowledge,
     migrateContextToKnowledge,
     migrateKnowledgeToExternal,
@@ -78805,9 +78974,9 @@ var init_memory2 = __esm(() => {
 
 // src/services/plan-service.ts
 async function getPlanData(directory, phaseArg) {
-  const plan = await _internals36.loadPlanJsonOnly(directory);
+  const plan = await _internals37.loadPlanJsonOnly(directory);
   if (plan) {
-    const fullMarkdown = _internals36.derivePlanMarkdown(plan);
+    const fullMarkdown = _internals37.derivePlanMarkdown(plan);
     if (phaseArg === undefined || phaseArg === null || phaseArg === "") {
       return {
         hasPlan: true,
@@ -78850,7 +79019,7 @@ async function getPlanData(directory, phaseArg) {
       isLegacy: false
     };
   }
-  const planContent = await _internals36.readSwarmFileAsync(directory, "plan.md");
+  const planContent = await _internals37.readSwarmFileAsync(directory, "plan.md");
   if (!planContent) {
     return {
       hasPlan: false,
@@ -78946,11 +79115,11 @@ async function handlePlanCommand(directory, args2) {
   const planData = await getPlanData(directory, phaseArg);
   return formatPlanMarkdown(planData);
 }
-var _internals36;
+var _internals37;
 var init_plan_service = __esm(() => {
   init_utils2();
   init_manager();
-  _internals36 = {
+  _internals37 = {
     loadPlanJsonOnly,
     derivePlanMarkdown,
     readSwarmFileAsync
@@ -78962,191 +79131,6 @@ var init_plan = __esm(() => {
   init_plan_service();
 });
 
-// src/commands/pr-ref.ts
-import { execSync as execSync3 } from "node:child_process";
-function sanitizeUrl2(raw) {
-  let urlStr = raw.trim();
-  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const fragmentIdx = urlStr.indexOf("#");
-  if (fragmentIdx !== -1) {
-    urlStr = urlStr.slice(0, fragmentIdx);
-  }
-  const queryIdx = urlStr.indexOf("?");
-  if (queryIdx !== -1) {
-    urlStr = urlStr.slice(0, queryIdx);
-  }
-  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
-  if (urlStr.length > MAX_URL_LEN2) {
-    urlStr = urlStr.slice(0, MAX_URL_LEN2);
-  }
-  return urlStr.trim();
-}
-function sanitizeInstructions(raw) {
-  const collapsed = raw.replace(/\s+/g, " ").trim();
-  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const normalized = stripped.replace(/\s+/g, " ").trim();
-  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
-    return normalized;
-  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}…`;
-}
-function hasNonAsciiHostname(hostname5) {
-  for (const ch of hostname5) {
-    const cp = ch.codePointAt(0);
-    if (cp !== undefined && cp > 127)
-      return true;
-  }
-  return false;
-}
-function isPrivateHost2(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
-    return true;
-  }
-  if (host.startsWith("localhost") || host === "localhost.com") {
-    return true;
-  }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
-    return true;
-  }
-  if (host.startsWith("::ffff:")) {
-    const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
-      return true;
-    }
-  }
-  return false;
-}
-function validateAndSanitizeUrl2(rawUrl) {
-  const sanitized = sanitizeUrl2(rawUrl);
-  if (!sanitized) {
-    return { error: "Empty URL" };
-  }
-  if (!sanitized.startsWith("https://")) {
-    return { error: "URL must use HTTPS scheme" };
-  }
-  try {
-    const url3 = new URL(sanitized);
-    if (hasNonAsciiHostname(url3.hostname)) {
-      return { error: "Non-ASCII hostnames are not allowed" };
-    }
-    if (isPrivateHost2(url3)) {
-      return { error: "Private or localhost URLs are not allowed" };
-    }
-    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
-    if (!githubPrPattern.test(sanitized)) {
-      return {
-        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
-      };
-    }
-    return { sanitized };
-  } catch {
-    return { error: "Invalid URL format" };
-  }
-}
-function parsePrRef(input, cwd) {
-  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
-  if (urlMatch) {
-    return {
-      owner: urlMatch[1],
-      repo: urlMatch[2],
-      number: parseInt(urlMatch[3], 10)
-    };
-  }
-  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
-  if (shorthandMatch) {
-    return {
-      owner: shorthandMatch[1],
-      repo: shorthandMatch[2],
-      number: parseInt(shorthandMatch[3], 10)
-    };
-  }
-  const bareMatch = input.match(/^(\d+)$/);
-  if (bareMatch) {
-    const prNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote2(cwd);
-    if (!remoteUrl) {
-      return null;
-    }
-    const parsed = parseGitRemoteUrl2(remoteUrl);
-    if (!parsed) {
-      return null;
-    }
-    return {
-      owner: parsed.owner,
-      repo: parsed.repo,
-      number: prNumber
-    };
-  }
-  return null;
-}
-function detectGitRemote2(cwd) {
-  try {
-    const remoteUrl = _internals37.execSync("git remote get-url origin", {
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 5000,
-      ...cwd ? { cwd } : {}
-    }).trim();
-    return remoteUrl || null;
-  } catch {
-    return null;
-  }
-}
-function parseGitRemoteUrl2(remoteUrl) {
-  const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
-  if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
-  if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
-  }
-  const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
-  if (pathMatch) {
-    return {
-      owner: pathMatch[1],
-      repo: pathMatch[2].replace(/\.git$/, "")
-    };
-  }
-  return null;
-}
-function looksLikePrRef(token) {
-  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
-}
-function resolvePrCommandInput(rest, cwd) {
-  if (rest.length === 0) {
-    return null;
-  }
-  const refToken = rest[0];
-  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
-  const isFullUrl = /^https?:\/\//i.test(refToken);
-  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl2(refToken) : refToken, cwd);
-  if (!prInfo) {
-    return { error: `Could not parse PR reference from "${refToken}"` };
-  }
-  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
-  const result = validateAndSanitizeUrl2(prUrl);
-  if ("error" in result) {
-    return { error: result.error };
-  }
-  return { prUrl: result.sanitized, instructions };
-}
-var _internals37, MAX_URL_LEN2 = 2048, MAX_INSTRUCTIONS_LEN = 1000;
-var init_pr_ref = __esm(() => {
-  _internals37 = { execSync: execSync3 };
-});
-
 // src/commands/pr-feedback.ts
 function handlePrFeedbackCommand(directory, args2) {
   const rest = args2.filter((t) => t.trim().length > 0);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.68.1",
+	"version": "7.68.2",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",