opencode-swarm 7.73.2 → 7.73.3

package/.opencode/skills/swarm-pr-feedback/SKILL.md

@@ -61,6 +61,25 @@ final state. Expect N rounds of review for N pushes, and budget for it.
 each round's work is bounded by new findings + carried-forward items only.
 This matches how the bot actually behaves and avoids wasted cycles.
 
+### Bot Review Verification Traps
+
+When a bot or pasted review cites a code fact, verify the fact against the
+current branch before editing:
+
+- **Import/export claims:** Check the exact import path used by the changed file.
+  A symbol may be missing from an internal submodule but correctly exported by the
+  public barrel the tests or runtime actually import.
+- **Line numbers:** Treat bot line references as approximate after any follow-up
+  push or local edit. Re-locate the symbol or block with `rg` before patching.
+- **Ordering claims:** If the concern is about rule precedence, add or run a
+  direct precedence test that would fail under the wrong ordering; comments alone
+  are not enough.
+- **Disproved findings:** Do not change unrelated code to satisfy a false claim.
+  Keep the finding in the closure ledger with the source or test evidence that
+  disproves it.
+- **Cache/state claims:** Test both relevant state orders when the behavior
+  depends on cache priming, singleton state, or prior calls.
+
 ## Operating Stance
 
 Treat every review comment, CI failure, bot summary, PR body claim, and pasted note

package/dist/cli/index.js

@@ -52,7 +52,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.73.2",
+    version: "7.73.3",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -40093,6 +40093,9 @@ import * as path19 from "path";
 function resolveLogPath(directory) {
   return validateSwarmPath(directory, "skill-usage.jsonl");
 }
+function normalizeComplianceVerdict(verdict) {
+  return verdict === "violation" ? "violated" : verdict;
+}
 function appendSkillUsageEntry(directory, entry) {
   const {
     skillPath,
@@ -40163,7 +40166,9 @@ function readSkillUsageEntries(directory, options) {
     if (!trimmed)
       continue;
     try {
-      entries.push(JSON.parse(trimmed));
+      const entry = JSON.parse(trimmed);
+      entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
+      entries.push(entry);
     } catch {}
   }
   if (!options)
@@ -40222,6 +40227,7 @@ function readSkillUsageEntriesTail(directory, filters, maxBytes = TAIL_BYTES_DEF
           continue;
         try {
           const entry = JSON.parse(line);
+          entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
           if (filters.sessionID !== undefined && entry.sessionID !== filters.sessionID) {
             continue;
           }
@@ -40256,7 +40262,7 @@ function computeComplianceByVersion(entries, skillPath) {
     stats.total += 1;
     if (e.complianceVerdict === "compliant")
       stats.compliant += 1;
-    if (e.complianceVerdict === "violation")
+    if (e.complianceVerdict === "violated")
       stats.violation += 1;
   }
   for (const stats of map3.values()) {
@@ -40369,7 +40375,7 @@ async function applySkillUsageFeedback(directory, options) {
   try {
     const allEntries = readSkillUsageEntries(directory);
     const actionable = allEntries.filter((e) => {
-      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violation") {
+      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violated") {
         return false;
       }
       if (options?.sinceTimestamp && e.timestamp <= options.sinceTimestamp) {
@@ -40395,7 +40401,7 @@ async function applySkillUsageFeedback(directory, options) {
       for (const entry of entries) {
         if (entry.complianceVerdict === "compliant")
           compliantCount++;
-        else if (entry.complianceVerdict === "violation")
+        else if (entry.complianceVerdict === "violated")
           violationCount++;
       }
       if (compliantCount === 0 && violationCount === 0)
@@ -51472,8 +51478,8 @@ var init_history = __esm(() => {
   init_history_service();
 });
 
-// src/commands/pr-ref.ts
-import { execSync as execSync2 } from "child_process";
+// src/commands/_shared/url-security.ts
+import { spawnSync as spawnSync3 } from "child_process";
 function sanitizeUrl(raw) {
   let urlStr = raw.trim();
   urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
@@ -51491,13 +51497,29 @@ function sanitizeUrl(raw) {
   }
   return urlStr.trim();
 }
-function sanitizeInstructions(raw) {
-  const collapsed = raw.replace(/\s+/g, " ").trim();
-  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const normalized = stripped.replace(/\s+/g, " ").trim();
-  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
-    return normalized;
-  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
+function sanitizeErrorEcho(raw, maxLength = 80) {
+  let stripped = "";
+  for (const ch of raw) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      stripped += " ";
+      continue;
+    }
+    stripped += ch;
+  }
+  const collapsed = stripped.replace(/\s+/g, " ").trim();
+  if (collapsed.length <= maxLength)
+    return collapsed;
+  return `${collapsed.slice(0, maxLength)}\u2026`;
+}
+function containsControlCharacters(value) {
+  for (const ch of value) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      return true;
+    }
+  }
+  return false;
 }
 function hasNonAsciiHostname(hostname5) {
   for (const ch of hostname5) {
@@ -51507,31 +51529,38 @@ function hasNonAsciiHostname(hostname5) {
   }
   return false;
 }
+function isIpv4MappedPrivateHost(inner) {
+  if (IPV4_PRIVATE.test(inner) || IPV4_LOOPBACK.test(inner) || IPV4_LINK_LOCAL.test(inner) || IPV4_PRIVATE_172.test(inner) || IPV4_PRIVATE_192.test(inner) || IPV4_ZERO_NETWORK.test(inner)) {
+    return true;
+  }
+  const firstSegment = inner.split(":", 1)[0];
+  if (!firstSegment)
+    return false;
+  const firstWord = Number.parseInt(firstSegment, 16);
+  if (!Number.isFinite(firstWord))
+    return false;
+  return firstWord >= 0 && firstWord <= 255 || firstWord >= 2560 && firstWord <= 2815 || firstWord >= 32512 && firstWord <= 32767 || firstWord === 43518 || firstWord >= 44048 && firstWord <= 44063 || firstWord === 49320;
+}
 function isPrivateHost(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
+  const host = url3.hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host === "::1" || host === "0.0.0.0" || IPV4_LOOPBACK.test(host) || IPV4_ZERO_NETWORK.test(host)) {
     return true;
   }
   if (host.startsWith("localhost") || host === "localhost.com") {
     return true;
   }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
+  if (IPV4_PRIVATE.test(host) || IPV4_LINK_LOCAL.test(host) || IPV4_PRIVATE_172.test(host) || IPV4_PRIVATE_192.test(host) || IPV6_LINK_LOCAL.test(host) || IPV6_UNIQUE_LOCAL.test(host)) {
     return true;
   }
   if (host.startsWith("::ffff:")) {
     const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
+    if (isIpv4MappedPrivateHost(inner)) {
       return true;
     }
   }
   return false;
 }
-function validateAndSanitizeUrl(rawUrl) {
+function validateAndSanitizeGithubUrl(rawUrl, resource) {
   const sanitized = sanitizeUrl(rawUrl);
   if (!sanitized) {
     return { error: "Empty URL" };
@@ -51547,10 +51576,10 @@ function validateAndSanitizeUrl(rawUrl) {
     if (isPrivateHost(url3)) {
       return { error: "Private or localhost URLs are not allowed" };
     }
-    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
-    if (!githubPrPattern.test(sanitized)) {
+    const githubPattern = new RegExp(`^https:\\/\\/github\\.com\\/([^/]+)\\/([^/]+)\\/${resource}\\/([0-9]+)\\/?$`);
+    if (!githubPattern.test(sanitized)) {
       return {
-        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
+        error: resource === "issues" ? "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)" : "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
       };
     }
     return { sanitized };
@@ -51558,50 +51587,18 @@ function validateAndSanitizeUrl(rawUrl) {
     return { error: "Invalid URL format" };
   }
 }
-function parsePrRef(input, cwd) {
-  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
-  if (urlMatch) {
-    return {
-      owner: urlMatch[1],
-      repo: urlMatch[2],
-      number: parseInt(urlMatch[3], 10)
-    };
-  }
-  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
-  if (shorthandMatch) {
-    return {
-      owner: shorthandMatch[1],
-      repo: shorthandMatch[2],
-      number: parseInt(shorthandMatch[3], 10)
-    };
-  }
-  const bareMatch = input.match(/^(\d+)$/);
-  if (bareMatch) {
-    const prNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote(cwd);
-    if (!remoteUrl) {
-      return null;
-    }
-    const parsed = parseGitRemoteUrl(remoteUrl);
-    if (!parsed) {
-      return null;
-    }
-    return {
-      owner: parsed.owner,
-      repo: parsed.repo,
-      number: prNumber
-    };
-  }
-  return null;
-}
 function detectGitRemote(cwd) {
   try {
-    const remoteUrl = _internals28.execSync("git remote get-url origin", {
+    const result = _internals28.spawnSync("git", ["remote", "get-url", "origin"], {
       encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
+      stdio: ["ignore", "pipe", "pipe"],
       timeout: 5000,
       ...cwd ? { cwd } : {}
-    }).trim();
+    });
+    if (result.status !== 0 || result.error) {
+      return null;
+    }
+    const remoteUrl = (result.stdout ?? "").trim();
     return remoteUrl || null;
   } catch {
     return null;
@@ -51610,123 +51607,49 @@ function detectGitRemote(cwd) {
 function parseGitRemoteUrl(remoteUrl) {
   const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
   if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
+    const owner = httpsMatch[1];
+    const repo = httpsMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
   if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
+    const owner = sshMatch[1];
+    const repo = sshMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
   if (pathMatch) {
-    return {
-      owner: pathMatch[1],
-      repo: pathMatch[2].replace(/\.git$/, "")
-    };
+    const owner = pathMatch[1];
+    const repo = pathMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   return null;
 }
-function looksLikePrRef(token) {
-  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
-}
-function resolvePrCommandInput(rest, cwd) {
-  if (rest.length === 0) {
-    return null;
-  }
-  const refToken = rest[0];
-  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
-  const isFullUrl = /^https?:\/\//i.test(refToken);
-  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
-  if (!prInfo) {
-    return { error: `Could not parse PR reference from "${refToken}"` };
-  }
-  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
-  const result = validateAndSanitizeUrl(prUrl);
-  if ("error" in result) {
-    return { error: result.error };
-  }
-  return { prUrl: result.sanitized, instructions };
-}
-var _internals28, MAX_URL_LEN = 2048, MAX_INSTRUCTIONS_LEN = 1000;
-var init_pr_ref = __esm(() => {
-  _internals28 = { execSync: execSync2 };
+var MAX_URL_LEN = 2048, IPV4_PRIVATE, IPV4_LOOPBACK, IPV4_LINK_LOCAL, IPV4_PRIVATE_172, IPV4_PRIVATE_192, IPV4_ZERO_NETWORK, IPV6_LINK_LOCAL, IPV6_UNIQUE_LOCAL, _internals28;
+var init_url_security = __esm(() => {
+  IPV4_PRIVATE = /^10\./;
+  IPV4_LOOPBACK = /^127\./;
+  IPV4_LINK_LOCAL = /^169\.254\./;
+  IPV4_PRIVATE_172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
+  IPV4_PRIVATE_192 = /^192\.168\./;
+  IPV4_ZERO_NETWORK = /^0\./;
+  IPV6_LINK_LOCAL = /^fe80:/i;
+  IPV6_UNIQUE_LOCAL = /^f[cd][0-9a-f]{2}:/i;
+  _internals28 = { spawnSync: spawnSync3 };
 });
 
 // src/commands/issue.ts
-import { execSync as execSync3 } from "child_process";
-function sanitizeUrl2(raw) {
-  let urlStr = raw.trim();
-  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const fragmentIdx = urlStr.indexOf("#");
-  if (fragmentIdx !== -1) {
-    urlStr = urlStr.slice(0, fragmentIdx);
-  }
-  const queryIdx = urlStr.indexOf("?");
-  if (queryIdx !== -1) {
-    urlStr = urlStr.slice(0, queryIdx);
-  }
-  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
-  if (urlStr.length > MAX_URL_LEN2) {
-    urlStr = urlStr.slice(0, MAX_URL_LEN2);
-  }
-  return urlStr.trim();
-}
-function isPrivateHost2(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
-    return true;
-  }
-  if (host.startsWith("localhost") || host === "localhost.com") {
-    return true;
-  }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
-    return true;
-  }
-  if (host.startsWith("::ffff:")) {
-    const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
-      return true;
-    }
-  }
-  return false;
-}
-function validateAndSanitizeUrl2(rawUrl) {
-  const sanitized = sanitizeUrl2(rawUrl);
-  if (!sanitized) {
-    return { error: "Empty URL" };
-  }
-  if (!sanitized.startsWith("https://")) {
-    return { error: "URL must use HTTPS scheme" };
-  }
-  try {
-    const url3 = new URL(sanitized);
-    const hostname5 = url3.hostname;
-    if (/[\u0080-\u{10FFFF}]/u.test(hostname5)) {
-      return { error: "Non-ASCII hostnames are not allowed" };
-    }
-    if (isPrivateHost2(url3)) {
-      return { error: "Private or localhost URLs are not allowed" };
-    }
-    const githubIssuePattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/([0-9]+)\/?$/;
-    if (!githubIssuePattern.test(sanitized)) {
-      return {
-        error: "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)"
-      };
-    }
-    return { sanitized };
-  } catch {
-    return { error: "Invalid URL format" };
-  }
+function validateAndSanitizeUrl(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "issues");
 }
 function parseArgs6(args) {
   const out = {
@@ -51753,9 +51676,12 @@ function parseArgs6(args) {
   }
   return out;
 }
-function parseIssueRef(input) {
+function parseIssueRef(input, directory) {
   const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/(\d+)\/?$/i);
   if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
     return {
       owner: urlMatch[1],
       repo: urlMatch[2],
@@ -51764,6 +51690,9 @@ function parseIssueRef(input) {
   }
   const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
   if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
     return {
       owner: shorthandMatch[1],
       repo: shorthandMatch[2],
@@ -51773,7 +51702,7 @@ function parseIssueRef(input) {
   const bareMatch = input.match(/^(\d+)$/);
   if (bareMatch) {
     const issueNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote2();
+    const remoteUrl = detectGitRemote(directory);
     if (!remoteUrl) {
       return null;
     }
@@ -51789,33 +51718,21 @@ function parseIssueRef(input) {
   }
   return null;
 }
-function detectGitRemote2() {
-  try {
-    const remoteUrl = execSync3("git remote get-url origin", {
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 5000
-    }).trim();
-    return remoteUrl || null;
-  } catch {
-    return null;
-  }
-}
-function handleIssueCommand(_directory, args) {
+function handleIssueCommand(directory, args) {
   const parsed = parseArgs6(args);
   const rawInput = parsed.rest.join(" ").trim();
   if (!rawInput) {
     return USAGE6;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
-  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
+  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput, directory);
   if (!issueInfo) {
-    return `Error: Could not parse issue reference from "${rawInput}"
+    return `Error: Could not parse issue reference from "${sanitizeErrorEcho(rawInput)}"
 
 ${USAGE6}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
-  const result = validateAndSanitizeUrl2(issueUrl);
+  const result = validateAndSanitizeUrl(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
@@ -51831,9 +51748,9 @@ ${USAGE6}`;
   const flagsStr = flags.length > 0 ? ` ${flags.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN2 = 2048, USAGE6;
+var USAGE6;
 var init_issue = __esm(() => {
-  init_pr_ref();
+  init_url_security();
   USAGE6 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
@@ -56025,6 +55942,88 @@ var init_post_mortem = __esm(() => {
   init_curator_postmortem();
 });
 
+// src/commands/pr-ref.ts
+function sanitizeInstructions(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
+}
+function validateAndSanitizeUrl2(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "pull");
+}
+function parsePrRef(input, cwd) {
+  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
+  if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
+    return {
+      owner: urlMatch[1],
+      repo: urlMatch[2],
+      number: parseInt(urlMatch[3], 10)
+    };
+  }
+  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
+  if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
+    return {
+      owner: shorthandMatch[1],
+      repo: shorthandMatch[2],
+      number: parseInt(shorthandMatch[3], 10)
+    };
+  }
+  const bareMatch = input.match(/^(\d+)$/);
+  if (bareMatch) {
+    const prNumber = parseInt(bareMatch[1], 10);
+    const remoteUrl = detectGitRemote(cwd);
+    if (!remoteUrl) {
+      return null;
+    }
+    const parsed = parseGitRemoteUrl(remoteUrl);
+    if (!parsed) {
+      return null;
+    }
+    return {
+      owner: parsed.owner,
+      repo: parsed.repo,
+      number: prNumber
+    };
+  }
+  return null;
+}
+function looksLikePrRef(token) {
+  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
+}
+function resolvePrCommandInput(rest, cwd) {
+  if (rest.length === 0) {
+    return null;
+  }
+  const refToken = rest[0];
+  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
+  const isFullUrl = /^https?:\/\//i.test(refToken);
+  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
+  if (!prInfo) {
+    return {
+      error: `Could not parse PR reference from "${sanitizeErrorEcho(refToken)}"`
+    };
+  }
+  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
+  const result = validateAndSanitizeUrl2(prUrl);
+  if ("error" in result) {
+    return { error: result.error };
+  }
+  return { prUrl: result.sanitized, instructions };
+}
+var MAX_INSTRUCTIONS_LEN = 1000;
+var init_pr_ref = __esm(() => {
+  init_url_security();
+});
+
 // src/commands/pr-feedback.ts
 function handlePrFeedbackCommand(directory, args) {
   const rest = args.filter((t) => t.trim().length > 0);

package/dist/commands/_shared/url-security.d.ts

@@ -0,0 +1,44 @@
+import { spawnSync } from 'node:child_process';
+export declare const MAX_URL_LEN = 2048;
+export type ValidationResult = {
+    sanitized: string;
+} | {
+    error: string;
+};
+/**
+ * File-scoped indirection seam for git remote lookups.
+ */
+export declare const _internals: {
+    spawnSync: typeof spawnSync;
+};
+/**
+ * Strip query strings, fragments, injected MODE headers, and credentials from
+ * a URL string.
+ */
+export declare function sanitizeUrl(raw: string): string;
+/**
+ * Strip control characters from user-visible error echoes and bound the result.
+ */
+export declare function sanitizeErrorEcho(raw: string, maxLength?: number): string;
+export declare function containsControlCharacters(value: string): boolean;
+export declare function isIpv4MappedPrivateHost(inner: string): boolean;
+/**
+ * Blocklist of private/localhost hostnames and IP ranges.
+ */
+export declare function isPrivateHost(url: URL): boolean;
+/**
+ * Validate and sanitize a GitHub URL for a specific resource kind.
+ */
+export declare function validateAndSanitizeGithubUrl(rawUrl: string, resource: 'issues' | 'pull'): ValidationResult;
+/**
+ * Detect the `origin` remote URL from git config.
+ */
+export declare function detectGitRemote(cwd?: string): string | null;
+/**
+ * Parse owner/repo from a git remote URL.
+ */
+export declare function parseGitRemoteUrl(remoteUrl: string): {
+    owner: string;
+    repo: string;
+} | null;
+export declare function isIPv4ZeroNetwork(host: string): boolean;

package/dist/commands/issue.d.ts

@@ -10,4 +10,4 @@
  *   --no-repro    → appends noRepro=true to emitted signal
  *   no args       → returns usage string (no throw)
  */
-export declare function handleIssueCommand(_directory: string, args: string[]): string;
+export declare function handleIssueCommand(directory: string, args: string[]): string;

package/dist/commands/pr-ref.d.ts

@@ -10,20 +10,8 @@
  * fragments, and embedded credentials are stripped before the value is ever
  * placed back into a signal string.
  */
-import { execSync } from 'node:child_process';
-/**
- * File-scoped indirection seam for the subprocess call. Tests override
- * `_internals.execSync` (no `mock.module`) to assert the working directory is
- * threaded through and to simulate a missing `origin` remote.
- */
-export declare const _internals: {
-    execSync: typeof execSync;
-};
-/**
- * Strip query strings, fragments, injected MODE headers, and credentials from
- * a URL string.
- */
-export declare function sanitizeUrl(raw: string): string;
+import { _internals, detectGitRemote, parseGitRemoteUrl, sanitizeUrl, type ValidationResult } from './_shared/url-security.js';
+export { _internals, detectGitRemote, parseGitRemoteUrl, sanitizeUrl };
 /**
  * Sanitize free-text instructions so they cannot forge a competing MODE
  * header, inject control sequences, or break out of the signal line.
@@ -31,19 +19,6 @@ export declare function sanitizeUrl(raw: string): string;
  * headers, and truncates to a bounded length.
  */
 export declare function sanitizeInstructions(raw: string): string;
-/**
- * Blocklist of private/localhost hostnames and IP ranges.
- */
-export declare function isPrivateHost(url: URL): boolean;
-/**
- * Validate and sanitize a GitHub PR URL.
- * Returns the sanitized URL on success, or an error message on failure.
- */
-export type ValidationResult = {
-    sanitized: string;
-} | {
-    error: string;
-};
 export declare function validateAndSanitizeUrl(rawUrl: string): ValidationResult;
 export interface ParsedPr {
     owner: string;
@@ -57,24 +32,6 @@ export interface ParsedPr {
  * 3. Bare number: N (resolved against the `origin` git remote in `cwd`)
  */
 export declare function parsePrRef(input: string, cwd?: string): ParsedPr | null;
-/**
- * Detect the `origin` remote URL from git config.
- *
- * `cwd` should be the project directory the command was invoked for. Without it
- * the lookup runs in `process.cwd()`, which in a plugin host is frequently not
- * the repository root — so bare-number PR resolution would silently fail or
- * resolve against the wrong repo (invariant #3: subprocesses run in an explicit
- * working directory).
- */
-export declare function detectGitRemote(cwd?: string): string | null;
-/**
- * Parse owner/repo from a git remote URL.
- * Supports HTTPS (https://github.com/owner/repo.git) and SSH (git@github.com:owner/repo.git).
- */
-export declare function parseGitRemoteUrl(remoteUrl: string): {
-    owner: string;
-    repo: string;
-} | null;
 /**
  * Whether a token is *shaped* like a PR reference — a full `http(s)` URL, an
  * `owner/repo#N` shorthand, or a bare number. This is intent detection, not

package/dist/hooks/skill-usage-log.d.ts

@@ -17,7 +17,9 @@ export interface SkillUsageEntry {
     taskID: string;
     /** ISO 8601 timestamp of the event. */
     timestamp: string;
-    /** Compliance outcome — 'compliant' | 'violation' | 'partial' | 'not_checked' | custom. */
+    /** Compliance outcome — 'compliant' | 'partial' | 'violated' | 'not_checked' | custom.
+     *  Legacy on-disk entries may carry the pre-fix spelling 'violation'; these are
+     *  normalized to 'violated' on the read path (see normalizeComplianceVerdict). */
     complianceVerdict: string;
     /** Optional free-text notes from the reviewer. */
     reviewerNotes?: string;
@@ -51,6 +53,16 @@ export interface PruneResult {
     /** Error message when the write/rename step fails; absent on success. */
     error?: string;
 }
+/**
+ * Normalize a compliance verdict to the canonical spelling.
+ * The sole producer (`skill-propagation-gate.ts`) lowercases the regex
+ * capture, yielding 'violated'.  Pre-fix on-disk entries may carry the
+ * legacy spelling 'violation'; this maps them to the canonical form so
+ * that every downstream comparison can use a single string.
+ *
+ * Exported for unit-testing.
+ */
+export declare function normalizeComplianceVerdict(verdict: string): string;
 /**
  * Test-only dependency-injection seam. Tests override these without
  * `mock.module` (which leaks across files in Bun's shared test-runner).

package/dist/index.js

@@ -69,7 +69,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.73.2",
+    version: "7.73.3",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -62433,6 +62433,9 @@ import * as path37 from "node:path";
 function resolveLogPath(directory) {
   return validateSwarmPath(directory, "skill-usage.jsonl");
 }
+function normalizeComplianceVerdict(verdict) {
+  return verdict === "violation" ? "violated" : verdict;
+}
 function appendSkillUsageEntry(directory, entry) {
   const {
     skillPath,
@@ -62503,7 +62506,9 @@ function readSkillUsageEntries(directory, options) {
     if (!trimmed)
       continue;
     try {
-      entries.push(JSON.parse(trimmed));
+      const entry = JSON.parse(trimmed);
+      entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
+      entries.push(entry);
     } catch {}
   }
   if (!options)
@@ -62562,6 +62567,7 @@ function readSkillUsageEntriesTail(directory, filters, maxBytes = TAIL_BYTES_DEF
           continue;
         try {
           const entry = JSON.parse(line);
+          entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
           if (filters.sessionID !== undefined && entry.sessionID !== filters.sessionID) {
             continue;
           }
@@ -62596,7 +62602,7 @@ function computeComplianceByVersion(entries, skillPath) {
     stats.total += 1;
     if (e.complianceVerdict === "compliant")
       stats.compliant += 1;
-    if (e.complianceVerdict === "violation")
+    if (e.complianceVerdict === "violated")
       stats.violation += 1;
   }
   for (const stats of map3.values()) {
@@ -62709,7 +62715,7 @@ async function applySkillUsageFeedback(directory, options) {
   try {
     const allEntries = readSkillUsageEntries(directory);
     const actionable = allEntries.filter((e) => {
-      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violation") {
+      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violated") {
         return false;
       }
       if (options?.sinceTimestamp && e.timestamp <= options.sinceTimestamp) {
@@ -62735,7 +62741,7 @@ async function applySkillUsageFeedback(directory, options) {
       for (const entry of entries) {
         if (entry.complianceVerdict === "compliant")
           compliantCount++;
-        else if (entry.complianceVerdict === "violation")
+        else if (entry.complianceVerdict === "violated")
           violationCount++;
       }
       if (compliantCount === 0 && violationCount === 0)
@@ -62819,7 +62825,7 @@ async function autoRetireSkills(directory, curatorKnowledgePath, excludeSlugs) {
           return true;
         return false;
       });
-      const violations = skillUsage.filter((e) => e.complianceVerdict === "violation").length;
+      const violations = skillUsage.filter((e) => e.complianceVerdict === "violated").length;
       const violationRate = skillUsage.length > 0 ? violations / skillUsage.length : 0;
       let allArchived = false;
       try {
@@ -63484,7 +63490,7 @@ ${phaseDigest.summary}`,
         });
         if (skillUsage.length === 0)
           continue;
-        const violations = skillUsage.filter((e) => e.complianceVerdict === "violation").length;
+        const violations = skillUsage.filter((e) => e.complianceVerdict === "violated").length;
         const violationRate = violations / skillUsage.length;
         if (violationRate > REVISION_VIOLATION_THRESHOLD && violationRate <= 0.3) {
           const content = await _internals27.readFileAsync(active.path, "utf-8");
@@ -63492,7 +63498,7 @@ ${phaseDigest.summary}`,
           if (fm && fm.skillOrigin === "promoted_external")
             continue;
           const currentVersion = fm?.version ?? 1;
-          const violationContexts = skillUsage.filter((e) => e.complianceVerdict === "violation").slice(-10).map((e) => ({
+          const violationContexts = skillUsage.filter((e) => e.complianceVerdict === "violated").slice(-10).map((e) => ({
             taskId: e.taskID,
             agent: e.agentName,
             verdict: e.complianceVerdict,
@@ -75193,8 +75199,8 @@ var init_history = __esm(() => {
   init_history_service();
 });
 
-// src/commands/pr-ref.ts
-import { execSync as execSync2 } from "node:child_process";
+// src/commands/_shared/url-security.ts
+import { spawnSync as spawnSync8 } from "node:child_process";
 function sanitizeUrl(raw) {
   let urlStr = raw.trim();
   urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
@@ -75212,13 +75218,29 @@ function sanitizeUrl(raw) {
   }
   return urlStr.trim();
 }
-function sanitizeInstructions(raw) {
-  const collapsed = raw.replace(/\s+/g, " ").trim();
-  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const normalized = stripped.replace(/\s+/g, " ").trim();
-  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
-    return normalized;
-  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}…`;
+function sanitizeErrorEcho(raw, maxLength = 80) {
+  let stripped = "";
+  for (const ch of raw) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      stripped += " ";
+      continue;
+    }
+    stripped += ch;
+  }
+  const collapsed = stripped.replace(/\s+/g, " ").trim();
+  if (collapsed.length <= maxLength)
+    return collapsed;
+  return `${collapsed.slice(0, maxLength)}…`;
+}
+function containsControlCharacters(value) {
+  for (const ch of value) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      return true;
+    }
+  }
+  return false;
 }
 function hasNonAsciiHostname(hostname5) {
   for (const ch of hostname5) {
@@ -75228,31 +75250,38 @@ function hasNonAsciiHostname(hostname5) {
   }
   return false;
 }
+function isIpv4MappedPrivateHost(inner) {
+  if (IPV4_PRIVATE.test(inner) || IPV4_LOOPBACK.test(inner) || IPV4_LINK_LOCAL.test(inner) || IPV4_PRIVATE_172.test(inner) || IPV4_PRIVATE_192.test(inner) || IPV4_ZERO_NETWORK.test(inner)) {
+    return true;
+  }
+  const firstSegment = inner.split(":", 1)[0];
+  if (!firstSegment)
+    return false;
+  const firstWord = Number.parseInt(firstSegment, 16);
+  if (!Number.isFinite(firstWord))
+    return false;
+  return firstWord >= 0 && firstWord <= 255 || firstWord >= 2560 && firstWord <= 2815 || firstWord >= 32512 && firstWord <= 32767 || firstWord === 43518 || firstWord >= 44048 && firstWord <= 44063 || firstWord === 49320;
+}
 function isPrivateHost(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
+  const host = url3.hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host === "::1" || host === "0.0.0.0" || IPV4_LOOPBACK.test(host) || IPV4_ZERO_NETWORK.test(host)) {
     return true;
   }
   if (host.startsWith("localhost") || host === "localhost.com") {
     return true;
   }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
+  if (IPV4_PRIVATE.test(host) || IPV4_LINK_LOCAL.test(host) || IPV4_PRIVATE_172.test(host) || IPV4_PRIVATE_192.test(host) || IPV6_LINK_LOCAL.test(host) || IPV6_UNIQUE_LOCAL.test(host)) {
     return true;
   }
   if (host.startsWith("::ffff:")) {
     const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
+    if (isIpv4MappedPrivateHost(inner)) {
       return true;
     }
   }
   return false;
 }
-function validateAndSanitizeUrl(rawUrl) {
+function validateAndSanitizeGithubUrl(rawUrl, resource) {
   const sanitized = sanitizeUrl(rawUrl);
   if (!sanitized) {
     return { error: "Empty URL" };
@@ -75268,10 +75297,10 @@ function validateAndSanitizeUrl(rawUrl) {
     if (isPrivateHost(url3)) {
       return { error: "Private or localhost URLs are not allowed" };
     }
-    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
-    if (!githubPrPattern.test(sanitized)) {
+    const githubPattern = new RegExp(`^https:\\/\\/github\\.com\\/([^/]+)\\/([^/]+)\\/${resource}\\/([0-9]+)\\/?$`);
+    if (!githubPattern.test(sanitized)) {
       return {
-        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
+        error: resource === "issues" ? "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)" : "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
       };
     }
     return { sanitized };
@@ -75279,50 +75308,18 @@ function validateAndSanitizeUrl(rawUrl) {
     return { error: "Invalid URL format" };
   }
 }
-function parsePrRef(input, cwd) {
-  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
-  if (urlMatch) {
-    return {
-      owner: urlMatch[1],
-      repo: urlMatch[2],
-      number: parseInt(urlMatch[3], 10)
-    };
-  }
-  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
-  if (shorthandMatch) {
-    return {
-      owner: shorthandMatch[1],
-      repo: shorthandMatch[2],
-      number: parseInt(shorthandMatch[3], 10)
-    };
-  }
-  const bareMatch = input.match(/^(\d+)$/);
-  if (bareMatch) {
-    const prNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote(cwd);
-    if (!remoteUrl) {
-      return null;
-    }
-    const parsed = parseGitRemoteUrl(remoteUrl);
-    if (!parsed) {
-      return null;
-    }
-    return {
-      owner: parsed.owner,
-      repo: parsed.repo,
-      number: prNumber
-    };
-  }
-  return null;
-}
 function detectGitRemote(cwd) {
   try {
-    const remoteUrl = _internals39.execSync("git remote get-url origin", {
+    const result = _internals39.spawnSync("git", ["remote", "get-url", "origin"], {
       encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
+      stdio: ["ignore", "pipe", "pipe"],
       timeout: 5000,
       ...cwd ? { cwd } : {}
-    }).trim();
+    });
+    if (result.status !== 0 || result.error) {
+      return null;
+    }
+    const remoteUrl = (result.stdout ?? "").trim();
     return remoteUrl || null;
   } catch {
     return null;
@@ -75331,123 +75328,49 @@ function detectGitRemote(cwd) {
 function parseGitRemoteUrl(remoteUrl) {
   const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
   if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
+    const owner = httpsMatch[1];
+    const repo = httpsMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
   if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
+    const owner = sshMatch[1];
+    const repo = sshMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
   if (pathMatch) {
-    return {
-      owner: pathMatch[1],
-      repo: pathMatch[2].replace(/\.git$/, "")
-    };
+    const owner = pathMatch[1];
+    const repo = pathMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   return null;
 }
-function looksLikePrRef(token) {
-  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
-}
-function resolvePrCommandInput(rest, cwd) {
-  if (rest.length === 0) {
-    return null;
-  }
-  const refToken = rest[0];
-  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
-  const isFullUrl = /^https?:\/\//i.test(refToken);
-  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
-  if (!prInfo) {
-    return { error: `Could not parse PR reference from "${refToken}"` };
-  }
-  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
-  const result = validateAndSanitizeUrl(prUrl);
-  if ("error" in result) {
-    return { error: result.error };
-  }
-  return { prUrl: result.sanitized, instructions };
-}
-var _internals39, MAX_URL_LEN = 2048, MAX_INSTRUCTIONS_LEN = 1000;
-var init_pr_ref = __esm(() => {
-  _internals39 = { execSync: execSync2 };
+var MAX_URL_LEN = 2048, IPV4_PRIVATE, IPV4_LOOPBACK, IPV4_LINK_LOCAL, IPV4_PRIVATE_172, IPV4_PRIVATE_192, IPV4_ZERO_NETWORK, IPV6_LINK_LOCAL, IPV6_UNIQUE_LOCAL, _internals39;
+var init_url_security = __esm(() => {
+  IPV4_PRIVATE = /^10\./;
+  IPV4_LOOPBACK = /^127\./;
+  IPV4_LINK_LOCAL = /^169\.254\./;
+  IPV4_PRIVATE_172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
+  IPV4_PRIVATE_192 = /^192\.168\./;
+  IPV4_ZERO_NETWORK = /^0\./;
+  IPV6_LINK_LOCAL = /^fe80:/i;
+  IPV6_UNIQUE_LOCAL = /^f[cd][0-9a-f]{2}:/i;
+  _internals39 = { spawnSync: spawnSync8 };
 });
 
 // src/commands/issue.ts
-import { execSync as execSync3 } from "node:child_process";
-function sanitizeUrl2(raw) {
-  let urlStr = raw.trim();
-  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const fragmentIdx = urlStr.indexOf("#");
-  if (fragmentIdx !== -1) {
-    urlStr = urlStr.slice(0, fragmentIdx);
-  }
-  const queryIdx = urlStr.indexOf("?");
-  if (queryIdx !== -1) {
-    urlStr = urlStr.slice(0, queryIdx);
-  }
-  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
-  if (urlStr.length > MAX_URL_LEN2) {
-    urlStr = urlStr.slice(0, MAX_URL_LEN2);
-  }
-  return urlStr.trim();
-}
-function isPrivateHost2(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
-    return true;
-  }
-  if (host.startsWith("localhost") || host === "localhost.com") {
-    return true;
-  }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
-    return true;
-  }
-  if (host.startsWith("::ffff:")) {
-    const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
-      return true;
-    }
-  }
-  return false;
-}
-function validateAndSanitizeUrl2(rawUrl) {
-  const sanitized = sanitizeUrl2(rawUrl);
-  if (!sanitized) {
-    return { error: "Empty URL" };
-  }
-  if (!sanitized.startsWith("https://")) {
-    return { error: "URL must use HTTPS scheme" };
-  }
-  try {
-    const url3 = new URL(sanitized);
-    const hostname5 = url3.hostname;
-    if (/[\u0080-\u{10FFFF}]/u.test(hostname5)) {
-      return { error: "Non-ASCII hostnames are not allowed" };
-    }
-    if (isPrivateHost2(url3)) {
-      return { error: "Private or localhost URLs are not allowed" };
-    }
-    const githubIssuePattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/([0-9]+)\/?$/;
-    if (!githubIssuePattern.test(sanitized)) {
-      return {
-        error: "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)"
-      };
-    }
-    return { sanitized };
-  } catch {
-    return { error: "Invalid URL format" };
-  }
+function validateAndSanitizeUrl(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "issues");
 }
 function parseArgs6(args2) {
   const out2 = {
@@ -75474,9 +75397,12 @@ function parseArgs6(args2) {
   }
   return out2;
 }
-function parseIssueRef(input) {
+function parseIssueRef(input, directory) {
   const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/(\d+)\/?$/i);
   if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
     return {
       owner: urlMatch[1],
       repo: urlMatch[2],
@@ -75485,6 +75411,9 @@ function parseIssueRef(input) {
   }
   const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
   if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
     return {
       owner: shorthandMatch[1],
       repo: shorthandMatch[2],
@@ -75494,7 +75423,7 @@ function parseIssueRef(input) {
   const bareMatch = input.match(/^(\d+)$/);
   if (bareMatch) {
     const issueNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote2();
+    const remoteUrl = detectGitRemote(directory);
     if (!remoteUrl) {
       return null;
     }
@@ -75510,33 +75439,21 @@ function parseIssueRef(input) {
   }
   return null;
 }
-function detectGitRemote2() {
-  try {
-    const remoteUrl = execSync3("git remote get-url origin", {
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 5000
-    }).trim();
-    return remoteUrl || null;
-  } catch {
-    return null;
-  }
-}
-function handleIssueCommand(_directory, args2) {
+function handleIssueCommand(directory, args2) {
   const parsed = parseArgs6(args2);
   const rawInput = parsed.rest.join(" ").trim();
   if (!rawInput) {
     return USAGE6;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
-  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
+  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput, directory);
   if (!issueInfo) {
-    return `Error: Could not parse issue reference from "${rawInput}"
+    return `Error: Could not parse issue reference from "${sanitizeErrorEcho(rawInput)}"
 
 ${USAGE6}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
-  const result = validateAndSanitizeUrl2(issueUrl);
+  const result = validateAndSanitizeUrl(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
@@ -75552,9 +75469,9 @@ ${USAGE6}`;
   const flagsStr = flags2.length > 0 ? ` ${flags2.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN2 = 2048, USAGE6;
+var USAGE6;
 var init_issue = __esm(() => {
-  init_pr_ref();
+  init_url_security();
   USAGE6 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
@@ -80737,6 +80654,88 @@ var init_post_mortem = __esm(() => {
   init_curator_postmortem();
 });
 
+// src/commands/pr-ref.ts
+function sanitizeInstructions(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}…`;
+}
+function validateAndSanitizeUrl2(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "pull");
+}
+function parsePrRef(input, cwd) {
+  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
+  if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
+    return {
+      owner: urlMatch[1],
+      repo: urlMatch[2],
+      number: parseInt(urlMatch[3], 10)
+    };
+  }
+  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
+  if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
+    return {
+      owner: shorthandMatch[1],
+      repo: shorthandMatch[2],
+      number: parseInt(shorthandMatch[3], 10)
+    };
+  }
+  const bareMatch = input.match(/^(\d+)$/);
+  if (bareMatch) {
+    const prNumber = parseInt(bareMatch[1], 10);
+    const remoteUrl = detectGitRemote(cwd);
+    if (!remoteUrl) {
+      return null;
+    }
+    const parsed = parseGitRemoteUrl(remoteUrl);
+    if (!parsed) {
+      return null;
+    }
+    return {
+      owner: parsed.owner,
+      repo: parsed.repo,
+      number: prNumber
+    };
+  }
+  return null;
+}
+function looksLikePrRef(token) {
+  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
+}
+function resolvePrCommandInput(rest, cwd) {
+  if (rest.length === 0) {
+    return null;
+  }
+  const refToken = rest[0];
+  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
+  const isFullUrl = /^https?:\/\//i.test(refToken);
+  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
+  if (!prInfo) {
+    return {
+      error: `Could not parse PR reference from "${sanitizeErrorEcho(refToken)}"`
+    };
+  }
+  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
+  const result = validateAndSanitizeUrl2(prUrl);
+  if ("error" in result) {
+    return { error: result.error };
+  }
+  return { prUrl: result.sanitized, instructions };
+}
+var MAX_INSTRUCTIONS_LEN = 1000;
+var init_pr_ref = __esm(() => {
+  init_url_security();
+});
+
 // src/commands/pr-feedback.ts
 function handlePrFeedbackCommand(directory, args2) {
   const rest = args2.filter((t) => t.trim().length > 0);
@@ -127845,7 +127844,7 @@ import * as fs103 from "node:fs";
 import * as path156 from "node:path";
 
 // src/mutation/engine.ts
-import { spawnSync as spawnSync10 } from "node:child_process";
+import { spawnSync as spawnSync11 } from "node:child_process";
 import { unlinkSync as unlinkSync19, writeFileSync as writeFileSync27 } from "node:fs";
 import * as path155 from "node:path";
 
@@ -128023,7 +128022,7 @@ var _internals88 = {
   executeMutation,
   computeReport,
   executeMutationSuite,
-  spawnSync: spawnSync10
+  spawnSync: spawnSync11
 };
 async function executeMutation(patch, testCommand, testFiles, workingDir) {
   const startTime = Date.now();

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.73.2",
+	"version": "7.73.3",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",