opencode-swarm 7.73.2 → 7.74.0

package/.opencode/skills/swarm-pr-feedback/SKILL.md

@@ -61,6 +61,25 @@ final state. Expect N rounds of review for N pushes, and budget for it.
 each round's work is bounded by new findings + carried-forward items only.
 This matches how the bot actually behaves and avoids wasted cycles.
 
+### Bot Review Verification Traps
+
+When a bot or pasted review cites a code fact, verify the fact against the
+current branch before editing:
+
+- **Import/export claims:** Check the exact import path used by the changed file.
+  A symbol may be missing from an internal submodule but correctly exported by the
+  public barrel the tests or runtime actually import.
+- **Line numbers:** Treat bot line references as approximate after any follow-up
+  push or local edit. Re-locate the symbol or block with `rg` before patching.
+- **Ordering claims:** If the concern is about rule precedence, add or run a
+  direct precedence test that would fail under the wrong ordering; comments alone
+  are not enough.
+- **Disproved findings:** Do not change unrelated code to satisfy a false claim.
+  Keep the finding in the closure ledger with the source or test evidence that
+  disproves it.
+- **Cache/state claims:** Test both relevant state orders when the behavior
+  depends on cache priming, singleton state, or prior calls.
+
 ## Operating Stance
 
 Treat every review comment, CI failure, bot summary, PR body claim, and pasted note

package/dist/cli/index.js

@@ -52,7 +52,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.73.2",
+    version: "7.74.0",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -14700,7 +14700,7 @@ var init_plan_schema = __esm(() => {
   init_zod();
   ExecutionProfileSchema = exports_external.object({
     parallelization_enabled: exports_external.boolean().default(false),
-    max_concurrent_tasks: exports_external.number().int().min(1).max(64).default(1),
+    max_concurrent_tasks: exports_external.number().int().min(1).max(64).default(10),
     council_parallel: exports_external.boolean().default(true),
     locked: exports_external.boolean().default(false),
     auto_proceed: exports_external.boolean().default(false)
@@ -40093,6 +40093,9 @@ import * as path19 from "path";
 function resolveLogPath(directory) {
   return validateSwarmPath(directory, "skill-usage.jsonl");
 }
+function normalizeComplianceVerdict(verdict) {
+  return verdict === "violation" ? "violated" : verdict;
+}
 function appendSkillUsageEntry(directory, entry) {
   const {
     skillPath,
@@ -40163,7 +40166,9 @@ function readSkillUsageEntries(directory, options) {
     if (!trimmed)
       continue;
     try {
-      entries.push(JSON.parse(trimmed));
+      const entry = JSON.parse(trimmed);
+      entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
+      entries.push(entry);
     } catch {}
   }
   if (!options)
@@ -40222,6 +40227,7 @@ function readSkillUsageEntriesTail(directory, filters, maxBytes = TAIL_BYTES_DEF
           continue;
         try {
           const entry = JSON.parse(line);
+          entry.complianceVerdict = normalizeComplianceVerdict(entry.complianceVerdict);
           if (filters.sessionID !== undefined && entry.sessionID !== filters.sessionID) {
             continue;
           }
@@ -40256,7 +40262,7 @@ function computeComplianceByVersion(entries, skillPath) {
     stats.total += 1;
     if (e.complianceVerdict === "compliant")
       stats.compliant += 1;
-    if (e.complianceVerdict === "violation")
+    if (e.complianceVerdict === "violated")
       stats.violation += 1;
   }
   for (const stats of map3.values()) {
@@ -40369,7 +40375,7 @@ async function applySkillUsageFeedback(directory, options) {
   try {
     const allEntries = readSkillUsageEntries(directory);
     const actionable = allEntries.filter((e) => {
-      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violation") {
+      if (e.complianceVerdict !== "compliant" && e.complianceVerdict !== "violated") {
         return false;
       }
       if (options?.sinceTimestamp && e.timestamp <= options.sinceTimestamp) {
@@ -40395,7 +40401,7 @@ async function applySkillUsageFeedback(directory, options) {
       for (const entry of entries) {
         if (entry.complianceVerdict === "compliant")
           compliantCount++;
-        else if (entry.complianceVerdict === "violation")
+        else if (entry.complianceVerdict === "violated")
           violationCount++;
       }
       if (compliantCount === 0 && violationCount === 0)
@@ -45184,7 +45190,7 @@ function buildStatusMessage(session, plan) {
   const overrideActive = session.maxConcurrencyOverride !== undefined;
   const configuredOverride = session.maxConcurrencyOverride ?? "absent";
   const hasPlan = plan !== null && plan !== undefined;
-  const planBaseline = hasPlan ? plan.execution_profile?.max_concurrent_tasks ?? 1 : 1;
+  const planBaseline = hasPlan ? plan.execution_profile?.max_concurrent_tasks ?? 10 : 10;
   const parallelizationEnabled = hasPlan ? plan.execution_profile?.parallelization_enabled ?? false : false;
   const operationalEffective = !parallelizationEnabled ? 1 : session.maxConcurrencyOverride ?? planBaseline;
   let description;
@@ -45213,8 +45219,8 @@ var init_concurrency = __esm(() => {
   init_state();
   PRESETS = {
     min: 1,
-    medium: 3,
-    max: 8
+    medium: 8,
+    max: 16
   };
 });
 
@@ -51472,8 +51478,8 @@ var init_history = __esm(() => {
   init_history_service();
 });
 
-// src/commands/pr-ref.ts
-import { execSync as execSync2 } from "child_process";
+// src/commands/_shared/url-security.ts
+import { spawnSync as spawnSync3 } from "child_process";
 function sanitizeUrl(raw) {
   let urlStr = raw.trim();
   urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
@@ -51491,13 +51497,29 @@ function sanitizeUrl(raw) {
   }
   return urlStr.trim();
 }
-function sanitizeInstructions(raw) {
-  const collapsed = raw.replace(/\s+/g, " ").trim();
-  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const normalized = stripped.replace(/\s+/g, " ").trim();
-  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
-    return normalized;
-  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
+function sanitizeErrorEcho(raw, maxLength = 80) {
+  let stripped = "";
+  for (const ch of raw) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      stripped += " ";
+      continue;
+    }
+    stripped += ch;
+  }
+  const collapsed = stripped.replace(/\s+/g, " ").trim();
+  if (collapsed.length <= maxLength)
+    return collapsed;
+  return `${collapsed.slice(0, maxLength)}\u2026`;
+}
+function containsControlCharacters(value) {
+  for (const ch of value) {
+    const cp = ch.codePointAt(0);
+    if (cp !== undefined && (cp <= 31 || cp === 127)) {
+      return true;
+    }
+  }
+  return false;
 }
 function hasNonAsciiHostname(hostname5) {
   for (const ch of hostname5) {
@@ -51507,31 +51529,38 @@ function hasNonAsciiHostname(hostname5) {
   }
   return false;
 }
+function isIpv4MappedPrivateHost(inner) {
+  if (IPV4_PRIVATE.test(inner) || IPV4_LOOPBACK.test(inner) || IPV4_LINK_LOCAL.test(inner) || IPV4_PRIVATE_172.test(inner) || IPV4_PRIVATE_192.test(inner) || IPV4_ZERO_NETWORK.test(inner)) {
+    return true;
+  }
+  const firstSegment = inner.split(":", 1)[0];
+  if (!firstSegment)
+    return false;
+  const firstWord = Number.parseInt(firstSegment, 16);
+  if (!Number.isFinite(firstWord))
+    return false;
+  return firstWord >= 0 && firstWord <= 255 || firstWord >= 2560 && firstWord <= 2815 || firstWord >= 32512 && firstWord <= 32767 || firstWord === 43518 || firstWord >= 44048 && firstWord <= 44063 || firstWord === 49320;
+}
 function isPrivateHost(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
+  const host = url3.hostname.toLowerCase().replace(/^\[|\]$/g, "");
+  if (host === "localhost" || host === "::1" || host === "0.0.0.0" || IPV4_LOOPBACK.test(host) || IPV4_ZERO_NETWORK.test(host)) {
     return true;
   }
   if (host.startsWith("localhost") || host === "localhost.com") {
     return true;
   }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
+  if (IPV4_PRIVATE.test(host) || IPV4_LINK_LOCAL.test(host) || IPV4_PRIVATE_172.test(host) || IPV4_PRIVATE_192.test(host) || IPV6_LINK_LOCAL.test(host) || IPV6_UNIQUE_LOCAL.test(host)) {
     return true;
   }
   if (host.startsWith("::ffff:")) {
     const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
+    if (isIpv4MappedPrivateHost(inner)) {
       return true;
     }
   }
   return false;
 }
-function validateAndSanitizeUrl(rawUrl) {
+function validateAndSanitizeGithubUrl(rawUrl, resource) {
   const sanitized = sanitizeUrl(rawUrl);
   if (!sanitized) {
     return { error: "Empty URL" };
@@ -51547,10 +51576,10 @@ function validateAndSanitizeUrl(rawUrl) {
     if (isPrivateHost(url3)) {
       return { error: "Private or localhost URLs are not allowed" };
     }
-    const githubPrPattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/([0-9]+)\/?$/;
-    if (!githubPrPattern.test(sanitized)) {
+    const githubPattern = new RegExp(`^https:\\/\\/github\\.com\\/([^/]+)\\/([^/]+)\\/${resource}\\/([0-9]+)\\/?$`);
+    if (!githubPattern.test(sanitized)) {
       return {
-        error: "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
+        error: resource === "issues" ? "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)" : "URL must be a GitHub pull request URL (https://github.com/owner/repo/pull/N)"
       };
     }
     return { sanitized };
@@ -51558,50 +51587,18 @@ function validateAndSanitizeUrl(rawUrl) {
     return { error: "Invalid URL format" };
   }
 }
-function parsePrRef(input, cwd) {
-  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
-  if (urlMatch) {
-    return {
-      owner: urlMatch[1],
-      repo: urlMatch[2],
-      number: parseInt(urlMatch[3], 10)
-    };
-  }
-  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
-  if (shorthandMatch) {
-    return {
-      owner: shorthandMatch[1],
-      repo: shorthandMatch[2],
-      number: parseInt(shorthandMatch[3], 10)
-    };
-  }
-  const bareMatch = input.match(/^(\d+)$/);
-  if (bareMatch) {
-    const prNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote(cwd);
-    if (!remoteUrl) {
-      return null;
-    }
-    const parsed = parseGitRemoteUrl(remoteUrl);
-    if (!parsed) {
-      return null;
-    }
-    return {
-      owner: parsed.owner,
-      repo: parsed.repo,
-      number: prNumber
-    };
-  }
-  return null;
-}
 function detectGitRemote(cwd) {
   try {
-    const remoteUrl = _internals28.execSync("git remote get-url origin", {
+    const result = _internals28.spawnSync("git", ["remote", "get-url", "origin"], {
       encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
+      stdio: ["ignore", "pipe", "pipe"],
       timeout: 5000,
       ...cwd ? { cwd } : {}
-    }).trim();
+    });
+    if (result.status !== 0 || result.error) {
+      return null;
+    }
+    const remoteUrl = (result.stdout ?? "").trim();
     return remoteUrl || null;
   } catch {
     return null;
@@ -51610,123 +51607,49 @@ function detectGitRemote(cwd) {
 function parseGitRemoteUrl(remoteUrl) {
   const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/i);
   if (httpsMatch) {
-    return {
-      owner: httpsMatch[1],
-      repo: httpsMatch[2].replace(/\.git$/, "")
-    };
+    const owner = httpsMatch[1];
+    const repo = httpsMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/i);
   if (sshMatch) {
-    return {
-      owner: sshMatch[1],
-      repo: sshMatch[2].replace(/\.git$/, "")
-    };
+    const owner = sshMatch[1];
+    const repo = sshMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   const pathMatch = remoteUrl.match(/\/([^/]+)\/([^/]+?)(?:\.git)?\/?$/);
   if (pathMatch) {
-    return {
-      owner: pathMatch[1],
-      repo: pathMatch[2].replace(/\.git$/, "")
-    };
+    const owner = pathMatch[1];
+    const repo = pathMatch[2].replace(/\.git$/, "");
+    if (containsControlCharacters(owner) || containsControlCharacters(repo)) {
+      return null;
+    }
+    return { owner, repo };
   }
   return null;
 }
-function looksLikePrRef(token) {
-  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
-}
-function resolvePrCommandInput(rest, cwd) {
-  if (rest.length === 0) {
-    return null;
-  }
-  const refToken = rest[0];
-  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
-  const isFullUrl = /^https?:\/\//i.test(refToken);
-  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
-  if (!prInfo) {
-    return { error: `Could not parse PR reference from "${refToken}"` };
-  }
-  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
-  const result = validateAndSanitizeUrl(prUrl);
-  if ("error" in result) {
-    return { error: result.error };
-  }
-  return { prUrl: result.sanitized, instructions };
-}
-var _internals28, MAX_URL_LEN = 2048, MAX_INSTRUCTIONS_LEN = 1000;
-var init_pr_ref = __esm(() => {
-  _internals28 = { execSync: execSync2 };
+var MAX_URL_LEN = 2048, IPV4_PRIVATE, IPV4_LOOPBACK, IPV4_LINK_LOCAL, IPV4_PRIVATE_172, IPV4_PRIVATE_192, IPV4_ZERO_NETWORK, IPV6_LINK_LOCAL, IPV6_UNIQUE_LOCAL, _internals28;
+var init_url_security = __esm(() => {
+  IPV4_PRIVATE = /^10\./;
+  IPV4_LOOPBACK = /^127\./;
+  IPV4_LINK_LOCAL = /^169\.254\./;
+  IPV4_PRIVATE_172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
+  IPV4_PRIVATE_192 = /^192\.168\./;
+  IPV4_ZERO_NETWORK = /^0\./;
+  IPV6_LINK_LOCAL = /^fe80:/i;
+  IPV6_UNIQUE_LOCAL = /^f[cd][0-9a-f]{2}:/i;
+  _internals28 = { spawnSync: spawnSync3 };
 });
 
 // src/commands/issue.ts
-import { execSync as execSync3 } from "child_process";
-function sanitizeUrl2(raw) {
-  let urlStr = raw.trim();
-  urlStr = urlStr.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
-  const fragmentIdx = urlStr.indexOf("#");
-  if (fragmentIdx !== -1) {
-    urlStr = urlStr.slice(0, fragmentIdx);
-  }
-  const queryIdx = urlStr.indexOf("?");
-  if (queryIdx !== -1) {
-    urlStr = urlStr.slice(0, queryIdx);
-  }
-  urlStr = urlStr.replace(/^[A-Za-z][A-Za-z0-9+.-]*:\/\/[^@/]+@/, "https://");
-  if (urlStr.length > MAX_URL_LEN2) {
-    urlStr = urlStr.slice(0, MAX_URL_LEN2);
-  }
-  return urlStr.trim();
-}
-function isPrivateHost2(url3) {
-  const host = url3.hostname.toLowerCase();
-  if (host === "localhost" || host === "127.0.0.1" || host === "::1" || host === "0.0.0.0") {
-    return true;
-  }
-  if (host.startsWith("localhost") || host === "localhost.com") {
-    return true;
-  }
-  const ipv4Private = /^10\./;
-  const ipv4172 = /^172\.(1[6-9]|2\d|3[0-1])\./;
-  const ipv4192 = /^192\.168\./;
-  const ipv6Private = /^fe80:/i;
-  const ipv6Unique = /^f[cd][0-9a-f]{2}:/i;
-  if (ipv4Private.test(host) || ipv4172.test(host) || ipv4192.test(host) || ipv6Private.test(host) || ipv6Unique.test(host)) {
-    return true;
-  }
-  if (host.startsWith("::ffff:")) {
-    const inner = host.slice(7);
-    if (ipv4Private.test(inner) || ipv4172.test(inner) || ipv4192.test(inner)) {
-      return true;
-    }
-  }
-  return false;
-}
-function validateAndSanitizeUrl2(rawUrl) {
-  const sanitized = sanitizeUrl2(rawUrl);
-  if (!sanitized) {
-    return { error: "Empty URL" };
-  }
-  if (!sanitized.startsWith("https://")) {
-    return { error: "URL must use HTTPS scheme" };
-  }
-  try {
-    const url3 = new URL(sanitized);
-    const hostname5 = url3.hostname;
-    if (/[\u0080-\u{10FFFF}]/u.test(hostname5)) {
-      return { error: "Non-ASCII hostnames are not allowed" };
-    }
-    if (isPrivateHost2(url3)) {
-      return { error: "Private or localhost URLs are not allowed" };
-    }
-    const githubIssuePattern = /^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/([0-9]+)\/?$/;
-    if (!githubIssuePattern.test(sanitized)) {
-      return {
-        error: "URL must be a GitHub issue URL (https://github.com/owner/repo/issues/N)"
-      };
-    }
-    return { sanitized };
-  } catch {
-    return { error: "Invalid URL format" };
-  }
+function validateAndSanitizeUrl(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "issues");
 }
 function parseArgs6(args) {
   const out = {
@@ -51753,9 +51676,12 @@ function parseArgs6(args) {
   }
   return out;
 }
-function parseIssueRef(input) {
+function parseIssueRef(input, directory) {
   const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/issues\/(\d+)\/?$/i);
   if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
     return {
       owner: urlMatch[1],
       repo: urlMatch[2],
@@ -51764,6 +51690,9 @@ function parseIssueRef(input) {
   }
   const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
   if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
     return {
       owner: shorthandMatch[1],
       repo: shorthandMatch[2],
@@ -51773,7 +51702,7 @@ function parseIssueRef(input) {
   const bareMatch = input.match(/^(\d+)$/);
   if (bareMatch) {
     const issueNumber = parseInt(bareMatch[1], 10);
-    const remoteUrl = detectGitRemote2();
+    const remoteUrl = detectGitRemote(directory);
     if (!remoteUrl) {
       return null;
     }
@@ -51789,33 +51718,21 @@ function parseIssueRef(input) {
   }
   return null;
 }
-function detectGitRemote2() {
-  try {
-    const remoteUrl = execSync3("git remote get-url origin", {
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 5000
-    }).trim();
-    return remoteUrl || null;
-  } catch {
-    return null;
-  }
-}
-function handleIssueCommand(_directory, args) {
+function handleIssueCommand(directory, args) {
   const parsed = parseArgs6(args);
   const rawInput = parsed.rest.join(" ").trim();
   if (!rawInput) {
     return USAGE6;
   }
   const isFullUrl = /^https?:\/\//i.test(rawInput);
-  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl2(rawInput) : rawInput);
+  const issueInfo = parseIssueRef(isFullUrl ? sanitizeUrl(rawInput) : rawInput, directory);
   if (!issueInfo) {
-    return `Error: Could not parse issue reference from "${rawInput}"
+    return `Error: Could not parse issue reference from "${sanitizeErrorEcho(rawInput)}"
 
 ${USAGE6}`;
   }
   const issueUrl = `https://github.com/${issueInfo.owner}/${issueInfo.repo}/issues/${issueInfo.number}`;
-  const result = validateAndSanitizeUrl2(issueUrl);
+  const result = validateAndSanitizeUrl(issueUrl);
   if ("error" in result) {
     return `Error: ${result.error}
 
@@ -51831,9 +51748,9 @@ ${USAGE6}`;
   const flagsStr = flags.length > 0 ? ` ${flags.join(" ")}` : "";
   return `[MODE: ISSUE_INGEST issue="${result.sanitized}"${flagsStr}]`;
 }
-var MAX_URL_LEN2 = 2048, USAGE6;
+var USAGE6;
 var init_issue = __esm(() => {
-  init_pr_ref();
+  init_url_security();
   USAGE6 = [
     "Usage: /swarm issue <url|owner/repo#N|N> [--plan] [--trace] [--no-repro]",
     "",
@@ -56025,6 +55942,88 @@ var init_post_mortem = __esm(() => {
   init_curator_postmortem();
 });
 
+// src/commands/pr-ref.ts
+function sanitizeInstructions(raw) {
+  const collapsed = raw.replace(/\s+/g, " ").trim();
+  const stripped = collapsed.replace(/\[\s*MODE\s*:[^\]]*\]/gi, "");
+  const normalized = stripped.replace(/\s+/g, " ").trim();
+  if (normalized.length <= MAX_INSTRUCTIONS_LEN)
+    return normalized;
+  return `${normalized.slice(0, MAX_INSTRUCTIONS_LEN)}\u2026`;
+}
+function validateAndSanitizeUrl2(rawUrl) {
+  return validateAndSanitizeGithubUrl(rawUrl, "pull");
+}
+function parsePrRef(input, cwd) {
+  const urlMatch = input.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i);
+  if (urlMatch) {
+    if (containsControlCharacters(urlMatch[1]) || containsControlCharacters(urlMatch[2])) {
+      return null;
+    }
+    return {
+      owner: urlMatch[1],
+      repo: urlMatch[2],
+      number: parseInt(urlMatch[3], 10)
+    };
+  }
+  const shorthandMatch = input.match(/^([^/]+)\/([^#]+)#(\d+)$/);
+  if (shorthandMatch) {
+    if (containsControlCharacters(shorthandMatch[1]) || containsControlCharacters(shorthandMatch[2])) {
+      return null;
+    }
+    return {
+      owner: shorthandMatch[1],
+      repo: shorthandMatch[2],
+      number: parseInt(shorthandMatch[3], 10)
+    };
+  }
+  const bareMatch = input.match(/^(\d+)$/);
+  if (bareMatch) {
+    const prNumber = parseInt(bareMatch[1], 10);
+    const remoteUrl = detectGitRemote(cwd);
+    if (!remoteUrl) {
+      return null;
+    }
+    const parsed = parseGitRemoteUrl(remoteUrl);
+    if (!parsed) {
+      return null;
+    }
+    return {
+      owner: parsed.owner,
+      repo: parsed.repo,
+      number: prNumber
+    };
+  }
+  return null;
+}
+function looksLikePrRef(token) {
+  return /^https?:\/\//i.test(token) || /^[^/]+\/[^#]+#\d+$/.test(token) || /^\d+$/.test(token);
+}
+function resolvePrCommandInput(rest, cwd) {
+  if (rest.length === 0) {
+    return null;
+  }
+  const refToken = rest[0];
+  const instructions = sanitizeInstructions(rest.slice(1).join(" "));
+  const isFullUrl = /^https?:\/\//i.test(refToken);
+  const prInfo = parsePrRef(isFullUrl ? sanitizeUrl(refToken) : refToken, cwd);
+  if (!prInfo) {
+    return {
+      error: `Could not parse PR reference from "${sanitizeErrorEcho(refToken)}"`
+    };
+  }
+  const prUrl = `https://github.com/${prInfo.owner}/${prInfo.repo}/pull/${prInfo.number}`;
+  const result = validateAndSanitizeUrl2(prUrl);
+  if ("error" in result) {
+    return { error: result.error };
+  }
+  return { prUrl: result.sanitized, instructions };
+}
+var MAX_INSTRUCTIONS_LEN = 1000;
+var init_pr_ref = __esm(() => {
+  init_url_security();
+});
+
 // src/commands/pr-feedback.ts
 function handlePrFeedbackCommand(directory, args) {
   const rest = args.filter((t) => t.trim().length > 0);

package/dist/commands/_shared/url-security.d.ts

@@ -0,0 +1,44 @@
+import { spawnSync } from 'node:child_process';
+export declare const MAX_URL_LEN = 2048;
+export type ValidationResult = {
+    sanitized: string;
+} | {
+    error: string;
+};
+/**
+ * File-scoped indirection seam for git remote lookups.
+ */
+export declare const _internals: {
+    spawnSync: typeof spawnSync;
+};
+/**
+ * Strip query strings, fragments, injected MODE headers, and credentials from
+ * a URL string.
+ */
+export declare function sanitizeUrl(raw: string): string;
+/**
+ * Strip control characters from user-visible error echoes and bound the result.
+ */
+export declare function sanitizeErrorEcho(raw: string, maxLength?: number): string;
+export declare function containsControlCharacters(value: string): boolean;
+export declare function isIpv4MappedPrivateHost(inner: string): boolean;
+/**
+ * Blocklist of private/localhost hostnames and IP ranges.
+ */
+export declare function isPrivateHost(url: URL): boolean;
+/**
+ * Validate and sanitize a GitHub URL for a specific resource kind.
+ */
+export declare function validateAndSanitizeGithubUrl(rawUrl: string, resource: 'issues' | 'pull'): ValidationResult;
+/**
+ * Detect the `origin` remote URL from git config.
+ */
+export declare function detectGitRemote(cwd?: string): string | null;
+/**
+ * Parse owner/repo from a git remote URL.
+ */
+export declare function parseGitRemoteUrl(remoteUrl: string): {
+    owner: string;
+    repo: string;
+} | null;
+export declare function isIPv4ZeroNetwork(host: string): boolean;

package/dist/commands/issue.d.ts

@@ -10,4 +10,4 @@
  *   --no-repro    → appends noRepro=true to emitted signal
  *   no args       → returns usage string (no throw)
  */
-export declare function handleIssueCommand(_directory: string, args: string[]): string;
+export declare function handleIssueCommand(directory: string, args: string[]): string;