opencode-swarm 7.98.0 → 7.98.1

package/dist/cli/{guardrail-explain-xdv74tfk.js → guardrail-explain-cm08h4mt.js}

@@ -1,8 +1,8 @@
 // @bun
 import {
   handleGuardrailExplain
-} from "./index-wmm21nsk.js";
-import"./index-pc10e4d7.js";
+} from "./index-0rgde8qc.js";
+import"./index-zgba613y.js";
 import"./index-5z2e78tv.js";
 import"./index-2a6ppa65.js";
 import"./index-fjxjb66n.js";

package/dist/cli/{index-wmm21nsk.js → index-0rgde8qc.js}

@@ -12,7 +12,7 @@ import {
   detectPosixWrites,
   detectWindowsWrites,
   resolveWriteTargets
-} from "./index-pc10e4d7.js";
+} from "./index-zgba613y.js";
 import {
   checkFileAuthority,
   classifyFile,

package/dist/cli/{index-h6h8qfsh.js → index-attgb1ma.js}

@@ -1,7 +1,7 @@
 // @bun
 import {
   handleGuardrailExplain
-} from "./index-wmm21nsk.js";
+} from "./index-0rgde8qc.js";
 import {
   handleGuardrailLog
 } from "./index-gnd1280x.js";
@@ -78,7 +78,7 @@ import {
   handleWriteRetroCommand,
   normalizeSwarmCommandInput,
   resolveCommand
-} from "./index-pc10e4d7.js";
+} from "./index-zgba613y.js";
 import"./index-5z2e78tv.js";
 import"./index-2a6ppa65.js";
 import"./index-fjxjb66n.js";

package/dist/cli/{index-pc10e4d7.js → index-zgba613y.js}

@@ -909,7 +909,7 @@ var init_executor = __esm(() => {
 // package.json
 var package_default = {
   name: "opencode-swarm",
-  version: "7.98.0",
+  version: "7.98.1",
   description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
   main: "dist/index.js",
   types: "dist/index.d.ts",
@@ -10193,48 +10193,49 @@ function recordSeenRetroSection(key, value, timestamp) {
 function hashContent(content) {
   return createHash3("sha1").update(content).digest("hex");
 }
-function isWriteToSwarmPlan(input) {
-  if (typeof input !== "object" || input === null)
-    return false;
-  const record = input;
-  const toolName = record.toolName;
-  if (typeof toolName !== "string")
-    return false;
-  if (!["write", "edit", "apply_patch", "swarm_apply_patch"].includes(toolName))
-    return false;
-  const rawPath = record.path;
-  const rawFile = record.file;
-  const pathField = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : undefined;
-  const fileField = typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : undefined;
-  if (typeof pathField === "string" && pathField.includes(".swarm/plan.md")) {
-    return true;
-  }
-  if (typeof fileField === "string" && fileField.includes(".swarm/plan.md")) {
-    return true;
-  }
-  return false;
-}
 function isWriteToEvidenceFile(input) {
-  if (typeof input !== "object" || input === null)
-    return false;
-  const record = input;
-  const toolName = record.toolName;
-  if (typeof toolName !== "string")
-    return false;
-  if (!["write", "edit", "apply_patch", "swarm_apply_patch"].includes(toolName))
+  const trigger = normalizeWriteTrigger(input);
+  return isEvidencePath(trigger?.filePath);
+}
+var WRITE_TOOLS = new Set([
+  "write",
+  "edit",
+  "apply_patch",
+  "swarm_apply_patch"
+]);
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function normalizePathField(value) {
+  return typeof value === "string" ? value.replace(/\\/g, "/") : null;
+}
+function firstPathFromRecord(record) {
+  return normalizePathField(record.path) ?? normalizePathField(record.filePath) ?? normalizePathField(record.file);
+}
+function normalizeWriteTrigger(input, output) {
+  if (!isRecord(input))
+    return null;
+  const toolName = typeof input.toolName === "string" ? input.toolName : typeof input.tool === "string" ? input.tool : null;
+  if (!toolName || !WRITE_TOOLS.has(toolName))
+    return null;
+  const inputArgs = isRecord(input.args) ? input.args : null;
+  const outputArgs = isRecord(output) && isRecord(output.args) ? output.args : null;
+  const filePath = firstPathFromRecord(input) ?? (inputArgs ? firstPathFromRecord(inputArgs) : null) ?? (outputArgs ? firstPathFromRecord(outputArgs) : null);
+  if (!filePath)
+    return null;
+  return {
+    toolName,
+    filePath,
+    sessionID: typeof input.sessionID === "string" ? input.sessionID : "default"
+  };
+}
+function isEvidencePath(filePath) {
+  if (!filePath)
     return false;
-  const rawPath = record.path;
-  const rawFile = record.file;
-  const pathField = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : undefined;
-  const fileField = typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : undefined;
-  const evidenceRegex = /\.swarm\/+evidence\/+/i;
-  if (typeof pathField === "string" && evidenceRegex.test(pathField)) {
-    return true;
-  }
-  if (typeof fileField === "string" && evidenceRegex.test(fileField)) {
-    return true;
-  }
-  return false;
+  return /(?:^|\/)\.swarm\/+evidence\//i.test(filePath);
+}
+function isPlanPath(filePath) {
+  return filePath?.includes(".swarm/plan.md") ?? false;
 }
 function extractRetrospectiveSection(planContent) {
   const headingRegex = /^###\s+Lessons\s+Learned$/m;
@@ -10941,24 +10942,22 @@ async function runAutoPromotion(directory, config) {
   }
 }
 function createKnowledgeCuratorHook(directory, config, options = {}) {
-  const handler = async (input, _output) => {
+  const handler = async (input, output) => {
     pruneSeenRetroSections();
     if (!config.enabled)
       return;
-    if (!isWriteToSwarmPlan(input) && !isWriteToEvidenceFile(input))
+    const trigger = normalizeWriteTrigger(input, output);
+    if (!trigger)
+      return;
+    const isPlanTrigger = isPlanPath(trigger.filePath);
+    const isEvidenceTrigger = isEvidencePath(trigger.filePath) && !isPlanTrigger;
+    if (!isPlanTrigger && !isEvidenceTrigger)
       return;
-    const sessionID = input?.sessionID ?? "default";
-    const isEvidenceTrigger = isWriteToEvidenceFile(input) && !isWriteToSwarmPlan(input);
     if (isEvidenceTrigger) {
-      const record = input;
-      const rawPath = record.path;
-      const rawFile = record.file;
-      const filePath = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : null;
-      if (!filePath)
-        return;
-      const evidenceKey = `evidence:${sessionID}:${filePath}`;
+      const relativeEvidencePath = trigger.filePath.replace(/^.*\.swarm\//, "");
+      const evidenceKey = `evidence:${trigger.sessionID}:${relativeEvidencePath}`;
       const lastSeenEvidence = seenRetroSections.get(evidenceKey);
-      const evidenceContent = await readSwarmFileAsync(directory, filePath.replace(/^.*\.swarm\//, ""));
+      const evidenceContent = await readSwarmFileAsync(directory, relativeEvidencePath);
       if (!evidenceContent)
         return;
       let evidenceData;
@@ -10986,7 +10985,7 @@ function createKnowledgeCuratorHook(directory, config, options = {}) {
       const projectName2 = evidenceData.project_name ?? "unknown";
       const phaseNumber2 = typeof evidenceData.phase_number === "number" ? evidenceData.phase_number : 1;
       await _internals17.curateAndStoreSwarm(lessons, projectName2, { phase_number: phaseNumber2 }, directory, config, {
-        llmDelegate: options.llmDelegateFactory?.(sessionID),
+        llmDelegate: options.llmDelegateFactory?.(trigger.sessionID),
         enrichmentQuota: options.enrichmentQuota
       });
       return;
@@ -10997,7 +10996,7 @@ function createKnowledgeCuratorHook(directory, config, options = {}) {
     const section = extractRetrospectiveSection(planContent);
     if (!section)
       return;
-    if (!checkRetroChanged(sessionID, section))
+    if (!checkRetroChanged(trigger.sessionID, section))
       return;
     const allLessons = extractLessonsFromRetro(section);
     if (allLessons.length === 0)
@@ -11011,7 +11010,7 @@ function createKnowledgeCuratorHook(directory, config, options = {}) {
     const phaseMatch = /^Phase:\s*(\d+)/m.exec(planContent);
     const phaseNumber = phaseMatch ? parseInt(phaseMatch[1], 10) : 1;
     await _internals17.curateAndStoreSwarm(normalLessons, projectName, { phase_number: phaseNumber }, directory, config, {
-      llmDelegate: options.llmDelegateFactory?.(sessionID),
+      llmDelegate: options.llmDelegateFactory?.(trigger.sessionID),
       enrichmentQuota: options.enrichmentQuota
     });
   };
@@ -31857,7 +31856,7 @@ function buildDetailedHelp(commandName, entry) {
 async function handleHelpCommand(ctx) {
   const targetCommand = ctx.args.join(" ");
   if (!targetCommand) {
-    const { buildHelpText } = await import("./index-h6h8qfsh.js");
+    const { buildHelpText } = await import("./index-attgb1ma.js");
     return buildHelpText();
   }
   const tokens = targetCommand.split(/\s+/);
@@ -31866,7 +31865,7 @@ async function handleHelpCommand(ctx) {
     return _internals45.buildDetailedHelp(resolved.key, resolved.entry);
   }
   const similar = _internals45.findSimilarCommands(targetCommand);
-  const { buildHelpText: fullHelp } = await import("./index-h6h8qfsh.js");
+  const { buildHelpText: fullHelp } = await import("./index-attgb1ma.js");
   if (similar.length > 0) {
     return `Command '/swarm ${targetCommand}' not found.
 
@@ -31999,7 +31998,7 @@ var COMMAND_REGISTRY = {
   },
   "guardrail explain": {
     handler: async (ctx) => {
-      const { handleGuardrailExplain } = await import("./guardrail-explain-xdv74tfk.js");
+      const { handleGuardrailExplain } = await import("./guardrail-explain-cm08h4mt.js");
       return handleGuardrailExplain(ctx.directory, ctx.args);
     },
     description: "Dry-run: show what the guardrails would do to a command or write target (executes nothing)",

package/dist/cli/index.js

@@ -7,7 +7,7 @@ import {
   getPluginLockFilePaths,
   package_default,
   resolveCommand
-} from "./index-pc10e4d7.js";
+} from "./index-zgba613y.js";
 import"./index-5z2e78tv.js";
 import"./index-2a6ppa65.js";
 import"./index-fjxjb66n.js";

package/dist/hooks/knowledge-curator.d.ts

@@ -21,6 +21,7 @@ declare function hashContent(content: string): string;
  * Exported for testing purposes only.
  */
 export declare function isWriteToEvidenceFile(input: unknown): boolean;
+export declare function isEvidencePath(filePath: string | undefined | null): boolean;
 /** Build the v3-schema enrichment prompt for a single prose lesson. */
 export declare function buildV3EnrichmentPrompt(lesson: string, category: string, tags: string[]): string;
 /**

package/dist/index.js

@@ -69,7 +69,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "opencode-swarm",
-    version: "7.98.0",
+    version: "7.98.1",
     description: "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
     main: "dist/index.js",
     types: "dist/index.d.ts",
@@ -70430,48 +70430,43 @@ function recordSeenRetroSection(key, value, timestamp) {
 function hashContent2(content) {
   return createHash9("sha1").update(content).digest("hex");
 }
-function isWriteToSwarmPlan(input) {
-  if (typeof input !== "object" || input === null)
-    return false;
-  const record3 = input;
-  const toolName = record3.toolName;
-  if (typeof toolName !== "string")
-    return false;
-  if (!["write", "edit", "apply_patch", "swarm_apply_patch"].includes(toolName))
-    return false;
-  const rawPath = record3.path;
-  const rawFile = record3.file;
-  const pathField = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : undefined;
-  const fileField = typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : undefined;
-  if (typeof pathField === "string" && pathField.includes(".swarm/plan.md")) {
-    return true;
-  }
-  if (typeof fileField === "string" && fileField.includes(".swarm/plan.md")) {
-    return true;
-  }
-  return false;
-}
 function isWriteToEvidenceFile(input) {
-  if (typeof input !== "object" || input === null)
-    return false;
-  const record3 = input;
-  const toolName = record3.toolName;
-  if (typeof toolName !== "string")
-    return false;
-  if (!["write", "edit", "apply_patch", "swarm_apply_patch"].includes(toolName))
+  const trigger = normalizeWriteTrigger(input);
+  return isEvidencePath(trigger?.filePath);
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function normalizePathField(value) {
+  return typeof value === "string" ? value.replace(/\\/g, "/") : null;
+}
+function firstPathFromRecord(record3) {
+  return normalizePathField(record3.path) ?? normalizePathField(record3.filePath) ?? normalizePathField(record3.file);
+}
+function normalizeWriteTrigger(input, output) {
+  if (!isRecord(input))
+    return null;
+  const toolName = typeof input.toolName === "string" ? input.toolName : typeof input.tool === "string" ? input.tool : null;
+  if (!toolName || !WRITE_TOOLS.has(toolName))
+    return null;
+  const inputArgs = isRecord(input.args) ? input.args : null;
+  const outputArgs = isRecord(output) && isRecord(output.args) ? output.args : null;
+  const filePath = firstPathFromRecord(input) ?? (inputArgs ? firstPathFromRecord(inputArgs) : null) ?? (outputArgs ? firstPathFromRecord(outputArgs) : null);
+  if (!filePath)
+    return null;
+  return {
+    toolName,
+    filePath,
+    sessionID: typeof input.sessionID === "string" ? input.sessionID : "default"
+  };
+}
+function isEvidencePath(filePath) {
+  if (!filePath)
     return false;
-  const rawPath = record3.path;
-  const rawFile = record3.file;
-  const pathField = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : undefined;
-  const fileField = typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : undefined;
-  const evidenceRegex = /\.swarm\/+evidence\/+/i;
-  if (typeof pathField === "string" && evidenceRegex.test(pathField)) {
-    return true;
-  }
-  if (typeof fileField === "string" && evidenceRegex.test(fileField)) {
-    return true;
-  }
-  return false;
+  return /(?:^|\/)\.swarm\/+evidence\//i.test(filePath);
+}
+function isPlanPath(filePath) {
+  return filePath?.includes(".swarm/plan.md") ?? false;
 }
 function extractRetrospectiveSection(planContent) {
   const headingRegex = /^###\s+Lessons\s+Learned$/m;
@@ -71153,24 +71148,22 @@ async function runAutoPromotion(directory, config3) {
   }
 }
 function createKnowledgeCuratorHook(directory, config3, options = {}) {
-  const handler = async (input, _output) => {
+  const handler = async (input, output) => {
     pruneSeenRetroSections();
     if (!config3.enabled)
       return;
-    if (!isWriteToSwarmPlan(input) && !isWriteToEvidenceFile(input))
+    const trigger = normalizeWriteTrigger(input, output);
+    if (!trigger)
+      return;
+    const isPlanTrigger = isPlanPath(trigger.filePath);
+    const isEvidenceTrigger = isEvidencePath(trigger.filePath) && !isPlanTrigger;
+    if (!isPlanTrigger && !isEvidenceTrigger)
       return;
-    const sessionID = input?.sessionID ?? "default";
-    const isEvidenceTrigger = isWriteToEvidenceFile(input) && !isWriteToSwarmPlan(input);
     if (isEvidenceTrigger) {
-      const record3 = input;
-      const rawPath = record3.path;
-      const rawFile = record3.file;
-      const filePath = typeof rawPath === "string" ? rawPath.replace(/\\/g, "/") : typeof rawFile === "string" ? rawFile.replace(/\\/g, "/") : null;
-      if (!filePath)
-        return;
-      const evidenceKey = `evidence:${sessionID}:${filePath}`;
+      const relativeEvidencePath = trigger.filePath.replace(/^.*\.swarm\//, "");
+      const evidenceKey = `evidence:${trigger.sessionID}:${relativeEvidencePath}`;
       const lastSeenEvidence = seenRetroSections.get(evidenceKey);
-      const evidenceContent = await readSwarmFileAsync(directory, filePath.replace(/^.*\.swarm\//, ""));
+      const evidenceContent = await readSwarmFileAsync(directory, relativeEvidencePath);
       if (!evidenceContent)
         return;
       let evidenceData;
@@ -71198,7 +71191,7 @@ function createKnowledgeCuratorHook(directory, config3, options = {}) {
       const projectName2 = evidenceData.project_name ?? "unknown";
       const phaseNumber2 = typeof evidenceData.phase_number === "number" ? evidenceData.phase_number : 1;
       await _internals35.curateAndStoreSwarm(lessons, projectName2, { phase_number: phaseNumber2 }, directory, config3, {
-        llmDelegate: options.llmDelegateFactory?.(sessionID),
+        llmDelegate: options.llmDelegateFactory?.(trigger.sessionID),
         enrichmentQuota: options.enrichmentQuota
       });
       return;
@@ -71209,7 +71202,7 @@ function createKnowledgeCuratorHook(directory, config3, options = {}) {
     const section = extractRetrospectiveSection(planContent);
     if (!section)
       return;
-    if (!checkRetroChanged(sessionID, section))
+    if (!checkRetroChanged(trigger.sessionID, section))
       return;
     const allLessons = extractLessonsFromRetro(section);
     if (allLessons.length === 0)
@@ -71223,13 +71216,13 @@ function createKnowledgeCuratorHook(directory, config3, options = {}) {
     const phaseMatch = /^Phase:\s*(\d+)/m.exec(planContent);
     const phaseNumber = phaseMatch ? parseInt(phaseMatch[1], 10) : 1;
     await _internals35.curateAndStoreSwarm(normalLessons, projectName, { phase_number: phaseNumber }, directory, config3, {
-      llmDelegate: options.llmDelegateFactory?.(sessionID),
+      llmDelegate: options.llmDelegateFactory?.(trigger.sessionID),
       enrichmentQuota: options.enrichmentQuota
     });
   };
   return safeHook(handler);
 }
-var seenRetroSections, MAX_TRACKED_RETRO_SECTIONS = 500, ENRICHMENT_ALLOWED_FIELDS, ENRICHMENT_LLM_TIMEOUT_MS = 60000, ENRICHMENT_BATCH_SIZE = 6, MESO_INSIGHT_BATCH_LIMIT = 20, KNOWLEDGE_CATEGORIES, OUTCOME_PROMOTION_BLOCK = -0.3, _internals35;
+var seenRetroSections, MAX_TRACKED_RETRO_SECTIONS = 500, WRITE_TOOLS, ENRICHMENT_ALLOWED_FIELDS, ENRICHMENT_LLM_TIMEOUT_MS = 60000, ENRICHMENT_BATCH_SIZE = 6, MESO_INSIGHT_BATCH_LIMIT = 20, KNOWLEDGE_CATEGORIES, OUTCOME_PROMOTION_BLOCK = -0.3, _internals35;
 var init_knowledge_curator = __esm(() => {
   init_skill_improver_quota();
   init_synonym_map();
@@ -71241,6 +71234,12 @@ var init_knowledge_curator = __esm(() => {
   init_micro_reflector();
   init_utils2();
   seenRetroSections = new Map;
+  WRITE_TOOLS = new Set([
+    "write",
+    "edit",
+    "apply_patch",
+    "swarm_apply_patch"
+  ]);
   ENRICHMENT_ALLOWED_FIELDS = [
     "triggers",
     "required_actions",
@@ -125232,7 +125231,7 @@ init_state2();
 init_delegation_gate();
 init_normalize_tool_name();
 import * as path154 from "node:path";
-var WRITE_TOOLS = new Set(WRITE_TOOL_NAMES);
+var WRITE_TOOLS2 = new Set(WRITE_TOOL_NAMES);
 function createScopeGuardHook(config3, directory, injectAdvisory) {
   const enabled = config3.enabled ?? true;
   const _skipInTurbo = config3.skip_in_turbo ?? false;
@@ -125241,7 +125240,7 @@ function createScopeGuardHook(config3, directory, injectAdvisory) {
       if (!enabled)
         return;
       const toolName = normalizeToolName(input.tool);
-      if (!WRITE_TOOLS.has(toolName))
+      if (!WRITE_TOOLS2.has(toolName))
         return;
       const sessionId = input.sessionID;
       const activeAgent = swarmState.activeAgent.get(sessionId);
@@ -135730,8 +135729,99 @@ function scanInvisibleFormatChars(text, fieldName) {
   }
   return findings;
 }
-function stripMarkdownCodeForUnsafeScan(text) {
-  return text.replace(/```[\s\S]*?```/g, " ").replace(/~~~[\s\S]*?~~~/g, " ").replace(/`[^`\n]*`/g, " ");
+var CODE_SPAN_OR_FENCE_REGEX = /```[\s\S]*?```|~~~[\s\S]*?~~~|`[^`\n]*`/g;
+var CODE_WARNING_ONLY_PATTERNS = new Set([
+  "backtick_execution",
+  "shell_substitution",
+  "disk_format",
+  "force_kill",
+  "process_group_kill",
+  "kill_all_processes"
+]);
+function splitMarkdownCodeSegments(text) {
+  const segments = [];
+  let cursor = 0;
+  for (const match of text.matchAll(CODE_SPAN_OR_FENCE_REGEX)) {
+    const index = match.index ?? 0;
+    if (index > cursor) {
+      segments.push({ value: text.slice(cursor, index), isCode: false });
+    }
+    segments.push({ value: match[0], isCode: true });
+    cursor = index + match[0].length;
+  }
+  if (cursor < text.length) {
+    segments.push({ value: text.slice(cursor), isCode: false });
+  }
+  return segments.length === 0 ? [{ value: text, isCode: false }] : segments;
+}
+function getUnsafeInstructionMetadata(name) {
+  const entry = UNSAFE_INSTRUCTION_PATTERNS.find((item) => item.name === name);
+  return {
+    description: entry?.description ?? "Destructive file removal command",
+    severity: entry?.severity ?? "error"
+  };
+}
+function tokenizeShellArgs(input) {
+  const tokens = [];
+  const tokenRegex = /"([^"\\]*(?:\\.[^"\\]*)*)"|'([^'\\]*(?:\\.[^'\\]*)*)'|[^\s]+/g;
+  for (const match of input.matchAll(tokenRegex)) {
+    const token = match[1] ?? match[2] ?? match[0];
+    if (token.length > 0)
+      tokens.push(token);
+  }
+  return tokens;
+}
+function rmFlagHasShortOption(token, option) {
+  return /^-[A-Za-z]+$/.test(token) && token.slice(1).includes(option);
+}
+function isRmOption(token) {
+  return token.startsWith("-") && token !== "-";
+}
+function isDangerousRemovalTarget(rawTarget) {
+  const target = rawTarget.replace(/\\/g, "/");
+  if (/^[A-Za-z]:[/\\]?$/.test(target))
+    return true;
+  return target === "/" || target === "/*" || target === "." || target === ".." || target.startsWith(".swarm") || target.startsWith("/.swarm") || target.startsWith("~") || target.startsWith("$") || target.startsWith("${") || target.startsWith("%") || target.startsWith("/home") || target.startsWith("/Users") || target.startsWith("/etc") || target.startsWith("/bin") || target.startsWith("/sbin") || target.startsWith("/usr") || target.startsWith("/var") || /^[A-Za-z]:\/(?:Users|Windows)(?:\/|$)/.test(target);
+}
+function findDangerousRemovalCommands(text) {
+  const commands = [];
+  const rmCommandRegex = /\b(?<sudo>sudo\s+)?rm\b(?<args>[^\r\n`;&|]*)/gi;
+  for (const match of text.matchAll(rmCommandRegex)) {
+    const args2 = tokenizeShellArgs(match.groups?.args ?? "");
+    const hasRecursive = args2.some((token) => token === "--recursive" || token === "-R" || rmFlagHasShortOption(token, "r") || rmFlagHasShortOption(token, "R"));
+    const hasForce = args2.some((token) => token === "--force" || token === "-f" || rmFlagHasShortOption(token, "f"));
+    if (!hasRecursive || !hasForce)
+      continue;
+    if (!args2.some((token) => !isRmOption(token) && isDangerousRemovalTarget(token))) {
+      continue;
+    }
+    const pattern = match.groups?.sudo === undefined ? "destructive_file_removal" : "privileged_file_removal";
+    commands.push({
+      pattern,
+      description: getUnsafeInstructionMetadata(pattern).description,
+      match: match[0].trim().slice(0, 100)
+    });
+  }
+  return commands;
+}
+function hasDangerousRemovalTarget(text) {
+  return findDangerousRemovalCommands(text).length > 0;
+}
+function shouldScanUnsafePatternInSegment(entry, segment) {
+  if (!segment.isCode)
+    return true;
+  if (CODE_WARNING_ONLY_PATTERNS.has(entry.name))
+    return false;
+  if (entry.name === "destructive_file_removal" || entry.name === "privileged_file_removal") {
+    return false;
+  }
+  return true;
+}
+function getUnsafeScanSegments(field, value) {
+  if (field !== "skill_body") {
+    return [{ value, isCode: false }];
+  }
+  return splitMarkdownCodeSegments(value);
 }
 function scanPromptInjection(candidate, trustLevel = "low") {
   const fields = extractCandidateFields(candidate);
@@ -135799,17 +135889,37 @@ function scanUnsafeInstructions(candidate, trustLevel = "low") {
   const fieldsScanned = [];
   for (const { field, value } of fields) {
     fieldsScanned.push(field);
-    const scanValue = field === "skill_body" ? stripMarkdownCodeForUnsafeScan(value) : value;
+    const scanSegments = getUnsafeScanSegments(field, value);
+    if (field === "skill_body") {
+      for (const segment of scanSegments) {
+        if (!segment.isCode)
+          continue;
+        for (const command of findDangerousRemovalCommands(segment.value)) {
+          findings.push({
+            pattern: command.pattern,
+            field,
+            description: command.description,
+            severity: "error",
+            match: command.match
+          });
+        }
+      }
+    }
     for (const entry of UNSAFE_INSTRUCTION_PATTERNS) {
-      const match = entry.pattern.exec(scanValue);
-      if (match !== null) {
-        findings.push({
-          pattern: entry.name,
-          field,
-          description: entry.description,
-          severity: entry.severity,
-          match: match[0].slice(0, 100)
-        });
+      for (const segment of scanSegments) {
+        if (!shouldScanUnsafePatternInSegment(entry, segment))
+          continue;
+        const match = entry.pattern.exec(segment.value);
+        if (match !== null) {
+          findings.push({
+            pattern: entry.name,
+            field,
+            description: entry.description,
+            severity: entry.severity,
+            match: match[0].slice(0, 100)
+          });
+          break;
+        }
       }
     }
   }
@@ -135973,7 +136083,9 @@ function evaluateCandidate(candidate, options) {
 var _internals103 = {
   getTimestamp: () => new Date().toISOString(),
   computeSha256: (content) => createHash21("sha256").update(content).digest("hex"),
-  stripMarkdownCodeForUnsafeScan
+  splitMarkdownCodeSegments,
+  hasDangerousRemovalTarget,
+  isDangerousRemovalTarget
 };
 
 // src/tools/external-skill-discover.ts

package/dist/services/external-skill-validator.d.ts

@@ -105,7 +105,13 @@ export declare const VALIDATION_RATE_LIMITS: {
     /** Timeout for individual fetch operations in milliseconds. */
     readonly fetch_timeout_ms: 30000;
 };
-declare function stripMarkdownCodeForUnsafeScan(text: string): string;
+interface MarkdownSegment {
+    value: string;
+    isCode: boolean;
+}
+declare function splitMarkdownCodeSegments(text: string): MarkdownSegment[];
+declare function isDangerousRemovalTarget(rawTarget: string): boolean;
+declare function hasDangerousRemovalTarget(text: string): boolean;
 /**
  * Scan an external skill candidate for prompt-injection patterns.
  *
@@ -158,6 +164,8 @@ export declare function evaluateCandidate(candidate: ExternalSkillCandidate, opt
 export declare const _internals: {
     getTimestamp: () => string;
     computeSha256: (content: string) => string;
-    stripMarkdownCodeForUnsafeScan: typeof stripMarkdownCodeForUnsafeScan;
+    splitMarkdownCodeSegments: typeof splitMarkdownCodeSegments;
+    hasDangerousRemovalTarget: typeof hasDangerousRemovalTarget;
+    isDangerousRemovalTarget: typeof isDangerousRemovalTarget;
 };
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "opencode-swarm",
-	"version": "7.98.0",
+	"version": "7.98.1",
 	"description": "Architect-centric agentic swarm plugin for OpenCode - hub-and-spoke orchestration with SME consultation, code generation, and QA review",
 	"main": "dist/index.js",
 	"types": "dist/index.d.ts",