AI wrote the PR. How do you know it actually works?

AI agents open a lot of pull requests now. Most are fine. Some quietly cheat to make the checks go green: they delete the failing test, weaken an assertion, wrap the broken call in an empty catch so the error disappears. The diff looks done. A reviewer skimming forty agent PRs a day will not catch that by eye.

swarm audit is a command-line tool that does. I maintain it. It runs three jobs on AI-written code, all offline, no API key.

1. Catch the cheat

Eleven checks read a pull-request diff and flag the shortcut patterns: a deleted test with no matching code change, a function renamed while its callers still use the old name, an error swallowed by an empty catch, a mock of a package that exists in no manifest, a type-checker suppression dropped over a changed line, and more.

The detection is measured, not asserted. Hide one known cheat in each of 300 real merged PRs, run the auditor, count the catches: 254, about 85%, reproducible with one command.