ocak 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb7c3ddd6ff9b6dacc60c4ee6f3fabae90089eace4e457a28e824be15a901cda
-  data.tar.gz: c9b5a76e36361dddb4731fff6298388f0246421272923951f83fdcebde9e5d4b
+  metadata.gz: 21e35193d8d3fc3b9c24f7e75502749ce4f9a57352da20d9bb0c980c2191ad9a
+  data.tar.gz: 2204cd3797a57348f3a3742fa17385375050d8b66fe37d4bdb466a4f603f31dd
 SHA512:
-  metadata.gz: 9f37e6ad101953a378c73a1c76817e194386424174a87841d9f13321a4b465c5708ecb374f0526d2e2744bbcd19bd2473727ea288205dd731325ba80164fcec8
-  data.tar.gz: 18301a7948e7b979f7ee0daecd75369477ddbcd147d12d67305fdc55a7aeab44e371bd41859135f5c8105d5886ff49663f77cc61afaad9b9872a13581bac15f1
+  metadata.gz: 7fddde997f1ba1c8f5e5e9db9e3f6dc9281ac1db82743b651f72f658967fcefeca67b05c5e338dbbaad9be798adae10f24807d1fec3ddd9975e72daba853f709
+  data.tar.gz: 0d5f6f2f9e7300eb8b242e654296dd156192e4993976a40d0ebb050a1bf417e9b36e85f1b6b4f4e8e99cc1e375275be5175f6ef9489056c2dcc1d3025cffaa9e

data/README.md

@@ -1,6 +1,6 @@
 # Ocak
 
-*Ocak (pronounced "oh-JAHK") is Turkish for "forge" or "hearth" — the place where raw material meets fire and becomes something useful. Also: let 'em cook.*
+*Ocak (pronounced "oh-JAHK") is Turkish for "forge" or "hearth" - the place where raw material meets fire and becomes something useful. Also: let 'em cook.*
 
 Multi-agent pipeline that processes GitHub issues autonomously with Claude Code. You write an issue, label it, and ocak runs it through implement → review → fix → security review → document → audit → merge. Each issue gets its own worktree so they can run in parrallel.
 
@@ -83,8 +83,8 @@ stateDiagram-v2
 ### Complexity Classification
 
 The planner classifes each issue as `simple` or `full`:
-- **Simple** — skips security review, second fix pass, documenter, and auditor
-- **Full** — runs the whole thing
+- **Simple** - skips security review, second fix pass, documenter, and auditor
+- **Full** - runs the whole thing
 
 `--fast` forces all issues to `simple`, giving you: implement → review → fix (if needed) → verify (if fixed) → merge.
 
@@ -102,7 +102,7 @@ flowchart LR
     E --> F["Merger agent<br>create PR + merge"]
 ```
 
-Merging is sequential — one at a time — so you dont get conflicts between parallel worktrees.
+Merging is sequential - one at a time - so you dont get conflicts between parallel worktrees.
 
 ## Agents
 
@@ -119,7 +119,7 @@ Merging is sequential — one at a time — so you dont get conflicts between pa
 | **planner** | Batch issues, classify complexity | Read, Glob, Grep, Bash (read-only) | haiku |
 | **pipeline** | Self-contained single-agent mode | All tools | opus |
 
-Review agents (reviewer, security-reviewer, auditor) have no Write/Edit access — they can only read and report stuff back.
+Review agents (reviewer, security-reviewer, auditor) have no Write/Edit access - they can only read and report stuff back.
 
 ## Skills
 
@@ -128,13 +128,13 @@ Interactive skills for use inside Claude Code:
 | Skill | Description |
 |-------|-------------|
 | `/design [description]` | Researches your codebase, asks clarifying questions, produces a detailed implementation-ready issue |
-| `/audit [scope]` | Codebase sweep — scopes: `security`, `errors`, `patterns`, `tests`, `data`, `dependencies`, or `all` |
+| `/audit [scope]` | Codebase sweep - scopes: `security`, `errors`, `patterns`, `tests`, `data`, `dependencies`, or `all` |
 | `/scan-file <path>` | Deep single-file analysis with test coverage check, scored 1-10 per method |
 | `/debt` | Tech debt tracker with risk scoring (churn, coverage, suppressions, age, blast radius) |
 
 ## Modes
 
-### Full Pipeline — `ocak run`
+### Full Pipeline - `ocak run`
 
 The default. Polls for `auto-ready` issues, plans batches, runs the full step sequence in parallel worktrees, merges sequentally.
 
@@ -146,7 +146,7 @@ ocak run --audit --watch         # Auditor as merge gate
 ocak run --fast --watch          # Skip security/docs/audit steps
 ```
 
-### Fast Mode — `ocak hiz`
+### Fast Mode - `ocak hiz`
 
 Lightweight alternative for quick PRs you'll review youself:
 
@@ -186,11 +186,41 @@ ocak run 1 --watch
 
 Issues live in `.ocak/issues/0001.md`, `.ocak/issues/0002.md`, etc. Labels, complexity, and pipeline comments are all tracked in the file. Merging goes straight to main (no PRs) via `LocalMergeManager`.
 
+### Multi-Repo Mode
+
+Run issues across multiple repos from a single issue tracker. One "god repo" holds all the issues, agents run in worktrees of whatever repo the issue targets.
+
+Each issue specifies its target with YAML front-matter at the top of the body:
+
+```
+---
+target_repo: my-service
+---
+
+Actual issue description here...
+```
+
+Enable it in `ocak.yml`:
+
+```yaml
+multi_repo: true
+```
+
+Map repo names to local paths in `~/.config/ocak/config.yml`:
+
+```yaml
+repos:
+  my-service: ~/dev/my-service
+  other-thing: ~/dev/other-thing
+```
+
+Labels and comments stay on the god repo's issues. PRs get created in the target repo. Worktree isolation, parallel batches, sequential merging all work the same.
+
 ### Graceful Shutdown
 
-`Ctrl+C` once — current agent step finishes, then the pipeline stops. WIP gets committed, labels reset to `auto-ready`, and resume commands are printed.
+`Ctrl+C` once - current agent step finishes, then the pipeline stops. WIP gets committed, labels reset to `auto-ready`, and resume commands are printed.
 
-`Ctrl+C` twice — kills active subprocesses immediatley (SIGTERM → wait → SIGKILL), then same cleanup runs.
+`Ctrl+C` twice - kills active subprocesses immediatley (SIGTERM → wait → SIGKILL), then same cleanup runs.
 
 ```bash
 ocak resume 42 --watch  # Pick up from where it stopped
@@ -214,7 +244,7 @@ stack:
 
 # Issue backend (omit for GitHub, or set to "local" for offline mode)
 issues:
-  backend: github          # or "local" — auto-detected if .ocak/issues/ exists
+  backend: github          # or "local" - auto-detected if .ocak/issues/ exists
 
 # Pipeline settings
 pipeline:
@@ -241,7 +271,7 @@ labels:
   reready: "auto-reready"
   awaiting_review: "auto-pending-human"
 
-# Pipeline steps — add, remove, reorder as you like
+# Pipeline steps - add, remove, reorder as you like
 steps:
   - agent: implementer
     role: implement
@@ -276,6 +306,25 @@ agents:
   # ...
 ```
 
+### User Config
+
+`ocak init` scaffolds `~/.config/ocak/config.yml` (or `$XDG_CONFIG_HOME/ocak/config.yml`) for machine-specific settings. When both files exist, project `ocak.yml` wins on conflicts.
+
+```yaml
+# ~/.config/ocak/config.yml
+
+# Repo path mappings for multi-repo mode
+repos:
+  my-service: ~/dev/my-service
+
+# Machine-level overrides
+pipeline:
+  max_parallel: 3
+  cost_budget: 10.00
+```
+
+The `repos:` key only comes from user config so repo paths dont leak into project config.
+
 ## Customization
 
 ### Swap Agents
@@ -351,8 +400,8 @@ steps:
 | Python | Django, Flask, FastAPI | pytest | ruff, flake8 | bandit, safety |
 | Rust | Actix, Axum, Rocket | cargo test | cargo clippy | cargo audit |
 | Go | Gin, Echo, Fiber, Chi | go test | golangci-lint | gosec |
-| Java | — | gradle test | — | — |
-| Elixir | Phoenix | mix test | mix credo | — |
+| Java | - | gradle test | - | - |
+| Elixir | Phoenix | mix test | mix credo | - |
 
 Monorepo detection: npm/pnpm workspaces, Cargo workspaces, Go workspaces, Lerna, and convention-based (`packages/`, `apps/`, `services/`).
 
@@ -368,15 +417,15 @@ Shows per-run stats (cost, duration, steps completed, failures) and aggregates a
 
 ## Writing Good Issues
 
-The `/design` skill produces issues formatted for zero-context agents. Think of it as writing a ticket for a contractor who's never seen your codebase — everthing they need should be in the issue body. The key sections:
+The `/design` skill produces issues formatted for zero-context agents. Think of it as writing a ticket for a contractor who's never seen your codebase - everthing they need should be in the issue body. The key sections:
 
-- **Context** — what part of the system, with specific file paths
-- **Acceptance Criteria** — "when X, then Y" format, each independantly testable
-- **Implementation Guide** — exact files to create/modify
-- **Patterns to Follow** — references to actual files in the codebase
-- **Security Considerations** — auth, validation, data exposure
-- **Test Requirements** — specific test cases with file paths
-- **Out of Scope** — explicit boundaries so it doesnt scope creep
+- **Context** - what part of the system, with specific file paths
+- **Acceptance Criteria** - "when X, then Y" format, each independantly testable
+- **Implementation Guide** - exact files to create/modify
+- **Patterns to Follow** - references to actual files in the codebase
+- **Security Considerations** - auth, validation, data exposure
+- **Test Requirements** - specific test cases with file paths
+- **Out of Scope** - explicit boundaries so it doesnt scope creep
 
 ## CLI Reference
 
@@ -440,6 +489,10 @@ Depends on the issue. Simple stuff is $2-5, complex issues can be $10-15. The im
 
 Reasonably. Review agents are read-only (no Write/Edit tools), merging is sequential so you dont get conflicts, and failed piplines get labeled and logged. You can always `--dry-run` first to see what it would do.
 
+**Can I trust `ocak.yml` from someone else's repo?**
+
+Treat it like a Makefile. Commands in `test_command`, `lint_command`, `security_commands`, etc. run with your user privileges. First time you run ocak in a new repo it'll print a warning. Review the commands before running `ocak run` on repos you didnt write.
+
 **What if it breaks?**
 
 Issues get labeled `pipeline-failed` with a comment explaining what went wrong. Worktrees get cleaned up automaticaly. Run `ocak clean` to remove any stragglers, and check `logs/pipeline/` for detailed logs.

data/lib/ocak/agent_generator.rb

@@ -4,9 +4,12 @@ require 'erb'
 require 'fileutils'
 require 'open3'
 require_relative 'claude_runner'
+require_relative 'command_runner'
 
 module Ocak
   class AgentGenerator
+    include CommandRunner
+
     AGENT_TEMPLATES = %w[
       implementer reviewer security_reviewer documenter
       merger pipeline planner auditor
@@ -137,10 +140,14 @@ module Ocak
         You are customizing a Claude Code agent for a specific project.
 
         Here is the project context:
+        <project_context>
         #{context}
+        </project_context>
 
         Here is the base agent template:
+        <base_template>
         #{template_content}
+        </base_template>
 
         Customize this agent to reference this project's actual conventions, file paths,
         and patterns. Keep the same structure (YAML frontmatter + markdown). Keep the same
@@ -151,6 +158,7 @@ module Ocak
     end
 
     def claude_available?
+      # Uses Open3 directly; 'which' is not a git/gh command
       _, _, status = Open3.capture3('which', 'claude')
       status.success?
     rescue Errno::ENOENT => e
@@ -159,6 +167,7 @@ module Ocak
     end
 
     def run_claude_prompt(prompt)
+      # Uses Open3 directly; 'claude' is not a git/gh command
       stdout, _, status = Open3.capture3(
         'claude', '-p',
         '--output-format', 'text',

data/lib/ocak/batch_processing.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'target_resolver'
+
 module Ocak
   # Batch processing logic — process_issues, run_batch, process_one_issue, build_issue_result.
   # Extracted from PipelineRunner to reduce file size.
@@ -12,6 +14,8 @@ module Ocak
         ready_issues = ready_issues.first(@config.max_issues_per_run)
       end
 
+      ready_issues = resolve_targets(ready_issues, logger: logger) if @config.multi_repo?
+
       claude = build_claude(logger)
       batches = @executor.plan_batches(ready_issues, logger: logger, claude: claude)
 
@@ -29,10 +33,10 @@ module Ocak
     end
 
     def run_batch(batch_issues, logger:, issues:)
-      worktrees = WorktreeManager.new(config: @config, logger: logger)
+      shared_worktrees = @config.multi_repo? ? nil : WorktreeManager.new(config: @config, logger: logger)
 
       threads = batch_issues.map do |issue|
-        Thread.new { process_one_issue(issue, worktrees: worktrees, issues: issues) }
+        Thread.new { process_one_issue(issue, worktrees: shared_worktrees, issues: issues) }
       end
       results = threads.map(&:value)
 
@@ -47,7 +51,8 @@ module Ocak
         next unless result[:worktree]
         next if result[:interrupted]
 
-        worktrees.remove(result[:worktree])
+        worktree_manager_for(result[:worktree], shared: shared_worktrees, logger: logger)
+          .remove(result[:worktree])
       rescue StandardError => e
         logger.warn("Failed to clean worktree for ##{result[:issue_number]}: #{e.message}")
       end
@@ -65,8 +70,15 @@ module Ocak
       @active_mutex.synchronize do
         @active_issues << issue_number
       end
-      issues.transition(issue_number, from: @config.label_ready, to: @config.label_in_progress)
-      worktree = worktrees.create(issue_number, setup_command: @config.setup_command)
+      @state_machine.mark_in_progress(issue_number)
+
+      target = issue['_target']
+      worktree_mgr = if target
+                       WorktreeManager.new(config: @config, repo_dir: target[:path], logger: logger)
+                     else
+                       worktrees
+                     end
+      worktree = worktree_mgr.create(issue_number, setup_command: @config.setup_command)
       logger.info("Created worktree at #{worktree.path} (branch: #{worktree.branch})")
 
       complexity = @options[:fast] ? 'simple' : issue.fetch('complexity', 'full')
@@ -98,5 +110,23 @@ module Ocak
         { issue_number: issue_number, success: false, worktree: worktree }
       end
     end
+
+    def worktree_manager_for(worktree, shared:, logger:)
+      target = worktree.target_repo
+      return WorktreeManager.new(config: @config, repo_dir: target[:path], logger: logger) if target
+
+      shared || WorktreeManager.new(config: @config, logger: logger)
+    end
+
+    def resolve_targets(ready_issues, logger:)
+      ready_issues.filter_map do |issue|
+        target = TargetResolver.resolve(issue, config: @config)
+        issue['_target'] = target
+        issue
+      rescue TargetResolver::TargetResolutionError => e
+        logger.error("Skipping issue ##{issue['number']}: #{e.message}")
+        nil
+      end
+    end
   end
 end

data/lib/ocak/commands/hiz.rb

@@ -4,8 +4,10 @@ require 'open3'
 require 'securerandom'
 require_relative '../config'
 require_relative '../claude_runner'
+require_relative '../command_runner'
 require_relative '../git_utils'
 require_relative '../issue_backend'
+require_relative '../issue_state_machine'
 require_relative '../pipeline_executor'
 require_relative '../step_comments'
 require_relative '../logger'
@@ -14,6 +16,7 @@ module Ocak
   module Commands
     class Hiz < Dry::CLI::Command
       include StepComments
+      include CommandRunner
 
       desc 'Fast-mode: implement an issue with Sonnet, create a PR (no merge)'
 
@@ -44,6 +47,7 @@ module Ocak
         watch_formatter = options[:watch] ? WatchFormatter.new : nil
         claude = ClaudeRunner.new(config: @config, logger: logger, watch: watch_formatter)
         issues = IssueBackend.build(config: @config, logger: logger)
+        @state_machine = IssueStateMachine.new(config: @config, issues: issues)
 
         logger.info("=== Hiz (fast mode) for issue ##{issue_number} ===")
 
@@ -68,7 +72,7 @@ module Ocak
         start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
         chdir = @config.project_dir
 
-        issues.transition(issue_number, from: @config.label_ready, to: @config.label_in_progress)
+        @state_machine.mark_in_progress(issue_number)
         post_hiz_start_comment(issue_number, state: state)
         begin
           branch = create_branch(issue_number, chdir)
@@ -119,8 +123,8 @@ module Ocak
         branch = "hiz/issue-#{issue_number}-#{SecureRandom.hex(4)}"
         raise "Unsafe branch name: #{branch}" unless GitUtils.safe_branch_name?(branch)
 
-        _, stderr, status = Open3.capture3('git', 'checkout', '-b', branch, chdir: chdir)
-        raise "Failed to create branch #{branch}: #{stderr}" unless status.success?
+        result = run_git('checkout', '-b', branch, chdir: chdir)
+        raise "Failed to create branch #{branch}: #{result.error}" unless result.success?
 
         branch
       end
@@ -128,10 +132,10 @@ module Ocak
       def push_and_create_pr(issue_number, branch, logger:, chdir:, state:)
         commit_changes(issue_number, chdir, logger: logger)
 
-        _, stderr, status = Open3.capture3('git', 'push', '-u', 'origin', branch, chdir: chdir)
-        unless status.success?
-          logger.error("Push failed: #{stderr}")
-          handle_failure(issue_number, 'push', stderr, issues: state.issues, logger: logger, branch: branch)
+        push_result = run_git('push', '-u', 'origin', branch, chdir: chdir)
+        unless push_result.success?
+          logger.error("Push failed: #{push_result.error}")
+          handle_failure(issue_number, 'push', push_result.error, issues: state.issues, logger: logger, branch: branch)
           return
         end
 
@@ -140,21 +144,16 @@ module Ocak
         pr_title = issue_title ? "Fix ##{issue_number}: #{issue_title}" : "Fix ##{issue_number}"
         pr_body = build_pr_body(issue_number, state: state)
 
-        stdout, stderr, status = Open3.capture3(
-          'gh', 'pr', 'create',
-          '--title', pr_title,
-          '--body', pr_body,
-          '--head', branch,
-          chdir: chdir
-        )
+        pr_result = run_gh('pr', 'create', '--title', pr_title, '--body', pr_body, '--head', branch, chdir: chdir)
 
-        if status.success?
-          pr_url = stdout.strip
+        if pr_result.success?
+          pr_url = pr_result.output
           logger.info("PR created: #{pr_url}")
           puts "PR created: #{pr_url}"
         else
-          logger.error("PR creation failed: #{stderr}")
-          handle_failure(issue_number, 'pr-create', stderr, issues: state.issues, logger: logger, branch: branch)
+          logger.error("PR creation failed: #{pr_result.error}")
+          handle_failure(issue_number, 'pr-create', pr_result.error, issues: state.issues, logger: logger,
+                                                                     branch: branch)
         end
       end
 
@@ -185,7 +184,7 @@ module Ocak
 
       def handle_failure(issue_number, phase, output, issues:, logger:, branch: nil)
         logger.error("Issue ##{issue_number} failed at phase: #{phase}")
-        issues.transition(issue_number, from: @config.label_in_progress, to: @config.label_failed)
+        @state_machine.mark_failed(issue_number)
         begin
           sanitized = output.to_s[0..1000].gsub('```', "'''")
           issues.comment(issue_number,
@@ -200,8 +199,8 @@ module Ocak
       end
 
       def delete_branch(branch, logger:)
-        _, stderr, status = Open3.capture3('git', 'branch', '-D', branch, chdir: @config.project_dir)
-        logger.warn("Failed to delete branch #{branch}: #{stderr}") unless status.success?
+        result = run_git('branch', '-D', branch, chdir: @config.project_dir)
+        logger.warn("Failed to delete branch #{branch}: #{result.error}") unless result.success?
       rescue StandardError => e
         logger.warn("Error deleting branch #{branch}: #{e.message}")
       end

data/lib/ocak/commands/init.rb

@@ -35,6 +35,7 @@ module Ocak
         )
 
         generate_files(generator, project_dir, options)
+        scaffold_user_config
         update_settings(project_dir, stack)
         update_gitignore(project_dir)
         create_labels(project_dir)
@@ -83,6 +84,36 @@ module Ocak
         puts ''
       end
 
+      def scaffold_user_config
+        path = Config.user_config_path
+        if File.exist?(path)
+          puts "  #{path} already exists — skipping"
+          return
+        end
+
+        FileUtils.mkdir_p(File.dirname(path))
+        File.write(path, user_config_template)
+        puts "  Created #{path}"
+      end
+
+      def user_config_template
+        <<~YAML
+          # ~/.config/ocak/config.yml
+          # Machine-specific Ocak settings (not committed to any repo)
+
+          # Map repo names to local paths (used with multi_repo: true in project ocak.yml)
+          # repos:
+          #   my-gem: ~/dev/my-gem
+          #   other-gem: ~/dev/other-gem
+
+          # Pipeline tuning for this machine
+          # pipeline:
+          #   max_parallel: 3      # default: 5
+          #   poll_interval: 60    # seconds between polls, default: 60
+          #   cost_budget: 10.00   # max $ per pipeline run
+        YAML
+      end
+
       def update_settings(project_dir, stack)
         settings_path = File.join(project_dir, '.claude', 'settings.json')
         existing = begin
@@ -206,6 +237,7 @@ module Ocak
         end
         puts '  .claude/hooks/                     — lint + test hooks'
         puts '  .claude/settings.json              — permissions & hooks config'
+        puts "  #{Config.user_config_path}  — machine-specific settings (not committed)"
         puts ''
         puts 'Next steps:'
         puts '  1. Review ocak.yml and adjust settings'

data/lib/ocak/commands/resume.rb

@@ -3,6 +3,7 @@
 require_relative '../config'
 require_relative '../failure_reporting'
 require_relative '../git_utils'
+require_relative '../issue_state_machine'
 require_relative '../pipeline_runner'
 require_relative '../pipeline_state'
 require_relative '../claude_runner'
@@ -79,8 +80,9 @@ module Ocak
         watch_formatter = options[:watch] ? WatchFormatter.new : nil
         claude = ClaudeRunner.new(config: config, logger: logger, watch: watch_formatter)
         issues = IssueBackend.build(config: config, logger: logger)
+        state_machine = IssueStateMachine.new(config: config, issues: issues)
 
-        issues.transition(issue_number, from: config.label_failed, to: config.label_in_progress)
+        state_machine.mark_resuming(issue_number)
 
         runner = PipelineRunner.new(config: config, options: { watch: options[:watch] })
         result = runner.run_pipeline(issue_number,
@@ -88,7 +90,8 @@ module Ocak
                                      skip_steps: saved[:completed_steps])
 
         ctx = { config: config, issue_number: issue_number, saved: saved, chdir: chdir,
-                issues: issues, claude: claude, logger: logger, watch: watch_formatter }
+                issues: issues, state_machine: state_machine, claude: claude, logger: logger,
+                watch: watch_formatter }
         handle_result(result, ctx)
       end
 
@@ -110,12 +113,10 @@ module Ocak
         )
 
         if merger.merge(ctx[:issue_number], worktree)
-          ctx[:issues].transition(ctx[:issue_number], from: ctx[:config].label_in_progress,
-                                                      to: ctx[:config].label_completed)
+          ctx[:state_machine].mark_completed(ctx[:issue_number])
           puts "Issue ##{ctx[:issue_number]} resumed and merged successfully!"
         else
-          ctx[:issues].transition(ctx[:issue_number], from: ctx[:config].label_in_progress,
-                                                      to: ctx[:config].label_failed)
+          ctx[:state_machine].mark_failed(ctx[:issue_number])
           warn "Issue ##{ctx[:issue_number]} merge failed after resume"
         end
       end

data/lib/ocak/commands/status.rb

@@ -3,6 +3,7 @@
 require 'open3'
 require 'json'
 require_relative '../config'
+require_relative '../command_runner'
 require_relative '../issue_backend'
 require_relative '../run_report'
 require_relative '../worktree_manager'
@@ -10,6 +11,8 @@ require_relative '../worktree_manager'
 module Ocak
   module Commands
     class Status < Dry::CLI::Command
+      include CommandRunner
+
       desc 'Show pipeline status'
 
       option :report, type: :boolean, default: false, desc: 'Show run reports'
@@ -207,18 +210,12 @@ module Ocak
       end
 
       def fetch_issue_count(label, config)
-        stdout, _, status = Open3.capture3(
-          'gh', 'issue', 'list',
-          '--label', label,
-          '--state', 'open',
-          '--json', 'number',
-          '--limit', '100',
-          chdir: config.project_dir
-        )
-        return 0 unless status.success?
-
-        JSON.parse(stdout).size
-      rescue JSON::ParserError, Errno::ENOENT
+        result = run_gh('issue', 'list', '--label', label, '--state', 'open',
+                        '--json', 'number', '--limit', '100', chdir: config.project_dir)
+        return 0 unless result.success?
+
+        JSON.parse(result.stdout).size
+      rescue JSON::ParserError
         0
       end
 

data/lib/ocak/config.rb

@@ -5,14 +5,28 @@ require 'yaml'
 module Ocak
   class Config
     CONFIG_FILE = 'ocak.yml'
+    USER_CONFIG_DIR = 'ocak'
+    USER_CONFIG_FILE = 'config.yml'
 
     attr_reader :project_dir
 
+    def self.user_config_path
+      base = ENV.fetch('XDG_CONFIG_HOME', File.expand_path('~/.config'))
+      File.join(base, USER_CONFIG_DIR, USER_CONFIG_FILE)
+    end
+
     def self.load(dir = Dir.pwd)
       path = File.join(dir, CONFIG_FILE)
       raise ConfigNotFound, "No ocak.yml found in #{dir}. Run `ocak init` first." unless File.exist?(path)
 
-      new(YAML.safe_load_file(path, symbolize_names: true), dir)
+      project_data = YAML.safe_load_file(path, symbolize_names: true) || {}
+      user_data = load_user_config
+
+      merged = deep_merge(user_data, project_data)
+      # repos: is user-only — always take from user config, never project
+      merged[:repos] = user_data[:repos] if user_data[:repos]
+
+      new(merged, dir)
     end
 
     def initialize(data, project_dir = Dir.pwd)
@@ -51,6 +65,10 @@ module Ocak
       dig(:stack, :security_commands) || []
     end
 
+    def custom_commands?
+      !!(test_command || lint_command || format_command || setup_command || security_commands.any?)
+    end
+
     # Pipeline
     def max_parallel  = @overrides[:max_parallel] || dig(:pipeline, :max_parallel) || 5
     def poll_interval = @overrides[:poll_interval] || dig(:pipeline, :poll_interval) || 60
@@ -72,6 +90,33 @@ module Ocak
     def require_comment    = dig(:safety, :require_comment)
     def max_issues_per_run = dig(:safety, :max_issues_per_run) || 5
 
+    # Multi-repo
+    def repos
+      @data[:repos]
+    end
+
+    def multi_repo?
+      r = repos
+      r.is_a?(Hash) && !r.empty?
+    end
+
+    def target_field
+      dig(:target_field) || 'target_repo'
+    end
+
+    def resolve_repo(name)
+      raise ConfigError, 'No repos configured in ocak.yml' unless multi_repo?
+
+      key = name.to_sym
+      path_value = repos[key]
+      raise ConfigError, "Unknown repo '#{name}'. Known repos: #{repos.keys.join(', ')}" unless path_value
+
+      expanded = File.expand_path(path_value.to_s)
+      raise ConfigError, "Repo path does not exist: #{expanded}" unless Dir.exist?(expanded)
+
+      { name: name.to_s, path: expanded }
+    end
+
     # Issues
     def issue_backend = dig(:issues, :backend)
     def local_issues? = issue_backend == 'local'
@@ -136,5 +181,27 @@ module Ocak
 
     class ConfigNotFound < StandardError; end
     class ConfigError < StandardError; end
+
+    private_class_method def self.load_user_config
+      path = user_config_path
+      return {} unless File.exist?(path)
+
+      data = YAML.safe_load_file(path, symbolize_names: true)
+      raise ConfigError, "#{path} must be a YAML hash" unless data.is_a?(Hash) || data.nil?
+
+      data || {}
+    rescue Psych::SyntaxError => e
+      raise ConfigError, "Invalid YAML in #{path}: #{e.message}"
+    end
+
+    private_class_method def self.deep_merge(base, override)
+      base.merge(override) do |_key, old_val, new_val|
+        if old_val.is_a?(Hash) && new_val.is_a?(Hash)
+          deep_merge(old_val, new_val)
+        else
+          new_val
+        end
+      end
+    end
   end
 end