npm - @autoclawd/autoclawd - Versions diffs - 1.0.3 → 1.0.5 - Mend

@autoclawd/autoclawd 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -34,7 +34,9 @@ var LinearConfigSchema = z.object({
   inProgressStatus: z.string().default("In Progress")
 });
 var GitHubConfigSchema = z.object({
-  token: z.string()
+  token: z.string(),
+  autoMerge: z.boolean().default(false),
+  mergeMethod: z.enum(["merge", "squash", "rebase"]).default("squash")
 });
 var WebhookConfigSchema = z.object({
   port: z.number().default(3e3),
@@ -393,6 +395,10 @@ ${reason}`
 // src/github.ts
 import { Octokit } from "@octokit/rest";
+import { execSync } from "child_process";
+import { mkdtempSync, writeFileSync, rmSync } from "fs";
+import { join as join3 } from "path";
+import { tmpdir } from "os";
 function createOctokit(config) {
   return new Octokit({ auth: config.github.token });
 }
@@ -557,6 +563,144 @@ async function fetchFailedChecks(octokit, opts) {
   }
   return results;
 }
+async function enableAutoMerge(octokit, opts) {
+  return retry(async () => {
+    const { owner, repo } = parseRepoUrl(opts.repoUrl);
+    const { data: pr } = await octokit.rest.pulls.get({
+      owner,
+      repo,
+      pull_number: opts.prNumber
+    });
+    try {
+      await octokit.graphql(`
+        mutation EnableAutoMerge($prId: ID!, $mergeMethod: PullRequestMergeMethod!) {
+          enablePullRequestAutoMerge(input: {pullRequestId: $prId, mergeMethod: $mergeMethod}) {
+            pullRequest { autoMergeRequest { enabledAt } }
+          }
+        }
+      `, {
+        prId: pr.node_id,
+        mergeMethod: opts.mergeMethod ?? "SQUASH"
+      });
+      log.info(`Auto-merge enabled on PR #${opts.prNumber} (${opts.mergeMethod ?? "SQUASH"})`);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      const msgLower = msg.toLowerCase();
+      if (msgLower.includes("auto-merge") || msgLower.includes("not allowed") || msgLower.includes("branch protection") || msgLower.includes("protected branch")) {
+        log.warn(`Auto-merge not available on PR #${opts.prNumber}: ${msg}`);
+      } else {
+        throw err;
+      }
+    }
+  }, { label: "GitHub auto-merge", retryIf: isTransientError });
+}
+async function retargetPR(octokit, opts) {
+  return retry(async () => {
+    const { owner, repo } = parseRepoUrl(opts.repoUrl);
+    await octokit.rest.pulls.update({
+      owner,
+      repo,
+      pull_number: opts.prNumber,
+      base: opts.newBase
+    });
+    log.info(`Retargeted PR #${opts.prNumber} to base ${opts.newBase}`);
+  }, { label: "GitHub retarget", retryIf: isTransientError });
+}
+function createAskpass(githubToken) {
+  const dir = mkdtempSync(join3(tmpdir(), "autoclawd-rebase-"));
+  const path = join3(dir, "askpass.sh");
+  writeFileSync(path, `#!/bin/sh
+echo "${githubToken}"
+`, { mode: 448 });
+  return { dir, path };
+}
+function gitEnv(askpassPath) {
+  return { ...process.env, GIT_ASKPASS: askpassPath, GIT_TERMINAL_PROMPT: "0" };
+}
+function detectDefaultBranch(repoUrl, githubToken) {
+  const askpass = createAskpass(githubToken);
+  const authedUrl = repoUrl.replace("https://", "https://x-access-token@");
+  try {
+    const output = execSync(
+      `git ls-remote --symref -- ${authedUrl} HEAD`,
+      { stdio: "pipe", timeout: 3e4, env: gitEnv(askpass.path), encoding: "utf-8" }
+    );
+    const match = output.match(/ref:\s+refs\/heads\/(\S+)\s+HEAD/);
+    if (match) return match[1];
+  } catch {
+  } finally {
+    rmSync(askpass.dir, { recursive: true, force: true });
+  }
+  return "main";
+}
+async function rebaseStackedPRs(octokit, opts) {
+  const { owner, repo } = parseRepoUrl(opts.repoUrl);
+  const defaultBranch = detectDefaultBranch(opts.repoUrl, opts.githubToken);
+  const prefix = opts.branchPrefix ?? "autoclawd/";
+  const { data: openPRs } = await octokit.rest.pulls.list({
+    owner,
+    repo,
+    state: "open",
+    per_page: 100
+  });
+  const stackedPRs = openPRs.filter(
+    (pr) => pr.head.ref.startsWith(prefix) && pr.base.ref !== defaultBranch
+  );
+  if (stackedPRs.length === 0) return 0;
+  let rebased = 0;
+  for (const pr of stackedPRs) {
+    const baseBranch = pr.base.ref;
+    const { data: basePRs } = await octokit.rest.pulls.list({
+      owner,
+      repo,
+      head: `${owner}:${baseBranch}`,
+      state: "closed"
+    });
+    const mergedBasePR = basePRs.find((p) => p.merged_at !== null);
+    if (!mergedBasePR) {
+      log.debug(`PR #${pr.number}: base "${baseBranch}" not yet merged, skipping`);
+      continue;
+    }
+    log.info(`PR #${pr.number} ("${pr.title}"): base "${baseBranch}" was merged, rebasing onto ${defaultBranch}`);
+    const askpass = createAskpass(opts.githubToken);
+    const workDir = mkdtempSync(join3(tmpdir(), "autoclawd-rebase-"));
+    try {
+      const authedUrl = opts.repoUrl.replace("https://", "https://x-access-token@");
+      const env = gitEnv(askpass.path);
+      const run = (cmd) => execSync(cmd, { cwd: workDir, stdio: "pipe", timeout: 12e4, env, encoding: "utf-8" });
+      run(`git clone --no-tags -- ${authedUrl} .`);
+      run(`git checkout ${pr.head.ref}`);
+      run(`git fetch origin ${defaultBranch}`);
+      try {
+        run(`git rebase --onto origin/${defaultBranch} origin/${baseBranch}`);
+      } catch {
+        try {
+          run("git rebase --abort");
+        } catch {
+        }
+        log.warn(`PR #${pr.number}: rebase conflict, skipping (manual resolution needed)`);
+        continue;
+      }
+      run(`git config credential.helper '!f() { echo "password=${opts.githubToken}"; echo "username=x-access-token"; }; f'`);
+      run(`git push --force-with-lease origin ${pr.head.ref}`);
+      await retargetPR(octokit, {
+        repoUrl: opts.repoUrl,
+        prNumber: pr.number,
+        newBase: defaultBranch
+      });
+      log.success(`PR #${pr.number}: rebased onto ${defaultBranch} and retargeted`);
+      rebased++;
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      const safe = msg.replace(/x-access-token:[^\s@]+/g, "x-access-token:***");
+      log.error(`PR #${pr.number}: rebase failed: ${safe}`);
+    } finally {
+      rmSync(workDir, { recursive: true, force: true });
+      rmSync(askpass.dir, { recursive: true, force: true });
+    }
+  }
+  return rebased;
+}
 // src/webhook.ts
 import { createServer } from "http";
@@ -565,18 +709,123 @@ import { createHmac, timingSafeEqual } from "crypto";
 // src/docker.ts
 import Docker from "dockerode";
 import { PassThrough } from "stream";
-import { homedir as homedir3 } from "os";
-import { join as join3 } from "path";
+import { homedir as homedir3, platform } from "os";
+import { join as join4 } from "path";
 import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { execSync as execSync2 } from "child_process";
 var docker = new Docker();
+function sleep2(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+async function tryStartDocker() {
+  const os = platform();
+  if (os === "darwin") {
+    if (existsSync3("/Applications/Docker.app")) {
+      log.info("Docker not running \u2014 starting Docker Desktop...");
+      try {
+        execSync2("open -a Docker", { stdio: "pipe" });
+      } catch {
+        return false;
+      }
+    } else {
+      return false;
+    }
+  } else if (os === "linux") {
+    log.info("Docker not running \u2014 attempting to start...");
+    try {
+      execSync2("sudo systemctl start docker 2>/dev/null || sudo service docker start 2>/dev/null", {
+        stdio: "pipe",
+        timeout: 3e4
+      });
+    } catch {
+      return false;
+    }
+  } else {
+    return false;
+  }
+  for (let i = 0; i < 30; i++) {
+    await sleep2(1e3);
+    try {
+      await docker.ping();
+      log.success("Docker started");
+      return true;
+    } catch {
+    }
+    if (i > 0 && i % 5 === 0) {
+      log.info(`Waiting for Docker daemon... (${i}s)`);
+    }
+  }
+  return false;
+}
+async function tryInstallDocker() {
+  const os = platform();
+  if (os === "darwin") {
+    try {
+      execSync2("which brew", { stdio: "pipe" });
+    } catch {
+      log.warn("Docker not installed and Homebrew not found \u2014 cannot auto-install");
+      return false;
+    }
+    log.info("Docker not installed \u2014 installing via Homebrew (this may take a few minutes)...");
+    try {
+      execSync2("brew install --cask docker", { stdio: "inherit", timeout: 6e5 });
+      log.success("Docker Desktop installed");
+      return true;
+    } catch {
+      log.warn("Docker install via Homebrew failed");
+      return false;
+    }
+  } else if (os === "linux") {
+    const cmds = [
+      { check: "apt-get", install: "sudo apt-get update -qq && sudo apt-get install -y docker.io && sudo systemctl enable docker" },
+      { check: "dnf", install: "sudo dnf install -y docker && sudo systemctl enable docker" },
+      { check: "yum", install: "sudo yum install -y docker && sudo systemctl enable docker" },
+      { check: "pacman", install: "sudo pacman -Sy --noconfirm docker && sudo systemctl enable docker" }
+    ];
+    for (const { check, install } of cmds) {
+      try {
+        execSync2(`which ${check}`, { stdio: "pipe" });
+        log.info(`Docker not installed \u2014 installing via ${check}...`);
+        execSync2(install, { stdio: "inherit", timeout: 3e5 });
+        log.success("Docker installed");
+        return true;
+      } catch {
+      }
+    }
+    return false;
+  }
+  return false;
+}
 async function checkDockerAvailable() {
   try {
     await docker.ping();
-  } catch (err) {
+    return;
+  } catch {
+  }
+  const started = await tryStartDocker();
+  if (started) return;
+  let installed = false;
+  try {
+    execSync2("which docker", { stdio: "pipe" });
+    installed = true;
+  } catch {
+  }
+  if (installed) {
+    throw new Error(
+      "Docker is installed but the daemon is not running and could not be started automatically.\nStart it manually:\n" + (platform() === "darwin" ? "  open -a Docker\n" : "  sudo systemctl start docker\n")
+    );
+  }
+  const didInstall = await tryInstallDocker();
+  if (didInstall) {
+    const started2 = await tryStartDocker();
+    if (started2) return;
     throw new Error(
-      "Cannot connect to Docker daemon. Is Docker running?\nInstall: https://docs.docker.com/get-docker/"
+      "Docker was installed but could not be started.\n" + (platform() === "darwin" ? "Open Docker Desktop from Applications and try again.\n" : "Run: sudo systemctl start docker\n")
     );
   }
+  throw new Error(
+    "Docker is not installed and could not be auto-installed.\n" + (platform() === "darwin" ? "Install manually: brew install --cask docker\n" : "Install manually: https://docs.docker.com/get-docker/\n")
+  );
 }
 async function ensureImage(image) {
   try {
@@ -766,7 +1015,7 @@ async function copyClaudeCredentials(container) {
     "-c",
     "mkdir -p /home/autoclawd/.claude && chown autoclawd /home/autoclawd/.claude"
   ]);
-  const credFile = join3(home, ".claude", ".credentials.json");
+  const credFile = join4(home, ".claude", ".credentials.json");
   if (existsSync3(credFile)) {
     const content = readFileSync2(credFile, "utf-8");
     const b64 = Buffer.from(content).toString("base64");
@@ -777,7 +1026,7 @@ async function copyClaudeCredentials(container) {
     ]);
     log.debug("Copied .credentials.json");
   }
-  const settingsFile = join3(home, ".claude", "settings.json");
+  const settingsFile = join4(home, ".claude", "settings.json");
   if (existsSync3(settingsFile)) {
     const content = readFileSync2(settingsFile, "utf-8");
     const b64 = Buffer.from(content).toString("base64");
@@ -969,7 +1218,7 @@ async function runAgentLoop(opts) {
       }
       const waitMs = estimateResetMs(combined);
       log.ticket(ticketId, `Rate limited (${rateLimitRetries}/${MAX_RATE_LIMIT_RETRIES}) \u2014 pausing ${Math.round(waitMs / 1e3)}s`);
-      await sleep2(waitMs);
+      await sleep3(waitMs);
       i--;
       continue;
     }
@@ -980,7 +1229,7 @@ async function runAgentLoop(opts) {
   log.ticket(ticketId, `Max iterations (${agentConfig.maxIterations}) reached`);
   return { iterations: agentConfig.maxIterations, success: false, lastOutput };
 }
-function sleep2(ms) {
+function sleep3(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -1051,16 +1300,16 @@ async function commitAndPush(container, opts) {
 }
 // src/worker.ts
-import { mkdtempSync, rmSync, writeFileSync } from "fs";
-import { join as join5 } from "path";
-import { tmpdir } from "os";
-import { execSync } from "child_process";
+import { mkdtempSync as mkdtempSync2, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
+import { join as join6 } from "path";
+import { tmpdir as tmpdir2 } from "os";
+import { execSync as execSync3 } from "child_process";
 // src/db.ts
 import Database from "better-sqlite3";
-import { join as join4 } from "path";
+import { join as join5 } from "path";
 import { mkdirSync as mkdirSync2, existsSync as existsSync4 } from "fs";
-var DB_PATH = join4(CONFIG_DIR, "autoclawd.db");
+var DB_PATH = join5(CONFIG_DIR, "autoclawd.db");
 var _db;
 function getDb() {
   if (_db) return _db;
@@ -1138,6 +1387,10 @@ function isTicketProcessed(ticketId) {
   ).get(ticketId);
   return !!row;
 }
+function removeFromProcessed(ticketId) {
+  const db = getDb();
+  db.prepare("DELETE FROM runs WHERE id = ? AND status = 'failed'").run(ticketId);
+}
 function isTicketActive(ticketId) {
   const db = getDb();
   const row = db.prepare(
@@ -1223,75 +1476,75 @@ function assertSafeRef(name, label) {
     throw new Error(`Invalid ${label}: "${name}"`);
   }
 }
-function createAskpass(githubToken) {
-  const dir = mkdtempSync(join5(tmpdir(), "autoclawd-cred-"));
-  const path = join5(dir, "askpass.sh");
-  writeFileSync(path, `#!/bin/sh
+function createAskpass2(githubToken) {
+  const dir = mkdtempSync2(join6(tmpdir2(), "autoclawd-cred-"));
+  const path = join6(dir, "askpass.sh");
+  writeFileSync2(path, `#!/bin/sh
 echo "${githubToken}"
 `, { mode: 448 });
   return { dir, path };
 }
-function gitEnv(askpassPath) {
+function gitEnv2(askpassPath) {
   return { ...process.env, GIT_ASKPASS: askpassPath, GIT_TERMINAL_PROMPT: "0" };
 }
-function detectDefaultBranch(repoUrl, githubToken) {
-  const askpass = createAskpass(githubToken);
+function detectDefaultBranch2(repoUrl, githubToken) {
+  const askpass = createAskpass2(githubToken);
   const authedUrl = repoUrl.replace("https://", "https://x-access-token@");
   try {
-    const output = execSync(
+    const output = execSync3(
       `git ls-remote --symref -- ${authedUrl} HEAD`,
-      { stdio: "pipe", timeout: 3e4, env: gitEnv(askpass.path), encoding: "utf-8" }
+      { stdio: "pipe", timeout: 3e4, env: gitEnv2(askpass.path), encoding: "utf-8" }
     );
     const match = output.match(/ref:\s+refs\/heads\/(\S+)\s+HEAD/);
     if (match) return match[1];
   } catch {
   } finally {
-    rmSync(askpass.dir, { recursive: true, force: true });
+    rmSync2(askpass.dir, { recursive: true, force: true });
   }
   return "main";
 }
 async function pushScaffold(opts) {
-  const scaffoldDir = mkdtempSync(join5(tmpdir(), "autoclawd-scaffold-"));
-  const askpass = createAskpass(opts.githubToken);
+  const scaffoldDir = mkdtempSync2(join6(tmpdir2(), "autoclawd-scaffold-"));
+  const askpass = createAskpass2(opts.githubToken);
   try {
     const authedUrl = opts.repoUrl.replace("https://", "https://x-access-token@");
-    const env = gitEnv(askpass.path);
+    const env = gitEnv2(askpass.path);
     const readmeLines = [`# ${opts.ticketTitle}`];
     if (opts.ticketDescription) {
       readmeLines.push("", opts.ticketDescription);
     }
-    writeFileSync(join5(scaffoldDir, "README.md"), readmeLines.join("\n") + "\n");
-    writeFileSync(join5(scaffoldDir, ".autoclawd.yaml"), "base: main\n");
-    execSync("git init", { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync("git checkout -b main", { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync('git config user.email "autoclawd@users.noreply.github.com"', { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync('git config user.name "autoclawd"', { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync("git add .", { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync('git commit -m "chore: initial scaffold"', { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync(`git remote add origin ${authedUrl}`, { cwd: scaffoldDir, stdio: "pipe", env });
-    execSync("git push -u origin main", { cwd: scaffoldDir, stdio: "pipe", timeout: 6e4, env });
+    writeFileSync2(join6(scaffoldDir, "README.md"), readmeLines.join("\n") + "\n");
+    writeFileSync2(join6(scaffoldDir, ".autoclawd.yaml"), "base: main\n");
+    execSync3("git init", { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3("git checkout -b main", { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3('git config user.email "autoclawd@users.noreply.github.com"', { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3('git config user.name "autoclawd"', { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3("git add .", { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3('git commit -m "chore: initial scaffold"', { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3(`git remote add origin ${authedUrl}`, { cwd: scaffoldDir, stdio: "pipe", env });
+    execSync3("git push -u origin main", { cwd: scaffoldDir, stdio: "pipe", timeout: 6e4, env });
   } finally {
-    rmSync(scaffoldDir, { recursive: true, force: true });
-    rmSync(askpass.dir, { recursive: true, force: true });
+    rmSync2(scaffoldDir, { recursive: true, force: true });
+    rmSync2(askpass.dir, { recursive: true, force: true });
   }
 }
 async function cloneToTemp(repoUrl, baseBranch, githubToken) {
   assertSafeRef(baseBranch, "base branch");
   return retrySync(() => {
-    const workDir = mkdtempSync(join5(tmpdir(), "autoclawd-"));
-    const askpass = createAskpass(githubToken);
+    const workDir = mkdtempSync2(join6(tmpdir2(), "autoclawd-"));
+    const askpass = createAskpass2(githubToken);
     const authedUrl = repoUrl.replace("https://", "https://x-access-token@");
     try {
-      execSync(`git clone --depth=50 -b ${baseBranch} -- ${authedUrl} ${workDir}`, {
+      execSync3(`git clone --depth=50 -b ${baseBranch} -- ${authedUrl} ${workDir}`, {
         stdio: "pipe",
         timeout: 12e4,
-        env: gitEnv(askpass.path)
+        env: gitEnv2(askpass.path)
       });
     } catch (err) {
-      rmSync(workDir, { recursive: true, force: true });
+      rmSync2(workDir, { recursive: true, force: true });
       throw err;
     } finally {
-      rmSync(askpass.dir, { recursive: true, force: true });
+      rmSync2(askpass.dir, { recursive: true, force: true });
     }
     return workDir;
   }, { label: "git clone", retryIf: isTransientError });
@@ -1428,7 +1681,7 @@ async function executeTicket(opts) {
       });
       log.ticket(ticket.identifier, "Repo created, pushed scaffold");
     }
-    const detectedBase = repoCreated ? "main" : detectDefaultBranch(ticket.repoUrl, config.github.token);
+    const detectedBase = repoCreated ? "main" : detectDefaultBranch2(ticket.repoUrl, config.github.token);
     log.ticket(ticket.identifier, `Default branch: ${detectedBase}`);
     workDir = await cloneToTemp(ticket.repoUrl, detectedBase, config.github.token);
     log.ticket(ticket.identifier, "Cloned repo");
@@ -1442,10 +1695,24 @@ async function executeTicket(opts) {
       log.ticket(ticket.identifier, `Stacked on branch: ${ticket.baseBranch}`);
     }
     if (actualBase !== detectedBase) {
-      rmSync(workDir, { recursive: true, force: true });
-      workDir = await cloneToTemp(ticket.repoUrl, actualBase, config.github.token);
+      rmSync2(workDir, { recursive: true, force: true });
+      try {
+        workDir = await cloneToTemp(ticket.repoUrl, actualBase, config.github.token);
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        if (msg.includes("not found in upstream") || msg.includes("Could not find remote branch")) {
+          log.ticket(ticket.identifier, `Base branch "${actualBase}" not found \u2014 will retry later`);
+          return {
+            ticketId: ticket.identifier,
+            success: false,
+            error: `REQUEUE: base branch "${actualBase}" does not exist yet`,
+            iterations: 0
+          };
+        }
+        throw err;
+      }
     }
-    execSync(`git checkout -B ${branchName} --`, { cwd: workDir, stdio: "pipe" });
+    execSync3(`git checkout -B ${branchName} --`, { cwd: workDir, stdio: "pipe" });
     container = await createContainer({
       dockerConfig: docker2,
       workspacePath: workDir,
@@ -1520,6 +1787,10 @@ async function executeTicket(opts) {
       body: buildPRBody({ commitCount: gitResult.commitCount }),
       draft: hasValidation ? true : false
     });
+    if (!hasValidation && config.github.autoMerge) {
+      const method = config.github.mergeMethod.toUpperCase();
+      await enableAutoMerge(octokit, { repoUrl: ticket.repoUrl, prNumber: pr.number, mergeMethod: method });
+    }
     if (hasValidation) {
       let iterationsUsed = agentResult.iterations;
       let lastFailures = [];
@@ -1575,6 +1846,10 @@ async function executeTicket(opts) {
           prNumber: pr.number
         });
         log.ticket(ticket.identifier, "PR marked as ready for review");
+        if (config.github.autoMerge) {
+          const method = config.github.mergeMethod.toUpperCase();
+          await enableAutoMerge(octokit, { repoUrl: ticket.repoUrl, prNumber: pr.number, mergeMethod: method });
+        }
       }
     }
     await completeTicket(linearClient, config, ticket.id, `PR opened: ${pr.url}`);
@@ -1612,7 +1887,7 @@ async function executeTicket(opts) {
     }
     if (workDir) {
       try {
-        rmSync(workDir, { recursive: true, force: true });
+        rmSync2(workDir, { recursive: true, force: true });
       } catch {
       }
     }
@@ -1701,7 +1976,7 @@ async function fixPR(opts) {
     if (container) await destroyContainer(container);
     if (workDir) {
       try {
-        rmSync(workDir, { recursive: true, force: true });
+        rmSync2(workDir, { recursive: true, force: true });
       } catch {
       }
     }
@@ -1884,8 +2159,17 @@ var WebhookServer = class {
       linearClient: this.linearClient,
       octokit: this.octokit
     }).then(
-      () => {
-        finishRun(ticket.id, "success");
+      (result) => {
+        if (result.error?.startsWith("REQUEUE:")) {
+          log.ticket(ticket.identifier, "Re-queued (waiting for dependency branch)");
+          finishRun(ticket.id, "failed", result.error);
+          removeFromProcessed(ticket.id);
+          enqueue(ticket);
+        } else if (result.success) {
+          finishRun(ticket.id, "success");
+        } else {
+          finishRun(ticket.id, "failed", result.error);
+        }
       },
       (err) => {
         finishRun(ticket.id, "failed", err.message);
@@ -1966,6 +2250,8 @@ var Watcher = class {
   activeInMemory = /* @__PURE__ */ new Set();
   timer;
   stopped = false;
+  pollCount = 0;
+  rebaseRunning = false;
   async start(intervalSeconds, once) {
     getDb();
     this.resumeQueue();
@@ -2030,6 +2316,36 @@ var Watcher = class {
     } catch (err) {
       log.error(`Poll failed: ${err instanceof Error ? err.message : err}`);
     }
+    this.pollCount++;
+    if (this.pollCount % 5 === 0) {
+      void this.rebaseSweep();
+    }
+  }
+  async rebaseSweep() {
+    if (this.rebaseRunning) return;
+    this.rebaseRunning = true;
+    try {
+      const repos = this.config.safety.allowedRepos;
+      if (!repos || repos.length === 0) return;
+      for (const allowed of repos) {
+        const repoUrl = allowed.startsWith("https://") ? allowed : `https://github.com/${allowed}`;
+        if (!isRepoAllowed(repoUrl, repos)) continue;
+        try {
+          const count = await rebaseStackedPRs(this.octokit, {
+            repoUrl,
+            githubToken: this.config.github.token,
+            branchPrefix: this.config.safety.branchPrefix
+          });
+          if (count > 0) {
+            log.info(`Rebase sweep: rebased ${count} stacked PR(s) in ${allowed}`);
+          }
+        } catch (err) {
+          log.debug(`Rebase sweep failed for ${allowed}: ${err instanceof Error ? err.message : err}`);
+        }
+      }
+    } finally {
+      this.rebaseRunning = false;
+    }
   }
   isNewTicket(ticket) {
     if (this.activeInMemory.has(ticket.id)) return false;
@@ -2047,8 +2363,17 @@ var Watcher = class {
       linearClient: this.linearClient,
       octokit: this.octokit
     }).then(
-      () => {
-        finishRun(ticket.id, "success");
+      (result) => {
+        if (result.error?.startsWith("REQUEUE:")) {
+          log.ticket(ticket.identifier, "Re-queued (waiting for dependency branch)");
+          finishRun(ticket.id, "failed", result.error);
+          removeFromProcessed(ticket.id);
+          enqueue(ticket);
+        } else if (result.success) {
+          finishRun(ticket.id, "success");
+        } else {
+          finishRun(ticket.id, "failed", result.error);
+        }
       },
       (err) => {
         finishRun(ticket.id, "failed", err.message);
@@ -2082,11 +2407,11 @@ var Watcher = class {
 // src/history.ts
 import { readFileSync as readFileSync3, existsSync as existsSync5 } from "fs";
-import { join as join6 } from "path";
+import { join as join7 } from "path";
 import { homedir as homedir4 } from "os";
 import chalk2 from "chalk";
-var HISTORY_DIR = join6(homedir4(), ".autoclawd");
-var HISTORY_FILE = join6(HISTORY_DIR, "history.jsonl");
+var HISTORY_DIR = join7(homedir4(), ".autoclawd");
+var HISTORY_FILE = join7(HISTORY_DIR, "history.jsonl");
 function runToRecord(run) {
   return {
     ticketId: run.ticket_id,
@@ -2176,9 +2501,9 @@ function printHistoryTable(records) {
 }
 // src/deps.ts
-import { execSync as execSync2 } from "child_process";
+import { execSync as execSync4 } from "child_process";
 import { existsSync as existsSync6 } from "fs";
-import { join as join7 } from "path";
+import { join as join8 } from "path";
 import { homedir as homedir5 } from "os";
 function detectPackageManager() {
   const checks = [
@@ -2191,7 +2516,7 @@ function detectPackageManager() {
   ];
   for (const [name, cmd] of checks) {
     try {
-      execSync2(`which ${cmd}`, { stdio: "pipe" });
+      execSync4(`which ${cmd}`, { stdio: "pipe" });
       return name;
     } catch {
     }
@@ -2264,7 +2589,7 @@ function checkDeps() {
     },
     {
       name: "Claude credentials",
-      installed: existsSync6(join7(homedir5(), ".claude", ".credentials.json")),
+      installed: existsSync6(join8(homedir5(), ".claude", ".credentials.json")),
       installable: false,
       installCommands: [],
       manualInstructions: 'Run "claude" and complete the login flow'
@@ -2282,7 +2607,7 @@ function installDep(dep) {
   if (dep.installCommands.length === 0) return false;
   for (const cmd of dep.installCommands) {
     try {
-      execSync2(cmd, { stdio: "inherit", timeout: 3e5 });
+      execSync4(cmd, { stdio: "inherit", timeout: 3e5 });
     } catch {
       return false;
     }
@@ -2292,15 +2617,15 @@ function installDep(dep) {
 function addUserToDockerGroup() {
   if (process.platform !== "linux") return;
   try {
-    const user = execSync2("whoami", { encoding: "utf-8" }).trim();
-    execSync2(`sudo usermod -aG docker ${user}`, { stdio: "pipe" });
+    const user = execSync4("whoami", { encoding: "utf-8" }).trim();
+    execSync4(`sudo usermod -aG docker ${user}`, { stdio: "pipe" });
     log.info(`Added ${user} to docker group \u2014 log out and back in to apply`);
   } catch {
   }
 }
 function commandExists(cmd) {
   try {
-    execSync2(`which ${cmd}`, { stdio: "pipe" });
+    execSync4(`which ${cmd}`, { stdio: "pipe" });
     return true;
   } catch {
     return false;
@@ -2308,7 +2633,7 @@ function commandExists(cmd) {
 }
 function isDockerRunning() {
   try {
-    execSync2("docker info", { stdio: "pipe", timeout: 1e4 });
+    execSync4("docker info", { stdio: "pipe", timeout: 1e4 });
     return true;
   } catch {
     return false;
@@ -2316,10 +2641,10 @@ function isDockerRunning() {
 }
 // src/index.ts
-import { existsSync as existsSync7, mkdirSync as mkdirSync3, writeFileSync as writeFileSync2, readFileSync as readFileSync4, unlinkSync } from "fs";
-import { execSync as execSync3, spawn as spawn2 } from "child_process";
+import { existsSync as existsSync7, mkdirSync as mkdirSync3, writeFileSync as writeFileSync3, readFileSync as readFileSync4, unlinkSync } from "fs";
+import { execSync as execSync5, spawn as spawn2 } from "child_process";
 import { createInterface } from "readline";
-import { join as join8 } from "path";
+import { join as join9 } from "path";
 import { homedir as homedir6 } from "os";
 import { LinearClient as LinearClient2 } from "@linear/sdk";
 import { Octokit as Octokit2 } from "@octokit/rest";
@@ -2327,7 +2652,7 @@ import { createRequire } from "module";
 var require2 = createRequire(import.meta.url);
 var pkg = require2("../package.json");
 var program = new Command();
-var WATCHER_PID_FILE = join8(homedir6(), ".autoclawd", "watcher.pid");
+var WATCHER_PID_FILE = join9(homedir6(), ".autoclawd", "watcher.pid");
 function readWatcherPid() {
   try {
     const content = readFileSync4(WATCHER_PID_FILE, "utf-8").trim();
@@ -2338,8 +2663,8 @@ function readWatcherPid() {
   }
 }
 function writeWatcherPid(pid) {
-  mkdirSync3(join8(homedir6(), ".autoclawd"), { recursive: true });
-  writeFileSync2(WATCHER_PID_FILE, String(pid), { mode: 384 });
+  mkdirSync3(join9(homedir6(), ".autoclawd"), { recursive: true });
+  writeFileSync3(WATCHER_PID_FILE, String(pid), { mode: 384 });
 }
 function removeWatcherPid() {
   try {
@@ -2396,25 +2721,7 @@ program.command("serve").description("Start webhook server with auto-tunnel").op
       const webhookUrl = `${tunnel.url}/api/v1/linear/webhook`;
       log.success(`Tunnel: ${tunnel.url}`);
       log.info(`Webhook URL: ${webhookUrl}`);
-      if (config.webhook.webhookId) {
-        try {
-          await linearClient.deleteWebhook(config.webhook.webhookId);
-        } catch {
-        }
-      }
-      const team = await linearClient.team(config.linear.teamId);
-      const result = await linearClient.createWebhook({
-        url: webhookUrl,
-        resourceTypes: ["Issue"],
-        label: "autoclawd",
-        teamId: team.id
-      });
-      const webhook = await result.webhook;
-      if (webhook) {
-        log.success(`Linear webhook created \u2192 ${webhookUrl}`);
-        config.webhook.webhookId = webhook.id;
-        config.webhook.signingSecret = void 0;
-      }
+      log.info("Configure this URL as a webhook in Linear (Settings \u2192 API \u2192 Webhooks)");
     } catch (err) {
       log.warn(`Tunnel failed: ${err instanceof Error ? err.message : err}`);
       log.info("Falling back to local-only mode. Set up your own reverse proxy.");
@@ -2669,6 +2976,37 @@ Retrying ticket ${id}...`);
     process.off("SIGTERM", onSignal);
   }
 });
+program.command("rebase [repo]").description("Rebase stacked PRs whose base branch has been merged (e.g. autoclawd rebase owner/repo)").option("-c, --config <path>", "Config file path").option("-v, --verbose", "Verbose logging").action(async (repoArg, opts) => {
+  if (opts.verbose) setLogLevel("debug");
+  enableFileLogging();
+  const config = loadConfig(opts.config);
+  const octokit = createOctokit(config);
+  let repos;
+  if (repoArg) {
+    repos = [repoArg.startsWith("https://") ? repoArg : `https://github.com/${repoArg}`];
+  } else if (config.safety.allowedRepos && config.safety.allowedRepos.length > 0) {
+    repos = config.safety.allowedRepos.map(
+      (r) => r.startsWith("https://") ? r : `https://github.com/${r}`
+    );
+  } else {
+    throw new Error("Provide a repo (autoclawd rebase owner/repo) or configure safety.allowedRepos");
+  }
+  let totalRebased = 0;
+  for (const repoUrl of repos) {
+    log.info(`Checking ${repoUrl} for stacked PRs to rebase...`);
+    const count = await rebaseStackedPRs(octokit, {
+      repoUrl,
+      githubToken: config.github.token,
+      branchPrefix: config.safety.branchPrefix
+    });
+    totalRebased += count;
+  }
+  if (totalRebased === 0) {
+    log.info("No stacked PRs needed rebasing");
+  } else {
+    log.success(`Rebased ${totalRebased} stacked PR(s)`);
+  }
+});
 program.command("validate").description("Validate config without running anything").option("-c, --config <path>", "Config file path").action(async (opts) => {
   try {
     const config = loadConfig(opts.config);
@@ -2707,7 +3045,7 @@ program.command("history").description("Show run history").option("-n, --limit <
   }
 });
 function checkClaudeCredentials() {
-  return existsSync7(join8(homedir6(), ".claude", ".credentials.json"));
+  return existsSync7(join9(homedir6(), ".claude", ".credentials.json"));
 }
 async function validateGitHubToken(token) {
   try {
@@ -2810,7 +3148,7 @@ program.command("init").description("Set up autoclawd interactively").action(asy
   }
   let ghToken = "";
   try {
-    ghToken = execSync3("gh auth token", { encoding: "utf-8" }).trim();
+    ghToken = execSync5("gh auth token", { encoding: "utf-8" }).trim();
     log.success(`GitHub token detected from gh CLI`);
   } catch {
     ghToken = await ask("GitHub personal access token");
@@ -2861,7 +3199,7 @@ agent:
 maxConcurrent: 1
 `;
-  writeFileSync2(CONFIG_FILE, config, { mode: 384 });
+  writeFileSync3(CONFIG_FILE, config, { mode: 384 });
   log.success(`Config saved to ${CONFIG_FILE}`);
   console.log(`
   Setup complete! Next steps:
@@ -2872,10 +3210,12 @@ maxConcurrent: 1
   2. Tag tickets with a repo: label
   3. Start autoclawd:
-     $ autoclawd serve
+     $ autoclawd watch          # polling mode (recommended)
+     $ autoclawd serve          # webhook mode
-  autoclawd serve will auto-create a tunnel and
-  register the webhook with Linear. Just run it.
+  For webhook mode, configure the webhook URL manually in
+  Linear \u2192 Settings \u2192 API \u2192 Webhooks. autoclawd serve will
+  print the tunnel URL to use.
 `);
 });
 program.parseAsync().catch((err) => {