@catladder/pipeline 3.15.0 → 3.16.0

package/dist/constants.js

@@ -4,5 +4,5 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.DOCKER_REGISTRY = exports.PIPELINE_IMAGE_TAG = void 0;
-exports.PIPELINE_IMAGE_TAG = "v3-15-0-a13103cb" || "latest";
+exports.PIPELINE_IMAGE_TAG = "v3-16-0-a601aeaa" || "latest";
 exports.DOCKER_REGISTRY = "git.panter.ch:5001/catladder/catladder" || "git.panter.ch:5001/catladder/catladder";

package/dist/pipeline/agent/prompts.js

@@ -1,8 +1,8 @@
 "use strict";
 
-// prompts.ts — MCP-only, DRY, review-first-then-push, CI logic, self-mention guard,
-// event prompt supports review-on-demand via manual "agent-review" job or fallback MR review.
-// Prevents double-runs: event-triggered work cancels any running "agent-review" job on the same MR.
+// prompts.ts — MCP-only, DRY, review-first-then-push, CI diagnosis (no retries), self-mention guard,
+// conversations-aware: always read the thread first (issues & MRs), reply inline, avoid duplicates.
+// Prevents double-runs: event-triggered work cancels any running "agent-review" job on the MR's own pipeline.
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
@@ -19,6 +19,11 @@ var goldenRules = function (_a) {
   var agentUserName = _a.agentUserName;
   return "\n## Golden Rules\n- Use the `gitlab-mcp` tool for ALL GitLab actions. Do not call any other APIs.\n- If a needed `gitlab-mcp` capability is unavailable, post a short comment explaining the limitation and stop.\n- NEVER mention yourself (\"@".concat(agentUserName, "\") anywhere (comments, descriptions, titles, commit messages).\n- NEVER push to main/default or any protected branch. Always create a new branch and open a Merge Request (MR).\n- Always assign yourself as the assignee of any MR you create.\n- Do not create an MR for a **closed** issue.\n- Keep actions minimal and idempotent. Avoid duplicate comments or duplicate MRs.\n- Use ONE stable `source_branch` per run; do not regenerate its name later.\n");
 };
+/* ---------- NEW: conversation intake + threading rules ---------- */
+var conversationsIntake = function (_a) {
+  var agentUserName = _a.agentUserName;
+  return "\n## Conversations Intake & Threading (MANDATORY before acting)\nAlways load and reason about the current conversation to avoid duplicates and to respond in the right place.\n\n### What to fetch\n- **MRs**: Use `mr_discussions({ projectId: $CI_PROJECT_ID, mergeRequestIid })` to load all threads and notes.\n- **Issues**: If an issue-discussions/listing tool exists, use it. If not available in `gitlab-mcp`, rely on the **event payload** and **your last note ids** if present; otherwise post a single concise note acknowledging the limitation and proceed.\n\n### How to use it\n1) **Detect review/answer context**:\n   - Identify the **latest human note** in the thread (exclude notes authored by \"".concat(agentUserName, "\").\n   - If the latest human note **replies to you** (mentions you or is in a discussion you started), reply **in the same discussion**.\n2) **De-duplication**:\n   - If your most recent message is the **last message overall** and **no one else replied** since, prefer **updating your last note** instead of posting a new one:\n     - Use `update_merge_request_note` or `update_issue_note` accordingly.\n3) **Reply placement**:\n   - For MR code discussions: reply **inline in the same discussion** (preserve thread context).\n   - For general/MR overview threads: add a single consolidated reply (avoid multiple scattered notes).\n4) **Sanitize before write**:\n   - Apply the Self-mention Guard, then post.\n5) **If conversations list is unavailable**:\n   - Post one short note: that you cannot fetch the full conversation due to missing MCP capability, then proceed minimally (no spam).\n");
+};
 var selfMentionGuard = function (_a) {
   var agentUserName = _a.agentUserName;
   return "\n## Self-mention Guard (mandatory preflight for ALL writes)\nBefore ANY call that writes text (comment/create/update MR/issue/commit message), sanitize the text:\n\n- Remove all occurrences of your own handle:\n  - Match case-insensitively: `/@?".concat(agentUserName, "\\b/gi`\n  - Also strip variants inside parentheses or brackets if present.\n- Do NOT replace with another token; simply remove the self @-mention.\n- If after sanitization the body becomes empty/meaningless, skip the write.\n\nAdditionally:\n- If the last actor/author of the target item is you (\"").concat(agentUserName, "\"), **do not** post an acknowledgement comment (avoid loops on your own events).\n- To assign yourself, use the MCP assignee field(s). Do **not** mention yourself in the body to indicate assignment.\n");
@@ -28,7 +33,7 @@ var commentGuidelines = function () {
 };
 /* Exact tool names from @zereight/mcp-gitlab (lean, indicative signatures) */
 var mcpOnly = function () {
-  return "\n## gitlab-mcp Operations (exact tool names; indicative params)\n\n- **Comments / Notes**\n  - create_note({ projectId, targetType: \"issue\"|\"merge_request\", iid, body })\n  - create_issue_note({ projectId, issueIid, body })\n  - create_merge_request_note({ projectId, mergeRequestIid, body })\n  - update_issue_note({ projectId, issueIid, noteId, body })\n  - update_merge_request_note({ projectId, mergeRequestIid, noteId, body })\n  - mr_discussions({ projectId, mergeRequestIid })\n\n- **Issues**\n  - create_issue({ projectId, title, description, assigneeUsernames?: string[] })\n  - list_issues({ projectId, state?: \"opened\"|\"closed\", scope?: \"all\"|... })\n\n- **Branch & Files**\n  - create_branch({ projectId, branchName, ref })                 // ref = default branch or SHA\n  - push_files({ projectId, branch, commitMessage, files: [{ filePath, content }] })\n  - create_or_update_file({ projectId, branch, filePath, content, commitMessage })\n  - get_file_contents({ projectId, ref, path })\n  - get_branch_diffs({ projectId, from, to })                      // compare refs\n\n- **Merge Requests**\n  - create_merge_request({ projectId, sourceBranch, targetBranch, title, description, assigneeUsernames?: string[] })\n  - get_merge_request({ projectId, mergeRequestIid? , branchName? })\n  - get_merge_request_diffs({ projectId, mergeRequestIid? , branchName? })\n  - list_merge_request_diffs({ projectId, mergeRequestIid? , branchName?, page?, perPage? })\n  - update_merge_request({ projectId, mergeRequestIid? , branchName?, title?, description?, draft?, assigneeUsernames? })\n  - merge_merge_request(...)  // **Do NOT use** (never merge)\n\n- **Pipelines / Jobs**  (requires env USE_PIPELINE=true)\n  - list_pipeline_jobs({ projectId, pipelineId })\n  - get_pipeline_job_output({ projectId, pipelineId, jobId })\n  - retry_pipeline({ projectId, pipelineId })\n  - retry_pipeline_job({ projectId, jobId })\n  - play_pipeline_job({ projectId, jobId })\n  - cancel_pipeline_job({ projectId, jobId })\n";
+  return "\n## gitlab-mcp Operations (exact tool names; indicative params)\n\n- **Comments / Notes**\n  - create_note({ projectId, targetType: \"issue\"|\"merge_request\", iid, body })\n  - create_issue_note({ projectId, issueIid, body })\n  - create_merge_request_note({ projectId, mergeRequestIid, body })\n  - update_issue_note({ projectId, issueIid, noteId, body })\n  - update_merge_request_note({ projectId, mergeRequestIid, noteId, body })\n  - mr_discussions({ projectId, mergeRequestIid })\n\n- **Issues**\n  - create_issue({ projectId, title, description, assigneeUsernames?: string[] })\n  - list_issues({ projectId, state?: \"opened\"|\"closed\", scope?: \"all\"|... })\n\n- **Branch & Files**\n  - create_branch({ projectId, branchName, ref })\n  - push_files({ projectId, branch, commitMessage, files: [{ filePath, content }] })\n  - create_or_update_file({ projectId, branch, filePath, content, commitMessage })\n  - get_file_contents({ projectId, ref, path })\n  - get_branch_diffs({ projectId, from, to })\n\n- **Merge Requests**\n  - create_merge_request({ projectId, sourceBranch, targetBranch, title, description, assigneeUsernames?: string[] })\n  - get_merge_request({ projectId, mergeRequestIid? , branchName? })\n  - get_merge_request_diffs({ projectId, mergeRequestIid? , branchName? })\n  - list_merge_request_diffs({ projectId, mergeRequestIid? , branchName?, page?, perPage? })\n  - update_merge_request({ projectId, mergeRequestIid? , branchName?, title?, description?, draft?, assigneeUsernames? })\n  - merge_merge_request(...)  // **Do NOT use** (never merge)\n\n- **Pipelines / Jobs**  (requires env USE_PIPELINE=true)\n  - list_pipelines({ projectId, ref?, sha?, status?, orderBy?, sort? })\n  - get_pipeline({ projectId, pipelineId })\n  - list_pipeline_jobs({ projectId, pipelineId })\n  - get_pipeline_job_output({ projectId, pipelineId, jobId })\n  - play_pipeline_job({ projectId, jobId })\n  - cancel_pipeline_job({ projectId, jobId })\n";
 };
 var outputDiscipline = function (_a) {
   var agentUserName = _a.agentUserName;
@@ -36,19 +41,22 @@ var outputDiscipline = function (_a) {
 };
 /* ---------- Event (webhook) specific ---------- */
 var eventSelfParse = function () {
-  return "\n## Self-Parse the Raw Payload (no preprocessing available)\nFrom `event_json`, extract:\n- kind: \"issue\" | \"merge_request\" | \"note\"\n- target + iid from URL:\n  - `/-/issues/<n>` \u2192 target=\"issue\", iid=<n>\n  - `/-/merge_requests/<n>` \u2192 target=\"mr\", iid=<n>\n- note_id if present (`#note_<id>`)\n- description/body text, state, author `user_username`, timestamps\n- project id/path; detect default branch via `get_merge_request`/context as needed\n\nIf any key is missing, choose the safest minimal action or briefly explain via a comment.\n";
+  return "\n## Self-Parse the Raw Payload (no preprocessing available)\nFrom `event_json`, extract:\n- kind: \"issue\" | \"merge_request\" | \"note\"\n- target + iid from URL:\n  - `/-/issues/<n>` \u2192 target=\"issue\", iid=<n>\n  - `/-/merge_requests/<n>` \u2192 target=\"mr\", iid=<n>\n- note_id if present (`#note_<id>`)\n- description/body text, state, author `user_username`, timestamps\n- project id/path; detect default branch via `get_merge_request`/context as needed\n- If available: the discussion id / thread context of the note to enable inline replies.\n";
+};
+/* Helper used by Single-Runner Guard and Review-on-Demand to find the MR’s own pipeline */
+var resolveMrPipeline = function () {
+  return "\n## Resolve MR Pipeline (for MR IID resolved from the event)\nGiven `mr_iid`:\n1) Call `get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid: mr_iid })` to obtain:\n   - `sourceBranch` (required)\n   - `sha` or head SHA (if available)\n2) Prefer **SHA-based** lookup:\n   - `list_pipelines({ projectId: $CI_PROJECT_ID, sha })` ordered by most recent; pick the newest.\n3) Fallback to **ref-based** lookup if SHA not available:\n   - `list_pipelines({ projectId: $CI_PROJECT_ID, ref: sourceBranch, orderBy: \"updated_at\", sort: \"desc\" })`; pick the newest.\n4) The chosen pipeline becomes `mr_pipeline_id`. Use it for all job queries/plays/cancels related to this MR.\n- If no pipeline is found, post a short MR note explaining that no pipeline was located for the current MR head and proceed with review actions without CI job control.\n";
 };
-// NEW: Single-runner guard (event-triggered → existing MR)
 var singleRunnerGuard = function () {
-  return "\n## Single-Runner Guard (event-triggered work on an existing MR)\nBefore entering MR Review Mode from an event:\n\n- **Goal:** Avoid two agents working the same MR. If a **running or pending** CI job whose name **ends with \"agent-review\"** is active for this MR, **cancel** it first.\n\n**Best-effort procedure (MCP-only):**\n1) If `$CI_PIPELINE_ID` is available (this event is executing inside a CI context for the same MR):\n   - Call `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: $CI_PIPELINE_ID })`.\n   - Identify any job where `status` is `\"running\"` or `\"pending\"` **and** `name` **endsWith** `\"agent-review\"`.\n   - For each match, call `cancel_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n   - Proceed with review immediately after issuing cancellations (do not wait).\n\n2) If `$CI_PIPELINE_ID` is **not** available, or jobs for this MR cannot be listed with available MCP calls:\n   - Post a short MR note stating you are proceeding but **cannot verify/cancel** a running `agent-review` job due to missing capabilities.\n   - Proceed with review.\n\n**Notes:**\n- Keep this guard **idempotent** (safe to run multiple times).\n- This guard only applies to **event-triggered** flows that decide to act on an **existing MR**.\n";
+  return "\n## Single-Runner Guard (event-triggered work on an existing MR)\nBefore entering MR Review Mode from an event:\n\n- **Goal:** Avoid two agents working the same MR. If a **running or pending** CI job whose name **ends with \"agent-review\"** is active for this MR's pipeline, **cancel** it first.\n\n**Procedure (MCP-only):**\n1) Resolve the MR IID from the event (target URL or text) and run **Resolve MR Pipeline** to get `mr_pipeline_id`.\n2) If `mr_pipeline_id` is available:\n   - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n   - For any job with `status` in `[\"running\",\"pending\"]` and `name` ending with `\"agent-review\"`, call:\n     - `cancel_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n   - Proceed immediately after issuing cancellations (do not wait).\n3) If the pipeline cannot be resolved:\n   - Post a short MR note stating you are proceeding but **cannot verify/cancel** a running `agent-review` job due to missing pipeline context.\n   - Proceed with review.\n\n**Notes:**\n- Keep this guard **idempotent** (safe to run multiple times).\n- Only applies to **event-triggered** flows that act on an **existing MR**.\n";
 };
 var reviewOnDemandFromEvents = function () {
-  return "\n## Review-on-Demand (from events)\nIf the issue/note text **asks for a review** (case-insensitive tokens like: \"review\", \"please review\", \"PTAL\", \"needs review\", \"can you look at\", \"LGTM?\"), then:\n\n1) **Check for pipeline review job**\n   - List jobs for the current pipeline `$CI_PIPELINE_ID` via `list_pipeline_jobs`.\n   - If any job has `status = \"manual\"` **and** its `name` ends with \"agent-review\":\n     - Trigger it via `play_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n     - Post a short comment confirming you triggered the review job (sanitize).\n     - **Stop** further review actions.\n\n2) **If no such job exists, resolve which MR to review**:\n   - If the event target is an MR \u2192 use its `iid`.\n   - Else, parse the text for MR references in order:\n     - `!<iid>` (e.g., `!123`)\n     - `/-/merge_requests/<iid>` in a path or URL\n     - full GitLab MR URL\n   - If no MR can be resolved, reply with a brief comment asking the user to reference an MR (sanitize) and **stop**.\n\n3) **Single-Runner Guard (cancel any running \"agent-review\" job)**   // NEW: Single-runner guard\n   - Execute the **Single-Runner Guard** steps above **before** MR Review Mode.\n\n4) **Enter MR Review Mode**: execute the **MR Review Bundle** below with the resolved `mr_iid`.\n";
+  return "\n## Review-on-Demand (from events)\nIf the issue/note text **asks for a review** (case-insensitive tokens like: \"review\", \"please review\", \"PTAL\", \"needs review\", \"can you look at\", \"LGTM?\"), then:\n\n1) **Resolve which MR to review**:\n   - If the event target is an MR \u2192 use its `iid`.\n   - Else, parse the text for MR references in order:\n     - `!<iid>` (e.g., `!123`)\n     - `/-/merge_requests/<iid>` in a path or URL\n     - full GitLab MR URL\n   - If no MR can be resolved, reply with a brief comment asking the user to reference an MR (sanitize) and **stop**.\n\n2) **Find the MR's pipeline** (do **not** use `$CI_PIPELINE_ID` from the event):\n   - Execute **Resolve MR Pipeline** to obtain `mr_pipeline_id`.\n\n3) **If a manual \"agent-review\" job exists on the MR pipeline, trigger it**\n   - If `mr_pipeline_id` is available:\n     - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n     - If any job has `status = \"manual\"` **and** its `name` ends with \"agent-review\":\n       - Trigger via `play_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n       - **Conversations Intake**: run the section above to determine **where** to post the confirmation (prefer replying in the same thread that requested review).\n       - Post a short comment confirming you triggered the review job (sanitize).\n       - **Stop** further review actions.\n\n4) **Single-Runner Guard**\n   - If no manual job was triggered, execute the **Single-Runner Guard** (it will cancel any running/pending `agent-review` jobs on the MR pipeline) before MR Review Mode.\n\n5) **Enter MR Review Mode**: execute the **MR Review Bundle** below with the resolved `mr_iid`.\n";
 };
 /** Regular event workflow for non-review work */
 var eventWorkflow = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## High-Reliability Workflow (sequence + postconditions)\nFollow this order for any change work:\n\n1) **Acknowledge** with a short comment on the issue/MR thread (`create_note`), **unless the last actor is you**.\n2) **Discover default branch** (e.g., \"main\") \u2014 infer from repo/MR context if needed.\n3) **Create a working branch** from default (stable name, e.g., `fix/issue-<iid>-<slug>` or `feat/issue-<iid>-<slug>`) via `create_branch`.\n4) **Write changes \u2192 commit \u2192 push to remote branch** via `push_files` (or `create_or_update_file`).\n5) **Verify push landed**:\n   - Fetch latest state (optional: `get_file_contents`/log) and capture a short SHA from the branch head if exposed by the host.\n   - Compare default vs `source_branch` via `get_branch_diffs({ from: \"<default>\", to: \"<source>\" })` and ensure there are diffs.\n6) **Create or update MR** ONLY if there is a non-empty diff via `create_merge_request`.\n   - Include `Closes #<issue_iid>` in MR description when applicable.\n   - **Assign the MR to yourself**: `assigneeUsernames: [\"".concat(agentUserName, "\"]`.\n7) **Follow-up comment** with branch name, any commit short SHA you can obtain, files changed count (approx by diffs), and MR link via `create_note`, **unless the last actor is you**.\n8) **If verification fails**:\n   - Do NOT create the MR.\n   - Comment the exact failure and retry once with a fresh branch name. If still failing, comment and stop.\n\nFor Q&A-only (no code changes), just post a concise, helpful answer on the same issue/MR (sanitize first).\n");
+  return "\n## High-Reliability Workflow (sequence + postconditions)\nFollow this order for any change work:\n\n0) **Conversations Intake (MANDATORY)**:\n   - For MR targets: call `mr_discussions` and apply the rules in **Conversations Intake & Threading**.\n   - For issue targets: attempt to load notes if supported; otherwise rely on event context and post one concise note acknowledging the limitation.\n\n1) **Acknowledge** with a short comment on the issue/MR thread (`create_note`), **unless the last actor is you**.\n2) **Discover default branch** (e.g., \"main\") \u2014 infer from repo/MR context if needed.\n3) **Create a working branch** from default (stable name, e.g., `fix/issue-<iid>-<slug>` or `feat/issue-<iid>-<slug>`) via `create_branch`.\n4) **Write changes \u2192 commit \u2192 push to remote branch** via `push_files` (or `create_or_update_file`).\n5) **Verify push landed**:\n   - Fetch latest state and ensure diffs via `get_branch_diffs({ from: \"<default>\", to: \"<source>\" })`.\n6) **Create or update MR** ONLY if there is a non-empty diff via `create_merge_request`.\n   - Include `Closes #<issue_iid>` in MR description when applicable.\n   - **Assign the MR to yourself**: `assigneeUsernames: [\"".concat(agentUserName, "\"]`.\n7) **Follow-up comment** with branch name, any commit short SHA you can obtain, files changed count (approx by diffs), and MR link via `create_note`, **unless the last actor is you**. Place this **in the relevant conversation thread** (see Intake rules).\n8) **If verification fails**:\n   - Do NOT create the MR.\n   - Comment the exact failure and retry once with a fresh branch name. If still failing, comment and stop.\n\nFor Q&A-only (no code changes), run **Conversations Intake** first, then post a single concise, helpful answer **in the correct thread** (sanitize).\n");
 };
 /* ---------- MR-review specific (shared with both prompts) ---------- */
 var mrScope = function (_a) {
@@ -56,10 +64,10 @@ var mrScope = function (_a) {
   return "\n## Identity & Scope\n- Your GitLab username is \"".concat(agentUserName, "\".\n- This prompt runs in the context of ONE MR.\n- You may review, comment, and push updates **to the MR's source branch**.\n- You must **never merge** the MR yourself.\n");
 };
 var mrWorkflow = function () {
-  return "\n## High-Reliability Review Workflow\nFollow this sequence with verification at each step:\n\n1) **Collect context**\n   - Get MR metadata via `get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid })`.\n   - Fetch the full changeset/diffs via `get_merge_request_diffs` (or `list_merge_request_diffs`) and open discussions via `mr_discussions`.\n   - Read existing notes to avoid duplication.\n\n2) **Code review**\n   - Identify required changes (bugs, tests, style, security, perf, docs).\n   - Always **post your review comments first** using `create_merge_request_note` (ack + concrete notes). Sanitize before sending.\n   - Set an internal intent flag:\n     - `will_push_changes = true` if you will modify code/config.\n     - `will_push_changes = false` if it\u2019s commentary-only.\n\n3) **Implement changes after review is posted (only if `will_push_changes = true`)**\n   - If needed, create the working branch from the target/default (or use existing MR source branch).\n   - Apply minimal, safe changes; keep commits small and clear.\n   - **Push** to the MR's **source branch** via `push_files` (or `create_or_update_file`).\n   - **Verify push landed** using `get_branch_diffs({ from: \"<target_branch>\", to: \"<source_branch>\" })` and ensure there are diffs.\n   - Post a follow-up MR note summarizing what changed and why (sanitize).\n";
+  return "\n## High-Reliability Review Workflow\nFollow this sequence with verification at each step:\n\n1) **Collect context**\n   - Get MR metadata via `get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid })`.\n   - Fetch the full changeset/diffs via `get_merge_request_diffs` (or `list_merge_request_diffs`) and open discussions via `mr_discussions`.\n   - **Conversations Intake**: analyze discussions to find latest human notes, detect replies to the agent, and decide between inline reply vs updating your prior note.\n\n2) **Code review**\n   - Identify required changes (bugs, tests, style, security, perf, docs).\n   - Always **post your review comments first** using `create_merge_request_note` (ack + concrete notes). Sanitize before sending.\n   - Set an internal intent flag:\n     - `will_push_changes = true` if you will modify code/config.\n     - `will_push_changes = false` if it\u2019s commentary-only.\n\n3) **Implement changes after review is posted (only if `will_push_changes = true`)**\n   - If needed, create the working branch from the target/default (or use existing MR source branch).\n   - Apply minimal, safe changes; keep commits small and clear.\n   - **Push** to the MR's **source branch** via `push_files` (or `create_or_update_file`).\n   - **Verify push landed** using `get_branch_diffs({ from: \"<target_branch>\", to: \"<source_branch>\" })` and ensure there are diffs.\n   - Post a follow-up MR note summarizing what changed and why, **in the appropriate thread** (sanitize).\n";
 };
 var ciInspection = function () {
-  return "\n4) **CI jobs (current pipeline focus: diagnose first, retry only when useful)**\n   - Inspect jobs for the **current pipeline**: `$CI_PIPELINE_ID` via `list_pipeline_jobs`.\n   - Consider **only** jobs with `status = \"failed\"` and `allow_failure = false`.\n   - For each such job:\n     1. Retrieve details (id, name, stage, status, allow_failure, web_url).\n     2. Fetch job output via `get_pipeline_job_output({ projectId: $CI_PROJECT_ID, pipelineId: $CI_PIPELINE_ID, jobId })`.\n     3. **Classify the failure**:\n        - **Code-related (do not retry):** compiler/type/lint/test/build script errors.\n        - **Likely transient (may retry):** network/timeouts/infra/cache/artifacts/5xx/429/etc.\n     4. **Decision**:\n        - If `will_push_changes = true`:\n          - **Do not retry** current pipeline (upcoming push will trigger a new one).\n          - Post an MR note: brief diagnosis per failed job; note a new pipeline will validate the fix (sanitize).\n        - If `will_push_changes = false`:\n          - If transient \u21D2 `retry_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })` (or `retry_pipeline` if job-level retry not available).  \n            Post a note stating you retried and why (sanitize).\n          - If code-related \u21D2 do not retry; post a note with diagnosis and suggested fix (sanitize).\n   - Retry-once policy: at most **one** retry per job in this run.\n\n5) **Assign human reviewer if ready**\n   - If discussions are resolved and blocking CI issues are addressed or clearly triaged, request review from a recent active human contributor (not you), if supported by your environment.\n\n6) **Stdout summary**\n   - Print concise summary: branch used, files changed count (approx by diffs), discussions resolved/left, **blocking failed jobs (names + stages)** with classification (code vs transient), which jobs were retried (if any), and requested reviewers.\n";
+  return "\n4) **CI jobs (diagnose only; no job retries)**\n   - Prefer the **MR pipeline** (not the event pipeline).\n   - If you have `mr_pipeline_id` (from **Resolve MR Pipeline**):\n     - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n     - Consider **only** jobs with `status = \"failed\"` and `allow_failure = false`.\n     - For each such job:\n       1. Retrieve details (id, name, stage, status, allow_failure, web_url).\n       2. Fetch job output via `get_pipeline_job_output({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id, jobId })`.\n       3. **Classify the failure**:\n          - **Code-related:** compiler/type/lint/test/build script errors. Provide minimal fix in your review/changes. Do **not** retry.\n          - **Likely transient / infra:** network/timeouts/cache/artifacts/5xx/429/runner issues. Do **not** retry here; note likely cause and suggest CI-level retry/backoff if appropriate.\n       4. **Decision**:\n          - If `will_push_changes = true`: do **not** retry; note that the new pipeline from your push will validate fixes.\n          - If `will_push_changes = false`: do **not** retry; post diagnosis and next steps (or request human input for infra issues).\n   - If `mr_pipeline_id` is not available, you may skip CI analysis or post a short note explaining the missing pipeline context.\n";
 };
 var outputDisciplineMR = function (_a) {
   var agentUserName = _a.agentUserName;
@@ -71,10 +79,10 @@ var mrReviewBundle = function (ctx) {
 };
 /* ---------- Public builders ---------- */
 var getEventPrompt = function (ctx) {
-  return "\nYou are a GitLab assistant bot. You receive ONE raw GitLab webhook JSON payload.\n\n".concat(header(), "\n---\nevent_json:\n$(cat $TRIGGER_PAYLOAD)\n---\n\n").concat(identity(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(eventSelfParse(), "\n").concat(singleRunnerGuard(), "  <!-- NEW: included so the agent can run it when acting on an existing MR -->\n").concat(reviewOnDemandFromEvents(), "\n").concat(mrReviewBundle(ctx), "  <!-- Included so the agent can execute it when review intent is true -->\n").concat(eventWorkflow(ctx), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDiscipline(ctx), "\n");
+  return "\nYou are a GitLab assistant bot. You receive ONE raw GitLab webhook JSON payload.\n\n".concat(header(), "\n---\nevent_json:\n$(cat $TRIGGER_PAYLOAD)\n---\n\n").concat(identity(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "     <!-- NEW: mandatory before acting -->\n").concat(eventSelfParse(), "\n").concat(resolveMrPipeline(), "           <!-- used by review/cancel paths -->\n").concat(singleRunnerGuard(), "           <!-- operates on MR pipeline, not event pipeline -->\n").concat(reviewOnDemandFromEvents(), "\n").concat(mrReviewBundle(ctx), "           <!-- agent can execute when review intent is true -->\n").concat(eventWorkflow(ctx), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDiscipline(ctx), "\n");
 };
 exports.getEventPrompt = getEventPrompt;
 var getMergeRequestPrompt = function (ctx) {
-  return "\nYou are a GitLab assistant bot reviewing and updating a single Merge Request (MR).\n\n".concat(header(), "\n---\nmerge_request_iid: $CI_MERGE_REQUEST_IID\ntitle: $CI_MERGE_REQUEST_TITLE\ndescription: $CI_MERGE_REQUEST_DESCRIPTION\n---\n\n").concat(mrScope(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDisciplineMR(ctx), "\n");
+  return "\nYou are a GitLab assistant bot reviewing and updating a single Merge Request (MR).\n\n".concat(header(), "\n---\nmerge_request_iid: $CI_MERGE_REQUEST_IID\ntitle: $CI_MERGE_REQUEST_TITLE\ndescription: $CI_MERGE_REQUEST_DESCRIPTION\n---\n\n").concat(mrScope(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "     <!-- NEW: always read MR discussions -->\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDisciplineMR(ctx), "\n");
 };
 exports.getMergeRequestPrompt = getMergeRequestPrompt;

package/dist/pipeline/agent/shared.js

@@ -5,11 +5,13 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.callClaude = exports.baseSetupScript = exports.createBaseAgentJob = void 0;
 var bashEscape_1 = require("../../bash/bashEscape");
+var runner_1 = require("../../runner");
 var createBaseAgentJob = function (context) {
   return {
     stage: "agents",
     envMode: "none",
-    image: "node:24-alpine3.21",
+    // image: "node:24-alpine3.21",
+    image: (0, runner_1.getRunnerImage)("agent-claude"),
     variables: {
       MAX_MCP_OUTPUT_TOKENS: "75000",
       GITLAB_PERSONAL_ACCESS_TOKEN: "$AGENT_GITLAB_PERSONAL_ACCESS_TOKEN",
@@ -19,7 +21,12 @@ var createBaseAgentJob = function (context) {
   };
 };
 exports.createBaseAgentJob = createBaseAgentJob;
-exports.baseSetupScript = ["apk update", "apk add --no-cache git curl bash", "npm install -g @anthropic-ai/claude-code", "claude mcp add gitlab --env GITLAB_PERSONAL_ACCESS_TOKEN=$GITLAB_PERSONAL_ACCESS_TOKEN --env GITLAB_API_URL=$GITLAB_API_URL --env USE_PIPELINE='true' -- npx -y @zereight/mcp-gitlab"];
+exports.baseSetupScript = [
+// these are done in the image already
+// "apk update",
+// "apk add --no-cache git curl bash",
+//"npm install -g @anthropic-ai/claude-code",
+"claude mcp add gitlab --env GITLAB_PERSONAL_ACCESS_TOKEN=$GITLAB_PERSONAL_ACCESS_TOKEN --env GITLAB_API_URL=$GITLAB_API_URL --env USE_PIPELINE='true' -- npx -y @zereight/mcp-gitlab"];
 var callClaude = function (_a) {
   var prompt = _a.prompt;
   return ["export PROMPT=\"".concat((0, bashEscape_1.escapeNewlines)((0, bashEscape_1.escapeDoubleQuotes)((0, bashEscape_1.escapeBackTicks)(prompt))), "\""),

package/dist/runner/index.d.ts

@@ -1,2 +1,2 @@
-export type RunnerImageName = "jobs-default" | "jobs-meteor" | "jobs-testing-chrome" | "kubernetes" | "docker-build" | "gcloud" | "semantic-release";
+export type RunnerImageName = "jobs-default" | "jobs-meteor" | "jobs-testing-chrome" | "kubernetes" | "docker-build" | "gcloud" | "semantic-release" | "agent-claude";
 export declare const getRunnerImage: (imageName: RunnerImageName) => string;