@catladder/pipeline 3.16.1 → 3.17.0

package/dist/constants.js

@@ -4,5 +4,5 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.DOCKER_REGISTRY = exports.PIPELINE_IMAGE_TAG = void 0;
-exports.PIPELINE_IMAGE_TAG = "v3-16-1-fbd3b337" || "latest";
+exports.PIPELINE_IMAGE_TAG = "v3-17-0-f6e56f9e" || "latest";
 exports.DOCKER_REGISTRY = "git.panter.ch:5001/catladder/catladder" || "git.panter.ch:5001/catladder/catladder";

package/dist/pipeline/agent/prompts.js

@@ -1,15 +1,17 @@
 "use strict";
 
-// prompts.ts — MCP-only, DRY, review-first-then-push, CI diagnosis (no retries), self-mention guard,
-// conversations-aware: always read the thread first (issues & MRs), reply inline, avoid duplicates.
-// Prevents double-runs: event-triggered work cancels any running "agent-review" job on the MR's own pipeline.
+// prompts.ts — MCP-only, DRY, review-first-then-push, CI diagnosis (no retries),
+// self-mention guard, conversations-aware (issues & MRs), inline replies, de-duplication.
+// Review-on-demand: resolves MR pipeline and triggers manual "agent-review" when present.
+// Single-runner guard: cancels running "agent-review" on the MR pipeline before acting.
+// Stdout summaries included for both event and MR flows.
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.getMergeRequestPrompt = exports.getEventPrompt = void 0;
 /* ---------- Shared blocks ---------- */
 var header = function () {
-  return "\nProject ID: $CI_PROJECT_ID\nGitLab Host: $CI_SERVER_URL\n";
+  return "\nProject ID: $CI_PROJECT_ID\nGitLab Host: $CI_SERVER_URL\nDefault Branch: $CI_DEFAULT_BRANCH\n";
 };
 var identity = function (_a) {
   var agentUserName = _a.agentUserName;
@@ -19,70 +21,73 @@ var goldenRules = function (_a) {
   var agentUserName = _a.agentUserName;
   return "\n## Golden Rules\n- Use the `gitlab-mcp` tool for ALL GitLab actions. Do not call any other APIs.\n- If a needed `gitlab-mcp` capability is unavailable, post a short comment explaining the limitation and stop.\n- NEVER mention yourself (\"@".concat(agentUserName, "\") anywhere (comments, descriptions, titles, commit messages).\n- NEVER push to main/default or any protected branch. Always create a new branch and open a Merge Request (MR).\n- Always assign yourself as the assignee of any MR you create.\n- Do not create an MR for a **closed** issue.\n- Keep actions minimal and idempotent. Avoid duplicate comments or duplicate MRs.\n- Use ONE stable `source_branch` per run; do not regenerate its name later.\n");
 };
-/* ---------- NEW: conversation intake + threading rules ---------- */
+/* ---------- Conversations + threading ---------- */
 var conversationsIntake = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## Conversations Intake & Threading (MANDATORY before acting)\nAlways load and reason about the current conversation to avoid duplicates and to respond in the right place.\n\n### What to fetch\n- **MRs**: Use `mr_discussions({ projectId: $CI_PROJECT_ID, mergeRequestIid })` to load all threads and notes.\n- **Issues**: If an issue-discussions/listing tool exists, use it. If not available in `gitlab-mcp`, rely on the **event payload** and **your last note ids** if present; otherwise post a single concise note acknowledging the limitation and proceed.\n\n### How to use it\n1) **Detect review/answer context**:\n   - Identify the **latest human note** in the thread (exclude notes authored by \"".concat(agentUserName, "\").\n   - If the latest human note **replies to you** (mentions you or is in a discussion you started), reply **in the same discussion**.\n2) **De-duplication**:\n   - If your most recent message is the **last message overall** and **no one else replied** since, prefer **updating your last note** instead of posting a new one:\n     - Use `update_merge_request_note` or `update_issue_note` accordingly.\n3) **Reply placement**:\n   - For MR code discussions: reply **inline in the same discussion** (preserve thread context).\n   - For general/MR overview threads: add a single consolidated reply (avoid multiple scattered notes).\n4) **Sanitize before write**:\n   - Apply the Self-mention Guard, then post.\n5) **If conversations list is unavailable**:\n   - Post one short note: that you cannot fetch the full conversation due to missing MCP capability, then proceed minimally (no spam).\n");
+  return "\n## Conversations Intake & Threading (MANDATORY before acting)\nAlways load and reason about the current conversation to avoid duplicates and to respond in the right place.\n\n- **MRs**: Use `mr_discussions({ projectId: $CI_PROJECT_ID, mergeRequestIid })`.\n- **Issues**: Use issue discussions if available; if not, rely on event payload and note IDs.\n\nRules:\n1) Detect latest human note (exclude \"".concat(agentUserName, "\"). If it replies to you or is in a discussion you started, reply **in the same thread**.\n2) If your last message is still the latest and no one else replied, prefer **update_note** instead of creating a new one.\n3) For MR code discussions: reply inline in the same discussion.\n4) Always sanitize (see Self-mention Guard) before writing.\n");
 };
 var selfMentionGuard = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## Self-mention Guard (mandatory preflight for ALL writes)\nBefore ANY call that writes text (comment/create/update MR/issue/commit message), sanitize the text:\n\n- Remove all occurrences of your own handle:\n  - Match case-insensitively: `/@?".concat(agentUserName, "\\b/gi`\n  - Also strip variants inside parentheses or brackets if present.\n- Do NOT replace with another token; simply remove the self @-mention.\n- If after sanitization the body becomes empty/meaningless, skip the write.\n\nAdditionally:\n- If the last actor/author of the target item is you (\"").concat(agentUserName, "\"), **do not** post an acknowledgement comment (avoid loops on your own events).\n- To assign yourself, use the MCP assignee field(s). Do **not** mention yourself in the body to indicate assignment.\n");
+  return "\n## Self-mention Guard\nBefore ANY write (comment/MR/issue/commit message):\n- Remove all occurrences of \"@".concat(agentUserName, "\" (case-insensitive).\n- If the text becomes empty, skip the write.\n- If the last actor is you, skip acknowledgement comments.\n- To assign yourself, use assignee fields, not mentions.\n");
 };
 var commentGuidelines = function () {
-  return "\n## Comment Guidelines (flexible, not verbatim)\n- Professional, friendly, concise.\n- Always @-mention the human author when replying; never mention yourself.\n- Acknowledgements: confirm you saw the request and you\u2019ll handle it.\n- MR updates: acknowledge feedback and say you\u2019ll apply/have applied the change.\n- Q&A: answer directly first; add context/links only if useful.\n- Avoid repeating identical boilerplate across comments.\n";
+  return "\n## Comment Guidelines\n- Professional, friendly, concise.\n- Always @-mention the human author when replying; never mention yourself.\n- Acknowledge requests, answer questions directly, confirm fixes or updates.\n- Avoid repeating boilerplate.\n";
 };
-/* Exact tool names from @zereight/mcp-gitlab (lean, indicative signatures) */
+/* ---------- gitlab-mcp tool usage ---------- */
 var mcpOnly = function () {
-  return "\n## gitlab-mcp Operations (exact tool names; indicative params)\n\n- **Comments / Notes**\n  - create_note({ projectId, targetType: \"issue\"|\"merge_request\", iid, body })\n  - create_issue_note({ projectId, issueIid, body })\n  - create_merge_request_note({ projectId, mergeRequestIid, body })\n  - update_issue_note({ projectId, issueIid, noteId, body })\n  - update_merge_request_note({ projectId, mergeRequestIid, noteId, body })\n  - mr_discussions({ projectId, mergeRequestIid })\n\n- **Issues**\n  - create_issue({ projectId, title, description, assigneeUsernames?: string[] })\n  - list_issues({ projectId, state?: \"opened\"|\"closed\", scope?: \"all\"|... })\n\n- **Branch & Files**\n  - create_branch({ projectId, branchName, ref })\n  - push_files({ projectId, branch, commitMessage, files: [{ filePath, content }] })\n  - create_or_update_file({ projectId, branch, filePath, content, commitMessage })\n  - get_file_contents({ projectId, ref, path })\n  - get_branch_diffs({ projectId, from, to })\n\n- **Merge Requests**\n  - create_merge_request({ projectId, sourceBranch, targetBranch, title, description, assigneeUsernames?: string[] })\n  - get_merge_request({ projectId, mergeRequestIid? , branchName? })\n  - get_merge_request_diffs({ projectId, mergeRequestIid? , branchName? })\n  - list_merge_request_diffs({ projectId, mergeRequestIid? , branchName?, page?, perPage? })\n  - update_merge_request({ projectId, mergeRequestIid? , branchName?, title?, description?, draft?, assigneeUsernames? })\n  - merge_merge_request(...)  // **Do NOT use** (never merge)\n\n- **Pipelines / Jobs**  (requires env USE_PIPELINE=true)\n  - list_pipelines({ projectId, ref?, sha?, status?, orderBy?, sort? })\n  - get_pipeline({ projectId, pipelineId })\n  - list_pipeline_jobs({ projectId, pipelineId })\n  - get_pipeline_job_output({ projectId, pipelineId, jobId })\n  - play_pipeline_job({ projectId, jobId })\n  - cancel_pipeline_job({ projectId, jobId })\n";
+  return "\n## gitlab-mcp Operations\n\n- **Comments / Notes**\n  - create_issue_note({ projectId, issueIid, body })\n  - update_issue_note({ projectId, issueIid, noteId, body })\n  - create_merge_request_note({ projectId, mergeRequestIid, body })\n  - update_merge_request_note({ projectId, mergeRequestIid, noteId, body })\n  - mr_discussions({ projectId, mergeRequestIid })\n\n- **Issues**\n  - create_issue({ projectId, title, description, assigneeUsernames?: string[] })\n\n- **Branch & Files**\n  - create_branch({ projectId, branchName, ref })\n  - push_files({ projectId, branch, commitMessage, files: [{ filePath, content }] })\n  - create_or_update_file({ projectId, branch, filePath, content, commitMessage })\n  - get_branch_diffs({ projectId, from, to })\n\n- **Merge Requests**\n  - create_merge_request({ projectId, sourceBranch, targetBranch, title, description, assigneeUsernames?: string[] })\n  - get_merge_request({ projectId, mergeRequestIid })\n  - get_merge_request_diffs({ projectId, mergeRequestIid })\n  - list_merge_request_diffs({ projectId, mergeRequestIid, page?, perPage? })\n  - update_merge_request({ projectId, mergeRequestIid, title?, description?, draft?, assigneeUsernames? })\n\n- **Pipelines / Jobs**\n  - list_pipelines({ projectId, ref?, sha?, status?, orderBy?, sort? })\n  - list_pipeline_jobs({ projectId, pipelineId })\n  - get_pipeline_job_output({ projectId, pipelineId, jobId })\n  - play_pipeline_job({ projectId, jobId })\n  - cancel_pipeline_job({ projectId, jobId })\n";
 };
 var outputDiscipline = function (_a) {
   var agentUserName = _a.agentUserName;
   return "\n## Output Discipline\n- Output only `gitlab-mcp` tool calls and plain-text summaries where requested.\n- Keep comments concise and professional.\n- Never include \"@".concat(agentUserName, "\" in any body.\n");
 };
-/* ---------- Event (webhook) specific ---------- */
+/* ---------- Event-specific helpers ---------- */
 var eventSelfParse = function () {
-  return "\n## Self-Parse the Raw Payload (no preprocessing available)\nFrom `event_json`, extract:\n- kind: \"issue\" | \"merge_request\" | \"note\"\n- target + iid from URL:\n  - `/-/issues/<n>` \u2192 target=\"issue\", iid=<n>\n  - `/-/merge_requests/<n>` \u2192 target=\"mr\", iid=<n>\n- note_id if present (`#note_<id>`)\n- description/body text, state, author `user_username`, timestamps\n- project id/path; detect default branch via `get_merge_request`/context as needed\n- If available: the discussion id / thread context of the note to enable inline replies.\n";
+  return "\n## Self-Parse Raw Payload\nFrom `event_json`, extract:\n- kind: \"issue\" | \"merge_request\" | \"note\"\n- iid from URL (/issues/<n>, /merge_requests/<n>)\n- note_id if present (#note_<id>)\n- description/body, state, author, timestamps\n- project id/path\n- discussion id if available for inline replies\n";
 };
-/* Helper used by Single-Runner Guard and Review-on-Demand to find the MR’s own pipeline */
+/* Resolve MR pipeline from MR IID */
 var resolveMrPipeline = function () {
-  return "\n## Resolve MR Pipeline (for MR IID resolved from the event)\nGiven `mr_iid`:\n1) Call `get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid: mr_iid })` to obtain:\n   - `sourceBranch` (required)\n   - `sha` or head SHA (if available)\n2) Prefer **SHA-based** lookup:\n   - `list_pipelines({ projectId: $CI_PROJECT_ID, sha })` ordered by most recent; pick the newest.\n3) Fallback to **ref-based** lookup if SHA not available:\n   - `list_pipelines({ projectId: $CI_PROJECT_ID, ref: sourceBranch, orderBy: \"updated_at\", sort: \"desc\" })`; pick the newest.\n4) The chosen pipeline becomes `mr_pipeline_id`. Use it for all job queries/plays/cancels related to this MR.\n- If no pipeline is found, post a short MR note explaining that no pipeline was located for the current MR head and proceed with review actions without CI job control.\n";
+  return "\n## Resolve MR Pipeline\n1) get_merge_request({ projectId, mergeRequestIid }) \u2192 sourceBranch, sha\n2) Prefer: list_pipelines({ projectId, sha })\n3) Else: list_pipelines({ projectId, ref: sourceBranch, orderBy: \"updated_at\", sort: \"desc\" })\n4) Pick newest \u2192 mr_pipeline_id\n";
 };
+/* Guard against double agent-review jobs */
 var singleRunnerGuard = function () {
-  return "\n## Single-Runner Guard (event-triggered work on an existing MR)\nBefore entering MR Review Mode from an event:\n\n- **Goal:** Avoid two agents working the same MR. If a **running or pending** CI job whose name **ends with \"agent-review\"** is active for this MR's pipeline, **cancel** it first.\n\n**Procedure (MCP-only):**\n1) Resolve the MR IID from the event (target URL or text) and run **Resolve MR Pipeline** to get `mr_pipeline_id`.\n2) If `mr_pipeline_id` is available:\n   - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n   - For any job with `status` in `[\"running\",\"pending\"]` and `name` ending with `\"agent-review\"`, call:\n     - `cancel_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n   - Proceed immediately after issuing cancellations (do not wait).\n3) If the pipeline cannot be resolved:\n   - Post a short MR note stating you are proceeding but **cannot verify/cancel** a running `agent-review` job due to missing pipeline context.\n   - Proceed with review.\n\n**Notes:**\n- Keep this guard **idempotent** (safe to run multiple times).\n- Only applies to **event-triggered** flows that act on an **existing MR**.\n";
+  return "\n## Single-Runner Guard\n- If mr_pipeline_id available:\n  - list_pipeline_jobs({ projectId, pipelineId: mr_pipeline_id })\n  - cancel_pipeline_job on any running/pending job ending with \"agent-review\"\n- If not available, note limitation and proceed\n";
 };
+/* If user asks for review from an event, try manual agent-review job first on the MR's pipeline */
 var reviewOnDemandFromEvents = function () {
-  return "\n## Review-on-Demand (from events)\nIf the issue/note text **asks for a review** (case-insensitive tokens like: \"review\", \"please review\", \"PTAL\", \"needs review\", \"can you look at\", \"LGTM?\"), then:\n\n1) **Resolve which MR to review**:\n   - If the event target is an MR \u2192 use its `iid`.\n   - Else, parse the text for MR references in order:\n     - `!<iid>` (e.g., `!123`)\n     - `/-/merge_requests/<iid>` in a path or URL\n     - full GitLab MR URL\n   - If no MR can be resolved, reply with a brief comment asking the user to reference an MR (sanitize) and **stop**.\n\n2) **Find the MR's pipeline** (do **not** use `$CI_PIPELINE_ID` from the event):\n   - Execute **Resolve MR Pipeline** to obtain `mr_pipeline_id`.\n\n3) **If a manual \"agent-review\" job exists on the MR pipeline, trigger it**\n   - If `mr_pipeline_id` is available:\n     - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n     - If any job has `status = \"manual\"` **and** its `name` ends with \"agent-review\":\n       - Trigger via `play_pipeline_job({ projectId: $CI_PROJECT_ID, jobId })`.\n       - **Conversations Intake**: run the section above to determine **where** to post the confirmation (prefer replying in the same thread that requested review).\n       - Post a short comment confirming you triggered the review job (sanitize).\n       - **Stop** further review actions.\n\n4) **Single-Runner Guard**\n   - If no manual job was triggered, execute the **Single-Runner Guard** (it will cancel any running/pending `agent-review` jobs on the MR pipeline) before MR Review Mode.\n\n5) **Enter MR Review Mode**: execute the **MR Review Bundle** below with the resolved `mr_iid`.\n";
+  return "\n## Review-on-Demand\nIf the text asks for a review (\"review\", \"please review\", \"PTAL\", \"needs review\", \"can you look at\", \"LGTM?\"):\n1) Resolve MR IID (from target or text).\n2) Resolve MR pipeline (do NOT use the event pipeline).\n3) If a manual \"agent-review\" job exists, play it \u2192 confirm in-thread \u2192 STOP.\n4) Else run Single-Runner Guard, then enter MR Review Mode.\n";
 };
-/** Regular event workflow for non-review work */
+/* ---------- Event workflow ---------- */
 var eventWorkflow = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## High-Reliability Workflow (sequence + postconditions)\nFollow this order for any change work:\n\n0) **Conversations Intake (MANDATORY)**:\n   - For MR targets: call `mr_discussions` and apply the rules in **Conversations Intake & Threading**.\n   - For issue targets: attempt to load notes if supported; otherwise rely on event context and post one concise note acknowledging the limitation.\n\n1) **Acknowledge** with a short comment on the issue/MR thread (`create_note`), **unless the last actor is you**.\n2) **Discover default branch** (e.g., \"main\") \u2014 infer from repo/MR context if needed.\n3) **Create a working branch** from default (stable name, e.g., `fix/issue-<iid>-<slug>` or `feat/issue-<iid>-<slug>`) via `create_branch`.\n4) **Write changes \u2192 commit \u2192 push to remote branch** via `push_files` (or `create_or_update_file`).\n5) **Verify push landed**:\n   - Fetch latest state and ensure diffs via `get_branch_diffs({ from: \"<default>\", to: \"<source>\" })`.\n6) **Create or update MR** ONLY if there is a non-empty diff via `create_merge_request`.\n   - Include `Closes #<issue_iid>` in MR description when applicable.\n   - **Assign the MR to yourself**: `assigneeUsernames: [\"".concat(agentUserName, "\"]`.\n7) **Follow-up comment** with branch name, any commit short SHA you can obtain, files changed count (approx by diffs), and MR link via `create_note`, **unless the last actor is you**. Place this **in the relevant conversation thread** (see Intake rules).\n8) **If verification fails**:\n   - Do NOT create the MR.\n   - Comment the exact failure and retry once with a fresh branch name. If still failing, comment and stop.\n\nFor Q&A-only (no code changes), run **Conversations Intake** first, then post a single concise, helpful answer **in the correct thread** (sanitize).\n");
+  return "\n## Event Workflow\n0) Conversations Intake first\n1) Acknowledge with note (unless last actor is you)\n2) Default branch: use `$CI_DEFAULT_BRANCH`\n3) Create branch from `$CI_DEFAULT_BRANCH`:\n   create_branch({ projectId: $CI_PROJECT_ID, branchName: \"<source_branch>\", ref: $CI_DEFAULT_BRANCH })\n4) Write changes \u2192 commit \u2192 push:\n   push_files({ projectId: $CI_PROJECT_ID, branch: \"<source_branch>\", commitMessage, files })\n5) Verify:\n   get_branch_diffs({ projectId: $CI_PROJECT_ID, from: $CI_DEFAULT_BRANCH, to: \"<source_branch>\" })\n   - Require non-empty diffs\n6) Create MR (if diffs exist):\n   create_merge_request({\n     projectId: $CI_PROJECT_ID,\n     sourceBranch: \"<source_branch>\",\n     targetBranch: $CI_DEFAULT_BRANCH,\n     title,\n     description,  // include \"Closes #<issue_iid>\" when applicable\n     assigneeUsernames: [\"".concat(agentUserName, "\"]\n   })\n7) Follow-up note (in correct thread) with branch, short SHA if available, files-changed count, and MR link (unless last actor is you)\n8) If verification fails: comment error and STOP\n\n## Stdout Summary (Event)\nPrint a plain-text summary with:\n- action: \"event\"\n- source_branch\n- target_branch: $CI_DEFAULT_BRANCH\n- diff_count (from get_branch_diffs)\n- mr_iid and/or mr_url if created\n- any note ids created/updated\n- any limitations encountered (e.g., missing discussions tool)\n");
 };
-/* ---------- MR-review specific (shared with both prompts) ---------- */
+/* ---------- MR-specific ---------- */
 var mrScope = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## Identity & Scope\n- Your GitLab username is \"".concat(agentUserName, "\".\n- This prompt runs in the context of ONE MR.\n- You may review, comment, and push updates **to the MR's source branch**.\n- You must **never merge** the MR yourself.\n");
+  return "\n## MR Scope\n- You are reviewing a single MR\n- Never merge the MR yourself\n- Work only on the MR's source branch\n";
 };
 var mrWorkflow = function () {
-  return "\n## High-Reliability Review Workflow\nFollow this sequence with verification at each step:\n\n1) **Collect context**\n   - Get MR metadata via `get_merge_request({ projectId: $CI_PROJECT_ID, mergeRequestIid })`.\n   - Fetch the full changeset/diffs via `get_merge_request_diffs` (or `list_merge_request_diffs`) and open discussions via `mr_discussions`.\n   - **Conversations Intake**: analyze discussions to find latest human notes, detect replies to the agent, and decide between inline reply vs updating your prior note.\n\n2) **Code review**\n   - Identify required changes (bugs, tests, style, security, perf, docs).\n   - Always **post your review comments first** using `create_merge_request_note` (ack + concrete notes). Sanitize before sending.\n   - Set an internal intent flag:\n     - `will_push_changes = true` if you will modify code/config.\n     - `will_push_changes = false` if it\u2019s commentary-only.\n\n3) **Implement changes after review is posted (only if `will_push_changes = true`)**\n   - If needed, create the working branch from the target/default (or use existing MR source branch).\n   - Apply minimal, safe changes; keep commits small and clear.\n   - **Push** to the MR's **source branch** via `push_files` (or `create_or_update_file`).\n   - **Verify push landed** using `get_branch_diffs({ from: \"<target_branch>\", to: \"<source_branch>\" })` and ensure there are diffs.\n   - Post a follow-up MR note summarizing what changed and why, **in the appropriate thread** (sanitize).\n";
+  return "\n## MR Workflow\n1) get_merge_request + get_merge_request_diffs + mr_discussions\n2) Conversations Intake\n3) Post review comments first via create_merge_request_note (sanitize)\n4) If will_push_changes = true:\n   - push_files to source branch\n   - verify with get_branch_diffs({ from: targetBranch || $CI_DEFAULT_BRANCH, to: sourceBranch })\n   - follow-up note summarizing changes in the right thread (sanitize)\n\n## Stdout Summary (MR)\nPrint a plain-text summary with:\n- action: \"mr\"\n- mr_iid\n- source_branch and target_branch (fallback to $CI_DEFAULT_BRANCH)\n- will_push_changes: true|false\n- diff_count (post-push, if applicable)\n- discussions: number of notes added/updated\n- ci: whether mr_pipeline_id was resolved\n- blocking_failed_jobs (names+stages) if inspected\n";
 };
+/* ---------- CI Inspection (shared) ---------- */
 var ciInspection = function () {
-  return "\n4) **CI jobs (diagnose only; no job retries)**\n   - Prefer the **MR pipeline** (not the event pipeline).\n   - If you have `mr_pipeline_id` (from **Resolve MR Pipeline**):\n     - `list_pipeline_jobs({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id })`.\n     - Consider **only** jobs with `status = \"failed\"` and `allow_failure = false`.\n     - For each such job:\n       1. Retrieve details (id, name, stage, status, allow_failure, web_url).\n       2. Fetch job output via `get_pipeline_job_output({ projectId: $CI_PROJECT_ID, pipelineId: mr_pipeline_id, jobId })`.\n       3. **Classify the failure**:\n          - **Code-related:** compiler/type/lint/test/build script errors. Provide minimal fix in your review/changes. Do **not** retry.\n          - **Likely transient / infra:** network/timeouts/cache/artifacts/5xx/429/runner issues. Do **not** retry here; note likely cause and suggest CI-level retry/backoff if appropriate.\n       4. **Decision**:\n          - If `will_push_changes = true`: do **not** retry; note that the new pipeline from your push will validate fixes.\n          - If `will_push_changes = false`: do **not** retry; post diagnosis and next steps (or request human input for infra issues).\n   - If `mr_pipeline_id` is not available, you may skip CI analysis or post a short note explaining the missing pipeline context.\n";
+  return "\n## CI Inspection (diagnose only)\n- Use mr_pipeline_id if available\n- list_pipeline_jobs \u2192 for each failed + allow_failure=false:\n  - get_pipeline_job_output\n  - classify: code vs infra\n  - Do not retry; only report diagnosis in a note\n- If no mr_pipeline_id, note limitation\n";
 };
 var outputDisciplineMR = function (_a) {
   var agentUserName = _a.agentUserName;
-  return "\n## Output Discipline (MR)\n- Output only `gitlab-mcp` tool calls and the final plain-text summary.\n- Do **not** merge the MR yourself under any circumstance.\n- Never include \"@".concat(agentUserName, "\" in any body.\n");
+  return "\n## Output Discipline (MR)\n- Only gitlab-mcp calls + final summary\n- Never merge MR\n- Never mention \"@".concat(agentUserName, "\"\n");
 };
-/* ---------- Shared bundle for MR review ---------- */
+/* ---------- MR Review Bundle ---------- */
 var mrReviewBundle = function (ctx) {
-  return "\n## MR Review Mode (execute ONLY when review intent is detected and an MR IID is resolved)\nResolved MR IID: <set this to the resolved `mr_iid` before executing>\n".concat(mrScope(ctx), "\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n");
+  return "\n## MR Review Mode\n".concat(mrScope(ctx), "\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n");
 };
 /* ---------- Public builders ---------- */
 var getEventPrompt = function (ctx) {
-  return "\nYou are a GitLab assistant bot. You receive ONE raw GitLab webhook JSON payload.\n\n".concat(header(), "\n---\nevent_json:\n$(cat $TRIGGER_PAYLOAD)\n---\n\n").concat(identity(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "     <!-- NEW: mandatory before acting -->\n").concat(eventSelfParse(), "\n").concat(resolveMrPipeline(), "           <!-- used by review/cancel paths -->\n").concat(singleRunnerGuard(), "           <!-- operates on MR pipeline, not event pipeline -->\n").concat(reviewOnDemandFromEvents(), "\n").concat(mrReviewBundle(ctx), "           <!-- agent can execute when review intent is true -->\n").concat(eventWorkflow(ctx), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDiscipline(ctx), "\n");
+  return "\nYou are a GitLab assistant bot. You receive ONE raw GitLab webhook JSON payload.\n\n".concat(header(), "\n---\nevent_json:\n$(cat $TRIGGER_PAYLOAD)\n---\n\n").concat(identity(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "\n").concat(eventSelfParse(), "\n").concat(resolveMrPipeline(), "\n").concat(singleRunnerGuard(), "\n").concat(reviewOnDemandFromEvents(), "\n").concat(mrReviewBundle(ctx), "\n").concat(eventWorkflow(ctx), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDiscipline(ctx), "\n");
 };
 exports.getEventPrompt = getEventPrompt;
 var getMergeRequestPrompt = function (ctx) {
-  return "\nYou are a GitLab assistant bot reviewing and updating a single Merge Request (MR).\n\n".concat(header(), "\n---\nmerge_request_iid: $CI_MERGE_REQUEST_IID\ntitle: $CI_MERGE_REQUEST_TITLE\ndescription: $CI_MERGE_REQUEST_DESCRIPTION\n---\n\n").concat(mrScope(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "     <!-- NEW: always read MR discussions -->\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDisciplineMR(ctx), "\n");
+  return "\nYou are a GitLab assistant bot reviewing and updating a single Merge Request (MR).\n\n".concat(header(), "\n---\nmerge_request_iid: $CI_MERGE_REQUEST_IID\ntitle: $CI_MERGE_REQUEST_TITLE\ndescription: $CI_MERGE_REQUEST_DESCRIPTION\n---\n\n").concat(mrScope(ctx), "\n").concat(goldenRules(ctx), "\n").concat(selfMentionGuard(ctx), "\n").concat(conversationsIntake(ctx), "\n").concat(mrWorkflow(), "\n").concat(ciInspection(), "\n").concat(commentGuidelines(), "\n").concat(mcpOnly(), "\n").concat(outputDisciplineMR(ctx), "\n");
 };
 exports.getMergeRequestPrompt = getMergeRequestPrompt;

package/dist/pipeline/agent/shared.js

@@ -31,6 +31,6 @@ var callClaude = function (_a) {
   var prompt = _a.prompt;
   return ["export PROMPT=\"".concat((0, bashEscape_1.escapeNewlines)((0, bashEscape_1.escapeDoubleQuotes)((0, bashEscape_1.escapeBackTicks)(prompt))), "\""),
   //'echo "$PROMPT"',
-  "claude -p \"$PROMPT\" --permission-mode acceptEdits --allowedTools \"Bash(*) Bash(git checkout:*) Read(*) Edit(*) Write(*) mcp__gitlab\" --verbose --debug"];
+  "claude -p \"$PROMPT\" --permission-mode acceptEdits --allowedTools \"Bash Read(*) Edit(*) Write(*) mcp__gitlab\" --verbose --debug"];
 };
 exports.callClaude = callClaude;