npm - @clipboard-health/groundcrew - Versions diffs - 4.0.0 → 4.0.2 - Mend

@clipboard-health/groundcrew 4.0.0 → 4.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +246 -308
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +11 -25
package/dist/commands/doctor.d.ts +1 -6
package/dist/commands/doctor.d.ts.map +1 -1
package/dist/commands/doctor.js +24 -37
package/dist/commands/interruptWorkspace.js +1 -1
package/dist/commands/status.d.ts +7 -0
package/dist/commands/status.d.ts.map +1 -0
package/dist/commands/status.js +178 -0
package/dist/index.d.ts +1 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -1
package/dist/lib/util.d.ts +3 -2
package/dist/lib/util.d.ts.map +1 -1
package/dist/lib/util.js +18 -2
package/package.json +2 -2
package/dist/commands/ticketCheck.d.ts +0 -22
package/dist/commands/ticketCheck.d.ts.map +0 -1
package/dist/commands/ticketCheck.js +0 -23
package/dist/commands/ticketDoctor.d.ts +0 -223
package/dist/commands/ticketDoctor.d.ts.map +0 -1
package/dist/commands/ticketDoctor.js +0 -1134

package/README.md CHANGED Viewed

@@ -17,24 +17,31 @@
 </p>
 ```text
-$ crew doctor --ticket HRD-446
-groundcrew doctor --ticket HRD-446 (Add retry logic to the sync job)
-────────────────────────────────────────────────────────────────────
-Resolution
-  [ok] Ticket exists in Linear ("Add retry logic to the sync job")
-  [ok] Status is Todo
-  [ok] Has agent-* label (agent-claude)
-  [ok] Model resolves from agent-* label (model "claude")
-  [ok] Description mentions known repo (owner/repo)
-  [ok] Resolved repo is cloned locally (/dev/workspaces/owner/repo)
-Eligibility
-  [ok] No active blockers
-  [ok] Model "claude" usage under sessionLimitPercentage (12% (limit 85%))
-  [ok] In-progress cap not hit (2/4 used)
-→ would be dispatched on next tick
+$ crew status HRD-446
+groundcrew status HRD-446
+========================
+ticket: hrd-446
+Config snapshot
+---------------
+projectDir: /dev/workspaces
+repositories: owner/repo
+git: remote=origin; defaultBranch=main
+workspaceKind: auto
+Worktree state
+--------------
+- owner/repo host
+  branch: rocky-hrd-446
+  git: dirty (2 modified, 1 untracked)
+Workspace probe
+---------------
+live: yes
+Last Linear status
+------------------
+In Progress (state.type=started) — Add retry logic to the sync job
 ```
 ## Why
@@ -42,92 +49,106 @@ Eligibility
 - **Linear-native.** Polls issues assigned to the API key's viewer with `agent-*` labels, honors blockers.
 - **One worktree per ticket.** Agents work in parallel without stepping on each other.
 - **Local-first sandboxing.** Safehouse on macOS, Docker Sandboxes on Linux, or an explicit `none` escape hatch.
-- **Multi-agent.** Ships with `claude` and `codex`; bring your own CLI by dropping a definition into `crew.config.ts`.
-## Install
-```bash
-npm install -g @clipboard-health/groundcrew
-```
-Installs the `crew` binary. `@clipboard-health/clearance` is pulled in transitively and provides the `clearance` / `clearance-ensure` bins used by Safehouse runs.
+- **Multi-agent.** Ships with `claude` and `codex`; bring your own CLI via `crew.config.ts`.
 ## Quickstart
-1. **Install prereqs.** Node 24, `git`, `cmux` _or_ `tmux`, and the agent CLIs themselves (`claude`, `codex`, `cursor-agent`, …). Optional: `codexbar` for session-usage gating.
-2. **Pick an isolation runner.** See [Runners](#runners) — `auto` resolves to `safehouse` on macOS and `sdx` on Linux/WSL.
-3. **Prepare tickets in Linear.** Assign tickets to yourself and add an `agent-*` label. Groundcrew picks them up across all visible teams and projects.
-4. **Configure.** Create a `crew.config.ts` you can edit:
+```bash
+# 1. Install Node ≥ 24, git, cmux or tmux, and the agent CLIs you'll use (claude, codex, ...).
-   ```bash
-   # Write into the current folder:
-   crew init && $EDITOR crew.config.ts
+# 2. Install groundcrew
+npm install -g @clipboard-health/groundcrew
-   # ...or into the XDG config dir:
-   crew init --global && $EDITOR "${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/crew.config.ts"
-   ```
+# 3. Scaffold a config and edit workspace.projectDir + workspace.knownRepositories
+crew init && $EDITOR crew.config.ts
-   `crew init` refuses to overwrite an existing config; pass `--force` to replace it, or `--dry-run` to preview the destination path.
+# 4. Clone the repos referenced in your config
+crew setup repos
-   `crew` discovers the config via cosmiconfig project-walk, so dropping it at the root of any repo you run `crew` from works too. Any of `crew.config.{ts,mjs,js,json}`, `.crewrc{,.json,.ts}`, `.config/crew.config.{ts,json}`, or `.config/crewrc{,.json}` are recognized.
+# 5. Export your Linear API key
+export GROUNDCREW_LINEAR_API_KEY="lin_api_..."
-   Set `workspace.projectDir` and `workspace.knownRepositories`. Defaults cover everything else. There is no `linear` config block — groundcrew picks up every Linear issue assigned to your API key's viewer that carries an `agent-*` label, across every project and team you can see, governed by a single `orchestrator.maximumInProgress` budget.
+# 6. Verify setup, then dispatch
+crew doctor
+crew run --watch
+```
-   Then clone each repo before the first `crew run` — groundcrew creates per-ticket worktrees from these clones, it does not auto-clone:
+In Linear, assign tickets to yourself and add an `agent-*` label (`agent-claude`, `agent-codex`, or `agent-any`). Groundcrew picks them up across every team and project your API key can see.
-   ```bash
-   crew setup repos              # clone all missing entries via gh
-   crew setup repos --dry-run    # preview
-   crew setup repos owner/repo   # restrict to one entry
-   ```
+`crew init --global` writes the config into `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/` instead of the cwd. Both forms refuse to overwrite — pass `--force` to replace, `--dry-run` to preview.
-   `crew setup repos` is idempotent; already-cloned repos report `[exists]`. Bare-name entries (no `owner/`) are skipped — clone them manually into `<projectDir>/<name>`.
+## Commands
-5. **Export a Linear API key.** `crew` reads `GROUNDCREW_LINEAR_API_KEY` first, then falls back to `LINEAR_API_KEY`.
+```bash
+crew init [--global | --local] [--force] [--dry-run]     # create a crew.config.ts
+crew doctor                                              # check setup
+crew status [<TICKET>]                                   # inspect current state or one ticket
+crew run                                                 # one-shot dispatch
+crew run --watch                                         # poll forever
+crew run --ticket <TICKET>                               # dispatch one ticket
+crew setup repos [<repo>...] [--dry-run]                 # clone known repos via gh
+crew interrupt <TICKET> [--reason <text>]                # stop workspace, keep worktree
+crew resume <TICKET>                                     # reopen a paused ticket
+crew cleanup <TICKET>                                    # tear down every worktree for a ticket
+```
-   ```bash
-   export GROUNDCREW_LINEAR_API_KEY="lin_api_..."
-   ```
+## Configuration
-   <details>
-   <summary>Using 1Password (<code>op</code>) for the key</summary>
+Two keys are required; everything else has a default.
-   ```bash
-   echo "GROUNDCREW_LINEAR_API_KEY='op://<vault>/LINEAR_API_KEY/credential'" > .env.1password
-   op run --env-file .env.1password -- crew doctor
-   ```
+| Key                           | What                                                                   |
+| ----------------------------- | ---------------------------------------------------------------------- |
+| `workspace.projectDir`        | Parent dir for cloned repos and sibling ticket worktrees.              |
+| `workspace.knownRepositories` | Repos searched for in ticket descriptions to infer where work belongs. |
-   </details>
+The branch prefix (`<prefix>-<TICKET>`) is derived from `os.userInfo().username` and isn't configurable. There is no `linear` config block — groundcrew picks up every issue assigned to your API key's viewer that carries an `agent-*` label across every visible team and project, governed by a single `orchestrator.maximumInProgress` budget.
-6. **Run.**
+<details>
+<summary>Agent label routing</summary>
-   ```bash
-   crew doctor                    # check setup
-   crew run --dry-run             # preview without provisioning
-   crew run --watch               # poll forever
-   ```
+- `agent-claude`, `agent-codex`, `agent-<name>` → that model.
+- `agent-any` → the model with the most available session capacity.
+- Unknown `agent-<name>` → falls back to `models.default` with a warning.
+- No `agent-*` label → ignored by `crew run`. Dispatch on demand with `crew run --ticket <TICKET>` (also falls back to `models.default`).
+- Todo tickets blocked by non-terminal blockers are skipped until their blockers reach a terminal status.
-## Secrets
+Status classification uses Linear's workflow `state.type` (`unstarted`, `started`, `completed`, `canceled`, `duplicate`), so renamed status columns work without configuration. Parent issues with children are ignored — sub-issues are the work items.
-Groundcrew forwards a small allowlist of build-time secrets from your shell into the setup phase (so `npm install` can authenticate against private registries) and then strips them before the agent runs. The agent process never inherits these values in its environment.
+</details>
-**Recognized names.** Defined in [`BUILD_SECRET_NAMES`](./src/lib/buildSecrets.ts):
+<details>
+<summary>Config discovery</summary>
-- `NPM_TOKEN`
-- `BUF_TOKEN`
+Resolution order: `GROUNDCREW_CONFIG` → cosmiconfig project-walk from cwd (any of `crew.config.{ts,mjs,js,json}`, `.crewrc{,.json,.ts}`, `.config/crew.config.{ts,json}`, `.config/crewrc{,.json}`) → `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/crew.config.ts` (legacy `config.ts` accepted for one release). The "Loaded config from …" line at startup tells you which won.
-Set them in the shell you run `crew` from. Anything not in this list is ignored by the secret-shuttling path.
+</details>
-**Flow.** For each ticket:
+<details>
+<summary>Full configuration reference</summary>
-1. If any recognized var is set and non-empty, groundcrew writes `secrets.env` (mode `0600`) into the ticket's temp prompt dir as `KEY='value'` lines — see `stageBuildSecrets` in [`src/commands/setupWorkspace.ts`](./src/commands/setupWorkspace.ts).
-2. The launch script sources `secrets.env` with `set -a` so the values are exported into the setup phase only (and under `sdx`, forwarded into the sandbox via `-e KEY` flags).
-3. After setup completes, the script `unset`s every name in `BUILD_SECRET_NAMES` and then `rm -rf`s the entire prompt dir (including `secrets.env`) before `exec`'ing the agent. See `sourceSecretsLine` / `unsetSecretsLine` and the `rm -rf` / `exec` lines in [`src/lib/launchCommand.ts`](./src/lib/launchCommand.ts). The rollback path on setup failure ([`src/commands/setupWorkspace.ts`](./src/commands/setupWorkspace.ts)) wipes the prompt dir too.
+| Key                                     | Default             | What it does                                                                                                                                                                                                                                                                                                                                                            |
+| --------------------------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `sources`                               | `[]`                | Additional pluggable ticket sources. Extra sources are verified at startup; the built-in Linear adapter remains the dispatch read path until the canonical consumer refactor. Built-in kinds: `shell`, `linear`.                                                                                                                                                        |
+| `git.remote`                            | `"origin"`          | Remote used for `fetch` and as the worktree base ref.                                                                                                                                                                                                                                                                                                                   |
+| `git.defaultBranch`                     | `"main"`            | Branch fetched from `git.remote` and used as the worktree base.                                                                                                                                                                                                                                                                                                         |
+| `workspace.projectDir`                  | **required**        | Parent dir for cloned repos and sibling ticket worktrees.                                                                                                                                                                                                                                                                                                               |
+| `workspace.knownRepositories`           | **required**        | Repos searched for in ticket descriptions to infer where work belongs. A ticket labeled for groundcrew (`agent-*`) fails fast when no known repo appears; unlabeled tickets are ignored.                                                                                                                                                                                |
+| `orchestrator.maximumInProgress`        | `4`                 | Cap on in-progress tickets at once for this `crew` instance.                                                                                                                                                                                                                                                                                                            |
+| `orchestrator.pollIntervalMilliseconds` | `120_000`           | Poll interval in `--watch` mode.                                                                                                                                                                                                                                                                                                                                        |
+| `orchestrator.sessionLimitPercentage`   | `85`                | Number in `(0, 100]`. A model whose codexbar session window exceeds this percentage is skipped that tick.                                                                                                                                                                                                                                                               |
+| `models.default`                        | `"claude"`          | Tiebreak for `agent-any` resolution and fallback for explicit but unknown `agent-*` labels. Also used by `crew run --ticket <TICKET>` for unlabeled tickets. `crew run` without `--ticket` ignores unlabeled tickets and does not apply this default. Must exist in `models.definitions`.                                                                               |
+| `models.definitions`                    | `{ claude, codex }` | Agent definitions. Additive merge with shipped defaults.                                                                                                                                                                                                                                                                                                                |
+| `models.definitions.<name>.cmd`         | —                   | Shell command launched for the model. Runs in the worktree through the resolved `local.runner`. `{{worktree}}` is replaced before launch; `{{sandbox}}` expands to the sbx sandbox name under the sdx runner and an empty string otherwise.                                                                                                                             |
+| `models.definitions.<name>.color`       | —                   | Color for the workspace status pill (cmux only; tmux silently drops it).                                                                                                                                                                                                                                                                                                |
+| `models.definitions.<name>.usage`       | optional            | If set, codexbar usage is fetched for this model and gated by `sessionLimitPercentage`. Falls back to default when unset, with gating enabled for known models. When `usage.codexbar.source` is omitted, groundcrew uses `oauth` for Codex/Claude on macOS, `auto` for other macOS providers, and `cli` elsewhere. Set to `{ disabled: true }` to disable usage gating. |
+| `models.definitions.<name>.sandbox`     | optional            | Docker Sandboxes binding for the model. Required at launch when `local.runner` resolves to `sdx`. Fields: `agent` (required sbx agent name), `template`, `kits`, `setupCommand` (override for the inside-sandbox setup script).                                                                                                                                         |
+| `models.definitions.<name>.disabled`    | optional            | When set to exactly `true`, drops the named shipped default (`claude` or `codex`). Doctor skips probing it; `agent-<name>` labels fall back to `models.default` with a warning.                                                                                                                                                                                         |
+| `prompts.initial`                       | unattended template | First message sent to the agent. Placeholders: `{{ticket}}`, `{{worktree}}`, `{{title}}`, `{{description}}`. Override this from `crew.config.ts` for team-specific statuses, tools, plugins, or review loops.                                                                                                                                                           |
+| `workspaceKind`                         | `"auto"`            | Terminal session manager. `"auto"` picks `cmux` when on PATH, else `tmux`. Set to `"cmux"` or `"tmux"` to fail loudly when the chosen backend is missing.                                                                                                                                                                                                               |
+| `local.runner`                          | `"auto"`            | Local isolation backend. `"auto"` → `safehouse` on macOS, `sdx` on Linux/WSL. Explicit: `"safehouse"`, `"sdx"`, `"none"`. `"none"` is never picked implicitly.                                                                                                                                                                                                          |
+| `logging.file`                          | XDG state path      | Append-mode log file. `log()` / `logEvent()` tee here in addition to stdout. Defaults to `${XDG_STATE_HOME:-$HOME/.local/state}/groundcrew/groundcrew.log`.                                                                                                                                                                                                             |
-Net effect: by the time the agent process exists, the values are gone from the environment and the file is gone from disk.
+</details>
 ## Runners
@@ -139,8 +160,6 @@ Net effect: by the time the agent process exists, the values are gone from the e
 | `sdx`       | Linux / WSL | [Docker Sandboxes](https://docs.docker.com/sandboxes/) (`sbx`) — required when the agent needs `docker`. |
 | `none`      | —           | Unsandboxed escape hatch. Never picked implicitly; doctor warns when configured.                         |
-For `sdx`: each model that runs under it needs a `sandbox: { agent: "<sbx-agent>" }` block in `crew.config.ts`. Groundcrew names sandboxes `groundcrew-<agent>` (e.g. `groundcrew-claude`) and reuses one sandbox per agent across repos and tickets. First-time agent auth happens inside the sandbox the first time it launches. To bootstrap manually instead, run `sbx create --name groundcrew-<agent> <agent> <projectDir>` once.
 <details>
 <summary>Safehouse clearance allowlist</summary>
@@ -160,24 +179,152 @@ crew run --watch
 Watch `${XDG_CACHE_HOME:-$HOME/.cache}/clearance/clearance.log` for `DENY` lines and add only the domains your agents actually need.
+`@clipboard-health/clearance` is pulled in transitively when you install groundcrew and provides the `clearance` / `clearance-ensure` bins used by Safehouse runs.
 </details>
-## Configuration
+<details>
+<summary>Docker Sandboxes (sdx) setup</summary>
-Two keys are required; everything else has a default.
+Each model that runs under `sdx` needs a `sandbox: { agent: "<sbx-agent>" }` block in `crew.config.ts`. Groundcrew names sandboxes `groundcrew-<agent>` (e.g. `groundcrew-claude`) and reuses one sandbox per agent across repos and tickets. First-time agent auth happens inside the sandbox the first time it launches. To bootstrap manually instead, run `sbx create --name groundcrew-<agent> <agent> <projectDir>` once.
-| Key                           | What                                                                   |
-| ----------------------------- | ---------------------------------------------------------------------- |
-| `workspace.projectDir`        | Parent dir for cloned repos and sibling ticket worktrees.              |
-| `workspace.knownRepositories` | Repos searched for in ticket descriptions to infer where work belongs. |
+Groundcrew auto-creates sandboxes when missing but never deletes them — they persist across tickets and `crew cleanup`. Auth state lives inside the sandbox, so deleting it forces a re-login. Manage with `sbx ls` / `sbx rm`.
-There is **no** `linear` config block. Groundcrew's built-in Linear adapter picks up every Linear issue assigned to your API key's viewer that carries an `agent-*` label — across every project and team you can see. State classification is driven by Linear's workflow `state.type` (`unstarted` → todo, `started` → in progress, `completed`/`canceled`/`duplicate` → terminal), so renamed status columns Just Work without any per-team configuration.
+</details>
-`crew` resolves config as: `GROUNDCREW_CONFIG` if set → project-walk from cwd (cosmiconfig: `crew.config.{ts,mjs,js,json}`, `.crewrc{,.json,.ts}`, `.config/crew.config.{ts,json}`, `.config/crewrc{,.json}`) → `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/crew.config.ts` (also accepts legacy `config.ts` for one release). The branch prefix (`<prefix>-<TICKET>`) is derived from `os.userInfo().username` — not configurable.
+## Inspecting status
-Agent selection uses Linear labels: `agent-claude`, `agent-codex`, `agent-<name>`. `crew run` without `--ticket` only fetches tickets carrying an `agent-*` label AND assigned to the API key's viewer — the GraphQL query filters server-side, so unlabeled or unassigned tickets are never returned by Linear and do not appear on the board. Use `crew run --ticket <TICKET>` to provision an unlabeled ticket on demand (falls back to `models.default`). `agent-any` routes to the model with the most available session capacity. Todo tickets blocked by non-terminal blockers are skipped until their blockers reach a terminal status.
+`crew status <TICKET>` prints a read-only snapshot for one ticket: resolved config, matching worktrees, workspace probe result, recorded run state, recent log lines for that ticket, and the latest Linear status. It does not fetch, recover, tear down, resume, or mutate any local/remote state.
-### Pluggable ticket sources
+`crew status` with no ticket prints the current inventory: known worktrees with workspace/run-state presence plus live workspaces reported by the configured backend.
+Use `crew cleanup <TICKET>` to tear down stale worktrees and `crew resume <TICKET>` to reopen preserved work. Status is intentionally informational only.
+## Doctor
+`crew doctor` checks host prerequisites only: config validity, Linear reachability, required binaries on PATH, workspace backend availability, workspace.projectDir, local runner capability, and enabled model commands.
+<details>
+<summary>Sample ticket status output</summary>
+```text
+groundcrew status HRD-442
+=========================
+ticket: hrd-442
+Run state
+---------
+running; model=claude; updated=2026-05-26T00:01:00.000Z; resumes=0
+Worktree
+--------
+- herds-social host
+  branch: paul-hrd-442
+  dir: /Users/paul/dev/groundcrew-workspaces/herds-social/herds-hrd-442
+  git: dirty (0 modified, 1 untracked)
+Workspace
+---------
+live: yes
+Last Linear status
+------------------
+In Progress (state.type=started) — Multi-event extractor: year inference can produce date_start > date_end
+```
+</details>
+### `crew interrupt <TICKET>`
+Stops a live workspace pane while preserving the ticket worktree and branch. The manual pause button for cases where you need terminal capacity back, want to stop an agent that's going in the wrong direction, or need to inspect the diff before letting another agent continue.
+```bash
+crew interrupt HRD-442 --reason "wrong implementation direction"
+crew status HRD-442
+crew resume HRD-442
+```
+The command closes the cmux/tmux workspace if present, records local run state, and never tears down the worktree. If the workspace was already gone but the worktree is still present, interrupt records that fact so status can show the preserved branch.
+### `crew resume <TICKET>`
+Reopens an existing ticket worktree with a continuation prompt. Resume never creates a new worktree; if none exists it fails and leaves re-dispatch to `crew run --ticket <ticket>`.
+The resume prompt tells the agent to inspect git status and diff before editing, includes the previous interrupt reason when recorded, and reuses the recorded model, repository, branch, runner, sandbox, and workspace backend. When no run-state file exists but a worktree does, resume falls back to Linear resolution for the model and ticket context.
+## Secrets
+Groundcrew forwards a small allowlist of build-time secrets from your shell into the setup phase (so `npm install` can authenticate against private registries) and strips them before the agent runs. The agent process never inherits these values.
+Recognized names, defined in [`BUILD_SECRET_NAMES`](./src/lib/buildSecrets.ts):
+- `NPM_TOKEN`
+- `BUF_TOKEN`
+Set them in the shell you run `crew` from. Anything not in this list is ignored.
+<details>
+<summary>How the secret shuttle works</summary>
+For each ticket:
+1. If any recognized var is set and non-empty, groundcrew writes `secrets.env` (mode `0600`) into the ticket's temp prompt dir as `KEY='value'` lines — see `stageBuildSecrets` in [`src/commands/setupWorkspace.ts`](./src/commands/setupWorkspace.ts).
+2. The launch script sources `secrets.env` with `set -a` so the values are exported into the setup phase only (and under `sdx`, forwarded into the sandbox via `-e KEY` flags).
+3. After setup completes, the script `unset`s every name in `BUILD_SECRET_NAMES` and then `rm -rf`s the entire prompt dir (including `secrets.env`) before `exec`'ing the agent. See `sourceSecretsLine` / `unsetSecretsLine` and the `rm -rf` / `exec` lines in [`src/lib/launchCommand.ts`](./src/lib/launchCommand.ts). The rollback path on setup failure ([`src/commands/setupWorkspace.ts`](./src/commands/setupWorkspace.ts)) wipes the prompt dir too.
+Net effect: by the time the agent process exists, the values are gone from the environment and the file is gone from disk.
+</details>
+## Per-repo setup hook
+If `.groundcrew/setup.sh` exists in the repo root, groundcrew runs `bash .groundcrew/setup.sh --deps-only` before each agent launch; otherwise nothing runs. Same convention applies inside the sdx sandbox (overridable per-model via `models.definitions.<name>.sandbox.setupCommand`). No implicit `npm install`, `uv sync`, or anything else — groundcrew is language-agnostic, so opt in by adding the script.
+The `--deps-only` flag tells the script "you're being called by an automated system before an agent launches — skip anything interactive or one-time-only." The same script handles both modes; branch on `$1`:
+- **With `--deps-only`**: do the cheap recurring work this worktree needs (lockfile install, generate types, etc.). No prompts, no global installs, no `nvm` / `pyenv` bootstrap.
+- **Without the flag**: full interactive bootstrap. Use this when an engineer runs the script by hand for first-time onboarding, or when wiring it into another tool's SessionStart hook.
+Setup failures are advisory — groundcrew logs the non-zero exit and still launches the agent so a flaky network or stale lockfile doesn't block the session.
+<details>
+<summary>Examples</summary>
+**Python (uv):**
+```bash
+#!/usr/bin/env bash
+set -euo pipefail
+if [ "${1:-}" = "--deps-only" ]; then
+  uv sync --dev
+else
+  uv sync --dev
+  # ... extra one-time bootstrap (e.g., pre-commit install, db seed) ...
+fi
+```
+**Node (npm):**
+```bash
+#!/usr/bin/env bash
+set -euo pipefail
+if [ "${1:-}" = "--deps-only" ]; then
+  npm clean-install
+else
+  npm clean-install
+  # ... extra one-time bootstrap (e.g., husky install, codegen, link local packages) ...
+fi
+```
+**Docs-only or polyglot repo with no install step:** omit the script. With nothing at `.groundcrew/setup.sh`, groundcrew skips the hook silently.
+For a comprehensive real-world example (nvm bootstrap, hash-based skip-on-no-changes caching, portable SHA-256 detection), see [this repo's own `.groundcrew/setup.sh`](./.groundcrew/setup.sh). It's also symlinked at `.claude/setup.sh` so the same script doubles as a Claude Code SessionStart hook for this repo — that symlink is local convenience, not part of groundcrew's contract.
+To scaffold `.groundcrew/setup.sh` with a coding agent (Claude Code, Cursor, etc.), see [docs/setup-hook-agent-prompt.md](./docs/setup-hook-agent-prompt.md) — it encodes the contract above as a copy-pasteable prompt.
+</details>
+## Pluggable ticket sources
 `sources` declares extra ticket-system adapters. The current release verifies configured extra sources during `crew run` startup; the dispatch loop still reads Linear directly through the built-in Linear adapter until the canonical consumer refactor lands. This lets you validate shell/Jira/local-plan integrations without changing existing Linear behavior.
@@ -224,7 +371,7 @@ export default {
 Allowed `status` values are `todo`, `in-progress`, `in-review`, `done`, and `other`. Use `null` for `repository` or `model` when a ticket should not be groundcrew-eligible. `hasMoreBlockers` is optional and defaults to `false`; `sourceRef` is opaque data that groundcrew passes back to your writeback command.
-### Prompt customization
+## Prompt customization
 Groundcrew ships one model-agnostic unattended prompt by default. It tells the agent to make reasonable assumptions, follow repository instructions, run documented verification, review its diff, open a PR when GitHub/`gh` is available, and include a workspace continuation hint when known.
@@ -243,35 +390,7 @@ export default {
 This keeps package defaults portable while letting your private config reference team-specific statuses, tools, plugins, or review loops.
-<details>
-<summary>Full reference table</summary>
-| Key                                     | Default             | What it does                                                                                                                                                                                                                                                                                                                                                            |
-| --------------------------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `sources`                               | `[]`                | Additional pluggable ticket sources. Extra sources are verified at startup; the built-in Linear adapter remains the dispatch read path until the canonical consumer refactor. Built-in kinds: `shell`, `linear`.                                                                                                                                                        |
-| `git.remote`                            | `"origin"`          | Remote used for `fetch` and as the worktree base ref.                                                                                                                                                                                                                                                                                                                   |
-| `git.defaultBranch`                     | `"main"`            | Branch fetched from `git.remote` and used as the worktree base.                                                                                                                                                                                                                                                                                                         |
-| `workspace.projectDir`                  | **required**        | Parent dir for cloned repos and sibling ticket worktrees.                                                                                                                                                                                                                                                                                                               |
-| `workspace.knownRepositories`           | **required**        | Repos searched for in ticket descriptions to infer where work belongs. A ticket labeled for groundcrew (`agent-*`) fails fast when no known repo appears; unlabeled tickets are ignored.                                                                                                                                                                                |
-| `orchestrator.maximumInProgress`        | `4`                 | Cap on in-progress tickets at once for this `crew` instance.                                                                                                                                                                                                                                                                                                            |
-| `orchestrator.pollIntervalMilliseconds` | `120_000`           | Poll interval in `--watch` mode.                                                                                                                                                                                                                                                                                                                                        |
-| `orchestrator.sessionLimitPercentage`   | `85`                | Number in `(0, 100]`. A model whose codexbar session window exceeds this percentage is skipped that tick.                                                                                                                                                                                                                                                               |
-| `models.default`                        | `"claude"`          | Tiebreak for `agent-any` resolution and fallback for explicit but unknown `agent-*` labels. Also used by `crew run --ticket <TICKET>` for unlabeled tickets. `crew run` without `--ticket` ignores unlabeled tickets and does not apply this default. Must exist in `models.definitions`.                                                                               |
-| `models.definitions`                    | `{ claude, codex }` | Agent definitions. Additive merge with shipped defaults.                                                                                                                                                                                                                                                                                                                |
-| `models.definitions.<name>.cmd`         | —                   | Shell command launched for the model. Runs in the worktree through the resolved `local.runner`. `{{worktree}}` is replaced before launch; `{{sandbox}}` expands to the sbx sandbox name under the sdx runner and an empty string otherwise.                                                                                                                             |
-| `models.definitions.<name>.color`       | —                   | Color for the workspace status pill (cmux only; tmux silently drops it).                                                                                                                                                                                                                                                                                                |
-| `models.definitions.<name>.usage`       | optional            | If set, codexbar usage is fetched for this model and gated by `sessionLimitPercentage`. Falls back to default when unset, with gating enabled for known models. When `usage.codexbar.source` is omitted, groundcrew uses `oauth` for Codex/Claude on macOS, `auto` for other macOS providers, and `cli` elsewhere. Set to `{ disabled: true }` to disable usage gating. |
-| `models.definitions.<name>.sandbox`     | optional            | Docker Sandboxes binding for the model. Required at launch when `local.runner` resolves to `sdx`. Fields: `agent` (required sbx agent name), `template`, `kits`, `setupCommand` (override for the inside-sandbox setup script).                                                                                                                                         |
-| `models.definitions.<name>.disabled`    | optional            | When set to exactly `true`, drops the named shipped default (`claude` or `codex`). Doctor skips probing it; `agent-<name>` labels fall back to `models.default` with a warning.                                                                                                                                                                                         |
-| `prompts.initial`                       | unattended template | First message sent to the agent. Placeholders: `{{ticket}}`, `{{worktree}}`, `{{title}}`, `{{description}}`. Override this from `crew.config.ts` for team-specific statuses, tools, plugins, or review loops.                                                                                                                                                           |
-| `workspaceKind`                         | `"auto"`            | Terminal session manager. `"auto"` picks `cmux` when on PATH, else `tmux`. Set to `"cmux"` or `"tmux"` to fail loudly when the chosen backend is missing.                                                                                                                                                                                                               |
-| `local.runner`                          | `"auto"`            | Local isolation backend. `"auto"` → `safehouse` on macOS, `sdx` on Linux/WSL. Explicit: `"safehouse"`, `"sdx"`, `"none"`. `"none"` is never picked implicitly.                                                                                                                                                                                                          |
-| `logging.file`                          | XDG state path      | Append-mode log file. `log()` / `logEvent()` tee here in addition to stdout. Defaults to `${XDG_STATE_HOME:-$HOME/.local/state}/groundcrew/groundcrew.log`.                                                                                                                                                                                                             |
-</details>
-<details>
-<summary>Disabling a shipped default</summary>
+## Disabling a shipped default model
 Groundcrew ships `claude` and `codex` as default model definitions, additively merged into every resolved config. To stop probing one:
@@ -301,171 +420,18 @@ Rules:
 - It cannot be combined with `cmd`, `color`, or `usage` in the same entry.
 - `models.default` must point at an enabled model.
-</details>
-## Per-repo setup hook
-When groundcrew launches a worktree, if `.groundcrew/setup.sh` exists in the repo root it's invoked as `bash .groundcrew/setup.sh --deps-only` before the agent starts; otherwise nothing runs. The same convention applies inside the sdx sandbox (overridable per-model via `models.definitions.<name>.sandbox.setupCommand`). No implicit `npm install`, `uv sync`, or anything else — groundcrew is language-agnostic, so opt in by adding the script.
-### The `--deps-only` contract
-The flag tells the script "you're being called by an automated system before an agent launches — skip anything interactive or one-time-only." The same script handles both modes; branch on `$1`. The name is historical and Node-flavored, but the semantic is language-neutral:
-- **With `--deps-only`**: do the cheap recurring work this worktree needs (lockfile install, generate types, etc.). No prompts, no global installs, no `nvm` / `pyenv` bootstrap that the host should already have.
-- **Without the flag**: full interactive bootstrap. Use this path when an engineer runs the script by hand for first-time onboarding, or when wiring it into another tool's SessionStart hook.
-Setup failures are advisory — groundcrew logs the non-zero exit and still launches the agent so a flaky network or stale lockfile doesn't block the session.
-### Examples
-**Python (uv):**
-```bash
-#!/usr/bin/env bash
-set -euo pipefail
-if [ "${1:-}" = "--deps-only" ]; then
-  uv sync --dev
-else
-  uv sync --dev
-  # ... extra one-time bootstrap (e.g., pre-commit install, db seed) ...
-fi
-```
-**Node (npm):**
-```bash
-#!/usr/bin/env bash
-set -euo pipefail
-if [ "${1:-}" = "--deps-only" ]; then
-  npm clean-install
-else
-  npm clean-install
-  # ... extra one-time bootstrap (e.g., husky install, codegen, link local packages) ...
-fi
-```
-**Docs-only or polyglot repo with no install step:**
-Omit the script. With nothing at `.groundcrew/setup.sh`, groundcrew skips the hook silently — fine for documentation repos, polyglot monorepos where setup happens per-package, or anywhere the per-worktree work is genuinely zero.
-For a more comprehensive real-world example (nvm bootstrap, hash-based skip-on-no-changes caching, portable SHA-256 detection), see [this repo's own `.groundcrew/setup.sh`](./.groundcrew/setup.sh). It's also symlinked at `.claude/setup.sh` so the same script doubles as a Claude Code SessionStart hook for this repo — that symlink is local convenience, not part of groundcrew's contract.
-### Generating it with an agent
-To have a coding agent (Claude Code, Cursor, etc.) scaffold `.groundcrew/setup.sh` for a repo you're onboarding, see [docs/setup-hook-agent-prompt.md](./docs/setup-hook-agent-prompt.md) — it encodes the contract above as a copy-pasteable prompt.
-## Commands
-```bash
-crew init [--global | --local] [--force] [--dry-run]     # create a crew.config.ts
-crew doctor                                              # full setup check
-crew doctor --ticket <TICKET> [--no-linear] [--no-fetch] # full ticket lifecycle (dispatch + recovery)
-crew run                                                 # one-shot dispatch
-crew run --watch                                         # poll forever
-crew run --ticket <TICKET>                               # provision one ticket and exit
-crew setup repos [--dry-run] [<repo>...]
-crew interrupt <TICKET> [--reason <text>]                # stop the live workspace, keep the worktree
-crew resume <TICKET>                                     # reopen an existing ticket worktree
-crew cleanup <TICKET>                                    # tear down every worktree carrying this ticket
-```
-`crew doctor --ticket <TICKET>` covers the full per-ticket lifecycle: pre-dispatch eligibility (Todo status, `agent-*` label, model resolution, repository mention, local clone, blockers, model session usage, in-progress capacity) **and** post-dispatch local-state recovery (recorded run state, host worktree, workspace pane, local branch, remote branch, open PR). Verdict precedence starts with PR outcomes (`pr-open` > `pr-merged`). Recorded failed launches report before ordinary local recovery, interrupted runs report concrete recoverable git work first when it exists and otherwise report `interrupted`, and ordinary post-dispatch cases report `in-flight` before `recoverable`. If none of those apply, doctor falls through to `unresolvable` > `ineligible` > `would-dispatch` > `lost`. Exits 0 on `would-dispatch`, `pr-open`, or `pr-merged`; any other verdict exits 1. `--watch` and `--ticket` are mutually exclusive. To inspect codexbar session windows directly, run `codexbar usage`.
-### `crew doctor --ticket <ticket>`
-Diagnose where a ticket is in its lifecycle and what to do next. Runs the same resolution and eligibility chain as the dispatcher, plus probes recorded run state, host worktree, workspace pane, local branch, remote branch, and PR; prints a single verdict with a copy-pasteable recovery step when one applies.
-Flags:
-- `--no-linear` — skip the Linear GraphQL call. Resolution and Eligibility sections are skipped; verdicts that need only local state (`in-flight`, `recoverable`, `pr-open`, `pr-merged`, `lost`) still fire.
-- `--no-fetch` — skip the upfront `git fetch origin <branch>` before checking remote presence.
-The Workspace section appends an attach hint to the pane name when the workspace backend exposes one (e.g. `tmux attach -t <session>:<pane>` or `cmux attach <name>`), so the verdict line is immediately actionable. The hero above shows a passing pre-dispatch run; here's the same command on a ticket that's already past dispatch:
-```text
-groundcrew doctor --ticket HRD-442 (Multi-event extractor: year inference can produce date_start > date_end)
-────────────────────────────────────────────────────────────────────────────────────────────────────────────
-Resolution
-  [ok] Ticket exists in Linear ("Multi-event extractor: year inference can produce date_start > date_end")
-  [ok] Status is Todo
-  (skipped — post-dispatch — pre-dispatch checks are irrelevant)
-Eligibility
-  (skipped — post-dispatch — pre-dispatch checks are irrelevant)
-Run state
-  [ok] Local run state (running)
-  [ok] Recorded model (claude)
-  [ok] Recorded worktree (/Users/paul/dev/groundcrew-workspaces/herds-social/herds-hrd-442)
-  [ok] Recorded branch (paul-hrd-442)
-  [ok] Resume count (0)
-Worktree
-  [ok] Host worktree exists (/Users/paul/dev/groundcrew-workspaces/herds-social/herds-hrd-442)
-  [--] Working tree clean (0 modified, 1 untracked)
-  [ok] Branch checked out (paul-hrd-442)
-Workspace
-  [ok] Workspace pane open (hrd-442 — attach: `tmux attach -t groundcrew:hrd-442`)
-Local branch
-  [ok] Local branch exists (paul-hrd-442, 2 ahead / 0 behind origin/main)
-Remote branch
-  [ok] Branch present on origin
-Pull request
-  [ok] Open PR for this branch (#224 https://github.com/herds-social/herds/pull/224)
-→ pr-open: https://github.com/herds-social/herds/pull/224 (#224)
-```
-#### Recovering a stranded ticket
-The verdict on the last line maps to a recovery action:
-| Verdict          | What to do                                                                                    |
-| ---------------- | --------------------------------------------------------------------------------------------- |
-| `pr-open`        | Nothing — the PR is the source of truth.                                                      |
-| `pr-merged`      | Done.                                                                                         |
-| `in-flight`      | The ticket is still being worked on; the verdict line names the workspace pane to attach to.  |
-| `recoverable`    | Run the printed `nextStep` exactly.                                                           |
-| `interrupted`    | Resume the preserved worktree with `crew resume <ticket>` or inspect it by hand.              |
-| `failed-launch`  | Fix the launch failure, then run `crew resume <ticket>` or `crew cleanup <ticket>`.           |
-| `would-dispatch` | Pre-dispatch checks pass; the orchestrator will pick the ticket up on its next tick.          |
-| `ineligible`     | A resolution or eligibility check failed; the reason after the colon names the failing check. |
-| `unresolvable`   | The Linear ticket couldn't be fetched; the reason after the colon names the error.            |
-| `lost`           | No trace exists. Re-dispatch via `crew run --ticket <ticket>`.                                |
-### `crew interrupt <ticket>`
+## Using 1Password for the API key
-Stop a live workspace pane while preserving the ticket worktree and branch. This is the manual pause button for cases where you need terminal capacity back, want to stop an agent that is going in the wrong direction, or need to inspect the diff before letting another agent continue.
+`crew` reads `GROUNDCREW_LINEAR_API_KEY` first, then falls back to `LINEAR_API_KEY`. To resolve from 1Password:
 ```bash
-crew interrupt HRD-442 --reason "wrong implementation direction"
-crew doctor --ticket HRD-442
-crew resume HRD-442
+echo "GROUNDCREW_LINEAR_API_KEY='op://<vault>/LINEAR_API_KEY/credential'" > .env.1password
+op run --env-file .env.1password -- crew doctor
 ```
-The command closes the cmux/tmux workspace when it exists, records local run state under the groundcrew state directory, and never tears down the worktree. If the workspace was already gone but the worktree is still present, interrupt records that fact so doctor can point at the preserved branch instead of reporting a mystery ticket.
-### `crew resume <ticket>`
-Reopen an existing ticket worktree with a continuation prompt. Resume never creates a new worktree; if none exists, it fails and leaves re-dispatch to `crew run --ticket <ticket>`.
-The resume prompt tells the agent to inspect current git status and diff before editing, includes the previous interrupt reason when recorded, and reuses the recorded model, repository, branch, runner, sandbox, and workspace backend. When no run-state file exists but a worktree does, resume falls back to Linear resolution for the model and ticket context.
 ## Troubleshooting
-First stop for "labeled but not on the board": `crew doctor --ticket <ticket>` lists every check the dispatcher runs and flags the failing one.
-<details>
-<summary>Local execution picks one of safehouse / sdx / none</summary>
-`local.runner: "auto"` resolves to `safehouse` on macOS and `sdx` (Docker Sandboxes) on Linux/WSL. Override with `local.runner: "safehouse" | "sdx" | "none"`. There is no per-model `isolation` knob — the runner is global. `sdx` requires a per-model `sandbox: { agent }` block so groundcrew can map the model to an sbx agent.
-</details>
+First stop for "what exists locally right now": `crew status <ticket>` shows the ticket's worktrees, workspace presence, run state, logs, and latest Linear status. Use `crew doctor` when you need to verify host setup.
 <details>
 <summary>Safehouse-already-wrapped commands are not re-wrapped</summary>
@@ -474,13 +440,6 @@ If a `models.definitions.<name>.cmd` already starts with `safehouse`, groundcrew
 </details>
-<details>
-<summary>Sandbox lifecycle is create-only</summary>
-Groundcrew auto-creates the sandbox for an sbx agent (`groundcrew-<agent>`) when missing, but never deletes one — sandboxes persist across tickets and across `crew cleanup`. Auth state lives inside the sandbox, so deleting it forces a re-login. Inspect or remove them manually with `sbx ls` / `sbx rm`.
-</details>
 <details>
 <summary>Dead tmux windows vanish by default</summary>
@@ -488,20 +447,6 @@ When a wrapped agent command fails (e.g. `safehouse-clearance` not found, `npm i
 </details>
-<details>
-<summary>Status names don't matter</summary>
-Groundcrew classifies tickets by Linear's workflow `state.type` (`unstarted`, `started`, `completed`, `canceled`, `duplicate`), not by status name. Teams that rename "Todo" to "To Do" or "Done" to "Shipped" need no configuration — the orchestrator still classifies correctly.
-</details>
-<details>
-<summary>Leaf-only</summary>
-Parent issues with children are ignored — sub-issues are the work items.
-</details>
 <details>
 <summary>Tickets stay in-progress until something else moves them</summary>
@@ -509,13 +454,6 @@ Groundcrew sets a ticket to `Started` (the first workflow state with `type === "
 </details>
-<details>
-<summary>Cross-team boards work out of the box</summary>
-Groundcrew picks up tickets across every team your API key's viewer can see. The "mark in progress" writeback looks up each ticket's own team workflow and uses that team's `started` state, so teams with different state names coexist without any per-team configuration.
-</details>
 <details>
 <summary>Claude launches in auto mode by default</summary>
@@ -533,7 +471,7 @@ Doctor reports the resolved local runner (safehouse / sdx / none) and whether it
 <details>
 <summary>Doctor checks every enabled model</summary>
-`models.definitions` includes both shipped defaults (`claude`, `codex`) by default via additive merge. If you only intend to label tickets `agent-claude` and don't have `codex` installed, set `models.definitions.codex: { disabled: true }` (see "Disabling a shipped default" above). Without that, doctor exits non-zero on a missing `codex` binary even though `crew run` would never route to it.
+`models.definitions` includes both shipped defaults (`claude`, `codex`) by default via additive merge. If you only intend to label tickets `agent-claude` and don't have `codex` installed, set `models.definitions.codex: { disabled: true }`. Without that, doctor exits non-zero on a missing `codex` binary even though `crew run` would never route to it.
 </details>
@@ -572,7 +510,7 @@ node --run crew:op -- run --watch
 Both forms discover config via cosmiconfig — project-walk from cwd for `crew.config.ts` and friends, then `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/crew.config.ts` (legacy `config.ts` is still accepted for one release). Set `GROUNDCREW_CONFIG` to point elsewhere. The `crew:op` wrapper additionally reads `${XDG_CONFIG_HOME:-$HOME/.config}/groundcrew/op.env` (1Password env-file with `op://` references resolved at launch).
-Logs land in `${XDG_STATE_HOME:-$HOME/.local/state}/groundcrew/groundcrew.log` by default (override via `logging.file`). The "Loaded config from …" line at startup tells you which config won.
+Logs land in `${XDG_STATE_HOME:-$HOME/.local/state}/groundcrew/groundcrew.log` by default (override via `logging.file`).
 Source edits in `src/**` are picked up on the next invocation. Requires Node ≥ 24.3 (native `.ts` type stripping).