npm - @evermore.work/server - Versions diffs - 2026.518.0-canary.0 → 2026.518.0-canary.1 - Mend

@evermore.work/server 2026.518.0-canary.0 → 2026.518.0-canary.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/dist/redaction.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"~~AAcA~~,eAAO,MAAM,oBAAoB,mBAAmB,CAAC;~~AA2CrD~~,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CA8BvF;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAI1G;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,~~CAOzD~~"}
1	+ {"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAuCA,eAAO,MAAM,oBAAoB,mBAAmB,CAAC;AAgDrD,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CA8BvF;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAI1G;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAQzD"}

package/dist/redaction.js CHANGED Viewed

@@ -1,12 +1,37 @@
 import { redactCommandText } from "@evermore.work/adapter-utils";
-const SECRET_PAYLOAD_KEY_RE = /(api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)/i;
+const SECRET_FIELD_NAME_PATTERN = String.raw `[A-Za-z0-9_-]*(?:api[-_]?key|access[-_]?token|auth(?:_?token)?|token|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)[A-Za-z0-9_-]*`;
+const SECRET_PAYLOAD_KEY_RE = new RegExp(SECRET_FIELD_NAME_PATTERN, "i");
 const COMMAND_PAYLOAD_KEY_RE = /(^command$|^cmd$|command[-_]?line|resolved[-_]?command|EVERMORE_RESOLVED_COMMAND)/i;
 const COMMAND_ARGS_PAYLOAD_KEY_RE = /^(commandArgs|command_?args|argv)$/i;
 const JWT_VALUE_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+(?:\.[A-Za-z0-9_-]+)?$/;
-const CLI_SECRET_FLAG_RE = /^-{1,2}(?:api[-_]?key|(?:access[-_]?|auth[-_]?)?token|token|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)$/i;
-const JSON_SECRET_FIELD_TEXT_RE = /((?:"|')?(?:api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)(?:"|')?\s*:\s*(?:"|'))[^"'`\r\n]+((?:"|'))/gi;
-const ESCAPED_JSON_SECRET_FIELD_TEXT_RE = /((?:\\")?(?:api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)(?:\\")?\s*:\s*(?:\\"))[^\\\r\n]+((?:\\"))/gi;
+const CLI_SECRET_FLAG_RE = new RegExp(String.raw `^-{1,2}${SECRET_FIELD_NAME_PATTERN}$`, "i");
+const JSON_SECRET_FIELD_TEXT_RE = new RegExp(String.raw `((?:"|')?${SECRET_FIELD_NAME_PATTERN}(?:"|')?\s*:\s*(?:"|'))[^"'` + "`" + String.raw `\r\n]+((?:"|'))`, "gi");
+const ESCAPED_JSON_SECRET_FIELD_TEXT_RE = new RegExp(String.raw `((?:\\")?${SECRET_FIELD_NAME_PATTERN}(?:\\")?\s*:\s*(?:\\"))[^\\\r\n]+((?:\\"))`, "gi");
+const SECRET_TEXT_HINTS = [
+    "api",
+    "key",
+    "token",
+    "auth",
+    "bearer",
+    "secret",
+    "pass",
+    "credential",
+    "jwt",
+    "private",
+    "cookie",
+    "connectionstring",
+    "sk-",
+    "ghp_",
+    "gho_",
+    "ghu_",
+    "ghs_",
+    "ghr_",
+];
 export const REDACTED_EVENT_VALUE = "***REDACTED***";
+function maybeContainsSecretText(input) {
+    const lower = input.toLowerCase();
+    return SECRET_TEXT_HINTS.some((hint) => lower.includes(hint)) || input.includes(".");
+}
 function isPlainObject(value) {
     if (typeof value !== "object" || value === null || Array.isArray(value))
         return false;
@@ -91,6 +116,8 @@ export function redactEventPayload(payload) {
     return sanitizeRecord(payload);
 }
 export function redactSensitiveText(input) {
+    if (!maybeContainsSecretText(input))
+        return input;
     return redactCommandText(input
         .replace(JSON_SECRET_FIELD_TEXT_RE, `$1${REDACTED_EVENT_VALUE}$2`)
         .replace(ESCAPED_JSON_SECRET_FIELD_TEXT_RE, `$1${REDACTED_EVENT_VALUE}$2`), REDACTED_EVENT_VALUE);

package/dist/redaction.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redaction.js","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,MAAM,qBAAqB,~~GACzB~~,~~qJAAqJ~~,CAAC;~~AACxJ~~,MAAM,sBAAsB,GAC1B,oFAAoF,CAAC;AACvF,MAAM,2BAA2B,GAAG,qCAAqC,CAAC;AAC1E,MAAM,YAAY,GAAG,uEAAuE,CAAC;AAC7F,MAAM,kBAAkB,~~GACtB~~,~~mKAAmK~~,CAAC;~~AACtK~~,MAAM,yBAAyB,~~GAC7B~~,~~4MAA4M~~,CAAC;~~AAC/M~~,MAAM,iCAAiC,~~GACrC~~,~~2MAA2M~~,CAAC;~~AAC9M~~,MAAM,CAAC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAErD,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtF,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,KAAK,KAAK,MAAM,CAAC,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACxD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC1D,IAAI,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,cAAc,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;IACvF,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC;AAC3E,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,OAAO,IAAI,KAAK,CAAC;AACpD,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAe;IAC1C,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,GAAG,KAAK,CAAC;YACnB,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACxC,UAAU,GAAG,IAAI,CAAC;YAClB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAA+B;IAC5D,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC3C,SAAS;QACX,CAAC;QACD,IAAI,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAClE,QAAQ,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC3C,SAAS;QACX,CAAC;QACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACpC,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrC,SAAS;YACX,CAAC;YACD,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBAC/D,SAAS;YACX,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC;YACrC,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC;YACrC,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAuC;IACxE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5C,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,OAAO,iBAAiB,CACtB,KAAK;SACF,OAAO,CAAC,yBAAyB,EAAE,KAAK,oBAAoB,IAAI,CAAC;SACjE,OAAO,CAAC,iCAAiC,EAAE,KAAK,oBAAoB,IAAI,CAAC,EAC5E,oBAAoB,CACrB,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"redaction.js","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,MAAM,yBAAyB,GAC7B,MAAM,CAAC,GAAG,CAAA,wLAAwL,CAAC;AAErM,MAAM,qBAAqB,GAAG,IAAI,MAAM,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;AACzE,MAAM,sBAAsB,GAC1B,oFAAoF,CAAC;AACvF,MAAM,2BAA2B,GAAG,qCAAqC,CAAC;AAC1E,MAAM,YAAY,GAAG,uEAAuE,CAAC;AAC7F,MAAM,kBAAkB,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAA,UAAU,yBAAyB,GAAG,EAAE,GAAG,CAAC,CAAC;AAC7F,MAAM,yBAAyB,GAAG,IAAI,MAAM,CAC1C,MAAM,CAAC,GAAG,CAAA,YAAY,yBAAyB,6BAA6B,GAAG,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA,iBAAiB,EAChH,IAAI,CACL,CAAC;AACF,MAAM,iCAAiC,GAAG,IAAI,MAAM,CAClD,MAAM,CAAC,GAAG,CAAA,YAAY,yBAAyB,4CAA4C,EAC3F,IAAI,CACL,CAAC;AACF,MAAM,iBAAiB,GAAG;IACxB,KAAK;IACL,KAAK;IACL,OAAO;IACP,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,YAAY;IACZ,KAAK;IACL,SAAS;IACT,QAAQ;IACR,kBAAkB;IAClB,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACE,CAAC;AACX,MAAM,CAAC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAErD,SAAS,uBAAuB,CAAC,KAAa;IAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtF,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,KAAK,KAAK,MAAM,CAAC,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACxD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC1D,IAAI,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,cAAc,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;IACvF,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC;AAC3E,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,OAAO,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,OAAO,IAAI,KAAK,CAAC;AACpD,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAe;IAC1C,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACtB,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,GAAG,KAAK,CAAC;YACnB,OAAO,oBAAoB,CAAC;QAC9B,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACxC,UAAU,GAAG,IAAI,CAAC;YAClB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAA+B;IAC5D,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,IAAI,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,QAAQ,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC3C,SAAS;QACX,CAAC;QACD,IAAI,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAClE,QAAQ,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC3C,SAAS;QACX,CAAC;QACD,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACpC,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;gBACrC,SAAS;YACX,CAAC;YACD,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBAC/D,SAAS;YACX,CAAC;YACD,QAAQ,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC;YACrC,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,QAAQ,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC;YACrC,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAuC;IACxE,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5C,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,OAAO,iBAAiB,CACtB,KAAK;SACF,OAAO,CAAC,yBAAyB,EAAE,KAAK,oBAAoB,IAAI,CAAC;SACjE,OAAO,CAAC,iCAAiC,EAAE,KAAK,oBAAoB,IAAI,CAAC,EAC5E,oBAAoB,CACrB,CAAC;AACJ,CAAC"}

package/dist/routes/issues.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"issues.d.ts","sourceRoot":"","sources":["../../src/routes/issues.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AAS5C,OAAO,EA8BL,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAI3B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AA8C1D,OAAO,EAEL,KAAK,wBAAwB,EAC9B,MAAM,0CAA0C,CAAC;AASlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;~~AAShF~~,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACtF,CAAC;~~AA2qBF~~,wBAAgB,WAAW,CACzB,EAAE,EAAE,EAAE,EACN,OAAO,EAAE,cAAc,EACvB,IAAI,GAAE;IACJ,qBAAqB,CAAC,EAAE;QACtB,0BAA0B,CAAC,KAAK,CAAC,EAAE;YACjC,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,GAAG,CAAC,EAAE,IAAI,CAAC;SACZ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACtB,CAAC;IACF,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,iBAAiB,CAAC,EAAE,wBAAwB,CAAC;IAC7C,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CACtC,~~8CA8lIP~~"}
1	+ {"version":3,"file":"issues.d.ts","sourceRoot":"","sources":["../../src/routes/issues.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,mBAAmB,CAAC;AAS5C,OAAO,EA8BL,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAI3B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AA8C1D,OAAO,EAEL,KAAK,wBAAwB,EAC9B,MAAM,0CAA0C,CAAC;AASlD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAgBhF,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACtF,CAAC;AAirBF,wBAAgB,WAAW,CACzB,EAAE,EAAE,EAAE,EACN,OAAO,EAAE,cAAc,EACvB,IAAI,GAAE;IACJ,qBAAqB,CAAC,EAAE;QACtB,0BAA0B,CAAC,KAAK,CAAC,EAAE;YACjC,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,GAAG,CAAC,EAAE,IAAI,CAAC;SACZ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACtB,CAAC;IACF,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,iBAAiB,CAAC,EAAE,wBAAwB,CAAC;IAC7C,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CACtC,8CAs+IP"}

package/dist/routes/issues.js CHANGED Viewed

@@ -389,6 +389,8 @@ function queueResolvedInteractionContinuationWakeup(input) {
         return;
     if (!input.issue.assigneeAgentId || isClosedIssueStatus(input.issue.status))
         return;
+    const forceFreshSession = input.forceFreshSession === true;
+    const workspaceRefreshReason = readNonEmptyString(input.workspaceRefreshReason);
     void input.heartbeat.wakeup(input.issue.assigneeAgentId, {
         source: "automation",
         triggerDetail: "system",
@@ -414,6 +416,8 @@ function queueResolvedInteractionContinuationWakeup(input) {
             sourceRunId: input.interaction.sourceRunId ?? null,
             wakeReason: "issue_commented",
             source: input.source,
+            ...(forceFreshSession ? { forceFreshSession: true } : {}),
+            ...(workspaceRefreshReason ? { workspaceRefreshReason } : {}),
         },
     }).catch((err) => logger.warn({
         err,
@@ -545,6 +549,7 @@ export function issueRoutes(db, storage, opts = {}) {
     const workProductsSvc = workProductService(db);
     const documentsSvc = documentService(db);
     const issueReferencesSvc = issueReferenceService(db);
+    const issueThreadInteractionsSvc = issueThreadInteractionService(db);
     const routinesSvc = routineService(db, {
         pluginWorkerManager: opts.pluginWorkerManager,
     });
@@ -556,6 +561,128 @@ export function issueRoutes(db, storage, opts = {}) {
     };
     const feedbackExportService = opts?.feedbackExportService;
     const environmentsSvc = environmentService(db);
+    async function classifySourceRecoveryRevalidation(input) {
+        const { issue } = input;
+        if (issue.status === "done" || issue.status === "cancelled") {
+            return `Recovery action became stale because the source issue reached ${issue.status}.`;
+        }
+        if (input.blockedToTodoRecovery === true) {
+            return "Recovery action became stale because the source issue was manually moved from blocked to todo.";
+        }
+        if (input.trigger === "read_projection")
+            return null;
+        if (input.trigger === "comment" &&
+            input.resumeRequested !== true &&
+            input.reopened !== true &&
+            input.statusChanged !== true) {
+            return null;
+        }
+        const durableSourceChange = input.statusChanged === true ||
+            input.assigneeChanged === true ||
+            input.blockersChanged === true ||
+            input.executionPolicyChanged === true ||
+            input.monitorChanged === true ||
+            input.documentChanged === true ||
+            input.workProductChanged === true ||
+            input.resumeRequested === true ||
+            input.reopened === true;
+        if (!durableSourceChange)
+            return null;
+        if (issue.status === "blocked") {
+            const readiness = await svc.getDependencyReadiness(issue.id);
+            if (readiness.unresolvedBlockerCount > 0) {
+                return "Recovery action became stale because the source issue now has unresolved first-class blockers.";
+            }
+            return null;
+        }
+        if (issue.assigneeUserId && issue.status !== "done" && issue.status !== "cancelled") {
+            return "Recovery action became stale because the source issue now has a human owner.";
+        }
+        if ((issue.status === "todo" || issue.status === "in_progress") && issue.assigneeAgentId) {
+            return `Recovery action became stale because the source issue is ${issue.status} with an agent owner.`;
+        }
+        if (issue.status === "in_review") {
+            const executionState = parseIssueExecutionState(issue.executionState);
+            const participant = executionState?.status === "pending" ? executionState.currentParticipant : null;
+            if ((participant?.type === "agent" && readNonEmptyString(participant.agentId)) ||
+                (participant?.type === "user" && readNonEmptyString(participant.userId))) {
+                return "Recovery action became stale because the source issue now has a typed review participant.";
+            }
+            const interactions = await issueThreadInteractionsSvc.listForIssue(issue.id);
+            if (interactions.some((interaction) => interaction.status === "pending")) {
+                return "Recovery action became stale because the source issue now has a pending issue interaction.";
+            }
+            const approvals = await issueApprovalsSvc.listApprovalsForIssue(issue.id);
+            if (approvals.some((approval) => approval.status === "pending" || approval.status === "revision_requested")) {
+                return "Recovery action became stale because the source issue now has a pending approval.";
+            }
+        }
+        const monitor = summarizeIssueMonitor(issue, normalizeIssueExecutionPolicy(issue.executionPolicy ?? null));
+        if (monitor.nextCheckAt && Date.parse(monitor.nextCheckAt) > Date.now()) {
+            return "Recovery action became stale because the source issue now has a scheduled monitor.";
+        }
+        return null;
+    }
+    async function revalidateActiveSourceRecovery(input) {
+        const activeRecoveryAction = input.activeRecoveryAction === undefined
+            ? await recoveryActionsSvc.getActiveForIssue(input.issue.companyId, input.issue.id)
+            : input.activeRecoveryAction;
+        if (!activeRecoveryAction)
+            return null;
+        const resolutionNote = await classifySourceRecoveryRevalidation(input);
+        if (!resolutionNote)
+            return activeRecoveryAction;
+        const resolved = await recoveryActionsSvc.resolveActiveForIssue({
+            companyId: input.issue.companyId,
+            sourceIssueId: input.issue.id,
+            actionId: activeRecoveryAction.id,
+            status: "cancelled",
+            outcome: "cancelled",
+            resolutionNote,
+        });
+        if (!resolved)
+            return activeRecoveryAction;
+        const actor = input.actor;
+        await logActivity(db, {
+            companyId: input.issue.companyId,
+            actorType: actor?.actorType ?? "system",
+            actorId: actor?.actorId ?? "system",
+            agentId: actor?.agentId ?? null,
+            runId: actor?.runId ?? null,
+            action: "issue.recovery_action_resolved",
+            entityType: "issue",
+            entityId: input.issue.id,
+            details: {
+                identifier: input.issue.identifier,
+                recoveryActionId: resolved.id,
+                recoveryActionStatus: resolved.status,
+                outcome: resolved.outcome,
+                sourceIssueStatus: input.issue.status,
+                resolutionNote: resolved.resolutionNote,
+                source: "source_revalidation",
+                trigger: input.trigger,
+            },
+        });
+        return null;
+    }
+    async function revalidateActiveSourceRecoveryForRead(input) {
+        try {
+            return await revalidateActiveSourceRecovery(input);
+        }
+        catch (err) {
+            logger.warn({ err, issueId: input.issue.id, trigger: input.trigger }, "failed to revalidate recovery action during read projection");
+            return input.activeRecoveryAction ?? null;
+        }
+    }
+    async function revalidateActiveSourceRecoveryAfterCommittedWrite(input) {
+        try {
+            return await revalidateActiveSourceRecovery(input);
+        }
+        catch (err) {
+            logger.warn({ err, issueId: input.issue.id, trigger: input.trigger }, "failed to revalidate recovery action after committed issue write");
+            return input.activeRecoveryAction ?? null;
+        }
+    }
     function withContentPath(attachment) {
         return {
             ...attachment,
@@ -899,6 +1026,42 @@ export function issueRoutes(db, storage, opts = {}) {
         });
         return false;
     }
+    async function assertRecoveryActionAuthority(req, res, issue, activeRecoveryAction, input) {
+        if (req.actor.type !== "agent")
+            return true;
+        if (!activeRecoveryAction)
+            return true;
+        const actorAgentId = req.actor.agentId;
+        if (!actorAgentId) {
+            res.status(403).json({ error: "Agent authentication required" });
+            return false;
+        }
+        if (issue.assigneeAgentId === actorAgentId)
+            return true;
+        if (issue.assigneeAgentId &&
+            await hasActiveCheckoutManagementOverride(actorAgentId, issue.companyId, issue.assigneeAgentId)) {
+            return true;
+        }
+        if (activeRecoveryAction.ownerAgentId === actorAgentId)
+            return true;
+        if (activeRecoveryAction.ownerAgentId &&
+            await hasActiveCheckoutManagementOverride(actorAgentId, issue.companyId, activeRecoveryAction.ownerAgentId)) {
+            return true;
+        }
+        res.status(403).json({
+            error: "Agent cannot resolve another owner's recovery action",
+            details: {
+                issueId: issue.id,
+                recoveryActionId: activeRecoveryAction.id,
+                actorAgentId,
+                assigneeAgentId: issue.assigneeAgentId,
+                recoveryOwnerAgentId: activeRecoveryAction.ownerAgentId,
+                source: input.source,
+                securityPrinciples: ["Least Privilege", "Complete Mediation", "Secure Defaults"],
+            },
+        });
+        return false;
+    }
     async function resolveActiveIssueRun(issue) {
         let runToInterrupt = issue.executionRunId ? await heartbeat.getRun(issue.executionRunId) : null;
         if ((!runToInterrupt || runToInterrupt.status !== "running") && issue.assigneeAgentId) {
@@ -1123,6 +1286,22 @@ export function issueRoutes(db, storage, opts = {}) {
             listSuccessfulRunHandoffStates(db, companyId, issueIds),
             recoveryActionsSvc.listActiveForIssues(companyId, issueIds),
         ]);
+        const actor = getActorInfo(req);
+        await Promise.all(result.map(async (issue) => {
+            const activeRecoveryAction = recoveryActionByIssue.get(issue.id) ?? null;
+            if (!activeRecoveryAction)
+                return;
+            const revalidated = await revalidateActiveSourceRecoveryForRead({
+                issue,
+                trigger: "read_projection",
+                actor,
+                activeRecoveryAction,
+            });
+            if (revalidated)
+                recoveryActionByIssue.set(issue.id, revalidated);
+            else
+                recoveryActionByIssue.delete(issue.id);
+        }));
         res.json(result.map((issue) => ({
             ...issue,
             successfulRunHandoff: handoffStates.get(issue.id) ?? null,
@@ -1246,6 +1425,12 @@ export function issueRoutes(db, storage, opts = {}) {
         ]);
         const recoveryActionsByRelationIssue = await relationRecoveryActionMap(recoveryActionsSvc, issue.companyId, relations);
         const relationsWithRecoveryActions = withRecoveryActionsOnRelationSummaries(relations, recoveryActionsByRelationIssue);
+        const revalidatedActiveRecoveryAction = await revalidateActiveSourceRecoveryForRead({
+            issue,
+            trigger: "read_projection",
+            actor: getActorInfo(req),
+            activeRecoveryAction,
+        });
         res.json({
             issue: {
                 id: issue.id,
@@ -1257,7 +1442,7 @@ export function issueRoutes(db, storage, opts = {}) {
                 ...(blockerAttention ? { blockerAttention } : {}),
                 productivityReview,
                 scheduledRetry,
-                activeRecoveryAction,
+                activeRecoveryAction: revalidatedActiveRecoveryAction,
                 priority: issue.priority,
                 projectId: issue.projectId,
                 goalId: goal?.id ?? issue.goalId,
@@ -1342,6 +1527,12 @@ export function issueRoutes(db, storage, opts = {}) {
         ]);
         const recoveryActionsByRelationIssue = await relationRecoveryActionMap(recoveryActionsSvc, issue.companyId, relations);
         const relationsWithRecoveryActions = withRecoveryActionsOnRelationSummaries(relations, recoveryActionsByRelationIssue);
+        const revalidatedActiveRecoveryAction = await revalidateActiveSourceRecoveryForRead({
+            issue,
+            trigger: "read_projection",
+            actor: getActorInfo(req),
+            activeRecoveryAction,
+        });
         const mentionedProjects = mentionedProjectIds.length > 0
             ? await projectsSvc.listByIds(issue.companyId, mentionedProjectIds)
             : [];
@@ -1357,7 +1548,7 @@ export function issueRoutes(db, storage, opts = {}) {
             productivityReview,
             successfulRunHandoff: successfulRunHandoffStates.get(issue.id) ?? null,
             scheduledRetry,
-            activeRecoveryAction,
+            activeRecoveryAction: revalidatedActiveRecoveryAction,
             blockedBy: relationsWithRecoveryActions.blockedBy,
             blocks: relationsWithRecoveryActions.blocks,
             relatedWork: referenceSummary,
@@ -1378,7 +1569,11 @@ export function issueRoutes(db, storage, opts = {}) {
             return;
         }
         assertCompanyAccess(req, issue.companyId);
-        const active = await recoveryActionsSvc.getActiveForIssue(issue.companyId, issue.id);
+        const active = await revalidateActiveSourceRecoveryForRead({
+            issue,
+            trigger: "read_projection",
+            actor: getActorInfo(req),
+        });
         res.json({
             active,
             actions: active ? [active] : [],
@@ -1394,6 +1589,10 @@ export function issueRoutes(db, storage, opts = {}) {
         assertCompanyAccess(req, existing.companyId);
         if (!(await assertAgentIssueMutationAllowed(req, res, existing)))
             return;
+        const activeRecoveryAction = await recoveryActionsSvc.getActiveForIssue(existing.companyId, existing.id);
+        if (!(await assertRecoveryActionAuthority(req, res, existing, activeRecoveryAction, { source: "recovery_action_resolution" }))) {
+            return;
+        }
         const { actionId, outcome, sourceIssueStatus, resolutionNote } = req.body;
         if (outcome === "false_positive" || outcome === "cancelled") {
             assertBoard(req);
@@ -1481,6 +1680,29 @@ export function issueRoutes(db, storage, opts = {}) {
                 resolutionNote: result.recoveryAction.resolutionNote,
             },
         });
+        if (sourceIssueStatus === "todo" &&
+            existing.status !== result.issue.status &&
+            result.issue.assigneeAgentId) {
+            void heartbeat.wakeup(result.issue.assigneeAgentId, {
+                source: "automation",
+                triggerDetail: "system",
+                reason: "issue_recovery_action_restored",
+                payload: {
+                    issueId: result.issue.id,
+                    recoveryActionId: result.recoveryAction.id,
+                    mutation: "recovery_action_resolution",
+                },
+                requestedByActorType: actor.actorType,
+                requestedByActorId: actor.actorId,
+                contextSnapshot: {
+                    issueId: result.issue.id,
+                    taskId: result.issue.id,
+                    wakeReason: "issue_recovery_action_restored",
+                    source: "issue.recovery_action_resolution",
+                    recoveryActionId: result.recoveryAction.id,
+                },
+            }).catch((err) => logger.warn({ err, issueId: result.issue.id, agentId: result.issue.assigneeAgentId }, "failed to wake agent after recovery action restored issue"));
+        }
         res.json({
             issue: {
                 ...result.issue,
@@ -1608,6 +1830,12 @@ export function issueRoutes(db, storage, opts = {}) {
                 source: "issue.document_updated",
             });
         }
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "document",
+            actor,
+            documentChanged: true,
+        });
         res.status(result.created ? 201 : 200).json(doc);
     });
     router.post("/issues/:id/documents/:key/lock", async (req, res) => {
@@ -1775,6 +2003,12 @@ export function issueRoutes(db, storage, opts = {}) {
             actor,
             source: "issue.document_restored",
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "document",
+            actor,
+            documentChanged: true,
+        });
         res.json(result.document);
     });
     router.delete("/issues/:id/documents/:key", async (req, res) => {
@@ -1839,6 +2073,12 @@ export function issueRoutes(db, storage, opts = {}) {
             actor,
             source: "issue.document_deleted",
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "document",
+            actor,
+            documentChanged: true,
+        });
         res.json({ ok: true });
     });
     router.post("/issues/:id/work-products", validate(createIssueWorkProductSchema), async (req, res) => {
@@ -1871,6 +2111,12 @@ export function issueRoutes(db, storage, opts = {}) {
             entityId: issue.id,
             details: { workProductId: product.id, type: product.type, provider: product.provider },
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "work_product",
+            actor,
+            workProductChanged: true,
+        });
         res.status(201).json(product);
     });
     router.patch("/work-products/:id", validate(updateIssueWorkProductSchema), async (req, res) => {
@@ -1905,6 +2151,12 @@ export function issueRoutes(db, storage, opts = {}) {
             entityId: existing.issueId,
             details: { workProductId: product.id, changedKeys: Object.keys(req.body).sort() },
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "work_product",
+            actor,
+            workProductChanged: true,
+        });
         res.json(product);
     });
     router.delete("/work-products/:id", async (req, res) => {
@@ -1939,6 +2191,12 @@ export function issueRoutes(db, storage, opts = {}) {
             entityId: existing.issueId,
             details: { workProductId: removed.id, type: removed.type },
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "work_product",
+            actor,
+            workProductChanged: true,
+        });
         res.json(removed);
     });
     router.post("/issues/:id/read", async (req, res) => {
@@ -2376,6 +2634,19 @@ export function issueRoutes(db, storage, opts = {}) {
         await assertIssueEnvironmentSelection(existing.companyId, updateFields.executionWorkspaceSettings?.environmentId);
         const requestedAssigneeAgentId = normalizedAssigneeAgentId === undefined ? existing.assigneeAgentId : normalizedAssigneeAgentId;
         const explicitMoveToTodoRequested = reopenRequested || resumeRequested === true;
+        const recoveryRelevantSourceMutationRequested = req.body.status !== undefined ||
+            normalizedAssigneeAgentId !== undefined ||
+            req.body.assigneeUserId !== undefined ||
+            Array.isArray(req.body.blockedByIssueIds) ||
+            req.body.executionPolicy !== undefined ||
+            explicitMoveToTodoRequested;
+        const activeRecoveryActionBeforeUpdate = recoveryRelevantSourceMutationRequested
+            ? await recoveryActionsSvc.getActiveForIssue(existing.companyId, existing.id)
+            : null;
+        if (recoveryRelevantSourceMutationRequested &&
+            !(await assertRecoveryActionAuthority(req, res, existing, activeRecoveryActionBeforeUpdate, { source: "issue_update" }))) {
+            return;
+        }
         const effectiveMoveToTodoRequested = explicitMoveToTodoRequested ||
             (!!commentBody &&
                 shouldImplicitlyMoveCommentedIssueToTodo({
@@ -2663,6 +2934,30 @@ export function issueRoutes(db, storage, opts = {}) {
             previous.status !== undefined &&
             issue.status === "todo";
         const reopenFromStatus = reopened ? existing.status : null;
+        const statusChangedFromBlockedToTodo = existing.status === "blocked" &&
+            issue.status === "todo" &&
+            (req.body.status !== undefined || reopened);
+        const revalidatedRecoveryAction = await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue,
+            trigger: "issue_update",
+            actor,
+            activeRecoveryAction: activeRecoveryActionBeforeUpdate ?? undefined,
+            statusChanged: existing.status !== issue.status,
+            assigneeChanged: existing.assigneeAgentId !== issue.assigneeAgentId ||
+                existing.assigneeUserId !== issue.assigneeUserId,
+            blockersChanged: Array.isArray(req.body.blockedByIssueIds),
+            executionPolicyChanged: req.body.executionPolicy !== undefined,
+            monitorChanged,
+            resumeRequested: resumeRequested === true,
+            reopened,
+            blockedToTodoRecovery: statusChangedFromBlockedToTodo,
+        });
+        if (activeRecoveryActionBeforeUpdate && !revalidatedRecoveryAction) {
+            issueResponse = {
+                ...issueResponse,
+                activeRecoveryAction: null,
+            };
+        }
         await logActivity(db, {
             companyId: issue.companyId,
             actorType: actor.actorType,
@@ -2913,9 +3208,6 @@ export function issueRoutes(db, storage, opts = {}) {
         const statusChangedFromBacklog = existing.status === "backlog" &&
             issue.status !== "backlog" &&
             req.body.status !== undefined;
-        const statusChangedFromBlockedToTodo = existing.status === "blocked" &&
-            issue.status === "todo" &&
-            (req.body.status !== undefined || reopened);
         const statusChangedFromClosedToTodo = isClosedIssueStatus(existing.status) &&
             issue.status === "todo" &&
             req.body.status !== undefined;
@@ -3450,12 +3742,17 @@ export function issueRoutes(db, storage, opts = {}) {
                 requestedByActorId: actor.actorId,
             });
         }
+        const acceptedPlanConfirmation = interaction.kind === "request_confirmation" &&
+            interaction.status === "accepted" &&
+            issue.workMode === "planning";
         queueResolvedInteractionContinuationWakeup({
             heartbeat,
             issue: continuationWakeIssue,
             interaction,
             actor,
             source: "issue.interaction.accept",
+            forceFreshSession: acceptedPlanConfirmation,
+            workspaceRefreshReason: acceptedPlanConfirmation ? "accepted_plan_confirmation" : null,
         });
         res.json(interaction);
     });
@@ -3889,6 +4186,15 @@ export function issueRoutes(db, storage, opts = {}) {
             actor,
             source: "issue.comment",
         });
+        await revalidateActiveSourceRecoveryAfterCommittedWrite({
+            issue: currentIssue,
+            trigger: "comment",
+            actor,
+            statusChanged: reopened,
+            resumeRequested: resumeRequested === true,
+            reopened,
+            blockedToTodoRecovery: reopened && reopenFromStatus === "blocked" && currentIssue.status === "todo",
+        });
         // Merge all wakeups from this comment into one enqueue per agent to avoid duplicate runs.
         void (async () => {
             const wakeups = new Map();