@exaudeus/workrail 3.47.0 → 3.49.0

package/dist/manifest.json

@@ -238,8 +238,8 @@
       "bytes": 31
     },
     "cli-worktrain.js": {
-      "sha256": "75410de5c741ed86839f2834b69ff1dbf18b0284140a765a8a4ffd34257d19a3",
-      "bytes": 46706
+      "sha256": "4f68c32b88c84d71d7a28b4ffd818d2612e5a8c61c9f59edd4415772dfd5b9ab",
+      "bytes": 50057
     },
     "cli.d.ts": {
       "sha256": "43e818adf60173644896298637f47b01d5819b17eda46eaa32d0c7d64724d012",
@@ -258,12 +258,12 @@
       "bytes": 745
     },
     "cli/commands/index.d.ts": {
-      "sha256": "7284fb3ca25bdbe6079fee4ed7f5eee9a82fff5fbc4e056010b52f4261145880",
-      "bytes": 2251
+      "sha256": "240dc5f7055f8f4d602d41c4c659c800f80207af084683b1bd0a587cf68bfac0",
+      "bytes": 2396
     },
     "cli/commands/index.js": {
-      "sha256": "8eef74385e22afc6313b4f7022c2e0a6be267ab55d7aa11c9a83b01a5e7c0e61",
-      "bytes": 5186
+      "sha256": "fee00ff3ceb1a416bc3a2cfffcabf90bd5caeb2a1c06408ec4b32acf449da577",
+      "bytes": 5490
     },
     "cli/commands/init.d.ts": {
       "sha256": "b5f8b88a072c68509dab3938ba1d6b4a949ad32f8fc55e91c5039b8c77301c1b",
@@ -393,6 +393,14 @@
       "sha256": "b0286fef461835a0b73070fd278e43af5f3a1fbebbe1c6de1fc39ace4075df8f",
       "bytes": 1395
     },
+    "cli/commands/worktrain-trigger-test.d.ts": {
+      "sha256": "3b85edacabf0657b208892f13b8fb540f794f47f18b5a1263562d3518f7fce43",
+      "bytes": 1357
+    },
+    "cli/commands/worktrain-trigger-test.js": {
+      "sha256": "d2153a2110e70cc169596c2357410dd947c4bb69bf6167b64f4bf5b16bd5b8ca",
+      "bytes": 6413
+    },
     "cli/interpret-result.d.ts": {
       "sha256": "255f04350df9c8cf8d5e65ed2fc11d41fa60a7b5ccc818e7728b1c081340a66a",
       "bytes": 315
@@ -457,8 +465,8 @@
       "sha256": "5fe866e54f796975dec5d8ba9983aefd86074db212d3fccd64eed04bc9f0b3da",
       "bytes": 8011
     },
-    "console-ui/assets/index-B77l3WBR.js": {
-      "sha256": "0c8b1d161e8b0cfc37d5b358b8753b3d6fa00e844bbca6ba56f7969afcc95606",
+    "console-ui/assets/index-C8xHtRdz.js": {
+      "sha256": "701034ab9759e062c9d153cc53fffcf884afda7abda0e78b8ce8ded7b4fec378",
       "bytes": 760528
     },
     "console-ui/assets/index-DGj8EsFR.css": {
@@ -466,7 +474,7 @@
       "bytes": 60631
     },
     "console-ui/index.html": {
-      "sha256": "93463e0e8b5f6e0fd0e5b6c5807f4ac673abfa00f35b10dea9a3b7ea0792e178",
+      "sha256": "065c2c590747a8e525a2b48334c3427ea41a7f0cff9d9de5e1efd3137090f1e5",
       "bytes": 417
     },
     "console/standalone-console.d.ts": {
@@ -614,12 +622,12 @@
       "bytes": 1512
     },
     "daemon/workflow-runner.d.ts": {
-      "sha256": "4c67cc7a44c934469c190f11a71bd18bf0dfc31f59ab0c315b98315b96d59cce",
-      "bytes": 7048
+      "sha256": "b85875c6f608d3694702f133d3f9776cb20d79a907aafe1299e8598ab4bc8739",
+      "bytes": 7147
     },
     "daemon/workflow-runner.js": {
-      "sha256": "a5d74ec723ff0dce45d2335b811959ff0c6e6f8851edf399a70853f6bf127893",
-      "bytes": 93222
+      "sha256": "205daee642099a4ebac5c909d2afb05cadefb8ad053f6b8a0c7819d3067bffcf",
+      "bytes": 92628
     },
     "di/container.d.ts": {
       "sha256": "003bb7fb7478d627524b9b1e76bd0a963a243794a687ff233b96dc0e33a06d9f",
@@ -1222,7 +1230,7 @@
       "bytes": 7991
     },
     "mcp/output-schemas.d.ts": {
-      "sha256": "bdc67c2adadeeca632aae3a3f0df8aa521c952194300b0bd823bdd7abed805d2",
+      "sha256": "e41c4f996a7de03d96e52f1812e36c2d839f69b2ba421ae1831f6ae266cf59c5",
       "bytes": 93176
     },
     "mcp/output-schemas.js": {
@@ -1638,12 +1646,12 @@
       "bytes": 5471
     },
     "trigger/delivery-action.d.ts": {
-      "sha256": "2b3f165759b0de49b7f49023a05efa50848331ab6cd9969b49c1409346959994",
-      "bytes": 1257
+      "sha256": "559e2b2645aa60528f73de351cd35ebf45c5b82f47797aa15ddd681319315d39",
+      "bytes": 1759
     },
     "trigger/delivery-action.js": {
-      "sha256": "1a9c0d097dc0f14e66765366f878f5f8386a4a1b0c5eb9572fa90a2b60643bab",
-      "bytes": 9016
+      "sha256": "533ce91bfc12cd170dcda7840d369a37f50298c23eaccd515ee4ef11f5aad58e",
+      "bytes": 15291
     },
     "trigger/delivery-client.d.ts": {
       "sha256": "0cb2be24b854cb31e3d2fe7eeaba6032de7a9b2a5290c8bc886df94faf5306f7",
@@ -1706,20 +1714,20 @@
       "bytes": 2671
     },
     "trigger/trigger-router.js": {
-      "sha256": "1f84935ad94e36be5befbef34d10deb7467c708e6d06cd36903843806f4b49a6",
-      "bytes": 19067
+      "sha256": "3365e0f0e1f9287ff4ab0cab93f448f993b78c4bc9c7edec4f3394d6e0540baa",
+      "bytes": 19216
     },
     "trigger/trigger-store.d.ts": {
       "sha256": "7afb05127d55bc3757a550dd15d4b797766b3fff29d1bfe76b303764b93322e7",
       "bytes": 1588
     },
     "trigger/trigger-store.js": {
-      "sha256": "8e85e0bdbd1596e70c23667e84ed380d6f0cee10028cd1a41163cda3467c2bdc",
-      "bytes": 38559
+      "sha256": "7d1a61e6f0e01fd256f128f1fc223c0846eb020a87123bd03d2c31189f65c87b",
+      "bytes": 38830
     },
     "trigger/types.d.ts": {
-      "sha256": "611f047631d8334a966acb7d1a71f5aa0d8cda65da127e07081b363290bcfdc2",
-      "bytes": 3654
+      "sha256": "dc80ac05c031f24d5916bf95319dbe73262e1ada5aa5f83bedbfe6851188f8b1",
+      "bytes": 3689
     },
     "trigger/types.js": {
       "sha256": "45b4e4f23a6d1a2b07350196871b0c53840e5d8142b47f7acedd2f40ae7a6b73",

package/dist/mcp/output-schemas.d.ts

@@ -2547,14 +2547,14 @@ export declare const CreateSessionOutputSchema: z.ZodObject<{
     path: string;
     sessionId: string;
     workflowId: string;
-    dashboardUrl: string | null;
     createdAt: string;
+    dashboardUrl: string | null;
 }, {
     path: string;
     sessionId: string;
     workflowId: string;
-    dashboardUrl: string | null;
     createdAt: string;
+    dashboardUrl: string | null;
 }>;
 export declare const UpdateSessionOutputSchema: z.ZodObject<{
     updatedAt: z.ZodString;

package/dist/trigger/delivery-action.d.ts

@@ -11,8 +11,15 @@ export interface HandoffArtifact {
 export interface DeliveryFlags {
     readonly autoCommit?: boolean;
     readonly autoOpenPR?: boolean;
+    readonly secretScan?: boolean;
     readonly sessionId?: string;
     readonly branchPrefix?: string;
+    readonly triggerId?: string;
+    readonly workflowId?: string;
+    readonly botIdentity?: {
+        readonly name: string;
+        readonly email: string;
+    };
 }
 export type DeliveryResult = {
     readonly _tag: 'committed';
@@ -25,7 +32,7 @@ export type DeliveryResult = {
     readonly reason: string;
 } | {
     readonly _tag: 'error';
-    readonly phase: 'parse' | 'commit' | 'pr';
+    readonly phase: 'parse' | 'secret_scan' | 'commit' | 'pr';
     readonly details: string;
 };
 export type ExecFn = (file: string, args: string[], options: {
@@ -35,5 +42,14 @@ export type ExecFn = (file: string, args: string[], options: {
     stdout: string;
     stderr: string;
 }>;
+export interface SecretScanResult {
+    readonly found: boolean;
+    readonly findings: ReadonlyArray<{
+        readonly name: string;
+        readonly file: string;
+        readonly lineNumber: number;
+    }>;
+}
+export declare function scanForSecrets(diff: string): SecretScanResult;
 export declare function parseHandoffArtifact(notes: string): Result<HandoffArtifact, string>;
 export declare function runDelivery(artifact: HandoffArtifact, workspacePath: string, flags: DeliveryFlags, execFn: ExecFn): Promise<DeliveryResult>;

package/dist/trigger/delivery-action.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanForSecrets = scanForSecrets;
 exports.parseHandoffArtifact = parseHandoffArtifact;
 exports.runDelivery = runDelivery;
 const crypto = __importStar(require("node:crypto"));
@@ -41,6 +42,68 @@ const os = __importStar(require("node:os"));
 const path = __importStar(require("node:path"));
 const result_js_1 = require("../runtime/result.js");
 const DELIVERY_TIMEOUT_MS = 60 * 1000;
+const SECRET_PATTERNS = [
+    { name: 'GitHub token', pattern: /ghp_[A-Za-z0-9]{36}/g },
+    { name: 'GitHub OAuth token', pattern: /gho_[A-Za-z0-9]{36}/g },
+    { name: 'GitHub app token', pattern: /ghs_[A-Za-z0-9]{36}/g },
+    { name: 'OpenAI key', pattern: /sk-[A-Za-z0-9]{48}/g },
+    { name: 'Anthropic key', pattern: /sk-ant-[A-Za-z0-9\-_]{90,}/g },
+    { name: 'AWS access key', pattern: /AKIA[0-9A-Z]{16}/g },
+    { name: 'AWS secret key', pattern: /[Aa][Ww][Ss][._-]?[Ss][Ee][Cc][Rr][Ee][Tt][._-]?[Kk][Ee][Yy]\s*[:=]\s*['"]?[A-Za-z0-9+\/]{40}/g },
+    { name: 'Slack token', pattern: /xox[aboprs]-[A-Za-z0-9\-]+/g },
+    { name: 'Private key', pattern: /-----BEGIN [A-Z]+ PRIVATE KEY-----/g },
+    { name: 'Generic secret assign', pattern: /(?:password|passwd|secret|api[_-]?key|auth[_-]?token)\s*[:=]\s*['"][^'"]{8,}/gi },
+];
+function scanForSecrets(diff) {
+    if (!diff.trim()) {
+        return { found: false, findings: [] };
+    }
+    const findings = [];
+    const lines = diff.split('\n');
+    let currentFile = '(unknown)';
+    let currentLineNumber = 0;
+    for (const line of lines) {
+        if (line.startsWith('+++ ')) {
+            const filePath = line.slice(4);
+            currentFile = filePath.startsWith('b/') ? filePath.slice(2) : filePath;
+            currentLineNumber = 0;
+            continue;
+        }
+        if (line.startsWith('@@')) {
+            const hunkMatch = line.match(/^@@ -\d+(?:,\d+)? \+(\d+)(?:,\d+)? @@/);
+            if (hunkMatch?.[1] !== undefined) {
+                currentLineNumber = parseInt(hunkMatch[1], 10) - 1;
+            }
+            continue;
+        }
+        if (line.startsWith('--- ') || line.startsWith('diff ') || line.startsWith('index ') || line.startsWith('\\')) {
+            continue;
+        }
+        if (line.startsWith(' ')) {
+            currentLineNumber++;
+            continue;
+        }
+        if (line.startsWith('-')) {
+            continue;
+        }
+        if (line.startsWith('+')) {
+            currentLineNumber++;
+            const content = line.slice(1);
+            for (const { name, pattern } of SECRET_PATTERNS) {
+                pattern.lastIndex = 0;
+                if (pattern.test(content)) {
+                    findings.push({ name, file: currentFile, lineNumber: currentLineNumber });
+                    break;
+                }
+                pattern.lastIndex = 0;
+            }
+        }
+    }
+    return {
+        found: findings.length > 0,
+        findings,
+    };
+}
 function parseHandoffArtifact(notes) {
     if (!notes || notes.trim() === '') {
         return (0, result_js_1.err)('notes is empty');
@@ -170,14 +233,70 @@ async function runDelivery(artifact, workspacePath, flags, execFn) {
             };
         }
     }
-    const commitMessage = artifact.commitSubject.startsWith(`${artifact.commitType}(`)
+    const baseCommitMessage = artifact.commitSubject.startsWith(`${artifact.commitType}(`)
         ? artifact.commitSubject
         : `${artifact.commitType}(${artifact.commitScope}): ${artifact.commitSubject}`;
+    const trailers = [
+        ...(flags.sessionId ? [`Worktrain-Session: ${flags.sessionId}`] : []),
+        'Co-authored-by: WorkTrain <worktrain@noreply.local>',
+    ].join('\n');
+    const commitMessage = `${baseCommitMessage}\n\n${trailers}`;
     let commitStdout;
     let commitStderr;
     try {
         await execFn('git', ['add', ...artifact.filesChanged], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
-        const commitResult = await execFn('git', ['commit', '-m', commitMessage], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+        if (flags.secretScan !== false) {
+            let stagedDiff = '';
+            try {
+                const diffResult = await execFn('git', ['diff', '--cached'], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+                stagedDiff = diffResult.stdout;
+            }
+            catch (e) {
+                return {
+                    _tag: 'error',
+                    phase: 'secret_scan',
+                    details: `Failed to retrieve staged diff for secret scan: ${formatExecError(e)}\nDelivery aborted.`,
+                };
+            }
+            const scanResult = scanForSecrets(stagedDiff);
+            if (scanResult.found) {
+                const findingLines = scanResult.findings
+                    .map(f => `  - ${f.name} in ${f.file}:${f.lineNumber}`)
+                    .join('\n');
+                return {
+                    _tag: 'error',
+                    phase: 'secret_scan',
+                    details: `Secret scan detected potential secrets in staged files:\n${findingLines}\n` +
+                        `Delivery aborted. Review and remove secrets before retrying.\n` +
+                        `Set secretScan: false in your trigger config to bypass this check.`,
+                };
+            }
+            try {
+                await execFn('gitleaks', ['detect', '--source', '.', '--staged', '--no-git'], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+            }
+            catch (e) {
+                const execErr = e;
+                if (execErr.code === 'ENOENT') {
+                }
+                else {
+                    return {
+                        _tag: 'error',
+                        phase: 'secret_scan',
+                        details: `gitleaks detected potential secrets in staged files.\n` +
+                            `Delivery aborted. Review and remove secrets before retrying.\n` +
+                            `Set secretScan: false in your trigger config to bypass this check.`,
+                    };
+                }
+            }
+        }
+        const commitArgs = flags.botIdentity
+            ? [
+                '-c', `user.name=${flags.botIdentity.name}`,
+                '-c', `user.email=${flags.botIdentity.email}`,
+                'commit', '-m', commitMessage,
+            ]
+            : ['commit', '-m', commitMessage];
+        const commitResult = await execFn('git', commitArgs, { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
         commitStdout = commitResult.stdout;
         commitStderr = commitResult.stderr;
     }
@@ -190,13 +309,24 @@ async function runDelivery(artifact, workspacePath, flags, execFn) {
     if (flags.autoOpenPR !== true) {
         return { _tag: 'committed', sha };
     }
+    const prTitle = artifact.prTitle.startsWith('[WT] ')
+        ? artifact.prTitle
+        : `[WT] ${artifact.prTitle}`;
+    const footerParts = ['---', '\u{1F916} **Automated by WorkTrain**'];
+    if (flags.sessionId)
+        footerParts.push(`Session: \`${flags.sessionId}\``);
+    if (flags.triggerId)
+        footerParts.push(`Trigger: \`${flags.triggerId}\``);
+    if (flags.workflowId)
+        footerParts.push(`Workflow: \`${flags.workflowId}\``);
+    const prBodyWithFooter = `${artifact.prBody}\n\n${footerParts.join(' | ')}`;
     const tmpDir = os.tmpdir();
     const tmpFile = path.join(tmpDir, `workrail-pr-body-${crypto.randomUUID()}.md`);
     let prStdout;
     try {
-        await fs.writeFile(tmpFile, artifact.prBody, 'utf8');
+        await fs.writeFile(tmpFile, prBodyWithFooter, 'utf8');
         try {
-            const prResult = await execFn('gh', ['pr', 'create', '--title', artifact.prTitle, '--body-file', tmpFile], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+            const prResult = await execFn('gh', ['pr', 'create', '--title', prTitle, '--body-file', tmpFile], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
             prStdout = prResult.stdout;
         }
         catch (e) {
@@ -212,6 +342,20 @@ async function runDelivery(artifact, workspacePath, flags, execFn) {
         });
     }
     const prUrl = prStdout.trim().split('\n').at(-1)?.trim() ?? '';
+    if (prUrl) {
+        try {
+            await execFn('gh', ['label', 'create', 'worktrain:generated', '--description', 'PR authored by WorkTrain', '--color', '0075ca'], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+        }
+        catch {
+        }
+        try {
+            await execFn('gh', ['pr', 'edit', prUrl, '--add-label', 'worktrain:generated'], { cwd: workspacePath, timeout: DELIVERY_TIMEOUT_MS });
+        }
+        catch (e) {
+            console.warn(`[runDelivery] WARNING: Failed to add worktrain:generated label to PR ${prUrl}: ` +
+                `${e instanceof Error ? e.message : String(e)}`);
+        }
+    }
     return { _tag: 'pr_opened', url: prUrl };
 }
 function formatExecError(e) {

package/dist/trigger/trigger-router.js

@@ -141,6 +141,9 @@ async function maybeRunDelivery(triggerId, trigger, result, execFn) {
     const deliveryResult = await (0, delivery_action_js_1.runDelivery)(parseResult.value, deliveryCwd, {
         autoCommit: trigger.autoCommit,
         autoOpenPR: trigger.autoOpenPR,
+        triggerId,
+        workflowId: trigger.workflowId,
+        ...(result.botIdentity !== undefined ? { botIdentity: result.botIdentity } : {}),
         ...(trigger.branchStrategy === 'worktree' && result.sessionWorkspacePath
             ? {
                 sessionId: result.sessionId ?? '',

package/dist/trigger/trigger-store.js

@@ -385,6 +385,9 @@ function setTriggerField(trigger, key, value) {
         case 'autoOpenPR':
             trigger.autoOpenPR = value;
             break;
+        case 'secretScan':
+            trigger.secretScan = value;
+            break;
         case 'workspaceName':
             trigger.workspaceName = value;
             break;
@@ -613,6 +616,9 @@ function validateAndResolveTrigger(raw, env, workspaces = {}) {
     }
     const autoCommit = raw.autoCommit?.trim().toLowerCase() === 'true';
     const autoOpenPR = raw.autoOpenPR?.trim().toLowerCase() === 'true';
+    const secretScan = raw.secretScan?.trim()
+        ? raw.secretScan.trim().toLowerCase() === 'true'
+        : undefined;
     if (autoOpenPR && !autoCommit) {
         console.warn(`[TriggerStore] Warning: trigger "${rawId}" has autoOpenPR: true but autoCommit is not true. ` +
             `A PR requires a commit -- delivery will be skipped unless autoCommit is also set to true.`);
@@ -820,6 +826,7 @@ function validateAndResolveTrigger(raw, env, workspaces = {}) {
         ...(onComplete !== undefined ? { onComplete } : {}),
         ...(autoCommit ? { autoCommit } : {}),
         ...(autoOpenPR ? { autoOpenPR } : {}),
+        ...(secretScan !== undefined ? { secretScan } : {}),
         ...(pollingSource !== undefined ? { pollingSource } : {}),
         ...(resolvedWorkspaceName !== undefined ? { workspaceName: resolvedWorkspaceName } : {}),
         ...(resolvedSoulFile ? { soulFile: resolvedSoulFile } : {}),

package/dist/trigger/types.d.ts

@@ -79,6 +79,7 @@ export interface TriggerDefinition {
     readonly concurrencyMode: 'serial' | 'parallel';
     readonly callbackUrl?: string;
     readonly autoCommit?: boolean;
+    readonly secretScan?: boolean;
     readonly autoOpenPR?: boolean;
     readonly onComplete?: {
         readonly runOn: 'success' | 'failure' | 'always';

package/docs/ideas/backlog.md

@@ -6555,3 +6555,76 @@ Proposed `jira_poll` config:
 ### Priority
 
 Medium. GitLab MR review already works. Jira issue queue is the next most impactful integration for enterprise users. Design alongside the label-based GitHub queue -- the patterns are identical, just different API shapes.
+
+---
+
+## Queue opt-in design: unresolved decisions (Apr 20, 2026)
+
+**Status: DO NOT IMPLEMENT until these questions are answered.**
+
+The self-improvement queue was partially implemented using label-based opt-in, then later walked back. This section records what's actually unresolved so future work starts from the right place.
+
+### What's wrong with the current state
+
+The `github_queue_poll` trigger now supports both `assignee` and `label` queue types. The code is correct. But `triggers.yml` has no active queue trigger because the opt-in mechanism isn't settled -- see below.
+
+The label approach was implemented as a practical fallback when "no bot account" ruled out assignee-based. But labels were what we explicitly rejected in the original design because they require humans to apply them per issue. Reversing that decision without acknowledging it was a mistake. The right answer isn't to pick one mechanism -- it's to keep the queue shape configurable (which we already designed) and pick the right shape per context.
+
+### The configurable queue shape (already designed, partially implemented)
+
+```
+{ "queue": { "type": "github_assignee", "user":  "worktrain-etienneb" } }
+{ "queue": { "type": "github_label",    "name":  "worktrain:ready" } }
+{ "queue": { "type": "github_query",    "search": "is:issue is:open ..." } }
+{ "queue": { "type": "jql",             "query": "assignee=currentUser() AND status='Ready for Dev'" } }
+{ "queue": { "type": "gitlab_label",    "name":  "worktrain" } }
+```
+
+For the workrail repo specifically: either `github_assignee` (accept the conflation between your personal assignments and WorkTrain's queue -- fine for a solo repo) or `github_label` (apply label per issue -- more discipline, more friction). Neither is wrong; pick based on preference.
+
+### Enterprise implications that must be resolved before Zillow work
+
+Three questions for the user to verify before designing any Zillow path:
+
+1. **Service account process**: Does Zillow have a ServiceDesk or security review process for requesting service accounts (`worktrain-etienneb@zillow`)? If yes, request one through proper channels rather than acting under your personal identity.
+
+2. **AUP check**: Does Zillow's Acceptable Use Policy permit automation acting under employee identities without an explicit security review? If not, "WorkTrain acts as you" is not viable -- a service account is required.
+
+3. **Self-approval rules**: Can you approve your own MRs in Zillow's GitLab? If "no self-approval" is enforced, every WorkTrain MR needs a human reviewer. That changes the pipeline (no auto-merge under personal identity).
+
+These three answers determine the entire architecture for Zillow. Do not design the Jira/GitLab path until they are known.
+
+### Enterprise identity risk (important)
+
+"WorkTrain acts as you" is different from "Dependabot acts as you." Dependabot does narrow, predictable operations (dependency bumps). WorkTrain does arbitrary LLM-driven code changes. Every autonomous action -- MR opened, commit pushed, comment posted -- is attributed to you in audit logs. If WorkTrain does something wrong under your identity, the audit trail points to you. Understand this risk before turning on autonomy against company repos.
+
+### Jira return path (missing from current jira_poll design)
+
+The `jira_poll` backlog entry describes pulling tickets from Jira. It does not describe writing back:
+- Moving the ticket to "In Review" when an MR is opened
+- Adding the MR URL to the Jira ticket (a Jira field or comment)
+- Reacting to Jira transitions mid-work (ticket moved back to "To Do" → WorkTrain stops)
+
+The full Jira integration is a round-trip, not just a poll. Design the return path before implementing `jira_poll`.
+
+---
+
+## Gate 2 follow-up: per-trigger gh CLI token for delivery (Apr 20, 2026)
+
+`delivery-action.ts` calls `gh pr create` using whatever `gh` CLI auth is configured globally -- it does not pass a per-trigger token. For single-identity (always acting as yourself) this is fine. For multi-identity (Zillow service account alongside personal trigger), the globally authenticated `gh` user handles all PR creation, silently using the wrong identity.
+
+**Fix when multi-identity is needed:** Pass `GH_TOKEN=<triggerToken>` env override to `execFn` when calling `gh pr create` and `gh pr merge`. Not a blocker for single-identity. Prerequisite for multi-identity support.
+
+---
+
+## Queue config discriminated union tightening (Apr 20, 2026)
+
+`GitHubQueueConfig` uses a flat interface with runtime validation. Should be a proper TypeScript discriminated union so `type: 'assignee'` requires `user` at compile time. Low priority but tracked per "make illegal states unrepresentable."
+
+---
+
+## Kill switch and commit signing (Apr 20, 2026)
+
+**Kill switch:** `worktrain kill-sessions` -- aborts all running daemon sessions immediately. Useful when WorkTrain is doing something unexpected. Sends abort signal to all active sessions, marks them user-killed in the event log.
+
+**Commit signing:** verify `git commit` honors existing `commit.gpgsign` config, or add explicit opt-out for bot identities that don't have signing keys. Empirically verify before declaring this solved.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@exaudeus/workrail",
-  "version": "3.47.0",
+  "version": "3.49.0",
   "description": "Step-by-step workflow enforcement for AI agents via MCP",
   "license": "MIT",
   "repository": {