@flumecode/runner 0.16.0 → 0.18.0

package/dist/cli.js

@@ -26,8 +26,8 @@ function writeConfig(config) {
 }
 
 // src/run.ts
-import { existsSync as existsSync4 } from "node:fs";
-import { join as join6 } from "node:path";
+import { existsSync as existsSync3 } from "node:fs";
+import { join as join4 } from "node:path";
 
 // src/version.ts
 import { readFileSync as readFileSync2 } from "node:fs";
@@ -180,865 +180,459 @@ async function safeText(res) {
   }
 }
 
-// src/plugins/socket.ts
-import { exec as execCb } from "node:child_process";
-import { readFile as readFile2 } from "node:fs/promises";
-import { join as join4 } from "node:path";
-import { promisify as promisify2 } from "node:util";
-
-// src/workspace.ts
-import { execFile } from "node:child_process";
-import { existsSync as existsSync2 } from "node:fs";
-import { mkdtemp, readdir, rm } from "node:fs/promises";
-import { tmpdir } from "node:os";
-import { join as join2 } from "node:path";
-import { promisify } from "node:util";
-
-// src/types.ts
-function jobTitle(ctx) {
-  return ctx.kind === "init" ? "Initialize FlumeCode wiki" : ctx.request?.title ?? "request";
-}
+// src/executor.ts
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+import { query } from "@anthropic-ai/claude-agent-sdk";
 
-// src/logger.ts
-var lines = [];
-var secrets = [];
-var MAX_BYTES = 10 * 1024 * 1024;
-function startJobLog(opts) {
-  lines = [];
-  secrets = opts.secrets.filter(Boolean);
-  logEvent("meta", `job ${opts.jobId} (${opts.kind}) started at ${(/* @__PURE__ */ new Date()).toISOString()}`);
-}
-function redact(s) {
-  for (const sec of secrets) {
-    s = s.split(sec).join("***REDACTED***");
-  }
-  return s;
+// src/widgets.ts
+import { randomUUID } from "node:crypto";
+import { createSdkMcpServer, tool } from "@anthropic-ai/claude-agent-sdk";
+import { z } from "zod";
+var SERVER_NAME = "flume_widgets";
+var SINGLE_SELECT = "single_select";
+var MULTI_SELECT = "multi_select";
+var WIDGET_TOOL_NAMES = [
+  `mcp__${SERVER_NAME}__${SINGLE_SELECT}`,
+  `mcp__${SERVER_NAME}__${MULTI_SELECT}`
+];
+var optionsSchema = z.array(z.string().min(1)).min(2).max(8).describe("2\u20138 short, distinct choices for the user to pick from.");
+var TAIL = "Do NOT add an 'Other' or 'None of these' catch-all \u2014 the UI always offers an 'Other' free-text option automatically. After calling this, END YOUR TURN and wait: the user's answer arrives as their next message and starts a fresh run.";
+function createWidgetTooling() {
+  const collected = [];
+  const singleSelect = tool(
+    SINGLE_SELECT,
+    "Ask the user a single-select (radio-button) question \u2014 exactly one answer. Use this for a genuine either/or choice (competing approaches, scope decisions, yes/no) instead of writing the options as prose. " + TAIL,
+    {
+      question: z.string().min(1).describe("The question to ask the user."),
+      body: z.string().optional().describe(
+        "Optional markdown shown above the question so the user can read the context they're confirming (e.g. the drafted release notes). Omit for plain questions."
+      ),
+      options: optionsSchema
+    },
+    async (args) => {
+      collected.push({
+        id: randomUUID(),
+        type: "single_select",
+        question: args.question,
+        body: args.body,
+        options: args.options.map((label) => ({ id: randomUUID(), label })),
+        selectedOptionId: null,
+        customAnswer: null
+      });
+      return widgetPosted("single-select");
+    }
+  );
+  const multiSelect = tool(
+    MULTI_SELECT,
+    "Ask the user a multi-select (checkbox) question \u2014 they may pick any number of options, including none of the presets if they use 'Other'. Use this for 'select all that apply' questions (which features to include, which files to touch). " + TAIL,
+    {
+      question: z.string().min(1).describe("The question to ask the user."),
+      body: z.string().optional().describe(
+        "Optional markdown shown above the question so the user can read the context they're confirming (e.g. the drafted release notes). Omit for plain questions."
+      ),
+      options: optionsSchema
+    },
+    async (args) => {
+      collected.push({
+        id: randomUUID(),
+        type: "multi_select",
+        question: args.question,
+        body: args.body,
+        options: args.options.map((label) => ({ id: randomUUID(), label })),
+        selectedOptionIds: null,
+        customAnswer: null
+      });
+      return widgetPosted("multi-select");
+    }
+  );
+  const mcpServer = createSdkMcpServer({
+    name: SERVER_NAME,
+    tools: [singleSelect, multiSelect]
+  });
+  return { mcpServer, collected };
 }
-function logEvent(section, text) {
-  lines.push(`[${(/* @__PURE__ */ new Date()).toISOString()}] [${section}] ${redact(text)}`);
+function widgetPosted(kind) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: `Question posted to the user as a ${kind} widget. End your turn now and wait \u2014 their answer will arrive as their next message.`
+      }
+    ]
+  };
 }
-function getJobLog() {
-  const full = lines.join("\n");
-  if (full.length <= MAX_BYTES) return full;
-  const half = Math.floor(MAX_BYTES / 2);
-  return full.slice(0, half) + `
 
-\u2026[truncated ${full.length - MAX_BYTES} bytes]\u2026
+// src/plan.ts
+import { createSdkMcpServer as createSdkMcpServer2, tool as tool2 } from "@anthropic-ai/claude-agent-sdk";
+import { z as z2 } from "zod";
 
-` + full.slice(-half);
+// src/code-lang.ts
+var EXT_TO_LANG = {
+  ts: "typescript",
+  tsx: "tsx",
+  js: "javascript",
+  jsx: "jsx",
+  json: "json",
+  css: "css",
+  md: "markdown",
+  sh: "bash",
+  py: "python",
+  yaml: "yaml",
+  yml: "yaml",
+  html: "markup",
+  xml: "markup",
+  sql: "sql"
+};
+function langFromPath(path) {
+  const ext = path.split(".").pop()?.toLowerCase();
+  return ext ? EXT_TO_LANG[ext] : void 0;
 }
 
-// src/workspace.ts
-var exec = promisify(execFile);
-var WORKSPACE_PREFIX = "flume-runner-";
-var MAX_BUFFER = 1 << 24;
-async function git(args) {
-  logEvent("git", `git ${args.join(" ")}`);
-  try {
-    const result = await exec("git", args, { maxBuffer: MAX_BUFFER });
-    if (result.stdout.trim()) logEvent("git:out", result.stdout.trim());
-    if (result.stderr.trim()) logEvent("git:err", result.stderr.trim());
-    return result;
-  } catch (err) {
-    logEvent("git:err", String(err.stderr ?? err));
-    throw err;
-  }
-}
-async function ensureGitIdentity(dir, identity) {
-  await git(["-C", dir, "config", "user.email", identity.email]);
-  await git(["-C", dir, "config", "user.name", identity.name]);
-}
-function cloneUrl(ctx) {
-  const { owner, name, cloneToken } = ctx.repo;
-  return `https://x-access-token:${cloneToken}@github.com/${owner}/${name}.git`;
-}
-function detectPackageManager(dir) {
-  if (!existsSync2(join2(dir, "package.json"))) return null;
-  if (existsSync2(join2(dir, "pnpm-lock.yaml"))) return "pnpm";
-  if (existsSync2(join2(dir, "yarn.lock"))) return "yarn";
-  if (existsSync2(join2(dir, "package-lock.json"))) return "npm";
-  if (existsSync2(join2(dir, "bun.lockb"))) return "bun";
-  return "npm";
-}
-async function installDependencies(dir) {
-  const manager = detectPackageManager(dir);
-  if (manager === null) return { status: "skipped" };
-  const env = { ...process.env, CI: "1", ADBLOCK: "1", DISABLE_OPENCOLLECTIVE: "1" };
-  logEvent("install", `${manager} install`);
-  try {
-    const result = await exec(manager, ["install"], {
-      cwd: dir,
-      maxBuffer: MAX_BUFFER,
-      env,
-      timeout: 5 * 6e4
-    });
-    if (result.stdout.trim()) logEvent("install:out", result.stdout.trim());
-    if (result.stderr.trim()) logEvent("install:err", result.stderr.trim());
-    return { status: "installed", manager };
-  } catch (err) {
-    const e = err;
-    const detail = [e.stdout, e.stderr].map((s) => typeof s === "string" ? s.trim() : "").filter(Boolean).join("\n");
-    logEvent("install:err", detail || (err instanceof Error ? err.message : String(err)));
-    return { status: "failed", manager, error: err instanceof Error ? err.message : String(err) };
-  }
-}
-async function makeWorkspace() {
-  return mkdtemp(join2(tmpdir(), WORKSPACE_PREFIX));
+// src/schema-hints.ts
+var INLINE_CODE_HINT = "Wrap code identifiers (function, variable, type, and file names, commands, and flags) in inline backticks, e.g. `getCodingSessionsForRequest`.";
+
+// src/plan.ts
+var SERVER_NAME2 = "flume_plan";
+var SUBMIT_PLAN = "submit_plan";
+var PLAN_TOOL_NAME = `mcp__${SERVER_NAME2}__${SUBMIT_PLAN}`;
+var PLAN_MARKER = "<!-- flumecode:end-of-plan -->";
+var pseudoCodeEntrySchema = z2.object({
+  file: z2.string().min(1),
+  pseudoCode: z2.string().min(1)
+});
+var stepSchema = z2.object({
+  title: z2.string().min(1).describe("A concise imperative title for this step."),
+  description: z2.array(z2.string().min(1)).min(1).describe(
+    "Bullet points that explain this step's change so a reviewer can judge whether the design is correct. Each array item is one short, self-contained bullet \u2014 not a single paragraph, and not a restatement of the pseudo code. " + INLINE_CODE_HINT
+  ),
+  pseudoCode: z2.array(pseudoCodeEntrySchema).optional().describe(
+    "Per-file pseudo code. Provide an entry for every non-documentation file this step touches. Each entry contains the file path and pseudo code describing the changes to that file."
+  )
+});
+var planInputSchema = {
+  title: z2.string().min(1).max(120).describe(
+    "A concise, descriptive name for THIS plan. Must be distinct from the request title and from any sibling plans on the same request. Keep it under 120 characters."
+  ),
+  scope: z2.enum(["feat", "fix", "chore", "docs", "test", "refactor"]).describe("The primary intent of the change."),
+  goal: z2.string().min(1).describe("One or two sentences stating the outcome. " + INLINE_CODE_HINT),
+  rootCause: z2.string().optional().describe(
+    'For bug fixes (scope === "fix"): the underlying cause of the bug \u2014 the specific code, logic, or condition that produces the incorrect behavior, not just the symptom. Required when scope is "fix"; omit for all other scopes. ' + INLINE_CODE_HINT
+  ),
+  assumptions: z2.array(z2.string()).describe("Anything decided during planning, including unanswered defaults."),
+  requirements: z2.array(z2.string().min(1)).min(1).describe(
+    "Required, human-readable statements of what this change must accomplish and why, in plain language a non-technical reader can follow. Distinct from acceptanceCriteria: requirements explain intent/rationale; acceptance criteria are the machine-checkable proof. At least 1 required. " + INLINE_CODE_HINT
+  ),
+  steps: z2.array(stepSchema).min(1).describe("Ordered list of changes. Each step says what and why, with file references."),
+  acceptanceCriteria: z2.array(z2.string().min(1)).min(2).describe(
+    "Concrete, deterministically-checkable conditions that together define done. Each names a trigger/precondition and the exact observable result (run X -> output Y; file Z contains W; f(a) returns b) \u2014 no vague adjectives, not a restatement of a step. The set must collectively cover every step's change. At least 2 required. " + INLINE_CODE_HINT
+  ),
+  risks: z2.array(z2.string()).describe("Anything that could change the approach."),
+  outOfScope: z2.array(z2.string()).describe("What is deliberately not being done.")
+};
+function requireRootCauseForFix(schema) {
+  return schema.superRefine((plan, ctx) => {
+    if (plan.scope === "fix" && (plan.rootCause === void 0 || plan.rootCause.trim() === "")) {
+      ctx.addIssue({
+        code: z2.ZodIssueCode.custom,
+        path: ["rootCause"],
+        message: 'rootCause is required and must be non-empty when scope is "fix".'
+      });
+    }
+  });
 }
-var MAX_WORKSPACES = 8;
-var workspaceRegistry = /* @__PURE__ */ new Map();
-async function acquireWorkspace(key) {
-  const existing = workspaceRegistry.get(key);
-  if (existing !== void 0 && existsSync2(existing)) {
-    workspaceRegistry.delete(key);
-    workspaceRegistry.set(key, existing);
-    return { dir: existing, reused: true };
+var planSchema = requireRootCauseForFix(z2.object(planInputSchema));
+function renderPlan(plan) {
+  const lines2 = [];
+  lines2.push(`# ${plan.title}`);
+  lines2.push("");
+  lines2.push(`**Scope** \u2014 \`${plan.scope}\``);
+  lines2.push("");
+  lines2.push(`**Goal** \u2014 ${plan.goal}`);
+  if (plan.assumptions.length > 0) {
+    lines2.push("");
+    lines2.push("**Assumptions**");
+    for (const assumption of plan.assumptions) {
+      lines2.push(`- ${assumption}`);
+    }
   }
-  const dir = await makeWorkspace();
-  workspaceRegistry.set(key, dir);
-  if (workspaceRegistry.size > MAX_WORKSPACES) {
-    const oldest = workspaceRegistry.keys().next().value;
-    const oldDir = workspaceRegistry.get(oldest);
-    workspaceRegistry.delete(oldest);
-    rm(oldDir, { recursive: true, force: true }).catch(() => {
-    });
+  if (plan.rootCause && plan.rootCause.trim().length > 0) {
+    lines2.push("");
+    lines2.push("## Root cause");
+    lines2.push(plan.rootCause);
   }
-  return { dir, reused: false };
-}
-async function discardWorkspace(key) {
-  const dir = workspaceRegistry.get(key);
-  workspaceRegistry.delete(key);
-  if (dir !== void 0) {
-    await cleanup(dir).catch(() => {
-    });
+  lines2.push("");
+  lines2.push("## Requirements");
+  for (const requirement of plan.requirements) {
+    lines2.push(`- ${requirement}`);
   }
-}
-async function resetWorkspace(dir) {
-  await git(["-C", dir, "reset", "--hard", "HEAD"]).catch(() => {
-  });
-  await git(["-C", dir, "clean", "-fd"]).catch(() => {
-  });
-}
-async function prepareAtSha(ctx, dir, reused) {
-  const identity = { name: ctx.agentName, email: ctx.agentEmail };
-  if (!reused) {
-    await cloneAtSha(ctx, dir);
-    await ensureGitIdentity(dir, identity);
-    return;
+  lines2.push("");
+  lines2.push("## Steps");
+  for (const [i, step] of plan.steps.entries()) {
+    lines2.push("");
+    lines2.push(`### ${i + 1}. ${step.title}`);
+    lines2.push("");
+    for (const bullet of step.description) {
+      lines2.push(`- ${bullet}`);
+    }
+    if (step.pseudoCode && step.pseudoCode.length > 0) {
+      for (const entry of step.pseudoCode) {
+        lines2.push("");
+        lines2.push(`\`${entry.file}\``);
+        lines2.push("");
+        const lang = langFromPath(entry.file);
+        lines2.push(lang ? "```" + lang : "```");
+        lines2.push(entry.pseudoCode);
+        lines2.push("```");
+      }
+    }
   }
-  await git(["-C", dir, "remote", "set-url", "origin", cloneUrl(ctx)]);
-  await ensureGitIdentity(dir, identity);
-}
-async function prepareResumingBranch(ctx, dir, reused) {
-  const identity = { name: ctx.agentName, email: ctx.agentEmail };
-  if (!reused) {
-    const result = await cloneResumingBranch(ctx, dir);
-    await ensureGitIdentity(dir, identity);
-    return result;
+  lines2.push("");
+  lines2.push("## Acceptance criteria");
+  for (const criterion of plan.acceptanceCriteria) {
+    lines2.push(`- [ ] ${criterion}`);
   }
-  await git(["-C", dir, "remote", "set-url", "origin", cloneUrl(ctx)]);
-  await ensureGitIdentity(dir, identity);
-  return { resumed: true };
-}
-async function sweepWorkspaces() {
-  const base = tmpdir();
-  let entries;
-  try {
-    entries = await readdir(base);
-  } catch {
-    return 0;
+  if (plan.risks.length > 0) {
+    lines2.push("");
+    lines2.push("**Risks / open questions**");
+    for (const risk of plan.risks) {
+      lines2.push(`- ${risk}`);
+    }
   }
-  let removed = 0;
-  for (const entry of entries) {
-    if (!entry.startsWith(WORKSPACE_PREFIX)) continue;
-    try {
-      await rm(join2(base, entry), { recursive: true, force: true });
-      removed++;
-    } catch {
+  if (plan.outOfScope.length > 0) {
+    lines2.push("");
+    lines2.push("**Out of scope**");
+    for (const item of plan.outOfScope) {
+      lines2.push(`- ${item}`);
     }
   }
-  return removed;
+  lines2.push("");
+  lines2.push(PLAN_MARKER);
+  return lines2.join("\n");
 }
-async function cloneAtSha(ctx, dir) {
-  await git(["clone", "--quiet", cloneUrl(ctx), dir]);
-  await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, ctx.repo.checkoutSha]);
+var submitPlanInputSchema = {
+  plans: z2.array(requireRootCauseForFix(z2.object(planInputSchema))).min(1).refine(
+    (arr) => {
+      const titles = arr.map((p) => p.title.trim()).filter((t) => t.length > 0);
+      return new Set(titles).size === titles.length;
+    },
+    { message: "Each plan must have a distinct non-empty title" }
+  )
+};
+var submitPlanSchema = z2.object(submitPlanInputSchema);
+function createPlanTooling() {
+  let renderedPlans = null;
+  const submitPlan = tool2(
+    SUBMIT_PLAN,
+    `Submit ALL your plans in a single call \u2014 one entry per plan; each becomes its own independently-acceptable Accept-as-plan draft. Do NOT call submit_plan more than once. acceptanceCriteria is required in each plan and must contain at least 2 observable, verifiable conditions. The 'title' field names each specific plan \u2014 make it concise and distinct from the request title and from sibling plan titles. requirements is required in each plan: at least 1 plain-language statement of what the change must accomplish and why (human-readable intent), separate from the machine-checkable acceptanceCriteria. When a plan's scope is "fix", rootCause is required: a non-empty explanation of the underlying cause of the bug (not just the symptom). `,
+    submitPlanInputSchema,
+    async (args) => {
+      const parsed = submitPlanSchema.parse(args);
+      renderedPlans = parsed.plans.map(renderPlan);
+      return {
+        content: [
+          {
+            type: "text",
+            text: "Plan(s) submitted. The runner will render and post them as your comment(s). End your turn now."
+          }
+        ]
+      };
+    }
+  );
+  const mcpServer = createSdkMcpServer2({
+    name: SERVER_NAME2,
+    tools: [submitPlan]
+  });
+  return { mcpServer, getPlans: () => renderedPlans };
 }
-async function cloneResumingBranch(ctx, dir) {
-  await git(["clone", "--quiet", cloneUrl(ctx), dir]);
-  try {
-    await git(["-C", dir, "fetch", "--quiet", "origin", ctx.repo.checkoutBranch]);
-    await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, "FETCH_HEAD"]);
-    return { resumed: true };
-  } catch {
-    await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, ctx.repo.checkoutSha]);
-    return { resumed: false };
+function countPlanAcceptanceCriteria(planBody) {
+  if (!planBody) return 0;
+  const lines2 = planBody.split("\n");
+  const start2 = lines2.findIndex((l) => l.trim() === "## Acceptance criteria");
+  if (start2 === -1) return 0;
+  let count = 0;
+  for (let i = start2 + 1; i < lines2.length; i++) {
+    const line = lines2[i] ?? "";
+    if (line.startsWith("## ")) break;
+    if (line.startsWith("- [ ] ")) count++;
   }
+  return count;
 }
-async function hasChanges(dir) {
-  await git(["-C", dir, "add", "-A"]);
-  const { stdout: stdout2 } = await git(["-C", dir, "status", "--porcelain"]);
-  return stdout2.trim().length > 0;
-}
-async function gitDiffStat(dir) {
-  const { stdout: stdout2 } = await git(["-C", dir, "--no-pager", "diff", "--stat"]);
-  return stdout2;
-}
-var PreCommitError = class extends Error {
-  constructor(log) {
-    super("pre-commit checks failed");
-    this.log = log;
-    this.name = "PreCommitError";
-  }
+
+// src/report.ts
+import { createSdkMcpServer as createSdkMcpServer3, tool as tool3 } from "@anthropic-ai/claude-agent-sdk";
+import { z as z3 } from "zod";
+var SERVER_NAME3 = "flume_report";
+var SUBMIT_REPORT = "submit_report";
+var REPORT_TOOL_NAME = `mcp__${SERVER_NAME3}__${SUBMIT_REPORT}`;
+var STATUS_ICON = {
+  met: "\u2705",
+  not_met: "\u274C",
+  unclear: "\u26A0\uFE0F"
 };
-function commitFailureLog(err) {
-  const e = err;
-  const parts = [e.stdout, e.stderr].map((s) => typeof s === "string" ? s.trim() : "").filter((s) => s.length > 0);
-  return parts.length > 0 ? parts.join("\n") : e.message ?? String(err);
-}
-function isUnsupportedGitSubcommand(err) {
-  const e = err;
-  const text = `${typeof e.stderr === "string" ? e.stderr : ""}
-${e.message ?? ""}`;
-  return /is not a git command|unknown subcommand|usage: git hook/i.test(text);
-}
-async function runRepoChecks(dir) {
-  try {
-    await git(["-C", dir, "hook", "run", "pre-commit"]);
-    logEvent("checks", "pre-commit hook passed");
-    return { ok: true, log: "", skipped: false };
-  } catch (err) {
-    if (isUnsupportedGitSubcommand(err)) {
-      logEvent("checks", "pre-commit hook skipped (git too old)");
-      return { ok: true, log: "", skipped: true };
+var CICD_STATUS_ICON = {
+  passed: "\u2705",
+  failed: "\u274C"
+};
+var cicdCheckSchema = z3.object({
+  command: z3.string().min(1).describe("The exact verification command run, e.g. `pnpm typecheck`."),
+  status: z3.enum(["passed", "failed"]).describe("Whether the command passed or failed."),
+  output: z3.string().optional().describe("Short excerpt of failing output; include on failure.")
+});
+var evidenceSchema = z3.object({
+  file: z3.string().min(1).describe("Repo-relative path the hunk comes from."),
+  hunk: z3.string().min(1).describe(
+    "A unified-diff hunk proving the criterion \u2014 the lines that matter, not the whole file. MUST keep the `@@ -a,b +c,d @@` hunk header line(s) exactly as they appear in `git --no-pager diff`; the report renders file line numbers from them. Rendered verbatim as a ```diff block."
+  ),
+  note: z3.string().optional().describe("Optional one-line explanation of why this hunk satisfies the criterion.")
+});
+var acVerdictSchema = z3.object({
+  criterion: z3.string().min(1).describe("The acceptance-criterion text, verbatim from the plan."),
+  status: z3.enum(["met", "not_met", "unclear"]).describe("Verdict for this criterion, verified against the actual diff."),
+  rationale: z3.string().min(1).describe("One or two sentences on why the verdict holds. " + INLINE_CODE_HINT),
+  evidence: z3.array(evidenceSchema).describe(
+    "Diff hunks proving the verdict, copied verbatim from git --no-pager diff. Across ALL criteria the evidence must collectively cover every hunk in the diff \u2014 each changed hunk appears under at least one criterion. Cite the relevant hunk(s) for a met criterion; may be empty for not_met / unclear."
+  )
+});
+var reportInputSchema = {
+  summary: z3.string().min(1).describe("One or two sentences on what was implemented. " + INLINE_CODE_HINT),
+  filesChanged: z3.string().min(1).describe(
+    "Markdown: the list of files changed (from the diff). Rendered under '## Files changed'."
+  ),
+  codeQuality: z3.string().min(1).describe(
+    "Markdown: the code-quality review outcome and anything left as nice-to-have. Rendered under '## Code quality'. " + INLINE_CODE_HINT
+  ),
+  caveats: z3.string().min(1).describe(
+    "Markdown: anything deferred, unmet, or worth a human's eyes, incl. diff hunks that map to no plan AC. Write 'None.' if nothing. Rendered under '## Caveats / follow-ups'. " + INLINE_CODE_HINT
+  ),
+  acceptanceCriteria: z3.array(acVerdictSchema).describe(
+    "One entry per acceptance criterion from the plan, in plan order, each with a verdict and the diff evidence behind it. May be empty for resolve runs (no plan to verify)."
+  ),
+  conflictResolution: z3.string().optional().describe(
+    "Markdown: present ONLY when a merge conflict was actually resolved. Explain, per conflicted file, how ours/theirs were integrated. Rendered under '## Conflict resolution'. Omit entirely when no conflict occurred."
+  ),
+  cicd: z3.array(cicdCheckSchema).optional().describe(
+    "Verify-phase build/typecheck/lint/test results. Omit when the repo has no verification setup. Rendered under '## CI/CD'."
+  )
+};
+var reportSchema = z3.object(reportInputSchema);
+function renderReport(report) {
+  const lines2 = [];
+  lines2.push(report.summary.trim());
+  lines2.push("", "## Files changed", "", report.filesChanged.trim());
+  if (report.acceptanceCriteria.length > 0) {
+    lines2.push("", "## Acceptance criteria");
+    for (const ac of report.acceptanceCriteria) {
+      lines2.push("");
+      lines2.push(`### ${STATUS_ICON[ac.status]} ${ac.criterion}`);
+      lines2.push("");
+      lines2.push(ac.rationale.trim());
+      for (const ev of ac.evidence) {
+        lines2.push("");
+        lines2.push(ev.note ? `\`${ev.file}\` \u2014 ${ev.note}` : `\`${ev.file}\``);
+        lines2.push("");
+        lines2.push("```diff");
+        lines2.push(ev.hunk.replace(/\n+$/, ""));
+        lines2.push("```");
+      }
     }
-    const log = commitFailureLog(err);
-    logEvent("checks:err", log);
-    return { ok: false, log, skipped: false };
   }
-}
-async function commitChanges(ctx, dir) {
-  if (!await hasChanges(dir)) return false;
-  try {
-    await git(["-C", dir, "commit", "--quiet", "-m", `FlumeCode: ${jobTitle(ctx)}`]);
-  } catch (err) {
-    throw new PreCommitError(commitFailureLog(err));
+  if (report.conflictResolution?.trim()) {
+    lines2.push("", "## Conflict resolution", "", report.conflictResolution.trim());
   }
-  return true;
-}
-async function pushBranch(ctx, dir) {
-  await git(["-C", dir, "push", "--quiet", "-u", "origin", ctx.repo.checkoutBranch]);
-}
-var RebaseConflictError = class extends Error {
-  constructor(mergeBranch, files) {
-    const list = files.length ? `: ${files.join(", ")}` : "";
-    super(`Rebase onto ${mergeBranch} hit conflicts in ${files.length} file(s)${list}`);
-    this.mergeBranch = mergeBranch;
-    this.files = files;
-    this.name = "RebaseConflictError";
+  if (report.cicd && report.cicd.length > 0) {
+    lines2.push("", "## CI/CD");
+    for (const check of report.cicd) {
+      lines2.push("", `- ${CICD_STATUS_ICON[check.status]} \`${check.command}\``);
+      if (check.status === "failed" && check.output?.trim()) {
+        lines2.push("", "```", check.output.trim(), "```");
+      }
+    }
   }
-};
-async function rebaseOntoMergeBranch(ctx, dir) {
-  const { mergeBranch } = ctx.repo;
-  if (!mergeBranch) return;
-  await git(["-C", dir, "fetch", "--quiet", "origin", mergeBranch]);
-  try {
-    await git(["-C", dir, "rebase", "--empty=drop", "FETCH_HEAD"]);
-  } catch (err) {
-    const conflicted = await git(["-C", dir, "diff", "--name-only", "--diff-filter=U"]).catch(
-      () => ({ stdout: "" })
-    );
-    const files = conflicted.stdout.split("\n").map((line) => line.trim()).filter(Boolean);
-    await git(["-C", dir, "rebase", "--abort"]).catch(() => {
-    });
-    if (files.length === 0) throw err;
-    throw new RebaseConflictError(mergeBranch, files);
-  }
-}
-async function mergeInMergeBranch(ctx, dir) {
-  const { mergeBranch } = ctx.repo;
-  if (!mergeBranch) return { conflicted: false };
-  await git(["-C", dir, "fetch", "--quiet", "origin", mergeBranch]);
-  try {
-    await git(["-C", dir, "merge", "--no-edit", "FETCH_HEAD"]);
-    return { conflicted: false };
-  } catch {
-    return { conflicted: true };
-  }
-}
-async function listUnmergedPaths(dir) {
-  const { stdout: stdout2 } = await git(["-C", dir, "diff", "--name-only", "--diff-filter=U"]).catch(() => ({
-    stdout: ""
-  }));
-  return stdout2.split("\n").map((line) => line.trim()).filter(Boolean);
-}
-async function listConflictMarkerPaths(dir, paths) {
-  if (paths.length === 0) return [];
-  const { stdout: stdout2 } = await git([
-    "-C",
-    dir,
-    "grep",
-    "--no-color",
-    "-lE",
-    "^(<<<<<<<|>>>>>>>|\\|\\|\\|\\|\\|\\|\\|)",
-    "--",
-    ...paths
-  ]).catch(() => ({ stdout: "" }));
-  return stdout2.split("\n").map((line) => line.trim()).filter(Boolean);
+  lines2.push("", "## Code quality", "", report.codeQuality.trim());
+  lines2.push("", "## Caveats / follow-ups", "", report.caveats.trim());
+  return lines2.join("\n");
 }
-async function openPullRequest(ctx) {
-  const { owner, name, cloneToken, checkoutBranch, mergeBranch } = ctx.repo;
-  if (!mergeBranch) return null;
-  const apiBase = `https://api.github.com/repos/${owner}/${name}`;
-  const headers = {
-    authorization: `Bearer ${cloneToken}`,
-    accept: "application/vnd.github+json",
-    "x-github-api-version": "2022-11-28",
-    "content-type": "application/json"
-  };
-  const title = jobTitle(ctx);
-  const body = ctx.kind === "init" ? "Bootstraps the `.flumecode/` wiki for this repository. Opened by the FlumeCode runner." : `Opened by the FlumeCode runner for request "${title}".`;
-  const res = await fetch(`${apiBase}/pulls`, {
-    method: "POST",
-    headers,
-    body: JSON.stringify({
-      title: `FlumeCode: ${title}`,
-      head: checkoutBranch,
-      base: mergeBranch,
-      body
-    })
-  });
-  if (res.status === 201) {
-    const data = await res.json();
-    return { number: data.number, url: data.html_url };
-  }
-  if (res.status === 422) {
-    const list = await fetch(
-      `${apiBase}/pulls?state=open&head=${owner}:${checkoutBranch}&base=${mergeBranch}`,
-      { headers }
-    );
-    if (list.ok) {
-      const open = await list.json();
-      if (open[0]) return { number: open[0].number, url: open[0].html_url };
+function createReportTooling() {
+  let submittedReport = null;
+  const submitReport = tool3(
+    SUBMIT_REPORT,
+    "Submit the final implementation report as structured data. Call this exactly once, at the end of the run. `acceptanceCriteria` must contain one entry per plan criterion, each with a met / not_met / unclear verdict and the diff hunk(s) that prove it. `summary`, `filesChanged`, `codeQuality`, and `caveats` are the four named markdown sections. `cicd` (optional) holds Verify-phase check results (one entry per command with `command`, `status` `passed`/`failed`, and `output` on failure); omit when no verification setup exists. Do NOT include a PR link \u2014 the runner appends it.",
+    reportInputSchema,
+    async (args) => {
+      submittedReport = reportSchema.parse(args);
+      return {
+        content: [
+          {
+            type: "text",
+            text: "Report submitted. The runner will render and post it. End your turn now."
+          }
+        ]
+      };
     }
-    return null;
-  }
-  throw new Error(`PR creation failed: ${res.status} ${await res.text()}`);
-}
-async function cleanup(dir) {
-  await rm(dir, { recursive: true, force: true });
+  );
+  const mcpServer = createSdkMcpServer3({
+    name: SERVER_NAME3,
+    tools: [submitReport]
+  });
+  return { mcpServer, getReport: () => submittedReport };
 }
-function parsePrFromSubject(subject) {
-  const m = subject.match(/\(#(\d+)\)\s*$/);
-  return m ? Number(m[1]) : null;
+
+// src/logger.ts
+var lines = [];
+var secrets = [];
+var MAX_BYTES = 10 * 1024 * 1024;
+function startJobLog(opts) {
+  lines = [];
+  secrets = opts.secrets.filter(Boolean);
+  logEvent("meta", `job ${opts.jobId} (${opts.kind}) started at ${(/* @__PURE__ */ new Date()).toISOString()}`);
 }
-async function incomingPrNumbers(ctx, dir, paths) {
-  if (!paths.length) return [];
-  try {
-    const mergeHeadResult = await git(["-C", dir, "rev-parse", "MERGE_HEAD"]);
-    const mergeHead = mergeHeadResult.stdout.trim();
-    const baseResult = await git(["-C", dir, "merge-base", "HEAD", mergeHead]);
-    const base = baseResult.stdout.trim();
-    const logResult = await git([
-      "-C",
-      dir,
-      "log",
-      "--no-merges",
-      `--format=%H%x1f%s`,
-      `${base}..${mergeHead}`,
-      "--",
-      ...paths
-    ]);
-    const nums = /* @__PURE__ */ new Set();
-    const needLookup = [];
-    for (const line of logResult.stdout.split("\n").filter(Boolean)) {
-      const idx = line.indexOf("");
-      const sha = line.slice(0, idx);
-      const subject = line.slice(idx + 1);
-      const n = parsePrFromSubject(subject);
-      if (n !== null) nums.add(n);
-      else needLookup.push(sha);
-    }
-    for (const sha of needLookup) {
-      for (const n of await prNumbersForCommit(ctx, sha)) nums.add(n);
-    }
-    return [...nums];
-  } catch {
-    return [];
+function redact(s) {
+  for (const sec of secrets) {
+    s = s.split(sec).join("***REDACTED***");
   }
+  return s;
 }
-async function prNumbersForCommit(ctx, sha) {
-  const { owner, name, cloneToken } = ctx.repo;
-  try {
-    const res = await fetch(`https://api.github.com/repos/${owner}/${name}/commits/${sha}/pulls`, {
-      headers: {
-        authorization: `Bearer ${cloneToken}`,
-        accept: "application/vnd.github+json",
-        "x-github-api-version": "2022-11-28"
-      }
-    });
-    if (!res.ok) return [];
-    return (await res.json()).map((p) => p.number);
-  } catch {
-    return [];
-  }
+function logEvent(section, text) {
+  lines.push(`[${(/* @__PURE__ */ new Date()).toISOString()}] [${section}] ${redact(text)}`);
 }
+function getJobLog() {
+  const full = lines.join("\n");
+  if (full.length <= MAX_BYTES) return full;
+  const half = Math.floor(MAX_BYTES / 2);
+  return full.slice(0, half) + `
 
-// src/plugins/manifest.ts
-import { existsSync as existsSync3 } from "node:fs";
-import { readdir as readdir2, readFile } from "node:fs/promises";
-import { join as join3 } from "node:path";
-async function loadPlugins(dir) {
-  const pluginsDir = join3(dir, ".flumecode", "plugins");
-  if (!existsSync3(pluginsDir)) return [];
-  let entries;
-  try {
-    entries = await readdir2(pluginsDir);
-  } catch {
-    return [];
-  }
-  const manifests = [];
-  for (const entry of entries) {
-    const manifestPath = join3(pluginsDir, entry, "plugin.json");
-    try {
-      const raw = JSON.parse(await readFile(manifestPath, "utf8"));
-      const manifest = parseManifest(raw);
-      if (manifest) manifests.push(manifest);
-    } catch {
-    }
-  }
-  return manifests;
-}
-function parseManifest(raw) {
-  if (typeof raw !== "object" || raw === null) return null;
-  const r = raw;
-  if (typeof r.key !== "string" || !r.key) return null;
-  if (r.socket !== "pre-commit") return null;
-  if (typeof r.run !== "string" || !r.run) return null;
-  let report;
-  const rep = r.report;
-  if (rep && typeof rep.file === "string" && rep.file && rep.format === "jest") {
-    report = { file: rep.file, format: "jest" };
-  }
-  return { key: r.key, socket: r.socket, run: r.run, ...report ? { report } : {} };
+\u2026[truncated ${full.length - MAX_BYTES} bytes]\u2026
+
+` + full.slice(-half);
 }
 
-// src/plugins/socket.ts
-var exec2 = promisify2(execCb);
-var MAX_OUTPUT = 8 * 1024;
-function cap(s) {
-  return s.length <= MAX_OUTPUT ? s : s.slice(s.length - MAX_OUTPUT);
-}
-var lastSocketResults = [];
-function resetSocketResults() {
-  lastSocketResults = [];
-}
-function getSocketResults() {
-  return lastSocketResults;
-}
-async function runSocket(socketName, dir) {
-  const plugins = (await loadPlugins(dir)).filter((p) => p.socket === socketName);
-  const results = [];
-  for (const plugin of plugins) {
-    const result = await runPluginCommand(plugin.run, dir);
-    const metrics = await readMetrics(plugin.report, dir);
-    if (result.exitCode !== 0) {
-      results.push({
-        key: plugin.key,
-        status: "failed",
-        output: cap(result.output),
-        ...metrics ? { metrics } : {}
-      });
-      lastSocketResults = results;
-      throw new PreCommitError(`[plugin:${plugin.key}] ${result.output}`);
-    }
-    results.push({
-      key: plugin.key,
-      status: "passed",
-      output: cap(result.output),
-      ...metrics ? { metrics } : {}
-    });
-  }
-  lastSocketResults = results;
+// src/executor.ts
+var FLUME_PLUGIN_DIR = fileURLToPath2(new URL("../skills-plugin", import.meta.url));
+function emptyUsage() {
+  return {
+    inputTokens: 0,
+    outputTokens: 0,
+    cacheCreationTokens: 0,
+    cacheReadTokens: 0,
+    costUsd: 0
+  };
 }
-async function readMetrics(report, dir) {
-  if (!report) return void 0;
-  try {
-    const raw = JSON.parse(await readFile2(join4(dir, report.file), "utf8"));
-    if (report.format === "jest") {
-      return {
-        testsRun: Number(raw.numTotalTests) || 0,
-        testsFailed: Number(raw.numFailedTests) || 0
-      };
-    }
-  } catch {
-  }
-  return void 0;
+var usageAcc = emptyUsage();
+function resetUsage() {
+  usageAcc = emptyUsage();
 }
-async function runPluginCommand(command2, cwd) {
-  try {
-    const result = await exec2(command2, { cwd, maxBuffer: 1 << 24 });
-    const output = [result.stdout, result.stderr].map((s) => s.trim()).filter(Boolean).join("\n");
-    return { exitCode: 0, output };
-  } catch (err) {
-    const e = err;
-    const output = [e.stdout, e.stderr].map((s) => typeof s === "string" ? s.trim() : "").filter(Boolean).join("\n");
-    return { exitCode: typeof e.code === "number" ? e.code : 1, output };
+function getUsage() {
+  const totalTokens = usageAcc.inputTokens + usageAcc.outputTokens + usageAcc.cacheCreationTokens + usageAcc.cacheReadTokens;
+  return { ...usageAcc, totalTokens };
+}
+function stringifyResult(content) {
+  if (typeof content === "string") return content;
+  if (Array.isArray(content)) {
+    return content.map(
+      (c) => typeof c === "object" && c !== null && "text" in c ? String(c.text) : JSON.stringify(c)
+    ).join("\n");
   }
-}
-
-// src/executor.ts
-import { fileURLToPath as fileURLToPath2 } from "node:url";
-import { query } from "@anthropic-ai/claude-agent-sdk";
-
-// src/widgets.ts
-import { randomUUID } from "node:crypto";
-import { createSdkMcpServer, tool } from "@anthropic-ai/claude-agent-sdk";
-import { z } from "zod";
-var SERVER_NAME = "flume_widgets";
-var SINGLE_SELECT = "single_select";
-var MULTI_SELECT = "multi_select";
-var WIDGET_TOOL_NAMES = [
-  `mcp__${SERVER_NAME}__${SINGLE_SELECT}`,
-  `mcp__${SERVER_NAME}__${MULTI_SELECT}`
-];
-var optionsSchema = z.array(z.string().min(1)).min(2).max(8).describe("2\u20138 short, distinct choices for the user to pick from.");
-var TAIL = "Do NOT add an 'Other' or 'None of these' catch-all \u2014 the UI always offers an 'Other' free-text option automatically. After calling this, END YOUR TURN and wait: the user's answer arrives as their next message and starts a fresh run.";
-function createWidgetTooling() {
-  const collected = [];
-  const singleSelect = tool(
-    SINGLE_SELECT,
-    "Ask the user a single-select (radio-button) question \u2014 exactly one answer. Use this for a genuine either/or choice (competing approaches, scope decisions, yes/no) instead of writing the options as prose. " + TAIL,
-    {
-      question: z.string().min(1).describe("The question to ask the user."),
-      options: optionsSchema
-    },
-    async (args) => {
-      collected.push({
-        id: randomUUID(),
-        type: "single_select",
-        question: args.question,
-        options: args.options.map((label) => ({ id: randomUUID(), label })),
-        selectedOptionId: null,
-        customAnswer: null
-      });
-      return widgetPosted("single-select");
-    }
-  );
-  const multiSelect = tool(
-    MULTI_SELECT,
-    "Ask the user a multi-select (checkbox) question \u2014 they may pick any number of options, including none of the presets if they use 'Other'. Use this for 'select all that apply' questions (which features to include, which files to touch). " + TAIL,
-    {
-      question: z.string().min(1).describe("The question to ask the user."),
-      options: optionsSchema
-    },
-    async (args) => {
-      collected.push({
-        id: randomUUID(),
-        type: "multi_select",
-        question: args.question,
-        options: args.options.map((label) => ({ id: randomUUID(), label })),
-        selectedOptionIds: null,
-        customAnswer: null
-      });
-      return widgetPosted("multi-select");
-    }
-  );
-  const mcpServer = createSdkMcpServer({
-    name: SERVER_NAME,
-    tools: [singleSelect, multiSelect]
-  });
-  return { mcpServer, collected };
-}
-function widgetPosted(kind) {
-  return {
-    content: [
-      {
-        type: "text",
-        text: `Question posted to the user as a ${kind} widget. End your turn now and wait \u2014 their answer will arrive as their next message.`
-      }
-    ]
-  };
-}
-
-// src/plan.ts
-import { createSdkMcpServer as createSdkMcpServer2, tool as tool2 } from "@anthropic-ai/claude-agent-sdk";
-import { z as z2 } from "zod";
-
-// src/schema-hints.ts
-var INLINE_CODE_HINT = "Wrap code identifiers (function, variable, type, and file names, commands, and flags) in inline backticks, e.g. `getCodingSessionsForRequest`.";
-
-// src/plan.ts
-var SERVER_NAME2 = "flume_plan";
-var SUBMIT_PLAN = "submit_plan";
-var PLAN_TOOL_NAME = `mcp__${SERVER_NAME2}__${SUBMIT_PLAN}`;
-var PLAN_MARKER = "<!-- flumecode:end-of-plan -->";
-var pseudoCodeEntrySchema = z2.object({
-  file: z2.string().min(1),
-  pseudoCode: z2.string().min(1)
-});
-var stepSchema = z2.object({
-  title: z2.string().min(1).describe("A concise imperative title for this step."),
-  description: z2.array(z2.string().min(1)).min(1).describe(
-    "Bullet points that explain this step's change so a reviewer can judge whether the design is correct. Each array item is one short, self-contained bullet \u2014 not a single paragraph, and not a restatement of the pseudo code. " + INLINE_CODE_HINT
-  ),
-  pseudoCode: z2.array(pseudoCodeEntrySchema).optional().describe(
-    "Per-file pseudo code. Provide an entry for every non-documentation file this step touches. Each entry contains the file path and pseudo code describing the changes to that file."
-  )
-});
-var planInputSchema = {
-  title: z2.string().min(1).max(120).describe(
-    "A concise, descriptive name for THIS plan. Must be distinct from the request title and from any sibling plans on the same request. Keep it under 120 characters."
-  ),
-  scope: z2.enum(["feat", "fix", "chore", "docs", "test", "refactor"]).describe("The primary intent of the change."),
-  goal: z2.string().min(1).describe("One or two sentences stating the outcome. " + INLINE_CODE_HINT),
-  assumptions: z2.array(z2.string()).describe("Anything decided during planning, including unanswered defaults."),
-  requirements: z2.array(z2.string().min(1)).min(1).describe(
-    "Required, human-readable statements of what this change must accomplish and why, in plain language a non-technical reader can follow. Distinct from acceptanceCriteria: requirements explain intent/rationale; acceptance criteria are the machine-checkable proof. At least 1 required. " + INLINE_CODE_HINT
-  ),
-  steps: z2.array(stepSchema).min(1).describe("Ordered list of changes. Each step says what and why, with file references."),
-  acceptanceCriteria: z2.array(z2.string().min(1)).min(2).describe(
-    "Concrete, deterministically-checkable conditions that together define done. Each names a trigger/precondition and the exact observable result (run X -> output Y; file Z contains W; f(a) returns b) \u2014 no vague adjectives, not a restatement of a step. The set must collectively cover every step's change. At least 2 required. " + INLINE_CODE_HINT
-  ),
-  risks: z2.array(z2.string()).describe("Anything that could change the approach."),
-  outOfScope: z2.array(z2.string()).describe("What is deliberately not being done.")
-};
-var planSchema = z2.object(planInputSchema);
-function renderPlan(plan) {
-  const lines2 = [];
-  lines2.push(`# ${plan.title}`);
-  lines2.push("");
-  lines2.push(`**Scope** \u2014 \`${plan.scope}\``);
-  lines2.push("");
-  lines2.push(`**Goal** \u2014 ${plan.goal}`);
-  if (plan.assumptions.length > 0) {
-    lines2.push("");
-    lines2.push("**Assumptions**");
-    for (const assumption of plan.assumptions) {
-      lines2.push(`- ${assumption}`);
-    }
-  }
-  lines2.push("");
-  lines2.push("## Requirements");
-  for (const requirement of plan.requirements) {
-    lines2.push(`- ${requirement}`);
-  }
-  lines2.push("");
-  lines2.push("## Steps");
-  for (const [i, step] of plan.steps.entries()) {
-    lines2.push("");
-    lines2.push(`### ${i + 1}. ${step.title}`);
-    lines2.push("");
-    for (const bullet of step.description) {
-      lines2.push(`- ${bullet}`);
-    }
-    if (step.pseudoCode && step.pseudoCode.length > 0) {
-      for (const entry of step.pseudoCode) {
-        lines2.push("");
-        lines2.push(`\`${entry.file}\``);
-        lines2.push("");
-        lines2.push("```");
-        lines2.push(entry.pseudoCode);
-        lines2.push("```");
-      }
-    }
-  }
-  lines2.push("");
-  lines2.push("## Acceptance criteria");
-  for (const criterion of plan.acceptanceCriteria) {
-    lines2.push(`- [ ] ${criterion}`);
-  }
-  if (plan.risks.length > 0) {
-    lines2.push("");
-    lines2.push("**Risks / open questions**");
-    for (const risk of plan.risks) {
-      lines2.push(`- ${risk}`);
-    }
-  }
-  if (plan.outOfScope.length > 0) {
-    lines2.push("");
-    lines2.push("**Out of scope**");
-    for (const item of plan.outOfScope) {
-      lines2.push(`- ${item}`);
-    }
-  }
-  lines2.push("");
-  lines2.push(PLAN_MARKER);
-  return lines2.join("\n");
-}
-var submitPlanInputSchema = {
-  plans: z2.array(z2.object(planInputSchema)).min(1).refine(
-    (arr) => {
-      const titles = arr.map((p) => p.title.trim()).filter((t) => t.length > 0);
-      return new Set(titles).size === titles.length;
-    },
-    { message: "Each plan must have a distinct non-empty title" }
-  )
-};
-var submitPlanSchema = z2.object(submitPlanInputSchema);
-function createPlanTooling() {
-  let renderedPlans = null;
-  const submitPlan = tool2(
-    SUBMIT_PLAN,
-    "Submit ALL your plans in a single call \u2014 one entry per plan; each becomes its own independently-acceptable Accept-as-plan draft. Do NOT call submit_plan more than once. acceptanceCriteria is required in each plan and must contain at least 2 observable, verifiable conditions. The 'title' field names each specific plan \u2014 make it concise and distinct from the request title and from sibling plan titles. requirements is required in each plan: at least 1 plain-language statement of what the change must accomplish and why (human-readable intent), separate from the machine-checkable acceptanceCriteria. ",
-    submitPlanInputSchema,
-    async (args) => {
-      const parsed = submitPlanSchema.parse(args);
-      renderedPlans = parsed.plans.map(renderPlan);
-      return {
-        content: [
-          {
-            type: "text",
-            text: "Plan(s) submitted. The runner will render and post them as your comment(s). End your turn now."
-          }
-        ]
-      };
-    }
-  );
-  const mcpServer = createSdkMcpServer2({
-    name: SERVER_NAME2,
-    tools: [submitPlan]
-  });
-  return { mcpServer, getPlans: () => renderedPlans };
-}
-function countPlanAcceptanceCriteria(planBody) {
-  if (!planBody) return 0;
-  const lines2 = planBody.split("\n");
-  const start2 = lines2.findIndex((l) => l.trim() === "## Acceptance criteria");
-  if (start2 === -1) return 0;
-  let count = 0;
-  for (let i = start2 + 1; i < lines2.length; i++) {
-    const line = lines2[i] ?? "";
-    if (line.startsWith("## ")) break;
-    if (line.startsWith("- [ ] ")) count++;
-  }
-  return count;
-}
-
-// src/report.ts
-import { createSdkMcpServer as createSdkMcpServer3, tool as tool3 } from "@anthropic-ai/claude-agent-sdk";
-import { z as z3 } from "zod";
-var SERVER_NAME3 = "flume_report";
-var SUBMIT_REPORT = "submit_report";
-var REPORT_TOOL_NAME = `mcp__${SERVER_NAME3}__${SUBMIT_REPORT}`;
-var STATUS_ICON = {
-  met: "\u2705",
-  not_met: "\u274C",
-  unclear: "\u26A0\uFE0F"
-};
-var evidenceSchema = z3.object({
-  file: z3.string().min(1).describe("Repo-relative path the hunk comes from."),
-  hunk: z3.string().min(1).describe(
-    "A unified-diff hunk proving the criterion \u2014 the lines that matter, not the whole file. MUST keep the `@@ -a,b +c,d @@` hunk header line(s) exactly as they appear in `git --no-pager diff`; the report renders file line numbers from them. Rendered verbatim as a ```diff block."
-  ),
-  note: z3.string().optional().describe("Optional one-line explanation of why this hunk satisfies the criterion.")
-});
-var acVerdictSchema = z3.object({
-  criterion: z3.string().min(1).describe("The acceptance-criterion text, verbatim from the plan."),
-  status: z3.enum(["met", "not_met", "unclear"]).describe("Verdict for this criterion, verified against the actual diff."),
-  rationale: z3.string().min(1).describe("One or two sentences on why the verdict holds. " + INLINE_CODE_HINT),
-  evidence: z3.array(evidenceSchema).describe(
-    "Diff hunks proving the verdict, copied verbatim from git --no-pager diff. Across ALL criteria the evidence must collectively cover every hunk in the diff \u2014 each changed hunk appears under at least one criterion. Cite the relevant hunk(s) for a met criterion; may be empty for not_met / unclear."
-  )
-});
-var reportInputSchema = {
-  summary: z3.string().min(1).describe("One or two sentences on what was implemented. " + INLINE_CODE_HINT),
-  filesChanged: z3.string().min(1).describe(
-    "Markdown: the list of files changed (from the diff). Rendered under '## Files changed'."
-  ),
-  codeQuality: z3.string().min(1).describe(
-    "Markdown: the code-quality review outcome and anything left as nice-to-have. Rendered under '## Code quality'. " + INLINE_CODE_HINT
-  ),
-  caveats: z3.string().min(1).describe(
-    "Markdown: anything deferred, unmet, or worth a human's eyes, incl. diff hunks that map to no plan AC. Write 'None.' if nothing. Rendered under '## Caveats / follow-ups'. " + INLINE_CODE_HINT
-  ),
-  acceptanceCriteria: z3.array(acVerdictSchema).describe(
-    "One entry per acceptance criterion from the plan, in plan order, each with a verdict and the diff evidence behind it. May be empty for resolve runs (no plan to verify)."
-  ),
-  conflictResolution: z3.string().optional().describe(
-    "Markdown: present ONLY when a merge conflict was actually resolved. Explain, per conflicted file, how ours/theirs were integrated. Rendered under '## Conflict resolution'. Omit entirely when no conflict occurred."
-  )
-};
-var reportSchema = z3.object(reportInputSchema);
-function renderReport(report) {
-  const lines2 = [];
-  lines2.push(report.summary.trim());
-  lines2.push("", "## Files changed", "", report.filesChanged.trim());
-  if (report.acceptanceCriteria.length > 0) {
-    lines2.push("", "## Acceptance criteria");
-    for (const ac of report.acceptanceCriteria) {
-      lines2.push("");
-      lines2.push(`### ${STATUS_ICON[ac.status]} ${ac.criterion}`);
-      lines2.push("");
-      lines2.push(ac.rationale.trim());
-      for (const ev of ac.evidence) {
-        lines2.push("");
-        lines2.push(ev.note ? `\`${ev.file}\` \u2014 ${ev.note}` : `\`${ev.file}\``);
-        lines2.push("");
-        lines2.push("```diff");
-        lines2.push(ev.hunk.replace(/\n+$/, ""));
-        lines2.push("```");
-      }
-    }
-  }
-  if (report.conflictResolution?.trim()) {
-    lines2.push("", "## Conflict resolution", "", report.conflictResolution.trim());
-  }
-  lines2.push("", "## Code quality", "", report.codeQuality.trim());
-  lines2.push("", "## Caveats / follow-ups", "", report.caveats.trim());
-  return lines2.join("\n");
-}
-function createReportTooling() {
-  let submittedReport = null;
-  const submitReport = tool3(
-    SUBMIT_REPORT,
-    "Submit the final implementation report as structured data. Call this exactly once, at the end of the run. `acceptanceCriteria` must contain one entry per plan criterion, each with a met / not_met / unclear verdict and the diff hunk(s) that prove it. `summary`, `filesChanged`, `codeQuality`, and `caveats` are the four named markdown sections. Do NOT include a PR link \u2014 the runner appends it.",
-    reportInputSchema,
-    async (args) => {
-      submittedReport = reportSchema.parse(args);
-      return {
-        content: [
-          {
-            type: "text",
-            text: "Report submitted. The runner will render and post it. End your turn now."
-          }
-        ]
-      };
-    }
-  );
-  const mcpServer = createSdkMcpServer3({
-    name: SERVER_NAME3,
-    tools: [submitReport]
-  });
-  return { mcpServer, getReport: () => submittedReport };
-}
-
-// src/executor.ts
-var FLUME_PLUGIN_DIR = fileURLToPath2(new URL("../skills-plugin", import.meta.url));
-function emptyUsage() {
-  return {
-    inputTokens: 0,
-    outputTokens: 0,
-    cacheCreationTokens: 0,
-    cacheReadTokens: 0,
-    costUsd: 0
-  };
-}
-var usageAcc = emptyUsage();
-function resetUsage() {
-  usageAcc = emptyUsage();
-}
-function getUsage() {
-  const totalTokens = usageAcc.inputTokens + usageAcc.outputTokens + usageAcc.cacheCreationTokens + usageAcc.cacheReadTokens;
-  return { ...usageAcc, totalTokens };
-}
-function stringifyResult(content) {
-  if (typeof content === "string") return content;
-  if (Array.isArray(content)) {
-    return content.map(
-      (c) => typeof c === "object" && c !== null && "text" in c ? String(c.text) : JSON.stringify(c)
-    ).join("\n");
-  }
-  return JSON.stringify(content);
+  return JSON.stringify(content);
 }
 async function runClaudeCode(opts) {
   let finalText = "";
@@ -1162,11 +756,11 @@ function errorMessage(err) {
 
 // src/rules.ts
 import { readFileSync as readFileSync3 } from "node:fs";
-import { join as join5 } from "node:path";
+import { join as join2 } from "node:path";
 import { fileURLToPath as fileURLToPath3 } from "node:url";
 var RULES_DIR = fileURLToPath3(new URL("../skills-plugin/rules", import.meta.url));
 function loadRule(name) {
-  const raw = readFileSync3(join5(RULES_DIR, `${name}.md`), "utf8");
+  const raw = readFileSync3(join2(RULES_DIR, `${name}.md`), "utf8");
   return stripFrontMatter(raw).trim();
 }
 function stripFrontMatter(raw) {
@@ -1239,157 +833,523 @@ function buildRevisePrompt(ctx) {
     "",
     loadRule("coding-guideline"),
     "",
-    WRITING_INTRO,
+    WRITING_INTRO,
+    "",
+    loadRule("technical-writing"),
+    "",
+    `# Plan: ${ctx.request?.title ?? ""}`
+  ];
+  if (ctx.request?.body) {
+    lines2.push("", ctx.request.body);
+  }
+  appendThread(lines2, ctx);
+  lines2.push(
+    "",
+    "The last message above is the user's request for this turn. Your final reply is posted verbatim as your comment in the plan thread: if you implemented a change, make it a short report of what you changed (the runner appends the pull-request link); if you asked a question, called `submit_plan`, or pushed back, your reply text is posted as-is."
+  );
+  return lines2.join("\n");
+}
+function buildResolvePrompt(ctx, related = []) {
+  const mergeBranch = ctx.repo.mergeBranch ?? "the merge branch";
+  const task = `Use the \`flumecode:resolve-merge-conflict\` skill to handle this turn. A merge of \`${mergeBranch}\` into this branch is IN PROGRESS and has left conflict markers in your working tree. Resolve every conflicted file by correctly integrating BOTH sides \u2014 the change this session implemented (described below) and the incoming changes from \`${mergeBranch}\` \u2014 never blindly discard either side. Remove all conflict markers and verify the result builds and tests pass. Do NOT \`git add\`, commit, push, or open a pull request \u2014 the runner finalizes the merge commit and updates the existing pull request.`;
+  const orient = `Before investigating raw source, check for a FlumeCode wiki at \`.flumecode/wiki/\`. If it exists, read \`.flumecode/wiki/README.md\` first \u2014 it is the index \u2014 and follow its links to the pages and source paths relevant to the conflicting code. If there is no wiki, work from the code directly.`;
+  const lines2 = [
+    `You are "${ctx.agentName}", an autonomous coding agent resolving merge conflicts on an implemented FlumeCode plan.`,
+    `The repository ${ctx.repo.fullName} is checked out in your current working directory on the plan's implementation branch "${ctx.repo.checkoutBranch}" \u2014 the same branch its open pull request is built from \u2014 with an in-progress merge of "${mergeBranch}".`,
+    task,
+    orient,
+    "",
+    "These coding guidelines apply to all code produced in this run:",
+    "",
+    loadRule("coding-guideline"),
+    "",
+    WRITING_INTRO,
+    "",
+    loadRule("technical-writing"),
+    "",
+    `# Plan: ${ctx.request?.title ?? ""}`
+  ];
+  if (ctx.request?.body) {
+    lines2.push("", ctx.request.body);
+  }
+  appendThread(lines2, ctx);
+  if (related.length > 0) {
+    lines2.push(
+      "",
+      "# Related sessions behind the incoming changes",
+      "Each conflicting change on the merge branch came from another coding session whose plan and report follow. Preserve THEIR intent too while integrating them with this session's work \u2014 do not undo what they built."
+    );
+    for (const r of related) {
+      lines2.push("", `## PR #${r.prNumber} \u2014 ${r.title}`);
+      if (r.plan) lines2.push("", "### Accepted plan", r.plan);
+      if (r.report) lines2.push("", "### Final report", r.report);
+    }
+  }
+  lines2.push(
+    "",
+    "Resolve the conflicts now. Your final reply is posted as a report in the plan thread: summarize which files conflicted and how you resolved each (the runner appends the pull-request link, so don't add one)."
+  );
+  return lines2.join("\n");
+}
+function buildDocumentPrompt(ctx, changedFiles) {
+  const lines2 = [
+    `You are "${ctx.agentName}" maintaining the repository wiki for ${ctx.repo.fullName}.`,
+    `An implementation just ran in this working directory to satisfy the request below; its changes are uncommitted in the working tree.`,
+    `Use the \`flumecode:document\` skill to bring the wiki in sync with those changes. Only edit files under \`.flumecode/wiki/\` \u2014 do not touch application code. The runner commits the wiki alongside the implementation in the same pull request.`,
+    "",
+    `# Request: ${ctx.request?.title ?? ""}`
+  ];
+  if (ctx.request?.body) {
+    lines2.push("", ctx.request.body);
+  }
+  appendThread(lines2, ctx);
+  if (changedFiles && changedFiles.trim()) {
+    lines2.push(
+      "",
+      "Files changed by this implementation (reconcile only the wiki pages these affect \u2014 do not re-survey the whole repo):",
+      "",
+      changedFiles.trim()
+    );
+  }
+  lines2.push("", "When done, reply with a one- or two-line summary of the wiki changes you made.");
+  return lines2.join("\n");
+}
+function buildRepairPrompt(ctx, hookLog) {
+  const lines2 = [
+    `You are "${ctx.agentName}", fixing a failed pre-commit check in the repository ${ctx.repo.fullName}, checked out in your current working directory.`,
+    `The changes from the previous step are still uncommitted in the working tree. When the runner tried to commit them, the repository's pre-commit hook \u2014 which runs the project's own checks (lint / typecheck / unit tests) \u2014 failed. Make the working tree pass those checks: fix the failing code or tests at their root. Do NOT delete or skip tests, weaken assertions, or disable the checks to silence the failure. Preserve the intent of the original change; repair only what's broken. Do NOT commit or push \u2014 the runner re-commits once the checks pass.`,
+    "",
+    "These coding guidelines apply to all code produced in this run:",
+    "",
+    loadRule("coding-guideline"),
+    "",
+    "# Pre-commit hook output",
     "",
-    loadRule("technical-writing"),
+    "```",
+    hookLog,
+    "```",
     "",
-    `# Plan: ${ctx.request?.title ?? ""}`
+    "When done, reply with a one-line summary of what you fixed."
   ];
-  if (ctx.request?.body) {
-    lines2.push("", ctx.request.body);
-  }
-  appendThread(lines2, ctx);
-  lines2.push(
-    "",
-    "The last message above is the user's request for this turn. Your final reply is posted verbatim as your comment in the plan thread: if you implemented a change, make it a short report of what you changed (the runner appends the pull-request link); if you asked a question, called `submit_plan`, or pushed back, your reply text is posted as-is."
-  );
   return lines2.join("\n");
 }
-function buildResolvePrompt(ctx, related = []) {
-  const mergeBranch = ctx.repo.mergeBranch ?? "the merge branch";
-  const task = `Use the \`flumecode:resolve-merge-conflict\` skill to handle this turn. A merge of \`${mergeBranch}\` into this branch is IN PROGRESS and has left conflict markers in your working tree. Resolve every conflicted file by correctly integrating BOTH sides \u2014 the change this session implemented (described below) and the incoming changes from \`${mergeBranch}\` \u2014 never blindly discard either side. Remove all conflict markers and verify the result builds and tests pass. Do NOT \`git add\`, commit, push, or open a pull request \u2014 the runner finalizes the merge commit and updates the existing pull request.`;
-  const orient = `Before investigating raw source, check for a FlumeCode wiki at \`.flumecode/wiki/\`. If it exists, read \`.flumecode/wiki/README.md\` first \u2014 it is the index \u2014 and follow its links to the pages and source paths relevant to the conflicting code. If there is no wiki, work from the code directly.`;
+function buildReleasePrompt(ctx, baseChecks) {
+  const task = `Use the \`flumecode:create-release\` skill to handle this turn. You are driving a release: first analyse commits since the last tag, propose version bumps, and ask the user to confirm via widgets (Phase 1); once the user's widget answers appear in the thread, apply the bumps to package.json files and update CHANGELOG.md (Phase 2). Do NOT commit or push \u2014 the runner handles that and opens the bump PR.`;
+  const orient = `Before investigating raw source, check for a FlumeCode wiki at \`.flumecode/wiki/\`. If it exists, read \`.flumecode/wiki/README.md\` first \u2014 it is the index \u2014 and follow its links to the pages and source paths relevant to this release. If there is no wiki, work from the code directly.`;
+  const widgets = `When you need the user to choose, ask it as a widget rather than writing the options as prose: call \`single_select\` for a one-of-N choice (radio buttons) or \`multi_select\` for a "select all that apply" choice (checkboxes). Don't add your own "Other" option \u2014 the UI always provides one. After calling a widget tool, end your turn \u2014 the user's answer comes back as their next message and starts a fresh run.`;
   const lines2 = [
-    `You are "${ctx.agentName}", an autonomous coding agent resolving merge conflicts on an implemented FlumeCode plan.`,
-    `The repository ${ctx.repo.fullName} is checked out in your current working directory on the plan's implementation branch "${ctx.repo.checkoutBranch}" \u2014 the same branch its open pull request is built from \u2014 with an in-progress merge of "${mergeBranch}".`,
+    `You are "${ctx.agentName}", an autonomous coding agent driving a FlumeCode release.`,
+    `The repository ${ctx.repo.fullName} is checked out in your current working directory on the release bump branch "${ctx.repo.checkoutBranch}".`,
     task,
     orient,
+    widgets,
     "",
     "These coding guidelines apply to all code produced in this run:",
     "",
     loadRule("coding-guideline"),
     "",
-    WRITING_INTRO,
-    "",
-    loadRule("technical-writing"),
-    "",
-    `# Plan: ${ctx.request?.title ?? ""}`
+    `# Release: ${ctx.request?.title ?? ""}`
   ];
   if (ctx.request?.body) {
     lines2.push("", ctx.request.body);
   }
-  appendThread(lines2, ctx);
-  if (related.length > 0) {
+  if (baseChecks && !baseChecks.ok) {
     lines2.push(
       "",
-      "# Related sessions behind the incoming changes",
-      "Each conflicting change on the merge branch came from another coding session whose plan and report follow. Preserve THEIR intent too while integrating them with this session's work \u2014 do not undo what they built."
+      "# Pre-release check status",
+      "",
+      "\u26A0\uFE0F The repository's pre-commit checks (lint / typecheck / tests) are currently FAILING on the base branch, independently of any version bump. A release must not ship a broken base:",
+      "",
+      "- **Phase 1 (propose):** tell the user, in your reply, that the base currently fails these checks and that the release will fix them as part of the bump.",
+      "- **Phase 2 (apply):** fix the failing code at its root so the checks pass, THEN apply the version bumps and CHANGELOG. Do NOT delete/skip tests or weaken assertions. The fixes ship in the same bump PR. Still do NOT commit or push \u2014 the runner does.",
+      "",
+      "Failing check output:",
+      "",
+      "```",
+      baseChecks.log,
+      "```"
     );
-    for (const r of related) {
-      lines2.push("", `## PR #${r.prNumber} \u2014 ${r.title}`);
-      if (r.plan) lines2.push("", "### Accepted plan", r.plan);
-      if (r.report) lines2.push("", "### Final report", r.report);
+  }
+  appendThread(lines2, ctx);
+  lines2.push(
+    "",
+    "Your final reply is posted verbatim as your comment in the release thread \u2014 if you called widgets (Phase 1), your reply text accompanies the questions; if you applied the bumps (Phase 2), make it the report the skill produced. The runner appends the pull-request link."
+  );
+  return lines2.join("\n");
+}
+function buildInitPrompt(ctx) {
+  return [
+    `You are "${ctx.agentName}" initializing FlumeCode for the repository ${ctx.repo.fullName}, checked out in your current working directory.`,
+    `Use the \`flumecode:document\` skill to create the initial repository wiki under \`.flumecode/wiki/\`. The wiki does not exist yet, so the skill will bootstrap it: survey the codebase and produce a high-level overview plus per-component pages. Only create files under \`.flumecode/\` \u2014 do not modify application code. The runner commits the result and opens a pull request.`,
+    "",
+    "When done, reply with a one- or two-line summary of the wiki you created."
+  ].join("\n");
+}
+
+// src/types.ts
+function jobTitle(ctx) {
+  return ctx.kind === "init" ? "Initialize FlumeCode wiki" : ctx.request?.title ?? "request";
+}
+
+// src/workspace.ts
+import { execFile } from "node:child_process";
+import { existsSync as existsSync2 } from "node:fs";
+import { mkdtemp, readdir, rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join as join3 } from "node:path";
+import { promisify } from "node:util";
+var exec = promisify(execFile);
+var WORKSPACE_PREFIX = "flume-runner-";
+var MAX_BUFFER = 1 << 24;
+async function git(args) {
+  logEvent("git", `git ${args.join(" ")}`);
+  try {
+    const result = await exec("git", args, { maxBuffer: MAX_BUFFER });
+    if (result.stdout.trim()) logEvent("git:out", result.stdout.trim());
+    if (result.stderr.trim()) logEvent("git:err", result.stderr.trim());
+    return result;
+  } catch (err) {
+    logEvent("git:err", String(err.stderr ?? err));
+    throw err;
+  }
+}
+async function ensureGitIdentity(dir, identity) {
+  await git(["-C", dir, "config", "user.email", identity.email]);
+  await git(["-C", dir, "config", "user.name", identity.name]);
+}
+function cloneUrl(ctx) {
+  const { owner, name, cloneToken } = ctx.repo;
+  return `https://x-access-token:${cloneToken}@github.com/${owner}/${name}.git`;
+}
+function detectPackageManager(dir) {
+  if (!existsSync2(join3(dir, "package.json"))) return null;
+  if (existsSync2(join3(dir, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync2(join3(dir, "yarn.lock"))) return "yarn";
+  if (existsSync2(join3(dir, "package-lock.json"))) return "npm";
+  if (existsSync2(join3(dir, "bun.lockb"))) return "bun";
+  return "npm";
+}
+async function installDependencies(dir) {
+  const manager = detectPackageManager(dir);
+  if (manager === null) return { status: "skipped" };
+  const env = { ...process.env, CI: "1", ADBLOCK: "1", DISABLE_OPENCOLLECTIVE: "1" };
+  logEvent("install", `${manager} install`);
+  try {
+    const result = await exec(manager, ["install"], {
+      cwd: dir,
+      maxBuffer: MAX_BUFFER,
+      env,
+      timeout: 5 * 6e4
+    });
+    if (result.stdout.trim()) logEvent("install:out", result.stdout.trim());
+    if (result.stderr.trim()) logEvent("install:err", result.stderr.trim());
+    return { status: "installed", manager };
+  } catch (err) {
+    const e = err;
+    const detail = [e.stdout, e.stderr].map((s) => typeof s === "string" ? s.trim() : "").filter(Boolean).join("\n");
+    logEvent("install:err", detail || (err instanceof Error ? err.message : String(err)));
+    return { status: "failed", manager, error: err instanceof Error ? err.message : String(err) };
+  }
+}
+async function makeWorkspace() {
+  return mkdtemp(join3(tmpdir(), WORKSPACE_PREFIX));
+}
+var MAX_WORKSPACES = 8;
+var workspaceRegistry = /* @__PURE__ */ new Map();
+async function acquireWorkspace(key) {
+  const existing = workspaceRegistry.get(key);
+  if (existing !== void 0 && existsSync2(existing)) {
+    workspaceRegistry.delete(key);
+    workspaceRegistry.set(key, existing);
+    return { dir: existing, reused: true };
+  }
+  const dir = await makeWorkspace();
+  workspaceRegistry.set(key, dir);
+  if (workspaceRegistry.size > MAX_WORKSPACES) {
+    const oldest = workspaceRegistry.keys().next().value;
+    const oldDir = workspaceRegistry.get(oldest);
+    workspaceRegistry.delete(oldest);
+    rm(oldDir, { recursive: true, force: true }).catch(() => {
+    });
+  }
+  return { dir, reused: false };
+}
+async function discardWorkspace(key) {
+  const dir = workspaceRegistry.get(key);
+  workspaceRegistry.delete(key);
+  if (dir !== void 0) {
+    await cleanup(dir).catch(() => {
+    });
+  }
+}
+async function resetWorkspace(dir) {
+  await git(["-C", dir, "reset", "--hard", "HEAD"]).catch(() => {
+  });
+  await git(["-C", dir, "clean", "-fd"]).catch(() => {
+  });
+}
+async function prepareAtSha(ctx, dir, reused) {
+  const identity = { name: ctx.agentName, email: ctx.agentEmail };
+  if (!reused) {
+    await cloneAtSha(ctx, dir);
+    await ensureGitIdentity(dir, identity);
+    return;
+  }
+  await git(["-C", dir, "remote", "set-url", "origin", cloneUrl(ctx)]);
+  await ensureGitIdentity(dir, identity);
+}
+async function prepareResumingBranch(ctx, dir, reused) {
+  const identity = { name: ctx.agentName, email: ctx.agentEmail };
+  if (!reused) {
+    const result = await cloneResumingBranch(ctx, dir);
+    await ensureGitIdentity(dir, identity);
+    return result;
+  }
+  await git(["-C", dir, "remote", "set-url", "origin", cloneUrl(ctx)]);
+  await ensureGitIdentity(dir, identity);
+  return { resumed: true };
+}
+async function sweepWorkspaces() {
+  const base = tmpdir();
+  let entries;
+  try {
+    entries = await readdir(base);
+  } catch {
+    return 0;
+  }
+  let removed = 0;
+  for (const entry of entries) {
+    if (!entry.startsWith(WORKSPACE_PREFIX)) continue;
+    try {
+      await rm(join3(base, entry), { recursive: true, force: true });
+      removed++;
+    } catch {
+    }
+  }
+  return removed;
+}
+async function cloneAtSha(ctx, dir) {
+  await git(["clone", "--quiet", cloneUrl(ctx), dir]);
+  await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, ctx.repo.checkoutSha]);
+}
+async function cloneResumingBranch(ctx, dir) {
+  await git(["clone", "--quiet", cloneUrl(ctx), dir]);
+  try {
+    await git(["-C", dir, "fetch", "--quiet", "origin", ctx.repo.checkoutBranch]);
+    await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, "FETCH_HEAD"]);
+    return { resumed: true };
+  } catch {
+    await git(["-C", dir, "checkout", "-B", ctx.repo.checkoutBranch, ctx.repo.checkoutSha]);
+    return { resumed: false };
+  }
+}
+async function hasChanges(dir) {
+  await git(["-C", dir, "add", "-A"]);
+  const { stdout: stdout2 } = await git(["-C", dir, "status", "--porcelain"]);
+  return stdout2.trim().length > 0;
+}
+async function gitDiffStat(dir) {
+  const { stdout: stdout2 } = await git(["-C", dir, "--no-pager", "diff", "--stat"]);
+  return stdout2;
+}
+var PreCommitError = class extends Error {
+  constructor(log) {
+    super("pre-commit checks failed");
+    this.log = log;
+    this.name = "PreCommitError";
+  }
+};
+function commitFailureLog(err) {
+  const e = err;
+  const parts = [e.stdout, e.stderr].map((s) => typeof s === "string" ? s.trim() : "").filter((s) => s.length > 0);
+  return parts.length > 0 ? parts.join("\n") : e.message ?? String(err);
+}
+function isUnsupportedGitSubcommand(err) {
+  const e = err;
+  const text = `${typeof e.stderr === "string" ? e.stderr : ""}
+${e.message ?? ""}`;
+  return /is not a git command|unknown subcommand|usage: git hook/i.test(text);
+}
+async function runRepoChecks(dir) {
+  try {
+    await git(["-C", dir, "hook", "run", "pre-commit"]);
+    logEvent("checks", "pre-commit hook passed");
+    return { ok: true, log: "", skipped: false };
+  } catch (err) {
+    if (isUnsupportedGitSubcommand(err)) {
+      logEvent("checks", "pre-commit hook skipped (git too old)");
+      return { ok: true, log: "", skipped: true };
     }
+    const log = commitFailureLog(err);
+    logEvent("checks:err", log);
+    return { ok: false, log, skipped: false };
   }
-  lines2.push(
-    "",
-    "Resolve the conflicts now. Your final reply is posted as a report in the plan thread: summarize which files conflicted and how you resolved each (the runner appends the pull-request link, so don't add one)."
-  );
-  return lines2.join("\n");
 }
-function buildDocumentPrompt(ctx, changedFiles) {
-  const lines2 = [
-    `You are "${ctx.agentName}" maintaining the repository wiki for ${ctx.repo.fullName}.`,
-    `An implementation just ran in this working directory to satisfy the request below; its changes are uncommitted in the working tree.`,
-    `Use the \`flumecode:document\` skill to bring the wiki in sync with those changes. Only edit files under \`.flumecode/wiki/\` \u2014 do not touch application code. The runner commits the wiki alongside the implementation in the same pull request.`,
-    "",
-    `# Request: ${ctx.request?.title ?? ""}`
-  ];
-  if (ctx.request?.body) {
-    lines2.push("", ctx.request.body);
+async function commitChanges(ctx, dir) {
+  if (!await hasChanges(dir)) return false;
+  try {
+    await git(["-C", dir, "commit", "--quiet", "-m", `FlumeCode: ${jobTitle(ctx)}`]);
+  } catch (err) {
+    throw new PreCommitError(commitFailureLog(err));
   }
-  appendThread(lines2, ctx);
-  if (changedFiles && changedFiles.trim()) {
-    lines2.push(
-      "",
-      "Files changed by this implementation (reconcile only the wiki pages these affect \u2014 do not re-survey the whole repo):",
-      "",
-      changedFiles.trim()
+  return true;
+}
+async function pushBranch(ctx, dir) {
+  await git(["-C", dir, "push", "--quiet", "-u", "origin", ctx.repo.checkoutBranch]);
+}
+var RebaseConflictError = class extends Error {
+  constructor(mergeBranch, files) {
+    const list = files.length ? `: ${files.join(", ")}` : "";
+    super(`Rebase onto ${mergeBranch} hit conflicts in ${files.length} file(s)${list}`);
+    this.mergeBranch = mergeBranch;
+    this.files = files;
+    this.name = "RebaseConflictError";
+  }
+};
+async function rebaseOntoMergeBranch(ctx, dir) {
+  const { mergeBranch } = ctx.repo;
+  if (!mergeBranch) return;
+  await git(["-C", dir, "fetch", "--quiet", "origin", mergeBranch]);
+  try {
+    await git(["-C", dir, "rebase", "--empty=drop", "FETCH_HEAD"]);
+  } catch (err) {
+    const conflicted = await git(["-C", dir, "diff", "--name-only", "--diff-filter=U"]).catch(
+      () => ({ stdout: "" })
     );
+    const files = conflicted.stdout.split("\n").map((line) => line.trim()).filter(Boolean);
+    await git(["-C", dir, "rebase", "--abort"]).catch(() => {
+    });
+    if (files.length === 0) throw err;
+    throw new RebaseConflictError(mergeBranch, files);
   }
-  lines2.push("", "When done, reply with a one- or two-line summary of the wiki changes you made.");
-  return lines2.join("\n");
 }
-function buildRepairPrompt(ctx, hookLog) {
-  const lines2 = [
-    `You are "${ctx.agentName}", fixing a failed pre-commit check in the repository ${ctx.repo.fullName}, checked out in your current working directory.`,
-    `The changes from the previous step are still uncommitted in the working tree. When the runner tried to commit them, the repository's pre-commit hook \u2014 which runs the project's own checks (lint / typecheck / unit tests) \u2014 failed. Make the working tree pass those checks: fix the failing code or tests at their root. Do NOT delete or skip tests, weaken assertions, or disable the checks to silence the failure. Preserve the intent of the original change; repair only what's broken. Do NOT commit or push \u2014 the runner re-commits once the checks pass.`,
-    "",
-    "These coding guidelines apply to all code produced in this run:",
-    "",
-    loadRule("coding-guideline"),
-    "",
-    "# Pre-commit hook output",
-    "",
-    "```",
-    hookLog,
-    "```",
-    "",
-    "When done, reply with a one-line summary of what you fixed."
-  ];
-  return lines2.join("\n");
+async function mergeInMergeBranch(ctx, dir) {
+  const { mergeBranch } = ctx.repo;
+  if (!mergeBranch) return { conflicted: false };
+  await git(["-C", dir, "fetch", "--quiet", "origin", mergeBranch]);
+  try {
+    await git(["-C", dir, "merge", "--no-edit", "FETCH_HEAD"]);
+    return { conflicted: false };
+  } catch {
+    return { conflicted: true };
+  }
 }
-function buildReleasePrompt(ctx, baseChecks) {
-  const task = `Use the \`flumecode:create-release\` skill to handle this turn. You are driving a release: first analyse commits since the last tag, propose version bumps, and ask the user to confirm via widgets (Phase 1); once the user's widget answers appear in the thread, apply the bumps to package.json files and update CHANGELOG.md (Phase 2). Do NOT commit or push \u2014 the runner handles that and opens the bump PR.`;
-  const orient = `Before investigating raw source, check for a FlumeCode wiki at \`.flumecode/wiki/\`. If it exists, read \`.flumecode/wiki/README.md\` first \u2014 it is the index \u2014 and follow its links to the pages and source paths relevant to this release. If there is no wiki, work from the code directly.`;
-  const widgets = `When you need the user to choose, ask it as a widget rather than writing the options as prose: call \`single_select\` for a one-of-N choice (radio buttons) or \`multi_select\` for a "select all that apply" choice (checkboxes). Don't add your own "Other" option \u2014 the UI always provides one. After calling a widget tool, end your turn \u2014 the user's answer comes back as their next message and starts a fresh run.`;
-  const lines2 = [
-    `You are "${ctx.agentName}", an autonomous coding agent driving a FlumeCode release.`,
-    `The repository ${ctx.repo.fullName} is checked out in your current working directory on the release bump branch "${ctx.repo.checkoutBranch}".`,
-    task,
-    orient,
-    widgets,
-    "",
-    "These coding guidelines apply to all code produced in this run:",
-    "",
-    loadRule("coding-guideline"),
-    "",
-    `# Release: ${ctx.request?.title ?? ""}`
-  ];
-  if (ctx.request?.body) {
-    lines2.push("", ctx.request.body);
+async function listUnmergedPaths(dir) {
+  const { stdout: stdout2 } = await git(["-C", dir, "diff", "--name-only", "--diff-filter=U"]).catch(() => ({
+    stdout: ""
+  }));
+  return stdout2.split("\n").map((line) => line.trim()).filter(Boolean);
+}
+async function listConflictMarkerPaths(dir, paths) {
+  if (paths.length === 0) return [];
+  const { stdout: stdout2 } = await git([
+    "-C",
+    dir,
+    "grep",
+    "--no-color",
+    "-lE",
+    "^(<<<<<<<|>>>>>>>|\\|\\|\\|\\|\\|\\|\\|)",
+    "--",
+    ...paths
+  ]).catch(() => ({ stdout: "" }));
+  return stdout2.split("\n").map((line) => line.trim()).filter(Boolean);
+}
+async function openPullRequest(ctx) {
+  const { owner, name, cloneToken, checkoutBranch, mergeBranch } = ctx.repo;
+  if (!mergeBranch) return null;
+  const apiBase = `https://api.github.com/repos/${owner}/${name}`;
+  const headers = {
+    authorization: `Bearer ${cloneToken}`,
+    accept: "application/vnd.github+json",
+    "x-github-api-version": "2022-11-28",
+    "content-type": "application/json"
+  };
+  const title = jobTitle(ctx);
+  const body = ctx.kind === "init" ? "Bootstraps the `.flumecode/` wiki for this repository. Opened by the FlumeCode runner." : `Opened by the FlumeCode runner for request "${title}".`;
+  const res = await fetch(`${apiBase}/pulls`, {
+    method: "POST",
+    headers,
+    body: JSON.stringify({
+      title: `FlumeCode: ${title}`,
+      head: checkoutBranch,
+      base: mergeBranch,
+      body
+    })
+  });
+  if (res.status === 201) {
+    const data = await res.json();
+    return { number: data.number, url: data.html_url };
   }
-  if (baseChecks && !baseChecks.ok) {
-    lines2.push(
-      "",
-      "# Pre-release check status",
-      "",
-      "\u26A0\uFE0F The repository's pre-commit checks (lint / typecheck / tests) are currently FAILING on the base branch, independently of any version bump. A release must not ship a broken base:",
-      "",
-      "- **Phase 1 (propose):** tell the user, in your reply, that the base currently fails these checks and that the release will fix them as part of the bump.",
-      "- **Phase 2 (apply):** fix the failing code at its root so the checks pass, THEN apply the version bumps and CHANGELOG. Do NOT delete/skip tests or weaken assertions. The fixes ship in the same bump PR. Still do NOT commit or push \u2014 the runner does.",
-      "",
-      "Failing check output:",
-      "",
-      "```",
-      baseChecks.log,
-      "```"
+  if (res.status === 422) {
+    const list = await fetch(
+      `${apiBase}/pulls?state=open&head=${owner}:${checkoutBranch}&base=${mergeBranch}`,
+      { headers }
     );
+    if (list.ok) {
+      const open = await list.json();
+      if (open[0]) return { number: open[0].number, url: open[0].html_url };
+    }
+    return null;
   }
-  appendThread(lines2, ctx);
-  lines2.push(
-    "",
-    "Your final reply is posted verbatim as your comment in the release thread \u2014 if you called widgets (Phase 1), your reply text accompanies the questions; if you applied the bumps (Phase 2), make it the report the skill produced. The runner appends the pull-request link."
-  );
-  return lines2.join("\n");
+  throw new Error(`PR creation failed: ${res.status} ${await res.text()}`);
 }
-function buildInitPrompt(ctx) {
-  return [
-    `You are "${ctx.agentName}" initializing FlumeCode for the repository ${ctx.repo.fullName}, checked out in your current working directory.`,
-    `Use the \`flumecode:document\` skill to create the initial repository wiki under \`.flumecode/wiki/\`. The wiki does not exist yet, so the skill will bootstrap it: survey the codebase and produce a high-level overview plus per-component pages. Only create files under \`.flumecode/\` \u2014 do not modify application code. The runner commits the result and opens a pull request.`,
-    "",
-    "When done, reply with a one- or two-line summary of the wiki you created."
-  ].join("\n");
+async function cleanup(dir) {
+  await rm(dir, { recursive: true, force: true });
+}
+function parsePrFromSubject(subject) {
+  const m = subject.match(/\(#(\d+)\)\s*$/);
+  return m ? Number(m[1]) : null;
+}
+async function incomingPrNumbers(ctx, dir, paths) {
+  if (!paths.length) return [];
+  try {
+    const mergeHeadResult = await git(["-C", dir, "rev-parse", "MERGE_HEAD"]);
+    const mergeHead = mergeHeadResult.stdout.trim();
+    const baseResult = await git(["-C", dir, "merge-base", "HEAD", mergeHead]);
+    const base = baseResult.stdout.trim();
+    const logResult = await git([
+      "-C",
+      dir,
+      "log",
+      "--no-merges",
+      `--format=%H%x1f%s`,
+      `${base}..${mergeHead}`,
+      "--",
+      ...paths
+    ]);
+    const nums = /* @__PURE__ */ new Set();
+    const needLookup = [];
+    for (const line of logResult.stdout.split("\n").filter(Boolean)) {
+      const idx = line.indexOf("");
+      const sha = line.slice(0, idx);
+      const subject = line.slice(idx + 1);
+      const n = parsePrFromSubject(subject);
+      if (n !== null) nums.add(n);
+      else needLookup.push(sha);
+    }
+    for (const sha of needLookup) {
+      for (const n of await prNumbersForCommit(ctx, sha)) nums.add(n);
+    }
+    return [...nums];
+  } catch {
+    return [];
+  }
+}
+async function prNumbersForCommit(ctx, sha) {
+  const { owner, name, cloneToken } = ctx.repo;
+  try {
+    const res = await fetch(`https://api.github.com/repos/${owner}/${name}/commits/${sha}/pulls`, {
+      headers: {
+        authorization: `Bearer ${cloneToken}`,
+        accept: "application/vnd.github+json",
+        "x-github-api-version": "2022-11-28"
+      }
+    });
+    if (!res.ok) return [];
+    return (await res.json()).map((p) => p.number);
+  } catch {
+    return [];
+  }
 }
 
 // src/run.ts
@@ -1419,7 +1379,7 @@ async function pushAndOpenPr(ctx, dir, config, abort, opts = { rebase: true }) {
       );
       const { report: mergeReport } = await mergeAndResolveConflicts(ctx, dir, config, abort);
       conflictResolution = mergeReport?.conflictResolution;
-      await commitWithRepair(ctx, dir, abort, { skipSocket: true });
+      await commitWithRepair(ctx, dir, abort);
       autoMerged = true;
     }
   }
@@ -1453,10 +1413,9 @@ async function mergeAndResolveConflicts(ctx, dir, config, abort) {
   }
   return { resolved: true, text: result.text.trim() || null, report: result.report ?? void 0 };
 }
-async function commitWithRepair(ctx, dir, abort, opts = {}) {
+async function commitWithRepair(ctx, dir, abort) {
   for (let attempt = 1; ; attempt++) {
     try {
-      if (!opts.skipSocket) await runSocket("pre-commit", dir);
       return await commitChanges(ctx, dir);
     } catch (err) {
       if (!(err instanceof PreCommitError) || attempt > MAX_COMMIT_REPAIRS) throw err;
@@ -1581,7 +1540,7 @@ async function processChatJob(ctx, dir, config, abort) {
     console.log(`  \u2026job ${ctx.jobId} posted ${result.widgets.length} widget(s); awaiting reply`);
     return { text: reply, widgets: result.widgets };
   }
-  const wikiExists = existsSync4(join6(dir, ".flumecode", "wiki"));
+  const wikiExists = existsSync3(join4(dir, ".flumecode", "wiki"));
   let documented = false;
   if (ctx.permissionMode !== "plan" && wikiExists && await hasChanges(dir)) {
     try {
@@ -1670,7 +1629,7 @@ ${reply}`;
 
 > \u26A0\uFE0F Dependencies failed to install (\`${installResult.manager}\`); tests may not have run.`;
   }
-  const wikiExists = existsSync4(join6(dir, ".flumecode", "wiki"));
+  const wikiExists = existsSync3(join4(dir, ".flumecode", "wiki"));
   let documented = false;
   if (wikiExists && await hasChanges(dir)) {
     try {
@@ -1694,9 +1653,7 @@ ${reply}`;
     rebase: !resumed
   });
   reply += outcomeBanner(outcome, { branch: ctx.repo.checkoutBranch, documented, autoMerged });
-  const lintPlugins = getSocketResults();
-  const reportWithConflict = report && conflictResolution ? { ...report, conflictResolution } : report;
-  const finalReport = reportWithConflict && lintPlugins.length ? { ...reportWithConflict, lint: { plugins: lintPlugins } } : reportWithConflict;
+  const finalReport = report && conflictResolution ? { ...report, conflictResolution } : report;
   return {
     text: reply,
     widgets: [],
@@ -1728,7 +1685,7 @@ async function processReviseJob(ctx, dir, resumed, config, abort) {
     console.log(`  \u2026revise ${ctx.jobId} posted ${result.widgets.length} widget(s); awaiting reply`);
     return { text: reply, widgets: result.widgets };
   }
-  const wikiExists = existsSync4(join6(dir, ".flumecode", "wiki"));
+  const wikiExists = existsSync3(join4(dir, ".flumecode", "wiki"));
   let documented = false;
   if (wikiExists && await hasChanges(dir)) {
     try {
@@ -1754,9 +1711,7 @@ async function processReviseJob(ctx, dir, resumed, config, abort) {
   if (outcome.kind !== "none") {
     reply += outcomeBanner(outcome, { branch: ctx.repo.checkoutBranch, documented, autoMerged });
   }
-  const lintPlugins = getSocketResults();
-  const reportWithConflict = report && conflictResolution ? { ...report, conflictResolution } : report;
-  const finalReport = reportWithConflict && lintPlugins.length ? { ...reportWithConflict, lint: { plugins: lintPlugins } } : reportWithConflict;
+  const finalReport = report && conflictResolution ? { ...report, conflictResolution } : report;
   return {
     text: reply,
     widgets: [],
@@ -1782,7 +1737,7 @@ async function processResolveJob(ctx, dir, config, abort) {
 > \u26A0\uFE0F Dependencies failed to install (\`${installResult.manager}\`); tests may not have run.`;
   }
   if (abort.signal.aborted) throw new Error("Run canceled by user");
-  await commitWithRepair(ctx, dir, abort, { skipSocket: true });
+  await commitWithRepair(ctx, dir, abort);
   await pushBranch(ctx, dir);
   const pr = await openPullRequest(ctx);
   const outcome = pr ? { kind: "pr", pr } : { kind: "pushed" };
@@ -1896,7 +1851,6 @@ async function pollLoop(config) {
       scheduleCancelPoll();
       try {
         resetUsage();
-        resetSocketResults();
         const { text, widgets, pr, plans, report } = await processJob(ctx, config, abort);
         const usage = getUsage();
         await reportJob(config, ctx.jobId, {