npm - @gaud_erp/paperclip-github-manager - Versions diffs - 0.4.0 → 1.1.0 - Mend

@gaud_erp/paperclip-github-manager 0.4.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +133 -61
package/dist/manifest.js +159 -68
package/dist/manifest.js.map +3 -3
package/dist/ui/index.js +671 -542
package/dist/ui/index.js.map +4 -4
package/dist/worker.js +998 -829
package/dist/worker.js.map +4 -4
package/package.json +28 -40
package/src/db/migrations/001_initial.sql +70 -0

package/dist/worker.js CHANGED Viewed

@@ -1,9 +1,264 @@
 var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
+// src/db/queries.ts
+var queries_exports = {};
+__export(queries_exports, {
+  completeSyncLog: () => completeSyncLog,
+  createSyncLog: () => createSyncLog,
+  getLastSyncTime: () => getLastSyncTime,
+  getLinksForCard: () => getLinksForCard,
+  getLinksForPR: () => getLinksForPR,
+  getPRByRepoAndNumber: () => getPRByRepoAndNumber,
+  getRepoByFullName: () => getRepoByFullName,
+  linkPRToCard: () => linkPRToCard,
+  listPRs: () => listPRs,
+  listRepos: () => listRepos,
+  upsertIssue: () => upsertIssue,
+  upsertPR: () => upsertPR,
+  upsertRepo: () => upsertRepo
+});
+async function upsertRepo(db, repo) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  await db.execute(
+    `INSERT INTO ${S}.gh_repositories (id, full_name, owner, name, private, default_branch, html_url, description, language, topics, updated_at, synced_at)
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)
+     ON CONFLICT (id) DO UPDATE SET
+       full_name = EXCLUDED.full_name,
+       owner = EXCLUDED.owner,
+       name = EXCLUDED.name,
+       private = EXCLUDED.private,
+       default_branch = EXCLUDED.default_branch,
+       html_url = EXCLUDED.html_url,
+       description = EXCLUDED.description,
+       language = EXCLUDED.language,
+       topics = EXCLUDED.topics,
+       updated_at = EXCLUDED.updated_at,
+       synced_at = EXCLUDED.synced_at`,
+    [
+      repo.id,
+      repo.fullName,
+      repo.owner,
+      repo.name,
+      repo.private,
+      repo.defaultBranch,
+      repo.htmlUrl,
+      repo.description,
+      repo.language,
+      JSON.stringify(repo.topics),
+      repo.updatedAt,
+      now
+    ]
+  );
+}
+async function listRepos(db) {
+  const rows = await db.query(`SELECT * FROM ${S}.gh_repositories ORDER BY full_name`);
+  return rows.map(mapRepo);
+}
+async function getRepoByFullName(db, fullName) {
+  const rows = await db.query(`SELECT * FROM ${S}.gh_repositories WHERE full_name = $1`, [fullName]);
+  return rows.length > 0 ? mapRepo(rows[0]) : null;
+}
+function mapRepo(row) {
+  return {
+    id: row.id,
+    fullName: row.full_name,
+    owner: row.owner,
+    name: row.name,
+    private: row.private,
+    defaultBranch: row.default_branch,
+    htmlUrl: row.html_url,
+    description: row.description,
+    language: row.language,
+    topics: JSON.parse(row.topics || "[]"),
+    updatedAt: row.updated_at,
+    syncedAt: row.synced_at
+  };
+}
+async function upsertPR(db, pr) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  await db.execute(
+    `INSERT INTO ${S}.gh_pull_requests (id, repo_id, number, title, body, state, author, head_branch, base_branch, html_url, draft, mergeable, merged_at, created_at, updated_at, synced_at)
+     VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16)
+     ON CONFLICT (repo_id, number) DO UPDATE SET
+       title = EXCLUDED.title, body = EXCLUDED.body, state = EXCLUDED.state,
+       author = EXCLUDED.author, head_branch = EXCLUDED.head_branch,
+       base_branch = EXCLUDED.base_branch, html_url = EXCLUDED.html_url,
+       draft = EXCLUDED.draft, mergeable = EXCLUDED.mergeable,
+       merged_at = EXCLUDED.merged_at, updated_at = EXCLUDED.updated_at,
+       synced_at = EXCLUDED.synced_at`,
+    [
+      pr.id,
+      pr.repoId,
+      pr.number,
+      pr.title,
+      pr.body,
+      pr.state,
+      pr.author,
+      pr.headBranch,
+      pr.baseBranch,
+      pr.htmlUrl,
+      pr.draft,
+      pr.mergeable,
+      pr.mergedAt,
+      pr.createdAt,
+      pr.updatedAt,
+      now
+    ]
+  );
+}
+async function listPRs(db, filters) {
+  let sql = `SELECT p.*, r.full_name AS repo_full_name
+             FROM ${S}.gh_pull_requests p
+             JOIN ${S}.gh_repositories r ON r.id = p.repo_id
+             WHERE 1=1`;
+  const params = [];
+  let idx = 1;
+  if (filters?.repoId) {
+    sql += ` AND p.repo_id = $${idx++}`;
+    params.push(filters.repoId);
+  }
+  if (filters?.state) {
+    sql += ` AND p.state = $${idx++}`;
+    params.push(filters.state);
+  }
+  if (filters?.author) {
+    sql += ` AND p.author = $${idx++}`;
+    params.push(filters.author);
+  }
+  sql += " ORDER BY p.updated_at DESC";
+  const rows = await db.query(sql, params);
+  return rows.map(mapPRWithRepo);
+}
+async function getPRByRepoAndNumber(db, repoId, number) {
+  const rows = await db.query(
+    `SELECT p.*, r.full_name AS repo_full_name
+     FROM ${S}.gh_pull_requests p
+     JOIN ${S}.gh_repositories r ON r.id = p.repo_id
+     WHERE p.repo_id = $1 AND p.number = $2`,
+    [repoId, number]
+  );
+  return rows.length > 0 ? mapPRWithRepo(rows[0]) : null;
+}
+function mapPRWithRepo(row) {
+  return {
+    id: row.id,
+    repoId: row.repo_id,
+    number: row.number,
+    title: row.title,
+    body: row.body,
+    state: row.state,
+    author: row.author,
+    headBranch: row.head_branch,
+    baseBranch: row.base_branch,
+    htmlUrl: row.html_url,
+    draft: row.draft,
+    mergeable: row.mergeable,
+    mergedAt: row.merged_at,
+    createdAt: row.created_at,
+    updatedAt: row.updated_at,
+    syncedAt: row.synced_at,
+    repoFullName: row.repo_full_name
+  };
+}
+async function upsertIssue(db, issue) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  await db.execute(
+    `INSERT INTO ${S}.gh_issues (id, repo_id, number, title, body, state, author, labels, html_url, created_at, updated_at, synced_at)
+     VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12)
+     ON CONFLICT (repo_id, number) DO UPDATE SET
+       title = EXCLUDED.title, body = EXCLUDED.body, state = EXCLUDED.state,
+       author = EXCLUDED.author, labels = EXCLUDED.labels,
+       html_url = EXCLUDED.html_url, updated_at = EXCLUDED.updated_at,
+       synced_at = EXCLUDED.synced_at`,
+    [
+      issue.id,
+      issue.repoId,
+      issue.number,
+      issue.title,
+      issue.body,
+      issue.state,
+      issue.author,
+      JSON.stringify(issue.labels),
+      issue.htmlUrl,
+      issue.createdAt,
+      issue.updatedAt,
+      now
+    ]
+  );
+}
+async function linkPRToCard(db, prId, issueId, source) {
+  await db.execute(
+    `INSERT INTO ${S}.gh_pr_card_links (pr_id, issue_id, link_source, created_at)
+     VALUES ($1, $2, $3, $4)
+     ON CONFLICT (pr_id, issue_id) DO NOTHING`,
+    [prId, issueId, source, (/* @__PURE__ */ new Date()).toISOString()]
+  );
+}
+async function getLinksForCard(db, issueId) {
+  const rows = await db.query(
+    `SELECT p.*, r.full_name AS repo_full_name
+     FROM ${S}.gh_pr_card_links l
+     JOIN ${S}.gh_pull_requests p ON p.id = l.pr_id
+     JOIN ${S}.gh_repositories r ON r.id = p.repo_id
+     WHERE l.issue_id = $1
+     ORDER BY p.updated_at DESC`,
+    [issueId]
+  );
+  return rows.map(mapPRWithRepo);
+}
+async function getLinksForPR(db, prId) {
+  const rows = await db.query(
+    `SELECT * FROM ${S}.gh_pr_card_links WHERE pr_id = $1`,
+    [prId]
+  );
+  return rows.map((r) => ({
+    id: r.id,
+    prId: r.pr_id,
+    issueId: r.issue_id,
+    linkSource: r.link_source,
+    createdAt: r.created_at
+  }));
+}
+async function createSyncLog(db, scope) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  await db.execute(
+    `INSERT INTO ${S}.gh_sync_log (scope, started_at) VALUES ($1, $2)`,
+    [scope, now]
+  );
+  const rows = await db.query(
+    `SELECT id FROM ${S}.gh_sync_log WHERE scope = $1 AND started_at = $2 ORDER BY id DESC LIMIT 1`,
+    [scope, now]
+  );
+  return rows[0].id;
+}
+async function completeSyncLog(db, id, stats) {
+  await db.execute(
+    `UPDATE ${S}.gh_sync_log SET repos_synced=$1, prs_synced=$2, issues_synced=$3, errors=$4, finished_at=$5 WHERE id=$6`,
+    [stats.reposSynced, stats.prsSynced, stats.issuesSynced, JSON.stringify(stats.errors), (/* @__PURE__ */ new Date()).toISOString(), id]
+  );
+}
+async function getLastSyncTime(db) {
+  const rows = await db.query(
+    `SELECT finished_at FROM ${S}.gh_sync_log WHERE finished_at IS NOT NULL ORDER BY finished_at DESC LIMIT 1`
+  );
+  return rows.length > 0 ? rows[0].finished_at : null;
+}
+var S;
+var init_queries = __esm({
+  "src/db/queries.ts"() {
+    "use strict";
+    S = "plugin_cus_github_manager_d2300af002";
+  }
+});
 // node_modules/@paperclipai/plugin-sdk/dist/define-plugin.js
 function definePlugin(definition) {
   return Object.freeze({ definition });
@@ -3837,7 +4092,7 @@ ZodNaN.create = (params) => {
     ...processCreateParams(params)
   });
 };
-var BRAND = /* @__PURE__ */ Symbol("zod_brand");
+var BRAND = Symbol("zod_brand");
 var ZodBranded = class extends ZodType {
   _parse(input) {
     const { ctx } = this._processInputParams(input);
@@ -8914,949 +9169,863 @@ function startWorkerRpcHost(options) {
   };
 }
-// src/github-config.ts
-var GITHUB_PAT_STATE_KEY = "github.token.pat";
-var GITHUB_SECRET_REF_STATE_KEY = "github.token.secretRef";
-var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-function companyScope(companyId) {
-  return { scopeKind: "company", scopeId: companyId };
-}
-async function loadGithubPat(ctx, companyId) {
-  const raw = await ctx.state.get({ ...companyScope(companyId), stateKey: GITHUB_PAT_STATE_KEY });
-  return typeof raw === "string" && raw.trim().length > 0 ? raw.trim() : null;
-}
-async function loadGithubSecretRef(ctx, companyId) {
-  const raw = await ctx.state.get({
-    ...companyScope(companyId),
-    stateKey: GITHUB_SECRET_REF_STATE_KEY
+// src/github/config.ts
+var GITHUB_PAT_KEY = "github_pat";
+var GITHUB_SECRET_REF_KEY = "github_secret_ref";
+async function resolveGithubToken(ctx, companyId) {
+  const pat = await ctx.state.get({
+    scopeKind: "company",
+    scopeId: companyId,
+    stateKey: GITHUB_PAT_KEY
   });
-  const ref = typeof raw === "string" ? raw.trim() : "";
-  return UUID_RE.test(ref) ? ref : null;
-}
-async function saveGithubPat(ctx, companyId, token) {
-  const trimmed = token.trim();
-  if (!trimmed) {
-    throw new Error("GitHub token is required");
+  if (pat && typeof pat === "string" && pat.trim()) return pat.trim();
+  const secretRef = await ctx.state.get({
+    scopeKind: "company",
+    scopeId: companyId,
+    stateKey: GITHUB_SECRET_REF_KEY
+  });
+  if (secretRef && typeof secretRef === "string" && secretRef.trim()) {
+    const resolved = await ctx.secrets.resolve(secretRef.trim());
+    if (resolved) return resolved;
   }
-  await ctx.state.set({ ...companyScope(companyId), stateKey: GITHUB_PAT_STATE_KEY }, trimmed);
-}
-async function saveGithubSecretRef(ctx, companyId, secretRef) {
-  const trimmed = secretRef.trim();
-  if (!UUID_RE.test(trimmed)) {
-    throw new Error("Secret ID must be a UUID from Company \u2192 Settings \u2192 Secrets");
-  }
-  await ctx.state.set(
-    { ...companyScope(companyId), stateKey: GITHUB_SECRET_REF_STATE_KEY },
-    trimmed
-  );
+  const envToken = process.env.GITHUB_TOKEN?.trim();
+  if (envToken) return envToken;
+  throw new Error("No GitHub token configured. Set a PAT or secret reference in Settings.");
 }
-async function clearGithubAuth(ctx, companyId) {
-  await ctx.state.set({ ...companyScope(companyId), stateKey: GITHUB_PAT_STATE_KEY }, null);
-  await ctx.state.set({ ...companyScope(companyId), stateKey: GITHUB_SECRET_REF_STATE_KEY }, null);
+async function saveGithubPAT(ctx, companyId, token) {
+  await ctx.state.set({
+    scopeKind: "company",
+    scopeId: companyId,
+    stateKey: GITHUB_PAT_KEY
+  }, token);
 }
-async function getGithubAuthStatus(ctx, companyId) {
-  const pat = await loadGithubPat(ctx, companyId);
-  if (pat) {
-    return { configured: true, mode: "pat" };
-  }
-  const secretRef = await loadGithubSecretRef(ctx, companyId);
-  if (secretRef) {
-    return { configured: true, mode: "secret-ref" };
-  }
-  return { configured: false, mode: "none" };
+async function saveGithubSecretRef(ctx, companyId, ref) {
+  await ctx.state.set({
+    scopeKind: "company",
+    scopeId: companyId,
+    stateKey: GITHUB_SECRET_REF_KEY
+  }, ref);
 }
-async function resolveGithubToken(ctx, companyId) {
-  const pat = await loadGithubPat(ctx, companyId);
-  if (pat) {
-    return pat;
-  }
-  const secretRef = await loadGithubSecretRef(ctx, companyId);
-  if (!secretRef) {
-    return null;
-  }
-  try {
-    return await ctx.secrets.resolve(secretRef);
-  } catch {
-    return null;
-  }
-}
-// src/github-env.ts
 function getGithubApiBase() {
-  const raw = process.env.GITHUB_API_URL?.trim();
-  return raw ? raw.replace(/\/+$/, "") : "https://api.github.com";
-}
-function getGithubDefaultOwner() {
-  const raw = process.env.GITHUB_DEFAULT_OWNER?.trim();
-  return raw && raw.length > 0 ? raw : null;
+  const base = process.env.GITHUB_API_URL?.trim();
+  return base ? base.replace(/\/+$/, "") : "https://api.github.com";
 }
-// src/github-api.ts
-var GITHUB_WEBHOOK_ENDPOINT = "github-events";
-async function githubFetch(ctx, token, path2, init) {
-  const apiBase = getGithubApiBase();
-  const url = path2.startsWith("http") ? path2 : `${apiBase}${path2}`;
-  return ctx.http.fetch(url, {
-    ...init,
-    headers: {
-      Authorization: `Bearer ${token}`,
-      Accept: "application/vnd.github+json",
-      "X-GitHub-Api-Version": "2022-11-28",
-      ...init?.headers ?? {}
-    }
+// src/github/api-client.ts
+async function githubFetch(ctx, companyId, path2, options = {}) {
+  const token = await resolveGithubToken(ctx, companyId);
+  const base = getGithubApiBase();
+  const url = path2.startsWith("http") ? path2 : `${base}${path2}`;
+  const headers = {
+    Authorization: `Bearer ${token}`,
+    Accept: options.accept ?? "application/vnd.github+json",
+    "X-GitHub-Api-Version": "2022-11-28"
+  };
+  const resp = await ctx.http.fetch(url, {
+    method: options.method ?? "GET",
+    headers,
+    body: options.body ? JSON.stringify(options.body) : void 0
   });
-}
-function parseRepoFullName(fullName) {
-  const [owner, repo] = fullName.split("/");
-  if (!owner || !repo) {
-    throw new Error(`Invalid repository full name: ${fullName}`);
+  const rateLimit = {
+    remaining: Number(resp.headers.get("x-ratelimit-remaining") ?? 5e3),
+    limit: Number(resp.headers.get("x-ratelimit-limit") ?? 5e3),
+    resetAt: new Date(
+      Number(resp.headers.get("x-ratelimit-reset") ?? 0) * 1e3
+    ).toISOString()
+  };
+  if (!resp.ok) {
+    const body = await resp.text();
+    if (resp.status === 403 && rateLimit.remaining === 0) {
+      throw new Error(`GitHub rate limit exceeded. Resets at ${rateLimit.resetAt}`);
+    }
+    throw new Error(`GitHub API ${resp.status}: ${body}`);
   }
-  return { owner, repo };
-}
-function buildInboundWebhookUrl(pluginId, baseUrl = "http://127.0.0.1:3100") {
-  return `${baseUrl.replace(/\/+$/, "")}/api/plugins/${pluginId}/webhooks/${GITHUB_WEBHOOK_ENDPOINT}`;
+  const data = await resp.json();
+  return { data, rateLimit };
 }
-function formatRateLimitMessage(res) {
-  const remaining = res.headers.get("x-ratelimit-remaining");
-  const reset = res.headers.get("x-ratelimit-reset");
-  if (res.status !== 403 || remaining !== "0") {
-    return null;
-  }
-  const resetAt = reset && Number.isFinite(Number(reset)) ? new Date(Number(reset) * 1e3).toISOString() : "unknown";
-  return `GitHub API rate limit exceeded. Retry after ${resetAt}.`;
-}
-async function assertGithubResponse(res, action) {
-  if (res.ok) {
-    return;
-  }
-  const rateLimit = formatRateLimitMessage(res);
-  const body = await res.text().catch(() => "");
-  const detail = body.length > 0 && body.length < 500 ? `: ${body}` : "";
-  throw new Error(rateLimit ?? `GitHub ${action} failed (HTTP ${res.status})${detail}`);
+function isRateLimitSafe(rateLimit, threshold = 100) {
+  return rateLimit.remaining > threshold;
 }
-// src/github-review-tools.ts
+// src/review/review-tools.ts
 var MAX_DIFF_CHARS = 12e4;
-var MAX_FILE_PATCH_CHARS = 32e3;
-function requireString(value, field) {
-  if (typeof value !== "string" || value.trim().length === 0) {
-    throw new Error(`${field} is required`);
-  }
-  return value.trim();
-}
-function requireNumber(value, field) {
-  const n = typeof value === "number" ? value : Number(value);
-  if (!Number.isFinite(n) || n < 1) {
-    throw new Error(`${field} must be a positive number`);
-  }
-  return Math.floor(n);
-}
-function resolveOwnerRepo(params) {
-  const owner = requireString(params.owner, "owner");
-  const repo = requireString(params.repo, "repo");
-  return { owner, repo };
-}
-async function resolveTokenForRun(ctx, runCtx) {
-  const companyToken = await resolveGithubToken(ctx, runCtx.companyId);
-  if (companyToken) {
-    return companyToken;
-  }
-  const envToken = process.env.GITHUB_TOKEN?.trim();
-  if (envToken) {
-    return envToken;
-  }
-  throw new Error(
-    "GitHub token not configured \u2014 save a PAT in GitHub \u2192 Configura\xE7\xF5es or set GITHUB_TOKEN"
-  );
-}
-function toolJson(data, summary) {
-  return {
-    content: summary ?? JSON.stringify(data, null, 2),
-    data
-  };
-}
-function truncateDiff(diff) {
-  if (diff.length <= MAX_DIFF_CHARS) {
-    return { diff, truncated: false, originalLength: diff.length };
-  }
-  const head = diff.slice(0, MAX_DIFF_CHARS);
-  const notice = `
-\u2026 [diff truncated: ${diff.length} chars total, showing first ${MAX_DIFF_CHARS}] \u2026
-`;
-  return {
-    diff: head + notice,
-    truncated: true,
-    originalLength: diff.length
-  };
-}
-async function fetchPullRequestDiff(ctx, token, { owner, repo }, prNumber) {
-  const metaRes = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/pulls/${prNumber}`
-  );
-  await assertGithubResponse(metaRes, "fetch pull request");
-  const pr = await metaRes.json();
-  const diffRes = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/pulls/${prNumber}`,
-    { headers: { Accept: "application/vnd.github.diff" } }
-  );
-  await assertGithubResponse(diffRes, "fetch pull request diff");
-  let diffText = await diffRes.text();
-  const { diff, truncated, originalLength } = truncateDiff(diffText);
-  diffText = diff;
-  let files = [];
-  if (truncated) {
-    const filesRes = await githubFetch(
-      ctx,
-      token,
-      `/repos/${owner}/${repo}/pulls/${prNumber}/files?per_page=100`
-    );
-    if (filesRes.ok) {
-      const rows = await filesRes.json();
-      files = rows.map((f) => ({
+var MAX_FILE_CHARS = 128e3;
+function registerReviewTools(ctx) {
+  ctx.tools.register(
+    "github_get_pull_request_diff",
+    {
+      displayName: "Get PR Diff",
+      description: "Get the diff of a GitHub pull request for code review",
+      parametersSchema: {
+        type: "object",
+        properties: {
+          owner: { type: "string", description: "Repository owner" },
+          repo: { type: "string", description: "Repository name" },
+          pull_number: { type: "number", description: "PR number" }
+        },
+        required: ["owner", "repo", "pull_number"]
+      }
+    },
+    async (params, runCtx) => {
+      const { owner, repo, pull_number } = params;
+      const companyId = runCtx.companyId;
+      if (!companyId) return { error: "No company context" };
+      const { data: prData } = await githubFetch(ctx, companyId, `/repos/${owner}/${repo}/pulls/${pull_number}`);
+      const pr = prData;
+      const { data: diffData } = await githubFetch(
+        ctx,
+        companyId,
+        `/repos/${owner}/${repo}/pulls/${pull_number}`,
+        { accept: "application/vnd.github.v3.diff" }
+      );
+      let diff = String(diffData);
+      let truncated = false;
+      if (diff.length > MAX_DIFF_CHARS) {
+        diff = diff.slice(0, MAX_DIFF_CHARS);
+        truncated = true;
+      }
+      const { data: filesData } = await githubFetch(
+        ctx,
+        companyId,
+        `/repos/${owner}/${repo}/pulls/${pull_number}/files?per_page=100`
+      );
+      const files = filesData.map((f) => ({
         filename: f.filename,
         status: f.status,
         additions: f.additions,
         deletions: f.deletions
       }));
+      return {
+        content: `PR #${pull_number}: ${pr.title}
+Author: ${pr.user.login}
+Files changed: ${files.length}${truncated ? "\n\u26A0\uFE0F Diff truncated" : ""}
+${diff}`,
+        data: { pr: { title: pr.title, number: pull_number, sha: pr.head.sha }, files }
+      };
     }
-  }
-  const payload = {
-    pullRequest: {
-      number: pr.number,
-      title: pr.title,
-      state: pr.state,
-      htmlUrl: pr.html_url,
-      author: pr.user?.login ?? "unknown",
-      headSha: pr.head?.sha ?? null,
-      headRef: pr.head?.ref ?? null,
-      baseRef: pr.base?.ref ?? null,
-      draft: pr.draft ?? false,
-      mergedAt: pr.merged_at ?? null
-    },
-    diff: diffText,
-    truncated,
-    diffOriginalLength: originalLength,
-    changedFiles: files
-  };
-  return toolJson(
-    payload,
-    truncated ? `PR #${prNumber} "${pr.title}" \u2014 diff truncated (${originalLength} chars)` : `PR #${prNumber} "${pr.title}" \u2014 full diff (${originalLength} chars)`
-  );
-}
-async function createReviewComment(ctx, token, params) {
-  const { owner, repo } = resolveOwnerRepo(params);
-  const prNumber = requireNumber(params.pr_number, "pr_number");
-  const commitId = requireString(params.commit_id, "commit_id");
-  const path2 = requireString(params.path, "path");
-  const line = requireNumber(params.line, "line");
-  const body = requireString(params.body, "body");
-  const res = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/pulls/${prNumber}/comments`,
-    {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        body,
-        commit_id: commitId,
-        path: path2,
-        line,
-        side: "RIGHT"
-      })
-    }
-  );
-  await assertGithubResponse(res, "create review comment");
-  const comment = await res.json();
-  return toolJson(
-    { id: comment.id, htmlUrl: comment.html_url ?? null },
-    `Review comment created on ${path2}:${line}`
-  );
-}
-async function submitPrReview(ctx, token, params) {
-  const { owner, repo } = resolveOwnerRepo(params);
-  const prNumber = requireNumber(params.pr_number, "pr_number");
-  const event = requireString(params.event, "event").toUpperCase();
-  const body = requireString(params.body, "body");
-  if (!["APPROVE", "REQUEST_CHANGES", "COMMENT"].includes(event)) {
-    throw new Error("event must be APPROVE, REQUEST_CHANGES, or COMMENT");
-  }
-  const res = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/pulls/${prNumber}/reviews`,
-    {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ event, body })
-    }
-  );
-  await assertGithubResponse(res, "submit pull request review");
-  const review = await res.json();
-  return toolJson(
-    { id: review.id, state: review.state, htmlUrl: review.html_url ?? null },
-    `Review submitted: ${review.state}`
-  );
-}
-async function readFileContent(ctx, token, params) {
-  const { owner, repo } = resolveOwnerRepo(params);
-  const path2 = requireString(params.path, "path").replace(/^\/+/, "");
-  const ref = typeof params.ref === "string" && params.ref.trim().length > 0 ? params.ref.trim() : void 0;
-  const query = ref ? `?ref=${encodeURIComponent(ref)}` : "";
-  const res = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/contents/${path2.split("/").map(encodeURIComponent).join("/")}${query}`
-  );
-  await assertGithubResponse(res, "read file content");
-  const file = await res.json();
-  if (file.type !== "file" || !file.content) {
-    throw new Error(`Path is not a file or is too large for API: ${path2}`);
-  }
-  const decoded = Buffer.from(file.content.replace(/\n/g, ""), "base64").toString("utf8");
-  if (decoded.length > MAX_FILE_PATCH_CHARS * 4) {
-    return toolJson(
-      {
-        path: path2,
-        ref: ref ?? "default",
-        truncated: true,
-        size: file.size ?? decoded.length,
-        content: decoded.slice(0, MAX_FILE_PATCH_CHARS * 4),
-        message: `File content truncated to ${MAX_FILE_PATCH_CHARS * 4} characters`
-      },
-      `File ${path2} (truncated)`
-    );
-  }
-  return toolJson(
-    { path: path2, ref: ref ?? "default", sha: file.sha ?? null, size: file.size ?? decoded.length, content: decoded },
-    `File ${path2} (${decoded.length} chars)`
-  );
-}
-async function listRepositories(ctx, token, params) {
-  const defaultOwner = getGithubDefaultOwner();
-  const owner = typeof params.owner === "string" && params.owner.trim().length > 0 ? params.owner.trim() : defaultOwner;
-  const perPage = Math.min(
-    100,
-    typeof params.per_page === "number" ? params.per_page : Number(params.per_page) || 30
   );
-  let path2;
-  if (owner) {
-    const orgProbe = await githubFetch(ctx, token, `/orgs/${owner}`);
-    path2 = orgProbe.ok ? `/orgs/${owner}/repos?per_page=${perPage}&sort=updated` : `/users/${owner}/repos?per_page=${perPage}&sort=updated`;
-  } else {
-    path2 = `/user/repos?per_page=${perPage}&sort=updated&affiliation=owner,organization_member`;
-  }
-  const res = await githubFetch(ctx, token, path2);
-  await assertGithubResponse(res, "list repositories");
-  const rows = await res.json();
-  const repos = rows.map((r) => ({
-    id: r.id,
-    fullName: r.full_name,
-    private: r.private,
-    htmlUrl: r.html_url,
-    defaultBranch: r.default_branch,
-    updatedAt: r.updated_at
-  }));
-  return toolJson({ owner: owner ?? null, count: repos.length, repos });
-}
-async function searchIssues(ctx, token, params) {
-  const query = requireString(params.q ?? params.query, "q");
-  const perPage = Math.min(
-    100,
-    typeof params.per_page === "number" ? params.per_page : Number(params.per_page) || 20
-  );
-  const res = await githubFetch(
-    ctx,
-    token,
-    `/search/issues?q=${encodeURIComponent(query)}&per_page=${perPage}`
-  );
-  await assertGithubResponse(res, "search issues");
-  const body = await res.json();
-  const issues = body.items.map((item) => {
-    const repoMatch = item.repository_url.match(/repos\/([^/]+)\/([^/]+)$/);
-    const repoFullName = repoMatch && repoMatch[1] && repoMatch[2] ? `${repoMatch[1]}/${repoMatch[2]}` : null;
-    return {
-      id: item.id,
-      number: item.number,
-      title: item.title,
-      state: item.state,
-      htmlUrl: item.html_url,
-      repoFullName,
-      updatedAt: item.updated_at
-    };
-  });
-  return toolJson({
-    totalCount: body.total_count,
-    incompleteResults: body.incomplete_results ?? false,
-    count: issues.length,
-    issues
-  });
-}
-var ownerRepoSchema = {
-  type: "object",
-  properties: {
-    owner: { type: "string", description: "Repository owner (user or org)" },
-    repo: { type: "string", description: "Repository name" }
-  },
-  required: ["owner", "repo"]
-};
-function registerGithubReviewTools(ctx) {
-  const wrap = (name, declaration, handler) => {
-    ctx.tools.register(name, declaration, async (params, runCtx) => {
-      try {
-        const token = await resolveTokenForRun(ctx, runCtx);
-        return await handler(ctx, token, params ?? {});
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return { error: message, content: message };
-      }
-    });
-  };
-  wrap(
-    "github_get_pull_request_diff",
+  ctx.tools.register(
+    "github_read_file_content",
     {
-      displayName: "Get PR diff",
-      description: "Returns pull request metadata and unified diff. Large diffs are truncated with a file list.",
+      displayName: "Read File",
+      description: "Read a file from a GitHub repository",
       parametersSchema: {
-        ...ownerRepoSchema,
+        type: "object",
         properties: {
-          ...ownerRepoSchema.properties,
-          pr_number: { type: "integer", description: "Pull request number" }
+          owner: { type: "string" },
+          repo: { type: "string" },
+          path: { type: "string", description: "File path in the repository" },
+          ref: { type: "string", description: "Branch, tag, or commit SHA (optional)" }
         },
-        required: ["owner", "repo", "pr_number"]
+        required: ["owner", "repo", "path"]
       }
     },
-    async (ctx2, token, params) => {
-      const { owner, repo } = resolveOwnerRepo(params);
-      const prNumber = requireNumber(params.pr_number, "pr_number");
-      return fetchPullRequestDiff(ctx2, token, { owner, repo }, prNumber);
+    async (params, runCtx) => {
+      const { owner, repo, path: path2, ref } = params;
+      const companyId = runCtx.companyId;
+      if (!companyId) return { error: "No company context" };
+      const refParam = ref ? `?ref=${ref}` : "";
+      const { data } = await githubFetch(
+        ctx,
+        companyId,
+        `/repos/${owner}/${repo}/contents/${path2}${refParam}`
+      );
+      const file = data;
+      const content = Buffer.from(file.content, "base64").toString("utf-8");
+      const truncated = content.length > MAX_FILE_CHARS;
+      return {
+        content: truncated ? content.slice(0, MAX_FILE_CHARS) + "\n\u26A0\uFE0F Truncated" : content,
+        data: { path: path2, size: file.size, sha: file.sha }
+      };
     }
   );
-  wrap(
+  ctx.tools.register(
     "github_create_review_comment",
     {
-      displayName: "Create PR review comment",
-      description: "Adds an inline review comment on a specific line in a pull request diff.",
+      displayName: "Add Review Comment",
+      description: "Add an inline review comment to a pull request",
       parametersSchema: {
-        ...ownerRepoSchema,
+        type: "object",
         properties: {
-          ...ownerRepoSchema.properties,
-          pr_number: { type: "integer" },
-          commit_id: { type: "string", description: "Head commit SHA" },
-          path: { type: "string", description: "File path in the repo" },
-          line: { type: "integer", description: "Line number in the modified file" },
-          body: { type: "string", description: "Comment text" }
+          owner: { type: "string" },
+          repo: { type: "string" },
+          pull_number: { type: "number" },
+          commit_id: { type: "string", description: "The SHA of the PR head commit" },
+          path: { type: "string", description: "File path relative to repo root" },
+          line: { type: "number", description: "Line number in the diff" },
+          body: { type: "string", description: "Comment text (markdown)" }
         },
-        required: ["owner", "repo", "pr_number", "commit_id", "path", "line", "body"]
+        required: ["owner", "repo", "pull_number", "commit_id", "path", "line", "body"]
       }
     },
-    async (ctx2, token, params) => createReviewComment(ctx2, token, params)
+    async (params, runCtx) => {
+      const { owner, repo, pull_number, commit_id, path: path2, line, body } = params;
+      const companyId = runCtx.companyId;
+      if (!companyId) return { error: "No company context" };
+      await githubFetch(ctx, companyId, `/repos/${owner}/${repo}/pulls/${pull_number}/comments`, {
+        method: "POST",
+        body: { commit_id, path: path2, line, body, side: "RIGHT" }
+      });
+      return { content: `Comment added to ${path2}:${line}` };
+    }
   );
-  wrap(
+  ctx.tools.register(
     "github_submit_pr_review",
     {
-      displayName: "Submit PR review",
-      description: "Submits a pull request review with APPROVE, REQUEST_CHANGES, or COMMENT.",
+      displayName: "Submit PR Review",
+      description: "Submit a pull request review with a verdict",
       parametersSchema: {
-        ...ownerRepoSchema,
-        properties: {
-          ...ownerRepoSchema.properties,
-          pr_number: { type: "integer" },
-          event: {
-            type: "string",
-            enum: ["APPROVE", "REQUEST_CHANGES", "COMMENT"],
-            description: "Review verdict"
-          },
-          body: { type: "string", description: "Summary comment for the review" }
-        },
-        required: ["owner", "repo", "pr_number", "event", "body"]
-      }
-    },
-    async (ctx2, token, params) => submitPrReview(ctx2, token, params)
-  );
-  wrap(
-    "github_read_file_content",
-    {
-      displayName: "Read repository file",
-      description: "Reads full file content from a repository at an optional ref (branch or SHA).",
-      parametersSchema: {
-        ...ownerRepoSchema,
+        type: "object",
         properties: {
-          ...ownerRepoSchema.properties,
-          path: { type: "string", description: "Path to the file" },
-          ref: { type: "string", description: "Branch name or commit SHA (optional)" }
+          owner: { type: "string" },
+          repo: { type: "string" },
+          pull_number: { type: "number" },
+          event: { type: "string", enum: ["APPROVE", "REQUEST_CHANGES", "COMMENT"] },
+          body: { type: "string", description: "Review summary (markdown)" }
         },
-        required: ["owner", "repo", "path"]
+        required: ["owner", "repo", "pull_number", "event", "body"]
       }
     },
-    async (ctx2, token, params) => readFileContent(ctx2, token, params)
+    async (params, runCtx) => {
+      const { owner, repo, pull_number, event, body } = params;
+      const companyId = runCtx.companyId;
+      if (!companyId) return { error: "No company context" };
+      await githubFetch(ctx, companyId, `/repos/${owner}/${repo}/pulls/${pull_number}/reviews`, {
+        method: "POST",
+        body: { event, body }
+      });
+      return { content: `Review submitted: ${event}`, data: { event } };
+    }
   );
-  wrap(
+  ctx.tools.register(
     "github_list_repositories",
     {
-      displayName: "List GitHub repositories",
-      description: "Lists repositories for an owner/org, or the authenticated user when owner is omitted.",
-      parametersSchema: {
-        type: "object",
-        properties: {
-          owner: {
-            type: "string",
-            description: "Org or user (defaults to GITHUB_DEFAULT_OWNER or authenticated user)"
-          },
-          per_page: { type: "integer", description: "Page size (max 100)" }
-        }
-      }
+      displayName: "List Repositories",
+      description: "List tracked GitHub repositories",
+      parametersSchema: { type: "object", properties: {} }
     },
-    async (ctx2, token, params) => listRepositories(ctx2, token, params)
+    async (_params, _runCtx) => {
+      const { listRepos: listRepos2 } = await Promise.resolve().then(() => (init_queries(), queries_exports));
+      const repos = await listRepos2(ctx.db);
+      return {
+        content: repos.map((r) => `${r.fullName} (${r.language ?? "unknown"})`).join("\n"),
+        data: { repos }
+      };
+    }
   );
-  wrap(
+  ctx.tools.register(
     "github_search_issues",
     {
-      displayName: "Search GitHub issues",
-      description: "Searches issues using GitHub issue search syntax (q parameter).",
+      displayName: "Search Issues",
+      description: "Search GitHub issues and PRs using GitHub search syntax",
       parametersSchema: {
         type: "object",
         properties: {
-          q: { type: "string", description: "GitHub search query" },
-          per_page: { type: "integer", description: "Results per page (max 100)" }
+          query: { type: "string", description: "GitHub search query (e.g. 'is:open label:bug')" }
         },
-        required: ["q"]
+        required: ["query"]
       }
     },
-    async (ctx2, token, params) => searchIssues(ctx2, token, params)
+    async (params, runCtx) => {
+      const { query } = params;
+      const companyId = runCtx.companyId;
+      if (!companyId) return { error: "No company context" };
+      const { data } = await githubFetch(
+        ctx,
+        companyId,
+        `/search/issues?q=${encodeURIComponent(query)}&per_page=20`
+      );
+      const result = data;
+      const items = result.items.map((i) => ({
+        title: i.title,
+        number: i.number,
+        state: i.state,
+        html_url: i.html_url
+      }));
+      return { content: items.map((i) => `#${i.number} ${i.title} [${i.state}]`).join("\n"), data: { items } };
+    }
   );
 }
-// src/worker.ts
-var SYNC_STATE_KEY = "github.sync.cache";
-var WEBHOOK_STATE_KEY = "github.webhook.config";
-var TRACKED_REPOS_KEY = "github.tracked.repos";
-var MAX_REPOS_PER_SYNC = 5;
-var MAX_ITEMS_PER_REPO = 20;
-var workerCtx = null;
-function companyScope2(companyId) {
-  return { scopeKind: "company", scopeId: companyId };
+// src/sync/webhook-handler.ts
+init_queries();
+// src/sync/link-detector.ts
+init_queries();
+var KEY_PATTERN = /\b([A-Z][A-Z0-9]+-\d+)\b/g;
+var HASH_PATTERN = /#(\d+)\b/g;
+function extractCardIds(branch, title) {
+  const text = `${branch} ${title}`;
+  const ids = /* @__PURE__ */ new Set();
+  for (const match of text.matchAll(KEY_PATTERN)) {
+    ids.add(match[1]);
+  }
+  for (const match of text.matchAll(HASH_PATTERN)) {
+    ids.add(`#${match[1]}`);
+  }
+  return [...ids];
 }
-async function loadSyncCache(ctx, companyId) {
-  const raw = await ctx.state.get({ ...companyScope2(companyId), stateKey: SYNC_STATE_KEY });
-  return raw ?? null;
+async function detectAndLinkCards(ctx, prId, branch, title) {
+  const cardIds = extractCardIds(branch, title);
+  for (const cardId of cardIds) {
+    await linkPRToCard(ctx.db, prId, cardId, "pattern");
+  }
+  return cardIds;
 }
-async function saveSyncCache(ctx, companyId, cache) {
-  await ctx.state.set({ ...companyScope2(companyId), stateKey: SYNC_STATE_KEY }, cache);
+// src/sync/webhook-handler.ts
+async function handleGithubWebhook(ctx, input) {
+  const event = input.headers["x-github-event"];
+  const payload = input.parsedBody;
+  if (!payload || !event) {
+    ctx.logger.warn("Webhook received with missing event header or body");
+    return;
+  }
+  if (event === "pull_request") {
+    await handlePullRequestEvent(ctx, payload);
+  } else if (event === "issues") {
+    await handleIssuesEvent(ctx, payload);
+  } else {
+    ctx.logger.info(`Ignoring GitHub event: ${event}`);
+  }
 }
-async function loadWebhookConfig(ctx, companyId) {
-  const raw = await ctx.state.get({ ...companyScope2(companyId), stateKey: WEBHOOK_STATE_KEY });
-  return raw ?? null;
+async function handlePullRequestEvent(ctx, payload) {
+  const prData = payload.pull_request;
+  const repoData = payload.repository;
+  if (!prData || !repoData) return;
+  await upsertRepo(ctx.db, {
+    id: repoData.id,
+    fullName: repoData.full_name,
+    owner: repoData.owner.login,
+    name: repoData.name,
+    private: repoData.private,
+    defaultBranch: repoData.default_branch,
+    htmlUrl: repoData.html_url,
+    description: repoData.description,
+    language: repoData.language,
+    topics: repoData.topics ?? [],
+    updatedAt: repoData.updated_at
+  });
+  const merged = prData.merged;
+  const state = merged ? "merged" : prData.state;
+  const pr = {
+    id: prData.id,
+    repoId: repoData.id,
+    number: prData.number,
+    title: prData.title,
+    body: prData.body,
+    state,
+    author: prData.user.login,
+    headBranch: prData.head.ref,
+    baseBranch: prData.base.ref,
+    htmlUrl: prData.html_url,
+    draft: prData.draft,
+    mergeable: prData.mergeable,
+    mergedAt: prData.merged_at,
+    createdAt: prData.created_at,
+    updatedAt: prData.updated_at
+  };
+  await upsertPR(ctx.db, pr);
+  await detectAndLinkCards(ctx, pr.id, pr.headBranch, pr.title);
+  ctx.logger.info(`Webhook: upserted PR #${pr.number} from ${repoData.full_name}`);
 }
-async function listRepos(ctx, companyId) {
-  const checkedAt = (/* @__PURE__ */ new Date()).toISOString();
-  const token = await resolveGithubToken(ctx, companyId);
-  if (!token) {
-    return {
-      status: "degraded",
-      checkedAt,
-      message: "Configure o token GitHub em Configura\xE7\xF5es (PAT ou Secret ID)",
-      repos: []
-    };
+async function handleIssuesEvent(ctx, payload) {
+  const issueData = payload.issue;
+  const repoData = payload.repository;
+  if (!issueData || !repoData) return;
+  await upsertRepo(ctx.db, {
+    id: repoData.id,
+    fullName: repoData.full_name,
+    owner: repoData.owner.login,
+    name: repoData.name,
+    private: repoData.private,
+    defaultBranch: repoData.default_branch,
+    htmlUrl: repoData.html_url,
+    description: repoData.description,
+    language: repoData.language,
+    topics: repoData.topics ?? [],
+    updatedAt: repoData.updated_at
+  });
+  const issue = {
+    id: issueData.id,
+    repoId: repoData.id,
+    number: issueData.number,
+    title: issueData.title,
+    body: issueData.body,
+    state: issueData.state,
+    author: issueData.user.login,
+    labels: (issueData.labels ?? []).map(
+      (l) => l.name
+    ),
+    htmlUrl: issueData.html_url,
+    createdAt: issueData.created_at,
+    updatedAt: issueData.updated_at
+  };
+  await upsertIssue(ctx.db, issue);
+  ctx.logger.info(`Webhook: upserted issue #${issue.number} from ${repoData.full_name}`);
+}
+// src/sync/incremental-sync.ts
+init_queries();
+async function runIncrementalSync(ctx, companyId) {
+  const repos = await listRepos(ctx.db);
+  if (repos.length === 0) return;
+  const lastSync = await getLastSyncTime(ctx.db);
+  const since = lastSync ?? new Date(Date.now() - 24 * 60 * 60 * 1e3).toISOString();
+  const logId = await createSyncLog(ctx.db, "incremental");
+  let reposSynced = 0;
+  let prsSynced = 0;
+  let issuesSynced = 0;
+  const errors = [];
+  for (const repo of repos) {
+    try {
+      const prResult = await syncRepoPRs(ctx, companyId, repo.id, repo.fullName, since);
+      const issueResult = await syncRepoIssues(ctx, companyId, repo.id, repo.fullName, since);
+      prsSynced += prResult;
+      issuesSynced += issueResult;
+      reposSynced++;
+    } catch (err) {
+      const msg = `${repo.fullName}: ${err instanceof Error ? err.message : String(err)}`;
+      errors.push(msg);
+      ctx.logger.error(`Sync error: ${msg}`);
+    }
   }
-  const res = await githubFetch(
+  await completeSyncLog(ctx.db, logId, { reposSynced, prsSynced, issuesSynced, errors });
+  ctx.logger.info(`Incremental sync done: ${reposSynced} repos, ${prsSynced} PRs, ${issuesSynced} issues`);
+}
+async function syncRepoPRs(ctx, companyId, repoId, fullName, since) {
+  const { data, rateLimit } = await githubFetch(
     ctx,
-    token,
-    `/user/repos?per_page=30&sort=updated&affiliation=owner,organization_member`
+    companyId,
+    `/repos/${fullName}/pulls?state=all&sort=updated&direction=desc&per_page=100&since=${since}`
   );
-  if (!res.ok) {
-    return {
-      status: "error",
-      checkedAt,
-      message: `GitHub API returned ${res.status}`,
-      repos: []
+  if (!isRateLimitSafe(rateLimit)) {
+    ctx.logger.warn(`Rate limit low (${rateLimit.remaining}), skipping remaining repos`);
+  }
+  const items = data;
+  for (const item of items) {
+    const merged = item.merged_at !== null && item.merged_at !== void 0;
+    const state = merged ? "merged" : item.state;
+    const pr = {
+      id: item.id,
+      repoId,
+      number: item.number,
+      title: item.title,
+      body: item.body,
+      state,
+      author: item.user.login,
+      headBranch: item.head.ref,
+      baseBranch: item.base.ref,
+      htmlUrl: item.html_url,
+      draft: item.draft,
+      mergeable: item.mergeable,
+      mergedAt: item.merged_at,
+      createdAt: item.created_at,
+      updatedAt: item.updated_at
     };
+    await upsertPR(ctx.db, pr);
+    await detectAndLinkCards(ctx, pr.id, pr.headBranch, pr.title);
   }
-  const rows = await res.json();
-  const repos = rows.map((r) => ({
-    id: r.id,
-    fullName: r.full_name,
-    private: r.private,
-    htmlUrl: r.html_url,
-    updatedAt: r.updated_at,
-    defaultBranch: r.default_branch
-  }));
-  return { status: "ok", checkedAt, repos };
-}
-async function resolveTrackedRepos(ctx, companyId) {
-  const tracked = await ctx.state.get({ ...companyScope2(companyId), stateKey: TRACKED_REPOS_KEY });
-  if (Array.isArray(tracked) && tracked.length > 0) {
-    return tracked.filter((r) => typeof r === "string").slice(0, MAX_REPOS_PER_SYNC);
-  }
-  const reposData = await listRepos(ctx, companyId);
-  return reposData.repos.slice(0, MAX_REPOS_PER_SYNC).map((r) => r.fullName);
+  return items.length;
 }
-async function fetchPullRequestsForRepo(ctx, token, repoFullName) {
-  const { owner, repo } = parseRepoFullName(repoFullName);
-  const res = await githubFetch(
+async function syncRepoIssues(ctx, companyId, repoId, fullName, since) {
+  const { data } = await githubFetch(
     ctx,
-    token,
-    `/repos/${owner}/${repo}/pulls?state=open&per_page=${MAX_ITEMS_PER_REPO}&sort=updated&direction=desc`
+    companyId,
+    `/repos/${fullName}/issues?state=all&sort=updated&direction=desc&per_page=100&since=${since}&filter=all`
   );
-  if (!res.ok) {
-    throw new Error(`PR sync failed for ${repoFullName}: HTTP ${res.status}`);
-  }
-  const rows = await res.json();
-  return rows.map((pr) => ({
-    id: pr.id,
-    number: pr.number,
-    title: pr.title,
-    state: pr.state,
-    htmlUrl: pr.html_url,
-    repoFullName,
-    updatedAt: pr.updated_at
-  }));
-}
-async function fetchIssuesForRepo(ctx, token, repoFullName) {
-  const { owner, repo } = parseRepoFullName(repoFullName);
-  const res = await githubFetch(
-    ctx,
-    token,
-    `/repos/${owner}/${repo}/issues?state=open&per_page=${MAX_ITEMS_PER_REPO}&sort=updated&direction=desc`
+  const items = data.filter(
+    (item) => !item.pull_request
   );
-  if (!res.ok) {
-    throw new Error(`Issue sync failed for ${repoFullName}: HTTP ${res.status}`);
-  }
-  const rows = await res.json();
-  return rows.filter((row) => !row.pull_request).map((issue) => ({
-    id: issue.id,
-    number: issue.number,
-    title: issue.title,
-    state: issue.state,
-    htmlUrl: issue.html_url,
-    repoFullName,
-    updatedAt: issue.updated_at
-  }));
+  for (const item of items) {
+    const issue = {
+      id: item.id,
+      repoId,
+      number: item.number,
+      title: item.title,
+      body: item.body,
+      state: item.state,
+      author: item.user.login,
+      labels: (item.labels ?? []).map(
+        (l) => l.name
+      ),
+      htmlUrl: item.html_url,
+      createdAt: item.created_at,
+      updatedAt: item.updated_at
+    };
+    await upsertIssue(ctx.db, issue);
+  }
+  return items.length;
 }
-async function runSync(ctx, companyId, mode) {
-  const token = await resolveGithubToken(ctx, companyId);
-  if (!token) {
-    throw new Error("Configure o token GitHub em Configura\xE7\xF5es antes de sincronizar");
-  }
-  const repos = await resolveTrackedRepos(ctx, companyId);
-  const existing = await loadSyncCache(ctx, companyId) ?? {
-    syncedAt: (/* @__PURE__ */ new Date(0)).toISOString(),
-    pullRequests: [],
-    issues: [],
-    errors: []
-  };
+// src/sync/full-sync.ts
+init_queries();
+async function runFullSync(ctx, companyId) {
+  const repos = await listRepos(ctx.db);
+  if (repos.length === 0) return;
+  const logId = await createSyncLog(ctx.db, "full");
+  let reposSynced = 0;
+  let prsSynced = 0;
+  let issuesSynced = 0;
   const errors = [];
-  let pullRequests = mode === "issues" ? existing.pullRequests : [];
-  let issues = mode === "pullRequests" ? existing.issues : [];
-  for (const repoFullName of repos) {
+  for (const repo of repos) {
     try {
-      if (mode === "pullRequests" || mode === "all") {
-        pullRequests = pullRequests.concat(
-          await fetchPullRequestsForRepo(ctx, token, repoFullName)
-        );
+      const { data: repoData } = await githubFetch(ctx, companyId, `/repos/${repo.fullName}`);
+      const rd = repoData;
+      await upsertRepo(ctx.db, {
+        id: rd.id,
+        fullName: rd.full_name,
+        owner: rd.owner.login,
+        name: rd.name,
+        private: rd.private,
+        defaultBranch: rd.default_branch,
+        htmlUrl: rd.html_url,
+        description: rd.description,
+        language: rd.language,
+        topics: rd.topics ?? [],
+        updatedAt: rd.updated_at
+      });
+      const { data: prs } = await githubFetch(
+        ctx,
+        companyId,
+        `/repos/${repo.fullName}/pulls?state=open&per_page=100`
+      );
+      for (const item of prs) {
+        const pr = {
+          id: item.id,
+          repoId: repo.id,
+          number: item.number,
+          title: item.title,
+          body: item.body,
+          state: "open",
+          author: item.user.login,
+          headBranch: item.head.ref,
+          baseBranch: item.base.ref,
+          htmlUrl: item.html_url,
+          draft: item.draft,
+          mergeable: item.mergeable,
+          mergedAt: null,
+          createdAt: item.created_at,
+          updatedAt: item.updated_at
+        };
+        await upsertPR(ctx.db, pr);
+        await detectAndLinkCards(ctx, pr.id, pr.headBranch, pr.title);
+        prsSynced++;
       }
-      if (mode === "issues" || mode === "all") {
-        issues = issues.concat(await fetchIssuesForRepo(ctx, token, repoFullName));
+      const { data: issues } = await githubFetch(
+        ctx,
+        companyId,
+        `/repos/${repo.fullName}/issues?state=open&per_page=100&filter=all`
+      );
+      for (const item of issues.filter((i) => !i.pull_request)) {
+        const issue = {
+          id: item.id,
+          repoId: repo.id,
+          number: item.number,
+          title: item.title,
+          body: item.body,
+          state: item.state,
+          author: item.user.login,
+          labels: (item.labels ?? []).map((l) => l.name),
+          htmlUrl: item.html_url,
+          createdAt: item.created_at,
+          updatedAt: item.updated_at
+        };
+        await upsertIssue(ctx.db, issue);
+        issuesSynced++;
       }
+      reposSynced++;
     } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      errors.push(message);
-      ctx.logger.warn("GitHub sync repo failed", { repoFullName, message });
+      errors.push(`${repo.fullName}: ${err instanceof Error ? err.message : String(err)}`);
     }
   }
-  const cache = {
-    syncedAt: (/* @__PURE__ */ new Date()).toISOString(),
-    pullRequests: pullRequests.sort((a, b) => b.updatedAt.localeCompare(a.updatedAt)).slice(0, MAX_ITEMS_PER_REPO * MAX_REPOS_PER_SYNC),
-    issues: issues.sort((a, b) => b.updatedAt.localeCompare(a.updatedAt)).slice(0, MAX_ITEMS_PER_REPO * MAX_REPOS_PER_SYNC),
-    errors
+  await completeSyncLog(ctx.db, logId, { reposSynced, prsSynced, issuesSynced, errors });
+  ctx.logger.info(`Full sync done: ${reposSynced} repos, ${prsSynced} PRs, ${issuesSynced} issues`);
+}
+// src/review/quick-check.ts
+var SENSITIVE_PATTERNS = [
+  /\.env$/i,
+  /\.env\./i,
+  /credentials/i,
+  /secret/i,
+  /\.pem$/i,
+  /\.key$/i,
+  /password/i,
+  /token/i
+];
+var TEST_PATTERNS = [
+  /\.test\./,
+  /\.spec\./,
+  /_test\./,
+  /tests?\//,
+  /__tests__\//
+];
+async function runQuickCheck(ctx, companyId, owner, repo, pullNumber) {
+  const { data: prData } = await githubFetch(ctx, companyId, `/repos/${owner}/${repo}/pulls/${pullNumber}`);
+  const pr = prData;
+  const { data: filesData } = await githubFetch(
+    ctx,
+    companyId,
+    `/repos/${owner}/${repo}/pulls/${pullNumber}/files?per_page=100`
+  );
+  const files = filesData;
+  const filenames = files.map((f) => f.filename);
+  const hasDescription = Boolean(pr.body && pr.body.trim().length > 10);
+  const hasTests = filenames.some(
+    (f) => TEST_PATTERNS.some((pattern) => pattern.test(f))
+  );
+  const sensitiveFiles = filenames.filter(
+    (f) => SENSITIVE_PATTERNS.some((pattern) => pattern.test(f))
+  );
+  return {
+    hasDescription,
+    hasTests,
+    sensitiveFiles,
+    checkedAt: (/* @__PURE__ */ new Date()).toISOString()
   };
-  await saveSyncCache(ctx, companyId, cache);
-  return cache;
 }
-async function buildSyncOverview(ctx, companyId) {
-  const checkedAt = (/* @__PURE__ */ new Date()).toISOString();
-  const token = await resolveGithubToken(ctx, companyId);
-  const cache = await loadSyncCache(ctx, companyId);
-  if (!token) {
-    return {
-      status: "degraded",
-      checkedAt,
-      message: "Configure o token GitHub em Configura\xE7\xF5es para sincronizar PRs e issues",
-      lastSyncedAt: cache?.syncedAt ?? null,
-      pullRequestCount: cache?.pullRequests.length ?? 0,
-      issueCount: cache?.issues.length ?? 0,
-      recentPullRequests: cache?.pullRequests.slice(0, 10) ?? [],
-      recentIssues: cache?.issues.slice(0, 10) ?? [],
-      lastErrors: cache?.errors ?? []
-    };
-  }
-  if (!cache) {
-    return {
-      status: "not_synced",
-      checkedAt,
-      message: "Run sync to fetch open PRs and issues",
-      lastSyncedAt: null,
-      pullRequestCount: 0,
-      issueCount: 0,
-      recentPullRequests: [],
-      recentIssues: [],
-      lastErrors: []
+// src/graphify/graph-generator.ts
+init_queries();
+async function generateHighLevelGraph(ctx, companyId) {
+  const repos = await listRepos(ctx.db);
+  const prs = await listPRs(ctx.db, { state: "open" });
+  const nodes = repos.map((r) => ({
+    id: `repo:${r.fullName}`,
+    label: r.fullName,
+    type: "repo",
+    metadata: { language: r.language, private: r.private, defaultBranch: r.defaultBranch }
+  }));
+  const edges = [];
+  for (const pr of prs) {
+    const prNode = {
+      id: `pr:${pr.repoFullName}#${pr.number}`,
+      label: `#${pr.number}: ${pr.title}`,
+      type: "pr",
+      metadata: { state: pr.state, author: pr.author, draft: pr.draft }
     };
+    nodes.push(prNode);
+    edges.push({
+      source: prNode.id,
+      target: `repo:${pr.repoFullName}`,
+      label: `${pr.headBranch} \u2192 ${pr.baseBranch}`,
+      type: "pr_target"
+    });
   }
   return {
-    status: "ok",
-    checkedAt,
-    message: `Last sync ${cache.syncedAt}`,
-    lastSyncedAt: cache.syncedAt,
-    pullRequestCount: cache.pullRequests.length,
-    issueCount: cache.issues.length,
-    recentPullRequests: cache.pullRequests.slice(0, 10),
-    recentIssues: cache.issues.slice(0, 10),
-    lastErrors: cache.errors
+    nodes,
+    edges,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    repoFullName: "*",
+    level: "high"
   };
 }
-async function registerGithubWebhook(ctx, companyId, repoFullName, events) {
-  const token = await resolveGithubToken(ctx, companyId);
-  if (!token) {
-    throw new Error("Configure o token GitHub em Configura\xE7\xF5es antes de registrar webhooks");
-  }
-  const pluginId = ctx.manifest.id;
-  const inboundUrl = buildInboundWebhookUrl(pluginId);
-  const { owner, repo } = parseRepoFullName(repoFullName);
-  const payload = {
-    name: "web",
-    active: true,
-    events: events.length > 0 ? events : ["pull_request", "issues"],
-    config: {
-      url: inboundUrl,
-      content_type: "json",
-      insecure_ssl: "0"
+async function generateCodeGraph(ctx, companyId, repoFullName) {
+  const { data } = await githubFetch(
+    ctx,
+    companyId,
+    `/repos/${repoFullName}/git/trees/HEAD?recursive=1`
+  );
+  const tree = data.tree;
+  const nodes = [{
+    id: `repo:${repoFullName}`,
+    label: repoFullName,
+    type: "repo",
+    metadata: {}
+  }];
+  const edges = [];
+  const dirs = /* @__PURE__ */ new Set();
+  for (const entry of tree) {
+    const path2 = entry.path;
+    const type = entry.type;
+    if (type === "tree") {
+      const depth = path2.split("/").length;
+      if (depth <= 3) {
+        dirs.add(path2);
+        nodes.push({
+          id: `dir:${repoFullName}/${path2}`,
+          label: path2,
+          type: "module",
+          metadata: { depth }
+        });
+        const parentDir = path2.split("/").slice(0, -1).join("/");
+        const parentId = parentDir ? `dir:${repoFullName}/${parentDir}` : `repo:${repoFullName}`;
+        edges.push({
+          source: parentId,
+          target: `dir:${repoFullName}/${path2}`,
+          label: "contains",
+          type: "contains"
+        });
+      }
+    } else if (type === "blob") {
+      const depth = path2.split("/").length;
+      if (depth <= 2 || /\.(json|ya?ml|toml|lock)$/.test(path2)) {
+        nodes.push({
+          id: `file:${repoFullName}/${path2}`,
+          label: path2.split("/").pop(),
+          type: "file",
+          metadata: { path: path2, size: entry.size }
+        });
+        const parentDir = path2.split("/").slice(0, -1).join("/");
+        const parentId = parentDir ? `dir:${repoFullName}/${parentDir}` : `repo:${repoFullName}`;
+        edges.push({
+          source: parentId,
+          target: `file:${repoFullName}/${path2}`,
+          label: "contains",
+          type: "contains"
+        });
+      }
     }
-  };
-  const res = await githubFetch(ctx, token, `/repos/${owner}/${repo}/hooks`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify(payload)
-  });
-  if (!res.ok) {
-    const body = await res.text();
-    throw new Error(`GitHub webhook registration failed (${res.status}): ${body}`);
   }
-  const hook = await res.json();
-  const config = {
+  return {
+    nodes,
+    edges,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
     repoFullName,
-    events: payload.events,
-    hookId: hook.id,
-    configuredAt: (/* @__PURE__ */ new Date()).toISOString(),
-    inboundUrl
+    level: "code"
   };
-  await ctx.state.set({ ...companyScope2(companyId), stateKey: WEBHOOK_STATE_KEY }, config);
-  return config;
-}
-function requireCompanyId(input) {
-  const companyId = input?.companyId;
-  if (!companyId) {
-    throw new Error("companyId is required");
-  }
-  return companyId;
-}
-async function handleGithubWebhook(input) {
-  const ctx = workerCtx;
-  if (!ctx) {
-    return;
-  }
-  if (input.endpointKey !== GITHUB_WEBHOOK_ENDPOINT) {
-    return;
-  }
-  const payload = input.parsedBody ?? {};
-  const repoFullName = payload.repository?.full_name;
-  if (!repoFullName) {
-    return;
-  }
-  const companies = await ctx.companies.list();
-  for (const company of companies) {
-    const webhook = await loadWebhookConfig(ctx, company.id);
-    if (!webhook || webhook.repoFullName !== repoFullName) {
-      continue;
-    }
-    try {
-      await runSync(ctx, company.id, "all");
-      ctx.logger.info("GitHub webhook triggered sync", {
-        companyId: company.id,
-        repoFullName,
-        action: payload.action ?? "unknown",
-        requestId: input.requestId
-      });
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      ctx.logger.warn("GitHub webhook sync failed", { companyId: company.id, message });
-    }
-  }
 }
+// src/worker.ts
+init_queries();
+var pluginCtx = null;
 var plugin = definePlugin({
   async setup(ctx) {
-    workerCtx = ctx;
-    registerGithubReviewTools(ctx);
-    ctx.events.on("issue.created", async (event) => {
-      const issueId = event.entityId ?? "unknown";
-      await ctx.state.set({ scopeKind: "issue", scopeId: issueId, stateKey: "seen" }, true);
-      ctx.logger.info("GitHub plugin observed issue.created", { issueId });
-    });
-    ctx.data.register("health", async ({ companyId }) => {
-      if (!companyId) {
-        throw new Error("companyId is required");
-      }
-      const cid = String(companyId);
-      const auth = await getGithubAuthStatus(ctx, cid);
-      const token = await resolveGithubToken(ctx, cid);
-      if (!token) {
-        return {
-          status: "degraded",
-          checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          message: auth.mode === "secret-ref" ? "Secret ID salvo, mas o Paperclip ainda n\xE3o resolve secret refs em plugins \u2014 cole o PAT abaixo ou aguarde PAP-2394" : "Cole um Personal Access Token (PAT) em Configura\xE7\xF5es e clique em Salvar",
-          auth
-        };
-      }
-      const res = await githubFetch(ctx, token, "/user");
-      if (!res.ok) {
-        return {
-          status: "error",
-          checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          message: `GitHub API retornou ${res.status} \u2014 verifique escopos do PAT`,
-          auth
-        };
+    pluginCtx = ctx;
+    ctx.logger.info("GitHub Manager v2 starting");
+    registerReviewTools(ctx);
+    ctx.jobs.register("sync-github", async (job) => {
+      ctx.logger.info("Running scheduled incremental sync");
+      const companies = await ctx.companies.list();
+      for (const company of companies) {
+        try {
+          await runIncrementalSync(ctx, company.id);
+        } catch (err) {
+          ctx.logger.error(`Sync failed for company ${company.id}: ${err}`);
+        }
       }
-      const user = await res.json();
-      return {
-        status: "ok",
-        checkedAt: (/* @__PURE__ */ new Date()).toISOString(),
-        login: user.login ?? "unknown",
-        auth
-      };
     });
     ctx.data.register("repos", async ({ companyId }) => {
-      if (!companyId) {
-        throw new Error("companyId is required");
-      }
-      return listRepos(ctx, String(companyId));
-    });
-    ctx.data.register("syncOverview", async ({ companyId }) => {
-      if (!companyId) {
-        throw new Error("companyId is required");
-      }
-      return buildSyncOverview(ctx, String(companyId));
-    });
-    ctx.data.register("webhookConfig", async ({ companyId }) => {
-      if (!companyId) {
-        throw new Error("companyId is required");
-      }
-      const config = await loadWebhookConfig(ctx, String(companyId));
+      const repos = await listRepos(ctx.db);
+      const lastSync = await getLastSyncTime(ctx.db);
+      return { repos, lastSync };
+    });
+    ctx.data.register("pull-requests", async ({ companyId, filters }) => {
+      const f = filters;
+      const prs = await listPRs(ctx.db, f);
+      return { pullRequests: prs };
+    });
+    ctx.data.register("card-prs", async ({ companyId, issueId }) => {
+      const prs = await getLinksForCard(ctx.db, issueId);
+      return { pullRequests: prs };
+    });
+    ctx.data.register("sync-status", async () => {
+      const lastSync = await getLastSyncTime(ctx.db);
+      const repos = await listRepos(ctx.db);
+      const openPRs = await listPRs(ctx.db, { state: "open" });
       return {
-        configured: Boolean(config),
-        config,
-        inboundUrl: buildInboundWebhookUrl(ctx.manifest.id)
+        lastSync,
+        repoCount: repos.length,
+        openPRCount: openPRs.length
       };
     });
-    ctx.actions.register("ping", async () => {
-      return { pong: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-    });
-    ctx.actions.register("saveGithubToken", async (input) => {
-      const companyId = requireCompanyId(input);
-      const token = input?.token;
-      if (typeof token !== "string") {
-        throw new Error("token is required");
-      }
-      await saveGithubPat(ctx, companyId, token);
-      return { saved: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-    });
-    ctx.actions.register("saveGithubSecretRef", async (input) => {
-      const companyId = requireCompanyId(input);
-      const secretRef = input?.secretRef;
-      if (typeof secretRef !== "string") {
-        throw new Error("secretRef is required");
+    ctx.data.register("graph-data", async ({ companyId, repoFullName, level }) => {
+      if (level === "high") {
+        return await generateHighLevelGraph(ctx, companyId);
       }
-      await saveGithubSecretRef(ctx, companyId, secretRef);
-      return { saved: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-    });
-    ctx.actions.register("clearGithubAuth", async (input) => {
-      const companyId = requireCompanyId(input);
-      await clearGithubAuth(ctx, companyId);
-      return { cleared: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-    });
-    ctx.actions.register("setTrackedRepos", async (input) => {
-      const companyId = requireCompanyId(input);
-      const repos = input?.repos;
-      if (!Array.isArray(repos)) {
-        throw new Error("repos array is required");
-      }
-      const normalized = repos.filter((r) => typeof r === "string" && r.includes("/")).slice(0, MAX_REPOS_PER_SYNC);
-      await ctx.state.set({ ...companyScope2(companyId), stateKey: TRACKED_REPOS_KEY }, normalized);
-      return { saved: true, repos: normalized, at: (/* @__PURE__ */ new Date()).toISOString() };
+      return await generateCodeGraph(ctx, companyId, repoFullName);
     });
-    ctx.actions.register("syncPullRequests", async (input) => {
-      const companyId = requireCompanyId(input);
-      const cache = await runSync(ctx, companyId, "pullRequests");
-      return {
-        syncedAt: cache.syncedAt,
-        pullRequestCount: cache.pullRequests.length,
-        errors: cache.errors
-      };
+    ctx.data.register("available-agents", async ({ companyId }) => {
+      const agents = await ctx.agents.list({ companyId });
+      return { agents };
     });
-    ctx.actions.register("syncIssues", async (input) => {
-      const companyId = requireCompanyId(input);
-      const cache = await runSync(ctx, companyId, "issues");
-      return {
-        syncedAt: cache.syncedAt,
-        issueCount: cache.issues.length,
-        errors: cache.errors
-      };
+    ctx.actions.register("save-token", async ({ companyId, token }) => {
+      await saveGithubPAT(ctx, companyId, token);
+      return { ok: true };
     });
-    ctx.actions.register("syncAll", async (input) => {
-      const companyId = requireCompanyId(input);
-      const cache = await runSync(ctx, companyId, "all");
-      return {
-        syncedAt: cache.syncedAt,
-        pullRequestCount: cache.pullRequests.length,
-        issueCount: cache.issues.length,
-        errors: cache.errors
-      };
+    ctx.actions.register("save-secret-ref", async ({ companyId, secretRef }) => {
+      await saveGithubSecretRef(ctx, companyId, secretRef);
+      return { ok: true };
     });
-    ctx.actions.register("configureWebhook", async (input) => {
-      const companyId = requireCompanyId(input);
-      const repoFullName = input?.repoFullName;
-      const events = input?.events ?? ["pull_request", "issues"];
-      if (!repoFullName) {
-        throw new Error("repoFullName is required");
+    ctx.actions.register("test-connection", async ({ companyId }) => {
+      try {
+        const token = await resolveGithubToken(ctx, companyId);
+        const { data } = await githubFetch(ctx, companyId, "/user");
+        const user = data;
+        return { ok: true, login: user.login };
+      } catch (err) {
+        return { ok: false, error: err instanceof Error ? err.message : String(err) };
       }
-      const config = await registerGithubWebhook(ctx, companyId, repoFullName, events);
-      return { saved: true, config };
     });
-    ctx.jobs.register("sync-github", async (job) => {
-      const companies = await ctx.companies.list();
-      for (const company of companies) {
-        try {
-          await runSync(ctx, company.id, "all");
-          ctx.logger.info("Scheduled GitHub sync completed", {
-            companyId: company.id,
-            runId: job.runId
-          });
-        } catch (err) {
-          const message = err instanceof Error ? err.message : String(err);
-          ctx.logger.warn("Scheduled GitHub sync skipped", { companyId: company.id, message });
+    ctx.actions.register("add-repo", async ({ companyId, fullName }) => {
+      const { data } = await githubFetch(ctx, companyId, `/repos/${fullName}`);
+      const rd = data;
+      await upsertRepo(ctx.db, {
+        id: rd.id,
+        fullName: rd.full_name,
+        owner: rd.owner.login,
+        name: rd.name,
+        private: rd.private,
+        defaultBranch: rd.default_branch,
+        htmlUrl: rd.html_url,
+        description: rd.description,
+        language: rd.language,
+        topics: rd.topics ?? [],
+        updatedAt: rd.updated_at
+      });
+      return { ok: true };
+    });
+    ctx.actions.register("sync-all", async ({ companyId }) => {
+      await runFullSync(ctx, companyId);
+      return { ok: true };
+    });
+    ctx.actions.register("sync-incremental", async ({ companyId }) => {
+      await runIncrementalSync(ctx, companyId);
+      return { ok: true };
+    });
+    ctx.actions.register("link-pr-to-card", async ({ prId, issueId }) => {
+      await linkPRToCard(ctx.db, prId, issueId, "manual");
+      return { ok: true };
+    });
+    ctx.actions.register("request-review", async ({ companyId, prId, repoFullName, prNumber, agentId }) => {
+      const repo = await getRepoByFullName(ctx.db, repoFullName);
+      if (!repo) throw new Error(`Repo ${repoFullName} not found`);
+      const [owner, repoName] = repoFullName.split("/");
+      await ctx.agents.invoke(
+        agentId,
+        companyId,
+        {
+          prompt: `Please review PR #${prNumber} in ${repoFullName}. Use the github_get_pull_request_diff tool with owner="${owner}", repo="${repoName}", pull_number=${prNumber} to get the diff, then provide a thorough code review. Post your findings as inline comments using github_create_review_comment and submit your final verdict using github_submit_pr_review.`
         }
+      );
+      return { ok: true };
+    });
+    ctx.actions.register("run-quick-check", async ({ companyId, repoFullName, prNumber }) => {
+      const [owner, repo] = repoFullName.split("/");
+      const result = await runQuickCheck(ctx, companyId, owner, repo, prNumber);
+      return result;
+    });
+    ctx.actions.register("generate-graph", async ({ companyId, repoFullName, level }) => {
+      if (level === "high") {
+        return await generateHighLevelGraph(ctx, companyId);
       }
+      return await generateCodeGraph(ctx, companyId, repoFullName);
+    });
+    ctx.events.on("company.created", async (event) => {
+      await ctx.agents.managed.reconcile("github-reviewer", event.companyId);
     });
   },
   async onHealth() {
-    return { status: "ok", message: "GitHub Manager worker is running" };
+    return { status: "ok", message: "GitHub Manager v2 running" };
   },
   async onWebhook(input) {
-    await handleGithubWebhook(input);
+    if (!pluginCtx) throw new Error("Plugin not initialized");
+    await handleGithubWebhook(pluginCtx, input);
+  },
+  async onShutdown() {
+    pluginCtx = null;
   }
 });
 var worker_default = plugin;