@gethmy/agent 1.12.0 → 1.13.0

package/dist/cli.js

@@ -1158,6 +1158,294 @@ var TAG3 = "http";
 var init_http_server = __esm(() => {
   init_log();
 });
+// ../harmony-shared/dist/branchRef.js
+var BRANCH_REF_PATTERN, SAFE_GIT_REF_PATTERN;
+var init_branchRef = __esm(() => {
+  BRANCH_REF_PATTERN = /Branch:\s*`([^`]+)`/;
+  SAFE_GIT_REF_PATTERN = /^[a-zA-Z0-9/_.-]+$/;
+});
+
+// ../harmony-shared/dist/cardLinks.js
+var init_cardLinks = () => {};
+// ../harmony-shared/dist/classification.js
+function escalateTier(tier) {
+  const i = MODEL_TIERS.indexOf(tier);
+  return MODEL_TIERS[Math.min(i + 1, MODEL_TIERS.length - 1)];
+}
+function isModelTier(v) {
+  return typeof v === "string" && MODEL_TIERS.includes(v);
+}
+var MODEL_TIERS;
+var init_classification = __esm(() => {
+  MODEL_TIERS = ["simple", "advanced", "research"];
+});
+
+// ../harmony-shared/dist/commentSerializer.js
+function sanitizeHeaderField(value) {
+  return value.replace(/[\]\r\n|<>]/g, " ").trim() || "—";
+}
+function authorLabel(c) {
+  if (c.author_type === "agent")
+    return "AI agent";
+  const raw = c.author?.full_name || "teammate";
+  return sanitizeHeaderField(raw);
+}
+function criticalIds(comments) {
+  const keep = new Set;
+  for (const c of comments) {
+    if (c.comment_type === "decision")
+      keep.add(c.id);
+    if (c.supersedes_id) {
+      keep.add(c.id);
+      keep.add(c.supersedes_id);
+    }
+    if (c.confirms_id) {
+      keep.add(c.id);
+      keep.add(c.confirms_id);
+    }
+  }
+  return keep;
+}
+function serializeCommentThread(comments, options = {}) {
+  const { heading = "Conversation", includeInstructions = true, activity = [], maxComments } = options;
+  const visible = comments.filter((c) => !c.deleted_at).slice().sort((a, b) => a.created_at.localeCompare(b.created_at));
+  if (visible.length === 0)
+    return "";
+  const indexById = new Map;
+  visible.forEach((c, i) => {
+    indexById.set(c.id, i + 1);
+  });
+  let rendered = visible;
+  let elidedCount = 0;
+  if (maxComments && visible.length > maxComments) {
+    const keep = criticalIds(visible);
+    const recentThreshold = visible.length - maxComments;
+    rendered = visible.filter((c, i) => i >= recentThreshold || keep.has(c.id));
+    elidedCount = visible.length - rendered.length;
+  }
+  const ref = (id) => {
+    const n = indexById.get(id);
+    return n ? `#${n}` : `#${id.slice(0, 8)}`;
+  };
+  const lines = [];
+  if (elidedCount > 0) {
+    lines.push({
+      at: visible[0]?.created_at ?? "",
+      text: `(${elidedCount} earlier comment(s) omitted for brevity)`
+    });
+  }
+  for (const c of rendered) {
+    const tags = [];
+    if (c.edited_at)
+      tags.push("edited");
+    if (c.supersedes_id)
+      tags.push(`supersedes ${ref(c.supersedes_id)}`);
+    if (c.confirms_id)
+      tags.push(`confirms ${ref(c.confirms_id)}`);
+    if (c.resolved_at)
+      tags.push("resolved");
+    const tagStr = tags.length ? ` | ${tags.join(" | ")}` : "";
+    const header = `[${sanitizeHeaderField(ref(c.id))} | ${sanitizeHeaderField(c.author_type)} | ${authorLabel(c)} | ${sanitizeHeaderField(c.comment_type)} | ${sanitizeHeaderField(c.created_at)}${tagStr}]`;
+    const fencedBody = c.body.trim().replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+    lines.push({
+      at: c.created_at,
+      text: `${header}
+<comment-body>
+${fencedBody}
+</comment-body>`
+    });
+  }
+  for (const a of activity) {
+    const actor = a.actor ? `${a.actor} ` : "";
+    lines.push({ at: a.at, text: `· (system) ${a.at} — ${actor}${a.text}` });
+  }
+  lines.sort((a, b) => a.at.localeCompare(b.at));
+  const body = lines.map((l) => l.text).join(`
+
+`);
+  const instruction = includeInstructions ? `
+
+${CONFLICT_INSTRUCTION}` : "";
+  return `## ${heading} (oldest → newest)
+
+${body}${instruction}`;
+}
+var CONFLICT_INSTRUCTION;
+var init_commentSerializer = __esm(() => {
+  CONFLICT_INSTRUCTION = "When two comments conflict, prefer the latest created_at, UNLESS a later " + "comment explicitly confirms or restates the earlier finding. Evaluate " + "substance, not just recency. Cite the comment id(s) you relied on.";
+});
+
+// ../harmony-shared/dist/constants.js
+var TIMINGS;
+var init_constants = __esm(() => {
+  TIMINGS = {
+    SEARCH_DEBOUNCE: 300,
+    AUTOSAVE_DEBOUNCE: 1000,
+    TOAST_DURATION: 3000,
+    QUERY_STALE_TIME: 1000 * 60 * 5,
+    QUERY_GC_TIME: 1000 * 60 * 60 * 24
+  };
+});
+// ../harmony-shared/dist/logger.js
+var init_logger = () => {};
+// ../harmony-shared/dist/projectTemplates.js
+var init_projectTemplates = () => {};
+
+// ../harmony-shared/dist/reviewMethodology.js
+var REVIEW_SYSTEM_PROMPT = `You are a senior code reviewer. Follow this two-pass methodology strictly.
+Report findings; do NOT fix them. This is a read-only review.
+
+Review the diff through five lenses on every pass: functionality, security,
+performance, code quality, and best practices. For every finding, set
+\`relatedToDiff\`: true when the change under review introduced or exposed it,
+false when it is a pre-existing issue you happened to notice. Only diff-caused
+findings gate the verdict — pre-existing ones are reported for context and never
+block.
+
+## Two-Pass Review
+
+### Pass 1 — CRITICAL (highest severity)
+
+**SQL & Data Safety**
+- String interpolation in SQL — use parameterized queries / prepared statements
+- TOCTOU races: check-then-set patterns that should be atomic WHERE + UPDATE
+
+**Race Conditions & Concurrency**
+- Read-check-write without uniqueness constraint or duplicate key handling
+- Status transitions without atomic WHERE old_status UPDATE SET new_status
+- Unsafe HTML rendering (dangerouslySetInnerHTML, v-html) on user-controlled data (XSS)
+
+**Security & Access Control**
+- Hardcoded secrets, API keys, or credentials committed to source
+- New endpoints, mutations, or service-role/RLS-exempt queries missing an auth or ownership check
+- Over-broad CORS, missing input validation on a trust boundary, injection beyond SQL (command, path, template)
+
+**LLM Output Trust Boundary**
+- LLM-generated values written to DB without format validation (EMAIL_REGEXP, URI.parse, .trim())
+- Structured tool output accepted without type/shape checks before database writes
+
+**Enum & Value Completeness**
+- When the diff introduces a new enum/status/type value, trace it through every consumer
+- Check allowlists, filter arrays, and case/if-elsif chains for the new value
+- Use Grep to find all references to sibling values and Read each match — look OUTSIDE the diff
+
+### Pass 2 — INFORMATIONAL (lower severity)
+
+**Functionality & Edge Cases**
+- Logic errors, off-by-one, unhandled null/undefined, wrong API or library usage
+- Conditional side effects: code paths that branch but forget a side effect on one branch (e.g., promoting without attaching URL)
+
+**Performance**
+- O(n²) algorithms and O(n*m) lookups (Array.find in a loop instead of a Map/index)
+- N+1 queries, unbounded fetches missing pagination, repeated work that should be cached/memoized
+- Unnecessary React re-renders (unstable props/deps, inline object/array literals); leaked subscriptions, timers, or listeners
+- Inline styles re-parsed every render
+
+**Code Quality**
+- Dead code: variables assigned but never read, unreachable branches
+- Duplication that should be extracted, over-long functions, unclear naming
+- \`any\` / unchecked casts that defeat the type system
+- Comments/docstrings describing old behavior after code changed
+
+**Best Practices & Conventions**
+- Deviations from established project conventions and framework idioms / anti-patterns
+- React hook dependency arrays that are wrong, missing, or over-broad
+- Accessibility gaps on new UI: missing labels, roles, alt text, or keyboard paths
+
+**Test Gaps**
+- Missing negative-path tests for new error handling
+- Security enforcement features without integration tests
+
+**Completeness Gaps**
+- Partial enum handling, incomplete error paths, missing edge cases that are straightforward to add
+
+## Severity Classification
+
+- **critical**: SQL safety, race conditions, XSS, secrets/auth/injection holes, LLM trust boundary violations, enum completeness gaps causing runtime errors
+- **major**: Missing requirements, broken functionality, significant completeness gaps, conditional side effects, performance regressions on a hot path
+- **minor**: Dead code, stale comments, test gaps, naming/duplication, minor view issues, cosmetic completeness gaps
+
+## Suppressions — DO NOT flag these
+
+- Redundancy that aids readability (e.g., present? redundant with length > 20)
+- "Add a comment explaining why this threshold was chosen" — thresholds change, comments rot
+- Consistency-only changes (wrapping a value to match how another constant is guarded)
+- Regex edge cases when input is constrained and the edge case never occurs in practice
+- Eval threshold changes — these are tuned empirically
+- Harmless no-ops (e.g., .reject on an element never in the array)
+- Pre-existing issues unrelated to the diff, beyond a single noted finding (set relatedToDiff:false; never block on them)
+- ANYTHING already addressed in the diff you are reviewing — read the FULL diff before flagging`, REVIEW_ACCEPTANCE_CHECKS = `## Acceptance Checks
+
+Before judging code quality, verify the change actually satisfies the card.
+Derive one acceptance check per concrete requirement in the card description and
+one per subtask (the stated acceptance criteria). For each, assign a status from
+hard evidence — cite the file:line you read or the dev-server behaviour you
+observed that proves it:
+
+- **pass** — implemented and verified by code you read or behaviour you observed
+- **partial** — started but incomplete (a missing branch, an edge case, or one of several bundled requirements)
+- **fail** — required but absent, or implemented incorrectly
+- **unverifiable** — cannot be confirmed from the diff or a running app (state why)
+
+Do NOT mark a check "pass" on the implementing agent's say-so or a subtask's
+checkbox alone — only on evidence you found yourself. Any \`fail\` or \`partial\`
+check is an unaddressed requirement and forces a rejected verdict.`, QA_VISUAL_CHECKLIST = `## Visual QA Checklist
+
+For each page affected by the changes:
+
+1. **Visual scan** — Screenshot the page. Check for layout breaks, broken images, alignment issues, z-index problems.
+2. **Interactive elements** — Click every button, link, and control. Does each do what it says?
+3. **Forms** — Fill and submit. Test empty submission, invalid data, edge cases.
+4. **Navigation** — Check all paths in/out. Breadcrumbs, back button, deep links.
+5. **States** — Check empty state, loading state, error state, overflow state.
+6. **Console** — Check for JS exceptions, failed network requests (4xx/5xx), CORS errors after interactions.
+7. **Responsiveness** — If the change is visual, check mobile viewport (375px).
+
+### SPA-Specific (React/Vite)
+- Use snapshot for navigation — client-side routes may not appear in link lists.
+- Check for stale state: navigate away and back — does data refresh correctly?
+- Test browser back/forward — does the app handle history correctly?
+- Watch for hydration errors or layout shifts after dynamic content loads.`, REVIEW_VERDICT_SCHEMA = `{
+  "verdict": "approved" | "rejected",
+  "summary": "Brief overall assessment",
+  "scopeCheck": {
+    "status": "clean" | "drift" | "missing",
+    "notes": "Optional explanation of scope issues"
+  },
+  "acceptanceChecks": [
+    {
+      "criterion": "The requirement or subtask being verified",
+      "status": "pass" | "partial" | "fail" | "unverifiable",
+      "evidence": "file:line or observed behaviour that proves the status"
+    }
+  ],
+  "findings": [
+    {
+      "severity": "critical" | "major" | "minor",
+      "category": "sql-safety | race-condition | security | llm-trust | enum-completeness | functional | performance | code-quality | best-practices | accessibility | visual | ux | console | scope | other",
+      "title": "Short title",
+      "description": "Detailed description of the issue",
+      "location": "file:line (if applicable)",
+      "relatedToDiff": true
+    }
+  ]
+}`, REVIEW_DECISION_RULES = `Counting only findings with \`relatedToDiff: true\`:
+- **rejected**: Any acceptance check that is \`fail\` or \`partial\`, any \`critical\` finding, unaddressed requirements, or 2+ \`major\` findings.
+- **approved**: Every acceptance check \`pass\` (or \`unverifiable\` with a stated reason), no critical findings, at most 1 major finding; minor findings OK.`;
+// ../harmony-shared/dist/types.js
+var init_types2 = () => {};
+
+// ../harmony-shared/dist/index.js
+var init_dist = __esm(() => {
+  init_branchRef();
+  init_cardLinks();
+  init_classification();
+  init_commentSerializer();
+  init_constants();
+  init_logger();
+  init_projectTemplates();
+  init_types2();
+});
 
 // src/pm.ts
 import { execFileSync as execFileSync2 } from "node:child_process";
@@ -1419,9 +1707,8 @@ function checkoutExistingBranch(basePath, branchName) {
 function extractBranchFromDescription(description) {
   if (!description)
     return null;
-  const match = description.match(/Branch:\s*`([^`]+)`/);
-  const branch = match?.[1] ?? null;
-  if (branch && !/^[a-zA-Z0-9/_.-]+$/.test(branch)) {
+  const branch = description.match(BRANCH_REF_PATTERN)?.[1] ?? null;
+  if (branch && !SAFE_GIT_REF_PATTERN.test(branch)) {
     log.warn(TAG6, `Extracted branch name contains unsafe characters: ${branch}`);
     return null;
   }
@@ -1429,6 +1716,7 @@ function extractBranchFromDescription(description) {
 }
 var TAG6 = "review-worktree";
 var init_review_worktree = __esm(() => {
+  init_dist();
   init_log();
   init_pm();
   init_worktree();
@@ -3375,6 +3663,22 @@ function buildFindingComments(findings) {
     bodies.push(current);
   return bodies;
 }
+function acceptanceSummaryLine(checks) {
+  if (!checks || checks.length === 0)
+    return "";
+  const counts = { pass: 0, partial: 0, fail: 0, unverifiable: 0 };
+  for (const c of checks)
+    counts[c.status]++;
+  const flagged = [];
+  if (counts.fail)
+    flagged.push(`${counts.fail} fail`);
+  if (counts.partial)
+    flagged.push(`${counts.partial} partial`);
+  if (counts.unverifiable)
+    flagged.push(`${counts.unverifiable} unverifiable`);
+  const detail = flagged.length ? ` (${flagged.join(", ")})` : "";
+  return `Acceptance: ${counts.pass}/${checks.length} pass${detail}`;
+}
 function tailRunLog(path, bytes = RUN_LOG_TAIL_BYTES) {
   try {
     const size = statSync(path).size;
@@ -3388,14 +3692,32 @@ function tailRunLog(path, bytes = RUN_LOG_TAIL_BYTES) {
   }
 }
 function extractResult(parsed) {
-  const verdict = parsed.verdict === "approved" || parsed.verdict === "rejected" ? parsed.verdict : "rejected";
+  let verdict = parsed.verdict === "approved" || parsed.verdict === "rejected" ? parsed.verdict : "rejected";
   const findings = Array.isArray(parsed.findings) ? parsed.findings.filter((f) => typeof f === "object" && f !== null && ("title" in f)).map((f) => ({
     severity: f.severity === "critical" ? "critical" : f.severity === "minor" ? "minor" : "major",
     title: String(f.title ?? "Untitled finding"),
     description: String(f.description ?? ""),
     category: f.category ? String(f.category) : undefined,
-    location: f.location ? String(f.location) : undefined
+    location: f.location ? String(f.location) : undefined,
+    relatedToDiff: f.relatedToDiff !== false
   })) : [];
+  const acceptanceChecks = Array.isArray(parsed.acceptanceChecks) ? parsed.acceptanceChecks.filter((c) => typeof c === "object" && c !== null && ("criterion" in c)).map((c) => ({
+    criterion: String(c.criterion ?? "Unnamed criterion"),
+    status: ["pass", "partial", "fail", "unverifiable"].includes(c.status) ? c.status : "unverifiable",
+    evidence: c.evidence ? String(c.evidence) : undefined
+  })) : undefined;
+  const unmet = (acceptanceChecks ?? []).filter((c) => c.status === "fail" || c.status === "partial");
+  if (verdict === "approved" && unmet.length > 0) {
+    verdict = "rejected";
+    findings.unshift({
+      severity: "major",
+      title: `Unmet acceptance criteria (${unmet.length})`,
+      description: unmet.map((c) => `- [${c.status}] ${c.criterion}${c.evidence ? ` — ${c.evidence}` : ""}`).join(`
+`),
+      category: "scope",
+      relatedToDiff: true
+    });
+  }
   const scopeCheck = parsed.scopeCheck && typeof parsed.scopeCheck === "object" && "status" in parsed.scopeCheck ? {
     status: ["clean", "drift", "missing"].includes(parsed.scopeCheck.status) ? parsed.scopeCheck.status : "clean",
     notes: parsed.scopeCheck.notes ? String(parsed.scopeCheck.notes) : undefined
@@ -3404,6 +3726,7 @@ function extractResult(parsed) {
     verdict,
     summary: String(parsed.summary ?? "").slice(0, 2000),
     scopeCheck,
+    acceptanceChecks,
     findings
   };
 }
@@ -3577,6 +3900,7 @@ ${runLogTail}
       const body = [
         "**Review — approved.**",
         result.summary || "",
+        acceptanceSummaryLine(result.acceptanceChecks),
         scopeLine,
         result.findings.length > 0 ? `${result.findings.length} minor finding(s) noted.` : "",
         prUrl ? `PR: ${prUrl}` : ""
@@ -3592,10 +3916,11 @@ ${runLogTail}
     });
     log.info(TAG17, `#${card.short_id} approved${prUrl ? ` — PR: ${prUrl}` : ""} — labeled "${config.review.approvedLabel}"`);
   } else {
-    const criticalFindings = result.findings.filter((f) => f.severity === "critical").slice(0, MAX_FINDINGS);
-    const majorFindings = result.findings.filter((f) => f.severity === "major").slice(0, MAX_FINDINGS);
+    const reworkFindings = result.findings.filter((f) => f.relatedToDiff !== false);
+    const criticalFindings = reworkFindings.filter((f) => f.severity === "critical").slice(0, MAX_FINDINGS);
+    const majorFindings = reworkFindings.filter((f) => f.severity === "major").slice(0, MAX_FINDINGS);
     const linkedFindings = [...criticalFindings, ...majorFindings];
-    const minorFindings = result.findings.filter((f) => f.severity === "minor").slice(0, MAX_FINDINGS);
+    const minorFindings = reworkFindings.filter((f) => f.severity === "minor").slice(0, MAX_FINDINGS);
     if (currentCycle >= maxCycles) {
       log.warn(TAG17, `#${card.short_id} reached max review cycles (${maxCycles}), moving to Done with note`);
       await moveCardToColumn(client, card, config.review.moveToColumn);
@@ -3663,6 +3988,7 @@ ${runLogTail}
       const body = [
         "**Review — rejected.**",
         result.summary || "",
+        acceptanceSummaryLine(result.acceptanceChecks),
         scopeLine,
         `${criticalFindings.length} critical, ${majorFindings.length} major, ${minorFindings.length} minor finding(s).`
       ].filter(Boolean).join(`
@@ -3734,239 +4060,6 @@ var init_review_completion = __esm(() => {
   init_types();
   init_worktree();
 });
-// ../harmony-shared/dist/cardLinks.js
-var init_cardLinks = () => {};
-// ../harmony-shared/dist/classification.js
-function escalateTier(tier) {
-  const i = MODEL_TIERS.indexOf(tier);
-  return MODEL_TIERS[Math.min(i + 1, MODEL_TIERS.length - 1)];
-}
-function isModelTier(v) {
-  return typeof v === "string" && MODEL_TIERS.includes(v);
-}
-var MODEL_TIERS;
-var init_classification = __esm(() => {
-  MODEL_TIERS = ["simple", "advanced", "research"];
-});
-
-// ../harmony-shared/dist/commentSerializer.js
-function sanitizeHeaderField(value) {
-  return value.replace(/[\]\r\n|<>]/g, " ").trim() || "—";
-}
-function authorLabel(c) {
-  if (c.author_type === "agent")
-    return "AI agent";
-  const raw = c.author?.full_name || "teammate";
-  return sanitizeHeaderField(raw);
-}
-function criticalIds(comments) {
-  const keep = new Set;
-  for (const c of comments) {
-    if (c.comment_type === "decision")
-      keep.add(c.id);
-    if (c.supersedes_id) {
-      keep.add(c.id);
-      keep.add(c.supersedes_id);
-    }
-    if (c.confirms_id) {
-      keep.add(c.id);
-      keep.add(c.confirms_id);
-    }
-  }
-  return keep;
-}
-function serializeCommentThread(comments, options = {}) {
-  const { heading = "Conversation", includeInstructions = true, activity = [], maxComments } = options;
-  const visible = comments.filter((c) => !c.deleted_at).slice().sort((a, b) => a.created_at.localeCompare(b.created_at));
-  if (visible.length === 0)
-    return "";
-  const indexById = new Map;
-  visible.forEach((c, i) => {
-    indexById.set(c.id, i + 1);
-  });
-  let rendered = visible;
-  let elidedCount = 0;
-  if (maxComments && visible.length > maxComments) {
-    const keep = criticalIds(visible);
-    const recentThreshold = visible.length - maxComments;
-    rendered = visible.filter((c, i) => i >= recentThreshold || keep.has(c.id));
-    elidedCount = visible.length - rendered.length;
-  }
-  const ref = (id) => {
-    const n = indexById.get(id);
-    return n ? `#${n}` : `#${id.slice(0, 8)}`;
-  };
-  const lines = [];
-  if (elidedCount > 0) {
-    lines.push({
-      at: visible[0]?.created_at ?? "",
-      text: `(${elidedCount} earlier comment(s) omitted for brevity)`
-    });
-  }
-  for (const c of rendered) {
-    const tags = [];
-    if (c.edited_at)
-      tags.push("edited");
-    if (c.supersedes_id)
-      tags.push(`supersedes ${ref(c.supersedes_id)}`);
-    if (c.confirms_id)
-      tags.push(`confirms ${ref(c.confirms_id)}`);
-    if (c.resolved_at)
-      tags.push("resolved");
-    const tagStr = tags.length ? ` | ${tags.join(" | ")}` : "";
-    const header = `[${sanitizeHeaderField(ref(c.id))} | ${sanitizeHeaderField(c.author_type)} | ${authorLabel(c)} | ${sanitizeHeaderField(c.comment_type)} | ${sanitizeHeaderField(c.created_at)}${tagStr}]`;
-    const fencedBody = c.body.trim().replaceAll("<", "&lt;").replaceAll(">", "&gt;");
-    lines.push({
-      at: c.created_at,
-      text: `${header}
-<comment-body>
-${fencedBody}
-</comment-body>`
-    });
-  }
-  for (const a of activity) {
-    const actor = a.actor ? `${a.actor} ` : "";
-    lines.push({ at: a.at, text: `· (system) ${a.at} — ${actor}${a.text}` });
-  }
-  lines.sort((a, b) => a.at.localeCompare(b.at));
-  const body = lines.map((l) => l.text).join(`
-
-`);
-  const instruction = includeInstructions ? `
-
-${CONFLICT_INSTRUCTION}` : "";
-  return `## ${heading} (oldest → newest)
-
-${body}${instruction}`;
-}
-var CONFLICT_INSTRUCTION;
-var init_commentSerializer = __esm(() => {
-  CONFLICT_INSTRUCTION = "When two comments conflict, prefer the latest created_at, UNLESS a later " + "comment explicitly confirms or restates the earlier finding. Evaluate " + "substance, not just recency. Cite the comment id(s) you relied on.";
-});
-
-// ../harmony-shared/dist/constants.js
-var TIMINGS;
-var init_constants = __esm(() => {
-  TIMINGS = {
-    SEARCH_DEBOUNCE: 300,
-    AUTOSAVE_DEBOUNCE: 1000,
-    TOAST_DURATION: 3000,
-    QUERY_STALE_TIME: 1000 * 60 * 5,
-    QUERY_GC_TIME: 1000 * 60 * 60 * 24
-  };
-});
-// ../harmony-shared/dist/logger.js
-var init_logger = () => {};
-// ../harmony-shared/dist/projectTemplates.js
-var init_projectTemplates = () => {};
-
-// ../harmony-shared/dist/reviewMethodology.js
-var REVIEW_SYSTEM_PROMPT = `You are a senior code reviewer. Follow this two-pass methodology strictly.
-Report findings; do NOT fix them. This is a read-only review.
-
-## Two-Pass Review
-
-### Pass 1 — CRITICAL (highest severity)
-
-**SQL & Data Safety**
-- String interpolation in SQL — use parameterized queries / prepared statements
-- TOCTOU races: check-then-set patterns that should be atomic WHERE + UPDATE
-
-**Race Conditions & Concurrency**
-- Read-check-write without uniqueness constraint or duplicate key handling
-- Status transitions without atomic WHERE old_status UPDATE SET new_status
-- Unsafe HTML rendering (dangerouslySetInnerHTML, v-html) on user-controlled data (XSS)
-
-**LLM Output Trust Boundary**
-- LLM-generated values written to DB without format validation (EMAIL_REGEXP, URI.parse, .trim())
-- Structured tool output accepted without type/shape checks before database writes
-
-**Enum & Value Completeness**
-- When the diff introduces a new enum/status/type value, trace it through every consumer
-- Check allowlists, filter arrays, and case/if-elsif chains for the new value
-- Use Grep to find all references to sibling values and Read each match — look OUTSIDE the diff
-
-### Pass 2 — INFORMATIONAL (lower severity)
-
-**Conditional Side Effects**
-- Code paths that branch but forget a side effect on one branch (e.g., promoting without attaching URL)
-
-**Dead Code & Consistency**
-- Variables assigned but never read
-- Comments/docstrings describing old behavior after code changed
-
-**Test Gaps**
-- Missing negative-path tests for new error handling
-- Security enforcement features without integration tests
-
-**Completeness Gaps**
-- Partial enum handling, incomplete error paths, missing edge cases that are straightforward to add
-
-**View/Frontend**
-- O(n*m) lookups in views (Array.find in a loop instead of Map/index)
-- Inline styles re-parsed every render
-
-## Severity Classification
-
-- **critical**: SQL safety, race conditions, XSS, LLM trust boundary violations, enum completeness gaps causing runtime errors
-- **major**: Missing requirements, broken functionality, significant completeness gaps, conditional side effects
-- **minor**: Dead code, stale comments, test gaps, minor view issues, cosmetic completeness gaps
-
-## Suppressions — DO NOT flag these
-
-- Redundancy that aids readability (e.g., present? redundant with length > 20)
-- "Add a comment explaining why this threshold was chosen" — thresholds change, comments rot
-- Consistency-only changes (wrapping a value to match how another constant is guarded)
-- Regex edge cases when input is constrained and the edge case never occurs in practice
-- Eval threshold changes — these are tuned empirically
-- Harmless no-ops (e.g., .reject on an element never in the array)
-- ANYTHING already addressed in the diff you are reviewing — read the FULL diff before flagging`, QA_VISUAL_CHECKLIST = `## Visual QA Checklist
-
-For each page affected by the changes:
-
-1. **Visual scan** — Screenshot the page. Check for layout breaks, broken images, alignment issues, z-index problems.
-2. **Interactive elements** — Click every button, link, and control. Does each do what it says?
-3. **Forms** — Fill and submit. Test empty submission, invalid data, edge cases.
-4. **Navigation** — Check all paths in/out. Breadcrumbs, back button, deep links.
-5. **States** — Check empty state, loading state, error state, overflow state.
-6. **Console** — Check for JS exceptions, failed network requests (4xx/5xx), CORS errors after interactions.
-7. **Responsiveness** — If the change is visual, check mobile viewport (375px).
-
-### SPA-Specific (React/Vite)
-- Use snapshot for navigation — client-side routes may not appear in link lists.
-- Check for stale state: navigate away and back — does data refresh correctly?
-- Test browser back/forward — does the app handle history correctly?
-- Watch for hydration errors or layout shifts after dynamic content loads.`, REVIEW_VERDICT_SCHEMA = `{
-  "verdict": "approved" | "rejected",
-  "summary": "Brief overall assessment",
-  "scopeCheck": {
-    "status": "clean" | "drift" | "missing",
-    "notes": "Optional explanation of scope issues"
-  },
-  "findings": [
-    {
-      "severity": "critical" | "major" | "minor",
-      "category": "sql-safety | race-condition | llm-trust | enum-completeness | visual | functional | ux | console | scope | other",
-      "title": "Short title",
-      "description": "Detailed description of the issue",
-      "location": "file:line (if applicable)"
-    }
-  ]
-}`, REVIEW_DECISION_RULES = `- **rejected**: Any \`critical\` finding, unaddressed requirements, or 2+ \`major\` findings.
-- **approved**: No critical findings, at most 1 major finding with minor findings OK.`;
-// ../harmony-shared/dist/types.js
-var init_types2 = () => {};
-
-// ../harmony-shared/dist/index.js
-var init_dist = __esm(() => {
-  init_cardLinks();
-  init_classification();
-  init_commentSerializer();
-  init_constants();
-  init_logger();
-  init_projectTemplates();
-  init_types2();
-});
 
 // src/review-knowledge.ts
 var init_review_knowledge = __esm(() => {
@@ -3980,6 +4073,8 @@ You are thorough, specific, and cite file:line locations for every finding.
 
 ${REVIEW_SYSTEM_PROMPT}
 
+${REVIEW_ACCEPTANCE_CHECKS}
+
 ${QA_VISUAL_CHECKLIST}`;
 }
 function buildReviewUserPrompt(enriched, branchName, worktreePath, previewUrl, diffSummary, baseBranch) {
@@ -4014,19 +4109,22 @@ you have Read, Grep, Glob, and read-only Bash:
 
 Follow these steps in order:
 
-### Step 1: Scope Check
-Compare the diff against the card description and subtasks above.
-- Are all requirements from the description addressed?
-- Are all subtasks implemented?
-- Is there scope creep — changes unrelated to the card requirements?
-Flag any missing requirements or scope drift.
+### Step 1: Acceptance Checks
+Per the Acceptance Checks methodology in your system instructions, derive one
+check per requirement in the description and one per subtask above, then assign
+each a status (pass / partial / fail / unverifiable) backed by evidence you read
+yourself — never the agent's say-so or a checkbox. Emit these as
+\`acceptanceChecks\`. Separately, set \`scopeCheck\` to flag scope creep —
+changes unrelated to the card's requirements.
 
-### Step 2: Code Review (Two-Pass)
-Apply the two-pass review from your system instructions:
-- **Pass 1 (CRITICAL)**: SQL safety, race conditions, LLM trust boundary, enum completeness.
-- **Pass 2 (INFORMATIONAL)**: Conditional side effects, dead code, test gaps, completeness gaps, view issues.
+### Step 2: Code Review (Two-Pass, five lenses)
+Apply the two-pass review from your system instructions, looking through all
+five lenses (functionality, security, performance, code quality, best practices):
+- **Pass 1 (CRITICAL)**: SQL safety, race conditions, security/auth/injection, LLM trust boundary, enum completeness.
+- **Pass 2 (INFORMATIONAL)**: functionality/edge cases, performance, code quality, best practices/accessibility, test gaps, completeness gaps.
 
 For enum completeness checks, use Grep and Read to trace new values through consumers OUTSIDE the diff.
+Set \`relatedToDiff\` on every finding — only diff-caused findings gate the verdict.
 
 ### Step 3: Visual QA
 Use the \`/browse\` skill to navigate to ${previewUrl} and apply the visual QA checklist: