@h-rig/doctor-plugin 0.0.6-alpha.156

package/README.md

@@ -0,0 +1 @@
+# @h-rig/doctor-plugin

package/dist/src/index.d.ts

@@ -0,0 +1 @@
+export * from "./plugin";

package/dist/src/index.js

@@ -0,0 +1,217 @@
+// @bun
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+// packages/doctor-plugin/src/service.ts
+var exports_service = {};
+__export(exports_service, {
+  runDoctorChecks: () => runDoctorChecks,
+  doctorRunner: () => doctorRunner
+});
+import { existsSync, readFileSync } from "fs";
+import { resolve } from "path";
+import { isSupportedBunVersion, MIN_SUPPORTED_BUN_VERSION } from "@rig/runtime/control-plane/setup-version";
+import { checkGitHubRepoPermissions, resolveGitHubAuthStatus } from "@rig/github-provider-plugin";
+import { loadConfig } from "@rig/core/load-config";
+import { resolveRigIdentity, resolveRigIdentityFilter } from "@rig/runtime/control-plane/identity";
+import { readSelection, listPlacements } from "@rig/runtime/control-plane/placement";
+import { listRuns } from "@rig/run-worker/runs";
+function check(id, label, status, detail, remediation) {
+  return { id, label, status, level: status === "pass" ? "ok" : status, ...detail ? { detail } : {}, ...remediation ? { remediation } : {} };
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function isAuthenticated(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return false;
+  const record = payload;
+  return record.signedIn === true || record.authenticated === true || record.status === "authenticated" || record.ok === true && typeof record.login === "string" && record.login.trim().length > 0;
+}
+function repoSlugFromConfig(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const project = record?.project && typeof record.project === "object" && !Array.isArray(record.project) ? record.project : null;
+  if (typeof project?.repo === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.repo))
+    return project.repo;
+  if (typeof project?.name === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.name))
+    return project.name;
+  const taskSource = record?.taskSource && typeof record.taskSource === "object" && !Array.isArray(record.taskSource) ? record.taskSource : null;
+  if (typeof taskSource?.owner === "string" && typeof taskSource?.repo === "string")
+    return `${taskSource.owner}/${taskSource.repo}`;
+  return null;
+}
+function loadFallbackConfig(projectRoot) {
+  for (const name of ["rig.config.ts", "rig.config.mts", "rig.config.json"]) {
+    const path = resolve(projectRoot, name);
+    if (!existsSync(path))
+      continue;
+    try {
+      const source = readFileSync(path, "utf8");
+      if (name.endsWith(".json"))
+        return JSON.parse(source);
+      const owner = source.match(/owner\s*:\s*["']([^"']+)["']/)?.[1];
+      const repo = source.match(/repo\s*:\s*["']([^"']+)["']/)?.[1];
+      const projectRepo = source.match(/project\s*:\s*{[^}]*repo\s*:\s*["']([^"']+)["']/s)?.[1];
+      const taskKind = source.match(/taskSource\s*:\s*{[^}]*kind\s*:\s*["']([^"']+)["']/s)?.[1];
+      return { ...projectRepo ? { project: { name: projectRepo, repo: projectRepo } } : {}, ...taskKind ? { taskSource: { kind: taskKind, ...owner ? { owner } : {}, ...repo ? { repo } : {} } } : {} };
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function githubProjectsCheck(config) {
+  const github = config?.github;
+  const projects = github?.projects;
+  if (!projects?.enabled)
+    return check("github-projects", "GitHub Projects status sync", "warn", "disabled or not configured", "Current OMP flow does not require GitHub Projects status sync.");
+  if (projects.projectId && projects.statusFieldId)
+    return check("github-projects", "GitHub Projects status sync", "pass", `project ${projects.projectId}`);
+  return check("github-projects", "GitHub Projects status sync", "fail", "enabled but projectId/statusFieldId is incomplete", "Configure github.projects.projectId and github.projects.statusFieldId, or disable github.projects.enabled.");
+}
+function permissionAllowsPr(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return null;
+  const record = payload;
+  if (record.canOpenPullRequest === true || record.pullRequests === true || record.push === true || record.maintain === true || record.admin === true)
+    return true;
+  if (record.canOpenPullRequest === false || record.pullRequests === false || record.push === false)
+    return false;
+  const permissions = record.permissions;
+  if (permissions && typeof permissions === "object" && !Array.isArray(permissions)) {
+    const p = permissions;
+    if (p.push === true || p.maintain === true || p.admin === true)
+      return true;
+    if (p.push === false && p.admin !== true)
+      return false;
+  }
+  return null;
+}
+function prMergeCheck(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const pr = record?.pr;
+  const merge = record?.merge;
+  if (pr?.mode === "off" || merge?.mode === "off")
+    return check("pr-merge", "PR/merge automation", "warn", "automatic PR or merge is disabled", "Set pr.mode and merge.mode to auto for autonomous YOLO runs.");
+  return check("pr-merge", "PR/merge automation", "pass", `pr=${pr?.mode ?? "auto"}, merge=${merge?.mode ?? "auto"}, method=${merge?.method ?? "repo-default"}`);
+}
+async function defaultPiChecks() {
+  const pi = Bun.which("pi");
+  return [{ ok: Boolean(pi), label: "pi", detail: pi ?? undefined, hint: pi ? undefined : "Install Pi/OMP and the Rig extension." }];
+}
+async function defaultRequestJson(projectRoot, pathname, _init) {
+  if (pathname === "/api/github/auth/status")
+    return { ok: true, ...resolveGitHubAuthStatus({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) }) };
+  if (pathname === "/api/github/repo/permissions")
+    return checkGitHubRepoPermissions({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) });
+  return { ok: false, error: `No in-process handler for ${pathname}` };
+}
+async function runDoctorChecks(options) {
+  const projectRoot = options.projectRoot;
+  const checks = [];
+  const which = options.which ?? ((binary) => Bun.which(binary));
+  const bunVersion = options.bunVersion ?? Bun.version;
+  const request = options.requestJson ?? ((pathname, init) => defaultRequestJson(projectRoot, pathname, init));
+  const progress = options.onProgress ?? (() => {});
+  const load = options.loadConfig ?? ((root) => loadConfig(root).catch(() => null));
+  progress("Checking local toolchain\u2026");
+  checks.push(check("bun", "bun", isSupportedBunVersion(bunVersion) ? "pass" : "fail", `found ${bunVersion}`, `Install Bun ${MIN_SUPPORTED_BUN_VERSION} or newer.`));
+  checks.push(check("git", "git", which("git") ? "pass" : "fail", which("git") ?? undefined, "Install git and ensure it is on PATH."));
+  checks.push(check("jq", "jq", which("jq") ? "pass" : "warn", which("jq") ?? undefined, "Install jq (for example `brew install jq`)."));
+  progress("Loading rig.config\u2026");
+  const loadedConfig = await load(projectRoot);
+  const config = loadedConfig ?? loadFallbackConfig(projectRoot);
+  const hasConfigFile = ["rig.config.ts", "rig.config.mts", "rig.config.json"].some((name) => existsSync(resolve(projectRoot, name)));
+  checks.push(config ? check("config", "rig.config loadable", "pass") : check("config", "rig.config loadable", hasConfigFile ? "fail" : "fail", hasConfigFile ? "config file exists but failed to load" : "missing rig.config.ts/json", "Create or fix rig.config."));
+  const taskSourceKind = config?.taskSource?.kind;
+  checks.push(taskSourceKind ? check("task-source", "task source configured", "pass", taskSourceKind) : check("task-source", "task source configured", "fail", "missing taskSource", "Configure taskSource in rig.config."));
+  const repo = readSelection(projectRoot);
+  const configuredRepo = repoSlugFromConfig(config);
+  checks.push(repo ? check("project-link", "repo selected for local setup", repo.project ? "pass" : "warn", repo.selected + (repo.project ? ` -> ${repo.project}` : ""), repo.project ? undefined : `Run rig init --repo ${configuredRepo ?? "owner/repo"} to repair the local project link.`) : check("project-link", "repo selected for local setup", "warn", "missing .rig/state/connection.json", "Current UX can run without this compatibility file; run setup from the cockpit if GitHub Issues integration is needed."));
+  progress("Checking GitHub auth\u2026");
+  try {
+    const auth = await request("/api/github/auth/status");
+    checks.push(isAuthenticated(auth) ? check("github-auth", "GitHub auth", "pass") : check("github-auth", "GitHub auth", "fail", "not authenticated", "Run Rig GitHub auth setup or import a token."));
+  } catch (error) {
+    checks.push(check("github-auth", "GitHub auth", "fail", errorMessage(error), "Authenticate GitHub access."));
+  }
+  progress("Checking GitHub repo permissions\u2026");
+  try {
+    const permissions = await request("/api/github/repo/permissions");
+    const allowed = permissionAllowsPr(permissions);
+    checks.push(allowed === true ? check("github-repo-permissions", "GitHub repo PR permissions", "pass", JSON.stringify(permissions).slice(0, 180)) : allowed === false ? check("github-repo-permissions", "GitHub repo PR permissions", "fail", JSON.stringify(permissions).slice(0, 180), "Grant the selected GitHub token permission to push branches, open PRs, and merge according to repo rules.") : check("github-repo-permissions", "GitHub repo PR permissions", "warn", JSON.stringify(permissions).slice(0, 180), "Confirm the selected token can push branches and open PRs."));
+  } catch (error) {
+    checks.push(check("github-repo-permissions", "GitHub repo PR permissions", "warn", errorMessage(error), "Ensure the token can open PRs."));
+  }
+  if (taskSourceKind === "github-issues")
+    checks.push(check("gh", "gh CLI fallback", which("gh") ? "pass" : "warn", which("gh") ?? undefined, "Install gh locally for fallback operations."));
+  if (config)
+    checks.push(githubProjectsCheck(config), prMergeCheck(config));
+  progress("Checking Pi installation\u2026");
+  const piChecks = await (options.piChecks ?? defaultPiChecks)().catch((error) => [{ ok: false, label: "pi/pi-rig checks", detail: undefined, hint: errorMessage(error) }]);
+  for (const pi of piChecks)
+    checks.push(check(pi.label === "pi" ? "pi" : "pi-rig", pi.label, pi.ok ? "pass" : "warn", pi.detail, pi.hint ?? (pi.ok ? undefined : "Install Pi/OMP and the Rig extension.")));
+  const identity = options.identityContext ? resolveRigIdentity(options.identityContext) : null;
+  if (options.identityContext) {
+    const filter = resolveRigIdentityFilter(options.identityContext);
+    checks.push({ label: "identity", status: identity ? "pass" : "warn", level: identity ? "ok" : "warn", detail: identity?.source ?? "GitHub identity unavailable" });
+    checks.push({ label: "github-repo", status: filter?.selectedRepo ? "pass" : "warn", level: filter?.selectedRepo ? "ok" : "warn", detail: filter?.selectedRepo ?? "repo not selected" });
+  }
+  try {
+    const runs = await (options.listRuns ?? listRuns)(projectRoot);
+    checks.push({ label: "run-discovery", status: "pass", level: "ok", detail: `${runs.length} run session(s)` });
+  } catch (error) {
+    checks.push({ label: "run-discovery", status: "fail", level: "fail", detail: errorMessage(error) });
+  }
+  try {
+    const targets = (options.listPlacements ?? listPlacements)(projectRoot);
+    checks.push({ label: "relay-targets", status: targets.length > 0 ? "pass" : "warn", level: targets.length > 0 ? "ok" : "warn", detail: `${targets.length} target(s)` });
+  } catch (error) {
+    checks.push({ label: "relay-targets", status: "warn", level: "warn", detail: errorMessage(error) });
+  }
+  return checks;
+}
+var doctorRunner;
+var init_service = __esm(() => {
+  doctorRunner = { runDoctorChecks };
+});
+
+// packages/doctor-plugin/src/plugin.ts
+import { definePlugin } from "@rig/core/config";
+import { DOCTOR_RUNNER_CAPABILITY_ID } from "@rig/contracts";
+var DOCTOR_PLUGIN_NAME = "@rig/doctor-plugin";
+var doctorPlugin = definePlugin({
+  name: DOCTOR_PLUGIN_NAME,
+  version: "0.0.0-alpha.1",
+  contributes: {
+    capabilities: [
+      {
+        id: DOCTOR_RUNNER_CAPABILITY_ID,
+        title: "Diagnostic doctor checks",
+        description: "Local toolchain, rig.config loadability, GitHub auth/permissions, Pi, and run/relay diagnostics with remediation copy.",
+        run: async () => (await Promise.resolve().then(() => (init_service(), exports_service))).doctorRunner
+      }
+    ]
+  }
+});
+function createDoctorPlugin() {
+  return doctorPlugin;
+}
+export {
+  doctorPlugin,
+  createDoctorPlugin,
+  DOCTOR_PLUGIN_NAME
+};

package/dist/src/plugin.d.ts

@@ -0,0 +1,4 @@
+export declare const DOCTOR_PLUGIN_NAME = "@rig/doctor-plugin";
+export declare const doctorPlugin: import("@rig/core").RigPlugin;
+export declare function createDoctorPlugin(): import("@rig/core").RigPlugin;
+export default doctorPlugin;

package/dist/src/plugin.js

@@ -0,0 +1,219 @@
+// @bun
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+
+// packages/doctor-plugin/src/service.ts
+var exports_service = {};
+__export(exports_service, {
+  runDoctorChecks: () => runDoctorChecks,
+  doctorRunner: () => doctorRunner
+});
+import { existsSync, readFileSync } from "fs";
+import { resolve } from "path";
+import { isSupportedBunVersion, MIN_SUPPORTED_BUN_VERSION } from "@rig/runtime/control-plane/setup-version";
+import { checkGitHubRepoPermissions, resolveGitHubAuthStatus } from "@rig/github-provider-plugin";
+import { loadConfig } from "@rig/core/load-config";
+import { resolveRigIdentity, resolveRigIdentityFilter } from "@rig/runtime/control-plane/identity";
+import { readSelection, listPlacements } from "@rig/runtime/control-plane/placement";
+import { listRuns } from "@rig/run-worker/runs";
+function check(id, label, status, detail, remediation) {
+  return { id, label, status, level: status === "pass" ? "ok" : status, ...detail ? { detail } : {}, ...remediation ? { remediation } : {} };
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function isAuthenticated(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return false;
+  const record = payload;
+  return record.signedIn === true || record.authenticated === true || record.status === "authenticated" || record.ok === true && typeof record.login === "string" && record.login.trim().length > 0;
+}
+function repoSlugFromConfig(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const project = record?.project && typeof record.project === "object" && !Array.isArray(record.project) ? record.project : null;
+  if (typeof project?.repo === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.repo))
+    return project.repo;
+  if (typeof project?.name === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.name))
+    return project.name;
+  const taskSource = record?.taskSource && typeof record.taskSource === "object" && !Array.isArray(record.taskSource) ? record.taskSource : null;
+  if (typeof taskSource?.owner === "string" && typeof taskSource?.repo === "string")
+    return `${taskSource.owner}/${taskSource.repo}`;
+  return null;
+}
+function loadFallbackConfig(projectRoot) {
+  for (const name of ["rig.config.ts", "rig.config.mts", "rig.config.json"]) {
+    const path = resolve(projectRoot, name);
+    if (!existsSync(path))
+      continue;
+    try {
+      const source = readFileSync(path, "utf8");
+      if (name.endsWith(".json"))
+        return JSON.parse(source);
+      const owner = source.match(/owner\s*:\s*["']([^"']+)["']/)?.[1];
+      const repo = source.match(/repo\s*:\s*["']([^"']+)["']/)?.[1];
+      const projectRepo = source.match(/project\s*:\s*{[^}]*repo\s*:\s*["']([^"']+)["']/s)?.[1];
+      const taskKind = source.match(/taskSource\s*:\s*{[^}]*kind\s*:\s*["']([^"']+)["']/s)?.[1];
+      return { ...projectRepo ? { project: { name: projectRepo, repo: projectRepo } } : {}, ...taskKind ? { taskSource: { kind: taskKind, ...owner ? { owner } : {}, ...repo ? { repo } : {} } } : {} };
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function githubProjectsCheck(config) {
+  const github = config?.github;
+  const projects = github?.projects;
+  if (!projects?.enabled)
+    return check("github-projects", "GitHub Projects status sync", "warn", "disabled or not configured", "Current OMP flow does not require GitHub Projects status sync.");
+  if (projects.projectId && projects.statusFieldId)
+    return check("github-projects", "GitHub Projects status sync", "pass", `project ${projects.projectId}`);
+  return check("github-projects", "GitHub Projects status sync", "fail", "enabled but projectId/statusFieldId is incomplete", "Configure github.projects.projectId and github.projects.statusFieldId, or disable github.projects.enabled.");
+}
+function permissionAllowsPr(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return null;
+  const record = payload;
+  if (record.canOpenPullRequest === true || record.pullRequests === true || record.push === true || record.maintain === true || record.admin === true)
+    return true;
+  if (record.canOpenPullRequest === false || record.pullRequests === false || record.push === false)
+    return false;
+  const permissions = record.permissions;
+  if (permissions && typeof permissions === "object" && !Array.isArray(permissions)) {
+    const p = permissions;
+    if (p.push === true || p.maintain === true || p.admin === true)
+      return true;
+    if (p.push === false && p.admin !== true)
+      return false;
+  }
+  return null;
+}
+function prMergeCheck(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const pr = record?.pr;
+  const merge = record?.merge;
+  if (pr?.mode === "off" || merge?.mode === "off")
+    return check("pr-merge", "PR/merge automation", "warn", "automatic PR or merge is disabled", "Set pr.mode and merge.mode to auto for autonomous YOLO runs.");
+  return check("pr-merge", "PR/merge automation", "pass", `pr=${pr?.mode ?? "auto"}, merge=${merge?.mode ?? "auto"}, method=${merge?.method ?? "repo-default"}`);
+}
+async function defaultPiChecks() {
+  const pi = Bun.which("pi");
+  return [{ ok: Boolean(pi), label: "pi", detail: pi ?? undefined, hint: pi ? undefined : "Install Pi/OMP and the Rig extension." }];
+}
+async function defaultRequestJson(projectRoot, pathname, _init) {
+  if (pathname === "/api/github/auth/status")
+    return { ok: true, ...resolveGitHubAuthStatus({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) }) };
+  if (pathname === "/api/github/repo/permissions")
+    return checkGitHubRepoPermissions({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) });
+  return { ok: false, error: `No in-process handler for ${pathname}` };
+}
+async function runDoctorChecks(options) {
+  const projectRoot = options.projectRoot;
+  const checks = [];
+  const which = options.which ?? ((binary) => Bun.which(binary));
+  const bunVersion = options.bunVersion ?? Bun.version;
+  const request = options.requestJson ?? ((pathname, init) => defaultRequestJson(projectRoot, pathname, init));
+  const progress = options.onProgress ?? (() => {});
+  const load = options.loadConfig ?? ((root) => loadConfig(root).catch(() => null));
+  progress("Checking local toolchain\u2026");
+  checks.push(check("bun", "bun", isSupportedBunVersion(bunVersion) ? "pass" : "fail", `found ${bunVersion}`, `Install Bun ${MIN_SUPPORTED_BUN_VERSION} or newer.`));
+  checks.push(check("git", "git", which("git") ? "pass" : "fail", which("git") ?? undefined, "Install git and ensure it is on PATH."));
+  checks.push(check("jq", "jq", which("jq") ? "pass" : "warn", which("jq") ?? undefined, "Install jq (for example `brew install jq`)."));
+  progress("Loading rig.config\u2026");
+  const loadedConfig = await load(projectRoot);
+  const config = loadedConfig ?? loadFallbackConfig(projectRoot);
+  const hasConfigFile = ["rig.config.ts", "rig.config.mts", "rig.config.json"].some((name) => existsSync(resolve(projectRoot, name)));
+  checks.push(config ? check("config", "rig.config loadable", "pass") : check("config", "rig.config loadable", hasConfigFile ? "fail" : "fail", hasConfigFile ? "config file exists but failed to load" : "missing rig.config.ts/json", "Create or fix rig.config."));
+  const taskSourceKind = config?.taskSource?.kind;
+  checks.push(taskSourceKind ? check("task-source", "task source configured", "pass", taskSourceKind) : check("task-source", "task source configured", "fail", "missing taskSource", "Configure taskSource in rig.config."));
+  const repo = readSelection(projectRoot);
+  const configuredRepo = repoSlugFromConfig(config);
+  checks.push(repo ? check("project-link", "repo selected for local setup", repo.project ? "pass" : "warn", repo.selected + (repo.project ? ` -> ${repo.project}` : ""), repo.project ? undefined : `Run rig init --repo ${configuredRepo ?? "owner/repo"} to repair the local project link.`) : check("project-link", "repo selected for local setup", "warn", "missing .rig/state/connection.json", "Current UX can run without this compatibility file; run setup from the cockpit if GitHub Issues integration is needed."));
+  progress("Checking GitHub auth\u2026");
+  try {
+    const auth = await request("/api/github/auth/status");
+    checks.push(isAuthenticated(auth) ? check("github-auth", "GitHub auth", "pass") : check("github-auth", "GitHub auth", "fail", "not authenticated", "Run Rig GitHub auth setup or import a token."));
+  } catch (error) {
+    checks.push(check("github-auth", "GitHub auth", "fail", errorMessage(error), "Authenticate GitHub access."));
+  }
+  progress("Checking GitHub repo permissions\u2026");
+  try {
+    const permissions = await request("/api/github/repo/permissions");
+    const allowed = permissionAllowsPr(permissions);
+    checks.push(allowed === true ? check("github-repo-permissions", "GitHub repo PR permissions", "pass", JSON.stringify(permissions).slice(0, 180)) : allowed === false ? check("github-repo-permissions", "GitHub repo PR permissions", "fail", JSON.stringify(permissions).slice(0, 180), "Grant the selected GitHub token permission to push branches, open PRs, and merge according to repo rules.") : check("github-repo-permissions", "GitHub repo PR permissions", "warn", JSON.stringify(permissions).slice(0, 180), "Confirm the selected token can push branches and open PRs."));
+  } catch (error) {
+    checks.push(check("github-repo-permissions", "GitHub repo PR permissions", "warn", errorMessage(error), "Ensure the token can open PRs."));
+  }
+  if (taskSourceKind === "github-issues")
+    checks.push(check("gh", "gh CLI fallback", which("gh") ? "pass" : "warn", which("gh") ?? undefined, "Install gh locally for fallback operations."));
+  if (config)
+    checks.push(githubProjectsCheck(config), prMergeCheck(config));
+  progress("Checking Pi installation\u2026");
+  const piChecks = await (options.piChecks ?? defaultPiChecks)().catch((error) => [{ ok: false, label: "pi/pi-rig checks", detail: undefined, hint: errorMessage(error) }]);
+  for (const pi of piChecks)
+    checks.push(check(pi.label === "pi" ? "pi" : "pi-rig", pi.label, pi.ok ? "pass" : "warn", pi.detail, pi.hint ?? (pi.ok ? undefined : "Install Pi/OMP and the Rig extension.")));
+  const identity = options.identityContext ? resolveRigIdentity(options.identityContext) : null;
+  if (options.identityContext) {
+    const filter = resolveRigIdentityFilter(options.identityContext);
+    checks.push({ label: "identity", status: identity ? "pass" : "warn", level: identity ? "ok" : "warn", detail: identity?.source ?? "GitHub identity unavailable" });
+    checks.push({ label: "github-repo", status: filter?.selectedRepo ? "pass" : "warn", level: filter?.selectedRepo ? "ok" : "warn", detail: filter?.selectedRepo ?? "repo not selected" });
+  }
+  try {
+    const runs = await (options.listRuns ?? listRuns)(projectRoot);
+    checks.push({ label: "run-discovery", status: "pass", level: "ok", detail: `${runs.length} run session(s)` });
+  } catch (error) {
+    checks.push({ label: "run-discovery", status: "fail", level: "fail", detail: errorMessage(error) });
+  }
+  try {
+    const targets = (options.listPlacements ?? listPlacements)(projectRoot);
+    checks.push({ label: "relay-targets", status: targets.length > 0 ? "pass" : "warn", level: targets.length > 0 ? "ok" : "warn", detail: `${targets.length} target(s)` });
+  } catch (error) {
+    checks.push({ label: "relay-targets", status: "warn", level: "warn", detail: errorMessage(error) });
+  }
+  return checks;
+}
+var doctorRunner;
+var init_service = __esm(() => {
+  doctorRunner = { runDoctorChecks };
+});
+
+// packages/doctor-plugin/src/plugin.ts
+import { definePlugin } from "@rig/core/config";
+import { DOCTOR_RUNNER_CAPABILITY_ID } from "@rig/contracts";
+var DOCTOR_PLUGIN_NAME = "@rig/doctor-plugin";
+var doctorPlugin = definePlugin({
+  name: DOCTOR_PLUGIN_NAME,
+  version: "0.0.0-alpha.1",
+  contributes: {
+    capabilities: [
+      {
+        id: DOCTOR_RUNNER_CAPABILITY_ID,
+        title: "Diagnostic doctor checks",
+        description: "Local toolchain, rig.config loadability, GitHub auth/permissions, Pi, and run/relay diagnostics with remediation copy.",
+        run: async () => (await Promise.resolve().then(() => (init_service(), exports_service))).doctorRunner
+      }
+    ]
+  }
+});
+function createDoctorPlugin() {
+  return doctorPlugin;
+}
+var plugin_default = doctorPlugin;
+export {
+  doctorPlugin,
+  plugin_default as default,
+  createDoctorPlugin,
+  DOCTOR_PLUGIN_NAME
+};

package/dist/src/service.d.ts

@@ -0,0 +1,5 @@
+import type { DoctorCheck } from "@rig/contracts";
+import type { DoctorService, RunDoctorChecksOptions } from "@rig/runtime/control-plane/doctor-service-port";
+export declare function runDoctorChecks(options: RunDoctorChecksOptions): Promise<DoctorCheck[]>;
+/** The concrete diagnostic service the runtime port resolves and consumes. */
+export declare const doctorRunner: DoctorService;

package/dist/src/service.js

@@ -0,0 +1,170 @@
+// @bun
+// packages/doctor-plugin/src/service.ts
+import { existsSync, readFileSync } from "fs";
+import { resolve } from "path";
+import { isSupportedBunVersion, MIN_SUPPORTED_BUN_VERSION } from "@rig/runtime/control-plane/setup-version";
+import { checkGitHubRepoPermissions, resolveGitHubAuthStatus } from "@rig/github-provider-plugin";
+import { loadConfig } from "@rig/core/load-config";
+import { resolveRigIdentity, resolveRigIdentityFilter } from "@rig/runtime/control-plane/identity";
+import { readSelection, listPlacements } from "@rig/runtime/control-plane/placement";
+import { listRuns } from "@rig/run-worker/runs";
+function check(id, label, status, detail, remediation) {
+  return { id, label, status, level: status === "pass" ? "ok" : status, ...detail ? { detail } : {}, ...remediation ? { remediation } : {} };
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+function isAuthenticated(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return false;
+  const record = payload;
+  return record.signedIn === true || record.authenticated === true || record.status === "authenticated" || record.ok === true && typeof record.login === "string" && record.login.trim().length > 0;
+}
+function repoSlugFromConfig(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const project = record?.project && typeof record.project === "object" && !Array.isArray(record.project) ? record.project : null;
+  if (typeof project?.repo === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.repo))
+    return project.repo;
+  if (typeof project?.name === "string" && /^[^/\s]+\/[^/\s]+$/.test(project.name))
+    return project.name;
+  const taskSource = record?.taskSource && typeof record.taskSource === "object" && !Array.isArray(record.taskSource) ? record.taskSource : null;
+  if (typeof taskSource?.owner === "string" && typeof taskSource?.repo === "string")
+    return `${taskSource.owner}/${taskSource.repo}`;
+  return null;
+}
+function loadFallbackConfig(projectRoot) {
+  for (const name of ["rig.config.ts", "rig.config.mts", "rig.config.json"]) {
+    const path = resolve(projectRoot, name);
+    if (!existsSync(path))
+      continue;
+    try {
+      const source = readFileSync(path, "utf8");
+      if (name.endsWith(".json"))
+        return JSON.parse(source);
+      const owner = source.match(/owner\s*:\s*["']([^"']+)["']/)?.[1];
+      const repo = source.match(/repo\s*:\s*["']([^"']+)["']/)?.[1];
+      const projectRepo = source.match(/project\s*:\s*{[^}]*repo\s*:\s*["']([^"']+)["']/s)?.[1];
+      const taskKind = source.match(/taskSource\s*:\s*{[^}]*kind\s*:\s*["']([^"']+)["']/s)?.[1];
+      return { ...projectRepo ? { project: { name: projectRepo, repo: projectRepo } } : {}, ...taskKind ? { taskSource: { kind: taskKind, ...owner ? { owner } : {}, ...repo ? { repo } : {} } } : {} };
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function githubProjectsCheck(config) {
+  const github = config?.github;
+  const projects = github?.projects;
+  if (!projects?.enabled)
+    return check("github-projects", "GitHub Projects status sync", "warn", "disabled or not configured", "Current OMP flow does not require GitHub Projects status sync.");
+  if (projects.projectId && projects.statusFieldId)
+    return check("github-projects", "GitHub Projects status sync", "pass", `project ${projects.projectId}`);
+  return check("github-projects", "GitHub Projects status sync", "fail", "enabled but projectId/statusFieldId is incomplete", "Configure github.projects.projectId and github.projects.statusFieldId, or disable github.projects.enabled.");
+}
+function permissionAllowsPr(payload) {
+  if (!payload || typeof payload !== "object" || Array.isArray(payload))
+    return null;
+  const record = payload;
+  if (record.canOpenPullRequest === true || record.pullRequests === true || record.push === true || record.maintain === true || record.admin === true)
+    return true;
+  if (record.canOpenPullRequest === false || record.pullRequests === false || record.push === false)
+    return false;
+  const permissions = record.permissions;
+  if (permissions && typeof permissions === "object" && !Array.isArray(permissions)) {
+    const p = permissions;
+    if (p.push === true || p.maintain === true || p.admin === true)
+      return true;
+    if (p.push === false && p.admin !== true)
+      return false;
+  }
+  return null;
+}
+function prMergeCheck(config) {
+  const record = config && typeof config === "object" && !Array.isArray(config) ? config : null;
+  const pr = record?.pr;
+  const merge = record?.merge;
+  if (pr?.mode === "off" || merge?.mode === "off")
+    return check("pr-merge", "PR/merge automation", "warn", "automatic PR or merge is disabled", "Set pr.mode and merge.mode to auto for autonomous YOLO runs.");
+  return check("pr-merge", "PR/merge automation", "pass", `pr=${pr?.mode ?? "auto"}, merge=${merge?.mode ?? "auto"}, method=${merge?.method ?? "repo-default"}`);
+}
+async function defaultPiChecks() {
+  const pi = Bun.which("pi");
+  return [{ ok: Boolean(pi), label: "pi", detail: pi ?? undefined, hint: pi ? undefined : "Install Pi/OMP and the Rig extension." }];
+}
+async function defaultRequestJson(projectRoot, pathname, _init) {
+  if (pathname === "/api/github/auth/status")
+    return { ok: true, ...resolveGitHubAuthStatus({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) }) };
+  if (pathname === "/api/github/repo/permissions")
+    return checkGitHubRepoPermissions({ projectRoot, oauthConfigured: Boolean(process.env.RIG_GITHUB_OAUTH_CLIENT_ID?.trim()) });
+  return { ok: false, error: `No in-process handler for ${pathname}` };
+}
+async function runDoctorChecks(options) {
+  const projectRoot = options.projectRoot;
+  const checks = [];
+  const which = options.which ?? ((binary) => Bun.which(binary));
+  const bunVersion = options.bunVersion ?? Bun.version;
+  const request = options.requestJson ?? ((pathname, init) => defaultRequestJson(projectRoot, pathname, init));
+  const progress = options.onProgress ?? (() => {});
+  const load = options.loadConfig ?? ((root) => loadConfig(root).catch(() => null));
+  progress("Checking local toolchain\u2026");
+  checks.push(check("bun", "bun", isSupportedBunVersion(bunVersion) ? "pass" : "fail", `found ${bunVersion}`, `Install Bun ${MIN_SUPPORTED_BUN_VERSION} or newer.`));
+  checks.push(check("git", "git", which("git") ? "pass" : "fail", which("git") ?? undefined, "Install git and ensure it is on PATH."));
+  checks.push(check("jq", "jq", which("jq") ? "pass" : "warn", which("jq") ?? undefined, "Install jq (for example `brew install jq`)."));
+  progress("Loading rig.config\u2026");
+  const loadedConfig = await load(projectRoot);
+  const config = loadedConfig ?? loadFallbackConfig(projectRoot);
+  const hasConfigFile = ["rig.config.ts", "rig.config.mts", "rig.config.json"].some((name) => existsSync(resolve(projectRoot, name)));
+  checks.push(config ? check("config", "rig.config loadable", "pass") : check("config", "rig.config loadable", hasConfigFile ? "fail" : "fail", hasConfigFile ? "config file exists but failed to load" : "missing rig.config.ts/json", "Create or fix rig.config."));
+  const taskSourceKind = config?.taskSource?.kind;
+  checks.push(taskSourceKind ? check("task-source", "task source configured", "pass", taskSourceKind) : check("task-source", "task source configured", "fail", "missing taskSource", "Configure taskSource in rig.config."));
+  const repo = readSelection(projectRoot);
+  const configuredRepo = repoSlugFromConfig(config);
+  checks.push(repo ? check("project-link", "repo selected for local setup", repo.project ? "pass" : "warn", repo.selected + (repo.project ? ` -> ${repo.project}` : ""), repo.project ? undefined : `Run rig init --repo ${configuredRepo ?? "owner/repo"} to repair the local project link.`) : check("project-link", "repo selected for local setup", "warn", "missing .rig/state/connection.json", "Current UX can run without this compatibility file; run setup from the cockpit if GitHub Issues integration is needed."));
+  progress("Checking GitHub auth\u2026");
+  try {
+    const auth = await request("/api/github/auth/status");
+    checks.push(isAuthenticated(auth) ? check("github-auth", "GitHub auth", "pass") : check("github-auth", "GitHub auth", "fail", "not authenticated", "Run Rig GitHub auth setup or import a token."));
+  } catch (error) {
+    checks.push(check("github-auth", "GitHub auth", "fail", errorMessage(error), "Authenticate GitHub access."));
+  }
+  progress("Checking GitHub repo permissions\u2026");
+  try {
+    const permissions = await request("/api/github/repo/permissions");
+    const allowed = permissionAllowsPr(permissions);
+    checks.push(allowed === true ? check("github-repo-permissions", "GitHub repo PR permissions", "pass", JSON.stringify(permissions).slice(0, 180)) : allowed === false ? check("github-repo-permissions", "GitHub repo PR permissions", "fail", JSON.stringify(permissions).slice(0, 180), "Grant the selected GitHub token permission to push branches, open PRs, and merge according to repo rules.") : check("github-repo-permissions", "GitHub repo PR permissions", "warn", JSON.stringify(permissions).slice(0, 180), "Confirm the selected token can push branches and open PRs."));
+  } catch (error) {
+    checks.push(check("github-repo-permissions", "GitHub repo PR permissions", "warn", errorMessage(error), "Ensure the token can open PRs."));
+  }
+  if (taskSourceKind === "github-issues")
+    checks.push(check("gh", "gh CLI fallback", which("gh") ? "pass" : "warn", which("gh") ?? undefined, "Install gh locally for fallback operations."));
+  if (config)
+    checks.push(githubProjectsCheck(config), prMergeCheck(config));
+  progress("Checking Pi installation\u2026");
+  const piChecks = await (options.piChecks ?? defaultPiChecks)().catch((error) => [{ ok: false, label: "pi/pi-rig checks", detail: undefined, hint: errorMessage(error) }]);
+  for (const pi of piChecks)
+    checks.push(check(pi.label === "pi" ? "pi" : "pi-rig", pi.label, pi.ok ? "pass" : "warn", pi.detail, pi.hint ?? (pi.ok ? undefined : "Install Pi/OMP and the Rig extension.")));
+  const identity = options.identityContext ? resolveRigIdentity(options.identityContext) : null;
+  if (options.identityContext) {
+    const filter = resolveRigIdentityFilter(options.identityContext);
+    checks.push({ label: "identity", status: identity ? "pass" : "warn", level: identity ? "ok" : "warn", detail: identity?.source ?? "GitHub identity unavailable" });
+    checks.push({ label: "github-repo", status: filter?.selectedRepo ? "pass" : "warn", level: filter?.selectedRepo ? "ok" : "warn", detail: filter?.selectedRepo ?? "repo not selected" });
+  }
+  try {
+    const runs = await (options.listRuns ?? listRuns)(projectRoot);
+    checks.push({ label: "run-discovery", status: "pass", level: "ok", detail: `${runs.length} run session(s)` });
+  } catch (error) {
+    checks.push({ label: "run-discovery", status: "fail", level: "fail", detail: errorMessage(error) });
+  }
+  try {
+    const targets = (options.listPlacements ?? listPlacements)(projectRoot);
+    checks.push({ label: "relay-targets", status: targets.length > 0 ? "pass" : "warn", level: targets.length > 0 ? "ok" : "warn", detail: `${targets.length} target(s)` });
+  } catch (error) {
+    checks.push({ label: "relay-targets", status: "warn", level: "warn", detail: errorMessage(error) });
+  }
+  return checks;
+}
+var doctorRunner = { runDoctorChecks };
+export {
+  runDoctorChecks,
+  doctorRunner
+};

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@h-rig/doctor-plugin",
+  "version": "0.0.6-alpha.156",
+  "type": "module",
+  "description": "First-party diagnostic doctor capability plugin for Rig.",
+  "license": "UNLICENSED",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/src/plugin.d.ts",
+      "import": "./dist/src/plugin.js"
+    },
+    "./plugin": {
+      "types": "./dist/src/plugin.d.ts",
+      "import": "./dist/src/plugin.js"
+    },
+    "./index": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js"
+    }
+  },
+  "engines": {
+    "bun": ">=1.3.11"
+  },
+  "main": "./dist/src/index.js",
+  "module": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "dependencies": {
+    "@rig/contracts": "npm:@h-rig/contracts@0.0.6-alpha.156",
+    "@rig/run-worker": "npm:@h-rig/run-worker@0.0.6-alpha.156",
+    "@rig/core": "npm:@h-rig/core@0.0.6-alpha.156",
+    "@rig/github-provider-plugin": "npm:@h-rig/github-provider-plugin@0.0.6-alpha.156",
+    "@rig/runtime": "npm:@h-rig/runtime@0.0.6-alpha.156"
+  }
+}