npm - @h-rig/runtime - Versions diffs - 0.0.6-alpha.11 → 0.0.6-alpha.12 - Mend

@h-rig/runtime 0.0.6-alpha.11 → 0.0.6-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/bin/rig-agent-dispatch.js +5 -313
package/dist/bin/rig-agent.js +3 -2
package/dist/src/control-plane/agent-wrapper.js +10 -15
package/dist/src/control-plane/harness-main.js +923 -156
package/dist/src/control-plane/hooks/completion-verification.js +1191 -284
package/dist/src/control-plane/native/git-ops.js +31 -43
package/dist/src/control-plane/native/harness-cli.js +923 -156
package/dist/src/control-plane/native/pr-automation.js +1010 -38
package/dist/src/control-plane/native/pr-review-gate.js +907 -0
package/dist/src/control-plane/native/task-ops.js +918 -154
package/dist/src/control-plane/native/verifier.js +920 -153
package/native/darwin-arm64/rig-git +0 -0
package/native/darwin-arm64/rig-git.build-manifest.json +1 -1
package/native/darwin-arm64/rig-shell +0 -0
package/native/darwin-arm64/rig-shell.build-manifest.json +1 -1
package/native/darwin-arm64/rig-tools +0 -0
package/native/darwin-arm64/rig-tools.build-manifest.json +1 -1
package/native/darwin-arm64/runtime-native.dylib +0 -0
package/package.json +6 -6

package/dist/src/control-plane/native/pr-automation.js CHANGED Viewed

@@ -1,4 +1,896 @@
 // @bun
+// packages/runtime/src/control-plane/native/pr-review-gate.ts
+import { mkdirSync, writeFileSync } from "fs";
+import { resolve } from "path";
+function parseJsonObject(value) {
+  if (!value?.trim())
+    return { value: {}, error: "empty JSON output" };
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? { value: parsed } : { value: {}, error: "JSON output was not an object" };
+  } catch (error) {
+    return { value: {}, error: error instanceof Error ? error.message : String(error) };
+  }
+}
+function flattenPaginatedArray(value) {
+  if (!Array.isArray(value))
+    return null;
+  if (value.every((entry) => Array.isArray(entry))) {
+    return value.flatMap((entry) => entry);
+  }
+  return value;
+}
+function parseJsonArray(value) {
+  if (!value?.trim())
+    return { value: [], error: "empty JSON output" };
+  try {
+    const parsed = JSON.parse(value);
+    const flattened = flattenPaginatedArray(parsed);
+    return flattened ? { value: flattened } : { value: [], error: "JSON output was not an array" };
+  } catch (error) {
+    return { value: [], error: error instanceof Error ? error.message : String(error) };
+  }
+}
+function parseGithubPrUrl(prUrl) {
+  const match = /^https?:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)\/?$/i.exec(prUrl.trim());
+  if (!match)
+    return null;
+  const prNumber = Number.parseInt(match[3], 10);
+  if (!Number.isFinite(prNumber))
+    return null;
+  return { owner: match[1], repo: match[2], repoName: `${match[1]}/${match[2]}`, prNumber };
+}
+function checkName(check) {
+  return String(check.name ?? check.context ?? "").trim();
+}
+function checkState(check) {
+  return String(check.conclusion ?? check.state ?? check.status ?? "").trim().toLowerCase();
+}
+function isGreptileLabel(value) {
+  return String(value ?? "").toLowerCase().includes("greptile");
+}
+function isGreptileGithubLogin(value) {
+  const login = String(value ?? "").toLowerCase().replace(/\[bot\]$/, "");
+  return login === "greptile" || login === "greptile-ai" || login === "greptileai" || login === "greptile-apps";
+}
+function isPassingCheck(check) {
+  const state = checkState(check);
+  return ["success", "successful", "passed", "neutral", "skipped", "completed"].includes(state);
+}
+function isPendingCheck(check) {
+  const state = checkState(check);
+  return ["pending", "queued", "in_progress", "waiting", "requested", "expected", "action_required"].includes(state);
+}
+function isFailingCheck(check) {
+  const state = checkState(check);
+  return ["failure", "failed", "timed_out", "action_required", "cancelled", "canceled", "error"].includes(state);
+}
+function wildcardToRegExp(pattern) {
+  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+  return new RegExp(`^${escaped}$`, "i");
+}
+function isAllowedFailure(name, allowedFailures) {
+  return allowedFailures.some((pattern) => wildcardToRegExp(pattern).test(name));
+}
+function greptileScorePatterns() {
+  return [
+    /\b(?:confidence\s+score|confidence|rating|score)\s*:?\s*(\d+)\s*\/\s*(\d+)/gi,
+    /\b(\d+)\s*\/\s*(\d+)\s*(?:confidence|rating|score)/gi,
+    /\bgreptile[^\n]{0,80}?(\d+)\s*\/\s*(\d+)/gi
+  ];
+}
+function parseGreptileScores(input) {
+  const text = stripHtml(input);
+  const seen = new Set;
+  const scores = [];
+  for (const pattern of greptileScorePatterns()) {
+    for (const match of text.matchAll(pattern)) {
+      const value = Number.parseInt(match[1] || "", 10);
+      const scale = Number.parseInt(match[2] || "", 10);
+      if (!Number.isFinite(value) || !Number.isFinite(scale) || scale <= 0)
+        continue;
+      const raw = match[0] || `${value}/${scale}`;
+      const key = `${match.index ?? -1}:${value}/${scale}:${raw.toLowerCase()}`;
+      if (seen.has(key))
+        continue;
+      seen.add(key);
+      scores.push({ value, scale, raw });
+    }
+  }
+  return scores;
+}
+function stripHtml(input) {
+  return input.replace(/<[^>]+>/g, " ").replace(/&nbsp;/g, " ").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/\r/g, "").replace(/\n{3,}/g, `
+`).trim();
+}
+function containsBlockerText(input) {
+  const text = stripHtml(input).replace(/\b(?:no|without|zero)\s+blockers?\b/gi, " ").replace(/\bno\s+changes\s+requested\b/gi, " ");
+  return /not safe(?: to merge)?|unsafe(?: to merge)?|do not merge|cannot merge|blockers?|must fix|changes requested|please fix|needs? fix|fix this|address this/i.test(text);
+}
+function containsGreptileNegativeVerdict(input) {
+  const text = stripHtml(input).replace(/\s+/g, " ").trim();
+  if (!text)
+    return false;
+  return /\b(?:status|verdict|review state|state|conclusion|result)\s*:?\s*(?:reject(?:ed|ion)?|skip(?:ped)?|fail(?:ed|ure)?|changes[_ ]requested|not approved)\b/i.test(text) || /\bgreptile\b.{0,160}\b(?:reject(?:ed|s|ion)?|skip(?:ped|s)?|fail(?:ed|s|ure)?|changes requested|did not approve|not approved)\b/i.test(text);
+}
+function isStrictFiveOfFive(score) {
+  return score.value === 5 && score.scale === 5;
+}
+function containsConflictingScoreText(input) {
+  return parseGreptileScores(input).some((score) => !isStrictFiveOfFive(score));
+}
+function firstString(record, keys) {
+  for (const key of keys) {
+    const value = record[key];
+    if (typeof value === "string")
+      return value;
+  }
+  return "";
+}
+function arrayField(record, key) {
+  const value = record[key];
+  return Array.isArray(value) ? value : [];
+}
+async function runJsonArray(command, args, cwd) {
+  const result = await command(args, { cwd });
+  const label = `gh ${args.join(" ")}`;
+  if (result.exitCode !== 0) {
+    return { value: [], error: `${label} failed (${result.exitCode}): ${result.stderr ?? result.stdout ?? ""}`.trim() };
+  }
+  const parsed = parseJsonArray(result.stdout);
+  return parsed.error ? { value: parsed.value, error: `${label} returned invalid JSON: ${parsed.error}` } : { value: parsed.value };
+}
+async function runJsonObject(command, args, cwd) {
+  const result = await command(args, { cwd });
+  const label = `gh ${args.join(" ")}`;
+  if (result.exitCode !== 0) {
+    return { value: {}, error: `${label} failed (${result.exitCode}): ${result.stderr ?? result.stdout ?? ""}`.trim() };
+  }
+  const parsed = parseJsonObject(result.stdout);
+  return parsed.error ? { value: parsed.value, error: `${label} returned invalid JSON: ${parsed.error}` } : { value: parsed.value };
+}
+function normalizeStatusCheck(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry))
+    return null;
+  const record = entry;
+  const name = firstString(record, ["name", "context"]);
+  if (!name.trim())
+    return null;
+  const output = record.output && typeof record.output === "object" && !Array.isArray(record.output) ? record.output : null;
+  const app = record.app && typeof record.app === "object" && !Array.isArray(record.app) ? record.app : null;
+  return {
+    __typename: typeof record.__typename === "string" ? record.__typename : null,
+    name,
+    context: typeof record.context === "string" ? record.context : null,
+    status: typeof record.status === "string" ? record.status : null,
+    state: typeof record.state === "string" ? record.state : null,
+    conclusion: typeof record.conclusion === "string" ? record.conclusion : null,
+    detailsUrl: typeof record.detailsUrl === "string" ? record.detailsUrl : typeof record.details_url === "string" ? record.details_url : typeof record.html_url === "string" ? record.html_url : typeof record.link === "string" ? record.link : null,
+    link: typeof record.link === "string" ? record.link : typeof record.html_url === "string" ? record.html_url : null,
+    headSha: typeof record.headSha === "string" ? record.headSha : null,
+    head_sha: typeof record.head_sha === "string" ? record.head_sha : null,
+    output: output ? {
+      title: typeof output.title === "string" ? output.title : null,
+      summary: typeof output.summary === "string" ? output.summary : null,
+      text: typeof output.text === "string" ? output.text : null
+    } : null,
+    app: app ? {
+      slug: typeof app.slug === "string" ? app.slug : null,
+      name: typeof app.name === "string" ? app.name : null,
+      owner: app.owner && typeof app.owner === "object" ? app.owner : null
+    } : null
+  };
+}
+function normalizeReview(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry))
+    return null;
+  const record = entry;
+  return {
+    id: typeof record.id === "string" ? record.id : typeof record.id === "number" ? String(record.id) : null,
+    state: typeof record.state === "string" ? record.state : null,
+    body: typeof record.body === "string" ? record.body : null,
+    commit_id: typeof record.commit_id === "string" ? record.commit_id : typeof record.commitId === "string" ? record.commitId : record.commit && typeof record.commit === "object" && typeof record.commit.oid === "string" ? record.commit.oid : null,
+    html_url: typeof record.html_url === "string" ? record.html_url : typeof record.url === "string" ? record.url : null,
+    author: record.author && typeof record.author === "object" ? record.author : record.user && typeof record.user === "object" ? record.user : null
+  };
+}
+function normalizeReviewComment(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry))
+    return null;
+  const record = entry;
+  const body = typeof record.body === "string" ? record.body : null;
+  const path = typeof record.path === "string" ? record.path : null;
+  if (!body && !path)
+    return null;
+  return {
+    id: typeof record.id === "string" || typeof record.id === "number" ? record.id : null,
+    user: record.user && typeof record.user === "object" ? record.user : null,
+    author: record.author && typeof record.author === "object" ? record.author : null,
+    body,
+    path,
+    html_url: typeof record.html_url === "string" ? record.html_url : null,
+    url: typeof record.url === "string" ? record.url : null,
+    commit_id: typeof record.commit_id === "string" ? record.commit_id : null,
+    original_commit_id: typeof record.original_commit_id === "string" ? record.original_commit_id : null
+  };
+}
+function normalizeIssueComment(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry))
+    return null;
+  const record = entry;
+  const body = typeof record.body === "string" ? record.body : null;
+  if (!body)
+    return null;
+  return {
+    id: typeof record.id === "string" || typeof record.id === "number" ? record.id : null,
+    user: record.user && typeof record.user === "object" ? record.user : null,
+    author: record.author && typeof record.author === "object" ? record.author : null,
+    body,
+    html_url: typeof record.html_url === "string" ? record.html_url : null,
+    url: typeof record.url === "string" ? record.url : null,
+    created_at: typeof record.created_at === "string" ? record.created_at : null
+  };
+}
+function normalizeReviewThread(entry) {
+  if (!entry || typeof entry !== "object" || Array.isArray(entry))
+    return null;
+  const record = entry;
+  return {
+    id: typeof record.id === "string" ? record.id : null,
+    isResolved: typeof record.isResolved === "boolean" ? record.isResolved : null,
+    isOutdated: typeof record.isOutdated === "boolean" ? record.isOutdated : null,
+    comments: record.comments && typeof record.comments === "object" ? record.comments : null
+  };
+}
+function relevantIssueComment(comment) {
+  const login = comment.user?.login ?? comment.author?.login ?? "";
+  const body = comment.body ?? "";
+  return isGreptileGithubLogin(login) || /greptile|blocker|unsafe|not safe|do not merge|must fix|please fix|changes requested|score|confidence|\b\d+\s*\/\s*5\b/i.test(body);
+}
+function latestThreadComment(thread) {
+  const nodes = thread.comments?.nodes ?? [];
+  return nodes.length > 0 ? nodes[nodes.length - 1] : null;
+}
+function unresolvedThreadSummaries(threads) {
+  return threads.flatMap((thread) => {
+    if (thread.isResolved === true || thread.isOutdated === true)
+      return [];
+    const latest = latestThreadComment(thread);
+    if (!latest)
+      return ["Unresolved review thread"];
+    const path = latest.path ? ` on ${latest.path}` : "";
+    return [`Unresolved review thread${path}: ${(latest.body ?? "").trim() || "(empty comment)"}`];
+  });
+}
+function collectBodies(evidence) {
+  return [
+    evidence.title ?? "",
+    evidence.body,
+    ...evidence.reviews.map((review) => review.body ?? ""),
+    ...evidence.changedFileReviewComments.map((comment) => comment.body ?? ""),
+    ...evidence.relevantIssueComments.map((comment) => comment.body ?? ""),
+    ...evidence.reviewThreads.flatMap((thread) => thread.comments?.nodes?.map((comment) => comment.body ?? "") ?? []),
+    ...(evidence.apiSignals ?? []).map((signal) => signal.body ?? "")
+  ].filter((body) => body.trim().length > 0);
+}
+function bodyExcerpt(body) {
+  const text = stripHtml(body).replace(/\s+/g, " ").trim();
+  return text.length > 240 ? `${text.slice(0, 237)}...` : text;
+}
+function makeGreptileSignal(input) {
+  const scores = parseGreptileScores(input.body);
+  const reviewedSha = input.reviewedSha?.trim() || null;
+  const current = reviewedSha ? reviewedSha === input.currentHeadSha : null;
+  const blocker = input.blocker ?? (containsBlockerText(input.body) || containsGreptileNegativeVerdict(input.body));
+  const explicitApproval = input.explicitApproval ?? false;
+  return {
+    source: input.source,
+    trusted: input.trusted,
+    authorLogin: input.authorLogin ?? null,
+    reviewedSha,
+    current,
+    stale: current === false,
+    score: scores[0] ?? null,
+    scores,
+    explicitApproval,
+    blocker,
+    actionable: input.actionable ?? blocker,
+    bodyExcerpt: bodyExcerpt(input.body),
+    body: input.body,
+    allScores: scores
+  };
+}
+function reviewAuthorLogin(review) {
+  return review.author?.login ?? null;
+}
+function commentAuthorLogin(comment) {
+  return comment.user?.login ?? comment.author?.login ?? null;
+}
+function collectGreptileSignals(evidence) {
+  const signals = [];
+  const contextSources = [
+    { source: "pr-title", body: evidence.title ?? "" },
+    { source: "pr-body", body: evidence.body }
+  ];
+  for (const context of contextSources) {
+    if (!context.body.trim())
+      continue;
+    if (!/greptile|score|confidence|\b\d+\s*\/\s*5\b|blocker|unsafe|not safe|do not merge|changes requested/i.test(context.body))
+      continue;
+    const contextBlocker = containsBlockerText(context.body);
+    signals.push(makeGreptileSignal({
+      source: context.source,
+      body: context.body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: false,
+      blocker: contextBlocker,
+      actionable: contextBlocker
+    }));
+  }
+  for (const apiSignal of evidence.apiSignals ?? []) {
+    const body = [apiSignal.status ? `Status: ${apiSignal.status}` : "", apiSignal.body ?? ""].filter(Boolean).join(`
+`);
+    if (!body.trim())
+      continue;
+    signals.push(makeGreptileSignal({
+      source: "api",
+      body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: true,
+      reviewedSha: apiSignal.reviewedSha ?? null,
+      explicitApproval: false
+    }));
+  }
+  for (const review of evidence.reviews) {
+    const login = reviewAuthorLogin(review);
+    if (!isGreptileGithubLogin(login))
+      continue;
+    const state = String(review.state ?? "").toUpperCase();
+    const body = [state ? `Review state: ${state}` : "", review.body ?? ""].filter(Boolean).join(`
+`);
+    if (!body.trim())
+      continue;
+    const dismissed = state === "DISMISSED";
+    signals.push(makeGreptileSignal({
+      source: "github-review",
+      body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: !dismissed,
+      authorLogin: login,
+      reviewedSha: review.commit_id ?? null,
+      explicitApproval: undefined,
+      blocker: state === "CHANGES_REQUESTED" || undefined
+    }));
+  }
+  for (const comment of evidence.changedFileReviewComments) {
+    const login = commentAuthorLogin(comment);
+    const body = comment.body ?? "";
+    if (!body.trim() || !isGreptileGithubLogin(login))
+      continue;
+    signals.push(makeGreptileSignal({
+      source: "changed-file-comment",
+      body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: true,
+      authorLogin: login,
+      reviewedSha: comment.commit_id ?? comment.original_commit_id ?? null
+    }));
+  }
+  for (const comment of evidence.relevantIssueComments) {
+    const login = commentAuthorLogin(comment);
+    const body = comment.body ?? "";
+    if (!body.trim() || !isGreptileGithubLogin(login))
+      continue;
+    signals.push(makeGreptileSignal({
+      source: "issue-comment",
+      body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: true,
+      authorLogin: login
+    }));
+  }
+  for (const thread of evidence.reviewThreads) {
+    if (thread.isOutdated === true || thread.isResolved === true)
+      continue;
+    for (const comment of thread.comments?.nodes ?? []) {
+      const login = comment.author?.login ?? null;
+      const body = comment.body ?? "";
+      if (!body.trim() || !isGreptileGithubLogin(login))
+        continue;
+      signals.push(makeGreptileSignal({
+        source: "review-thread",
+        body,
+        currentHeadSha: evidence.currentHeadSha,
+        trusted: true,
+        authorLogin: login
+      }));
+    }
+  }
+  for (const check of evidence.checks) {
+    if (!isGreptileLabel(checkName(check)))
+      continue;
+    const reviewedSha = check.headSha ?? check.head_sha ?? null;
+    const label = `${checkName(check)} (${checkState(check) || "unknown"})`;
+    const body = [label, check.output?.title ?? "", check.output?.summary ?? "", check.output?.text ?? ""].filter((entry) => entry.trim().length > 0).join(`
+`);
+    signals.push(makeGreptileSignal({
+      source: "github-check",
+      body,
+      currentHeadSha: evidence.currentHeadSha,
+      trusted: false,
+      reviewedSha,
+      explicitApproval: false,
+      blocker: isFailingCheck(check),
+      actionable: isFailingCheck(check)
+    }));
+  }
+  return signals;
+}
+function unresolvedGreptileThreadSummaries(threads) {
+  return threads.flatMap((thread) => {
+    if (thread.isResolved === true || thread.isOutdated === true)
+      return [];
+    const comments = thread.comments?.nodes ?? [];
+    if (!comments.some((comment) => isGreptileGithubLogin(comment.author?.login)))
+      return [];
+    const latest = latestThreadComment(thread);
+    if (!latest)
+      return ["Unresolved Greptile review thread"];
+    const path = latest.path ? ` on ${latest.path}` : "";
+    return [`Unresolved Greptile review thread${path}: ${(latest.body ?? "").trim() || "(empty comment)"}`];
+  });
+}
+function issueLevelBlockerSummaries(comments) {
+  return comments.flatMap((comment) => {
+    const body = comment.body?.trim() ?? "";
+    if (!body || !containsBlockerText(body) && !containsConflictingScoreText(body))
+      return [];
+    const login = commentAuthorLogin(comment) ?? "unknown";
+    const author = isGreptileGithubLogin(login) ? `Greptile issue comment by ${login}` : `Issue-level PR comment by ${login}`;
+    return [`${author}: ${body}`];
+  });
+}
+function reviewBodyBlockerSummaries(reviews) {
+  return reviews.flatMap((review) => {
+    const login = reviewAuthorLogin(review) ?? "unknown";
+    if (isGreptileGithubLogin(login))
+      return [];
+    const body = review.body?.trim() ?? "";
+    if (!body || !containsBlockerText(body) && !containsConflictingScoreText(body))
+      return [];
+    const state = review.state ? ` (${review.state})` : "";
+    return [`PR review summary by ${login}${state}: ${body}`];
+  });
+}
+function signalLabel(signal) {
+  const source = signal.source.replace(/-/g, " ");
+  const author = signal.authorLogin ? ` by ${signal.authorLogin}` : "";
+  const sha = signal.reviewedSha ? ` at ${signal.reviewedSha}` : "";
+  return `${source}${author}${sha}`;
+}
+function deriveGreptileEvidence(input) {
+  const rawBodies = collectBodies(input);
+  const signals = collectGreptileSignals(input);
+  const trustedSignals = signals.filter((signal) => signal.trusted);
+  const trustedScoreEntries = trustedSignals.flatMap((signal) => signal.allScores.map((score2) => ({ score: score2, signal })));
+  const contextScoreEntries = signals.filter((signal) => !signal.trusted).flatMap((signal) => signal.allScores.map((score2) => ({ score: score2, signal })));
+  const allScoreEntries = [...trustedScoreEntries, ...contextScoreEntries];
+  const staleSignals = signals.filter((signal) => !!signal.reviewedSha && signal.reviewedSha !== input.currentHeadSha && (signal.trusted || signal.source === "github-check"));
+  const isCurrentOrUntied = (signal) => !signal.reviewedSha || signal.reviewedSha === input.currentHeadSha;
+  const currentOrUntiedScoreEntries = allScoreEntries.filter((entry) => isCurrentOrUntied(entry.signal));
+  const lowScoreEntries = currentOrUntiedScoreEntries.filter((entry) => !isStrictFiveOfFive(entry.score));
+  const approvingScoreEntry = trustedScoreEntries.find((entry) => entry.signal.reviewedSha === input.currentHeadSha && entry.signal.source !== "github-check" && isStrictFiveOfFive(entry.score)) ?? null;
+  const approvedByScore = !!approvingScoreEntry;
+  const approvedByExplicitMapping = false;
+  const approvingSignal = approvingScoreEntry?.signal ?? null;
+  const lowestScore = lowScoreEntries.map((entry) => entry.score).sort((left, right) => left.value - right.value)[0] ?? null;
+  const score = lowestScore ?? approvingScoreEntry?.score ?? trustedScoreEntries[0]?.score ?? contextScoreEntries[0]?.score ?? null;
+  const failedGreptileChecks = input.checks.filter((check) => isGreptileLabel(checkName(check)) && isFailingCheck(check)).map((check) => `${checkName(check)} (${checkState(check) || "failed"})`);
+  const blockerSignals = signals.filter((signal) => signal.source !== "changed-file-comment" && (signal.blocker || signal.actionable) && (!signal.reviewedSha || signal.reviewedSha === input.currentHeadSha));
+  const staleBlockingSignals = [];
+  const blockers = [
+    ...blockerSignals.map((signal) => `${signalLabel(signal)}: ${signal.bodyExcerpt || "blocker text"}`),
+    ...reviewBodyBlockerSummaries(input.reviews),
+    ...issueLevelBlockerSummaries(input.relevantIssueComments),
+    ...lowScoreEntries.map((entry) => `Greptile score from ${signalLabel(entry.signal)} is ${entry.score.value}/${entry.score.scale}; strict merge requires trusted current-head 5/5.`),
+    ...staleBlockingSignals.map((signal) => `Greptile blocking signal from ${signalLabel(signal)} is stale; current PR head is ${input.currentHeadSha || "unknown"}.`),
+    ...failedGreptileChecks.map((entry) => `Greptile check failed: ${entry}`)
+  ];
+  const unresolvedComments = [
+    ...unresolvedGreptileThreadSummaries(input.reviewThreads)
+  ];
+  const greptileChecks = input.checks.filter((check) => isGreptileLabel(checkName(check)));
+  const greptileReviews = input.reviews.filter((review) => isGreptileGithubLogin(review.author?.login));
+  const completedGreptileCheck = greptileChecks.some((check) => {
+    const reviewedSha2 = check.headSha ?? check.head_sha ?? null;
+    return reviewedSha2 === input.currentHeadSha && (isPassingCheck(check) || isFailingCheck(check));
+  });
+  const completedGreptileReview = greptileReviews.some((review) => {
+    const state = String(review.state ?? "").toUpperCase();
+    const completedState = ["APPROVED", "COMMENTED", "CHANGES_REQUESTED"].includes(state) || !!review.body?.trim();
+    return completedState && review.commit_id === input.currentHeadSha;
+  });
+  const approvalReviewedSha = approvingSignal?.reviewedSha ?? null;
+  const reviewedSha = approvalReviewedSha ?? staleSignals[0]?.reviewedSha ?? trustedSignals.map((signal) => signal.reviewedSha ?? null).find(Boolean) ?? null;
+  const fresh = !!approvalReviewedSha && approvalReviewedSha === input.currentHeadSha;
+  const completed = completedGreptileCheck || completedGreptileReview || !!approvingSignal || trustedSignals.some((signal) => signal.source === "api" && signal.reviewedSha === input.currentHeadSha);
+  const hasGreptileEvidence = trustedSignals.length > 0 || signals.some((signal) => /greptile/i.test(signal.body));
+  const approved = fresh && completed && !blockers.length && !unresolvedComments.length && (approvedByScore || approvedByExplicitMapping);
+  const mapping = !hasGreptileEvidence ? "missing" : staleSignals.length > 0 && !approvingSignal ? "stale" : approvedByScore ? "score-5-of-5" : "unproven";
+  const source = approvingSignal?.source === "api" ? "api" : approvingSignal?.source === "github-review" ? "github-review" : approvingSignal?.source === "changed-file-comment" || approvingSignal?.source === "issue-comment" || approvingSignal?.source === "review-thread" ? "github-comment" : greptileReviews.length > 0 && greptileChecks.length > 0 ? "combined" : greptileReviews.length > 0 ? "github-review" : greptileChecks.length > 0 ? "github-check" : signals.some((signal) => signal.source === "pr-body" || signal.source === "pr-title") ? "pr-body" : "missing";
+  return {
+    source,
+    currentHeadSha: input.currentHeadSha,
+    reviewedSha,
+    fresh,
+    completed,
+    approved,
+    score,
+    explicitApproval: approvedByExplicitMapping,
+    blockers,
+    unresolvedComments,
+    rawBodies,
+    signals: signals.map(({ body: _body, allScores: _allScores, ...signal }) => signal),
+    mapping
+  };
+}
+function isGreptileCheckDetail(check) {
+  return isGreptileLabel(checkName(check)) || isGreptileGithubLogin(check.app?.slug) || isGreptileGithubLogin(check.app?.owner?.login) || isGreptileLabel(check.app?.name);
+}
+async function collectGreptileCheckDetails(input) {
+  const checkRunsRead = await runJsonArray(input.command, [
+    "api",
+    `repos/${input.repoName}/commits/${input.headSha}/check-runs`,
+    "--paginate",
+    "--slurp",
+    "--jq",
+    "map(.check_runs // []) | add // []"
+  ], input.projectRoot);
+  const checkRuns = checkRunsRead.value.map(normalizeStatusCheck).filter((entry) => !!entry).filter(isGreptileCheckDetail);
+  return checkRunsRead.error ? { value: checkRuns, error: checkRunsRead.error } : { value: checkRuns };
+}
+async function collectReviewThreads(input) {
+  const reviewThreads = [];
+  let afterCursor = null;
+  for (let page = 0;page < 100; page += 1) {
+    const afterLiteral = afterCursor ? JSON.stringify(afterCursor) : "null";
+    const threadsResponse = await runJsonObject(input.command, [
+      "api",
+      "graphql",
+      "-F",
+      `owner=${input.owner}`,
+      "-F",
+      `name=${input.name}`,
+      "-F",
+      `prNumber=${input.prNumber}`,
+      "-f",
+      `query=query($owner: String!, $name: String!, $prNumber: Int!) { repository(owner:$owner, name:$name) { pullRequest(number:$prNumber) { reviewThreads(first: 100, after: ${afterLiteral}) { nodes { id isResolved isOutdated comments(first: 100) { nodes { author { login } body path url createdAt } pageInfo { hasNextPage endCursor } } } pageInfo { hasNextPage endCursor } } } } }`
+    ], input.projectRoot);
+    if (threadsResponse.error) {
+      return { value: reviewThreads, error: threadsResponse.error };
+    }
+    const data = threadsResponse.value.data;
+    const repository = data?.repository;
+    const pullRequest = repository?.pullRequest;
+    const threads = pullRequest?.reviewThreads;
+    const nodes = threads?.nodes;
+    if (!Array.isArray(nodes)) {
+      return { value: reviewThreads, error: "GitHub reviewThreads response did not include a nodes array" };
+    }
+    const normalized = nodes.map(normalizeReviewThread).filter((entry) => !!entry);
+    reviewThreads.push(...normalized);
+    const truncatedCommentThread = normalized.find((thread) => thread.comments?.pageInfo?.hasNextPage === true);
+    if (truncatedCommentThread) {
+      return { value: reviewThreads, error: `GitHub review thread ${truncatedCommentThread.id ?? "unknown"} has more than 100 comments; nested pagination is incomplete` };
+    }
+    const pageInfo = threads?.pageInfo;
+    if (!pageInfo) {
+      if (nodes.length >= 100) {
+        return { value: reviewThreads, error: "GitHub reviewThreads pagination metadata missing after a full page" };
+      }
+      return { value: reviewThreads };
+    }
+    if (pageInfo.hasNextPage !== true) {
+      return { value: reviewThreads };
+    }
+    if (typeof pageInfo.endCursor !== "string" || !pageInfo.endCursor.trim()) {
+      return { value: reviewThreads, error: "GitHub reviewThreads pagination reported hasNextPage without endCursor" };
+    }
+    afterCursor = pageInfo.endCursor;
+  }
+  return { value: reviewThreads, error: "GitHub reviewThreads pagination exceeded 100 pages" };
+}
+async function collectPrReviewEvidence(input) {
+  const parsed = parseGithubPrUrl(input.prUrl);
+  if (!parsed) {
+    throw new Error(`Cannot parse GitHub PR URL: ${input.prUrl}`);
+  }
+  const readErrors = [];
+  const viewRead = await runJsonObject(input.command, [
+    "pr",
+    "view",
+    input.prUrl,
+    "--json",
+    "title,body,headRefOid,headRefName,baseRefName,state,isDraft,mergeable,mergeStateStatus,reviewDecision,reviews,statusCheckRollup"
+  ], input.projectRoot);
+  if (viewRead.error)
+    readErrors.push(viewRead.error);
+  const view = viewRead.value;
+  if (!Array.isArray(view.statusCheckRollup)) {
+    readErrors.push("gh pr view did not return required statusCheckRollup array");
+  }
+  if (!Array.isArray(view.reviews)) {
+    readErrors.push("gh pr view did not return required reviews array");
+  }
+  const headSha = firstString(view, ["headRefOid", "headSha", "head_sha"]);
+  const statusCheckRollup = arrayField(view, "statusCheckRollup").map(normalizeStatusCheck).filter((entry) => !!entry);
+  const reviews = arrayField(view, "reviews").map(normalizeReview).filter((entry) => !!entry);
+  const reviewCommentsRead = await runJsonArray(input.command, ["api", `repos/${parsed.repoName}/pulls/${parsed.prNumber}/comments`, "--paginate", "--slurp"], input.projectRoot);
+  if (reviewCommentsRead.error)
+    readErrors.push(reviewCommentsRead.error);
+  const reviewComments = reviewCommentsRead.value.map(normalizeReviewComment).filter((entry) => !!entry);
+  const issueCommentsRead = await runJsonArray(input.command, ["api", `repos/${parsed.repoName}/issues/${parsed.prNumber}/comments`, "--paginate", "--slurp"], input.projectRoot);
+  if (issueCommentsRead.error)
+    readErrors.push(issueCommentsRead.error);
+  const issueComments = issueCommentsRead.value.map(normalizeIssueComment).filter((entry) => !!entry).filter(relevantIssueComment);
+  const reviewThreadsRead = await collectReviewThreads({
+    command: input.command,
+    projectRoot: input.projectRoot,
+    owner: parsed.owner,
+    name: parsed.repo,
+    prNumber: parsed.prNumber
+  });
+  if (reviewThreadsRead.error)
+    readErrors.push(reviewThreadsRead.error);
+  const reviewThreads = reviewThreadsRead.value;
+  const greptileRollupChecks = statusCheckRollup.filter((check) => isGreptileLabel(checkName(check)));
+  let greptileCheckDetails = [];
+  if (headSha && greptileRollupChecks.length > 0) {
+    const checkDetailsRead = await collectGreptileCheckDetails({
+      command: input.command,
+      projectRoot: input.projectRoot,
+      repoName: parsed.repoName,
+      headSha
+    });
+    if (checkDetailsRead.error)
+      readErrors.push(checkDetailsRead.error);
+    greptileCheckDetails = checkDetailsRead.value;
+    if (!checkDetailsRead.error && greptileCheckDetails.length === 0) {
+      readErrors.push("Greptile check details could not be found for the current PR head");
+    }
+  }
+  const checksWithGreptileDetails = [...statusCheckRollup, ...greptileCheckDetails];
+  const checkFailures = statusCheckRollup.filter((check) => !isGreptileLabel(checkName(check)) && isFailingCheck(check) && !isAllowedFailure(checkName(check), input.allowedFailures ?? [])).map((check) => `Check failed: ${checkName(check)}${check.detailsUrl || check.link ? ` (${check.detailsUrl ?? check.link})` : ""}`);
+  const pendingChecks = statusCheckRollup.filter((check) => isPendingCheck(check) && (isGreptileLabel(checkName(check)) || !isAllowedFailure(checkName(check), input.allowedFailures ?? []))).map((check) => `Check pending: ${checkName(check)}`);
+  const evidenceBase = {
+    title: firstString(view, ["title"]),
+    body: firstString(view, ["body"]),
+    reviews,
+    changedFileReviewComments: reviewComments,
+    relevantIssueComments: issueComments,
+    reviewThreads,
+    checks: checksWithGreptileDetails,
+    currentHeadSha: headSha,
+    apiSignals: input.apiSignals ?? []
+  };
+  const greptile = deriveGreptileEvidence(evidenceBase);
+  return {
+    prUrl: input.prUrl,
+    prNumber: parsed.prNumber,
+    repoName: parsed.repoName,
+    title: evidenceBase.title,
+    body: evidenceBase.body,
+    headSha,
+    headRefName: firstString(view, ["headRefName"]),
+    baseRefName: firstString(view, ["baseRefName"]),
+    state: firstString(view, ["state"]),
+    isDraft: typeof view.isDraft === "boolean" ? view.isDraft : null,
+    mergeable: firstString(view, ["mergeable"]),
+    mergeStateStatus: firstString(view, ["mergeStateStatus"]),
+    reviewDecision: firstString(view, ["reviewDecision"]),
+    reviews,
+    reviewThreads,
+    changedFileReviewComments: reviewComments,
+    relevantIssueComments: issueComments,
+    statusCheckRollup: checksWithGreptileDetails,
+    checkFailures,
+    pendingChecks,
+    readErrors,
+    greptile
+  };
+}
+function evaluateEvidence(evidence) {
+  const reasons = [];
+  const warnings = [];
+  let pending = false;
+  if (evidence.readErrors.length > 0) {
+    reasons.push(...evidence.readErrors.map((error) => `Required PR evidence surface could not be read completely: ${error}`));
+  }
+  if (!evidence.headSha)
+    reasons.push("PR head SHA could not be read; current-head Greptile approval cannot be proven.");
+  if (evidence.checkFailures.length > 0)
+    reasons.push(...evidence.checkFailures);
+  if (evidence.pendingChecks.length > 0) {
+    pending = true;
+    reasons.push(...evidence.pendingChecks);
+  }
+  const reviewDecision = String(evidence.reviewDecision ?? "").toUpperCase();
+  if (reviewDecision === "CHANGES_REQUESTED" || reviewDecision === "REVIEW_REQUIRED") {
+    reasons.push(`Required review is unresolved (${evidence.reviewDecision}).`);
+  }
+  const unresolvedThreads = unresolvedThreadSummaries(evidence.reviewThreads);
+  if (unresolvedThreads.length > 0)
+    reasons.push(...unresolvedThreads);
+  const greptile = evidence.greptile;
+  if (greptile.mapping === "missing")
+    reasons.push("Missing Greptile check/review evidence for this PR.");
+  const staleSignal = greptile.signals.find((signal) => signal.reviewedSha && signal.reviewedSha !== evidence.headSha);
+  if (greptile.mapping === "stale" || greptile.reviewedSha && greptile.reviewedSha !== evidence.headSha || !greptile.approved && staleSignal) {
+    reasons.push(`Greptile evidence is stale (reviewed ${greptile.reviewedSha ?? staleSignal?.reviewedSha ?? "unknown"}, current ${evidence.headSha || "unknown"}).`);
+  }
+  if (!greptile.completed) {
+    pending = true;
+    reasons.push("Greptile check/review has not completed for the current PR head.");
+  }
+  if (!greptile.fresh)
+    reasons.push("Greptile approval is not tied to the current PR head SHA.");
+  if (greptile.score && !(greptile.score.scale === 5 && greptile.score.value === 5)) {
+    reasons.push(`Greptile score is ${greptile.score.value}/${greptile.score.scale}; strict merge requires trusted current-head 5/5.`);
+  }
+  if (!greptile.score && greptile.mapping !== "score-5-of-5") {
+    reasons.push("No parseable Greptile 5/5 score or explicit approved mapping was found from trusted current-head evidence; merge is blocked.");
+  }
+  if (greptile.mapping === "unproven") {
+    reasons.push("Greptile approval mapping is unproven; PR body/title or a green check alone cannot approve merge.");
+  }
+  if (greptile.blockers.length > 0) {
+    reasons.push(...greptile.blockers.map((entry) => `Greptile/blocker text: ${entry.trim().slice(0, 500)}`));
+  }
+  if (greptile.unresolvedComments.length > 0)
+    reasons.push(...greptile.unresolvedComments);
+  if (!greptile.approved)
+    warnings.push(`Greptile approval mapping is ${greptile.mapping}.`);
+  return { reasons: Array.from(new Set(reasons)), warnings, pending };
+}
+function evaluateStrictPrMergeGate(evidence) {
+  const evaluated = evaluateEvidence(evidence);
+  const approved = evaluated.reasons.length === 0 && evidence.greptile.approved;
+  return {
+    approved,
+    pending: evaluated.pending,
+    reasons: evaluated.reasons,
+    warnings: evaluated.warnings,
+    actionableFeedback: evaluated.reasons,
+    evidence
+  };
+}
+function promptExcerpt(value, maxChars = 4000) {
+  return value.length > maxChars ? `${value.slice(0, maxChars)}
+[truncated for prompt; see full evidence artifact]` : value;
+}
+function promptJsonExcerpt(value, maxChars = 6000) {
+  return promptExcerpt(JSON.stringify(value, null, 2), maxChars);
+}
+function buildStrictPrGateSteeringPrompt(result) {
+  const evidence = result.evidence;
+  const unresolvedReviewThreads = evidence.reviewThreads.filter((thread) => thread.isResolved !== true && thread.isOutdated !== true);
+  const lines = [
+    `Strict PR merge gate blocked ${evidence.prUrl}.`,
+    `PR title: ${evidence.title || "(empty)"}`,
+    `Current PR head SHA: ${evidence.headSha || "unknown"}`,
+    `Greptile mapping: ${evidence.greptile.mapping}`,
+    evidence.greptile.score ? `Greptile score: ${evidence.greptile.score.value}/${evidence.greptile.score.scale}` : "Greptile score: not proven",
+    "",
+    "Gate reasons:",
+    ...result.reasons.length ? result.reasons.map((reason) => `- ${reason}`) : ["- No reasons recorded"],
+    "",
+    "Required evidence read status:",
+    evidence.readErrors.length ? JSON.stringify(evidence.readErrors, null, 2) : "All required PR evidence surfaces were read completely.",
+    "",
+    "Full PR title:",
+    evidence.title || "(empty)",
+    "",
+    "PR body excerpt:",
+    evidence.body ? promptExcerpt(evidence.body) : "(empty)",
+    "",
+    "All review comments on changed files:",
+    evidence.changedFileReviewComments.length ? promptJsonExcerpt(evidence.changedFileReviewComments) : "[]",
+    "",
+    "Unresolved review threads:",
+    unresolvedReviewThreads.length ? promptJsonExcerpt(unresolvedReviewThreads) : "[]",
+    "",
+    "Relevant issue-level PR comments:",
+    evidence.relevantIssueComments.length ? promptJsonExcerpt(evidence.relevantIssueComments) : "[]",
+    "",
+    "CI/check failures and pending checks:",
+    promptJsonExcerpt({ failures: evidence.checkFailures, pending: evidence.pendingChecks, rollup: evidence.statusCheckRollup }),
+    "",
+    "Greptile evidence:",
+    promptJsonExcerpt(evidence.greptile)
+  ];
+  if (result.artifacts) {
+    lines.push("", "Full evidence artifacts:", JSON.stringify(result.artifacts, null, 2));
+  }
+  return lines.join(`
+`);
+}
+function persistPrReviewCycleArtifacts(input) {
+  const cycleName = input.final ? `${input.cycle}-final` : String(input.cycle);
+  const taskArtifactRoot = input.artifactRoot?.trim() ? input.artifactRoot : resolve(input.projectRoot, "artifacts", input.taskId);
+  const root = resolve(taskArtifactRoot, "pr-review-cycles", cycleName);
+  mkdirSync(root, { recursive: true });
+  const finalMergeGateResultPath = input.final ? resolve(taskArtifactRoot, "merge-gate-final.json") : undefined;
+  const paths = {
+    root,
+    prTitlePath: resolve(root, "pr-title.md"),
+    prBodyPath: resolve(root, "pr-body.md"),
+    prCommentsPath: resolve(root, "pr-comments.json"),
+    reviewThreadsPath: resolve(root, "review-threads.json"),
+    reviewCommentsPath: resolve(root, "review-comments.json"),
+    checkRollupPath: resolve(root, "check-rollup.json"),
+    greptileEvidencePath: resolve(root, "greptile-evidence.json"),
+    mergeGateResultPath: resolve(root, "merge-gate-result.json"),
+    steeringPromptPath: resolve(root, "agent-steering-prompt.md"),
+    ...finalMergeGateResultPath ? { finalMergeGateResultPath } : {}
+  };
+  writeFileSync(paths.prTitlePath, input.result.evidence.title || "", "utf8");
+  writeFileSync(paths.prBodyPath, input.result.evidence.body || "", "utf8");
+  writeFileSync(paths.prCommentsPath, `${JSON.stringify(input.result.evidence.relevantIssueComments, null, 2)}
+`, "utf8");
+  writeFileSync(paths.reviewThreadsPath, `${JSON.stringify(input.result.evidence.reviewThreads, null, 2)}
+`, "utf8");
+  writeFileSync(paths.reviewCommentsPath, `${JSON.stringify(input.result.evidence.changedFileReviewComments, null, 2)}
+`, "utf8");
+  writeFileSync(paths.checkRollupPath, `${JSON.stringify(input.result.evidence.statusCheckRollup, null, 2)}
+`, "utf8");
+  writeFileSync(paths.greptileEvidencePath, `${JSON.stringify(input.result.evidence.greptile, null, 2)}
+`, "utf8");
+  const mergeGatePayload = {
+    approved: input.result.approved,
+    pending: input.result.pending,
+    reasons: input.result.reasons,
+    warnings: input.result.warnings,
+    actionableFeedback: input.result.actionableFeedback,
+    prUrl: input.result.evidence.prUrl,
+    title: input.result.evidence.title,
+    headSha: input.result.evidence.headSha,
+    readErrors: input.result.evidence.readErrors,
+    greptile: input.result.evidence.greptile,
+    evidence: input.result.evidence,
+    cycleArtifactRoot: root
+  };
+  writeFileSync(paths.mergeGateResultPath, `${JSON.stringify(mergeGatePayload, null, 2)}
+`, "utf8");
+  if (paths.finalMergeGateResultPath) {
+    writeFileSync(paths.finalMergeGateResultPath, `${JSON.stringify(mergeGatePayload, null, 2)}
+`, "utf8");
+  }
+  writeFileSync(paths.steeringPromptPath, input.steeringPrompt, "utf8");
+  return paths;
+}
+async function runStrictPrMergeGate(input) {
+  const evidence = await collectPrReviewEvidence(input);
+  const base = evaluateStrictPrMergeGate(evidence);
+  const preliminaryPrompt = buildStrictPrGateSteeringPrompt({ ...base, artifacts: undefined });
+  const artifacts = persistPrReviewCycleArtifacts({
+    projectRoot: input.projectRoot,
+    taskId: input.taskId,
+    cycle: input.cycle,
+    artifactRoot: input.artifactRoot,
+    result: base,
+    steeringPrompt: preliminaryPrompt,
+    final: input.final
+  });
+  const steeringPrompt = buildStrictPrGateSteeringPrompt({ ...base, artifacts });
+  writeFileSync(artifacts.steeringPromptPath, steeringPrompt, "utf8");
+  return { ...base, artifacts, steeringPrompt };
+}
 // packages/runtime/src/control-plane/native/pr-automation.ts
 var UPLOADED_SNAPSHOT_PR_MARKER = "<!-- rig:uploaded-snapshot -->";
 function positiveInt(value, fallback) {
@@ -6,7 +898,7 @@ function positiveInt(value, fallback) {
 }
 function resolvePrAutomationLimits(config) {
   return {
-    maxPrFixIterations: positiveInt(config?.automation?.maxPrFixIterations, 30)
+    maxPrFixIterations: positiveInt(config?.automation?.maxPrFixIterations, 100500)
   };
 }
 function buildPrAutomationBody(input) {
@@ -24,24 +916,24 @@ function buildPrAutomationBody(input) {
   return lines.join(`
 `);
 }
-function wildcardToRegExp(pattern) {
+function wildcardToRegExp2(pattern) {
   const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
   return new RegExp(`^${escaped}$`, "i");
 }
-function isAllowedFailure(name, allowedFailures) {
-  return allowedFailures.some((pattern) => wildcardToRegExp(pattern).test(name));
+function isAllowedFailure2(name, allowedFailures) {
+  return allowedFailures.some((pattern) => wildcardToRegExp2(pattern).test(name));
 }
-function isPendingCheck(check) {
+function isPendingCheck2(check) {
   const conclusion = String(check.conclusion ?? "").toLowerCase();
   const state = String(check.state ?? check.status ?? "").toLowerCase();
   return ["pending", "queued", "in_progress", "waiting", "requested", "expected", "action_required"].includes(conclusion) || ["pending", "queued", "in_progress", "waiting", "requested", "expected"].includes(state);
 }
-function isPassingCheck(check) {
+function isPassingCheck2(check) {
   const conclusion = String(check.conclusion ?? "").toLowerCase();
   const state = String(check.state ?? check.status ?? "").toLowerCase();
   return ["success", "successful", "passed", "neutral", "skipped"].includes(conclusion) || ["success", "successful", "passed", "completed"].includes(state);
 }
-function isFailingCheck(check) {
+function isFailingCheck2(check) {
   const conclusion = String(check.conclusion ?? "").toLowerCase();
   const state = String(check.state ?? check.status ?? "").toLowerCase();
   return ["failure", "failed", "timed_out", "action_required", "cancelled", "error"].includes(conclusion) || ["failure", "failed", "timed_out", "action_required", "cancelled", "error"].includes(state);
@@ -51,9 +943,9 @@ function collectPendingPrChecks(input) {
   const pending = [];
   for (const check of input.checks ?? []) {
     const name = check.name.trim();
-    if (!name || isAllowedFailure(name, allowedFailures))
+    if (!name || isAllowedFailure2(name, allowedFailures))
       continue;
-    if (isPendingCheck(check) && !isPassingCheck(check))
+    if (isPendingCheck2(check) && !isPassingCheck2(check))
       pending.push(name);
   }
   return pending;
@@ -63,7 +955,7 @@ function collectActionablePrFeedback(input) {
   const feedback = [];
   for (const check of input.checks ?? []) {
     const name = check.name.trim();
-    if (!name || !isFailingCheck(check) || isAllowedFailure(name, allowedFailures))
+    if (!name || !isFailingCheck2(check) || isAllowedFailure2(name, allowedFailures))
       continue;
     feedback.push(`Check failed: ${name}${check.detailsUrl ? ` (${check.detailsUrl})` : ""}`);
   }
@@ -77,7 +969,7 @@ function collectActionablePrFeedback(input) {
   }
   return feedback;
 }
-function parseJsonArray(value) {
+function parseJsonArray2(value) {
   if (!value?.trim())
     return [];
   try {
@@ -88,7 +980,7 @@ function parseJsonArray(value) {
   }
 }
 function parsePrChecks(value) {
-  return parseJsonArray(value).flatMap((entry) => {
+  return parseJsonArray2(value).flatMap((entry) => {
     if (!entry || typeof entry !== "object")
       return [];
     const record = entry;
@@ -335,6 +1227,10 @@ async function runRepoDefaultMerge(input) {
   const merge = input.config?.merge ?? {};
   if (merge.mode === "off")
     return;
+  const matchHeadSha = input.matchHeadSha?.trim();
+  if (!matchHeadSha) {
+    throw new Error(`Refusing to merge ${input.prUrl}: strict merge gate did not provide a current head SHA.`);
+  }
   const method = merge.method ?? "repo-default";
   const args = ["pr", "merge", input.prUrl];
   if (method === "repo-default") {
@@ -342,6 +1238,7 @@ async function runRepoDefaultMerge(input) {
   } else {
     args.push(`--${method}`);
   }
+  args.push("--match-head-commit", matchHeadSha);
   if (merge.deleteBranch === true) {
     args.push("--delete-branch");
   }
@@ -350,6 +1247,23 @@ async function runRepoDefaultMerge(input) {
   }
   await runChecked(input.command, args, input.cwd);
 }
+function shouldAttemptRigMerge(config) {
+  const mode = config?.merge?.mode;
+  return mode !== "off" && mode !== "pr-ready";
+}
+function isPendingOnlyGate(result) {
+  if (!result.pending)
+    return false;
+  const evidence = result.evidence;
+  if (evidence.readErrors.length > 0 || evidence.checkFailures.length > 0)
+    return false;
+  if (evidence.greptile.blockers.length > 0 || evidence.greptile.unresolvedComments.length > 0)
+    return false;
+  const conflictingScore = evidence.greptile.signals.some((signal) => (!signal.reviewedSha || signal.reviewedSha === evidence.headSha) && signal.score && !(signal.score.scale === 5 && signal.score.value === 5));
+  if (conflictingScore)
+    return false;
+  return evidence.pendingChecks.length > 0 || !evidence.greptile.completed || evidence.greptile.mapping === "missing" || evidence.greptile.mapping === "stale" || evidence.greptile.mapping === "unproven";
+}
 async function runPrAutomation(input) {
   const prConfig = input.config?.pr ?? {};
   if (prConfig.mode === "off" || prConfig.mode === "ask") {
@@ -388,45 +1302,103 @@ ${createResult.stdout ?? ""}`) : null;
   await input.lifecycle?.onPrOpened?.({ prUrl });
   const { maxPrFixIterations } = resolvePrAutomationLimits(input.config);
   let latestFeedback = [];
+  let pendingElapsedMs = 0;
+  const shouldMerge = shouldAttemptRigMerge(input.config);
   for (let iteration = 1;iteration <= maxPrFixIterations; iteration += 1) {
     await input.lifecycle?.onReviewCiStarted?.({ prUrl, iteration });
-    const checks = prConfig.watchChecks === false ? [] : await readPrChecks({ prUrl, command: input.command, cwd: input.projectRoot });
-    const reviewThreads = prConfig.autoFixReview === false ? [] : parsePrViewReviewThreads((await runChecked(input.command, ["pr", "view", prUrl, "--json", "reviewDecision,reviews"], input.projectRoot)).stdout);
-    latestFeedback = collectActionablePrFeedback({
-      checks,
-      reviewThreads,
+    if (!shouldMerge) {
+      const checks = prConfig.watchChecks === false ? [] : await readPrChecks({ prUrl, command: input.command, cwd: input.projectRoot });
+      const reviewThreads = prConfig.autoFixReview === false ? [] : parsePrViewReviewThreads((await runChecked(input.command, ["pr", "view", prUrl, "--json", "reviewDecision,reviews"], input.projectRoot)).stdout);
+      latestFeedback = collectActionablePrFeedback({
+        checks,
+        reviewThreads,
+        allowedFailures: input.config?.merge?.allowedFailures ?? []
+      });
+      const pendingChecks = collectPendingPrChecks({ checks, allowedFailures: input.config?.merge?.allowedFailures ?? [] });
+      if (latestFeedback.length === 0 && pendingChecks.length > 0) {
+        const timeoutMs = positiveInt(prConfig.pendingTimeoutMs, 600000);
+        const pollMs = positiveInt(prConfig.pendingPollMs, 15000);
+        if (iteration >= maxPrFixIterations || timeoutMs <= 0 || pendingElapsedMs >= timeoutMs) {
+          return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: pendingChecks.map((name) => `Check still pending: ${name}`), merged: false };
+        }
+        const sleepMs = Math.min(pollMs, timeoutMs - pendingElapsedMs);
+        await (input.sleep ?? Bun.sleep)(sleepMs);
+        pendingElapsedMs += sleepMs;
+        continue;
+      }
+      if (latestFeedback.length === 0) {
+        pendingElapsedMs = 0;
+        return { status: "opened", prUrl, iterations: iteration, actionableFeedback: [], merged: false };
+      }
+      pendingElapsedMs = 0;
+      if (iteration >= maxPrFixIterations || prConfig.autoFixChecks === false && prConfig.autoFixReview === false) {
+        return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: latestFeedback, merged: false };
+      }
+      await input.lifecycle?.onFeedback?.({ prUrl, iteration, feedback: latestFeedback });
+      await input.steerPi([
+        `PR automation found actionable feedback on ${prUrl}.`,
+        `Fix iteration ${iteration + 1}/${maxPrFixIterations}.`,
+        "",
+        ...latestFeedback.map((entry) => `- ${entry}`)
+      ].join(`
+`));
+      continue;
+    }
+    const gate = await runStrictPrMergeGate({
+      projectRoot: input.projectRoot,
+      prUrl,
+      taskId: input.taskId,
+      runId: input.runId,
+      cycle: iteration,
+      command: input.command,
+      artifactRoot: input.artifactRoot,
       allowedFailures: input.config?.merge?.allowedFailures ?? []
     });
-    const pendingChecks = collectPendingPrChecks({ checks, allowedFailures: input.config?.merge?.allowedFailures ?? [] });
-    if (latestFeedback.length === 0 && pendingChecks.length > 0) {
-      const timeoutMs = positiveInt(prConfig.pendingTimeoutMs, 600000);
-      const pollMs = positiveInt(prConfig.pendingPollMs, 15000);
-      if (iteration >= maxPrFixIterations || timeoutMs <= 0) {
-        return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: pendingChecks.map((name) => `Check still pending: ${name}`), merged: false };
+    latestFeedback = [...gate.actionableFeedback];
+    if (gate.approved) {
+      pendingElapsedMs = 0;
+      const finalGate = await runStrictPrMergeGate({
+        projectRoot: input.projectRoot,
+        prUrl,
+        taskId: input.taskId,
+        runId: input.runId,
+        cycle: iteration,
+        command: input.command,
+        artifactRoot: input.artifactRoot,
+        allowedFailures: input.config?.merge?.allowedFailures ?? [],
+        final: true
+      });
+      if (finalGate.approved) {
+        await input.lifecycle?.onMergeStarted?.({ prUrl });
+        await runRepoDefaultMerge({ prUrl, config: input.config, command: input.command, cwd: input.projectRoot, matchHeadSha: finalGate.evidence.headSha });
+        await input.lifecycle?.onMerged?.({ prUrl });
+        return { status: "merged", prUrl, iterations: iteration, actionableFeedback: [], merged: true };
       }
-      await (input.sleep ?? Bun.sleep)(Math.min(pollMs, timeoutMs));
+      latestFeedback = [...finalGate.actionableFeedback];
+      if (iteration >= maxPrFixIterations || prConfig.autoFixChecks === false && prConfig.autoFixReview === false) {
+        return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: latestFeedback, merged: false };
+      }
+      await input.lifecycle?.onFeedback?.({ prUrl, iteration, feedback: latestFeedback });
+      await input.steerPi(finalGate.steeringPrompt);
       continue;
     }
-    if (latestFeedback.length === 0) {
-      if (input.config?.merge?.mode === "off" || input.config?.merge?.mode === "pr-ready") {
-        return { status: "opened", prUrl, iterations: iteration, actionableFeedback: [], merged: false };
+    if (isPendingOnlyGate(gate)) {
+      const timeoutMs = positiveInt(prConfig.pendingTimeoutMs, 600000);
+      const pollMs = positiveInt(prConfig.pendingPollMs, 15000);
+      if (iteration >= maxPrFixIterations || timeoutMs <= 0 || pendingElapsedMs >= timeoutMs) {
+        return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: latestFeedback, merged: false };
       }
-      await input.lifecycle?.onMergeStarted?.({ prUrl });
-      await runRepoDefaultMerge({ prUrl, config: input.config, command: input.command, cwd: input.projectRoot });
-      await input.lifecycle?.onMerged?.({ prUrl });
-      return { status: "merged", prUrl, iterations: iteration, actionableFeedback: [], merged: true };
+      const sleepMs = Math.min(pollMs, timeoutMs - pendingElapsedMs);
+      await (input.sleep ?? Bun.sleep)(sleepMs);
+      pendingElapsedMs += sleepMs;
+      continue;
     }
+    pendingElapsedMs = 0;
     if (iteration >= maxPrFixIterations || prConfig.autoFixChecks === false && prConfig.autoFixReview === false) {
       return { status: "needs_attention", prUrl, iterations: iteration, actionableFeedback: latestFeedback, merged: false };
     }
     await input.lifecycle?.onFeedback?.({ prUrl, iteration, feedback: latestFeedback });
-    await input.steerPi([
-      `PR automation found actionable feedback on ${prUrl}.`,
-      `Fix iteration ${iteration + 1}/${maxPrFixIterations}.`,
-      "",
-      ...latestFeedback.map((entry) => `- ${entry}`)
-    ].join(`
-`));
+    await input.steerPi(gate.steeringPrompt);
   }
   return { status: "needs_attention", prUrl, iterations: maxPrFixIterations, actionableFeedback: latestFeedback, merged: false };
 }