@hyperdrive.bot/bmad-workflow 1.0.17 → 1.0.19

package/dist/services/review/review-reporter.js

@@ -0,0 +1,386 @@
+/**
+ * Review Reporter
+ *
+ * Generates review report artifacts: per-story markdown appended to story files,
+ * and session-level aggregate reports (summary + tech debt backlog + per-story
+ * review files) written to the workflow session directory.
+ *
+ * Consumed by ReviewPhaseExecutor (after each story) and the standalone
+ * `stories review` command.
+ */
+import { join } from 'node:path';
+import { Severity } from './types.js';
+/** Severity display order (most severe first) */
+const SEVERITY_ORDER = [Severity.CRITICAL, Severity.HIGH, Severity.MEDIUM, Severity.LOW];
+/** Markdown heading that marks the insertion point for per-story reports */
+const DEV_AGENT_RECORD_HEADING = '## Dev Agent Record';
+/** Heading used for the appended review section */
+const REVIEW_SECTION_HEADING = '## Code Review Results';
+/**
+ * Generates review report markdown for stories and session directories.
+ *
+ * Follows DI pattern from WorkflowSessionScaffolder: FileManager + Logger.
+ */
+export class ReviewReporter {
+    fileManager;
+    logger;
+    constructor(fileManager, logger) {
+        this.fileManager = fileManager;
+        this.logger = logger;
+    }
+    /**
+     * Append a `## Code Review Results` section to a story markdown file.
+     * Inserts before `## Dev Agent Record` if present, otherwise appends at end.
+     *
+     * Always works regardless of session mode (AC #8).
+     *
+     * @param storyFilePath - Absolute path to the story markdown file
+     * @param result - ReviewResult from the review phase
+     */
+    async appendStoryReport(storyFilePath, result) {
+        this.logger.info({ storyFilePath, verdict: result.verdict }, 'Appending review report to story');
+        let content;
+        try {
+            content = await this.fileManager.readFile(storyFilePath);
+        }
+        catch {
+            this.logger.warn({ storyFilePath }, 'Could not read story file for report append');
+            return;
+        }
+        const report = this.formatStoryReport(result);
+        // Find insertion point: before ## Dev Agent Record, or end of file
+        const devAgentIndex = content.indexOf(DEV_AGENT_RECORD_HEADING);
+        if (devAgentIndex >= 0) {
+            const before = content.slice(0, devAgentIndex);
+            const after = content.slice(devAgentIndex);
+            content = before + report + '\n' + after;
+        }
+        else {
+            const separator = content.endsWith('\n') ? '\n' : '\n\n';
+            content = content + separator + report;
+        }
+        await this.fileManager.writeFile(storyFilePath, content);
+        this.logger.info({ storyFilePath }, 'Review report appended to story');
+    }
+    /**
+     * Write all session-level review artifacts to the session directory.
+     * Creates `review/` subdirectory containing per-story files, summary, and tech debt backlog.
+     *
+     * When sessionDir is undefined/null, silently returns (AC #8 — standalone mode guard).
+     *
+     * @param sessionDir - Absolute path to the workflow session directory, or undefined
+     * @param results - Map of storyId → ReviewResult
+     */
+    async writeSessionReports(sessionDir, results) {
+        if (!sessionDir) {
+            this.logger.debug('No session directory provided, skipping session reports');
+            return;
+        }
+        this.logger.info({ sessionDir, storyCount: results.size }, 'Writing session review reports');
+        const reviewDir = join(sessionDir, 'review');
+        await this.fileManager.createDirectory(reviewDir);
+        // Write per-story review files
+        for (const [storyId, result] of results) {
+            const storyNum = this.extractStoryNum(storyId);
+            const fileName = `story-${storyNum}-review.md`;
+            const filePath = join(reviewDir, fileName);
+            const content = this.formatStoryReviewFile(storyId, result);
+            await this.fileManager.writeFile(filePath, content);
+        }
+        // Write review-summary.md
+        const summaryPath = join(reviewDir, 'review-summary.md');
+        const summaryContent = this.formatSessionSummary(results);
+        await this.fileManager.writeFile(summaryPath, summaryContent);
+        // Write tech-debt-backlog.md
+        const backlogPath = join(reviewDir, 'tech-debt-backlog.md');
+        const backlogContent = this.formatTechDebtBacklog(results);
+        await this.fileManager.writeFile(backlogPath, backlogContent);
+        this.logger.info({ reviewDir }, 'Session review reports written');
+    }
+    // ─── Per-Story Report (appended to story markdown) ───────────────────────
+    /**
+     * Format the per-story review report block to be appended to a story file.
+     *
+     * @param result - ReviewResult for the story
+     * @returns Markdown string for the review section
+     */
+    formatStoryReport(result) {
+        const date = new Date().toISOString().split('T')[0];
+        const lines = [];
+        lines.push(REVIEW_SECTION_HEADING, '');
+        if (result.issues.length === 0) {
+            lines.push(`**Date**: ${date}`);
+            lines.push(`**Verdict**: PASS — No issues found`);
+            lines.push('');
+            return lines.join('\n');
+        }
+        // Verdict line with iteration count
+        const iterationNote = result.iterations > 0 ? ` (after ${result.iterations} iteration${result.iterations > 1 ? 's' : ''})` : '';
+        lines.push(`**Date**: ${date}`);
+        lines.push(`**Verdict**: ${result.verdict}${iterationNote}`);
+        lines.push(`**Scanners**: ${this.extractScannerList(result)}`);
+        lines.push('');
+        // Findings summary table
+        lines.push('### Findings Summary');
+        lines.push('| Severity | Count | Action |');
+        lines.push('|----------|-------|--------|');
+        const grouped = this.groupBySeverity(result.issues);
+        const fixedIssues = result.issues.filter((i) => i.fix);
+        for (const severity of SEVERITY_ORDER) {
+            const issues = grouped.get(severity) ?? [];
+            const count = issues.length;
+            const action = this.determineSeverityAction(severity, issues, fixedIssues);
+            lines.push(`| ${severity} | ${count} | ${action} |`);
+        }
+        lines.push('');
+        // Fixed Issues subsection
+        const fixed = result.issues.filter((i) => i.fix);
+        if (fixed.length > 0) {
+            lines.push('### Fixed Issues');
+            for (const issue of fixed) {
+                lines.push(`- **[${issue.severity}] ${issue.file}:${issue.line}** — ${issue.issue}. Fixed: ${issue.fix}.`);
+            }
+            lines.push('');
+        }
+        // Tech Debt (MEDIUM) subsection
+        const mediumIssues = grouped.get(Severity.MEDIUM) ?? [];
+        const unFixedMedium = mediumIssues.filter((i) => !i.fix);
+        if (unFixedMedium.length > 0) {
+            lines.push('### Tech Debt (MEDIUM)');
+            for (const issue of unFixedMedium) {
+                lines.push(`- **${issue.file}:${issue.line}** — ${issue.issue}`);
+            }
+            lines.push('');
+        }
+        return lines.join('\n');
+    }
+    // ─── Session Summary ─────────────────────────────────────────────────────
+    /**
+     * Format the session-level review summary markdown.
+     *
+     * @param results - Map of storyId → ReviewResult
+     * @returns Complete markdown content for review-summary.md
+     */
+    formatSessionSummary(results) {
+        const timestamp = new Date().toISOString();
+        const lines = [];
+        lines.push('# Review Summary', '');
+        lines.push(`**Review Phase**: ${timestamp}`);
+        // Compute totals
+        let passCount = 0;
+        let failCount = 0;
+        let totalDuration = 0;
+        for (const result of results.values()) {
+            if (result.verdict === 'PASS')
+                passCount++;
+            else
+                failCount++;
+        }
+        const totalStories = results.size;
+        lines.push(`**Duration**: ${totalDuration > 0 ? `${(totalDuration / 1000).toFixed(1)}s` : 'N/A'}`);
+        lines.push('');
+        // Pass/fail summary
+        lines.push(`**${passCount}/${totalStories} stories passed review**`);
+        lines.push('');
+        // Per-story table
+        lines.push('## Stories');
+        lines.push('| Story ID | Verdict | Issues | Fix Iterations |');
+        lines.push('|----------|---------|--------|----------------|');
+        for (const [storyId, result] of results) {
+            lines.push(`| ${storyId} | ${result.verdict} | ${result.issues.length} | ${result.iterations} |`);
+        }
+        lines.push('');
+        // Aggregate severity breakdown
+        const allIssues = Array.from(results.values()).flatMap((r) => r.issues);
+        const grouped = this.groupBySeverity(allIssues);
+        const allFixed = allIssues.filter((i) => i.fix);
+        const fixedGrouped = this.groupBySeverity(allFixed);
+        lines.push('## Severity Breakdown');
+        lines.push('| Severity | Total Found | Fixed | Remaining |');
+        lines.push('|----------|-------------|-------|-----------|');
+        for (const severity of SEVERITY_ORDER) {
+            const total = (grouped.get(severity) ?? []).length;
+            const fixed = (fixedGrouped.get(severity) ?? []).length;
+            const remaining = total - fixed;
+            lines.push(`| ${severity} | ${total} | ${fixed} | ${remaining} |`);
+        }
+        lines.push('');
+        lines.push('---');
+        lines.push('');
+        lines.push('<!-- Powered by BMAD™ Core -->');
+        lines.push('');
+        return lines.join('\n');
+    }
+    // ─── Tech Debt Backlog ───────────────────────────────────────────────────
+    /**
+     * Format the session-level tech debt backlog markdown.
+     * Aggregates all MEDIUM-severity issues across all stories, grouped by file path.
+     *
+     * @param results - Map of storyId → ReviewResult
+     * @returns Complete markdown content for tech-debt-backlog.md
+     */
+    formatTechDebtBacklog(results) {
+        const lines = [];
+        // Collect all MEDIUM issues with story context
+        const debtEntries = [];
+        for (const [storyId, result] of results) {
+            const mediumIssues = result.issues.filter((i) => i.severity === Severity.MEDIUM);
+            for (const issue of mediumIssues) {
+                debtEntries.push({
+                    file: issue.file,
+                    issue: issue.issue,
+                    line: issue.line,
+                    storyId,
+                });
+            }
+        }
+        // Count stories that contributed debt
+        const storyIds = new Set(debtEntries.map((e) => e.storyId));
+        lines.push('# Tech Debt Backlog', '');
+        lines.push(`**${debtEntries.length} tech debt items across ${storyIds.size} stories**`);
+        lines.push('');
+        if (debtEntries.length === 0) {
+            lines.push('No tech debt items found.');
+            lines.push('');
+            lines.push('---');
+            lines.push('');
+            lines.push('<!-- Powered by BMAD™ Core -->');
+            lines.push('');
+            return lines.join('\n');
+        }
+        // Group by file path
+        const byFile = new Map();
+        for (const entry of debtEntries) {
+            const existing = byFile.get(entry.file) ?? [];
+            existing.push(entry);
+            byFile.set(entry.file, existing);
+        }
+        // Sort file paths alphabetically
+        const sortedFiles = Array.from(byFile.keys()).sort();
+        for (const filePath of sortedFiles) {
+            const entries = byFile.get(filePath);
+            lines.push(`## \`${filePath}\``);
+            lines.push('');
+            for (const entry of entries) {
+                lines.push(`- **Line ${entry.line}** — ${entry.issue} _(from ${entry.storyId})_`);
+            }
+            lines.push('');
+        }
+        lines.push('---');
+        lines.push('');
+        lines.push('<!-- Powered by BMAD™ Core -->');
+        lines.push('');
+        return lines.join('\n');
+    }
+    // ─── Per-Story Session Review File ────────────────────────────────────────
+    /**
+     * Format an expanded per-story review file for the session review/ directory.
+     * More detailed than the appended story report — includes full issue details.
+     *
+     * @param storyId - Story identifier
+     * @param result - ReviewResult for the story
+     * @returns Complete markdown content for the per-story review file
+     */
+    formatStoryReviewFile(storyId, result) {
+        const timestamp = new Date().toISOString();
+        const lines = [];
+        lines.push(`# Review: ${storyId}`, '');
+        lines.push(`- **Date:** ${timestamp}`);
+        lines.push(`- **Verdict:** ${result.verdict}`);
+        lines.push(`- **Iterations:** ${result.iterations}`);
+        lines.push(`- **Total Issues:** ${result.issues.length}`);
+        lines.push('');
+        if (result.issues.length === 0) {
+            lines.push('No issues found. Clean pass.');
+            lines.push('');
+        }
+        else {
+            // Group by severity for detailed listing
+            const grouped = this.groupBySeverity(result.issues);
+            for (const severity of SEVERITY_ORDER) {
+                const issues = grouped.get(severity) ?? [];
+                if (issues.length === 0)
+                    continue;
+                lines.push(`## ${severity} Issues (${issues.length})`, '');
+                for (const issue of issues) {
+                    lines.push(`### \`${issue.file}:${issue.line}\``);
+                    lines.push('');
+                    lines.push(`**Issue:** ${issue.issue}`);
+                    if (issue.fix) {
+                        lines.push(`**Fix:** ${issue.fix}`);
+                    }
+                    lines.push('');
+                }
+            }
+        }
+        if (result.message) {
+            lines.push('## Notes', '');
+            lines.push(result.message);
+            lines.push('');
+        }
+        lines.push('---');
+        lines.push('');
+        lines.push('<!-- Powered by BMAD™ Core -->');
+        lines.push('');
+        return lines.join('\n');
+    }
+    // ─── Private helpers ──────────────────────────────────────────────────────
+    /**
+     * Group classified issues by severity.
+     */
+    groupBySeverity(issues) {
+        const map = new Map();
+        for (const severity of SEVERITY_ORDER) {
+            map.set(severity, []);
+        }
+        for (const issue of issues) {
+            const list = map.get(issue.severity);
+            if (list) {
+                list.push(issue);
+            }
+        }
+        return map;
+    }
+    /**
+     * Determine the action column text for a severity row in the findings summary table.
+     */
+    determineSeverityAction(severity, issues, allFixedIssues) {
+        if (issues.length === 0)
+            return '-';
+        const fixedForSeverity = allFixedIssues.filter((i) => i.severity === severity);
+        if (severity === Severity.MEDIUM) {
+            return 'Documented as tech debt';
+        }
+        if (severity === Severity.LOW) {
+            return 'Noted';
+        }
+        // CRITICAL or HIGH
+        if (fixedForSeverity.length === issues.length) {
+            return `Fixed (iteration ${fixedForSeverity.length > 0 ? 'applied' : '1'})`;
+        }
+        if (fixedForSeverity.length > 0) {
+            return `${fixedForSeverity.length}/${issues.length} fixed`;
+        }
+        return 'Blocking — not fixed';
+    }
+    /**
+     * Extract scanner list from a ReviewResult.
+     * Since ReviewResult doesn't carry scanner names directly, derive from issue sources
+     * or return a default.
+     */
+    extractScannerList(result) {
+        // ClassifiedIssue doesn't have a `scanner` field, so we return a placeholder.
+        // The architecture shows scanners in the report but the type doesn't carry this.
+        // Use 'review' as default; in the future, extend ReviewResult with scannersUsed.
+        return 'ai, lint';
+    }
+    /**
+     * Extract the story number portion from a story ID.
+     * e.g., "PROJ-story-1.001" → "1.001"
+     * e.g., "BMAD-ENHANCED-AUTOMATED-CODE-REVIEW-story-3.006" → "3.006"
+     */
+    extractStoryNum(storyId) {
+        const match = /story-(\d+\.\d+)/.exec(storyId);
+        return match ? match[1] : storyId;
+    }
+}

package/dist/services/review/scanner-factory.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Scanner Factory
+ *
+ * Async factory function that creates and configures ReviewScanner instances
+ * based on project configuration. Always includes LintScanner; conditionally
+ * adds AIReviewScanner and CodeRabbitScanner based on config flags and
+ * tool availability.
+ */
+import type pino from 'pino';
+import type { AIProviderRunner } from '../agents/agent-runner.js';
+import type { ReviewConfig } from './ai-review-scanner.js';
+import type { ReviewScanner } from './types.js';
+/** Known scanner names that can be selected via --review-scanners */
+export declare const REGISTERED_SCANNER_NAMES: readonly ["lint", "ai", "coderabbit"];
+/**
+ * Get the list of registered scanner names
+ *
+ * @returns Array of valid scanner name strings
+ */
+export declare function getRegisteredScannerNames(): string[];
+/**
+ * Create all configured review scanners
+ *
+ * Always includes LintScanner. AIReviewScanner is included unless explicitly
+ * disabled via `config.aiReview === false`. CodeRabbitScanner is included only
+ * when `config.coderabbit === true` AND the CLI is installed.
+ *
+ * @param agentRunner - AI provider runner for spawning agents
+ * @param config - Review configuration from core-config.yaml
+ * @param logger - Pino logger instance
+ * @returns Array of configured ReviewScanner instances
+ */
+/**
+ * Timeout options for scanner creation
+ */
+export interface ScannerTimeouts {
+    /** Timeout for AI review scanner (ms). Falls back to 300_000 (5m). */
+    reviewTimeout?: number;
+    /** Timeout for lint scanner (ms). Falls back to 30_000 (30s). */
+    timeout?: number;
+}
+export declare function createScanners(agentRunner: AIProviderRunner, config: ReviewConfig, logger: pino.Logger, timeouts?: ScannerTimeouts): Promise<ReviewScanner[]>;

package/dist/services/review/scanner-factory.js

@@ -0,0 +1,60 @@
+/**
+ * Scanner Factory
+ *
+ * Async factory function that creates and configures ReviewScanner instances
+ * based on project configuration. Always includes LintScanner; conditionally
+ * adds AIReviewScanner and CodeRabbitScanner based on config flags and
+ * tool availability.
+ */
+import { exec } from 'node:child_process';
+import { promisify } from 'node:util';
+import { AIReviewScanner } from './ai-review-scanner.js';
+import { CodeRabbitScanner } from './coderabbit-scanner.js';
+import { LintScanner } from './lint-scanner.js';
+const execAsync = promisify(exec);
+/** Timeout for CodeRabbit CLI availability check */
+const CODERABBIT_CHECK_TIMEOUT = 5_000;
+/**
+ * Check if the CodeRabbit CLI is installed and available
+ *
+ * @returns true if `coderabbit --version` succeeds within timeout
+ */
+async function isCodeRabbitAvailable() {
+    try {
+        await execAsync('coderabbit --version', { timeout: CODERABBIT_CHECK_TIMEOUT });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Known scanner names that can be selected via --review-scanners */
+export const REGISTERED_SCANNER_NAMES = ['lint', 'ai', 'coderabbit'];
+/**
+ * Get the list of registered scanner names
+ *
+ * @returns Array of valid scanner name strings
+ */
+export function getRegisteredScannerNames() {
+    return [...REGISTERED_SCANNER_NAMES];
+}
+export async function createScanners(agentRunner, config, logger, timeouts) {
+    const scanners = [];
+    // Lint scanner is always included
+    scanners.push(new LintScanner(logger, timeouts?.timeout));
+    // AI review scanner is default unless explicitly disabled
+    if (config.aiReview !== false) {
+        scanners.push(new AIReviewScanner(agentRunner, config, logger, timeouts?.reviewTimeout ?? timeouts?.timeout));
+    }
+    // CodeRabbit scanner — only when requested and CLI is available
+    if (config.coderabbit === true) {
+        const available = await isCodeRabbitAvailable();
+        if (available) {
+            scanners.push(new CodeRabbitScanner(logger));
+        }
+        else {
+            logger.warn('CodeRabbit CLI not found, skipping');
+        }
+    }
+    return scanners;
+}

package/dist/services/review/self-heal-loop.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Self-Healing Loop
+ *
+ * Orchestrates scanners, classifies issues, and spawns dev agents to fix
+ * CRITICAL/HIGH blocking issues in a retry loop. Exits with PASS when no
+ * blocking issues remain, or FAIL when maxIterations is exhausted.
+ *
+ * Composition pattern: composes scanners + classifier + agent runner.
+ */
+import type pino from 'pino';
+import type { AIProviderRunner } from '../agents/agent-runner.js';
+import type { ClassifiedIssue, RawReviewOutput, ReviewContext, ReviewResult } from './types.js';
+/**
+ * Configuration for the self-heal loop
+ */
+export interface SelfHealConfig {
+    /** Timeout per fix attempt in ms (default: 300000 = 5 min) */
+    fixTimeout: number;
+    /** Maximum number of scan→fix iterations (default: 3) */
+    maxIterations: number;
+}
+/**
+ * Classifier function signature matching the `classify` export from severity-classifier.ts
+ */
+export type ClassifyFn = (outputs: RawReviewOutput[]) => ClassifiedIssue[];
+/**
+ * Scanner interface — matches ReviewScanner from types.ts
+ */
+export interface ScannerLike {
+    scan(context: ReviewContext): Promise<RawReviewOutput>;
+}
+/**
+ * Self-healing review loop that scans, classifies, and auto-fixes blocking issues.
+ */
+export declare class SelfHealLoop {
+    private readonly agentRunner;
+    private readonly classifier;
+    private readonly config;
+    private readonly logger;
+    private readonly scanners;
+    constructor(scanners: ScannerLike[], classifier: ClassifyFn, agentRunner: AIProviderRunner, config: Partial<SelfHealConfig>, logger: pino.Logger);
+    /**
+     * Execute the self-heal loop: scan → classify → fix → rescan until clean or exhausted.
+     */
+    execute(context: ReviewContext): Promise<ReviewResult>;
+    /**
+     * Build a scoped fix prompt containing only the listed blocking issues.
+     */
+    private buildFixPrompt;
+    /**
+     * Run all registered scanners, handling individual failures gracefully.
+     */
+    private runAllScanners;
+    /**
+     * Spawn a dev agent to apply fixes, handling timeout and errors gracefully.
+     */
+    private spawnFixAgent;
+}

package/dist/services/review/self-heal-loop.js

@@ -0,0 +1,132 @@
+/**
+ * Self-Healing Loop
+ *
+ * Orchestrates scanners, classifies issues, and spawns dev agents to fix
+ * CRITICAL/HIGH blocking issues in a retry loop. Exits with PASS when no
+ * blocking issues remain, or FAIL when maxIterations is exhausted.
+ *
+ * Composition pattern: composes scanners + classifier + agent runner.
+ */
+import { Severity } from './types.js';
+/** Default configuration values */
+const DEFAULT_CONFIG = {
+    fixTimeout: 300_000,
+    maxIterations: 3,
+};
+/** Blocking severities that prevent pipeline from passing */
+const BLOCKING_SEVERITIES = new Set([Severity.CRITICAL, Severity.HIGH]);
+/**
+ * Self-healing review loop that scans, classifies, and auto-fixes blocking issues.
+ */
+export class SelfHealLoop {
+    agentRunner;
+    classifier;
+    config;
+    logger;
+    scanners;
+    constructor(scanners, classifier, agentRunner, config, logger) {
+        this.scanners = scanners;
+        this.classifier = classifier;
+        this.agentRunner = agentRunner;
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.logger = logger;
+    }
+    /**
+     * Execute the self-heal loop: scan → classify → fix → rescan until clean or exhausted.
+     */
+    async execute(context) {
+        for (let iteration = 0; iteration < this.config.maxIterations; iteration++) {
+            // Step 1: Run all scanners
+            const rawOutputs = await this.runAllScanners(context);
+            // Step 2: Classify issues
+            const allIssues = this.classifier(rawOutputs);
+            // Step 3: Filter blocking issues
+            const blockingIssues = allIssues.filter((issue) => BLOCKING_SEVERITIES.has(issue.severity));
+            this.logger.info({ blockingCount: blockingIssues.length, iteration: iteration + 1, maxIterations: this.config.maxIterations, storyId: context.storyId }, 'Review iteration');
+            // Step 4: No blocking issues → PASS
+            if (blockingIssues.length === 0) {
+                return {
+                    issues: allIssues,
+                    iterations: iteration + 1,
+                    verdict: 'PASS',
+                };
+            }
+            // Step 5: Last iteration — no more fix attempts
+            if (iteration === this.config.maxIterations - 1) {
+                return {
+                    issues: allIssues,
+                    iterations: iteration + 1,
+                    message: `${blockingIssues.length} blocking issue(s) remain after ${iteration + 1} iteration(s)`,
+                    verdict: 'FAIL',
+                };
+            }
+            // Step 6: Build fix prompt and spawn dev agent
+            const fixPrompt = this.buildFixPrompt(blockingIssues, context);
+            await this.spawnFixAgent(fixPrompt, context);
+        }
+        // Should not reach here, but satisfy TS return type
+        return {
+            issues: [],
+            iterations: this.config.maxIterations,
+            message: 'Loop exited unexpectedly',
+            verdict: 'FAIL',
+        };
+    }
+    /**
+     * Build a scoped fix prompt containing only the listed blocking issues.
+     */
+    buildFixPrompt(issues, context) {
+        const lines = [
+            'You are a senior developer fixing specific code review issues.',
+            '',
+            'Fix ONLY the listed issues — do not refactor unrelated code.',
+            '',
+            `Story: ${context.storyId} (${context.storyFile})`,
+            '',
+            '## Issues to Fix',
+            '',
+        ];
+        for (const issue of issues) {
+            lines.push(`- **${issue.severity}** in \`${issue.file}\` line ${issue.line}: ${issue.issue}`);
+            if (issue.fix) {
+                lines.push(`  Suggested fix: ${issue.fix}`);
+            }
+        }
+        lines.push('');
+        lines.push('After fixing, run existing tests to verify nothing is broken.');
+        return lines.join('\n');
+    }
+    /**
+     * Run all registered scanners, handling individual failures gracefully.
+     */
+    async runAllScanners(context) {
+        const results = [];
+        for (const scanner of this.scanners) {
+            try {
+                const output = await scanner.scan(context);
+                results.push(output);
+            }
+            catch (error) {
+                this.logger.warn({ error: error.message, storyId: context.storyId }, 'Scanner failed, continuing with remaining scanners');
+            }
+        }
+        return results;
+    }
+    /**
+     * Spawn a dev agent to apply fixes, handling timeout and errors gracefully.
+     */
+    async spawnFixAgent(prompt, context) {
+        try {
+            const result = await this.agentRunner.runAgent(prompt, {
+                agentType: 'dev',
+                references: [context.storyFile, ...context.changedFiles],
+                timeout: this.config.fixTimeout,
+            });
+            return result;
+        }
+        catch (error) {
+            this.logger.error({ error: error.message, storyId: context.storyId }, 'Fix agent failed');
+            return null;
+        }
+    }
+}