@in-the-loop-labs/pair-review 3.5.2 → 3.7.0

package/src/routes/reviews.js

@@ -8,11 +8,12 @@
  */
 
 const express = require('express');
-const { query, queryOne, run, withTransaction, CommentRepository, ReviewRepository, AnalysisRunRepository } = require('../database');
+const { query, queryOne, run, withTransaction, CommentRepository, ReviewRepository, AnalysisRunRepository, HunkSummaryRepository, TourRepository } = require('../database');
 const { calculateStats, getStatsQuery } = require('../utils/stats-calculator');
 const { activeAnalyses, reviewToAnalysisId } = require('./shared');
 const logger = require('../utils/logger');
 const { broadcastReviewEvent } = require('../events/review-events');
+const { backgroundQueue } = require('../ai/background-queue');
 const { ensureContextFileForComment } = require('../utils/auto-context');
 const path = require('path');
 const fs = require('fs').promises;
@@ -22,37 +23,10 @@ const { normalizeRepository } = require('../utils/paths');
 const { resolveFormat, formatAdoptedComment: formatComment } = require('../utils/comment-formatter');
 const { safeParseJson } = require('../utils/safe-parse-json');
 const { resolveOriginalFileContentSpecs } = require('../utils/diff-file-content');
+const validateReviewId = require('./middleware/validate-review-id');
 
 const router = express.Router();
 
-/**
- * Middleware: validate that :reviewId exists in the reviews table.
- * Attaches the review record to req.review for downstream handlers.
- */
-async function validateReviewId(req, res, next) {
-  try {
-    const reviewId = parseInt(req.params.reviewId, 10);
-
-    if (isNaN(reviewId) || reviewId <= 0) {
-      return res.status(400).json({ error: 'Invalid review ID' });
-    }
-
-    const db = req.app.get('db');
-    const reviewRepo = new ReviewRepository(db);
-    const review = await reviewRepo.getReview(reviewId);
-
-    if (!review) {
-      return res.status(404).json({ error: `Review #${reviewId} not found` });
-    }
-
-    req.review = review;
-    req.reviewId = reviewId;
-    next();
-  } catch (error) {
-    next(error);
-  }
-}
-
 /**
  * GET /api/reviews/:reviewId/comments
  * Get all comments for a review.
@@ -1070,4 +1044,146 @@ router.get('/api/reviews/:reviewId/file-content/:fileName(*)', validateReviewId,
   }
 });
 
+// ==========================================================================
+// Hunk Summaries Route
+// ==========================================================================
+
+/**
+ * GET /api/reviews/:reviewId/hunk-summaries
+ * Get all hunk summaries for a review (PR or Local).
+ * Returns trivial-marker rows alongside generated summaries; the frontend filters.
+ */
+router.get('/api/reviews/:reviewId/hunk-summaries', validateReviewId, async (req, res) => {
+  try {
+    const db = req.app.get('db');
+    const repo = new HunkSummaryRepository(db);
+    const rows = await repo.getByReview(req.reviewId);
+    // `generating` reflects whether the background queue is still working
+    // on this review's summaries; the frontend uses it to show a "generating"
+    // pulse on the toolbar toggle until `review:background_job_finished`
+    // fires for jobType=`summaries:*`.
+    const generating = backgroundQueue.hasActiveForReview(req.reviewId, 'summaries');
+    res.json({
+      summaries: rows.map((row) => ({
+        file_path: row.file_path,
+        content_hash: row.content_hash,
+        summary_text: row.summary_text,
+        trivial_reason: row.trivial_reason
+      })),
+      generating
+    });
+  } catch (error) {
+    logger.error('Error fetching hunk summaries:', error);
+    res.status(500).json({ error: 'Failed to fetch hunk summaries' });
+  }
+});
+
+// ==========================================================================
+// Tour Route
+// ==========================================================================
+
+/**
+ * GET /api/reviews/:reviewId/tour
+ * Get the persisted guided tour for a review (PR or Local).
+ * Returns `{tour: null}` when no tour has been generated yet, otherwise
+ * returns `{tour: {stops, diff_hash, stale, generating, provider, model, created_at}}`.
+ *
+ * `stale` is true when a `tour` job is currently in flight for this review,
+ * meaning the persisted tour may be about to be replaced. `generating` is
+ * true when there is no persisted tour yet but a job is in flight.
+ */
+router.get('/api/reviews/:reviewId/tour', validateReviewId, async (req, res) => {
+  try {
+    const db = req.app.get('db');
+    const repo = new TourRepository(db);
+    const row = await repo.get(req.reviewId);
+    const generating = backgroundQueue.hasActiveForReview(req.reviewId, 'tour');
+
+    if (!row) {
+      return res.json({ tour: null, generating });
+    }
+
+    let stops;
+    try {
+      stops = JSON.parse(row.stops);
+    } catch (err) {
+      logger.warn(`Failed to parse tour.stops for review ${req.reviewId}: ${err.message}`);
+      return res.status(500).json({ error: 'Tour data corrupt' });
+    }
+
+    res.json({
+      tour: {
+        stops,
+        diff_hash: row.diff_hash,
+        stale: generating,
+        provider: row.provider,
+        model: row.model,
+        created_at: row.created_at
+      },
+      generating
+    });
+  } catch (error) {
+    logger.error('Error fetching tour:', error);
+    res.status(500).json({ error: 'Failed to fetch tour' });
+  }
+});
+
+// ==========================================================================
+// Background Job Cancellation
+// ==========================================================================
+
+// Only these prefixes are user-cancellable. We deliberately do NOT accept
+// arbitrary jobKeys — that would let the UI cancel internal jobs we don't
+// want to be cancellable from the toolbar (e.g. future scheduling work).
+const CANCELLABLE_JOB_PREFIXES = new Set(['tour', 'summaries']);
+
+/**
+ * POST /api/reviews/:reviewId/jobs/:jobKey/cancel
+ *
+ * Cancel an in-flight background job (tour or summaries) for this review.
+ * Aborts the per-job `AbortSignal`, which kills the upstream CLI child
+ * process so we stop burning tokens immediately.
+ *
+ * Works for BOTH Local mode (`/local/:reviewId`) and PR mode (`/pr/...`)
+ * because both modes write into the same `reviews` table and dispatch
+ * jobs through the same `backgroundQueue` keyed by reviewId. The
+ * separate `/api/local/...` cancel route below shares this handler so
+ * the contract stays in one place.
+ *
+ * Request:
+ *   - `jobKey` path param: bare prefix (`tour` | `summaries`) or full
+ *     job key suffix (`summaries:<digest>`). Bare prefix cancels ALL
+ *     matching variants — what the toolbar actually wants.
+ *
+ * Responses:
+ *   - 200 `{ cancelled: true, count: N }`  - aborted N job(s)
+ *   - 404 `{ cancelled: false }`           - nothing in flight
+ *   - 400                                  - invalid jobKey
+ */
+async function handleJobCancel(req, res) {
+  const rawKey = String(req.params.jobKey || '').trim();
+  // Strip whitespace; reject if empty, contains slashes/control chars, or
+  // does not start with an allow-listed prefix. We deliberately do NOT
+  // accept arbitrary keys — see CANCELLABLE_JOB_PREFIXES comment.
+  if (!rawKey || /[/\\\s]/.test(rawKey)) {
+    return res.status(400).json({ error: 'Invalid jobKey' });
+  }
+  const prefix = rawKey.includes(':') ? rawKey.slice(0, rawKey.indexOf(':')) : rawKey;
+  if (!CANCELLABLE_JOB_PREFIXES.has(prefix)) {
+    return res.status(400).json({ error: `jobKey "${prefix}" is not cancellable` });
+  }
+
+  const { cancelled } = backgroundQueue.cancel(req.reviewId, rawKey);
+  if (cancelled === 0) {
+    logger.info(`Cancel request for ${req.reviewId}:${rawKey} matched no in-flight job`);
+    return res.status(404).json({ cancelled: false });
+  }
+  logger.info(`Cancelled ${cancelled} background job(s) for ${req.reviewId}:${rawKey}`);
+  res.json({ cancelled: true, count: cancelled });
+}
+
+router.post('/api/reviews/:reviewId/jobs/:jobKey/cancel', validateReviewId, handleJobCancel);
+
 module.exports = router;
+module.exports.handleJobCancel = handleJobCancel;
+module.exports.CANCELLABLE_JOB_PREFIXES = CANCELLABLE_JOB_PREFIXES;

package/src/routes/setup.js

@@ -15,7 +15,7 @@ const crypto = require('crypto');
 const { activeSetups, broadcastSetupProgress } = require('./shared');
 const { setupPRReview } = require('../setup/pr-setup');
 const { setupLocalReview } = require('../setup/local-setup');
-const { getGitHubToken, expandPath } = require('../config');
+const { getGitHubToken, expandPath, resolveBindingRepositoryFromPR } = require('../config');
 const { queryOne, ReviewRepository } = require('../database');
 const { normalizeRepository } = require('../utils/paths');
 const { rejectUrlLikeLocalReviewPath } = require('../utils/local-path-input');
@@ -63,8 +63,12 @@ router.post('/api/setup/pr/:owner/:repo/:number', async (req, res) => {
     const db = req.app.get('db');
     const config = req.app.get('config');
 
-    // GitHub token is required for PR setup
-    const githubToken = getGitHubToken(config);
+    // GitHub token is required for PR setup. Resolve the binding key
+    // first so monorepo-style `repos[...]` entries (matched via
+    // `url_pattern` named captures) supply their per-repo token even when
+    // the captured owner/repo differs from the config key.
+    const repositoryForToken = resolveBindingRepositoryFromPR(owner, repo, config);
+    const githubToken = getGitHubToken(config, repositoryForToken);
     if (!githubToken) {
       return res.status(401).json({ error: 'GitHub token not configured' });
     }
@@ -143,6 +147,7 @@ router.post('/api/setup/pr/:owner/:repo/:number', async (req, res) => {
           repo,
           prNumber,
           githubToken,
+          bindingRepository: repositoryForToken,
           config,
           poolLifecycle: req.app.get('poolLifecycle'),
           restoreMetadata,

package/src/routes/stack-analysis.js

@@ -19,7 +19,7 @@ const { normalizeRepository } = require('../utils/paths');
 const { mergeInstructions } = require('../utils/instructions');
 const { GitWorktreeManager } = require('../git/worktree');
 const { GitHubClient } = require('../github/client');
-const { getGitHubToken, resolveLoadSkills, buildCouncilProviderOverrides } = require('../config');
+const { getGitHubToken, resolveHostBinding, resolveBindingRepositoryFromPR, resolveLoadSkills, buildCouncilProviderOverrides } = require('../config');
 const { setupStackPR } = require('../setup/stack-setup');
 const Analyzer = require('../ai/analyzer');
 const { getProviderClass, createProvider } = require('../ai/provider');
@@ -164,6 +164,8 @@ const defaults = {
   GitWorktreeManager,
   GitHubClient,
   getGitHubToken,
+  resolveHostBinding,
+  resolveBindingRepositoryFromPR,
   setupStackPR,
   Analyzer,
   getProviderClass,
@@ -229,10 +231,17 @@ async function executeStackAnalysis(params) {
     }
 
     // 3. Fetch all PR data from GitHub in parallel
-    const githubToken = deps.getGitHubToken(config);
+    // Use the per-repo binding so alt-host stack analyses target the right host.
+    // The PR identity (`${owner}/${repo}`) is used for DB rows and worktree
+    // identity. For host-binding lookups we MUST use the config-binding key,
+    // which differs from the PR identity for monorepo-style `url_pattern`
+    // configs (one `repos[...]` entry serves many captured owner/repo pairs).
+    const bindingRepository = deps.resolveBindingRepositoryFromPR(owner, repo, config);
+    const stackBinding = deps.resolveHostBinding(bindingRepository, config);
+    const githubToken = stackBinding.token;
     const prDataMap = new Map();
     if (githubToken) {
-      const githubClient = new deps.GitHubClient(githubToken);
+      const githubClient = new deps.GitHubClient(stackBinding);
       const fetchResults = await Promise.allSettled(
         prNumbers.map(async (prNum) => {
           const prData = await githubClient.fetchPullRequest(owner, repo, prNum);
@@ -294,10 +303,10 @@ async function executeStackAnalysis(params) {
         };
 
         return analyzeStackPR(deps, db, config, {
-          owner, repo, repository, prNum,
+          owner, repo, repository, bindingRepository, prNum,
           worktreePath: worktreePathMap.get(prNum),
           analysisConfig, stackAnalysisId, state,
-          githubToken, prData: prDataMap.get(prNum),
+          githubToken, binding: stackBinding, prData: prDataMap.get(prNum),
           onAnalysisIdReady
         }).then(result => {
           state.prStatuses.set(prNum, {
@@ -335,15 +344,25 @@ async function executeStackAnalysis(params) {
  * Called in parallel for all PRs.
  */
 async function analyzeStackPR(deps, db, config, {
-  owner, repo, repository, prNum, worktreePath,
-  analysisConfig, stackAnalysisId, state, githubToken, prData,
+  owner, repo, repository, bindingRepository, prNum, worktreePath,
+  analysisConfig, stackAnalysisId, state, githubToken, binding, prData,
   onAnalysisIdReady
 }) {
+  // Build a GitHubClient for analyzer-side dedup pre-fetch. The stack
+  // analysis flow is PR mode only — local mode does not enter this path.
+  // Prefer the host-aware binding (alt-host capable) and fall back to the
+  // bare token for legacy callers.
+  const clientArg = binding || githubToken;
+  const stackGithubClient = clientArg ? new deps.GitHubClient(clientArg) : undefined;
+  if (stackGithubClient) {
+    logger.debug(`analyzer githubClient wired for ${owner}/${repo}#${prNum} (stack)`);
+  }
   // 1. Setup PR (generates diff, stores metadata)
   const worktreeManager = new deps.GitWorktreeManager(db);
   await deps.setupStackPR({
     db, owner, repo, prNumber: prNum,
-    githubToken, worktreePath, worktreeManager, prData
+    githubToken, binding, bindingRepository,
+    worktreePath, worktreeManager, prData
   });
 
   // 2. Fetch prMetadata from DB
@@ -381,6 +400,7 @@ async function analyzeStackPR(deps, db, config, {
       reviewId, worktreePath, prMetadata, prNum, owner, repo, repository,
       globalInstructions, repoInstructions, requestInstructions,
       councilId, rawCouncilConfig, configType, onAnalysisIdReady,
+      githubClient: stackGithubClient,
       providerOverrides: councilProviderOverrides,
       providerOverridesMap: councilProviderOverridesMap
     });
@@ -408,6 +428,7 @@ async function analyzeStackPR(deps, db, config, {
         selectedProvider, selectedModel,
         globalInstructions, repoInstructions, requestInstructions,
         reqTier, reqEnabledLevels, onAnalysisIdReady,
+        githubClient: stackGithubClient,
         providerOverrides
       });
     }
@@ -428,6 +449,7 @@ async function launchStackSingleAnalysis(deps, db, config, {
   selectedProvider, selectedModel,
   globalInstructions, repoInstructions, requestInstructions,
   reqTier, reqEnabledLevels, onAnalysisIdReady,
+  githubClient,
   providerOverrides = {}
 }) {
   const runId = uuidv4();
@@ -485,7 +507,7 @@ async function launchStackSingleAnalysis(deps, db, config, {
       reviewId, worktreePath, prMetadata, progressCallback,
       { globalInstructions, repoInstructions, requestInstructions },
       null,
-      { analysisId, runId, skipRunCreation: true, tier, enabledLevels: levelsConfig }
+      { analysisId, runId, skipRunCreation: true, tier, enabledLevels: levelsConfig, githubClient }
     );
 
     const completionInfo = determineCompletionInfo(result);
@@ -552,6 +574,7 @@ async function launchStackCouncilAnalysis(deps, db, config, {
   reviewId, worktreePath, prMetadata, prNum, owner, repo, repository,
   globalInstructions, repoInstructions, requestInstructions,
   councilId, rawCouncilConfig, configType, onAnalysisIdReady,
+  githubClient,
   providerOverrides = {},
   providerOverridesMap = null
 }) {
@@ -595,6 +618,7 @@ async function launchStackCouncilAnalysis(deps, db, config, {
       logLabel: `Stack PR #${prNum}`,
       initialStatusExtra: { prNumber: prNum, reviewType: 'pr' },
       config,
+      githubClient,
       providerOverrides,
       providerOverridesMap,
       hookContext: {

package/src/routes/worktrees.js

@@ -47,9 +47,10 @@ router.post('/api/worktrees/create', async (req, res) => {
     const db = req.app.get('db');
     const config = req.app.get('config');
 
-    // Validate GitHub token
+    // Validate GitHub token. Pass the owner/repo so alt-host repos
+    // resolve their own per-repo token.
     const { getGitHubToken } = require('../config');
-    const githubToken = getGitHubToken(config);
+    const githubToken = getGitHubToken(config, `${owner}/${repo}`);
     if (!githubToken) {
       return res.status(500).json({
         success: false,

package/src/server.js

@@ -348,6 +348,7 @@ async function startServer(sharedDb = null, sharedPoolLifecycle = null) {
     const chatRoutes = require('./routes/chat');
     const contextFilesRoutes = require('./routes/context-files');
     const githubCollectionsRoutes = require('./routes/github-collections');
+    const bulkAnalysisConfigsRoutes = require('./routes/bulk-analysis-configs');
     const stackAnalysisRoutes = require('./routes/stack-analysis');
     const externalCommentsRoutes = require('./routes/external-comments');
     const { createSoundRouter } = require('./routes/sound');
@@ -369,6 +370,7 @@ async function startServer(sharedDb = null, sharedPoolLifecycle = null) {
     app.use('/', setupRoutes);
     app.use('/', mcpRoutes);
     app.use('/', githubCollectionsRoutes);
+    app.use('/', bulkAnalysisConfigsRoutes);
     app.use('/', stackAnalysisRoutes);
     // External-comments routes (GitHub PR review-comment sync + fetch) are
     // gated by the `external_comments` config flag. When disabled, the

package/src/setup/pr-setup.js

@@ -17,7 +17,7 @@ const { WorktreePoolLifecycle } = require('../git/worktree-pool-lifecycle');
 const { GitHubClient } = require('../github/client');
 const { normalizeRepository } = require('../utils/paths');
 const { findMainGitRoot } = require('../local-review');
-const { getConfigDir, getRepoPath, resolveRepoOptions, resolvePoolConfig, getRepoResetScript, DEFAULT_CHECKOUT_TIMEOUT_MS } = require('../config');
+const { getConfigDir, getRepoPath, resolveRepoOptions, resolvePoolConfig, getRepoResetScript, resolveHostBinding, resolveBindingRepositoryFromPR, DEFAULT_CHECKOUT_TIMEOUT_MS } = require('../config');
 const logger = require('../utils/logger');
 const { fireReviewStartedHook } = require('../hooks/payloads');
 const simpleGit = require('simple-git');
@@ -213,9 +213,11 @@ async function registerRepositoryLocation(db, currentDir, owner, repo) {
  * @param {Object} params.db - Database instance
  * @param {string} params.owner - Repository owner
  * @param {string} params.repo - Repository name
- * @param {string} params.repository - Normalized "owner/repo" string
+ * @param {string} params.repository - Normalized "owner/repo" PR identity (used for DB lookups: worktrees, repo_settings)
+ * @param {string} [params.bindingRepository] - `repos[...]` config-lookup key; defaults to `repository`. Differs for monorepo url_pattern configs.
  * @param {number} params.prNumber - PR number (used for worktree lookup)
  * @param {Object} [params.config] - Application config (used for monorepo path lookup)
+ * @param {string} [params.cloneUrl] - Alt-host clone URL from `prData.repository.clone_url`; falls back to github.com when omitted.
  * @param {Function} [params.onProgress] - Optional progress callback
  * @returns {Promise<{ repositoryPath: string, knownPath: string|null, worktreeSourcePath: string|null, checkoutScript: string|null, checkoutTimeout: number, worktreeConfig: Object|null }>}
  *   - repositoryPath: the main git root (bare repo or .git parent)
@@ -225,7 +227,10 @@ async function registerRepositoryLocation(db, currentDir, owner, repo) {
  *   - checkoutTimeout: timeout in ms for checkout script (default: 300000 = 5 minutes)
  *   - worktreeConfig: { worktreeBaseDir, nameTemplate } if configured, null otherwise
  */
-async function findRepositoryPath({ db, owner, repo, repository, prNumber, config, onProgress }) {
+async function findRepositoryPath({ db, owner, repo, repository, bindingRepository, prNumber, config, cloneUrl, onProgress }) {
+  // `repository` is the PR identity (DB key). `bindingRepository` is the
+  // `repos[...]` config-lookup key — they differ for monorepo url_pattern configs.
+  const configKey = bindingRepository || repository;
   const worktreeManager = new GitWorktreeManager(db);
   const repoSettingsRepo = new RepoSettingsRepository(db);
   const worktreeRepo = new WorktreeRepository(db);
@@ -237,7 +242,7 @@ async function findRepositoryPath({ db, owner, repo, repository, prNumber, confi
   // ------------------------------------------------------------------
   // Tier -1: Explicit monorepo configuration (highest priority)
   // ------------------------------------------------------------------
-  const monorepoPath = config ? getRepoPath(config, repository) : null;
+  const monorepoPath = config ? getRepoPath(config, configKey) : null;
 
   if (monorepoPath) {
     // The configured path might be a worktree or a regular/bare repo.
@@ -289,7 +294,7 @@ async function findRepositoryPath({ db, owner, repo, repository, prNumber, confi
   // ------------------------------------------------------------------
   // Resolve monorepo worktree options (checkout_script, worktree_directory, worktree_name_template)
   // ------------------------------------------------------------------
-  const resolved = config ? resolveRepoOptions(config, repository, repoSettings) : { checkoutScript: null, checkoutTimeout: DEFAULT_CHECKOUT_TIMEOUT_MS, worktreeConfig: null };
+  const resolved = config ? resolveRepoOptions(config, configKey, repoSettings) : { checkoutScript: null, checkoutTimeout: DEFAULT_CHECKOUT_TIMEOUT_MS, worktreeConfig: null };
   const { checkoutScript, checkoutTimeout, worktreeConfig } = resolved;
 
   // When a checkout script is configured, null out worktreeSourcePath —
@@ -357,8 +362,10 @@ async function findRepositoryPath({ db, owner, repo, repository, prNumber, confi
       await fs.mkdir(path.dirname(cachedRepoPath), { recursive: true });
 
       const git = simpleGit();
-      const cloneUrl = `https://github.com/${owner}/${repo}.git`;
-      await git.clone(cloneUrl, cachedRepoPath, ['--filter=blob:none', '--no-checkout']);
+      // Honor alt-host clone URL when callers thread it through; older
+      // restore snapshots / pre-alt-host callers fall back to github.com.
+      const resolvedCloneUrl = cloneUrl || `https://github.com/${owner}/${repo}.git`;
+      await git.clone(resolvedCloneUrl, cachedRepoPath, ['--filter=blob:none', '--no-checkout']);
       repositoryPath = cachedRepoPath;
       if (onProgress) {
         onProgress({ step: 'repo', status: 'running', message: `Repository cloned to ${cachedRepoPath}` });
@@ -408,16 +415,31 @@ function isShaNotFoundError(err) {
  * @param {string} params.repo - Repository name
  * @param {number} params.prNumber - Pull request number
  * @param {string} params.githubToken - GitHub PAT
+ * @param {string} [params.bindingRepository] - `repos[...]` config-lookup key; resolved internally when omitted
  * @param {Object} [params.config] - Application config (for monorepo path lookup)
  * @param {import('../git/worktree-pool-lifecycle').WorktreePoolLifecycle} [params.poolLifecycle] - Shared pool lifecycle instance (avoids creating a fresh singleton)
  * @param {Object} [params.restoreMetadata] - Stored PR data for restore mode (skips GitHub fetch + diff)
  * @param {Function} [params.onProgress] - Optional progress callback
  * @returns {Promise<{ reviewUrl: string, title: string }>}
  */
-async function setupPRReview({ db, owner, repo, prNumber, githubToken, config, onProgress, poolLifecycle: externalPoolLifecycle, restoreMetadata }) {
+async function setupPRReview({ db, owner, repo, prNumber, githubToken, bindingRepository: externalBindingRepository, config, onProgress, poolLifecycle: externalPoolLifecycle, restoreMetadata }) {
   const repository = normalizeRepository(owner, repo);
   const progress = onProgress || (() => {});
 
+  // Resolve the per-repo host binding so alt-host setups talk to the
+  // configured `api_host`. Use `resolveBindingRepositoryFromPR` so
+  // monorepo-style configs (one `repos[...]` entry serving many
+  // captured owner/repo) find the right binding. Fall back to the bare
+  // token shape if no config is available (legacy invocation path) or
+  // the binding resolved no token (callers in this case already
+  // pre-resolved it).
+  const bindingRepository = externalBindingRepository
+    || (config ? resolveBindingRepositoryFromPR(owner, repo, config) : repository);
+  const setupBinding = config ? resolveHostBinding(bindingRepository, config) : null;
+  const clientArg = (setupBinding && setupBinding.token)
+    ? setupBinding
+    : githubToken;
+
   const isRestore = !!(restoreMetadata && restoreMetadata.head_sha);
   let prData;
   let githubClient = null;
@@ -431,7 +453,7 @@ async function setupPRReview({ db, owner, repo, prNumber, githubToken, config, o
     // Step: verify - Verify repository access
     // ------------------------------------------------------------------
     progress({ step: 'verify', status: 'running', message: 'Verifying repository access...' });
-    githubClient = new GitHubClient(githubToken);
+    githubClient = new GitHubClient(clientArg);
     const repoExists = await githubClient.repositoryExists(owner, repo);
     if (!repoExists) {
       throw new Error(`Repository ${owner}/${repo} not found`);
@@ -455,8 +477,10 @@ async function setupPRReview({ db, owner, repo, prNumber, githubToken, config, o
     owner,
     repo,
     repository,
+    bindingRepository,
     prNumber,
     config,
+    cloneUrl: prData?.repository?.clone_url,
     onProgress: progress
   });
   progress({ step: 'repo', status: 'completed', message: `Repository located at ${repositoryPath}` });
@@ -467,8 +491,10 @@ async function setupPRReview({ db, owner, repo, prNumber, githubToken, config, o
   const prInfo = { owner, repo, number: prNumber };
   const repoSettingsRepo = new RepoSettingsRepository(db);
   const repoSettings = await repoSettingsRepo.getRepoSettings(repository);
-  const { poolSize } = resolvePoolConfig(config || {}, repository, repoSettings);
-  const resetScript = config ? getRepoResetScript(config, repository) : null;
+  // Pool/reset settings live under the config-lookup key (`bindingRepository`),
+  // not the PR identity, so monorepo `repos[...]` entries are honored.
+  const { poolSize } = resolvePoolConfig(config || {}, bindingRepository, repoSettings);
+  const resetScript = config ? getRepoResetScript(config, bindingRepository) : null;
 
   let worktreePath;
   let worktreeManager;

package/src/setup/stack-setup.js

@@ -23,17 +23,27 @@ const logger = require('../utils/logger');
  * @param {string} params.owner - Repository owner
  * @param {string} params.repo - Repository name
  * @param {number} params.prNumber - Pull request number
- * @param {string} params.githubToken - GitHub personal access token
+ * @param {string} [params.githubToken] - GitHub personal access token (legacy). Prefer `binding`.
+ * @param {Object} [params.binding] - Resolved host binding (`resolveHostBinding(bindingRepository, config)`).
+ *   Required for alt-host repos so the right API host is used.
+ * @param {string} [params.bindingRepository] - `repos[...]` config-lookup key for this PR. Differs from
+ *   `${owner}/${repo}` for monorepo `url_pattern` configs. Surfaced for downstream
+ *   per-repo lookups (worktree pool, reset script) that key off the config entry.
  * @param {string} params.worktreePath - Path to the per-PR worktree
  * @param {import('../git/worktree').GitWorktreeManager} params.worktreeManager - Worktree manager instance
  * @param {Object} [params.prData] - Pre-fetched PR data from GitHub (skips API call when provided)
  * @returns {Promise<{ reviewId: number, prMetadata: Object, prData: Object, isNew: boolean }>}
  */
-async function setupStackPR({ db, owner, repo, prNumber, githubToken, worktreePath, worktreeManager, prData: prefetchedPRData }) {
+async function setupStackPR({ db, owner, repo, prNumber, githubToken, binding, bindingRepository, worktreePath, worktreeManager, prData: prefetchedPRData }) {
+  // `bindingRepository` is accepted so callers (e.g. `executeStackAnalysis`)
+  // can thread the resolved config-binding key through to any downstream
+  // per-repo lookups added in this function. Currently unused inside this
+  // function — `storePRData` keys off the PR identity.
+  void bindingRepository;
   logger.info(`Setting up stack PR #${prNumber} for ${owner}/${repo}`);
 
   // 1. Fetch PR data from GitHub (or use pre-fetched data)
-  const githubClient = new GitHubClient(githubToken);
+  const githubClient = new GitHubClient(binding || githubToken);
   let prData;
   if (prefetchedPRData) {
     prData = prefetchedPRData;

package/src/single-port.js

@@ -116,12 +116,15 @@ function buildDelegationUrl(port, mode, context = {}) {
  * Parse PR arguments for URL construction without starting a server.
  * Reuses PRArgumentParser — synchronous for URLs, async for bare numbers.
  * @param {string[]} prArgs - Raw CLI PR arguments
+ * @param {object} [config] - Pair-review config, passed to the parser so
+ *   that per-repo `url_pattern` regexes are tried before the built-in
+ *   GitHub/Graphite parsers. Pass null to disable config-driven matching.
  * @param {object} [_deps] - Dependency overrides for testing
  * @returns {Promise<{owner: string, repo: string, number: number}>}
  */
-async function parsePRArgsForDelegation(prArgs, _deps) {
+async function parsePRArgsForDelegation(prArgs, config = null, _deps) {
   const deps = { ...defaults, ..._deps };
-  const parser = new deps.PRArgumentParser();
+  const parser = new deps.PRArgumentParser(config);
   return parser.parsePRArguments(prArgs);
 }
 
@@ -163,7 +166,7 @@ async function attemptDelegation(config, flags, prArgs, _deps) {
     const targetPath = path.resolve(flags.localPath || process.cwd());
     url = buildDelegationUrl(port, 'local', { localPath: targetPath, analyze: flags.ai });
   } else if (prArgs.length > 0) {
-    const prInfo = await parsePRArgsForDelegation(prArgs, _deps);
+    const prInfo = await parsePRArgsForDelegation(prArgs, config, _deps);
     url = buildDelegationUrl(port, 'pr', { ...prInfo, analyze: flags.ai });
   } else {
     url = buildDelegationUrl(port, 'server');

package/src/utils/diff-hunks.js

@@ -0,0 +1,65 @@
+// Copyright 2026 Tim Perkins (tjwp) | SPDX-License-Identifier: Apache-2.0
+
+const { parseUnifiedDiffPatches } = require('./diff-file-list');
+
+/**
+ * @typedef {Object} Hunk
+ * @property {string} header - Hunk header line, e.g. "@@ -10,5 +10,7 @@".
+ * @property {string[]} lines - Diff lines including their leading marker
+ *   ('+', '-', ' ', or the literal '\' marker).
+ */
+
+/**
+ * Split a single file's patch text into per-hunk structures.
+ * @param {string} filePatch - Patch text for one file (with or without diff header).
+ * @returns {Hunk[]} Array of hunks; empty when the patch contains no `@@` lines.
+ */
+function parseHunks(filePatch) {
+  if (!filePatch) return [];
+
+  const lines = filePatch.split('\n');
+  const hunks = [];
+  let current = null;
+
+  for (const line of lines) {
+    if (line.startsWith('@@')) {
+      if (current) hunks.push(current);
+      current = { header: line, lines: [] };
+      continue;
+    }
+    if (current) {
+      current.lines.push(line);
+    }
+  }
+
+  if (current) hunks.push(current);
+
+  for (const hunk of hunks) {
+    while (hunk.lines.length > 0 && hunk.lines[hunk.lines.length - 1] === '') {
+      hunk.lines.pop();
+    }
+  }
+
+  return hunks;
+}
+
+/**
+ * Parse a full unified diff into a Map of file path -> hunks.
+ * @param {string} diffText - Full unified diff text spanning many files.
+ * @returns {Map<string, Hunk[]>} Map keyed by the new path (or old path for deletions).
+ */
+function parseUnifiedDiffHunks(diffText) {
+  const result = new Map();
+  if (!diffText) return result;
+
+  const patches = parseUnifiedDiffPatches(diffText);
+  for (const [filePath, patch] of patches.entries()) {
+    const hunks = parseHunks(patch);
+    if (hunks.length === 0) continue;
+    result.set(filePath, hunks);
+  }
+
+  return result;
+}
+
+module.exports = { parseHunks, parseUnifiedDiffHunks };

package/src/utils/json-extractor.js

@@ -15,10 +15,13 @@ const logger = require('./logger');
  *
  * @param {string} response - Raw response text (may include preamble/postamble prose)
  * @param {string|number} level - Level identifier for logging (e.g., 1, 2, 3, 'orchestration', 'unknown')
+ * @param {string} [logPrefix] - Custom log prefix to use instead of `[Level <level>]`.
+ *   Used by callers (e.g., summary generation, council mode) that have a more
+ *   meaningful identifier than a numeric analysis level.
  * @returns {Object} Extraction result with success flag and data/error
  */
-function extractJSON(response, level = 'unknown') {
-  const levelPrefix = `[Level ${level}]`;
+function extractJSON(response, level = 'unknown', logPrefix) {
+  const levelPrefix = logPrefix || `[Level ${level}]`;
 
   if (!response || !response.trim()) {
     return { success: false, error: 'Empty response' };