@inteeka/task-cli 0.2.26 → 0.2.28

package/dist/cli.js

@@ -171,6 +171,17 @@ var CLI_ALLOWED_TOOLS = Object.freeze([
   "Bash(pnpm typecheck*)",
   "Bash(pnpm lint*)"
 ]);
+var CLI_REVIEW_ALLOWED_TOOLS = Object.freeze([
+  "Read",
+  "Glob",
+  "Grep",
+  "Bash(git diff:*)",
+  "Bash(git log:*)",
+  "Bash(git show:*)",
+  "Bash(git status)",
+  "Bash(git branch:*)",
+  "Bash(gh pr view:*)"
+]);
 var CLI_DEVICE_POLL_INTERVAL_SECONDS = 5;
 var CLI_DEVICE_POLL_SLOW_DOWN_INCREMENT_SECONDS = 5;
 var CLI_ACCESS_TOKEN_TTL_SECONDS = 60 * 60;
@@ -193,6 +204,15 @@ var CLI_AUDIT_ACTIONS = Object.freeze([
   "cli.run.pr_failed",
   "cli.run.push_failed",
   "cli.run.resumed",
+  "cli.run.auto_review_passed",
+  "cli.run.auto_review_failed",
+  "cli.run.auto_review_errored",
+  // Server-side audit actions for the auto-review verdict path. Emitted
+  // by /api/v1/cli/me/tickets/[id]/pull-requests/[prNumber]/auto-review-verdict.
+  "git.pr.auto_review_passed",
+  "git.pr.auto_review_failed",
+  "git.pr.auto_review_sql_held",
+  "git.pr.auto_review_sql_hold_dispatched",
   "cli.work.pr_recovered",
   "cli.schedule.created",
   "cli.schedule.paused",
@@ -1523,6 +1543,10 @@ var ALLOWED_TOOLS = CLI_ALLOWED_TOOLS;
 function allowedToolsFlag() {
   return ALLOWED_TOOLS.join(",");
 }
+var REVIEW_ALLOWED_TOOLS = CLI_REVIEW_ALLOWED_TOOLS;
+function reviewAllowedToolsFlag() {
+  return REVIEW_ALLOWED_TOOLS.join(",");
+}
 
 // src/agent/system-prompt.ts
 function buildSystemPrompt(args) {
@@ -1581,7 +1605,7 @@ async function runAgent(args) {
     logHandle = createWriteStream(outputLogPath, { flags: "a" });
   }
   let stderrBuffer = "";
-  const STDERR_KEEP = 4e3;
+  const STDERR_KEEP2 = 4e3;
   return new Promise((resolve2, reject) => {
     const child = spawn(claude, cliArgs, {
       cwd: args.cwd,
@@ -1605,7 +1629,7 @@ async function runAgent(args) {
       } else {
         process.stderr.write(chunk);
       }
-      stderrBuffer = (stderrBuffer + chunk.toString("utf8")).slice(-STDERR_KEEP);
+      stderrBuffer = (stderrBuffer + chunk.toString("utf8")).slice(-STDERR_KEEP2);
     });
     child.on("close", (code) => {
       logHandle?.end();
@@ -1615,6 +1639,297 @@ async function runAgent(args) {
   });
 }
 
+// src/agent/pr-review-service.ts
+import { spawn as spawn2 } from "child_process";
+import { mkdir as mkdir7, writeFile as writeFile8 } from "fs/promises";
+import { homedir as homedir5 } from "os";
+import { join as join8 } from "path";
+
+// src/agent/pr-review-prompt.ts
+var QA_BLOCK = `# /qa lens \u2014 final quality gate
+
+You are acting as the QA lead reviewer. Score the diff against these checks:
+
+1. Contract integrity \u2014 does the change honour the public API / UI contract that callers depend on? Any breaking change without a migration is an automatic NO-GO.
+2. Multi-tenant safety \u2014 every query touching tenant data must filter by organisation_id. Any new query missing this filter is a NO-GO.
+3. Validation \u2014 every new mutation endpoint has a Zod schema with .strict() on updates, max-lengths on free text, UUID validation on path params. Missing \u2192 NO-GO.
+4. Soft delete \u2014 never hard-delete user-facing entities. Hard delete \u2192 NO-GO.
+5. UI accessibility \u2014 new interactive elements have semantic markup (button, role, aria-label as needed). Raw <div onClick> on a logical control \u2192 NO-GO.
+6. Test coverage \u2014 meaningful new logic should have a test in the same PR. Untested critical path \u2192 CONDITIONAL (not NO-GO unless the path is a security boundary).
+
+QA verdict scale:
+  GO          \u2014 all checks pass, ready to merge
+  CONDITIONAL \u2014 non-blocking gaps (e.g. missing test, small a11y nit). Merge is acceptable but findings should be filed.
+  NO-GO       \u2014 at least one blocking check failed
+`;
+var SECURITY_BLOCK = `# /security lens \u2014 Security Review Gate
+
+You are acting as the security agent. Apply the 5 Non-Negotiables and the 5 Security Layers.
+
+5 Non-Negotiables (any failure \u2192 FAIL):
+  1. RLS / organisation_id \u2014 every tenant table query filters by organisation_id; every insert sets it. No bypass via service-role client unless the file is a documented background job.
+  2. Zod validation \u2014 every mutation endpoint validates inputs; update schemas use .strict().
+  3. Secrets \u2014 no secrets in code, no NEXT_PUBLIC_ leakage of server-only env vars, no console.log of tokens / cookies / session ids.
+  4. Audit chain \u2014 mutations on audited resources call writeAuditLog; system_audit_log and ticket_activity_log are never UPDATEd or DELETEd.
+  5. CSRF / auth \u2014 dashboard mutations require session auth; widget endpoints require API key; webhook endpoints verify HMAC signature.
+
+5 Security Layers to review independently:
+  - authentication       (session vs api_key vs HMAC selected correctly?)
+  - tenant_resolution    (organisation_id resolved from membership / api_key \u2192 project, never from request body?)
+  - authorisation        (role check matches endpoint sensitivity?)
+  - rls                  (queries filtered by organisation_id?)
+  - audit                (mutations recorded with writeAuditLog?)
+
+Security verdict scale:
+  PASS                  \u2014 all five layers pass, no findings above 'low'
+  PASS_WITH_CONDITIONS  \u2014 only 'low' findings; no critical/high/medium issues
+  FAIL                  \u2014 at least one critical, high, or medium finding, OR any 'fail' in the five layers
+`;
+var OUTPUT_CONTRACT = `# Output contract \u2014 REQUIRED
+
+After your analysis, end your reply with exactly ONE fenced \`\`\`json block matching this schema. No prose after the closing fence.
+
+\`\`\`json
+{
+  "overall": "pass" | "fail",
+  "summary": "<one sentence \u2014 what the PR does and the headline verdict>",
+  "qa": {
+    "verdict": "GO" | "CONDITIONAL" | "NO-GO",
+    "failed_checks": ["<short label>", ...]
+  },
+  "security": {
+    "verdict": "PASS" | "PASS_WITH_CONDITIONS" | "FAIL",
+    "layers_reviewed": {
+      "authentication": "PASS" | "FAIL",
+      "tenant_resolution": "PASS" | "FAIL",
+      "authorisation": "PASS" | "FAIL",
+      "rls": "PASS" | "FAIL",
+      "audit": "PASS" | "FAIL"
+    }
+  },
+  "findings": [
+    {
+      "lens": "qa" | "security",
+      "severity": "critical" | "high" | "medium" | "low",
+      "file": "<repo-relative path or null>",
+      "description": "<what is wrong>",
+      "recommendation": "<what to change>"
+    }
+  ]
+}
+\`\`\`
+
+Rules:
+  - "overall": "pass" ONLY when qa.verdict === "GO" AND security.verdict === "PASS". Anything else \u2192 "fail".
+  - "findings" is an array (may be empty on a clean pass).
+  - Keep total response under 4000 tokens \u2014 be concise and actionable.
+`;
+function buildPrReviewSystemPrompt(_args) {
+  return [
+    "You are a paranoid senior reviewer auditing a pull request that was generated by an AI agent. Treat every line of the diff as if it were written by an attacker who knows your blind spots.",
+    "",
+    "You have read-only tools (git diff, git log, Read, Grep, Glob, gh pr view). Do NOT attempt to edit or write files; the toolset will refuse.",
+    "",
+    "Two lenses, applied independently then combined. Be evidence-driven \u2014 cite file paths in findings.",
+    "",
+    QA_BLOCK,
+    "",
+    SECURITY_BLOCK,
+    "",
+    OUTPUT_CONTRACT
+  ].join("\n");
+}
+function buildPrReviewUserPrompt(args) {
+  return [
+    `PR #${args.prNumber} (${args.prUrl})`,
+    `Branch: ${args.branchName} \u2192 ${args.baseBranch}`,
+    "",
+    `Run \`git diff ${args.baseBranch}...${args.branchName}\` to see every changed line. If the diff is large, also run \`git diff ${args.baseBranch}...${args.branchName} --stat\` first to orient yourself, then drill into files that look risky.`,
+    "",
+    "Read referenced files in full if a finding depends on surrounding context (RLS policies, validation schemas, audit-log helpers).",
+    "",
+    "When ready, emit your verdict as the fenced JSON block specified in the system prompt. No prose after the closing fence."
+  ].join("\n");
+}
+
+// src/agent/pr-review-service.ts
+var PrReviewError = class extends Error {
+  code;
+  excerpt;
+  constructor(code, message, excerpt = "") {
+    super(message);
+    this.name = "PrReviewError";
+    this.code = code;
+    this.excerpt = excerpt;
+  }
+};
+var STDERR_KEEP = 4e3;
+async function runPrReview(args) {
+  const systemPrompt = buildPrReviewSystemPrompt(args);
+  const userPrompt = buildPrReviewUserPrompt(args);
+  const claude = args.claudePath ?? "claude";
+  const cliArgs = [
+    "--allowedTools",
+    reviewAllowedToolsFlag(),
+    "--system-prompt",
+    systemPrompt,
+    ...args.modelId ? ["--model", args.modelId] : [],
+    userPrompt
+  ];
+  const logDir = join8(homedir5(), ".cache", "task", "runs");
+  await mkdir7(logDir, { recursive: true }).catch(() => {
+  });
+  const logPath = join8(logDir, `${args.runId}.review.log`);
+  await writeFile8(logPath, "").catch(() => {
+  });
+  const { createWriteStream } = await import("fs");
+  const logHandle = createWriteStream(logPath, { flags: "a" });
+  let stdoutBuffer = "";
+  let stderrTail = "";
+  const exitCode = await new Promise((resolve2, reject) => {
+    const child = spawn2(claude, cliArgs, {
+      cwd: args.cwd,
+      stdio: ["ignore", "pipe", "pipe"],
+      env: { ...process.env, FORCE_COLOR: args.silent ? "0" : "1" }
+    });
+    child.on("error", (err) => {
+      logHandle.end();
+      reject(new PrReviewError("spawn_failed", `Could not spawn claude: ${err.message}`));
+    });
+    child.stdout?.on("data", (chunk) => {
+      stdoutBuffer += chunk.toString("utf8");
+      if (args.silent) {
+        logHandle.write(chunk);
+      } else {
+        process.stdout.write(chunk);
+        logHandle.write(chunk);
+      }
+    });
+    child.stderr?.on("data", (chunk) => {
+      if (args.silent) {
+        logHandle.write(chunk);
+      } else {
+        process.stderr.write(chunk);
+        logHandle.write(chunk);
+      }
+      stderrTail = (stderrTail + chunk.toString("utf8")).slice(-STDERR_KEEP);
+    });
+    child.on("close", (code) => {
+      logHandle.end();
+      resolve2(code ?? 0);
+    });
+  });
+  if (exitCode !== 0) {
+    throw new PrReviewError(
+      "nonzero_exit",
+      `claude review subprocess exited with code ${exitCode}`,
+      stderrTail
+    );
+  }
+  return parseVerdict(stdoutBuffer, logPath);
+}
+function parseVerdict(stdout, logPath) {
+  const blocks = extractJsonBlocks(stdout);
+  if (blocks.length === 0) {
+    throw new PrReviewError(
+      "no_json_block",
+      "Could not find a fenced ```json block in the review subprocess output",
+      stdout.slice(-2e3)
+    );
+  }
+  const rawJson = blocks[blocks.length - 1];
+  let parsed;
+  try {
+    parsed = JSON.parse(rawJson);
+  } catch (err) {
+    throw new PrReviewError(
+      "invalid_json",
+      `JSON.parse failed: ${err.message}`,
+      rawJson.slice(0, 2e3)
+    );
+  }
+  const verdict = normaliseVerdict(parsed, rawJson, logPath);
+  return verdict;
+}
+function extractJsonBlocks(text) {
+  const re = /```(?:json|JSON|jsonc)\s*\n([\s\S]*?)\n```/g;
+  const out = [];
+  let match;
+  while ((match = re.exec(text)) !== null) {
+    if (match[1] !== void 0) out.push(match[1]);
+  }
+  return out;
+}
+var QA_VERDICTS = /* @__PURE__ */ new Set(["GO", "CONDITIONAL", "NO-GO"]);
+var SECURITY_VERDICTS = /* @__PURE__ */ new Set(["PASS", "PASS_WITH_CONDITIONS", "FAIL"]);
+var SECURITY_LAYER_VERDICTS = /* @__PURE__ */ new Set(["PASS", "FAIL"]);
+var SEVERITIES = /* @__PURE__ */ new Set(["critical", "high", "medium", "low"]);
+var LAYER_KEYS = [
+  "authentication",
+  "tenant_resolution",
+  "authorisation",
+  "rls",
+  "audit"
+];
+function normaliseVerdict(raw, rawJson, logPath) {
+  if (raw === null || typeof raw !== "object") {
+    throw new PrReviewError(
+      "schema_mismatch",
+      "Verdict JSON is not an object",
+      rawJson.slice(0, 1e3)
+    );
+  }
+  const r = raw;
+  const qaRaw = r["qa"] ?? {};
+  const secRaw = r["security"] ?? {};
+  const layersRaw = secRaw["layers_reviewed"] ?? {};
+  const qaVerdict = String(qaRaw["verdict"] ?? "");
+  if (!QA_VERDICTS.has(qaVerdict)) {
+    throw new PrReviewError(
+      "schema_mismatch",
+      `qa.verdict is "${qaVerdict}", expected one of GO / CONDITIONAL / NO-GO`,
+      rawJson.slice(0, 1e3)
+    );
+  }
+  const securityVerdict = String(secRaw["verdict"] ?? "");
+  if (!SECURITY_VERDICTS.has(securityVerdict)) {
+    throw new PrReviewError(
+      "schema_mismatch",
+      `security.verdict is "${securityVerdict}", expected PASS / PASS_WITH_CONDITIONS / FAIL`,
+      rawJson.slice(0, 1e3)
+    );
+  }
+  const layers = {};
+  for (const key of LAYER_KEYS) {
+    const val = String(layersRaw[key] ?? "");
+    layers[key] = SECURITY_LAYER_VERDICTS.has(val) ? val : "FAIL";
+  }
+  const findingsRaw = Array.isArray(r["findings"]) ? r["findings"] : [];
+  const findings = findingsRaw.slice(0, 50).map((f) => {
+    const fr = f ?? {};
+    const severity = String(fr["severity"] ?? "low");
+    const lensRaw = String(fr["lens"] ?? "qa");
+    return {
+      lens: lensRaw === "security" ? "security" : "qa",
+      severity: SEVERITIES.has(severity) ? severity : "low",
+      file: typeof fr["file"] === "string" ? fr["file"].slice(0, 500) : null,
+      description: String(fr["description"] ?? "").slice(0, 2e3),
+      recommendation: String(fr["recommendation"] ?? "").slice(0, 2e3)
+    };
+  });
+  const failedChecks = Array.isArray(qaRaw["failed_checks"]) ? qaRaw["failed_checks"].map((s) => String(s).slice(0, 200)).slice(0, 20) : [];
+  const overall = qaVerdict === "GO" && securityVerdict === "PASS" ? "pass" : "fail";
+  return {
+    overall,
+    summary: String(r["summary"] ?? "").slice(0, 1e3) || (overall === "pass" ? "Review passed." : "Review failed."),
+    qa: { verdict: qaVerdict, failed_checks: failedChecks },
+    security: { verdict: securityVerdict, layers_reviewed: layers },
+    findings,
+    rawJson: rawJson.slice(0, 5e4),
+    logPath
+  };
+}
+
 // src/guardrail/diff-check.ts
 import { execFileSync as execFileSync4 } from "child_process";
 
@@ -1705,7 +2020,7 @@ function discardWorkingTreeChanges(cwd) {
 }
 
 // src/test-runner/run-tests.ts
-import { spawn as spawn2 } from "child_process";
+import { spawn as spawn3 } from "child_process";
 var ALLOWED_EXECUTABLES = /* @__PURE__ */ new Set(["pnpm", "npm", "yarn", "bun", "node", "npx"]);
 var DEFAULT_COMMAND = "pnpm typecheck";
 var TIMEOUT_MS = 10 * 60 * 1e3;
@@ -1733,7 +2048,7 @@ async function runProjectTest(args) {
   const [exe, ...rest] = argv;
   const startedAt = Date.now();
   return new Promise((resolve2) => {
-    const child = spawn2(exe, rest, {
+    const child = spawn3(exe, rest, {
       cwd: args.cwd,
       stdio: ["ignore", "pipe", "pipe"],
       shell: false,
@@ -1778,16 +2093,16 @@ async function runProjectTest(args) {
 }
 
 // src/test-runner/auto-install.ts
-import { spawn as spawn3 } from "child_process";
+import { spawn as spawn4 } from "child_process";
 import { stat as stat2 } from "fs/promises";
-import { dirname as dirname4, join as join8 } from "path";
+import { dirname as dirname4, join as join9 } from "path";
 var INSTALL_TIMEOUT_MS = 10 * 60 * 1e3;
 var TAIL_BYTES2 = 4e3;
 async function findPnpmWorkspaceRoot(start) {
   let cur = start;
   for (; ; ) {
     try {
-      await stat2(join8(cur, "pnpm-lock.yaml"));
+      await stat2(join9(cur, "pnpm-lock.yaml"));
       return cur;
     } catch {
     }
@@ -1817,8 +2132,8 @@ async function ensureWorkspaceInstalled(args) {
       tail: ""
     };
   }
-  const lockMtime = await mtimeMs(join8(workspaceRoot, "pnpm-lock.yaml"));
-  const markerMtime = await mtimeMs(join8(workspaceRoot, "node_modules", ".modules.yaml"));
+  const lockMtime = await mtimeMs(join9(workspaceRoot, "pnpm-lock.yaml"));
+  const markerMtime = await mtimeMs(join9(workspaceRoot, "node_modules", ".modules.yaml"));
   if (lockMtime !== null && markerMtime !== null && markerMtime >= lockMtime) {
     return {
       ok: true,
@@ -1832,7 +2147,7 @@ async function ensureWorkspaceInstalled(args) {
   }
   const reason = markerMtime === null ? "node_modules missing \u2014 cold install" : "pnpm-lock.yaml newer than install marker";
   return new Promise((resolve2) => {
-    const child = spawn3("pnpm", ["install", "--frozen-lockfile"], {
+    const child = spawn4("pnpm", ["install", "--frozen-lockfile"], {
       cwd: workspaceRoot,
       stdio: ["ignore", "pipe", "pipe"],
       shell: false,
@@ -1878,10 +2193,10 @@ async function ensureWorkspaceInstalled(args) {
 }
 
 // src/util/progress.ts
-import { mkdir as mkdir7, writeFile as writeFile8, rename as rename2, unlink as unlink3, readdir, stat as stat3 } from "fs/promises";
+import { mkdir as mkdir8, writeFile as writeFile9, rename as rename2, unlink as unlink3, readdir, stat as stat3 } from "fs/promises";
 import { tmpdir } from "os";
-import { join as join9 } from "path";
-var PROGRESS_DIR = join9(tmpdir(), "task-progress");
+import { join as join10 } from "path";
+var PROGRESS_DIR = join10(tmpdir(), "task-progress");
 var STALE_MAX_AGE_MS = 24 * 60 * 60 * 1e3;
 var ProgressWriter = class {
   path;
@@ -1894,7 +2209,7 @@ var ProgressWriter = class {
     this.ticketId = ticketId;
     const deliveryId = process.env["TASK_DELIVERY_ID"]?.trim();
     const fileBase = deliveryId && deliveryId.length > 0 ? deliveryId : `manual-${process.pid}`;
-    this.path = join9(PROGRESS_DIR, `${fileBase}.json`);
+    this.path = join10(PROGRESS_DIR, `${fileBase}.json`);
   }
   /** Switch the in-flight ticket between phases (used by `task scan` which iterates). */
   setTicketId(ticketId) {
@@ -1928,12 +2243,12 @@ var ProgressWriter = class {
     });
   }
   async writeAtomic(payload) {
-    await mkdir7(PROGRESS_DIR, { recursive: true }).catch(() => {
+    await mkdir8(PROGRESS_DIR, { recursive: true }).catch(() => {
     });
     const body = JSON.stringify(payload);
     const tmp = `${this.path}.tmp`;
     try {
-      await writeFile8(tmp, body, { encoding: "utf8", mode: 384 });
+      await writeFile9(tmp, body, { encoding: "utf8", mode: 384 });
       await rename2(tmp, this.path);
     } catch {
       await unlink3(tmp).catch(() => {
@@ -1950,7 +2265,7 @@ var ProgressWriter = class {
       const cutoff = Date.now() - STALE_MAX_AGE_MS;
       await Promise.all(
         entries.filter((name) => name.endsWith(".json") || name.endsWith(".json.tmp")).map(async (name) => {
-          const p = join9(PROGRESS_DIR, name);
+          const p = join10(PROGRESS_DIR, name);
           try {
             const s = await stat3(p);
             if (s.mtimeMs < cutoff) {
@@ -1992,6 +2307,9 @@ function registerWork(program2) {
   ).option(
     "--confirm",
     "Confirm --reset in non-TTY (silent / scheduled-task) contexts. Has no effect without --reset."
+  ).option(
+    "--no-auto-review",
+    "Skip the post-PR /qa + /security auto-review. The PR is left open for a human to review and merge."
   ).option("--schedule-id <id>", "Internal: schedule id when invoked from a scheduled task").action(async (ticketId, opts) => {
     await runWork(ticketId, opts);
   });
@@ -2515,6 +2833,122 @@ Claude session: ${runId}
     if (err instanceof CliError) err.phase = "post_push";
     throw err;
   }
+  const autoReviewEnabled = opts.autoReview !== false;
+  if (autoReviewEnabled && prNumber !== void 0 && prUrl !== void 0 && !opts.dryRun) {
+    await progress.setPhase("auto_reviewing");
+    if (!silent) {
+      process.stdout.write(c.dim("  Auto-reviewing PR \u2014 /qa + /security\u2026\n"));
+    }
+    try {
+      const verdict = await runPrReview({
+        cwd,
+        runId,
+        silent,
+        baseBranch: ticketBaseBranch,
+        branchName,
+        prNumber,
+        prUrl,
+        ...ctx.localCfg.claude_path ? { claudePath: ctx.localCfg.claude_path } : {}
+      });
+      const verdictResp = await apiCallOrThrow(
+        "POST",
+        `/api/v1/cli/me/tickets/${detail.id}/pull-requests/${prNumber}/auto-review-verdict`,
+        {
+          body: {
+            overall: verdict.overall,
+            summary: verdict.summary,
+            qa: verdict.qa,
+            security: verdict.security,
+            findings: verdict.findings,
+            raw_json: verdict.rawJson,
+            claude_session_id: runId
+          }
+        }
+      );
+      await apiCall("POST", "/api/v1/cli/me/runs", {
+        body: {
+          ticket_id: detail.id,
+          schedule_id: opts.scheduleId,
+          event: verdict.overall === "pass" ? "auto_review_passed" : "auto_review_failed",
+          claude_session_id: runId,
+          output_excerpt: `qa=${verdict.qa.verdict} security=${verdict.security.verdict}` + (verdict.findings.length > 0 ? ` | ${verdict.findings.length} finding(s)` : "")
+        }
+      });
+      if (!silent) {
+        const icon = verdict.overall === "pass" ? c.ok("\u2713 Auto-review PASS") : c.warn("\u2717 Auto-review FAIL");
+        process.stdout.write(
+          `${icon} qa=${verdict.qa.verdict} security=${verdict.security.verdict}
+`
+        );
+        if (verdict.overall === "pass") {
+          switch (verdictResp.status) {
+            case "merged":
+            case "already_merged":
+              process.stdout.write(c.ok("  \u2713 Merged into ") + c.cyan(`${ticketBaseBranch}
+`));
+              break;
+            case "merging":
+              process.stdout.write(
+                c.dim("  PR approved \u2014 merge in progress on ") + c.cyan(`${ticketBaseBranch}
+`)
+              );
+              break;
+            case "queued_for_merge":
+              process.stdout.write(
+                c.dim("  PR approved \u2014 queued for merge to ") + c.cyan(`${ticketBaseBranch}
+`) + c.dim("  GitHub still computing mergeability; the merge cron will retry.\n")
+              );
+              break;
+            case "merge_failed":
+              process.stdout.write(
+                c.warn("  PR approved but merge failed") + c.dim(" \u2014 review on GitHub for the reason (conflicts, blocked, etc.).\n")
+              );
+              break;
+            case "approved_not_queued":
+              process.stdout.write(
+                c.warn("  PR approved but not queued") + c.dim(" \u2014 server reported the merge queue was not unlocked.\n")
+              );
+              break;
+            case "sql_held_for_review": {
+              const count = verdictResp.sql_files_count ?? verdictResp.sql_files?.length ?? 0;
+              process.stdout.write(
+                c.warn("  \u26A0 Held for human review") + c.dim(
+                  ` \u2014 PR touches ${count} SQL / migration file${count === 1 ? "" : "s"}. Findings posted on the PR.
+`
+                )
+              );
+              break;
+            }
+            default:
+              process.stdout.write(c.dim(`  Verdict recorded. (status=${verdictResp.status})
+`));
+          }
+        } else {
+          process.stdout.write(
+            c.dim(`  ${verdict.findings.length} finding(s) posted as PR comment; PR left open.
+`)
+          );
+        }
+      }
+    } catch (err) {
+      const excerpt = err instanceof PrReviewError ? `${err.code}: ${err.message.slice(0, 1e3)}` : err.message.slice(0, 1e3);
+      await apiCall("POST", "/api/v1/cli/me/runs", {
+        body: {
+          ticket_id: detail.id,
+          schedule_id: opts.scheduleId,
+          event: "auto_review_errored",
+          claude_session_id: runId,
+          output_excerpt: excerpt
+        }
+      });
+      if (!silent) {
+        process.stdout.write(
+          `${c.warn("! Auto-review skipped")} ${c.dim(excerpt.slice(0, 200))}
+` + c.dim("  PR left open for manual review.\n")
+        );
+      }
+    }
+  }
   try {
     checkoutBranch(cwd, baseBranch);
   } catch {
@@ -3431,10 +3865,10 @@ function autopilotExitCode(code, status) {
 }
 
 // src/scan/llm.ts
-import { spawn as spawn4 } from "child_process";
-import { mkdir as mkdir8, writeFile as writeFile9 } from "fs/promises";
-import { homedir as homedir5 } from "os";
-import { join as join10 } from "path";
+import { spawn as spawn5 } from "child_process";
+import { mkdir as mkdir9, writeFile as writeFile10 } from "fs/promises";
+import { homedir as homedir6 } from "os";
+import { join as join11 } from "path";
 var FIX_PROMPT_JSON_SCHEMA = {
   type: "object",
   // Phase 3 — confidence_reason is REQUIRED unconditionally so the
@@ -3523,7 +3957,7 @@ async function generateFixPromptJson(args) {
   return new Promise((resolve2, reject) => {
     let child;
     try {
-      child = spawn4(claude, cliArgs, {
+      child = spawn5(claude, cliArgs, {
         stdio: ["pipe", "pipe", "pipe"],
         signal: args.signal
       });
@@ -3649,10 +4083,10 @@ function readEnvelopeTokens(raw, userPrompt, innerText) {
 async function maybeDumpDebug(ticketId, stdout, stderr) {
   if (!DEBUG && stdout.length === 0 && stderr.length === 0) return null;
   try {
-    const dir = join10(homedir5(), ".cache", "task", "scan-debug");
-    await mkdir8(dir, { recursive: true });
-    const path = join10(dir, `${ticketId}-${Date.now()}.log`);
-    await writeFile9(
+    const dir = join11(homedir6(), ".cache", "task", "scan-debug");
+    await mkdir9(dir, { recursive: true });
+    const path = join11(dir, `${ticketId}-${Date.now()}.log`);
+    await writeFile10(
       path,
       ["## ticket_id", ticketId, "", "## stdout", stdout, "", "## stderr", stderr].join("\n")
     );
@@ -3998,7 +4432,7 @@ function clampInt(raw, min, max, fallback) {
 }
 
 // src/commands/slack-import.ts
-import { spawn as spawn5 } from "child_process";
+import { spawn as spawn6 } from "child_process";
 import { request as request5 } from "undici";
 var BULLET_TYPES = ["bug", "feature", "task", "question", "improvement"];
 var BULLET_PRIORITIES = ["critical", "high", "medium", "low", "none"];
@@ -4135,7 +4569,7 @@ async function generateBullets(args) {
   return new Promise((resolve2, reject) => {
     let child;
     try {
-      child = spawn5(claude, cliArgs, { stdio: ["pipe", "pipe", "pipe"] });
+      child = spawn6(claude, cliArgs, { stdio: ["pipe", "pipe", "pipe"] });
     } catch (err) {
       reject(new Error(`Could not invoke claude: ${err.message}`));
       return;
@@ -4239,7 +4673,10 @@ function registerFastTrack(program2) {
   ).option("--max <n>", "Process up to N tickets in this invocation", "1").option("--api-url <url>", "Override TASK_API_URL").option("--silent", "Suppress per-ticket progress chrome").option("--dry-run", "Run scan + approve + agent + tests but do not commit, push, or open a PR").option(
     "--reset",
     "DESTRUCTIVE: discard local working-tree changes before the first ticket. Requires --confirm in non-TTY contexts."
-  ).option("--confirm", "Confirm --reset in non-TTY (silent / scheduled-task) contexts").option("--schedule-id <id>", "Internal: schedule id when invoked from a scheduled task").action(async (opts) => {
+  ).option("--confirm", "Confirm --reset in non-TTY (silent / scheduled-task) contexts").option(
+    "--no-auto-review",
+    "Skip the post-PR /qa + /security auto-review. Each PR is left open for a human to review and merge."
+  ).option("--schedule-id <id>", "Internal: schedule id when invoked from a scheduled task").action(async (opts) => {
     await runFastTrack(opts);
   });
 }
@@ -4280,7 +4717,11 @@ async function runFastTrack(opts) {
       ...opts.dryRun ? { dryRun: true } : {},
       ...opts.scheduleId ? { scheduleId: opts.scheduleId } : {},
       ...firstIteration && opts.reset ? { reset: true } : {},
-      ...firstIteration && opts.confirm ? { confirm: true } : {}
+      ...firstIteration && opts.confirm ? { confirm: true } : {},
+      // Commander sets opts.autoReview to `false` only when --no-auto-review
+      // is passed; otherwise it's `undefined` and processOneTicketImpl
+      // treats `undefined` as "auto-review enabled" (opts.autoReview !== false).
+      ...opts.autoReview === false ? { autoReview: false } : {}
     };
     const outcome = await fastTrackOneTicket({
       api,
@@ -4620,10 +5061,10 @@ import { randomUUID as randomUUID4 } from "crypto";
 import { platform as platform2 } from "os";
 
 // src/scheduler/launchd.ts
-import { mkdir as mkdir9, readFile as readFile5, writeFile as writeFile10, unlink as unlink4, readdir as readdir2 } from "fs/promises";
-import { homedir as homedir6 } from "os";
-import { join as join11 } from "path";
-import { execFileSync as execFileSync9, spawn as spawn6 } from "child_process";
+import { mkdir as mkdir10, readFile as readFile5, writeFile as writeFile11, unlink as unlink4, readdir as readdir2 } from "fs/promises";
+import { homedir as homedir7 } from "os";
+import { join as join12 } from "path";
+import { execFileSync as execFileSync9, spawn as spawn7 } from "child_process";
 
 // src/scheduler/cron-translate.ts
 function translateToLaunchd(cron) {
@@ -4724,14 +5165,14 @@ function expandField(field, min, max) {
 }
 
 // src/scheduler/launchd.ts
-var PLIST_DIR = join11(homedir6(), "Library", "LaunchAgents");
+var PLIST_DIR = join12(homedir7(), "Library", "LaunchAgents");
 var LABEL_PREFIX = "com.inteeka.task.cli.";
 var SAFE_ID_RE = /^[0-9a-zA-Z._-]+$/;
 function plistPath(id) {
   if (!SAFE_ID_RE.test(id) || id.includes("..")) {
     throw new Error(`Refusing to compute plist path for unsafe id: ${id}`);
   }
-  return join11(PLIST_DIR, `${LABEL_PREFIX}${id}.plist`);
+  return join12(PLIST_DIR, `${LABEL_PREFIX}${id}.plist`);
 }
 function buildPlist(entry) {
   const calendars = translateToLaunchd(entry.cron);
@@ -4767,9 +5208,9 @@ ${fields}
     `    <string>/usr/local/bin:/usr/bin:/bin:/opt/homebrew/bin</string>`,
     `  </dict>`,
     `  <key>StandardOutPath</key>`,
-    `  <string>${escapeXml(join11(homedir6(), ".cache", "task", "launchd-stdout.log"))}</string>`,
+    `  <string>${escapeXml(join12(homedir7(), ".cache", "task", "launchd-stdout.log"))}</string>`,
     `  <key>StandardErrorPath</key>`,
-    `  <string>${escapeXml(join11(homedir6(), ".cache", "task", "launchd-stderr.log"))}</string>`,
+    `  <string>${escapeXml(join12(homedir7(), ".cache", "task", "launchd-stderr.log"))}</string>`,
     !entry.enabled ? `  <key>Disabled</key>
   <true/>` : "",
     "</dict>",
@@ -4787,9 +5228,9 @@ function bootstrapDomain() {
 }
 var launchdAdapter = {
   async upsert(entry) {
-    await mkdir9(PLIST_DIR, { recursive: true });
+    await mkdir10(PLIST_DIR, { recursive: true });
     const path = plistPath(entry.id);
-    await writeFile10(path, buildPlist(entry));
+    await writeFile11(path, buildPlist(entry));
     try {
       execFileSync9("launchctl", ["bootout", bootstrapDomain(), path], { stdio: "ignore" });
     } catch {
@@ -4818,7 +5259,7 @@ var launchdAdapter = {
       for (const file of ours) {
         const id = file.slice(LABEL_PREFIX.length, -".plist".length);
         try {
-          const xml = await readFile5(join11(PLIST_DIR, file), "utf8");
+          const xml = await readFile5(join12(PLIST_DIR, file), "utf8");
           const cron = xml.match(/<key>StartCalendarInterval<\/key>[\s\S]*?<\/array>/)?.[0] ?? "";
           const command = xml.match(/<key>ProgramArguments<\/key>\s*<array>([\s\S]*?)<\/array>/)?.[1] ?? "";
           const disabled = /<key>Disabled<\/key>\s*<true\/>/.test(xml);
@@ -4841,7 +5282,7 @@ var launchdAdapter = {
     return new Promise((resolve2) => {
       const args = entry.command.match(/(?:[^\s"]+|"[^"]*")+/g) ?? [entry.command];
       const cmd = args.shift() ?? entry.command;
-      const child = spawn6(cmd, args, { stdio: ["ignore", "pipe", "pipe"] });
+      const child = spawn7(cmd, args, { stdio: ["ignore", "pipe", "pipe"] });
       let stdoutTail = "";
       let stderrTail = "";
       child.stdout?.on("data", (chunk) => {
@@ -4864,7 +5305,7 @@ var launchdAdapter = {
     }
     if (enabled) {
       xml = xml.replace(/\s*<key>Disabled<\/key>\s*<true\/>/, "");
-      await writeFile10(path, xml);
+      await writeFile11(path, xml);
       try {
         execFileSync9("launchctl", ["bootout", bootstrapDomain(), path], { stdio: "ignore" });
       } catch {
@@ -4876,7 +5317,7 @@ var launchdAdapter = {
           "</dict>\n</plist>",
           "  <key>Disabled</key>\n  <true/>\n</dict>\n</plist>"
         );
-        await writeFile10(path, xml);
+        await writeFile11(path, xml);
       }
       try {
         execFileSync9("launchctl", ["bootout", bootstrapDomain(), path], { stdio: "ignore" });
@@ -4887,7 +5328,7 @@ var launchdAdapter = {
 };
 
 // src/scheduler/cron.ts
-import { execFileSync as execFileSync10, spawn as spawn7 } from "child_process";
+import { execFileSync as execFileSync10, spawn as spawn8 } from "child_process";
 
 // src/scheduler/safe-command.ts
 var FORBIDDEN = /[;&|`$()<>\\]/;
@@ -4948,7 +5389,7 @@ function readCrontab() {
   }
 }
 function writeCrontab(text) {
-  const child = spawn7("crontab", ["-"], { stdio: ["pipe", "inherit", "inherit"] });
+  const child = spawn8("crontab", ["-"], { stdio: ["pipe", "inherit", "inherit"] });
   child.stdin.write(text);
   child.stdin.end();
 }
@@ -5029,7 +5470,7 @@ var cronAdapter = {
       return Promise.resolve({ exitCode: 1, stdoutTail: "", stderrTail: `rejected: ${reason}` });
     }
     return new Promise((resolve2) => {
-      const child = spawn7(parsed.bin, parsed.args, { stdio: ["ignore", "pipe", "pipe"] });
+      const child = spawn8(parsed.bin, parsed.args, { stdio: ["ignore", "pipe", "pipe"] });
       let stdoutTail = "";
       let stderrTail = "";
       child.stdout?.on(
@@ -5057,7 +5498,7 @@ var cronAdapter = {
 };
 
 // src/scheduler/windows.ts
-import { execFileSync as execFileSync11, spawn as spawn8 } from "child_process";
+import { execFileSync as execFileSync11, spawn as spawn9 } from "child_process";
 var TASK_PREFIX = "TaskCLI_";
 function taskName(id) {
   return `${TASK_PREFIX}${id.replace(/[^A-Za-z0-9_-]/g, "_")}`;
@@ -5170,7 +5611,7 @@ var windowsAdapter = {
       return Promise.resolve({ exitCode: 1, stdoutTail: "", stderrTail: `rejected: ${reason}` });
     }
     return new Promise((resolve2) => {
-      const child = spawn8(parsed.bin, parsed.args, { stdio: ["ignore", "pipe", "pipe"] });
+      const child = spawn9(parsed.bin, parsed.args, { stdio: ["ignore", "pipe", "pipe"] });
       let stdoutTail = "";
       let stderrTail = "";
       child.stdout?.on(
@@ -5229,10 +5670,10 @@ var unsupportedAdapter = {
 };
 
 // src/scheduler/registry.ts
-import { mkdir as mkdir10, readFile as readFile6, writeFile as writeFile11 } from "fs/promises";
-import { homedir as homedir7 } from "os";
-import { dirname as dirname5, join as join12 } from "path";
-var REGISTRY_PATH = join12(homedir7(), ".config", "task", "schedules.json");
+import { mkdir as mkdir11, readFile as readFile6, writeFile as writeFile12 } from "fs/promises";
+import { homedir as homedir8 } from "os";
+import { dirname as dirname5, join as join13 } from "path";
+var REGISTRY_PATH = join13(homedir8(), ".config", "task", "schedules.json");
 var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function looksLikeRegistryRow(value) {
   if (!value || typeof value !== "object") return false;
@@ -5252,8 +5693,8 @@ async function readRegistry() {
   }
 }
 async function writeRegistry(rows) {
-  await mkdir10(dirname5(REGISTRY_PATH), { recursive: true });
-  await writeFile11(REGISTRY_PATH, JSON.stringify(rows, null, 2));
+  await mkdir11(dirname5(REGISTRY_PATH), { recursive: true });
+  await writeFile12(REGISTRY_PATH, JSON.stringify(rows, null, 2));
 }
 async function upsertRegistry(row) {
   if (!UUID_RE.test(row.id)) {
@@ -5493,8 +5934,8 @@ function stripAnsi(s) {
 
 // src/commands/runs.ts
 import { readFile as readFile7 } from "fs/promises";
-import { homedir as homedir8 } from "os";
-import { join as join13 } from "path";
+import { homedir as homedir9 } from "os";
+import { join as join14 } from "path";
 function registerRuns(program2) {
   const cmd = program2.command("runs").description("Inspect agentic CLI run history");
   cmd.command("list").description("List recent runs").option("--limit <n>", "Max rows", "50").option("--ticket <id>", "Filter by ticket").option("--schedule <id>", "Filter by schedule").action(async (opts) => {
@@ -5523,7 +5964,7 @@ function registerRuns(program2) {
     process.stdout.write(JSON.stringify(row, null, 2) + "\n");
   });
   cmd.command("logs <id>").description("Show captured agent output for a run, if available").action(async (id) => {
-    const localPath = join13(homedir8(), ".cache", "task", "runs", `${id}.log`);
+    const localPath = join14(homedir9(), ".cache", "task", "runs", `${id}.log`);
     try {
       const text = await readFile7(localPath, "utf8");
       process.stdout.write(text);
@@ -5596,8 +6037,8 @@ function registerConfig(program2) {
 
 // src/commands/doctor.ts
 import { execFileSync as execFileSync12 } from "child_process";
-import { readFile as readFile8, writeFile as writeFile12 } from "fs/promises";
-import { join as join14 } from "path";
+import { readFile as readFile8, writeFile as writeFile13 } from "fs/promises";
+import { join as join15 } from "path";
 import { request as request6 } from "undici";
 var ALLOWED_TEST_EXECUTABLES = /* @__PURE__ */ new Set(["pnpm", "npm", "yarn", "bun", "node", "npx"]);
 var DEFAULT_TEST_COMMAND = "pnpm typecheck";
@@ -5811,7 +6252,7 @@ async function checkPrePushTest(root, configuredCommand, fix) {
       detail: `${command} (non-script executable, not statically verifiable)`
     };
   }
-  const pkgPath = join14(root, "package.json");
+  const pkgPath = join15(root, "package.json");
   let pkgRaw;
   try {
     pkgRaw = await readFile8(pkgPath, "utf8");
@@ -5847,7 +6288,7 @@ async function checkPrePushTest(root, configuredCommand, fix) {
     pkg.scripts = { ...scripts, typecheck: "tsc --noEmit" };
     const indent = detectIndent(pkgRaw);
     const trailingNewline = pkgRaw.endsWith("\n") ? "\n" : "";
-    await writeFile12(pkgPath, JSON.stringify(pkg, null, indent) + trailingNewline);
+    await writeFile13(pkgPath, JSON.stringify(pkg, null, indent) + trailingNewline);
     return {
       name: "pre-push test",
       ok: true,
@@ -5896,7 +6337,7 @@ function checkBinary(name, command) {
 }
 
 // src/commands/version.ts
-var CLI_VERSION = true ? "0.2.26" : "0.0.0-dev";
+var CLI_VERSION = true ? "0.2.28" : "0.0.0-dev";
 function registerVersion(program2) {
   program2.command("version").description("Print the CLI version").action(() => {
     process.stdout.write(CLI_VERSION + "\n");