@jonit-dev/night-watch-cli 1.7.27 → 1.7.30

package/scripts/night-watch-helpers.sh

@@ -305,17 +305,25 @@ find_eligible_prd() {
 }
 
 # ── Clean up worktrees ───────────────────────────────────────────────────────
-# Removes any worktrees with "-nw-" in the path (night-watch worktrees).
+# Removes night-watch worktrees for this project.
+# Optional second argument narrows cleanup to worktrees containing that token.
+# This prevents parallel reviewer workers from deleting each other's worktrees.
 
 cleanup_worktrees() {
   local project_dir="${1:?project_dir required}"
+  local scope="${2:-}"
   local project_name
   project_name=$(basename "${project_dir}")
 
+  local match_token="${project_name}-nw"
+  if [ -n "${scope}" ]; then
+    match_token="${scope}"
+  fi
+
   git -C "${project_dir}" worktree list --porcelain 2>/dev/null \
     | grep '^worktree ' \
     | awk '{print $2}' \
-    | grep "${project_name}-nw" \
+    | grep -F "${match_token}" \
     | while read -r wt; do
         log "CLEANUP: Removing leftover worktree ${wt}"
         git -C "${project_dir}" worktree remove --force "${wt}" 2>/dev/null || true

package/scripts/night-watch-pr-reviewer-cron.sh

@@ -16,7 +16,7 @@ set -euo pipefail
 PROJECT_DIR="${1:?Usage: $0 /path/to/project}"
 PROJECT_NAME=$(basename "${PROJECT_DIR}")
 LOG_DIR="${PROJECT_DIR}/logs"
-LOG_FILE="${LOG_DIR}/night-watch-pr-reviewer.log"
+LOG_FILE="${LOG_DIR}/reviewer.log"
 MAX_RUNTIME="${NW_REVIEWER_MAX_RUNTIME:-3600}"  # 1 hour
 MAX_LOG_SIZE="524288"  # 512 KB
 PROVIDER_CMD="${NW_PROVIDER_CMD:-claude}"
@@ -25,6 +25,8 @@ BRANCH_PATTERNS_RAW="${NW_BRANCH_PATTERNS:-feat/,night-watch/}"
 AUTO_MERGE="${NW_AUTO_MERGE:-0}"
 AUTO_MERGE_METHOD="${NW_AUTO_MERGE_METHOD:-squash}"
 TARGET_PR="${NW_TARGET_PR:-}"
+PARALLEL_ENABLED="${NW_REVIEWER_PARALLEL:-1}"
+WORKER_MODE="${NW_REVIEWER_WORKER_MODE:-0}"
 
 # Ensure NVM / Node / Claude are on PATH
 export NVM_DIR="${HOME}/.nvm"
@@ -39,8 +41,13 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 # shellcheck source=night-watch-helpers.sh
 source "${SCRIPT_DIR}/night-watch-helpers.sh"
 PROJECT_RUNTIME_KEY=$(project_runtime_key "${PROJECT_DIR}")
-# NOTE: Lock file path must match reviewerLockPath() in src/utils/status-data.ts
-LOCK_FILE="/tmp/night-watch-pr-reviewer-${PROJECT_RUNTIME_KEY}.lock"
+GLOBAL_LOCK_FILE="/tmp/night-watch-pr-reviewer-${PROJECT_RUNTIME_KEY}.lock"
+if [ "${WORKER_MODE}" = "1" ] && [ -n "${TARGET_PR}" ]; then
+  LOCK_FILE="/tmp/night-watch-pr-reviewer-${PROJECT_RUNTIME_KEY}-pr-${TARGET_PR}.lock"
+else
+  # NOTE: Lock file path must match reviewerLockPath() in src/utils/status-data.ts
+  LOCK_FILE="${GLOBAL_LOCK_FILE}"
+fi
 
 emit_result() {
   local status="${1:?status required}"
@@ -52,6 +59,38 @@ emit_result() {
   fi
 }
 
+emit_final_status() {
+  local exit_code="${1:?exit code required}"
+  local prs_csv="${2:-}"
+  local auto_merged="${3:-}"
+  local auto_merge_failed="${4:-}"
+
+  if [ "${exit_code}" -eq 0 ]; then
+    log "DONE: PR reviewer completed successfully"
+    emit_result "success_reviewed" "prs=${prs_csv}|auto_merged=${auto_merged}|auto_merge_failed=${auto_merge_failed}"
+  elif [ "${exit_code}" -eq 124 ]; then
+    log "TIMEOUT: PR reviewer killed after ${MAX_RUNTIME}s"
+    emit_result "timeout" "prs=${prs_csv}"
+  else
+    log "FAIL: PR reviewer exited with code ${exit_code}"
+    emit_result "failure" "prs=${prs_csv}"
+  fi
+}
+
+append_csv() {
+  local current="${1:-}"
+  local incoming="${2:-}"
+  if [ -z "${incoming}" ]; then
+    printf "%s" "${current}"
+    return 0
+  fi
+  if [ -z "${current}" ]; then
+    printf "%s" "${incoming}"
+  else
+    printf "%s,%s" "${current}" "${incoming}"
+  fi
+}
+
 # Validate provider
 if ! validate_provider "${PROVIDER_CMD}"; then
   echo "ERROR: Unknown provider: ${PROVIDER_CMD}" >&2
@@ -159,6 +198,62 @@ done < <(gh pr list --state open --json number,headRefName --jq '.[] | [.number,
 
 if [ "${NEEDS_WORK}" -eq 0 ]; then
   log "SKIP: All ${OPEN_PRS} open PR(s) have passing CI and review score >= ${MIN_REVIEW_SCORE} (or no score yet)"
+
+  # ── Auto-merge eligible PRs ───────────────────────────────
+  if [ "${NW_AUTO_MERGE:-0}" = "1" ]; then
+    AUTO_MERGE_METHOD="${NW_AUTO_MERGE_METHOD:-squash}"
+    AUTO_MERGED_COUNT=0
+
+    log "AUTO-MERGE: Checking for merge-ready PRs (method: ${AUTO_MERGE_METHOD})"
+
+    while IFS=$'\t' read -r pr_number pr_branch; do
+      [ -z "${pr_number}" ] || [ -z "${pr_branch}" ] && continue
+      printf '%s\n' "${pr_branch}" | grep -Eq "${BRANCH_REGEX}" || continue
+
+      # Check CI status
+      FAILED_CHECKS=$(gh pr checks "${pr_number}" 2>/dev/null | grep -ci 'fail' || true)
+      [ "${FAILED_CHECKS}" -gt 0 ] && continue
+
+      # Check review score
+      PR_COMMENTS=$(
+        {
+          gh pr view "${pr_number}" --json comments --jq '.comments[].body' 2>/dev/null || true
+          if [ -n "${REPO}" ]; then
+            gh api "repos/${REPO}/issues/${pr_number}/comments" --jq '.[].body' 2>/dev/null || true
+          fi
+        } | sort -u
+      )
+      PR_SCORE=$(echo "${PR_COMMENTS}" \
+        | grep -oP 'Overall Score:\*?\*?\s*(\d+)/100' \
+        | tail -1 \
+        | grep -oP '\d+(?=/100)' || echo "")
+
+      # Skip PRs without a score or with score below threshold
+      [ -z "${PR_SCORE}" ] && continue
+      [ "${PR_SCORE}" -lt "${MIN_REVIEW_SCORE}" ] && continue
+
+      # PR is merge-ready
+      log "AUTO-MERGE: PR #${pr_number} (${pr_branch}) — score ${PR_SCORE}/100, CI passing"
+
+      # Dry-run mode: show what would be merged
+      if [ "${NW_DRY_RUN:-0}" = "1" ]; then
+        log "AUTO-MERGE (dry-run): Would queue merge for PR #${pr_number} using ${AUTO_MERGE_METHOD}"
+        continue
+      fi
+
+      if gh pr merge "${pr_number}" --"${AUTO_MERGE_METHOD}" --auto --delete-branch 2>>"${LOG_FILE}"; then
+        log "AUTO-MERGE: Successfully queued merge for PR #${pr_number}"
+        AUTO_MERGED_COUNT=$((AUTO_MERGED_COUNT + 1))
+      else
+        log "WARN: Auto-merge failed for PR #${pr_number}"
+      fi
+    done < <(gh pr list --state open --json number,headRefName --jq '.[] | [.number, .headRefName] | @tsv' 2>/dev/null || true)
+
+    if [ "${AUTO_MERGED_COUNT}" -gt 0 ]; then
+      log "AUTO-MERGE: Queued ${AUTO_MERGED_COUNT} PR(s) for merge"
+    fi
+  fi
+
   emit_result "skip_all_passing"
   exit 0
 fi
@@ -172,11 +267,121 @@ if [ -n "${NW_DEFAULT_BRANCH:-}" ]; then
 else
   DEFAULT_BRANCH=$(detect_default_branch "${PROJECT_DIR}")
 fi
-REVIEW_WORKTREE_DIR="$(dirname "${PROJECT_DIR}")/${PROJECT_NAME}-nw-review-runner"
 
 log "START: Found PR(s) needing work:${PRS_NEEDING_WORK}"
 
-cleanup_worktrees "${PROJECT_DIR}"
+# Convert "#12 #34" into ["12", "34"] for worker fan-out.
+PR_NUMBER_ARRAY=()
+for pr_token in ${PRS_NEEDING_WORK}; do
+  PR_NUMBER_ARRAY+=("${pr_token#\#}")
+done
+
+if [ -z "${TARGET_PR}" ] && [ "${WORKER_MODE}" != "1" ] && [ "${PARALLEL_ENABLED}" = "1" ] && [ "${#PR_NUMBER_ARRAY[@]}" -gt 1 ]; then
+  # Dry-run mode: print diagnostics and exit
+  if [ "${NW_DRY_RUN:-0}" = "1" ]; then
+    echo "=== Dry Run: PR Reviewer ==="
+    echo "Provider: ${PROVIDER_CMD}"
+    echo "Branch Patterns: ${BRANCH_PATTERNS_RAW}"
+    echo "Min Review Score: ${MIN_REVIEW_SCORE}"
+    echo "Auto-merge: ${AUTO_MERGE}"
+    if [ "${AUTO_MERGE}" = "1" ]; then
+      echo "Auto-merge Method: ${AUTO_MERGE_METHOD}"
+    fi
+    echo "Open PRs needing work:${PRS_NEEDING_WORK}"
+    echo "Default Branch: ${DEFAULT_BRANCH}"
+    echo "Parallel Workers: ${#PR_NUMBER_ARRAY[@]}"
+    echo "Timeout: ${MAX_RUNTIME}s"
+    exit 0
+  fi
+
+  log "PARALLEL: Launching ${#PR_NUMBER_ARRAY[@]} reviewer worker(s)"
+
+  declare -a WORKER_PIDS=()
+  declare -a WORKER_PRS=()
+  declare -a WORKER_OUTPUTS=()
+
+  for pr_number in "${PR_NUMBER_ARRAY[@]}"; do
+    worker_output=$(mktemp "/tmp/night-watch-pr-reviewer-${PROJECT_RUNTIME_KEY}-pr-${pr_number}.XXXXXX")
+    WORKER_OUTPUTS+=("${worker_output}")
+    WORKER_PRS+=("${pr_number}")
+
+    (
+      NW_TARGET_PR="${pr_number}" \
+      NW_REVIEWER_WORKER_MODE="1" \
+      NW_REVIEWER_PARALLEL="0" \
+      bash "${SCRIPT_DIR}/night-watch-pr-reviewer-cron.sh" "${PROJECT_DIR}" > "${worker_output}" 2>&1
+    ) &
+
+    worker_pid=$!
+    WORKER_PIDS+=("${worker_pid}")
+    log "PARALLEL: Worker PID ${worker_pid} started for PR #${pr_number}"
+  done
+
+  EXIT_CODE=0
+  AUTO_MERGED_PRS=""
+  AUTO_MERGE_FAILED_PRS=""
+
+  for idx in "${!WORKER_PIDS[@]}"; do
+    worker_pid="${WORKER_PIDS[$idx]}"
+    worker_pr="${WORKER_PRS[$idx]}"
+    worker_output="${WORKER_OUTPUTS[$idx]}"
+
+    worker_exit_code=0
+    if wait "${worker_pid}"; then
+      worker_exit_code=0
+    else
+      worker_exit_code=$?
+    fi
+
+    if [ -f "${worker_output}" ] && [ -s "${worker_output}" ]; then
+      cat "${worker_output}" >> "${LOG_FILE}"
+    fi
+
+    worker_result=$(grep -o 'NIGHT_WATCH_RESULT:.*' "${worker_output}" 2>/dev/null | tail -1 || true)
+    worker_status=$(printf '%s' "${worker_result}" | sed -n 's/^NIGHT_WATCH_RESULT:\([^|]*\).*$/\1/p')
+    worker_auto_merged=$(printf '%s' "${worker_result}" | grep -oP '(?<=auto_merged=)[^|]+' || true)
+    worker_auto_merge_failed=$(printf '%s' "${worker_result}" | grep -oP '(?<=auto_merge_failed=)[^|]+' || true)
+
+    AUTO_MERGED_PRS=$(append_csv "${AUTO_MERGED_PRS}" "${worker_auto_merged}")
+    AUTO_MERGE_FAILED_PRS=$(append_csv "${AUTO_MERGE_FAILED_PRS}" "${worker_auto_merge_failed}")
+
+    rm -f "${worker_output}"
+
+    if [ "${worker_status}" = "failure" ] || { [ -n "${worker_status}" ] && [ "${worker_status}" != "success_reviewed" ] && [ "${worker_status}" != "timeout" ] && [ "${worker_status#skip_}" = "${worker_status}" ]; }; then
+      if [ "${EXIT_CODE}" -eq 0 ] || [ "${EXIT_CODE}" -eq 124 ]; then
+        EXIT_CODE=1
+      fi
+      log "PARALLEL: Worker for PR #${worker_pr} reported status '${worker_status:-unknown}'"
+    elif [ "${worker_status}" = "timeout" ]; then
+      if [ "${EXIT_CODE}" -eq 0 ]; then
+        EXIT_CODE=124
+      fi
+      log "PARALLEL: Worker for PR #${worker_pr} timed out"
+    elif [ "${worker_exit_code}" -ne 0 ]; then
+      if [ "${worker_exit_code}" -eq 124 ]; then
+        if [ "${EXIT_CODE}" -eq 0 ]; then
+          EXIT_CODE=124
+        fi
+      elif [ "${EXIT_CODE}" -eq 0 ] || [ "${EXIT_CODE}" -eq 124 ]; then
+        EXIT_CODE="${worker_exit_code}"
+      fi
+      log "PARALLEL: Worker for PR #${worker_pr} exited with code ${worker_exit_code}"
+    else
+      log "PARALLEL: Worker for PR #${worker_pr} completed"
+    fi
+  done
+
+  emit_final_status "${EXIT_CODE}" "${PRS_NEEDING_WORK_CSV}" "${AUTO_MERGED_PRS}" "${AUTO_MERGE_FAILED_PRS}"
+  exit 0
+fi
+
+REVIEW_WORKTREE_BASENAME="${PROJECT_NAME}-nw-review-runner"
+if [ -n "${TARGET_PR}" ]; then
+  REVIEW_WORKTREE_BASENAME="${REVIEW_WORKTREE_BASENAME}-pr-${TARGET_PR}"
+fi
+REVIEW_WORKTREE_DIR="$(dirname "${PROJECT_DIR}")/${REVIEW_WORKTREE_BASENAME}"
+
+cleanup_worktrees "${PROJECT_DIR}" "${REVIEW_WORKTREE_BASENAME}"
 
 # Dry-run mode: print diagnostics and exit
 if [ "${NW_DRY_RUN:-0}" = "1" ]; then
@@ -191,6 +396,10 @@ if [ "${NW_DRY_RUN:-0}" = "1" ]; then
   echo "Open PRs needing work:${PRS_NEEDING_WORK}"
   echo "Default Branch: ${DEFAULT_BRANCH}"
   echo "Review Worktree: ${REVIEW_WORKTREE_DIR}"
+  echo "Target PR: ${TARGET_PR:-all}"
+  if [ -n "${TARGET_PR}" ]; then
+    echo "Worker Mode: ${WORKER_MODE}"
+  fi
   echo "Timeout: ${MAX_RUNTIME}s"
   exit 0
 fi
@@ -201,12 +410,17 @@ if ! prepare_detached_worktree "${PROJECT_DIR}" "${REVIEW_WORKTREE_DIR}" "${DEFA
 fi
 
 EXIT_CODE=0
+TARGET_SCOPE_PROMPT=""
+if [ -n "${TARGET_PR}" ]; then
+  TARGET_SCOPE_PROMPT=$'\n\n## Target Scope\n- Only process PR #'"${TARGET_PR}"$'.\n- Ignore all other PRs.\n- If this PR no longer needs work, stop immediately.\n'
+fi
 
 case "${PROVIDER_CMD}" in
   claude)
+    CLAUDE_PROMPT="/night-watch-pr-reviewer${TARGET_SCOPE_PROMPT}"
     if (
       cd "${REVIEW_WORKTREE_DIR}" && timeout "${MAX_RUNTIME}" \
-        claude -p "/night-watch-pr-reviewer" \
+        claude -p "${CLAUDE_PROMPT}" \
           --dangerously-skip-permissions \
           >> "${LOG_FILE}" 2>&1
     ); then
@@ -216,11 +430,12 @@ case "${PROVIDER_CMD}" in
     fi
     ;;
   codex)
+    CODEX_PROMPT="$(cat "${REVIEW_WORKTREE_DIR}/.claude/commands/night-watch-pr-reviewer.md")${TARGET_SCOPE_PROMPT}"
     if (
       cd "${REVIEW_WORKTREE_DIR}" && timeout "${MAX_RUNTIME}" \
         codex --quiet \
           --yolo \
-          --prompt "$(cat "${REVIEW_WORKTREE_DIR}/.claude/commands/night-watch-pr-reviewer.md")" \
+          --prompt "${CODEX_PROMPT}" \
           >> "${LOG_FILE}" 2>&1
     ); then
       EXIT_CODE=0
@@ -234,7 +449,7 @@ case "${PROVIDER_CMD}" in
     ;;
 esac
 
-cleanup_worktrees "${PROJECT_DIR}"
+cleanup_worktrees "${PROJECT_DIR}" "${REVIEW_WORKTREE_BASENAME}"
 
 # ── Auto-merge eligible PRs ─────────────────────────────────────────────────────
 # After the reviewer completes, check for PRs that are merge-ready and queue them
@@ -310,13 +525,4 @@ if [ "${AUTO_MERGE}" = "1" ] && [ ${EXIT_CODE} -eq 0 ]; then
   done < <(gh pr list --state open --json number,headRefName --jq '.[] | [.number, .headRefName] | @tsv' 2>/dev/null || true)
 fi
 
-if [ ${EXIT_CODE} -eq 0 ]; then
-  log "DONE: PR reviewer completed successfully"
-  emit_result "success_reviewed" "prs=${PRS_NEEDING_WORK_CSV}|auto_merged=${AUTO_MERGED_PRS}|auto_merge_failed=${AUTO_MERGE_FAILED_PRS}"
-elif [ ${EXIT_CODE} -eq 124 ]; then
-  log "TIMEOUT: PR reviewer killed after ${MAX_RUNTIME}s"
-  emit_result "timeout" "prs=${PRS_NEEDING_WORK_CSV}"
-else
-  log "FAIL: PR reviewer exited with code ${EXIT_CODE}"
-  emit_result "failure" "prs=${PRS_NEEDING_WORK_CSV}"
-fi
+emit_final_status "${EXIT_CODE}" "${PRS_NEEDING_WORK_CSV}" "${AUTO_MERGED_PRS}" "${AUTO_MERGE_FAILED_PRS}"

package/templates/night-watch-audit.md

@@ -0,0 +1,87 @@
+You are the Night Watch Code Auditor. Your job is to scan the codebase for real engineering risks and write a structured, high-signal report.
+
+## What to look for
+
+### 1) Critical runtime and security risks
+1. **Empty or swallowed catches** - `catch` blocks that discard meaningful errors in non-trivial paths.
+2. **Critical TODOs/FIXMEs/HACKs** - comments mentioning `bug`, `security`, `race`, `leak`, `crash`, `hotfix`, `rollback`, `unsafe`.
+3. **Hardcoded secrets or tokens** - API keys, passwords, tokens in source (exclude env var references).
+4. **Unhandled promise rejections** - async flows with missing error handling.
+5. **Unsafe type assertions** - `as any`, `as unknown as X`, dangerous non-null assertions (`!`) on uncertain input.
+
+### 2) Scalability and performance hotspots
+1. **N+1 / repeated expensive work** - repeated DB/API/file operations in loops.
+2. **Unbounded processing** - full in-memory loading of large datasets, missing pagination/streaming/chunking.
+3. **Blocking work on hot paths** - sync I/O or CPU-heavy work in frequent request/loop paths.
+4. **Missing backpressure/limits** - unbounded queues, retries, fan-out, or concurrency.
+
+### 3) Architecture and maintainability risks
+1. **Architecture violations** - business logic mixed into transport/UI/glue layers; hidden cross-layer dependencies.
+2. **SRP violations** - modules/functions/classes doing multiple unrelated responsibilities.
+3. **DRY violations** - duplicated logic likely to drift and cause inconsistent behavior.
+4. **KISS violations** - unnecessary complexity where simple solutions suffice.
+5. **SOLID violations** - violations that materially reduce extensibility/testability and cause real risk.
+6. **YAGNI violations** - speculative abstractions/features not needed by current behavior, adding maintenance cost.
+
+## What to SKIP
+
+- `node_modules/`, `dist/`, `.git/`, `coverage/`, generated files.
+- Test files (`*.test.ts`, `*.spec.ts`, `__tests__/`) unless they expose production design flaws.
+- Intentional no-op catches in file walkers/read-only probing paths (e.g., `catch { continue }`, `catch { return null }` when clearly harmless).
+- Cosmetic style-only nits (formatting, naming preference, import order).
+- Hypothetical principle violations without concrete impact.
+
+## How to scan
+
+Use file-reading/search tools and scan systematically, prioritizing:
+- `src/` (core TypeScript implementation)
+- `scripts/` (automation and shell execution paths)
+
+For each potential issue, verify:
+1. It is real and actionable.
+2. It has concrete impact (correctness, security, scalability, operability, maintainability).
+3. The fix direction is clear.
+
+## Severity model
+
+- **critical**: likely production outage/data loss/security exposure or severe architectural risk.
+- **high**: significant bug/risk with near-term impact.
+- **medium**: clear risk/smell that should be addressed soon.
+- **low**: valid but lower urgency.
+
+## Report format
+
+Write findings to `logs/audit-report.md` using this exact format:
+
+```markdown
+# Code Audit Report
+
+Generated: <ISO timestamp>
+
+## Findings
+
+### Finding 1
+- **Location**: `src/path/to/file.ts:42`
+- **Severity**: critical | high | medium | low
+- **Category**: empty_catch | critical_todo | hardcoded_secret | unhandled_promise | unsafe_assertion | scalability_hotspot | architecture_violation | srp_violation | dry_violation | kiss_violation | solid_violation | yagni_violation
+- **Description**: What the issue is, why it matters, and concrete impact
+- **Snippet**: `the offending code`
+- **Suggested Fix**: Specific fix direction (minimal, pragmatic)
+
+### Finding 2
+...
+```
+
+If you find **no actionable issues**, write exactly this to `logs/audit-report.md`:
+
+```
+NO_ISSUES_FOUND
+```
+
+## Rules
+
+- Prioritize high-impact findings over volume. 3 strong findings beat 15 weak ones.
+- Report principle violations (SRP/DRY/KISS/SOLID/YAGNI) only when they create concrete risk.
+- Avoid theoretical architecture criticism without code evidence.
+- Be decisive: skip noisy false positives.
+- After writing the report, stop. Do NOT open PRs, push code, or make changes.