@kodrunhq/opencode-autopilot 1.15.2 → 1.17.0

package/src/projects/resolve.ts

@@ -0,0 +1,301 @@
+import type { Database } from "bun:sqlite";
+import { execFile as execFileCb, execFileSync } from "node:child_process";
+import { randomUUID } from "node:crypto";
+import { basename } from "node:path";
+import { promisify } from "node:util";
+import {
+	getProjectByAnyPath,
+	getProjectByCurrentPath,
+	getProjectsByGitFingerprint,
+	setProjectCurrentPath,
+	upsertProjectGitFingerprint,
+	upsertProjectRecord,
+} from "./repository";
+import { projectRecordSchema } from "./schemas";
+import type { GitFingerprintInput, ProjectRecord } from "./types";
+
+const execFile = promisify(execFileCb);
+
+export interface ProjectResolverDeps {
+	readonly db?: Database;
+	readonly now?: () => string;
+	readonly createProjectId?: () => string;
+	readonly readGitFingerprint?: (projectRoot: string) => Promise<GitFingerprintInput | null>;
+}
+
+export function normalizeGitRemoteUrl(remoteUrl: string): string | null {
+	const trimmed = remoteUrl.trim();
+	if (trimmed.length === 0) {
+		return null;
+	}
+
+	const scpMatch = trimmed.match(/^([^@\s]+)@([^:\s]+):(.+)$/);
+	if (scpMatch) {
+		const [, _user, host, path] = scpMatch;
+		const normalizedPath = path.replace(/\.git$/i, "").replace(/^\/+/, "");
+		return `${host.toLowerCase()}/${normalizedPath}`;
+	}
+
+	try {
+		const parsed = new URL(trimmed);
+		const normalizedPath = parsed.pathname.replace(/\.git$/i, "").replace(/^\/+/, "");
+		if (normalizedPath.length === 0) {
+			return null;
+		}
+		return `${parsed.host.toLowerCase()}/${normalizedPath}`;
+	} catch {
+		const normalized = trimmed.replace(/\.git$/i, "").replace(/^\/+/, "");
+		return normalized.length > 0 ? normalized : null;
+	}
+}
+
+async function readGitCommand(
+	projectRoot: string,
+	args: readonly string[],
+): Promise<string | null> {
+	try {
+		const { stdout } = await execFile("git", args, {
+			cwd: projectRoot,
+			timeout: 5000,
+		});
+		const trimmed = stdout.trim();
+		return trimmed.length > 0 ? trimmed : null;
+	} catch {
+		return null;
+	}
+}
+
+function readGitCommandSync(projectRoot: string, args: readonly string[]): string | null {
+	try {
+		const stdout = execFileSync("git", args, {
+			cwd: projectRoot,
+			timeout: 5000,
+			encoding: "utf-8",
+		});
+		const trimmed = stdout.trim();
+		return trimmed.length > 0 ? trimmed : null;
+	} catch {
+		return null;
+	}
+}
+
+export async function readProjectGitFingerprint(
+	projectRoot: string,
+): Promise<GitFingerprintInput | null> {
+	const remoteUrl = await readGitCommand(projectRoot, ["config", "--get", "remote.origin.url"]);
+	if (remoteUrl === null) {
+		return null;
+	}
+
+	const normalizedRemoteUrl = normalizeGitRemoteUrl(remoteUrl);
+	if (normalizedRemoteUrl === null) {
+		return null;
+	}
+
+	const remoteHead = await readGitCommand(projectRoot, [
+		"symbolic-ref",
+		"--short",
+		"refs/remotes/origin/HEAD",
+	]);
+	const defaultBranch =
+		remoteHead === null ? null : remoteHead.split("/").slice(1).join("/") || null;
+
+	return {
+		normalizedRemoteUrl,
+		defaultBranch,
+	};
+}
+
+export function readProjectGitFingerprintSync(projectRoot: string): GitFingerprintInput | null {
+	const remoteUrl = readGitCommandSync(projectRoot, ["config", "--get", "remote.origin.url"]);
+	if (remoteUrl === null) {
+		return null;
+	}
+
+	const normalizedRemoteUrl = normalizeGitRemoteUrl(remoteUrl);
+	if (normalizedRemoteUrl === null) {
+		return null;
+	}
+
+	const remoteHead = readGitCommandSync(projectRoot, [
+		"symbolic-ref",
+		"--short",
+		"refs/remotes/origin/HEAD",
+	]);
+	const defaultBranch =
+		remoteHead === null ? null : remoteHead.split("/").slice(1).join("/") || null;
+
+	return {
+		normalizedRemoteUrl,
+		defaultBranch,
+	};
+}
+
+export interface SyncProjectResolverDeps {
+	readonly db?: Database;
+	readonly now?: () => string;
+	readonly createProjectId?: () => string;
+	readonly readGitFingerprint?: (projectRoot: string) => GitFingerprintInput | null;
+	readonly allowCreate?: boolean;
+}
+
+export async function resolveProjectIdentity(
+	projectRoot: string,
+	deps: ProjectResolverDeps = {},
+): Promise<ProjectRecord> {
+	const now = deps.now ?? (() => new Date().toISOString());
+	const createProjectId = deps.createProjectId ?? (() => randomUUID());
+	const readGitFingerprint = deps.readGitFingerprint ?? readProjectGitFingerprint;
+	const seenAt = now();
+	const projectName = basename(projectRoot);
+
+	const current = getProjectByCurrentPath(projectRoot, deps.db);
+	if (current !== null) {
+		const updated = upsertProjectRecord(
+			{
+				...current,
+				name: projectName,
+				lastUpdated: seenAt,
+			},
+			deps.db,
+		);
+		const fingerprint = await readGitFingerprint(projectRoot);
+		if (fingerprint !== null) {
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+		}
+		return updated;
+	}
+
+	const historical = getProjectByAnyPath(projectRoot, deps.db);
+	if (historical !== null) {
+		const updated = setProjectCurrentPath(historical.id, projectRoot, projectName, seenAt, deps.db);
+		const fingerprint = await readGitFingerprint(projectRoot);
+		if (fingerprint !== null) {
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+		}
+		return updated;
+	}
+
+	const fingerprint = await readGitFingerprint(projectRoot);
+	if (fingerprint !== null) {
+		const matches = getProjectsByGitFingerprint(fingerprint.normalizedRemoteUrl, deps.db);
+		if (matches.length === 1) {
+			const updated = setProjectCurrentPath(
+				matches[0].id,
+				projectRoot,
+				projectName,
+				seenAt,
+				deps.db,
+			);
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+			return updated;
+		}
+	}
+
+	const created = upsertProjectRecord(
+		{
+			id: createProjectId(),
+			path: projectRoot,
+			name: projectName,
+			firstSeenAt: seenAt,
+			lastUpdated: seenAt,
+		},
+		deps.db,
+	);
+	if (fingerprint !== null) {
+		upsertProjectGitFingerprint(created.id, fingerprint, seenAt, deps.db);
+	}
+	return created;
+}
+
+export function resolveProjectIdentitySync(
+	projectRoot: string,
+	deps: SyncProjectResolverDeps = {},
+): ProjectRecord {
+	const now = deps.now ?? (() => new Date().toISOString());
+	const createProjectId = deps.createProjectId ?? (() => randomUUID());
+	const readGitFingerprint = deps.readGitFingerprint ?? readProjectGitFingerprintSync;
+	const allowCreate = deps.allowCreate ?? true;
+	const seenAt = now();
+	const projectName = basename(projectRoot);
+
+	const current = getProjectByCurrentPath(projectRoot, deps.db);
+	if (current !== null) {
+		if (!allowCreate) {
+			return current;
+		}
+
+		const updated = upsertProjectRecord(
+			{
+				...current,
+				name: projectName,
+				lastUpdated: seenAt,
+			},
+			deps.db,
+		);
+		const fingerprint = readGitFingerprint(projectRoot);
+		if (fingerprint !== null) {
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+		}
+		return updated;
+	}
+
+	const historical = getProjectByAnyPath(projectRoot, deps.db);
+	if (historical !== null) {
+		if (!allowCreate) {
+			return historical;
+		}
+
+		const updated = setProjectCurrentPath(historical.id, projectRoot, projectName, seenAt, deps.db);
+		const fingerprint = readGitFingerprint(projectRoot);
+		if (fingerprint !== null) {
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+		}
+		return updated;
+	}
+
+	const fingerprint = readGitFingerprint(projectRoot);
+	if (fingerprint !== null) {
+		const matches = getProjectsByGitFingerprint(fingerprint.normalizedRemoteUrl, deps.db);
+		if (matches.length === 1) {
+			if (!allowCreate) {
+				return matches[0];
+			}
+
+			const updated = setProjectCurrentPath(
+				matches[0].id,
+				projectRoot,
+				projectName,
+				seenAt,
+				deps.db,
+			);
+			upsertProjectGitFingerprint(updated.id, fingerprint, seenAt, deps.db);
+			return updated;
+		}
+	}
+
+	if (!allowCreate) {
+		return projectRecordSchema.parse({
+			id: `project:${projectRoot}`,
+			path: projectRoot,
+			name: projectName,
+			firstSeenAt: seenAt,
+			lastUpdated: seenAt,
+		});
+	}
+
+	const created = upsertProjectRecord(
+		{
+			id: createProjectId(),
+			path: projectRoot,
+			name: projectName,
+			firstSeenAt: seenAt,
+			lastUpdated: seenAt,
+		},
+		deps.db,
+	);
+	if (fingerprint !== null) {
+		upsertProjectGitFingerprint(created.id, fingerprint, seenAt, deps.db);
+	}
+	return created;
+}

package/src/projects/schemas.ts

@@ -0,0 +1,30 @@
+import { z } from "zod";
+
+export const projectRecordSchema = z.object({
+	id: z.string().min(1).max(128),
+	path: z.string().min(1).max(4096),
+	name: z.string().min(1).max(256),
+	firstSeenAt: z.string().min(1).max(128).optional(),
+	lastUpdated: z.string().min(1).max(128),
+});
+
+export const projectPathRecordSchema = z.object({
+	projectId: z.string().min(1).max(128),
+	path: z.string().min(1).max(4096),
+	firstSeenAt: z.string().min(1).max(128),
+	lastUpdated: z.string().min(1).max(128),
+	isCurrent: z.boolean(),
+});
+
+export const projectGitFingerprintSchema = z.object({
+	projectId: z.string().min(1).max(128),
+	normalizedRemoteUrl: z.string().min(1).max(2048),
+	defaultBranch: z.string().min(1).max(256).nullable(),
+	firstSeenAt: z.string().min(1).max(128),
+	lastUpdated: z.string().min(1).max(128),
+});
+
+export const gitFingerprintInputSchema = z.object({
+	normalizedRemoteUrl: z.string().min(1).max(2048),
+	defaultBranch: z.string().min(1).max(256).nullable().default(null),
+});

package/src/projects/types.ts

@@ -0,0 +1,12 @@
+import type { z } from "zod";
+import type {
+	gitFingerprintInputSchema,
+	projectGitFingerprintSchema,
+	projectPathRecordSchema,
+	projectRecordSchema,
+} from "./schemas";
+
+export type ProjectRecord = z.infer<typeof projectRecordSchema>;
+export type ProjectPathRecord = z.infer<typeof projectPathRecordSchema>;
+export type ProjectGitFingerprint = z.infer<typeof projectGitFingerprintSchema>;
+export type GitFingerprintInput = z.infer<typeof gitFingerprintInputSchema>;

package/src/review/memory.ts

@@ -1,8 +1,9 @@
 /**
  * Per-project review memory persistence.
  *
- * Stores recent findings and false positives at
- * {projectRoot}/.opencode-autopilot/review-memory.json
+ * Stores recent findings and false positives in the project kernel,
+ * with {projectRoot}/.opencode-autopilot/review-memory.json kept as a
+ * compatibility mirror/export during the Phase 4 migration window.
  *
  * Memory is pruned on load to cap storage and remove stale entries.
  * All writes are atomic (tmp file + rename) to prevent corruption.
@@ -10,7 +11,10 @@
 
 import { readFile, rename, writeFile } from "node:fs/promises";
 import { join } from "node:path";
+import { loadReviewMemoryFromKernel, saveReviewMemoryToKernel } from "../kernel/repository";
+import { getLogger } from "../logging/domains";
 import { ensureDir, isEnoentError } from "../utils/fs-helpers";
+import { getProjectArtifactDir } from "../utils/paths";
 import { reviewMemorySchema } from "./schemas";
 import type { ReviewMemory } from "./types";
 
@@ -20,6 +24,7 @@ const MEMORY_FILE = "review-memory.json";
 const MAX_FINDINGS = 100;
 const MAX_FALSE_POSITIVES = 50;
 const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
+let legacyReviewMemoryMirrorWarned = false;
 
 /**
  * Create a valid empty memory object.
@@ -42,12 +47,19 @@ export function createEmptyMemory(): ReviewMemory {
  * Prunes on load to cap storage.
  */
 export async function loadReviewMemory(projectRoot: string): Promise<ReviewMemory | null> {
+	const kernelMemory = loadReviewMemoryFromKernel(getProjectArtifactDir(projectRoot));
+	if (kernelMemory !== null) {
+		return pruneMemory(kernelMemory);
+	}
+
 	const memoryPath = join(projectRoot, ".opencode-autopilot", MEMORY_FILE);
 	try {
 		const raw = await readFile(memoryPath, "utf-8");
 		const parsed = JSON.parse(raw);
 		const validated = reviewMemorySchema.parse(parsed);
-		return pruneMemory(validated);
+		const pruned = pruneMemory(validated);
+		saveReviewMemoryToKernel(getProjectArtifactDir(projectRoot), pruned);
+		return pruned;
 	} catch (error: unknown) {
 		if (isEnoentError(error)) {
 			return null;
@@ -70,12 +82,23 @@ export async function loadReviewMemory(projectRoot: string): Promise<ReviewMemor
  */
 export async function saveReviewMemory(memory: ReviewMemory, projectRoot: string): Promise<void> {
 	const validated = reviewMemorySchema.parse(memory);
-	const dir = join(projectRoot, ".opencode-autopilot");
-	await ensureDir(dir);
-	const memoryPath = join(dir, MEMORY_FILE);
-	const tmpPath = `${memoryPath}.tmp.${Date.now()}`;
-	await writeFile(tmpPath, JSON.stringify(validated, null, 2), "utf-8");
-	await rename(tmpPath, memoryPath);
+	saveReviewMemoryToKernel(getProjectArtifactDir(projectRoot), validated);
+
+	try {
+		const dir = join(projectRoot, ".opencode-autopilot");
+		await ensureDir(dir);
+		const memoryPath = join(dir, MEMORY_FILE);
+		const tmpPath = `${memoryPath}.tmp.${Date.now()}`;
+		await writeFile(tmpPath, JSON.stringify(validated, null, 2), "utf-8");
+		await rename(tmpPath, memoryPath);
+	} catch (error: unknown) {
+		if (!legacyReviewMemoryMirrorWarned) {
+			legacyReviewMemoryMirrorWarned = true;
+			getLogger("review", "memory").warn("review-memory.json mirror write failed", {
+				error: String(error),
+			});
+		}
+	}
 }
 
 /**
@@ -86,8 +109,13 @@ export async function saveReviewMemory(memory: ReviewMemory, projectRoot: string
  * - falsePositives: cap at 50 (keep newest by markedAt date)
  * - falsePositives: remove entries older than 30 days
  */
-export function pruneMemory(memory: ReviewMemory): ReviewMemory {
-	const now = Date.now();
+import { systemTimeProvider, type TimeProvider } from "../scoring/time-provider";
+
+export function pruneMemory(
+	memory: ReviewMemory,
+	timeProvider: TimeProvider = systemTimeProvider,
+): ReviewMemory {
+	const now = timeProvider.now();
 
 	// Prune false positives older than 30 days first, then cap
 	const freshFalsePositives = memory.falsePositives.filter(

package/src/review/parse-findings.ts

@@ -0,0 +1,116 @@
+import { reviewFindingSchema, reviewFindingsEnvelopeSchema } from "./schemas";
+import type { ReviewFinding, ReviewFindingsEnvelope } from "./types";
+
+export function parseTypedFindingsEnvelope(raw: string): ReviewFindingsEnvelope | null {
+	try {
+		const parsed = JSON.parse(raw);
+		return reviewFindingsEnvelopeSchema.parse(parsed);
+	} catch {
+		return null;
+	}
+}
+
+export function parseAgentFindings(raw: string, agentName: string): readonly ReviewFinding[] {
+	const findings: ReviewFinding[] = [];
+
+	const jsonStr = extractJson(raw);
+	if (jsonStr === null) return Object.freeze(findings);
+
+	try {
+		const cleanJson = sanitizeMalformedJson(jsonStr);
+		const parsed = JSON.parse(cleanJson);
+		const items = Array.isArray(parsed) ? parsed : parsed?.findings;
+
+		if (!Array.isArray(items)) return Object.freeze(findings);
+
+		for (const item of items) {
+			if (typeof item !== "object" || item === null) continue;
+
+			const problem = item.problem || item.description || item.issue || "No description provided";
+			const normalized = {
+				...item,
+				agent: item.agent || agentName,
+				severity: normalizeSeverity(item.severity),
+				domain: item.domain || "general",
+				title:
+					item.title || item.name || (problem ? String(problem).slice(0, 50) : "Untitled finding"),
+				file: item.file || item.path || item.filename || "unknown",
+				source: item.source || "phase1",
+				evidence: item.evidence || item.snippet || item.context || "No evidence provided",
+				problem: problem,
+				fix: item.fix || item.recommendation || item.solution || "No fix provided",
+			};
+
+			const result = reviewFindingSchema.safeParse(normalized);
+			if (result.success) {
+				findings.push(result.data);
+			}
+		}
+	} catch {
+		// JSON parse failed completely
+	}
+
+	return Object.freeze(findings);
+}
+
+function normalizeSeverity(sev: unknown): string {
+	if (typeof sev !== "string") return "LOW";
+	const upper = sev.toUpperCase();
+	if (["CRITICAL", "HIGH", "MEDIUM", "LOW"].includes(upper)) return upper;
+	return "LOW";
+}
+
+function sanitizeMalformedJson(json: string): string {
+	let clean = json;
+	// Remove trailing commas in objects and arrays
+	clean = clean.replace(/,\s*([}\]])/g, "$1");
+	// Replace unescaped newlines in strings (basic attempt)
+	// This is risky with regex but catches common LLM markdown mistakes
+	return clean;
+}
+
+export function extractJson(raw: string): string | null {
+	const codeBlockMatch = raw.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
+	if (codeBlockMatch) {
+		return codeBlockMatch[1].trim();
+	}
+
+	const objectStart = raw.indexOf("{");
+	const arrayStart = raw.indexOf("[");
+
+	if (objectStart === -1 && arrayStart === -1) return null;
+
+	const start =
+		objectStart === -1
+			? arrayStart
+			: arrayStart === -1
+				? objectStart
+				: Math.min(objectStart, arrayStart);
+
+	let depth = 0;
+	let inString = false;
+	let escaped = false;
+	for (let i = start; i < raw.length; i++) {
+		const ch = raw[i];
+		if (escaped) {
+			escaped = false;
+			continue;
+		}
+		if (ch === "\\" && inString) {
+			escaped = true;
+			continue;
+		}
+		if (ch === '"') {
+			inString = !inString;
+			continue;
+		}
+		if (inString) continue;
+		if (ch === "{" || ch === "[") depth++;
+		if (ch === "}" || ch === "]") depth--;
+		if (depth === 0) {
+			return raw.slice(start, i + 1);
+		}
+	}
+
+	return null;
+}

package/src/review/pipeline.ts

@@ -18,8 +18,8 @@ import { buildCrossVerificationPrompts, condenseFinding } from "./cross-verifica
 const STAGE3_NAMES: ReadonlySet<string> = new Set(STAGE3_AGENTS.map((a) => a.name));
 
 import { buildFixInstructions, determineFixableFindings } from "./fix-cycle";
+import { parseAgentFindings, parseTypedFindingsEnvelope } from "./parse-findings";
 import { buildReport } from "./report";
-import { reviewFindingSchema, reviewFindingsEnvelopeSchema } from "./schemas";
 import type { ReviewFinding, ReviewFindingsEnvelope, ReviewReport, ReviewState } from "./types";
 
 export type { ReviewState };
@@ -38,112 +38,6 @@ export interface ReviewStageResult {
 	readonly parseMode?: "typed" | "legacy";
 }
 
-function parseTypedFindingsEnvelope(raw: string): ReviewFindingsEnvelope | null {
-	try {
-		const parsed = JSON.parse(raw);
-		return reviewFindingsEnvelopeSchema.parse(parsed);
-	} catch {
-		return null;
-	}
-}
-
-/**
- * Parse findings from raw LLM output (which may contain markdown, prose, code blocks).
- *
- * Handles:
- * - {"findings": [...]} wrapper
- * - Raw array [{...}, ...]
- * - JSON embedded in markdown code blocks
- * - Prose with embedded JSON
- *
- * Sets agent field to agentName if missing from individual findings.
- * Validates each finding through reviewFindingSchema, discards invalid ones.
- */
-export function parseAgentFindings(raw: string, agentName: string): readonly ReviewFinding[] {
-	const findings: ReviewFinding[] = [];
-
-	// Try to extract JSON from the raw text
-	const jsonStr = extractJson(raw);
-	if (jsonStr === null) return Object.freeze(findings);
-
-	try {
-		const parsed = JSON.parse(jsonStr);
-		const items = Array.isArray(parsed) ? parsed : parsed?.findings;
-
-		if (!Array.isArray(items)) return Object.freeze(findings);
-
-		for (const item of items) {
-			// Set agent field if missing
-			const withAgent = item.agent ? item : { ...item, agent: agentName };
-			const result = reviewFindingSchema.safeParse(withAgent);
-			if (result.success) {
-				findings.push(result.data);
-			}
-		}
-	} catch {
-		// JSON parse failed -- return empty
-	}
-
-	return Object.freeze(findings);
-}
-
-/**
- * Extract the first JSON object or array from raw text.
- * Looks for:
- * 1. JSON inside markdown code blocks
- * 2. {"findings": ...} pattern
- * 3. Raw array [{...}]
- */
-function extractJson(raw: string): string | null {
-	// Try markdown code block extraction first
-	const codeBlockMatch = raw.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
-	if (codeBlockMatch) {
-		return codeBlockMatch[1].trim();
-	}
-
-	// Try to find {"findings": ...} or [{...}]
-	const objectStart = raw.indexOf("{");
-	const arrayStart = raw.indexOf("[");
-
-	if (objectStart === -1 && arrayStart === -1) return null;
-
-	// Pick whichever comes first
-	const start =
-		objectStart === -1
-			? arrayStart
-			: arrayStart === -1
-				? objectStart
-				: Math.min(objectStart, arrayStart);
-
-	// Find matching close bracket (string-literal-aware depth tracking)
-	let depth = 0;
-	let inString = false;
-	let escaped = false;
-	for (let i = start; i < raw.length; i++) {
-		const ch = raw[i];
-		if (escaped) {
-			escaped = false;
-			continue;
-		}
-		if (ch === "\\" && inString) {
-			escaped = true;
-			continue;
-		}
-		if (ch === '"') {
-			inString = !inString;
-			continue;
-		}
-		if (inString) continue;
-		if (ch === "{" || ch === "[") depth++;
-		if (ch === "}" || ch === "]") depth--;
-		if (depth === 0) {
-			return raw.slice(start, i + 1);
-		}
-	}
-
-	return null;
-}
-
 /**
  * Advance the pipeline from the current stage to the next.
  *
@@ -155,6 +49,8 @@ export function advancePipeline(
 	findingsJson: string,
 	currentState: ReviewState,
 	agentName = "unknown",
+	_runId?: string,
+	_seed?: string,
 ): ReviewStageResult {
 	const typedEnvelope = parseTypedFindingsEnvelope(findingsJson);
 	const parseMode = typedEnvelope ? "typed" : "legacy";