@kody-ade/kody-engine-lite 0.1.56 → 0.1.58

package/kody.config.schema.json

@@ -82,8 +82,8 @@
       "properties": {
         "taskDir": {
           "type": "string",
-          "description": "Directory for pipeline artifacts and state (gitignored)",
-          "default": ".tasks"
+          "description": "Directory for pipeline artifacts and state (committed to branch)",
+          "default": ".kody/tasks"
         }
       },
       "additionalProperties": false

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kody-ade/kody-engine-lite",
-  "version": "0.1.56",
+  "version": "0.1.58",
   "description": "Autonomous SDLC pipeline: Kody orchestration + Claude Code + LiteLLM",
   "license": "MIT",
   "type": "module",

package/prompts/autofix.md

@@ -1,21 +1,39 @@
 ---
 name: autofix
-description: Fix verification errors (typecheck, lint, test failures)
+description: Investigate root cause then fix verification errors (typecheck, lint, test failures)
 mode: primary
 tools: [read, write, edit, bash, glob, grep]
 ---
 
 You are an autofix agent. The verification stage failed. Fix the errors below.
 
-STRATEGY (in order):
-1. Try quick wins first: run `pnpm lint:fix` and `pnpm format:fix` via Bash
-2. Read the error output carefully — understand WHAT failed and WHY
-3. For type errors: Read the affected file, fix the type mismatch
-4. For test failures: Read both the test and the implementation, fix the root cause
-5. For lint errors: Apply the specific fix the linter suggests
+IRON LAW: NO FIXES WITHOUT INVESTIGATION FIRST. Do not jump to changing code. Understand the failure first.
+
+## Phase 1 — Investigate (do this BEFORE any edits)
+1. Read the full error output — what exactly failed?
+2. Identify the affected files — Read them to understand context
+3. Check recent changes: run `git diff HEAD~1` to see what changed
+4. Classify the failure pattern:
+   - **Type error**: mismatched types, missing properties, wrong generics
+   - **Test failure**: assertion mismatch, missing mock, changed behavior
+   - **Lint error**: style violation, unused import, naming convention
+   - **Runtime error**: null reference, missing dependency, config issue
+   - **Integration failure**: API contract mismatch, schema drift
+5. Identify root cause — is this a direct error in new code, or a side effect of a change elsewhere?
+
+## Phase 2 — Fix (only after root cause is clear)
+1. Try quick wins first: run configured lintFix and formatFix commands via Bash
+2. For type errors: fix the type mismatch at its source, not by adding type assertions
+3. For test failures: fix the root cause (implementation or test), not both — determine which is correct
+4. For lint errors: apply the specific fix the linter suggests
+5. For integration failures: trace the contract back to its definition, fix the mismatch at source
 6. After EACH fix, re-run the failing command to verify it passes
-7. Do NOT commit or push — the orchestrator handles git
+7. If a fix introduces new failures, REVERT and try a different approach
+8. Do NOT commit or push — the orchestrator handles git
 
-Do NOT make unrelated changes. Fix ONLY the reported errors.
+## Rules
+- Fix ONLY the reported errors. Do NOT make unrelated changes.
+- Minimal diff — use Edit for surgical changes, not Write for rewrites
+- If the failure is pre-existing (not caused by this PR's changes), document it and move on
 
 {{TASK_CONTEXT}}

package/prompts/review.md

@@ -5,9 +5,10 @@ mode: primary
 tools: [read, glob, grep, bash]
 ---
 
-You are a code review agent. Review all changes made for the task described below.
+You are a code review agent following the Superpowers Structured Review methodology.
 
 Use Bash to run `git diff` to see what changed. Use Read to examine modified files in full context.
+When the diff introduces new enum values, status strings, or type constants — use Grep to trace ALL consumers outside the diff.
 
 CRITICAL: You MUST output a structured review in the EXACT format below. Do NOT output conversational text, status updates, or summaries. Your entire output must be the structured review markdown.
 
@@ -21,28 +22,94 @@ Output markdown with this EXACT structure:
 ## Findings
 
 ### Critical
-<Security vulnerabilities, data loss risks, crashes, broken authentication>
 <If none: "None.">
 
 ### Major
-<Logic errors, missing edge cases, broken tests, significant performance issues, missing error handling>
 <If none: "None.">
 
 ### Minor
-<Style issues, naming improvements, readability, trivial performance, minor refactoring opportunities>
 <If none: "None.">
 
-Severity definitions:
-- **Critical**: Security vulnerability, data loss, application crash, broken authentication, injection risk. MUST fix before merge.
-- **Major**: Logic error, missing edge case, broken test, significant performance issue, missing input validation. SHOULD fix before merge.
-- **Minor**: Style issue, naming improvement, readability, micro-optimization. NICE to fix, not blocking.
-
-Review checklist:
-- [ ] Does the code match the plan?
-- [ ] Are edge cases handled?
-- [ ] Are there security concerns?
-- [ ] Are tests adequate?
-- [ ] Is error handling proper?
-- [ ] Are there any hardcoded values that should be configurable?
+For each finding use: `file:line` — problem description. Suggested fix.
+
+---
+
+## Two-Pass Review
+
+**Pass 1 — CRITICAL (must fix before merge):**
+
+### SQL & Data Safety
+- String interpolation in SQL — use parameterized queries even for `.to_i`/`.to_f` values
+- TOCTOU races: check-then-set patterns that should be atomic `WHERE` + update
+- Bypassing model validations via direct DB writes (e.g., `update_column`, raw queries)
+- N+1 queries: missing eager loading for associations used in loops/views
+
+### Race Conditions & Concurrency
+- Read-check-write without uniqueness constraint or duplicate key handling
+- find-or-create without unique DB index — concurrent calls create duplicates
+- Status transitions without atomic `WHERE old_status = ? UPDATE SET new_status`
+- Unsafe HTML rendering (`dangerouslySetInnerHTML`, `v-html`, `.html_safe`) on user-controlled data (XSS)
+
+### LLM Output Trust Boundary
+- LLM-generated values (emails, URLs, names) written to DB without format validation
+- Structured tool output accepted without type/shape checks before DB writes
+- LLM-generated URLs fetched without allowlist — SSRF risk
+- LLM output stored in vector DBs without sanitization — stored prompt injection risk
+
+### Shell Injection
+- `subprocess.run()` / `os.system()` with `shell=True` AND string interpolation — use argument arrays
+- `eval()` / `exec()` on LLM-generated code without sandboxing
+
+### Enum & Value Completeness
+When the diff introduces a new enum value, status string, tier name, or type constant:
+- Trace it through every consumer (READ each file that switches/filters on that value)
+- Check allowlists/filter arrays containing sibling values
+- Check `case`/`if-elsif` chains — does the new value fall through to a wrong default?
+
+**Pass 2 — INFORMATIONAL (should review, may auto-fix):**
+
+### Conditional Side Effects
+- Code paths that branch but forget a side effect on one branch (e.g., promoted but URL only attached conditionally)
+- Log messages claiming an action happened when it was conditionally skipped
+
+### Test Gaps
+- Negative-path tests asserting type/status but not side effects
+- Security enforcement features (blocking, rate limiting, auth) without integration tests
+- Missing `.expects(:something).never` when a path should NOT call an external service
+
+### Dead Code & Consistency
+- Variables assigned but never read
+- Comments/docstrings describing old behavior after code changed
+- Version mismatch between PR title and VERSION/CHANGELOG
+
+### Crypto & Entropy
+- Truncation instead of hashing — less entropy, easier collisions
+- `rand()` / `Math.random()` for security-sensitive values — use crypto-secure alternatives
+- Non-constant-time comparisons (`==`) on secrets or tokens — timing attack risk
+
+### Performance & Bundle Impact
+- Known-heavy dependencies added: moment.js (→ date-fns), full lodash (→ lodash-es), jquery
+- Images without `loading="lazy"` or explicit dimensions (CLS)
+- `useEffect` fetch waterfalls — combine or parallelize
+- Synchronous `<script>` without async/defer
+
+### Type Coercion at Boundaries
+- Values crossing language/serialization boundaries where type could change (numeric vs string)
+- Hash/digest inputs without `.toString()` normalization before serialization
+
+---
+
+## Severity Definitions
+
+- **Critical**: Security vulnerability, data loss, application crash, broken authentication, injection risk, race condition. MUST fix before merge.
+- **Major**: Logic error, missing edge case, broken test, significant performance issue, missing input validation, enum completeness gap. SHOULD fix before merge.
+- **Minor**: Style issue, naming improvement, readability, micro-optimization, stale comments. NICE to fix, not blocking.
+
+## Suppressions — do NOT flag these:
+- Redundancy that aids readability
+- "Add a comment explaining this threshold" — thresholds change, comments rot
+- Consistency-only changes with no behavioral impact
+- Issues already addressed in the diff you are reviewing — read the FULL diff first
+- devDependencies additions (no production impact)
 
 {{TASK_CONTEXT}}

package/templates/kody.yml

@@ -254,7 +254,7 @@ jobs:
             [ -n "$TASK_ID" ] && ARGS="$ARGS --task-id $TASK_ID"
             [ -n "$PR_NUMBER" ] && ARGS="$ARGS --pr-number $PR_NUMBER"
             [ -n "$FROM_STAGE" ] && ARGS="$ARGS --from $FROM_STAGE"
-            [ -n "$FEEDBACK" ] && ARGS="$ARGS --feedback \"$FEEDBACK\""
+            # FEEDBACK is passed via env var, not CLI arg (avoids shell escaping issues)
             [ "$DRY_RUN" = "true" ] && ARGS="$ARGS --dry-run"
             kody-engine-lite $CMD $ARGS
           fi
@@ -263,7 +263,7 @@ jobs:
         if: always()
         run: |
           TASK_ID="${{ github.event.inputs.task_id || needs.parse.outputs.task_id }}"
-          STATUS_FILE=".tasks/${TASK_ID}/status.json"
+          STATUS_FILE=".kody/tasks/${TASK_ID}/status.json"
           if [ -f "$STATUS_FILE" ]; then
             STATE=$(jq -r '.state' "$STATUS_FILE")
             ICON="❌"
@@ -292,7 +292,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: kody-tasks-${{ github.event.inputs.task_id || needs.parse.outputs.task_id }}
-          path: .tasks/
+          path: .kody/tasks/
           retention-days: 7
 
   # ─── Error Notifications ─────────────────────────────────────────────────────
@@ -355,11 +355,11 @@ jobs:
         run: kody-engine-lite --help
       - name: Dry run
         run: |
-          mkdir -p .tasks/smoke-test
-          echo "Smoke test task" > .tasks/smoke-test/task.md
+          mkdir -p .kody/tasks/smoke-test
+          echo "Smoke test task" > .kody/tasks/smoke-test/task.md
           kody-engine-lite run --task-id smoke-test --dry-run || true
-          if [ -f ".tasks/smoke-test/status.json" ]; then
+          if [ -f ".kody/tasks/smoke-test/status.json" ]; then
             echo "✓ status.json created"
-            cat .tasks/smoke-test/status.json
+            cat .kody/tasks/smoke-test/status.json
           fi
-          rm -rf .tasks/smoke-test
+          rm -rf .kody/tasks/smoke-test

package/dist/agent-runner.d.ts

@@ -1,4 +0,0 @@
-import type { AgentRunner } from "./types.js";
-import type { KodyConfig } from "./config.js";
-export declare function createClaudeCodeRunner(): AgentRunner;
-export declare function createRunners(config: KodyConfig): Record<string, AgentRunner>;

package/dist/agent-runner.js

@@ -1,122 +0,0 @@
-import { spawn, execFileSync } from "child_process";
-const SIGKILL_GRACE_MS = 5000;
-const STDERR_TAIL_CHARS = 500;
-function writeStdin(child, prompt) {
-    return new Promise((resolve, reject) => {
-        if (!child.stdin) {
-            resolve();
-            return;
-        }
-        child.stdin.write(prompt, (err) => {
-            if (err)
-                reject(err);
-            else {
-                child.stdin.end();
-                resolve();
-            }
-        });
-    });
-}
-function waitForProcess(child, timeout) {
-    return new Promise((resolve) => {
-        const stdoutChunks = [];
-        const stderrChunks = [];
-        child.stdout?.on("data", (chunk) => stdoutChunks.push(chunk));
-        child.stderr?.on("data", (chunk) => stderrChunks.push(chunk));
-        const timer = setTimeout(() => {
-            child.kill("SIGTERM");
-            setTimeout(() => {
-                if (!child.killed)
-                    child.kill("SIGKILL");
-            }, SIGKILL_GRACE_MS);
-        }, timeout);
-        child.on("exit", (code) => {
-            clearTimeout(timer);
-            resolve({
-                code,
-                stdout: Buffer.concat(stdoutChunks).toString(),
-                stderr: Buffer.concat(stderrChunks).toString(),
-            });
-        });
-        child.on("error", (err) => {
-            clearTimeout(timer);
-            resolve({ code: -1, stdout: "", stderr: err.message });
-        });
-    });
-}
-async function runSubprocess(command, args, prompt, timeout, options) {
-    const child = spawn(command, args, {
-        cwd: options?.cwd ?? process.cwd(),
-        env: {
-            ...process.env,
-            SKIP_BUILD: "1",
-            SKIP_HOOKS: "1",
-            ...options?.env,
-        },
-        stdio: ["pipe", "pipe", "pipe"],
-    });
-    try {
-        await writeStdin(child, prompt);
-    }
-    catch (err) {
-        return {
-            outcome: "failed",
-            error: `Failed to send prompt: ${err instanceof Error ? err.message : String(err)}`,
-        };
-    }
-    const { code, stdout, stderr } = await waitForProcess(child, timeout);
-    if (code === 0) {
-        return { outcome: "completed", output: stdout };
-    }
-    return {
-        outcome: code === null ? "timed_out" : "failed",
-        error: `Exit code ${code}\n${stderr.slice(-STDERR_TAIL_CHARS)}`,
-    };
-}
-function checkCommand(command, args) {
-    try {
-        execFileSync(command, args, { timeout: 10_000, stdio: "pipe" });
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-// ─── Claude Code Runner ──────────────────────────────────────────────────────
-export function createClaudeCodeRunner() {
-    return {
-        async run(_stageName, prompt, model, timeout, _taskDir, options) {
-            return runSubprocess("claude", [
-                "--print",
-                "--model", model,
-                "--dangerously-skip-permissions",
-                "--allowedTools", "Bash,Edit,Read,Write,Glob,Grep",
-            ], prompt, timeout, options);
-        },
-        async healthCheck() {
-            return checkCommand("claude", ["--version"]);
-        },
-    };
-}
-// ─── Runner Factory ──────────────────────────────────────────────────────────
-const RUNNER_FACTORIES = {
-    "claude-code": createClaudeCodeRunner,
-};
-export function createRunners(config) {
-    // New multi-runner config
-    if (config.agent.runners && Object.keys(config.agent.runners).length > 0) {
-        const runners = {};
-        for (const [name, runnerConfig] of Object.entries(config.agent.runners)) {
-            const factory = RUNNER_FACTORIES[runnerConfig.type];
-            if (factory) {
-                runners[name] = factory();
-            }
-        }
-        return runners;
-    }
-    // Legacy single-runner fallback
-    const runnerType = config.agent.runner ?? "claude-code";
-    const factory = RUNNER_FACTORIES[runnerType];
-    const defaultName = config.agent.defaultRunner ?? "claude";
-    return { [defaultName]: factory ? factory() : createClaudeCodeRunner() };
-}

package/dist/ci/parse-inputs.d.ts

@@ -1,6 +0,0 @@
-/**
- * Parses @kody / /kody comment body into structured inputs.
- * Run by the parse job in GitHub Actions.
- * Reads from env, writes to $GITHUB_OUTPUT.
- */
-export {};

package/dist/ci/parse-inputs.js

@@ -1,76 +0,0 @@
-/**
- * Parses @kody / /kody comment body into structured inputs.
- * Run by the parse job in GitHub Actions.
- * Reads from env, writes to $GITHUB_OUTPUT.
- */
-import * as fs from "fs";
-const outputFile = process.env.GITHUB_OUTPUT;
-const triggerType = process.env.TRIGGER_TYPE ?? "dispatch";
-function output(key, value) {
-    if (outputFile) {
-        fs.appendFileSync(outputFile, `${key}=${value}\n`);
-    }
-    console.log(`${key}=${value}`);
-}
-// For workflow_dispatch, pass through inputs
-if (triggerType === "dispatch") {
-    output("task_id", process.env.INPUT_TASK_ID ?? "");
-    output("mode", process.env.INPUT_MODE ?? "full");
-    output("from_stage", process.env.INPUT_FROM_STAGE ?? "");
-    output("issue_number", process.env.INPUT_ISSUE_NUMBER ?? "");
-    output("feedback", process.env.INPUT_FEEDBACK ?? "");
-    output("valid", process.env.INPUT_TASK_ID ? "true" : "false");
-    output("trigger_type", "dispatch");
-    process.exit(0);
-}
-// For issue_comment, parse the comment body
-const commentBody = process.env.COMMENT_BODY ?? "";
-const issueNumber = process.env.ISSUE_NUMBER ?? "";
-// Match: @kody [mode] [task-id] [--from stage] [--feedback "text"]
-const kodyMatch = commentBody.match(/(?:@kody|\/kody)\s*(.*)/i);
-if (!kodyMatch) {
-    output("valid", "false");
-    output("trigger_type", "comment");
-    process.exit(0);
-}
-const parts = kodyMatch[1].trim().split(/\s+/);
-const validModes = ["full", "rerun", "status"];
-let mode = "full";
-let taskId = "";
-let fromStage = "";
-let feedback = "";
-let i = 0;
-// First arg: mode or task-id
-if (parts[i] && validModes.includes(parts[i])) {
-    mode = parts[i];
-    i++;
-}
-// Second arg: task-id
-if (parts[i] && !parts[i].startsWith("--")) {
-    taskId = parts[i];
-    i++;
-}
-// Named args
-while (i < parts.length) {
-    if (parts[i] === "--from" && parts[i + 1]) {
-        fromStage = parts[i + 1];
-        i += 2;
-    }
-    else if (parts[i] === "--feedback" && parts[i + 1]) {
-        // Collect quoted feedback
-        const rest = parts.slice(i + 1).join(" ");
-        const quoted = rest.match(/^"([^"]*)"/);
-        feedback = quoted ? quoted[1] : parts[i + 1];
-        break;
-    }
-    else {
-        i++;
-    }
-}
-output("task_id", taskId);
-output("mode", mode);
-output("from_stage", fromStage);
-output("issue_number", issueNumber);
-output("feedback", feedback);
-output("valid", taskId ? "true" : "false");
-output("trigger_type", "comment");

package/dist/ci/parse-safety.d.ts

@@ -1,6 +0,0 @@
-/**
- * Validates that a comment trigger is safe to execute.
- * Run by the parse job in GitHub Actions.
- * Reads from env, writes to $GITHUB_OUTPUT.
- */
-export {};

package/dist/ci/parse-safety.js

@@ -1,22 +0,0 @@
-/**
- * Validates that a comment trigger is safe to execute.
- * Run by the parse job in GitHub Actions.
- * Reads from env, writes to $GITHUB_OUTPUT.
- */
-import * as fs from "fs";
-const ALLOWED_ASSOCIATIONS = ["COLLABORATOR", "MEMBER", "OWNER"];
-const association = process.env.COMMENT_AUTHOR_ASSOCIATION ?? "";
-const outputFile = process.env.GITHUB_OUTPUT;
-function output(key, value) {
-    if (outputFile) {
-        fs.appendFileSync(outputFile, `${key}=${value}\n`);
-    }
-    console.log(`${key}=${value}`);
-}
-if (!ALLOWED_ASSOCIATIONS.includes(association)) {
-    output("valid", "false");
-    output("reason", `Author association '${association}' not in allowlist: ${ALLOWED_ASSOCIATIONS.join(", ")}`);
-    process.exit(0);
-}
-output("valid", "true");
-output("reason", "");

package/dist/cli/args.d.ts

@@ -1,13 +0,0 @@
-export interface CliInput {
-    command: "run" | "rerun" | "fix" | "status";
-    taskId?: string;
-    task?: string;
-    fromStage?: string;
-    dryRun?: boolean;
-    cwd?: string;
-    issueNumber?: number;
-    feedback?: string;
-    local?: boolean;
-    complexity?: "low" | "medium" | "high";
-}
-export declare function parseArgs(): CliInput;

package/dist/cli/args.js

@@ -1,42 +0,0 @@
-const isCI = !!process.env.GITHUB_ACTIONS;
-function getArg(args, flag) {
-    const idx = args.indexOf(flag);
-    if (idx !== -1 && args[idx + 1] && !args[idx + 1].startsWith("--")) {
-        return args[idx + 1];
-    }
-    return undefined;
-}
-function hasFlag(args, flag) {
-    return args.includes(flag);
-}
-export function parseArgs() {
-    const args = process.argv.slice(2);
-    if (hasFlag(args, "--help") || hasFlag(args, "-h") || args.length === 0) {
-        console.log(`Usage:
-  kody run    --task-id <id> [--task "<desc>"] [--cwd <path>] [--issue-number <n>] [--complexity low|medium|high] [--feedback "<text>"] [--local] [--dry-run]
-  kody rerun  --task-id <id> --from <stage> [--cwd <path>] [--issue-number <n>]
-  kody fix    --task-id <id> [--cwd <path>] [--issue-number <n>] [--feedback "<text>"]
-  kody status --task-id <id> [--cwd <path>]
-  kody --help`);
-        process.exit(0);
-    }
-    const command = args[0];
-    if (!["run", "rerun", "fix", "status"].includes(command)) {
-        console.error(`Unknown command: ${command}`);
-        process.exit(1);
-    }
-    const issueStr = getArg(args, "--issue-number") ?? process.env.ISSUE_NUMBER;
-    const localFlag = hasFlag(args, "--local");
-    return {
-        command,
-        taskId: getArg(args, "--task-id") ?? process.env.TASK_ID,
-        task: getArg(args, "--task"),
-        fromStage: getArg(args, "--from") ?? process.env.FROM_STAGE,
-        dryRun: hasFlag(args, "--dry-run") || process.env.DRY_RUN === "true",
-        cwd: getArg(args, "--cwd"),
-        issueNumber: issueStr ? parseInt(issueStr, 10) : undefined,
-        feedback: getArg(args, "--feedback") ?? process.env.FEEDBACK,
-        local: localFlag || (!isCI && !hasFlag(args, "--no-local")),
-        complexity: (getArg(args, "--complexity") ?? process.env.COMPLEXITY),
-    };
-}

package/dist/cli/litellm.d.ts

@@ -1,2 +0,0 @@
-export declare function checkLitellmHealth(url: string): Promise<boolean>;
-export declare function tryStartLitellm(url: string, projectDir: string): Promise<ReturnType<typeof import("child_process").spawn> | null>;

package/dist/cli/litellm.js

@@ -1,85 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import { execFileSync } from "child_process";
-import { logger } from "../logger.js";
-export async function checkLitellmHealth(url) {
-    try {
-        const response = await fetch(`${url}/health`, { signal: AbortSignal.timeout(3000) });
-        return response.ok;
-    }
-    catch {
-        return false;
-    }
-}
-export async function tryStartLitellm(url, projectDir) {
-    const configPath = path.join(projectDir, "litellm-config.yaml");
-    if (!fs.existsSync(configPath)) {
-        logger.warn("litellm-config.yaml not found — cannot start proxy");
-        return null;
-    }
-    // Extract port from URL
-    const portMatch = url.match(/:(\d+)/);
-    const port = portMatch ? portMatch[1] : "4000";
-    // Check if litellm is installed
-    try {
-        execFileSync("litellm", ["--version"], { timeout: 5000, stdio: "pipe" });
-    }
-    catch {
-        try {
-            execFileSync("python3", ["-m", "litellm", "--version"], { timeout: 5000, stdio: "pipe" });
-        }
-        catch {
-            logger.warn("litellm not installed (pip install 'litellm[proxy]')");
-            return null;
-        }
-    }
-    logger.info(`Starting LiteLLM proxy on port ${port}...`);
-    // Determine command
-    let cmd;
-    let args;
-    try {
-        execFileSync("litellm", ["--version"], { timeout: 5000, stdio: "pipe" });
-        cmd = "litellm";
-        args = ["--config", configPath, "--port", port];
-    }
-    catch {
-        cmd = "python3";
-        args = ["-m", "litellm", "--config", configPath, "--port", port];
-    }
-    // Load API key env vars from project .env (only *_API_KEY patterns)
-    const dotenvPath = path.join(projectDir, ".env");
-    const dotenvVars = {};
-    if (fs.existsSync(dotenvPath)) {
-        for (const line of fs.readFileSync(dotenvPath, "utf-8").split("\n")) {
-            const match = line.match(/^([A-Z_][A-Z0-9_]*_API_KEY)=(.*)$/);
-            if (match)
-                dotenvVars[match[1]] = match[2];
-        }
-        if (Object.keys(dotenvVars).length > 0) {
-            logger.info(`  Loaded API keys: ${Object.keys(dotenvVars).join(", ")}`);
-        }
-    }
-    const { spawn } = await import("child_process");
-    const child = spawn(cmd, args, {
-        stdio: ["ignore", "pipe", "pipe"],
-        detached: true,
-        env: { ...process.env, ...dotenvVars },
-    });
-    // Capture stderr for debugging
-    let proxyStderr = "";
-    child.stderr?.on("data", (chunk) => { proxyStderr += chunk.toString(); });
-    // Wait for health
-    for (let i = 0; i < 30; i++) {
-        await new Promise((r) => setTimeout(r, 2000));
-        if (await checkLitellmHealth(url)) {
-            logger.info(`LiteLLM proxy ready at ${url}`);
-            return child;
-        }
-    }
-    if (proxyStderr) {
-        logger.warn(`LiteLLM stderr: ${proxyStderr.slice(-1000)}`);
-    }
-    logger.warn("LiteLLM proxy failed to start within 60s");
-    child.kill();
-    return null;
-}

package/dist/cli/task-resolution.d.ts

@@ -1,2 +0,0 @@
-export declare function findLatestTaskForIssue(issueNumber: number, projectDir: string): string | null;
-export declare function generateTaskId(): string;