@kody-ade/kody-engine 0.2.60 → 0.2.62

package/dist/bin/kody2.js

@@ -3,7 +3,7 @@
 // package.json
 var package_default = {
   name: "@kody-ade/kody-engine",
-  version: "0.2.60",
+  version: "0.2.62",
   description: "kody2 \u2014 autonomous development engine. Single-session Claude Code agent behind a generic executor + declarative executable profiles.",
   license: "MIT",
   type: "module",
@@ -50,7 +50,7 @@ var package_default = {
 };
 
 // src/chat-cli.ts
-import { execFileSync as execFileSync23 } from "child_process";
+import { execFileSync as execFileSync21 } from "child_process";
 import * as fs22 from "fs";
 import * as path19 from "path";
 
@@ -543,7 +543,7 @@ async function emit(sink, type, sessionId, suffix, payload) {
 }
 
 // src/kody2-cli.ts
-import { execFileSync as execFileSync22 } from "child_process";
+import { execFileSync as execFileSync20 } from "child_process";
 import * as fs21 from "fs";
 import * as path18 from "path";
 
@@ -581,9 +581,6 @@ function autoDispatch(opts) {
   if (!targetNum) return null;
   const afterTag = extractAfterTag(body);
   if (isPr) {
-    if (/\bapprove\b/.test(afterTag)) {
-      return { executable: "approve", cliArgs: { pr: targetNum }, target: targetNum };
-    }
     if (/\bfix-ci\b/.test(afterTag)) {
       return { executable: "fix-ci", cliArgs: { pr: targetNum }, target: targetNum };
     }
@@ -1241,265 +1238,6 @@ var advanceFlow = async (ctx, profile) => {
   }
 };
 
-// src/scripts/applyApprovals.ts
-import { execFileSync as execFileSync5 } from "child_process";
-
-// src/issue.ts
-import { execFileSync as execFileSync4 } from "child_process";
-var API_TIMEOUT_MS3 = 3e4;
-function ghToken2() {
-  return process.env.GH_PAT?.trim() || process.env.GH_TOKEN;
-}
-function gh2(args, options) {
-  const token = ghToken2();
-  const env = token ? { ...process.env, GH_TOKEN: token } : { ...process.env };
-  return execFileSync4("gh", args, {
-    encoding: "utf-8",
-    timeout: API_TIMEOUT_MS3,
-    cwd: options?.cwd,
-    env,
-    input: options?.input,
-    stdio: options?.input ? ["pipe", "pipe", "pipe"] : ["inherit", "pipe", "pipe"]
-  }).trim();
-}
-function getIssue(issueNumber, cwd) {
-  const output = gh2(["issue", "view", String(issueNumber), "--json", "number,title,body,comments,labels"], { cwd });
-  const parsed = JSON.parse(output);
-  if (typeof parsed?.title !== "string") {
-    throw new Error(`Issue #${issueNumber}: unexpected response shape`);
-  }
-  return {
-    number: parsed.number ?? issueNumber,
-    title: parsed.title,
-    body: parsed.body ?? "",
-    comments: (parsed.comments ?? []).map((c) => ({
-      body: c.body ?? "",
-      author: c.author?.login ?? "unknown",
-      createdAt: c.createdAt ?? ""
-    })),
-    labels: Array.isArray(parsed.labels) ? parsed.labels.map((l) => l.name ?? "").filter((n) => n.length > 0) : []
-  };
-}
-function stripKody2Mentions(body) {
-  return body.replace(/(@)(kody2)/gi, "$1\u200B$2");
-}
-function postIssueComment(issueNumber, body, cwd) {
-  try {
-    gh2(["issue", "comment", String(issueNumber), "--body-file", "-"], { input: stripKody2Mentions(body), cwd });
-  } catch (err) {
-    process.stderr.write(
-      `[kody2] failed to post comment on #${issueNumber}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-  }
-}
-function truncate2(s, maxBytes) {
-  if (s.length <= maxBytes) return s;
-  return `${s.slice(0, maxBytes)}\u2026 (+${s.length - maxBytes} chars)`;
-}
-function getPr(prNumber, cwd) {
-  const output = gh2(["pr", "view", String(prNumber), "--json", "number,title,body,headRefName,baseRefName,state"], {
-    cwd
-  });
-  const parsed = JSON.parse(output);
-  if (typeof parsed?.title !== "string") {
-    throw new Error(`PR #${prNumber}: unexpected response shape`);
-  }
-  return {
-    number: parsed.number ?? prNumber,
-    title: parsed.title,
-    body: parsed.body ?? "",
-    headRefName: String(parsed.headRefName ?? ""),
-    baseRefName: String(parsed.baseRefName ?? ""),
-    state: String(parsed.state ?? "")
-  };
-}
-function getPrDiff(prNumber, cwd) {
-  try {
-    return gh2(["pr", "diff", String(prNumber)], { cwd });
-  } catch (err) {
-    process.stderr.write(
-      `[kody2] failed to fetch diff for PR #${prNumber}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-    return "";
-  }
-}
-function getPrReviews(prNumber, cwd) {
-  try {
-    const output = gh2(["pr", "view", String(prNumber), "--json", "reviews"], { cwd });
-    const parsed = JSON.parse(output);
-    if (!Array.isArray(parsed?.reviews)) return [];
-    return parsed.reviews.map(
-      (r) => ({
-        body: r.body ?? "",
-        state: r.state ?? "",
-        author: r.author?.login ?? "unknown",
-        submittedAt: r.submittedAt ?? ""
-      })
-    );
-  } catch {
-    return [];
-  }
-}
-function getPrComments(prNumber, cwd) {
-  try {
-    const output = gh2(["pr", "view", String(prNumber), "--json", "comments"], { cwd });
-    const parsed = JSON.parse(output);
-    if (!Array.isArray(parsed?.comments)) return [];
-    return parsed.comments.map((c) => ({
-      body: c.body ?? "",
-      author: c.author?.login ?? "unknown",
-      createdAt: c.createdAt ?? ""
-    })).filter((c) => c.body.trim().length > 0);
-  } catch {
-    return [];
-  }
-}
-var VERDICT_HEADING = /(^|\n)\s*#{1,6}\s*Verdict\s*:/i;
-function isReviewShaped(body) {
-  return VERDICT_HEADING.test(body);
-}
-function getPrLatestReviewBody(prNumber, cwd) {
-  const reviews = getPrReviews(prNumber, cwd).filter((r) => r.body.trim().length > 0).map((r) => ({ body: r.body, at: r.submittedAt }));
-  const comments = getPrComments(prNumber, cwd).filter((c) => isReviewShaped(c.body)).map((c) => ({ body: c.body, at: c.createdAt }));
-  const all = [...reviews, ...comments].sort((a, b) => (b.at || "").localeCompare(a.at || ""));
-  if (all.length > 0) return all[0].body;
-  const pr = getPr(prNumber, cwd);
-  return pr.body;
-}
-function postPrReviewComment(prNumber, body, cwd) {
-  try {
-    gh2(["pr", "comment", String(prNumber), "--body-file", "-"], { input: stripKody2Mentions(body), cwd });
-  } catch (err) {
-    process.stderr.write(
-      `[kody2] failed to post review comment on PR #${prNumber}: ${err instanceof Error ? err.message : String(err)}
-`
-    );
-  }
-}
-
-// src/scripts/applyApprovals.ts
-var API_TIMEOUT_MS4 = 3e4;
-var ALL_APPROVE_LABELS = [
-  { label: "kody-approve:all", description: "kody2: approve all soft risk gates" },
-  { label: "kody-approve:secrets", description: "kody2: approve the secrets risk gate and resume the flow" },
-  { label: "kody-approve:workflow-edit", description: "kody2: approve the workflow-edit risk gate and resume the flow" },
-  { label: "kody-approve:large-diff", description: "kody2: approve the large-diff risk gate and resume the flow" },
-  { label: "kody-approve:dep-change", description: "kody2: approve the dep-change risk gate and resume the flow" },
-  { label: "kody-approve:test-deletion", description: "kody2: approve the test-deletion risk gate and resume the flow" }
-];
-var applyApprovals = async (ctx) => {
-  const issueArg = typeof ctx.args.issue === "number" ? ctx.args.issue : null;
-  const prArg = typeof ctx.args.pr === "number" ? ctx.args.pr : null;
-  const currentTarget = issueArg ? { type: "issue", number: issueArg } : prArg ? { type: "pr", number: prArg } : null;
-  if (!currentTarget) {
-    ctx.output.exitCode = 64;
-    ctx.output.reason = "approve: must be invoked with --issue or --pr";
-    return;
-  }
-  let state = null;
-  try {
-    state = readTaskState(currentTarget.type, currentTarget.number, ctx.cwd);
-  } catch {
-    state = null;
-  }
-  const issueNumber = currentTarget.type === "issue" ? currentTarget.number : state?.flow?.issueNumber ?? null;
-  const prNumber = currentTarget.type === "pr" ? currentTarget.number : parsePrNumber(state?.core?.prUrl);
-  const targets = uniquePairs(
-    [
-      { type: "issue", number: issueNumber },
-      { type: "pr", number: prNumber }
-    ].filter((t) => typeof t.number === "number" && t.number > 0)
-  );
-  for (const spec of ALL_APPROVE_LABELS) {
-    ensureLabel(spec, ctx.cwd);
-  }
-  for (const t of targets) {
-    for (const spec of ALL_APPROVE_LABELS) {
-      addLabel(t.number, spec.label, ctx.cwd);
-    }
-  }
-  const confirmation = formatConfirmation(currentTarget, targets, state);
-  try {
-    if (currentTarget.type === "issue") postIssueComment(currentTarget.number, confirmation, ctx.cwd);
-    else postPrReviewComment(currentTarget.number, confirmation, ctx.cwd);
-  } catch {
-  }
-  const flowName = state?.flow?.name;
-  if (issueNumber && typeof flowName === "string" && flowName.length > 0) {
-    try {
-      execFileSync5("gh", ["issue", "comment", String(issueNumber), "--body", `@kody2 ${flowName}`], {
-        timeout: API_TIMEOUT_MS4,
-        cwd: ctx.cwd,
-        stdio: ["ignore", "pipe", "pipe"]
-      });
-    } catch (err) {
-      process.stderr.write(
-        `[kody2 approve] failed to re-trigger flow on issue #${issueNumber}: ${err instanceof Error ? err.message : String(err)}
-`
-      );
-    }
-  }
-  ctx.output.exitCode = 0;
-};
-function parsePrNumber(url) {
-  if (!url) return null;
-  const m = url.match(/\/pull\/(\d+)(?:[/?#]|$)/);
-  if (!m) return null;
-  const n = parseInt(m[1], 10);
-  return Number.isFinite(n) ? n : null;
-}
-function uniquePairs(pairs) {
-  const seen = /* @__PURE__ */ new Set();
-  const out = [];
-  for (const p of pairs) {
-    const key = `${p.type}:${p.number}`;
-    if (seen.has(key)) continue;
-    seen.add(key);
-    out.push(p);
-  }
-  return out;
-}
-function ensureLabel(spec, cwd) {
-  try {
-    gh2(
-      ["label", "create", spec.label, "--force", "--color", "0e8a16", "--description", spec.description],
-      { cwd }
-    );
-  } catch {
-  }
-}
-function addLabel(number, label, cwd) {
-  try {
-    gh2(["issue", "edit", String(number), "--add-label", label], { cwd });
-  } catch {
-  }
-}
-function formatConfirmation(current, targets, state) {
-  const other = targets.find((t) => t.type !== current.type);
-  const lines = [];
-  lines.push("\u2705 **kody2 risk gates approved.**");
-  lines.push("");
-  lines.push(
-    `Applied \`kody-approve:*\` labels on ${targets.map((t) => `${t.type} #${t.number}`).join(" and ")}.`
-  );
-  if (other && current.type === "pr") {
-    lines.push(`Mirrored to the originating issue (#${other.number}) so the orchestrator also sees the approval.`);
-  } else if (other && current.type === "issue") {
-    lines.push(`Mirrored to PR #${other.number} so a pending \`fix\` primitive also passes the gate.`);
-  }
-  const flowName = state?.flow?.name;
-  if (flowName) {
-    lines.push("");
-    lines.push(`Re-triggering the \`${flowName}\` flow now \u2014 it will resume from the existing branch/PR checkpoint.`);
-  } else {
-    lines.push("");
-    lines.push("No active flow found in task state. Post `@kody2 <command>` to resume manually.");
-  }
-  return lines.join("\n");
-}
-
 // src/scripts/buildSyntheticPlugin.ts
 import * as fs8 from "fs";
 import * as os2 from "os";
@@ -1594,7 +1332,7 @@ function copyDir(src, dst) {
 }
 
 // src/coverage.ts
-import { execFileSync as execFileSync6 } from "child_process";
+import { execFileSync as execFileSync4 } from "child_process";
 function patternToRegex(pattern) {
   let s = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
   s = s.replace(/\*\*\//g, "\xA7S").replace(/\*\*/g, "\xA7A").replace(/\*/g, "[^/]*");
@@ -1612,7 +1350,7 @@ function renderSiblingPath(file, requireSibling) {
 }
 function safeGit(args, cwd) {
   try {
-    return execFileSync6("git", args, { encoding: "utf-8", cwd, env: { ...process.env, HUSKY: "0" } }).trim();
+    return execFileSync4("git", args, { encoding: "utf-8", cwd, env: { ...process.env, HUSKY: "0" } }).trim();
   } catch {
     return "";
   }
@@ -1818,10 +1556,10 @@ function defaultLabelMap() {
 }
 
 // src/scripts/commitAndPush.ts
-import { execFileSync as execFileSync8 } from "child_process";
+import { execFileSync as execFileSync6 } from "child_process";
 
 // src/commit.ts
-import { execFileSync as execFileSync7 } from "child_process";
+import { execFileSync as execFileSync5 } from "child_process";
 import * as fs10 from "fs";
 import * as path9 from "path";
 var FORBIDDEN_PATH_PREFIXES = [
@@ -1851,7 +1589,7 @@ var CONVENTIONAL_PREFIXES = [
 ];
 function git(args, cwd) {
   try {
-    return execFileSync7("git", args, {
+    return execFileSync5("git", args, {
       encoding: "utf-8",
       timeout: 12e4,
       cwd,
@@ -1909,7 +1647,7 @@ function isForbiddenPath(p) {
   return false;
 }
 function listChangedFiles(cwd) {
-  const raw = execFileSync7("git", ["status", "--porcelain=v1", "-z"], {
+  const raw = execFileSync5("git", ["status", "--porcelain=v1", "-z"], {
     encoding: "utf-8",
     cwd,
     env: { ...process.env, HUSKY: "0", SKIP_HOOKS: "1" },
@@ -1921,7 +1659,7 @@ function listChangedFiles(cwd) {
 }
 function listFilesInCommit(ref = "HEAD", cwd) {
   try {
-    const raw = execFileSync7("git", ["show", "--name-only", "--pretty=format:", "-z", ref], {
+    const raw = execFileSync5("git", ["show", "--name-only", "--pretty=format:", "-z", ref], {
       encoding: "utf-8",
       cwd,
       env: { ...process.env, HUSKY: "0", SKIP_HOOKS: "1" },
@@ -2001,7 +1739,7 @@ var commitAndPush2 = async (ctx, profile) => {
   const kind = profile.name;
   if (kind === "resolve") {
     try {
-      execFileSync8("git", ["add", "-A"], { cwd: ctx.cwd, env: { ...process.env, HUSKY: "0" }, stdio: "pipe" });
+      execFileSync6("git", ["add", "-A"], { cwd: ctx.cwd, env: { ...process.env, HUSKY: "0" }, stdio: "pipe" });
     } catch {
     }
   } else {
@@ -2623,8 +2361,8 @@ var discoverQaContext = async (ctx) => {
 };
 
 // src/scripts/dispatch.ts
-import { execFileSync as execFileSync9 } from "child_process";
-var API_TIMEOUT_MS5 = 3e4;
+import { execFileSync as execFileSync7 } from "child_process";
+var API_TIMEOUT_MS3 = 3e4;
 var dispatch = async (ctx, _profile, _agentResult, args) => {
   const next = args?.next;
   if (!next) {
@@ -2646,8 +2384,8 @@ var dispatch = async (ctx, _profile, _agentResult, args) => {
   const sub = usePr ? "pr" : "issue";
   const body = `@kody2 ${next}`;
   try {
-    execFileSync9("gh", [sub, "comment", String(targetNumber), "--body", body], {
-      timeout: API_TIMEOUT_MS5,
+    execFileSync7("gh", [sub, "comment", String(targetNumber), "--body", body], {
+      timeout: API_TIMEOUT_MS3,
       cwd: ctx.cwd,
       stdio: ["ignore", "pipe", "pipe"]
     });
@@ -2665,6 +2403,141 @@ function parsePr(url) {
   return Number.isFinite(n) ? n : null;
 }
 
+// src/issue.ts
+import { execFileSync as execFileSync8 } from "child_process";
+var API_TIMEOUT_MS4 = 3e4;
+function ghToken2() {
+  return process.env.GH_PAT?.trim() || process.env.GH_TOKEN;
+}
+function gh2(args, options) {
+  const token = ghToken2();
+  const env = token ? { ...process.env, GH_TOKEN: token } : { ...process.env };
+  return execFileSync8("gh", args, {
+    encoding: "utf-8",
+    timeout: API_TIMEOUT_MS4,
+    cwd: options?.cwd,
+    env,
+    input: options?.input,
+    stdio: options?.input ? ["pipe", "pipe", "pipe"] : ["inherit", "pipe", "pipe"]
+  }).trim();
+}
+function getIssue(issueNumber, cwd) {
+  const output = gh2(["issue", "view", String(issueNumber), "--json", "number,title,body,comments,labels"], { cwd });
+  const parsed = JSON.parse(output);
+  if (typeof parsed?.title !== "string") {
+    throw new Error(`Issue #${issueNumber}: unexpected response shape`);
+  }
+  return {
+    number: parsed.number ?? issueNumber,
+    title: parsed.title,
+    body: parsed.body ?? "",
+    comments: (parsed.comments ?? []).map((c) => ({
+      body: c.body ?? "",
+      author: c.author?.login ?? "unknown",
+      createdAt: c.createdAt ?? ""
+    })),
+    labels: Array.isArray(parsed.labels) ? parsed.labels.map((l) => l.name ?? "").filter((n) => n.length > 0) : []
+  };
+}
+function stripKody2Mentions(body) {
+  return body.replace(/(@)(kody2)/gi, "$1\u200B$2");
+}
+function postIssueComment(issueNumber, body, cwd) {
+  try {
+    gh2(["issue", "comment", String(issueNumber), "--body-file", "-"], { input: stripKody2Mentions(body), cwd });
+  } catch (err) {
+    process.stderr.write(
+      `[kody2] failed to post comment on #${issueNumber}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+  }
+}
+function truncate2(s, maxBytes) {
+  if (s.length <= maxBytes) return s;
+  return `${s.slice(0, maxBytes)}\u2026 (+${s.length - maxBytes} chars)`;
+}
+function getPr(prNumber, cwd) {
+  const output = gh2(["pr", "view", String(prNumber), "--json", "number,title,body,headRefName,baseRefName,state"], {
+    cwd
+  });
+  const parsed = JSON.parse(output);
+  if (typeof parsed?.title !== "string") {
+    throw new Error(`PR #${prNumber}: unexpected response shape`);
+  }
+  return {
+    number: parsed.number ?? prNumber,
+    title: parsed.title,
+    body: parsed.body ?? "",
+    headRefName: String(parsed.headRefName ?? ""),
+    baseRefName: String(parsed.baseRefName ?? ""),
+    state: String(parsed.state ?? "")
+  };
+}
+function getPrDiff(prNumber, cwd) {
+  try {
+    return gh2(["pr", "diff", String(prNumber)], { cwd });
+  } catch (err) {
+    process.stderr.write(
+      `[kody2] failed to fetch diff for PR #${prNumber}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+    return "";
+  }
+}
+function getPrReviews(prNumber, cwd) {
+  try {
+    const output = gh2(["pr", "view", String(prNumber), "--json", "reviews"], { cwd });
+    const parsed = JSON.parse(output);
+    if (!Array.isArray(parsed?.reviews)) return [];
+    return parsed.reviews.map(
+      (r) => ({
+        body: r.body ?? "",
+        state: r.state ?? "",
+        author: r.author?.login ?? "unknown",
+        submittedAt: r.submittedAt ?? ""
+      })
+    );
+  } catch {
+    return [];
+  }
+}
+function getPrComments(prNumber, cwd) {
+  try {
+    const output = gh2(["pr", "view", String(prNumber), "--json", "comments"], { cwd });
+    const parsed = JSON.parse(output);
+    if (!Array.isArray(parsed?.comments)) return [];
+    return parsed.comments.map((c) => ({
+      body: c.body ?? "",
+      author: c.author?.login ?? "unknown",
+      createdAt: c.createdAt ?? ""
+    })).filter((c) => c.body.trim().length > 0);
+  } catch {
+    return [];
+  }
+}
+var VERDICT_HEADING = /(^|\n)\s*#{1,6}\s*Verdict\s*:/i;
+function isReviewShaped(body) {
+  return VERDICT_HEADING.test(body);
+}
+function getPrLatestReviewBody(prNumber, cwd) {
+  const reviews = getPrReviews(prNumber, cwd).filter((r) => r.body.trim().length > 0).map((r) => ({ body: r.body, at: r.submittedAt }));
+  const comments = getPrComments(prNumber, cwd).filter((c) => isReviewShaped(c.body)).map((c) => ({ body: c.body, at: c.createdAt }));
+  const all = [...reviews, ...comments].sort((a, b) => (b.at || "").localeCompare(a.at || ""));
+  if (all.length > 0) return all[0].body;
+  const pr = getPr(prNumber, cwd);
+  return pr.body;
+}
+function postPrReviewComment(prNumber, body, cwd) {
+  try {
+    gh2(["pr", "comment", String(prNumber), "--body-file", "-"], { input: stripKody2Mentions(body), cwd });
+  } catch (err) {
+    process.stderr.write(
+      `[kody2] failed to post review comment on PR #${prNumber}: ${err instanceof Error ? err.message : String(err)}
+`
+    );
+  }
+}
+
 // src/pr.ts
 var TITLE_MAX = 72;
 function stripTitlePrefixes(raw) {
@@ -2830,7 +2703,7 @@ function computeFailureReason(ctx) {
 }
 
 // src/scripts/finishFlow.ts
-import { execFileSync as execFileSync10 } from "child_process";
+import { execFileSync as execFileSync9 } from "child_process";
 
 // src/registry.ts
 import * as fs14 from "fs";
@@ -2949,7 +2822,7 @@ function getIssueLabels(issueNumber, cwd) {
     return [];
   }
 }
-function addLabel2(issueNumber, label, cwd) {
+function addLabel(issueNumber, label, cwd) {
   gh2(["issue", "edit", String(issueNumber), "--add-label", label], { cwd });
 }
 function removeLabel(issueNumber, label, cwd) {
@@ -2981,12 +2854,12 @@ function setKodyLabel(issueNumber, spec, cwd) {
     }
   }
   try {
-    addLabel2(issueNumber, target, cwd);
+    addLabel(issueNumber, target, cwd);
   } catch (err) {
     if (looksLikeMissingLabel(err)) {
       try {
         createLabelInRepo(spec, cwd);
-        addLabel2(issueNumber, target, cwd);
+        addLabel(issueNumber, target, cwd);
         return;
       } catch (retryErr) {
         process.stderr.write(
@@ -3018,7 +2891,7 @@ function errMsg(err) {
 }
 
 // src/scripts/finishFlow.ts
-var API_TIMEOUT_MS6 = 3e4;
+var API_TIMEOUT_MS5 = 3e4;
 var STATUS_ICON = {
   "review-passed": "\u2705",
   "fix-applied": "\u2705",
@@ -3050,8 +2923,8 @@ var finishFlow = async (ctx, _profile, _agentResult, args) => {
 **PR:** ${state.core.prUrl}` : "";
   const body = `${icon} kody2 flow \`${flowName}\` finished \u2014 \`${reason}\`${prSuffix}`;
   try {
-    execFileSync10("gh", ["issue", "comment", String(issueNumber), "--body", body], {
-      timeout: API_TIMEOUT_MS6,
+    execFileSync9("gh", ["issue", "comment", String(issueNumber), "--body", body], {
+      timeout: API_TIMEOUT_MS5,
       cwd: ctx.cwd,
       stdio: ["ignore", "pipe", "pipe"]
     });
@@ -3064,7 +2937,7 @@ var finishFlow = async (ctx, _profile, _agentResult, args) => {
 };
 
 // src/branch.ts
-import { execFileSync as execFileSync11 } from "child_process";
+import { execFileSync as execFileSync10 } from "child_process";
 var UncommittedChangesError = class extends Error {
   constructor(branch) {
     super(`Uncommitted changes on branch '${branch}' \u2014 refusing to run to protect work in progress`);
@@ -3074,7 +2947,7 @@ var UncommittedChangesError = class extends Error {
   branch;
 };
 function git2(args, cwd) {
-  return execFileSync11("git", args, {
+  return execFileSync10("git", args, {
     encoding: "utf-8",
     timeout: 3e4,
     cwd,
@@ -3099,7 +2972,7 @@ function checkoutPrBranch(prNumber, cwd) {
     SKIP_HOOKS: "1",
     GH_TOKEN: process.env.GH_PAT?.trim() || process.env.GH_TOKEN || ""
   };
-  execFileSync11("gh", ["pr", "checkout", String(prNumber)], {
+  execFileSync10("gh", ["pr", "checkout", String(prNumber)], {
     cwd,
     env,
     stdio: ["ignore", "pipe", "pipe"],
@@ -3166,7 +3039,7 @@ function ensureFeatureBranch(issueNumber, title, defaultBranch, cwd) {
 }
 
 // src/gha.ts
-import { execFileSync as execFileSync12 } from "child_process";
+import { execFileSync as execFileSync11 } from "child_process";
 import * as fs15 from "fs";
 function getRunUrl() {
   const server = process.env.GITHUB_SERVER_URL;
@@ -3209,7 +3082,7 @@ function reactToTriggerComment(cwd) {
   for (let attempt = 0; attempt < 3; attempt++) {
     if (attempt > 0) sleepMs(attempt === 1 ? 500 : 1500);
     try {
-      execFileSync12("gh", args, opts);
+      execFileSync11("gh", args, opts);
       return;
     } catch (err) {
       lastErr = err;
@@ -3222,13 +3095,13 @@ function reactToTriggerComment(cwd) {
 }
 function sleepMs(ms) {
   try {
-    execFileSync12("sleep", [(ms / 1e3).toString()], { stdio: "ignore", timeout: ms + 1e3 });
+    execFileSync11("sleep", [(ms / 1e3).toString()], { stdio: "ignore", timeout: ms + 1e3 });
   } catch {
   }
 }
 
 // src/workflow.ts
-import { execFileSync as execFileSync13 } from "child_process";
+import { execFileSync as execFileSync12 } from "child_process";
 var GH_TIMEOUT_MS = 3e4;
 function ghToken3() {
   return process.env.GH_PAT?.trim() || process.env.GH_TOKEN;
@@ -3236,7 +3109,7 @@ function ghToken3() {
 function gh3(args, cwd) {
   const token = ghToken3();
   const env = token ? { ...process.env, GH_TOKEN: token } : { ...process.env };
-  return execFileSync13("gh", args, {
+  return execFileSync12("gh", args, {
     encoding: "utf-8",
     timeout: GH_TIMEOUT_MS,
     cwd,
@@ -3420,7 +3293,7 @@ function tryPostPr2(prNumber, body, cwd) {
 }
 
 // src/scripts/initFlow.ts
-import { execFileSync as execFileSync14 } from "child_process";
+import { execFileSync as execFileSync13 } from "child_process";
 import * as fs17 from "fs";
 import * as path15 from "path";
 
@@ -3461,7 +3334,7 @@ function qualityCommandsFor(pm) {
 function detectOwnerRepo(cwd) {
   let url;
   try {
-    url = execFileSync14("git", ["remote", "get-url", "origin"], {
+    url = execFileSync13("git", ["remote", "get-url", "origin"], {
       cwd,
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "pipe"]
@@ -3545,7 +3418,7 @@ jobs:
 `;
 function defaultBranchFromGit(cwd) {
   try {
-    const ref = execFileSync14("git", ["symbolic-ref", "refs/remotes/origin/HEAD"], {
+    const ref = execFileSync13("git", ["symbolic-ref", "refs/remotes/origin/HEAD"], {
       cwd,
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "pipe"]
@@ -3553,7 +3426,7 @@ function defaultBranchFromGit(cwd) {
     return ref.replace("refs/remotes/origin/", "");
   } catch {
     try {
-      return execFileSync14("git", ["branch", "--show-current"], {
+      return execFileSync13("git", ["branch", "--show-current"], {
         cwd,
         encoding: "utf-8",
         stdio: ["ignore", "pipe", "pipe"]
@@ -3743,7 +3616,7 @@ var mirrorStateToPr = async (ctx) => {
   if (!issueNumber || issueTarget !== "issue") return;
   const prUrl = ctx.output.prUrl ?? ctx.data.prResult?.url;
   if (!prUrl) return;
-  const prNumber = parsePrNumber2(prUrl);
+  const prNumber = parsePrNumber(prUrl);
   if (!prNumber) return;
   let state;
   try {
@@ -3761,7 +3634,7 @@ var mirrorStateToPr = async (ctx) => {
     );
   }
 };
-function parsePrNumber2(prUrl) {
+function parsePrNumber(prUrl) {
   const m = prUrl.match(/\/pull\/(\d+)(?:[/?#]|$)/);
   if (!m) return null;
   const n = parseInt(m[1], 10);
@@ -3846,8 +3719,8 @@ var persistFlowState = async (ctx) => {
 };
 
 // src/scripts/postClassification.ts
-import { execFileSync as execFileSync15 } from "child_process";
-var API_TIMEOUT_MS7 = 3e4;
+import { execFileSync as execFileSync14 } from "child_process";
+var API_TIMEOUT_MS6 = 3e4;
 var VALID_CLASSES2 = /* @__PURE__ */ new Set(["feature", "bug", "spec", "chore"]);
 var postClassification = async (ctx) => {
   const issueNumber = ctx.args.issue;
@@ -3876,9 +3749,9 @@ var postClassification = async (ctx) => {
     ctx.cwd
   );
   try {
-    execFileSync15("gh", ["issue", "comment", String(issueNumber), "--body", `@kody2 ${classification}`], {
+    execFileSync14("gh", ["issue", "comment", String(issueNumber), "--body", `@kody2 ${classification}`], {
       cwd: ctx.cwd,
-      timeout: API_TIMEOUT_MS7,
+      timeout: API_TIMEOUT_MS6,
       stdio: ["ignore", "pipe", "pipe"]
     });
   } catch (err) {
@@ -3910,9 +3783,9 @@ function parseClassification(prSummary) {
 }
 function tryAuditComment(issueNumber, body, cwd) {
   try {
-    execFileSync15("gh", ["issue", "comment", String(issueNumber), "--body", body], {
+    execFileSync14("gh", ["issue", "comment", String(issueNumber), "--body", body], {
       cwd,
-      timeout: API_TIMEOUT_MS7,
+      timeout: API_TIMEOUT_MS6,
       stdio: ["ignore", "pipe", "pipe"]
     });
   } catch {
@@ -4094,7 +3967,7 @@ REVIEW_POSTED=https://github.com/${ctx.config.github.owner}/${ctx.config.github.
 };
 
 // src/scripts/releaseFlow.ts
-import { execFileSync as execFileSync16, spawnSync } from "child_process";
+import { execFileSync as execFileSync15, spawnSync } from "child_process";
 import * as fs18 from "fs";
 import * as path16 from "path";
 function bumpVersion(current, bump) {
@@ -4124,7 +3997,7 @@ function generateChangelog(cwd, newVersion, lastTag) {
   const range = lastTag ? `${lastTag}..HEAD` : "HEAD";
   let log = "";
   try {
-    log = execFileSync16("git", ["log", range, "--pretty=format:%s||%h", "--no-merges"], {
+    log = execFileSync15("git", ["log", range, "--pretty=format:%s||%h", "--no-merges"], {
       cwd,
       encoding: "utf-8",
       stdio: ["ignore", "pipe", "pipe"]
@@ -4181,7 +4054,7 @@ ${entry}${prior.slice(idx + 1)}`);
   }
 }
 function git3(args, cwd, timeout = 6e4) {
-  return execFileSync16("git", args, {
+  return execFileSync15("git", args, {
     encoding: "utf-8",
     timeout,
     cwd,
@@ -4484,7 +4357,7 @@ var resolveArtifacts = async (ctx, profile) => {
 };
 
 // src/scripts/resolveFlow.ts
-import { execFileSync as execFileSync17 } from "child_process";
+import { execFileSync as execFileSync16 } from "child_process";
 var CONFLICT_DIFF_MAX_BYTES = 4e4;
 var resolveFlow = async (ctx) => {
   const prNumber = ctx.args.pr;
@@ -4536,7 +4409,7 @@ var resolveFlow = async (ctx) => {
 };
 function getConflictedFiles(cwd) {
   try {
-    const out = execFileSync17("git", ["diff", "--name-only", "--diff-filter=U"], {
+    const out = execFileSync16("git", ["diff", "--name-only", "--diff-filter=U"], {
       encoding: "utf-8",
       cwd,
       env: { ...process.env, HUSKY: "0" }
@@ -4551,7 +4424,7 @@ function getConflictMarkersPreview(files, cwd, maxBytes = CONFLICT_DIFF_MAX_BYTE
   let total = 0;
   for (const f of files) {
     try {
-      const content = execFileSync17("cat", [f], { encoding: "utf-8", cwd }).toString();
+      const content = execFileSync16("cat", [f], { encoding: "utf-8", cwd }).toString();
       const snippet = `### ${f}
 
 \`\`\`
@@ -4619,299 +4492,6 @@ function tryPostPr4(prNumber, body, cwd) {
   }
 }
 
-// src/scripts/riskGate.ts
-import { execFileSync as execFileSync18 } from "child_process";
-var ALL_GATES = ["secrets", "workflow-edit", "large-diff", "dep-change", "test-deletion"];
-var HARD_GATES = /* @__PURE__ */ new Set(["secrets"]);
-var APPROVE_ALL = "kody-approve:all";
-var GATED_LABEL = "kody:gated";
-var DEFAULT_MAX_FILES = 20;
-var DEFAULT_MAX_DELETIONS = 500;
-var riskGate = async (ctx, profile, _agent, args) => {
-  const changedFiles = collectBranchChangedFiles(ctx);
-  const gatesToRun = parseGates(args?.gates);
-  const violations = evaluateGates(ctx, profile.name, changedFiles, gatesToRun, args);
-  if (violations.length === 0) {
-    ctx.data.riskGate = { violations: [], pending: [], decision: "allow" };
-    return;
-  }
-  const targetType = ctx.data.commentTargetType;
-  const targetNumber = Number(ctx.data.commentTargetNumber ?? 0);
-  const labels = collectApprovalLabels(ctx, targetType, targetNumber);
-  const approveAll = labels.includes(APPROVE_ALL);
-  const pending = violations.filter((v) => !isApproved(v, labels, approveAll));
-  ctx.data.riskGate = {
-    violations,
-    pending,
-    decision: pending.length === 0 ? "allow" : "halt"
-  };
-  if (pending.length === 0 || !targetType || targetNumber <= 0) return;
-  for (const v of pending) {
-    ensureApproveLabel(v.name, ctx.cwd);
-  }
-  try {
-    setKodyLabel(
-      targetNumber,
-      {
-        label: GATED_LABEL,
-        color: "fbca04",
-        description: "kody2: awaiting human approval of risk gate(s)"
-      },
-      ctx.cwd
-    );
-  } catch {
-  }
-  const compareUrl = computeCompareUrl(ctx);
-  const body = formatAdvisory(pending, compareUrl);
-  try {
-    if (targetType === "issue") postIssueComment(targetNumber, body, ctx.cwd);
-    else postPrReviewComment(targetNumber, body, ctx.cwd);
-  } catch {
-  }
-  if (!ctx.output.reason) {
-    ctx.output.reason = `risk gate halt: ${pending.map((p) => p.name).join(", ")}`;
-  }
-};
-function evaluateGates(ctx, profileName, changedFiles, gatesToRun, args) {
-  const violations = [];
-  if (gatesToRun.includes("secrets")) {
-    const hits = changedFiles.filter(isSecretPath);
-    if (hits.length > 0) {
-      violations.push({
-        name: "secrets",
-        severity: "hard",
-        reason: `secret/credential files touched: ${preview(hits)}`
-      });
-    }
-  }
-  if (gatesToRun.includes("workflow-edit")) {
-    const hits = changedFiles.filter((f) => f.startsWith(".github/workflows/"));
-    if (hits.length > 0) {
-      violations.push({
-        name: "workflow-edit",
-        severity: "soft",
-        reason: `CI workflow files modified: ${preview(hits)}`
-      });
-    }
-  }
-  if (gatesToRun.includes("large-diff")) {
-    const maxFiles = toPositiveInt(args?.maxFiles, DEFAULT_MAX_FILES);
-    const maxDeletions = toPositiveInt(args?.maxDeletions, DEFAULT_MAX_DELETIONS);
-    if (changedFiles.length > maxFiles) {
-      violations.push({
-        name: "large-diff",
-        severity: "soft",
-        reason: `${changedFiles.length} files changed (threshold: ${maxFiles})`
-      });
-    } else {
-      const stats = computeDiffStats(ctx);
-      if (stats && stats.deletions > maxDeletions) {
-        violations.push({
-          name: "large-diff",
-          severity: "soft",
-          reason: `${stats.deletions} lines deleted (threshold: ${maxDeletions})`
-        });
-      }
-    }
-  }
-  if (gatesToRun.includes("dep-change") && profileName !== "chore") {
-    const hits = changedFiles.filter(isDepFile);
-    if (hits.length > 0) {
-      violations.push({
-        name: "dep-change",
-        severity: "soft",
-        reason: `dependency/lockfile changes outside a chore flow: ${preview(hits)}`
-      });
-    }
-  }
-  if (gatesToRun.includes("test-deletion")) {
-    const deleted = listDeletedFilesInHeadCommit(ctx.cwd).filter(isTestFile);
-    if (deleted.length > 0) {
-      violations.push({
-        name: "test-deletion",
-        severity: "soft",
-        reason: `test files deleted: ${preview(deleted)}`
-      });
-    }
-  }
-  return violations;
-}
-function collectApprovalLabels(ctx, targetType, targetNumber) {
-  const seen = /* @__PURE__ */ new Set();
-  if (targetNumber > 0) {
-    for (const l of getIssueLabels(targetNumber, ctx.cwd)) seen.add(l);
-  }
-  if (targetType === "pr") {
-    const state = ctx.data.taskState;
-    const issueNum = state?.flow?.issueNumber;
-    if (typeof issueNum === "number" && issueNum > 0 && issueNum !== targetNumber) {
-      for (const l of getIssueLabels(issueNum, ctx.cwd)) seen.add(l);
-    }
-  }
-  return [...seen];
-}
-function isApproved(v, labels, approveAll) {
-  if (labels.includes(`kody-approve:${v.name}`)) return true;
-  if (!HARD_GATES.has(v.name) && approveAll) return true;
-  return false;
-}
-function parseGates(spec) {
-  if (spec === void 0 || spec === null || spec === "") return ALL_GATES;
-  const list = String(spec).split(",").map((s) => s.trim()).filter(Boolean);
-  const valid = ALL_GATES;
-  const matched = list.filter((n) => valid.includes(n));
-  return matched.length > 0 ? matched : ALL_GATES;
-}
-function toPositiveInt(v, fallback) {
-  const n = typeof v === "number" ? v : parseInt(String(v ?? ""), 10);
-  return Number.isFinite(n) && n > 0 ? n : fallback;
-}
-function preview(list, max = 5) {
-  if (list.length <= max) return list.join(", ");
-  return `${list.slice(0, max).join(", ")} (+${list.length - max} more)`;
-}
-var SECRET_PATTERNS = [
-  /(^|\/)\.env(\.|$)/i,
-  /\.pem$/i,
-  /\.key$/i,
-  /(^|\/)(id_rsa|id_ed25519|id_ecdsa)(\.|$)/i,
-  // Match the keyword anywhere inside the filename, as a whole word (so e.g.
-  // `api-secrets.json`, `config/app.credentials.yaml`, `user-passwords.txt`
-  // all trip — while false friends like `secretary.md` do not).
-  /(^|\/)[^/]*\bsecrets?\b[^/]*$/i,
-  /(^|\/)[^/]*\bcredentials?\b[^/]*$/i,
-  /(^|\/)[^/]*\bpasswords?\b[^/]*$/i,
-  /(^|\/)[^/]*\bapi[-_]keys?\b[^/]*$/i,
-  /(^|\/)\.netrc$/i,
-  /(^|\/)\.npmrc$/i
-];
-function isSecretPath(p) {
-  return SECRET_PATTERNS.some((r) => r.test(p));
-}
-var DEP_FILES = /* @__PURE__ */ new Set([
-  "package.json",
-  "pnpm-lock.yaml",
-  "package-lock.json",
-  "yarn.lock",
-  "requirements.txt",
-  "Pipfile",
-  "Pipfile.lock",
-  "poetry.lock",
-  "go.mod",
-  "go.sum",
-  "Cargo.toml",
-  "Cargo.lock",
-  "Gemfile",
-  "Gemfile.lock"
-]);
-function isDepFile(p) {
-  return DEP_FILES.has(p.split("/").pop() ?? "");
-}
-function isTestFile(p) {
-  return /(^|\/)(tests?|__tests__|spec)\//i.test(p) || /\.(test|spec)\.[a-z0-9]+$/i.test(p);
-}
-function collectBranchChangedFiles(ctx) {
-  const base = ctx.config.git.defaultBranch;
-  for (const ref of [`origin/${base}...HEAD`, `${base}...HEAD`]) {
-    try {
-      const out = execFileSync18("git", ["diff", "--name-only", ref], {
-        cwd: ctx.cwd,
-        encoding: "utf-8",
-        stdio: ["pipe", "pipe", "pipe"]
-      });
-      const files = out.split("\n").map((s) => s.trim()).filter(Boolean);
-      if (files.length > 0) return files;
-    } catch {
-    }
-  }
-  return ctx.data.changedFiles ?? [];
-}
-function computeDiffStats(ctx) {
-  const base = ctx.config.git.defaultBranch;
-  for (const ref of [`origin/${base}...HEAD`, `${base}...HEAD`]) {
-    try {
-      const out = execFileSync18("git", ["diff", "--shortstat", ref], {
-        cwd: ctx.cwd,
-        encoding: "utf-8",
-        stdio: ["pipe", "pipe", "pipe"]
-      }).trim();
-      if (out) return parseShortstat(out);
-    } catch {
-    }
-  }
-  return null;
-}
-function parseShortstat(s) {
-  const ins = /(\d+)\s+insertions?/.exec(s);
-  const del = /(\d+)\s+deletions?/.exec(s);
-  return {
-    insertions: ins ? parseInt(ins[1], 10) : 0,
-    deletions: del ? parseInt(del[1], 10) : 0
-  };
-}
-function listDeletedFilesInHeadCommit(cwd) {
-  try {
-    const out = execFileSync18("git", ["show", "--name-status", "--pretty=format:", "HEAD"], {
-      cwd,
-      encoding: "utf-8",
-      stdio: ["pipe", "pipe", "pipe"]
-    });
-    return out.split("\n").map((l) => l.trim()).filter((l) => l.startsWith("D	")).map((l) => l.slice(2).trim()).filter(Boolean);
-  } catch {
-    return [];
-  }
-}
-function ensureApproveLabel(gate, cwd) {
-  try {
-    gh2(
-      [
-        "label",
-        "create",
-        `kody-approve:${gate}`,
-        "--force",
-        "--color",
-        "0e8a16",
-        "--description",
-        `kody2: approve the ${gate} risk gate and resume the flow`
-      ],
-      { cwd }
-    );
-  } catch {
-  }
-}
-function formatAdvisory(pending, compareUrl) {
-  const lines = [];
-  lines.push("\u23F8\uFE0F **kody2 risk gate halted the flow.**");
-  lines.push("");
-  lines.push("The branch was pushed but **no PR was opened** \u2014 waiting for human approval:");
-  lines.push("");
-  for (const v of pending) {
-    lines.push(`- **\`${v.name}\`** _(${v.severity})_ \u2014 ${v.reason}`);
-  }
-  lines.push("");
-  if (compareUrl) {
-    lines.push(`\u{1F4CE} Review the branch diff: ${compareUrl}`);
-    lines.push("");
-  }
-  lines.push("**To approve and resume**, post a comment:");
-  lines.push("");
-  lines.push("> `@kody2 approve`");
-  lines.push("");
-  lines.push(
-    "kody2 will acknowledge all currently-pending gates (soft **and** hard), open the PR, and continue the flow from this checkpoint. No re-running the agent."
-  );
-  return lines.join("\n");
-}
-function computeCompareUrl(ctx) {
-  const branch = ctx.data.branch;
-  if (!branch) return null;
-  const owner = ctx.config.github?.owner;
-  const repo = ctx.config.github?.repo;
-  if (!owner || !repo) return null;
-  const base = ctx.config.git.defaultBranch;
-  return `https://github.com/${owner}/${repo}/compare/${base}...${branch}`;
-}
-
 // src/scripts/runFlow.ts
 var runFlow = async (ctx) => {
   const issueNumber = ctx.args.issue;
@@ -5008,8 +4588,8 @@ var skipAgent = async (ctx) => {
 };
 
 // src/scripts/startFlow.ts
-import { execFileSync as execFileSync19 } from "child_process";
-var API_TIMEOUT_MS8 = 3e4;
+import { execFileSync as execFileSync17 } from "child_process";
+var API_TIMEOUT_MS7 = 3e4;
 var startFlow = async (ctx, profile, _agentResult, args) => {
   const entry = args?.entry;
   if (!entry) {
@@ -5042,8 +4622,8 @@ function postKody2Comment(target, issueNumber, state, next, cwd) {
   const sub = target === "pr" && state?.core.prUrl ? "pr" : "issue";
   const body = `@kody2 ${next}`;
   try {
-    execFileSync19("gh", [sub, "comment", String(targetNumber), "--body", body], {
-      timeout: API_TIMEOUT_MS8,
+    execFileSync17("gh", [sub, "comment", String(targetNumber), "--body", body], {
+      timeout: API_TIMEOUT_MS7,
       cwd,
       stdio: ["ignore", "pipe", "pipe"]
     });
@@ -5062,7 +4642,7 @@ function parsePr2(url) {
 }
 
 // src/scripts/syncFlow.ts
-import { execFileSync as execFileSync20 } from "child_process";
+import { execFileSync as execFileSync18 } from "child_process";
 var syncFlow = async (ctx) => {
   ctx.skipAgent = true;
   const prNumber = ctx.args.pr;
@@ -5121,7 +4701,7 @@ function bail2(ctx, prNumber, reason) {
 }
 function revParseHead(cwd) {
   try {
-    return execFileSync20("git", ["rev-parse", "HEAD"], { cwd, encoding: "utf-8", stdio: ["ignore", "pipe", "pipe"] }).toString().trim();
+    return execFileSync18("git", ["rev-parse", "HEAD"], { cwd, encoding: "utf-8", stdio: ["ignore", "pipe", "pipe"] }).toString().trim();
   } catch {
     return "";
   }
@@ -5129,9 +4709,9 @@ function revParseHead(cwd) {
 function pushBranch(branch, cwd) {
   const env = { ...process.env, HUSKY: "0", SKIP_HOOKS: "1" };
   try {
-    execFileSync20("git", ["push", "-u", "origin", branch], { cwd, env, stdio: ["ignore", "pipe", "pipe"] });
+    execFileSync18("git", ["push", "-u", "origin", branch], { cwd, env, stdio: ["ignore", "pipe", "pipe"] });
   } catch {
-    execFileSync20("git", ["push", "--force-with-lease", "-u", "origin", branch], {
+    execFileSync18("git", ["push", "--force-with-lease", "-u", "origin", branch], {
       cwd,
       env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -5373,9 +4953,7 @@ var postflightScripts = {
   finishFlow,
   advanceFlow,
   persistFlowState,
-  postClassification,
-  riskGate,
-  applyApprovals
+  postClassification
 };
 var allScriptNames = /* @__PURE__ */ new Set([
   ...Object.keys(preflightScripts),
@@ -5383,7 +4961,7 @@ var allScriptNames = /* @__PURE__ */ new Set([
 ]);
 
 // src/tools.ts
-import { execFileSync as execFileSync21 } from "child_process";
+import { execFileSync as execFileSync19 } from "child_process";
 function verifyCliTools(tools, cwd) {
   const out = [];
   for (const t of tools) out.push(verifyOne(t, cwd));
@@ -5416,7 +4994,7 @@ function verifyOne(tool, cwd) {
 }
 function runShell2(cmd, cwd, timeoutMs = 3e4) {
   try {
-    execFileSync21("sh", ["-c", cmd], { cwd, stdio: "pipe", timeout: timeoutMs });
+    execFileSync19("sh", ["-c", cmd], { cwd, stdio: "pipe", timeout: timeoutMs });
     return true;
   } catch {
     return false;
@@ -5746,7 +5324,7 @@ function detectPackageManager2(cwd) {
 }
 function shellOut(cmd, args, cwd, stream = true) {
   try {
-    execFileSync22(cmd, args, {
+    execFileSync20(cmd, args, {
       cwd,
       stdio: stream ? "inherit" : "pipe",
       env: { ...process.env, HUSKY: "0", SKIP_HOOKS: "1", CI: process.env.CI ?? "1" }
@@ -5759,7 +5337,7 @@ function shellOut(cmd, args, cwd, stream = true) {
 }
 function isOnPath(bin) {
   try {
-    execFileSync22("which", [bin], { stdio: "pipe" });
+    execFileSync20("which", [bin], { stdio: "pipe" });
     return true;
   } catch {
     return false;
@@ -5793,7 +5371,7 @@ function installLitellmIfNeeded(cwd) {
   } catch {
   }
   try {
-    execFileSync22("python3", ["-c", "import litellm"], { stdio: "pipe" });
+    execFileSync20("python3", ["-c", "import litellm"], { stdio: "pipe" });
     process.stdout.write("\u2192 kody2: litellm already installed\n");
     return 0;
   } catch {
@@ -5803,16 +5381,16 @@ function installLitellmIfNeeded(cwd) {
 }
 function configureGitIdentity(cwd) {
   try {
-    const name = execFileSync22("git", ["config", "user.name"], { cwd, stdio: "pipe", encoding: "utf-8" }).trim();
+    const name = execFileSync20("git", ["config", "user.name"], { cwd, stdio: "pipe", encoding: "utf-8" }).trim();
     if (name) return;
   } catch {
   }
   try {
-    execFileSync22("git", ["config", "user.name", "github-actions[bot]"], { cwd, stdio: "pipe" });
+    execFileSync20("git", ["config", "user.name", "github-actions[bot]"], { cwd, stdio: "pipe" });
   } catch {
   }
   try {
-    execFileSync22("git", ["config", "user.email", "41898282+github-actions[bot]@users.noreply.github.com"], {
+    execFileSync20("git", ["config", "user.email", "41898282+github-actions[bot]@users.noreply.github.com"], {
       cwd,
       stdio: "pipe"
     });
@@ -5989,9 +5567,9 @@ function commitChatFiles(cwd, sessionId, verbose) {
   if (paths.length === 0) return;
   const opts = { cwd, stdio: verbose ? "inherit" : "pipe" };
   try {
-    execFileSync23("git", ["add", ...paths], opts);
-    execFileSync23("git", ["commit", "--quiet", "-m", `chat: reply for ${sessionId}`], opts);
-    execFileSync23("git", ["push", "--quiet", "origin", "HEAD"], opts);
+    execFileSync21("git", ["add", ...paths], opts);
+    execFileSync21("git", ["commit", "--quiet", "-m", `chat: reply for ${sessionId}`], opts);
+    execFileSync21("git", ["push", "--quiet", "origin", "HEAD"], opts);
   } catch (err) {
     const msg = err instanceof Error ? err.message : String(err);
     process.stderr.write(`[kody2:chat] commit/push skipped: ${msg}