@kody-ade/kody-engine 0.4.116 → 0.4.118

package/dist/bin/kody.js

@@ -880,7 +880,7 @@ var init_loadPriorArt = __esm({
 // package.json
 var package_default = {
   name: "@kody-ade/kody-engine",
-  version: "0.4.116",
+  version: "0.4.118",
   description: "kody \u2014 autonomous development engine. Single-session Claude Code agent behind a generic executor + declarative executable profiles.",
   license: "MIT",
   type: "module",
@@ -1227,9 +1227,43 @@ function loadConfig(projectDir = process.cwd()) {
     classify: parseClassifyConfig(raw.classify),
     release: parseReleaseConfig(raw.release),
     jobs: parseJobsConfig(raw.jobs),
+    access: parseAccessConfig(raw.access),
     qa: parseQaConfig(raw.qa)
   };
 }
+var GITHUB_AUTHOR_ASSOCIATIONS = [
+  "OWNER",
+  "MEMBER",
+  "COLLABORATOR",
+  "CONTRIBUTOR",
+  "FIRST_TIME_CONTRIBUTOR",
+  "FIRST_TIMER",
+  "MANNEQUIN",
+  "NONE"
+];
+function parseAccessConfig(raw) {
+  if (!raw || typeof raw !== "object") return void 0;
+  const r = raw;
+  if (r.allowedAssociations === void 0) return void 0;
+  if (!Array.isArray(r.allowedAssociations)) {
+    throw new Error(`kody.config.json: access.allowedAssociations must be an array of strings`);
+  }
+  const valid = new Set(GITHUB_AUTHOR_ASSOCIATIONS);
+  const out = [];
+  for (const v of r.allowedAssociations) {
+    if (typeof v !== "string") {
+      throw new Error(`kody.config.json: access.allowedAssociations entries must be strings`);
+    }
+    const up = v.trim().toUpperCase();
+    if (!valid.has(up)) {
+      throw new Error(
+        `kody.config.json: access.allowedAssociations contains "${v}" \u2014 must be one of ${GITHUB_AUTHOR_ASSOCIATIONS.join(", ")}`
+      );
+    }
+    out.push(up);
+  }
+  return out.length > 0 ? { allowedAssociations: out } : void 0;
+}
 function parseQaConfig(raw) {
   if (!raw || typeof raw !== "object") return void 0;
   const r = raw;
@@ -2496,6 +2530,7 @@ function autoDispatch(opts) {
   const authorType = String(event.comment?.user?.type ?? "");
   if (!rawBody.toLowerCase().includes("@kody")) return null;
   if (authorLogin === "kody-bot" || authorType === "Bot") return null;
+  if (!associationAllowed(event, opts?.config)) return null;
   const body = rawBody.toLowerCase();
   const targetNum = Number(event.issue?.number ?? 0);
   const isPr = !!event.issue?.pull_request;
@@ -2571,6 +2606,10 @@ function autoDispatchTyped(opts) {
   if (authorLogin === "kody-bot" || authorType === "Bot") {
     return { kind: "silent", reason: `bot-authored comment (${authorLogin || authorType})` };
   }
+  if (!associationAllowed(event, opts?.config)) {
+    const assoc = String(event.comment?.author_association ?? "").toUpperCase() || "<none>";
+    return { kind: "silent", reason: `commenter association '${assoc}' not in access.allowedAssociations` };
+  }
   const targetNum = Number(event.issue?.number ?? 0);
   const isPr = !!event.issue?.pull_request;
   if (!targetNum) {
@@ -2622,6 +2661,12 @@ function dispatchScheduledWatches(opts) {
   }
   return out;
 }
+function associationAllowed(event, config) {
+  const allowed = config?.access?.allowedAssociations;
+  if (!allowed || allowed.length === 0) return true;
+  const assoc = String(event.comment?.author_association ?? "").toUpperCase();
+  return allowed.includes(assoc);
+}
 function extractAfterTag(body) {
   const idx = body.indexOf("@kody");
   if (idx === -1) return body;
@@ -4635,13 +4680,23 @@ function parseJob(body) {
   if (!jobId) return { error: "jobId required" };
   const repo = typeof b.repo === "string" ? b.repo.trim() : "";
   if (!/^[^/\s]+\/[^/\s]+$/.test(repo)) return { error: "repo must be 'owner/name'" };
-  const issueNumber = Number(b.issueNumber);
-  if (!Number.isInteger(issueNumber) || issueNumber <= 0) {
-    return { error: "issueNumber (positive integer) required" };
-  }
   const githubToken = typeof b.githubToken === "string" ? b.githubToken.trim() : "";
   if (!githubToken) return { error: "githubToken required" };
-  const job = { jobId, repo, issueNumber, githubToken };
+  const mode = b.mode === "interactive" ? "interactive" : "issue";
+  const job = { jobId, repo, githubToken, mode };
+  if (mode === "issue") {
+    const issueNumber = Number(b.issueNumber);
+    if (!Number.isInteger(issueNumber) || issueNumber <= 0) {
+      return { error: "issueNumber (positive integer) required for issue mode" };
+    }
+    job.issueNumber = issueNumber;
+  } else {
+    const sessionId = typeof b.sessionId === "string" ? b.sessionId.trim() : "";
+    if (!sessionId) return { error: "sessionId required for interactive mode" };
+    job.sessionId = sessionId;
+    if (Number.isFinite(Number(b.idleExitMs))) job.idleExitMs = Number(b.idleExitMs);
+    if (Number.isFinite(Number(b.hardCapMs))) job.hardCapMs = Number(b.hardCapMs);
+  }
   if (typeof b.ref === "string" && b.ref.trim()) job.ref = b.ref.trim();
   if (typeof b.model === "string" && b.model.trim()) job.model = b.model.trim();
   if (typeof b.sessionId === "string" && b.sessionId.trim()) job.sessionId = b.sessionId.trim();
@@ -4658,16 +4713,21 @@ async function defaultRunJob(job) {
   fs19.rmSync(workdir, { recursive: true, force: true });
   fs19.mkdirSync(workdir, { recursive: true });
   const allSecrets = typeof job.allSecrets === "string" ? job.allSecrets : JSON.stringify(job.allSecrets ?? {});
+  const interactive = job.mode === "interactive";
   const childEnv = {
     ...process.env,
     REPO: job.repo,
     REF: branch,
     GITHUB_TOKEN: job.githubToken,
-    ISSUE_NUMBER: String(job.issueNumber),
+    // Issue mode bakes ISSUE_NUMBER → `kody run --issue N`. Interactive mode
+    // leaves it empty and sets SESSION_ID so the engine boots a chat session.
+    ISSUE_NUMBER: interactive ? "" : String(job.issueNumber),
     ALL_SECRETS: allSecrets,
     SESSION_ID: job.sessionId ?? "",
     DASHBOARD_URL: job.dashboardUrl ?? "",
-    MODEL: job.model ?? ""
+    MODEL: job.model ?? "",
+    ...interactive && job.idleExitMs ? { KODY_IDLE_EXIT_MS: String(job.idleExitMs) } : {},
+    ...interactive && job.hardCapMs ? { KODY_HARD_CAP_MS: String(job.hardCapMs) } : {}
   };
   const run = (cmd, args, cwd) => new Promise((resolve4) => {
     const child = spawn3(cmd, args, { stdio: "inherit", env: childEnv, cwd });
@@ -4699,9 +4759,12 @@ async function defaultRunJob(job) {
   const authorEmail = process.env.GIT_AUTHOR_EMAIL ?? "kody-bot@users.noreply.github.com";
   await run("git", ["config", "user.name", authorName], workdir);
   await run("git", ["config", "user.email", authorEmail], workdir);
-  process.stdout.write(`[runner-serve] job ${job.jobId}: running issue #${job.issueNumber}
-`);
-  const runCode = await run("kody", ["run", "--issue", String(job.issueNumber)], workdir);
+  const runArgs = interactive ? [] : ["run", "--issue", String(job.issueNumber)];
+  process.stdout.write(
+    `[runner-serve] job ${job.jobId}: ${interactive ? `interactive session ${job.sessionId}` : `running issue #${job.issueNumber}`}
+`
+  );
+  const runCode = await run("kody", runArgs, workdir);
   process.stdout.write(`[runner-serve] job ${job.jobId}: finished (exit ${runCode})
 `);
   process.exit(runCode);
@@ -4785,6 +4848,7 @@ import { createServer as createServer3 } from "http";
 var FLY_API_BASE = "https://api.machines.dev/v1";
 var POOL_METADATA_KEY = "kody_pool";
 var POOL_METADATA_VALUE = "1";
+var POOL_REPO_METADATA_KEY = "kody_pool_repo";
 var FlyClient = class {
   constructor(opts) {
     this.opts = opts;
@@ -4814,7 +4878,7 @@ var FlyClient = class {
     if (!raw.trim()) return null;
     return JSON.parse(raw);
   }
-  /** Create + start a pooled machine in serve mode. */
+  /** Create + start a pooled machine in serve mode, tagged for `repoTag`. */
   async createPooled(input) {
     const body = {
       region: input.region,
@@ -4824,7 +4888,10 @@ var FlyClient = class {
         auto_destroy: true,
         restart: { policy: "no" },
         init: { entrypoint: ["/usr/local/bin/entrypoint-serve.sh"] },
-        metadata: { [POOL_METADATA_KEY]: POOL_METADATA_VALUE },
+        metadata: {
+          [POOL_METADATA_KEY]: POOL_METADATA_VALUE,
+          [POOL_REPO_METADATA_KEY]: input.repoTag
+        },
         env: {
           RUNNER_API_KEY: input.runnerApiKey,
           KODY_LITELLM_URL: input.litellmUrl,
@@ -4839,11 +4906,14 @@ var FlyClient = class {
   async get(id) {
     return this.call(`/apps/${enc(this.opts.app)}/machines/${enc(id)}`, { allow404: true });
   }
-  /** List the app's pooled (kody_pool) machines, excluding destroyed/destroying. */
-  async listPooled() {
+  /**
+   * List pooled machines for `repoTag` (kody_pool + matching repo tag),
+   * excluding destroyed/destroying. Each repo's pool sees only its own.
+   */
+  async listPooled(repoTag) {
     const all = await this.call(`/apps/${enc(this.opts.app)}/machines`, { allow404: true }) ?? [];
     return all.filter(
-      (m) => m.config?.metadata?.[POOL_METADATA_KEY] === POOL_METADATA_VALUE && m.state !== "destroyed" && m.state !== "destroying"
+      (m) => m.config?.metadata?.[POOL_METADATA_KEY] === POOL_METADATA_VALUE && m.config?.metadata?.[POOL_REPO_METADATA_KEY] === repoTag && m.state !== "destroyed" && m.state !== "destroying"
     );
   }
   /** Suspend (freeze) a machine — wakes in ~1s from the snapshot. */
@@ -4913,7 +4983,7 @@ var PoolManager = class {
    * free; anything else is left to finish/auto-destroy. Then refill to `min`.
    */
   async reconcile() {
-    const machines = await this.deps.fly.listPooled();
+    const machines = await this.deps.fly.listPooled(this.deps.config.repoTag);
     this.free = [];
     for (const m of machines) {
       if ((m.state === "suspended" || m.state === "suspending") && m.private_ip) {
@@ -4981,7 +5051,7 @@ var PoolManager = class {
   async resync() {
     let machines;
     try {
-      machines = await this.deps.fly.listPooled();
+      machines = await this.deps.fly.listPooled(this.deps.config.repoTag);
     } catch (err) {
       this.log(`resync: listPooled failed: ${errMsg2(err)}`);
       return;
@@ -5031,6 +5101,7 @@ var PoolManager = class {
       guest: cfg.guest,
       runnerApiKey: cfg.runnerApiKey,
       litellmUrl: cfg.litellmUrl,
+      repoTag: cfg.repoTag,
       port: cfg.port
     });
     if (!m.private_ip) {
@@ -5078,6 +5149,163 @@ function errMsg2(err) {
   return err instanceof Error ? err.message : String(err);
 }
 
+// src/pool/vault.ts
+import { createDecipheriv } from "crypto";
+var GITHUB_API = "https://api.github.com";
+var VAULT_PATH = ".kody/secrets.enc";
+var CACHE_TTL_MS = 6e4;
+var cache = /* @__PURE__ */ new Map();
+function decryptVault(payload, masterKey) {
+  const parts = payload.split(":");
+  if (parts.length !== 4 || parts[0] !== "v1") {
+    throw new Error("invalid vault payload format");
+  }
+  const [, ivB64, ctB64, tagB64] = parts;
+  const iv = Buffer.from(ivB64, "base64");
+  const ct = Buffer.from(ctB64, "base64");
+  const tag = Buffer.from(tagB64, "base64");
+  const decipher = createDecipheriv("aes-256-gcm", masterKey, iv);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
+}
+async function readVaultSecrets(opts) {
+  const key = `${opts.owner}/${opts.repo}`.toLowerCase();
+  const hit = cache.get(key);
+  if (hit && hit.expiresAt > Date.now()) return hit.secrets;
+  const doFetch = opts.fetchImpl ?? fetch;
+  const res = await doFetch(
+    `${GITHUB_API}/repos/${encodeURIComponent(opts.owner)}/${encodeURIComponent(opts.repo)}/contents/${VAULT_PATH}`,
+    {
+      headers: {
+        Authorization: `Bearer ${opts.githubToken}`,
+        Accept: "application/vnd.github+json",
+        "User-Agent": "kody-pool-serve"
+      }
+    }
+  );
+  if (res.status === 404) {
+    cache.set(key, { secrets: {}, expiresAt: Date.now() + CACHE_TTL_MS });
+    return {};
+  }
+  if (!res.ok) {
+    throw new Error(`vault read ${res.status} for ${key}: ${(await res.text().catch(() => "")).slice(0, 160)}`);
+  }
+  const body = await res.json();
+  if (!body.content) {
+    cache.set(key, { secrets: {}, expiresAt: Date.now() + CACHE_TTL_MS });
+    return {};
+  }
+  const ciphertext = Buffer.from(body.content, body.encoding ?? "base64").toString("utf8").trim();
+  const doc = JSON.parse(decryptVault(ciphertext, opts.masterKey));
+  const flat = {};
+  for (const [name, entry] of Object.entries(doc.secrets ?? {})) {
+    if (entry && typeof entry.value === "string") flat[name] = entry.value;
+  }
+  cache.set(key, { secrets: flat, expiresAt: Date.now() + CACHE_TTL_MS });
+  return flat;
+}
+async function readRepoSecret(opts) {
+  const secrets = await readVaultSecrets(opts);
+  const v = secrets[opts.name];
+  return v && v.trim() ? v : null;
+}
+async function readRepoSecrets(opts) {
+  return readVaultSecrets(opts);
+}
+
+// src/pool/registry.ts
+var PoolRegistry = class {
+  constructor(cfg) {
+    this.cfg = cfg;
+    this.log = cfg.log ?? (() => {
+    });
+    this.resolveFlyToken = cfg.resolveFlyToken ?? ((owner, repo) => readRepoSecret({
+      githubToken: cfg.githubToken,
+      masterKey: cfg.masterKey,
+      owner,
+      repo,
+      name: "FLY_API_TOKEN"
+    }));
+  }
+  cfg;
+  pools = /* @__PURE__ */ new Map();
+  resolveFlyToken;
+  log;
+  key(owner, repo) {
+    return `${owner}/${repo}`.toLowerCase();
+  }
+  /** Get-or-create the pool for a repo, or null if the repo has no Fly token. */
+  async getPool(owner, repo) {
+    const repoTag = this.key(owner, repo);
+    const existing = this.pools.get(repoTag);
+    if (existing) return existing;
+    let flyToken;
+    try {
+      flyToken = await this.resolveFlyToken(owner, repo);
+    } catch (err) {
+      this.log(`registry: vault read failed for ${repoTag}: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+    if (!flyToken) {
+      this.log(`registry: ${repoTag} has no FLY_API_TOKEN \u2014 no pool`);
+      return null;
+    }
+    const fly = new FlyClient({ token: flyToken, app: this.cfg.base.app });
+    const pm = new PoolManager({
+      fly,
+      config: { ...this.cfg.base, repoTag },
+      log: (m) => this.log(`[${repoTag}] ${m}`)
+    });
+    this.pools.set(repoTag, pm);
+    void pm.reconcile().catch((err) => this.log(`[${repoTag}] reconcile: ${err instanceof Error ? err.message : String(err)}`));
+    return pm;
+  }
+  async claim(owner, repo, req) {
+    const pm = await this.getPool(owner, repo);
+    if (!pm) return { ok: false, reason: "repo has no FLY_API_TOKEN (no pool)" };
+    let allSecrets = {};
+    try {
+      const vault = await readRepoSecrets({
+        githubToken: this.cfg.githubToken,
+        masterKey: this.cfg.masterKey,
+        owner,
+        repo
+      });
+      allSecrets = Object.fromEntries(Object.entries(vault).filter(([k]) => k !== "FLY_API_TOKEN"));
+    } catch (err) {
+      this.log(`[${this.key(owner, repo)}] vault secrets read failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const job = {
+      jobId: req.jobId,
+      repo: `${owner}/${repo}`,
+      githubToken: this.cfg.githubToken,
+      mode: req.mode ?? "issue",
+      issueNumber: req.issueNumber,
+      sessionId: req.sessionId,
+      idleExitMs: req.idleExitMs,
+      hardCapMs: req.hardCapMs,
+      ref: req.ref,
+      allSecrets,
+      model: req.model,
+      dashboardUrl: req.dashboardUrl
+    };
+    return pm.claim(job);
+  }
+  /** Status for a single repo's pool, or null if none exists yet. */
+  status(owner, repo) {
+    return this.pools.get(this.key(owner, repo))?.status() ?? null;
+  }
+  /** Resync every active repo pool (periodic self-heal). */
+  async resyncAll() {
+    for (const [repoTag, pm] of this.pools) {
+      await pm.resync().catch((err) => this.log(`[${repoTag}] resync: ${err instanceof Error ? err.message : String(err)}`));
+    }
+  }
+  activeRepos() {
+    return [...this.pools.keys()];
+  }
+};
+
 // src/pool/keys.ts
 import { hkdfSync } from "crypto";
 var POOL_API_KEY_INFO = "kody-pool-api:v1";
@@ -5149,24 +5377,31 @@ function readJsonBody3(req) {
     req.on("error", reject);
   });
 }
-function parsePoolJob(body) {
+function parseClaimRequest(body) {
   if (typeof body !== "object" || body === null) return { error: "body must be an object" };
   const b = body;
   const jobId = typeof b.jobId === "string" ? b.jobId.trim() : "";
   if (!jobId) return { error: "jobId required" };
   const repo = typeof b.repo === "string" ? b.repo.trim() : "";
   if (!/^[^/\s]+\/[^/\s]+$/.test(repo)) return { error: "repo must be 'owner/name'" };
-  const issueNumber = Number(b.issueNumber);
-  if (!Number.isInteger(issueNumber) || issueNumber <= 0) return { error: "issueNumber required" };
-  const githubToken = typeof b.githubToken === "string" ? b.githubToken.trim() : "";
-  if (!githubToken) return { error: "githubToken required" };
-  const job = { jobId, repo, issueNumber, githubToken };
-  if (typeof b.ref === "string" && b.ref.trim()) job.ref = b.ref.trim();
-  if (typeof b.model === "string" && b.model.trim()) job.model = b.model.trim();
-  if (typeof b.sessionId === "string" && b.sessionId.trim()) job.sessionId = b.sessionId.trim();
-  if (typeof b.dashboardUrl === "string" && b.dashboardUrl.trim()) job.dashboardUrl = b.dashboardUrl.trim();
-  if (b.allSecrets && typeof b.allSecrets === "object") job.allSecrets = b.allSecrets;
-  return { job };
+  const mode = b.mode === "interactive" ? "interactive" : "issue";
+  const req = { jobId, repo, mode };
+  if (mode === "issue") {
+    const issueNumber = Number(b.issueNumber);
+    if (!Number.isInteger(issueNumber) || issueNumber <= 0) return { error: "issueNumber required for issue mode" };
+    req.issueNumber = issueNumber;
+  } else {
+    const sessionId = typeof b.sessionId === "string" ? b.sessionId.trim() : "";
+    if (!sessionId) return { error: "sessionId required for interactive mode" };
+    req.sessionId = sessionId;
+    if (Number.isFinite(Number(b.idleExitMs))) req.idleExitMs = Number(b.idleExitMs);
+    if (Number.isFinite(Number(b.hardCapMs))) req.hardCapMs = Number(b.hardCapMs);
+  }
+  if (typeof b.ref === "string" && b.ref.trim()) req.ref = b.ref.trim();
+  if (typeof b.model === "string" && b.model.trim()) req.model = b.model.trim();
+  if (typeof b.sessionId === "string" && b.sessionId.trim()) req.sessionId = b.sessionId.trim();
+  if (typeof b.dashboardUrl === "string" && b.dashboardUrl.trim()) req.dashboardUrl = b.dashboardUrl.trim();
+  return { req };
 }
 function superviseLitellm() {
   if (process.env.POOL_DISABLE_LITELLM === "1") return null;
@@ -5198,8 +5433,8 @@ var poolServe = async (ctx) => {
   ctx.skipAgent = true;
   const masterRaw = process.env.KODY_MASTER_KEY?.trim();
   if (!masterRaw) throw new Error("KODY_MASTER_KEY required for pool-serve");
-  const flyToken = process.env.FLY_API_TOKEN?.trim();
-  if (!flyToken) throw new Error("FLY_API_TOKEN required for pool-serve");
+  const githubToken = process.env.GITHUB_TOKEN?.trim();
+  if (!githubToken) throw new Error("GITHUB_TOKEN required for pool-serve (reads per-repo vaults)");
   const master = masterKeyBytes(masterRaw);
   const poolApiKey = derivePoolApiKey(master);
   const runnerApiKey = deriveRunnerApiKey(master);
@@ -5213,23 +5448,36 @@ var poolServe = async (ctx) => {
   const apiPort = envInt("POOL_API_PORT", 4100);
   const healthTimeoutMs = envInt("POOL_HEALTH_TIMEOUT_MS", 12e4);
   const litellm = superviseLitellm();
-  const fly = new FlyClient({ token: flyToken, app });
-  const manager = new PoolManager({
-    fly,
-    config: { min, image: process.env.FLY_RUNNER_IMAGE ?? "registry.fly.io/kody-runner:latest", region, guest, runnerApiKey, litellmUrl, port: runnerPort, healthTimeoutMs },
+  const registry = new PoolRegistry({
+    githubToken,
+    masterKey: master,
+    base: {
+      min,
+      image: process.env.FLY_RUNNER_IMAGE ?? "registry.fly.io/kody-runner:latest",
+      region,
+      guest,
+      runnerApiKey,
+      litellmUrl,
+      port: runnerPort,
+      healthTimeoutMs,
+      app
+    },
     log
   });
-  manager.reconcile().catch((err) => log(`reconcile failed: ${err instanceof Error ? err.message : String(err)}`));
   const refillMs = envInt("POOL_REFILL_INTERVAL_MS", 6e4);
   const tick = setInterval(() => {
-    manager.resync().catch((err) => log(`resync tick failed: ${err instanceof Error ? err.message : String(err)}`));
+    registry.resyncAll().catch((err) => log(`resync tick failed: ${err instanceof Error ? err.message : String(err)}`));
   }, refillMs);
   const server = createServer3(async (req, res) => {
     try {
       if (!req.method || !req.url) return sendJson3(res, 400, { error: "bad request" });
       const url = new URL(req.url, "http://localhost");
       if (req.method === "GET" && url.pathname === "/healthz") {
-        return sendJson3(res, 200, { ok: true, litellm: litellm ? "supervised" : "off", pool: manager.status() });
+        return sendJson3(res, 200, {
+          ok: true,
+          litellm: litellm ? "supervised" : "off",
+          repos: registry.activeRepos()
+        });
       }
       const authed = bearerOk(
         req.headers["authorization"],
@@ -5238,7 +5486,10 @@ var poolServe = async (ctx) => {
       );
       if (!authed) return sendJson3(res, 401, { error: "unauthorized" });
       if (req.method === "GET" && url.pathname === "/pool/status") {
-        return sendJson3(res, 200, manager.status());
+        const repoParam = (url.searchParams.get("repo") ?? "").trim();
+        const [owner, repo] = repoParam.split("/");
+        if (!owner || !repo) return sendJson3(res, 400, { error: "repo query (owner/name) required" });
+        return sendJson3(res, 200, { status: registry.status(owner, repo) });
       }
       if (req.method === "POST" && url.pathname === "/pool/claim") {
         let body;
@@ -5247,9 +5498,10 @@ var poolServe = async (ctx) => {
         } catch {
           return sendJson3(res, 400, { error: "invalid JSON body" });
         }
-        const parsed = parsePoolJob(body);
+        const parsed = parseClaimRequest(body);
         if ("error" in parsed) return sendJson3(res, 400, { error: parsed.error });
-        const result = await manager.claim(parsed.job);
+        const [owner, repo] = parsed.req.repo.split("/");
+        const result = await registry.claim(owner, repo, parsed.req);
         if (result.ok) return sendJson3(res, 200, { ok: true, machineId: result.machineId });
         return sendJson3(res, 503, { ok: false, reason: result.reason ?? "pool unavailable" });
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kody-ade/kody-engine",
-  "version": "0.4.116",
+  "version": "0.4.118",
   "description": "kody — autonomous development engine. Single-session Claude Code agent behind a generic executor + declarative executable profiles.",
   "license": "MIT",
   "type": "module",