@link-assistant/hive-mind 1.22.4 → 1.22.5

package/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @link-assistant/hive-mind
 
+## 1.22.5
+
+### Patch Changes
+
+- fdd8eaa: Fix auto-merge failure in fork mode with permission pre-check (Issue #1226)
+  - Add fork-mode guard in `startAutoRestartUntilMergable()` to detect when `--auto-merge` cannot work
+  - Add `checkMergePermissions()` function to verify write/push/admin/maintain access before merge attempts
+  - Add permission pre-check in `attemptAutoMerge()` to fail fast when user lacks write access
+  - Post "Ready to merge" comment to PR when auto-merge cannot be performed due to permissions
+  - Prevent silent failures and infinite restart loops in fork mode scenarios
+
 ## 1.22.4
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.22.4",
+  "version": "1.22.5",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/github-merge.lib.mjs

@@ -433,6 +433,37 @@ export async function checkPRMergeable(owner, repo, prNumber, verbose = false) {
   }
 }
 
+/**
+ * Check if the authenticated user has write/merge permissions on the repository
+ * @param {string} owner - Repository owner
+ * @param {string} repo - Repository name
+ * @param {boolean} verbose - Whether to log verbose output
+ * @returns {Promise<{canMerge: boolean, permission: string|null}>}
+ */
+export async function checkMergePermissions(owner, repo, verbose = false) {
+  try {
+    const { stdout } = await exec(`gh api repos/${owner}/${repo} --jq '.permissions'`);
+    const permissions = JSON.parse(stdout.trim());
+
+    const canMerge = permissions.admin === true || permissions.maintain === true || permissions.push === true;
+
+    if (verbose) {
+      console.log(`[VERBOSE] /merge: Merge permissions for ${owner}/${repo}: push=${permissions.push}, admin=${permissions.admin}, maintain=${permissions.maintain}`);
+      console.log(`[VERBOSE] /merge: Can merge: ${canMerge}`);
+    }
+
+    return {
+      canMerge,
+      permission: permissions.admin ? 'admin' : permissions.maintain ? 'maintain' : permissions.push ? 'push' : 'read',
+    };
+  } catch (error) {
+    if (verbose) {
+      console.log(`[VERBOSE] /merge: Error checking merge permissions: ${error.message}`);
+    }
+    return { canMerge: false, permission: null };
+  }
+}
+
 /**
  * Merge a pull request
  * @param {string} owner - Repository owner
@@ -600,6 +631,7 @@ export default {
   getAllReadyPRs,
   checkPRCIStatus,
   checkPRMergeable,
+  checkMergePermissions,
   mergePullRequest,
   waitForCI,
   parseRepositoryUrl,

package/src/solve.auto-merge.lib.mjs

@@ -33,7 +33,7 @@ const { reportError } = sentryLib;
 
 // Import GitHub merge functions
 const githubMergeLib = await import('./github-merge.lib.mjs');
-const { checkPRCIStatus, checkPRMergeable, mergePullRequest, waitForCI } = githubMergeLib;
+const { checkPRCIStatus, checkPRMergeable, checkMergePermissions, mergePullRequest, waitForCI } = githubMergeLib;
 
 // Import GitHub functions for log attachment
 const githubLib = await import('./github.lib.mjs');
@@ -506,6 +506,13 @@ export const attemptAutoMerge = async params => {
   await log('');
   await log(formatAligned('🔀', 'AUTO-MERGE:', 'Checking if PR can be merged...'));
 
+  // Issue #1226: Check merge permissions before attempting
+  const { canMerge, permission } = await checkMergePermissions(owner, repo, argv.verbose);
+  if (!canMerge) {
+    await log(formatAligned('⚠️', 'Cannot merge:', `Insufficient permissions (${permission || 'unknown'})`, 2));
+    return { success: false, reason: 'insufficient_permissions', error: `User has ${permission || 'unknown'} access, needs push/maintain/admin` };
+  }
+
   // Wait for CI to complete (with timeout)
   const ciWaitResult = await waitForCI(
     owner,
@@ -564,7 +571,7 @@ export const attemptAutoMerge = async params => {
  * Start auto-restart-until-mergable mode
  */
 export const startAutoRestartUntilMergable = async params => {
-  const { argv } = params;
+  const { argv, owner, repo, prNumber } = params;
 
   // Determine the mode
   const isAutoMerge = argv.autoMerge || false;
@@ -574,13 +581,57 @@ export const startAutoRestartUntilMergable = async params => {
     return null; // Neither mode enabled
   }
 
-  if (!params.prNumber) {
+  if (!prNumber) {
     await log('');
     await log(formatAligned('⚠️', 'Auto-restart-until-mergable:', 'Requires a pull request'));
     await log(formatAligned('', 'Note:', 'This mode only works with existing PRs', 2));
     return null;
   }
 
+  // Issue #1226: Check if running in fork mode — auto-merge cannot work without write access
+  if (argv.fork && isAutoMerge) {
+    await log('');
+    await log(formatAligned('⚠️', 'Auto-merge:', 'Cannot auto-merge fork PRs'));
+    await log(formatAligned('', 'Reason:', 'Fork contributors do not have write access to merge PRs to upstream repositories', 2));
+    await log(formatAligned('', 'Action:', 'PR is ready for manual merge by a repository maintainer', 2));
+    await log('');
+
+    // Post a comment to the PR notifying the maintainer
+    try {
+      const commentBody = `## ✅ Ready to merge\n\nThis pull request is ready to be merged. Auto-merge was requested (\`--auto-merge\`) but cannot be performed because this PR was created from a fork (no write access to the target repository).\n\nPlease merge manually.\n\n---\n*hive-mind with --auto-merge flag (fork mode)*`;
+      await $`gh pr comment ${prNumber} --repo ${owner}/${repo} --body ${commentBody}`;
+      await log(formatAligned('', '💬 Posted merge readiness notification to PR', '', 2));
+    } catch {
+      // Don't fail if comment posting fails
+    }
+
+    return { success: false, reason: 'fork_no_write_access' };
+  }
+
+  // Issue #1226: Verify merge permissions before entering the auto-merge/restart loop
+  if (isAutoMerge && owner && repo) {
+    const { canMerge, permission } = await checkMergePermissions(owner, repo, argv.verbose);
+    if (!canMerge) {
+      await log('');
+      await log(formatAligned('⚠️', 'Auto-merge:', 'Insufficient permissions to merge'));
+      await log(formatAligned('', 'Permission level:', permission || 'unknown', 2));
+      await log(formatAligned('', 'Required:', 'push, maintain, or admin access', 2));
+      await log(formatAligned('', 'Action:', 'PR is ready for manual merge by a repository maintainer', 2));
+      await log('');
+
+      // Post a comment to the PR notifying the maintainer
+      try {
+        const commentBody = `## ✅ Ready to merge\n\nThis pull request is ready to be merged. Auto-merge was requested (\`--auto-merge\`) but cannot be performed because the authenticated user lacks write access to \`${owner}/${repo}\` (current permission: \`${permission || 'unknown'}\`).\n\nPlease merge manually.\n\n---\n*hive-mind with --auto-merge flag*`;
+        await $`gh pr comment ${prNumber} --repo ${owner}/${repo} --body ${commentBody}`;
+        await log(formatAligned('', '💬 Posted merge readiness notification to PR', '', 2));
+      } catch {
+        // Don't fail if comment posting fails
+      }
+
+      return { success: false, reason: 'insufficient_permissions' };
+    }
+  }
+
   // If --auto-merge implies --auto-restart-until-mergable
   if (isAutoMerge) {
     argv.autoRestartUntilMergable = true;