@link-assistant/hive-mind 1.59.2 → 1.59.4

package/CHANGELOG.md

@@ -1,5 +1,136 @@
 # @link-assistant/hive-mind
 
+## 1.59.4
+
+### Patch Changes
+
+- b2e0d12: Fix `/terminal_watch` uploading the full session log file when the watch
+  completes — addresses issue
+  [#1720](https://github.com/link-assistant/hive-mind/issues/1720).
+
+  Before this fix, `/terminal_watch` finished by calling
+  `bot.telegram.sendDocument(chatId, ...)` to attach the `<uuid>.log` file. That
+  had two unwanted effects:
+  - It duplicated work that the dedicated `/log` command already does.
+  - The bare `bot.telegram.sendDocument(chatId, ...)` call did not carry
+    `message_thread_id`, so in forum-enabled supergroups the document landed in
+    the **General** topic instead of the topic where `/terminal_watch` was
+    invoked, and it was not threaded as a reply.
+
+  `/terminal_watch` now only updates the live "✅ Terminal watch complete"
+  message at the end of the session. To download the log, use
+  `/log <uuid>` — it correctly replies in the originating topic via
+  `ctx.replyWithDocument`, which Telegraf annotates with `message_thread_id`
+  automatically.
+
+  A new regression test (`tests/test-issue-1720-terminal-watch-no-log.mjs`)
+  guards both behaviours, and `tests/test-issue-467-terminal-watch.mjs` was
+  updated to assert that no document is uploaded by the watcher.
+
+- 5c87a38: Fix `hive` to (a) stop forwarding `false` for solve options whose `type` is
+  `'string'` but whose `default` is `false`, and (b) exit non-zero when any
+  worker fails — issue #1718.
+
+  Previously, when a user ran `/hive` against several issues, every spawned
+  `solve` worker crashed with:
+
+  ```
+  Invalid --working-session-live-progress value: "false". Expected "comment" or "pr".
+  ```
+
+  …and `hive` itself still exited with code `0`, so the Telegram bot rendered a
+  green "Work session finished successfully" envelope even though zero PRs had
+  been created.
+
+  Two independent root causes:
+  1. **Auto-forwarder leaked `false` as a string.** In
+     [`src/hive.mjs`](./src/hive.mjs), the auto-forward block read:
+
+     ```js
+     } else if ((def.type === 'string' || def.type === 'number') && value !== undefined) {
+       args.push(`--${optionName}`, String(value));
+     }
+     ```
+
+     For `working-session-live-progress`, `solve.config.lib.mjs` declares
+     `type: 'string', default: false`. yargs preserves the boolean `false`
+     verbatim, so hive forwarded `--working-session-live-progress false`,
+     which `solve` rejects. The fix adds `&& value !== false` to the
+     predicate. Other `type:'string'` options whose `default` is `false`
+     are now also protected by a single defense-in-depth check.
+
+  2. **No non-zero exit on worker failures.** After `monitorWithSentry()`
+     resolved, hive returned without consulting `issueQueue.getStats()`. The
+     fix queries `finalStats = issueQueue.getStats()` and calls
+     `safeExit(1, …)` when `finalStats.failed > 0`, mirroring the exit
+     semantics solve already uses. Wrappers like `start-command`, the Telegram
+     bot, and CI now correctly observe the failure.
+
+  `--isolation screen` (R3 of the issue) was already wired through correctly;
+  no change required there. The verbose forwarder dump
+  (`📋 Command: ${solveCommand} ${args.join(' ')}`) — which is what allowed us
+  to diagnose this run in the first place — is preserved.
+
+  Tests: [`tests/test-issue-1718-hive-passthrough-false.mjs`](./tests/test-issue-1718-hive-passthrough-false.mjs)
+  locks the option shape, asserts both fixes are present in `src/hive.mjs`,
+  replays the forwarder logic on synthetic argv, and adds a defense-in-depth
+  sweep that no `type:'string'` / `default:false` option ever produces
+  `--<flag> false`.
+
+  Documentation: [`docs/case-studies/issue-1718/`](./docs/case-studies/issue-1718/README.md)
+  contains the timeline reconstructed from the user's `screen` log, the
+  distilled facts, the per-symptom root-cause analysis, the solution plan, and
+  notes confirming no upstream report (yargs / start-command) is required.
+
+## 1.59.3
+
+### Patch Changes
+
+- b0bffdc: Fix `solve` to skip fork mode when the upstream repository is private and the
+  user has direct write access — even when the existing PR was created from a
+  fork (issue #1716).
+
+  Previously, when a PR was originally created from a fork (e.g. the upstream
+  repo was public and the user without write access used `--auto-fork`), but
+  the upstream is now private and the user has direct write access, `solve`
+  still tried to clone the fork. If the fork had been renamed, deleted, or was
+  otherwise inaccessible (which is common after a public→private flip), repo
+  setup failed with `Fork not accessible`.
+
+  The auto-fork path already handled this correctly (logging
+  _"Auto-fork: Write access detected to private repository, working directly on
+  repository"_ and leaving `forkOwner = null`). The bug was that **continue
+  mode** — both the auto-continue path and the direct PR-URL path — re-set
+  `forkOwner` from the existing PR's head repository unconditionally,
+  overriding the auto-fork bypass.
+
+  Fix: in [`src/solve.mjs`](./src/solve.mjs):
+  - Hoist `detectRepositoryVisibility(owner, repo)` out of the
+    `if (argv.autoCleanup === undefined)` block so `isRepoPublic` is
+    unconditionally available.
+  - Compute one bypass flag,
+    `skipForkForPrivateUpstream = !isRepoPublic && !argv.fork && hasWriteAccess`.
+  - Gate both fork-from-PR-data branches behind it. When set, log
+    _"Issue #1716: Working directly on the private upstream repository"_ and
+    leave `forkOwner = null` so the regular non-fork code path runs.
+  - Gate the maintainer-modify auto-toggle on `forkOwner` being non-null so it
+    doesn't fire when the bypass triggered.
+
+  Explicit `--fork` still wins (the bypass requires `!argv.fork`), and users
+  with no write access on a private repo still hit the existing auto-fork
+  private-repo guard (the bypass requires `hasWriteAccess`).
+
+  Tests: [`tests/test-issue-1716-private-repo-skip-fork.mjs`](./tests/test-issue-1716-private-repo-skip-fork.mjs)
+  locks the flag declaration, the exact condition formula, both
+  fork-detection paths, and four scenario simulations
+  (private+writeAccess → bypass; public → no bypass; explicit `--fork` → no
+  bypass; no writeAccess → no bypass).
+
+  Documentation: [`docs/case-studies/issue-1716/`](./docs/case-studies/issue-1716/README.md)
+  contains the timeline reconstructed from the user's failure log, the
+  distilled facts, the per-symptom root-cause analysis, and the implementation
+  plan.
+
 ## 1.59.2
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.59.2",
+  "version": "1.59.4",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/hive.mjs

@@ -798,8 +798,8 @@ if (isRunningDirectly) {
                 for (const entry of value) {
                   args.push(`--${optionName}`, String(entry));
                 }
-              } else if ((def.type === 'string' || def.type === 'number') && value !== undefined) {
-                args.push(`--${optionName}`, String(value));
+              } else if ((def.type === 'string' || def.type === 'number') && value !== undefined && value !== false) {
+                args.push(`--${optionName}`, String(value)); // Issue #1718: skip false (some string options have default:false)
               }
             }
             // Log the actual command being executed so users can investigate/reproduce
@@ -1483,6 +1483,9 @@ if (isRunningDirectly) {
       await log(`   📁 Full log file: ${absoluteLogPath}`, { level: 'error' });
       await safeExit(1, 'Error occurred');
     }
+
+    const finalStats = issueQueue.getStats(); // Issue #1718: surface worker failures via exit code
+    if (finalStats.failed > 0) await safeExit(1, `${finalStats.failed} task(s) failed (completed: ${finalStats.completed})`);
   } catch (fatalError) {
     // Handle fatal errors during initialization or execution
     console.error('\n❌ Fatal error occurred during hive initialization or execution');

package/src/solve.fork-detection.lib.mjs

@@ -0,0 +1,126 @@
+#!/usr/bin/env node
+
+/**
+ * Fork-detection helpers for solve.mjs
+ *
+ * Extracted from solve.mjs to keep the file under the 1500-line CI limit.
+ * - handleAutoForkOption: implements the --auto-fork detection branch.
+ * - handleMaintainerForkAccess: handles the
+ *   --allow-to-push-to-contributors-pull-requests-as-maintainer follow-up
+ *   that runs after a fork PR has been detected.
+ *
+ * Tests for Issue #1716 grep solve.mjs textually, so the *call sites* there
+ * still hold the canonical condition checks; only the bodies live here.
+ */
+
+if (typeof globalThis.use === 'undefined') {
+  globalThis.use = (await eval(await (await fetch('https://unpkg.com/use-m/use.js')).text())).use;
+}
+const use = globalThis.use;
+const { $ } = await use('command-stream');
+
+const lib = await import('./lib.mjs');
+const { log, ghCmdRetry } = lib;
+const githubLib = await import('./github.lib.mjs');
+
+/**
+ * Handle the --auto-fork option: when the user lacks write access to a public
+ * repository, automatically enable fork mode; when the repository is private,
+ * fail with an actionable error.
+ *
+ * Mutates argv.fork in place when fork mode is enabled.
+ *
+ * @param {object} params
+ * @param {string} params.owner
+ * @param {string} params.repo
+ * @param {object} params.argv - CLI arguments (mutated: argv.fork may be set)
+ * @param {(code: number, reason?: string) => Promise<void>} params.safeExit
+ */
+export async function handleAutoForkOption({ owner, repo, argv, safeExit }) {
+  if (!argv.autoFork || argv.fork) return;
+
+  const { detectRepositoryVisibility } = githubLib;
+  await log('🔍 Checking repository access for auto-fork...');
+  const permResult = await ghCmdRetry(() => $`gh api repos/${owner}/${repo} --jq .permissions`, { label: 'auto-fork perms' });
+
+  if (permResult.code === 0) {
+    const permissions = JSON.parse(permResult.stdout.toString().trim());
+    const hasWriteAccess = permissions.push === true || permissions.admin === true || permissions.maintain === true;
+
+    if (!hasWriteAccess) {
+      const { isPublic } = await detectRepositoryVisibility(owner, repo);
+
+      if (!isPublic) {
+        await log('');
+        await log("❌ --auto-fork failed: Repository is private and you don't have write access", { level: 'error' });
+        await log('');
+        await log('   🔍 What happened:', { level: 'error' });
+        await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
+        await log("      You don't have write access to this repository", { level: 'error' });
+        await log('      --auto-fork cannot create a fork of a private repository you cannot access', { level: 'error' });
+        await log('');
+        await log('   💡 Solution:', { level: 'error' });
+        await log('      • Request collaborator access from the repository owner', { level: 'error' });
+        await log(`        https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
+        await log('');
+        await safeExit(1, 'Auto-fork failed - private repository without access');
+        return;
+      }
+
+      await log('✅ Auto-fork: No write access detected, enabling fork mode');
+      argv.fork = true;
+    } else {
+      const { isPublic } = await detectRepositoryVisibility(owner, repo);
+      await log(`✅ Auto-fork: Write access detected to ${isPublic ? 'public' : 'private'} repository, working directly on repository`);
+    }
+  } else {
+    const { isPublic } = await detectRepositoryVisibility(owner, repo);
+
+    if (!isPublic) {
+      await log('');
+      await log('❌ --auto-fork failed: Could not verify permissions for private repository', { level: 'error' });
+      await log('');
+      await log('   🔍 What happened:', { level: 'error' });
+      await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
+      await log('      Could not check your permissions to this repository', { level: 'error' });
+      await log('');
+      await log('   💡 Solutions:', { level: 'error' });
+      await log('      • Check your GitHub CLI authentication: gh auth status', { level: 'error' });
+      await log("      • Request collaborator access if you don't have it yet", { level: 'error' });
+      await log(`        https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
+      await log('');
+      await safeExit(1, 'Auto-fork failed - cannot verify private repository permissions');
+      return;
+    }
+
+    await log('⚠️  Auto-fork: Could not check permissions, enabling fork mode for public repository');
+    argv.fork = true;
+  }
+}
+
+/**
+ * After a fork PR is detected, optionally check whether the maintainer can
+ * push directly to the contributor's fork. If not, request access.
+ *
+ * @param {object} params
+ * @param {string} params.owner
+ * @param {string} params.repo
+ * @param {string|number} params.prNumber
+ */
+export async function handleMaintainerForkAccess({ owner, repo, prNumber }) {
+  const { checkMaintainerCanModifyPR, requestMaintainerAccess } = githubLib;
+  const { canModify } = await checkMaintainerCanModifyPR(owner, repo, prNumber);
+
+  if (canModify) {
+    await log('✅ Maintainer can push to fork: Enabled by contributor');
+    await log("   Will push changes directly to contributor's fork instead of creating own fork");
+    return;
+  }
+
+  await log('⚠️  Maintainer cannot push to fork: "Allow edits by maintainers" is not enabled', { level: 'warning' });
+  await log('   Posting comment to request access...', { level: 'warning' });
+  await requestMaintainerAccess(owner, repo, prNumber);
+  await log('   Comment posted. Proceeding with own fork instead.', { level: 'warning' });
+}
+
+export default { handleAutoForkOption, handleMaintainerForkAccess };

package/src/solve.mjs

@@ -58,6 +58,7 @@ const { postTrackedComment, USAGE_LIMIT_REACHED_MARKER } = await import('./tool-
 const { prepareFeedbackAndTimestamps, checkUncommittedChanges, checkForkActions } = await import('./solve.preparation.lib.mjs');
 const { validateAndExitOnInvalidModel } = await import('./models/index.mjs');
 const { autoAcceptInviteForRepo } = await import('./solve.accept-invite.lib.mjs');
+const { handleAutoForkOption, handleMaintainerForkAccess } = await import('./solve.fork-detection.lib.mjs');
 // Initialize log file early (before argument parsing) to capture all output
 const logFile = await initializeLogFile(null);
 // Log version and raw command IMMEDIATELY after log file initialization
@@ -209,73 +210,7 @@ if (argv.autoAcceptInvite) {
   await autoAcceptInviteForRepo(owner, repo, log, argv.verbose);
 }
 // Handle --auto-fork option: automatically fork public repositories without write access
-if (argv.autoFork && !argv.fork) {
-  const { detectRepositoryVisibility } = githubLib;
-  // Check if we have write access first (issue #1536: retry on transient network errors)
-  await log('🔍 Checking repository access for auto-fork...');
-  const permResult = await lib.ghCmdRetry(() => $`gh api repos/${owner}/${repo} --jq .permissions`, { label: 'auto-fork perms' });
-
-  if (permResult.code === 0) {
-    const permissions = JSON.parse(permResult.stdout.toString().trim());
-    const hasWriteAccess = permissions.push === true || permissions.admin === true || permissions.maintain === true;
-
-    if (!hasWriteAccess) {
-      // No write access - check if repository is public before enabling fork mode
-      const { isPublic } = await detectRepositoryVisibility(owner, repo);
-
-      if (!isPublic) {
-        // Private repository without write access - cannot fork
-        await log('');
-        await log("❌ --auto-fork failed: Repository is private and you don't have write access", { level: 'error' });
-        await log('');
-        await log('   🔍 What happened:', { level: 'error' });
-        await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
-        await log("      You don't have write access to this repository", { level: 'error' });
-        await log('      --auto-fork cannot create a fork of a private repository you cannot access', {
-          level: 'error',
-        });
-        await log('');
-        await log('   💡 Solution:', { level: 'error' });
-        await log('      • Request collaborator access from the repository owner', { level: 'error' });
-        await log(`        https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
-        await log('');
-        await safeExit(1, 'Auto-fork failed - private repository without access');
-      }
-
-      // Public repository without write access - automatically enable fork mode
-      await log('✅ Auto-fork: No write access detected, enabling fork mode');
-      argv.fork = true;
-    } else {
-      // Has write access - work directly on the repo (works for both public and private repos)
-      const { isPublic } = await detectRepositoryVisibility(owner, repo);
-      await log(`✅ Auto-fork: Write access detected to ${isPublic ? 'public' : 'private'} repository, working directly on repository`);
-    }
-  } else {
-    // Could not check permissions - assume no access and try to fork if public
-    const { isPublic } = await detectRepositoryVisibility(owner, repo);
-
-    if (!isPublic) {
-      // Cannot determine permissions for private repo - fail safely
-      await log('');
-      await log('❌ --auto-fork failed: Could not verify permissions for private repository', { level: 'error' });
-      await log('');
-      await log('   🔍 What happened:', { level: 'error' });
-      await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
-      await log('      Could not check your permissions to this repository', { level: 'error' });
-      await log('');
-      await log('   💡 Solutions:', { level: 'error' });
-      await log('      • Check your GitHub CLI authentication: gh auth status', { level: 'error' });
-      await log("      • Request collaborator access if you don't have it yet", { level: 'error' });
-      await log(`        https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
-      await log('');
-      await safeExit(1, 'Auto-fork failed - cannot verify private repository permissions');
-    }
-
-    // Public repository but couldn't check permissions - assume no access and fork
-    await log('⚠️  Auto-fork: Could not check permissions, enabling fork mode for public repository');
-    argv.fork = true;
-  }
-}
+await handleAutoForkOption({ owner, repo, argv, safeExit });
 // Permission check BEFORE entity validation (#1552): avoids false 404 on private repos without access
 const { checkRepositoryWritePermission } = githubLib;
 const hasWriteAccess = await checkRepositoryWritePermission(owner, repo, {
@@ -296,19 +231,26 @@ if (!entityCheck.valid) {
   await safeExit(1, `GitHub entity not found (${entityCheck.level})`);
 }
 
-// Detect repository visibility and set auto-cleanup default if not explicitly set
+// Detect repository visibility once and reuse for downstream decisions
+// (auto-cleanup default + Issue #1716 private-repo fork bypass)
+const { detectRepositoryVisibility } = githubLib;
+const { isPublic: isRepoPublic } = await detectRepositoryVisibility(owner, repo);
 if (argv.autoCleanup === undefined) {
-  const { detectRepositoryVisibility } = githubLib;
-  const { isPublic } = await detectRepositoryVisibility(owner, repo);
   // For public repos: keep temp directories (default false)
   // For private repos: clean up temp directories (default true)
-  argv.autoCleanup = !isPublic;
+  argv.autoCleanup = !isRepoPublic;
   if (argv.verbose) {
-    await log(`   Auto-cleanup default: ${argv.autoCleanup} (repository is ${isPublic ? 'public' : 'private'})`, {
+    await log(`   Auto-cleanup default: ${argv.autoCleanup} (repository is ${isRepoPublic ? 'public' : 'private'})`, {
       verbose: true,
     });
   }
 }
+// Issue #1716: When the upstream repository is private and the user has direct
+// write access, fork-based workflows should be skipped — even if the existing
+// PR was originally created from a fork. Forks of private repositories often
+// become inaccessible (renamed, deleted, parent re-private'd) and there's no
+// reason to use them when we can push branches and PRs to the upstream repo.
+const skipForkForPrivateUpstream = !isRepoPublic && !argv.fork && hasWriteAccess;
 // Determine mode and get issue details
 let issueNumber;
 let prNumber;
@@ -345,32 +287,26 @@ if (autoContinueResult.isContinueMode) {
           await log(`   Merge status: ${mergeStateStatus || 'UNKNOWN'}`, { verbose: true });
         }
         if (prCheckData.headRepositoryOwner && prCheckData.headRepositoryOwner.login !== owner) {
-          forkOwner = prCheckData.headRepositoryOwner.login;
-          // Get actual fork repository name (may be prefixed) and store for use in setupRepository
-          forkRepoName = prCheckData.headRepository && prCheckData.headRepository.name ? prCheckData.headRepository.name : null;
-          await log(`🍴 Detected fork PR from ${forkOwner}/${forkRepoName || repo}`);
-          if (argv.verbose) {
-            await log(`   Fork owner: ${forkOwner}`, { verbose: true });
-            await log('   Will clone fork repository for continue mode', { verbose: true });
+          const detectedForkOwner = prCheckData.headRepositoryOwner.login;
+          const detectedForkRepoName = prCheckData.headRepository && prCheckData.headRepository.name ? prCheckData.headRepository.name : null;
+          // Issue #1716: Skip fork mode for private upstream repos with write access.
+          if (skipForkForPrivateUpstream) {
+            await log(`🔒 Detected fork PR from ${detectedForkOwner}/${detectedForkRepoName || repo}, but upstream ${owner}/${repo} is private and you have write access.`);
+            await log('   Working directly on the private upstream repository (Issue #1716).');
+          } else {
+            forkOwner = detectedForkOwner;
+            // Get actual fork repository name (may be prefixed) and store for use in setupRepository
+            forkRepoName = detectedForkRepoName;
+            await log(`🍴 Detected fork PR from ${forkOwner}/${forkRepoName || repo}`);
+            if (argv.verbose) {
+              await log(`   Fork owner: ${forkOwner}`, { verbose: true });
+              await log('   Will clone fork repository for continue mode', { verbose: true });
+            }
           }
 
           // Check if maintainer can push to the fork when --allow-to-push-to-contributors-pull-requests-as-maintainer is enabled
-          if (argv.allowToPushToContributorsPullRequestsAsMaintainer && argv.autoFork) {
-            const { checkMaintainerCanModifyPR, requestMaintainerAccess } = githubLib;
-            const { canModify } = await checkMaintainerCanModifyPR(owner, repo, prNumber);
-
-            if (canModify) {
-              await log('✅ Maintainer can push to fork: Enabled by contributor');
-              await log("   Will push changes directly to contributor's fork instead of creating own fork");
-              // Don't disable fork mode, but we'll use the contributor's fork
-            } else {
-              await log('⚠️  Maintainer cannot push to fork: "Allow edits by maintainers" is not enabled', {
-                level: 'warning',
-              });
-              await log('   Posting comment to request access...', { level: 'warning' });
-              await requestMaintainerAccess(owner, repo, prNumber);
-              await log('   Comment posted. Proceeding with own fork instead.', { level: 'warning' });
-            }
+          if (forkOwner && argv.allowToPushToContributorsPullRequestsAsMaintainer && argv.autoFork) {
+            await handleMaintainerForkAccess({ owner, repo, prNumber });
           }
         }
       }
@@ -425,32 +361,26 @@ if (isPrUrl) {
     prState = prData.state;
     // Check if this is a fork PR
     if (prData.headRepositoryOwner && prData.headRepositoryOwner.login !== owner) {
-      forkOwner = prData.headRepositoryOwner.login;
-      // Get actual fork repository name and store for use in setupRepository
-      forkRepoName = prData.headRepository && prData.headRepository.name ? prData.headRepository.name : null;
-      await log(`🍴 Detected fork PR from ${forkOwner}/${forkRepoName || repo}`);
-      if (argv.verbose) {
-        await log(`   Fork owner: ${forkOwner}`, { verbose: true });
-        await log('   Will clone fork repository for continue mode', { verbose: true });
+      const detectedForkOwner = prData.headRepositoryOwner.login;
+      const detectedForkRepoName = prData.headRepository && prData.headRepository.name ? prData.headRepository.name : null;
+      // Issue #1716: Skip fork mode for private upstream repos with write access.
+      if (skipForkForPrivateUpstream) {
+        await log(`🔒 Detected fork PR from ${detectedForkOwner}/${detectedForkRepoName || repo}, but upstream ${owner}/${repo} is private and you have write access.`);
+        await log('   Working directly on the private upstream repository (Issue #1716).');
+      } else {
+        forkOwner = detectedForkOwner;
+        // Get actual fork repository name and store for use in setupRepository
+        forkRepoName = detectedForkRepoName;
+        await log(`🍴 Detected fork PR from ${forkOwner}/${forkRepoName || repo}`);
+        if (argv.verbose) {
+          await log(`   Fork owner: ${forkOwner}`, { verbose: true });
+          await log('   Will clone fork repository for continue mode', { verbose: true });
+        }
       }
 
       // Check if maintainer can push to the fork when --allow-to-push-to-contributors-pull-requests-as-maintainer is enabled
-      if (argv.allowToPushToContributorsPullRequestsAsMaintainer && argv.autoFork) {
-        const { checkMaintainerCanModifyPR, requestMaintainerAccess } = githubLib;
-        const { canModify } = await checkMaintainerCanModifyPR(owner, repo, prNumber);
-
-        if (canModify) {
-          await log('✅ Maintainer can push to fork: Enabled by contributor');
-          await log("   Will push changes directly to contributor's fork instead of creating own fork");
-          // Don't disable fork mode, but we'll use the contributor's fork
-        } else {
-          await log('⚠️  Maintainer cannot push to fork: "Allow edits by maintainers" is not enabled', {
-            level: 'warning',
-          });
-          await log('   Posting comment to request access...', { level: 'warning' });
-          await requestMaintainerAccess(owner, repo, prNumber);
-          await log('   Comment posted. Proceeding with own fork instead.', { level: 'warning' });
-        }
+      if (forkOwner && argv.allowToPushToContributorsPullRequestsAsMaintainer && argv.autoFork) {
+        await handleMaintainerForkAccess({ owner, repo, prNumber });
       }
     }
     await log(`📝 PR branch: ${prBranch}`);

package/src/telegram-terminal-watch-command.lib.mjs

@@ -6,15 +6,12 @@
  */
 
 import fs from 'fs/promises';
-import path from 'path';
-import { constants as fsConstants } from 'fs';
 import { extractSessionIdFromText, decideLogDestination, resolveLogPath } from './telegram-log-command.lib.mjs';
 
 const DEFAULT_WIDTH = 120;
 const DEFAULT_HEIGHT = 25;
 const DEFAULT_INTERVAL_MS = 2500;
 const DEFAULT_MAX_CHARS = 3400;
-const TELEGRAM_DOCUMENT_MAX_BYTES = 50 * 1024 * 1024;
 const GITHUB_URL_RE = /https:\/\/github\.com\/[^\s"'`<>]+/i;
 const activeWatches = new Map();
 
@@ -135,23 +132,6 @@ export function formatTerminalWatchMessage({ sessionId, statusResult = null, log
   return lines.join('\n');
 }
 
-async function fileExists(filePath) {
-  try {
-    await fs.access(filePath, fsConstants.R_OK);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-async function fileSize(filePath) {
-  try {
-    return (await fs.stat(filePath)).size;
-  } catch {
-    return null;
-  }
-}
-
 async function readLogFile(logPath) {
   try {
     return await fs.readFile(logPath, 'utf8');
@@ -182,16 +162,6 @@ export async function resolveTerminalWatchRepository({ sessionInfo = null, statu
   }
 }
 
-async function sendLogDocument({ bot, chatId, logPath, sessionId, statusResult }) {
-  if (!(await fileExists(logPath))) return;
-  const size = await fileSize(logPath);
-  if (size !== null && size > TELEGRAM_DOCUMENT_MAX_BYTES) {
-    await bot.telegram.sendMessage(chatId, `⚠️ Full log for \`${sessionId}\` is ${(size / (1024 * 1024)).toFixed(1)} MB, above Telegram's 50 MB upload limit.`, { parse_mode: 'Markdown' });
-    return;
-  }
-  await bot.telegram.sendDocument(chatId, { source: logPath, filename: path.basename(logPath) }, { caption: `📄 Full log for session \`${sessionId}\`${statusResult?.status ? `\nStatus: \`${statusResult.status}\`` : ''}`, parse_mode: 'Markdown' });
-}
-
 async function querySessionStatusWithRetry(querySessionStatus, sessionId, verbose, attempts = 3) {
   for (let attempt = 1; attempt <= attempts; attempt++) {
     const statusResult = await querySessionStatus(sessionId, verbose);
@@ -201,7 +171,9 @@ async function querySessionStatusWithRetry(querySessionStatus, sessionId, verbos
   return null;
 }
 
-export function watchTerminalLogSession({ bot, chatId, messageId, sessionId, logPath, querySessionStatus, isTerminalSessionStatus, options = {}, repoDescription = null, verbose = false, attachLogOnComplete = true }) {
+// Note: /terminal_watch never uploads the full session log itself (issue #1720).
+// Use /log <uuid> if you want the log file delivered as a document.
+export function watchTerminalLogSession({ bot, chatId, messageId, sessionId, logPath, querySessionStatus, isTerminalSessionStatus, options = {}, repoDescription = null, verbose = false }) {
   const key = `${chatId}:${messageId}:${sessionId}`;
   activeWatches.get(key)?.stop();
 
@@ -225,7 +197,6 @@ export function watchTerminalLogSession({ bot, chatId, messageId, sessionId, log
       if (completed) {
         stopped = true;
         activeWatches.delete(key);
-        if (attachLogOnComplete) await sendLogDocument({ bot, chatId, logPath, sessionId, statusResult });
         return;
       }
     } catch (error) {
@@ -409,6 +380,5 @@ export const __INTERNAL_FOR_TESTS__ = {
   DEFAULT_HEIGHT,
   DEFAULT_INTERVAL_MS,
   DEFAULT_MAX_CHARS,
-  TELEGRAM_DOCUMENT_MAX_BYTES,
   GITHUB_URL_RE,
 };