@link-assistant/hive-mind 1.69.14 → 1.69.16

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @link-assistant/hive-mind
 
+## 1.69.16
+
+### Patch Changes
+
+- ca0d938: Fix Telegram work-session completion failing with "Bad Request: can't parse entities" when the discovered Pull request URL contained Markdown-significant characters (`_`, `*`, `` ` ``, `[`). `appendPullRequestLine` (issue #1688) inserted the raw URL into a Markdown message even though the surrounding `Issue:` line was already escaped by `buildTelegramInfoBlock`, so a repo slug like `save_visiogetbb/pull/8` opened an italic entity at byte offset 318 that never closed. The appended `Pull request:` line is now passed through `escapeMarkdown`, and `safeReply`/`safeEditMessageText`/`installTelegramFormattingFallback` now log the offending byte-offset window and the plain-text fallback under `--verbose` so future parse errors point straight to the unescaped character. Resolves #1801.
+
+## 1.69.15
+
+### Patch Changes
+
+- fbda6de: Fix `--auto-fork` failing on private repositories with read-only access when forking is allowed. `handleAutoForkOption` now probes the `allow_forking` repository attribute before bailing out: when it is `true`, fork mode is enabled (the same behaviour already used for public repos without write access); when it is explicitly `false`, the fatal exit explains that direct branch mode needs push/write access, fork mode is disabled, and the maintainer must either grant Write access or enable private forking; when it cannot be determined, we fall through with a verbose warning so `gh repo fork` can produce a precise downstream error. Resolves #1795.
+
 ## 1.69.14
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.69.14",
+  "version": "1.69.16",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/solve.fork-detection.lib.mjs

@@ -24,9 +24,41 @@ const { log, ghCmdRetry } = lib;
 const githubLib = await import('./github.lib.mjs');
 
 /**
- * Handle the --auto-fork option: when the user lacks write access to a public
- * repository, automatically enable fork mode; when the repository is private,
- * fail with an actionable error.
+ * Probe whether the repository allows forking via the GitHub API
+ * (`allow_forking` is true for repos that can be forked by users with read
+ * access — including private repositories). Returns `null` when the
+ * attribute could not be determined so callers can decide a safe default.
+ *
+ * Kept here (instead of github.lib.mjs) because it's only used by the
+ * auto-fork branch and the existing `detectRepositoryVisibility` already
+ * makes a separate API call; this avoids reshuffling shared helpers.
+ *
+ * Issue #1795: a private repository with read-only access can still be
+ * forked when `allow_forking` is true, so failing early was overly
+ * conservative.
+ */
+async function detectAllowForking(owner, repo) {
+  const result = await ghCmdRetry(() => $`gh api repos/${owner}/${repo} --jq .allow_forking`, { label: `allow_forking ${owner}/${repo}` });
+  if (result.code !== 0) return null;
+  const raw = result.stdout.toString().trim();
+  if (raw === 'true') return true;
+  if (raw === 'false') return false;
+  return null;
+}
+
+function describeRepoPermissionLevel(permissions) {
+  if (permissions.admin === true) return 'Admin';
+  if (permissions.maintain === true) return 'Maintain';
+  if (permissions.push === true) return 'Write';
+  if (permissions.triage === true) return 'Triage';
+  if (permissions.pull === true) return 'Read';
+  return 'No confirmed repository access';
+}
+
+/**
+ * Handle the --auto-fork option: when the user lacks write access, attempt
+ * to enable fork mode (including for private repositories where
+ * `allow_forking` is true). Only fail when forking is also unavailable.
  *
  * Mutates argv.fork in place when fork mode is enabled.
  *
@@ -51,19 +83,52 @@ export async function handleAutoForkOption({ owner, repo, argv, safeExit }) {
       const { isPublic } = await detectRepositoryVisibility(owner, repo);
 
       if (!isPublic) {
-        await log('');
-        await log("❌ --auto-fork failed: Repository is private and you don't have write access", { level: 'error' });
-        await log('');
-        await log('   🔍 What happened:', { level: 'error' });
-        await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
-        await log("      You don't have write access to this repository", { level: 'error' });
-        await log('      --auto-fork cannot create a fork of a private repository you cannot access', { level: 'error' });
-        await log('');
-        await log('   💡 Solution:', { level: 'error' });
-        await log('      • Request collaborator access from the repository owner', { level: 'error' });
-        await log(`        https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
-        await log('');
-        await safeExit(1, 'Auto-fork failed - private repository without access');
+        // Issue #1795: read access to a private repo is enough to fork it
+        // when the upstream allows forking. Probe `allow_forking` before
+        // bailing out so users with limited (read-only) access can still
+        // proceed via their own fork.
+        const allowForking = await detectAllowForking(owner, repo);
+        if (allowForking === false) {
+          const permissionLevel = describeRepoPermissionLevel(permissions);
+
+          await log('');
+          await log("❌ --auto-fork failed: Repository is private, you don't have write access, and forking is disabled", { level: 'error' });
+          await log('');
+          await log('   🔍 What happened:', { level: 'error' });
+          await log(`      Repository ${owner}/${repo} is private`, { level: 'error' });
+          await log(`      Your detected GitHub repository access level is ${permissionLevel}`, { level: 'error' });
+          await log(`      API permissions: ${JSON.stringify(permissions)}`, { level: 'error' });
+          await log('      Direct branch mode requires push/write access, but permissions.push is false', { level: 'error' });
+          await log("      Fork mode is also unavailable because the repository owner disabled private forking ('allow_forking' is false)", {
+            level: 'error',
+          });
+          await log('');
+          await log('   💡 Solution:', { level: 'error' });
+          await log('      • To let Hive Mind work directly in this repository:', { level: 'error' });
+          await log(`        Ask an owner/admin to open https://github.com/${owner}/${repo}/settings/access`, { level: 'error' });
+          await log('        Then add this GitHub account or its team with the Write role (Maintain/Admin also works)', { level: 'error' });
+          await log('      • To let Hive Mind work through a fork instead:', { level: 'error' });
+          await log(`        Ask an owner/admin to open https://github.com/${owner}/${repo}/settings`, { level: 'error' });
+          await log('        Then enable Settings -> General -> Features -> Allow forking', { level: 'error' });
+          await log('        For organization-owned private repositories, the organization must also allow private repository forks', {
+            level: 'error',
+          });
+          await log('');
+          await safeExit(1, 'Auto-fork failed - private repository without access and forking is disabled');
+          return;
+        }
+
+        if (allowForking === true) {
+          await log('✅ Auto-fork: Read-only access to private repository, enabling fork mode (allow_forking=true)');
+        } else {
+          await log("✅ Auto-fork: Read-only access to private repository, attempting fork mode (allow_forking couldn't be confirmed)");
+          await log("   ⚠️  Could not determine 'allow_forking' for the private repository; letting gh repo fork report the exact result", {
+            verbose: true,
+            level: 'warning',
+          });
+        }
+
+        argv.fork = true;
         return;
       }
 

package/src/telegram-safe-reply.lib.mjs

@@ -49,11 +49,30 @@ export function buildTelegramFormattingFallbackText(text, options = {}) {
   return `${getFormattingFallbackWarning(locale)}\n\n${stripTelegramMarkdown(text)}`;
 }
 
-function logFormattingFailure(scope, error, text, verbose = false) {
+function logFormattingFailure(scope, error, text, verbose = false, fallbackText = null) {
   const message = error?.description || error?.message || String(error || '');
   console.error(`[telegram-bot] ${scope}: formatted Telegram message failed: ${message}`);
   if (verbose) {
-    console.error(`[telegram-bot] ${scope}: Failing message (${Buffer.byteLength(String(text ?? ''), 'utf-8')} bytes): ${text}`);
+    const originalBytes = Buffer.byteLength(String(text ?? ''), 'utf-8');
+    console.error(`[telegram-bot] ${scope}: Failing message (${originalBytes} bytes): ${text}`);
+    // Issue #1801: when the parser rejects an entity, surface the byte offset
+    //   from the error along with a small window of the message around it to
+    //   make pinpointing the offending character trivial on the next iteration.
+    const offsetMatch = /byte offset (\d+)/i.exec(message);
+    if (offsetMatch) {
+      const offset = Number(offsetMatch[1]);
+      const buf = Buffer.from(String(text ?? ''), 'utf-8');
+      const start = Math.max(0, offset - 32);
+      const end = Math.min(buf.length, offset + 32);
+      // Decode the window; replacement character is used for bytes that fall
+      // mid-codepoint so we still print *something* useful.
+      const window = buf.slice(start, end).toString('utf-8');
+      console.error(`[telegram-bot] ${scope}: Byte offset ${offset} context [${start}..${end}]: ${JSON.stringify(window)}`);
+    }
+    if (fallbackText !== null) {
+      const fallbackBytes = Buffer.byteLength(String(fallbackText ?? ''), 'utf-8');
+      console.error(`[telegram-bot] ${scope}: Fallback message (${fallbackBytes} bytes): ${fallbackText}`);
+    }
   }
 }
 
@@ -65,8 +84,8 @@ export async function safeReply(ctx, text, options = {}) {
     return await ctx.reply(text, firstOptions);
   } catch (error) {
     if (!isTelegramFormattingError(error)) throw error;
-    logFormattingFailure('safeReply', error, text, verbose);
     const fallbackText = buildTelegramFormattingFallbackText(text, { fallbackLocale });
+    logFormattingFailure('safeReply', error, text, verbose, fallbackText);
     return await ctx.reply(fallbackText, { ...telegramOptions, parse_mode: undefined });
   }
 }
@@ -78,8 +97,8 @@ export async function safeEditMessageText(telegram, chatId, messageId, inlineMes
     return await telegram.editMessageText(chatId, messageId, inlineMessageId, text, firstOptions);
   } catch (error) {
     if (!isTelegramFormattingError(error)) throw error;
-    logFormattingFailure('safeEditMessageText', error, text, verbose);
     const fallbackText = buildTelegramFormattingFallbackText(text, { fallbackLocale });
+    logFormattingFailure('safeEditMessageText', error, text, verbose, fallbackText);
     return await telegram.editMessageText(chatId, messageId, inlineMessageId, fallbackText, { ...telegramOptions, parse_mode: undefined });
   }
 }
@@ -98,9 +117,10 @@ function wrapTelegramMethod(telegram, methodName, textIndex, optionsIndex, defau
       return await original.apply(this, args);
     } catch (error) {
       if (!isTelegramFormattingError(error) || typeof text !== 'string') throw error;
-      logFormattingFailure(methodName, error, text, verbose || defaults.verbose);
+      const fallbackText = buildTelegramFormattingFallbackText(text, { fallbackLocale: fallbackLocale || defaults.fallbackLocale });
+      logFormattingFailure(methodName, error, text, verbose || defaults.verbose, fallbackText);
       const retryArgs = [...args];
-      retryArgs[textIndex] = buildTelegramFormattingFallbackText(text, { fallbackLocale: fallbackLocale || defaults.fallbackLocale });
+      retryArgs[textIndex] = fallbackText;
       retryArgs[optionsIndex] = { ...telegramOptions, parse_mode: undefined };
       return await original.apply(this, retryArgs);
     }

package/src/work-session-formatting.lib.mjs

@@ -1,4 +1,5 @@
 import { t } from './i18n.lib.mjs';
+import { escapeMarkdown } from './telegram-markdown.lib.mjs';
 
 const FAILURE_STATUSES = new Set(['failed', 'cancelled', 'canceled', 'error']);
 
@@ -74,7 +75,7 @@ export function formatExecutingWorkSessionMessage({ sessionName = 'unknown', iso
  */
 export function appendPullRequestLine(infoBlock, pullRequestUrl, { locale = null } = {}) {
   if (!pullRequestUrl || !infoBlock) return infoBlock || '';
-  if (infoBlock.includes(pullRequestUrl)) return infoBlock;
+  if (infoBlock.includes(pullRequestUrl) || infoBlock.includes(escapeMarkdown(pullRequestUrl))) return infoBlock;
 
   const lines = infoBlock.split('\n');
   let lastUrlLineIdx = -1;
@@ -89,7 +90,10 @@ export function appendPullRequestLine(infoBlock, pullRequestUrl, { locale = null
       lastUrlLineIdx = i;
     }
   }
-  const prLine = `${text(locale, 'telegram.info_pull_request_label', 'Pull request')}: ${pullRequestUrl}`;
+  // Issue #1801: escape underscores/asterisks so Markdown parser doesn't open
+  //   an entity on URLs like .../save_visiogetbb/pull/8 that the Issue: line
+  //   above already had escaped at buildTelegramInfoBlock time.
+  const prLine = `${text(locale, 'telegram.info_pull_request_label', 'Pull request')}: ${escapeMarkdown(pullRequestUrl)}`;
   if (lastUrlLineIdx === -1) {
     return `${infoBlock}\n${prLine}`;
   }