@nilsr0711/drydock 0.1.1 → 0.1.3

package/README.md

@@ -71,7 +71,7 @@ It's the difference between *driving* an agent and *operating a dock* of them.
 
 🛂 **Opt-in autonomous triage** — per repo, let Drydock label incoming issues (deterministic keyword classifier, whitelist-only output) and auto-process the ones that are *ready* and not blocked. Off by default; gated by author association for public repos, a per-issue attempt limit, and all the usual cost/concurrency limits. Never auto-merges.
 
-🔧 **CI babysitting & auto-merge** — polls `gh pr checks`, merges on green, and on red resumes the session with a CI-fix prompt (up to **3 retries**), then files a follow-up issue and hands off.
+🔧 **CI babysitting & auto-merge** — polls `gh pr checks`, merges on green, and on red resumes the session with a CI-fix prompt (up to **3 retries**), then files a follow-up issue and hands off. The failed log is classified by failure type (test, type error, lint, build, dependency, timeout, flaky) and reduced to a focused, line-capped evidence slice so the fix prompt targets the actual failure.
 
 🩹 **Opt-in CI auto-heal** — per repo, turn the failure path into a structured classify → fix → verify loop: failing checks are bucketed (healable / external / flaky / unknown), only healable ones get a targeted fix, and each attempt is verified for a real, improving change. External and AI-review checks are never code-healed. Hard budgets (per-session and per-fingerprint attempts, a cooldown, and a concurrency cap) keep it bounded. Off by default; never auto-merges.
 
@@ -79,17 +79,29 @@ It's the difference between *driving* an agent and *operating a dock* of them.
 
 🧩 **Opt-in issue decomposition** — per repo, split a large issue ("fix these 5 bugs", "implement X with A/B/C") into ordered, tracked subtasks. A deterministic heuristic handles GitHub task lists (`- [ ]`) and "Bug N —" headings for free; prose falls back to a one-shot agent. Decomposition is idempotent (keyed on the issue body hash, redone only when the body changes), subtasks are surfaced in the agent prompt and worked in order, and progress is reflected on the issue and in the UI. Off by default. See [ADR 020](docs/adr/020-issue-decomposition.md).
 
+🔎 **Opt-in post-PR verification** — per repo, run a **read-only** pass right after a PR opens that checks whether the diff actually satisfies the issue and each decomposed subtask. A one-shot agent is given the issue, its subtasks, and the (length-capped) diff and returns a strict JSON verdict (`done` / `pending` / `deferred`) per subtask; the result updates subtask status and posts a verification summary flagging what remains. It runs in a throwaway dir with a tight timeout, and on any failure (non-zero exit, non-JSON output, exception) leaves status unchanged — never corrupting state. Off by default; never auto-merges. See [ADR 027](docs/adr/027-post-pr-verification.md).
+
 🚀 **Opt-in post-merge deployment healing** — per repo, watch a merged PR's deployment via pluggable platform adapters (Vercel and Railway today; adding Netlify/Fly/Render is one adapter, no core changes). The platform is auto-detected from repo config or set explicitly. The merged commit's deployment is polled with bounded delay/interval/timeout budgets, and on failure the logs are captured and a follow-up **fix PR** is opened for a human to review. Sessions are surfaced in the repo's Deployments panel. Off by default; never auto-merges. See [ADR 021](docs/adr/021-post-merge-deployment-healing.md).
 
+🏷️ **Opt-in release management** — per repo, extend autonomy past merge to shipping: evaluate the PRs merged since the last tag, decide whether a release is warranted and the semver bump, generate notes, and publish a release. The auto path is **idempotent** (one run per merge commit, never a duplicate release for a tag) and a failed run is retryable; a **dry-run preview** shows the proposed version and included PRs with no side effects; a **manual publish** forces a release through the same evaluation pipeline. Gated by both a global kill-switch and a per-repo opt-in, off by default; releases at the default-branch tip and never auto-merges. See [ADR 028](docs/adr/028-release-management.md).
+
 ⚖️ **Rate-limit budgeting** — a priority-aware governor meters every GitHub call: the background sweep runs at *low* priority and yields once the budget drops below a reserve fraction, while interactive actions stay *high*; a hard floor stops anything from draining the budget to zero, a 429 backs off until reset, and unchanged issue lists are fetched with conditional ETag requests so they cost nothing. See [ADR 018](docs/adr/018-rate-limit-governor.md).
 
+💬 **Ask about this PR** — on a job's detail view, ask a free-text question ("why did this change X?", "is the failing test related?", "what's left to do?") and a **read-only** agent answers from a length-capped context bundle Drydock already has: PR metadata, check pass/fail state, a review-feedback summary, the recent activity log, and the PR diff. Each question is persisted with a visible lifecycle (`answering → answered | error`), scoped to the PR it was asked about, and empty or failed responses are recorded as an error rather than crashing.
+
+📝 **Per-repo agent instructions** — give each watched repo free-text guidance (coding conventions, "always run `pnpm test`", "don't touch `legacy/`", preferred PR style) from the automation panel. The text is injected into the issue-work prompt as a dedicated, length-capped section, so you steer agent behavior per project without editing global prompts or code. Empty by default; an unset value leaves the prompt unchanged.
+
 📡 **Live logs over SSE** — the agent's NDJSON output is parsed incrementally, persisted, and streamed to the browser in real time.
 
-💸 **Cost tracking** — per-job and aggregate spend from the agent's reported `total_cost_usd` (or estimated from tokens), with a **daily cost limit** that gates the driver loop.
+💸 **Cost tracking** — per-job and aggregate spend from the agent's reported `total_cost_usd` (or estimated from tokens), with a **daily cost limit** that gates the driver loop and an optional **per-job cost ceiling** that aborts a single runaway session mid-stream (global default + per-repo override; off when unset). Spend is **exportable** to CSV or JSON from the cost dashboard — per-job line items or aggregates by repo/model, scoped to a date range and repo, with totals that reconcile with the dashboard.
 
 ⏯️ **Global pause & per-repo controls** — pause everything from the navbar, pick an agent and model per repo, toggle serial vs. parallel processing, and customize the queue label.
 
-🔔 **External notifications** — get pinged on Telegram, Slack (incoming webhook) and email (SMTP) for the lifecycle events you care about (job needs human, job failed, PR opened, PR merged, daily cost limit reached, automation paused/draining). Each channel is configured independently, every event has a per-event opt-in, and a one-click test button verifies setup. Delivery is best-effort and never blocks the loop; secrets are redacted from logs. See [ADR 024](docs/adr/024-external-notifications.md).
+🪝 **Webhook-driven issue sync** — opt in per repo to receive issue events instead of waiting for the next poll. Set a secret on a repo and Drydock exposes a signature-verified receiver (`/api/webhooks/<id>`); a validated GitHub/GitLab issue event triggers a targeted, debounced sync so new issues surface near-instantly. Polling stays on as the default fallback and shares the same idempotent reconcile, so a change is never double-processed. Since Drydock binds `127.0.0.1`, expose the URL through a tunnel (e.g. `cloudflared`, `ngrok`). See [ADR 029](docs/adr/029-webhook-issue-sync.md).
+
+🔔 **External notifications** — get pinged on Telegram, Slack (incoming webhook) and email (SMTP) for the lifecycle events you care about (job needs human, job failed, PR opened, PR merged, release published, daily cost limit reached, automation paused/draining). Each channel is configured independently, every event has a per-event opt-in, and a one-click test button verifies setup. Delivery is best-effort and never blocks the loop; secrets are redacted from logs. See [ADR 024](docs/adr/024-external-notifications.md).
+
+🆙 **Update-available notice** — a passive, dismissible navbar banner appears when a newer Drydock release is published. The check queries the latest stable GitHub release (drafts/prereleases skipped), is cached for an hour, and dedupes concurrent checks onto a single upstream call; any network or parse error advertises no update, so a transient hiccup never raises a false alarm. Global installs get a `drydock update` hint.
 
 📐 **ADR review queue** — a file watcher surfaces new `docs/adr/*.md` decisions for approve/reject.
 
@@ -114,7 +126,8 @@ flowchart LR
 
 A single orchestrator boots with the server process (`src/instrumentation.ts`). On start it
 runs crash recovery (requeue orphaned `working` jobs, park CI-babysitting states as
-`interrupted`) and installs graceful-shutdown handlers. The **driver loop** atomically claims
+`interrupted`, and reap orphaned git worktrees left by a hard crash) and installs
+graceful-shutdown handlers. The **driver loop** atomically claims
 the next eligible queued job with a lease (respecting per-repo priority, the daily cost limit,
 the global pause, and serial-vs-parallel settings), heartbeats it while it runs, then releases
 the lease once it settles.
@@ -178,7 +191,7 @@ add a repository, and start queuing issues.
 drydock --help         # all flags
 drydock --version      # installed version
 drydock --port 8080 --host 0.0.0.0   # bind elsewhere (defaults: 127.0.0.1:3737)
-drydock update         # update a global install to the latest version
+drydock update         # update a global install (reports current → latest, skips if already current)
 ```
 
 You still need the `claude` and (for GitHub) `gh` CLIs on `PATH` — see [Requirements](#requirements).
@@ -235,8 +248,8 @@ Drydock is configured at runtime from the **Settings** page and per-repo control
 ¹ A source checkout (`pnpm dev`/`pnpm start`) defaults `DRYDOCK_DB` to `data/drydock.db` in the
 project; the `drydock` launcher defaults it to `~/.drydock/drydock.db`.
 
-**Settings (global):** pause switch · daily cost limit · log retention (days) · `claude`/`gh` CLI paths · notification channels (Telegram / Slack / email) and per-event opt-in.
-**Per repo:** platform (GitHub / GitLab, with base URL + token for GitLab) · default model · serial vs. parallel processing · queue label (default `drydock:queue`).
+**Settings (global):** pause switch · release management kill-switch (master on/off for the opt-in release pipeline) · daily cost limit · max job cost (per-job USD ceiling that aborts a runaway session mid-stream; 0 = off) · log retention (days) · max job minutes (per-agent session timeout) · max CI wait minutes (how long the babysitter waits for checks to settle before escalating to needs-human) · `claude`/`gh` CLI paths · notification channels (Telegram / Slack / email) and per-event opt-in.
+**Per repo:** platform (GitHub / GitLab, with base URL + token for GitLab) · default model · serial vs. parallel processing · queue label (default `drydock:queue`) · optional job/CI timeout overrides.
 
 ## Screens
 
@@ -247,7 +260,7 @@ project; the `drydock` launcher defaults it to `~/.drydock/drydock.db`.
 | `/jobs/[id]` | Job detail — live streaming log, cost & tokens |
 | `/prompts` | Versioned prompt editor |
 | `/adrs` | ADR review queue |
-| `/costs` | Cost dashboard — daily, by model, top jobs |
+| `/costs` | Cost dashboard — daily, by model, top jobs, CSV/JSON export |
 | `/settings` | Global settings |
 
 ## Project layout
@@ -348,10 +361,10 @@ UI: they refuse while draining, globally paused, or over the daily/per-repo cost
 
 ## Roadmap
 
-- [ ] Parallel multi-repo dashboards at a glance
-- [ ] Webhook-driven issue sync (vs. polling)
-- [ ] Richer CI failure classification & targeted fix prompts
-- [ ] Exportable cost reports
+- [x] Parallel multi-repo dashboards at a glance
+- [x] Webhook-driven issue sync (vs. polling)
+- [x] Richer CI failure classification & targeted fix prompts
+- [x] Exportable cost reports
 
 Have an idea? [Open an issue](https://github.com/NilsR0711/drydock/issues).
 

package/bin/drydock.mjs

@@ -6,7 +6,7 @@
 // step or TypeScript runtime so it works straight from the published tarball.
 
 import { spawn } from "node:child_process";
-import { existsSync, mkdirSync, readFileSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, realpathSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -114,20 +114,122 @@ Options:
 Data is stored in ~/.drydock (override with DRYDOCK_DATA_DIR); the database is
 created and migrated automatically on first start.`;
 
+/**
+ * Classify how Drydock was installed from its package directory. Drives the
+ * in-dashboard update notice (issue #58): a global install can self-update via
+ * `drydock update`, whereas an npx run or a dev checkout cannot.
+ *
+ * @param {string} packageRoot Absolute path to the installed package directory.
+ * @returns {"global" | "npx" | "local"}
+ */
+export function detectInstallKind(packageRoot) {
+  const normalized = packageRoot.replace(/\\/g, "/");
+  if (normalized.includes("/_npx/")) return "npx";
+  if (normalized.includes("/node_modules/")) return "global";
+  return "local";
+}
+
+/** The npm package name this CLI is published under. */
+const PACKAGE_NAME = "@nilsr0711/drydock";
+
 /** The command that updates a global install to the latest published version. */
 export function updateCommand() {
-  return { command: "npm", args: ["install", "--global", "@nilsr0711/drydock@latest"] };
+  return { command: "npm", args: ["install", "--global", `${PACKAGE_NAME}@latest`] };
+}
+
+/**
+ * Compare two `x.y.z` versions (a leading `v` is tolerated). Returns 1 if `a` is
+ * newer, -1 if older, 0 if equal. Throws if either version is unparseable so
+ * callers can fall back rather than silently mis-ordering.
+ */
+export function compareVersions(a, b) {
+  const parse = (v) => {
+    const m = /^v?(\d+)\.(\d+)\.(\d+)/.exec(String(v).trim());
+    if (!m) throw new Error(`unparseable version: ${v}`);
+    return [Number(m[1]), Number(m[2]), Number(m[3])];
+  };
+  const pa = parse(a);
+  const pb = parse(b);
+  for (let i = 0; i < 3; i++) {
+    if (pa[i] > pb[i]) return 1;
+    if (pa[i] < pb[i]) return -1;
+  }
+  return 0;
+}
+
+/**
+ * Decide what `drydock update` should do given the installed version and the
+ * latest published version (which may be null/unparseable when the check fails).
+ * Degrades gracefully: when the latest version can't be determined, still
+ * attempts the install rather than blocking the user.
+ *
+ * @returns {{ action: "skip" | "install", reason: string, latestVersion?: string }}
+ */
+export function planUpdate(currentVersion, latestVersion) {
+  if (!latestVersion) return { action: "install", reason: "unknown-latest" };
+  let cmp;
+  try {
+    cmp = compareVersions(latestVersion, currentVersion);
+  } catch {
+    return { action: "install", reason: "unknown-latest" };
+  }
+  if (cmp <= 0) return { action: "skip", reason: "up-to-date" };
+  return { action: "install", reason: "update-available", latestVersion };
+}
+
+/**
+ * Resolve the latest published version from the npm registry's `latest`
+ * dist-tag. Never throws: returns null on any network/HTTP/parse failure so the
+ * caller can fall back to a blind install.
+ *
+ * @param {string} pkg The (possibly scoped) package name.
+ * @param {{ fetchImpl?: typeof fetch }} [opts]
+ * @returns {Promise<string | null>}
+ */
+export async function resolveLatestVersion(pkg, { fetchImpl = fetch } = {}) {
+  try {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(pkg)}/latest`;
+    const res = await fetchImpl(url, {
+      headers: { Accept: "application/json", "User-Agent": "drydock-update" },
+    });
+    if (!res.ok) return null;
+    const body = await res.json();
+    return typeof body?.version === "string" ? body.version : null;
+  } catch {
+    return null;
+  }
 }
 
 /** Run the self-update, inheriting stdio so npm's progress is visible. */
-function runUpdate() {
+async function runUpdate() {
+  const current = readVersion();
+  console.error(`Current version: drydock v${current}`);
+
+  const latest = await resolveLatestVersion(PACKAGE_NAME);
+  const plan = planUpdate(current, latest);
+
+  if (plan.action === "skip") {
+    console.error(`drydock is already up to date (v${current}).`);
+    process.exit(0);
+  }
+
+  if (plan.reason === "unknown-latest") {
+    console.error("Could not determine the latest version; attempting update anyway…");
+  } else {
+    console.error(`Updating drydock ${current} → ${plan.latestVersion} …`);
+  }
+
   const { command, args } = updateCommand();
-  console.error(`Updating drydock: ${command} ${args.join(" ")}`);
   const child = spawn(command, args, {
     shell: process.platform === "win32",
     stdio: "inherit",
   });
-  child.on("exit", (code) => process.exit(code ?? 0));
+  child.on("exit", (code) => {
+    if (code === 0 && plan.reason === "update-available") {
+      console.error(`Updated to drydock v${plan.latestVersion}.`);
+    }
+    process.exit(code ?? 0);
+  });
   child.on("error", (err) => {
     console.error(`Update failed: ${err.message}`);
     process.exit(1);
@@ -185,6 +287,10 @@ async function serve({ host, port, open }) {
     PORT: String(port),
     DRYDOCK_DB: resolveDbPath(),
     DRYDOCK_MIGRATIONS: join(PACKAGE_ROOT, "drizzle"),
+    // Surface the running version and install kind to the dashboard so it can
+    // show an "update available" notice without bundling package.json (#58).
+    DRYDOCK_VERSION: readVersion(),
+    DRYDOCK_INSTALL_KIND: detectInstallKind(PACKAGE_ROOT),
   };
 
   const url = `http://${host}:${port}`;
@@ -225,15 +331,34 @@ async function main(argv) {
       console.log(readVersion());
       return;
     case "update":
-      runUpdate();
+      await runUpdate();
       return;
     default:
       await serve(directive);
   }
 }
 
+/**
+ * Decide whether this module is the program entry point. A plain string compare
+ * against `process.argv[1]` breaks for global/npx installs, where the bin is a
+ * symlink in a bin directory and argv[1] is that link rather than the real file.
+ * Resolving the entry path through symlinks (realpath) makes the two comparable,
+ * so `drydock`, `drydock --version`, etc. actually run when installed.
+ *
+ * @param {string} modulePath Absolute path to this module (resolved import.meta.url).
+ * @param {string | undefined} entryPath The invoked entry path (process.argv[1]).
+ */
+export function isMainModule(modulePath, entryPath) {
+  if (!entryPath) return false;
+  try {
+    return modulePath === realpathSync(entryPath);
+  } catch {
+    return false;
+  }
+}
+
 // Only run when executed directly, not when imported by tests.
-if (process.argv[1] && fileURLToPath(import.meta.url) === resolve(process.argv[1])) {
+if (isMainModule(fileURLToPath(import.meta.url), process.argv[1])) {
   main(process.argv.slice(2)).catch((err) => {
     console.error(err instanceof Error ? err.message : String(err));
     process.exit(1);

package/drizzle/0013_true_red_wolf.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `max_job_minutes` integer;

package/drizzle/0014_dry_medusa.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `max_ci_wait_minutes` integer;

package/drizzle/0015_dapper_ben_grimm.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `verify_pr` integer DEFAULT false NOT NULL;

package/drizzle/0016_charming_natasha_romanoff.sql

@@ -0,0 +1,14 @@
+CREATE TABLE `pr_questions` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`job_id` integer NOT NULL,
+	`pr_number` integer NOT NULL,
+	`question` text NOT NULL,
+	`answer` text,
+	`status` text DEFAULT 'answering' NOT NULL,
+	`error_message` text,
+	`created_at` integer DEFAULT (unixepoch()) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch()) NOT NULL,
+	FOREIGN KEY (`job_id`) REFERENCES `jobs`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE INDEX `pr_questions_job_idx` ON `pr_questions` (`job_id`);

package/drizzle/0017_free_warbound.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `agent_instructions` text;

package/drizzle/0018_confused_franklin_storm.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `max_job_cost_usd` real;

package/drizzle/0019_uneven_meggan.sql

@@ -0,0 +1,22 @@
+CREATE TABLE `release_runs` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`repo_id` integer NOT NULL,
+	`mode` text DEFAULT 'auto' NOT NULL,
+	`trigger_pr_number` integer,
+	`trigger_sha` text,
+	`status` text DEFAULT 'detected' NOT NULL,
+	`bump` text,
+	`from_tag` text,
+	`tag` text,
+	`title` text,
+	`notes` text,
+	`pr_numbers` text DEFAULT '[]' NOT NULL,
+	`error_message` text,
+	`created_at` integer DEFAULT (unixepoch()) NOT NULL,
+	`updated_at` integer DEFAULT (unixepoch()) NOT NULL,
+	FOREIGN KEY (`repo_id`) REFERENCES `repos`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE INDEX `release_runs_repo_idx` ON `release_runs` (`repo_id`);--> statement-breakpoint
+CREATE UNIQUE INDEX `release_runs_trigger_unique` ON `release_runs` (`repo_id`,`trigger_sha`) WHERE "release_runs"."trigger_sha" is not null;--> statement-breakpoint
+ALTER TABLE `repos` ADD `release_enabled` integer DEFAULT false NOT NULL;

package/drizzle/0020_chunky_meggan.sql

@@ -0,0 +1 @@
+ALTER TABLE `repos` ADD `webhook_secret` text;