@openpome/local-gateway 0.23.0-alpha.0 → 0.26.0-alpha.0

package/dist/index.js

@@ -4,7 +4,7 @@ import { existsSync } from "node:fs";
 import { createServer } from "node:http";
 import { mkdir, opendir, readFile, rm, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
-import { basename, delimiter, dirname, isAbsolute, join, resolve } from "node:path";
+import { basename, delimiter, dirname, isAbsolute, join, relative, resolve } from "node:path";
 import { promisify } from "node:util";
 import { defaultConfig } from "@openpome/configuration";
 import { createCredentialStore, getJsonCredential, setJsonCredential } from "@openpome/credentials";
@@ -39,7 +39,7 @@ const maxWorkspaceScanRepositories = 200;
 export function getGatewayHealth() {
     return {
         status: "ok",
-        version: "0.23.0-alpha.0"
+        version: "0.26.0-alpha.0"
     };
 }
 export async function initOpenPome() {
@@ -465,8 +465,11 @@ export async function getTaskSessionStatus() {
         testRunEvidence: persisted.testRunEvidence ?? [],
         prDraft: persisted.prDraft,
         workItemUpdateDraft: persisted.workItemUpdateDraft,
+        prCreation: persisted.prCreation,
+        workItemUpdatePost: persisted.workItemUpdatePost,
         aiContext: persisted.aiContext,
-        diffSummary: persisted.diffSummary
+        diffSummary: persisted.diffSummary,
+        aiPatchProposal: persisted.aiPatchProposal
     };
 }
 export async function getTaskSessionTimeline() {
@@ -749,6 +752,157 @@ export async function rejectTaskSessionPlan(reason = "Plan rejected by developer
         nextStep: "Revise the work item context or workspace link, then run `pome plan` again."
     };
 }
+export async function createAIPatchProposal() {
+    const paths = getOpenPomePaths();
+    const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
+    if (!persisted) {
+        return {
+            active: false,
+            sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+            nextStep: "Run `pome start <KEY>` first."
+        };
+    }
+    if (persisted.aiPatchProposal && !persisted.aiPatchProposal.appliedAt) {
+        return {
+            active: true,
+            sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+            session: persisted.session,
+            proposal: persisted.aiPatchProposal,
+            workspacePath: persisted.workspaceCandidate?.workspace.path,
+            nextStep: "Review the proposed file changes, then run `pome approve` to apply them."
+        };
+    }
+    if (!persisted.plan) {
+        throw new Error("No implementation plan is available. Run `pome plan` first.");
+    }
+    if (persisted.planApproval?.status !== "approved") {
+        throw new Error("The implementation plan is not approved yet. Run `pome approve` first.");
+    }
+    const workspacePath = persisted.workspaceCandidate?.workspace.path;
+    if (!workspacePath) {
+        throw new Error("No workspace path is available for AI implementation. Open the repo and run `pome start <KEY>` again, or link it with `pome workspace link <KEY> <PATH>`.");
+    }
+    const config = await readConfigIfPresent(paths.configFile);
+    const provider = normalizeModelProviderId(config?.activeModelProvider ?? defaultConfig.activeModelProvider);
+    if (provider === "manual-copy") {
+        throw new Error("Manual-copy mode cannot apply code. Run `pome auth ai openai` or `pome auth ai claude` to enable approval-gated AI patches.");
+    }
+    const apiKey = await getModelProviderApiKey(provider);
+    if (!apiKey) {
+        throw new Error(`${getModelProviderDisplayName(provider)} is active, but no API key is configured. Run \`pome auth ai ${provider === "anthropic" ? "claude" : provider}\`.`);
+    }
+    const createdAt = new Date().toISOString();
+    const fileContext = await collectPatchContextFiles(workspacePath, persisted);
+    const prompt = buildStructuredPatchPrompt(persisted, workspacePath, fileContext);
+    const response = provider === "openai"
+        ? await completeOpenAIText(prompt, apiKey)
+        : await completeAnthropicText(prompt, apiKey);
+    const proposalDraft = parseAIPatchProposal(response, persisted, provider, workspacePath, createdAt);
+    const approval = createFileEditApproval(persisted, proposalDraft, createdAt, "Developer approval is required before OpenPome writes AI-proposed file changes.");
+    const proposal = {
+        ...proposalDraft,
+        approval
+    };
+    const session = {
+        ...persisted.session,
+        status: "awaiting_approval",
+        updatedAt: createdAt
+    };
+    await writeActiveTaskSession(paths.homeDirectory, {
+        ...persisted,
+        session,
+        aiPatchProposal: proposal,
+        approvalHistory: appendApprovalHistory(persisted.approvalHistory, approval),
+        events: appendSessionEvents(persisted.events, [
+            createSessionEvent(session, persisted.workItem.key, "approval_requested", "AI file changes proposed", createdAt, [
+                `Provider: ${getModelProviderDisplayName(provider)}`,
+                `Files proposed: ${proposal.files.map((file) => file.path).join(", ") || "none"}`,
+                ...approval.details
+            ], {
+                approvalId: approval.id,
+                approvalType: approval.type
+            })
+        ])
+    });
+    return {
+        active: true,
+        sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+        session,
+        proposal,
+        workspacePath,
+        nextStep: "Review the proposed file changes, then run `pome approve` to apply them."
+    };
+}
+export async function approveAndApplyAIPatchProposal() {
+    const paths = getOpenPomePaths();
+    const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
+    if (!persisted) {
+        return undefined;
+    }
+    const proposal = persisted.aiPatchProposal;
+    if (!proposal) {
+        throw new Error("No AI file changes are waiting for approval. Run `pome next` first.");
+    }
+    if (proposal.appliedAt) {
+        return {
+            active: true,
+            sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+            session: persisted.session,
+            proposal,
+            summary: persisted.diffSummary,
+            nextStep: "Run `pome done` to prepare the PR and Jira update drafts."
+        };
+    }
+    const workspacePath = persisted.workspaceCandidate?.workspace.path;
+    if (!workspacePath) {
+        throw new Error("No workspace path is available for the active task session.");
+    }
+    const now = new Date().toISOString();
+    const approvedProposal = {
+        ...proposal,
+        approval: {
+            ...proposal.approval,
+            status: "approved"
+        },
+        appliedAt: now
+    };
+    await applyPatchFiles(workspacePath, approvedProposal.files);
+    const summary = await buildDiffSummary(workspacePath, now);
+    const session = {
+        ...persisted.session,
+        status: "implementing",
+        updatedAt: now
+    };
+    await writeActiveTaskSession(paths.homeDirectory, {
+        ...persisted,
+        session,
+        aiPatchProposal: approvedProposal,
+        diffSummary: summary,
+        approvalHistory: appendApprovalHistory(persisted.approvalHistory, approvedProposal.approval),
+        events: appendSessionEvents(persisted.events, [
+            createSessionEvent(session, persisted.workItem.key, "approval_approved", "AI file changes approved and applied", now, [
+                `Files applied: ${approvedProposal.files.map((file) => file.path).join(", ")}`,
+                `Changed files in git diff: ${summary.files.length}`
+            ], {
+                approvalId: approvedProposal.approval.id,
+                approvalType: approvedProposal.approval.type
+            }),
+            createSessionEvent(session, persisted.workItem.key, "session_status_changed", "AI patch applied", now, [
+                "OpenPome wrote only the approved files and captured a diff summary."
+            ], {
+                status: session.status
+            })
+        ])
+    });
+    return {
+        active: true,
+        sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+        session,
+        proposal: approvedProposal,
+        summary,
+        nextStep: "Review the diff, run approved tests, then run `pome done`."
+    };
+}
 export async function discoverTestCommands() {
     const paths = getOpenPomePaths();
     const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
@@ -1011,12 +1165,6 @@ export async function getGitHubAuthStatus() {
         };
     }
 }
-export async function createPullRequestExternalGuard() {
-    return createExternalActionGuard("create_pr");
-}
-export async function postWorkItemUpdateExternalGuard() {
-    return createExternalActionGuard("update_work_item");
-}
 export async function createPullRequestDraft() {
     const paths = getOpenPomePaths();
     const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
@@ -1027,7 +1175,9 @@ export async function createPullRequestDraft() {
         };
     }
     const now = new Date().toISOString();
-    const draft = buildPullRequestDraft(persisted, now);
+    const draft = buildPullRequestDraft(persisted, now, persisted.workspaceCandidate?.workspace.path
+        ? await detectPullRequestBaseBranch(persisted.workspaceCandidate.workspace.path)
+        : "main");
     await writeActiveTaskSession(paths.homeDirectory, {
         ...persisted,
         prDraft: draft,
@@ -1046,6 +1196,104 @@ export async function createPullRequestDraft() {
         draft
     };
 }
+export async function createPullRequest(options = {}) {
+    const paths = getOpenPomePaths();
+    const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
+    if (!persisted) {
+        return {
+            active: false,
+            sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+            pushed: false,
+            draftPr: Boolean(options.draft)
+        };
+    }
+    if (persisted.planApproval?.status !== "approved") {
+        throw new Error("Plan approval is required before creating a PR. Run `pome approve` first.");
+    }
+    const workspacePath = persisted.workspaceCandidate?.workspace.path;
+    if (!workspacePath) {
+        throw new Error("No workspace path is available for PR creation.");
+    }
+    if (!persisted.diffSummary) {
+        throw new Error("Review the final diff summary before creating a PR. Run `pome diff` first.");
+    }
+    if (!options.allowUntested && !hasPassedTestEvidence(persisted)) {
+        throw new Error("Passed test evidence is required before creating a PR. Run `pome test discover`, `pome approve command`, and `pome test run`, or pass `--allow-untested`.");
+    }
+    const github = await getGitHubAuthStatus();
+    if (!github.authenticated) {
+        throw new Error(`${github.detail} Run \`pome auth github login\` first.`);
+    }
+    const now = new Date().toISOString();
+    const baseBranch = options.baseBranch?.trim() || await detectPullRequestBaseBranch(workspacePath);
+    const draft = {
+        ...(persisted.prDraft ?? buildPullRequestDraft(persisted, now, baseBranch)),
+        baseBranch
+    };
+    const branch = await ensurePullRequestBranch(workspacePath, draft.headBranch);
+    const commitMessage = `${persisted.workItem.key}: ${persisted.workItem.title}`;
+    const hasChanges = await hasWorkspaceChanges(workspacePath);
+    if (!hasChanges) {
+        throw new Error("No local changes are available to commit for this PR.");
+    }
+    await runGitStrict(workspacePath, ["add", "-A"]);
+    await runGitStrict(workspacePath, ["commit", "-m", commitMessage]);
+    await runGitStrict(workspacePath, ["push", "-u", "origin", branch]);
+    const ghArgs = [
+        "pr",
+        "create",
+        "--title",
+        draft.title,
+        "--body",
+        draft.body,
+        "--base",
+        draft.baseBranch,
+        "--head",
+        branch
+    ];
+    if (options.draft) {
+        ghArgs.push("--draft");
+    }
+    const prUrl = (await execFileStrict("gh", ghArgs, workspacePath)).trim();
+    const approval = createExternalActionApproval(persisted, "create_pr", now, [
+        `Branch: ${branch}`,
+        `Commit: ${commitMessage}`,
+        `PR: ${prUrl || "created"}`,
+        options.draft ? "Draft PR: yes" : "Draft PR: no"
+    ]);
+    const result = {
+        active: true,
+        sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+        session: persisted.session,
+        draft,
+        approval,
+        prUrl: prUrl || undefined,
+        branch,
+        commitMessage,
+        pushed: true,
+        draftPr: Boolean(options.draft),
+        createdAt: now
+    };
+    await writeActiveTaskSession(paths.homeDirectory, {
+        ...persisted,
+        prDraft: draft,
+        prCreation: result,
+        approvalHistory: appendApprovalHistory(persisted.approvalHistory, approval),
+        events: appendSessionEvents(persisted.events, [
+            createSessionEvent(persisted.session, persisted.workItem.key, "approval_approved", options.draft ? "GitHub draft PR created" : "GitHub PR created", now, [
+                `Branch: ${branch}`,
+                prUrl ? `PR: ${prUrl}` : "PR created by GitHub CLI",
+                options.draft ? "Draft PR: yes" : "Draft PR: no"
+            ], {
+                approvalId: approval.id,
+                approvalType: approval.type,
+                branch,
+                prUrl
+            })
+        ])
+    });
+    return result;
+}
 export async function createWorkItemUpdateDraft() {
     const paths = getOpenPomePaths();
     const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
@@ -1075,6 +1323,61 @@ export async function createWorkItemUpdateDraft() {
         draft
     };
 }
+export async function postWorkItemUpdate() {
+    const paths = getOpenPomePaths();
+    const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
+    if (!persisted) {
+        return {
+            active: false,
+            sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+            posted: false
+        };
+    }
+    if (persisted.planApproval?.status !== "approved") {
+        throw new Error("Plan approval is required before posting a work item update. Run `pome approve` first.");
+    }
+    const now = new Date().toISOString();
+    const draft = persisted.workItemUpdateDraft ?? buildWorkItemUpdateDraft(persisted, now);
+    const source = await createJiraSource(process.env);
+    if (!source.postUpdate) {
+        throw new Error(`Work item source ${source.displayName} does not support posting updates yet.`);
+    }
+    const posted = await source.postUpdate(persisted.workItem.key, draft.body);
+    const approval = createExternalActionApproval(persisted, "update_work_item", now, [
+        `Work item: ${persisted.workItem.key}`,
+        `Comment: ${posted.commentId ?? "posted"}`,
+        posted.self ? `URL: ${posted.self}` : "URL: unavailable"
+    ]);
+    const result = {
+        active: true,
+        sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
+        session: persisted.session,
+        workItem: persisted.workItem,
+        draft,
+        approval,
+        posted: true,
+        commentId: posted.commentId,
+        url: posted.self,
+        postedAt: posted.createdAt ?? now
+    };
+    await writeActiveTaskSession(paths.homeDirectory, {
+        ...persisted,
+        workItemUpdateDraft: draft,
+        workItemUpdatePost: result,
+        approvalHistory: appendApprovalHistory(persisted.approvalHistory, approval),
+        events: appendSessionEvents(persisted.events, [
+            createSessionEvent(persisted.session, persisted.workItem.key, "approval_approved", "Work item update posted", now, [
+                `Work item: ${persisted.workItem.key}`,
+                posted.commentId ? `Comment: ${posted.commentId}` : "Comment posted"
+            ], {
+                approvalId: approval.id,
+                approvalType: approval.type,
+                commentId: posted.commentId ?? ""
+            })
+        ])
+    });
+    return result;
+}
 export async function getJiraAuthStatus(env = process.env) {
     const source = await createJiraSource(env);
     const status = source.getAuthStatus();
@@ -1808,7 +2111,7 @@ function buildInitialImplementationPlan(workItem, workspaceCandidate) {
         commandsToRun: ["pome approve", "pnpm validate"],
         risks: [
             "Workspace resolution may be incomplete until real GitHub and historical session signals are added.",
-            "The first plan is deterministic; model-provider assisted planning will be added later."
+            "Manual-copy mode uses deterministic planning; connect OpenAI or Claude for AI-assisted planning and patch proposals."
         ],
         missingInfo: hasWorkspace ? [] : ["No workspace candidate is selected yet."]
     };
@@ -1829,6 +2132,9 @@ async function buildImplementationPlan(persisted, prompt) {
     return parseImplementationPlan(response, persisted.workItem, persisted.workspaceCandidate, provider);
 }
 async function completeOpenAIPlan(prompt, apiKey) {
+    return completeOpenAIText(buildStructuredPlanPrompt(prompt), apiKey);
+}
+async function completeOpenAIText(prompt, apiKey) {
     const response = await fetch("https://api.openai.com/v1/responses", {
         method: "POST",
         headers: {
@@ -1837,11 +2143,11 @@ async function completeOpenAIPlan(prompt, apiKey) {
         },
         body: JSON.stringify({
             model: process.env["OPENPOME_OPENAI_MODEL"] ?? "gpt-5",
-            input: buildStructuredPlanPrompt(prompt)
+            input: prompt
         })
     });
     if (!response.ok) {
-        throw new Error(`OpenAI planning request failed: ${response.status} ${response.statusText}`);
+        throw new Error(`OpenAI request failed: ${response.status} ${response.statusText}`);
     }
     const body = await response.json();
     if (typeof body.output_text === "string") {
@@ -1855,6 +2161,9 @@ async function completeOpenAIPlan(prompt, apiKey) {
         .join("\n");
 }
 async function completeAnthropicPlan(prompt, apiKey) {
+    return completeAnthropicText(buildStructuredPlanPrompt(prompt), apiKey);
+}
+async function completeAnthropicText(prompt, apiKey) {
     const response = await fetch("https://api.anthropic.com/v1/messages", {
         method: "POST",
         headers: {
@@ -1868,13 +2177,13 @@ async function completeAnthropicPlan(prompt, apiKey) {
             messages: [
                 {
                     role: "user",
-                    content: buildStructuredPlanPrompt(prompt)
+                    content: prompt
                 }
             ]
         })
     });
     if (!response.ok) {
-        throw new Error(`Claude planning request failed: ${response.status} ${response.statusText}`);
+        throw new Error(`Claude request failed: ${response.status} ${response.statusText}`);
     }
     const body = await response.json();
     const content = Array.isArray(body.content) ? body.content : [];
@@ -1938,6 +2247,220 @@ function extractJsonObject(value) {
 function stringArrayOr(value, fallback) {
     return Array.isArray(value) ? value.filter((item) => typeof item === "string") : fallback;
 }
+const maxPatchContextFiles = 12;
+const maxPatchContextBytesPerFile = 16 * 1024;
+const maxPatchContextTotalBytes = 64 * 1024;
+const maxPatchProposalFiles = 8;
+const maxPatchProposalBytesPerFile = 256 * 1024;
+const sensitivePathFragments = [
+    ".env",
+    ".npmrc",
+    ".pypirc",
+    ".netrc",
+    ".ssh",
+    ".aws",
+    ".gcp",
+    ".azure",
+    "id_rsa",
+    "id_dsa",
+    "id_ed25519"
+];
+async function collectPatchContextFiles(workspacePath, session) {
+    const candidates = [];
+    for (const filePath of session.plan?.filesLikelyChanged ?? []) {
+        const normalized = normalizeWorkspaceRelativePath(workspacePath, filePath, "skip");
+        if (normalized && normalized !== ".") {
+            candidates.push(normalized);
+        }
+    }
+    candidates.push("package.json", "README.md", "AGENTS.md");
+    const trackedFiles = await listTrackedWorkspaceFiles(workspacePath);
+    const tokens = tokenizePatchSearchText([
+        session.workItem.key,
+        session.workItem.title,
+        session.workItem.description,
+        ...(session.workItem.labels ?? []),
+        ...(session.workItem.components ?? [])
+    ].filter((value) => Boolean(value)).join(" "));
+    for (const filePath of trackedFiles) {
+        const lower = filePath.toLowerCase();
+        if (tokens.some((token) => lower.includes(token))) {
+            candidates.push(filePath);
+        }
+    }
+    const selected = [];
+    const seen = new Set();
+    let totalBytes = 0;
+    for (const candidate of candidates) {
+        if (selected.length >= maxPatchContextFiles || totalBytes >= maxPatchContextTotalBytes) {
+            break;
+        }
+        const relativePath = normalizeWorkspaceRelativePath(workspacePath, candidate, "skip");
+        if (!relativePath || seen.has(relativePath) || isSensitiveWorkspacePath(relativePath)) {
+            continue;
+        }
+        seen.add(relativePath);
+        const absolutePath = resolve(workspacePath, relativePath);
+        try {
+            const content = await readFile(absolutePath, "utf8");
+            if (content.includes("\u0000")) {
+                continue;
+            }
+            const remainingBytes = maxPatchContextTotalBytes - totalBytes;
+            const maxBytes = Math.min(maxPatchContextBytesPerFile, remainingBytes);
+            const sliced = content.slice(0, maxBytes);
+            totalBytes += Buffer.byteLength(sliced, "utf8");
+            selected.push({
+                path: relativePath,
+                content: sliced,
+                truncated: Buffer.byteLength(content, "utf8") > Buffer.byteLength(sliced, "utf8")
+            });
+        }
+        catch {
+            // Missing files from the AI plan are still useful as create candidates, but not as context.
+        }
+    }
+    return selected;
+}
+async function listTrackedWorkspaceFiles(workspacePath) {
+    const output = await runGit(workspacePath, ["ls-files"]);
+    return output
+        .split(/\r?\n/u)
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .filter((filePath) => !isSensitiveWorkspacePath(filePath))
+        .slice(0, 1000);
+}
+function tokenizePatchSearchText(value) {
+    return Array.from(new Set(value.toLowerCase().split(/[^a-z0-9]+/u).filter((token) => token.length >= 3))).slice(0, 20);
+}
+function buildStructuredPatchPrompt(session, workspacePath, contextFiles) {
+    const plan = session.plan;
+    const context = contextFiles.map((file) => [
+        `FILE: ${file.path}${file.truncated ? " (truncated)" : ""}`,
+        "```",
+        file.content,
+        "```"
+    ].join("\n")).join("\n\n");
+    return [
+        "You are OpenPome's implementation engine.",
+        "Return only compact JSON. Do not include markdown fences outside JSON.",
+        "Only propose a minimal safe file patch for the approved work item.",
+        "Do not include secrets, credentials, generated dependency folders, lockfile rewrites, or unrelated refactors.",
+        "Use full replacement file content for each proposed file.",
+        "Allowed JSON shape:",
+        "{\"summary\":\"...\",\"files\":[{\"path\":\"relative/path\",\"action\":\"create|update\",\"content\":\"full file content\"}],\"risks\":[\"...\"]}",
+        "",
+        "Work item:",
+        `- Key: ${session.workItem.key}`,
+        `- Type: ${session.workItem.type}`,
+        `- Status: ${session.workItem.status}`,
+        `- Title: ${session.workItem.title}`,
+        session.workItem.description ? `- Description: ${session.workItem.description}` : undefined,
+        session.workItem.priority ? `- Priority: ${session.workItem.priority}` : undefined,
+        session.workItem.labels?.length ? `- Labels: ${session.workItem.labels.join(", ")}` : undefined,
+        session.workItem.components?.length ? `- Components: ${session.workItem.components.join(", ")}` : undefined,
+        "",
+        "Approved plan:",
+        plan?.summary ? `- Summary: ${plan.summary}` : "- Summary: unavailable",
+        ...(plan?.steps.map((step) => `- ${step.title}${step.detail ? `: ${step.detail}` : ""}`) ?? []),
+        plan?.commandsToRun.length ? `- Checks: ${plan.commandsToRun.join(", ")}` : undefined,
+        "",
+        "Workspace:",
+        `- Path: ${workspacePath}`,
+        session.workspaceCandidate?.workspace.name ? `- Name: ${session.workspaceCandidate.workspace.name}` : undefined,
+        "",
+        "Readable context files:",
+        context || "No source files were safely included. You may propose small new files only if the task clearly asks for them."
+    ].filter((line) => Boolean(line)).join("\n");
+}
+function parseAIPatchProposal(value, session, provider, workspacePath, createdAt) {
+    const json = extractJsonObject(value);
+    if (!json) {
+        throw new Error(`${getModelProviderDisplayName(provider)} did not return a JSON patch proposal.`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(json);
+    }
+    catch {
+        throw new Error(`${getModelProviderDisplayName(provider)} returned invalid JSON for the patch proposal.`);
+    }
+    if (!Array.isArray(parsed.files)) {
+        throw new Error(`${getModelProviderDisplayName(provider)} patch proposal did not include files.`);
+    }
+    const files = parsed.files
+        .slice(0, maxPatchProposalFiles)
+        .map((file) => {
+        if (typeof file !== "object" || !file) {
+            return undefined;
+        }
+        const maybe = file;
+        if (typeof maybe.path !== "string" || typeof maybe.content !== "string") {
+            return undefined;
+        }
+        const relativePath = normalizeWorkspaceRelativePath(workspacePath, maybe.path, "throw");
+        const action = maybe.action === "create" ? "create" : "update";
+        const content = maybe.content;
+        if (!relativePath || isSensitiveWorkspacePath(relativePath) || content.includes("\u0000")) {
+            return undefined;
+        }
+        if (Buffer.byteLength(content, "utf8") > maxPatchProposalBytesPerFile) {
+            throw new Error(`AI patch proposal for ${relativePath} is too large.`);
+        }
+        return {
+            path: relativePath,
+            action,
+            content
+        };
+    })
+        .filter((file) => Boolean(file));
+    if (files.length === 0) {
+        throw new Error(`${getModelProviderDisplayName(provider)} did not propose any safe file changes.`);
+    }
+    return {
+        id: `patch_${createHash("sha256").update(`${session.session.id}:${provider}:${createdAt}`).digest("hex").slice(0, 12)}`,
+        createdAt,
+        provider,
+        summary: typeof parsed.summary === "string" && parsed.summary.trim() ? parsed.summary.trim() : `AI patch proposal for ${session.workItem.key}`,
+        files,
+        risks: stringArrayOr(parsed.risks, [])
+    };
+}
+function normalizeWorkspaceRelativePath(workspacePath, requestedPath, mode) {
+    const trimmed = requestedPath.trim();
+    if (!trimmed) {
+        return undefined;
+    }
+    const absolutePath = isAbsolute(trimmed) ? resolve(trimmed) : resolve(workspacePath, trimmed);
+    const relativePath = relative(workspacePath, absolutePath).replace(/\\/gu, "/");
+    const invalid = relativePath === "" || relativePath.startsWith("../") || relativePath === ".." || isAbsolute(relativePath);
+    if (invalid) {
+        if (mode === "throw") {
+            throw new Error(`AI patch path is outside the workspace: ${requestedPath}`);
+        }
+        return undefined;
+    }
+    return relativePath;
+}
+function isSensitiveWorkspacePath(filePath) {
+    const lower = filePath.toLowerCase();
+    if (lower.includes("/.git/") || lower.startsWith(".git/") || lower.includes("/node_modules/") || lower.startsWith("node_modules/")) {
+        return true;
+    }
+    return sensitivePathFragments.some((fragment) => lower === fragment || lower.includes(`/${fragment}`) || lower.endsWith(fragment));
+}
+async function applyPatchFiles(workspacePath, files) {
+    for (const file of files) {
+        const relativePath = normalizeWorkspaceRelativePath(workspacePath, file.path, "throw");
+        if (!relativePath || isSensitiveWorkspacePath(relativePath)) {
+            throw new Error(`Refusing to write unsafe AI patch path: ${file.path}`);
+        }
+        const absolutePath = resolve(workspacePath, relativePath);
+        await mkdir(dirname(absolutePath), { recursive: true });
+        await writeFile(absolutePath, file.content, "utf8");
+    }
+}
 async function discoverTestCommandCandidates(workspacePath) {
     const scripts = await readPackageScripts(join(workspacePath, "package.json"));
     const packageManager = detectPackageManager(workspacePath);
@@ -2028,7 +2551,24 @@ function createCommandApproval(session, candidate, now) {
         status: "approved"
     };
 }
-function buildPullRequestDraft(session, createdAt) {
+function createFileEditApproval(session, proposal, now, reason) {
+    return {
+        id: `approval_${createHash("sha256").update(`${session.session.id}:edit_files:${proposal.id}`).digest("hex").slice(0, 12)}`,
+        type: "edit_files",
+        title: `File edit approval for ${session.workItem.key}`,
+        reason,
+        details: [
+            `Session: ${session.session.id}`,
+            `Work item: ${session.workItem.key}`,
+            `Workspace: ${session.workspaceCandidate?.workspace.name ?? "unresolved"}`,
+            `Provider: ${getModelProviderDisplayName(proposal.provider)}`,
+            `Files: ${proposal.files.map((file) => `${file.action} ${file.path}`).join(", ")}`,
+            `Recorded at: ${now}`
+        ],
+        status: "pending"
+    };
+}
+function buildPullRequestDraft(session, createdAt, baseBranch = "main") {
     const workItem = session.workItem;
     const workspace = session.workspaceCandidate?.workspace;
     const title = `${workItem.key}: ${workItem.title}`;
@@ -2052,12 +2592,69 @@ function buildPullRequestDraft(session, createdAt) {
     return {
         title,
         body,
-        baseBranch: "main",
-        headBranch: session.session.branchName ?? `openpome/${workItem.key.toLowerCase()}`,
+        baseBranch,
+        headBranch: selectPullRequestBranchName(session),
         remoteUrl: workspace?.remoteUrls[0],
         createdAt
     };
 }
+function selectPullRequestBranchName(session) {
+    const currentBranch = session.session.branchName?.trim();
+    if (currentBranch && !["main", "master", "develop", "development"].includes(currentBranch)) {
+        return currentBranch;
+    }
+    const slug = session.workItem.title
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/gu, "-")
+        .replace(/^-|-$/gu, "")
+        .slice(0, 48);
+    return `openpome/${session.workItem.key.toLowerCase()}${slug ? `-${slug}` : ""}`;
+}
+async function ensurePullRequestBranch(workspacePath, branch) {
+    const currentBranch = (await runGit(workspacePath, ["branch", "--show-current"])).trim();
+    if (currentBranch !== branch) {
+        await runGitStrict(workspacePath, ["checkout", "-B", branch]);
+    }
+    return branch;
+}
+async function hasWorkspaceChanges(workspacePath) {
+    const output = await runGit(workspacePath, ["status", "--porcelain"]);
+    return output.trim().length > 0;
+}
+async function detectPullRequestBaseBranch(workspacePath) {
+    const originHead = (await runGit(workspacePath, ["symbolic-ref", "refs/remotes/origin/HEAD", "--short"])).trim();
+    if (originHead.startsWith("origin/")) {
+        return originHead.slice("origin/".length);
+    }
+    const remoteDefault = await runGit(workspacePath, ["remote", "show", "origin"]);
+    const headLine = remoteDefault
+        .split(/\r?\n/u)
+        .map((line) => line.trim())
+        .find((line) => line.startsWith("HEAD branch:"));
+    const headBranch = headLine?.replace("HEAD branch:", "").trim();
+    return headBranch || "main";
+}
+function hasPassedTestEvidence(session) {
+    return (session.testRunEvidence ?? []).some((run) => run.status === "passed");
+}
+async function runGitStrict(cwd, args) {
+    return execFileStrict("git", args, cwd);
+}
+async function execFileStrict(command, args, cwd) {
+    try {
+        const result = await execFileAsync(command, args, {
+            cwd,
+            timeout: 2 * 60 * 1000,
+            maxBuffer: 1024 * 1024,
+            windowsHide: true
+        });
+        return result.stdout;
+    }
+    catch (error) {
+        const detail = summarizeExecError(error);
+        throw new Error(`${command} ${args.join(" ")} failed${detail ? `: ${detail}` : "."}`);
+    }
+}
 function buildWorkItemUpdateDraft(session, createdAt) {
     const lines = [
         `OpenPome update for ${session.workItem.key}`,
@@ -2257,21 +2854,22 @@ function summarizeExecError(error) {
     const message = typeof maybeError.message === "string" ? maybeError.message : "";
     return stderr || stdout || message || undefined;
 }
-async function createExternalActionGuard(action) {
-    const paths = getOpenPomePaths();
-    const persisted = await readActiveTaskSessionIfPresent(paths.homeDirectory);
+function createExternalActionApproval(session, type, now, details) {
     return {
-        active: Boolean(persisted),
-        sessionFile: getActiveTaskSessionFile(paths.homeDirectory),
-        session: persisted?.session,
-        action,
-        allowed: false,
-        detail: action === "create_pr"
-            ? "PR creation is not enabled in this alpha. Use `pome pr draft` and create the PR manually."
-            : "Work item update posting is not enabled in this alpha. Use `pome work-item update-draft` and post manually.",
-        nextStep: action === "create_pr"
-            ? "Run `pome pr draft`, review the body, then create the PR yourself."
-            : "Run `pome work-item update-draft`, review the body, then post the comment yourself."
+        id: `approval_${createHash("sha256").update(`${session.session.id}:${type}:${now}`).digest("hex").slice(0, 12)}`,
+        type,
+        title: type === "create_pr" ? `PR creation approval for ${session.workItem.key}` : `Work item update approval for ${session.workItem.key}`,
+        reason: type === "create_pr"
+            ? "Developer explicitly requested OpenPome to create the GitHub pull request."
+            : "Developer explicitly requested OpenPome to post the work item update.",
+        details: [
+            `Session: ${session.session.id}`,
+            `Work item: ${session.workItem.key}`,
+            `Workspace: ${session.workspaceCandidate?.workspace.name ?? "unresolved"}`,
+            ...details,
+            `Recorded at: ${now}`
+        ],
+        status: "approved"
     };
 }
 function createPlanApproval(session, status, now, reason = "Developer reviewed the implementation plan.") {