@oscharko-dev/keiko 0.1.0-beta.0

package/dist/workflows/bug-investigation/internal.js

@@ -0,0 +1,64 @@
+// Shared internal types and small pure helpers used across the bug-investigation pipeline stages
+// (the model loop, the verify stage, the report stages). Kept private to the module — none of these
+// are re-exported from index.ts. Splitting them out keeps each pipeline file under the LOC limit
+// while leaving a single source of truth for the resolved BugRunState and the loop result shape.
+import { createBugEventEmitter } from "./emit.js";
+import { DEFAULT_BUG_WORKFLOW_LIMITS, } from "./types.js";
+// A no-op sink used when the caller injects none. emit is synchronous (ADR-0004 EventSink contract).
+export const NO_OP_SINK = { emit: () => undefined };
+// The zero-progress loop used to assemble a cancelled/failed report before the model loop ran.
+export const EMPTY_BUG_LOOP = {
+    accepted: undefined,
+    investigationOnly: undefined,
+    modelCallCount: 0,
+    patchRetryCount: 0,
+    lastRejectionCode: undefined,
+};
+export function resolveBugLimits(input) {
+    return { ...DEFAULT_BUG_WORKFLOW_LIMITS, ...input.limits };
+}
+// The #6 PatchLimits view derived from the resolved workflow limits (D6 bound 1). Passed into
+// validatePatch/applyPatch via their `limits` override seam — #6's defaults stay untouched.
+export function patchLimitsFrom(limits) {
+    return {
+        maxFilesChanged: limits.maxFilesChanged,
+        maxChangedLines: limits.maxChangedLines,
+        maxPatchBytes: limits.maxPatchBytes,
+    };
+}
+export function buildBugRunState(input, deps, fingerprint) {
+    const now = deps.now ?? Date.now;
+    const idSource = deps.idSource ?? (() => crypto.randomUUID());
+    return {
+        input,
+        deps,
+        limits: resolveBugLimits(input),
+        signal: deps.signal ?? new AbortController().signal,
+        now,
+        emitter: createBugEventEmitter(deps.sink ?? NO_OP_SINK, idSource(), fingerprint, now),
+        startedAt: now(),
+        progress: { modelCallCount: 0, patchRetryCount: 0 },
+    };
+}
+// UI-renderable next actions for the report. Pure. `elevated` lists changed manifest/config paths
+// that warrant elevated review (D6).
+export function nextActionsFor(applied, files, elevated) {
+    const first = files[0] ?? "the proposed fix";
+    const base = applied
+        ? [`Review the applied fix in ${first}`, "Run `keiko verify` to confirm the suite is green"]
+        : [`Review the proposed fix for ${first}`, "Re-run with --apply to write the fix and verify"];
+    if (elevated.length > 0) {
+        return [
+            ...base,
+            `This fix modifies build/manifest configuration (${elevated.join(", ")}) — review with elevated scrutiny before applying`,
+        ];
+    }
+    return base;
+}
+// The next-actions list for the investigation-only outcome (no patch produced).
+export function investigationNextActions() {
+    return [
+        "No safe fix was proposed; review the root-cause hypothesis and uncertainty",
+        "Provide more evidence (full failing output, stack trace, or suspected files) and re-run",
+    ];
+}

package/dist/workflows/bug-investigation/model-loop.d.ts

@@ -0,0 +1,4 @@
+import type { ContextPack, WorkspaceInfo } from "../../workspace/index.js";
+import { type BugModelLoopResult, type BugRunState } from "./internal.js";
+import type { BugReportInput, FailureEvidence } from "./types.js";
+export declare function runBugModelLoop(state: BugRunState, workspace: WorkspaceInfo, report: BugReportInput, evidence: FailureEvidence, pack: ContextPack): Promise<BugModelLoopResult>;

package/dist/workflows/bug-investigation/model-loop.js

@@ -0,0 +1,223 @@
+// The bounded model/validate/scope-guard retry loop (ADR-0009 D6/D10). Each attempt builds the
+// prompt, calls the injected ModelPort, parses the output, and classifies the result. The KEY
+// behavioural difference from #8: an EMPTY diff with a root-cause hypothesis is a VALID
+// investigation-only outcome (NOT a retry); only a malformed/oversized/out-of-scope NON-empty patch
+// retries. The change budget (D6 bound 1) is enforced by passing a workflow-owned PatchLimits into
+// #6 validatePatch; the sensitive-path guard (D6 bound 2) runs on validation.files[].path. The
+// model call is the one IO boundary here; its failure propagates to the workflow catch boundary.
+import { nodeWorkspaceFs } from "../../workspace/fs.js";
+import { validatePatch } from "../../tools/index.js";
+import { isTestPath } from "../unit-tests/conventions.js";
+import { isSensitivePath } from "./guard.js";
+import { parseBugModelOutputCandidates } from "./parse.js";
+import { buildBugPrompt } from "./prompt.js";
+import { patchLimitsFrom, } from "./internal.js";
+// The sensitive-path scope guard (D6 bound 2): every changed path must NOT be sensitive. Returns
+// "out-of-scope" when any path is traversal/.github/.husky/lockfile, else undefined. The change
+// budget (bound 1) is enforced by #6 itself via the limits passed to validatePatch.
+function scopeGuard(validation) {
+    const offending = validation.files.some((file) => isSensitivePath(file.path));
+    return offending ? "out-of-scope" : undefined;
+}
+function emitValidation(state, validation, code) {
+    const ok = code === undefined && validation.ok;
+    state.emitter.emit({
+        type: "bug:patch:validated",
+        ok,
+        patchBytes: validation.totalBytes,
+        filesChanged: validation.files.length,
+        ...(ok ? {} : { rejectionCode: code ?? validation.reasons[0]?.code }),
+    });
+}
+function hypothesisOf(parsed) {
+    return {
+        rootCause: parsed.rootCause,
+        regressionTestStrategy: parsed.regressionTestStrategy,
+        uncertainty: parsed.uncertainty,
+        confidence: parsed.confidence,
+    };
+}
+// True when the parsed output carries at least one prose section (any hypothesis content).
+function hasProse(parsed) {
+    return (parsed.rootCause !== undefined ||
+        parsed.regressionTestStrategy !== undefined ||
+        parsed.uncertainty !== undefined ||
+        parsed.confidence !== undefined);
+}
+async function callModel(state, messages, attempt, contextBytes) {
+    state.progress.modelCallCount = Math.max(state.progress.modelCallCount, attempt);
+    state.emitter.emit({ type: "bug:model:call:started", attempt, contextBytes });
+    const response = await state.deps.model.call({ modelId: state.input.modelId, messages }, state.signal);
+    state.emitter.emit({
+        type: "bug:model:call:completed",
+        attempt,
+        finishReason: response.finishReason,
+        promptTokens: response.usage.promptTokens,
+        completionTokens: response.usage.completionTokens,
+        latencyMs: response.usage.latencyMs,
+    });
+    return response.content;
+}
+function classifyEmptyDiff(parsed) {
+    // Empty diff + a hypothesis -> investigation-only (NOT a retry). Empty diff + no prose -> retry.
+    if (hasProse(parsed)) {
+        return {
+            accepted: undefined,
+            investigationOnly: hypothesisOf(parsed),
+            rejectionCode: undefined,
+            rejectionReason: undefined,
+        };
+    }
+    return {
+        accepted: undefined,
+        investigationOnly: undefined,
+        rejectionCode: "empty",
+        rejectionReason: "empty: no diff or root-cause hypothesis was provided",
+    };
+}
+function validationRejectionReason(validation, code) {
+    if (code === undefined) {
+        return undefined;
+    }
+    const message = validation.reasons[0]?.message;
+    if (message !== undefined) {
+        return `${code}: ${message}`;
+    }
+    if (code === "test-only") {
+        return "test-only: a source bug fix must include a minimal non-test source change; tests may be added in the same diff";
+    }
+    const conflict = validation.conflicts[0];
+    if (conflict !== undefined) {
+        return `${code}: ${conflict.path} hunk#${String(conflict.hunkIndex)} ${conflict.reason}`;
+    }
+    return code;
+}
+function sourceBugRequiresSourcePatch(workspace, report, evidence) {
+    const paths = [
+        ...(report.targetFiles ?? []),
+        ...evidence.frames.map((frame) => frame.file),
+    ];
+    return paths.some((path) => !isTestPath(workspace, path));
+}
+function semanticGuard(workspace, validation, requiresSourcePatch) {
+    if (validation.files.length === 0) {
+        return "malformed";
+    }
+    const scopeCode = scopeGuard(validation);
+    if (scopeCode !== undefined) {
+        return scopeCode;
+    }
+    return requiresSourcePatch && validation.files.every((file) => isTestPath(workspace, file.path))
+        ? "test-only"
+        : undefined;
+}
+function emptyParsedOutput() {
+    return {
+        diff: "",
+        rootCause: undefined,
+        regressionTestStrategy: undefined,
+        uncertainty: undefined,
+        confidence: undefined,
+    };
+}
+function classifyValidated(workspace, parsed, validation, requiresSourcePatch) {
+    const guardCode = validation.ok
+        ? semanticGuard(workspace, validation, requiresSourcePatch)
+        : validation.reasons[0]?.code;
+    if (validation.ok && guardCode === undefined) {
+        const accepted = {
+            diff: parsed.diff,
+            validation,
+            hypothesis: hypothesisOf(parsed),
+        };
+        return {
+            accepted,
+            investigationOnly: undefined,
+            rejectionCode: undefined,
+            rejectionReason: undefined,
+        };
+    }
+    const rejectionCode = guardCode ?? "malformed";
+    return {
+        accepted: undefined,
+        investigationOnly: undefined,
+        rejectionCode,
+        rejectionReason: validationRejectionReason(validation, rejectionCode),
+    };
+}
+function validateCandidate(state, workspace, parsed, requiresSourcePatch) {
+    const validation = validatePatch(workspace, parsed.diff, {
+        fs: state.deps.fs ?? nodeWorkspaceFs,
+        limits: patchLimitsFrom(state.limits),
+    });
+    const result = classifyValidated(workspace, { ...parsed, diff: validation.normalizedDiff ?? parsed.diff }, validation, requiresSourcePatch);
+    return { result, validation };
+}
+function classifyPatchCandidates(state, workspace, report, evidence, candidates) {
+    const patchCandidates = candidates.filter((candidate) => candidate.diff.length > 0);
+    if (patchCandidates.length === 0) {
+        return classifyEmptyDiff(candidates[0] ?? emptyParsedOutput());
+    }
+    const requiresSourcePatch = sourceBugRequiresSourcePatch(workspace, report, evidence);
+    let last;
+    for (const parsed of patchCandidates) {
+        const next = validateCandidate(state, workspace, parsed, requiresSourcePatch);
+        if (next.result.accepted !== undefined) {
+            emitValidation(state, next.validation, next.result.rejectionCode);
+            return next.result;
+        }
+        last = next;
+    }
+    if (last === undefined) {
+        return classifyEmptyDiff(emptyParsedOutput());
+    }
+    emitValidation(state, last.validation, last.result.rejectionCode);
+    return last.result;
+}
+async function attemptOnce(state, workspace, report, evidence, pack, attempt, rejectionReason) {
+    const messages = buildBugPrompt(report, evidence, pack, workspace.testFramework, rejectionReason);
+    const content = await callModel(state, messages, attempt, pack.usedBytes);
+    const candidates = parseBugModelOutputCandidates(content);
+    state.emitter.emit({
+        type: "bug:rootcause:proposed",
+        hasPatch: candidates.some((candidate) => candidate.diff.length > 0),
+        ...(candidates[0]?.confidence === undefined ? {} : { confidence: candidates[0].confidence }),
+    });
+    return classifyPatchCandidates(state, workspace, report, evidence, candidates);
+}
+// True when the attempt produced a terminal outcome (accepted patch or investigation-only); a
+// retryable rejection is the only non-terminal case.
+function isTerminal(result) {
+    return result.accepted !== undefined || result.investigationOnly !== undefined;
+}
+export async function runBugModelLoop(state, workspace, report, evidence, pack) {
+    let modelCallCount = 0;
+    let patchRetryCount = 0;
+    let rejectionReason;
+    let lastRejectionCode;
+    while (modelCallCount < state.limits.maxModelCalls &&
+        patchRetryCount <= state.limits.maxRetries) {
+        modelCallCount += 1;
+        const r = await attemptOnce(state, workspace, report, evidence, pack, modelCallCount, rejectionReason);
+        if (isTerminal(r)) {
+            return {
+                accepted: r.accepted,
+                investigationOnly: r.investigationOnly,
+                modelCallCount,
+                patchRetryCount,
+                lastRejectionCode: undefined,
+            };
+        }
+        patchRetryCount += 1;
+        state.progress.patchRetryCount = patchRetryCount;
+        lastRejectionCode = r.rejectionCode;
+        rejectionReason = r.rejectionReason ?? r.rejectionCode;
+    }
+    return {
+        accepted: undefined,
+        investigationOnly: undefined,
+        modelCallCount,
+        patchRetryCount,
+        lastRejectionCode,
+    };
+}

package/dist/workflows/bug-investigation/parse.d.ts

@@ -0,0 +1,3 @@
+import type { ParsedBugOutput } from "./types.js";
+export declare function parseBugModelOutput(content: string): ParsedBugOutput;
+export declare function parseBugModelOutputCandidates(content: string): readonly ParsedBugOutput[];

package/dist/workflows/bug-investigation/parse.js

@@ -0,0 +1,123 @@
+// Defensive parser for the model-output contract (ADR-0009 D9). The model is instructed (see
+// prompt.ts) to emit an OPTIONAL fenced ```diff block followed by labeled prose sections
+// `## Root cause`, `## Regression test`, `## Uncertainty`, `## Confidence`. This parser extracts
+// those parts WITHOUT trusting the model to comply: a missing diff yields an empty string (a valid
+// investigation-only signal, D10) and any missing section yields undefined. All extraction uses
+// plain string ops (line splitting, startsWith, trim, toLowerCase) — ZERO regex, so there is no
+// ReDoS surface. Redaction happens at the report boundary, not here.
+const FENCE = "```";
+const ROOT_CAUSE_HEADING = "## root cause";
+const REGRESSION_HEADING = "## regression test";
+const UNCERTAINTY_HEADING = "## uncertainty";
+const CONFIDENCE_HEADING = "## confidence";
+const CONFIDENCE_LEVELS = ["high", "medium", "low"];
+function isFence(line) {
+    return line.trimStart().startsWith(FENCE);
+}
+function isDiffFence(line) {
+    const trimmed = line.trimStart();
+    return trimmed.startsWith("```diff") || trimmed.startsWith("```patch");
+}
+function closeFenceIndex(lines, openIndex) {
+    const closeIndex = lines.findIndex((line, idx) => idx > openIndex && isFence(line));
+    return closeIndex === -1 ? undefined : closeIndex;
+}
+function fenceBody(lines, openIndex, closeIndex) {
+    const bodyLines = closeIndex === undefined ? lines.slice(openIndex + 1) : lines.slice(openIndex + 1, closeIndex);
+    return bodyLines.join("\n").trim();
+}
+function appendNonDiffFence(restLines, lines, openIndex, closeIndex) {
+    restLines.push(...lines.slice(openIndex, closeIndex === undefined ? lines.length : closeIndex + 1));
+}
+function nextFenceScanIndex(lines, closeIndex) {
+    return closeIndex === undefined ? lines.length : closeIndex + 1;
+}
+// Returns the contents of the first fenced block that is explicitly a diff/patch fence or whose
+// body starts like a unified diff. Other Markdown code examples before the patch are ignored.
+// When the content has NO diff fence AND does not look like a diff, the whole content is treated as
+// prose (empty diff) so prose-only investigation output parses cleanly.
+function extractFencedDiffs(content) {
+    const lines = content.split("\n");
+    let openIndex = 0;
+    const diffs = [];
+    const restLines = [];
+    while (openIndex < lines.length) {
+        const line = lines[openIndex] ?? "";
+        if (!isFence(line)) {
+            restLines.push(line);
+            openIndex += 1;
+            continue;
+        }
+        const closeIndex = closeFenceIndex(lines, openIndex);
+        const body = fenceBody(lines, openIndex, closeIndex);
+        if (isDiffFence(lines[openIndex] ?? "") || looksLikeDiff(body)) {
+            diffs.push(body);
+        }
+        else {
+            appendNonDiffFence(restLines, lines, openIndex, closeIndex);
+        }
+        openIndex = nextFenceScanIndex(lines, closeIndex);
+    }
+    if (diffs.length > 0) {
+        return { diffs, rest: restLines.join("\n") };
+    }
+    // No recognised diff fence: if the whole content looks like a raw diff, treat it as one;
+    // otherwise it is prose.
+    return looksLikeDiff(content) ? { diffs: [content.trim()], rest: "" } : { diffs: [""], rest: content };
+}
+// A cheap unfenced-diff heuristic: a unified diff begins with a `diff --git`, `--- `, or `+++ `
+// marker. Used only for the no-fence fallback. Plain prefix checks; no regex.
+function looksLikeDiff(content) {
+    const trimmed = content.trimStart();
+    return (trimmed.startsWith("diff --git") || trimmed.startsWith("--- ") || trimmed.startsWith("+++ "));
+}
+// Extracts the body of a labeled section: lines after the matching `## heading` up to the next
+// `## ` heading (or end). Returns undefined when the heading is absent or the body is empty.
+function extractSection(text, heading) {
+    const lines = text.split("\n");
+    const start = lines.findIndex((line) => line.trim().toLowerCase() === heading);
+    if (start === -1) {
+        return undefined;
+    }
+    const body = [];
+    for (const line of lines.slice(start + 1)) {
+        if (line.trim().startsWith("## ")) {
+            break;
+        }
+        body.push(line);
+    }
+    const joined = body.join("\n").trim();
+    return joined.length === 0 ? undefined : joined;
+}
+// Parses a confidence level from the section body: the first of high/medium/low it contains
+// (lower-cased). Returns undefined when the section is absent or names no known level.
+function parseConfidence(rest) {
+    const body = extractSection(rest, CONFIDENCE_HEADING);
+    if (body === undefined) {
+        return undefined;
+    }
+    const lower = body.toLowerCase();
+    return CONFIDENCE_LEVELS.find((level) => lower.includes(level));
+}
+export function parseBugModelOutput(content) {
+    return parseBugModelOutputCandidates(content)[0] ?? {
+        diff: "",
+        rootCause: undefined,
+        regressionTestStrategy: undefined,
+        uncertainty: undefined,
+        confidence: undefined,
+    };
+}
+export function parseBugModelOutputCandidates(content) {
+    const { diffs, rest } = extractFencedDiffs(content);
+    const base = {
+        rootCause: extractSection(rest, ROOT_CAUSE_HEADING),
+        regressionTestStrategy: extractSection(rest, REGRESSION_HEADING),
+        uncertainty: extractSection(rest, UNCERTAINTY_HEADING),
+        confidence: parseConfidence(rest),
+    };
+    return diffs.map((diff) => ({
+        diff,
+        ...base,
+    }));
+}

package/dist/workflows/bug-investigation/prompt.d.ts

@@ -0,0 +1,4 @@
+import type { ChatMessage } from "../../gateway/types.js";
+import type { ContextPack } from "../../workspace/index.js";
+import type { BugReportInput, FailureEvidence } from "./types.js";
+export declare function buildBugPrompt(report: BugReportInput, evidence: FailureEvidence, pack: ContextPack, framework: string, rejectionReason?: string): readonly ChatMessage[];

package/dist/workflows/bug-investigation/prompt.js

@@ -0,0 +1,107 @@
+// Prompt construction (ADR-0009 D9). Builds the system + user ChatMessage array for the single
+// investigation call. PURE: no IO, no clock, no randomness — the same inputs always yield the same
+// messages. The system message specifies the model-output contract (an OPTIONAL fenced ```diff
+// block plus labeled prose sections) that parse.ts consumes, and explicitly tells the model to OMIT
+// the diff when evidence is insufficient (the investigation-only outcome, D10). Context excerpts and
+// failure messages handed in may originate from CLI/UI input, so every free-text report field is
+// redacted and byte-capped before it enters the model prompt.
+import { TextDecoder } from "node:util";
+import { redact } from "../../gateway/redaction.js";
+const MAX_PROMPT_TEXT_BYTES = 16_384;
+const REDACTION_LOOKAHEAD_BYTES = 512;
+const OUTPUT_CONTRACT = "Respond with an OPTIONAL minimal fix as a unified diff inside a single fenced code block opened " +
+    "with ```diff and closed with ```. Touch only what is necessary; you MAY add a regression test " +
+    "in the same diff. For a source-file bug, the diff MUST include at least one non-test source " +
+    "change; a regression test alone is NOT a fix and will be rejected. After the block, add these prose sections: `## Root cause`, " +
+    "`## Regression test`, `## Uncertainty`, `## Confidence` (one of low/medium/high). If the " +
+    "evidence is INSUFFICIENT to propose a safe fix, OMIT the diff entirely and explain in " +
+    "`## Uncertainty` what additional information is needed — do NOT invent a fix. When you include " +
+    "a diff, the first non-empty line inside the fence MUST be `--- a/<path>` or `--- /dev/null`, " +
+    "followed by `+++ b/<path>` and at least one `@@` hunk. Do not output `*** Begin Patch`, file " +
+    "trees, prose, or escaped newline markers like `\\n+`/`\\n-` inside the diff fence; every diff " +
+    "line must be separated by a real newline. If you include a diff, it must be the FIRST fenced " +
+    "code block in the response. Do not include code examples, TypeScript snippets, or alternative " +
+    "patches in any other fence; output exactly one diff fence followed by the required prose sections.";
+const SCOPE_RULE = "The fix must be minimal and must NOT modify CI configuration (.github/), git hooks (.husky/), " +
+    "lockfiles, or unrelated files.";
+function systemContent(framework) {
+    return [
+        "You are a senior engineer performing root-cause analysis on a reported bug.",
+        `Test framework: ${framework}.`,
+        "Ground your hypothesis in the provided evidence; distinguish what the evidence shows from what you infer.",
+        SCOPE_RULE,
+        OUTPUT_CONTRACT,
+    ].join("\n");
+}
+function descriptionBlock(description) {
+    const safe = safePromptText(description);
+    return safe !== undefined
+        ? `Bug description:\n${safe}`
+        : "No free-text description was provided.";
+}
+function clampToBytes(text, maxBytes) {
+    if (Buffer.byteLength(text, "utf8") <= maxBytes) {
+        return { text, truncated: false };
+    }
+    const buffer = Buffer.from(text, "utf8").subarray(0, maxBytes);
+    const decoded = new TextDecoder("utf-8", { fatal: false }).decode(buffer).replace(/�+$/u, "");
+    return { text: `${decoded}\n[TRUNCATED]`, truncated: true };
+}
+function safePromptText(value) {
+    if (value === undefined) {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+        return undefined;
+    }
+    const bounded = clampToBytes(trimmed, MAX_PROMPT_TEXT_BYTES + REDACTION_LOOKAHEAD_BYTES).text;
+    return clampToBytes(redact(bounded), MAX_PROMPT_TEXT_BYTES).text;
+}
+function evidenceBlock(report, evidence) {
+    const parts = [];
+    const failingOutput = safePromptText(report.failingOutput);
+    if (failingOutput !== undefined) {
+        parts.push(`Failing output:\n${failingOutput}`);
+    }
+    const stackTrace = safePromptText(report.stackTrace);
+    if (stackTrace !== undefined) {
+        parts.push(`Stack trace:\n${stackTrace}`);
+    }
+    if (evidence.frames.length > 0) {
+        const frames = evidence.frames
+            .map((frame) => frame.line === undefined ? frame.file : `${frame.file}:${String(frame.line)}`)
+            .join(", ");
+        parts.push(`Implicated locations: ${frames}`);
+    }
+    return parts.join("\n\n");
+}
+function contextBlock(pack) {
+    if (pack.selected.length === 0) {
+        return "";
+    }
+    const entries = pack.selected
+        .map((entry) => `--- ${entry.path} ---\n${entry.excerpt}`)
+        .join("\n\n");
+    return `\n\nRepository context:\n${entries}`;
+}
+function retryBlock(rejectionReason) {
+    const safe = safePromptText(rejectionReason);
+    return safe === undefined
+        ? ""
+        : `\n\nThe previous diff was rejected: ${safe}. Produce a corrected, in-scope ` +
+            "minimal diff, or omit the diff if no safe fix is possible.";
+}
+function userContent(report, evidence, pack, rejectionReason) {
+    const evidenceText = evidenceBlock(report, evidence);
+    const evidenceSection = evidenceText.length === 0 ? "" : `\n\n${evidenceText}`;
+    return `${descriptionBlock(report.description)}${evidenceSection}${contextBlock(pack)}${retryBlock(rejectionReason)}`;
+}
+// rejectionReason is appended on a retry (D10) so the model can correct an invalid/out-of-scope
+// diff; it is undefined on the first attempt.
+export function buildBugPrompt(report, evidence, pack, framework, rejectionReason) {
+    return [
+        { role: "system", content: systemContent(framework) },
+        { role: "user", content: userContent(report, evidence, pack, rejectionReason) },
+    ];
+}

package/dist/workflows/bug-investigation/report.d.ts

@@ -0,0 +1,23 @@
+import type { PatchFileChange } from "../../tools/index.js";
+import type { VerificationAuditSummary } from "../../verification/index.js";
+import type { BugInvestigationReport, BugWorkflowStatus, FailureFrame, Hypothesis } from "./types.js";
+export interface BugReportParts {
+    readonly status: BugWorkflowStatus;
+    readonly modelId: string;
+    readonly durationMs: number;
+    readonly patchFiles: readonly PatchFileChange[];
+    readonly patchValidates: boolean;
+    readonly patchApplied: boolean;
+    readonly verification: VerificationAuditSummary | undefined;
+    readonly failureFrames: readonly FailureFrame[];
+    readonly hypothesis: Hypothesis;
+    readonly proposedDiff: string | undefined;
+    readonly dryRunPreview: string | undefined;
+    readonly verificationSkipReason: string | undefined;
+    readonly nextActions: readonly string[];
+    readonly failureReason?: string | undefined;
+    readonly modelCallCount: number;
+    readonly patchRetryCount: number;
+}
+export declare function assembleBugReport(parts: BugReportParts): BugInvestigationReport;
+export declare function renderBugMarkdownReport(report: BugInvestigationReport): string;