@oss-autopilot/core 0.44.0 → 0.44.1

package/dist/commands/dashboard-server.js

@@ -10,11 +10,18 @@ import * as fs from 'fs';
 import * as path from 'path';
 import { getStateManager, getGitHubToken, getDataDir } from '../core/index.js';
 import { errorMessage, ValidationError } from '../core/errors.js';
-import { validateUrl, validateGitHubUrl, validateMessage, PR_URL_PATTERN } from './validation.js';
+import { validateUrl, validateGitHubUrl, validateMessage, PR_URL_PATTERN, ISSUE_OR_PR_URL_PATTERN, } from './validation.js';
 import { fetchDashboardData, computePRsByRepo, computeTopRepos, getMonthlyData, buildDashboardStats, } from './dashboard-data.js';
 import { openInBrowser } from './startup.js';
 // ── Constants ────────────────────────────────────────────────────────────────
-const VALID_ACTIONS = new Set(['shelve', 'unshelve', 'snooze', 'unsnooze']);
+const VALID_ACTIONS = new Set([
+    'shelve',
+    'unshelve',
+    'snooze',
+    'unsnooze',
+    'dismiss',
+    'undismiss',
+]);
 const MAX_BODY_BYTES = 10_240;
 const MIME_TYPES = {
     '.html': 'text/html',
@@ -125,6 +132,7 @@ function buildDashboardJson(digest, state, commentedIssues) {
         monthlyClosed,
         activePRs: digest.openPRs || [],
         shelvedPRUrls: state.config.shelvedPRUrls || [],
+        dismissedUrls: Object.keys(state.config.dismissedIssues || {}),
         recentlyMergedPRs: digest.recentlyMergedPRs || [],
         recentlyClosedPRs: digest.recentlyClosedPRs || [],
         autoUnshelvedPRs: digest.autoUnshelvedPRs || [],
@@ -257,10 +265,14 @@ export async function startDashboardServer(options) {
             sendError(res, 400, 'Missing or invalid "url" field');
             return;
         }
-        // Validate URL format — same checks as CLI commands
+        // Validate URL format — same checks as CLI commands.
+        // Dismiss/undismiss accepts both PR and issue URLs; other actions are PR-only.
+        const isDismissAction = body.action === 'dismiss' || body.action === 'undismiss';
+        const urlPattern = isDismissAction ? ISSUE_OR_PR_URL_PATTERN : PR_URL_PATTERN;
+        const urlType = isDismissAction ? 'issue or PR' : 'PR';
         try {
             validateUrl(body.url);
-            validateGitHubUrl(body.url, PR_URL_PATTERN, 'PR');
+            validateGitHubUrl(body.url, urlPattern, urlType);
         }
         catch (err) {
             if (err instanceof ValidationError) {
@@ -299,6 +311,7 @@ export async function startDashboardServer(options) {
             switch (body.action) {
                 case 'shelve':
                     stateManager.shelvePR(body.url);
+                    stateManager.undismissIssue(body.url); // prevent dual state
                     break;
                 case 'unshelve':
                     stateManager.unshelvePR(body.url);
@@ -309,6 +322,13 @@ export async function startDashboardServer(options) {
                 case 'unsnooze':
                     stateManager.unsnoozePR(body.url);
                     break;
+                case 'dismiss':
+                    stateManager.dismissIssue(body.url, new Date().toISOString());
+                    stateManager.unshelvePR(body.url); // prevent dual state
+                    break;
+                case 'undismiss':
+                    stateManager.undismissIssue(body.url);
+                    break;
             }
             stateManager.save();
         }

package/dist/core/display-utils.js

@@ -35,7 +35,14 @@ const STATUS_DISPLAY = {
     },
     ci_blocked: {
         label: '[CI Blocked]',
-        description: () => 'CI cannot run (first-time contributor approval needed)',
+        description: (pr) => {
+            const checks = pr.classifiedChecks || [];
+            if (checks.length > 0 && checks.every((c) => c.category !== 'actionable')) {
+                const categories = [...new Set(checks.map((c) => c.category))];
+                return `All failing checks are non-actionable (${categories.join(', ')})`;
+            }
+            return 'CI checks are failing but no action is needed from you';
+        },
     },
     ci_not_running: {
         label: '[CI Not Running]',

package/dist/core/http-cache.d.ts

@@ -101,3 +101,13 @@ export declare function cachedRequest<T>(cache: HttpCache, url: string, fetcher:
     data: T;
     headers?: Record<string, string>;
 }>): Promise<T>;
+/**
+ * Time-based cache wrapper (no ETag / conditional requests).
+ *
+ * If a cached result exists and is younger than `maxAgeMs`, returns it.
+ * Otherwise calls `fetcher`, caches the result, and returns it.
+ *
+ * Use this for expensive operations whose results change slowly
+ * (e.g. search queries, project health checks).
+ */
+export declare function cachedTimeBased<T>(cache: HttpCache, key: string, maxAgeMs: number, fetcher: () => Promise<T>): Promise<T>;

package/dist/core/http-cache.js

@@ -272,6 +272,25 @@ export async function cachedRequest(cache, url, fetcher) {
         cleanup();
     }
 }
+/**
+ * Time-based cache wrapper (no ETag / conditional requests).
+ *
+ * If a cached result exists and is younger than `maxAgeMs`, returns it.
+ * Otherwise calls `fetcher`, caches the result, and returns it.
+ *
+ * Use this for expensive operations whose results change slowly
+ * (e.g. search queries, project health checks).
+ */
+export async function cachedTimeBased(cache, key, maxAgeMs, fetcher) {
+    const cached = cache.getIfFresh(key, maxAgeMs);
+    if (cached) {
+        debug(MODULE, `Time-based cache hit for ${key}`);
+        return cached;
+    }
+    const result = await fetcher();
+    cache.set(key, '', result);
+    return result;
+}
 /**
  * Detect whether an error is a 304 Not Modified response.
  * Octokit throws a RequestError with status 304 for conditional requests.

package/dist/core/issue-discovery.d.ts

@@ -20,6 +20,12 @@ export declare class IssueDiscovery {
     /** Set after searchIssues() runs if rate limits affected the search (low pre-flight quota or mid-search rate limit hits). */
     rateLimitWarning: string | null;
     constructor(githubToken: string);
+    /**
+     * Wrap octokit.search.issuesAndPullRequests with time-based caching.
+     * Repeated identical queries within SEARCH_CACHE_TTL_MS return cached results
+     * without consuming GitHub API rate limit points.
+     */
+    private cachedSearch;
     /**
      * Fetch the authenticated user's starred repositories from GitHub.
      * Updates the state manager with the list and timestamp.

package/dist/core/issue-discovery.js

@@ -14,6 +14,7 @@ import { daysBetween, getDataDir } from './utils.js';
 import { DEFAULT_CONFIG } from './types.js';
 import { ValidationError, errorMessage, getHttpStatusCode } from './errors.js';
 import { debug, info, warn } from './logger.js';
+import { getHttpCache, cachedTimeBased } from './http-cache.js';
 import { isDocOnlyIssue, detectLabelFarmingRepos, applyPerRepoCap } from './issue-filtering.js';
 import { IssueVetter } from './issue-vetting.js';
 import { calculateViabilityScore as calcViabilityScore } from './issue-scoring.js';
@@ -22,6 +23,8 @@ import { calculateViabilityScore as calcViabilityScore } from './issue-scoring.j
 export { isDocOnlyIssue, applyPerRepoCap, isLabelFarming, hasTemplatedTitle, detectLabelFarmingRepos, DOC_ONLY_LABELS, BEGINNER_LABELS, } from './issue-filtering.js';
 export { calculateRepoQualityBonus, calculateViabilityScore } from './issue-scoring.js';
 const MODULE = 'issue-discovery';
+/** TTL for cached search API results (15 minutes). */
+const SEARCH_CACHE_TTL_MS = 15 * 60 * 1000;
 export class IssueDiscovery {
     octokit;
     stateManager;
@@ -35,6 +38,18 @@ export class IssueDiscovery {
         this.stateManager = getStateManager();
         this.vetter = new IssueVetter(this.octokit, this.stateManager);
     }
+    /**
+     * Wrap octokit.search.issuesAndPullRequests with time-based caching.
+     * Repeated identical queries within SEARCH_CACHE_TTL_MS return cached results
+     * without consuming GitHub API rate limit points.
+     */
+    async cachedSearch(params) {
+        const cacheKey = `search:${params.q}:${params.sort}:${params.order}:${params.per_page}`;
+        return cachedTimeBased(getHttpCache(), cacheKey, SEARCH_CACHE_TTL_MS, async () => {
+            const { data } = await this.octokit.search.issuesAndPullRequests(params);
+            return data;
+        });
+    }
     /**
      * Fetch the authenticated user's starred repositories from GitHub.
      * Updates the state manager with the list and timestamp.
@@ -292,7 +307,7 @@ export class IssueDiscovery {
             info(MODULE, 'Phase 2: General issue search...');
             const remainingNeeded = maxResults - allCandidates.length;
             try {
-                const { data } = await this.octokit.search.issuesAndPullRequests({
+                const data = await this.cachedSearch({
                     q: baseQuery,
                     sort: 'created',
                     order: 'desc',
@@ -334,7 +349,7 @@ export class IssueDiscovery {
                 .replace(/  +/g, ' ')
                 .trim();
             try {
-                const { data } = await this.octokit.search.issuesAndPullRequests({
+                const data = await this.cachedSearch({
                     q: phase3Query,
                     sort: 'updated',
                     order: 'desc',
@@ -434,7 +449,7 @@ export class IssueDiscovery {
                 // Build repo filter: (repo:a OR repo:b OR repo:c)
                 const repoFilter = batch.map((r) => `repo:${r}`).join(' OR ');
                 const batchQuery = `${baseQuery} (${repoFilter})`;
-                const { data } = await this.octokit.search.issuesAndPullRequests({
+                const data = await this.cachedSearch({
                     q: batchQuery,
                     sort: 'created',
                     order: 'desc',

package/dist/core/issue-vetting.js

@@ -8,7 +8,7 @@ import { paginateAll } from './pagination.js';
 import { parseGitHubUrl, daysBetween } from './utils.js';
 import { ValidationError, errorMessage, getHttpStatusCode } from './errors.js';
 import { warn } from './logger.js';
-import { getHttpCache, cachedRequest } from './http-cache.js';
+import { getHttpCache, cachedRequest, cachedTimeBased } from './http-cache.js';
 import { calculateRepoQualityBonus, calculateViabilityScore } from './issue-scoring.js';
 const MODULE = 'issue-vetting';
 // Concurrency limit for parallel API calls
@@ -16,6 +16,8 @@ const MAX_CONCURRENT_REQUESTS = 5;
 // Cache for contribution guidelines (expires after 1 hour, max 100 entries)
 const guidelinesCache = new Map();
 const CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
+/** TTL for cached project health results (4 hours). Health data (stars, commits, CI) changes slowly. */
+const HEALTH_CACHE_TTL_MS = 4 * 60 * 60 * 1000;
 const CACHE_MAX_SIZE = 100;
 function pruneCache() {
     const now = Date.now();
@@ -376,47 +378,50 @@ export class IssueVetter {
         }
     }
     async checkProjectHealth(owner, repo) {
+        const cache = getHttpCache();
+        const healthCacheKey = `health:${owner}/${repo}`;
         try {
-            // Get repo info (with ETag caching — repo metadata changes infrequently)
-            const cache = getHttpCache();
-            const url = `/repos/${owner}/${repo}`;
-            const repoData = await cachedRequest(cache, url, (headers) => this.octokit.repos.get({ owner, repo, headers }));
-            // Get recent commits
-            const { data: commits } = await this.octokit.repos.listCommits({
-                owner,
-                repo,
-                per_page: 1,
-            });
-            const lastCommit = commits[0];
-            const lastCommitAt = lastCommit?.commit?.author?.date || repoData.pushed_at;
-            const daysSinceLastCommit = daysBetween(new Date(lastCommitAt));
-            // Check CI status (simplified - just check if workflows exist)
-            let ciStatus = 'unknown';
-            try {
-                const { data: workflows } = await this.octokit.actions.listRepoWorkflows({
+            return await cachedTimeBased(cache, healthCacheKey, HEALTH_CACHE_TTL_MS, async () => {
+                // Get repo info (with ETag caching — repo metadata changes infrequently)
+                const url = `/repos/${owner}/${repo}`;
+                const repoData = await cachedRequest(cache, url, (headers) => this.octokit.repos.get({ owner, repo, headers }));
+                // Get recent commits
+                const { data: commits } = await this.octokit.repos.listCommits({
                     owner,
                     repo,
                     per_page: 1,
                 });
-                if (workflows.total_count > 0) {
-                    ciStatus = 'passing'; // Assume passing if workflows exist
+                const lastCommit = commits[0];
+                const lastCommitAt = lastCommit?.commit?.author?.date || repoData.pushed_at;
+                const daysSinceLastCommit = daysBetween(new Date(lastCommitAt));
+                // Check CI status (simplified - just check if workflows exist)
+                let ciStatus = 'unknown';
+                try {
+                    const { data: workflows } = await this.octokit.actions.listRepoWorkflows({
+                        owner,
+                        repo,
+                        per_page: 1,
+                    });
+                    if (workflows.total_count > 0) {
+                        ciStatus = 'passing'; // Assume passing if workflows exist
+                    }
                 }
-            }
-            catch (error) {
-                const errMsg = errorMessage(error);
-                warn(MODULE, `Failed to check CI status for ${owner}/${repo}: ${errMsg}. Defaulting to unknown.`);
-            }
-            return {
-                repo: `${owner}/${repo}`,
-                lastCommitAt,
-                daysSinceLastCommit,
-                openIssuesCount: repoData.open_issues_count,
-                avgIssueResponseDays: 0, // Would need more API calls to calculate
-                ciStatus,
-                isActive: daysSinceLastCommit < 30,
-                stargazersCount: repoData.stargazers_count,
-                forksCount: repoData.forks_count,
-            };
+                catch (error) {
+                    const errMsg = errorMessage(error);
+                    warn(MODULE, `Failed to check CI status for ${owner}/${repo}: ${errMsg}. Defaulting to unknown.`);
+                }
+                return {
+                    repo: `${owner}/${repo}`,
+                    lastCommitAt,
+                    daysSinceLastCommit,
+                    openIssuesCount: repoData.open_issues_count,
+                    avgIssueResponseDays: 0, // Would need more API calls to calculate
+                    ciStatus,
+                    isActive: daysSinceLastCommit < 30,
+                    stargazersCount: repoData.stargazers_count,
+                    forksCount: repoData.forks_count,
+                };
+            });
         }
         catch (error) {
             const errMsg = errorMessage(error);

package/dist/core/pr-monitor.js

@@ -234,7 +234,10 @@ export class PRMonitor {
         const daysSinceActivity = daysBetween(new Date(ghPR.updated_at), new Date());
         // Find the date of the latest changes_requested review (delegated to review-analysis module)
         const latestChangesRequestedDate = getLatestChangesRequestedDate(reviews);
+        // Classify failing checks (delegated to ci-analysis module)
+        const classifiedChecks = classifyFailingChecks(failingCheckNames, failingCheckConclusions);
         // Determine status
+        const hasActionableCIFailure = ciStatus === 'failing' && classifiedChecks.some((c) => c.category === 'actionable');
         const status = this.determineStatus({
             ciStatus,
             hasMergeConflict,
@@ -247,9 +250,8 @@ export class PRMonitor {
             latestCommitDate,
             lastMaintainerCommentDate: lastMaintainerComment?.createdAt,
             latestChangesRequestedDate,
+            hasActionableCIFailure,
         });
-        // Classify failing checks (delegated to ci-analysis module)
-        const classifiedChecks = classifyFailingChecks(failingCheckNames, failingCheckConclusions);
         return this.buildFetchedPR({
             id: ghPR.id,
             url: prUrl,
@@ -293,7 +295,7 @@ export class PRMonitor {
      * Determine the overall status of a PR
      */
     determineStatus(input) {
-        const { ciStatus, hasMergeConflict, hasUnrespondedComment, hasIncompleteChecklist, reviewDecision, daysSinceActivity, dormantThreshold, approachingThreshold, latestCommitDate, lastMaintainerCommentDate, latestChangesRequestedDate, } = input;
+        const { ciStatus, hasMergeConflict, hasUnrespondedComment, hasIncompleteChecklist, reviewDecision, daysSinceActivity, dormantThreshold, approachingThreshold, latestCommitDate, lastMaintainerCommentDate, latestChangesRequestedDate, hasActionableCIFailure = true, } = input;
         // Priority order: needs_response/needs_changes/changes_addressed > failing_ci > merge_conflict > incomplete_checklist > dormant > approaching_dormant > waiting_on_maintainer > waiting/healthy
         if (hasUnrespondedComment) {
             // If the contributor pushed a commit after the maintainer's comment,
@@ -304,8 +306,10 @@ export class PRMonitor {
                 if (latestChangesRequestedDate && latestCommitDate < latestChangesRequestedDate) {
                     return 'needs_response';
                 }
-                if (ciStatus === 'failing')
+                if (ciStatus === 'failing' && hasActionableCIFailure)
                     return 'failing_ci';
+                // Non-actionable CI failures (infrastructure, fork, auth) don't block changes_addressed —
+                // the contributor can't fix them, so the relevant status is "waiting for re-review" (#502)
                 return 'changes_addressed';
             }
             return 'needs_response';
@@ -317,12 +321,13 @@ export class PRMonitor {
                 return 'needs_changes';
             }
             // Commit is after review — changes have been addressed
-            if (ciStatus === 'failing')
+            if (ciStatus === 'failing' && hasActionableCIFailure)
                 return 'failing_ci';
+            // Non-actionable CI failures don't block changes_addressed (#502)
             return 'changes_addressed';
         }
         if (ciStatus === 'failing') {
-            return 'failing_ci';
+            return hasActionableCIFailure ? 'failing_ci' : 'ci_blocked';
         }
         if (hasMergeConflict) {
             return 'merge_conflict';

package/dist/core/review-analysis.js

@@ -67,7 +67,17 @@ export function isAllSelfReplies(reviewId, reviewComments) {
             return false; // New thread, not a reply
         const parentAuthor = authorMap.get(comment.in_reply_to_id);
         const commentAuthor = comment.user?.login?.toLowerCase();
-        return parentAuthor != null && commentAuthor != null && parentAuthor === commentAuthor;
+        if (parentAuthor == null || commentAuthor == null || parentAuthor !== commentAuthor)
+            return false;
+        // A self-reply containing a question mark is likely a follow-up question
+        // directed at the PR author, not an informational addendum (#498).
+        // Null/empty body on a self-reply is anomalous — surface it rather than
+        // silently filtering, since the safe direction is to notify.
+        if (!comment.body)
+            return false;
+        if (comment.body.includes('?'))
+            return false;
+        return true;
     });
 }
 /**

package/dist/core/state.js

@@ -13,6 +13,8 @@ const MODULE = 'state';
 const CURRENT_STATE_VERSION = 2;
 // Maximum number of events to retain in the event log
 const MAX_EVENTS = 1000;
+/** Repo scores older than this are considered stale and excluded from low-scoring lists. */
+const SCORE_TTL_MS = 30 * 24 * 60 * 60 * 1000; // 30 days
 // Lock file timeout: if a lock is older than this, it is considered stale
 const LOCK_TIMEOUT_MS = 30_000; // 30 seconds
 // Legacy path for migration
@@ -1026,8 +1028,19 @@ export class StateManager {
      */
     getLowScoringRepos(maxScore) {
         const threshold = maxScore ?? this.state.config.minRepoScoreThreshold;
+        const now = Date.now();
         return Object.values(this.state.repoScores)
-            .filter((rs) => rs.score <= threshold)
+            .filter((rs) => {
+            if (rs.score > threshold)
+                return false;
+            // Stale scores (>30 days) should not permanently block repos (#487)
+            const age = now - new Date(rs.lastEvaluatedAt).getTime();
+            if (!Number.isFinite(age)) {
+                warn(MODULE, `Invalid lastEvaluatedAt for repo ${rs.repo}: "${rs.lastEvaluatedAt}", treating as stale`);
+                return false;
+            }
+            return age <= SCORE_TTL_MS;
+        })
             .sort((a, b) => a.score - b.score)
             .map((rs) => rs.repo);
     }

package/dist/core/types.d.ts

@@ -54,6 +54,8 @@ export interface DetermineStatusInput {
     latestCommitDate?: string;
     lastMaintainerCommentDate?: string;
     latestChangesRequestedDate?: string;
+    /** True if at least one failing CI check is classified as 'actionable'. */
+    hasActionableCIFailure?: boolean;
 }
 /**
  * Computed status for a {@link FetchedPR}, determined by `PRMonitor.determineStatus()`.
@@ -62,8 +64,7 @@ export interface DetermineStatusInput {
  * **Action required (contributor must act):**
  * - `needs_response` — Maintainer commented after the contributor's last activity
  * - `needs_changes` — Reviewer requested changes (via review, not just a comment)
- * - `failing_ci` — One or more CI checks are failing
- * - `ci_blocked` — CI cannot run (e.g., first-time contributor approval needed) *(reserved)*
+ * - `failing_ci` — One or more CI checks are failing (at least one is actionable)
  * - `ci_not_running` — No CI checks have been triggered *(reserved)*
  * - `merge_conflict` — PR has merge conflicts with the base branch
  * - `needs_rebase` — PR branch is significantly behind upstream *(reserved)*
@@ -71,6 +72,7 @@ export interface DetermineStatusInput {
  * - `incomplete_checklist` — PR body has unchecked required checkboxes
  *
  * **Waiting (no action needed right now):**
+ * - `ci_blocked` — All failing CI checks are non-actionable (infrastructure, fork limitation, auth gate)
  * - `changes_addressed` — Contributor pushed commits after reviewer feedback; awaiting re-review
  * - `waiting` — CI is pending or no specific action needed
  * - `waiting_on_maintainer` — PR is approved and CI passes; waiting for maintainer to merge

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oss-autopilot/core",
-  "version": "0.44.0",
+  "version": "0.44.1",
   "description": "CLI and core library for managing open source contributions",
   "type": "module",
   "bin": {
@@ -51,7 +51,7 @@
     "commander": "^14.0.3"
   },
   "devDependencies": {
-    "@types/node": "^25.3.0",
+    "@types/node": "^20.0.0",
     "@vitest/coverage-v8": "^4.0.18",
     "esbuild": "^0.27.3",
     "tsx": "^4.21.0",
@@ -60,7 +60,7 @@
   },
   "scripts": {
     "build": "tsc",
-    "bundle": "esbuild src/cli.ts --bundle --platform=node --target=node20 --format=cjs --minify --outfile=dist/cli.bundle.cjs",
+    "bundle": "esbuild src/cli.ts --bundle --platform=node --target=node20 --format=cjs --minify --sourcemap --outfile=dist/cli.bundle.cjs",
     "start": "tsx src/cli.ts",
     "dev": "tsx watch src/cli.ts",
     "typecheck": "tsc --noEmit",