@oss-autopilot/core 0.54.0 → 0.56.0

package/dist/core/pr-monitor.js

@@ -4,7 +4,7 @@
  * Score methods still write to state.
  *
  * Decomposed into focused modules (#263):
- * - ci-analysis.ts: CI check classification and analysis
+ * - ci-analysis.ts: CI status fetching, check classification and analysis
  * - review-analysis.ts: Review decision and comment detection
  * - checklist-analysis.ts: PR body checklist analysis
  * - maintainer-analysis.ts: Maintainer action hint extraction
@@ -21,8 +21,7 @@ import { ConfigurationError, ValidationError, errorMessage, getHttpStatusCode }
 import { paginateAll } from './pagination.js';
 import { debug, warn, timed } from './logger.js';
 import { getHttpCache, cachedRequest } from './http-cache.js';
-// Extracted modules
-import { classifyFailingChecks, analyzeCheckRuns, analyzeCombinedStatus, mergeStatuses } from './ci-analysis.js';
+import { classifyFailingChecks, getCIStatus } from './ci-analysis.js';
 import { determineReviewDecision, getLatestChangesRequestedDate, checkUnrespondedComments, } from './review-analysis.js';
 import { analyzeChecklist } from './checklist-analysis.js';
 import { extractMaintainerActionHints } from './maintainer-analysis.js';
@@ -30,9 +29,16 @@ import { computeDisplayLabel } from './display-utils.js';
 import { fetchUserMergedPRCounts as fetchUserMergedPRCountsImpl, fetchUserClosedPRCounts as fetchUserClosedPRCountsImpl, fetchRecentlyClosedPRs as fetchRecentlyClosedPRsImpl, fetchRecentlyMergedPRs as fetchRecentlyMergedPRsImpl, } from './github-stats.js';
 // Re-export so existing consumers can still import from pr-monitor
 export { computeDisplayLabel } from './display-utils.js';
-export { classifyCICheck, classifyFailingChecks } from './ci-analysis.js';
+export { classifyCICheck, classifyFailingChecks, getCIStatus } from './ci-analysis.js';
 export { isConditionalChecklistItem } from './checklist-analysis.js';
 export { determineStatus } from './status-determination.js';
+/**
+ * Check if a PR has a merge conflict based on GitHub's mergeable flag and mergeable_state.
+ * Returns true when mergeable is explicitly false or the mergeable_state is 'dirty'.
+ */
+export function hasMergeConflict(mergeable, mergeableState) {
+    return mergeable === false || mergeableState === 'dirty';
+}
 const MODULE = 'pr-monitor';
 const MAX_CONCURRENT_REQUESTS = DEFAULT_CONCURRENCY;
 export class PRMonitor {
@@ -167,14 +173,14 @@ export class PRMonitor {
         // Determine review decision (delegated to review-analysis module)
         const reviewDecision = determineReviewDecision(reviews);
         // Check for merge conflict
-        const hasMergeConflict = this.hasMergeConflict(ghPR.mergeable, ghPR.mergeable_state);
+        const mergeConflict = hasMergeConflict(ghPR.mergeable, ghPR.mergeable_state);
         // Check if there's an unresponded maintainer comment (delegated to review-analysis module)
         const { hasUnrespondedComment, lastMaintainerComment } = checkUnrespondedComments(comments, reviews, reviewComments, config.githubUsername);
         // Fetch CI status and (conditionally) latest commit date in parallel
         // We need the commit date when hasUnrespondedComment is true (to distinguish
         // "needs_response" from "waiting_on_maintainer") OR when reviewDecision is "changes_requested"
         // (to detect needs_changes: review requested changes but no new commits pushed)
-        const ciPromise = this.getCIStatus(owner, repo, ghPR.head.sha);
+        const ciPromise = getCIStatus(this.octokit, owner, repo, ghPR.head.sha);
         const needCommitDate = hasUnrespondedComment || reviewDecision === 'changes_requested';
         const commitInfoPromise = needCommitDate
             ? this.octokit.repos
@@ -222,7 +228,7 @@ export class PRMonitor {
         const hasActionableCIFailure = ciStatus === 'failing' && classifiedChecks.some((c) => c.category === 'actionable');
         const { status, actionReason, waitReason, stalenessTier, actionReasons } = determineStatus({
             ciStatus,
-            hasMergeConflict,
+            hasMergeConflict: mergeConflict,
             hasUnrespondedComment,
             hasIncompleteChecklist,
             reviewDecision,
@@ -253,7 +259,7 @@ export class PRMonitor {
             ciStatus,
             failingCheckNames,
             classifiedChecks,
-            hasMergeConflict,
+            hasMergeConflict: mergeConflict,
             reviewDecision,
             hasUnrespondedComment,
             lastMaintainerComment,
@@ -279,78 +285,6 @@ export class PRMonitor {
         pr.displayDescription = displayDescription;
         return pr;
     }
-    /**
-     * Check if PR has merge conflict
-     */
-    hasMergeConflict(mergeable, mergeableState) {
-        return mergeable === false || mergeableState === 'dirty';
-    }
-    /**
-     * Get CI status from combined status API and check runs.
-     * Returns status and names of failing checks for diagnostics.
-     * Delegates analysis to ci-analysis module.
-     */
-    async getCIStatus(owner, repo, sha) {
-        if (!sha)
-            return { status: 'unknown', failingCheckNames: [], failingCheckConclusions: new Map() };
-        try {
-            // Fetch both combined status and check runs in parallel
-            const [statusResponse, checksResponse] = await Promise.all([
-                this.octokit.repos.getCombinedStatusForRef({ owner, repo, ref: sha }),
-                // 404 is expected for repos without check runs configured; log other errors for debugging
-                this.octokit.checks.listForRef({ owner, repo, ref: sha }).catch((err) => {
-                    const status = getHttpStatusCode(err);
-                    // Rate limit errors must propagate — matches listReviewComments pattern (#481)
-                    if (status === 429)
-                        throw err;
-                    if (status === 403) {
-                        const msg = errorMessage(err).toLowerCase();
-                        if (msg.includes('rate limit') || msg.includes('abuse detection'))
-                            throw err;
-                    }
-                    if (status === 404) {
-                        debug('pr-monitor', `Check runs 404 for ${owner}/${repo}@${sha.slice(0, 7)} (no checks configured)`);
-                    }
-                    else {
-                        warn('pr-monitor', `Non-404 error fetching check runs for ${owner}/${repo}@${sha.slice(0, 7)}: ${status ?? err}`);
-                    }
-                    return null;
-                }),
-            ]);
-            const combinedStatus = statusResponse.data;
-            const allCheckRuns = checksResponse?.data?.check_runs || [];
-            // Deduplicate check runs by name, keeping only the most recent run per unique name.
-            // GitHub returns all historical runs (including re-runs), so without deduplication
-            // a superseded failure will incorrectly flag the PR as failing even after a re-run passes.
-            const latestCheckRunsByName = new Map();
-            for (const check of allCheckRuns) {
-                const existing = latestCheckRunsByName.get(check.name);
-                if (!existing || new Date(check.started_at ?? 0) > new Date(existing.started_at ?? 0)) {
-                    latestCheckRunsByName.set(check.name, check);
-                }
-            }
-            const checkRuns = [...latestCheckRunsByName.values()];
-            // Delegate analysis to ci-analysis module
-            const checkRunAnalysis = analyzeCheckRuns(checkRuns);
-            const combinedAnalysis = analyzeCombinedStatus(combinedStatus);
-            return mergeStatuses(checkRunAnalysis, combinedAnalysis, checkRuns.length);
-        }
-        catch (error) {
-            const statusCode = getHttpStatusCode(error);
-            if (statusCode === 401 || statusCode === 403 || statusCode === 429) {
-                throw error;
-            }
-            else if (statusCode === 404) {
-                // Repo might not have CI configured, this is normal
-                debug('pr-monitor', `CI check 404 for ${owner}/${repo} (no CI configured)`);
-                return { status: 'unknown', failingCheckNames: [], failingCheckConclusions: new Map() };
-            }
-            else {
-                warn('pr-monitor', `Failed to check CI for ${owner}/${repo}@${sha.slice(0, 7)}: ${errorMessage(error)}`);
-            }
-            return { status: 'unknown', failingCheckNames: [], failingCheckConclusions: new Map() };
-        }
-    }
     /**
      * Fetch merged PR counts and latest merge dates per repository for the configured user.
      * Delegates to github-stats module.

package/dist/core/repo-health.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Repo Health — project health checks and contribution guidelines fetching.
+ *
+ * Extracted from issue-vetting.ts (#621) to isolate repo-level checks
+ * from issue-level eligibility logic.
+ */
+import { Octokit } from '@octokit/rest';
+import { type ContributionGuidelines, type ProjectHealth } from './types.js';
+/**
+ * Check the health of a GitHub project: recent commits, CI status, star/fork counts.
+ * Results are cached for HEALTH_CACHE_TTL_MS (4 hours).
+ */
+export declare function checkProjectHealth(octokit: Octokit, owner: string, repo: string): Promise<ProjectHealth>;
+/**
+ * Fetch and parse CONTRIBUTING.md (or variants) from a GitHub repo.
+ * Probes multiple paths in parallel: CONTRIBUTING.md, .github/CONTRIBUTING.md,
+ * docs/CONTRIBUTING.md, contributing.md. Results are cached for CACHE_TTL_MS.
+ */
+export declare function fetchContributionGuidelines(octokit: Octokit, owner: string, repo: string): Promise<ContributionGuidelines | undefined>;
+/**
+ * Parse the raw content of a CONTRIBUTING.md file to extract structured guidelines:
+ * branch naming, commit format, test framework, linter, formatter, CLA requirement.
+ */
+export declare function parseContributionGuidelines(content: string): ContributionGuidelines;

package/dist/core/repo-health.js

@@ -0,0 +1,193 @@
+/**
+ * Repo Health — project health checks and contribution guidelines fetching.
+ *
+ * Extracted from issue-vetting.ts (#621) to isolate repo-level checks
+ * from issue-level eligibility logic.
+ */
+import { daysBetween } from './utils.js';
+import { errorMessage } from './errors.js';
+import { warn } from './logger.js';
+import { getHttpCache, cachedRequest, cachedTimeBased } from './http-cache.js';
+const MODULE = 'repo-health';
+// ── Cache for contribution guidelines ──
+const guidelinesCache = new Map();
+/** TTL for cached contribution guidelines (1 hour). */
+const CACHE_TTL_MS = 60 * 60 * 1000;
+/** TTL for cached project health results (4 hours). Health data (stars, commits, CI) changes slowly. */
+const HEALTH_CACHE_TTL_MS = 4 * 60 * 60 * 1000;
+/** Max entries in the guidelines cache before pruning. */
+const CACHE_MAX_SIZE = 100;
+/** Remove expired and excess entries from the guidelines cache. */
+function pruneCache() {
+    const now = Date.now();
+    // First, remove expired entries (older than CACHE_TTL_MS)
+    for (const [key, value] of guidelinesCache.entries()) {
+        if (now - value.fetchedAt > CACHE_TTL_MS) {
+            guidelinesCache.delete(key);
+        }
+    }
+    // Then, if still over size limit, remove oldest entries
+    if (guidelinesCache.size > CACHE_MAX_SIZE) {
+        const entries = Array.from(guidelinesCache.entries()).sort((a, b) => a[1].fetchedAt - b[1].fetchedAt);
+        const toRemove = entries.slice(0, guidelinesCache.size - CACHE_MAX_SIZE);
+        for (const [key] of toRemove) {
+            guidelinesCache.delete(key);
+        }
+    }
+}
+// ── Project health ──
+/**
+ * Check the health of a GitHub project: recent commits, CI status, star/fork counts.
+ * Results are cached for HEALTH_CACHE_TTL_MS (4 hours).
+ */
+export async function checkProjectHealth(octokit, owner, repo) {
+    const cache = getHttpCache();
+    const healthCacheKey = `health:${owner}/${repo}`;
+    try {
+        return await cachedTimeBased(cache, healthCacheKey, HEALTH_CACHE_TTL_MS, async () => {
+            // Get repo info (with ETag caching — repo metadata changes infrequently)
+            const url = `/repos/${owner}/${repo}`;
+            const repoData = await cachedRequest(cache, url, (headers) => octokit.repos.get({ owner, repo, headers }));
+            // Get recent commits
+            const { data: commits } = await octokit.repos.listCommits({
+                owner,
+                repo,
+                per_page: 1,
+            });
+            const lastCommit = commits[0];
+            const lastCommitAt = lastCommit?.commit?.author?.date || repoData.pushed_at;
+            const daysSinceLastCommit = daysBetween(new Date(lastCommitAt));
+            // Check CI status (simplified - just check if workflows exist)
+            let ciStatus = 'unknown';
+            try {
+                const { data: workflows } = await octokit.actions.listRepoWorkflows({
+                    owner,
+                    repo,
+                    per_page: 1,
+                });
+                if (workflows.total_count > 0) {
+                    ciStatus = 'passing'; // Assume passing if workflows exist
+                }
+            }
+            catch (error) {
+                const errMsg = errorMessage(error);
+                warn(MODULE, `Failed to check CI status for ${owner}/${repo}: ${errMsg}. Defaulting to unknown.`);
+            }
+            return {
+                repo: `${owner}/${repo}`,
+                lastCommitAt,
+                daysSinceLastCommit,
+                openIssuesCount: repoData.open_issues_count,
+                avgIssueResponseDays: 0, // Would need more API calls to calculate
+                ciStatus,
+                isActive: daysSinceLastCommit < 30,
+                stargazersCount: repoData.stargazers_count,
+                forksCount: repoData.forks_count,
+            };
+        });
+    }
+    catch (error) {
+        const errMsg = errorMessage(error);
+        warn(MODULE, `Error checking project health for ${owner}/${repo}: ${errMsg}`);
+        return {
+            repo: `${owner}/${repo}`,
+            lastCommitAt: '',
+            daysSinceLastCommit: 999,
+            openIssuesCount: 0,
+            avgIssueResponseDays: 0,
+            ciStatus: 'unknown',
+            isActive: false,
+            checkFailed: true,
+            failureReason: errMsg,
+        };
+    }
+}
+// ── Contribution guidelines ──
+/**
+ * Fetch and parse CONTRIBUTING.md (or variants) from a GitHub repo.
+ * Probes multiple paths in parallel: CONTRIBUTING.md, .github/CONTRIBUTING.md,
+ * docs/CONTRIBUTING.md, contributing.md. Results are cached for CACHE_TTL_MS.
+ */
+export async function fetchContributionGuidelines(octokit, owner, repo) {
+    const cacheKey = `${owner}/${repo}`;
+    // Check cache first
+    const cached = guidelinesCache.get(cacheKey);
+    if (cached && Date.now() - cached.fetchedAt < CACHE_TTL_MS) {
+        return cached.guidelines;
+    }
+    const filesToCheck = ['CONTRIBUTING.md', '.github/CONTRIBUTING.md', 'docs/CONTRIBUTING.md', 'contributing.md'];
+    // Probe all paths in parallel — take the first success in priority order
+    const results = await Promise.allSettled(filesToCheck.map((file) => octokit.repos.getContent({ owner, repo, path: file }).then(({ data }) => {
+        if ('content' in data) {
+            return Buffer.from(data.content, 'base64').toString('utf-8');
+        }
+        return null;
+    })));
+    for (let i = 0; i < results.length; i++) {
+        const result = results[i];
+        if (result.status === 'fulfilled' && result.value) {
+            const guidelines = parseContributionGuidelines(result.value);
+            guidelinesCache.set(cacheKey, { guidelines, fetchedAt: Date.now() });
+            pruneCache();
+            return guidelines;
+        }
+        if (result.status === 'rejected') {
+            const msg = result.reason instanceof Error ? result.reason.message : String(result.reason);
+            if (!msg.includes('404') && !msg.includes('Not Found')) {
+                warn(MODULE, `Unexpected error fetching ${filesToCheck[i]} from ${owner}/${repo}: ${msg}`);
+            }
+        }
+    }
+    // Cache the negative result too and prune if needed
+    guidelinesCache.set(cacheKey, { guidelines: undefined, fetchedAt: Date.now() });
+    pruneCache();
+    return undefined;
+}
+/**
+ * Parse the raw content of a CONTRIBUTING.md file to extract structured guidelines:
+ * branch naming, commit format, test framework, linter, formatter, CLA requirement.
+ */
+export function parseContributionGuidelines(content) {
+    const guidelines = {
+        rawContent: content,
+    };
+    const lowerContent = content.toLowerCase();
+    // Detect branch naming conventions
+    if (lowerContent.includes('branch')) {
+        const branchMatch = content.match(/branch[^\n]*(?:named?|format|convention)[^\n]*[`"]([^`"]+)[`"]/i);
+        if (branchMatch) {
+            guidelines.branchNamingConvention = branchMatch[1];
+        }
+    }
+    // Detect commit message format
+    if (lowerContent.includes('conventional commit')) {
+        guidelines.commitMessageFormat = 'conventional commits';
+    }
+    else if (lowerContent.includes('commit message')) {
+        const commitMatch = content.match(/commit message[^\n]*[`"]([^`"]+)[`"]/i);
+        if (commitMatch) {
+            guidelines.commitMessageFormat = commitMatch[1];
+        }
+    }
+    // Detect test framework
+    if (lowerContent.includes('jest'))
+        guidelines.testFramework = 'Jest';
+    else if (lowerContent.includes('rspec'))
+        guidelines.testFramework = 'RSpec';
+    else if (lowerContent.includes('pytest'))
+        guidelines.testFramework = 'pytest';
+    else if (lowerContent.includes('mocha'))
+        guidelines.testFramework = 'Mocha';
+    // Detect linter
+    if (lowerContent.includes('eslint'))
+        guidelines.linter = 'ESLint';
+    else if (lowerContent.includes('rubocop'))
+        guidelines.linter = 'RuboCop';
+    else if (lowerContent.includes('prettier'))
+        guidelines.formatter = 'Prettier';
+    // Detect CLA requirement
+    if (lowerContent.includes('cla') || lowerContent.includes('contributor license agreement')) {
+        guidelines.claRequired = true;
+    }
+    return guidelines;
+}

package/dist/core/search-phases.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Search Phases — utilities and infrastructure for multi-phase issue search.
+ *
+ * Extracted from issue-discovery.ts (#621) to isolate search helpers,
+ * caching, spam-filtering, and batched repo search logic.
+ */
+import { Octokit } from '@octokit/rest';
+import { type SearchPriority, type IssueCandidate, type IssueScope } from './types.js';
+import { type GitHubSearchItem } from './issue-filtering.js';
+import { IssueVetter } from './issue-vetting.js';
+/** Build a GitHub Search API label filter from a list of labels. */
+export declare function buildLabelQuery(labels: string[]): string;
+/** Resolve scope tiers into a flat label list, merged with custom labels. */
+export declare function buildEffectiveLabels(scopes: IssueScope[], customLabels: string[]): string[];
+/** Round-robin interleave multiple arrays. */
+export declare function interleaveArrays<T>(arrays: T[][]): T[];
+/** Split repos into batches of the specified size. */
+export declare function batchRepos(repos: string[], batchSize: number): string[][];
+/**
+ * Wrap octokit.search.issuesAndPullRequests with time-based caching.
+ * Repeated identical queries within SEARCH_CACHE_TTL_MS return cached results
+ * without consuming GitHub API rate limit points.
+ */
+export declare function cachedSearchIssues(octokit: Octokit, params: {
+    q: string;
+    sort: 'created' | 'updated' | 'comments' | 'reactions' | 'interactions';
+    order: 'asc' | 'desc';
+    per_page: number;
+}): Promise<{
+    total_count: number;
+    items: GitHubSearchItem[];
+}>;
+/**
+ * Shared pipeline: spam-filter, repo-exclusion, vetting, and star-count filter.
+ * Used by Phases 2 and 3 to convert raw search results into vetted candidates.
+ */
+export declare function filterVetAndScore(vetter: IssueVetter, items: GitHubSearchItem[], filterIssues: (items: GitHubSearchItem[]) => GitHubSearchItem[], excludedRepoSets: Set<string>[], remainingNeeded: number, minStars: number, phaseLabel: string): Promise<{
+    candidates: IssueCandidate[];
+    allVetFailed: boolean;
+    rateLimitHit: boolean;
+}>;
+/**
+ * Search for issues within specific repos using batched queries.
+ *
+ * To avoid GitHub's secondary rate limit (30 requests/minute), we batch
+ * multiple repos into a single search query using OR syntax:
+ *   repo:owner1/repo1 OR repo:owner2/repo2 OR repo:owner3/repo3
+ *
+ * This reduces API calls from N (one per repo) to ceil(N/BATCH_SIZE).
+ */
+export declare function searchInRepos(octokit: Octokit, vetter: IssueVetter, repos: string[], baseQuery: string, maxResults: number, priority: SearchPriority, filterFn: (items: GitHubSearchItem[]) => GitHubSearchItem[]): Promise<{
+    candidates: IssueCandidate[];
+    allBatchesFailed: boolean;
+    rateLimitHit: boolean;
+}>;

package/dist/core/search-phases.js

@@ -0,0 +1,155 @@
+/**
+ * Search Phases — utilities and infrastructure for multi-phase issue search.
+ *
+ * Extracted from issue-discovery.ts (#621) to isolate search helpers,
+ * caching, spam-filtering, and batched repo search logic.
+ */
+import { SCOPE_LABELS } from './types.js';
+import { errorMessage, isRateLimitError } from './errors.js';
+import { debug, warn } from './logger.js';
+import { getHttpCache, cachedTimeBased } from './http-cache.js';
+import { detectLabelFarmingRepos } from './issue-filtering.js';
+const MODULE = 'search-phases';
+// ── Pure utilities ──
+/** Build a GitHub Search API label filter from a list of labels. */
+export function buildLabelQuery(labels) {
+    if (labels.length === 0)
+        return '';
+    if (labels.length === 1)
+        return `label:"${labels[0]}"`;
+    return `(${labels.map((l) => `label:"${l}"`).join(' OR ')})`;
+}
+/** Resolve scope tiers into a flat label list, merged with custom labels. */
+export function buildEffectiveLabels(scopes, customLabels) {
+    const labels = new Set();
+    for (const scope of scopes) {
+        for (const label of SCOPE_LABELS[scope] ?? [])
+            labels.add(label);
+    }
+    for (const label of customLabels)
+        labels.add(label);
+    return [...labels];
+}
+/** Round-robin interleave multiple arrays. */
+export function interleaveArrays(arrays) {
+    const result = [];
+    const maxLen = Math.max(...arrays.map((a) => a.length), 0);
+    for (let i = 0; i < maxLen; i++) {
+        for (const arr of arrays) {
+            if (i < arr.length)
+                result.push(arr[i]);
+        }
+    }
+    return result;
+}
+/** Split repos into batches of the specified size. */
+export function batchRepos(repos, batchSize) {
+    const batches = [];
+    for (let i = 0; i < repos.length; i += batchSize) {
+        batches.push(repos.slice(i, i + batchSize));
+    }
+    return batches;
+}
+// ── Search caching ──
+/** TTL for cached search API results (15 minutes). */
+const SEARCH_CACHE_TTL_MS = 15 * 60 * 1000;
+/**
+ * Wrap octokit.search.issuesAndPullRequests with time-based caching.
+ * Repeated identical queries within SEARCH_CACHE_TTL_MS return cached results
+ * without consuming GitHub API rate limit points.
+ */
+export async function cachedSearchIssues(octokit, params) {
+    const cacheKey = `search:${params.q}:${params.sort}:${params.order}:${params.per_page}`;
+    return cachedTimeBased(getHttpCache(), cacheKey, SEARCH_CACHE_TTL_MS, async () => {
+        const { data } = await octokit.search.issuesAndPullRequests(params);
+        return data;
+    });
+}
+// ── Search infrastructure ──
+/**
+ * Shared pipeline: spam-filter, repo-exclusion, vetting, and star-count filter.
+ * Used by Phases 2 and 3 to convert raw search results into vetted candidates.
+ */
+export async function filterVetAndScore(vetter, items, filterIssues, excludedRepoSets, remainingNeeded, minStars, phaseLabel) {
+    const spamRepos = detectLabelFarmingRepos(items);
+    if (spamRepos.size > 0) {
+        const spamCount = items.filter((i) => spamRepos.has(i.repository_url.split('/').slice(-2).join('/'))).length;
+        debug(MODULE, `[SPAM_FILTER] Filtered ${spamCount} issues from ${spamRepos.size} label-farming repos: ${[...spamRepos].join(', ')}`);
+    }
+    const itemsToVet = filterIssues(items)
+        .filter((item) => {
+        const repoFullName = item.repository_url.split('/').slice(-2).join('/');
+        if (spamRepos.has(repoFullName))
+            return false;
+        return excludedRepoSets.every((s) => !s.has(repoFullName));
+    })
+        .slice(0, remainingNeeded * 2);
+    if (itemsToVet.length === 0) {
+        debug(MODULE, `[${phaseLabel}] All ${items.length} items filtered before vetting`);
+        return { candidates: [], allVetFailed: false, rateLimitHit: false };
+    }
+    const { candidates: results, allFailed: allVetFailed, rateLimitHit, } = await vetter.vetIssuesParallel(itemsToVet.map((i) => i.html_url), remainingNeeded, 'normal');
+    const starFiltered = results.filter((c) => {
+        if (c.projectHealth.checkFailed)
+            return true;
+        const stars = c.projectHealth.stargazersCount ?? 0;
+        return stars >= minStars;
+    });
+    const starFilteredCount = results.length - starFiltered.length;
+    if (starFilteredCount > 0) {
+        debug(MODULE, `[STAR_FILTER] Filtered ${starFilteredCount} ${phaseLabel} candidates below ${minStars} stars`);
+    }
+    return { candidates: starFiltered, allVetFailed, rateLimitHit };
+}
+/**
+ * Search for issues within specific repos using batched queries.
+ *
+ * To avoid GitHub's secondary rate limit (30 requests/minute), we batch
+ * multiple repos into a single search query using OR syntax:
+ *   repo:owner1/repo1 OR repo:owner2/repo2 OR repo:owner3/repo3
+ *
+ * This reduces API calls from N (one per repo) to ceil(N/BATCH_SIZE).
+ */
+export async function searchInRepos(octokit, vetter, repos, baseQuery, maxResults, priority, filterFn) {
+    const candidates = [];
+    const BATCH_SIZE = 5;
+    const batches = batchRepos(repos, BATCH_SIZE);
+    let failedBatches = 0;
+    let rateLimitFailures = 0;
+    for (const batch of batches) {
+        if (candidates.length >= maxResults)
+            break;
+        try {
+            // Build repo filter: (repo:a OR repo:b OR repo:c)
+            const repoFilter = batch.map((r) => `repo:${r}`).join(' OR ');
+            const batchQuery = `${baseQuery} (${repoFilter})`;
+            const data = await cachedSearchIssues(octokit, {
+                q: batchQuery,
+                sort: 'created',
+                order: 'desc',
+                per_page: Math.min(30, (maxResults - candidates.length) * 3),
+            });
+            if (data.items.length > 0) {
+                const filtered = filterFn(data.items);
+                const remainingNeeded = maxResults - candidates.length;
+                const { candidates: vetted } = await vetter.vetIssuesParallel(filtered.slice(0, remainingNeeded * 2).map((i) => i.html_url), remainingNeeded, priority);
+                candidates.push(...vetted);
+            }
+        }
+        catch (error) {
+            failedBatches++;
+            if (isRateLimitError(error)) {
+                rateLimitFailures++;
+            }
+            const batchReposStr = batch.join(', ');
+            warn(MODULE, `Error searching issues in batch [${batchReposStr}]:`, errorMessage(error));
+        }
+    }
+    const allBatchesFailed = failedBatches === batches.length && batches.length > 0;
+    const rateLimitHit = rateLimitFailures > 0;
+    if (allBatchesFailed) {
+        warn(MODULE, `All ${batches.length} batch(es) failed for ${priority} phase. ` +
+            `This may indicate a systemic issue (rate limit, auth, network).`);
+    }
+    return { candidates, allBatchesFailed, rateLimitHit };
+}

package/dist/core/state.d.ts

@@ -18,6 +18,8 @@ export declare class StateManager {
     private state;
     private readonly inMemoryOnly;
     private lastLoadedMtimeMs;
+    private _batching;
+    private _batchDirty;
     /**
      * Create a new StateManager instance.
      * @param inMemoryOnly - When true, state is held only in memory and never read from or
@@ -25,6 +27,15 @@ export declare class StateManager {
      *   Defaults to false (normal persistent mode).
      */
     constructor(inMemoryOnly?: boolean);
+    /**
+     * Execute multiple mutations as a single batch, deferring disk I/O until the
+     * batch completes. Nested `batch()` calls are flattened — only the outermost saves.
+     */
+    batch(fn: () => void): void;
+    /**
+     * Auto-persist after a mutation. Inside a `batch()`, defers to the batch boundary.
+     */
+    private autoSave;
     /**
      * Check if initial setup has been completed.
      */