@oss-autopilot/core 1.15.0 → 1.15.1

package/dist/commands/dashboard-server.d.ts

@@ -5,6 +5,8 @@
  *
  * Uses Node's built-in http module — no Express/Fastify.
  */
+import { type DashboardJsonData } from './dashboard-data.js';
+import { type DailyDigest, type AgentState, type CommentedIssue, type MergedPR, type ClosedPR } from '../core/types.js';
 export { getDashboardPidPath, writeDashboardServerInfo, readDashboardServerInfo, removeDashboardServerInfo, isDashboardServerRunning, findRunningDashboardServer, type DashboardServerInfo, } from './dashboard-process.js';
 export interface DashboardServerOptions {
     port: number;
@@ -12,4 +14,12 @@ export interface DashboardServerOptions {
     token: string | null;
     open: boolean;
 }
+/**
+ * Build the JSON payload that the SPA expects from GET /api/data.
+ *
+ * Exported for unit testing of response-shape concerns that the full
+ * handler harness can't reach (it bakes a stale cachedDigest at server
+ * start-up, so tests that need a specific digest should call this directly).
+ */
+export declare function buildDashboardJson(digest: DailyDigest, state: Readonly<AgentState>, commentedIssues: CommentedIssue[], allMergedPRs?: MergedPR[], allClosedPRs?: ClosedPR[]): DashboardJsonData;
 export declare function startDashboardServer(options: DashboardServerOptions): Promise<void>;

package/dist/commands/dashboard-server.js

@@ -68,8 +68,12 @@ function getIssueListMtimeMs() {
 }
 /**
  * Build the JSON payload that the SPA expects from GET /api/data.
+ *
+ * Exported for unit testing of response-shape concerns that the full
+ * handler harness can't reach (it bakes a stale cachedDigest at server
+ * start-up, so tests that need a specific digest should call this directly).
  */
-function buildDashboardJson(digest, state, commentedIssues, allMergedPRs, allClosedPRs) {
+export function buildDashboardJson(digest, state, commentedIssues, allMergedPRs, allClosedPRs) {
     const prsByRepo = computePRsByRepo(digest, state);
     const topRepos = computeTopRepos(prsByRepo);
     const { monthlyMerged, monthlyOpened, monthlyClosed } = getMonthlyData(state);
@@ -104,7 +108,11 @@ function buildDashboardJson(digest, state, commentedIssues, allMergedPRs, allClo
         monthlyOpened,
         monthlyClosed,
         activePRs: applyStatusOverrides(digest.openPRs || [], state),
-        shelvedPRUrls: state.config.shelvedPRUrls || [],
+        // Source of truth is digest.shelvedPRs (union of explicitly-shelved URLs
+        // and dormant-non-addressing PRs auto-shelved for display). Returning
+        // only state.config.shelvedPRUrls would under-count and desync from
+        // stats.shelvedPRs, which is already derived from digest.shelvedPRs. (#981)
+        shelvedPRUrls: (digest.shelvedPRs || []).map((ref) => ref.url),
         recentlyMergedPRs: digest.recentlyMergedPRs || [],
         recentlyClosedPRs: digest.recentlyClosedPRs || [],
         autoUnshelvedPRs: digest.autoUnshelvedPRs || [],

package/dist/commands/vet-list.js

@@ -6,6 +6,9 @@ import * as fs from 'fs';
 import { createAutopilotScout } from './scout-bridge.js';
 import { runParseList, pruneIssueList } from './parse-list.js';
 import { detectIssueList } from './startup.js';
+import { computeSuccessGrade, gradeFromCandidate } from '../core/issue-grading.js';
+import { getStateManager } from '../core/index.js';
+const UNKNOWN_GRADE = computeSuccessGrade({ avgResponseDays: null, mergeRate: null, daysSinceLastCommit: null });
 /**
  * Determine the list status from vetting results.
  * Maps vetting recommendation + reasons to a list-level status.
@@ -62,6 +65,11 @@ export async function runVetList(options = {}) {
             const item = items[index++];
             try {
                 const candidate = await scout.vetIssue(item.url);
+                const grade = gradeFromCandidate({
+                    repo: candidate.issue.repo,
+                    projectHealth: candidate.projectHealth,
+                    getRepoScore: (repo) => getStateManager().getRepoScore(repo),
+                });
                 const vetResult = {
                     issue: {
                         repo: candidate.issue.repo,
@@ -75,6 +83,7 @@ export async function runVetList(options = {}) {
                     reasonsToSkip: candidate.reasonsToSkip,
                     projectHealth: candidate.projectHealth,
                     vettingResult: candidate.vettingResult,
+                    grade,
                 };
                 results.push({
                     ...vetResult,
@@ -90,6 +99,7 @@ export async function runVetList(options = {}) {
                     reasonsToSkip: [`Error: ${error instanceof Error ? error.message : String(error)}`],
                     projectHealth: {},
                     vettingResult: {},
+                    grade: UNKNOWN_GRADE,
                     listStatus: 'error',
                     errorMessage: error instanceof Error ? error.message : String(error),
                 });

package/dist/commands/vet.js

@@ -4,6 +4,8 @@
  */
 import { createAutopilotScout } from './scout-bridge.js';
 import { ISSUE_URL_PATTERN, validateGitHubUrl, validateUrl } from './validation.js';
+import { gradeFromCandidate } from '../core/issue-grading.js';
+import { getStateManager } from '../core/index.js';
 /**
  * Vet a specific GitHub issue for claimability and project health.
  *
@@ -17,6 +19,11 @@ export async function runVet(options) {
     validateGitHubUrl(options.issueUrl, ISSUE_URL_PATTERN, 'issue');
     const scout = await createAutopilotScout();
     const candidate = await scout.vetIssue(options.issueUrl);
+    const grade = gradeFromCandidate({
+        repo: candidate.issue.repo,
+        projectHealth: candidate.projectHealth,
+        getRepoScore: (repo) => getStateManager().getRepoScore(repo),
+    });
     return {
         issue: {
             repo: candidate.issue.repo,
@@ -30,5 +37,6 @@ export async function runVet(options) {
         reasonsToSkip: candidate.reasonsToSkip,
         projectHealth: candidate.projectHealth,
         vettingResult: candidate.vettingResult,
+        grade,
     };
 }

package/dist/core/anti-llm-policy.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Anti-LLM policy scan (#108, #911, #979).
+ *
+ * Scan concatenated repo docs (CONTRIBUTING.md, CODE_OF_CONDUCT.md,
+ * README) for language that indicates the project does not accept
+ * AI/LLM-generated contributions. Previously described as a keyword
+ * table in prose in agents/issue-scout.md.
+ *
+ * The long-term home for this logic is `@oss-scout/core`, where the
+ * relevant files are already fetched during vetting. Keeping it here
+ * for now lets the agent invoke it directly and gives scout a
+ * reference implementation + test fixtures to adopt. See #979.
+ *
+ * Precision matters more than recall. False positives (flagging a
+ * project that actually welcomes AI help) silently shrink the user's
+ * contribution surface without recourse. We only match on phrases
+ * that combine a rejection keyword (no / reject / will be closed /
+ * don't accept) with an AI/LLM noun.
+ */
+export type AntiLLMCategory = 'explicit_ban' | 'tool_ban' | 'reject_framing';
+export interface AntiLLMMatch {
+    category: AntiLLMCategory;
+    /** The exact substring from the source text that triggered the match. */
+    phrase: string;
+    /** ~80 character window around the match, for surfacing to the user. */
+    excerpt: string;
+}
+export interface AntiLLMScanResult {
+    matched: boolean;
+    matches: AntiLLMMatch[];
+}
+export declare function scanForAntiLLMPolicy(text: string): AntiLLMScanResult;

package/dist/core/anti-llm-policy.js

@@ -0,0 +1,101 @@
+/**
+ * Anti-LLM policy scan (#108, #911, #979).
+ *
+ * Scan concatenated repo docs (CONTRIBUTING.md, CODE_OF_CONDUCT.md,
+ * README) for language that indicates the project does not accept
+ * AI/LLM-generated contributions. Previously described as a keyword
+ * table in prose in agents/issue-scout.md.
+ *
+ * The long-term home for this logic is `@oss-scout/core`, where the
+ * relevant files are already fetched during vetting. Keeping it here
+ * for now lets the agent invoke it directly and gives scout a
+ * reference implementation + test fixtures to adopt. See #979.
+ *
+ * Precision matters more than recall. False positives (flagging a
+ * project that actually welcomes AI help) silently shrink the user's
+ * contribution surface without recourse. We only match on phrases
+ * that combine a rejection keyword (no / reject / will be closed /
+ * don't accept) with an AI/LLM noun.
+ */
+const PATTERNS = [
+    // Explicit "no X" bans against AI/LLM nouns.
+    { category: 'explicit_ban', regex: /\bno\s+(ai|llm)[-\s](generated|authored|written|assisted|contributions?)/i },
+    { category: 'explicit_ban', regex: /\b(ban|banned|banning)\s+(ai|llm)\b/i },
+    // Named-tool bans. Optionally match a "-generated/-authored/-…"
+    // continuation (clear ban wording), and use a negative lookahead to
+    // reject unrelated hyphen-words like "no copilot-style autocomplete"
+    // (which describes a feature, not a contribution policy).
+    {
+        category: 'tool_ban',
+        regex: /\bno\s+(copilot|chatgpt|claude|cursor)(-(generated|authored|assisted|written))?(?![a-z-])/i,
+    },
+    { category: 'tool_ban', regex: /\bno\s+ai\s+coding\s+tools?\b/i },
+    // Rejection framing. To avoid false positives like "AI PRs are closed
+    // to new comments" (closed means something else) or "AI suggestions
+    // from your IDE" (not a contribution), we require both an AI/LLM
+    // qualifier AND a contribution noun AND a rejection verb phrase. The
+    // two patterns cover "AI-generated code will be closed" (with
+    // participle) and "AI contributions will be closed" (without).
+    {
+        category: 'reject_framing',
+        regex: /\b(ai|llm)[-\s](generated|assisted|authored|written)\s+(code|prs?|contributions?)\s+(will\s+be\s+(closed|rejected)|are\s+rejected)/i,
+    },
+    {
+        category: 'reject_framing',
+        regex: /\b(ai|llm)\s+(code|prs?|contributions?)\s+(will\s+be\s+(closed|rejected)|are\s+rejected)/i,
+    },
+    // "do/does not accept AI-{noun}" / "reject AI contributions" — both
+    // require a contribution noun to avoid matching "accept AI suggestions
+    // from your IDE" or similar incidental mentions.
+    {
+        category: 'reject_framing',
+        regex: /\b(do|does)(\s+not|n't)\s+accept\s+(ai|llm)[-\s](generated|assisted|authored|written|contributions?|code|prs?)\b/i,
+    },
+    { category: 'reject_framing', regex: /\breject\s+(ai|llm)\s+contributions?\b/i },
+];
+const EXCERPT_RADIUS = 40;
+function makeExcerpt(text, matchIndex, matchLength) {
+    const start = Math.max(0, matchIndex - EXCERPT_RADIUS);
+    const end = Math.min(text.length, matchIndex + matchLength + EXCERPT_RADIUS);
+    const prefix = start > 0 ? '…' : '';
+    const suffix = end < text.length ? '…' : '';
+    return `${prefix}${text.slice(start, end).replace(/\s+/g, ' ').trim()}${suffix}`;
+}
+/**
+ * Normalize exotic whitespace and hyphens so patterns written with plain
+ * ASCII still match real-world markdown. Covers non-breaking space,
+ * non-breaking hyphen, en dash, em dash, and figure dash — all of which
+ * show up in CONTRIBUTING files authored in rich-text editors.
+ */
+function normalizeText(text) {
+    return text
+        .normalize('NFKC')
+        .replace(/[\u00A0]/g, ' ')
+        .replace(/[\u2010\u2011\u2012\u2013\u2014\u2015]/g, '-');
+}
+export function scanForAntiLLMPolicy(text) {
+    if (typeof text !== 'string') {
+        throw new TypeError(`scanForAntiLLMPolicy: expected string, received ${typeof text}`);
+    }
+    if (text === '')
+        return { matched: false, matches: [] };
+    const normalized = normalizeText(text);
+    const seenLabels = new Set();
+    const matches = [];
+    for (const pattern of PATTERNS) {
+        const hit = normalized.match(pattern.regex);
+        if (!hit || hit.index === undefined)
+            continue;
+        const phrase = hit[0];
+        const key = `${pattern.category}:${phrase.toLowerCase()}`;
+        if (seenLabels.has(key))
+            continue;
+        seenLabels.add(key);
+        matches.push({
+            category: pattern.category,
+            phrase,
+            excerpt: makeExcerpt(normalized, hit.index, phrase.length),
+        });
+    }
+    return { matched: matches.length > 0, matches };
+}

package/dist/core/index.d.ts

@@ -15,5 +15,7 @@ export { HttpCache, getHttpCache, cachedRequest, type CacheEntry } from './http-
 export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
 export { computeContributionStats, type ContributionStats, type ComputeStatsInput } from './stats.js';
 export { fetchPRTemplate, type PRTemplateResult } from './pr-template.js';
+export { classifyLinkedPR, type LinkedPR, type LinkedPRClassification, type LinkedPRState, } from './linked-pr-classification.js';
+export { scanForAntiLLMPolicy, type AntiLLMCategory, type AntiLLMMatch, type AntiLLMScanResult, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, type DetectedFormatter, type FormatterDetectionResult, type CIFormatterDiagnosis, type FormatterName, } from './formatter-detection.js';
 export * from './types.js';

package/dist/core/index.js

@@ -16,5 +16,7 @@ export { HttpCache, getHttpCache, cachedRequest } from './http-cache.js';
 export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
 export { computeContributionStats } from './stats.js';
 export { fetchPRTemplate } from './pr-template.js';
+export { classifyLinkedPR, } from './linked-pr-classification.js';
+export { scanForAntiLLMPolicy, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, } from './formatter-detection.js';
 export * from './types.js';

package/dist/core/issue-grading.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Issue success-likelihood grade (#858).
+ *
+ * Predicts the probability that a contribution to a given repo will be
+ * accepted and merged, using signals already collected during vetting.
+ *
+ * The grade is letter-based (A/B/C/F — no D). Each signal is graded
+ * independently; the overall grade is the worst of the three, and is
+ * further degraded one step if any signal is unknown (missing data is
+ * treated as a risk, not ignored). This matches the policy previously
+ * described as prose in agents/issue-scout.md.
+ */
+export type GradeLetter = 'A' | 'B' | 'C' | 'F';
+export interface GradeSignals {
+    /** Average maintainer response time in days; null if unknown. */
+    avgResponseDays: number | null;
+    /** Fraction of recent PRs that merged (0–1); null if unknown. */
+    mergeRate: number | null;
+    /** Days since the most recent commit on the default branch; null if unknown. */
+    daysSinceLastCommit: number | null;
+}
+export interface GradeResult {
+    letter: GradeLetter;
+    /** Short human-readable explanation of what drove the grade. */
+    reason: string;
+}
+/**
+ * Build `GradeSignals` from a vet candidate's project health plus the
+ * optional autopilot-tracked repo score.
+ *
+ * Notes on each signal:
+ *
+ * - `avgResponseDays` — `@oss-scout/core`'s `projectHealth.avgIssueResponseDays`
+ *   is a hardcoded `0` placeholder (it doesn't yet make the additional API
+ *   calls needed to compute a real value). We therefore prefer
+ *   `repoScore.avgResponseDays`, which autopilot derives from its own PR
+ *   tracking, and fall back to `null` (unknown) if neither source has a
+ *   usable value.
+ * - `mergeRate` — derived from repoScore counts. Requires a non-empty PR
+ *   history; `0/0` is `null`, not `0`.
+ * - `daysSinceLastCommit` — taken from scout's `projectHealth`, but only
+ *   when scout's health check succeeded (`checkFailed` means scout filled
+ *   in sentinels and shouldn't be trusted).
+ */
+export declare function deriveGradeSignals(params: {
+    projectHealth: {
+        avgIssueResponseDays: number | null;
+        daysSinceLastCommit: number | null;
+        checkFailed?: boolean;
+    };
+    repoScore: {
+        mergedPRCount: number;
+        closedWithoutMergeCount: number;
+        avgResponseDays?: number | null;
+    } | null;
+}): GradeSignals;
+/**
+ * End-to-end helper for vet callers: reads the repo score, derives
+ * signals from a scout candidate, and returns the grade. Callers pass
+ * the `projectHealth` straight through from `scout.vetIssue()`.
+ */
+export declare function gradeFromCandidate(params: {
+    repo: string;
+    projectHealth: {
+        avgIssueResponseDays: number | null;
+        daysSinceLastCommit: number | null;
+        checkFailed?: boolean;
+    };
+    getRepoScore: (repo: string) => {
+        mergedPRCount: number;
+        closedWithoutMergeCount: number;
+        avgResponseDays: number | null;
+    } | undefined;
+}): GradeResult;
+export declare function computeSuccessGrade(signals: GradeSignals): GradeResult;

package/dist/core/issue-grading.js

@@ -0,0 +1,146 @@
+/**
+ * Issue success-likelihood grade (#858).
+ *
+ * Predicts the probability that a contribution to a given repo will be
+ * accepted and merged, using signals already collected during vetting.
+ *
+ * The grade is letter-based (A/B/C/F — no D). Each signal is graded
+ * independently; the overall grade is the worst of the three, and is
+ * further degraded one step if any signal is unknown (missing data is
+ * treated as a risk, not ignored). This matches the policy previously
+ * described as prose in agents/issue-scout.md.
+ */
+const SEVERITY = { A: 0, B: 1, C: 2, F: 3 };
+const LETTERS = ['A', 'B', 'C', 'F'];
+function worst(grades) {
+    return grades.reduce((acc, g) => (SEVERITY[g.letter] > SEVERITY[acc.letter] ? g : acc));
+}
+function degradeOneStep(letter) {
+    return LETTERS[Math.min(SEVERITY[letter] + 1, LETTERS.length - 1)];
+}
+/**
+ * Coerce a candidate numeric signal to `number` if it's finite and in
+ * the given range, otherwise `null`. Non-finite, NaN, and out-of-range
+ * values are treated as unknown (and therefore trigger the degrade
+ * rule) rather than silently producing bogus grades from garbage input.
+ */
+function sanitize(value, min, max) {
+    if (typeof value !== 'number' || !Number.isFinite(value))
+        return null;
+    if (value < min || value > max)
+        return null;
+    return value;
+}
+function gradeResponsiveness(avgResponseDays) {
+    if (avgResponseDays < 3)
+        return { letter: 'A', detail: `~${Math.round(avgResponseDays)}-day avg response` };
+    if (avgResponseDays < 14)
+        return { letter: 'B', detail: `${Math.round(avgResponseDays)}-day avg response` };
+    if (avgResponseDays <= 60)
+        return { letter: 'C', detail: `${Math.round(avgResponseDays)}-day avg response` };
+    return { letter: 'F', detail: 'unresponsive maintainers' };
+}
+function gradeMergeRate(mergeRate) {
+    const pct = Math.round(mergeRate * 100);
+    if (mergeRate > 0.7)
+        return { letter: 'A', detail: `merges ${pct}% of PRs` };
+    if (mergeRate >= 0.4)
+        return { letter: 'B', detail: `merges ${pct}% of PRs` };
+    if (mergeRate >= 0.1)
+        return { letter: 'C', detail: `merges ${pct}% of PRs` };
+    return { letter: 'F', detail: `merges ${pct}% of PRs` };
+}
+function gradeActivity(daysSinceLastCommit) {
+    if (daysSinceLastCommit < 7)
+        return { letter: 'A', detail: 'commits in last week' };
+    if (daysSinceLastCommit < 30)
+        return { letter: 'B', detail: 'commits in last month' };
+    if (daysSinceLastCommit < 90)
+        return { letter: 'C', detail: 'commits in last 90 days' };
+    return { letter: 'F', detail: `no commits in ${daysSinceLastCommit}+ days` };
+}
+/**
+ * Build `GradeSignals` from a vet candidate's project health plus the
+ * optional autopilot-tracked repo score.
+ *
+ * Notes on each signal:
+ *
+ * - `avgResponseDays` — `@oss-scout/core`'s `projectHealth.avgIssueResponseDays`
+ *   is a hardcoded `0` placeholder (it doesn't yet make the additional API
+ *   calls needed to compute a real value). We therefore prefer
+ *   `repoScore.avgResponseDays`, which autopilot derives from its own PR
+ *   tracking, and fall back to `null` (unknown) if neither source has a
+ *   usable value.
+ * - `mergeRate` — derived from repoScore counts. Requires a non-empty PR
+ *   history; `0/0` is `null`, not `0`.
+ * - `daysSinceLastCommit` — taken from scout's `projectHealth`, but only
+ *   when scout's health check succeeded (`checkFailed` means scout filled
+ *   in sentinels and shouldn't be trusted).
+ */
+export function deriveGradeSignals(params) {
+    const { projectHealth, repoScore } = params;
+    const healthTrusted = !projectHealth.checkFailed;
+    const avgResponseDays = sanitize(repoScore?.avgResponseDays, 0, Number.MAX_SAFE_INTEGER) ??
+        (healthTrusted ? sanitize(projectHealth.avgIssueResponseDays, 0.001, Number.MAX_SAFE_INTEGER) : null);
+    const daysSinceLastCommit = healthTrusted
+        ? sanitize(projectHealth.daysSinceLastCommit, 0, Number.MAX_SAFE_INTEGER)
+        : null;
+    let mergeRate = null;
+    if (repoScore) {
+        const merged = sanitize(repoScore.mergedPRCount, 0, Number.MAX_SAFE_INTEGER);
+        const closed = sanitize(repoScore.closedWithoutMergeCount, 0, Number.MAX_SAFE_INTEGER);
+        if (merged !== null && closed !== null) {
+            const total = merged + closed;
+            mergeRate = total === 0 ? null : merged / total;
+        }
+    }
+    return { avgResponseDays, mergeRate, daysSinceLastCommit };
+}
+/**
+ * End-to-end helper for vet callers: reads the repo score, derives
+ * signals from a scout candidate, and returns the grade. Callers pass
+ * the `projectHealth` straight through from `scout.vetIssue()`.
+ */
+export function gradeFromCandidate(params) {
+    const repoScore = params.getRepoScore(params.repo);
+    return computeSuccessGrade(deriveGradeSignals({
+        projectHealth: params.projectHealth,
+        repoScore: repoScore
+            ? {
+                mergedPRCount: repoScore.mergedPRCount,
+                closedWithoutMergeCount: repoScore.closedWithoutMergeCount,
+                avgResponseDays: repoScore.avgResponseDays,
+            }
+            : null,
+    }));
+}
+export function computeSuccessGrade(signals) {
+    const graded = [];
+    const unknowns = [];
+    const resp = sanitize(signals.avgResponseDays, 0, Number.MAX_SAFE_INTEGER);
+    if (resp === null)
+        unknowns.push('maintainer responsiveness');
+    else
+        graded.push(gradeResponsiveness(resp));
+    const mr = sanitize(signals.mergeRate, 0, 1);
+    if (mr === null)
+        unknowns.push('merge rate');
+    else
+        graded.push(gradeMergeRate(mr));
+    const act = sanitize(signals.daysSinceLastCommit, 0, Number.MAX_SAFE_INTEGER);
+    if (act === null)
+        unknowns.push('activity');
+    else
+        graded.push(gradeActivity(act));
+    // No signal available at all — give F so callers see missing data as a
+    // strong negative rather than a neutral grade.
+    if (graded.length === 0) {
+        return { letter: 'F', reason: `unknown ${unknowns.join(', ')}` };
+    }
+    const worstKnown = worst(graded);
+    const finalLetter = unknowns.length > 0 ? degradeOneStep(worstKnown.letter) : worstKnown.letter;
+    const reasonParts = [worstKnown.detail];
+    if (unknowns.length > 0)
+        reasonParts.push(`unknown ${unknowns.join(', ')}`);
+    return { letter: finalLetter, reason: reasonParts.join(', ') };
+}

package/dist/core/linked-pr-classification.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Linked-PR classification (#910, #978).
+ *
+ * Given the first linked PR on an issue, decide how it affects whether
+ * the issue is actionable for the current user. Previously described as
+ * prose in agents/issue-scout.md; extracted here as a pure function so
+ * the classification is unit-testable and uniform across callers.
+ *
+ * Integration with the vet flow is deferred — scout does not yet surface
+ * linked-PR metadata on `IssueCandidate`, so consumers need to fetch the
+ * linked PR themselves (e.g. via Octokit) and hand the shape to this
+ * function. See #978 for the upstream data-contract work.
+ */
+export type LinkedPRClassification = 'none' | 'user_open' | 'user_closed' | 'user_merged' | 'other_open' | 'other_closed' | 'other_merged';
+export type LinkedPRState = 'open' | 'closed' | 'merged';
+export interface LinkedPR {
+    /**
+     * May be `null` for deleted GitHub accounts ("ghost" users); the
+     * declared type on GitHub's API allows null here even though the REST
+     * schema example typically shows a populated user.
+     */
+    author: {
+        login: string;
+    } | null;
+    state: LinkedPRState;
+}
+export declare function classifyLinkedPR(params: {
+    linkedPR: LinkedPR | null;
+    userLogin: string;
+}): LinkedPRClassification;

package/dist/core/linked-pr-classification.js

@@ -0,0 +1,53 @@
+/**
+ * Linked-PR classification (#910, #978).
+ *
+ * Given the first linked PR on an issue, decide how it affects whether
+ * the issue is actionable for the current user. Previously described as
+ * prose in agents/issue-scout.md; extracted here as a pure function so
+ * the classification is unit-testable and uniform across callers.
+ *
+ * Integration with the vet flow is deferred — scout does not yet surface
+ * linked-PR metadata on `IssueCandidate`, so consumers need to fetch the
+ * linked PR themselves (e.g. via Octokit) and hand the shape to this
+ * function. See #978 for the upstream data-contract work.
+ */
+/**
+ * Normalize a state value from either REST (lowercase `open`/`closed`
+ * plus a separate `merged` boolean) or GraphQL (uppercase `OPEN`/
+ * `CLOSED`/`MERGED` union) into our internal lowercase form. Callers
+ * converting from REST should pre-mix `merged` into the state before
+ * calling; see the tests for expected shapes.
+ */
+function normalizeState(state) {
+    const lower = state.toLowerCase();
+    if (lower === 'open' || lower === 'closed' || lower === 'merged')
+        return lower;
+    return null;
+}
+export function classifyLinkedPR(params) {
+    const { linkedPR, userLogin } = params;
+    if (!linkedPR)
+        return 'none';
+    const state = normalizeState(linkedPR.state);
+    // Unknown state (e.g., future-extended values) is safest to treat as
+    // "closed" — skip-worthy but non-fatal — rather than throwing and
+    // breaking the whole vetting pipeline on one malformed payload.
+    const effectiveState = state ?? 'closed';
+    // GitHub usernames are case-insensitive ASCII. Ghost authors (deleted
+    // accounts) return `null` or an empty login; in both cases we can't
+    // prove the PR is the user's own, so we classify it as "other_*".
+    const authorLogin = linkedPR.author?.login ?? '';
+    const isUserOwn = authorLogin !== '' && userLogin !== '' && authorLogin.toLowerCase() === userLogin.toLowerCase();
+    if (isUserOwn) {
+        if (effectiveState === 'open')
+            return 'user_open';
+        if (effectiveState === 'merged')
+            return 'user_merged';
+        return 'user_closed';
+    }
+    if (effectiveState === 'open')
+        return 'other_open';
+    if (effectiveState === 'merged')
+        return 'other_merged';
+    return 'other_closed';
+}

package/dist/formatters/json.d.ts

@@ -313,6 +313,11 @@ export interface VetOutput {
     reasonsToSkip: string[];
     projectHealth: unknown;
     vettingResult: unknown;
+    /** Success-likelihood grade (#858): predicts whether a PR will merge. */
+    grade: {
+        letter: 'A' | 'B' | 'C' | 'F';
+        reason: string;
+    };
 }
 /** Output of the comments command */
 export interface CommentsOutput {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oss-autopilot/core",
-  "version": "1.15.0",
+  "version": "1.15.1",
   "description": "CLI and core library for managing open source contributions",
   "type": "module",
   "bin": {