@oss-autopilot/core 3.10.0 → 3.12.0

package/dist/core/daily-logic.js

@@ -248,62 +248,75 @@ export function collectActionableIssues(prs, lastDigestAt) {
         'merge_conflict',
         'incomplete_checklist',
     ];
-    for (const reason of reasonOrder) {
-        for (const pr of actionPRs) {
-            if (pr.actionReason !== reason)
-                continue;
-            let label;
-            let type;
-            switch (reason) {
-                case 'needs_response': {
-                    label = '[Needs Response]';
-                    type = 'needs_response';
-                    break;
-                }
-                case 'needs_changes': {
-                    label = '[Needs Changes]';
-                    type = 'needs_changes';
-                    break;
-                }
-                case 'failing_ci': {
-                    const checkInfo = pr.failingCheckNames.length > 0 ? ` (${pr.failingCheckNames.join(', ')})` : '';
-                    label = `[CI Failing${checkInfo}]`;
-                    type = 'ci_failing';
-                    break;
-                }
-                case 'merge_conflict': {
-                    label = '[Merge Conflict]';
-                    type = 'merge_conflict';
-                    break;
-                }
-                case 'incomplete_checklist': {
-                    const stats = pr.checklistStats ? ` (${pr.checklistStats.checked}/${pr.checklistStats.total})` : '';
-                    label = `[Incomplete Checklist${stats}]`;
-                    type = 'incomplete_checklist';
-                    break;
-                }
-                default: {
-                    // Defensive fallback for ActionReason values not explicitly handled
-                    // above (e.g. ci_not_running, needs_rebase, missing_required_files).
-                    // These aren't in reasonOrder today but this guards future additions.
-                    warn('daily-logic', `Unhandled ActionReason "${reason}" for PR ${pr.url} — falling back to needs_response`);
-                    label = `[${reason}]`;
-                    type = 'needs_response';
-                }
+    // #1352: every needs_addressing PR produces exactly one entry, including
+    // PRs whose actionReason is missing or outside reasonOrder (the defensive
+    // default below). This keeps the CLI brief's count equal to the dashboard's
+    // needs_attention bucket by construction — previously an unmapped reason
+    // silently dropped the PR from the brief while the dashboard still counted
+    // it. Unmapped reasons sort last.
+    const sortedPRs = [...actionPRs].sort((a, b) => {
+        const rank = (pr) => {
+            const i = reasonOrder.indexOf(pr.actionReason);
+            return i === -1 ? reasonOrder.length : i;
+        };
+        return rank(a) - rank(b);
+    });
+    for (const pr of sortedPRs) {
+        if (pr.actionReason === undefined) {
+            warn('daily-logic', `needs_addressing PR ${pr.url} has no actionReason — defaulting to needs_response`);
+        }
+        const reason = pr.actionReason ?? 'needs_response';
+        let label;
+        let type;
+        switch (reason) {
+            case 'needs_response': {
+                label = '[Needs Response]';
+                type = 'needs_response';
+                break;
+            }
+            case 'needs_changes': {
+                label = '[Needs Changes]';
+                type = 'needs_changes';
+                break;
+            }
+            case 'failing_ci': {
+                const checkInfo = pr.failingCheckNames.length > 0 ? ` (${pr.failingCheckNames.join(', ')})` : '';
+                label = `[CI Failing${checkInfo}]`;
+                type = 'ci_failing';
+                break;
+            }
+            case 'merge_conflict': {
+                label = '[Merge Conflict]';
+                type = 'merge_conflict';
+                break;
             }
-            // A PR is "new" if it was created after the last daily digest (first time seen).
-            // If there's no previous digest (first run) or createdAt is invalid, assume new.
-            const createdTime = new Date(pr.createdAt).getTime();
-            let isNewContribution;
-            if (isNaN(createdTime)) {
-                warn('daily-logic', `Invalid createdAt "${pr.createdAt}" for PR ${pr.url}, assuming new contribution`);
-                isNewContribution = true;
+            case 'incomplete_checklist': {
+                const stats = pr.checklistStats ? ` (${pr.checklistStats.checked}/${pr.checklistStats.total})` : '';
+                label = `[Incomplete Checklist${stats}]`;
+                type = 'incomplete_checklist';
+                break;
             }
-            else {
-                isNewContribution = isNaN(lastDigestTime) || createdTime > lastDigestTime;
+            default: {
+                // Defensive fallback for ActionReason values not explicitly handled
+                // above (e.g. ci_not_running, needs_rebase, missing_required_files).
+                // These aren't in reasonOrder today but this guards future additions.
+                warn('daily-logic', `Unhandled ActionReason "${reason}" for PR ${pr.url} — falling back to needs_response`);
+                label = `[${reason}]`;
+                type = 'needs_response';
             }
-            issues.push({ type, pr, label, isNewContribution });
         }
+        // A PR is "new" if it was created after the last daily digest (first time seen).
+        // If there's no previous digest (first run) or createdAt is invalid, assume new.
+        const createdTime = new Date(pr.createdAt).getTime();
+        let isNewContribution;
+        if (isNaN(createdTime)) {
+            warn('daily-logic', `Invalid createdAt "${pr.createdAt}" for PR ${pr.url}, assuming new contribution`);
+            isNewContribution = true;
+        }
+        else {
+            isNewContribution = isNaN(lastDigestTime) || createdTime > lastDigestTime;
+        }
+        issues.push({ type, pr, label, isNewContribution });
     }
     return issues;
 }

package/dist/core/gist-state-store.js

@@ -49,7 +49,7 @@ import { AgentStateSchema } from './state-schema.js';
 import { atomicWriteFileSync, createFreshState, migrateV1ToV2, migrateV2ToV3, migrateV3ToV4, } from './state-persistence.js';
 import { getGistIdPath, getStateCachePath } from './paths.js';
 import { debug, warn } from './logger.js';
-import { GistPermissionError, GistConcurrencyError, GistCorruptError, isRateLimitError } from './errors.js';
+import { ConfigurationError, GistPermissionError, GistConcurrencyError, GistCorruptError, isRateLimitError, } from './errors.js';
 const MODULE = 'gist-store';
 /**
  * Extract the ETag header from an Octokit response, tolerating both lower-
@@ -139,6 +139,13 @@ export class GistStateStore {
                     return { gistId: localId, state, created: false };
                 }
                 catch (err) {
+                    // A corrupt or permission-broken Gist must surface immediately
+                    // (#1367): falling through to search would either re-find the same
+                    // corrupt Gist or silently abandon it and create a fresh one.
+                    if (err instanceof ConfigurationError)
+                        throw err;
+                    if (isRateLimitError(err))
+                        throw err;
                     warn(MODULE, `Failed to fetch Gist ${localId}, will search/create`, err);
                     // Fall through to search
                 }
@@ -159,10 +166,22 @@ export class GistStateStore {
             return { gistId: id, state, created: true };
         }
         catch (err) {
-            // Configuration errors (e.g. GistPermissionError) must surface, not degrade
-            if (err instanceof GistPermissionError)
+            // Configuration errors (GistPermissionError, GistCorruptError) and rate
+            // limits must surface, not degrade (#1367). A corrupt Gist especially:
+            // fetchAndCache arms this.gistId/lastFetchedEtag before the parse
+            // throws, so a degraded store could push() local or fresh state over
+            // the corrupt remote — the exact data loss #1201 exists to prevent.
+            // Rate limits propagate per the errors.ts contract; degrading would
+            // present "you are rate-limited" as a stale local cache.
+            if (err instanceof ConfigurationError)
                 throw err;
-            // All API paths failed — enter degraded mode
+            if (isRateLimitError(err))
+                throw err;
+            // All API paths failed — enter degraded mode. Disarm the remote write
+            // path first: a degraded store never verified its Gist, so it must
+            // never be able to push to one (#1367).
+            this.gistId = null;
+            this.lastFetchedEtag = null;
             warn(MODULE, 'All Gist API paths failed, entering degraded mode', err);
             // Try reading from local cache file
             const cachePath = getStateCachePath();
@@ -222,6 +241,12 @@ export class GistStateStore {
                     return { gistId: localId, state, created: false, migrated: false };
                 }
                 catch (err) {
+                    // See bootstrap(): corrupt/permission/rate-limit errors surface
+                    // immediately rather than falling through (#1367).
+                    if (err instanceof ConfigurationError)
+                        throw err;
+                    if (isRateLimitError(err))
+                        throw err;
                     warn(MODULE, `bootstrapWithMigration: failed to fetch Gist ${localId}, will search/create`, err);
                     // Fall through to search
                 }
@@ -242,10 +267,16 @@ export class GistStateStore {
             return { gistId: id, state, created: true, migrated: true };
         }
         catch (err) {
-            // Configuration errors (e.g. GistPermissionError) must surface, not degrade
-            if (err instanceof GistPermissionError)
+            // Same surfacing contract as bootstrap() (#1367): configuration errors
+            // and rate limits rethrow; only genuine API unavailability degrades.
+            if (err instanceof ConfigurationError)
+                throw err;
+            if (isRateLimitError(err))
                 throw err;
-            // All API paths failed — enter degraded mode
+            // All API paths failed — enter degraded mode with the push path
+            // disarmed (see bootstrap()).
+            this.gistId = null;
+            this.lastFetchedEtag = null;
             warn(MODULE, 'bootstrapWithMigration: all Gist API paths failed, entering degraded mode', err);
             // Try reading from local cache file
             const cachePath = getStateCachePath();
@@ -627,6 +658,10 @@ export class GistStateStore {
             }
         }
         catch (err) {
+            // A rate-limited search must not read as "no Gist found" — bootstrap
+            // would proceed to create a duplicate Gist while throttled (#1367).
+            if (isRateLimitError(err))
+                throw err;
             warn(MODULE, 'Failed to search Gists by description', err);
         }
         return null;

package/dist/core/index.d.ts

@@ -8,7 +8,7 @@ export { guidelinesFilename, repoFromGuidelinesFilename, GUIDELINES_FILE_PREFIX,
 export { PRMonitor, type PRCheckFailure, type FetchPRsResult, computeDisplayLabel, classifyCICheck, classifyFailingChecks, } from './pr-monitor.js';
 export { IssueConversationMonitor } from './issue-conversation.js';
 export { isBotAuthor, isAcknowledgmentComment } from './comment-utils.js';
-export { wrapUntrustedContent, extractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, type UntrustedContentMeta, } from './untrusted-content.js';
+export { wrapUntrustedContent, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, type UntrustedContentMeta, } from './untrusted-content.js';
 export { getOctokit, checkRateLimit, type RateLimitInfo } from './github.js';
 export { parseGitHubUrl, splitRepo, isOwnRepo } from './urls.js';
 export { daysBetween, formatRelativeTime, byDateDescending } from './dates.js';
@@ -22,6 +22,8 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats, type ContributionStats, type ComputeStatsInput } from './stats.js';
 export { fetchPRTemplate, type PRTemplateResult } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, type LinkedPR, type LinkedPRClassification, type LinkedPRState, } from './linked-pr-classification.js';
+export { classifyIssueAvailability, fetchIssueVerification, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
+export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, type AttentionBucket, type AttentionInput, type AttentionSummary, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, type AntiLLMCategory, type AntiLLMMatch, type AntiLLMScanResult, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, type DetectedFormatter, type FormatterDetectionResult, type CIFormatterDiagnosis, type FormatterName, } from './formatter-detection.js';
 export { CONFIG_KEY_REGISTRY, type ConfigKeyDef, type SettableVia, isKnownKey, getKeyDef, getSetupKeys, getConfigKeys, suggestKey, formatUnknownKeyError, } from './config-registry.js';

package/dist/core/index.js

@@ -9,7 +9,7 @@ export { PRMonitor, computeDisplayLabel, classifyCICheck, classifyFailingChecks,
 // Search/vetting now delegated to @oss-scout/core via commands/scout-bridge.ts
 export { IssueConversationMonitor } from './issue-conversation.js';
 export { isBotAuthor, isAcknowledgmentComment } from './comment-utils.js';
-export { wrapUntrustedContent, extractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, } from './untrusted-content.js';
+export { wrapUntrustedContent, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, } from './untrusted-content.js';
 export { getOctokit, checkRateLimit } from './github.js';
 export { parseGitHubUrl, splitRepo, isOwnRepo } from './urls.js';
 export { daysBetween, formatRelativeTime, byDateDescending } from './dates.js';
@@ -23,6 +23,8 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats } from './stats.js';
 export { fetchPRTemplate } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, } from './linked-pr-classification.js';
+export { classifyIssueAvailability, fetchIssueVerification, } from './issue-verification.js';
+export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, } from './formatter-detection.js';
 export { CONFIG_KEY_REGISTRY, isKnownKey, getKeyDef, getSetupKeys, getConfigKeys, suggestKey, formatUnknownKeyError, } from './config-registry.js';

package/dist/core/issue-conversation.js

@@ -12,7 +12,7 @@ import { getStateManager } from './state.js';
 import { daysBetween } from './dates.js';
 import { splitRepo, extractOwnerRepo, isOwnRepo } from './urls.js';
 import { runWorkerPool, DEFAULT_CONCURRENCY } from './concurrency.js';
-import { ConfigurationError, errorMessage } from './errors.js';
+import { ConfigurationError, errorMessage, isRateLimitOrAuthError } from './errors.js';
 import { debug, warn } from './logger.js';
 const MODULE = 'issue-conversation';
 const MAX_CONCURRENT_REQUESTS = DEFAULT_CONCURRENCY;
@@ -108,6 +108,14 @@ export class IssueConversationMonitor {
                 }
             }
             catch (error) {
+                // Rate-limit / auth failures must propagate, not degrade to "fewer
+                // results" — under throttling every sibling analysis fails the same
+                // way and the partial result silently looks like a quiet day (#1391).
+                // runWorkerPool aborts remaining workers and rejects; daily.ts and
+                // dashboard-data.ts rethrow rate-limit/auth from their phase catches,
+                // aborting the run just like PRMonitor's 429s do.
+                if (isRateLimitOrAuthError(error))
+                    throw error;
                 const msg = errorMessage(error);
                 failures.push({ issueUrl: item.html_url, error: msg });
                 warn(MODULE, `Error analyzing issue ${item.html_url}: ${msg}`);
@@ -117,7 +125,7 @@ export class IssueConversationMonitor {
             warn(MODULE, `${failures.length}/${candidates.length} issue analysis call(s) failed`);
         }
         if (failures.length === candidates.length && candidates.length > 0) {
-            warn(MODULE, `All ${candidates.length} issue analysis call(s) failed. Possible systemic issue (rate limit, auth, network).`);
+            warn(MODULE, `All ${candidates.length} issue analysis call(s) failed. Possible systemic issue (network, GitHub availability).`);
         }
         // Sort: new_response first, then waiting, then acknowledged
         const statusOrder = {
@@ -199,6 +207,11 @@ export class IssueConversationMonitor {
             }
         }
         const labels = (item.labels || []).map((l) => l.name || '').filter(Boolean);
+        // Body excerpts stay RAW here on purpose (#1372): these objects feed the
+        // dashboard SPA and the CLI text renderers directly, and the matching
+        // above (acknowledgment / @mention) operates on raw text. The
+        // `<github-content>` fence is applied at the agent-facing serialization
+        // boundary in `toDailyOutput()` (commands/daily.ts).
         const base = {
             repo: repoFullName,
             number: item.number,

package/dist/core/issue-verification.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Deterministic issue verification (#1353, #1354).
+ *
+ * One GraphQL round-trip answers the two questions the issue-scout agent
+ * historically hallucinated: "is this issue actually open?" and "is it
+ * actually taken?". The query fetches the issue's `state`/`stateReason`,
+ * its assignees, every cross-referenced PR with `closingIssuesReferences`,
+ * and `viewer.login` — so "is this my PR?" is derived from the same token
+ * that fetched the data instead of a cached username.
+ *
+ * Classification is a pure function (`classifyIssueAvailability`) so the
+ * verdict rules are unit-testable without network access. The distinction
+ * that matters (#1353): a PR whose `closingIssuesReferences` includes this
+ * issue is a real claim (`closing`); a PR that merely mentions the issue in
+ * its timeline is just a mention (`cross-referenced`) and must not drive a
+ * "Taken" verdict.
+ */
+import type { Octokit } from '@octokit/rest';
+/** How a PR found in the issue's timeline relates to the issue. */
+export type LinkedPRLinkType = 'closing' | 'cross-referenced';
+export interface VerifiedLinkedPR {
+    number: number;
+    url: string;
+    title: string;
+    /** Lowercase normalization of GraphQL's OPEN/CLOSED/MERGED union. */
+    state: 'open' | 'closed' | 'merged';
+    isDraft: boolean;
+    /** PR author login; null for ghost (deleted) accounts. */
+    author: string | null;
+    /** True when the PR author is the authenticated user (case-insensitive). */
+    isOwn: boolean;
+    /** `closing` = the PR's closingIssuesReferences names this issue (a real
+     * claim). `cross-referenced` = timeline mention only (NOT a claim). */
+    linkType: LinkedPRLinkType;
+    updatedAt: string | null;
+}
+/**
+ * The short-circuit signal consumers route on:
+ * - `closed` — issue is not open; stop all further analysis (#1353).
+ * - `own-open-pr` — the authenticated user already has an open closing PR;
+ *   not a new opportunity (#1354).
+ * - `taken` — someone else has an open closing PR, or the issue is assigned
+ *   to someone else.
+ * - `at-risk` — no hard claim, but signals competition or imminent closure
+ *   (open cross-referencing PRs, or a merged closing PR awaiting issue close).
+ * - `available` — open, unassigned, no claiming PRs.
+ */
+export type IssueAvailabilityVerdict = 'closed' | 'own-open-pr' | 'taken' | 'at-risk' | 'available';
+export interface IssueVerification {
+    url: string;
+    owner: string;
+    repo: string;
+    number: number;
+    title: string;
+    /** Lowercase normalization of GraphQL's OPEN/CLOSED union. */
+    state: 'open' | 'closed';
+    /** Lowercase GraphQL IssueStateReason. `completed` = fixed upstream (mark
+     * Done); `not_planned` = wontfix (drop permanently). Note: an OPEN issue
+     * can carry `reopened` — never infer closed-ness from a non-null reason;
+     * branch on `state` only. */
+    stateReason: 'completed' | 'not_planned' | 'reopened' | 'duplicate' | null;
+    closedAt: string | null;
+    assignees: string[];
+    linkedPRs: VerifiedLinkedPR[];
+    verdict: IssueAvailabilityVerdict;
+    verdictReason: string;
+    /** Login of the authenticated user the verdict was computed for. */
+    userLogin: string;
+}
+/** Inputs for the pure verdict classifier — the fetched facts, no I/O. */
+export interface ClassifyIssueAvailabilityInput {
+    state: 'open' | 'closed';
+    stateReason: IssueVerification['stateReason'];
+    assignees: string[];
+    linkedPRs: VerifiedLinkedPR[];
+    userLogin: string;
+}
+/**
+ * Compute the availability verdict from fetched facts. Rules in priority
+ * order; the first match wins.
+ */
+export declare function classifyIssueAvailability(input: ClassifyIssueAvailabilityInput): {
+    verdict: IssueAvailabilityVerdict;
+    verdictReason: string;
+};
+export interface VerifyIssueParams {
+    owner: string;
+    repo: string;
+    number: number;
+}
+export declare function fetchIssueVerification(octokit: Octokit, params: VerifyIssueParams): Promise<IssueVerification>;