@oss-autopilot/core 3.11.0 → 3.12.0

package/dist/commands/daily-render.d.ts

@@ -15,6 +15,7 @@
  * (daily-logic.test.ts) — pure rendering, easy to assert on string output.
  */
 import type { CapacityAssessment, CommentedIssue, CommentedIssueWithResponse, DailyDigest, MaintainerActionHint } from '../core/types.js';
+import type { AttentionSummary } from '../core/pr-attention.js';
 /**
  * Format a maintainer action hint as a human-readable label.
  */
@@ -24,7 +25,7 @@ export declare function formatActionHint(hint: MaintainerActionHint): string;
  *
  * @returns One-line status string (e.g., "3 Active PRs | 1 needs attention | 2 issue replies")
  */
-export declare function formatBriefSummary(digest: DailyDigest, issueCount: number, issueResponseCount?: number): string;
+export declare function formatBriefSummary(digest: DailyDigest, issueCount: number, issueResponseCount?: number, attention?: Pick<AttentionSummary, 'stuckCI' | 'dormantFollowup'>): string;
 /**
  * Format the full dashboard summary as markdown.
  * Used in JSON output for Claude to display verbatim — includes all PR sections,

package/dist/commands/daily-render.js

@@ -42,10 +42,16 @@ export function formatActionHint(hint) {
  *
  * @returns One-line status string (e.g., "3 Active PRs | 1 needs attention | 2 issue replies")
  */
-export function formatBriefSummary(digest, issueCount, issueResponseCount = 0) {
+export function formatBriefSummary(digest, issueCount, issueResponseCount = 0, attention) {
     const attentionText = issueCount > 0 ? `${issueCount} need${issueCount === 1 ? 's' : ''} attention` : 'all on track';
     const issueReplyText = issueResponseCount > 0 ? ` | ${issueResponseCount} issue repl${issueResponseCount === 1 ? 'y' : 'ies'}` : '';
-    return `\u{1F4CA} ${digest.summary.totalActivePRs} Active PRs | ${attentionText}${issueReplyText}`;
+    // #1352: the watch-style buckets are appended only when non-zero — they're
+    // ping/nudge workflows, not part of the headline "need attention" count.
+    const stuckText = attention && attention.stuckCI > 0 ? ` | ${attention.stuckCI} stuck CI` : '';
+    const dormantText = attention && attention.dormantFollowup > 0
+        ? ` | ${attention.dormantFollowup} dormant follow-up${attention.dormantFollowup === 1 ? '' : 's'}`
+        : '';
+    return `\u{1F4CA} ${digest.summary.totalActivePRs} Active PRs | ${attentionText}${issueReplyText}${stuckText}${dormantText}`;
 }
 /**
  * Format the full dashboard summary as markdown.

package/dist/commands/daily.d.ts

@@ -6,7 +6,7 @@
  * Domain logic lives in src/core/daily-logic.ts; this file is a thin
  * orchestration layer that wires up the phases and handles I/O.
  */
-import { type DailyDigest, type CommentedIssue, type PRCheckFailure, type RepoGroup } from '../core/index.js';
+import { type AttentionSummary, type DailyDigest, type CommentedIssue, type PRCheckFailure, type RepoGroup } from '../core/index.js';
 import { type StrategyResult } from '../core/strategy.js';
 import { type DailyOutput, type DailyWarning, type CapacityAssessment, type ActionableIssue, type ActionMenu } from '../formatters/json.js';
 export { applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, formatBriefSummary, formatSummary, printDigest, CRITICAL_STATUSES, } from '../core/index.js';
@@ -23,6 +23,8 @@ export interface DailyCheckResult {
     summary: string;
     briefSummary: string;
     actionableIssues: ActionableIssue[];
+    /** Unified attention-bucket counts over active PRs (#1352). */
+    attention: AttentionSummary;
     actionMenu: ActionMenu;
     commentedIssues: CommentedIssue[];
     repoGroups: RepoGroup[];

package/dist/commands/daily.js

@@ -6,7 +6,7 @@
  * Domain logic lives in src/core/daily-logic.ts; this file is a thin
  * orchestration layer that wires up the phases and handles I/O.
  */
-import { getStateManager, PRMonitor, IssueConversationMonitor, requireGitHubToken, CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, formatBriefSummary, formatSummary, } from '../core/index.js';
+import { getStateManager, PRMonitor, IssueConversationMonitor, requireGitHubToken, CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, formatBriefSummary, formatSummary, summarizeAttentionBuckets, } from '../core/index.js';
 import { errorMessage, isRateLimitOrAuthError } from '../core/errors.js';
 import { wrapUntrustedContent } from '../core/untrusted-content.js';
 import { computeStrategy, shouldComputeStrategy } from '../core/strategy.js';
@@ -420,7 +420,10 @@ function generateDigestOutput(digest, activePRs, shelvedPRs, commentedIssues, fa
     // Auto-undismiss mutations are auto-saved by undismissIssue()
     const actionableIssues = collectActionableIssues(activePRs, previousLastDigestAt);
     digest.summary.totalNeedingAttention = actionableIssues.length;
-    const briefSummary = formatBriefSummary(digest, actionableIssues.length, issueResponses.length);
+    // #1352: one classifier for all attention surfaces — the dashboard stamps
+    // the same buckets per-PR, so the headline counts cannot diverge.
+    const attention = summarizeAttentionBuckets(activePRs);
+    const briefSummary = formatBriefSummary(digest, actionableIssues.length, issueResponses.length, attention);
     const actionMenu = computeActionMenu(actionableIssues, capacity, filteredCommentedIssues);
     const repoGroups = groupPRsByRepo(activePRs);
     // Periodic strategy snapshot (#1270 Step 2). Cadence-gated to fire every
@@ -447,6 +450,7 @@ function generateDigestOutput(digest, activePRs, shelvedPRs, commentedIssues, fa
         summary,
         briefSummary,
         actionableIssues,
+        attention,
         actionMenu,
         commentedIssues: filteredCommentedIssues,
         repoGroups,
@@ -502,6 +506,7 @@ export function toDailyOutput(result) {
         summary: result.summary,
         briefSummary: result.briefSummary,
         actionableIssues: compactActionableIssues(result.actionableIssues),
+        attention: result.attention,
         actionMenu: result.actionMenu,
         commentedIssues: result.commentedIssues.map(fenceCommentedIssue),
         repoGroups: compactRepoGroups(result.repoGroups),

package/dist/commands/dashboard-data.js

@@ -3,7 +3,7 @@
  * Handles GitHub API calls, PR grouping, stats computation, and monthly chart data.
  * Consumed by the dashboard HTTP server (dashboard-server.ts) for the SPA API.
  */
-import { getStateManager, PRMonitor, IssueConversationMonitor, getOctokit } from '../core/index.js';
+import { getStateManager, PRMonitor, IssueConversationMonitor, getOctokit, CRITICAL_STATUSES } from '../core/index.js';
 import { errorMessage, isRateLimitOrAuthError } from '../core/errors.js';
 import { warn } from '../core/logger.js';
 import { emptyPRCountsResult, fetchMergedPRsSince, fetchClosedPRsSince } from '../core/github-stats.js';
@@ -39,9 +39,16 @@ export function buildDashboardStats(digest, state, storedMergedCount, storedClos
  * A PR is shelved for display when the user explicitly shelved it, or the
  * dormant-auto-shelve rule applies (dormant + not needing attention). Mirrors
  * the partition built in fetchDashboardData (see the `freshShelved` filter).
+ *
+ * #1352: an explicitly shelved PR that turns critical is NOT shelved for
+ * display — the daily check auto-unshelves it (`CRITICAL_STATUSES`), so the
+ * dashboard must agree immediately rather than diverging from the CLI's
+ * headline count until the next daily run.
  */
 function isShelvedForDisplay(pr, explicitlyShelved) {
-    return explicitlyShelved.has(pr.url) || (pr.stalenessTier === 'dormant' && pr.status !== 'needs_addressing');
+    if (CRITICAL_STATUSES.has(pr.status))
+        return false;
+    return explicitlyShelved.has(pr.url) || pr.stalenessTier === 'dormant';
 }
 /**
  * Re-derive `digest.shelvedPRs` and `summary.totalActivePRs` from the CURRENT
@@ -254,10 +261,12 @@ export async function fetchDashboardData(token) {
             const { monthlyCounts: monthlyClosedCounts, monthlyOpenedCounts: openedFromClosed } = closedResult;
             updateMonthlyAnalytics(prs, monthlyCounts, monthlyClosedCounts, openedFromMerged, openedFromClosed);
             const digest = prMonitor.generateDigest(prs, recentlyClosedPRs, recentlyMergedPRs);
-            // Apply shelve partitioning for display (auto-unshelve only runs in daily check)
-            // Dormant PRs are treated as shelved unless they need addressing
+            // Apply shelve partitioning for display (auto-unshelve only runs in daily check).
+            // Dormant PRs are treated as shelved unless they need addressing, and a
+            // critical PR is never display-shelved (#1352) — mirrors the daily
+            // check's CRITICAL_STATUSES auto-unshelve so headline counts agree.
             const shelvedUrls = new Set(stateManager.getState().config.shelvedPRUrls || []);
-            const freshShelved = prs.filter((pr) => shelvedUrls.has(pr.url) || (pr.stalenessTier === 'dormant' && pr.status !== 'needs_addressing'));
+            const freshShelved = prs.filter((pr) => !CRITICAL_STATUSES.has(pr.status) && (shelvedUrls.has(pr.url) || pr.stalenessTier === 'dormant'));
             digest.shelvedPRs = freshShelved.map(toShelvedPRRef);
             digest.autoUnshelvedPRs = [];
             digest.summary.totalActivePRs = prs.length - freshShelved.length;

package/dist/commands/dashboard-server.js

@@ -9,7 +9,7 @@ import * as http from 'node:http';
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 import * as crypto from 'node:crypto';
-import { getStateManager, getGitHubToken, getCLIVersion, applyStatusOverrides } from '../core/index.js';
+import { getStateManager, getGitHubToken, getCLIVersion, applyStatusOverrides, classifyAttentionBucket, } from '../core/index.js';
 import { errorMessage, ValidationError, ConcurrencyError, GistConcurrencyError } from '../core/errors.js';
 import { warn } from '../core/logger.js';
 import { validateUrl, validateGitHubUrl, PR_URL_PATTERN, ISSUE_URL_PATTERN } from './validation.js';
@@ -113,7 +113,12 @@ export function buildDashboardJson(digest, state, commentedIssues, allMergedPRs,
         monthlyMerged,
         monthlyOpened,
         monthlyClosed,
-        activePRs: applyStatusOverrides(digest.openPRs || [], state),
+        // #1352: stamp the unified attention bucket so the SPA renders the same
+        // taxonomy the CLI brief counts (single classifier, no second opinion).
+        activePRs: applyStatusOverrides(digest.openPRs || [], state).map((pr) => ({
+            ...pr,
+            attentionBucket: classifyAttentionBucket(pr),
+        })),
         // Source of truth is digest.shelvedPRs (union of explicitly-shelved URLs
         // and dormant-non-addressing PRs auto-shelved for display). Returning
         // only state.config.shelvedPRUrls would under-count and desync from

package/dist/commands/index.d.ts

@@ -29,6 +29,8 @@ export { runSearch, MAX_SEARCH_RESULTS } from './search.js';
 export { runFeatures, MAX_FEATURES_RESULTS } from './features.js';
 /** Vet a single GitHub issue for claimability (open, unassigned, no linked PRs, repo health). */
 export { runVet } from './vet.js';
+/** Deterministic availability check: state/stateReason + linked-PR classification (#1353, #1354). */
+export { runVerifyIssue, type VerifyIssueOptions } from './verify-issue.js';
 /** Re-vet all available issues in a curated issue list for freshness. */
 export { runVetList } from './vet-list.js';
 /** Fetch PR metadata from GitHub (informational; nothing is persisted). */

package/dist/commands/index.js

@@ -30,6 +30,8 @@ export { runSearch, MAX_SEARCH_RESULTS } from './search.js';
 export { runFeatures, MAX_FEATURES_RESULTS } from './features.js';
 /** Vet a single GitHub issue for claimability (open, unassigned, no linked PRs, repo health). */
 export { runVet } from './vet.js';
+/** Deterministic availability check: state/stateReason + linked-PR classification (#1353, #1354). */
+export { runVerifyIssue } from './verify-issue.js';
 /** Re-vet all available issues in a curated issue list for freshness. */
 export { runVetList } from './vet-list.js';
 // ── PR Management ───────────────────────────────────────────────────────────

package/dist/commands/list-move-tier.d.ts

@@ -6,7 +6,9 @@
  * issue-list markdown file. Replaces the model-driven prose rewrite that
  * lived in /oss-search with a deterministic file manipulation.
  *
- * Idempotent: re-running with the same target tier is a no-op.
+ * Idempotent: re-running with the same target tier is a no-op. A URL that is
+ * not in the list at all is an error (#1355) — the command does not create
+ * entries, and callers must add the entry before moving it.
  *
  * No GitHub calls — pure read/transform/write of a local file.
  */
@@ -17,7 +19,8 @@ export interface ListMoveTierOptions {
     listPath: string;
 }
 export interface ListMoveTierOutput {
-    /** Whether anything moved (false when the URL isn't in the list, or it was already in the target tier). */
+    /** Whether anything moved (false only when the entry was already in the
+     * target tier — a URL missing from the list entirely throws instead, #1355). */
     moved: boolean;
     /** Fully-resolved file path that was inspected. */
     filePath: string;
@@ -25,7 +28,8 @@ export interface ListMoveTierOutput {
     url: string;
     /** The target tier (always normalized to one of pursue/maybe/skip). */
     toTier: Tier;
-    /** The tier the issue was moved out of, if it had one. Absent when not found or already in target. */
+    /** The tier the issue was moved out of, if it had one. Also populated on the
+     * already-in-target no-op; absent when the source block sat under no tier header. */
     fromTier?: string;
     /** Number of matching entries moved. Should normally be 1; >1 means the list contained duplicate entries (all moved). */
     count: number;
@@ -36,11 +40,15 @@ export interface ListMoveTierOutput {
  * Pure transform — accepts the file content and returns the rewritten content
  * plus a summary of what changed. Exported for unit testing.
  */
+/** Discriminates the two `moved: false` outcomes of {@link moveIssueToTier}. */
+export type MoveNoOpReason = 'not-found' | 'already-in-target';
 export declare function moveIssueToTier(content: string, issueUrl: string, targetTier: Tier): {
     content: string;
     moved: boolean;
     fromTier?: string;
     count: number;
     reason?: string;
+    /** Set only when `moved` is false — why nothing changed. */
+    reasonCode?: MoveNoOpReason;
 };
 export declare function runListMoveTier(options: ListMoveTierOptions): Promise<ListMoveTierOutput>;

package/dist/commands/list-move-tier.js

@@ -6,13 +6,15 @@
  * issue-list markdown file. Replaces the model-driven prose rewrite that
  * lived in /oss-search with a deterministic file manipulation.
  *
- * Idempotent: re-running with the same target tier is a no-op.
+ * Idempotent: re-running with the same target tier is a no-op. A URL that is
+ * not in the list at all is an error (#1355) — the command does not create
+ * entries, and callers must add the entry before moving it.
  *
  * No GitHub calls — pure read/transform/write of a local file.
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import { errorMessage } from '../core/errors.js';
+import { errorMessage, ValidationError } from '../core/errors.js';
 const TIER_HEADERS = {
     pursue: '## Pursue',
     maybe: '## Maybe',
@@ -82,17 +84,19 @@ function findTierInsertionIndex(lines, headerIndex) {
     }
     return lines.length;
 }
-/**
- * Pure transform — accepts the file content and returns the rewritten content
- * plus a summary of what changed. Exported for unit testing.
- */
 export function moveIssueToTier(content, issueUrl, targetTier) {
     // Preserve the trailing newline if present so we don't accidentally strip it.
     const hadTrailingNewline = content.endsWith('\n');
     const lines = (hadTrailingNewline ? content.slice(0, -1) : content).split('\n');
     const blocks = findIssueBlocks(lines, issueUrl);
     if (blocks.length === 0) {
-        return { content, moved: false, count: 0, reason: 'issue URL not found in the list' };
+        return {
+            content,
+            moved: false,
+            count: 0,
+            reason: 'issue URL not found in the list',
+            reasonCode: 'not-found',
+        };
     }
     const targetHeader = TIER_HEADERS[targetTier];
     // If every match is already in the target tier, no-op (idempotent).
@@ -103,6 +107,7 @@ export function moveIssueToTier(content, issueUrl, targetTier) {
             fromTier: blocks[0].tier,
             count: blocks.length,
             reason: 'already in target tier',
+            reasonCode: 'already-in-target',
         };
     }
     // Extract the blocks (highest start index first so earlier indices stay
@@ -172,6 +177,12 @@ export async function runListMoveTier(options) {
         throw new Error(`Failed to read file: ${errorMessage(error)}`, { cause: error });
     }
     const result = moveIssueToTier(content, options.issueUrl, options.tier);
+    // #1355: a missing entry is a caller error, not a quiet success. Idempotent
+    // re-runs (already-in-target) still resolve normally.
+    if (result.reasonCode === 'not-found') {
+        throw new ValidationError(`Issue URL not found in the list: ${options.issueUrl} (${filePath}). ` +
+            'Add the entry to the list first, then re-run list-move-tier.');
+    }
     if (result.moved) {
         try {
             fs.writeFileSync(filePath, result.content, 'utf8');

package/dist/commands/search.js

@@ -2,8 +2,8 @@
  * Search command
  * Searches for new issues to work on via @oss-scout/core
  */
-import { buildCandidateLinkedPR, createAutopilotScout } from './scout-bridge.js';
-import { getStateManager } from '../core/index.js';
+import { adaptScoutLinkedPR, buildCandidateLinkedPR, createAutopilotScout } from './scout-bridge.js';
+import { classifyLinkedPR, getStateManager } from '../core/index.js';
 import { gradeFromCandidate } from '../core/issue-grading.js';
 import { computeStrategy } from '../core/strategy.js';
 import { debug, warn } from '../core/logger.js';
@@ -64,8 +64,21 @@ export async function runSearch(options) {
         preferLanguages,
         preferRepos,
     });
+    // #1354: never surface issues the user already has an open PR for. Uses
+    // scout's structured linked-PR metadata when present; candidates without it
+    // pass through (the issue-scout agent re-checks via verify-issue anyway).
+    // Empty login means "can't prove any PR is the user's own" — nothing hidden.
+    const userLogin = stateManager.getState().config?.githubUsername ?? '';
+    if (userLogin === '') {
+        warn(MODULE, 'githubUsername not configured — the own-PR filter (#1354) cannot run; hiddenOwnPRCount will be 0');
+    }
+    const visibleCandidates = result.candidates.filter((c) => classifyLinkedPR({ linkedPR: adaptScoutLinkedPR(c.vettingResult?.linkedPR), userLogin }) !== 'user_open');
+    const hiddenOwnPRCount = result.candidates.length - visibleCandidates.length;
+    if (hiddenOwnPRCount > 0) {
+        debug(MODULE, `Hid ${hiddenOwnPRCount} candidate(s) with the user's own open PR (#1354)`);
+    }
     const searchOutput = {
-        candidates: result.candidates.map((c) => {
+        candidates: visibleCandidates.map((c) => {
             const repoScoreRecord = stateManager.getRepoScore(c.issue.repo);
             // Scout's `search` does not emit per-candidate projectHealth (only
             // `vetIssue` does). Pass a sentinel `checkFailed: true` so the grader
@@ -119,6 +132,7 @@ export async function runSearch(options) {
         }),
         excludedRepos: result.excludedRepos,
         aiPolicyBlocklist: result.aiPolicyBlocklist,
+        hiddenOwnPRCount,
     };
     if (result.rateLimitWarning) {
         searchOutput.rateLimitWarning = result.rateLimitWarning;

package/dist/commands/verify-issue.d.ts

@@ -0,0 +1,20 @@
+/**
+ * verify-issue command (#1353, #1354).
+ *
+ * Deterministic availability check for one GitHub issue: state/stateReason,
+ * assignees, and linked PRs classified as `closing` vs `cross-referenced`,
+ * with the authenticated user's own PRs flagged. One GraphQL round-trip,
+ * no scoring, no scout heuristics — this is the ground truth the
+ * issue-scout agent consumes BEFORE any judgment-based vetting.
+ */
+import { type IssueVerification } from '../core/index.js';
+export interface VerifyIssueOptions {
+    issueUrl: string;
+}
+/**
+ * Verify a GitHub issue's real availability.
+ *
+ * @throws {ValidationError} If the URL is not a valid GitHub issue URL or
+ *   the issue does not exist.
+ */
+export declare function runVerifyIssue(options: VerifyIssueOptions): Promise<IssueVerification>;

package/dist/commands/verify-issue.js

@@ -0,0 +1,32 @@
+/**
+ * verify-issue command (#1353, #1354).
+ *
+ * Deterministic availability check for one GitHub issue: state/stateReason,
+ * assignees, and linked PRs classified as `closing` vs `cross-referenced`,
+ * with the authenticated user's own PRs flagged. One GraphQL round-trip,
+ * no scoring, no scout heuristics — this is the ground truth the
+ * issue-scout agent consumes BEFORE any judgment-based vetting.
+ */
+import { fetchIssueVerification, getOctokit, parseGitHubUrl, requireGitHubToken, } from '../core/index.js';
+import { ValidationError } from '../core/errors.js';
+import { ISSUE_URL_PATTERN, validateGitHubUrl, validateUrl } from './validation.js';
+/**
+ * Verify a GitHub issue's real availability.
+ *
+ * @throws {ValidationError} If the URL is not a valid GitHub issue URL or
+ *   the issue does not exist.
+ */
+export async function runVerifyIssue(options) {
+    validateUrl(options.issueUrl);
+    validateGitHubUrl(options.issueUrl, ISSUE_URL_PATTERN, 'issue');
+    const parsed = parseGitHubUrl(options.issueUrl);
+    if (!parsed || parsed.type !== 'issues') {
+        throw new ValidationError(`Not a parseable GitHub issue URL: ${options.issueUrl}`);
+    }
+    const octokit = getOctokit(requireGitHubToken());
+    return fetchIssueVerification(octokit, {
+        owner: parsed.owner,
+        repo: parsed.repo,
+        number: parsed.number,
+    });
+}

package/dist/core/daily-logic.js

@@ -248,62 +248,75 @@ export function collectActionableIssues(prs, lastDigestAt) {
         'merge_conflict',
         'incomplete_checklist',
     ];
-    for (const reason of reasonOrder) {
-        for (const pr of actionPRs) {
-            if (pr.actionReason !== reason)
-                continue;
-            let label;
-            let type;
-            switch (reason) {
-                case 'needs_response': {
-                    label = '[Needs Response]';
-                    type = 'needs_response';
-                    break;
-                }
-                case 'needs_changes': {
-                    label = '[Needs Changes]';
-                    type = 'needs_changes';
-                    break;
-                }
-                case 'failing_ci': {
-                    const checkInfo = pr.failingCheckNames.length > 0 ? ` (${pr.failingCheckNames.join(', ')})` : '';
-                    label = `[CI Failing${checkInfo}]`;
-                    type = 'ci_failing';
-                    break;
-                }
-                case 'merge_conflict': {
-                    label = '[Merge Conflict]';
-                    type = 'merge_conflict';
-                    break;
-                }
-                case 'incomplete_checklist': {
-                    const stats = pr.checklistStats ? ` (${pr.checklistStats.checked}/${pr.checklistStats.total})` : '';
-                    label = `[Incomplete Checklist${stats}]`;
-                    type = 'incomplete_checklist';
-                    break;
-                }
-                default: {
-                    // Defensive fallback for ActionReason values not explicitly handled
-                    // above (e.g. ci_not_running, needs_rebase, missing_required_files).
-                    // These aren't in reasonOrder today but this guards future additions.
-                    warn('daily-logic', `Unhandled ActionReason "${reason}" for PR ${pr.url} — falling back to needs_response`);
-                    label = `[${reason}]`;
-                    type = 'needs_response';
-                }
+    // #1352: every needs_addressing PR produces exactly one entry, including
+    // PRs whose actionReason is missing or outside reasonOrder (the defensive
+    // default below). This keeps the CLI brief's count equal to the dashboard's
+    // needs_attention bucket by construction — previously an unmapped reason
+    // silently dropped the PR from the brief while the dashboard still counted
+    // it. Unmapped reasons sort last.
+    const sortedPRs = [...actionPRs].sort((a, b) => {
+        const rank = (pr) => {
+            const i = reasonOrder.indexOf(pr.actionReason);
+            return i === -1 ? reasonOrder.length : i;
+        };
+        return rank(a) - rank(b);
+    });
+    for (const pr of sortedPRs) {
+        if (pr.actionReason === undefined) {
+            warn('daily-logic', `needs_addressing PR ${pr.url} has no actionReason — defaulting to needs_response`);
+        }
+        const reason = pr.actionReason ?? 'needs_response';
+        let label;
+        let type;
+        switch (reason) {
+            case 'needs_response': {
+                label = '[Needs Response]';
+                type = 'needs_response';
+                break;
+            }
+            case 'needs_changes': {
+                label = '[Needs Changes]';
+                type = 'needs_changes';
+                break;
+            }
+            case 'failing_ci': {
+                const checkInfo = pr.failingCheckNames.length > 0 ? ` (${pr.failingCheckNames.join(', ')})` : '';
+                label = `[CI Failing${checkInfo}]`;
+                type = 'ci_failing';
+                break;
+            }
+            case 'merge_conflict': {
+                label = '[Merge Conflict]';
+                type = 'merge_conflict';
+                break;
             }
-            // A PR is "new" if it was created after the last daily digest (first time seen).
-            // If there's no previous digest (first run) or createdAt is invalid, assume new.
-            const createdTime = new Date(pr.createdAt).getTime();
-            let isNewContribution;
-            if (isNaN(createdTime)) {
-                warn('daily-logic', `Invalid createdAt "${pr.createdAt}" for PR ${pr.url}, assuming new contribution`);
-                isNewContribution = true;
+            case 'incomplete_checklist': {
+                const stats = pr.checklistStats ? ` (${pr.checklistStats.checked}/${pr.checklistStats.total})` : '';
+                label = `[Incomplete Checklist${stats}]`;
+                type = 'incomplete_checklist';
+                break;
             }
-            else {
-                isNewContribution = isNaN(lastDigestTime) || createdTime > lastDigestTime;
+            default: {
+                // Defensive fallback for ActionReason values not explicitly handled
+                // above (e.g. ci_not_running, needs_rebase, missing_required_files).
+                // These aren't in reasonOrder today but this guards future additions.
+                warn('daily-logic', `Unhandled ActionReason "${reason}" for PR ${pr.url} — falling back to needs_response`);
+                label = `[${reason}]`;
+                type = 'needs_response';
             }
-            issues.push({ type, pr, label, isNewContribution });
         }
+        // A PR is "new" if it was created after the last daily digest (first time seen).
+        // If there's no previous digest (first run) or createdAt is invalid, assume new.
+        const createdTime = new Date(pr.createdAt).getTime();
+        let isNewContribution;
+        if (isNaN(createdTime)) {
+            warn('daily-logic', `Invalid createdAt "${pr.createdAt}" for PR ${pr.url}, assuming new contribution`);
+            isNewContribution = true;
+        }
+        else {
+            isNewContribution = isNaN(lastDigestTime) || createdTime > lastDigestTime;
+        }
+        issues.push({ type, pr, label, isNewContribution });
     }
     return issues;
 }

package/dist/core/index.d.ts

@@ -22,6 +22,8 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats, type ContributionStats, type ComputeStatsInput } from './stats.js';
 export { fetchPRTemplate, type PRTemplateResult } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, type LinkedPR, type LinkedPRClassification, type LinkedPRState, } from './linked-pr-classification.js';
+export { classifyIssueAvailability, fetchIssueVerification, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
+export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, type AttentionBucket, type AttentionInput, type AttentionSummary, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, type AntiLLMCategory, type AntiLLMMatch, type AntiLLMScanResult, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, type DetectedFormatter, type FormatterDetectionResult, type CIFormatterDiagnosis, type FormatterName, } from './formatter-detection.js';
 export { CONFIG_KEY_REGISTRY, type ConfigKeyDef, type SettableVia, isKnownKey, getKeyDef, getSetupKeys, getConfigKeys, suggestKey, formatUnknownKeyError, } from './config-registry.js';

package/dist/core/index.js

@@ -23,6 +23,8 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats } from './stats.js';
 export { fetchPRTemplate } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, } from './linked-pr-classification.js';
+export { classifyIssueAvailability, fetchIssueVerification, } from './issue-verification.js';
+export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, } from './formatter-detection.js';
 export { CONFIG_KEY_REGISTRY, isKnownKey, getKeyDef, getSetupKeys, getConfigKeys, suggestKey, formatUnknownKeyError, } from './config-registry.js';

package/dist/core/issue-verification.d.ts

@@ -0,0 +1,91 @@
+/**
+ * Deterministic issue verification (#1353, #1354).
+ *
+ * One GraphQL round-trip answers the two questions the issue-scout agent
+ * historically hallucinated: "is this issue actually open?" and "is it
+ * actually taken?". The query fetches the issue's `state`/`stateReason`,
+ * its assignees, every cross-referenced PR with `closingIssuesReferences`,
+ * and `viewer.login` — so "is this my PR?" is derived from the same token
+ * that fetched the data instead of a cached username.
+ *
+ * Classification is a pure function (`classifyIssueAvailability`) so the
+ * verdict rules are unit-testable without network access. The distinction
+ * that matters (#1353): a PR whose `closingIssuesReferences` includes this
+ * issue is a real claim (`closing`); a PR that merely mentions the issue in
+ * its timeline is just a mention (`cross-referenced`) and must not drive a
+ * "Taken" verdict.
+ */
+import type { Octokit } from '@octokit/rest';
+/** How a PR found in the issue's timeline relates to the issue. */
+export type LinkedPRLinkType = 'closing' | 'cross-referenced';
+export interface VerifiedLinkedPR {
+    number: number;
+    url: string;
+    title: string;
+    /** Lowercase normalization of GraphQL's OPEN/CLOSED/MERGED union. */
+    state: 'open' | 'closed' | 'merged';
+    isDraft: boolean;
+    /** PR author login; null for ghost (deleted) accounts. */
+    author: string | null;
+    /** True when the PR author is the authenticated user (case-insensitive). */
+    isOwn: boolean;
+    /** `closing` = the PR's closingIssuesReferences names this issue (a real
+     * claim). `cross-referenced` = timeline mention only (NOT a claim). */
+    linkType: LinkedPRLinkType;
+    updatedAt: string | null;
+}
+/**
+ * The short-circuit signal consumers route on:
+ * - `closed` — issue is not open; stop all further analysis (#1353).
+ * - `own-open-pr` — the authenticated user already has an open closing PR;
+ *   not a new opportunity (#1354).
+ * - `taken` — someone else has an open closing PR, or the issue is assigned
+ *   to someone else.
+ * - `at-risk` — no hard claim, but signals competition or imminent closure
+ *   (open cross-referencing PRs, or a merged closing PR awaiting issue close).
+ * - `available` — open, unassigned, no claiming PRs.
+ */
+export type IssueAvailabilityVerdict = 'closed' | 'own-open-pr' | 'taken' | 'at-risk' | 'available';
+export interface IssueVerification {
+    url: string;
+    owner: string;
+    repo: string;
+    number: number;
+    title: string;
+    /** Lowercase normalization of GraphQL's OPEN/CLOSED union. */
+    state: 'open' | 'closed';
+    /** Lowercase GraphQL IssueStateReason. `completed` = fixed upstream (mark
+     * Done); `not_planned` = wontfix (drop permanently). Note: an OPEN issue
+     * can carry `reopened` — never infer closed-ness from a non-null reason;
+     * branch on `state` only. */
+    stateReason: 'completed' | 'not_planned' | 'reopened' | 'duplicate' | null;
+    closedAt: string | null;
+    assignees: string[];
+    linkedPRs: VerifiedLinkedPR[];
+    verdict: IssueAvailabilityVerdict;
+    verdictReason: string;
+    /** Login of the authenticated user the verdict was computed for. */
+    userLogin: string;
+}
+/** Inputs for the pure verdict classifier — the fetched facts, no I/O. */
+export interface ClassifyIssueAvailabilityInput {
+    state: 'open' | 'closed';
+    stateReason: IssueVerification['stateReason'];
+    assignees: string[];
+    linkedPRs: VerifiedLinkedPR[];
+    userLogin: string;
+}
+/**
+ * Compute the availability verdict from fetched facts. Rules in priority
+ * order; the first match wins.
+ */
+export declare function classifyIssueAvailability(input: ClassifyIssueAvailabilityInput): {
+    verdict: IssueAvailabilityVerdict;
+    verdictReason: string;
+};
+export interface VerifyIssueParams {
+    owner: string;
+    repo: string;
+    number: number;
+}
+export declare function fetchIssueVerification(octokit: Octokit, params: VerifyIssueParams): Promise<IssueVerification>;