@oss-autopilot/core 3.13.4 → 3.14.1

package/dist/core/gist-state-store.js

@@ -522,7 +522,9 @@ export class GistStateStore {
     }
     /**
      * Re-fetch the Gist and update the in-memory cache.
-     * Throttled to at most once per 30 seconds.
+     * Throttled to at most once per 30 seconds — ATTEMPTS, not just successes:
+     * a failed fetch stamps the throttle too (#1443), so an outage does not
+     * turn every SPA poll into an immediate full re-fetch.
      *
      * Returns a discriminated union so callers can tell apart the four
      * outcomes that previously collapsed into a single boolean (#1209 L9):
@@ -541,9 +543,12 @@ export class GistStateStore {
         if (sinceLastMs < GistStateStore.REFRESH_THROTTLE_MS) {
             return { status: 'throttled', sinceLastMs };
         }
+        // Stamp the ATTEMPT, success or failure (#1443): the success-only stamp
+        // let failed refreshes bypass the throttle entirely, contradicting the
+        // doc comment and hammering the API during an outage.
+        this.lastRefreshAt = now;
         try {
             await this.fetchAndCache(this.gistId);
-            this.lastRefreshAt = now;
             this.lastRefreshError = null;
             return { status: 'refreshed' };
         }

package/dist/core/github-stats.d.ts

@@ -45,7 +45,7 @@ export declare function fetchRecentlyMergedPRs(octokit: Octokit, config: {
 /**
  * Fetch merged PRs since a watermark date for incremental storage.
  * If no watermark is provided (first-ever fetch), fetches all merged PRs (up to pagination cap).
- * Returns StoredMergedPR[] (minimal: url, title, mergedAt) for state persistence.
+ * Returns StoredMergedPR[] (url, title, mergedAt, openedAt) for state persistence.
  */
 export declare function fetchMergedPRsSince(octokit: Octokit, config: {
     githubUsername: string;
@@ -53,7 +53,7 @@ export declare function fetchMergedPRsSince(octokit: Octokit, config: {
 /**
  * Fetch closed-without-merge PRs since a watermark date for incremental storage.
  * If no watermark is provided (first-ever fetch), fetches all closed PRs (up to pagination cap).
- * Returns StoredClosedPR[] (minimal: url, title, closedAt) for state persistence.
+ * Returns StoredClosedPR[] (url, title, closedAt, openedAt) for state persistence.
  * Uses `is:unmerged` to exclude merged PRs (which are also "closed" in GitHub's model).
  */
 export declare function fetchClosedPRsSince(octokit: Octokit, config: {

package/dist/core/github-stats.js

@@ -214,6 +214,8 @@ export async function fetchRecentlyClosedPRs(octokit, config, days = 7) {
         number,
         title: item.title,
         closedAt: item.closed_at || '',
+        // Free on the search result — feeds the outcome ledger (#1461).
+        openedAt: item.created_at || undefined,
     }));
 }
 /**
@@ -232,6 +234,8 @@ export async function fetchRecentlyMergedPRs(octokit, config, days = 7) {
             number,
             title: item.title,
             mergedAt: mergedAt || item.closed_at || '',
+            // Free on the search result — feeds the outcome ledger (#1461).
+            openedAt: item.created_at || undefined,
         };
     });
 }
@@ -286,7 +290,7 @@ async function fetchPRsSince(octokit, config, adapter, since) {
 /**
  * Fetch merged PRs since a watermark date for incremental storage.
  * If no watermark is provided (first-ever fetch), fetches all merged PRs (up to pagination cap).
- * Returns StoredMergedPR[] (minimal: url, title, mergedAt) for state persistence.
+ * Returns StoredMergedPR[] (url, title, mergedAt, openedAt) for state persistence.
  */
 export async function fetchMergedPRsSince(octokit, config, since) {
     return fetchPRsSince(octokit, config, {
@@ -294,13 +298,19 @@ export async function fetchMergedPRsSince(octokit, config, since) {
         dateNoun: 'merge',
         buildQuery: (u, s) => `is:pr is:merged author:${u} -user:${u}${s ? ` merged:>${s}` : ''}`,
         extractDate: (item) => item.pull_request?.merged_at || item.closed_at || '',
-        buildRecord: (item, date) => ({ url: item.html_url, title: item.title, mergedAt: date }),
+        buildRecord: (item, date) => ({
+            url: item.html_url,
+            title: item.title,
+            mergedAt: date,
+            // Free on the search result — feeds the outcome ledger (#1461).
+            openedAt: item.created_at || undefined,
+        }),
     }, since);
 }
 /**
  * Fetch closed-without-merge PRs since a watermark date for incremental storage.
  * If no watermark is provided (first-ever fetch), fetches all closed PRs (up to pagination cap).
- * Returns StoredClosedPR[] (minimal: url, title, closedAt) for state persistence.
+ * Returns StoredClosedPR[] (url, title, closedAt, openedAt) for state persistence.
  * Uses `is:unmerged` to exclude merged PRs (which are also "closed" in GitHub's model).
  */
 export async function fetchClosedPRsSince(octokit, config, since) {
@@ -309,6 +319,12 @@ export async function fetchClosedPRsSince(octokit, config, since) {
         dateNoun: 'close',
         buildQuery: (u, s) => `is:pr is:closed is:unmerged author:${u} -user:${u}${s ? ` closed:>${s}` : ''}`,
         extractDate: (item) => item.closed_at || '',
-        buildRecord: (item, date) => ({ url: item.html_url, title: item.title, closedAt: date }),
+        buildRecord: (item, date) => ({
+            url: item.html_url,
+            title: item.title,
+            closedAt: date,
+            // Free on the search result — feeds the outcome ledger (#1461).
+            openedAt: item.created_at || undefined,
+        }),
     }, since);
 }

package/dist/core/index.d.ts

@@ -3,26 +3,27 @@
  * Re-exports all core functionality for convenient imports
  */
 export { StateManager, getStateManager, getStateManagerAsync, ensureGistPersistence, bootstrapGistBestEffort, type GistPersistenceStatus, maybeCheckpoint, resetStateManager, type Stats, } from './state.js';
+export { renderGistWarning, type GistHealth, type GistHealthDegradedCause, type GistWarningCause, } from './gist-health.js';
 export { GistStateStore } from './gist-state-store.js';
 export { guidelinesFilename, repoFromGuidelinesFilename, GUIDELINES_FILE_PREFIX, GUIDELINES_MAX_BYTES, GuidelinesNotAvailableError, GuidelinesTooLargeError, } from './guidelines-store.js';
 export { PRMonitor, type PRCheckFailure, type FetchPRsResult, computeDisplayLabel, classifyCICheck, classifyFailingChecks, } from './pr-monitor.js';
 export { IssueConversationMonitor } from './issue-conversation.js';
 export { isBotAuthor, isAcknowledgmentComment } from './comment-utils.js';
-export { wrapUntrustedContent, fenceFetchedPR, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, type UntrustedContentMeta, } from './untrusted-content.js';
+export { wrapUntrustedContent, fenceFetchedPR, fenceFetchedPRTitles, labelGuidelinesContent, GUIDELINES_PROVENANCE_NOTE, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, type UntrustedContentMeta, } from './untrusted-content.js';
 export { getOctokit, checkRateLimit, type RateLimitInfo } from './github.js';
 export { parseGitHubUrl, splitRepo, isOwnRepo } from './urls.js';
 export { daysBetween, formatRelativeTime, byDateDescending } from './dates.js';
 export { getCLIVersion, getDataDir, getStatePath, getBackupDir, getCacheDir, stateFileExists } from './paths.js';
 export { getGitHubToken, getGitHubTokenAsync, requireGitHubToken, resetGitHubTokenCache, detectGitHubUsername, } from './auth.js';
 export { DEFAULT_CONCURRENCY } from './concurrency.js';
-export { OssAutopilotError, ConfigurationError, ValidationError, GistPermissionError, errorMessage, getHttpStatusCode, isRateLimitError, isRateLimitOrAuthError, nonFatalCatch, resolveErrorCode, } from './errors.js';
+export { OssAutopilotError, ConfigurationError, ValidationError, GistPermissionError, ConcurrencyError, GistConcurrencyError, errorMessage, getHttpStatusCode, isRateLimitError, isRateLimitOrAuthError, nonFatalCatch, resolveErrorCode, } from './errors.js';
 export { enableDebug, isDebugEnabled, debug, info, warn, timed } from './logger.js';
 export { HttpCache, getHttpCache, cachedRequest, type CacheEntry } from './http-cache.js';
-export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, buildStarFilter, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
+export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, buildStarFilter, firstMaintainerResponseFromDigest, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
 export { computeContributionStats, type ContributionStats, type ComputeStatsInput } from './stats.js';
 export { fetchPRTemplate, type PRTemplateResult } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, type LinkedPR, type LinkedPRClassification, type LinkedPRState, } from './linked-pr-classification.js';
-export { classifyIssueAvailability, fetchIssueVerification, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
+export { classifyIssueAvailability, fetchIssueVerification, verifyIssuesBatch, MAX_VERIFY_CONCURRENCY, type BatchVerificationResult, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
 export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, type AttentionBucket, type AttentionInput, type AttentionSummary, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, type AntiLLMCategory, type AntiLLMMatch, type AntiLLMScanResult, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, type DetectedFormatter, type FormatterDetectionResult, type CIFormatterDiagnosis, type FormatterName, } from './formatter-detection.js';

package/dist/core/index.js

@@ -3,27 +3,28 @@
  * Re-exports all core functionality for convenient imports
  */
 export { StateManager, getStateManager, getStateManagerAsync, ensureGistPersistence, bootstrapGistBestEffort, maybeCheckpoint, resetStateManager, } from './state.js';
+export { renderGistWarning, } from './gist-health.js';
 export { GistStateStore } from './gist-state-store.js';
 export { guidelinesFilename, repoFromGuidelinesFilename, GUIDELINES_FILE_PREFIX, GUIDELINES_MAX_BYTES, GuidelinesNotAvailableError, GuidelinesTooLargeError, } from './guidelines-store.js';
 export { PRMonitor, computeDisplayLabel, classifyCICheck, classifyFailingChecks, } from './pr-monitor.js';
 // Search/vetting now delegated to @oss-scout/core via commands/scout-bridge.ts
 export { IssueConversationMonitor } from './issue-conversation.js';
 export { isBotAuthor, isAcknowledgmentComment } from './comment-utils.js';
-export { wrapUntrustedContent, fenceFetchedPR, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, } from './untrusted-content.js';
+export { wrapUntrustedContent, fenceFetchedPR, fenceFetchedPRTitles, labelGuidelinesContent, GUIDELINES_PROVENANCE_NOTE, extractFromFence, safeExtractFromFence, UNTRUSTED_OPEN_TAG_NAME, UNTRUSTED_CLOSE_TAG, } from './untrusted-content.js';
 export { getOctokit, checkRateLimit } from './github.js';
 export { parseGitHubUrl, splitRepo, isOwnRepo } from './urls.js';
 export { daysBetween, formatRelativeTime, byDateDescending } from './dates.js';
 export { getCLIVersion, getDataDir, getStatePath, getBackupDir, getCacheDir, stateFileExists } from './paths.js';
 export { getGitHubToken, getGitHubTokenAsync, requireGitHubToken, resetGitHubTokenCache, detectGitHubUsername, } from './auth.js';
 export { DEFAULT_CONCURRENCY } from './concurrency.js';
-export { OssAutopilotError, ConfigurationError, ValidationError, GistPermissionError, errorMessage, getHttpStatusCode, isRateLimitError, isRateLimitOrAuthError, nonFatalCatch, resolveErrorCode, } from './errors.js';
+export { OssAutopilotError, ConfigurationError, ValidationError, GistPermissionError, ConcurrencyError, GistConcurrencyError, errorMessage, getHttpStatusCode, isRateLimitError, isRateLimitOrAuthError, nonFatalCatch, resolveErrorCode, } from './errors.js';
 export { enableDebug, isDebugEnabled, debug, info, warn, timed } from './logger.js';
 export { HttpCache, getHttpCache, cachedRequest } from './http-cache.js';
-export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, buildStarFilter, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
+export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsByRepo, assessCapacity, collectActionableIssues, computeActionMenu, toShelvedPRRef, buildStarFilter, firstMaintainerResponseFromDigest, formatActionHint, formatBriefSummary, formatSummary, printDigest, } from './daily-logic.js';
 export { computeContributionStats } from './stats.js';
 export { fetchPRTemplate } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, } from './linked-pr-classification.js';
-export { classifyIssueAvailability, fetchIssueVerification, } from './issue-verification.js';
+export { classifyIssueAvailability, fetchIssueVerification, verifyIssuesBatch, MAX_VERIFY_CONCURRENCY, } from './issue-verification.js';
 export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, } from './formatter-detection.js';

package/dist/core/issue-conversation.js

@@ -7,7 +7,7 @@
  */
 import { getOctokit } from './github.js';
 import { isBotAuthor, isAcknowledgmentComment } from './comment-utils.js';
-import { paginateAll } from './pagination.js';
+import { paginateAllDetailed } from './pagination.js';
 import { getStateManager } from './state.js';
 import { daysBetween } from './dates.js';
 import { splitRepo, extractOwnerRepo, isOwnRepo } from './urls.js';
@@ -142,13 +142,19 @@ export class IssueConversationMonitor {
      */
     async analyzeIssueConversation(item, repoFullName, username) {
         const { owner, repo } = splitRepo(repoFullName);
-        const allComments = await paginateAll((page) => this.octokit.issues.listComments({
+        const { items: allComments, truncated } = await paginateAllDetailed((page) => this.octokit.issues.listComments({
             owner,
             repo,
             issue_number: item.number,
             per_page: 100,
             page,
         }));
+        if (truncated) {
+            // Comments arrive oldest-first, so hitting the pagination cap drops
+            // the NEWEST responses — conversation status for this issue may be
+            // stale (#1456). Same log-only channel as the search truncation above.
+            warn(MODULE, `Comment pagination cap reached for ${repoFullName}#${item.number}; the newest comments were not fetched and conversation status may be stale.`);
+        }
         const timeline = [];
         for (const comment of allComments) {
             if (!comment.user?.login)

package/dist/core/issue-grading.d.ts

@@ -59,6 +59,15 @@ export declare function deriveGradeSignals(params: {
  * End-to-end helper for vet callers: reads the repo score, derives
  * signals from a scout candidate, and returns the grade. Callers pass
  * the `projectHealth` straight through from `scout.vetIssue()`.
+ *
+ * Which "repo score" this grades from (#1465): the `getRepoScore` input is
+ * the cached HISTORY record (the user's own merge outcomes, see
+ * docs/repo-scores.md §History score) — NOT `repo-vet`'s fresh health
+ * rubric. The fresh side only enters through `projectHealth`, and only when
+ * scout actually fetched it: the `search` surface passes a `checkFailed`
+ * sentinel (health not fetched per candidate), so search grades purely from
+ * history-side signals, while `vet` re-grades with fresh health. Same letter
+ * scale, different inputs — the two surfaces can legitimately disagree.
  */
 export declare function gradeFromCandidate(params: {
     repo: string;

package/dist/core/issue-grading.js

@@ -100,6 +100,15 @@ export function deriveGradeSignals(params) {
  * End-to-end helper for vet callers: reads the repo score, derives
  * signals from a scout candidate, and returns the grade. Callers pass
  * the `projectHealth` straight through from `scout.vetIssue()`.
+ *
+ * Which "repo score" this grades from (#1465): the `getRepoScore` input is
+ * the cached HISTORY record (the user's own merge outcomes, see
+ * docs/repo-scores.md §History score) — NOT `repo-vet`'s fresh health
+ * rubric. The fresh side only enters through `projectHealth`, and only when
+ * scout actually fetched it: the `search` surface passes a `checkFailed`
+ * sentinel (health not fetched per candidate), so search grades purely from
+ * history-side signals, while `vet` re-grades with fresh health. Same letter
+ * scale, different inputs — the two surfaces can legitimately disagree.
  */
 export function gradeFromCandidate(params) {
     const repoScore = params.getRepoScore(params.repo);

package/dist/core/issue-verification.d.ts

@@ -89,3 +89,42 @@ export interface VerifyIssueParams {
     number: number;
 }
 export declare function fetchIssueVerification(octokit: Octokit, params: VerifyIssueParams): Promise<IssueVerification>;
+/**
+ * Hard ceiling on concurrent in-flight verifications. Each issue runs its own
+ * GraphQL round-trip (point-heavy, with timeline pagination), so we never run
+ * more than this many at once regardless of what the caller requests. The
+ * single-issue path already leans on ThrottledOctokit's secondary-rate-limit
+ * backoff — this cap keeps us from spraying enough parallel queries to trip it.
+ */
+export declare const MAX_VERIFY_CONCURRENCY = 5;
+/**
+ * Per-item outcome of a batched verification run. Aligned by index with the
+ * input `items`. Error isolation: one item's failure lands as `{ error }` and
+ * never aborts the batch, so a single NOT_FOUND (or transient network error)
+ * does not poison every other entry — unlike an aliased mega-query would.
+ */
+export interface BatchVerificationResult {
+    params: VerifyIssueParams;
+    /** Present when verification succeeded for this item. */
+    verification?: IssueVerification;
+    /** Present when `fetchIssueVerification` threw for this item. */
+    error?: unknown;
+}
+/**
+ * Verify many issues with bounded concurrent fan-out of the single-issue
+ * {@link fetchIssueVerification}.
+ *
+ * This is a deliberately thin worker pool, NOT one aliased GraphQL query:
+ * per-issue timeline cursors make aliasing unmanageable, and all-or-nothing
+ * failure (one bad issue poisoning the batch) is exactly what we want to
+ * avoid. No retry layer is added here — `octokit` is expected to be a
+ * ThrottledOctokit whose backoff already covers secondary rate limits.
+ *
+ * @param octokit - Throttled Octokit instance (see `getOctokit`).
+ * @param items - Issues to verify; results align with this order.
+ * @param options.concurrency - Desired parallelism; capped at
+ *   {@link MAX_VERIFY_CONCURRENCY} and floored at 1.
+ */
+export declare function verifyIssuesBatch(octokit: Octokit, items: readonly VerifyIssueParams[], options?: {
+    concurrency?: number;
+}): Promise<BatchVerificationResult[]>;

package/dist/core/issue-verification.js

@@ -268,3 +268,51 @@ export async function fetchIssueVerification(octokit, params) {
         userLogin,
     };
 }
+// ── Batched verification ───────────────────────────────────────────────
+/**
+ * Hard ceiling on concurrent in-flight verifications. Each issue runs its own
+ * GraphQL round-trip (point-heavy, with timeline pagination), so we never run
+ * more than this many at once regardless of what the caller requests. The
+ * single-issue path already leans on ThrottledOctokit's secondary-rate-limit
+ * backoff — this cap keeps us from spraying enough parallel queries to trip it.
+ */
+export const MAX_VERIFY_CONCURRENCY = 5;
+/**
+ * Verify many issues with bounded concurrent fan-out of the single-issue
+ * {@link fetchIssueVerification}.
+ *
+ * This is a deliberately thin worker pool, NOT one aliased GraphQL query:
+ * per-issue timeline cursors make aliasing unmanageable, and all-or-nothing
+ * failure (one bad issue poisoning the batch) is exactly what we want to
+ * avoid. No retry layer is added here — `octokit` is expected to be a
+ * ThrottledOctokit whose backoff already covers secondary rate limits.
+ *
+ * @param octokit - Throttled Octokit instance (see `getOctokit`).
+ * @param items - Issues to verify; results align with this order.
+ * @param options.concurrency - Desired parallelism; capped at
+ *   {@link MAX_VERIFY_CONCURRENCY} and floored at 1.
+ */
+export async function verifyIssuesBatch(octokit, items, options = {}) {
+    const results = new Array(items.length);
+    if (items.length === 0)
+        return results;
+    const requested = options.concurrency ?? MAX_VERIFY_CONCURRENCY;
+    // Floor at 1 so a 0/negative/NaN request can never produce zero workers
+    // (which would leave the results array full of holes).
+    const concurrency = Math.max(1, Math.min(Number.isFinite(requested) ? requested : MAX_VERIFY_CONCURRENCY, MAX_VERIFY_CONCURRENCY, items.length));
+    let index = 0;
+    async function worker() {
+        while (index < items.length) {
+            const i = index++;
+            const params = items[i];
+            try {
+                results[i] = { params, verification: await fetchIssueVerification(octokit, params) };
+            }
+            catch (error) {
+                results[i] = { params, error };
+            }
+        }
+    }
+    await Promise.all(Array.from({ length: concurrency }, () => worker()));
+    return results;
+}

package/dist/core/pagination.d.ts

@@ -1,7 +1,34 @@
+/** Result of {@link paginateAllDetailed}: the items plus a truncation signal. */
+export interface PaginateAllResult<T> {
+    items: T[];
+    /**
+     * True when the page cap was reached with a full final page — more data
+     * may exist on the server beyond what was fetched. GitHub list endpoints
+     * return oldest-first, so on truncation it is the NEWEST entries that are
+     * missing. Callers should surface this through their warning channel
+     * rather than silently presenting a partial view (#1456).
+     */
+    truncated: boolean;
+}
+/**
+ * Auto-paginate an Octokit list endpoint, reporting whether the page cap
+ * truncated the results. Fetches additional pages when the result count
+ * equals per_page (indicating more data may exist).
+ *
+ * @param fetchPage Function that fetches a single page given a page number
+ * @param perPage Items per page (default 100)
+ * @param maxPages Maximum pages to fetch (default 10 = 1000 items)
+ */
+export declare function paginateAllDetailed<T>(fetchPage: (page: number) => Promise<{
+    data: T[];
+}>, perPage?: number, maxPages?: number): Promise<PaginateAllResult<T>>;
 /**
  * Auto-paginate an Octokit list endpoint. Fetches additional pages when
  * the result count equals per_page (indicating more data may exist).
  *
+ * Silently drops anything past `maxPages` — use {@link paginateAllDetailed}
+ * when the caller needs to know the results were truncated.
+ *
  * @param fetchPage Function that fetches a single page given a page number
  * @param perPage Items per page (default 100)
  * @param maxPages Maximum pages to fetch (default 10 = 1000 items)

package/dist/core/pagination.js

@@ -1,20 +1,38 @@
 /** Maximum pages to fetch to prevent runaway pagination */
 const MAX_PAGES = 10;
 /**
- * Auto-paginate an Octokit list endpoint. Fetches additional pages when
- * the result count equals per_page (indicating more data may exist).
+ * Auto-paginate an Octokit list endpoint, reporting whether the page cap
+ * truncated the results. Fetches additional pages when the result count
+ * equals per_page (indicating more data may exist).
  *
  * @param fetchPage Function that fetches a single page given a page number
  * @param perPage Items per page (default 100)
  * @param maxPages Maximum pages to fetch (default 10 = 1000 items)
  */
-export async function paginateAll(fetchPage, perPage = 100, maxPages = MAX_PAGES) {
+export async function paginateAllDetailed(fetchPage, perPage = 100, maxPages = MAX_PAGES) {
     const allItems = [];
     for (let page = 1; page <= maxPages; page++) {
         const { data } = await fetchPage(page);
         allItems.push(...data);
         if (data.length < perPage)
-            break; // No more pages
+            return { items: allItems, truncated: false }; // No more pages
     }
-    return allItems;
+    // Every fetched page (including the last allowed one) was full — more
+    // data may exist beyond the cap.
+    return { items: allItems, truncated: true };
+}
+/**
+ * Auto-paginate an Octokit list endpoint. Fetches additional pages when
+ * the result count equals per_page (indicating more data may exist).
+ *
+ * Silently drops anything past `maxPages` — use {@link paginateAllDetailed}
+ * when the caller needs to know the results were truncated.
+ *
+ * @param fetchPage Function that fetches a single page given a page number
+ * @param perPage Items per page (default 100)
+ * @param maxPages Maximum pages to fetch (default 10 = 1000 items)
+ */
+export async function paginateAll(fetchPage, perPage = 100, maxPages = MAX_PAGES) {
+    const { items } = await paginateAllDetailed(fetchPage, perPage, maxPages);
+    return items;
 }

package/dist/core/pr-comments-fetcher.d.ts

@@ -52,6 +52,13 @@ export interface PRCommentBundle {
     reviews: PRReviewEntry[];
     reviewComments: PRReviewCommentEntry[];
     issueComments: PRIssueCommentEntry[];
+    /**
+     * Set to true when any of the three comment streams hit the pagination
+     * cap (#1456). These endpoints return oldest-first, so a truncated bundle
+     * is missing the NEWEST reviewer voices — corpus consumers should treat
+     * the bundle as partial. Omitted when every stream fetched completely.
+     */
+    truncated?: boolean;
 }
 /**
  * Fetch a single PR's comment bundle. Filters out the authenticated user's

package/dist/core/pr-comments-fetcher.js

@@ -1,4 +1,4 @@
-import { paginateAll } from './pagination.js';
+import { paginateAllDetailed } from './pagination.js';
 import { wrapUntrustedContent } from './untrusted-content.js';
 import { isBotAuthor } from './comment-utils.js';
 import { parseGitHubUrl } from './urls.js';
@@ -18,26 +18,29 @@ export async function fetchPRCommentBundle(octokit, prUrl, githubUsername) {
     }
     const { owner, repo, number: pull_number } = parsed;
     const repoFull = `${owner}/${repo}`;
-    // Fetch the PR + all three comment streams in parallel. We always fetch
-    // every page — corpus quality depends on having every reviewer voice, not
-    // just the first 100 comments.
-    const [{ data: pr }, reviews, reviewComments, issueComments] = await Promise.all([
+    // Fetch the PR + all three comment streams in parallel. We fetch every
+    // page up to the pagination cap — corpus quality depends on having every
+    // reviewer voice, not just the first 100 comments. When a stream still
+    // truncates (1000+ entries), the bundle is flagged `truncated` so callers
+    // can surface the partial-corpus signal instead of silently dropping the
+    // newest comments (#1456).
+    const [{ data: pr }, reviewsResult, reviewCommentsResult, issueCommentsResult] = await Promise.all([
         octokit.pulls.get({ owner, repo, pull_number }),
-        paginateAll((page) => octokit.pulls.listReviews({
+        paginateAllDetailed((page) => octokit.pulls.listReviews({
             owner,
             repo,
             pull_number,
             per_page: 100,
             page,
         })),
-        paginateAll((page) => octokit.pulls.listReviewComments({
+        paginateAllDetailed((page) => octokit.pulls.listReviewComments({
             owner,
             repo,
             pull_number,
             per_page: 100,
             page,
         })),
-        paginateAll((page) => octokit.issues.listComments({
+        paginateAllDetailed((page) => octokit.issues.listComments({
             owner,
             repo,
             issue_number: pull_number,
@@ -45,6 +48,13 @@ export async function fetchPRCommentBundle(octokit, prUrl, githubUsername) {
             page,
         })),
     ]);
+    const { items: reviews } = reviewsResult;
+    const { items: reviewComments } = reviewCommentsResult;
+    const { items: issueComments } = issueCommentsResult;
+    const truncated = reviewsResult.truncated || reviewCommentsResult.truncated || issueCommentsResult.truncated;
+    if (truncated) {
+        warn(MODULE, `Comment streams truncated at pagination cap for ${repoFull}#${pull_number}; bundle is partial`);
+    }
     const ownLogin = githubUsername.toLowerCase();
     /**
      * Drop entries that aren't useful corpus: the user's own comments, bots,
@@ -97,6 +107,7 @@ export async function fetchPRCommentBundle(octokit, prUrl, githubUsername) {
             body: fence(c.body ?? '', 'pr-issue-comment', c.user?.login ?? '', c.author_association ?? 'NONE'),
             createdAt: c.created_at ?? '',
         })),
+        ...(truncated ? { truncated: true } : {}),
     };
 }
 export async function fetchPRCommentBundlesBatch(octokit, prUrls, githubUsername, concurrency = DEFAULT_BATCH_CONCURRENCY) {

package/dist/core/pr-monitor.d.ts

@@ -40,6 +40,8 @@ export interface FetchPRsResult {
      * - Post-fetch viewer-mismatch guardrail (configured username differs
      *   from the authenticated viewer when the search returned zero PRs).
      * - Search API 1000-result truncation (#1057 M25).
+     * - Per-PR comment pagination truncation (#1456) — newest comments
+     *   dropped, so unresponded-comment detection may be incomplete.
      * Callers (daily, dashboard) surface these so users see the signal.
      */
     warnings?: string[];

package/dist/core/pr-monitor.js

@@ -19,11 +19,11 @@ import { parseGitHubUrl, extractOwnerRepo, isOwnRepo } from './urls.js';
 import { DEFAULT_CONCURRENCY, runWorkerPool } from './concurrency.js';
 import { determineStatus } from './status-determination.js';
 import { ConfigurationError, ValidationError, errorMessage, getHttpStatusCode, isInvalidUserSearchError, isRateLimitOrAuthError, } from './errors.js';
-import { paginateAll } from './pagination.js';
+import { paginateAllDetailed } from './pagination.js';
 import { debug, warn, timed } from './logger.js';
 import { getHttpCache, cachedRequest } from './http-cache.js';
 import { categorizeCIStatus, classifyFailingChecks, getCIStatus } from './ci-analysis.js';
-import { determineReviewDecision, getLatestChangesRequestedDate, checkUnrespondedComments, } from './review-analysis.js';
+import { determineReviewDecision, getLatestChangesRequestedDate, checkUnrespondedComments, getFirstMaintainerResponseAt, } from './review-analysis.js';
 import { analyzeChecklist } from './checklist-analysis.js';
 import { extractMaintainerActionHints } from './maintainer-analysis.js';
 import { computeDisplayLabel } from './display-utils.js';
@@ -239,7 +239,7 @@ export class PRMonitor {
             await runWorkerPool(filteredItems, async (item) => {
                 try {
                     debug('pr-monitor', `Fetching details for ${item.html_url}`);
-                    const pr = await this.fetchPRDetails(item.html_url);
+                    const pr = await this.fetchPRDetails(item.html_url, warnings);
                     if (pr)
                         prs.push(pr);
                 }
@@ -261,7 +261,7 @@ export class PRMonitor {
     /**
      * Fetch detailed information for a single PR
      */
-    async fetchPRDetails(prUrl) {
+    async fetchPRDetails(prUrl, warnings) {
         const parsed = parseGitHubUrl(prUrl);
         if (!parsed || parsed.type !== 'pull') {
             throw new ValidationError(`Invalid PR URL format: ${prUrl}`);
@@ -271,11 +271,11 @@ export class PRMonitor {
         // Fetch PR data, comments, reviews, and inline review comments in parallel.
         // listReviewComments is non-critical (used for self-reply detection), so degrade
         // gracefully on failure rather than dropping the entire PR (#199).
-        const [prResponse, comments, reviewsResponse, reviewComments] = await Promise.all([
+        const [prResponse, commentsResult, reviewsResponse, reviewCommentsResult] = await Promise.all([
             this.octokit.pulls.get({ owner, repo, pull_number: number }),
-            paginateAll((page) => this.octokit.issues.listComments({ owner, repo, issue_number: number, per_page: 100, page })),
+            paginateAllDetailed((page) => this.octokit.issues.listComments({ owner, repo, issue_number: number, per_page: 100, page })),
             this.octokit.pulls.listReviews({ owner, repo, pull_number: number }),
-            paginateAll((page) => this.octokit.pulls.listReviewComments({ owner, repo, pull_number: number, per_page: 100, page })).catch((err) => {
+            paginateAllDetailed((page) => this.octokit.pulls.listReviewComments({ owner, repo, pull_number: number, per_page: 100, page })).catch((err) => {
                 const status = getHttpStatusCode(err);
                 // Rate limit errors must propagate — silently swallowing them hides
                 // a systemic problem and produces misleading results (#229).
@@ -289,7 +289,7 @@ export class PRMonitor {
                     }
                     // Non-rate-limit 403 (DMCA, private repo, SSO) — degrade gracefully
                     warn('pr-monitor', `403 fetching review comments for ${owner}/${repo}#${number}: ${msg}`);
-                    return [];
+                    return { items: [], truncated: false };
                 }
                 if (status === 404) {
                     debug('pr-monitor', `Review comments 404 for ${owner}/${repo}#${number} (likely no inline comments)`);
@@ -297,9 +297,21 @@ export class PRMonitor {
                 else {
                     warn('pr-monitor', `Failed to fetch review comments for ${owner}/${repo}#${number} (status ${status ?? 'unknown'}): self-reply detection will be skipped`);
                 }
-                return [];
+                return { items: [], truncated: false };
             }),
         ]);
+        const { items: comments } = commentsResult;
+        const { items: reviewComments } = reviewCommentsResult;
+        // Surface pagination truncation through the caller's warnings channel
+        // (#1456): comments arrive oldest-first, so hitting the cap drops the
+        // NEWEST maintainer feedback — status determination (unresponded-comment
+        // detection) may be wrong for this PR.
+        if (commentsResult.truncated || reviewCommentsResult.truncated) {
+            const message = `Comment pagination cap reached for ${owner}/${repo}#${number}; the newest comments were not ` +
+                `fetched and unresponded-comment detection may be incomplete.`;
+            warnings?.push(message);
+            warn(MODULE, message);
+        }
         const ghPR = prResponse.data;
         const reviews = reviewsResponse.data;
         // Determine review decision (delegated to review-analysis module)
@@ -308,6 +320,10 @@ export class PRMonitor {
         const mergeConflict = hasMergeConflict(ghPR.mergeable, ghPR.mergeable_state);
         // Check if there's an unresponded maintainer comment (delegated to review-analysis module)
         const { hasUnrespondedComment, lastMaintainerComment } = checkUnrespondedComments(comments, reviews, reviewComments, config.githubUsername);
+        // Earliest maintainer response, computed from the comment/review timeline
+        // already in memory (#1461). Rides into the persisted digest so the
+        // outcome ledger can recover it after the PR merges or closes.
+        const firstMaintainerResponseAt = getFirstMaintainerResponseAt(comments, reviews, config.githubUsername);
         // Fetch CI status and (conditionally) latest commit date in parallel
         // We need the commit date when hasUnrespondedComment is true (to distinguish
         // "needs_response" from "waiting_on_maintainer") OR when reviewDecision is "changes_requested"
@@ -391,6 +407,7 @@ export class PRMonitor {
             actionReasons,
             createdAt: ghPR.created_at,
             updatedAt: ghPR.updated_at,
+            firstMaintainerResponseAt,
             daysSinceActivity,
             ciStatus,
             failingCheckNames,

package/dist/core/repo-score-manager.d.ts

@@ -4,7 +4,7 @@
  * and computing aggregate statistics. Mutation functions modify
  * the passed state object in place; query functions are pure.
  *
- * **User-facing reference:** `docs/repo-scoring.md` — plain-language
+ * **User-facing reference:** `docs/repo-scores.md` — plain-language
  * explanation of the formula and what a given score means.
  */
 import { AgentState, RepoScore, RepoScoreUpdate, StoredMergedPR, StoredClosedPR } from './types.js';
@@ -21,7 +21,7 @@ import { AgentState, RepoScore, RepoScoreUpdate, StoredMergedPR, StoredClosedPR
  *     − (hasHostileComments ? HOSTILITY_PENALTY : 0)
  *   clamped to [SCORE_MIN, SCORE_MAX].
  *
- * See `docs/repo-scoring.md` for user-facing intent and what a given
+ * See `docs/repo-scores.md` for user-facing intent and what a given
  * score means in practice.
  */
 export declare function calculateScore(repoScore: RepoScore): number;