@oss-autopilot/core 3.14.0 → 3.14.2

package/dist/commands/dashboard-data.js

@@ -182,6 +182,28 @@ export async function fetchDashboardData(token) {
     // Get watermarks for incremental PR fetch
     const watermark = stateManager.getMergedPRWatermark();
     const closedWatermark = stateManager.getClosedPRWatermark();
+    // Self-heal a ledger stranded behind a recent watermark (#1504). The
+    // incremental fetch only asks for merges newer than the newest stored one,
+    // so once the recent-merge feed (daily's recentlyMergedPRs) seeds the ledger
+    // before any full historical fetch ran, the older history can never be
+    // recovered. When the stored detail count is materially below the known
+    // all-time merged count, drop the watermark for a one-shot full backfill
+    // (bounded by the existing pagination cap); once the ledger catches up the
+    // watermark resumes incremental fetching. Closed PRs are not seeded ahead of
+    // their backfill in practice, so only merged needs the guard.
+    const storedMergedCount = stateManager.getMergedPRs().length;
+    const knownMergedAllTime = stateManager.getState().lastDigest?.summary?.totalMergedAllTime ?? 0;
+    // A full backfill can only ever return up to fetchMergedPRsSince's pagination
+    // cap (MAX_PAGINATION_PAGES * 100 = 300). Stop forcing one once the ledger has
+    // reached that ceiling, so a contributor whose star-filtered all-time count
+    // legitimately exceeds 300 doesn't trigger a full refetch on every poll.
+    const MERGED_BACKFILL_CEILING = 300;
+    const mergedNeedsBackfill = storedMergedCount < knownMergedAllTime && storedMergedCount < MERGED_BACKFILL_CEILING;
+    const mergedFetchSince = mergedNeedsBackfill ? undefined : watermark;
+    if (mergedNeedsBackfill) {
+        warn(MODULE, `Merged-PR ledger has ${storedMergedCount} of ~${knownMergedAllTime} known merges; ` +
+            'running a full backfill (watermark dropped) to recover history (#1504).');
+    }
     // Track which non-critical sub-fetches degraded to fallbacks so the SPA
     // can surface a "partial data" banner instead of silently showing zeros.
     // Rate-limit / auth errors still rethrow via isRateLimitOrAuthError —
@@ -223,7 +245,7 @@ export async function fetchDashboardData(token) {
                 failures: [{ issueUrl: 'N/A', error: `Issue conversation fetch failed: ${msg}` }],
             };
         }),
-        fetchMergedPRsSince(octokit, config, watermark).catch(trackingCatch('fetch merged PRs for storage', [])),
+        fetchMergedPRsSince(octokit, config, mergedFetchSince).catch(trackingCatch('fetch merged PRs for storage', [])),
         fetchClosedPRsSince(octokit, config, closedWatermark).catch(trackingCatch('fetch closed PRs for storage', [])),
     ]);
     const commentedIssues = fetchedIssues.issues;

package/dist/commands/dashboard-server.js

@@ -258,17 +258,6 @@ export async function startDashboardServer(options) {
                 // signal) lives inside reloadState too — do NOT add a second
                 // maybeRecoverGist call here or recovery would double-run per poll.
                 const stateChanged = await reloadState();
-                // Gist-mode staleness (#1446 item 2): refreshFromGist() returns
-                // false on BOTH "no change" and "fetch failed", so the boolean can't
-                // signal failure. getStateStaleness() is the API built for exactly
-                // this — StateManager sets the marker when in-memory state diverged
-                // from the canonical Gist (refresh failure, invalid payload,
-                // degraded bootstrap) and clears it on a successful pull.
-                const staleness = gistSync.stateManager.getStateStaleness();
-                if (staleness !== null) {
-                    res.setHeader('X-Dashboard-Stale', '1');
-                    res.setHeader('X-Dashboard-Stale-Reason', sanitizeHeaderValue(`state-stale: ${staleness.reason}`));
-                }
                 // Also rebuild when the vetted issue list file was edited outside this server (#924)
                 const currentIssueListMtimeMs = getIssueListMtimeMs();
                 const issueListChanged = currentIssueListMtimeMs !== cache.issueListMtimeMs;
@@ -283,14 +272,10 @@ export async function startDashboardServer(options) {
                         res.setHeader('X-Dashboard-Stale', '1');
                     }
                 }
-                // Surface staleness from a failed background refresh too (#1205) so
-                // token expiry / GitHub outage produces a client-visible signal
-                // rather than silent stale data. Only set the header when a failure
-                // is recorded — successful refreshes clear it.
-                if (cache.lastBackgroundRefreshError !== null) {
-                    res.setHeader('X-Dashboard-Stale', '1');
-                    res.setHeader('X-Dashboard-Stale-Reason', sanitizeHeaderValue(`background-refresh-failed: ${cache.lastBackgroundRefreshError}`));
-                }
+                // Gist-divergence + background-refresh staleness (#1446 item 2, #1205)
+                // via the shared helper so this GET and the POST mutators emit the
+                // same headers (#1487). The rebuild-failure flag above is GET-only.
+                applyStalenessHeaders(res);
                 sendJson(res, 200, cache.jsonData);
                 return;
             }
@@ -398,6 +383,36 @@ export async function startDashboardServer(options) {
             changed = true;
         return changed;
     }
+    /**
+     * Emit the X-Dashboard-Stale / X-Dashboard-Stale-Reason headers from the
+     * two server-lived staleness sources so EVERY response — GET /api/data and
+     * the POST mutators — reflects the same truth (#1487).
+     *
+     * Before this the setters were GET-only, but the SPA's applyResult clears
+     * its `stale` flag on ANY successfully-applied response. A dashboard whose
+     * gist pulls keep failing while POST /api/refresh and /api/action succeed
+     * would flip back to "healthy" until the next GET (mount or CSRF re-prime).
+     * Carrying the headers on the POST paths keeps the flag honest.
+     *
+     * Reads the same two probes the GET path used inline: the StateManager's
+     * gist-divergence marker (getStateStaleness, #1446 item 2) — set on a
+     * refresh failure / invalid payload / degraded bootstrap and cleared on a
+     * successful pull — and the cache's last background-refresh error (#1205).
+     * When both are set the background-refresh reason wins, matching the prior
+     * GET ordering. The GET path's third, transient source — an inline rebuild
+     * failure (#994) — is specific to that handler and stays inline there.
+     */
+    function applyStalenessHeaders(res) {
+        const staleness = gistSync.stateManager.getStateStaleness();
+        if (staleness !== null) {
+            res.setHeader('X-Dashboard-Stale', '1');
+            res.setHeader('X-Dashboard-Stale-Reason', sanitizeHeaderValue(`state-stale: ${staleness.reason}`));
+        }
+        if (cache.lastBackgroundRefreshError !== null) {
+            res.setHeader('X-Dashboard-Stale', '1');
+            res.setHeader('X-Dashboard-Stale-Reason', sanitizeHeaderValue(`background-refresh-failed: ${cache.lastBackgroundRefreshError}`));
+        }
+    }
     async function handleAction(req, res) {
         let body;
         try {
@@ -514,6 +529,10 @@ export async function startDashboardServer(options) {
         // SPA banner survives user interactions until the next successful
         // refresh clears it.
         cache.rebuild(gistSync.stateManager.getState());
+        // Carry the same staleness signal a GET would (#1487): a mutation that
+        // succeeds locally while the gist stays unreachable must not let the SPA
+        // clear a previously-stale flag.
+        applyStalenessHeaders(res);
         sendJson(res, 200, cache.jsonData);
     }
     // ── POST /api/refresh handler ────────────────────────────────────────────
@@ -535,6 +554,14 @@ export async function startDashboardServer(options) {
             const result = await fetchDashboardData(currentToken);
             cache.adoptFetchResult(result);
             cache.rebuild(gistSync.stateManager.getState(), result.allMergedPRs, result.allClosedPRs);
+            // This manual refresh just fetched GitHub successfully, so a prior
+            // background-refresh failure is no longer current (#1487) — clear it as
+            // the background success path does, then emit the staleness headers. A
+            // gist-divergence marker that survived a failed pull inside reloadState
+            // still surfaces via getStateStaleness, so the SPA stays honest even
+            // when the GitHub fetch succeeds but the gist remains unreachable.
+            cache.lastBackgroundRefreshError = null;
+            applyStalenessHeaders(res);
             sendJson(res, 200, cache.jsonData);
         }
         catch (error) {

package/dist/commands/skip-file-parser.d.ts

@@ -3,7 +3,11 @@
  *
  * The file format is one entry per line:
  *   2026-04-15 https://github.com/owner/repo/issues/123
- * Lines starting with `#` and blank lines are ignored.
+ * Lines starting with `#` and blank lines are ignored. A trailing inline
+ * comment is also allowed and ignored:
+ *   2026-04-15 https://github.com/owner/repo/issues/123  # reason for skipping
+ * The comment delimiter is whitespace followed by `#`, so a `#fragment` inside
+ * the URL (no preceding whitespace) is preserved, not treated as a comment.
  *
  * Produces SkippedIssue entries that plug directly into oss-scout's ScoutState
  * so the search engine filters already-skipped URLs out of results.

package/dist/commands/skip-file-parser.js

@@ -3,7 +3,11 @@
  *
  * The file format is one entry per line:
  *   2026-04-15 https://github.com/owner/repo/issues/123
- * Lines starting with `#` and blank lines are ignored.
+ * Lines starting with `#` and blank lines are ignored. A trailing inline
+ * comment is also allowed and ignored:
+ *   2026-04-15 https://github.com/owner/repo/issues/123  # reason for skipping
+ * The comment delimiter is whitespace followed by `#`, so a `#fragment` inside
+ * the URL (no preceding whitespace) is preserved, not treated as a comment.
  *
  * Produces SkippedIssue entries that plug directly into oss-scout's ScoutState
  * so the search engine filters already-skipped URLs out of results.
@@ -26,8 +30,10 @@ export function parseSkippedIssuesContent(content) {
         const line = lines[i].trim();
         if (line === '' || line.startsWith('#'))
             continue;
-        // Split on first whitespace run: "YYYY-MM-DD <url>"
-        const match = line.match(/^(\S+)\s+(\S+)\s*$/);
+        // Parse "YYYY-MM-DD <url>" with an optional trailing "# comment". The
+        // comment delimiter is whitespace followed by `#`, so a `#fragment` inside
+        // the URL (no preceding whitespace) stays part of the URL token.
+        const match = line.match(/^(\S+)\s+(\S+)(?:\s+#.*)?$/);
         if (!match) {
             warn('skip-file-parser', `Line ${lineNumber}: malformed (expected "<date> <url>"): ${line}`);
             continue;

package/dist/commands/vet-list.d.ts

@@ -3,6 +3,7 @@
  * Re-vets all available issues in a curated issue list file via @oss-scout/core.
  */
 import { type VetListOutput, type VetOutput, type VetListItemStatus } from '../formatters/json.js';
+import { type IssueAvailabilityVerdict } from '../core/index.js';
 interface VetListOptions {
     issueListPath?: string;
     concurrency?: number;
@@ -35,12 +36,11 @@ export declare function extractSkipReason(candidate: unknown): ScoutSkipReason |
  */
 export declare function classifyListStatus(vetResult: VetOutput, skipReason?: ScoutSkipReason): VetListItemStatus;
 /**
- * Re-vet all available issues in a curated issue list.
- * Reads the list file, extracts available (non-done) issues,
- * and vets each in parallel with concurrency control.
- *
- * @param options - Vet-list options
- * @returns Consolidated vetting results with list status for each issue
+ * Map a deterministic verify-issue verdict onto the vet-list status taxonomy
+ * (#1494). This is the authoritative path: the GraphQL verdict knows the
+ * closing-vs-mention distinction (#1353) that scout's substring heuristic
+ * cannot, so `at_risk` (mention only) no longer collapses into `claimed`.
  */
+export declare function listStatusFromVerdict(verdict: IssueAvailabilityVerdict): VetListItemStatus;
 export declare function runVetList(options?: VetListOptions): Promise<VetListOutput>;
 export {};

package/dist/commands/vet-list.js

@@ -7,7 +7,8 @@ import { adaptScoutLinkedPR, buildCandidateLinkedPR, createAutopilotScout } from
 import { runParseList, pruneIssueList } from './parse-list.js';
 import { detectIssueList } from './startup.js';
 import { computeSuccessGrade, gradeFromCandidate } from '../core/issue-grading.js';
-import { getStateManager, classifyLinkedPR } from '../core/index.js';
+import { ValidationError } from '../core/errors.js';
+import { getStateManager, classifyLinkedPR, getOctokit, requireGitHubToken, parseGitHubUrl, verifyIssuesBatch, } from '../core/index.js';
 const UNKNOWN_GRADE = computeSuccessGrade({ avgResponseDays: null, mergeRate: null, daysSinceLastCommit: null });
 const KNOWN_SKIP_REASONS = new Set([
     'issue_closed',
@@ -93,13 +94,64 @@ export function classifyListStatus(vetResult, skipReason) {
     return 'still_available';
 }
 /**
- * Re-vet all available issues in a curated issue list.
- * Reads the list file, extracts available (non-done) issues,
- * and vets each in parallel with concurrency control.
- *
- * @param options - Vet-list options
- * @returns Consolidated vetting results with list status for each issue
+ * Map a deterministic verify-issue verdict onto the vet-list status taxonomy
+ * (#1494). This is the authoritative path: the GraphQL verdict knows the
+ * closing-vs-mention distinction (#1353) that scout's substring heuristic
+ * cannot, so `at_risk` (mention only) no longer collapses into `claimed`.
+ */
+export function listStatusFromVerdict(verdict) {
+    switch (verdict) {
+        case 'closed': {
+            return 'closed';
+        }
+        case 'own-open-pr': {
+            return 'own_open_pr';
+        }
+        case 'taken': {
+            return 'claimed';
+        }
+        case 'at-risk': {
+            return 'at_risk';
+        }
+        case 'available': {
+            return 'still_available';
+        }
+    }
+}
+/**
+ * Verdicts that conclusively rule an issue out as a new opportunity. For these
+ * we skip scout's grade/health vet entirely — there is nothing to grade — and
+ * build the result row straight from the verification.
  */
+const RULED_OUT_VERDICTS = new Set(['closed', 'taken', 'own-open-pr']);
+/** The per-row `verification` sub-object: the authoritative facts behind the
+ * status, projected from the full {@link IssueVerification}. */
+function toVerificationSummary(v) {
+    return {
+        verdict: v.verdict,
+        verdictReason: v.verdictReason,
+        state: v.state,
+        stateReason: v.stateReason,
+        assignees: v.assignees,
+        linkedPRs: v.linkedPRs,
+    };
+}
+/** Minimal VetOutput for a ruled-out issue (no scout vet was run). The
+ * verification carries the real reason; scout-derived fields are left empty. */
+function ruledOutVetOutput(v) {
+    return {
+        issue: { repo: `${v.owner}/${v.repo}`, number: v.number, title: v.title, url: v.url, labels: [] },
+        recommendation: 'skip',
+        reasonsToApprove: [],
+        reasonsToSkip: [v.verdictReason],
+        projectHealth: {},
+        vettingResult: {},
+        grade: UNKNOWN_GRADE,
+    };
+}
+function toMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
 export async function runVetList(options = {}) {
     const concurrency = options.concurrency ?? 5;
     // 1. Find and parse the issue list
@@ -115,75 +167,146 @@ export async function runVetList(options = {}) {
     if (parsed.available.length === 0) {
         return {
             results: [],
-            summary: { total: 0, stillAvailable: 0, claimed: 0, closed: 0, hasPR: 0, hasStalledPR: 0, errors: 0 },
+            summary: {
+                total: 0,
+                stillAvailable: 0,
+                claimed: 0,
+                closed: 0,
+                hasPR: 0,
+                hasStalledPR: 0,
+                atRisk: 0,
+                ownOpenPr: 0,
+                errors: 0,
+            },
         };
     }
-    // 2. Vet each available issue in parallel with concurrency limit
-    const scout = await createAutopilotScout();
-    const results = [];
-    // Simple concurrency limiter
     const items = parsed.available;
-    let index = 0;
-    async function processNext() {
-        while (index < items.length) {
-            const item = items[index++];
+    // 2. Verify FIRST (#1494): one deterministic GraphQL check per entry, in a
+    //    bounded batch. The verdict is closing-vs-mention aware, so it carries
+    //    the authoritative status — and ruling issues out here means we skip
+    //    scout's search-driven vet (a net REDUCTION in /search/issues calls).
+    const octokit = getOctokit(requireGitHubToken());
+    const verifyTargets = [];
+    items.forEach((item, i) => {
+        const ghUrl = parseGitHubUrl(item.url);
+        if (ghUrl && ghUrl.type === 'issues') {
+            verifyTargets.push({ index: i, params: { owner: ghUrl.owner, repo: ghUrl.repo, number: ghUrl.number } });
+        }
+    });
+    const batch = await verifyIssuesBatch(octokit, verifyTargets.map((t) => t.params), { concurrency });
+    const verificationByIndex = new Map();
+    verifyTargets.forEach((t, k) => verificationByIndex.set(t.index, batch[k]));
+    // 3. Vet only the issues still in play; build each row.
+    const scout = await createAutopilotScout();
+    /** Run scout's grade/health vet for an issue (the search-driven path). */
+    async function runScoutVet(item) {
+        const candidate = await scout.vetIssue(item.url);
+        const grade = gradeFromCandidate({
+            repo: candidate.issue.repo,
+            projectHealth: candidate.projectHealth,
+            getRepoScore: (repo) => getStateManager().getRepoScore(repo),
+        });
+        const userLogin = getStateManager().getState().config.githubUsername;
+        const linkedPRClassification = classifyLinkedPR({
+            linkedPR: adaptScoutLinkedPR(candidate.vettingResult.linkedPR),
+            userLogin,
+        });
+        const linkedPR = buildCandidateLinkedPR(candidate.vettingResult.linkedPR);
+        const vetResult = {
+            issue: {
+                repo: candidate.issue.repo,
+                number: candidate.issue.number,
+                title: candidate.issue.title,
+                url: candidate.issue.url,
+                labels: candidate.issue.labels,
+            },
+            recommendation: candidate.recommendation,
+            reasonsToApprove: candidate.reasonsToApprove,
+            reasonsToSkip: candidate.reasonsToSkip,
+            projectHealth: candidate.projectHealth,
+            vettingResult: candidate.vettingResult,
+            antiLLMPolicy: candidate.antiLLMPolicy,
+            linkedPRClassification,
+            ...(linkedPR ? { linkedPR } : {}),
+            slmTriage: candidate.slmTriage ?? null,
+            grade,
+        };
+        return { vetResult, skipReason: extractSkipReason(candidate) };
+    }
+    function errorRow(item, error) {
+        const message = toMessage(error);
+        return {
+            issue: { repo: item.repo, number: item.number, title: item.title, url: item.url, labels: [] },
+            recommendation: 'skip',
+            reasonsToApprove: [],
+            reasonsToSkip: [`Error: ${message}`],
+            projectHealth: {},
+            vettingResult: {},
+            grade: UNKNOWN_GRADE,
+            listStatus: 'error',
+            errorMessage: message,
+        };
+    }
+    async function processItem(item, verification) {
+        // No authoritative verdict for this row: either verify errored, or the URL
+        // was never enrolled (parse-list also accepts PR URLs, which `verify-issue`
+        // can't classify). Either way `listStatus` falls back to scout's heuristic,
+        // so we ALWAYS tag the row with `verifyError` — the explicit signal that the
+        // status is not authoritative and must be re-verified before acting.
+        if (!verification || verification.verification === undefined) {
+            const verifyError = verification?.error;
+            // A ValidationError means the issue definitively doesn't exist (deleted,
+            // private, or the URL points at a PR). Don't re-grade it via scout — that
+            // could mislabel a dead issue as available. Report it as an error row.
+            if (verifyError instanceof ValidationError) {
+                return { ...errorRow(item, verifyError), verifyError: toMessage(verifyError) };
+            }
+            // Transient verify failure (rate limit, network, truncated timeline), or a
+            // non-issue URL that was never sent to verify. Fall back to scout's
+            // heuristic, tagged so the row is re-verified later.
+            const verifyErrorTag = {
+                verifyError: verifyError === undefined
+                    ? `not verified: ${item.url} is not a verifiable issue URL`
+                    : toMessage(verifyError),
+            };
             try {
-                const candidate = await scout.vetIssue(item.url);
-                const grade = gradeFromCandidate({
-                    repo: candidate.issue.repo,
-                    projectHealth: candidate.projectHealth,
-                    getRepoScore: (repo) => getStateManager().getRepoScore(repo),
-                });
-                const userLogin = getStateManager().getState().config.githubUsername;
-                const linkedPRClassification = classifyLinkedPR({
-                    linkedPR: adaptScoutLinkedPR(candidate.vettingResult.linkedPR),
-                    userLogin,
-                });
-                const linkedPR = buildCandidateLinkedPR(candidate.vettingResult.linkedPR);
-                const vetResult = {
-                    issue: {
-                        repo: candidate.issue.repo,
-                        number: candidate.issue.number,
-                        title: candidate.issue.title,
-                        url: candidate.issue.url,
-                        labels: candidate.issue.labels,
-                    },
-                    recommendation: candidate.recommendation,
-                    reasonsToApprove: candidate.reasonsToApprove,
-                    reasonsToSkip: candidate.reasonsToSkip,
-                    projectHealth: candidate.projectHealth,
-                    vettingResult: candidate.vettingResult,
-                    antiLLMPolicy: candidate.antiLLMPolicy,
-                    linkedPRClassification,
-                    ...(linkedPR ? { linkedPR } : {}),
-                    slmTriage: candidate.slmTriage ?? null,
-                    grade,
-                };
-                results.push({
-                    ...vetResult,
-                    listStatus: classifyListStatus(vetResult, extractSkipReason(candidate)),
-                });
+                const { vetResult, skipReason } = await runScoutVet(item);
+                return { ...vetResult, listStatus: classifyListStatus(vetResult, skipReason), ...verifyErrorTag };
             }
             catch (error) {
-                // Per-issue errors don't fail the batch
-                results.push({
-                    issue: { repo: item.repo, number: item.number, title: item.title, url: item.url, labels: [] },
-                    recommendation: 'skip',
-                    reasonsToApprove: [],
-                    reasonsToSkip: [`Error: ${error instanceof Error ? error.message : String(error)}`],
-                    projectHealth: {},
-                    vettingResult: {},
-                    grade: UNKNOWN_GRADE,
-                    listStatus: 'error',
-                    errorMessage: error instanceof Error ? error.message : String(error),
-                });
+                return { ...errorRow(item, error), ...verifyErrorTag };
             }
         }
+        const v = verification.verification;
+        const summary = toVerificationSummary(v);
+        const listStatus = listStatusFromVerdict(v.verdict);
+        // Conclusively ruled out — skip the scout vet entirely.
+        if (RULED_OUT_VERDICTS.has(v.verdict)) {
+            return { ...ruledOutVetOutput(v), listStatus, verification: summary };
+        }
+        // available / at-risk: still worth grading. The verdict stays authoritative
+        // for listStatus; scout only supplies grade/health/recommendation.
+        try {
+            const { vetResult } = await runScoutVet(item);
+            return { ...vetResult, listStatus, verification: summary };
+        }
+        catch (error) {
+            // Verify succeeded, so keep its verdict facts even though grading failed.
+            return { ...errorRow(item, error), verification: summary };
+        }
+    }
+    const results = new Array(items.length);
+    let index = 0;
+    async function processNext() {
+        while (index < items.length) {
+            const i = index++;
+            results[i] = await processItem(items[i], verificationByIndex.get(i));
+        }
     }
-    // Start `concurrency` workers
+    // Start `concurrency` workers (bounds the scout-vet fan-out).
     const workers = Array.from({ length: Math.min(concurrency, items.length) }, () => processNext());
     await Promise.all(workers);
-    // 3. Compute summary
+    // 4. Compute summary
     const summary = {
         total: results.length,
         stillAvailable: results.filter((r) => r.listStatus === 'still_available').length,
@@ -191,6 +314,8 @@ export async function runVetList(options = {}) {
         closed: results.filter((r) => r.listStatus === 'closed').length,
         hasPR: results.filter((r) => r.listStatus === 'has_pr').length,
         hasStalledPR: results.filter((r) => r.listStatus === 'has_stalled_pr').length,
+        atRisk: results.filter((r) => r.listStatus === 'at_risk').length,
+        ownOpenPr: results.filter((r) => r.listStatus === 'own_open_pr').length,
         errors: results.filter((r) => r.listStatus === 'error').length,
     };
     // 4. Prune the file if requested — remove completed/skipped/low-score items

package/dist/core/index.d.ts

@@ -23,7 +23,7 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats, type ContributionStats, type ComputeStatsInput } from './stats.js';
 export { fetchPRTemplate, type PRTemplateResult } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, type LinkedPR, type LinkedPRClassification, type LinkedPRState, } from './linked-pr-classification.js';
-export { classifyIssueAvailability, fetchIssueVerification, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
+export { classifyIssueAvailability, fetchIssueVerification, verifyIssuesBatch, MAX_VERIFY_CONCURRENCY, type BatchVerificationResult, type IssueAvailabilityVerdict, type IssueVerification, type LinkedPRLinkType, type VerifiedLinkedPR, type VerifyIssueParams, } from './issue-verification.js';
 export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, type AttentionBucket, type AttentionInput, type AttentionSummary, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, type AntiLLMCategory, type AntiLLMMatch, type AntiLLMScanResult, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, type DetectedFormatter, type FormatterDetectionResult, type CIFormatterDiagnosis, type FormatterName, } from './formatter-detection.js';

package/dist/core/index.js

@@ -24,7 +24,7 @@ export { CRITICAL_STATUSES, applyStatusOverrides, computeRepoSignals, groupPRsBy
 export { computeContributionStats } from './stats.js';
 export { fetchPRTemplate } from './pr-template.js';
 export { classifyLinkedPR, isLinkedPRStalled, STALLED_PR_THRESHOLD_DAYS, } from './linked-pr-classification.js';
-export { classifyIssueAvailability, fetchIssueVerification, } from './issue-verification.js';
+export { classifyIssueAvailability, fetchIssueVerification, verifyIssuesBatch, MAX_VERIFY_CONCURRENCY, } from './issue-verification.js';
 export { classifyAttentionBucket, summarizeAttentionBuckets, STUCK_CI_THRESHOLD_DAYS, DORMANT_FOLLOWUP_THRESHOLD_DAYS, } from './pr-attention.js';
 export { scanForAntiLLMPolicy, } from './anti-llm-policy.js';
 export { detectFormatters, diagnoseCIFormatterFailure, getPreferredFormatter, } from './formatter-detection.js';

package/dist/core/issue-verification.d.ts

@@ -89,3 +89,42 @@ export interface VerifyIssueParams {
     number: number;
 }
 export declare function fetchIssueVerification(octokit: Octokit, params: VerifyIssueParams): Promise<IssueVerification>;
+/**
+ * Hard ceiling on concurrent in-flight verifications. Each issue runs its own
+ * GraphQL round-trip (point-heavy, with timeline pagination), so we never run
+ * more than this many at once regardless of what the caller requests. The
+ * single-issue path already leans on ThrottledOctokit's secondary-rate-limit
+ * backoff — this cap keeps us from spraying enough parallel queries to trip it.
+ */
+export declare const MAX_VERIFY_CONCURRENCY = 5;
+/**
+ * Per-item outcome of a batched verification run. Aligned by index with the
+ * input `items`. Error isolation: one item's failure lands as `{ error }` and
+ * never aborts the batch, so a single NOT_FOUND (or transient network error)
+ * does not poison every other entry — unlike an aliased mega-query would.
+ */
+export interface BatchVerificationResult {
+    params: VerifyIssueParams;
+    /** Present when verification succeeded for this item. */
+    verification?: IssueVerification;
+    /** Present when `fetchIssueVerification` threw for this item. */
+    error?: unknown;
+}
+/**
+ * Verify many issues with bounded concurrent fan-out of the single-issue
+ * {@link fetchIssueVerification}.
+ *
+ * This is a deliberately thin worker pool, NOT one aliased GraphQL query:
+ * per-issue timeline cursors make aliasing unmanageable, and all-or-nothing
+ * failure (one bad issue poisoning the batch) is exactly what we want to
+ * avoid. No retry layer is added here — `octokit` is expected to be a
+ * ThrottledOctokit whose backoff already covers secondary rate limits.
+ *
+ * @param octokit - Throttled Octokit instance (see `getOctokit`).
+ * @param items - Issues to verify; results align with this order.
+ * @param options.concurrency - Desired parallelism; capped at
+ *   {@link MAX_VERIFY_CONCURRENCY} and floored at 1.
+ */
+export declare function verifyIssuesBatch(octokit: Octokit, items: readonly VerifyIssueParams[], options?: {
+    concurrency?: number;
+}): Promise<BatchVerificationResult[]>;

package/dist/core/issue-verification.js

@@ -268,3 +268,51 @@ export async function fetchIssueVerification(octokit, params) {
         userLogin,
     };
 }
+// ── Batched verification ───────────────────────────────────────────────
+/**
+ * Hard ceiling on concurrent in-flight verifications. Each issue runs its own
+ * GraphQL round-trip (point-heavy, with timeline pagination), so we never run
+ * more than this many at once regardless of what the caller requests. The
+ * single-issue path already leans on ThrottledOctokit's secondary-rate-limit
+ * backoff — this cap keeps us from spraying enough parallel queries to trip it.
+ */
+export const MAX_VERIFY_CONCURRENCY = 5;
+/**
+ * Verify many issues with bounded concurrent fan-out of the single-issue
+ * {@link fetchIssueVerification}.
+ *
+ * This is a deliberately thin worker pool, NOT one aliased GraphQL query:
+ * per-issue timeline cursors make aliasing unmanageable, and all-or-nothing
+ * failure (one bad issue poisoning the batch) is exactly what we want to
+ * avoid. No retry layer is added here — `octokit` is expected to be a
+ * ThrottledOctokit whose backoff already covers secondary rate limits.
+ *
+ * @param octokit - Throttled Octokit instance (see `getOctokit`).
+ * @param items - Issues to verify; results align with this order.
+ * @param options.concurrency - Desired parallelism; capped at
+ *   {@link MAX_VERIFY_CONCURRENCY} and floored at 1.
+ */
+export async function verifyIssuesBatch(octokit, items, options = {}) {
+    const results = new Array(items.length);
+    if (items.length === 0)
+        return results;
+    const requested = options.concurrency ?? MAX_VERIFY_CONCURRENCY;
+    // Floor at 1 so a 0/negative/NaN request can never produce zero workers
+    // (which would leave the results array full of holes).
+    const concurrency = Math.max(1, Math.min(Number.isFinite(requested) ? requested : MAX_VERIFY_CONCURRENCY, MAX_VERIFY_CONCURRENCY, items.length));
+    let index = 0;
+    async function worker() {
+        while (index < items.length) {
+            const i = index++;
+            const params = items[i];
+            try {
+                results[i] = { params, verification: await fetchIssueVerification(octokit, params) };
+            }
+            catch (error) {
+                results[i] = { params, error };
+            }
+        }
+    }
+    await Promise.all(Array.from({ length: concurrency }, () => worker()));
+    return results;
+}