@oss-autopilot/core 3.4.1 → 3.5.0

package/dist/commands/repo-vet.js

@@ -0,0 +1,215 @@
+/**
+ * repo-vet command (#1271, follow-up to #1242).
+ *
+ * Fetches repo health signals via the GitHub API, runs the typed
+ * `computeRepoVet` core function, and returns the structured result.
+ * Used by the `repo-evaluator` agent (and the future `repo-vet` MCP tool)
+ * to replace per-prompt rubric assembly with a deterministic, testable
+ * evaluation.
+ *
+ * Same architectural shape as `compliance-score`: read-only API calls,
+ * no state mutation, runs against a public `owner/repo` slug.
+ */
+import { getOctokit, requireGitHubToken } from '../core/index.js';
+import { errorMessage } from '../core/errors.js';
+import { warn } from '../core/logger.js';
+import { validateRepoIdentifier } from './validation.js';
+import { computeRepoVet } from '../core/repo-vet.js';
+const MODULE = 'repo-vet';
+const DAY_MS = 86400000;
+const COMMUNITY_HEALTH_PATHS = [
+    // Each entry can live at the repo root OR under .github/. We probe both
+    // because some repos prefer the visible-at-root convention and some
+    // prefer the .github/ folder convention.
+    { key: 'hasContributing', candidates: ['CONTRIBUTING.md', '.github/CONTRIBUTING.md'] },
+    { key: 'hasIssueTemplates', candidates: ['.github/ISSUE_TEMPLATE'] },
+    {
+        key: 'hasPRTemplate',
+        candidates: ['.github/pull_request_template.md', 'pull_request_template.md', 'PULL_REQUEST_TEMPLATE.md'],
+    },
+    { key: 'hasCodeOfConduct', candidates: ['CODE_OF_CONDUCT.md', '.github/CODE_OF_CONDUCT.md'] },
+];
+/**
+ * Returns true when the path exists. Treats 404 as "absent" (the only
+ * shape we care about for community-health flags). Re-throws everything
+ * else — auth/rate-limit failures must not silently scrub the
+ * `hasContributing` etc. flags to `false`, which would understate a
+ * repo's community health on a token that lacks scope or has been
+ * throttled mid-sequence.
+ */
+async function probePath(octokit, owner, repo, path) {
+    try {
+        await octokit.repos.getContent({ owner, repo, path });
+        return true;
+    }
+    catch (err) {
+        const status = err.status;
+        if (status === 404)
+            return false;
+        throw err;
+    }
+}
+/**
+ * Probe each community-health path. Treats 404 as "absent" (a definitive
+ * signal). On any other error (auth, rate-limit, 5xx) the per-key result
+ * stays `false` AND the whole-function `incomplete` flag is set so the
+ * caller knows community-health was unverified rather than confirmed-absent.
+ *
+ * This is the per-key analogue of the call-level catch: instead of either
+ * silently misclassifying 403 → absent OR aborting the entire repo-vet
+ * call, we degrade gracefully and surface the gap.
+ */
+async function checkCommunityHealth(octokit, owner, repo) {
+    const out = {
+        hasContributing: false,
+        hasIssueTemplates: false,
+        hasPRTemplate: false,
+        hasCodeOfConduct: false,
+    };
+    let incomplete = false;
+    await Promise.all(COMMUNITY_HEALTH_PATHS.map(async ({ key, candidates }) => {
+        let sawError = false;
+        for (const path of candidates) {
+            try {
+                if (await probePath(octokit, owner, repo, path)) {
+                    out[key] = true;
+                    return;
+                }
+            }
+            catch (err) {
+                // probePath only throws on non-404 errors. Don't abandon
+                // remaining candidates — `CONTRIBUTING.md` failing with 403
+                // does NOT imply `.github/CONTRIBUTING.md` will fail too. Mark
+                // the per-key probe as incomplete only if every candidate
+                // either errored or returned absent.
+                warn(MODULE, `community-health probe for ${owner}/${repo}/${path} failed: ${errorMessage(err)}`);
+                sawError = true;
+                continue;
+            }
+        }
+        // Reached only when no candidate hit. If any candidate errored,
+        // the absent flag is unreliable — surface that to the caller so
+        // the agent prompt distinguishes "probed all candidates and
+        // absent" from "couldn't tell".
+        if (sawError)
+            incomplete = true;
+    }));
+    return {
+        hasContributing: out.hasContributing,
+        hasIssueTemplates: out.hasIssueTemplates,
+        hasPRTemplate: out.hasPRTemplate,
+        hasCodeOfConduct: out.hasCodeOfConduct,
+        incomplete,
+    };
+}
+function summarizePRMerges(prs, windowDays, now) {
+    const cutoff = now.getTime() - windowDays * DAY_MS;
+    const prMergeTimesDays = [];
+    let mergedCount = 0;
+    let openedCount = 0;
+    for (const pr of prs) {
+        const createdAt = new Date(pr.created_at).getTime();
+        if (createdAt >= cutoff)
+            openedCount += 1;
+        if (pr.merged_at) {
+            const mergedAt = new Date(pr.merged_at).getTime();
+            if (mergedAt >= cutoff) {
+                mergedCount += 1;
+                const days = (mergedAt - createdAt) / DAY_MS;
+                if (Number.isFinite(days) && days >= 0)
+                    prMergeTimesDays.push(days);
+            }
+        }
+    }
+    return { prMergeTimesDays, mergedCount, openedCount };
+}
+function summarizeCommits(commits, now) {
+    const cutoff30 = now.getTime() - 30 * DAY_MS;
+    const cutoff90 = now.getTime() - 90 * DAY_MS;
+    const contributors90 = new Set();
+    let commitsLast30Days = 0;
+    let lastCommitMs = null;
+    for (const c of commits) {
+        const dateStr = c.commit.author?.date;
+        if (!dateStr)
+            continue;
+        const ts = new Date(dateStr).getTime();
+        if (Number.isNaN(ts))
+            continue;
+        if (lastCommitMs === null || ts > lastCommitMs)
+            lastCommitMs = ts;
+        if (ts >= cutoff30)
+            commitsLast30Days += 1;
+        if (ts >= cutoff90 && c.author?.login)
+            contributors90.add(c.author.login);
+    }
+    return {
+        commitsLast30Days,
+        contributorsLast90d: contributors90.size,
+        lastCommitISO: lastCommitMs ? new Date(lastCommitMs).toISOString() : null,
+    };
+}
+/**
+ * Run the repo-vet evaluation against an `owner/repo` slug.
+ *
+ * @throws {ValidationError} If the repo identifier is malformed.
+ */
+export async function runRepoVet(options) {
+    validateRepoIdentifier(options.repo);
+    const [owner, repo] = options.repo.split('/');
+    const token = requireGitHubToken();
+    const octokit = getOctokit(token);
+    const now = new Date();
+    const [repoMetaResp, closedPRsResp, commitsResp, releasesResp, communityHealthSummary] = await Promise.all([
+        octokit.repos.get({ owner, repo }),
+        octokit.pulls.list({ owner, repo, state: 'closed', sort: 'updated', direction: 'desc', per_page: 100 }),
+        octokit.repos.listCommits({ owner, repo, per_page: 100 }),
+        octokit.repos
+            .listReleases({ owner, repo, per_page: 1 })
+            .catch(() => ({ data: [] })),
+        checkCommunityHealth(octokit, owner, repo),
+    ]);
+    const prs = closedPRsResp.data.map((p) => ({
+        created_at: p.created_at,
+        merged_at: p.merged_at,
+        updated_at: p.updated_at,
+    }));
+    const { prMergeTimesDays, mergedCount, openedCount } = summarizePRMerges(prs, 90, now);
+    const commitSummary = summarizeCommits(commitsResp.data, now);
+    const releases = releasesResp.data;
+    const lastReleaseISO = releases.length > 0 ? (releases[0].published_at ?? releases[0].created_at ?? null) : null;
+    const input = {
+        stars: repoMetaResp.data.stargazers_count ?? 0,
+        forks: repoMetaResp.data.forks_count ?? 0,
+        openIssues: repoMetaResp.data.open_issues_count ?? 0,
+        watchers: repoMetaResp.data.subscribers_count ?? 0,
+        isArchived: repoMetaResp.data.archived ?? false,
+        lastPushed: repoMetaResp.data.pushed_at ?? new Date(0).toISOString(),
+        createdAt: repoMetaResp.data.created_at ?? new Date(0).toISOString(),
+        commitsLast30Days: commitSummary.commitsLast30Days,
+        prMergeTimesDays,
+        mergedCount90Days: mergedCount,
+        openedCount90Days: openedCount,
+        lastCommitISO: commitSummary.lastCommitISO,
+        contributorsLast90d: commitSummary.contributorsLast90d,
+        lastReleaseISO,
+        hasContributing: communityHealthSummary.hasContributing,
+        hasIssueTemplates: communityHealthSummary.hasIssueTemplates,
+        hasPRTemplate: communityHealthSummary.hasPRTemplate,
+        hasCodeOfConduct: communityHealthSummary.hasCodeOfConduct,
+    };
+    const result = computeRepoVet(input);
+    // The core function names its metadata object `repo`. Rename to `repoMeta`
+    // at the CLI boundary so the top-level slug doesn't collide with it.
+    // Also overlay the community-health `incomplete` flag the wrapper
+    // tracks (the core type doesn't carry it because computeRepoVet is
+    // pure — only the wrapper makes the API calls that can fail mid-probe).
+    const { repo: repoMeta, communityHealth, ...rest } = result;
+    return {
+        repoSlug: options.repo,
+        fetchedAt: now.toISOString(),
+        repoMeta,
+        communityHealth: { ...communityHealth, incomplete: communityHealthSummary.incomplete },
+        ...rest,
+    };
+}

package/dist/commands/startup.js

@@ -277,6 +277,22 @@ export async function runStartup() {
     }
     // 5. Detect issue list
     const issueList = detectIssueList();
+    // 6. Pass through dashboard-build status set by the workflow shell (#1293).
+    // The workflow runs the SPA build BEFORE invoking startup, so the status
+    // arrives here via env vars rather than being something runStartup itself
+    // computes. Validate the env value so a malformed export can't sneak an
+    // arbitrary string into a typed enum.
+    const rawBuildStatus = process.env.OSS_DASHBOARD_BUILD_STATUS;
+    const dashboardBuildStatus = rawBuildStatus === 'fresh' ||
+        rawBuildStatus === 'rebuilt' ||
+        rawBuildStatus === 'failed' ||
+        rawBuildStatus === 'missing-pnpm'
+        ? rawBuildStatus
+        : undefined;
+    const rawBuildErrorTail = process.env.OSS_DASHBOARD_BUILD_ERROR_TAIL;
+    const dashboardBuildErrorTail = (dashboardBuildStatus === 'failed' || dashboardBuildStatus === 'missing-pnpm') && rawBuildErrorTail
+        ? rawBuildErrorTail
+        : undefined;
     return {
         version,
         setupComplete: true,
@@ -284,6 +300,8 @@ export async function runStartup() {
         daily,
         dashboardUrl,
         dashboardError,
+        dashboardBuildStatus,
+        dashboardBuildErrorTail,
         issueList,
     };
 }

package/dist/core/ci-enforced-tools.d.ts

@@ -0,0 +1,35 @@
+/**
+ * CI-enforced tool detection (#1286).
+ *
+ * Extracted from `workflows/pre-commit-review.md` Steps 2b and 6a so
+ * the same logic isn't reimplemented twice in markdown. Callers
+ * supply pre-fetched config snippets (the workflow runs `cat` /
+ * `head` against the well-known files); this function does the
+ * structured parse.
+ *
+ * Pure typed helper — no I/O.
+ */
+export type CIToolName = 'lint' | 'format' | 'typecheck' | 'test' | 'build' | 'commit-format' | 'security-scan';
+export interface CIEnforcedToolsInput {
+    /** `.pre-commit-config.yaml` contents, or null when the file is missing. */
+    preCommitConfigYaml: string | null;
+    /** Concatenated contents of `.github/workflows/*.yml` (or null when none). */
+    workflowYamls: string | null;
+    /** `Makefile` contents, or null when missing. */
+    makefile: string | null;
+    /** `package.json` contents — used to detect script names. */
+    packageJson: string | null;
+}
+export interface CIEnforcedTool {
+    tool: CIToolName;
+    source: 'pre-commit' | 'github-workflow' | 'makefile' | 'package-json';
+    /** Short snippet that surfaced this tool — useful for explainability. */
+    evidence: string;
+}
+/**
+ * Detect which class of tool each input source enforces. The output
+ * may contain duplicates (e.g., `test` enforced by both pre-commit
+ * and a GitHub workflow); callers can dedupe on `tool` or display
+ * each evidence pair separately.
+ */
+export declare function getCIEnforcedTools(input: CIEnforcedToolsInput): CIEnforcedTool[];

package/dist/core/ci-enforced-tools.js

@@ -0,0 +1,109 @@
+/**
+ * CI-enforced tool detection (#1286).
+ *
+ * Extracted from `workflows/pre-commit-review.md` Steps 2b and 6a so
+ * the same logic isn't reimplemented twice in markdown. Callers
+ * supply pre-fetched config snippets (the workflow runs `cat` /
+ * `head` against the well-known files); this function does the
+ * structured parse.
+ *
+ * Pure typed helper — no I/O.
+ */
+/**
+ * Detect which class of tool each input source enforces. The output
+ * may contain duplicates (e.g., `test` enforced by both pre-commit
+ * and a GitHub workflow); callers can dedupe on `tool` or display
+ * each evidence pair separately.
+ */
+export function getCIEnforcedTools(input) {
+    const out = [];
+    if (input.preCommitConfigYaml) {
+        detectFromHaystack(input.preCommitConfigYaml, 'pre-commit', out);
+    }
+    if (input.workflowYamls) {
+        detectFromHaystack(input.workflowYamls, 'github-workflow', out);
+    }
+    if (input.makefile) {
+        detectFromHaystack(input.makefile, 'makefile', out);
+    }
+    if (input.packageJson) {
+        detectScriptsFromPackageJson(input.packageJson, out);
+    }
+    return out;
+}
+function detectFromHaystack(haystack, source, out) {
+    const lower = haystack.toLowerCase();
+    const checks = [
+        {
+            tool: 'lint',
+            pattern: /\b(?:eslint|biome|ruff|flake8|rubocop|golangci-lint|clippy|pylint)\b/i,
+            evidenceFor: ['eslint', 'biome', 'ruff', 'flake8', 'rubocop', 'golangci-lint', 'clippy', 'pylint'],
+        },
+        {
+            tool: 'format',
+            pattern: /\b(?:prettier|biome[\s-]+format|black|gofmt|rustfmt|clang-format)\b/i,
+            evidenceFor: ['prettier', 'biome', 'black', 'gofmt', 'rustfmt', 'clang-format'],
+        },
+        {
+            tool: 'typecheck',
+            pattern: /\b(?:tsc|mypy|sorbet|pyright|flow)\b/i,
+            evidenceFor: ['tsc', 'mypy', 'sorbet', 'pyright', 'flow'],
+        },
+        {
+            tool: 'test',
+            pattern: /\b(?:vitest|jest|pytest|rspec|go test|cargo test|mocha)\b/i,
+            evidenceFor: ['vitest', 'jest', 'pytest', 'rspec', 'go test', 'cargo test', 'mocha'],
+        },
+        {
+            // `tsc` alone (or `tsc --noEmit`) is a typecheck, not a build artifact
+            // step — keep it out of this pattern so a workflow with only
+            // `tsc --noEmit` doesn't fire BOTH `typecheck` and `build`. Real
+            // build steps that do produce artifacts (tsup, esbuild, webpack,
+            // cargo build, go build) stay here.
+            tool: 'build',
+            pattern: /\b(?:tsup|esbuild|webpack|cargo build|go build)\b/i,
+            evidenceFor: ['tsup', 'esbuild', 'webpack', 'cargo build', 'go build'],
+        },
+        {
+            tool: 'commit-format',
+            pattern: /\b(?:commitlint|conventional-commits)\b/i,
+            evidenceFor: ['commitlint', 'conventional-commits'],
+        },
+        {
+            tool: 'security-scan',
+            pattern: /\b(?:codeql|semgrep|trivy|gitleaks|snyk)\b/i,
+            evidenceFor: ['codeql', 'semgrep', 'trivy', 'gitleaks', 'snyk'],
+        },
+    ];
+    for (const c of checks) {
+        if (c.pattern.test(lower)) {
+            const evidence = c.evidenceFor.find((e) => lower.includes(e)) ?? c.tool;
+            out.push({ tool: c.tool, source, evidence });
+        }
+    }
+}
+function detectScriptsFromPackageJson(packageJson, out) {
+    let parsed;
+    try {
+        parsed = JSON.parse(packageJson);
+    }
+    catch {
+        return;
+    }
+    const scripts = parsed.scripts ?? {};
+    const scriptToTool = [
+        { key: /^lint(:|$)/, tool: 'lint' },
+        { key: /^format(:|$)/, tool: 'format' },
+        { key: /^typecheck(:|$)|^tsc(:|$)/, tool: 'typecheck' },
+        { key: /^test(:|$)/, tool: 'test' },
+        { key: /^build(:|$)/, tool: 'build' },
+    ];
+    for (const [name] of Object.entries(scripts)) {
+        for (const m of scriptToTool) {
+            if (m.key.test(name)) {
+                out.push({ tool: m.tool, source: 'package-json', evidence: `scripts.${name}` });
+                break;
+            }
+        }
+    }
+}

package/dist/core/comment-decision.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Post-push comment decision (#1286).
+ *
+ * Centralizes the "should I draft a comment, or does the diff speak
+ * for itself?" rule that was duplicated between
+ * `workflows/pre-commit-review.md` Step 7a and `agents/pr-responder.md`
+ * Step 3.
+ *
+ * Pure typed helper — no LLM, no I/O. Callers do the upstream natural-
+ * language classification (mapping a maintainer comment to a structured
+ * `FeedbackCategory` + flags) and pass in the result. This module owns
+ * the rule that decides skip vs. draft from the structured input.
+ *
+ * Same architectural shape as #1245 (compliance-score), #1242 (repo-vet),
+ * #1243 (strategy), #1252 (pr-quality-rubric), and #1264 (issue-effort /
+ * maintainer-hints).
+ */
+export type FeedbackCategory = 'code_request' | 'question' | 'explanation_request' | 'style_request' | 'design_discussion' | 'approval_with_nit' | 'formatting_complaint';
+export interface FeedbackClassification {
+    category: FeedbackCategory;
+    /**
+     * Whether this individual feedback item, considered in isolation,
+     * requires a drafted comment. Aggregated by `shouldDraftResponse`
+     * across the full feedback list.
+     */
+    needsComment: boolean;
+    /** Short rationale rendered alongside the decision. */
+    reason: string;
+}
+export interface CommentDecisionInput {
+    /**
+     * Pre-classified feedback items in chronological order. The caller
+     * (agent or workflow) is responsible for the natural-language
+     * categorization step; this function only consumes structured input.
+     */
+    feedback: readonly FeedbackClassification[];
+    /**
+     * True when the contributor pushed code that addresses every
+     * feedback item that requested a code change. The agent's diff
+     * inspection determines this; the function trusts the boolean.
+     */
+    allRequestedChangesAddressed: boolean;
+}
+export interface CommentDecisionResult {
+    shouldDraft: boolean;
+    reason: string;
+}
+/**
+ * Decide whether the contributor should draft a comment after a push.
+ *
+ * Rule (sourced verbatim from `workflows/pre-commit-review.md` Step 7a
+ * and `agents/pr-responder.md` "Comment Decision Logic"):
+ *
+ *  - Skip the comment entirely when ALL of these are true:
+ *    1. Every piece of maintainer feedback that requested code changes
+ *       has a corresponding code change.
+ *    2. No question was asked.
+ *    3. Nothing was intentionally left unchanged (a "yes the maintainer
+ *       asked but I did not change it" item always needs explanation).
+ *    4. The diff makes the fix self-evident — modeled here as the
+ *       `allRequestedChangesAddressed` flag the caller passes in.
+ *
+ *  - Draft a comment if ANY of these are true:
+ *    1. The maintainer asked a question.
+ *    2. The feedback is conceptual or design-level (the diff alone
+ *       cannot answer "why").
+ *    3. Something was intentionally left unchanged (`needsComment: true`
+ *       on a code-request item where the contributor disagrees).
+ *    4. Only some of multiple requested changes were addressed.
+ *    5. The contributor deviated from exactly what was asked.
+ */
+export declare function shouldDraftResponse(input: CommentDecisionInput): CommentDecisionResult;

package/dist/core/comment-decision.js

@@ -0,0 +1,74 @@
+/**
+ * Post-push comment decision (#1286).
+ *
+ * Centralizes the "should I draft a comment, or does the diff speak
+ * for itself?" rule that was duplicated between
+ * `workflows/pre-commit-review.md` Step 7a and `agents/pr-responder.md`
+ * Step 3.
+ *
+ * Pure typed helper — no LLM, no I/O. Callers do the upstream natural-
+ * language classification (mapping a maintainer comment to a structured
+ * `FeedbackCategory` + flags) and pass in the result. This module owns
+ * the rule that decides skip vs. draft from the structured input.
+ *
+ * Same architectural shape as #1245 (compliance-score), #1242 (repo-vet),
+ * #1243 (strategy), #1252 (pr-quality-rubric), and #1264 (issue-effort /
+ * maintainer-hints).
+ */
+/**
+ * Decide whether the contributor should draft a comment after a push.
+ *
+ * Rule (sourced verbatim from `workflows/pre-commit-review.md` Step 7a
+ * and `agents/pr-responder.md` "Comment Decision Logic"):
+ *
+ *  - Skip the comment entirely when ALL of these are true:
+ *    1. Every piece of maintainer feedback that requested code changes
+ *       has a corresponding code change.
+ *    2. No question was asked.
+ *    3. Nothing was intentionally left unchanged (a "yes the maintainer
+ *       asked but I did not change it" item always needs explanation).
+ *    4. The diff makes the fix self-evident — modeled here as the
+ *       `allRequestedChangesAddressed` flag the caller passes in.
+ *
+ *  - Draft a comment if ANY of these are true:
+ *    1. The maintainer asked a question.
+ *    2. The feedback is conceptual or design-level (the diff alone
+ *       cannot answer "why").
+ *    3. Something was intentionally left unchanged (`needsComment: true`
+ *       on a code-request item where the contributor disagrees).
+ *    4. Only some of multiple requested changes were addressed.
+ *    5. The contributor deviated from exactly what was asked.
+ */
+export function shouldDraftResponse(input) {
+    if (input.feedback.length === 0) {
+        return { shouldDraft: false, reason: 'no maintainer feedback to address' };
+    }
+    // Categories that always demand a written reply, regardless of the
+    // diff. The diff cannot answer a question or carry a design decision.
+    const alwaysDraftCategories = new Set(['question', 'explanation_request', 'design_discussion']);
+    for (const item of input.feedback) {
+        if (alwaysDraftCategories.has(item.category)) {
+            return {
+                shouldDraft: true,
+                reason: `${item.category.replace(/_/g, ' ')} — diff alone cannot address this`,
+            };
+        }
+    }
+    // Caller flagged at least one item as "I'm intentionally not making
+    // this change" or "I deviated" — needs an explanation either way.
+    const intentionalGap = input.feedback.find((item) => item.needsComment);
+    if (intentionalGap) {
+        return {
+            shouldDraft: true,
+            reason: `requires written explanation: ${intentionalGap.reason}`,
+        };
+    }
+    // Caller signaled the diff covers everything that was requested.
+    if (input.allRequestedChangesAddressed) {
+        return { shouldDraft: false, reason: 'all requested changes are visible in the diff' };
+    }
+    return {
+        shouldDraft: true,
+        reason: 'not all requested changes are visible in the diff yet',
+    };
+}

package/dist/core/compliance-score.d.ts

@@ -0,0 +1,127 @@
+/**
+ * PR compliance scoring (#1245).
+ *
+ * Extracted from `agents/pr-compliance-checker.md`'s in-prompt scoring
+ * tables so the weights, thresholds, and per-check rules are
+ * deterministic, unit-testable, and tunable without editing markdown.
+ * Same architectural shape as success-grade (#858), linked-PR
+ * classifier (#910), and anti-AI scan (#911).
+ *
+ * The function intentionally does not fetch PR data — callers (the MCP
+ * tool, the CLI command, the agent) supply pre-fetched metadata so the
+ * score is reproducible against fixture data and the same input shape
+ * works for both live PRs and historical replay.
+ */
+export type ComplianceCheckStatus = 'pass' | 'warn' | 'fail';
+export interface ComplianceCheckResult {
+    status: ComplianceCheckStatus;
+    weight: number;
+    detail: string;
+}
+export type ComplianceRating = 'ready' | 'minor' | 'fix_first' | 'significant_work';
+/** Emoji surfaced alongside the rating in agent output. */
+export type ComplianceEmoji = '🌟' | '✅' | '⚠️' | '❌';
+export interface ComplianceScoreResult {
+    /** 0–100 weighted score across the six checks. */
+    score: number;
+    rating: ComplianceRating;
+    emoji: ComplianceEmoji;
+    checks: {
+        issueReference: ComplianceCheckResult;
+        description: ComplianceCheckResult;
+        focusedChanges: ComplianceCheckResult;
+        tests: ComplianceCheckResult;
+        title: ComplianceCheckResult;
+        branch: ComplianceCheckResult;
+    };
+}
+/** Minimum PR metadata required to compute a compliance score. */
+export interface PRMetadata {
+    title: string;
+    body: string;
+    branch: string;
+    filesChangedCount: number;
+    additions: number;
+    deletions: number;
+    /**
+     * Filenames touched by the PR. Used by the test-detection check to
+     * decide whether the PR includes a test file.
+     */
+    files: string[];
+}
+/**
+ * Verified state of an issue referenced from a PR body. Populated by
+ * the compliance-score command (which calls the Issues API per
+ * reference) and consumed by `checkIssueReference` to fail loud on
+ * broken links (#1246 Improvement B).
+ */
+export interface LinkedIssueInfo {
+    /** Issue number parsed from the PR body. */
+    number: number;
+    /** Owner/repo where the issue lives — may differ from the PR's repo
+     * when a cross-repo reference like `owner/other#42` is used. */
+    repo: string;
+    /** True when the reference targeted a different repo than the PR. */
+    crossRepo: boolean;
+    /**
+     * Result of the verification API call.
+     *  - `open` / `closed`: confirmed live state.
+     *  - `not_found`: HTTP 404 — the referenced issue does not exist.
+     *  - `unverifiable`: a non-404 failure (rate-limit, 5xx, network).
+     *    The check treats this neutrally rather than as a broken link, so a
+     *    GitHub API hiccup doesn't downgrade a valid PR's compliance score.
+     */
+    state: 'open' | 'closed' | 'not_found' | 'unverifiable';
+    /** Whole days since the issue was closed, when state === 'closed'.
+     * Used to distinguish "recently closed, may still apply" from "long
+     * stale, almost certainly the wrong reference." */
+    closedDaysAgo?: number;
+}
+/**
+ * Optional repo context used to fine-tune individual check thresholds
+ * (#1245). All fields are optional; absent fields use safe defaults that
+ * match the original in-prompt rules.
+ */
+export interface RepoContext {
+    /**
+     * Whether the target repo has any visible test infrastructure
+     * (`test/`, `tests/`, `__tests__/`, `spec/`, etc.). When `false`, the
+     * tests check downgrades from `fail` to `warn` because tests aren't
+     * required by the project.
+     */
+    hasTestInfrastructure?: boolean;
+    /**
+     * Verified state of every issue/PR reference found in the PR body
+     * (#1246 Improvement B). When provided, `checkIssueReference` will
+     * fail-loud on broken or stale references rather than passing on the
+     * regex match alone. Absent / empty array preserves original
+     * regex-only behavior.
+     */
+    linkedIssues?: LinkedIssueInfo[];
+}
+/**
+ * After how many days a closed-issue reference flips from "warn"
+ * (probably still relevant) to "fail" (probably stale). Exported so
+ * callers can document the cutoff (#1246).
+ */
+export declare const CLOSED_ISSUE_RECENT_DAYS = 30;
+/** Title byte budget — Conventional Commits style fits comfortably under 72. */
+export { TITLE_LENGTH_BUDGET } from './pr-quality-rubric.js';
+/** "Focused changes" thresholds. Source of truth lives in pr-quality-rubric.ts. */
+export declare const FOCUSED_CHANGES: {
+    readonly passFiles: 10;
+    readonly passLines: 400;
+    readonly warnFiles: 20;
+    readonly warnLines: 800;
+};
+/** Score → rating cutoffs. */
+export declare const RATING_CUTOFFS: {
+    readonly ready: 90;
+    readonly minor: 75;
+    readonly fixFirst: 60;
+};
+/**
+ * Compute a compliance score from PR metadata, optionally fine-tuned by
+ * repo context (#1245). Pure function — no I/O, no global state.
+ */
+export declare function computeComplianceScore(meta: PRMetadata, repoContext?: RepoContext): ComplianceScoreResult;