@oss-autopilot/core 3.4.1 → 3.5.0

package/dist/core/strategy.js

@@ -0,0 +1,226 @@
+/**
+ * Contribution strategy compute (#1243).
+ *
+ * Extracts the deterministic compute layer from
+ * `agents/contribution-strategist.md` so the categorization,
+ * trajectory detection, and capacity overextension rules are typed,
+ * unit-testable, and consumable both by the agent (synthesis layer)
+ * and a future auto-display in `/oss`.
+ *
+ * Same architectural shape as success-grade (#858), linked-PR
+ * classifier (#910), and compliance-score (#1245). Pure function — no
+ * I/O, no global state, no LLM. The interpretive narrative ("you're
+ * doing X well, here's a growth opportunity") stays in the agent
+ * prompt.
+ */
+/** Minimum tracked PR history before strategy output is meaningful (#1243). */
+export const STRATEGY_MIN_PRS = 10;
+/** How many top-N items each "primary" / "favorite" list returns. */
+const TOP_N = 5;
+/** Days since `mergedAt` after which a PR no longer counts as recent for
+ * the active-now PR-type distribution. 90 days matches the issue's
+ * proposed trajectory window. */
+const RECENT_WINDOW_DAYS = 90;
+/** Match repo from a GitHub URL: `https://github.com/owner/repo/pull/N`. */
+const REPO_FROM_URL = /https:\/\/github\.com\/([^/]+)\/([^/]+)\/(?:issues|pull)\/\d+/i;
+function parseRepo(url) {
+    const m = url.match(REPO_FROM_URL);
+    return m ? `${m[1]}/${m[2]}` : null;
+}
+function classifyTitle(title) {
+    const t = title.trim().toLowerCase();
+    // Match Conventional Commits prefix first; fall back to keyword search
+    // in the title body.
+    const prefix = t.match(/^(feat|fix|docs|refactor|test|perf|chore|build|ci|style|revert)(?:\([^)]+\))?!?:/);
+    const tag = prefix?.[1];
+    if (tag === 'docs')
+        return 'docs';
+    if (tag === 'fix' || tag === 'perf')
+        return 'fixes';
+    if (tag === 'feat')
+        return 'features';
+    if (tag === 'refactor')
+        return 'refactors';
+    if (tag === 'test')
+        return 'tests';
+    // Heuristic fallbacks for non-conventional titles.
+    if (/\b(?:doc|readme|comment|typo)\b/i.test(t))
+        return 'docs';
+    if (/\b(?:fix|bug|crash|regression|broken)\b/i.test(t))
+        return 'fixes';
+    if (/\b(?:add|implement|introduce|support|new)\b/i.test(t))
+        return 'features';
+    if (/\b(?:refactor|cleanup|extract|simplify|rename)\b/i.test(t))
+        return 'refactors';
+    if (/\btest|spec\b/i.test(t))
+        return 'tests';
+    return 'other';
+}
+function topNByCount(counts, n) {
+    return Object.entries(counts)
+        .sort((a, b) => b[1] - a[1] || a[0].localeCompare(b[0]))
+        .slice(0, n)
+        .map(([name]) => name);
+}
+function determineStyle(_totalPRs, primaryLanguages, favoriteRepos) {
+    // `totalPRs` is reserved for future "explorer" classification (low-volume
+    // contributors). Today the function is only reachable from `computeStrategy`
+    // which gates at `merged.length >= STRATEGY_MIN_PRS` (10), so a `totalPRs < 5`
+    // branch could never fire — removed to avoid misleading future readers.
+    // Heavy concentration in 1-2 repos → maintainer; spread across many → generalist.
+    if (favoriteRepos.length === 1)
+        return 'maintainer';
+    if (primaryLanguages.length === 1 && favoriteRepos.length >= 2 && favoriteRepos.length <= 3) {
+        return 'specialist';
+    }
+    if (favoriteRepos.length >= 4)
+        return 'generalist';
+    return 'specialist';
+}
+function determineTrajectory(state) {
+    // Compare the last three months' merged PR counts against the prior
+    // three months. If each window has at least one merge, ratio >1.2 is
+    // growing, <0.8 is declining, otherwise steady.
+    const counts = state.monthlyMergedCounts ?? {};
+    const months = Object.keys(counts).sort();
+    if (months.length < 6)
+        return 'steady';
+    const recent = months.slice(-3).reduce((sum, m) => sum + (counts[m] ?? 0), 0);
+    const prior = months.slice(-6, -3).reduce((sum, m) => sum + (counts[m] ?? 0), 0);
+    if (prior === 0)
+        return recent > 0 ? 'growing' : 'steady';
+    const ratio = recent / prior;
+    if (ratio >= 1.2)
+        return 'growing';
+    if (ratio <= 0.8)
+        return 'declining';
+    return 'steady';
+}
+function recommendForOverExtension(openPRCount, dormantPRCount, overExtended) {
+    if (overExtended)
+        return 'follow_up_dormant';
+    if (dormantPRCount > 0 && openPRCount > 5)
+        return 'wait_on_maintainers';
+    if (openPRCount === 0)
+        return 'open_more';
+    return null;
+}
+/**
+ * Compute the deterministic strategy signal from agent state. Returns
+ * null when state is thinner than {@link STRATEGY_MIN_PRS} merged PRs —
+ * the auto-display surface uses this null sentinel as the
+ * minimum-data gate (#1243).
+ */
+export function computeStrategy(state) {
+    const merged = state.mergedPRs ?? [];
+    const closed = state.closedPRs ?? [];
+    const totalPRs = merged.length + closed.length;
+    if (merged.length < STRATEGY_MIN_PRS)
+        return null;
+    // Per-repo PR counts (merged). Used both for "favorite repos" and to
+    // back-fill primary languages from `repoScores` entries that overlap.
+    const mergedByRepo = {};
+    for (const pr of merged) {
+        const repo = parseRepo(pr.url);
+        if (!repo)
+            continue;
+        mergedByRepo[repo] = (mergedByRepo[repo] ?? 0) + 1;
+    }
+    const favoriteRepos = topNByCount(mergedByRepo, TOP_N);
+    // Languages: weight a repo's language by that repo's merged count so
+    // `vercel/next.js` (TypeScript) counts more than a one-off PR to a
+    // Lua project even if both repos are in `repoScores`.
+    const languageCounts = {};
+    for (const [repo, count] of Object.entries(mergedByRepo)) {
+        const score = state.repoScores[repo];
+        const lang = score?.language;
+        if (!lang)
+            continue;
+        languageCounts[lang] = (languageCounts[lang] ?? 0) + count;
+    }
+    const primaryLanguages = topNByCount(languageCounts, TOP_N);
+    // PR-type distribution over the recent window.
+    const distribution = {
+        docs: 0,
+        fixes: 0,
+        features: 0,
+        refactors: 0,
+        tests: 0,
+        other: 0,
+    };
+    const cutoff = Date.now() - RECENT_WINDOW_DAYS * 86400000;
+    for (const pr of merged) {
+        const mergedAt = Date.parse(pr.mergedAt);
+        if (Number.isNaN(mergedAt) || mergedAt < cutoff)
+            continue;
+        distribution[classifyTitle(pr.title)] += 1;
+    }
+    // Capacity: read from the last digest. When no digest exists yet,
+    // default to zero (the agent has nothing to recommend without a
+    // digest). The DailyDigest schema does not store a `dormantCount`
+    // directly — derive it from the `waitingOnMaintainerPRs` array,
+    // which is the "PR flagged as awaiting maintainer review" bucket
+    // produced by `pr-monitor`.
+    const summary = state.lastDigest?.summary;
+    const openPRCount = summary?.totalActivePRs ?? 0;
+    const waiting = state.lastDigest?.waitingOnMaintainerPRs ?? [];
+    const dormantPRCount = waiting.length;
+    // Overextended: dormant PRs spread across 2+ repos. Same definition
+    // the issue body uses.
+    const dormantRepos = new Set(waiting
+        .map((pr) => (typeof pr.url === 'string' ? parseRepo(pr.url) : null))
+        .filter((r) => r !== null));
+    const overExtended = dormantPRCount >= 2 && dormantRepos.size >= 2;
+    const profile = {
+        style: determineStyle(totalPRs, primaryLanguages, favoriteRepos),
+        totalPRs,
+        mergedCount: merged.length,
+        mergeRate: totalPRs === 0 ? 0 : merged.length / totalPRs,
+        primaryLanguages,
+        favoriteRepos,
+    };
+    const capacity = {
+        openPRCount,
+        dormantPRCount,
+        overExtended,
+        suggestedAction: recommendForOverExtension(openPRCount, dormantPRCount, overExtended),
+    };
+    const patterns = {
+        prTypeDistribution: distribution,
+        trajectoryDirection: determineTrajectory(state),
+        // Without per-PR diff size in StoredMergedPR, a true "average PR
+        // size" lookup is out of scope until that data is captured (#1243
+        // explicitly defers this). Surface 0 so downstream callers know the
+        // signal is unavailable rather than fabricating a value.
+        averagePRSize: 0,
+    };
+    const recommendations = {
+        // The deterministic recommendations layer reuses the profile
+        // signals — the agent's coaching prose layers on top of these.
+        languages: primaryLanguages,
+        repos: favoriteRepos,
+        issueTypes: deriveIssueTypePreferences(distribution),
+        avoidPatterns: deriveAvoidPatterns(capacity, patterns),
+    };
+    return { profile, capacity, patterns, recommendations };
+}
+function deriveIssueTypePreferences(distribution) {
+    // Recommend the user's two strongest PR types — they have a track
+    // record there, so issues in those buckets are higher-yield.
+    const ranked = Object.entries(distribution)
+        .filter(([type]) => type !== 'other')
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 2)
+        .map(([type]) => type);
+    return ranked;
+}
+function deriveAvoidPatterns(capacity, patterns) {
+    const out = [];
+    if (capacity.overExtended) {
+        out.push('opening new PRs while dormant ones await review across multiple repos');
+    }
+    if (patterns.trajectoryDirection === 'declining') {
+        out.push('drifting away from a previously productive cadence — capacity may be saturated');
+    }
+    return out;
+}

package/dist/core/types.d.ts

@@ -207,6 +207,8 @@ interface CommentedIssueBase {
     title: string;
     url: string;
     userLastCommentedAt: string;
+    /** User's most recent comment body, truncated to 200 chars (+ "..." suffix when truncated). #1290 */
+    userLastCommentBody: string;
     labels: string[];
     daysSinceUserComment: number;
 }

package/dist/core/workflow-state.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Workflow-state helpers (#1280).
+ *
+ * Centralizes the read/write logic for `state.workflowState`. Used
+ * by `draft-first-workflow.md`, `work-through-issues.md`, and
+ * `pre-commit-review.md` to record pause points and offer
+ * Resume / Restart / Discard at the next `/oss` invocation.
+ *
+ * Pure functions — callers manage state I/O. Same architectural
+ * shape as the recent #1277 (follow-up-history) helpers.
+ */
+import type { AgentState, WorkflowState } from './state-schema.js';
+export type WorkflowName = WorkflowState['workflowName'];
+/**
+ * Snapshot the user's current workflow position. Returns the
+ * patched state; callers persist via `StateManager.save()` (or the
+ * gist `checkpoint()` path).
+ */
+export declare function recordWorkflowPause(state: AgentState, next: Omit<WorkflowState, 'lastUpdatedAt'>, now?: Date): AgentState;
+/**
+ * Read the current workflow snapshot, or null when no pause is
+ * recorded.
+ */
+export declare function getWorkflowState(state: AgentState): WorkflowState | null;
+/**
+ * Discard the current pause snapshot. Used by:
+ *  - the workflow completing normally,
+ *  - the user picking "Discard and start fresh" at the resume
+ *    prompt,
+ *  - any consumer that detects the snapshot has gone stale (branch
+ *    deleted, repo no longer reachable).
+ */
+export declare function clearWorkflowState(state: AgentState): AgentState;
+/**
+ * Append a step name to `completedSteps` and update `currentStep`
+ * to the supplied next step. Convenience wrapper around the immer-
+ * style read/replace pattern. Returns the patched state.
+ */
+export declare function advanceWorkflowStep(state: AgentState, nextStep: string, now?: Date): AgentState;
+/**
+ * Merge per-step data into `stepData` without overwriting other
+ * keys. Useful when a workflow's resume needs to restore non-trivial
+ * context (skipped compliance items, last review pass count, etc.).
+ */
+export declare function setStepData(state: AgentState, step: string, data: unknown, now?: Date): AgentState;
+/**
+ * Read step data for a specific step, or undefined when none was
+ * stored. Callers typically narrow the unknown via a type guard.
+ */
+export declare function getStepData(state: AgentState, step: string): unknown;
+/**
+ * Whether the recorded pause is on the supplied workflow. Useful
+ * for the router to decide whether to offer Resume vs ignore the
+ * snapshot when the current `/oss` invocation is unrelated.
+ */
+export declare function isPausedIn(state: AgentState, workflowName: WorkflowName): boolean;

package/dist/core/workflow-state.js

@@ -0,0 +1,101 @@
+/**
+ * Workflow-state helpers (#1280).
+ *
+ * Centralizes the read/write logic for `state.workflowState`. Used
+ * by `draft-first-workflow.md`, `work-through-issues.md`, and
+ * `pre-commit-review.md` to record pause points and offer
+ * Resume / Restart / Discard at the next `/oss` invocation.
+ *
+ * Pure functions — callers manage state I/O. Same architectural
+ * shape as the recent #1277 (follow-up-history) helpers.
+ */
+/**
+ * Snapshot the user's current workflow position. Returns the
+ * patched state; callers persist via `StateManager.save()` (or the
+ * gist `checkpoint()` path).
+ */
+export function recordWorkflowPause(state, next, now = new Date()) {
+    const incoming = {
+        ...next,
+        lastUpdatedAt: now.toISOString(),
+    };
+    return { ...state, workflowState: incoming };
+}
+/**
+ * Read the current workflow snapshot, or null when no pause is
+ * recorded.
+ */
+export function getWorkflowState(state) {
+    return state.workflowState ?? null;
+}
+/**
+ * Discard the current pause snapshot. Used by:
+ *  - the workflow completing normally,
+ *  - the user picking "Discard and start fresh" at the resume
+ *    prompt,
+ *  - any consumer that detects the snapshot has gone stale (branch
+ *    deleted, repo no longer reachable).
+ */
+export function clearWorkflowState(state) {
+    if (!state.workflowState)
+        return state;
+    const { workflowState: _drop, ...rest } = state;
+    return rest;
+}
+/**
+ * Append a step name to `completedSteps` and update `currentStep`
+ * to the supplied next step. Convenience wrapper around the immer-
+ * style read/replace pattern. Returns the patched state.
+ */
+export function advanceWorkflowStep(state, nextStep, now = new Date()) {
+    const ws = state.workflowState;
+    if (!ws)
+        return state;
+    if (ws.currentStep === nextStep)
+        return state;
+    const completed = [...ws.completedSteps];
+    if (!completed.includes(ws.currentStep))
+        completed.push(ws.currentStep);
+    return {
+        ...state,
+        workflowState: {
+            ...ws,
+            currentStep: nextStep,
+            completedSteps: completed,
+            lastUpdatedAt: now.toISOString(),
+        },
+    };
+}
+/**
+ * Merge per-step data into `stepData` without overwriting other
+ * keys. Useful when a workflow's resume needs to restore non-trivial
+ * context (skipped compliance items, last review pass count, etc.).
+ */
+export function setStepData(state, step, data, now = new Date()) {
+    const ws = state.workflowState;
+    if (!ws)
+        return state;
+    return {
+        ...state,
+        workflowState: {
+            ...ws,
+            stepData: { ...ws.stepData, [step]: data },
+            lastUpdatedAt: now.toISOString(),
+        },
+    };
+}
+/**
+ * Read step data for a specific step, or undefined when none was
+ * stored. Callers typically narrow the unknown via a type guard.
+ */
+export function getStepData(state, step) {
+    return state.workflowState?.stepData[step];
+}
+/**
+ * Whether the recorded pause is on the supplied workflow. Useful
+ * for the router to decide whether to offer Resume vs ignore the
+ * snapshot when the current `/oss` invocation is unrelated.
+ */
+export function isPausedIn(state, workflowName) {
+    return state.workflowState?.workflowName === workflowName;
+}

package/dist/formatters/json.d.ts

@@ -534,6 +534,134 @@ export declare const PRTemplateOutputSchema: z.ZodObject<{
     source: z.ZodNullable<z.ZodString>;
     error: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
+export declare const RepoVetOutputSchema: z.ZodObject<{
+    repoSlug: z.ZodString;
+    fetchedAt: z.ZodString;
+    repoMeta: z.ZodObject<{
+        stars: z.ZodNumber;
+        forks: z.ZodNumber;
+        openIssues: z.ZodNumber;
+        watchers: z.ZodNumber;
+        isArchived: z.ZodBoolean;
+        lastPushed: z.ZodString;
+        createdAt: z.ZodString;
+    }, z.core.$strip>;
+    prMergeTime: z.ZodObject<{
+        avgDays: z.ZodNullable<z.ZodNumber>;
+        medianDays: z.ZodNullable<z.ZodNumber>;
+        sampleSize: z.ZodNumber;
+        sourceWindowDays: z.ZodLiteral<90>;
+    }, z.core.$strip>;
+    mergeRate: z.ZodObject<{
+        merged: z.ZodNumber;
+        opened: z.ZodNumber;
+        percent: z.ZodNullable<z.ZodNumber>;
+        windowDays: z.ZodLiteral<90>;
+    }, z.core.$strip>;
+    maintainerActivity: z.ZodObject<{
+        lastCommitISO: z.ZodNullable<z.ZodString>;
+        contributorsLast90d: z.ZodNumber;
+        lastReleaseISO: z.ZodNullable<z.ZodString>;
+    }, z.core.$strip>;
+    communityHealth: z.ZodObject<{
+        contributing: z.ZodBoolean;
+        issueTemplates: z.ZodBoolean;
+        prTemplate: z.ZodBoolean;
+        codeOfConduct: z.ZodBoolean;
+        incomplete: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>;
+    rubricScore: z.ZodNumber;
+    rubricVerdict: z.ZodEnum<{
+        recommended: "recommended";
+        proceed_with_caution: "proceed_with_caution";
+        avoid: "avoid";
+    }>;
+}, z.core.$strip>;
+/**
+ * The CLI wrapper renames the core function's `repo` metadata object to
+ * `repoMeta` so the top-level slug doesn't collide with it. The TS type
+ * is derived from the Zod schema so any drift between schema and type
+ * fails at compile time.
+ */
+export type RepoVetOutput = z.infer<typeof RepoVetOutputSchema>;
+export declare const ComplianceScoreOutputSchema: z.ZodObject<{
+    pr: z.ZodObject<{
+        repo: z.ZodString;
+        number: z.ZodNumber;
+        title: z.ZodString;
+        url: z.ZodString;
+    }, z.core.$strip>;
+    score: z.ZodNumber;
+    rating: z.ZodEnum<{
+        ready: "ready";
+        minor: "minor";
+        fix_first: "fix_first";
+        significant_work: "significant_work";
+    }>;
+    emoji: z.ZodEnum<{
+        "\uD83C\uDF1F": "🌟";
+        "\u2705": "✅";
+        "\u26A0\uFE0F": "⚠️";
+        "\u274C": "❌";
+    }>;
+    checks: z.ZodObject<{
+        issueReference: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+        description: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+        focusedChanges: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+        tests: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+        title: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+        branch: z.ZodObject<{
+            status: z.ZodEnum<{
+                fail: "fail";
+                pass: "pass";
+                warn: "warn";
+            }>;
+            weight: z.ZodNumber;
+            detail: z.ZodString;
+        }, z.core.$strip>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type ComplianceScoreOutput = z.infer<typeof ComplianceScoreOutputSchema>;
 export declare const ParseIssueListOutputSchema: z.ZodObject<{
     available: z.ZodArray<z.ZodObject<{
         repo: z.ZodString;
@@ -696,6 +824,25 @@ export interface StartupOutput {
      * a structured signal to surface or recover from the failure.
      */
     dashboardError?: string;
+    /**
+     * Status of the dashboard SPA build that ran (or didn't) before this
+     * startup invocation (#1293). Populated by the workflow shell via
+     * `OSS_DASHBOARD_BUILD_STATUS`; absent when the CLI is invoked outside
+     * the plugin workflow:
+     * - `'fresh'` — built artifact was up-to-date, no rebuild attempted.
+     * - `'rebuilt'` — rebuild ran and succeeded.
+     * - `'failed'` — rebuild ran and failed; `dashboardUrl` may serve stale
+     *    or missing assets until the build is fixed.
+     * - `'missing-pnpm'` — rebuild was needed but pnpm (required for the
+     *    workspace dependency) was unavailable.
+     */
+    dashboardBuildStatus?: 'fresh' | 'rebuilt' | 'failed' | 'missing-pnpm';
+    /**
+     * Last few lines of the dashboard build log when `dashboardBuildStatus`
+     * is `'failed'` or `'missing-pnpm'`. Surfaced by the workflow as a
+     * one-line warning so the user sees what broke without leaving `/oss`.
+     */
+    dashboardBuildErrorTail?: string;
     issueList?: IssueListInfo;
 }
 /**

package/dist/formatters/json.js

@@ -376,6 +376,85 @@ export const PRTemplateOutputSchema = z.object({
     source: z.string().nullable(),
     error: z.string().optional(),
 });
+/**
+ * Output of the `repo-vet` CLI command (#1271, follow-up to #1242).
+ *
+ * Validates the full nested shape so a refactor that drops or
+ * mis-types one of these fields trips `outputJsonValidated` rather
+ * than silently shipping a broken envelope (#1245 contract pattern,
+ * matching `ComplianceScoreOutputSchema` below).
+ */
+const RepoVetMetaSchema = z.object({
+    stars: z.number(),
+    forks: z.number(),
+    openIssues: z.number(),
+    watchers: z.number(),
+    isArchived: z.boolean(),
+    lastPushed: z.string(),
+    createdAt: z.string(),
+});
+export const RepoVetOutputSchema = z.object({
+    repoSlug: z.string(),
+    fetchedAt: z.string(),
+    repoMeta: RepoVetMetaSchema,
+    prMergeTime: z.object({
+        avgDays: z.number().nullable(),
+        medianDays: z.number().nullable(),
+        sampleSize: z.number().int().nonnegative(),
+        sourceWindowDays: z.literal(90),
+    }),
+    mergeRate: z.object({
+        merged: z.number().int().nonnegative(),
+        opened: z.number().int().nonnegative(),
+        percent: z.number().nullable(),
+        windowDays: z.literal(90),
+    }),
+    maintainerActivity: z.object({
+        lastCommitISO: z.string().nullable(),
+        contributorsLast90d: z.number().int().nonnegative(),
+        lastReleaseISO: z.string().nullable(),
+    }),
+    communityHealth: z.object({
+        contributing: z.boolean(),
+        issueTemplates: z.boolean(),
+        prTemplate: z.boolean(),
+        codeOfConduct: z.boolean(),
+        /**
+         * True when at least one community-health probe failed for a non-404
+         * reason (auth, rate-limit, 5xx). The boolean flags above stay
+         * `false` for unprobed paths in that case, so consumers should treat
+         * the false flags as "could not determine" rather than "confirmed
+         * absent" when this is set.
+         */
+        incomplete: z.boolean().optional(),
+    }),
+    rubricScore: z.number(),
+    rubricVerdict: z.enum(['recommended', 'proceed_with_caution', 'avoid']),
+});
+const ComplianceCheckSchema = z.object({
+    status: z.enum(['pass', 'warn', 'fail']),
+    weight: z.number(),
+    detail: z.string(),
+});
+export const ComplianceScoreOutputSchema = z.object({
+    pr: z.object({
+        repo: z.string(),
+        number: z.number().int().nonnegative(),
+        title: z.string(),
+        url: z.string(),
+    }),
+    score: z.number().int().min(0).max(100),
+    rating: z.enum(['ready', 'minor', 'fix_first', 'significant_work']),
+    emoji: z.enum(['🌟', '✅', '⚠️', '❌']),
+    checks: z.object({
+        issueReference: ComplianceCheckSchema,
+        description: ComplianceCheckSchema,
+        focusedChanges: ComplianceCheckSchema,
+        tests: ComplianceCheckSchema,
+        title: ComplianceCheckSchema,
+        branch: ComplianceCheckSchema,
+    }),
+});
 const ParsedIssueItemSchema = z.object({
     repo: z.string(),
     number: z.number(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oss-autopilot/core",
-  "version": "3.4.1",
+  "version": "3.5.0",
   "description": "CLI and core library for managing open source contributions",
   "type": "module",
   "bin": {