@oss-autopilot/core 3.4.1 → 3.6.0

package/dist/core/ci-enforced-tools.d.ts

@@ -0,0 +1,35 @@
+/**
+ * CI-enforced tool detection (#1286).
+ *
+ * Extracted from `workflows/pre-commit-review.md` Steps 2b and 6a so
+ * the same logic isn't reimplemented twice in markdown. Callers
+ * supply pre-fetched config snippets (the workflow runs `cat` /
+ * `head` against the well-known files); this function does the
+ * structured parse.
+ *
+ * Pure typed helper — no I/O.
+ */
+export type CIToolName = 'lint' | 'format' | 'typecheck' | 'test' | 'build' | 'commit-format' | 'security-scan';
+export interface CIEnforcedToolsInput {
+    /** `.pre-commit-config.yaml` contents, or null when the file is missing. */
+    preCommitConfigYaml: string | null;
+    /** Concatenated contents of `.github/workflows/*.yml` (or null when none). */
+    workflowYamls: string | null;
+    /** `Makefile` contents, or null when missing. */
+    makefile: string | null;
+    /** `package.json` contents — used to detect script names. */
+    packageJson: string | null;
+}
+export interface CIEnforcedTool {
+    tool: CIToolName;
+    source: 'pre-commit' | 'github-workflow' | 'makefile' | 'package-json';
+    /** Short snippet that surfaced this tool — useful for explainability. */
+    evidence: string;
+}
+/**
+ * Detect which class of tool each input source enforces. The output
+ * may contain duplicates (e.g., `test` enforced by both pre-commit
+ * and a GitHub workflow); callers can dedupe on `tool` or display
+ * each evidence pair separately.
+ */
+export declare function getCIEnforcedTools(input: CIEnforcedToolsInput): CIEnforcedTool[];

package/dist/core/ci-enforced-tools.js

@@ -0,0 +1,109 @@
+/**
+ * CI-enforced tool detection (#1286).
+ *
+ * Extracted from `workflows/pre-commit-review.md` Steps 2b and 6a so
+ * the same logic isn't reimplemented twice in markdown. Callers
+ * supply pre-fetched config snippets (the workflow runs `cat` /
+ * `head` against the well-known files); this function does the
+ * structured parse.
+ *
+ * Pure typed helper — no I/O.
+ */
+/**
+ * Detect which class of tool each input source enforces. The output
+ * may contain duplicates (e.g., `test` enforced by both pre-commit
+ * and a GitHub workflow); callers can dedupe on `tool` or display
+ * each evidence pair separately.
+ */
+export function getCIEnforcedTools(input) {
+    const out = [];
+    if (input.preCommitConfigYaml) {
+        detectFromHaystack(input.preCommitConfigYaml, 'pre-commit', out);
+    }
+    if (input.workflowYamls) {
+        detectFromHaystack(input.workflowYamls, 'github-workflow', out);
+    }
+    if (input.makefile) {
+        detectFromHaystack(input.makefile, 'makefile', out);
+    }
+    if (input.packageJson) {
+        detectScriptsFromPackageJson(input.packageJson, out);
+    }
+    return out;
+}
+function detectFromHaystack(haystack, source, out) {
+    const lower = haystack.toLowerCase();
+    const checks = [
+        {
+            tool: 'lint',
+            pattern: /\b(?:eslint|biome|ruff|flake8|rubocop|golangci-lint|clippy|pylint)\b/i,
+            evidenceFor: ['eslint', 'biome', 'ruff', 'flake8', 'rubocop', 'golangci-lint', 'clippy', 'pylint'],
+        },
+        {
+            tool: 'format',
+            pattern: /\b(?:prettier|biome[\s-]+format|black|gofmt|rustfmt|clang-format)\b/i,
+            evidenceFor: ['prettier', 'biome', 'black', 'gofmt', 'rustfmt', 'clang-format'],
+        },
+        {
+            tool: 'typecheck',
+            pattern: /\b(?:tsc|mypy|sorbet|pyright|flow)\b/i,
+            evidenceFor: ['tsc', 'mypy', 'sorbet', 'pyright', 'flow'],
+        },
+        {
+            tool: 'test',
+            pattern: /\b(?:vitest|jest|pytest|rspec|go test|cargo test|mocha)\b/i,
+            evidenceFor: ['vitest', 'jest', 'pytest', 'rspec', 'go test', 'cargo test', 'mocha'],
+        },
+        {
+            // `tsc` alone (or `tsc --noEmit`) is a typecheck, not a build artifact
+            // step — keep it out of this pattern so a workflow with only
+            // `tsc --noEmit` doesn't fire BOTH `typecheck` and `build`. Real
+            // build steps that do produce artifacts (tsup, esbuild, webpack,
+            // cargo build, go build) stay here.
+            tool: 'build',
+            pattern: /\b(?:tsup|esbuild|webpack|cargo build|go build)\b/i,
+            evidenceFor: ['tsup', 'esbuild', 'webpack', 'cargo build', 'go build'],
+        },
+        {
+            tool: 'commit-format',
+            pattern: /\b(?:commitlint|conventional-commits)\b/i,
+            evidenceFor: ['commitlint', 'conventional-commits'],
+        },
+        {
+            tool: 'security-scan',
+            pattern: /\b(?:codeql|semgrep|trivy|gitleaks|snyk)\b/i,
+            evidenceFor: ['codeql', 'semgrep', 'trivy', 'gitleaks', 'snyk'],
+        },
+    ];
+    for (const c of checks) {
+        if (c.pattern.test(lower)) {
+            const evidence = c.evidenceFor.find((e) => lower.includes(e)) ?? c.tool;
+            out.push({ tool: c.tool, source, evidence });
+        }
+    }
+}
+function detectScriptsFromPackageJson(packageJson, out) {
+    let parsed;
+    try {
+        parsed = JSON.parse(packageJson);
+    }
+    catch {
+        return;
+    }
+    const scripts = parsed.scripts ?? {};
+    const scriptToTool = [
+        { key: /^lint(:|$)/, tool: 'lint' },
+        { key: /^format(:|$)/, tool: 'format' },
+        { key: /^typecheck(:|$)|^tsc(:|$)/, tool: 'typecheck' },
+        { key: /^test(:|$)/, tool: 'test' },
+        { key: /^build(:|$)/, tool: 'build' },
+    ];
+    for (const [name] of Object.entries(scripts)) {
+        for (const m of scriptToTool) {
+            if (m.key.test(name)) {
+                out.push({ tool: m.tool, source: 'package-json', evidence: `scripts.${name}` });
+                break;
+            }
+        }
+    }
+}

package/dist/core/comment-decision.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Post-push comment decision (#1286).
+ *
+ * Centralizes the "should I draft a comment, or does the diff speak
+ * for itself?" rule that was duplicated between
+ * `workflows/pre-commit-review.md` Step 7a and `agents/pr-responder.md`
+ * Step 3.
+ *
+ * Pure typed helper — no LLM, no I/O. Callers do the upstream natural-
+ * language classification (mapping a maintainer comment to a structured
+ * `FeedbackCategory` + flags) and pass in the result. This module owns
+ * the rule that decides skip vs. draft from the structured input.
+ *
+ * Same architectural shape as #1245 (compliance-score), #1242 (repo-vet),
+ * #1243 (strategy), #1252 (pr-quality-rubric), and #1264 (issue-effort /
+ * maintainer-hints).
+ */
+export type FeedbackCategory = 'code_request' | 'question' | 'explanation_request' | 'style_request' | 'design_discussion' | 'approval_with_nit' | 'formatting_complaint';
+export interface FeedbackClassification {
+    category: FeedbackCategory;
+    /**
+     * Whether this individual feedback item, considered in isolation,
+     * requires a drafted comment. Aggregated by `shouldDraftResponse`
+     * across the full feedback list.
+     */
+    needsComment: boolean;
+    /** Short rationale rendered alongside the decision. */
+    reason: string;
+}
+export interface CommentDecisionInput {
+    /**
+     * Pre-classified feedback items in chronological order. The caller
+     * (agent or workflow) is responsible for the natural-language
+     * categorization step; this function only consumes structured input.
+     */
+    feedback: readonly FeedbackClassification[];
+    /**
+     * True when the contributor pushed code that addresses every
+     * feedback item that requested a code change. The agent's diff
+     * inspection determines this; the function trusts the boolean.
+     */
+    allRequestedChangesAddressed: boolean;
+}
+export interface CommentDecisionResult {
+    shouldDraft: boolean;
+    reason: string;
+}
+/**
+ * Decide whether the contributor should draft a comment after a push.
+ *
+ * Rule (sourced verbatim from `workflows/pre-commit-review.md` Step 7a
+ * and `agents/pr-responder.md` "Comment Decision Logic"):
+ *
+ *  - Skip the comment entirely when ALL of these are true:
+ *    1. Every piece of maintainer feedback that requested code changes
+ *       has a corresponding code change.
+ *    2. No question was asked.
+ *    3. Nothing was intentionally left unchanged (a "yes the maintainer
+ *       asked but I did not change it" item always needs explanation).
+ *    4. The diff makes the fix self-evident — modeled here as the
+ *       `allRequestedChangesAddressed` flag the caller passes in.
+ *
+ *  - Draft a comment if ANY of these are true:
+ *    1. The maintainer asked a question.
+ *    2. The feedback is conceptual or design-level (the diff alone
+ *       cannot answer "why").
+ *    3. Something was intentionally left unchanged (`needsComment: true`
+ *       on a code-request item where the contributor disagrees).
+ *    4. Only some of multiple requested changes were addressed.
+ *    5. The contributor deviated from exactly what was asked.
+ */
+export declare function shouldDraftResponse(input: CommentDecisionInput): CommentDecisionResult;

package/dist/core/comment-decision.js

@@ -0,0 +1,74 @@
+/**
+ * Post-push comment decision (#1286).
+ *
+ * Centralizes the "should I draft a comment, or does the diff speak
+ * for itself?" rule that was duplicated between
+ * `workflows/pre-commit-review.md` Step 7a and `agents/pr-responder.md`
+ * Step 3.
+ *
+ * Pure typed helper — no LLM, no I/O. Callers do the upstream natural-
+ * language classification (mapping a maintainer comment to a structured
+ * `FeedbackCategory` + flags) and pass in the result. This module owns
+ * the rule that decides skip vs. draft from the structured input.
+ *
+ * Same architectural shape as #1245 (compliance-score), #1242 (repo-vet),
+ * #1243 (strategy), #1252 (pr-quality-rubric), and #1264 (issue-effort /
+ * maintainer-hints).
+ */
+/**
+ * Decide whether the contributor should draft a comment after a push.
+ *
+ * Rule (sourced verbatim from `workflows/pre-commit-review.md` Step 7a
+ * and `agents/pr-responder.md` "Comment Decision Logic"):
+ *
+ *  - Skip the comment entirely when ALL of these are true:
+ *    1. Every piece of maintainer feedback that requested code changes
+ *       has a corresponding code change.
+ *    2. No question was asked.
+ *    3. Nothing was intentionally left unchanged (a "yes the maintainer
+ *       asked but I did not change it" item always needs explanation).
+ *    4. The diff makes the fix self-evident — modeled here as the
+ *       `allRequestedChangesAddressed` flag the caller passes in.
+ *
+ *  - Draft a comment if ANY of these are true:
+ *    1. The maintainer asked a question.
+ *    2. The feedback is conceptual or design-level (the diff alone
+ *       cannot answer "why").
+ *    3. Something was intentionally left unchanged (`needsComment: true`
+ *       on a code-request item where the contributor disagrees).
+ *    4. Only some of multiple requested changes were addressed.
+ *    5. The contributor deviated from exactly what was asked.
+ */
+export function shouldDraftResponse(input) {
+    if (input.feedback.length === 0) {
+        return { shouldDraft: false, reason: 'no maintainer feedback to address' };
+    }
+    // Categories that always demand a written reply, regardless of the
+    // diff. The diff cannot answer a question or carry a design decision.
+    const alwaysDraftCategories = new Set(['question', 'explanation_request', 'design_discussion']);
+    for (const item of input.feedback) {
+        if (alwaysDraftCategories.has(item.category)) {
+            return {
+                shouldDraft: true,
+                reason: `${item.category.replace(/_/g, ' ')} — diff alone cannot address this`,
+            };
+        }
+    }
+    // Caller flagged at least one item as "I'm intentionally not making
+    // this change" or "I deviated" — needs an explanation either way.
+    const intentionalGap = input.feedback.find((item) => item.needsComment);
+    if (intentionalGap) {
+        return {
+            shouldDraft: true,
+            reason: `requires written explanation: ${intentionalGap.reason}`,
+        };
+    }
+    // Caller signaled the diff covers everything that was requested.
+    if (input.allRequestedChangesAddressed) {
+        return { shouldDraft: false, reason: 'all requested changes are visible in the diff' };
+    }
+    return {
+        shouldDraft: true,
+        reason: 'not all requested changes are visible in the diff yet',
+    };
+}

package/dist/core/compliance-score.d.ts

@@ -0,0 +1,127 @@
+/**
+ * PR compliance scoring (#1245).
+ *
+ * Extracted from `agents/pr-compliance-checker.md`'s in-prompt scoring
+ * tables so the weights, thresholds, and per-check rules are
+ * deterministic, unit-testable, and tunable without editing markdown.
+ * Same architectural shape as success-grade (#858), linked-PR
+ * classifier (#910), and anti-AI scan (#911).
+ *
+ * The function intentionally does not fetch PR data — callers (the MCP
+ * tool, the CLI command, the agent) supply pre-fetched metadata so the
+ * score is reproducible against fixture data and the same input shape
+ * works for both live PRs and historical replay.
+ */
+export type ComplianceCheckStatus = 'pass' | 'warn' | 'fail';
+export interface ComplianceCheckResult {
+    status: ComplianceCheckStatus;
+    weight: number;
+    detail: string;
+}
+export type ComplianceRating = 'ready' | 'minor' | 'fix_first' | 'significant_work';
+/** Emoji surfaced alongside the rating in agent output. */
+export type ComplianceEmoji = '🌟' | '✅' | '⚠️' | '❌';
+export interface ComplianceScoreResult {
+    /** 0–100 weighted score across the six checks. */
+    score: number;
+    rating: ComplianceRating;
+    emoji: ComplianceEmoji;
+    checks: {
+        issueReference: ComplianceCheckResult;
+        description: ComplianceCheckResult;
+        focusedChanges: ComplianceCheckResult;
+        tests: ComplianceCheckResult;
+        title: ComplianceCheckResult;
+        branch: ComplianceCheckResult;
+    };
+}
+/** Minimum PR metadata required to compute a compliance score. */
+export interface PRMetadata {
+    title: string;
+    body: string;
+    branch: string;
+    filesChangedCount: number;
+    additions: number;
+    deletions: number;
+    /**
+     * Filenames touched by the PR. Used by the test-detection check to
+     * decide whether the PR includes a test file.
+     */
+    files: string[];
+}
+/**
+ * Verified state of an issue referenced from a PR body. Populated by
+ * the compliance-score command (which calls the Issues API per
+ * reference) and consumed by `checkIssueReference` to fail loud on
+ * broken links (#1246 Improvement B).
+ */
+export interface LinkedIssueInfo {
+    /** Issue number parsed from the PR body. */
+    number: number;
+    /** Owner/repo where the issue lives — may differ from the PR's repo
+     * when a cross-repo reference like `owner/other#42` is used. */
+    repo: string;
+    /** True when the reference targeted a different repo than the PR. */
+    crossRepo: boolean;
+    /**
+     * Result of the verification API call.
+     *  - `open` / `closed`: confirmed live state.
+     *  - `not_found`: HTTP 404 — the referenced issue does not exist.
+     *  - `unverifiable`: a non-404 failure (rate-limit, 5xx, network).
+     *    The check treats this neutrally rather than as a broken link, so a
+     *    GitHub API hiccup doesn't downgrade a valid PR's compliance score.
+     */
+    state: 'open' | 'closed' | 'not_found' | 'unverifiable';
+    /** Whole days since the issue was closed, when state === 'closed'.
+     * Used to distinguish "recently closed, may still apply" from "long
+     * stale, almost certainly the wrong reference." */
+    closedDaysAgo?: number;
+}
+/**
+ * Optional repo context used to fine-tune individual check thresholds
+ * (#1245). All fields are optional; absent fields use safe defaults that
+ * match the original in-prompt rules.
+ */
+export interface RepoContext {
+    /**
+     * Whether the target repo has any visible test infrastructure
+     * (`test/`, `tests/`, `__tests__/`, `spec/`, etc.). When `false`, the
+     * tests check downgrades from `fail` to `warn` because tests aren't
+     * required by the project.
+     */
+    hasTestInfrastructure?: boolean;
+    /**
+     * Verified state of every issue/PR reference found in the PR body
+     * (#1246 Improvement B). When provided, `checkIssueReference` will
+     * fail-loud on broken or stale references rather than passing on the
+     * regex match alone. Absent / empty array preserves original
+     * regex-only behavior.
+     */
+    linkedIssues?: LinkedIssueInfo[];
+}
+/**
+ * After how many days a closed-issue reference flips from "warn"
+ * (probably still relevant) to "fail" (probably stale). Exported so
+ * callers can document the cutoff (#1246).
+ */
+export declare const CLOSED_ISSUE_RECENT_DAYS = 30;
+/** Title byte budget — Conventional Commits style fits comfortably under 72. */
+export { TITLE_LENGTH_BUDGET } from './pr-quality-rubric.js';
+/** "Focused changes" thresholds. Source of truth lives in pr-quality-rubric.ts. */
+export declare const FOCUSED_CHANGES: {
+    readonly passFiles: 10;
+    readonly passLines: 400;
+    readonly warnFiles: 20;
+    readonly warnLines: 800;
+};
+/** Score → rating cutoffs. */
+export declare const RATING_CUTOFFS: {
+    readonly ready: 90;
+    readonly minor: 75;
+    readonly fixFirst: 60;
+};
+/**
+ * Compute a compliance score from PR metadata, optionally fine-tuned by
+ * repo context (#1245). Pure function — no I/O, no global state.
+ */
+export declare function computeComplianceScore(meta: PRMetadata, repoContext?: RepoContext): ComplianceScoreResult;