@oss-scout/core 0.5.0 → 0.7.0

package/dist/core/anti-llm-policy.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Anti-LLM Policy — scans repo policy docs (CONTRIBUTING.md, CODE_OF_CONDUCT.md,
+ * README.md) for keywords that signal an anti-AI / anti-LLM contribution policy
+ * (e.g. "no AI-generated code", "human-authored only", "no Copilot contributions").
+ *
+ * The keyword table lives here as a single source of truth so consumers
+ * can rely on a structured `AntiLLMPolicyResult` rather than re-implementing
+ * the scan in agent prose.
+ */
+import { Octokit } from "@octokit/rest";
+import type { AntiLLMPolicyResult } from "./types.js";
+/**
+ * Conservative anti-LLM keyword phrases. Each entry is a lowercase substring
+ * that — when present in policy text — is a strong signal of an anti-AI policy.
+ * Phrases are deliberately narrow to avoid flagging "we use Copilot internally"
+ * style mentions; the table can grow as new patterns are observed.
+ */
+export declare const ANTI_LLM_KEYWORDS: readonly string[];
+/**
+ * Pure scan: does this text contain any anti-LLM keyword?
+ * Case-insensitive; returns the matched keywords (deduped, in table order).
+ */
+export declare function scanForAntiLLMPolicy(text: string): {
+    matched: boolean;
+    matchedKeywords: string[];
+};
+/**
+ * Optional caller hints to avoid duplicate fetches.
+ *
+ * `contributingText`:
+ *   - `string` — caller already fetched CONTRIBUTING; scan this text directly.
+ *   - `null`   — caller fetched and CONTRIBUTING is known absent; skip the family.
+ *   - `undefined` (omitted) — fetch as normal.
+ *
+ * Note: the per-repo result cache (1-hour TTL) is consulted before this hint.
+ * On a cache hit the cached result wins regardless of what is passed here.
+ */
+export interface AntiLLMPolicyOptions {
+    contributingText?: string | null;
+}
+/**
+ * Fetch CONTRIBUTING/CODE_OF_CONDUCT/README in priority order and return the
+ * first family whose text matches an anti-LLM keyword. Returns
+ * `{matched: false, matchedKeywords: [], sourceFile: null}` when no source
+ * file matches. Cached per-repo for POLICY_SCAN_CACHE_TTL_MS.
+ *
+ * Sequential by design: if CONTRIBUTING throws auth/rate-limit, we want to
+ * short-circuit rather than burn API budget on COC + README probes.
+ */
+export declare function fetchAndScanAntiLLMPolicy(octokit: Octokit, owner: string, repo: string, options?: AntiLLMPolicyOptions): Promise<AntiLLMPolicyResult>;

package/dist/core/anti-llm-policy.js

@@ -0,0 +1,207 @@
+/**
+ * Anti-LLM Policy — scans repo policy docs (CONTRIBUTING.md, CODE_OF_CONDUCT.md,
+ * README.md) for keywords that signal an anti-AI / anti-LLM contribution policy
+ * (e.g. "no AI-generated code", "human-authored only", "no Copilot contributions").
+ *
+ * The keyword table lives here as a single source of truth so consumers
+ * can rely on a structured `AntiLLMPolicyResult` rather than re-implementing
+ * the scan in agent prose.
+ */
+import { errorMessage, getHttpStatusCode, isRateLimitError } from "./errors.js";
+import { warn } from "./logger.js";
+import { getHttpCache } from "./http-cache.js";
+const MODULE = "anti-llm-policy";
+/** TTL for cached anti-LLM policy scan results (1 hour). Policy docs change rarely. */
+const POLICY_SCAN_CACHE_TTL_MS = 60 * 60 * 1000;
+/**
+ * Conservative anti-LLM keyword phrases. Each entry is a lowercase substring
+ * that — when present in policy text — is a strong signal of an anti-AI policy.
+ * Phrases are deliberately narrow to avoid flagging "we use Copilot internally"
+ * style mentions; the table can grow as new patterns are observed.
+ */
+export const ANTI_LLM_KEYWORDS = [
+    "no ai-generated",
+    "no ai generated",
+    "no ai-assisted",
+    "no ai assisted",
+    "no llm-generated",
+    "no llm generated",
+    "no copilot-generated",
+    "no chatgpt-generated",
+    "human-authored only",
+    "human authored only",
+    "human-written only",
+    "human written only",
+    "ai-free contributions",
+    "llm-free contributions",
+    "ai-generated code is not allowed",
+    "ai-generated code will not be accepted",
+    "do not submit ai-generated",
+    "do not submit llm-generated",
+    "do not use ai to",
+    "do not use llms",
+    "do not use copilot",
+    "do not use chatgpt",
+    "without ai assistance",
+    "without llm assistance",
+    "no use of generative ai",
+    "ban on ai-generated",
+    "prohibit ai-generated",
+    "prohibits ai-generated",
+];
+/**
+ * Pure scan: does this text contain any anti-LLM keyword?
+ * Case-insensitive; returns the matched keywords (deduped, in table order).
+ */
+export function scanForAntiLLMPolicy(text) {
+    if (!text)
+        return { matched: false, matchedKeywords: [] };
+    const haystack = text.toLowerCase();
+    const matchedKeywords = ANTI_LLM_KEYWORDS.filter((kw) => haystack.includes(kw));
+    return { matched: matchedKeywords.length > 0, matchedKeywords };
+}
+/** Source-file probe families, in priority order. First match wins. */
+const SOURCE_FILE_FAMILIES = [
+    {
+        canonical: "CONTRIBUTING.md",
+        paths: [
+            "CONTRIBUTING.md",
+            ".github/CONTRIBUTING.md",
+            "docs/CONTRIBUTING.md",
+            "contributing.md",
+        ],
+    },
+    {
+        canonical: "CODE_OF_CONDUCT.md",
+        paths: [
+            "CODE_OF_CONDUCT.md",
+            ".github/CODE_OF_CONDUCT.md",
+            "docs/CODE_OF_CONDUCT.md",
+            "code_of_conduct.md",
+        ],
+    },
+    {
+        canonical: "README.md",
+        paths: ["README.md", "readme.md", "Readme.md"],
+    },
+];
+/**
+ * Fetch one path's raw text content. The `transient` flag distinguishes a
+ * clean miss (404 — file absent) from a degraded miss (5xx, network) so the
+ * caller can decide whether to cache "no policy" or retry. Throws on
+ * 401/auth and rate-limit per documented project error strategy.
+ */
+async function fetchFileText(octokit, owner, repo, path) {
+    try {
+        const { data } = await octokit.repos.getContent({ owner, repo, path });
+        if ("content" in data && typeof data.content === "string") {
+            return {
+                text: Buffer.from(data.content, "base64").toString("utf-8"),
+                transient: false,
+            };
+        }
+        return { text: null, transient: false };
+    }
+    catch (error) {
+        const status = getHttpStatusCode(error);
+        if (status === 404)
+            return { text: null, transient: false };
+        if (status === 401 || isRateLimitError(error))
+            throw error;
+        warn(MODULE, `Unexpected error fetching ${path} from ${owner}/${repo}: ${errorMessage(error)}`);
+        return { text: null, transient: true };
+    }
+}
+/**
+ * Fetch the first available file from a family. Probes are issued in parallel,
+ * but auth/rate-limit rejections re-throw so the IssueVetter's existing
+ * rate-limit handling kicks in instead of silently caching a wrong answer.
+ */
+async function fetchFamilyText(octokit, owner, repo, paths) {
+    const results = await Promise.allSettled(paths.map((p) => fetchFileText(octokit, owner, repo, p)));
+    let hadTransientFailure = false;
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            if (result.value.transient)
+                hadTransientFailure = true;
+            if (result.value.text)
+                return { text: result.value.text, hadTransientFailure };
+        }
+        else {
+            // Re-throw so vetIssuesParallel's isRateLimitError classifier sees it.
+            if (isRateLimitError(result.reason) ||
+                getHttpStatusCode(result.reason) === 401) {
+                throw result.reason;
+            }
+            hadTransientFailure = true;
+        }
+    }
+    return { text: null, hadTransientFailure };
+}
+/** Cached value passes runtime shape checks for AntiLLMPolicyResult. */
+function isAntiLLMPolicyResult(value) {
+    if (!value || typeof value !== "object")
+        return false;
+    const v = value;
+    if (typeof v.matched !== "boolean")
+        return false;
+    if (!Array.isArray(v.matchedKeywords))
+        return false;
+    if (v.sourceFile !== null && typeof v.sourceFile !== "string")
+        return false;
+    return true;
+}
+/**
+ * Fetch CONTRIBUTING/CODE_OF_CONDUCT/README in priority order and return the
+ * first family whose text matches an anti-LLM keyword. Returns
+ * `{matched: false, matchedKeywords: [], sourceFile: null}` when no source
+ * file matches. Cached per-repo for POLICY_SCAN_CACHE_TTL_MS.
+ *
+ * Sequential by design: if CONTRIBUTING throws auth/rate-limit, we want to
+ * short-circuit rather than burn API budget on COC + README probes.
+ */
+export async function fetchAndScanAntiLLMPolicy(octokit, owner, repo, options) {
+    const cache = getHttpCache();
+    const cacheKey = `anti-llm-policy:${owner}/${repo}`;
+    const cached = cache.getIfFresh(cacheKey, POLICY_SCAN_CACHE_TTL_MS);
+    if (isAntiLLMPolicyResult(cached))
+        return cached;
+    let anyTransientFailure = false;
+    for (const family of SOURCE_FILE_FAMILIES) {
+        let text;
+        let hadTransientFailure = false;
+        if (family.canonical === "CONTRIBUTING.md" &&
+            options?.contributingText !== undefined) {
+            // Use caller-provided text. null = known absent, string = use directly.
+            text = options.contributingText;
+        }
+        else {
+            ({ text, hadTransientFailure } = await fetchFamilyText(octokit, owner, repo, family.paths));
+        }
+        if (hadTransientFailure)
+            anyTransientFailure = true;
+        if (!text)
+            continue;
+        const { matched, matchedKeywords } = scanForAntiLLMPolicy(text);
+        if (matched) {
+            const result = {
+                matched: true,
+                matchedKeywords,
+                sourceFile: family.canonical,
+            };
+            cache.set(cacheKey, "", result);
+            return result;
+        }
+    }
+    const noMatch = {
+        matched: false,
+        matchedKeywords: [],
+        sourceFile: null,
+    };
+    // Skip the cache write when probes failed transiently — otherwise a
+    // single 5xx pin "no policy" for an hour for a repo that may actually have one.
+    if (!anyTransientFailure) {
+        cache.set(cacheKey, "", noMatch);
+    }
+    return noMatch;
+}

package/dist/core/issue-eligibility.d.ts

@@ -6,13 +6,17 @@
  * Extracted from issue-vetting.ts to isolate eligibility logic.
  */
 import { Octokit } from "@octokit/rest";
-import type { CheckResult } from "./types.js";
+import type { CheckResult, LinkedPR } from "./types.js";
+/** Result of the existing-PR check, including metadata for the first linked PR (if any). */
+export interface ExistingPRCheckResult extends CheckResult {
+    linkedPR: LinkedPR | null;
+}
 /**
  * Check whether an open PR already exists for the given issue.
  * Uses the timeline API (REST) to detect cross-referenced PRs, avoiding
  * the Search API's strict 30 req/min rate limit.
  */
-export declare function checkNoExistingPR(octokit: Octokit, owner: string, repo: string, issueNumber: number): Promise<CheckResult>;
+export declare function checkNoExistingPR(octokit: Octokit, owner: string, repo: string, issueNumber: number): Promise<ExistingPRCheckResult>;
 /**
  * Check how many merged PRs the authenticated user has in a repo.
  * Uses GitHub Search API. Returns 0 on error (non-fatal).

package/dist/core/issue-eligibility.js

@@ -6,10 +6,44 @@
  * Extracted from issue-vetting.ts to isolate eligibility logic.
  */
 import { paginateAll } from "./pagination.js";
-import { errorMessage } from "./errors.js";
+import { errorMessage, getHttpStatusCode, isRateLimitError } from "./errors.js";
 import { warn } from "./logger.js";
 import { getHttpCache } from "./http-cache.js";
 import { getSearchBudgetTracker } from "./search-budget.js";
+function isLinkedPREvent(e) {
+    return e.event === "cross-referenced" && !!e.source?.issue?.pull_request;
+}
+/**
+ * Build a LinkedPR from a cross-referenced timeline event's source.issue.
+ * Returns null if required fields are missing — and warns, because callers
+ * only invoke this after asserting the event is a linked-PR event, so a
+ * null return signals API shape drift, not absent data.
+ */
+function buildLinkedPRFromTimelineEvent(e, context) {
+    const issue = e.source?.issue;
+    const ctx = `${context.owner}/${context.repo}#${context.issueNumber}`;
+    if (!issue || typeof issue.number !== "number") {
+        warn(MODULE, `Cross-referenced timeline event for ${ctx} missing source.issue.number — possible API shape drift`);
+        return null;
+    }
+    const author = issue.user?.login;
+    if (!author) {
+        warn(MODULE, `Cross-referenced PR #${issue.number} for ${ctx} has no user.login (deleted user?) — skipping linkedPR metadata`);
+        return null;
+    }
+    const url = issue.html_url;
+    if (!url) {
+        warn(MODULE, `Cross-referenced PR #${issue.number} for ${ctx} missing html_url — skipping linkedPR metadata`);
+        return null;
+    }
+    return {
+        number: issue.number,
+        author,
+        state: issue.state === "closed" ? "closed" : "open",
+        merged: !!issue.pull_request?.merged_at,
+        url,
+    };
+}
 const MODULE = "issue-eligibility";
 /** Phrases that indicate someone has already claimed an issue. */
 const CLAIM_PHRASES = [
@@ -48,16 +82,31 @@ export async function checkNoExistingPR(octokit, owner, repo, issueNumber) {
             per_page: 100,
             page,
         }));
-        const linkedPRs = timeline.filter((event) => {
+        // Single pass: count linked-PR events and capture metadata for the
+        // first valid one, so consumers can classify (own vs. competing,
+        // open vs. closed-unmerged) without a separate fetch.
+        let linkedPRCount = 0;
+        let linkedPR = null;
+        for (const event of timeline) {
             const e = event;
-            return e.event === "cross-referenced" && e.source?.issue?.pull_request;
-        });
-        return { passed: linkedPRs.length === 0 };
+            if (!isLinkedPREvent(e))
+                continue;
+            linkedPRCount++;
+            linkedPR ??= buildLinkedPRFromTimelineEvent(e, {
+                owner,
+                repo,
+                issueNumber,
+            });
+        }
+        return { passed: linkedPRCount === 0, linkedPR };
     }
     catch (error) {
+        if (getHttpStatusCode(error) === 401 || isRateLimitError(error)) {
+            throw error;
+        }
         const errMsg = errorMessage(error);
         warn(MODULE, `Failed to check for existing PRs on ${owner}/${repo}#${issueNumber}: ${errMsg}. Assuming no existing PR.`);
-        return { passed: true, inconclusive: true, reason: errMsg };
+        return { passed: true, inconclusive: true, reason: errMsg, linkedPR: null };
     }
 }
 /** TTL for cached merged-PR counts per repo (15 minutes). */
@@ -97,6 +146,9 @@ export async function checkUserMergedPRsInRepo(octokit, owner, repo) {
         }
     }
     catch (error) {
+        if (getHttpStatusCode(error) === 401 || isRateLimitError(error)) {
+            throw error;
+        }
         const errMsg = errorMessage(error);
         warn(MODULE, `Could not check merged PRs in ${owner}/${repo}: ${errMsg}. Defaulting to 0.`);
         return 0; // Not cached — next call will retry
@@ -128,6 +180,9 @@ export async function checkNotClaimed(octokit, owner, repo, issueNumber, comment
         return { passed: true };
     }
     catch (error) {
+        if (getHttpStatusCode(error) === 401 || isRateLimitError(error)) {
+            throw error;
+        }
         const errMsg = errorMessage(error);
         warn(MODULE, `Failed to check claim status on ${owner}/${repo}#${issueNumber}: ${errMsg}. Assuming not claimed.`);
         return { passed: true, inconclusive: true, reason: errMsg };

package/dist/core/issue-vetting.d.ts

@@ -23,6 +23,15 @@ export interface ScoutStateReader {
     getProjectCategories(): ProjectCategory[];
     /** Numeric quality score for a repo, or null if not evaluated. */
     getRepoScore(repo: string): number | null;
+    /**
+     * SLM pre-triage config (oss-autopilot#1122). Returns the configured
+     * model id and Ollama host, or empty strings when not configured —
+     * vetIssue treats either of these as "skip the SLM call".
+     */
+    getSLMTriageConfig?(): {
+        model: string;
+        host: string;
+    };
 }
 export declare class IssueVetter {
     private octokit;

package/dist/core/issue-vetting.js

@@ -13,7 +13,9 @@ import { calculateRepoQualityBonus, calculateViabilityScore, } from "./issue-sco
 import { repoBelongsToCategory } from "./category-mapping.js";
 import { checkNoExistingPR, checkNotClaimed, checkUserMergedPRsInRepo, analyzeRequirements, } from "./issue-eligibility.js";
 import { checkProjectHealth, fetchContributionGuidelines, } from "./repo-health.js";
+import { fetchAndScanAntiLLMPolicy } from "./anti-llm-policy.js";
 import { getHttpCache } from "./http-cache.js";
+import { triageWithSLM, buildTriageInput, } from "./slm-triage.js";
 const MODULE = "issue-vetting";
 /** Vetting concurrency: kept low to reduce burst pressure on GitHub's secondary rate limit. */
 const MAX_CONCURRENT_VETTING = 3;
@@ -68,6 +70,13 @@ export class IssueVetter {
                 ? Promise.resolve(0)
                 : checkUserMergedPRsInRepo(this.octokit, owner, repo),
         ]);
+        // Anti-LLM scan reuses the CONTRIBUTING text just fetched above —
+        // dedup'd to avoid 4 redundant getContent calls on cold-cache repos.
+        // We deliberately pass undefined (not null) when guidelines is missing,
+        // because fetchContributionGuidelines returns undefined for BOTH a 404
+        // and a transient 5xx — collapsing them to null would bypass the
+        // anti-llm-policy transient-failure cache safeguard.
+        const antiLLMPolicy = await fetchAndScanAntiLLMPolicy(this.octokit, owner, repo, { contributingText: contributionGuidelines?.rawContent });
         const noExistingPR = existingPRCheck.passed;
         const notClaimed = claimCheck.passed;
         // Analyze issue quality
@@ -87,6 +96,7 @@ export class IssueVetter {
                 contributionGuidelinesFound: !!contributionGuidelines,
             },
             contributionGuidelines,
+            linkedPR: existingPRCheck.linkedPR,
             notes: [],
         };
         // Build notes
@@ -212,10 +222,28 @@ export class IssueVetter {
         else if (starredRepos.includes(repoFullName)) {
             searchPriority = "starred";
         }
+        // Optional SLM pre-triage (oss-autopilot#1122). Fail-open: any error
+        // path returns null and the rest of the pipeline is unaffected.
+        const slmConfig = this.stateReader.getSLMTriageConfig?.() ?? {
+            model: "",
+            host: "",
+        };
+        let slmTriage = null;
+        if (slmConfig.model) {
+            const slmOpts = { model: slmConfig.model };
+            if (slmConfig.host)
+                slmOpts.host = slmConfig.host;
+            slmTriage = await triageWithSLM(buildTriageInput({
+                issue: { ...trackedIssue, body: ghIssue.body ?? "" },
+                linkedPR: existingPRCheck.linkedPR ?? null,
+            }), slmOpts);
+        }
         const result = {
             issue: trackedIssue,
             vettingResult,
             projectHealth,
+            antiLLMPolicy,
+            slmTriage,
             recommendation,
             reasonsToSkip,
             reasonsToApprove,

package/dist/core/repo-health.js

@@ -5,7 +5,7 @@
  * from issue-level eligibility logic.
  */
 import { daysBetween } from "./utils.js";
-import { errorMessage } from "./errors.js";
+import { errorMessage, getHttpStatusCode, isRateLimitError } from "./errors.js";
 import { warn } from "./logger.js";
 import { getHttpCache, cachedRequest, cachedTimeBased } from "./http-cache.js";
 const MODULE = "repo-health";
@@ -114,6 +114,17 @@ export async function fetchContributionGuidelines(octokit, owner, repo) {
         }
         return null;
     })));
+    // Pre-scan: auth/rate-limit must propagate even if a faster probe succeeded —
+    // otherwise a path-restricted token that 401s on .github/CONTRIBUTING.md but
+    // wins on CONTRIBUTING.md would silently hide the auth misconfiguration.
+    for (const result of results) {
+        if (result.status !== "rejected")
+            continue;
+        if (getHttpStatusCode(result.reason) === 401 ||
+            isRateLimitError(result.reason)) {
+            throw result.reason;
+        }
+    }
     for (let i = 0; i < results.length; i++) {
         const result = results[i];
         if (result.status === "fulfilled" && result.value) {
@@ -123,11 +134,9 @@ export async function fetchContributionGuidelines(octokit, owner, repo) {
             return guidelines;
         }
         if (result.status === "rejected") {
-            const msg = result.reason instanceof Error
-                ? result.reason.message
-                : String(result.reason);
-            if (!msg.includes("404") && !msg.includes("Not Found")) {
-                warn(MODULE, `Unexpected error fetching ${filesToCheck[i]} from ${owner}/${repo}: ${msg}`);
+            const status = getHttpStatusCode(result.reason);
+            if (status !== 404) {
+                warn(MODULE, `Unexpected error fetching ${filesToCheck[i]} from ${owner}/${repo}: ${errorMessage(result.reason)}`);
             }
         }
     }

package/dist/core/schemas.d.ts

@@ -85,6 +85,16 @@ export declare const ContributionGuidelinesSchema: z.ZodObject<{
     claRequired: z.ZodOptional<z.ZodBoolean>;
     rawContent: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
+export declare const LinkedPRSchema: z.ZodObject<{
+    number: z.ZodNumber;
+    author: z.ZodString;
+    state: z.ZodEnum<{
+        closed: "closed";
+        open: "open";
+    }>;
+    merged: z.ZodBoolean;
+    url: z.ZodString;
+}, z.core.$strip>;
 export declare const IssueVettingResultSchema: z.ZodObject<{
     passedAllChecks: z.ZodBoolean;
     checks: z.ZodObject<{
@@ -110,6 +120,16 @@ export declare const IssueVettingResultSchema: z.ZodObject<{
         claRequired: z.ZodOptional<z.ZodBoolean>;
         rawContent: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
+    linkedPR: z.ZodOptional<z.ZodNullable<z.ZodObject<{
+        number: z.ZodNumber;
+        author: z.ZodString;
+        state: z.ZodEnum<{
+            closed: "closed";
+            open: "open";
+        }>;
+        merged: z.ZodBoolean;
+        url: z.ZodString;
+    }, z.core.$strip>>>;
     notes: z.ZodArray<z.ZodString>;
 }, z.core.$strip>;
 export declare const TrackedIssueSchema: z.ZodObject<{
@@ -153,6 +173,16 @@ export declare const TrackedIssueSchema: z.ZodObject<{
             claRequired: z.ZodOptional<z.ZodBoolean>;
             rawContent: z.ZodOptional<z.ZodString>;
         }, z.core.$strip>>;
+        linkedPR: z.ZodOptional<z.ZodNullable<z.ZodObject<{
+            number: z.ZodNumber;
+            author: z.ZodString;
+            state: z.ZodEnum<{
+                closed: "closed";
+                open: "open";
+            }>;
+            merged: z.ZodBoolean;
+            url: z.ZodString;
+        }, z.core.$strip>>>;
         notes: z.ZodArray<z.ZodString>;
     }, z.core.$strip>>;
 }, z.core.$strip>;
@@ -222,6 +252,8 @@ export declare const ScoutPreferencesSchema: z.ZodObject<{
     }>>>;
     broadPhaseDelayMs: z.ZodDefault<z.ZodNumber>;
     skipBroadWhenSufficientResults: z.ZodDefault<z.ZodNumber>;
+    slmTriageModel: z.ZodDefault<z.ZodString>;
+    slmTriageHost: z.ZodDefault<z.ZodString>;
 }, z.core.$strip>;
 export declare const ScoutStateSchema: z.ZodObject<{
     version: z.ZodLiteral<1>;
@@ -263,6 +295,8 @@ export declare const ScoutStateSchema: z.ZodObject<{
         }>>>;
         broadPhaseDelayMs: z.ZodDefault<z.ZodNumber>;
         skipBroadWhenSufficientResults: z.ZodDefault<z.ZodNumber>;
+        slmTriageModel: z.ZodDefault<z.ZodString>;
+        slmTriageHost: z.ZodDefault<z.ZodString>;
     }, z.core.$strip>>;
     repoScores: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
         repo: z.ZodString;
@@ -334,6 +368,7 @@ export type StoredMergedPR = z.infer<typeof StoredMergedPRSchema>;
 export type StoredClosedPR = z.infer<typeof StoredClosedPRSchema>;
 export type StoredOpenPR = z.infer<typeof StoredOpenPRSchema>;
 export type ContributionGuidelines = z.infer<typeof ContributionGuidelinesSchema>;
+export type LinkedPR = z.infer<typeof LinkedPRSchema>;
 export type IssueVettingResult = z.infer<typeof IssueVettingResultSchema>;
 export type TrackedIssue = z.infer<typeof TrackedIssueSchema>;
 export type ScoutPreferences = z.infer<typeof ScoutPreferencesSchema>;

package/dist/core/schemas.js

@@ -89,6 +89,13 @@ export const ContributionGuidelinesSchema = z.object({
     claRequired: z.boolean().optional(),
     rawContent: z.string().optional(),
 });
+export const LinkedPRSchema = z.object({
+    number: z.number(),
+    author: z.string(),
+    state: z.enum(["open", "closed"]),
+    merged: z.boolean(),
+    url: z.string(),
+});
 export const IssueVettingResultSchema = z.object({
     passedAllChecks: z.boolean(),
     checks: z.object({
@@ -99,6 +106,7 @@ export const IssueVettingResultSchema = z.object({
         contributionGuidelinesFound: z.boolean(),
     }),
     contributionGuidelines: ContributionGuidelinesSchema.optional(),
+    linkedPR: LinkedPRSchema.nullable().optional(),
     notes: z.array(z.string()),
 });
 export const TrackedIssueSchema = z.object({
@@ -156,6 +164,19 @@ export const ScoutPreferencesSchema = z.object({
     defaultStrategy: z.array(SearchStrategySchema).optional(),
     broadPhaseDelayMs: z.number().min(0).max(300000).default(90000),
     skipBroadWhenSufficientResults: z.number().int().min(0).max(100).default(15),
+    /**
+     * Optional Ollama model id used for SLM pre-triage during vetting
+     * (oss-autopilot#1122). Empty disables the feature. Recommended values:
+     * `gemma4:e4b` (default for capable hardware) or `gemma4:e2b` /
+     * `qwen3:1.7b` for low-RAM machines.
+     */
+    slmTriageModel: z.string().default(""),
+    /**
+     * Override the Ollama HTTP host. Defaults to `http://127.0.0.1:11434`
+     * when empty. Useful when Ollama runs on a different machine on the
+     * local network.
+     */
+    slmTriageHost: z.string().default(""),
 });
 // ── Root state schema ───────────────────────────────────────────────
 export const ScoutStateSchema = z.object({