@saeed42/worktree-worker 1.3.0 → 1.3.2

package/README.md

@@ -1,10 +1,13 @@
 # @saeed42/worktree-worker
 
-Git worktree management service for AI agent trials. Runs as an npm package in CodeSandbox or any Node.js environment.
+Git worktree management service for AI agent trials. Runs as an npm package in CodeSandbox or any
+Node.js environment.
 
 ## Security
 
-**GitHub tokens are NEVER persisted to disk.** All authenticated operations require the token to be passed in the request body. This is critical for sandbox environments where credentials should not be stored.
+**GitHub tokens are NEVER persisted to disk.** All authenticated operations require the token to be
+passed in the request body. This is critical for sandbox environments where credentials should not
+be stored.
 
 ## Installation
 
@@ -75,44 +78,44 @@ import { app } from '@saeed42/worktree-worker';
 
 ### Health Checks
 
-| Endpoint | Description |
-|----------|-------------|
-| `GET /health` | Basic health check |
-| `GET /health/ready` | Readiness check |
-| `GET /health/live` | Liveness check |
+| Endpoint            | Description        |
+| ------------------- | ------------------ |
+| `GET /health`       | Basic health check |
+| `GET /health/ready` | Readiness check    |
+| `GET /health/live`  | Liveness check     |
 
 ### Repository Management
 
-| Endpoint | Description |
-|----------|-------------|
-| `POST /v1/repo/init` | Clone repository |
-| `POST /v1/repo/update` | Fetch/pull latest |
-| `GET /v1/repo/status` | Get repo status |
-| `GET /v1/repo/branches` | List branches |
+| Endpoint                | Description       |
+| ----------------------- | ----------------- |
+| `POST /v1/repo/init`    | Clone repository  |
+| `POST /v1/repo/update`  | Fetch/pull latest |
+| `GET /v1/repo/status`   | Get repo status   |
+| `GET /v1/repo/branches` | List branches     |
 
 ### Worktree Management
 
-| Endpoint | Description |
-|----------|-------------|
-| `POST /v1/trials/:trialId/worktree/reset` | Create/reset worktree |
-| `DELETE /v1/trials/:trialId/worktree` | Delete worktree |
-| `GET /v1/trials/:trialId/worktree/status` | Get status |
-| `GET /v1/trials/:trialId/worktree/diff` | Get diff |
-| `POST /v1/trials/:trialId/worktree/commit` | Commit changes |
-| `POST /v1/trials/:trialId/worktree/push` | Push to remote |
+| Endpoint                                   | Description           |
+| ------------------------------------------ | --------------------- |
+| `POST /v1/trials/:trialId/worktree/reset`  | Create/reset worktree |
+| `DELETE /v1/trials/:trialId/worktree`      | Delete worktree       |
+| `GET /v1/trials/:trialId/worktree/status`  | Get status            |
+| `GET /v1/trials/:trialId/worktree/diff`    | Get diff              |
+| `POST /v1/trials/:trialId/worktree/commit` | Commit changes        |
+| `POST /v1/trials/:trialId/worktree/push`   | Push to remote        |
 
 ## Configuration
 
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `PORT` | `8787` | HTTP server port |
-| `NODE_ENV` | `development` | Environment mode |
-| `WORKER_TOKEN` | `` | Auth token (empty = no auth) |
-| `BASE_WORKSPACE_DIR` | `/project/sandbox` | Main repo path |
-| `TRIALS_WORKSPACE_DIR` | `/project/workspaces/trials` | Worktrees path |
-| `DEFAULT_BRANCH` | `main` | Default base branch |
-| `GIT_TIMEOUT_MS` | `60000` | Git timeout |
-| `CLEANUP_AFTER_HOURS` | `24` | Stale worktree cleanup |
+| Variable               | Default                      | Description                  |
+| ---------------------- | ---------------------------- | ---------------------------- |
+| `PORT`                 | `8787`                       | HTTP server port             |
+| `NODE_ENV`             | `development`                | Environment mode             |
+| `WORKER_TOKEN`         | ``                           | Auth token (empty = no auth) |
+| `BASE_WORKSPACE_DIR`   | `/project/sandbox`           | Main repo path               |
+| `TRIALS_WORKSPACE_DIR` | `/project/workspaces/trials` | Worktrees path               |
+| `DEFAULT_BRANCH`       | `main`                       | Default base branch          |
+| `GIT_TIMEOUT_MS`       | `60000`                      | Git timeout                  |
+| `CLEANUP_AFTER_HOURS`  | `24`                         | Stale worktree cleanup       |
 
 ## Usage Examples
 
@@ -142,7 +145,8 @@ curl -X POST http://localhost:8787/v1/trials/abc123/worktree/reset \
   }'
 ```
 
-> **Note:** `githubToken` is required for private repositories. The token is used inline and **never stored on disk**.
+> **Note:** `githubToken` is required for private repositories. The token is used inline and **never
+> stored on disk**.
 
 Response:
 
@@ -184,7 +188,8 @@ curl -X POST http://localhost:8787/v1/trials/abc123/worktree/push \
   }'
 ```
 
-> **Note:** `githubToken` is **required** for push operations. The token is used inline and **never stored on disk**.
+> **Note:** `githubToken` is **required** for push operations. The token is used inline and **never
+> stored on disk**.
 
 ## Development
 
@@ -218,4 +223,3 @@ npm publish --access public
 ## License
 
 MIT
-

package/dist/main.js

@@ -8,6 +8,7 @@ import { logger as honoLogger } from "hono/logger";
 import { secureHeaders } from "hono/secure-headers";
 
 // src/config/env.ts
+import process from "process";
 var env = {
   PORT: parseInt(process.env.PORT || "8787", 10),
   NODE_ENV: process.env.NODE_ENV || "development",
@@ -112,33 +113,44 @@ var logger = {
 // src/middleware/auth.ts
 async function authMiddleware(c, next) {
   if (!env.WORKER_TOKEN) {
-    return next();
+    await next();
+    return;
   }
   const authHeader = c.req.header("Authorization");
   if (!authHeader) {
-    return c.json({ success: false, error: { code: "UNAUTHORIZED", message: "Missing Authorization header" } }, 401);
+    return c.json({
+      success: false,
+      error: { code: "UNAUTHORIZED", message: "Missing Authorization header" }
+    }, 401);
   }
   const [scheme, token] = authHeader.split(" ");
   if (scheme !== "Bearer" || !token) {
-    return c.json({ success: false, error: { code: "UNAUTHORIZED", message: "Invalid Authorization format" } }, 401);
+    return c.json({
+      success: false,
+      error: { code: "UNAUTHORIZED", message: "Invalid Authorization format" }
+    }, 401);
   }
   if (token !== env.WORKER_TOKEN) {
-    return c.json({ success: false, error: { code: "UNAUTHORIZED", message: "Invalid token" } }, 401);
+    return c.json(
+      { success: false, error: { code: "UNAUTHORIZED", message: "Invalid token" } },
+      401
+    );
   }
-  return next();
+  await next();
 }
 
 // src/routes/health.routes.ts
 import { Hono } from "hono";
-import { stat, mkdir } from "fs/promises";
+import { mkdir, stat } from "fs/promises";
 
 // src/services/git.service.ts
 import { spawn } from "child_process";
+import process2 from "process";
 var GitService = class {
   /**
    * Execute a git command
    */
-  async exec(args, cwd) {
+  exec(args, cwd) {
     const workDir = cwd || env.BASE_WORKSPACE_DIR;
     const log = logger.child({ git: args.slice(0, 2).join(" "), cwd: workDir });
     return new Promise((resolve, reject) => {
@@ -146,7 +158,7 @@ var GitService = class {
         cwd: workDir,
         timeout: env.GIT_TIMEOUT_MS,
         env: {
-          ...process.env,
+          ...process2.env,
           GIT_TERMINAL_PROMPT: "0",
           GIT_ASKPASS: ""
         }
@@ -208,7 +220,11 @@ var GitService = class {
    */
   async fetch(remote = "origin", cwd, auth) {
     if (auth?.githubToken) {
-      const authUrl = await this.getAuthenticatedRemoteUrl(remote, cwd || env.BASE_WORKSPACE_DIR, auth.githubToken);
+      const authUrl = await this.getAuthenticatedRemoteUrl(
+        remote,
+        cwd || env.BASE_WORKSPACE_DIR,
+        auth.githubToken
+      );
       if (authUrl) {
         await this.execOrThrow(["fetch", authUrl], cwd);
         return;
@@ -299,30 +315,83 @@ var GitService = class {
     const args = ["branch", force ? "-D" : "-d", branch];
     await this.exec(args, cwd);
   }
+  /**
+   * Check if repository is empty (no commits)
+   */
+  async isEmptyRepo(cwd) {
+    const result = await this.exec(["rev-parse", "HEAD"], cwd);
+    if (result.code !== 0) {
+      if (result.stderr.includes("unknown revision") || result.stderr.includes("bad revision") || result.stderr.includes("ambiguous argument")) {
+        return true;
+      }
+    }
+    return false;
+  }
   /**
    * Get HEAD SHA
+   * Returns null for empty repositories (no commits)
    */
   async getHeadSha(cwd) {
-    const result = await this.execOrThrow(["rev-parse", "HEAD"], cwd);
+    const result = await this.exec(["rev-parse", "HEAD"], cwd);
+    if (result.code !== 0) {
+      if (result.stderr.includes("unknown revision") || result.stderr.includes("bad revision") || result.stderr.includes("ambiguous argument")) {
+        throw new Error("Repository is empty (no commits). Please create an initial commit first.");
+      }
+      throw new Error(`Git command failed: ${result.stderr || result.stdout}`);
+    }
+    return result.stdout.trim();
+  }
+  /**
+   * Get HEAD SHA, returning null for empty repos instead of throwing
+   */
+  async getHeadShaSafe(cwd) {
+    const result = await this.exec(["rev-parse", "HEAD"], cwd);
+    if (result.code !== 0) {
+      return null;
+    }
     return result.stdout.trim();
   }
   /**
    * Get current branch
+   * Returns null for empty repositories or detached HEAD
    */
   async getCurrentBranch(cwd) {
-    const result = await this.execOrThrow(["rev-parse", "--abbrev-ref", "HEAD"], cwd);
+    const result = await this.exec(["rev-parse", "--abbrev-ref", "HEAD"], cwd);
+    if (result.code !== 0) {
+      if (result.stderr.includes("unknown revision") || result.stderr.includes("bad revision") || result.stderr.includes("ambiguous argument")) {
+        throw new Error("Repository is empty (no commits). Cannot determine current branch.");
+      }
+      throw new Error(`Git command failed: ${result.stderr || result.stdout}`);
+    }
     return result.stdout.trim();
   }
+  /**
+   * Get current branch, returning null for empty repos instead of throwing
+   */
+  async getCurrentBranchSafe(cwd) {
+    const result = await this.exec(["rev-parse", "--abbrev-ref", "HEAD"], cwd);
+    if (result.code !== 0) {
+      return null;
+    }
+    const branch = result.stdout.trim();
+    return branch === "HEAD" ? null : branch;
+  }
   /**
    * Check if branch exists (local or remote)
    * For remote branches, pass "origin/branch-name"
    */
   async branchExists(branch, cwd) {
     if (branch.includes("/")) {
-      const result2 = await this.exec(["show-ref", "--verify", "--quiet", `refs/remotes/${branch}`], cwd);
+      const result2 = await this.exec(
+        ["show-ref", "--verify", "--quiet", `refs/remotes/${branch}`],
+        cwd
+      );
       return result2.code === 0;
     }
-    const result = await this.exec(["show-ref", "--verify", "--quiet", `refs/heads/${branch}`], cwd);
+    const result = await this.exec(
+      ["show-ref", "--verify", "--quiet", `refs/heads/${branch}`],
+      cwd
+    );
     return result.code === 0;
   }
   /**
@@ -362,7 +431,11 @@ var GitService = class {
    */
   async push(remote, branch, force = false, cwd, auth) {
     if (auth?.githubToken) {
-      const authUrl = await this.getAuthenticatedRemoteUrl(remote, cwd || env.BASE_WORKSPACE_DIR, auth.githubToken);
+      const authUrl = await this.getAuthenticatedRemoteUrl(
+        remote,
+        cwd || env.BASE_WORKSPACE_DIR,
+        auth.githubToken
+      );
       if (authUrl) {
         const args2 = ["push", authUrl, branch];
         if (force) args2.push("--force");
@@ -396,6 +469,7 @@ var GitService = class {
 var gitService = new GitService();
 
 // src/routes/health.routes.ts
+import process3 from "process";
 var health = new Hono();
 health.get("/", (c) => {
   return c.json({
@@ -446,7 +520,7 @@ health.get("/live", (c) => {
   return c.json({
     status: "alive",
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    uptime: Math.floor(process.uptime())
+    uptime: Math.floor(process3.uptime())
   });
 });
 
@@ -470,7 +544,8 @@ var RepoService = class {
           path: repoRoot,
           branch: null,
           remote: null,
-          headSha: null
+          headSha: null,
+          isEmpty: false
         };
       }
       const gitDir = await stat2(`${repoRoot}/.git`).catch(() => null);
@@ -480,18 +555,21 @@ var RepoService = class {
           path: repoRoot,
           branch: null,
           remote: null,
-          headSha: null
+          headSha: null,
+          isEmpty: false
         };
       }
-      const branch = await gitService.getCurrentBranch(repoRoot).catch(() => null);
-      const headSha = await gitService.getHeadSha(repoRoot).catch(() => null);
+      const branch = await gitService.getCurrentBranchSafe(repoRoot);
+      const headSha = await gitService.getHeadShaSafe(repoRoot);
       const remote = await gitService.getRemoteUrl("origin", repoRoot);
+      const isEmpty = await gitService.isEmptyRepo(repoRoot);
       return {
         initialized: true,
         path: repoRoot,
         branch,
         remote,
-        headSha
+        headSha,
+        isEmpty
       };
     } catch {
       return {
@@ -499,14 +577,15 @@ var RepoService = class {
         path: repoRoot,
         branch: null,
         remote: null,
-        headSha: null
+        headSha: null,
+        isEmpty: false
       };
     }
   }
   /**
    * Initialize/clone the repository
    * SECURITY: githubToken is used inline and NEVER persisted
-   * 
+   *
    * Smart init logic:
    * - No repo exists → Clone it
    * - Repo exists, same URL → Fetch latest (idempotent)
@@ -534,47 +613,119 @@ var RepoService = class {
       if (isSameRepo) {
         log.info("Repository already initialized with same URL, fetching latest");
         await gitService.fetch("origin", repoRoot, auth);
-        const targetBranch = options.branch || env.DEFAULT_BRANCH;
+        const targetBranch2 = options.branch || env.DEFAULT_BRANCH;
         const currentBranch = status.branch || "";
-        if (targetBranch !== currentBranch) {
-          log.info("Switching to requested branch", { from: currentBranch, to: targetBranch });
-          const checkoutResult = await gitService.exec(["checkout", targetBranch], repoRoot);
+        if (targetBranch2 !== currentBranch) {
+          log.info("Switching to requested branch", { from: currentBranch, to: targetBranch2 });
+          const checkoutResult = await gitService.exec(["checkout", targetBranch2], repoRoot);
           if (checkoutResult.code !== 0) {
-            await gitService.exec(["checkout", "-b", targetBranch, `origin/${targetBranch}`], repoRoot);
+            await gitService.exec(
+              ["checkout", "-b", targetBranch2, `origin/${targetBranch2}`],
+              repoRoot
+            );
           }
         }
-        const headSha2 = await gitService.getHeadSha(repoRoot);
-        const branch2 = await gitService.getCurrentBranch(repoRoot);
-        return { path: repoRoot, branch: branch2, headSha: headSha2, remote: status.remote };
+        const headSha3 = await gitService.getHeadSha(repoRoot);
+        const branch3 = await gitService.getCurrentBranch(repoRoot);
+        return { path: repoRoot, branch: branch3, headSha: headSha3, remote: status.remote };
       }
       if (!options.force) {
         throw new Error(
           `Repository already initialized with different URL. Current: ${currentUrl}, Requested: ${requestedUrl}. Use force=true to re-initialize (this will delete all worktrees).`
         );
       }
-      log.warn("Force re-init: cleaning all worktrees and repo");
+      log.warn("Force re-init: cleaning worktrees and updating remote in-place");
       await this.cleanAllWorktrees();
-      await rm(repoRoot, { recursive: true, force: true });
+      const cleanUrl = options.repoUrl.replace(/^https:\/\/[^@]+@/, "https://");
+      await gitService.exec(["remote", "set-url", "origin", cleanUrl], repoRoot);
+      await gitService.exec(["config", "--local", "user.name", "origin-agent[bot]"], repoRoot);
+      await gitService.exec([
+        "config",
+        "--local",
+        "user.email",
+        "origin-agent[bot]@users.noreply.github.com"
+      ], repoRoot);
+      await gitService.exec(["config", "--local", "safe.directory", repoRoot], repoRoot);
+      const targetBranch = options.branch || env.DEFAULT_BRANCH;
+      log.info("Fetching from new remote", { branch: targetBranch });
+      await gitService.fetch("origin", repoRoot, auth);
+      try {
+        await gitService.exec(["checkout", "-B", targetBranch, `origin/${targetBranch}`, "--force"], repoRoot);
+      } catch {
+        await gitService.exec(["checkout", "-B", targetBranch, "--force"], repoRoot);
+      }
+      await gitService.exec(["branch", `--set-upstream-to=origin/${targetBranch}`, targetBranch], repoRoot).catch(
+        () => {
+        }
+      );
+      const headSha2 = await gitService.getHeadSha(repoRoot);
+      const branch2 = await gitService.getCurrentBranch(repoRoot);
+      const remote2 = await gitService.getRemoteUrl("origin", repoRoot);
+      log.info("Repository re-initialized in-place", { branch: branch2, headSha: headSha2 });
+      return { path: repoRoot, branch: branch2, headSha: headSha2, remote: remote2 };
     }
     const parentDir = repoRoot.split("/").slice(0, -1).join("/");
     await mkdir2(parentDir, { recursive: true });
     await mkdir2(env.TRIALS_WORKSPACE_DIR, { recursive: true });
+    const dirExists = await stat2(repoRoot).then(() => true).catch(() => false);
     const branch = options.branch || env.DEFAULT_BRANCH;
-    log.info("Cloning repository", { branch });
-    await gitService.cloneRepo(options.repoUrl, repoRoot, {
-      branch,
-      blobless: true,
-      githubToken: options.githubToken
-    });
-    await gitService.exec(["config", "--local", "user.name", "origin-agent[bot]"], repoRoot);
-    await gitService.exec(["config", "--local", "user.email", "origin-agent[bot]@users.noreply.github.com"], repoRoot);
-    await gitService.exec(["config", "--local", "safe.directory", repoRoot], repoRoot);
-    const cleanUrl = options.repoUrl.replace(/^https:\/\/[^@]+@/, "https://");
-    await gitService.exec(["remote", "set-url", "origin", cleanUrl], repoRoot);
-    log.info("Fetching all remote refs");
-    await gitService.fetch("origin", repoRoot, auth);
-    await gitService.exec(["branch", `--set-upstream-to=origin/${branch}`, branch], repoRoot).catch(() => {
-    });
+    if (dirExists) {
+      log.info("Directory exists, initializing git in-place", { branch });
+      await gitService.exec(["init"], repoRoot);
+      await gitService.exec(["config", "--local", "user.name", "origin-agent[bot]"], repoRoot);
+      await gitService.exec([
+        "config",
+        "--local",
+        "user.email",
+        "origin-agent[bot]@users.noreply.github.com"
+      ], repoRoot);
+      await gitService.exec(["config", "--local", "safe.directory", repoRoot], repoRoot);
+      const cleanUrl = options.repoUrl.replace(/^https:\/\/[^@]+@/, "https://");
+      await gitService.exec(["remote", "add", "origin", cleanUrl], repoRoot).catch(async () => {
+        await gitService.exec(["remote", "set-url", "origin", cleanUrl], repoRoot);
+      });
+      await gitService.fetch("origin", repoRoot, auth);
+      await gitService.exec(["checkout", "-B", branch, `origin/${branch}`, "--force"], repoRoot);
+      await gitService.exec(["branch", `--set-upstream-to=origin/${branch}`, branch], repoRoot).catch(
+        () => {
+        }
+      );
+    } else {
+      log.info("Cloning repository", { branch });
+      await gitService.cloneRepo(options.repoUrl, repoRoot, {
+        branch,
+        blobless: true,
+        githubToken: options.githubToken
+      });
+      await gitService.exec(["config", "--local", "user.name", "origin-agent[bot]"], repoRoot);
+      await gitService.exec([
+        "config",
+        "--local",
+        "user.email",
+        "origin-agent[bot]@users.noreply.github.com"
+      ], repoRoot);
+      await gitService.exec(["config", "--local", "safe.directory", repoRoot], repoRoot);
+      const cleanUrl = options.repoUrl.replace(/^https:\/\/[^@]+@/, "https://");
+      await gitService.exec(["remote", "set-url", "origin", cleanUrl], repoRoot);
+      log.info("Fetching all remote refs");
+      await gitService.fetch("origin", repoRoot, auth);
+      await gitService.exec(["branch", `--set-upstream-to=origin/${branch}`, branch], repoRoot).catch(
+        () => {
+        }
+      );
+    }
+    const isEmpty = await gitService.isEmptyRepo(repoRoot);
+    if (isEmpty) {
+      log.warn("Repository is empty (no commits)", { repoUrl: options.repoUrl });
+      const remote2 = await gitService.getRemoteUrl("origin", repoRoot);
+      return {
+        path: repoRoot,
+        branch,
+        headSha: null,
+        // Empty repo has no HEAD
+        remote: remote2
+      };
+    }
     const headSha = await gitService.getHeadSha(repoRoot);
     const remote = await gitService.getRemoteUrl("origin", repoRoot);
     log.info("Repository initialized", { branch, headSha });
@@ -663,7 +814,10 @@ repo.get("/status", async (c) => {
   } catch (err) {
     const error = err;
     logger.error("Failed to get repo status", { error: error.message });
-    return c.json({ success: false, error: { code: "INTERNAL_ERROR", message: error.message } }, 500);
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
   }
 });
 repo.get("/branches", async (c) => {
@@ -673,7 +827,10 @@ repo.get("/branches", async (c) => {
   } catch (err) {
     const error = err;
     logger.error("Failed to list branches", { error: error.message });
-    return c.json({ success: false, error: { code: "INTERNAL_ERROR", message: error.message } }, 500);
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
   }
 });
 repo.post("/init", async (c) => {
@@ -687,7 +844,10 @@ repo.post("/init", async (c) => {
         400
       );
     }
-    log.info("Initializing repository", { repoUrl: parsed.data.repoUrl, branch: parsed.data.branch });
+    log.info("Initializing repository", {
+      repoUrl: parsed.data.repoUrl,
+      branch: parsed.data.branch
+    });
     const result = await repoService.initRepo(parsed.data);
     return c.json({ success: true, data: result });
   } catch (err) {
@@ -722,7 +882,7 @@ import { Hono as Hono3 } from "hono";
 import { z as z2 } from "zod";
 
 // src/services/worktree.service.ts
-import { mkdir as mkdir3, rm as rm2, stat as stat3, readdir as readdir2 } from "fs/promises";
+import { mkdir as mkdir3, readdir as readdir2, rm as rm2, stat as stat3 } from "fs/promises";
 var WorktreeService = class {
   /**
    * Get the isolated workspace directory for a specific trial.
@@ -763,19 +923,43 @@ var WorktreeService = class {
       hasRepoUrl: !!options.repoUrl
     });
     await mkdir3(env.TRIALS_WORKSPACE_DIR, { recursive: true });
-    const repoStatus = await repoService.getStatus();
-    if (!repoStatus.initialized) {
+    await this.opportunisticCleanup();
+    let repoStatus = await repoService.getStatus();
+    const isValidGitHubRemote = (remote) => {
+      if (!remote) return false;
+      return remote.includes("github.com") || remote.startsWith("https://");
+    };
+    const needsInit = !repoStatus.initialized;
+    const hasInvalidRemote = repoStatus.initialized && !isValidGitHubRemote(repoStatus.remote);
+    if (needsInit || hasInvalidRemote) {
       if (!options.repoUrl) {
         throw new Error(
-          "Main repository not initialized. Provide repoUrl to auto-initialize, or call /v1/repo/init first."
+          "Main repository not initialized or has invalid remote. Provide repoUrl to auto-initialize, or call /v1/repo/init first."
         );
       }
-      log.info("Main repo not initialized, auto-initializing", { repoUrl: options.repoUrl.replace(/ghp_[a-zA-Z0-9]+/, "ghp_***") });
+      if (hasInvalidRemote) {
+        log.warn("Repo has invalid remote (likely CodeSandbox template), re-initializing", {
+          currentRemote: repoStatus.remote,
+          newRepoUrl: options.repoUrl.replace(/ghp_[a-zA-Z0-9]+/, "ghp_***")
+        });
+      } else {
+        log.info("Main repo not initialized, auto-initializing", {
+          repoUrl: options.repoUrl.replace(/ghp_[a-zA-Z0-9]+/, "ghp_***")
+        });
+      }
       await repoService.initRepo({
         repoUrl: options.repoUrl,
         branch: baseBranch,
-        githubToken: options.githubToken
+        githubToken: options.githubToken,
+        force: hasInvalidRemote
+        // Force re-init if remote is invalid
       });
+      repoStatus = await repoService.getStatus();
+    }
+    if (repoStatus.isEmpty) {
+      throw new Error(
+        "Cannot create worktree: repository is empty (no commits). Please create an initial commit in the repository first."
+      );
     }
     try {
       const stats = await stat3(worktreePath);
@@ -785,7 +969,7 @@ var WorktreeService = class {
           log.info("Worktree already exists, fetching latest");
           await gitService.fetch("origin", worktreePath, auth).catch(() => {
           });
-          const headSha2 = await gitService.getHeadSha(worktreePath);
+          const headSha2 = await gitService.getHeadShaSafe(worktreePath);
           return { worktreePath, branch: branchName, headSha: headSha2 };
         }
       }
@@ -832,11 +1016,17 @@ var WorktreeService = class {
           }
         }
         if (!found) {
-          const currentBranch = await gitService.getCurrentBranch(baseRepoDir);
+          const currentBranch = await gitService.getCurrentBranchSafe(baseRepoDir);
           if (currentBranch && currentBranch !== "HEAD") {
             baseRef = currentBranch;
             log.info("Using current branch as base", { baseRef });
           } else {
+            const isEmpty = await gitService.isEmptyRepo(baseRepoDir);
+            if (isEmpty) {
+              throw new Error(
+                `Cannot create worktree: repository is empty (no commits). Please create an initial commit in the repository first.`
+              );
+            }
             throw new Error(
               `Cannot find base branch. Tried: origin/${baseBranch}, ${fallbackBranches.join(", ")}. Ensure the repository has been fetched properly.`
             );
@@ -848,11 +1038,16 @@ var WorktreeService = class {
     }
     await gitService.exec(["config", "--local", "user.name", "origin-agent[bot]"], worktreePath).catch(() => {
     });
-    await gitService.exec(["config", "--local", "user.email", "origin-agent[bot]@users.noreply.github.com"], worktreePath).catch(() => {
+    await gitService.exec([
+      "config",
+      "--local",
+      "user.email",
+      "origin-agent[bot]@users.noreply.github.com"
+    ], worktreePath).catch(() => {
     });
     await gitService.exec(["config", "--local", "safe.directory", worktreePath], worktreePath).catch(() => {
     });
-    const headSha = await gitService.getHeadSha(worktreePath);
+    const headSha = await gitService.getHeadShaSafe(worktreePath);
     log.info("Worktree created successfully", { headSha });
     return { worktreePath, branch: branchName, headSha };
   }
@@ -914,8 +1109,8 @@ var WorktreeService = class {
           changedFiles: 0
         };
       }
-      const headSha = await gitService.getHeadSha(worktreePath);
-      const branch = await gitService.getCurrentBranch(worktreePath);
+      const headSha = await gitService.getHeadShaSafe(worktreePath);
+      const branch = await gitService.getCurrentBranchSafe(worktreePath);
       const status = await gitService.getStatus(worktreePath);
       return {
         exists: true,
@@ -973,6 +1168,76 @@ var WorktreeService = class {
     await gitService.push(remote, branch, force, worktreePath, auth);
     return { branch, pushed: true };
   }
+  /**
+   * Count current worktrees
+   */
+  async countWorktrees() {
+    try {
+      const entries = await readdir2(env.TRIALS_WORKSPACE_DIR, { withFileTypes: true });
+      return entries.filter((e) => e.isDirectory()).length;
+    } catch {
+      return 0;
+    }
+  }
+  /**
+   * Get worktrees sorted by modification time (oldest first)
+   */
+  async getWorktreesByAge() {
+    try {
+      const entries = await readdir2(env.TRIALS_WORKSPACE_DIR, { withFileTypes: true });
+      const worktrees = [];
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        const worktreePath = `${env.TRIALS_WORKSPACE_DIR}/${entry.name}`;
+        try {
+          const stats = await stat3(worktreePath);
+          worktrees.push({ path: worktreePath, mtime: stats.mtimeMs });
+        } catch {
+        }
+      }
+      return worktrees.sort((a, b) => a.mtime - b.mtime);
+    } catch {
+      return [];
+    }
+  }
+  /**
+   * Opportunistic cleanup - run before creating new worktrees
+   * 
+   * Strategy:
+   * 1. Always clean worktrees older than CLEANUP_AFTER_HOURS
+   * 2. If count exceeds MAX_WORKTREES, clean oldest until under limit
+   */
+  async opportunisticCleanup(maxWorktrees = 20) {
+    const log = logger.child({ service: "worktree", action: "opportunistic-cleanup" });
+    try {
+      const worktrees = await this.getWorktreesByAge();
+      const count = worktrees.length;
+      const cutoffTime = Date.now() - env.CLEANUP_AFTER_HOURS * 60 * 60 * 1e3;
+      let cleaned = 0;
+      for (const wt of worktrees) {
+        const isStale = wt.mtime < cutoffTime;
+        const isOverLimit = count - cleaned > maxWorktrees;
+        if (isStale || isOverLimit) {
+          try {
+            await rm2(wt.path, { recursive: true, force: true });
+            cleaned++;
+            log.debug("Cleaned worktree", {
+              path: wt.path,
+              reason: isStale ? "stale" : "over_limit",
+              ageHours: Math.round((Date.now() - wt.mtime) / (60 * 60 * 1e3))
+            });
+          } catch {
+          }
+        }
+      }
+      if (cleaned > 0) {
+        log.info("Opportunistic cleanup completed", { cleaned, remaining: count - cleaned });
+        await gitService.pruneWorktrees(env.BASE_WORKSPACE_DIR).catch(() => {
+        });
+      }
+    } catch {
+    }
+  }
   /**
    * Cleanup stale worktrees
    */
@@ -1176,7 +1441,10 @@ worktree.post("/worktrees/cleanup", async (c) => {
   } catch (err) {
     const error = err;
     log.error("Failed to cleanup worktrees", { error: error.message });
-    return c.json({ success: false, error: { code: "INTERNAL_ERROR", message: error.message } }, 500);
+    return c.json(
+      { success: false, error: { code: "INTERNAL_ERROR", message: error.message } },
+      500
+    );
   }
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@saeed42/worktree-worker",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "Git worktree management service for AI agent trials",
   "type": "module",
   "main": "dist/main.js",
@@ -48,4 +48,3 @@
     "access": "public"
   }
 }
-