@urateam/core 0.1.32 → 0.1.34

package/dist/release-manager/release-helpers.js

@@ -0,0 +1,164 @@
+/**
+ * release-helpers.ts
+ *
+ * Responsibility: persistence and Slack notification helpers for the release manager.
+ *
+ * Exports:
+ *   - SlackPoster                 — interface for the injectable Slack client
+ *   - SlackDedupState             — mutable dedup counters passed between ticks
+ *   - MAX_QA_RETRY_ATTEMPTS       — threshold before escalating to a permanent skip reason
+ *   - maybePostSlack              — post to Slack with 24-hour same-reason dedup
+ *   - persistDecision             — write a release_decisions row
+ *   - consumeApprovalRow          — mark the most-recent fresh approval as consumed
+ *   - getMaxAttemptCountForReason — query the highest attempt count for a (repo, branch, reason) triple
+ *   - tryFileQaGapIssue           — file a QA gap issue via Linear and handle transient errors
+ */
+import { and, desc, eq, isNull, max } from "drizzle-orm";
+import { releaseApprovals, releaseDecisions } from "../db/schema.js";
+import { logAuditEventUnchecked } from "../audit/writer.js";
+import { slackPostFailedEvent } from "../audit/events.js";
+import { createLogger } from "../logger.js";
+import { fileGapIssue } from "../qa/gap.js";
+const log = createLogger({ component: "ReleaseManager:helpers" });
+/** 24-hour dedup window — same reason within this window is suppressed. */
+const SLACK_DEDUP_WINDOW_MS = 24 * 3600 * 1000;
+/**
+ * Maximum consecutive QA-related retry attempts before escalating to a
+ * permanent skip reason (e.g. `"qa_dispatch_error"` or `"qa_gap_file_error"`).
+ */
+export const MAX_QA_RETRY_ATTEMPTS = 3;
+/**
+ * Post a Slack message, deduplicating same-reason posts within 24 hours.
+ *
+ * - When `currentSkipReason` is non-null: suppresses the post if the same
+ *   reason was posted within `SLACK_DEDUP_WINDOW_MS`.
+ * - When `currentSkipReason` is null (fire / awaiting-approval transitions):
+ *   always posts regardless of the dedup window.
+ *
+ * Mutates `dedupState.lastPostAt` and `dedupState.lastSkipReason` on success.
+ * Writes a `slackPostFailedEvent` audit entry if `postMessage` returns false.
+ */
+export async function maybePostSlack(slack, slackChannel, db, dedupState, text, currentSkipReason) {
+    if (!slack || !slackChannel)
+        return;
+    const now = Date.now();
+    // Always post when transitioning to fire / awaiting-approval.
+    // Otherwise dedup: same reason + within window → suppress.
+    if (currentSkipReason) {
+        const sameReason = currentSkipReason === dedupState.lastSkipReason;
+        const withinWindow = now - dedupState.lastPostAt < SLACK_DEDUP_WINDOW_MS;
+        if (sameReason && withinWindow)
+            return;
+    }
+    const ok = await slack.postMessage(slackChannel, text).catch(() => false);
+    if (!ok) {
+        void logAuditEventUnchecked(db, slackPostFailedEvent({ channel: slackChannel, reason: "post_returned_false" }));
+        return;
+    }
+    dedupState.lastPostAt = now;
+    dedupState.lastSkipReason = currentSkipReason;
+}
+/**
+ * Persist a release decision row to the `release_decisions` table.
+ *
+ * @param db       - Database client.
+ * @param repoUrl  - Repository URL (used as the partition key).
+ * @param branch   - Branch name being managed.
+ * @param row      - Decision fields. `attemptCount` defaults to 0 when omitted.
+ */
+export async function persistDecision(db, repoUrl, branch, row) {
+    await db.insert(releaseDecisions).values({
+        id: row.id,
+        repoUrl,
+        branch,
+        decidedAt: new Date(),
+        decision: row.decision,
+        reason: row.reason,
+        triggerStateJson: row.triggerStateJson,
+        proposedVersion: row.proposedVersion,
+        firedTag: row.firedTag,
+        firedSha: row.firedSha,
+        attemptCount: row.attemptCount ?? 0,
+        qaRunId: row.qaRunId,
+        qaRunSha: row.qaRunSha,
+    });
+}
+/**
+ * Mark the most-recent un-consumed approval row for `(repoUrl, branch)` as
+ * consumed by `decisionId`.
+ *
+ * No-op when no fresh approval exists (e.g. approval was already consumed by a
+ * concurrent tick or the approval row was deleted manually).
+ */
+export async function consumeApprovalRow(db, repoUrl, branch, decisionId) {
+    const fresh = await db
+        .select({ id: releaseApprovals.id })
+        .from(releaseApprovals)
+        .where(and(eq(releaseApprovals.repoUrl, repoUrl), eq(releaseApprovals.branch, branch), isNull(releaseApprovals.consumedAt)))
+        .orderBy(desc(releaseApprovals.approvedAt))
+        .limit(1);
+    if (fresh?.[0]?.id) {
+        await db
+            .update(releaseApprovals)
+            .set({ consumedAt: new Date(), consumedByDecisionId: decisionId })
+            .where(eq(releaseApprovals.id, fresh[0].id));
+    }
+}
+/**
+ * Query the highest `attemptCount` stored for a given `(repoUrl, branch, reason)` triple.
+ *
+ * Uses `MAX(attemptCount)` rather than `ORDER BY + LIMIT 1` to be stable when
+ * multiple rows share the same `decidedAt` timestamp (e.g. rapid consecutive ticks).
+ *
+ * @param db        - Database client.
+ * @param repoUrl   - Repository URL.
+ * @param branch    - Branch name.
+ * @param reason    - The `reason` column value to filter on (e.g. `"qa_needs_trigger"`).
+ * @param qaRunSha  - Optional: when supplied, further filters to rows with this `qaRunSha`.
+ *                    Use when tracking retry attempts for a specific commit SHA.
+ * @returns The maximum attempt count found, or `0` when no matching rows exist.
+ */
+export async function getMaxAttemptCountForReason(db, repoUrl, branch, reason, qaRunSha) {
+    const rows = await db
+        .select({ maxAttempts: max(releaseDecisions.attemptCount) })
+        .from(releaseDecisions)
+        .where(qaRunSha !== undefined
+        ? and(eq(releaseDecisions.repoUrl, repoUrl), eq(releaseDecisions.branch, branch), eq(releaseDecisions.reason, reason), eq(releaseDecisions.qaRunSha, qaRunSha))
+        : and(eq(releaseDecisions.repoUrl, repoUrl), eq(releaseDecisions.branch, branch), eq(releaseDecisions.reason, reason)));
+    return rows?.[0]?.maxAttempts ?? 0;
+}
+/**
+ * File a QA gap issue via Linear and handle transient filing errors.
+ *
+ * Wraps `fileGapIssue` with attempt-count tracking. On a `linear_error` response,
+ * increments the per-`(repoUrl, branch, "qa_no_workflow")` attempt counter and
+ * escalates `finalReason` to `"qa_gap_file_error"` once `MAX_QA_RETRY_ATTEMPTS`
+ * consecutive failures have occurred.
+ *
+ * On success (`"filed"` or `"already_filed"`), returns
+ * `{ finalReason: "qa_no_workflow", attemptCount: 0 }` — the attempt counter
+ * resets to 0 to signal that no error has been seen for this filing.
+ *
+ * @param params.db             - Database client.
+ * @param params.linear         - Linear client (required; caller is responsible for the
+ *                                `if (linear)` guard before calling this helper).
+ * @param params.repoUrl        - Repository URL.
+ * @param params.branch         - Branch name.
+ * @param params.workflowPath   - Configured QA workflow file path (e.g. `".github/workflows/smoke.yml"`).
+ * @param params.linearTeamId   - Linear team ID to file the gap issue into.
+ * @returns `{ finalReason, attemptCount }` for use in the decision row.
+ */
+export async function tryFileQaGapIssue(params) {
+    const { db, linear, repoUrl, branch, workflowPath, linearTeamId } = params;
+    const gapResult = await fileGapIssue({ db, linear, repoUrl, branch, workflowPath, linearTeamId });
+    if (gapResult.kind !== "linear_error") {
+        // Filed or already-filed — reset attempt counter for this gap-filing loop.
+        return { finalReason: "qa_no_workflow", attemptCount: 0 };
+    }
+    const prevCount = await getMaxAttemptCountForReason(db, repoUrl, branch, "qa_no_workflow");
+    const attemptCount = prevCount + 1;
+    const finalReason = attemptCount >= MAX_QA_RETRY_ATTEMPTS ? "qa_gap_file_error" : "qa_no_workflow";
+    log.error({ err: gapResult.message, repoUrl, branch }, "fileGapIssue failed; will retry");
+    return { finalReason, attemptCount };
+}
+//# sourceMappingURL=release-helpers.js.map

package/dist/release-manager/release-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"release-helpers.js","sourceRoot":"","sources":["../../src/release-manager/release-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,CAAC,CAAC;AAOlE,2EAA2E;AAC3E,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAgB/C;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEvC;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAA8B,EAC9B,YAAgC,EAChC,EAAS,EACT,UAA2B,EAC3B,IAAY,EACZ,iBAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY;QAAE,OAAO;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,8DAA8D;IAC9D,2DAA2D;IAC3D,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,iBAAiB,KAAK,UAAU,CAAC,cAAc,CAAC;QACnE,MAAM,YAAY,GAAG,GAAG,GAAG,UAAU,CAAC,UAAU,GAAG,qBAAqB,CAAC;QACzE,IAAI,UAAU,IAAI,YAAY;YAAE,OAAO;IACzC,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC1E,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,KAAK,sBAAsB,CAAC,EAAE,EAAE,oBAAoB,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,CAAC,CAAC;QAChH,OAAO;IACT,CAAC;IACD,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC;IAC5B,UAAU,CAAC,cAAc,GAAG,iBAAiB,CAAC;AAChD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAS,EACT,OAAe,EACf,MAAc,EACd,GAWC;IAED,MAAO,EAAU,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QAChD,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,OAAO;QACP,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,gBAAgB,EAAE,GAAG,CAAC,gBAAgB;QACtC,eAAe,EAAE,GAAG,CAAC,eAAe;QACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,CAAC;QACnC,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,EAAS,EACT,OAAe,EACf,MAAc,EACd,UAAkB;IAElB,MAAM,KAAK,GAAG,MAAO,EAAU;SAC5B,MAAM,CAAC,EAAE,EAAE,EAAE,gBAAgB,CAAC,EAAE,EAAE,CAAC;SACnC,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,EACrC,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,MAAM,CAAC,gBAAgB,CAAC,UAAU,CAAC,CACpC,CACF;SACA,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;SAC1C,KAAK,CAAC,CAAC,CAAC,CAAC;IACZ,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC;QACnB,MAAO,EAAU;aACd,MAAM,CAAC,gBAAgB,CAAC;aACxB,GAAG,CAAC,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,oBAAoB,EAAE,UAAU,EAAE,CAAC;aACjE,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EAAS,EACT,OAAe,EACf,MAAc,EACd,MAAc,EACd,QAAiB;IAEjB,MAAM,IAAI,GAAG,MAAO,EAAU;SAC3B,MAAM,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAAE,CAAC;SAC3D,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CACJ,QAAQ,KAAK,SAAS;QACpB,CAAC,CAAC,GAAG,CACD,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,EACrC,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CACxC;QACH,CAAC,CAAC,GAAG,CACD,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,EACrC,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,EAAE,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CACpC,CACN,CAAC;IACJ,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAOvC;IACC,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;IAC3E,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC;IAClG,IAAI,SAAS,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACtC,2EAA2E;QAC3E,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAC,EAAE,CAAC;IAC5D,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,2BAA2B,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC3F,MAAM,YAAY,GAAG,SAAS,GAAG,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,YAAY,IAAI,qBAAqB,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,gBAAgB,CAAC;IACnG,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,iCAAiC,CAAC,CAAC;IAC1F,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;AACvC,CAAC"}

package/dist/release-manager/release-tick.d.ts

@@ -0,0 +1,101 @@
+import type { Octokit } from "@octokit/rest";
+import type { LinearClient } from "@linear/sdk";
+import type { AnyDb } from "../db/client.js";
+import type { ReleaseManagerConfig } from "./types.js";
+import type { SlackPoster, SlackDedupState } from "./release-helpers.js";
+/**
+ * Mutable per-instance state that persists across tick invocations.
+ *
+ * The scheduler factory constructs exactly one `TickMutableState` per
+ * `createReleaseManagerScheduler` call and passes it through `TickContext` to
+ * every `tick()` call. The tick function reads and writes this object in-place.
+ */
+export interface TickMutableState {
+    /** Slack dedup counters — tracks reason + timestamp of last successful post. */
+    slackDedup: SlackDedupState;
+    /**
+     * True once the "release-manager unlicensed" warning has been logged,
+     * preventing repeated log spam on every unlicensed tick.
+     */
+    licenseWarnLogged: boolean;
+    /**
+     * Set of QA workflow run IDs whose completion has already been audited.
+     * Prevents duplicate `qa.run_completed` audit events when the same run ID
+     * appears across multiple ticks.
+     *
+     * Bounded to `MAX_AUDITED_RUN_IDS` entries — evicted (cleared) when the
+     * threshold is exceeded to prevent unbounded memory growth in long-running
+     * deployments.
+     */
+    auditedCompletedRunIds: Set<number>;
+    /**
+     * Epoch-ms timestamp until which the scheduler is paused (via `/release skip`).
+     * Zero means not paused.
+     */
+    pausedUntilTs: number;
+}
+/**
+ * All dependencies and configuration needed to run a single release-manager tick.
+ *
+ * The scheduler constructs a `TickContext` once at startup and passes it to every
+ * `tick()` invocation rather than relying on closure variables. This makes the
+ * state machine independently testable and explicit about its dependencies.
+ *
+ * @field config           - Full release-manager configuration for this repo/branch pair.
+ * @field db               - Database client (SQLite dev / Postgres prod).
+ * @field octokit          - GitHub REST API client.
+ * @field linear           - Linear client for filing QA gap issues. Required when
+ *                           `config.triggers.qaCheck` is configured.
+ * @field repoUrl          - HTTPS URL of the repository (e.g. "https://github.com/org/repo").
+ * @field branch           - Branch name being managed (e.g. "main").
+ * @field isLicensed       - Injectable license check — returns true when
+ *                           "release-manager" feature is licensed.
+ * @field slack            - Optional Slack client for posting release notifications.
+ * @field mutableState     - Per-instance state shared across ticks. Updated in-place.
+ */
+export interface TickContext {
+    /** Full release-manager configuration for this repo/branch pair. */
+    config: ReleaseManagerConfig;
+    /** Database client (SQLite or Postgres). */
+    db: AnyDb;
+    /** GitHub REST API client. */
+    octokit: Octokit;
+    /**
+     * Linear client for filing QA gap issues.
+     * Required when `config.triggers.qaCheck` is configured.
+     */
+    linear?: LinearClient;
+    /** HTTPS URL of the repository (e.g. "https://github.com/org/repo"). */
+    repoUrl: string;
+    /** Branch name being managed (e.g. "main"). */
+    branch: string;
+    /** Injectable license check — returns true when "release-manager" feature is licensed. */
+    isLicensed: () => boolean;
+    /** Optional Slack client for posting release notifications. */
+    slack?: SlackPoster;
+    /**
+     * Mutable per-instance state shared across ticks.
+     * Updated in-place by `tick()` to persist dedup counters, pause state, etc.
+     */
+    mutableState: TickMutableState;
+}
+/**
+ * Execute a single release-manager decision cycle.
+ *
+ * Orchestrates the full state machine:
+ * 1. License check and pause gate.
+ * 2. Collect world state (branch HEAD, tags, CI, approvals, QA run).
+ * 3. Manual-tag detection (re-baseline).
+ * 4. QA workflow check — trigger, poll, or file gap issue as needed.
+ * 5. Decide (skip / awaiting-approval / fire).
+ * 6. On skip: persist decision, emit audit event, post Slack with dedup.
+ * 7. On awaiting-approval: persist decision, post Slack prompt.
+ * 8. On fire: create Git tag + GitHub release, persist decision, post Slack.
+ *
+ * All dependencies arrive through `ctx`; no closure variables are read or written.
+ * Mutable inter-tick state is stored in `ctx.mutableState` and updated in-place.
+ *
+ * @param ctx - All dependencies and mutable state for this tick invocation.
+ */
+export declare function tick(ctx: TickContext): Promise<void>;
+//# sourceMappingURL=release-tick.d.ts.map

package/dist/release-manager/release-tick.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"release-tick.d.ts","sourceRoot":"","sources":["../../src/release-manager/release-tick.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAc7C,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAWvD,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAazE;;;;;;GAMG;AACH,MAAM,WAAW,gBAAgB;IAC/B,gFAAgF;IAChF,UAAU,EAAE,eAAe,CAAC;IAC5B;;;OAGG;IACH,iBAAiB,EAAE,OAAO,CAAC;IAC3B;;;;;;;;OAQG;IACH,sBAAsB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACpC;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,WAAW;IAC1B,oEAAoE;IACpE,MAAM,EAAE,oBAAoB,CAAC;IAC7B,4CAA4C;IAC5C,EAAE,EAAE,KAAK,CAAC;IACV,8BAA8B;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB;;;OAGG;IACH,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC;IAChB,+CAA+C;IAC/C,MAAM,EAAE,MAAM,CAAC;IACf,0FAA0F;IAC1F,UAAU,EAAE,MAAM,OAAO,CAAC;IAC1B,+DAA+D;IAC/D,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB;;;OAGG;IACH,YAAY,EAAE,gBAAgB,CAAC;CAChC;AASD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,IAAI,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA4W1D"}

package/dist/release-manager/release-tick.js

@@ -0,0 +1,374 @@
+/**
+ * release-tick.ts
+ *
+ * Responsibility: the release-manager decision cycle (QA trigger logic, approval
+ * gate, version bump, Git tag creation, and cron rescheduling state).
+ *
+ * The single exported function `tick(ctx)` receives all dependencies and mutable
+ * inter-tick state through an explicit `TickContext` struct instead of closing
+ * over variables in the scheduler factory. This makes the function independently
+ * testable and removes the 8-variable closure from scheduler.ts.
+ *
+ * Exports:
+ *   - TickMutableState  — per-instance state that persists between ticks
+ *   - TickContext       — all deps + mutable state for one tick invocation
+ *   - tick              — execute a single release-manager decision cycle
+ */
+import { randomUUID } from "node:crypto";
+import { createLogger } from "../logger.js";
+import { logAuditEventUnchecked } from "../audit/writer.js";
+import { releaseFiredEvent, releaseSkippedEvent, releaseTagConflictEvent, releasePartialEvent, qaRunCompletedEvent, } from "../audit/events.js";
+import { collectState } from "./state.js";
+import { decide } from "./decide.js";
+import { bumpFromConfigAndCommits } from "./versioning.js";
+import { createTagAndRelease, parseRepoFromUrl } from "./github.js";
+import { triggerWorkflow, pollWorkflowRun, workflowFileExists } from "../qa/github.js";
+import { markGapResolved } from "../qa/gap.js";
+import { maybePostSlack, persistDecision, consumeApprovalRow, getMaxAttemptCountForReason, tryFileQaGapIssue, MAX_QA_RETRY_ATTEMPTS, } from "./release-helpers.js";
+const log = createLogger({ component: "ReleaseManager:scheduler" });
+/**
+ * Maximum number of completed QA run IDs to track in the dedup set before
+ * evicting stale entries. Once this threshold is reached the set is cleared;
+ * a cleared entry may produce a single duplicate `qa.run_completed` audit
+ * event, which is acceptable (far better than unbounded memory growth in
+ * long-running deployments).
+ */
+const MAX_AUDITED_RUN_IDS = 10_000;
+/** Compute the approval TTL in milliseconds from config, defaulting to 24 hours. */
+function approvalTtlMs(config) {
+    const hours = config.triggers.timeSinceLastHours;
+    if (hours && hours > 0)
+        return hours * 3600 * 1000;
+    return 24 * 3600 * 1000;
+}
+/**
+ * Execute a single release-manager decision cycle.
+ *
+ * Orchestrates the full state machine:
+ * 1. License check and pause gate.
+ * 2. Collect world state (branch HEAD, tags, CI, approvals, QA run).
+ * 3. Manual-tag detection (re-baseline).
+ * 4. QA workflow check — trigger, poll, or file gap issue as needed.
+ * 5. Decide (skip / awaiting-approval / fire).
+ * 6. On skip: persist decision, emit audit event, post Slack with dedup.
+ * 7. On awaiting-approval: persist decision, post Slack prompt.
+ * 8. On fire: create Git tag + GitHub release, persist decision, post Slack.
+ *
+ * All dependencies arrive through `ctx`; no closure variables are read or written.
+ * Mutable inter-tick state is stored in `ctx.mutableState` and updated in-place.
+ *
+ * @param ctx - All dependencies and mutable state for this tick invocation.
+ */
+export async function tick(ctx) {
+    const { config, db, octokit, linear, repoUrl, branch, isLicensed, slack, mutableState } = ctx;
+    const slackChannel = config.slackChannel;
+    if (!isLicensed()) {
+        if (!mutableState.licenseWarnLogged) {
+            log.warn({ repoUrl, branch }, "release-manager unlicensed — skipping ticks");
+            mutableState.licenseWarnLogged = true;
+        }
+        return;
+    }
+    if (Date.now() < mutableState.pausedUntilTs) {
+        log.info({ pausedUntilTs: mutableState.pausedUntilTs }, "scheduler paused (via /release skip) — skipping tick");
+        return;
+    }
+    let state;
+    try {
+        state = await collectState({
+            octokit, db, repoUrl, branch, approvalTtlMs: approvalTtlMs(config),
+        });
+    }
+    catch (err) {
+        log.error({ err, repoUrl, branch }, "collectState failed — skipping tick");
+        return;
+    }
+    const triggerStateJson = JSON.stringify({
+        mergedCommitsSinceLastTag: state.mergedCommitsSinceLastTag,
+        lastTag: state.lastTag,
+        lastTagAt: state.lastTagAt?.toISOString() ?? null,
+        ciStatus: state.ciStatus,
+        hasFreshApproval: state.hasFreshApproval,
+    });
+    // 1. Manual-tag detection — re-baseline counters.
+    if (state.manualTagDetected) {
+        const id = `rd_${randomUUID()}`;
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "skip",
+            reason: "manual_tag_detected",
+            triggerStateJson,
+        });
+        void logAuditEventUnchecked(db, releaseSkippedEvent({ repoUrl, branch, reason: "manual_tag_detected" }));
+        log.info({ repoUrl, branch }, "manual tag detected — re-baselining");
+        return;
+    }
+    // 2. BEC-136: Compute QA state when qaCheck is configured.
+    let qaState;
+    if (config.triggers.qaCheck) {
+        const { owner, repo } = parseRepoFromUrl(repoUrl);
+        let wfExists = false;
+        try {
+            wfExists = await workflowFileExists({
+                octokit, owner, repo,
+                path: config.triggers.qaCheck.workflow,
+                ref: state.headSha,
+            });
+        }
+        catch (err) {
+            log.warn({ err }, "qa workflowFileExists check failed — treating as exists");
+            wfExists = true; // fail-open so retries hit the dispatch path
+        }
+        if (wfExists) {
+            // BEC-136: workflow file is present; if there was an open gap issue for this
+            // (repo, branch, workflow), mark it resolved so a future gap can be re-filed.
+            await markGapResolved({
+                db,
+                repoUrl,
+                branch,
+                workflowPath: config.triggers.qaCheck.workflow,
+            });
+        }
+        let runConclusion = null;
+        if (state.qaRun && state.qaRun.runSha === state.headSha) {
+            try {
+                const polled = await pollWorkflowRun({ octokit, owner, repo, runId: state.qaRun.runId });
+                if (polled.kind === "completed") {
+                    runConclusion = polled.conclusion;
+                    if (!mutableState.auditedCompletedRunIds.has(state.qaRun.runId)) {
+                        // BEC-196: bounded-memory eviction. The pre-split scheduler held
+                        // this set unbounded; the split is the right moment to fix it
+                        // because state is now passed explicitly via TickMutableState.
+                        // After eviction a single QA run id can be re-audited once
+                        // (duplicate `qa.run_completed` event) — acceptable in exchange
+                        // for bounded memory. The 10k cap is high enough that hitting it
+                        // requires months of continuous QA runs.
+                        if (mutableState.auditedCompletedRunIds.size >= MAX_AUDITED_RUN_IDS) {
+                            mutableState.auditedCompletedRunIds.clear();
+                        }
+                        mutableState.auditedCompletedRunIds.add(state.qaRun.runId);
+                        // Emit qa.run_completed audit on first observation of completion.
+                        void logAuditEventUnchecked(db, qaRunCompletedEvent({
+                            repoUrl, branch,
+                            runId: state.qaRun.runId,
+                            conclusion: polled.conclusion,
+                            durationMs: polled.durationMs,
+                        }));
+                    }
+                    // When already in the set: runConclusion is still set above; audit skipped.
+                }
+            }
+            catch (err) {
+                log.warn({ err }, "qa pollWorkflowRun failed — treating as still running");
+            }
+        }
+        qaState = { workflowFileExists: wfExists, runConclusion };
+    }
+    // 3. Decision.
+    const result = decide(state, config.triggers, undefined, qaState);
+    const proposedVersion = bumpFromConfigAndCommits(state.lastTag, state.commitsSinceLastTag, config.versionBump);
+    if (result.kind === "skip") {
+        const id = `rd_${randomUUID()}`;
+        // Compute attempt count for retry handling on qa_dispatch_error path.
+        let attemptCount = 0;
+        let qaRunId;
+        let qaRunSha;
+        let finalReason = result.reason;
+        if (result.qaActionNeeded?.reason === "qa_needs_trigger") {
+            // Look up the highest attempt count across all qa_needs_trigger rows for this
+            // (branch, sha) pair. Using MAX instead of ORDER BY + LIMIT 1 to be stable
+            // when multiple rows share the same decidedAt timestamp.
+            attemptCount = await getMaxAttemptCountForReason(db, repoUrl, branch, "qa_needs_trigger", state.headSha);
+            const { owner, repo } = parseRepoFromUrl(repoUrl);
+            const dispatch = await triggerWorkflow({
+                octokit, db, owner, repo, repoUrl, branch,
+                workflow: config.triggers.qaCheck.workflow,
+                ref: state.headSha,
+                inputs: config.triggers.qaCheck.workflowInputs,
+            });
+            if (dispatch.kind === "ok") {
+                attemptCount = 0; // reset on successful dispatch
+                qaRunId = dispatch.runId;
+                qaRunSha = state.headSha;
+            }
+            else if (dispatch.kind === "dispatch_404") {
+                // Workflow disappeared between state cache and dispatch — drop into gap-issue path.
+                finalReason = "qa_no_workflow";
+                if (linear) {
+                    const gapResult = await tryFileQaGapIssue({
+                        db, linear, repoUrl, branch,
+                        workflowPath: config.triggers.qaCheck.workflow,
+                        linearTeamId: config.triggers.qaCheck.linearTeamId,
+                    });
+                    finalReason = gapResult.finalReason;
+                    attemptCount = gapResult.attemptCount;
+                }
+                else {
+                    log.error({ repoUrl, branch }, "qaCheck requires Linear client but none configured — skipping gap-issue file");
+                }
+            }
+            else if (dispatch.kind === "dispatch_422") {
+                finalReason = "qa_dispatch_error";
+                attemptCount = 99; // permanent skip — workflow misconfigured, retrying won't help
+            }
+            else if (dispatch.kind === "dispatch_pending") {
+                // GitHub eventual-consistency window. Don't count against retry budget; next tick
+                // will re-evaluate and the run should be findable by then.
+                // Tag with qaRunSha so the per-SHA retry counter query can find these rows.
+                qaRunSha = state.headSha;
+                // attemptCount stays as-is; finalReason stays as "qa_needs_trigger" for next tick to retry.
+            }
+            else {
+                // dispatch_error — increment attempt counter.
+                // Tag with qaRunSha so the per-SHA retry counter query can find these rows.
+                qaRunSha = state.headSha;
+                attemptCount += 1;
+                if (attemptCount >= MAX_QA_RETRY_ATTEMPTS) {
+                    finalReason = "qa_dispatch_error";
+                }
+            }
+        }
+        else if (result.qaActionNeeded?.reason === "qa_no_workflow") {
+            if (linear) {
+                const gapResult = await tryFileQaGapIssue({
+                    db, linear, repoUrl, branch,
+                    workflowPath: config.triggers.qaCheck.workflow,
+                    linearTeamId: config.triggers.qaCheck.linearTeamId,
+                });
+                finalReason = gapResult.finalReason;
+                attemptCount = gapResult.attemptCount;
+            }
+            else {
+                log.error({ repoUrl, branch }, "qaCheck requires Linear client but none configured — skipping gap-issue file");
+            }
+        }
+        if (result.qaActionNeeded?.reason === "qa_timed_out" && !result.qaActionNeeded.pass && state.qaRun) {
+            const elapsedMs = Date.now() - state.qaRun.triggeredAt.getTime();
+            void logAuditEventUnchecked(db, qaRunCompletedEvent({
+                repoUrl,
+                branch,
+                runId: result.qaActionNeeded.runId,
+                conclusion: "timed_out",
+                durationMs: elapsedMs,
+                synthetic: true,
+            }));
+        }
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "skip",
+            reason: finalReason,
+            triggerStateJson,
+            proposedVersion,
+            qaRunId,
+            qaRunSha,
+            attemptCount,
+        });
+        void logAuditEventUnchecked(db, releaseSkippedEvent({ repoUrl, branch, reason: finalReason }));
+        // BEC-160: emit a stdout line for every skip so operators tailing
+        // docker logs can see the scheduler is alive and why it's skipping.
+        log.info({ repoUrl, branch, reason: finalReason, mergedCommitsSinceLastTag: state.mergedCommitsSinceLastTag, lastTag: state.lastTag, proposedVersion }, "tick skip");
+        // Slack notification with dedup
+        await maybePostSlack(slack, slackChannel, db, mutableState.slackDedup, `:double_vertical_bar: Release skipped for *${repoUrl}* (${branch}): ${finalReason}`, finalReason);
+        return;
+    }
+    if (result.kind === "awaiting-approval") {
+        const id = `rd_${randomUUID()}`;
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "awaiting-approval",
+            reason: result.reason,
+            triggerStateJson,
+            proposedVersion,
+        });
+        void logAuditEventUnchecked(db, releaseSkippedEvent({ repoUrl, branch, reason: "awaiting-approval" }));
+        // BEC-160: stdout visibility for the awaiting-approval skip path.
+        log.info({ repoUrl, branch, reason: "awaiting-approval", proposedVersion }, "tick skip");
+        // Always post on first transition to awaiting-approval (bypass dedup).
+        // Reset lastSkipReason so a subsequent regular-skip will re-post.
+        mutableState.slackDedup.lastSkipReason = null;
+        await maybePostSlack(slack, slackChannel, db, mutableState.slackDedup, `:hourglass_flowing_sand: Release ready for *${repoUrl}* (${branch}): bumping ${proposedVersion} (${state.mergedCommitsSinceLastTag} commits since last tag). Run \`/release approve\` to fire.`, null);
+        return;
+    }
+    // Fire — create tag + release.
+    const id = `rd_${randomUUID()}`;
+    const githubResult = await createTagAndRelease({
+        octokit,
+        ...parseRepoFromUrl(repoUrl),
+        tag: proposedVersion,
+        sha: state.headSha,
+    });
+    if (githubResult.kind === "tag_exists") {
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "skip",
+            reason: "tag_exists",
+            triggerStateJson,
+            proposedVersion,
+        });
+        void logAuditEventUnchecked(db, releaseTagConflictEvent({ repoUrl, branch, tag: proposedVersion }));
+        // BEC-160: stdout visibility for the tag-exists skip path.
+        log.info({ repoUrl, branch, reason: "tag_exists", proposedVersion }, "tick skip");
+        return;
+    }
+    if (githubResult.kind === "release_create_failed") {
+        // Tag was created; release-creation failed. Write a single skip row with the
+        // partial-fire details so an operator can see what happened and clean up the
+        // orphaned tag manually. v1 does NOT retry release-creation across ticks
+        // (the tag is now committed, so the next tick would hit `tag_exists` and
+        // skip again — see plan §"Known v1 simplifications"). Proper retry is a v2
+        // feature requiring a tick-start sweep that calls only `createRelease` for
+        // matching fire-pending rows.
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "skip",
+            reason: "release_create_failed",
+            triggerStateJson,
+            proposedVersion,
+            firedTag: proposedVersion,
+            firedSha: state.headSha,
+        });
+        void logAuditEventUnchecked(db, releasePartialEvent({ repoUrl, branch, tag: proposedVersion, attemptCount: 1 }));
+        log.error({ repoUrl, branch, tag: proposedVersion, msg: githubResult.message }, "release create failed — tag exists in GitHub but release page not created; manual cleanup required");
+        return;
+    }
+    if (githubResult.kind === "other_error") {
+        await persistDecision(db, repoUrl, branch, {
+            id,
+            decision: "skip",
+            reason: "tag_create_error",
+            triggerStateJson,
+            proposedVersion,
+        });
+        void logAuditEventUnchecked(db, releaseSkippedEvent({ repoUrl, branch, reason: "tag_create_error" }));
+        log.error({ err: githubResult.message, repoUrl, branch }, "createTagAndRelease unknown error — wrote skip row");
+        return;
+    }
+    // ok — fire succeeded.
+    await persistDecision(db, repoUrl, branch, {
+        id,
+        decision: "fire",
+        reason: "all triggers passed",
+        triggerStateJson,
+        proposedVersion,
+        firedTag: proposedVersion,
+        firedSha: state.headSha,
+    });
+    if (state.hasFreshApproval) {
+        await consumeApprovalRow(db, repoUrl, branch, id);
+    }
+    void logAuditEventUnchecked(db, releaseFiredEvent({
+        repoUrl,
+        branch,
+        tag: proposedVersion,
+        sha: state.headSha,
+        mergedPrCount: state.mergedCommitsSinceLastTag,
+    }));
+    // BEC-160: stdout visibility for the fire path. A successful release is a
+    // production event — operators must see it in `docker logs`, not just the
+    // audit table. Slack-suppressed deployments would otherwise be silent.
+    log.info({ repoUrl, branch, tag: proposedVersion, sha: state.headSha, mergedPrCount: state.mergedCommitsSinceLastTag, releaseUrl: githubResult.releaseUrl }, "tick fire");
+    await maybePostSlack(slack, slackChannel, db, mutableState.slackDedup, `:rocket: Released *${proposedVersion}* for ${repoUrl} (${branch}). ${githubResult.releaseUrl}`, null);
+    // Reset Slack dedup so the next skip re-posts.
+    mutableState.slackDedup.lastSkipReason = null;
+}
+//# sourceMappingURL=release-tick.js.map