@vellumai/assistant 0.4.26 → 0.4.30

package/src/workspace/git-service.ts

@@ -1,14 +1,14 @@
-import { execFile } from 'node:child_process';
-import { existsSync, readFileSync, writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { promisify } from 'node:util';
+import { execFile } from "node:child_process";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { promisify } from "node:util";
 
-import { getConfig } from '../config/loader.js';
-import { getLogger } from '../util/logger.js';
-import { PromiseGuard } from '../util/promise-guard.js';
+import { getConfig } from "../config/loader.js";
+import { getLogger } from "../util/logger.js";
+import { PromiseGuard } from "../util/promise-guard.js";
 
 const execFileAsync = promisify(execFile);
-const log = getLogger('workspace-git');
+const log = getLogger("workspace-git");
 
 /**
  * Build a clean env for git subprocesses.
@@ -25,23 +25,23 @@ const log = getLogger('workspace-git');
 function cleanGitEnv(workspaceDir: string): Record<string, string> {
   const env: Record<string, string> = {};
   for (const [key, value] of Object.entries(process.env)) {
-    if (value !== undefined && !key.startsWith('GIT_')) {
+    if (value !== undefined && !key.startsWith("GIT_")) {
       env[key] = value;
     }
   }
   env.GIT_CEILING_DIRECTORIES = workspaceDir;
 
-  const home = process.env.HOME ?? '';
+  const home = process.env.HOME ?? "";
   const extraDirs = [
-    '/opt/homebrew/bin',
-    '/usr/local/bin',
+    "/opt/homebrew/bin",
+    "/usr/local/bin",
     `${home}/.local/bin`,
   ];
-  const currentPath = env.PATH ?? '';
-  const pathDirs = currentPath.split(':');
-  const missing = extraDirs.filter(d => !pathDirs.includes(d));
+  const currentPath = env.PATH ?? "";
+  const pathDirs = currentPath.split(":");
+  const missing = extraDirs.filter((d) => !pathDirs.includes(d));
   if (missing.length > 0) {
-    env.PATH = [...missing, currentPath].filter(Boolean).join(':');
+    env.PATH = [...missing, currentPath].filter(Boolean).join(":");
   }
 
   return env;
@@ -52,25 +52,25 @@ function cleanGitEnv(workspaceDir: string): Record<string, string> {
  * These are written to .gitignore on init and appended to existing .gitignore files.
  */
 const WORKSPACE_GITIGNORE_RULES = [
-  'data/db/',
-  'data/qdrant/',
-  'data/ipc-blobs/',
-  'logs/',
-  '*.log',
-  '*.sock',
-  '*.pid',
-  '*.sqlite',
-  '*.sqlite-journal',
-  '*.sqlite-wal',
-  '*.sqlite-shm',
-  '*.db',
-  '*.db-journal',
-  '*.db-wal',
-  '*.db-shm',
-  'vellum.sock',
-  'vellum.pid',
-  'session-token',
-  'http-token',
+  "data/db/",
+  "data/qdrant/",
+  "data/ipc-blobs/",
+  "logs/",
+  "*.log",
+  "*.sock",
+  "*.pid",
+  "*.sqlite",
+  "*.sqlite-journal",
+  "*.sqlite-wal",
+  "*.sqlite-shm",
+  "*.db",
+  "*.db-journal",
+  "*.db-wal",
+  "*.db-shm",
+  "vellum.sock",
+  "vellum.pid",
+  "session-token",
+  "http-token",
 ];
 
 /** Properties added by Node's child_process errors. */
@@ -177,8 +177,11 @@ export class WorkspaceGitService {
   private recordSuccess(): void {
     if (this.consecutiveFailures > 0) {
       log.info(
-        { workspaceDir: this.workspaceDir, previousFailures: this.consecutiveFailures },
-        'Circuit breaker closed: commit succeeded after failures',
+        {
+          workspaceDir: this.workspaceDir,
+          previousFailures: this.consecutiveFailures,
+        },
+        "Circuit breaker closed: commit succeeded after failures",
       );
     }
     this.consecutiveFailures = 0;
@@ -187,8 +190,10 @@ export class WorkspaceGitService {
 
   private recordFailure(): void {
     const config = getConfig();
-    const failureBackoffBaseMs = config.workspaceGit?.failureBackoffBaseMs ?? 2000;
-    const failureBackoffMaxMs = config.workspaceGit?.failureBackoffMaxMs ?? 60000;
+    const failureBackoffBaseMs =
+      config.workspaceGit?.failureBackoffBaseMs ?? 2000;
+    const failureBackoffMaxMs =
+      config.workspaceGit?.failureBackoffMaxMs ?? 60000;
     this.consecutiveFailures++;
     const delay = Math.min(
       failureBackoffBaseMs * Math.pow(2, this.consecutiveFailures - 1),
@@ -196,8 +201,12 @@ export class WorkspaceGitService {
     );
     this.nextAllowedAttemptMs = Date.now() + delay;
     log.warn(
-      { workspaceDir: this.workspaceDir, consecutiveFailures: this.consecutiveFailures, backoffMs: delay },
-      'Circuit breaker opened: commit failed, backing off',
+      {
+        workspaceDir: this.workspaceDir,
+        consecutiveFailures: this.consecutiveFailures,
+        backoffMs: delay,
+      },
+      "Circuit breaker opened: commit failed, backing off",
     );
   }
 
@@ -213,8 +222,11 @@ export class WorkspaceGitService {
   private recordInitSuccess(): void {
     if (this.initConsecutiveFailures > 0) {
       log.info(
-        { workspaceDir: this.workspaceDir, previousFailures: this.initConsecutiveFailures },
-        'Init circuit breaker closed: initialization succeeded after failures',
+        {
+          workspaceDir: this.workspaceDir,
+          previousFailures: this.initConsecutiveFailures,
+        },
+        "Init circuit breaker closed: initialization succeeded after failures",
       );
     }
     this.initConsecutiveFailures = 0;
@@ -223,8 +235,10 @@ export class WorkspaceGitService {
 
   private recordInitFailure(): void {
     const config = getConfig();
-    const failureBackoffBaseMs = config.workspaceGit?.failureBackoffBaseMs ?? 2000;
-    const failureBackoffMaxMs = config.workspaceGit?.failureBackoffMaxMs ?? 60000;
+    const failureBackoffBaseMs =
+      config.workspaceGit?.failureBackoffBaseMs ?? 2000;
+    const failureBackoffMaxMs =
+      config.workspaceGit?.failureBackoffMaxMs ?? 60000;
     this.initConsecutiveFailures++;
     const delay = Math.min(
       failureBackoffBaseMs * Math.pow(2, this.initConsecutiveFailures - 1),
@@ -232,8 +246,12 @@ export class WorkspaceGitService {
     );
     this.initNextAllowedAttemptMs = Date.now() + delay;
     log.warn(
-      { workspaceDir: this.workspaceDir, consecutiveFailures: this.initConsecutiveFailures, backoffMs: delay },
-      'Init circuit breaker opened: initialization failed, backing off',
+      {
+        workspaceDir: this.workspaceDir,
+        consecutiveFailures: this.initConsecutiveFailures,
+        backoffMs: delay,
+      },
+      "Init circuit breaker opened: initialization failed, backing off",
     );
   }
 
@@ -258,7 +276,9 @@ export class WorkspaceGitService {
 
     // If initialization is in progress, wait for it
     if (this.initGuard.active) {
-      return this.initGuard.run(() => { throw new Error('unreachable'); });
+      return this.initGuard.run(() => {
+        throw new Error("unreachable");
+      });
     }
 
     // Circuit breaker: skip if multiple recent init attempts have been failing.
@@ -266,138 +286,146 @@ export class WorkspaceGitService {
     // blocked, and only activates after 2+ consecutive failures so that a
     // single transient failure allows immediate retry.
     if (this.isInitBreakerOpen()) {
-      throw new Error('Init circuit breaker open: backing off after repeated failures');
+      throw new Error(
+        "Init circuit breaker open: backing off after repeated failures",
+      );
     }
 
     return this.initGuard.run(
-      () => this.mutex.withLock(async () => {
-        // Double-check after acquiring lock
-        if (this.initialized) {
-          return;
-        }
-
-        const gitDir = join(this.workspaceDir, '.git');
-
-        if (existsSync(gitDir)) {
-          // Validate existing repo is not corrupted before marking as ready.
-          // A corrupted .git directory (e.g. missing HEAD) would cause all
-          // subsequent git operations to fail with confusing errors.
-          try {
-            await this.execGit(['rev-parse', '--git-dir']);
-          } catch (err: unknown) {
-            // Distinguish transient failures from genuine corruption.
-            // Transient errors (timeouts, permissions, missing git binary)
-            // should NOT destroy .git — they will resolve on retry via
-            // the guard clearing logic.
-            const errMsg = err instanceof Error ? err.message : String(err);
-            const execErr = err as ExecError;
-            const isTimeout = execErr.killed === true
-              || execErr.signal === 'SIGTERM'
-              || errMsg.includes('SIGTERM')
-              || errMsg.includes('timed out');
-            const isPermission = execErr.code === 'EACCES'
-              || errMsg.includes('EACCES')
-              || errMsg.toLowerCase().includes('permission denied');
-            const isMissingBinary = execErr.code === 'ENOENT'
-              || errMsg.includes('ENOENT');
-
-            if (isTimeout || isPermission || isMissingBinary) {
-              // Re-throw so initialization fails gracefully without
-              // destroying valid git history.
-              throw err;
-            }
-
-            // Genuine corruption (e.g. missing HEAD, broken refs) —
-            // remove corrupted .git and fall through to full init below.
-            log.warn(
-              { workspaceDir: this.workspaceDir, err: errMsg },
-              'Corrupted .git directory detected; reinitializing',
-            );
-            const { rmSync } = await import('node:fs');
-            rmSync(gitDir, { recursive: true, force: true });
+      () =>
+        this.mutex.withLock(async () => {
+          // Double-check after acquiring lock
+          if (this.initialized) {
+            return;
           }
 
+          const gitDir = join(this.workspaceDir, ".git");
+
           if (existsSync(gitDir)) {
-            // .git exists and passed the corruption check, but we still
-            // need to verify that at least one commit exists. A partial
-            // init (e.g. git init succeeded but the initial commit failed)
-            // leaves .git present with an undefined HEAD. In that case,
-            // fall through to the initial commit logic below.
-            let headExists = false;
+            // Validate existing repo is not corrupted before marking as ready.
+            // A corrupted .git directory (e.g. missing HEAD) would cause all
+            // subsequent git operations to fail with confusing errors.
             try {
-              await this.execGit(['rev-parse', 'HEAD']);
-              headExists = true;
+              await this.execGit(["rev-parse", "--git-dir"]);
             } catch (err: unknown) {
-              // Distinguish transient failures from genuine "no commits".
+              // Distinguish transient failures from genuine corruption.
               // Transient errors (timeouts, permissions, missing git binary)
-              // should NOT fall through to re-initialization — they will
-              // resolve on retry via the guard clearing logic.
+              // should NOT destroy .git — they will resolve on retry via
+              // the guard clearing logic.
               const errMsg = err instanceof Error ? err.message : String(err);
               const execErr = err as ExecError;
-              const isTimeout = execErr.killed === true
-                || execErr.signal === 'SIGTERM'
-                || errMsg.includes('SIGTERM')
-                || errMsg.includes('timed out');
-              const isPermission = execErr.code === 'EACCES'
-                || errMsg.includes('EACCES')
-                || errMsg.toLowerCase().includes('permission denied');
-              const isMissingBinary = execErr.code === 'ENOENT'
-                || errMsg.includes('ENOENT');
+              const isTimeout =
+                execErr.killed === true ||
+                execErr.signal === "SIGTERM" ||
+                errMsg.includes("SIGTERM") ||
+                errMsg.includes("timed out");
+              const isPermission =
+                execErr.code === "EACCES" ||
+                errMsg.includes("EACCES") ||
+                errMsg.toLowerCase().includes("permission denied");
+              const isMissingBinary =
+                execErr.code === "ENOENT" || errMsg.includes("ENOENT");
 
               if (isTimeout || isPermission || isMissingBinary) {
+                // Re-throw so initialization fails gracefully without
+                // destroying valid git history.
                 throw err;
               }
-              // Genuine "no commits" (unborn HEAD) — fall through to
-              // create the initial commit.
-            }
 
-            if (headExists) {
-              // HEAD resolves — repo is fully initialized.
-              // Run normalization for existing repos that may have been
-              // created before these helpers existed, or by external tools.
-              // These calls are OUTSIDE the rev-parse try/catch so that
-              // normalization errors are not misclassified as "no commits".
-              this.ensureGitignoreRulesLocked();
-              await this.ensureCommitIdentityLocked();
-              await this.ensureOnMainLocked();
-              this.initialized = true;
-              this.recordInitSuccess();
-              return;
+              // Genuine corruption (e.g. missing HEAD, broken refs) —
+              // remove corrupted .git and fall through to full init below.
+              log.warn(
+                { workspaceDir: this.workspaceDir, err: errMsg },
+                "Corrupted .git directory detected; reinitializing",
+              );
+              const { rmSync } = await import("node:fs");
+              rmSync(gitDir, { recursive: true, force: true });
             }
-          }
-          // Otherwise fall through to reinitialize / create initial commit
-        }
-
-        // Initialize new git repository
-        await this.execGit(['init', '-b', 'main']);
-
-        // Run normalization (gitignore + identity + branch enforcement).
-        // For fresh `git init -b main` the branch is already main, but
-        // in the corruption-recovery path we fall through here after
-        // removing .git, so branch enforcement is still useful.
-        this.ensureGitignoreRulesLocked();
-        await this.ensureCommitIdentityLocked();
-        await this.ensureOnMainLocked();
-
-        // Create initial commit synchronously within the lock to prevent
-        // races with the first commitChanges() call. Without this, the
-        // initial commit could run concurrently and consume edits meant
-        // for the first user-requested commit.
-        const status = await this.getStatusInternal();
-        const hasExistingFiles = status.untracked.length > 1 || // More than just .gitignore
-          status.untracked.some(f => f !== '.gitignore');
-
-        await this.execGit(['add', '-A']);
 
-        const message = hasExistingFiles
-          ? 'Initial commit: migrated existing workspace'
-          : 'Initial commit: new workspace';
+            if (existsSync(gitDir)) {
+              // .git exists and passed the corruption check, but we still
+              // need to verify that at least one commit exists. A partial
+              // init (e.g. git init succeeded but the initial commit failed)
+              // leaves .git present with an undefined HEAD. In that case,
+              // fall through to the initial commit logic below.
+              let headExists = false;
+              try {
+                await this.execGit(["rev-parse", "HEAD"]);
+                headExists = true;
+              } catch (err: unknown) {
+                // Distinguish transient failures from genuine "no commits".
+                // Transient errors (timeouts, permissions, missing git binary)
+                // should NOT fall through to re-initialization — they will
+                // resolve on retry via the guard clearing logic.
+                const errMsg = err instanceof Error ? err.message : String(err);
+                const execErr = err as ExecError;
+                const isTimeout =
+                  execErr.killed === true ||
+                  execErr.signal === "SIGTERM" ||
+                  errMsg.includes("SIGTERM") ||
+                  errMsg.includes("timed out");
+                const isPermission =
+                  execErr.code === "EACCES" ||
+                  errMsg.includes("EACCES") ||
+                  errMsg.toLowerCase().includes("permission denied");
+                const isMissingBinary =
+                  execErr.code === "ENOENT" || errMsg.includes("ENOENT");
+
+                if (isTimeout || isPermission || isMissingBinary) {
+                  throw err;
+                }
+                // Genuine "no commits" (unborn HEAD) — fall through to
+                // create the initial commit.
+              }
 
-        await this.execGit(['commit', '-m', message, '--allow-empty']);
+              if (headExists) {
+                // HEAD resolves — repo is fully initialized.
+                // Run normalization for existing repos that may have been
+                // created before these helpers existed, or by external tools.
+                // These calls are OUTSIDE the rev-parse try/catch so that
+                // normalization errors are not misclassified as "no commits".
+                this.ensureGitignoreRulesLocked();
+                await this.ensureCommitIdentityLocked();
+                await this.ensureOnMainLocked();
+                this.initialized = true;
+                this.recordInitSuccess();
+                return;
+              }
+            }
+            // Otherwise fall through to reinitialize / create initial commit
+          }
 
-        this.initialized = true;
-        this.recordInitSuccess();
-      }),
+          // Initialize new git repository
+          await this.execGit(["init", "-b", "main"]);
+
+          // Run normalization (gitignore + identity + branch enforcement).
+          // For fresh `git init -b main` the branch is already main, but
+          // in the corruption-recovery path we fall through here after
+          // removing .git, so branch enforcement is still useful.
+          this.ensureGitignoreRulesLocked();
+          await this.ensureCommitIdentityLocked();
+          await this.ensureOnMainLocked();
+
+          // Create initial commit synchronously within the lock to prevent
+          // races with the first commitChanges() call. Without this, the
+          // initial commit could run concurrently and consume edits meant
+          // for the first user-requested commit.
+          const status = await this.getStatusInternal();
+          const hasExistingFiles =
+            status.untracked.length > 1 || // More than just .gitignore
+            status.untracked.some((f) => f !== ".gitignore");
+
+          await this.execGit(["add", "-A"]);
+
+          const message = hasExistingFiles
+            ? "Initial commit: migrated existing workspace"
+            : "Initial commit: new workspace";
+
+          await this.execGit(["commit", "-m", message, "--allow-empty"]);
+
+          this.initialized = true;
+          this.recordInitSuccess();
+        }),
       () => this.recordInitFailure(),
     );
   }
@@ -408,23 +436,28 @@ export class WorkspaceGitService {
    * @param message - Commit message describing the changes
    * @param metadata - Optional metadata (currently stored in commit message)
    */
-  async commitChanges(message: string, metadata?: GitCommitMetadata): Promise<void> {
+  async commitChanges(
+    message: string,
+    metadata?: GitCommitMetadata,
+  ): Promise<void> {
     await this.ensureInitialized();
 
     await this.mutex.withLock(async () => {
       // Stage all changes
-      await this.execGit(['add', '-A']);
+      await this.execGit(["add", "-A"]);
 
       // Build commit message with metadata if provided
       let fullMessage = message;
       if (metadata && Object.keys(metadata).length > 0) {
-        fullMessage += '\n\n' + Object.entries(metadata)
-          .map(([key, value]) => `${key}: ${JSON.stringify(value)}`)
-          .join('\n');
+        fullMessage +=
+          "\n\n" +
+          Object.entries(metadata)
+            .map(([key, value]) => `${key}: ${JSON.stringify(value)}`)
+            .join("\n");
       }
 
       // Commit (will succeed even if no changes)
-      await this.execGit(['commit', '-m', fullMessage, '--allow-empty']);
+      await this.execGit(["commit", "-m", fullMessage, "--allow-empty"]);
     });
   }
 
@@ -444,18 +477,28 @@ export class WorkspaceGitService {
    * @returns Whether a commit was created and the status at check time.
    */
   async commitIfDirty(
-    decide: (status: GitStatus) => { message: string; metadata?: GitCommitMetadata } | null,
+    decide: (
+      status: GitStatus,
+    ) => { message: string; metadata?: GitCommitMetadata } | null,
     options?: { bypassBreaker?: boolean; deadlineMs?: number },
   ): Promise<{ committed: boolean; status: GitStatus }> {
-    const emptyStatus: GitStatus = { staged: [], modified: [], untracked: [], clean: false };
+    const emptyStatus: GitStatus = {
+      staged: [],
+      modified: [],
+      untracked: [],
+      clean: false,
+    };
 
     // Circuit breaker: skip expensive git work if recent attempts have been failing.
     // Shutdown commits bypass the breaker because the process is about to exit and
     // this is the last chance to persist workspace state.
     if (!options?.bypassBreaker && this.isBreakerOpen()) {
       log.debug(
-        { workspaceDir: this.workspaceDir, consecutiveFailures: this.consecutiveFailures },
-        'Circuit breaker open, skipping commit attempt',
+        {
+          workspaceDir: this.workspaceDir,
+          consecutiveFailures: this.consecutiveFailures,
+        },
+        "Circuit breaker open, skipping commit attempt",
       );
       return { committed: false, status: emptyStatus };
     }
@@ -464,7 +507,7 @@ export class WorkspaceGitService {
     if (isDeadlineExpired(options?.deadlineMs)) {
       log.debug(
         { workspaceDir: this.workspaceDir },
-        'Deadline expired before lock acquisition, skipping commit',
+        "Deadline expired before lock acquisition, skipping commit",
       );
       return { committed: false, status: emptyStatus };
     }
@@ -478,10 +521,17 @@ export class WorkspaceGitService {
         // the breaker is open.
         if (!options?.bypassBreaker && this.isBreakerOpen()) {
           log.debug(
-            { workspaceDir: this.workspaceDir, consecutiveFailures: this.consecutiveFailures },
-            'Circuit breaker open after lock acquisition, skipping commit',
+            {
+              workspaceDir: this.workspaceDir,
+              consecutiveFailures: this.consecutiveFailures,
+            },
+            "Circuit breaker open after lock acquisition, skipping commit",
           );
-          return { committed: false, status: emptyStatus, didRunGit: false as const };
+          return {
+            committed: false,
+            status: emptyStatus,
+            didRunGit: false as const,
+          };
         }
 
         // Re-check deadline after lock acquisition: the call may have waited
@@ -489,9 +539,13 @@ export class WorkspaceGitService {
         if (isDeadlineExpired(options?.deadlineMs)) {
           log.debug(
             { workspaceDir: this.workspaceDir },
-            'Deadline expired after lock acquisition, skipping commit',
+            "Deadline expired after lock acquisition, skipping commit",
           );
-          return { committed: false, status: emptyStatus, didRunGit: false as const };
+          return {
+            committed: false,
+            status: emptyStatus,
+            didRunGit: false as const,
+          };
         }
 
         const status = await this.getStatusInternal();
@@ -508,18 +562,18 @@ export class WorkspaceGitService {
         if (isDeadlineExpired(options?.deadlineMs)) {
           log.debug(
             { workspaceDir: this.workspaceDir },
-            'Deadline expired before git add/commit, skipping commit',
+            "Deadline expired before git add/commit, skipping commit",
           );
           return { committed: false, status, didRunGit: true as const };
         }
 
-        await this.execGit(['add', '-A']);
+        await this.execGit(["add", "-A"]);
 
         // Verify something was actually staged. Another service instance
         // (or external process) could have committed between our status
         // check and the add, leaving the index clean.
         try {
-          await this.execGit(['diff', '--cached', '--quiet']);
+          await this.execGit(["diff", "--cached", "--quiet"]);
           // Exit code 0 means nothing staged — nothing to commit
           return { committed: false, status, didRunGit: true as const };
         } catch (err) {
@@ -534,12 +588,14 @@ export class WorkspaceGitService {
 
         let fullMessage = decision.message;
         if (decision.metadata && Object.keys(decision.metadata).length > 0) {
-          fullMessage += '\n\n' + Object.entries(decision.metadata)
-            .map(([key, value]) => `${key}: ${JSON.stringify(value)}`)
-            .join('\n');
+          fullMessage +=
+            "\n\n" +
+            Object.entries(decision.metadata)
+              .map(([key, value]) => `${key}: ${JSON.stringify(value)}`)
+              .join("\n");
         }
 
-        await this.execGit(['commit', '-m', fullMessage]);
+        await this.execGit(["commit", "-m", fullMessage]);
         return { committed: true, status, didRunGit: true as const };
       });
       if (result.didRunGit) {
@@ -566,13 +622,13 @@ export class WorkspaceGitService {
    * Internal status implementation (must be called with lock held).
    */
   private async getStatusInternal(): Promise<GitStatus> {
-    const { stdout } = await this.execGit(['status', '--porcelain']);
+    const { stdout } = await this.execGit(["status", "--porcelain"]);
 
     const staged: string[] = [];
     const modified: string[] = [];
     const untracked: string[] = [];
 
-    for (const line of stdout.split('\n')) {
+    for (const line of stdout.split("\n")) {
       if (!line) continue;
 
       const status = line.substring(0, 2);
@@ -582,13 +638,13 @@ export class WorkspaceGitService {
       const stagedStatus = status[0];
       const workingStatus = status[1];
 
-      if (stagedStatus !== ' ' && stagedStatus !== '?') {
+      if (stagedStatus !== " " && stagedStatus !== "?") {
         staged.push(file);
       }
-      if (workingStatus === 'M' || workingStatus === 'D') {
+      if (workingStatus === "M" || workingStatus === "D") {
         modified.push(file);
       }
-      if (status === '??') {
+      if (status === "??") {
         untracked.push(file);
       }
     }
@@ -597,7 +653,8 @@ export class WorkspaceGitService {
       staged,
       modified,
       untracked,
-      clean: staged.length === 0 && modified.length === 0 && untracked.length === 0,
+      clean:
+        staged.length === 0 && modified.length === 0 && untracked.length === 0,
     };
   }
 
@@ -607,37 +664,43 @@ export class WorkspaceGitService {
    * Must be called with the mutex lock held.
    */
   private ensureGitignoreRulesLocked(): void {
-    const gitignorePath = join(this.workspaceDir, '.gitignore');
+    const gitignorePath = join(this.workspaceDir, ".gitignore");
     if (existsSync(gitignorePath)) {
-      let content = readFileSync(gitignorePath, 'utf-8');
+      let content = readFileSync(gitignorePath, "utf-8");
 
       // Migrate legacy broad ignore rule to selective data subdirectory rules.
       // This keeps user-tracked files under data/ visible to git.
-      const lines = content.split('\n');
-      const hadLegacyDataRule = lines.some(line => line.trim() === 'data/');
+      const lines = content.split("\n");
+      const hadLegacyDataRule = lines.some((line) => line.trim() === "data/");
       if (hadLegacyDataRule) {
-        content = lines
-          .filter(line => line.trim() !== 'data/')
-          .join('\n');
-        if (!content.endsWith('\n')) {
-          content += '\n';
+        content = lines.filter((line) => line.trim() !== "data/").join("\n");
+        if (!content.endsWith("\n")) {
+          content += "\n";
         }
       }
 
-      const missingRules = WORKSPACE_GITIGNORE_RULES.filter(rule => !content.includes(rule));
+      const missingRules = WORKSPACE_GITIGNORE_RULES.filter(
+        (rule) => !content.includes(rule),
+      );
       if (hadLegacyDataRule || missingRules.length > 0) {
         let updated = content;
         if (missingRules.length > 0) {
-          if (!updated.endsWith('\n')) {
-            updated += '\n';
+          if (!updated.endsWith("\n")) {
+            updated += "\n";
           }
-          updated += '# Vellum runtime state (auto-added)\n' + missingRules.join('\n') + '\n';
+          updated +=
+            "# Vellum runtime state (auto-added)\n" +
+            missingRules.join("\n") +
+            "\n";
         }
-        writeFileSync(gitignorePath, updated, 'utf-8');
+        writeFileSync(gitignorePath, updated, "utf-8");
       }
     } else {
-      const gitignore = '# Runtime state - excluded from git tracking\n' + WORKSPACE_GITIGNORE_RULES.join('\n') + '\n';
-      writeFileSync(gitignorePath, gitignore, 'utf-8');
+      const gitignore =
+        "# Runtime state - excluded from git tracking\n" +
+        WORKSPACE_GITIGNORE_RULES.join("\n") +
+        "\n";
+      writeFileSync(gitignorePath, gitignore, "utf-8");
     }
   }
 
@@ -647,8 +710,8 @@ export class WorkspaceGitService {
    * Must be called with the mutex lock held.
    */
   private async ensureCommitIdentityLocked(): Promise<void> {
-    await this.execGit(['config', 'user.name', 'Vellum Assistant']);
-    await this.execGit(['config', 'user.email', 'assistant@vellum.ai']);
+    await this.execGit(["config", "user.name", "Vellum Assistant"]);
+    await this.execGit(["config", "user.email", "assistant@vellum.ai"]);
   }
 
   /**
@@ -660,18 +723,23 @@ export class WorkspaceGitService {
   private async ensureOnMainLocked(): Promise<void> {
     let currentBranch: string | null = null;
     try {
-      const { stdout } = await this.execGit(['symbolic-ref', '--short', 'HEAD']);
+      const { stdout } = await this.execGit([
+        "symbolic-ref",
+        "--short",
+        "HEAD",
+      ]);
       currentBranch = stdout.trim();
     } catch {
       // symbolic-ref fails in detached HEAD state
       currentBranch = null;
     }
 
-    if (currentBranch === 'main') {
+    if (currentBranch === "main") {
       return;
     }
 
-    const state = currentBranch == null ? 'detached HEAD' : `branch '${currentBranch}'`;
+    const state =
+      currentBranch == null ? "detached HEAD" : `branch '${currentBranch}'`;
     log.warn(
       { workspaceDir: this.workspaceDir, currentBranch },
       `Workspace repo is on ${state}; auto-switching to main`,
@@ -681,12 +749,12 @@ export class WorkspaceGitService {
     // If the switch fails, distinguish "main doesn't exist" from
     // "local changes would be overwritten" to pick the right recovery.
     try {
-      await this.execGit(['switch', 'main']);
+      await this.execGit(["switch", "main"]);
     } catch {
       // Check whether `main` already exists as a branch.
       let mainExists = false;
       try {
-        await this.execGit(['rev-parse', '--verify', 'refs/heads/main']);
+        await this.execGit(["rev-parse", "--verify", "refs/heads/main"]);
         mainExists = true;
       } catch {
         // main branch does not exist
@@ -696,10 +764,10 @@ export class WorkspaceGitService {
         // `main` exists but switch failed — likely due to uncommitted
         // local changes that would be overwritten. Discard them so we
         // can land on main.
-        await this.execGit(['switch', 'main', '--discard-changes']);
+        await this.execGit(["switch", "main", "--discard-changes"]);
       } else {
         // `main` doesn't exist yet — create it.
-        await this.execGit(['switch', '-c', 'main']);
+        await this.execGit(["switch", "-c", "main"]);
       }
     }
   }
@@ -711,13 +779,16 @@ export class WorkspaceGitService {
    * intentionally short for interactive workspace operations — background
    * enrichment jobs use their own dedicated timeout.
    */
-  private async execGit(args: string[], options?: { signal?: AbortSignal }): Promise<{ stdout: string; stderr: string }> {
+  private async execGit(
+    args: string[],
+    options?: { signal?: AbortSignal },
+  ): Promise<{ stdout: string; stderr: string }> {
     const config = getConfig();
     const timeoutMs = config.workspaceGit?.interactiveGitTimeoutMs ?? 10_000;
     try {
-      const { stdout, stderr } = await execFileAsync('git', args, {
+      const { stdout, stderr } = await execFileAsync("git", args, {
         cwd: this.workspaceDir,
-        encoding: 'utf-8',
+        encoding: "utf-8",
         timeout: timeoutMs,
         env: cleanGitEnv(this.workspaceDir),
         signal: options?.signal,
@@ -727,15 +798,22 @@ export class WorkspaceGitService {
       // Enhance error with git command details, preserving properties
       // needed to distinguish transient failures from corruption.
       const gitErr = err as Error & {
-        stdout?: string; stderr?: string;
-        code?: string; killed?: boolean; signal?: string;
+        stdout?: string;
+        stderr?: string;
+        code?: string;
+        killed?: boolean;
+        signal?: string;
       };
-      const isPermissionError = gitErr.code === 'EACCES' || gitErr.stderr?.includes('Permission denied');
-      const prefix = isPermissionError ? 'Git permission error' : 'Git command failed';
+      const isPermissionError =
+        gitErr.code === "EACCES" ||
+        gitErr.stderr?.includes("Permission denied");
+      const prefix = isPermissionError
+        ? "Git permission error"
+        : "Git command failed";
       const enhanced = new Error(
-        `${prefix}: git ${args.join(' ')}\n` +
-        `Error: ${gitErr.message}\n` +
-        `Stderr: ${gitErr.stderr || ''}`,
+        `${prefix}: git ${args.join(" ")}\n` +
+          `Error: ${gitErr.message}\n` +
+          `Stderr: ${gitErr.stderr || ""}`,
       );
       // Preserve properties so callers can detect timeouts, permission
       // errors, and missing-binary failures without parsing the message.
@@ -752,7 +830,9 @@ export class WorkspaceGitService {
    * Does NOT acquire the mutex — callers must ensure they are not
    * writing to the repo concurrently (or accept eventual-consistency).
    */
-  async runReadOnlyGit(args: string[]): Promise<{ stdout: string; stderr: string }> {
+  async runReadOnlyGit(
+    args: string[],
+  ): Promise<{ stdout: string; stderr: string }> {
     await this.ensureInitialized();
     return this.execGit(args);
   }
@@ -762,7 +842,11 @@ export class WorkspaceGitService {
    * Use this for write operations that need serialization with other
    * git mutations (e.g. checkout + commit).
    */
-  async runWithMutex(fn: (exec: (args: string[]) => Promise<{ stdout: string; stderr: string }>) => Promise<void>): Promise<void> {
+  async runWithMutex(
+    fn: (
+      exec: (args: string[]) => Promise<{ stdout: string; stderr: string }>,
+    ) => Promise<void>,
+  ): Promise<void> {
     await this.ensureInitialized();
     await this.mutex.withLock(async () => {
       await fn((args) => this.execGit(args));
@@ -774,7 +858,7 @@ export class WorkspaceGitService {
    * This is a lightweight read-only operation that does not require the mutex.
    */
   async getHeadHash(): Promise<string> {
-    const { stdout } = await this.execGit(['rev-parse', 'HEAD']);
+    const { stdout } = await this.execGit(["rev-parse", "HEAD"]);
     return stdout.trim();
   }
 
@@ -782,8 +866,15 @@ export class WorkspaceGitService {
    * Write a git note to a specific commit.
    * Uses the 'vellum' notes ref to avoid conflicts with default notes.
    */
-  async writeNote(commitHash: string, noteContent: string, signal?: AbortSignal): Promise<void> {
-    await this.execGit(['notes', '--ref=vellum', 'add', '-f', '-m', noteContent, commitHash], { signal });
+  async writeNote(
+    commitHash: string,
+    noteContent: string,
+    signal?: AbortSignal,
+  ): Promise<void> {
+    await this.execGit(
+      ["notes", "--ref=vellum", "add", "-f", "-m", noteContent, commitHash],
+      { signal },
+    );
   }
 
   /**
@@ -791,7 +882,7 @@ export class WorkspaceGitService {
    * This is a non-blocking check that doesn't trigger initialization.
    */
   isInitialized(): boolean {
-    return existsSync(join(this.workspaceDir, '.git'));
+    return existsSync(join(this.workspaceDir, ".git"));
   }
 
   /**
@@ -822,7 +913,9 @@ const serviceRegistry = new Map<string, WorkspaceGitService>();
  * @param workspaceDir - Absolute path to workspace directory
  * @returns WorkspaceGitService instance for the workspace
  */
-export function getWorkspaceGitService(workspaceDir: string): WorkspaceGitService {
+export function getWorkspaceGitService(
+  workspaceDir: string,
+): WorkspaceGitService {
   let service = serviceRegistry.get(workspaceDir);
   if (!service) {
     service = new WorkspaceGitService(workspaceDir);
@@ -835,7 +928,10 @@ export function getWorkspaceGitService(workspaceDir: string): WorkspaceGitServic
  * Returns all currently registered WorkspaceGitService instances.
  * Used by the heartbeat service to check all tracked workspaces for uncommitted changes.
  */
-export function getAllWorkspaceGitServices(): ReadonlyMap<string, WorkspaceGitService> {
+export function getAllWorkspaceGitServices(): ReadonlyMap<
+  string,
+  WorkspaceGitService
+> {
   return serviceRegistry;
 }
 
@@ -850,28 +946,48 @@ export function _resetGitServiceRegistry(): void {
  * @internal Test-only: reset circuit breaker state for a service instance
  */
 export function _resetBreaker(service: WorkspaceGitService): void {
-  (service as unknown as { consecutiveFailures: number }).consecutiveFailures = 0;
-  (service as unknown as { nextAllowedAttemptMs: number }).nextAllowedAttemptMs = 0;
+  (
+    service as unknown as {
+      consecutiveFailures: number;
+    }
+  ).consecutiveFailures = 0;
+  (
+    service as unknown as {
+      nextAllowedAttemptMs: number;
+    }
+  ).nextAllowedAttemptMs = 0;
 }
 
 /**
  * @internal Test-only: get consecutive failure count
  */
 export function _getConsecutiveFailures(service: WorkspaceGitService): number {
-  return (service as unknown as { consecutiveFailures: number }).consecutiveFailures;
+  return (service as unknown as { consecutiveFailures: number })
+    .consecutiveFailures;
 }
 
 /**
  * @internal Test-only: reset init circuit breaker state for a service instance
  */
 export function _resetInitBreaker(service: WorkspaceGitService): void {
-  (service as unknown as { initConsecutiveFailures: number }).initConsecutiveFailures = 0;
-  (service as unknown as { initNextAllowedAttemptMs: number }).initNextAllowedAttemptMs = 0;
+  (
+    service as unknown as {
+      initConsecutiveFailures: number;
+    }
+  ).initConsecutiveFailures = 0;
+  (
+    service as unknown as {
+      initNextAllowedAttemptMs: number;
+    }
+  ).initNextAllowedAttemptMs = 0;
 }
 
 /**
  * @internal Test-only: get init consecutive failure count
  */
-export function _getInitConsecutiveFailures(service: WorkspaceGitService): number {
-  return (service as unknown as { initConsecutiveFailures: number }).initConsecutiveFailures;
+export function _getInitConsecutiveFailures(
+  service: WorkspaceGitService,
+): number {
+  return (service as unknown as { initConsecutiveFailures: number })
+    .initConsecutiveFailures;
 }