@yemi33/minions 0.1.1910 → 0.1.1912

package/engine/cc-worker-pool.js

@@ -0,0 +1,512 @@
+/**
+ * engine/cc-worker-pool.js — Persistent per-tab Copilot worker pool (W-mp3ioyh300056f36).
+ *
+ * Sub-task B of W-mp2w003600196c51 ("CC perf: persistent per-tab Copilot
+ * worker"). Wraps `copilot --acp` (Agent Client Protocol — long-lived JSON-RPC
+ * server over stdin/stdout) so that a Command Center / doc-chat tab keeps a
+ * single warm Copilot process across N turns instead of paying the
+ * spawn + initialize + session/new (~14 s) cost on every turn.
+ *
+ * Public API:
+ *
+ *   pool.getSession({ tabId, model, effort, mcpServers, systemPromptHash, cwd })
+ *     → SessionHandle: {
+ *         sessionId,
+ *         stream(promptText, { onChunk, onDone, onError, signal, systemPromptText }) → Promise,
+ *         cancel(),                  // session/cancel notification
+ *         close(),                   // tear down this tab
+ *       }
+ *   pool.closeTab(tabId)             // cancel inflight, kill proc, drop entry
+ *   pool.shutdown()                  // close every tab and stop the idle reaper
+ *
+ * Internal model (one process per tab):
+ *
+ *   tabs: Map<tabId, Worker> where Worker = {
+ *     proc, sessionId, model, effort, mcpServers, mcpServersHash,
+ *     systemPromptHash, cwd, lastUsedAt,
+ *     pending: Map<id, { resolve, reject }>, inflight, readBuf, nextReqId
+ *   }
+ *
+ *   TODO (sub-task C/D follow-up): multiplex N tabs onto one ACP process
+ *   (`session/new` per tab, single `proc`). ACP supports it; left as a
+ *   follow-up perf win once one-process-per-tab is proven in the dashboard.
+ *
+ * Eviction rules:
+ *   - mcpServers changes      → kill proc entirely + respawn
+ *   - systemPromptHash change → keep proc, send a fresh `session/new`
+ *   - model / effort change   → no eviction (state updated in place)
+ *   - closeTab                → `session/cancel` if inflight, then kill proc
+ *   - Idle > 10 min           → kill proc (reaper sweep every 60 s)
+ *
+ * Auth precheck: when `copilot --acp` exits before the initialize handshake
+ * completes, surface
+ *   "copilot --acp failed -- ensure copilot CLI >=1.0.46 and copilot login
+ *    is complete (...)"
+ * so the dashboard can surface a precise reason instead of a generic timeout.
+ *
+ * No new npm deps — Node built-ins only (child_process, events, timers, crypto).
+ *
+ * See `notes/archive/2026-05-13-ripley-W-mp3h2wq2000e64f7-2026-05-13-0301.md`
+ * for the ACP protocol probe (line framing, request/response correlation,
+ * cold-vs-warm timings, cancel semantics, configOptions surface).
+ */
+
+const { spawn } = require('child_process');
+const crypto = require('crypto');
+
+// 10 minutes — matches the work-item spec.
+const IDLE_REAPER_MS = 10 * 60 * 1000;
+// Reaper sweep cadence. Not exposed as ENGINE_DEFAULTS to keep the pool
+// dependency-free; sub-task C/D can plumb a config knob if needed.
+const REAPER_INTERVAL_MS = 60 * 1000;
+
+// Test seam — every external side effect goes through `_internals` so
+// test/unit/cc-worker-pool.test.js can stub spawn/now/killImmediate.
+const _internals = {
+  spawnAcp({ cwd } = {}) {
+    return spawn(
+      'copilot',
+      ['--acp', '--allow-all', '--max-autopilot-continues', '1'],
+      {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        cwd: cwd || process.cwd(),
+        windowsHide: true,
+        // Don't pass shell:true — Copilot is a binary on PATH and a shell
+        // wrapper would swallow stdin/stdout framing.
+      }
+    );
+  },
+  killImmediate(proc) {
+    // Lazy require so unit tests that don't load engine/shared still work.
+    try {
+      const shared = require('./shared');
+      shared.killImmediate(proc);
+    } catch {
+      try { proc.kill('SIGKILL'); } catch { /* already dead */ }
+    }
+  },
+  now() { return Date.now(); },
+};
+
+const _tabs = new Map();
+let _reaperTimer = null;
+
+function _hashMcpServers(mcpServers) {
+  // Stable hash via JSON.stringify; mcpServers is an array of plain objects
+  // in practice (name/command/env) so the natural key order is fine.
+  const json = mcpServers == null ? '[]' : JSON.stringify(mcpServers);
+  return crypto.createHash('sha256').update(json).digest('hex');
+}
+
+class Worker {
+  constructor({ tabId, model, effort, mcpServers, mcpServersHash, systemPromptHash, cwd }) {
+    this.tabId = tabId;
+    this.model = model;
+    this.effort = effort;
+    this.mcpServers = mcpServers || [];
+    this.mcpServersHash = mcpServersHash;
+    this.systemPromptHash = systemPromptHash;
+    this.cwd = cwd || process.cwd();
+
+    this.proc = null;
+    this.sessionId = null;
+    this.pending = new Map();      // id → { resolve, reject }
+    this.inflight = null;          // current { id, sessionId, onChunk, onDone, onError, signal, signalHandler, settled }
+    this.readBuf = '';
+    this.nextReqId = 1;
+    this.lastUsedAt = _internals.now();
+    this.killed = false;
+    this.spawnError = null;
+    this.firstSystemPromptSent = false;
+  }
+
+  // ── Spawn + initialize handshake ────────────────────────────────────────
+  async _spawnAndInit() {
+    let proc;
+    try {
+      proc = _internals.spawnAcp({ cwd: this.cwd });
+    } catch (err) {
+      throw new Error(
+        `copilot --acp failed -- ensure copilot CLI >=1.0.46 and copilot login is complete (${err.message})`
+      );
+    }
+    this.proc = proc;
+
+    proc.stdout.on('data', (chunk) => this._onStdout(chunk));
+    // stderr is captured for diagnostics but we don't act on it.
+    if (proc.stderr) proc.stderr.on('data', () => { /* ignore */ });
+
+    // Race the init handshake against an early process exit so an auth
+    // failure (which kills the daemon before initialize completes) surfaces
+    // a clear error instead of hanging forever.
+    let earlyExitReject;
+    const earlyExitPromise = new Promise((_, reject) => {
+      earlyExitReject = (code) => {
+        this.killed = true;
+        const err = new Error(
+          `copilot --acp failed -- ensure copilot CLI >=1.0.46 and copilot login is complete (exit ${code})`
+        );
+        this.spawnError = err;
+        this._failAllPending(err);
+        reject(err);
+      };
+    });
+    const earlyExitHandler = (code) => earlyExitReject(code);
+    proc.once('exit', earlyExitHandler);
+
+    const errorHandler = (err) => {
+      const wrapped = new Error(
+        `copilot --acp failed -- ensure copilot CLI >=1.0.46 and copilot login is complete (${err.message})`
+      );
+      this.spawnError = wrapped;
+      this.killed = true;
+      this._failAllPending(wrapped);
+    };
+    proc.on('error', errorHandler);
+
+    try {
+      await Promise.race([
+        this._call('initialize', { protocolVersion: 1, clientCapabilities: {} }),
+        earlyExitPromise,
+      ]);
+      const result = await Promise.race([
+        this._call('session/new', { cwd: this.cwd, mcpServers: this.mcpServers }),
+        earlyExitPromise,
+      ]);
+      this.sessionId = result && result.sessionId;
+      if (!this.sessionId) {
+        throw new Error('copilot --acp failed -- session/new returned no sessionId');
+      }
+    } finally {
+      // Either the handshake finished (swap to a persistent exit handler that
+      // just marks killed) or it failed (proc is dying anyway).
+      proc.removeListener('exit', earlyExitHandler);
+    }
+    proc.on('exit', () => {
+      this.killed = true;
+      const err = new Error('copilot --acp process exited');
+      this._failAllPending(err);
+      // Settle inflight too if it's still hanging
+      if (this.inflight && !this.inflight.settled) {
+        const cb = this.inflight.onError;
+        this.inflight.settled = true;
+        this.inflight = null;
+        if (cb) try { cb(err); } catch { /* swallow */ }
+      }
+    });
+  }
+
+  _failAllPending(err) {
+    for (const { reject } of this.pending.values()) {
+      try { reject(err); } catch { /* swallow */ }
+    }
+    this.pending.clear();
+  }
+
+  // ── Newline-delimited JSON-RPC line framing ────────────────────────────
+  _onStdout(chunk) {
+    this.readBuf += chunk.toString('utf8');
+    let i;
+    while ((i = this.readBuf.indexOf('\n')) >= 0) {
+      const line = this.readBuf.slice(0, i).trim();
+      this.readBuf = this.readBuf.slice(i + 1);
+      if (!line) continue;
+      let obj;
+      try { obj = JSON.parse(line); } catch { continue; }
+      this._handleMessage(obj);
+    }
+  }
+
+  _handleMessage(obj) {
+    // Response (matches an outbound id)
+    if (obj.id != null && this.pending.has(obj.id)) {
+      const { resolve, reject } = this.pending.get(obj.id);
+      this.pending.delete(obj.id);
+      if (obj.error) reject(new Error(obj.error.message || 'ACP error'));
+      else resolve(obj.result);
+      return;
+    }
+    // Notification (no id) — only `session/update` matters for streaming.
+    if (obj.method === 'session/update' && obj.params && this.inflight) {
+      if (obj.params.sessionId !== this.inflight.sessionId) return;
+      const update = obj.params.update;
+      if (!update) return;
+      if (update.sessionUpdate === 'agent_message_chunk') {
+        const text = _extractChunkText(update.content);
+        if (text && this.inflight.onChunk) {
+          try { this.inflight.onChunk(text); } catch { /* swallow */ }
+        }
+      }
+      // Other update kinds (available_commands_update, tool_call, ...) are
+      // ignored in sub-task B. Sub-task C/D will surface tool_call to the
+      // dashboard's onToolUse callback.
+    }
+  }
+
+  _writeFrame(obj) {
+    if (this.killed) return;
+    if (!this.proc || !this.proc.stdin || this.proc.stdin.destroyed) return;
+    try { this.proc.stdin.write(JSON.stringify(obj) + '\n'); }
+    catch { /* pipe may be broken; exit handler will fire */ }
+  }
+
+  _call(method, params) {
+    return new Promise((resolve, reject) => {
+      const id = this.nextReqId++;
+      this.pending.set(id, { resolve, reject });
+      this._writeFrame({ jsonrpc: '2.0', id, method, params });
+    });
+  }
+
+  _notify(method, params) {
+    this._writeFrame({ jsonrpc: '2.0', method, params });
+  }
+
+  // ── Stream a single turn ───────────────────────────────────────────────
+  stream(promptText, opts = {}) {
+    const { onChunk, onDone, onError, signal, systemPromptText } = opts;
+    if (this.killed) {
+      const err = new Error('cc-worker-pool: tab is closed');
+      if (onError) try { onError(err); } catch { /* swallow */ }
+      return Promise.resolve();
+    }
+    if (this.inflight) {
+      const err = new Error('cc-worker-pool: a prompt is already in flight on this tab');
+      if (onError) try { onError(err); } catch { /* swallow */ }
+      return Promise.resolve();
+    }
+    this.lastUsedAt = _internals.now();
+
+    // Inject the <system> block on the first prompt of a session — Copilot
+    // ACP has no in-protocol "set system prompt" method (per Ripley's note),
+    // so the per-session adapter pattern of <system>...</system> prepended
+    // to the first user message remains correct.
+    let prompt = promptText;
+    if (!this.firstSystemPromptSent && systemPromptText) {
+      prompt = `<system>\n${systemPromptText}\n</system>\n\n${promptText}`;
+    }
+    this.firstSystemPromptSent = true;
+
+    const id = this.nextReqId++;
+    const inflight = {
+      id,
+      sessionId: this.sessionId,
+      onChunk,
+      onDone,
+      onError,
+      signal,
+      signalHandler: null,
+      settled: false,
+    };
+    this.inflight = inflight;
+
+    if (signal && typeof signal.addEventListener === 'function') {
+      inflight.signalHandler = () => this.cancel();
+      try { signal.addEventListener('abort', inflight.signalHandler); } catch { /* swallow */ }
+    }
+
+    return new Promise((resolve) => {
+      const finalize = (err, result) => {
+        if (inflight.settled) return;
+        inflight.settled = true;
+        if (this.inflight === inflight) this.inflight = null;
+        this.lastUsedAt = _internals.now();
+        if (signal && inflight.signalHandler) {
+          try { signal.removeEventListener('abort', inflight.signalHandler); }
+          catch { /* swallow */ }
+        }
+        if (err) {
+          if (onError) try { onError(err); } catch { /* swallow */ }
+        } else {
+          if (onDone) try { onDone(result); } catch { /* swallow */ }
+        }
+        resolve();
+      };
+
+      this.pending.set(id, {
+        resolve: (result) => finalize(null, result),
+        reject: (err) => finalize(err, null),
+      });
+      this._writeFrame({
+        jsonrpc: '2.0',
+        id,
+        method: 'session/prompt',
+        params: { sessionId: this.sessionId, prompt: [{ type: 'text', text: prompt }] },
+      });
+    });
+  }
+
+  cancel() {
+    if (!this.inflight || this.killed) return;
+    // session/cancel is a JSON-RPC notification (no id). The in-flight
+    // session/prompt response will arrive with stopReason=cancelled per the
+    // ACP spec — we don't synthesize a fake response client-side.
+    this._notify('session/cancel', { sessionId: this.inflight.sessionId });
+  }
+
+  async newSession({ mcpServers, systemPromptHash }) {
+    // Cancel any inflight before swapping the underlying session.
+    if (this.inflight) {
+      this.cancel();
+      // Wait briefly for the cancelled response to settle so we don't leak
+      // a stale inflight reference into the new session.
+      const inflight = this.inflight;
+      await new Promise((resolve) => {
+        const start = _internals.now();
+        const wait = () => {
+          if (!inflight || inflight.settled || _internals.now() - start > 1000) resolve();
+          else setTimeout(wait, 5);
+        };
+        wait();
+      });
+    }
+    const result = await this._call('session/new', {
+      cwd: this.cwd,
+      mcpServers: mcpServers || [],
+    });
+    this.sessionId = result && result.sessionId;
+    this.systemPromptHash = systemPromptHash;
+    this.firstSystemPromptSent = false;
+  }
+
+  close() {
+    if (this.killed) return;
+    this.killed = true;
+    // Best-effort cancel of an inflight prompt so the daemon doesn't keep
+    // generating into a torn-down session before we kill the proc.
+    if (this.inflight) {
+      try { this._notify('session/cancel', { sessionId: this.inflight.sessionId }); }
+      catch { /* swallow */ }
+    }
+    if (this.proc) {
+      try { _internals.killImmediate(this.proc); } catch { /* already dead */ }
+    }
+    this._failAllPending(new Error('cc-worker-pool: worker closed'));
+    if (this.inflight && !this.inflight.settled) {
+      const cb = this.inflight.onError;
+      this.inflight.settled = true;
+      this.inflight = null;
+      if (cb) try { cb(new Error('cc-worker-pool: worker closed')); } catch { /* swallow */ }
+    }
+  }
+}
+
+function _extractChunkText(content) {
+  if (content == null) return '';
+  if (typeof content === 'string') return content;
+  if (Array.isArray(content)) {
+    let out = '';
+    for (const block of content) {
+      if (block && typeof block.text === 'string') out += block.text;
+    }
+    return out;
+  }
+  if (typeof content === 'object' && typeof content.text === 'string') return content.text;
+  return '';
+}
+
+// ── Public API ────────────────────────────────────────────────────────────
+
+async function getSession({ tabId, model, effort, mcpServers, systemPromptHash, cwd } = {}) {
+  if (!tabId) throw new Error('cc-worker-pool.getSession: tabId is required');
+  const mcpServersHash = _hashMcpServers(mcpServers);
+  let worker = _tabs.get(tabId);
+
+  if (worker) {
+    if (worker.killed) {
+      _tabs.delete(tabId);
+      worker = null;
+    } else if (worker.mcpServersHash !== mcpServersHash) {
+      // mcpServers shape changed → must respawn the proc; the daemon
+      // resolves MCP server config at process boot, not per session.
+      _tabs.delete(tabId);
+      worker.close();
+      worker = null;
+    } else if (worker.systemPromptHash !== systemPromptHash) {
+      // System prompt changed → keep the warm process, drop the session
+      // and create a fresh one. Saves the ~2.1 s initialize handshake.
+      await worker.newSession({ mcpServers, systemPromptHash });
+      worker.model = model;
+      worker.effort = effort;
+      worker.lastUsedAt = _internals.now();
+    } else {
+      // Warm reuse — only update bookkeeping. model/effort changes on a
+      // warm session are tracked here but not pushed via configOptions in
+      // sub-task B; sub-task C/D will wire that to ACP `session/configure`
+      // (or equivalent) once the dashboard exposes the toggle live.
+      worker.model = model;
+      worker.effort = effort;
+      worker.lastUsedAt = _internals.now();
+    }
+  }
+
+  if (!worker) {
+    worker = new Worker({
+      tabId, model, effort, mcpServers, mcpServersHash, systemPromptHash, cwd,
+    });
+    _tabs.set(tabId, worker);
+    try {
+      await worker._spawnAndInit();
+    } catch (err) {
+      _tabs.delete(tabId);
+      try { worker.close(); } catch { /* already torn down */ }
+      throw err;
+    }
+  }
+
+  _ensureReaper();
+
+  return {
+    sessionId: worker.sessionId,
+    stream: (promptText, opts) => worker.stream(promptText, opts),
+    cancel: () => worker.cancel(),
+    close: () => closeTab(tabId),
+  };
+}
+
+function closeTab(tabId) {
+  const worker = _tabs.get(tabId);
+  if (!worker) return;
+  _tabs.delete(tabId);
+  worker.close();
+}
+
+function shutdown() {
+  for (const worker of _tabs.values()) {
+    try { worker.close(); } catch { /* swallow */ }
+  }
+  _tabs.clear();
+  if (_reaperTimer) {
+    clearInterval(_reaperTimer);
+    _reaperTimer = null;
+  }
+}
+
+function _ensureReaper() {
+  if (_reaperTimer) return;
+  _reaperTimer = setInterval(_reapIdleTabs, REAPER_INTERVAL_MS);
+  if (typeof _reaperTimer.unref === 'function') _reaperTimer.unref();
+}
+
+function _reapIdleTabs() {
+  const now = _internals.now();
+  for (const [tabId, worker] of [..._tabs]) {
+    if (worker.inflight) continue;
+    if (now - worker.lastUsedAt > IDLE_REAPER_MS) {
+      _tabs.delete(tabId);
+      try { worker.close(); } catch { /* already torn down */ }
+    }
+  }
+}
+
+module.exports = {
+  getSession,
+  closeTab,
+  shutdown,
+  // Exposed for unit tests; engine code MUST go through the public API.
+  _internals,
+  _tabs,
+  _reapIdleTabs,
+  IDLE_REAPER_MS,
+  REAPER_INTERVAL_MS,
+};

package/engine/copilot-models.json

@@ -0,0 +1,5 @@
+{
+  "runtime": "copilot",
+  "models": null,
+  "cachedAt": "2026-05-13T19:11:26.190Z"
+}

package/engine/gh-comment.js

@@ -46,6 +46,12 @@ const REPO_SLUG_RE = /^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/;
 const MINIONS_COMMENT_MARKER_RE =
   /^<!--\s*minions:agent=([^\s]+)\s+kind=([^\s]+)(?:\s+wi=([^\s]+))?\s*-->/m;
 
+// Sample marker constant for tests / fixtures that need a body with a
+// canonical-format marker but don't care about the specific agent / kind /
+// wi fields. Matches MINIONS_COMMENT_MARKER_RE. Production comments build
+// their marker via _buildMarker / buildMinionsCommentBody.
+const MINIONS_COMMENT_MARKER = '<!-- minions:agent=minions kind=marker -->';
+
 // Cheaper "is this body already marked?" check that matches only at position 0
 // (for idempotency in buildMinionsCommentBody). Kept separate from the
 // exported regex so the public regex can be used by downstream classifiers
@@ -231,6 +237,7 @@ module.exports = {
   // Builders / parsers (pure functions — usable from anywhere)
   buildMinionsCommentBody,
   parseMinionsMarker,
+  MINIONS_COMMENT_MARKER,
   MINIONS_COMMENT_MARKER_RE,
   // Validation regexes (exported for downstream consumers)
   AGENT_ID_RE,

package/engine/github.js

@@ -7,6 +7,7 @@
 const shared = require('./shared');
 const { exec, execAsync, getProjects, projectPrPath, projectWorkItemsPath, safeJson, safeJsonArr, safeWrite, mutateJsonFileLocked, MINIONS_DIR, getPrLinks, backfillPrPrdItems, log, ts, dateStamp, PR_STATUS, PR_POLLABLE_STATUSES, createThrottleTracker, getProjectOrg } = shared;
 const { getPrs } = require('./queries');
+const { MINIONS_COMMENT_MARKER_RE } = require('./gh-comment');
 const path = require('path');
 
 // Lazy require to avoid circular dependency — only needed for engine().handlePostMerge
@@ -85,131 +86,94 @@ function _isNonActionableComment(c, config = {}) {
   if (_isAgentComment(c)) return true;
   if (_isCiReportCommentBody(c?.body)) return true;
   if (_isPreviewStatusComment(c)) return true;
-  if (_isAgentPositiveSignalComment(c, config)) return true;
+  if (_isMinionsAuthoredComment(c)) return true;
   return false;
 }
 
-// P-a3f9b2c1 — Detect agent self-positive-signal comments (verification SUCCESS reports,
-// VERDICT:APPROVE recaps, noop:true confessions) posted via the shared `gh` PAT identity.
+// W-mp3bp0ha000997ab-b — Structural classifier for Minions-authored PR comments.
 //
-// Sibling to PR #2431's `_isAgentSelfReviewDeclinedComment` but keys off body-shape markers
-// + an opt-in shared-minions login allowlist (REST `/issues/:n/comments` doesn't expose
-// GraphQL's `viewerDidAuthor` flag, so we approximate via configured logins).
+// Replaces the body-shape classifier chain (PR #2431's _isAgentSelfReviewDeclinedComment,
+// PR #2442's _isAgentPositiveSignalComment + _hasAgentPositiveSignalBody) with a single
+// structural check: a Minions-authored comment carries `MINIONS_COMMENT_MARKER` (defined
+// in engine/gh-comment.js) on its own first line AND was authored by the viewer (the
+// shared PAT identity used by all minions agents).
 //
-// Configuration:
-//   engine.botCommentLogins: string[]  — primary opt-in list (e.g. ['yemi33'])
-//   engine.ignoredCommentAuthors: string[]  — fallback (back-compat with existing knob)
+// Both gates are required:
+//   - `viewerDidAuthor: true` prevents humans from spoofing the marker by quoting it.
+//   - `MINIONS_COMMENT_MARKER_RE` enforces "own first line" — quoted markers in the
+//     middle of a comment, or markers with trailing content on the same line, do NOT
+//     match. This is the structural complement to the viewer check.
 //
-// Reference: PR #2433 (3 consecutive noop fix-dispatches when verify agents posted
-// "Result: SUCCESS" comments via the shared yemi33 PAT identity).
-function _sharedMinionsLogins(config = {}) {
-  const primary = Array.isArray(config?.engine?.botCommentLogins) ? config.engine.botCommentLogins : [];
-  const fallback = Array.isArray(config?.engine?.ignoredCommentAuthors) ? config.engine.ignoredCommentAuthors : [];
-  return new Set([...primary, ...fallback].map(s => String(s || '').toLowerCase()).filter(Boolean));
+// Production note: the GitHub REST endpoints we poll (/issues/:n/comments and
+// /pulls/:n/comments) do NOT populate `viewerDidAuthor` — that field is GraphQL-
+// only. `pollPrHumanComments` therefore backfills it via `_backfillViewerDidAuthor`
+// using the viewer login resolved by `_resolveViewerLogin` (one `gh api user` call
+// per process). This keeps the classifier alive in production without forcing a
+// GraphQL migration on every fetch site.
+//
+// Sub-item -a populates the marker on every minions-posted comment via a helper.
+// Sub-item -c migrates existing engine call sites + playbook examples.
+function _isMinionsAuthoredComment(c) {
+  if (!c || c.viewerDidAuthor !== true) return false;
+  const body = c.body || '';
+  const m = MINIONS_COMMENT_MARKER_RE.exec(body);
+  if (!m) return false;
+  // Strict: marker must be on its OWN first line (no leading content,
+  // no trailing content on the same line). MINIONS_COMMENT_MARKER_RE uses
+  // /m so it would otherwise match the start of any line; we additionally
+  // require the match to be at index 0 AND to occupy the first line
+  // exactly (modulo surrounding whitespace).
+  if (m.index !== 0) return false;
+  const lineEnd = body.indexOf('\n');
+  const firstLine = lineEnd === -1 ? body : body.slice(0, lineEnd);
+  return firstLine.trim() === m[0].trim();
 }
 
-// Pure body-shape matcher for agent positive-signal markers in PR comments.
-// Triggers on:
-//   - "Verification SUCCESS" / "Verification SUCCEEDED" / "Verification ran" (verify-dispatch reports)
-//   - "Result: SUCCESS" (verify-dispatch report header per playbooks/verify.md)
-//   - "VERDICT: APPROVE" (review-loop positive verdict — defense-in-depth alongside _hasMinionsReviewVerdict)
-//   - `noop: true` / `"noop": true` (completion-report-style noop confession copied to comment)
-function _hasAgentPositiveSignalBody(body) {
-  const text = String(body || '');
-  if (!text) return false;
-  if (/(?:^|\n)\s*\*{0,2}VERDICT[:\s]+\*{0,2}APPROVE\b/i.test(text)) return true;
-  if (/"?\bnoop\b"?\s*:\s*true\b/i.test(text)) return true;
-  if (/\bVerification\s+(?:SUCCESS(?:FUL|FULLY)?|SUCCEEDED|ran)\b/i.test(text)) return true;
-  if (/(?:^|\n)\s*#{0,3}\s*Result\s*:\s*SUCCESS\b/i.test(text)) return true;
-  return false;
+// ─── Viewer Login Resolution ────────────────────────────────────────────────
+// `_isMinionsAuthoredComment` (above) gates on `c.viewerDidAuthor === true`.
+// That field is populated by GitHub's GraphQL API but NOT by the REST
+// `/issues/:n/comments` and `/pulls/:n/comments` endpoints we use in
+// `pollPrHumanComments` (REST returns `viewerDidAuthor: null`). To make the
+// classifier alive in production without changing every fetch site to
+// GraphQL, we backfill the field by comparing the comment author's login to
+// the viewer login resolved via `gh api user` once per process. The shared
+// PAT identity does not change during a process lifetime, so a simple
+// in-memory cache is sufficient.
+let _cachedViewerLogin = null;
+
+async function _resolveViewerLogin() {
+  if (_cachedViewerLogin) return _cachedViewerLogin;
+  try {
+    const result = await execAsync('gh api user', { timeout: 10000, encoding: 'utf-8', maxBuffer: GH_MAX_BUFFER });
+    const parsed = JSON.parse(String(result || ''));
+    const login = parsed?.login ? String(parsed.login).toLowerCase() : null;
+    if (login) _cachedViewerLogin = login;
+    return login;
+  } catch (e) {
+    log('warn', `GitHub viewer-login resolution failed: ${e?.message || e}`);
+    return null;
+  }
 }
 
-function _isAgentPositiveSignalComment(c, config = {}) {
-  if (!c) return false;
-  const sharedLogins = _sharedMinionsLogins(config);
-  if (sharedLogins.size === 0) return false;
-  const login = String(c?.user?.login || '').toLowerCase();
-  if (!login || !sharedLogins.has(login)) return false;
-  return _hasAgentPositiveSignalBody(c.body);
+// Test hook: lets tests prime or clear the cached viewer login without
+// shelling out. Pass `null` to force a re-resolve on the next call.
+function _setCachedViewerLogin(login) {
+  _cachedViewerLogin = login ? String(login).toLowerCase() : null;
 }
 
-// W-mp2h696g000a7bc0 — Detect agent self-review-declined no-op comments.
-//
-// Per the documented contract (memory `subject: self-review`, docs/completion-reports.md:83-105):
-// when an agent is dispatched to review a PR they implemented, they post a `gh pr comment`
-// (no `VERDICT:` line) explaining the recusal and complete with `noop:true, verdict:null,
-// needs_rerun:true`. Because `gh` authenticates as the shared PAT user (`yemi33`), the
-// classifier can't tell the noop comment from a real human comment by author alone.
-//
-// Detection requires a stronger signal than author identity. Returns true only when BOTH:
-//   1. Body has NO `VERDICT:` line (we never want to swallow a real verdict comment), AND
-//   2. EITHER the body contains the canonical "Self-review declined" phrase AND references
-//      a dispatch id matching `<agent>-<type>-<uid>` that resolves to a same-agent
-//      review/implement dispatch in the completed history,
-//      OR the most recent review dispatch on this PR was assigned to the same agent as the
-//      PR author and completed with the noop:true / verdict:null / needs_rerun:true contract.
-//
-// This is a narrow allowlist for the noop pattern — generic PAT-user comments still flow
-// through `_isNonActionableComment` and trigger `humanFeedback.pendingFix=true` as before.
-function _isAgentSelfReviewDeclinedComment(c, { pr, dispatch } = {}) {
-  if (!c || !pr) return false;
-  const body = String(c.body || '');
-  if (!body) return false;
-  if (_hasMinionsReviewVerdict(body)) return false;
-
-  const prAuthorAgent = String(pr.agent || '').toLowerCase();
-  if (!prAuthorAgent) return false;
-
-  const completed = (dispatch && Array.isArray(dispatch.completed)) ? dispatch.completed : [];
-  const isNoopContract = (sc) => {
-    if (!sc || typeof sc !== 'object') return false;
-    if (sc.noop !== true && sc.noop !== 'true') return false;
-    if (sc.verdict !== null && sc.verdict !== undefined && sc.verdict !== '') return false;
-    if (sc.needs_rerun !== true && sc.needsRerun !== true) return false;
-    return true;
-  };
-
-  // Signal A — explicit "Self-review declined" phrase + verifiable dispatch id pointing
-  // at a same-agent review/implement/fix dispatch in the completed history.
-  const phraseMatch = /self[\s\-_]+review\s+declined/i.test(body);
-  if (phraseMatch) {
-    const dispatchIdMatches = body.match(/\b[a-z][a-z0-9]*-[a-z][a-z0-9]*-[a-z0-9]{8,}\b/g) || [];
-    for (const id of dispatchIdMatches) {
-      const entry = completed.find(d => d && d.id === id);
-      if (!entry) continue;
-      const agent = String(entry.agent || '').toLowerCase();
-      const t = String(entry.type || '').toLowerCase();
-      if (agent !== prAuthorAgent) continue;
-      if (t === 'review' || t === 'implement' || t === 'implement-large' || t === 'fix') {
-        return true;
-      }
-    }
+// Backfill `c.viewerDidAuthor` for an array of REST-fetched comments using
+// the resolved viewer login. Only sets the field when REST returned
+// null/undefined — never overrides a value that GraphQL or the test fixture
+// already supplied. Mutates the comment objects in place.
+function _backfillViewerDidAuthor(comments, viewerLogin) {
+  if (!Array.isArray(comments) || !viewerLogin) return;
+  for (const c of comments) {
+    if (!c || typeof c !== 'object') continue;
+    if (c.viewerDidAuthor === true || c.viewerDidAuthor === false) continue;
+    const login = c.user?.login;
+    if (typeof login !== 'string' || !login) continue;
+    c.viewerDidAuthor = login.toLowerCase() === viewerLogin;
   }
-
-  // Signal B — most recent review dispatch on this PR was assigned to the PR author
-  // and completed with the documented noop contract. Catches the case where the agent
-  // forgot the canonical phrase but the completion-report contract still flags a noop.
-  const prId = String(pr.id || '');
-  const prNumberRaw = pr.prNumber;
-  const prNumber = prNumberRaw == null ? null : Number(prNumberRaw);
-  const reviewDispatches = completed.filter(d => {
-    if (!d || String(d.type || '').toLowerCase() !== 'review') return false;
-    const dpr = d.meta && d.meta.pr;
-    if (!dpr) return false;
-    if (prId && String(dpr.id || '') === prId) return true;
-    if (prNumber != null && Number(dpr.prNumber) === prNumber) return true;
-    return false;
-  });
-  if (reviewDispatches.length === 0) return false;
-  reviewDispatches.sort((a, b) => {
-    const ta = String(a.completed_at || a.created_at || '');
-    const tb = String(b.completed_at || b.created_at || '');
-    return tb.localeCompare(ta);
-  });
-  const latest = reviewDispatches[0];
-  if (!latest) return false;
-  if (String(latest.agent || '').toLowerCase() !== prAuthorAgent) return false;
-  return isNoopContract(latest.structuredCompletion);
 }
 
 // ─── Per-Repo Poll Backoff ──────────────────────────────────────────────────
@@ -821,13 +785,18 @@ async function pollPrStatus(config) {
 
 async function pollPrHumanComments(config) {
   // Load dispatch state once per poll cycle (cached for ~2s by queries.getDispatch).
-  // Used by `_isAgentSelfReviewDeclinedComment` to verify dispatch ids referenced in
-  // candidate noop comments belong to the PR author.
+  // (Previously used by `_isAgentSelfReviewDeclinedComment` to verify dispatch ids;
+  // kept loaded in case downstream phases need dispatch context — cheap on cache hit.)
   const queries = require('./queries');
   const dispatch = (() => {
     try { return queries.getDispatch(); }
     catch { return { pending: [], active: [], completed: [] }; }
   })();
+  // Resolve viewer login once per poll cycle so we can backfill
+  // `viewerDidAuthor` on REST comments — the field GraphQL would have
+  // populated. `_resolveViewerLogin` caches process-wide, so repeated calls
+  // across PRs are free.
+  const viewerLogin = await _resolveViewerLogin();
   const totalUpdated = await forEachActiveGhPr(config, async (project, pr, prNum, slug) => {
     // Get issue comments (general PR comments)
     const comments = await ghApi(`/issues/${prNum}/comments`, slug);
@@ -840,6 +809,11 @@ async function pollPrHumanComments(config) {
       ...(Array.isArray(reviewComments) ? reviewComments : []).map(c => ({ ...c, _type: 'review' }))
     ];
 
+    // Backfill viewerDidAuthor on each comment so _isMinionsAuthoredComment
+    // can actually fire on production traffic. No-op when GraphQL or a test
+    // fixture already populated the field.
+    _backfillViewerDidAuthor(allComments, viewerLogin);
+
     const cutoffStr = pr.humanFeedback?.lastProcessedCommentDate || pr.created || '1970-01-01';
     const cutoffMs = new Date(cutoffStr).getTime() || 0;
 
@@ -853,12 +827,12 @@ async function pollPrHumanComments(config) {
     for (const c of allComments) {
       const date = c.created_at || c.updated_at || '';
       const dateMs = date ? new Date(date).getTime() : 0;
-      // W-mp2h696g000a7bc0 — agent self-review-declined no-op comments are posted via
-      // `gh pr comment` and authenticate as the shared PAT user, so author identity alone
-      // can't distinguish them from real human feedback. The narrow allowlist check uses
-      // the comment body + dispatch history to identify the documented noop pattern.
-      const isNonActionable = _isNonActionableComment(c, config)
-        || _isAgentSelfReviewDeclinedComment(c, { pr, dispatch });
+      // W-mp3bp0ha000997ab-b — All non-actionable filtering routes through
+      // _isNonActionableComment, which now composes _isMinionsAuthoredComment
+      // (structural marker check). The previous OR chain that appended
+      // _isAgentSelfReviewDeclinedComment is gone — that helper was deleted
+      // with this PR.
+      const isNonActionable = _isNonActionableComment(c, config);
       if (dateMs) allCommentDates.push(date);
       if (isNonActionable) continue;
       const entry = {
@@ -883,26 +857,6 @@ async function pollPrHumanComments(config) {
     }
     if (newComments.length === 0) return false;
 
-    // P-a3f9b2c1 — Defense-in-depth: when the PR is already approved AND every new comment
-    // is from a configured shared-minions PAT identity AND every new comment matches the
-    // positive-signal body shape, suppress pendingFix and advance cutoff. Belt-and-suspenders
-    // against future regressions in `_isAgentPositiveSignalComment`. This is intentionally
-    // narrow — a single human-shaped comment in newComments (e.g. "rename _foo to bar") will
-    // disqualify the entire batch and let the normal human-feedback flow run.
-    if (String(pr.reviewStatus || '').toLowerCase() === 'approved') {
-      const sharedLogins = _sharedMinionsLogins(config);
-      if (sharedLogins.size > 0) {
-        const allFromSharedPat = newComments.every(nc => sharedLogins.has(String(nc.author || '').toLowerCase()));
-        const allPositiveShape = newComments.every(nc => _hasAgentPositiveSignalBody(nc.content));
-        if (allFromSharedPat && allPositiveShape) {
-          const cutoff = allNewDates.sort().pop() || newComments[newComments.length - 1].date;
-          pr.humanFeedback = { ...(pr.humanFeedback || {}), lastProcessedCommentDate: cutoff };
-          log('info', `PR ${pr.id}: ${newComments.length} new shared-PAT positive-signal comment(s) on approved PR — defense-in-depth suppression`);
-          return true;
-        }
-      }
-    }
-
     // Sort all comments chronologically and build full context for the fix agent
     allCommentEntries.sort((a, b) => a.date.localeCompare(b.date));
     newComments.sort((a, b) => a.date.localeCompare(b.date));
@@ -1200,9 +1154,9 @@ module.exports = {
   _hasMinionsReviewVerdict, // exported for testing
   _isAgentComment, // exported for testing
   _isNonActionableComment, // exported for testing
-  _isAgentSelfReviewDeclinedComment, // exported for testing
-  _isAgentPositiveSignalComment, // exported for testing (P-a3f9b2c1)
-  _hasAgentPositiveSignalBody, // exported for testing (P-a3f9b2c1)
-  _sharedMinionsLogins, // exported for testing (P-a3f9b2c1)
+  _isMinionsAuthoredComment, // exported for testing (W-mp3bp0ha000997ab-b)
   _isPreviewStatusComment, // exported for testing
+  _resolveViewerLogin, // exported for testing (W-mp3bp0ha000997ab-b backfill)
+  _setCachedViewerLogin, // exported for testing (W-mp3bp0ha000997ab-b backfill)
+  _backfillViewerDidAuthor, // exported for testing (W-mp3bp0ha000997ab-b backfill)
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1910",
+  "version": "0.1.1912",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"