@yemi33/minions 0.1.1949 → 0.1.1951

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1949",
+  "version": "0.1.1951",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"
@@ -13,13 +13,13 @@
     "test:sequential": "node test/unit.test.js",
     "test:unit": "node test/run-parallel.js",
     "test:parallel": "node test/run-parallel.js",
-    "test:integration": "node test/minions-tests.js",
+    "test:integration": "node test/minions-tests.js && node test/integration/run.js",
     "test:e2e": "npx playwright test",
     "test:e2e:headed": "npx playwright test --headed",
     "test:e2e:ui": "npx playwright test --ui",
     "test:e2e:report": "npx playwright show-report test/playwright/report",
     "test:e2e:video": "npx playwright test --video=on --headed",
-    "test:all": "node test/run-parallel.js && node test/minions-tests.js",
+    "test:all": "node test/run-parallel.js && node test/minions-tests.js && node test/integration/run.js",
     "test:e2e:accept": "node test/playwright/accept-baseline.js",
     "test:e2e:accept-force": "node test/playwright/accept-baseline.js --force",
     "test:setup": "npx playwright install chromium"
@@ -60,6 +60,9 @@
   "engines": {
     "node": ">=18"
   },
+  "dependencies": {
+    "@azure-devops/mcp": "2.7.0"
+  },
   "devDependencies": {
     "@playwright/test": "^1.58.2"
   },

package/playbooks/review.md

@@ -64,6 +64,8 @@ You MUST post a review comment with a clear verdict and write the completion rep
 
 {{pr_vote_instructions}}
 
+> If you are flipping a prior `REQUEST_CHANGES` verdict to `APPROVE` on re-review, the engine automatically clears your prior negative vote (ADO `set-vote --vote reset`-equivalent) or dismisses your prior `CHANGES_REQUESTED` review (GitHub) so humans don't see a stale red badge — you don't need to reset it manually. (W-mp7b1g8q000fea45)
+
 Your review body **MUST** start with one of these verdict lines (exactly as shown):
 - `VERDICT: APPROVE` — if the code is ready to merge
 - `VERDICT: REQUEST_CHANGES` — if there are issues that must be fixed

package/playbooks/shared-rules.md

@@ -67,9 +67,11 @@ Bias toward senior-engineer restraint:
 The engine provides a completion report path in the prompt and in `MINIONS_COMPLETION_REPORT`. Before exiting, write JSON there with the actual outcome:
 
 ```json
-{"status":"success","summary":"what changed and how it was validated","verdict":null,"pr":"PR id/url or N/A","failure_class":"N/A","retryable":false,"needs_rerun":false,"not_changed":"adjacent X left alone; refactor Y declined as out of scope","artifacts":[{"type":"note|plan|prd|pr|file","path":"relative/path/or/url","title":"short label"}]}
+{"status":"success","summary":"what changed and how it was validated","verdict":null,"pr":"PR id/url or N/A","failure_class":"N/A","retryable":false,"needs_rerun":false,"not_changed":"adjacent X left alone; refactor Y declined as out of scope","nonce":"<value of MINIONS_COMPLETION_NONCE env var>","artifacts":[{"type":"note|plan|prd|pr|file","path":"relative/path/or/url","title":"short label"}]}
 ```
 
+**Trust nonce (REQUIRED).** The engine injects a per-spawn cryptographic value into your environment as `MINIONS_COMPLETION_NONCE`. Copy it verbatim into the report's `nonce` field — do not invent, regenerate, or share it with other dispatches. The engine validates the nonce on read; mismatched or (when strict) missing nonces are treated as forged and the dispatch is failed with `failure_class: 'completion-nonce-mismatch'`. See `docs/completion-reports.md` → "Trust boundary" for details.
+
 For the canonical schema — every field, the `failure_class` enum, `noop:true` semantics, `retryable` / `needs_rerun` shape, and the artifacts array — see `docs/completion-reports.md`. The JSON report is the primary signal; fenced `completion` blocks in stdout are accepted only as a fallback.
 
 ## Long-Running Commands

package/prompts/cc-system.md

@@ -146,6 +146,8 @@ curl -s http://localhost:{{dashboard_port}}/api/status
 
 **Required fields per endpoint** — the server returns `{ error: "..." }` if missing. Common cases:
 - `POST /api/work-items`: `title` REQUIRED. `description` recommended. `project` REQUIRED when multiple projects are configured (server returns the list of known names if you guess wrong). `type` defaults to `implement`; valid values: `fix`, `implement`, `implement:large`, `explore`, `ask`, `review`, `test`, `verify`. Agent hint via `agent` (string) or `agents` (array).
+  - Exempt from the `project` requirement (these run rootless or via central paths): `ask`, `explore`, `plan`, `plan-to-prd`, `meeting`, `docs`. Every other type needs a project worktree, so the server rejects project-less creates with `400 { error, knownProjects }` when ≠1 project is configured.
+  - **`meta.keep_processes: true`** — opt-in flag that lets the agent leave specific descendant PIDs running after it exits (default: engine reaps EVERYTHING the agent spawned). **Set this whenever the user's intent is to leave a process alive after the agent finishes** — e.g. "spin up the dev server and exit", "start the watcher and leave it running", "set up my dev env", "keep the emulator open", "launch the daemon for me", "boot the constellation host and disconnect". Don't set it for normal build/test/run-once tasks (`npm test`, `npm run build`, one-shot scripts) — those should be reaped. Also accepts optional `meta.keep_processes_ttl_minutes` (default 60, hard-cap 1440 = 24h). When you set this flag, also make the WI title/description say something like "leave the dev server running" so the agent knows to write `agents/<id>/keep-pids.json` before exiting (the playbook injects the contract automatically when the flag is on). Example: `-d '{"title":"Spin up Constellation dev env and leave server running","type":"implement","project":"constellation","description":"Run bun install + bun run dev. Leave the dev server (port 5173) and Constellation host (port 3001) running after you exit so the user can iterate.","meta":{"keep_processes":true,"keep_processes_ttl_minutes":240}}'`. Inspect / kill kept PIDs anytime via `GET /api/keep-processes` and `POST /api/keep-processes/kill`.
 - `POST /api/notes`: `title`, `what` REQUIRED.
 - `POST /api/knowledge`: `category`, `title`, `content` REQUIRED. Categories: `architecture`, `conventions`, `project-notes`, `build-reports`, `reviews`.
 - `POST /api/plan`: `title` REQUIRED. `description`, `priority`, `project`, `agent`, `branchStrategy` optional.
@@ -154,6 +156,28 @@ curl -s http://localhost:{{dashboard_port}}/api/status
 
 **Errors:** if a `curl` returns 4xx/5xx, surface the error text in your reply so the user sees what went wrong. Don't retry blindly — usually the body explains the missing field.
 
+## GitHub auth
+
+We have multiple authed `gh` accounts (`yemi33`, `yemishin_microsoft`) covering three repo scopes (`yemi33/minions`, `yemishin_microsoft/minions`, `opg-microsoft/minions`).
+
+**Never run `gh auth switch`.** It flips the global active account and races with the engine's GH poller — past `gh auth switch` calls left the engine polling the wrong account for hours, with PRs stuck in `abandoned` until reconciliation un-flipped them.
+
+To call `gh` against a specific account, build `GH_TOKEN` per command:
+
+```bash
+GH_TOKEN=$(gh auth token --user <account> --hostname github.com) gh <subcommand> ...
+```
+
+Account map (mirrors `engine.ghAccounts` in `config.json`):
+
+| Owner | gh account |
+|-------|------------|
+| `opg-microsoft` | `yemishin_microsoft` |
+| `yemishin_microsoft` | `yemishin_microsoft` |
+| `yemi33` | `yemi33` |
+
+The engine resolves these automatically via `engine/gh-token.js` for its own polling and issue creation; only CC and agents need to be careful in shell commands. If you're unsure which account a slug needs, the table above is the source of truth.
+
 ## Document edits
 
 When the user is editing a document via the doc-chat panel, you receive the document content as untrusted data and may modify it directly with your `Edit` and `Write` tools:

package/engine/copilot-models.json

@@ -1,5 +0,0 @@
-{
-  "runtime": "copilot",
-  "models": null,
-  "cachedAt": "2026-05-14T23:08:33.100Z"
-}