npm - @yemi33/minions - Versions diffs - 0.1.1989 → 0.1.1991 - Mend

@yemi33/minions 0.1.1989 → 0.1.1991

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dashboard.js CHANGED Viewed

@@ -34,7 +34,7 @@ const features = require('./engine/features');
 const ccWorkerPool = require('./engine/cc-worker-pool');
 const os = require('os');
-const { safeRead, safeReadDir, safeWrite, safeJson, safeJsonObj, safeJsonArr, safeJsonNoRestore, safeUnlink, mutateJsonFileLocked, mutateTextFileLocked, mutateControl, mutateCooldowns, mutateWorkItems, getProjects: _getProjects, DONE_STATUSES, WI_STATUS, WORK_TYPE, WORKTREE_REQUIRING_TYPES, reopenWorkItem } = shared;
+const { safeRead, safeReadOrNull, safeReadDir, safeWrite, safeJson, safeJsonObj, safeJsonArr, safeJsonNoRestore, safeUnlink, mutateJsonFileLocked, mutateTextFileLocked, mutateControl, mutateCooldowns, mutateWorkItems, getProjects: _getProjects, DONE_STATUSES, WI_STATUS, WORK_TYPE, WORKTREE_REQUIRING_TYPES, reopenWorkItem } = shared;
 const { getAgents, getAgentDetail, getPrdInfo, getWorkItems, getDispatchQueue,
   getSkills, getInbox, getNotesWithMeta, getPullRequests,
   getEngineLog, getMetrics, getKnowledgeBaseEntries, getProjectGitStatus, timeSince,
@@ -2640,11 +2640,31 @@ async function _preflightModelCheck({ runtime: cliOverride, model: modelOverride
  * document body. Always re-sending extraContext is correctness-safe; the
  * pool's warm-process saving is preserved regardless.
  */
+/**
+ * Build the persistent doc-chat pool tabKey from a session key (filePath or
+ * title). Single source of truth shared by _invokeDocChatViaPool (the
+ * streaming path) and handleDocChatWarm (the pre-warm endpoint). Both call
+ * sites MUST resolve to the same key, otherwise warm spawns an orphan worker
+ * the streaming call ignores — silently breaking the skip-18-21s Copilot
+ * cold-spawn optimization documented at modal-qa.js:506-516.
+ *
+ * The `default` fallback mirrors the legacy inline behavior for empty input
+ * so older callers (and the dashboard test fixtures that omit sessionKey)
+ * still land on a stable, predictable key.
+ *
+ * The freshSession one-shot branch in _invokeDocChatViaPool intentionally
+ * bypasses this helper — those callers want a unique short-lived key under
+ * `doc-chat:fresh:<uid>`, not the persistent namespace.
+ */
+function _buildDocChatTabKey(sessionKey) {
+  return 'doc-chat:' + (sessionKey || 'default');
+}
 function _invokeDocChatViaPool({ prompt, model, effort, engineConfig, systemPrompt, sessionKey, freshSession, timeoutMs, onChunk, onToolUse, onToolUpdate }) {
   const oneShot = !!freshSession;
   const tabKey = oneShot
     ? 'doc-chat:fresh:' + shared.uid()
-    : 'doc-chat:' + (sessionKey || 'default');
+    : _buildDocChatTabKey(sessionKey);
   let cancelled = false;
   let settled = false;
   let accumulated = '';
@@ -5905,7 +5925,10 @@ What would you like to discuss or change? When you're happy, say "approve" and I
       if (canEdit) {
         try { shared.sanitizePath(body.filePath, MINIONS_DIR); } catch { return jsonReply(res, 400, { error: 'path must be under minions directory' }); }
         fullPath = path.resolve(MINIONS_DIR, body.filePath);
-        const diskContent = safeRead(fullPath);
+        // safeReadOrNull returns null when the file is missing/inaccessible.
+        // If absent, keep body.document (the client-sent panel content) — do
+        // NOT overwrite currentContent with '' (W-mpede4j7000ab7e4).
+        const diskContent = safeReadOrNull(fullPath);
         if (diskContent !== null) {
           // If client sent a contentHash and it matches disk, skip replacement — client copy is fresh
           if (body.contentHash && contentFingerprint(diskContent) === body.contentHash) {
@@ -5992,7 +6015,10 @@ What would you like to discuss or change? When you're happy, say "approve" and I
         try { shared.sanitizePath(body.filePath, MINIONS_DIR); }
         catch { docChatInFlight.delete(docKey); res.statusCode = 400; res.setHeader('Content-Type', 'application/json'); res.end(JSON.stringify({ error: 'path must be under minions directory' })); return; }
         fullPath = path.resolve(MINIONS_DIR, body.filePath);
-        const diskContent = safeRead(fullPath);
+        // safeReadOrNull returns null when the file is missing/inaccessible.
+        // If absent, keep body.document (the client-sent panel content) — do
+        // NOT overwrite currentContent with '' (W-mpede4j7000ab7e4).
+        const diskContent = safeReadOrNull(fullPath);
         if (diskContent !== null) {
           if (!(body.contentHash && contentFingerprint(diskContent) === body.contentHash)) {
             currentContent = diskContent;
@@ -6595,7 +6621,10 @@ What would you like to discuss or change? When you're happy, say "approve" and I
       const body = await readBody(req);
       const sessionKey = body && (body.filePath || body.title);
       if (!sessionKey) return jsonReply(res, 400, { error: 'filePath or title required' });
-      const result = await _warmCcPool(sessionKey, _docChatPromptHash);
+      // Must match the persistent tabKey _invokeDocChatViaPool hands to
+      // ccWorkerPool.getSession at first-message time, or this warm spawns
+      // an orphan worker (regression W-mpede4bf000957b5).
+      const result = await _warmCcPool(_buildDocChatTabKey(sessionKey), _docChatPromptHash);
       return jsonReply(res, 200, result);
     } catch (e) { return jsonReply(res, e.statusCode || 500, { error: e.message }); }
   }
@@ -9261,6 +9290,7 @@ module.exports = {
   parsePinnedEntries,
   _formatDocChatContext,
   _buildDocChatPass,
+  _buildDocChatTabKey,
   _docSessionsForTesting: docSessions,
   _docChatPromptHashForTesting: _docChatPromptHash,
   _isCompletedMeetingJson,

package/engine/ado-git-auth.js CHANGED Viewed

@@ -66,26 +66,65 @@ function isAdoProject(project) {
   return !!(project && project.repoHost === 'ado');
 }
-// Scope the header to the ADO host so a misconfigured remote pointing at
+// Scope the header to the ADO host(s) so a misconfigured remote pointing at
 // another host (e.g. github.com on a misclassified project) doesn't leak the
 // bearer token. Falls back to the unscoped `http.extraHeader` key when we
-// can't compute a host (still safe — git only sends extraHeader on HTTP/S
+// can't compute any host (still safe — git only sends extraHeader on HTTP/S
 // transfers, and the engine only invokes ado-git-auth for ADO projects).
-function _resolveScopeUrl(project) {
+//
+// W-mped1zap00069ea5 — ADO has TWO canonical URL forms for the same org:
+//   - https://dev.azure.com/<org>/...          (modern, default for new clones)
+//   - https://<org>.visualstudio.com/...       (legacy alias, still active)
+// Git scopes `http.<url>.extraHeader` by URL PREFIX match: a header scoped to
+// `office.visualstudio.com` is silently dropped when the remote is
+// `dev.azure.com/office` (and vice-versa). The bearer token is identical for
+// either form, so we emit the header under BOTH scopes to cover whichever
+// alias the project's git remote happens to use.
+function _resolveScopeUrls(project) {
   try {
-    if (!project || !project.adoOrg) return null;
+    if (!isAdoProject(project) || !project.adoOrg) return [];
+    const scopes = new Set();
+    // Always include the modern dev.azure.com host. Remotes cloned via the
+    // current ADO UI use this form regardless of what `prUrlBase` says.
+    scopes.add('https://dev.azure.com/');
+    // Derive the visualstudio.com form from adoOrg. Works whether adoOrg is
+    // the bare org slug ("office") or already a full host ("office.visualstudio.com").
+    const orgName = project.adoOrg.includes('.')
+      ? project.adoOrg.split('.')[0]
+      : project.adoOrg;
+    if (orgName) {
+      scopes.add(`https://${orgName}.visualstudio.com/`);
+    }
+    // Also honor whatever host `getAdoOrgBase` resolves — covers custom
+    // prUrlBase values (e.g. self-hosted Azure DevOps Server) that don't
+    // match either canonical alias.
     const base = shared.getAdoOrgBase(project);
-    if (typeof base !== 'string' || !base.startsWith('http')) return null;
-    const m = base.match(/^(https?:\/\/[^/]+)/);
-    return m ? `${m[1]}/` : null;
+    if (typeof base === 'string' && base.startsWith('http')) {
+      const m = base.match(/^(https?:\/\/[^/]+)/);
+      if (m) scopes.add(`${m[1]}/`);
+    }
+    // Stable alphabetical order so tests can assert deterministically.
+    return Array.from(scopes).sort();
   } catch (_e) {
-    return null;
+    return [];
   }
 }
-function _buildHeaderArgs(token, scopeUrl) {
-  const key = scopeUrl ? `http.${scopeUrl}.extraHeader` : 'http.extraHeader';
-  return ['-c', `${key}=Authorization: Bearer ${token}`];
+function _buildHeaderArgs(token, scopeUrls) {
+  // Empty/null scopes → degenerate unscoped fallback (matches pre-W-mped1zap
+  // behavior). Still safe because we only inject this for ADO projects.
+  if (!Array.isArray(scopeUrls) || scopeUrls.length === 0) {
+    return ['-c', `http.extraHeader=Authorization: Bearer ${token}`];
+  }
+  const args = [];
+  for (const scopeUrl of scopeUrls) {
+    args.push('-c', `http.${scopeUrl}.extraHeader=Authorization: Bearer ${token}`);
+  }
+  return args;
 }
 function _acquireToken(opts = {}) {
@@ -98,7 +137,7 @@ function getAdoGitExtraArgs(project, opts = {}) {
   if (!isAdoProject(project)) return [];
   const now = Date.now();
   if (_cached && _cached.expiresAt > now) {
-    return _buildHeaderArgs(_cached.token, _resolveScopeUrl(project));
+    return _buildHeaderArgs(_cached.token, _resolveScopeUrls(project));
   }
   if (now < _backoffUntil) return [];
   try {
@@ -109,7 +148,7 @@ function getAdoGitExtraArgs(project, opts = {}) {
       return [];
     }
     _cached = { token, expiresAt: now + TOKEN_TTL_MS };
-    return _buildHeaderArgs(token, _resolveScopeUrl(project));
+    return _buildHeaderArgs(token, _resolveScopeUrls(project));
   } catch (e) {
     _backoffUntil = now + ACQUIRE_BACKOFF_MS;
     const firstLine = String(e && e.message || e).split('\n')[0];

package/engine/shared.js CHANGED Viewed

@@ -323,6 +323,15 @@ function safeRead(p) {
   try { return fs.readFileSync(p, 'utf8'); } catch { return ''; }
 }
+// Like safeRead, but returns null when the file is missing/inaccessible so
+// callers can distinguish "file absent" from "file present but empty".
+// Used by doc-chat handlers (W-mpede4j7000ab7e4) to avoid silently overwriting
+// the client-sent document body with '' when the file was deleted/moved
+// between panel open and send.
+function safeReadOrNull(p) {
+  try { return fs.readFileSync(p, 'utf8'); } catch { return null; }
+}
 function safeReadDir(dir) {
   try { return fs.readdirSync(dir); } catch { return []; }
 }
@@ -4680,6 +4689,7 @@ module.exports = {
   dateStamp,
   log,
   safeRead,
+  safeReadOrNull,
   safeReadDir,
   safeJson, safeJsonObj, safeJsonArr, safeJsonNoRestore,
   safeWrite,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.1989",
+  "version": "0.1.1991",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"