@yemi33/minions 0.1.2008 → 0.1.2010

package/dashboard/js/render-other.js

@@ -25,18 +25,49 @@ function renderProjects(projects) {
 // classifier emitted by getProjectGitStatus() in engine/queries.js.
 // Adds a title attribute carrying the full branch name so users can still
 // read it on hover after the CSS ellipsis-truncate (W-mpayac6d000b7d33).
+//
+// W-mpg3whgp000d09ec / #2732: also surfaces configured mainBranch drift —
+// shows "current → main" when local branch differs from the configured main,
+// a warning chip when branchMismatch (configured ≠ origin/HEAD) OR when the
+// local branch is behind main, and a compact "↑N ↓M" chip when ahead/behind
+// counts are non-zero.
 function _renderProjectBranch(p) {
   if (!p) return '';
   if (p.gitState === 'missing') return '<span class="project-warn" title="Project localPath does not exist on disk">(path not found)</span>';
   if (p.gitState === 'non-git') return '<span class="project-muted" title="Project path exists but is not a git repository">(not a git repo)</span>';
   if (p.gitState !== 'ok' || !p.gitBranch) return '';
   const branch = escHtml(p.gitBranch);
-  const titleAttr = ' title="on: ' + branch + (p.gitDetached ? ' (detached)' : '') + (p.gitDirty ? ' (dirty)' : '') + '"';
+  const mainBranch = p.mainBranch ? escHtml(p.mainBranch) : '';
+  const remoteDefault = p.remoteDefaultBranch ? escHtml(p.remoteDefaultBranch) : '';
+  const branchMismatch = !!p.branchMismatch;
+  const ahead = Number.isFinite(p.ahead) ? p.ahead : null;
+  const behind = Number.isFinite(p.behind) ? p.behind : null;
+  const branchDiffersFromMain = !!(mainBranch && p.gitBranch !== p.mainBranch);
+  const titleBits = ['on: ' + p.gitBranch];
+  if (mainBranch) titleBits.push('configured main: ' + p.mainBranch);
+  if (remoteDefault) titleBits.push('origin/HEAD: ' + p.remoteDefaultBranch);
+  if (ahead !== null && behind !== null) titleBits.push('↑' + ahead + ' ↓' + behind + ' vs origin/' + (p.mainBranch || p.remoteDefaultBranch));
+  if (p.gitDetached) titleBits.push('(detached)');
+  if (p.gitDirty) titleBits.push('(dirty)');
+  const titleAttr = ' title="' + escHtml(titleBits.join(' • ')) + '"';
   const dirty = p.gitDirty ? ' <span class="dot-dirty" title="Working tree has uncommitted changes">●</span>' : '';
-  if (p.gitDetached) {
-    return '<span class="project-branch"' + titleAttr + '>on: ' + branch + ' <span class="muted">(detached)</span>' + dirty + '</span>';
+  const mainSuffix = branchDiffersFromMain
+    ? ' <span class="muted">→ ' + mainBranch + '</span>'
+    : '';
+  const detachedSuffix = p.gitDetached ? ' <span class="muted">(detached)</span>' : '';
+  const aheadBehind = (ahead !== null && behind !== null && (ahead > 0 || behind > 0))
+    ? ' <span class="project-ab" title="' + escHtml('Ahead ' + ahead + ' / behind ' + behind + ' vs origin/' + (p.mainBranch || p.remoteDefaultBranch)) + '">↑' + ahead + ' ↓' + behind + '</span>'
+    : '';
+  // Warning chip surfaces when the configured main disagrees with the remote
+  // default branch (the #2732 case: config=master, origin/HEAD=main) OR when
+  // the local branch is behind the configured main.
+  let warnChip = '';
+  if (branchMismatch) {
+    warnChip = ' <span class="project-warn" title="' + escHtml('Configured mainBranch (' + p.mainBranch + ') differs from origin/HEAD (' + p.remoteDefaultBranch + ') — config is likely stale') + '">⚠ main drift</span>';
+  } else if (behind !== null && behind > 0) {
+    warnChip = ' <span class="project-warn" title="' + escHtml('Local branch is ' + behind + ' commits behind origin/' + (p.mainBranch || p.remoteDefaultBranch)) + '">⚠ behind</span>';
   }
-  return '<span class="project-branch"' + titleAttr + '>on: ' + branch + dirty + '</span>';
+  return '<span class="project-branch"' + titleAttr + '>on: ' + branch + mainSuffix + detachedSuffix + dirty + '</span>' + aheadBehind + warnChip;
 }
 
 function _projectCachePath(project) {

package/dashboard/js/settings.js

@@ -132,12 +132,42 @@ async function openSettings() {
     '<h3 style="font-size:13px;color:var(--blue);margin-bottom:8px">Projects</h3>' +
     '<div style="display:flex;flex-direction:column;gap:12px;margin-bottom:16px">' +
     (data.projects || []).map(function(p) {
+      // Cross-reference live /api/status to pull in the auto-detected
+      // remoteDefaultBranch (read-only) — settings already has localPath +
+      // mainBranch from /api/settings, but origin/HEAD is probe-derived and
+      // lives in /api/status only. W-mpg3whgp000d09ec / #2732.
+      var liveProj = null;
+      try {
+        if (window._lastStatus && Array.isArray(window._lastStatus.projects)) {
+          liveProj = window._lastStatus.projects.find(function(x) { return x.name === p.name; }) || null;
+        }
+      } catch (e) { liveProj = null; }
+      var remoteDefault = (liveProj && liveProj.remoteDefaultBranch) || '';
+      var mismatch = !!(liveProj && liveProj.branchMismatch);
+      var localBranch = (liveProj && liveProj.gitBranch) || '';
+      var driftNote = mismatch
+        ? '<div style="font-size:10px;color:var(--yellow);margin-top:4px">⚠ Configured main (<code>' + escHtml(p.mainBranch || '') + '</code>) differs from origin/HEAD (<code>' + escHtml(remoteDefault) + '</code>) — config is likely stale.</div>'
+        : '';
+      var pathRow = p.localPath
+        ? '<div style="font-size:10px;color:var(--muted);margin-bottom:6px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace">' + escHtml(p.localPath) + '</div>'
+        : '';
+      var branchGrid = '<div style="display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-bottom:6px">' +
+        settingsField('Configured main branch', 'set-mainBranch-' + p.name, p.mainBranch || '', '', 'Used by branch-naming + dependency-merge to identify mainline. Empty = auto-detect from origin/HEAD.') +
+        '<div>' +
+          '<label style="font-size:10px;color:var(--muted);display:block;margin-bottom:2px">Remote default <span style="opacity:0.6">(read-only)</span></label>' +
+          '<input id="set-remoteDefaultBranch-' + p.name + '" value="' + escHtml(remoteDefault || '(unset)') + '" readonly style="width:100%;padding:4px 6px;background:var(--surface2);border:1px solid var(--border);border-radius:4px;color:var(--muted);font-size:12px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace">' +
+          '<div style="font-size:9px;color:var(--muted);margin-top:1px">Parsed from <code>git symbolic-ref refs/remotes/origin/HEAD</code>' + (localBranch ? '. Local HEAD: <code>' + escHtml(localBranch) + '</code>' : '') + '.</div>' +
+        '</div>' +
+      '</div>';
       return '<div data-settings-project="' + escHtml(p.name) + '" style="border:1px solid var(--border);border-radius:6px;padding:10px 12px">' +
         '<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:8px">' +
           '<div style="font-size:12px;font-weight:600">' + escHtml(p.name) + '</div>' +
           '<button onclick="MinionsSettings.removeProject(\'' + escHtml(p.name) + '\')" style="font-size:9px;padding:2px 8px;background:transparent;color:var(--red);border:1px solid var(--red);border-radius:3px;cursor:pointer">Remove</button>' +
         '</div>' +
-        '<div style="display:flex;flex-direction:column;gap:6px">' +
+        pathRow +
+        branchGrid +
+        driftNote +
+        '<div style="display:flex;flex-direction:column;gap:6px;margin-top:8px">' +
         settingsToggle('Discover from PRs', 'set-ws-prs-' + p.name, p.workSources.pullRequests.enabled, 'Discovery gate: scan repo for open PRs and surface them as review tasks. Independent of ADO/GitHub polling — does not affect already-tracked PRs.') +
         settingsToggle('Discover from Work Items', 'set-ws-wi-' + p.name, p.workSources.workItems.enabled, 'Auto-discover work from ADO/GitHub work items') +
         '</div></div>';
@@ -219,8 +249,9 @@ async function openSettings() {
         '<div style="display:flex;flex-direction:column;gap:6px;margin-top:8px">' +
           settingsToggle('Claude bare mode', 'set-claudeBareMode', !!e.claudeBareMode, '--bare suppresses CLAUDE.md auto-discovery; pair with explicit ccSystemPrompt or context will be lost') +
         '</div>' +
-        '<div style="display:grid;grid-template-columns:1fr 1fr;gap:8px;margin-top:8px">' +
-          settingsField('Claude fallback model', 'set-claudeFallbackModel', e.claudeFallbackModel || '', '', 'Used by --fallback-model on rate-limit / overload (Claude only)') +
+        '<div style="display:grid;grid-template-columns:1fr 1fr 1fr;gap:8px;margin-top:8px">' +
+          settingsField('Claude fallback model', 'set-claudeFallbackModel', e.claudeFallbackModel || '', 'e.g. sonnet', 'Passed via Claude --fallback-model. The Claude CLI swaps to this only on rate-limit (429). Used together with engine.copilotFallbackModel for the engine-level MODEL_UNAVAILABLE (overloaded/503) retry — see CLAUDE.md.') +
+          settingsField('Copilot fallback model', 'set-copilotFallbackModel', e.copilotFallbackModel || '', 'e.g. gpt-5.4', 'Copilot has no --fallback-model flag. On a MODEL_UNAVAILABLE (overloaded/503) retry, the engine OVERRIDES --model with this value (Copilot only).') +
           settingsField('Max budget (USD)', 'set-maxBudgetUsd', e.maxBudgetUsd != null ? String(e.maxBudgetUsd) : '', '', 'Fleet ceiling for --max-budget-usd. 0 is a valid cap (read-only / dry-run). Empty = no cap. Claude only.') +
         '</div>' +
         '<div style="display:flex;flex-direction:column;gap:6px;margin-top:8px">' +
@@ -597,6 +628,7 @@ async function saveSettings() {
       ccEffort: document.getElementById('set-ccEffort').value || null,
       claudeBareMode: !!document.getElementById('set-claudeBareMode')?.checked,
       claudeFallbackModel: (document.getElementById('set-claudeFallbackModel')?.value ?? '').trim(),
+      copilotFallbackModel: (document.getElementById('set-copilotFallbackModel')?.value ?? '').trim(),
       copilotDisableBuiltinMcps: !!document.getElementById('set-copilotDisableBuiltinMcps')?.checked,
       copilotSuppressAgentsMd: !!document.getElementById('set-copilotSuppressAgentsMd')?.checked,
       copilotStreamMode: document.getElementById('set-copilotStreamMode')?.value || 'on',
@@ -628,8 +660,13 @@ async function saveSettings() {
 
     const currentProjects = (_settingsData && Array.isArray(_settingsData.projects)) ? _settingsData.projects : [];
     const projectsPayload = currentProjects.map(function(p) {
+      // W-mpg3whgp000d09ec / #2732 — mainBranch is now editable from Settings →
+      // Projects. Empty string = clear the override; the field stays optional.
+      const mainBranchInput = document.getElementById('set-mainBranch-' + p.name);
+      const mainBranchValue = mainBranchInput ? mainBranchInput.value.trim() : (p.mainBranch || '');
       return {
         name: p.name,
+        mainBranch: mainBranchValue || null,
         workSources: {
           pullRequests: { enabled: document.getElementById('set-ws-prs-' + p.name)?.checked ?? true },
           workItems: { enabled: document.getElementById('set-ws-wi-' + p.name)?.checked ?? true }

package/dashboard/styles.css

@@ -726,6 +726,13 @@
   }
   .project-branch .muted { color: var(--muted); }
   .project-branch .dot-dirty { color: var(--yellow); margin-left: 2px; }
+  /* Ahead/behind compact chip (W-mpg3whgp000d09ec, #2732). Renders as
+   * "↑N ↓M" next to the branch chip when local diverges from origin/<main>. */
+  .project-ab {
+    font-size: 10px; color: var(--muted); font-weight: 400;
+    font-family: ui-monospace, SFMono-Regular, Menlo, monospace;
+    margin-left: 4px; white-space: nowrap;
+  }
   .project-warn {
     font-size: 10px; color: var(--yellow); font-style: italic; font-weight: 400;
     display: inline-block; max-width: 240px; overflow: hidden;

package/dashboard.js

@@ -105,7 +105,7 @@ ensureConfiguredProjectStateFiles();
 function warmProjectGitStatusCache() {
   for (const p of PROJECTS) {
     if (p && p.localPath) {
-      try { queries.warmProjectGitStatus(p.localPath); } catch { /* swallow — warming is opportunistic */ }
+      try { queries.warmProjectGitStatus(p.localPath, p.mainBranch); } catch { /* swallow — warming is opportunistic */ }
     }
   }
 }
@@ -151,6 +151,14 @@ function mergeSettingsConfigUpdate(current, candidate, body, patch = {}) {
       const currentProject = shared.findProjectByName(current.projects, update.name);
       if (!candidateProject || !currentProject) continue;
       currentProject.workSources = candidateProject.workSources;
+      // W-mpg3whgp000d09ec / #2732 — mirror mainBranch from candidate; empty
+      // / unset on candidate clears the field (matches handleSettingsUpdate
+      // semantics, which deletes the key when the operator submits blank).
+      if (Object.prototype.hasOwnProperty.call(candidateProject, 'mainBranch')) {
+        currentProject.mainBranch = candidateProject.mainBranch;
+      } else {
+        delete currentProject.mainBranch;
+      }
     }
   }
   shared.pruneDefaultClaudeConfig(current);
@@ -1638,12 +1646,19 @@ function _buildStatusSlowState() {
     })(),
     pipelines: (() => { try { const pl = require('./engine/pipeline'); return pl.getPipelines().map(p => ({ ...p, runs: (pl.getPipelineRuns()[p.id] || []).slice(-5) })); } catch { return []; } })(),
     pinned: (() => { try { return parsePinnedEntries(safeRead(PINNED_PATH)); } catch { return []; } })(),
-    projects: PROJECTS.map(p => ({
-      name: p.name,
-      path: p.localPath,
-      description: p.description || '',
-      ...getProjectGitStatus(p.localPath),
-    })),
+    projects: PROJECTS.map(p => {
+      const status = getProjectGitStatus(p.localPath, p.mainBranch);
+      const mainBranch = p.mainBranch || null;
+      const branchMismatch = !!(mainBranch && status.remoteDefaultBranch && mainBranch !== status.remoteDefaultBranch);
+      return {
+        name: p.name,
+        path: p.localPath,
+        description: p.description || '',
+        ...status,
+        mainBranch,
+        branchMismatch,
+      };
+    }),
     autoMode: {
       approvePlans: !!CONFIG.engine?.autoApprovePlans,
       decompose: CONFIG.engine?.autoDecompose !== false,
@@ -8131,6 +8146,8 @@ What would you like to discuss or change? When you're happy, say "approve" and I
         agents: config.agents || {},
         projects: (config.projects || []).map(p => ({
           name: p.name,
+          localPath: p.localPath || null,
+          mainBranch: p.mainBranch || null,
           workSources: {
             pullRequests: { enabled: p.workSources?.pullRequests?.enabled !== false, cooldownMinutes: p.workSources?.pullRequests?.cooldownMinutes ?? 30 },
             workItems: { enabled: p.workSources?.workItems?.enabled !== false, cooldownMinutes: p.workSources?.workItems?.cooldownMinutes ?? 0 }
@@ -8291,6 +8308,17 @@ What would you like to discuss or change? When you're happy, say "approve" and I
           if (_isClear(e.claudeFallbackModel)) _deleteEngineConfig('claudeFallbackModel');
           else _setEngineConfig('claudeFallbackModel', String(e.claudeFallbackModel));
         }
+        // W-mpg6isvy000xca4d — Copilot fallback model. Mirrors the
+        // claudeFallbackModel handler above. Empty / null clears; any string
+        // value is stored verbatim. The dispatch retry path (engine.js
+        // spawnAgent) reads engine.copilotFallbackModel when the previous
+        // failure was FAILURE_CLASS.MODEL_UNAVAILABLE and the runtime has
+        // capabilities.fallbackModel === false (Copilot has no --fallback-model
+        // flag, so we override --model directly).
+        if (e.copilotFallbackModel !== undefined) {
+          if (_isClear(e.copilotFallbackModel)) _deleteEngineConfig('copilotFallbackModel');
+          else _setEngineConfig('copilotFallbackModel', String(e.copilotFallbackModel));
+        }
         if (e.copilotStreamMode !== undefined) {
           const valid = ['on', 'off'];
           if (_isClear(e.copilotStreamMode)) _deleteEngineConfig('copilotStreamMode');
@@ -8444,6 +8472,14 @@ What would you like to discuss or change? When you're happy, say "approve" and I
             if (update.workSources.workItems.enabled !== undefined)
               proj.workSources.workItems.enabled = !!update.workSources.workItems.enabled;
           }
+          // W-mpg3whgp000d09ec / #2732 — operator-editable mainBranch.
+          // Empty string / null clears the override (engine falls back to
+          // origin/HEAD auto-detection); any other string trims + pins.
+          if (Object.prototype.hasOwnProperty.call(update, 'mainBranch')) {
+            const raw = update.mainBranch == null ? '' : String(update.mainBranch).trim();
+            if (raw) proj.mainBranch = raw;
+            else delete proj.mainBranch;
+          }
         }
       }
 

package/engine/ado.js

@@ -415,6 +415,213 @@ function votesToReviewStatus(votes) {
   return 'pending';
 }
 
+// ─── Reviewer Vote Snapshots (W-mpg58wv3) ────────────────────────────────────
+//
+// ADO's reviewer API does NOT include the source commit at which a reviewer
+// cast their vote. Without that signal the engine cannot tell a "still-stuck
+// stale -5" from a "freshly cast -5 the author hasn't responded to yet". This
+// snapshot file is the engine's own vote-time-SHA ledger: every time the
+// authenticated user's vote on a PR transitions (or is observed for the first
+// time), pollPrStatus writes (prId, reviewerId, vote, sourceCommit, observedAt)
+// here. The stuck-vote reaper then compares the snapshot's source commit
+// against the PR's current source commit.
+//
+// File: `engine/ado-vote-snapshots.json` (under MINIONS_DIR). Side-effect-free
+// reaper — warnings go to notes/inbox only; vote state is never mutated.
+//
+// Bounded by entry count and per-snapshot age via _pruneVoteSnapshots; ledger
+// is per-(PR, reviewer) so a re-vote replaces the prior entry in place.
+const VOTE_SNAPSHOT_FILE = 'ado-vote-snapshots.json';
+const VOTE_SNAPSHOT_MAX_ENTRIES = 500;
+const VOTE_SNAPSHOT_MAX_AGE_MS = 60 * 24 * 60 * 60 * 1000; // 60 days
+const STUCK_VOTE_AGE_THRESHOLD_MS = 24 * 60 * 60 * 1000;   // 24h — see issue #2739
+const STUCK_VOTE_WARN_INTERVAL_MS = 24 * 60 * 60 * 1000;   // dedupe per (PR, head SHA) within 24h
+
+function _voteSnapshotsPath() {
+  // Resolve lazily so tests that swap MINIONS_DIR via createTestMinionsDir()
+  // see the fresh value. shared.MINIONS_DIR is reassigned when MINIONS_TEST_DIR
+  // is set, but only when shared is re-required — which the helper does via
+  // `require('./shared').MINIONS_DIR`.
+  return path.join(require('./shared').MINIONS_DIR, 'engine', VOTE_SNAPSHOT_FILE);
+}
+
+function _normalizeSnapshotKey(prId, reviewerId) {
+  return `${String(prId || '').toLowerCase()}|${String(reviewerId || '').toLowerCase()}`;
+}
+
+function _pruneVoteSnapshots(snapshots, now) {
+  if (!Array.isArray(snapshots)) return [];
+  const cutoff = now - VOTE_SNAPSHOT_MAX_AGE_MS;
+  const live = snapshots.filter(s => {
+    if (!s || typeof s !== 'object') return false;
+    const observed = Date.parse(s.observedAt || '');
+    return Number.isFinite(observed) && observed >= cutoff;
+  });
+  // Drop the oldest entries when over the entry cap.
+  if (live.length > VOTE_SNAPSHOT_MAX_ENTRIES) {
+    live.sort((a, b) => Date.parse(a.observedAt) - Date.parse(b.observedAt));
+    return live.slice(live.length - VOTE_SNAPSHOT_MAX_ENTRIES);
+  }
+  return live;
+}
+
+/**
+ * Read+update the (prId, reviewerId) snapshot. Returns the prior snapshot
+ * BEFORE this update (or null if first observation) so the reaper can compare
+ * head SHA / vote / age against the new observation.
+ *
+ * Snapshot writes only fire on a transition (vote changed, source commit
+ * changed, or first observation). Identity observations are no-ops to keep
+ * the file from churning every poll.
+ */
+function _recordVoteSnapshot({ prId, reviewerId, vote, sourceCommit, now }) {
+  const path_ = _voteSnapshotsPath();
+  const key = _normalizeSnapshotKey(prId, reviewerId);
+  const nowIso = new Date(now).toISOString();
+  let prior = null;
+  try {
+    mutateJsonFileLocked(path_, (data) => {
+      const snapshots = Array.isArray(data?.snapshots) ? data.snapshots.slice() : [];
+      const idx = snapshots.findIndex(s => _normalizeSnapshotKey(s?.prId, s?.reviewerId) === key);
+      if (idx >= 0) {
+        prior = snapshots[idx];
+        if (prior.vote === vote && (prior.sourceCommit || '') === (sourceCommit || '')) {
+          // No transition — leave the snapshot untouched so we don't churn
+          // observedAt on every poll. Reaper uses the original observedAt.
+          return data;
+        }
+      }
+      const next = {
+        prId,
+        reviewerId,
+        vote,
+        sourceCommit: sourceCommit || '',
+        observedAt: nowIso,
+        // Carry the prior warning timestamp through transitions so the reaper
+        // dedup still fires on the same (PR, head SHA) across vote changes.
+        ...(prior?.lastWarningAt ? { lastWarningAt: prior.lastWarningAt } : {}),
+        ...(prior?.lastWarningSha ? { lastWarningSha: prior.lastWarningSha } : {}),
+      };
+      if (idx >= 0) snapshots[idx] = next;
+      else snapshots.push(next);
+      return { schemaVersion: 1, snapshots: _pruneVoteSnapshots(snapshots, now) };
+    }, { defaultValue: { schemaVersion: 1, snapshots: [] } });
+  } catch (e) {
+    log('warn', `vote-snapshot write for PR ${prId}: ${e.message}`);
+  }
+  return prior;
+}
+
+function _readVoteSnapshot(prId, reviewerId) {
+  try {
+    const data = shared.safeJson(_voteSnapshotsPath());
+    if (!data || !Array.isArray(data.snapshots)) return null;
+    const key = _normalizeSnapshotKey(prId, reviewerId);
+    return data.snapshots.find(s => _normalizeSnapshotKey(s?.prId, s?.reviewerId) === key) || null;
+  } catch { return null; }
+}
+
+function _recordVoteWarning(prId, reviewerId, headSha) {
+  const path_ = _voteSnapshotsPath();
+  const key = _normalizeSnapshotKey(prId, reviewerId);
+  try {
+    mutateJsonFileLocked(path_, (data) => {
+      const snapshots = Array.isArray(data?.snapshots) ? data.snapshots.slice() : [];
+      const idx = snapshots.findIndex(s => _normalizeSnapshotKey(s?.prId, s?.reviewerId) === key);
+      if (idx < 0) return data;
+      snapshots[idx] = { ...snapshots[idx], lastWarningAt: ts(), lastWarningSha: headSha || '' };
+      return { schemaVersion: 1, snapshots };
+    }, { defaultValue: { schemaVersion: 1, snapshots: [] } });
+  } catch (e) {
+    log('warn', `vote-snapshot warning timestamp for PR ${prId}: ${e.message}`);
+  }
+}
+
+/**
+ * W-mpg58wv3 — Stuck-vote reaper. Side-effect-free; writes ONE inbox warning
+ * per (PR id, head SHA) within 24h. Does NOT auto-dispatch, NOT touch the
+ * vote, NOT post a comment. Returns the slug used (truthy when a note was
+ * written, false when deduped/non-stuck).
+ *
+ * Detection: PR is active AND the authenticated reviewer's vote is < 0 AND
+ *   - The recorded vote-time SHA differs from the PR's current source SHA
+ *     (i.e. the author has pushed since the negative vote was cast), OR
+ *   - The vote is older than 24h AND no pending/in-flight re-review WI exists
+ *     for that PR.
+ */
+function _scanStuckVote({ pr, reviewerId, vote, sourceCommit, snapshot, now }) {
+  if (!pr || pr.status !== PR_STATUS.ACTIVE) return false;
+  if (!Number.isFinite(vote) || vote >= 0) return false;
+  if (!snapshot) return false;
+  const headSha = String(sourceCommit || '').trim();
+  const snapshotSha = String(snapshot.sourceCommit || '').trim();
+  const observedAt = Date.parse(snapshot.observedAt || '');
+  if (!Number.isFinite(observedAt)) return false;
+  const aged = (now - observedAt) >= STUCK_VOTE_AGE_THRESHOLD_MS;
+  const headMoved = headSha && snapshotSha && headSha !== snapshotSha;
+  const hasReReview = _hasPendingReReviewWi(pr);
+  const stuck = headMoved || (aged && !hasReReview);
+  if (!stuck) return false;
+
+  // Dedupe per (PR, head SHA) within 24h via the snapshot's lastWarningAt/Sha.
+  const lastWarningAt = Date.parse(snapshot.lastWarningAt || '');
+  const lastWarningSha = String(snapshot.lastWarningSha || '').trim();
+  if (Number.isFinite(lastWarningAt)
+      && lastWarningSha === headSha
+      && (now - lastWarningAt) < STUCK_VOTE_WARN_INTERVAL_MS) {
+    return false;
+  }
+
+  const trigger = headMoved ? 'head-sha-moved' : 'aged-no-rereview';
+  const slug = `prs-stuck-vote-${shared.safeSlugComponent(String(pr.id), 60)}-${headSha ? headSha.slice(0, 8) : 'nohead'}`;
+  const lines = [
+    `# Stuck reviewer vote warning: ${pr.id}`,
+    '',
+    `**PR:** ${pr.id}${pr.url ? ` — ${pr.url}` : ''}`,
+    `**Title:** ${pr.title || '(no title)'}`,
+    `**Reviewer:** ${reviewerId}`,
+    `**Vote:** ${vote}`,
+    `**Trigger:** ${trigger}`,
+    `**Vote-time SHA:** ${snapshotSha || '(unknown)'}`,
+    `**Current head SHA:** ${headSha || '(unknown)'}`,
+    `**Vote observed at:** ${snapshot.observedAt}`,
+    `**Pending re-review WI?** ${hasReReview ? 'yes' : 'no'}`,
+    '',
+    'This is a warning ONLY. The reaper does not auto-dispatch, vote, or post comments.',
+    'A human should decide whether to dispatch a manual re-review or reset the vote.',
+    '',
+    'See issue #2739 / W-mpg58wv3 for the design.',
+  ];
+  shared.writeToInbox('engine', slug, lines.join('\n'), null, {
+    pr: pr.id,
+    category: 'prs.stuck-vote',
+    head_sha: headSha,
+    trigger,
+  });
+  _recordVoteWarning(pr.id, reviewerId, headSha);
+  log('warn', `Stuck-vote warning for PR ${pr.id}: vote=${vote} trigger=${trigger}; wrote inbox note ${slug}`);
+  return slug;
+}
+
+/**
+ * Look for a pending/in-flight review WI bound to the same PR. Used by the
+ * reaper to suppress the "aged, no re-review" branch when the closure-loop
+ * has already fired. Read-only — uses the queries module to avoid leaking
+ * dispatch lock churn into the poll path.
+ */
+function _hasPendingReReviewWi(pr) {
+  if (!pr?.id) return false;
+  try {
+    const dispatchData = require('./queries').getDispatch();
+    const all = [...(dispatchData?.pending || []), ...(dispatchData?.active || [])];
+    return all.some(d => {
+      if (d?.type !== 'review') return false;
+      const targetId = d?.meta?.pr?.id || '';
+      return targetId === pr.id;
+    });
+  } catch { return false; }
+}
+
 // ─── ADO Token Cache ─────────────────────────────────────────────────────────
 
 let _adoTokenCache = { token: null, expiresAt: 0 };
@@ -905,6 +1112,49 @@ async function pollPrStatus(config) {
       shared.trackReviewMetric(pr, newReviewStatus, config);
     }
 
+    // W-mpg58wv3 — Vote-time-SHA snapshot + stuck-vote reaper. The ADO reviewer
+    // API doesn't surface the source commit at which a vote was cast, so we
+    // build that ledger ourselves: write a snapshot whenever the authenticated
+    // user's vote on this PR transitions (or is first observed) and check the
+    // stuck-vote rule on every poll. Reaper is side-effect-free — it writes an
+    // inbox warning only; never touches the vote, never auto-dispatches,
+    // never posts a comment. See engine/ado-vote-snapshots.json for storage.
+    try {
+      const identityData = await adoFetch(`${orgBase}/_apis/connectionData?api-version=7.1`, token, { timeout: 4000 }).catch(() => null);
+      const myId = identityData?.authenticatedUser?.id;
+      if (myId) {
+        const myReviewer = reviewers.find(r => String(r?.id || '').toLowerCase() === String(myId).toLowerCase());
+        const myVote = myReviewer && Number.isFinite(myReviewer.vote) ? myReviewer.vote : null;
+        if (myVote != null) {
+          const now = Date.now();
+          const prior = _recordVoteSnapshot({
+            prId: pr.id,
+            reviewerId: myId,
+            vote: myVote,
+            sourceCommit: sourceCommit || '',
+            now,
+          });
+          // Run the reaper using the snapshot the engine had BEFORE this poll
+          // (the prior write). On first observation `prior` is null and the
+          // reaper is a no-op — it needs a prior observedAt to evaluate
+          // "aged > 24h" and a prior sourceCommit to evaluate "head moved".
+          if (prior && myVote < 0) {
+            _scanStuckVote({
+              pr,
+              reviewerId: myId,
+              vote: myVote,
+              sourceCommit: sourceCommit || '',
+              snapshot: prior,
+              now,
+            });
+          }
+        }
+      }
+    } catch (e) {
+      // Reaper failures are non-fatal — never block the PR poll on them.
+      log('warn', `vote-snapshot/reaper for ${pr.id}: ${e.message}`);
+    }
+
     if (newStatus !== PR_STATUS.ACTIVE) return updated;
 
     // Query builds API directly — /statuses is unreliable (stale codecoverage postbacks).
@@ -1961,4 +2211,15 @@ module.exports = {
   parseCanonicalAdoPrId,
   isAdoRepairCandidateCompatible,
   getMissingAdoProjectConfigFields,
+  // W-mpg58wv3 — vote-snapshot / stuck-vote reaper helpers (exported for testing).
+  _recordVoteSnapshot,
+  _readVoteSnapshot,
+  _scanStuckVote,
+  _hasPendingReReviewWi,
+  _pruneVoteSnapshots,
+  _voteSnapshotsPath,
+  VOTE_SNAPSHOT_MAX_ENTRIES,
+  VOTE_SNAPSHOT_MAX_AGE_MS,
+  STUCK_VOTE_AGE_THRESHOLD_MS,
+  STUCK_VOTE_WARN_INTERVAL_MS,
 };

package/engine/dispatch.js

@@ -654,6 +654,12 @@ function completeDispatch(id, result = DISPATCH_RESULT.SUCCESS, reason = '', res
                   wi.status = WI_STATUS.PENDING;
                   wi._lastRetryReason = reason || '';
                   wi._lastRetryAt = ts();
+                  // W-mpg6isvy000xca4d — surface the previous failure class so the
+                  // next spawn can swap in a runtime-appropriate fallback model
+                  // when the previous attempt was bounced for MODEL_UNAVAILABLE
+                  // (overloaded_error / 503). Empty string clears any stale
+                  // value from an earlier failure cycle.
+                  wi._lastFailureClass = failureClass || '';
                   delete wi.failReason;
                   delete wi.failedAt;
                   delete wi.dispatched_at;
@@ -683,6 +689,7 @@ function completeDispatch(id, result = DISPATCH_RESULT.SUCCESS, reason = '', res
             [FAILURE_CLASS.INVALID_MANAGED_SPAWN]: 'managed-spawn.json failed validation (bad schema, workdir, or allowlist — see inbox alert)',
             [FAILURE_CLASS.MANAGED_SPAWN_HEALTHCHECK_FAILED]: 'managed-spawn spec(s) failed healthcheck within timeout (failing PIDs killed; surviving siblings stay alive)',
             [FAILURE_CLASS.INJECTION_FLAGGED]: 'agent flagged a prompt-injection attempt in spliced untrusted content — human review of the listed sources required before re-dispatch',
+            [FAILURE_CLASS.MODEL_UNAVAILABLE]: 'requested model returned overloaded/503 — fallback model swapped in for retry',
             [FAILURE_CLASS.UNKNOWN]: 'unknown error',
           };
           const classLabel = failureClass ? (CLASS_LABELS[failureClass] || failureClass) : '';

package/engine/lifecycle.js

@@ -1752,12 +1752,19 @@ async function updatePrAfterReview(agentId, pr, project, config, resultSummary,
       }
     }
     target.lastReviewedAt = ts();
+    // W-mpg58wv3 — best-effort capture of thread ids the review cited. Used
+    // downstream by buildPrDispatch when spawning the review-feedback fix WI
+    // (meta.addresses_threads) so the closure-loop reaper can correlate. Accept
+    // a few common shapes from the completion report (threads / addresses_threads
+    // / thread_ids); fall through silently if none are present.
+    const reviewThreads = extractReviewThreadIds(structuredCompletion);
     target.minionsReview = {
       reviewer: reviewerName,
       reviewedAt: ts(),
       note: reviewNote,
       dispatchId: dispatchItem?.id || structuredCompletion?.dispatchId || null,
       sourceItem: dispatchItem?.meta?.item?.id || null,
+      ...(reviewThreads.length > 0 ? { threads: reviewThreads } : {}),
       // Preserve fixedAt across re-reviews so the poller guard knows a fix was pushed.
       // Drop it when reviewer requests changes again — that starts a new fix cycle.
       ...(target.minionsReview?.fixedAt && postReviewStatus !== 'changes-requested' ? { fixedAt: target.minionsReview.fixedAt } : {}),
@@ -3212,6 +3219,37 @@ function reviewVerdictFromCompletion(completion) {
   return normalizeReviewVerdict(completion.verdict || completion.review_verdict || completion.reviewVerdict);
 }
 
+/**
+ * W-mpg58wv3 — Best-effort extraction of ADO/GitHub thread ids the review cited.
+ * Accepts a few common shapes the agent may emit on the structured completion:
+ *   - addresses_threads: [123, 456]           (canonical, matches the meta key on the spawned fix WI)
+ *   - threads: [123, 456]
+ *   - thread_ids: ["123", "456"]
+ * Scans nested `artifacts[]` entries too for `type: 'thread'` with a numeric id.
+ * Returns a deduped numeric array; empty when no signal is present.
+ */
+function extractReviewThreadIds(completion) {
+  if (!completion || typeof completion !== 'object') return [];
+  const ids = new Set();
+  const addCandidate = (value) => {
+    if (value == null) return;
+    if (Array.isArray(value)) { for (const v of value) addCandidate(v); return; }
+    const n = parseInt(String(value).trim(), 10);
+    if (Number.isFinite(n) && n > 0) ids.add(n);
+  };
+  addCandidate(completion.addresses_threads);
+  addCandidate(completion.threads);
+  addCandidate(completion.thread_ids);
+  if (Array.isArray(completion.artifacts)) {
+    for (const a of completion.artifacts) {
+      if (a && typeof a === 'object' && (a.type === 'thread' || a.type === 'ado-thread')) {
+        addCandidate(a.id ?? a.path ?? a.value);
+      }
+    }
+  }
+  return Array.from(ids);
+}
+
 function reviewContentMatchesPr(content, pr, project) {
   const text = String(content || '').trim();
   if (!text) return false;
@@ -3511,6 +3549,136 @@ function handleDecompositionResult(stdout, meta, config, runtimeName) {
   return 0;
 }
 
+/**
+ * W-mpg58wv3 — auto-dispatch a re-review WI when a fix-WI born from a minion
+ * REQUEST_CHANGES marks done. Closure-loop for the shared Yemi reviewer slot:
+ * without a re-review, the stale -5 vote sits on the PR indefinitely and
+ * blocks auto-complete (live repro: ADO PR 5216166, 3 days stuck).
+ *
+ * Behavior:
+ *   - Returns silently when meta.addresses_review_wi is unset (this fix WI did
+ *     not originate from a minion REQUEST_CHANGES — nothing to close).
+ *   - Returns silently when the PR is no longer active, or when its current
+ *     reviewStatus is not in {changes-requested, waiting}. An already-approved
+ *     PR doesn't need a re-review.
+ *   - Idempotent: getPrDispatchDedupeKey + addToDispatch dedup already skips a
+ *     second review dispatch for the same (PR, type). No second WI ever lands.
+ *   - Soft agent preference: agents whose charter advertises code-review or
+ *     design-review skills are tried first via agentHints; resolveAgent falls
+ *     back to any idle reviewer (and finally a temp agent) without blocking
+ *     on a specific reviewer. The PR author is excluded under the self-review
+ *     ban. If even the deferred ANY_AGENT placeholder cannot be built, log and
+ *     skip — the existing discovery-driven re-review path (engine.js:~4249)
+ *     will re-evaluate on the next tick.
+ *   - All RMW on dispatch.json goes through addToDispatch (mutateDispatch), per
+ *     the concurrency rules in CLAUDE.md.
+ */
+function dispatchReReviewForFix(fixDispatchItem, meta, config) {
+  const addressesReviewWi = meta?.addresses_review_wi || meta?.item?.meta?.addresses_review_wi || null;
+  if (!addressesReviewWi) return null;
+  const pr = meta?.pr;
+  if (!pr?.id) return null;
+  // Re-read live PR state so we don't queue a re-review against an already
+  // merged/abandoned PR. The post-completion fix-update may have just flipped
+  // reviewStatus to 'waiting'; consult that fresh state via the central read.
+  const project = meta.project || null;
+  let livePr = pr;
+  try {
+    const prPath = project ? shared.projectPrPath(project) : null;
+    if (prPath) {
+      const prs = shared.safeJsonArr(prPath);
+      const target = shared.findPrRecord(prs, pr, project);
+      if (target) livePr = target;
+    }
+  } catch { /* fall through to dispatch meta copy */ }
+  if (livePr.status && livePr.status !== PR_STATUS.ACTIVE) {
+    log('info', `Re-review skipped for ${pr.id}: PR status is ${livePr.status}`);
+    return null;
+  }
+  const reviewStatus = livePr.reviewStatus || '';
+  if (reviewStatus !== 'changes-requested' && reviewStatus !== 'waiting') {
+    log('info', `Re-review skipped for ${pr.id}: reviewStatus=${reviewStatus || 'pending'} (only changes-requested/waiting trigger closure-loop)`);
+    return null;
+  }
+
+  const routing = require('./routing');
+  const playbook = require('./playbook');
+  const dispatchModule = require('./dispatch');
+
+  const reviewAuthor = livePr.agent || pr.agent || null;
+  const agentHints = pickReReviewAgentHints(config, { excludeAgent: reviewAuthor });
+  const resolveOpts = reviewAuthor ? { excludeAgent: reviewAuthor, agentHints } : { agentHints };
+  const agentId = routing.resolveAgent('review', config, resolveOpts);
+  const prNumber = shared.getPrNumber(livePr);
+  const prBranch = livePr.branch || livePr._branch || meta.branch || '';
+  const projMeta = project;
+  const headSha = String(livePr.headSha || livePr._adoSourceCommit || livePr._adoHeadCommit || pr.headSha || '').trim();
+  const reReviewKey = `rereview-${project?.name || 'default'}-${shared.getPrDisplayId ? shared.getPrDisplayId(livePr) : pr.id}-${headSha ? headSha.slice(0, 8) : 'nohead'}`;
+  const rereviewMeta = {
+    dispatchKey: reReviewKey,
+    source: 'pr',
+    pr: livePr,
+    branch: prBranch,
+    project: projMeta,
+    rereview_of: fixDispatchItem?.id || null,
+    addresses_review_wi: addressesReviewWi,
+  };
+  const extraVars = {
+    pr_id: livePr.id, pr_number: prNumber, pr_title: livePr.title || '', pr_branch: prBranch,
+    pr_author: reviewAuthor || '', pr_url: livePr.url || '',
+  };
+  if (!agentId) {
+    rereviewMeta.deferReviewerResolution = true;
+    const deferred = playbook.buildPrDispatch(routing.ANY_AGENT, config, project, livePr, 'review', extraVars,
+      `Re-review ${livePr.id}: ${livePr.title || ''} — auto-closure after fix ${fixDispatchItem?.id || ''}`,
+      rereviewMeta);
+    if (!deferred) {
+      log('warn', `Re-review build failed for ${pr.id}: buildPrDispatch returned null (missing playbook vars?)`);
+      return null;
+    }
+    deferred._pendingReason = 'no_non_author_reviewer';
+    const dispatchId = dispatchModule.addToDispatch(deferred);
+    if (dispatchId) {
+      log('info', `Re-review queued (deferred — no non-author reviewer) for ${pr.id} after fix ${fixDispatchItem?.id || ''}: dispatch=${dispatchId}`);
+    }
+    return dispatchId;
+  }
+  const item = playbook.buildPrDispatch(agentId, config, project, livePr, 'review', extraVars,
+    `Re-review ${livePr.id}: ${livePr.title || ''} — auto-closure after fix ${fixDispatchItem?.id || ''}`,
+    rereviewMeta);
+  if (!item) {
+    log('warn', `Re-review build failed for ${pr.id}: buildPrDispatch returned null (missing playbook vars?)`);
+    return null;
+  }
+  const dispatchId = dispatchModule.addToDispatch(item);
+  if (dispatchId) {
+    log('info', `Re-review queued for ${pr.id} after fix ${fixDispatchItem?.id || ''}: dispatch=${dispatchId} agent=${agentId}`);
+  }
+  return dispatchId;
+}
+
+/**
+ * W-mpg58wv3 — Soft preference picker for re-review agent assignment. Returns
+ * a list of agent IDs whose configured skills include any of
+ * REVIEW_SKILL_TAGS; the caller passes this to resolveAgent as `agentHints`,
+ * which tries each in order before falling through to the default routing
+ * path. Empty list when no configured agent has a review skill — the standard
+ * review route still wins, so no PR ever blocks waiting for a specific agent.
+ */
+const REVIEW_SKILL_TAGS = ['code-review', 'design-review'];
+function pickReReviewAgentHints(config, opts = {}) {
+  const agents = config?.agents || {};
+  const excludeKey = opts.excludeAgent ? String(opts.excludeAgent).toLowerCase() : null;
+  const out = [];
+  for (const [id, agent] of Object.entries(agents)) {
+    if (excludeKey && String(id).toLowerCase() === excludeKey) continue;
+    const skills = Array.isArray(agent?.skills) ? agent.skills : [];
+    const lowered = skills.map(s => String(s || '').toLowerCase());
+    if (REVIEW_SKILL_TAGS.some(tag => lowered.includes(tag))) out.push(id);
+  }
+  return out;
+}
+
 async function runPostCompletionHooks(dispatchItem, agentId, code, stdout, config, opts) {
 
   const detectPhantom = !!(opts && opts.detectPhantom);
@@ -4146,6 +4314,19 @@ async function runPostCompletionHooks(dispatchItem, agentId, code, stdout, confi
       config,
       noopReason: noopRationale || meta?._noopReason || '',
     });
+    // W-mpg58wv3 — closure-loop dispatch. When the completed fix WI was spawned
+    // to address a minion REQUEST_CHANGES (its meta carries
+    // addresses_review_wi), queue a re-review WI for the same PR so the Yemi
+    // reviewer slot can't sit at -5 indefinitely. Idempotent via the PR-target
+    // dedup in addToDispatch; agent assignment is a soft preference (review-
+    // skilled agents first, then any idle agent) — NEVER block on a specific
+    // reviewer. See engine/ado.js:resetReviewerNegativeVote for the verdict-
+    // flip reset that fires on the resulting APPROVE.
+    try {
+      dispatchReReviewForFix(dispatchItem, meta, config);
+    } catch (err) {
+      log('warn', `Re-review auto-dispatch for ${meta?.pr?.id || 'unknown PR'}: ${err.message}`);
+    }
     // (#984) Sync PRD status for PR-linked features: fix work items have a different ID
     // than the original PRD feature, so syncPrdItemStatus(fixWiId, ...) finds nothing.
     // Use the PR's prdItems to propagate done status when the original work item is done.
@@ -4386,4 +4567,9 @@ module.exports = {
   extractDecompositionJson,
   handleDecompositionResult,
   processCompletionFollowups,
+  // W-mpg58wv3 — closure-loop dispatch helpers (exported for testing).
+  dispatchReReviewForFix,
+  pickReReviewAgentHints,
+  extractReviewThreadIds,
+  REVIEW_SKILL_TAGS,
 };

package/engine/queries.js

@@ -1633,9 +1633,13 @@ function resetPrdInfoCache() {
 // the second-Map sync hazard.
 const _projectGitStatusCache = new Map();
 const PROJECT_GIT_STATUS_TTL = 300000; // 5 minutes
-const PROJECT_GIT_STATUS_PENDING = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'pending' });
-const PROJECT_GIT_STATUS_MISSING = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'missing' });
-const PROJECT_GIT_STATUS_NON_GIT = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'non-git' });
+// Default null comparator fields so callers can blindly spread the result into
+// the /api/status payload without per-state branching (W-mpg3whgp000d09ec).
+// `remoteDefaultBranch` / `ahead` / `behind` are populated only by the `ok`
+// probe path; the placeholders always serialize as null.
+const PROJECT_GIT_STATUS_PENDING = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'pending', remoteDefaultBranch: null, ahead: null, behind: null });
+const PROJECT_GIT_STATUS_MISSING = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'missing', remoteDefaultBranch: null, ahead: null, behind: null });
+const PROJECT_GIT_STATUS_NON_GIT = Object.freeze({ gitBranch: null, gitDetached: false, gitDirty: false, gitState: 'non-git', remoteDefaultBranch: null, ahead: null, behind: null });
 
 // Async git invocation. Promise-returning so getProjectGitStatus can fire
 // background refreshes without blocking the event loop. Pipes stderr to keep
@@ -1658,7 +1662,13 @@ function _gitExec(localPath, args) {
 // Probe a single project. Returns the resolved status value. Used both by the
 // background refresh path inside getProjectGitStatus and by test code that
 // wants to drive a probe to completion deterministically.
-async function _probeProjectGitStatus(localPath) {
+//
+// `configuredMainBranch` (W-mpg3whgp000d09ec) — when supplied, the probe
+// computes ahead/behind counts of HEAD vs `origin/<configuredMainBranch>`.
+// When omitted, the probe falls back to the auto-detected `remoteDefaultBranch`
+// for the comparator. Pass null/undefined to skip ahead/behind entirely when
+// no comparator is resolvable.
+async function _probeProjectGitStatus(localPath, configuredMainBranch) {
   try {
     if (!fs.existsSync(localPath)) return PROJECT_GIT_STATUS_MISSING;
     let isRepo = false;
@@ -1682,18 +1692,49 @@ async function _probeProjectGitStatus(localPath) {
       const status = await _gitExec(localPath, ['status', '--porcelain', '--untracked-files=no']);
       dirty = status.length > 0;
     } catch { dirty = false; }
-    return { gitBranch: branch, gitDetached: detached, gitDirty: dirty, gitState: 'ok' };
+    // Remote default branch: `git symbolic-ref --quiet --short refs/remotes/origin/HEAD`
+    // returns `origin/<branch>`. Strip the `origin/` prefix. Null when the
+    // remote HEAD ref isn't set (e.g. after a shallow clone or a freshly-added
+    // remote without `git remote set-head origin --auto`).
+    let remoteDefaultBranch = null;
+    try {
+      const raw = (await _gitExec(localPath, ['symbolic-ref', '--quiet', '--short', 'refs/remotes/origin/HEAD'])).trim();
+      if (raw.startsWith('origin/')) remoteDefaultBranch = raw.slice('origin/'.length) || null;
+      else if (raw) remoteDefaultBranch = raw;
+    } catch { remoteDefaultBranch = null; }
+    // Ahead/behind vs origin/<comparator>. Comparator picks the configured
+    // mainBranch first (since the operator explicitly chose it) and falls
+    // back to the remote default. Skip when no comparator is resolvable.
+    // Compare HEAD (not `branch`) so detached-HEAD probes still work and we
+    // never have to escape branch names with slashes (e.g. `release/2.0`).
+    let ahead = null;
+    let behind = null;
+    const comparator = (configuredMainBranch && String(configuredMainBranch).trim()) || remoteDefaultBranch;
+    if (comparator) {
+      try {
+        const out = (await _gitExec(localPath, ['rev-list', '--left-right', '--count', `HEAD...origin/${comparator}`])).trim();
+        // Output format: "<ahead>\t<behind>". Tab-separated.
+        const parts = out.split(/\s+/);
+        if (parts.length >= 2) {
+          const a = Number.parseInt(parts[0], 10);
+          const b = Number.parseInt(parts[1], 10);
+          if (Number.isFinite(a)) ahead = a;
+          if (Number.isFinite(b)) behind = b;
+        }
+      } catch { /* origin/<comparator> missing — ahead/behind stay null */ }
+    }
+    return { gitBranch: branch, gitDetached: detached, gitDirty: dirty, gitState: 'ok', remoteDefaultBranch, ahead, behind };
   } catch {
     // Defensive — never let a git probe failure escape this helper.
     return PROJECT_GIT_STATUS_MISSING;
   }
 }
 
-function _scheduleProjectGitStatusRefresh(localPath, key) {
+function _scheduleProjectGitStatusRefresh(localPath, key, configuredMainBranch) {
   const existing = _projectGitStatusCache.get(key);
   if (existing && existing.promise) return existing.promise;
   const entry = existing || { ts: 0, value: PROJECT_GIT_STATUS_PENDING, promise: null };
-  entry.promise = _probeProjectGitStatus(localPath).then(value => {
+  entry.promise = _probeProjectGitStatus(localPath, configuredMainBranch).then(value => {
     entry.ts = Date.now();
     entry.value = value;
     entry.promise = null;
@@ -1706,9 +1747,19 @@ function _scheduleProjectGitStatusRefresh(localPath, key) {
   return entry.promise;
 }
 
-function getProjectGitStatus(localPath) {
-  const key = String(localPath || '').replace(/\\/g, '/');
-  if (!key) return PROJECT_GIT_STATUS_MISSING;
+// Cache key combines localPath + comparator so a project whose configured
+// mainBranch changes (e.g. operator edits config.json from `main` → `master`)
+// gets fresh ahead/behind counts on the next read instead of waiting out the
+// TTL on stale comparator output.
+function _projectGitStatusCacheKey(localPath, configuredMainBranch) {
+  const norm = String(localPath || '').replace(/\\/g, '/');
+  return norm + '::' + (configuredMainBranch ? String(configuredMainBranch).trim() : '');
+}
+
+function getProjectGitStatus(localPath, configuredMainBranch = null) {
+  const norm = String(localPath || '').replace(/\\/g, '/');
+  if (!norm) return PROJECT_GIT_STATUS_MISSING;
+  const key = _projectGitStatusCacheKey(localPath, configuredMainBranch);
   const now = Date.now();
   const cached = _projectGitStatusCache.get(key);
   if (cached && cached.ts && (now - cached.ts) < PROJECT_GIT_STATUS_TTL) return cached.value;
@@ -1721,7 +1772,7 @@ function getProjectGitStatus(localPath) {
   // Stale or never-populated — kick off a background refresh and return the
   // previous value (or pending placeholder on the very first call). The next
   // /api/status response after the refresh settles will have fresh data.
-  _scheduleProjectGitStatusRefresh(localPath, key);
+  _scheduleProjectGitStatusRefresh(localPath, key, configuredMainBranch);
   return cached ? cached.value : PROJECT_GIT_STATUS_PENDING;
 }
 
@@ -1729,10 +1780,11 @@ function getProjectGitStatus(localPath) {
 // pre-warm the cache for every configured project so the first /api/status
 // after restart already has data. Also used by tests to settle the async
 // probe deterministically.
-function warmProjectGitStatus(localPath) {
-  const key = String(localPath || '').replace(/\\/g, '/');
-  if (!key) return Promise.resolve();
-  return _scheduleProjectGitStatusRefresh(localPath, key);
+function warmProjectGitStatus(localPath, configuredMainBranch = null) {
+  const norm = String(localPath || '').replace(/\\/g, '/');
+  if (!norm) return Promise.resolve();
+  const key = _projectGitStatusCacheKey(localPath, configuredMainBranch);
+  return _scheduleProjectGitStatusRefresh(localPath, key, configuredMainBranch);
 }
 
 // Wait for every in-flight probe to settle. Test helper.

package/engine/runtimes/claude.js

@@ -412,6 +412,7 @@ function usesSystemPromptFile({ isResume } = {}) {
 function _runtimeFailureClass(code) {
   if (code === 'auth-failure' || code === 'budget-exceeded') return FAILURE_CLASS.PERMISSION_BLOCKED;
   if (code === 'context-limit') return FAILURE_CLASS.OUT_OF_CONTEXT;
+  if (code === 'model-unavailable') return FAILURE_CLASS.MODEL_UNAVAILABLE;
   if (code === 'crash') return FAILURE_CLASS.SPAWN_ERROR;
   return null;
 }
@@ -552,6 +553,16 @@ function parseError(rawOutput) {
   if (/budget.*exceed|max.budget.usd.*reach|cost.*limit.*exceed/i.test(lower)) {
     return { message: 'Claude budget cap exceeded — check your Claude account spending limit.', code: 'budget-exceeded', retriable: false };
   }
+  // W-mpg6isvy000xca4d — Anthropic overload / 503 / service-unavailable. Claude's
+  // own `--fallback-model` only fires on 429 (rate-limit); these failure modes
+  // hang the agent until the 5h timeout. Classify as MODEL_UNAVAILABLE so the
+  // dispatch loop retries with the runtime-appropriate fallback model. Match
+  // before the crash branch — Anthropic's overloaded responses can include
+  // "internal error" / "panic"-style phrasing that would otherwise be misread
+  // as a CLI crash.
+  if (/overloaded_error|service[_ ]unavailable|model.*(?:unavailable|overloaded)|\b503\b|temporarily unavailable/i.test(text)) {
+    return { message: 'Claude model temporarily unavailable (overloaded / 503)', code: 'model-unavailable', retriable: true };
+  }
   if (/internal error|panic|segmentation fault|claude.*crashed|fatal: claude/i.test(lower)) {
     return { message: 'Claude CLI crashed unexpectedly. Try again.', code: 'crash', retriable: true };
   }

package/engine/runtimes/copilot.js

@@ -602,6 +602,7 @@ function usesSystemPromptFile() {
 function _runtimeFailureClass(code) {
   if (code === 'auth-failure' || code === 'budget-exceeded') return FAILURE_CLASS.PERMISSION_BLOCKED;
   if (code === 'unknown-model') return FAILURE_CLASS.CONFIG_ERROR;
+  if (code === 'model-unavailable') return FAILURE_CLASS.MODEL_UNAVAILABLE;
   if (code === 'rate-limit') return FAILURE_CLASS.NETWORK_ERROR;
   if (code === 'crash') return FAILURE_CLASS.SPAWN_ERROR;
   return null;
@@ -844,6 +845,14 @@ function parseError(rawOutput) {
   if (hasExplicitAuthFailure || hasAuthStatusCode) {
     return { message: text, code: 'auth-failure', retriable: false };
   }
+  // W-mpg6isvy000xca4d — Copilot has no --fallback-model flag; classify
+  // overloaded / 503 / service_unavailable as MODEL_UNAVAILABLE so the engine
+  // retry can OVERRIDE --model with engine.copilotFallbackModel. Match before
+  // rate-limit so 503/overload never gets misread as a 429 (which would
+  // bucket into NETWORK_ERROR and re-spawn against the same broken model).
+  if (/overloaded_error|service[_ ]unavailable|model.*(?:unavailable|overloaded)|\b503\b|temporarily unavailable/i.test(text)) {
+    return { message: text, code: 'model-unavailable', retriable: true };
+  }
   if (/rate limit|too many requests|\b429\b/i.test(text)) {
     return { message: text, code: 'rate-limit', retriable: true };
   }

package/engine/shared.js

@@ -1764,7 +1764,8 @@ const ENGINE_DEFAULTS = {
   ccCli: undefined,              // CC/doc-chat CLI override; undefined = inherit defaultCli (independent of agent path)
   ccModel: undefined,            // CC/doc-chat model override; undefined = inherit defaultModel
   claudeBareMode: false,         // Claude --bare: suppress CLAUDE.md auto-discovery (per-agent override: agents.<id>.bareMode)
-  claudeFallbackModel: undefined,// Claude --fallback-model on rate-limit / overload (Claude-only)
+  claudeFallbackModel: undefined,// Claude --fallback-model — Claude CLI honors this on rate-limit (429) only; engine retry on FAILURE_CLASS.MODEL_UNAVAILABLE keeps the flag passed so the CLI can swap internally
+  copilotFallbackModel: undefined,// W-mpg6isvy000xca4d: Copilot has no --fallback-model flag; engine retry on FAILURE_CLASS.MODEL_UNAVAILABLE OVERRIDES --model directly with this value (separate knob from claudeFallbackModel because model namespaces differ across runtimes)
   copilotDisableBuiltinMcps: true,   // Copilot --disable-builtin-mcps: keep github-mcp-server out so it can't bypass pull-requests.json tracking
   copilotSuppressAgentsMd: true,     // Copilot --no-custom-instructions: stop AGENTS.md auto-load from fighting Minions playbook prompts
   copilotStreamMode: 'on',           // Copilot --stream <on|off>: 'on' streams assistant.message_delta events live; 'off' batches them
@@ -2606,6 +2607,7 @@ const FAILURE_CLASS = {
   INVALID_MANAGED_SPAWN: 'invalid-managed-spawn', // P-7a3b1c92: agents/<id>/managed-spawn.json failed validator (bad schema, broken workdir, executable/env not on allowlist, healthcheck shape wrong). Engine refuses to spawn any spec — agent must fix file; never retryable as-is.
   MANAGED_SPAWN_HEALTHCHECK_FAILED: 'managed-spawn-healthcheck-failed', // P-7a3b1c92: at least one managed-spawn spec was spawned but failed its healthcheck within timeout_s. Engine killed the failing PIDs; siblings stay alive. Dispatch ERROR with the failing spec name + log tail surfaced in the inbox alert.
   INJECTION_FLAGGED: 'injection-flagged', // F5 (W-mpeklod3000we69c): the agent set `securityFlags.injectionAttempt:true` in its completion report after spotting a prompt-injection attempt inside an <UNTRUSTED-INPUT> fence. Engine writes a security inbox note + stamps `_securityFlag` on the WI and treats the dispatch as non-retryable so a human can review the source before the agent re-runs.
+  MODEL_UNAVAILABLE: 'model-unavailable', // W-mpg6isvy000xca4d: requested model returned overloaded_error / 503 / service_unavailable. Retriable — engine swaps in the runtime-appropriate fallback model on next spawn (Claude leans on --fallback-model already plumbed; Copilot overrides --model with engine.copilotFallbackModel).
   UNKNOWN: 'unknown',                     // Unclassified failure
 };
 const ESCALATION_POLICY = {

package/engine.js

@@ -148,6 +148,12 @@ const { renderPlaybook, validatePlaybookVars, PLAYBOOK_REQUIRED_VARS,
   buildBaseVars, buildPrDispatch, resolveTaskContext,
   getRepoHost, getRepoHostLabel, getRepoHostToolRule } = require('./engine/playbook');
 
+// Per-slug GitHub PAT resolution — mirrors getAdoToken/MINIONS_ADO_TOKEN.
+// Used at agent spawn time to inject GH_TOKEN for GitHub projects so child
+// `gh`/`git push` calls authenticate as the right account without falling
+// through to an interactive `gh auth login` device-code flow.
+const ghToken = require('./engine/gh-token');
+
 // sanitizeBranch imported from shared.js
 
 // ─── Lifecycle (extracted to engine/lifecycle.js) ────────────────────────────
@@ -1681,6 +1687,27 @@ async function spawnAgent(dispatchItem, config) {
   const resolvedMaxBudget = shared.resolveAgentMaxBudget(agentConfig, engineConfig);
   const resolvedBare = shared.resolveAgentBareMode(agentConfig, engineConfig);
 
+  // W-mpg6isvy000xca4d — On retry after FAILURE_CLASS.MODEL_UNAVAILABLE, swap
+  // to the runtime-appropriate fallback model. Two paths gated on
+  // `runtime.capabilities.fallbackModel` (no `runtime.name === ...` branches):
+  //   - Capability TRUE (Claude): the CLI's own --fallback-model handles
+  //     the swap on 429. We keep `engineConfig.claudeFallbackModel` plumbed
+  //     unconditionally via the fallbackModel opt below; no model override
+  //     needed at the engine layer.
+  //   - Capability FALSE (Copilot): no --fallback-model flag exists, so we
+  //     OVERRIDE the --model arg directly with engine.copilotFallbackModel
+  //     for this retry attempt only. The work item's _lastFailureClass is
+  //     written by dispatch.js's retry block; the next normal dispatch loop
+  //     pick-up re-reads it through meta.item.
+  let effectiveModel = resolvedModel;
+  const prevFailureClass = meta?.item?._lastFailureClass || null;
+  if (prevFailureClass === FAILURE_CLASS.MODEL_UNAVAILABLE
+      && runtime.capabilities?.fallbackModel === false
+      && engineConfig.copilotFallbackModel) {
+    effectiveModel = engineConfig.copilotFallbackModel;
+    log('info', `MODEL_UNAVAILABLE retry: ${runtimeName} ${id} — overriding --model to ${effectiveModel}`);
+  }
+
   const requestedEffort = engineConfig.agentEffort || null;
 
   let cachedSessionId = null;
@@ -1698,7 +1725,7 @@ async function spawnAgent(dispatchItem, config) {
   }
 
   const args = _buildAgentSpawnFlags(runtime, {
-    model: resolvedModel,
+    model: effectiveModel,
     maxTurns: _maxTurnsForType(type, engineConfig),
     allowedTools: claudeConfig.allowedTools,
     effort: requestedEffort,
@@ -1735,6 +1762,17 @@ async function spawnAgent(dispatchItem, config) {
     childEnv.MINIONS_KEEP_PROCESSES_SKIP_WORKDIR_CHECK = '1';
   }
 
+  // W-mpg54mi2000n7b7e — suppress Git's interactive credential prompts and
+  // Git Credential Manager's GUI dialog for every agent spawn. Without these,
+  // a child `git push` against a private repo whose cached PAT expired pops a
+  // Windows credential window the agent can never dismiss, hanging the
+  // dispatch until the 5h agentTimeout wall-clock kill. Mirrors
+  // shared.gitEnv() which already sets these for the engine's own git ops.
+  // These vars are cheap and only take effect when git is invoked, so we set
+  // them unconditionally regardless of repo host.
+  childEnv.GIT_TERMINAL_PROMPT = '0';
+  childEnv.GCM_INTERACTIVE = 'never';
+
   if (getRepoHost(project) === 'ado') {
     // Inject cached ADO token so ADO agents skip re-authentication (#998).
     // getAdoToken() returns cached token (30-min TTL) or null — never blocks on browser auth.
@@ -1742,6 +1780,19 @@ async function spawnAgent(dispatchItem, config) {
       const adoToken = await getAdoToken();
       if (adoToken) childEnv.MINIONS_ADO_TOKEN = adoToken;
     } catch { /* non-fatal — agent can still authenticate on its own */ }
+  } else if (getRepoHost(project) === 'github') {
+    // W-mpg54mi2000n7b7e — inject a per-slug GitHub PAT so child `gh`/`git`
+    // calls authenticate as the right account without any `gh auth login`
+    // interactive flow. Resolution honors config.engine.ghAccounts via
+    // engine/gh-token.js (exact owner → owner-glob → fleet default → null).
+    // Mirrors the MINIONS_ADO_TOKEN injection above for ADO projects.
+    try {
+      const slug = shared.getProjectOrg(project) && project?.repoName
+        ? `${shared.getProjectOrg(project)}/${project.repoName}`
+        : null;
+      const ghTok = slug ? ghToken.resolveTokenForSlug(slug) : null;
+      if (ghTok) childEnv.GH_TOKEN = ghTok;
+    } catch { /* non-fatal — agent can still authenticate on its own */ }
   }
 
   // Spawn via wrapper script — node directly (no bash intermediary)
@@ -2017,7 +2068,7 @@ async function spawnAgent(dispatchItem, config) {
       }
 
       const resumeArgs = _buildAgentSpawnFlags(runtime, {
-        model: resolvedModel,
+        model: effectiveModel,
         maxTurns: engineConfig?.maxTurns || ENGINE_DEFAULTS.maxTurns,
         allowedTools: claudeConfig?.allowedTools,
         sessionId: steerSessionId,
@@ -2048,12 +2099,28 @@ async function spawnAgent(dispatchItem, config) {
       if (completionNonce) childEnv.MINIONS_COMPLETION_NONCE = completionNonce;
       childEnv.MINIONS_LIVE_OUTPUT_PATH = liveOutputPath;
       childEnv.MINIONS_REPO_HOST = getRepoHost(project);
+      // W-mpg54mi2000n7b7e — same Git non-interactive guards as the initial
+      // spawn path. Steering-resumed agents are equally susceptible to GCM
+      // credential dialogs on `git push` against stale PATs.
+      childEnv.GIT_TERMINAL_PROMPT = '0';
+      childEnv.GCM_INTERACTIVE = 'never';
       if (getRepoHost(project) === 'ado') {
         // Inject cached ADO token for steering session too (#998)
         try {
           const adoToken = await getAdoToken();
           if (adoToken) childEnv.MINIONS_ADO_TOKEN = adoToken;
         } catch { /* non-fatal */ }
+      } else if (getRepoHost(project) === 'github') {
+        // W-mpg54mi2000n7b7e — same per-slug GH_TOKEN injection as the
+        // initial spawn path so steering-resumed GitHub agents don't fall
+        // through to an interactive `gh auth login` device-code flow.
+        try {
+          const slug = shared.getProjectOrg(project) && project?.repoName
+            ? `${shared.getProjectOrg(project)}/${project.repoName}`
+            : null;
+          const ghTok = slug ? ghToken.resolveTokenForSlug(slug) : null;
+          if (ghTok) childEnv.GH_TOKEN = ghTok;
+        } catch { /* non-fatal */ }
       }
       // W-mp6k7ywi000fa33c — propagate keep_processes workdir-check override across steering resume.
       if (dispatchItem.meta?.item?.meta?.keep_processes_skip_workdir_check
@@ -4325,7 +4392,16 @@ async function discoverFromPrs(config, project) {
       const item = buildPrDispatch(agentId, config, project, pr, 'fix', {
         pr_id: pr.id, pr_branch: prBranch,
         review_note: pr.minionsReview?.note || pr.reviewNote || 'See PR thread comments',
-      }, `Fix ${pr.id}: ${pr.title || ''} — review feedback`, { dispatchKey: key, automationCauseKey: reviewCauseKey, source: 'pr', pr, branch: prBranch, project: projMeta });
+      }, `Fix ${pr.id}: ${pr.title || ''} — review feedback`, {
+        dispatchKey: key, automationCauseKey: reviewCauseKey, source: 'pr', pr, branch: prBranch, project: projMeta,
+        // W-mpg58wv3 — closure-loop binding. Carries the originating minion review
+        // WI id (and any ADO thread ids it cited) onto the fix WI so the
+        // post-completion path in lifecycle.js can auto-dispatch a re-review
+        // against the same PR. Both fields fall through to null/[] when the
+        // upstream review didn't expose them.
+        addresses_review_wi: pr.minionsReview?.sourceItem || null,
+        addresses_threads: Array.isArray(pr.minionsReview?.threads) ? pr.minionsReview.threads.slice() : [],
+      });
       if (item) {
         newWork.push(item); setCooldown(key); fixDispatched = true;
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.2008",
+  "version": "0.1.2010",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"

package/playbooks/review.md

@@ -70,6 +70,8 @@ You MUST post a review comment with a clear verdict and write the completion rep
 
 > If you are flipping a prior `REQUEST_CHANGES` verdict to `APPROVE` on re-review, the engine automatically clears your prior negative vote (ADO `set-vote --vote reset`-equivalent) or dismisses your prior `CHANGES_REQUESTED` review (GitHub) so humans don't see a stale red badge — you don't need to reset it manually. (W-mp7b1g8q000fea45)
 
+> When a fix-WI born from your `REQUEST_CHANGES` verdict completes, the engine auto-dispatches a re-review WI against the same PR (carrying `meta.rereview_of: <fix WI id>` and `meta.addresses_review_wi: <your review WI id>`). You do NOT need to re-dispatch yourself — the closure-loop is engine-driven. (W-mpg58wv3 / #2739)
+
 Your review body **MUST** start with one of these verdict lines (exactly as shown):
 - `VERDICT: APPROVE` — if the code is ready to merge
 - `VERDICT: REQUEST_CHANGES` — if there are issues that must be fixed