@yemi33/minions 0.1.2021 → 0.1.2022

package/dashboard.js

@@ -97,17 +97,33 @@ function reloadConfig() {
 ensureConfiguredProjectStateFiles();
 
 // Pre-warm git-status cache for every configured project so the first
-// /api/status after dashboard boot already has branch/dirty data — without
-// blocking the event loop on the per-project git shell-outs. Fire-and-forget,
-// boot-only: re-warming on every reloadConfig() would spawn 4× git probes on
-// every 10s status-poll cache miss. Project add/remove handlers explicitly
-// invoke this when the project list actually changes.
+// /api/status after dashboard boot already has branch/dirty data instead of
+// the ~8s `gitState=pending` gap that hides the "on: <branch>" chips in the
+// projects bar (#2754, W-mpgr4bu8). Returns a Promise that settles once every
+// per-project probe finishes; the boot block awaits this before `server.listen`
+// so the first poll never sees pending. The module-level call below is
+// fire-and-forget so module-import paths (tests) still get opportunistic
+// warming without blocking. Project add handlers re-invoke this when the
+// project list changes; re-warming on every `reloadConfig()` would spawn 4×
+// git probes on every 10s status-poll cache miss.
 function warmProjectGitStatusCache() {
+  const probes = [];
   for (const p of PROJECTS) {
     if (p && p.localPath) {
-      try { queries.warmProjectGitStatus(p.localPath, p.mainBranch); } catch { /* swallow — warming is opportunistic */ }
+      try {
+        const probe = queries.warmProjectGitStatus(p.localPath, p.mainBranch);
+        if (probe && typeof probe.then === 'function') {
+          probes.push(probe.catch(e => {
+            console.warn(`[boot] warm git status failed for ${p.name}: ${e && e.message}`);
+            return null;
+          }));
+        }
+      } catch (e) {
+        console.warn(`[boot] warm git status threw for ${p.name}: ${e && e.message}`);
+      }
     }
   }
+  return Promise.all(probes);
 }
 warmProjectGitStatusCache();
 
@@ -10233,6 +10249,7 @@ module.exports = {
   _resetPreambleCache,
   _installCrashHandlers,
   _mergeSettingsConfigUpdate: mergeSettingsConfigUpdate,
+  _warmProjectGitStatusCache: warmProjectGitStatusCache,
   // /api/status event-loop isolation surface (W-mpehsyhv0017085a)
   refreshStatusAsync,
   handleStatus: _handleStatusRequest,
@@ -10251,7 +10268,25 @@ if (require.main === module) {
   // engine reads, port binding) is captured rather than dying silently.
   _installCrashHandlers();
 
-  server.listen(PORT, '127.0.0.1', () => {
+  // Pre-warm the per-project git-status cache before accepting requests so
+  // the first /api/status after restart already returns gitState='ok' with a
+  // real branch instead of the ~8s pending gap that hides the projects-bar
+  // "on: <branch>" chips (#2754, W-mpgr4bu8). Wrapped in an async IIFE so
+  // the await happens before server.listen(); per-project failures are
+  // swallowed inside warmProjectGitStatusCache() so one bad project cannot
+  // block boot.
+  (async () => {
+    const _warmStartedAt = Date.now();
+    try {
+      await warmProjectGitStatusCache();
+      const ms = Date.now() - _warmStartedAt;
+      const n = Array.isArray(PROJECTS) ? PROJECTS.length : 0;
+      console.log(`[boot] pre-warmed git status for ${n} project${n === 1 ? '' : 's'} in ${ms}ms`);
+    } catch (e) {
+      console.warn(`[boot] pre-warm git status failed: ${e && e.message}`);
+    }
+
+    server.listen(PORT, '127.0.0.1', () => {
     console.log(`\n  Minions Mission Control`);
     console.log(`  -----------------------------------`);
     console.log(`  http://localhost:${PORT}`);
@@ -10331,6 +10366,7 @@ if (require.main === module) {
     }, 30000).unref();
     console.log(`  Engine watchdog: active (checks every 30s)`);
   });
+  })();
 
   server.on('error', e => {
     if (e.code === 'EADDRINUSE') {

package/engine/ado-git-auth.js

@@ -47,6 +47,22 @@ const TOKEN_TTL_MS = 30 * 60 * 1000;     // 30 min — matches gh-token cadence
 const ACQUIRE_BACKOFF_MS = 10 * 60 * 1000; // 10 min — same backoff as gh-token
 const ACQUIRE_TIMEOUT_MS = 30000;        // 30s — generous for slow IWA/broker auth
 
+// #2762 — Suppress Windows credential helpers (GCM/WAM broker) and any
+// interactive credential prompt for the lifetime of each ADO git invocation.
+// Without these, when the bearer extraHeader doesn't cover a needed host
+// (e.g. Scalar/GVFS cache-server like *.gvfscache.dev.azure.com), git falls
+// through to `credential.helper=git-credential-manager`. On Windows with
+// `credential.msauthusebroker=true` in the user's global config, GCM invokes
+// the WAM broker which pops a focus-stealing "Account Manager" dialog mid-task.
+// Setting credential.helper to an empty string disables ALL helpers for this
+// command only (no global config mutation); credential.interactive=false
+// keeps git from falling back to TTY prompts. Together they convert an
+// otherwise-silent hang behind a UI dialog into an immediate, debuggable 401.
+const CREDENTIAL_DISABLE_ARGS = [
+  '-c', 'credential.helper=',
+  '-c', 'credential.interactive=false',
+];
+
 let _cached = null;       // { token, expiresAt }
 let _backoffUntil = 0;    // epoch ms — no acquire attempts before this
 
@@ -127,6 +143,14 @@ function _buildHeaderArgs(token, scopeUrls) {
   return args;
 }
 
+// #2762 — Always-on credential-helper suppression for ADO git ops, paired with
+// (optional) bearer-header injection. The credential disable flags come FIRST
+// so they're effective even when token acquisition failed and we have nothing
+// else to add — preventing the WAM popup is more important than authenticating.
+function _composeAdoArgs(headerArgs) {
+  return [...CREDENTIAL_DISABLE_ARGS, ...headerArgs];
+}
+
 function _acquireToken(opts = {}) {
   const exec = opts.acquireAdoTokenSync || adoToken.acquireAdoTokenSync;
   const result = exec({ timeout: opts.timeout || ACQUIRE_TIMEOUT_MS });
@@ -137,23 +161,28 @@ function getAdoGitExtraArgs(project, opts = {}) {
   if (!isAdoProject(project)) return [];
   const now = Date.now();
   if (_cached && _cached.expiresAt > now) {
-    return _buildHeaderArgs(_cached.token, _resolveScopeUrls(project));
+    return _composeAdoArgs(_buildHeaderArgs(_cached.token, _resolveScopeUrls(project)));
+  }
+  if (now < _backoffUntil) {
+    // #2762 — Still suppress the credential helper even when we have no token.
+    // Without these flags, git falls through to GCM/WAM and pops the account
+    // picker; with them, the fetch fails fast with a 401 in agent logs.
+    return [...CREDENTIAL_DISABLE_ARGS];
   }
-  if (now < _backoffUntil) return [];
   try {
     const token = _acquireToken(opts);
     if (!token) {
       _backoffUntil = now + ACQUIRE_BACKOFF_MS;
       log('warn', `ado-git-auth: acquireAdoTokenSync returned empty token; backing off ${ACQUIRE_BACKOFF_MS / 1000}s`);
-      return [];
+      return [...CREDENTIAL_DISABLE_ARGS];
     }
     _cached = { token, expiresAt: now + TOKEN_TTL_MS };
-    return _buildHeaderArgs(token, _resolveScopeUrls(project));
+    return _composeAdoArgs(_buildHeaderArgs(token, _resolveScopeUrls(project)));
   } catch (e) {
     _backoffUntil = now + ACQUIRE_BACKOFF_MS;
     const firstLine = String(e && e.message || e).split('\n')[0];
     log('warn', `ado-git-auth: token acquire failed (${firstLine}); backing off ${ACQUIRE_BACKOFF_MS / 1000}s`);
-    return [];
+    return [...CREDENTIAL_DISABLE_ARGS];
   }
 }
 
@@ -203,7 +232,14 @@ async function runAdoGit(project, gitArgs, opts = {}) {
     invalidateAdoTokenCache();
     _backoffUntil = 0; // give the retry a chance to actually hit the token source
     const refreshedExtra = getAdoGitExtraArgs(project, adoOpts);
-    if (!refreshedExtra.length) {
+    // #2762 — `refreshedExtra` now always includes the credential-disable
+    // flags even when token acquisition fails, so length alone no longer
+    // signals "got a usable token." Detect a real bearer header instead;
+    // without one, retrying just re-runs the same unauthenticated request.
+    const hasBearer = refreshedExtra.some(
+      (a) => typeof a === 'string' && a.includes('Authorization: Bearer '),
+    );
+    if (!hasBearer) {
       throw _redactErrorInPlace(err);
     }
     const retryExtra = baseExtra.concat(refreshedExtra);

package/engine/lifecycle.js

@@ -1973,15 +1973,18 @@ function recordPrNoOpFixAttempt(target, cause, source, dispatchItem, branchChang
   ).slice(0, 500);
   target._lastDispatchByCause = target._lastDispatchByCause
     && typeof target._lastDispatchByCause === 'object' ? target._lastDispatchByCause : {};
-  // W-mpg6wptq0011cc68: distinguish indeterminate noops (detection could not
-  // prove the branch advanced — fetch failed, worktree gone, missing baseline)
-  // from confirmed noops (remote head was verified to equal beforeHead). The
-  // same-head guard in engine.js MUST NOT permanently suppress on indeterminate
-  // records, otherwise a single failed detection locks out future fix
-  // dispatches on that head+comment until the SHA moves — and the SHA cannot
-  // move unless the suppressed fix runs. The `_noOpFixes[cause].count` +
-  // `prNoOpFixPauseAttempts` (default 3) safety valve still applies; only the
-  // same-head guard is relaxed.
+  // W-mpg6wptq0011cc68 / W-mpgq8vve0001b8e3: distinguish indeterminate noops
+  // (detection could not prove the branch advanced — fetch failed, worktree
+  // gone, missing baseline) from confirmed noops (remote head was verified
+  // to equal beforeHead). The flag is recorded on `_lastDispatchByCause`
+  // for diagnostics and dashboards; the same-head/same-comment guard in
+  // engine.js NO LONGER treats it as a bypass (it used to, but that produced
+  // tight retry loops on PRs like ado:office/iss/constellation#5227039 where
+  // the indeterminate flag forced a retry every poll while the evidence
+  // fingerprint kept drifting just enough to reset `_noOpFixes.count`).
+  // Recovery story without the bypass: if a fix actually landed but
+  // detection failed, the next ADO/GH poll refreshes `pr.headSha` and the
+  // guard's `===` check stops matching — re-dispatch resumes automatically.
   const indeterminate = !!branchChange && branchChange.changed === null;
   target._lastDispatchByCause[cause] = {
     outcome: 'noop',

package/engine/queries.js

@@ -1632,7 +1632,13 @@ function resetPrdInfoCache() {
 // Folding state + in-flight into one map keeps reads/writes atomic and removes
 // the second-Map sync hazard.
 const _projectGitStatusCache = new Map();
-const PROJECT_GIT_STATUS_TTL = 300000; // 5 minutes
+// 15 s TTL — keeps external `git checkout` visible on the projects bar within
+// ~one /api/status cycle. The probe is 4 cheap local `git` commands (<100 ms on
+// a warm repo) and is already backgrounded + single-flighted by
+// _scheduleProjectGitStatusRefresh, so a tighter TTL doesn't add load: at
+// /api/status's 4 s poll cadence we trigger at most one background refresh per
+// project every ~4 polls (#2760).
+const PROJECT_GIT_STATUS_TTL = 15000;
 // Default null comparator fields so callers can blindly spread the result into
 // the /api/status payload without per-state branching (W-mpg3whgp000d09ec).
 // `remoteDefaultBranch` / `ahead` / `behind` are populated only by the `ok`
@@ -1776,9 +1782,11 @@ function getProjectGitStatus(localPath, configuredMainBranch = null) {
   return cached ? cached.value : PROJECT_GIT_STATUS_PENDING;
 }
 
-// Force a refresh now and wait for completion. Called from engine boot to
-// pre-warm the cache for every configured project so the first /api/status
-// after restart already has data. Also used by tests to settle the async
+// Force a refresh now and wait for completion. Called from dashboard boot
+// (see `warmProjectGitStatusCache()` in dashboard.js) to pre-warm the cache
+// for every configured project before `server.listen()` accepts requests, so
+// the first /api/status after restart already has data instead of a ~8s
+// `gitState=pending` gap (#2754). Also used by tests to settle the async
 // probe deterministically.
 function warmProjectGitStatus(localPath, configuredMainBranch = null) {
   const norm = String(localPath || '').replace(/\\/g, '/');

package/engine.js

@@ -4281,14 +4281,28 @@ async function discoverFromPrs(config, project) {
       // + `buildFailureSignature` but no `build-fix-*` dispatch was ever
       // queued). Skip only the human-feedback dispatch path; leave
       // `fixDispatched=false` so downstream causes are still evaluated.
+      // W-mpgq8vve0001b8e3: the same-head/same-comment guard now suppresses
+      // BOTH confirmed AND indeterminate noops. The original W-mpg6wptq0011cc68
+      // bypass for `indeterminate` produced a tight retry loop on
+      // ado:office/iss/constellation#5227039 (4 dispatches on identical head
+      // `c182a517` and comment id `2` within a single day) because the
+      // indeterminate flag forced a retry every poll while the evidence
+      // fingerprint (`feedbackContent`) kept drifting just enough to reset
+      // `_noOpFixes.count` to 1, preventing the `prNoOpFixPauseAttempts` valve
+      // from ever tripping. Rationale for suppressing indeterminate too:
+      //   - `currentHeadSha` reads from `pr.headSha`, which is refreshed by
+      //     the ADO/GH poller every `prPollStatusEvery` ticks. If the agent
+      //     had genuinely pushed (and lifecycle-side fetch detection just
+      //     failed), the next poll cycle would advance `pr.headSha` and the
+      //     `===` check would no longer match → re-dispatch naturally
+      //     resumes.
+      //   - If `currentHeadSha` still equals `lastHumanDispatch.headSha` AND
+      //     the comment id is unchanged, there is no new evidence for the
+      //     agent to act on — retrying produces another indeterminate noop
+      //     and accomplishes nothing. New activity (new comment, head moves)
+      //     is the only thing that can unstick the loop, and both naturally
+      //     unstick the guard.
       const skipHumanFeedback = !!(lastHumanDispatch?.outcome === 'noop'
-        // W-mpg6wptq0011cc68: indeterminate noops (detection could not verify
-        // branch advance — fetch failed, worktree gone) must NOT permanently
-        // suppress re-dispatch. lifecycle.js:2043-2048 explicitly comments
-        // that a future tick with working detection must be free to re-fire.
-        // The `_noOpFixes` count + `prNoOpFixPauseAttempts` (default 3) safety
-        // valve still triggers pause if detection keeps failing.
-        && !lastHumanDispatch.indeterminate
         && lastHumanDispatch.headSha
         && currentHeadSha
         && lastHumanDispatch.headSha === currentHeadSha
@@ -4472,13 +4486,17 @@ async function discoverFromPrs(config, project) {
       // aborted the whole PR iteration and starved the conflict-fix block
       // below — symmetric to the human-feedback bug. Skip only the build-fix
       // dispatch path; downstream merge-conflict resolution must still run.
+      // W-mpgq8vve0001b8e3: symmetric to the human-feedback guard above —
+      // suppress BOTH confirmed AND indeterminate noops on an unchanged head.
+      // The original W-mpg6wptq0011cc68 bypass let indeterminate build-fix
+      // noops retry indefinitely; in practice that produces the same tight
+      // loop the human-feedback path hit (4 noop dispatches on identical
+      // head). Recovery story is the same: if a fix actually landed but
+      // fetch-side detection failed, the next ADO/GH poll cycle refreshes
+      // `pr.headSha` and the `===` check stops matching → re-dispatch
+      // resumes naturally. If the head genuinely hasn't moved, there is
+      // nothing for the agent to do.
       const skipBuildFix = !!(lastBuildDispatch?.outcome === 'noop'
-        // W-mpg6wptq0011cc68: symmetric protection — indeterminate noops here
-        // (detection couldn't verify branch advance) must NOT permanently
-        // suppress build-fix either. Same rationale as the human-feedback
-        // guard above; the per-cause `_noOpFixes` count + pause-after-N valve
-        // still applies.
-        && !lastBuildDispatch.indeterminate
         && lastBuildDispatch.headSha
         && currentHeadSha
         && lastBuildDispatch.headSha === currentHeadSha);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.2021",
+  "version": "0.1.2022",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"