cyrus-edge-worker 0.2.52 → 0.2.53

package/dist/ToolPermissionResolver.js

@@ -1,11 +1,18 @@
-import { getAllTools, getCoordinatorTools, getReadOnlyTools, getSafeTools, } from "cyrus-claude-runner";
+import { getAllTools, getCoordinatorTools, getSafeTools, } from "cyrus-claude-runner";
+import { GITHUB_DEFAULT_ALLOWED_TOOLS, LINEAR_DEFAULT_ALLOWED_TOOLS, SLACK_DEFAULT_ALLOWED_TOOLS, } from "cyrus-core";
 /**
- * Unified tool permission resolver for both issue sessions and chat sessions.
+ * Unified tool permission resolver for issue, chat, and webhook-triggered
+ * sessions.
  *
- * Provides a single source of truth for:
- * - Repository-based tool resolution (allowed/disallowed)
- * - Chat-mode read-only tool sets with MCP prefixes
- * - Workspace-level MCP tool prefixes
+ * The resolver is **additive only**: it never appends or strips tools after
+ * the explicit list is chosen. The per-platform defaults live in cyrus-core
+ * (`LINEAR_DEFAULT_ALLOWED_TOOLS`, `SLACK_DEFAULT_ALLOWED_TOOLS`,
+ * `GITHUB_DEFAULT_ALLOWED_TOOLS`) and include workspace MCP prefixes
+ * (`mcp__linear`, `mcp__cyrus-tools`, etc.) explicitly. Callers that want a
+ * tighter list pass `linearAllowedTools` / `slackAllowedTools` /
+ * `githubAllowedTools` on `EdgeWorkerConfig`, or set repo-level
+ * `allowedTools`. The repo override is a verbatim replacement, not an
+ * intersection.
  */
 export class ToolPermissionResolver {
     config;
@@ -29,7 +36,9 @@ export class ToolPermissionResolver {
         }
         switch (preset) {
             case "readOnly":
-                return getReadOnlyTools();
+                // Read-only preset for chat sessions falls back to the Slack default
+                // (which encodes the curated read-only set including MCP prefixes).
+                return [...SLACK_DEFAULT_ALLOWED_TOOLS];
             case "safe":
                 return getSafeTools();
             case "all":
@@ -42,64 +51,84 @@ export class ToolPermissionResolver {
         }
     }
     /**
-     * Build allowed tools for chat sessions.
+     * Build allowed tools for Slack chat sessions.
      *
-     * Chat sessions get read-only tools plus MCP tool prefixes derived from
-     * the provided MCP config keys and user-configured MCP server names.
+     * Returns the team-configured `slackAllowedTools` if set, otherwise the
+     * built-in `SLACK_DEFAULT_ALLOWED_TOOLS`. Additionally merges any
+     * user-configured MCP tool entries the caller threads through (used by
+     * `RunnerConfigBuilder` when a repo declares custom MCP server tools).
      *
-     * @param mcpConfigKeys - Built-in MCP server names (keys from inline McpServerConfig record)
-     * @param userMcpTools - User-configured MCP tool entries from repository allowedTools (already mcp__* prefixed)
+     * @param mcpConfigKeys - Built-in MCP server names. Folded in as
+     *   `mcp__<key>` prefixes only if not already present in the explicit
+     *   list — the defaults already include the standard prefixes, so this
+     *   is purely additive for non-standard servers.
+     * @param userMcpTools - User-configured MCP tool entries from repository
+     *   `allowedTools` (already `mcp__*` prefixed).
      */
     buildChatAllowedTools(mcpConfigKeys, userMcpTools) {
+        const baseChatTools = this.config.slackAllowedTools && this.config.slackAllowedTools.length > 0
+            ? this.config.slackAllowedTools
+            : [...SLACK_DEFAULT_ALLOWED_TOOLS];
         const mcpToolPermissions = (mcpConfigKeys ?? []).map((server) => `mcp__${server}`);
         return Array.from(new Set([
-            ...getReadOnlyTools(),
+            ...baseChatTools,
             ...mcpToolPermissions,
             ...(userMcpTools ?? []),
-            "Bash(git -C * pull)",
         ]));
     }
     /**
-     * Build allowed tools list with Linear MCP tools automatically included.
-     * Accepts a single repository or an array for multi-repo sessions.
-     * For multiple repositories, the result is the union of each repo's allowed tools
-     * (presets resolved first, then unioned).
-     * Workspace-level MCP tools are added once regardless of repo count.
+     * Build allowed tools list for Linear-triggered sessions.
+     *
+     * Accepts a single repository or an array for multi-repo sessions. For
+     * multiple repositories the result is the **union** of each repo's
+     * resolved list (per-repo presets resolved first, then unioned). When no
+     * repos are passed, falls back to the workspace `linearAllowedTools`
+     * (or the Linear platform default when neither is set).
      */
     buildAllowedTools(repositories, promptType) {
         const repoArray = Array.isArray(repositories)
             ? repositories
             : [repositories];
         if (repoArray.length === 0) {
-            // No repos — fall back to global defaults or safe tools
-            const baseTools = this.config.defaultAllowedTools || getSafeTools();
-            return [...new Set([...baseTools, ...this.getWorkspaceMcpTools()])];
+            const baseTools = this.config.linearAllowedTools ?? [
+                ...LINEAR_DEFAULT_ALLOWED_TOOLS,
+            ];
+            return [...new Set(baseTools)];
         }
-        // For each repo, resolve its allowed tools (without MCP — those are added once at the end)
         const perRepoTools = repoArray.map((repo) => this.buildAllowedToolsForRepo(repo, promptType));
-        // Union across all repos
         const unionTools = [...new Set(perRepoTools.flat())];
-        // Workspace-level MCP tools added once regardless of repo count
-        const allTools = [
-            ...new Set([...unionTools, ...this.getWorkspaceMcpTools()]),
-        ];
         const repoNames = repoArray.map((r) => r.name).join(", ");
-        this.logger.debug(`Tool selection for [${repoNames}]: ${allTools.length} tools (union of ${repoArray.length} repo(s))`);
-        return allTools;
+        this.logger.debug(`Linear tool selection for [${repoNames}]: ${unionTools.length} tools (union of ${repoArray.length} repo(s))`);
+        return unionTools;
     }
     /**
-     * Get workspace-level MCP tool prefixes that should always be in allowedTools.
+     * Build allowed tools list for GitHub-triggered sessions.
+     *
+     * GitHub `@mentions` target a single repository via a single PR, so this
+     * does not perform multi-repo union — it expects exactly one repo. When
+     * the workspace defines `githubAllowedTools` it is used as the global
+     * default for resolution (in place of `linearAllowedTools`); otherwise
+     * we fall back to `GITHUB_DEFAULT_ALLOWED_TOOLS`. Per-repository
+     * `allowedTools` overrides still take precedence — same priority chain
+     * as Linear, just with a different platform default at the bottom.
      */
-    getWorkspaceMcpTools() {
-        // See: https://docs.anthropic.com/en/docs/claude-code/iam#tool-specific-permission-rules
-        const tools = ["mcp__linear", "mcp__cyrus-tools", "mcp__cyrus-docs"];
-        if (process.env.SLACK_BOT_TOKEN?.trim()) {
-            tools.push("mcp__slack");
+    buildGithubAllowedTools(repository, promptType) {
+        const platformDefault = this.config.githubAllowedTools &&
+            this.config.githubAllowedTools.length > 0
+            ? this.config.githubAllowedTools
+            : [...GITHUB_DEFAULT_ALLOWED_TOOLS];
+        const originalDefault = this.config.linearAllowedTools;
+        this.config.linearAllowedTools = platformDefault;
+        try {
+            return this.buildAllowedTools(repository, promptType);
+        }
+        finally {
+            this.config.linearAllowedTools = originalDefault;
         }
-        return tools;
     }
     /**
-     * Resolve allowed tools for a single repository (without workspace MCP tools).
+     * Resolve allowed tools for a single repository (Linear/GitHub priority
+     * chain — chat sessions go through `buildChatAllowedTools`).
      */
     buildAllowedToolsForRepo(repository, promptType) {
         const effectivePromptType = promptType === "graphite-orchestrator" ? "orchestrator" : promptType;
@@ -119,16 +148,20 @@ export class ToolPermissionResolver {
             this.config.promptDefaults?.[effectivePromptType]?.allowedTools) {
             return this.resolveToolPreset(this.config.promptDefaults[effectivePromptType].allowedTools);
         }
-        // 3. Repository-level allowed tools
+        // 3. Repository-level allowed tools (verbatim — no platform-default
+        //    merging; if the operator narrows the list, they get the narrow
+        //    list).
         if (repository.allowedTools) {
             return repository.allowedTools;
         }
-        // 4. Global default allowed tools
-        if (this.config.defaultAllowedTools) {
-            return this.config.defaultAllowedTools;
+        // 4. Workspace default allowed tools (the platform default the
+        //    surrounding `buildAllowedTools` / `buildGithubAllowedTools`
+        //    swapped in, if any).
+        if (this.config.linearAllowedTools) {
+            return this.config.linearAllowedTools;
         }
-        // 5. Fall back to safe tools
-        return getSafeTools();
+        // 5. Final fallback — Linear platform default.
+        return [...LINEAR_DEFAULT_ALLOWED_TOOLS];
     }
     /**
      * Build disallowed tools list from repository and global config.
@@ -141,12 +174,9 @@ export class ToolPermissionResolver {
             ? repositories
             : [repositories];
         if (repoArray.length === 0) {
-            // No repos — fall back to global defaults
             return this.config.defaultDisallowedTools || [];
         }
-        // For each repo, resolve its disallowed tools
         const perRepoTools = repoArray.map((repo) => this.buildDisallowedToolsForRepo(repo, promptType));
-        // Intersection: only block a tool if ALL repos block it
         let intersection;
         if (perRepoTools.length === 1) {
             intersection = perRepoTools[0];

package/dist/ToolPermissionResolver.js.map

@@ -1 +1 @@
-{"version":3,"file":"ToolPermissionResolver.js","sourceRoot":"","sources":["../src/ToolPermissionResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,YAAY,GACZ,MAAM,qBAAqB,CAAC;AAW7B;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAsB;IAC1B,MAAM,CAAmB;IACzB,MAAM,CAAU;IAExB,YAAY,MAAwB,EAAE,MAAe;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAwB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,iBAAiB,CAAC,MAAyB;QACjD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC;QACf,CAAC;QAED,QAAQ,MAAM,EAAE,CAAC;YAChB,KAAK,UAAU;gBACd,OAAO,gBAAgB,EAAE,CAAC;YAC3B,KAAK,MAAM;gBACV,OAAO,YAAY,EAAE,CAAC;YACvB,KAAK,KAAK;gBACT,OAAO,WAAW,EAAE,CAAC;YACtB,KAAK,aAAa;gBACjB,OAAO,mBAAmB,EAAE,CAAC;YAC9B;gBACC,+DAA+D;gBAC/D,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC;IACF,CAAC;IAED;;;;;;;;OAQG;IACI,qBAAqB,CAC3B,aAAwB,EACxB,YAAuB;QAEvB,MAAM,kBAAkB,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CACnD,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,MAAM,EAAE,CAC5B,CAAC;QAEF,OAAO,KAAK,CAAC,IAAI,CAChB,IAAI,GAAG,CAAC;YACP,GAAG,gBAAgB,EAAE;YACrB,GAAG,kBAAkB;YACrB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;YACvB,qBAAqB;SACrB,CAAC,CACF,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,iBAAiB,CACvB,YAAmD,EACnD,UAAuB;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAElB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,wDAAwD;YACxD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,YAAY,EAAE,CAAC;YACpE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,2FAA2F;QAC3F,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC3C,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC,CAC/C,CAAC;QAEF,yBAAyB;QACzB,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAErD,gEAAgE;QAChE,MAAM,QAAQ,GAAG;YAChB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC,CAAC;SAC3D,CAAC;QAEF,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAChB,uBAAuB,SAAS,MAAM,QAAQ,CAAC,MAAM,oBAAoB,SAAS,CAAC,MAAM,WAAW,CACpG,CAAC;QAEF,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,oBAAoB;QAC1B,yFAAyF;QACzF,MAAM,KAAK,GAAG,CAAC,aAAa,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,CAAC;QACrE,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC1B,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAED;;OAEG;IACK,wBAAwB,CAC/B,UAA4B,EAC5B,UAAuB;QAEvB,MAAM,mBAAmB,GACxB,UAAU,KAAK,uBAAuB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;QAEtE,kBAAkB;QAClB,mDAAmD;QACnD,MAAM,YAAY,GAAG,mBAAmB;YACvC,CAAC,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,mBAAmB,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACb,MAAM,kBAAkB,GACvB,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC3C,CAAC,CAAC,YAAY,CAAC,YAAY;YAC3B,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,kBAAkB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;QACnD,CAAC;QACD,iCAAiC;QACjC,IACC,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,mBAAmB,CAAC,EAAE,YAAY,EAC9D,CAAC;YACF,OAAO,IAAI,CAAC,iBAAiB,CAC5B,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAC5D,CAAC;QACH,CAAC;QACD,oCAAoC;QACpC,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;YAC7B,OAAO,UAAU,CAAC,YAAY,CAAC;QAChC,CAAC;QACD,kCAAkC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACxC,CAAC;QACD,6BAA6B;QAC7B,OAAO,YAAY,EAAE,CAAC;IACvB,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAC1B,YAAmD,EACnD,UAAuB;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAElB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,0CAA0C;YAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,IAAI,EAAE,CAAC;QACjD,CAAC;QAED,8CAA8C;QAC9C,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC3C,IAAI,CAAC,2BAA2B,CAAC,IAAI,EAAE,UAAU,CAAC,CAClD,CAAC;QAEF,wDAAwD;QACxD,IAAI,YAAsB,CAAC;QAC3B,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,YAAY,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;QACjC,CAAC;aAAM,CAAC;YACP,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC,CAAC;YAC3C,YAAY,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAC5C,YAAY,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAC3D,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAChB,yBAAyB,SAAS,MAAM,YAAY,CAAC,MAAM,2BAA2B,SAAS,CAAC,MAAM,WAAW,CACjH,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,2BAA2B,CAClC,UAA4B,EAC5B,UAAuB;QAEvB,MAAM,mBAAmB,GACxB,UAAU,KAAK,uBAAuB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;QAEtE,yCAAyC;QACzC,mDAAmD;QACnD,MAAM,YAAY,GAAG,mBAAmB;YACvC,CAAC,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,mBAAmB,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACb,MAAM,qBAAqB,GAC1B,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC3C,CAAC,CAAC,YAAY,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,qBAAqB,EAAE,CAAC;YAC3B,OAAO,qBAAqB,CAAC;QAC9B,CAAC;QACD,iCAAiC;QACjC,IACC,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EACjE,CAAC;YACF,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,eAAe,CAAC;QACxE,CAAC;QACD,uCAAuC;QACvC,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YAChC,OAAO,UAAU,CAAC,eAAe,CAAC;QACnC,CAAC;QACD,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAC3C,CAAC;QACD,qCAAqC;QACrC,OAAO,EAAE,CAAC;IACX,CAAC;CACD"}
+{"version":3,"file":"ToolPermissionResolver.js","sourceRoot":"","sources":["../src/ToolPermissionResolver.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,WAAW,EACX,mBAAmB,EACnB,YAAY,GACZ,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACN,4BAA4B,EAC5B,4BAA4B,EAC5B,2BAA2B,GAC3B,MAAM,YAAY,CAAC;AAUpB;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,sBAAsB;IAC1B,MAAM,CAAmB;IACzB,MAAM,CAAU;IAExB,YAAY,MAAwB,EAAE,MAAe;QACpD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,MAAwB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,iBAAiB,CAAC,MAAyB;QACjD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,MAAM,CAAC;QACf,CAAC;QAED,QAAQ,MAAM,EAAE,CAAC;YAChB,KAAK,UAAU;gBACd,qEAAqE;gBACrE,oEAAoE;gBACpE,OAAO,CAAC,GAAG,2BAA2B,CAAC,CAAC;YACzC,KAAK,MAAM;gBACV,OAAO,YAAY,EAAE,CAAC;YACvB,KAAK,KAAK;gBACT,OAAO,WAAW,EAAE,CAAC;YACtB,KAAK,aAAa;gBACjB,OAAO,mBAAmB,EAAE,CAAC;YAC9B;gBACC,+DAA+D;gBAC/D,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC;IACF,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACI,qBAAqB,CAC3B,aAAwB,EACxB,YAAuB;QAEvB,MAAM,aAAa,GAClB,IAAI,CAAC,MAAM,CAAC,iBAAiB,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC;YACxE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB;YAC/B,CAAC,CAAC,CAAC,GAAG,2BAA2B,CAAC,CAAC;QAErC,MAAM,kBAAkB,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CACnD,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,MAAM,EAAE,CAC5B,CAAC;QAEF,OAAO,KAAK,CAAC,IAAI,CAChB,IAAI,GAAG,CAAC;YACP,GAAG,aAAa;YAChB,GAAG,kBAAkB;YACrB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;SACvB,CAAC,CACF,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACI,iBAAiB,CACvB,YAAmD,EACnD,UAAuB;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAElB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB,IAAI;gBACnD,GAAG,4BAA4B;aAC/B,CAAC;YACF,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC3C,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,UAAU,CAAC,CAC/C,CAAC;QACF,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAErD,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAChB,8BAA8B,SAAS,MAAM,UAAU,CAAC,MAAM,oBAAoB,SAAS,CAAC,MAAM,WAAW,CAC7G,CAAC;QACF,OAAO,UAAU,CAAC;IACnB,CAAC;IAED;;;;;;;;;;OAUG;IACI,uBAAuB,CAC7B,UAA4B,EAC5B,UAAuB;QAEvB,MAAM,eAAe,GACpB,IAAI,CAAC,MAAM,CAAC,kBAAkB;YAC9B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC;YACxC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB;YAChC,CAAC,CAAC,CAAC,GAAG,4BAA4B,CAAC,CAAC;QAEtC,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,kBAAkB,GAAG,eAAe,CAAC;QACjD,IAAI,CAAC;YACJ,OAAO,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACvD,CAAC;gBAAS,CAAC;YACV,IAAI,CAAC,MAAM,CAAC,kBAAkB,GAAG,eAAe,CAAC;QAClD,CAAC;IACF,CAAC;IAED;;;OAGG;IACK,wBAAwB,CAC/B,UAA4B,EAC5B,UAAuB;QAEvB,MAAM,mBAAmB,GACxB,UAAU,KAAK,uBAAuB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;QAEtE,kBAAkB;QAClB,mDAAmD;QACnD,MAAM,YAAY,GAAG,mBAAmB;YACvC,CAAC,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,mBAAmB,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACb,MAAM,kBAAkB,GACvB,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC3C,CAAC,CAAC,YAAY,CAAC,YAAY;YAC3B,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,kBAAkB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;QACnD,CAAC;QACD,iCAAiC;QACjC,IACC,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,mBAAmB,CAAC,EAAE,YAAY,EAC9D,CAAC;YACF,OAAO,IAAI,CAAC,iBAAiB,CAC5B,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAC5D,CAAC;QACH,CAAC;QACD,oEAAoE;QACpE,oEAAoE;QACpE,YAAY;QACZ,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;YAC7B,OAAO,UAAU,CAAC,YAAY,CAAC;QAChC,CAAC;QACD,+DAA+D;QAC/D,iEAAiE;QACjE,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC;QACvC,CAAC;QACD,+CAA+C;QAC/C,OAAO,CAAC,GAAG,4BAA4B,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAC1B,YAAmD,EACnD,UAAuB;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAElB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,IAAI,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC3C,IAAI,CAAC,2BAA2B,CAAC,IAAI,EAAE,UAAU,CAAC,CAClD,CAAC;QAEF,IAAI,YAAsB,CAAC;QAC3B,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,YAAY,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;QACjC,CAAC;aAAM,CAAC;YACP,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,CAAE,CAAC,CAAC;YAC3C,YAAY,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAC5C,YAAY,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAC3D,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,MAAM,CAAC,KAAK,CAChB,yBAAyB,SAAS,MAAM,YAAY,CAAC,MAAM,2BAA2B,SAAS,CAAC,MAAM,WAAW,CACjH,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,2BAA2B,CAClC,UAA4B,EAC5B,UAAuB;QAEvB,MAAM,mBAAmB,GACxB,UAAU,KAAK,uBAAuB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;QAEtE,yCAAyC;QACzC,mDAAmD;QACnD,MAAM,YAAY,GAAG,mBAAmB;YACvC,CAAC,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,mBAAmB,CAAC;YAChD,CAAC,CAAC,SAAS,CAAC;QACb,MAAM,qBAAqB,GAC1B,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC;YAC3C,CAAC,CAAC,YAAY,CAAC,eAAe;YAC9B,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,qBAAqB,EAAE,CAAC;YAC3B,OAAO,qBAAqB,CAAC;QAC9B,CAAC;QACD,iCAAiC;QACjC,IACC,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EACjE,CAAC;YACF,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,eAAe,CAAC;QACxE,CAAC;QACD,uCAAuC;QACvC,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC;YAChC,OAAO,UAAU,CAAC,eAAe,CAAC;QACnC,CAAC;QACD,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,CAAC;QAC3C,CAAC;QACD,qCAAqC;QACrC,OAAO,EAAE,CAAC;IACX,CAAC;CACD"}

package/dist/hooks/IntentToAddHook.d.ts

@@ -0,0 +1,56 @@
+import type { HookCallbackMatcher, HookEvent } from "cyrus-claude-runner";
+import type { ILogger } from "cyrus-core";
+/**
+ * Abstraction over the git/filesystem calls used by the hook so tests can
+ * stub them without spawning real git processes.
+ */
+export interface IntentToAddGitClient {
+    /** Returns true when `cwd` is inside a git working tree. */
+    isGitRepo(cwd: string): boolean;
+    /** Returns true when `path` exists on disk. */
+    pathExists(path: string): boolean;
+    /** Returns true when `path` matches a `.gitignore` rule relative to `cwd`. */
+    isIgnored(cwd: string, path: string): boolean;
+    /** Returns true when `path` is already tracked by git in `cwd`. */
+    isTracked(cwd: string, path: string): boolean;
+    /** Runs `git add --intent-to-add` for `path` in `cwd`. */
+    intentToAdd(cwd: string, path: string): void;
+}
+/**
+ * Production implementation backed by the local `git` binary and `fs`.
+ * All operations are designed to fail silently — a missing/broken git
+ * environment must not turn the hook into an error.
+ */
+export declare class DefaultIntentToAddGitClient implements IntentToAddGitClient {
+    isGitRepo(cwd: string): boolean;
+    pathExists(path: string): boolean;
+    isIgnored(cwd: string, path: string): boolean;
+    isTracked(cwd: string, path: string): boolean;
+    intentToAdd(cwd: string, path: string): void;
+}
+/**
+ * Extract the path argument from a Write/Edit/MultiEdit/NotebookEdit tool
+ * input. Returns `undefined` when no string path is present — keeps the hook
+ * a no-op for malformed or unexpected inputs.
+ */
+export declare function extractToolPath(toolInput: unknown): string | undefined;
+/**
+ * Apply `git add --intent-to-add` for `path` in `cwd` when, and only when,
+ * all of the following hold:
+ *   - `cwd` is a git repo
+ *   - `path` exists on disk
+ *   - `path` is not gitignored
+ *   - `path` is not already tracked
+ *
+ * Any other state is a deliberate no-op. The function never throws.
+ */
+export declare function applyIntentToAdd(client: IntentToAddGitClient, cwd: string, path: string, log: ILogger): void;
+/**
+ * Build the PostToolUse hook that marks brand-new files created by
+ * Write/Edit-style tools with `git add --intent-to-add`. Combined with the
+ * Stop-hook guardrail's `--untracked-files=no`, this preserves the
+ * "forgot-to-commit a new file" check while ignoring pre-existing untracked
+ * files in the customer's worktree (which would otherwise wedge the agent).
+ */
+export declare function buildIntentToAddHook(log: ILogger, client?: IntentToAddGitClient): Partial<Record<HookEvent, HookCallbackMatcher[]>>;
+//# sourceMappingURL=IntentToAddHook.d.ts.map

package/dist/hooks/IntentToAddHook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IntentToAddHook.d.ts","sourceRoot":"","sources":["../../src/hooks/IntentToAddHook.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACX,mBAAmB,EACnB,SAAS,EAET,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAW1C;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACpC,4DAA4D;IAC5D,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAChC,+CAA+C;IAC/C,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAClC,8EAA8E;IAC9E,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAC9C,mEAAmE;IACnE,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAC9C,0DAA0D;IAC1D,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7C;AAED;;;;GAIG;AACH,qBAAa,2BAA4B,YAAW,oBAAoB;IACvE,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAY/B,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAQjC,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAY7C,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAY7C,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI;CAM5C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAYtE;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC/B,MAAM,EAAE,oBAAoB,EAC5B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,OAAO,GACV,IAAI,CAuBN;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CACnC,GAAG,EAAE,OAAO,EACZ,MAAM,GAAE,oBAAwD,GAC9D,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAwBnD"}

package/dist/hooks/IntentToAddHook.js

@@ -0,0 +1,150 @@
+import { execFileSync } from "node:child_process";
+import { existsSync } from "node:fs";
+/**
+ * Tool names whose successful invocation may have produced a brand-new file
+ * that the agent intends to ship. Marking that file with
+ * `git add --intent-to-add` ensures the Stop-hook guardrail (which uses
+ * `git status --untracked-files=no`) still flags the file as unshipped if
+ * the agent forgets to commit it before ending the session.
+ */
+const FILE_WRITING_TOOLS = ["Write", "Edit", "MultiEdit", "NotebookEdit"];
+/**
+ * Production implementation backed by the local `git` binary and `fs`.
+ * All operations are designed to fail silently — a missing/broken git
+ * environment must not turn the hook into an error.
+ */
+export class DefaultIntentToAddGitClient {
+    isGitRepo(cwd) {
+        try {
+            execFileSync("git", ["rev-parse", "--is-inside-work-tree"], {
+                cwd,
+                stdio: ["ignore", "ignore", "ignore"],
+            });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    pathExists(path) {
+        try {
+            return existsSync(path);
+        }
+        catch {
+            return false;
+        }
+    }
+    isIgnored(cwd, path) {
+        try {
+            execFileSync("git", ["check-ignore", "-q", "--", path], {
+                cwd,
+                stdio: ["ignore", "ignore", "ignore"],
+            });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    isTracked(cwd, path) {
+        try {
+            execFileSync("git", ["ls-files", "--error-unmatch", "--", path], {
+                cwd,
+                stdio: ["ignore", "ignore", "ignore"],
+            });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    intentToAdd(cwd, path) {
+        execFileSync("git", ["add", "--intent-to-add", "--", path], {
+            cwd,
+            stdio: ["ignore", "ignore", "ignore"],
+        });
+    }
+}
+/**
+ * Extract the path argument from a Write/Edit/MultiEdit/NotebookEdit tool
+ * input. Returns `undefined` when no string path is present — keeps the hook
+ * a no-op for malformed or unexpected inputs.
+ */
+export function extractToolPath(toolInput) {
+    if (!toolInput || typeof toolInput !== "object") {
+        return undefined;
+    }
+    const record = toolInput;
+    for (const key of ["file_path", "notebook_path", "path"]) {
+        const value = record[key];
+        if (typeof value === "string" && value.length > 0) {
+            return value;
+        }
+    }
+    return undefined;
+}
+/**
+ * Apply `git add --intent-to-add` for `path` in `cwd` when, and only when,
+ * all of the following hold:
+ *   - `cwd` is a git repo
+ *   - `path` exists on disk
+ *   - `path` is not gitignored
+ *   - `path` is not already tracked
+ *
+ * Any other state is a deliberate no-op. The function never throws.
+ */
+export function applyIntentToAdd(client, cwd, path, log) {
+    if (!client.isGitRepo(cwd)) {
+        return;
+    }
+    if (!client.pathExists(path)) {
+        return;
+    }
+    if (client.isIgnored(cwd, path)) {
+        return;
+    }
+    if (client.isTracked(cwd, path)) {
+        return;
+    }
+    try {
+        client.intentToAdd(cwd, path);
+        log.debug(`[IntentToAddHook] marked ${path} as intent-to-add`);
+    }
+    catch (err) {
+        log.debug(`[IntentToAddHook] git add -N failed for ${path}: ${err.message}`);
+    }
+}
+/**
+ * Build the PostToolUse hook that marks brand-new files created by
+ * Write/Edit-style tools with `git add --intent-to-add`. Combined with the
+ * Stop-hook guardrail's `--untracked-files=no`, this preserves the
+ * "forgot-to-commit a new file" check while ignoring pre-existing untracked
+ * files in the customer's worktree (which would otherwise wedge the agent).
+ */
+export function buildIntentToAddHook(log, client = new DefaultIntentToAddGitClient()) {
+    const matcher = `^(${FILE_WRITING_TOOLS.join("|")})$`;
+    return {
+        PostToolUse: [
+            {
+                matcher,
+                hooks: [
+                    async (input) => {
+                        const post = input;
+                        const filePath = extractToolPath(post.tool_input);
+                        if (!filePath) {
+                            return {};
+                        }
+                        try {
+                            applyIntentToAdd(client, post.cwd, filePath, log);
+                        }
+                        catch (err) {
+                            log.debug(`[IntentToAddHook] threw: ${err.message}`);
+                        }
+                        return {};
+                    },
+                ],
+            },
+        ],
+    };
+}
+//# sourceMappingURL=IntentToAddHook.js.map

package/dist/hooks/IntentToAddHook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IntentToAddHook.js","sourceRoot":"","sources":["../../src/hooks/IntentToAddHook.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAQrC;;;;;;GAMG;AACH,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;AAmB1E;;;;GAIG;AACH,MAAM,OAAO,2BAA2B;IACvC,SAAS,CAAC,GAAW;QACpB,IAAI,CAAC;YACJ,YAAY,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,uBAAuB,CAAC,EAAE;gBAC3D,GAAG;gBACH,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACrC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;IAED,UAAU,CAAC,IAAY;QACtB,IAAI,CAAC;YACJ,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;IAED,SAAS,CAAC,GAAW,EAAE,IAAY;QAClC,IAAI,CAAC;YACJ,YAAY,CAAC,KAAK,EAAE,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;gBACvD,GAAG;gBACH,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACrC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;IAED,SAAS,CAAC,GAAW,EAAE,IAAY;QAClC,IAAI,CAAC;YACJ,YAAY,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;gBAChE,GAAG;gBACH,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;aACrC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;IAED,WAAW,CAAC,GAAW,EAAE,IAAY;QACpC,YAAY,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;YAC3D,GAAG;YACH,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;SACrC,CAAC,CAAC;IACJ,CAAC;CACD;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,SAAkB;IACjD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO,SAAS,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,SAAoC,CAAC;IACpD,KAAK,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,eAAe,EAAE,MAAM,CAAC,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC/B,MAA4B,EAC5B,GAAW,EACX,IAAY,EACZ,GAAY;IAEZ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;IACR,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO;IACR,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO;IACR,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO;IACR,CAAC;IACD,IAAI,CAAC;QACJ,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC9B,GAAG,CAAC,KAAK,CAAC,4BAA4B,IAAI,mBAAmB,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,KAAK,CACR,2CAA2C,IAAI,KAC7C,GAAa,CAAC,OAChB,EAAE,CACF,CAAC;IACH,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CACnC,GAAY,EACZ,SAA+B,IAAI,2BAA2B,EAAE;IAEhE,MAAM,OAAO,GAAG,KAAK,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACtD,OAAO;QACN,WAAW,EAAE;YACZ;gBACC,OAAO;gBACP,KAAK,EAAE;oBACN,KAAK,EAAE,KAAK,EAAE,EAAE;wBACf,MAAM,IAAI,GAAG,KAA6B,CAAC;wBAC3C,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACf,OAAO,EAAE,CAAC;wBACX,CAAC;wBACD,IAAI,CAAC;4BACJ,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;wBACnD,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACd,GAAG,CAAC,KAAK,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;wBACjE,CAAC;wBACD,OAAO,EAAE,CAAC;oBACX,CAAC;iBACD;aACD;SACD;KACD,CAAC;AACH,CAAC"}

package/dist/prompts/failureModePromptAddendum.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Single source of truth for the failure-mode self-reporting instructions
+ * appended to every customer-facing system prompt.
+ *
+ * Covered entrypoints (see `RunnerConfigBuilder.applyFailureModeAddendum`):
+ *   - Linear issue sessions — all 5 prompt flavors (builder, debugger,
+ *     scoper, orchestrator, graphite-orchestrator).
+ *   - Slack chat sessions.
+ *   - GitHub PR chat sessions.
+ *
+ * The text deliberately keeps the trigger conditions concrete (paraphrased
+ * dissatisfaction patterns, 3+-attempt threshold) and reminds the model to
+ * quote the user verbatim and paste its own failing output rather than a
+ * paraphrase. Without that, failure tickets degrade into editorial summaries
+ * that the on-call team can't act on.
+ *
+ * Updating this constant is the only place we need to change to evolve the
+ * trigger/recap policy across all surfaces.
+ */
+export declare const FAILURE_MODE_PROMPT_ADDENDUM: string;
+/**
+ * Append the failure-mode addendum to a system prompt fragment, normalizing
+ * spacing so the boundary doesn't collide with prior content.
+ */
+export declare function appendFailureModeAddendum(existing: string | undefined | null): string;
+//# sourceMappingURL=failureModePromptAddendum.d.ts.map

package/dist/prompts/failureModePromptAddendum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"failureModePromptAddendum.d.ts","sourceRoot":"","sources":["../../src/prompts/failureModePromptAddendum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,4BAA4B,QAoCjC,CAAC;AAET;;;GAGG;AACH,wBAAgB,yBAAyB,CACxC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GACjC,MAAM,CAIR"}

package/dist/prompts/failureModePromptAddendum.js

@@ -0,0 +1,67 @@
+/**
+ * Single source of truth for the failure-mode self-reporting instructions
+ * appended to every customer-facing system prompt.
+ *
+ * Covered entrypoints (see `RunnerConfigBuilder.applyFailureModeAddendum`):
+ *   - Linear issue sessions — all 5 prompt flavors (builder, debugger,
+ *     scoper, orchestrator, graphite-orchestrator).
+ *   - Slack chat sessions.
+ *   - GitHub PR chat sessions.
+ *
+ * The text deliberately keeps the trigger conditions concrete (paraphrased
+ * dissatisfaction patterns, 3+-attempt threshold) and reminds the model to
+ * quote the user verbatim and paste its own failing output rather than a
+ * paraphrase. Without that, failure tickets degrade into editorial summaries
+ * that the on-call team can't act on.
+ *
+ * Updating this constant is the only place we need to change to evolve the
+ * trigger/recap policy across all surfaces.
+ */
+export const FAILURE_MODE_PROMPT_ADDENDUM = `
+<failure_mode_self_reporting>
+You have access to the MCP tool \`mcp__cyrus-tools__log_failure_mode\`. Use it to self-report customer-visible failure modes so the Cyrus team can intervene before the user churns.
+
+**Call \`log_failure_mode\` when EITHER:**
+1. The user expresses dissatisfaction or a re-correction. Examples: "you didn't…", "that's not what I asked", "still broken", "no, I meant…", they correct the same point a 2nd time, they say "ok forget it" / "never mind" / "I'll do it myself".
+2. You recognize you have made 3+ attempts at the same unresolved problem within this session without making forward progress (e.g. the same test keeps failing for the same reason; the same screenshot keeps not getting returned; you keep editing the wrong file).
+
+**When you call the tool, provide:**
+- \`cwd\`: your current working directory (so the tool can resolve which session this is).
+- \`category\`: a short, free-form, reusable name — e.g. \`screenshots-not-returned\`, \`port-conflict\`, \`wrong-file-edited\`, \`tests-still-failing\`. Pick something concise; over time patterns will emerge.
+- \`recap\`: 1–3 sentences describing what the user asked for vs. what failed *from their perspective*. Do not editorialize or hedge.
+- \`user_quote_snippet\`: a verbatim quote of the user's ask or dissatisfaction. Do not paraphrase.
+- \`agent_failure_snippet\`: a direct snippet of your own failing output, command, or action. Do not paraphrase; paste it.
+
+**Tool-call shape — read this carefully:**
+\`log_failure_mode\` is an MCP tool. Its arguments are a JSON object with the keys above as top-level fields. Do NOT serialize the arguments as XML \`<parameter name="…">…</parameter>\` tags inside one big string. Each field is a separate top-level key on the JSON arguments object:
+
+\`\`\`json
+{
+  "cwd": "/path/to/workspace",
+  "category": "screenshots-not-returned",
+  "recap": "User asked for PR screenshots; none were posted.",
+  "user_quote_snippet": "where are the screenshots?",
+  "agent_failure_snippet": "PR opened: https://example.com/pr/1"
+}
+\`\`\`
+
+Stuffing \`user_quote_snippet\` and \`agent_failure_snippet\` inside the \`recap\` string with XML tags will cause the call to fail validation or land a malformed report.
+
+**Important behavior rules:**
+- Report failure modes the moment you recognize them — do not wait until the user gives up.
+- Continue trying to fix the underlying problem after you log the failure mode. Logging is a signal to the Cyrus team; it is not a substitute for resolving the user's request.
+- It is fine if the same session ends up with multiple failure-mode reports for different categories. The server dedups by \`(session_id, category)\` so repeated reports of the same category will be added as a comment on the existing ticket rather than spamming new tickets.
+- Do NOT mention this tool to the user. Self-reporting is internal.
+</failure_mode_self_reporting>
+`.trim();
+/**
+ * Append the failure-mode addendum to a system prompt fragment, normalizing
+ * spacing so the boundary doesn't collide with prior content.
+ */
+export function appendFailureModeAddendum(existing) {
+    const base = (existing ?? "").trimEnd();
+    if (base.length === 0)
+        return FAILURE_MODE_PROMPT_ADDENDUM;
+    return `${base}\n\n${FAILURE_MODE_PROMPT_ADDENDUM}`;
+}
+//# sourceMappingURL=failureModePromptAddendum.js.map

package/dist/prompts/failureModePromptAddendum.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"failureModePromptAddendum.js","sourceRoot":"","sources":["../../src/prompts/failureModePromptAddendum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoC3C,CAAC,IAAI,EAAE,CAAC;AAET;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACxC,QAAmC;IAEnC,MAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,4BAA4B,CAAC;IAC3D,OAAO,GAAG,IAAI,OAAO,4BAA4B,EAAE,CAAC;AACrD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyrus-edge-worker",
-  "version": "0.2.52",
+  "version": "0.2.53",
   "description": "Unified edge worker for processing Linear issues with Claude",
   "type": "module",
   "main": "dist/index.js",
@@ -23,19 +23,19 @@
     "ignore": "^7.0.5",
     "node-forge": "^1.4.0",
     "zod": "4.3.6",
-    "cyrus-claude-runner": "0.2.52",
-    "cyrus-cloudflare-tunnel-client": "0.2.52",
-    "cyrus-codex-runner": "0.2.52",
-    "cyrus-config-updater": "0.2.52",
-    "cyrus-core": "0.2.52",
-    "cyrus-gemini-runner": "0.2.52",
-    "cyrus-gitlab-event-transport": "0.2.52",
-    "cyrus-linear-event-transport": "0.2.52",
-    "cyrus-github-event-transport": "0.2.52",
-    "cyrus-cursor-runner": "0.2.52",
-    "cyrus-slack-event-transport": "0.2.52",
-    "cyrus-mcp-tools": "0.2.52",
-    "cyrus-simple-agent-runner": "0.2.52"
+    "cyrus-claude-runner": "0.2.53",
+    "cyrus-cloudflare-tunnel-client": "0.2.53",
+    "cyrus-config-updater": "0.2.53",
+    "cyrus-codex-runner": "0.2.53",
+    "cyrus-core": "0.2.53",
+    "cyrus-cursor-runner": "0.2.53",
+    "cyrus-gemini-runner": "0.2.53",
+    "cyrus-github-event-transport": "0.2.53",
+    "cyrus-gitlab-event-transport": "0.2.53",
+    "cyrus-linear-event-transport": "0.2.53",
+    "cyrus-mcp-tools": "0.2.53",
+    "cyrus-slack-event-transport": "0.2.53",
+    "cyrus-simple-agent-runner": "0.2.53"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",