npm - draft-board - Versions diffs - 0.1.0-beta.0 - Mend

draft-board 0.1.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/app/backend/.env.example +9 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_patch.txt +195 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_stat.txt +6 -0
package/app/backend/CURL_EXAMPLES.md +335 -0
package/app/backend/ENV_SETUP.md +65 -0
package/app/backend/alembic/env.py +71 -0
package/app/backend/alembic/script.py.mako +28 -0
package/app/backend/alembic/versions/001_initial_schema.py +104 -0
package/app/backend/alembic/versions/002_add_jobs_table.py +52 -0
package/app/backend/alembic/versions/003_add_workspace_table.py +48 -0
package/app/backend/alembic/versions/004_add_evidence_table.py +56 -0
package/app/backend/alembic/versions/005_add_verification_commands.py +32 -0
package/app/backend/alembic/versions/006_add_planner_lock_table.py +39 -0
package/app/backend/alembic/versions/007_add_revision_review_tables.py +126 -0
package/app/backend/alembic/versions/008_add_revision_idempotency_and_traceability.py +52 -0
package/app/backend/alembic/versions/009_add_job_health_fields.py +46 -0
package/app/backend/alembic/versions/010_add_review_comment_line_content.py +36 -0
package/app/backend/alembic/versions/011_add_analysis_cache.py +47 -0
package/app/backend/alembic/versions/012_add_boards_table.py +102 -0
package/app/backend/alembic/versions/013_add_ticket_blocking.py +45 -0
package/app/backend/alembic/versions/014_add_agent_sessions.py +220 -0
package/app/backend/alembic/versions/015_add_ticket_sort_order.py +33 -0
package/app/backend/alembic/versions/03220f0b93ae_add_pr_fields_to_ticket.py +49 -0
package/app/backend/alembic/versions/0c2d89fff3b1_seed_board_configs_from_yaml.py +206 -0
package/app/backend/alembic/versions/3348e5cf54c1_add_merge_checklist_table.py +67 -0
package/app/backend/alembic/versions/357c780ee445_add_goal_status.py +34 -0
package/app/backend/alembic/versions/553340b7e26c_add_autonomy_fields_to_goal.py +65 -0
package/app/backend/alembic/versions/774dc335c679_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/7b307e847cbd_merge_heads.py +23 -0
package/app/backend/alembic/versions/82ecd978cc70_add_missing_indexes.py +48 -0
package/app/backend/alembic/versions/8ef5054dc280_add_normalized_log_entries.py +173 -0
package/app/backend/alembic/versions/8f3e2bd8ea3b_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/9d17f0698d3b_add_config_column_to_boards_table.py +30 -0
package/app/backend/alembic/versions/add_agent_conversation_history.py +72 -0
package/app/backend/alembic/versions/add_job_variant.py +34 -0
package/app/backend/alembic/versions/add_performance_indexes.py +95 -0
package/app/backend/alembic/versions/add_repos_and_board_repos.py +174 -0
package/app/backend/alembic/versions/add_session_id_to_jobs.py +27 -0
package/app/backend/alembic/versions/add_sqlite_backend_tables.py +104 -0
package/app/backend/alembic/versions/b10fb0b62240_add_diff_content_to_revisions.py +34 -0
package/app/backend/alembic.ini +89 -0
package/app/backend/app/__init__.py +3 -0
package/app/backend/app/data_dir.py +85 -0
package/app/backend/app/database.py +70 -0
package/app/backend/app/database_sync.py +64 -0
package/app/backend/app/dependencies/__init__.py +5 -0
package/app/backend/app/dependencies/auth.py +80 -0
package/app/backend/app/dependencies.py +43 -0
package/app/backend/app/exceptions.py +178 -0
package/app/backend/app/executors/__init__.py +1 -0
package/app/backend/app/executors/adapters/__init__.py +1 -0
package/app/backend/app/executors/adapters/aider.py +152 -0
package/app/backend/app/executors/adapters/amazon_q.py +103 -0
package/app/backend/app/executors/adapters/amp.py +123 -0
package/app/backend/app/executors/adapters/claude.py +177 -0
package/app/backend/app/executors/adapters/cline.py +127 -0
package/app/backend/app/executors/adapters/codex.py +167 -0
package/app/backend/app/executors/adapters/copilot.py +202 -0
package/app/backend/app/executors/adapters/cursor.py +87 -0
package/app/backend/app/executors/adapters/droid.py +123 -0
package/app/backend/app/executors/adapters/gemini.py +132 -0
package/app/backend/app/executors/adapters/goose.py +131 -0
package/app/backend/app/executors/adapters/opencode.py +123 -0
package/app/backend/app/executors/adapters/qwen.py +123 -0
package/app/backend/app/executors/plugins/__init__.py +1 -0
package/app/backend/app/executors/registry.py +202 -0
package/app/backend/app/executors/spec.py +226 -0
package/app/backend/app/main.py +486 -0
package/app/backend/app/middleware/__init__.py +13 -0
package/app/backend/app/middleware/idempotency.py +426 -0
package/app/backend/app/middleware/rate_limit.py +312 -0
package/app/backend/app/middleware/security_headers.py +43 -0
package/app/backend/app/middleware/timeout.py +37 -0
package/app/backend/app/models/__init__.py +56 -0
package/app/backend/app/models/agent_conversation_history.py +56 -0
package/app/backend/app/models/agent_session.py +127 -0
package/app/backend/app/models/analysis_cache.py +49 -0
package/app/backend/app/models/base.py +9 -0
package/app/backend/app/models/board.py +79 -0
package/app/backend/app/models/board_repo.py +68 -0
package/app/backend/app/models/cost_budget.py +42 -0
package/app/backend/app/models/enums.py +40 -0
package/app/backend/app/models/evidence.py +132 -0
package/app/backend/app/models/goal.py +102 -0
package/app/backend/app/models/idempotency_entry.py +30 -0
package/app/backend/app/models/job.py +163 -0
package/app/backend/app/models/job_queue.py +39 -0
package/app/backend/app/models/kv_store.py +28 -0
package/app/backend/app/models/merge_checklist.py +87 -0
package/app/backend/app/models/normalized_log.py +100 -0
package/app/backend/app/models/planner_lock.py +43 -0
package/app/backend/app/models/rate_limit_entry.py +25 -0
package/app/backend/app/models/repo.py +66 -0
package/app/backend/app/models/review_comment.py +91 -0
package/app/backend/app/models/review_summary.py +69 -0
package/app/backend/app/models/revision.py +130 -0
package/app/backend/app/models/ticket.py +223 -0
package/app/backend/app/models/ticket_event.py +83 -0
package/app/backend/app/models/user.py +47 -0
package/app/backend/app/models/workspace.py +71 -0
package/app/backend/app/redis_client.py +119 -0
package/app/backend/app/routers/__init__.py +29 -0
package/app/backend/app/routers/agents.py +296 -0
package/app/backend/app/routers/auth.py +94 -0
package/app/backend/app/routers/board.py +885 -0
package/app/backend/app/routers/dashboard.py +351 -0
package/app/backend/app/routers/debug.py +528 -0
package/app/backend/app/routers/evidence.py +96 -0
package/app/backend/app/routers/executors.py +324 -0
package/app/backend/app/routers/goals.py +574 -0
package/app/backend/app/routers/jobs.py +448 -0
package/app/backend/app/routers/maintenance.py +172 -0
package/app/backend/app/routers/merge.py +360 -0
package/app/backend/app/routers/planner.py +537 -0
package/app/backend/app/routers/pull_requests.py +382 -0
package/app/backend/app/routers/repos.py +263 -0
package/app/backend/app/routers/revisions.py +939 -0
package/app/backend/app/routers/settings.py +267 -0
package/app/backend/app/routers/tickets.py +2003 -0
package/app/backend/app/routers/webhooks.py +143 -0
package/app/backend/app/routers/websocket.py +249 -0
package/app/backend/app/schemas/__init__.py +109 -0
package/app/backend/app/schemas/board.py +87 -0
package/app/backend/app/schemas/common.py +33 -0
package/app/backend/app/schemas/evidence.py +87 -0
package/app/backend/app/schemas/goal.py +90 -0
package/app/backend/app/schemas/job.py +97 -0
package/app/backend/app/schemas/merge.py +139 -0
package/app/backend/app/schemas/planner.py +500 -0
package/app/backend/app/schemas/repo.py +187 -0
package/app/backend/app/schemas/review.py +137 -0
package/app/backend/app/schemas/revision.py +114 -0
package/app/backend/app/schemas/ticket.py +238 -0
package/app/backend/app/schemas/ticket_event.py +72 -0
package/app/backend/app/schemas/workspace.py +19 -0
package/app/backend/app/services/__init__.py +31 -0
package/app/backend/app/services/agent_memory_service.py +223 -0
package/app/backend/app/services/agent_registry.py +346 -0
package/app/backend/app/services/agent_session_manager.py +318 -0
package/app/backend/app/services/agent_session_service.py +219 -0
package/app/backend/app/services/agent_tools.py +379 -0
package/app/backend/app/services/auth_service.py +98 -0
package/app/backend/app/services/autonomy_service.py +380 -0
package/app/backend/app/services/board_repo_service.py +201 -0
package/app/backend/app/services/board_service.py +326 -0
package/app/backend/app/services/cleanup_service.py +1085 -0
package/app/backend/app/services/config_service.py +908 -0
package/app/backend/app/services/context_gatherer.py +557 -0
package/app/backend/app/services/cost_tracking_service.py +293 -0
package/app/backend/app/services/cursor_log_normalizer.py +536 -0
package/app/backend/app/services/delivery_pipeline.py +440 -0
package/app/backend/app/services/executor_service.py +634 -0
package/app/backend/app/services/git_host/__init__.py +11 -0
package/app/backend/app/services/git_host/factory.py +87 -0
package/app/backend/app/services/git_host/github.py +270 -0
package/app/backend/app/services/git_host/gitlab.py +194 -0
package/app/backend/app/services/git_host/protocol.py +75 -0
package/app/backend/app/services/git_merge_simple.py +346 -0
package/app/backend/app/services/git_ops.py +384 -0
package/app/backend/app/services/github_service.py +233 -0
package/app/backend/app/services/goal_service.py +113 -0
package/app/backend/app/services/job_service.py +423 -0
package/app/backend/app/services/job_watchdog_service.py +424 -0
package/app/backend/app/services/langchain_adapter.py +122 -0
package/app/backend/app/services/llm_provider_clients.py +351 -0
package/app/backend/app/services/llm_service.py +285 -0
package/app/backend/app/services/log_normalizer.py +342 -0
package/app/backend/app/services/log_stream_service.py +276 -0
package/app/backend/app/services/merge_checklist_service.py +264 -0
package/app/backend/app/services/merge_service.py +784 -0
package/app/backend/app/services/orchestrator_log.py +84 -0
package/app/backend/app/services/planner_service.py +1662 -0
package/app/backend/app/services/planner_tick_sync.py +1040 -0
package/app/backend/app/services/queued_message_service.py +156 -0
package/app/backend/app/services/reliability_wrapper.py +389 -0
package/app/backend/app/services/repo_discovery_service.py +318 -0
package/app/backend/app/services/review_service.py +334 -0
package/app/backend/app/services/revision_service.py +389 -0
package/app/backend/app/services/safe_autopilot.py +510 -0
package/app/backend/app/services/sqlite_worker.py +372 -0
package/app/backend/app/services/task_dispatch.py +135 -0
package/app/backend/app/services/ticket_generation_service.py +1781 -0
package/app/backend/app/services/ticket_service.py +486 -0
package/app/backend/app/services/udar_planner_service.py +1007 -0
package/app/backend/app/services/webhook_service.py +126 -0
package/app/backend/app/services/workspace_service.py +465 -0
package/app/backend/app/services/worktree_file_service.py +92 -0
package/app/backend/app/services/worktree_validator.py +213 -0
package/app/backend/app/sqlite_kv.py +278 -0
package/app/backend/app/state_machine.py +128 -0
package/app/backend/app/templates/__init__.py +5 -0
package/app/backend/app/templates/registry.py +243 -0
package/app/backend/app/utils/__init__.py +5 -0
package/app/backend/app/utils/artifact_reader.py +87 -0
package/app/backend/app/utils/circuit_breaker.py +229 -0
package/app/backend/app/utils/db_retry.py +136 -0
package/app/backend/app/utils/ignored_fields.py +123 -0
package/app/backend/app/utils/validators.py +54 -0
package/app/backend/app/websocket/__init__.py +5 -0
package/app/backend/app/websocket/manager.py +179 -0
package/app/backend/app/websocket/state_tracker.py +113 -0
package/app/backend/app/worker.py +3190 -0
package/app/backend/calculator_tickets.json +40 -0
package/app/backend/canary_tests.sh +591 -0
package/app/backend/celerybeat-schedule +0 -0
package/app/backend/celerybeat-schedule-shm +0 -0
package/app/backend/celerybeat-schedule-wal +0 -0
package/app/backend/logs/.gitkeep +3 -0
package/app/backend/multiplication_division_implementation_tickets.json +55 -0
package/app/backend/multiplication_division_tickets.json +42 -0
package/app/backend/pyproject.toml +45 -0
package/app/backend/requirements-dev.txt +8 -0
package/app/backend/requirements.txt +20 -0
package/app/backend/run.sh +30 -0
package/app/backend/run_with_logs.sh +10 -0
package/app/backend/scientific_calculator_tickets.json +40 -0
package/app/backend/scripts/extract_openapi.py +21 -0
package/app/backend/scripts/seed_demo.py +187 -0
package/app/backend/setup_demo_review.py +302 -0
package/app/backend/test_actual_parse.py +41 -0
package/app/backend/test_agent_streaming.py +61 -0
package/app/backend/test_parse.py +51 -0
package/app/backend/test_streaming.py +51 -0
package/app/backend/test_subprocess_streaming.py +50 -0
package/app/backend/tests/__init__.py +1 -0
package/app/backend/tests/conftest.py +46 -0
package/app/backend/tests/test_auth.py +341 -0
package/app/backend/tests/test_autonomy_service.py +391 -0
package/app/backend/tests/test_cleanup_service_safety.py +417 -0
package/app/backend/tests/test_middleware.py +279 -0
package/app/backend/tests/test_planner_providers.py +290 -0
package/app/backend/tests/test_planner_unblock.py +183 -0
package/app/backend/tests/test_revision_invariants.py +618 -0
package/app/backend/tests/test_sqlite_kv.py +290 -0
package/app/backend/tests/test_sqlite_worker.py +353 -0
package/app/backend/tests/test_task_dispatch.py +100 -0
package/app/backend/tests/test_ticket_validation.py +304 -0
package/app/backend/tests/test_udar_agent.py +693 -0
package/app/backend/tests/test_webhook_service.py +184 -0
package/app/backend/tickets_output.json +59 -0
package/app/backend/user_management_tickets.json +50 -0
package/app/backend/uvicorn.log +0 -0
package/app/draft.yaml +313 -0
package/app/frontend/dist/assets/index-LcjCczu5.js +155 -0
package/app/frontend/dist/assets/index-_FP_279e.css +1 -0
package/app/frontend/dist/index.html +14 -0
package/app/frontend/dist/vite.svg +1 -0
package/app/frontend/package.json +101 -0
package/bin/cli.js +527 -0
package/package.json +37 -0

package/app/backend/app/services/autonomy_service.py ADDED Viewed

@@ -0,0 +1,380 @@
+"""Service for full autonomy mode safety checks and auto-actions.
+Autonomy mode allows goals to bypass manual gates (ticket approval,
+revision approval, merge, follow-up approval) with configurable safety rails.
+All auto-actions are recorded as TicketEvents with actor_id="autonomy_service"
+for a complete audit trail.
+"""
+import fnmatch
+import json
+import logging
+import subprocess
+from dataclasses import dataclass
+from pathlib import Path
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import Session, selectinload
+from app.models.enums import ActorType, EventType
+from app.models.evidence import Evidence, EvidenceKind
+from app.models.goal import Goal
+from app.models.revision import Revision
+from app.models.ticket import Ticket
+from app.models.ticket_event import TicketEvent
+from app.services.config_service import AutonomyConfig, DraftConfig
+from app.services.workspace_service import WorkspaceService
+logger = logging.getLogger(__name__)
+@dataclass
+class AutonomyCheckResult:
+    """Result of an autonomy safety check."""
+    approved: bool
+    reason: str
+class AutonomyService:
+    """Core safety logic for full autonomy mode.
+    Provides both async (FastAPI) and sync (Celery worker) methods.
+    """
+    def __init__(self, config: AutonomyConfig | None = None):
+        if config is None:
+            config = DraftConfig().autonomy_config
+        self.config = config
+    # ── Async methods (for FastAPI routes and planner) ──
+    async def can_auto_approve_ticket(
+        self, db: AsyncSession, ticket: Ticket
+    ) -> AutonomyCheckResult:
+        """Check if a ticket can be auto-approved (PROPOSED -> PLANNED).
+        Checks:
+        - goal.autonomy_enabled
+        - goal.auto_approve_tickets
+        - max_auto_approvals not exceeded
+        """
+        result = await db.execute(select(Goal).where(Goal.id == ticket.goal_id))
+        goal = result.scalar_one_or_none()
+        if goal is None:
+            return AutonomyCheckResult(False, "Goal not found")
+        return self._check_ticket_approval(goal)
+    async def can_auto_approve_revision(
+        self, db: AsyncSession, ticket: Ticket, revision: Revision | None = None
+    ) -> AutonomyCheckResult:
+        """Check if a revision can be auto-approved (VERIFYING -> DONE).
+        Checks:
+        - goal.autonomy_enabled + goal.auto_approve_revisions
+        - All verification evidence has exit_code == 0
+        - Diff size < max_diff_lines
+        - No sensitive files in diff
+        - max_auto_approvals not reached
+        """
+        result = await db.execute(select(Goal).where(Goal.id == ticket.goal_id))
+        goal = result.scalar_one_or_none()
+        if goal is None:
+            return AutonomyCheckResult(False, "Goal not found")
+        # Load evidence for this ticket
+        evidence_result = await db.execute(
+            select(Evidence).where(Evidence.ticket_id == ticket.id)
+        )
+        evidence_list = list(evidence_result.scalars().all())
+        return self._check_revision_approval(goal, evidence_list)
+    async def can_auto_merge(
+        self, db: AsyncSession, ticket: Ticket, repo_path: Path
+    ) -> AutonomyCheckResult:
+        """Check if a ticket can be auto-merged after DONE.
+        Checks:
+        - goal.auto_merge
+        - Pre-check merge conflicts
+        """
+        result = await db.execute(select(Goal).where(Goal.id == ticket.goal_id))
+        goal = result.scalar_one_or_none()
+        if goal is None:
+            return AutonomyCheckResult(False, "Goal not found")
+        if not goal.autonomy_enabled or not goal.auto_merge:
+            return AutonomyCheckResult(False, "Auto-merge not enabled for this goal")
+        # Get workspace to find branch name
+        ticket_result = await db.execute(
+            select(Ticket)
+            .where(Ticket.id == ticket.id)
+            .options(selectinload(Ticket.workspace))
+        )
+        ticket_with_ws = ticket_result.scalar_one_or_none()
+        if not ticket_with_ws or not ticket_with_ws.workspace:
+            return AutonomyCheckResult(False, "No active workspace")
+        branch_name = ticket_with_ws.workspace.branch_name
+        return self._check_merge_conflicts(repo_path, branch_name)
+    async def record_auto_action(
+        self,
+        db: AsyncSession,
+        ticket: Ticket,
+        action_type: str,
+        details: dict,
+        from_state: str | None = None,
+        to_state: str | None = None,
+    ) -> None:
+        """Record an autonomy action as a TicketEvent and increment counter."""
+        event = TicketEvent(
+            ticket_id=ticket.id,
+            event_type=EventType.TRANSITIONED.value
+            if from_state != to_state
+            else EventType.COMMENT.value,
+            from_state=from_state or ticket.state,
+            to_state=to_state or ticket.state,
+            actor_type=ActorType.SYSTEM.value,
+            actor_id="autonomy_service",
+            reason=f"Auto-{action_type}: {details.get('reason', 'autonomy mode')}",
+            payload_json=json.dumps({"autonomy_action": action_type, **details}),
+        )
+        db.add(event)
+        # Increment auto_approval_count on goal
+        result = await db.execute(select(Goal).where(Goal.id == ticket.goal_id))
+        goal = result.scalar_one_or_none()
+        if goal:
+            goal.auto_approval_count += 1
+    # ── Sync methods (for Celery worker) ──
+    def can_auto_approve_ticket_sync(
+        self, db: Session, ticket: Ticket
+    ) -> AutonomyCheckResult:
+        """Sync version of can_auto_approve_ticket for Celery worker."""
+        goal = db.query(Goal).filter(Goal.id == ticket.goal_id).first()
+        if goal is None:
+            return AutonomyCheckResult(False, "Goal not found")
+        return self._check_ticket_approval(goal)
+    def can_auto_approve_revision_sync(
+        self, db: Session, ticket: Ticket
+    ) -> AutonomyCheckResult:
+        """Sync version of can_auto_approve_revision for Celery worker."""
+        goal = db.query(Goal).filter(Goal.id == ticket.goal_id).first()
+        if goal is None:
+            return AutonomyCheckResult(False, "Goal not found")
+        evidence_list = db.query(Evidence).filter(Evidence.ticket_id == ticket.id).all()
+        return self._check_revision_approval(goal, evidence_list)
+    def record_auto_action_sync(
+        self,
+        db: Session,
+        ticket: Ticket,
+        action_type: str,
+        details: dict,
+        from_state: str | None = None,
+        to_state: str | None = None,
+    ) -> None:
+        """Sync version of record_auto_action for Celery worker."""
+        event = TicketEvent(
+            ticket_id=ticket.id,
+            event_type=EventType.TRANSITIONED.value
+            if from_state != to_state
+            else EventType.COMMENT.value,
+            from_state=from_state or ticket.state,
+            to_state=to_state or ticket.state,
+            actor_type=ActorType.SYSTEM.value,
+            actor_id="autonomy_service",
+            reason=f"Auto-{action_type}: {details.get('reason', 'autonomy mode')}",
+            payload_json=json.dumps({"autonomy_action": action_type, **details}),
+        )
+        db.add(event)
+        goal = db.query(Goal).filter(Goal.id == ticket.goal_id).first()
+        if goal:
+            goal.auto_approval_count += 1
+    # ── Shared pure logic (no DB) ──
+    def _check_ticket_approval(self, goal: Goal) -> AutonomyCheckResult:
+        """Check if goal settings allow auto-approving a ticket."""
+        if not goal.autonomy_enabled:
+            return AutonomyCheckResult(False, "Autonomy not enabled for this goal")
+        if not goal.auto_approve_tickets:
+            return AutonomyCheckResult(False, "Auto-approve tickets not enabled")
+        if (
+            goal.max_auto_approvals is not None
+            and goal.auto_approval_count >= goal.max_auto_approvals
+        ):
+            return AutonomyCheckResult(
+                False, f"Max auto-approvals reached ({goal.max_auto_approvals})"
+            )
+        return AutonomyCheckResult(True, "Ticket auto-approval allowed")
+    def _check_revision_approval(
+        self, goal: Goal, evidence_list: list[Evidence]
+    ) -> AutonomyCheckResult:
+        """Check if goal settings and evidence allow auto-approving a revision."""
+        if not goal.autonomy_enabled:
+            return AutonomyCheckResult(False, "Autonomy not enabled for this goal")
+        if not goal.auto_approve_revisions:
+            return AutonomyCheckResult(False, "Auto-approve revisions not enabled")
+        if (
+            goal.max_auto_approvals is not None
+            and goal.auto_approval_count >= goal.max_auto_approvals
+        ):
+            return AutonomyCheckResult(
+                False, f"Max auto-approvals reached ({goal.max_auto_approvals})"
+            )
+        # Check verification evidence
+        if self.config.require_verification_pass:
+            verify_evidence = [
+                e
+                for e in evidence_list
+                if e.kind in (EvidenceKind.VERIFY_META.value, EvidenceKind.VERIFY_META)
+            ]
+            if verify_evidence:
+                for ve in verify_evidence:
+                    if ve.exit_code != 0:
+                        return AutonomyCheckResult(
+                            False, f"Verification failed (exit_code={ve.exit_code})"
+                        )
+        # Check diff size
+        diff_stat_evidence = [
+            e
+            for e in evidence_list
+            if e.kind in (EvidenceKind.GIT_DIFF_STAT.value, EvidenceKind.GIT_DIFF_STAT)
+        ]
+        if diff_stat_evidence:
+            total_lines = self._parse_diff_stat_lines(diff_stat_evidence[-1])
+            if total_lines > self.config.max_diff_lines:
+                return AutonomyCheckResult(
+                    False,
+                    f"Diff too large ({total_lines} lines > {self.config.max_diff_lines} max)",
+                )
+        # Check for sensitive files in diff
+        diff_patch_evidence = [
+            e
+            for e in evidence_list
+            if e.kind
+            in (EvidenceKind.GIT_DIFF_PATCH.value, EvidenceKind.GIT_DIFF_PATCH)
+        ]
+        if diff_patch_evidence:
+            sensitive = self._check_sensitive_files(diff_patch_evidence[-1])
+            if sensitive:
+                return AutonomyCheckResult(
+                    False,
+                    f"Sensitive files detected in diff: {', '.join(sensitive)}",
+                )
+        return AutonomyCheckResult(True, "Revision auto-approval allowed")
+    def _parse_diff_stat_lines(self, evidence: Evidence) -> int:
+        """Parse total lines changed from a git diff --stat evidence record.
+        The last line of diff stat output looks like:
+         N files changed, X insertions(+), Y deletions(-)
+        """
+        try:
+            content_path = Path(evidence.stdout_path)
+            if not content_path.is_absolute():
+                repo_root = WorkspaceService.get_repo_path()
+                content_path = repo_root / evidence.stdout_path
+            if not content_path.exists():
+                return 0
+            content = content_path.read_text()
+            # Parse last line for total
+            lines = content.strip().split("\n")
+            if not lines:
+                return 0
+            last_line = lines[-1]
+            total = 0
+            # Parse "X insertions(+)" and "Y deletions(-)"
+            for part in last_line.split(","):
+                part = part.strip()
+                if "insertion" in part or "deletion" in part:
+                    try:
+                        total += int(part.split()[0])
+                    except (ValueError, IndexError):
+                        pass
+            return total
+        except Exception:
+            logger.debug("Failed to parse diff stat", exc_info=True)
+            return 0
+    def _check_sensitive_files(self, evidence: Evidence) -> list[str]:
+        """Check if any files in a diff patch match sensitive file patterns."""
+        try:
+            content_path = Path(evidence.stdout_path)
+            if not content_path.is_absolute():
+                repo_root = WorkspaceService.get_repo_path()
+                content_path = repo_root / evidence.stdout_path
+            if not content_path.exists():
+                return []
+            content = content_path.read_text()
+            # Extract file paths from diff headers (--- a/path and +++ b/path)
+            files_in_diff = set()
+            for line in content.split("\n"):
+                if line.startswith("+++ b/") or line.startswith("--- a/"):
+                    path = line[6:]  # Remove "+++ b/" or "--- a/"
+                    if path != "/dev/null":
+                        files_in_diff.add(path)
+            # Match against sensitive patterns
+            matches = []
+            for file_path in files_in_diff:
+                for pattern in self.config.sensitive_file_patterns:
+                    if fnmatch.fnmatch(file_path, pattern):
+                        matches.append(file_path)
+                        break
+            return matches
+        except Exception:
+            logger.debug("Failed to check sensitive files", exc_info=True)
+            return []
+    def _check_merge_conflicts(
+        self, repo_path: Path, branch_name: str
+    ) -> AutonomyCheckResult:
+        """Pre-check for merge conflicts using git merge --no-commit --no-ff."""
+        try:
+            # Try merge dry-run
+            result = subprocess.run(
+                ["git", "merge", "--no-commit", "--no-ff", branch_name],
+                cwd=repo_path,
+                capture_output=True,
+                text=True,
+                timeout=30,
+            )
+            # Always abort the test merge
+            subprocess.run(
+                ["git", "merge", "--abort"],
+                cwd=repo_path,
+                capture_output=True,
+                timeout=10,
+            )
+            if result.returncode != 0:
+                return AutonomyCheckResult(
+                    False,
+                    f"Merge conflicts detected: {result.stderr.strip()[:200]}",
+                )
+            return AutonomyCheckResult(True, "No merge conflicts detected")
+        except subprocess.TimeoutExpired:
+            return AutonomyCheckResult(False, "Merge conflict check timed out")
+        except Exception as e:
+            return AutonomyCheckResult(False, f"Merge conflict check failed: {e}")

package/app/backend/app/services/board_repo_service.py ADDED Viewed

@@ -0,0 +1,201 @@
+"""Service for managing Board-Repo associations."""
+import uuid
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.orm import joinedload
+from app.models.board import Board
+from app.models.board_repo import BoardRepo
+from app.models.repo import Repo
+class BoardRepoService:
+    """Service for managing board-repo relationships."""
+    def __init__(self, db: AsyncSession):
+        self.db = db
+    async def add_repo_to_board(
+        self,
+        board_id: str,
+        repo_id: str,
+        is_primary: bool = False,
+        custom_setup_script: str | None = None,
+        custom_cleanup_script: str | None = None,
+    ) -> BoardRepo:
+        """
+        Add a repository to a board.
+        Args:
+            board_id: Board UUID
+            repo_id: Repo UUID
+            is_primary: Whether this is the primary repo
+            custom_setup_script: Per-board setup script override
+            custom_cleanup_script: Per-board cleanup script override
+        Returns:
+            Created BoardRepo association
+        Raises:
+            ValueError: If board or repo not found, or association already exists
+        """
+        # Verify board exists
+        board_result = await self.db.execute(select(Board).where(Board.id == board_id))
+        board = board_result.scalar_one_or_none()
+        if not board:
+            raise ValueError(f"Board not found: {board_id}")
+        # Verify repo exists
+        repo_result = await self.db.execute(select(Repo).where(Repo.id == repo_id))
+        repo = repo_result.scalar_one_or_none()
+        if not repo:
+            raise ValueError(f"Repo not found: {repo_id}")
+        # Check if association already exists
+        existing_result = await self.db.execute(
+            select(BoardRepo).where(
+                BoardRepo.board_id == board_id, BoardRepo.repo_id == repo_id
+            )
+        )
+        existing = existing_result.scalar_one_or_none()
+        if existing:
+            raise ValueError(
+                f"Repo {repo_id} is already associated with board {board_id}"
+            )
+        # If setting as primary, unset other primary repos
+        if is_primary:
+            await self._unset_primary_repos(board_id)
+        # Create association
+        board_repo = BoardRepo(
+            id=str(uuid.uuid4()),
+            board_id=board_id,
+            repo_id=repo_id,
+            is_primary=is_primary,
+            custom_setup_script=custom_setup_script,
+            custom_cleanup_script=custom_cleanup_script,
+        )
+        self.db.add(board_repo)
+        await self.db.commit()
+        await self.db.refresh(board_repo)
+        # Eager load repo relationship
+        result = await self.db.execute(
+            select(BoardRepo)
+            .options(joinedload(BoardRepo.repo))
+            .where(BoardRepo.id == board_repo.id)
+        )
+        return result.scalar_one()
+    async def get_board_repos(self, board_id: str) -> list[BoardRepo]:
+        """
+        Get all repos associated with a board.
+        Returns:
+            List of BoardRepo associations with eager-loaded Repo
+        """
+        result = await self.db.execute(
+            select(BoardRepo)
+            .options(joinedload(BoardRepo.repo))
+            .where(BoardRepo.board_id == board_id)
+            .order_by(BoardRepo.is_primary.desc(), BoardRepo.created_at.asc())
+        )
+        return list(result.scalars().all())
+    async def get_board_repo(self, board_id: str, repo_id: str) -> BoardRepo | None:
+        """Get a specific board-repo association."""
+        result = await self.db.execute(
+            select(BoardRepo)
+            .options(joinedload(BoardRepo.repo))
+            .where(BoardRepo.board_id == board_id, BoardRepo.repo_id == repo_id)
+        )
+        return result.scalar_one_or_none()
+    async def update_board_repo(
+        self,
+        board_id: str,
+        repo_id: str,
+        is_primary: bool | None = None,
+        custom_setup_script: str | None = None,
+        custom_cleanup_script: str | None = None,
+    ) -> BoardRepo:
+        """
+        Update a board-repo association.
+        Args:
+            board_id: Board UUID
+            repo_id: Repo UUID
+            is_primary: Whether to set as primary
+            custom_setup_script: Per-board setup script override
+            custom_cleanup_script: Per-board cleanup script override
+        Returns:
+            Updated BoardRepo
+        Raises:
+            ValueError: If association not found
+        """
+        board_repo = await self.get_board_repo(board_id, repo_id)
+        if not board_repo:
+            raise ValueError(
+                f"Board-repo association not found: board={board_id}, repo={repo_id}"
+            )
+        # If setting as primary, unset other primary repos
+        if is_primary is not None and is_primary and not board_repo.is_primary:
+            await self._unset_primary_repos(board_id)
+            board_repo.is_primary = True
+        if custom_setup_script is not None:
+            board_repo.custom_setup_script = custom_setup_script
+        if custom_cleanup_script is not None:
+            board_repo.custom_cleanup_script = custom_cleanup_script
+        await self.db.commit()
+        await self.db.refresh(board_repo)
+        # Reload with repo relationship
+        result = await self.db.execute(
+            select(BoardRepo)
+            .options(joinedload(BoardRepo.repo))
+            .where(BoardRepo.id == board_repo.id)
+        )
+        return result.scalar_one()
+    async def remove_repo_from_board(self, board_id: str, repo_id: str) -> None:
+        """
+        Remove a repo from a board.
+        Args:
+            board_id: Board UUID
+            repo_id: Repo UUID
+        Raises:
+            ValueError: If association not found
+        """
+        board_repo = await self.get_board_repo(board_id, repo_id)
+        if not board_repo:
+            raise ValueError(
+                f"Board-repo association not found: board={board_id}, repo={repo_id}"
+            )
+        await self.db.delete(board_repo)
+        await self.db.commit()
+    async def _unset_primary_repos(self, board_id: str) -> None:
+        """Unset is_primary for all repos on a board."""
+        result = await self.db.execute(
+            select(BoardRepo).where(
+                BoardRepo.board_id == board_id, BoardRepo.is_primary
+            )
+        )
+        primary_repos = list(result.scalars().all())
+        for board_repo in primary_repos:
+            board_repo.is_primary = False
+        await self.db.flush()