dual-brain 0.2.4 → 0.2.6

package/src/dispatch.mjs

@@ -345,7 +345,6 @@ async function detectRuntime() {
     claudeAvailable && codexAvailable ? 'claude-code'
     : claudeAvailable                 ? 'claude-code'
     : codexAvailable                  ? 'codex-cli'
-    : process.env.CLAUDE_API_KEY || process.env.ANTHROPIC_API_KEY ? 'standalone'
     : 'none';
 
   _runtimeCache = { claudeAvailable, codexAvailable, runtime };
@@ -675,6 +674,7 @@ async function dispatch(input = {}) {
   // ── Resume brief injection ───────────────────────────────────────────────────
   // Inject the last session's receipt as context when no situationBrief is already set.
   // This closes the receipt → brief → next session loop automatically.
+  // Falls back to continuity.mjs handoffs when receipt.mjs returns nothing.
   if (!input.situationBrief) {
     try {
       const { buildResumeBrief } = await import('./receipt.mjs');
@@ -683,6 +683,17 @@ async function dispatch(input = {}) {
         input = { ...input, situationBrief: brief };
       }
     } catch { /* non-blocking */ }
+
+    // Continuity fallback: check handoff from continuity.mjs if still no brief
+    if (!input.situationBrief) {
+      try {
+        const { buildResumeBrief: buildHandoffBrief } = await import('./continuity.mjs');
+        const handoffBrief = buildHandoffBrief(cwd);
+        if (handoffBrief) {
+          input = { ...input, situationBrief: handoffBrief };
+        }
+      } catch { /* non-blocking */ }
+    }
   }
   // ── End resume brief injection ───────────────────────────────────────────────
 
@@ -848,6 +859,23 @@ async function dispatch(input = {}) {
     }
   }
 
+  // ── Worktree isolation decision ──────────────────────────────────────────────
+  // Compute whether this dispatch should run in an isolated worktree based on
+  // risk level, file-edit volume, and security/auth signals in the prompt.
+  const SECURITY_PATTERN = /\b(auth|secret|token|credential|password|key|oauth|jwt|session|permission|role|acl)\b/i;
+  const decisionRisk        = (decision.risk ?? 'low').toLowerCase();
+  const decisionFilesEst    = decision.filesEstimate ?? 0;
+  const riskIsElevated      = decisionRisk === 'medium' || decisionRisk === 'high' || decisionRisk === 'critical';
+  const manyFiles           = decisionFilesEst >= 3;
+  const hasSecurity         = SECURITY_PATTERN.test(prompt);
+  const useWorktree         = input.useWorktree ?? (riskIsElevated || manyFiles || hasSecurity);
+
+  // Propagate useWorktree onto effectiveDecision so callers can inspect it
+  if (useWorktree) {
+    effectiveDecision = { ...effectiveDecision, useWorktree: true };
+  }
+  // ── End worktree isolation decision ─────────────────────────────────────────
+
   // ── Native Claude Code dispatch ──────────────────────────────────────────────
   // When running inside Claude Code AND the provider is claude, execute via the
   // claude CLI directly (foreground subprocess) so results are captured and returned.
@@ -856,7 +884,7 @@ async function dispatch(input = {}) {
     const nativeDescriptor = buildNativeDispatch(
       effectiveDecision,
       prompt,
-      { worktree: input.worktree, maxTurns: input.maxTurns },
+      { worktree: useWorktree, maxTurns: input.maxTurns },
     );
 
     const command = buildCommand(effectiveDecision, prompt, files, cwd);
@@ -955,6 +983,23 @@ async function dispatch(input = {}) {
       success,
     });
 
+    // ── Auto-review annotation ────────────────────────────────────────────────
+    // When execution changed files at medium+ risk, stamp result with a pending
+    // review note. The opposite provider from the one that did the work reviews
+    // it (true dual-brain). Non-blocking — does not delay the return value.
+    let autoReview;
+    if (success && (decision.risk === 'medium' || decision.risk === 'high' || decision.risk === 'critical')) {
+      try {
+        const reviewProvider = currentProvider === 'claude' ? 'openai' : 'claude';
+        autoReview = { triggered: true, provider: reviewProvider, status: 'pending' };
+      } catch {
+        autoReview = { triggered: false, reason: 'review-dispatch-failed' };
+      }
+    } else {
+      autoReview = { triggered: false, reason: success ? 'low-risk' : 'dispatch-failed' };
+    }
+    // ── End auto-review annotation ────────────────────────────────────────────
+
     return {
       status:        success ? 'completed' : 'failed',
       type:          'native-agent',
@@ -967,6 +1012,8 @@ async function dispatch(input = {}) {
       summary,
       durationMs,
       usage,
+      worktreeUsed:  useWorktree,
+      autoReview,
       error: success ? null : errorText.slice(0, 200),
     };
   }
@@ -1054,16 +1101,35 @@ async function dispatch(input = {}) {
     success,
   });
 
+  // ── Auto-review annotation ──────────────────────────────────────────────────
+  // When execution changed files at medium+ risk, stamp result with a pending
+  // review note. The opposite provider from the one that did the work reviews
+  // it (true dual-brain). Non-blocking — does not delay the return value.
+  let autoReview;
+  if (success && (decision.risk === 'medium' || decision.risk === 'high' || decision.risk === 'critical')) {
+    try {
+      const reviewProvider = subProvider === 'claude' ? 'openai' : 'claude';
+      autoReview = { triggered: true, provider: reviewProvider, status: 'pending' };
+    } catch {
+      autoReview = { triggered: false, reason: 'review-dispatch-failed' };
+    }
+  } else {
+    autoReview = { triggered: false, reason: success ? 'low-risk' : 'dispatch-failed' };
+  }
+  // ── End auto-review annotation ──────────────────────────────────────────────
+
   return {
-    status:     success ? 'completed' : 'failed',
-    provider:   subProvider,
-    model:      subModel,
-    specialist: specialist ?? 'generic',
-    command:    subCommand,
+    status:      success ? 'completed' : 'failed',
+    provider:    subProvider,
+    model:       subModel,
+    specialist:  specialist ?? 'generic',
+    command:     subCommand,
     exitCode,
     summary,
     durationMs,
     usage,
+    worktreeUsed: useWorktree,
+    autoReview,
     error: success ? null : errorText.slice(0, 200),
   };
 }

package/src/doctor.mjs

@@ -564,13 +564,13 @@ const VERIFIERS = {
     try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found', probe: 'which claude' }; }
     catch { return { status: 'failed', evidence: 'claude CLI not found', probe: 'which claude' }; }
   }},
-  'openai-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!process.env.OPENAI_API_KEY;
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'OPENAI_API_KEY present' : 'OPENAI_API_KEY missing', probe: 'env check' };
+  'openai-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which codex', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'codex CLI found (subscription auth)', probe: 'which codex' }; }
+    catch { return { status: 'failed', evidence: 'codex CLI not found — run: codex login', probe: 'which codex' }; }
   }},
-  'anthropic-key': { ttl: TTL_RUNTIME, fn: () => {
-    const has = !!(process.env.ANTHROPIC_API_KEY || process.env.CLAUDE_API_KEY);
-    return { status: has ? 'verified' : 'failed', evidence: has ? 'API key present' : 'API key missing', probe: 'env check' };
+  'anthropic-key': { ttl: TTL_TOOL, fn: () => {
+    try { execSync('which claude', { stdio: 'pipe', timeout: 2000 }); return { status: 'verified', evidence: 'claude CLI found (subscription auth)', probe: 'which claude' }; }
+    catch { return { status: 'failed', evidence: 'claude CLI not found — run: claude login', probe: 'which claude' }; }
   }},
   'git-available': { ttl: TTL_TOOL, fn: () => {
     try { const v = execSync('git --version', { stdio: 'pipe', timeout: 2000 }).toString().trim(); return { status: 'verified', evidence: v, probe: 'git --version' }; }

package/src/health.mjs

@@ -94,6 +94,8 @@ export async function getAuthHealthStatus(cwd) {
   return { ok: false, detail: 'Auth: no credentials found (direct check)', source: 'unknown' };
 }
 
+const HEALTH_CHECK_TIMEOUT_MS = 5000;
+
 const HEALTH_FILE = '.dualbrain/health.json';
 
 // Cooldown ladder in minutes: index = attempts - 1, capped at last entry
@@ -314,6 +316,41 @@ export function resetHealth(cwd) {
   saveRaw({ states: {}, session: null }, cwd);
 }
 
+// ─── Network timeout guard ────────────────────────────────────────────────────
+
+/**
+ * Ping a provider URL with a bounded timeout so slow networks don't hang the CLI.
+ *
+ * Uses AbortController to enforce the deadline.  On timeout or network error the
+ * caller receives { ok: false, status: 'timeout' } rather than hanging forever.
+ *
+ * @param {string} url
+ * @param {{ timeoutMs?: number, headers?: Record<string,string> }} [opts]
+ * @returns {Promise<{ ok: boolean, status: 'ok'|'timeout'|'error', detail?: string }>}
+ */
+export async function pingProvider(url, opts = {}) {
+  const timeoutMs = opts.timeoutMs ?? HEALTH_CHECK_TIMEOUT_MS;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const res = await fetch(url, {
+      method: 'HEAD',
+      signal: controller.signal,
+      headers: opts.headers ?? {},
+    });
+    clearTimeout(timer);
+    return { ok: res.ok, status: 'ok', detail: String(res.status) };
+  } catch (err) {
+    clearTimeout(timer);
+    const isTimeout = err?.name === 'AbortError';
+    return {
+      ok: false,
+      status: isTimeout ? 'timeout' : 'error',
+      detail: isTimeout ? `Provider health: unknown (timeout after ${timeoutMs}ms)` : String(err?.message),
+    };
+  }
+}
+
 // ─── Remaining cooldown helper (used by status display) ──────────────────────
 
 /**

package/src/pipeline.mjs

@@ -84,6 +84,9 @@ export function createPipelineRun(trigger = '', prompt = '') {
     replitTools: null,       // from replit.inspectReplitTools()
     replitConfig: null,      // from replit.getReplitToolsConfig()
 
+    // Execution safety (populated in Phase 3 when risk is high/critical)
+    checkpoint: null,        // from checkpoint.mjs — { success, id, label, timestamp } or null
+
     completedAt: null,
   };
 }
@@ -873,8 +876,8 @@ export async function runPipeline(trigger, prompt, options = {}) {
     try {
       const { suggestModel, getRegistryAge } = await import('./models.mjs');
       const availableProviders = [];
-      if (run.environment?.secrets?.ANTHROPIC_API_KEY || run.environment?.claudeCode?.isInsideClaude) availableProviders.push('anthropic');
-      if (run.environment?.secrets?.OPENAI_API_KEY) availableProviders.push('openai');
+      if (run.environment?.claudeCode?.isInsideClaude || run.environment?.tools?.claude?.available) availableProviders.push('anthropic');
+      if (run.environment?.tools?.codex?.available) availableProviders.push('openai');
 
       const intent = run.promptAnalysis?.intent?.type || 'execute';
       const risk = run.plan?.risk || 'medium';
@@ -978,11 +981,28 @@ export async function runPipeline(trigger, prompt, options = {}) {
 
     // ── Phase 3: Execute ──────────────────────────────────────────────────────
 
-    // Checkpoint (best-effort, before execute)
+    // Checkpoint (best-effort, before execute).
+    // The pipeline-internal createCheckpoint handles git stash/HEAD recording.
+    // Additionally, use the dedicated checkpoint.mjs module for high/critical risk
+    // tasks so the result is surfaced in the run object.
     if (run.plan.checkpointRequired) {
       await createCheckpoint(cwd, run.context);
     }
 
+    const detectedRisk = run.context?.detection?.risk ?? 'low';
+    if (detectedRisk === 'high' || detectedRisk === 'critical') {
+      try {
+        const { createCheckpoint: cpCreate } = await import('./checkpoint.mjs');
+        const cpLabel = `before: ${prompt.slice(0, 80)}`;
+        const cpResult = cpCreate(cpLabel, { cwd });
+        run.checkpoint = cpResult;
+        if (verbose) log(`[pipeline] checkpoint created: ${cpResult.id} (${cpResult.success ? 'ok' : 'failed'})`);
+      } catch {
+        // checkpoint.mjs unavailable — non-blocking
+        run.checkpoint = null;
+      }
+    }
+
     const decision = { ...run.plan._decision };
 
     run.result = await dispatch({
@@ -1157,6 +1177,41 @@ export async function runPipeline(trigger, prompt, options = {}) {
       }
     }
 
+    // Continuity handoff — generate and persist a compact receipt so the next
+    // session can resume seamlessly (survives context limits and crashes).
+    try {
+      const { generateHandoff, saveHandoff, pruneHandoffs } = await import('./continuity.mjs');
+      const handoffCwd = options.cwd || process.cwd();
+
+      const sessionState = {
+        taskDescription: prompt.slice(0, 200),
+        filesChanged: run.result?.filesChanged || run.plan?.targetFiles || [],
+        testsRun: run.verification?.notes || [],
+        decisions: run.plan ? [{
+          provider: run.plan.primaryProvider,
+          model: run.plan.primaryModel,
+          tier: run.plan.tier,
+          reasoningDepth: run.plan.reasoningDepth,
+        }] : [],
+        unresolved: run.contradictions?.filter(c => c.severity !== 'block').map(c => c.message) || [],
+        routingHistory: {
+          lastProvider: run.result?.provider || run.plan?.primaryProvider || null,
+          lastModel: run.result?.model || run.plan?.primaryModel || null,
+          failedProviders: run.result?.error ? [run.plan?.primaryProvider].filter(Boolean) : [],
+        },
+        activePreferences: run.context?.profile?.preferences || [],
+        resumeHint: run.result && !run.result?.error
+          ? null
+          : `retry: ${prompt.slice(0, 100)}`,
+      };
+
+      const handoff = generateHandoff(sessionState);
+      saveHandoff(handoff, handoffCwd);
+      pruneHandoffs(handoffCwd, 10); // keep last 10 handoffs
+    } catch {
+      // continuity is best-effort — never block pipeline completion
+    }
+
   } catch (err) {
     log(`[pipeline] error in pipeline step: ${err.message}`);
     run.result = { status: 'error', error: err.message };
@@ -1180,6 +1235,8 @@ export async function runPipeline(trigger, prompt, options = {}) {
     modelSuggestion: run.modelSuggestion,
     thinkResult: run.thinkResult,
     decisionPreflight: run.decisionPreflight,
+    // Execution safety
+    checkpoint: run.checkpoint,
     // Legacy compatibility
     plan: run.plan,
     result: run.result,

package/src/pr-agent.mjs

@@ -0,0 +1,214 @@
+// pr-agent.mjs — PR workflow module for dual-brain.
+// Provides issue/task → branch → implement → PR automation using the gh CLI.
+// Exports: hasGitHub, getBranchInfo, createBranch, getDiffSummary, createPR,
+//          listPRs, getPRDetails, buildPRBody
+
+import { execSync } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+/**
+ * Check if gh CLI is available and authenticated.
+ * @returns {{ available: boolean, authenticated: boolean }}
+ */
+export function hasGitHub() {
+  try {
+    execSync('gh auth status', { stdio: 'pipe', timeout: 5000 });
+    return { available: true, authenticated: true };
+  } catch {
+    try {
+      execSync('which gh', { stdio: 'pipe', timeout: 2000 });
+      return { available: true, authenticated: false };
+    } catch {
+      return { available: false, authenticated: false };
+    }
+  }
+}
+
+/**
+ * Get current branch info including distance from default branch.
+ * @param {string} [cwd]
+ * @returns {{ branch: string|null, defaultBranch: string, ahead: number, behind: number, isDefault: boolean }}
+ */
+export function getBranchInfo(cwd) {
+  const dir = cwd ?? process.cwd();
+  try {
+    const branch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: dir, encoding: 'utf8', timeout: 3000 }).trim();
+    const defaultBranch = execSync(
+      'git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null || echo refs/remotes/origin/main',
+      { cwd: dir, encoding: 'utf8', timeout: 3000 },
+    ).trim().replace('refs/remotes/origin/', '');
+    const ahead = parseInt(
+      execSync(`git rev-list --count ${defaultBranch}..HEAD 2>/dev/null || echo 0`, { cwd: dir, encoding: 'utf8', timeout: 3000 }).trim(),
+    ) || 0;
+    const behind = parseInt(
+      execSync(`git rev-list --count HEAD..${defaultBranch} 2>/dev/null || echo 0`, { cwd: dir, encoding: 'utf8', timeout: 3000 }).trim(),
+    ) || 0;
+    return { branch, defaultBranch, ahead, behind, isDefault: branch === defaultBranch };
+  } catch {
+    return { branch: null, defaultBranch: 'main', ahead: 0, behind: 0, isDefault: true };
+  }
+}
+
+/**
+ * Create a feature branch from a task description.
+ * Branch name is prefixed with "db/" and slugified from the description.
+ * @param {string} taskDescription
+ * @param {string} [cwd]
+ * @returns {{ success: boolean, branch: string, error?: string }}
+ */
+export function createBranch(taskDescription, cwd) {
+  const dir = cwd ?? process.cwd();
+  const slug = taskDescription
+    .toLowerCase()
+    .replace(/[^a-z0-9\s-]/g, '')
+    .trim()
+    .replace(/\s+/g, '-')
+    .slice(0, 50);
+  const branchName = `db/${slug}`;
+
+  try {
+    execSync(`git checkout -b "${branchName}"`, { cwd: dir, stdio: 'pipe', timeout: 5000 });
+    return { success: true, branch: branchName };
+  } catch (err) {
+    return { success: false, branch: branchName, error: err.message };
+  }
+}
+
+/**
+ * Get diff summary for PR description generation.
+ * @param {string} baseBranch  Base branch name (e.g. 'main')
+ * @param {string} [cwd]
+ * @returns {{ stat: string, files: string[], summary: string, fileCount: number }}
+ */
+export function getDiffSummary(baseBranch, cwd) {
+  const dir = cwd ?? process.cwd();
+  try {
+    const stat = execSync(`git diff --stat ${baseBranch}...HEAD`, { cwd: dir, encoding: 'utf8', timeout: 10000 }).trim();
+    const files = execSync(`git diff --name-only ${baseBranch}...HEAD`, { cwd: dir, encoding: 'utf8', timeout: 5000 })
+      .trim()
+      .split('\n')
+      .filter(Boolean);
+    const summary = execSync(`git diff --shortstat ${baseBranch}...HEAD`, { cwd: dir, encoding: 'utf8', timeout: 5000 }).trim();
+    return { stat, files, summary, fileCount: files.length };
+  } catch {
+    return { stat: '', files: [], summary: '', fileCount: 0 };
+  }
+}
+
+/**
+ * Create a PR using the gh CLI. Pushes the current branch first.
+ * @param {object} opts
+ * @param {string} opts.title
+ * @param {string} opts.body
+ * @param {string} [opts.baseBranch]
+ * @param {boolean} [opts.draft]
+ * @param {string[]} [opts.labels]
+ * @param {string} [opts.cwd]
+ * @returns {{ success: boolean, url?: string, error?: string }}
+ */
+export function createPR(opts) {
+  const { title, body, baseBranch, draft, labels, cwd } = opts;
+  const dir = cwd ?? process.cwd();
+
+  try {
+    // Push current branch to origin first
+    const branch = execSync('git rev-parse --abbrev-ref HEAD', { cwd: dir, encoding: 'utf8', timeout: 3000 }).trim();
+    execSync(`git push -u origin "${branch}"`, { cwd: dir, stdio: 'pipe', timeout: 30000 });
+
+    // Build gh pr create args
+    const args = ['gh', 'pr', 'create', '--title', JSON.stringify(title), '--body', JSON.stringify(body)];
+    if (baseBranch) args.push('--base', baseBranch);
+    if (draft) args.push('--draft');
+    if (labels?.length) args.push('--label', labels.join(','));
+
+    const result = execSync(args.join(' '), { cwd: dir, encoding: 'utf8', timeout: 30000 });
+    const url = result.trim();
+    return { success: true, url };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * List open (or other state) PRs for the current repo.
+ * @param {string} [cwd]
+ * @param {object} [opts]
+ * @param {'open'|'closed'|'merged'|'all'} [opts.state]
+ * @param {number} [opts.limit]
+ * @returns {object[]}
+ */
+export function listPRs(cwd, opts = {}) {
+  const dir = cwd ?? process.cwd();
+  const { state = 'open', limit = 10 } = opts;
+  try {
+    const json = execSync(
+      `gh pr list --state ${state} --limit ${limit} --json number,title,headRefName,author,createdAt,isDraft`,
+      { cwd: dir, encoding: 'utf8', timeout: 10000 },
+    );
+    return JSON.parse(json);
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Get PR details including diff stats, comments, and CI checks.
+ * @param {number|string} prNumber
+ * @param {string} [cwd]
+ * @returns {object|null}
+ */
+export function getPRDetails(prNumber, cwd) {
+  const dir = cwd ?? process.cwd();
+  try {
+    const json = execSync(
+      `gh pr view ${prNumber} --json title,body,headRefName,baseRefName,state,additions,deletions,changedFiles,reviews,comments,statusCheckRollup`,
+      { cwd: dir, encoding: 'utf8', timeout: 10000 },
+    );
+    return JSON.parse(json);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Build a PR body from a task description and dispatch results.
+ * @param {string} taskDescription
+ * @param {object} results  Dispatch result object (filesChanged, testsRun, decisions, etc.)
+ * @returns {string}
+ */
+export function buildPRBody(taskDescription, results) {
+  const lines = [];
+  lines.push('## Summary');
+  lines.push(taskDescription);
+  lines.push('');
+
+  if (results.filesChanged?.length) {
+    lines.push('## Changes');
+    for (const f of results.filesChanged) {
+      lines.push(`- \`${f}\``);
+    }
+    lines.push('');
+  }
+
+  if (results.testsRun?.length) {
+    lines.push('## Tests');
+    for (const t of results.testsRun) {
+      lines.push(`- ${t}`);
+    }
+    lines.push('');
+  }
+
+  if (results.decisions?.length) {
+    lines.push('## Routing');
+    for (const d of results.decisions) {
+      lines.push(`- ${d}`);
+    }
+    lines.push('');
+  }
+
+  lines.push('---');
+  lines.push('Generated by [dual-brain](https://npmjs.com/package/dual-brain)');
+
+  return lines.join('\n');
+}