edsger 0.72.6 → 0.74.0

package/dist/phases/features/types.js

@@ -0,0 +1,15 @@
+/**
+ * Shapes the features MCP tools accept and return. The Zod schemas live in
+ * mcp-server.ts; these plain TS types are what the rest of the phase
+ * (orchestrator, persistence helpers, tests) consumes so they don't have
+ * to inflate Zod into their dependency graph.
+ */
+// Defensive caps mirroring the DB CHECK constraints from
+// 20260613000000_create_product_features.sql. Keeping the limits here lets
+// the MCP tool reject oversized output with an actionable error message
+// instead of getting a Postgres constraint violation.
+export const FEATURE_NAME_MAX = 200;
+export const FEATURE_DESCRIPTION_MAX = 10_000;
+export const FEATURE_EVIDENCE_MAX = 4000;
+export const FEATURE_REPOS_MAX = 20;
+export const FEATURE_REPO_NAME_MAX = 200;

package/dist/phases/pr-resolve/index.d.ts

@@ -4,7 +4,9 @@
  * replies to every comment on GitHub explaining the decision.
  */
 export interface StandalonePRResolveOptions {
-    productId: string;
+    productId?: string;
+    /** Set for repo-scoped PRs — routes the status write through Supabase. */
+    repositoryId?: string;
     pullRequestUrl: string;
     githubToken: string;
     owner: string;

package/dist/phases/pr-resolve/index.js

@@ -6,13 +6,13 @@
 import { query } from '@anthropic-ai/claude-agent-sdk';
 import { Octokit } from '@octokit/rest';
 import { execSync } from 'child_process';
-import { callMcpEndpoint } from '../../api/mcp-client.js';
 import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo, logSuccess } from '../../utils/logger.js';
 import { cleanupIssueRepo } from '../../workspace/workspace-manager.js';
 import { fetchUnresolvedReviewThreads } from '../code-refine-verification/github.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { parsePullRequestUrl } from '../pr-shared/context.js';
+import { updatePullRequestStatus } from '../pr-shared/status.js';
 import { learnFromReviewFeedback } from './checklist-learner.js';
 import { hasResolveMarker, replyToReviewThread, resolveReviewThread, } from './github-reply.js';
 import { createResolveSystemPrompt, createResolveUserPrompt, } from './prompts.js';
@@ -221,8 +221,12 @@ export async function resolveStandalonePR(options) {
                 }
             }
             logSuccess(`PR resolve completed: ${threadsAddressed} addressed, ${threadsSkipped} skipped, ${threadsErrored} errors`);
-            // Learn from addressed comments to update code-review checklists
-            if (options.learn !== false && threadsAddressed > 0 && resolveResult) {
+            // Learn from addressed comments to update code-review checklists.
+            // Product-scoped only — repo-only mode passes learn=false.
+            if (options.learn !== false &&
+                options.productId &&
+                threadsAddressed > 0 &&
+                resolveResult) {
                 await learnFromReviewFeedback({
                     productId: options.productId,
                     unresolvedThreads,
@@ -232,15 +236,11 @@ export async function resolveStandalonePR(options) {
                 });
             }
             if (prId) {
-                try {
-                    await callMcpEndpoint('pull_requests/update', {
-                        pull_request_id: prId,
-                        status: 'in_review',
-                    });
-                }
-                catch {
-                    // Non-critical
-                }
+                await updatePullRequestStatus({
+                    prId,
+                    status: 'in_review',
+                    repositoryId: options.repositoryId,
+                });
             }
             // Clean up workspace on success
             cleanupIssueRepo(repoPath);

package/dist/phases/pr-review/index.d.ts

@@ -3,7 +3,9 @@
  * Reviews a GitHub PR and posts review comments, without issue lifecycle dependency.
  */
 export interface StandalonePRReviewOptions {
-    productId: string;
+    productId?: string;
+    /** Set for repo-scoped PRs — routes the status write through Supabase. */
+    repositoryId?: string;
     pullRequestUrl: string;
     githubToken: string;
     owner: string;

package/dist/phases/pr-review/index.js

@@ -4,19 +4,19 @@
  */
 import { query } from '@anthropic-ai/claude-agent-sdk';
 import { Octokit } from '@octokit/rest';
-import { callMcpEndpoint } from '../../api/mcp-client.js';
 import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo } from '../../utils/logger.js';
 import { buildLineToPositionMap, findClosestPosition, } from '../code-review/diff-utils.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { fetchStandalonePRContext, formatStandalonePRContextForPrompt, } from '../pr-shared/context.js';
+import { updatePullRequestStatus } from '../pr-shared/status.js';
 import { createStandaloneReviewSystemPrompt, createStandaloneReviewUserPrompt, } from './prompts.js';
 /**
  * Review a standalone PR and post comments to GitHub.
  */
 // eslint-disable-next-line complexity
 export async function reviewStandalonePR(options) {
-    const { pullRequestUrl, githubToken, verbose, prId } = options;
+    const { pullRequestUrl, githubToken, verbose, prId, repositoryId } = options;
     logInfo(`Starting standalone PR review: ${pullRequestUrl}`);
     try {
         // Fetch PR context
@@ -95,7 +95,11 @@ export async function reviewStandalonePR(options) {
                     'Code review completed. No issues found.',
             });
             if (prId) {
-                await updatePRStatus(prId, 'in_review');
+                await updatePullRequestStatus({
+                    prId,
+                    status: 'in_review',
+                    repositoryId,
+                });
             }
             return {
                 status: 'success',
@@ -154,7 +158,11 @@ export async function reviewStandalonePR(options) {
                 body: `${summary || 'Code review completed.'}\n\n**Note**: Some review comments could not be posted because they referenced lines not present in the diff.`,
             });
             if (prId) {
-                await updatePRStatus(prId, 'in_review');
+                await updatePullRequestStatus({
+                    prId,
+                    status: 'in_review',
+                    repositoryId,
+                });
             }
             return {
                 status: 'success',
@@ -179,7 +187,7 @@ export async function reviewStandalonePR(options) {
         });
         logInfo(`GitHub review created: ${review.data.html_url}`);
         if (prId) {
-            await updatePRStatus(prId, 'in_review');
+            await updatePullRequestStatus({ prId, status: 'in_review', repositoryId });
         }
         return {
             status: 'success',
@@ -199,14 +207,3 @@ export async function reviewStandalonePR(options) {
         };
     }
 }
-async function updatePRStatus(prId, status) {
-    try {
-        await callMcpEndpoint('pull_requests/update', {
-            pull_request_id: prId,
-            status,
-        });
-    }
-    catch {
-        // Non-critical, don't fail the review
-    }
-}

package/dist/phases/pr-shared/status.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Update a pull_requests row's status, choosing the right transport for the
+ * scope:
+ *
+ *   - Repo-scoped PRs (repo-only mode) have no product, so the MCP
+ *     pull_requests/update endpoint — which authorises by product/issue —
+ *     can't see them. Write straight through the CLI's RLS-scoped Supabase
+ *     session instead (team-membership RLS authorises the repo PR).
+ *   - Product/issue PRs keep using the MCP endpoint.
+ *
+ * Best-effort: a status update is never allowed to fail the review/resolve.
+ */
+export declare function updatePullRequestStatus(opts: {
+    prId: string;
+    status: string;
+    /** When set, the PR is repo-scoped and updated directly via Supabase. */
+    repositoryId?: string;
+}): Promise<void>;

package/dist/phases/pr-shared/status.js

@@ -0,0 +1,37 @@
+/**
+ * Update a pull_requests row's status, choosing the right transport for the
+ * scope:
+ *
+ *   - Repo-scoped PRs (repo-only mode) have no product, so the MCP
+ *     pull_requests/update endpoint — which authorises by product/issue —
+ *     can't see them. Write straight through the CLI's RLS-scoped Supabase
+ *     session instead (team-membership RLS authorises the repo PR).
+ *   - Product/issue PRs keep using the MCP endpoint.
+ *
+ * Best-effort: a status update is never allowed to fail the review/resolve.
+ */
+import { callMcpEndpoint } from '../../api/mcp-client.js';
+import { ensureSupabaseSession, getSupabase } from '../../supabase/client.js';
+export async function updatePullRequestStatus(opts) {
+    const { prId, status, repositoryId } = opts;
+    try {
+        if (repositoryId) {
+            const ready = await ensureSupabaseSession();
+            if (!ready) {
+                return;
+            }
+            await getSupabase()
+                .from('pull_requests')
+                .update({ status, updated_at: new Date().toISOString() })
+                .eq('id', prId);
+            return;
+        }
+        await callMcpEndpoint('pull_requests/update', {
+            pull_request_id: prId,
+            status,
+        });
+    }
+    catch {
+        // Non-critical — don't fail the review/resolve on a status write.
+    }
+}

package/dist/phases/sync-github-pull-requests/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * sync-github-pull-requests phase: pull every pull request from a repository's
+ * connected GitHub repo and mirror them into the `pull_requests` table scoped
+ * by `repository_id`. Deterministic — no Claude Agent SDK; plain Octokit plus
+ * the user's RLS-scoped Supabase session.
+ *
+ * Idempotent: rows are keyed on (repository_id, pull_request_number). New PRs
+ * are inserted, and the GitHub-owned fields (status/title/description) of
+ * already-synced PRs are refreshed. Re-running never duplicates a PR.
+ */
+import { Octokit } from '@octokit/rest';
+import { type GitHubPullRequestLite, type SyncPullRequestsResult } from './types.js';
+export interface SyncGithubPullRequestsOptions {
+    repositoryId: string;
+    /** GitHub installation token (or PAT). */
+    githubToken: string;
+    owner: string;
+    repo: string;
+    verbose?: boolean;
+}
+/** Pull every pull request from the repo, paginated (state=all). */
+export declare function fetchAllRepoPullRequests(octokit: Octokit, owner: string, repo: string): Promise<GitHubPullRequestLite[]>;
+export declare function syncGithubPullRequests(options: SyncGithubPullRequestsOptions): Promise<SyncPullRequestsResult>;

package/dist/phases/sync-github-pull-requests/index.js

@@ -0,0 +1,210 @@
+/**
+ * sync-github-pull-requests phase: pull every pull request from a repository's
+ * connected GitHub repo and mirror them into the `pull_requests` table scoped
+ * by `repository_id`. Deterministic — no Claude Agent SDK; plain Octokit plus
+ * the user's RLS-scoped Supabase session.
+ *
+ * Idempotent: rows are keyed on (repository_id, pull_request_number). New PRs
+ * are inserted, and the GitHub-owned fields (status/title/description) of
+ * already-synced PRs are refreshed. Re-running never duplicates a PR.
+ */
+import { retry } from '@octokit/plugin-retry';
+import { throttling } from '@octokit/plugin-throttling';
+import { Octokit } from '@octokit/rest';
+import { ensureSupabaseSession, getSupabase } from '../../supabase/client.js';
+import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
+import { acquireSyncGithubPullRequestsLock, updateSyncGithubPullRequestsState, } from './state.js';
+// The plugins use `@octokit/core` 7.x types, while @octokit/rest@20 hoists
+// to core 5.x at the workspace root. Runtime is fine; the cast tells TS to
+// accept the plugin chain (same pattern as sync-github-issues).
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- octokit version drift across the workspace
+const ResilientOctokit = Octokit.plugin(retry, throttling);
+/** GitHub list-pulls max page size. */
+const PER_PAGE = 100;
+/** Build an Octokit instance with retry + throttling configured for sync. */
+function buildOctokit(token) {
+    return new ResilientOctokit({
+        auth: token,
+        retry: { doNotRetry: [400, 401, 403, 404, 422] },
+        throttle: {
+            onRateLimit: (retryAfter, options) => {
+                logWarning(`GitHub rate limit hit on ${options.method ?? '?'} ${options.url ?? '?'} — retry in ${retryAfter}s`);
+                return (options.request?.retryCount ?? 0) < 2;
+            },
+            onSecondaryRateLimit: (retryAfter, options) => {
+                logWarning(`GitHub secondary rate limit on ${options.method ?? '?'} ${options.url ?? '?'} — retry in ${retryAfter}s`);
+                return true;
+            },
+        },
+    });
+}
+/** Pull every pull request from the repo, paginated (state=all). */
+export async function fetchAllRepoPullRequests(octokit, owner, repo) {
+    const all = [];
+    let page = 1;
+    for (;;) {
+        const { data } = await octokit.request('GET /repos/{owner}/{repo}/pulls', {
+            owner,
+            repo,
+            state: 'all',
+            per_page: PER_PAGE,
+            page,
+            sort: 'created',
+            direction: 'asc',
+        });
+        if (data.length === 0) {
+            break;
+        }
+        all.push(...data);
+        if (data.length < PER_PAGE) {
+            break;
+        }
+        page += 1;
+    }
+    return all;
+}
+/** Map a GitHub PR's open/closed/merged state to our PR status enum. */
+function toStatus(pr) {
+    if (pr.merged_at) {
+        return 'merged';
+    }
+    if (pr.state === 'closed') {
+        return 'closed';
+    }
+    return 'pr_opened';
+}
+export async function syncGithubPullRequests(options) {
+    const { repositoryId, githubToken, owner, repo, verbose } = options;
+    // Guard against two concurrent syncs of the same repo racing into duplicate
+    // inserts (the unique index would reject the loser, but failing fast is
+    // friendlier than surfacing a constraint error).
+    const lock = acquireSyncGithubPullRequestsLock(repositoryId);
+    if (!lock) {
+        return {
+            status: 'error',
+            message: 'Another GitHub pull request sync is already running for this repository',
+        };
+    }
+    try {
+        updateSyncGithubPullRequestsState(repositoryId, {
+            lastAttemptedAt: new Date().toISOString(),
+        });
+        const ready = await ensureSupabaseSession();
+        if (!ready) {
+            return {
+                status: 'error',
+                message: 'Supabase session unavailable. Sign in to the Edsger desktop app to authorize the CLI.',
+            };
+        }
+        const supabase = getSupabase();
+        logInfo(`Syncing GitHub pull requests for ${owner}/${repo} → repository ${repositoryId}`);
+        const octokit = buildOctokit(githubToken);
+        const remotePRs = await fetchAllRepoPullRequests(octokit, owner, repo);
+        logInfo(`Fetched ${remotePRs.length} pull requests from GitHub`);
+        // Existing repo-scoped PRs, keyed by GitHub PR number, so we never create
+        // a duplicate of one that was synced in a previous run.
+        const { data: existingRows, error: existingError } = await supabase
+            .from('pull_requests')
+            .select('id, pull_request_number, status, name, description')
+            .eq('repository_id', repositoryId);
+        if (existingError) {
+            throw new Error(`Failed to read existing pull requests: ${existingError.message}`);
+        }
+        const existingByNumber = new Map();
+        for (const row of existingRows ?? []) {
+            if (row.pull_request_number !== null) {
+                existingByNumber.set(row.pull_request_number, {
+                    id: row.id,
+                    status: row.status,
+                    name: row.name,
+                    description: row.description,
+                });
+            }
+        }
+        const toInsert = [];
+        const toUpdate = [];
+        for (const pr of remotePRs) {
+            const status = toStatus(pr);
+            const existing = existingByNumber.get(pr.number);
+            if (!existing) {
+                toInsert.push({
+                    repository_id: repositoryId,
+                    sequence: pr.number,
+                    name: pr.title,
+                    description: pr.body ?? null,
+                    branch_name: pr.head?.ref ?? null,
+                    pull_request_url: pr.html_url,
+                    pull_request_number: pr.number,
+                    status,
+                });
+                continue;
+            }
+            // Refresh GitHub-owned fields when they drift (e.g. PR got merged/closed).
+            const patch = {};
+            if (existing.status !== status) {
+                patch.status = status;
+            }
+            if (existing.name !== pr.title) {
+                patch.name = pr.title;
+            }
+            if ((existing.description ?? null) !== (pr.body ?? null)) {
+                patch.description = pr.body ?? null;
+            }
+            if (Object.keys(patch).length > 0) {
+                toUpdate.push({ id: existing.id, patch });
+            }
+        }
+        let createdCount = 0;
+        if (toInsert.length > 0) {
+            const { error: insertError } = await supabase
+                .from('pull_requests')
+                .insert(toInsert);
+            if (insertError) {
+                throw new Error(`Failed to insert pull requests: ${insertError.message}`);
+            }
+            createdCount = toInsert.length;
+            if (verbose) {
+                logInfo(`Inserted ${createdCount} new pull requests`);
+            }
+        }
+        let updatedCount = 0;
+        for (const { id, patch } of toUpdate) {
+            const { error: updateError } = await supabase
+                .from('pull_requests')
+                .update({ ...patch, updated_at: new Date().toISOString() })
+                .eq('id', id);
+            if (updateError) {
+                logWarning(`Failed to refresh pull request ${id}: ${updateError.message}`);
+                continue;
+            }
+            updatedCount++;
+        }
+        const summary = `fetched=${remotePRs.length} created=${createdCount} updated=${updatedCount}`;
+        logSuccess(`GitHub PR sync complete: ${summary}`);
+        updateSyncGithubPullRequestsState(repositoryId, {
+            lastSyncedAt: new Date().toISOString(),
+            lastRepoFullName: `${owner}/${repo}`,
+            lastError: undefined,
+        });
+        return {
+            status: 'success',
+            message: summary,
+            repository: `${owner}/${repo}`,
+            fetchedCount: remotePRs.length,
+            createdCount,
+            updatedCount,
+        };
+    }
+    catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        logError(`GitHub PR sync failed: ${errorMessage}`);
+        updateSyncGithubPullRequestsState(repositoryId, { lastError: errorMessage });
+        return {
+            status: 'error',
+            message: `GitHub PR sync failed: ${errorMessage}`,
+        };
+    }
+    finally {
+        lock.release();
+    }
+}

package/dist/phases/sync-github-pull-requests/state.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Per-repository sync state for sync-github-pull-requests. Stored at
+ * `~/.edsger/sync-github-pull-requests-state/<repositoryId>.json`.
+ *
+ * The lock guards against two concurrent syncs of the same repository racing
+ * each other into duplicate inserts. State fields track the last run for
+ * diagnostics and a future incremental-sync optimisation.
+ */
+import { type LockHandle } from '../find-shared/scan-state.js';
+export type { LockHandle };
+export interface SyncGithubPullRequestsState {
+    /** ISO timestamp of the last successful sync. */
+    lastSyncedAt?: string;
+    /** ISO timestamp we last attempted (success or fail). */
+    lastAttemptedAt?: string;
+    /** Last error message, if the most recent run failed. */
+    lastError?: string;
+    /** GitHub repo we last synced from, as "owner/repo". */
+    lastRepoFullName?: string;
+}
+export declare const loadSyncGithubPullRequestsState: (productId: string) => SyncGithubPullRequestsState;
+export declare const saveSyncGithubPullRequestsState: (productId: string, state: SyncGithubPullRequestsState) => void;
+export declare const updateSyncGithubPullRequestsState: (productId: string, patch: Partial<SyncGithubPullRequestsState>) => SyncGithubPullRequestsState;
+export declare const acquireSyncGithubPullRequestsLock: (productId: string, staleAfterMs?: number) => LockHandle | null;

package/dist/phases/sync-github-pull-requests/state.js

@@ -0,0 +1,16 @@
+/**
+ * Per-repository sync state for sync-github-pull-requests. Stored at
+ * `~/.edsger/sync-github-pull-requests-state/<repositoryId>.json`.
+ *
+ * The lock guards against two concurrent syncs of the same repository racing
+ * each other into duplicate inserts. State fields track the last run for
+ * diagnostics and a future incremental-sync optimisation.
+ */
+import { createScanStateModule, } from '../find-shared/scan-state.js';
+const m = createScanStateModule({
+    dirName: 'sync-github-pull-requests-state',
+});
+export const loadSyncGithubPullRequestsState = m.load;
+export const saveSyncGithubPullRequestsState = m.save;
+export const updateSyncGithubPullRequestsState = m.update;
+export const acquireSyncGithubPullRequestsLock = m.acquireLock;

package/dist/phases/sync-github-pull-requests/types.d.ts

@@ -0,0 +1,22 @@
+/** Minimal shape of a GitHub pull request from the list endpoint. */
+export interface GitHubPullRequestLite {
+    number: number;
+    title: string;
+    body: string | null;
+    html_url: string;
+    state: string;
+    draft?: boolean;
+    merged_at: string | null;
+    updated_at: string;
+    head: {
+        ref: string;
+    };
+}
+export interface SyncPullRequestsResult {
+    status: 'success' | 'error';
+    message: string;
+    repository?: string;
+    fetchedCount?: number;
+    createdCount?: number;
+    updatedCount?: number;
+}

package/dist/phases/sync-github-pull-requests/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edsger",
-  "version": "0.72.6",
+  "version": "0.74.0",
   "type": "module",
   "bin": {
     "edsger": "dist/index.js"
@@ -54,8 +54,8 @@
     "commander": "^12.0.0",
     "cosmiconfig": "^9.0.0",
     "dotenv": "^16.4.5",
-    "edsger-contract": "0.9.2",
-    "edsger-tools": "0.9.2",
+    "edsger-contract": "0.10.0",
+    "edsger-tools": "0.10.0",
     "gray-matter": "^4.0.3",
     "zod": "^4.0.0"
   },