fleet-agents 0.1.0

package/review/lib.sh

@@ -0,0 +1,258 @@
+#!/usr/bin/env bash
+# Shared helpers for scripts/shortcuts/review/*.sh
+# Source this file; do not execute directly.
+
+set -euo pipefail
+
+# Repo that hosts the PR. Override with REVIEW_REPO=owner/name if needed;
+# otherwise we derive it from the `upstream` remote, falling back to `origin`.
+resolve_repo() {
+  if [ -n "${REVIEW_REPO:-}" ]; then
+    echo "$REVIEW_REPO"
+    return
+  fi
+  local url
+  url=$(git remote get-url upstream 2>/dev/null || git remote get-url origin)
+  # Accept git@github.com:owner/name(.git) and https://github.com/owner/name(.git)
+  echo "$url" \
+    | sed -E 's#^git@github\.com:##; s#^https?://github\.com/##; s#\.git$##'
+}
+
+require() {
+  local bin
+  for bin in "$@"; do
+    command -v "$bin" >/dev/null 2>&1 || {
+      echo "[review] missing required tool: $bin" >&2
+      exit 1
+    }
+  done
+}
+
+# Run the picked agent CLI on a single positional prompt. Each known agent
+# is launched in its equivalent "yolo" mode so headless / detached runs
+# (CI, background tasks, tmux workers) don't stall on per-tool permission
+# prompts that have no responder. Set REVIEW_AGENT_SAFE=1 to keep the
+# prompts (e.g. an interactive local run where you want to vet each step).
+#
+# Mirrors the precedent in bin/spawn-issue, which already passes
+# --dangerously-skip-permissions to its detached claude workers, and brings
+# the claude path in line with the existing codex / cursor handling.
+agent_exec() {
+  local agent="$1"
+  local prompt="$2"
+  if [ "${REVIEW_AGENT_SAFE:-0}" = "1" ]; then
+    case "$agent" in
+      codex) exec codex "$prompt" ;;
+      claude) exec claude "$prompt" ;;
+      *) exec "$agent" "$prompt" ;;
+    esac
+    return
+  fi
+  case "$agent" in
+    claude)
+      exec claude --dangerously-skip-permissions "$prompt"
+      ;;
+    codex)
+      exec codex --dangerously-bypass-approvals-and-sandbox "$prompt"
+      ;;
+    cursor|cursor-agent)
+      exec cursor-agent --yolo "$prompt"
+      ;;
+    *)
+      exec "$agent" "$prompt"
+      ;;
+  esac
+}
+
+gh_assign_self_issue() {
+  local issue="$1"
+  local repo="$2"
+  if gh issue edit "$issue" -R "$repo" --add-assignee "@me" >/dev/null 2>&1; then
+    info "assigned issue #$issue to @me"
+  else
+    warn "could not assign issue #$issue to @me; continuing"
+  fi
+}
+
+gh_assign_self_pr() {
+  local pr="$1"
+  local repo="$2"
+  if gh pr edit "$pr" -R "$repo" --add-assignee "@me" >/dev/null 2>&1; then
+    info "assigned PR #$pr to @me"
+  else
+    warn "could not assign PR #$pr to @me; continuing"
+  fi
+}
+
+# Summarize free-form text via a local LLM CLI (expects `-p <prompt>`).
+# Usage: summarize_text <tool> <input>
+# Tools used here: gemini (default for summaries), claude, or any CLI that
+# accepts `-p "<prompt>"` and prints the response to stdout.
+# Special value `none` echoes input unchanged.
+summarize_text() {
+  local tool="$1"
+  local input="$2"
+  if [ "$tool" = "none" ] || [ "$tool" = "raw" ]; then
+    printf '%s' "$input"
+    return
+  fi
+  require "$tool"
+  local prompt
+  prompt=$(cat <<'EOF'
+You are writing the body of a squash-merge commit.
+Summarize the PR changes below into 3-6 short bullet points.
+Rules:
+- Start each bullet with "- " and use imperative mood ("Add…", "Fix…", "Rename…").
+- One line per bullet, under ~100 chars.
+- No headers, no code fences, no sign-offs, no Co-authored-by lines.
+- Do not include the PR number or title.
+- Output only the bullets, nothing else.
+
+PR content:
+---
+EOF
+)
+  "$tool" -p "${prompt}
+${input}
+---"
+}
+
+require_pr_number() {
+  if [ -z "${1:-}" ]; then
+    echo "Usage: $(basename "$0") <pr-number>" >&2
+    exit 1
+  fi
+  case "$1" in
+    ''|*[!0-9]*)
+      echo "[review] pr-number must be numeric, got: $1" >&2
+      exit 1
+      ;;
+  esac
+}
+
+# ── Coloured output ────────────────────────────────────────────────
+# Disable colour when stdout is not a terminal (piped / CI).
+if [ -t 1 ]; then
+  _R=$'\033[0;31m' _G=$'\033[0;32m' _Y=$'\033[0;33m' _B=$'\033[1m' _0=$'\033[0m'
+else
+  _R="" _G="" _Y="" _B="" _0=""
+fi
+
+pass()  { printf '%s[PASS]%s %s\n' "$_G" "$_0" "$*"; }
+fail()  { printf '%s[FAIL]%s %s\n' "$_R" "$_0" "$*" >&2; }
+warn()  { printf '%s[WARN]%s %s\n' "$_Y" "$_0" "$*" >&2; }
+info()  { printf '%s[INFO]%s %s\n' "$_B" "$_0" "$*"; }
+
+# Fetch PR head into local branch pr/<num>, merge main in, wire upstream +
+# pushRemote so `git push` lands on the contributor's fork.
+sync_pr() {
+  local pr="$1"
+  local repo
+  repo=$(resolve_repo)
+
+  local info head_repo head_branch local_branch base_branch
+  info=$(gh pr view "$pr" -R "$repo" \
+    --json headRefName,headRepository,headRepositoryOwner,baseRefName)
+  head_repo=$(echo "$info" | jq -r '.headRepositoryOwner.login + "/" + .headRepository.name')
+  head_branch=$(echo "$info" | jq -r '.headRefName')
+  # The PR's actual base branch (e.g. develop) is authoritative; don't assume main.
+  base_branch=$(echo "$info" | jq -r '.baseRefName')
+  [ -z "$base_branch" ] || [ "$base_branch" = "null" ] && base_branch="main"
+  local_branch="pr/$pr"
+
+  echo "[review] PR #$pr -> $head_repo:$head_branch (base: $base_branch, local: $local_branch)"
+
+  # Fetch the PR head into local branch pr/<n> (refs are shared across worktrees).
+  git fetch origin "$base_branch"
+  # On a reused review worktree, pr/<n> is already checked out, and fetching
+  # directly into a checked-out branch is fatal. Only seed the branch on first
+  # creation; reuse refreshes it via the push remote further down.
+  if git rev-parse --verify --quiet "refs/heads/${local_branch}" >/dev/null; then
+    echo "[review] $local_branch already exists — skipping direct head fetch (refreshed via push remote below)"
+  else
+    git fetch "https://github.com/${head_repo}.git" \
+      "+${head_branch}:${local_branch}"
+  fi
+
+  local merge_ref="$base_branch"
+  if [ "${REVIEW_WORKTREE:-0}" = "1" ]; then
+    # Isolated review worktree: never touch the primary checkout's branch.
+    local wt="${REVIEW_WT_DIR:?[review] REVIEW_WT_DIR required in worktree mode}"
+    if [ -d "$wt" ]; then
+      echo "[review] reusing review worktree: $wt"
+      cd "$wt"
+      git checkout "$local_branch"
+    else
+      echo "[review] creating review worktree: $wt (branch $local_branch)"
+      mkdir -p "$(dirname "$wt")"
+      git worktree add --force "$wt" "$local_branch"
+      cd "$wt"
+    fi
+    # Bring the base branch in via a ref (it may be checked out elsewhere).
+    merge_ref="origin/$base_branch"
+    if git remote get-url upstream >/dev/null 2>&1; then
+      git fetch upstream
+      git rev-parse --verify "upstream/$base_branch" >/dev/null 2>&1 && merge_ref="upstream/$base_branch"
+    fi
+  else
+    echo "[review] syncing $base_branch from upstream..."
+    git checkout "$base_branch"
+    git pull origin "$base_branch"
+    git fetch upstream
+    git merge "upstream/$base_branch"
+    git checkout "$local_branch"
+  fi
+  # A stray gitlink without a matching .gitmodules entry (e.g. an accidentally
+  # committed .claude/worktrees/* path) makes this fatal under `set -e` and would
+  # abort the whole review. Submodules aren't needed to review a diff, so warn and
+  # continue rather than die.
+  git submodule update --init --recursive \
+    || warn "submodule update failed (continuing) — likely a stale gitlink with no .gitmodules entry"
+
+  echo "[review] merging $merge_ref into $local_branch (conflicts will not abort)..."
+  REVIEW_HAS_CONFLICTS=0
+  REVIEW_CONFLICT_FILES=""
+  if ! git merge --no-edit "$merge_ref"; then
+    REVIEW_CONFLICT_FILES=$(git diff --name-only --diff-filter=U | sort -u)
+    if [ -z "$REVIEW_CONFLICT_FILES" ]; then
+      fail "git merge $merge_ref failed for a non-conflict reason"
+      return 1
+    fi
+    echo "[review] ! conflicts detected in PR #$pr, continuing."
+    REVIEW_HAS_CONFLICTS=1
+  fi
+
+  # Prefer an existing SSH remote pointing at this fork to avoid https auth prompts.
+  local remote_name="remote-$pr"
+  local existing_ssh
+  existing_ssh=$(git remote -v \
+    | awk -v repo="$head_repo" '$2 ~ ("[:/]" repo "(\\.git)?$") && $3 == "(fetch)" {print $1; exit}')
+  if [ -n "$existing_ssh" ]; then
+    remote_name="$existing_ssh"
+    echo "[review] reusing remote '$remote_name' -> $(git remote get-url "$remote_name")"
+  else
+    local remote_url="https://github.com/${head_repo}.git"
+    git remote add "$remote_name" "$remote_url" 2>/dev/null \
+      || git remote set-url "$remote_name" "$remote_url"
+  fi
+
+  git fetch "$remote_name" \
+    "+refs/heads/${head_branch}:refs/remotes/${remote_name}/${head_branch}"
+
+  git branch --set-upstream-to="$remote_name/$head_branch" "$local_branch"
+  git config "branch.${local_branch}.pushRemote" "$remote_name"
+  git config "branch.${local_branch}.merge" "refs/heads/${head_branch}"
+
+  echo "[review] upstream + pushRemote set to $remote_name/$head_branch"
+
+  # Export for callers.
+  REVIEW_PR="$pr"
+  REVIEW_REPO_RESOLVED="$repo"
+  REVIEW_LOCAL_BRANCH="$local_branch"
+  REVIEW_HEAD_REPO="$head_repo"
+  REVIEW_HEAD_BRANCH="$head_branch"
+  REVIEW_PUSH_REMOTE="$remote_name"
+  export REVIEW_PR REVIEW_REPO_RESOLVED REVIEW_LOCAL_BRANCH \
+         REVIEW_HEAD_REPO REVIEW_HEAD_BRANCH REVIEW_PUSH_REMOTE \
+         REVIEW_HAS_CONFLICTS REVIEW_CONFLICT_FILES
+}

package/review/merge.sh

@@ -0,0 +1,374 @@
+#!/usr/bin/env bash
+# merge.sh <pr-number> [--squash|--merge|--rebase] [--dry-run] [--summary-llm <tool>]
+# Merge a PR via gh. Defaults to --squash.
+#
+# For --squash we rewrite the commit body:
+#   - summarize the PR body + commit messages with the summary LLM
+#     (default: gemini; use `none` to skip and keep the raw PR body)
+#   - drop any Co-authored-by lines mentioning copilot / codex / cursor / claude
+#   - add the current `git config user.name <user.email>` as a co-author
+# --merge and --rebase keep the original commits as-is.
+#
+# --dry-run prints the squash subject + body that would be used and exits
+# without calling `gh pr merge`. Ignored for --merge / --rebase.
+
+set -euo pipefail
+here="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck source=lib.sh
+source "$here/lib.sh"
+
+require git gh jq
+require_pr_number "${1:-}"
+
+pr="$1"
+strategy="--squash"
+dry_run=0
+force=0
+admin=0
+auto=0
+summary_llm="gemini"
+shift
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --squash|--merge|--rebase) strategy="$1"; shift ;;
+    --dry-run|-n) dry_run=1; shift ;;
+    --force|-f) force=1; shift ;;
+    --admin) admin=1; shift ;;
+    --auto) auto=1; shift ;;
+    --summary-llm) summary_llm="${2:?--summary-llm requires a value}"; shift 2 ;;
+    --summary-llm=*) summary_llm="${1#*=}"; shift ;;
+    *)
+      echo "[review] unknown arg: $1 (expected --squash|--merge|--rebase|--dry-run|--force|--admin|--auto|--summary-llm)" >&2
+      exit 1
+      ;;
+  esac
+done
+
+if [ "$admin" = "1" ] && [ "$auto" = "1" ]; then
+  echo "[review] --admin and --auto are mutually exclusive" >&2
+  exit 1
+fi
+
+repo=$(resolve_repo)
+
+echo "[review] PR #$pr status on $repo:"
+pr_status_json=$(gh pr view "$pr" -R "$repo" \
+  --json state,mergeable,mergeStateStatus,reviewDecision,statusCheckRollup,isDraft,body,reviews)
+jq '{state, mergeable, mergeStateStatus, reviewDecision, isDraft,
+     checks: [.statusCheckRollup[]? | {name: (.name // .context), status, conclusion}]}' \
+  <<<"$pr_status_json"
+
+ensure_merge_ready() {
+  local failures=0 total=8
+
+  # ── Check 1: Not a draft ──
+  local is_draft
+  is_draft=$(jq -r '.isDraft' <<<"$pr_status_json")
+  if [ "$is_draft" = "true" ]; then
+    fail "PR is still in draft"
+    failures=$((failures + 1))
+  else
+    pass "PR is not a draft"
+  fi
+
+  # ── Check 2: CI passing ──
+  local bad_checks
+  bad_checks=$(jq -r '
+      .statusCheckRollup[]?
+      | select(
+          (.conclusion // "") as $c
+          | (.status // "") as $s
+          | ($c | IN("SUCCESS","NEUTRAL","SKIPPED","")) as $okConc
+          | ($s | IN("COMPLETED","")) as $okStatus
+          | (($okConc and $okStatus) | not)
+        )
+      | "    \((.name // .context)): status=\(.status // "?"), conclusion=\(.conclusion // "?")"
+    ' <<<"$pr_status_json")
+  if [ -n "$bad_checks" ]; then
+    fail "CI checks not all green:"
+    printf '%s\n' "$bad_checks" >&2
+    failures=$((failures + 1))
+  else
+    pass "All CI checks passing"
+  fi
+
+  # ── Check 3: No merge conflicts ──
+  local mergeable
+  mergeable=$(jq -r '.mergeable' <<<"$pr_status_json")
+  case "$mergeable" in
+    MERGEABLE) pass "No merge conflicts" ;;
+    CONFLICTING)
+      fail "PR has merge conflicts"
+      failures=$((failures + 1))
+      ;;
+    *)
+      fail "Merge status unknown ($mergeable)"
+      failures=$((failures + 1))
+      ;;
+  esac
+
+  # ── Check 4: All review threads resolved ──
+  local unresolved
+  unresolved=$(gh api graphql -f query='
+    query($owner:String!,$repo:String!,$pr:Int!) {
+      repository(owner:$owner,name:$repo) {
+        pullRequest(number:$pr) {
+          reviewThreads(first:100) {
+            nodes { isResolved isOutdated }
+          }
+        }
+      }
+    }' -f owner="${repo%%/*}" -f repo="${repo##*/}" -F pr="$pr" \
+    --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and .isOutdated == false)] | length')
+  if [ "${unresolved:-0}" -gt 0 ]; then
+    fail "$unresolved unresolved review thread(s)"
+    failures=$((failures + 1))
+  else
+    pass "All review threads resolved"
+  fi
+
+  # ── Check 5: At least one approval ──
+  local review_decision
+  review_decision=$(jq -r '.reviewDecision // "NONE"' <<<"$pr_status_json")
+  if [ "$review_decision" = "APPROVED" ]; then
+    pass "Has at least one approval"
+  else
+    fail "Review decision is $review_decision (need APPROVED)"
+    failures=$((failures + 1))
+  fi
+
+  # ── Check 6: No REQUEST_CHANGES pending ──
+  # Get the latest review state per author — a later APPROVED supersedes an earlier REQUEST_CHANGES
+  local pending_changes
+  pending_changes=$(jq -r '
+    [.reviews // [] | sort_by(.submittedAt) | group_by(.author.login)[]
+     | last | select(.state == "CHANGES_REQUESTED")]
+    | length' <<<"$pr_status_json")
+  if [ "${pending_changes:-0}" -gt 0 ]; then
+    fail "$pending_changes reviewer(s) still requesting changes"
+    failures=$((failures + 1))
+  else
+    pass "No pending change requests"
+  fi
+
+  # ── Check 7: Coverage gate passed ──
+  local cov_status
+  cov_status=$(jq -r '
+    [.statusCheckRollup[]?
+     | select((.name // .context) | test("coverage"; "i"))]
+    | if length == 0 then "MISSING"
+      elif all(.conclusion == "SUCCESS") then "SUCCESS"
+      else (map(select(.conclusion != "SUCCESS"))[0].conclusion // "UNKNOWN")
+      end' <<<"$pr_status_json")
+  case "$cov_status" in
+    SUCCESS) pass "Coverage gate passed" ;;
+    MISSING)
+      warn "Coverage check not found in status checks"
+      fail "Coverage gate status unknown"
+      failures=$((failures + 1))
+      ;;
+    *)
+      fail "Coverage gate: $cov_status"
+      failures=$((failures + 1))
+      ;;
+  esac
+
+  # ── Check 8: PR description has required sections ──
+  local body
+  body=$(jq -r '.body // ""' <<<"$pr_status_json")
+  local missing_sections=()
+  for section in "Summary" "Problem" "Solution"; do
+    if ! grep -qiE "^##[[:space:]]+${section}" <<<"$body"; then
+      missing_sections+=("$section")
+    fi
+  done
+  if [ ${#missing_sections[@]} -gt 0 ]; then
+    fail "PR description missing sections: ${missing_sections[*]}"
+    failures=$((failures + 1))
+  else
+    pass "PR description has required sections"
+  fi
+
+  # ── Summary ──
+  local passed=$((total - failures))
+  echo ""
+  if [ "$failures" -gt 0 ]; then
+    info "${_B}${passed}/${total} checks passed${_0}"
+    if [ "$force" = "1" ]; then
+      warn "--force: proceeding despite $failures failure(s)."
+      return 0
+    fi
+    fail "Refusing to merge. Re-run with --force to override."
+    exit 1
+  else
+    info "${_G}${total}/${total} checks passed${_0} — ready to merge"
+  fi
+}
+
+# Substring patterns (case-insensitive) matched against co-author name OR email.
+# Override via REVIEW_BANNED_COAUTHOR_RE env var.
+BANNED_RE="${REVIEW_BANNED_COAUTHOR_RE:-copilot|codex|cursor|claude|anthropic|openai|chatgpt|\[bot\]|noreply@github|users\.noreply\.github\.com}"
+
+build_squash_body() {
+  local pr="$1" repo="$2" summary_llm="$3" closing_issues="${4:-}"
+  local data body title me_name me_email
+  data=$(gh pr view "$pr" -R "$repo" --json title,body,commits)
+  title=$(jq -r '.title' <<<"$data")
+  body=$(jq -r '.body // ""' <<<"$data")
+
+  me_name=$(git config --get user.name || true)
+  me_email=$(git config --get user.email || true)
+  if [ -z "$me_name" ] || [ -z "$me_email" ]; then
+    echo "[review] git config user.name/user.email not set; cannot add self as co-author" >&2
+    exit 1
+  fi
+
+  # Strip any existing Co-authored-by trailers from the PR body.
+  local body_clean
+  body_clean=$(printf '%s\n' "$body" | grep -viE '^co-authored-by:' || true)
+  # Trim trailing blank lines.
+  body_clean=$(printf '%s\n' "$body_clean" | awk 'NF {p=1} p {lines[NR]=$0; last=NR} END {for (i=1;i<=last;i++) print lines[i]}')
+
+  # Build input for the summary LLM: title + PR body + commit list.
+  local summary_input
+  summary_input=$(jq -r '
+      "Title: " + .title + "\n\n" +
+      "PR body:\n" + (.body // "(empty)") + "\n\n" +
+      "Commits:\n" +
+      ((.commits // [])
+        | map("- " + .messageHeadline
+              + (if (.messageBody // "") != ""
+                 then "\n  " + ((.messageBody) | gsub("\n"; "\n  "))
+                 else "" end))
+        | join("\n"))
+    ' <<<"$data")
+
+  local summary_body
+  if [ "$summary_llm" = "none" ] || [ "$summary_llm" = "raw" ]; then
+    summary_body="$body_clean"
+  else
+    echo "[review] summarizing with ${summary_llm}..." >&2
+    summary_body=$(summarize_text "$summary_llm" "$summary_input")
+    if [ -z "$summary_body" ]; then
+      echo "[review] ! summary LLM returned empty output; falling back to PR body" >&2
+      summary_body="$body_clean"
+    fi
+  fi
+
+  # Collect co-authors from commit authors + Co-authored-by trailers, then
+  # filter. tolower()-based match is portable (BSD awk has no IGNORECASE).
+  local coauthors
+  coauthors=$(jq -r '
+      .commits[]
+      | (
+          (.authors[]? | "\(.name // "")\t\(.email // "")"),
+          (.messageBody // "" | split("\n")[]
+            | select(test("^[Cc]o-authored-by:"))
+            | sub("^[Cc]o-authored-by:\\s*"; "")
+            | capture("^(?<n>.+?)\\s*<(?<e>[^>]+)>\\s*$")?
+            | "\(.n)\t\(.e)"
+          )
+        )
+    ' <<<"$data" \
+    | awk -F'\t' -v me="$me_email" -v banned="$BANNED_RE" '
+        NF < 2 { next }
+        $1 == "" || $2 == "" { next }
+        tolower($2) == tolower(me) { next }
+        {
+          nl = tolower($1); el = tolower($2);
+          if (nl ~ banned || el ~ banned) next;
+          key = el;
+          if (!(key in seen)) {
+            seen[key] = 1
+            printf "Co-authored-by: %s <%s>\n", $1, $2
+          }
+        }
+      ')
+
+  # Strip any stray closing-keyword lines the LLM or PR body may have
+  # emitted — we'll append a canonical block below so GitHub sees one
+  # `Closes #N` per linked issue (its regex only matches one ref per keyword,
+  # so `Closes #1, #2` would only close #1).
+  local summary_clean
+  summary_clean=$(printf '%s\n' "$summary_body" \
+    | grep -viE '^[[:space:]]*(close[sd]?|fix(e[sd])?|resolve[sd]?)[[:space:]]+(#|[A-Za-z0-9._-]+/[A-Za-z0-9._-]+#)[0-9]+' \
+    || true)
+
+  local closes_block=""
+  if [ -n "$closing_issues" ]; then
+    local n
+    for n in $closing_issues; do
+      closes_block+="Closes #${n}"$'\n'
+    done
+  fi
+
+  {
+    if [ -n "$summary_clean" ]; then
+      printf '%s\n\n' "$summary_clean"
+    fi
+    if [ -n "$closes_block" ]; then
+      printf '%s\n' "$closes_block"
+    fi
+    if [ -n "$coauthors" ]; then
+      printf '%s\n' "$coauthors"
+    fi
+    printf 'Co-authored-by: %s <%s>\n' "$me_name" "$me_email"
+  }
+  : "$title"  # reserved for future subject overrides
+}
+
+# Gate the merge first — do this BEFORE any LLM summarization so we
+# don't burn tokens on PRs that can't actually be merged. --dry-run is
+# the one case where we still want to print the squash preview regardless.
+extra_flags=()
+if [ "$admin" = "1" ]; then
+  echo "[review] --admin: bypassing local gate and using branch-protection override"
+  extra_flags+=(--admin)
+elif [ "$auto" = "1" ]; then
+  echo "[review] --auto: queueing merge once checks/approvals are satisfied"
+  extra_flags+=(--auto)
+elif [ "$dry_run" != "1" ]; then
+  ensure_merge_ready
+fi
+
+if [ "$strategy" = "--squash" ]; then
+  title=$(gh pr view "$pr" -R "$repo" --json title -q .title)
+
+  # Append any linked "Closes #N" issues that aren't already referenced in the
+  # title (skip issue numbers already mentioned as #N).
+  closing=$(gh pr view "$pr" -R "$repo" \
+    --json closingIssuesReferences \
+    --jq '.closingIssuesReferences[].number' 2>/dev/null || true)
+  missing=()
+  for n in $closing; do
+    if ! grep -qE "#${n}([^0-9]|$)" <<<"$title"; then
+      missing+=("#${n}")
+    fi
+  done
+  if [ ${#missing[@]} -gt 0 ]; then
+    joined=$(printf ', %s' "${missing[@]}")
+    joined=${joined:2}
+    title="${title} (closes ${joined})"
+  fi
+
+  body=$(build_squash_body "$pr" "$repo" "$summary_llm" "$closing")
+  echo "[review] squash commit message:"
+  printf -- '----\n%s (#%s)\n\n%s\n----\n' "$title" "$pr" "$body"
+  if [ "$dry_run" = "1" ]; then
+    echo "[review] --dry-run: not merging."
+    exit 0
+  fi
+  echo "[review] merging PR #$pr with --squash..."
+  gh pr merge "$pr" -R "$repo" --squash --delete-branch \
+    --subject "$title (#$pr)" \
+    --body "$body" \
+    ${extra_flags[@]+"${extra_flags[@]}"}
+else
+  if [ "$dry_run" = "1" ]; then
+    echo "[review] --dry-run: $strategy does not rewrite the commit message; nothing to preview."
+    exit 0
+  fi
+  echo "[review] merging PR #$pr with $strategy..."
+  gh pr merge "$pr" -R "$repo" "$strategy" --delete-branch ${extra_flags[@]+"${extra_flags[@]}"}
+fi
+echo "[review] merged."