github-issue-tower-defence-management 1.80.1 → 1.82.0

package/src/adapter/entry-points/cli/projectConfig.ts

@@ -20,6 +20,7 @@ export type ConfigFile = {
   awLogDirectoryPath?: string;
   awLogStaleThresholdMinutes?: number;
   labelsAsLlmAgentName?: string[];
+  changeTargetPathAliases?: Record<string, string>;
 };
 
 const getStringValue = (
@@ -38,6 +39,24 @@ const getNumberValue = (
   return typeof value === 'number' ? value : undefined;
 };
 
+const getStringRecordValue = (
+  obj: Record<string, unknown>,
+  key: string,
+): Record<string, string> | undefined => {
+  const value = obj[key];
+  if (!isRecord(value)) {
+    return undefined;
+  }
+  const result: Record<string, string> = {};
+  for (const [k, v] of Object.entries(value)) {
+    if (typeof v !== 'string') {
+      return undefined;
+    }
+    result[k] = v;
+  }
+  return result;
+};
+
 const getStringArrayValue = (
   obj: Record<string, unknown>,
   key: string,
@@ -75,6 +94,7 @@ const knownProjectReadmeConfigKeys = [
   'claudeCodeOauthTokenListJsonPath',
   'awLogDirectoryPath',
   'awLogStaleThresholdMinutes',
+  'changeTargetPathAliases',
 ] as const;
 
 export const loadConfigFile = (configFilePath: string): ConfigFile => {
@@ -121,6 +141,10 @@ export const loadConfigFile = (configFilePath: string): ConfigFile => {
         'awLogStaleThresholdMinutes',
       ),
       labelsAsLlmAgentName: getStringArrayValue(parsed, 'labelsAsLlmAgentName'),
+      changeTargetPathAliases: getStringRecordValue(
+        parsed,
+        'changeTargetPathAliases',
+      ),
     };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
@@ -193,6 +217,10 @@ export const parseProjectReadmeConfig = (
         parsed,
         'awLogStaleThresholdMinutes',
       ),
+      changeTargetPathAliases: getStringRecordValue(
+        parsed,
+        'changeTargetPathAliases',
+      ),
     };
   } catch {
     console.warn('Failed to parse YAML from project README config section');
@@ -271,6 +299,10 @@ export const mergeConfigs = (
     readmeOverrides.labelsAsLlmAgentName ??
     cliOverrides.labelsAsLlmAgentName ??
     configFile.labelsAsLlmAgentName,
+  changeTargetPathAliases:
+    readmeOverrides.changeTargetPathAliases ??
+    cliOverrides.changeTargetPathAliases ??
+    configFile.changeTargetPathAliases,
 });
 
 type GraphqlProjectV2ReadmeResponse = {

package/src/adapter/entry-points/handlers/rotationOrderFileWriter.test.ts

@@ -28,6 +28,7 @@ describe('writeRotationOrderFile', () => {
         blocked: false,
         rejected: false,
         thresholdExcluded: false,
+        cooldownExcluded: false,
       },
     ];
 
@@ -77,6 +78,7 @@ describe('writeRotationOrderFile', () => {
         blocked: false,
         rejected: false,
         thresholdExcluded: false,
+        cooldownExcluded: false,
       },
       {
         name: 'personal-2',
@@ -84,6 +86,7 @@ describe('writeRotationOrderFile', () => {
         blocked: false,
         rejected: false,
         thresholdExcluded: true,
+        cooldownExcluded: false,
       },
     ];
 
@@ -119,6 +122,7 @@ describe('writeRotationOrderFile', () => {
         blocked: false,
         rejected: false,
         thresholdExcluded: false,
+        cooldownExcluded: false,
       },
     ];
 

package/src/adapter/proxy/RateLimitCache.test.ts

@@ -5,6 +5,8 @@ import {
   cacheDir,
   cachePathForToken,
   hashToken,
+  HEADERLESS_429_DEFAULT_COOLDOWN_SECONDS,
+  HEADERLESS_429_MAX_COOLDOWN_SECONDS,
   parseModelRateLimitsFromBody,
   readRateLimit,
   writeModelRateLimit,
@@ -446,6 +448,107 @@ describe('RateLimitCache', () => {
     });
   });
 
+  describe('writeRateLimit records a cooldown on a 429 with no anthropic-ratelimit-* headers', () => {
+    it('should set blockedUntilEpoch using the default cooldown when no Retry-After header is present', () => {
+      const token = '429-no-headers-default-cooldown-token';
+      const before = Date.now() / 1000;
+      writeRateLimit(token, { 'content-type': 'application/json' }, 429);
+      const after = Date.now() / 1000;
+      const snapshot = readRateLimit(token);
+      expect(snapshot).not.toBeNull();
+      expect(snapshot?.blockedUntilEpoch).toBeGreaterThanOrEqual(
+        before + HEADERLESS_429_DEFAULT_COOLDOWN_SECONDS,
+      );
+      expect(snapshot?.blockedUntilEpoch).toBeLessThanOrEqual(
+        after + HEADERLESS_429_DEFAULT_COOLDOWN_SECONDS,
+      );
+    });
+
+    it('should honor the Retry-After header when present', () => {
+      const token = '429-no-headers-retry-after-token';
+      const retryAfterSeconds = 120;
+      const before = Date.now() / 1000;
+      writeRateLimit(
+        token,
+        { 'content-type': 'application/json', 'retry-after': '120' },
+        429,
+      );
+      const after = Date.now() / 1000;
+      const snapshot = readRateLimit(token);
+      expect(snapshot?.blockedUntilEpoch).toBeGreaterThanOrEqual(
+        before + retryAfterSeconds,
+      );
+      expect(snapshot?.blockedUntilEpoch).toBeLessThanOrEqual(
+        after + retryAfterSeconds,
+      );
+    });
+
+    it('should clamp the cooldown to the maximum when Retry-After is very large', () => {
+      const token = '429-no-headers-clamp-token';
+      const before = Date.now() / 1000;
+      writeRateLimit(
+        token,
+        { 'content-type': 'application/json', 'retry-after': '99999' },
+        429,
+      );
+      const after = Date.now() / 1000;
+      const snapshot = readRateLimit(token);
+      expect(snapshot?.blockedUntilEpoch).toBeGreaterThanOrEqual(
+        before + HEADERLESS_429_MAX_COOLDOWN_SECONDS,
+      );
+      expect(snapshot?.blockedUntilEpoch).toBeLessThanOrEqual(
+        after + HEADERLESS_429_MAX_COOLDOWN_SECONDS,
+      );
+    });
+
+    it('should preserve the previous last-good snapshot while adding the cooldown', () => {
+      const token = '429-no-headers-preserve-snapshot-token';
+      writeRateLimit(token, {
+        'anthropic-ratelimit-unified-status': 'allowed',
+        'anthropic-ratelimit-unified-5h-status': 'allowed',
+        'anthropic-ratelimit-unified-5h-reset': '1700000000',
+        'anthropic-ratelimit-unified-5h-utilization': '42',
+        'anthropic-ratelimit-unified-7d-status': 'allowed',
+        'anthropic-ratelimit-unified-7d-reset': '1700100000',
+        'anthropic-ratelimit-unified-7d-utilization': '17',
+      });
+      writeRateLimit(token, { 'content-type': 'application/json' }, 429);
+      const snapshot = readRateLimit(token);
+      expect(snapshot?.fiveHourUtilization).toBe(42);
+      expect(snapshot?.fiveHourReset).toBe(1700000000);
+      expect(snapshot?.sevenDayUtilization).toBe(17);
+      expect(snapshot?.sevenDayReset).toBe(1700100000);
+      expect(snapshot?.rejected).toBe(false);
+      expect(snapshot?.blocked).toBe(false);
+      expect(snapshot?.blockedUntilEpoch).toBeGreaterThan(Date.now() / 1000);
+    });
+
+    it('should clear the cooldown when a later header-bearing response arrives', () => {
+      const token = '429-then-normal-clears-cooldown-token';
+      writeRateLimit(token, { 'content-type': 'application/json' }, 429);
+      expect(readRateLimit(token)?.blockedUntilEpoch).toBeGreaterThan(
+        Date.now() / 1000,
+      );
+      writeRateLimit(token, {
+        'anthropic-ratelimit-unified-status': 'allowed',
+        'anthropic-ratelimit-unified-5h-status': 'allowed',
+        'anthropic-ratelimit-unified-5h-reset': '1700000000',
+        'anthropic-ratelimit-unified-5h-utilization': '30',
+        'anthropic-ratelimit-unified-7d-status': 'allowed',
+        'anthropic-ratelimit-unified-7d-reset': '1700100000',
+        'anthropic-ratelimit-unified-7d-utilization': '20',
+      });
+      expect(readRateLimit(token)?.blockedUntilEpoch).toBe(0);
+    });
+
+    it('should not write any cooldown for a headerless response that is not a 429', () => {
+      const token = '500-no-headers-no-cooldown-token';
+      writeRateLimit(token, { 'content-type': 'application/json' }, 500);
+      expect(fs.existsSync(cachePathForToken(token))).toBe(false);
+      expect(readRateLimit(token)).toBeNull();
+    });
+  });
+
   describe('parseModelRateLimitsFromBody', () => {
     it('should extract a rejected seven_day_sonnet limit from a rate_limit event body', () => {
       const body =

package/src/adapter/proxy/RateLimitCache.ts

@@ -20,12 +20,17 @@ export interface RateLimitSnapshot {
   sevenDayRejected: boolean;
   modelWeeklyLimits: Record<string, ModelWeeklyLimit>;
   lastUpdatedEpoch: number;
+  blockedUntilEpoch: number;
 }
 
 export const PROXY_PORT = 8787;
 
 const HASH_ALGORITHM = 'sha256';
 
+export const HEADERLESS_429_DEFAULT_COOLDOWN_SECONDS = 90;
+
+export const HEADERLESS_429_MAX_COOLDOWN_SECONDS = 600;
+
 export const cacheDir = (): string => {
   const base = process.env.XDG_CACHE_HOME ?? path.join(os.homedir(), '.cache');
   return path.join(base, 'tdpm', 'ratelimit');
@@ -68,9 +73,21 @@ const readModelWeeklyLimits = (
   return result;
 };
 
+const cooldownEndFromRetryAfter = (
+  retryAfterSeconds: number | null,
+  nowEpochSeconds: number,
+): number => {
+  const cooldownSeconds =
+    retryAfterSeconds !== null && retryAfterSeconds > 0
+      ? Math.min(retryAfterSeconds, HEADERLESS_429_MAX_COOLDOWN_SECONDS)
+      : HEADERLESS_429_DEFAULT_COOLDOWN_SECONDS;
+  return nowEpochSeconds + cooldownSeconds;
+};
+
 export const writeRateLimit = (
   token: string,
   headers: Record<string, string | string[] | undefined>,
+  statusCode: number | null = null,
 ): void => {
   const pick = (key: string): string | undefined => {
     const value = headers[key];
@@ -86,14 +103,35 @@ export const writeRateLimit = (
       }
     }
   }
+  const dir = cacheDir();
+  const filePath = path.join(dir, `${hashToken(token)}.json`);
   if (Object.keys(rateLimitHeaders).length === 0) {
+    if (statusCode !== 429) {
+      return;
+    }
+    const existing = readPayload(filePath);
+    const retryAfterRaw = pick('retry-after');
+    const retryAfterSeconds =
+      retryAfterRaw !== undefined && Number.isFinite(Number(retryAfterRaw))
+        ? Number(retryAfterRaw)
+        : null;
+    const blockedUntilEpoch = cooldownEndFromRetryAfter(
+      retryAfterSeconds,
+      Date.now() / 1000,
+    );
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    const payload = {
+      ...existing,
+      blockedUntilEpoch,
+    };
+    fs.writeFileSync(filePath, JSON.stringify(payload));
     return;
   }
-  const dir = cacheDir();
   if (!fs.existsSync(dir)) {
     fs.mkdirSync(dir, { recursive: true });
   }
-  const filePath = path.join(dir, `${hashToken(token)}.json`);
   const existing = readPayload(filePath);
   const payload = {
     ts: Date.now() / 1000,
@@ -186,6 +224,9 @@ export const readRateLimit = (token: string): RateLimitSnapshot | null => {
     const sevenDayRejected = sevenDayStatus === 'rejected';
     const storedTs = parsed.ts;
     const lastUpdatedEpoch = typeof storedTs === 'number' ? storedTs : 0;
+    const storedBlockedUntil = parsed.blockedUntilEpoch;
+    const blockedUntilEpoch =
+      typeof storedBlockedUntil === 'number' ? storedBlockedUntil : 0;
     return {
       fiveHourUtilization: num('anthropic-ratelimit-unified-5h-utilization'),
       fiveHourReset: num('anthropic-ratelimit-unified-5h-reset'),
@@ -201,6 +242,7 @@ export const readRateLimit = (token: string): RateLimitSnapshot | null => {
       sevenDayRejected,
       modelWeeklyLimits: readModelWeeklyLimits(parsed),
       lastUpdatedEpoch,
+      blockedUntilEpoch,
     };
   } catch {
     return null;

package/src/adapter/proxy/proxyEntry.test.ts

@@ -291,6 +291,23 @@ describe('startProxy', () => {
     expect(writeModelRateLimitSpy).toHaveBeenCalledTimes(1);
   });
 
+  it('should forward the upstream status code to writeRateLimit on a 429 response', async () => {
+    upstreamHandler = (_request, response) => {
+      response.writeHead(429, { 'content-type': 'application/json' });
+      response.end('{"type":"error","error":{"type":"rate_limit_error"}}');
+    };
+
+    const response = await requestThroughProxy('POST', '/v1/messages', '{}');
+
+    expect(response.statusCode).toBe(429);
+    expect(writeRateLimitSpy).toHaveBeenCalledTimes(1);
+    expect(writeRateLimitSpy).toHaveBeenCalledWith(
+      TOKEN,
+      expect.objectContaining({ 'content-type': 'application/json' }),
+      429,
+    );
+  });
+
   it('should forward non-SSE responses without crashing', async () => {
     upstreamHandler = (_request, response) => {
       response.writeHead(200, { 'content-type': 'application/json' });

package/src/adapter/proxy/proxyEntry.ts

@@ -50,7 +50,11 @@ const startProxy = (
       (upstreamResponse) => {
         if (token !== null) {
           try {
-            writeRateLimit(token, upstreamResponse.headers);
+            writeRateLimit(
+              token,
+              upstreamResponse.headers,
+              upstreamResponse.statusCode ?? null,
+            );
           } catch (error) {
             console.error('Failed to write rate limit cache:', error);
           }

package/src/adapter/repositories/ProxyClaudeTokenUsageRepository.test.ts

@@ -109,6 +109,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -120,6 +121,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {},
         },
       ]);
@@ -153,6 +155,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: true,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -188,6 +191,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: true,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -223,6 +227,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 30,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -258,6 +263,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -293,6 +299,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -328,6 +335,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {},
         },
       ]);
@@ -361,6 +369,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: true,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -396,6 +405,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 100,
           blocked: false,
           rejected: true,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: true, resetsAt: futureReset },
           },
@@ -431,6 +441,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day: { rejected: false, resetsAt: futureReset },
           },
@@ -455,6 +466,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 0,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {},
         },
       ]);
@@ -490,6 +502,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 10,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day_sonnet: { rejected: true, resetsAt: futureReset },
           },
@@ -527,6 +540,7 @@ describe('ProxyClaudeTokenUsageRepository', () => {
           sevenDayUtilization: 10,
           blocked: false,
           rejected: false,
+          blockedUntilEpoch: 0,
           modelWeeklyLimits: {
             seven_day_sonnet: { rejected: false, resetsAt: pastReset },
           },

package/src/adapter/repositories/ProxyClaudeTokenUsageRepository.ts

@@ -36,6 +36,7 @@ export class ProxyClaudeTokenUsageRepository implements ClaudeTokenUsageReposito
           blocked: false,
           rejected: false,
           modelWeeklyLimits: {},
+          blockedUntilEpoch: 0,
         };
       }
       const fiveHourExpired = nowEpochSeconds > snapshot.fiveHourReset;
@@ -83,6 +84,7 @@ export class ProxyClaudeTokenUsageRepository implements ClaudeTokenUsageReposito
           resetsAt: snapshot.sevenDayReset,
         };
       }
+      const cooldownActive = snapshot.blockedUntilEpoch > nowEpochSeconds;
       return {
         name,
         token,
@@ -91,6 +93,7 @@ export class ProxyClaudeTokenUsageRepository implements ClaudeTokenUsageReposito
         blocked: snapshot.blocked,
         rejected,
         modelWeeklyLimits,
+        blockedUntilEpoch: cooldownActive ? snapshot.blockedUntilEpoch : 0,
       };
     });
   };

package/src/domain/entities/ClaudeTokenUsage.ts

@@ -11,4 +11,5 @@ export type ClaudeTokenUsage = {
   blocked: boolean;
   rejected: boolean;
   modelWeeklyLimits: Record<string, ClaudeModelWeeklyLimit>;
+  blockedUntilEpoch: number;
 };

package/src/domain/usecases/ChangeTargetPullRequestApprover.test.ts

@@ -116,6 +116,74 @@ describe('ChangeTargetPullRequestApprover', () => {
     expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
   });
 
+  it('should normalize leading slashes in change-target label paths', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/entities/Foo.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:/src/domain'], prUrl);
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
+  it('should normalize both leading and trailing slashes in change-target label paths', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/entities/Foo.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:/src/domain/'], prUrl);
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
+  it('should expand a path alias when pathAliases map is provided', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/usecases/adapter-interfaces/IssueRepository.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:adapters'], prUrl, {
+      adapters: 'src/domain/usecases/adapter-interfaces',
+    });
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
+  it('should not approve when file is outside the expanded alias path', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/usecases/SomeOtherUseCase.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:adapters'], prUrl, {
+      adapters: 'src/domain/usecases/adapter-interfaces',
+    });
+
+    expect(mockIssueRepository.approvePullRequest).not.toHaveBeenCalled();
+  });
+
+  it('should treat label value as literal path when it does not match any alias key', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/entities/Foo.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:src/domain'], prUrl, {
+      adapters: 'src/domain/usecases/adapter-interfaces',
+    });
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
+  it('should normalize leading slash in alias expanded value', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/entities/Foo.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target:domain'], prUrl, {
+      domain: '/src/domain',
+    });
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
   it('should ignore empty change-target label values', async () => {
     mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
       'src/domain/Foo.ts',
@@ -129,6 +197,16 @@ describe('ChangeTargetPullRequestApprover', () => {
     expect(mockIssueRepository.approvePullRequest).not.toHaveBeenCalled();
   });
 
+  it('should normalize leading slashes in change-target-must label paths', async () => {
+    mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+      'src/domain/entities/Foo.ts',
+    ]);
+
+    await approver.approveIfConfined(['change-target-must:/src/domain'], prUrl);
+
+    expect(mockIssueRepository.approvePullRequest).toHaveBeenCalledWith(prUrl);
+  });
+
   it('should treat change-target-must: path as an allowed confinement path and approve when all files are confined to it', async () => {
     mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
       'src/domain/entities/Foo.ts',

package/src/domain/usecases/ChangeTargetPullRequestApprover.ts

@@ -11,11 +11,15 @@ export class ChangeTargetPullRequestApprover {
   approveIfConfined = async (
     issueLabels: string[],
     approvedPrUrl: string | null,
+    pathAliases?: Record<string, string> | null,
   ): Promise<void> => {
     if (approvedPrUrl === null) {
       return;
     }
-    const changeTargetPaths = this.extractChangeTargetPaths(issueLabels);
+    const changeTargetPaths = this.extractChangeTargetPaths(
+      issueLabels,
+      pathAliases,
+    );
     if (changeTargetPaths.length === 0) {
       return;
     }
@@ -33,7 +37,10 @@ export class ChangeTargetPullRequestApprover {
     await this.issueRepository.approvePullRequest(approvedPrUrl);
   };
 
-  private extractChangeTargetPaths = (labels: string[]): string[] => {
+  private extractChangeTargetPaths = (
+    labels: string[],
+    pathAliases?: Record<string, string> | null,
+  ): string[] => {
     const prefixes = ['change-target:', 'change-target-must:'];
     const paths: string[] = [];
     for (const label of labels) {
@@ -41,9 +48,12 @@ export class ChangeTargetPullRequestApprover {
       if (!matchedPrefix) continue;
       const raw = label.slice(matchedPrefix.length).trim();
       if (raw.length === 0) continue;
-      const normalized = raw.replace(/\/+$/, '');
+      const normalized = raw.replace(/^\/+/, '').replace(/\/+$/, '');
       if (normalized.length === 0) continue;
-      paths.push(normalized);
+      const aliasExpanded = pathAliases?.[normalized] ?? normalized;
+      const finalPath = aliasExpanded.replace(/^\/+/, '').replace(/\/+$/, '');
+      if (finalPath.length === 0) continue;
+      paths.push(finalPath);
     }
     return paths;
   };

package/src/domain/usecases/HandleScheduledEventUseCase.ts

@@ -85,6 +85,7 @@ export class HandleScheduledEventUseCase {
     disabled: boolean;
     allowIssueCacheMinutes: number;
     labelsAsLlmAgentName?: string[] | null;
+    changeTargetPathAliases?: Record<string, string> | null;
     startPreparation?: {
       defaultAgentName: string;
       defaultLlmModelName?: string | null;
@@ -296,6 +297,7 @@ ${JSON.stringify(e)}
       projectUrl: input.projectUrl,
       allowIssueCacheMinutes: input.allowIssueCacheMinutes,
       labelsAsLlmAgentName,
+      changeTargetPathAliases: input.changeTargetPathAliases,
     });
     if (this.dailySecurityScanUseCase !== null && input.dailySecurityScan) {
       await this.dailySecurityScanUseCase.run({

package/src/domain/usecases/IssueRejectionEvaluator.test.ts

@@ -340,6 +340,24 @@ describe('IssueRejectionEvaluator', () => {
         expect(result.rejections).toHaveLength(0);
         expect(result.approvedPrUrl).toBe(prUrl);
       });
+
+      it('should normalize leading slash in change-target-must label path', async () => {
+        mockIssueRepository.findRelatedOpenPRs.mockResolvedValue([
+          createReadyPr(prUrl),
+        ]);
+        mockIssueRepository.getPullRequestChangedFilePaths.mockResolvedValue([
+          'src/domain/entities/Foo.ts',
+        ]);
+
+        const result = await evaluator.evaluate({
+          url: 'https://github.com/user/repo/issues/1',
+          labels: ['change-target-must:/src/domain'],
+          isPr: false,
+        });
+
+        expect(result.rejections).toHaveLength(0);
+        expect(result.approvedPrUrl).toBe(prUrl);
+      });
     });
   });
 });

package/src/domain/usecases/IssueRejectionEvaluator.ts

@@ -167,7 +167,7 @@ export class IssueRejectionEvaluator {
       if (!label.startsWith(prefix)) continue;
       const raw = label.slice(prefix.length).trim();
       if (raw.length === 0) continue;
-      const normalized = raw.replace(/\/+$/, '');
+      const normalized = raw.replace(/^\/+/, '').replace(/\/+$/, '');
       if (normalized.length === 0) continue;
       paths.push(normalized);
     }