opencara 0.10.0 → 0.11.0

package/dist/index.js

@@ -6,6 +6,30 @@ import { Command as Command2 } from "commander";
 // src/commands/agent.ts
 import { Command } from "commander";
 import crypto from "crypto";
+import * as fs4 from "fs";
+import * as path4 from "path";
+
+// ../shared/dist/types.js
+function isRepoAllowed(repoConfig, targetOwner, targetRepo, agentOwner) {
+  if (!repoConfig)
+    return true;
+  const fullRepo = `${targetOwner}/${targetRepo}`;
+  switch (repoConfig.mode) {
+    case "all":
+      return true;
+    case "own":
+      return agentOwner === targetOwner;
+    case "whitelist":
+      return (repoConfig.list ?? []).includes(fullRepo);
+    case "blacklist":
+      return !(repoConfig.list ?? []).includes(fullRepo);
+    default:
+      return true;
+  }
+}
+
+// ../shared/dist/review-config.js
+import { parse as parseYaml } from "yaml";
 
 // src/config.ts
 import * as fs from "fs";
@@ -16,17 +40,7 @@ var DEFAULT_PLATFORM_URL = "https://api.opencara.dev";
 var CONFIG_DIR = path.join(os.homedir(), ".opencara");
 var CONFIG_FILE = process.env.OPENCARA_CONFIG && process.env.OPENCARA_CONFIG.trim() ? path.resolve(process.env.OPENCARA_CONFIG) : path.join(CONFIG_DIR, "config.yml");
 var DEFAULT_MAX_DIFF_SIZE_KB = 100;
-function parseLimits(data) {
-  const raw = data.limits;
-  if (!raw || typeof raw !== "object") return null;
-  const obj = raw;
-  const limits = {};
-  if (typeof obj.tokens_per_day === "number") limits.tokens_per_day = obj.tokens_per_day;
-  if (typeof obj.tokens_per_month === "number") limits.tokens_per_month = obj.tokens_per_month;
-  if (typeof obj.reviews_per_day === "number") limits.reviews_per_day = obj.reviews_per_day;
-  if (Object.keys(limits).length === 0) return null;
-  return limits;
-}
+var DEFAULT_MAX_CONSECUTIVE_ERRORS = 10;
 var VALID_REPO_MODES = ["all", "own", "whitelist", "blacklist"];
 var REPO_PATTERN = /^[^/]+\/[^/]+$/;
 var RepoConfigError = class extends Error {
@@ -91,8 +105,8 @@ function parseAgents(data) {
     if (typeof obj.command === "string") agent.command = obj.command;
     if (obj.router === true) agent.router = true;
     if (obj.review_only === true) agent.review_only = true;
-    const agentLimits = parseLimits(obj);
-    if (agentLimits) agent.limits = agentLimits;
+    if (typeof obj.github_token === "string") agent.github_token = obj.github_token;
+    if (typeof obj.codebase_dir === "string") agent.codebase_dir = obj.codebase_dir;
     const repoConfig = parseRepoConfig(obj, i);
     if (repoConfig) agent.repos = repoConfig;
     agents.push(agent);
@@ -100,11 +114,13 @@ function parseAgents(data) {
   return agents;
 }
 function loadConfig() {
+  const envPlatformUrl = process.env.OPENCARA_PLATFORM_URL?.trim() || null;
   const defaults = {
-    apiKey: null,
-    platformUrl: DEFAULT_PLATFORM_URL,
+    platformUrl: envPlatformUrl || DEFAULT_PLATFORM_URL,
     maxDiffSizeKb: DEFAULT_MAX_DIFF_SIZE_KB,
-    limits: null,
+    maxConsecutiveErrors: DEFAULT_MAX_CONSECUTIVE_ERRORS,
+    githubToken: null,
+    codebaseDir: null,
     agentCommand: null,
     agents: null
   };
@@ -117,20 +133,136 @@ function loadConfig() {
     return defaults;
   }
   return {
-    apiKey: typeof data.api_key === "string" ? data.api_key : null,
-    platformUrl: typeof data.platform_url === "string" ? data.platform_url : DEFAULT_PLATFORM_URL,
+    platformUrl: envPlatformUrl || (typeof data.platform_url === "string" ? data.platform_url : DEFAULT_PLATFORM_URL),
     maxDiffSizeKb: typeof data.max_diff_size_kb === "number" ? data.max_diff_size_kb : DEFAULT_MAX_DIFF_SIZE_KB,
-    limits: parseLimits(data),
+    maxConsecutiveErrors: typeof data.max_consecutive_errors === "number" ? data.max_consecutive_errors : DEFAULT_MAX_CONSECUTIVE_ERRORS,
+    githubToken: typeof data.github_token === "string" ? data.github_token : null,
+    codebaseDir: typeof data.codebase_dir === "string" ? data.codebase_dir : null,
     agentCommand: typeof data.agent_command === "string" ? data.agent_command : null,
     agents: parseAgents(data)
   };
 }
-function resolveAgentLimits(agentLimits, globalLimits) {
-  if (!agentLimits && !globalLimits) return null;
-  if (!agentLimits) return globalLimits;
-  if (!globalLimits) return agentLimits;
-  const merged = { ...globalLimits, ...agentLimits };
-  return Object.keys(merged).length === 0 ? null : merged;
+function resolveGithubToken(agentToken, globalToken) {
+  return agentToken ? agentToken : globalToken;
+}
+function resolveCodebaseDir(agentDir, globalDir) {
+  const raw = agentDir || globalDir;
+  if (!raw) return null;
+  if (raw.startsWith("~/") || raw === "~") {
+    return path.join(os.homedir(), raw.slice(1));
+  }
+  return path.resolve(raw);
+}
+
+// src/codebase.ts
+import { execFileSync } from "child_process";
+import * as fs2 from "fs";
+import * as path2 from "path";
+
+// src/sanitize.ts
+var GITHUB_TOKEN_PATTERN = /\b(ghp_[A-Za-z0-9_]{1,255}|gho_[A-Za-z0-9_]{1,255}|ghs_[A-Za-z0-9_]{1,255}|ghr_[A-Za-z0-9_]{1,255}|github_pat_[A-Za-z0-9_]{1,255})\b/g;
+var EMBEDDED_TOKEN_PATTERN = /x-access-token:[^@\s]+@/g;
+var AUTH_HEADER_PATTERN = /(Authorization:)\s*(?:token|Bearer)\s+[^\s,;'"]+/gi;
+function sanitizeTokens(input) {
+  return input.replace(GITHUB_TOKEN_PATTERN, "***").replace(EMBEDDED_TOKEN_PATTERN, "x-access-token:***@").replace(AUTH_HEADER_PATTERN, "$1 ***");
+}
+
+// src/codebase.ts
+var VALID_NAME_PATTERN = /^[a-zA-Z0-9._-]+$/;
+function cloneOrUpdate(owner, repo, prNumber, baseDir, githubToken, taskId) {
+  validatePathSegment(owner, "owner");
+  validatePathSegment(repo, "repo");
+  if (taskId) {
+    validatePathSegment(taskId, "taskId");
+  }
+  const repoDir = taskId ? path2.join(baseDir, owner, repo, taskId) : path2.join(baseDir, owner, repo);
+  const cloneUrl = buildCloneUrl(owner, repo, githubToken);
+  let cloned = false;
+  if (!fs2.existsSync(path2.join(repoDir, ".git"))) {
+    fs2.mkdirSync(repoDir, { recursive: true });
+    git(["clone", "--depth", "1", cloneUrl, repoDir]);
+    cloned = true;
+  }
+  git(["fetch", "--force", "--depth", "1", "origin", `pull/${prNumber}/head`], repoDir);
+  git(["checkout", "FETCH_HEAD"], repoDir);
+  return { localPath: repoDir, cloned };
+}
+function cleanupTaskDir(dirPath) {
+  if (!path2.isAbsolute(dirPath) || dirPath.split(path2.sep).filter(Boolean).length < 3) {
+    return;
+  }
+  try {
+    fs2.rmSync(dirPath, { recursive: true, force: true });
+  } catch (err) {
+    if (err?.code !== "ENOENT") {
+      console.warn(`[cleanup] Failed to remove ${dirPath}: ${err.message}`);
+    }
+  }
+}
+function validatePathSegment(segment, name) {
+  if (!VALID_NAME_PATTERN.test(segment) || segment === "." || segment === "..") {
+    throw new Error(`Invalid ${name}: '${segment}' contains disallowed characters`);
+  }
+}
+function buildCloneUrl(owner, repo, githubToken) {
+  if (githubToken) {
+    return `https://x-access-token:${githubToken}@github.com/${owner}/${repo}.git`;
+  }
+  return `https://github.com/${owner}/${repo}.git`;
+}
+function git(args, cwd) {
+  try {
+    return execFileSync("git", args, {
+      cwd,
+      encoding: "utf-8",
+      timeout: 12e4,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    throw new Error(sanitizeTokens(message));
+  }
+}
+
+// src/github-auth.ts
+import { execSync } from "child_process";
+function getGhCliToken() {
+  try {
+    const result = execSync("gh auth token", {
+      timeout: 5e3,
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "ignore"]
+    });
+    const token = result.trim();
+    return token.length > 0 ? token : null;
+  } catch {
+    return null;
+  }
+}
+function resolveGithubToken2(configToken, deps = {}) {
+  const getEnv = deps.getEnv ?? ((key) => process.env[key]);
+  const getGhToken = deps.getGhToken ?? getGhCliToken;
+  const envToken = getEnv("GITHUB_TOKEN");
+  if (envToken) {
+    return { token: envToken, method: "env" };
+  }
+  const ghToken = getGhToken();
+  if (ghToken) {
+    return { token: ghToken, method: "gh-cli" };
+  }
+  if (configToken) {
+    return { token: configToken, method: "config" };
+  }
+  return { token: null, method: "none" };
+}
+var AUTH_LOG_MESSAGES = {
+  env: "GitHub auth: using GITHUB_TOKEN env var",
+  "gh-cli": "GitHub auth: using gh CLI token",
+  config: "GitHub auth: using config github_token",
+  none: "GitHub auth: none (public repos only)"
+};
+function logAuthMethod(method, log) {
+  log(AUTH_LOG_MESSAGES[method]);
 }
 
 // src/http.ts
@@ -142,9 +274,8 @@ var HttpError = class extends Error {
   }
 };
 var ApiClient = class {
-  constructor(baseUrl, apiKey = null, debug) {
+  constructor(baseUrl, debug) {
     this.baseUrl = baseUrl;
-    this.apiKey = apiKey;
     this.debug = debug ?? process.env.OPENCARA_DEBUG === "1";
   }
   debug;
@@ -152,32 +283,28 @@ var ApiClient = class {
     if (this.debug) console.debug(`[ApiClient] ${msg}`);
   }
   headers() {
-    const h = {
+    return {
       "Content-Type": "application/json"
     };
-    if (this.apiKey) {
-      h["Authorization"] = `Bearer ${this.apiKey}`;
-    }
-    return h;
   }
-  async get(path3) {
-    this.log(`GET ${path3}`);
-    const res = await fetch(`${this.baseUrl}${path3}`, {
+  async get(path5) {
+    this.log(`GET ${path5}`);
+    const res = await fetch(`${this.baseUrl}${path5}`, {
       method: "GET",
       headers: this.headers()
     });
-    return this.handleResponse(res, path3);
+    return this.handleResponse(res, path5);
   }
-  async post(path3, body) {
-    this.log(`POST ${path3}`);
-    const res = await fetch(`${this.baseUrl}${path3}`, {
+  async post(path5, body) {
+    this.log(`POST ${path5}`);
+    const res = await fetch(`${this.baseUrl}${path5}`, {
       method: "POST",
       headers: this.headers(),
       body: body !== void 0 ? JSON.stringify(body) : void 0
     });
-    return this.handleResponse(res, path3);
+    return this.handleResponse(res, path5);
   }
-  async handleResponse(res, path3) {
+  async handleResponse(res, path5) {
     if (!res.ok) {
       let message = `HTTP ${res.status}`;
       try {
@@ -185,15 +312,21 @@ var ApiClient = class {
         if (body.error) message = body.error;
       } catch {
       }
-      this.log(`${res.status} ${message} (${path3})`);
+      this.log(`${res.status} ${message} (${path5})`);
       throw new HttpError(res.status, message);
     }
-    this.log(`${res.status} OK (${path3})`);
+    this.log(`${res.status} OK (${path5})`);
     return await res.json();
   }
 };
 
 // src/retry.ts
+var NonRetryableError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "NonRetryableError";
+  }
+};
 var DEFAULT_RETRY = {
   maxAttempts: 3,
   baseDelayMs: 1e3,
@@ -207,9 +340,11 @@ async function withRetry(fn, options = {}, signal) {
     try {
       return await fn();
     } catch (err) {
+      if (err instanceof NonRetryableError) throw err;
       lastError = err;
       if (attempt < opts.maxAttempts - 1) {
-        const delay = Math.min(opts.baseDelayMs * Math.pow(2, attempt), opts.maxDelayMs);
+        const baseDelay = Math.min(opts.baseDelayMs * Math.pow(2, attempt), opts.maxDelayMs);
+        const delay = Math.round(baseDelay * (0.7 + Math.random() * 0.6));
         await sleep(delay, signal);
       }
     }
@@ -235,9 +370,9 @@ function sleep(ms, signal) {
 }
 
 // src/tool-executor.ts
-import { spawn, execFileSync } from "child_process";
-import * as fs2 from "fs";
-import * as path2 from "path";
+import { spawn, execFileSync as execFileSync2 } from "child_process";
+import * as fs3 from "fs";
+import * as path3 from "path";
 var ToolTimeoutError = class extends Error {
   constructor(message) {
     super(message);
@@ -248,9 +383,9 @@ var MIN_PARTIAL_RESULT_LENGTH = 50;
 var MAX_STDERR_LENGTH = 1e3;
 function validateCommandBinary(commandTemplate) {
   const { command } = parseCommandTemplate(commandTemplate);
-  if (path2.isAbsolute(command)) {
+  if (path3.isAbsolute(command)) {
     try {
-      fs2.accessSync(command, fs2.constants.X_OK);
+      fs3.accessSync(command, fs3.constants.X_OK);
       return true;
     } catch {
       return false;
@@ -259,9 +394,9 @@ function validateCommandBinary(commandTemplate) {
   try {
     const isWindows = process.platform === "win32";
     if (isWindows) {
-      execFileSync("where", [command], { stdio: "pipe" });
+      execFileSync2("where", [command], { stdio: "pipe" });
     } else {
-      execFileSync("sh", ["-c", 'command -v -- "$1"', "_", command], { stdio: "pipe" });
+      execFileSync2("sh", ["-c", 'command -v -- "$1"', "_", command], { stdio: "pipe" });
     }
     return true;
   } catch {
@@ -324,9 +459,12 @@ function parseTokenUsage(stdout, stderr) {
   if (qwenMatch) return { tokens: parseInt(qwenMatch[1], 10), parsed: true };
   return { tokens: estimateTokens(stdout), parsed: false };
 }
-function executeTool(commandTemplate, prompt, timeoutMs, signal, vars) {
+function executeTool(commandTemplate, prompt, timeoutMs, signal, vars, cwd) {
   const promptViaArg = commandTemplate.includes("${PROMPT}");
   const allVars = { ...vars, PROMPT: prompt };
+  if (cwd && !allVars["CODEBASE_DIR"]) {
+    allVars["CODEBASE_DIR"] = cwd;
+  }
   const { command, args } = parseCommandTemplate(commandTemplate, allVars);
   return new Promise((resolve2, reject) => {
     if (signal?.aborted) {
@@ -334,7 +472,8 @@ function executeTool(commandTemplate, prompt, timeoutMs, signal, vars) {
       return;
     }
     const child = spawn(command, args, {
-      stdio: ["pipe", "pipe", "pipe"]
+      stdio: ["pipe", "pipe", "pipe"],
+      cwd
     });
     let stdout = "";
     let stderr = "";
@@ -412,6 +551,26 @@ function executeTool(commandTemplate, prompt, timeoutMs, signal, vars) {
     });
   });
 }
+var TEST_COMMAND_PROMPT = "Respond with: OK";
+var TEST_COMMAND_TIMEOUT_MS = 1e4;
+async function testCommand(commandTemplate) {
+  const start = Date.now();
+  try {
+    await executeTool(commandTemplate, TEST_COMMAND_PROMPT, TEST_COMMAND_TIMEOUT_MS);
+    return { ok: true, elapsedMs: Date.now() - start };
+  } catch (err) {
+    const elapsed = Date.now() - start;
+    if (err instanceof ToolTimeoutError) {
+      return {
+        ok: false,
+        elapsedMs: elapsed,
+        error: `command timed out after ${TEST_COMMAND_TIMEOUT_MS / 1e3}s`
+      };
+    }
+    const msg = err instanceof Error ? err.message : String(err);
+    return { ok: false, elapsedMs: elapsed, error: msg };
+  }
+}
 
 // src/review.ts
 var TIMEOUT_SAFETY_MARGIN_MS = 3e4;
@@ -505,7 +664,9 @@ ${userMessage}`;
       deps.commandTemplate,
       fullPrompt,
       effectiveTimeout,
-      abortController.signal
+      abortController.signal,
+      void 0,
+      deps.codebaseDir ?? void 0
     );
     const { verdict, review } = extractVerdict(result.stdout);
     const inputTokens = result.tokensParsed ? 0 : estimateTokens(fullPrompt);
@@ -622,7 +783,9 @@ ${userMessage}`;
       deps.commandTemplate,
       fullPrompt,
       effectiveTimeout,
-      abortController.signal
+      abortController.signal,
+      void 0,
+      deps.codebaseDir ?? void 0
     );
     const inputTokens = result.tokensParsed ? 0 : estimateTokens(fullPrompt);
     return {
@@ -802,13 +965,45 @@ function formatPostReviewStats(session) {
 var DEFAULT_POLL_INTERVAL_MS = 1e4;
 var MAX_CONSECUTIVE_AUTH_ERRORS = 3;
 var MAX_POLL_BACKOFF_MS = 3e5;
-async function fetchDiff(diffUrl, signal) {
-  const patchUrl = diffUrl.endsWith(".diff") ? diffUrl : `${diffUrl}.diff`;
+function createLogger(label) {
+  const prefix = label ? `[${label}] ` : "";
+  return {
+    log: (msg) => console.log(`${prefix}${sanitizeTokens(msg)}`),
+    logError: (msg) => console.error(`${prefix}${sanitizeTokens(msg)}`),
+    logWarn: (msg) => console.warn(`${prefix}${sanitizeTokens(msg)}`)
+  };
+}
+var NON_RETRYABLE_STATUSES = /* @__PURE__ */ new Set([401, 403, 404]);
+function toApiDiffUrl(webUrl) {
+  const match = webUrl.match(/^https?:\/\/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)(?:\.diff)?$/);
+  if (!match) return null;
+  const [, owner, repo, prNumber] = match;
+  return `https://api.github.com/repos/${owner}/${repo}/pulls/${prNumber}`;
+}
+async function fetchDiff(diffUrl, githubToken, signal) {
   return withRetry(
     async () => {
-      const response = await fetch(patchUrl);
+      const headers = {};
+      let url;
+      const apiUrl = githubToken ? toApiDiffUrl(diffUrl) : null;
+      if (apiUrl && githubToken) {
+        url = apiUrl;
+        headers["Authorization"] = `Bearer ${githubToken}`;
+        headers["Accept"] = "application/vnd.github.v3.diff";
+      } else {
+        url = diffUrl.endsWith(".diff") ? diffUrl : `${diffUrl}.diff`;
+        if (githubToken) {
+          headers["Authorization"] = `Bearer ${githubToken}`;
+        }
+      }
+      const response = await fetch(url, { headers, signal });
       if (!response.ok) {
-        throw new Error(`Failed to fetch diff: ${response.status} ${response.statusText}`);
+        const msg = `Failed to fetch diff: ${response.status} ${response.statusText}`;
+        if (NON_RETRYABLE_STATUSES.has(response.status)) {
+          const hint = response.status === 404 ? ". If this is a private repo, configure github_token in ~/.opencara/config.yml" : "";
+          throw new NonRetryableError(`${msg}${hint}`);
+        }
+        throw new Error(msg);
       }
       return response.text();
     },
@@ -816,11 +1011,14 @@ async function fetchDiff(diffUrl, signal) {
     signal
   );
 }
-async function pollLoop(client, agentId, reviewDeps, consumptionDeps, agentInfo, options) {
-  const { pollIntervalMs, routerRelay, reviewOnly, signal } = options;
-  console.log(`Agent ${agentId} polling every ${pollIntervalMs / 1e3}s...`);
+var MAX_DIFF_FETCH_ATTEMPTS = 3;
+async function pollLoop(client, agentId, reviewDeps, consumptionDeps, agentInfo, logger, options) {
+  const { pollIntervalMs, maxConsecutiveErrors, routerRelay, reviewOnly, repoConfig, signal } = options;
+  const { log, logError, logWarn } = logger;
+  log(`Agent ${agentId} polling every ${pollIntervalMs / 1e3}s...`);
   let consecutiveAuthErrors = 0;
   let consecutiveErrors = 0;
+  const diffFailCounts = /* @__PURE__ */ new Map();
   while (!signal?.aborted) {
     try {
       const pollBody = { agent_id: agentId };
@@ -828,35 +1026,53 @@ async function pollLoop(client, agentId, reviewDeps, consumptionDeps, agentInfo,
       const pollResponse = await client.post("/api/tasks/poll", pollBody);
       consecutiveAuthErrors = 0;
       consecutiveErrors = 0;
-      if (pollResponse.tasks.length > 0) {
-        const task = pollResponse.tasks[0];
-        await handleTask(
+      const eligibleTasks = repoConfig ? pollResponse.tasks.filter((t) => isRepoAllowed(repoConfig, t.owner, t.repo)) : pollResponse.tasks;
+      const task = eligibleTasks.find(
+        (t) => (diffFailCounts.get(t.task_id) ?? 0) < MAX_DIFF_FETCH_ATTEMPTS
+      );
+      if (task) {
+        const result = await handleTask(
           client,
           agentId,
           task,
           reviewDeps,
           consumptionDeps,
           agentInfo,
+          logger,
           routerRelay,
           signal
         );
+        if (result.diffFetchFailed) {
+          const count = (diffFailCounts.get(task.task_id) ?? 0) + 1;
+          diffFailCounts.set(task.task_id, count);
+          if (count >= MAX_DIFF_FETCH_ATTEMPTS) {
+            logWarn(`  Skipping task ${task.task_id} after ${count} diff fetch failures`);
+          }
+        }
       }
     } catch (err) {
       if (signal?.aborted) break;
       if (err instanceof HttpError && (err.status === 401 || err.status === 403)) {
         consecutiveAuthErrors++;
         consecutiveErrors++;
-        console.error(
+        logError(
           `Auth error (${err.status}): ${err.message} [${consecutiveAuthErrors}/${MAX_CONSECUTIVE_AUTH_ERRORS}]`
         );
         if (consecutiveAuthErrors >= MAX_CONSECUTIVE_AUTH_ERRORS) {
-          console.error("Authentication failed repeatedly. Exiting.");
+          logError("Authentication failed repeatedly. Exiting.");
           break;
         }
       } else {
         consecutiveAuthErrors = 0;
         consecutiveErrors++;
-        console.error(`Poll error: ${err.message}`);
+        logError(`Poll error: ${err.message}`);
+      }
+      if (consecutiveErrors >= maxConsecutiveErrors) {
+        logError(
+          `Too many consecutive errors (${consecutiveErrors}/${maxConsecutiveErrors}). Shutting down.`
+        );
+        process.exitCode = 1;
+        break;
       }
       if (consecutiveErrors > 0) {
         const backoff = Math.min(
@@ -865,7 +1081,7 @@ async function pollLoop(client, agentId, reviewDeps, consumptionDeps, agentInfo,
         );
         const extraDelay = backoff - pollIntervalMs;
         if (extraDelay > 0) {
-          console.warn(
+          logWarn(
             `Poll failed (${consecutiveErrors} consecutive). Next poll in ${Math.round(backoff / 1e3)}s`
           );
           await sleep2(extraDelay, signal);
@@ -875,10 +1091,12 @@ async function pollLoop(client, agentId, reviewDeps, consumptionDeps, agentInfo,
     await sleep2(pollIntervalMs, signal);
   }
 }
-async function handleTask(client, agentId, task, reviewDeps, consumptionDeps, agentInfo, routerRelay, signal) {
+async function handleTask(client, agentId, task, reviewDeps, consumptionDeps, agentInfo, logger, routerRelay, signal) {
   const { task_id, owner, repo, pr_number, diff_url, timeout_seconds, prompt, role } = task;
-  console.log(`
+  const { log, logError, logWarn } = logger;
+  log(`
 Task ${task_id}: PR #${pr_number} on ${owner}/${repo} (role: ${role})`);
+  log(`  https://github.com/${owner}/${repo}/pull/${pr_number}`);
   let claimResponse;
   try {
     claimResponse = await withRetry(
@@ -893,22 +1111,65 @@ Task ${task_id}: PR #${pr_number} on ${owner}/${repo} (role: ${role})`);
     );
   } catch (err) {
     const status = err instanceof HttpError ? ` (${err.status})` : "";
-    console.error(`  Failed to claim task ${task_id}${status}: ${err.message}`);
-    return;
+    logError(`  Failed to claim task ${task_id}${status}: ${err.message}`);
+    return {};
   }
   if (!claimResponse.claimed) {
-    console.log(`  Claim rejected: ${claimResponse.reason}`);
-    return;
+    log(`  Claim rejected: ${claimResponse.reason}`);
+    return {};
   }
-  console.log(`  Claimed as ${role}`);
+  log(`  Claimed as ${role}`);
   let diffContent;
   try {
-    diffContent = await fetchDiff(diff_url, signal);
-    console.log(`  Diff fetched (${Math.round(diffContent.length / 1024)}KB)`);
+    diffContent = await fetchDiff(diff_url, reviewDeps.githubToken, signal);
+    log(`  Diff fetched (${Math.round(diffContent.length / 1024)}KB)`);
   } catch (err) {
-    console.error(`  Failed to fetch diff for task ${task_id}: ${err.message}`);
-    await safeReject(client, task_id, agentId, `Cannot access diff: ${err.message}`);
-    return;
+    logError(`  Failed to fetch diff for task ${task_id}: ${err.message}`);
+    await safeReject(
+      client,
+      task_id,
+      agentId,
+      `Cannot access diff: ${err.message}`,
+      logger
+    );
+    return { diffFetchFailed: true };
+  }
+  let taskReviewDeps = reviewDeps;
+  let taskCheckoutPath = null;
+  if (reviewDeps.codebaseDir) {
+    try {
+      const result = cloneOrUpdate(
+        owner,
+        repo,
+        pr_number,
+        reviewDeps.codebaseDir,
+        reviewDeps.githubToken,
+        task_id
+      );
+      log(`  Codebase ${result.cloned ? "cloned" : "updated"}: ${result.localPath}`);
+      taskCheckoutPath = result.localPath;
+      taskReviewDeps = { ...reviewDeps, codebaseDir: result.localPath };
+    } catch (err) {
+      logWarn(
+        `  Warning: codebase clone failed: ${err.message}. Continuing with diff-only review.`
+      );
+      taskReviewDeps = { ...reviewDeps, codebaseDir: null };
+    }
+  } else {
+    try {
+      validatePathSegment(owner, "owner");
+      validatePathSegment(repo, "repo");
+      validatePathSegment(task_id, "task_id");
+      const repoScopedDir = path4.join(CONFIG_DIR, "repos", owner, repo, task_id);
+      fs4.mkdirSync(repoScopedDir, { recursive: true });
+      taskCheckoutPath = repoScopedDir;
+      taskReviewDeps = { ...reviewDeps, codebaseDir: repoScopedDir };
+      log(`  Working directory: ${repoScopedDir}`);
+    } catch (err) {
+      logWarn(
+        `  Warning: failed to create working directory: ${err.message}. Continuing without scoped cwd.`
+      );
+    }
   }
   try {
     if (role === "summary" && "reviews" in claimResponse && claimResponse.reviews) {
@@ -923,8 +1184,9 @@ Task ${task_id}: PR #${pr_number} on ${owner}/${repo} (role: ${role})`);
         prompt,
         timeout_seconds,
         claimResponse.reviews,
-        reviewDeps,
+        taskReviewDeps,
         consumptionDeps,
+        logger,
         routerRelay,
         signal
       );
@@ -939,50 +1201,64 @@ Task ${task_id}: PR #${pr_number} on ${owner}/${repo} (role: ${role})`);
         diffContent,
         prompt,
         timeout_seconds,
-        reviewDeps,
+        taskReviewDeps,
         consumptionDeps,
+        logger,
         routerRelay,
         signal
       );
     }
   } catch (err) {
     if (err instanceof DiffTooLargeError || err instanceof InputTooLargeError) {
-      console.error(`  ${err.message}`);
-      await safeReject(client, task_id, agentId, err.message);
+      logError(`  ${err.message}`);
+      await safeReject(client, task_id, agentId, err.message, logger);
     } else {
-      console.error(`  Error on task ${task_id}: ${err.message}`);
-      await safeError(client, task_id, agentId, err.message);
+      logError(`  Error on task ${task_id}: ${err.message}`);
+      await safeError(client, task_id, agentId, err.message, logger);
+    }
+  } finally {
+    if (taskCheckoutPath) {
+      cleanupTaskDir(taskCheckoutPath);
     }
   }
+  return {};
 }
-async function safeReject(client, taskId, agentId, reason) {
+async function safeReject(client, taskId, agentId, reason, logger) {
   try {
     await withRetry(
-      () => client.post(`/api/tasks/${taskId}/reject`, { agent_id: agentId, reason }),
+      () => client.post(`/api/tasks/${taskId}/reject`, {
+        agent_id: agentId,
+        reason: sanitizeTokens(reason)
+      }),
       { maxAttempts: 2 }
     );
   } catch (err) {
-    console.error(
+    logger.logError(
       `  Failed to report rejection for task ${taskId}: ${err.message} (logged locally)`
     );
   }
 }
-async function safeError(client, taskId, agentId, error) {
+async function safeError(client, taskId, agentId, error, logger) {
   try {
-    await withRetry(() => client.post(`/api/tasks/${taskId}/error`, { agent_id: agentId, error }), {
-      maxAttempts: 2
-    });
+    await withRetry(
+      () => client.post(`/api/tasks/${taskId}/error`, {
+        agent_id: agentId,
+        error: sanitizeTokens(error)
+      }),
+      { maxAttempts: 2 }
+    );
   } catch (err) {
-    console.error(
+    logger.logError(
       `  Failed to report error for task ${taskId}: ${err.message} (logged locally)`
     );
   }
 }
-async function executeReviewTask(client, agentId, taskId, owner, repo, prNumber, diffContent, prompt, timeoutSeconds, reviewDeps, consumptionDeps, routerRelay, signal) {
+async function executeReviewTask(client, agentId, taskId, owner, repo, prNumber, diffContent, prompt, timeoutSeconds, reviewDeps, consumptionDeps, logger, routerRelay, signal) {
   let reviewText;
   let verdict;
   let tokensUsed;
   if (routerRelay) {
+    logger.log(`  Executing review command: [router mode]`);
     const fullPrompt = routerRelay.buildReviewPrompt({
       owner,
       repo,
@@ -1001,6 +1277,7 @@ async function executeReviewTask(client, agentId, taskId, owner, repo, prNumber,
     verdict = parsed.verdict;
     tokensUsed = estimateTokens(fullPrompt) + estimateTokens(response);
   } else {
+    logger.log(`  Executing review command: ${reviewDeps.commandTemplate}`);
     const result = await executeReview(
       {
         taskId,
@@ -1018,11 +1295,12 @@ async function executeReviewTask(client, agentId, taskId, owner, repo, prNumber,
     verdict = result.verdict;
     tokensUsed = result.tokensUsed;
   }
+  const sanitizedReview = sanitizeTokens(reviewText);
   await withRetry(
     () => client.post(`/api/tasks/${taskId}/result`, {
       agent_id: agentId,
       type: "review",
-      review_text: reviewText,
+      review_text: sanitizedReview,
       verdict,
       tokens_used: tokensUsed
     }),
@@ -1030,26 +1308,68 @@ async function executeReviewTask(client, agentId, taskId, owner, repo, prNumber,
     signal
   );
   recordSessionUsage(consumptionDeps.session, tokensUsed);
-  console.log(`  Review submitted (${tokensUsed.toLocaleString()} tokens)`);
-  console.log(formatPostReviewStats(consumptionDeps.session));
+  logger.log(`  Review submitted (${tokensUsed.toLocaleString()} tokens)`);
+  logger.log(formatPostReviewStats(consumptionDeps.session));
 }
-async function executeSummaryTask(client, agentId, taskId, owner, repo, prNumber, diffContent, prompt, timeoutSeconds, reviews, reviewDeps, consumptionDeps, routerRelay, signal) {
+async function executeSummaryTask(client, agentId, taskId, owner, repo, prNumber, diffContent, prompt, timeoutSeconds, reviews, reviewDeps, consumptionDeps, logger, routerRelay, signal) {
   if (reviews.length === 0) {
-    return executeReviewTask(
-      client,
-      agentId,
-      taskId,
-      owner,
-      repo,
-      prNumber,
-      diffContent,
-      prompt,
-      timeoutSeconds,
-      reviewDeps,
-      consumptionDeps,
-      routerRelay,
+    let reviewText;
+    let verdict;
+    let tokensUsed2;
+    if (routerRelay) {
+      logger.log(`  Executing summary command: [router mode]`);
+      const fullPrompt = routerRelay.buildReviewPrompt({
+        owner,
+        repo,
+        reviewMode: "full",
+        prompt,
+        diffContent
+      });
+      const response = await routerRelay.sendPrompt(
+        "review_request",
+        taskId,
+        fullPrompt,
+        timeoutSeconds
+      );
+      const parsed = routerRelay.parseReviewResponse(response);
+      reviewText = parsed.review;
+      verdict = parsed.verdict;
+      tokensUsed2 = estimateTokens(fullPrompt) + estimateTokens(response);
+    } else {
+      logger.log(`  Executing summary command: ${reviewDeps.commandTemplate}`);
+      const result = await executeReview(
+        {
+          taskId,
+          diffContent,
+          prompt,
+          owner,
+          repo,
+          prNumber,
+          timeout: timeoutSeconds,
+          reviewMode: "full"
+        },
+        reviewDeps
+      );
+      reviewText = result.review;
+      verdict = result.verdict;
+      tokensUsed2 = result.tokensUsed;
+    }
+    const sanitizedReview = sanitizeTokens(reviewText);
+    await withRetry(
+      () => client.post(`/api/tasks/${taskId}/result`, {
+        agent_id: agentId,
+        type: "summary",
+        review_text: sanitizedReview,
+        verdict,
+        tokens_used: tokensUsed2
+      }),
+      { maxAttempts: 3 },
       signal
     );
+    recordSessionUsage(consumptionDeps.session, tokensUsed2);
+    logger.log(`  Review submitted as summary (${tokensUsed2.toLocaleString()} tokens)`);
+    logger.log(formatPostReviewStats(consumptionDeps.session));
+    return;
   }
   const summaryReviews = reviews.map((r) => ({
     agentId: r.agent_id,
@@ -1061,6 +1381,7 @@ async function executeSummaryTask(client, agentId, taskId, owner, repo, prNumber
   let summaryText;
   let tokensUsed;
   if (routerRelay) {
+    logger.log(`  Executing summary command: [router mode]`);
     const fullPrompt = routerRelay.buildSummaryPrompt({
       owner,
       repo,
@@ -1077,6 +1398,7 @@ async function executeSummaryTask(client, agentId, taskId, owner, repo, prNumber
     summaryText = response;
     tokensUsed = estimateTokens(fullPrompt) + estimateTokens(response);
   } else {
+    logger.log(`  Executing summary command: ${reviewDeps.commandTemplate}`);
     const result = await executeSummary(
       {
         taskId,
@@ -1093,19 +1415,20 @@ async function executeSummaryTask(client, agentId, taskId, owner, repo, prNumber
     summaryText = result.summary;
     tokensUsed = result.tokensUsed;
   }
+  const sanitizedSummary = sanitizeTokens(summaryText);
   await withRetry(
     () => client.post(`/api/tasks/${taskId}/result`, {
       agent_id: agentId,
       type: "summary",
-      review_text: summaryText,
+      review_text: sanitizedSummary,
       tokens_used: tokensUsed
     }),
     { maxAttempts: 3 },
     signal
   );
   recordSessionUsage(consumptionDeps.session, tokensUsed);
-  console.log(`  Summary submitted (${tokensUsed.toLocaleString()} tokens)`);
-  console.log(formatPostReviewStats(consumptionDeps.session));
+  logger.log(`  Summary submitted (${tokensUsed.toLocaleString()} tokens)`);
+  logger.log(formatPostReviewStats(consumptionDeps.session));
 }
 function sleep2(ms, signal) {
   return new Promise((resolve2) => {
@@ -1127,29 +1450,42 @@ function sleep2(ms, signal) {
 async function startAgent(agentId, platformUrl, agentInfo, reviewDeps, consumptionDeps, options) {
   const client = new ApiClient(platformUrl);
   const session = consumptionDeps?.session ?? createSessionTracker();
-  const deps = consumptionDeps ?? { agentId, limits: null, session };
-  console.log(`Agent ${agentId} starting...`);
-  console.log(`Platform: ${platformUrl}`);
-  console.log(`Model: ${agentInfo.model} | Tool: ${agentInfo.tool}`);
+  const deps = consumptionDeps ?? { agentId, session };
+  const logger = createLogger(options?.label);
+  const { log, logError, logWarn } = logger;
+  log(`Agent ${agentId} starting...`);
+  log(`Platform: ${platformUrl}`);
+  log(`Model: ${agentInfo.model} | Tool: ${agentInfo.tool}`);
   if (!reviewDeps) {
-    console.error("No review command configured. Set command in config.yml");
+    logError("No review command configured. Set command in config.yml");
     return;
   }
+  if (reviewDeps.commandTemplate && !options?.routerRelay) {
+    log("Testing command...");
+    const result = await testCommand(reviewDeps.commandTemplate);
+    if (result.ok) {
+      log(`Testing command... ok (${(result.elapsedMs / 1e3).toFixed(1)}s)`);
+    } else {
+      logWarn(`Warning: command test failed (${result.error}). Reviews may fail.`);
+    }
+  }
   const abortController = new AbortController();
   process.on("SIGINT", () => {
-    console.log("\nShutting down...");
+    log("\nShutting down...");
     abortController.abort();
   });
   process.on("SIGTERM", () => {
     abortController.abort();
   });
-  await pollLoop(client, agentId, reviewDeps, deps, agentInfo, {
+  await pollLoop(client, agentId, reviewDeps, deps, agentInfo, logger, {
     pollIntervalMs: options?.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS,
+    maxConsecutiveErrors: options?.maxConsecutiveErrors ?? DEFAULT_MAX_CONSECUTIVE_ERRORS,
     routerRelay: options?.routerRelay,
     reviewOnly: options?.reviewOnly,
+    repoConfig: options?.repoConfig,
     signal: abortController.signal
   });
-  console.log("Agent stopped.");
+  log("Agent stopped.");
 }
 async function startAgentRouter() {
   const config = loadConfig();
@@ -1164,14 +1500,21 @@ async function startAgentRouter() {
   }
   const router = new RouterRelay();
   router.start();
+  const configToken = resolveGithubToken(agentConfig?.github_token, config.githubToken);
+  const auth = resolveGithubToken2(configToken);
+  const logger = createLogger(agentConfig?.name ?? "agent[0]");
+  logAuthMethod(auth.method, logger.log);
+  const codebaseDir = resolveCodebaseDir(agentConfig?.codebase_dir, config.codebaseDir);
   const reviewDeps = {
     commandTemplate: commandTemplate ?? "",
-    maxDiffSizeKb: config.maxDiffSizeKb
+    maxDiffSizeKb: config.maxDiffSizeKb,
+    githubToken: auth.token,
+    codebaseDir
   };
   const session = createSessionTracker();
-  const limits = agentConfig ? resolveAgentLimits(agentConfig.limits, config.limits) : config.limits;
   const model = agentConfig?.model ?? "unknown";
   const tool = agentConfig?.tool ?? "unknown";
+  const label = agentConfig?.name ?? "agent[0]";
   await startAgent(
     agentId,
     config.platformUrl,
@@ -1179,47 +1522,52 @@ async function startAgentRouter() {
     reviewDeps,
     {
       agentId,
-      limits,
       session
     },
     {
+      maxConsecutiveErrors: config.maxConsecutiveErrors,
       routerRelay: router,
-      reviewOnly: agentConfig?.review_only
+      reviewOnly: agentConfig?.review_only,
+      repoConfig: agentConfig?.repos,
+      label
     }
   );
   router.stop();
 }
-var agentCommand = new Command("agent").description("Manage review agents");
-agentCommand.command("start").description("Start an agent in polling mode").option("--poll-interval <seconds>", "Poll interval in seconds", "10").option("--agent <index>", "Agent index from config.yml (0-based)", "0").action(async (opts) => {
-  const config = loadConfig();
-  const pollIntervalMs = parseInt(opts.pollInterval, 10) * 1e3;
-  const agentIndex = parseInt(opts.agent, 10);
+function startAgentByIndex(config, agentIndex, pollIntervalMs, auth) {
   const agentId = crypto.randomUUID();
   let commandTemplate;
-  let limits = config.limits;
   let agentConfig;
   if (config.agents && config.agents.length > agentIndex) {
     agentConfig = config.agents[agentIndex];
     commandTemplate = agentConfig.command ?? config.agentCommand ?? void 0;
-    limits = resolveAgentLimits(agentConfig.limits, config.limits);
   } else {
     commandTemplate = config.agentCommand ?? void 0;
   }
+  const label = agentConfig?.name ?? `agent[${agentIndex}]`;
   if (!commandTemplate) {
+    console.error(`[${label}] No command configured. Skipping.`);
+    return null;
+  }
+  if (!validateCommandBinary(commandTemplate)) {
     console.error(
-      "No command configured. Set agent_command or agents[].command in ~/.opencara/config.yml"
+      `[${label}] Command binary not found: ${commandTemplate.split(" ")[0]}. Skipping.`
     );
-    process.exit(1);
-    return;
+    return null;
   }
-  if (!validateCommandBinary(commandTemplate)) {
-    console.error(`Command binary not found: ${commandTemplate.split(" ")[0]}`);
-    process.exit(1);
-    return;
+  let githubToken;
+  if (auth.method === "env" || auth.method === "gh-cli") {
+    githubToken = auth.token;
+  } else {
+    const configToken = agentConfig ? resolveGithubToken(agentConfig.github_token, config.githubToken) : config.githubToken;
+    githubToken = configToken;
   }
+  const codebaseDir = resolveCodebaseDir(agentConfig?.codebase_dir, config.codebaseDir);
   const reviewDeps = {
     commandTemplate,
-    maxDiffSizeKb: config.maxDiffSizeKb
+    maxDiffSizeKb: config.maxDiffSizeKb,
+    githubToken,
+    codebaseDir
   };
   const isRouter = agentConfig?.router === true;
   let routerRelay;
@@ -1230,30 +1578,90 @@ agentCommand.command("start").description("Start an agent in polling mode").opti
   const session = createSessionTracker();
   const model = agentConfig?.model ?? "unknown";
   const tool = agentConfig?.tool ?? "unknown";
-  try {
-    await startAgent(
-      agentId,
-      config.platformUrl,
-      { model, tool },
-      reviewDeps,
-      {
-        agentId,
-        limits,
-        session
-      },
-      {
-        pollIntervalMs,
-        routerRelay,
-        reviewOnly: agentConfig?.review_only
-      }
-    );
-  } finally {
+  const agentPromise = startAgent(
+    agentId,
+    config.platformUrl,
+    { model, tool },
+    reviewDeps,
+    { agentId, session },
+    {
+      pollIntervalMs,
+      maxConsecutiveErrors: config.maxConsecutiveErrors,
+      routerRelay,
+      reviewOnly: agentConfig?.review_only,
+      repoConfig: agentConfig?.repos,
+      label
+    }
+  ).finally(() => {
     routerRelay?.stop();
+  });
+  return agentPromise;
+}
+var agentCommand = new Command("agent").description("Manage review agents");
+agentCommand.command("start").description("Start agents in polling mode").option("--poll-interval <seconds>", "Poll interval in seconds", "10").option("--agent <index>", "Agent index from config.yml (0-based)", "0").option("--all", "Start all configured agents concurrently").action(async (opts) => {
+  const config = loadConfig();
+  const pollIntervalMs = parseInt(opts.pollInterval, 10) * 1e3;
+  const configToken = resolveGithubToken(void 0, config.githubToken);
+  const auth = resolveGithubToken2(configToken);
+  logAuthMethod(auth.method, console.log.bind(console));
+  if (opts.all) {
+    if (!config.agents || config.agents.length === 0) {
+      console.error("No agents configured in ~/.opencara/config.yml");
+      process.exit(1);
+      return;
+    }
+    console.log(`Starting ${config.agents.length} agent(s)...`);
+    const promises = [];
+    let startFailed = false;
+    for (let i = 0; i < config.agents.length; i++) {
+      const p = startAgentByIndex(config, i, pollIntervalMs, auth);
+      if (p) {
+        promises.push(p);
+      } else {
+        startFailed = true;
+      }
+    }
+    if (promises.length === 0) {
+      console.error("No agents could be started. Check your config.");
+      process.exit(1);
+      return;
+    }
+    if (startFailed) {
+      console.error(
+        "One or more agents could not start (see warnings above). Continuing with the rest."
+      );
+    }
+    console.log(`${promises.length} agent(s) running. Press Ctrl+C to stop all.
+`);
+    const results = await Promise.allSettled(promises);
+    const failures = results.filter((r) => r.status === "rejected");
+    if (failures.length > 0) {
+      for (const f of failures) {
+        console.error(`Agent exited with error: ${f.reason}`);
+      }
+      process.exit(1);
+    }
+  } else {
+    const maxIndex = (config.agents?.length ?? 0) - 1;
+    const agentIndex = Number(opts.agent);
+    if (!Number.isInteger(agentIndex) || agentIndex < 0 || agentIndex > maxIndex) {
+      console.error(
+        maxIndex >= 0 ? `--agent must be an integer between 0 and ${maxIndex}.` : "No agents configured in ~/.opencara/config.yml"
+      );
+      process.exit(1);
+      return;
+    }
+    const p = startAgentByIndex(config, agentIndex, pollIntervalMs, auth);
+    if (!p) {
+      process.exit(1);
+      return;
+    }
+    await p;
   }
 });
 
 // src/index.ts
-var program = new Command2().name("opencara").description("OpenCara \u2014 distributed AI code review agent").version("0.10.0");
+var program = new Command2().name("opencara").description("OpenCara \u2014 distributed AI code review agent").version("0.11.0");
 program.addCommand(agentCommand);
 program.action(() => {
   startAgentRouter();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencara",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "type": "module",
   "repository": {
     "type": "git",