patchrelay 0.58.0 → 0.59.1

package/dist/build-info.json

@@ -1,6 +1,6 @@
 {
   "service": "patchrelay",
-  "version": "0.58.0",
-  "commit": "a14713655229",
-  "builtAt": "2026-05-02T10:15:39.171Z"
+  "version": "0.59.1",
+  "commit": "1e520e0829e3",
+  "builtAt": "2026-05-02T23:50:20.540Z"
 }

package/dist/cli/cluster-health.js

@@ -430,6 +430,7 @@ function buildCiEntry(params) {
     const owner = deriveCiOwner({
         delegatedToPatchRelay,
         gateCheckStatus,
+        activeRunId: issue.activeRunId,
         factoryState: issue.factoryState,
         reviewDecision,
         reviewRequested,
@@ -461,6 +462,9 @@ function buildCiEntry(params) {
     };
 }
 function deriveCiOwner(params) {
+    if (params.activeRunId !== undefined) {
+        return "patchrelay";
+    }
     const headAdvancedPastBlockingReview = Boolean(params.currentHeadSha
         && params.latestBlockingReviewHeadSha
         && params.currentHeadSha !== params.latestBlockingReviewHeadSha);

package/dist/cli/commands/linear.js

@@ -28,7 +28,11 @@ export async function handleLinearCommand(params) {
                         ? "No Linear workspaces connected.\n"
                         : `${result.workspaces.map((workspace) => {
                             const name = workspace.installation.workspaceKey ?? workspace.installation.workspaceName ?? `installation-${workspace.installation.id}`;
-                            return `${name}  repos=${workspace.linkedRepos.length} teams=${workspace.teams.length} projects=${workspace.projects.length}`;
+                            const health = workspace.installation.healthStatus && workspace.installation.healthStatus !== "ok"
+                                ? ` health=${workspace.installation.healthStatus}`
+                                : "";
+                            const reason = workspace.installation.healthReason ? ` ${workspace.installation.healthReason}` : "";
+                            return `${name}  repos=${workspace.linkedRepos.length} teams=${workspace.teams.length} projects=${workspace.projects.length}${health}${reason}`;
                         }).join("\n")}\n`);
                 return 0;
             }

package/dist/db/linear-installation-store.js

@@ -24,20 +24,24 @@ export class LinearInstallationStore {
               scopes_json = ?,
               token_type = COALESCE(?, token_type),
               expires_at = COALESCE(?, expires_at),
+              health_status = 'ok',
+              health_reason = NULL,
+              health_updated_at = ?,
               updated_at = ?
           WHERE id = ?
           `)
-                .run(params.workspaceName ?? null, params.workspaceKey ?? null, params.actorId ?? null, params.actorName ?? null, params.accessTokenCiphertext, params.refreshTokenCiphertext ?? null, params.scopesJson, params.tokenType ?? null, params.expiresAt ?? null, now, existing.id);
+                .run(params.workspaceName ?? null, params.workspaceKey ?? null, params.actorId ?? null, params.actorName ?? null, params.accessTokenCiphertext, params.refreshTokenCiphertext ?? null, params.scopesJson, params.tokenType ?? null, params.expiresAt ?? null, now, now, existing.id);
             return this.getLinearInstallation(existing.id);
         }
         const result = this.connection
             .prepare(`
         INSERT INTO linear_installations (
           workspace_id, workspace_name, workspace_key, actor_id, actor_name,
-          access_token_ciphertext, refresh_token_ciphertext, scopes_json, token_type, expires_at, created_at, updated_at
-        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+          access_token_ciphertext, refresh_token_ciphertext, scopes_json, token_type, expires_at,
+          health_status, health_reason, health_updated_at, created_at, updated_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'ok', NULL, ?, ?, ?)
         `)
-            .run(params.workspaceId ?? null, params.workspaceName ?? null, params.workspaceKey ?? null, params.actorId ?? null, params.actorName ?? null, params.accessTokenCiphertext, params.refreshTokenCiphertext ?? null, params.scopesJson, params.tokenType ?? null, params.expiresAt ?? null, now, now);
+            .run(params.workspaceId ?? null, params.workspaceName ?? null, params.workspaceKey ?? null, params.actorId ?? null, params.actorName ?? null, params.accessTokenCiphertext, params.refreshTokenCiphertext ?? null, params.scopesJson, params.tokenType ?? null, params.expiresAt ?? null, now, now, now);
         return this.getLinearInstallation(Number(result.lastInsertRowid));
     }
     saveLinearInstallation(params) {
@@ -67,6 +71,20 @@ export class LinearInstallationStore {
          WHERE id = ?`)
             .run(params.workspaceName ?? null, params.workspaceKey ?? null, isoNow(), id);
     }
+    updateLinearInstallationHealth(id, params) {
+        const healthUpdatedAt = params.healthUpdatedAt ?? isoNow();
+        this.connection
+            .prepare(`
+        UPDATE linear_installations
+        SET health_status = ?,
+            health_reason = ?,
+            health_updated_at = ?,
+            updated_at = ?
+        WHERE id = ?
+        `)
+            .run(params.healthStatus, params.healthReason ?? null, healthUpdatedAt, healthUpdatedAt, id);
+        return this.getLinearInstallation(id);
+    }
     getLinearInstallation(id) {
         const row = this.connection
             .prepare("SELECT * FROM linear_installations WHERE id = ?")
@@ -252,6 +270,9 @@ function mapLinearInstallation(row) {
         scopesJson: String(row.scopes_json),
         ...(row.token_type === null ? {} : { tokenType: String(row.token_type) }),
         ...(row.expires_at === null ? {} : { expiresAt: String(row.expires_at) }),
+        ...(row.health_status === null || row.health_status === undefined ? {} : { healthStatus: row.health_status }),
+        ...(row.health_reason === null || row.health_reason === undefined ? {} : { healthReason: String(row.health_reason) }),
+        ...(row.health_updated_at === null || row.health_updated_at === undefined ? {} : { healthUpdatedAt: String(row.health_updated_at) }),
         createdAt: String(row.created_at),
         updatedAt: String(row.updated_at),
     };

package/dist/db/migrations.js

@@ -141,6 +141,9 @@ CREATE TABLE IF NOT EXISTS linear_installations (
   scopes_json TEXT NOT NULL,
   token_type TEXT,
   expires_at TEXT,
+  health_status TEXT NOT NULL DEFAULT 'ok',
+  health_reason TEXT,
+  health_updated_at TEXT,
   created_at TEXT NOT NULL,
   updated_at TEXT NOT NULL
 );
@@ -330,6 +333,9 @@ export function runPatchRelayMigrations(connection) {
     addColumnIfMissing(connection, "issues", "last_attempted_failure_head_sha", "TEXT");
     addColumnIfMissing(connection, "issues", "last_attempted_failure_signature", "TEXT");
     addColumnIfMissing(connection, "issues", "last_attempted_failure_at", "TEXT");
+    addColumnIfMissing(connection, "linear_installations", "health_status", "TEXT NOT NULL DEFAULT 'ok'");
+    addColumnIfMissing(connection, "linear_installations", "health_reason", "TEXT");
+    addColumnIfMissing(connection, "linear_installations", "health_updated_at", "TEXT");
     removeRetiredIssueColumnsIfPresent(connection);
 }
 function addColumnIfMissing(connection, table, column, definition) {

package/dist/interrupted-run-recovery.js

@@ -84,6 +84,13 @@ export class InterruptedRunRecovery {
                     queueRepairAttempts: issue.queueRepairAttempts - 1,
                 });
             }
+            else if (isRequestedChangesRunType(run.runType) && issue.reviewFixAttempts > 0) {
+                this.db.issueSessions.upsertIssueWithLease(lease, {
+                    projectId: issue.projectId,
+                    linearIssueId: issue.linearIssueId,
+                    reviewFixAttempts: issue.reviewFixAttempts - 1,
+                });
+            }
             if (run.runType === "ci_repair" || run.runType === "queue_repair") {
                 this.db.issueSessions.upsertIssueWithLease(lease, {
                     projectId: issue.projectId,

package/dist/linear-client.js

@@ -528,13 +528,34 @@ export class DatabaseBackedLinearClientProvider {
         if (!installation) {
             return undefined;
         }
+        if (installation.healthStatus === "revoked") {
+            this.logger.warn({
+                installationId: installation.id,
+                workspaceName: installation.workspaceName,
+                workspaceKey: installation.workspaceKey,
+                healthReason: installation.healthReason,
+            }, "Linear installation is revoked; reconnect before using it");
+            return undefined;
+        }
         const encryptionKey = this.config.linear.tokenEncryptionKey;
         let accessToken = decryptSecret(installation.accessTokenCiphertext, encryptionKey);
         const refreshToken = installation.refreshTokenCiphertext
             ? decryptSecret(installation.refreshTokenCiphertext, encryptionKey)
             : undefined;
         if (shouldRefreshToken(installation.expiresAt) && refreshToken) {
-            const refreshed = await refreshLinearOAuthToken(this.config, refreshToken);
+            let refreshed;
+            try {
+                refreshed = await refreshLinearOAuthToken(this.config, refreshToken);
+            }
+            catch (error) {
+                const healthReason = `Linear OAuth token refresh failed: ${error instanceof Error ? error.message : String(error)}`;
+                this.db.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                    healthStatus: "auth_error",
+                    healthReason,
+                });
+                this.logger.error({ installationId: installation.id, workspaceName: installation.workspaceName, error: healthReason }, "Linear OAuth token refresh failed; reconnect this installation");
+                throw error;
+            }
             accessToken = refreshed.accessToken;
             this.db.linearInstallations.updateLinearInstallationTokens(installation.id, {
                 accessTokenCiphertext: encryptSecret(refreshed.accessToken, encryptionKey),
@@ -544,6 +565,12 @@ export class DatabaseBackedLinearClientProvider {
                 scopesJson: JSON.stringify(refreshed.scopes),
                 ...(refreshed.expiresAt ? { expiresAt: refreshed.expiresAt } : {}),
             });
+            if (installation.healthStatus === "auth_error") {
+                this.db.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                    healthStatus: "ok",
+                    healthReason: null,
+                });
+            }
         }
         return new LinearGraphqlClient({
             accessToken,

package/dist/linear-oauth-service.js

@@ -133,9 +133,20 @@ export class LinearOAuthService {
                     ...(identity.workspaceKey ? { workspaceKey: identity.workspaceKey } : {}),
                 });
             }
+            if (installation.healthStatus === "auth_error") {
+                this.stores.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                    healthStatus: "ok",
+                    healthReason: null,
+                });
+            }
         }
         catch (error) {
-            this.logger.debug({ installationId: installation.id, error: error instanceof Error ? error.message : String(error) }, "Failed to refresh installation identity (non-blocking)");
+            const healthReason = `Linear viewer lookup failed: ${error instanceof Error ? error.message : String(error)}`;
+            this.stores.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                healthStatus: "auth_error",
+                healthReason,
+            });
+            this.logger.debug({ installationId: installation.id, error: healthReason }, "Failed to refresh installation identity (non-blocking)");
         }
     }
     getInstallationSummary(installation) {
@@ -146,6 +157,9 @@ export class LinearOAuthService {
             ...(installation.actorName ? { actorName: installation.actorName } : {}),
             ...(installation.actorId ? { actorId: installation.actorId } : {}),
             ...(installation.expiresAt ? { expiresAt: installation.expiresAt } : {}),
+            healthStatus: installation.healthStatus ?? "ok",
+            ...(installation.healthReason ? { healthReason: installation.healthReason } : {}),
+            ...(installation.healthUpdatedAt ? { healthUpdatedAt: installation.healthUpdatedAt } : {}),
         };
     }
 }

package/dist/service.js

@@ -87,7 +87,18 @@ export class PatchRelayService {
                     anyLinearConnected = true;
                 }
                 else {
-                    this.logger.warn({ projectId: project.id }, "No Linear installation linked — run 'patchrelay linear connect' and then 'patchrelay repo link' to authorize");
+                    const installation = this.db.linearInstallations.getLinearInstallationForProject(project.id);
+                    if (installation?.healthStatus && installation.healthStatus !== "ok") {
+                        this.logger.warn({
+                            projectId: project.id,
+                            installationId: installation.id,
+                            healthStatus: installation.healthStatus,
+                            healthReason: installation.healthReason,
+                        }, "Linear installation is unhealthy — run 'patchrelay linear connect' to re-authorize before processing this project");
+                    }
+                    else {
+                        this.logger.warn({ projectId: project.id }, "No Linear installation linked — run 'patchrelay linear connect' and then 'patchrelay repo link' to authorize");
+                    }
                 }
             }
             catch (error) {

package/dist/webhook-handler.js

@@ -35,7 +35,7 @@ export class WebhookHandler {
         this.enqueueIssue = enqueueIssue;
         this.logger = logger;
         this.feed = feed;
-        this.installationHandler = new InstallationWebhookHandler(config, { linearInstallations: db.linearInstallations }, logger);
+        this.installationHandler = new InstallationWebhookHandler(config, { linearInstallations: db.linearInstallations }, logger, feed);
         this.issueRemovalHandler = new IssueRemovalHandler(db, feed);
         this.commentWakeHandler = new CommentWakeHandler(db, codex, logger, feed);
         this.agentSessionHandler = new AgentSessionHandler(config, db, linearProvider, codex, logger, feed);

package/dist/webhook-installation-handler.js

@@ -2,20 +2,18 @@ export class InstallationWebhookHandler {
     config;
     stores;
     logger;
-    constructor(config, stores, logger) {
+    feed;
+    constructor(config, stores, logger, feed) {
         this.config = config;
         this.stores = stores;
         this.logger = logger;
+        this.feed = feed;
     }
     handle(normalized) {
         if (!normalized.installation)
             return;
         if (normalized.triggerEvent === "installationPermissionsChanged") {
-            const matchingInstallations = normalized.installation.appUserId
-                ? this.stores.linearInstallations
-                    .listLinearInstallations()
-                    .filter((installation) => installation.actorId === normalized.installation?.appUserId)
-                : [];
+            const matchingInstallations = this.findMatchingInstallations(normalized.installation);
             const links = this.stores.linearInstallations.listProjectInstallations();
             const impactedProjects = matchingInstallations.flatMap((installation) => links
                 .filter((link) => link.installationId === installation.id)
@@ -25,6 +23,23 @@ export class InstallationWebhookHandler {
                 const addedMatches = normalized.installation?.addedTeamIds.some((teamId) => project?.linearTeamIds.includes(teamId)) ?? false;
                 return { projectId: link.projectId, removedMatches, addedMatches };
             }));
+            const impactedProjectIds = impactedProjects
+                .filter((project) => project.removedMatches)
+                .map((project) => project.projectId);
+            const healthReason = buildPermissionHealthReason(normalized.installation, impactedProjectIds);
+            for (const installation of matchingInstallations) {
+                this.stores.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                    healthStatus: "permissions_changed",
+                    healthReason,
+                });
+            }
+            this.feed?.publish({
+                level: "warn",
+                kind: "linear",
+                status: "permissions_changed",
+                summary: "Linear app permissions changed",
+                detail: healthReason,
+            });
             this.logger.warn({
                 appUserId: normalized.installation.appUserId,
                 addedTeamIds: normalized.installation.addedTeamIds,
@@ -35,9 +50,25 @@ export class InstallationWebhookHandler {
             return;
         }
         if (normalized.triggerEvent === "installationRevoked") {
+            const matchingInstallations = this.findMatchingInstallations(normalized.installation, { allowOauthClientFallback: true });
+            const healthReason = "Linear OAuth app installation was revoked. Reconnect the affected workspace before PatchRelay can update Linear.";
+            for (const installation of matchingInstallations) {
+                this.stores.linearInstallations.updateLinearInstallationHealth(installation.id, {
+                    healthStatus: "revoked",
+                    healthReason,
+                });
+            }
+            this.feed?.publish({
+                level: "error",
+                kind: "linear",
+                status: "revoked",
+                summary: "Linear OAuth app installation was revoked",
+                detail: healthReason,
+            });
             this.logger.warn({
                 organizationId: normalized.installation.organizationId,
                 oauthClientId: normalized.installation.oauthClientId,
+                installationIds: matchingInstallations.map((installation) => installation.id),
             }, "Linear OAuth app installation was revoked; reconnect affected projects");
             return;
         }
@@ -49,4 +80,32 @@ export class InstallationWebhookHandler {
             }, "Received Linear app-user notification webhook");
         }
     }
+    findMatchingInstallations(metadata, options) {
+        const installations = this.stores.linearInstallations.listLinearInstallations();
+        const specificMatches = installations.filter((installation) => Boolean((metadata.appUserId && installation.actorId === metadata.appUserId) ||
+            (metadata.organizationId && installation.workspaceId === metadata.organizationId)));
+        if (specificMatches.length > 0) {
+            return specificMatches;
+        }
+        if (options?.allowOauthClientFallback &&
+            metadata.oauthClientId &&
+            metadata.oauthClientId === this.config.linear.oauth?.clientId) {
+            return installations;
+        }
+        return [];
+    }
+}
+function buildPermissionHealthReason(metadata, impactedProjectIds) {
+    const accessChange = metadata.removedTeamIds.length > 0
+        ? `removed team access: ${metadata.removedTeamIds.join(", ")}`
+        : metadata.addedTeamIds.length > 0
+            ? `added team access: ${metadata.addedTeamIds.join(", ")}`
+            : "team access changed";
+    const allPublicTeams = metadata.canAccessAllPublicTeams === false
+        ? " App no longer has access to all public teams."
+        : "";
+    const impactedProjects = impactedProjectIds.length > 0
+        ? ` Impacted PatchRelay projects: ${impactedProjectIds.join(", ")}.`
+        : " Verify routed teams and reconnect if updates start failing.";
+    return `Linear app permissions changed (${accessChange}).${allPublicTeams}${impactedProjects}`;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "patchrelay",
-  "version": "0.58.0",
+  "version": "0.59.1",
   "license": "MIT",
   "type": "module",
   "repository": {