shipwright-cli 2.3.1 → 3.0.0

package/scripts/lib/pipeline-stages.sh

@@ -12,6 +12,7 @@ show_stage_preview() {
         plan)     echo -e "  Generate plan via Claude, post task checklist to issue" ;;
         design)   echo -e "  Generate Architecture Decision Record (ADR), evaluate alternatives" ;;
         build)    echo -e "  Delegate to ${CYAN}shipwright loop${RESET} for autonomous building" ;;
+        test_first) echo -e "  Generate tests from requirements (TDD mode) before implementation" ;;
         test)     echo -e "  Run test suite and check coverage" ;;
         review)   echo -e "  AI code review on the diff, post findings" ;;
         pr)       echo -e "  Create GitHub PR with labels, reviewers, milestone" ;;
@@ -125,7 +126,7 @@ stage_plan() {
     CURRENT_STAGE_ID="plan"
     local plan_file="$ARTIFACTS_DIR/plan.md"
 
-    if ! command -v claude &>/dev/null; then
+    if ! command -v claude >/dev/null 2>&1; then
         error "Claude CLI not found — cannot generate plan"
         return 1
     fi
@@ -138,6 +139,12 @@ stage_plan() {
         "$context_script" gather --goal "$GOAL" --stage plan 2>/dev/null || true
     fi
 
+    # Gather rich architecture context (call-graph, dependencies)
+    local arch_context=""
+    if type gather_architecture_context &>/dev/null; then
+        arch_context=$(gather_architecture_context "${PROJECT_ROOT:-.}" 2>/dev/null || true)
+    fi
+
     # Build rich prompt with all available context
     local plan_prompt="You are an autonomous development agent. Analyze this codebase and create a detailed implementation plan.
 
@@ -153,6 +160,14 @@ ${ISSUE_BODY}
 "
     fi
 
+    # Inject architecture context (import graph, modules, test map)
+    if [[ -n "$arch_context" ]]; then
+        plan_prompt="${plan_prompt}
+## Architecture Context
+${arch_context}
+"
+    fi
+
     # Inject context bundle from context engine (if available)
     local _context_bundle="${ARTIFACTS_DIR}/context-bundle.md"
     if [[ -f "$_context_bundle" ]]; then
@@ -167,7 +182,7 @@ ${_cb_content}
     fi
 
     # Inject intelligence memory context for similar past plans
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         local plan_memory
         plan_memory=$(intelligence_search_memory "plan stage for ${TASK_TYPE:-feature}: ${GOAL:-}" "${HOME}/.shipwright/memory" 5 2>/dev/null) || true
         if [[ -n "$plan_memory" && "$plan_memory" != *'"results":[]'* && "$plan_memory" != *'"error"'* ]]; then
@@ -392,7 +407,7 @@ CC_TASKS_EOF
 
     # ── Plan Validation Gate ──
     # Ask Claude to validate the plan before proceeding
-    if command -v claude &>/dev/null && [[ -s "$plan_file" ]]; then
+    if command -v claude >/dev/null 2>&1 && [[ -s "$plan_file" ]]; then
         local validation_attempts=0
         local max_validation_attempts=2
         local plan_valid=false
@@ -405,7 +420,7 @@ CC_TASKS_EOF
             local validation_extra=""
 
             # Inject rejected plan history from memory
-            if type intelligence_search_memory &>/dev/null 2>&1; then
+            if type intelligence_search_memory >/dev/null 2>&1; then
                 local rejected_plans
                 rejected_plans=$(intelligence_search_memory "rejected plan validation failures for: ${GOAL:-}" "${HOME}/.shipwright/memory" 3 2>/dev/null) || true
                 if [[ -n "$rejected_plans" ]]; then
@@ -560,16 +575,22 @@ stage_design() {
         return 0
     fi
 
-    if ! command -v claude &>/dev/null; then
+    if ! command -v claude >/dev/null 2>&1; then
         error "Claude CLI not found — cannot generate design"
         return 1
     fi
 
     info "Generating Architecture Decision Record..."
 
+    # Gather rich architecture context (call-graph, dependencies)
+    local arch_struct_context=""
+    if type gather_architecture_context &>/dev/null; then
+        arch_struct_context=$(gather_architecture_context "${PROJECT_ROOT:-.}" 2>/dev/null || true)
+    fi
+
     # Memory integration — inject context if memory system available
     local memory_context=""
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         local mem_dir="${HOME}/.shipwright/memory"
         memory_context=$(intelligence_search_memory "design stage architecture patterns for: ${GOAL:-}" "$mem_dir" 5 2>/dev/null) || true
     fi
@@ -608,7 +629,7 @@ ${arch_layers}}"
 
     # Inject rejected design approaches and anti-patterns from memory
     local design_antipatterns=""
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         local rejected_designs
         rejected_designs=$(intelligence_search_memory "rejected design approaches anti-patterns for: ${GOAL:-}" "${HOME}/.shipwright/memory" 3 2>/dev/null) || true
         if [[ -n "$rejected_designs" ]]; then
@@ -636,7 +657,10 @@ $(cat "$plan_file")
 - Language: ${project_lang}
 - Test command: ${TEST_CMD:-not configured}
 - Task type: ${TASK_TYPE:-feature}
-${memory_context:+
+${arch_struct_context:+
+## Architecture Context (import graph, modules, test map)
+${arch_struct_context}
+}${memory_context:+
 ## Historical Context (from memory)
 ${memory_context}
 }${arch_context:+
@@ -741,6 +765,117 @@ _Generated by \`shipwright pipeline\` design stage at $(now_iso)_"
     log_stage "design" "Generated design.md (${line_count} lines)"
 }
 
+# ─── TDD: Generate tests before implementation ─────────────────────────────────
+stage_test_first() {
+    CURRENT_STAGE_ID="test_first"
+    info "Generating tests from requirements (TDD mode)"
+
+    local plan_file="${ARTIFACTS_DIR}/plan.md"
+    local goal_file="${PROJECT_ROOT}/.claude/goal.md"
+    local requirements=""
+    if [[ -f "$plan_file" ]]; then
+        requirements=$(cat "$plan_file" 2>/dev/null || true)
+    elif [[ -f "$goal_file" ]]; then
+        requirements=$(cat "$goal_file" 2>/dev/null || true)
+    else
+        requirements="${GOAL:-}: ${ISSUE_BODY:-}"
+    fi
+
+    local tdd_prompt="You are writing tests BEFORE implementation (TDD).
+
+Based on the following plan/requirements, generate test files that define the expected behavior. These tests should FAIL initially (since the implementation doesn't exist yet) but define the correct interface and behavior.
+
+Requirements:
+${requirements}
+
+Instructions:
+1. Create test files for each component mentioned in the plan
+2. Tests should verify the PUBLIC interface and expected behavior
+3. Include edge cases and error handling tests
+4. Tests should be runnable with the project's test framework
+5. Mark tests that need implementation with clear TODO comments
+6. Do NOT write implementation code — only tests
+
+Output format: For each test file, use a fenced code block with the file path as the language identifier (e.g. \`\`\`tests/auth.test.ts):
+\`\`\`path/to/test.test.ts
+// file content
+\`\`\`
+
+Create files in the appropriate project directories (e.g. tests/, __tests__/, src/**/*.test.ts) per project convention."
+
+    local model="${CLAUDE_MODEL:-${MODEL:-sonnet}}"
+    [[ -z "$model" || "$model" == "null" ]] && model="sonnet"
+
+    local output=""
+    output=$(echo "$tdd_prompt" | timeout 120 claude --print --model "$model" 2>/dev/null) || {
+        warn "TDD test generation failed, falling back to standard build"
+        return 1
+    }
+
+    # Parse output: extract fenced code blocks and write to files
+    local wrote_any=false
+    local block_path="" in_block=false block_content=""
+    while IFS= read -r line; do
+        if [[ "$line" =~ ^\`\`\`([a-zA-Z0-9_/\.\-]+)$ ]]; then
+            if [[ -n "$block_path" && -n "$block_content" ]]; then
+                local out_file="${PROJECT_ROOT}/${block_path}"
+                local out_dir
+                out_dir=$(dirname "$out_file")
+                mkdir -p "$out_dir" 2>/dev/null || true
+                if echo "$block_content" > "$out_file" 2>/dev/null; then
+                    wrote_any=true
+                    info "  Wrote: $block_path"
+                fi
+            fi
+            block_path="${BASH_REMATCH[1]}"
+            block_content=""
+            in_block=true
+        elif [[ "$line" == "\`\`\`" && "$in_block" == "true" ]]; then
+            if [[ -n "$block_path" && -n "$block_content" ]]; then
+                local out_file="${PROJECT_ROOT}/${block_path}"
+                local out_dir
+                out_dir=$(dirname "$out_file")
+                mkdir -p "$out_dir" 2>/dev/null || true
+                if echo "$block_content" > "$out_file" 2>/dev/null; then
+                    wrote_any=true
+                    info "  Wrote: $block_path"
+                fi
+            fi
+            block_path=""
+            block_content=""
+            in_block=false
+        elif [[ "$in_block" == "true" && -n "$block_path" ]]; then
+            [[ -n "$block_content" ]] && block_content="${block_content}"$'\n'
+            block_content="${block_content}${line}"
+        fi
+    done <<< "$output"
+
+    # Flush last block if unclosed
+    if [[ -n "$block_path" && -n "$block_content" ]]; then
+        local out_file="${PROJECT_ROOT}/${block_path}"
+        local out_dir
+        out_dir=$(dirname "$out_file")
+        mkdir -p "$out_dir" 2>/dev/null || true
+        if echo "$block_content" > "$out_file" 2>/dev/null; then
+            wrote_any=true
+            info "  Wrote: $block_path"
+        fi
+    fi
+
+    if [[ "$wrote_any" == "true" ]]; then
+        if (cd "$PROJECT_ROOT" && git diff --name-only 2>/dev/null | grep -qE 'test|spec'); then
+            git add -A 2>/dev/null || true
+            git commit -m "test: TDD - define expected behavior before implementation" 2>/dev/null || true
+            emit_event "tdd.tests_generated" "{\"stage\":\"test_first\"}"
+        fi
+        success "TDD tests generated"
+    else
+        warn "No test files extracted from TDD output — check format"
+    fi
+
+    return 0
+}
+
 stage_build() {
     local plan_file="$ARTIFACTS_DIR/plan.md"
     local design_file="$ARTIFACTS_DIR/design.md"
@@ -749,7 +884,7 @@ stage_build() {
 
     # Memory integration — inject context if memory system available
     local memory_context=""
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         local mem_dir="${HOME}/.shipwright/memory"
         memory_context=$(intelligence_search_memory "build stage for: ${GOAL:-}" "$mem_dir" 5 2>/dev/null) || true
     fi
@@ -761,6 +896,13 @@ stage_build() {
     local enriched_goal
     enriched_goal=$(_pipeline_compact_goal "$GOAL" "$plan_file" "$design_file")
 
+    # TDD: when test_first ran, tell build to make existing tests pass
+    if [[ "${TDD_ENABLED:-false}" == "true" || "${PIPELINE_TDD:-}" == "true" ]]; then
+        enriched_goal="${enriched_goal}
+
+IMPORTANT (TDD mode): Test files already exist and define the expected behavior. Write implementation code to make ALL tests pass. Do not delete or modify the test files."
+    fi
+
     # Inject memory context
     if [[ -n "$memory_context" ]]; then
         enriched_goal="${enriched_goal}
@@ -790,7 +932,7 @@ $(cat "$TASKS_FILE")"
     fi
 
     # Inject file hotspots from GitHub intelligence
-    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_file_change_frequency &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_file_change_frequency >/dev/null 2>&1; then
         local build_hotspots
         build_hotspots=$(gh_file_change_frequency 2>/dev/null | head -5 || true)
         if [[ -n "$build_hotspots" ]]; then
@@ -802,7 +944,7 @@ ${build_hotspots}"
     fi
 
     # Inject security alerts context
-    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_security_alerts &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_security_alerts >/dev/null 2>&1; then
         local build_alerts
         build_alerts=$(gh_security_alerts 2>/dev/null | head -3 || true)
         if [[ -n "$build_alerts" ]]; then
@@ -930,6 +1072,11 @@ ${prevention_text}"
     # Definition of Done: use plan-extracted DoD if available
     [[ -s "$dod_file" ]] && loop_args+=(--definition-of-done "$dod_file")
 
+    # Checkpoint resume: when pipeline resumed from build-stage checkpoint, pass --resume to loop
+    if [[ "${RESUME_FROM_CHECKPOINT:-false}" == "true" && "${checkpoint_stage:-}" == "build" ]]; then
+        loop_args+=(--resume)
+    fi
+
     # Skip permissions in CI (no interactive terminal)
     [[ "${CI_MODE:-false}" == "true" ]] && loop_args+=(--skip-permissions)
 
@@ -967,7 +1114,7 @@ ${prevention_text}"
 
     # Read accumulated token counts from build loop (written by sw-loop.sh)
     local _loop_token_file="${PROJECT_ROOT}/.claude/loop-logs/loop-tokens.json"
-    if [[ -f "$_loop_token_file" ]] && command -v jq &>/dev/null; then
+    if [[ -f "$_loop_token_file" ]] && command -v jq >/dev/null 2>&1; then
         local _loop_in _loop_out _loop_cost
         _loop_in=$(jq -r '.input_tokens // 0' "$_loop_token_file" 2>/dev/null || echo "0")
         _loop_out=$(jq -r '.output_tokens // 0' "$_loop_token_file" 2>/dev/null || echo "0")
@@ -988,7 +1135,7 @@ ${prevention_text}"
     info "Build produced ${BOLD}$commit_count${RESET} commit(s)"
 
     # Commit quality evaluation when intelligence is enabled
-    if type intelligence_search_memory &>/dev/null 2>&1 && command -v claude &>/dev/null && [[ "${commit_count:-0}" -gt 0 ]]; then
+    if type intelligence_search_memory >/dev/null 2>&1 && command -v claude >/dev/null 2>&1 && [[ "${commit_count:-0}" -gt 0 ]]; then
         local commit_msgs
         commit_msgs=$(git log --format="%s" "${BASE_BRANCH}..HEAD" 2>/dev/null | head -20)
         local quality_score
@@ -1086,6 +1233,14 @@ ${log_excerpt}
         fi
     fi
 
+    # Emit test.completed with coverage for adaptive learning
+    if [[ -n "$coverage" ]]; then
+        emit_event "test.completed" \
+            "issue=${ISSUE_NUMBER:-0}" \
+            "stage=test" \
+            "coverage=$coverage"
+    fi
+
     # Post test results to GitHub
     if [[ -n "$ISSUE_NUMBER" ]]; then
         local test_summary
@@ -1129,7 +1284,7 @@ stage_review() {
         return 0
     fi
 
-    if ! command -v claude &>/dev/null; then
+    if ! command -v claude >/dev/null 2>&1; then
         warn "Claude CLI not found — skipping AI review"
         return 0
     fi
@@ -1139,7 +1294,7 @@ stage_review() {
     info "Running AI code review... ${DIM}($diff_stats)${RESET}"
 
     # Semantic risk scoring when intelligence is enabled
-    if type intelligence_search_memory &>/dev/null 2>&1 && command -v claude &>/dev/null; then
+    if type intelligence_search_memory >/dev/null 2>&1 && command -v claude >/dev/null 2>&1; then
         local diff_files
         diff_files=$(git diff --name-only "${BASE_BRANCH}...${GIT_BRANCH}" 2>/dev/null || true)
         local risk_score="low"
@@ -1185,7 +1340,7 @@ If no issues are found, write: \"Review clean — no issues found.\"
 "
 
     # Inject previous review findings and anti-patterns from memory
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         local review_memory
         review_memory=$(intelligence_search_memory "code review findings anti-patterns for: ${GOAL:-}" "${HOME}/.shipwright/memory" 5 2>/dev/null) || true
         if [[ -n "$review_memory" ]]; then
@@ -1211,7 +1366,7 @@ ${conventions}
     fi
 
     # Inject CODEOWNERS focus areas for review
-    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_codeowners &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-}" != "true" ]] && type gh_codeowners >/dev/null 2>&1; then
         local review_owners
         review_owners=$(gh_codeowners 2>/dev/null | head -10 || true)
         if [[ -n "$review_owners" ]]; then
@@ -1448,7 +1603,7 @@ stage_pr() {
 
     # ── Developer Simulation (pre-PR review) ──
     local simulation_summary=""
-    if type simulation_review &>/dev/null 2>&1; then
+    if type simulation_review >/dev/null 2>&1; then
         local sim_enabled
         sim_enabled=$(jq -r '.intelligence.simulation_enabled // false' "$PIPELINE_CONFIG" 2>/dev/null || echo "false")
         # Also check daemon-config
@@ -1479,7 +1634,7 @@ stage_pr() {
 
     # ── Architecture Validation (pre-PR check) ──
     local arch_summary=""
-    if type architecture_validate_changes &>/dev/null 2>&1; then
+    if type architecture_validate_changes >/dev/null 2>&1; then
         local arch_enabled
         arch_enabled=$(jq -r '.intelligence.architecture_enabled // false' "$PIPELINE_CONFIG" 2>/dev/null || echo "false")
         local daemon_cfg=".claude/daemon-config.json"
@@ -1614,6 +1769,65 @@ Generated by \`shipwright pipeline\`
 EOF
 )"
 
+    # Verify required evidence before PR (merge policy enforcement)
+    local risk_tier
+    risk_tier="low"
+    if [[ -f "$REPO_DIR/config/policy.json" ]]; then
+        local changed_files
+        changed_files=$(git diff --name-only "${BASE_BRANCH}...HEAD" 2>/dev/null || true)
+        if [[ -n "$changed_files" ]]; then
+            local policy_file="$REPO_DIR/config/policy.json"
+            check_tier_match() {
+                local tier="$1"
+                local patterns
+                patterns=$(jq -r ".riskTierRules.${tier}[]? // empty" "$policy_file" 2>/dev/null)
+                [[ -z "$patterns" ]] && return 1
+                while IFS= read -r pattern; do
+                    [[ -z "$pattern" ]] && continue
+                    local regex
+                    regex=$(echo "$pattern" | sed 's/\./\\./g; s/\*\*/DOUBLESTAR/g; s/\*/[^\/]*/g; s/DOUBLESTAR/.*/g')
+                    while IFS= read -r file; do
+                        [[ -z "$file" ]] && continue
+                        if echo "$file" | grep -qE "^${regex}$"; then
+                            return 0
+                        fi
+                    done <<< "$changed_files"
+                done <<< "$patterns"
+                return 1
+            }
+            check_tier_match "critical" && risk_tier="critical"
+            check_tier_match "high" && [[ "$risk_tier" != "critical" ]] && risk_tier="high"
+            check_tier_match "medium" && [[ "$risk_tier" != "critical" && "$risk_tier" != "high" ]] && risk_tier="medium"
+        fi
+    fi
+
+    local required_evidence
+    required_evidence=$(jq -r ".mergePolicy.\"$risk_tier\".requiredEvidence // [] | .[]" "$REPO_DIR/config/policy.json" 2>/dev/null)
+
+    if [[ -n "$required_evidence" ]]; then
+        local evidence_dir="$REPO_DIR/.claude/evidence"
+        local missing_evidence=()
+        while IFS= read -r etype; do
+            [[ -z "$etype" ]] && continue
+            local has_evidence=false
+            for f in "$evidence_dir"/*"$etype"*; do
+                [[ -f "$f" ]] && has_evidence=true && break
+            done
+            [[ "$has_evidence" != "true" ]] && missing_evidence+=("$etype")
+        done <<< "$required_evidence"
+
+        if [[ ${#missing_evidence[@]} -gt 0 ]]; then
+            warn "Missing required evidence for $risk_tier tier: ${missing_evidence[*]}"
+            emit_event "evidence.missing" "{\"tier\":\"$risk_tier\",\"missing\":\"${missing_evidence[*]}\"}"
+            # Collect missing evidence
+            if [[ -x "$SCRIPT_DIR/sw-evidence.sh" ]]; then
+                for etype in "${missing_evidence[@]}"; do
+                    (cd "$REPO_DIR" && bash "$SCRIPT_DIR/sw-evidence.sh" capture "$etype" 2>/dev/null) || warn "Failed to collect $etype evidence"
+                done
+            fi
+        fi
+    fi
+
     # Build gh pr create args
     local pr_args=(--title "$pr_title" --body "$pr_body" --base "$BASE_BRANCH")
 
@@ -1687,7 +1901,7 @@ EOF
         local reviewer_assigned=false
 
         # Try CODEOWNERS-based routing via GraphQL API
-        if type gh_codeowners &>/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
+        if type gh_codeowners >/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
             local codeowners_json
             codeowners_json=$(gh_codeowners "$REPO_OWNER" "$REPO_NAME" 2>/dev/null || echo "[]")
             if [[ "$codeowners_json" != "[]" && -n "$codeowners_json" ]]; then
@@ -1710,7 +1924,7 @@ EOF
         fi
 
         # Fallback: contributor-based routing via GraphQL API
-        if [[ "$reviewer_assigned" != "true" ]] && type gh_contributors &>/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
+        if [[ "$reviewer_assigned" != "true" ]] && type gh_contributors >/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
             local contributors_json
             contributors_json=$(gh_contributors "$REPO_OWNER" "$REPO_NAME" 2>/dev/null || echo "[]")
             local top_contributor
@@ -1816,7 +2030,7 @@ stage_merge() {
     fi
 
     # ── Branch Protection Check ──
-    if type gh_branch_protection &>/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
+    if type gh_branch_protection >/dev/null 2>&1 && [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
         local protection_json
         protection_json=$(gh_branch_protection "$REPO_OWNER" "$REPO_NAME" "${BASE_BRANCH:-main}" 2>/dev/null || echo '{"protected": false}')
         local is_protected
@@ -1912,13 +2126,13 @@ stage_merge() {
         check_status=$(gh pr checks "$pr_number" --json 'bucket,name' --jq '[.[] | .bucket] | unique | sort' 2>/dev/null || echo '["pending"]')
 
         # If all checks passed (only "pass" in buckets)
-        if echo "$check_status" | jq -e '. == ["pass"]' &>/dev/null; then
+        if echo "$check_status" | jq -e '. == ["pass"]' >/dev/null 2>&1; then
             success "All CI checks passed"
             break
         fi
 
         # If any check failed
-        if echo "$check_status" | jq -e 'any(. == "fail")' &>/dev/null; then
+        if echo "$check_status" | jq -e 'any(. == "fail")' >/dev/null 2>&1; then
             error "CI checks failed — aborting merge"
             return 1
         fi
@@ -2018,7 +2232,7 @@ stage_deploy() {
     # Create GitHub deployment tracking
     local gh_deploy_env="production"
     [[ -n "$staging_cmd" && -z "$prod_cmd" ]] && gh_deploy_env="staging"
-    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_start &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_start >/dev/null 2>&1; then
         if [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
             gh_deploy_pipeline_start "$REPO_OWNER" "$REPO_NAME" "${GIT_BRANCH:-HEAD}" "$gh_deploy_env" 2>/dev/null || true
             info "GitHub Deployment: tracking as $gh_deploy_env"
@@ -2151,7 +2365,7 @@ stage_deploy() {
                 error "Staging deploy failed"
                 [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Staging deploy failed"
                 # Mark GitHub deployment as failed
-                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
+                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete >/dev/null 2>&1; then
                     gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Staging deploy failed" 2>/dev/null || true
                 fi
                 return 1
@@ -2169,7 +2383,7 @@ stage_deploy() {
                 fi
                 [[ -n "$ISSUE_NUMBER" ]] && gh_comment_issue "$ISSUE_NUMBER" "Production deploy failed — rollback ${rollback_cmd:+attempted}"
                 # Mark GitHub deployment as failed
-                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
+                if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete >/dev/null 2>&1; then
                     gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" false "Production deploy failed" 2>/dev/null || true
                 fi
                 return 1
@@ -2184,7 +2398,7 @@ stage_deploy() {
     fi
 
     # Mark GitHub deployment as successful
-    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_deploy_pipeline_complete >/dev/null 2>&1; then
         if [[ -n "$REPO_OWNER" && -n "$REPO_NAME" ]]; then
             gh_deploy_pipeline_complete "$REPO_OWNER" "$REPO_NAME" "$gh_deploy_env" true "" 2>/dev/null || true
         fi

package/scripts/lib/pipeline-state.sh

@@ -63,6 +63,23 @@ get_stage_timing_seconds() {
     fi
 }
 
+# Name of the slowest completed stage (for pipeline.completed event)
+get_slowest_stage() {
+    local slowest="" max_sec=0
+    local stage_ids
+    stage_ids=$(echo "$STAGE_TIMINGS" | grep "_start:" | sed 's/_start:.*//' | sort -u)
+    for sid in $stage_ids; do
+        [[ -z "$sid" ]] && continue
+        local sec
+        sec=$(get_stage_timing_seconds "$sid")
+        if [[ -n "$sec" && "$sec" =~ ^[0-9]+$ && "$sec" -gt "$max_sec" ]]; then
+            max_sec="$sec"
+            slowest="$sid"
+        fi
+    done
+    echo "${slowest:-}"
+}
+
 get_stage_description() {
     local stage_id="$1"
 
@@ -191,7 +208,7 @@ mark_stage_complete() {
     fi
 
     # Update GitHub Check Run for this stage
-    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_checks_stage_update &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_checks_stage_update >/dev/null 2>&1; then
         gh_checks_stage_update "$stage_id" "completed" "success" "Stage $stage_id: ${timing}" 2>/dev/null || true
     fi
 
@@ -215,9 +232,18 @@ mark_stage_complete() {
     fi
 
     # Durable WAL: publish stage completion event
-    if type publish_event &>/dev/null 2>&1; then
+    if type publish_event >/dev/null 2>&1; then
         publish_event "stage.complete" "{\"stage\":\"${stage_id}\",\"issue\":\"${ISSUE_NUMBER:-0}\",\"timing\":\"${timing}\"}" 2>/dev/null || true
     fi
+
+    # Durable checkpoint: save to DB for pipeline resume
+    if type db_save_checkpoint >/dev/null 2>&1; then
+        local checkpoint_data
+        checkpoint_data=$(jq -nc --arg stage "$stage_id" --arg status "${PIPELINE_STATUS:-running}" \
+            --arg issue "${ISSUE_NUMBER:-}" --arg goal "${GOAL:-}" --arg template "${PIPELINE_TEMPLATE:-}" \
+            '{stage: $stage, status: $status, issue: $issue, goal: $goal, template: $template, ts: "'"$(now_iso)"'"}')
+        db_save_checkpoint "pipeline-${SHIPWRIGHT_PIPELINE_ID:-$$}" "$checkpoint_data" 2>/dev/null || true
+    fi
 }
 
 persist_artifacts() {
@@ -350,7 +376,7 @@ $(tail -5 "$ARTIFACTS_DIR/${stage_id}"*.log 2>/dev/null || echo 'No log availabl
     fi
 
     # Update GitHub Check Run for this stage
-    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_checks_stage_update &>/dev/null 2>&1; then
+    if [[ "${NO_GITHUB:-false}" != "true" ]] && type gh_checks_stage_update >/dev/null 2>&1; then
         local fail_summary
         fail_summary=$(tail -3 "$ARTIFACTS_DIR/${stage_id}"*.log 2>/dev/null | head -c 500 || echo "Stage $stage_id failed")
         gh_checks_stage_update "$stage_id" "completed" "failure" "$fail_summary" 2>/dev/null || true
@@ -368,7 +394,7 @@ $(tail -5 "$ARTIFACTS_DIR/${stage_id}"*.log 2>/dev/null || echo 'No log availabl
     fi
 
     # Durable WAL: publish stage failure event
-    if type publish_event &>/dev/null 2>&1; then
+    if type publish_event >/dev/null 2>&1; then
         publish_event "stage.failed" "{\"stage\":\"${stage_id}\",\"issue\":\"${ISSUE_NUMBER:-0}\",\"timing\":\"${timing}\"}" 2>/dev/null || true
     fi
 }
@@ -446,6 +472,16 @@ _SW_STATE_END_
         printf '## Log\n'
         printf '%s\n' "$LOG_ENTRIES"
     } >> "$STATE_FILE"
+
+    # Update pipeline_runs in DB
+    if type update_pipeline_status >/dev/null 2>&1 && db_available 2>/dev/null; then
+        local _job_id="${SHIPWRIGHT_PIPELINE_ID:-pipeline-$$-${ISSUE_NUMBER:-0}}"
+        local _dur_secs=0
+        if [[ -n "$PIPELINE_START_EPOCH" ]]; then
+            _dur_secs=$(( $(now_epoch) - PIPELINE_START_EPOCH ))
+        fi
+        update_pipeline_status "$_job_id" "$PIPELINE_STATUS" "$CURRENT_STAGE" "" "$_dur_secs" 2>/dev/null || true
+    fi
 }
 
 resume_state() {