ticket-to-pr 1.1.0 → 1.2.1

package/README.md

@@ -34,7 +34,7 @@ TicketToPR clears that pile. Toss tickets on your Notion board, drag to Review,
 - **AI scores before AI codes** — every ticket gets an ease/confidence rating and implementation spec before a single line is written. You always decide go/no-go.
 - **Your codebase, your rules** — Claude reads your project's `CLAUDE.md` and follows your conventions, patterns, and constraints.
 - **Build validation** — code must pass your build command before anything pushes. No broken PRs.
-- **Blocked file guardrails** — configure glob patterns for files the agent must never touch (e.g. migrations, DB schemas). Enforced via prompt + hard post-diff validation.
+- **Blocked file guardrails** — configure glob patterns for files the agent must never touch (e.g. migrations, DB schemas). Enforced via prompt injection into both review and execute agents + hard post-diff validation.
 - **Full audit trail** — cost, duration, scores, branch name, PR link, and agent comments posted directly on the Notion ticket.
 - **Cost transparency** — every ticket shows exactly what it cost. Simple tasks run $0.35-0.55.
 - **Human-in-the-loop** — nothing merges without a developer reviewing the PR.
@@ -210,7 +210,7 @@ ticket-to-pr --dry-run --once
 
 | Command / Flag | Behavior |
 |----------------|----------|
-| `init` | Guided setup — validates Notion credentials live, configures projects, writes `.env.local` and `projects.json`. Detects existing config on re-run. |
+| `init` | Guided setup — validates Notion credentials live, auto-detects build commands, generates starter `CLAUDE.md`, configures projects, writes `.env.local` and `projects.json`. Detects existing config on re-run. |
 | `doctor` | Diagnostic check — verifies environment, Notion connectivity, database schema, tools, and projects |
 | *(none)* | Continuous polling every 30s |
 | `--once` | Poll once, wait for agents to finish, exit |
@@ -247,11 +247,15 @@ Step 4: Projects
   Project name: MyApp
   Directory: /Users/you/Projects/MyApp
   ✓ Git repo  git@github.com:you/MyApp.git
-  Build command (optional): npm run build
+  Build command (npm run build):                    ← auto-detected from package.json
   Base branch (main):
   Glob patterns the agent must never touch (e.g. **/migrations/**, prisma/schema.prisma, **/*.sql)
   Blocked file patterns (optional, comma-separated):
   Skip automatic PR creation? (N):
+  Detected: TypeScript, Next.js, Tailwind CSS       ← auto-detected from project files
+  Generate starter CLAUDE.md? (Y):
+  ✓ Generated CLAUDE.md  /Users/you/Projects/MyApp/CLAUDE.md
+  Edit it to add project-specific rules and conventions.
 
   Add another project? (N):
 
@@ -265,6 +269,8 @@ Ready!
 ```
 
 - **Blocks on bad config** — invalid Notion tokens and database IDs are rejected and re-prompted (won't save broken credentials)
+- **Auto-detects build command** — reads `package.json`, `Cargo.toml`, `go.mod`, `pyproject.toml`, or `Makefile` and pre-fills the build command. Press Enter to accept or override.
+- **Generates starter CLAUDE.md** — detects your project stack (language, framework, test runner, CSS, ORM) and offers to generate a `CLAUDE.md` with build commands, code style, and file structure. Both agents read this file for context.
 - **Re-run safe** — detects existing `.env.local` and `projects.json`, asks "update" or "start fresh"
 - **Free tier guard** — warns if you configure multiple projects without a Pro license
 - Masks existing secrets when showing defaults
@@ -386,7 +392,7 @@ tail -f ~/Projects/ticket-to-pr/bridge.log
 The review agent explores your codebase without modifying anything:
 
 - **Tools**: Read, Glob, Grep, Task
-- **Context**: Reads your project's `CLAUDE.md` for architecture rules
+- **Context**: Reads your project's `CLAUDE.md` for architecture rules. If `blockedFiles` are configured, the review agent factors those constraints into scoring.
 - **Output**: Ease score, confidence score, implementation spec, impact report, affected files, risks
 - **Budget**: $2.00 max, 25 turns max
 - **Typical cost**: $0.15 - $0.50
@@ -412,7 +418,8 @@ The review agent explores your codebase without modifying anything:
 The execute agent implements the code based on the spec:
 
 - **Tools**: Read, Glob, Grep, Edit, Write + limited Bash (git, build, test only)
-- **Cannot**: push, run destructive commands, modify databases, access the web
+- **Dev access** (opt-in): When `devAccess` is enabled, additionally allows `npx tsx`, `node`, `npm run`, `npx vitest`, `npx jest`, `npx prisma`, `python`, and `curl` to localhost/127.0.0.1 only
+- **Cannot**: push, run destructive commands, modify databases, access the web, curl external hosts
 - **Context**: Reads your project's `CLAUDE.md` for conventions and rules
 - **Budget**: $15.00 max, 50 turns max
 - **Typical cost**: $0.20 - $2.00
@@ -490,6 +497,8 @@ Project configuration in `projects.json`:
 | `projects.<name>.baseBranch` | Optional base branch (e.g. `develop`). Falls back to auto-detected default (`main`/`master`). |
 | `projects.<name>.blockedFiles` | Optional array of glob patterns the agent must never touch (e.g. `["**/migrations/**", "**/*.sql"]`) |
 | `projects.<name>.skipPR` | Optional boolean. Set `true` to push the branch but skip automatic PR creation. |
+| `projects.<name>.devAccess` | Optional boolean. Set `true` to let the execute agent run scripts, query DBs, and hit local endpoints. |
+| `projects.<name>.envFile` | Optional env file path relative to project directory (e.g. `.env.local`). Loaded into the agent's environment when set. |
 
 ## Project Structure
 
@@ -533,7 +542,7 @@ Add to `projects.json` (or re-run `ticket-to-pr init`):
 
 1. All fields except `directory` are optional — omit any you don't need
 2. `baseBranch` — which branch to base feature branches on. Auto-detected (`main`/`master`) if omitted.
-3. `blockedFiles` — glob patterns the agent must never touch. Enforced both via prompt injection and a hard post-diff validation before push.
+3. `blockedFiles` — glob patterns the agent must never touch. Enforced via prompt injection into both review and execute agents, plus a hard post-diff validation before push.
 4. `skipPR` — set `true` to push branches without creating a PR (useful for repos that use a different PR workflow)
 5. The directory must be a git repo with an `origin` remote
 6. If the project has a `CLAUDE.md`, both agents will read it for context
@@ -629,7 +638,7 @@ Add to `projects.json` (or re-run `ticket-to-pr init`):
 - **Read-only review** — the review agent cannot modify files. It only reads and analyzes.
 - **Sandboxed execution** — the execute agent has no access to the web, cannot push code, and cannot run destructive commands. TicketToPR handles git operations separately.
 - **Build gate** — code must pass your build validation before anything is pushed.
-- **Blocked file gate** — if `blockedFiles` patterns are configured, a post-diff check runs before push. Any violations abort the run — no code reaches origin.
+- **Blocked file gate** — if `blockedFiles` patterns are configured, they're injected into both the review and execute agent prompts. A hard post-diff check also runs before push. Any violations abort the run — no code reaches origin.
 - **Human gate** — pull requests require your review and approval before merging.
 
 ## Tech Stack

package/dist/cli.js

@@ -1,6 +1,6 @@
 import { createInterface } from 'node:readline';
 import { execSync } from 'node:child_process';
-import { readFileSync, existsSync } from 'node:fs';
+import { readFileSync, existsSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { mask, shellEscape, writeEnvFile, updateProjectsFile, getDefaultBranch } from './lib/utils.js';
 import { getProjectNames, getProjectDir, getBaseBranch, getBlockedFiles, getSkipPR } from './lib/projects.js';
@@ -27,6 +27,209 @@ function checkCommand(cmd) {
         return { ok: false, output: '' };
     }
 }
+function detectBuildCommand(dir) {
+    // Node.js — check package.json for build/test scripts
+    const pkgPath = join(dir, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            if (pkg.scripts?.build)
+                return 'npm run build';
+            if (pkg.scripts?.test)
+                return 'npm test';
+        }
+        catch { /* ignore parse errors */ }
+    }
+    // Rust
+    if (existsSync(join(dir, 'Cargo.toml')))
+        return 'cargo build';
+    // Go
+    if (existsSync(join(dir, 'go.mod')))
+        return 'go build ./...';
+    // Python
+    if (existsSync(join(dir, 'pyproject.toml')))
+        return 'python -m pytest';
+    // Makefile
+    if (existsSync(join(dir, 'Makefile')))
+        return 'make';
+    return undefined;
+}
+function detectProjectStack(dir) {
+    const stack = { language: 'JavaScript' };
+    // TypeScript detection
+    if (existsSync(join(dir, 'tsconfig.json'))) {
+        stack.language = 'TypeScript';
+    }
+    // Rust / Go / Python detection (override language)
+    if (existsSync(join(dir, 'Cargo.toml'))) {
+        stack.language = 'Rust';
+        stack.buildTool = 'cargo';
+        stack.testRunner = 'cargo test';
+        return stack;
+    }
+    if (existsSync(join(dir, 'go.mod'))) {
+        stack.language = 'Go';
+        stack.buildTool = 'go';
+        stack.testRunner = 'go test';
+        return stack;
+    }
+    if (existsSync(join(dir, 'pyproject.toml'))) {
+        stack.language = 'Python';
+        stack.testRunner = 'pytest';
+        return stack;
+    }
+    // Node.js ecosystem — read package.json for framework/tools
+    const pkgPath = join(dir, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+            // Framework
+            if (allDeps['next'])
+                stack.framework = 'Next.js';
+            else if (allDeps['nuxt'])
+                stack.framework = 'Nuxt';
+            else if (allDeps['@remix-run/node'] || allDeps['@remix-run/react'])
+                stack.framework = 'Remix';
+            else if (allDeps['express'])
+                stack.framework = 'Express';
+            else if (allDeps['fastify'])
+                stack.framework = 'Fastify';
+            else if (allDeps['react'])
+                stack.framework = 'React';
+            else if (allDeps['vue'])
+                stack.framework = 'Vue';
+            else if (allDeps['svelte'])
+                stack.framework = 'Svelte';
+            // Test runner
+            if (allDeps['vitest'])
+                stack.testRunner = 'vitest';
+            else if (allDeps['jest'])
+                stack.testRunner = 'jest';
+            else if (allDeps['mocha'])
+                stack.testRunner = 'mocha';
+            // Build tool
+            if (allDeps['vite'] && !stack.framework?.includes('Next'))
+                stack.buildTool = 'vite';
+            else if (allDeps['webpack'])
+                stack.buildTool = 'webpack';
+            else if (allDeps['esbuild'])
+                stack.buildTool = 'esbuild';
+            else if (stack.language === 'TypeScript')
+                stack.buildTool = 'tsc';
+            // CSS
+            if (allDeps['tailwindcss'])
+                stack.css = 'Tailwind CSS';
+            // ORM
+            if (allDeps['prisma'] || allDeps['@prisma/client'])
+                stack.orm = 'Prisma';
+            else if (allDeps['drizzle-orm'])
+                stack.orm = 'Drizzle';
+        }
+        catch { /* ignore parse errors */ }
+    }
+    // Package manager
+    if (existsSync(join(dir, 'bun.lockb')))
+        stack.packageManager = 'bun';
+    else if (existsSync(join(dir, 'pnpm-lock.yaml')))
+        stack.packageManager = 'pnpm';
+    else if (existsSync(join(dir, 'yarn.lock')))
+        stack.packageManager = 'yarn';
+    else if (existsSync(join(dir, 'package-lock.json')))
+        stack.packageManager = 'npm';
+    return stack;
+}
+function generateClaudeMd(name, stack, buildCmd) {
+    const parts = [];
+    // Header
+    parts.push(`# ${name}\n`);
+    // Project overview
+    const stackDesc = [stack.language, stack.framework, stack.css, stack.orm].filter(Boolean).join(', ');
+    parts.push(`## Project overview`);
+    parts.push(`${stackDesc || stack.language} project.\n`);
+    // Build & test
+    parts.push(`## Build & test`);
+    if (buildCmd)
+        parts.push(`- Build: \`${buildCmd}\``);
+    if (stack.testRunner) {
+        const testCmd = stack.testRunner === 'vitest' ? 'npx vitest run'
+            : stack.testRunner === 'jest' ? 'npx jest'
+                : stack.testRunner === 'pytest' ? 'python -m pytest'
+                    : stack.testRunner === 'cargo test' ? 'cargo test'
+                        : stack.testRunner === 'go test' ? 'go test ./...'
+                            : stack.testRunner;
+        parts.push(`- Test: \`${testCmd}\``);
+    }
+    const pm = stack.packageManager || 'npm';
+    if (['TypeScript', 'JavaScript'].includes(stack.language)) {
+        parts.push(`- Lint: \`${pm === 'npm' ? 'npm run' : pm} lint\``);
+    }
+    if (stack.language === 'TypeScript') {
+        parts.push(`- Type check: \`npx tsc --noEmit\``);
+    }
+    parts.push('');
+    // Code style
+    parts.push(`## Code style`);
+    if (stack.framework === 'Next.js') {
+        parts.push(`- Use functional components with ${stack.language}`);
+        parts.push(`- Prefer server components; add "use client" only when needed`);
+    }
+    else if (stack.framework === 'React') {
+        parts.push(`- Use functional components with hooks`);
+    }
+    else if (stack.language === 'Rust') {
+        parts.push(`- Follow standard Rust conventions (rustfmt, clippy)`);
+    }
+    else if (stack.language === 'Go') {
+        parts.push(`- Follow standard Go conventions (gofmt, go vet)`);
+    }
+    else if (stack.language === 'Python') {
+        parts.push(`- Follow PEP 8 conventions`);
+    }
+    if (stack.css === 'Tailwind CSS') {
+        parts.push(`- Use Tailwind CSS utility classes for styling`);
+    }
+    if (stack.orm === 'Prisma') {
+        parts.push(`- Use Prisma for database access`);
+    }
+    else if (stack.orm === 'Drizzle') {
+        parts.push(`- Use Drizzle ORM for database access`);
+    }
+    parts.push('');
+    // File structure
+    parts.push(`## File structure`);
+    if (stack.framework === 'Next.js') {
+        parts.push(`- app/ — routes and layouts`);
+        parts.push(`- components/ — React components`);
+        parts.push(`- lib/ — utilities and shared logic`);
+        if (stack.orm === 'Prisma')
+            parts.push(`- prisma/ — database schema`);
+    }
+    else if (stack.framework === 'Express' || stack.framework === 'Fastify') {
+        parts.push(`- src/ — application source`);
+        parts.push(`- routes/ — API routes`);
+        parts.push(`- lib/ — utilities and shared logic`);
+    }
+    else if (stack.language === 'Rust') {
+        parts.push(`- src/ — application source`);
+        parts.push(`- tests/ — integration tests`);
+    }
+    else if (stack.language === 'Go') {
+        parts.push(`- cmd/ — entrypoints`);
+        parts.push(`- internal/ — private packages`);
+        parts.push(`- pkg/ — public packages`);
+    }
+    else if (stack.language === 'Python') {
+        parts.push(`- src/ — application source`);
+        parts.push(`- tests/ — test files`);
+    }
+    else {
+        parts.push(`- src/ — application source`);
+        parts.push(`- lib/ — utilities and shared logic`);
+    }
+    parts.push('');
+    return parts.join('\n');
+}
 function ask(rl, question, opts) {
     return new Promise((resolve) => {
         const suffix = opts?.defaultValue ? ` ${DIM}(${opts.defaultValue})${RESET}` : '';
@@ -476,7 +679,10 @@ export async function runInit() {
             else {
                 printStatus(null, 'Not a git repo', `${dir} — you can init git later`);
             }
-            const buildCmd = await ask(rl, 'Build command (optional)');
+            const detectedBuild = detectBuildCommand(dir);
+            const buildCmd = await ask(rl, 'Build command' + (detectedBuild ? '' : ' (optional)'), {
+                defaultValue: detectedBuild,
+            });
             // Detect default branch for this project
             const gitExists2 = existsSync(join(dir, '.git'));
             const detectedBranch = gitExists2 ? getDefaultBranch(dir) : 'main';
@@ -489,7 +695,31 @@ export async function runInit() {
                 : undefined;
             const skipPRInput = await ask(rl, 'Skip automatic PR creation?', { defaultValue: 'N' });
             const skipPR = skipPRInput.toLowerCase() === 'y' || skipPRInput.toLowerCase() === 'yes' ? true : undefined;
-            projects.push({ name, dir, buildCmd: buildCmd || undefined, baseBranch, blockedFiles, skipPR });
+            const devAccessInput = await ask(rl, 'Enable dev access (run scripts, query DB, hit endpoints)?', { defaultValue: 'N' });
+            const devAccessEnabled = devAccessInput.toLowerCase() === 'y' || devAccessInput.toLowerCase() === 'yes';
+            let envFile;
+            if (devAccessEnabled) {
+                const envCandidates = ['.env.local', '.env.development', '.env'];
+                const detected = envCandidates.find(f => existsSync(join(dir, f)));
+                envFile = await ask(rl, 'Env file to load', { defaultValue: detected }) || undefined;
+            }
+            projects.push({ name, dir, buildCmd: buildCmd || undefined, baseBranch, blockedFiles, skipPR, devAccess: devAccessEnabled || undefined, envFile });
+            // Offer to generate CLAUDE.md if it doesn't exist
+            const claudeMdPath = join(dir, 'CLAUDE.md');
+            if (!existsSync(claudeMdPath)) {
+                const stack = detectProjectStack(dir);
+                console.log(`  ${DIM}Detected: ${[stack.language, stack.framework, stack.css, stack.orm].filter(Boolean).join(', ')}${RESET}`);
+                const genClaudeMd = await ask(rl, 'Generate starter CLAUDE.md?', { defaultValue: 'Y' });
+                if (genClaudeMd.toLowerCase() === 'y' || genClaudeMd.toLowerCase() === 'yes') {
+                    const content = generateClaudeMd(name, stack, buildCmd || undefined);
+                    writeFileSync(claudeMdPath, content, 'utf-8');
+                    printStatus(true, 'Generated CLAUDE.md', claudeMdPath);
+                    console.log(`  ${DIM}Edit it to add project-specific rules and conventions.${RESET}`);
+                }
+            }
+            else {
+                printStatus(true, 'CLAUDE.md exists', claudeMdPath);
+            }
             console.log('');
             const another = await ask(rl, 'Add another project?', { defaultValue: 'N' });
             addMore = another.toLowerCase() === 'y' || another.toLowerCase() === 'yes';

package/dist/index.js

@@ -3,8 +3,8 @@ import { execSync } from 'node:child_process';
 import { join } from 'node:path';
 import { query } from '@anthropic-ai/claude-agent-sdk';
 import { CONFIG, REVIEW_OUTPUT_SCHEMA, isPro } from './config.js';
-import { sleep, clamp, extractJsonFromOutput, shellEscape, extractNumber, loadEnv, createWorktree, removeWorktree, getDefaultBranch, validateNoBlockedFiles } from './lib/utils.js';
-import { getProjectDir, getProjectNames, getBuildCommand, getBaseBranch, getBlockedFiles, getSkipPR } from './lib/projects.js';
+import { sleep, clamp, extractJsonFromOutput, shellEscape, extractNumber, loadEnv, parseEnvFile, createWorktree, removeWorktree, getDefaultBranch, validateNoBlockedFiles } from './lib/utils.js';
+import { getProjectDir, getProjectNames, getBuildCommand, getBaseBranch, getBlockedFiles, getSkipPR, getDevAccess, getEnvFile } from './lib/projects.js';
 import { fetchTicketsByStatus, fetchTicketDetails, writeReviewResults, writeExecutionResults, moveTicketStatus, writeFailure, addComment, } from './lib/notion.js';
 import { PACKAGE_ROOT, CONFIG_DIR } from './lib/paths.js';
 // Load .env.local from the user's working directory
@@ -51,7 +51,8 @@ async function runReviewAgent(ticket) {
     }
     log(CYAN, 'REVIEW', `Starting review for "${ticket.title}" in ${ticket.project}`);
     const startTime = Date.now();
-    const prompt = [
+    const blockedFiles = getBlockedFiles(ticket.project);
+    const promptParts = [
         reviewPrompt,
         '',
         '## Ticket',
@@ -62,7 +63,11 @@ async function runReviewAgent(ticket) {
         '',
         '**Page Content**:',
         ticket.bodyBlocks,
-    ].join('\n');
+    ];
+    if (blockedFiles.length > 0) {
+        promptParts.push('', '## BLOCKED FILES — CANNOT BE MODIFIED', 'The following file patterns are off-limits. Factor this into your scoring — if the natural implementation would touch these files, lower the ease and confidence scores and note it in risks.', '', ...blockedFiles.map(p => `- \`${p}\``));
+    }
+    const prompt = promptParts.join('\n');
     const messages = query({
         prompt,
         options: {
@@ -161,6 +166,8 @@ async function runExecuteAgent(ticket) {
     const baseBranch = getBaseBranch(ticket.project) || getDefaultBranch(projectDir);
     const blockedFiles = getBlockedFiles(ticket.project);
     const skipPR = getSkipPR(ticket.project);
+    const devAccess = getDevAccess(ticket.project);
+    const envFile = getEnvFile(ticket.project);
     log(MAGENTA, 'EXECUTE', `Starting execution for "${ticket.title}" on branch ${branchName}`);
     const startTime = Date.now();
     // Move to In Progress immediately
@@ -191,18 +198,41 @@ async function runExecuteAgent(ticket) {
         if (blockedFiles.length > 0) {
             promptParts.push('', '## BLOCKED FILES — DO NOT TOUCH', 'The following file patterns are off-limits. Do NOT create, modify, or delete any files matching these patterns. Violations will cause the entire run to fail.', '', ...blockedFiles.map((p) => `- \`${p}\``));
         }
+        if (devAccess) {
+            promptParts.push('', '## DEV ENVIRONMENT ACCESS', 'You have access to run scripts and dev tools in this project. Use this to:', '- Write and run scripts to understand database schema or existing data', '- Hit local API endpoints with curl to understand response shapes', '- Run tests to verify your implementation', '- Use ORM tools (e.g. `npx prisma studio`) to inspect the data model', '', '### Rules', '- Do NOT run database migrations (`prisma migrate`, `db push`, `alembic`, etc.)', '- Do NOT drop, truncate, or bulk-delete data', '- Do NOT make requests to external/production hosts — only localhost and 127.0.0.1', '- Clean up any temporary scripts you create before your final commit', '- If you create test data, document it in a commit message so reviewers know');
+        }
         const prompt = promptParts.join('\n');
+        // Build agent environment when envFile is configured
+        let agentEnv;
+        if (envFile) {
+            const projectEnv = parseEnvFile(join(projectDir, envFile));
+            agentEnv = { ...process.env, ...projectEnv };
+        }
+        const baseTools = [
+            'Read', 'Glob', 'Grep', 'Edit', 'Write', 'Task',
+            'Bash(git add:*)', 'Bash(git commit:*)', 'Bash(git status:*)',
+            'Bash(git diff:*)', 'Bash(git log:*)',
+            'Bash(npm run build:*)', 'Bash(npm test:*)', 'Bash(npx tsc:*)',
+        ];
+        const devTools = [
+            'Bash(npx tsx:*)',
+            'Bash(node:*)',
+            'Bash(npm run:*)',
+            'Bash(npx vitest:*)',
+            'Bash(npx jest:*)',
+            'Bash(npx prisma:*)',
+            'Bash(python:*)',
+            'Bash(curl http://localhost:*)',
+            'Bash(curl http://127.0.0.1:*)',
+        ];
+        const allowedTools = devAccess ? [...baseTools, ...devTools] : baseTools;
         const messages = query({
             prompt,
             options: {
                 model: CONFIG.EXECUTE_MODEL,
                 cwd: worktreeDir,
-                allowedTools: [
-                    'Read', 'Glob', 'Grep', 'Edit', 'Write', 'Task',
-                    'Bash(git add:*)', 'Bash(git commit:*)', 'Bash(git status:*)',
-                    'Bash(git diff:*)', 'Bash(git log:*)',
-                    'Bash(npm run build:*)', 'Bash(npm test:*)', 'Bash(npx tsc:*)',
-                ],
+                allowedTools,
+                env: agentEnv,
                 disallowedTools: ['WebFetch', 'WebSearch'],
                 maxTurns: CONFIG.EXECUTE_MAX_TURNS,
                 maxBudgetUsd: CONFIG.EXECUTE_BUDGET_USD,

package/dist/lib/projects.d.ts

@@ -4,6 +4,8 @@ export declare function getBuildCommand(name: string): string | undefined;
 export declare function getBaseBranch(name: string): string | undefined;
 export declare function getBlockedFiles(name: string): string[];
 export declare function getSkipPR(name: string): boolean;
+export declare function getDevAccess(name: string): boolean;
+export declare function getEnvFile(name: string): string | undefined;
 export declare function getAllProjects(): Record<string, string>;
 /** Reset the in-memory cache (for tests). */
 export declare function _resetCache(): void;

package/dist/lib/projects.js

@@ -33,6 +33,12 @@ export function getBlockedFiles(name) {
 export function getSkipPR(name) {
     return load().projects[name]?.skipPR ?? false;
 }
+export function getDevAccess(name) {
+    return load().projects[name]?.devAccess ?? false;
+}
+export function getEnvFile(name) {
+    return load().projects[name]?.envFile;
+}
 export function getAllProjects() {
     const data = load();
     const result = {};

package/dist/lib/utils.d.ts

@@ -5,6 +5,7 @@ export declare function shellEscape(str: string): string;
 export declare function extractNumber(ticket: {
     impact?: string;
 }, field: string): string;
+export declare function parseEnvFile(filepath: string): Record<string, string>;
 export declare function loadEnv(filepath: string): void;
 export declare function mask(str: string): string;
 export declare function writeEnvFile(filepath: string, updates: Record<string, string>): void;
@@ -15,6 +16,8 @@ export declare function updateProjectsFile(filepath: string, projects: Array<{
     baseBranch?: string;
     blockedFiles?: string[];
     skipPR?: boolean;
+    devAccess?: boolean;
+    envFile?: string;
 }>): void;
 export declare function getDefaultBranch(projectDir: string): string;
 /** Reset the default branch cache (for tests). */

package/dist/lib/utils.js

@@ -61,6 +61,23 @@ export function extractNumber(ticket, field) {
     }
     return '?';
 }
+export function parseEnvFile(filepath) {
+    const vars = {};
+    try {
+        const content = readFileSync(filepath, 'utf-8');
+        for (const line of content.split('\n')) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                continue;
+            const eqIndex = trimmed.indexOf('=');
+            if (eqIndex === -1)
+                continue;
+            vars[trimmed.slice(0, eqIndex).trim()] = trimmed.slice(eqIndex + 1).trim();
+        }
+    }
+    catch { /* file doesn't exist */ }
+    return vars;
+}
 export function loadEnv(filepath) {
     try {
         const content = readFileSync(filepath, 'utf-8');
@@ -136,6 +153,8 @@ export function updateProjectsFile(filepath, projects) {
             ...(proj.baseBranch ? { baseBranch: proj.baseBranch } : {}),
             ...(proj.blockedFiles && proj.blockedFiles.length > 0 ? { blockedFiles: proj.blockedFiles } : {}),
             ...(proj.skipPR ? { skipPR: proj.skipPR } : {}),
+            ...(proj.devAccess ? { devAccess: proj.devAccess } : {}),
+            ...(proj.envFile ? { envFile: proj.envFile } : {}),
         };
     }
     writeFileSync(filepath, JSON.stringify(data, null, 2) + '\n');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ticket-to-pr",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "description": "Drag a Notion ticket, get a pull request. AI-powered dev automation.",
   "type": "module",
   "bin": {

package/prompts/execute.md

@@ -15,6 +15,7 @@ You have been given a ticket with an implementation spec. Follow the spec and im
 9. Run existing tests if available, but do not add new test files unless the spec explicitly requires it.
 10. Do not modify files outside the scope of the spec.
 11. If your prompt includes a "BLOCKED FILES" section, you MUST NOT modify any files matching those patterns. Violations will cause the entire run to fail.
+12. If your prompt includes a "DEV ENVIRONMENT ACCESS" section, you may run scripts and dev tools as described. Always prefer reading code directly over running scripts when possible.
 
 ## When Done
 Commit all changes with a final commit message summarizing what was done. The commit message should reference the ticket title.

package/prompts/review.md

@@ -41,3 +41,4 @@ You MUST end your response with a JSON code block containing exactly these field
 - List EVERY file that will be touched in affectedFiles.
 - Read the project's CLAUDE.md if it exists for project-specific rules and architecture.
 - Explore relevant code files to understand existing patterns before scoring.
+- If the prompt includes a "BLOCKED FILES" section, factor those constraints into your scoring. If the natural implementation would need to modify blocked files, lower the ease score and note the constraint in risks.