ticket-to-pr 1.2.0 → 1.2.2

package/README.md

@@ -289,7 +289,7 @@ Environment:
   ○ LICENSE_KEY               Free tier
 
 Models:
-  ✓ Review model              claude-sonnet-4-5-20250929
+  ✓ Review model              claude-sonnet-4-6
   ✓ Execute model             claude-opus-4-6
 
 Notion:
@@ -418,7 +418,8 @@ The review agent explores your codebase without modifying anything:
 The execute agent implements the code based on the spec:
 
 - **Tools**: Read, Glob, Grep, Edit, Write + limited Bash (git, build, test only)
-- **Cannot**: push, run destructive commands, modify databases, access the web
+- **Dev access** (opt-in): When `devAccess` is enabled, additionally allows `npx tsx`, `node`, `npm run`, `npx vitest`, `npx jest`, `npx prisma`, `python`, and `curl` to localhost/127.0.0.1 only
+- **Cannot**: push, run destructive commands, modify databases, access the web, curl external hosts
 - **Context**: Reads your project's `CLAUDE.md` for conventions and rules
 - **Budget**: $15.00 max, 50 turns max
 - **Typical cost**: $0.20 - $2.00
@@ -496,6 +497,8 @@ Project configuration in `projects.json`:
 | `projects.<name>.baseBranch` | Optional base branch (e.g. `develop`). Falls back to auto-detected default (`main`/`master`). |
 | `projects.<name>.blockedFiles` | Optional array of glob patterns the agent must never touch (e.g. `["**/migrations/**", "**/*.sql"]`) |
 | `projects.<name>.skipPR` | Optional boolean. Set `true` to push the branch but skip automatic PR creation. |
+| `projects.<name>.devAccess` | Optional boolean. Set `true` to let the execute agent run scripts, query DBs, and hit local endpoints. |
+| `projects.<name>.envFile` | Optional env file path relative to project directory (e.g. `.env.local`). Loaded into the agent's environment when set. |
 
 ## Project Structure
 

package/dist/cli.js

@@ -624,7 +624,7 @@ export async function runInit() {
         console.log(`  ${DIM}Choose which Claude model each agent uses.${RESET}`);
         console.log(`  ${DIM}Sonnet = fast/cheap, Opus = best quality, Haiku = fastest/cheapest${RESET}\n`);
         const modelChoices = [
-            { label: 'sonnet', id: 'claude-sonnet-4-5-20250929' },
+            { label: 'sonnet', id: 'claude-sonnet-4-6' },
             { label: 'opus', id: 'claude-opus-4-6' },
             { label: 'haiku', id: 'claude-haiku-4-5-20251001' },
         ];
@@ -695,7 +695,15 @@ export async function runInit() {
                 : undefined;
             const skipPRInput = await ask(rl, 'Skip automatic PR creation?', { defaultValue: 'N' });
             const skipPR = skipPRInput.toLowerCase() === 'y' || skipPRInput.toLowerCase() === 'yes' ? true : undefined;
-            projects.push({ name, dir, buildCmd: buildCmd || undefined, baseBranch, blockedFiles, skipPR });
+            const devAccessInput = await ask(rl, 'Enable dev access (run scripts, query DB, hit endpoints)?', { defaultValue: 'N' });
+            const devAccessEnabled = devAccessInput.toLowerCase() === 'y' || devAccessInput.toLowerCase() === 'yes';
+            let envFile;
+            if (devAccessEnabled) {
+                const envCandidates = ['.env.local', '.env.development', '.env'];
+                const detected = envCandidates.find(f => existsSync(join(dir, f)));
+                envFile = await ask(rl, 'Env file to load', { defaultValue: detected }) || undefined;
+            }
+            projects.push({ name, dir, buildCmd: buildCmd || undefined, baseBranch, blockedFiles, skipPR, devAccess: devAccessEnabled || undefined, envFile });
             // Offer to generate CLAUDE.md if it doesn't exist
             const claudeMdPath = join(dir, 'CLAUDE.md');
             if (!existsSync(claudeMdPath)) {

package/dist/config.js

@@ -48,7 +48,7 @@ export const CONFIG = {
     EXECUTE_BUDGET_USD: 15.00,
     // Agent models (env override → default)
     get REVIEW_MODEL() {
-        return process.env.REVIEW_MODEL || 'claude-sonnet-4-5-20250929';
+        return process.env.REVIEW_MODEL || 'claude-sonnet-4-6';
     },
     get EXECUTE_MODEL() {
         return process.env.EXECUTE_MODEL || 'claude-opus-4-6';

package/dist/index.js

@@ -3,8 +3,8 @@ import { execSync } from 'node:child_process';
 import { join } from 'node:path';
 import { query } from '@anthropic-ai/claude-agent-sdk';
 import { CONFIG, REVIEW_OUTPUT_SCHEMA, isPro } from './config.js';
-import { sleep, clamp, extractJsonFromOutput, shellEscape, extractNumber, loadEnv, createWorktree, removeWorktree, getDefaultBranch, validateNoBlockedFiles } from './lib/utils.js';
-import { getProjectDir, getProjectNames, getBuildCommand, getBaseBranch, getBlockedFiles, getSkipPR } from './lib/projects.js';
+import { sleep, clamp, extractJsonFromOutput, shellEscape, extractNumber, loadEnv, parseEnvFile, createWorktree, removeWorktree, getDefaultBranch, validateNoBlockedFiles } from './lib/utils.js';
+import { getProjectDir, getProjectNames, getBuildCommand, getBaseBranch, getBlockedFiles, getSkipPR, getDevAccess, getEnvFile } from './lib/projects.js';
 import { fetchTicketsByStatus, fetchTicketDetails, writeReviewResults, writeExecutionResults, moveTicketStatus, writeFailure, addComment, } from './lib/notion.js';
 import { PACKAGE_ROOT, CONFIG_DIR } from './lib/paths.js';
 // Load .env.local from the user's working directory
@@ -166,6 +166,8 @@ async function runExecuteAgent(ticket) {
     const baseBranch = getBaseBranch(ticket.project) || getDefaultBranch(projectDir);
     const blockedFiles = getBlockedFiles(ticket.project);
     const skipPR = getSkipPR(ticket.project);
+    const devAccess = getDevAccess(ticket.project);
+    const envFile = getEnvFile(ticket.project);
     log(MAGENTA, 'EXECUTE', `Starting execution for "${ticket.title}" on branch ${branchName}`);
     const startTime = Date.now();
     // Move to In Progress immediately
@@ -196,18 +198,41 @@ async function runExecuteAgent(ticket) {
         if (blockedFiles.length > 0) {
             promptParts.push('', '## BLOCKED FILES — DO NOT TOUCH', 'The following file patterns are off-limits. Do NOT create, modify, or delete any files matching these patterns. Violations will cause the entire run to fail.', '', ...blockedFiles.map((p) => `- \`${p}\``));
         }
+        if (devAccess) {
+            promptParts.push('', '## DEV ENVIRONMENT ACCESS', 'You have access to run scripts and dev tools in this project. Use this to:', '- Write and run scripts to understand database schema or existing data', '- Hit local API endpoints with curl to understand response shapes', '- Run tests to verify your implementation', '- Use ORM tools (e.g. `npx prisma studio`) to inspect the data model', '', '### Rules', '- Do NOT run database migrations (`prisma migrate`, `db push`, `alembic`, etc.)', '- Do NOT drop, truncate, or bulk-delete data', '- Do NOT make requests to external/production hosts — only localhost and 127.0.0.1', '- Clean up any temporary scripts you create before your final commit', '- If you create test data, document it in a commit message so reviewers know');
+        }
         const prompt = promptParts.join('\n');
+        // Build agent environment when envFile is configured
+        let agentEnv;
+        if (envFile) {
+            const projectEnv = parseEnvFile(join(projectDir, envFile));
+            agentEnv = { ...process.env, ...projectEnv };
+        }
+        const baseTools = [
+            'Read', 'Glob', 'Grep', 'Edit', 'Write', 'Task',
+            'Bash(git add:*)', 'Bash(git commit:*)', 'Bash(git status:*)',
+            'Bash(git diff:*)', 'Bash(git log:*)',
+            'Bash(npm run build:*)', 'Bash(npm test:*)', 'Bash(npx tsc:*)',
+        ];
+        const devTools = [
+            'Bash(npx tsx:*)',
+            'Bash(node:*)',
+            'Bash(npm run:*)',
+            'Bash(npx vitest:*)',
+            'Bash(npx jest:*)',
+            'Bash(npx prisma:*)',
+            'Bash(python:*)',
+            'Bash(curl http://localhost:*)',
+            'Bash(curl http://127.0.0.1:*)',
+        ];
+        const allowedTools = devAccess ? [...baseTools, ...devTools] : baseTools;
         const messages = query({
             prompt,
             options: {
                 model: CONFIG.EXECUTE_MODEL,
                 cwd: worktreeDir,
-                allowedTools: [
-                    'Read', 'Glob', 'Grep', 'Edit', 'Write', 'Task',
-                    'Bash(git add:*)', 'Bash(git commit:*)', 'Bash(git status:*)',
-                    'Bash(git diff:*)', 'Bash(git log:*)',
-                    'Bash(npm run build:*)', 'Bash(npm test:*)', 'Bash(npx tsc:*)',
-                ],
+                allowedTools,
+                env: agentEnv,
                 disallowedTools: ['WebFetch', 'WebSearch'],
                 maxTurns: CONFIG.EXECUTE_MAX_TURNS,
                 maxBudgetUsd: CONFIG.EXECUTE_BUDGET_USD,

package/dist/lib/projects.d.ts

@@ -4,6 +4,8 @@ export declare function getBuildCommand(name: string): string | undefined;
 export declare function getBaseBranch(name: string): string | undefined;
 export declare function getBlockedFiles(name: string): string[];
 export declare function getSkipPR(name: string): boolean;
+export declare function getDevAccess(name: string): boolean;
+export declare function getEnvFile(name: string): string | undefined;
 export declare function getAllProjects(): Record<string, string>;
 /** Reset the in-memory cache (for tests). */
 export declare function _resetCache(): void;

package/dist/lib/projects.js

@@ -33,6 +33,12 @@ export function getBlockedFiles(name) {
 export function getSkipPR(name) {
     return load().projects[name]?.skipPR ?? false;
 }
+export function getDevAccess(name) {
+    return load().projects[name]?.devAccess ?? false;
+}
+export function getEnvFile(name) {
+    return load().projects[name]?.envFile;
+}
 export function getAllProjects() {
     const data = load();
     const result = {};

package/dist/lib/utils.d.ts

@@ -5,6 +5,7 @@ export declare function shellEscape(str: string): string;
 export declare function extractNumber(ticket: {
     impact?: string;
 }, field: string): string;
+export declare function parseEnvFile(filepath: string): Record<string, string>;
 export declare function loadEnv(filepath: string): void;
 export declare function mask(str: string): string;
 export declare function writeEnvFile(filepath: string, updates: Record<string, string>): void;
@@ -15,6 +16,8 @@ export declare function updateProjectsFile(filepath: string, projects: Array<{
     baseBranch?: string;
     blockedFiles?: string[];
     skipPR?: boolean;
+    devAccess?: boolean;
+    envFile?: string;
 }>): void;
 export declare function getDefaultBranch(projectDir: string): string;
 /** Reset the default branch cache (for tests). */

package/dist/lib/utils.js

@@ -61,6 +61,23 @@ export function extractNumber(ticket, field) {
     }
     return '?';
 }
+export function parseEnvFile(filepath) {
+    const vars = {};
+    try {
+        const content = readFileSync(filepath, 'utf-8');
+        for (const line of content.split('\n')) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                continue;
+            const eqIndex = trimmed.indexOf('=');
+            if (eqIndex === -1)
+                continue;
+            vars[trimmed.slice(0, eqIndex).trim()] = trimmed.slice(eqIndex + 1).trim();
+        }
+    }
+    catch { /* file doesn't exist */ }
+    return vars;
+}
 export function loadEnv(filepath) {
     try {
         const content = readFileSync(filepath, 'utf-8');
@@ -136,6 +153,8 @@ export function updateProjectsFile(filepath, projects) {
             ...(proj.baseBranch ? { baseBranch: proj.baseBranch } : {}),
             ...(proj.blockedFiles && proj.blockedFiles.length > 0 ? { blockedFiles: proj.blockedFiles } : {}),
             ...(proj.skipPR ? { skipPR: proj.skipPR } : {}),
+            ...(proj.devAccess ? { devAccess: proj.devAccess } : {}),
+            ...(proj.envFile ? { envFile: proj.envFile } : {}),
         };
     }
     writeFileSync(filepath, JSON.stringify(data, null, 2) + '\n');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ticket-to-pr",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "description": "Drag a Notion ticket, get a pull request. AI-powered dev automation.",
   "type": "module",
   "bin": {
@@ -13,6 +13,22 @@
     "projects.example.json",
     "README.md"
   ],
+  "homepage": "https://www.tickettopr.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/JohnRiceML/ticket-to-pr.git"
+  },
+  "bugs": {
+    "url": "https://github.com/JohnRiceML/ticket-to-pr/issues"
+  },
+  "keywords": [
+    "notion",
+    "claude",
+    "ai",
+    "pull-request",
+    "automation",
+    "developer-tools"
+  ],
   "engines": {
     "node": ">=18.0.0"
   },

package/prompts/execute.md

@@ -15,6 +15,7 @@ You have been given a ticket with an implementation spec. Follow the spec and im
 9. Run existing tests if available, but do not add new test files unless the spec explicitly requires it.
 10. Do not modify files outside the scope of the spec.
 11. If your prompt includes a "BLOCKED FILES" section, you MUST NOT modify any files matching those patterns. Violations will cause the entire run to fail.
+12. If your prompt includes a "DEV ENVIRONMENT ACCESS" section, you may run scripts and dev tools as described. Always prefer reading code directly over running scripts when possible.
 
 ## When Done
 Commit all changes with a final commit message summarizing what was done. The commit message should reference the ticket title.