tissues 0.6.1 → 0.6.2

package/src/lib/ai/agent.js

@@ -0,0 +1,323 @@
+/**
+ * General-purpose AI agent for tissues CLI.
+ *
+ * Builds a token-efficient system prompt from local cache + filesystem,
+ * dispatches JSON-based actions, and supports multi-turn conversation.
+ */
+
+import { store } from '../config.js'
+import { loadConfig, findRepoRoot } from '../defaults.js'
+import { ensureFresh, getCachedIssues } from '../cache.js'
+import { getAuthenticatedUser } from '../gh.js'
+import { listTemplates } from '../templates.js'
+import { listEnhancements } from '../enhancements.js'
+import { countPending } from '../drafts.js'
+import { resolveRoute } from './router.js'
+import { checkAvailable } from './index.js'
+import { ACTION_SCHEMAS, executeAction } from './agent-actions.js'
+import { bold, dim, cyan, green, yellow, red } from '../color.js'
+
+// ---------------------------------------------------------------------------
+// System prompt builder
+// ---------------------------------------------------------------------------
+
+/**
+ * Build the system prompt with dynamic state from cache + filesystem.
+ * Designed to be token-efficient (~1000-1400 tokens, max ~2000).
+ *
+ * @param {{ activeRepo: string, config: object, repoRoot: string, user?: string }} context
+ * @returns {string}
+ */
+export function buildAgentSystemPrompt(context) {
+  const sections = []
+
+  // Section 1: Identity + constraints + guardrails
+  sections.push([
+    'You are the tissues CLI agent. You manage GitHub issues via JSON actions.',
+    'Return ONLY a single JSON object: { "action": "<name>", "params": { ... } }',
+    '',
+    'Rules:',
+    '- Output MUST be valid JSON. No markdown, no explanation, no text outside JSON.',
+    '- For read-only queries (list, show), execute immediately.',
+    '- For mutations (create, set, switch), include all required params.',
+    '- Use "answer" action for conversational replies or to ask clarifying questions.',
+    '',
+    'Guardrails:',
+    '- You ONLY handle tissues/GitHub issue operations. Nothing else.',
+    '- NEVER generate code, open URLs, write files, or answer off-topic questions.',
+    '- If asked something outside your scope (weather, coding help, general knowledge),',
+    '  respond with: {"action":"answer","params":{"text":"I can only help with GitHub issues via tissues. Try `tissues --help` for available commands."}}',
+  ].join('\n'))
+
+  // Section 2: Action schemas (compact)
+  const schemaLines = ['Available actions:']
+  for (const schema of ACTION_SCHEMAS) {
+    const paramStr = Object.entries(schema.params)
+      .map(([k, v]) => `${k}: ${v}`)
+      .join(', ')
+    const confirm = schema.requiresConfirmation ? ' [confirms]' : ''
+    schemaLines.push(`  ${schema.name}(${paramStr})${confirm} — ${schema.description}`)
+  }
+  sections.push(schemaLines.join('\n'))
+
+  // Section 3: CLI command reference (so agent can point users to commands)
+  sections.push([
+    'CLI commands (you cannot run these, but can tell users about them):',
+    '  tissues auth — configure GitHub authentication',
+    '  tissues config — view/set configuration',
+    '  tissues create — create an issue interactively',
+    '  tissues draft — manage pending issue drafts',
+    '  tissues list — list issues from cache',
+    '  tissues status — show safety status (circuit breaker, rate limits)',
+    '  tissues templates — list/manage issue templates',
+    '  tissues enhancements — list AI enhancement plugins',
+    '  tissues drafts — review and submit pending drafts',
+    '  tissues ai — run AI agent (this is you)',
+    '  tissues sync — force-sync cache with GitHub',
+    '  tissues storage — manage local database',
+  ].join('\n'))
+
+  // Section 4: Dynamic state snapshot (from cache, zero network calls)
+  const stateLines = ['Current state:']
+
+  if (context.activeRepo) stateLines.push(`  Active repo: ${context.activeRepo}`)
+  if (context.user) stateLines.push(`  User: ${context.user}`)
+
+  // Repos from cache
+  try {
+    const repos = ensureFresh('_global', 'repos', { acceptStale: true })
+    if (repos.length > 0) stateLines.push(`  Available repos: ${repos.slice(0, 15).join(', ')}${repos.length > 15 ? ` (+${repos.length - 15} more)` : ''}`)
+  } catch { /* no cached repos */ }
+
+  // Templates from filesystem
+  try {
+    const templates = listTemplates(context.repoRoot)
+    const keys = [...new Set(templates.map(t => t.key))]
+    if (keys.length > 0) stateLines.push(`  Templates: ${keys.join(', ')}`)
+  } catch { /* ok */ }
+
+  // Enhancements from filesystem
+  try {
+    const enhancements = listEnhancements(context.repoRoot)
+    const keys = [...new Set(enhancements.map(e => e.key))]
+    if (keys.length > 0) stateLines.push(`  Enhancements: ${keys.join(', ')}`)
+  } catch { /* ok */ }
+
+  // Labels from cache
+  if (context.activeRepo) {
+    try {
+      const labels = ensureFresh(context.activeRepo, 'labels', { acceptStale: true })
+      if (labels.length > 0) stateLines.push(`  Labels: ${labels.join(', ')}`)
+    } catch { /* ok */ }
+  }
+
+  // Pending drafts
+  try {
+    const pending = countPending(context.repoRoot)
+    if (pending > 0) stateLines.push(`  Pending drafts: ${pending}`)
+  } catch { /* ok */ }
+
+  // AI provider info
+  const ai = context.config?.ai || {}
+  stateLines.push(`  AI provider: ${ai.provider || 'none'}`)
+
+  // Recent issues — prefer last-24h with labels+author, fallback to top 10 titles
+  if (context.activeRepo) {
+    try {
+      let issueLimit = 30
+      const allIssues = getCachedIssues(context.activeRepo, { state: 'open', limit: issueLimit })
+      const oneDayAgo = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString()
+      let recentIssues = allIssues.filter(i => i.updatedAt && i.updatedAt >= oneDayAgo)
+
+      if (recentIssues.length > 0) {
+        stateLines.push(`  Issues updated in last 24h:`)
+        for (const i of recentIssues.slice(0, issueLimit)) {
+          const labelStr = i.labels?.length ? ` [${i.labels.join(',')}]` : ''
+          const authorStr = i.author ? ` @${i.author}` : ''
+          stateLines.push(`    #${i.number}: ${i.title}${labelStr}${authorStr}`)
+        }
+      } else if (allIssues.length > 0) {
+        // Fallback: show top 10 titles
+        stateLines.push(`  Recent open issues:`)
+        for (const i of allIssues.slice(0, 10)) {
+          stateLines.push(`    #${i.number}: ${i.title}`)
+        }
+      }
+    } catch { /* ok */ }
+  }
+
+  sections.push(stateLines.join('\n'))
+
+  // Token safety valve: if prompt is too long, trim issues and rebuild
+  let prompt = sections.join('\n\n')
+  if (prompt.length > 6000) {
+    // Rebuild the state section with halved issue count
+    const trimmedStateLines = stateLines.filter(l => !l.startsWith('    #'))
+    try {
+      const allIssues = getCachedIssues(context.activeRepo, { state: 'open', limit: 5 })
+      if (allIssues.length > 0) {
+        trimmedStateLines.push(`  Recent open issues:`)
+        for (const i of allIssues.slice(0, 5)) {
+          trimmedStateLines.push(`    #${i.number}: ${i.title}`)
+        }
+      }
+    } catch { /* ok */ }
+    sections[sections.length - 1] = trimmedStateLines.join('\n')
+    prompt = sections.join('\n\n')
+  }
+
+  return prompt
+}
+
+// ---------------------------------------------------------------------------
+// Response parser
+// ---------------------------------------------------------------------------
+
+/**
+ * Parse an AI response into an action object.
+ *
+ * @param {string} raw - raw AI response text
+ * @returns {{ action: string, params: object }}
+ */
+export function parseAgentResponse(raw) {
+  let cleaned = raw.trim()
+
+  // Strip markdown code fences if present
+  if (cleaned.startsWith('```')) {
+    cleaned = cleaned.replace(/^```(?:json)?\s*\n?/, '').replace(/\n?```\s*$/, '')
+  }
+
+  // Try to extract JSON from mixed content
+  const jsonMatch = cleaned.match(/\{[\s\S]*\}/)
+  if (jsonMatch) {
+    cleaned = jsonMatch[0]
+  }
+
+  const parsed = JSON.parse(cleaned)
+
+  if (!parsed.action) {
+    // If the response has create-style fields (title, body), treat as create_issue
+    if (parsed.title) {
+      return { action: 'create_issue', params: parsed }
+    }
+    throw new Error('Response missing "action" field')
+  }
+
+  return { action: parsed.action, params: parsed.params || parsed }
+}
+
+// ---------------------------------------------------------------------------
+// Single-shot dispatch
+// ---------------------------------------------------------------------------
+
+/**
+ * Run a single-shot AI agent: one LLM call, parse action, execute.
+ *
+ * @param {string} prompt - user's natural language prompt
+ * @param {object} config - merged config
+ * @param {{ activeRepo: string, repoRoot: string, user?: string }} context
+ * @param {{ provider?: string, model?: string, dryRun?: boolean }} [opts]
+ * @returns {Promise<{ action: string, result: any } | null>}
+ */
+export async function runAgentSingleShot(prompt, config, context, opts = {}) {
+  const systemPrompt = buildAgentSystemPrompt({ ...context, config })
+  const messages = [
+    { role: 'system', content: systemPrompt },
+    { role: 'user', content: prompt },
+  ]
+
+  const aiContext = { provider: opts.provider, model: opts.model }
+  const { adapter, model } = resolveRoute(config, aiContext)
+  const raw = await adapter.complete(messages, { model, maxTokens: 2048 })
+
+  let action, params
+  try {
+    ({ action, params } = parseAgentResponse(raw))
+  } catch {
+    // AI responded conversationally instead of JSON — treat as answer
+    action = 'answer'
+    params = { text: raw.trim() }
+  }
+  return { action, params, raw }
+}
+
+// ---------------------------------------------------------------------------
+// Multi-turn conversation loop
+// ---------------------------------------------------------------------------
+
+/**
+ * Run the agent in multi-turn chat mode.
+ *
+ * @param {object} config
+ * @param {{ activeRepo: string, repoRoot: string, user?: string }} context
+ * @param {{ provider?: string, model?: string, onInput: () => Promise<string>, onOutput: (text: string) => void }} opts
+ */
+export async function runAgentLoop(config, context, opts) {
+  const { onInput, onOutput } = opts
+  const aiContext = { provider: opts.provider, model: opts.model }
+
+  const systemPrompt = buildAgentSystemPrompt({ ...context, config })
+  const messages = [{ role: 'system', content: systemPrompt }]
+
+  // Token management: keep last N turns to stay within context limits
+  const MAX_TURNS = 20
+  const SYSTEM_MSGS = 1 // system prompt is always first
+
+  while (true) {
+    const userInput = await onInput()
+    if (!userInput || /^(exit|quit|done|bye)$/i.test(userInput.trim())) {
+      onOutput(dim('Goodbye.'))
+      break
+    }
+
+    messages.push({ role: 'user', content: userInput })
+
+    // Trim old turns if conversation is getting long
+    while (messages.length > SYSTEM_MSGS + MAX_TURNS * 2) {
+      // Remove oldest user/assistant pair (keep system prompt)
+      messages.splice(SYSTEM_MSGS, 2)
+    }
+
+    let raw
+    try {
+      const { adapter, model } = resolveRoute(config, aiContext)
+      raw = await adapter.complete(messages, { model, maxTokens: 2048 })
+    } catch (err) {
+      onOutput(red(`AI error: ${err.message}`))
+      continue
+    }
+
+    messages.push({ role: 'assistant', content: raw })
+
+    let action, params
+    try {
+      ({ action, params } = parseAgentResponse(raw))
+    } catch {
+      // If we can't parse, show the raw response
+      onOutput(raw)
+      continue
+    }
+
+    // Execute action
+    const result = await executeAction(action, params || {}, { ...context, config })
+
+    if (result.display) {
+      onOutput(result.display)
+    } else if (result.result) {
+      onOutput(typeof result.result === 'string' ? result.result : JSON.stringify(result.result, null, 2))
+    }
+
+    // Feed result back as a system message for context
+    if (action !== 'answer') {
+      messages.push({
+        role: 'user',
+        content: `[System: ${action} result: ${JSON.stringify(result.result).slice(0, 500)}]`,
+      })
+    }
+
+    // If it was just an answer with no follow-up question, check if we should continue
+    if (action === 'answer' && !result.result?.includes('?')) {
+      // Still continue — user drives the loop
+    }
+  }
+}

package/src/lib/ai/discovery.js

@@ -0,0 +1,89 @@
+import { execFile } from 'node:child_process'
+
+/**
+ * Check if a binary is available on PATH.
+ * @param {string} name - binary name
+ * @returns {Promise<boolean>}
+ */
+function hasBinary(name) {
+  const cmd = process.platform === 'win32' ? 'where' : 'command'
+  const args = process.platform === 'win32' ? [name] : ['-v', name]
+  return new Promise((resolve) => {
+    execFile(cmd, args, { timeout: 5000 }, (err) => resolve(!err))
+  })
+}
+
+/**
+ * Auto-discover available AI providers on this system.
+ *
+ * Checks for:
+ *   - CLI binaries: gemini, claude, codex
+ *   - OpenClaw gateway (env vars)
+ *   - API keys in env
+ *
+ * @returns {Promise<Array<{ name: string, type: 'cli'|'api'|'openclaw', status: 'available'|'configured', config: object }>>}
+ */
+export async function discoverProviders() {
+  const results = []
+
+  // CLI binaries — check in parallel
+  const cliChecks = [
+    { name: 'gemini-cli', binary: 'gemini' },
+    { name: 'claude-cli', binary: 'claude' },
+    { name: 'codex-cli', binary: 'codex' },
+  ]
+
+  const binaryResults = await Promise.all(
+    cliChecks.map(async ({ name, binary }) => ({
+      name,
+      binary,
+      found: await hasBinary(binary),
+    })),
+  )
+
+  for (const { name, binary, found } of binaryResults) {
+    if (found) {
+      results.push({
+        name,
+        type: 'cli',
+        status: 'available',
+        config: { binary },
+      })
+    }
+  }
+
+  // OpenClaw gateway
+  const openclawToken = process.env.OPENCLAW_GATEWAY_TOKEN
+  const openclawPort = process.env.OPENCLAW_GATEWAY_PORT || '18790'
+  if (openclawToken) {
+    results.push({
+      name: 'openclaw',
+      type: 'openclaw',
+      status: 'configured',
+      config: {
+        gatewayUrl: `http://localhost:${openclawPort}`,
+        token: openclawToken,
+      },
+    })
+  }
+
+  // API keys in environment
+  const apiKeyChecks = [
+    { name: 'anthropic', env: 'ANTHROPIC_API_KEY' },
+    { name: 'openai', env: 'OPENAI_API_KEY' },
+    { name: 'gemini', env: 'GEMINI_API_KEY' },
+  ]
+
+  for (const { name, env } of apiKeyChecks) {
+    if (process.env[env]) {
+      results.push({
+        name,
+        type: 'api',
+        status: 'configured',
+        config: { envVar: env },
+      })
+    }
+  }
+
+  return results
+}

package/src/lib/ai/discovery.test.js

@@ -0,0 +1,74 @@
+import { describe, it, beforeEach, afterEach } from 'node:test'
+import assert from 'node:assert/strict'
+import { discoverProviders } from './discovery.js'
+
+describe('discoverProviders', () => {
+  const savedEnv = {}
+
+  beforeEach(() => {
+    // Save and clear relevant env vars
+    for (const key of ['OPENCLAW_GATEWAY_TOKEN', 'OPENCLAW_GATEWAY_PORT', 'ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GEMINI_API_KEY']) {
+      savedEnv[key] = process.env[key]
+      delete process.env[key]
+    }
+  })
+
+  afterEach(() => {
+    // Restore env vars
+    for (const [key, val] of Object.entries(savedEnv)) {
+      if (val === undefined) delete process.env[key]
+      else process.env[key] = val
+    }
+  })
+
+  it('returns an array', async () => {
+    const result = await discoverProviders()
+    assert.ok(Array.isArray(result))
+  })
+
+  it('discovers API keys from environment', async () => {
+    process.env.ANTHROPIC_API_KEY = 'sk-ant-test'
+    process.env.OPENAI_API_KEY = 'sk-openai-test'
+    const result = await discoverProviders()
+    const apiProviders = result.filter((r) => r.type === 'api')
+    const names = apiProviders.map((p) => p.name)
+    assert.ok(names.includes('anthropic'))
+    assert.ok(names.includes('openai'))
+    assert.ok(!names.includes('gemini'))
+  })
+
+  it('discovers OpenClaw from environment', async () => {
+    process.env.OPENCLAW_GATEWAY_TOKEN = 'test-token'
+    process.env.OPENCLAW_GATEWAY_PORT = '9999'
+    const result = await discoverProviders()
+    const openclaw = result.find((r) => r.name === 'openclaw')
+    assert.ok(openclaw)
+    assert.equal(openclaw.type, 'openclaw')
+    assert.equal(openclaw.status, 'configured')
+    assert.equal(openclaw.config.gatewayUrl, 'http://localhost:9999')
+  })
+
+  it('uses default port for OpenClaw when not set', async () => {
+    process.env.OPENCLAW_GATEWAY_TOKEN = 'test-token'
+    const result = await discoverProviders()
+    const openclaw = result.find((r) => r.name === 'openclaw')
+    assert.equal(openclaw.config.gatewayUrl, 'http://localhost:18790')
+  })
+
+  it('does not include OpenClaw without token', async () => {
+    const result = await discoverProviders()
+    const openclaw = result.find((r) => r.name === 'openclaw')
+    assert.equal(openclaw, undefined)
+  })
+
+  it('each result has required shape', async () => {
+    process.env.ANTHROPIC_API_KEY = 'sk-test'
+    const result = await discoverProviders()
+    for (const item of result) {
+      assert.ok(item.name, 'has name')
+      assert.ok(['cli', 'api', 'openclaw'].includes(item.type), `valid type: ${item.type}`)
+      assert.ok(['available', 'configured'].includes(item.status), `valid status: ${item.status}`)
+      assert.ok(item.config && typeof item.config === 'object', 'has config object')
+    }
+  })
+})

package/src/lib/ai/enhancement-adapter.test.js

@@ -0,0 +1,188 @@
+import { test, describe } from 'node:test'
+import assert from 'node:assert/strict'
+import { enhancementToStep } from './enhancement-adapter.js'
+import { BUILT_IN_ENHANCEMENTS } from '../enhancements.js'
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function baseCtx(overrides = {}) {
+  return {
+    rawInput: '',
+    title: 'Fix auth bug',
+    description: 'The login page throws a 401 error',
+    instructions: '',
+    templateBody: '## Summary\n\n{{description}}',
+    labels: ['bug'],
+    existingIssues: [],
+    repoLabels: ['bug', 'feature', 'P0-critical'],
+    dedupScore: null,
+    structuredContext: null,
+    scopeAnalysis: null,
+    complexity: null,
+    complexityRationale: null,
+    risk: null,
+    riskRationale: null,
+    aiLabels: null,
+    body: '',
+    ...overrides,
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Built-in enhancement → step conversion
+// ---------------------------------------------------------------------------
+
+describe('enhancementToStep — built-in enhancements', () => {
+  test('converts built-in triage to step with correct fields', () => {
+    const step = enhancementToStep(BUILT_IN_ENHANCEMENTS.triage)
+    assert.equal(step.name, 'triage')
+    assert.equal(step.displayName, 'Input Analysis')
+    assert.equal(step.maxTokens, 1024)
+    assert.ok(typeof step.shouldRun === 'function')
+    assert.ok(typeof step.buildMessages === 'function')
+    assert.ok(typeof step.parseResponse === 'function')
+  })
+
+  test('built-in step uses original shouldRun', () => {
+    const step = enhancementToStep(BUILT_IN_ENHANCEMENTS.triage)
+    assert.equal(step.shouldRun(baseCtx({ rawInput: 'hello' })), true)
+    assert.equal(step.shouldRun(baseCtx({ rawInput: '' })), false)
+  })
+
+  test('built-in step uses original buildMessages', () => {
+    const step = enhancementToStep(BUILT_IN_ENHANCEMENTS.context)
+    const ctx = baseCtx()
+    const msgs = step.buildMessages(ctx)
+    assert.ok(Array.isArray(msgs))
+    assert.equal(msgs[0].role, 'system')
+    assert.equal(msgs[1].role, 'user')
+  })
+
+  test('built-in step uses original parseResponse', () => {
+    const step = enhancementToStep(BUILT_IN_ENHANCEMENTS.complexity)
+    const ctx = baseCtx()
+    step.parseResponse(JSON.stringify({ score: 7, rationale: 'complex' }), ctx)
+    assert.equal(ctx.complexity, 7)
+    assert.equal(ctx.complexityRationale, 'complex')
+  })
+
+  test('all built-in enhancements convert to valid steps', () => {
+    for (const [key, enh] of Object.entries(BUILT_IN_ENHANCEMENTS)) {
+      const step = enhancementToStep(enh)
+      assert.equal(step.name, key)
+      assert.ok(step.displayName)
+      assert.ok(typeof step.maxTokens === 'number')
+      assert.ok(typeof step.shouldRun === 'function')
+      assert.ok(typeof step.buildMessages === 'function')
+      assert.ok(typeof step.parseResponse === 'function')
+    }
+  })
+})
+
+// ---------------------------------------------------------------------------
+// Prompt override
+// ---------------------------------------------------------------------------
+
+describe('enhancementToStep — prompt override', () => {
+  test('user-overridden built-in uses custom prompt', () => {
+    const overridden = {
+      ...BUILT_IN_ENHANCEMENTS.context,
+      source: 'user',
+      prompt: 'Custom context prompt here.',
+    }
+    const step = enhancementToStep(overridden)
+    const msgs = step.buildMessages(baseCtx())
+    // Should use the custom prompt, not the built-in
+    assert.ok(msgs[0].content.includes('Custom context prompt here.'))
+  })
+
+  test('built-in source uses original buildMessages', () => {
+    const builtIn = { ...BUILT_IN_ENHANCEMENTS.context, source: 'built-in' }
+    const step = enhancementToStep(builtIn)
+    const msgs = step.buildMessages(baseCtx())
+    // Should use built-in prompt (includes "Extract structured context")
+    assert.ok(msgs[0].content.includes('Extract structured context'))
+  })
+})
+
+// ---------------------------------------------------------------------------
+// Custom enhancement → step conversion
+// ---------------------------------------------------------------------------
+
+describe('enhancementToStep — custom enhancements', () => {
+  const customEnh = {
+    key: 'security',
+    name: 'Security Review',
+    maxTokens: 1024,
+    mode: 'auto',
+    format: 'json',
+    contextKey: 'securityScore',
+    order: 55,
+    requires: ['scopeAnalysis'],
+    isStructural: false,
+    prompt: 'You are a security reviewer.\nReturn JSON.',
+    source: 'user',
+  }
+
+  test('converts custom to step with correct fields', () => {
+    const step = enhancementToStep(customEnh)
+    assert.equal(step.name, 'security')
+    assert.equal(step.displayName, 'Security Review')
+    assert.equal(step.maxTokens, 1024)
+  })
+
+  test('custom shouldRun checks requires array', () => {
+    const step = enhancementToStep(customEnh)
+    // Should not run when scopeAnalysis is missing
+    assert.equal(step.shouldRun(baseCtx({ scopeAnalysis: null })), false)
+    // Should run when scopeAnalysis is present
+    assert.equal(step.shouldRun(baseCtx({ scopeAnalysis: { files: [] } })), true)
+  })
+
+  test('custom shouldRun returns true when no requires', () => {
+    const noReqs = { ...customEnh, requires: [] }
+    const step = enhancementToStep(noReqs)
+    assert.equal(step.shouldRun(baseCtx()), true)
+  })
+
+  test('custom buildMessages uses prompt and context', () => {
+    const step = enhancementToStep(customEnh)
+    const msgs = step.buildMessages(baseCtx())
+    assert.equal(msgs[0].role, 'system')
+    assert.ok(msgs[0].content.includes('You are a security reviewer.'))
+    assert.equal(msgs[1].role, 'user')
+    assert.ok(msgs[1].content.includes('Fix auth bug'))
+  })
+
+  test('custom JSON parseResponse stores at contextKey', () => {
+    const step = enhancementToStep(customEnh)
+    const ctx = baseCtx()
+    step.parseResponse(JSON.stringify({ score: 8, rationale: 'risky' }), ctx)
+    assert.deepEqual(ctx.securityScore, { score: 8, rationale: 'risky' })
+  })
+
+  test('custom JSON parseResponse handles malformed JSON', () => {
+    const step = enhancementToStep(customEnh)
+    const ctx = baseCtx()
+    step.parseResponse('not json', ctx)
+    assert.equal(ctx.securityScore, null)
+  })
+
+  test('custom markdown parseResponse stores raw text', () => {
+    const mdEnh = { ...customEnh, format: 'markdown', contextKey: 'review' }
+    const step = enhancementToStep(mdEnh)
+    const ctx = baseCtx()
+    step.parseResponse('## Review\n\nLooks good.', ctx)
+    assert.equal(ctx.review, '## Review\n\nLooks good.')
+  })
+
+  test('custom markdown parseResponse strips code fences', () => {
+    const mdEnh = { ...customEnh, format: 'markdown', contextKey: 'review' }
+    const step = enhancementToStep(mdEnh)
+    const ctx = baseCtx()
+    step.parseResponse('```markdown\n## Review\n\nContent here.\n```', ctx)
+    assert.equal(ctx.review, '## Review\n\nContent here.')
+  })
+})