typeclaw 0.26.0 → 0.28.0

package/src/channels/adapters/github/review-thread-resolver.ts

@@ -9,7 +9,7 @@ const GRAPHQL_ENDPOINT = `${GITHUB_API_BASE}/graphql`
 // carry more, so the resolver paginates until it matches the root comment id
 // or exhausts the pages — stopping early on a 404-equivalent (thread absent)
 // rather than fabricating a node id.
-const THREADS_QUERY = `query($owner:String!,$name:String!,$number:Int!,$after:String){repository(owner:$owner,name:$name){pullRequest(number:$number){reviewThreads(first:100,after:$after){pageInfo{hasNextPage endCursor}nodes{id isResolved comments(first:1){nodes{databaseId author{login}}}}}}}}`
+const THREADS_QUERY = `query($owner:String!,$name:String!,$number:Int!,$after:String){repository(owner:$owner,name:$name){pullRequest(number:$number){reviewThreads(first:100,after:$after){pageInfo{hasNextPage endCursor}nodes{id isResolved comments(first:1){nodes{databaseId author{__typename login}}}}}}}}`
 
 const RESOLVE_MUTATION = `mutation($threadId:ID!){resolveReviewThread(input:{threadId:$threadId}){thread{id isResolved}}}`
 
@@ -18,6 +18,7 @@ type ReviewThreadNode = {
   isResolved: boolean
   rootCommentId: number | null
   rootAuthorLogin: string | null
+  rootAuthorIsBot: boolean
 }
 
 type ThreadLookup =
@@ -66,7 +67,7 @@ export function createGithubReviewThreadResolver(deps: {
     const thread = lookup.thread
     // The load-bearing guard: only the bot may resolve the bot's own thread.
     // Resolving a human reviewer's thread would erase their open question.
-    if (thread.rootAuthorLogin !== selfLogin) {
+    if (!isSelfAuthor(thread, selfLogin)) {
       return {
         ok: false,
         error: `refusing to resolve thread authored by @${thread.rootAuthorLogin ?? 'unknown'} (not @${selfLogin})`,
@@ -79,6 +80,29 @@ export function createGithubReviewThreadResolver(deps: {
   }
 }
 
+// A GitHub App's own login differs across the two APIs this guard straddles:
+// REST `getSelf` returns `slug[bot]` (selfLogin) but GraphQL's `Bot` author node
+// returns the bare `slug` (rootAuthorLogin). Strict `===` thus refused the App's
+// OWN thread (production: "refusing to resolve thread authored by @typeey (not
+// @typeey[bot])"). The bare-slug match is gated on the GraphQL author actually
+// being a `Bot`: a human `User` can legitimately own the bare slug as a login
+// (e.g. the user `typeey` exists alongside the App `typeey[bot]`), so a User
+// author must still match `selfLogin` exactly — otherwise the suffix-strip would
+// let the bot close a human reviewer's thread, defeating the guard above.
+const BOT_LOGIN_SUFFIX = '[bot]'
+
+function isSelfAuthor(thread: ReviewThreadNode, selfLogin: string): boolean {
+  if (thread.rootAuthorLogin === null) return false
+  if (thread.rootAuthorIsBot) {
+    return normalizeBotLogin(thread.rootAuthorLogin) === normalizeBotLogin(selfLogin)
+  }
+  return thread.rootAuthorLogin === selfLogin
+}
+
+function normalizeBotLogin(login: string): string {
+  return login.endsWith(BOT_LOGIN_SUFFIX) ? login.slice(0, -BOT_LOGIN_SUFFIX.length) : login
+}
+
 type ResolveTarget = { owner: string; repo: string; prNumber: number; rootCommentId: number }
 
 function parseTarget(req: ReviewThreadResolveRequest): ResolveTarget | null {
@@ -104,6 +128,69 @@ function parseDecimalId(value: string | undefined): number | null {
 }
 
 async function findThread(fetchImpl: typeof fetch, token: string, target: ResolveTarget): Promise<ThreadLookup> {
+  let lookup: ThreadLookup = { kind: 'absent' }
+  const outcome = await walkThreadPages(
+    fetchImpl,
+    token,
+    { owner: target.owner, repo: target.repo, prNumber: target.prNumber },
+    (nodes) => {
+      for (const node of nodes) {
+        if (node.rootCommentId === target.rootCommentId) {
+          lookup = { kind: 'found', thread: node }
+          return 'stop'
+        }
+      }
+      return 'continue'
+    },
+  )
+  if (outcome.kind === 'error') return { kind: 'error', result: outcome.result }
+  return lookup
+}
+
+export type UnresolvedSelfReviewThread = { threadId: string; rootCommentId: number }
+
+export type ListUnresolvedSelfReviewThreadsResult =
+  | { ok: true; threads: UnresolvedSelfReviewThread[] }
+  | { ok: false; error: string }
+
+// Reuses the same page-walk and authorship guard (`isSelfAuthor`) as the
+// single-thread resolver so the post-push "did my comments get addressed?"
+// sweep can never surface a human reviewer's thread as a resolve candidate.
+export async function listUnresolvedSelfReviewThreads(deps: {
+  token: string
+  selfLogin: string
+  owner: string
+  repo: string
+  prNumber: number
+  fetchImpl?: typeof fetch
+}): Promise<ListUnresolvedSelfReviewThreadsResult> {
+  const fetchImpl = deps.fetchImpl ?? fetch
+  const threads: UnresolvedSelfReviewThread[] = []
+  const outcome = await walkThreadPages(
+    fetchImpl,
+    deps.token,
+    { owner: deps.owner, repo: deps.repo, prNumber: deps.prNumber },
+    (nodes) => {
+      for (const node of nodes) {
+        if (node.isResolved || node.rootCommentId === null) continue
+        if (!isSelfAuthor(node, deps.selfLogin)) continue
+        threads.push({ threadId: node.id, rootCommentId: node.rootCommentId })
+      }
+      return 'continue'
+    },
+  )
+  if (outcome.kind === 'error') return { ok: false, error: outcome.result.error }
+  return { ok: true, threads }
+}
+
+type WalkOutcome = { kind: 'done' } | { kind: 'error'; result: ReviewThreadResolveResult & { ok: false } }
+
+async function walkThreadPages(
+  fetchImpl: typeof fetch,
+  token: string,
+  target: { owner: string; repo: string; prNumber: number },
+  onPage: (nodes: ReviewThreadNode[]) => 'stop' | 'continue',
+): Promise<WalkOutcome> {
   let after: string | null = null
   for (;;) {
     let response: Response
@@ -124,11 +211,8 @@ async function findThread(fetchImpl: typeof fetch, token: string, target: Resolv
     }
     const parsed = await parseThreadsPage(response)
     if (parsed.kind === 'error') return { kind: 'error', result: parsed.result }
-
-    for (const node of parsed.nodes) {
-      if (node.rootCommentId === target.rootCommentId) return { kind: 'found', thread: node }
-    }
-    if (!parsed.hasNextPage || parsed.endCursor === null) return { kind: 'absent' }
+    if (onPage(parsed.nodes) === 'stop') return { kind: 'done' }
+    if (!parsed.hasNextPage || parsed.endCursor === null) return { kind: 'done' }
     after = parsed.endCursor
   }
 }
@@ -175,6 +259,7 @@ async function parseThreadsPage(response: Response): Promise<ThreadsPage> {
       isResolved: n.isResolved,
       rootCommentId: root?.databaseId ?? null,
       rootAuthorLogin: root?.author?.login ?? null,
+      rootAuthorIsBot: root?.author?.__typename === 'Bot',
     }
   })
   return { kind: 'ok', nodes, hasNextPage: connection.pageInfo.hasNextPage, endCursor: connection.pageInfo.endCursor }
@@ -231,7 +316,7 @@ type GraphqlThreadsResponse = {
           nodes: Array<{
             id: string
             isResolved: boolean
-            comments: { nodes: Array<{ databaseId?: number; author?: { login?: string } }> }
+            comments: { nodes: Array<{ databaseId?: number; author?: { __typename?: string; login?: string } }> }
           }>
         }
       }

package/src/channels/github-false-receipt.ts

@@ -0,0 +1,87 @@
+import { classifyReviewClaim } from './github-review-claim'
+import { hasResolvedThread, hasReview } from './github-review-turn-ledger'
+
+// Decides whether a github PR reply is a false receipt: prose that CLAIMS a
+// formal verdict / thread close-out the agent never actually performed this turn.
+// Pure except for the ledger reads (module singletons); returns the action the
+// channel_reply tool should take. Block only the black-and-white cases; warn on
+// soft signals so casual chatter is never hard-denied.
+
+export type FalseReceiptDecision =
+  | { kind: 'allow' }
+  | { kind: 'block'; reason: string }
+  | { kind: 'warn'; notice: string }
+
+export type FalseReceiptInput = {
+  sessionId: string
+  adapter: string
+  workspace: string
+  chat: string
+  thread: string | null
+  text: string | undefined
+  isContinue: boolean
+  resolveReviewThread: boolean
+}
+
+export function checkFalseReceipt(input: FalseReceiptInput): FalseReceiptDecision {
+  if (input.adapter !== 'github') return { kind: 'allow' }
+  const prNumber = prNumberFromChat(input.chat)
+  if (prNumber === null) return { kind: 'allow' }
+
+  const claim = classifyReviewClaim(input.text ?? '')
+  if (claim === 'ignore') return { kind: 'allow' }
+  if (claim === 'warn') return { kind: 'warn', notice: SOFT_NOTICE }
+
+  // A turn the agent explicitly keeps alive (continue:true) is not yet a receipt
+  // — the real action may still be coming. Never block; nudge instead.
+  if (input.isContinue) return { kind: 'warn', notice: SOFT_NOTICE }
+
+  if (claim === 'block-resolve') {
+    if (input.thread === null) return { kind: 'allow' }
+    if (input.resolveReviewThread) return { kind: 'allow' }
+    if (
+      hasResolvedThread({
+        sessionId: input.sessionId,
+        workspace: input.workspace,
+        prNumber,
+        rootCommentId: input.thread,
+      })
+    ) {
+      return { kind: 'allow' }
+    }
+    return { kind: 'block', reason: RESOLVE_REASON }
+  }
+
+  const verdict = claim === 'block-approve' ? 'APPROVE' : 'REQUEST_CHANGES'
+  if (hasReview({ sessionId: input.sessionId, workspace: input.workspace, prNumber, verdict })) {
+    return { kind: 'allow' }
+  }
+  return { kind: 'block', reason: verdict === 'APPROVE' ? APPROVE_REASON : REQUEST_CHANGES_REASON }
+}
+
+function prNumberFromChat(chat: string): number | null {
+  const m = /^pr:(\d+)$/.exec(chat)
+  if (m === null) return null
+  const n = Number(m[1])
+  return Number.isSafeInteger(n) && n > 0 ? n : null
+}
+
+const APPROVE_REASON =
+  'This reply reads as a formal approval, but no APPROVE review was submitted on this PR this turn. ' +
+  'A chat comment is not a GitHub review — submit the formal review via `gh api -X POST /repos/<owner>/<repo>/pulls/<N>/reviews` ' +
+  '(event: APPROVE) first, then narrate if needed. If you are not actually approving, reword the reply.'
+
+const REQUEST_CHANGES_REASON =
+  'This reply reads as a formal "request changes", but no REQUEST_CHANGES review was submitted on this PR this turn. ' +
+  'Submit the formal review via `gh api -X POST /repos/<owner>/<repo>/pulls/<N>/reviews` (event: REQUEST_CHANGES) first. ' +
+  'If you are not actually requesting changes, reword the reply.'
+
+const RESOLVE_REASON =
+  'This reply reads as closing out a review thread, but `resolve_review_thread: true` was not set and the thread ' +
+  'was not resolved this turn. Pass `resolve_review_thread: true` on this reply to actually resolve it, ' +
+  'or reword if the thread should stay open.'
+
+const SOFT_NOTICE =
+  'Note: a chat comment does not create a formal GitHub review or resolve a thread. ' +
+  'If you mean to approve / request changes, submit a formal review via `gh api`; ' +
+  'to close a thread you authored, set `resolve_review_thread: true`.'

package/src/channels/github-review-claim.ts

@@ -0,0 +1,91 @@
+// Deterministic phrase classifier for the false-receipt guard (channel-reply.ts):
+// how strongly does a github PR reply CLAIM a formal verdict/close-out it may not
+// have actually performed? The taxonomy errs toward WARN over BLOCK on purpose —
+// a false block breaks a legitimate reply; a missed soft-fake only loses a nudge.
+
+export type ReviewClaim = 'block-approve' | 'block-request-changes' | 'block-resolve' | 'warn' | 'ignore'
+
+// Word-boundary anchored so "approved" never fires inside "unapproved".
+const BLOCK_APPROVE: readonly RegExp[] = [
+  /\bapproved\b/,
+  /\bapproving\b/,
+  /\bi approve\b/,
+  /\bapproval (submitted|sent|posted)\b/,
+  /\bsubmitting (the )?approval\b/,
+  /\bformal approval\b/,
+  /\blgtm,? approved\b/,
+]
+
+const BLOCK_REQUEST_CHANGES: readonly RegExp[] = [
+  /\brequest(ing|ed)? changes\b/,
+  /\bchanges requested\b/,
+  /\bi request changes\b/,
+  /\bblocking (this|the|merge)\b/,
+  /\bthis is blocked\b/,
+]
+
+// Only consulted by the caller when thread!=null (a review thread). Bare
+// "resolved" is intentionally NOT here — it collides with the warn-tier "looks
+// resolved?"; resolve claims must carry a definite marker (marked/that/this/
+// thanks) or a verify clause.
+const BLOCK_RESOLVE: readonly RegExp[] = [
+  /\bmarked resolved\b/,
+  /\bthread resolved\b/,
+  /\bthat resolves it\b/,
+  /\bthis resolves it\b/,
+  /\bclosing this out\b/,
+  /\bconfirmed fixed\b/,
+  // verify clause + a fix/resolve verb, allowing a short gap ("verified at <sha>, that fixes it").
+  /\b(verified|confirmed)\b[^.!?]*\b(fix(es|ed)|resolv)/,
+  /\b(thanks,?|fixed,?) (looks )?resolved\b/,
+]
+
+// Casual phrasing that might be chatter, not a formal close-out: allow + nudge.
+const WARN: readonly RegExp[] = [
+  /\blgtm\b/,
+  /\blooks good\b/,
+  /\blooks fine\b/,
+  /\bseems fine\b/,
+  /\bshould be (fine|good)\b/,
+  /\bneeds changes\b/,
+  /\bstill needs work\b/,
+  /\blooks resolved\b/,
+  /\bseems resolved\b/,
+]
+
+// Negation / future-intent / past-reference markers DEMOTE a positive match to
+// ignore. Blocking "I haven't approved" / "I'll approve" / "approved it earlier"
+// (answering a question) is the worst false-positive class, so it is checked first.
+const DEMOTE_TO_IGNORE: readonly RegExp[] = [
+  /\b(haven'?t|have not|did ?n'?t|did not|not yet|never)\b[^.!?]*\b(approv|request|resolv|block)/,
+  /\b(can'?t|cannot|won'?t|will not|wouldn'?t)\b[^.!?]*\b(approv|request|resolv|block)/,
+  /\bnot (approved|resolved|blocked|requesting)\b/,
+  /\b(i'?ll|i will|going to|gonna|about to|planning to)\b[^.!?]*\b(approv|review|request|resolv)/,
+  /\b(approved|resolved|requested changes)\b[^.!?]*\b(earlier|already|yesterday|before|last (review|time)|previously)\b/,
+]
+
+export function classifyReviewClaim(rawText: string): ReviewClaim {
+  const text = normalize(rawText)
+  if (text === '') return 'ignore'
+
+  if (DEMOTE_TO_IGNORE.some((re) => re.test(text))) return 'ignore'
+
+  // Block-tier wins over warn-tier: an unambiguous "approved" in a casual message
+  // is still a formal claim.
+  if (BLOCK_APPROVE.some((re) => re.test(text))) return 'block-approve'
+  if (BLOCK_REQUEST_CHANGES.some((re) => re.test(text))) return 'block-request-changes'
+  if (BLOCK_RESOLVE.some((re) => re.test(text))) return 'block-resolve'
+  if (WARN.some((re) => re.test(text))) return 'warn'
+  return 'ignore'
+}
+
+// Strips markdown/emoji noise so "**Approved!**" and "approved" classify alike,
+// keeping apostrophes + sentence punctuation that the negation regexes rely on.
+function normalize(text: string): string {
+  return text
+    .toLowerCase()
+    .replace(/[*_`~#>]/g, ' ')
+    .replace(/[^\p{L}\p{N}\s'.!?]/gu, ' ')
+    .replace(/\s+/g, ' ')
+    .trim()
+}

package/src/channels/github-review-turn-ledger.ts

@@ -0,0 +1,71 @@
+// In-process record of REAL github review actions performed during the current
+// turn, shared across two plugin boundaries: github-cli-auth records a formal
+// review / thread-resolve here after the `gh` command SUCCEEDS, and channel-reply
+// consults it before sending a verdict/close-out reply. If the agent claims a
+// verdict in prose but this ledger shows no matching action this turn, the reply
+// is a false receipt (see channel-reply.ts). State is per-session and reset at
+// turn start, so a claim must be backed by an action in the SAME turn.
+
+export type ReviewVerdict = 'APPROVE' | 'REQUEST_CHANGES'
+
+type PrKey = string
+type ThreadKey = string
+
+const reviewsByPr = new Map<PrKey, Set<ReviewVerdict>>()
+const resolvedThreads = new Set<ThreadKey>()
+
+function prKey(sessionId: string, workspace: string, prNumber: number): PrKey {
+  return `${sessionId}::${workspace}::${prNumber}`
+}
+
+function threadKey(sessionId: string, workspace: string, prNumber: number, rootCommentId: string): ThreadKey {
+  return `${sessionId}::${workspace}::${prNumber}::${rootCommentId}`
+}
+
+export function resetReviewTurn(sessionId: string): void {
+  for (const key of reviewsByPr.keys()) {
+    if (key.startsWith(`${sessionId}::`)) reviewsByPr.delete(key)
+  }
+  for (const key of resolvedThreads) {
+    if (key.startsWith(`${sessionId}::`)) resolvedThreads.delete(key)
+  }
+}
+
+export function recordReview(args: {
+  sessionId: string
+  workspace: string
+  prNumber: number
+  verdict: ReviewVerdict
+}): void {
+  const key = prKey(args.sessionId, args.workspace, args.prNumber)
+  const set = reviewsByPr.get(key) ?? new Set<ReviewVerdict>()
+  set.add(args.verdict)
+  reviewsByPr.set(key, set)
+}
+
+export function hasReview(args: {
+  sessionId: string
+  workspace: string
+  prNumber: number
+  verdict: ReviewVerdict
+}): boolean {
+  return reviewsByPr.get(prKey(args.sessionId, args.workspace, args.prNumber))?.has(args.verdict) ?? false
+}
+
+export function recordResolvedThread(args: {
+  sessionId: string
+  workspace: string
+  prNumber: number
+  rootCommentId: string
+}): void {
+  resolvedThreads.add(threadKey(args.sessionId, args.workspace, args.prNumber, args.rootCommentId))
+}
+
+export function hasResolvedThread(args: {
+  sessionId: string
+  workspace: string
+  prNumber: number
+  rootCommentId: string
+}): boolean {
+  return resolvedThreads.has(threadKey(args.sessionId, args.workspace, args.prNumber, args.rootCommentId))
+}

package/src/channels/persistence.ts

@@ -1,4 +1,4 @@
-import { mkdir, readdir, readFile, writeFile } from 'node:fs/promises'
+import { mkdir, readFile, writeFile } from 'node:fs/promises'
 import { dirname, join } from 'node:path'
 
 import type { ChannelParticipant } from '@/agent/session-origin'
@@ -16,10 +16,8 @@ const FILE_VERSION = 4
 // UUID, which never matches on disk — every restart silently creates a
 // fresh session and the channel loses its transcript memory.
 //
-// `sessionFile` is optional because v2 records (pre-fix) only carried the
-// UUID. Those are migrated in-place at load time by globbing the sessions
-// directory for `*_${sessionId}.jsonl`; if no match is found the file is
-// considered lost and reopen will fall back to a fresh session.
+// `sessionFile` is optional because a session can exist in memory before a
+// transcript path is known; reopen falls back to a fresh session when absent.
 export type ChannelSessionRecord = {
   adapter: AdapterId
   workspace: string
@@ -36,16 +34,6 @@ type FileV4 = {
   sessions: ChannelSessionRecord[]
 }
 
-type FileV3 = {
-  version: 3
-  sessions: ChannelSessionRecord[]
-}
-
-type FileV2 = {
-  version: 2
-  sessions: Array<Omit<ChannelSessionRecord, 'sessionFile'>>
-}
-
 export type ChannelSessionsLogger = {
   info: (msg: string) => void
   warn: (msg: string) => void
@@ -62,10 +50,6 @@ export function channelsSessionsPath(agentDir: string): string {
   return join(agentDir, 'channels', 'sessions.json')
 }
 
-function sessionsDirOf(agentDir: string): string {
-  return join(agentDir, 'sessions')
-}
-
 export async function loadChannelSessions(
   agentDir: string,
   logger: ChannelSessionsLogger = consoleLogger,
@@ -94,21 +78,7 @@ export async function loadChannelSessions(
     if (!Array.isArray(file.sessions)) return []
     return file.sessions.filter(isValidRecord)
   }
-  if (version === 3) {
-    const file = parsed as FileV3
-    if (!Array.isArray(file.sessions)) return []
-    return migrateV3ToV4(file.sessions.filter(isValidRecord), logger)
-  }
-  if (version === 2) {
-    const file = parsed as FileV2
-    if (!Array.isArray(file.sessions)) return []
-    const v2Records = file.sessions.filter(isValidV2Record)
-    const v3Records = await migrateV2Records(agentDir, v2Records, logger)
-    return migrateV3ToV4(v3Records, logger)
-  }
-  logger.warn(
-    `[channels] ${path} version ${String(version)} not supported (expected 2, 3, or ${FILE_VERSION}); ignored`,
-  )
+  logger.warn(`[channels] ${path} version ${String(version)} not supported (expected ${FILE_VERSION}); ignored`)
   return []
 }
 
@@ -130,59 +100,6 @@ export async function saveChannelSessions(
   }
 }
 
-// One-shot migration from v2 (sessionId only) to v3 (sessionId + sessionFile).
-// pi-coding-agent writes session files as `${ISO_TIMESTAMP}_${UUID}.jsonl`,
-// so we look for any file ending in `_${sessionId}.jsonl`. If a directory
-// scan fails we leave sessionFile undefined; the next reopen attempt will
-// fall back to a fresh session (the same broken behavior v2 had — but at
-// least the next successful create will populate sessionFile correctly and
-// we'll be migrated forward.)
-async function migrateV2Records(
-  agentDir: string,
-  v2Records: readonly (Omit<ChannelSessionRecord, 'sessionFile' | 'sessionId'> & { sessionId: string })[],
-  logger: ChannelSessionsLogger,
-): Promise<ChannelSessionRecord[]> {
-  if (v2Records.length === 0) return []
-  const sessionsDir = sessionsDirOf(agentDir)
-  let entries: string[]
-  try {
-    entries = await readdir(sessionsDir)
-  } catch {
-    logger.warn(`[channels] could not scan ${sessionsDir} for v2→v3 migration; sessionFile left empty`)
-    return v2Records.map((r) => ({ ...r }))
-  }
-  // pi-coding-agent writes files as `${ISO_TIMESTAMP}_${UUID}.jsonl` where
-  // the ISO timestamp uses `-` (no `_`) and the UUID may contain `-`. Split
-  // on the FIRST underscore so the trailing portion is the full UUID even
-  // when the UUID contains hyphens.
-  const bySessionIdSuffix = new Map<string, string>()
-  for (const entry of entries) {
-    if (!entry.endsWith('.jsonl')) continue
-    const underscore = entry.indexOf('_')
-    if (underscore < 0) continue
-    const trailing = entry.slice(underscore + 1, -'.jsonl'.length)
-    bySessionIdSuffix.set(trailing, entry)
-  }
-  return v2Records.map((r) => {
-    const matched = bySessionIdSuffix.get(r.sessionId)
-    if (matched === undefined) {
-      logger.warn(
-        `[channels] v2→v3: no session file matching *_${r.sessionId}.jsonl in ${sessionsDir}; ` +
-          `sessionFile left empty (next inbound will create a fresh session for ${r.adapter}:${r.chat}:${r.thread ?? ''})`,
-      )
-      return { ...r }
-    }
-    return { ...r, sessionFile: matched }
-  })
-}
-
-function migrateV3ToV4(v3Records: ChannelSessionRecord[], logger: ChannelSessionsLogger): ChannelSessionRecord[] {
-  logger.info(
-    `[channels] v3→v4: ${v3Records.length} record(s) migrated; first post-upgrade inbound will force fresh session`,
-  )
-  return v3Records.map((r) => ({ ...r, lastInboundAt: 0 }))
-}
-
 function dedupe(sessions: readonly ChannelSessionRecord[]): ChannelSessionRecord[] {
   const seen = new Map<string, ChannelSessionRecord>()
   for (const s of sessions) {
@@ -208,21 +125,6 @@ function isObject(v: unknown): v is Record<string, unknown> {
   return typeof v === 'object' && v !== null && !Array.isArray(v)
 }
 
-function isValidV2Record(
-  v: unknown,
-): v is Omit<ChannelSessionRecord, 'sessionFile' | 'sessionId'> & { sessionId: string } {
-  if (!isObject(v)) return false
-  const r = v as Record<string, unknown>
-  return (
-    typeof r.adapter === 'string' &&
-    typeof r.workspace === 'string' &&
-    typeof r.chat === 'string' &&
-    (r.thread === null || typeof r.thread === 'string') &&
-    typeof r.sessionId === 'string' &&
-    Array.isArray(r.participants)
-  )
-}
-
 function isValidRecord(v: unknown): v is ChannelSessionRecord {
   if (!isObject(v)) return false
   const r = v as Record<string, unknown>