whitesmith 0.0.1 → 0.0.2

package/dist/install-ci.js

@@ -0,0 +1,760 @@
+import { select, input, confirm, password } from '@inquirer/prompts';
+import { execSync } from 'node:child_process';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+// ─── GitHub helpers ──────────────────────────────────────────────────────────
+function detectRepo(workDir) {
+    try {
+        const url = execSync('gh repo view --json nameWithOwner -q .nameWithOwner', {
+            cwd: workDir,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        })
+            .toString()
+            .trim();
+        return url || undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function ghIsAvailable() {
+    try {
+        execSync('gh auth status', { stdio: ['pipe', 'pipe', 'pipe'] });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function setGitHubSecret(repo, name, value) {
+    execSync(`gh secret set ${name} --repo "${repo}"`, {
+        input: value,
+        stdio: ['pipe', 'pipe', 'pipe'],
+    });
+}
+// ─── Interactive Setup ───────────────────────────────────────────────────────
+async function promptProviders() {
+    const providers = [];
+    let addMore = true;
+    while (addMore) {
+        const providerType = await select({
+            message: providers.length === 0 ? 'Add a provider:' : 'Add another provider:',
+            choices: [
+                { name: 'Anthropic (built-in provider, needs API key)', value: 'anthropic' },
+                { name: 'OpenAI (built-in provider, needs API key)', value: 'openai' },
+                { name: 'Custom provider', value: 'custom' },
+            ],
+        });
+        if (providerType === 'anthropic' || providerType === 'openai') {
+            const provider = await promptBuiltinProvider(providerType);
+            providers.push(provider);
+        }
+        else {
+            const provider = await promptCustomProvider();
+            providers.push(provider);
+        }
+        addMore = await confirm({ message: 'Add another provider?', default: false });
+    }
+    return providers;
+}
+async function promptBuiltinProvider(type) {
+    const defaultEnvVar = type === 'anthropic' ? 'ANTHROPIC_API_KEY' : 'OPENAI_API_KEY';
+    const defaultModel = type === 'anthropic' ? 'claude-sonnet-4-20250514' : 'gpt-4o';
+    const apiKeyEnvVar = await input({
+        message: 'GitHub secret name for the API key:',
+        default: defaultEnvVar,
+    });
+    const customUrl = await input({
+        message: 'Custom base URL (leave empty for default):',
+    });
+    // Collect models
+    const models = [];
+    let addModel = true;
+    while (addModel) {
+        const modelId = await input({
+            message: models.length === 0 ? 'Model ID:' : 'Another model ID:',
+            default: models.length === 0 ? defaultModel : undefined,
+        });
+        models.push({ id: modelId });
+        addModel = await confirm({ message: 'Add another model?', default: false });
+    }
+    return {
+        name: type,
+        baseUrl: customUrl || undefined,
+        apiKeyEnvVar,
+        models,
+        builtin: true,
+    };
+}
+async function promptCustomProvider() {
+    const name = await input({ message: 'Provider name:' });
+    const baseUrl = await input({ message: 'Base URL:' });
+    const api = await select({
+        message: 'API type:',
+        choices: [
+            { name: 'Anthropic Messages API', value: 'anthropic-messages' },
+            { name: 'OpenAI Completions API', value: 'openai-completions' },
+        ],
+    });
+    const apiKeyEnvVar = await input({
+        message: 'GitHub secret name for the API key:',
+    });
+    const needsCompat = api === 'openai-completions';
+    let compat;
+    if (needsCompat) {
+        const supportsDeveloperRole = await confirm({
+            message: 'Does this provider support the developer role?',
+            default: true,
+        });
+        const supportsReasoningEffort = await confirm({
+            message: 'Does this provider support reasoning effort?',
+            default: true,
+        });
+        if (!supportsDeveloperRole || !supportsReasoningEffort) {
+            compat = { supportsDeveloperRole, supportsReasoningEffort };
+        }
+    }
+    const models = [];
+    let addModel = true;
+    while (addModel) {
+        const modelId = await input({
+            message: models.length === 0 ? 'Model ID:' : 'Another model ID:',
+        });
+        models.push({ id: modelId });
+        addModel = await confirm({ message: 'Add another model?', default: false });
+    }
+    return {
+        name,
+        baseUrl,
+        api,
+        apiKeyEnvVar,
+        models,
+        builtin: false,
+        compat,
+    };
+}
+async function promptDefaults(providers) {
+    let provider;
+    let model;
+    if (providers.length === 1) {
+        provider = providers[0].name;
+    }
+    else {
+        provider = await select({
+            message: 'Default provider:',
+            choices: providers.map((p) => ({ name: p.name, value: p.name })),
+        });
+    }
+    const selected = providers.find((p) => p.name === provider);
+    if (selected.models.length === 1) {
+        model = selected.models[0].id;
+    }
+    else {
+        model = await select({
+            message: 'Default model:',
+            choices: selected.models.map((m) => ({ name: m.id, value: m.id })),
+        });
+    }
+    return { provider, model };
+}
+/**
+ * Prompt for API key values and set them as GitHub secrets via `gh`.
+ * Returns the list of secrets that were set.
+ */
+async function promptAndSetSecrets(repo, providers) {
+    const setSecrets = [];
+    const seen = new Set();
+    for (const p of providers) {
+        if (seen.has(p.apiKeyEnvVar))
+            continue;
+        seen.add(p.apiKeyEnvVar);
+        const apiKey = await password({
+            message: `Enter API key for ${p.name} (secret: ${p.apiKeyEnvVar}):`,
+        });
+        if (!apiKey) {
+            console.log(`  ⚠ Skipped ${p.apiKeyEnvVar} (empty)`);
+            continue;
+        }
+        try {
+            setGitHubSecret(repo, p.apiKeyEnvVar, apiKey);
+            console.log(`  ✅ Secret ${p.apiKeyEnvVar} set on ${repo}`);
+            setSecrets.push(p.apiKeyEnvVar);
+        }
+        catch (error) {
+            const msg = error.stderr?.toString() || error.message || 'unknown error';
+            console.error(`  ❌ Failed to set ${p.apiKeyEnvVar}: ${msg}`);
+        }
+    }
+    return setSecrets;
+}
+// ─── models.json generation ──────────────────────────────────────────────────
+function buildModelsJson(providers) {
+    const providersObj = {};
+    for (const p of providers) {
+        if (p.builtin) {
+            // Built-in providers: apiKey references the env var name (pi resolves it at runtime)
+            const entry = { apiKey: p.apiKeyEnvVar };
+            if (p.baseUrl)
+                entry.baseUrl = p.baseUrl;
+            providersObj[p.name] = entry;
+        }
+        else {
+            const entry = {
+                baseUrl: p.baseUrl,
+                api: p.api,
+                apiKey: p.apiKeyEnvVar,
+                models: p.models,
+            };
+            if (p.compat)
+                entry.compat = p.compat;
+            providersObj[p.name] = entry;
+        }
+    }
+    return { providers: providersObj };
+}
+// ─── Workflow Templates ──────────────────────────────────────────────────────
+function indent(text, spaces) {
+    const pad = ' '.repeat(spaces);
+    return text
+        .split('\n')
+        .map((line) => (line.trim() === '' ? '' : pad + line))
+        .join('\n');
+}
+function generateModelsJsonStep(config) {
+    const modelsJson = buildModelsJson(config.providers);
+    const modelsJsonStr = JSON.stringify(modelsJson, null, 2);
+    return `\
+      - name: Configure pi models
+        run: |
+          mkdir -p ~/.pi/agent
+          cat > ~/.pi/agent/models.json << 'MODELS_EOF'
+${indent(modelsJsonStr, 10)}
+          MODELS_EOF`;
+}
+function generateAuthJsonSteps() {
+    return `\
+      - name: Configure pi auth
+        env:
+          PI_AUTH_JSON: \${{ secrets.PI_AUTH_JSON }}
+        run: |
+          if [ -z "$PI_AUTH_JSON" ]; then
+            echo "ERROR: PI_AUTH_JSON secret is not configured."
+            echo "Set it to the contents of ~/.pi/agent/auth.json"
+            exit 1
+          fi
+          mkdir -p ~/.pi/agent
+          echo "$PI_AUTH_JSON" > ~/.pi/agent/auth.json
+          chmod 600 ~/.pi/agent/auth.json
+
+      # Workaround for https://github.com/badlogic/pi-mono/issues/2743
+      - name: Refresh OAuth token
+        env:
+          GH_PAT: \${{ secrets.GH_PAT }}
+        run: node .github/scripts/refresh-oauth-token.mjs`;
+}
+function generateAuthSteps(config) {
+    if (config.authMode === 'auth-json') {
+        return generateAuthJsonSteps();
+    }
+    return generateModelsJsonStep(config);
+}
+function generateRunEnvBlock(config) {
+    const envs = {
+        GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}',
+    };
+    if (config.authMode === 'models-json') {
+        for (const p of config.providers) {
+            envs[p.apiKeyEnvVar] = `\${{ secrets.${p.apiKeyEnvVar} }}`;
+        }
+    }
+    return Object.entries(envs)
+        .map(([k, v]) => `          ${k}: ${v}`)
+        .join('\n');
+}
+function generateMainWorkflow(config) {
+    const authSteps = generateAuthSteps(config);
+    const envBlock = generateRunEnvBlock(config);
+    return `\
+# NOTE: This workflow requires the repo setting:
+#   Settings → Actions → General → "Allow GitHub Actions to create and approve pull requests"
+# Without this, PR creation will fail with a permissions error.
+name: whitesmith
+
+on:
+  schedule:
+    - cron: '*/15 * * * *'
+  workflow_dispatch:
+    inputs:
+      max_iterations:
+        description: 'Maximum iterations'
+        default: '3'
+        type: string
+      provider:
+        description: 'AI provider (e.g. ${config.defaultProvider})'
+        required: false
+        type: string
+      model:
+        description: 'AI model ID (e.g. ${config.defaultModel})'
+        required: false
+        type: string
+
+concurrency:
+  group: whitesmith-loop
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: \${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Configure git
+        run: |
+          git config user.name "whitesmith[bot]"
+          git config user.email "whitesmith[bot]@users.noreply.github.com"
+
+      - name: Get npm global prefix
+        id: npm-prefix
+        run: echo "dir=$(npm prefix -g)" >> "$GITHUB_OUTPUT"
+
+      - name: Cache global npm packages
+        id: npm-cache
+        uses: actions/cache@v4
+        with:
+          path: \${{ steps.npm-prefix.outputs.dir }}
+          key: npm-global-\${{ runner.os }}-pi-v1
+
+      - name: Install whitesmith and pi
+        if: steps.npm-cache.outputs.cache-hit != 'true'
+        run: |
+          npm install -g whitesmith
+          npm install -g @mariozechner/pi-coding-agent
+
+${authSteps}
+
+      - name: Run whitesmith
+        env:
+${envBlock}
+        run: |
+          PROVIDER="\${{ inputs.provider || '${config.defaultProvider}' }}"
+          MODEL="\${{ inputs.model || '${config.defaultModel}' }}"
+          whitesmith run . \\
+            --agent-cmd "pi" \\
+            --provider "$PROVIDER" \\
+            --model "$MODEL" \\
+            --max-iterations \${{ inputs.max_iterations || '3' }}
+`;
+}
+function generateCommentWorkflow(config) {
+    const authSteps = generateAuthSteps(config);
+    const envBlock = generateRunEnvBlock(config);
+    return `\
+# NOTE: This workflow requires the repo setting:
+#   Settings → Actions → General → "Allow GitHub Actions to create and approve pull requests"
+name: whitesmith-comment
+
+on:
+  issue_comment:
+    types: [created]
+
+concurrency:
+  group: whitesmith-comment-\${{ github.event.issue.number }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    outputs:
+      should_run: \${{ steps.check.outputs.should_run }}
+    steps:
+      - name: Check if should run
+        id: check
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+          COMMENT_BODY: \${{ github.event.comment.body }}
+        run: |
+          # Always run if comment contains /whitesmith
+          if echo "$COMMENT_BODY" | grep -q '/whitesmith'; then
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+            echo "Triggered by /whitesmith keyword"
+            exit 0
+          fi
+
+          # For PR comments, auto-trigger if the PR is on a whitesmith branch
+          if [ -n "\${{ github.event.issue.pull_request.url }}" ]; then
+            BRANCH=$(gh pr view \${{ github.event.issue.number }} \\
+              --repo \${{ github.repository }} \\
+              --json headRefName -q .headRefName)
+            echo "PR branch: $BRANCH"
+            if echo "$BRANCH" | grep -qE '^(investigate|task)/'; then
+              echo "should_run=true" >> "$GITHUB_OUTPUT"
+              echo "Triggered by comment on whitesmith PR branch"
+              exit 0
+            fi
+          fi
+
+          echo "should_run=false" >> "$GITHUB_OUTPUT"
+          echo "Skipping: not a /whitesmith command and not a whitesmith PR"
+
+  run:
+    needs: check
+    runs-on: ubuntu-latest
+    if: needs.check.outputs.should_run == 'true'
+    steps:
+      - name: React with eyes to acknowledge
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh api repos/\${{ github.repository }}/issues/comments/\${{ github.event.comment.id }}/reactions \\
+            -f content=eyes
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: \${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Configure git
+        run: |
+          git config user.name "whitesmith[bot]"
+          git config user.email "whitesmith[bot]@users.noreply.github.com"
+
+      - name: Get npm global prefix
+        id: npm-prefix
+        run: echo "dir=$(npm prefix -g)" >> "$GITHUB_OUTPUT"
+
+      - name: Cache global npm packages
+        id: npm-cache
+        uses: actions/cache@v4
+        with:
+          path: \${{ steps.npm-prefix.outputs.dir }}
+          key: npm-global-\${{ runner.os }}-pi-v1
+
+      - name: Install whitesmith and pi
+        if: steps.npm-cache.outputs.cache-hit != 'true'
+        run: |
+          npm install -g whitesmith
+          npm install -g @mariozechner/pi-coding-agent
+
+${authSteps}
+
+      - name: Save comment body to file
+        env:
+          COMMENT_BODY: \${{ github.event.comment.body }}
+        run: |
+          printf '%s' "$COMMENT_BODY" > .whitesmith-comment-body.txt
+
+      - name: Run whitesmith comment
+        env:
+${envBlock}
+        run: |
+          whitesmith comment . \\
+            --number "\${{ github.event.issue.number }}" \\
+            --body-file .whitesmith-comment-body.txt \\
+            --provider "${config.defaultProvider}" \\
+            --model "${config.defaultModel}" \\
+            --post
+
+      - name: React with checkmark on success
+        if: success()
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh api repos/\${{ github.repository }}/issues/comments/\${{ github.event.comment.id }}/reactions \\
+            -f content="+1"
+
+      - name: React with X and comment on failure
+        if: failure()
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh api repos/\${{ github.repository }}/issues/comments/\${{ github.event.comment.id }}/reactions \\
+            -f content="-1"
+          gh issue comment \${{ github.event.issue.number }} \\
+            --repo \${{ github.repository }} \\
+            --body "❌ Agent run failed for [this comment](\${{ github.event.comment.html_url }}). Check the [workflow run](\${{ github.server_url }}/\${{ github.repository }}/actions/runs/\${{ github.run_id }}) for details."
+`;
+}
+function generateReconcileWorkflow() {
+    return `\
+name: whitesmith-reconcile
+
+on:
+  pull_request:
+    types: [closed]
+    branches: [main]
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: read
+
+jobs:
+  reconcile:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Get npm global prefix
+        id: npm-prefix
+        run: echo "dir=$(npm prefix -g)" >> "$GITHUB_OUTPUT"
+
+      - name: Cache global npm packages
+        id: npm-cache
+        uses: actions/cache@v4
+        with:
+          path: \${{ steps.npm-prefix.outputs.dir }}
+          key: npm-global-\${{ runner.os }}-whitesmith-v1
+
+      - name: Install whitesmith
+        if: steps.npm-cache.outputs.cache-hit != 'true'
+        run: npm install -g whitesmith
+
+      - name: Reconcile
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: whitesmith reconcile .
+`;
+}
+// ─── Refresh OAuth Script (auth-json mode only) ─────────────────────────────
+const REFRESH_OAUTH_SCRIPT = `\
+#!/usr/bin/env node
+/**
+ * Refresh OAuth tokens in pi's auth.json before pi runs.
+ *
+ * Workaround for https://github.com/badlogic/pi-mono/issues/2743
+ * pi-ai sends JSON to Anthropic's OAuth token endpoint, which now requires
+ * application/x-www-form-urlencoded. We refresh the token ourselves.
+ *
+ * After refreshing, updates the PI_AUTH_JSON GitHub secret so the next run
+ * has the latest rotated refresh token (requires GH_PAT with repo scope).
+ *
+ * Remove this script once the upstream fix is released.
+ */
+import { readFileSync, writeFileSync, chmodSync } from "fs";
+import { join } from "path";
+import { execSync } from "child_process";
+
+const ANTHROPIC_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+const ANTHROPIC_TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+
+const authPath = join(process.env.HOME, ".pi", "agent", "auth.json");
+const auth = JSON.parse(readFileSync(authPath, "utf-8"));
+const cred = auth.anthropic;
+
+if (!cred || cred.type !== "oauth") {
+  console.log("No OAuth credentials for anthropic, skipping refresh");
+  process.exit(0);
+}
+
+if (Date.now() < cred.expires) {
+  console.log("Token still valid until", new Date(cred.expires).toISOString());
+  process.exit(0);
+}
+
+console.log(
+  "Token expired at",
+  new Date(cred.expires).toISOString(),
+  "- refreshing..."
+);
+
+const response = await fetch(ANTHROPIC_TOKEN_URL, {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/x-www-form-urlencoded",
+    Accept: "application/json",
+  },
+  body: new URLSearchParams({
+    grant_type: "refresh_token",
+    client_id: ANTHROPIC_CLIENT_ID,
+    refresh_token: cred.refresh,
+  }).toString(),
+  signal: AbortSignal.timeout(30_000),
+});
+
+const data = await response.json();
+
+if (!response.ok) {
+  console.error("Refresh failed:", response.status, JSON.stringify(data));
+  process.exit(1);
+}
+
+auth.anthropic = {
+  type: "oauth",
+  refresh: data.refresh_token,
+  access: data.access_token,
+  expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
+};
+
+writeFileSync(authPath, JSON.stringify(auth, null, 2));
+chmodSync(authPath, 0o600);
+console.log(
+  "Token refreshed, new expiry:",
+  new Date(auth.anthropic.expires).toISOString()
+);
+
+// Update the GitHub secret so the next run has the latest refresh token
+const repo = process.env.GITHUB_REPOSITORY;
+const token = process.env.GH_PAT;
+if (repo && token) {
+  try {
+    execSync(\`gh secret set PI_AUTH_JSON --repo "\${repo}"\`, {
+      input: JSON.stringify(auth),
+      env: { ...process.env, GH_TOKEN: token },
+      stdio: ["pipe", "pipe", "pipe"],
+    });
+    console.log("PI_AUTH_JSON secret updated");
+  } catch (err) {
+    console.warn("Failed to update secret (non-fatal):", err.stderr?.toString() || err.message);
+  }
+} else {
+  console.log("Skipping secret update (no GH_PAT or GITHUB_REPOSITORY)");
+}
+`;
+export async function installCI(workDir, options) {
+    const { authMode } = options;
+    console.log('=== whitesmith install-ci ===\n');
+    console.log(`Auth mode: ${authMode}\n`);
+    // Detect repo for setting secrets
+    let repo = options.repo || detectRepo(workDir);
+    const hasGh = ghIsAvailable();
+    if (!repo && authMode === 'models-json' && hasGh) {
+        repo = await input({
+            message: 'GitHub repository (owner/repo) — needed to set secrets:',
+        });
+    }
+    let providers = [];
+    let defaultProvider;
+    let defaultModel;
+    if (authMode === 'models-json') {
+        // Configure providers interactively
+        providers = await promptProviders();
+        // Pick defaults
+        const defaults = await promptDefaults(providers);
+        defaultProvider = defaults.provider;
+        defaultModel = defaults.model;
+    }
+    else {
+        // auth.json mode — still need provider/model for whitesmith commands
+        defaultProvider = await input({
+            message: 'Default AI provider:',
+            default: 'anthropic',
+        });
+        defaultModel = await input({
+            message: 'Default AI model:',
+            default: 'claude-sonnet-4-20250514',
+        });
+    }
+    const config = {
+        authMode,
+        providers,
+        defaultProvider,
+        defaultModel,
+    };
+    // ── Set GitHub secrets via gh CLI ─────────────────────────────────────
+    if (authMode === 'models-json' && repo) {
+        if (!hasGh) {
+            console.log('\n⚠ GitHub CLI (gh) is not available or not authenticated.');
+            console.log('  You will need to set the following secrets manually.\n');
+        }
+        else {
+            console.log('\n🔑 Setting API key secrets on GitHub...\n');
+            const setSecrets = await promptAndSetSecrets(repo, providers);
+            const allEnvVars = [...new Set(providers.map((p) => p.apiKeyEnvVar))];
+            const missing = allEnvVars.filter((v) => !setSecrets.includes(v));
+            if (missing.length > 0) {
+                console.log(`\n⚠ The following secrets were not set and must be added manually:`);
+                for (const m of missing) {
+                    console.log(`   - ${m}`);
+                }
+            }
+        }
+    }
+    // ── Generate and write workflow files ─────────────────────────────────
+    const githubDir = path.join(workDir, '.github');
+    const workflowsDir = path.join(githubDir, 'workflows');
+    fs.mkdirSync(workflowsDir, { recursive: true });
+    const files = [
+        {
+            path: path.join(workflowsDir, 'whitesmith.yml'),
+            content: generateMainWorkflow(config),
+        },
+        {
+            path: path.join(workflowsDir, 'whitesmith-comment.yml'),
+            content: generateCommentWorkflow(config),
+        },
+        {
+            path: path.join(workflowsDir, 'whitesmith-reconcile.yml'),
+            content: generateReconcileWorkflow(),
+        },
+    ];
+    if (authMode === 'auth-json') {
+        const scriptsDir = path.join(githubDir, 'scripts');
+        fs.mkdirSync(scriptsDir, { recursive: true });
+        files.push({
+            path: path.join(scriptsDir, 'refresh-oauth-token.mjs'),
+            content: REFRESH_OAUTH_SCRIPT,
+        });
+    }
+    for (const file of files) {
+        fs.writeFileSync(file.path, file.content, 'utf-8');
+    }
+    // ── Summary ──────────────────────────────────────────────────────────
+    console.log('\n✅ GitHub Actions workflows installed!\n');
+    console.log('Files created:');
+    for (const file of files) {
+        console.log(`  ${path.relative(workDir, file.path)}`);
+    }
+    console.log('\n📋 Required setup:\n');
+    console.log('1. Enable in repo settings:');
+    console.log('   Settings → Actions → General → "Allow GitHub Actions to create and approve pull requests"\n');
+    if (authMode === 'auth-json') {
+        console.log('2. Add GitHub secrets:');
+        console.log('   - PI_AUTH_JSON: contents of ~/.pi/agent/auth.json');
+        console.log('   - GH_PAT: GitHub personal access token with repo scope (for OAuth token refresh)\n');
+    }
+    else if (!hasGh || !repo) {
+        console.log('2. Add GitHub secrets for your API keys:');
+        const seen = new Set();
+        for (const p of providers) {
+            if (!seen.has(p.apiKeyEnvVar)) {
+                console.log(`   - ${p.apiKeyEnvVar}: API key for ${p.name}`);
+                seen.add(p.apiKeyEnvVar);
+            }
+        }
+        console.log('');
+    }
+    console.log(`Default provider: ${defaultProvider}`);
+    console.log(`Default model: ${defaultModel}`);
+    console.log('');
+    console.log('You can customize these by editing the generated workflow files.');
+}
+//# sourceMappingURL=install-ci.js.map