xforce 0.1.0

package/dist/index.js

@@ -0,0 +1,2599 @@
+// src/pipeline/orchestrator.ts
+import { nanoid } from "nanoid";
+import { rm } from "fs/promises";
+import ora from "ora";
+
+// src/core/logger.ts
+import pino from "pino";
+var isCI = !!(process.env.CI || process.env.GITHUB_ACTIONS);
+var logger = pino({
+  level: process.env.LOG_LEVEL ?? (isCI ? "info" : "debug"),
+  ...isCI ? {} : {
+    transport: {
+      target: "pino-pretty",
+      options: {
+        colorize: true,
+        translateTime: "HH:MM:ss",
+        ignore: "pid,hostname"
+      }
+    }
+  }
+});
+function createChildLogger(name) {
+  return logger.child({ component: name });
+}
+
+// src/core/config.ts
+import { readFileSync, existsSync } from "fs";
+import { resolve } from "path";
+import { parse as parseYaml } from "yaml";
+import { z } from "zod";
+
+// src/core/constants.ts
+var DEFAULT_CONFIG = {
+  model: "claude-sonnet-4-5-20250929",
+  reviewerModel: "claude-sonnet-4-5-20250929",
+  plannerModel: "claude-sonnet-4-5-20250929",
+  maxTurns: 25,
+  maxReviewCycles: 3,
+  maxTestRetries: 2,
+  timeoutMinutes: 30,
+  budgetPerTaskUsd: 5,
+  branchPrefix: "xforce",
+  labels: {
+    ready: "xforce:ready",
+    inProgress: "xforce:in-progress",
+    done: "xforce:done",
+    failed: "xforce:failed"
+  },
+  allowedTools: ["Read", "Write", "Edit", "Bash", "Glob", "Grep"],
+  enablePlanning: true,
+  enableSecurityScan: true
+};
+var CONFIG_FILE_NAMES = [
+  "xforce.config.yaml",
+  "xforce.config.yml",
+  ".xforce/config.yaml",
+  ".xforce/config.yml"
+];
+
+// src/core/errors.ts
+var XForceError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "XForceError";
+  }
+};
+var ConfigError = class extends XForceError {
+  constructor(message) {
+    super(message, "CONFIG_ERROR");
+    this.name = "ConfigError";
+  }
+};
+var IssueParseError = class extends XForceError {
+  constructor(message) {
+    super(message, "ISSUE_PARSE_ERROR");
+    this.name = "IssueParseError";
+  }
+};
+var CodingAgentError = class extends XForceError {
+  constructor(message, errors, costUsd) {
+    super(message, "CODING_AGENT_ERROR");
+    this.errors = errors;
+    this.costUsd = costUsd;
+    this.name = "CodingAgentError";
+  }
+};
+var ReviewerError = class extends XForceError {
+  constructor(message) {
+    super(message, "REVIEWER_ERROR");
+    this.name = "ReviewerError";
+  }
+};
+var PipelineError = class extends XForceError {
+  constructor(message) {
+    super(message, "PIPELINE_ERROR");
+    this.name = "PipelineError";
+  }
+};
+var TimeoutError = class extends XForceError {
+  constructor(message) {
+    super(message, "TIMEOUT_ERROR");
+    this.name = "TimeoutError";
+  }
+};
+function withTimeout(promise, timeoutMs, label = "Operation") {
+  return new Promise((resolve2, reject) => {
+    const timer = setTimeout(() => {
+      reject(new TimeoutError(`${label} timed out after ${Math.round(timeoutMs / 1e3)}s`));
+    }, timeoutMs);
+    promise.then((result) => {
+      clearTimeout(timer);
+      resolve2(result);
+    }).catch((error) => {
+      clearTimeout(timer);
+      reject(error);
+    });
+  });
+}
+var RetryableError = class extends Error {
+  constructor(message, retryAfterMs) {
+    super(message);
+    this.retryAfterMs = retryAfterMs;
+    this.name = "RetryableError";
+  }
+};
+async function withRetry(fn, options) {
+  let lastError;
+  for (let attempt = 0; attempt <= options.maxRetries; attempt++) {
+    try {
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      if (attempt === options.maxRetries) break;
+      const delay = error instanceof RetryableError && error.retryAfterMs ? error.retryAfterMs : Math.min(options.baseDelayMs * 2 ** attempt, options.maxDelayMs);
+      options.onRetry?.(lastError, attempt + 1);
+      await new Promise((resolve2) => setTimeout(resolve2, delay));
+    }
+  }
+  throw lastError;
+}
+
+// src/core/config.ts
+var LabelsSchema = z.object({
+  ready: z.string().default(DEFAULT_CONFIG.labels.ready),
+  inProgress: z.string().default(DEFAULT_CONFIG.labels.inProgress),
+  done: z.string().default(DEFAULT_CONFIG.labels.done),
+  failed: z.string().default(DEFAULT_CONFIG.labels.failed)
+});
+var AutoMergeRulesSchema = z.object({
+  types: z.array(z.enum(["feature", "bugfix", "refactor", "test", "docs"])).default(["bugfix", "test", "docs"]),
+  maxSize: z.enum(["xs", "s", "m", "l", "xl"]).default("m"),
+  mergeStrategy: z.enum(["squash", "merge", "rebase"]).default("squash"),
+  requireCleanSecurityScan: z.boolean().default(true)
+});
+var RepoConfigSchema = z.object({
+  owner: z.string().min(1),
+  name: z.string().min(1),
+  defaultBranch: z.string().default("main"),
+  testCommand: z.string().min(1),
+  lintCommand: z.string().optional(),
+  buildCommand: z.string().optional(),
+  runCommand: z.string().optional(),
+  claudeMdPath: z.string().optional(),
+  maxTurns: z.number().int().positive().optional(),
+  maxReviewCycles: z.number().int().min(1).max(10).optional(),
+  maxTestRetries: z.number().int().min(0).max(5).optional(),
+  budgetPerTaskUsd: z.number().positive().optional(),
+  autoMerge: z.boolean().default(false),
+  autoMergeRules: AutoMergeRulesSchema.optional(),
+  allowedTools: z.array(z.string()).optional(),
+  localPath: z.string().optional()
+});
+var DefaultsSchema = z.object({
+  model: z.string().default(DEFAULT_CONFIG.model),
+  reviewerModel: z.string().default(DEFAULT_CONFIG.reviewerModel),
+  plannerModel: z.string().default(DEFAULT_CONFIG.plannerModel),
+  maxTurns: z.number().int().positive().default(DEFAULT_CONFIG.maxTurns),
+  maxReviewCycles: z.number().int().min(1).max(10).default(DEFAULT_CONFIG.maxReviewCycles),
+  maxTestRetries: z.number().int().min(0).max(5).default(DEFAULT_CONFIG.maxTestRetries),
+  timeoutMinutes: z.number().int().positive().default(DEFAULT_CONFIG.timeoutMinutes),
+  budgetPerTaskUsd: z.number().positive().default(DEFAULT_CONFIG.budgetPerTaskUsd),
+  branchPrefix: z.string().default(DEFAULT_CONFIG.branchPrefix),
+  labels: LabelsSchema.default({}),
+  allowedTools: z.array(z.string()).default([...DEFAULT_CONFIG.allowedTools]),
+  enablePlanning: z.boolean().default(DEFAULT_CONFIG.enablePlanning),
+  enableSecurityScan: z.boolean().default(DEFAULT_CONFIG.enableSecurityScan)
+});
+var XForceConfigSchema = z.object({
+  version: z.literal("1"),
+  defaults: DefaultsSchema.default({}),
+  repos: z.array(RepoConfigSchema).min(1),
+  notifications: z.object({
+    slack: z.object({
+      webhookUrl: z.string(),
+      channels: z.object({
+        success: z.string().optional(),
+        failure: z.string().optional()
+      }).optional()
+    }).optional(),
+    github: z.object({
+      mentionOnFailure: z.array(z.string()).optional(),
+      mentionOnReview: z.array(z.string()).optional()
+    }).optional()
+  }).optional()
+});
+function interpolateEnvVars(value) {
+  return value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    const envValue = process.env[varName];
+    if (envValue === void 0) {
+      throw new ConfigError(`Environment variable ${varName} is not set`);
+    }
+    return envValue;
+  });
+}
+function interpolateDeep(obj) {
+  if (typeof obj === "string") return interpolateEnvVars(obj);
+  if (Array.isArray(obj)) return obj.map(interpolateDeep);
+  if (obj !== null && typeof obj === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(obj)) {
+      result[key] = interpolateDeep(value);
+    }
+    return result;
+  }
+  return obj;
+}
+function findConfigFile(basePath) {
+  for (const name of CONFIG_FILE_NAMES) {
+    const fullPath = resolve(basePath, name);
+    if (existsSync(fullPath)) return fullPath;
+  }
+  return null;
+}
+function loadConfig(configPath) {
+  let filePath;
+  if (configPath) {
+    filePath = resolve(configPath);
+    if (!existsSync(filePath)) {
+      throw new ConfigError(`Config file not found: ${filePath}`);
+    }
+  } else {
+    const found = findConfigFile(process.cwd());
+    if (!found) {
+      throw new ConfigError(
+        `No config file found. Create xforce.config.yaml or specify --config path.`
+      );
+    }
+    filePath = found;
+  }
+  const raw = readFileSync(filePath, "utf-8");
+  const parsed = parseYaml(raw);
+  const interpolated = interpolateDeep(parsed);
+  const result = XForceConfigSchema.safeParse(interpolated);
+  if (!result.success) {
+    const errors = result.error.issues.map((i) => `  - ${i.path.join(".")}: ${i.message}`).join("\n");
+    throw new ConfigError(`Invalid config:
+${errors}`);
+  }
+  return result.data;
+}
+function resolveRepoConfig(config, owner, name) {
+  const repo = config.repos.find((r) => r.owner === owner && r.name === name);
+  if (!repo) {
+    throw new ConfigError(
+      `Repository ${owner}/${name} not found in config. Add it under the 'repos' section.`
+    );
+  }
+  return {
+    owner: repo.owner,
+    name: repo.name,
+    defaultBranch: repo.defaultBranch,
+    testCommand: repo.testCommand,
+    lintCommand: repo.lintCommand,
+    buildCommand: repo.buildCommand,
+    runCommand: repo.runCommand,
+    claudeMdPath: repo.claudeMdPath,
+    model: config.defaults.model,
+    reviewerModel: config.defaults.reviewerModel,
+    plannerModel: config.defaults.plannerModel,
+    maxTurns: repo.maxTurns ?? config.defaults.maxTurns,
+    maxReviewCycles: repo.maxReviewCycles ?? config.defaults.maxReviewCycles,
+    maxTestRetries: repo.maxTestRetries ?? config.defaults.maxTestRetries,
+    timeoutMinutes: config.defaults.timeoutMinutes,
+    budgetPerTaskUsd: repo.budgetPerTaskUsd ?? config.defaults.budgetPerTaskUsd,
+    branchPrefix: config.defaults.branchPrefix,
+    labels: config.defaults.labels,
+    autoMerge: repo.autoMerge,
+    autoMergeRules: repo.autoMergeRules ?? {
+      types: ["feature", "bugfix", "refactor", "test", "docs"],
+      maxSize: "xl",
+      mergeStrategy: "squash",
+      requireCleanSecurityScan: false
+    },
+    allowedTools: repo.allowedTools ?? config.defaults.allowedTools,
+    enablePlanning: config.defaults.enablePlanning,
+    enableSecurityScan: config.defaults.enableSecurityScan,
+    localPath: repo.localPath
+  };
+}
+
+// src/pipeline/state-machine.ts
+var VALID_TRANSITIONS = {
+  parsing_issue: ["creating_branch", "failed"],
+  creating_branch: ["planning", "coding", "failed"],
+  planning: ["coding", "failed"],
+  coding: ["running_tests", "failed"],
+  running_tests: ["reviewing", "coding", "failed"],
+  reviewing: ["awaiting_human", "addressing_review", "merging", "failed"],
+  addressing_review: ["coding", "failed"],
+  merging: ["completed", "awaiting_human", "failed"],
+  awaiting_human: ["completed", "failed"],
+  completed: [],
+  failed: []
+};
+function validateTransition(from, to) {
+  const valid = VALID_TRANSITIONS[from];
+  if (!valid.includes(to)) {
+    throw new PipelineError(`Invalid state transition: ${from} -> ${to}`);
+  }
+}
+
+// src/pipeline/feedback-loop.ts
+function formatCommandFeedback(kind, output) {
+  const maxLen = 8e3;
+  const truncated = output.length > maxLen ? output.slice(0, maxLen) + "\n\n... (truncated)" : output;
+  const labels = {
+    lint: "Lint",
+    build: "Build",
+    test: "Tests",
+    run: "Run verification"
+  };
+  const label = labels[kind] ?? kind.charAt(0).toUpperCase() + kind.slice(1);
+  return `${label} failed. Output:
+
+${truncated}`;
+}
+
+// src/github/client.ts
+import { Octokit } from "@octokit/rest";
+var log = createChildLogger("github");
+var RETRY_OPTIONS = {
+  maxRetries: 3,
+  baseDelayMs: 1e3,
+  maxDelayMs: 3e4,
+  onRetry: (error, attempt) => {
+    log.warn({ error: error.message, attempt }, "GitHub API call failed, retrying");
+  }
+};
+async function withGitHubRetry(fn) {
+  return withRetry(async () => {
+    try {
+      return await fn();
+    } catch (error) {
+      const status = error?.status ?? error?.response?.status;
+      if (status === 429 || status === 403) {
+        const retryAfter = error?.response?.headers?.["retry-after"];
+        const retryMs = retryAfter ? parseInt(retryAfter) * 1e3 : void 0;
+        throw new RetryableError(`GitHub API rate limited (${status})`, retryMs);
+      }
+      if (status >= 500) {
+        throw new RetryableError(`GitHub API server error (${status})`);
+      }
+      throw error;
+    }
+  }, RETRY_OPTIONS);
+}
+var _octokit = null;
+function getOctokit() {
+  if (!_octokit) {
+    const token = process.env.GITHUB_TOKEN;
+    if (!token) {
+      throw new Error("GITHUB_TOKEN environment variable is required");
+    }
+    _octokit = new Octokit({ auth: token });
+  }
+  return _octokit;
+}
+async function getIssue(owner, repo, issueNumber) {
+  return withGitHubRetry(async () => {
+    const octokit = getOctokit();
+    log.debug({ owner, repo, issueNumber }, "Fetching issue");
+    const { data } = await octokit.issues.get({ owner, repo, issue_number: issueNumber });
+    return data;
+  });
+}
+async function getIssueLabels(owner, repo, issueNumber) {
+  return withGitHubRetry(async () => {
+    const octokit = getOctokit();
+    const { data } = await octokit.issues.listLabelsOnIssue({
+      owner,
+      repo,
+      issue_number: issueNumber
+    });
+    return data.map((l) => l.name);
+  });
+}
+async function addLabel(owner, repo, issueNumber, label) {
+  return withGitHubRetry(async () => {
+    const octokit = getOctokit();
+    log.debug({ owner, repo, issueNumber, label }, "Adding label");
+    await octokit.issues.addLabels({ owner, repo, issue_number: issueNumber, labels: [label] });
+  });
+}
+async function removeLabel(owner, repo, issueNumber, label) {
+  const octokit = getOctokit();
+  log.debug({ owner, repo, issueNumber, label }, "Removing label");
+  try {
+    await octokit.issues.removeLabel({ owner, repo, issue_number: issueNumber, name: label });
+  } catch {
+  }
+}
+async function addComment(owner, repo, issueNumber, body) {
+  return withGitHubRetry(async () => {
+    const octokit = getOctokit();
+    log.debug({ owner, repo, issueNumber }, "Adding comment");
+    const { data } = await octokit.issues.createComment({
+      owner,
+      repo,
+      issue_number: issueNumber,
+      body
+    });
+    return data;
+  });
+}
+async function getPRDiff(owner, repo, prNumber) {
+  return withGitHubRetry(async () => {
+    const octokit = getOctokit();
+    log.debug({ owner, repo, prNumber }, "Fetching PR diff");
+    const { data } = await octokit.pulls.get({
+      owner,
+      repo,
+      pull_number: prNumber,
+      mediaType: { format: "diff" }
+    });
+    return data;
+  });
+}
+function parseIssueUrl(url) {
+  const match = url.match(/github\.com\/([^/]+)\/([^/]+)\/issues\/(\d+)/);
+  if (!match) {
+    throw new Error(`Invalid GitHub issue URL: ${url}`);
+  }
+  return {
+    owner: match[1],
+    repo: match[2],
+    issueNumber: parseInt(match[3], 10)
+  };
+}
+function parsePRUrl(url) {
+  const match = url.match(/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/);
+  if (!match) {
+    throw new Error(`Invalid GitHub PR URL: ${url}`);
+  }
+  return {
+    owner: match[1],
+    repo: match[2],
+    prNumber: parseInt(match[3], 10)
+  };
+}
+
+// src/github/issue-parser.ts
+function extractSection(body, heading) {
+  const headingRegex = new RegExp(`^#{2,3}\\s+${escapeRegex(heading)}\\s*$`, "mi");
+  const headingMatch = headingRegex.exec(body);
+  if (!headingMatch) return null;
+  const startIdx = headingMatch.index + headingMatch[0].length;
+  const rest = body.slice(startIdx);
+  const nextHeadingMatch = rest.match(/\n#{2,3}\s+/);
+  const content = nextHeadingMatch ? rest.slice(0, nextHeadingMatch.index) : rest;
+  const trimmed = content.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function escapeRegex(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function parseBulletList(text) {
+  return text.split("\n").map((line) => line.replace(/^[-*]\s*(\[[ x]\]\s*)?/, "").trim()).filter((line) => line.length > 0);
+}
+function extractPriority(labels) {
+  for (const label of labels) {
+    const lower = label.toLowerCase();
+    if (lower.includes("critical")) return "critical";
+    if (lower.includes("priority/high") || lower === "high") return "high";
+    if (lower.includes("priority/medium") || lower === "medium") return "medium";
+    if (lower.includes("priority/low") || lower === "low") return "low";
+  }
+  return "medium";
+}
+function extractType(labels) {
+  for (const label of labels) {
+    const lower = label.toLowerCase();
+    if (lower.includes("feature") || lower.includes("enhancement")) return "feature";
+    if (lower.includes("bug")) return "bugfix";
+    if (lower.includes("refactor")) return "refactor";
+    if (lower.includes("test")) return "test";
+    if (lower.includes("doc")) return "docs";
+  }
+  return "feature";
+}
+function extractSize(labels, body) {
+  for (const label of labels) {
+    const lower = label.toLowerCase();
+    if (lower.includes("size/xs") || lower.includes("extra small")) return "xs";
+    if (lower.includes("size/s") || lower === "small") return "s";
+    if (lower.includes("size/m") || lower === "medium") return "m";
+    if (lower.includes("size/l") && !lower.includes("xl")) return "l";
+    if (lower.includes("size/xl") || lower.includes("extra large")) return "xl";
+  }
+  const sizeSection = extractSection(body, "Estimated Size");
+  if (sizeSection) {
+    const lower = sizeSection.toLowerCase();
+    if (lower.includes("xs") || lower.includes("extra small")) return "xs";
+    if (lower.includes("xl") || lower.includes("extra large")) return "xl";
+    if (lower.includes("< 50") || lower.match(/\bs\b/)) return "s";
+    if (lower.includes("150-500") || lower.match(/\bm\b/)) return "m";
+    if (lower.includes("500-1000") || lower.match(/\bl\b/)) return "l";
+  }
+  return "m";
+}
+function parseIssueBody(params) {
+  const { title, body, labels, issueNumber, issueUrl, repoOwner, repoName } = params;
+  if (!body || body.trim().length === 0) {
+    throw new IssueParseError("Issue body is empty");
+  }
+  const context = extractSection(body, "Context");
+  if (!context) {
+    throw new IssueParseError('Missing required section: "## Context"');
+  }
+  const criteriaSection = extractSection(body, "Acceptance Criteria");
+  if (!criteriaSection) {
+    throw new IssueParseError('Missing required section: "## Acceptance Criteria"');
+  }
+  const acceptanceCriteria = parseBulletList(criteriaSection);
+  if (acceptanceCriteria.length === 0) {
+    throw new IssueParseError("Acceptance Criteria section has no items");
+  }
+  const filesSection = extractSection(body, "Affected Files");
+  const affectedFiles = filesSection ? parseBulletList(filesSection) : [];
+  const edgeCasesSection = extractSection(body, "Edge Cases");
+  const edgeCases = edgeCasesSection ? parseBulletList(edgeCasesSection) : [];
+  return {
+    title,
+    context,
+    acceptanceCriteria,
+    affectedFiles,
+    edgeCases,
+    priority: extractPriority(labels),
+    type: extractType(labels),
+    size: extractSize(labels, body),
+    issueNumber,
+    issueUrl,
+    repoOwner,
+    repoName
+  };
+}
+
+// src/github/branch.ts
+import { tmpdir } from "os";
+import { join } from "path";
+import { mkdtemp, access, writeFile } from "fs/promises";
+import { simpleGit } from "simple-git";
+var DEFAULT_GITIGNORE = `node_modules/
+.next/
+dist/
+build/
+.env
+.env.local
+.env*.local
+*.tsbuildinfo
+.DS_Store
+`;
+var log2 = createChildLogger("git");
+function slugify(text) {
+  return text.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 40);
+}
+async function setupBranch(params) {
+  const { owner, repo, defaultBranch, issueNumber, issueTitle, branchPrefix, localDir } = params;
+  const slug = slugify(issueTitle);
+  const branchName = `${branchPrefix}/${issueNumber}-${slug}`;
+  if (localDir) {
+    log2.info({ workDir: localDir, branchName }, "Using local repository");
+    const repoGit2 = simpleGit(localDir);
+    await repoGit2.fetch("origin");
+    const status = await repoGit2.status();
+    const hadChanges = status.files.length > 0;
+    if (hadChanges) {
+      log2.info("Stashing local changes");
+      await repoGit2.stash();
+    }
+    try {
+      await repoGit2.checkout(["-B", branchName, `origin/${defaultBranch}`]);
+    } catch {
+      await repoGit2.checkoutLocalBranch(branchName);
+    }
+    await repoGit2.addConfig("user.name", "X-Force Bot");
+    await repoGit2.addConfig("user.email", "xforce-bot@users.noreply.github.com");
+    log2.info({ branchName }, "Branch created");
+    return { workDir: localDir, branchName, git: repoGit2, isLocal: true };
+  }
+  const cloneUrl = `https://x-access-token:${process.env.GITHUB_TOKEN}@github.com/${owner}/${repo}.git`;
+  const workDir = await mkdtemp(join(tmpdir(), `xforce-${repo}-`));
+  log2.info({ workDir, branchName }, "Cloning repository");
+  const git = simpleGit();
+  await git.clone(cloneUrl, workDir, ["--depth", "1", "--branch", defaultBranch]);
+  const repoGit = simpleGit(workDir);
+  await repoGit.addConfig("user.name", "X-Force Bot");
+  await repoGit.addConfig("user.email", "xforce-bot@users.noreply.github.com");
+  await repoGit.checkoutLocalBranch(branchName);
+  const gitignorePath = join(workDir, ".gitignore");
+  try {
+    await access(gitignorePath);
+  } catch {
+    log2.info("Creating default .gitignore");
+    await writeFile(gitignorePath, DEFAULT_GITIGNORE, "utf-8");
+  }
+  log2.info({ branchName }, "Branch created");
+  return { workDir, branchName, git: repoGit, isLocal: false };
+}
+async function restoreDefaultBranch(git, defaultBranch) {
+  try {
+    await git.checkout(defaultBranch);
+    log2.info({ branch: defaultBranch }, "Restored default branch");
+  } catch (error) {
+    log2.warn({ error: String(error) }, "Failed to restore default branch");
+  }
+}
+async function commitAndPush(params) {
+  const { git, branchName, message } = params;
+  await git.add("-A");
+  const status = await git.status();
+  if (status.staged.length === 0 && status.files.length === 0) {
+    log2.warn("No changes to commit");
+    return "";
+  }
+  const commitResult = await git.commit(message);
+  log2.info({ sha: commitResult.commit }, "Changes committed");
+  await git.push("origin", branchName, ["--set-upstream", "--force"]);
+  log2.info({ branchName }, "Pushed to remote");
+  return commitResult.commit;
+}
+
+// src/github/pr.ts
+var log3 = createChildLogger("pr");
+async function createPullRequest(params) {
+  const { owner, repo, branchName, defaultBranch, taskSpec, pipeline } = params;
+  const octokit = getOctokit();
+  const body = buildPRBody(taskSpec, pipeline);
+  log3.info({ owner, repo, branchName }, "Creating pull request");
+  const { data } = await octokit.pulls.create({
+    owner,
+    repo,
+    title: `[X-Force] ${taskSpec.title}`,
+    body,
+    head: branchName,
+    base: defaultBranch
+  });
+  log3.info({ prNumber: data.number, prUrl: data.html_url }, "PR created");
+  return { prNumber: data.number, prUrl: data.html_url };
+}
+async function updatePullRequest(params) {
+  const { owner, repo, prNumber, taskSpec, pipeline } = params;
+  const octokit = getOctokit();
+  const body = buildPRBody(taskSpec, pipeline);
+  await octokit.pulls.update({ owner, repo, pull_number: prNumber, body });
+}
+async function labelPR(owner, repo, prNumber, label) {
+  const octokit = getOctokit();
+  await octokit.issues.addLabels({ owner, repo, issue_number: prNumber, labels: [label] });
+}
+async function commentOnPR(owner, repo, prNumber, body) {
+  const octokit = getOctokit();
+  await octokit.issues.createComment({ owner, repo, issue_number: prNumber, body });
+}
+async function mergePR(params) {
+  const { owner, repo, prNumber, strategy, commitTitle } = params;
+  const octokit = getOctokit();
+  log3.info({ owner, repo, prNumber, strategy }, "Attempting to merge PR");
+  try {
+    const { data } = await octokit.pulls.merge({
+      owner,
+      repo,
+      pull_number: prNumber,
+      merge_method: strategy,
+      commit_title: commitTitle
+    });
+    log3.info({ sha: data.sha, merged: data.merged }, "PR merge result");
+    return { merged: data.merged, sha: data.sha };
+  } catch (error) {
+    const err = error;
+    const message = err.message ?? String(error);
+    const status = err.status;
+    if (status === 405 || status === 409) {
+      log3.warn({ status, message }, "PR cannot be auto-merged");
+      return { merged: false, error: message };
+    }
+    throw error;
+  }
+}
+function buildPRBody(taskSpec, pipeline) {
+  return `## Automated by X-Force
+
+Resolves #${taskSpec.issueNumber}
+
+### Task
+**${taskSpec.title}**
+
+${taskSpec.context}
+
+### Acceptance Criteria
+${taskSpec.acceptanceCriteria.map((c) => `- [ ] ${c}`).join("\n")}
+
+### Pipeline Info
+- **Pipeline ID**: \`${pipeline.id}\`
+- **Review Cycles**: ${pipeline.reviewCycle}
+- **Total Cost**: $${pipeline.totalCostUsd.toFixed(4)}
+- **Status**: ${pipeline.status}
+
+---
+*Generated by [X-Force](https://github.com/xforce) AI Pipeline*`;
+}
+
+// src/agents/coder.ts
+import { query } from "@anthropic-ai/claude-agent-sdk";
+
+// src/agents/prompts/coder-system.ts
+var CODER_SYSTEM_PROMPT_APPEND = `
+You are working as part of an automated development pipeline called X-Force.
+You receive specifications from GitHub Issues and implement them autonomously.
+
+CRITICAL: START WRITING CODE IMMEDIATELY. Do not spend more than a few turns reading existing files. Your primary job is to CREATE and EDIT files. The pipeline will handle committing, testing, and reviewing separately \u2014 you must NOT run tests or create git commits yourself.
+
+RULES:
+1. WRITE CODE FIRST. Briefly check the repo structure, then start creating/editing files right away.
+2. Implement EXACTLY what the spec asks for. Do not add unrequested features.
+3. Follow the existing code style and patterns in the repository.
+4. Make minimal, focused changes. Do not refactor unrelated code.
+5. Ensure a .gitignore exists with at minimum: node_modules/, .next/, dist/, build/, .env, .env.local
+6. NEVER commit dependency directories (node_modules, vendor, .venv, __pycache__, etc.).
+
+DO NOT:
+- Run tests (the pipeline runs tests after you finish)
+- Run build commands (the pipeline handles build verification)
+- Run lint commands (the pipeline handles lint checking)
+- Create git commits (the pipeline commits your changes)
+- Run git commands (the pipeline manages git)
+- Spend excessive turns exploring \u2014 get to writing code quickly
+
+When you receive review feedback (marked with "## Review Feedback"), address EVERY issue marked as critical or major. For minor issues, use your judgment.
+
+When you receive test failure output (marked with "## Test Failures"), analyze the failures and fix your code to make all tests pass.
+`;
+function buildCoderPrompt(taskSpec) {
+  return `## Task: ${taskSpec.title}
+
+### Context
+${taskSpec.context}
+
+### Acceptance Criteria
+${taskSpec.acceptanceCriteria.map((c, i) => `${i + 1}. ${c}`).join("\n")}
+
+### Affected Files
+${taskSpec.affectedFiles.length > 0 ? taskSpec.affectedFiles.map((f) => `- ${f}`).join("\n") : "Not specified - determine the best files to modify."}
+
+### Edge Cases to Handle
+${taskSpec.edgeCases.length > 0 ? taskSpec.edgeCases.map((e) => `- ${e}`).join("\n") : "None specified."}
+
+### Task Type: ${taskSpec.type} | Size: ${taskSpec.size} | Priority: ${taskSpec.priority}
+
+Please implement this task now. Start writing code immediately \u2014 do not over-analyze. The pipeline will handle testing, committing, and reviewing your changes.`;
+}
+function buildReviewFeedbackSection(review) {
+  const issues = review.issues.map(
+    (issue) => `- **[${issue.severity.toUpperCase()}]** ${issue.file}${issue.line ? `:${issue.line}` : ""}
+  ${issue.description}${issue.suggestedFix ? `
+  Suggested fix: ${issue.suggestedFix}` : ""}`
+  ).join("\n");
+  return `## Review Feedback (Address These Issues)
+
+### Summary
+${review.summary}
+
+### Issues to Fix
+${issues || "No specific issues listed."}
+
+### Unmet Acceptance Criteria
+${review.specAdherence.unmet.length > 0 ? review.specAdherence.unmet.map((c) => `- ${c}`).join("\n") : "All criteria met."}
+
+### Security Concerns
+${review.securityConcerns.length > 0 ? review.securityConcerns.map((c) => `- ${c}`).join("\n") : "None."}
+
+Address all CRITICAL and MAJOR issues. Then re-run tests.`;
+}
+function buildTestFailureFeedbackSection(testOutput) {
+  return buildCommandFailureFeedbackSection("test", testOutput);
+}
+function buildCommandFailureFeedbackSection(kind, output) {
+  const label = kind.charAt(0).toUpperCase() + kind.slice(1);
+  return `## ${label} Failures
+
+The following ${kind} failures were detected after your changes. Please analyze and fix them:
+
+\`\`\`
+${output}
+\`\`\`
+
+Fix the code to make the ${kind} pass. Do not commit \u2014 the pipeline handles that.`;
+}
+
+// src/agents/prompts/planner-system.ts
+var PLANNER_SYSTEM_PROMPT = `You are a senior software architect analyzing a codebase to create an implementation plan.
+
+You have access to read-only tools: Read, Glob, and Grep. Use them to:
+1. Explore the repository structure (Glob for file patterns, Read for file contents)
+2. Understand existing patterns, conventions, and architecture
+3. Identify the exact files that need to be modified or created
+4. Analyze dependencies and potential ripple effects
+
+RULES:
+- Start by quickly checking the project structure (Glob for key file patterns). If the repo is empty or has very few files, skip deep exploration and produce your plan immediately.
+- Be specific about file paths \u2014 use actual paths you found in the codebase, or specify paths to create for greenfield projects.
+- Consider test files and their patterns.
+- Identify potential risks (breaking changes, missing test coverage, security).
+- Estimate complexity honestly.
+- Your plan should be actionable and concrete, not vague.
+- Do NOT spend more than a few turns exploring. Produce your JSON plan as quickly as possible.
+
+You MUST respond with valid JSON matching the required schema.`;
+function buildPlannerPrompt(taskSpec) {
+  return `## Task: ${taskSpec.title}
+
+### Context
+${taskSpec.context}
+
+### Acceptance Criteria
+${taskSpec.acceptanceCriteria.map((c, i) => `${i + 1}. ${c}`).join("\n")}
+
+### Affected Files (from issue \u2014 verify these)
+${taskSpec.affectedFiles.length > 0 ? taskSpec.affectedFiles.map((f) => `- ${f}`).join("\n") : "Not specified \u2014 determine from codebase analysis."}
+
+### Edge Cases to Handle
+${taskSpec.edgeCases.length > 0 ? taskSpec.edgeCases.map((e) => `- ${e}`).join("\n") : "None specified."}
+
+### Task Type: ${taskSpec.type} | Size: ${taskSpec.size} | Priority: ${taskSpec.priority}
+
+Analyze the codebase and produce a structured implementation plan. Use your tools to explore the project structure and understand the existing patterns before planning.`;
+}
+function buildPlanSection(plan) {
+  const steps = plan.implementationSteps.sort((a, b) => a.order - b.order).map(
+    (s) => `${s.order}. ${s.description}
+   Files: ${s.files.join(", ")}
+   Rationale: ${s.rationale}`
+  ).join("\n\n");
+  return `## Implementation Plan (Follow This)
+
+### Approach
+${plan.approach}
+
+### Files to Modify
+${plan.filesToModify.map((f) => `- ${f}`).join("\n")}
+
+### Files to Create
+${plan.filesToCreate.map((f) => `- ${f}`).join("\n") || "None"}
+
+### Steps
+${steps}
+
+### Risks to Watch For
+${plan.risks.map((r) => `- ${r}`).join("\n") || "None identified"}
+
+Follow this plan closely. If you discover the plan is incorrect or incomplete, adapt as needed but document your deviations.`;
+}
+
+// src/agents/coder.ts
+var log4 = createChildLogger("coder");
+function truncate(s, max) {
+  return s.length > max ? s.slice(0, max) + "..." : s;
+}
+function describeToolUse(name, input) {
+  const path = input?.file_path;
+  switch (name) {
+    case "Read":
+      return `Reading ${path ?? "file"}`;
+    case "Write":
+      return `Writing ${path ?? "file"}`;
+    case "Edit":
+      return `Editing ${path ?? "file"}`;
+    case "Bash":
+      return `Running: ${truncate(input?.command ?? "command", 80)}`;
+    case "Glob":
+      return `Searching files: ${input?.pattern ?? ""}`;
+    case "Grep":
+      return `Searching for: ${truncate(input?.pattern ?? "", 60)}`;
+    default:
+      return `Using ${name}`;
+  }
+}
+async function runCodingAgent(params) {
+  const { taskSpec, repoConfig, workingDir, previousReview, testFailures, commandFailures, sessionId, plan, onProgress } = params;
+  let prompt = buildCoderPrompt(taskSpec);
+  if (plan) {
+    prompt += "\n\n" + buildPlanSection(plan);
+  }
+  if (previousReview) {
+    prompt += "\n\n" + buildReviewFeedbackSection(previousReview);
+  }
+  if (testFailures) {
+    prompt += "\n\n" + buildTestFailureFeedbackSection(testFailures);
+  }
+  if (commandFailures) {
+    prompt += "\n\n" + buildCommandFailureFeedbackSection(commandFailures.kind, commandFailures.output);
+  }
+  log4.info(
+    {
+      task: taskSpec.title,
+      model: repoConfig.model,
+      maxTurns: repoConfig.maxTurns,
+      budget: repoConfig.budgetPerTaskUsd,
+      hasReview: !!previousReview,
+      hasTestFailures: !!testFailures
+    },
+    "Starting coding agent"
+  );
+  const result = query({
+    prompt,
+    options: {
+      cwd: workingDir,
+      model: repoConfig.model,
+      maxTurns: repoConfig.maxTurns,
+      maxBudgetUsd: repoConfig.budgetPerTaskUsd,
+      allowedTools: repoConfig.allowedTools,
+      permissionMode: "bypassPermissions",
+      allowDangerouslySkipPermissions: true,
+      systemPrompt: {
+        type: "preset",
+        preset: "claude_code",
+        append: CODER_SYSTEM_PROMPT_APPEND
+      },
+      ...sessionId ? { resume: sessionId } : {}
+    }
+  });
+  let resultMessage;
+  for await (const message of result) {
+    if (message.type === "assistant" && "content" in message) {
+      const content = message.content;
+      for (const block of content) {
+        if (block.type === "tool_use" && block.name) {
+          const detail = describeToolUse(block.name, block.input);
+          log4.info({ tool: block.name }, detail);
+          onProgress?.(detail);
+        }
+      }
+    }
+    if (message.type === "result") {
+      resultMessage = message;
+    }
+  }
+  if (!resultMessage) {
+    throw new CodingAgentError("No result message received from coding agent", [], 0);
+  }
+  if (resultMessage.subtype === "error_max_turns") {
+    log4.warn(
+      {
+        cost: resultMessage.total_cost_usd,
+        turns: resultMessage.num_turns
+      },
+      "Coding agent hit max turns \u2014 continuing with partial work"
+    );
+    return {
+      sessionId: resultMessage.session_id,
+      costUsd: resultMessage.total_cost_usd,
+      result: "Agent hit max turns limit. Partial work may have been completed.",
+      numTurns: resultMessage.num_turns
+    };
+  }
+  if (resultMessage.subtype !== "success") {
+    throw new CodingAgentError(
+      `Coding agent failed: ${resultMessage.subtype}`,
+      "errors" in resultMessage ? resultMessage.errors : [],
+      resultMessage.total_cost_usd
+    );
+  }
+  log4.info(
+    {
+      cost: resultMessage.total_cost_usd,
+      turns: resultMessage.num_turns
+    },
+    "Coding agent completed"
+  );
+  return {
+    sessionId: resultMessage.session_id,
+    costUsd: resultMessage.total_cost_usd,
+    result: resultMessage.result,
+    numTurns: resultMessage.num_turns
+  };
+}
+
+// src/agents/planner.ts
+import { query as query2 } from "@anthropic-ai/claude-agent-sdk";
+import { z as z2 } from "zod";
+var log5 = createChildLogger("planner");
+var ImplementationStepSchema = z2.object({
+  order: z2.number().int().positive(),
+  description: z2.string(),
+  files: z2.array(z2.string()),
+  rationale: z2.string()
+});
+var ImplementationPlanSchema = z2.object({
+  approach: z2.string(),
+  filesToModify: z2.array(z2.string()),
+  filesToCreate: z2.array(z2.string()),
+  estimatedComplexity: z2.enum(["low", "medium", "high"]),
+  risks: z2.array(z2.string()),
+  implementationSteps: z2.array(ImplementationStepSchema),
+  estimatedTurns: z2.number().int().positive()
+});
+var PLAN_JSON_SCHEMA = {
+  type: "object",
+  properties: {
+    approach: { type: "string" },
+    filesToModify: { type: "array", items: { type: "string" } },
+    filesToCreate: { type: "array", items: { type: "string" } },
+    estimatedComplexity: { type: "string", enum: ["low", "medium", "high"] },
+    risks: { type: "array", items: { type: "string" } },
+    implementationSteps: {
+      type: "array",
+      items: {
+        type: "object",
+        properties: {
+          order: { type: "number" },
+          description: { type: "string" },
+          files: { type: "array", items: { type: "string" } },
+          rationale: { type: "string" }
+        },
+        required: ["order", "description", "files", "rationale"]
+      }
+    },
+    estimatedTurns: { type: "number" }
+  },
+  required: [
+    "approach",
+    "filesToModify",
+    "filesToCreate",
+    "estimatedComplexity",
+    "risks",
+    "implementationSteps",
+    "estimatedTurns"
+  ]
+};
+function extractJSON(text) {
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (jsonMatch) return jsonMatch[0];
+  const fenceMatch = text.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+  if (fenceMatch) return fenceMatch[1].trim();
+  throw new PipelineError("Could not extract JSON from planner response");
+}
+function validatePlan(parsed) {
+  const validated = ImplementationPlanSchema.safeParse(parsed);
+  if (!validated.success) {
+    const errors = validated.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+    throw new PipelineError(`Planner response validation failed: ${errors}`);
+  }
+  return validated.data;
+}
+async function runPlanningAgent(params) {
+  const { taskSpec, repoConfig, workingDir, onProgress } = params;
+  const prompt = buildPlannerPrompt(taskSpec);
+  log5.info(
+    { task: taskSpec.title, model: repoConfig.plannerModel },
+    "Starting planning agent"
+  );
+  const result = query2({
+    prompt,
+    options: {
+      cwd: workingDir,
+      model: repoConfig.plannerModel,
+      maxTurns: 50,
+      allowedTools: ["Read", "Glob", "Grep"],
+      permissionMode: "bypassPermissions",
+      allowDangerouslySkipPermissions: true,
+      systemPrompt: PLANNER_SYSTEM_PROMPT,
+      outputFormat: {
+        type: "json_schema",
+        schema: PLAN_JSON_SCHEMA
+      }
+    }
+  });
+  let resultMessage;
+  let lastAssistantText = "";
+  for await (const message of result) {
+    if (message.type === "assistant" && "content" in message) {
+      const content = message.content;
+      for (const block of content) {
+        if (block.type === "tool_use" && block.name) {
+          const detail = describeToolUse(block.name, block.input);
+          log5.info({ tool: block.name }, detail);
+          onProgress?.(detail);
+        }
+      }
+      const textParts = content.filter((c) => c.type === "text" && c.text).map((c) => c.text);
+      if (textParts.length > 0) {
+        lastAssistantText = textParts.join("\n");
+      }
+    }
+    if (message.type === "result") {
+      resultMessage = message;
+    }
+  }
+  if (!resultMessage) {
+    throw new PipelineError("No result message received from planning agent");
+  }
+  log5.debug(
+    {
+      subtype: resultMessage.subtype,
+      hasStructuredOutput: "structured_output" in resultMessage && !!resultMessage.structured_output,
+      hasResult: "result" in resultMessage && !!resultMessage.result,
+      hasLastAssistant: !!lastAssistantText,
+      lastAssistantLength: lastAssistantText.length
+    },
+    "Planning agent result received"
+  );
+  const isSuccess = resultMessage.subtype === "success";
+  const isMaxTurns = resultMessage.subtype === "error_max_turns";
+  if (!isSuccess && !isMaxTurns) {
+    const errorDetail = "errors" in resultMessage ? resultMessage.errors.join(", ") : "unknown";
+    throw new PipelineError(
+      `Planning agent failed (${resultMessage.subtype}): ${errorDetail}`
+    );
+  }
+  if (isMaxTurns) {
+    log5.warn("Planning agent hit max turns \u2014 attempting to extract plan");
+  }
+  let parsed;
+  if ("structured_output" in resultMessage && resultMessage.structured_output) {
+    parsed = resultMessage.structured_output;
+  } else if ("result" in resultMessage && resultMessage.result) {
+    const jsonStr = extractJSON(resultMessage.result);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new PipelineError(
+        `Planner returned invalid JSON: ${String(resultMessage.result).slice(0, 200)}`
+      );
+    }
+  } else if (lastAssistantText) {
+    log5.warn("No result output \u2014 extracting plan from last assistant message");
+    const jsonStr = extractJSON(lastAssistantText);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new PipelineError(
+        `Planner returned invalid JSON in assistant message: ${lastAssistantText.slice(0, 200)}`
+      );
+    }
+  } else {
+    throw new PipelineError("Planning agent produced no output");
+  }
+  const plan = validatePlan(parsed);
+  log5.info(
+    {
+      complexity: plan.estimatedComplexity,
+      steps: plan.implementationSteps.length,
+      filesToModify: plan.filesToModify.length
+    },
+    "Plan created"
+  );
+  return {
+    plan,
+    costUsd: resultMessage.total_cost_usd,
+    numTurns: resultMessage.num_turns
+  };
+}
+
+// src/agents/reviewer.ts
+import { query as query3 } from "@anthropic-ai/claude-agent-sdk";
+import { z as z3 } from "zod";
+
+// src/agents/prompts/reviewer-system.ts
+var REVIEWER_SYSTEM_PROMPT = `You are a senior code reviewer for an automated development pipeline.
+Your job is to review a code diff against a specification and provide structured feedback.
+
+You must evaluate:
+1. **Spec Adherence**: Does the code implement all acceptance criteria?
+2. **Code Quality**: Is the code clean, maintainable, follows existing patterns?
+3. **Security**: Are there any security vulnerabilities, injection risks, exposed secrets?
+4. **Edge Cases**: Are the listed edge cases handled?
+5. **Tests**: Are tests included and do they cover the key scenarios?
+
+You MUST respond with valid JSON matching this schema:
+{
+  "approved": boolean,
+  "summary": "string - brief overall assessment",
+  "issues": [
+    {
+      "severity": "critical|major|minor|suggestion",
+      "file": "path/to/file",
+      "line": number_or_null,
+      "description": "what's wrong",
+      "suggestedFix": "how to fix it (optional, can be null)"
+    }
+  ],
+  "securityConcerns": ["string array, empty if none"],
+  "specAdherence": {
+    "met": ["criteria that are satisfied"],
+    "unmet": ["criteria that are NOT satisfied"]
+  }
+}
+
+Rules:
+- Only mark "approved": true if ALL acceptance criteria are met AND there are zero critical/major issues.
+- Be specific about file paths and line numbers.
+- For review cycle > 0, focus on whether previous feedback was addressed.
+- Do NOT nitpick style if the code follows the repository's existing conventions.
+- Respond ONLY with the JSON object. No markdown fences, no explanation text.`;
+function buildReviewerUserPrompt(taskSpec, diff, reviewCycle) {
+  return `## Original Specification
+
+**Title**: ${taskSpec.title}
+
+**Context**: ${taskSpec.context}
+
+**Acceptance Criteria**:
+${taskSpec.acceptanceCriteria.map((c, i) => `${i + 1}. ${c}`).join("\n")}
+
+**Edge Cases**:
+${taskSpec.edgeCases.length > 0 ? taskSpec.edgeCases.map((e) => `- ${e}`).join("\n") : "None specified."}
+
+## Code Diff to Review
+
+\`\`\`diff
+${diff}
+\`\`\`
+
+## Review Cycle: ${reviewCycle + 1}
+${reviewCycle > 0 ? "This is a re-review after the coder addressed previous feedback. Focus on whether previous issues were fixed." : "This is the initial review."}
+
+Provide your review as a JSON object matching the specified schema.`;
+}
+
+// src/agents/reviewer.ts
+var log6 = createChildLogger("reviewer");
+var ReviewIssueSchema = z3.object({
+  severity: z3.enum(["critical", "major", "minor", "suggestion"]),
+  file: z3.string(),
+  line: z3.number().nullable().optional(),
+  description: z3.string(),
+  suggestedFix: z3.string().nullable().optional()
+});
+var ReviewResultSchema = z3.object({
+  approved: z3.boolean(),
+  summary: z3.string(),
+  issues: z3.array(ReviewIssueSchema),
+  securityConcerns: z3.array(z3.string()),
+  specAdherence: z3.object({
+    met: z3.array(z3.string()),
+    unmet: z3.array(z3.string())
+  })
+});
+var REVIEW_JSON_SCHEMA = {
+  type: "object",
+  properties: {
+    approved: { type: "boolean" },
+    summary: { type: "string" },
+    issues: {
+      type: "array",
+      items: {
+        type: "object",
+        properties: {
+          severity: { type: "string", enum: ["critical", "major", "minor", "suggestion"] },
+          file: { type: "string" },
+          line: { type: ["number", "null"] },
+          description: { type: "string" },
+          suggestedFix: { type: ["string", "null"] }
+        },
+        required: ["severity", "file", "description"]
+      }
+    },
+    securityConcerns: { type: "array", items: { type: "string" } },
+    specAdherence: {
+      type: "object",
+      properties: {
+        met: { type: "array", items: { type: "string" } },
+        unmet: { type: "array", items: { type: "string" } }
+      },
+      required: ["met", "unmet"]
+    }
+  },
+  required: ["approved", "summary", "issues", "securityConcerns", "specAdherence"]
+};
+function extractJSON2(text) {
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (jsonMatch) return jsonMatch[0];
+  const fenceMatch = text.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+  if (fenceMatch) return fenceMatch[1].trim();
+  throw new ReviewerError("Could not extract JSON from reviewer response");
+}
+function validateReviewResult(parsed) {
+  const validated = ReviewResultSchema.safeParse(parsed);
+  if (!validated.success) {
+    const errors = validated.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+    throw new ReviewerError(`Reviewer response validation failed: ${errors}`);
+  }
+  return {
+    ...validated.data,
+    issues: validated.data.issues.map((issue) => ({
+      ...issue,
+      line: issue.line ?? void 0,
+      suggestedFix: issue.suggestedFix ?? void 0
+    }))
+  };
+}
+async function runReviewerAgent(params) {
+  const { taskSpec, diff, repoConfig, reviewCycle } = params;
+  log6.info(
+    { model: repoConfig.reviewerModel, cycle: reviewCycle },
+    "Starting reviewer agent"
+  );
+  const userPrompt = buildReviewerUserPrompt(taskSpec, diff, reviewCycle);
+  const agentResult = query3({
+    prompt: userPrompt,
+    options: {
+      model: repoConfig.reviewerModel,
+      maxTurns: 50,
+      tools: [],
+      systemPrompt: REVIEWER_SYSTEM_PROMPT,
+      permissionMode: "bypassPermissions",
+      allowDangerouslySkipPermissions: true,
+      outputFormat: {
+        type: "json_schema",
+        schema: REVIEW_JSON_SCHEMA
+      }
+    }
+  });
+  let resultMessage;
+  let lastAssistantText = "";
+  for await (const message of agentResult) {
+    if (message.type === "assistant" && "content" in message) {
+      const textParts = message.content.filter((c) => c.type === "text" && c.text).map((c) => c.text);
+      if (textParts.length > 0) {
+        lastAssistantText = textParts.join("\n");
+      }
+    }
+    if (message.type === "result") {
+      resultMessage = message;
+    }
+  }
+  if (!resultMessage) {
+    throw new ReviewerError("No result message received from reviewer agent");
+  }
+  const isSuccess = resultMessage.subtype === "success";
+  const isMaxTurns = resultMessage.subtype === "error_max_turns";
+  if (!isSuccess && !isMaxTurns) {
+    const errorDetail = "errors" in resultMessage ? resultMessage.errors.join(", ") : "unknown";
+    throw new ReviewerError(`Reviewer agent failed (${resultMessage.subtype}): ${errorDetail}`);
+  }
+  if (isMaxTurns) {
+    log6.warn("Reviewer hit max turns \u2014 attempting to extract result");
+  }
+  let parsed;
+  if ("structured_output" in resultMessage && resultMessage.structured_output) {
+    parsed = resultMessage.structured_output;
+  } else if ("result" in resultMessage && resultMessage.result) {
+    const jsonStr = extractJSON2(resultMessage.result);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new ReviewerError(`Reviewer returned invalid JSON: ${String(resultMessage.result).slice(0, 200)}`);
+    }
+  } else if (lastAssistantText) {
+    log6.warn("No result output \u2014 extracting review from last assistant message");
+    const jsonStr = extractJSON2(lastAssistantText);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new ReviewerError(
+        `Reviewer returned invalid JSON in assistant message: ${lastAssistantText.slice(0, 200)}`
+      );
+    }
+  } else {
+    throw new ReviewerError("Reviewer agent produced no output");
+  }
+  const review = validateReviewResult(parsed);
+  log6.info(
+    {
+      approved: review.approved,
+      issueCount: review.issues.length,
+      cycle: reviewCycle
+    },
+    "Review completed"
+  );
+  return review;
+}
+
+// src/agents/security-scanner.ts
+import { query as query4 } from "@anthropic-ai/claude-agent-sdk";
+import { z as z4 } from "zod";
+var log7 = createChildLogger("security-scanner");
+var SecurityFindingSchema = z4.object({
+  severity: z4.enum(["critical", "high", "medium", "low", "info"]),
+  category: z4.string(),
+  file: z4.string(),
+  line: z4.number().nullable().optional(),
+  description: z4.string(),
+  recommendation: z4.string()
+});
+var SecurityReportSchema = z4.object({
+  riskLevel: z4.enum(["critical", "high", "medium", "low", "none"]),
+  findings: z4.array(SecurityFindingSchema),
+  recommendations: z4.array(z4.string()),
+  summary: z4.string()
+});
+var SECURITY_REPORT_JSON_SCHEMA = {
+  type: "object",
+  properties: {
+    riskLevel: { type: "string", enum: ["critical", "high", "medium", "low", "none"] },
+    findings: {
+      type: "array",
+      items: {
+        type: "object",
+        properties: {
+          severity: { type: "string", enum: ["critical", "high", "medium", "low", "info"] },
+          category: { type: "string" },
+          file: { type: "string" },
+          line: { type: ["number", "null"] },
+          description: { type: "string" },
+          recommendation: { type: "string" }
+        },
+        required: ["severity", "category", "file", "description", "recommendation"]
+      }
+    },
+    recommendations: { type: "array", items: { type: "string" } },
+    summary: { type: "string" }
+  },
+  required: ["riskLevel", "findings", "recommendations", "summary"]
+};
+var SECURITY_SCANNER_SYSTEM_PROMPT = `You are a security-focused code reviewer for an automated development pipeline.
+Your job is to analyze code diffs for security vulnerabilities and risks.
+
+Focus areas:
+1. **Injection**: SQL injection, command injection, XSS, template injection
+2. **Authentication/Authorization**: Broken auth, missing access controls, privilege escalation
+3. **Secrets**: Hardcoded credentials, API keys, tokens, connection strings
+4. **Data Exposure**: Sensitive data in logs, error messages, or responses
+5. **Dependencies**: Known vulnerable patterns, unsafe imports
+6. **Input Validation**: Missing or inadequate validation, buffer overflows
+7. **Cryptography**: Weak algorithms, improper random generation, insecure hashing
+8. **Configuration**: Insecure defaults, debug mode in production, CORS misconfiguration
+
+Rules:
+- Only report actual vulnerabilities visible in the diff, not hypothetical ones.
+- Be specific about file paths and line numbers.
+- Provide actionable recommendations.
+- Set riskLevel based on the highest severity finding (or "none" if no findings).
+- Respond ONLY with the JSON object. No markdown fences, no explanation text.`;
+function extractJSON3(text) {
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (jsonMatch) return jsonMatch[0];
+  throw new PipelineError("Could not extract JSON from security scanner response");
+}
+function validateReport(parsed) {
+  const validated = SecurityReportSchema.safeParse(parsed);
+  if (!validated.success) {
+    const errors = validated.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ");
+    throw new PipelineError(`Security report validation failed: ${errors}`);
+  }
+  return {
+    ...validated.data,
+    findings: validated.data.findings.map((f) => ({
+      ...f,
+      line: f.line ?? void 0
+    }))
+  };
+}
+async function runSecurityScanner(params) {
+  const { taskSpec, diff, repoConfig } = params;
+  log7.info({ task: taskSpec.title, model: repoConfig.reviewerModel }, "Starting security scan");
+  const prompt = `## Security Review Request
+
+**Task**: ${taskSpec.title}
+**Type**: ${taskSpec.type}
+
+## Code Diff to Analyze
+
+\`\`\`diff
+${diff}
+\`\`\`
+
+Analyze this diff for security vulnerabilities. Provide your report as a JSON object matching the required schema.`;
+  const result = query4({
+    prompt,
+    options: {
+      model: repoConfig.reviewerModel,
+      maxTurns: 50,
+      tools: [],
+      systemPrompt: SECURITY_SCANNER_SYSTEM_PROMPT,
+      permissionMode: "bypassPermissions",
+      allowDangerouslySkipPermissions: true,
+      outputFormat: {
+        type: "json_schema",
+        schema: SECURITY_REPORT_JSON_SCHEMA
+      }
+    }
+  });
+  let resultMessage;
+  let lastAssistantText = "";
+  for await (const message of result) {
+    if (message.type === "assistant" && "content" in message) {
+      const textParts = message.content.filter((c) => c.type === "text" && c.text).map((c) => c.text);
+      if (textParts.length > 0) {
+        lastAssistantText = textParts.join("\n");
+      }
+    }
+    if (message.type === "result") {
+      resultMessage = message;
+    }
+  }
+  if (!resultMessage) {
+    throw new PipelineError("No result message received from security scanner");
+  }
+  const isSuccess = resultMessage.subtype === "success";
+  const isMaxTurns = resultMessage.subtype === "error_max_turns";
+  if (!isSuccess && !isMaxTurns) {
+    const errorDetail = "errors" in resultMessage ? resultMessage.errors.join(", ") : "unknown";
+    throw new PipelineError(
+      `Security scanner failed (${resultMessage.subtype}): ${errorDetail}`
+    );
+  }
+  let parsed;
+  if ("structured_output" in resultMessage && resultMessage.structured_output) {
+    parsed = resultMessage.structured_output;
+  } else if ("result" in resultMessage && resultMessage.result) {
+    const jsonStr = extractJSON3(resultMessage.result);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new PipelineError(
+        `Security scanner returned invalid JSON: ${String(resultMessage.result).slice(0, 200)}`
+      );
+    }
+  } else if (lastAssistantText) {
+    log7.warn("No result output \u2014 extracting report from last assistant message");
+    const jsonStr = extractJSON3(lastAssistantText);
+    try {
+      parsed = JSON.parse(jsonStr);
+    } catch {
+      throw new PipelineError(
+        `Security scanner returned invalid JSON in assistant message: ${lastAssistantText.slice(0, 200)}`
+      );
+    }
+  } else {
+    throw new PipelineError("Security scanner produced no output");
+  }
+  const report = validateReport(parsed);
+  log7.info(
+    {
+      riskLevel: report.riskLevel,
+      findingCount: report.findings.length
+    },
+    "Security scan completed"
+  );
+  return {
+    report,
+    costUsd: resultMessage.total_cost_usd
+  };
+}
+
+// src/testing/test-runner.ts
+import { execa } from "execa";
+var log8 = createChildLogger("test-runner");
+async function runCommand(params) {
+  const { workingDir, command, kind, timeoutMs = 3e5 } = params;
+  const [cmd, ...args] = command.split(" ");
+  log8.info({ kind, command, workingDir }, `Running ${kind} command`);
+  const start = Date.now();
+  try {
+    const result = await execa(cmd, args, {
+      cwd: workingDir,
+      timeout: timeoutMs,
+      reject: false,
+      all: true
+    });
+    const durationMs = Date.now() - start;
+    const passed = result.exitCode === 0;
+    log8.info({ kind, passed, durationMs, exitCode: result.exitCode }, `${kind} completed`);
+    return {
+      passed,
+      output: result.all ?? result.stdout + "\n" + result.stderr,
+      durationMs
+    };
+  } catch (error) {
+    const durationMs = Date.now() - start;
+    const message = error instanceof Error ? error.message : String(error);
+    log8.error({ kind, error: message, durationMs }, `${kind} execution failed`);
+    return {
+      passed: false,
+      output: message,
+      durationMs
+    };
+  }
+}
+async function runTests(params) {
+  return runCommand({
+    workingDir: params.workingDir,
+    command: params.testCommand,
+    kind: "test",
+    timeoutMs: params.timeoutMs
+  });
+}
+
+// src/notifications/sender.ts
+var log9 = createChildLogger("notifications");
+async function sendSlackWebhook(webhookUrl, message) {
+  try {
+    const response = await fetch(webhookUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(message)
+    });
+    if (!response.ok) {
+      log9.warn({ status: response.status }, "Slack webhook request failed");
+    }
+  } catch (error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    log9.warn({ error: msg }, "Failed to send Slack notification");
+  }
+}
+function formatSlackMessage(state, event) {
+  const taskTitle = state.taskSpec?.title ?? "Unknown task";
+  const pipelineId = state.id;
+  const cost = `$${state.totalCostUsd.toFixed(4)}`;
+  const eventDescriptions = {
+    started: `Pipeline started for: *${taskTitle}*`,
+    tests_passed: `Tests passed for: *${taskTitle}*`,
+    tests_failed: `Tests failed for: *${taskTitle}*`,
+    review_approved: `Review approved for: *${taskTitle}*`,
+    review_rejected: `Review rejected for: *${taskTitle}* (cycle ${state.reviewCycle + 1})`,
+    completed: `Pipeline completed for: *${taskTitle}*
+PR: ${state.prUrl ?? "N/A"}
+Cost: ${cost}`,
+    failed: `Pipeline failed for: *${taskTitle}*
+Error: ${state.error ?? "Unknown"}
+Cost: ${cost}`
+  };
+  const icons = {
+    started: ":rocket:",
+    tests_passed: ":white_check_mark:",
+    tests_failed: ":x:",
+    review_approved: ":thumbsup:",
+    review_rejected: ":eyes:",
+    completed: ":tada:",
+    failed: ":rotating_light:"
+  };
+  return {
+    text: `${icons[event]} [X-Force ${pipelineId}] ${eventDescriptions[event]}`
+  };
+}
+async function postGitHubMentions(config, owner, repo, issueNumber, event, state) {
+  const github = config.github;
+  if (!github) return;
+  let mentions = [];
+  let message = "";
+  if (event === "failed" && github.mentionOnFailure?.length) {
+    mentions = github.mentionOnFailure;
+    message = `X-Force pipeline failed. ${mentions.join(" ")} \u2014 please review.
+
+**Error**: ${state.error ?? "Unknown"}`;
+  }
+  if ((event === "completed" || event === "review_approved") && github.mentionOnReview?.length) {
+    mentions = github.mentionOnReview;
+    message = `X-Force pipeline completed. ${mentions.join(" ")} \u2014 PR ready for review: ${state.prUrl ?? "N/A"}`;
+  }
+  if (message) {
+    try {
+      await addComment(owner, repo, issueNumber, message);
+    } catch (error) {
+      const msg = error instanceof Error ? error.message : String(error);
+      log9.warn({ error: msg }, "Failed to post GitHub mention");
+    }
+  }
+}
+async function notify(params) {
+  const { config, state, event, owner, repo, issueNumber } = params;
+  if (!config) return;
+  const promises = [];
+  if (config.slack?.webhookUrl) {
+    const message = formatSlackMessage(state, event);
+    promises.push(sendSlackWebhook(config.slack.webhookUrl, message));
+  }
+  promises.push(postGitHubMentions(config, owner, repo, issueNumber, event, state));
+  await Promise.allSettled(promises);
+}
+
+// src/pipeline/auto-merge.ts
+var log10 = createChildLogger("auto-merge");
+var SIZE_ORDER = {
+  xs: 1,
+  s: 2,
+  m: 3,
+  l: 4,
+  xl: 5
+};
+function isAutoMergeEligible(params) {
+  const { taskSpec, repoConfig, securityReport } = params;
+  const rules = repoConfig.autoMergeRules;
+  const reasons = [];
+  if (!repoConfig.autoMerge) {
+    return { eligible: false, reasons: ["Auto-merge is disabled for this repo"] };
+  }
+  if (!rules.types.includes(taskSpec.type)) {
+    reasons.push(
+      `Task type "${taskSpec.type}" is not in allowed types: [${rules.types.join(", ")}]`
+    );
+  }
+  if (SIZE_ORDER[taskSpec.size] > SIZE_ORDER[rules.maxSize]) {
+    reasons.push(`Task size "${taskSpec.size}" exceeds max size "${rules.maxSize}"`);
+  }
+  if (rules.requireCleanSecurityScan && securityReport) {
+    const hasCriticalOrHigh = securityReport.findings.some(
+      (f) => f.severity === "critical" || f.severity === "high"
+    );
+    if (hasCriticalOrHigh) {
+      reasons.push("Security scan found critical or high severity issues");
+    }
+  }
+  if (reasons.length > 0) {
+    log10.info({ reasons }, "PR not eligible for auto-merge");
+  }
+  return { eligible: reasons.length === 0, reasons };
+}
+
+// src/tracking/cost-tracker.ts
+import { homedir } from "os";
+import { join as join2 } from "path";
+import { mkdir, appendFile, readFile } from "fs/promises";
+var log11 = createChildLogger("cost-tracker");
+var HISTORY_DIR = join2(homedir(), ".xforce");
+var HISTORY_FILE = "history.jsonl";
+function getHistoryPath(basePath) {
+  return join2(basePath ?? HISTORY_DIR, HISTORY_FILE);
+}
+function buildRecordFromState(state, repoConfig) {
+  const startedAt = state.startedAt instanceof Date ? state.startedAt : new Date(state.startedAt);
+  const completedAt = state.completedAt instanceof Date ? state.completedAt : new Date(state.completedAt ?? Date.now());
+  return {
+    id: state.id,
+    repo: `${repoConfig.owner}/${repoConfig.name}`,
+    issueNumber: state.taskSpec.issueNumber,
+    issueUrl: state.taskSpec.issueUrl,
+    prNumber: state.prNumber,
+    prUrl: state.prUrl,
+    status: state.status === "failed" ? "failed" : "completed",
+    totalCostUsd: state.totalCostUsd,
+    durationMs: completedAt.getTime() - startedAt.getTime(),
+    reviewCycles: state.reviewCycle,
+    model: repoConfig.model,
+    startedAt: startedAt.toISOString(),
+    completedAt: completedAt.toISOString(),
+    taskTitle: state.taskSpec.title,
+    taskType: state.taskSpec.type,
+    taskSize: state.taskSpec.size,
+    error: state.error
+  };
+}
+async function appendRecord(record, basePath) {
+  const dir = basePath ?? HISTORY_DIR;
+  await mkdir(dir, { recursive: true });
+  const filePath = join2(dir, HISTORY_FILE);
+  const line = JSON.stringify(record) + "\n";
+  await appendFile(filePath, line, "utf-8");
+  log11.debug({ id: record.id, repo: record.repo }, "Persisted pipeline run record");
+}
+async function readRecords(filter, basePath) {
+  const filePath = getHistoryPath(basePath);
+  let content;
+  try {
+    content = await readFile(filePath, "utf-8");
+  } catch {
+    return [];
+  }
+  const records = [];
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      const record = JSON.parse(trimmed);
+      if (filter?.repo && record.repo !== filter.repo) continue;
+      if (filter?.since && new Date(record.startedAt) < filter.since) continue;
+      if (filter?.until && new Date(record.startedAt) > filter.until) continue;
+      records.push(record);
+    } catch {
+      log11.warn("Skipping malformed line in history file");
+    }
+  }
+  return records;
+}
+function summarize(records) {
+  if (records.length === 0) {
+    return {
+      totalCostUsd: 0,
+      totalRuns: 0,
+      successfulRuns: 0,
+      failedRuns: 0,
+      avgCostPerRun: 0,
+      avgDurationMs: 0,
+      costByRepo: {}
+    };
+  }
+  const totalCostUsd = records.reduce((sum, r) => sum + r.totalCostUsd, 0);
+  const totalDurationMs = records.reduce((sum, r) => sum + r.durationMs, 0);
+  const successfulRuns = records.filter((r) => r.status === "completed").length;
+  const failedRuns = records.filter((r) => r.status === "failed").length;
+  const costByRepo = {};
+  for (const r of records) {
+    costByRepo[r.repo] = (costByRepo[r.repo] ?? 0) + r.totalCostUsd;
+  }
+  return {
+    totalCostUsd,
+    totalRuns: records.length,
+    successfulRuns,
+    failedRuns,
+    avgCostPerRun: totalCostUsd / records.length,
+    avgDurationMs: totalDurationMs / records.length,
+    costByRepo
+  };
+}
+
+// src/pipeline/orchestrator.ts
+var log12 = createChildLogger("orchestrator");
+function transition(state, to, message) {
+  validateTransition(state.status, to);
+  state.status = to;
+  state.logs.push({ timestamp: /* @__PURE__ */ new Date(), status: to, message });
+  log12.info({ status: to }, message);
+}
+async function runPipeline(params) {
+  const { config } = params;
+  let owner;
+  let repo;
+  let issueNumber;
+  if (params.issueUrl) {
+    const parsed = parseIssueUrl(params.issueUrl);
+    owner = parsed.owner;
+    repo = parsed.repo;
+    issueNumber = parsed.issueNumber;
+  } else if (params.repoOwner && params.repoName && params.issueNumber) {
+    owner = params.repoOwner;
+    repo = params.repoName;
+    issueNumber = params.issueNumber;
+  } else {
+    throw new PipelineError("Either issueUrl or (repoOwner + repoName + issueNumber) is required");
+  }
+  const repoConfig = resolveRepoConfig(config, owner, repo);
+  const state = {
+    id: nanoid(12),
+    taskSpec: null,
+    status: "parsing_issue",
+    branchName: "",
+    reviewCycle: 0,
+    testRetry: 0,
+    totalCostUsd: 0,
+    logs: [{ timestamp: /* @__PURE__ */ new Date(), status: "parsing_issue", message: "Pipeline started" }],
+    startedAt: /* @__PURE__ */ new Date()
+  };
+  let workDir = null;
+  let isLocal = false;
+  let branchGit = null;
+  const timeoutMs = repoConfig.timeoutMinutes * 60 * 1e3;
+  try {
+    await removeLabel(owner, repo, issueNumber, repoConfig.labels.done).catch(() => {
+    });
+    await removeLabel(owner, repo, issueNumber, repoConfig.labels.failed).catch(() => {
+    });
+    await addLabel(owner, repo, issueNumber, repoConfig.labels.inProgress);
+    log12.info({ owner, repo, issueNumber }, "Fetching and parsing issue");
+    const issue = await getIssue(owner, repo, issueNumber);
+    const labels = await getIssueLabels(owner, repo, issueNumber);
+    const taskSpec = parseIssueBody({
+      title: issue.title,
+      body: issue.body ?? "",
+      labels,
+      issueNumber,
+      issueUrl: issue.html_url,
+      repoOwner: owner,
+      repoName: repo
+    });
+    state.taskSpec = taskSpec;
+    await notify({ config: config.notifications, state, event: "started", owner, repo, issueNumber });
+    transition(state, "creating_branch", "Setting up repository and branch");
+    const branchResult = await setupBranch({
+      owner,
+      repo,
+      defaultBranch: repoConfig.defaultBranch,
+      issueNumber,
+      issueTitle: taskSpec.title,
+      branchPrefix: repoConfig.branchPrefix,
+      localDir: params.localDir ?? repoConfig.localPath
+    });
+    const { branchName, git } = branchResult;
+    workDir = branchResult.workDir;
+    isLocal = branchResult.isLocal;
+    branchGit = git;
+    state.branchName = branchName;
+    let plan;
+    if (repoConfig.enablePlanning) {
+      transition(state, "planning", `Planning with ${repoConfig.plannerModel}`);
+      const planSpinner = ora(`Planning with ${repoConfig.plannerModel}`).start();
+      const planningResult = await runPlanningAgent({
+        taskSpec,
+        repoConfig,
+        workingDir: workDir,
+        onProgress: (msg) => {
+          planSpinner.text = `Planning: ${msg}`;
+        }
+      });
+      plan = planningResult.plan;
+      state.plan = plan;
+      state.totalCostUsd += planningResult.costUsd;
+      planSpinner.succeed(`Plan created (${plan.implementationSteps.length} steps, ${plan.estimatedComplexity} complexity, $${planningResult.costUsd.toFixed(2)})`);
+      await addComment(owner, repo, issueNumber, formatPlanComment(plan));
+    }
+    await withTimeout(
+      codeReviewLoop(state, taskSpec, repoConfig, git, workDir, owner, repo, issueNumber, config.notifications, plan),
+      timeoutMs,
+      "Pipeline"
+    );
+    await removeLabel(owner, repo, issueNumber, repoConfig.labels.inProgress);
+    await addLabel(owner, repo, issueNumber, repoConfig.labels.done);
+    await addComment(
+      owner,
+      repo,
+      issueNumber,
+      `X-Force pipeline completed.
+
+- **PR**: ${state.prUrl}
+- **Cost**: $${state.totalCostUsd.toFixed(4)}
+- **Review cycles**: ${state.reviewCycle}`
+    );
+    await notify({ config: config.notifications, state, event: "completed", owner, repo, issueNumber });
+    state.completedAt = /* @__PURE__ */ new Date();
+    await appendRecord(buildRecordFromState(state, repoConfig)).catch((err) => {
+      log12.warn({ error: err.message }, "Failed to persist cost tracking record");
+    });
+    if (state.status === "merging") {
+      transition(state, "completed", "PR auto-merged");
+    } else if (state.status !== "awaiting_human") {
+      transition(state, "awaiting_human", "PR ready for human review");
+    }
+    return state;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    state.status = "failed";
+    state.error = message;
+    state.completedAt = /* @__PURE__ */ new Date();
+    log12.error({ error: message }, "Pipeline failed");
+    await notify({ config: config.notifications, state, event: "failed", owner, repo, issueNumber }).catch(() => {
+    });
+    await appendRecord(buildRecordFromState(state, repoConfig)).catch(() => {
+    });
+    try {
+      await removeLabel(owner, repo, issueNumber, repoConfig.labels.inProgress);
+      await addLabel(owner, repo, issueNumber, repoConfig.labels.failed);
+      await addComment(
+        owner,
+        repo,
+        issueNumber,
+        `X-Force pipeline failed.
+
+**Error**: ${message}
+**Cost**: $${state.totalCostUsd.toFixed(4)}`
+      );
+    } catch {
+      log12.warn("Failed to update issue labels/comments after pipeline failure");
+    }
+    return state;
+  } finally {
+    if (isLocal && branchGit) {
+      await restoreDefaultBranch(branchGit, repoConfig.defaultBranch);
+    } else if (workDir) {
+      try {
+        await rm(workDir, { recursive: true, force: true });
+      } catch {
+        log12.warn({ workDir }, "Failed to clean up working directory");
+      }
+    }
+  }
+}
+async function codeReviewLoop(state, taskSpec, repoConfig, git, workDir, owner, repo, issueNumber, notificationsConfig, plan) {
+  let previousReview;
+  let sessionId;
+  for (let cycle = 0; cycle <= repoConfig.maxReviewCycles; cycle++) {
+    state.reviewCycle = cycle;
+    transition(state, "coding", `Coding with ${repoConfig.model} (cycle ${cycle + 1})`);
+    const codeSpinner = ora(`Coding with ${repoConfig.model} (cycle ${cycle + 1})`).start();
+    const codingResult = await runCodingAgent({
+      taskSpec,
+      repoConfig,
+      workingDir: workDir,
+      previousReview,
+      sessionId,
+      plan: cycle === 0 ? plan : void 0,
+      onProgress: (msg) => {
+        codeSpinner.text = `Coding: ${msg}`;
+      }
+    });
+    state.totalCostUsd += codingResult.costUsd;
+    sessionId = codingResult.sessionId;
+    codeSpinner.succeed(`Coding complete (${codingResult.numTurns} turns, $${codingResult.costUsd.toFixed(2)})`);
+    const commitSpinner = ora("Committing and pushing changes").start();
+    const sha = await commitAndPush({
+      git,
+      branchName: state.branchName,
+      message: `feat: ${taskSpec.title} (xforce cycle ${cycle + 1})`
+    });
+    if (!sha && cycle === 0) {
+      commitSpinner.fail("No changes to commit");
+      throw new PipelineError("Coding agent made no changes");
+    }
+    commitSpinner.succeed(sha ? `Committed ${sha.slice(0, 7)}` : "No new changes");
+    transition(state, "running_tests", "Running verification checks");
+    let allChecksPassed = false;
+    for (let retry = 0; retry <= repoConfig.maxTestRetries; retry++) {
+      state.testRetry = retry;
+      let failedCheck = null;
+      const retryLabel = retry > 0 ? ` (retry ${retry})` : "";
+      if (repoConfig.lintCommand && !failedCheck) {
+        const lintSpinner = ora(`Running lint${retryLabel}`).start();
+        const lintResult = await runCommand({
+          workingDir: workDir,
+          command: repoConfig.lintCommand,
+          kind: "lint"
+        });
+        if (lintResult.passed) {
+          lintSpinner.succeed(`Lint passed (${(lintResult.durationMs / 1e3).toFixed(1)}s)`);
+        } else {
+          lintSpinner.fail("Lint failed");
+          failedCheck = { kind: "lint", output: lintResult.output };
+        }
+      }
+      if (repoConfig.buildCommand && !failedCheck) {
+        const buildSpinner = ora(`Running build${retryLabel}`).start();
+        const buildResult = await runCommand({
+          workingDir: workDir,
+          command: repoConfig.buildCommand,
+          kind: "build"
+        });
+        if (buildResult.passed) {
+          buildSpinner.succeed(`Build passed (${(buildResult.durationMs / 1e3).toFixed(1)}s)`);
+        } else {
+          buildSpinner.fail("Build failed");
+          failedCheck = { kind: "build", output: buildResult.output };
+        }
+      }
+      if (!failedCheck) {
+        const testSpinner = ora(`Running tests${retryLabel}`).start();
+        const testResult = await runTests({
+          workingDir: workDir,
+          testCommand: repoConfig.testCommand
+        });
+        if (testResult.passed) {
+          testSpinner.succeed(`Tests passed (${(testResult.durationMs / 1e3).toFixed(1)}s)`);
+        } else {
+          testSpinner.fail("Tests failed");
+          failedCheck = { kind: "test", output: testResult.output };
+        }
+      }
+      if (repoConfig.runCommand && !failedCheck) {
+        const runSpinner = ora(`Running verification${retryLabel}`).start();
+        const runResult = await runCommand({
+          workingDir: workDir,
+          command: repoConfig.runCommand,
+          kind: "run"
+        });
+        if (runResult.passed) {
+          runSpinner.succeed(`Verification passed (${(runResult.durationMs / 1e3).toFixed(1)}s)`);
+        } else {
+          runSpinner.fail("Verification failed");
+          failedCheck = { kind: "run", output: runResult.output };
+        }
+      }
+      if (!failedCheck) {
+        allChecksPassed = true;
+        break;
+      }
+      if (retry < repoConfig.maxTestRetries) {
+        transition(state, "coding", `Fixing ${failedCheck.kind} failures (retry ${retry + 1})`);
+        const fixSpinner = ora(`Fixing ${failedCheck.kind} failures (retry ${retry + 1})`).start();
+        const feedback = formatCommandFeedback(failedCheck.kind, failedCheck.output);
+        const fixResult = await runCodingAgent({
+          taskSpec,
+          repoConfig,
+          workingDir: workDir,
+          ...failedCheck.kind === "test" ? { testFailures: feedback } : { commandFailures: { kind: failedCheck.kind, output: failedCheck.output } },
+          sessionId,
+          onProgress: (msg) => {
+            fixSpinner.text = `Fixing ${failedCheck.kind}: ${msg}`;
+          }
+        });
+        state.totalCostUsd += fixResult.costUsd;
+        sessionId = fixResult.sessionId;
+        fixSpinner.succeed(`Fix applied (${fixResult.numTurns} turns, $${fixResult.costUsd.toFixed(2)})`);
+        await commitAndPush({
+          git,
+          branchName: state.branchName,
+          message: `fix: address ${failedCheck.kind} failures (xforce retry ${retry + 1})`
+        });
+        transition(state, "running_tests", `Re-running verification checks (retry ${retry + 1})`);
+      }
+    }
+    if (!allChecksPassed) {
+      throw new PipelineError(
+        `Verification checks still failing after ${repoConfig.maxTestRetries} retries`
+      );
+    }
+    if (!state.prNumber) {
+      const { prNumber, prUrl } = await createPullRequest({
+        owner,
+        repo,
+        branchName: state.branchName,
+        defaultBranch: repoConfig.defaultBranch,
+        taskSpec,
+        pipeline: state
+      });
+      state.prNumber = prNumber;
+      state.prUrl = prUrl;
+    } else {
+      await updatePullRequest({
+        owner,
+        repo,
+        prNumber: state.prNumber,
+        taskSpec,
+        pipeline: state
+      });
+    }
+    transition(state, "reviewing", `Reviewing with ${repoConfig.reviewerModel} (cycle ${cycle + 1})`);
+    const reviewSpinner = ora(`Reviewing with ${repoConfig.reviewerModel} (cycle ${cycle + 1})`).start();
+    const diff = await getPRDiff(owner, repo, state.prNumber);
+    const [review, securityResult] = await Promise.all([
+      runReviewerAgent({ taskSpec, diff, repoConfig, reviewCycle: cycle }),
+      repoConfig.enableSecurityScan ? runSecurityScanner({ taskSpec, diff, repoConfig }) : Promise.resolve(void 0)
+    ]);
+    if (securityResult) {
+      state.totalCostUsd += securityResult.costUsd;
+    }
+    const reviewStatus = review.approved ? "Approved" : `Changes requested (${review.issues.length} issues)`;
+    reviewSpinner.succeed(`Review: ${reviewStatus}`);
+    await commentOnPR(
+      owner,
+      repo,
+      state.prNumber,
+      formatReviewComment(review, cycle)
+    );
+    if (securityResult && securityResult.report.findings.length > 0) {
+      await commentOnPR(
+        owner,
+        repo,
+        state.prNumber,
+        formatSecurityComment(securityResult.report)
+      );
+    }
+    if (review.approved) {
+      await labelPR(owner, repo, state.prNumber, repoConfig.labels.done);
+      const autoMergeCheck = isAutoMergeEligible({
+        taskSpec,
+        repoConfig,
+        securityReport: securityResult?.report
+      });
+      if (autoMergeCheck.eligible) {
+        transition(state, "merging", "Auto-merging approved PR");
+        const mergeSpinner = ora("Auto-merging approved PR").start();
+        const mergeResult = await mergePR({
+          owner,
+          repo,
+          prNumber: state.prNumber,
+          strategy: repoConfig.autoMergeRules.mergeStrategy,
+          commitTitle: `${taskSpec.title} (#${state.prNumber})`
+        });
+        if (mergeResult.merged) {
+          mergeSpinner.succeed(`PR auto-merged (${mergeResult.sha?.slice(0, 7)})`);
+          await addComment(
+            owner,
+            repo,
+            issueNumber,
+            `X-Force auto-merged PR #${state.prNumber} (${repoConfig.autoMergeRules.mergeStrategy}).`
+          );
+        } else {
+          mergeSpinner.fail(`Auto-merge failed: ${mergeResult.error}`);
+          await commentOnPR(
+            owner,
+            repo,
+            state.prNumber,
+            `Auto-merge failed: ${mergeResult.error}
+
+This PR requires manual merge.`
+          );
+          transition(state, "awaiting_human", "Auto-merge failed, awaiting human review");
+        }
+      }
+      return;
+    }
+    if (cycle < repoConfig.maxReviewCycles) {
+      previousReview = review;
+      transition(state, "addressing_review", `Addressing review feedback (cycle ${cycle + 1})`);
+    }
+  }
+  throw new PipelineError(
+    `Review not approved after ${repoConfig.maxReviewCycles} cycles`
+  );
+}
+function formatSecurityComment(report) {
+  const findingsTable = report.findings.map(
+    (f) => `| ${f.severity} | ${f.category} | \`${f.file}${f.line ? ":" + f.line : ""}\` | ${f.description} |`
+  ).join("\n");
+  return `## X-Force Security Scan - Risk Level: ${report.riskLevel.toUpperCase()}
+
+### Summary
+${report.summary}
+
+### Findings
+| Severity | Category | File | Description |
+|----------|----------|------|-------------|
+${findingsTable}
+
+${report.recommendations.length > 0 ? `### Recommendations
+${report.recommendations.map((r) => `- ${r}`).join("\n")}` : ""}
+
+---
+*Security scan by X-Force AI Pipeline*`;
+}
+function formatPlanComment(plan) {
+  const steps = plan.implementationSteps.sort((a, b) => a.order - b.order).map(
+    (s) => `${s.order}. **${s.description}**
+   Files: ${s.files.map((f) => `\`${f}\``).join(", ")}`
+  ).join("\n");
+  return `## X-Force Implementation Plan
+
+### Approach
+${plan.approach}
+
+### Estimated Complexity: ${plan.estimatedComplexity}
+
+### Files to Modify
+${plan.filesToModify.map((f) => `- \`${f}\``).join("\n") || "None"}
+
+### Files to Create
+${plan.filesToCreate.map((f) => `- \`${f}\``).join("\n") || "None"}
+
+### Implementation Steps
+${steps}
+
+### Risks
+${plan.risks.map((r) => `- ${r}`).join("\n") || "None identified"}
+
+---
+*Plan generated by X-Force AI Pipeline*`;
+}
+function formatReviewComment(review, cycle) {
+  const status = review.approved ? "APPROVED" : "CHANGES REQUESTED";
+  const emoji = review.approved ? "approved" : "requesting changes";
+  const issueTable = review.issues.length > 0 ? `### Issues Found
+| Severity | File | Description |
+|----------|------|-------------|
+${review.issues.map((i) => `| ${i.severity} | \`${i.file}${i.line ? ":" + i.line : ""}\` | ${i.description} |`).join("\n")}
+` : "";
+  return `## X-Force AI Review (Cycle ${cycle + 1}) - ${status}
+
+### Summary
+${review.summary}
+
+${issueTable}
+### Spec Adherence
+**Met**: ${review.specAdherence.met.join(", ") || "None yet"}
+**Unmet**: ${review.specAdherence.unmet.join(", ") || "All met"}
+
+${review.securityConcerns.length > 0 ? `### Security Concerns
+${review.securityConcerns.map((c) => `- ${c}`).join("\n")}` : ""}
+
+---
+*Automated review by X-Force (${emoji})*`;
+}
+
+// src/server/webhook.ts
+import { createServer } from "http";
+import crypto from "crypto";
+
+// src/server/queue.ts
+import { nanoid as nanoid2 } from "nanoid";
+var log13 = createChildLogger("queue");
+var DEFAULT_OPTIONS = {
+  maxSize: 10,
+  historySize: 50
+};
+var JobQueue = class {
+  pending = [];
+  active = null;
+  completed = [];
+  totalProcessed = 0;
+  processing = false;
+  options;
+  processor;
+  constructor(processor, options) {
+    this.processor = processor;
+    this.options = { ...DEFAULT_OPTIONS, ...options };
+  }
+  enqueue(params) {
+    if (this.pending.length >= this.options.maxSize) {
+      throw new Error(`Queue is full (max ${this.options.maxSize})`);
+    }
+    const isDuplicate = this.isDuplicateIn(this.pending, params) || this.active && this.active.owner === params.owner && this.active.repo === params.repo && this.active.issueNumber === params.issueNumber;
+    if (isDuplicate) {
+      throw new Error(
+        `Issue ${params.owner}/${params.repo}#${params.issueNumber} is already queued or active`
+      );
+    }
+    const job = {
+      id: nanoid2(12),
+      owner: params.owner,
+      repo: params.repo,
+      issueNumber: params.issueNumber,
+      issueUrl: params.issueUrl,
+      status: "pending",
+      enqueuedAt: /* @__PURE__ */ new Date()
+    };
+    this.pending.push(job);
+    log13.info(
+      { jobId: job.id, owner: job.owner, repo: job.repo, issue: job.issueNumber },
+      "Job enqueued"
+    );
+    void this.processNext();
+    return job;
+  }
+  getStatus() {
+    return {
+      active: this.active,
+      pending: [...this.pending],
+      completed: [...this.completed],
+      totalProcessed: this.totalProcessed
+    };
+  }
+  getJob(id) {
+    if (this.active?.id === id) return this.active;
+    return this.pending.find((j) => j.id === id) ?? this.completed.find((j) => j.id === id);
+  }
+  get size() {
+    return this.pending.length;
+  }
+  get isFull() {
+    return this.pending.length >= this.options.maxSize;
+  }
+  isDuplicateIn(jobs, params) {
+    return jobs.some(
+      (j) => j.owner === params.owner && j.repo === params.repo && j.issueNumber === params.issueNumber
+    );
+  }
+  async processNext() {
+    if (this.processing || this.pending.length === 0) return;
+    this.processing = true;
+    const job = this.pending.shift();
+    job.status = "running";
+    job.startedAt = /* @__PURE__ */ new Date();
+    this.active = job;
+    log13.info(
+      { jobId: job.id, owner: job.owner, repo: job.repo, issue: job.issueNumber },
+      "Processing job"
+    );
+    try {
+      const result = await this.processor(job);
+      job.status = "completed";
+      job.result = result;
+    } catch (error) {
+      job.status = "failed";
+      job.error = error instanceof Error ? error.message : String(error);
+      log13.error(
+        { jobId: job.id, error: job.error },
+        "Job failed"
+      );
+    } finally {
+      job.completedAt = /* @__PURE__ */ new Date();
+      this.active = null;
+      this.totalProcessed++;
+      this.completed.unshift(job);
+      if (this.completed.length > this.options.historySize) {
+        this.completed = this.completed.slice(0, this.options.historySize);
+      }
+      this.processing = false;
+      log13.info(
+        { jobId: job.id, status: job.status, totalProcessed: this.totalProcessed },
+        "Job finished"
+      );
+      void this.processNext();
+    }
+  }
+};
+
+// src/server/webhook.ts
+var log14 = createChildLogger("webhook-server");
+var MAX_BODY_SIZE = 1048576;
+function readBody(req) {
+  return new Promise((resolve2, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY_SIZE) {
+        req.destroy();
+        reject(new Error("Payload too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => resolve2(Buffer.concat(chunks)));
+    req.on("error", reject);
+  });
+}
+function verifySignature(payload, signature, secret) {
+  const expected = "sha256=" + crypto.createHmac("sha256", secret).update(payload).digest("hex");
+  if (expected.length !== signature.length) return false;
+  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
+}
+function sendJson(res, statusCode, body) {
+  res.writeHead(statusCode, { "Content-Type": "application/json" });
+  res.end(JSON.stringify(body));
+}
+function createWebhookServer(config, options) {
+  const startTime = Date.now();
+  const readyLabel = config.defaults.labels.ready;
+  const queue = new JobQueue(
+    async (job) => {
+      const repoConf = config.repos.find((r) => r.owner === job.owner && r.name === job.repo);
+      return runPipeline({
+        repoOwner: job.owner,
+        repoName: job.repo,
+        issueNumber: job.issueNumber,
+        config,
+        localDir: repoConf?.localPath
+      });
+    },
+    {
+      maxSize: options.maxQueueSize ?? 10,
+      historySize: options.historySize ?? 50
+    }
+  );
+  function handleHealth(_req, res) {
+    sendJson(res, 200, {
+      status: "ok",
+      uptime: Math.floor((Date.now() - startTime) / 1e3)
+    });
+  }
+  function handleStatus(_req, res) {
+    sendJson(res, 200, queue.getStatus());
+  }
+  async function handleWebhook(req, res) {
+    let body;
+    try {
+      body = await readBody(req);
+    } catch {
+      sendJson(res, 413, { error: "Payload too large" });
+      return;
+    }
+    const signature = req.headers["x-hub-signature-256"];
+    if (!signature) {
+      sendJson(res, 401, { error: "Missing signature" });
+      return;
+    }
+    if (!verifySignature(body, signature, options.secret)) {
+      sendJson(res, 401, { error: "Invalid signature" });
+      return;
+    }
+    let payload;
+    try {
+      payload = JSON.parse(body.toString("utf-8"));
+    } catch {
+      sendJson(res, 400, { error: "Invalid JSON" });
+      return;
+    }
+    const event = req.headers["x-github-event"];
+    if (event !== "issues") {
+      sendJson(res, 200, { ignored: true, reason: `Event type "${event}" not handled` });
+      return;
+    }
+    if (payload.action === "labeled") {
+      const labelName = payload.label?.name;
+      if (labelName !== readyLabel) {
+        sendJson(res, 200, { ignored: true, reason: `Label "${labelName}" does not match ready label "${readyLabel}"` });
+        return;
+      }
+    } else if (payload.action === "reopened") {
+      const labels = payload.issue?.labels;
+      const hasReadyLabel = labels?.some((l) => l.name === readyLabel);
+      if (!hasReadyLabel) {
+        sendJson(res, 200, { ignored: true, reason: `Reopened issue does not have "${readyLabel}" label` });
+        return;
+      }
+    } else {
+      sendJson(res, 200, { ignored: true, reason: `Action "${payload.action}" not handled` });
+      return;
+    }
+    const owner = payload.repository?.owner?.login;
+    const repo = payload.repository?.name;
+    const issueNumber = payload.issue?.number;
+    const issueUrl = payload.issue?.html_url;
+    if (!owner || !repo || !issueNumber || !issueUrl) {
+      sendJson(res, 400, { error: "Missing required fields in payload" });
+      return;
+    }
+    const repoConfigured = config.repos.some((r) => r.owner === owner && r.name === repo);
+    if (!repoConfigured) {
+      sendJson(res, 422, { error: `Repository ${owner}/${repo} not configured` });
+      return;
+    }
+    try {
+      const job = queue.enqueue({ owner, repo, issueNumber, issueUrl });
+      log14.info(
+        { jobId: job.id, owner, repo, issueNumber },
+        "Webhook accepted, job enqueued"
+      );
+      sendJson(res, 202, { accepted: true, jobId: job.id, position: queue.size });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("already queued")) {
+        sendJson(res, 409, { error: message });
+      } else if (message.includes("Queue is full")) {
+        sendJson(res, 503, { error: message });
+      } else {
+        sendJson(res, 500, { error: message });
+      }
+    }
+  }
+  const server = createServer(async (req, res) => {
+    const method = req.method ?? "GET";
+    const url = req.url ?? "/";
+    log14.debug({ method, url }, "Request received");
+    try {
+      if (method === "GET" && url === "/health") {
+        handleHealth(req, res);
+      } else if (method === "GET" && url === "/status") {
+        handleStatus(req, res);
+      } else if (method === "POST" && url === "/webhook") {
+        await handleWebhook(req, res);
+      } else {
+        sendJson(res, 404, { error: "Not found" });
+      }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      log14.error({ error: message }, "Request handler error");
+      if (!res.headersSent) {
+        sendJson(res, 500, { error: "Internal server error" });
+      }
+    }
+  });
+  return {
+    start() {
+      return new Promise((resolve2, reject) => {
+        server.listen(options.port, options.host, () => {
+          log14.info({ port: options.port, host: options.host }, "Webhook server started");
+          resolve2();
+        });
+        server.on("error", reject);
+      });
+    },
+    stop() {
+      return new Promise((resolve2) => {
+        server.close(() => {
+          log14.info("Webhook server stopped");
+          resolve2();
+        });
+      });
+    },
+    getQueueStatus() {
+      return queue.getStatus();
+    },
+    address() {
+      const addr = server.address();
+      if (!addr || typeof addr === "string") return null;
+      return { host: addr.address, port: addr.port };
+    }
+  };
+}
+export {
+  JobQueue,
+  appendRecord,
+  buildRecordFromState,
+  createWebhookServer,
+  isAutoMergeEligible,
+  loadConfig,
+  parseIssueBody,
+  parseIssueUrl,
+  parsePRUrl,
+  readRecords,
+  resolveRepoConfig,
+  runCodingAgent,
+  runCommand,
+  runPipeline,
+  runPlanningAgent,
+  runReviewerAgent,
+  runSecurityScanner,
+  runTests,
+  summarize
+};
+//# sourceMappingURL=index.js.map