feat(cli): setup overhaul + archon doctor + complete bundled skill

[Wirasm]

Summary

• Problem: bundled-skill.ts only embeds 18 of 21 skill files; no CI check catches regressions. The setup wizard presents a database prompt (irrelevant — SQLite only), Discord (community-gated), and all platform adapters as mandatory, inflating setup from ~2 required steps to 8+. No archon doctor command exists.
• Why it matters: Binary users silently get an incomplete skill. New users abandon setup before finishing because the flow looks overwhelming. There's no canonical "is my setup healthy?" answer after setup.
• What changed: Fixed bundled-skill.ts to embed all 21 files + added check:bundled-skill CI guard. Rewrote archon setup to remove DB step, remove Discord, make each adapter skippable with explicit "Archon works without this" messaging, validate Claude binary via spawn test, add gh auth status check for GitHub, add security note for Telegram, and show update instructions + doctor offer at the end. Added archon doctor command with a green/red checklist.
• What did not change: Docs reframe (README, installation.md, overview.md) is scoped to a separate PR per the issue. PostgreSQL setup wizard, GitHub App support, and per-platform webhook automation are explicitly out of scope.

UX Journey

Before

archon setup
│
├─ Step 1: AI provider (Claude / Codex)           ← no spawn validation
├─ Step 2: Database (SQLite vs Postgres)           ← irrelevant, confusing
├─ Step 3: Platform multiselect (GitHub/Telegram/Slack/Discord)
│          └─ Feels mandatory; no "skip = OK" messaging
├─ Step 4: Per-platform credential collection
│          └─ Telegram: no security warning on empty allowlist
│          └─ GitHub: no gh auth status check
├─ Step 5: Skill copy (optional)
└─ outro "Setup complete!"

PAIN POINTS:
- CLAUDE_BIN_PATH saved unverified → fails silently at first workflow run
- Telegram bot is wide open to the public if user leaves allowlist empty
- No "did this work?" answer; no update path shown
- Binary users: bundled-skill.ts missing 3 files (good-practices.md,
  parameter-matrix.md, troubleshooting.md)
- No archon doctor command

After

archon setup
│
├─ Step 1: AI provider — validates binary via spawn test before saving
├─ Step 2: GitHub (skippable) — runs gh auth status, offers gh auth login
├─ Step 3: Slack (skippable) — "Archon works as CLI + skill without this"
├─ Step 4: Telegram (skippable) — security note + allowlist warning if empty
├─ Step 5: Skill copy (skippable)
├─ Step 6: [Update Instructions note — always shown]
├─ Step 7: Offer to run archon doctor
└─ outro "Setup complete!"

archon doctor  (new command, re-runnable at any time)
├─ ✓ Claude binary: ~/.local/bin/claude (spawns OK)
├─ ✓ gh CLI: authenticated (or ○ skipped — no GITHUB_TOKEN)
├─ ✓ Database: reachable (SQLite at ~/.archon/archon.db)
├─ ✓ Workspace: ~/.archon/ is writable
├─ ✓ Bundled defaults: workflows + commands loaded
└─ ○ Slack/Telegram: no tokens set (skipped)

bundled-skill.ts: 21/21 files embedded; CI check prevents regression

Architecture Diagram

Before

packages/cli/src/
├─ bundled-skill.ts        (18/21 files — missing 3)
├─ commands/
│   └─ setup.ts            (wizard with DB step + Discord + no spawn validation)
└─ cli.ts                  (no doctor case)

scripts/
└─ generate-bundled-defaults.ts   (check:bundled guard for defaults)
    (no equivalent for bundled-skill)

After

packages/cli/src/
├─ bundled-skill.ts        [~] (21/21 files)
├─ commands/
│   ├─ setup.ts            [~] (no DB, no Discord, spawn-validate, gh auth, Telegram note, doctor offer)
│   ├─ doctor.ts           [+] (new archon doctor command)
│   └─ doctor.test.ts      [+] (tests)
└─ cli.ts                  [~] (doctor case registered, noGitCommands updated)

scripts/
├─ generate-bundled-defaults.ts   (unchanged)
└─ check-bundled-skill.ts  [+] (mirrors check:bundled pattern for bundled-skill.ts)

package.json (root)        [~] (check:bundled-skill added, validate updated)
packages/cli/package.json  [~] (doctor.test.ts added to test batch)

Connection inventory:

From	To	Status	Notes
cli.ts	commands/doctor.ts	new	Dynamic import case 'doctor':
commands/setup.ts	commands/doctor.ts	new	Dynamic import for doctor offer at wizard end
commands/doctor.ts	@archon/paths	new	BUNDLED_IS_BINARY, getArchonHome
commands/doctor.ts	@archon/git	new	execFileAsync for binary + gh probes
commands/doctor.ts	@archon/core/db	new	Lazy import for DB reachability check
commands/setup.ts	@archon/git	new	execFileAsync for spawn test + gh auth
scripts/check-bundled-skill.ts	.claude/skills/archon/	new	Reads skill files to verify coverage
package.json validate script	check-bundled-skill	new	Added to pipeline

Label Snapshot

• Risk: risk: low
• Size: size: M
• Scope: cli
• Module: cli:setup, cli:doctor, cli:bundled-skill

Change Metadata

• Change type: feature
• Primary scope: cli

Linked Issue

• Closes Setup overhaul: binary install primary, dead-simple wizard, archon doctor, embedded skill (v0.3.11) #1494

Validation Evidence (required)

bun run validate

All five checks passed (EXIT=0):

Check	Result
bun run check:bundled	✅ 36 commands, 20 workflows up to date
bun run check:bundled-skill	✅ 21 files up to date
bun run type-check (all 10 packages)	✅ no errors
bun run lint --max-warnings 0	✅ 0 errors, 0 warnings
bun run format:check	✅ all files formatted
bun run test (all packages)	✅ 131 CLI tests pass, 0 failures

Smoke test:

bun --cwd packages/cli src/cli.ts doctor
# Output: 5 ✓ checks, 4 ○ skips, 0 ✗ failures

• Evidence provided: full bun run validate run with exit 0; smoke test of archon doctor in dev mode
• No commands skipped

Security Impact (required)

• New permissions/capabilities? Yes — archon doctor makes optional network probes (Slack auth.test, Telegram getMe) using existing configured tokens. No new token collection.
• New external network calls? Yes — archon doctor optionally pings Slack/Telegram APIs (best-effort, degrade to skip on failure; only run when tokens are already in env)
• Secrets/tokens handling changed? No — tokens read from env only, never logged
• File system access scope changed? No — doctor writes a temp file in ARCHON_HOME then immediately deletes it (writable check)
• Mitigation: All adapter pings are guarded by Promise.allSettled — network failures produce skip not fail. gh auth login is TTY-gated (process.stdout.isTTY) to prevent hangs in CI.

Compatibility / Migration

• Backward compatible? Yes — wizard changes are purely UX (fewer prompts, not different behavior). Existing .env files are untouched.
• Config/env changes? No — no new env vars required. check:bundled-skill is a new script but not user-facing config.
• Database migration needed? No

Human Verification (required)

• Verified scenarios: bun run cli doctor in dev context (5 ✓ checks, 4 ○ skips); full bun run validate suite passing; type-check across all 10 packages
• Edge cases checked: BUNDLED_IS_BINARY = false → Claude check skips cleanly; GITHUB_TOKEN not set → gh auth check skips; empty Telegram allowlist path in setup confirmed to show warning via code review
• What was not verified: interactive archon setup end-to-end in a fresh install (requires a real binary build); gh auth login interactive flow (TTY-gated code path)

Side Effects / Blast Radius (required)

• Affected subsystems: @archon/cli (setup, doctor, bundled-skill), root package.json, scripts/
• Potential unintended effects: bun run validate now takes slightly longer due to check:bundled-skill step (negligible — file scan only). Removing collectDatabaseConfig from setup means any code path that relied on SetupConfig.database will fail to compile — all such paths were updated.
• Guardrails: check:bundled-skill in CI catches any future bundled-skill.ts drift immediately

Rollback Plan (required)

• Fast rollback: git revert b1c49a53 — reverts all changes in this PR atomically
• Feature flags: none — no feature flags used
• Observable failure symptoms: archon setup showing database prompt or Discord = rollback needed; check:bundled-skill exiting 2 = bundled-skill.ts out of sync

Risks and Mitigations

• Risk: setup.ts type errors after removing database from SetupConfig cascade to generateEnvContent and checkExistingConfig

  • Mitigation: All downstream references updated; bun run type-check passes clean across all 10 packages

• Risk: spawnSync('gh', ['auth', 'login']) hangs in non-TTY environments (CI, piped shells)

  • Mitigation: Offer gated on process.stdout.isTTY — the gh auth login call is never reached in non-TTY contexts

• Risk: Adapter pings (Slack, Telegram) fail in environments with restricted outbound network access

  • Mitigation: All pings use Promise.allSettled; network errors produce skip not fail in doctor output

Summary by CodeRabbit

• New Features

  • Added archon doctor command to diagnose environment setup (Claude binary, authentication, database, adapters).
  • Enhanced setup wizard with binary validation and GitHub authentication checks.
  • Setup wizard now auto-generates project configuration when missing.
  • Expanded bundled resources with additional reference guides.

• Documentation

  • Updated CLI documentation with doctor command details.
  • Updated troubleshooting guide with diagnostic reference.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f26d9c0-fbf8-4927-bd29-7b15fdb89820

📥 Commits

Reviewing files that changed from the base of the PR and between 5593498 and 9c6d4c3.

📒 Files selected for processing (13)

• CLAUDE.md
• package.json
• packages/cli/package.json
• packages/cli/src/bundled-skill.ts
• packages/cli/src/cli.ts
• packages/cli/src/commands/doctor.test.ts
• packages/cli/src/commands/doctor.ts
• packages/cli/src/commands/setup.test.ts
• packages/cli/src/commands/setup.ts
• packages/docs-web/src/content/docs/getting-started/overview.md
• packages/docs-web/src/content/docs/reference/cli.md
• packages/docs-web/src/content/docs/reference/troubleshooting.md
• scripts/check-bundled-skill.ts

---

📝 Walkthrough

Walkthrough

This PR implements the setup overhaul from issue #1494, introducing archon doctor for end-to-end setup verification, simplifying the setup wizard (removing database/Discord steps, adding Claude binary spawn validation and gh auth checks), embedding three new reference files in the bundled skill, adding a CI safety script to verify bundled files, and updating documentation and tests accordingly.

Changes

Setup Overhaul & Doctor Command

Layer / File(s)	Summary
Core Doctor Command packages/cli/src/commands/doctor.ts	Implements eight verification checks: Claude binary spawn test, gh auth status, database reachability, workspace directory writability, bundled defaults load, Slack/Telegram token auth pings (best-effort). Uses Promise.allSettled to continue after failures; renders each check with pass/fail/skip icons; returns exit code 0 (all pass) or 1 (any fail).
Doctor Tests packages/cli/src/commands/doctor.test.ts	Comprehensive test suite covering all eight check functions with mocked execFileAsync and fetch; validates pass/fail/skip outcomes, timeout behavior, error message content, and temporary workspace cleanup. Final doctorCommand tests verify exit codes and parallel execution completeness via console.log spy.
Setup Wizard Refactor packages/cli/src/commands/setup.ts	Removes database and Discord steps (SQLite-only, GitHub/Telegram/Slack only). Adds probeClaudeBinarySpawns to validate binaries before save. Adds gh auth status check with optional TTY login flow. Improves Telegram allowlist messaging (no mandatory trap). Introduces bootstrapProjectConfig to create .archon/config.yaml for skill installation. Optionally invokes archon doctor at end.
Setup Tests packages/cli/src/commands/setup.test.ts	Adds bootstrapProjectConfig test suite (creation, idempotency, unwritable-path handling). Refines checkExistingConfig to drop database/Discord assertions. Strengthens generateEnvContent SQLite invariant. Simplifies test inputs by removing redundant database/Discord fields while keeping same assertions.
CLI Wiring packages/cli/src/cli.ts	Imports doctorCommand from ./commands/doctor. Adds doctor to printUsage() output and noGitCommands list. Adds case 'doctor': branch returning await doctorCommand().
Bundled Skill Files packages/cli/src/bundled-skill.ts	Adds three new reference files to BUNDLED_SKILL_FILES: references/good-practices.md, references/parameter-matrix.md, references/troubleshooting.md. Updates file count header from 18 to 21.
Bundled Skill Validator scripts/check-bundled-skill.ts	New Bun script that recursively walks .claude/skills/archon/ and verifies each file exists as a substring in packages/cli/src/bundled-skill.ts. Exits with code 2 (CI) or 1 (default) when files are missing; logs "up to date" on success.
CI Integration package.json, packages/cli/package.json, CLAUDE.md	Adds check:bundled-skill script to root package.json; integrates into validate pipeline. Updates CLI test script to include doctor.test.ts. Updates CLAUDE.md to document new validation step and bun run cli doctor command.
Documentation packages/docs-web/src/content/docs/getting-started/overview.md, packages/docs-web/src/content/docs/reference/cli.md, packages/docs-web/src/content/docs/reference/troubleshooting.md	Adds archon doctor command to CLI reference table with description. Documents doctor command purpose, usage, exit-code behavior, and adapter pings. Updates troubleshooting guide to recommend running archon doctor after setup to verify Claude binary spawns.

Sequence Diagram

sequenceDiagram
    actor User
    participant CLI as archon CLI
    participant Doctor as doctorCommand()
    participant Checks as Check Functions
    participant Claude as Claude Binary
    participant Git as gh CLI
    participant DB as Database
    participant FS as Filesystem
    participant Slack as Slack API
    participant Telegram as Telegram API

    User ->> CLI: archon doctor
    CLI ->> Doctor: dispatch to doctorCommand()
    
    Doctor ->> Checks: start Promise.allSettled([<br/>  checkClaudeBinary,<br/>  checkGhAuth,<br/>  checkDatabase,<br/>  checkWorkspaceWritable,<br/>  checkBundledDefaults,<br/>  checkSlack,<br/>  checkTelegram<br/>])
    
    par Parallel Check Execution
        Checks ->> Claude: execute --version (5s timeout)
        Claude -->> Checks: pass/fail result
    and
        Checks ->> Git: gh auth status (10s timeout)
        Git -->> Checks: pass/fail/skip result
    and
        Checks ->> DB: SELECT 1 query
        DB -->> Checks: pass/fail result
    and
        Checks ->> FS: write/delete temp file
        FS -->> Checks: pass/fail result
    and
        Checks ->> Slack: POST auth.test (5s timeout)
        Slack -->> Checks: pass/fail/skip result
    and
        Checks ->> Telegram: POST getMe (5s timeout)
        Telegram -->> Checks: pass/fail/skip result
    end
    
    Checks -->> Doctor: [CheckResult, CheckResult, ...]
    Doctor ->> Doctor: render all checks (✓/✗/○ icons)
    Doctor ->> Doctor: count failures + rejected promises
    Doctor ->> User: print summary + exit code
    User ->> User: exit 0 (pass) or 1 (fail)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: add archon serve command for one-command web UI install #1011: Both PRs add a new top-level CLI command (doctor vs. serve) and update command dispatch, help text, and noGitCommands handling in packages/cli/src/cli.ts.
• feat(cli): add archon skill install command #1445: Both PRs modify CLI surface and bundled-skill machinery (packages/cli/src/cli.ts, packages/cli/src/bundled-skill.ts, test script configuration), indicating shared CLI/bundling patterns.
• fix(providers): replace Claude SDK embed with explicit binary-path resolver #1217: Both PRs address Claude binary detection, spawn validation, and setup probing logic, creating overlap in binary resolution and validation test coverage.

Poem

🐰 Hops with glee
Setup now simple—no database dance,
Doctor checks all at a glance!
Claude spawns, GitHub auth shines bright,
Bundled skills make binary right! 🎉
Archon's ready—you're all set tonight! 🌙

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch archon/task-fix-issue-1494

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Wirasm]

Comprehensive PR Review

PR: #1566 — feat(cli): setup overhaul + archon doctor + complete bundled skill
Reviewed by: 5 specialized agents (code-review, error-handling, test-coverage, comment-quality, docs-impact)
Date: 2026-05-04

---

Summary

Clean delivery of archon doctor, simplified archon setup (DB prompt and Discord removed), check:bundled-skill CI guard, and completed skill bundle. The Promise.allSettled + CheckResult pattern, network timeouts on every external call, and spyOn-only test isolation are all well-executed. Main concerns are two silent-failure paths in the GitHub auth flow of setup.ts, a misleading writability probe in doctor.ts, misplaced JSDoc blocks, and three stale entries in CLAUDE.md/docs-web.

Verdict: REQUEST_CHANGES

Severity	Count
🔴 CRITICAL	0
🟠 HIGH	3
🟡 MEDIUM	4
🟢 LOW	6

---

🟠 High Issues (Should Fix Before Merge)

H1: Orphaned JSDoc Blocks — collectClaudeBinaryPath Lost Its Docs

📍 packages/cli/src/commands/setup.ts:398-421

Inserting probeClaudeBinarySpawns between an existing JSDoc and collectClaudeBinaryPath left three stacked JSDoc blocks with only the last attached to a function. collectClaudeBinaryPath now has no JSDoc (losing the important "Returns undefined if the user declines" contract note), and the "Collect Claude authentication method" block is orphaned before probeClaudeBinarySpawns.

View fix

Move probeClaudeBinarySpawns (with its own JSDoc) to before the collectClaudeBinaryPath JSDoc:

/**
 * Try to spawn the Claude binary with `--version` to confirm it actually runs.
 * Returns true on success, false on any spawn or non-zero exit. Bounded to 5s
 * so a hung process can't stall setup.
 */
async function probeClaudeBinarySpawns(path: string): Promise<boolean> { ... }

/**
 * Resolve the Claude Code executable path for CLAUDE_BIN_PATH.
 * Auto-detects common install locations and falls back to prompting the user.
 * Returns undefined if the user declines to configure (setup continues; the
 * compiled binary will error with clear instructions on first Claude query).
 */
async function collectClaudeBinaryPath(): Promise<string | undefined> { ... }

---

H2: CLAUDE.md validate Description Says "Five" — Now Runs Six Checks

📍 CLAUDE.md:155

The validate script now runs check:bundled, check:bundled-skill, type-check, lint, format check, and tests. CLAUDE.md still says "All five must pass."

View fix

This runs `check:bundled`, `check:bundled-skill`, type-check, lint, format check, and tests. All six must pass for CI to succeed.

---

H3: CLAUDE.md CLI Section Missing archon doctor

📍 CLAUDE.md (CLI section)

archon doctor is a user-facing, re-runnable health check command. The CLI reference lists every other subcommand but omits it.

View fix

Insert before the # Show version block in the CLI section:

# Verify your Archon setup (Claude binary, gh auth, DB, adapters)
bun run cli doctor

---

🟡 Medium Issues (Consider Fixing)

M1: spawnSync('gh', ...) Return Not Checked — Silent Failure If gh Not Installed

📍 packages/cli/src/commands/setup.ts:933

When the user confirms "Run gh auth login now?", spawnSync return is never inspected. If gh is not installed (ENOENT), spawnSync returns { error: Error('ENOENT') } — but with stdio: 'inherit' nothing reaches the terminal. The user says yes, nothing happens, they don't know why.

View fix

const ghLoginResult = spawnSync('gh', ['auth', 'login'], { stdio: 'inherit' });
if (ghLoginResult.error) {
  log.warning(
    `Could not run gh auth login: ${ghLoginResult.error.message}. ` +
      'Install the gh CLI from https://cli.github.com/ and run it manually.'
  );
}

---

M2: checkWorkspaceWritable Reports "Not Writable" Even When Write Succeeded

📍 packages/cli/src/commands/doctor.ts:100-108

Write and rmSync cleanup share the same try block. If rmSync throws (e.g. EPERM on Windows), the catch reports "${home} not writable" — but the write already succeeded. The status is factually wrong, and a stale .doctor-probe-* file is left behind.

View fix

export async function checkWorkspaceWritable(): Promise<CheckResult> {
  const label = 'Workspace';
  const home = getArchonHome();
  const probe = join(home, `.doctor-probe-${process.pid}-${Date.now()}`);
  try {
    mkdirSync(home, { recursive: true });
    writeFileSync(probe, 'ok');
  } catch (err) {
    return { label, status: 'fail', message: `${home} not writable: ${(err as Error).message}` };
  }
  try {
    rmSync(probe, { force: true });
  } catch {
    // Deletion failure is cosmetic — the write succeeded, so the dir is writable.
  }
  return { label, status: 'pass', message: `${home} is writable` };
}

---

M3: Empty Catch Swallows gh Error in Setup — Can't Distinguish "Not Installed" From "Not Logged In"

📍 packages/cli/src/commands/setup.ts:912-918

The empty catch {} in the gh auth probe means if gh is not installed at all, the user sees "gh CLI is not authenticated" — same as when it's installed but not logged in. These require different fixes (brew install gh vs gh auth login).

View fix

let ghAuthError: string | undefined;
try {
  await execFileAsync('gh', ['auth', 'status'], { timeout: 10_000 });
  ghAuthOk = true;
  ghSpin.stop('gh CLI is authenticated');
} catch (err) {
  const e = err as NodeJS.ErrnoException;
  ghAuthError = e.code === 'ENOENT'
    ? 'gh not found in PATH — install it first (https://cli.github.com)'
    : (e.message ?? 'unknown error');
  ghSpin.stop('gh CLI check failed');
}

if (!ghAuthOk) {
  log.warning(
    `gh auth check failed: ${ghAuthError}\n` +
    (ghAuthError?.includes('not found') ? '' : 'Run: gh auth login')
  );
}

---

M4: docs-web CLI Reference Missing doctor Command

📍 packages/docs-web/src/content/docs/reference/cli.md

reference/cli.md documents every CLI command but has no entry for doctor. Can be folded into the docs-reframe follow-up PR mentioned in the PR description.

View suggested section

Add after ### setup:

### `doctor`

Verify your Archon setup. Runs a checklist: Claude binary spawn, gh CLI auth, database reachability, workspace writability, bundled defaults, and adapter token pings (Slack/Telegram, best-effort).

```bash
archon doctor

Exit code 0 if all checks pass or skip; 1 if any critical check fails. Adapter pings degrade to skip on network errors.

</details>

---

## 🟢 Low Issues

<details>
<summary>View 6 low-priority suggestions</summary>

| Issue | Location | Suggestion |
|-------|----------|------------|
| `check-bundled-skill.ts` substring match passes comment-only references | `scripts/check-bundled-skill.ts:36` | Add comment documenting the limitation; acceptable as-is |
| `doctorCommand` rejection handler prints `undefined` for non-Error rejections | `doctor.ts:207-211` | `s.reason instanceof Error ? s.reason.message : String(s.reason)` |
| `checkSlack`/`checkTelegram` label JSON parse failures as "network error" | `doctor.ts:144-151, 173-178` | Change to `ping skipped (${err.message})` — drop "network error:" prefix |
| Test module comment implies spy on `BUNDLED_IS_BINARY` | `doctor.test.ts:1-8` | Clarify: BUNDLED_IS_BINARY is not spied — it's false in dev builds by default |
| "Skip silently" contradicts visible terminal output | `doctor.ts:66-67` | Change "Skip silently" → "Skip" |
| `checkBundledDefaults` pass/fail paths untested | `doctor.ts:84-125` | Can be tested directly in dev mode (no mocks needed); rating 6/10 |

</details>

---

## ✅ What's Good

- **`Promise.allSettled` + `CheckResult` pattern**: Each check returns a result rather than throwing; `allSettled` provides belt-and-braces protection even though checks already catch their own errors. Well-reasoned and documented.
- **Network timeouts on every external call**: `execFileAsync` gets `timeout: 5000`/`10_000`, fetch gets `AbortSignal.timeout(5000)`. No unbounded waits.
- **Network errors on adapter pings intentionally degrade to `skip`** with explicit comments — correctly documented fallback behavior.
- **`BUNDLED_IS_BINARY` guard in `checkClaudeBinary`** cleanly short-circuits in dev builds, preventing false failures.
- **`spyOn`-only test isolation** in `doctor.test.ts` — avoids `mock.module()` entirely, exactly per CLAUDE.md's Bun mock isolation rules.
- **`checkGhAuth` tests cover all three branches** (skip, pass, fail) — the most critical check is the most thoroughly tested.
- **Discord removal from setup wizard** is clean and consistent across all affected code paths.
- **`check:bundled-skill` in validate pipeline** closes a real CI gap for the hand-maintained `bundled-skill.ts`.
- **Telegram security note** surfaced as a separate note rather than buried in setup instructions — clear UX improvement.
- **`doctor.ts` module docblock** is exemplary: covers what's checked, exit-code contract, network-degradation behavior, and setup integration.

---

## 📋 Suggested Follow-up Issues

| Issue Title | Priority |
|-------------|----------|
| Add `archon doctor` to docs-web CLI reference | P2 |
| Improve `checkSlack`/`checkTelegram` test coverage (pass/fail paths) | P3 |

---

*Reviewed by Archon comprehensive-pr-review workflow*
*Full artifacts: `/Users/rasmus/.archon/workspaces/coleam00/Archon/artifacts/runs/5cb3c4395ee03a7bc2f90fcff546f3e4/review/`*

[Wirasm]

⚡ Self-Fix Report (Aggressive)

Status: COMPLETE
Pushed: ✅ Changes pushed to archon/task-fix-issue-1494
Commit: 63b798d
Philosophy: Fix everything unless clearly a new concern

---

Fixes Applied (13 total)

Severity	Count
🟠 HIGH	3
🟡 MEDIUM	4
🟢 LOW	6

View all fixes

HIGH

• ✅ Orphaned JSDoc blocks (setup.ts:398-421) — Removed 3 stacked blocks; restored correct JSDoc above collectClaudeBinaryPath and collectClaudeAuth
• ✅ CLAUDE.md validate "five" → "six" (CLAUDE.md:155) — Updated count and added check:bundled-skill to description
• ✅ CLAUDE.md missing archon doctor (CLI section) — Added bun run cli doctor example

MEDIUM

• ✅ spawnSync return not checked (setup.ts:933) — Check ghLoginResult.error, warn with install instructions on failure
• ✅ checkWorkspaceWritable false negative (doctor.ts:100-108) — Separated rmSync into its own try/catch; cleanup failure no longer flips status to fail
• ✅ Empty catch swallows gh error reason (setup.ts:912-918) — Check ENOENT to distinguish "gh not installed" from "gh not authenticated"; distinct messages
• ✅ docs-web CLI reference missing doctor (reference/cli.md) — Added ### doctor section after ### setup

LOW

• ✅ doctorCommand rejection handler undefined output (doctor.ts:207-211) — Use String(s.reason) fallback + log.error for debug trail
• ✅ "network error" label for JSON parse failures (doctor.ts:144-178) — Dropped "network error: " prefix from Slack/Telegram catch message
• ✅ "Skip silently" wording (doctor.ts:66-67) — Changed to "Skip"
• ✅ Test module comment BUNDLED_IS_BINARY inaccuracy (doctor.test.ts:1-8) — Clarified that it's not spied; false in dev builds by default
• ✅ check-bundled-skill.ts substring check undocumented (scripts/check-bundled-skill.ts:36) — Added NOTE comment documenting the limitation
• ✅ checkBundledDefaults has no test (doctor.ts:111-125) — Added test; passes in dev mode without mocks

---

Tests Added

• checkBundledDefaults: returns pass with workflow and command counts in dev mode in doctor.test.ts

---

Skipped (0)

(none — all findings addressed)

---

Validation

✅ Type check | ✅ Lint | ✅ Tests (9 passed in doctor.test.ts, 0 failures across full suite)

---

Self-fix · aggressive mode · fixes pushed to archon/task-fix-issue-1494

[Wirasm]

PR Review Summary — multi-agent (#1566)

Six specialized agents reviewed the diff (code, docs, tests, errors, types, comments). Findings below.

Critical Issues

None — no data-loss or unsafe-fallback issues.

Important Issues (10 found)

Agent	Issue	Location
silent-failure-hunter	gh auth login spawnSync checks .error (spawn failure) but not .status (process exit code). User cancels OAuth → setup prints "Configuration Complete" with GitHub listed as configured even though auth failed.	packages/cli/src/commands/setup.ts:1071-1079
silent-failure-hunter	probeClaudeBinarySpawns bare catch {} discards error reason. Caller warns "Could not spawn — saving anyway" with no hint whether it was ENOENT, exec format, perms, or timeout — and saves the path regardless.	packages/cli/src/commands/setup.ts:965-972
silent-failure-hunter	checkDatabase single broad catch wraps both import('@archon/core') and pool.query. Module-load failure surfaces as "Database not reachable: Cannot find module …" — misleads user into "Run archon setup" when fix is a binary rebuild.	packages/cli/src/commands/doctor.ts:357-367
silent-failure-hunter	checkWorkspaceWritable empty catch {} on rmSync. Repeated doctor runs can leave .doctor-probe-* files with no diagnostic trace; needs a warn log.	packages/cli/src/commands/doctor.ts:380-384
code-reviewer	bootstrapProjectConfig does existsSync → writeFileSync without { flag: 'wx' }. TOCTOU race can silently overwrite user config (concurrent setup runs, manual edit during prompt). Use exclusive-create + EEXIST handling.	packages/cli/src/commands/setup.ts (bootstrapProjectConfig)
code-reviewer	case 'doctor': uses await import('./commands/doctor') while every other peer command (setup, serve, skill install, validate) is statically imported. No documented justification. Convert to static import for consistency.	packages/cli/src/cli.ts:614
pr-test-analyzer	checkClaudeBinary binary-mode path entirely untested — only the dev-mode skip is exercised. Spawn timeout/args/error formatting can ship broken. Inject BUNDLED_IS_BINARY or extract a probe helper.	packages/cli/src/commands/doctor.ts:310-334
pr-test-analyzer	checkDatabase has zero tests — no SQLite/Postgres path, no failure path. Inject pool/getDatabaseType.	packages/cli/src/commands/doctor.ts:355-367
pr-test-analyzer	checkSlack / checkTelegram only skip-path tested. Pass / fail / network-error→skip branches all uncovered. Use spyOn(globalThis, 'fetch').	packages/cli/src/commands/doctor.ts:403-456
docs-impact	cli.md quick-start note "The version, help, chat, setup, serve commands work anywhere." After PR doctor is in the no-git list and missing here.	packages/docs-web/src/content/docs/reference/cli.md:53

Suggestions (6 found)

Agent	Suggestion	Location
code-reviewer	Add explicit test for the GH_TOKEN-only path so the `
docs-impact	CLAUDE.md bundled-defaults note still says only check:bundled runs in validate; should mention check:bundled-skill too.	CLAUDE.md:726
docs-impact	overview.md CLI command table omits archon doctor row.	packages/docs-web/src/content/docs/getting-started/overview.md:310
docs-impact	troubleshooting.md "Claude Code not found" — add note pointing to archon doctor for verification.	packages/docs-web/src/content/docs/reference/troubleshooting.md:314
pr-test-analyzer	Add assertion that doctorCommand exits non-zero on failures and that Promise.allSettled rejected branch is counted as failure.	packages/cli/src/commands/doctor.ts:463-499
type-design-analyzer	Collapse platforms.X: boolean + X?: XConfig into platforms.X: XConfig | null. Removes redundant double-guards in generateEnvContent. Pre-existing pattern, not introduced by this PR.	packages/cli/src/commands/setup.ts (SetupConfig)

Comment cleanup (4 noise comments)

• packages/cli/src/commands/setup.ts ~1428 — "Offer to verify with archon doctor…" restates visible code + duplicates file-top docstring contract. Delete.
• packages/cli/src/commands/setup.ts ~1419 — "Update instructions — always shown…" restates note() directly below. Delete.
• packages/cli/src/commands/setup.ts ~1338 — "Fresh or update mode - collect everything…" restates branch label. Trim to the parenthetical or delete.
• packages/cli/src/commands/doctor.test.ts:177-180 — Inline BUNDLED_IS_BINARY comment duplicates the file-top docstring. Delete.

Strengths

• BootstrapProjectConfigResult discriminated union ('created' | 'existed' | 'failed' with error only on failed) is a clean type and the best new shape in the PR.
• spyOn-only test strategy (no mock.module()) is correct per project rules; placement in batch 1 alongside setup.test.ts is appropriate.
• writeScopedEnv has thorough behavioural coverage — merge semantics, force+backup, whitespace preservation, cross-scope isolation.
• Promise.allSettled in doctorCommand properly logs rejected reasons via structured logger (getLog().error(...)) and prints to console — error reason is preserved.
• clack required: true workaround (setup.ts:1118-1120) documents a real third-party quirk — exactly the WHY-non-obvious comment the project guidelines call for.
• database removal is clean — no orphan database?: field, no dead branches in generateEnvContent.
• gh auth login is correctly TTY-gated against CI hangs.
• check-bundled-skill.ts mirrors the existing check:bundled pattern cleanly.

Verdict

NEEDS FIXES — no critical blockers, but 10 important issues. The gh auth login exit-code gap and the bootstrapProjectConfig TOCTOU are the highest-leverage fixes (correctness contract violations, not just diagnostics). The doctor test gaps undermine the PR's safety-net story — archon doctor is the user-facing "is my setup OK?" answer; its core branches need coverage before this stops being a draft.

Recommended Actions (in order)

1. Check ghLoginResult.status !== 0 after spawnSync('gh', ['auth', 'login']) — surface non-zero as a warning instead of declaring success.
2. Make probeClaudeBinarySpawns return { ok, reason } so the warning includes the spawn-failure reason.
3. Use writeFileSync(..., { flag: 'wx' }) in bootstrapProjectConfig and catch EEXIST → state: 'existed'.
4. Split checkDatabase into separate try blocks for the import vs the query so the messages distinguish module-load failure from connectivity failure.
5. Add a warn log in the checkWorkspaceWritable rmSync catch.
6. Convert cli.ts doctor case to a static import.
7. Add tests for checkClaudeBinary binary mode, checkDatabase, and the checkSlack/checkTelegram pass + fail + network-error branches. Add doctorCommand exit-code assertion and Promise.allSettled rejection-path assertion.
8. Update cli.md:53, CLAUDE.md:726, overview.md:310, troubleshooting.md:314.
9. Remove the four noise comments.
10. Optional: collapse platforms boolean/optional pairs into nullable config fields.