feat: Phase 3a — auto-adopt untracked PRs into supervisor pipeline

[marcusquinn]

Summary

• Adds Phase 3a to the supervisor pulse cycle: automatic adoption of untracked PRs
• PRs created in interactive sessions (not via worker dispatch) are now automatically discovered and managed by the supervisor
• Adopted PRs flow through the normal Phase 3 lifecycle: review triage → merge → verify → clean up

Problem

When a human or interactive AI session creates a PR, the supervisor has no knowledge of it. The PR must be manually merged, and the supervisor can't:

• Run review triage (CodeRabbit, Codacy, SonarCloud thread analysis)
• Auto-merge when CI passes
• Run post-merge verification
• Clean up worktrees

This is especially problematic for self-improvement PRs where the supervisor's AI reasoning identified the problem but the fix was implemented interactively.

Solution

Phase 3a (adopt_untracked_prs()) runs before Phase 3 in each pulse cycle:

1. Lists open PRs for each tracked repo via gh pr list
2. Extracts task ID from PR title (tNNN: description pattern)
3. Checks if the PR is already tracked in the supervisor DB
4. If not tracked:
   • Existing task in DB: Links the PR URL and transitions to complete
   • New task (in TODO.md only): Creates a DB entry with status=complete, model=interactive
5. Phase 3 then processes the adopted PR through the normal lifecycle

Safety

• Only adopts PRs with task IDs in the title (convention: tNNN: description)
• Skips PRs that are already tracked
• Skips task IDs not found in TODO.md (won't adopt random external PRs)
• Uses INSERT (not INSERT OR REPLACE) so it can't overwrite existing tasks
• Rate-limited to 20 PRs per repo per pulse

Testing

• bash -n: syntax OK
• ShellCheck: zero new violations
• Deployed to ~/.aidevops/agents/scripts/supervisor/

Summary by CodeRabbit

• New Features
  • Automated detection and integration of untracked pull requests into the supervisor pipeline. The system automatically scans repositories, identifies untracked pull requests with task identifiers, matches them to corresponding tracked tasks, consolidates duplicate entries, and manages pull requests through standard review, merge, and verification workflows when integration tools are available.

[coderabbitai]

Walkthrough

A new Phase 3a workflow is introduced in the supervisor pipeline to automatically adopt untracked open PRs from monitored repositories. The workflow extracts task IDs from PR titles, checks the task database for matches, and either links to existing tasks or creates new entries before integrating them into the standard review and merge lifecycle.

Changes

Cohort / File(s)	Summary
PR Adoption Workflow .agents/scripts/supervisor/pulse.sh	Introduces Phase 3a PR adoption logic via adopt_untracked_prs() function. Scans open PRs for task IDs, reconciles with task DB, links or creates task entries, and logs adoption events. Function is defined and invoked at multiple Phase 3a insertion points. Note: Function definition appears duplicated in multiple locations within the file.

Sequence Diagram(s)

sequenceDiagram
    participant Supervisor as Supervisor Pipeline
    participant GH as gh CLI
    participant DB as Task Database
    participant Repo as Repository (TODO.md)
    participant Batch as Active Batch

    Supervisor->>GH: Scan open PRs (Phase 3a)
    GH-->>Supervisor: PR list with titles
    
    loop For each PR
        Supervisor->>Supervisor: Extract task ID from PR title
        alt Valid task ID found
            Supervisor->>DB: Check for existing PR URL match
            alt PR URL exists in DB
                Supervisor->>DB: Link/update task, set status complete
            else PR URL not found
                Supervisor->>DB: Check if task ID exists & is linkable
                alt Task ID in DB
                    Supervisor->>DB: Update pr_url, mark complete
                else Task ID not in DB
                    Supervisor->>Repo: Verify TODO.md exists
                    Repo-->>Supervisor: Task description from TODO.md
                    Supervisor->>DB: Create new task entry
                    Supervisor->>Batch: Associate with active batch
                end
            end
            Supervisor->>Supervisor: Log adoption event, increment counter
        else No valid task ID
            Supervisor->>Supervisor: Skip PR
        end
    end
    
    Supervisor-->>Supervisor: Log total adopted PRs

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

📋 Orphaned PRs, now given a home,
Phase 3a waves its automation wand,
Task IDs extracted from titles they roam,
Database embraces what was once withdrawn,
The pipeline flows complete and strong! 🚀

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: introduction of Phase 3a to auto-adopt untracked PRs into the supervisor pipeline, which aligns with the 183-line addition to pulse.sh.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/pr-adoption

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical gap where Pull Requests created manually or through interactive AI sessions were not managed by the supervisor. By implementing a new 'Phase 3a', the system can now automatically discover and integrate these untracked PRs into its existing lifecycle, ensuring they benefit from automated review, merging, verification, and cleanup processes. This enhancement significantly improves the supervisor's ability to manage all relevant development tasks, especially for self-improvement PRs.

Highlights

• Automatic PR Adoption: Introduced 'Phase 3a' to the supervisor pulse cycle, enabling automatic adoption of untracked Pull Requests.
• Interactive Session PR Management: Pull Requests created in interactive sessions (not via worker dispatch) are now automatically discovered and managed by the supervisor.
• Integrated Lifecycle: Adopted PRs seamlessly flow through the normal Phase 3 lifecycle, including review triage, auto-merge, post-merge verification, and worktree cleanup.
• Robust Adoption Criteria: PRs are adopted only if they have a task ID in the title (e.g., 'tNNN:'), are not already tracked, and have a matching open task in TODO.md, with rate-limiting applied.

Changelog

• .agents/scripts/supervisor/pulse.sh
  • Added a new Phase 3a to the cmd_pulse function, which calls adopt_untracked_prs to automatically discover and manage untracked PRs.
  • Implemented the adopt_untracked_prs function, which iterates through tracked repositories, lists open PRs, extracts task IDs from PR titles, and either links existing tasks or creates new ones in the supervisor database for untracked PRs that match specific criteria.

Activity

• No specific activity (comments, reviews, progress) was provided in the context for this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 24 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Wed Feb 18 16:57:13 UTC 2026: Code review monitoring started
Wed Feb 18 16:57:13 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 24

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 24
• VULNERABILITIES: 0

Generated on: Wed Feb 18 16:57:16 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request introduces a valuable feature for automatically adopting interactively-created pull requests into the supervisor's management pipeline. The implementation is well-structured and includes good commentary. My review includes one high-severity security concern regarding SQL query construction, which violates both the repository style guide and an established rule for preventing SQL injection. Additionally, there are two medium-severity suggestions to improve maintainability and efficiency by refactoring a loop and extracting a hardcoded value into a constant.

[gemini-code-assist]

This method of constructing SQL queries by embedding escaped variables is vulnerable to SQL injection if the sql_escape function is flawed. It also violates the repository style guide, which states: 'Use parameterized queries where possible' (line 25).

References

1. The code constructs SQL queries using string interpolation with an escape function, which is not as secure as using parameterized queries. The style guide recommends using parameterized queries where possible to prevent SQL injection vulnerabilities. ^(link)
2. To prevent SQL injection in shell scripts using sqlite3, create a helper function that uses .param set for safe parameterized bindings instead of direct string interpolation.

[gemini-code-assist]

The hardcoded limit 20 for the number of pull requests to fetch should be extracted into a constant for better readability and maintainability. This makes it easier to find and change in the future.

You can define it at the top of the adopt_untracked_prs function:

local -r MAX_PRS_TO_ADOPT=20

Suggested change

	open_prs=$(gh pr list --repo "$repo_slug" --state open --limit 20 \
	--json number,title,url 2>/dev/null || echo "[]")
	open_prs=$(gh pr list --repo "$repo_slug" --state open --limit "$MAX_PRS_TO_ADOPT" \
	--json number,title,url 2>/dev/null || echo "[]")

[gemini-code-assist]

This loop is inefficient as it calls jq multiple times for every pull request. A more efficient and idiomatic approach is to use a single jq command to format all the data and pipe it to a while read loop. Using process substitution (< <(...)) also avoids running the loop in a subshell, ensuring that variables like adopted_count are correctly modified in the current shell context.

while IFS=$'\t' read -r pr_number pr_title pr_url; do
			# Extract task ID from PR title (pattern: tNNN: or tNNN.N:)
			local task_id=""
			if [[ "$pr_title" =~ ^(t[0-9]+(\.[0-9]+)?):\ .* ]]; then
				task_id="${BASH_REMATCH[1]}"
			fi

			if [[ -z "$task_id" ]]; then
				continue
			fi

			# Check if this PR is already tracked in the DB
			local existing_pr
			existing_pr=$(db "$SUPERVISOR_DB" "
				SELECT id FROM tasks
				WHERE pr_url = '$(sql_escape "$pr_url")'
				LIMIT 1;
			" 2>/dev/null || echo "")

			if [[ -n "$existing_pr" ]]; then
				continue
			fi

			# Check if this task ID is already in the DB (worker-dispatched)
			local existing_task
			existing_task=$(db "$SUPERVISOR_DB" "
				SELECT id, status FROM tasks
				WHERE id = '$(sql_escape "$task_id")'
				LIMIT 1;
			" 2>/dev/null || echo "")

			if [[ -n "$existing_task" ]]; then
				# Task exists but doesn't have this PR URL — link it
				local existing_status
				existing_status=$(echo "$existing_task" | cut -d'|' -f2)
				# Only link if the task is in a state where a PR makes sense
				if [[ "$existing_status" =~ ^(queued|running|evaluating|retrying|complete)$ ]]; then
					db "$SUPERVISOR_DB" "
						UPDATE tasks
						SET pr_url = '$(sql_escape "$pr_url")',
						    status = 'complete',
						    updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
						WHERE id = '$(sql_escape "$task_id")';
					" 2>/dev/null || true
					log_info "Phase 3a: Linked PR #$pr_number to existing task $task_id (was: $existing_status)"
					adopted_count=$((adopted_count + 1))
				fi
				continue
			fi

			# Task not in DB — check if it exists in TODO.md
			local todo_file="$repo_path/TODO.md"
			if [[ ! -f "$todo_file" ]]; then
				continue
			fi

			local todo_line
			todo_line=$(grep -E "^[[:space:]]*- \[ |x|-\] $task_id " "$todo_file" 2>/dev/null | head -1 || true)

			if [[ -z "$todo_line" ]]; then
				continue
			fi

			# Extract description from TODO.md
			local description
			description=$(echo "$todo_line" | sed -E 's/^[[:space:]]*- \[ |x|-\] [^ ]* //' || true)

			# Adopt: create a DB entry with status=complete and the PR URL
			# Phase 3 will then process it through review → merge → verify
			local batch_id_for_adopt=""
			# Find the active batch for this repo to associate the task
			batch_id_for_adopt=$(db "$SUPERVISOR_DB" "
				SELECT b.id FROM batches b
				WHERE b.status IN ('active', 'running')
				ORDER BY b.created_at DESC
				LIMIT 1;
			" 2>/dev/null || echo "")

			db "$SUPERVISOR_DB" "
				INSERT INTO tasks (id, status, description, repo, pr_url, model, max_retries, created_at, updated_at)
				VALUES (
					'$(sql_escape "$task_id")',
					'complete',
					'$(sql_escape "$description")',
					'$(sql_escape "$repo_path")',
					'$(sql_escape "$pr_url")',
					'interactive',
					0,
					strftime('%Y-%m-%dT%H:%M:%SZ', 'now'),
					strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
				);
			" 2>/dev/null || {
				log_warn "Phase 3a: Failed to insert task $task_id (may already exist)"
				continue
			}

			# Associate with active batch if one exists
			if [[ -n "$batch_id_for_adopt" ]]; then
				db "$SUPERVISOR_DB" "
					INSERT OR IGNORE INTO batch_tasks (batch_id, task_id)
					VALUES ('$(sql_escape "$batch_id_for_adopt")', '$(sql_escape "$task_id")');
				" 2>/dev/null || true
			fi

			log_success "Phase 3a: Adopted PR #$pr_number ($pr_url) as task $task_id"
			adopted_count=$((adopted_count + 1))
		 done < <(printf '%s' "$open_prs" | jq -r '.[] | [.number, .title, .url] | @tsv')

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

.agents/scripts/supervisor/pulse.sh (2)

2277-2283: Missing state_log entry for the existing-task link path.

Every other state transition in the pulse writes to state_log (and often proof_log) so that audit queries, batch completion checks, and Phase 14 AI self-reflection have a complete picture. The UPDATE … SET status='complete' path here is silent — if a task mysteriously appears in complete state with a new pr_url, there is no log record of when or why Phase 3a intervened.

Add a state_log INSERT after the UPDATE (and a matching one after the INSERT at line 2331).

♻️ Proposed additions

 				db "$SUPERVISOR_DB" "
 					UPDATE tasks
 					SET pr_url = '$(sql_escape "$pr_url")',
 					    status = 'complete',
 					    updated_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
 					WHERE id = '$(sql_escape "$task_id")';
 				" 2>/dev/null || true
+				db "$SUPERVISOR_DB" "
+					INSERT INTO state_log (task_id, from_state, to_state, timestamp, reason)
+					VALUES ('$(sql_escape "$task_id")', '$existing_status', 'complete',
+						strftime('%Y-%m-%dT%H:%M:%SZ', 'now'),
+						'Phase 3a: linked untracked PR #$pr_number ($pr_url)');
+				" 2>/dev/null || true

Apply a similar INSERT INTO state_log after the main INSERT INTO tasks at line 2331.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/pulse.sh around lines 2277 - 2283, The UPDATE
path that sets tasks.status='complete' and pr_url in the db("$SUPERVISOR_DB")
block is missing a corresponding audit entry; after the UPDATE (the block that
uses sql_escape "$pr_url" and sql_escape "$task_id") add an INSERT INTO
state_log recording task_id, old_state (or 'existing-task'),
new_state='complete', actor='phase_3a' (or appropriate actor), and timestamp
(strftime('%Y-%m-%dT%H:%M:%SZ','now')) so the transition is auditable; likewise,
add a matching INSERT INTO state_log immediately after the other INSERT INTO
tasks block (the main task creation path) so both the UPDATE-overwrite and the
initial INSERT produce state_log entries.

---

2233-2239: Triple jq subprocesses per PR; a single invocation covers all three fields.

With the 20-PR cap this is negligible, but three printf | jq fork-execs per iteration is avoidable.

♻️ Proposed refactor — single jq pass, TSV output

-		local i=0
-		while [[ "$i" -lt "$pr_count" ]]; do
-			local pr_number pr_title pr_url
-			pr_number=$(printf '%s' "$open_prs" | jq -r ".[$i].number" 2>/dev/null || echo "")
-			pr_title=$(printf '%s' "$open_prs" | jq -r ".[$i].title" 2>/dev/null || echo "")
-			pr_url=$(printf '%s' "$open_prs" | jq -r ".[$i].url" 2>/dev/null || echo "")
-			i=$((i + 1))
+		while IFS=$'\t' read -r pr_number pr_title pr_url; do
+			[[ -z "$pr_number" ]] && continue

And replace the closing done with:

-		done
+		done < <(printf '%s' "$open_prs" | jq -r '.[] | [.number, .title, .url] | `@tsv`' 2>/dev/null || true)

Note: @tsv escapes tab/newline characters within field values, so PR titles containing tabs are handled safely.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/pulse.sh around lines 2233 - 2239, The loop
currently runs three separate printf|jq calls per PR to populate pr_number,
pr_title and pr_url; replace those with a single jq invocation that emits the
three fields as a TSV and read them into pr_number/pr_title/pr_url in one step
(e.g. use jq -r ".[$i] | [.number, .title, .url] | `@tsv`" against $open_prs and
then read the tab-separated output into the three variables), and update the
loop’s closing/done handling accordingly so the single read feeds the variables
and preserves proper escaping of tabs/newlines in titles.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/supervisor/pulse.sh:
- Around line 2271-2288: The code currently forces tasks with existing_status
matching (queued|running|evaluating|retrying|complete) to be marked complete and
linked to the PR, which can orphan live workers; update the conditional in the
pulse.sh block that checks existing_status (the regex match used around the
UPDATE for task_id/pr_url and the log_info line "Phase 3a: Linked PR") to remove
"running" and "evaluating" from the allowlist so only tasks in queued, retrying,
or complete are auto-linked; keep the rest of the update and adopted_count
increment logic unchanged and ensure the conditional uses the updated regex to
prevent hijacking in-flight work.
- Around line 2296-2300: The grep regex is treating dots in $task_id as
wildcards, so update the code that sets todo_line to escape dots in the task id
before interpolation; e.g. create an escaped variable like
escaped_task_id=${task_id//./\\.} and use grep -E "^[[:space:]]*- \\[( |x|-)\\]
$escaped_task_id " "$todo_file" to ensure literal dots are matched (refer to
todo_line, $task_id, grep -E and $todo_file in the diff).
- Around line 2309-2316: The batch lookup currently selects the most-recent
active batch across all repos; update the SQL in the db call that sets
batch_id_for_adopt to restrict batches to the current repo by adding an EXISTS
subquery that joins batch_tasks bt to tasks t and matches t.repo = '$(sql_escape
"$repo_path")' (same pattern used in cron.sh/state.sh). Keep the surrounding
variable (batch_id_for_adopt), db invocation and SUPERVISOR_DB usage unchanged;
only modify the WHERE clause to add the EXISTS(...) repo filter so an adopted
task is associated only with a batch containing tasks from the same repo.

---

Nitpick comments:
In @.agents/scripts/supervisor/pulse.sh:
- Around line 2277-2283: The UPDATE path that sets tasks.status='complete' and
pr_url in the db("$SUPERVISOR_DB") block is missing a corresponding audit entry;
after the UPDATE (the block that uses sql_escape "$pr_url" and sql_escape
"$task_id") add an INSERT INTO state_log recording task_id, old_state (or
'existing-task'), new_state='complete', actor='phase_3a' (or appropriate actor),
and timestamp (strftime('%Y-%m-%dT%H:%M:%SZ','now')) so the transition is
auditable; likewise, add a matching INSERT INTO state_log immediately after the
other INSERT INTO tasks block (the main task creation path) so both the
UPDATE-overwrite and the initial INSERT produce state_log entries.
- Around line 2233-2239: The loop currently runs three separate printf|jq calls
per PR to populate pr_number, pr_title and pr_url; replace those with a single
jq invocation that emits the three fields as a TSV and read them into
pr_number/pr_title/pr_url in one step (e.g. use jq -r ".[$i] | [.number, .title,
.url] | `@tsv`" against $open_prs and then read the tab-separated output into the
three variables), and update the loop’s closing/done handling accordingly so the
single read feeds the variables and preserves proper escaping of tabs/newlines
in titles.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Force-completing running/evaluating tasks can orphan active worker processes.

When existing_status is running, the UPDATE at line 2277 sets status='complete' while the worker process is still alive. Phase 4's health check skips tasks whose DB status is not running/dispatched, so the worker is no longer supervised. It continues executing — making commits, API calls — until it either exits naturally or Phase 4e's PPID=1 sweep eventually catches it.

evaluating is less severe (no live worker) but still bypasses the normal evaluation/outcome flow.

Remove running and evaluating from the allowlist; these states indicate in-flight work that shouldn't be hijacked.

🐛 Proposed fix

-			if [[ "$existing_status" =~ ^(queued|running|evaluating|retrying|complete)$ ]]; then
+			if [[ "$existing_status" =~ ^(queued|retrying|complete)$ ]]; then

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/pulse.sh around lines 2271 - 2288, The code
currently forces tasks with existing_status matching
(queued|running|evaluating|retrying|complete) to be marked complete and linked
to the PR, which can orphan live workers; update the conditional in the pulse.sh
block that checks existing_status (the regex match used around the UPDATE for
task_id/pr_url and the log_info line "Phase 3a: Linked PR") to remove "running"
and "evaluating" from the allowlist so only tasks in queued, retrying, or
complete are auto-linked; keep the rest of the update and adopted_count
increment logic unchanged and ensure the conditional uses the updated regex to
prevent hijacking in-flight work.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Unescaped . in extended regex: subtask IDs like t123.4 match any character in that position.

grep -E treats . in $task_id as a wildcard, so t123.4 would also match a line containing t123X4. Escape the dot before interpolation.

🛡️ Proposed fix

+		local escaped_task_id
+		escaped_task_id=$(printf '%s' "$task_id" | sed 's/\./\\./g')
 		todo_line=$(grep -E "^[[:space:]]*- \[( |x|-)\] $task_id " "$todo_file" 2>/dev/null | head -1 || true)
+		todo_line=$(grep -E "^[[:space:]]*- \[( |x|-)\] $escaped_task_id " "$todo_file" 2>/dev/null | head -1 || true)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/pulse.sh around lines 2296 - 2300, The grep regex
is treating dots in $task_id as wildcards, so update the code that sets
todo_line to escape dots in the task id before interpolation; e.g. create an
escaped variable like escaped_task_id=${task_id//./\\.} and use grep -E
"^[[:space:]]*- \\[( |x|-)\\] $escaped_task_id " "$todo_file" to ensure literal
dots are matched (refer to todo_line, $task_id, grep -E and $todo_file in the
diff).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Step 1: Locate and read the pulse.sh file around lines 2309-2316
wc -l .agents/scripts/supervisor/pulse.sh

Repository: marcusquinn/aidevops

Length of output: 104

---

🏁 Script executed:

# Step 2: Read the specific section in question
sed -n '2300,2325p' .agents/scripts/supervisor/pulse.sh

Repository: marcusquinn/aidevops

Length of output: 955

---

🏁 Script executed:

# Step 3: Search for CREATE TABLE statements to understand schema
rg "CREATE TABLE" --type sh -A 10

Repository: marcusquinn/aidevops

Length of output: 50376

---

🏁 Script executed:

# Step 4: Search for how other batch queries are structured in the codebase
rg "SELECT.*FROM.*batches" --type sh -A 3 -B 2

Repository: marcusquinn/aidevops

Length of output: 17112

---

🏁 Script executed:

# Step 5: Look for how repo filtering is typically done
rg "batch_tasks" --type sh -A 3

Repository: marcusquinn/aidevops

Length of output: 15281

---

🏁 Script executed:

# Check if there are other places in pulse.sh where batch_id_for_adopt is used
grep -n "batch_id_for_adopt" .agents/scripts/supervisor/pulse.sh | head -20

Repository: marcusquinn/aidevops

Length of output: 284

---

🏁 Script executed:

# Verify the batches table definition in the actual database schema
grep -A 15 "CREATE TABLE IF NOT EXISTS batches" .agents/scripts/supervisor/database.sh

Repository: marcusquinn/aidevops

Length of output: 838

---

🏁 Script executed:

# Check the context around lines 2309-2316 to see what repo_path is
sed -n '2295,2345p' .agents/scripts/supervisor/pulse.sh

Repository: marcusquinn/aidevops

Length of output: 1761

---

Batch lookup is not scoped to the current repo — cross-repo contamination in multi-repo setups.

The query at lines 2311–2318 picks the most-recently-created active batch across ALL repos. In a multi-repo deployment, a task adopted from repo A will be inserted into repo B's active batch, skewing batch progress counters and potentially triggering that batch's completion actions (retrospective, distillation, auto-release) prematurely.

Filter by repo by joining through batch_tasks and tasks. Since batches has no repo column, use EXISTS (SELECT 1 FROM batch_tasks bt JOIN tasks t ON bt.task_id = t.id WHERE bt.batch_id = b.id AND t.repo = '$(sql_escape "$repo_path")') to match the pattern used throughout the codebase (cron.sh, state.sh).

♻️ Proposed fix

-			batch_id_for_adopt=$(db "$SUPERVISOR_DB" "
-				SELECT b.id FROM batches b
-				WHERE b.status IN ('active', 'running')
-				ORDER BY b.created_at DESC
-				LIMIT 1;
-			" 2>/dev/null || echo "")
+			batch_id_for_adopt=$(db "$SUPERVISOR_DB" "
+				SELECT b.id FROM batches b
+				WHERE b.status IN ('active', 'running')
+				  AND EXISTS (
+				    SELECT 1 FROM batch_tasks bt
+				    JOIN tasks t ON bt.task_id = t.id
+				    WHERE bt.batch_id = b.id
+				      AND t.repo = '$(sql_escape "$repo_path")'
+				  )
+				ORDER BY b.created_at DESC
+				LIMIT 1;
+			" 2>/dev/null || echo "")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	local batch_id_for_adopt=""
	# Find the active batch for this repo to associate the task
	batch_id_for_adopt=$(db "$SUPERVISOR_DB" "
	SELECT b.id FROM batches b
	WHERE b.status IN ('active', 'running')
	ORDER BY b.created_at DESC
	LIMIT 1;
	" 2>/dev/null || echo "")
	local batch_id_for_adopt=""
	# Find the active batch for this repo to associate the task
	batch_id_for_adopt=$(db "$SUPERVISOR_DB" "
	SELECT b.id FROM batches b
	WHERE b.status IN ('active', 'running')
	AND EXISTS (
	SELECT 1 FROM batch_tasks bt
	JOIN tasks t ON bt.task_id = t.id
	WHERE bt.batch_id = b.id
	AND t.repo = '$(sql_escape "$repo_path")'
	)
	ORDER BY b.created_at DESC
	LIMIT 1;
	" 2>/dev/null || echo "")

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/pulse.sh around lines 2309 - 2316, The batch
lookup currently selects the most-recent active batch across all repos; update
the SQL in the db call that sets batch_id_for_adopt to restrict batches to the
current repo by adding an EXISTS subquery that joins batch_tasks bt to tasks t
and matches t.repo = '$(sql_escape "$repo_path")' (same pattern used in
cron.sh/state.sh). Keep the surrounding variable (batch_id_for_adopt), db
invocation and SUPERVISOR_DB usage unchanged; only modify the WHERE clause to
add the EXISTS(...) repo filter so an adopted task is associated only with a
batch containing tasks from the same repo.