t1426: Upstream watch — track external repos for release monitoring

[marcusquinn]

Summary

• New upstream-watch-helper.sh (add/remove/check/ack/status) to maintain a watchlist of external repos for passive release monitoring
• Integrated with auto-update-helper.sh via 24h-gated check_upstream_watch() — timestamp only advances on successful check
• Uses AIDEVOPS_AGENTS_DIR env var consistently; captures gh api exit status with probe_failed flag; last_commit_seen only updated on explicit ack
• Task IDs renumbered from t1424/t1425 to t1426/t1427 to resolve collision with main

Supersedes #3994 (rebased, conflicts resolved, all CodeRabbit findings addressed).

Closes #3994

Summary by CodeRabbit

• New Features

  • Upstream watch to monitor external repositories for new releases and commits.
  • Enable/disable toggle and check-frequency setting (default: 24 hours).
  • Integrated upstream monitoring into the auto-update workflow.
  • CLI: add/remove watches, check status, acknowledge updates, and view diffs/details.

• Documentation

  • User-facing docs describing configuration, commands, and operational behavior.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds an "Upstream watch" capability: a new CLI (upstream-watch-helper.sh) to track external GitHub repos for releases/commits, a committed config template and state handling, and integration into the auto-update flow with a configurable 24h gate plus documentation and feature toggles.

Changes

Cohort / File(s)	Summary
Upstream Watch script & config .agents/scripts/upstream-watch-helper.sh, .agents/configs/upstream-watch.json	New CLI with add, remove, check, ack, status commands; uses gh/jq, persists config (configs/upstream-watch.json) and state (~/.aidevops/cache/upstream-watch-state.json), shows release/commit diffs and manages updates_pending.
Auto-update integration .agents/scripts/auto-update-helper.sh	Added DEFAULT_UPSTREAM_WATCH_HOURS, check_upstream_watch() and update_upstream_watch_timestamp(); invoked at multiple decision points in cmd_check() and final update flow; respects feature toggle and hours gate.
Feature toggles / shared constants .agents/scripts/shared-constants.sh	Added legacy env mappings for upstream_watch and upstream_watch_hours and included them in legacy toggle processing.
Docs & settings .agents/AGENTS.md, .agents/reference/services.md, .agents/reference/settings.md	Declared the Upstream watch capability in capabilities list; added Auto-update docs referencing upstream watch; added public config keys auto_update.upstream_watch and auto_update.upstream_watch_hours (env vars AIDEVOPS_UPSTREAM_WATCH / AIDEVOPS_UPSTREAM_WATCH_HOURS).
Backlog / meta TODO.md, .task-counter	Added tasks t1426 (Upstream watch) and t1427; incremented .task-counter (1425→1427).

Sequence Diagram(s)

sequenceDiagram
    participant AutoUpdate as Auto-Update\n(.agents/scripts/auto-update-helper.sh)
    participant UpWatch as UpstreamWatch\n(.agents/scripts/upstream-watch-helper.sh)
    participant Config as Config\n(.agents/configs/upstream-watch.json)
    participant State as State\n(~/.aidevops/cache/upstream-watch-state.json)
    participant GH as GitHub API\n(via gh CLI)

    AutoUpdate->>State: read last_upstream_watch_check
    AutoUpdate->>AutoUpdate: compute elapsed time vs configured hours
    alt elapsed >= interval
        AutoUpdate->>UpWatch: run `check` command
        UpWatch->>Config: load watchlist
        loop per watched repo
            UpWatch->>GH: fetch latest release
            UpWatch->>GH: fetch latest commit on default branch
            UpWatch->>State: compare last_seen vs fetched
            alt new release or commit
                UpWatch->>UpWatch: generate diff / mark updates_pending
            end
            UpWatch->>State: update last_checked (not last_seen until ack)
        end
        UpWatch-->>AutoUpdate: return status/results
        AutoUpdate->>State: update last_upstream_watch_check
    else within interval
        AutoUpdate->>AutoUpdate: skip upstream check (log)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: auto-update opt-out via settings.json #2727: Edits to auto-update flow and shared constants that overlap with upstream-watch gating and feature toggles.
• t2730: Replace feature-toggles.conf with namespaced JSONC config system #2731: Related changes to auto-update and config-backed gating; may overlap in .agents/scripts/auto-update-helper.sh and toggle handling.

Suggested labels

enhancement

Poem

🌊 We peer upstream for each new tide,
Scripts that add, check, ack, and guide,
Daily gates and diffs in tow,
Small alerts where ideas grow,
Watchful nets that catch what’s tried.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 48.15% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding upstream watch capability to track external repos for release monitoring, matching the primary feature addition in the changeset.
Linked Issues check	✅ Passed	The PR fully implements all coding objectives from #3994: upstream-watch-helper.sh CLI commands, auto-update integration with 24h gate, config/state files, documentation updates, and environment variable handling.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to upstream watch implementation; .task-counter and TODO.md updates document completed/pending work related to this feature and its evaluation task.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/t1424-upstream-watch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a robust 'Upstream Watch' capability, allowing the system to automatically track and report on updates from external GitHub repositories. This feature is designed to keep developers informed about new releases and significant changes in projects that serve as inspiration or reference, without requiring direct code integration. It streamlines the process of monitoring external dependencies and ideas, ensuring that relevant advancements are noted and reviewed efficiently.

Highlights

• New Upstream Watch Feature: Introduced a new 'Upstream Watch' system to passively monitor external GitHub repositories for new releases and significant commits, tracking 'inspiration repos' for relevant improvements.
• Dedicated Helper Script: Added upstream-watch-helper.sh to manage the watchlist, providing commands to add, remove, check, acknowledge, and view the status of watched repositories.
• Auto-Update Integration: Integrated the upstream watch checks into auto-update-helper.sh, enabling daily, 24-hour gated monitoring of external repos.
• Configuration and State Management: Established configs/upstream-watch.json for watchlist configuration and ~/.aidevops/cache/upstream-watch-state.json for runtime state, including last-seen releases/commits and check timestamps.
• Task ID Renumbering: Renumbered internal task IDs from t1424/t1425 to t1426/t1427 to resolve a collision with existing tasks.

Changelog

• .agents/AGENTS.md
  • Added 'Upstream watch' entry to the agent capabilities table, referencing the new helper script and configuration file.
  • Included 'Upstream watch' as a key capability, detailing its purpose, commands, and distinction from other monitoring features.
  • Updated the 'Auto-update' capability description to include the upstream watch check.
• .agents/configs/upstream-watch.json
  • Added a new configuration file to define external repositories for upstream monitoring, including a comment describing its schema and management.
• .agents/reference/services.md
  • Added a new section describing the 'Upstream watch' service, explaining its function, configuration, state management, and usage commands.
• .agents/reference/settings.md
  • Added new settings auto_update.upstream_watch and auto_update.upstream_watch_hours to control the daily upstream repository watch checks.
• .agents/scripts/auto-update-helper.sh
  • Documented new environment variables AIDEVOPS_UPSTREAM_WATCH and AIDEVOPS_UPSTREAM_WATCH_HOURS.
  • Defined DEFAULT_UPSTREAM_WATCH_HOURS for the new feature.
  • Implemented check_upstream_watch() function to perform gated checks of watched repositories.
  • Implemented update_upstream_watch_timestamp() to record the last successful upstream watch check.
  • Integrated check_upstream_watch calls into the cmd_check function to ensure daily execution.
• .agents/scripts/upstream-watch-helper.sh
  • Added a new shell script to manage the upstream watch feature, including functions for adding, removing, checking, acknowledging, and displaying the status of watched repositories.
  • Included prerequisite checks for gh CLI and jq.
  • Implemented robust state and configuration file management using jq.
  • Provided detailed logging and user feedback for all commands.
• .task-counter
  • Updated the global task counter from 1425 to 1427.
• TODO.md
  • Added new backlog item t1426 Upstream watch detailing the feature implemented in this PR.
  • Added new backlog item t1427 Evaluate portless vs localdev-helper.sh, which is blocked by t1426.

Activity

• The pull request supersedes t1424: Upstream watch — track external repos for release monitoring #3994, indicating a rebase and resolution of previous conflicts.
• All CodeRabbit findings from prior iterations have been addressed, suggesting a thorough review and refinement process.
• Task IDs were renumbered to avoid collisions, implying careful management of development tasks.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 393 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Mar 9 20:16:42 UTC 2026: Code review monitoring started
Mon Mar 9 20:16:43 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 393

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 393
• VULNERABILITIES: 0

Generated on: Mon Mar 9 20:16:45 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[gemini-code-assist]

Code Review

This pull request introduces a valuable upstream-watch-helper.sh script for monitoring external repositories, and integrates it well into the existing auto-update-helper.sh. The new script is robust, with good error handling and state management. I've provided a couple of suggestions to enhance its reliability and maintainability. One comment addresses a potential bug in release checking that could miss updates, and the other aims to improve debuggability in the auto-update script by referencing established repository rules. Overall, this is a solid and well-executed feature addition.

[alex-solovyev]

Dispatching worker to address unresolved review bot suggestions.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Branch: feature/t1424-upstream-watch
• Scope: Address 2 unresolved inline review suggestions from CodeRabbit on PR t1426: Upstream watch — track external repos for release monitoring #4003
• Attempt: 1 of 1
• Direction: Read inline review comments, apply valid suggestions, dismiss invalid ones with a reply

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 393 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Mon Mar 9 20:51:58 UTC 2026: Code review monitoring started
Mon Mar 9 20:51:59 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 393

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 393
• VULNERABILITIES: 0

Generated on: Mon Mar 9 20:52:01 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/AGENTS.md:
- Line 237: Update the "Auto-update" line in AGENTS.md to precisely reflect what
auto-update-helper.sh handles: mention that auto-update covers
skill/OpenClaw/tool freshness and upstream watch checks (via
auto-update-helper.sh), and remove or clarify the claim that repo sync is
included—instead state that repo sync is performed separately by the aidevops
repo-sync scheduler; keep AGENTS.md as the single source of truth for these
operational details.

In @.agents/scripts/auto-update-helper.sh:
- Around line 38-39: The feature-toggle mapping is missing entries for
upstream_watch/upstream_watch_hours causing env overrides to be ignored; update
the _ft_env_map() function to add cases for "upstream_watch" and
"upstream_watch_hours" that echo "AIDEVOPS_UPSTREAM_WATCH" and
"AIDEVOPS_UPSTREAM_WATCH_HOURS" respectively, and add "upstream_watch" and
"upstream_watch_hours" to the toggle_keys list in _load_feature_toggles_legacy()
so is_feature_enabled and get_feature_toggle (used around lines 872 and 878) can
pick up environment overrides as documented.

In @.agents/scripts/upstream-watch-helper.sh:
- Around line 367-380: The script currently may treat partial GitHub API
failures as success; ensure any probe failure sets the shared flag probe_failed
(e.g., in the block handling gh api for releases where you already set
probe_failed=true) for all error branches referencing release_json, issues, or
tags (the other failure blocks around the comments you noted at 399-408 and
421-476), and add a final check in the main probe routine to exit with a
non-zero status (exit 1 or 2) if probe_failed is true so the caller
(.agents/scripts/auto-update-helper.sh) can detect and retry; use the existing
_log_warn for messages and preserve release_json/api_stderr handling but make
probe_failed authoritative for failure exit.
- Around line 442-459: The script only marks .repos[$slug].updates_pending based
on has_new_release, so commit-only changes (has_new_commits) aren't recorded
when --verbose is false; update the jq pending logic in the state update (the
command that sets state via jq --argjson pending ...) to set pending when either
has_new_release or has_new_commits is true (i.e. pending = (has_new_release ||
has_new_commits)); also consider incrementing updates_found when has_new_commits
is true even if verbose is false so dashboards/counting reflect commit-only
updates (refer to variables has_new_commits, has_new_release, updates_found,
verbose, state, now, slug).
- Line 489: Replace the pipeline echo "$body" | head -20 | sed 's/^/    /' with
a single sed invocation using a here-string to avoid pipes/SIGPIPE: use sed -n
'1,20{s/^/    /;p}' <<< "$body" so sed both limits to the first 20 lines and
prefixes each line with four spaces in one command.

In `@TODO.md`:
- Line 111: Update the TODO entry to use the actual config path used by the
implementation: replace the string "configs/upstream-watch.json" with
".agents/configs/upstream-watch.json" in the t1426 description so the config
location matches the real implementation (leave the rest of the entry, including
state path "~/.aidevops/cache/upstream-watch-state.json" and other metadata,
unchanged).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e1ea4519-c4fe-409a-ae8a-98d2af9bc241

📥 Commits

Reviewing files that changed from the base of the PR and between a111a1d and 47aa961.

📒 Files selected for processing (8)

• .agents/AGENTS.md
• .agents/configs/upstream-watch.json
• .agents/reference/services.md
• .agents/reference/settings.md
• .agents/scripts/auto-update-helper.sh
• .agents/scripts/upstream-watch-helper.sh
• .task-counter
• TODO.md

[marcusquinn]

Pulse triage: PR has CHANGES_REQUESTED from CodeRabbit. All 8 worker slots are currently filled. This PR is queued for the next available slot to address review feedback.

[marcusquinn]

Dispatching worker to address 3 unresolved review suggestions.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Branch: feature/t1424-upstream-watch
• Scope: Fix 3 unresolved coderabbit suggestions
• Attempt: 1 of 1
• Direction: Read all inline comments, apply valid suggestions, dismiss invalid ones with replies

[marcusquinn]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/shared-constants.sh:
- Line 1483: The legacy env override list defined in the toggle_keys local
variable is missing max_interactive_sessions (which _ft_env_map maps to
AIDEVOPS_MAX_SESSIONS), causing the legacy override to be ignored; update the
toggle_keys string to include max_interactive_sessions alongside the other keys
so the legacy loader honors the AIDEVOPS_MAX_SESSIONS mapping and keep this list
aligned with _ft_env_map.

In @.agents/scripts/upstream-watch-helper.sh:
- Around line 333-338: The current branch that sets slugs from target_slug
bypasses the config watchlist and later creates a hidden state entry
(.repos[$slug]) for repos not in the config; change the logic so that when
target_slug is provided you validate it exists in the parsed config (from config
and jq '.repos[].slug') and if it is not present reject the operation (return
non-zero and print a clear message) instead of adding .repos[$slug] to state;
ensure the same validation is applied in the other code path that manipulates
.repos[$slug] (the block referenced alongside ack) so untracked repos are never
added to state and ack only treats repos present in the config as watched.
- Around line 662-675: The status output only shows last_release and omits the
last acknowledged commit, so add extraction of last_commit_seen from state
(e.g., last_commit=$(echo "$state" | jq -r --arg slug "$slug"
'.repos[$slug].last_commit_seen // "none"')) and print it alongside
last_release/last_checked; update the block that currently defines last_release,
last_checked, pending and prints those lines to also define last_commit and echo
a "Last commit seen: ${last_commit}" line (conditionally or unconditionally) so
commit-only updates with updates_pending=1 are clearly visible; use the existing
variable names (last_release, last_checked, pending, relevance) and the same
formatting conventions (YELLOW/GREEN/NC) when adding the new output.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 137711e7-8b6c-4198-9a2f-6bbee9e07e4a

📥 Commits

Reviewing files that changed from the base of the PR and between 47aa961 and 43a26f7.

📒 Files selected for processing (4)

• .agents/AGENTS.md
• .agents/scripts/shared-constants.sh
• .agents/scripts/upstream-watch-helper.sh
• TODO.md

[marcusquinn]

Dispatching worker to address 5 unresolved review bot suggestions.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Branch: feature/t1424-upstream-watch
• Scope: Address coderabbit suggestions in .agents/scripts/shared-constants.sh (missing max_interactive_sessions in toggle_keys, and other actionable comments)
• Attempt: 1 of 1
• Direction: Apply valid suggestions, dismiss invalid ones with explanation. Do NOT create new PRs (daily cap reached).

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.agents/scripts/upstream-watch-helper.sh (2)

610-616: Consider validating against config for consistency with cmd_check.

cmd_check validates the target slug against the config watchlist (lines 336-339), but cmd_ack validates against state. If a repo is manually removed from config but state persists, ack would still succeed. This is an edge case, but validating against config would be more consistent.

♻️ Proposed consistency fix

+	local config
+	config=$(_read_config)
+	if ! echo "$config" | jq -e --arg slug "$slug" '.repos[] | select(.slug == $slug)' >/dev/null 2>&1; then
+		echo -e "${YELLOW}Not watching: ${slug}${NC}"
+		return 1
+	fi
+
 	local state
 	state=$(_read_state)
-
-	# Check if we're watching this repo
-	local existing
-	existing=$(echo "$state" | jq -r --arg slug "$slug" '.repos[$slug] // empty')
-	if [[ -z "$existing" ]]; then
-		echo -e "${YELLOW}Not watching: ${slug}${NC}"
-		return 1
-	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/upstream-watch-helper.sh around lines 610 - 616, The ack
path currently checks the slug only against the runtime state (variable existing
from state) which can succeed if config was removed; change cmd_ack to validate
the target slug against the same config watchlist check used in cmd_check (use
the same jq query and config variable used by cmd_check to verify the slug is
present in config) before proceeding to query state; update the check that sets
existing (and the early return) to first test the slug in config (e.g., same
variable/query as cmd_check) and fall back to the state check only if the config
validation passes.

---

100-100: Redundant stderr redirect.

&>/dev/null already redirects both stdout and stderr to /dev/null, so the trailing 2>&1 is a no-op.

🧹 Proposed cleanup

-	if ! gh auth status &>/dev/null 2>&1; then
+	if ! gh auth status &>/dev/null; then

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/upstream-watch-helper.sh at line 100, The conditional
invoking the GitHub CLI check uses a redundant stderr redirect in the line
containing "if ! gh auth status &>/dev/null 2>&1; then": remove the redundant
"2>&1" so the command uses a single redirect ("&>/dev/null") to silence both
stdout and stderr, leaving the rest of the conditional logic unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/upstream-watch-helper.sh:
- Around line 750-753: The --relevance option parsing calls "shift 2" even when
no value follows, causing "shift: can't shift that many" under set -e; update
the --relevance branch to detect whether a following non-option argument exists
before shifting: if a non-empty, non-flag second argument is present, assign it
to relevance and shift 2, otherwise set relevance to empty (or a default) and
only shift 1 to consume the --relevance token. Target the option-parsing block
handling "--relevance" and adjust the logic around relevance="${2:-}" and shift
2 accordingly.

---

Nitpick comments:
In @.agents/scripts/upstream-watch-helper.sh:
- Around line 610-616: The ack path currently checks the slug only against the
runtime state (variable existing from state) which can succeed if config was
removed; change cmd_ack to validate the target slug against the same config
watchlist check used in cmd_check (use the same jq query and config variable
used by cmd_check to verify the slug is present in config) before proceeding to
query state; update the check that sets existing (and the early return) to first
test the slug in config (e.g., same variable/query as cmd_check) and fall back
to the state check only if the config validation passes.
- Line 100: The conditional invoking the GitHub CLI check uses a redundant
stderr redirect in the line containing "if ! gh auth status &>/dev/null 2>&1;
then": remove the redundant "2>&1" so the command uses a single redirect
("&>/dev/null") to silence both stdout and stderr, leaving the rest of the
conditional logic unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fba77a73-461a-4b6f-903a-06478b713b49

📥 Commits

Reviewing files that changed from the base of the PR and between 43a26f7 and 6bc610b.

📒 Files selected for processing (2)

• .agents/scripts/shared-constants.sh
• .agents/scripts/upstream-watch-helper.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• .agents/scripts/shared-constants.sh

[marcusquinn]

Dispatching worker to address CodeRabbit CHANGES_REQUESTED.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Branch: feature/t1424-upstream-watch
• Scope: Fix cmd_ack in upstream-watch-helper.sh to validate against config watchlist (not just state) for consistency with cmd_check
• Attempt: 1 of 1
• Direction: Lines 610-616 — add config validation alongside state validation

[marcusquinn]

Applied all round-3 CodeRabbit review suggestions in bf3c24a:

1. cmd_ack config validation — Now validates the target slug against the config watchlist (same jq -e query as cmd_check), not just state. If a repo is removed from config but state persists, ack will correctly reject it with a clear error message directing the user to add it first.

2. Redundant 2>&1 — Removed the trailing 2>&1 after &>/dev/null in _check_prerequisites (line 100). &> already redirects both stdout and stderr.

3. --relevance shift safety — The --relevance option parser now checks $# -ge 2 and that the next arg isn't a flag before shift 2, preventing "can't shift that many" errors under set -euo pipefail when --relevance is passed without a value.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 392 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Mar 10 00:11:16 UTC 2026: Code review monitoring started
Tue Mar 10 00:11:17 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 392

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 392
• VULNERABILITIES: 0

Generated on: Tue Mar 10 00:11:19 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[marcusquinn]

All remaining CodeRabbit findings addressed in 5bd9fd4:

Fixed:

1. .agents/AGENTS.md domain index — config path corrected to .agents/configs/upstream-watch.json
2. .agents/reference/services.md — same config path correction
3. --relevance without a value — now returns explicit error instead of silently ignoring

Already addressed (prior commits):

• cmd_ack config validation (nitpick from review 3) — already implemented in bf3c24a (lines 607-613)
• cmd_ack validates against config watchlist, not just state, consistent with cmd_check

Merge conflict resolved:

• .task-counter — took main's value (1429)

[marcusquinn]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

All findings addressed in commits 43a26f7, 6bc610b, bf3c24a, 5bd9fd4. CodeRabbit confirmed each fix.

[marcusquinn]

Dispatching worker to address unresolved review suggestions.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Branch: feature/t1424-upstream-watch
• Scope: Address 5 unresolved bot suggestions before merge
• Attempt: 1 of 1
• Direction: Apply valid suggestions, dismiss invalid ones with explanation

[marcusquinn]

Added docstrings to all 21 functions in upstream-watch-helper.sh (6636e16), addressing the CodeRabbit pre-merge docstring coverage warning (48% → 100%).

Review bot status summary:

• All 12 inline review comments (2 Gemini, 10 CodeRabbit) have been addressed and confirmed resolved
• No unresolved CHANGES_REQUESTED reviews remain
• ShellCheck: clean (only SC1091 info about external source, expected)
• SonarCloud: Quality Gate passed (0 bugs, 0 vulnerabilities)
• All CI checks passing

This PR should be ready for merge.

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 395 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Mar 10 01:34:42 UTC 2026: Code review monitoring started
Tue Mar 10 01:34:42 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 395

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 395
• VULNERABILITIES: 0

Generated on: Tue Mar 10 01:34:45 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[marcusquinn]

Dispatching fix worker for unresolved review suggestions.

• Model: sonnet (anthropic/claude-sonnet-4-6)
• Scope: Address unresolved inline review bot suggestions
• Attempt: 1 of 1

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 395 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Mar 10 02:00:46 UTC 2026: Code review monitoring started
Tue Mar 10 02:00:46 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 395

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 395
• VULNERABILITIES: 0

Generated on: Tue Mar 10 02:00:49 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[marcusquinn]

Audit cross-link: this PR supersedes and completes recovery for closed-unmerged PR #3994, preserving upstream-watch intent on task t1426.