labs: entire investigate — multi-agent investigation loop

.golangci.yaml

@@ -109,6 +109,7 @@ linters:
         - grpc.DialOption
         - github.com/entireio/cli/cmd/entire/cli/summarize.Generator
         - github.com/entireio/cli/cmd/entire/cli/agent\..+
+        - github.com/entireio/cli/cmd/entire/cli/agent/spawn.Spawner
         - github.com/entireio/cli/cmd/entire/cli/review/types.Process
         - github.com/entireio/cli/cmd/entire/cli/review/types.AgentReviewer
         - github.com/entireio/cli/cmd/entire/cli/review.SynthesisProvider
@@ -161,6 +162,9 @@ linters:
       - path: ^cmd/entire/cli/review/tui_model\.go$
         linters:
           - ireturn
+      - path: ^cmd/entire/cli/investigate/cmd\.go$
+        linters:
+          - ireturn
       # configloader.go is a thin os-backed billy.Basic adapter. It must return
       # raw os errors unwrapped so go-git's os.IsNotExist() fall-through (for
       # absent config files) keeps working; wrapping would break it.

cmd/entire/cli/agent/architecture_test.go

@@ -131,6 +131,7 @@ func discoverAgentPackages(t *testing.T, agentDir string) []string {
 		"testutil":       true, // shared test utilities
 		"external":       true, // external agent adapter, not a self-registering agent
 		"skilldiscovery": true, // shared capability helper (registries, match), not an agent
+		"spawn":          true, // shared Spawner interface for review/investigate, not an agent
 	}
 
 	entries, err := os.ReadDir(agentDir)

cmd/entire/cli/agent/claudecode/spawner.go

@@ -0,0 +1,28 @@
+package claudecode
+
+import (
+	"context"
+	"os/exec"
+
+	"github.com/entireio/cli/cmd/entire/cli/agent"
+	"github.com/entireio/cli/cmd/entire/cli/agent/spawn"
+)
+
+// claudeCodeSpawner produces argv: claude -p <prompt>; no stdin.
+type claudeCodeSpawner struct{}
+
+// NewSpawner returns a Spawner for claude-code's non-interactive review/investigate mode.
+func NewSpawner() spawn.Spawner { return claudeCodeSpawner{} }
+
+func (claudeCodeSpawner) Name() string { return string(agent.AgentNameClaudeCode) }
+
+func (claudeCodeSpawner) BuildCmd(ctx context.Context, env []string, prompt string) *exec.Cmd {
+	// --permission-mode bypassPermissions auto-accepts every tool call.
+	// `-p` (print) mode has no UI to answer permission prompts, so the
+	// default mode silently denies anything not pre-approved — including
+	// Bash (so `git`, `grep`, `ls` would be blocked). The prompt forbids
+	// destructive commands; the flag is a no-op for the review path.
+	cmd := exec.CommandContext(ctx, "claude", "-p", "--permission-mode", "bypassPermissions", prompt)
+	cmd.Env = env
+	return cmd
+}

cmd/entire/cli/agent/claudecode/spawner_test.go

@@ -0,0 +1,42 @@
+package claudecode
+
+import (
+	"context"
+	"reflect"
+	"testing"
+)
+
+// TestClaudeCodeSpawner_Name asserts the spawner reports the stable
+// registry name used by both review and investigate callers.
+func TestClaudeCodeSpawner_Name(t *testing.T) {
+	t.Parallel()
+	if got := NewSpawner().Name(); got != "claude-code" {
+		t.Errorf("Name() = %q, want %q", got, "claude-code")
+	}
+}
+
+// TestClaudeCodeSpawner_Argv pins the argv contract:
+//
+//	claude -p --permission-mode bypassPermissions <prompt>
+//
+// The prompt is the last positional. --permission-mode bypassPermissions is
+// required so file writes succeed in non-interactive mode (see
+// spawner.go); stdin is unused.
+func TestClaudeCodeSpawner_Argv(t *testing.T) {
+	t.Parallel()
+	env := []string{"FOO=bar", "BAZ=qux"}
+	cmd := NewSpawner().BuildCmd(context.Background(), env, "the-prompt")
+
+	wantArgs := []string{"claude", "-p", "--permission-mode", "bypassPermissions", "the-prompt"}
+	if !reflect.DeepEqual(cmd.Args, wantArgs) {
+		t.Errorf("Args = %v, want %v", cmd.Args, wantArgs)
+	}
+
+	if !reflect.DeepEqual(cmd.Env, env) {
+		t.Errorf("Env = %v, want %v", cmd.Env, env)
+	}
+
+	if cmd.Stdin != nil {
+		t.Errorf("Stdin = %v, want nil (claude uses argv, not stdin)", cmd.Stdin)
+	}
+}

cmd/entire/cli/agent/codex/spawner.go

@@ -0,0 +1,41 @@
+package codex
+
+import (
+	"context"
+	"os/exec"
+	"strings"
+
+	"github.com/entireio/cli/cmd/entire/cli/agent"
+	"github.com/entireio/cli/cmd/entire/cli/agent/spawn"
+)
+
+// codexSpawner produces argv:
+//
+//	codex exec --skip-git-repo-check --dangerously-bypass-approvals-and-sandbox -
+//
+// Prompt is piped on stdin. The "dangerously-bypass" flag is codex's
+// documented way to run autonomously without sandbox + approval gates.
+// Less aggressive options (-s workspace-write, --add-dir) are NOT
+// sufficient for `entire investigate`: codex's workspace-write policy
+// excludes `.git/` regardless of --add-dir, so the agent could not
+// write to <git-common-dir>/entire-investigations/<run-id>/
+// (findings.md / state.json) even when that path was added. The user
+// explicitly invoked the agent; the prompt forbids destructive commands.
+type codexSpawner struct{}
+
+// NewSpawner returns a Spawner for codex's non-interactive review/investigate mode.
+func NewSpawner() spawn.Spawner { return codexSpawner{} }
+
+func (codexSpawner) Name() string { return string(agent.AgentNameCodex) }
+
+func (codexSpawner) BuildCmd(ctx context.Context, env []string, prompt string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, string(agent.AgentNameCodex),
+		codexExecCommand,
+		"--skip-git-repo-check",
+		"--dangerously-bypass-approvals-and-sandbox",
+		"-",
+	)
+	cmd.Stdin = strings.NewReader(prompt)
+	cmd.Env = env
+	return cmd
+}

cmd/entire/cli/agent/codex/spawner_test.go

@@ -0,0 +1,81 @@
+package codex
+
+import (
+	"context"
+	"io"
+	"reflect"
+	"testing"
+)
+
+// TestCodexSpawner_Name asserts the spawner reports the stable registry name.
+func TestCodexSpawner_Name(t *testing.T) {
+	t.Parallel()
+	if got := NewSpawner().Name(); got != wantCodexAgentName {
+		t.Errorf("Name() = %q, want %q", got, wantCodexAgentName)
+	}
+}
+
+// TestCodexSpawner_Argv pins the argv + stdin contract:
+//
+//	codex exec --skip-git-repo-check --dangerously-bypass-approvals-and-sandbox -
+//
+// Prompt is piped on stdin. The bypass-approvals-and-sandbox flag is
+// codex's documented way to run autonomously: less aggressive options
+// (-s workspace-write, --add-dir) are not sufficient because codex's
+// workspace-write policy excludes anything under `.git/` regardless of
+// --add-dir, which blocks investigate's per-run dir at
+// <git-common-dir>/entire-investigations/<run-id>/.
+func TestCodexSpawner_Argv(t *testing.T) {
+	t.Parallel()
+	env := []string{"FOO=bar", "BAZ=qux"}
+	cmd := NewSpawner().BuildCmd(context.Background(), env, "the-prompt")
+
+	wantArgs := []string{
+		wantCodexAgentName, "exec",
+		"--skip-git-repo-check",
+		"--dangerously-bypass-approvals-and-sandbox",
+		"-",
+	}
+	if !reflect.DeepEqual(cmd.Args, wantArgs) {
+		t.Errorf("Args = %v, want %v", cmd.Args, wantArgs)
+	}
+
+	if !reflect.DeepEqual(cmd.Env, env) {
+		t.Errorf("Env = %v, want %v", cmd.Env, env)
+	}
+
+	if cmd.Stdin == nil {
+		t.Fatal("Stdin = nil, want a reader carrying the prompt")
+	}
+	got, err := io.ReadAll(cmd.Stdin)
+	if err != nil {
+		t.Fatalf("read stdin: %v", err)
+	}
+	if string(got) != "the-prompt" {
+		t.Errorf("stdin = %q, want %q", string(got), "the-prompt")
+	}
+}
+
+// TestCodexSpawner_Argv_StableUnderInvestigateEnv pins the contract
+// that the argv does NOT change based on env vars. (A previous
+// implementation appended --add-dir from ENTIRE_INVESTIGATE_FINDINGS_DOC;
+// that approach didn't actually unblock writes under .git/, so we
+// dropped it. This test pins the regression.)
+func TestCodexSpawner_Argv_StableUnderInvestigateEnv(t *testing.T) {
+	t.Parallel()
+	env := []string{
+		"FOO=bar",
+		"ENTIRE_INVESTIGATE_FINDINGS_DOC=/repo/.git/entire-investigations/abcdef012345/findings.md",
+	}
+	cmd := NewSpawner().BuildCmd(context.Background(), env, "prompt")
+
+	wantArgs := []string{
+		wantCodexAgentName, "exec",
+		"--skip-git-repo-check",
+		"--dangerously-bypass-approvals-and-sandbox",
+		"-",
+	}
+	if !reflect.DeepEqual(cmd.Args, wantArgs) {
+		t.Errorf("Args = %v, want %v", cmd.Args, wantArgs)
+	}
+}

cmd/entire/cli/agent/geminicli/spawner.go

@@ -0,0 +1,26 @@
+package geminicli
+
+import (
+	"context"
+	"os/exec"
+	"strings"
+
+	"github.com/entireio/cli/cmd/entire/cli/agent/spawn"
+)
+
+// geminiSpawner produces argv: gemini -p " "; prompt via stdin.
+// The " " argv placeholder triggers headless mode; the prompt goes via stdin
+// because gemini's -p flag appends to stdin content.
+type geminiSpawner struct{}
+
+// NewSpawner returns a Spawner for gemini-cli's non-interactive review/investigate mode.
+func NewSpawner() spawn.Spawner { return geminiSpawner{} }
+
+func (geminiSpawner) Name() string { return "gemini-cli" }
+
+func (geminiSpawner) BuildCmd(ctx context.Context, env []string, prompt string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, "gemini", "-p", " ")
+	cmd.Stdin = strings.NewReader(prompt)
+	cmd.Env = env
+	return cmd
+}

cmd/entire/cli/agent/geminicli/spawner_test.go

@@ -0,0 +1,44 @@
+package geminicli
+
+import (
+	"context"
+	"io"
+	"reflect"
+	"testing"
+)
+
+// TestGeminiCLISpawner_Name asserts the spawner reports the stable registry name.
+func TestGeminiCLISpawner_Name(t *testing.T) {
+	t.Parallel()
+	if got := NewSpawner().Name(); got != "gemini-cli" {
+		t.Errorf("Name() = %q, want %q", got, "gemini-cli")
+	}
+}
+
+// TestGeminiCLISpawner_Argv pins the argv + stdin contract:
+// gemini -p " " (space placeholder triggers headless mode), prompt via stdin.
+func TestGeminiCLISpawner_Argv(t *testing.T) {
+	t.Parallel()
+	env := []string{"FOO=bar", "BAZ=qux"}
+	cmd := NewSpawner().BuildCmd(context.Background(), env, "the-prompt")
+
+	wantArgs := []string{"gemini", "-p", " "}
+	if !reflect.DeepEqual(cmd.Args, wantArgs) {
+		t.Errorf("Args = %v, want %v", cmd.Args, wantArgs)
+	}
+
+	if !reflect.DeepEqual(cmd.Env, env) {
+		t.Errorf("Env = %v, want %v", cmd.Env, env)
+	}
+
+	if cmd.Stdin == nil {
+		t.Fatal("Stdin = nil, want a reader carrying the prompt")
+	}
+	got, err := io.ReadAll(cmd.Stdin)
+	if err != nil {
+		t.Fatalf("read stdin: %v", err)
+	}
+	if string(got) != "the-prompt" {
+		t.Errorf("stdin = %q, want %q", string(got), "the-prompt")
+	}
+}

cmd/entire/cli/agent/spawn/spawn.go

@@ -0,0 +1,30 @@
+// Package spawn provides the Spawner interface used by both `entire review`
+// and `entire investigate` to start an agent process non-interactively.
+//
+// The interface is intentionally env-contract-agnostic: callers compose
+// their own ENTIRE_REVIEW_* or ENTIRE_INVESTIGATE_* env via
+// review.AppendReviewEnv or investigate.AppendInvestigateEnv before calling
+// BuildCmd. Spawners only own the agent-specific argv shape and stdin
+// wiring; they do not append review/investigate env.
+package spawn
+
+import (
+	"context"
+	"os/exec"
+)
+
+// Spawner builds *exec.Cmd values for a specific agent in non-interactive,
+// review/investigate mode. The returned Cmd MUST NOT be started yet —
+// callers may attach pipes, modify env, etc., before invoking Start.
+type Spawner interface {
+	// Name returns the agent's stable registry name (e.g. "claude-code").
+	Name() string
+
+	// BuildCmd constructs the *exec.Cmd to spawn the agent.
+	//   - env: the full process environment to set on cmd.Env (the caller has
+	//     already appended ENTIRE_REVIEW_* or ENTIRE_INVESTIGATE_* values
+	//     and stripped any stale entries before calling).
+	//   - prompt: the composed prompt string. The spawner decides whether
+	//     this goes via argv or stdin per the agent's CLI shape.
+	BuildCmd(ctx context.Context, env []string, prompt string) *exec.Cmd
+}