refactor: share agent queue fetching logic

[itsmiso-ai]

Closes #414

[its-saffron]

AI Automated Review

Full PR review.

Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — routed smart (risk match: public_route_changes)

PR PR 440 Review: Share agent queue fetching logic

Recommendation: Approve

This refactor correctly extracts shared queue-fetching logic from the two agent queue endpoints into a new shared module (src/lib/agent-queue-fetch.ts), directly addressing issue PR 414.

Change-by-Change Analysis

1. src/lib/agent-queue-fetch.ts (new file)

• Introduces fetchAgentQueueData() which centralizes: open-issue fetching from enabled repos, lease exclusion via findLeasedIssueIds(), PR-fix queue listing, and queue building via buildAgentQueue().
• Provides a clean interface with typed AgentQueueFetchParams and AgentQueueFetchResult.
• Handles lane resolution via resolveRequestLane and lane validation, returning laneValid and availableLanes for consistent error messages.
• Returns rankedQueue (ranked and filtered issues) and prFixItems (mapped PR-fix queue items) to callers.

2. src/app/api/agents/[agentName]/next-task/route.ts

• Removed ~78 lines of duplicated logic; now delegates to fetchAgentQueueData().
• Groom-mode path (mode=groom) is unchanged — it has its own distinct query and does not use the shared function.
• Task-creation logic (idle, implement, followup-pr, groom) remains in the route, unchanged in behavior.

3. src/app/api/agents/[agentName]/queue/route.ts

• Removed ~73 lines of duplicated logic; now delegates to fetchAgentQueueData().
• Returns [...prFixItems, ...rankedQueue] — same as before, just sourced from the shared function.

Required Checks

✓ verify route access controls are in place
Both routes retain authorizeRequest() at the top of their handlers. The diff shows neither auth call was removed:

• next-task/route.ts: if (!(await authorizeRequest(request)).authorized) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } — preserved.
• queue/route.ts: if (!(await authorizeRequest(request)).authorized) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } — preserved.

Per src/lib/auth.ts, these routes support Bearer token auth (DISPATCH_AGENT_TOKEN) and fall back to Basic/OIDC depending on DISPATCH_AUTH_MODE. The auth contract is unchanged.

✓ check for unintended public endpoints
No new endpoints are added. Both routes remain GET-only handlers at the same paths. The new agent-queue-fetch.ts is a pure read-only library module (no HTTP handlers, no side effects beyond DB reads). No route visibility or CORS changes.

Standards Compliance

• Code Standards: No agent-specific names in generic code (the shared module is agent-agnostic). Error handling uses try/catch in both routes, consistent with existing patterns. API routes return appropriate status codes (400 for invalid lane, 401 for unauthorized, 500 for server errors).
• File Structure: The new library file is placed in src/lib/ alongside other shared utilities (agent-queue.ts, pr-fix-queue.ts, lease.ts), following the documented structure.
• Prisma Notes: The shared function uses the same prisma.issue.findMany query shape and select projection as before — no schema coupling changes.

Linked Issue Fit

Issue PR 414 explicitly asks to extract the shared queue-fetching logic so lane-config and lease-filter changes apply to both routes. This PR:

• Creates a single fetchAgentQueueData() function that both routes call.
• Ensures lane resolution (resolveRequestLane) and lease filtering (findLeasedIssueIds) now occur in one place.
• The PR title "refactor: share agent queue fetching logic" accurately describes the change.

Evidence Provider Findings

No evidence providers were configured for this PR.

Tool Harness Findings

The tool harness read all three changed files. The auth calls were verified present in both routes. The new shared module's function signature and logic were confirmed accurate.

Unknowns / Needs Verification

None. The refactor is self-contained: no new dependencies, no config changes, no schema changes, and auth is preserved.

Summary

This is a clean, well-scoped refactor that reduces duplication, centralizes shared logic, and makes future lane/lease configuration changes safer by ensuring both endpoints evolve together. Authorization is intact, no new public endpoints are introduced, and the work directly fulfills issue PR 414.