fix(groundskeeper): prevent duplicate wellness issues, fix auto-update env vars, standardize API keys

[OAGr]

Summary

Three fixes for groundskeeper operational issues causing repeated failures and noise:

1. Health-check duplicate issue creation — Stagger wellness workflow cron schedules (+5min, +10min), use stable issue title (no timestamp), add title-based fallback search, and post-creation dedup guard that closes duplicates
2. Auto-update missing env vars — Pass LONGTERMWIKI_SERVER_URL and scoped API keys to the CI pipeline step (was only in "Build data layer"). Switch paranoid review to parseJsonFromLlm for better JSON recovery
3. API key consistency — Migrate session-sweep and groundskeeper wiki-server client from WIKI_SERVER_API_KEY to LONGTERMWIKI_PROJECT_KEY with LONGTERMWIKI_SERVER_API_KEY fallback

Test plan

• 11 wellness-report tests pass (including new stable title test)
• 11 session-sweep tests pass (including new fallback key test)
• 2675 crux tests pass
• TypeScript check clean
• Reviewed via /review-pr — fixed unused param and per-iteration error handling
• Post-merge: verify no duplicate wellness issues at next 8AM/PM UTC run
• Post-merge: verify auto-update run writes session logs (no LONGTERMWIKI_SERVER_URL warnings)

Closes #1819

🤖 Generated with Claude Code

[github-actions]

✅ Protected Paths Modified

This PR modifies 4 protected file(s) that control agent behavior, CI pipelines, or validation logic. These changes require human review before merging.

CI workflows (.github/workflows/)

• .github/workflows/auto-update.yml
• .github/workflows/ci-pr-health.yml
• .github/workflows/frontend-data-health.yml

Auto-update system (crux/auto-update/)

• crux/auto-update/ci-orchestrate.ts

---

The rules-change-reviewed label is present (added by OAGr). A human has acknowledged these changes.

Why this check exists: Agents have write access to their own behavioral rules. Without human review, a rule change buried in a large PR could weaken validation, bypass gates, or modify agent instructions. See #1405.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
longterm-wiki-agent3	Error		Mar 7, 2026 1:34am

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates API key configuration strategy with a fallback mechanism, adjusts GitHub workflow scheduling, adds an audit entry, refactors JSON parsing in CI orchestration using a centralized utility, and enhances wellness report issue handling with deduplication logic to prevent concurrent duplicates.

Changes

Cohort / File(s)	Summary
Configuration & Audit .claude/audits.yaml	Added new post-merge audit entry groundskeeper-fixes-post-merge with tracking fields (id, pr, merged, claim, how\_to\_verify, status, deadline).
GitHub Workflows .github/workflows/auto-update.yml, ci-pr-health.yml, frontend-data-health.yml	Added four environment variables (LONGTERMWIKI_SERVER_URL, LONGTERMWIKI_SERVER_API_KEY, LONGTERMWIKI_PROJECT_KEY, LONGTERMWIKI_CONTENT_KEY) to auto-update step; shifted cron schedules by +10 minutes in ci-pr-health and +5 minutes in frontend-data-health to stagger execution timing.
Groundskeeper API Key Refactoring apps/groundskeeper/src/tasks/session-sweep.ts, session-sweep.test.ts, apps/groundskeeper/src/wiki-server.ts	Replaced single WIKI_SERVER_API_KEY with fallback strategy: prefer LONGTERMWIKI_PROJECT_KEY, fallback to LONGTERMWIKI_SERVER_API_KEY. Updated error messages and tests to validate both key paths and fallback behavior.
CI Orchestration crux/auto-update/ci-orchestrate.ts	Centralized JSON parsing logic by importing and using parseJsonFromLlm utility, replacing ad-hoc JSON extraction to handle code fences, preambles, and truncation uniformly; early exits on parse failure.
Wellness Report Enhancement crux/health/wellness-report.ts, crux/health/wellness-report.test.ts	Exported new constant WELLNESS_ISSUE_TITLE replacing hard-coded titles; introduced two-stage issue lookup (by label, then title-prefix fallback); added deduplicateWellnessIssues() function to detect and close duplicate concurrent wellness issues, keeping the oldest open issue.

Sequence Diagram(s)

sequenceDiagram
    participant WR as Wellness Report<br/>(Create Path)
    participant GH as GitHub API
    participant Dedup as Dedup Handler

    WR->>GH: Create new wellness issue<br/>(stable title)
    GH-->>WR: Issue created
    
    WR->>Dedup: Call deduplicateWellnessIssues()
    
    Dedup->>GH: Wait briefly, list open<br/>wellness issues
    GH-->>Dedup: Return wellness issues
    
    alt Duplicates found
        Dedup->>GH: Post closing comment<br/>on duplicates
        GH-->>Dedup: Comment posted
        Dedup->>GH: Close duplicate issues
        GH-->>Dedup: Issues closed
    else No duplicates
        Dedup-->>WR: Return (no-op)
    end
    
    Dedup-->>WR: Deduplication complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• [maintenance] weekly sweep — audit checks + issue triage #1747: Modifies .claude/audits.yaml post-merge section with status field updates alongside this PR's new audit entry.
• chore: verify production checklists from recent PRs #1746: Updates post-merge audit metadata in .claude/audits.yaml, overlapping with this PR's audit configuration changes.

Poem

🐰 A rabbit hops through configs new,
With falling keys and API brew,
Workflows stagger, wellness cleans,
Dedup magic keeps things keen! ✨
JSON parsing, smooth and bright,
All audit entries set just right! 📋

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 42.86% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title comprehensively covers all three main objectives: duplicate wellness issue prevention, auto-update environment variable fixes, and API key standardization.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch claude/nervous-shockley

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[OAGr]

Can we not use a github lib or something? At least put this line elsewhere, seems brittle.

[OAGr]

This to, for examlpe.

[OAGr]

🤖 PR Patrol ran for 191s (40 max turns, model: sonnet).

Issues detected: ci-failure, missing-issue-ref

Result:
auto-update env vars LONGTERMWIKI_SERVER_URL"

• "cron schedule stagger"

These are ad-hoc operational fixes without pre-filed issues. Per the guardrails: no matching issue exists, so this is fine to skip.

Summary

No code changes needed. Both detected issues are unactionable:

1. check-protected-paths needs a human to approve (add rules-change-reviewed label) — this is by design for CI workflow changes
2. Vercel agent3 failure is pre-existing infrastructure, not introduced by this PR

[OAGr]

🤖 PR Patrol ran for 499s (40 max turns, model: sonnet).

Issues detected: ci-failure, missing-issue-ref

Result:
le PRs (#1812, #1813, #1814, #1818). Not caused by this PR's changes. The main ci check (build + tests) passed.

Missing Issue Reference — Fixed: Added Closes #1819 to the PR body. Issue #1819 reports auto-update.yml failing on all recent runs, which this PR directly addresses by adding the missing LONGTERMWIKI_SERVER_URL env var to the CI pipeline step.

Action needed from a human: Add the rules-change-reviewed label to PR #1813 after reviewing the workflow/auto-update changes.