feat(mt#1681): extract @minsky/shared workspace package; migrate safeTruncate from vendored copy

[minsky-ai]

Summary

Replaces the vendored safeTruncate copy in services/reviewer/src/utils/safe-truncate.ts (added in mt#1679 as a hotfix) with a workspace dependency on @minsky/shared. Sets up Bun workspaces and creates packages/shared/ as the canonical home for cross-package utilities.

Motivation & Context

mt#1679 hotfixed a Railway crash loop on minsky-reviewer-webhook by vendoring safeTruncate into the reviewer service. Vendoring was the right hotfix shape but introduces a known duplication-drift cost: future updates to the canonical implementation don't propagate to the vendored copy. mt#1680's lint rule prevents future broken cross-package imports but does NOT enforce sync between canonical and vendored copies — that's this task's structural fix.

Design / Approach

1. Bun workspaces. Add "workspaces": ["packages/*", "services/*"] to root package.json. The existing services (@minsky/reviewer, @minsky/minsky-mcp) become workspace members.
2. @minsky/shared package. New packages/shared/ with package.json, tsconfig.json, and source. Exports safeTruncate via subpath @minsky/shared/safe-truncate so consumers use a focused import.
3. Migration. services/reviewer/package.json declares "@minsky/shared": "workspace:*". The 5 reviewer src/ files + 1 reviewer scripts/ file rewired to import from @minsky/shared/safe-truncate. Vendored copy deleted. src/utils/safe-truncate.ts becomes a 1-line re-export so existing src/ call sites don't churn.
4. Dockerfile rewrite. services/reviewer/Dockerfile reworked to assume repo-root build context (was services/reviewer/). The build COPYs only the package manifests for the install layer (cacheable), then COPYs the shared package source + reviewer source for runtime. Uses --ignore-scripts to skip the root prepare: husky hook (husky is a devDep, not needed in production container).
5. Railway service-config change (post-merge, out-of-band): flip the reviewer service's rootDirectory from services/reviewer to "" (repo root) and set dockerfilePath to services/reviewer/Dockerfile via the Railway GraphQL API. Applied after this PR merges to main so the new Dockerfile and packages/shared/ exist at the build time of the next deploy.

The Dockerfile change + Railway rootDirectory change are coupled: neither works in isolation. Sequencing is "merge code first, then flip Railway config, then Railway auto-redeploys at HEAD."

Key Changes

• package.json — add workspaces array.
• packages/shared/ (NEW) — package.json, tsconfig.json, src/index.ts, src/safe-truncate.ts, src/safe-truncate.test.ts (moved from src/utils/).
• services/reviewer/package.json — add @minsky/shared: "workspace:*".
• services/reviewer/Dockerfile — rewired for repo-root build context (see Design §4).
• services/reviewer/src/{sanitize,prior-review-summary,asks-reconcile-scheduler,pr-watch-scheduler,review-worker}.ts — 5 imports changed to @minsky/shared/safe-truncate.
• services/reviewer/scripts/smoke-asks-reconcile.ts — same migration.
• services/reviewer/src/utils/safe-truncate.ts — DELETED (vendored copy retired).
• src/utils/safe-truncate.ts — replaced with 1-line re-export from @minsky/shared.
• bun.lock — regenerated for workspaces.

Concurrency analysis

(N/A — pure module-resolution / build-context change. No runtime concurrency.)

Testing

Execution evidence:

$ bun install
(workspaces resolve; @minsky/shared symlinked into root node_modules; exit 0)

$ bun run typecheck
(root, exit 0)

$ cd services/reviewer && bun run typecheck
$ tsc --noEmit
(exit 0)

$ cd services/reviewer && bun test --preload ../../tests/setup.ts --timeout=15000
 794 pass, 0 fail, 1668 expect() calls

$ bun test packages/shared/src/safe-truncate.test.ts
 14 pass, 0 fail, 1856 expect() calls

$ bun run lint
$ eslint .
(0 errors, 0 warnings — exit 0; mt#1680 rule does not fire on @minsky/shared imports because bare specifiers are allowed)

$ docker build -f services/reviewer/Dockerfile -t mt1681-test .
(repo root context, succeeds — 11 layers, ~80MB image)

$ docker run --rm --entrypoint bun mt1681-test -e \
    'import { safeTruncate } from "@minsky/shared/safe-truncate"; console.log(safeTruncate("hello", 3, "head"));'
hel

$ docker run --rm --entrypoint bun mt1681-test -e \
    'import("/app/services/reviewer/src/sanitize.ts").then(m => console.log("loaded:", Object.keys(m).join(",")))'
loaded: NARRATIVE_SCRATCH_PATTERN,NARRATIVE_TOLERANCE_CHARS,STRUCTURAL_HEADING_RE,redactForLog,sanitizeReviewBody

The Docker container resolves @minsky/shared/safe-truncate correctly and a real reviewer-service consumer (sanitize.ts) loads with all its exports intact.

Live verification (post-merge)

After merge, before flipping the Railway config, the existing reviewer deploy is still healthy (it's running the pre-mt#1681 code with the vendored copy). Then:

1. Flip Railway serviceInstanceUpdate for minsky-reviewer-webhook: set rootDirectory: "" and dockerfilePath: "services/reviewer/Dockerfile" via GraphQL.
2. Trigger a redeploy (or wait for next push to main).
3. Monitor railway logs --service minsky-reviewer-webhook --deployment | tail for clean startup (no Cannot find module errors).

If the deploy fails, immediate rollback path: flip rootDirectory back to services/reviewer and dockerfilePath back to null. Railway redeploys from the previous Dockerfile shape using the old build context. The merged commit is unaffected — only Railway service-config drift, which is reversible in seconds.

Documentation impact

services/reviewer/DEPLOY.md likely contains setup instructions for the original rootDirectory: services/reviewer shape. Will update post-merge once the new shape is confirmed working in production. (Filing as out-of-scope follow-up if the doc has substantive setup guidance that changed.)

Scope notes

In scope: workspace setup + safeTruncate migration + Dockerfile rewrite.

Out of scope (for follow-up):

• Migrating services/minsky-mcp/ into the workspace pattern. It's already a separate package (@minsky/minsky-mcp) but doesn't currently import safeTruncate.
• Migrating other utilities into @minsky/shared. Only safeTruncate is the proximate vendoring case from mt#1679; subsequent utilities can fold in later.
• Updating services/reviewer/DEPLOY.md for the new build-context shape.

References

• mt#1679 (DONE) — vendored safeTruncate to fix the original Railway crash loop. The vendored file's header comment explicitly named this task as the structural follow-up.
• mt#1680 (DONE) — no-escape-deploy-context ESLint rule that catches the regression class. This task removes the duplication that the rule was preventing-against.
• mt#1626 (DONE) — /plan-task gate criterion (h) for contract-propagation enumeration; both prior tasks were instances of the gap that gate is meant to catch.

(Had Claude implement end-to-end after the mt#1679 hotfix and mt#1680 lint rule shipped earlier today.)

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

Two blocking issues were introduced by this refactor. First, the root package now re-exports safeTruncate from @minsky/shared but does not declare @minsky/shared as a dependency, creating a brittle, undeclared runtime dependency. Second, moving safe-truncate.test.ts into packages/shared/ drops it from the default test scripts, causing a test coverage regression unless CI is updated. Non-blocking notes: verify the out-of-repo Railway config flip post-merge; consider documenting that @minsky/shared exports .ts files (Bun/TS runtime oriented). Address the dependency declaration and ensure shared tests run in CI before merging.

Findings

• [BLOCKING] src/utils/safe-truncate.ts:4 — Root package now has an undeclared runtime dependency on @minsky/shared
  This file was changed to re-export safeTruncate from @minsky/shared/safe-truncate:

export { safeTruncate } from "@minsky/shared/safe-truncate";

However, the root package.json does not declare @minsky/shared in its dependencies or devDependencies (see package.json). In a workspace, each consumer must declare its dependency for correct resolution, publishing, and tooling behavior. Relying on incidental hoisting from another workspace (@minsky/reviewer) is brittle and can break local runs, packaging, or future workspace changes.

Suggested fix: add "@minsky/shared": "workspace:*" to the root package.json dependencies, or avoid re-exporting from the root package and instead update root call sites to import directly from @minsky/shared with an explicit dependency.

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

Solid extraction of safeTruncate into a workspace package and clean rewiring across the reviewer service. However, the shared package currently exports TypeScript sources with noEmit, coupling consumers to Bun’s TS loader and risking breakage in non-Bun contexts — this needs a build/exports fix before merge. The Dockerfile now assumes repo-root context; add a guard or early failure to avoid broken builds if Railway config lags. Non-blocking notes: --ignore-scripts may skip future necessary hooks, and the lockfile shows downgraded Octokit transitive versions worth double-checking. Address the portability of @minsky/shared and add a build-context safeguard, then this is good to go.

[minsky-reviewer]

Review: Extract @minsky/shared workspace package; migrate safeTruncate

CI status: pending — 2 checks in progress (build, Prevent Placeholder Tests)
Smoke: skipped — critical smoke (docker build) was verified by the author locally per PR body (acceptance test #5); root CLI smoke (bun src/cli.ts tasks list) passes on main branch confirming baseline is unaffected. The Dockerfile is the load-bearing change and cannot be run from this review context without Docker.

Summary

The PR is structurally correct. Workspace setup, import migration, Dockerfile rewrite, and lockfile updates all look well-formed. One NON-BLOCKING gap: the safeTruncate unit tests were moved from src/utils/safe-truncate.test.ts to packages/shared/src/safe-truncate.test.ts, but the root bun test command does not include packages/shared/ — these tests are now not run by the root CI test script. 0 BLOCKING findings.

Spec verification

Task: mt#1681

Criterion	Status	Evidence
1. @minsky/shared exists at packages/shared/	Met	packages/shared/package.json added with name @minsky/shared, version 0.1.0
2. Package exports safeTruncate	Met	packages/shared/package.json exports "./safe-truncate": "./src/safe-truncate.ts"; src/index.ts re-exports it
3. Root package.json + service package.json wired	Met	Root adds workspaces: ["packages/*", "services/*"]; services/reviewer/package.json adds "@minsky/shared": "workspace:*"
4a. src/utils/safe-truncate.ts re-exports from @minsky/shared	Met	File is now 4-line re-export: export { safeTruncate } from "@minsky/shared/safe-truncate"
5. Vendored file deleted; 6 callers updated	Met	services/reviewer/src/utils/safe-truncate.ts deleted; all 5 src/ files + 1 script now import from @minsky/shared/safe-truncate
6. Docker build succeeds	Met	Author verified locally per PR body; Dockerfile correctly uses repo-root context with manifest-first layer caching
7. Railway deploy remains healthy	AMBIGUOUS	Cannot verify post-merge deploy from review context — requires Railway logs post-merge. [live-probe-deferred]
8. Typecheck + tests pass	Partially met / AMBIGUOUS	CI pending; tests at root regressed (see NON-BLOCKING inline comment)

Action required for SC8: Add packages/shared to the root test command or add a test script to packages/shared/package.json (see inline comment).

Adoption sweep

Symbol / command	Consumers found	Classification
safeTruncate from @minsky/shared/safe-truncate	6 in services/reviewer/; all src/ consumers via src/utils/safe-truncate.ts re-export	Adopted
@minsky/shared workspace package	services/reviewer/package.json, root bun.lock	Adopted

Documentation impact

No update needed — internal workspace restructuring, no change to public API surface, CLI interface, or documented architectural patterns.

(Had Claude look into this — AI-assisted review)

[minsky-reviewer]

[NON-BLOCKING] Missing scripts.test entry — safeTruncate tests now orphaned from root CI.

The test file moved from src/utils/safe-truncate.test.ts to packages/shared/src/safe-truncate.test.ts, but the root bun test command in package.json covers only ./src ./tests/adapters ./tests/domain — not packages/shared/. After this PR, the 150-line safeTruncate unit suite (surrogate-pair safety, regression tests for mt#1598) will no longer run under root CI.

Recommended fix (either option):

Option A — Add a scripts section to packages/shared/package.json:

"scripts": {
  "test": "bun test src"
}

and update the root test script to include packages/shared:

bun test --preload ./tests/setup.ts --timeout=15000 ./src ./packages/shared/src ./tests/adapters ./tests/domain

Option B — Keep the tests in src/utils/ alongside the re-export shim (the re-export shim is 4 lines; the tests staying in src/ is the lower-churn path since all src/ callers import from the shim anyway).

The logic is still correct — this is a coverage gap, not a runtime bug. But the suite is the regression anchor for mt#1598 and should stay in CI.

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

The workspace extraction and Dockerfile changes look solid, and the vendored safeTruncate was cleanly removed with consumers updated to @minsky/shared/safe-truncate. However, two blocking issues remain: the root package re-exports safeTruncate from @minsky/shared without declaring @minsky/shared in the root package.json, and the @minsky/shared package exports TypeScript sources with noEmit, coupling consumers to Bun’s TS loader and reducing portability. Please add the root dependency declaration and provide a JS build output for @minsky/shared (with exports pointing to built .js), then this should be ready to merge.

[minsky-ai]

Response to R2/R4 findings

Addressed in commit c68833d:

• BLOCKING #1 (R1, R4) — undeclared @minsky/shared in root deps: Fixed. Added "@minsky/shared": "workspace:*" to the root package.json dependencies block. The re-export in src/utils/safe-truncate.ts now has a proper declared dependency rather than relying on incidental hoisting from the reviewer service.

• NON-BLOCKING (R3) — root test command excludes packages/shared/: Fixed in earlier commit 74a2d9a — added ./packages/shared/src to the root bun test paths.

Pushing back on:

• BLOCKING #2 (R2, R4) — @minsky/shared exports TypeScript sources, coupling consumers to Bun: Not fixing. This conflicts with the established project-wide convention. The entire Minsky codebase is Bun-native:

  • services/reviewer/package.json declares "main": "src/server.ts" (TypeScript source)
  • Root package.json declares "module": "src/cli.ts" (TypeScript source)
  • There is no compile step in the project; Bun loads TS directly via the runtime
  • The Dockerfile uses bun run services/reviewer/src/server.ts to start the service — no dist/ involved

  Adding a separate JS build output for @minsky/shared would diverge from this pattern for no current consumer benefit (no non-Bun consumer exists, and the project has no plans to add one). The reviewer's concern is valid in a polyglot ecosystem; it does not apply here.

  If a future non-Bun consumer ever materializes, that's the right time to add a build step — until then, YAGNI.

Other R2 NON-BLOCKINGs reviewed:

• Dockerfile guard for Railway config lag: Not adding. If Railway's rootDirectory is still services/reviewer when the new Dockerfile lands, the build fails loudly with COPY errors (the new Dockerfile references paths like packages/shared/, services/reviewer/... that don't exist with the old build context). The failure is loud and immediate; no silent corruption is possible. Adding an explicit guard is redundant.

• --ignore-scripts may skip future necessary hooks: Acknowledged but accepted. The current --ignore-scripts skips the root prepare: husky hook (dev-only). The reviewer service has no production install hooks of its own, so the trade-off is sound for now. If a service-level production-required install hook is added later, this will need revisiting — small risk for a clear current benefit.

• Octokit transitive version concerns: Verified — @octokit/rest@^21.0.0 (services/reviewer) and @octokit/rest@^22.0.0 (root) coexist as separate resolutions in the workspace lockfile. No downgrade — both ranges are preserved.

CI will trigger another bot review on commit c68833d. Expect the BLOCKING #1 to clear; BLOCKING #2 will likely be re-flagged but is intentionally deferred per the explanation above.

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

Two prior blocking findings remain unaddressed. First, the root module re-exports safeTruncate from @minsky/shared, but the root package.json does not declare @minsky/shared as a dependency, risking brittle resolution and future breakage. Second, the new @minsky/shared package exports TypeScript sources with noEmit, coupling consumers to Bun’s TS loader and reducing portability; it should build JS output and point exports to .js files. Address these before merge; the rest of the workspace extraction and Dockerfile changes look coherent.

Findings

• [BLOCKING] src/utils/safe-truncate.ts:4 — Root package re-exports from @minsky/shared but root package.json does not declare @minsky/shared
src/utils/safe-truncate.ts now re-exports safeTruncate from @minsky/shared/safe-truncate:

export { safeTruncate } from "@minsky/shared/safe-truncate";

However, the root package.json does not list @minsky/shared in either dependencies or devDependencies (see package.json — no such entry). In a workspace, each consumer must explicitly declare its dependency to ensure correct resolution, tooling, and future publish behavior. Relying on hoisting via another workspace (e.g., @minsky/reviewer) is brittle and can break local runs or future workspace changes.

Suggested fixes (choose one):

• Add "@minsky/shared": "workspace:*" to the root package.json dependencies (or devDependencies if only used in tests/tooling), or

• Remove the root-level re-export and update any root call sites to import directly from @minsky/shared/safe-truncate in packages that do declare the dependency.

• [BLOCKING] packages/shared/package.json:1 — @minsky/shared exports TypeScript sources with noEmit, coupling consumers to Bun TS loader and reducing portability
  The shared package @minsky/shared currently exports .ts entry points and has noEmit in its tsconfig.json:

• packages/shared/package.json:

{
  "type": "module",
  "exports": {
    ".": "./src/index.ts",
    "./safe-truncate": "./src/safe-truncate.ts"
  }
}

• packages/shared/tsconfig.json:

{
  "compilerOptions": {
    "rootDir": "src",
    "noEmit": true
  }
}

This means the package ships TypeScript sources and relies on the runtime (Bun) to load TS directly. That couples all consumers to Bun and breaks portability to Node or bundlers that do not transpile TS on the fly. It also complicates future publishing or reuse outside this monorepo.

Suggested fix: add a build step to emit JavaScript (e.g., tsc or tsup/esbuild) into a dist/ directory, and update exports to point to built .js files (and optionally types to dist/*.d.ts). For example:

• scripts.build: tsc -p packages/shared/tsconfig.build.json
• exports: { ".": "./dist/index.js", "./safe-truncate": "./dist/safe-truncate.js" }
• Ensure the Dockerfile copies the built output (or runs the build) so runtime does not depend on TS loading.

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

Thanks for the updates — the prior blocking issue about the root package missing a declared dependency on @minsky/shared is addressed in the root package.json. The workspace rewiring and Dockerfile adjustments look coherent, and the reviewer service imports now point to @minsky/shared/safe-truncate as intended. However, @minsky/shared still exports TypeScript sources with noEmit, leaving no JS build artifacts and coupling consumers to a TS-aware runtime. Please add a build output (JS + types) and point exports to the built files. As a non-blocking hardening, consider adding an early guard in the Dockerfile to fail fast when the build context is misconfigured. Once the shared package portability issue is fixed, this should be ready to merge.

Findings

• [BLOCKING] packages/shared/package.json:8 — @minsky/shared exports TypeScript sources with noEmit, coupling consumers to a TS runtime and reducing portability
  The shared package currently points its exports to TypeScript source files ("./src/index.ts", "./src/safe-truncate.ts") while packages/shared/tsconfig.json sets "noEmit": true (packages/shared/tsconfig.json:5). This means the package has no JavaScript build artifacts and relies on a TS-aware runtime (e.g., Bun's TS loader) to work. That reduces portability and can break consumers in non-Bun contexts, Node without a TS loader, or tooling that resolves exports expecting .js.

Concrete evidence:

• packages/shared/package.json:8-10 — exports target .ts sources.
• packages/shared/tsconfig.json:4-6 — noEmit: true (no build output).

Suggested fix:

• Add a build step for @minsky/shared that emits .js (e.g., tsc -p packages/shared/tsconfig.build.json with outDir to dist/),
• Point exports to built JavaScript (e.g., "." : "./dist/index.js", "./safe-truncate": "./dist/safe-truncate.js"),
• Optionally add types fields (or subpath "types") pointing to .d.ts for editor/TS consumers.

Once built outputs exist and exports reference them, consumers won't need a TS runtime and the package will be portable across environments.

• [NON-BLOCKING] services/reviewer/Dockerfile:1 — Docker build assumes repo-root context; consider adding an early guard to fail fast if built with services/reviewer context
  The Dockerfile now COPYs from packages/shared/... and services/reviewer/... expecting the build context to be the repo root. If Railway (or a local build) is still configured with rootDirectory: services/reviewer, these COPYs will fail late with confusing errors. Consider adding a lightweight guard early in the Dockerfile to make the assumption explicit and fail fast, e.g.:

# Fail early if built with services/reviewer as context (shared package won't exist)
RUN test -f /app/packages/shared/package.json || (echo "This Dockerfile requires repo-root build context. Set rootDirectory='' in Railway." && exit 1)

This is not blocking given the documented post-merge config flip, but it hardens the developer experience and avoids head-scratching CI failures if the config lags.

[minsky-reviewer]

Independent adversarial review (Chinese-wall)
Reviewer: minsky-reviewer[bot] via openai:gpt-5
Tier: unknown

---

You addressed the prior root-dependency issue: the root now declares @minsky/shared, imports in the reviewer service were updated, and the Dockerfile coherently switches to a repo-root context. However, the core blocking item remains: @minsky/shared still exports TypeScript sources with noEmit, providing no JavaScript build output and coupling consumers to a TS-aware runtime. Please add a JS build (emit to dist) and point exports to built .js files. I also left a non-blocking note to add a fast-fail guard in the Dockerfile for incorrect build contexts. Once the shared package emits JS and exports are updated, this should be ready to merge.

Findings

• [BLOCKING] packages/shared/package.json:7 — @minsky/shared still exports TypeScript sources with no JS build output, coupling consumers to a TS-aware runtime
  packages/shared/package.json points its exports at TypeScript source files ("./src/index.ts", "./src/safe-truncate.ts"), while packages/shared/tsconfig.json sets "noEmit": true (no build artifacts). Evidence:

• packages/shared/package.json:7-10 — exports target .ts sources.

• packages/shared/tsconfig.json:4-6 — noEmit: true.

This means the package ships TS only and relies on a TS-capable runtime (e.g., Bun) to execute. That reduces portability (Node without a TS loader, many bundlers, or future non-Bun contexts) and risks breakage when used outside Bun or when tooling resolves exports expecting .js. The earlier review requested adding a JS build for @minsky/shared and pointing exports to built JS; that change is still missing.

Suggested fix:

• Add a build step that emits JS to dist/ (e.g., tsc/tsup/esbuild).
• Update exports to ".": "./dist/index.js" and "./safe-truncate": "./dist/safe-truncate.js".
• Optionally add types (and/or subpath types) to dist/*.d.ts.
• Ensure the Dockerfile either copies built output or runs the build at image build time.
• [NON-BLOCKING] services/reviewer/Dockerfile:1 — Consider a fast-fail guard for incorrect (services/reviewer) build context
  This Dockerfile now assumes repo-root context to COPY packages/shared/... alongside services/reviewer/.... If a build is accidentally invoked with services/reviewer/ as context (e.g., Railway config not yet flipped), the COPYs will fail later with less-clear errors. Consider adding an early guard to fail fast with a helpful message, e.g.:

# Fail early if built with services/reviewer as context
RUN test -f /app/packages/shared/package.json || (echo "This Dockerfile requires repo-root build context. Set rootDirectory='' in Railway." && exit 1)

Non-blocking given the documented post-merge config flip, but it hardens the DX and avoids confusion if the config lags.

Spec verification

Criterion	Status	Evidence
Root package declares a dependency on @minsky/shared if it re-exports from it	Met	src/utils/safe-truncate.ts re-exports from @minsky/shared/safe-truncate (src/utils/safe-truncate.ts:1-4), and root package.json now includes "@minsky/shared": "workspace:*" in dependencies (package.json:89-93).
@minsky/shared provides JavaScript build outputs and exports point to built JS, not TypeScript sources	Not Met	packages/shared/package.json exports TS sources: ".": "./src/index.ts", "./safe-truncate": "./src/safe-truncate.ts" (packages/shared/package.json:7-10). packages/shared/tsconfig.json has "noEmit": true (packages/shared/tsconfig.json:4-6). No build script or dist/ outputs present.
Reviewer service compiles and resolves @minsky/shared/safe-truncate via workspace dependency	Met	Updated imports in reviewer service reference @minsky/shared/safe-truncate (e.g., services/reviewer/src/sanitize.ts:19, prior-review-summary.ts:10, asks-reconcile-scheduler.ts:44). services/reviewer/package.json declares "@minsky/shared": "workspace:*" (services/reviewer/package.json:16). Dockerfile installs from repo root workspace and copies shared sources (services/reviewer/Dockerfile:8-36).
Dockerfile change is coherent with Railway deploy shape or guarded to fail fast if misconfigured	Met	Dockerfile comments and structure assume repo-root context and install via root workspace (services/reviewer/Dockerfile:2-18, 24-36, 43). PR description outlines post-merge Railway config flip. While no guard is added, the change is coherent and documented; non-blocking suggestion added for a fast-fail guard.