@aitne/daemon 0.1.9 → 0.1.11

package/dist/core/context-paths.js

@@ -59,7 +59,7 @@ export const CONTEXT_RELATIVE_PATHS = {
     },
     routines: {
         index: "policies/routines/_index.md",
-        hourly: "policies/routines/hourly.md",
+        activityScan: "policies/routines/activity-scan.md",
         morning: "policies/routines/morning.md",
         evening: "policies/routines/evening.md",
         weekly: "policies/routines/weekly.md",
@@ -68,6 +68,11 @@ export const CONTEXT_RELATIVE_PATHS = {
     },
     // `~/.personal-agent/integrations.md` moved under `policies/`.
     integrations: "policies/integrations.md",
+    // Feedback Learning Loop (FEEDBACK_LEARNING_LOOP_DESIGN.md §3.3) —
+    // global `agent`-scope lessons store, lazy-created on first nightly
+    // consolidation write. Per-agent (`agent:<slug>`) lessons live next to
+    // the agent definition under `policies/agents/<slug>/lessons.md` (Phase 4).
+    agentLessons: "policies/agent-lessons.md",
     // User-registered skill bundles (lazy-created).
     skillsDir: "policies/skills",
     // ── plans/ ← projects/ + roadmap.md ──────────────────────────
@@ -221,6 +226,17 @@ export function gitRepoJournalPath(slug, dateStr) {
 export function customRoutinePath(slug) {
     return `policies/routines/custom/${slug}.md`;
 }
+/**
+ * Relative path to an Agent's per-agent (`agent:<slug>`) feedback lessons store
+ * (FEEDBACK_LEARNING_LOOP_DESIGN.md §3.3, Phase 4). Sits next to the agent
+ * definition at `policies/agents/<slug>/agent.md`; lazy-created on the first
+ * nightly consolidation write and injected only into that agent's own
+ * executions. The slug is assumed pre-validated (`isSafeAgentSlug`); this
+ * helper does not re-validate — it only composes the canonical path.
+ */
+export function agentLessonsPath(slug) {
+    return `policies/agents/${slug}/lessons.md`;
+}
 /**
  * Relative path to a dossier file for a given flow slug.
  */

package/dist/core/context-validation/prepare-write.js

@@ -1,4 +1,4 @@
-import { parseCustomRoutineSpec } from "../custom-routine-scheduler.js";
+import { parseCustomRoutineSpec } from "../custom-routines.js";
 import { validateContextFileFrontmatter } from "../context-frontmatter.js";
 import { isAgentDefinitionPath, validateAgentDefinitionMarkdown, } from "../agents/validate-agent-md.js";
 import { normalizeRoadmapForWrite, validateRoadmap, validateRoadmapTransition, } from "../roadmap-validate.js";

package/dist/core/context-validation/routine-rulebook.d.ts

@@ -1,4 +1,4 @@
-import type { CustomRoutineParseError } from "../custom-routine-scheduler.js";
+import type { CustomRoutineParseError } from "../custom-routines.js";
 /**
  * Pure validators for routine rulebooks and `.base` YAML files.
  *

package/dist/core/context-vault-aliases.d.ts

@@ -80,19 +80,6 @@ export interface VaultPathAlias {
  * `observations.payload`, and `messages.metadata`.
  */
 export declare const VAULT_PATH_ALIASES: readonly VaultPathAlias[];
-/**
- * Translate a vault-relative path from its legacy spelling to its
- * canonical six-class spelling. Returns the input verbatim (with
- * `aliased=false`) if no rule applies.
- *
- * Idempotent: calling the resolver on an already-canonical path is a
- * no-op. This is what makes it safe to invoke unconditionally at every
- * entry point.
- *
- * The resolver does not validate that the resulting path is reachable
- * on disk — that is the caller's job (e.g. `safePath` for the HTTP
- * route). The job here is purely string translation.
- */
 export declare function aliasVaultPath(relativePath: string): VaultPathAliasResult;
 /**
  * Diagnostic helper — returns every alias entry whose `fromPrefix` would

package/dist/core/context-vault-aliases.js

@@ -44,6 +44,24 @@
  */
 export const VAULT_PATH_ALIASES = [
     // Directory-prefix renames. Longest first.
+    // v0.1.10 → v0.1.11 "Hourly Check" → "Activity Scan" rename: the legacy
+    // pre-vault-v2 spellings must land on the NEW canonical file rather than
+    // the retired `…/hourly.md`, so these exact-file entries sit before the
+    // generic `routines/` / `dossiers/` prefix rules. The already-canonical
+    // old spellings (`policies/routines/hourly.md`, `knowledge/dossiers/
+    // hourly.md`) are handled by RENAMED_CANONICAL_FILES instead — the
+    // canonical fast-path in `aliasVaultPath` would short-circuit before
+    // this table is consulted.
+    {
+        fromPrefix: "routines/hourly",
+        toPrefix: "policies/routines/activity-scan",
+        exactOnly: true,
+    },
+    {
+        fromPrefix: "dossiers/hourly",
+        toPrefix: "knowledge/dossiers/activity-scan",
+        exactOnly: true,
+    },
     // `rules/policies/` (legacy capture dir) before `rules/`.
     { fromPrefix: "rules/policies/", toPrefix: "policies/management-captures/" },
     // `agent/scratch/` before `agent/`.
@@ -123,11 +141,30 @@ const DOMAIN_ENTITY_RE = new RegExp(`^(?<domain>${MANAGEMENT_DOMAIN_NAMES.join("
  * on disk — that is the caller's job (e.g. `safePath` for the HTTP
  * route). The job here is purely string translation.
  */
+/**
+ * Canonical-shaped paths that were RENAMED in place (same class, new file
+ * name). Checked before the canonical fast-path — a renamed file's old
+ * spelling is otherwise indistinguishable from a valid canonical path.
+ * v0.1.10 → v0.1.11: the "Hourly Check" agent became "Activity Scan";
+ * migration 0010 renames the files on disk, these entries keep old
+ * skill/curl paths working for a deprecation window.
+ */
+const RENAMED_CANONICAL_FILES = {
+    "policies/routines/hourly": "policies/routines/activity-scan",
+    "policies/routines/hourly.md": "policies/routines/activity-scan.md",
+    "knowledge/dossiers/hourly": "knowledge/dossiers/activity-scan",
+    "knowledge/dossiers/hourly.md": "knowledge/dossiers/activity-scan.md",
+};
 export function aliasVaultPath(relativePath) {
     // Defensive normalisation — strip a leading slash so the resolver can
     // be called with either form. Trailing slashes are preserved
     // (callers like the migration manifest use `state/inbox/` as a dir).
     const input = relativePath.startsWith("/") ? relativePath.slice(1) : relativePath;
+    // In-place file renames — must precede the canonical fast-path.
+    const renamed = RENAMED_CANONICAL_FILES[input];
+    if (renamed !== undefined) {
+        return { canonicalPath: renamed, legacyPath: input, aliased: true };
+    }
     // Already canonical — fast path.
     if (isCanonicalSixClassPath(input)) {
         return { canonicalPath: input, legacyPath: input, aliased: false };

package/dist/core/custom-routines.d.ts

@@ -0,0 +1,99 @@
+import { customRoutineSlugFromKey } from "@aitne/shared";
+/**
+ * LEGACY custom-routine file format (B-007 §5.8 Q3) — parsing/enumeration
+ * helpers only.
+ *
+ * The subsystem that FIRED these files (`CustomRoutineScheduler`, a per-file
+ * node-cron job emitting `routine.custom.<slug>` events) was retired at the
+ * Agents-hub redesign (AGENTS_HUB_REDESIGN_PLAN.md §3): user-defined recurring
+ * work is a user Agent now (`agents` + `recurring_schedules`, visible on
+ * `/agents` with metrics and execution history). What remains here serves two
+ * callers:
+ *
+ *   1. `core/agents/custom-routine-migration.ts` — the one-time boot converter
+ *      that turns each valid `policies/routines/custom/<slug>.md` into a user
+ *      Agent definition.
+ *   2. `core/context-validation/` — writes under the legacy path are still
+ *      validated against this format so existing files stay well-formed
+ *      (they are inert post-migration; the prompt-injection branch in
+ *      `policy-files.ts` remains for one release).
+ */
+export interface CustomRoutineSpec {
+    slug: string;
+    cron: string;
+    enabled: boolean;
+    /**
+     * Canonical model tier. Normalized from frontmatter — both legacy
+     * `light`/`heavy` and current `lite`/`medium`/`high` strings are
+     * accepted at parse time (`light → medium`, `heavy → high`).
+     */
+    backendTier: "lite" | "medium" | "high";
+    maxBudgetUsd: number;
+    processKey: string;
+}
+export type CustomRoutineParseError = {
+    kind: "missing_field";
+    field: string;
+} | {
+    kind: "invalid_cron";
+    value: string;
+} | {
+    kind: "invalid_slug";
+    value: string;
+} | {
+    kind: "invalid_type";
+    value: string;
+} | {
+    kind: "invalid_process_key";
+    value: string;
+} | {
+    kind: "invalid_enabled";
+    value: string;
+} | {
+    kind: "invalid_tier";
+    value: string;
+} | {
+    kind: "invalid_budget";
+    value: string;
+} | {
+    kind: "missing_checks_section";
+} | {
+    kind: "no_frontmatter";
+};
+export interface CustomRoutineEnumerationResult {
+    specs: CustomRoutineSpec[];
+    errors: {
+        slug: string;
+        error: CustomRoutineParseError;
+    }[];
+}
+/**
+ * Parse a `policies/routines/custom/<slug>.md` file body into a validated spec.
+ * Pure function — safe to unit-test exhaustively. Returns a discriminated
+ * result so callers can log structured errors without throwing.
+ */
+export declare function parseCustomRoutineSpec(slug: string, body: string): {
+    ok: true;
+    spec: CustomRoutineSpec;
+} | {
+    ok: false;
+    error: CustomRoutineParseError;
+};
+/**
+ * Enumerate every `policies/routines/custom/*.md` file under `contextDir` and
+ * parse each into a spec. Errors are returned alongside the successful
+ * specs so callers can log them without aborting.
+ *
+ * The readers are injectable for tests — by default they read from disk; a
+ * missing directory yields empty results.
+ */
+export declare function enumerateCustomRoutines(contextDir: string, options?: {
+    readDir?: (dir: string) => string[];
+    readFile?: (path: string) => string;
+}): CustomRoutineEnumerationResult;
+/**
+ * Convenience: extract the slug from a `policies/routines/custom/<slug>.md` path.
+ * Returns null if the path is outside the custom-routine directory.
+ */
+export declare function slugFromCustomRoutinePath(relativePath: string): string | null;
+export { customRoutineSlugFromKey };

package/dist/core/custom-routines.js

@@ -0,0 +1,187 @@
+import { existsSync, readFileSync, readdirSync } from "node:fs";
+import { join } from "node:path";
+import cron from "node-cron";
+import { customRoutineKey, customRoutineSlugFromKey } from "@aitne/shared";
+import { CONTEXT_RELATIVE_PATHS } from "./context-paths.js";
+/**
+ * Extract the frontmatter body between the opening and closing `---`
+ * delimiters. Returns null when the file has no YAML frontmatter.
+ */
+function extractFrontmatter(content) {
+    if (!content.startsWith("---\n") && !content.startsWith("---\r\n")) {
+        return null;
+    }
+    const afterOpen = content.startsWith("---\r\n") ? 5 : 4;
+    const endIdx = content.indexOf("\n---", afterOpen - 1);
+    if (endIdx < 0)
+        return null;
+    return content.slice(afterOpen, endIdx);
+}
+function readScalar(frontmatter, field) {
+    const re = new RegExp(`^${field}\\s*:\\s*(.+?)\\s*$`, "m");
+    const m = frontmatter.match(re);
+    if (!m)
+        return null;
+    let v = m[1].trim();
+    // Strip surrounding quotes (single or double).
+    if ((v.startsWith('"') && v.endsWith('"')) ||
+        (v.startsWith("'") && v.endsWith("'"))) {
+        v = v.slice(1, -1);
+    }
+    return v;
+}
+function hasChecksSection(content) {
+    return /^##\s+Checks\s*$/m.test(content);
+}
+/**
+ * Parse a `policies/routines/custom/<slug>.md` file body into a validated spec.
+ * Pure function — safe to unit-test exhaustively. Returns a discriminated
+ * result so callers can log structured errors without throwing.
+ */
+export function parseCustomRoutineSpec(slug, body) {
+    if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/.test(slug) || slug.length > 64) {
+        return { ok: false, error: { kind: "invalid_slug", value: slug } };
+    }
+    const fm = extractFrontmatter(body);
+    if (fm === null) {
+        return { ok: false, error: { kind: "no_frontmatter" } };
+    }
+    const typeRaw = readScalar(fm, "type");
+    if (!typeRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "type" } };
+    }
+    if (typeRaw !== "rule") {
+        return { ok: false, error: { kind: "invalid_type", value: typeRaw } };
+    }
+    const slugRaw = readScalar(fm, "slug");
+    if (!slugRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "slug" } };
+    }
+    if (slugRaw !== slug) {
+        return { ok: false, error: { kind: "invalid_slug", value: slugRaw } };
+    }
+    const processKeyRaw = readScalar(fm, "process_key");
+    if (!processKeyRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "process_key" } };
+    }
+    if (processKeyRaw !== customRoutineKey(slug)) {
+        return { ok: false, error: { kind: "invalid_process_key", value: processKeyRaw } };
+    }
+    const cronExpr = readScalar(fm, "cron");
+    if (!cronExpr) {
+        return { ok: false, error: { kind: "missing_field", field: "cron" } };
+    }
+    if (!cron.validate(cronExpr)) {
+        return { ok: false, error: { kind: "invalid_cron", value: cronExpr } };
+    }
+    const tierRaw = readScalar(fm, "backend_tier");
+    if (!tierRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "backend_tier" } };
+    }
+    // Accept the legacy two-tier names ("light" / "heavy") and the canonical
+    // three-tier names ("lite" / "medium" / "high"). Legacy "light" maps to
+    // Sonnet (medium) and "heavy" to Opus (high), preserving behavior of
+    // user-authored routine files written before the rename.
+    const tierAliasMap = {
+        "lite": "lite",
+        "medium": "medium",
+        "high": "high",
+        "light": "medium",
+        "heavy": "high",
+    };
+    const normalizedTier = tierAliasMap[tierRaw];
+    if (!normalizedTier) {
+        return { ok: false, error: { kind: "invalid_tier", value: tierRaw } };
+    }
+    const budgetRaw = readScalar(fm, "max_budget_usd");
+    if (!budgetRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "max_budget_usd" } };
+    }
+    const budget = Number(budgetRaw);
+    if (!Number.isFinite(budget) || budget <= 0) {
+        return { ok: false, error: { kind: "invalid_budget", value: budgetRaw } };
+    }
+    const enabledRaw = readScalar(fm, "enabled");
+    if (!enabledRaw) {
+        return { ok: false, error: { kind: "missing_field", field: "enabled" } };
+    }
+    if (enabledRaw !== "true" && enabledRaw !== "false") {
+        return { ok: false, error: { kind: "invalid_enabled", value: enabledRaw } };
+    }
+    const enabled = enabledRaw === "true";
+    if (!hasChecksSection(body)) {
+        return { ok: false, error: { kind: "missing_checks_section" } };
+    }
+    return {
+        ok: true,
+        spec: {
+            slug,
+            cron: cronExpr,
+            enabled,
+            backendTier: normalizedTier,
+            maxBudgetUsd: budget,
+            processKey: customRoutineKey(slug),
+        },
+    };
+}
+/**
+ * Enumerate every `policies/routines/custom/*.md` file under `contextDir` and
+ * parse each into a spec. Errors are returned alongside the successful
+ * specs so callers can log them without aborting.
+ *
+ * The readers are injectable for tests — by default they read from disk; a
+ * missing directory yields empty results.
+ */
+export function enumerateCustomRoutines(contextDir, options) {
+    const dir = join(contextDir, CONTEXT_RELATIVE_PATHS.routines.customDir);
+    const readDir = options?.readDir ?? defaultReadDir;
+    const readFile = options?.readFile ?? defaultReadFile;
+    const files = readDir(dir);
+    const specs = [];
+    const errors = [];
+    for (const fileName of files) {
+        if (!fileName.endsWith(".md"))
+            continue;
+        const slug = fileName.slice(0, -3);
+        let body;
+        try {
+            body = readFile(join(dir, fileName));
+        }
+        catch {
+            continue;
+        }
+        const result = parseCustomRoutineSpec(slug, body);
+        if (result.ok) {
+            specs.push(result.spec);
+        }
+        else {
+            errors.push({ slug, error: result.error });
+        }
+    }
+    return { specs, errors };
+}
+function defaultReadDir(dir) {
+    if (!existsSync(dir))
+        return [];
+    return readdirSync(dir);
+}
+function defaultReadFile(path) {
+    return readFileSync(path, "utf-8");
+}
+/**
+ * Convenience: extract the slug from a `policies/routines/custom/<slug>.md` path.
+ * Returns null if the path is outside the custom-routine directory.
+ */
+export function slugFromCustomRoutinePath(relativePath) {
+    const prefix = `${CONTEXT_RELATIVE_PATHS.routines.customDir}/`;
+    if (!relativePath.startsWith(prefix))
+        return null;
+    const rest = relativePath.slice(prefix.length);
+    if (!rest.endsWith(".md"))
+        return null;
+    const slug = rest.slice(0, -3);
+    if (slug.includes("/"))
+        return null;
+    return slug;
+}
+export { customRoutineSlugFromKey };

package/dist/core/daemon-api-cli.js

@@ -1,5 +1,6 @@
 import { chmodSync, mkdirSync, writeFileSync } from "node:fs";
 import { delimiter, dirname, join } from "node:path";
+import { BACKEND_IDS, getManagedApiKeyEnvVars, } from "@aitne/shared";
 export const SESSION_DAEMON_API_BIN_DIR = join(".pa", "bin");
 export const SESSION_DAEMON_API_CLI_REL_PATH = join(SESSION_DAEMON_API_BIN_DIR, "pa-api");
 export const SESSION_DAEMON_CURL_SHIM_REL_PATH = join(SESSION_DAEMON_API_BIN_DIR, "curl");
@@ -708,6 +709,50 @@ export function ensureDaemonApiCli(sessionDir) {
     /* c8 ignore stop */
     return cliPath;
 }
+/**
+ * Daemon-internal secrets that must NEVER be inherited by an agent
+ * subprocess. Agents run with bypassPermissions and have Bash; `env` /
+ * `printenv` / `process.env` cannot be blocked at the tool layer, so a
+ * prompt-injected session could exfiltrate anything in its environment.
+ * `PA_MASTER_PASSWORD` decrypts the *entire* file-fallback secret store and
+ * has no legitimate use in a child process.
+ */
+const ALWAYS_STRIP_FROM_CHILD_ENV = ["PA_MASTER_PASSWORD"];
+function isBackendId(value) {
+    return BACKEND_IDS.includes(value);
+}
+/**
+ * Strip credentials a child agent must not see from a copied env:
+ *  - daemon-internal secrets (master password) — always.
+ *  - inactive backends' provider API keys — when the active backend is
+ *    known. The keychain mirror exports every configured backend's provider
+ *    key into the daemon's `process.env` globally, so without this a Claude
+ *    session's env also carries the user's OpenAI / Gemini / OpenCode
+ *    credentials. Scoping the keys to the backend that actually uses them
+ *    keeps a prompt-injected child from exfiltrating credentials it never
+ *    needs. Only applied when `sessionBackend` is a recognised backend id;
+ *    an absent/unknown value leaves the env untouched (no behaviour change
+ *    for non-agent spawns).
+ */
+function scrubSensitiveChildEnv(env, sessionBackend) {
+    for (const name of ALWAYS_STRIP_FROM_CHILD_ENV) {
+        delete env[name];
+    }
+    if (!sessionBackend || !isBackendId(sessionBackend))
+        return;
+    const activeVars = new Set(getManagedApiKeyEnvVars(sessionBackend));
+    for (const backendId of BACKEND_IDS) {
+        if (backendId === sessionBackend)
+            continue;
+        for (const name of getManagedApiKeyEnvVars(backendId)) {
+            // Keep any var the active backend also relies on (shared across
+            // providers, e.g. a common cloud credential).
+            if (activeVars.has(name))
+                continue;
+            delete env[name];
+        }
+    }
+}
 export function buildDaemonApiCliEnv(sessionDir, apiPort, optionsOrReadToken) {
     const options = typeof optionsOrReadToken === "string"
         ? { readToken: optionsOrReadToken }
@@ -717,10 +762,14 @@ export function buildDaemonApiCliEnv(sessionDir, apiPort, optionsOrReadToken) {
         pathParts.push(process.env.PATH);
     }
     const env = {
-        ...Object.fromEntries(Object.entries(process.env).filter((entry) => typeof entry[1] === "string")),
+        ...Object.fromEntries(Object.entries(process.env).filter((entry) => typeof entry[1] === "string" && entry[0].toUpperCase() !== "PATH")),
         PATH: pathParts.join(delimiter),
         [DAEMON_API_BASE_URL_ENV]: `http://127.0.0.1:${apiPort}`,
     };
+    // Remove daemon-internal secrets and inactive-backend provider keys before
+    // the child ever sees them. Must run after the process.env copy and before
+    // the PA_* identity vars below (which the child legitimately needs).
+    scrubSensitiveChildEnv(env, options.sessionBackend);
     if (options.readToken) {
         env[DAEMON_API_READ_TOKEN_ENV] = options.readToken;
     }

package/dist/core/day-boundary.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Day-boundary task runner with a per-agent-day idempotence marker —
+ * RESEARCH_CLUSTER_COST_FIX_PLAN.md F2 (defense in depth on top of the
+ * F1 per-cluster enqueue stamp).
+ *
+ * The scheduler invokes its day-boundary callback from THREE sites: the
+ * 04:00 cron, wake catch-up (which fires on every detected sleep gap
+ * >= 5 min — every macOS maintenance DarkWake), and the morning
+ * self-heal missed-fire path. Before this marker existed, each replay
+ * re-ran the full callback body; on 2026-06-11 that re-enqueued the
+ * same research cluster ~25x in one morning. Wrapping the body HERE —
+ * the single composition point — protects every future day-boundary
+ * addition, not just the research fan-out.
+ *
+ * Marker semantics: `runtime_state.day_boundary_last_agent_day` is
+ * written AFTER the body completes, not before. A sleep-interrupted or
+ * failed body therefore retries on the next scheduler fire (all three
+ * scheduler sites catch + log callback rejections), while replay safety
+ * of the individual steps comes from the steps themselves — the F1
+ * stamp for the fan-out, summarizeDmSessions' own incremental gating.
+ */
+import type Database from "better-sqlite3";
+export declare const DAY_BOUNDARY_LAST_AGENT_DAY_KEY = "day_boundary_last_agent_day";
+export interface DayBoundaryTasksDeps {
+    db: Database.Database;
+    /** Local agent-day label ('YYYY-MM-DD') the caller computes via
+     *  `getAgentDayDateStr(config.timezone, config.dayBoundaryHour)`. */
+    todayAgentDay: string;
+    summarizeDmSessions: () => Promise<void>;
+    fanoutResearchClusterUpdates: () => Promise<{
+        enqueuedSlugs: string[];
+    }>;
+}
+export type DayBoundaryTasksResult = {
+    ran: false;
+} | {
+    ran: true;
+    enqueuedSlugs: string[];
+};
+/**
+ * Run the day-boundary body at most once per agent-day. Returns
+ * `{ ran: false }` when the marker shows the body already completed for
+ * `todayAgentDay`. Errors propagate to the caller WITHOUT writing the
+ * marker, so the next scheduler fire retries the whole body.
+ */
+export declare function runDayBoundaryTasks(deps: DayBoundaryTasksDeps): Promise<DayBoundaryTasksResult>;

package/dist/core/day-boundary.js

@@ -0,0 +1,40 @@
+/**
+ * Day-boundary task runner with a per-agent-day idempotence marker —
+ * RESEARCH_CLUSTER_COST_FIX_PLAN.md F2 (defense in depth on top of the
+ * F1 per-cluster enqueue stamp).
+ *
+ * The scheduler invokes its day-boundary callback from THREE sites: the
+ * 04:00 cron, wake catch-up (which fires on every detected sleep gap
+ * >= 5 min — every macOS maintenance DarkWake), and the morning
+ * self-heal missed-fire path. Before this marker existed, each replay
+ * re-ran the full callback body; on 2026-06-11 that re-enqueued the
+ * same research cluster ~25x in one morning. Wrapping the body HERE —
+ * the single composition point — protects every future day-boundary
+ * addition, not just the research fan-out.
+ *
+ * Marker semantics: `runtime_state.day_boundary_last_agent_day` is
+ * written AFTER the body completes, not before. A sleep-interrupted or
+ * failed body therefore retries on the next scheduler fire (all three
+ * scheduler sites catch + log callback rejections), while replay safety
+ * of the individual steps comes from the steps themselves — the F1
+ * stamp for the fan-out, summarizeDmSessions' own incremental gating.
+ */
+import { readRuntimeState, writeRuntimeState } from "../db/runtime-state.js";
+export const DAY_BOUNDARY_LAST_AGENT_DAY_KEY = "day_boundary_last_agent_day";
+/**
+ * Run the day-boundary body at most once per agent-day. Returns
+ * `{ ran: false }` when the marker shows the body already completed for
+ * `todayAgentDay`. Errors propagate to the caller WITHOUT writing the
+ * marker, so the next scheduler fire retries the whole body.
+ */
+export async function runDayBoundaryTasks(deps) {
+    const { db, todayAgentDay } = deps;
+    const lastRunAgentDay = readRuntimeState(db, DAY_BOUNDARY_LAST_AGENT_DAY_KEY);
+    if (lastRunAgentDay === todayAgentDay) {
+        return { ran: false };
+    }
+    await deps.summarizeDmSessions();
+    const fanout = await deps.fanoutResearchClusterUpdates();
+    writeRuntimeState(db, DAY_BOUNDARY_LAST_AGENT_DAY_KEY, todayAgentDay);
+    return { ran: true, enqueuedSlugs: fanout.enqueuedSlugs };
+}