@desplega.ai/agent-swarm 1.85.0 → 1.86.0

package/src/tests/entrypoint-config-env-export.test.ts

@@ -0,0 +1,81 @@
+import { describe, expect, test } from "bun:test";
+
+/**
+ * Tests for the config→env-var export filter in docker-entrypoint.sh.
+ *
+ * The entrypoint fetches swarm config and writes valid POSIX identifier keys
+ * to /tmp/swarm_config.env for sourcing. Keys containing hyphens or other
+ * non-identifier characters must be skipped — otherwise `source` interprets
+ * them as commands:
+ *
+ *   CF-Access-Client-Id=84853443... → "command not found"
+ *
+ * This filter mirrors the jq expression in docker-entrypoint.sh so the
+ * logic can be verified without a Docker environment.
+ */
+
+const POSIX_IDENTIFIER = /^[A-Za-z_][A-Za-z0-9_]*$/;
+const DYNAMIC_KEYS = new Set(["codex_oauth", "HARNESS_PROVIDER"]);
+
+/** Mirrors the jq filter in docker-entrypoint.sh. */
+function filterForEnvExport(
+  configs: Array<{ key: string; value: string }>,
+): Record<string, string> {
+  const result: Record<string, string> = {};
+  for (const { key, value } of configs) {
+    if (DYNAMIC_KEYS.has(key)) continue;
+    if (!POSIX_IDENTIFIER.test(key)) continue;
+    result[key] = value;
+  }
+  return result;
+}
+
+describe("entrypoint config env export: POSIX identifier filter", () => {
+  test("includes valid POSIX identifier keys", () => {
+    const result = filterForEnvExport([
+      { key: "FOO", value: "bar" },
+      { key: "MY_VAR_123", value: "val" },
+      { key: "_UNDERSCORE_START", value: "ok" },
+    ]);
+    expect(result.FOO).toBe("bar");
+    expect(result.MY_VAR_123).toBe("val");
+    expect(result._UNDERSCORE_START).toBe("ok");
+  });
+
+  test("excludes hyphenated keys (CF-Access-Client-Id pattern)", () => {
+    const result = filterForEnvExport([
+      { key: "FOO", value: "keep" },
+      { key: "CF-Access-Client-Id", value: "secret1" },
+      { key: "CF-Access-Client-Secret", value: "secret2" },
+      { key: "BAR", value: "keep" },
+    ]);
+    expect(result.FOO).toBe("keep");
+    expect(result.BAR).toBe("keep");
+    expect("CF-Access-Client-Id" in result).toBe(false);
+    expect("CF-Access-Client-Secret" in result).toBe(false);
+  });
+
+  test("excludes keys starting with a digit", () => {
+    const result = filterForEnvExport([
+      { key: "VALID", value: "yes" },
+      { key: "123_INVALID", value: "no" },
+    ]);
+    expect(result.VALID).toBe("yes");
+    expect("123_INVALID" in result).toBe(false);
+  });
+
+  test("excludes codex_oauth and HARNESS_PROVIDER (existing behaviour)", () => {
+    const result = filterForEnvExport([
+      { key: "NORMAL", value: "val" },
+      { key: "codex_oauth", value: "secret" },
+      { key: "HARNESS_PROVIDER", value: "claude" },
+    ]);
+    expect(result.NORMAL).toBe("val");
+    expect("codex_oauth" in result).toBe(false);
+    expect("HARNESS_PROVIDER" in result).toBe(false);
+  });
+
+  test("returns empty object for empty configs array", () => {
+    expect(filterForEnvExport([])).toEqual({});
+  });
+});

package/src/tests/follow-up-redelivery-guard.test.ts

@@ -1,11 +1,14 @@
 import { afterAll, beforeAll, describe, expect, test } from "bun:test";
 import { unlinkSync } from "node:fs";
 import {
+  cancelTask,
   closeDb,
   completeTask,
   createAgent,
   createTaskExtended,
+  failTask,
   findCompletedTaskInThread,
+  findRecentCancelledTaskInThread,
   getDb,
   getTaskById,
   initDb,
@@ -229,6 +232,168 @@ describe("follow-up re-delegation guard logic", () => {
     // → Guard does NOT block: first-time delegation is fine
   });
 
+  test("findRecentCancelledTaskInThread finds tasks with status='cancelled'", () => {
+    const agent = createAgent({
+      name: "cancel-thread-worker-1",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+    const task = createTaskExtended("cancelled work", {
+      agentId: agent.id,
+      slackChannelId: "C_CANCEL_1",
+      slackThreadTs: "9000.0001",
+    });
+    cancelTask(task.id, "user cancelled");
+
+    const result = findRecentCancelledTaskInThread("C_CANCEL_1", "9000.0001", 2880);
+    expect(result).not.toBeNull();
+    expect(result!.id).toBe(task.id);
+    expect(result!.status).toBe("cancelled");
+  });
+
+  test("findRecentCancelledTaskInThread finds failed tasks with 'cancelled' failureReason", () => {
+    const agent = createAgent({
+      name: "cancel-thread-worker-2",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+    const task = createTaskExtended("aborted work", {
+      agentId: agent.id,
+      slackChannelId: "C_CANCEL_2",
+      slackThreadTs: "9000.0002",
+    });
+    failTask(task.id, "cancelled");
+
+    const result = findRecentCancelledTaskInThread("C_CANCEL_2", "9000.0002", 2880);
+    expect(result).not.toBeNull();
+    expect(result!.id).toBe(task.id);
+    expect(result!.failureReason).toBe("cancelled");
+  });
+
+  test("findRecentCancelledTaskInThread finds failed tasks with 'exit 130' failureReason", () => {
+    const agent = createAgent({
+      name: "cancel-thread-worker-3",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+    const task = createTaskExtended("aborted work via SIGINT", {
+      agentId: agent.id,
+      slackChannelId: "C_CANCEL_3",
+      slackThreadTs: "9000.0003",
+    });
+    failTask(task.id, "exit 130: aborted by user");
+
+    const result = findRecentCancelledTaskInThread("C_CANCEL_3", "9000.0003", 2880);
+    expect(result).not.toBeNull();
+    expect(result!.id).toBe(task.id);
+  });
+
+  test("findRecentCancelledTaskInThread ignores plain failed tasks (no cancellation marker)", () => {
+    const agent = createAgent({
+      name: "cancel-thread-worker-4",
+      isLead: false,
+      status: "idle",
+      capabilities: [],
+    });
+    const task = createTaskExtended("genuinely failed work", {
+      agentId: agent.id,
+      slackChannelId: "C_CANCEL_4",
+      slackThreadTs: "9000.0004",
+    });
+    failTask(task.id, "TypeError: cannot read property of undefined");
+
+    const result = findRecentCancelledTaskInThread("C_CANCEL_4", "9000.0004", 2880);
+    expect(result).toBeNull();
+  });
+
+  test("guard bypasses re-delegation block when cancellation is more recent than completion", () => {
+    const channel = "C_BYPASS_1";
+    const thread = "10000.0001";
+
+    // Step 1: An old completed task in the thread
+    const completedTask = createTaskExtended("first attempt — completed", {
+      agentId: workerAgent.id,
+      slackChannelId: channel,
+      slackThreadTs: thread,
+    });
+    completeTask(completedTask.id, "first attempt done");
+
+    // Backdate to 30 minutes ago so the cancellation is more recent.
+    const thirtyMinAgo = new Date(Date.now() - 30 * 60 * 1000).toISOString();
+    getDb().run("UPDATE agent_tasks SET lastUpdatedAt = ? WHERE id = ?", [
+      thirtyMinAgo,
+      completedTask.id,
+    ]);
+
+    // Step 2: A more-recent cancellation in the same thread
+    const cancelledTask = createTaskExtended("second attempt — cancelled mid-work", {
+      agentId: workerAgent.id,
+      slackChannelId: channel,
+      slackThreadTs: thread,
+    });
+    cancelTask(cancelledTask.id, "cancelled");
+
+    // Guard checks:
+    const recentCompleted = findCompletedTaskInThread(channel, thread, 2880);
+    const recentCancelled = findRecentCancelledTaskInThread(channel, thread, 2880);
+    expect(recentCompleted).not.toBeNull();
+    expect(recentCancelled).not.toBeNull();
+
+    // The bypass condition: cancellation is more recent than completion.
+    const cancelledMoreRecent =
+      recentCancelled &&
+      new Date(recentCancelled.lastUpdatedAt).getTime() >
+        new Date(recentCompleted!.lastUpdatedAt).getTime();
+    expect(cancelledMoreRecent).toBe(true);
+
+    // → Guard does NOT block: re-delegation is allowed.
+  });
+
+  test("guard still blocks when completion is more recent than any cancellation", () => {
+    const channel = "C_BYPASS_2";
+    const thread = "11000.0001";
+
+    // Step 1: A cancelled task (older)
+    const cancelledTask = createTaskExtended("attempt 1 — cancelled", {
+      agentId: workerAgent.id,
+      slackChannelId: channel,
+      slackThreadTs: thread,
+    });
+    cancelTask(cancelledTask.id, "cancelled");
+
+    // Backdate the cancellation to 30 minutes ago
+    const thirtyMinAgo = new Date(Date.now() - 30 * 60 * 1000).toISOString();
+    getDb().run("UPDATE agent_tasks SET lastUpdatedAt = ? WHERE id = ?", [
+      thirtyMinAgo,
+      cancelledTask.id,
+    ]);
+
+    // Step 2: A more-recent completion (the retry succeeded)
+    const completedTask = createTaskExtended("attempt 2 — completed", {
+      agentId: workerAgent.id,
+      slackChannelId: channel,
+      slackThreadTs: thread,
+    });
+    completeTask(completedTask.id, "retry succeeded");
+
+    // Guard:
+    const recentCompleted = findCompletedTaskInThread(channel, thread, 2880);
+    const recentCancelled = findRecentCancelledTaskInThread(channel, thread, 2880);
+    expect(recentCompleted).not.toBeNull();
+    expect(recentCancelled).not.toBeNull();
+
+    const cancelledMoreRecent =
+      recentCancelled &&
+      new Date(recentCancelled.lastUpdatedAt).getTime() >
+        new Date(recentCompleted!.lastUpdatedAt).getTime();
+    expect(cancelledMoreRecent).toBe(false);
+
+    // → Guard BLOCKS as before: the work was already redone successfully.
+  });
+
   test("allows delegation when source task is a follow-up but completed work is outside time window", () => {
     // Create and complete a worker task, then backdate it
     const oldWorkerTask = createTaskExtended("old task", {

package/src/tests/migration-046-budgets.test.ts

@@ -134,15 +134,16 @@ describe("migration 046 — budgets and pricing", () => {
     expect(colMap.get("effective_from")!.pk).toBeGreaterThan(0);
   });
 
-  test("pricing seed has exactly 12 rows (4 models × 3 token_classes), all at effective_from=0", () => {
+  test("pricing seed includes every known Codex model/token class at effective_from=0", () => {
     const db = getDb();
-    const total = db.prepare<CountRow, []>("SELECT COUNT(*) as cnt FROM pricing").get();
-    expect(total?.cnt).toBe(12);
+    const minimumCodexRows = Object.keys(CODEX_MODEL_PRICING).length * 3;
 
     const seedRows = db
-      .prepare<CountRow, []>("SELECT COUNT(*) as cnt FROM pricing WHERE effective_from = 0")
+      .prepare<CountRow, []>(
+        "SELECT COUNT(*) as cnt FROM pricing WHERE provider = 'codex' AND effective_from = 0",
+      )
       .get();
-    expect(seedRows?.cnt).toBe(12);
+    expect(seedRows?.cnt ?? 0).toBeGreaterThanOrEqual(minimumCodexRows);
   });
 
   test("every CODEX_MODEL_PRICING entry has rows for input / cached_input / output with matching rates", () => {

package/src/tests/pricing-routes.test.ts

@@ -16,6 +16,7 @@ import { closeDb, getDb, getLogsByEventType, initDb } from "../be/db";
 import { handleCore } from "../http/core";
 import { handlePricing } from "../http/pricing";
 import { getPathSegments, parseQueryParams } from "../http/utils";
+import { CODEX_MODEL_PRICING } from "../providers/codex-models";
 
 const TEST_DB_PATH = "./test-pricing-routes.sqlite";
 const API_KEY = "test-pricing-secret-key";
@@ -71,7 +72,7 @@ afterAll(async () => {
 afterEach(() => {
   const db = getDb();
   // Remove every non-seed pricing row so each test starts from the migration
-  // 044 seed (effective_from=0). The seed uses literal 0 for effective_from.
+  // seed rows (effective_from=0). The seed uses literal 0 for effective_from.
   db.prepare("DELETE FROM pricing WHERE effective_from > 0").run();
   db.prepare("DELETE FROM agent_log WHERE eventType LIKE 'pricing.%'").run();
 });
@@ -103,18 +104,18 @@ describe("Phase 6 — /api/pricing REST surface", () => {
   });
 
   describe("read endpoints", () => {
-    test("GET /api/pricing lists every row including the migration 044 seed", async () => {
+    test("GET /api/pricing lists every row including codex seed rows", async () => {
       const res = await authedFetch(`/api/pricing`);
       expect(res.status).toBe(200);
       const body = await res.json();
       expect(body.rows).toBeInstanceOf(Array);
-      // Migration 044 seeds 12 codex rows with effective_from=0. They should
-      // all be present here.
+      // Codex seed rows include the migration 046 baseline plus later model
+      // backfills. They should all be present here.
       const seedRows = body.rows.filter(
         (r: { provider: string; effectiveFrom: number }) =>
           r.provider === "codex" && r.effectiveFrom === 0,
       );
-      expect(seedRows.length).toBe(12);
+      expect(seedRows.length).toBe(Object.keys(CODEX_MODEL_PRICING).length * 3);
     });
 
     test("GET /api/pricing/{provider}/{model}/{tokenClass} returns rows latest-first", async () => {

package/src/tests/provider-adapter.test.ts

@@ -6,32 +6,32 @@ import { PiMonoAdapter } from "../providers/pi-mono-adapter";
 import type { CostData, ProviderEvent } from "../providers/types";
 
 describe("createProviderAdapter", () => {
-  test("returns ClaudeAdapter for 'claude'", () => {
-    const adapter = createProviderAdapter("claude");
+  test("returns ClaudeAdapter for 'claude'", async () => {
+    const adapter = await createProviderAdapter("claude");
     expect(adapter).toBeInstanceOf(ClaudeAdapter);
     expect(adapter.name).toBe("claude");
   });
 
-  test("returns PiMonoAdapter for 'pi'", () => {
-    const adapter = createProviderAdapter("pi");
+  test("returns PiMonoAdapter for 'pi'", async () => {
+    const adapter = await createProviderAdapter("pi");
     expect(adapter).toBeInstanceOf(PiMonoAdapter);
     expect(adapter.name).toBe("pi");
   });
 
-  test("returns OpencodeAdapter for 'opencode'", () => {
-    const adapter = createProviderAdapter("opencode");
+  test("returns OpencodeAdapter for 'opencode'", async () => {
+    const adapter = await createProviderAdapter("opencode");
     expect(adapter).toBeInstanceOf(OpencodeAdapter);
     expect(adapter.name).toBe("opencode");
   });
 
-  test("throws for unknown provider", () => {
-    expect(() => createProviderAdapter("unknown")).toThrow(
+  test("throws for unknown provider", async () => {
+    expect(createProviderAdapter("unknown")).rejects.toThrow(
       'Unknown HARNESS_PROVIDER: "unknown". Supported: claude, pi, codex, devin, claude-managed, opencode',
     );
   });
 
-  test("throws for empty string", () => {
-    expect(() => createProviderAdapter("")).toThrow("Unknown HARNESS_PROVIDER");
+  test("throws for empty string", async () => {
+    expect(createProviderAdapter("")).rejects.toThrow("Unknown HARNESS_PROVIDER");
   });
 });
 

package/src/tests/provider-command-format.test.ts

@@ -37,10 +37,10 @@ describe("ProviderAdapter.formatCommand", () => {
     expect(codex.name).toBe("codex");
   });
 
-  test("createProviderAdapter returns adapters that implement formatCommand", () => {
-    const claudeAdapter = createProviderAdapter("claude");
-    const piAdapter = createProviderAdapter("pi");
-    const codexAdapter = createProviderAdapter("codex");
+  test("createProviderAdapter returns adapters that implement formatCommand", async () => {
+    const claudeAdapter = await createProviderAdapter("claude");
+    const piAdapter = await createProviderAdapter("pi");
+    const codexAdapter = await createProviderAdapter("codex");
     expect(typeof claudeAdapter.formatCommand).toBe("function");
     expect(typeof piAdapter.formatCommand).toBe("function");
     expect(typeof codexAdapter.formatCommand).toBe("function");

package/src/tests/session-costs-codex-recompute.test.ts

@@ -153,6 +153,31 @@ describe("Phase 6 — POST /api/session-costs: Codex USD recompute", () => {
     expect(body.cost.totalCostUsd).toBeCloseTo(6.64, 5);
   });
 
+  test("provider=codex model=gpt-5.5 uses seeded pricing rows instead of falling through to unpriced", async () => {
+    const res = await authedFetch(`/api/session-costs`, {
+      method: "POST",
+      body: JSON.stringify({
+        sessionId: "codex-gpt-5-5-regression",
+        agentId: testAgent.id,
+        totalCostUsd: 0,
+        // Mirrors task 1a459c1c-c89c-417a-a60c-6a060ad4a602.
+        inputTokens: 3_495_764,
+        cacheReadTokens: 3_333_632,
+        outputTokens: 8_106,
+        model: "gpt-5.5",
+        provider: "codex",
+        durationMs: 1_000,
+        numTurns: 1,
+      }),
+    });
+    expect(res.status).toBe(201);
+    const body = (await res.json()) as CreatedCostResponse;
+    expect(body.cost.costSource).toBe("pricing-table");
+    // uncached = 3,495,764 - 3,333,632 = 162,132
+    // cost = (162,132 * 5.0 + 3,333,632 * 0.5 + 8,106 * 30.0) / 1_000_000
+    expect(body.cost.totalCostUsd).toBeCloseTo(2.720656, 6);
+  });
+
   test("provider=codex but input/output rows missing → 'unpriced', worker value preserved", async () => {
     // Only seed cached_input. Missing input + output blocks recompute and
     // Phase 2 tags the row 'unpriced' (no rates means we can't trust harness USD either).

package/src/tools/send-task.ts

@@ -4,6 +4,7 @@ import * as z from "zod";
 import {
   createTaskExtended,
   findCompletedTaskInThread,
+  findRecentCancelledTaskInThread,
   getActiveTaskCount,
   getAgentById,
   getDb,
@@ -192,6 +193,13 @@ export async function sendTaskHandler(
   // When the source task is a "follow-up" (worker completed/failed notification),
   // check if there are completed tasks in the same Slack thread recently.
   // This prevents the cycle: worker completes → follow-up → Lead re-delegates → repeat.
+  //
+  // Exception: if a MORE RECENT task in the same thread was cancelled (exit 130,
+  // status='cancelled', or status='failed' with failureReason containing
+  // "cancelled"), bypass the guard. A cancellation means the work was
+  // interrupted — re-dispatch is the correct response, not a deduped no-op.
+  // Without this bypass, a cancelled worker permanently jams the thread
+  // against re-delegation when an earlier completed sibling exists.
   if (sourceTaskId) {
     const sourceTask = getTaskById(sourceTaskId);
     if (
@@ -205,15 +213,28 @@ export async function sendTaskHandler(
         2880, // 48 hours in minutes
       );
       if (recentCompleted) {
-        const msg = `Blocked: re-delegation from follow-up task in a thread that already has completed work (task ${recentCompleted.id.slice(0, 8)}). The original request was already handled.`;
-        return {
-          content: [{ type: "text", text: msg }],
-          structuredContent: {
-            yourAgentId: creatorAgentId,
-            success: false,
-            message: msg,
-          },
-        };
+        const recentCancelled = findRecentCancelledTaskInThread(
+          sourceTask.slackChannelId,
+          sourceTask.slackThreadTs,
+          2880,
+        );
+        const cancelledMoreRecent =
+          recentCancelled &&
+          new Date(recentCancelled.lastUpdatedAt).getTime() >
+            new Date(recentCompleted.lastUpdatedAt).getTime();
+        if (!cancelledMoreRecent) {
+          const msg = `Blocked: re-delegation from follow-up task in a thread that already has completed work (task ${recentCompleted.id.slice(0, 8)}). The original request was already handled.`;
+          return {
+            content: [{ type: "text", text: msg }],
+            structuredContent: {
+              yourAgentId: creatorAgentId,
+              success: false,
+              message: msg,
+            },
+          };
+        }
+        // else: fall through — the cancellation is more recent than the
+        // completion, so re-delegation is legitimate.
       }
     }
   }

package/src/utils/context-window.ts

@@ -27,6 +27,7 @@ export const CONTEXT_FORMULA = "input-cache-output" as const;
 
 const CONTEXT_WINDOW_DEFAULTS: Record<string, number> = {
   // Anthropic 4.x family
+  "claude-opus-4-8": 1_000_000,
   "claude-opus-4-7": 1_000_000,
   "claude-opus-4-6": 1_000_000,
   "claude-opus-4-5": 1_000_000,

package/templates/schedules/daily-blocker-digest/config.json

@@ -0,0 +1,13 @@
+{
+  "kind": "schedule",
+  "name": "daily-blocker-digest",
+  "displayName": "Daily Blocker Digest",
+  "slug": "daily-blocker-digest",
+  "title": "Daily Blocker Digest",
+  "description": "Ask the lead to summarize stuck work, failing checks, and owner decisions every weekday.",
+  "version": "1.0.0",
+  "category": "schedules",
+  "placeholders": ["SLACK_CHANNEL_ID", "TIMEZONE"],
+  "runAllSeedersCandidate": true,
+  "tags": ["operations", "slack", "digest"]
+}

package/templates/schedules/daily-blocker-digest/content.md

@@ -0,0 +1,150 @@
+# Daily Blocker Digest
+
+Ask the lead to summarize stuck work, failing checks, and owner decisions every weekday.
+
+## Schedule
+
+```json
+{
+  "cron": "5 2 * * *",
+  "timezone": "UTC",
+  "agentRole": "lead",
+  "enabled": true
+}
+```
+
+## Scheduled Task
+
+This is the full task prompt the schedule runs on each fire — including the accumulated operational learnings baked into it. Adapt the swarm-specific references (channel IDs, agent names, repo paths) to your environment before enabling.
+
+Task Type: Daily Blocker Digest — "Compound Prelude" (unified with PR review)
+
+You are Lead. This runs 5 minutes before the compound evolution. Purpose: surface every item claimed to be "awaiting human" so the compound can detect stale-state items (blockers actually resolved but never removed), AND provide the single daily summary of open PRs. Rule from Taras (2026-04-22): verify, don't assume.
+
+---
+
+## Phase 1: Gather Blockers from 4 Sources
+
+### 1A. HEARTBEAT.md "Active Blockers" section
+Read `/workspace/HEARTBEAT.md`. Extract every bullet under "Active Blockers (awaiting Taras)" or similar. Each item is a claim of the form "X is broken/pending".
+
+### 1B. Open PRs across all our repos — with clickable URLs
+Loop over the repo list and gather ALL open PRs with their URL, age, review status, draft flag, labels, author.
+
+```bash
+for repo in desplega-ai/agent-swarm desplega-ai/agent-swarm-landing desplega-ai/landing desplega-ai/landing-labs desplega-ai/qa-use desplega-ai/agent-fs desplega-ai/chat-py desplega-ai/argus desplega-ai/argus-action desplega-ai/ai-toolbox desplega-ai/agent-work; do
+  gh pr list --repo "$repo" --state open --json number,title,author,createdAt,url,reviewDecision,isDraft,labels 2>/dev/null | jq --arg repo "$repo" '.[] | . + {repo: $repo}'
+done
+```
+
+Compute `daysOpen` from `createdAt`. Split PRs into buckets:
+- **Dependabot**: author.login == "dependabot" or "app/dependabot" — handled separately at the bottom
+- **Security dependabot**: any dependabot PR with "critical", "high", "security", or "vulnerability" in title or labels — list separately with :shield:
+- **Stale** (60+ days open): :rotating_light: at the top
+- **Aging** (30-59 days): :warning:
+- **Recent** (<30 days): normal listing
+
+Format every PR link as: `<URL|repo #NUM>` — always a clickable Slack link, never raw numbers.
+
+### 1C. Tasks awaiting user reply
+Use `db-query`:
+```sql
+SELECT id, task, slackUserId, createdAt
+FROM agent_tasks
+WHERE slackReplySent = 1
+  AND status = 'completed'
+  AND requestedByUserId IS NOT NULL
+  AND datetime(createdAt) > datetime('now', '-7 days')
+ORDER BY createdAt DESC
+LIMIT 20
+```
+
+### 1D. Stuck in-flight tasks
+Use `get-tasks` with status=in_progress. Flag any with `lastUpdatedAt` >2h old.
+
+---
+
+## Phase 2: Verify Each Blocker Claim
+
+For each claim in 1A, run a quick verification:
+- PR numbers → check if merged (use gh pr view)
+- API/key issues → test the actual API (curl + check response)
+- "awaiting response from X" items → check Slack thread for newer messages
+- Worker-activity claims → check the actual task status
+
+Do NOT trust the HEARTBEAT wording. If verification shows the item is resolved, mark it `RESOLVED-STALE` and commit to removing from HEARTBEAT in Phase 4.
+
+---
+
+## Phase 3: Post Unified Digest to Slack
+
+Use `slack-post` with channelId `C0A4J7GB0UD`, pinging `<@U08NR6QD6CS>`. Format:
+
+```
+:clipboard: *Daily Blocker Digest + PR Review* — [YYYY-MM-DD]
+
+<@U08NR6QD6CS> Here's the combined morning digest.
+
+*Awaiting Taras — HEARTBEAT blockers* (N verified real, M stale)
+• PR link — <title> — [verified: still open]
+• <other item> — [verified: status]
+• ~~<stale item>~~ — RESOLVED-STALE, removed from HEARTBEAT
+
+:rotating_light: *STALE PRs (60+ days)*
+1. <url|repo #NUM> — <title> (X days) — @author
+
+:warning: *AGING PRs (30-59 days)*
+1. <url|repo #NUM> — <title> (X days) — @author
+
+*Recent PRs*
+1. <url|repo #NUM> — <title> (X days) — @author
+
+:shield: *Security dependabot (merge soon)*
+• <url|repo #NUM> — <bump text>
+
+*Tasks awaiting user reply* (N)
+• <task summary> — from @<userId>
+
+*Stuck in-flight* (N, >2h no update)
+• <task id> — <age>
+
+---
+_Also: X dependabot PRs pending (routine dependency bumps)_
+_Stale HEARTBEAT items removed this run: N_
+```
+
+Keep it scannable. Every PR MUST be a clickable `<url|repo #N>` link. If everything is clean, say "All clear — no blockers, no stuck tasks, only routine dependabot churn."
+
+---
+
+## Phase 4: Clean HEARTBEAT.md
+
+For each item marked `RESOLVED-STALE`:
+- Remove the line from `/workspace/HEARTBEAT.md`
+- Save a shared memory noting the stale-state catch (permanent receipt for the compound)
+
+---
+
+## Phase 5: Hand-off to Compound
+
+Write a memory titled `daily-blocker-digest-YYYY-MM-DD.md` to `/workspace/shared/memory/d454d1a5-4df9-49bd-8a89-e58d6a657dc3/` with:
+- List of all verified blockers (still real) with PR URLs
+- List of RESOLVED-STALE items removed this run
+- Summary counts: total PRs open, stale count, aging count
+- Any patterns noticed ("I keep forgetting X finished shipping on date Y")
+
+The compound evolution runs 5 minutes after this. Its Phase 0 reads this memory via `memory-search "daily-blocker-digest"`.
+
+---
+
+## Anti-patterns
+
+- ❌ Copying HEARTBEAT verbatim without verifying each line
+- ❌ Raw PR numbers instead of clickable `<url|repo #N>` links
+- ❌ Listing all dependabot PRs inline — collapse into single footer count (except security ones)
+- ❌ Marking things RESOLVED-STALE without evidence
+- ❌ Skipping Phase 4 — if you don't clean HEARTBEAT, the problem recurs tomorrow
+
+## Completion
+
+Call `store-progress` with status `completed` and `output` = one-paragraph summary of (a) how many blockers verified real vs stale, (b) PR counts (stale/aging/recent/dependabot), (c) any surprises.