@geekbeer/minion 3.13.0 → 3.16.1

package/core/lib/dag-node-executor.js

@@ -0,0 +1,81 @@
+/**
+ * DAG Node Executor
+ *
+ * Handles the execution lifecycle of a single DAG node.
+ * Responsible for:
+ * - Extracting structured output_data from skill execution results
+ * - Reporting completion to HQ via /api/dag/minion/node-complete
+ *
+ * Called by the post-execution hook in skills.js when a DAG node skill completes.
+ */
+
+const { reportNodeComplete } = require('./dag-step-poller')
+
+/**
+ * Parse structured output_data from a skill's execution output.
+ *
+ * Convention: Skills produce structured output via a "## Output Data" section
+ * in their execution report, containing a JSON code block.
+ *
+ * Example:
+ * ```
+ * ## Output Data
+ * ```json
+ * { "results": [...], "count": 5 }
+ * ```
+ * ```
+ *
+ * If no structured output is found, wraps the raw summary as { _raw: "..." }
+ */
+function extractOutputData(summary, details) {
+  const fullText = [summary, details].filter(Boolean).join('\n\n')
+
+  // Try to find ## Output Data section with JSON
+  const outputDataMatch = fullText.match(
+    /##\s*Output\s*Data\s*\n+```(?:json)?\s*\n([\s\S]*?)\n```/i
+  )
+
+  if (outputDataMatch) {
+    try {
+      return JSON.parse(outputDataMatch[1].trim())
+    } catch {
+      console.warn('[DagNodeExecutor] Failed to parse Output Data JSON, using raw')
+    }
+  }
+
+  // Fallback: try to parse the entire summary as JSON
+  if (summary) {
+    try {
+      const parsed = JSON.parse(summary)
+      if (typeof parsed === 'object' && parsed !== null) {
+        return parsed
+      }
+    } catch {
+      // Not JSON, use raw
+    }
+  }
+
+  return { _raw: fullText || '' }
+}
+
+/**
+ * Report DAG node completion with extracted output_data.
+ *
+ * @param {string} nodeExecutionId - The dag_node_execution ID
+ * @param {string} status - 'completed' or 'failed'
+ * @param {string} summary - Execution summary text
+ * @param {string} details - Execution details text
+ */
+async function reportDagNodeComplete(nodeExecutionId, status, summary, details) {
+  const outputSummary = [summary, details].filter(Boolean).join('\n\n')
+  const outputData = status === 'completed'
+    ? extractOutputData(summary, details)
+    : {}
+
+  return reportNodeComplete(nodeExecutionId, status, outputData, outputSummary)
+}
+
+module.exports = {
+  extractOutputData,
+  reportDagNodeComplete,
+}

package/core/lib/dag-step-poller.js

@@ -0,0 +1,282 @@
+/**
+ * DAG Step Poller
+ *
+ * Polling daemon for DAG workflow execution.
+ * Similar to step-poller.js but with key differences:
+ * - Polls /api/dag/minion/pending-nodes instead of /api/minion/pending-steps
+ * - Supports concurrent node execution (up to MAX_CONCURRENT)
+ * - Reports completion to /api/dag/minion/node-complete
+ * - Injects input_data into skill context
+ *
+ * Feature flag: only starts when DAG_ENGINE_ENABLED=true
+ */
+
+const { config, isHqConfigured } = require('../config')
+const api = require('../api')
+const variableStore = require('../stores/variable-store')
+
+// Polling interval: 30 seconds (matches step-poller)
+const POLL_INTERVAL_MS = 30_000
+
+// Maximum concurrent DAG nodes this minion can execute
+const MAX_CONCURRENT = 2
+
+// Prevent concurrent poll cycles
+let polling = false
+let pollTimer = null
+let lastPollAt = null
+
+// Track active node executions: nodeExecId -> Promise
+const activeNodes = new Map()
+
+/**
+ * Send request to HQ's DAG API endpoints.
+ */
+async function dagRequest(endpoint, options = {}) {
+  if (!isHqConfigured()) {
+    return { skipped: true, reason: 'HQ not configured' }
+  }
+
+  const url = `${config.HQ_URL}/api/dag/minion${endpoint}`
+  const resp = await fetch(url, {
+    ...options,
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${config.API_TOKEN}`,
+      ...(options.headers || {}),
+    },
+  })
+
+  if (!resp.ok) {
+    const err = new Error(`DAG API ${endpoint} failed: ${resp.status}`)
+    err.statusCode = resp.status
+    throw err
+  }
+
+  return resp.json()
+}
+
+/**
+ * Poll HQ for pending DAG nodes and execute them.
+ */
+async function pollOnce() {
+  if (!isHqConfigured()) return
+  if (polling) return
+
+  polling = true
+  try {
+    const data = await dagRequest('/pending-nodes')
+
+    if (!data.nodes || data.nodes.length === 0) return
+
+    console.log(`[DagPoller] Found ${data.nodes.length} pending node(s), active: ${activeNodes.size}/${MAX_CONCURRENT}`)
+
+    for (const node of data.nodes) {
+      if (activeNodes.size >= MAX_CONCURRENT) break
+      if (activeNodes.has(node.node_execution_id)) continue
+
+      const promise = executeNode(node)
+        .catch(err => {
+          console.error(`[DagPoller] Node ${node.node_id} execution error: ${err.message}`)
+        })
+        .finally(() => {
+          activeNodes.delete(node.node_execution_id)
+        })
+
+      activeNodes.set(node.node_execution_id, promise)
+    }
+  } catch (err) {
+    if (err.message?.includes('fetch failed') || err.message?.includes('ECONNREFUSED')) {
+      console.log('[DagPoller] HQ unreachable, will retry next cycle')
+    } else {
+      console.error(`[DagPoller] Poll error: ${err.message}`)
+    }
+  } finally {
+    polling = false
+    lastPollAt = new Date().toISOString()
+  }
+}
+
+/**
+ * Execute a single pending DAG node:
+ * 1. Claim the node
+ * 2. Fetch the skill from HQ
+ * 3. Run the skill locally (with input_data injected)
+ * 4. Report completion with output_data
+ */
+async function executeNode(node) {
+  const {
+    node_execution_id,
+    execution_id,
+    dag_workflow_name,
+    node_id,
+    scope_path,
+    skill_version_id,
+    skill_name: resolvedSkillName,
+    assigned_role,
+    input_data,
+    revision_feedback,
+  } = node
+
+  console.log(
+    `[DagPoller] Executing node "${node_id}" of DAG "${dag_workflow_name}" ` +
+    `(skill: ${resolvedSkillName || skill_version_id}, scope: "${scope_path || 'root'}", role: ${assigned_role})`
+  )
+
+  try {
+    // 1. Claim the node
+    try {
+      await dagRequest('/claim-node', {
+        method: 'POST',
+        body: JSON.stringify({ node_execution_id }),
+      })
+    } catch (claimErr) {
+      if (claimErr.statusCode === 409) {
+        console.log(`[DagPoller] Node ${node_id} already claimed, skipping`)
+        return
+      }
+      throw claimErr
+    }
+
+    // 2. Resolve skill name (prefer pre-resolved from pending-nodes, fall back to API)
+    const skillName = resolvedSkillName || await resolveSkillName(skill_version_id)
+    if (!skillName) {
+      console.error(`[DagPoller] Could not resolve skill name for version ${skill_version_id}`)
+      await reportNodeComplete(node_execution_id, 'failed', null, 'Could not resolve skill name')
+      return
+    }
+
+    // 3. Fetch the skill
+    if (skillName) {
+      try {
+        const minionVars = variableStore.getAll('variables')
+        const mergedVars = { ...minionVars }
+        const varsParam = Object.keys(mergedVars).length > 0
+          ? `?vars=${Buffer.from(JSON.stringify(mergedVars)).toString('base64')}`
+          : ''
+        const fetchUrl = `http://localhost:${config.AGENT_PORT || 8080}/api/skills/fetch/${encodeURIComponent(skillName)}${varsParam}`
+        await fetch(fetchUrl, {
+          method: 'POST',
+          headers: { 'Authorization': `Bearer ${config.API_TOKEN}` },
+        })
+      } catch (fetchErr) {
+        console.error(`[DagPoller] Skill fetch error: ${fetchErr.message}`)
+      }
+    }
+
+    // 4. Run the skill with input_data context
+    const runPayload = {
+      skill_name: skillName,
+      execution_id,
+      workflow_name: dag_workflow_name,
+      role: assigned_role,
+      // DAG-specific: inject input_data as context
+      dag_node_id: node_id,
+      dag_input_data: input_data,
+      dag_node_execution_id: node_execution_id,
+    }
+    if (revision_feedback) {
+      runPayload.revision_feedback = revision_feedback
+    }
+
+    const runUrl = `http://localhost:${config.AGENT_PORT || 8080}/api/skills/run`
+    const runResp = await fetch(runUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${config.API_TOKEN}`,
+      },
+      body: JSON.stringify(runPayload),
+    })
+
+    if (!runResp.ok) {
+      const errData = await runResp.json().catch(() => ({}))
+      console.error(`[DagPoller] Skill run failed: ${errData.error || runResp.status}`)
+      await reportNodeComplete(
+        node_execution_id,
+        'failed',
+        null,
+        `Failed to start skill: ${errData.error || 'unknown error'}`
+      )
+      return
+    }
+
+    const runData = await runResp.json()
+    console.log(
+      `[DagPoller] Skill "${skillName}" started for node "${node_id}" ` +
+      `(session: ${runData.session_name}). Completion reported by post-execution hook.`
+    )
+
+    // Note: The post-execution hook in skills.js needs to be extended to handle DAG nodes.
+    // For now, we wait for the skill to complete and then report via the session monitor.
+    // This will be handled by dag-node-executor.js which watches the session.
+
+  } catch (err) {
+    console.error(`[DagPoller] Failed to execute node ${node_id}: ${err.message}`)
+    try {
+      await reportNodeComplete(node_execution_id, 'failed', null, err.message)
+    } catch {
+      // best-effort
+    }
+  }
+}
+
+/**
+ * Resolve skill_version_id to skill name via HQ API.
+ */
+async function resolveSkillName(skillVersionId) {
+  if (!skillVersionId) return null
+  try {
+    // Use existing skill fetch pattern — the skill name is returned by pending-nodes
+    // But if not available, we need to resolve it
+    const data = await api.request(`/skill-version/${skillVersionId}`)
+    return data?.skill_name || null
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Report node completion to HQ.
+ */
+async function reportNodeComplete(nodeExecutionId, status, outputData, outputSummary) {
+  return dagRequest('/node-complete', {
+    method: 'POST',
+    body: JSON.stringify({
+      node_execution_id: nodeExecutionId,
+      status,
+      output_data: outputData || {},
+      output_summary: outputSummary || null,
+    }),
+  })
+}
+
+function start() {
+  if (!isHqConfigured()) {
+    console.log('[DagPoller] HQ not configured, DAG poller disabled')
+    return
+  }
+
+  setTimeout(() => pollOnce(), 7000) // Slightly delayed after step-poller
+  pollTimer = setInterval(() => pollOnce(), POLL_INTERVAL_MS)
+  console.log(`[DagPoller] Started (polling every ${POLL_INTERVAL_MS / 1000}s, max concurrent: ${MAX_CONCURRENT})`)
+}
+
+function stop() {
+  if (pollTimer) {
+    clearInterval(pollTimer)
+    pollTimer = null
+    console.log('[DagPoller] Stopped')
+  }
+}
+
+function getStatus() {
+  return {
+    running: pollTimer !== null,
+    last_poll_at: lastPollAt,
+    active_nodes: activeNodes.size,
+    max_concurrent: MAX_CONCURRENT,
+  }
+}
+
+module.exports = { start, stop, pollOnce, getStatus, reportNodeComplete }

package/docs/api-reference.md

@@ -54,9 +54,9 @@ Outcome values: `success`, `failure`, `partial`
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| GET | `/api/terminal/sessions` | List tmux sessions |
+| GET | `/api/terminal/sessions` | List sessions (CMD + WSL merged) |
 | POST | `/api/terminal/send` | Send keys. Body: `{session, input?, enter?, special?}` |
-| POST | `/api/terminal/create` | Create session. Body: `{name?, command?}` |
+| POST | `/api/terminal/create` | Create session. Body: `{name?, command?, type?, get_or_create?}` |
 | POST | `/api/terminal/kill` | Kill session. Body: `{session}` |
 | GET | `/api/terminal/capture` | Capture pane content. Query: `?session=&lines=100` |
 | GET | `/api/terminal/ttyd/status` | ttyd process status |
@@ -64,6 +64,31 @@ Outcome values: `success`, `failure`, `partial`
 | POST | `/api/terminal/ttyd/stop` | Stop ttyd for session. Body: `{session}` |
 | POST | `/api/terminal/ttyd/stop-all` | Stop all ttyd processes |
 
+#### WSL セッション（Windows ミニオン限定）
+
+WSL 内でコマンドを実行するには `type: "wsl"` を指定する。セッション名は `wsl-` prefix が自動付与される。
+
+```bash
+# WSL セッション作成（既存があれば再利用）
+curl -X POST http://localhost:8080/api/terminal/create \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "wsl-dev", "type": "wsl", "get_or_create": true}'
+```
+
+| パラメータ | 型 | 説明 |
+|-----------|-----|------|
+| `type` | string | `"wsl"` で WSL セッションを作成 |
+| `get_or_create` | boolean | `true` の場合、同名の既存セッションがあれば再利用（レスポンスに `reused: true`） |
+
+WSL セッションの上限は **5つ**。上限に達すると `429` を返す。不要なセッションを `kill` してから再作成すること。
+
+```bash
+# WSL サーバー稼働状態の確認
+curl http://localhost:8080/api/terminal/wsl/status \
+  -H "Authorization: Bearer $API_TOKEN"
+```
+
 ### Files
 
 Files are stored in `~/files/`. Max upload size: 50MB.
@@ -543,7 +568,7 @@ Note: 既読メールは受信後90日で自動削除される。未読メール
 | GET | `/api/commands` | List available whitelisted commands |
 | POST | `/api/command` | Execute command. Body: `{command}` |
 
-Available commands: `restart-agent`, `update-agent`, `restart-display`, `status-services`
+Available commands: `restart-agent`, `update-agent`, `restart-display`, `restart-all`, `status-services`
 
 ---
 

package/docs/environment-setup.md

@@ -232,6 +232,14 @@ curl -X POST http://localhost:8080/api/chat \
 | 7682 | WSL session server (HTTP API) | localhost のみ |
 | 7683 | WSL session server (WebSocket) | localhost のみ、ttyd プロトコル |
 
+### セッション管理
+
+- **セッション再利用**: `get_or_create: true` を指定すると、同名の既存セッションがあれば再利用される。毎回新しいセッションを作らないこと。
+- **固定名**: `wsl-dev`, `wsl-build` など目的を示す名前を使う。名前を省略するとタイムスタンプ名が生成され再利用できない。
+- **上限**: WSL セッションは最大 5 つ。上限に達すると作成が拒否される。
+- **自動クリーンアップ**: 完了済みセッションは 5 分後に自動削除される。
+- **手動クリーンアップ**: 不要なセッションは `POST /api/terminal/kill` で終了する。
+
 ### トラブルシューティング
 
 | 問題 | 原因 | 対処 |
@@ -239,6 +247,7 @@ curl -X POST http://localhost:8080/api/chat \
 | WSL session server is not running | ユーザーが未ログイン | RDP/コンソールでログイン |
 | WSL not detected during setup | WSL 未インストール | `wsl --install` を実行後 `minion-cli setup` を再実行 |
 | Connection refused on port 7682 | サーバー異常終了 | `schtasks /Run /TN "MinionWSL"` で再起動 |
+| WSL session limit reached | 5 セッション上限 | `GET /api/terminal/sessions` で確認し不要なセッションを `kill` |
 
 ---
 

package/linux/lib/process-manager.js

@@ -63,6 +63,11 @@ function buildAllowedCommands(procMgr) {
       description: 'Restart Xvfb, Fluxbox, x11vnc and noVNC services',
       command: `${SUDO}systemctl restart xvfb fluxbox x11vnc novnc`,
     }
+    commands['restart-all'] = {
+      description: 'Restart all services (display stack + agent)',
+      command: `${SUDO}systemctl restart xvfb fluxbox x11vnc novnc && ${SUDO}systemctl restart minion-agent`,
+      deferred: true,
+    }
     commands['status-services'] = {
       description: 'Check status of all services',
       command: 'systemctl status minion-agent xvfb fluxbox x11vnc novnc --no-pager',
@@ -87,6 +92,11 @@ function buildAllowedCommands(procMgr) {
       description: 'Restart Xvfb, x11vnc and noVNC services',
       command: `${SUDO}supervisorctl restart xvfb fluxbox x11vnc novnc`,
     }
+    commands['restart-all'] = {
+      description: 'Restart all services (display stack + agent)',
+      command: `${SUDO}supervisorctl restart xvfb fluxbox x11vnc novnc && ${SUDO}supervisorctl restart minion-agent`,
+      deferred: true,
+    }
     commands['status-services'] = {
       description: 'Check status of all services',
       command: `${SUDO}supervisorctl status`,

package/linux/server.js

@@ -58,6 +58,7 @@ const { getConfigWarnings } = require('../core/lib/config-warnings')
 
 // Pull-model daemons (from core/)
 const stepPoller = require('../core/lib/step-poller')
+const dagStepPoller = require('../core/lib/dag-step-poller')
 const revisionWatcher = require('../core/lib/revision-watcher')
 const reflectionScheduler = require('../core/lib/reflection-scheduler')
 const threadWatcher = require('../core/lib/thread-watcher')
@@ -122,6 +123,7 @@ async function shutdown(signal) {
 
   // Stop pollers, runners, and scheduler
   stepPoller.stop()
+  dagStepPoller.stop()
   revisionWatcher.stop()
   reflectionScheduler.stop()
   threadWatcher.stop()
@@ -391,6 +393,7 @@ async function start() {
 
       // Start Pull-model daemons
       stepPoller.start()
+      dagStepPoller.start()
       revisionWatcher.start()
       threadWatcher.start(runQuickLlmCall)
     } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "3.13.0",
+  "version": "3.16.1",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "linux/server.js",
   "bin": {

package/rules/core.md

@@ -40,6 +40,30 @@ Minion
 
 API の詳細仕様は `~/.minion/docs/api-reference.md` の「Email」セクションを参照。
 
+## Terminal Session Management
+
+ターミナルセッション（`/api/terminal/*`）を使用する際は以下のルールに従うこと。
+
+### セッション再利用の原則
+
+- **新しいセッションを作る前に、既存セッションを確認する。**
+  ```bash
+  curl -H "Authorization: Bearer $API_TOKEN" http://localhost:8080/api/terminal/sessions
+  ```
+- 目的に合う既存セッション（未完了で再利用可能なもの）があれば、そのセッションに `send` でコマンドを送る。
+- 新規作成が必要な場合は、**目的を示す固定名**を付ける（例: `dev`, `build`, `test`）。タイムスタンプ名（`session-1234567890`）は避ける。
+
+### クリーンアップ
+
+- 作業が完了したセッションは `POST /api/terminal/kill` で終了する。
+- 一時的なコマンド実行（`command` 引数付きで作成したセッション）は、完了確認後に必ず kill する。
+- セッションを放置しない。使い終わったら片付ける。
+
+### セッション数の制限
+
+- 同時に保持するセッションは **最大3つ** を目安にする。
+- それ以上必要な場合は、不要なセッションを先に kill してから作成する。
+
 ## Available Tools
 
 ### CLI

package/rules/windows.md

@@ -0,0 +1,72 @@
+# Windows Minion
+
+Windows ミニオン固有のルール。
+
+## WSL セッション管理
+
+Windows ミニオンでは WSL（Windows Subsystem for Linux）内の Docker やリポジトリ操作のために WSL セッションを使用できる。
+
+### WSL セッションの使い方
+
+#### ターミナルセッション
+
+WSL 内でコマンドを実行するには `type: "wsl"` を指定してセッションを作成する:
+
+```bash
+# WSL セッション作成（固定名を付けること）
+curl -X POST http://localhost:8080/api/terminal/create \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "wsl-dev", "type": "wsl"}'
+
+# コマンド送信
+curl -X POST http://localhost:8080/api/terminal/send \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"session": "wsl-dev", "input": "docker compose up -d", "enter": true}'
+
+# 出力確認
+curl "http://localhost:8080/api/terminal/capture?session=wsl-dev&lines=50" \
+  -H "Authorization: Bearer $API_TOKEN"
+```
+
+#### チャット（WSL モード）
+
+チャット API に `wsl_mode: true` を追加すると、Claude Code CLI がユーザーセッションで実行され WSL コマンドを直接使用できる:
+
+```bash
+curl -X POST http://localhost:8080/api/chat \
+  -H "Authorization: Bearer $API_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{"message": "WSL内でリポジトリをクローンしてDockerを起動して", "wsl_mode": true}'
+```
+
+### セッション管理ルール
+
+#### 再利用を徹底する
+
+- **WSL セッションの新規作成前に、必ず既存セッションを確認する。**
+  ```bash
+  curl -H "Authorization: Bearer $API_TOKEN" http://localhost:8080/api/terminal/sessions
+  ```
+  レスポンスの `type: "wsl"` かつ `completed: false` のセッションがあれば再利用する。
+- **固定名を使う。** `wsl-dev`, `wsl-build`, `wsl-docker` など目的を示す名前を付ける。
+  名前を省略すると `wsl-session-{timestamp}` が自動生成され、再利用できなくなる。
+- **1つの WSL セッションで複数コマンドを順次実行する。** コマンドごとに新しいセッションを作らない。
+
+#### クリーンアップ
+
+- WSL 作業が完了したら `POST /api/terminal/kill` でセッションを終了する。
+- WSL セッションは最大 **5つ** まで。上限に達すると新規作成が拒否される。
+- 完了済み（`completed: true`）のセッションは自動的にクリーンアップされる。
+
+#### WSL セッションサーバーの確認
+
+WSL セッションが使えない場合は、まずサーバーの稼働状態を確認する:
+
+```bash
+curl http://localhost:8080/api/terminal/wsl/status \
+  -H "Authorization: Bearer $API_TOKEN"
+```
+
+`running: false` の場合、ターゲットユーザーがログインしていない可能性がある。

package/win/lib/process-manager.js

@@ -220,6 +220,62 @@ function buildRestartScript(_nssmPath, agentPort, apiToken) {
   return scriptPath
 }
 
+/**
+ * Generate a temporary PowerShell script for restarting ALL services:
+ * 1. Restart display services (VNC + websockify)
+ * 2. Graceful shutdown of agent via HTTP API
+ * 3. Restart agent service via NSSM
+ * 4. Remove the temporary updater service (self-cleanup)
+ *
+ * @param {string} _nssmPath - Absolute path to nssm.exe
+ * @param {number} agentPort - The agent's HTTP port
+ * @param {string} apiToken - The agent's API token
+ * @returns {string} - Path to the generated restart script (.ps1)
+ */
+function buildRestartAllScript(_nssmPath, agentPort, apiToken) {
+  const dataDir = path.join(os.homedir(), '.minion')
+  const homeDir = os.homedir()
+  const scriptPath = path.join(dataDir, 'restart-all.ps1')
+  const logDir = path.join(dataDir, 'logs')
+  const logPath = path.join(logDir, 'restart-all.log')
+
+  const gracefulStop = buildGracefulStopBlock(agentPort, apiToken)
+
+  const ps1 = [
+    `$env:USERPROFILE = '${homeDir}'`,
+    `$env:HOME = '${homeDir}'`,
+    `$ErrorActionPreference = 'Stop'`,
+    `$nssm = '${path.join(dataDir, 'nssm.exe')}'`,
+    `$logFile = '${logPath}'`,
+    `function Log($msg) { "$(Get-Date -Format o) $msg" | Out-File -Append $logFile }`,
+    `Log 'Restart-all started'`,
+    `try {`,
+    `  Log 'Restarting display services...'`,
+    `  try { & $nssm restart minion-vnc 2>&1 | ForEach-Object { Log "minion-vnc: $_" } } catch { Log "minion-vnc restart failed: $_" }`,
+    `  try { & $nssm restart minion-websockify 2>&1 | ForEach-Object { Log "minion-websockify: $_" } } catch { Log "minion-websockify restart failed: $_" }`,
+    `  Log 'Display services restarted'`,
+    `  Log 'Requesting graceful shutdown of agent...'`,
+    gracefulStop,
+    `  Log 'Restarting agent service via NSSM...'`,
+    `  & $nssm restart minion-agent`,
+    `  Log 'Restart-all completed successfully'`,
+    `} catch {`,
+    `  Log "Restart-all failed: $_"`,
+    `  Log 'Attempting to start agent service anyway...'`,
+    `  & $nssm start minion-agent`,
+    `} finally {`,
+    `  Log 'Cleaning up updater service...'`,
+    `  & $nssm stop minion-update confirm 2>$null`,
+    `  & $nssm remove minion-update confirm 2>$null`,
+    `}`,
+  ].join('\n')
+
+  try { fs.mkdirSync(dataDir, { recursive: true }) } catch { /* exists */ }
+  fs.writeFileSync(scriptPath, ps1, 'utf-8')
+
+  return scriptPath
+}
+
 /**
  * Build allowed commands for NSSM-based service management.
  *
@@ -271,6 +327,12 @@ function buildAllowedCommands(_procMgr, agentConfig = {}) {
     command: `"${nssmPath}" restart minion-vnc & "${nssmPath}" restart minion-websockify`,
   }
 
+  commands['restart-all'] = {
+    description: 'Restart all services (display + agent)',
+    nssmService: { scriptPath: buildRestartAllScript(nssmPath, agentPort, apiToken) },
+    deferred: true,
+  }
+
   commands['restart-tunnel'] = {
     description: 'Restart Cloudflare tunnel service',
     command: `"${nssmPath}" restart minion-cloudflared`,

package/win/routes/terminal.js

@@ -316,13 +316,26 @@ async function terminalRoutes(fastify) {
     if (type === 'wsl') {
       const sessionName = name || `wsl-session-${Date.now()}`
       const wslName = sessionName.startsWith('wsl-') ? sessionName : `wsl-${sessionName}`
+
+      // get_or_create: return existing session if it's still alive
+      if (request.body.get_or_create) {
+        const sessions = await proxyToWsl('GET', '/api/wsl/sessions')
+        if (sessions && sessions.success && sessions.sessions) {
+          const existing = sessions.sessions.find(s => s.name === wslName && !s.completed)
+          if (existing) {
+            console.log(`[Terminal] Reusing existing WSL session '${wslName}'`)
+            return { success: true, session: wslName, message: `Reusing existing WSL session '${wslName}'`, reused: true }
+          }
+        }
+      }
+
       console.log(`[Terminal] Creating WSL session '${wslName}' — proxying to WSL server`)
       const result = await proxyToWsl('POST', '/api/wsl/create', { name: wslName, command })
       if (!result) {
         reply.code(503)
         return { success: false, error: 'WSL session server is not running. The target user must be logged in for WSL sessions.' }
       }
-      reply.code(result.success ? 200 : 500)
+      reply.code(result.success ? 200 : (result.error?.includes('limit') ? 429 : 500))
       return result
     }
 

package/win/server.js

@@ -34,6 +34,7 @@ const { getConfigWarnings } = require('../core/lib/config-warnings')
 
 // Pull-model daemons (from core/)
 const stepPoller = require('../core/lib/step-poller')
+const dagStepPoller = require('../core/lib/dag-step-poller')
 const revisionWatcher = require('../core/lib/revision-watcher')
 const reflectionScheduler = require('../core/lib/reflection-scheduler')
 const threadWatcher = require('../core/lib/thread-watcher')
@@ -94,6 +95,7 @@ async function shutdown(signal) {
   }
 
   stepPoller.stop()
+  dagStepPoller.stop()
   revisionWatcher.stop()
   reflectionScheduler.stop()
   threadWatcher.stop()
@@ -144,10 +146,12 @@ function syncBundledRules() {
   try {
     if (!fs.existsSync(bundledRulesDir)) return
     fs.mkdirSync(targetRulesDir, { recursive: true })
-    const coreSrc = path.join(bundledRulesDir, 'core.md')
-    if (fs.existsSync(coreSrc)) {
-      fs.copyFileSync(coreSrc, path.join(targetRulesDir, 'core.md'))
-      console.log('[Rules] Synced: core.md')
+    for (const ruleFile of ['core.md', 'windows.md']) {
+      const src = path.join(bundledRulesDir, ruleFile)
+      if (fs.existsSync(src)) {
+        fs.copyFileSync(src, path.join(targetRulesDir, ruleFile))
+        console.log(`[Rules] Synced: ${ruleFile}`)
+      }
     }
     for (const legacy of ['minion.md', 'role-pm.md', 'role-engineer.md']) {
       const legacyPath = path.join(targetRulesDir, legacy)
@@ -356,6 +360,7 @@ async function start() {
 
       // Start Pull-model daemons
       stepPoller.start()
+      dagStepPoller.start()
       revisionWatcher.start()
       threadWatcher.start(runQuickLlmCall)
     } else {

package/win/wsl-session-server.js

@@ -29,6 +29,9 @@ const DATA_DIR = path.join(HOME_DIR, '.minion')
 const TOKEN_FILE = path.join(DATA_DIR, '.wsl-session-token')
 const PID_FILE = path.join(DATA_DIR, '.wsl-session.pid')
 
+const MAX_WSL_SESSIONS = 5
+const COMPLETED_SESSION_TTL_MS = 5 * 60 * 1000 // 5 minutes
+
 let AUTH_TOKEN = ''
 try {
   AUTH_TOKEN = fs.readFileSync(TOKEN_FILE, 'utf-8').trim()
@@ -109,6 +112,7 @@ function createWslSession(sessionName, command) {
   ptyProcess.onExit(({ exitCode }) => {
     session.completed = true
     session.exitCode = exitCode
+    session.completedAt = Date.now()
     for (const ws of session.wsClients) {
       try { ws.close() } catch {}
     }
@@ -119,6 +123,30 @@ function createWslSession(sessionName, command) {
   return session
 }
 
+/**
+ * Remove completed sessions that have been idle for COMPLETED_SESSION_TTL_MS.
+ */
+function reapCompletedSessions() {
+  const now = Date.now()
+  for (const [name, session] of activeSessions) {
+    if (session.completed && session.completedAt && now - session.completedAt > COMPLETED_SESSION_TTL_MS) {
+      activeSessions.delete(name)
+      console.log(`[WSL] Reaped completed session '${name}'`)
+    }
+  }
+}
+
+/**
+ * Count active (non-completed) sessions.
+ */
+function activeSessionCount() {
+  let count = 0
+  for (const [, session] of activeSessions) {
+    if (!session.completed) count++
+  }
+  return count
+}
+
 const specialKeyMap = {
   'Enter': '\r', 'Escape': '\x1b', 'Tab': '\t',
   'C-c': '\x03', 'C-d': '\x04', 'C-z': '\x1a',
@@ -249,10 +277,24 @@ async function startServer() {
     if (!/^[\w-]+$/.test(sessionName)) {
       reply.code(400); return { success: false, error: 'Invalid session name' }
     }
+
+    // Reap completed sessions before checking limits
+    reapCompletedSessions()
+
     if (activeSessions.has(sessionName)) {
       reply.code(409); return { success: false, error: `Session '${sessionName}' already exists` }
     }
 
+    if (activeSessionCount() >= MAX_WSL_SESSIONS) {
+      reply.code(429)
+      return {
+        success: false,
+        error: `WSL session limit reached (max ${MAX_WSL_SESSIONS}). Kill unused sessions before creating new ones.`,
+        active_sessions: activeSessionCount(),
+        max_sessions: MAX_WSL_SESSIONS,
+      }
+    }
+
     try {
       createWslSession(sessionName, command)
       return { success: true, session: sessionName, message: `WSL session '${sessionName}' created` }
@@ -373,6 +415,9 @@ async function startServer() {
     fs.writeFileSync(PID_FILE, String(process.pid))
   } catch {}
 
+  // Periodically reap completed sessions
+  setInterval(reapCompletedSessions, 60 * 1000)
+
   return fastify
 }