@hasna/loops 0.3.14 → 0.3.16

package/dist/index.js

@@ -326,6 +326,17 @@ function optionalPositiveInteger(value, label) {
     throw new Error(`${label} must be a positive integer`);
   return value;
 }
+function optionalStringArray(value, label) {
+  if (value === undefined)
+    return;
+  if (!Array.isArray(value))
+    throw new Error(`${label} must be an array`);
+  const values = value.map((entry, index) => {
+    assertString(entry, `${label}[${index}]`);
+    return entry.trim();
+  }).filter(Boolean);
+  return values.length ? values : undefined;
+}
 function normalizeGoalSpec(value, label = "goal") {
   if (value === undefined)
     return;
@@ -397,6 +408,14 @@ function validateTarget(value, label) {
         throw new Error(`${label}.sandbox is currently supported only for provider codewith, codex, or cursor`);
       }
     }
+    if (value.allowlist !== undefined) {
+      assertObject(value.allowlist, `${label}.allowlist`);
+      optionalStringArray(value.allowlist.tools, `${label}.allowlist.tools`);
+      optionalStringArray(value.allowlist.commands, `${label}.allowlist.commands`);
+      if (value.allowlist.enforcement !== undefined && value.allowlist.enforcement !== "metadata_only") {
+        throw new Error(`${label}.allowlist.enforcement must be metadata_only`);
+      }
+    }
     return value;
   }
   throw new Error(`${label}.type must be command or agent`);
@@ -480,6 +499,8 @@ function rowToLoop(row) {
     name: row.name,
     description: row.description ?? undefined,
     status: row.status,
+    archivedAt: row.archived_at ?? undefined,
+    archivedFromStatus: row.archived_from_status ? row.archived_from_status : undefined,
     schedule: JSON.parse(row.schedule_json),
     target: JSON.parse(row.target_json),
     goal: row.goal_json ? JSON.parse(row.goal_json) : undefined,
@@ -689,6 +710,8 @@ class Store {
         name TEXT NOT NULL,
         description TEXT,
         status TEXT NOT NULL,
+        archived_at TEXT,
+        archived_from_status TEXT,
         schedule_json TEXT NOT NULL,
         target_json TEXT NOT NULL,
         goal_json TEXT,
@@ -889,6 +912,8 @@ class Store {
     `);
     this.addColumnIfMissing("loops", "machine_json", "TEXT");
     this.addColumnIfMissing("loops", "goal_json", "TEXT");
+    this.addColumnIfMissing("loops", "archived_at", "TEXT");
+    this.addColumnIfMissing("loops", "archived_from_status", "TEXT");
     this.addColumnIfMissing("loop_runs", "goal_run_id", "TEXT");
     this.addColumnIfMissing("workflow_specs", "goal_json", "TEXT");
     this.addColumnIfMissing("workflow_runs", "goal_run_id", "TEXT");
@@ -897,6 +922,7 @@ class Store {
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0001_initial_and_workflows", nowIso());
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0002_loop_machines", nowIso());
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0003_goals", nowIso());
+    this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0004_loop_archive_metadata", nowIso());
   }
   addColumnIfMissing(table, column, definition) {
     const columns = this.db.query(`PRAGMA table_info(${table})`).all();
@@ -973,12 +999,26 @@ class Store {
   }
   listLoops(opts = {}) {
     const limit = opts.limit ?? 200;
-    const rows = opts.status ? this.db.query("SELECT * FROM loops WHERE status = ? ORDER BY next_run_at ASC LIMIT ?").all(opts.status, limit) : this.db.query("SELECT * FROM loops ORDER BY status ASC, next_run_at ASC LIMIT ?").all(limit);
+    let rows;
+    if (opts.status && opts.archived) {
+      rows = this.db.query("SELECT * FROM loops WHERE status = ? AND archived_at IS NOT NULL ORDER BY next_run_at ASC LIMIT ?").all(opts.status, limit);
+    } else if (opts.status && opts.includeArchived) {
+      rows = this.db.query("SELECT * FROM loops WHERE status = ? ORDER BY next_run_at ASC LIMIT ?").all(opts.status, limit);
+    } else if (opts.status) {
+      rows = this.db.query("SELECT * FROM loops WHERE status = ? AND archived_at IS NULL ORDER BY next_run_at ASC LIMIT ?").all(opts.status, limit);
+    } else if (opts.archived) {
+      rows = this.db.query("SELECT * FROM loops WHERE archived_at IS NOT NULL ORDER BY archived_at DESC LIMIT ?").all(limit);
+    } else if (opts.includeArchived) {
+      rows = this.db.query("SELECT * FROM loops ORDER BY status ASC, next_run_at ASC LIMIT ?").all(limit);
+    } else {
+      rows = this.db.query("SELECT * FROM loops WHERE archived_at IS NULL ORDER BY status ASC, next_run_at ASC LIMIT ?").all(limit);
+    }
     return rows.map(rowToLoop);
   }
   dueLoops(now) {
     const rows = this.db.query(`SELECT * FROM loops
          WHERE status = 'active'
+           AND archived_at IS NULL
            AND next_run_at IS NOT NULL
            AND next_run_at <= ?
          ORDER BY next_run_at ASC`).all(now.toISOString());
@@ -1010,6 +1050,44 @@ class Store {
       throw new Error(`loop not found after update: ${id}`);
     return after;
   }
+  archiveLoop(idOrName) {
+    const loop = this.requireLoop(idOrName);
+    if (loop.archivedAt)
+      return loop;
+    const updated = nowIso();
+    const archivedStatus = loop.status === "active" ? "paused" : loop.status;
+    this.db.query(`UPDATE loops
+         SET status=$status, archived_at=$archivedAt, archived_from_status=$archivedFromStatus, updated_at=$updated
+         WHERE id=$id`).run({
+      $id: loop.id,
+      $status: archivedStatus,
+      $archivedAt: updated,
+      $archivedFromStatus: loop.status,
+      $updated: updated
+    });
+    const archived = this.getLoop(loop.id);
+    if (!archived)
+      throw new Error(`loop not found after archive: ${loop.id}`);
+    return archived;
+  }
+  unarchiveLoop(idOrName) {
+    const loop = this.requireLoop(idOrName);
+    if (!loop.archivedAt)
+      return loop;
+    const updated = nowIso();
+    const restoredStatus = loop.archivedFromStatus ?? loop.status;
+    this.db.query(`UPDATE loops
+         SET status=$status, archived_at=NULL, archived_from_status=NULL, updated_at=$updated
+         WHERE id=$id`).run({
+      $id: loop.id,
+      $status: restoredStatus,
+      $updated: updated
+    });
+    const unarchived = this.getLoop(loop.id);
+    if (!unarchived)
+      throw new Error(`loop not found after unarchive: ${loop.id}`);
+    return unarchived;
+  }
   deleteLoop(idOrName) {
     const loop = this.requireLoop(idOrName);
     const res = this.db.query("DELETE FROM loops WHERE id = ?").run(loop.id);
@@ -1784,10 +1862,16 @@ class Store {
   }
   claimRun(loop, scheduledFor, runnerId, now = new Date, opts = {}) {
     const startedAt = now.toISOString();
-    const leaseExpiresAt = new Date(now.getTime() + loop.leaseMs).toISOString();
     this.db.exec("BEGIN IMMEDIATE");
     try {
       this.assertDaemonLeaseFence(opts, startedAt);
+      const currentLoop = this.getLoop(loop.id);
+      if (!currentLoop || currentLoop.archivedAt) {
+        this.db.exec("COMMIT");
+        return;
+      }
+      loop = currentLoop;
+      const leaseExpiresAt = new Date(now.getTime() + loop.leaseMs).toISOString();
       const existing = this.getRunBySlot(loop.id, scheduledFor);
       if (existing) {
         if (existing.status === "running") {
@@ -2005,7 +2089,7 @@ class Store {
     return recovered;
   }
   expireLoops(now = new Date, opts = {}) {
-    const rows = this.db.query("SELECT * FROM loops WHERE status = 'active' AND expires_at IS NOT NULL AND expires_at <= ?").all(now.toISOString());
+    const rows = this.db.query("SELECT * FROM loops WHERE status = 'active' AND archived_at IS NULL AND expires_at IS NOT NULL AND expires_at <= ?").all(now.toISOString());
     const expired = [];
     for (const row of rows) {
       const updated = this.updateLoop(row.id, { status: "expired", nextRunAt: undefined }, opts);
@@ -2014,8 +2098,21 @@ class Store {
     }
     return expired;
   }
-  countLoops(status) {
-    const row = status ? this.db.query("SELECT COUNT(*) AS count FROM loops WHERE status = ?").get(status) : this.db.query("SELECT COUNT(*) AS count FROM loops").get();
+  countLoops(status, opts = {}) {
+    let row;
+    if (status && opts.archived) {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops WHERE status = ? AND archived_at IS NOT NULL").get(status);
+    } else if (status && opts.includeArchived) {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops WHERE status = ?").get(status);
+    } else if (status) {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops WHERE status = ? AND archived_at IS NULL").get(status);
+    } else if (opts.archived) {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops WHERE archived_at IS NOT NULL").get();
+    } else if (opts.includeArchived) {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops").get();
+    } else {
+      row = this.db.query("SELECT COUNT(*) AS count FROM loops WHERE archived_at IS NULL").get();
+    }
     return row?.count ?? 0;
   }
   countRuns(status) {
@@ -2377,6 +2474,16 @@ function metadataEnv(metadata) {
     env.LOOPS_GOAL_NODE_KEY = metadata.goalNodeKey;
   return env;
 }
+function allowlistEnv(allowlist) {
+  const env = {};
+  if (allowlist?.tools?.length)
+    env.LOOPS_AGENT_ALLOWED_TOOLS = allowlist.tools.join(",");
+  if (allowlist?.commands?.length)
+    env.LOOPS_AGENT_ALLOWED_COMMANDS = allowlist.commands.join(",");
+  if (allowlist?.tools?.length || allowlist?.commands?.length)
+    env.LOOPS_AGENT_ALLOWLIST_ENFORCEMENT = "metadata_only";
+  return env;
+}
 function providerCommand(provider) {
   switch (provider) {
     case "claude":
@@ -2584,7 +2691,8 @@ function commandSpec(target) {
     account: agentTarget.account,
     accountTool: agentTarget.account?.tool ?? accountToolForProvider(agentTarget.provider),
     preflightAnyOf: agentTarget.provider === "cursor" ? ["cursor", "agent"] : undefined,
-    stdin: agentTarget.prompt
+    stdin: agentTarget.prompt,
+    allowlist: agentTarget.allowlist
   };
 }
 function executionEnv(spec, metadata, opts) {
@@ -2596,6 +2704,7 @@ function executionEnv(spec, metadata, opts) {
     Object.assign(env, accountEnv);
   }
   Object.assign(env, spec.env ?? {});
+  Object.assign(env, allowlistEnv(spec.allowlist));
   env.PATH = normalizeExecutionPath(env);
   Object.assign(env, metadataEnv(metadata));
   return env;
@@ -2634,6 +2743,9 @@ function remoteBootstrapLines(spec, metadata) {
       continue;
     lines.push(`export ${key}=${shellQuote(value)}`);
   }
+  for (const [key, value] of Object.entries(allowlistEnv(spec.allowlist))) {
+    lines.push(`export ${key}=${shellQuote(value)}`);
+  }
   return lines;
 }
 function remoteScript(spec, metadata) {
@@ -3587,12 +3699,16 @@ async function executeLoopTarget(store, loop, run, opts = {}) {
 
 // src/lib/scheduler.ts
 function manualRunScheduledFor(loop, now = new Date) {
+  if (loop.archivedAt)
+    return now.toISOString();
   if (loop.status === "active" && loop.nextRunAt && new Date(loop.nextRunAt).getTime() <= now.getTime()) {
     return loop.retryScheduledFor ?? loop.nextRunAt;
   }
   return now.toISOString();
 }
 function shouldAdvanceManualRun(loop, scheduledFor, now = new Date) {
+  if (loop.archivedAt)
+    return false;
   if (loop.status !== "active")
     return false;
   if (!loop.nextRunAt || new Date(loop.nextRunAt).getTime() > now.getTime())
@@ -3600,6 +3716,8 @@ function shouldAdvanceManualRun(loop, scheduledFor, now = new Date) {
   return scheduledFor === (loop.retryScheduledFor ?? loop.nextRunAt);
 }
 function manualRunSource(loop, scheduledFor, now = new Date) {
+  if (loop.archivedAt)
+    return "ad_hoc";
   if (loop.status !== "active")
     return "ad_hoc";
   if (!loop.nextRunAt || new Date(loop.nextRunAt).getTime() > now.getTime())
@@ -3618,7 +3736,7 @@ function advanceLoop(store, loop, run, finishedAt, succeeded, opts = {}) {
   if (run.status === "running")
     return;
   const current = store.getLoop(loop.id);
-  if (!current || current.status !== "active")
+  if (!current || current.status !== "active" || current.archivedAt)
     return;
   if (current.retryScheduledFor && current.retryScheduledFor !== run.scheduledFor)
     return;
@@ -3903,16 +4021,28 @@ class LoopsClient {
   }
   pause(idOrName) {
     const loop = this.get(idOrName);
+    if (loop.archivedAt)
+      throw new Error(`loop is archived; unarchive it before pausing: ${idOrName}`);
     return this.store.updateLoop(loop.id, { status: "paused" });
   }
   resume(idOrName) {
     const loop = this.get(idOrName);
+    if (loop.archivedAt)
+      throw new Error(`loop is archived; unarchive it before resuming: ${idOrName}`);
     return this.store.updateLoop(loop.id, { status: "active" });
   }
   stop(idOrName) {
     const loop = this.get(idOrName);
+    if (loop.archivedAt)
+      throw new Error(`loop is archived; unarchive it before stopping: ${idOrName}`);
     return this.store.updateLoop(loop.id, { status: "stopped", nextRunAt: undefined });
   }
+  archive(idOrName) {
+    return this.store.archiveLoop(idOrName);
+  }
+  unarchive(idOrName) {
+    return this.store.unarchiveLoop(idOrName);
+  }
   delete(idOrName) {
     return this.store.deleteLoop(idOrName);
   }
@@ -3931,6 +4061,8 @@ class LoopsClient {
   }
   async runNow(idOrName) {
     const loop = this.get(idOrName);
+    if (loop.archivedAt)
+      throw new Error(`loop is archived; unarchive it before running: ${idOrName}`);
     const now = new Date;
     let scheduledFor = manualRunScheduledFor(loop, now);
     let shouldAdvance = shouldAdvanceManualRun(loop, scheduledFor, now);
@@ -3974,6 +4106,10 @@ var TEMPLATE_SUMMARIES = [
       { name: "projectPath", required: true, description: "Repository or project working directory." },
       { name: "provider", default: "codewith", description: "Agent provider: codewith, claude, cursor, opencode, aicopilot, or codex." },
       { name: "authProfile", description: "Provider-native auth profile, currently Codewith." },
+      { name: "authProfilePool", description: "Comma-separated provider-native auth profiles; worker/verifier are selected deterministically." },
+      { name: "workerAuthProfile", description: "Provider-native auth profile for the worker step." },
+      { name: "verifierAuthProfile", description: "Provider-native auth profile for the verifier step." },
+      { name: "accountPool", description: "Comma-separated OpenAccounts profiles; worker/verifier are selected deterministically." },
       { name: "model", description: "Provider model." },
       { name: "variant", description: "Provider reasoning/model effort variant." },
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
@@ -3993,6 +4129,10 @@ var TEMPLATE_SUMMARIES = [
       { name: "projectPath", required: true, description: "Repository or project working directory." },
       { name: "provider", default: "codewith", description: "Agent provider: codewith, claude, cursor, opencode, aicopilot, or codex." },
       { name: "authProfile", description: "Provider-native auth profile, currently Codewith." },
+      { name: "authProfilePool", description: "Comma-separated provider-native auth profiles; worker/verifier are selected deterministically." },
+      { name: "workerAuthProfile", description: "Provider-native auth profile for the worker step." },
+      { name: "verifierAuthProfile", description: "Provider-native auth profile for the verifier step." },
+      { name: "accountPool", description: "Comma-separated OpenAccounts profiles; worker/verifier are selected deterministically." },
       { name: "model", description: "Provider model." },
       { name: "variant", description: "Provider reasoning/model effort variant." },
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
@@ -4007,7 +4147,37 @@ function taskLabel(input) {
   const head = input.taskTitle?.trim() || input.taskId;
   return head.length > 160 ? `${head.slice(0, 157)}...` : head;
 }
-function agentTarget(input, prompt) {
+function stableIndex(seed, size) {
+  let hash = 2166136261;
+  for (let i = 0;i < seed.length; i += 1) {
+    hash ^= seed.charCodeAt(i);
+    hash = Math.imul(hash, 16777619);
+  }
+  return Math.abs(hash >>> 0) % size;
+}
+function rolePoolValue(pool, seed, role) {
+  if (!pool?.length)
+    return;
+  const workerIndex = stableIndex(seed, pool.length);
+  if (role === "worker" || pool.length === 1)
+    return pool[workerIndex];
+  return pool[(workerIndex + 1) % pool.length];
+}
+function authProfileForRole(input, role, seed) {
+  if (role === "worker" && input.workerAuthProfile)
+    return input.workerAuthProfile;
+  if (role === "verifier" && input.verifierAuthProfile)
+    return input.verifierAuthProfile;
+  return rolePoolValue(input.authProfilePool, seed, role) ?? input.authProfile;
+}
+function accountForRole(input, role, seed) {
+  if (role === "worker" && input.workerAccount)
+    return input.workerAccount;
+  if (role === "verifier" && input.verifierAccount)
+    return input.verifierAccount;
+  return rolePoolValue(input.accountPool, seed, role) ?? input.account;
+}
+function agentTarget(input, prompt, role, seed) {
   const provider = input.provider ?? "codewith";
   const sandbox = input.sandbox ?? (provider === "codewith" || provider === "codex" ? "danger-full-access" : provider === "cursor" ? "disabled" : undefined);
   return {
@@ -4018,11 +4188,11 @@ function agentTarget(input, prompt) {
     model: input.model,
     variant: input.variant,
     agent: input.agent,
-    authProfile: provider === "codewith" ? input.authProfile : undefined,
+    authProfile: provider === "codewith" ? authProfileForRole(input, role, seed) : undefined,
     configIsolation: "safe",
     permissionMode: input.permissionMode ?? "bypass",
     sandbox,
-    account: input.account,
+    account: accountForRole(input, role, seed),
     timeoutMs: 45 * 60000
   };
 }
@@ -4076,7 +4246,7 @@ function renderTodosTaskWorkerVerifierWorkflow(input) {
         id: "worker",
         name: "Worker",
         description: "Implement the todos task and record evidence.",
-        target: agentTarget(input, workerPrompt),
+        target: agentTarget(input, workerPrompt, "worker", input.taskId),
         timeoutMs: 45 * 60000
       },
       {
@@ -4084,7 +4254,7 @@ function renderTodosTaskWorkerVerifierWorkflow(input) {
         name: "Verifier",
         description: "Adversarially verify worker output and update todos.",
         dependsOn: ["worker"],
-        target: agentTarget(input, verifierPrompt),
+        target: agentTarget(input, verifierPrompt, "verifier", input.taskId),
         timeoutMs: 30 * 60000
       }
     ]
@@ -4140,7 +4310,7 @@ function renderEventWorkerVerifierWorkflow(input) {
         id: "worker",
         name: "Worker",
         description: "Handle the Hasna event and record evidence.",
-        target: agentTarget(input, workerPrompt),
+        target: agentTarget(input, workerPrompt, "worker", `${input.eventSource}:${input.eventType}:${input.eventId}`),
         timeoutMs: 45 * 60000
       },
       {
@@ -4148,7 +4318,7 @@ function renderEventWorkerVerifierWorkflow(input) {
         name: "Verifier",
         description: "Adversarially verify event handling.",
         dependsOn: ["worker"],
-        target: agentTarget(input, verifierPrompt),
+        target: agentTarget(input, verifierPrompt, "verifier", `${input.eventSource}:${input.eventType}:${input.eventId}`),
         timeoutMs: 30 * 60000
       }
     ]
@@ -4163,7 +4333,11 @@ function renderLoopTemplate(id, values) {
       projectPath: values.projectPath ?? values.cwd ?? process.cwd(),
       provider: values.provider,
       authProfile: values.authProfile,
+      authProfilePool: listVar(values.authProfilePool),
+      workerAuthProfile: values.workerAuthProfile,
+      verifierAuthProfile: values.verifierAuthProfile,
       account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+      accountPool: accountPoolVar(values.accountPool, values.accountTool),
       model: values.model,
       variant: values.variant,
       agent: values.agent,
@@ -4184,7 +4358,11 @@ function renderLoopTemplate(id, values) {
       projectPath: values.projectPath ?? values.cwd ?? process.cwd(),
       provider: values.provider,
       authProfile: values.authProfile,
+      authProfilePool: listVar(values.authProfilePool),
+      workerAuthProfile: values.workerAuthProfile,
+      verifierAuthProfile: values.verifierAuthProfile,
       account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+      accountPool: accountPoolVar(values.accountPool, values.accountTool),
       model: values.model,
       variant: values.variant,
       agent: values.agent,
@@ -4194,6 +4372,13 @@ function renderLoopTemplate(id, values) {
   }
   throw new Error(`unknown template: ${id}`);
 }
+function listVar(value) {
+  const values = value?.split(",").map((entry) => entry.trim()).filter(Boolean);
+  return values?.length ? values : undefined;
+}
+function accountPoolVar(value, tool) {
+  return listVar(value)?.map((profile) => ({ profile, tool }));
+}
 // src/lib/doctor.ts
 import { spawnSync as spawnSync3 } from "child_process";
 import { accessSync as accessSync2, constants as constants2 } from "fs";
@@ -4269,7 +4454,8 @@ function daemonStatus(store, path = pidFilePath()) {
       active: store.countLoops("active"),
       paused: store.countLoops("paused"),
       stopped: store.countLoops("stopped"),
-      expired: store.countLoops("expired")
+      expired: store.countLoops("expired"),
+      archived: store.countLoops(undefined, { archived: true })
     },
     runs: {
       total: store.countRuns(),
@@ -4430,6 +4616,215 @@ function runDoctor(store) {
     checks
   };
 }
+// src/lib/health.ts
+import { createHash } from "crypto";
+var EVIDENCE_CHARS = 2000;
+var CLASSIFICATIONS = [
+  "rate_limit",
+  "auth",
+  "model_not_found",
+  "context_length",
+  "schema_response_format",
+  "node_init",
+  "timeout",
+  "sigsegv",
+  "skipped_previous_active",
+  "unknown"
+];
+function bounded(value, limit = EVIDENCE_CHARS) {
+  if (!value)
+    return;
+  if (value.length <= limit)
+    return value;
+  return `${value.slice(0, limit)}
+[truncated ${value.length - limit} chars]`;
+}
+function searchableText(run) {
+  return [run.error, run.stderr, run.stdout].filter(Boolean).join(`
+`).toLowerCase();
+}
+function stableFingerprint(parts) {
+  return createHash("sha256").update(parts.join(`
+`)).digest("hex").slice(0, 16);
+}
+function healthRun(run) {
+  return {
+    ...run,
+    error: bounded(run.error),
+    stdout: bounded(run.stdout),
+    stderr: bounded(run.stderr)
+  };
+}
+function classifyRunFailure(run) {
+  if (run.status === "succeeded" || run.status === "running")
+    return;
+  const text = searchableText(run);
+  let classification = "unknown";
+  if (run.status === "timed_out")
+    classification = "timeout";
+  else if (run.status === "skipped" && /previous run still active/.test(text))
+    classification = "skipped_previous_active";
+  else if (/rate limit|too many requests|429\b|quota exceeded/.test(text))
+    classification = "rate_limit";
+  else if (/unauthorized|authentication|auth\b|api key|invalid token|permission denied|401\b|403\b/.test(text))
+    classification = "auth";
+  else if (/model .*not found|model_not_found|unknown model|invalid model|404.*model/.test(text))
+    classification = "model_not_found";
+  else if (/context length|context_length|context window|maximum context|token limit|too many tokens/.test(text))
+    classification = "context_length";
+  else if (/response_format|json schema|schema validation|invalid schema|structured output/.test(text))
+    classification = "schema_response_format";
+  else if (/cannot find module|module not found|node:internal|bun: command not found|node: command not found|npm err!|err_module_not_found/.test(text))
+    classification = "node_init";
+  else if (/sigsegv|segmentation fault|signal 11/.test(text))
+    classification = "sigsegv";
+  return {
+    classification,
+    fingerprint: stableFingerprint([
+      run.loopId,
+      run.loopName,
+      run.status,
+      classification,
+      String(run.exitCode ?? ""),
+      (run.error ?? run.stderr ?? run.stdout ?? "").slice(0, 500)
+    ]),
+    evidence: {
+      error: bounded(run.error),
+      stdout: bounded(run.stdout),
+      stderr: bounded(run.stderr),
+      exitCode: run.exitCode
+    }
+  };
+}
+function targetRoute(loop) {
+  if (loop.target.type === "agent") {
+    return {
+      source: "openloops",
+      kind: "loop_expectation",
+      loopId: loop.id,
+      loopName: loop.name,
+      cwd: loop.target.cwd,
+      provider: loop.target.provider
+    };
+  }
+  if (loop.target.type === "command") {
+    return {
+      source: "openloops",
+      kind: "loop_expectation",
+      loopId: loop.id,
+      loopName: loop.name,
+      cwd: loop.target.cwd
+    };
+  }
+  return {
+    source: "openloops",
+    kind: "loop_expectation",
+    loopId: loop.id,
+    loopName: loop.name
+  };
+}
+function recommendedTask(loop, run, failure, route) {
+  const title = `BUG: open-loops loop failure - ${loop.name}`;
+  const description = [
+    `OpenLoops expectation failed for loop ${loop.name} (${loop.id}).`,
+    `Run: ${run.id}`,
+    `Status: ${run.status}`,
+    `Classification: ${failure.classification}`,
+    `Fingerprint: ${failure.fingerprint}`,
+    route.cwd ? `Route cwd: ${route.cwd}` : undefined,
+    route.provider ? `Provider: ${route.provider}` : undefined,
+    failure.evidence.error ? `Error:
+${failure.evidence.error}` : undefined,
+    failure.evidence.stderr ? `Stderr:
+${failure.evidence.stderr}` : undefined
+  ].filter(Boolean).join(`
+
+`);
+  const dedupeKey = `openloops:${loop.id}:${failure.fingerprint}`;
+  const tags = ["bug", "openloops", "loop-health", failure.classification];
+  const priority = failure.classification === "auth" || failure.classification === "rate_limit" ? "high" : "medium";
+  return {
+    title,
+    description,
+    priority,
+    tags,
+    dedupeKey,
+    search: { query: dedupeKey },
+    compatibilityFallback: {
+      search: ["todos", "search", dedupeKey, "--json"],
+      add: ["todos", "add", title, "--description", description, "--tag", tags.join(","), "--priority", priority],
+      comment: ["todos", "comment", "<task-id>", description]
+    },
+    futureNativeUpsert: {
+      command: "todos upsert",
+      fields: {
+        title,
+        description,
+        priority,
+        tags,
+        dedupeKey,
+        routeSource: route.source,
+        routeKind: route.kind,
+        routeLoopId: route.loopId,
+        routeLoopName: route.loopName
+      }
+    }
+  };
+}
+function expectationForLoop(store, loop) {
+  const latestRun = store.listRuns({ loopId: loop.id, limit: 1 })[0];
+  const route = targetRoute(loop);
+  if (!latestRun) {
+    return {
+      loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+      ok: true,
+      check: { id: "latest-run-succeeded", status: "warn", message: "loop has no recorded runs yet" },
+      route
+    };
+  }
+  if (latestRun.status === "succeeded") {
+    return {
+      loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+      ok: true,
+      check: { id: "latest-run-succeeded", status: "pass", message: "latest run succeeded" },
+      latestRun: healthRun(latestRun),
+      route
+    };
+  }
+  const failure = classifyRunFailure(latestRun);
+  return {
+    loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+    ok: false,
+    check: { id: "latest-run-succeeded", status: "fail", message: `latest run is ${latestRun.status}` },
+    latestRun: healthRun(latestRun),
+    failure,
+    route,
+    recommendedTask: failure ? recommendedTask(loop, latestRun, failure, route) : undefined
+  };
+}
+function buildHealthReport(store, opts = {}) {
+  const loops2 = store.listLoops({ includeArchived: opts.includeArchived, limit: opts.limit ?? 200 });
+  const expectations = loops2.map((loop) => expectationForLoop(store, loop));
+  const classifications = Object.fromEntries(CLASSIFICATIONS.map((key) => [key, 0]));
+  for (const expectation of expectations) {
+    if (expectation.failure)
+      classifications[expectation.failure.classification] += 1;
+  }
+  const unhealthy = expectations.filter((expectation) => !expectation.ok).length;
+  const warnings = expectations.filter((expectation) => expectation.check.status === "warn").length;
+  return {
+    ok: unhealthy === 0,
+    generatedAt: new Date().toISOString(),
+    summary: {
+      loops: expectations.length,
+      healthy: expectations.length - unhealthy,
+      unhealthy,
+      warnings
+    },
+    classifications,
+    expectations
+  };
+}
 export {
   workflowExecutionOrder,
   workflowBodyFromJson,
@@ -4455,11 +4850,14 @@ export {
   isTerminal as isGoalTerminal,
   initialNextRun,
   getLoopTemplate,
+  expectationForLoop,
   executeWorkflow,
   executeTarget,
   executeLoopTarget,
   executeLoop,
   computeNextAfter,
+  classifyRunFailure,
+  buildHealthReport,
   TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
   Store,
   LoopsClient,