@hasna/loops 0.3.15 → 0.3.17

package/dist/index.js

@@ -326,6 +326,17 @@ function optionalPositiveInteger(value, label) {
     throw new Error(`${label} must be a positive integer`);
   return value;
 }
+function optionalStringArray(value, label) {
+  if (value === undefined)
+    return;
+  if (!Array.isArray(value))
+    throw new Error(`${label} must be an array`);
+  const values = value.map((entry, index) => {
+    assertString(entry, `${label}[${index}]`);
+    return entry.trim();
+  }).filter(Boolean);
+  return values.length ? values : undefined;
+}
 function normalizeGoalSpec(value, label = "goal") {
   if (value === undefined)
     return;
@@ -397,6 +408,14 @@ function validateTarget(value, label) {
         throw new Error(`${label}.sandbox is currently supported only for provider codewith, codex, or cursor`);
       }
     }
+    if (value.allowlist !== undefined) {
+      assertObject(value.allowlist, `${label}.allowlist`);
+      optionalStringArray(value.allowlist.tools, `${label}.allowlist.tools`);
+      optionalStringArray(value.allowlist.commands, `${label}.allowlist.commands`);
+      if (value.allowlist.enforcement !== undefined && value.allowlist.enforcement !== "metadata_only") {
+        throw new Error(`${label}.allowlist.enforcement must be metadata_only`);
+      }
+    }
     return value;
   }
   throw new Error(`${label}.type must be command or agent`);
@@ -1031,6 +1050,30 @@ class Store {
       throw new Error(`loop not found after update: ${id}`);
     return after;
   }
+  renameLoop(id, name, opts = {}) {
+    const current = this.getLoop(id);
+    if (!current)
+      throw new Error(`loop not found: ${id}`);
+    const trimmed = name.trim();
+    if (!trimmed)
+      throw new Error("loop name must not be empty");
+    const updated = (opts.now ?? new Date).toISOString();
+    this.db.query(`UPDATE loops SET name=$name, updated_at=$updated
+         WHERE id=$id
+           AND ($daemonLeaseId IS NULL OR EXISTS (
+             SELECT 1 FROM daemon_lease WHERE id=$daemonLeaseId AND expires_at > $now
+           ))`).run({
+      $id: id,
+      $name: trimmed,
+      $updated: updated,
+      $daemonLeaseId: opts.daemonLeaseId ?? null,
+      $now: updated
+    });
+    const after = this.getLoop(id);
+    if (!after)
+      throw new Error(`loop not found after rename: ${id}`);
+    return after;
+  }
   archiveLoop(idOrName) {
     const loop = this.requireLoop(idOrName);
     if (loop.archivedAt)
@@ -2455,6 +2498,16 @@ function metadataEnv(metadata) {
     env.LOOPS_GOAL_NODE_KEY = metadata.goalNodeKey;
   return env;
 }
+function allowlistEnv(allowlist) {
+  const env = {};
+  if (allowlist?.tools?.length)
+    env.LOOPS_AGENT_ALLOWED_TOOLS = allowlist.tools.join(",");
+  if (allowlist?.commands?.length)
+    env.LOOPS_AGENT_ALLOWED_COMMANDS = allowlist.commands.join(",");
+  if (allowlist?.tools?.length || allowlist?.commands?.length)
+    env.LOOPS_AGENT_ALLOWLIST_ENFORCEMENT = "metadata_only";
+  return env;
+}
 function providerCommand(provider) {
   switch (provider) {
     case "claude":
@@ -2662,7 +2715,8 @@ function commandSpec(target) {
     account: agentTarget.account,
     accountTool: agentTarget.account?.tool ?? accountToolForProvider(agentTarget.provider),
     preflightAnyOf: agentTarget.provider === "cursor" ? ["cursor", "agent"] : undefined,
-    stdin: agentTarget.prompt
+    stdin: agentTarget.prompt,
+    allowlist: agentTarget.allowlist
   };
 }
 function executionEnv(spec, metadata, opts) {
@@ -2674,6 +2728,7 @@ function executionEnv(spec, metadata, opts) {
     Object.assign(env, accountEnv);
   }
   Object.assign(env, spec.env ?? {});
+  Object.assign(env, allowlistEnv(spec.allowlist));
   env.PATH = normalizeExecutionPath(env);
   Object.assign(env, metadataEnv(metadata));
   return env;
@@ -2712,6 +2767,9 @@ function remoteBootstrapLines(spec, metadata) {
       continue;
     lines.push(`export ${key}=${shellQuote(value)}`);
   }
+  for (const [key, value] of Object.entries(allowlistEnv(spec.allowlist))) {
+    lines.push(`export ${key}=${shellQuote(value)}`);
+  }
   return lines;
 }
 function remoteScript(spec, metadata) {
@@ -4060,6 +4118,7 @@ function loops(opts = {}) {
 // src/lib/templates.ts
 var TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID = "todos-task-worker-verifier";
 var EVENT_WORKER_VERIFIER_TEMPLATE_ID = "event-worker-verifier";
+var BOUNDED_AGENT_WORKER_VERIFIER_TEMPLATE_ID = "bounded-agent-worker-verifier";
 var TEMPLATE_SUMMARIES = [
   {
     id: TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
@@ -4104,6 +4163,28 @@ var TEMPLATE_SUMMARIES = [
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
       { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." }
     ]
+  },
+  {
+    id: BOUNDED_AGENT_WORKER_VERIFIER_TEMPLATE_ID,
+    name: "Bounded Agent Worker + Verifier",
+    description: "Create a bounded recurring-agent workflow: one agent performs a narrow objective, then a fresh verifier audits the result with separate account/profile selection.",
+    kind: "workflow",
+    variables: [
+      { name: "objective", required: true, description: "Narrow goal-mode objective for the worker." },
+      { name: "prompt", description: "Optional extra worker prompt details." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "provider", default: "codewith", description: "Agent provider: codewith, claude, cursor, opencode, aicopilot, or codex." },
+      { name: "authProfile", description: "Provider-native auth profile, currently Codewith." },
+      { name: "authProfilePool", description: "Comma-separated provider-native auth profiles; worker/verifier are selected deterministically." },
+      { name: "workerAuthProfile", description: "Provider-native auth profile for the worker step." },
+      { name: "verifierAuthProfile", description: "Provider-native auth profile for the verifier step." },
+      { name: "accountPool", description: "Comma-separated OpenAccounts profiles; worker/verifier are selected deterministically." },
+      { name: "model", description: "Provider model." },
+      { name: "variant", description: "Provider reasoning/model effort variant." },
+      { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
+      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." },
+      { name: "timeoutMs", default: "2700000", description: "Step timeout in milliseconds." }
+    ]
   }
 ];
 function compactJson(value) {
@@ -4290,6 +4371,54 @@ function renderEventWorkerVerifierWorkflow(input) {
     ]
   };
 }
+function renderBoundedAgentWorkerVerifierWorkflow(input) {
+  if (!input.objective?.trim())
+    throw new Error("objective is required");
+  if (!input.projectPath?.trim())
+    throw new Error("projectPath is required");
+  const seed = `${input.projectPath}:${input.objective}`;
+  const timeoutMs = input.timeoutMs && Number.isFinite(input.timeoutMs) ? input.timeoutMs : 45 * 60000;
+  const workerPrompt = [
+    `/goal ${input.objective}`,
+    "",
+    "You are the worker step for a bounded OpenLoops agent workflow.",
+    "Investigate first. Keep scope narrow, use local project/task systems as the source of truth when relevant, preserve unrelated changes, run focused validation, and record concise evidence.",
+    "Do not dispatch or paste prompts into tmux panes. If additional work is required, create or update deduped todos tasks so task-created routing can start a fresh headless workflow.",
+    input.prompt ? "" : undefined,
+    input.prompt
+  ].filter(Boolean).join(`
+`);
+  const verifierPrompt = [
+    `/goal Adversarially verify: ${input.objective}`,
+    "",
+    "You are the verifier step for a bounded OpenLoops agent workflow.",
+    "Use fresh context. Review the worker result for correctness, regressions, missing tests, safety, runaway-agent risk, output bounds, and incomplete evidence.",
+    "If valid, record verification evidence. If invalid, create precise follow-up tasks or comments and leave the original work open. Do not make broad unrelated changes."
+  ].join(`
+`);
+  return {
+    name: input.name ?? `bounded-agent-${stableIndex(seed, 65535).toString(16)}-worker-verifier`,
+    description: `Bounded worker/verifier workflow for ${input.objective.slice(0, 180)}`,
+    version: 1,
+    steps: [
+      {
+        id: "worker",
+        name: "Worker",
+        description: "Execute the bounded objective and record evidence.",
+        target: agentTarget(input, workerPrompt, "worker", seed),
+        timeoutMs
+      },
+      {
+        id: "verifier",
+        name: "Verifier",
+        description: "Adversarially verify the bounded objective result.",
+        dependsOn: ["worker"],
+        target: agentTarget(input, verifierPrompt, "verifier", seed),
+        timeoutMs: Math.min(timeoutMs, 30 * 60000)
+      }
+    ]
+  };
+}
 function renderLoopTemplate(id, values) {
   if (id === TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID) {
     return renderTodosTaskWorkerVerifierWorkflow({
@@ -4336,6 +4465,27 @@ function renderLoopTemplate(id, values) {
       sandbox: values.sandbox
     });
   }
+  if (id === BOUNDED_AGENT_WORKER_VERIFIER_TEMPLATE_ID) {
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      name: values.name,
+      objective: values.objective ?? "",
+      prompt: values.prompt,
+      projectPath: values.projectPath ?? values.cwd ?? process.cwd(),
+      provider: values.provider,
+      authProfile: values.authProfile,
+      authProfilePool: listVar(values.authProfilePool),
+      workerAuthProfile: values.workerAuthProfile,
+      verifierAuthProfile: values.verifierAuthProfile,
+      account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+      accountPool: accountPoolVar(values.accountPool, values.accountTool),
+      model: values.model,
+      variant: values.variant,
+      agent: values.agent,
+      permissionMode: values.permissionMode,
+      sandbox: values.sandbox,
+      timeoutMs: values.timeoutMs ? Number(values.timeoutMs) : undefined
+    });
+  }
   throw new Error(`unknown template: ${id}`);
 }
 function listVar(value) {
@@ -4582,6 +4732,428 @@ function runDoctor(store) {
     checks
   };
 }
+// src/lib/health.ts
+import { createHash } from "crypto";
+var EVIDENCE_CHARS = 2000;
+var CLASSIFICATIONS = [
+  "rate_limit",
+  "auth",
+  "model_not_found",
+  "context_length",
+  "schema_response_format",
+  "node_init",
+  "timeout",
+  "sigsegv",
+  "skipped_previous_active",
+  "unknown"
+];
+function bounded(value, limit = EVIDENCE_CHARS) {
+  if (!value)
+    return;
+  if (value.length <= limit)
+    return value;
+  return `${value.slice(0, limit)}
+[truncated ${value.length - limit} chars]`;
+}
+function searchableText(run) {
+  return [run.error, run.stderr, run.stdout].filter(Boolean).join(`
+`).toLowerCase();
+}
+function stableFingerprint(parts) {
+  return createHash("sha256").update(parts.join(`
+`)).digest("hex").slice(0, 16);
+}
+function healthRun(run) {
+  return {
+    ...run,
+    error: bounded(run.error),
+    stdout: bounded(run.stdout),
+    stderr: bounded(run.stderr)
+  };
+}
+function classifyRunFailure(run) {
+  if (run.status === "succeeded" || run.status === "running")
+    return;
+  const text = searchableText(run);
+  let classification = "unknown";
+  if (run.status === "timed_out")
+    classification = "timeout";
+  else if (run.status === "skipped" && /previous run still active/.test(text))
+    classification = "skipped_previous_active";
+  else if (/rate limit|too many requests|429\b|quota exceeded/.test(text))
+    classification = "rate_limit";
+  else if (/unauthorized|authentication|auth\b|api key|invalid token|permission denied|401\b|403\b/.test(text))
+    classification = "auth";
+  else if (/model .*not found|model_not_found|unknown model|invalid model|404.*model/.test(text))
+    classification = "model_not_found";
+  else if (/context length|context_length|context window|maximum context|token limit|too many tokens/.test(text))
+    classification = "context_length";
+  else if (/response_format|json schema|schema validation|invalid schema|structured output/.test(text))
+    classification = "schema_response_format";
+  else if (/cannot find module|module not found|node:internal|bun: command not found|node: command not found|npm err!|err_module_not_found/.test(text))
+    classification = "node_init";
+  else if (/sigsegv|segmentation fault|signal 11/.test(text))
+    classification = "sigsegv";
+  return {
+    classification,
+    fingerprint: stableFingerprint([
+      run.loopId,
+      run.loopName,
+      run.status,
+      classification,
+      String(run.exitCode ?? ""),
+      (run.error ?? run.stderr ?? run.stdout ?? "").slice(0, 500)
+    ]),
+    evidence: {
+      error: bounded(run.error),
+      stdout: bounded(run.stdout),
+      stderr: bounded(run.stderr),
+      exitCode: run.exitCode
+    }
+  };
+}
+function targetRoute(loop) {
+  if (loop.target.type === "agent") {
+    return {
+      source: "openloops",
+      kind: "loop_expectation",
+      loopId: loop.id,
+      loopName: loop.name,
+      cwd: loop.target.cwd,
+      provider: loop.target.provider
+    };
+  }
+  if (loop.target.type === "command") {
+    return {
+      source: "openloops",
+      kind: "loop_expectation",
+      loopId: loop.id,
+      loopName: loop.name,
+      cwd: loop.target.cwd
+    };
+  }
+  return {
+    source: "openloops",
+    kind: "loop_expectation",
+    loopId: loop.id,
+    loopName: loop.name
+  };
+}
+function recommendedTask(loop, run, failure, route) {
+  const title = `BUG: open-loops loop failure - ${loop.name}`;
+  const description = [
+    `OpenLoops expectation failed for loop ${loop.name} (${loop.id}).`,
+    `Run: ${run.id}`,
+    `Status: ${run.status}`,
+    `Classification: ${failure.classification}`,
+    `Fingerprint: ${failure.fingerprint}`,
+    route.cwd ? `Route cwd: ${route.cwd}` : undefined,
+    route.provider ? `Provider: ${route.provider}` : undefined,
+    failure.evidence.error ? `Error:
+${failure.evidence.error}` : undefined,
+    failure.evidence.stderr ? `Stderr:
+${failure.evidence.stderr}` : undefined
+  ].filter(Boolean).join(`
+
+`);
+  const dedupeKey = `openloops:${loop.id}:${failure.fingerprint}`;
+  const tags = ["bug", "openloops", "loop-health", failure.classification];
+  const priority = failure.classification === "auth" || failure.classification === "rate_limit" ? "high" : "medium";
+  return {
+    title,
+    description,
+    priority,
+    tags,
+    dedupeKey,
+    search: { query: dedupeKey },
+    compatibilityFallback: {
+      search: ["todos", "search", dedupeKey, "--json"],
+      add: ["todos", "add", title, "--description", description, "--tag", tags.join(","), "--priority", priority],
+      comment: ["todos", "comment", "<task-id>", description]
+    },
+    futureNativeUpsert: {
+      command: "todos upsert",
+      fields: {
+        title,
+        description,
+        priority,
+        tags,
+        dedupeKey,
+        routeSource: route.source,
+        routeKind: route.kind,
+        routeLoopId: route.loopId,
+        routeLoopName: route.loopName
+      }
+    }
+  };
+}
+function expectationForLoop(store, loop) {
+  const latestRun = store.listRuns({ loopId: loop.id, limit: 1 })[0];
+  const route = targetRoute(loop);
+  if (!latestRun) {
+    return {
+      loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+      ok: true,
+      check: { id: "latest-run-succeeded", status: "warn", message: "loop has no recorded runs yet" },
+      route
+    };
+  }
+  if (latestRun.status === "succeeded") {
+    return {
+      loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+      ok: true,
+      check: { id: "latest-run-succeeded", status: "pass", message: "latest run succeeded" },
+      latestRun: healthRun(latestRun),
+      route
+    };
+  }
+  const failure = classifyRunFailure(latestRun);
+  return {
+    loop: { id: loop.id, name: loop.name, status: loop.status, nextRunAt: loop.nextRunAt },
+    ok: false,
+    check: { id: "latest-run-succeeded", status: "fail", message: `latest run is ${latestRun.status}` },
+    latestRun: healthRun(latestRun),
+    failure,
+    route,
+    recommendedTask: failure ? recommendedTask(loop, latestRun, failure, route) : undefined
+  };
+}
+function buildHealthReport(store, opts = {}) {
+  const loops2 = store.listLoops({ includeArchived: opts.includeArchived, limit: opts.limit ?? 200 });
+  const expectations = loops2.map((loop) => expectationForLoop(store, loop));
+  const classifications = Object.fromEntries(CLASSIFICATIONS.map((key) => [key, 0]));
+  for (const expectation of expectations) {
+    if (expectation.failure)
+      classifications[expectation.failure.classification] += 1;
+  }
+  const unhealthy = expectations.filter((expectation) => !expectation.ok).length;
+  const warnings = expectations.filter((expectation) => expectation.check.status === "warn").length;
+  return {
+    ok: unhealthy === 0,
+    generatedAt: new Date().toISOString(),
+    summary: {
+      loops: expectations.length,
+      healthy: expectations.length - unhealthy,
+      unhealthy,
+      warnings
+    },
+    classifications,
+    expectations
+  };
+}
+// src/lib/hygiene.ts
+import { basename } from "path";
+var PROVIDER_TOKENS = new Set([
+  "codewith",
+  "claude",
+  "command",
+  "tmux",
+  "codex",
+  "cursor",
+  "opencode",
+  "aicopilot",
+  "agent"
+]);
+var REPO_GENERIC_TOKENS = new Set(["repo", "repoops"]);
+function slugify(value) {
+  return value.normalize("NFKD").replace(/[^\w\s.-]/g, "-").replace(/[_\s.:/]+/g, "-").replace(/[^a-zA-Z0-9-]+/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").toLowerCase();
+}
+function repoSlugFromCwd(cwd) {
+  if (!cwd || cwd === process.env.HOME || cwd === "/home/hasna")
+    return "";
+  if (cwd.includes("/.hasna/loops/"))
+    return "";
+  return slugify(basename(cwd));
+}
+function scopeForLoop(loop) {
+  const cwd = loop.target.type === "command" || loop.target.type === "agent" ? loop.target.cwd : undefined;
+  const repoSlug = repoSlugFromCwd(cwd);
+  if (repoSlug)
+    return { scope: "repo", prefix: `repo-${repoSlug}`, scopeSlug: repoSlug };
+  return { scope: "machine", prefix: "machine", scopeSlug: "machine" };
+}
+function taskSlug(loop, scope) {
+  const oldName = loop.name;
+  let nameForParsing = oldName;
+  if (!oldName.includes(":")) {
+    const slug = slugify(oldName);
+    if (scope.scope === "machine" && slug.startsWith("machine-"))
+      nameForParsing = slug.slice("machine-".length);
+    else if (scope.scope === "repo" && slug.startsWith(`repo-${scope.scopeSlug}-`)) {
+      nameForParsing = slug.slice(`repo-${scope.scopeSlug}-`.length);
+    } else
+      nameForParsing = slug;
+  }
+  const parts = [];
+  for (const rawPart of oldName.includes(":") ? oldName.split(":") : [nameForParsing]) {
+    const part = slugify(rawPart);
+    if (!part)
+      continue;
+    if (PROVIDER_TOKENS.has(part) || /^account\d+$/.test(part))
+      continue;
+    if (scope.scope === "repo" && REPO_GENERIC_TOKENS.has(part))
+      continue;
+    let normalized = part;
+    if (scope.scope === "repo" && normalized === scope.scopeSlug)
+      continue;
+    if (scope.scope === "repo" && normalized.startsWith(`${scope.scopeSlug}-`)) {
+      normalized = normalized.slice(scope.scopeSlug.length + 1);
+    }
+    if (normalized)
+      parts.push(normalized);
+  }
+  const deduped = [];
+  for (const token of parts.join("-").split("-").filter(Boolean)) {
+    if (deduped[deduped.length - 1] !== token)
+      deduped.push(token);
+  }
+  return deduped.join("-") || "loop";
+}
+function canonicalName(loop) {
+  const scope = scopeForLoop(loop);
+  let name = `${scope.prefix}-${taskSlug(loop, scope)}`.replace(/-+/g, "-").replace(/^-|-$/g, "");
+  if (name.length > 120)
+    name = `${name.slice(0, 111).replace(/-+$/g, "")}-${loop.id.slice(0, 8)}`;
+  return {
+    id: loop.id,
+    status: loop.status,
+    scope: scope.scope,
+    scopeSlug: scope.scopeSlug,
+    newName: name
+  };
+}
+function ensureUnique(changes) {
+  const used = new Set;
+  for (const change of changes) {
+    let candidate = change.newName;
+    if (!used.has(candidate)) {
+      used.add(candidate);
+      change.newName = candidate;
+      change.changed = change.oldName !== candidate;
+      continue;
+    }
+    const base = candidate.slice(0, 111).replace(/-+$/g, "");
+    candidate = `${base}-${change.id.slice(0, 8)}`;
+    let suffix = 2;
+    while (used.has(candidate)) {
+      const extra = `-${change.id.slice(0, 6)}-${suffix++}`;
+      candidate = `${base.slice(0, 120 - extra.length)}${extra}`;
+    }
+    used.add(candidate);
+    change.newName = candidate;
+    change.changed = change.oldName !== candidate;
+  }
+}
+function managedLoops(store, opts) {
+  const loops2 = store.listLoops({ includeArchived: Boolean(opts.includeInactive), limit: opts.limit ?? 1000 });
+  if (opts.includeInactive)
+    return loops2;
+  if (opts.includeStopped)
+    return loops2.filter((loop) => loop.status !== "expired");
+  return loops2.filter((loop) => loop.status === "active" || loop.status === "paused");
+}
+function buildNameHygieneReport(store, opts = {}) {
+  const changes = managedLoops(store, opts).map((loop) => {
+    const canonical = canonicalName(loop);
+    return {
+      ...canonical,
+      oldName: loop.name,
+      changed: loop.name !== canonical.newName
+    };
+  });
+  ensureUnique(changes);
+  const changed = changes.filter((change) => change.changed);
+  if (opts.apply) {
+    for (const change of changed)
+      store.renameLoop(change.id, change.newName);
+  }
+  return {
+    ok: changed.length === 0,
+    generatedAt: new Date().toISOString(),
+    applied: Boolean(opts.apply),
+    checked: changes.length,
+    changed: changed.length,
+    changes
+  };
+}
+function baseName(name) {
+  return name.replace(/-(bounded|compact|native)?-?low(?:-\d+m)?$/g, "").replace(/-\d+[mhd]$/g, "").replace(/-(bounded|compact)$/g, "");
+}
+function scheduleKey(schedule) {
+  if (schedule.type === "cron")
+    return `cron:${schedule.expression}`;
+  if (schedule.type === "interval")
+    return `interval:${schedule.everyMs}`;
+  if (schedule.type === "once")
+    return `once:${schedule.at}`;
+  return `dynamic:${schedule.minIntervalMs ?? ""}`;
+}
+function targetCwd(loop) {
+  return loop.target.type === "command" || loop.target.type === "agent" ? loop.target.cwd ?? "" : "";
+}
+function buildDuplicateOverlapReport(store, opts = {}) {
+  const loops2 = managedLoops(store, { includeInactive: opts.includeInactive, includeStopped: true, limit: opts.limit });
+  const groups = new Map;
+  for (const loop of loops2) {
+    const base = baseName(loop.name);
+    const cwd = targetCwd(loop) || undefined;
+    const schedule = scheduleKey(loop.schedule);
+    const key = `${base}|${cwd ?? ""}|${schedule}`;
+    const existing = groups.get(key) ?? { baseName: base, cwd, schedule, loops: [] };
+    existing.loops.push(loop);
+    groups.set(key, existing);
+  }
+  const duplicateGroups = [...groups.entries()].filter(([, group]) => group.loops.length > 1).map(([key, group]) => ({
+    key,
+    baseName: group.baseName,
+    cwd: group.cwd,
+    schedule: group.schedule,
+    loops: group.loops.map((loop) => ({
+      id: loop.id,
+      name: loop.name,
+      status: loop.status,
+      nextRunAt: loop.nextRunAt
+    }))
+  }));
+  return {
+    ok: duplicateGroups.length === 0,
+    generatedAt: new Date().toISOString(),
+    checked: loops2.length,
+    groups: duplicateGroups
+  };
+}
+function commandText(loop) {
+  if (loop.target.type !== "command")
+    return "";
+  return [loop.target.command, ...loop.target.args ?? []].join(" ");
+}
+function buildScriptInventoryReport(store, opts = {}) {
+  const scriptsDir = opts.scriptsDir ?? `${process.env.HOME ?? "/home/hasna"}/.hasna/loops/scripts`;
+  const loops2 = managedLoops(store, { includeInactive: opts.includeInactive, includeStopped: true, limit: opts.limit });
+  const scriptBacked = loops2.map((loop) => {
+    const text = commandText(loop);
+    if (!text)
+      return;
+    const matches = [scriptsDir, "/.hasna/loops/scripts/"].filter((needle) => text.includes(needle));
+    if (!matches.length)
+      return;
+    return {
+      id: loop.id,
+      name: loop.name,
+      status: loop.status,
+      cwd: targetCwd(loop) || undefined,
+      command: text.length > 500 ? `${text.slice(0, 500)}...` : text,
+      scriptMatches: [...new Set(matches)]
+    };
+  }).filter((value) => Boolean(value));
+  return {
+    ok: scriptBacked.length === 0,
+    generatedAt: new Date().toISOString(),
+    checked: loops2.length,
+    scriptBacked: scriptBacked.length,
+    loops: scriptBacked
+  };
+}
 export {
   workflowExecutionOrder,
   workflowBodyFromJson,
@@ -4594,6 +5166,7 @@ export {
   renderTodosTaskWorkerVerifierWorkflow,
   renderLoopTemplate,
   renderEventWorkerVerifierWorkflow,
+  renderBoundedAgentWorkerVerifierWorkflow,
   refreshLoopMachine,
   readyNodeKeys,
   preflightWorkflow,
@@ -4607,13 +5180,20 @@ export {
   isTerminal as isGoalTerminal,
   initialNextRun,
   getLoopTemplate,
+  expectationForLoop,
   executeWorkflow,
   executeTarget,
   executeLoopTarget,
   executeLoop,
   computeNextAfter,
+  classifyRunFailure,
+  buildScriptInventoryReport,
+  buildNameHygieneReport,
+  buildHealthReport,
+  buildDuplicateOverlapReport,
   TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
   Store,
   LoopsClient,
-  EVENT_WORKER_VERIFIER_TEMPLATE_ID
+  EVENT_WORKER_VERIFIER_TEMPLATE_ID,
+  BOUNDED_AGENT_WORKER_VERIFIER_TEMPLATE_ID
 };