@hasna/loops 0.3.38 → 0.3.40

package/dist/cli/index.js

@@ -3,8 +3,9 @@
 
 // src/lib/store.ts
 import { Database } from "bun:sqlite";
-import { mkdirSync as mkdirSync2 } from "fs";
-import { dirname } from "path";
+import { mkdirSync as mkdirSync3, mkdtempSync, rmSync } from "fs";
+import { tmpdir } from "os";
+import { dirname, join as join3 } from "path";
 
 // src/lib/ids.ts
 import { randomBytes } from "crypto";
@@ -365,6 +366,8 @@ function validateTarget(value, label) {
   assertObject(value, label);
   if (value.type === "command") {
     assertString(value.command, `${label}.command`);
+    optionalPositiveInteger(value.timeoutMs, `${label}.timeoutMs`);
+    optionalPositiveInteger(value.idleTimeoutMs, `${label}.idleTimeoutMs`);
     if (value.shell !== true && /\s/.test(value.command.trim())) {
       throw new Error(`${label}.command must be an executable without spaces when shell is false; put flags in args or set shell true`);
     }
@@ -376,6 +379,8 @@ function validateTarget(value, label) {
     const providers = ["claude", "cursor", "codewith", "aicopilot", "opencode", "codex"];
     if (!providers.includes(value.provider))
       throw new Error(`${label}.provider must be one of ${providers.join(", ")}`);
+    optionalPositiveInteger(value.timeoutMs, `${label}.timeoutMs`);
+    optionalPositiveInteger(value.idleTimeoutMs, `${label}.idleTimeoutMs`);
     if (value.authProfile !== undefined) {
       assertString(value.authProfile, `${label}.authProfile`);
       if (value.provider !== "codewith")
@@ -530,6 +535,52 @@ function workflowBodyFromJson(value, fallbackName) {
   });
 }
 
+// src/lib/run-artifacts.ts
+import { createHash } from "crypto";
+import { mkdirSync as mkdirSync2, writeFileSync } from "fs";
+import { basename, join as join2 } from "path";
+function shortHash(value) {
+  return createHash("sha256").update(value).digest("hex").slice(0, 12);
+}
+function safeRunPathSlug(value, fallback) {
+  const raw = value?.trim() || fallback;
+  const slug = raw.toLowerCase().replace(/[^a-z0-9._-]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 72);
+  return slug || fallback;
+}
+function workflowRunSubjectKey(kind, rawSubjectRef) {
+  const raw = rawSubjectRef?.trim() || "subject";
+  const kindSlug = safeRunPathSlug(kind, "subject").slice(0, 24);
+  const subjectSlug = safeRunPathSlug(raw, "subject").slice(0, 48);
+  return `${kindSlug}-${subjectSlug}-${shortHash(`${kindSlug}
+${raw}`)}`;
+}
+function workflowRunProjectSlug(projectKey) {
+  if (!projectKey?.trim())
+    return "global";
+  return safeRunPathSlug(projectKey.startsWith("/") ? basename(projectKey) : projectKey, "project");
+}
+function writeWorkflowRunManifest(args) {
+  const projectSlug = workflowRunProjectSlug(args.projectKey);
+  const subjectKey = workflowRunSubjectKey(args.subjectKind, args.rawSubjectRef);
+  const dir = join2(args.loopsDataDir, "runs", projectSlug, subjectKey, args.workflowRunId);
+  mkdirSync2(dir, { recursive: true, mode: 448 });
+  const manifestPath = join2(dir, "manifest.json");
+  writeFileSync(manifestPath, JSON.stringify({
+    version: 1,
+    workflowRunId: args.workflowRunId,
+    workflowId: args.workflowId,
+    workflowName: args.workflowName,
+    invocationId: args.invocationId,
+    workItemId: args.workItemId,
+    projectSlug,
+    subjectKey,
+    requiredReading: [],
+    createdAt: new Date().toISOString(),
+    ...args.payload
+  }, null, 2), { mode: 384 });
+  return manifestPath;
+}
+
 // src/lib/store.ts
 function rowToLoop(row) {
   return {
@@ -599,8 +650,11 @@ function rowToWorkflowRun(row) {
     workflowName: row.workflow_name,
     loopId: row.loop_id ?? undefined,
     loopRunId: row.loop_run_id ?? undefined,
+    invocationId: row.invocation_id ?? undefined,
+    workItemId: row.work_item_id ?? undefined,
     scheduledFor: row.scheduled_for ?? undefined,
     idempotencyKey: row.idempotency_key ?? undefined,
+    manifestPath: row.manifest_path ?? undefined,
     status: row.status,
     startedAt: row.started_at ?? undefined,
     finishedAt: row.finished_at ?? undefined,
@@ -611,6 +665,44 @@ function rowToWorkflowRun(row) {
     updatedAt: row.updated_at
   };
 }
+function rowToWorkflowInvocation(row) {
+  return {
+    id: row.id,
+    workflowId: row.workflow_id ?? undefined,
+    templateId: row.template_id ?? undefined,
+    sourceRef: JSON.parse(row.source_json),
+    subjectRef: JSON.parse(row.subject_json),
+    intent: row.intent,
+    scope: row.scope_json ? JSON.parse(row.scope_json) : undefined,
+    outputPolicy: row.output_policy_json ? JSON.parse(row.output_policy_json) : undefined,
+    createdAt: row.created_at,
+    updatedAt: row.updated_at
+  };
+}
+function rowToWorkflowWorkItem(row) {
+  return {
+    id: row.id,
+    routeKey: row.route_key,
+    idempotencyKey: row.idempotency_key,
+    invocationId: row.invocation_id,
+    sourceType: row.source_type,
+    sourceRef: row.source_ref,
+    subjectRef: row.subject_ref,
+    projectKey: row.project_key ?? undefined,
+    projectGroup: row.project_group ?? undefined,
+    priority: row.priority,
+    status: row.status,
+    attempts: row.attempts,
+    nextAttemptAt: row.next_attempt_at ?? undefined,
+    leaseExpiresAt: row.lease_expires_at ?? undefined,
+    workflowId: row.workflow_id ?? undefined,
+    loopId: row.loop_id ?? undefined,
+    workflowRunId: row.workflow_run_id ?? undefined,
+    lastReason: row.last_reason ?? undefined,
+    createdAt: row.created_at,
+    updatedAt: row.updated_at
+  };
+}
 function rowToWorkflowStepRun(row) {
   return {
     id: row.id,
@@ -724,13 +816,23 @@ function rowToLease(row) {
     updatedAt: row.updated_at
   };
 }
+function workItemStatusForLoopRun(status, attempt, maxAttempts) {
+  if (status === "succeeded")
+    return "succeeded";
+  if (["failed", "timed_out", "abandoned"].includes(status)) {
+    return maxAttempts !== undefined && attempt < maxAttempts ? "admitted" : "failed";
+  }
+  return;
+}
 
 class Store {
   db;
+  rootDir;
   constructor(path) {
     const file = path ?? dbPath();
     if (file !== ":memory:")
-      mkdirSync2(dirname(file), { recursive: true, mode: 448 });
+      mkdirSync3(dirname(file), { recursive: true, mode: 448 });
+    this.rootDir = file === ":memory:" ? mkdtempSync(join3(tmpdir(), "open-loops-store-")) : dirname(file);
     this.db = new Database(file);
     this.db.exec("PRAGMA busy_timeout = 5000;");
     this.db.exec("PRAGMA journal_mode = WAL;");
@@ -825,8 +927,11 @@ class Store {
         workflow_name TEXT NOT NULL,
         loop_id TEXT REFERENCES loops(id) ON DELETE SET NULL,
         loop_run_id TEXT REFERENCES loop_runs(id) ON DELETE SET NULL,
+        invocation_id TEXT,
+        work_item_id TEXT,
         scheduled_for TEXT,
         idempotency_key TEXT,
+        manifest_path TEXT,
         status TEXT NOT NULL,
         started_at TEXT,
         finished_at TEXT,
@@ -843,6 +948,59 @@ class Store {
       CREATE INDEX IF NOT EXISTS idx_workflow_runs_loop_run ON workflow_runs(loop_run_id);
       CREATE INDEX IF NOT EXISTS idx_workflow_runs_status ON workflow_runs(status);
 
+      CREATE TABLE IF NOT EXISTS workflow_invocations (
+        id TEXT PRIMARY KEY,
+        workflow_id TEXT,
+        template_id TEXT,
+        source_kind TEXT NOT NULL,
+        source_id TEXT,
+        source_dedupe_key TEXT,
+        source_json TEXT NOT NULL,
+        subject_kind TEXT NOT NULL,
+        subject_id TEXT,
+        subject_path TEXT,
+        subject_url TEXT,
+        subject_json TEXT NOT NULL,
+        intent TEXT NOT NULL,
+        scope_json TEXT,
+        output_policy_json TEXT,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_workflow_invocations_source ON workflow_invocations(source_kind, source_id);
+      CREATE INDEX IF NOT EXISTS idx_workflow_invocations_subject ON workflow_invocations(subject_kind, subject_id, subject_path);
+      CREATE UNIQUE INDEX IF NOT EXISTS idx_workflow_invocations_dedupe
+        ON workflow_invocations(source_kind, source_dedupe_key)
+        WHERE source_dedupe_key IS NOT NULL;
+
+      CREATE TABLE IF NOT EXISTS workflow_work_items (
+        id TEXT PRIMARY KEY,
+        route_key TEXT NOT NULL,
+        idempotency_key TEXT NOT NULL,
+        invocation_id TEXT NOT NULL REFERENCES workflow_invocations(id) ON DELETE CASCADE,
+        source_type TEXT NOT NULL,
+        source_ref TEXT NOT NULL,
+        subject_ref TEXT NOT NULL,
+        project_key TEXT,
+        project_group TEXT,
+        priority INTEGER NOT NULL,
+        status TEXT NOT NULL,
+        attempts INTEGER NOT NULL,
+        next_attempt_at TEXT,
+        lease_expires_at TEXT,
+        workflow_id TEXT REFERENCES workflow_specs(id) ON DELETE SET NULL,
+        loop_id TEXT REFERENCES loops(id) ON DELETE SET NULL,
+        workflow_run_id TEXT REFERENCES workflow_runs(id) ON DELETE SET NULL,
+        last_reason TEXT,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL,
+        UNIQUE(route_key, idempotency_key)
+      );
+      CREATE INDEX IF NOT EXISTS idx_workflow_work_items_status_next ON workflow_work_items(status, next_attempt_at, priority DESC, created_at ASC);
+      CREATE INDEX IF NOT EXISTS idx_workflow_work_items_project ON workflow_work_items(project_key, status);
+      CREATE INDEX IF NOT EXISTS idx_workflow_work_items_group ON workflow_work_items(project_group, status);
+      CREATE INDEX IF NOT EXISTS idx_workflow_work_items_invocation ON workflow_work_items(invocation_id);
+
       CREATE TABLE IF NOT EXISTS workflow_step_runs (
         id TEXT PRIMARY KEY,
         workflow_run_id TEXT NOT NULL REFERENCES workflow_runs(id) ON DELETE CASCADE,
@@ -955,12 +1113,17 @@ class Store {
     this.addColumnIfMissing("loop_runs", "goal_run_id", "TEXT");
     this.addColumnIfMissing("workflow_specs", "goal_json", "TEXT");
     this.addColumnIfMissing("workflow_runs", "goal_run_id", "TEXT");
+    this.addColumnIfMissing("workflow_runs", "invocation_id", "TEXT");
+    this.addColumnIfMissing("workflow_runs", "work_item_id", "TEXT");
+    this.addColumnIfMissing("workflow_runs", "manifest_path", "TEXT");
     this.addColumnIfMissing("workflow_step_runs", "pid", "INTEGER");
     this.addColumnIfMissing("workflow_step_runs", "goal_run_id", "TEXT");
+    this.createWorkflowRunBackfillIndexes();
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0001_initial_and_workflows", nowIso());
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0002_loop_machines", nowIso());
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0003_goals", nowIso());
     this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0004_loop_archive_metadata", nowIso());
+    this.db.query("INSERT OR IGNORE INTO schema_migrations (id, applied_at) VALUES (?, ?)").run("0005_workflow_invocations_and_admission", nowIso());
   }
   addColumnIfMissing(table, column, definition) {
     const columns = this.db.query(`PRAGMA table_info(${table})`).all();
@@ -968,6 +1131,12 @@ class Store {
       return;
     this.db.query(`ALTER TABLE ${table} ADD COLUMN ${column} ${definition}`).run();
   }
+  createWorkflowRunBackfillIndexes() {
+    this.db.exec(`
+      CREATE INDEX IF NOT EXISTS idx_workflow_runs_invocation ON workflow_runs(invocation_id);
+      CREATE INDEX IF NOT EXISTS idx_workflow_runs_work_item ON workflow_runs(work_item_id);
+    `);
+  }
   assertDaemonLeaseFence(opts = {}, now = nowIso()) {
     if (!opts.daemonLeaseId)
       return;
@@ -1083,6 +1252,10 @@ class Store {
       $daemonLeaseId: opts.daemonLeaseId ?? null,
       $now: updated
     });
+    if (patch.status && patch.status !== "active") {
+      const status = patch.status === "paused" ? "deferred" : "cancelled";
+      this.setWorkflowWorkItemsForLoop(id, status, `loop ${patch.status}`, updated);
+    }
     const after = this.getLoop(id);
     if (!after)
       throw new Error(`loop not found after update: ${id}`);
@@ -1127,6 +1300,7 @@ class Store {
       $archivedFromStatus: loop.status,
       $updated: updated
     });
+    this.setWorkflowWorkItemsForLoop(loop.id, "deferred", "loop archived", updated);
     const archived = this.getLoop(loop.id);
     if (!archived)
       throw new Error(`loop not found after archive: ${loop.id}`);
@@ -1152,6 +1326,7 @@ class Store {
   }
   deleteLoop(idOrName) {
     const loop = this.requireLoop(idOrName);
+    this.setWorkflowWorkItemsForLoop(loop.id, "cancelled", "loop deleted", nowIso());
     const res = this.db.query("DELETE FROM loops WHERE id = ?").run(loop.id);
     return res.changes > 0;
   }
@@ -1210,6 +1385,185 @@ class Store {
       throw new Error(`workflow not found after archive: ${workflow.id}`);
     return archived;
   }
+  createWorkflowInvocation(input) {
+    const now = nowIso();
+    const sourceDedupeKey = input.sourceRef.dedupeKey ?? undefined;
+    if (sourceDedupeKey) {
+      const existing = this.db.query("SELECT * FROM workflow_invocations WHERE source_kind = ? AND source_dedupe_key = ? LIMIT 1").get(input.sourceRef.kind, sourceDedupeKey);
+      if (existing)
+        return rowToWorkflowInvocation(existing);
+    }
+    const id = input.id ?? genId();
+    this.db.query(`INSERT INTO workflow_invocations (id, workflow_id, template_id, source_kind, source_id, source_dedupe_key,
+          source_json, subject_kind, subject_id, subject_path, subject_url, subject_json, intent, scope_json,
+          output_policy_json, created_at, updated_at)
+         VALUES ($id, $workflowId, $templateId, $sourceKind, $sourceId, $sourceDedupeKey, $sourceJson,
+          $subjectKind, $subjectId, $subjectPath, $subjectUrl, $subjectJson, $intent, $scopeJson,
+          $outputPolicyJson, $created, $updated)`).run({
+      $id: id,
+      $workflowId: input.workflowId ?? null,
+      $templateId: input.templateId ?? null,
+      $sourceKind: input.sourceRef.kind,
+      $sourceId: input.sourceRef.id ?? null,
+      $sourceDedupeKey: sourceDedupeKey ?? null,
+      $sourceJson: JSON.stringify(input.sourceRef),
+      $subjectKind: input.subjectRef.kind,
+      $subjectId: input.subjectRef.id ?? null,
+      $subjectPath: input.subjectRef.path ?? null,
+      $subjectUrl: input.subjectRef.url ?? null,
+      $subjectJson: JSON.stringify(input.subjectRef),
+      $intent: input.intent,
+      $scopeJson: input.scope ? JSON.stringify(input.scope) : null,
+      $outputPolicyJson: input.outputPolicy ? JSON.stringify(input.outputPolicy) : null,
+      $created: now,
+      $updated: now
+    });
+    const row = this.db.query("SELECT * FROM workflow_invocations WHERE id = ?").get(id);
+    if (!row)
+      throw new Error(`workflow invocation not found after create: ${id}`);
+    return rowToWorkflowInvocation(row);
+  }
+  getWorkflowInvocation(id) {
+    const row = this.db.query("SELECT * FROM workflow_invocations WHERE id = ?").get(id);
+    return row ? rowToWorkflowInvocation(row) : undefined;
+  }
+  listWorkflowInvocations(opts = {}) {
+    const rows = this.db.query("SELECT * FROM workflow_invocations ORDER BY created_at DESC LIMIT ?").all(opts.limit ?? 100);
+    return rows.map(rowToWorkflowInvocation);
+  }
+  upsertWorkflowWorkItem(input) {
+    const now = nowIso();
+    const id = genId();
+    const status = input.status ?? "queued";
+    this.db.query(`INSERT INTO workflow_work_items (id, route_key, idempotency_key, invocation_id, source_type, source_ref,
+          subject_ref, project_key, project_group, priority, status, attempts, next_attempt_at, lease_expires_at,
+          workflow_id, loop_id, workflow_run_id, last_reason, created_at, updated_at)
+         VALUES ($id, $routeKey, $idempotencyKey, $invocationId, $sourceType, $sourceRef, $subjectRef,
+          $projectKey, $projectGroup, $priority, $status, 0, $nextAttemptAt, NULL, NULL, NULL, NULL,
+          $lastReason, $created, $updated)
+         ON CONFLICT(route_key, idempotency_key) DO UPDATE SET
+          invocation_id=excluded.invocation_id,
+          source_type=excluded.source_type,
+          source_ref=excluded.source_ref,
+          subject_ref=excluded.subject_ref,
+          project_key=excluded.project_key,
+          project_group=excluded.project_group,
+          priority=excluded.priority,
+          status=CASE
+            WHEN workflow_work_items.status IN ('succeeded', 'admitted', 'running')
+              THEN workflow_work_items.status
+            ELSE excluded.status
+          END,
+          workflow_id=CASE
+            WHEN workflow_work_items.status IN ('succeeded', 'admitted', 'running') THEN workflow_work_items.workflow_id
+            ELSE NULL
+          END,
+          loop_id=CASE
+            WHEN workflow_work_items.status IN ('succeeded', 'admitted', 'running') THEN workflow_work_items.loop_id
+            ELSE NULL
+          END,
+          workflow_run_id=CASE
+            WHEN workflow_work_items.status IN ('succeeded', 'admitted', 'running') THEN workflow_work_items.workflow_run_id
+            ELSE NULL
+          END,
+          lease_expires_at=CASE
+            WHEN workflow_work_items.status IN ('succeeded', 'admitted', 'running') THEN workflow_work_items.lease_expires_at
+            ELSE NULL
+          END,
+          next_attempt_at=excluded.next_attempt_at,
+          last_reason=COALESCE(excluded.last_reason, workflow_work_items.last_reason),
+          updated_at=excluded.updated_at`).run({
+      $id: id,
+      $routeKey: input.routeKey,
+      $idempotencyKey: input.idempotencyKey,
+      $invocationId: input.invocationId,
+      $sourceType: input.sourceType,
+      $sourceRef: input.sourceRef,
+      $subjectRef: input.subjectRef,
+      $projectKey: input.projectKey ?? null,
+      $projectGroup: input.projectGroup ?? null,
+      $priority: input.priority ?? 0,
+      $status: status,
+      $nextAttemptAt: input.nextAttemptAt ?? null,
+      $lastReason: input.lastReason ?? null,
+      $created: now,
+      $updated: now
+    });
+    const row = this.db.query("SELECT * FROM workflow_work_items WHERE route_key = ? AND idempotency_key = ? LIMIT 1").get(input.routeKey, input.idempotencyKey);
+    if (!row)
+      throw new Error(`workflow work item not found after upsert: ${input.routeKey}/${input.idempotencyKey}`);
+    return rowToWorkflowWorkItem(row);
+  }
+  getWorkflowWorkItem(id) {
+    const row = this.db.query("SELECT * FROM workflow_work_items WHERE id = ?").get(id);
+    return row ? rowToWorkflowWorkItem(row) : undefined;
+  }
+  findWorkflowWorkItem(routeKey, idempotencyKey) {
+    const row = this.db.query("SELECT * FROM workflow_work_items WHERE route_key = ? AND idempotency_key = ? LIMIT 1").get(routeKey, idempotencyKey);
+    return row ? rowToWorkflowWorkItem(row) : undefined;
+  }
+  listWorkflowWorkItems(opts = {}) {
+    const limit = opts.limit ?? 100;
+    let rows;
+    if (opts.status && opts.routeKey) {
+      rows = this.db.query("SELECT * FROM workflow_work_items WHERE route_key = ? AND status = ? ORDER BY priority DESC, created_at ASC LIMIT ?").all(opts.routeKey, opts.status, limit);
+    } else if (opts.status) {
+      rows = this.db.query("SELECT * FROM workflow_work_items WHERE status = ? ORDER BY priority DESC, created_at ASC LIMIT ?").all(opts.status, limit);
+    } else if (opts.routeKey) {
+      rows = this.db.query("SELECT * FROM workflow_work_items WHERE route_key = ? ORDER BY created_at DESC LIMIT ?").all(opts.routeKey, limit);
+    } else {
+      rows = this.db.query("SELECT * FROM workflow_work_items ORDER BY created_at DESC LIMIT ?").all(limit);
+    }
+    return rows.map(rowToWorkflowWorkItem);
+  }
+  countActiveWorkflowWorkItems(args = {}) {
+    const active = ["admitted", "running"];
+    const placeholders = active.map(() => "?").join(",");
+    const global = this.db.query(`SELECT COUNT(*) AS count FROM workflow_work_items WHERE status IN (${placeholders})`).get(...active)?.count ?? 0;
+    const project = args.projectKey ? this.db.query(`SELECT COUNT(*) AS count FROM workflow_work_items WHERE status IN (${placeholders}) AND project_key = ?`).get(...active, args.projectKey)?.count ?? 0 : 0;
+    const projectGroup = args.projectGroup ? this.db.query(`SELECT COUNT(*) AS count FROM workflow_work_items WHERE status IN (${placeholders}) AND project_group = ?`).get(...active, args.projectGroup)?.count ?? 0 : undefined;
+    return { global, project, ...projectGroup !== undefined ? { projectGroup } : {} };
+  }
+  admitWorkflowWorkItem(id, patch) {
+    const now = nowIso();
+    const res = this.db.query(`UPDATE workflow_work_items
+         SET status='admitted', attempts=attempts + 1, workflow_id=$workflowId, loop_id=$loopId,
+          next_attempt_at=NULL, lease_expires_at=NULL, last_reason=$reason, updated_at=$updated
+         WHERE id=$id AND status IN ('queued', 'deferred')`).run({
+      $id: id,
+      $workflowId: patch.workflowId,
+      $loopId: patch.loopId,
+      $reason: patch.reason ?? null,
+      $updated: now
+    });
+    const item = this.getWorkflowWorkItem(id);
+    if (!item)
+      throw new Error(`workflow work item not found after admit: ${id}`);
+    if (res.changes !== 1)
+      throw new Error(`workflow work item is not claimable: ${id} status=${item.status}`);
+    return item;
+  }
+  setWorkflowWorkItemsForLoop(loopId, status, reason, updated, statuses = ["admitted", "running"]) {
+    const placeholders = statuses.map(() => "?").join(",");
+    this.db.query(`UPDATE workflow_work_items
+         SET status=?, lease_expires_at=NULL, last_reason=COALESCE(?, last_reason), updated_at=?
+         WHERE loop_id = ? AND status IN (${placeholders})`).run(status, reason ?? null, updated, loopId, ...statuses);
+  }
+  setWorkflowWorkItemsForWorkflowRun(workflowRunId, status, reason, updated, statuses = ["admitted", "running"]) {
+    const placeholders = statuses.map(() => "?").join(",");
+    this.db.query(`UPDATE workflow_work_items
+         SET status=?, lease_expires_at=NULL, last_reason=COALESCE(?, last_reason), updated_at=?
+         WHERE workflow_run_id = ? AND status IN (${placeholders})`).run(status, reason ?? null, updated, workflowRunId, ...statuses);
+  }
+  setWorkflowWorkItemsForLoopRun(run, reason, updated) {
+    const loop = this.getLoop(run.loopId);
+    const status = workItemStatusForLoopRun(run.status, run.attempt, loop?.maxAttempts);
+    if (!status)
+      return;
+    const statuses = status === "admitted" ? ["admitted", "running", "failed"] : ["admitted", "running"];
+    const nextReason = status === "admitted" ? reason ? `attempt failed; retry pending: ${reason}` : "attempt failed; retry pending" : reason;
+    this.setWorkflowWorkItemsForLoop(run.loopId, status, nextReason, updated, statuses);
+  }
   createGoal(input, opts = {}) {
     const now = nowIso();
     this.db.exec("BEGIN IMMEDIATE");
@@ -1483,6 +1837,10 @@ class Store {
   }
   createWorkflowRun(input) {
     const now = nowIso();
+    const targetInput = input.loop?.target.type === "workflow" ? input.loop.target.input : undefined;
+    const invocationId = input.invocationId ?? targetInput?.workflowInvocationId ?? targetInput?.invocationId;
+    const workItemId = input.workItemId ?? targetInput?.workflowWorkItemId ?? targetInput?.workItemId;
+    let manifestPath;
     if (input.idempotencyKey) {
       const existing = this.db.query("SELECT * FROM workflow_runs WHERE workflow_id = ? AND idempotency_key = ? LIMIT 1").get(input.workflow.id, input.idempotencyKey);
       if (existing) {
@@ -1501,21 +1859,59 @@ class Store {
         }
       }
       const runId = genId();
-      this.db.query(`INSERT INTO workflow_runs (id, workflow_id, workflow_name, loop_id, loop_run_id, scheduled_for, idempotency_key,
-            status, started_at, finished_at, duration_ms, error, created_at, updated_at)
-           VALUES ($id, $workflowId, $workflowName, $loopId, $loopRunId, $scheduledFor, $idempotencyKey,
-            'running', $started, NULL, NULL, NULL, $created, $updated)`).run({
+      const workItem = workItemId ? this.getWorkflowWorkItem(workItemId) : undefined;
+      const invocation = invocationId ? this.getWorkflowInvocation(invocationId) : undefined;
+      manifestPath = invocation || workItem ? writeWorkflowRunManifest({
+        loopsDataDir: this.rootDir,
+        workflowRunId: runId,
+        workflowId: input.workflow.id,
+        workflowName: input.workflow.name,
+        invocationId,
+        workItemId,
+        projectKey: workItem?.projectKey ?? invocation?.scope?.projectPath,
+        subjectKind: invocation?.subjectRef.kind,
+        rawSubjectRef: workItem?.subjectRef ?? invocation?.subjectRef.path ?? invocation?.subjectRef.id ?? invocation?.subjectRef.url,
+        payload: {
+          workflowInvocation: invocation,
+          workflowWorkItem: workItem,
+          loopId: input.loop?.id,
+          loopRunId: input.loopRun?.id,
+          scheduledFor: input.scheduledFor ?? input.loopRun?.scheduledFor
+        }
+      }) : undefined;
+      this.db.query(`INSERT INTO workflow_runs (id, workflow_id, workflow_name, loop_id, loop_run_id, invocation_id, work_item_id,
+            scheduled_for, idempotency_key, manifest_path, status, started_at, finished_at, duration_ms, error,
+            created_at, updated_at)
+           VALUES ($id, $workflowId, $workflowName, $loopId, $loopRunId, $invocationId, $workItemId, $scheduledFor,
+            $idempotencyKey, $manifestPath, 'running', $started, NULL, NULL, NULL, $created, $updated)`).run({
         $id: runId,
         $workflowId: input.workflow.id,
         $workflowName: input.workflow.name,
         $loopId: input.loop?.id ?? null,
         $loopRunId: input.loopRun?.id ?? null,
+        $invocationId: invocationId ?? null,
+        $workItemId: workItemId ?? null,
         $scheduledFor: input.scheduledFor ?? input.loopRun?.scheduledFor ?? null,
         $idempotencyKey: input.idempotencyKey ?? null,
+        $manifestPath: manifestPath ?? null,
         $started: now,
         $created: now,
         $updated: now
       });
+      if (workItemId) {
+        const workItemRes = this.db.query(`UPDATE workflow_work_items
+             SET status='running', workflow_run_id=$workflowRunId, lease_expires_at=$leaseExpiresAt, updated_at=$updated
+             WHERE id=$id AND status IN ('admitted', 'queued', 'deferred', 'running')`).run({
+          $id: workItemId,
+          $workflowRunId: runId,
+          $leaseExpiresAt: input.loop ? new Date(Date.now() + input.loop.leaseMs).toISOString() : null,
+          $updated: now
+        });
+        if (workItemRes.changes !== 1) {
+          const current = this.getWorkflowWorkItem(workItemId);
+          throw new Error(`workflow work item is not runnable: ${workItemId}${current ? ` status=${current.status}` : ""}`);
+        }
+      }
       input.workflow.steps.forEach((step, sequence) => {
         const account = step.account ?? step.target.account;
         this.db.query(`INSERT INTO workflow_step_runs (id, workflow_run_id, step_id, sequence, status, started_at, finished_at,
@@ -1541,7 +1937,10 @@ class Store {
           workflowName: input.workflow.name,
           stepCount: input.workflow.steps.length,
           loopId: input.loop?.id,
-          loopRunId: input.loopRun?.id
+          loopRunId: input.loopRun?.id,
+          invocationId,
+          workItemId,
+          manifestPath
         }),
         $created: now
       });
@@ -1554,6 +1953,8 @@ class Store {
       try {
         this.db.exec("ROLLBACK");
       } catch {}
+      if (manifestPath)
+        rmSync(manifestPath, { force: true });
       throw error;
     }
   }
@@ -1766,6 +2167,10 @@ class Store {
       changed = res.changes === 1;
       if (changed)
         this.appendWorkflowEvent(workflowRunId, status, undefined, { error: patch.error });
+      if (changed) {
+        const itemStatus = status === "succeeded" ? "succeeded" : status === "cancelled" ? "cancelled" : "failed";
+        this.setWorkflowWorkItemsForWorkflowRun(workflowRunId, itemStatus, patch.error, finishedAt);
+      }
       this.db.exec("COMMIT");
     } catch (error) {
       try {
@@ -1790,6 +2195,7 @@ class Store {
         this.db.query(`UPDATE workflow_step_runs
              SET status='cancelled', finished_at=$finished, pid=NULL, error=$reason, updated_at=$updated
              WHERE workflow_run_id=$workflowRunId AND status IN ('pending', 'running')`).run({ $workflowRunId: workflowRunId, $finished: now, $reason: reason, $updated: now });
+        this.setWorkflowWorkItemsForWorkflowRun(workflowRunId, "cancelled", reason, now);
         this.appendWorkflowEvent(workflowRunId, "cancelled", undefined, { reason });
       }
       this.db.exec("COMMIT");
@@ -2043,6 +2449,8 @@ class Store {
       throw new Error(`run not found after finalize: ${id}`);
     if (opts.claimedBy && res.changes !== 1)
       return run;
+    if (res.changes === 1)
+      this.setWorkflowWorkItemsForLoopRun(run, patch.error, finishedAt);
     return run;
   }
   heartbeatRunLease(id, claimedBy, leaseMs, now = new Date, opts = {}) {
@@ -2136,6 +2544,14 @@ class Store {
             error: "parent loop run lease expired before completion",
             loopRunId: row.id
           });
+          this.setWorkflowWorkItemsForWorkflowRun(workflowRow.id, "failed", "parent loop run lease expired before completion", finished);
+        }
+        const loop = this.getLoop(row.loop_id);
+        const itemStatus = workItemStatusForLoopRun("abandoned", row.attempt, loop?.maxAttempts);
+        if (itemStatus) {
+          const statuses = itemStatus === "admitted" ? ["admitted", "running", "failed"] : ["admitted", "running"];
+          const reason = itemStatus === "admitted" ? "run lease expired before completion; retry pending" : "run lease expired before completion";
+          this.setWorkflowWorkItemsForLoop(row.loop_id, itemStatus, reason, finished, statuses);
         }
         this.db.exec("COMMIT");
       } catch (error) {
@@ -2244,11 +2660,11 @@ class Store {
 }
 
 // src/cli/index.ts
-import { createHash as createHash2, randomUUID } from "crypto";
-import { closeSync, existsSync as existsSync4, mkdirSync as mkdirSync5, mkdtempSync, openSync as openSync2, readFileSync as readFileSync2, realpathSync, rmSync as rmSync2, writeFileSync as writeFileSync3 } from "fs";
+import { createHash as createHash3, randomUUID } from "crypto";
+import { closeSync, existsSync as existsSync4, mkdirSync as mkdirSync6, mkdtempSync as mkdtempSync2, openSync as openSync2, readFileSync as readFileSync2, realpathSync, rmSync as rmSync3, writeFileSync as writeFileSync4 } from "fs";
 import { spawnSync as spawnSync5 } from "child_process";
-import { join as join4, resolve as resolve2 } from "path";
-import { tmpdir } from "os";
+import { join as join6, resolve as resolve2 } from "path";
+import { tmpdir as tmpdir2 } from "os";
 import { Database as Database2 } from "bun:sqlite";
 import { Command } from "commander";
 
@@ -2336,6 +2752,12 @@ function publicWorkflow(workflow) {
 function publicWorkflowRun(run) {
   return { ...run, error: redact(run.error) };
 }
+function publicWorkflowInvocation(invocation) {
+  return redactSensitivePayload(invocation);
+}
+function publicWorkflowWorkItem(item) {
+  return { ...item, lastReason: redact(item.lastReason, 240) };
+}
 function publicWorkflowStepRun(run, showOutput = false) {
   return {
     ...run,
@@ -2466,7 +2888,7 @@ function resolveAccountEnv(account, toolHint, env) {
 // src/lib/env.ts
 import { accessSync, constants } from "fs";
 import { homedir as homedir2 } from "os";
-import { delimiter, join as join2 } from "path";
+import { delimiter, join as join4 } from "path";
 function compactPathParts(parts) {
   const seen = new Set;
   const result = [];
@@ -2482,14 +2904,14 @@ function compactPathParts(parts) {
 function commonExecutableDirs(env = process.env) {
   const home = env.HOME || homedir2();
   return compactPathParts([
-    join2(home, ".local", "bin"),
-    join2(home, ".bun", "bin"),
-    join2(home, ".cargo", "bin"),
-    join2(home, ".npm-global", "bin"),
-    join2(home, "bin"),
-    env.BUN_INSTALL ? join2(env.BUN_INSTALL, "bin") : undefined,
+    join4(home, ".local", "bin"),
+    join4(home, ".bun", "bin"),
+    join4(home, ".cargo", "bin"),
+    join4(home, ".npm-global", "bin"),
+    join4(home, "bin"),
+    env.BUN_INSTALL ? join4(env.BUN_INSTALL, "bin") : undefined,
     env.PNPM_HOME,
-    env.NPM_CONFIG_PREFIX ? join2(env.NPM_CONFIG_PREFIX, "bin") : undefined,
+    env.NPM_CONFIG_PREFIX ? join4(env.NPM_CONFIG_PREFIX, "bin") : undefined,
     "/opt/homebrew/bin",
     "/usr/local/bin",
     "/usr/bin",
@@ -2513,7 +2935,7 @@ function executableExists(command, env = process.env) {
   if (command.includes("/"))
     return isExecutable(command);
   for (const dir of (env.PATH ?? "").split(delimiter)) {
-    if (dir && isExecutable(join2(dir, command)))
+    if (dir && isExecutable(join4(dir, command)))
       return true;
   }
   return false;
@@ -2871,6 +3293,7 @@ function commandSpec(target) {
       shell: commandTarget.shell,
       env: commandTarget.env,
       timeoutMs: commandTarget.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+      idleTimeoutMs: commandTarget.idleTimeoutMs,
       account: commandTarget.account,
       accountTool: commandTarget.account?.tool
     };
@@ -2881,6 +3304,7 @@ function commandSpec(target) {
     args: agentArgs(agentTarget),
     cwd: agentTarget.cwd,
     timeoutMs: agentTarget.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+    idleTimeoutMs: agentTarget.idleTimeoutMs,
     account: agentTarget.account,
     accountTool: agentTarget.account?.tool ?? accountToolForProvider(agentTarget.provider),
     nativeAuthProfile: agentTarget.authProfile ? { provider: agentTarget.provider, profile: agentTarget.authProfile } : undefined,
@@ -3028,6 +3452,7 @@ async function executeRemoteSpec(spec, machine, metadata, opts) {
   let stdout = "";
   let stderr = "";
   let timedOut = false;
+  let idleTimedOut = false;
   let exitCode;
   let error;
   let plan;
@@ -3066,18 +3491,34 @@ async function executeRemoteSpec(spec, machine, metadata, opts) {
   if (opts.signal?.aborted)
     abortHandler();
   opts.signal?.addEventListener("abort", abortHandler, { once: true });
-  child.stdout?.on("data", (chunk) => {
-    stdout = appendBounded(stdout, chunk, maxOutputBytes);
-  });
-  child.stderr?.on("data", (chunk) => {
-    stderr = appendBounded(stderr, chunk, maxOutputBytes);
-  });
   const timer = setTimeout(() => {
     timedOut = true;
     if (child.pid)
       killProcessGroup(child.pid);
   }, spec.timeoutMs);
   timer.unref();
+  let idleTimer;
+  const resetIdleTimer = () => {
+    if (!spec.idleTimeoutMs)
+      return;
+    if (idleTimer)
+      clearTimeout(idleTimer);
+    idleTimer = setTimeout(() => {
+      idleTimedOut = true;
+      if (child.pid)
+        killProcessGroup(child.pid);
+    }, spec.idleTimeoutMs);
+    idleTimer.unref();
+  };
+  resetIdleTimer();
+  child.stdout?.on("data", (chunk) => {
+    stdout = appendBounded(stdout, chunk, maxOutputBytes);
+    resetIdleTimer();
+  });
+  child.stderr?.on("data", (chunk) => {
+    stderr = appendBounded(stderr, chunk, maxOutputBytes);
+    resetIdleTimer();
+  });
   try {
     const [code, signal] = await once(child, "exit");
     if (typeof code === "number")
@@ -3088,17 +3529,19 @@ async function executeRemoteSpec(spec, machine, metadata, opts) {
     error = err instanceof Error ? err.message : String(err);
   } finally {
     clearTimeout(timer);
+    if (idleTimer)
+      clearTimeout(idleTimer);
     opts.signal?.removeEventListener("abort", abortHandler);
   }
   const finishedAt = nowIso();
   const durationMs = new Date(finishedAt).getTime() - new Date(startedAt).getTime();
-  if (timedOut) {
+  if (timedOut || idleTimedOut) {
     return {
       status: "timed_out",
       exitCode,
       stdout,
       stderr,
-      error: `timed out after ${spec.timeoutMs}ms`,
+      error: idleTimedOut ? `idle timed out after ${spec.idleTimeoutMs}ms without stdout/stderr` : `timed out after ${spec.timeoutMs}ms`,
       pid: child.pid,
       startedAt,
       finishedAt,
@@ -3164,6 +3607,7 @@ async function executeTarget(target, metadata = {}, opts = {}) {
   let stdout = "";
   let stderr = "";
   let timedOut = false;
+  let idleTimedOut = false;
   let exitCode;
   let error;
   const env = executionEnv(spec, metadata, opts);
@@ -3226,18 +3670,34 @@ async function executeTarget(target, metadata = {}, opts = {}) {
   if (opts.signal?.aborted)
     abortHandler();
   opts.signal?.addEventListener("abort", abortHandler, { once: true });
-  child.stdout?.on("data", (chunk) => {
-    stdout = appendBounded(stdout, chunk, maxOutputBytes);
-  });
-  child.stderr?.on("data", (chunk) => {
-    stderr = appendBounded(stderr, chunk, maxOutputBytes);
-  });
   const timer = setTimeout(() => {
     timedOut = true;
     if (child.pid)
       killProcessGroup(child.pid);
   }, spec.timeoutMs);
   timer.unref();
+  let idleTimer;
+  const resetIdleTimer = () => {
+    if (!spec.idleTimeoutMs)
+      return;
+    if (idleTimer)
+      clearTimeout(idleTimer);
+    idleTimer = setTimeout(() => {
+      idleTimedOut = true;
+      if (child.pid)
+        killProcessGroup(child.pid);
+    }, spec.idleTimeoutMs);
+    idleTimer.unref();
+  };
+  resetIdleTimer();
+  child.stdout?.on("data", (chunk) => {
+    stdout = appendBounded(stdout, chunk, maxOutputBytes);
+    resetIdleTimer();
+  });
+  child.stderr?.on("data", (chunk) => {
+    stderr = appendBounded(stderr, chunk, maxOutputBytes);
+    resetIdleTimer();
+  });
   try {
     const [code, signal] = await once(child, "exit");
     if (typeof code === "number")
@@ -3248,17 +3708,19 @@ async function executeTarget(target, metadata = {}, opts = {}) {
     error = err instanceof Error ? err.message : String(err);
   } finally {
     clearTimeout(timer);
+    if (idleTimer)
+      clearTimeout(idleTimer);
     opts.signal?.removeEventListener("abort", abortHandler);
   }
   const finishedAt = nowIso();
   const durationMs = new Date(finishedAt).getTime() - new Date(startedAt).getTime();
-  if (timedOut) {
+  if (timedOut || idleTimedOut) {
     return {
       status: "timed_out",
       exitCode,
       stdout,
       stderr,
-      error: `timed out after ${spec.timeoutMs}ms`,
+      error: idleTimedOut ? `idle timed out after ${spec.idleTimeoutMs}ms without stdout/stderr` : `timed out after ${spec.timeoutMs}ms`,
       pid: child.pid,
       startedAt,
       finishedAt,
@@ -4300,7 +4762,7 @@ async function tick(deps) {
 }
 
 // src/daemon/control.ts
-import { existsSync as existsSync2, mkdirSync as mkdirSync3, readFileSync, rmSync, writeFileSync } from "fs";
+import { existsSync as existsSync2, mkdirSync as mkdirSync4, readFileSync, rmSync as rmSync2, writeFileSync as writeFileSync2 } from "fs";
 import { hostname } from "os";
 import { dirname as dirname2 } from "path";
 
@@ -4338,11 +4800,11 @@ function readPid(path = pidFilePath()) {
   }
 }
 function writePid(pid = process.pid, path = pidFilePath()) {
-  mkdirSync3(dirname2(path), { recursive: true, mode: 448 });
-  writeFileSync(path, String(pid));
+  mkdirSync4(dirname2(path), { recursive: true, mode: 448 });
+  writeFileSync2(path, String(pid));
 }
 function removePid(path = pidFilePath()) {
-  rmSync(path, { force: true });
+  rmSync2(path, { force: true });
 }
 function isAlive(pid) {
   try {
@@ -4601,7 +5063,7 @@ async function startDaemon(opts) {
 }
 
 // src/daemon/install.ts
-import { chmodSync, mkdirSync as mkdirSync4, writeFileSync as writeFileSync2 } from "fs";
+import { chmodSync, mkdirSync as mkdirSync5, writeFileSync as writeFileSync3 } from "fs";
 import { spawnSync as spawnSync3 } from "child_process";
 import { dirname as dirname3 } from "path";
 function installStartup(cliEntry, execPath = process.execPath, args = ["daemon", "run"]) {
@@ -4609,8 +5071,8 @@ function installStartup(cliEntry, execPath = process.execPath, args = ["daemon",
   const pathEnv = normalizeExecutionPath(process.env);
   if (process.platform === "linux") {
     const path = systemdServicePath();
-    mkdirSync4(dirname3(path), { recursive: true, mode: 448 });
-    writeFileSync2(path, `[Unit]
+    mkdirSync5(dirname3(path), { recursive: true, mode: 448 });
+    writeFileSync3(path, `[Unit]
 Description=Hasna OpenLoops daemon
 After=default.target
 
@@ -4636,8 +5098,8 @@ WantedBy=default.target
   }
   if (process.platform === "darwin") {
     const path = launchdPlistPath();
-    mkdirSync4(dirname3(path), { recursive: true, mode: 448 });
-    writeFileSync2(path, `<?xml version="1.0" encoding="UTF-8"?>
+    mkdirSync5(dirname3(path), { recursive: true, mode: 448 });
+    writeFileSync3(path, `<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
@@ -4796,7 +5258,7 @@ function runDoctor(store) {
 }
 
 // src/lib/health.ts
-import { createHash } from "crypto";
+import { createHash as createHash2 } from "crypto";
 var EVIDENCE_CHARS = 2000;
 var FINGERPRINT_EVIDENCE_CHARS = 120;
 var CLASSIFICATIONS = [
@@ -4828,7 +5290,7 @@ function searchableText(run) {
 `).toLowerCase();
 }
 function stableFingerprint(parts) {
-  return createHash("sha256").update(parts.join(`
+  return createHash2("sha256").update(parts.join(`
 `)).digest("hex").slice(0, 16);
 }
 function stableFailureFingerprint(run, classification) {
@@ -5016,7 +5478,7 @@ function buildHealthReport(store, opts = {}) {
 }
 
 // src/lib/hygiene.ts
-import { basename } from "path";
+import { basename as basename2 } from "path";
 var PROVIDER_TOKENS = new Set([
   "codewith",
   "claude",
@@ -5037,7 +5499,7 @@ function repoSlugFromCwd(cwd) {
     return "";
   if (cwd.includes("/.hasna/loops/"))
     return "";
-  return slugify(basename(cwd));
+  return slugify(basename2(cwd));
 }
 function scopeForLoop(loop) {
   const cwd = loop.target.type === "command" || loop.target.type === "agent" ? loop.target.cwd : undefined;
@@ -5254,7 +5716,7 @@ function buildScriptInventoryReport(store, opts = {}) {
 // package.json
 var package_default = {
   name: "@hasna/loops",
-  version: "0.3.38",
+  version: "0.3.40",
   description: "Persistent local loop and workflow runner for deterministic commands and headless AI coding agents",
   type: "module",
   main: "dist/index.js",
@@ -5346,10 +5808,17 @@ function packageVersion() {
 import { execFileSync } from "child_process";
 import { existsSync as existsSync3 } from "fs";
 import { homedir as homedir3 } from "os";
-import { basename as basename2, isAbsolute, join as join3, relative, resolve } from "path";
+import { basename as basename3, isAbsolute, join as join5, relative, resolve } from "path";
 var TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID = "todos-task-worker-verifier";
 var EVENT_WORKER_VERIFIER_TEMPLATE_ID = "event-worker-verifier";
 var BOUNDED_AGENT_WORKER_VERIFIER_TEMPLATE_ID = "bounded-agent-worker-verifier";
+var TASK_LIFECYCLE_TEMPLATE_ID = "task-lifecycle";
+var PR_REVIEW_TEMPLATE_ID = "pr-review";
+var SCHEDULED_AUDIT_TEMPLATE_ID = "scheduled-audit";
+var KNOWLEDGE_REFRESH_TEMPLATE_ID = "knowledge-refresh";
+var REPORT_ONLY_TEMPLATE_ID = "report-only";
+var INCIDENT_RESPONSE_TEMPLATE_ID = "incident-response";
+var DETERMINISTIC_CHECK_CREATE_TASK_TEMPLATE_ID = "deterministic-check-create-task";
 var TEMPLATE_SUMMARIES = [
   {
     id: TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID,
@@ -5371,7 +5840,8 @@ var TEMPLATE_SUMMARIES = [
       { name: "model", description: "Provider model." },
       { name: "variant", description: "Provider reasoning/model effort variant." },
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
-      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "manualBreakGlass", default: "false", description: "Allow explicit danger-full-access in a generated workflow. Intended for manual emergency use only." },
       { name: "worktreeMode", default: "auto", description: "Worktree isolation mode: auto, required, off, or main." },
       { name: "worktreeRoot", default: "~/.hasna/loops/worktrees", description: "Base directory for OpenLoops-managed git worktrees." },
       { name: "worktreeBranchPrefix", default: "openloops", description: "Branch prefix for generated task/event worktree branches." }
@@ -5399,7 +5869,8 @@ var TEMPLATE_SUMMARIES = [
       { name: "model", description: "Provider model." },
       { name: "variant", description: "Provider reasoning/model effort variant." },
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
-      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "manualBreakGlass", default: "false", description: "Allow explicit danger-full-access in a generated workflow. Intended for manual emergency use only." },
       { name: "worktreeMode", default: "auto", description: "Worktree isolation mode: auto, required, off, or main." },
       { name: "worktreeRoot", default: "~/.hasna/loops/worktrees", description: "Base directory for OpenLoops-managed git worktrees." },
       { name: "worktreeBranchPrefix", default: "openloops", description: "Branch prefix for generated event worktree branches." }
@@ -5425,12 +5896,112 @@ var TEMPLATE_SUMMARIES = [
       { name: "model", description: "Provider model." },
       { name: "variant", description: "Provider reasoning/model effort variant." },
       { name: "permissionMode", default: "bypass", description: "Provider permission mode: default, plan, auto, or bypass." },
-      { name: "sandbox", default: "danger-full-access", description: "Provider sandbox mode." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "manualBreakGlass", default: "false", description: "Allow explicit danger-full-access in a generated workflow. Intended for manual emergency use only." },
       { name: "worktreeMode", default: "auto", description: "Worktree isolation mode: auto, required, off, or main." },
       { name: "worktreeRoot", default: "~/.hasna/loops/worktrees", description: "Base directory for OpenLoops-managed git worktrees." },
       { name: "worktreeBranchPrefix", default: "openloops", description: "Branch prefix for generated bounded-agent worktree branches." },
       { name: "timeoutMs", default: "2700000", description: "Step timeout in milliseconds." }
     ]
+  },
+  {
+    id: TASK_LIFECYCLE_TEMPLATE_ID,
+    name: "Task Lifecycle",
+    description: "Run the standard task-created lifecycle: triage/dedupe, plan, worker execution, independent verification, and todos closure/follow-up evidence.",
+    kind: "workflow",
+    variables: [
+      { name: "taskId", required: true, description: "Todos task id." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "accountPool", description: "Comma-separated OpenAccounts profiles for non-Codewith providers." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "required", description: "Worktree isolation mode." }
+    ]
+  },
+  {
+    id: PR_REVIEW_TEMPLATE_ID,
+    name: "PR Review",
+    description: "Review and drive a pull request toward merge-ready state with a worker and fresh adversarial verifier.",
+    kind: "workflow",
+    variables: [
+      { name: "prUrl", description: "Pull request URL." },
+      { name: "prNumber", description: "Pull request number." },
+      { name: "projectPath", required: true, description: "Repository working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "required", description: "Worktree isolation mode." }
+    ]
+  },
+  {
+    id: SCHEDULED_AUDIT_TEMPLATE_ID,
+    name: "Scheduled Audit",
+    description: "Run a bounded scheduled audit, record evidence, create follow-up tasks for actionable findings, then verify the audit result.",
+    kind: "workflow",
+    variables: [
+      { name: "objective", required: true, description: "Audit objective." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "required", description: "Worktree isolation mode." }
+    ]
+  },
+  {
+    id: KNOWLEDGE_REFRESH_TEMPLATE_ID,
+    name: "Knowledge Refresh",
+    description: "Review recent knowledge, improve structure/schema where needed, create deduped tasks for code changes, and verify the knowledge update.",
+    kind: "workflow",
+    variables: [
+      { name: "scope", description: "Knowledge scope or label to refresh." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "required", description: "Worktree isolation mode." }
+    ]
+  },
+  {
+    id: REPORT_ONLY_TEMPLATE_ID,
+    name: "Report Only",
+    description: "Produce a bounded report without mutating repositories; verifier checks evidence, scope, and absence of unauthorized changes.",
+    kind: "workflow",
+    variables: [
+      { name: "objective", required: true, description: "Report objective." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "read-only", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "main", description: "Report-only workflows normally inspect the main checkout read-only." }
+    ]
+  },
+  {
+    id: INCIDENT_RESPONSE_TEMPLATE_ID,
+    name: "Incident Response",
+    description: "Triage an incident, gather bounded evidence, apply only allowed narrow mitigation, create follow-up tasks, and verify the response.",
+    kind: "workflow",
+    variables: [
+      { name: "incidentId", description: "Incident or task id." },
+      { name: "objective", required: true, description: "Incident response objective." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "authProfilePool", description: "Comma-separated Codewith profiles for worker/verifier rotation." },
+      { name: "provider", default: "codewith", description: "Agent provider." },
+      { name: "sandbox", default: "workspace-write", description: "Provider sandbox mode." },
+      { name: "worktreeMode", default: "required", description: "Worktree isolation mode." }
+    ]
+  },
+  {
+    id: DETERMINISTIC_CHECK_CREATE_TASK_TEMPLATE_ID,
+    name: "Deterministic Check Create Task",
+    description: "Run a deterministic check command that writes compact evidence and upserts one deduped todos task when its expectation is not met.",
+    kind: "workflow",
+    variables: [
+      { name: "checkCommand", required: true, description: "Shell command that performs the check and task upsert." },
+      { name: "projectPath", required: true, description: "Repository or project working directory." },
+      { name: "name", description: "Workflow name." },
+      { name: "timeoutMs", default: "300000", description: "Check timeout in milliseconds." }
+    ]
   }
 ];
 function compactJson(value) {
@@ -5492,7 +6063,7 @@ function defaultWorktreeRoot(root) {
     const expanded = root.trim().replace(/^~(?=$|\/)/, homedir3());
     return isAbsolute(expanded) ? expanded : resolve(expanded);
   }
-  return join3(homedir3(), ".hasna", "loops", "worktrees");
+  return join5(homedir3(), ".hasna", "loops", "worktrees");
 }
 function gitRootFor(path) {
   if (!existsSync3(path))
@@ -5593,11 +6164,11 @@ function worktreePlan(input, seed) {
     };
   }
   const root = defaultWorktreeRoot(input.worktreeRoot);
-  const repoSlug = slugSegment(basename2(repoRoot), "repo");
+  const repoSlug = slugSegment(basename3(repoRoot), "repo");
   const seedSlug = `${slugSegment(seed, "run").slice(0, 48)}-${stableHex(`${repoRoot}:${seed}`)}`;
-  const worktreePath = join3(root, repoSlug, seedSlug);
+  const worktreePath = join5(root, repoSlug, seedSlug);
   const relativeCwd = relative(repoRoot, originalCwd);
-  const cwd = relativeCwd && !relativeCwd.startsWith("..") && !isAbsolute(relativeCwd) ? join3(worktreePath, relativeCwd) : worktreePath;
+  const cwd = relativeCwd && !relativeCwd.startsWith("..") && !isAbsolute(relativeCwd) ? join5(worktreePath, relativeCwd) : worktreePath;
   const branchPrefix = (input.worktreeBranchPrefix?.trim() || "openloops").replace(/^\/+|\/+$/g, "") || "openloops";
   const branch = `${branchPrefix}/${repoSlug}/${seedSlug}`;
   const prepareStep = {
@@ -5655,10 +6226,20 @@ function assertNativeAuthProfileSupport(input, provider) {
     return;
   throw new Error(`authProfile, authProfilePool, workerAuthProfile, and verifierAuthProfile are supported only for provider codewith; use account/accountPool for ${provider} profile isolation`);
 }
+function failClosedSandbox(input, provider, sandbox) {
+  if (!["codewith", "codex"].includes(provider))
+    return;
+  if (sandbox !== "danger-full-access")
+    return;
+  if (input.manualBreakGlass)
+    return;
+  throw new Error("danger-full-access is manual break-glass only for generated worker/verifier workflows; use sandbox=workspace-write or set manualBreakGlass=true with explicit operator approval");
+}
 function agentTarget(input, prompt, role, seed, plan) {
   const provider = input.provider ?? "codewith";
   assertNativeAuthProfileSupport(input, provider);
-  const sandbox = input.sandbox ?? (provider === "codewith" || provider === "codex" ? "danger-full-access" : provider === "cursor" ? "disabled" : undefined);
+  const sandbox = input.sandbox ?? (provider === "codewith" || provider === "codex" ? "workspace-write" : provider === "cursor" ? "enabled" : undefined);
+  failClosedSandbox(input, provider, sandbox);
   return {
     type: "agent",
     provider,
@@ -5682,6 +6263,7 @@ function agentTarget(input, prompt, role, seed, plan) {
       branch: plan.branch,
       reason: plan.reason
     },
+    allowlist: input.manualBreakGlass ? { enforcement: "metadata_only", commands: ["manual-break-glass"] } : undefined,
     routing: {
       projectPath: input.routeProjectPath ?? input.projectPath,
       ...input.projectGroup ? { projectGroup: input.projectGroup } : {}
@@ -5771,7 +6353,10 @@ function renderTodosTaskWorkerVerifierWorkflow(input) {
         name: "Verifier",
         description: "Adversarially verify worker output and update todos.",
         dependsOn: ["worker"],
-        target: agentTarget(input, verifierPrompt, "verifier", input.taskId, plan),
+        target: {
+          ...agentTarget(input, verifierPrompt, "verifier", input.taskId, plan),
+          idleTimeoutMs: 10 * 60000
+        },
         timeoutMs: 30 * 60000
       }
     ])
@@ -5849,7 +6434,10 @@ function renderEventWorkerVerifierWorkflow(input) {
         name: "Verifier",
         description: "Adversarially verify event handling.",
         dependsOn: ["worker"],
-        target: agentTarget(input, verifierPrompt, "verifier", seed, plan),
+        target: {
+          ...agentTarget(input, verifierPrompt, "verifier", seed, plan),
+          idleTimeoutMs: 10 * 60000
+        },
         timeoutMs: 30 * 60000
       }
     ])
@@ -5900,13 +6488,142 @@ function renderBoundedAgentWorkerVerifierWorkflow(input) {
         name: "Verifier",
         description: "Adversarially verify the bounded objective result.",
         dependsOn: ["worker"],
-        target: agentTarget(input, verifierPrompt, "verifier", seed, plan),
+        target: {
+          ...agentTarget(input, verifierPrompt, "verifier", seed, plan),
+          idleTimeoutMs: 10 * 60000
+        },
         timeoutMs: Math.min(timeoutMs, 30 * 60000)
       }
     ])
   };
 }
+function renderLifecycleBoundedTemplate(id, values) {
+  const projectPath = values.projectPath ?? values.cwd ?? process.cwd();
+  const common = {
+    name: values.name,
+    projectPath,
+    routeProjectPath: values.routeProjectPath,
+    projectGroup: values.projectGroup,
+    provider: values.provider,
+    authProfile: values.authProfile,
+    authProfilePool: listVar(values.authProfilePool),
+    workerAuthProfile: values.workerAuthProfile,
+    verifierAuthProfile: values.verifierAuthProfile,
+    account: values.account ? { profile: values.account, tool: values.accountTool } : undefined,
+    accountPool: accountPoolVar(values.accountPool, values.accountTool),
+    model: values.model,
+    variant: values.variant,
+    agent: values.agent,
+    permissionMode: values.permissionMode,
+    sandbox: values.sandbox,
+    manualBreakGlass: booleanVar(values.manualBreakGlass),
+    worktreeMode: values.worktreeMode ?? (id === REPORT_ONLY_TEMPLATE_ID ? "main" : "required"),
+    worktreeRoot: values.worktreeRoot,
+    worktreeBranchPrefix: values.worktreeBranchPrefix,
+    timeoutMs: values.timeoutMs ? Number(values.timeoutMs) : undefined
+  };
+  if (id === TASK_LIFECYCLE_TEMPLATE_ID) {
+    const taskId = values.taskId ?? "";
+    if (!taskId.trim())
+      throw new Error("taskId is required");
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `task-lifecycle-${slugSegment(taskId)}-worker-verifier`,
+      objective: values.objective ?? `Run the full task lifecycle for todos task ${taskId}.`,
+      prompt: values.prompt ?? "Triage and dedupe the task, verify it is eligible for loop execution, create or update a concise plan artifact/comment, execute only the allowed scope, validate, record evidence, and let the verifier decide final task state. Add follow-up tasks instead of broadening scope."
+    });
+  }
+  if (id === PR_REVIEW_TEMPLATE_ID) {
+    const pr = values.prUrl ?? values.prNumber ?? "";
+    if (!pr.trim())
+      throw new Error("prUrl or prNumber is required");
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `pr-review-${slugSegment(pr)}-worker-verifier`,
+      objective: values.objective ?? `Review and drive PR ${pr} toward merge-ready state.`,
+      prompt: values.prompt ?? "Inspect PR state, checks, conflicts, branch freshness, review requirements, and repo policy. Apply only owned logical fixes in the isolated worktree, validate, update the PR/task with evidence, and do not merge unless policy/checks make it clearly safe."
+    });
+  }
+  if (id === SCHEDULED_AUDIT_TEMPLATE_ID) {
+    const objective = values.objective ?? "";
+    if (!objective.trim())
+      throw new Error("objective is required");
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `scheduled-audit-${stableIndex(`${projectPath}:${objective}`, 4294967295).toString(16).padStart(8, "0")}-worker-verifier`,
+      objective,
+      prompt: values.prompt ?? "Run the bounded audit, write compact evidence, create deduped todos tasks for actionable issues, and avoid implementation unless the task explicitly allows it."
+    });
+  }
+  if (id === KNOWLEDGE_REFRESH_TEMPLATE_ID) {
+    const scope = values.scope ?? values.label ?? "recent knowledge";
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `knowledge-refresh-${slugSegment(scope)}-worker-verifier`,
+      objective: values.objective ?? `Refresh and verify ${scope}.`,
+      prompt: values.prompt ?? "Inspect recent knowledge records, improve structure/schema where appropriate, avoid duplicates, create tasks for code changes instead of doing unrelated implementation, and record verification evidence."
+    });
+  }
+  if (id === REPORT_ONLY_TEMPLATE_ID) {
+    const objective = values.objective ?? "";
+    if (!objective.trim())
+      throw new Error("objective is required");
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `report-only-${stableIndex(`${projectPath}:${objective}`, 4294967295).toString(16).padStart(8, "0")}-worker-verifier`,
+      objective,
+      prompt: values.prompt ?? "Produce a report only. Do not mutate repositories, tasks, secrets, databases, or external systems except for writing the requested report/evidence artifact."
+    });
+  }
+  if (id === INCIDENT_RESPONSE_TEMPLATE_ID) {
+    const objective = values.objective ?? "";
+    if (!objective.trim())
+      throw new Error("objective is required");
+    const incident = values.incidentId ?? values.taskId ?? "incident";
+    return renderBoundedAgentWorkerVerifierWorkflow({
+      ...common,
+      name: values.name ?? `incident-response-${slugSegment(incident)}-worker-verifier`,
+      objective,
+      prompt: values.prompt ?? "Triage first, gather bounded evidence, mitigate only narrow allowed issues, preserve data/history/secrets, create follow-up tasks for larger fixes, and require verifier confirmation before closure."
+    });
+  }
+  return;
+}
+function renderDeterministicCheckCreateTaskWorkflow(values) {
+  const projectPath = values.projectPath ?? values.cwd ?? process.cwd();
+  const checkCommand = values.checkCommand ?? "";
+  if (!checkCommand.trim())
+    throw new Error("checkCommand is required");
+  const seed = `${projectPath}:${checkCommand}`;
+  return {
+    name: values.name ?? `deterministic-check-${stableIndex(seed, 4294967295).toString(16).padStart(8, "0")}`,
+    description: values.description ?? "Deterministic check that writes compact evidence and upserts one deduped todos task when the expectation is not met.",
+    version: 1,
+    steps: [
+      {
+        id: "check",
+        name: "Check",
+        description: "Run the deterministic check/task-upsert command.",
+        target: {
+          type: "command",
+          command: "bash",
+          args: ["-lc", checkCommand],
+          cwd: projectPath,
+          timeoutMs: values.timeoutMs ? Number(values.timeoutMs) : 5 * 60000,
+          idleTimeoutMs: values.idleTimeoutMs ? Number(values.idleTimeoutMs) : 60000
+        },
+        timeoutMs: values.timeoutMs ? Number(values.timeoutMs) : 5 * 60000
+      }
+    ]
+  };
+}
 function renderLoopTemplate(id, values) {
+  if (id === DETERMINISTIC_CHECK_CREATE_TASK_TEMPLATE_ID) {
+    return renderDeterministicCheckCreateTaskWorkflow(values);
+  }
+  const lifecycle = renderLifecycleBoundedTemplate(id, values);
+  if (lifecycle)
+    return lifecycle;
   if (id === TODOS_TASK_WORKER_VERIFIER_TEMPLATE_ID) {
     return renderTodosTaskWorkerVerifierWorkflow({
       taskId: values.taskId ?? "",
@@ -5927,6 +6644,7 @@ function renderLoopTemplate(id, values) {
       agent: values.agent,
       permissionMode: values.permissionMode,
       sandbox: values.sandbox,
+      manualBreakGlass: booleanVar(values.manualBreakGlass),
       worktreeMode: values.worktreeMode,
       worktreeRoot: values.worktreeRoot,
       worktreeBranchPrefix: values.worktreeBranchPrefix,
@@ -5957,6 +6675,7 @@ function renderLoopTemplate(id, values) {
       agent: values.agent,
       permissionMode: values.permissionMode,
       sandbox: values.sandbox,
+      manualBreakGlass: booleanVar(values.manualBreakGlass),
       worktreeMode: values.worktreeMode,
       worktreeRoot: values.worktreeRoot,
       worktreeBranchPrefix: values.worktreeBranchPrefix
@@ -5982,6 +6701,7 @@ function renderLoopTemplate(id, values) {
       agent: values.agent,
       permissionMode: values.permissionMode,
       sandbox: values.sandbox,
+      manualBreakGlass: booleanVar(values.manualBreakGlass),
       worktreeMode: values.worktreeMode,
       worktreeRoot: values.worktreeRoot,
       worktreeBranchPrefix: values.worktreeBranchPrefix,
@@ -5994,6 +6714,16 @@ function listVar(value) {
   const values = value?.split(",").map((entry) => entry.trim()).filter(Boolean);
   return values?.length ? values : undefined;
 }
+function booleanVar(value) {
+  if (value === undefined)
+    return;
+  const normalized = value.trim().toLowerCase();
+  if (["1", "true", "yes", "on"].includes(normalized))
+    return true;
+  if (["0", "false", "no", "off", ""].includes(normalized))
+    return false;
+  throw new Error(`expected boolean value, got ${value}`);
+}
 function accountPoolVar(value, tool) {
   return listVar(value)?.map((profile) => ({ profile, tool }));
 }
@@ -6224,8 +6954,8 @@ function runLocalCommand(command, args, opts = {}) {
   };
 }
 function runLocalCommandWithStdoutFile(command, args, opts = {}) {
-  const tempDir = mkdtempSync(join4(tmpdir(), "loops-command-output-"));
-  const stdoutPath = join4(tempDir, "stdout");
+  const tempDir = mkdtempSync2(join6(tmpdir2(), "loops-command-output-"));
+  const stdoutPath = join6(tempDir, "stdout");
   const stdoutFd = openSync2(stdoutPath, "w");
   let result;
   try {
@@ -6249,7 +6979,7 @@ function runLocalCommandWithStdoutFile(command, args, opts = {}) {
       error: result.error ? String(result.error.message || result.error) : ""
     };
   } finally {
-    rmSync2(tempDir, { recursive: true, force: true });
+    rmSync3(tempDir, { recursive: true, force: true });
   }
 }
 function ensureTodosTaskList(project, slug, name, description) {
@@ -6265,23 +6995,23 @@ function ensureTodosTaskList(project, slug, name, description) {
 }
 function backupLoopsDatabase(reason) {
   const stamp = new Date().toISOString().replace(/[-:]/g, "").replace(/\..+$/, "Z");
-  const backupDir = join4(dataDir(), "backups");
-  mkdirSync5(backupDir, { recursive: true, mode: 448 });
-  const backupPath = join4(backupDir, `loops.db.bak-${reason}-${stamp}`);
+  const backupDir = join6(dataDir(), "backups");
+  mkdirSync6(backupDir, { recursive: true, mode: 448 });
+  const backupPath = join6(backupDir, `loops.db.bak-${reason}-${stamp}`);
   const db = new Database2(dbPath(), { readonly: true });
   try {
-    writeFileSync3(backupPath, db.serialize(), { mode: 384 });
+    writeFileSync4(backupPath, db.serialize(), { mode: 384 });
   } finally {
     db.close();
   }
   return backupPath;
 }
 function stableHash(parts) {
-  return createHash2("sha256").update(parts.map((part) => JSON.stringify(part)).join(`
+  return createHash3("sha256").update(parts.map((part) => JSON.stringify(part)).join(`
 `)).digest("hex").slice(0, 16);
 }
 function routeCursorsPath() {
-  return join4(dataDir(), "route-cursors.json");
+  return join6(dataDir(), "route-cursors.json");
 }
 function readRouteCursors() {
   const path = routeCursorsPath();
@@ -6299,15 +7029,15 @@ function writeRouteCursor(key, lastFingerprint) {
     return;
   const cursors = readRouteCursors();
   cursors[key] = { lastFingerprint, updatedAt: new Date().toISOString() };
-  writeFileSync3(routeCursorsPath(), JSON.stringify(cursors, null, 2), { mode: 384 });
+  writeFileSync4(routeCursorsPath(), JSON.stringify(cursors, null, 2), { mode: 384 });
 }
 function writeRouteEvidence(kind, value, evidenceDir) {
   if (!evidenceDir)
     return;
-  mkdirSync5(evidenceDir, { recursive: true, mode: 448 });
+  mkdirSync6(evidenceDir, { recursive: true, mode: 448 });
   const stamp = new Date().toISOString().replace(/[-:]/g, "").replace(/\./g, "");
-  const evidencePath = join4(evidenceDir, `${kind}-${stamp}-${randomUUID().slice(0, 8)}.json`);
-  writeFileSync3(evidencePath, JSON.stringify(value, null, 2), { mode: 384, flag: "wx" });
+  const evidencePath = join6(evidenceDir, `${kind}-${stamp}-${randomUUID().slice(0, 8)}.json`);
+  writeFileSync4(evidencePath, JSON.stringify(value, null, 2), { mode: 384, flag: "wx" });
   return evidencePath;
 }
 function selectRouteItems(items, maxActions, cursorKey, fingerprintOf) {
@@ -6426,7 +7156,7 @@ function slugSegment2(value, fallback = "event") {
   return value.toLowerCase().replace(/[^a-z0-9._:-]+/g, "-").replace(/^-|-$/g, "").slice(0, 80) || fallback;
 }
 function stableSuffix(value) {
-  return createHash2("sha256").update(value).digest("hex").slice(0, 12);
+  return createHash3("sha256").update(value).digest("hex").slice(0, 12);
 }
 function taskEventField(data, keys) {
   for (const key of keys) {
@@ -6561,6 +7291,33 @@ function taskRouteEligibility(data, metadata) {
   }
   return { eligible: true, tags };
 }
+function generatedRouteSandboxPreflight(workflow) {
+  const checks = [];
+  for (const step of workflow.steps) {
+    if (step.target.type !== "agent")
+      continue;
+    const target = step.target;
+    const worktreeEnabled = Boolean(target.worktree?.enabled);
+    if (target.sandbox === "danger-full-access") {
+      const manual = target.allowlist?.commands?.includes("manual-break-glass");
+      if (!manual) {
+        throw new Error(`route step ${step.id} uses danger-full-access without manual break-glass evidence`);
+      }
+      checks.push({ stepId: step.id, provider: target.provider, sandbox: target.sandbox, worktreeEnabled, method: "manual-break-glass" });
+      continue;
+    }
+    if (["codewith", "codex"].includes(target.provider) && (target.sandbox === "workspace-write" || target.sandbox === "read-only") || target.provider === "cursor" && target.sandbox === "enabled") {
+      checks.push({ stepId: step.id, provider: target.provider, sandbox: target.sandbox, worktreeEnabled, method: "provider-native-sandbox" });
+      continue;
+    }
+    if (worktreeEnabled) {
+      checks.push({ stepId: step.id, provider: target.provider, sandbox: target.sandbox, worktreeEnabled, method: "isolated-worktree" });
+      continue;
+    }
+    throw new Error(`route step ${step.id} has no verified unattended isolation; use provider sandbox workspace-write/read-only/enabled, worktreeMode=required, or explicit manual break-glass`);
+  }
+  return checks;
+}
 function routeThrottleLimitsFromOpts(opts) {
   return {
     maxActive: positiveInteger(opts.maxActive, "--max-active"),
@@ -6594,46 +7351,10 @@ function normalizeRoutePath(value) {
 function routeProjectGroup(optsGroup, data, metadata) {
   return optsGroup?.trim() || taskEventField(data, ["project_group", "projectGroup", "repo_group", "repoGroup", "workspace_group", "workspaceGroup"]) || taskEventField(metadata, ["project_group", "projectGroup", "repo_group", "repoGroup", "workspace_group", "workspaceGroup"]);
 }
-function firstWorkflowRouting(workflow) {
-  for (const step of workflow.steps) {
-    if (step.target.type !== "agent")
-      continue;
-    const target = step.target;
-    const projectPath = normalizeRoutePath(target.routing?.projectPath ?? target.worktree?.originalCwd ?? target.cwd);
-    const projectGroup = target.routing?.projectGroup?.trim();
-    if (projectPath || projectGroup) {
-      return {
-        ...projectPath ? { projectPath } : {},
-        ...projectGroup ? { projectGroup } : {}
-      };
-    }
-  }
-  return;
-}
-function activeWorkflowLoopRoutes(store) {
-  const values = [];
-  for (const loop of store.listLoops({ status: "active", limit: 1e4 })) {
-    if (loop.target.type !== "workflow")
-      continue;
-    const workflow = store.getWorkflow(loop.target.workflowId);
-    if (!workflow || workflow.status !== "active")
-      continue;
-    const routing = firstWorkflowRouting(workflow);
-    if (routing)
-      values.push({ loop, routing });
-  }
-  return values;
-}
 function routeThrottleDecision(store, args) {
   const projectPath = normalizeRoutePath(args.projectPath) ?? resolve2(args.projectPath);
   const projectGroup = args.projectGroup?.trim() || undefined;
-  const active = activeWorkflowLoopRoutes(store);
-  const counts = {
-    global: active.length,
-    project: active.filter((entry) => normalizeRoutePath(entry.routing.projectPath) === projectPath).length
-  };
-  if (projectGroup)
-    counts.projectGroup = active.filter((entry) => entry.routing.projectGroup?.trim() === projectGroup).length;
+  const counts = store.countActiveWorkflowWorkItems({ projectKey: projectPath, projectGroup });
   const base = {
     projectPath,
     ...projectGroup ? { projectGroup } : {},
@@ -6666,12 +7387,8 @@ function routeThrottleDryRunPreview(args) {
     limits: args.limits
   };
 }
-function findLoopByTaskIdempotency(store, idempotencyKey) {
-  const marker = `idempotency=${idempotencyKey}`;
-  return store.listLoops({ includeArchived: true, limit: 1e5 }).find((loop) => loop.description?.includes(marker));
-}
-async function readEventEnvelopeFromStdin() {
-  const raw = process.env.HASNA_EVENT_JSON || await Bun.stdin.text();
+async function readEventEnvelopeInput(opts = {}) {
+  const raw = opts.eventJson ?? (opts.eventFile ? readFileSync2(opts.eventFile, "utf8") : process.env.HASNA_EVENT_JSON || await Bun.stdin.text());
   const event = JSON.parse(raw);
   if (!event || typeof event !== "object" || Array.isArray(event))
     throw new Error("event JSON must be an object");
@@ -6683,6 +7400,9 @@ async function readEventEnvelopeFromStdin() {
     throw new Error("event.source is required");
   return event;
 }
+async function readEventEnvelopeFromStdin() {
+  return readEventEnvelopeInput();
+}
 function routeTodosTaskEvent(event, opts) {
   const data = eventData(event);
   const metadata = eventMetadata(event);
@@ -6717,24 +7437,27 @@ function routeTodosTaskEvent(event, opts) {
   const namePrefix = opts.namePrefix ?? "event:todos-task";
   const workflowName = `${namePrefix}:${taskId.slice(0, 8)}:${idempotencySuffix}:workflow`;
   const loopName = `${namePrefix}:${taskId.slice(0, 8)}:${idempotencySuffix}:run`;
-  const legacyLoopName = `${namePrefix}:${taskId.slice(0, 8)}:${event.id.slice(0, 8)}:run`;
   if (!opts.dryRun) {
     const store2 = new Store;
     try {
-      const existingLoop = store2.findLoopByName(loopName) ?? store2.findLoopByName(legacyLoopName) ?? findLoopByTaskIdempotency(store2, idempotencyKey);
-      if (existingLoop) {
-        const existingWorkflow = existingLoop.target.type === "workflow" ? store2.getWorkflow(existingLoop.target.workflowId) : undefined;
+      const existingItem = store2.findWorkflowWorkItem("todos-task", idempotencyKey);
+      if (existingItem?.loopId && ["admitted", "running", "succeeded"].includes(existingItem.status)) {
+        const existingLoop = store2.getLoop(existingItem.loopId);
+        const existingWorkflow = existingItem.workflowId ? store2.getWorkflow(existingItem.workflowId) : undefined;
+        const existingInvocation = store2.getWorkflowInvocation(existingItem.invocationId);
         return {
           kind: "deduped",
           value: {
             deduped: true,
             idempotencyKey,
-            dedupedBy: existingLoop.name === loopName ? "idempotency" : "legacy-event-name",
+            dedupedBy: "work-item",
             event,
+            invocation: existingInvocation ? publicWorkflowInvocation(existingInvocation) : undefined,
+            workItem: publicWorkflowWorkItem(existingItem),
             workflow: existingWorkflow ? publicWorkflow(existingWorkflow) : undefined,
-            loop: publicLoop(existingLoop)
+            loop: existingLoop ? publicLoop(existingLoop) : undefined
           },
-          human: `deduped existing loop ${existingLoop.id} (${existingLoop.name}) for event=${event.id} idempotency=${idempotencyKey}`
+          human: `deduped existing work item ${existingItem.id} for event=${event.id} idempotency=${idempotencyKey}`
         };
       }
     } finally {
@@ -6768,6 +7491,7 @@ function routeTodosTaskEvent(event, opts) {
     agent: opts.agent,
     permissionMode,
     sandbox,
+    manualBreakGlass: Boolean(opts.manualBreakGlass),
     worktreeMode: opts.worktreeMode ?? "auto",
     worktreeRoot: opts.worktreeRoot,
     worktreeBranchPrefix: opts.worktreeBranchPrefix ?? "openloops",
@@ -6776,11 +7500,53 @@ function routeTodosTaskEvent(event, opts) {
   });
   workflowBody.name = workflowName;
   workflowBody.description = `Task-triggered worker/verifier workflow for ${taskTitle ?? taskId} from ${event.source}/${event.type}; ` + `idempotency=${idempotencyKey}; event=${event.id}; project=${projectPath}; projectGroup=${projectGroup ?? "-"}`;
+  const sandboxPreflight = generatedRouteSandboxPreflight(workflowBody);
+  const invocationInput = {
+    templateId: "todos-task-worker-verifier",
+    sourceRef: {
+      kind: "event",
+      id: event.id,
+      dedupeKey: idempotencyKey,
+      raw: { type: event.type, source: event.source, subject: event.subject }
+    },
+    subjectRef: {
+      kind: "task",
+      id: taskId,
+      path: routeProjectPath,
+      raw: { title: taskTitle, description: taskDescription }
+    },
+    intent: "route",
+    scope: {
+      projectPath: routeProjectPath,
+      projectGroup,
+      worktreePolicy: opts.worktreeMode ?? "auto",
+      permissions: permissionMode,
+      manualBreakGlass: Boolean(opts.manualBreakGlass),
+      accountPolicy: opts.authProfilePool || opts.accountPool ? "pool" : "single",
+      concurrencyGroup: projectGroup ?? routeProjectPath
+    },
+    outputPolicy: {
+      report: "always",
+      createTask: "on_failure"
+    }
+  };
+  const workItemInput = {
+    routeKey: "todos-task",
+    idempotencyKey,
+    invocationId: "<created-invocation-id>",
+    sourceType: event.type,
+    sourceRef: event.id,
+    subjectRef: taskId,
+    projectKey: routeProjectPath,
+    projectGroup,
+    priority: 0,
+    status: "queued"
+  };
   const loopInput = {
     name: loopName,
     description: `Run ${workflowBody.name} once for task ${taskId}; idempotency=${idempotencyKey}; event=${event.id}`,
     schedule: { type: "once", at: new Date(Date.now() + 1000).toISOString() },
-    target: { type: "workflow", workflowId: "<created-workflow-id>" },
+    target: { type: "workflow", workflowId: "<created-workflow-id>", input: {} },
     overlap: "skip",
     maxAttempts: 1,
     retryDelayMs: 60000,
@@ -6795,7 +7561,7 @@ function routeTodosTaskEvent(event, opts) {
     }, {}) : undefined;
     return {
       kind: "created",
-      value: { deduped: false, idempotencyKey, event, workflow: workflowBody, loop: loopInput, throttle, preflight },
+      value: { deduped: false, idempotencyKey, event, invocation: invocationInput, workItem: workItemInput, workflow: workflowBody, loop: loopInput, throttle, sandboxPreflight, preflight },
       human: `dry-run ${loopName}`
     };
   }
@@ -6803,27 +7569,44 @@ function routeTodosTaskEvent(event, opts) {
   try {
     const existingWorkflowForPreflight = store.findWorkflowByName(workflowBody.name);
     const workflowPreflightSpec = existingWorkflowForPreflight ?? workflowSpecForPreflight(workflowBody, "event-preflight");
+    generatedRouteSandboxPreflight(workflowPreflightSpec);
     const preflight = opts.preflight ? preflightStoredWorkflow(workflowPreflightSpec, {
       name: workflowBody.name,
       type: "todos-task-event-workflow",
       event: event.id
     }, {}) : undefined;
     const outcome = store.writeTransaction(() => {
-      const existingLoop = store.findLoopByName(loopName) ?? store.findLoopByName(legacyLoopName) ?? findLoopByTaskIdempotency(store, idempotencyKey);
-      if (existingLoop) {
-        const existingWorkflow2 = existingLoop.target.type === "workflow" ? store.getWorkflow(existingLoop.target.workflowId) : undefined;
-        return { kind: "deduped", existingLoop, existingWorkflow: existingWorkflow2 };
+      const invocation = store.createWorkflowInvocation(invocationInput);
+      const existingItem = store.findWorkflowWorkItem("todos-task", idempotencyKey);
+      if (existingItem?.loopId && ["admitted", "running", "succeeded"].includes(existingItem.status)) {
+        const existingLoop = store.getLoop(existingItem.loopId);
+        const existingWorkflow2 = existingItem.workflowId ? store.getWorkflow(existingItem.workflowId) : undefined;
+        return { kind: "deduped", existingItem, existingLoop, existingWorkflow: existingWorkflow2, invocation };
       }
       const throttle = hasThrottleLimits(throttleLimits) ? routeThrottleDecision(store, { projectPath: routeProjectPath, projectGroup, limits: throttleLimits }) : undefined;
+      const workItem = store.upsertWorkflowWorkItem({
+        ...workItemInput,
+        invocationId: invocation.id,
+        status: throttle && !throttle.allowed ? "deferred" : "queued",
+        lastReason: throttle && !throttle.allowed ? throttle.reason : undefined
+      });
       if (throttle && !throttle.allowed)
-        return { kind: "throttled", throttle };
+        return { kind: "throttled", invocation, workItem, throttle };
       const existingWorkflow = store.findWorkflowByName(workflowBody.name);
       const workflow = existingWorkflow ?? store.createWorkflow(workflowBody);
       const loop = store.createLoop({
         ...loopInput,
-        target: { type: "workflow", workflowId: workflow.id }
+        target: {
+          type: "workflow",
+          workflowId: workflow.id,
+          input: {
+            workflowInvocationId: invocation.id,
+            workflowWorkItemId: workItem.id
+          }
+        }
       });
-      return { kind: "created", workflow, loop, throttle };
+      const admitted = store.admitWorkflowWorkItem(workItem.id, { workflowId: workflow.id, loopId: loop.id, reason: "admitted by todos-task route" });
+      return { kind: "created", invocation, workItem: admitted, workflow, loop, throttle };
     });
     if (outcome.kind === "deduped") {
       return {
@@ -6831,12 +7614,14 @@ function routeTodosTaskEvent(event, opts) {
         value: {
           deduped: true,
           idempotencyKey,
-          dedupedBy: outcome.existingLoop.name === loopName ? "idempotency" : "legacy-event-name",
+          dedupedBy: "work-item",
           event,
+          invocation: publicWorkflowInvocation(outcome.invocation),
+          workItem: publicWorkflowWorkItem(outcome.existingItem),
           workflow: outcome.existingWorkflow ? publicWorkflow(outcome.existingWorkflow) : undefined,
-          loop: publicLoop(outcome.existingLoop)
+          loop: outcome.existingLoop ? publicLoop(outcome.existingLoop) : undefined
         },
-        human: `deduped existing loop ${outcome.existingLoop.id} (${outcome.existingLoop.name}) for event=${event.id} idempotency=${idempotencyKey}`
+        human: `deduped existing work item ${outcome.existingItem.id} for event=${event.id} idempotency=${idempotencyKey}`
       };
     }
     if (outcome.kind === "throttled") {
@@ -6848,6 +7633,8 @@ function routeTodosTaskEvent(event, opts) {
           reason: outcome.throttle.reason,
           idempotencyKey,
           event,
+          invocation: publicWorkflowInvocation(outcome.invocation),
+          workItem: publicWorkflowWorkItem(outcome.workItem),
           throttle: outcome.throttle,
           workflow: workflowBody,
           loop: loopInput
@@ -6861,9 +7648,12 @@ function routeTodosTaskEvent(event, opts) {
         deduped: false,
         idempotencyKey,
         event,
+        invocation: publicWorkflowInvocation(outcome.invocation),
+        workItem: publicWorkflowWorkItem(outcome.workItem),
         workflow: publicWorkflow(outcome.workflow),
         loop: publicLoop(outcome.loop),
         throttle: outcome.throttle,
+        sandboxPreflight,
         preflight
       },
       human: `created ${outcome.loop.id} (${outcome.loop.name}) workflow=${outcome.workflow.name} event=${event.id} idempotency=${idempotencyKey}`
@@ -6872,14 +7662,226 @@ function routeTodosTaskEvent(event, opts) {
     store.close();
   }
 }
-function taskField(task, keys) {
-  for (const key of keys) {
-    const value = stringField(task[key]);
-    if (value)
-      return value;
-  }
-  return;
-}
+function routeGenericEvent(event, opts) {
+  const data = eventData(event);
+  const metadata = eventMetadata(event);
+  const projectPath = opts.projectPath ?? taskEventField(data, ["working_dir", "workingDir", "project_path", "projectPath", "cwd", "repo_path", "repoPath"]) ?? taskEventField(metadata, ["working_dir", "workingDir", "project_path", "projectPath", "project_canonical_path", "cwd", "repo_path", "repoPath"]) ?? process.cwd();
+  const routeProjectPath = normalizeRoutePath(projectPath) ?? resolve2(projectPath);
+  const projectGroup = routeProjectGroup(opts.projectGroup, data, metadata);
+  const throttleLimits = routeThrottleLimitsFromOpts(opts);
+  const eventSuffix = event.id.slice(0, 8);
+  const source = slugSegment2(event.source, "source");
+  const type = slugSegment2(event.type, "type");
+  const workflowName = `${opts.namePrefix ?? "event:generic"}:${source}:${type}:${eventSuffix}:workflow`;
+  const loopName = `${opts.namePrefix ?? "event:generic"}:${source}:${type}:${eventSuffix}:run`;
+  const idempotencyKey = `generic-event:${event.source}:${event.type}:${event.id}`;
+  const provider = opts.provider ?? "codewith";
+  if (!["claude", "cursor", "codewith", "aicopilot", "opencode", "codex"].includes(provider))
+    throw new Error("unsupported provider");
+  const permissionMode = permissionModeFromOpts({ permissionMode: opts.permissionMode ?? "bypass" }, provider);
+  const sandbox = sandboxFromOpts({ sandbox: opts.sandbox }, provider);
+  const authProfile = providerAuthProfileFromOpts({ authProfile: opts.authProfile }, provider);
+  const workflowBody = renderEventWorkerVerifierWorkflow({
+    eventId: event.id,
+    eventType: event.type,
+    eventSource: event.source,
+    eventSubject: stringField(event.subject),
+    eventMessage: stringField(event.message),
+    eventJson: JSON.stringify(event),
+    projectPath,
+    routeProjectPath,
+    projectGroup,
+    provider,
+    authProfile,
+    authProfilePool: splitList(opts.authProfilePool),
+    workerAuthProfile: opts.workerAuthProfile,
+    verifierAuthProfile: opts.verifierAuthProfile,
+    account: accountFromOpts(opts),
+    accountPool: accountPoolFromOpts(opts),
+    workerAccount: roleAccountFromOpts(opts, opts.workerAccount),
+    verifierAccount: roleAccountFromOpts(opts, opts.verifierAccount),
+    model: opts.model,
+    variant: opts.variant,
+    agent: opts.agent,
+    permissionMode,
+    sandbox,
+    manualBreakGlass: Boolean(opts.manualBreakGlass),
+    worktreeMode: opts.worktreeMode ?? "auto",
+    worktreeRoot: opts.worktreeRoot,
+    worktreeBranchPrefix: opts.worktreeBranchPrefix ?? "openloops"
+  });
+  workflowBody.name = workflowName;
+  workflowBody.description = `Event-triggered worker/verifier workflow for ${event.source}/${event.type}; project=${projectPath}; projectGroup=${projectGroup ?? "-"}`;
+  const sandboxPreflight = generatedRouteSandboxPreflight(workflowBody);
+  const invocationInput = {
+    templateId: "event-worker-verifier",
+    sourceRef: {
+      kind: "event",
+      id: event.id,
+      dedupeKey: idempotencyKey,
+      raw: { source: event.source, type: event.type }
+    },
+    subjectRef: {
+      kind: "event",
+      id: stringField(event.subject) ?? event.id,
+      path: routeProjectPath,
+      raw: { message: stringField(event.message) }
+    },
+    intent: "route",
+    scope: {
+      projectPath: routeProjectPath,
+      projectGroup,
+      worktreePolicy: opts.worktreeMode ?? "auto",
+      permissions: permissionMode,
+      manualBreakGlass: Boolean(opts.manualBreakGlass),
+      accountPolicy: opts.authProfilePool || opts.accountPool ? "pool" : "single",
+      concurrencyGroup: projectGroup ?? routeProjectPath
+    },
+    outputPolicy: {
+      report: "always",
+      createTask: "on_failure"
+    }
+  };
+  const workItemInput = {
+    routeKey: "generic-event",
+    idempotencyKey,
+    invocationId: "<created-invocation-id>",
+    sourceType: event.type,
+    sourceRef: event.id,
+    subjectRef: stringField(event.subject) ?? event.id,
+    projectKey: routeProjectPath,
+    projectGroup,
+    priority: 0,
+    status: "queued"
+  };
+  const loopInput = {
+    name: loopName,
+    description: `Run ${workflowBody.name} once for event ${event.id}; idempotency=${idempotencyKey}`,
+    schedule: { type: "once", at: new Date(Date.now() + 1000).toISOString() },
+    target: { type: "workflow", workflowId: "<created-workflow-id>", input: {} },
+    overlap: "skip",
+    maxAttempts: 1,
+    retryDelayMs: 60000,
+    leaseMs: 90 * 60000
+  };
+  if (opts.dryRun) {
+    const throttle = hasThrottleLimits(throttleLimits) ? routeThrottleDryRunPreview({ projectPath: routeProjectPath, projectGroup, limits: throttleLimits }) : undefined;
+    const preflight = opts.preflight ? preflightStoredWorkflow(workflowSpecForPreflight(workflowBody, "event-preflight"), {
+      name: workflowBody.name,
+      type: "generic-event-workflow",
+      event: event.id
+    }, {}) : undefined;
+    return {
+      kind: "created",
+      value: { event, idempotencyKey, invocation: invocationInput, workItem: workItemInput, workflow: workflowBody, loop: loopInput, throttle, sandboxPreflight, preflight },
+      human: `dry-run ${loopName}`
+    };
+  }
+  const store = new Store;
+  try {
+    const existingWorkflowForPreflight = store.findWorkflowByName(workflowBody.name);
+    const workflowPreflightSpec = existingWorkflowForPreflight ?? workflowSpecForPreflight(workflowBody, "event-preflight");
+    generatedRouteSandboxPreflight(workflowPreflightSpec);
+    const preflight = opts.preflight ? preflightStoredWorkflow(workflowPreflightSpec, {
+      name: workflowBody.name,
+      type: "generic-event-workflow",
+      event: event.id
+    }, {}) : undefined;
+    const outcome = store.writeTransaction(() => {
+      const invocation = store.createWorkflowInvocation(invocationInput);
+      const existingItem = store.findWorkflowWorkItem("generic-event", idempotencyKey);
+      if (existingItem?.loopId && ["admitted", "running", "succeeded"].includes(existingItem.status)) {
+        const existingLoop = store.getLoop(existingItem.loopId);
+        const existingWorkflow2 = existingItem.workflowId ? store.getWorkflow(existingItem.workflowId) : undefined;
+        return { kind: "deduped", existingItem, existingLoop, existingWorkflow: existingWorkflow2, invocation };
+      }
+      const throttle = hasThrottleLimits(throttleLimits) ? routeThrottleDecision(store, { projectPath: routeProjectPath, projectGroup, limits: throttleLimits }) : undefined;
+      const workItem = store.upsertWorkflowWorkItem({
+        ...workItemInput,
+        invocationId: invocation.id,
+        status: throttle && !throttle.allowed ? "deferred" : "queued",
+        lastReason: throttle && !throttle.allowed ? throttle.reason : undefined
+      });
+      if (throttle && !throttle.allowed)
+        return { kind: "throttled", invocation, workItem, throttle };
+      const existingWorkflow = store.findWorkflowByName(workflowBody.name);
+      const workflow = existingWorkflow ?? store.createWorkflow(workflowBody);
+      const loop = store.createLoop({
+        ...loopInput,
+        target: {
+          type: "workflow",
+          workflowId: workflow.id,
+          input: {
+            workflowInvocationId: invocation.id,
+            workflowWorkItemId: workItem.id
+          }
+        }
+      });
+      const admitted = store.admitWorkflowWorkItem(workItem.id, { workflowId: workflow.id, loopId: loop.id, reason: "admitted by generic-event route" });
+      return { kind: "created", invocation, workItem: admitted, workflow, loop, throttle };
+    });
+    if (outcome.kind === "deduped") {
+      return {
+        kind: "deduped",
+        value: {
+          deduped: true,
+          idempotencyKey,
+          dedupedBy: "work-item",
+          event,
+          invocation: publicWorkflowInvocation(outcome.invocation),
+          workItem: publicWorkflowWorkItem(outcome.existingItem),
+          workflow: outcome.existingWorkflow ? publicWorkflow(outcome.existingWorkflow) : undefined,
+          loop: outcome.existingLoop ? publicLoop(outcome.existingLoop) : undefined
+        },
+        human: `deduped existing work item ${outcome.existingItem.id} for event=${event.id} idempotency=${idempotencyKey}`
+      };
+    }
+    if (outcome.kind === "throttled") {
+      return {
+        kind: "throttled",
+        value: {
+          skipped: true,
+          queuedAtSource: true,
+          reason: outcome.throttle.reason,
+          idempotencyKey,
+          event,
+          invocation: publicWorkflowInvocation(outcome.invocation),
+          workItem: publicWorkflowWorkItem(outcome.workItem),
+          throttle: outcome.throttle,
+          workflow: workflowBody,
+          loop: loopInput
+        },
+        human: `skipped event ${event.id}: ${outcome.throttle.reason}`
+      };
+    }
+    return {
+      kind: "created",
+      value: {
+        deduped: false,
+        idempotencyKey,
+        event,
+        invocation: publicWorkflowInvocation(outcome.invocation),
+        workItem: publicWorkflowWorkItem(outcome.workItem),
+        workflow: publicWorkflow(outcome.workflow),
+        loop: publicLoop(outcome.loop),
+        throttle: outcome.throttle,
+        sandboxPreflight,
+        preflight
+      },
+      human: `created ${outcome.loop.id} (${outcome.loop.name}) workflow=${outcome.workflow.name} event=${event.id} idempotency=${idempotencyKey}`
+    };
+  } finally {
+    store.close();
+  }
+}
+function taskField(task, keys) {
+  for (const key of keys) {
+    const value = stringField(task[key]);
+    if (value)
+      return value;
+  }
+  return;
+}
 function taskListId(task) {
   return taskField(task, ["task_list_id", "taskListId"]) ?? stringField(task.task_list?.id);
 }
@@ -7119,9 +8121,155 @@ addGoalOptions(addMachineOptions(addScheduleOptions(create.command("workflow <na
 });
 var workflows = program.command("workflows").alias("workflow").description("manage workflow specs and runs");
 var templates = program.command("templates").alias("template").description("render and store reusable loop/workflow templates");
+var routes = program.command("routes").alias("route").description("inspect workflow invocation/admission routes");
 var events = program.command("events").description("handle Hasna event envelopes from stdin or command transport");
 var machines = program.command("machines").description("inspect OpenMachines topology for loop assignment");
 var goal = program.command("goal").description("inspect goal runs");
+function addRouteEventOptions(command) {
+  return command.option("--event-file <file>", "read event envelope JSON from a file instead of stdin/HASNA_EVENT_JSON").option("--event-json <json>", "read event envelope JSON from this string instead of stdin/HASNA_EVENT_JSON").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--manual-break-glass", "allow danger-full-access in generated worker/verifier workflow metadata; for explicit operator emergency use only").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix").option("--preflight", "check generated workflow steps before storing the workflow loop");
+}
+function addTodosDrainOptions(command) {
+  return command.option("--todos-project <path>", "todos storage project path", defaultLoopsProject()).option("--todos-project-id <id>", "filter todos ready output to one todos project id").option("--task-list <id-or-slug>", "filter ready tasks to one task-list id, slug, or name").option("--project-path-prefix <path>", "filter ready tasks to a project/repo path prefix").option("--tags <tags>", "require all comma-separated tags before routing").option("--tag <tags>", "alias for --tags").option("--limit <n>", "maximum filtered ready-task candidates to consider", "50").option("--scan-limit <n>", "maximum raw todos ready rows to fetch before filters; defaults to 500 when filters are used").option("--max-dispatch <n>", "maximum new workflow loops to create in this drain run", "1").option("--evidence-dir <path>", "write a JSON drain report to this directory").option("--compact", "print compact JSON to stdout while preserving the full evidence file").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--manual-break-glass", "allow danger-full-access in generated worker/verifier workflow metadata; for explicit operator emergency use only").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated task worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:todos-task").option("--preflight", "check generated workflow steps before storing workflow loops").option("--dry-run", "preview selected tasks and generated workflow loops without storing anything");
+}
+function routeEventByKind(kind, event, opts) {
+  if (kind === "todos-task")
+    return routeTodosTaskEvent(event, opts);
+  if (kind === "generic")
+    return routeGenericEvent(event, opts);
+  throw new Error("route kind must be todos-task or generic");
+}
+function routeDrainArgs(opts) {
+  const args = ["events", "drain", "todos-task"];
+  const add = (flag, value) => {
+    if (value !== undefined && value !== false && value !== "")
+      args.push(flag, String(value));
+  };
+  const addBool = (flag, value) => {
+    if (value === true)
+      args.push(flag);
+  };
+  add("--todos-project", opts.todosProject);
+  add("--todos-project-id", opts.todosProjectId);
+  add("--task-list", opts.taskList);
+  add("--project-path-prefix", opts.projectPathPrefix);
+  add("--tags", opts.tags ?? opts.tag);
+  add("--limit", opts.limit);
+  add("--scan-limit", opts.scanLimit);
+  add("--max-dispatch", opts.maxDispatch);
+  add("--evidence-dir", opts.evidenceDir);
+  addBool("--compact", opts.compact);
+  add("--provider", opts.provider);
+  add("--auth-profile", opts.authProfile);
+  add("--auth-profile-pool", opts.authProfilePool);
+  add("--worker-auth-profile", opts.workerAuthProfile);
+  add("--verifier-auth-profile", opts.verifierAuthProfile);
+  add("--account", opts.account);
+  add("--account-pool", opts.accountPool);
+  add("--worker-account", opts.workerAccount);
+  add("--verifier-account", opts.verifierAccount);
+  add("--account-tool", opts.accountTool);
+  add("--model", opts.model);
+  add("--variant", opts.variant);
+  add("--agent", opts.agent);
+  add("--permission-mode", opts.permissionMode);
+  add("--sandbox", opts.sandbox);
+  addBool("--manual-break-glass", opts.manualBreakGlass);
+  add("--project-path", opts.projectPath);
+  add("--project-group", opts.projectGroup);
+  add("--max-active", opts.maxActive);
+  add("--max-active-per-project", opts.maxActivePerProject);
+  add("--max-active-per-project-group", opts.maxActivePerProjectGroup);
+  add("--worktree-mode", opts.worktreeMode);
+  add("--worktree-root", opts.worktreeRoot);
+  add("--worktree-branch-prefix", opts.worktreeBranchPrefix);
+  add("--name-prefix", opts.namePrefix);
+  addBool("--preflight", opts.preflight);
+  return args;
+}
+function drainTodosTaskRoutes(opts) {
+  const maxDispatch = positiveInteger(opts.maxDispatch ?? "1", "--max-dispatch") ?? 1;
+  const todosProject = opts.todosProject ?? defaultLoopsProject();
+  const requiredTags = splitList(opts.tags ?? opts.tag) ?? [];
+  const taskListFilter = resolveTaskListFilter(todosProject, opts.taskList);
+  const candidateLimit = positiveInteger(opts.limit ?? "50", "--limit") ?? 50;
+  const hasPostFilters = Boolean(opts.todosProjectId || taskListFilter || opts.projectPathPrefix || requiredTags.length);
+  const defaultScanLimit = hasPostFilters ? Math.max(candidateLimit, 500) : candidateLimit;
+  const scanLimit = positiveInteger(opts.scanLimit ?? String(defaultScanLimit), "--scan-limit") ?? defaultScanLimit;
+  const ready = loadReadyTodosTasks(opts, scanLimit);
+  const filteredCandidates = ready.filter((task) => taskMatchesDrainFilters(task, {
+    projectId: opts.todosProjectId,
+    taskListId: taskListFilter,
+    projectPathPrefix: opts.projectPathPrefix,
+    tags: requiredTags
+  }));
+  const candidates = filteredCandidates.slice(0, candidateLimit);
+  const results = [];
+  let created = 0;
+  for (const task of candidates) {
+    if (created >= maxDispatch)
+      break;
+    const event = taskDrainEvent(task);
+    const result = routeTodosTaskEvent(event, opts);
+    results.push(result);
+    if (result.kind === "created" && !opts.dryRun)
+      created += 1;
+    if (result.kind === "created" && opts.dryRun)
+      created += 1;
+  }
+  const report = {
+    drainedAt: new Date().toISOString(),
+    todosProject,
+    todosProjectId: opts.todosProjectId,
+    taskList: opts.taskList,
+    taskListId: taskListFilter,
+    projectPathPrefix: opts.projectPathPrefix,
+    tags: requiredTags,
+    limit: candidateLimit,
+    scanLimit,
+    filtersApplied: hasPostFilters,
+    scanned: ready.length,
+    candidates: candidates.length,
+    filteredCandidates: filteredCandidates.length,
+    scanExhausted: ready.length >= scanLimit && filteredCandidates.length < candidateLimit,
+    considered: results.length,
+    created: results.filter((result) => result.kind === "created" && !result.value.deduped).length,
+    deduped: results.filter((result) => result.kind === "deduped").length,
+    throttled: results.filter((result) => result.kind === "throttled").length,
+    skipped: results.filter((result) => result.kind === "skipped").length,
+    maxDispatch,
+    source: "todos ready",
+    dryRun: Boolean(opts.dryRun),
+    results: results.map((result) => ({ kind: result.kind, ...result.value }))
+  };
+  const evidencePath = writeRouteEvidence("todos-task-drain", report, opts.evidenceDir);
+  const output = opts.compact ? {
+    drainedAt: report.drainedAt,
+    todosProject: report.todosProject,
+    todosProjectId: report.todosProjectId,
+    taskList: report.taskList,
+    taskListId: report.taskListId,
+    projectPathPrefix: report.projectPathPrefix,
+    tags: report.tags,
+    limit: report.limit,
+    scanLimit: report.scanLimit,
+    filtersApplied: report.filtersApplied,
+    scanned: report.scanned,
+    candidates: report.candidates,
+    filteredCandidates: report.filteredCandidates,
+    scanExhausted: report.scanExhausted,
+    considered: report.considered,
+    created: report.created,
+    deduped: report.deduped,
+    throttled: report.throttled,
+    skipped: report.skipped,
+    maxDispatch: report.maxDispatch,
+    source: report.source,
+    dryRun: report.dryRun,
+    evidencePath,
+    results: results.map(compactDrainResult)
+  } : { ...report, evidencePath };
+  print(output, `drained todos ready queue: considered=${report.considered} created=${report.created} deduped=${report.deduped} throttled=${report.throttled} skipped=${report.skipped}`);
+}
 templates.command("list").alias("ls").description("list built-in OpenLoops templates").action(() => {
   const values = listLoopTemplates();
   if (isJson())
@@ -7152,14 +8300,102 @@ templates.command("create-workflow <id>").description("render and store a templa
     store.close();
   }
 });
+routes.command("list").description("list admission work items").option("--status <status>", "filter by work item status").option("--route-key <key>", "filter by route key").option("--limit <n>", "maximum rows", "50").action((opts) => {
+  const store = new Store;
+  try {
+    const items = store.listWorkflowWorkItems({
+      status: opts.status,
+      routeKey: opts.routeKey,
+      limit: positiveInteger(opts.limit, "--limit") ?? 50
+    });
+    if (isJson())
+      print(items.map(publicWorkflowWorkItem));
+    else {
+      for (const item of items) {
+        console.log(`${item.id} ${item.status.padEnd(10)} ${item.routeKey} ${item.subjectRef} ${item.loopId ?? "-"}`);
+      }
+    }
+  } finally {
+    store.close();
+  }
+});
+routes.command("show <id>").description("show one admission work item").action((id) => {
+  const store = new Store;
+  try {
+    const item = store.getWorkflowWorkItem(id);
+    if (!item)
+      throw new Error(`route work item not found: ${id}`);
+    const invocation = store.getWorkflowInvocation(item.invocationId);
+    const workflow = item.workflowId ? store.getWorkflow(item.workflowId) : undefined;
+    const loop = item.loopId ? store.getLoop(item.loopId) : undefined;
+    print({
+      item: publicWorkflowWorkItem(item),
+      invocation: invocation ? publicWorkflowInvocation(invocation) : undefined,
+      workflow: workflow ? publicWorkflow(workflow) : undefined,
+      loop: loop ? publicLoop(loop) : undefined
+    }, `${item.id} ${item.status} ${item.routeKey} ${item.subjectRef}`);
+  } finally {
+    store.close();
+  }
+});
+routes.command("invocations").description("list workflow invocations").option("--limit <n>", "maximum rows", "50").action((opts) => {
+  const store = new Store;
+  try {
+    const invocations = store.listWorkflowInvocations({ limit: positiveInteger(opts.limit, "--limit") ?? 50 });
+    if (isJson())
+      print(invocations.map(publicWorkflowInvocation));
+    else {
+      for (const invocation of invocations) {
+        console.log(`${invocation.id} ${invocation.intent.padEnd(8)} ${invocation.sourceRef.kind}:${invocation.sourceRef.id ?? "-"} -> ${invocation.subjectRef.kind}:${invocation.subjectRef.id ?? invocation.subjectRef.path ?? "-"}`);
+      }
+    }
+  } finally {
+    store.close();
+  }
+});
+addRouteEventOptions(routes.command("preview <kind>").description("preview a route-created workflow invocation without storing it")).action(async (kind, opts) => {
+  const event = await readEventEnvelopeInput(opts);
+  const result = routeEventByKind(kind, event, { ...opts, dryRun: true });
+  print(result.value, result.human);
+});
+addRouteEventOptions(routes.command("create <kind>").description("create a route workflow invocation and admit it when capacity allows")).action(async (kind, opts) => {
+  const event = await readEventEnvelopeInput(opts);
+  const result = routeEventByKind(kind, event, { ...opts, dryRun: false });
+  print(result.value, result.human);
+});
+addTodosDrainOptions(routes.command("drain <kind>").description("drain a durable source queue into bounded route workflow loops")).action((kind, opts) => {
+  if (kind !== "todos-task")
+    throw new Error("route drain currently supports kind todos-task");
+  drainTodosTaskRoutes(opts);
+});
+addScheduleOptions(addTodosDrainOptions(routes.command("schedule <kind> <name>").description("schedule a deterministic route drain loop"))).action((kind, name, opts) => {
+  if (kind !== "todos-task")
+    throw new Error("route schedule currently supports kind todos-task");
+  const store = new Store;
+  try {
+    const target = {
+      type: "command",
+      command: "loops",
+      args: ["--json", ...routeDrainArgs({ ...opts, compact: opts.compact ?? true })],
+      timeoutMs: parseDuration("20m"),
+      preflight: runtimePreflightFromOpts(opts)
+    };
+    const input = baseCreateInput(name, opts, target);
+    const preflight = opts.preflight ? preflightLoopTarget(input.target, { name, type: "route-drain", kind }, { loopName: name }, { machine: input.machine }) : undefined;
+    const loop = store.createLoop(input);
+    printCreatedLoop(loop, `created route drain loop ${loop.id} (${loop.name}) next=${loop.nextRunAt}`, preflight);
+  } finally {
+    store.close();
+  }
+});
 var eventsHandle = events.command("handle").description("handle a Hasna event envelope");
-eventsHandle.command("todos-task").description("create a one-shot worker/verifier workflow loop for a todos task event").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated task worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:todos-task").option("--preflight", "check generated workflow steps before storing the workflow loop").option("--dry-run", "print the workflow and loop input without storing anything").action(async (opts) => {
+eventsHandle.command("todos-task").description("create a one-shot worker/verifier workflow loop for a todos task event").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--manual-break-glass", "allow danger-full-access in generated worker/verifier workflow metadata; for explicit operator emergency use only").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated task worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:todos-task").option("--preflight", "check generated workflow steps before storing the workflow loop").option("--dry-run", "print the workflow and loop input without storing anything").action(async (opts) => {
   const event = await readEventEnvelopeFromStdin();
   const result = routeTodosTaskEvent(event, opts);
   print(result.value, result.human);
 });
 var eventsDrain = events.command("drain").description("drain durable source queues into bounded OpenLoops workflows");
-eventsDrain.command("todos-task").description("drain ready todos tasks into bounded worker/verifier workflow loops").option("--todos-project <path>", "todos storage project path", defaultLoopsProject()).option("--todos-project-id <id>", "filter todos ready output to one todos project id").option("--task-list <id-or-slug>", "filter ready tasks to one task-list id, slug, or name").option("--project-path-prefix <path>", "filter ready tasks to a project/repo path prefix").option("--tags <tags>", "require all comma-separated tags before routing").option("--tag <tags>", "alias for --tags").option("--limit <n>", "maximum filtered ready-task candidates to consider", "50").option("--scan-limit <n>", "maximum raw todos ready rows to fetch before filters; defaults to 500 when filters are used").option("--max-dispatch <n>", "maximum new workflow loops to create in this drain run", "1").option("--evidence-dir <path>", "write a JSON drain report to this directory").option("--compact", "print compact JSON to stdout while preserving the full evidence file").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated task worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:todos-task").option("--preflight", "check generated workflow steps before storing workflow loops").option("--dry-run", "preview selected tasks and generated workflow loops without storing anything").action((opts) => {
+eventsDrain.command("todos-task").description("drain ready todos tasks into bounded worker/verifier workflow loops").option("--todos-project <path>", "todos storage project path", defaultLoopsProject()).option("--todos-project-id <id>", "filter todos ready output to one todos project id").option("--task-list <id-or-slug>", "filter ready tasks to one task-list id, slug, or name").option("--project-path-prefix <path>", "filter ready tasks to a project/repo path prefix").option("--tags <tags>", "require all comma-separated tags before routing").option("--tag <tags>", "alias for --tags").option("--limit <n>", "maximum filtered ready-task candidates to consider", "50").option("--scan-limit <n>", "maximum raw todos ready rows to fetch before filters; defaults to 500 when filters are used").option("--max-dispatch <n>", "maximum new workflow loops to create in this drain run", "1").option("--evidence-dir <path>", "write a JSON drain report to this directory").option("--compact", "print compact JSON to stdout while preserving the full evidence file").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--manual-break-glass", "allow danger-full-access in generated worker/verifier workflow metadata; for explicit operator emergency use only").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated task worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:todos-task").option("--preflight", "check generated workflow steps before storing workflow loops").option("--dry-run", "preview selected tasks and generated workflow loops without storing anything").action((opts) => {
   const maxDispatch = positiveInteger(opts.maxDispatch ?? "1", "--max-dispatch") ?? 1;
   const todosProject = opts.todosProject ?? defaultLoopsProject();
   const requiredTags = splitList(opts.tags ?? opts.tag) ?? [];
@@ -7243,7 +8479,7 @@ eventsDrain.command("todos-task").description("drain ready todos tasks into boun
   } : { ...report, evidencePath };
   print(output, `drained todos ready queue: considered=${report.considered} created=${report.created} deduped=${report.deduped} throttled=${report.throttled} skipped=${report.skipped}`);
 });
-eventsHandle.command("generic").description("create a one-shot worker/verifier workflow loop for any Hasna event").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated event worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:generic").option("--preflight", "check generated workflow steps before storing the workflow loop").option("--dry-run", "print the workflow and loop input without storing anything").action(async (opts) => {
+eventsHandle.command("generic").description("create a one-shot worker/verifier workflow loop for any Hasna event").option("--provider <provider>", "agent provider", "codewith").option("--auth-profile <profile>", "provider-native auth profile; currently supported for codewith").option("--auth-profile-pool <profiles>", "comma-separated provider-native auth profile pool").option("--worker-auth-profile <profile>", "provider-native auth profile for worker step").option("--verifier-auth-profile <profile>", "provider-native auth profile for verifier step").option("--account <profile>", "OpenAccounts profile name").option("--account-pool <profiles>", "comma-separated OpenAccounts profile pool").option("--worker-account <profile>", "OpenAccounts profile for worker step").option("--verifier-account <profile>", "OpenAccounts profile for verifier step").option("--account-tool <tool>", "OpenAccounts tool id").option("--model <model>", "provider model").option("--variant <variant>", "provider-specific model variant or reasoning effort").option("--agent <agent>", "provider-specific agent").option("--permission-mode <mode>", "provider permission mode: default, plan, auto, or bypass", "bypass").option("--sandbox <mode>", "provider sandbox").option("--manual-break-glass", "allow danger-full-access in generated worker/verifier workflow metadata; for explicit operator emergency use only").option("--project-path <path>", "fallback project/repo working directory").option("--project-group <name>", "optional project group for concurrency limits").option("--max-active <n>", "skip creating a workflow when this many active routed workflows already exist globally").option("--max-active-per-project <n>", "skip creating a workflow when this many active routed workflows already exist for the project").option("--max-active-per-project-group <n>", "skip creating a workflow when this many active routed workflows already exist for the project group").option("--worktree-mode <mode>", "worktree isolation mode: auto, required, off, or main", "auto").option("--worktree-root <path>", "base directory for OpenLoops-managed git worktrees").option("--worktree-branch-prefix <prefix>", "branch prefix for generated event worktrees", "openloops").option("--name-prefix <prefix>", "workflow/loop name prefix", "event:generic").option("--preflight", "check generated workflow steps before storing the workflow loop").option("--dry-run", "print the workflow and loop input without storing anything").action(async (opts) => {
   const event = await readEventEnvelopeFromStdin();
   const data = eventData(event);
   const metadata = eventMetadata(event);
@@ -7256,19 +8492,7 @@ eventsHandle.command("generic").description("create a one-shot worker/verifier w
   const type = slugSegment2(event.type, "type");
   const workflowName = `${opts.namePrefix}:${source}:${type}:${eventSuffix}:workflow`;
   const loopName = `${opts.namePrefix}:${source}:${type}:${eventSuffix}:run`;
-  if (!opts.dryRun) {
-    const store2 = new Store;
-    try {
-      const existingLoop = store2.findLoopByName(loopName);
-      if (existingLoop) {
-        const existingWorkflow = existingLoop.target.type === "workflow" ? store2.getWorkflow(existingLoop.target.workflowId) : undefined;
-        print({ deduped: true, event, workflow: existingWorkflow ? publicWorkflow(existingWorkflow) : undefined, loop: publicLoop(existingLoop) }, `deduped existing loop ${existingLoop.id} (${existingLoop.name})`);
-        return;
-      }
-    } finally {
-      store2.close();
-    }
-  }
+  const idempotencyKey = `generic-event:${event.source}:${event.type}:${event.id}`;
   const provider = opts.provider;
   if (!["claude", "cursor", "codewith", "aicopilot", "opencode", "codex"].includes(provider))
     throw new Error("unsupported provider");
@@ -7299,17 +8523,60 @@ eventsHandle.command("generic").description("create a one-shot worker/verifier w
     agent: opts.agent,
     permissionMode,
     sandbox,
+    manualBreakGlass: Boolean(opts.manualBreakGlass),
     worktreeMode: opts.worktreeMode,
     worktreeRoot: opts.worktreeRoot,
     worktreeBranchPrefix: opts.worktreeBranchPrefix
   });
   workflowBody.name = workflowName;
   workflowBody.description = `Event-triggered worker/verifier workflow for ${event.source}/${event.type}; project=${projectPath}; projectGroup=${projectGroup ?? "-"}`;
+  const sandboxPreflight = generatedRouteSandboxPreflight(workflowBody);
+  const invocationInput = {
+    templateId: "event-worker-verifier",
+    sourceRef: {
+      kind: "event",
+      id: event.id,
+      dedupeKey: idempotencyKey,
+      raw: { source: event.source, type: event.type }
+    },
+    subjectRef: {
+      kind: "event",
+      id: stringField(event.subject) ?? event.id,
+      path: routeProjectPath,
+      raw: { message: stringField(event.message) }
+    },
+    intent: "route",
+    scope: {
+      projectPath: routeProjectPath,
+      projectGroup,
+      worktreePolicy: opts.worktreeMode ?? "auto",
+      permissions: permissionMode,
+      manualBreakGlass: Boolean(opts.manualBreakGlass),
+      accountPolicy: opts.authProfilePool || opts.accountPool ? "pool" : "single",
+      concurrencyGroup: projectGroup ?? routeProjectPath
+    },
+    outputPolicy: {
+      report: "always",
+      createTask: "on_failure"
+    }
+  };
+  const workItemInput = {
+    routeKey: "generic-event",
+    idempotencyKey,
+    invocationId: "<created-invocation-id>",
+    sourceType: event.type,
+    sourceRef: event.id,
+    subjectRef: stringField(event.subject) ?? event.id,
+    projectKey: routeProjectPath,
+    projectGroup,
+    priority: 0,
+    status: "queued"
+  };
   const loopInput = {
     name: loopName,
-    description: `Run ${workflowBody.name} once for event ${event.id}`,
+    description: `Run ${workflowBody.name} once for event ${event.id}; idempotency=${idempotencyKey}`,
     schedule: { type: "once", at: new Date(Date.now() + 1000).toISOString() },
-    target: { type: "workflow", workflowId: "<created-workflow-id>" },
+    target: { type: "workflow", workflowId: "<created-workflow-id>", input: {} },
     overlap: "skip",
     maxAttempts: 1,
     retryDelayMs: 60000,
@@ -7322,44 +8589,92 @@ eventsHandle.command("generic").description("create a one-shot worker/verifier w
       type: "generic-event-workflow",
       event: event.id
     }, {}) : undefined;
-    print({ event, workflow: workflowBody, loop: loopInput, throttle, preflight }, `dry-run ${loopName}`);
+    print({ event, idempotencyKey, invocation: invocationInput, workItem: workItemInput, workflow: workflowBody, loop: loopInput, throttle, sandboxPreflight, preflight }, `dry-run ${loopName}`);
     return;
   }
   const store = new Store;
   try {
     const existingWorkflowForPreflight = store.findWorkflowByName(workflowBody.name);
     const workflowPreflightSpec = existingWorkflowForPreflight ?? workflowSpecForPreflight(workflowBody, "event-preflight");
+    generatedRouteSandboxPreflight(workflowPreflightSpec);
     const preflight = opts.preflight ? preflightStoredWorkflow(workflowPreflightSpec, {
       name: workflowBody.name,
       type: "generic-event-workflow",
       event: event.id
     }, {}) : undefined;
     const outcome = store.writeTransaction(() => {
-      const existingLoop = store.findLoopByName(loopName);
-      if (existingLoop) {
-        const existingWorkflow2 = existingLoop.target.type === "workflow" ? store.getWorkflow(existingLoop.target.workflowId) : undefined;
-        return { kind: "deduped", existingLoop, existingWorkflow: existingWorkflow2 };
+      const invocation = store.createWorkflowInvocation(invocationInput);
+      const existingItem = store.findWorkflowWorkItem("generic-event", idempotencyKey);
+      if (existingItem?.loopId && ["admitted", "running", "succeeded"].includes(existingItem.status)) {
+        const existingLoop = store.getLoop(existingItem.loopId);
+        const existingWorkflow2 = existingItem.workflowId ? store.getWorkflow(existingItem.workflowId) : undefined;
+        return { kind: "deduped", existingItem, existingLoop, existingWorkflow: existingWorkflow2, invocation };
       }
       const throttle = hasThrottleLimits(throttleLimits) ? routeThrottleDecision(store, { projectPath: routeProjectPath, projectGroup, limits: throttleLimits }) : undefined;
+      const workItem = store.upsertWorkflowWorkItem({
+        ...workItemInput,
+        invocationId: invocation.id,
+        status: throttle && !throttle.allowed ? "deferred" : "queued",
+        lastReason: throttle && !throttle.allowed ? throttle.reason : undefined
+      });
       if (throttle && !throttle.allowed)
-        return { kind: "throttled", throttle };
+        return { kind: "throttled", invocation, workItem, throttle };
       const existingWorkflow = store.findWorkflowByName(workflowBody.name);
       const workflow = existingWorkflow ?? store.createWorkflow(workflowBody);
       const loop = store.createLoop({
         ...loopInput,
-        target: { type: "workflow", workflowId: workflow.id }
+        target: {
+          type: "workflow",
+          workflowId: workflow.id,
+          input: {
+            workflowInvocationId: invocation.id,
+            workflowWorkItemId: workItem.id
+          }
+        }
       });
-      return { kind: "created", workflow, loop, throttle };
+      const admitted = store.admitWorkflowWorkItem(workItem.id, { workflowId: workflow.id, loopId: loop.id, reason: "admitted by generic-event route" });
+      return { kind: "created", invocation, workItem: admitted, workflow, loop, throttle };
     });
     if (outcome.kind === "deduped") {
-      print({ deduped: true, event, workflow: outcome.existingWorkflow ? publicWorkflow(outcome.existingWorkflow) : undefined, loop: publicLoop(outcome.existingLoop) }, `deduped existing loop ${outcome.existingLoop.id} (${outcome.existingLoop.name})`);
+      print({
+        deduped: true,
+        idempotencyKey,
+        dedupedBy: "work-item",
+        event,
+        invocation: publicWorkflowInvocation(outcome.invocation),
+        workItem: publicWorkflowWorkItem(outcome.existingItem),
+        workflow: outcome.existingWorkflow ? publicWorkflow(outcome.existingWorkflow) : undefined,
+        loop: outcome.existingLoop ? publicLoop(outcome.existingLoop) : undefined
+      }, `deduped existing work item ${outcome.existingItem.id} for event=${event.id} idempotency=${idempotencyKey}`);
       return;
     }
     if (outcome.kind === "throttled") {
-      print({ skipped: true, queuedAtSource: true, reason: outcome.throttle.reason, event, throttle: outcome.throttle, workflow: workflowBody, loop: loopInput }, `skipped event ${event.id}: ${outcome.throttle.reason}`);
+      print({
+        skipped: true,
+        queuedAtSource: true,
+        reason: outcome.throttle.reason,
+        idempotencyKey,
+        event,
+        invocation: publicWorkflowInvocation(outcome.invocation),
+        workItem: publicWorkflowWorkItem(outcome.workItem),
+        throttle: outcome.throttle,
+        workflow: workflowBody,
+        loop: loopInput
+      }, `skipped event ${event.id}: ${outcome.throttle.reason}`);
       return;
     }
-    print({ deduped: false, event, workflow: publicWorkflow(outcome.workflow), loop: publicLoop(outcome.loop), throttle: outcome.throttle, preflight }, `created ${outcome.loop.id} (${outcome.loop.name}) workflow=${outcome.workflow.name}`);
+    print({
+      deduped: false,
+      idempotencyKey,
+      event,
+      invocation: publicWorkflowInvocation(outcome.invocation),
+      workItem: publicWorkflowWorkItem(outcome.workItem),
+      workflow: publicWorkflow(outcome.workflow),
+      loop: publicLoop(outcome.loop),
+      throttle: outcome.throttle,
+      sandboxPreflight,
+      preflight
+    }, `created ${outcome.loop.id} (${outcome.loop.name}) workflow=${outcome.workflow.name} event=${event.id} idempotency=${idempotencyKey}`);
   } finally {
     store.close();
   }