@hasna/todos 0.11.40 → 0.11.41

package/dist/storage.js

@@ -974,6 +974,141 @@ var init_migrations = __esm(() => {
   CREATE INDEX IF NOT EXISTS idx_api_keys_prefix ON api_keys(prefix);
   CREATE INDEX IF NOT EXISTS idx_api_keys_active ON api_keys(revoked_at, expires_at);
   INSERT OR IGNORE INTO _migrations (id) VALUES (50);
+  `,
+    `
+  CREATE TABLE IF NOT EXISTS task_git_refs (
+    id TEXT PRIMARY KEY,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    ref_type TEXT NOT NULL CHECK(ref_type IN ('branch', 'pull_request')),
+    name TEXT NOT NULL,
+    url TEXT,
+    provider TEXT,
+    metadata TEXT DEFAULT '{}',
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+    UNIQUE(task_id, ref_type, name)
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_git_refs_task ON task_git_refs(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_git_refs_lookup ON task_git_refs(ref_type, name);
+  CREATE INDEX IF NOT EXISTS idx_task_git_refs_url ON task_git_refs(url);
+
+  CREATE TABLE IF NOT EXISTS task_verifications (
+    id TEXT PRIMARY KEY,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    command TEXT NOT NULL,
+    status TEXT NOT NULL DEFAULT 'unknown' CHECK(status IN ('passed', 'failed', 'unknown')),
+    output_summary TEXT,
+    artifact_path TEXT,
+    agent_id TEXT,
+    run_at TEXT NOT NULL DEFAULT (datetime('now')),
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_verifications_task ON task_verifications(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_verifications_status ON task_verifications(status);
+  INSERT OR IGNORE INTO _migrations (id) VALUES (51);
+  `,
+    `
+  CREATE TABLE IF NOT EXISTS task_runs (
+    id TEXT PRIMARY KEY,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    agent_id TEXT,
+    title TEXT,
+    status TEXT NOT NULL DEFAULT 'running' CHECK(status IN ('running', 'completed', 'failed', 'cancelled')),
+    summary TEXT,
+    metadata TEXT DEFAULT '{}',
+    started_at TEXT NOT NULL DEFAULT (datetime('now')),
+    completed_at TEXT,
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_runs_task ON task_runs(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_runs_agent ON task_runs(agent_id);
+  CREATE INDEX IF NOT EXISTS idx_task_runs_status ON task_runs(status);
+  CREATE INDEX IF NOT EXISTS idx_task_runs_started ON task_runs(started_at);
+
+  CREATE TABLE IF NOT EXISTS task_run_events (
+    id TEXT PRIMARY KEY,
+    run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    event_type TEXT NOT NULL CHECK(event_type IN ('started', 'progress', 'claim', 'comment', 'command', 'file', 'artifact', 'completed', 'failed', 'cancelled')),
+    message TEXT,
+    data TEXT DEFAULT '{}',
+    agent_id TEXT,
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_run_events_run ON task_run_events(run_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_events_task ON task_run_events(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_events_type ON task_run_events(event_type);
+
+  CREATE TABLE IF NOT EXISTS task_run_commands (
+    id TEXT PRIMARY KEY,
+    run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    command TEXT NOT NULL,
+    status TEXT NOT NULL DEFAULT 'unknown' CHECK(status IN ('passed', 'failed', 'unknown')),
+    exit_code INTEGER,
+    output_summary TEXT,
+    artifact_path TEXT,
+    agent_id TEXT,
+    started_at TEXT,
+    completed_at TEXT,
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_run_commands_run ON task_run_commands(run_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_commands_task ON task_run_commands(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_commands_status ON task_run_commands(status);
+
+  CREATE TABLE IF NOT EXISTS task_run_artifacts (
+    id TEXT PRIMARY KEY,
+    run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+    task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+    path TEXT NOT NULL,
+    artifact_type TEXT,
+    description TEXT,
+    size_bytes INTEGER,
+    sha256 TEXT,
+    metadata TEXT DEFAULT '{}',
+    agent_id TEXT,
+    created_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_run ON task_run_artifacts(run_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_task ON task_run_artifacts(task_id);
+  CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_path ON task_run_artifacts(path);
+  INSERT OR IGNORE INTO _migrations (id) VALUES (52);
+  `,
+    `
+  CREATE TABLE IF NOT EXISTS inbox_items (
+    id TEXT PRIMARY KEY,
+    task_id TEXT REFERENCES tasks(id) ON DELETE SET NULL,
+    source_type TEXT NOT NULL CHECK(source_type IN ('pasted_error', 'ci_log', 'git_context', 'github_issue', 'file', 'other')),
+    source_name TEXT,
+    source_url TEXT,
+    title TEXT NOT NULL,
+    body TEXT,
+    fingerprint TEXT NOT NULL UNIQUE,
+    status TEXT NOT NULL DEFAULT 'triaged' CHECK(status IN ('new', 'triaged', 'ignored')),
+    metadata TEXT DEFAULT '{}',
+    created_at TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+  );
+  CREATE INDEX IF NOT EXISTS idx_inbox_items_task ON inbox_items(task_id);
+  CREATE INDEX IF NOT EXISTS idx_inbox_items_source ON inbox_items(source_type, source_name);
+  CREATE INDEX IF NOT EXISTS idx_inbox_items_status ON inbox_items(status);
+  INSERT OR IGNORE INTO _migrations (id) VALUES (53);
+  `,
+    `
+  ALTER TABLE handoffs ADD COLUMN session_id TEXT;
+  ALTER TABLE handoffs ADD COLUMN task_ids TEXT;
+  ALTER TABLE handoffs ADD COLUMN relevant_files TEXT;
+  ALTER TABLE handoffs ADD COLUMN run_ids TEXT;
+  CREATE TABLE IF NOT EXISTS handoff_acknowledgements (
+    handoff_id TEXT NOT NULL REFERENCES handoffs(id) ON DELETE CASCADE,
+    agent_id TEXT NOT NULL,
+    acknowledged_at TEXT NOT NULL DEFAULT (datetime('now')),
+    PRIMARY KEY (handoff_id, agent_id)
+  );
+  CREATE INDEX IF NOT EXISTS idx_handoff_acks_agent ON handoff_acknowledgements(agent_id, acknowledged_at);
+  INSERT OR IGNORE INTO _migrations (id) VALUES (54);
   `
   ];
 });
@@ -1058,6 +1193,17 @@ function ensureSchema(db) {
       task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
       tag TEXT NOT NULL, PRIMARY KEY (task_id, tag)
     )`);
+  ensureTable("task_dependencies", `
+    CREATE TABLE task_dependencies (
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      depends_on TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      external_project_id TEXT,
+      external_task_id TEXT,
+      PRIMARY KEY (task_id, depends_on),
+      CHECK (task_id != depends_on)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_dependencies_task ON task_dependencies(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_dependencies_depends_on ON task_dependencies(depends_on)");
   ensureTable("task_history", `
     CREATE TABLE task_history (
       id TEXT PRIMARY KEY, task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
@@ -1115,6 +1261,30 @@ function ensureSchema(db) {
       created_at TEXT NOT NULL DEFAULT (datetime('now')),
       updated_at TEXT NOT NULL DEFAULT (datetime('now'))
     )`);
+  ensureTable("handoffs", `
+    CREATE TABLE handoffs (
+      id TEXT PRIMARY KEY,
+      agent_id TEXT,
+      project_id TEXT REFERENCES projects(id) ON DELETE SET NULL,
+      session_id TEXT,
+      summary TEXT NOT NULL,
+      completed TEXT,
+      in_progress TEXT,
+      blockers TEXT,
+      next_steps TEXT,
+      task_ids TEXT,
+      relevant_files TEXT,
+      run_ids TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureTable("handoff_acknowledgements", `
+    CREATE TABLE handoff_acknowledgements (
+      handoff_id TEXT NOT NULL REFERENCES handoffs(id) ON DELETE CASCADE,
+      agent_id TEXT NOT NULL,
+      acknowledged_at TEXT NOT NULL DEFAULT (datetime('now')),
+      PRIMARY KEY (handoff_id, agent_id)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_handoff_acks_agent ON handoff_acknowledgements(agent_id, acknowledged_at)");
   ensureTable("task_relationships", `
     CREATE TABLE task_relationships (
       id TEXT PRIMARY KEY,
@@ -1126,6 +1296,121 @@ function ensureSchema(db) {
       created_at TEXT NOT NULL DEFAULT (datetime('now')),
       CHECK (source_task_id != target_task_id)
     )`);
+  ensureTable("task_git_refs", `
+    CREATE TABLE task_git_refs (
+      id TEXT PRIMARY KEY,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      ref_type TEXT NOT NULL CHECK(ref_type IN ('branch', 'pull_request')),
+      name TEXT NOT NULL,
+      url TEXT,
+      provider TEXT,
+      metadata TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(task_id, ref_type, name)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_task ON task_git_refs(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_lookup ON task_git_refs(ref_type, name)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_url ON task_git_refs(url)");
+  ensureTable("task_verifications", `
+    CREATE TABLE task_verifications (
+      id TEXT PRIMARY KEY,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      command TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'unknown' CHECK(status IN ('passed', 'failed', 'unknown')),
+      output_summary TEXT,
+      artifact_path TEXT,
+      agent_id TEXT,
+      run_at TEXT NOT NULL DEFAULT (datetime('now')),
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_verifications_task ON task_verifications(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_verifications_status ON task_verifications(status)");
+  ensureTable("task_runs", `
+    CREATE TABLE task_runs (
+      id TEXT PRIMARY KEY,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      agent_id TEXT,
+      title TEXT,
+      status TEXT NOT NULL DEFAULT 'running' CHECK(status IN ('running', 'completed', 'failed', 'cancelled')),
+      summary TEXT,
+      metadata TEXT DEFAULT '{}',
+      started_at TEXT NOT NULL DEFAULT (datetime('now')),
+      completed_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_runs_task ON task_runs(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_runs_agent ON task_runs(agent_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_runs_status ON task_runs(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_runs_started ON task_runs(started_at)");
+  ensureTable("task_run_events", `
+    CREATE TABLE task_run_events (
+      id TEXT PRIMARY KEY,
+      run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      event_type TEXT NOT NULL CHECK(event_type IN ('started', 'progress', 'claim', 'comment', 'command', 'file', 'artifact', 'completed', 'failed', 'cancelled')),
+      message TEXT,
+      data TEXT DEFAULT '{}',
+      agent_id TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_events_run ON task_run_events(run_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_events_task ON task_run_events(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_events_type ON task_run_events(event_type)");
+  ensureTable("task_run_commands", `
+    CREATE TABLE task_run_commands (
+      id TEXT PRIMARY KEY,
+      run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      command TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'unknown' CHECK(status IN ('passed', 'failed', 'unknown')),
+      exit_code INTEGER,
+      output_summary TEXT,
+      artifact_path TEXT,
+      agent_id TEXT,
+      started_at TEXT,
+      completed_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_commands_run ON task_run_commands(run_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_commands_task ON task_run_commands(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_commands_status ON task_run_commands(status)");
+  ensureTable("task_run_artifacts", `
+    CREATE TABLE task_run_artifacts (
+      id TEXT PRIMARY KEY,
+      run_id TEXT NOT NULL REFERENCES task_runs(id) ON DELETE CASCADE,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      path TEXT NOT NULL,
+      artifact_type TEXT,
+      description TEXT,
+      size_bytes INTEGER,
+      sha256 TEXT,
+      metadata TEXT DEFAULT '{}',
+      agent_id TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_run ON task_run_artifacts(run_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_task ON task_run_artifacts(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_run_artifacts_path ON task_run_artifacts(path)");
+  ensureTable("inbox_items", `
+    CREATE TABLE inbox_items (
+      id TEXT PRIMARY KEY,
+      task_id TEXT REFERENCES tasks(id) ON DELETE SET NULL,
+      source_type TEXT NOT NULL CHECK(source_type IN ('pasted_error', 'ci_log', 'git_context', 'github_issue', 'file', 'other')),
+      source_name TEXT,
+      source_url TEXT,
+      title TEXT NOT NULL,
+      body TEXT,
+      fingerprint TEXT NOT NULL UNIQUE,
+      status TEXT NOT NULL DEFAULT 'triaged' CHECK(status IN ('new', 'triaged', 'ignored')),
+      metadata TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_inbox_items_task ON inbox_items(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_inbox_items_source ON inbox_items(source_type, source_name)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_inbox_items_status ON inbox_items(status)");
   ensureTable("kg_edges", `
     CREATE TABLE kg_edges (
       id TEXT PRIMARY KEY,
@@ -1287,6 +1572,10 @@ function ensureSchema(db) {
   ensureColumn("orgs", "synced_at", "TEXT");
   ensureColumn("handoffs", "machine_id", "TEXT");
   ensureColumn("handoffs", "synced_at", "TEXT");
+  ensureColumn("handoffs", "session_id", "TEXT");
+  ensureColumn("handoffs", "task_ids", "TEXT");
+  ensureColumn("handoffs", "relevant_files", "TEXT");
+  ensureColumn("handoffs", "run_ids", "TEXT");
   ensureColumn("task_checklists", "machine_id", "TEXT");
   ensureColumn("project_sources", "machine_id", "TEXT");
   ensureColumn("project_sources", "synced_at", "TEXT");
@@ -1531,6 +1820,7 @@ __export(exports_database, {
   now: () => now,
   lockExpiryCutoff: () => lockExpiryCutoff,
   isLockExpired: () => isLockExpired,
+  getDatabasePath: () => getDatabasePath,
   getDatabase: () => getDatabase,
   closeDatabase: () => closeDatabase,
   clearExpiredLocks: () => clearExpiredLocks,
@@ -1592,6 +1882,9 @@ function getDbPath() {
   }
   return newPath;
 }
+function getDatabasePath() {
+  return getDbPath();
+}
 function ensureDir(filePath) {
   if (isInMemoryDb(filePath))
     return;
@@ -1629,12 +1922,12 @@ function now() {
 function uuid() {
   return crypto.randomUUID();
 }
-function isLockExpired(lockedAt) {
+function isLockExpired(lockedAt, nowMs = Date.now()) {
   if (!lockedAt)
     return true;
   const lockTime = new Date(lockedAt).getTime();
   const expiryMs = LOCK_EXPIRY_MINUTES * 60 * 1000;
-  return Date.now() - lockTime > expiryMs;
+  return nowMs - lockTime > expiryMs;
 }
 function lockExpiryCutoff(nowMs = Date.now()) {
   const expiryMs = LOCK_EXPIRY_MINUTES * 60 * 1000;
@@ -2108,6 +2401,644 @@ function checkCompletionGuard(task, agentId, db, configOverride) {
   }
 }
 
+// src/lib/event-hooks.ts
+import { createHash, randomUUID } from "crypto";
+import { appendFileSync, mkdirSync as mkdirSync3 } from "fs";
+import { dirname as dirname3, resolve as resolve4 } from "path";
+import { createConnection } from "net";
+
+// src/lib/redaction.ts
+function redactEvidenceText(value) {
+  return value.replace(/\b(AKIA|ASIA)[0-9A-Z]{16}\b/g, "[REDACTED_AWS_KEY]").replace(/-----BEGIN (?:RSA |EC |OPENSSH |)PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |OPENSSH |)PRIVATE KEY-----/g, "[REDACTED_PRIVATE_KEY]").replace(/\bsk-[A-Za-z0-9_-]{12,}\b/g, "[REDACTED_TOKEN]").replace(/\b([A-Za-z0-9_]*(?:API_KEY|TOKEN|SECRET|PASSWORD)[A-Za-z0-9_]*)\s*=\s*['"]?[^'"\s]{8,}/gi, "$1=[REDACTED]").replace(/\b(bearer)\s+[A-Za-z0-9._~+/=-]{12,}/gi, "$1 [REDACTED]");
+}
+function redactValue(value) {
+  if (typeof value === "string")
+    return redactEvidenceText(value);
+  if (Array.isArray(value))
+    return value.map(redactValue);
+  if (value && typeof value === "object") {
+    const redacted = {};
+    for (const [key, child] of Object.entries(value)) {
+      if (/api[_-]?key|token|secret|password/i.test(key)) {
+        redacted[key] = "[REDACTED]";
+      } else {
+        redacted[key] = redactValue(child);
+      }
+    }
+    return redacted;
+  }
+  return value;
+}
+
+// src/lib/runner-sandbox.ts
+import { relative as relative2, resolve as resolve3 } from "path";
+
+// src/lib/workspace-trust.ts
+import { relative, resolve as resolve2 } from "path";
+var DEFAULT_DENYLIST = ["rm -rf", "mkfs", "dd if=", "curl | sh", "wget | sh"];
+var DEFAULT_ENV_REDACTIONS = ["API_KEY", "TOKEN", "SECRET", "PASSWORD", "AUTH"];
+var PRESET_DEFAULTS = {
+  restricted: {
+    trusted: false,
+    preset: "restricted",
+    command_allowlist: ["todos"],
+    command_denylist: DEFAULT_DENYLIST,
+    tool_permissions: ["read"],
+    write_scopes: [],
+    env_redactions: DEFAULT_ENV_REDACTIONS,
+    require_prompt_for_unsafe: true
+  },
+  readonly: {
+    trusted: false,
+    preset: "readonly",
+    command_allowlist: ["todos", "git status", "git diff", "bun test"],
+    command_denylist: DEFAULT_DENYLIST,
+    tool_permissions: ["read", "list", "search"],
+    write_scopes: [],
+    env_redactions: DEFAULT_ENV_REDACTIONS,
+    require_prompt_for_unsafe: true
+  },
+  standard: {
+    trusted: true,
+    preset: "standard",
+    command_allowlist: ["todos", "git", "bun", "rg"],
+    command_denylist: DEFAULT_DENYLIST,
+    tool_permissions: ["read", "write", "test", "mcp"],
+    write_scopes: ["."],
+    env_redactions: DEFAULT_ENV_REDACTIONS,
+    require_prompt_for_unsafe: true
+  },
+  trusted: {
+    trusted: true,
+    preset: "trusted",
+    command_allowlist: ["*"],
+    command_denylist: DEFAULT_DENYLIST,
+    tool_permissions: ["*"],
+    write_scopes: ["."],
+    env_redactions: DEFAULT_ENV_REDACTIONS,
+    require_prompt_for_unsafe: false
+  }
+};
+function normalizePath(path) {
+  return resolve2(path);
+}
+function unique(values) {
+  return Array.from(new Set((values || []).map((value) => value.trim()).filter(Boolean)));
+}
+function defaultProfile(root, preset) {
+  return {
+    root,
+    ...PRESET_DEFAULTS[preset]
+  };
+}
+function configuredProfiles(config = loadConfig()) {
+  return Object.values(config.workspace_trust || {}).map((profile) => ({ ...profile, root: normalizePath(profile.root) })).sort((a, b) => b.root.length - a.root.length);
+}
+function isPathInside(root, path) {
+  const rel = relative(root, path);
+  return rel === "" || !rel.startsWith("..") && !rel.startsWith("/") && !/^[A-Za-z]:/.test(rel);
+}
+function matchesPattern(value, pattern) {
+  if (pattern === "*")
+    return true;
+  if (pattern.includes("*")) {
+    const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    return new RegExp(`^${escaped}$`, "i").test(value);
+  }
+  return value === pattern || value.startsWith(`${pattern} `) || value.includes(pattern);
+}
+function profileFor(path) {
+  const resolved = normalizePath(path);
+  for (const profile of configuredProfiles()) {
+    if (isPathInside(profile.root, resolved))
+      return { profile, matchedRoot: profile.root };
+  }
+  return { profile: defaultProfile(resolved, "restricted"), matchedRoot: null };
+}
+function listWorkspaceTrustProfiles() {
+  return configuredProfiles();
+}
+function getWorkspaceTrustStatus(path = process.cwd()) {
+  const root = normalizePath(path);
+  const { profile, matchedRoot } = profileFor(root);
+  return {
+    root,
+    trusted: profile.trusted,
+    matched_root: matchedRoot,
+    profile
+  };
+}
+function upsertWorkspaceTrustProfile(input) {
+  const root = normalizePath(input.root);
+  const config = loadConfig();
+  const existing = config.workspace_trust?.[root];
+  const preset = input.preset || existing?.preset || "standard";
+  const presetChanged = Boolean(existing && input.preset && input.preset !== existing.preset);
+  const base = presetChanged ? defaultProfile(root, preset) : existing || defaultProfile(root, preset);
+  const timestamp = new Date().toISOString();
+  const profile = {
+    ...base,
+    ...PRESET_DEFAULTS[preset],
+    root,
+    preset,
+    trusted: input.trusted ?? base.trusted ?? PRESET_DEFAULTS[preset].trusted,
+    command_allowlist: unique(input.command_allowlist ?? base.command_allowlist ?? PRESET_DEFAULTS[preset].command_allowlist),
+    command_denylist: unique(input.command_denylist ?? base.command_denylist ?? PRESET_DEFAULTS[preset].command_denylist),
+    tool_permissions: unique(input.tool_permissions ?? base.tool_permissions ?? PRESET_DEFAULTS[preset].tool_permissions),
+    write_scopes: unique(input.write_scopes ?? base.write_scopes ?? PRESET_DEFAULTS[preset].write_scopes),
+    env_redactions: unique(input.env_redactions ?? base.env_redactions ?? PRESET_DEFAULTS[preset].env_redactions),
+    require_prompt_for_unsafe: input.require_prompt_for_unsafe ?? base.require_prompt_for_unsafe ?? PRESET_DEFAULTS[preset].require_prompt_for_unsafe,
+    created_at: existing?.created_at || timestamp,
+    updated_at: timestamp
+  };
+  saveConfig({
+    ...config,
+    workspace_trust: {
+      ...config.workspace_trust || {},
+      [root]: profile
+    }
+  });
+  return profile;
+}
+function removeWorkspaceTrustProfile(root) {
+  const normalized = normalizePath(root);
+  const config = loadConfig();
+  if (!config.workspace_trust?.[normalized])
+    return false;
+  const next = { ...config.workspace_trust };
+  delete next[normalized];
+  saveConfig({ ...config, workspace_trust: next });
+  return true;
+}
+function writeAllowed(profile, root, writePath) {
+  const target = normalizePath(writePath.startsWith("/") ? writePath : `${root}/${writePath}`);
+  return profile.write_scopes.some((scope) => {
+    const scopeRoot = normalizePath(scope.startsWith("/") ? scope : `${root}/${scope}`);
+    return isPathInside(scopeRoot, target);
+  });
+}
+function redactedEnvKeys(profile, env) {
+  if (!env)
+    return [];
+  const patterns = unique([...DEFAULT_ENV_REDACTIONS, ...profile.env_redactions]).map((item) => item.toUpperCase());
+  return Object.keys(env).filter((key) => patterns.some((pattern) => key.toUpperCase().includes(pattern)));
+}
+function checkWorkspacePermission(input = {}) {
+  const status = getWorkspaceTrustStatus(input.path || process.cwd());
+  const reasons = [];
+  const profile = status.profile;
+  if (!status.matched_root)
+    reasons.push("workspace is not trusted");
+  if (input.command) {
+    if (profile.command_denylist.some((pattern) => matchesPattern(input.command, pattern))) {
+      reasons.push("command matches denylist");
+    } else if (!profile.command_allowlist.some((pattern) => matchesPattern(input.command, pattern))) {
+      reasons.push("command is not in allowlist");
+    }
+  }
+  if (input.tool && !profile.tool_permissions.some((permission) => matchesPattern(input.tool, permission))) {
+    reasons.push("tool permission is not allowed");
+  }
+  if (input.write_path && !writeAllowed(profile, status.matched_root || status.root, input.write_path)) {
+    reasons.push("write path is outside allowed scopes");
+  }
+  const redacted = redactedEnvKeys(profile, input.env);
+  const allowed = reasons.length === 0;
+  return {
+    allowed,
+    requires_prompt: !allowed && profile.require_prompt_for_unsafe,
+    reasons,
+    status,
+    redacted_env_keys: redacted
+  };
+}
+
+// src/lib/runner-sandbox.ts
+var DEFAULT_COMMAND_DENYLIST = ["rm -rf", "mkfs", "dd if=", "curl | sh", "wget | sh"];
+var DEFAULT_ENV_REDACTIONS2 = ["API_KEY", "TOKEN", "SECRET", "PASSWORD", "AUTH"];
+function normalizePath2(path) {
+  return resolve3(path);
+}
+function unique2(values) {
+  return Array.from(new Set((values || []).map((value) => value.trim()).filter(Boolean)));
+}
+function configuredProfiles2(config = loadConfig()) {
+  return Object.values(config.runner_sandboxes || {}).map((profile) => ({
+    ...profile,
+    root: normalizePath2(profile.root),
+    cwd_boundary: normalizePath2(profile.cwd_boundary || profile.root)
+  })).sort((a, b) => a.name.localeCompare(b.name));
+}
+function isPathInside2(root, path) {
+  const rel = relative2(root, path);
+  return rel === "" || !rel.startsWith("..") && !rel.startsWith("/") && !/^[A-Za-z]:/.test(rel);
+}
+function matchesPattern2(value, pattern) {
+  if (pattern === "*")
+    return true;
+  if (pattern.includes("*")) {
+    const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+    return new RegExp(`^${escaped}$`, "i").test(value);
+  }
+  return value === pattern || value.startsWith(`${pattern} `) || value.includes(pattern);
+}
+function resolveFromRoot(root, path) {
+  return normalizePath2(path.startsWith("/") ? path : `${root}/${path}`);
+}
+function defaultProfile2(name, root) {
+  const normalizedRoot = normalizePath2(root);
+  return {
+    name,
+    root: normalizedRoot,
+    command_allowlist: ["todos", "git", "bun"],
+    command_denylist: DEFAULT_COMMAND_DENYLIST,
+    cwd_boundary: normalizedRoot,
+    write_scopes: ["."],
+    env_allowlist: ["PATH", "HOME", "SHELL", "TMPDIR", "TEMP", "TMP", "CI", "NODE_ENV", "BUN_ENV"],
+    env_redactions: DEFAULT_ENV_REDACTIONS2,
+    network_policy: "none",
+    require_approval: true,
+    audit_evidence: true
+  };
+}
+function profileByName(name, path) {
+  const profiles = configuredProfiles2();
+  if (name) {
+    const found = profiles.find((profile) => profile.name === name);
+    if (found)
+      return found;
+    return defaultProfile2(name, path);
+  }
+  const resolved = normalizePath2(path);
+  return profiles.find((profile) => isPathInside2(profile.root, resolved)) || defaultProfile2("default", resolved);
+}
+function redactedEnvKeys2(profile, env) {
+  if (!env)
+    return [];
+  const patterns = unique2([...DEFAULT_ENV_REDACTIONS2, ...profile.env_redactions]).map((item) => item.toUpperCase());
+  return Object.keys(env).filter((key) => patterns.some((pattern) => key.toUpperCase().includes(pattern)));
+}
+function omittedEnvKeys(profile, env) {
+  if (!env)
+    return [];
+  if (profile.env_allowlist.includes("*"))
+    return [];
+  return Object.keys(env).filter((key) => !profile.env_allowlist.some((pattern) => matchesPattern2(key, pattern)));
+}
+function resolveFromCwd(cwd, path) {
+  return normalizePath2(path.startsWith("/") ? path : `${cwd}/${path}`);
+}
+function writeAllowed2(profile, cwd, writePath) {
+  const target = resolveFromCwd(cwd, writePath);
+  return profile.write_scopes.some((scope) => isPathInside2(resolveFromRoot(profile.root, scope), target));
+}
+function listRunnerSandboxProfiles() {
+  return configuredProfiles2();
+}
+function getRunnerSandboxProfile(name, path = process.cwd()) {
+  return profileByName(name, path);
+}
+function upsertRunnerSandboxProfile(input) {
+  const config = loadConfig();
+  const existing = config.runner_sandboxes?.[input.name];
+  const root = normalizePath2(input.root || existing?.root || process.cwd());
+  const base = existing || defaultProfile2(input.name, root);
+  const timestamp = new Date().toISOString();
+  const profile = {
+    ...base,
+    name: input.name,
+    root,
+    command_allowlist: unique2(input.command_allowlist ?? base.command_allowlist),
+    command_denylist: unique2(input.command_denylist ?? base.command_denylist),
+    cwd_boundary: normalizePath2(input.cwd_boundary || base.cwd_boundary || root),
+    write_scopes: unique2(input.write_scopes ?? base.write_scopes),
+    env_allowlist: unique2(input.env_allowlist ?? base.env_allowlist),
+    env_redactions: unique2(input.env_redactions ?? base.env_redactions),
+    network_policy: input.network_policy || base.network_policy,
+    require_approval: input.require_approval ?? base.require_approval,
+    audit_evidence: input.audit_evidence ?? base.audit_evidence,
+    created_at: existing?.created_at || timestamp,
+    updated_at: timestamp
+  };
+  saveConfig({
+    ...config,
+    runner_sandboxes: {
+      ...config.runner_sandboxes || {},
+      [profile.name]: profile
+    }
+  });
+  return profile;
+}
+function removeRunnerSandboxProfile(name) {
+  const config = loadConfig();
+  if (!config.runner_sandboxes?.[name])
+    return false;
+  const next = { ...config.runner_sandboxes };
+  delete next[name];
+  saveConfig({ ...config, runner_sandboxes: next });
+  return true;
+}
+function checkRunnerSandbox(input = {}) {
+  const path = normalizePath2(input.path || input.cwd || process.cwd());
+  const profile = profileByName(input.name, path);
+  const cwd = resolveFromRoot(profile.root, input.cwd || profile.root);
+  const reasons = [];
+  const writePaths = input.write_paths || [];
+  const resolvedWritePaths = writePaths.map((writePath) => resolveFromCwd(cwd, writePath));
+  if (!isPathInside2(profile.cwd_boundary, cwd))
+    reasons.push("cwd is outside sandbox boundary");
+  if (input.command) {
+    if (profile.command_denylist.some((pattern) => matchesPattern2(input.command, pattern))) {
+      reasons.push("command matches sandbox denylist");
+    } else if (!profile.command_allowlist.some((pattern) => matchesPattern2(input.command, pattern))) {
+      reasons.push("command is not in sandbox allowlist");
+    }
+  }
+  for (const writePath of writePaths) {
+    if (!writeAllowed2(profile, cwd, writePath)) {
+      reasons.push(`write path is outside sandbox scopes: ${writePath}`);
+    }
+  }
+  if (input.network && profile.network_policy === "none") {
+    reasons.push("network access is disabled by sandbox policy");
+  }
+  const trustChecks = [
+    checkWorkspacePermission({ path: profile.root, command: input.command, env: input.env }),
+    ...resolvedWritePaths.map((writePath) => checkWorkspacePermission({ path: profile.root, write_path: writePath }))
+  ];
+  for (const trust of trustChecks) {
+    for (const reason of trust.reasons)
+      reasons.push(`workspace trust: ${reason}`);
+  }
+  const redacted = redactedEnvKeys2(profile, input.env);
+  const omitted = omittedEnvKeys(profile, input.env);
+  const effective = Object.keys(input.env || {}).filter((key) => !omitted.includes(key));
+  const uniqueReasons = unique2(reasons);
+  const allowed = uniqueReasons.length === 0;
+  return {
+    allowed,
+    requires_approval: !allowed && profile.require_approval,
+    reasons: uniqueReasons,
+    profile,
+    redacted_env_keys: redacted,
+    omitted_env_keys: omitted,
+    effective_env_keys: effective,
+    audit_evidence: profile.audit_evidence ? {
+      sandbox: profile.name,
+      root: profile.root,
+      cwd,
+      command: input.command,
+      write_paths: writePaths,
+      network_requested: Boolean(input.network),
+      network_policy: profile.network_policy,
+      allowed,
+      reasons: uniqueReasons
+    } : null
+  };
+}
+function explainRunnerSandbox(input = {}) {
+  return checkRunnerSandbox(input);
+}
+
+// src/lib/event-hooks.ts
+var LOCAL_EVENT_TYPES = [
+  "task.assigned",
+  "task.blocked",
+  "task.started",
+  "task.completed",
+  "task.failed",
+  "task.unblocked",
+  "task.status_changed",
+  "plan.updated",
+  "run.started",
+  "run.completed",
+  "run.failed",
+  "run.cancelled",
+  "approval.decided",
+  "import.finished",
+  "export.finished"
+];
+var VALID_TARGETS = new Set(["stdout", "file", "socket", "script"]);
+function safeName(name) {
+  const trimmed = name.trim();
+  if (!trimmed)
+    throw new Error("event hook name is required");
+  if (!/^[a-zA-Z0-9._-]+$/.test(trimmed))
+    throw new Error("event hook name may only contain letters, numbers, dot, underscore, or dash");
+  return trimmed;
+}
+function normalizeEvents(events) {
+  const normalized = events.map((event) => event.trim()).filter(Boolean);
+  if (normalized.length === 0)
+    throw new Error("event hook requires at least one event");
+  return Array.from(new Set(normalized)).sort();
+}
+function normalizeHook(input, existing) {
+  if (!VALID_TARGETS.has(input.target))
+    throw new Error(`unsupported event hook target: ${input.target}`);
+  if (input.target === "file" && !input.file_path && !existing?.file_path)
+    throw new Error("file event hooks require file_path");
+  if (input.target === "socket" && !input.socket_path && !existing?.socket_path)
+    throw new Error("socket event hooks require socket_path");
+  if (input.target === "script" && !input.command && !existing?.command)
+    throw new Error("script event hooks require command");
+  const timestamp = new Date().toISOString();
+  return {
+    ...existing,
+    name: safeName(input.name),
+    enabled: input.enabled ?? existing?.enabled ?? true,
+    events: normalizeEvents(input.events.length > 0 ? input.events : existing?.events || []),
+    target: input.target,
+    file_path: input.file_path ?? existing?.file_path,
+    socket_path: input.socket_path ?? existing?.socket_path,
+    command: input.command ?? existing?.command,
+    cwd: input.cwd ?? existing?.cwd,
+    sandbox: input.sandbox ?? existing?.sandbox,
+    env: input.env ?? existing?.env,
+    retry: {
+      attempts: clampAttempts(input.retry?.attempts ?? existing?.retry?.attempts ?? 1),
+      backoff_ms: Math.max(0, input.retry?.backoff_ms ?? existing?.retry?.backoff_ms ?? 0)
+    },
+    created_at: existing?.created_at || timestamp,
+    updated_at: timestamp
+  };
+}
+function clampAttempts(value) {
+  if (!Number.isFinite(value))
+    return 1;
+  return Math.min(5, Math.max(1, Math.trunc(value)));
+}
+function eventMatches(hook, eventType) {
+  return hook.enabled !== false && (hook.events.includes("*") || hook.events.includes(eventType));
+}
+function canonicalEvent(input) {
+  return JSON.stringify(input);
+}
+function buildEnvelope(type, payload, timestamp = new Date().toISOString()) {
+  const base = {
+    id: randomUUID(),
+    type,
+    timestamp,
+    payload: redactValue(payload ?? {}),
+    source: { package: "@hasna/todos", local_only: true }
+  };
+  const digest = createHash("sha256").update(canonicalEvent(base)).digest("hex");
+  return { ...base, integrity: { algorithm: "sha256", digest } };
+}
+function summarize(value) {
+  const redacted = redactEvidenceText(value.trim());
+  if (!redacted)
+    return;
+  return redacted.length > 1000 ? `${redacted.slice(0, 997)}...` : redacted;
+}
+function sleep(ms) {
+  return new Promise((resolveSleep) => setTimeout(resolveSleep, ms));
+}
+async function writeSocket(socketPath, line) {
+  await new Promise((resolveWrite, rejectWrite) => {
+    const socket = createConnection(socketPath);
+    const timeout = setTimeout(() => {
+      socket.destroy();
+      rejectWrite(new Error(`socket write timed out: ${socketPath}`));
+    }, 1000);
+    socket.on("error", (error) => {
+      clearTimeout(timeout);
+      rejectWrite(error);
+    });
+    socket.on("connect", () => {
+      socket.end(line, () => {
+        clearTimeout(timeout);
+        resolveWrite();
+      });
+    });
+  });
+}
+async function deliverScript(hook, envelope) {
+  const command = hook.command;
+  const cwd = hook.cwd || process.cwd();
+  if (hook.sandbox) {
+    const check = checkRunnerSandbox({ name: hook.sandbox, cwd, command, env: hook.env });
+    if (!check.allowed)
+      throw new Error(check.reasons.join("; "));
+  }
+  const proc = Bun.spawn(["bash", "-lc", command], {
+    cwd,
+    env: {
+      ...process.env,
+      ...hook.env || {},
+      TODOS_EVENT_JSON: JSON.stringify(envelope),
+      TODOS_EVENT_ID: envelope.id,
+      TODOS_EVENT_TYPE: envelope.type,
+      TODOS_EVENT_INTEGRITY: envelope.integrity.digest,
+      TODOS_HOOK_NAME: hook.name
+    },
+    stdout: "pipe",
+    stderr: "pipe"
+  });
+  const [stdout, stderr, exitCode] = await Promise.all([
+    new Response(proc.stdout).text(),
+    new Response(proc.stderr).text(),
+    proc.exited
+  ]);
+  return { exitCode, output: summarize([stdout, stderr].filter(Boolean).join(`
+`)) };
+}
+async function deliverHook(hook, envelope) {
+  const line = `${JSON.stringify(envelope)}
+`;
+  const maxAttempts = clampAttempts(hook.retry?.attempts ?? 1);
+  const backoffMs = Math.max(0, hook.retry?.backoff_ms ?? 0);
+  let lastError;
+  let output;
+  for (let attempt = 1;attempt <= maxAttempts; attempt++) {
+    try {
+      if (hook.target === "stdout") {
+        output = line.trim();
+      } else if (hook.target === "file") {
+        const filePath = resolve4(hook.file_path);
+        mkdirSync3(dirname3(filePath), { recursive: true });
+        appendFileSync(filePath, line);
+      } else if (hook.target === "socket") {
+        await writeSocket(hook.socket_path, line);
+      } else {
+        const result = await deliverScript(hook, envelope);
+        output = result.output;
+        if (result.exitCode !== 0)
+          throw new Error(`script exited ${result.exitCode}${output ? `: ${output}` : ""}`);
+      }
+      return {
+        hook: hook.name,
+        event_id: envelope.id,
+        event_type: envelope.type,
+        target: hook.target,
+        status: "delivered",
+        attempts: attempt,
+        integrity: envelope.integrity,
+        output_summary: output
+      };
+    } catch (error) {
+      lastError = error instanceof Error ? error.message : String(error);
+      if (attempt < maxAttempts && backoffMs > 0)
+        await sleep(backoffMs);
+    }
+  }
+  return {
+    hook: hook.name,
+    event_id: envelope.id,
+    event_type: envelope.type,
+    target: hook.target,
+    status: "failed",
+    attempts: maxAttempts,
+    integrity: envelope.integrity,
+    error: redactEvidenceText(lastError || "delivery failed")
+  };
+}
+function upsertLocalEventHook(input) {
+  const config = loadConfig();
+  const existing = config.local_event_hooks?.[input.name];
+  const hook = normalizeHook(input, existing);
+  saveConfig({
+    ...config,
+    local_event_hooks: {
+      ...config.local_event_hooks || {},
+      [hook.name]: hook
+    }
+  });
+  return hook;
+}
+function listLocalEventHooks() {
+  return Object.values(loadConfig().local_event_hooks || {}).sort((a, b) => a.name.localeCompare(b.name));
+}
+function getLocalEventHook(name) {
+  return loadConfig().local_event_hooks?.[safeName(name)] || null;
+}
+function removeLocalEventHook(name) {
+  const config = loadConfig();
+  const key = safeName(name);
+  if (!config.local_event_hooks?.[key])
+    return false;
+  const next = { ...config.local_event_hooks };
+  delete next[key];
+  saveConfig({ ...config, local_event_hooks: next });
+  return true;
+}
+async function emitLocalEventHooks(input) {
+  const hooks = (input.hooks || listLocalEventHooks()).filter((hook) => eventMatches(hook, input.type));
+  if (hooks.length === 0)
+    return [];
+  const envelope = buildEnvelope(input.type, input.payload, input.timestamp);
+  return Promise.all(hooks.map((hook) => deliverHook(hook, envelope)));
+}
+function emitLocalEventHooksQuiet(input) {
+  emitLocalEventHooks(input).catch(() => {});
+}
+async function testLocalEventHook(name, input) {
+  const hook = getLocalEventHook(name);
+  if (!hook)
+    throw new Error(`event hook not found: ${name}`);
+  return emitLocalEventHooks({ ...input, hooks: [hook] });
+}
+
 // src/db/audit.ts
 init_database();
 function logTaskChange(taskId, action, field, oldValue, newValue, agentId, db) {
@@ -2853,9 +3784,14 @@ function updateTask(id, input, db) {
     logTaskChange(id, "approve", "approved_by", null, input.approved_by, agentId, d);
   if (input.assigned_to !== undefined && input.assigned_to !== task.assigned_to) {
     dispatchWebhook("task.assigned", { id, assigned_to: input.assigned_to, title: task.title }, d).catch(() => {});
+    emitLocalEventHooksQuiet({ type: "task.assigned", payload: { id, assigned_to: input.assigned_to, title: task.title } });
   }
   if (input.status !== undefined && input.status !== task.status) {
     dispatchWebhook("task.status_changed", { id, old_status: task.status, new_status: input.status, title: task.title }, d).catch(() => {});
+    emitLocalEventHooksQuiet({ type: "task.status_changed", payload: { id, old_status: task.status, new_status: input.status, title: task.title } });
+  }
+  if (input.approved_by !== undefined) {
+    emitLocalEventHooksQuiet({ type: "approval.decided", payload: { id, approved_by: input.approved_by, title: task.title } });
   }
   return {
     ...task,
@@ -3546,6 +4482,18 @@ function wouldCreateCycle(taskId, dependsOn, db) {
 
 // src/db/task-lifecycle.ts
 var MAX_SPAWN_DEPTH = 10;
+function lockExpiresAt(lockedAt) {
+  if (!lockedAt)
+    return null;
+  return new Date(new Date(lockedAt).getTime() + LOCK_EXPIRY_MINUTES * 60 * 1000).toISOString();
+}
+function assertStartable(task, agentId) {
+  if (task.status === "pending")
+    return;
+  if (task.status === "in_progress")
+    return;
+  throw new Error(`Task is ${task.status} and cannot be started by ${agentId}`);
+}
 function getBlockingDeps(id, db) {
   const d = db || getDatabase();
   const deps = getTaskDependencies(id, d);
@@ -3564,22 +4512,38 @@ function startTask(id, agentId, db) {
   const task = getTask(id, d);
   if (!task)
     throw new TaskNotFoundError(id);
+  assertStartable(task, agentId);
   const blocking = getBlockingDeps(id, d);
   if (blocking.length > 0) {
     const blockerIds = blocking.map((b) => b.id.slice(0, 8)).join(", ");
+    emitLocalEventHooksQuiet({
+      type: "task.blocked",
+      payload: {
+        id,
+        agent_id: agentId,
+        title: task.title,
+        blockers: blocking.map((b) => ({ id: b.id, short_id: b.short_id, title: b.title, status: b.status }))
+      }
+    });
     throw new Error(`Task is blocked by ${blocking.length} unfinished dependency(ies): ${blockerIds}`);
   }
   const cutoff = lockExpiryCutoff();
   const timestamp = now();
   const result = d.run(`UPDATE tasks SET status = 'in_progress', assigned_to = ?, locked_by = ?, locked_at = ?, started_at = COALESCE(started_at, ?), version = version + 1, updated_at = ?
-     WHERE id = ? AND (locked_by IS NULL OR locked_by = ? OR locked_at < ?)`, [agentId, agentId, timestamp, timestamp, timestamp, id, agentId, cutoff]);
+     WHERE id = ? AND status IN ('pending', 'in_progress') AND (locked_by IS NULL OR locked_by = ? OR locked_at < ?)`, [agentId, agentId, timestamp, timestamp, timestamp, id, agentId, cutoff]);
   if (result.changes === 0) {
-    if (task.locked_by && task.locked_by !== agentId && !isLockExpired(task.locked_at)) {
-      throw new LockError(id, task.locked_by);
+    const current = getTask(id, d);
+    if (!current)
+      throw new TaskNotFoundError(id);
+    assertStartable(current, agentId);
+    if (current.locked_by && current.locked_by !== agentId && !isLockExpired(current.locked_at)) {
+      throw new LockError(id, current.locked_by);
     }
+    throw new Error(`Task ${id} could not be started because it changed during claim`);
   }
   logTaskChange(id, "start", "status", "pending", "in_progress", agentId, d);
   dispatchWebhook("task.started", { id, agent_id: agentId, title: task.title }, d).catch(() => {});
+  emitLocalEventHooksQuiet({ type: "task.started", payload: { id, agent_id: agentId, title: task.title } });
   return { ...task, status: "in_progress", assigned_to: agentId, locked_by: agentId, locked_at: timestamp, started_at: task.started_at || timestamp, version: task.version + 1, updated_at: timestamp };
 }
 function completeTask(id, agentId, db, options) {
@@ -3617,6 +4581,7 @@ function completeTask(id, agentId, db, options) {
   tx();
   logTaskChange(id, "complete", "status", task.status, "completed", agentId || null, d);
   dispatchWebhook("task.completed", { id, agent_id: agentId, title: task.title, completed_at: timestamp }, d).catch(() => {});
+  emitLocalEventHooksQuiet({ type: "task.completed", payload: { id, agent_id: agentId, title: task.title, completed_at: timestamp } });
   let spawnedTask = null;
   if (task.recurrence_rule && !options?.skip_recurrence) {
     spawnedTask = spawnNextRecurrence(task, d);
@@ -3658,6 +4623,7 @@ function completeTask(id, agentId, db, options) {
     meta._unblocked = unblockedDeps.map((d2) => ({ id: d2.id, short_id: d2.short_id, title: d2.title }));
     for (const dep of unblockedDeps) {
       dispatchWebhook("task.unblocked", { id: dep.id, unblocked_by: id, title: dep.title }, d).catch(() => {});
+      emitLocalEventHooksQuiet({ type: "task.unblocked", payload: { id: dep.id, unblocked_by: id, title: dep.title } });
     }
   }
   return { ...task, status: "completed", locked_by: null, locked_at: null, completed_at: timestamp, confidence, version: task.version + 1, updated_at: timestamp, metadata: meta };
@@ -3667,17 +4633,32 @@ function lockTask(id, agentId, db) {
   const task = getTask(id, d);
   if (!task)
     throw new TaskNotFoundError(id);
+  if (task.status === "completed" || task.status === "cancelled") {
+    return {
+      success: false,
+      error: `Task is ${task.status} and cannot be locked`
+    };
+  }
   if (task.locked_by === agentId && !isLockExpired(task.locked_at)) {
-    return { success: true, locked_by: agentId, locked_at: task.locked_at };
+    const timestamp2 = now();
+    d.run(`UPDATE tasks SET locked_at = ?, updated_at = ?, version = version + 1 WHERE id = ? AND locked_by = ?`, [timestamp2, timestamp2, id, agentId]);
+    logTaskChange(id, "lock_renew", "locked_by", agentId, agentId, agentId, d);
+    return { success: true, locked_by: agentId, locked_at: timestamp2, expires_at: lockExpiresAt(timestamp2) };
   }
   const cutoff = lockExpiryCutoff();
   const timestamp = now();
   const result = d.run(`UPDATE tasks SET locked_by = ?, locked_at = ?, version = version + 1, updated_at = ?
-     WHERE id = ? AND (locked_by IS NULL OR locked_by = ? OR locked_at < ?)`, [agentId, timestamp, timestamp, id, agentId, cutoff]);
+     WHERE id = ? AND status NOT IN ('completed', 'cancelled') AND (locked_by IS NULL OR locked_by = ? OR locked_at < ?)`, [agentId, timestamp, timestamp, id, agentId, cutoff]);
   if (result.changes === 0) {
     const current = getTask(id, d);
     if (!current)
       throw new TaskNotFoundError(id);
+    if (current.status === "completed" || current.status === "cancelled") {
+      return {
+        success: false,
+        error: `Task is ${current.status} and cannot be locked`
+      };
+    }
     if (current.locked_by && !isLockExpired(current.locked_at)) {
       return {
         success: false,
@@ -3686,8 +4667,13 @@ function lockTask(id, agentId, db) {
         error: `Task is locked by ${current.locked_by}`
       };
     }
+    return {
+      success: false,
+      error: `Task ${id} could not be locked because it changed during lock acquisition`
+    };
   }
-  return { success: true, locked_by: agentId, locked_at: timestamp };
+  logTaskChange(id, "lock", "locked_by", task.locked_by, agentId, agentId, d);
+  return { success: true, locked_by: agentId, locked_at: timestamp, expires_at: lockExpiresAt(timestamp) };
 }
 function unlockTask(id, agentId, db) {
   const d = db || getDatabase();
@@ -3702,6 +4688,21 @@ function unlockTask(id, agentId, db) {
      WHERE id = ?`, [timestamp, id]);
   return true;
 }
+function getTaskLockStatus(id, db) {
+  const d = db || getDatabase();
+  const task = getTask(id, d);
+  if (!task)
+    throw new TaskNotFoundError(id);
+  const expired = isLockExpired(task.locked_at);
+  return {
+    task_id: id,
+    locked: !!task.locked_by && !expired,
+    locked_by: task.locked_by,
+    locked_at: task.locked_at,
+    expires_at: lockExpiresAt(task.locked_at),
+    expired
+  };
+}
 function claimNextTask(agentId, filters, db) {
   const d = db || getDatabase();
   const tx = d.transaction(() => {
@@ -3810,6 +4811,7 @@ function failTask(id, agentId, reason, options, db) {
      WHERE id = ?`, [JSON.stringify(meta), timestamp, id]);
   logTaskChange(id, "fail", "status", task.status, "failed", agentId || null, d);
   dispatchWebhook("task.failed", { id, reason, error_code: options?.error_code, agent_id: agentId, title: task.title }, d).catch(() => {});
+  emitLocalEventHooksQuiet({ type: "task.failed", payload: { id, reason, error_code: options?.error_code, agent_id: agentId, title: task.title } });
   const failedTask = {
     ...task,
     status: "failed",
@@ -3854,21 +4856,23 @@ function failTask(id, agentId, reason, options, db) {
   }
   return { task: failedTask, retryTask };
 }
-function getStaleTasks(staleMinutes = 30, filters, db) {
+function getStaleTasks(staleQuery = 30, filters, db) {
   const d = db || getDatabase();
+  const staleMinutes = typeof staleQuery === "number" ? staleQuery : staleQuery.minutes ?? (staleQuery.hours !== undefined ? staleQuery.hours * 60 : 30);
+  const effectiveFilters = typeof staleQuery === "number" ? filters : { project_id: staleQuery.project_id, task_list_id: staleQuery.task_list_id };
   const cutoff = new Date(Date.now() - staleMinutes * 60 * 1000).toISOString();
   const conditions = [
     "status = 'in_progress'",
     "(updated_at < ? OR (locked_at IS NOT NULL AND locked_at < ?))"
   ];
   const params = [cutoff, cutoff];
-  if (filters?.project_id) {
+  if (effectiveFilters?.project_id) {
     conditions.push("project_id = ?");
-    params.push(filters.project_id);
+    params.push(effectiveFilters.project_id);
   }
-  if (filters?.task_list_id) {
+  if (effectiveFilters?.task_list_id) {
     conditions.push("task_list_id = ?");
-    params.push(filters.task_list_id);
+    params.push(effectiveFilters.task_list_id);
   }
   const where = conditions.join(" AND ");
   const rows = d.query(`SELECT * FROM tasks WHERE ${where} ORDER BY updated_at ASC`).all(...params);
@@ -3884,9 +4888,15 @@ function stealTask(agentId, opts, db) {
   staleTasks.sort((a, b) => (priorityOrder[a.priority] ?? 9) - (priorityOrder[b.priority] ?? 9));
   const target = staleTasks[0];
   const timestamp = now();
-  d.run(`UPDATE tasks SET assigned_to = ?, locked_by = ?, locked_at = ?, updated_at = ?, version = version + 1 WHERE id = ?`, [agentId, agentId, timestamp, timestamp, target.id]);
+  const cutoff = new Date(Date.now() - staleMinutes * 60 * 1000).toISOString();
+  const result = d.run(`UPDATE tasks SET assigned_to = ?, locked_by = ?, locked_at = ?, updated_at = ?, version = version + 1
+     WHERE id = ? AND status = 'in_progress' AND (updated_at < ? OR (locked_at IS NOT NULL AND locked_at < ?))`, [agentId, agentId, timestamp, timestamp, target.id, cutoff, cutoff]);
+  if (result.changes === 0)
+    return null;
   logTaskChange(target.id, "steal", "assigned_to", target.assigned_to, agentId, agentId, d);
+  logTaskChange(target.id, "steal", "locked_by", target.locked_by, agentId, agentId, d);
   dispatchWebhook("task.assigned", { id: target.id, agent_id: agentId, title: target.title, stolen_from: target.assigned_to }, d).catch(() => {});
+  emitLocalEventHooksQuiet({ type: "task.assigned", payload: { id: target.id, agent_id: agentId, title: target.title, stolen_from: target.assigned_to } });
   return { ...target, assigned_to: agentId, locked_by: agentId, locked_at: timestamp, updated_at: timestamp, version: target.version + 1 };
 }
 function claimOrSteal(agentId, filters, db) {
@@ -4253,7 +5263,12 @@ function updatePlan(id, input, db) {
   }
   params.push(id);
   d.run(`UPDATE plans SET ${sets.join(", ")} WHERE id = ?`, params);
-  return getPlan(id, d);
+  const updated = getPlan(id, d);
+  emitLocalEventHooksQuiet({
+    type: "plan.updated",
+    payload: { id, old_status: plan.status, new_status: updated.status, name: updated.name, project_id: updated.project_id }
+  });
+  return updated;
 }
 function deletePlan(id, db) {
   const d = db || getDatabase();