@hasna/todos 0.11.45 → 0.11.46

package/dist/registry.js

@@ -1709,6 +1709,10 @@ function ensureSchema(db) {
   ensureColumn("dispatches", "machine_id", "TEXT");
   ensureColumn("dispatches", "synced_at", "TEXT");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_plan ON tasks(plan_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_project ON tasks(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_status ON tasks(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_archived_at ON tasks(archived_at)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_updated_at ON tasks(updated_at)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_task_list ON tasks(task_list_id)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_due_at ON tasks(due_at)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_short_id ON tasks(short_id) WHERE short_id IS NOT NULL");
@@ -2700,7 +2704,9 @@ var MCP_TOOL_GROUPS = {
     "create_risk",
     "create_handoff",
     "capture_environment_snapshot",
+    "check_local_integrity",
     "compare_environment_snapshots",
+    "create_local_backup",
     "create_inbox_item",
     "delete_comment",
     "detect_file_relationships",
@@ -2720,6 +2726,7 @@ var MCP_TOOL_GROUPS = {
     "add_task_run_event",
     "add_task_run_file",
     "acknowledge_handoff",
+    "build_local_report",
     "cancel_agent_run_dispatch",
     "finish_task_run",
     "find_duplicate_tasks",
@@ -2739,9 +2746,11 @@ var MCP_TOOL_GROUPS = {
     "close_risk",
     "get_task_git_refs",
     "get_task_run_ledger",
+    "get_usage_ledger",
     "list_agent_run_adapters",
     "list_agent_run_queue",
     "verify_task_run_artifacts",
+    "verify_local_backup",
     "get_task_traceability",
     "get_task_commits",
     "get_task_dependencies",
@@ -2758,6 +2767,7 @@ var MCP_TOOL_GROUPS = {
     "list_handoffs",
     "list_inbox_items",
     "list_knowledge_records",
+    "list_local_report_types",
     "list_onboarding_fixtures",
     "list_review_routing_rules",
     "list_local_snapshots",
@@ -2769,6 +2779,7 @@ var MCP_TOOL_GROUPS = {
     "queue_agent_run",
     "remove_agent_run_adapter",
     "remove_review_routing_rule",
+    "restore_local_backup",
     "retry_agent_run_dispatch",
     "resolve_mentions",
     "run_next_agent_dispatch",
@@ -2779,6 +2790,7 @@ var MCP_TOOL_GROUPS = {
     "set_review_routing_rule",
     "set_verification_provider",
     "simulate_agent_replay",
+    "discover_local_extensions",
     "inspect_local_extension",
     "install_local_extension",
     "list_local_extensions",
@@ -2846,11 +2858,15 @@ var MCP_TOOL_GROUPS = {
     "get_task_graph",
     "get_task_history",
     "get_task_stats",
+    "list_workflow_states",
     "list_labels",
     "list_tags",
+    "migrate_workflow_states",
+    "query_tasks_by_workflow_state",
     "query_tasks_by_fields",
     "search_tools",
     "describe_tools",
+    "set_task_workflow_state",
     "set_task_fields",
     "update_label",
     "update_tag"
@@ -3340,6 +3356,161 @@ var TODOS_JSON_CONTRACTS = [
     },
     optional: {}
   }),
+  contract({
+    id: "local_usage_ledger",
+    name: "Local Usage Ledger",
+    description: "Aggregate local report for task, project, run, command, cost, duration, storage, and simulated quota usage.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Report schema version."),
+      local_only: field("boolean", "Always true; report reads only local todos state."),
+      no_network: field("boolean", "Always true; report does not call hosted services."),
+      generated_at: isoDateField,
+      scope: field("object", "Project, agent, and time filters used for the aggregate."),
+      counts: field("object", "Counts for tasks, projects, runs, commands, artifacts, traces, and usage metadata records."),
+      durations: field("object", "Completed run, open run, trace, and total observed duration in milliseconds."),
+      usage: field("object", "Token and USD aggregates from task cost fields, traces, and agent-provided metadata."),
+      storage: field("object", "Evidence storage byte totals from local run artifacts."),
+      quota: field("object", "Optional local quota simulation with exceeded limits."),
+      redaction: field("object", "Aggregate-only guarantees for command and artifact path omission."),
+      sources: field("array", "Local SQLite tables included in the report.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "local_report",
+    name: "Local Agent Report",
+    description: "Local-only report composing ready, blocked, overdue, plan, run, verification, and agent summaries.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Report schema version."),
+      local_only: field("boolean", "Always true; report reads only local todos state."),
+      no_network: field("boolean", "Always true; report does not call hosted analytics or usage collection."),
+      generated_at: isoDateField,
+      scope: field("object", "Project, plan, agent, and time filters used to build the report."),
+      report_types: field("array", "Stable local report sections included by this package."),
+      views: field("object", "Ready, blocked, and overdue task views."),
+      plans: field("array", "Plan progress summaries with blocked and overdue counts."),
+      runs: field("object", "Run outcome counts and recent run evidence summaries."),
+      verification: field("object", "Verification outcome counts and recent verification evidence summaries."),
+      agents: field("array", "Per-agent task, run, and verification summaries."),
+      exports: field("object", "JSON contract and Markdown support metadata.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "local_backup_bundle",
+    name: "Local Backup Bundle",
+    description: "Local backup wrapper around a bridge bundle with manifest counts, section checksums, SQLite integrity metadata, and artifact-content coverage.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Backup schema version."),
+      kind: field("string", "Backup bundle kind identifier."),
+      local_only: field("boolean", "Always true; backup creation reads only local state."),
+      no_network: field("boolean", "Always true; backup creation performs no network requests."),
+      created_at: isoDateField,
+      package: field("object", "Package source metadata."),
+      manifest: field("object", "Backup manifest with checksums, counts, source scope, and SQLite integrity."),
+      bridge: field("object", "Embedded local bridge bundle containing tasks, projects, plans, runs, comments, evidence, and stored artifact content."),
+      checksum_algorithm: field("string", "Digest algorithm used for backup and bridge checksums."),
+      checksum: field("string", "SHA-256 checksum of the backup payload excluding this field.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "local_backup_verification",
+    name: "Local Backup Verification",
+    description: "Verification report for a local backup bundle covering backup checksum, bridge checksum, manifest counts, schema compatibility, and current SQLite integrity.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Verification schema version."),
+      kind: field("string", "Verification report kind identifier."),
+      local_only: field("boolean", "Always true; verification reads local files and SQLite only."),
+      no_network: field("boolean", "Always true; verification performs no network requests."),
+      verified_at: isoDateField,
+      ok: field("boolean", "True when all checks pass."),
+      checksum_algorithm: field("string", "Digest algorithm used for backup and bridge checksums."),
+      checksum: field("object", "Expected and actual backup checksum status."),
+      bridge_checksum: field("object", "Expected and actual bridge checksum status."),
+      bridge_validation: field("object", "Embedded bridge schema validation result."),
+      sqlite: field(["object", "null"], "Current SQLite integrity check, or null when skipped.", true),
+      counts: field("object", "Manifest expected counts, actual bridge counts, and status."),
+      compatible: field("boolean", "True when embedded bridge schema is compatible with this package."),
+      issues: field("array", "Blocking verification issues."),
+      warnings: field("array", "Non-blocking local warnings.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "local_backup_restore_result",
+    name: "Local Backup Restore Result",
+    description: "Dry-run or applied local backup restore result with verification and bridge import details.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Restore result schema version."),
+      kind: field("string", "Restore result kind identifier."),
+      local_only: field("boolean", "Always true; restore targets only local SQLite state."),
+      no_network: field("boolean", "Always true; restore performs no network requests."),
+      restored_at: isoDateField,
+      dry_run: field("boolean", "True when no local records were written."),
+      ok: field("boolean", "True when verification passes and the import has no blocking issues."),
+      verification: field("object", "Backup verification result run before importing."),
+      import_result: field(["object", "null"], "Bridge import result, or null when verification failed.", true),
+      issues: field("array", "Blocking verification or import issues.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "local_integrity_report",
+    name: "Local Integrity Report",
+    description: "Local integrity report for SQLite quick_check, foreign keys, bridge validation, backup-relevant counts, and orphan rows.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Integrity report schema version."),
+      kind: field("string", "Integrity report kind identifier."),
+      local_only: field("boolean", "Always true; report reads only local SQLite state."),
+      no_network: field("boolean", "Always true; report performs no network requests."),
+      generated_at: isoDateField,
+      database_path: field("string", "Resolved local SQLite database path."),
+      sqlite: field("object", "SQLite quick_check and foreign key integrity summary."),
+      bridge_validation: field("object", "Bridge validation result for a freshly-created local bridge bundle."),
+      counts: field("object", "Backup-relevant record counts by bridge section."),
+      orphaned_rows: field("object", "Detected orphaned local rows by relationship."),
+      ok: field("boolean", "True when no blocking integrity issues are found."),
+      issues: field("array", "Blocking integrity issues."),
+      warnings: field("array", "Non-blocking local warnings.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "terminal_dashboard_snapshot",
+    name: "Terminal Dashboard Snapshot",
+    description: "Deterministic local snapshot for the keyboard-first terminal dashboard.",
+    surfaces: ["cli", "sdk"],
+    stability: "stable",
+    required: {
+      generated_at: isoDateField,
+      local_only: field("boolean", "Always true; dashboard snapshots read only local todos state."),
+      project_id: field(["string", "null"], "Optional project scope.", true),
+      active_view: field("string", "Active dashboard tab rendered by the TUI or snapshot command."),
+      keymap: field("array", "Keyboard shortcuts exposed by the TUI."),
+      counts: field("object", "Task counts by status and total."),
+      projects: field("array", "Visible projects with open task counts."),
+      tasks: field("array", "Visible pending and in-progress tasks."),
+      plans: field("array", "Visible plans with open task counts."),
+      runs: field("array", "Recent local task runs."),
+      dependencies: field("array", "Local dependency edges and blocking state."),
+      inbox: field("array", "Recent local inbox items."),
+      search: field("object", "Local search query and matching task results.")
+    },
+    optional: {}
+  }),
   contract({
     id: "mention_resolution_report",
     name: "Mention Resolution Report",
@@ -3587,6 +3758,56 @@ var TODOS_JSON_CONTRACTS = [
     },
     optional: {}
   }),
+  contract({
+    id: "workflow_state_config",
+    name: "Workflow State Config",
+    description: "Local workflow state definition mapped onto a canonical task status.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      name: field("string", "Local workflow state name."),
+      canonical_status: field("string", "Canonical task status used for storage and compatibility."),
+      aliases: field("array", "Alternate input names for this workflow state."),
+      terminal: field("boolean", "Whether this state represents terminal work.")
+    },
+    optional: {
+      description: field("string", "Optional human description."),
+      transitions: field(["array", "null"], "Allowed destination state names, or null for unrestricted.", true),
+      color: field("string", "Optional display color token.")
+    }
+  }),
+  contract({
+    id: "workflow_state_result",
+    name: "Workflow State Result",
+    description: "Result of setting a task's local workflow state.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      task: field("object", "Updated canonical task object."),
+      workflow_state: field("object", "Resolved target workflow state."),
+      previous_workflow_state: field("object", "Resolved prior workflow state."),
+      changed: field("boolean", "Whether the local workflow state changed."),
+      canonical_status_changed: field("boolean", "Whether the task row status changed."),
+      local_only: field("boolean", "Always true; operation uses local state only.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "workflow_state_migration",
+    name: "Workflow State Migration",
+    description: "Dry-run or applied local migration from canonical statuses to workflow state metadata.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      applied: field("boolean", "Whether metadata writes were applied."),
+      migrated_count: field("integer", "Number of tasks written during an applied migration."),
+      pending_count: field("integer", "Number of tasks that would be migrated in dry-run mode."),
+      skipped_count: field("integer", "Number of tasks already carrying matching workflow metadata."),
+      items: field("array", "Per-task migration preview records."),
+      local_only: field("boolean", "Always true; migration uses local state only.")
+    },
+    optional: {}
+  }),
   contract({
     id: "retention_cleanup_report",
     name: "Retention Cleanup Report",
@@ -3608,6 +3829,45 @@ var TODOS_JSON_CONTRACTS = [
     },
     optional: {}
   }),
+  contract({
+    id: "scale_performance_report",
+    name: "Scale Performance Report",
+    description: "Local scale hardening report for query performance, archive readiness, compaction, SQLite integrity, and expected indexes. It performs no network calls.",
+    surfaces: ["cli", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Report schema version."),
+      local_only: field("boolean", "Always true; the report reads only local state."),
+      no_network: field("boolean", "Always true; the report performs no network requests."),
+      generated_at: isoDateField,
+      database_path: field("string", "Resolved local SQLite database path."),
+      counts: field("object", "Local task, project, agent, plan, run, event, comment, and dependency counts."),
+      benchmarks: field("array", "Measured local query timings with thresholds."),
+      archive: field("object", "Archive-readiness counts for old terminal tasks and include-archived visibility."),
+      compaction: field("object", "SQLite page and freelist state with recommended maintenance commands."),
+      integrity: field("object", "SQLite quick_check, foreign key, and required-index results."),
+      warnings: field("array", "Non-fatal warnings for slow queries, missing indexes, old archive candidates, or integrity issues.")
+    },
+    optional: {}
+  }),
+  contract({
+    id: "scale_compaction_result",
+    name: "Scale Compaction Result",
+    description: "Dry-run or applied local SQLite optimization and VACUUM compaction result.",
+    surfaces: ["cli", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Result schema version."),
+      local_only: field("boolean", "Always true; compaction targets only the local SQLite database."),
+      no_network: field("boolean", "Always true; compaction performs no network requests."),
+      dry_run: field("boolean", "True when commands were only previewed."),
+      database_path: field("string", "Resolved local SQLite database path."),
+      before: field("object", "Page and freelist counts before compaction."),
+      after: field("object", "Page and freelist counts after compaction or dry-run preview."),
+      actions: field("array", "SQLite maintenance actions planned or applied.")
+    },
+    optional: {}
+  }),
   contract({
     id: "duplicate_task_candidate",
     name: "Duplicate Task Candidate",
@@ -3712,12 +3972,30 @@ var TODOS_JSON_CONTRACTS = [
       manifest: field("object", "Normalized extension manifest."),
       validation: field("object", "Schema, compatibility, permission, and sandbox validation details."),
       ok: field("boolean", "Whether the extension passed hard compatibility checks."),
-      summary: field("object", "Counts for commands, MCP tools, hooks, permissions, sandbox checks, and failed dry-runs."),
+      summary: field("object", "Counts for commands, MCP tools, templates, renderers, hooks, permissions, sandbox checks, and failed dry-runs."),
       errors: field("array", "Hard validation or compatibility errors."),
       warnings: field("array", "Non-blocking diagnostics such as sandbox approval requirements.")
     },
     optional: {}
   }),
+  contract({
+    id: "local_extension_discovery",
+    name: "Local Extension Discovery",
+    description: "Local-only discovery report for extension manifests from config, project roots, .todos folders, and installed registry records.",
+    surfaces: ["cli", "mcp", "sdk"],
+    stability: "stable",
+    required: {
+      schema_version: field("integer", "Report schema version."),
+      local_only: field("boolean", "Always true; discovery reads only local files and config."),
+      no_network: field("boolean", "Always true; discovery performs no network requests."),
+      project_path: field(["string", "null"], "Project root used for discovery, or null when omitted.", true),
+      config_sources: field("array", "Resolved extension source paths from config and project discovery."),
+      discovered: field("array", "Validated extension source inspections."),
+      installed: field("array", "Installed local extension registry records when included."),
+      warnings: field("array", "Non-fatal source read or validation warnings.")
+    },
+    optional: {}
+  }),
   contract({
     id: "agent",
     name: "Agent",
@@ -5125,6 +5403,15 @@ var DEFAULT_SECRET_PATTERNS = [
   { name: "bearer-token", regex: /\b(bearer)\s+[A-Za-z0-9._~+/=-]{12,}/gi, replacement: "$1 [REDACTED]" }
 ];
 var DEFAULT_SECRET_KEY_PATTERN = /api[_-]?key|token|secret|password/i;
+var NON_SECRET_USAGE_KEYS = new Set([
+  "tokens",
+  "total_tokens",
+  "token_count",
+  "input_tokens",
+  "output_tokens",
+  "prompt_tokens",
+  "completion_tokens"
+]);
 function unique(values) {
   return Array.from(new Set((values || []).map((value) => value.trim()).filter(Boolean)));
 }
@@ -5144,6 +5431,8 @@ function secretPatterns() {
   return [...customPatterns(), ...DEFAULT_SECRET_PATTERNS];
 }
 function isSecretKey(key) {
+  if (NON_SECRET_USAGE_KEYS.has(key.toLowerCase()))
+    return false;
   if (DEFAULT_SECRET_KEY_PATTERN.test(key))
     return true;
   return unique(loadConfig().secret_safety?.redaction_keys).some((pattern) => key.toLowerCase().includes(pattern.toLowerCase()));
@@ -9248,7 +9537,18 @@ function addTaskRunCommand(input, db) {
     run_id: run.id,
     event_type: "command",
     message: `${status}: ${command}`,
-    data: { command, status, exit_code: input.exit_code ?? null, output_summary: outputSummary, artifact_path: artifactPath },
+    data: {
+      command,
+      status,
+      exit_code: input.exit_code ?? null,
+      output_summary: outputSummary,
+      artifact_path: artifactPath,
+      usage: {
+        tokens: input.tokens ?? null,
+        cost_usd: input.cost_usd ?? null,
+        duration_ms: input.duration_ms ?? null
+      }
+    },
     agent_id: input.agent_id ?? run.agent_id ?? undefined,
     created_at: timestamp
   }, d);
@@ -10618,9 +10918,305 @@ function importOnboardingFixture(options = {}) {
     conflictStrategy: options.conflictStrategy
   });
 }
-// src/lib/local-snapshots.ts
+// src/lib/local-backups.ts
 init_database();
 import { createHash as createHash3 } from "crypto";
+import { readFileSync as readFileSync4, writeFileSync as writeFileSync4 } from "fs";
+import { dirname as dirname6, resolve as resolve7 } from "path";
+import { mkdirSync as mkdirSync6 } from "fs";
+var TODOS_LOCAL_BACKUP_KIND = "hasna.todos.local-backup";
+var TODOS_LOCAL_BACKUP_SCHEMA_VERSION = 1;
+var TODOS_LOCAL_INTEGRITY_KIND = "hasna.todos.local-integrity";
+var TODOS_LOCAL_INTEGRITY_SCHEMA_VERSION = 1;
+var LOCAL_BACKUP_CHECKSUM_ALGORITHM = "sha256";
+function stableJson(value) {
+  if (value === null || typeof value !== "object")
+    return JSON.stringify(value);
+  if (Array.isArray(value))
+    return `[${value.map(stableJson).join(",")}]`;
+  const record = value;
+  return `{${Object.keys(record).sort().map((key) => `${JSON.stringify(key)}:${stableJson(record[key])}`).join(",")}}`;
+}
+function sha2562(value) {
+  return createHash3("sha256").update(stableJson(value)).digest("hex");
+}
+function sqliteIntegrity(db) {
+  let quick = "unknown";
+  try {
+    const row = db.query("PRAGMA quick_check").get();
+    quick = row?.quick_check ?? "unknown";
+  } catch (error) {
+    quick = error instanceof Error ? error.message : String(error);
+  }
+  let foreignKeyViolations = 0;
+  try {
+    foreignKeyViolations = db.query("PRAGMA foreign_key_check").all().length;
+  } catch {
+    foreignKeyViolations = 0;
+  }
+  return {
+    quick_check: quick,
+    foreign_key_violations: foreignKeyViolations,
+    ok: quick === "ok" && foreignKeyViolations === 0
+  };
+}
+function bridgeStats2(data) {
+  return Object.fromEntries(Object.keys(data).map((key) => [key, data[key].length]));
+}
+function sectionChecksums(data) {
+  return Object.fromEntries(Object.keys(data).map((key) => [key, sha2562(data[key])]));
+}
+function checksumPayload(bundle) {
+  return sha2562(bundle);
+}
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : null;
+}
+function createLocalBackup(options = {}, db) {
+  const d = db || getDatabase();
+  const createdAt2 = options.generated_at ?? now();
+  const bridge = createLocalBridgeBundle({
+    project_id: options.project_id,
+    generatedAt: createdAt2,
+    version: options.version
+  }, d);
+  const integrity = sqliteIntegrity(d);
+  const bridgeChecksum = sha2562(bridge);
+  const warnings = [];
+  if (!integrity.ok)
+    warnings.push("current SQLite integrity check did not pass");
+  const manifest = {
+    schema_version: TODOS_LOCAL_BACKUP_SCHEMA_VERSION,
+    kind: TODOS_LOCAL_BACKUP_KIND,
+    local_only: true,
+    no_network: true,
+    created_at: createdAt2,
+    package: bridge.package,
+    source: bridge.source,
+    bridge: {
+      kind: TODOS_LOCAL_BRIDGE_KIND,
+      schema_version: TODOS_LOCAL_BRIDGE_SCHEMA_VERSION,
+      exported_at: bridge.exportedAt,
+      checksum: bridgeChecksum,
+      stats: bridge.stats,
+      artifact_contents: bridge.artifact_contents?.length ?? 0
+    },
+    database: {
+      path: getDatabasePath(),
+      integrity
+    },
+    checksum_algorithm: LOCAL_BACKUP_CHECKSUM_ALGORITHM,
+    section_checksums: sectionChecksums(bridge.data),
+    warnings
+  };
+  const withoutChecksum = {
+    schema_version: TODOS_LOCAL_BACKUP_SCHEMA_VERSION,
+    kind: TODOS_LOCAL_BACKUP_KIND,
+    local_only: true,
+    no_network: true,
+    created_at: createdAt2,
+    package: bridge.package,
+    manifest,
+    bridge,
+    checksum_algorithm: LOCAL_BACKUP_CHECKSUM_ALGORITHM
+  };
+  const backup = {
+    ...withoutChecksum,
+    checksum: checksumPayload(withoutChecksum)
+  };
+  if (options.output_path)
+    writeLocalBackupFile(backup, options.output_path);
+  return backup;
+}
+function writeLocalBackupFile(backup, outputPath) {
+  const path = resolve7(outputPath);
+  mkdirSync6(dirname6(path), { recursive: true });
+  writeFileSync4(path, `${JSON.stringify(backup, null, 2)}
+`);
+  return path;
+}
+function readLocalBackupFile(path) {
+  return JSON.parse(readFileSync4(resolve7(path), "utf-8"));
+}
+function verifyLocalBackup(value, options = {}, db) {
+  const verifiedAt = options.verified_at ?? now();
+  const record = asRecord(value);
+  const issues = [];
+  const warnings = [];
+  const bridge = record?.bridge;
+  const manifest = asRecord(record?.manifest);
+  const expectedChecksum = typeof record?.checksum === "string" ? record.checksum : null;
+  const expectedBridgeChecksum = typeof manifest?.bridge === "object" && manifest.bridge && "checksum" in manifest.bridge ? String(manifest.bridge.checksum) : null;
+  if (!record)
+    issues.push("backup must be an object");
+  if (record?.kind !== TODOS_LOCAL_BACKUP_KIND)
+    issues.push(`kind must be ${TODOS_LOCAL_BACKUP_KIND}`);
+  if (record?.schema_version !== TODOS_LOCAL_BACKUP_SCHEMA_VERSION) {
+    issues.push(`schema_version must be ${TODOS_LOCAL_BACKUP_SCHEMA_VERSION}`);
+  }
+  if (record?.local_only !== true)
+    issues.push("local_only must be true");
+  if (record?.no_network !== true)
+    issues.push("no_network must be true");
+  if (!manifest)
+    issues.push("manifest must be an object");
+  if (!bridge)
+    issues.push("bridge must be an object");
+  const bridgeValidation = validateLocalBridgeBundle(bridge);
+  if (!bridgeValidation.ok)
+    issues.push(...bridgeValidation.issues.map((issue) => `bridge: ${issue}`));
+  const actualBridgeChecksum = bridge ? sha2562(bridge) : null;
+  if (expectedBridgeChecksum && actualBridgeChecksum && expectedBridgeChecksum !== actualBridgeChecksum) {
+    issues.push("bridge checksum mismatch");
+  }
+  const withoutChecksum = record ? { ...record } : null;
+  if (withoutChecksum)
+    delete withoutChecksum.checksum;
+  const actualChecksum = withoutChecksum ? checksumPayload(withoutChecksum) : null;
+  if (expectedChecksum && actualChecksum && expectedChecksum !== actualChecksum) {
+    issues.push("backup checksum mismatch");
+  }
+  const expectedCounts = manifest?.bridge && typeof manifest.bridge === "object" ? manifest.bridge.stats ?? {} : {};
+  const actualCounts = bridge?.data ? bridgeStats2(bridge.data) : {};
+  const countMismatches = Object.entries(expectedCounts).filter(([key, count]) => {
+    const actual = actualCounts[key];
+    return typeof count === "number" && actual !== count;
+  });
+  if (countMismatches.length > 0) {
+    issues.push(`manifest count mismatch: ${countMismatches.map(([key]) => key).join(", ")}`);
+  }
+  if (manifest?.section_checksums && typeof manifest.section_checksums === "object" && bridge?.data) {
+    const actualSections = sectionChecksums(bridge.data);
+    const mismatches = Object.entries(manifest.section_checksums).filter(([key, expected]) => actualSections[key] !== expected);
+    if (mismatches.length > 0)
+      issues.push(`section checksum mismatch: ${mismatches.map(([key]) => key).join(", ")}`);
+  }
+  if (bridge?.schemaVersion !== TODOS_LOCAL_BRIDGE_SCHEMA_VERSION) {
+    issues.push(`bridge schemaVersion must be ${TODOS_LOCAL_BRIDGE_SCHEMA_VERSION}`);
+  }
+  const sqlite = options.check_sqlite === false ? null : sqliteIntegrity(db || getDatabase());
+  if (sqlite && !sqlite.ok)
+    warnings.push("current SQLite integrity check did not pass");
+  return {
+    schema_version: TODOS_LOCAL_BACKUP_SCHEMA_VERSION,
+    kind: "hasna.todos.local-backup-verification",
+    local_only: true,
+    no_network: true,
+    verified_at: verifiedAt,
+    ok: issues.length === 0,
+    checksum_algorithm: LOCAL_BACKUP_CHECKSUM_ALGORITHM,
+    checksum: {
+      expected: expectedChecksum,
+      actual: actualChecksum,
+      ok: Boolean(expectedChecksum && actualChecksum && expectedChecksum === actualChecksum)
+    },
+    bridge_checksum: {
+      expected: expectedBridgeChecksum,
+      actual: actualBridgeChecksum,
+      ok: Boolean(expectedBridgeChecksum && actualBridgeChecksum && expectedBridgeChecksum === actualBridgeChecksum)
+    },
+    bridge_validation: bridgeValidation,
+    sqlite,
+    counts: {
+      expected: expectedCounts,
+      actual: actualCounts,
+      ok: countMismatches.length === 0
+    },
+    compatible: bridge?.schemaVersion === TODOS_LOCAL_BRIDGE_SCHEMA_VERSION,
+    issues,
+    warnings
+  };
+}
+function restoreLocalBackup(backup, options = {}, db) {
+  const d = db || getDatabase();
+  const verification = verifyLocalBackup(backup, { verified_at: options.verified_at, check_sqlite: true }, d);
+  const issues = [...verification.issues];
+  let importResult = null;
+  if (verification.ok) {
+    importResult = importLocalBridgeBundle(backup.bridge, {
+      dryRun: !options.apply,
+      conflictStrategy: options.conflict_strategy ?? "skip"
+    }, d);
+    if (!importResult.ok)
+      issues.push(...importResult.issues);
+  }
+  return {
+    schema_version: TODOS_LOCAL_BACKUP_SCHEMA_VERSION,
+    kind: "hasna.todos.local-backup-restore",
+    local_only: true,
+    no_network: true,
+    restored_at: options.verified_at ?? now(),
+    dry_run: !options.apply,
+    ok: verification.ok && Boolean(importResult?.ok),
+    verification,
+    import_result: importResult,
+    issues
+  };
+}
+function count(db, table) {
+  const row = db.query(`SELECT COUNT(*) AS count FROM ${table}`).get();
+  return row?.count ?? 0;
+}
+function orphanedRows(db) {
+  return {
+    tasks_missing_project: countQuery(db, "SELECT COUNT(*) AS count FROM tasks t WHERE t.project_id IS NOT NULL AND NOT EXISTS (SELECT 1 FROM projects p WHERE p.id = t.project_id)"),
+    comments_missing_task: countQuery(db, "SELECT COUNT(*) AS count FROM task_comments c WHERE NOT EXISTS (SELECT 1 FROM tasks t WHERE t.id = c.task_id)"),
+    runs_missing_task: countQuery(db, "SELECT COUNT(*) AS count FROM task_runs r WHERE NOT EXISTS (SELECT 1 FROM tasks t WHERE t.id = r.task_id)"),
+    run_events_missing_run: countQuery(db, "SELECT COUNT(*) AS count FROM task_run_events e WHERE NOT EXISTS (SELECT 1 FROM task_runs r WHERE r.id = e.run_id)"),
+    run_commands_missing_run: countQuery(db, "SELECT COUNT(*) AS count FROM task_run_commands c WHERE NOT EXISTS (SELECT 1 FROM task_runs r WHERE r.id = c.run_id)"),
+    run_artifacts_missing_run: countQuery(db, "SELECT COUNT(*) AS count FROM task_run_artifacts a WHERE NOT EXISTS (SELECT 1 FROM task_runs r WHERE r.id = a.run_id)"),
+    dependencies_missing_task: countQuery(db, "SELECT COUNT(*) AS count FROM task_dependencies d WHERE NOT EXISTS (SELECT 1 FROM tasks t WHERE t.id = d.task_id)"),
+    dependencies_missing_dependency: countQuery(db, "SELECT COUNT(*) AS count FROM task_dependencies d WHERE d.depends_on IS NOT NULL AND NOT EXISTS (SELECT 1 FROM tasks t WHERE t.id = d.depends_on)")
+  };
+}
+function countQuery(db, sql) {
+  try {
+    const row = db.query(sql).get();
+    return row?.count ?? 0;
+  } catch {
+    return 0;
+  }
+}
+function checkLocalIntegrity(options = {}, db) {
+  const d = db || getDatabase();
+  const bridge = createLocalBridgeBundle({
+    project_id: options.project_id,
+    generatedAt: options.generated_at,
+    version: options.version ?? getPackageVersion(import.meta.url)
+  }, d);
+  const bridgeValidation = validateLocalBridgeBundle(bridge);
+  const sqlite = sqliteIntegrity(d);
+  const orphans = orphanedRows(d);
+  const issues = [];
+  const warnings = [];
+  if (!sqlite.ok)
+    issues.push("SQLite integrity check failed");
+  if (!bridgeValidation.ok)
+    issues.push(...bridgeValidation.issues.map((issue) => `bridge: ${issue}`));
+  const orphanTotal = Object.values(orphans).reduce((sum, value) => sum + value, 0);
+  if (orphanTotal > 0)
+    issues.push(`${orphanTotal} orphaned local row(s) detected`);
+  if (count(d, "tasks") === 0)
+    warnings.push("no tasks found in local store");
+  return {
+    schema_version: TODOS_LOCAL_INTEGRITY_SCHEMA_VERSION,
+    kind: TODOS_LOCAL_INTEGRITY_KIND,
+    local_only: true,
+    no_network: true,
+    generated_at: options.generated_at ?? now(),
+    database_path: getDatabasePath(),
+    sqlite,
+    bridge_validation: bridgeValidation,
+    counts: bridge.stats,
+    orphaned_rows: orphans,
+    ok: issues.length === 0,
+    issues,
+    warnings
+  };
+}
+// src/lib/local-snapshots.ts
+init_database();
+import { createHash as createHash4 } from "crypto";
 
 // src/lib/activity-timeline.ts
 init_database();
@@ -10894,8 +11490,8 @@ function stable(value) {
     return value;
   return Object.fromEntries(Object.entries(value).sort(([left], [right]) => left.localeCompare(right)).map(([key, item]) => [key, stable(item)]));
 }
-function sha2562(value) {
-  return createHash3("sha256").update(JSON.stringify(stable(value))).digest("hex");
+function sha2563(value) {
+  return createHash4("sha256").update(JSON.stringify(stable(value))).digest("hex");
 }
 function latestTimestamp(items, fallback) {
   const timestamps = [];
@@ -11075,7 +11671,7 @@ function getLocalSnapshot(options, db) {
     package: source3(getPackageVersion(import.meta.url)),
     filters: body.filters,
     cursor,
-    fingerprint: sha2562(body),
+    fingerprint: sha2563(body),
     count: items.length,
     items,
     resources: {
@@ -11132,7 +11728,7 @@ function renderLocalSnapshotMarkdown(snapshot) {
 `;
 }
 // src/lib/sdk-integration-fixtures.ts
-import { mkdirSync as mkdirSync6, writeFileSync as writeFileSync4 } from "fs";
+import { mkdirSync as mkdirSync7, writeFileSync as writeFileSync5 } from "fs";
 import { join as join7 } from "path";
 
 // src/cli-mcp-parity.ts
@@ -11313,6 +11909,56 @@ var TODOS_CLI_MCP_PARITY = [
       mcpTool: "get_agent_reliability_scorecard"
     }
   },
+  {
+    domain: "local-reports",
+    cliCommands: [
+      "todos reports local"
+    ],
+    mcpTools: [
+      "list_local_report_types",
+      "build_local_report"
+    ],
+    jsonContracts: ["local_report", "task", "structured_error", "api_error"],
+    errorContracts: ["structured_error", "api_error"],
+    status: "matched",
+    intentionalGaps: [],
+    example: {
+      cli: "todos reports local --agent codex --format markdown",
+      mcpTool: "build_local_report"
+    }
+  },
+  {
+    domain: "local-backups",
+    cliCommands: [
+      "todos backup create",
+      "todos backup verify",
+      "todos backup restore",
+      "todos backup integrity"
+    ],
+    mcpTools: [
+      "create_local_backup",
+      "verify_local_backup",
+      "restore_local_backup",
+      "check_local_integrity"
+    ],
+    jsonContracts: [
+      "local_backup_bundle",
+      "local_backup_verification",
+      "local_backup_restore_result",
+      "local_integrity_report",
+      "local_bridge_bundle",
+      "local_bridge_import_result",
+      "structured_error",
+      "api_error"
+    ],
+    errorContracts: ["structured_error", "api_error"],
+    status: "matched",
+    intentionalGaps: [],
+    example: {
+      cli: "todos backup create --output todos-backup.json --json",
+      mcpTool: "create_local_backup"
+    }
+  },
   {
     domain: "local-fields",
     cliCommands: [
@@ -11334,6 +11980,29 @@ var TODOS_CLI_MCP_PARITY = [
       mcpTool: "set_task_fields"
     }
   },
+  {
+    domain: "workflow-states",
+    cliCommands: [
+      "todos workflow states",
+      "todos workflow set",
+      "todos workflow tasks",
+      "todos workflow migrate"
+    ],
+    mcpTools: [
+      "list_workflow_states",
+      "set_task_workflow_state",
+      "query_tasks_by_workflow_state",
+      "migrate_workflow_states"
+    ],
+    jsonContracts: ["workflow_state_config", "workflow_state_result", "workflow_state_migration", "task", "structured_error", "api_error"],
+    errorContracts: ["structured_error", "api_error"],
+    status: "matched",
+    intentionalGaps: [],
+    example: {
+      cli: "todos workflow set 1234abcd review --json",
+      mcpTool: "set_task_workflow_state"
+    }
+  },
   {
     domain: "dedupe",
     cliCommands: [
@@ -11528,6 +12197,51 @@ var TODOS_CLI_MCP_PARITY = [
       mcpTool: "check_release_compatibility"
     }
   },
+  {
+    domain: "usage-ledger",
+    cliCommands: ["todos usage report"],
+    mcpTools: ["get_usage_ledger"],
+    jsonContracts: ["local_usage_ledger", "structured_error", "api_error"],
+    errorContracts: ["structured_error", "api_error"],
+    status: "matched",
+    intentionalGaps: [],
+    example: {
+      cli: "todos usage report --agent codex --max-tasks 1000 --json",
+      mcpTool: "get_usage_ledger"
+    }
+  },
+  {
+    domain: "terminal-dashboard",
+    cliCommands: ["todos dashboard", "todos dashboard --snapshot"],
+    mcpTools: [],
+    jsonContracts: ["terminal_dashboard_snapshot", "structured_error", "api_error"],
+    errorContracts: ["structured_error", "api_error"],
+    status: "intentional-gap",
+    intentionalGaps: [{
+      cliCommand: "todos dashboard",
+      reason: "The interactive terminal dashboard is a human TUI surface; agents should use the underlying task, project, plan, run, dependency, inbox, and search MCP tools directly."
+    }],
+    gapReason: "Terminal UI keyboard navigation is not an MCP interaction model.",
+    example: {
+      cli: "todos dashboard --snapshot --view tasks --search release --json"
+    }
+  },
+  {
+    domain: "scale-hardening",
+    cliCommands: ["todos scale report", "todos scale compact"],
+    mcpTools: [],
+    jsonContracts: ["scale_performance_report", "scale_compaction_result", "structured_error", "api_error"],
+    errorContracts: ["structured_error", "api_error"],
+    status: "intentional-gap",
+    intentionalGaps: [{
+      cliCommand: "todos scale compact",
+      reason: "SQLite VACUUM is a local maintenance operation that can briefly lock the database; MCP agents should request explicit local CLI maintenance instead of invoking compaction through a remote-facing tool surface."
+    }],
+    gapReason: "Scale diagnostics and compaction are local operator maintenance commands, while MCP tools should use domain-specific task, run, and doctor APIs.",
+    example: {
+      cli: "todos scale report --older-than-days 30 --json"
+    }
+  },
   {
     domain: "templates",
     cliCommands: [
@@ -11651,6 +12365,7 @@ var TODOS_CLI_MCP_PARITY = [
     domain: "extensions",
     cliCommands: [
       "todos extensions list",
+      "todos extensions discover",
       "todos extensions inspect",
       "todos extensions compat",
       "todos extensions install",
@@ -11659,12 +12374,13 @@ var TODOS_CLI_MCP_PARITY = [
     ],
     mcpTools: [
       "list_local_extensions",
+      "discover_local_extensions",
       "inspect_local_extension",
       "test_local_extension_compatibility",
       "install_local_extension",
       "remove_local_extension"
     ],
-    jsonContracts: ["local_extension_compatibility", "structured_error", "api_error"],
+    jsonContracts: ["local_extension_compatibility", "local_extension_discovery", "structured_error", "api_error"],
     errorContracts: ["structured_error", "api_error"],
     status: "matched",
     example: {
@@ -12950,7 +13666,7 @@ function createSdkIntegrationFixturePack(options = {}) {
   };
 }
 function writeSdkIntegrationFixtures(directory, options = {}) {
-  mkdirSync6(directory, { recursive: true });
+  mkdirSync7(directory, { recursive: true });
   const pack = createSdkIntegrationFixturePack(options);
   const bundle = getOnboardingFixtureBundle("agent-project-demo");
   const files = [
@@ -12962,7 +13678,7 @@ function writeSdkIntegrationFixtures(directory, options = {}) {
   const written = [];
   for (const [name, payload] of files) {
     const file = join7(directory, name);
-    writeFileSync4(file, `${JSON.stringify(payload, null, 2)}
+    writeFileSync5(file, `${JSON.stringify(payload, null, 2)}
 `, "utf-8");
     written.push(file);
   }
@@ -13948,7 +14664,7 @@ function renderRoadmapMarkdown(idOrName, db) {
 }
 // src/lib/audit-ledger.ts
 init_database();
-import { createHash as createHash4 } from "crypto";
+import { createHash as createHash5 } from "crypto";
 var LOCAL_AUDIT_LEDGER_SCHEMA_VERSION = 1;
 var LOCAL_AUDIT_LEDGER_HASH_ALGORITHM = "sha256";
 var LOCAL_AUDIT_LEDGER_INITIAL_HASH = "0".repeat(64);
@@ -13961,7 +14677,7 @@ function canonicalize(value) {
   return `{${Object.keys(object).sort().map((key) => `${JSON.stringify(key)}:${canonicalize(object[key])}`).join(",")}}`;
 }
 function hash(value) {
-  return createHash4("sha256").update(value).digest("hex");
+  return createHash5("sha256").update(value).digest("hex");
 }
 function parsePayload(value) {
   if (!value)
@@ -14220,15 +14936,15 @@ function renderLocalAuditLedgerMarkdown(ledger) {
     `Scope: ${ledger.run_id ?? ledger.task_id ?? ledger.project_id ?? "all local evidence"}`,
     `Root hash: ${ledger.root_hash}`,
     `Entries: ${ledger.entry_count}`,
-    `Sources: ${Object.entries(ledger.source_counts).map(([source6, count]) => `${source6}=${count}`).join(", ") || "none"}`
+    `Sources: ${Object.entries(ledger.source_counts).map(([source6, count2]) => `${source6}=${count2}`).join(", ") || "none"}`
   ].join(`
 `);
 }
 // src/lib/release-compatibility.ts
 init_migrations();
 init_schema();
-import { readFileSync as readFileSync4 } from "fs";
-import { join as join8, resolve as resolve7 } from "path";
+import { readFileSync as readFileSync5 } from "fs";
+import { join as join8, resolve as resolve8 } from "path";
 import { Database as Database2 } from "bun:sqlite";
 var LOCAL_RELEASE_COMPATIBILITY_SCHEMA_VERSION = 1;
 var EXPECTED_PACKAGE_NAME = "@hasna/todos";
@@ -14274,7 +14990,7 @@ function warn(id, message, details) {
   return { id, status: "warning", message, details };
 }
 function readPackageJson(root) {
-  return JSON.parse(readFileSync4(join8(root, "package.json"), "utf8"));
+  return JSON.parse(readFileSync5(join8(root, "package.json"), "utf8"));
 }
 function sortedKeys(value) {
   return Object.keys(value ?? {}).sort((left, right) => left.localeCompare(right));
@@ -14370,7 +15086,7 @@ function checkChangelog() {
   ];
 }
 function createReleaseCompatibilityReport(options = {}) {
-  const root = resolve7(options.root ?? process.cwd());
+  const root = resolve8(options.root ?? process.cwd());
   const packageJson = readPackageJson(root);
   const simulatedLevels = options.simulated_levels ?? defaultSimulationLevels();
   const checks = [
@@ -14481,7 +15197,7 @@ function renderReleaseCompatibilityMarkdown(report) {
 `);
 }
 // src/db/inbox.ts
-import { createHash as createHash5 } from "crypto";
+import { createHash as createHash6 } from "crypto";
 
 // src/lib/github.ts
 import { execFileSync } from "child_process";
@@ -14564,7 +15280,7 @@ function compactWhitespace(value) {
 function fingerprintInboxInput(input) {
   const sourceType = input.source_type || detectInboxSourceType(input.body, input.source_url);
   const normalized = compactWhitespace(redactEvidenceText(input.body)).slice(0, 8000);
-  return createHash5("sha256").update(`${sourceType}
+  return createHash6("sha256").update(`${sourceType}
 ${input.source_url || ""}
 ${normalized}`).digest("hex");
 }
@@ -16094,8 +16810,755 @@ async function checkLocalNotifications(input = {}, db) {
     warnings
   };
 }
+// src/lib/usage-ledger.ts
+init_database();
+var LOCAL_USAGE_LEDGER_SCHEMA_VERSION = 1;
+function numberValue(value) {
+  if (typeof value === "number" && Number.isFinite(value))
+    return value;
+  if (typeof value === "string" && value.trim() !== "") {
+    const parsed = Number(value);
+    if (Number.isFinite(parsed))
+      return parsed;
+  }
+  return 0;
+}
+function sumDirectNumber(record, keys) {
+  let value = 0;
+  for (const [rawKey, rawValue] of Object.entries(record)) {
+    const key = rawKey.toLowerCase();
+    if (keys.includes(key))
+      value += Math.max(0, numberValue(rawValue));
+  }
+  return value;
+}
+function maxDirectNumber(record, keys) {
+  let value = 0;
+  for (const [rawKey, rawValue] of Object.entries(record)) {
+    const key = rawKey.toLowerCase();
+    if (keys.includes(key))
+      value = Math.max(value, numberValue(rawValue));
+  }
+  return Math.max(0, value);
+}
+function extractUsage(value) {
+  if (!value || typeof value !== "object")
+    return { tokens: 0, cost_usd: 0, duration_ms: 0, records: 0 };
+  if (Array.isArray(value)) {
+    return value.reduce((acc, item) => {
+      const usage = extractUsage(item);
+      acc.tokens += usage.tokens;
+      acc.cost_usd += usage.cost_usd;
+      acc.duration_ms += usage.duration_ms;
+      acc.records += usage.records;
+      return acc;
+    }, { tokens: 0, cost_usd: 0, duration_ms: 0, records: 0 });
+  }
+  const record = value;
+  const explicitTokens = maxDirectNumber(record, ["tokens", "total_tokens", "token_count"]);
+  const splitTokens2 = sumDirectNumber(record, ["input_tokens", "output_tokens", "prompt_tokens", "completion_tokens"]);
+  const cost = maxDirectNumber(record, ["cost_usd", "usd", "price_usd", "amount_usd", "cost"]);
+  const duration = maxDirectNumber(record, ["duration_ms", "elapsed_ms", "latency_ms"]);
+  const own = {
+    tokens: explicitTokens || splitTokens2,
+    cost_usd: cost,
+    duration_ms: duration,
+    records: explicitTokens || splitTokens2 || cost || duration ? 1 : 0
+  };
+  for (const [key, child] of Object.entries(record)) {
+    if (["tokens", "total_tokens", "token_count", "input_tokens", "output_tokens", "prompt_tokens", "completion_tokens", "cost_usd", "usd", "price_usd", "amount_usd", "cost", "duration_ms", "elapsed_ms", "latency_ms"].includes(key.toLowerCase())) {
+      continue;
+    }
+    const nested = extractUsage(child);
+    own.tokens += nested.tokens;
+    own.cost_usd += nested.cost_usd;
+    own.duration_ms += nested.duration_ms;
+    own.records += nested.records;
+  }
+  return own;
+}
+function parseJsonObject4(value) {
+  if (!value)
+    return {};
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function millisBetween(start, end) {
+  if (!start || !end)
+    return 0;
+  const startMs = Date.parse(start);
+  const endMs = Date.parse(end);
+  if (!Number.isFinite(startMs) || !Number.isFinite(endMs) || endMs < startMs)
+    return 0;
+  return endMs - startMs;
+}
+function addTaskScope(where, params, options, alias = "t") {
+  if (options.project_id) {
+    where.push(`${alias}.project_id = ?`);
+    params.push(options.project_id);
+  }
+  if (options.agent_id) {
+    where.push(`(${alias}.agent_id = ? OR ${alias}.assigned_to = ?)`);
+    params.push(options.agent_id, options.agent_id);
+  }
+  if (options.since) {
+    where.push(`${alias}.created_at >= ?`);
+    params.push(options.since);
+  }
+  if (options.until) {
+    where.push(`${alias}.created_at <= ?`);
+    params.push(options.until);
+  }
+}
+function addRunScope(where, params, options, runAlias = "r", taskAlias = "t") {
+  if (options.project_id) {
+    where.push(`${taskAlias}.project_id = ?`);
+    params.push(options.project_id);
+  }
+  if (options.agent_id) {
+    where.push(`(${runAlias}.agent_id = ? OR ${taskAlias}.agent_id = ? OR ${taskAlias}.assigned_to = ?)`);
+    params.push(options.agent_id, options.agent_id, options.agent_id);
+  }
+  if (options.since) {
+    where.push(`${runAlias}.started_at >= ?`);
+    params.push(options.since);
+  }
+  if (options.until) {
+    where.push(`${runAlias}.started_at <= ?`);
+    params.push(options.until);
+  }
+}
+function addTraceScope(where, params, options, traceAlias = "tr", taskAlias = "t") {
+  if (options.project_id) {
+    where.push(`${taskAlias}.project_id = ?`);
+    params.push(options.project_id);
+  }
+  if (options.agent_id) {
+    where.push(`(${traceAlias}.agent_id = ? OR ${taskAlias}.agent_id = ? OR ${taskAlias}.assigned_to = ?)`);
+    params.push(options.agent_id, options.agent_id, options.agent_id);
+  }
+  if (options.since) {
+    where.push(`${traceAlias}.created_at >= ?`);
+    params.push(options.since);
+  }
+  if (options.until) {
+    where.push(`${traceAlias}.created_at <= ?`);
+    params.push(options.until);
+  }
+}
+function queryOne(db, sql, params) {
+  return db.query(sql).get(...params);
+}
+function queryAll(db, sql, params) {
+  return db.query(sql).all(...params);
+}
+function rounded(value, places = 6) {
+  if (!Number.isFinite(value))
+    return 0;
+  const factor = 10 ** places;
+  return Math.round(value * factor) / factor;
+}
+function quotaLimit(name, limit, used) {
+  if (limit === undefined || !Number.isFinite(limit) || limit < 0)
+    return null;
+  const normalized = name === "max_cost_usd" ? rounded(limit) : Math.floor(limit);
+  const roundedUsed = name === "max_cost_usd" ? rounded(used) : Math.floor(used);
+  return {
+    name,
+    limit: normalized,
+    used: roundedUsed,
+    remaining: rounded(normalized - roundedUsed),
+    exceeded: roundedUsed > normalized
+  };
+}
+function buildQuota(options, report) {
+  const quotas = options.quotas || {};
+  const limits2 = [
+    quotaLimit("max_tasks", quotas.max_tasks, report.counts.tasks),
+    quotaLimit("max_projects", quotas.max_projects, report.counts.projects),
+    quotaLimit("max_runs", quotas.max_runs, report.counts.runs),
+    quotaLimit("max_commands", quotas.max_commands, report.counts.commands),
+    quotaLimit("max_tokens", quotas.max_tokens, report.usage.total_tokens),
+    quotaLimit("max_cost_usd", quotas.max_cost_usd, report.usage.total_cost_usd),
+    quotaLimit("max_storage_bytes", quotas.max_storage_bytes, report.storage.evidence_bytes)
+  ].filter((item) => Boolean(item));
+  const exceeded = limits2.filter((item) => item.exceeded).map((item) => item.name);
+  return {
+    simulated: limits2.length > 0,
+    limits: limits2,
+    exceeded,
+    allowed: exceeded.length === 0
+  };
+}
+function createLocalUsageLedger(options = {}, db) {
+  const d = db || getDatabase();
+  const generatedAt = options.generated_at || new Date().toISOString();
+  const taskWhere = [];
+  const taskParams = [];
+  addTaskScope(taskWhere, taskParams, options);
+  const taskClause = taskWhere.length ? `WHERE ${taskWhere.join(" AND ")}` : "";
+  const taskTotals = queryOne(d, `SELECT COUNT(*) as tasks, COALESCE(SUM(cost_tokens), 0) as task_tokens, COALESCE(SUM(cost_usd), 0) as task_cost_usd FROM tasks t ${taskClause}`, taskParams);
+  let projectCount = 0;
+  if (options.project_id) {
+    projectCount = queryOne(d, "SELECT COUNT(*) as count FROM projects WHERE id = ?", [options.project_id]).count;
+  } else if (options.agent_id) {
+    const projectWhere = ["t.project_id IS NOT NULL"];
+    const projectParams = [];
+    addTaskScope(projectWhere, projectParams, options);
+    projectCount = queryOne(d, `SELECT COUNT(DISTINCT t.project_id) as count FROM tasks t WHERE ${projectWhere.join(" AND ")}`, projectParams).count;
+  } else {
+    projectCount = queryOne(d, "SELECT COUNT(*) as count FROM projects", []).count;
+  }
+  const runWhere = [];
+  const runParams = [];
+  addRunScope(runWhere, runParams, options);
+  const runClause = runWhere.length ? `WHERE ${runWhere.join(" AND ")}` : "";
+  const runs = queryAll(d, `SELECT r.id, r.started_at, r.completed_at, r.metadata
+       FROM task_runs r JOIN tasks t ON t.id = r.task_id
+       ${runClause}`, runParams);
+  const commandTotals = queryOne(d, `SELECT COUNT(*) as commands
+       FROM task_run_commands c
+       JOIN task_runs r ON r.id = c.run_id
+       JOIN tasks t ON t.id = c.task_id
+       ${runClause}`, runParams);
+  const artifactTotals = queryOne(d, `SELECT COUNT(*) as artifacts, COALESCE(SUM(a.size_bytes), 0) as bytes
+       FROM task_run_artifacts a
+       JOIN task_runs r ON r.id = a.run_id
+       JOIN tasks t ON t.id = a.task_id
+       ${runClause}`, runParams);
+  const traceWhere = [];
+  const traceParams = [];
+  addTraceScope(traceWhere, traceParams, options);
+  const traceClause = traceWhere.length ? `WHERE ${traceWhere.join(" AND ")}` : "";
+  const traceTotals = queryOne(d, `SELECT COUNT(*) as traces,
+            COALESCE(SUM(tr.tokens), 0) as tokens,
+            COALESCE(SUM(tr.cost_usd), 0) as cost_usd,
+            COALESCE(SUM(tr.duration_ms), 0) as duration_ms
+       FROM task_traces tr
+       JOIN tasks t ON t.id = tr.task_id
+       ${traceClause}`, traceParams);
+  let completedRunMs = 0;
+  let openRunMs = 0;
+  let metadataUsage = { tokens: 0, cost_usd: 0, duration_ms: 0, records: 0 };
+  for (const run of runs) {
+    if (run.completed_at)
+      completedRunMs += millisBetween(run.started_at, run.completed_at);
+    else
+      openRunMs += millisBetween(run.started_at, generatedAt);
+    const usage = extractUsage(parseJsonObject4(run.metadata));
+    metadataUsage.tokens += usage.tokens;
+    metadataUsage.cost_usd += usage.cost_usd;
+    metadataUsage.duration_ms += usage.duration_ms;
+    metadataUsage.records += usage.records;
+  }
+  const eventRows = queryAll(d, `SELECT e.data
+       FROM task_run_events e
+       JOIN task_runs r ON r.id = e.run_id
+       JOIN tasks t ON t.id = e.task_id
+       ${runClause}`, runParams);
+  for (const event of eventRows) {
+    const usage = extractUsage(parseJsonObject4(event.data));
+    metadataUsage.tokens += usage.tokens;
+    metadataUsage.cost_usd += usage.cost_usd;
+    metadataUsage.duration_ms += usage.duration_ms;
+    metadataUsage.records += usage.records;
+  }
+  const taskTokens = Number(taskTotals.task_tokens || 0);
+  const traceTokens = Number(traceTotals.tokens || 0);
+  const metadataTokens = metadataUsage.tokens;
+  const taskCost = Number(taskTotals.task_cost_usd || 0);
+  const traceCost = Number(traceTotals.cost_usd || 0);
+  const metadataCost = metadataUsage.cost_usd;
+  const traceMs = Number(traceTotals.duration_ms || 0);
+  const baseReport = {
+    schema_version: LOCAL_USAGE_LEDGER_SCHEMA_VERSION,
+    local_only: true,
+    no_network: true,
+    generated_at: generatedAt,
+    scope: {
+      project_id: options.project_id || null,
+      agent_id: options.agent_id || null,
+      since: options.since || null,
+      until: options.until || null
+    },
+    counts: {
+      tasks: Number(taskTotals.tasks || 0),
+      projects: Number(projectCount || 0),
+      runs: runs.length,
+      commands: Number(commandTotals.commands || 0),
+      artifacts: Number(artifactTotals.artifacts || 0),
+      traces: Number(traceTotals.traces || 0),
+      metadata_records: metadataUsage.records
+    },
+    durations: {
+      completed_run_ms: completedRunMs,
+      open_run_ms: openRunMs,
+      trace_ms: traceMs,
+      total_observed_ms: completedRunMs + openRunMs + traceMs + metadataUsage.duration_ms
+    },
+    usage: {
+      task_tokens: taskTokens,
+      trace_tokens: traceTokens,
+      metadata_tokens: metadataTokens,
+      total_tokens: taskTokens + traceTokens + metadataTokens,
+      task_cost_usd: rounded(taskCost),
+      trace_cost_usd: rounded(traceCost),
+      metadata_cost_usd: rounded(metadataCost),
+      total_cost_usd: rounded(taskCost + traceCost + metadataCost)
+    },
+    storage: {
+      artifact_bytes: Number(artifactTotals.bytes || 0),
+      evidence_bytes: Number(artifactTotals.bytes || 0)
+    },
+    redaction: {
+      raw_commands_included: false,
+      raw_artifact_paths_included: false,
+      aggregate_only: true
+    },
+    sources: ["tasks", "projects", "task_runs", "task_run_commands", "task_run_artifacts", "task_run_events", "task_traces"]
+  };
+  return {
+    ...baseReport,
+    quota: buildQuota(options, baseReport)
+  };
+}
+function renderLocalUsageLedgerMarkdown(report) {
+  const minutes2 = (report.durations.total_observed_ms / 60000).toFixed(1);
+  const lines = [
+    "# Local Usage Ledger",
+    "",
+    `Generated: ${report.generated_at}`,
+    `Scope: project=${report.scope.project_id || "all"} agent=${report.scope.agent_id || "all"}`,
+    "",
+    "## Counts",
+    `- Tasks: ${report.counts.tasks}`,
+    `- Projects: ${report.counts.projects}`,
+    `- Runs: ${report.counts.runs}`,
+    `- Commands: ${report.counts.commands}`,
+    `- Artifacts: ${report.counts.artifacts}`,
+    `- Traces: ${report.counts.traces}`,
+    "",
+    "## Usage",
+    `- Tokens: ${report.usage.total_tokens}`,
+    `- Cost USD: ${report.usage.total_cost_usd}`,
+    `- Observed duration minutes: ${minutes2}`,
+    `- Evidence bytes: ${report.storage.evidence_bytes}`,
+    "",
+    "## Quota"
+  ];
+  if (!report.quota.simulated) {
+    lines.push("- No local quota limits supplied.");
+  } else {
+    for (const limit of report.quota.limits) {
+      lines.push(`- ${limit.name}: ${limit.used}/${limit.limit}${limit.exceeded ? " exceeded" : ""}`);
+    }
+    lines.push(`- Allowed: ${report.quota.allowed ? "yes" : "no"}`);
+  }
+  lines.push("", "Raw commands and artifact paths are not included in this aggregate report.");
+  return lines.join(`
+`);
+}
+// src/lib/local-reports.ts
+init_database();
+init_database();
+var LOCAL_REPORT_SCHEMA_VERSION = 1;
+var LOCAL_REPORT_TYPES = [
+  "ready",
+  "blocked",
+  "overdue",
+  "standup",
+  "sprint",
+  "progress",
+  "run_outcomes",
+  "verification_evidence",
+  "agent_summary"
+];
+function limitValue(value) {
+  if (value === undefined || !Number.isFinite(value))
+    return 20;
+  return Math.max(1, Math.min(500, Math.trunc(value)));
+}
+function isTerminal(task2) {
+  return task2.status === "completed" || task2.status === "failed" || task2.status === "cancelled";
+}
+function sameAgent(task2, agentId) {
+  if (!agentId)
+    return true;
+  return task2.assigned_to === agentId || task2.agent_id === agentId;
+}
+function withinTaskWindow(task2, options) {
+  const time = Date.parse(task2.updated_at);
+  if (!Number.isFinite(time))
+    return true;
+  if (options.since && time < Date.parse(options.since))
+    return false;
+  if (options.until && time > Date.parse(options.until))
+    return false;
+  return true;
+}
+function scopedTasks(options, db) {
+  return listTasks({
+    project_id: options.project_id,
+    plan_id: options.plan_id,
+    include_archived: false
+  }, db).filter((task2) => sameAgent(task2, options.agent_id) && withinTaskWindow(task2, options));
+}
+function summarizeTask(task2) {
+  return {
+    id: task2.id,
+    short_id: task2.short_id,
+    title: task2.title,
+    status: task2.status,
+    priority: task2.priority,
+    project_id: task2.project_id,
+    plan_id: task2.plan_id,
+    assigned_to: task2.assigned_to,
+    due_at: task2.due_at,
+    updated_at: task2.updated_at
+  };
+}
+function overdueTasks(tasks, nowIso) {
+  const now2 = Date.parse(nowIso);
+  return tasks.filter((task2) => {
+    if (isTerminal(task2) || !task2.due_at)
+      return false;
+    const due = Date.parse(task2.due_at);
+    return Number.isFinite(due) && due < now2;
+  });
+}
+function isReady(task2, db) {
+  if (task2.status !== "pending")
+    return false;
+  if (task2.locked_by && !isLockExpired(task2.locked_at))
+    return false;
+  return getBlockingDeps(task2.id, db).length === 0;
+}
+function pushTaskCounts(summary, task2, blockedIds, overdueIds) {
+  summary.task_counts.total += 1;
+  summary.task_counts[task2.status] += 1;
+  if (blockedIds.has(task2.id))
+    summary.task_counts.blocked += 1;
+  if (overdueIds.has(task2.id))
+    summary.task_counts.overdue += 1;
+}
+function initialAgentSummary(agentId) {
+  return {
+    agent_id: agentId,
+    task_counts: {
+      total: 0,
+      pending: 0,
+      in_progress: 0,
+      completed: 0,
+      failed: 0,
+      cancelled: 0,
+      blocked: 0,
+      overdue: 0
+    },
+    run_outcomes: {
+      running: 0,
+      completed: 0,
+      failed: 0,
+      cancelled: 0
+    },
+    verification_outcomes: {
+      passed: 0,
+      failed: 0,
+      unknown: 0
+    }
+  };
+}
+function addScopeClauses(where, params, options, timeColumn) {
+  if (options.project_id) {
+    where.push("t.project_id = ?");
+    params.push(options.project_id);
+  }
+  if (options.plan_id) {
+    where.push("t.plan_id = ?");
+    params.push(options.plan_id);
+  }
+  if (options.agent_id) {
+    where.push("(r.agent_id = ? OR t.agent_id = ? OR t.assigned_to = ?)");
+    params.push(options.agent_id, options.agent_id, options.agent_id);
+  }
+  if (options.since) {
+    where.push(`${timeColumn} >= ?`);
+    params.push(options.since);
+  }
+  if (options.until) {
+    where.push(`${timeColumn} <= ?`);
+    params.push(options.until);
+  }
+}
+function loadRuns(options, db) {
+  const where = ["t.archived_at IS NULL"];
+  const params = [];
+  addScopeClauses(where, params, options, "r.started_at");
+  return db.query(`
+    SELECT
+      r.id,
+      r.task_id,
+      t.title AS task_title,
+      t.project_id,
+      t.plan_id,
+      t.agent_id AS task_agent_id,
+      t.assigned_to,
+      r.agent_id,
+      r.status,
+      r.summary,
+      r.started_at,
+      r.completed_at,
+      SUM(CASE WHEN c.status = 'passed' THEN 1 ELSE 0 END) AS passed_commands,
+      SUM(CASE WHEN c.status = 'failed' THEN 1 ELSE 0 END) AS failed_commands,
+      SUM(CASE WHEN c.status = 'unknown' THEN 1 ELSE 0 END) AS unknown_commands,
+      COUNT(DISTINCT a.id) AS artifacts
+    FROM task_runs r
+    JOIN tasks t ON t.id = r.task_id
+    LEFT JOIN task_run_commands c ON c.run_id = r.id
+    LEFT JOIN task_run_artifacts a ON a.run_id = r.id
+    WHERE ${where.join(" AND ")}
+    GROUP BY r.id
+    ORDER BY r.started_at DESC, r.created_at DESC
+  `).all(...params);
+}
+function loadVerifications(options, db) {
+  const where = ["t.archived_at IS NULL"];
+  const params = [];
+  if (options.project_id) {
+    where.push("t.project_id = ?");
+    params.push(options.project_id);
+  }
+  if (options.plan_id) {
+    where.push("t.plan_id = ?");
+    params.push(options.plan_id);
+  }
+  if (options.agent_id) {
+    where.push("(v.agent_id = ? OR t.agent_id = ? OR t.assigned_to = ?)");
+    params.push(options.agent_id, options.agent_id, options.agent_id);
+  }
+  if (options.since) {
+    where.push("v.run_at >= ?");
+    params.push(options.since);
+  }
+  if (options.until) {
+    where.push("v.run_at <= ?");
+    params.push(options.until);
+  }
+  return db.query(`
+    SELECT
+      v.id,
+      v.task_id,
+      t.title AS task_title,
+      t.project_id,
+      t.plan_id,
+      t.agent_id AS task_agent_id,
+      t.assigned_to,
+      v.agent_id,
+      v.status,
+      v.command,
+      v.output_summary,
+      v.run_at
+    FROM task_verifications v
+    JOIN tasks t ON t.id = v.task_id
+    WHERE ${where.join(" AND ")}
+    ORDER BY v.run_at DESC, v.created_at DESC
+  `).all(...params);
+}
+function agentKey(value) {
+  return value || "unassigned";
+}
+function listLocalReportTypes() {
+  return [...LOCAL_REPORT_TYPES];
+}
+function createLocalReport(options = {}, db) {
+  const d = db || getDatabase();
+  const limit = limitValue(options.limit);
+  const generatedAt = options.generated_at ?? new Date().toISOString();
+  const nowIso = options.now ?? generatedAt;
+  const tasks = scopedTasks(options, d);
+  const overdue = overdueTasks(tasks, nowIso);
+  const overdueIds = new Set(overdue.map((task2) => task2.id));
+  const blocked = tasks.filter((task2) => task2.status === "pending").map((task2) => ({ task: task2, blockers: getBlockingDeps(task2.id, d) })).filter((item) => item.blockers.length > 0);
+  const blockedIds = new Set(blocked.map((item) => item.task.id));
+  const ready = tasks.filter((task2) => isReady(task2, d));
+  const runs = loadRuns(options, d);
+  const verifications = loadVerifications(options, d);
+  const planSummaries = listPlans(options.project_id, d).filter((plan) => !options.plan_id || plan.id === options.plan_id).map((plan) => {
+    const planTasks = tasks.filter((task2) => task2.plan_id === plan.id);
+    const completed = planTasks.filter((task2) => task2.status === "completed").length;
+    const total = planTasks.length;
+    return {
+      id: plan.id,
+      name: plan.name,
+      status: plan.status,
+      project_id: plan.project_id,
+      agent_id: plan.agent_id,
+      counts: {
+        total,
+        pending: planTasks.filter((task2) => task2.status === "pending").length,
+        in_progress: planTasks.filter((task2) => task2.status === "in_progress").length,
+        completed,
+        failed: planTasks.filter((task2) => task2.status === "failed").length,
+        cancelled: planTasks.filter((task2) => task2.status === "cancelled").length,
+        blocked: planTasks.filter((task2) => blockedIds.has(task2.id)).length,
+        overdue: planTasks.filter((task2) => overdueIds.has(task2.id)).length
+      },
+      progress_percent: total === 0 ? 0 : Math.round(completed / total * 100)
+    };
+  }).filter((plan) => plan.counts.total > 0 || options.plan_id === plan.id);
+  const runOutcomes = { running: 0, completed: 0, failed: 0, cancelled: 0 };
+  for (const run of runs)
+    runOutcomes[run.status] += 1;
+  const verificationOutcomes = { passed: 0, failed: 0, unknown: 0 };
+  for (const verification of verifications)
+    verificationOutcomes[verification.status] += 1;
+  const agents = new Map;
+  function getAgent(id) {
+    if (!agents.has(id))
+      agents.set(id, initialAgentSummary(id));
+    return agents.get(id);
+  }
+  for (const task2 of tasks) {
+    const summary = getAgent(agentKey(task2.assigned_to || task2.agent_id));
+    pushTaskCounts(summary, task2, blockedIds, overdueIds);
+  }
+  for (const run of runs) {
+    const summary = getAgent(agentKey(run.agent_id || run.assigned_to || run.task_agent_id));
+    summary.run_outcomes[run.status] += 1;
+  }
+  for (const verification of verifications) {
+    const summary = getAgent(agentKey(verification.agent_id || verification.assigned_to || verification.task_agent_id));
+    summary.verification_outcomes[verification.status] += 1;
+  }
+  return {
+    schema_version: LOCAL_REPORT_SCHEMA_VERSION,
+    local_only: true,
+    no_network: true,
+    generated_at: generatedAt,
+    scope: {
+      project_id: options.project_id ?? null,
+      plan_id: options.plan_id ?? null,
+      agent_id: options.agent_id ?? null,
+      since: options.since ?? null,
+      until: options.until ?? null
+    },
+    report_types: listLocalReportTypes(),
+    views: {
+      ready: {
+        type: "ready",
+        total: ready.length,
+        items: ready.slice(0, limit).map(summarizeTask)
+      },
+      blocked: {
+        type: "blocked",
+        total: blocked.length,
+        items: blocked.slice(0, limit).map(({ task: task2, blockers }) => ({
+          ...summarizeTask(task2),
+          blocked_by: blockers.map(summarizeTask)
+        }))
+      },
+      overdue: {
+        type: "overdue",
+        total: overdue.length,
+        items: overdue.slice(0, limit).map(summarizeTask)
+      }
+    },
+    plans: planSummaries,
+    runs: {
+      outcomes: runOutcomes,
+      recent: runs.slice(0, limit).map((run) => ({
+        id: run.id,
+        task_id: run.task_id,
+        task_title: run.task_title,
+        agent_id: run.agent_id,
+        status: run.status,
+        summary: run.summary,
+        started_at: run.started_at,
+        completed_at: run.completed_at,
+        command_outcomes: {
+          passed: Number(run.passed_commands || 0),
+          failed: Number(run.failed_commands || 0),
+          unknown: Number(run.unknown_commands || 0)
+        },
+        artifacts: Number(run.artifacts || 0)
+      }))
+    },
+    verification: {
+      outcomes: verificationOutcomes,
+      recent: verifications.slice(0, limit).map((verification) => ({
+        id: verification.id,
+        task_id: verification.task_id,
+        task_title: verification.task_title,
+        agent_id: verification.agent_id,
+        status: verification.status,
+        command: verification.command,
+        output_summary: verification.output_summary,
+        run_at: verification.run_at
+      }))
+    },
+    agents: [...agents.values()].sort((left, right) => left.agent_id.localeCompare(right.agent_id)),
+    exports: {
+      json_contract: "local_report",
+      markdown_supported: true
+    }
+  };
+}
+function taskLine(task2) {
+  const due = task2.due_at ? ` due ${task2.due_at.slice(0, 10)}` : "";
+  const assignee = task2.assigned_to ? ` @${task2.assigned_to}` : "";
+  return `- ${task2.short_id || task2.id.slice(0, 8)} ${task2.title} [${task2.status}/${task2.priority}]${assignee}${due}`;
+}
+function outcomeLine(values) {
+  return Object.entries(values).map(([key, value]) => `${key}: ${value}`).join(", ");
+}
+function renderLocalReportMarkdown(report) {
+  const lines = [
+    "# Local Agent Report",
+    "",
+    `Generated: ${report.generated_at}`,
+    `Scope: project ${report.scope.project_id ?? "all"}; plan ${report.scope.plan_id ?? "all"}; agent ${report.scope.agent_id ?? "all"}`,
+    "",
+    "## Task Views",
+    "",
+    `Ready (${report.views.ready.total})`,
+    ...report.views.ready.items.length ? report.views.ready.items.map(taskLine) : ["- none"],
+    "",
+    `Blocked (${report.views.blocked.total})`,
+    ...report.views.blocked.items.length ? report.views.blocked.items.map((task2) => `${taskLine(task2)}; blocked by ${task2.blocked_by.map((item) => item.short_id || item.id.slice(0, 8)).join(", ")}`) : ["- none"],
+    "",
+    `Overdue (${report.views.overdue.total})`,
+    ...report.views.overdue.items.length ? report.views.overdue.items.map(taskLine) : ["- none"],
+    "",
+    "## Plans"
+  ];
+  if (report.plans.length === 0)
+    lines.push("- none");
+  for (const plan of report.plans) {
+    lines.push(`- ${plan.name}: ${plan.progress_percent}% complete, ${plan.counts.blocked} blocked, ${plan.counts.overdue} overdue`);
+  }
+  lines.push("", "## Runs", outcomeLine(report.runs.outcomes));
+  for (const run of report.runs.recent) {
+    lines.push(`- ${run.id.slice(0, 8)} ${run.status} ${run.task_title}${run.summary ? `: ${run.summary}` : ""}`);
+  }
+  lines.push("", "## Verification", outcomeLine(report.verification.outcomes));
+  for (const verification of report.verification.recent) {
+    lines.push(`- ${verification.status} ${verification.task_title}: ${verification.output_summary || verification.command}`);
+  }
+  lines.push("", "## Agents");
+  if (report.agents.length === 0)
+    lines.push("- none");
+  for (const agent of report.agents) {
+    lines.push(`- ${agent.agent_id}: ${agent.task_counts.total} tasks, ${agent.task_counts.blocked} blocked, ${agent.task_counts.overdue} overdue, runs ${outcomeLine(agent.run_outcomes)}, verification ${outcomeLine(agent.verification_outcomes)}`);
+  }
+  return `${lines.join(`
+`)}
+`;
+}
 // src/lib/local-encryption.ts
-import { createCipheriv, createDecipheriv, createHash as createHash6, randomBytes, scryptSync, timingSafeEqual } from "crypto";
+import { createCipheriv, createDecipheriv, createHash as createHash7, randomBytes, scryptSync, timingSafeEqual } from "crypto";
 var TODOS_ENCRYPTED_VALUE_KIND = "hasna.todos.encrypted-value";
 var TODOS_ENCRYPTED_BRIDGE_KIND = "hasna.todos.encrypted-bridge";
 var TODOS_ENCRYPTION_SCHEMA_VERSION = 1;
@@ -16120,8 +17583,8 @@ class EncryptedPayloadError extends Error {
 function now2() {
   return new Date().toISOString();
 }
-function sha2563(value) {
-  return createHash6("sha256").update(value).digest("hex");
+function sha2564(value) {
+  return createHash7("sha256").update(value).digest("hex");
 }
 function normalizeProfileName(value) {
   const name = (value || DEFAULT_ENCRYPTION_PROFILE).trim();
@@ -16220,7 +17683,7 @@ function encryptString(plaintext, options = {}) {
     iv: iv.toString("base64"),
     auth_tag: authTag.toString("base64"),
     ciphertext: ciphertext.toString("base64"),
-    plaintext_sha256: sha2563(plaintext)
+    plaintext_sha256: sha2564(plaintext)
   };
 }
 function isEncryptedValue(value) {
@@ -16245,7 +17708,7 @@ function decryptString(envelope, env = process.env) {
     decipher.final()
   ]).toString("utf8");
   const expected = Buffer.from(envelope.plaintext_sha256, "hex");
-  const actual = Buffer.from(sha2563(plaintext), "hex");
+  const actual = Buffer.from(sha2564(plaintext), "hex");
   if (expected.length !== actual.length || !timingSafeEqual(expected, actual)) {
     throw new EncryptedPayloadError("decrypted payload checksum mismatch");
   }