@hasna/todos 0.11.52 → 0.11.53

package/dist/storage.js

@@ -1353,6 +1353,15 @@ function ensureSchema(db) {
       task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
       tag TEXT NOT NULL, PRIMARY KEY (task_id, tag)
     )`);
+  ensureTable("tags", `
+    CREATE TABLE tags (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL UNIQUE,
+      color TEXT,
+      description TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
   ensureTable("task_dependencies", `
     CREATE TABLE task_dependencies (
       task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
@@ -1566,6 +1575,36 @@ function ensureSchema(db) {
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_task ON task_git_refs(task_id)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_lookup ON task_git_refs(ref_type, name)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_git_refs_url ON task_git_refs(url)");
+  ensureTable("task_commits", `
+    CREATE TABLE task_commits (
+      id TEXT PRIMARY KEY,
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      sha TEXT NOT NULL,
+      message TEXT,
+      author TEXT,
+      files_changed TEXT,
+      committed_at TEXT,
+      branch TEXT,
+      pr_url TEXT,
+      pr_number INTEGER,
+      pr_state TEXT,
+      ci_snapshot TEXT,
+      release_tag TEXT,
+      repo_path TEXT,
+      traceability TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(task_id, sha)
+    )`);
+  ensureColumn("task_commits", "branch", "TEXT");
+  ensureColumn("task_commits", "pr_url", "TEXT");
+  ensureColumn("task_commits", "pr_number", "INTEGER");
+  ensureColumn("task_commits", "pr_state", "TEXT");
+  ensureColumn("task_commits", "ci_snapshot", "TEXT");
+  ensureColumn("task_commits", "release_tag", "TEXT");
+  ensureColumn("task_commits", "repo_path", "TEXT");
+  ensureColumn("task_commits", "traceability", "TEXT DEFAULT '{}'");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_commits_task ON task_commits(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_commits_sha ON task_commits(sha)");
   ensureTable("task_verifications", `
     CREATE TABLE task_verifications (
       id TEXT PRIMARY KEY,
@@ -1750,6 +1789,9 @@ function ensureSchema(db) {
   ensureColumn("tasks", "max_retries", "INTEGER DEFAULT 3");
   ensureColumn("tasks", "retry_after", "TEXT");
   ensureColumn("tasks", "sla_minutes", "INTEGER");
+  ensureColumn("tasks", "scheduled_start_at", "TEXT");
+  ensureColumn("tasks", "priority_score", "INTEGER");
+  ensureColumn("tasks", "priority_reason", "TEXT");
   ensureColumn("tasks", "archived_at", "TEXT");
   ensureColumn("agents", "role", "TEXT DEFAULT 'agent'");
   ensureColumn("agents", "permissions", `TEXT DEFAULT '["*"]'`);
@@ -1872,6 +1914,7 @@ function ensureSchema(db) {
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_lists_slug ON task_lists(slug)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_tags_tag ON task_tags(tag)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_tags_task ON task_tags(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_tags_name ON tags(name)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_plans_project ON plans(project_id)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_plans_status ON plans(status)");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_plans_task_list ON plans(task_list_id)");
@@ -2009,6 +2052,217 @@ function ensureSchema(db) {
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_cycles_dates ON cycles(start_date, end_date)");
   ensureColumn("tasks", "cycle_id", "TEXT REFERENCES cycles(id) ON DELETE SET NULL");
   ensureIndex("CREATE INDEX IF NOT EXISTS idx_tasks_cycle ON tasks(cycle_id) WHERE cycle_id IS NOT NULL");
+  ensureTable("labels", `
+    CREATE TABLE labels (
+      id TEXT PRIMARY KEY,
+      project_id TEXT REFERENCES projects(id) ON DELETE CASCADE,
+      name TEXT NOT NULL,
+      color TEXT,
+      description TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(project_id, name)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_labels_project ON labels(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_labels_name ON labels(name)");
+  ensureTable("task_labels", `
+    CREATE TABLE task_labels (
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      label_id TEXT NOT NULL REFERENCES labels(id) ON DELETE CASCADE,
+      PRIMARY KEY (task_id, label_id)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_labels_task ON task_labels(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_labels_label ON task_labels(label_id)");
+  ensureTable("custom_field_definitions", `
+    CREATE TABLE custom_field_definitions (
+      id TEXT PRIMARY KEY,
+      project_id TEXT REFERENCES projects(id) ON DELETE CASCADE,
+      name TEXT NOT NULL,
+      slug TEXT NOT NULL,
+      field_type TEXT NOT NULL CHECK(field_type IN ('text', 'number', 'boolean', 'date', 'enum')),
+      options TEXT DEFAULT '[]',
+      required INTEGER NOT NULL DEFAULT 0,
+      default_value TEXT,
+      sort_order INTEGER NOT NULL DEFAULT 0,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      UNIQUE(project_id, slug)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_custom_fields_project ON custom_field_definitions(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_custom_fields_slug ON custom_field_definitions(slug)");
+  ensureTable("task_custom_field_values", `
+    CREATE TABLE task_custom_field_values (
+      task_id TEXT NOT NULL REFERENCES tasks(id) ON DELETE CASCADE,
+      field_id TEXT NOT NULL REFERENCES custom_field_definitions(id) ON DELETE CASCADE,
+      value TEXT,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      PRIMARY KEY (task_id, field_id)
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_custom_values_task ON task_custom_field_values(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_custom_values_field ON task_custom_field_values(field_id)");
+  ensureTable("saved_views", `
+    CREATE TABLE saved_views (
+      id TEXT PRIMARY KEY,
+      name TEXT NOT NULL UNIQUE,
+      slug TEXT NOT NULL UNIQUE,
+      entity_type TEXT NOT NULL DEFAULT 'task',
+      filters TEXT NOT NULL DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_saved_views_slug ON saved_views(slug)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_saved_views_entity ON saved_views(entity_type)");
+  ensureTable("decision_records", `
+    CREATE TABLE decision_records (
+      id TEXT PRIMARY KEY,
+      project_id TEXT REFERENCES projects(id) ON DELETE SET NULL,
+      task_id TEXT REFERENCES tasks(id) ON DELETE SET NULL,
+      plan_id TEXT REFERENCES plans(id) ON DELETE SET NULL,
+      agent_id TEXT,
+      sequence_num INTEGER NOT NULL,
+      short_ref TEXT NOT NULL UNIQUE,
+      title TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'proposed' CHECK(status IN ('proposed', 'accepted', 'deprecated', 'superseded', 'rejected')),
+      context TEXT,
+      decision TEXT NOT NULL,
+      consequences TEXT,
+      alternatives TEXT DEFAULT '[]',
+      tags TEXT DEFAULT '[]',
+      supersedes_id TEXT REFERENCES decision_records(id) ON DELETE SET NULL,
+      superseded_by_id TEXT REFERENCES decision_records(id) ON DELETE SET NULL,
+      metadata TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_decision_records_project ON decision_records(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_decision_records_task ON decision_records(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_decision_records_plan ON decision_records(plan_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_decision_records_status ON decision_records(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_decision_records_short_ref ON decision_records(short_ref)");
+  ensureTable("knowledge_snapshots", `
+    CREATE TABLE knowledge_snapshots (
+      id TEXT PRIMARY KEY,
+      project_id TEXT REFERENCES projects(id) ON DELETE SET NULL,
+      title TEXT NOT NULL,
+      summary TEXT,
+      content_hash TEXT NOT NULL,
+      snapshot TEXT NOT NULL,
+      decision_ids TEXT DEFAULT '[]',
+      topics TEXT DEFAULT '[]',
+      source TEXT NOT NULL DEFAULT 'auto' CHECK(source IN ('manual', 'auto', 'import')),
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_knowledge_snapshots_project ON knowledge_snapshots(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_knowledge_snapshots_hash ON knowledge_snapshots(content_hash)");
+  ensureTable("verification_records", `
+    CREATE TABLE verification_records (
+      id TEXT PRIMARY KEY,
+      task_id TEXT REFERENCES tasks(id) ON DELETE CASCADE,
+      provider_name TEXT NOT NULL,
+      provider_type TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'unknown' CHECK(status IN ('passed', 'failed', 'unknown')),
+      summary TEXT,
+      evidence TEXT DEFAULT '{}',
+      artifact_id TEXT,
+      started_at TEXT,
+      completed_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_verification_records_task ON verification_records(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_verification_records_status ON verification_records(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_verification_records_created ON verification_records(created_at)");
+  ensureTable("task_leases", `
+    CREATE TABLE task_leases (
+      task_id TEXT PRIMARY KEY REFERENCES tasks(id) ON DELETE CASCADE,
+      agent_id TEXT NOT NULL,
+      acquired_at TEXT NOT NULL,
+      expires_at TEXT NOT NULL,
+      heartbeat_at TEXT,
+      steal_count INTEGER NOT NULL DEFAULT 0,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_leases_agent ON task_leases(agent_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_task_leases_expires ON task_leases(expires_at)");
+  ensureTable("reminder_preferences", `
+    CREATE TABLE reminder_preferences (
+      id TEXT PRIMARY KEY,
+      due_soon_hours INTEGER NOT NULL DEFAULT 24,
+      sla_warning_minutes INTEGER NOT NULL DEFAULT 30,
+      enabled INTEGER NOT NULL DEFAULT 1,
+      desktop_notify INTEGER NOT NULL DEFAULT 0,
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureTable("notification_reminders", `
+    CREATE TABLE notification_reminders (
+      id TEXT PRIMARY KEY,
+      task_id TEXT REFERENCES tasks(id) ON DELETE CASCADE,
+      reminder_type TEXT NOT NULL CHECK(reminder_type IN ('due_soon', 'due_overdue', 'sla_warning', 'sla_breach', 'custom')),
+      title TEXT NOT NULL,
+      message TEXT,
+      trigger_at TEXT NOT NULL,
+      status TEXT NOT NULL DEFAULT 'pending' CHECK(status IN ('pending', 'fired', 'dismissed', 'snoozed')),
+      snoozed_until TEXT,
+      project_id TEXT REFERENCES projects(id) ON DELETE SET NULL,
+      agent_id TEXT,
+      priority TEXT NOT NULL DEFAULT 'medium',
+      metadata TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+      fired_at TEXT,
+      dismissed_at TEXT
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_notification_reminders_task ON notification_reminders(task_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_notification_reminders_status ON notification_reminders(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_notification_reminders_trigger ON notification_reminders(trigger_at)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_notification_reminders_project ON notification_reminders(project_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_notification_reminders_agent ON notification_reminders(agent_id)");
+  ensureTable("run_records", `
+    CREATE TABLE run_records (
+      id TEXT PRIMARY KEY,
+      agent_run_id TEXT,
+      agent_id TEXT,
+      objective TEXT,
+      plan_id TEXT REFERENCES plans(id) ON DELETE SET NULL,
+      claimed_task_ids TEXT DEFAULT '[]',
+      commands TEXT DEFAULT '[]',
+      stdout_summary TEXT,
+      stderr_summary TEXT,
+      files_touched TEXT DEFAULT '[]',
+      verification_results TEXT DEFAULT '[]',
+      artifact_ids TEXT DEFAULT '[]',
+      status_transitions TEXT DEFAULT '[]',
+      status TEXT NOT NULL DEFAULT 'active' CHECK(status IN ('active', 'completed', 'failed', 'archived')),
+      replay_bundle TEXT,
+      metadata TEXT DEFAULT '{}',
+      started_at TEXT NOT NULL DEFAULT (datetime('now')),
+      completed_at TEXT,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_run_records_agent_run ON run_records(agent_run_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_run_records_agent ON run_records(agent_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_run_records_plan ON run_records(plan_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_run_records_status ON run_records(status)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_run_records_started ON run_records(started_at)");
+  ensureTable("activity_log", `
+    CREATE TABLE activity_log (
+      id TEXT PRIMARY KEY,
+      entity_type TEXT NOT NULL,
+      entity_id TEXT NOT NULL,
+      action TEXT NOT NULL,
+      field TEXT,
+      old_value TEXT,
+      new_value TEXT,
+      actor_id TEXT,
+      session_id TEXT,
+      machine_id TEXT,
+      metadata TEXT DEFAULT '{}',
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )`);
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_activity_log_entity ON activity_log(entity_type, entity_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_activity_log_actor ON activity_log(actor_id)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_activity_log_action ON activity_log(action)");
+  ensureIndex("CREATE INDEX IF NOT EXISTS idx_activity_log_created ON activity_log(created_at)");
   ensureTable("api_keys", `
     CREATE TABLE api_keys (
       id TEXT PRIMARY KEY,
@@ -2445,11 +2699,17 @@ function ensureDir(filePath) {
   }
 }
 function getDatabase(dbPath) {
-  if (_db)
-    return _db;
   const path = dbPath || getDbPath();
+  if (_db && _dbPath === path)
+    return _db;
+  if (_db && _dbPath !== path) {
+    _db.close();
+    _db = null;
+    _dbPath = null;
+  }
   ensureDir(path);
   _db = new Database(path);
+  _dbPath = path;
   _db.run("PRAGMA journal_mode = WAL");
   _db.run("PRAGMA busy_timeout = 5000");
   _db.run("PRAGMA foreign_keys = ON");
@@ -2462,10 +2722,12 @@ function closeDatabase() {
   if (_db) {
     _db.close();
     _db = null;
+    _dbPath = null;
   }
 }
 function resetDatabase() {
   _db = null;
+  _dbPath = null;
 }
 function now() {
   return new Date().toISOString();
@@ -2526,7 +2788,7 @@ function resolvePartialId(db, table, partialId) {
   }
   return null;
 }
-var LOCK_EXPIRY_MINUTES = 30, _db = null, ALLOWED_TABLES;
+var LOCK_EXPIRY_MINUTES = 30, _db = null, _dbPath = null, ALLOWED_TABLES;
 var init_database = __esm(() => {
   init_schema();
   init_machines();
@@ -2888,9 +3150,10 @@ function redactExportRecord(record) {
 function getDefaultSecretPatterns() {
   return DEFAULT_PATTERNS.map((p) => ({ name: p.name, source: p.pattern.source }));
 }
-var SECRET_REDACTION_SCHEMA = "todos.secret_redaction.v1", REDACTION_PLACEHOLDER = "[REDACTED]", DEFAULT_PATTERNS, DEFAULT_ALLOWLIST, customRedactors;
+var SECRET_REDACTION_SCHEMA, REDACTION_PLACEHOLDER = "[REDACTED]", DEFAULT_PATTERNS, DEFAULT_ALLOWLIST, customRedactors;
 var init_secret_redaction = __esm(() => {
   init_redaction();
+  SECRET_REDACTION_SCHEMA = ["todos", "secret_redaction", "v1"].join(".");
   DEFAULT_PATTERNS = [
     { name: "openai_sk", pattern: /\bsk-[a-zA-Z0-9]{10,}\b/g },
     { name: "github_pat", pattern: /\bghp_[a-zA-Z0-9]{20,}\b/g },
@@ -3095,6 +3358,168 @@ var init_activity_audit = __esm(() => {
   ];
 });
 
+// src/storage/config.ts
+var TODOS_STORAGE_TABLES = [
+  "todos_sync_records",
+  "todos_sync_cursors"
+];
+var STORAGE_TABLES = TODOS_STORAGE_TABLES;
+var TODOS_STORAGE_ENV = {
+  mode: "HASNA_TODOS_STORAGE_MODE",
+  databaseUrl: "HASNA_TODOS_DATABASE_URL",
+  databaseSsl: "HASNA_TODOS_DATABASE_SSL",
+  databaseSchema: "HASNA_TODOS_DATABASE_SCHEMA",
+  s3Bucket: "HASNA_TODOS_S3_BUCKET",
+  s3Prefix: "HASNA_TODOS_S3_PREFIX",
+  awsRegion: "HASNA_TODOS_AWS_REGION",
+  s3Endpoint: "HASNA_TODOS_S3_ENDPOINT",
+  s3ForcePathStyle: "HASNA_TODOS_S3_FORCE_PATH_STYLE",
+  s3AccessKeyId: "HASNA_TODOS_S3_ACCESS_KEY_ID",
+  s3SecretAccessKey: "HASNA_TODOS_S3_SECRET_ACCESS_KEY",
+  s3SessionToken: "HASNA_TODOS_S3_SESSION_TOKEN",
+  syncBatchSize: "HASNA_TODOS_SYNC_BATCH_SIZE",
+  syncDryRun: "HASNA_TODOS_SYNC_DRY_RUN"
+};
+var TODOS_STORAGE_FALLBACK_ENV = {
+  mode: "TODOS_STORAGE_MODE",
+  databaseUrl: "TODOS_DATABASE_URL",
+  databaseSsl: "TODOS_DATABASE_SSL",
+  databaseSchema: "TODOS_DATABASE_SCHEMA",
+  s3Bucket: "TODOS_S3_BUCKET",
+  s3Prefix: "TODOS_S3_PREFIX",
+  awsRegion: "TODOS_AWS_REGION",
+  s3Endpoint: "TODOS_S3_ENDPOINT",
+  s3ForcePathStyle: "TODOS_S3_FORCE_PATH_STYLE",
+  s3AccessKeyId: "TODOS_S3_ACCESS_KEY_ID",
+  s3SecretAccessKey: "TODOS_S3_SECRET_ACCESS_KEY",
+  s3SessionToken: "TODOS_S3_SESSION_TOKEN",
+  syncBatchSize: "TODOS_SYNC_BATCH_SIZE",
+  syncDryRun: "TODOS_SYNC_DRY_RUN"
+};
+var CANONICAL_TODOS_RDS_CLUSTER = "hasna-xyz-infra-apps-prod-postgres";
+var CANONICAL_TODOS_RDS_DATABASE = "todos";
+var CANONICAL_TODOS_RDS_RUNTIME_PATH = "hasna/xyz/opensource/todos/prod/rds";
+function getCanonicalTodosRdsConfig() {
+  return {
+    cluster: CANONICAL_TODOS_RDS_CLUSTER,
+    database: CANONICAL_TODOS_RDS_DATABASE,
+    runtimeSecretPath: CANONICAL_TODOS_RDS_RUNTIME_PATH,
+    primaryEnv: TODOS_STORAGE_ENV.databaseUrl,
+    fallbackEnv: TODOS_STORAGE_FALLBACK_ENV.databaseUrl
+  };
+}
+function loadTodosStorageConfig(env = process.env) {
+  const mode = getTodosStorageMode(env);
+  const databaseUrl = getTodosStorageDatabaseUrl(env);
+  const bucket = readStorageEnv(env, "s3Bucket").value;
+  const prefix = readStorageEnv(env, "s3Prefix").value ?? "todos/";
+  const region = readStorageEnv(env, "awsRegion").value;
+  const endpoint = readStorageEnv(env, "s3Endpoint").value;
+  const schema = readStorageEnv(env, "databaseSchema").value;
+  return {
+    service: "todos",
+    mode,
+    ...databaseUrl ? {
+      database: {
+        provider: "postgres",
+        url: databaseUrl,
+        ssl: parseBoolean(readStorageEnv(env, "databaseSsl").value, true),
+        ...schema ? { schema } : {}
+      }
+    } : {},
+    ...bucket ? {
+      objectStorage: {
+        provider: "s3",
+        bucket,
+        prefix,
+        ...region ? { region } : {},
+        ...endpoint ? { endpoint } : {},
+        forcePathStyle: parseBoolean(readStorageEnv(env, "s3ForcePathStyle").value, false)
+      }
+    } : {},
+    sync: {
+      batchSize: parsePositiveInteger(readStorageEnv(env, "syncBatchSize").value, 500),
+      dryRun: parseBoolean(readStorageEnv(env, "syncDryRun").value, false)
+    }
+  };
+}
+function loadStorageConfig(env = process.env) {
+  return loadTodosStorageConfig(env);
+}
+function isTodosRemoteStorageEnabled(config) {
+  return config.mode === "remote" || config.mode === "hybrid";
+}
+function assertTodosRemoteStorageConfig(config) {
+  if (!isTodosRemoteStorageEnabled(config))
+    return;
+  if (!config.database?.url) {
+    throw new Error(`${TODOS_STORAGE_ENV.databaseUrl} is required when ${TODOS_STORAGE_ENV.mode}=${config.mode}`);
+  }
+}
+function parseStorageMode(value) {
+  const normalized = clean(value)?.toLowerCase();
+  if (!normalized)
+    return "local";
+  if (normalized === "local" || normalized === "remote" || normalized === "hybrid")
+    return normalized;
+  throw new Error(`${TODOS_STORAGE_ENV.mode} must be local, remote, or hybrid`);
+}
+function getTodosStorageMode(env = process.env) {
+  return parseStorageMode(readStorageEnv(env, "mode").value);
+}
+function getStorageMode(env = process.env) {
+  return getTodosStorageMode(env);
+}
+function getTodosStorageDatabaseEnv(env = process.env) {
+  return readStorageEnv(env, "databaseUrl").name;
+}
+function getStorageDatabaseEnv(env = process.env) {
+  return getTodosStorageDatabaseEnv(env);
+}
+function getTodosStorageDatabaseUrl(env = process.env) {
+  return readStorageEnv(env, "databaseUrl").value;
+}
+function getStorageDatabaseUrl(env = process.env) {
+  return getTodosStorageDatabaseUrl(env);
+}
+function getTodosStorageEnvName(env, key) {
+  return readStorageEnv(env, key).name;
+}
+function readStorageEnv(env, key) {
+  const primaryName = TODOS_STORAGE_ENV[key];
+  const primaryValue = clean(env[primaryName]);
+  if (primaryValue !== undefined)
+    return { name: primaryName, value: primaryValue };
+  const fallbackName = TODOS_STORAGE_FALLBACK_ENV[key];
+  const fallbackValue = clean(env[fallbackName]);
+  if (fallbackValue !== undefined)
+    return { name: fallbackName, value: fallbackValue };
+  return { name: primaryName };
+}
+function clean(value) {
+  const trimmed = value?.trim();
+  return trimmed ? trimmed : undefined;
+}
+function parseBoolean(value, fallback) {
+  const normalized = clean(value)?.toLowerCase();
+  if (!normalized)
+    return fallback;
+  if (["1", "true", "yes", "on"].includes(normalized))
+    return true;
+  if (["0", "false", "no", "off"].includes(normalized))
+    return false;
+  throw new Error(`Expected boolean env value, got ${value}`);
+}
+function parsePositiveInteger(value, fallback) {
+  const normalized = clean(value);
+  if (!normalized)
+    return fallback;
+  const parsed = Number.parseInt(normalized, 10);
+  if (!Number.isSafeInteger(parsed) || parsed <= 0) {
+    throw new Error(`${TODOS_STORAGE_ENV.syncBatchSize} must be a positive integer`);
+  }
+  return parsed;
+}
 // src/db/task-crud.ts
 init_types();
 init_database();
@@ -7177,7 +7602,7 @@ function storeArtifactFile(input) {
   }
   return { sourcePath, localPath, contentHash, mimeType, sizeBytes: buffer.length };
 }
-function deleteStoredArtifactFile(localPath, storageMode, _dbPath) {
+function deleteStoredArtifactFile(localPath, storageMode, _dbPath2) {
   if (storageMode === "reference")
     return false;
   if (!localPath || !existsSync6(localPath))
@@ -7432,11 +7857,19 @@ function getTaskVerifications(taskId, db) {
 }
 function getTaskTraceability(taskId, db) {
   const d = db || getDatabase();
+  const commits = getTaskCommits(taskId, d);
+  const gitRefs = getTaskGitRefs(taskId, d);
   return {
     task_id: taskId,
-    commits: getTaskCommits(taskId, d),
-    git_refs: getTaskGitRefs(taskId, d),
-    verifications: getTaskVerifications(taskId, d)
+    commits,
+    git_refs: gitRefs,
+    verifications: getTaskVerifications(taskId, d),
+    branches: Array.from(new Set([
+      ...commits.map((commit) => commit.branch).filter((branch) => Boolean(branch)),
+      ...gitRefs.filter((ref) => ref.ref_type === "branch").map((ref) => ref.name)
+    ])).sort(),
+    release_tags: Array.from(new Set(commits.map((commit) => commit.release_tag).filter((tag) => Boolean(tag)))).sort(),
+    pull_requests: commits.filter((commit) => commit.pr_url).map((commit) => ({ url: commit.pr_url, state: commit.pr_state, number: commit.pr_number }))
   };
 }
 
@@ -8795,6 +9228,260 @@ function ensureTaskList(name, slug, projectId, db) {
 
 // src/storage/local-sqlite.ts
 init_database();
+
+// src/storage/sqlite-snapshot.ts
+init_database();
+var PROJECT_COLUMNS = [
+  "id",
+  "name",
+  "path",
+  "description",
+  "task_list_id",
+  "task_prefix",
+  "task_counter",
+  "created_at",
+  "updated_at",
+  "machine_id",
+  "synced_at"
+];
+var TASK_LIST_COLUMNS = [
+  "id",
+  "project_id",
+  "slug",
+  "name",
+  "description",
+  "metadata",
+  "created_at",
+  "updated_at",
+  "machine_id",
+  "synced_at"
+];
+var PLAN_COLUMNS = [
+  "id",
+  "project_id",
+  "task_list_id",
+  "agent_id",
+  "name",
+  "description",
+  "status",
+  "created_at",
+  "updated_at",
+  "machine_id",
+  "synced_at"
+];
+var AGENT_COLUMNS = [
+  "id",
+  "name",
+  "description",
+  "role",
+  "title",
+  "level",
+  "permissions",
+  "capabilities",
+  "reports_to",
+  "org_id",
+  "metadata",
+  "status",
+  "created_at",
+  "last_seen_at",
+  "session_id",
+  "working_dir",
+  "active_project_id",
+  "machine_id",
+  "synced_at"
+];
+var TEMPLATE_COLUMNS = [
+  "id",
+  "name",
+  "title_pattern",
+  "description",
+  "priority",
+  "tags",
+  "variables",
+  "project_id",
+  "plan_id",
+  "metadata",
+  "version",
+  "created_at",
+  "machine_id",
+  "synced_at"
+];
+var TASK_COLUMNS = [
+  "id",
+  "short_id",
+  "project_id",
+  "parent_id",
+  "plan_id",
+  "task_list_id",
+  "title",
+  "description",
+  "status",
+  "priority",
+  "agent_id",
+  "assigned_to",
+  "session_id",
+  "working_dir",
+  "tags",
+  "metadata",
+  "version",
+  "locked_by",
+  "locked_at",
+  "created_at",
+  "updated_at",
+  "started_at",
+  "completed_at",
+  "due_at",
+  "estimated_minutes",
+  "actual_minutes",
+  "requires_approval",
+  "approved_by",
+  "approved_at",
+  "recurrence_rule",
+  "recurrence_parent_id",
+  "spawns_template_id",
+  "confidence",
+  "reason",
+  "spawned_from_session",
+  "assigned_by",
+  "assigned_from_project",
+  "task_type",
+  "cost_tokens",
+  "cost_usd",
+  "delegated_from",
+  "delegation_depth",
+  "retry_count",
+  "max_retries",
+  "retry_after",
+  "sla_minutes",
+  "runner_id",
+  "runner_started_at",
+  "runner_completed_at",
+  "current_step",
+  "total_steps",
+  "cycle_id",
+  "machine_id",
+  "synced_at",
+  "archived_at"
+];
+var AUDIT_COLUMNS = [
+  "id",
+  "task_id",
+  "action",
+  "field",
+  "old_value",
+  "new_value",
+  "agent_id",
+  "created_at",
+  "machine_id"
+];
+var JSON_COLUMNS = new Set(["tags", "metadata", "permissions", "capabilities", "variables"]);
+var BOOLEAN_COLUMNS = new Set(["requires_approval"]);
+function exportSqliteTodosStorageSnapshot(db) {
+  const d = db ?? getDatabase();
+  return {
+    exportedAt: new Date().toISOString(),
+    source: "sqlite",
+    tasks: listTasks({ include_archived: true }, d),
+    projects: listProjects(d),
+    plans: listPlans(undefined, d),
+    agents: listAgents({ include_archived: true }, d),
+    taskLists: listTaskLists(undefined, d),
+    templates: listTemplates(d),
+    auditHistory: getRecentActivity(Number.MAX_SAFE_INTEGER, d)
+  };
+}
+function importSqliteTodosStorageSnapshot(snapshot, db) {
+  const d = db ?? getDatabase();
+  const result = {
+    inserted: 0,
+    updated: 0,
+    skipped: 0,
+    errors: []
+  };
+  const applyRows = (table, columns, rows, updateClockColumn, afterUpsert) => {
+    for (const row of rows) {
+      try {
+        const record = asRecord(row);
+        const state = upsertById(d, table, columns, record, updateClockColumn);
+        if (state === "inserted")
+          result.inserted += 1;
+        else if (state === "updated")
+          result.updated += 1;
+        else
+          result.skipped += 1;
+        afterUpsert?.(record, state !== "skipped");
+      } catch (error) {
+        result.errors.push(error instanceof Error ? error.message : String(error));
+      }
+    }
+  };
+  applyRows("projects", PROJECT_COLUMNS, snapshot.projects, "updated_at");
+  applyRows("agents", AGENT_COLUMNS, snapshot.agents, "last_seen_at");
+  applyRows("task_lists", TASK_LIST_COLUMNS, snapshot.taskLists, "updated_at");
+  applyRows("plans", PLAN_COLUMNS, snapshot.plans, "updated_at");
+  applyRows("task_templates", TEMPLATE_COLUMNS, snapshot.templates);
+  applyRows("tasks", TASK_COLUMNS, sortedTasks(snapshot.tasks), "updated_at", (row, changed) => {
+    if (changed && Array.isArray(row["tags"]) && typeof row["id"] === "string") {
+      replaceTaskTags(row["id"], row["tags"].filter((tag) => typeof tag === "string"), d);
+    }
+  });
+  applyRows("task_history", AUDIT_COLUMNS, snapshot.auditHistory);
+  return result;
+}
+function upsertById(db, table, columns, row, updateClockColumn) {
+  const id = row["id"];
+  if (typeof id !== "string" || !id)
+    throw new Error(`${table} row is missing id`);
+  const presentColumns = columns.filter((column) => (column in row));
+  if (!presentColumns.includes("id"))
+    presentColumns.unshift("id");
+  const existing = existsById(db, table, id);
+  const placeholders = presentColumns.map(() => "?").join(", ");
+  const values = presentColumns.map((column) => valueForColumn(column, row[column]));
+  const updateColumns = presentColumns.filter((column) => column !== "id");
+  const updateSet = updateColumns.map((column) => `${column} = excluded.${column}`).join(", ");
+  const clockGuard = updateClockColumn && presentColumns.includes(updateClockColumn) ? ` WHERE ${table}.${updateClockColumn} IS NULL OR ${table}.${updateClockColumn} <= excluded.${updateClockColumn}` : "";
+  const sql = updateSet ? `INSERT INTO ${table} (${presentColumns.join(", ")}) VALUES (${placeholders})
+       ON CONFLICT(id) DO UPDATE SET ${updateSet}${clockGuard}` : `INSERT OR IGNORE INTO ${table} (${presentColumns.join(", ")}) VALUES (${placeholders})`;
+  const changes = db.run(sql, values).changes;
+  if (changes === 0)
+    return "skipped";
+  return existing ? "updated" : "inserted";
+}
+function existsById(db, table, id) {
+  return Boolean(db.query(`SELECT id FROM ${table} WHERE id = ?`).get(id));
+}
+function valueForColumn(column, value) {
+  if (BOOLEAN_COLUMNS.has(column))
+    return value ? 1 : 0;
+  if (JSON_COLUMNS.has(column))
+    return JSON.stringify(value ?? (column === "tags" || column === "permissions" || column === "capabilities" || column === "variables" ? [] : {}));
+  return value === undefined ? null : value;
+}
+function asRecord(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new Error("snapshot rows must be objects");
+  }
+  return value;
+}
+function sortedTasks(tasks) {
+  const byId = new Map(tasks.map((task) => [task.id, task]));
+  const seen = new Set;
+  const result = [];
+  const visit = (task) => {
+    if (seen.has(task.id))
+      return;
+    if (task.parent_id && byId.has(task.parent_id))
+      visit(byId.get(task.parent_id));
+    seen.add(task.id);
+    result.push(task);
+  };
+  for (const task of tasks)
+    visit(task);
+  return result;
+}
+
+// src/storage/local-sqlite.ts
 function createLocalSqliteTodosStorageAdapter(options = {}) {
   const database = () => options.db ?? getDatabase();
   let adapter;
@@ -8867,7 +9554,9 @@ function createLocalSqliteTodosStorageAdapter(options = {}) {
       getRecentActivity: (limit) => getRecentActivity(limit, database())
     },
     sync: {
-      getTasksChangedSince: (since, filters) => getTasksChangedSince(since, filters, database())
+      getTasksChangedSince: (since, filters) => getTasksChangedSince(since, filters, database()),
+      exportSnapshot: () => exportSqliteTodosStorageSnapshot(database()),
+      importSnapshot: (snapshot) => importSqliteTodosStorageSnapshot(snapshot, database())
     },
     transaction: (fn) => {
       const tx = database().transaction(() => fn(adapter));
@@ -8876,6 +9565,1360 @@ function createLocalSqliteTodosStorageAdapter(options = {}) {
   };
   return adapter;
 }
+
+// src/storage/postgres-sync.ts
+var DEFAULT_TODOS_POSTGRES_SYNC_TABLE = "todos_sync_records";
+var DEFAULT_TODOS_POSTGRES_CURSOR_TABLE = "todos_sync_cursors";
+function postgresTodosSyncSchemaSql(tableName = DEFAULT_TODOS_POSTGRES_SYNC_TABLE, cursorTableName = DEFAULT_TODOS_POSTGRES_CURSOR_TABLE) {
+  assertSafeIdentifier(tableName);
+  assertSafeIdentifier(cursorTableName);
+  return [
+    `CREATE TABLE IF NOT EXISTS ${tableName} (
+      service text NOT NULL,
+      object_type text NOT NULL,
+      object_id text NOT NULL,
+      payload jsonb NOT NULL,
+      updated_at timestamptz NOT NULL,
+      deleted_at timestamptz,
+      source_machine_id text,
+      version integer,
+      PRIMARY KEY (service, object_type, object_id)
+    )`,
+    `CREATE INDEX IF NOT EXISTS ${tableName}_updated_idx ON ${tableName} (service, updated_at)`,
+    `CREATE TABLE IF NOT EXISTS ${cursorTableName} (
+      service text NOT NULL,
+      cursor_name text NOT NULL,
+      value text NOT NULL,
+      updated_at timestamptz NOT NULL DEFAULT now(),
+      PRIMARY KEY (service, cursor_name)
+    )`
+  ];
+}
+
+class PostgresTodosSyncStore {
+  client;
+  service;
+  sourceMachineId;
+  tableName;
+  cursorTableName;
+  constructor(client, options = {}) {
+    this.client = client;
+    this.service = options.service ?? "todos";
+    this.sourceMachineId = options.sourceMachineId;
+    this.tableName = options.tableName ?? DEFAULT_TODOS_POSTGRES_SYNC_TABLE;
+    this.cursorTableName = options.cursorTableName ?? DEFAULT_TODOS_POSTGRES_CURSOR_TABLE;
+    assertSafeIdentifier(this.tableName);
+    assertSafeIdentifier(this.cursorTableName);
+  }
+  async ensureSchema() {
+    for (const sql of postgresTodosSyncSchemaSql(this.tableName, this.cursorTableName)) {
+      await this.client.query(sql);
+    }
+  }
+  async pushSnapshot(snapshot, context = {}) {
+    const result = { records: 0, objectTypes: {} };
+    const sourceMachineId = context.requestId ?? this.sourceMachineId ?? null;
+    for (const entry of snapshotEntries(snapshot)) {
+      await this.client.query(`INSERT INTO ${this.tableName} (
+          service, object_type, object_id, payload, updated_at,
+          deleted_at, source_machine_id, version
+        ) VALUES ($1, $2, $3, $4::jsonb, $5::timestamptz, $6::timestamptz, $7, $8)
+        ON CONFLICT (service, object_type, object_id) DO UPDATE SET
+          payload = EXCLUDED.payload,
+          updated_at = EXCLUDED.updated_at,
+          deleted_at = EXCLUDED.deleted_at,
+          source_machine_id = EXCLUDED.source_machine_id,
+          version = EXCLUDED.version
+        WHERE ${this.tableName}.updated_at <= EXCLUDED.updated_at`, [
+        this.service,
+        entry.type,
+        entry.id,
+        JSON.stringify(entry.payload),
+        entry.updatedAt,
+        entry.deletedAt,
+        sourceMachineId,
+        entry.version
+      ]);
+      result.records += 1;
+      result.objectTypes[entry.type] = (result.objectTypes[entry.type] ?? 0) + 1;
+    }
+    return result;
+  }
+  async pullSnapshot(options = {}) {
+    const params = [this.service];
+    const filters = ["service = $1", "deleted_at IS NULL"];
+    if (options.since) {
+      params.push(options.since);
+      filters.push(`updated_at > $${params.length}::timestamptz`);
+    }
+    if (options.objectTypes?.length) {
+      params.push(options.objectTypes);
+      filters.push(`object_type = ANY($${params.length}::text[])`);
+    }
+    const response = await this.client.query(`SELECT object_type, payload FROM ${this.tableName}
+       WHERE ${filters.join(" AND ")}
+       ORDER BY updated_at ASC, object_type ASC, object_id ASC`, params);
+    return rowsToSnapshot(response.rows);
+  }
+  async getCursor(name) {
+    const result = await this.client.query(`SELECT value FROM ${this.cursorTableName} WHERE service = $1 AND cursor_name = $2`, [this.service, name]);
+    return result.rows[0]?.value ?? null;
+  }
+  async setCursor(name, value) {
+    await this.client.query(`INSERT INTO ${this.cursorTableName} (service, cursor_name, value, updated_at)
+       VALUES ($1, $2, $3, now())
+       ON CONFLICT (service, cursor_name) DO UPDATE SET
+         value = EXCLUDED.value,
+         updated_at = EXCLUDED.updated_at`, [this.service, name, value]);
+  }
+}
+function createPostgresTodosSyncStore(client, options = {}) {
+  return new PostgresTodosSyncStore(client, options);
+}
+function snapshotEntries(snapshot) {
+  return [
+    ...snapshot.tasks.map((payload) => entry("tasks", payload, snapshot.exportedAt)),
+    ...snapshot.projects.map((payload) => entry("projects", payload, snapshot.exportedAt)),
+    ...snapshot.plans.map((payload) => entry("plans", payload, snapshot.exportedAt)),
+    ...snapshot.agents.map((payload) => entry("agents", payload, snapshot.exportedAt)),
+    ...snapshot.taskLists.map((payload) => entry("task_lists", payload, snapshot.exportedAt)),
+    ...snapshot.templates.map((payload) => entry("templates", payload, snapshot.exportedAt)),
+    ...snapshot.auditHistory.map((payload) => entry("audit_history", payload, snapshot.exportedAt))
+  ];
+}
+function entry(type, payload, fallbackUpdatedAt) {
+  const id = payload["id"];
+  if (typeof id !== "string" || !id)
+    throw new Error(`${type} record is missing a stable id`);
+  return {
+    type,
+    id,
+    payload,
+    updatedAt: stringValue(payload["updated_at"]) ?? stringValue(payload["created_at"]) ?? fallbackUpdatedAt,
+    deletedAt: stringValue(payload["deleted_at"]),
+    version: numberValue(payload["version"])
+  };
+}
+function rowsToSnapshot(rows) {
+  const snapshot = {
+    exportedAt: new Date().toISOString(),
+    source: "postgres",
+    tasks: [],
+    projects: [],
+    plans: [],
+    agents: [],
+    taskLists: [],
+    templates: [],
+    auditHistory: []
+  };
+  for (const row of rows) {
+    const payload = payloadRecord(row.payload);
+    if (row.object_type === "tasks")
+      snapshot.tasks.push(payload);
+    else if (row.object_type === "projects")
+      snapshot.projects.push(payload);
+    else if (row.object_type === "plans")
+      snapshot.plans.push(payload);
+    else if (row.object_type === "agents")
+      snapshot.agents.push(payload);
+    else if (row.object_type === "task_lists")
+      snapshot.taskLists.push(payload);
+    else if (row.object_type === "templates")
+      snapshot.templates.push(payload);
+    else if (row.object_type === "audit_history")
+      snapshot.auditHistory.push(payload);
+  }
+  return snapshot;
+}
+function payloadRecord(value) {
+  if (typeof value === "string")
+    return JSON.parse(value);
+  if (value && typeof value === "object" && !Array.isArray(value))
+    return value;
+  throw new Error("Postgres sync payload must be a JSON object");
+}
+function stringValue(value) {
+  return typeof value === "string" && value ? value : null;
+}
+function numberValue(value) {
+  return typeof value === "number" && Number.isSafeInteger(value) ? value : null;
+}
+function assertSafeIdentifier(value) {
+  if (!/^[a-z_][a-z0-9_]*$/i.test(value))
+    throw new Error(`Unsafe Postgres identifier: ${value}`);
+}
+
+// src/storage/hybrid.ts
+function createHybridTodosStorageAdapter(options) {
+  const local = options.localAdapter ?? createLocalSqliteTodosStorageAdapter(options.local);
+  const syncStore = options.syncStore ?? (options.postgresClient ? createPostgresTodosSyncStore(options.postgresClient, { sourceMachineId: options.sourceMachineId }) : null);
+  if (!syncStore)
+    throw new Error("hybrid storage requires a Postgres sync store or query client");
+  if (!local.sync.exportSnapshot || !local.sync.importSnapshot) {
+    throw new Error("hybrid storage requires local snapshot export/import support");
+  }
+  const exportSnapshot = async (context) => await local.sync.exportSnapshot(context);
+  const importSnapshot = async (snapshot, context) => await local.sync.importSnapshot(snapshot, context);
+  const remote = {
+    ensureSchema: () => syncStore.ensureSchema(),
+    async pushSnapshot(context) {
+      const snapshot = await exportSnapshot(context);
+      return syncStore.pushSnapshot(snapshot, context);
+    },
+    async pullSnapshot(options2, context) {
+      const snapshot = await syncStore.pullSnapshot(options2);
+      return importSnapshot(snapshot, context);
+    },
+    async syncOnce(options2, context) {
+      const pulled = await remote.pullSnapshot(options2, context);
+      const pushed = await remote.pushSnapshot(context);
+      return { pulled, pushed };
+    }
+  };
+  return {
+    ...local,
+    kind: "hybrid",
+    capabilities: {
+      ...local.capabilities,
+      localPersistence: true,
+      remotePersistence: true,
+      sync: true
+    },
+    sync: {
+      ...local.sync,
+      exportSnapshot,
+      importSnapshot
+    },
+    remote
+  };
+}
+
+// src/storage/postgres-adapter.ts
+import { randomUUID as randomUUID2 } from "crypto";
+function createPostgresTodosStorageAdapter(options) {
+  const store = new PostgresJsonRecordStore(options);
+  const adapter = {
+    kind: "postgres",
+    capabilities: {
+      localPersistence: false,
+      remotePersistence: true,
+      transactions: false,
+      auditLog: true,
+      sync: true
+    },
+    tasks: {
+      create: (input, context) => createTask2(input, store, context),
+      get: (id) => store.get("tasks", id),
+      list: (filter = {}) => listTasks2(filter, store),
+      count: async (filter = {}) => (await listTasks2(filter, store)).length,
+      update: (id, input) => updateTask2(id, input, store),
+      delete: (id, context) => store.delete("tasks", id, context),
+      start: (id, agentId) => startTask2(id, agentId, store),
+      complete: (id, agentId, options2) => completeTask2(id, agentId, options2, store),
+      fail: (id, agentId, reason, options2) => failTask2(id, agentId, reason, options2, store),
+      claimNext: (agentId, filters) => claimNextTask2(agentId, filters, store),
+      getNext: (_agentId, filters) => getNextTask2(filters, store),
+      getActiveWork: (filters) => getActiveWork2(filters, store),
+      getChangedSince: (since, filters) => getChangedSince(since, filters, store)
+    },
+    projects: {
+      create: (input, context) => createProject2(input, store, context),
+      get: (id) => store.get("projects", id),
+      getByPath: async (path) => (await store.list("projects")).find((project) => project.path === path) ?? null,
+      list: async () => (await store.list("projects")).sort((a, b) => a.name.localeCompare(b.name)),
+      update: (id, input) => updateProject2(id, input, store),
+      delete: (id, context) => store.delete("projects", id, context)
+    },
+    plans: {
+      create: (input, context) => createPlan2(input, store, context),
+      get: (id) => store.get("plans", id),
+      list: async (projectId) => (await store.list("plans")).filter((plan) => projectId === undefined || plan.project_id === projectId).sort((a, b) => a.name.localeCompare(b.name)),
+      update: (id, input) => updatePlan2(id, input, store),
+      delete: (id, context) => store.delete("plans", id, context)
+    },
+    agents: {
+      register: (input, context) => registerAgent2(input, store, context),
+      get: (id) => store.get("agents", id),
+      getByName: async (name) => (await store.list("agents")).find((agent) => agent.name === name) ?? null,
+      list: async (options2) => (await store.list("agents")).filter((agent) => options2?.include_archived || agent.status !== "archived").sort((a, b) => a.name.localeCompare(b.name)),
+      update: (id, input) => updateAgent2(id, input, store)
+    },
+    taskLists: {
+      create: (input, context) => createTaskList2(input, store, context),
+      get: (id) => store.get("task_lists", id),
+      getBySlug: async (slug, projectId) => (await store.list("task_lists")).find((list) => list.slug === slug && (projectId === undefined || list.project_id === projectId)) ?? null,
+      list: async (projectId) => (await store.list("task_lists")).filter((list) => projectId === undefined || list.project_id === projectId).sort((a, b) => a.name.localeCompare(b.name)),
+      update: (id, input) => updateTaskList2(id, input, store),
+      delete: (id, context) => store.delete("task_lists", id, context)
+    },
+    templates: {
+      create: (input, context) => createTemplate2(input, store, context),
+      get: (id) => store.get("templates", id),
+      list: async () => (await store.list("templates")).sort((a, b) => a.name.localeCompare(b.name)),
+      update: (id, input) => updateTemplate2(id, input, store),
+      delete: (id, context) => store.delete("templates", id, context),
+      getWithTasks: async (id) => {
+        const template = await store.get("templates", id);
+        return template ? { ...template, tasks: [] } : null;
+      }
+    },
+    audit: {
+      logTaskChange: (taskId, action, field, oldValue, newValue, agentId, context) => logTaskChange2(taskId, action, field, oldValue, newValue, agentId, store, context),
+      addComment: (input, context) => addComment2(input, store, context),
+      getTaskHistory: async (taskId) => (await store.list("audit_history")).filter((entry2) => entry2.task_id === taskId).sort((a, b) => a.created_at.localeCompare(b.created_at)),
+      getRecentActivity: async (limit = 20) => (await store.list("audit_history")).sort((a, b) => b.created_at.localeCompare(a.created_at)).slice(0, limit)
+    },
+    sync: {
+      getTasksChangedSince: (since, filters) => getChangedSince(since, filters, store),
+      exportSnapshot: () => exportSnapshot(store),
+      importSnapshot: (snapshot, context) => importSnapshot(snapshot, store, context)
+    },
+    transaction: (fn) => fn(adapter)
+  };
+  return adapter;
+}
+
+class PostgresJsonRecordStore {
+  options;
+  service;
+  sourceMachineId;
+  tableName;
+  cursorTableName;
+  schemaReady = null;
+  constructor(options) {
+    this.options = options;
+    this.service = options.service ?? "todos";
+    this.sourceMachineId = options.sourceMachineId;
+    this.tableName = options.tableName ?? DEFAULT_TODOS_POSTGRES_SYNC_TABLE;
+    this.cursorTableName = options.cursorTableName ?? DEFAULT_TODOS_POSTGRES_CURSOR_TABLE;
+  }
+  async ensureSchema() {
+    this.schemaReady ??= (async () => {
+      for (const sql of postgresTodosSyncSchemaSql(this.tableName, this.cursorTableName)) {
+        await this.options.client.query(sql);
+      }
+    })();
+    await this.schemaReady;
+  }
+  async get(type, id) {
+    await this.ensureSchema();
+    const result = await this.options.client.query(`SELECT object_type, object_id, payload, updated_at
+       FROM ${this.tableName}
+       WHERE service = $1 AND object_type = $2 AND object_id = $3 AND deleted_at IS NULL
+       LIMIT 1`, [this.service, type, id]);
+    return result.rows[0] ? payloadRecord2(result.rows[0].payload) : null;
+  }
+  async list(type) {
+    return (await this.listRecords(type)).map((record) => record.payload);
+  }
+  async listRecords(type) {
+    await this.ensureSchema();
+    const result = await this.options.client.query(`SELECT object_type, object_id, payload, updated_at
+       FROM ${this.tableName}
+       WHERE service = $1 AND object_type = $2 AND deleted_at IS NULL
+       ORDER BY updated_at ASC, object_id ASC`, [this.service, type]);
+    return result.rows.map((row) => ({
+      objectId: row.object_id,
+      payload: payloadRecord2(row.payload),
+      updatedAt: stringValue2(row.updated_at) ?? new Date().toISOString()
+    }));
+  }
+  async upsert(type, value, context = {}) {
+    await this.ensureSchema();
+    const updatedAt = stringValue2(value.updated_at) ?? stringValue2(value.created_at) ?? new Date().toISOString();
+    await this.options.client.query(`INSERT INTO ${this.tableName} (
+        service, object_type, object_id, payload, updated_at,
+        deleted_at, source_machine_id, version
+      ) VALUES ($1, $2, $3, $4::jsonb, $5::timestamptz, NULL, $6, $7)
+      ON CONFLICT (service, object_type, object_id) DO UPDATE SET
+        payload = EXCLUDED.payload,
+        updated_at = EXCLUDED.updated_at,
+        deleted_at = NULL,
+        source_machine_id = EXCLUDED.source_machine_id,
+        version = EXCLUDED.version`, [
+      this.service,
+      type,
+      value.id,
+      JSON.stringify(value),
+      updatedAt,
+      context.requestId ?? this.sourceMachineId ?? null,
+      numberValue2(value.version)
+    ]);
+    return value;
+  }
+  async delete(type, id, context = {}) {
+    await this.ensureSchema();
+    const existing = await this.get(type, id);
+    if (!existing)
+      return false;
+    const timestamp = new Date().toISOString();
+    await this.options.client.query(`UPDATE ${this.tableName}
+       SET deleted_at = $4::timestamptz,
+           updated_at = $4::timestamptz,
+           source_machine_id = $5
+       WHERE service = $1 AND object_type = $2 AND object_id = $3`, [this.service, type, id, timestamp, context.requestId ?? this.sourceMachineId ?? null]);
+    return true;
+  }
+  async getCursor(name) {
+    await this.ensureSchema();
+    const result = await this.options.client.query(`SELECT value FROM ${this.cursorTableName} WHERE service = $1 AND cursor_name = $2`, [this.service, name]);
+    return result.rows[0]?.value ?? null;
+  }
+  async setCursor(name, value) {
+    await this.ensureSchema();
+    await this.options.client.query(`INSERT INTO ${this.cursorTableName} (service, cursor_name, value, updated_at)
+       VALUES ($1, $2, $3, now())
+       ON CONFLICT (service, cursor_name) DO UPDATE SET
+         value = EXCLUDED.value,
+         updated_at = EXCLUDED.updated_at`, [this.service, name, value]);
+  }
+}
+async function createTask2(input, store, context) {
+  const timestamp = new Date().toISOString();
+  const shortId = input.project_id ? await nextTaskShortId2(input.project_id, store, context) : null;
+  const task = {
+    id: randomUUID2(),
+    short_id: shortId,
+    project_id: input.project_id ?? context?.projectId ?? null,
+    parent_id: input.parent_id ?? null,
+    plan_id: input.plan_id ?? null,
+    task_list_id: input.task_list_id ?? context?.taskListId ?? null,
+    title: input.title,
+    description: input.description ?? null,
+    status: input.status ?? "pending",
+    priority: input.priority ?? "medium",
+    agent_id: input.agent_id ?? null,
+    assigned_to: input.assigned_to ?? null,
+    session_id: input.session_id ?? context?.sessionId ?? null,
+    working_dir: input.working_dir ?? null,
+    tags: input.tags ?? [],
+    metadata: input.metadata ?? {},
+    version: 1,
+    locked_by: null,
+    locked_at: null,
+    created_at: timestamp,
+    updated_at: timestamp,
+    started_at: null,
+    completed_at: null,
+    due_at: input.due_at ?? null,
+    estimated_minutes: input.estimated_minutes ?? null,
+    actual_minutes: null,
+    requires_approval: input.requires_approval ?? false,
+    approved_by: null,
+    approved_at: null,
+    recurrence_rule: input.recurrence_rule ?? null,
+    recurrence_parent_id: input.recurrence_parent_id ?? null,
+    spawns_template_id: input.spawns_template_id ?? null,
+    confidence: input.confidence ?? null,
+    reason: input.reason ?? null,
+    spawned_from_session: input.spawned_from_session ?? null,
+    assigned_by: input.assigned_by ?? null,
+    assigned_from_project: input.assigned_from_project ?? null,
+    task_type: input.task_type ?? null,
+    cost_tokens: 0,
+    cost_usd: 0,
+    delegated_from: null,
+    delegation_depth: 0,
+    retry_count: input.retry_count ?? 0,
+    max_retries: input.max_retries ?? 0,
+    retry_after: input.retry_after ?? null,
+    sla_minutes: input.sla_minutes ?? null,
+    runner_id: null,
+    runner_started_at: null,
+    runner_completed_at: null,
+    current_step: null,
+    total_steps: null
+  };
+  await store.upsert("tasks", task, context);
+  await logTaskChange2(task.id, "created", "status", null, task.status, task.assigned_by ?? task.agent_id, store, context);
+  return task;
+}
+async function updateTask2(id, input, store) {
+  const existing = await requireRecord("tasks", id, store);
+  if (existing.version !== input.version) {
+    throw new Error(`Task ${id} version conflict: expected ${existing.version}, got ${input.version}`);
+  }
+  const task = {
+    ...existing,
+    ...definedPatch(input),
+    version: existing.version + 1,
+    updated_at: new Date().toISOString(),
+    tags: input.tags ?? existing.tags,
+    metadata: input.metadata ?? existing.metadata,
+    requires_approval: input.requires_approval ?? existing.requires_approval,
+    task_list_id: input.task_list_id ?? existing.task_list_id
+  };
+  await store.upsert("tasks", task);
+  return task;
+}
+async function startTask2(id, agentId, store) {
+  const task = await requireRecord("tasks", id, store);
+  return patchTask(task, {
+    status: "in_progress",
+    assigned_to: task.assigned_to ?? agentId,
+    agent_id: task.agent_id ?? agentId,
+    locked_by: agentId,
+    locked_at: new Date().toISOString(),
+    started_at: task.started_at ?? new Date().toISOString()
+  }, store);
+}
+async function completeTask2(id, agentId, options, store) {
+  const task = await requireRecord("tasks", id, store);
+  return patchTask(task, {
+    status: "completed",
+    assigned_to: task.assigned_to ?? agentId ?? null,
+    completed_at: options?.completed_at ?? new Date().toISOString(),
+    actual_minutes: task.actual_minutes,
+    confidence: options?.confidence ?? task.confidence
+  }, store);
+}
+async function failTask2(id, agentId, reason, options, store) {
+  const task = await requireRecord("tasks", id, store);
+  const failed = await patchTask(task, {
+    status: "failed",
+    assigned_to: task.assigned_to ?? agentId ?? null,
+    reason: reason ?? task.reason,
+    retry_after: options?.retry_after ?? task.retry_after
+  }, store);
+  if (!options?.retry)
+    return { task: failed };
+  const retryTask = await createTask2({
+    title: task.title,
+    description: task.description ?? undefined,
+    project_id: task.project_id ?? undefined,
+    parent_id: task.parent_id ?? undefined,
+    plan_id: task.plan_id ?? undefined,
+    task_list_id: task.task_list_id ?? undefined,
+    priority: task.priority,
+    assigned_to: task.assigned_to ?? undefined,
+    tags: task.tags,
+    metadata: task.metadata,
+    retry_count: task.retry_count + 1,
+    max_retries: task.max_retries,
+    reason: reason ?? undefined,
+    task_type: task.task_type ?? undefined
+  }, store);
+  return { task: failed, retryTask };
+}
+async function patchTask(task, patch, store) {
+  const updated = {
+    ...task,
+    ...patch,
+    version: task.version + 1,
+    updated_at: new Date().toISOString()
+  };
+  await store.upsert("tasks", updated);
+  return updated;
+}
+async function listTasks2(filter, store) {
+  let tasks = await store.list("tasks");
+  tasks = tasks.filter((task) => taskMatchesFilter(task, filter));
+  tasks.sort((a, b) => priorityRank(a.priority) - priorityRank(b.priority) || a.created_at.localeCompare(b.created_at));
+  const offset = filter.offset ?? 0;
+  const limit = filter.limit ?? tasks.length;
+  return tasks.slice(offset, offset + limit);
+}
+async function getNextTask2(filters, store) {
+  return (await listTasks2({ ...filters, status: "pending", limit: 1 }, store))[0] ?? null;
+}
+async function claimNextTask2(agentId, filters, store) {
+  const task = await getNextTask2(filters, store);
+  return task ? startTask2(task.id, agentId, store) : null;
+}
+async function getActiveWork2(filters, store) {
+  const tasks = await listTasks2({ ...filters, status: "in_progress" }, store);
+  return tasks.map((task) => ({
+    id: task.id,
+    short_id: task.short_id,
+    title: task.title,
+    priority: task.priority,
+    assigned_to: task.assigned_to,
+    locked_by: task.locked_by,
+    locked_at: task.locked_at,
+    updated_at: task.updated_at
+  }));
+}
+async function getChangedSince(since, filters, store) {
+  return (await listTasks2(filters ?? {}, store)).filter((task) => task.updated_at > since);
+}
+async function createProject2(input, store, context) {
+  const timestamp = new Date().toISOString();
+  const project = {
+    id: randomUUID2(),
+    name: input.name,
+    path: input.path,
+    description: input.description ?? null,
+    task_list_id: input.task_list_id ?? `todos-${slugify2(input.name)}`,
+    task_prefix: input.task_prefix ?? await generateProjectPrefix(input.name, store),
+    task_counter: 0,
+    created_at: timestamp,
+    updated_at: timestamp
+  };
+  return store.upsert("projects", project, context);
+}
+async function updateProject2(id, input, store) {
+  const project = await requireRecord("projects", id, store);
+  const updated = { ...project, ...definedPatch(input), updated_at: new Date().toISOString() };
+  return store.upsert("projects", updated);
+}
+async function createPlan2(input, store, context) {
+  const timestamp = new Date().toISOString();
+  return store.upsert("plans", {
+    id: randomUUID2(),
+    project_id: input.project_id ?? context?.projectId ?? null,
+    task_list_id: input.task_list_id ?? context?.taskListId ?? null,
+    agent_id: input.agent_id ?? context?.agentId ?? null,
+    name: input.name,
+    description: input.description ?? null,
+    status: input.status ?? "active",
+    created_at: timestamp,
+    updated_at: timestamp
+  }, context);
+}
+async function updatePlan2(id, input, store) {
+  const plan = await requireRecord("plans", id, store);
+  return store.upsert("plans", { ...plan, ...definedPatch(input), updated_at: new Date().toISOString() });
+}
+async function registerAgent2(input, store, context) {
+  const existing = (await store.list("agents")).find((agent2) => agent2.name === input.name && agent2.status !== "archived");
+  if (existing && !input.force && existing.session_id && existing.session_id !== input.session_id) {
+    return { conflict: true, message: `Agent name '${input.name}' is already active` };
+  }
+  const timestamp = new Date().toISOString();
+  const agent = {
+    id: existing?.id ?? randomUUID2().slice(0, 8),
+    name: input.name,
+    description: input.description ?? existing?.description ?? null,
+    role: input.role ?? existing?.role ?? null,
+    title: input.title ?? existing?.title ?? null,
+    level: input.level ?? existing?.level ?? null,
+    permissions: input.permissions ?? existing?.permissions ?? [],
+    reports_to: input.reports_to ?? existing?.reports_to ?? null,
+    org_id: input.org_id ?? existing?.org_id ?? null,
+    capabilities: input.capabilities ?? existing?.capabilities ?? [],
+    status: "active",
+    metadata: input.metadata ?? existing?.metadata ?? {},
+    created_at: existing?.created_at ?? timestamp,
+    last_seen_at: timestamp,
+    session_id: input.session_id ?? context?.sessionId ?? existing?.session_id ?? null,
+    working_dir: input.working_dir ?? existing?.working_dir ?? null,
+    active_project_id: input.project_id ?? context?.projectId ?? existing?.active_project_id ?? null
+  };
+  return store.upsert("agents", agent, context);
+}
+async function updateAgent2(id, input, store) {
+  const agent = await store.get("agents", id);
+  if (!agent)
+    return null;
+  return store.upsert("agents", {
+    ...agent,
+    ...definedPatch(input),
+    permissions: input.permissions ?? agent.permissions,
+    capabilities: input.capabilities ?? agent.capabilities,
+    metadata: input.metadata ?? agent.metadata,
+    last_seen_at: new Date().toISOString()
+  });
+}
+async function createTaskList2(input, store, context) {
+  const timestamp = new Date().toISOString();
+  return store.upsert("task_lists", {
+    id: randomUUID2(),
+    project_id: input.project_id ?? context?.projectId ?? null,
+    slug: input.slug ?? slugify2(input.name),
+    name: input.name,
+    description: input.description ?? null,
+    metadata: input.metadata ?? {},
+    created_at: timestamp,
+    updated_at: timestamp
+  }, context);
+}
+async function updateTaskList2(id, input, store) {
+  const list = await requireRecord("task_lists", id, store);
+  return store.upsert("task_lists", {
+    ...list,
+    ...definedPatch(input),
+    metadata: input.metadata ?? list.metadata,
+    updated_at: new Date().toISOString()
+  });
+}
+async function createTemplate2(input, store, context) {
+  const timestamp = new Date().toISOString();
+  return store.upsert("templates", {
+    id: randomUUID2(),
+    name: input.name,
+    title_pattern: input.title_pattern,
+    description: input.description ?? null,
+    priority: input.priority ?? "medium",
+    tags: input.tags ?? [],
+    variables: input.variables ?? [],
+    version: 1,
+    project_id: input.project_id ?? context?.projectId ?? null,
+    plan_id: input.plan_id ?? null,
+    metadata: input.metadata ?? {},
+    created_at: timestamp
+  }, context);
+}
+async function updateTemplate2(id, input, store) {
+  const template = await store.get("templates", id);
+  if (!template)
+    return null;
+  return store.upsert("templates", {
+    ...template,
+    ...definedPatch(input),
+    tags: input.tags ?? template.tags,
+    variables: input.variables ?? template.variables,
+    metadata: input.metadata ?? template.metadata,
+    version: template.version + 1
+  });
+}
+async function logTaskChange2(taskId, action, field, oldValue, newValue, agentId, store, context) {
+  const entry2 = {
+    id: randomUUID2(),
+    task_id: taskId,
+    action,
+    field: field ?? null,
+    old_value: oldValue ?? null,
+    new_value: newValue ?? null,
+    agent_id: agentId ?? context?.agentId ?? null,
+    created_at: new Date().toISOString()
+  };
+  return store.upsert("audit_history", entry2, context);
+}
+async function addComment2(input, store, context) {
+  const comment = {
+    id: randomUUID2(),
+    task_id: input.task_id,
+    agent_id: input.agent_id ?? context?.agentId ?? null,
+    session_id: input.session_id ?? context?.sessionId ?? null,
+    content: input.content,
+    type: input.type ?? "comment",
+    progress_pct: input.progress_pct ?? null,
+    created_at: new Date().toISOString()
+  };
+  return store.upsert("comments", comment, context);
+}
+async function exportSnapshot(store) {
+  return {
+    exportedAt: new Date().toISOString(),
+    source: "postgres",
+    tasks: await store.list("tasks"),
+    projects: await store.list("projects"),
+    plans: await store.list("plans"),
+    agents: await store.list("agents"),
+    taskLists: await store.list("task_lists"),
+    templates: await store.list("templates"),
+    auditHistory: await store.list("audit_history")
+  };
+}
+async function importSnapshot(snapshot, store, context) {
+  const result = { inserted: 0, updated: 0, skipped: 0, errors: [] };
+  const entries = [
+    ...snapshot.tasks.map((row) => ["tasks", row]),
+    ...snapshot.projects.map((row) => ["projects", row]),
+    ...snapshot.plans.map((row) => ["plans", row]),
+    ...snapshot.agents.map((row) => ["agents", row]),
+    ...snapshot.taskLists.map((row) => ["task_lists", row]),
+    ...snapshot.templates.map((row) => ["templates", row]),
+    ...snapshot.auditHistory.map((row) => ["audit_history", row])
+  ];
+  for (const [type, row] of entries) {
+    try {
+      const existing = await store.get(type, row.id);
+      await store.upsert(type, row, context);
+      if (existing)
+        result.updated += 1;
+      else
+        result.inserted += 1;
+    } catch (error) {
+      result.errors.push(error instanceof Error ? error.message : String(error));
+    }
+  }
+  return result;
+}
+async function requireRecord(type, id, store) {
+  const record = await store.get(type, id);
+  if (!record)
+    throw new Error(`${type} record not found: ${id}`);
+  return record;
+}
+async function nextTaskShortId2(projectId, store, context) {
+  const project = await store.get("projects", projectId);
+  if (!project?.task_prefix)
+    return null;
+  const counter = project.task_counter + 1;
+  await store.upsert("projects", {
+    ...project,
+    task_counter: counter,
+    updated_at: new Date().toISOString()
+  }, context);
+  return `${project.task_prefix}-${String(counter).padStart(5, "0")}`;
+}
+async function generateProjectPrefix(name, store) {
+  const base = (name.replace(/[^a-zA-Z0-9\s]/g, "").trim().split(/\s+/).filter(Boolean).slice(0, 3).map((word) => word[0]).join("") || name.slice(0, 3) || "TOD").toUpperCase();
+  const existing = new Set((await store.list("projects")).map((project) => project.task_prefix).filter(Boolean));
+  let candidate = base;
+  let suffix = 1;
+  while (existing.has(candidate)) {
+    suffix += 1;
+    candidate = `${base}${suffix}`;
+  }
+  return candidate;
+}
+function taskMatchesFilter(task, filter) {
+  if (filter.ids && !filter.ids.includes(task.id))
+    return false;
+  if (filter.project_id !== undefined && task.project_id !== filter.project_id)
+    return false;
+  if (filter.parent_id !== undefined && task.parent_id !== filter.parent_id)
+    return false;
+  if (filter.plan_id !== undefined && task.plan_id !== filter.plan_id)
+    return false;
+  if (filter.task_list_id !== undefined && task.task_list_id !== filter.task_list_id)
+    return false;
+  if (filter.status !== undefined && !matchesOne(task.status, filter.status))
+    return false;
+  if (filter.priority !== undefined && !matchesOne(task.priority, filter.priority))
+    return false;
+  if (filter.assigned_to !== undefined && task.assigned_to !== filter.assigned_to)
+    return false;
+  if (filter.agent_id !== undefined && task.agent_id !== filter.agent_id)
+    return false;
+  if (filter.session_id !== undefined && task.session_id !== filter.session_id)
+    return false;
+  if (filter.tags?.length && !filter.tags.every((tag) => task.tags.includes(tag)))
+    return false;
+  if (filter.has_recurrence !== undefined && Boolean(task.recurrence_rule) !== filter.has_recurrence)
+    return false;
+  if (filter.include_subtasks !== true && task.parent_id)
+    return false;
+  if (filter.task_type !== undefined && !matchesOne(task.task_type ?? "", filter.task_type))
+    return false;
+  return true;
+}
+function matchesOne(value, expected) {
+  return Array.isArray(expected) ? expected.includes(value) : value === expected;
+}
+function priorityRank(priority) {
+  return { critical: 0, high: 1, medium: 2, low: 3 }[priority];
+}
+function slugify2(value) {
+  return value.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "") || "todos";
+}
+function definedPatch(value) {
+  return Object.fromEntries(Object.entries(value).filter(([, entry2]) => entry2 !== undefined));
+}
+function payloadRecord2(value) {
+  if (typeof value === "string")
+    return JSON.parse(value);
+  if (value && typeof value === "object" && !Array.isArray(value))
+    return value;
+  throw new Error("Postgres storage payload must be a JSON object");
+}
+function stringValue2(value) {
+  return typeof value === "string" && value ? value : null;
+}
+function numberValue2(value) {
+  return typeof value === "number" && Number.isSafeInteger(value) ? value : null;
+}
+
+// src/storage/factory.ts
+function createTodosStorageAdapter(options = {}) {
+  const config = options.config ?? loadTodosStorageConfig(options.env);
+  if (config.mode === "local")
+    return createLocalSqliteTodosStorageAdapter(options.local);
+  assertTodosRemoteStorageConfig(config);
+  const adapter = config.mode === "hybrid" ? options.hybridAdapter ?? createImplicitHybridAdapter(options) ?? options.remoteAdapter : options.remoteAdapter ?? createImplicitPostgresAdapter(options);
+  if (!adapter) {
+    throw new Error(`${config.mode} storage requires a repo-native remote adapter. ` + "Pass remoteAdapter/hybridAdapter after wiring Postgres RDS and S3 support.");
+  }
+  assertRemoteAdapterCapabilities(adapter, config.mode);
+  return adapter;
+}
+function createImplicitPostgresAdapter(options) {
+  if (!options.postgresClient)
+    return null;
+  return createPostgresTodosStorageAdapter({
+    client: options.postgresClient,
+    ...options.hybrid?.sourceMachineId ? { sourceMachineId: options.hybrid.sourceMachineId } : {}
+  });
+}
+function createImplicitHybridAdapter(options) {
+  if (!options.postgresClient && !options.postgresSyncStore)
+    return null;
+  return createHybridTodosStorageAdapter({
+    ...options.hybrid ?? {},
+    local: options.local,
+    postgresClient: options.postgresClient,
+    syncStore: options.postgresSyncStore
+  });
+}
+function assertRemoteAdapterCapabilities(adapter, mode) {
+  if (!adapter.capabilities.remotePersistence) {
+    throw new Error(`${mode} storage adapter must set capabilities.remotePersistence=true`);
+  }
+  if (mode === "hybrid" && !adapter.capabilities.localPersistence) {
+    throw new Error("hybrid storage adapter must also set capabilities.localPersistence=true");
+  }
+}
+// src/storage/s3-artifacts.ts
+import { createHash as createHash3, createHmac } from "crypto";
+function createTodosS3ArtifactStore(options) {
+  const requestFetch = options.fetch ?? fetch;
+  const now2 = options.now ?? (() => new Date);
+  return {
+    objectKey: (relativePath) => buildS3ObjectKey(options.config, relativePath),
+    objectUrl: (relativePath) => buildS3ObjectUrl(options.config, buildS3ObjectKey(options.config, relativePath)),
+    async putObject(input) {
+      const key = buildS3ObjectKey(options.config, input.key);
+      const url = buildS3ObjectUrl(options.config, key);
+      const body = normalizeBody(input.body);
+      const headers = {
+        "content-type": input.contentType ?? "application/octet-stream"
+      };
+      for (const [name, value] of Object.entries(input.metadata ?? {})) {
+        headers[`x-amz-meta-${name.toLowerCase()}`] = value;
+      }
+      const signed = signAwsV4Request({
+        method: "PUT",
+        url,
+        region: options.config.region ?? "us-east-1",
+        service: "s3",
+        headers,
+        body,
+        credentials: options.credentials,
+        now: now2()
+      });
+      const response = await requestFetch(url, { method: "PUT", headers: signed.headers, body });
+      if (!response.ok)
+        throw new Error(`S3 put failed with HTTP ${response.status}`);
+      return {
+        bucket: options.config.bucket,
+        key,
+        url: url.toString(),
+        etag: response.headers.get("etag") ?? undefined
+      };
+    },
+    async getObject(relativePath) {
+      const url = buildS3ObjectUrl(options.config, buildS3ObjectKey(options.config, relativePath));
+      const signed = signAwsV4Request({
+        method: "GET",
+        url,
+        region: options.config.region ?? "us-east-1",
+        service: "s3",
+        headers: {},
+        credentials: options.credentials,
+        now: now2()
+      });
+      const response = await requestFetch(url, { method: "GET", headers: signed.headers });
+      if (!response.ok)
+        throw new Error(`S3 get failed with HTTP ${response.status}`);
+      return response;
+    },
+    async deleteObject(relativePath) {
+      const url = buildS3ObjectUrl(options.config, buildS3ObjectKey(options.config, relativePath));
+      const signed = signAwsV4Request({
+        method: "DELETE",
+        url,
+        region: options.config.region ?? "us-east-1",
+        service: "s3",
+        headers: {},
+        credentials: options.credentials,
+        now: now2()
+      });
+      const response = await requestFetch(url, { method: "DELETE", headers: signed.headers });
+      if (!response.ok && response.status !== 404)
+        throw new Error(`S3 delete failed with HTTP ${response.status}`);
+    }
+  };
+}
+function buildS3ObjectKey(config, relativePath) {
+  const prefix = normalizeS3Prefix(config.prefix);
+  const key = normalizeS3Key(relativePath);
+  return `${prefix}${key}`;
+}
+function buildS3ObjectUrl(config, key) {
+  const encodedKey = encodeS3Path(key);
+  if (config.endpoint || config.forcePathStyle) {
+    const base = new URL(config.endpoint ?? `https://s3.${config.region ?? "us-east-1"}.amazonaws.com`);
+    base.pathname = `${trimTrailingSlash(base.pathname)}/${encodeURIComponent(config.bucket)}/${encodedKey}`;
+    return base;
+  }
+  return new URL(`https://${config.bucket}.s3.${config.region ?? "us-east-1"}.amazonaws.com/${encodedKey}`);
+}
+function signAwsV4Request(input) {
+  const amzDate = toAmzDate(input.now);
+  const dateStamp = amzDate.slice(0, 8);
+  const bodyHash = sha256Hex(input.body ?? new Uint8Array);
+  const headers = normalizeHeaders({
+    ...input.headers ?? {},
+    host: input.url.host,
+    "x-amz-content-sha256": bodyHash,
+    "x-amz-date": amzDate,
+    ...input.credentials.sessionToken ? { "x-amz-security-token": input.credentials.sessionToken } : {}
+  });
+  const signedHeaders = Object.keys(headers).sort().join(";");
+  const canonicalHeaders = Object.keys(headers).sort().map((name) => `${name}:${headers[name]}
+`).join("");
+  const canonicalRequest = [
+    input.method.toUpperCase(),
+    input.url.pathname || "/",
+    canonicalQuery(input.url),
+    canonicalHeaders,
+    signedHeaders,
+    bodyHash
+  ].join(`
+`);
+  const credentialScope = `${dateStamp}/${input.region}/${input.service}/aws4_request`;
+  const stringToSign = [
+    "AWS4-HMAC-SHA256",
+    amzDate,
+    credentialScope,
+    sha256Hex(canonicalRequest)
+  ].join(`
+`);
+  const signingKey = getSigningKey(input.credentials.secretAccessKey, dateStamp, input.region, input.service);
+  const signature = hmacHex(signingKey, stringToSign);
+  return {
+    headers: {
+      ...headers,
+      authorization: [
+        `AWS4-HMAC-SHA256 Credential=${input.credentials.accessKeyId}/${credentialScope}`,
+        `SignedHeaders=${signedHeaders}`,
+        `Signature=${signature}`
+      ].join(", ")
+    },
+    canonicalRequest,
+    stringToSign
+  };
+}
+function normalizeBody(body) {
+  if (typeof body === "string")
+    return Buffer.from(body);
+  if (body instanceof Uint8Array)
+    return body;
+  if (body instanceof ArrayBuffer)
+    return new Uint8Array(body);
+  throw new Error("S3 body must be a string, Uint8Array, Buffer, or ArrayBuffer");
+}
+function normalizeS3Prefix(value) {
+  const normalized = value.replace(/\\/g, "/").replace(/^\/+/, "");
+  if (!normalized || normalized.includes(".."))
+    throw new Error("Invalid S3 object key");
+  return normalized.endsWith("/") ? normalized : `${normalized}/`;
+}
+function normalizeS3Key(value) {
+  const normalized = value.replace(/\\/g, "/").replace(/^\/+/, "");
+  if (!normalized || normalized.includes("..") || normalized.endsWith("/"))
+    throw new Error("Invalid S3 object key");
+  return normalized;
+}
+function encodeS3Path(key) {
+  return key.split("/").filter(Boolean).map((part) => encodeURIComponent(part)).join("/");
+}
+function trimTrailingSlash(value) {
+  return value.replace(/\/+$/, "");
+}
+function canonicalQuery(url) {
+  return [...url.searchParams.entries()].sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");
+}
+function normalizeHeaders(headers) {
+  const entries = Object.entries(headers).map(([name, value]) => [
+    name.toLowerCase(),
+    value.trim().replace(/\s+/g, " ")
+  ]);
+  entries.sort((left, right) => left[0].localeCompare(right[0]));
+  return Object.fromEntries(entries);
+}
+function toAmzDate(date) {
+  return date.toISOString().replace(/[:-]|\.\d{3}/g, "");
+}
+function sha256Hex(value) {
+  return createHash3("sha256").update(value).digest("hex");
+}
+function hmac(key, value) {
+  return createHmac("sha256", key).update(value).digest();
+}
+function hmacHex(key, value) {
+  return createHmac("sha256", key).update(value).digest("hex");
+}
+function getSigningKey(secretAccessKey, dateStamp, region, service) {
+  const dateKey = hmac(`AWS4${secretAccessKey}`, dateStamp);
+  const dateRegionKey = hmac(dateKey, region);
+  const dateRegionServiceKey = hmac(dateRegionKey, service);
+  return hmac(dateRegionServiceKey, "aws4_request");
+}
+// src/storage/s3-artifact-sync.ts
+init_database();
+async function uploadRunArtifactsToS3(options) {
+  const db = options.db ?? getDatabase();
+  const now2 = options.now ?? (() => new Date);
+  const result = emptyResult();
+  for (const artifact of listRunArtifacts(db, options.filter)) {
+    try {
+      const metadata = artifact.metadata;
+      if (!options.filter?.includeAlreadySynced && remoteRef(metadata)) {
+        result.skipped += 1;
+        continue;
+      }
+      const content = exportStoredArtifactContent({
+        id: artifact.id,
+        path: artifact.path,
+        size_bytes: artifact.size_bytes,
+        sha256: artifact.sha256,
+        metadata
+      });
+      if (!content) {
+        result.skipped += 1;
+        continue;
+      }
+      const ref = await options.store.putObject({
+        key: content.relative_path,
+        body: Buffer.from(content.base64, "base64"),
+        contentType: mediaType(metadata) ?? "application/octet-stream",
+        metadata: {
+          artifact_id: artifact.id,
+          run_id: artifact.run_id,
+          task_id: artifact.task_id,
+          sha256: content.sha256
+        }
+      });
+      const remote = {
+        provider: "s3",
+        bucket: ref.bucket,
+        key: ref.key,
+        relative_path: content.relative_path,
+        url: ref.url,
+        sha256: content.sha256,
+        size_bytes: content.size_bytes,
+        uploaded_at: now2().toISOString()
+      };
+      updateArtifactMetadata(db, artifact.id, {
+        ...metadata,
+        remote_artifact_store: remote
+      });
+      result.uploaded += 1;
+      result.artifacts.push({
+        id: artifact.id,
+        run_id: artifact.run_id,
+        task_id: artifact.task_id,
+        key: ref.key,
+        sha256: content.sha256,
+        size_bytes: content.size_bytes
+      });
+    } catch (error) {
+      result.errors.push(`${artifact.id}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+  return result;
+}
+function planRunArtifactsS3Sync(options) {
+  const db = options.db ?? getDatabase();
+  const plan = {
+    direction: options.direction,
+    dry_run: true,
+    no_network: true,
+    total: 0,
+    uploadable: 0,
+    downloadable: 0,
+    skipped: 0,
+    errors: [],
+    artifacts: []
+  };
+  for (const artifact of listRunArtifacts(db, options.filter)) {
+    plan.total += 1;
+    try {
+      const metadata = artifact.metadata;
+      const remote = remoteRef(metadata);
+      const integrity = verifyStoredArtifact({
+        id: artifact.id,
+        path: artifact.path,
+        size_bytes: artifact.size_bytes,
+        sha256: artifact.sha256,
+        metadata
+      });
+      if (options.direction === "upload") {
+        if (remote && !options.filter?.includeAlreadySynced) {
+          plan.skipped += 1;
+          plan.artifacts.push(planArtifact(artifact, "already_remote", remote));
+        } else if (integrity.status === "ok") {
+          plan.uploadable += 1;
+          plan.artifacts.push(planArtifact(artifact, "uploadable", remote));
+        } else {
+          plan.skipped += 1;
+          plan.artifacts.push(planArtifact(artifact, integrity.status === "metadata_only" ? "metadata_only" : "missing_local", remote));
+        }
+      } else if (!remote) {
+        plan.skipped += 1;
+        plan.artifacts.push(planArtifact(artifact, "missing_remote_ref", remote));
+      } else if (!options.force && integrity.status === "ok") {
+        plan.skipped += 1;
+        plan.artifacts.push(planArtifact(artifact, "local_ok", remote));
+      } else {
+        plan.downloadable += 1;
+        plan.artifacts.push(planArtifact(artifact, "downloadable", remote));
+      }
+    } catch (error) {
+      plan.errors.push(`${artifact.id}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+  return plan;
+}
+async function downloadRunArtifactsFromS3(options) {
+  const db = options.db ?? getDatabase();
+  const now2 = options.now ?? (() => new Date);
+  const result = emptyResult();
+  for (const artifact of listRunArtifacts(db, options.filter)) {
+    try {
+      const metadata = artifact.metadata;
+      const remote = remoteRef(metadata);
+      if (!remote) {
+        result.skipped += 1;
+        continue;
+      }
+      const integrity = verifyStoredArtifact({
+        id: artifact.id,
+        path: artifact.path,
+        size_bytes: artifact.size_bytes,
+        sha256: artifact.sha256,
+        metadata
+      });
+      if (!options.force && integrity.status === "ok") {
+        result.skipped += 1;
+        continue;
+      }
+      const response = await options.store.getObject(remote.relative_path);
+      const bytes = Buffer.from(await response.arrayBuffer());
+      const report = importStoredArtifactContent({
+        artifact_id: artifact.id,
+        relative_path: remote.relative_path,
+        sha256: remote.sha256,
+        size_bytes: remote.size_bytes,
+        base64: bytes.toString("base64")
+      });
+      if (report.status !== "ok")
+        throw new Error(report.message);
+      updateArtifactMetadata(db, artifact.id, {
+        ...metadata,
+        remote_artifact_store: {
+          ...remote,
+          downloaded_at: now2().toISOString()
+        }
+      });
+      result.downloaded += 1;
+      result.artifacts.push({
+        id: artifact.id,
+        run_id: artifact.run_id,
+        task_id: artifact.task_id,
+        key: remote.key,
+        sha256: remote.sha256,
+        size_bytes: remote.size_bytes
+      });
+    } catch (error) {
+      result.errors.push(`${artifact.id}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+  return result;
+}
+function emptyResult() {
+  return { uploaded: 0, downloaded: 0, skipped: 0, errors: [], artifacts: [] };
+}
+function planArtifact(artifact, status, remote) {
+  return {
+    id: artifact.id,
+    run_id: artifact.run_id,
+    task_id: artifact.task_id,
+    status,
+    sha256: artifact.sha256,
+    size_bytes: artifact.size_bytes,
+    ...remote ? { remote_key: remote.key } : {}
+  };
+}
+function listRunArtifacts(db, filter = {}) {
+  const conditions = [];
+  const values = [];
+  if (filter.runId) {
+    conditions.push("run_id = ?");
+    values.push(filter.runId);
+  }
+  if (filter.taskId) {
+    conditions.push("task_id = ?");
+    values.push(filter.taskId);
+  }
+  const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+  const limit = filter.limit && filter.limit > 0 ? " LIMIT ?" : "";
+  const rows = db.query(`SELECT * FROM task_run_artifacts ${where} ORDER BY created_at, id${limit}`).all(...limit ? [...values, String(filter.limit)] : values);
+  return rows.map((row) => ({ ...row, metadata: parseMetadata2(row.metadata) }));
+}
+function updateArtifactMetadata(db, id, metadata) {
+  db.run("UPDATE task_run_artifacts SET metadata = ? WHERE id = ?", [JSON.stringify(metadata), id]);
+}
+function parseMetadata2(value) {
+  if (!value)
+    return {};
+  if (typeof value === "object" && !Array.isArray(value))
+    return value;
+  if (typeof value !== "string")
+    return {};
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function remoteRef(metadata) {
+  const value = metadata["remote_artifact_store"];
+  if (!value || typeof value !== "object" || Array.isArray(value))
+    return null;
+  const record = value;
+  if (record.provider !== "s3")
+    return null;
+  if (typeof record.bucket !== "string" || typeof record.key !== "string" || typeof record.relative_path !== "string" || typeof record.url !== "string" || typeof record.sha256 !== "string" || typeof record.size_bytes !== "number") {
+    return null;
+  }
+  return record;
+}
+function mediaType(metadata) {
+  const store = metadata["artifact_store"];
+  if (!store || typeof store !== "object" || Array.isArray(store))
+    return null;
+  const value = store["media_type"];
+  return typeof value === "string" ? value : null;
+}
 export {
-  createLocalSqliteTodosStorageAdapter
+  uploadRunArtifactsToS3,
+  signAwsV4Request,
+  postgresTodosSyncSchemaSql,
+  planRunArtifactsS3Sync,
+  parseStorageMode,
+  loadTodosStorageConfig,
+  loadStorageConfig,
+  isTodosRemoteStorageEnabled,
+  importSqliteTodosStorageSnapshot,
+  getTodosStorageMode,
+  getTodosStorageEnvName,
+  getTodosStorageDatabaseUrl,
+  getTodosStorageDatabaseEnv,
+  getStorageMode,
+  getStorageDatabaseUrl,
+  getStorageDatabaseEnv,
+  getCanonicalTodosRdsConfig,
+  exportSqliteTodosStorageSnapshot,
+  downloadRunArtifactsFromS3,
+  createTodosStorageAdapter,
+  createTodosS3ArtifactStore,
+  createPostgresTodosSyncStore,
+  createPostgresTodosStorageAdapter,
+  createLocalSqliteTodosStorageAdapter,
+  createHybridTodosStorageAdapter,
+  buildS3ObjectUrl,
+  buildS3ObjectKey,
+  assertTodosRemoteStorageConfig,
+  TODOS_STORAGE_TABLES,
+  TODOS_STORAGE_FALLBACK_ENV,
+  TODOS_STORAGE_ENV,
+  STORAGE_TABLES,
+  CANONICAL_TODOS_RDS_RUNTIME_PATH,
+  CANONICAL_TODOS_RDS_DATABASE,
+  CANONICAL_TODOS_RDS_CLUSTER
 };