@link-assistant/hive-mind 1.78.8 → 1.78.10

package/CHANGELOG.md

@@ -1,5 +1,97 @@
 # @link-assistant/hive-mind
 
+## 1.78.10
+
+### Patch Changes
+
+- 02faadb: fix(auto-merge): stop `/merge` from hanging forever on fork PRs with external-only `success` checks (#1918)
+
+  The `/merge` auto-merge watch loop could spin on the same commit indefinitely
+  (observed 73 minutes, 72 identical iterations, before a human killed it). It
+  happened on a **fork pull request** whose only repo workflows trigger on `push`
+  (which never fires for fork commits in the base repo) while an external app
+  (CodeRabbit) reported CI status `success` with **0 workflow runs** for the head
+  SHA.
+
+  Root cause: the watch loop reset its consecutive "no workflow runs" safety-valve
+  counter (`consecutiveNoRunsChecks`) on every iteration whenever
+  `ciStatus.status !== 'no_checks'`. Because external-only checks make the status
+  `'success'`, the counter was pinned at `1` and never reached
+  `MAX_NO_RUNS_CHECKS`, so the valve that should have ended the wait never fired —
+  the loop logged `check 1/5` forever.
+
+  Fix: `getMergeBlockers()` now returns a `noWorkflowRunsForCommit` flag that is
+  true while it is still waiting for PR-triggered workflow runs to register, and a
+  new pure helper `shouldResetNoRunsCounter(ciStatus, noWorkflowRunsForCommit)`
+  only resets the counter when CI is **not** in that waiting state. The counter
+  now climbs `1 → 2 → … → 5`, trips the safety valve in a few minutes, and `/merge`
+  proceeds. The #1503 behaviors (reset on new push / on genuine CI runs) are
+  preserved and regression-guarded.
+
+  Added `tests/test-merge-stuck-no-workflow-runs-1918.mjs` and a full case study
+  with timeline, root-cause analysis, and the captured logs under
+  `docs/case-studies/issue-1918`.
+
+- 9e00f14: fix(telegram): never re-execute a forwarded command (`/task`, `/stop`, `/tokens`, `/log`, `/terminal_watch`) (#1922)
+
+  Forwarding a message that starts with a bot command (for example the bot's own
+  `/task <url>` reply, or any `/task https://github.com/owner/repo`) caused the
+  Telegram bot to execute the command again — creating a brand-new GitHub issue or
+  spawning a session the user never intended. `/task` and `/split` only checked
+  `isOldMessage` and never rejected forwarded messages, unlike `/help`, `/solve`,
+  `/hive`, `/merge`, etc.
+
+  Root cause: the existing `isForwardedOrReply` filter rejects _both_ forwards and
+  replies, so commands that use the reply feature (`/task` issue creation, `/solve`
+  URL extraction, targeted `/stop`) could not use it without breaking replies — and
+  were therefore left without any forwarded check at all.
+
+  Fix: a new dedicated `isForwarded(ctx)` filter detects _only_ forwarded messages
+  (new `forward_origin` API + legacy `forward_*` fields) and intentionally ignores
+  replies. It is now applied to every command that previously lacked a forwarded
+  guard — `/task`, `/split`, `/stop` (including targeted `/stop <uuid>`), `/tokens`,
+  `/log`, `/terminal_watch`/`/watch` — and `/solve` was refactored to reuse it
+  instead of its ad-hoc inline check. Genuine user replies keep working.
+
+  Added unit tests for `isForwarded` and for forwarded `/task`/`/split` rejection,
+  plus a full case study with timeline and per-command audit under
+  `docs/case-studies/issue-1922`.
+
+## 1.78.9
+
+### Patch Changes
+
+- a3d4d41: fix(isolation): use native Docker isolation and seed the nested daemon for `--isolation docker` (#1914)
+
+  Two problems made `--isolation docker` behave wrong on the Docker-in-Docker bot
+  host:
+  1. **It wasn't real Docker isolation.** Hive Mind launched isolated tasks as
+     `$ --isolated screen -- docker run …`, so `$ --status` reported
+     `options / isolated screen` — a screen wrapper around a raw `docker run`, not
+     the native Docker backend. Hive Mind now builds
+     `$ --isolated docker --image <img> [--privileged] --shell sh … --detached --session <uuid> -- '<cmd>'`,
+     so start-command owns the container lifecycle and `--status` reports real
+     Docker isolation.
+  2. **The 30+ GB image was re-downloaded for every task.** The bot runs inside a
+     DinD container whose nested `dockerd` starts with an empty image store. box
+     can seed that daemon from the host (host-image passthrough), but only when the
+     host Docker socket is bind-mounted — and when it isn't, passthrough is a
+     _silent_ no-op, so the first isolated task pulled the whole image from the
+     registry. Hive Mind now runs a startup preflight (`preflightDockerIsolation`)
+     that probes the nested daemon and, when the image is absent, prints the exact
+     remediation (mount `/var/run/docker.sock` + set `DIND_HOST_PASSTHROUGH_IMAGES`,
+     or run `scripts/preload-dind-isolation-image.mjs`). The production deploy
+     script was the real root cause — its `docker run` never mounted the host
+     socket — and has been fixed to pass `-v /var/run/docker.sock:…:ro` plus the
+     allowlist.
+
+  Also filed the silent-passthrough footgun upstream as link-foundation/box#102
+  (warn when an allowlist is set but no socket is mounted) — **now fixed and shipped
+  in box v2.3.2** — and bumped this repo's base images from `konard/box:2.3.1` /
+  `konard/box-dind:2.3.1` to `2.3.2` so the upstream warning ships at the source.
+  Added a deep case study with the full reproduction, timeline, and root-cause
+  analysis under `docs/case-studies/issue-1914`.
+
 ## 1.78.8
 
 ### Patch Changes

package/README.hi.md

@@ -45,7 +45,7 @@ Hive Mind एक **सामान्यवादी AI** (मिनी-AGI) ह
 
 Hive Mind में औसत प्रोग्रामर से अलग न पहचानी जा सकने वाली उच्च रचनात्मकता है। यदि आवश्यकताएँ अस्पष्ट हों तो यह प्रश्न पूछता है, और आप PR टिप्पणियों के माध्यम से चलते-चलते स्पष्ट कर सकते हैं।
 
-विस्तृत विशेषताओं और तुलनाओं के लिए, [docs/FEATURES.hi.md](./docs/FEATURES.hi.md) और [docs/COMPARISON.hi.md](./docs/COMPARISON.hi.md) देखें।
+प्रोजेक्ट के दृष्टिकोण और उदाहरण उपयोगकर्ता यात्राओं के लिए, [docs/VISION.hi.md](./docs/VISION.hi.md) देखें। विस्तृत विशेषताओं और तुलनाओं के लिए, [docs/FEATURES.hi.md](./docs/FEATURES.hi.md) और [docs/COMPARISON.hi.md](./docs/COMPARISON.hi.md) देखें।
 
 ## ⚠️ चेतावनी
 

package/README.md

@@ -45,7 +45,7 @@ Both tools can be combined in the same hive. Workers can run different tools in
 
 Hive Mind has high creativity indistinguishable from average programmers. It asks questions if requirements are unclear, and you can clarify on the go via PR comments.
 
-For detailed features and comparisons, see [docs/FEATURES.md](./docs/FEATURES.md) and [docs/COMPARISON.md](./docs/COMPARISON.md).
+For the project's vision and example user journeys, see [docs/VISION.md](./docs/VISION.md). For detailed features and comparisons, see [docs/FEATURES.md](./docs/FEATURES.md) and [docs/COMPARISON.md](./docs/COMPARISON.md).
 
 ## ⚠️ WARNING
 

package/README.ru.md

@@ -45,7 +45,7 @@ Hive Mind — это **универсальный ИИ** (мини-AGI), спо
 
 Hive Mind обладает высоким уровнем творчества, неотличимым от среднего программиста. Он задаёт вопросы, если требования неясны, и вы можете уточнять их на ходу через комментарии к PR.
 
-Подробные возможности и сравнения см. в [docs/FEATURES.ru.md](./docs/FEATURES.ru.md) и [docs/COMPARISON.ru.md](./docs/COMPARISON.ru.md).
+Видение проекта и примеры пользовательских сценариев см. в [docs/VISION.ru.md](./docs/VISION.ru.md). Подробные возможности и сравнения см. в [docs/FEATURES.ru.md](./docs/FEATURES.ru.md) и [docs/COMPARISON.ru.md](./docs/COMPARISON.ru.md).
 
 ## ⚠️ ПРЕДУПРЕЖДЕНИЕ
 

package/README.zh.md

@@ -45,7 +45,7 @@ Hive Mind 是一款**通用 AI**（迷你 AGI），能够处理广泛的任务
 
 Hive Mind 具备与普通程序员无异的高度创造力。当需求不明确时，它会主动提问，您也可以随时通过 PR 评论进行说明补充。
 
-详细功能和对比信息，请参见 [docs/FEATURES.zh.md](./docs/FEATURES.zh.md) 和 [docs/COMPARISON.zh.md](./docs/COMPARISON.zh.md)。
+关于项目的愿景和示例用户旅程，请参见 [docs/VISION.zh.md](./docs/VISION.zh.md)。详细功能和对比信息，请参见 [docs/FEATURES.zh.md](./docs/FEATURES.zh.md) 和 [docs/COMPARISON.zh.md](./docs/COMPARISON.zh.md)。
 
 ## ⚠️ 警告
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/hive-mind",
-  "version": "1.78.8",
+  "version": "1.78.10",
   "description": "AI-powered issue solver and hive mind for collaborative problem solving",
   "main": "src/hive.mjs",
   "type": "module",

package/src/isolation-runner.lib.mjs

@@ -32,13 +32,21 @@ const TERMINAL_SESSION_STATUSES = new Set(['executed', 'completed', 'failed', 'c
 const HIVE_MIND_IMAGE_REPO = 'konard/hive-mind';
 const HIVE_MIND_DIND_IMAGE_REPO = 'konard/hive-mind-dind';
 const DEFAULT_HIVE_MIND_IMAGE_TAG = 'latest';
-// Docker's `--pull` accepts these policies. We only emit the flag when an
-// operator explicitly opts in; otherwise Docker's own default ("missing")
-// applies and `docker run` reuses any locally present image. See issue #1879.
-const VALID_DOCKER_PULL_POLICIES = new Set(['always', 'missing', 'never']);
-const DOCKER_ISOLATION_TRACKING_BACKEND = 'screen';
 const DOCKER_CONTAINER_HOME = '/home/box';
-const DOCKER_CONTAINER_PREFIX = 'hive-mind-isolation';
+// Default path where the host Docker socket is bind-mounted inside a DinD
+// container so box's host-image passthrough can copy host images into the
+// nested daemon. Matches box's own DIND_HOST_DOCKER_SOCK default. The deploy
+// must mount it (`-v /var/run/docker.sock:/var/run/host-docker.sock:ro`) or the
+// nested daemon starts empty and the first isolated task pulls the full,
+// multi-gigabyte image. See issue #1914.
+const DEFAULT_HOST_DOCKER_SOCK = '/var/run/host-docker.sock';
+// Force a POSIX shell for the inner command of Docker-isolated tasks. solve/
+// hive/task live on the image's baked-in PATH, so `sh -c` resolves them without
+// needing a login shell. Forcing the shell (instead of start's 'auto') also
+// skips start's shell-detection probe, which would otherwise `docker run` a
+// throwaway container — booting the dind image's dockerd entrypoint — purely to
+// check whether bash exists. See issue #1914.
+const DOCKER_ISOLATION_SHELL = 'sh';
 
 function normalizeProcessIds(value) {
   if (!value || typeof value !== 'object') return {};
@@ -62,19 +70,10 @@ function shellQuote(value) {
   return `'${stringValue.replaceAll("'", "'\\''")}'`;
 }
 
-function shellDoubleQuote(value) {
-  return `"${String(value).replaceAll('\\', '\\\\').replaceAll('"', '\\"').replaceAll('$', '\\$').replaceAll('`', '\\`')}"`;
-}
-
 function buildShellCommand(command, args = []) {
   return [command, ...args].map(shellQuote).join(' ');
 }
 
-function makeDockerContainerName(sessionId) {
-  const normalizedSession = String(sessionId || crypto.randomUUID()).replace(/[^a-zA-Z0-9_.-]/g, '-');
-  return `${DOCKER_CONTAINER_PREFIX}-${normalizedSession}`;
-}
-
 function shouldRunPrivilegedDockerIsolation(image, env = process.env) {
   return String(env.HIVE_MIND_IMAGE_VARIANT || '').toLowerCase() === 'dind' || String(image || '').includes('hive-mind-dind');
 }
@@ -117,20 +116,15 @@ export function getDockerIsolationImage({ env = process.env } = {}) {
 }
 
 /**
- * Resolve the Docker `--pull` policy for isolated tasks.
- *
- * Returns one of `always` | `missing` | `never`, or `null` when unset (in which
- * case the `--pull` flag is omitted and Docker's default applies). Operators set
- * `HIVE_MIND_DOCKER_ISOLATION_PULL=never` to force reuse of an image already
- * present in the (possibly nested) daemon and fail fast instead of silently
- * re-downloading it. Invalid values are ignored. See issue #1879.
+ * Resolve the path where the host Docker socket is expected to be mounted inside
+ * a DinD container. box's entrypoint reads this socket to copy host images into
+ * the nested daemon (host-image passthrough). Defaults to
+ * `/var/run/host-docker.sock` and can be overridden with `DIND_HOST_DOCKER_SOCK`
+ * (the same variable box honors). See issue #1914.
  */
-export function getDockerIsolationPullPolicy({ env = process.env } = {}) {
-  const raw = String(env.HIVE_MIND_DOCKER_ISOLATION_PULL || '')
-    .trim()
-    .toLowerCase();
-  if (!raw) return null;
-  return VALID_DOCKER_PULL_POLICIES.has(raw) ? raw : null;
+export function resolveHostDockerSock({ env = process.env } = {}) {
+  const explicit = String(env.DIND_HOST_DOCKER_SOCK || '').trim();
+  return explicit || DEFAULT_HOST_DOCKER_SOCK;
 }
 
 /**
@@ -157,46 +151,63 @@ export function getDockerIsolationAuthMounts({ tool = 'claude', env = process.en
 }
 
 /**
- * Build the shell command executed inside a start-command wrapper session for
- * Docker isolation. The wrapper remains a start-command session so Telegram can
- * keep using the same status/log lifecycle while Hive Mind controls image and
- * auth mounts directly.
+ * Resolve the image-variant marker recorded inside the isolated container.
+ * A `hive-mind-dind` image is always the dind variant; otherwise fall back to
+ * the parent's `HIVE_MIND_IMAGE_VARIANT` (or `regular`).
  */
-export function buildDockerIsolationCommand(command, args = [], options = {}) {
+function resolveImageVariant(image, env = process.env) {
+  return image.includes('hive-mind-dind') ? 'dind' : env.HIVE_MIND_IMAGE_VARIANT || 'regular';
+}
+
+/**
+ * Build the `$` (start-command) arguments that launch a Docker-isolated task
+ * using start-command's NATIVE Docker backend (`$ --isolated docker`).
+ *
+ * Issue #1914: earlier versions wrapped a hand-rolled `docker run` inside a
+ * `screen` session (`$ --isolated screen -- docker run …`). That was *screen*
+ * isolation merely shelling out to Docker — not Docker isolation. We now hand
+ * the container lifecycle to start-command itself and only contribute the
+ * pieces Hive Mind must control: which image to run, privileged mode for the
+ * dind variant, the environment markers, and the credential mounts scoped to
+ * the selected tool.
+ *
+ * start-command's Docker backend reuses a locally present image and only pulls
+ * when it is missing (`docker run` with Docker's default "missing" pull
+ * policy), so a host image seeded into the nested daemon via box passthrough is
+ * reused instead of re-downloaded — no `--pull` plumbing required (issue #1879).
+ */
+export function buildDockerIsolationStartArgs(command, args = [], options = {}) {
   const { sessionId, tool = 'claude', env = process.env, homeDir = os.homedir(), existsSync = fs.existsSync } = options;
   const image = getDockerIsolationImage({ env });
-  const innerCommand = buildShellCommand(command, args);
-  const dockerArgs = ['docker', 'run', '--rm'];
-
-  // Reuse a locally present image instead of re-downloading it when the
-  // operator opts in. Omitted by default so Docker's "missing" policy applies.
-  const pullPolicy = getDockerIsolationPullPolicy({ env });
-  if (pullPolicy) {
-    dockerArgs.push('--pull', pullPolicy);
-  }
 
-  dockerArgs.push('--name', makeDockerContainerName(sessionId), '--workdir', DOCKER_CONTAINER_HOME, '-e', `HOME=${DOCKER_CONTAINER_HOME}`, '-e', `HIVE_MIND_PARENT_SESSION_ID=${sessionId || ''}`);
+  const startArgs = ['--isolated', 'docker', '--image', image];
 
   if (shouldRunPrivilegedDockerIsolation(image, env)) {
-    dockerArgs.push('--privileged');
+    startArgs.push('--privileged');
   }
 
-  const imageVariant = image.includes('hive-mind-dind') ? 'dind' : env.HIVE_MIND_IMAGE_VARIANT || 'regular';
-  dockerArgs.push('-e', `HIVE_MIND_IMAGE_VARIANT=${imageVariant}`);
+  // Force the inner shell so start-command does not probe the image to detect
+  // one (see DOCKER_ISOLATION_SHELL).
+  startArgs.push('--shell', DOCKER_ISOLATION_SHELL);
+
+  // The image already sets HOME=/home/box and WORKDIR /home/box; pass HOME
+  // explicitly anyway so the credential mounts under /home/box resolve even if
+  // a future image forgets to. start-command has no --workdir flag, so the
+  // working directory comes from the image's WORKDIR.
+  startArgs.push('-e', `HOME=${DOCKER_CONTAINER_HOME}`, '-e', `HIVE_MIND_PARENT_SESSION_ID=${sessionId || ''}`, '-e', `HIVE_MIND_IMAGE_VARIANT=${resolveImageVariant(image, env)}`);
 
   for (const mount of getDockerIsolationAuthMounts({ tool, env, homeDir, existsSync })) {
-    dockerArgs.push('--volume', `${mount.source}:${mount.target}`);
+    startArgs.push('--volume', `${mount.source}:${mount.target}`);
   }
 
-  dockerArgs.push(image, 'bash', '-lc');
-
-  return [...dockerArgs.map(shellQuote), shellDoubleQuote(innerCommand)].join(' ');
+  startArgs.push('--detached', '--session', sessionId, '--', buildShellCommand(command, args));
+  return startArgs;
 }
 
 export function buildStartCommandArgs(command, args = [], options = {}) {
   const { backend, sessionId } = options;
   if (backend === 'docker') {
-    return ['--isolated', DOCKER_ISOLATION_TRACKING_BACKEND, '--detached', '--session', sessionId, '--', buildDockerIsolationCommand(command, args, options)];
+    return buildDockerIsolationStartArgs(command, args, { ...options, sessionId });
   }
   return ['--isolated', backend, '--detached', '--session', sessionId, '--', buildShellCommand(command, args)];
 }
@@ -413,10 +424,11 @@ export async function executeWithIsolation(command, args, options = {}) {
     if (backend === 'docker') {
       const env = options.env || process.env;
       const image = getDockerIsolationImage({ env });
-      const pullPolicy = getDockerIsolationPullPolicy({ env });
       const mounts = getDockerIsolationAuthMounts({ tool: options.tool, env, homeDir: options.homeDir || os.homedir(), existsSync: options.existsSync || fs.existsSync });
+      console.log('[VERBOSE] isolation-runner: Docker isolation backend: native ($ --isolated docker)');
       console.log(`[VERBOSE] isolation-runner: Docker isolation image: ${image}`);
-      console.log(`[VERBOSE] isolation-runner: Docker isolation pull policy: ${pullPolicy || '(docker default: missing — reuse local image if present)'}`);
+      console.log(`[VERBOSE] isolation-runner: Docker isolation privileged: ${shouldRunPrivilegedDockerIsolation(image, env)}`);
+      console.log('[VERBOSE] isolation-runner: Docker isolation pull: reuse local image if present, pull only if missing (start-command default)');
       console.log(`[VERBOSE] isolation-runner: Docker isolation mounts: ${mounts.map(m => m.target).join(', ') || '(none)'}`);
     }
   }
@@ -553,12 +565,126 @@ export async function checkScreenSessionRunning(sessionName, verbose = false) {
   }
 }
 
+/**
+ * Check whether the Docker container backing a native `$ --isolated docker`
+ * session is still running.
+ *
+ * start-command names the container after the `--session` value, so the
+ * (possibly nested) Docker daemon can be queried directly. This is the
+ * native-Docker analogue of the `screen -ls` fallback: it is consulted only
+ * when `$ --status` has no usable record. The bot runs inside a Docker-in-
+ * Docker container, so `docker` here talks to the same nested daemon that
+ * start-command launched the task container on. See issue #1914.
+ *
+ * @param {string} containerName - Container name (the session UUID)
+ * @param {boolean} [verbose] - Enable verbose logging
+ * @returns {Promise<boolean>} True if the container exists and is running
+ */
+export async function checkDockerContainerRunning(containerName, verbose = false) {
+  try {
+    const result = await $({ mirror: false })`docker inspect -f ${'{{.State.Running}}'} ${containerName}`;
+    const running = (result.stdout?.toString() || '').trim() === 'true';
+    if (verbose) {
+      console.log(`[VERBOSE] isolation-runner: docker inspect for '${containerName}': ${running ? 'running' : 'not running'}`);
+    }
+    return running;
+  } catch {
+    // `docker inspect` exits non-zero when no such container exists.
+    return false;
+  }
+}
+
+/**
+ * Check whether an image is present in the local Docker daemon.
+ *
+ * Inside a Docker-in-Docker container "local" is the NESTED daemon. `docker
+ * image inspect` exits 0 only when the image exists, so a non-zero exit (or a
+ * missing docker binary) is treated as absent. Used by the startup preflight to
+ * predict whether the first isolated task will trigger a full image pull.
+ * See issue #1914.
+ *
+ * @param {string} image - Image reference (repo:tag)
+ * @param {boolean} [verbose] - Enable verbose logging
+ * @returns {Promise<boolean>} True if the image is present locally
+ */
+export async function checkDockerImagePresent(image, verbose = false) {
+  try {
+    await $({ mirror: false })`docker image inspect ${image}`;
+    if (verbose) console.log(`[VERBOSE] isolation-runner: docker image inspect '${image}': present`);
+    return true;
+  } catch {
+    if (verbose) console.log(`[VERBOSE] isolation-runner: docker image inspect '${image}': absent`);
+    return false;
+  }
+}
+
+/**
+ * Startup preflight for `--isolation docker`.
+ *
+ * The bot usually runs inside a Docker-in-Docker container whose NESTED daemon
+ * starts with an empty image store. If the isolation image is not already in
+ * that nested daemon, the first isolated task makes `docker run` pull a fresh
+ * copy — which for the Hive Mind images is multiple gigabytes (issues #1914,
+ * #1879). box can seed the nested daemon automatically (host-image passthrough)
+ * but only when the host Docker socket is bind-mounted into the container; if it
+ * is not mounted, passthrough is a SILENT no-op and the re-download is the first
+ * symptom an operator sees.
+ *
+ * This preflight makes that condition observable at startup instead: it reports
+ * whether the image is already present (reuse, no pull) and, when it is absent,
+ * warns loudly with the exact remediation (mount the host socket / set the
+ * passthrough allowlist, or run the preload script). It never throws and never
+ * blocks startup — a misconfigured passthrough should degrade to a slow first
+ * task, not a dead bot.
+ *
+ * @param {Object} [options]
+ * @param {Object} [options.env] - Environment (defaults to process.env)
+ * @param {Function} [options.existsSync] - fs.existsSync (injectable for tests)
+ * @param {boolean} [options.verbose] - Enable verbose logging
+ * @param {Object} [options.logger] - Logger with .log/.warn (defaults to console)
+ * @param {Function} [options.checkImagePresent] - Image-presence probe (injectable for tests)
+ * @returns {Promise<{image: string, sock: string, socketMounted: boolean, imagePresent: boolean, isDind: boolean, ok: boolean, warnings: string[]}>}
+ */
+export async function preflightDockerIsolation(options = {}) {
+  const { env = process.env, existsSync = fs.existsSync, verbose = false, logger = console, checkImagePresent = checkDockerImagePresent } = options;
+
+  const image = getDockerIsolationImage({ env });
+  const sock = resolveHostDockerSock({ env });
+  const isDind = shouldRunPrivilegedDockerIsolation(image, env);
+  const socketMounted = Boolean(existsSync(sock));
+  const imagePresent = Boolean(await checkImagePresent(image, verbose));
+
+  const result = { image, sock, socketMounted, imagePresent, isDind, ok: imagePresent, warnings: [] };
+  const info = typeof logger.log === 'function' ? logger.log.bind(logger) : () => {};
+  const warn = typeof logger.warn === 'function' ? logger.warn.bind(logger) : info;
+
+  if (imagePresent) {
+    info(`✅ Docker isolation image '${image}' is already present locally — isolated tasks reuse it (no multi-GB pull). See issue #1914.`);
+    return result;
+  }
+
+  // Image absent: the first isolated task will pull the full image. Explain the
+  // most likely cause and the exact fix instead of letting the operator first
+  // discover it as a surprise multi-gigabyte download mid-task.
+  const preload = `node scripts/preload-dind-isolation-image.mjs --image ${image}`;
+  if (isDind && !socketMounted) {
+    result.warnings.push(`Docker isolation image '${image}' is NOT in the nested Docker daemon and the host Docker socket is not mounted at ${sock}. ` + `box host-image passthrough cannot seed the nested daemon, so the FIRST isolated task will pull the full image (the Hive Mind images are multiple GB). ` + `Fix the deployment: add '-v /var/run/docker.sock:${sock}:ro' and '-e DIND_HOST_PASSTHROUGH_IMAGES="konard/hive-mind konard/hive-mind-dind"' to the bot container's 'docker run', or seed it now with: ${preload}`);
+  } else if (isDind && socketMounted) {
+    result.warnings.push(`Docker isolation image '${image}' is NOT in the nested Docker daemon even though the host Docker socket is mounted at ${sock}. ` + `box host-image passthrough may have skipped it (check DIND_HOST_PASSTHROUGH mode, the DIND_HOST_PASSTHROUGH_IMAGES allowlist, and that the host actually has '${image}' with a registry digest). ` + `The first isolated task will pull the full image. Seed it now with: ${preload}`);
+  } else {
+    result.warnings.push(`Docker isolation image '${image}' is not present locally; the first isolated task will pull it. ` + `If this host already has it under a different tag, pin HIVE_MIND_DOCKER_ISOLATION_IMAGE_TAG, or seed it with: ${preload}`);
+  }
+  for (const w of result.warnings) warn(`⚠️ ${w}`);
+  return result;
+}
+
 /**
  * Check if an isolated session is still running.
- * Uses `$ --status` first, with a `screen -ls` fallback for screen-backend
- * sessions to work around start-command UUID mismatch issues.
+ * Uses `$ --status` first, with a backend-specific fallback (screen -ls for
+ * screen, docker inspect for docker) to work around start-command UUID
+ * mismatch issues.
  *
- * @param {string} sessionId - UUID of the session (used for both $ --status and screen session name)
+ * @param {string} sessionId - UUID of the session (also the screen session name / docker container name)
  * @param {Object} [options] - Options
  * @param {string} [options.backend] - Isolation backend ('screen', 'tmux', 'docker')
  * @param {boolean} [options.verbose] - Enable verbose logging
@@ -579,19 +705,29 @@ export async function isSessionRunning(sessionId, options = {}) {
     }
   }
 
-  // Fallback: for screen-backed sessions, check screen -ls directly.
-  // Docker isolation is also tracked through a screen wrapper so Hive Mind can
-  // control image selection and credential mounts while preserving logs/status.
-  // Only use this when $ --status has no usable record. This works around
-  // older start-command bugs where:
-  // 1. $ --status can't find session by --session name (only by internal UUID)
-  // See: https://github.com/link-assistant/hive-mind/issues/1545
-  if ((backend === 'screen' || backend === 'docker') && shouldFallbackToScreenStatus(result)) {
-    const screenRunning = await checkScreenSessionRunning(sessionId, verbose);
-    if (screenRunning && verbose) {
-      console.log(`[VERBOSE] isolation-runner: $ --status says not running, but screen -ls confirms session '${sessionId}' is still active`);
+  // Fallback used only when `$ --status` has no usable record. This works
+  // around older start-command bugs where `$ --status` can't resolve a session
+  // by its --session name (only by an internal UUID). See issue #1545.
+  //   - screen sessions: confirm via `screen -ls`.
+  //   - docker sessions: confirm via `docker inspect` on the container that
+  //     start-command named after the session UUID. Native Docker isolation
+  //     (issue #1914) is a real container, not a screen wrapper, so the screen
+  //     check no longer applies to it.
+  if (shouldFallbackToScreenStatus(result)) {
+    if (backend === 'screen') {
+      const screenRunning = await checkScreenSessionRunning(sessionId, verbose);
+      if (screenRunning && verbose) {
+        console.log(`[VERBOSE] isolation-runner: $ --status says not running, but screen -ls confirms session '${sessionId}' is still active`);
+      }
+      return screenRunning;
+    }
+    if (backend === 'docker') {
+      const containerRunning = await checkDockerContainerRunning(sessionId, verbose);
+      if (containerRunning && verbose) {
+        console.log(`[VERBOSE] isolation-runner: $ --status says not running, but docker inspect confirms container '${sessionId}' is still active`);
+      }
+      return containerRunning;
     }
-    return screenRunning;
   }
 
   return false;

package/src/solve.auto-merge-helpers.lib.mjs

@@ -421,9 +421,53 @@ export const trackAuthenticatedUserCommentsSince = async (owner, repo, prNumber,
  * - billing_limit: Billing/spending limit reached → stop (private) or wait (public)
  * - no_checks: No CI checks yet (race condition) → wait
  */
+/**
+ * Issue #1918: Decide whether the consecutive "no workflow runs" counter should be
+ * reset after a getMergeBlockers() result.
+ *
+ * The counter (`consecutiveNoRunsChecks` in the watch loop) is a safety valve: after
+ * MAX_NO_RUNS_CHECKS consecutive checks where a repo's PR-triggered workflows produced
+ * 0 workflow runs, /merge stops waiting and trusts the available signal (external
+ * checks / mergeability). For that valve to ever fire, the counter must keep
+ * incrementing across watch-loop iterations for the same commit.
+ *
+ * The previous logic reset the counter whenever `ciStatus.status !== 'no_checks'`.
+ * That is wrong when `status === 'success'` comes from EXTERNAL checks only (e.g.
+ * CodeRabbit) while the repo's own PR-triggered workflows have 0 runs — for example a
+ * fork PR whose only workflow triggers on `push`, which never fires for fork commits in
+ * the base repo. In that case getMergeBlockers keeps emitting the "no workflow runs"
+ * wait, but the caller reset the counter to 0 every iteration, pinning it at "check
+ * 1/5" forever — an infinite watch loop that hung for over an hour (Issue #1918).
+ *
+ * Fix: keep the counter whenever getMergeBlockers signals it is still inside the
+ * no-workflow-runs wait (`noWorkflowRunsForCommit === true`), regardless of ciStatus.
+ *
+ * @param {{status?: string}|null|undefined} ciStatus - Detailed CI status object.
+ * @param {boolean} [noWorkflowRunsForCommit=false] - True when getMergeBlockers is still
+ *   waiting for PR-triggered workflow runs to register for the current commit.
+ * @returns {boolean} true if `consecutiveNoRunsChecks` should be reset to 0.
+ */
+export const shouldResetNoRunsCounter = (ciStatus, noWorkflowRunsForCommit = false) => {
+  // Still inside the no-workflow-runs safety-valve wait — the counter MUST keep
+  // climbing toward MAX_NO_RUNS_CHECKS, so do not reset it.
+  if (noWorkflowRunsForCommit) {
+    return false;
+  }
+  // Genuine CI checks exist (pending/success/failure backed by workflow runs) — the
+  // "no runs" counter is irrelevant and should be reset.
+  return Boolean(ciStatus && ciStatus.status !== 'no_checks');
+};
+
 export const getMergeBlockers = async (owner, repo, prNumber, verbose = false, checkCount = 1, prBranchRef = null) => {
   const blockers = [];
 
+  // Issue #1918: Tracks whether we are still waiting for PR-triggered workflow runs to
+  // register for the current commit (0 runs observed). When true, the caller must NOT
+  // reset its consecutive-no-runs counter, otherwise the MAX_NO_RUNS_CHECKS safety valve
+  // never fires and /merge loops forever (e.g. fork PR + push-only workflow + a passing
+  // external check reporting status 'success').
+  let noWorkflowRunsForCommit = false;
+
   // Use detailed CI status to distinguish between all possible states
   const ciStatus = await getDetailedCIStatus(owner, repo, prNumber, verbose);
 
@@ -630,6 +674,8 @@ export const getMergeBlockers = async (owner, repo, prNumber, verbose = false, c
             if (verbose) {
               await log(formatAligned('⏳', 'Waiting for CI:', `No workflow runs for SHA ${ciStatus.sha.substring(0, 7)}, but workflows have PR/push triggers (${prTriggers.workflows.map(w => w.name).join(', ')}) — check ${checkCount}/${MAX_NO_RUNS_CHECKS}, commit age: ${commitInfo.ageSeconds ?? 'unknown'}s`, 2));
             }
+            // Issue #1918: Still waiting for workflow runs to register — keep the counter.
+            noWorkflowRunsForCommit = true;
             blockers.push({
               type: 'ci_pending',
               message: `CI/CD workflow runs have not appeared yet — workflows have PR/push triggers (${prTriggers.workflows.map(w => w.name).join(', ')}), waiting for GitHub to register workflow runs (check ${checkCount}/${MAX_NO_RUNS_CHECKS})`,
@@ -640,6 +686,8 @@ export const getMergeBlockers = async (owner, repo, prNumber, verbose = false, c
             if (verbose) {
               await log(`[VERBOSE] /merge: No PR/push triggers found in workflow files, but commit is only ${commitInfo.ageSeconds}s old — waiting to be safe`);
             }
+            // Issue #1918: Still inside the grace-period wait for workflow runs — keep the counter.
+            noWorkflowRunsForCommit = true;
             blockers.push({
               type: 'ci_pending',
               message: `CI/CD workflow runs have not appeared yet — commit is ${commitInfo.ageSeconds}s old, waiting for GitHub to register workflow runs (grace period: ${WORKFLOW_RUN_GRACE_PERIOD_SECONDS}s)`,
@@ -717,6 +765,9 @@ export const getMergeBlockers = async (owner, repo, prNumber, verbose = false, c
             if (verbose) {
               await log(`[VERBOSE] /merge: PR #${prNumber} CI status is 'success' (${ciStatus.passedChecks.length} external checks), but repo has PR-triggered workflows with 0 workflow runs — likely race condition (check ${checkCount}/${MAX_NO_RUNS_CHECKS})`);
             }
+            // Issue #1918: Keep the caller's no-runs counter climbing so the safety valve
+            // can fire — otherwise a 'success' from external-only checks resets it forever.
+            noWorkflowRunsForCommit = true;
             // Wait for GitHub Actions to register workflow runs
             blockers.push({
               type: 'ci_pending',
@@ -839,11 +890,12 @@ export const getMergeBlockers = async (owner, repo, prNumber, verbose = false, c
     });
   }
 
-  return { blockers, ciStatus, noCiConfigured: false, noCiTriggered: false };
+  return { blockers, ciStatus, noCiConfigured: false, noCiTriggered: false, noWorkflowRunsForCommit };
 };
 
 export default {
   checkForExistingComment,
   checkForNonBotComments,
   getMergeBlockers,
+  shouldResetNoRunsCounter,
 };

package/src/solve.auto-merge.lib.mjs

@@ -54,7 +54,7 @@ import { limitReset } from './config.lib.mjs';
 
 // Import helper functions extracted for file size management (Issue #1593)
 const autoMergeHelpers = await import('./solve.auto-merge-helpers.lib.mjs');
-const { checkForExistingComment, checkForNonBotComments, getMergeBlockers, trackAuthenticatedUserCommentsSince, nextMonotonicCheckTime } = autoMergeHelpers;
+const { checkForExistingComment, checkForNonBotComments, getMergeBlockers, shouldResetNoRunsCounter, trackAuthenticatedUserCommentsSince, nextMonotonicCheckTime } = autoMergeHelpers;
 
 // Issue #1769: cancelled/stale CI re-run failures need a human action stop, not polling forever.
 const cancelledCiRerunLib = await import('./cancelled-ci-rerun.lib.mjs');
@@ -203,10 +203,15 @@ export const watchUntilMergeable = async params => {
       consecutiveNoRunsChecks++;
 
       // Get merge blockers
-      const { blockers, noCiConfigured, noCiTriggered, workflowRunConclusions, ciStatus } = await getMergeBlockers(owner, repo, prNumber, argv.verbose, consecutiveNoRunsChecks, prBranch);
-
-      // Issue #1503: Reset counter when CI checks exist (safety valve only for consecutive "no runs")
-      if (ciStatus && ciStatus.status !== 'no_checks') {
+      const { blockers, noCiConfigured, noCiTriggered, workflowRunConclusions, ciStatus, noWorkflowRunsForCommit } = await getMergeBlockers(owner, repo, prNumber, argv.verbose, consecutiveNoRunsChecks, prBranch);
+
+      // Issue #1503/#1918: Reset counter when CI checks exist (safety valve only for
+      // consecutive "no runs"). Issue #1918: do NOT reset while getMergeBlockers is still
+      // waiting for PR-triggered workflow runs to register (noWorkflowRunsForCommit). A
+      // 'success' status from external-only checks (e.g. CodeRabbit) on a fork PR whose
+      // workflow only triggers on `push` previously reset the counter every iteration,
+      // pinning it at "check 1/5" forever and hanging /merge for over an hour.
+      if (shouldResetNoRunsCounter(ciStatus, noWorkflowRunsForCommit)) {
         // CI checks exist (pending, success, failure, etc.) — the "no runs" counter is irrelevant
         consecutiveNoRunsChecks = 0;
       } else if (noCiConfigured || noCiTriggered) {

package/src/telegram-bot.mjs

@@ -40,7 +40,7 @@ const { getSolveQueue, createQueueExecuteCallback } = await import('./telegram-s
 const { applySolveToolAlias, getFirstParsedPositionalArg, getSolveCommandNameFromText, getSolveToolAliasFromText, moveArgumentToFront, parseArgsWithYargs, parseCommandArgs, SOLVE_COMMAND_NAMES } = await import('./telegram-solve-command.lib.mjs');
 const { executeStartScreen: executeStartScreenCommand, buildExecuteAndUpdateMessage } = await import('./telegram-command-execution.lib.mjs');
 const { isChatStopped, getChatStopInfo, getStoppedChatRejectMessage, DEFAULT_STOP_REASON } = await import('./telegram-start-stop-command.lib.mjs');
-const { isOldMessage: _isOldMessage, isGroupChat: _isGroupChat, isChatAuthorized: _isChatAuthorized, isForwardedOrReply: _isForwardedOrReply, extractCommandFromText, extractGitHubUrl: _extractGitHubUrl } = await import('./telegram-message-filters.lib.mjs');
+const { isOldMessage: _isOldMessage, isGroupChat: _isGroupChat, isChatAuthorized: _isChatAuthorized, isForwarded: _isForwarded, isForwardedOrReply: _isForwardedOrReply, extractCommandFromText, extractGitHubUrl: _extractGitHubUrl } = await import('./telegram-message-filters.lib.mjs');
 const { installTelegramFormattingFallback, isTelegramFormattingError, isTelegramMessageTooLongError, safeEditMessageText, safeReply, TELEGRAM_TEXT_LIMIT } = await import('./telegram-safe-reply.lib.mjs');
 const { registerTerminalWatchCommand, startAutoTerminalWatchForSession } = await import('./telegram-terminal-watch-command.lib.mjs');
 const { launchBotWithRetry } = await import('./telegram-bot-launcher.lib.mjs');
@@ -180,6 +180,16 @@ if (ISOLATION_BACKEND) {
   }
   console.log(`🔒 Isolation mode enabled: ${ISOLATION_BACKEND} (experimental)`);
   isolationRunner = await import('./isolation-runner.lib.mjs');
+  // For docker isolation, run a startup preflight so a missing/un-passed-through
+  // image surfaces as a loud, actionable warning instead of a surprise multi-GB
+  // pull on the first isolated task (issues #1914, #1879). Never throws.
+  if (ISOLATION_BACKEND === 'docker' && typeof isolationRunner.preflightDockerIsolation === 'function') {
+    try {
+      await isolationRunner.preflightDockerIsolation({ verbose: VERBOSE });
+    } catch (preflightError) {
+      console.error(`⚠️ Docker isolation preflight failed (continuing): ${preflightError?.message || preflightError}`);
+    }
+  }
 }
 
 // Validate solve overrides early using solve's yargs config
@@ -359,6 +369,13 @@ function isForwardedOrReply(ctx) {
   return _isForwardedOrReply(ctx, { verbose: VERBOSE });
 }
 
+// Forwarded-only check (issue #1922). Commands that support the reply feature
+// (e.g. /task, /solve) must still reject forwarded commands without rejecting
+// genuine user replies, so they use this instead of isForwardedOrReply.
+function isForwarded(ctx) {
+  return _isForwarded(ctx, { verbose: VERBOSE });
+}
+
 /**
  * Validates the model name in the args array and returns an error message if invalid
  * @param {string[]} args - Array of command arguments
@@ -603,7 +620,7 @@ const { registerLanguageCommand } = await import('./telegram-language-command.li
 registerLanguageCommand(bot, { VERBOSE, isOldMessage, isForwardedOrReply });
 
 const { registerAcceptInvitesCommand } = await import('./telegram-accept-invitations.lib.mjs');
-const sharedCommandOpts = { VERBOSE, isOldMessage, isForwardedOrReply, isGroupChat: _isGroupChat, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage, addBreadcrumb, isChatStopped, getStoppedChatRejectMessage };
+const sharedCommandOpts = { VERBOSE, isOldMessage, isForwarded, isForwardedOrReply, isGroupChat: _isGroupChat, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage, addBreadcrumb, isChatStopped, getStoppedChatRejectMessage };
 registerAcceptInvitesCommand(bot, sharedCommandOpts);
 const { registerMergeCommand } = await import('./telegram-merge-command.lib.mjs');
 registerMergeCommand(bot, sharedCommandOpts);
@@ -653,12 +670,9 @@ async function handleSolveCommand(ctx) {
   }
 
   // Check if this is a forwarded message (not allowed)
-  // But allow reply messages for URL extraction feature
+  // But allow reply messages for URL extraction feature (issue #1922)
   const message = ctx.message;
-  const isForwarded = message.forward_origin && message.forward_origin.type;
-  const isOldApiForwarded = message.forward_from || message.forward_from_chat || message.forward_from_message_id || message.forward_signature || message.forward_sender_name || message.forward_date;
-
-  if (isForwarded || isOldApiForwarded) {
+  if (isForwarded(ctx)) {
     if (VERBOSE) {
       console.log(`[VERBOSE] ${solveCommandDisplay} ignored: forwarded message`);
     }

package/src/telegram-log-command.lib.mjs

@@ -154,7 +154,7 @@ async function fileSize(filePath) {
  * @param {Function} [options.parseGitHubUrl] - Override for tests
  */
 export async function registerLogCommand(bot, options) {
-  const { VERBOSE = false, isOldMessage, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage } = options;
+  const { VERBOSE = false, isOldMessage, isForwarded, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage } = options;
   const querySessionStatus = options.querySessionStatus || (await import('./isolation-runner.lib.mjs')).querySessionStatus;
   const getTrackedSessionInfo = options.getTrackedSessionInfo || (await import('./session-monitor.lib.mjs')).getTrackedSessionInfo;
   const detectRepositoryVisibility = options.detectRepositoryVisibility || (await import('./github.lib.mjs')).detectRepositoryVisibility;
@@ -167,6 +167,11 @@ export async function registerLogCommand(bot, options) {
       VERBOSE && console.log('[VERBOSE] /log ignored: old message');
       return;
     }
+    // Issue #1922: never re-execute a forwarded command.
+    if (isForwarded && isForwarded(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /log ignored: forwarded message');
+      return;
+    }
 
     const chat = ctx.chat;
     const message = ctx.message;

package/src/telegram-message-filters.lib.mjs

@@ -57,31 +57,35 @@ export function isChatAuthorized(chatId, allowedChats) {
 }
 
 /**
- * Check if a message is forwarded or a reply to another user's message.
+ * Check if a message is a forwarded message.
  *
- * This function distinguishes between:
- * 1. Forwarded messages (should be ignored)
- * 2. User replies to other messages (should be ignored, except for /solve reply feature)
- * 3. Forum topic messages (should NOT be ignored - they have reply_to_message pointing
- *    to the topic's first message with forum_topic_created)
- * 4. Normal messages (should NOT be ignored)
+ * Unlike {@link isForwardedOrReply}, this function ONLY detects forwarded
+ * messages and intentionally ignores replies. It exists so command handlers
+ * that rely on the reply feature (e.g. `/task` issue creation, `/solve` URL
+ * extraction) can still reject forwarded commands — which must never be
+ * executed again — while continuing to accept genuine user replies.
+ *
+ * A forwarded command is dangerous because forwarding the bot's own response
+ * (or any message that starts with `/task`, `/solve`, ...) would otherwise
+ * trigger a brand-new execution that the user never intended.
  *
  * @param {Object} ctx - Telegraf context object
  * @param {Object} [options] - Options
  * @param {boolean} [options.verbose] - Enable verbose logging
- * @returns {boolean} true if message is forwarded or a reply (and should be filtered)
+ * @returns {boolean} true if message is forwarded (and should be filtered)
+ * @see https://github.com/link-assistant/hive-mind/issues/1922
  */
-export function isForwardedOrReply(ctx, options = {}) {
+export function isForwarded(ctx, options = {}) {
   const message = ctx.message;
   if (!message) {
     if (options.verbose) {
-      console.log('[VERBOSE] isForwardedOrReply: No message object');
+      console.log('[VERBOSE] isForwarded: No message object');
     }
     return false;
   }
 
   if (options.verbose) {
-    console.log('[VERBOSE] isForwardedOrReply: Checking message fields...');
+    console.log('[VERBOSE] isForwarded: Checking forwarding fields...');
     console.log('[VERBOSE]   message.forward_origin:', JSON.stringify(message.forward_origin));
     console.log('[VERBOSE]   message.forward_origin?.type:', message.forward_origin?.type);
     console.log('[VERBOSE]   message.forward_from:', JSON.stringify(message.forward_from));
@@ -90,8 +94,6 @@ export function isForwardedOrReply(ctx, options = {}) {
     console.log('[VERBOSE]   message.forward_signature:', message.forward_signature);
     console.log('[VERBOSE]   message.forward_sender_name:', message.forward_sender_name);
     console.log('[VERBOSE]   message.forward_date:', message.forward_date);
-    console.log('[VERBOSE]   message.reply_to_message:', JSON.stringify(message.reply_to_message));
-    console.log('[VERBOSE]   message.reply_to_message?.message_id:', message.reply_to_message?.message_id);
   }
 
   // Check if message is forwarded (has forward_origin field with actual content)
@@ -99,15 +101,57 @@ export function isForwardedOrReply(ctx, options = {}) {
   // which are truthy in JavaScript but don't indicate a forwarded message
   if (message.forward_origin && message.forward_origin.type) {
     if (options.verbose) {
-      console.log('[VERBOSE] isForwardedOrReply: TRUE - forward_origin.type exists:', message.forward_origin.type);
+      console.log('[VERBOSE] isForwarded: TRUE - forward_origin.type exists:', message.forward_origin.type);
     }
     return true;
   }
   // Also check old forwarding API fields for backward compatibility
   if (message.forward_from || message.forward_from_chat || message.forward_from_message_id || message.forward_signature || message.forward_sender_name || message.forward_date) {
     if (options.verbose) {
-      console.log('[VERBOSE] isForwardedOrReply: TRUE - old forwarding API field detected');
+      console.log('[VERBOSE] isForwarded: TRUE - old forwarding API field detected');
+    }
+    return true;
+  }
+
+  if (options.verbose) {
+    console.log('[VERBOSE] isForwarded: FALSE - no forwarding detected');
+  }
+  return false;
+}
+
+/**
+ * Check if a message is forwarded or a reply to another user's message.
+ *
+ * This function distinguishes between:
+ * 1. Forwarded messages (should be ignored)
+ * 2. User replies to other messages (should be ignored, except for /solve reply feature)
+ * 3. Forum topic messages (should NOT be ignored - they have reply_to_message pointing
+ *    to the topic's first message with forum_topic_created)
+ * 4. Normal messages (should NOT be ignored)
+ *
+ * @param {Object} ctx - Telegraf context object
+ * @param {Object} [options] - Options
+ * @param {boolean} [options.verbose] - Enable verbose logging
+ * @returns {boolean} true if message is forwarded or a reply (and should be filtered)
+ */
+export function isForwardedOrReply(ctx, options = {}) {
+  const message = ctx.message;
+  if (!message) {
+    if (options.verbose) {
+      console.log('[VERBOSE] isForwardedOrReply: No message object');
     }
+    return false;
+  }
+
+  if (options.verbose) {
+    console.log('[VERBOSE] isForwardedOrReply: Checking message fields...');
+    console.log('[VERBOSE]   message.reply_to_message:', JSON.stringify(message.reply_to_message));
+    console.log('[VERBOSE]   message.reply_to_message?.message_id:', message.reply_to_message?.message_id);
+  }
+
+  // Forwarded messages are handled by the shared isForwarded() filter so the
+  // forwarding detection logic lives in exactly one place (issue #1922).
+  if (isForwarded(ctx, options)) {
     return true;
   }
   // Check if message is a reply (has reply_to_message field with actual content)

package/src/telegram-start-stop-command.lib.mjs

@@ -270,7 +270,7 @@ export function isStopTargetRequester({ userId, queueItem = null, sessionInfo =
  *   See https://github.com/link-assistant/hive-mind/issues/1871.
  */
 export function registerStartStopCommands(bot, options) {
-  const { VERBOSE = false, isOldMessage, isForwardedOrReply, isGroupChat, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage, getSolveQueue } = options;
+  const { VERBOSE = false, isOldMessage, isForwarded, isForwardedOrReply, isGroupChat, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage, getSolveQueue } = options;
   const stopIsolatedSessionImpl = options.stopIsolatedSession || (async (...args) => (await import('./isolation-runner.lib.mjs')).stopIsolatedSession(...args));
   // Issue #1783: look the UUID up in the session monitor so /stop can let the
   // user who started the task stop it (mirrors /terminal_watch from PR #1779).
@@ -529,6 +529,13 @@ export function registerStartStopCommands(bot, options) {
       VERBOSE && console.log('[VERBOSE] /stop ignored: old message');
       return;
     }
+    // Issue #1922: a forwarded /stop (even a targeted `/stop <uuid>`) must never
+    // be re-executed. Replies are still allowed because the targeted modes use
+    // them on purpose (#524, #1780), so we use the forwarded-only filter here.
+    if (isForwarded && isForwarded(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /stop ignored: forwarded message');
+      return;
+    }
 
     // Detect UUID/URL targets BEFORE the forwarded/reply rejection used by
     // the chat-level stop, because both targeted modes are intentionally

package/src/telegram-task-command.lib.mjs

@@ -95,7 +95,7 @@ function injectLanguageIfMissing(args, locale) {
 }
 
 export function registerTaskCommands(bot, options) {
-  const { VERBOSE, taskEnabled, addBreadcrumb, isOldMessage, isGroupChat, isTopicAuthorized, buildAuthErrorMessage, isChatStopped, getStoppedChatRejectMessage, safeReply, executeAndUpdateMessage, createTaskIssue: createTaskIssueFn = createTaskIssue, resolveLocale = null } = options;
+  const { VERBOSE, taskEnabled, addBreadcrumb, isOldMessage, isForwarded, isGroupChat, isTopicAuthorized, buildAuthErrorMessage, isChatStopped, getStoppedChatRejectMessage, safeReply, executeAndUpdateMessage, createTaskIssue: createTaskIssueFn = createTaskIssue, resolveLocale = null } = options;
 
   async function handleTaskCommand(ctx) {
     const commandName = getTaskCommandNameFromText(ctx.message?.text) || 'task';
@@ -114,6 +114,13 @@ export function registerTaskCommands(bot, options) {
       return;
     }
     if (isOldMessage(ctx)) return;
+    // Issue #1922: a forwarded /task command must never be re-executed. Replies
+    // are still allowed because /task uses them for issue creation, so we use the
+    // forwarded-only filter instead of isForwardedOrReply.
+    if (isForwarded && isForwarded(ctx)) {
+      VERBOSE && console.log(`[VERBOSE] ${commandDisplay} ignored: forwarded message`);
+      return;
+    }
     if (!isGroupChat(ctx)) {
       await ctx.reply(`❌ The ${commandDisplay} command only works in group chats. Please add this bot to a group and make it an admin.`, { reply_to_message_id: ctx.message.message_id });
       return;

package/src/telegram-terminal-watch-command.lib.mjs

@@ -307,7 +307,7 @@ export async function startAutoTerminalWatchForSession({ bot, ctx, sessionId, se
 }
 
 export async function registerTerminalWatchCommand(bot, options) {
-  const { VERBOSE = false, isOldMessage, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage } = options;
+  const { VERBOSE = false, isOldMessage, isForwarded, isChatAuthorized, isTopicAuthorized, buildAuthErrorMessage } = options;
   const runner = !options.querySessionStatus || !options.isTerminalSessionStatus ? await import('./isolation-runner.lib.mjs') : null;
   const querySessionStatus = options.querySessionStatus || runner.querySessionStatus;
   const isTerminalSessionStatus = options.isTerminalSessionStatus || runner.isTerminalSessionStatus;
@@ -318,6 +318,11 @@ export async function registerTerminalWatchCommand(bot, options) {
   const handleTerminalWatchCommand = async ctx => {
     VERBOSE && console.log('[VERBOSE] /terminal_watch command received');
     if (isOldMessage && isOldMessage(ctx)) return;
+    // Issue #1922: never re-execute a forwarded command.
+    if (isForwarded && isForwarded(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /terminal_watch ignored: forwarded message');
+      return;
+    }
 
     const chat = ctx.chat;
     const message = ctx.message;

package/src/telegram-tokens-command.lib.mjs

@@ -90,7 +90,7 @@ export const formatTokenList = tokens => {
  * @param {Function} [options.fetchTokens] — test override for getAllKnownLocalTokens
  */
 export const registerTokensCommand = (bot, options = {}) => {
-  const { VERBOSE = false, isOldMessage, allowedChats } = options;
+  const { VERBOSE = false, isOldMessage, isForwarded, allowedChats } = options;
   const fetchTokens = options.fetchTokens || getAllKnownLocalTokens;
 
   bot.command('tokens', async ctx => {
@@ -98,6 +98,11 @@ export const registerTokensCommand = (bot, options = {}) => {
       VERBOSE && console.log('[VERBOSE] /tokens ignored: old message');
       return;
     }
+    // Issue #1922: never re-execute a forwarded command.
+    if (isForwarded && isForwarded(ctx)) {
+      VERBOSE && console.log('[VERBOSE] /tokens ignored: forwarded message');
+      return;
+    }
 
     const chat = ctx.chat;
     if (!chat || !ctx.from) return;