@pleri/olam-cli 0.1.195 → 0.1.198

package/dist/mcp-server.js

@@ -11497,7 +11497,14 @@ var init_schema2 = __esm({
       // a doc-lookup task routes to `cloudflare-isolate` when its worker_url is
       // set). Never routes to an unconfigured tier; falls back to `default` with
       // an explicit reason. See packages/core/src/dispatch/tier-selection.ts.
-      verifiability_routing: external_exports.boolean().optional().default(false)
+      verifiability_routing: external_exports.boolean().optional().default(false),
+      // Phase B auto-recovery — off by default (backward-compatible with all
+      // existing .olam/config.yaml files that omit this field).
+      //   false       — detection only; never kills (default)
+      //   true        — kill + replay when wedge confirmed + rate-limit allows
+      //   'dry-run'   — emits breadcrumbs but never kills (confidence mode)
+      // See docs/architecture/world-watchdog.md Recovery section.
+      autoRecover: external_exports.union([external_exports.boolean(), external_exports.literal("dry-run")]).default(false)
     });
     CostConfigSchema = external_exports.object({
       max_per_world_usd: external_exports.number().positive().default(50),
@@ -11695,7 +11702,10 @@ var init_defaults = __esm({
       providers: {},
       // Verifiability-routed tier selection is opt-in (ADR 022 §Consequences #2);
       // the default is OFF so dispatch behaviour is unchanged out of the box.
-      verifiability_routing: false
+      verifiability_routing: false,
+      // World-watchdog auto-recovery is opt-in; default OFF so existing operators
+      // see no behaviour change until they explicitly enable it in config.
+      autoRecover: false
     };
     DEFAULT_COST = {
       max_per_world_usd: 50,
@@ -11983,7 +11993,17 @@ var init_source_config_schema = __esm({
        * `SkillSourceSchema.prefixScope`. Operators inherit this when their
        * `~/.olam/config.json` has no explicit `prefixScope` override.
        */
-      prefixScope: external_exports.array(external_exports.enum(["skill", "agent"])).optional()
+      prefixScope: external_exports.array(external_exports.enum(["skill", "agent"])).optional(),
+      /**
+       * Source's RECOMMENDED prefixTarget patterns. Same semantics as
+       * operator-side `SkillSourceSchema.prefixTarget`: an array of glob
+       * patterns (only `*` wildcard) that restrict which canonical names are
+       * renamed. Operators inherit this when their `~/.olam/config.json` has
+       * no explicit `prefixTarget` override.
+       *
+       * See: docs/decisions/022-prefix-target-name-patterns.md.
+       */
+      prefixTarget: external_exports.array(external_exports.string().min(1, "prefixTarget pattern must be a non-empty string")).optional()
     }).strict();
     SourceConfigSnapshotSchema = SourceConfigSchema;
   }
@@ -12029,6 +12049,29 @@ var init_schema3 = __esm({
        * NOT applicable when `prefix` is undefined.
        */
       prefixScope: external_exports.array(external_exports.enum(["skill", "agent"])).optional(),
+      /**
+       * Restrict prefix renaming to canonical names matching at least one glob
+       * pattern. Patterns support `*` as a wildcard (zero or more chars); no
+       * other metacharacters. Examples:
+       *
+       *   `['*']`             — rename ALL skills/agents (DEFAULT — today's behavior)
+       *   `['10x:*']`         — rename only canonicals that start with `10x:`
+       *   `['10x:*', 'atl:*']`— match either namespace
+       *   `['plan-*']`        — match a name-family prefix
+       *
+       * When `prefixTarget` is undefined OR `['*']`, all kind-allowed artifacts are
+       * renamed (identical to the pre-ADR-022 behavior — full backward compat).
+       *
+       * When set, artifacts whose canonical name does NOT match ANY pattern are
+       * deployed WITHOUT a prefix (canonical-only). No error is raised; `sync`
+       * output emits a `[prefix-target: <n> skipped]` warning so operators can
+       * detect misconfigured patterns.
+       *
+       * NOT applicable when `prefix` is undefined.
+       *
+       * See: docs/decisions/022-prefix-target-name-patterns.md.
+       */
+      prefixTarget: external_exports.array(external_exports.string().min(1, "prefixTarget pattern must be a non-empty string")).optional(),
       /**
        * Snapshot of the LAST source-config.yaml content this operator saw +
        * consented to (ADR-021). Trust-gate state: when the live source-config
@@ -12706,6 +12749,18 @@ function updateSkillSource(id, patch) {
   } else if (patch.prefixScope !== void 0) {
     working = { ...working, prefixScope: [...patch.prefixScope] };
   }
+  if (patch.prefixTarget === null) {
+    const { prefixTarget: _t, ...rest } = working;
+    void _t;
+    working = rest;
+  } else if (patch.prefixTarget !== void 0) {
+    for (const p of patch.prefixTarget) {
+      if (typeof p !== "string" || p.length === 0) {
+        throw new Error(`prefixTarget patterns must be non-empty strings \u2014 got ${JSON.stringify(p)}`);
+      }
+    }
+    working = { ...working, prefixTarget: [...patch.prefixTarget] };
+  }
   if (patch.lastSeenSourcePrefix === null) {
     const { lastSeenSourcePrefix: _l, ...rest } = working;
     void _l;
@@ -15083,10 +15138,61 @@ function rewriteFrontmatterName(content, rewriter) {
   const rebuilt = serializeFrontmatter(nextFm) + parsed.body;
   return Buffer.from(rebuilt, "utf-8");
 }
+function matchesSinglePattern(candidate, pattern) {
+  const cacheKey2 = `${candidate}\0${pattern}`;
+  const cached2 = _matchCache.get(cacheKey2);
+  if (cached2 !== void 0)
+    return cached2;
+  const result = _matchesSinglePatternRaw(candidate, pattern);
+  _matchCache.set(cacheKey2, result);
+  return result;
+}
+function _matchesSinglePatternRaw(candidate, pattern) {
+  if (pattern === "*")
+    return true;
+  if (!pattern.includes("*"))
+    return candidate === pattern;
+  const segments = pattern.split("*");
+  let pos = 0;
+  for (let i = 0; i < segments.length; i++) {
+    const seg = segments[i];
+    if (seg.length === 0)
+      continue;
+    if (i === 0) {
+      if (!candidate.startsWith(seg))
+        return false;
+      pos = seg.length;
+    } else if (i === segments.length - 1) {
+      if (!candidate.endsWith(seg))
+        return false;
+      if (pos > candidate.length - seg.length)
+        return false;
+    } else {
+      const found = candidate.indexOf(seg, pos);
+      if (found === -1)
+        return false;
+      pos = found + seg.length;
+    }
+  }
+  return true;
+}
+function matchesPrefixTarget(canonical, patterns) {
+  if (patterns === void 0 || patterns.length === 0)
+    return true;
+  if (patterns.length === 1 && patterns[0] === "*")
+    return true;
+  for (const pattern of patterns) {
+    if (matchesSinglePattern(canonical, pattern))
+      return true;
+  }
+  return false;
+}
+var _matchCache;
 var init_prefix_rules = __esm({
   "../core/dist/skill-sync/prefix-rules.js"() {
     "use strict";
     init_markdown_merger();
+    _matchCache = /* @__PURE__ */ new Map();
   }
 });
 
@@ -15096,17 +15202,20 @@ import * as path32 from "node:path";
 function buildSourcePrefixMap(sources) {
   const byId = /* @__PURE__ */ new Map();
   const scopeById = /* @__PURE__ */ new Map();
+  const targetById = /* @__PURE__ */ new Map();
   const prefixes = /* @__PURE__ */ new Set();
   for (const s of sources) {
     if (s.prefix !== void 0 && s.prefix.length > 0) {
       byId.set(s.id, s.prefix);
       scopeById.set(s.id, s.prefixScope ?? DEFAULT_SCOPE);
+      targetById.set(s.id, s.prefixTarget);
       prefixes.add(s.prefix);
     }
   }
   return {
     get: (sourceId) => byId.get(sourceId),
     getScope: (sourceId) => scopeById.get(sourceId) ?? DEFAULT_SCOPE,
+    getPrefixTarget: (sourceId) => targetById.get(sourceId),
     registeredPrefixes: Array.from(prefixes)
   };
 }
@@ -15122,6 +15231,9 @@ function applyPrefixRewrites(baseArtifacts, sourceMap, claudeDir2, dryRun) {
     if (!scope.includes(artifact.kind))
       continue;
     const canonical = artifact.deployBasename;
+    const prefixTarget = sourceMap.getPrefixTarget(artifact.sourceId);
+    if (!matchesPrefixTarget(canonical, prefixTarget))
+      continue;
     const otherPrefixes = sourceMap.registeredPrefixes.filter((p) => p !== prefix);
     const renamed = applyPrefix(canonical, prefix, otherPrefixes);
     if (renamed === canonical)
@@ -15241,18 +15353,23 @@ function errToMsg(err) {
 function resolveEffectivePrefix(operatorSource, sourceConfig) {
   const opPrefix = operatorSource.prefix;
   const opScope = operatorSource.prefixScope;
+  const opTarget = operatorSource.prefixTarget;
   const srcPrefix = sourceConfig?.prefix;
   const srcScope = sourceConfig?.prefixScope;
+  const srcTarget = sourceConfig?.prefixTarget;
   const effectivePrefix = opPrefix ?? srcPrefix;
   const effectiveScope = opScope ?? srcScope;
-  const operatorHasAny = opPrefix !== void 0 || opScope !== void 0 && opScope.length > 0;
-  const sourceHasAny = srcPrefix !== void 0 || srcScope !== void 0 && srcScope.length > 0;
+  const effectiveTarget = opTarget ?? srcTarget;
+  const operatorHasAny = opPrefix !== void 0 || opScope !== void 0 && opScope.length > 0 || opTarget !== void 0 && opTarget.length > 0;
+  const sourceHasAny = srcPrefix !== void 0 || srcScope !== void 0 && srcScope.length > 0 || srcTarget !== void 0 && srcTarget.length > 0;
   const origin = operatorHasAny ? "operator" : sourceHasAny ? "source" : "none";
   const result = { origin };
   if (effectivePrefix !== void 0)
     result.prefix = effectivePrefix;
   if (effectiveScope !== void 0)
     result.prefixScope = effectiveScope;
+  if (effectiveTarget !== void 0)
+    result.prefixTarget = effectiveTarget;
   return result;
 }
 function sourceConfigsEqual(a, b) {
@@ -15265,6 +15382,9 @@ function sourceConfigsEqual(a, b) {
     if (c.prefixScope !== void 0 && c.prefixScope.length > 0) {
       out.prefixScope = [...c.prefixScope];
     }
+    if (c.prefixTarget !== void 0 && c.prefixTarget.length > 0) {
+      out.prefixTarget = [...c.prefixTarget];
+    }
     return out;
   };
   const na = normalize(a);
@@ -15279,6 +15399,14 @@ function sourceConfigsEqual(a, b) {
     if (sa[i] !== sb[i])
       return false;
   }
+  const ta = na.prefixTarget ?? [];
+  const tb = nb.prefixTarget ?? [];
+  if (ta.length !== tb.length)
+    return false;
+  for (let i = 0; i < ta.length; i++) {
+    if (ta[i] !== tb[i])
+      return false;
+  }
   return true;
 }
 var init_resolve_source_config = __esm({
@@ -15361,6 +15489,8 @@ async function syncSkills(opts = {}) {
       entry.prefix = eff.prefix;
     if (eff.prefixScope !== void 0)
       entry.prefixScope = eff.prefixScope;
+    if (eff.prefixTarget !== void 0)
+      entry.prefixTarget = eff.prefixTarget;
     return entry;
   });
   const sourcePrefixGateOutcomes = [];
@@ -15419,6 +15549,7 @@ async function syncSkills(opts = {}) {
     } else {
       delete eff.prefix;
       delete eff.prefixScope;
+      delete eff.prefixTarget;
       eff.origin = "none";
       const isNonTty = opts.sourcePrefixPrompt === void 0;
       sourcePrefixGateOutcomes.push({
@@ -37453,10 +37584,11 @@ except Exception: pass' 2>/dev/null`;
   const authHeader = isCloud ? `-H "Authorization: Bearer \${OLAM_KG_PROXY_BEARER:-}"` : "";
   const cloudGuard = isCloud ? `if [ -z "\${OLAM_KG_PROXY_URL:-}" ] || [ -z "\${OLAM_KG_PROXY_BEARER:-}" ]; then exit 0; fi; ` : "";
   const curlPost = `RESP=$(curl -s --max-time 1 -X POST -H 'Content-Type: application/json' ${authHeader} -d "{\\"q\\":\\"$(echo \\"$CMD\\" | head -c 200 | tr '\\"' ' ')\\"}" ${resolvedUrl} 2>/dev/null)`;
+  const hostRemoteFallback = opts.flavor === "host" ? `; if [ -z "$RESP" ] && [ -r "$HOME/.olam/kg-proxy-url" ] && [ -r "$HOME/.olam/kg-proxy-bearer" ]; then RESP=$(curl -s --max-time 2 -X POST -H 'Content-Type: application/json' -H "Authorization: Bearer $(cat "$HOME/.olam/kg-proxy-bearer")" -d "{\\"q\\":\\"$(echo \\"$CMD\\" | head -c 200 | tr '\\"' ' ')\\"}" "$(cat "$HOME/.olam/kg-proxy-url")/v1/classify" 2>/dev/null); fi` : "";
   return [
     `KG_SENTINEL=${KG_HOOK_SENTINEL}`,
     `CMD=$(${extractCmd})`,
-    `case "$CMD" in *grep*|*rg\\ *|*ripgrep*|*find\\ *|*fd\\ *|*ack\\ *|*ag\\ *) ${cloudGuard}${curlPost}`,
+    `case "$CMD" in grep\\ *|grep|rg\\ *|ripgrep\\ *|find\\ *|fd\\ *|ack\\ *|ag\\ *) ${cloudGuard}${curlPost}${hostRemoteFallback}`,
     `KG_QUERY="$(echo \\"$CMD\\" | head -c 60 | tr '\\"' ' ')" echo "$RESP" | ${emitContext}`,
     `;; esac`
   ].join("; ");

package/hermes-bundle/version.json

@@ -1,4 +1,4 @@
 {
-  "bundledAt": "2026-05-28T12:44:06.696Z",
+  "bundledAt": "2026-05-29T05:30:51.511Z",
   "kgFirstSha": "29a9ccce1b115d049e375c4a90eb5cf7c123e610e2d0590270a4db2cdbc64a28"
 }

package/host-cp/k8s/manifests/30-configmap.yaml

@@ -51,3 +51,7 @@ data:
   OLAM_SECRET_CACHE_TTL_SEC: "300"
   OLAM_PR_POLL_INTERVAL_MS: "300000"
   OLAM_MERGE_GRACE_MS: "600000"
+  # World watchdog — periodic probe of each active world's claude PID for the
+  # three wedge signals (wchan + CLOSE_WAIT + CPU). Detection-only in Phase A.
+  # Set OLAM_WORLD_WATCHDOG_DISABLED=1 in the deployment env to kill-switch.
+  OLAM_WORLD_WATCHDOG_TICK_MS: "30000"

package/host-cp/k8s/manifests/50-deployment.yaml

@@ -118,7 +118,7 @@ spec:
         # k3d), started by `olam upgrade` Step 0.7 — not inside this Pod.
       containers:
         - name: olam-host-cp
-          image: ghcr.io/pleri/olam-host-cp@sha256:42fb12f23d51c229288e0c0fa93df8028784136ce75245e582e4fffbc5867798
+          image: ghcr.io/pleri/olam-host-cp@sha256:c072cebaa1387b6f16e441b55922973bd9c781e80dc867bcfdbed309b0653918
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true
@@ -131,6 +131,18 @@ spec:
             - name: http
               containerPort: 19000
               protocol: TCP
+          env:
+            # World watchdog — tick cadence (from ConfigMap default = 30s).
+            # Override per-operator to tune probe frequency.
+            - name: OLAM_WORLD_WATCHDOG_TICK_MS
+              valueFrom:
+                configMapKeyRef:
+                  name: olam-host-cp-env
+                  key: OLAM_WORLD_WATCHDOG_TICK_MS
+            # Set to "1" to disable the world-watchdog entirely (emergency kill switch).
+            # Unset by default — watchdog runs in detection-only mode.
+            # - name: OLAM_WORLD_WATCHDOG_DISABLED
+            #   value: "1"
           envFrom:
             - configMapRef:
                 name: olam-host-cp-env

package/host-cp/k8s/manifests/65-tls-secret-template.yaml.tmpl

@@ -0,0 +1,35 @@
+# TLS secret template for olam-host-cp Traefik IngressRoute.
+#
+# DO NOT apply this template directly — the placeholders `__TLS_CRT_BASE64__`
+# and `__TLS_KEY_BASE64__` are substituted at apply time by
+# `olam services tls-install` (packages/cli/src/commands/services-tls.ts),
+# which uses `mkcert` to mint a locally-trusted certificate for the SAN list
+#   olam.local 127.0.0.1 ::1
+# and then `kubectl apply -f -` against the rendered manifest.
+#
+# Why a Secret of type kubernetes.io/tls (instead of a plain Opaque secret):
+# Traefik's IngressRoute TLS resolver requires this exact type — it reads
+# tls.crt + tls.key fields by convention. Using Opaque would silently fail
+# the handshake at request time.
+#
+# Why the cert covers SANs (not just CN): modern browsers (Chrome 58+, Brave,
+# Safari, Firefox) ignore the certificate CN entirely and only honour SANs.
+# Without `127.0.0.1` + `::1` in the SAN list, hitting the IP directly fails
+# even though the cert is "valid for olam.local".
+#
+# Renewal: certs minted by mkcert are valid ~2 years and 3 months. The
+# tls-install command checks NotAfter and regenerates when within 30 days
+# of expiry. To force regeneration: `kubectl -n olam delete secret olam-host-cp-tls`
+# and re-run `olam services tls-install`.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: olam-host-cp-tls
+  namespace: olam
+  labels:
+    app: olam-host-cp
+    olam.io/component: host-stack
+type: kubernetes.io/tls
+data:
+  tls.crt: __TLS_CRT_BASE64__
+  tls.key: __TLS_KEY_BASE64__

package/host-cp/k8s/manifests/auth-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-auth-service
-          image: ghcr.io/pleri/olam-auth@sha256:e982aa9812c9c57768987d8fc0a22178c84811bf59a1470eb7a5aa58a73f11a5
+          image: ghcr.io/pleri/olam-auth@sha256:8ab49079d37fcc6aff70631526df1034f85d19e9854c7dc0d7789c0bd5a7f209
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/kg-service/50-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-kg-service
-          image: ghcr.io/pleri/olam-kg-service@sha256:bd7c1c65b3537fd59a8a5f252a99a7fc5c2e195e973356bfe764b957fdebe58c
+          image: ghcr.io/pleri/olam-kg-service@sha256:318ad6566dc42d4202accd582086086783df2b4f0b7fe11fdbdeab3541489cf4
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml

@@ -68,7 +68,7 @@ spec:
               mountPath: /data
       containers:
         - name: olam-mcp-auth-service
-          image: ghcr.io/pleri/olam-mcp-auth@sha256:1191734c32480a7ab22dbeede616c0f697ec02e3d0d43093cbbf56d6fe3b115c
+          image: ghcr.io/pleri/olam-mcp-auth@sha256:e59f7a04ae43d29233e29b812f3de22a74ad08bcb5060c4c580d8b6b4653d614
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/k8s/manifests/memory-service/50-deployment.yaml

@@ -70,7 +70,7 @@ spec:
           # bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
           # once ghcr.io/pleri/olam-memory-service has a real published digest.
           # bootstrap-placeholder: pre-publish; refresh after first release
-          image: ghcr.io/pleri/olam-memory-service@sha256:2037a12d390be09714bb80e2d707fb94d210f28b5227428d3047fe9155635acd
+          image: ghcr.io/pleri/olam-memory-service@sha256:c26d027243fe6f82c8cadb41d8174703e171a85a7872d1e9a55c6e2c80482a4d
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

package/host-cp/src/dispatch-persister.mjs

@@ -0,0 +1,157 @@
+/**
+ * dispatch-persister.mjs — persist the last dispatch for each world.
+ *
+ * The world watchdog's recovery hook reads this to replay the last
+ * unanswered prompt when it auto-recovers a wedged claude process.
+ *
+ * Contract:
+ *   persist({ worldId, messageId, prompt, source, statePath?, now? })
+ *     Atomically writes ~/.olam/worlds/<worldId>/state/last-dispatch.json.
+ *     Overwrites any previous file — only the LATEST dispatch matters for
+ *     replay. Atomic write (tmp + fs.rename) prevents partial-write residue
+ *     from corrupting recovery reads.
+ *
+ *   read({ worldId, statePath? })
+ *     Returns { messageId, prompt, dispatchedAt, source } or null.
+ *     null on ENOENT (no dispatch persisted yet) — never throws.
+ *     null on JSON parse error (logs + skips) — never throws on corrupt file.
+ *
+ * Multiple worlds are independent: world A and world B have separate files.
+ * Multiple concurrent persist() calls for the SAME world are safe — each
+ * write is a rename of a tmp file so the worst case is one write winning.
+ *
+ * @see docs/architecture/world-watchdog.md
+ */
+
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import os from 'node:os';
+
+// Default base path under which per-world state directories live.
+const DEFAULT_STATE_BASE = path.join(os.homedir(), '.olam', 'worlds');
+
+/**
+ * Derive the path to last-dispatch.json for a world.
+ *
+ * @param {string} worldId
+ * @param {string} [stateBase]  Override the base directory (for tests).
+ * @returns {string}
+ */
+export function lastDispatchPath(worldId, stateBase = DEFAULT_STATE_BASE) {
+  return path.join(stateBase, worldId, 'state', 'last-dispatch.json');
+}
+
+/**
+ * Persist the last dispatch for a world.
+ *
+ * @param {{
+ *   worldId: string,
+ *   messageId: string,
+ *   prompt: string,
+ *   source: string,
+ *   statePath?: string,
+ *   now?: () => number,
+ * }} opts
+ * @returns {Promise<void>}
+ */
+export async function persist({
+  worldId,
+  messageId,
+  prompt,
+  source,
+  statePath,
+  now = () => Date.now(),
+}) {
+  const filePath = statePath ?? lastDispatchPath(worldId);
+  const dir = path.dirname(filePath);
+  const tmpPath = `${filePath}.tmp`;
+
+  const record = {
+    messageId,
+    prompt,
+    dispatchedAt: new Date(now()).toISOString(),
+    source,
+  };
+
+  // Ensure the directory exists.
+  await fs.mkdir(dir, { recursive: true });
+
+  // Atomic write: write to .tmp then rename over the target.
+  await fs.writeFile(tmpPath, JSON.stringify(record, null, 2) + '\n', 'utf8');
+  await fs.rename(tmpPath, filePath);
+}
+
+/**
+ * Fire-and-forget persist wrapper used at the dispatch call-sites.
+ *
+ * Centralises the void/.catch boilerplate so the two enrichment sites
+ * (pr-nanny + /api/cloud-dispatch) can't drift on future changes.
+ * Logs failures via the supplied logSource tag; never throws.
+ *
+ * @param {{
+ *   worldId: string,
+ *   messageId: string,
+ *   prompt: string,
+ *   source: string,
+ *   logSource?: string,
+ *   statePath?: string,
+ *   now?: () => number,
+ * }} opts
+ * @returns {void}
+ */
+export function safePersistLastDispatch(opts) {
+  const { logSource = opts.source, ...persistOpts } = opts;
+  void persist(persistOpts).catch((err) => {
+    console.warn(
+      `[${logSource}] persistLastDispatch failed (non-fatal): ${err?.message ?? err}`,
+    );
+  });
+}
+
+/**
+ * Read the last persisted dispatch for a world.
+ *
+ * @param {{
+ *   worldId: string,
+ *   statePath?: string,
+ * }} opts
+ * @returns {Promise<{ messageId: string, prompt: string, dispatchedAt: string, source: string } | null>}
+ */
+export async function read({ worldId, statePath }) {
+  const filePath = statePath ?? lastDispatchPath(worldId);
+
+  let raw;
+  try {
+    raw = await fs.readFile(filePath, 'utf8');
+  } catch (err) {
+    if (err?.code === 'ENOENT') return null;
+    // Other I/O errors (e.g. permissions) — log + return null (fail-soft).
+    console.error(`[dispatch-persister] readFile ${filePath}: ${err?.message ?? err}`);
+    return null;
+  }
+
+  try {
+    const parsed = JSON.parse(raw);
+    // Basic shape validation — don't throw on corrupt file.
+    if (
+      typeof parsed !== 'object' ||
+      parsed === null ||
+      typeof parsed.messageId !== 'string' ||
+      typeof parsed.prompt !== 'string' ||
+      typeof parsed.dispatchedAt !== 'string' ||
+      typeof parsed.source !== 'string'
+    ) {
+      console.error(`[dispatch-persister] ${filePath}: unexpected shape, skipping`);
+      return null;
+    }
+    return {
+      messageId: parsed.messageId,
+      prompt: parsed.prompt,
+      dispatchedAt: parsed.dispatchedAt,
+      source: parsed.source,
+    };
+  } catch (err) {
+    console.error(`[dispatch-persister] ${filePath}: JSON parse error: ${err?.message ?? err}`);
+    return null;
+  }
+}

package/host-cp/src/pr-nanny.mjs

@@ -24,6 +24,7 @@
 import { execFile } from 'node:child_process';
 import { promisify } from 'node:util';
 import { pickNextTier } from './dispatch/tier-escalator.mjs';
+import { safePersistLastDispatch } from './dispatch-persister.mjs';
 
 const execFileAsync = promisify(execFile);
 
@@ -251,6 +252,12 @@ export function createPrNanny({
 
     // Dispatch fix
     try {
+      safePersistLastDispatch({
+        worldId,
+        messageId: `nanny-${worldId}-${Date.now()}`,
+        prompt,
+        source: 'pr-nanny',
+      });
       await dispatchToWorld(worldId, prompt, { tier: tierForThisDispatch });
       const now = new Date().toISOString();
       prStateStore.set(worldId, {