@sugar-crash-studios/vibe-forge 0.4.0

package/bin/lib/daemon/display.sh

@@ -0,0 +1,128 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/display.sh
+#
+# Status display functions for the daemon status command
+#
+# Dependencies: colors.sh, constants.sh, json.sh
+# Globals required: FORGE_ROOT, PID_FILE, STATE_FILE, NOTIFY_FILE,
+#                   AGENT_STATUS_DIR, TASKS_ATTENTION, STALE_STATUS_THRESHOLD
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_DISPLAY_LOADED:-}" ]] && return 0
+_DAEMON_DISPLAY_LOADED=1
+
+# Display daemon running status (PID check)
+display_daemon_status() {
+    if [[ -f "$PID_FILE" ]]; then
+        local pid
+        pid=$(cat "$PID_FILE")
+        if kill -0 "$pid" 2>/dev/null; then
+            log_success "Running (PID: $pid)"
+        else
+            log_warn "Stopped (stale PID file)"
+        fi
+    else
+        echo "Status: Stopped"
+    fi
+}
+
+# Display task counts from state file
+display_task_counts() {
+    if [[ -f "$STATE_FILE" ]]; then
+        echo "Task Counts:"
+        grep -E "pending:|in_progress:|completed:|in_review:|approved:|needs_changes:|merged:|attention_needed:" "$STATE_FILE" | sed 's/^/  /'
+    fi
+}
+
+# Display workers needing attention (urgent alerts)
+display_attention_needed() {
+    local attention_count
+    attention_count=$(find "$FORGE_ROOT/$TASKS_ATTENTION" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    if [[ "$attention_count" -gt 0 ]]; then
+        echo -e "${RED}🔔 ATTENTION NEEDED:${NC}"
+        for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+            if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+                local agent issue
+                agent=$(grep -m1 "^agent:" "$attention_file" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 50)
+                issue=$(sed -n '/^## Issue/,/^##/p' "$attention_file" 2>/dev/null | grep -v "^##" | head -1 | head -c 80)
+                echo -e "  ${YELLOW}$agent${NC}: $issue"
+            fi
+        done
+        echo ""
+    fi
+}
+
+# Get status icon for worker status
+get_status_icon() {
+    local status="$1"
+    case "$status" in
+        "working") echo "🔨" ;;
+        "idle") echo "💤" ;;
+        "blocked") echo "🚫" ;;
+        "testing") echo "🧪" ;;
+        "reviewing") echo "👁️" ;;
+        *) echo "❓" ;;
+    esac
+}
+
+# Display active worker statuses with staleness indicators
+display_worker_status() {
+    if [[ ! -d "$FORGE_ROOT/$AGENT_STATUS_DIR" ]]; then
+        return
+    fi
+
+    local status_count
+    status_count=$(find "$FORGE_ROOT/$AGENT_STATUS_DIR" -maxdepth 1 -name "*.json" -type f 2>/dev/null | wc -l)
+    if [[ "$status_count" -eq 0 ]]; then
+        return
+    fi
+
+    echo "Active Workers:"
+    local now_epoch stale_threshold
+    now_epoch=$(date +%s)
+    stale_threshold=$STALE_STATUS_THRESHOLD
+
+    for status_file in "$FORGE_ROOT/$AGENT_STATUS_DIR"/*.json; do
+        if [[ -f "$status_file" && ! -L "$status_file" ]]; then
+            local agent status task updated stale_marker icon
+            agent=$(json_read "$status_file" "agent" "unknown")
+            status=$(json_read "$status_file" "status" "unknown")
+            task=$(json_read "$status_file" "task" "")
+            updated=$(json_read "$status_file" "updated" "")
+
+            # Check staleness
+            stale_marker=""
+            if [[ -n "$updated" ]]; then
+                local updated_epoch age
+                updated_epoch=$(date -d "$updated" +%s 2>/dev/null || date -j -f "%Y-%m-%dT%H:%M:%S" "${updated%Z}" +%s 2>/dev/null || echo "0")
+                age=$((now_epoch - updated_epoch))
+                if [[ "$age" -gt "$stale_threshold" ]]; then
+                    stale_marker=" ${YELLOW}(stale)${NC}"
+                fi
+            fi
+
+            icon=$(get_status_icon "$status")
+
+            if [[ -n "$task" ]]; then
+                echo -e "  $icon ${CYAN}$agent${NC}: $status ($task)$stale_marker"
+            else
+                echo -e "  $icon ${CYAN}$agent${NC}: $status$stale_marker"
+            fi
+        fi
+    done
+    echo ""
+}
+
+# Display recent notifications from log
+display_recent_notifications() {
+    if [[ -f "$NOTIFY_FILE" ]]; then
+        local notify_count
+        notify_count=$(wc -l < "$NOTIFY_FILE" 2>/dev/null || echo "0")
+        if [[ "$notify_count" -gt 0 ]]; then
+            echo "Recent Notifications (last 5):"
+            tail -5 "$NOTIFY_FILE" | sed 's/^/  /'
+            echo ""
+        fi
+    fi
+}

package/bin/lib/daemon/notifications.sh

@@ -0,0 +1,263 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/notifications.sh
+#
+# Daemon notification functions - pending task alerts, attention signals,
+# system toasts, and Heimdall escalation handling
+#
+# Dependencies: colors.sh, constants.sh
+# Globals required: FORGE_ROOT, NOTIFY_FILE, NOTIFIED_FILE, LOG_FILE,
+#                   TASKS_PENDING, TASKS_NEEDS_CHANGES, TASKS_ATTENTION
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_NOTIFICATIONS_LOADED:-}" ]] && return 0
+_DAEMON_NOTIFICATIONS_LOADED=1
+
+# SECURITY: Sanitize message for safe use in shell commands
+# Removes/escapes characters that could cause command injection
+sanitize_notification_message() {
+    local msg="$1"
+    # Remove null bytes
+    msg="${msg//$'\0'/}"
+    # Remove characters that could escape out of string contexts
+    # PowerShell: $, `, ', ", (), {}
+    # osascript: ', ", \, $
+    # We allow: alphanumeric, spaces, periods, commas, colons, hyphens, underscores
+    msg=$(echo "$msg" | tr -cd 'a-zA-Z0-9 .,;:!?_-')
+    # Limit length to prevent buffer issues
+    msg="${msg:0:200}"
+    echo "$msg"
+}
+
+notify() {
+    local message="$1"
+    local urgency="${2:-normal}"  # normal or urgent
+    local timestamp
+    timestamp=$(date -Iseconds)
+
+    # SECURITY: Sanitize before logging to prevent ANSI escape injection and
+    # control-character log poisoning. sanitize_notification_message() strips
+    # everything except alphanumeric, spaces, and safe punctuation.
+    local safe_message
+    safe_message=$(sanitize_notification_message "$message")
+
+    # Log to notifications file
+    echo "[$timestamp] $safe_message" >> "$NOTIFY_FILE"
+
+    # Log to main log
+    echo "[$timestamp] NOTIFY: $safe_message" >> "$LOG_FILE"
+
+    # Terminal bell (works in most terminals)
+    printf '\a'
+
+    # System toast notification for urgent messages
+    if [[ "$urgency" == "urgent" ]]; then
+        send_system_notification "$safe_message"
+    fi
+}
+
+# Send system-level notification (platform-specific)
+send_system_notification() {
+    local message="$1"
+    local title="Vibe Forge"
+
+    # SECURITY: Sanitize message to prevent command injection
+    message=$(sanitize_notification_message "$message")
+
+    case "$(uname -s)" in
+        MINGW*|MSYS*|CYGWIN*)
+            # Windows: Use PowerShell toast notification
+            # SECURITY: Message is sanitized above, title is hardcoded
+            powershell.exe -NoProfile -Command "
+                \$null = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]
+                \$template = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent([Windows.UI.Notifications.ToastTemplateType]::ToastText02)
+                \$textNodes = \$template.GetElementsByTagName('text')
+                \$textNodes.Item(0).AppendChild(\$template.CreateTextNode('$title')) | Out-Null
+                \$textNodes.Item(1).AppendChild(\$template.CreateTextNode('$message')) | Out-Null
+                \$toast = [Windows.UI.Notifications.ToastNotification]::new(\$template)
+                [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier('Vibe Forge').Show(\$toast)
+            " 2>/dev/null &
+            ;;
+        Darwin)
+            # macOS: Use osascript
+            # SECURITY: Message is sanitized above
+            osascript -e "display notification \"$message\" with title \"$title\"" 2>/dev/null &
+            ;;
+        Linux)
+            # Linux: Use notify-send if available
+            # SECURITY: notify-send handles escaping, but message is sanitized anyway
+            if command -v notify-send &>/dev/null; then
+                notify-send "$title" "$message" 2>/dev/null &
+            fi
+            ;;
+    esac
+}
+
+check_new_pending_tasks() {
+    # Create notified file if it doesn't exist
+    touch "$NOTIFIED_FILE"
+
+    # Check for new pending tasks
+    for task in "$FORGE_ROOT/$TASKS_PENDING"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+
+            # Check if we've already notified about this task
+            if ! grep -qF "$filename" "$NOTIFIED_FILE" 2>/dev/null; then
+                # Extract task info from frontmatter safely
+                local task_id task_title assigned_to
+
+                # Use head to limit read, tr to sanitize, and strip ANSI escape sequences
+                task_id=$(grep -m1 "^id:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | tr -d '\033' | sed 's/\[[0-9;]*m//g' | head -c 100)
+                task_title=$(grep -m1 "^title:" "$task" 2>/dev/null | cut -d':' -f2- | tr -d '"' | tr -d '\033' | sed 's/\[[0-9;]*m//g' | head -c 200)
+                assigned_to=$(grep -m1 "^assigned_to:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | tr -d '\033' | sed 's/\[[0-9;]*m//g' | head -c 50)
+
+                # Use filename as fallback
+                task_id="${task_id:-$filename}"
+                task_title="${task_title:-New task}"
+
+                # Notify
+                if [[ -n "$assigned_to" ]]; then
+                    notify "New task for $assigned_to: $task_title ($task_id)"
+                else
+                    notify "New pending task: $task_title ($task_id)"
+                fi
+
+                # Mark as notified (atomic append)
+                echo "$filename" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+
+    # Also check needs-changes for tasks that need rework
+    for task in "$FORGE_ROOT/$TASKS_NEEDS_CHANGES"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+            local notified_key="needs-changes:$filename"
+
+            if ! grep -qF "$notified_key" "$NOTIFIED_FILE" 2>/dev/null; then
+                local task_id assigned_to
+                task_id=$(grep -m1 "^id:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 100)
+                assigned_to=$(grep -m1 "^assigned_to:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 50)
+
+                task_id="${task_id:-$filename}"
+
+                if [[ -n "$assigned_to" ]]; then
+                    notify "Task needs changes ($assigned_to): $task_id"
+                else
+                    notify "Task needs changes: $task_id"
+                fi
+
+                echo "$notified_key" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+}
+
+check_attention_needed() {
+    # Check for workers needing attention (urgent notifications)
+    if [[ ! -d "$FORGE_ROOT/$TASKS_ATTENTION" ]]; then
+        return 0
+    fi
+
+    for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+        if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+            local filename
+            filename=$(basename "$attention_file")
+            local notified_key="attention:$filename"
+
+            if ! grep -qF "$notified_key" "$NOTIFIED_FILE" 2>/dev/null; then
+                # Extract attention info
+                local agent issue
+                agent=$(grep -m1 "^agent:" "$attention_file" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 50)
+                issue=$(grep -m1 "^##" "$attention_file" 2>/dev/null | sed 's/^## *//' | head -c 200)
+
+                agent="${agent:-Unknown}"
+                issue="${issue:-Needs attention}"
+
+                # Ring bell multiple times for attention
+                printf '\a\a\a'
+
+                # Send urgent notification with toast
+                notify "🔔 $agent needs help: $issue" "urgent"
+
+                echo "$notified_key" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+}
+
+# check_heimdall_escalations INBOX_DIR
+# Scans the lab worker inbox for .escalation signal files written by Heimdall
+# when a worker accumulates too many policy violations (Gjallarhorn sounded).
+# Writes an escalation handoff for lab sentinel to route to human review.
+check_heimdall_escalations() {
+    local inbox_dir="$1"
+
+    [[ -d "$inbox_dir" ]] || return 0
+
+    # shopt -s globstar needed for **; fall back to find for compatibility
+    local escalation_files
+    mapfile -t escalation_files < <(find "$inbox_dir" -name "*.escalation" -type f 2>/dev/null)
+
+    for escalation_file in "${escalation_files[@]}"; do
+        [[ -f "$escalation_file" ]] || continue
+
+        local story_id agent_dir agent handoff_dir
+        story_id=$(basename "$escalation_file" .escalation)
+        agent_dir=$(dirname "$escalation_file")
+        agent=$(basename "$agent_dir")
+
+        # Read escalation JSON for violation details
+        local violations last_reason
+        violations=$(node -e "try{const d=JSON.parse(require('fs').readFileSync('$escalation_file','utf8'));console.log(d.violations||'?')}catch(e){console.log('?')}" 2>/dev/null)
+        last_reason=$(node -e "try{const d=JSON.parse(require('fs').readFileSync('$escalation_file','utf8'));console.log(d.last_reason||'')}catch(e){console.log('')}" 2>/dev/null)
+
+        echo "[$(date -Iseconds)] HEIMDALL SOUNDED: $agent/$story_id ($violations violations) -- writing escalation handoff" >> "$LOG_FILE"
+
+        # Write escalation handoff for lab sentinel
+        # Lab sentinel routes escalations to human review on next cycle
+        local handoff_dir="$FORGE_ROOT/_vibe-chain-output/handoffs"
+        if [[ -d "$handoff_dir" ]]; then
+            local handoff_file="$handoff_dir/${story_id}-worker-escalation.md"
+            cat > "$handoff_file" << HANDOFF
+---
+type: worker-escalation
+story: "$story_id"
+from: forge-daemon
+to: human
+created: $(date -Iseconds)
+status: pending
+agent: "$agent"
+violations: $violations
+---
+
+## Heimdall Escalation
+
+Worker \`$agent\` accumulated $violations policy violations on story \`$story_id\`.
+The worker has been halted for this story. Human review required before resubmitting.
+
+## Last Violation
+
+$last_reason
+
+## Audit Log
+
+Full violation history: \`_vibe-chain-output/heimdall-audit.log\`
+
+## Action Required
+
+Review the audit log and decide:
+- Fix the story spec and resubmit
+- Manually complete the work
+- Cancel the story
+HANDOFF
+            echo "[$(date -Iseconds)] Escalation handoff written: $handoff_file" >> "$LOG_FILE"
+        fi
+
+        # Mark escalation as processed so it is not re-processed next cycle
+        mv "$escalation_file" "${escalation_file}.processed" 2>/dev/null || true
+    done
+}

package/bin/lib/daemon/routing.sh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/routing.sh
+#
+# Task routing functions - moves tasks between state folders
+#
+# Dependencies: constants.sh, util.sh (log_*)
+# Globals required: FORGE_ROOT, LOG_FILE,
+#                   TASKS_COMPLETED, TASKS_REVIEW, TASKS_APPROVED, TASKS_MERGED
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_ROUTING_LOADED:-}" ]] && return 0
+_DAEMON_ROUTING_LOADED=1
+
+# Safe file move with symlink protection
+safe_move_task() {
+    local src="$1"
+    local dest_dir="$2"
+
+    # SECURITY: Skip symlinks to prevent symlink attacks
+    if [[ -L "$src" ]]; then
+        echo "[$(date -Iseconds)] WARNING: Skipping symlink: $src" >> "$LOG_FILE"
+        return 1
+    fi
+
+    # SECURITY: Verify source is a regular file
+    if [[ ! -f "$src" ]]; then
+        return 1
+    fi
+
+    # SECURITY: Verify destination is within FORGE_ROOT
+    local real_dest
+    real_dest=$(cd "$dest_dir" 2>/dev/null && pwd)
+    local forge_root_real
+    forge_root_real=$(cd "$FORGE_ROOT" 2>/dev/null && pwd)
+
+    if [[ "$real_dest" != "$forge_root_real"/* ]]; then
+        echo "[$(date -Iseconds)] ERROR: Destination outside FORGE_ROOT: $dest_dir" >> "$LOG_FILE"
+        return 1
+    fi
+
+    local filename
+    filename=$(basename "$src")
+
+    # SECURITY: TOCTOU note - there is a theoretical race between the symlink
+    # check above and this mv. A local attacker with precise timing could swap
+    # the file for a symlink in that window. This risk is accepted because:
+    #   1. Exploiting it requires local filesystem write access (already privileged)
+    #   2. The destination boundary check above limits the blast radius
+    #   3. A fully atomic check+move in bash would require platform-specific tools
+    # Mitigation: the destination is always within FORGE_ROOT (verified above).
+    mv "$src" "$dest_dir/$filename"
+}
+
+route_completed_to_review() {
+    # Move completed tasks to review queue
+    for task in "$FORGE_ROOT/$TASKS_COMPLETED"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+            echo "[$(date -Iseconds)] Routing $filename to review" >> "$LOG_FILE"
+            safe_move_task "$task" "$FORGE_ROOT/$TASKS_REVIEW"
+        fi
+    done
+}
+
+route_approved_to_merged() {
+    # Move approved tasks to merged archive
+    for task in "$FORGE_ROOT/$TASKS_APPROVED"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+            echo "[$(date -Iseconds)] Archiving $filename to merged" >> "$LOG_FILE"
+            safe_move_task "$task" "$FORGE_ROOT/$TASKS_MERGED"
+        fi
+    done
+}

package/bin/lib/daemon/state.sh

@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/state.sh
+#
+# Daemon state management - forge-state.yaml updates, attention tracking,
+# adaptive polling
+#
+# Dependencies: database.sh, constants.sh
+# Requires: sync.sh (for build_worker_status)
+# Globals required: FORGE_ROOT, STATE_FILE, AGENT_STATUS_DIR,
+#                   TASKS_PENDING, TASKS_IN_PROGRESS, TASKS_COMPLETED,
+#                   TASKS_REVIEW, TASKS_APPROVED, TASKS_NEEDS_CHANGES,
+#                   TASKS_MERGED, TASKS_ATTENTION
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_STATE_LOADED:-}" ]] && return 0
+_DAEMON_STATE_LOADED=1
+
+update_state() {
+    # Count tasks in each folder (using find with -maxdepth for safety)
+    local pending in_progress completed review approved needs_changes merged attention
+    pending=$(find "$FORGE_ROOT/$TASKS_PENDING" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    in_progress=$(find "$FORGE_ROOT/$TASKS_IN_PROGRESS" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    completed=$(find "$FORGE_ROOT/$TASKS_COMPLETED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    review=$(find "$FORGE_ROOT/$TASKS_REVIEW" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    approved=$(find "$FORGE_ROOT/$TASKS_APPROVED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    needs_changes=$(find "$FORGE_ROOT/$TASKS_NEEDS_CHANGES" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    merged=$(find "$FORGE_ROOT/$TASKS_MERGED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    attention=$(find "$FORGE_ROOT/$TASKS_ATTENTION" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+
+    local blocked=0
+
+    # Build attention details if any workers need help
+    local attention_details=""
+    if [[ "$attention" -gt 0 ]]; then
+        attention_details=$(build_attention_details)
+    fi
+
+    # Build worker status from agent-status files
+    local worker_status=""
+    if [[ -d "$FORGE_ROOT/$AGENT_STATUS_DIR" ]]; then
+        worker_status=$(build_worker_status)
+    fi
+
+    # Write state file atomically (write to temp, then move)
+    local temp_state="${STATE_FILE}.tmp.$$"
+    cat > "$temp_state" << EOF
+# Vibe Forge State
+# Auto-updated by forge-daemon
+# Last updated: $(date -Iseconds)
+
+forge:
+  status: active
+  daemon_pid: $$
+
+tasks:
+  pending: $pending
+  in_progress: $in_progress
+  completed: $completed
+  in_review: $review
+  approved: $approved
+  needs_changes: $needs_changes
+  merged: $merged
+  blocked: $blocked
+  attention_needed: $attention
+
+$attention_details
+$worker_status
+last_updated: $(date -Iseconds)
+EOF
+    mv "$temp_state" "$STATE_FILE"
+}
+
+build_attention_details() {
+    echo "attention:"
+    for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+        if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+            local agent created issue
+            agent=$(grep -m1 "^agent:" "$attention_file" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 50)
+            created=$(grep -m1 "^created:" "$attention_file" 2>/dev/null | cut -d':' -f2- | tr -d ' ' | head -c 30)
+            # Get the issue line (first ## heading content or fallback)
+            issue=$(sed -n '/^## Issue/,/^##/p' "$attention_file" 2>/dev/null | grep -v "^##" | head -1 | tr -d '\n' | head -c 100)
+            issue="${issue:-Needs attention}"
+
+            echo "  - agent: $agent"
+            echo "    since: $created"
+            echo "    issue: \"$issue\""
+        fi
+    done
+}
+
+# Determine daemon state based on activity (for adaptive polling)
+determine_daemon_state() {
+    # Check if there are in-progress tasks
+    local in_progress_count
+    in_progress_count=$(find "$FORGE_ROOT/$TASKS_IN_PROGRESS" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+
+    # Check if there are active workers
+    local active_workers
+    active_workers=$(db_count_active_workers 2>/dev/null || echo "0")
+
+    if [[ "$in_progress_count" -gt 0 ]] || [[ "$active_workers" -gt 0 ]]; then
+        echo "active"
+    else
+        echo "idle"
+    fi
+}
+
+# Get current poll interval in seconds (from DB, with fallback)
+get_poll_interval() {
+    local interval_ms
+    interval_ms=$(db_get_poll_interval_ms 2>/dev/null || echo "30000")
+    # Convert ms to seconds (bash integer division)
+    echo $((interval_ms / 1000))
+}

package/bin/lib/daemon/sync.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/sync.sh
+#
+# Agent status synchronization functions - JSON files to SQLite
+#
+# Dependencies: json.sh, database.sh, constants.sh
+# Globals required: FORGE_ROOT, FORGE_DB, AGENT_STATUS_DIR, LOG_FILE,
+#                   STALE_STATUS_THRESHOLD
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_SYNC_LOADED:-}" ]] && return 0
+_DAEMON_SYNC_LOADED=1
+
+# Sync agent status from JSON files to SQLite (with mtime filtering)
+sync_agent_status_to_db() {
+    local status_dir="$FORGE_ROOT/$AGENT_STATUS_DIR"
+
+    if [[ ! -d "$status_dir" ]]; then
+        return 0
+    fi
+
+    for status_file in "$status_dir"/*.json; do
+        if [[ -f "$status_file" && ! -L "$status_file" ]]; then
+            # Get file modification time
+            local file_mtime
+            file_mtime=$(stat -c %Y "$status_file" 2>/dev/null || stat -f %m "$status_file" 2>/dev/null || echo "0")
+
+            # Get agent name from filename
+            local agent_name
+            agent_name=$(basename "$status_file" .json)
+
+            # Check if file has changed since last read
+            local stored_mtime
+            stored_mtime=$(db_get_agent_mtime "$agent_name")
+
+            if [[ "$file_mtime" -gt "$stored_mtime" ]]; then
+                # File changed - parse and update DB
+                local agent status task message updated
+                agent=$(json_read "$status_file" "agent" "unknown")
+                status=$(json_read "$status_file" "status" "unknown")
+                task=$(json_read "$status_file" "task" "")
+                message=$(json_read "$status_file" "message" "" | head -c 80)
+                updated=$(json_read "$status_file" "updated" "")
+
+                # Upsert to database
+                db_upsert_agent_status "$agent" "$status" "$task" "$message" "$updated" "$file_mtime"
+
+                echo "[$(date -Iseconds)] Synced status for $agent: $status" >> "$LOG_FILE"
+            fi
+        fi
+    done
+}
+
+# Build worker status from SQLite (for YAML output)
+build_worker_status() {
+    local now_epoch
+    now_epoch=$(date +%s)
+    local stale_threshold=$STALE_STATUS_THRESHOLD
+
+    # Check if we have any agent status in DB
+    local agent_count
+    agent_count=$(sqlite3 "$FORGE_DB" "SELECT COUNT(*) FROM agent_status;" 2>/dev/null || echo "0")
+
+    if [[ "$agent_count" -eq 0 ]]; then
+        return 0
+    fi
+
+    echo "workers:"
+
+    # Read from database
+    while IFS='|' read -r agent status task message updated; do
+        local stale_marker=""
+
+        # Check if stale
+        if [[ -n "$updated" ]]; then
+            local updated_epoch age
+            updated_epoch=$(date -d "$updated" +%s 2>/dev/null || date -j -f "%Y-%m-%dT%H:%M:%S" "${updated%Z}" +%s 2>/dev/null || echo "0")
+            age=$((now_epoch - updated_epoch))
+            if [[ "$age" -gt "$stale_threshold" ]]; then
+                stale_marker=" (stale)"
+            fi
+        fi
+
+        echo "  - agent: $agent"
+        echo "    status: $status$stale_marker"
+        if [[ -n "$task" ]]; then
+            echo "    task: $task"
+        fi
+        if [[ -n "$message" ]]; then
+            echo "    message: \"$message\""
+        fi
+        echo "    updated: $updated"
+    done < <(db_get_all_agent_statuses)
+}