@telora/daemon 0.17.48 → 0.17.56

package/build-info.json

@@ -1,6 +1,6 @@
 {
-  "commitSha": "521368d0",
-  "builtAt": "2026-06-11T22:45:20.530Z",
+  "commitSha": "6d7b3c20",
+  "builtAt": "2026-06-13T20:17:57.785Z",
   "expectedMigrations": [
     "20250829113330_create_org_nodes_table.sql",
     "20250829113402_fix_function_security_search_path.sql",
@@ -612,6 +612,8 @@
     "20260607150730_redeem_returns_local_model.sql",
     "20260610145347_comment_load_bearing_triggers.sql",
     "20260610211939_add_get_product_issue_counts_rpc.sql",
-    "20260610212314_pipeline_config_default_review_enabled.sql"
+    "20260610212314_pipeline_config_default_review_enabled.sql",
+    "20260612164848_products_default_active.sql",
+    "20260613134256_drop_widget_llm_rate_limit_and_audit.sql"
   ]
 }

package/dist/auth-liveness.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Tracker-auth liveness: halt the daemon when the tracker token is revoked.
+ *
+ * Startup validates the tracker token once (FocusEngine.init -> validateTrackerAuth),
+ * so the daemon refuses to start with a dead token. But a token revoked WHILE
+ * the daemon is running was previously never re-checked: the 30s poll loop just
+ * kept hitting 401/403 forever (those statuses are non-retryable, so withRetry
+ * gives up per call, but the listener re-polls indefinitely). That is the
+ * "indefinite backoff-retry against a dead token" this module closes.
+ *
+ * A periodic tick re-validates the token. On a revoked/invalid token (HTTP
+ * 401/403) it halts the daemon ONCE via a graceful SIGTERM to self (the unified
+ * shell's signal handler runs the normal graceful shutdown). Transient failures
+ * (network unreachable, 5xx) are logged and ignored so a blip does not kill the
+ * daemon.
+ *
+ * Deps are injected so the tick is unit-testable without real network/process
+ * side effects.
+ */
+export interface AuthLivenessDeps {
+    /** Re-validate the tracker token. Throws on failure (see validateTrackerAuth). */
+    validate: () => Promise<void>;
+    /** Halt the daemon. Real impl sends a graceful SIGTERM to self. */
+    halt: () => void;
+}
+/** Reset the one-shot halt guard. Test-only. */
+export declare function resetAuthLivenessGuard(): void;
+/**
+ * Classify an error from validateTrackerAuth: true => revoked/invalid token
+ * (HTTP 401/403), false => transient (network unreachable / 5xx). validateTrackerAuth
+ * uses the phrase "authentication failed" only for the 401/403 case, and a
+ * distinct message for unreachable/5xx, so we key off that.
+ */
+export declare function isAuthFailure(err: unknown): boolean;
+/**
+ * Run one auth-liveness tick. On a revoked/invalid token, emit a loud,
+ * actionable error + health event and halt the daemon exactly once. Transient
+ * errors are logged and ignored.
+ */
+export declare function checkTrackerAuthLiveness(deps: AuthLivenessDeps): Promise<void>;
+//# sourceMappingURL=auth-liveness.d.ts.map

package/dist/auth-liveness.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-liveness.d.ts","sourceRoot":"","sources":["../src/auth-liveness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,MAAM,WAAW,gBAAgB;IAC/B,kFAAkF;IAClF,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,mEAAmE;IACnE,IAAI,EAAE,MAAM,IAAI,CAAC;CAClB;AAKD,gDAAgD;AAChD,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAGnD;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2BpF"}

package/dist/auth-liveness.js

@@ -0,0 +1,68 @@
+/**
+ * Tracker-auth liveness: halt the daemon when the tracker token is revoked.
+ *
+ * Startup validates the tracker token once (FocusEngine.init -> validateTrackerAuth),
+ * so the daemon refuses to start with a dead token. But a token revoked WHILE
+ * the daemon is running was previously never re-checked: the 30s poll loop just
+ * kept hitting 401/403 forever (those statuses are non-retryable, so withRetry
+ * gives up per call, but the listener re-polls indefinitely). That is the
+ * "indefinite backoff-retry against a dead token" this module closes.
+ *
+ * A periodic tick re-validates the token. On a revoked/invalid token (HTTP
+ * 401/403) it halts the daemon ONCE via a graceful SIGTERM to self (the unified
+ * shell's signal handler runs the normal graceful shutdown). Transient failures
+ * (network unreachable, 5xx) are logged and ignored so a blip does not kill the
+ * daemon.
+ *
+ * Deps are injected so the tick is unit-testable without real network/process
+ * side effects.
+ */
+import { healthEvents } from '@telora/daemon-core';
+/** One-shot guard so a revoked token triggers exactly one halt. */
+let haltRequested = false;
+/** Reset the one-shot halt guard. Test-only. */
+export function resetAuthLivenessGuard() {
+    haltRequested = false;
+}
+/**
+ * Classify an error from validateTrackerAuth: true => revoked/invalid token
+ * (HTTP 401/403), false => transient (network unreachable / 5xx). validateTrackerAuth
+ * uses the phrase "authentication failed" only for the 401/403 case, and a
+ * distinct message for unreachable/5xx, so we key off that.
+ */
+export function isAuthFailure(err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return /authentication failed/i.test(msg);
+}
+/**
+ * Run one auth-liveness tick. On a revoked/invalid token, emit a loud,
+ * actionable error + health event and halt the daemon exactly once. Transient
+ * errors are logged and ignored.
+ */
+export async function checkTrackerAuthLiveness(deps) {
+    try {
+        await deps.validate();
+    }
+    catch (err) {
+        if (!isAuthFailure(err)) {
+            console.warn('[auth-liveness] tracker auth re-check failed (transient -- not halting):', err.message);
+            return;
+        }
+        if (haltRequested)
+            return;
+        haltRequested = true;
+        const message = 'Tracker token is revoked or invalid -- halting daemon. ' +
+            'The daemon will not keep polling with a dead token. ' +
+            'Re-issue or replace the tracker in Telora Settings > AI Work Trackers, ' +
+            'update TELORA_TRACKER_ID, and restart the daemon.';
+        console.error(`[auth-liveness] ${message}`);
+        healthEvents.emit({
+            severity: 'error',
+            source: 'auth-liveness',
+            code: 'auth.token_revoked_halt',
+            message,
+        });
+        deps.halt();
+    }
+}
+//# sourceMappingURL=auth-liveness.js.map

package/dist/auth-liveness.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-liveness.js","sourceRoot":"","sources":["../src/auth-liveness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AASnD,mEAAmE;AACnE,IAAI,aAAa,GAAG,KAAK,CAAC;AAE1B,gDAAgD;AAChD,MAAM,UAAU,sBAAsB;IACpC,aAAa,GAAG,KAAK,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,IAAsB;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CACV,0EAA0E,EACzE,GAAa,CAAC,OAAO,CACvB,CAAC;YACF,OAAO;QACT,CAAC;QACD,IAAI,aAAa;YAAE,OAAO;QAC1B,aAAa,GAAG,IAAI,CAAC;QACrB,MAAM,OAAO,GACX,yDAAyD;YACzD,sDAAsD;YACtD,yEAAyE;YACzE,mDAAmD,CAAC;QACtD,OAAO,CAAC,KAAK,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC;QAC5C,YAAY,CAAC,IAAI,CAAC;YAChB,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,eAAe;YACvB,IAAI,EAAE,yBAAyB;YAC/B,OAAO;SACR,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/auto-update-idle.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Batch-safe idle predicate + debounce gate for the auto-updater.
+ *
+ * The auto-updater must restart the daemon only at a SAFE SEAM -- a focus-batch
+ * boundary -- never in a transient gap between two deliveries inside a batch
+ * that still holds in-memory coordination state. The original idle check was
+ * process-level (activeClaudeProcesses === 0), which reads that between-delivery
+ * gap as "idle" because the team lead process briefly exits. This module
+ * replaces it with a focus-batch-safe definition:
+ *
+ *   idle  <=>  no active focus team  AND  the focus queue is drained
+ *
+ * with a debounce so the signal must HOLD continuously before it counts. When
+ * the updater deliberately drains intake to create a seam (delivery C), the
+ * held-back queue is no longer counted against idle -- an optional
+ * `intakeDraining()` dep makes the deliberately-suppressed queue read as a
+ * boundary so the pending update can apply.
+ *
+ * Both functions are pure / dependency-injected so they unit-test without a
+ * running daemon.
+ */
+/** Dependencies for {@link isBatchSafeIdle}. */
+export interface BatchIdleDeps {
+    /** Number of focus teams currently in flight (0 == no active batch). */
+    activeTeamCount: () => number;
+    /** Ready focuses waiting in the queue as of the last poll (0 == drained). */
+    readyFocusQueueDepth: () => number;
+    /**
+     * Optional (delivery C): true when intake is deliberately drained for a
+     * pending update. When draining, a non-empty queue is being held ON PURPOSE,
+     * so it must not block the batch boundary -- the current batch completing IS
+     * the seam.
+     */
+    intakeDraining?: () => boolean;
+}
+/**
+ * True when the daemon is at a focus-batch-safe seam: no active focus team and
+ * either a genuinely drained queue or a queue we are deliberately holding for a
+ * pending update.
+ */
+export declare function isBatchSafeIdle(deps: BatchIdleDeps): boolean;
+/** A debounced idle gate: a zero-arg predicate consumed by the updater. */
+export type IdleGate = () => boolean;
+/**
+ * Wrap a boolean predicate so it reads true only once the predicate has held
+ * true CONTINUOUSLY for at least `debounceMs`. Any false reading resets the
+ * timer, so a momentary busy blip inside what looks like an idle window
+ * restarts the debounce. `now` is injectable for deterministic tests.
+ */
+export declare function createDebouncedIdleGate(predicate: () => boolean, debounceMs: number, now?: () => number): IdleGate;
+//# sourceMappingURL=auto-update-idle.d.ts.map

package/dist/auto-update-idle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-update-idle.d.ts","sourceRoot":"","sources":["../src/auto-update-idle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,gDAAgD;AAChD,MAAM,WAAW,aAAa;IAC5B,wEAAwE;IACxE,eAAe,EAAE,MAAM,MAAM,CAAC;IAC9B,6EAA6E;IAC7E,oBAAoB,EAAE,MAAM,MAAM,CAAC;IACnC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC;CAChC;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAI5D;AAED,2EAA2E;AAC3E,MAAM,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC;AAErC;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,MAAM,OAAO,EACxB,UAAU,EAAE,MAAM,EAClB,GAAG,GAAE,MAAM,MAAiB,GAC3B,QAAQ,CAaV"}

package/dist/auto-update-idle.js

@@ -0,0 +1,54 @@
+/**
+ * Batch-safe idle predicate + debounce gate for the auto-updater.
+ *
+ * The auto-updater must restart the daemon only at a SAFE SEAM -- a focus-batch
+ * boundary -- never in a transient gap between two deliveries inside a batch
+ * that still holds in-memory coordination state. The original idle check was
+ * process-level (activeClaudeProcesses === 0), which reads that between-delivery
+ * gap as "idle" because the team lead process briefly exits. This module
+ * replaces it with a focus-batch-safe definition:
+ *
+ *   idle  <=>  no active focus team  AND  the focus queue is drained
+ *
+ * with a debounce so the signal must HOLD continuously before it counts. When
+ * the updater deliberately drains intake to create a seam (delivery C), the
+ * held-back queue is no longer counted against idle -- an optional
+ * `intakeDraining()` dep makes the deliberately-suppressed queue read as a
+ * boundary so the pending update can apply.
+ *
+ * Both functions are pure / dependency-injected so they unit-test without a
+ * running daemon.
+ */
+/**
+ * True when the daemon is at a focus-batch-safe seam: no active focus team and
+ * either a genuinely drained queue or a queue we are deliberately holding for a
+ * pending update.
+ */
+export function isBatchSafeIdle(deps) {
+    if (deps.activeTeamCount() > 0)
+        return false;
+    if (deps.intakeDraining?.())
+        return true;
+    return deps.readyFocusQueueDepth() === 0;
+}
+/**
+ * Wrap a boolean predicate so it reads true only once the predicate has held
+ * true CONTINUOUSLY for at least `debounceMs`. Any false reading resets the
+ * timer, so a momentary busy blip inside what looks like an idle window
+ * restarts the debounce. `now` is injectable for deterministic tests.
+ */
+export function createDebouncedIdleGate(predicate, debounceMs, now = Date.now) {
+    let trueSince = null;
+    return () => {
+        if (!predicate()) {
+            trueSince = null;
+            return false;
+        }
+        const t = now();
+        if (trueSince === null) {
+            trueSince = t;
+        }
+        return t - trueSince >= debounceMs;
+    };
+}
+//# sourceMappingURL=auto-update-idle.js.map

package/dist/auto-update-idle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-update-idle.js","sourceRoot":"","sources":["../src/auto-update-idle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiBH;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,IAAmB;IACjD,IAAI,IAAI,CAAC,eAAe,EAAE,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE;QAAE,OAAO,IAAI,CAAC;IACzC,OAAO,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAKD;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,SAAwB,EACxB,UAAkB,EAClB,MAAoB,IAAI,CAAC,GAAG;IAE5B,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,OAAO,GAAG,EAAE;QACV,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACjB,SAAS,GAAG,IAAI,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,CAAC,GAAG,GAAG,EAAE,CAAC;QAChB,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,SAAS,GAAG,CAAC,CAAC;QAChB,CAAC;QACD,OAAO,CAAC,GAAG,SAAS,IAAI,UAAU,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC"}

package/dist/auto-update.d.ts

@@ -1,40 +1,104 @@
 /**
- * Daemon auto-update module.
+ * Daemon auto-update module: a safe-seam-driven update controller.
  *
- * Periodically checks the npm registry for a newer version of @telora/daemon.
- * When an update is detected and all engines are idle, installs the new version
- * globally and signals the process to exit with code 75 (restart-after-update).
+ * Update timing is bound to whether a restart is actually SAFE, not to a fixed
+ * clock. The controller samples a batch-safe idle gate (auto-update-idle.ts) and
+ * reads the candidate version from the warm version cache (staleness.ts) rather
+ * than polling the registry on every cycle. It may WAIT for a safe seam or
+ * CREATE one by draining intake, but it never destroys one.
  *
- * A wrapper script or systemd RestartForceExitStatus=75 handles the actual
- * process restart, which then runs the newly installed version.
+ * Routine path: when the daemon crosses into batch-safe idle (the busy->idle
+ * edge) and a newer cached version exists, install it and signal restart.
+ *
+ * When an update installs, the process exits with code 75 (restart-after-update);
+ * a wrapper script / systemd RestartForceExitStatus=75 runs the new version.
  */
 /** Exit code that signals "restart after self-update". */
 export declare const EXIT_CODE_UPDATE = 75;
-export interface AutoUpdateOptions {
+/**
+ * Default cadence for sampling the idle edge. Short by design -- the 1h clock
+ * is gone; this only bounds how quickly a reached idle seam is noticed. Registry
+ * traffic is unaffected (the candidate version comes from the warm cache).
+ */
+export declare const DEFAULT_SAMPLE_INTERVAL_MS = 30000;
+/** Dependencies for the update controller (all injectable for tests). */
+export interface AutoUpdateDeps {
     /** Current daemon version string (e.g., "0.10.48"). */
     currentVersion: string;
     /** npm package name (default: "@telora/daemon"). */
     packageName?: string;
-    /** Check interval in milliseconds (default: 3600000 = 1 hour). */
-    intervalMs?: number;
-    /** Callback that returns true when all engines are idle. */
+    /** Batch-safe idle gate: true when the daemon is at a safe restart seam. */
     isIdle: () => boolean;
-    /** Called when update is installed and the process should exit with code 75. */
+    /**
+     * Candidate version from the warm version cache, or null when none/stale.
+     * Read here instead of hitting the registry, so rapid idle flapping cannot
+     * produce a registry-call storm.
+     */
+    getCachedCandidateVersion: () => string | null;
+    /** Called when an update is installed and the process should exit with 75. */
     onUpdateReady: () => void;
+    /** Performs the install. Defaults to {@link performSelfUpdate}; injected in tests. */
+    performUpdate?: (packageName: string) => Promise<boolean>;
+    /** Clock, injectable for tests. */
+    now?: () => number;
+    /**
+     * Delivery C -- drain-at-boundary. When a newer cached version has been
+     * pending this long (ms) while the daemon stays busy, intake is drained so the
+     * current batch becomes the seam. Default: Infinity (never drains -- routine
+     * idle-edge behavior only).
+     */
+    stalenessThresholdMs?: number;
+    /** Arm intake drain. Defaults to {@link armDrainForUpdate}; injected in tests. */
+    armDrain?: () => void;
+    /** Release intake drain. Defaults to {@link releaseDrainForUpdate}; injected in tests. */
+    releaseDrain?: () => void;
+    /**
+     * Delivery D -- gated urgent path. When this returns true AND a newer version
+     * is cached, the update applies immediately (mid-batch) instead of waiting for
+     * a safe seam. This is an explicit operator/publisher signal -- NEVER the
+     * loop's own judgment. Default: () => false (no autonomous interruption).
+     *
+     * Minimal viable mechanism is an operator force (env var). A publisher-stamped
+     * urgency flag read from version metadata is the heavier extension seam (not
+     * implemented here): it would be OR-ed into this predicate.
+     */
+    isUrgent?: () => boolean;
+}
+/** Options for {@link startAutoUpdateLoop}: controller deps + sampling cadence. */
+export interface AutoUpdateOptions extends AutoUpdateDeps {
+    /** Idle-edge sampling cadence in ms (default: {@link DEFAULT_SAMPLE_INTERVAL_MS}). */
+    intervalMs?: number;
 }
 /**
  * Run `npm install -g <package>@latest` as a child process.
  * Returns true on success, false on failure.
  */
 export declare function performSelfUpdate(packageName: string): Promise<boolean>;
+/** A single-method update controller; one {@link UpdateController.tick} per cycle. */
+export interface UpdateController {
+    /** Evaluate one cycle: sample idle, read the candidate, maybe install. */
+    tick: () => Promise<void>;
+}
+/**
+ * Build the safe-seam update controller.
+ *
+ * Each tick:
+ *   1. Read the candidate version from the warm cache (no registry call).
+ *   2. Detect the busy->idle "ready" edge (idle AND a newer version present).
+ *   3. On the rising edge, install and signal restart.
+ *
+ * Edge semantics: the controller fires once per transition into the ready state
+ * (idle + newer version). Staying ready does not re-fire; an install failure
+ * consumes the edge so a persistent failure cannot spam `npm install` -- it
+ * re-arms only when the daemon leaves and re-enters the ready state.
+ */
+export declare function createUpdateController(deps: AutoUpdateDeps): UpdateController;
 /**
- * Start a periodic auto-update check loop.
+ * Start the safe-seam auto-update loop.
  *
- * Each cycle:
- *   1. Check npm registry for a newer version
- *   2. If update available and engines are idle, install it
- *   3. On successful install, call onUpdateReady (which triggers exit 75)
- *   4. If engines are busy, defer to the next cycle
+ * Disabled entirely when running from an ephemeral npx cache: `npm install -g`
+ * writes to the global prefix, but the running process keeps loading from
+ * `~/.npm/_npx/<hash>/`, so a "successful" install would not take effect.
  *
  * Returns a cleanup function that stops the timer.
  */

package/dist/auto-update.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auto-update.d.ts","sourceRoot":"","sources":["../src/auto-update.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,KAAK,CAAC;AAInC,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,MAAM,EAAE,MAAM,OAAO,CAAC;IACtB,gFAAgF;IAChF,aAAa,EAAE,MAAM,IAAI,CAAC;CAC3B;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBvE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,iBAAiB,GAAG,MAAM,IAAI,CA2EvE"}
+{"version":3,"file":"auto-update.d.ts","sourceRoot":"","sources":["../src/auto-update.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAOH,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,KAAK,CAAC;AAEnC;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,QAAS,CAAC;AAEjD,yEAAyE;AACzE,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,MAAM,EAAE,MAAM,OAAO,CAAC;IACtB;;;;OAIG;IACH,yBAAyB,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC/C,8EAA8E;IAC9E,aAAa,EAAE,MAAM,IAAI,CAAC;IAC1B,sFAAsF;IACtF,aAAa,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,mCAAmC;IACnC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB;;;;;OAKG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,kFAAkF;IAClF,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IACtB,0FAA0F;IAC1F,YAAY,CAAC,EAAE,MAAM,IAAI,CAAC;IAC1B;;;;;;;;;OASG;IACH,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC;CAC1B;AAED,mFAAmF;AACnF,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,sFAAsF;IACtF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBvE;AAED,sFAAsF;AACtF,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,cAAc,GAAG,gBAAgB,CA4G7E;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,iBAAiB,GAAG,MAAM,IAAI,CA4BvE"}

package/dist/auto-update.js

@@ -1,19 +1,30 @@
 /**
- * Daemon auto-update module.
+ * Daemon auto-update module: a safe-seam-driven update controller.
  *
- * Periodically checks the npm registry for a newer version of @telora/daemon.
- * When an update is detected and all engines are idle, installs the new version
- * globally and signals the process to exit with code 75 (restart-after-update).
+ * Update timing is bound to whether a restart is actually SAFE, not to a fixed
+ * clock. The controller samples a batch-safe idle gate (auto-update-idle.ts) and
+ * reads the candidate version from the warm version cache (staleness.ts) rather
+ * than polling the registry on every cycle. It may WAIT for a safe seam or
+ * CREATE one by draining intake, but it never destroys one.
  *
- * A wrapper script or systemd RestartForceExitStatus=75 handles the actual
- * process restart, which then runs the newly installed version.
+ * Routine path: when the daemon crosses into batch-safe idle (the busy->idle
+ * edge) and a newer cached version exists, install it and signal restart.
+ *
+ * When an update installs, the process exits with code 75 (restart-after-update);
+ * a wrapper script / systemd RestartForceExitStatus=75 runs the new version.
  */
 import { execFile } from 'node:child_process';
-import { checkForUpdates } from './version-check.js';
 import { detectInstallMode } from './self-update.js';
+import { isNewerVersion } from './version-check.js';
+import { armDrainForUpdate, releaseDrainForUpdate } from './intake-control.js';
 /** Exit code that signals "restart after self-update". */
 export const EXIT_CODE_UPDATE = 75;
-const DEFAULT_INTERVAL_MS = 3_600_000; // 1 hour
+/**
+ * Default cadence for sampling the idle edge. Short by design -- the 1h clock
+ * is gone; this only bounds how quickly a reached idle seam is noticed. Registry
+ * traffic is unaffected (the candidate version comes from the warm cache).
+ */
+export const DEFAULT_SAMPLE_INTERVAL_MS = 30_000;
 /**
  * Run `npm install -g <package>@latest` as a child process.
  * Returns true on success, false on failure.
@@ -38,65 +49,126 @@ export function performSelfUpdate(packageName) {
     });
 }
 /**
- * Start a periodic auto-update check loop.
+ * Build the safe-seam update controller.
  *
- * Each cycle:
- *   1. Check npm registry for a newer version
- *   2. If update available and engines are idle, install it
- *   3. On successful install, call onUpdateReady (which triggers exit 75)
- *   4. If engines are busy, defer to the next cycle
+ * Each tick:
+ *   1. Read the candidate version from the warm cache (no registry call).
+ *   2. Detect the busy->idle "ready" edge (idle AND a newer version present).
+ *   3. On the rising edge, install and signal restart.
  *
- * Returns a cleanup function that stops the timer.
+ * Edge semantics: the controller fires once per transition into the ready state
+ * (idle + newer version). Staying ready does not re-fire; an install failure
+ * consumes the edge so a persistent failure cannot spam `npm install` -- it
+ * re-arms only when the daemon leaves and re-enters the ready state.
  */
-export function startAutoUpdateLoop(opts) {
-    const { currentVersion, packageName = '@telora/daemon', intervalMs = DEFAULT_INTERVAL_MS, isIdle, onUpdateReady, } = opts;
-    // Auto-update can't help when running from an ephemeral npx cache:
-    // `npm install -g` writes to the global prefix, but the running process
-    // is loading from `~/.npm/_npx/<hash>/` and would keep doing so even
-    // after a "successful" install. Skip the loop and tell the user.
-    if (detectInstallMode() === 'npx') {
-        console.log('[auto-update] Disabled: running from npx cache. Re-run via `npx -p @telora/daemon@latest telora-daemon` or install globally with `npm install -g @telora/daemon` to enable auto-update.');
-        return () => { };
-    }
+export function createUpdateController(deps) {
+    const { currentVersion, packageName = '@telora/daemon', isIdle, getCachedCandidateVersion, onUpdateReady, performUpdate = performSelfUpdate, now = Date.now, stalenessThresholdMs = Number.POSITIVE_INFINITY, armDrain = armDrainForUpdate, releaseDrain = releaseDrainForUpdate, isUrgent = () => false, } = deps;
+    // True while the "ready to update" condition (idle + newer version) held on
+    // the previous tick. The controller acts only on the false->true transition.
+    let wasReady = false;
+    // Drain tracking (delivery C): the candidate currently pending and the time it
+    // first appeared, so we can drain intake once it has been stale too long.
     let pendingVersion = null;
-    let stopped = false;
+    let pendingSince = null;
     async function tick() {
-        if (stopped)
-            return;
         try {
-            // If we already know about a pending update, skip the registry check
-            if (!pendingVersion) {
-                const result = await checkForUpdates(currentVersion, packageName);
-                if (result?.updateAvailable) {
-                    pendingVersion = result.latestVersion;
-                    console.log(`[auto-update] Update available: v${result.latestVersion} (current: v${currentVersion})`);
+            const candidate = getCachedCandidateVersion();
+            const haveNewer = candidate !== null && isNewerVersion(candidate, currentVersion);
+            // -- Pending-since tracking + drain reset on supersede/clear ------------
+            if (haveNewer) {
+                if (candidate !== pendingVersion) {
+                    // A new candidate. If it SUPERSEDES one we were already tracking, the
+                    // prior drain decision no longer applies -- release it and restart the
+                    // staleness clock. First appearance (nothing tracked) just starts the
+                    // clock; there is no drain to release.
+                    const superseded = pendingVersion !== null;
+                    pendingVersion = candidate;
+                    pendingSince = now();
+                    if (superseded)
+                        releaseDrain();
                 }
             }
-            if (!pendingVersion)
-                return;
-            // Only update when idle
-            if (!isIdle()) {
-                console.log('[auto-update] Engines are busy, deferring update to next cycle');
+            else if (pendingVersion !== null) {
+                // Candidate gone (already up to date) -- clear pending and release drain.
+                pendingVersion = null;
+                pendingSince = null;
+                releaseDrain();
+            }
+            // -- Urgent path (delivery D): explicit operator/publisher signal only --
+            // When urgency is signaled and a newer version is cached, apply
+            // immediately -- even mid-batch -- via the existing graceful
+            // shutdown/respawn path (onUpdateReady). This is the ONLY path that may
+            // interrupt an in-flight batch, and it is NEVER the loop's own decision.
+            // Absent the signal, behavior is exactly deliveries A-C.
+            if (haveNewer && isUrgent()) {
+                console.log(`[auto-update] URGENT signal set -- applying update v${candidate} mid-batch, ` +
+                    `preempting in-flight work (current v${currentVersion})`);
+                const ok = await performUpdate(packageName);
+                if (!ok) {
+                    console.warn('[auto-update] Urgent install failed; will retry next tick');
+                    return;
+                }
+                onUpdateReady();
                 return;
             }
-            // Install the update
-            const ok = await performSelfUpdate(packageName);
+            const idleNow = isIdle();
+            // -- Drain-at-boundary (delivery C) -------------------------------------
+            // Busy daemon + a candidate pending past the staleness threshold -> stop
+            // accepting new focuses so the current batch becomes the safe seam. Active
+            // teams finish; the resulting boundary lets the update apply. Never aborts
+            // running work.
+            if (haveNewer &&
+                pendingSince !== null &&
+                !idleNow &&
+                now() - pendingSince >= stalenessThresholdMs) {
+                armDrain();
+            }
+            const ready = idleNow && haveNewer;
+            const risingEdge = ready && !wasReady;
+            wasReady = ready;
+            if (!risingEdge)
+                return;
+            console.log(`[auto-update] Batch-safe idle seam reached; applying update v${candidate} (current v${currentVersion})`);
+            const ok = await performUpdate(packageName);
             if (!ok) {
-                // Reset so we retry the install next cycle
-                console.warn('[auto-update] Install failed, will retry next cycle');
+                // Consume the edge: do not retry until the daemon leaves and re-enters
+                // the ready state, so a persistent install failure cannot spam npm.
+                console.warn('[auto-update] Install failed; will retry on the next idle edge');
                 return;
             }
-            // Signal the shell to restart
             onUpdateReady();
         }
         catch (err) {
             console.warn(`[auto-update] Unexpected error: ${err instanceof Error ? err.message : String(err)}`);
         }
     }
-    const timer = setInterval(() => void tick(), intervalMs);
+    return { tick };
+}
+/**
+ * Start the safe-seam auto-update loop.
+ *
+ * Disabled entirely when running from an ephemeral npx cache: `npm install -g`
+ * writes to the global prefix, but the running process keeps loading from
+ * `~/.npm/_npx/<hash>/`, so a "successful" install would not take effect.
+ *
+ * Returns a cleanup function that stops the timer.
+ */
+export function startAutoUpdateLoop(opts) {
+    const { intervalMs = DEFAULT_SAMPLE_INTERVAL_MS } = opts;
+    if (detectInstallMode() === 'npx') {
+        console.log('[auto-update] Disabled: running from npx cache. Re-run via `npx -p @telora/daemon@latest telora-daemon` or install globally with `npm install -g @telora/daemon` to enable auto-update.');
+        return () => { };
+    }
+    let stopped = false;
+    const controller = createUpdateController(opts);
+    const timer = setInterval(() => {
+        if (stopped)
+            return;
+        void controller.tick();
+    }, intervalMs);
     // Don't block process exit
     timer.unref();
-    console.log(`[auto-update] Enabled (check every ${Math.round(intervalMs / 60_000)}min)`);
+    console.log(`[auto-update] Enabled (safe-seam, sampling every ${Math.round(intervalMs / 1000)}s)`);
     return () => {
         stopped = true;
         clearInterval(timer);

package/dist/auto-update.js.map

@@ -1 +1 @@
-{"version":3,"file":"auto-update.js","sourceRoot":"","sources":["../src/auto-update.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAEnC,MAAM,mBAAmB,GAAG,SAAS,CAAC,CAAC,SAAS;AAehD;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,GAAG,WAAW,SAAS,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,KAAK,CAAC,CAAC;QAErD,QAAQ,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACvF,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO,CAAC,IAAI,CACV,qCAAqC,GAAG,CAAC,OAAO,EAAE,CACnD,CAAC;gBACF,IAAI,MAAM;oBAAE,OAAO,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACnE,OAAO,CAAC,KAAK,CAAC,CAAC;gBACf,OAAO;YACT,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,EAAE;gBAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAuB;IACzD,MAAM,EACJ,cAAc,EACd,WAAW,GAAG,gBAAgB,EAC9B,UAAU,GAAG,mBAAmB,EAChC,MAAM,EACN,aAAa,GACd,GAAG,IAAI,CAAC;IAET,mEAAmE;IACnE,wEAAwE;IACxE,qEAAqE;IACrE,iEAAiE;IACjE,IAAI,iBAAiB,EAAE,KAAK,KAAK,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CACT,yLAAyL,CAC1L,CAAC;QACF,OAAO,GAAG,EAAE,GAAE,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,KAAK,UAAU,IAAI;QACjB,IAAI,OAAO;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,qEAAqE;YACrE,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;gBAClE,IAAI,MAAM,EAAE,eAAe,EAAE,CAAC;oBAC5B,cAAc,GAAG,MAAM,CAAC,aAAa,CAAC;oBACtC,OAAO,CAAC,GAAG,CACT,oCAAoC,MAAM,CAAC,aAAa,eAAe,cAAc,GAAG,CACzF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,IAAI,CAAC,cAAc;gBAAE,OAAO;YAE5B,wBAAwB;YACxB,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;gBAC9E,OAAO;YACT,CAAC;YAED,qBAAqB;YACrB,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAChD,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,2CAA2C;gBAC3C,OAAO,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;gBACpE,OAAO;YACT,CAAC;YAED,8BAA8B;YAC9B,aAAa,EAAE,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;IACzD,2BAA2B;IAC3B,KAAK,CAAC,KAAK,EAAE,CAAC;IAEd,OAAO,CAAC,GAAG,CACT,sCAAsC,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,MAAM,CAAC,MAAM,CAC5E,CAAC;IAEF,OAAO,GAAG,EAAE;QACV,OAAO,GAAG,IAAI,CAAC;QACf,aAAa,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"auto-update.js","sourceRoot":"","sources":["../src/auto-update.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAE/E,0DAA0D;AAC1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAEnC;;;;GAIG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,MAAM,CAAC;AAoDjD;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,WAAmB;IACnD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,GAAG,WAAW,SAAS,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,4BAA4B,MAAM,KAAK,CAAC,CAAC;QAErD,QAAQ,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACvF,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO,CAAC,IAAI,CACV,qCAAqC,GAAG,CAAC,OAAO,EAAE,CACnD,CAAC;gBACF,IAAI,MAAM;oBAAE,OAAO,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACnE,OAAO,CAAC,KAAK,CAAC,CAAC;gBACf,OAAO;YACT,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,EAAE;gBAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,wCAAwC,MAAM,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAQD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAoB;IACzD,MAAM,EACJ,cAAc,EACd,WAAW,GAAG,gBAAgB,EAC9B,MAAM,EACN,yBAAyB,EACzB,aAAa,EACb,aAAa,GAAG,iBAAiB,EACjC,GAAG,GAAG,IAAI,CAAC,GAAG,EACd,oBAAoB,GAAG,MAAM,CAAC,iBAAiB,EAC/C,QAAQ,GAAG,iBAAiB,EAC5B,YAAY,GAAG,qBAAqB,EACpC,QAAQ,GAAG,GAAG,EAAE,CAAC,KAAK,GACvB,GAAG,IAAI,CAAC;IAET,4EAA4E;IAC5E,6EAA6E;IAC7E,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,+EAA+E;IAC/E,0EAA0E;IAC1E,IAAI,cAAc,GAAkB,IAAI,CAAC;IACzC,IAAI,YAAY,GAAkB,IAAI,CAAC;IAEvC,KAAK,UAAU,IAAI;QACjB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,yBAAyB,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAG,SAAS,KAAK,IAAI,IAAI,cAAc,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAElF,0EAA0E;YAC1E,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;oBACjC,sEAAsE;oBACtE,uEAAuE;oBACvE,sEAAsE;oBACtE,uCAAuC;oBACvC,MAAM,UAAU,GAAG,cAAc,KAAK,IAAI,CAAC;oBAC3C,cAAc,GAAG,SAAS,CAAC;oBAC3B,YAAY,GAAG,GAAG,EAAE,CAAC;oBACrB,IAAI,UAAU;wBAAE,YAAY,EAAE,CAAC;gBACjC,CAAC;YACH,CAAC;iBAAM,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;gBACnC,0EAA0E;gBAC1E,cAAc,GAAG,IAAI,CAAC;gBACtB,YAAY,GAAG,IAAI,CAAC;gBACpB,YAAY,EAAE,CAAC;YACjB,CAAC;YAED,0EAA0E;YAC1E,gEAAgE;YAChE,6DAA6D;YAC7D,wEAAwE;YACxE,yEAAyE;YACzE,yDAAyD;YACzD,IAAI,SAAS,IAAI,QAAQ,EAAE,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CACT,uDAAuD,SAAS,cAAc;oBAC5E,uCAAuC,cAAc,GAAG,CAC3D,CAAC;gBACF,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;gBAC5C,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,OAAO,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;oBAC1E,OAAO;gBACT,CAAC;gBACD,aAAa,EAAE,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC;YAEzB,0EAA0E;YAC1E,yEAAyE;YACzE,2EAA2E;YAC3E,2EAA2E;YAC3E,gBAAgB;YAChB,IACE,SAAS;gBACT,YAAY,KAAK,IAAI;gBACrB,CAAC,OAAO;gBACR,GAAG,EAAE,GAAG,YAAY,IAAI,oBAAoB,EAC5C,CAAC;gBACD,QAAQ,EAAE,CAAC;YACb,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,IAAI,SAAS,CAAC;YACnC,MAAM,UAAU,GAAG,KAAK,IAAI,CAAC,QAAQ,CAAC;YACtC,QAAQ,GAAG,KAAK,CAAC;YAEjB,IAAI,CAAC,UAAU;gBAAE,OAAO;YAExB,OAAO,CAAC,GAAG,CACT,gEAAgE,SAAS,cAAc,cAAc,GAAG,CACzG,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;YAC5C,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,uEAAuE;gBACvE,oEAAoE;gBACpE,OAAO,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YACD,aAAa,EAAE,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAuB;IACzD,MAAM,EAAE,UAAU,GAAG,0BAA0B,EAAE,GAAG,IAAI,CAAC;IAEzD,IAAI,iBAAiB,EAAE,KAAK,KAAK,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CACT,yLAAyL,CAC1L,CAAC;QACF,OAAO,GAAG,EAAE,GAAE,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAEhD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,IAAI,OAAO;YAAE,OAAO;QACpB,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;IACzB,CAAC,EAAE,UAAU,CAAC,CAAC;IACf,2BAA2B;IAC3B,KAAK,CAAC,KAAK,EAAE,CAAC;IAEd,OAAO,CAAC,GAAG,CACT,oDAAoD,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,IAAI,CACtF,CAAC;IAEF,OAAO,GAAG,EAAE;QACV,OAAO,GAAG,IAAI,CAAC;QACf,aAAa,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC"}

package/dist/backends/agent-backend.d.ts

@@ -25,6 +25,15 @@ export interface AgentSpawnContext {
     worktreePath: string;
     /** Model override (e.g. from pipeline config or a stage directive). */
     model?: string | null;
+    /**
+     * Least-privilege tool allowlist from the focus's agent role
+     * (`agent_roles.allowed_tools`). When non-empty, the backend restricts the
+     * spawned agent to exactly these tools (Claude: `--allowed-tools`). When
+     * empty/absent, the documented default policy applies: the agent runs with
+     * the engine's built-in default tool set (no restriction flag). Tighten a
+     * role by populating its allowed_tools. See docs/security-posture-daemon-execution.md.
+     */
+    allowedTools?: readonly string[];
 }
 /** Inputs for resuming a prior session. */
 export interface AgentResumeContext extends AgentSpawnContext {