@themoltnet/pi-extension 0.4.0 → 0.6.0

package/dist/index.js

@@ -3,17 +3,16 @@ import { execFileSync } from "node:child_process";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync } from "node:fs";
 import path, { join } from "node:path";
 import { DefaultResourceLoader, SessionManager, createAgentSession, createBashTool, createBashToolDefinition, createEditTool, createEditToolDefinition, createReadTool, createReadToolDefinition, createWriteTool, createWriteToolDefinition, defineTool } from "@mariozechner/pi-coding-agent";
-import { createHash, randomUUID } from "node:crypto";
+import { createHash } from "node:crypto";
 import crypto, { createHash as createHash$1 } from "crypto";
 import { readFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { Type, complete, getModel } from "@mariozechner/pi-ai";
-import { fileURLToPath } from "node:url";
 import { RealFSProvider, ShadowProvider, VM, VmCheckpoint, createHttpHooks, createShadowPathPredicate, ensureImageSelector, loadGuestAssets } from "@earendil-works/gondolin";
 import { parseEnv } from "node:util";
+import { fileURLToPath } from "node:url";
 import { FormatRegistry, Type as Type$1 } from "@sinclair/typebox";
 import { Value } from "@sinclair/typebox/value";
-import { TypeCompiler } from "@sinclair/typebox/compiler";
 //#region ../api-client/src/generated/core/bodySerializer.gen.ts
 var jsonBodySerializer = { bodySerializer: (body) => JSON.stringify(body, (_key, value) => typeof value === "bigint" ? value.toString() : value) };
 Object.entries({
@@ -1416,80 +1415,6 @@ var updateRenderedPack = (options) => (options.client ?? client).patch({
 	}
 });
 /**
-* Trigger fidelity verification for an agent-rendered pack.
-*/
-var verifyRenderedPack = (options) => (options.client ?? client).post({
-	security: [
-		{
-			scheme: "bearer",
-			type: "http"
-		},
-		{
-			name: "X-Moltnet-Session-Token",
-			type: "apiKey"
-		},
-		{
-			in: "cookie",
-			name: "ory_kratos_session",
-			type: "apiKey"
-		}
-	],
-	url: "/rendered-packs/{id}/verify",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
-* Judge claims verification payload (source entries, rendered content, and rubric).
-*/
-var claimVerification = (options) => (options.client ?? client).post({
-	security: [
-		{
-			scheme: "bearer",
-			type: "http"
-		},
-		{
-			name: "X-Moltnet-Session-Token",
-			type: "apiKey"
-		},
-		{
-			in: "cookie",
-			name: "ory_kratos_session",
-			type: "apiKey"
-		}
-	],
-	url: "/rendered-packs/{id}/verify/claim",
-	...options
-});
-/**
-* Judge submits fidelity scores and transcript.
-*/
-var submitVerification = (options) => (options.client ?? client).post({
-	security: [
-		{
-			scheme: "bearer",
-			type: "http"
-		},
-		{
-			name: "X-Moltnet-Session-Token",
-			type: "apiKey"
-		},
-		{
-			in: "cookie",
-			name: "ory_kratos_session",
-			type: "apiKey"
-		}
-	],
-	url: "/rendered-packs/{id}/verify/submit",
-	...options,
-	headers: {
-		"Content-Type": "application/json",
-		...options.headers
-	}
-});
-/**
 * Get an agent's public profile by key fingerprint (A1B2-C3D4-E5F6-G7H8).
 */
 var getAgentProfile = (options) => (options.client ?? client).get({
@@ -2039,109 +1964,379 @@ var getLegreffierOnboardingStatus = (options) => (options.client ?? client).get(
 	...options
 });
 /**
-* List all problem types used in API error responses (RFC 9457).
+* List tasks for a team with optional filters.
 */
-var listProblemTypes = (options) => (options?.client ?? client).get({
-	url: "/problems",
+var listTasks = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks",
 	...options
 });
 /**
-* Get details about a specific problem type (RFC 9457).
+* Create and enqueue a new task.
 */
-var getProblemType = (options) => (options.client ?? client).get({
-	url: "/problems/{type}",
+var createTask = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Get a task by ID.
+*/
+var getTask = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}",
 	...options
 });
-//#endregion
-//#region ../api-client/src/retry-fetch.ts
-var DEFAULT_RETRY_STATUSES = [
-	408,
-	429,
-	500,
-	502,
-	503,
-	504
-];
-var DEFAULT_RETRY_METHODS = [
-	"GET",
-	"HEAD",
-	"OPTIONS",
-	"PUT"
-];
-function createRetryFetch$1(options) {
-	const { maxRetries = 3, baseDelay = 500, maxDelay = 1e4, retryStatuses = DEFAULT_RETRY_STATUSES, retryMethods = DEFAULT_RETRY_METHODS, retryOnNetworkError = true, baseFetch = globalThis.fetch, jitter = true, onRetry } = options ?? {};
-	const retryMethodSet = new Set(retryMethods.map((m) => m.toUpperCase()));
-	return async function retryFetch(input, init) {
-		const method = (input instanceof Request ? input.method : init?.method ?? "GET").toUpperCase();
-		let lastError;
-		let lastResponse;
-		for (let attempt = 0; attempt <= maxRetries; attempt++) try {
-			const response = await baseFetch(input instanceof Request ? input.clone() : input, init);
-			const isRateLimited = response.status === 429;
-			if (!(retryStatuses.includes(response.status) && (isRateLimited || retryMethodSet.has(method))) || attempt === maxRetries) return response;
-			lastResponse = response;
-			await response.body?.cancel().catch(() => {});
-			const delay = computeDelay(attempt, baseDelay, maxDelay, jitter, response);
-			onRetry?.(attempt, delay, `status ${response.status}`);
-			await sleep(delay);
-		} catch (err) {
-			lastError = err;
-			if (!retryOnNetworkError || !retryMethodSet.has(method) || attempt === maxRetries) throw err;
-			const delay = computeDelay(attempt, baseDelay, maxDelay, jitter);
-			onRetry?.(attempt, delay, "network error");
-			await sleep(delay);
+/**
+* Claim a queued task and start an attempt.
+*/
+var claimTask = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
 		}
-		if (lastResponse) return lastResponse;
-		throw lastError;
-	};
-}
-function computeDelay(attempt, baseDelay, maxDelay, jitter, response) {
-	const retryAfter = response?.headers.get("Retry-After");
-	if (retryAfter) {
-		const seconds = Number(retryAfter);
-		if (!Number.isNaN(seconds)) return Math.min(seconds * 1e3, maxDelay);
-		const date = Date.parse(retryAfter);
-		if (!Number.isNaN(date)) return Math.min(Math.max(date - Date.now(), 0), maxDelay);
+	],
+	url: "/tasks/{id}/claim",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
 	}
-	const exponential = baseDelay * 2 ** attempt;
-	const jitterMs = jitter ? Math.random() * baseDelay : 0;
-	return Math.min(exponential + jitterMs, maxDelay);
-}
-function sleep(ms) {
-	return new Promise((resolve) => {
-		setTimeout(resolve, ms);
-	});
-}
-function createRateLimitFetch(options) {
-	return createRetryFetch$1({
-		maxRetries: options?.maxRetries ?? 3,
-		baseDelay: options?.baseDelayMs ?? 1e3,
-		maxDelay: options?.maxDelayMs ?? 3e4,
-		retryStatuses: [429],
-		retryMethods: [
-			"GET",
-			"HEAD",
-			"OPTIONS",
-			"PUT",
-			"POST",
-			"PATCH",
-			"DELETE"
-		],
-		retryOnNetworkError: false
-	});
-}
-//#endregion
-//#region ../sdk/src/errors.ts
-var MoltNetError = class extends Error {
-	code;
-	statusCode;
-	detail;
-	constructor(message, options) {
-		super(message);
-		this.name = "MoltNetError";
-		this.code = options.code;
-		this.statusCode = options.statusCode;
-		this.detail = options.detail;
+});
+/**
+* Send a heartbeat to keep the attempt lease alive.
+*/
+var taskHeartbeat = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/heartbeat",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Mark an attempt as completed with output.
+*/
+var completeTask = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/complete",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Mark an attempt as failed with error details.
+*/
+var failTask = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/fail",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* Cancel a task.
+*/
+var cancelTask = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/cancel",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* List all attempts for a task.
+*/
+var listTaskAttempts = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts",
+	...options
+});
+/**
+* List messages for a task attempt.
+*/
+var listTaskMessages = (options) => (options.client ?? client).get({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/messages",
+	...options
+});
+/**
+* Append messages to a task attempt.
+*/
+var appendTaskMessages = (options) => (options.client ?? client).post({
+	security: [
+		{
+			scheme: "bearer",
+			type: "http"
+		},
+		{
+			name: "X-Moltnet-Session-Token",
+			type: "apiKey"
+		},
+		{
+			in: "cookie",
+			name: "ory_kratos_session",
+			type: "apiKey"
+		}
+	],
+	url: "/tasks/{id}/attempts/{n}/messages",
+	...options,
+	headers: {
+		"Content-Type": "application/json",
+		...options.headers
+	}
+});
+/**
+* List all problem types used in API error responses (RFC 9457).
+*/
+var listProblemTypes = (options) => (options?.client ?? client).get({
+	url: "/problems",
+	...options
+});
+/**
+* Get details about a specific problem type (RFC 9457).
+*/
+var getProblemType = (options) => (options.client ?? client).get({
+	url: "/problems/{type}",
+	...options
+});
+//#endregion
+//#region ../api-client/src/retry-fetch.ts
+var DEFAULT_RETRY_STATUSES = [
+	408,
+	429,
+	500,
+	502,
+	503,
+	504
+];
+var DEFAULT_RETRY_METHODS = [
+	"GET",
+	"HEAD",
+	"OPTIONS",
+	"PUT"
+];
+function createRetryFetch$1(options) {
+	const { maxRetries = 3, baseDelay = 500, maxDelay = 1e4, retryStatuses = DEFAULT_RETRY_STATUSES, retryMethods = DEFAULT_RETRY_METHODS, retryOnNetworkError = true, baseFetch = globalThis.fetch, jitter = true, onRetry } = options ?? {};
+	const retryMethodSet = new Set(retryMethods.map((m) => m.toUpperCase()));
+	return async function retryFetch(input, init) {
+		const method = (input instanceof Request ? input.method : init?.method ?? "GET").toUpperCase();
+		let lastError;
+		let lastResponse;
+		for (let attempt = 0; attempt <= maxRetries; attempt++) try {
+			const response = await baseFetch(input instanceof Request ? input.clone() : input, init);
+			const isRateLimited = response.status === 429;
+			if (!(retryStatuses.includes(response.status) && (isRateLimited || retryMethodSet.has(method))) || attempt === maxRetries) return response;
+			lastResponse = response;
+			await response.body?.cancel().catch(() => {});
+			const delay = computeDelay(attempt, baseDelay, maxDelay, jitter, response);
+			onRetry?.(attempt, delay, `status ${response.status}`);
+			await sleep(delay);
+		} catch (err) {
+			lastError = err;
+			if (!retryOnNetworkError || !retryMethodSet.has(method) || attempt === maxRetries) throw err;
+			const delay = computeDelay(attempt, baseDelay, maxDelay, jitter);
+			onRetry?.(attempt, delay, "network error");
+			await sleep(delay);
+		}
+		if (lastResponse) return lastResponse;
+		throw lastError;
+	};
+}
+function computeDelay(attempt, baseDelay, maxDelay, jitter, response) {
+	const retryAfter = response?.headers.get("Retry-After");
+	if (retryAfter) {
+		const seconds = Number(retryAfter);
+		if (!Number.isNaN(seconds)) return Math.min(seconds * 1e3, maxDelay);
+		const date = Date.parse(retryAfter);
+		if (!Number.isNaN(date)) return Math.min(Math.max(date - Date.now(), 0), maxDelay);
+	}
+	const exponential = baseDelay * 2 ** attempt;
+	const jitterMs = jitter ? Math.random() * baseDelay : 0;
+	return Math.min(exponential + jitterMs, maxDelay);
+}
+function sleep(ms) {
+	return new Promise((resolve) => {
+		setTimeout(resolve, ms);
+	});
+}
+function createRateLimitFetch(options) {
+	return createRetryFetch$1({
+		maxRetries: options?.maxRetries ?? 3,
+		baseDelay: options?.baseDelayMs ?? 1e3,
+		maxDelay: options?.maxDelayMs ?? 3e4,
+		retryStatuses: [429],
+		retryMethods: [
+			"GET",
+			"HEAD",
+			"OPTIONS",
+			"PUT",
+			"POST",
+			"PATCH",
+			"DELETE"
+		],
+		retryOnNetworkError: false
+	});
+}
+//#endregion
+//#region ../sdk/src/errors.ts
+var MoltNetError = class extends Error {
+	code;
+	statusCode;
+	detail;
+	constructor(message, options) {
+		super(message);
+		this.name = "MoltNetError";
+		this.code = options.code;
+		this.statusCode = options.statusCode;
+		this.detail = options.detail;
 	}
 };
 var NetworkError = class extends MoltNetError {
@@ -3059,7 +3254,7 @@ function decode$3(string, alphabetIdx, bitsPerChar, name) {
 	if (bits >= bitsPerChar || (255 & buffer << 8 - bits) !== 0) throw new SyntaxError("Unexpected end of data");
 	return out;
 }
-function encode$1(data, alphabet, bitsPerChar) {
+function encode$2(data, alphabet, bitsPerChar) {
 	const pad = alphabet[alphabet.length - 1] === "=";
 	const mask = (1 << bitsPerChar) - 1;
 	let out = "";
@@ -3091,7 +3286,7 @@ function rfc4648({ name, prefix, bitsPerChar, alphabet }) {
 		prefix,
 		name,
 		encode(input) {
-			return encode$1(input, alphabet, bitsPerChar);
+			return encode$2(input, alphabet, bitsPerChar);
 		},
 		decode(input) {
 			return decode$3(input, alphabetIdx, bitsPerChar, name);
@@ -3180,14 +3375,14 @@ baseX({
 });
 //#endregion
 //#region ../../node_modules/.pnpm/multiformats@13.4.2/node_modules/multiformats/dist/src/vendor/varint.js
-var encode_1 = encode;
+var encode_1 = encode$1;
 var MSB = 128, MSBALL = -128, INT = Math.pow(2, 31);
 /**
 * @param {number} num
 * @param {number[]} out
 * @param {number} offset
 */
-function encode(num, out, offset) {
+function encode$1(num, out, offset) {
 	out = out || [];
 	offset = offset || 0;
 	var oldOffset = offset;
@@ -3200,7 +3395,7 @@ function encode(num, out, offset) {
 		num >>>= 7;
 	}
 	out[offset] = num | 0;
-	encode.bytes = offset - oldOffset + 1;
+	encode$1.bytes = offset - oldOffset + 1;
 	return out;
 }
 var decode$2 = read;
@@ -4069,8 +4264,13 @@ etc.sha512Sync = (...m) => {
 	m.forEach((msg) => hash.update(msg));
 	return hash.digest();
 };
-new TextEncoder();
+//#endregion
+//#region ../../node_modules/.pnpm/multiformats@13.4.2/node_modules/multiformats/dist/src/codecs/json.js
+var textEncoder$1 = new TextEncoder();
 new TextDecoder();
+function encode(node) {
+	return textEncoder$1.encode(JSON.stringify(node));
+}
 //#endregion
 //#region ../../node_modules/.pnpm/multiformats@13.4.2/node_modules/multiformats/dist/src/hashes/hasher.js
 var DEFAULT_MIN_DIGEST_LENGTH = 20;
@@ -4117,7 +4317,9 @@ function createDigest(digest, code, truncate) {
 	}
 	return create(code, digest);
 }
-from({
+//#endregion
+//#region ../../node_modules/.pnpm/multiformats@13.4.2/node_modules/multiformats/dist/src/hashes/sha2.js
+var sha256 = from({
 	name: "sha2-256",
 	code: 18,
 	encode: (input) => coerce(crypto.createHash("sha256").update(input).digest())
@@ -4128,6 +4330,20 @@ from({
 	encode: (input) => coerce(crypto.createHash("sha512").update(input).digest())
 });
 //#endregion
+//#region ../crypto-service/src/json-cid.ts
+/**
+* Generic JSON CID — CIDv1 for arbitrary JSON-serialisable values.
+*
+* Uses the dag-json codec and sha2-256, producing a base32lower CIDv1.
+* Suitable for content-addressing task inputs, schema objects, and other
+* JSON payloads that don't need diary-entry canonical normalisation.
+*/
+async function computeJsonCid(value) {
+	const bytes = encode(value);
+	const hash = await sha256.digest(bytes);
+	return CID.create(1, 512, hash).toString();
+}
+//#endregion
 //#region ../../node_modules/.pnpm/cborg@4.5.8/node_modules/cborg/lib/is.js
 var objectTypeNames = [
 	"Object",
@@ -6155,43 +6371,20 @@ function createPacksNamespace(context) {
 				body
 			}));
 		},
-		async verifyRendered(id, body) {
-			return unwrapResult(await verifyRenderedPack({
+		async create(diaryId, body) {
+			return unwrapResult(await createDiaryCustomPack({
 				client,
 				auth,
-				path: { id },
+				path: { id: diaryId },
 				body
 			}));
 		},
-		async claimVerification(id) {
-			return unwrapResult(await claimVerification({
+		async preview(diaryId, body) {
+			return unwrapResult(await previewDiaryCustomPack({
 				client,
 				auth,
-				path: { id }
-			}));
-		},
-		async submitVerification(id, body) {
-			return unwrapResult(await submitVerification({
-				client,
-				auth,
-				path: { id },
-				body
-			}));
-		},
-		async create(diaryId, body) {
-			return unwrapResult(await createDiaryCustomPack({
-				client,
-				auth,
-				path: { id: diaryId },
-				body
-			}));
-		},
-		async preview(diaryId, body) {
-			return unwrapResult(await previewDiaryCustomPack({
-				client,
-				auth,
-				path: { id: diaryId },
-				body
+				path: { id: diaryId },
+				body
 			}));
 		}
 	};
@@ -6302,6 +6495,124 @@ function createSigningRequestsNamespace(context) {
 	};
 }
 //#endregion
+//#region ../sdk/src/namespaces/tasks.ts
+function createTasksNamespace(context) {
+	const { client, auth } = context;
+	return {
+		async list(query) {
+			return unwrapResult(await listTasks({
+				client,
+				auth,
+				query
+			}));
+		},
+		async create(body) {
+			return unwrapResult(await createTask({
+				client,
+				auth,
+				body
+			}));
+		},
+		async get(id) {
+			return unwrapResult(await getTask({
+				client,
+				auth,
+				path: { id }
+			}));
+		},
+		async claim(id, body) {
+			const result = await claimTask({
+				client,
+				auth,
+				path: { id },
+				body
+			});
+			const data = unwrapResult(result);
+			const traceHeaders = {};
+			const traceparent = result.response.headers.get("traceparent");
+			if (traceparent) {
+				traceHeaders["traceparent"] = traceparent;
+				const tracestate = result.response.headers.get("tracestate");
+				if (tracestate) traceHeaders["tracestate"] = tracestate;
+			}
+			return {
+				...data,
+				traceHeaders
+			};
+		},
+		async heartbeat(id, n, body) {
+			return unwrapResult(await taskHeartbeat({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				body
+			}));
+		},
+		async complete(id, n, body) {
+			return unwrapResult(await completeTask({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				body
+			}));
+		},
+		async fail(id, n, body) {
+			return unwrapResult(await failTask({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				body
+			}));
+		},
+		async cancel(id, body) {
+			return unwrapResult(await cancelTask({
+				client,
+				auth,
+				path: { id },
+				body
+			}));
+		},
+		async listAttempts(id) {
+			return unwrapResult(await listTaskAttempts({
+				client,
+				auth,
+				path: { id }
+			}));
+		},
+		async listMessages(id, n, query) {
+			return unwrapResult(await listTaskMessages({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				query
+			}));
+		},
+		async appendMessages(id, n, body) {
+			return unwrapResult(await appendTaskMessages({
+				client,
+				auth,
+				path: {
+					id,
+					n
+				},
+				body
+			}));
+		}
+	};
+}
+//#endregion
 //#region ../sdk/src/namespaces/teams.ts
 function createTeamsNamespace(context) {
 	const { client, auth } = context;
@@ -6433,6 +6744,7 @@ function createAgent(options) {
 		legreffier: createLegreffierNamespace(context),
 		problems: createProblemsNamespace(context),
 		teams: createTeamsNamespace(context),
+		tasks: createTasksNamespace(context),
 		client,
 		getToken: () => tokenManager.getToken()
 	};
@@ -6758,21 +7070,6 @@ var registerSandboxCommand = (pi, state) => {
 };
 //#endregion
 //#region src/moltnet/judge/assets.ts
-/**
-* Judge assets — single source of truth.
-*
-* `DEFAULT_RUBRIC` and `JUDGE_SYSTEM_PROMPT` below ARE the assets. There are
-* no companion `.md` files; tsc does not copy non-TS files into `dist/`, and
-* keeping a parallel markdown copy invited drift between source-of-truth
-* versions, which is what previously happened.
-*
-* The asset path constants are opaque identifiers used in the judge-recipe
-* CID manifest so verifiers can trace which asset set a given Pi extension
-* version emitted. They are NOT filesystem paths and are never read.
-* Bump the version suffix when you change the corresponding constant.
-*/
-var RUBRIC_ASSET_PATH = "pi-extension/judge/rubric@v1";
-var JUDGE_PROMPT_ASSET_PATH = "pi-extension/judge/system-prompt@v1";
 /** Default fidelity rubric — kept verbatim from the Go judge. */
 var DEFAULT_RUBRIC = `Evaluate the rendered content against the source entries on three axes:
 
@@ -6925,135 +7222,6 @@ function buildSourceEntriesMarkdown(entries) {
 	return parts.join("\n");
 }
 //#endregion
-//#region src/moltnet/judge-recipe-cid.ts
-var require = createRequire(import.meta.url);
-var SELF_PACKAGE_NAME = "@themoltnet/pi-extension";
-var PI_PACKAGE_NAME = "@mariozechner/pi-coding-agent";
-var SDK_PACKAGE_NAME = "@themoltnet/sdk";
-var CID_VERSION = 1;
-var RAW_CODEC = 85;
-var SHA2_256_CODE = 18;
-var BASE32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
-function findSelfPackageDir() {
-	const start = path.dirname(fileURLToPath(import.meta.url));
-	let dir = start;
-	while (true) {
-		const candidate = path.join(dir, "package.json");
-		if (existsSync(candidate)) {
-			if (JSON.parse(readFileSync(candidate, "utf8")).name === SELF_PACKAGE_NAME) return dir;
-		}
-		const parent = path.dirname(dir);
-		if (parent === dir) return start;
-		dir = parent;
-	}
-}
-var PACKAGE_DIR = findSelfPackageDir();
-function sha256Hex(value) {
-	return createHash("sha256").update(value, "utf8").digest("hex");
-}
-function encodeVarint(value) {
-	const bytes = [];
-	let current = value >>> 0;
-	while (current >= 128) {
-		bytes.push(current & 127 | 128);
-		current >>>= 7;
-	}
-	bytes.push(current);
-	return bytes;
-}
-function base32Lower(bytes) {
-	let bits = 0;
-	let value = 0;
-	let output = "";
-	for (const byte of bytes) {
-		value = value << 8 | byte;
-		bits += 8;
-		while (bits >= 5) {
-			output += BASE32_ALPHABET[value >>> bits - 5 & 31];
-			bits -= 5;
-		}
-	}
-	if (bits > 0) output += BASE32_ALPHABET[value << 5 - bits & 31];
-	return `b${output}`;
-}
-function stableStringify(value) {
-	if (value === null || typeof value !== "object") return JSON.stringify(value);
-	if (Array.isArray(value)) return `[${value.map((item) => stableStringify(item)).join(",")}]`;
-	return `{${Object.entries(value).sort(([left], [right]) => left.localeCompare(right)).map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
-}
-function readPackageVersion(pkgPath, expectedName) {
-	if (!existsSync(pkgPath)) return null;
-	const parsed = JSON.parse(readFileSync(pkgPath, "utf8"));
-	if (expectedName && parsed.name !== expectedName) return null;
-	return typeof parsed.version === "string" ? parsed.version : null;
-}
-function resolveInstalledPackageVersion(packageName) {
-	const candidates = [];
-	try {
-		candidates.push(path.dirname(require.resolve(packageName)));
-	} catch {}
-	let dir = PACKAGE_DIR;
-	while (true) {
-		candidates.push(path.join(dir, "node_modules", packageName));
-		const parent = path.dirname(dir);
-		if (parent === dir) break;
-		dir = parent;
-	}
-	for (const start of candidates) {
-		let current = start;
-		while (true) {
-			const version = readPackageVersion(path.join(current, "package.json"), packageName);
-			if (version) return version;
-			const parent = path.dirname(current);
-			if (parent === current) break;
-			current = parent;
-		}
-	}
-	return null;
-}
-function resolvePiJudgeRecipeVersions() {
-	return {
-		pi: resolveInstalledPackageVersion(PI_PACKAGE_NAME),
-		piExtension: readPackageVersion(path.join(PACKAGE_DIR, "package.json"), SELF_PACKAGE_NAME),
-		sdk: resolveInstalledPackageVersion(SDK_PACKAGE_NAME)
-	};
-}
-function buildPiJudgeRecipeManifest(inputs) {
-	return {
-		kind: "pi-judge-recipe/v1",
-		versions: {
-			...resolvePiJudgeRecipeVersions(),
-			...inputs.overrides
-		},
-		assets: {
-			promptAsset: inputs.promptAsset ?? null,
-			rubricAsset: inputs.rubricAsset ?? null,
-			skillSourcePath: inputs.skillSourcePath ?? null
-		},
-		hashes: {
-			judgePromptSha256: sha256Hex(inputs.judgePrompt),
-			rubricSha256: sha256Hex(inputs.rubric),
-			skillFragmentSha256: inputs.skillFragment ? sha256Hex(inputs.skillFragment) : null,
-			implementationSha256: inputs.implementationSource ? sha256Hex(inputs.implementationSource) : null
-		}
-	};
-}
-function computePiJudgeRecipeCid(inputs) {
-	const manifest = buildPiJudgeRecipeManifest(inputs);
-	const manifestBytes = Buffer.from(stableStringify(manifest), "utf8");
-	const digestBytes = createHash("sha256").update(manifestBytes).digest();
-	return {
-		cid: base32Lower(Uint8Array.from([
-			...encodeVarint(CID_VERSION),
-			...encodeVarint(RAW_CODEC),
-			...encodeVarint(SHA2_256_CODE),
-			...encodeVarint(digestBytes.length),
-			...digestBytes
-		])),
-		manifest
-	};
-}
-//#endregion
 //#region src/moltnet/render-phase6.ts
 function slugToTitle(value) {
 	return value.split(/[:/_-]+/).filter(Boolean).map((part) => part[0]?.toUpperCase() + part.slice(1)).join(" ");
@@ -7171,316 +7339,582 @@ function renderPhase6Markdown(pack) {
 * These tools run on the host (not in the VM) via the MoltNet SDK,
 * so agent credentials never touch the VM filesystem.
 */
+/**
+* Baseline env keys forwarded to host-exec child processes.
+* Callers can extend this set at sandbox startup via `MoltNetToolsConfig.hostExecBaseEnv`.
+*/
+var HOST_EXEC_DEFAULT_BASE_ENV = new Set([
+	"PATH",
+	"HOME",
+	"LANG",
+	"LC_ALL",
+	"TMPDIR",
+	"GIT_CONFIG_GLOBAL",
+	"MOLTNET_CREDENTIALS_PATH",
+	"GIT_AUTHOR_NAME",
+	"GIT_AUTHOR_EMAIL",
+	"GIT_COMMITTER_NAME",
+	"GIT_COMMITTER_EMAIL",
+	"SSH_AUTH_SOCK"
+]);
 function ensureConnected(config) {
 	const agent = config.getAgent();
 	const diaryId = config.getDiaryId();
 	if (!agent || !diaryId) throw new Error("MoltNet not connected");
 	return {
 		agent,
-		diaryId
+		diaryId,
+		teamId: config.getTeamId() ?? ""
 	};
 }
 /**
 * Create all MoltNet tool definitions, ready to pass to `pi.registerTool()`.
 */
 function createMoltNetTools(config) {
-	return [
-		defineTool({
-			name: "moltnet_pack_get",
-			label: "Get MoltNet Pack",
-			description: "Get a context pack by ID. Optionally expand included entries.",
-			parameters: Type.Object({
-				packId: Type.String({ description: "Context pack ID" }),
-				expandEntries: Type.Optional(Type.Boolean({ description: "Include full expanded entries" }))
-			}),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				const pack = await agent.packs.get(params.packId, { expand: params.expandEntries ? "entries" : void 0 });
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(pack, null, 2)
-					}],
-					details: {}
-				};
-			}
+	const getPack = defineTool({
+		name: "moltnet_pack_get",
+		label: "Get MoltNet Pack",
+		description: "Get a context pack by ID. Optionally expand included entries.",
+		parameters: Type.Object({
+			packId: Type.String({ description: "Context pack ID" }),
+			expandEntries: Type.Optional(Type.Boolean({ description: "Include full expanded entries" }))
 		}),
-		defineTool({
-			name: "moltnet_pack_create",
-			label: "Create MoltNet Pack",
-			description: "Persist a curated context pack. Entries are caller-ranked (lower rank = more prominent). Recipe/prompt/selection_rationale belong in params. Defaults to pinned=false — packs in the attribution pipeline are ephemeral unless the caller explicitly opts in.",
-			parameters: Type.Object({
-				entries: Type.Array(Type.Object({
-					entryId: Type.String({ description: "Diary entry UUID" }),
-					rank: Type.Number({ description: "Rank (1..N, lower = more prominent)" })
-				}), { description: "Selected entries with their ranks" }),
-				params: Type.Optional(Type.Record(Type.String(), Type.Unknown(), { description: "Free-form recipe parameters (recipe name, prompt, selection rationale, etc.)" })),
-				tokenBudget: Type.Optional(Type.Number({ description: "Soft token budget recorded on the pack (optional)" })),
-				pinned: Type.Optional(Type.Boolean({ description: "Pin the pack against retention policy (default false)" }))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const pack = await agent.packs.create(diaryId, {
-					packType: "custom",
-					params: params.params ?? {},
-					entries: params.entries,
-					tokenBudget: params.tokenBudget,
-					pinned: params.pinned ?? false
-				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(pack, null, 2)
-					}],
-					details: {}
-				};
-			}
+		async execute(_id, params) {
+			const { agent } = ensureConnected(config);
+			const pack = await agent.packs.get(params.packId, { expand: params.expandEntries ? "entries" : void 0 });
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(pack, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const createPack = defineTool({
+		name: "moltnet_pack_create",
+		label: "Create MoltNet Pack",
+		description: "Persist a curated context pack. Entries are caller-ranked (lower rank = more prominent). Recipe/prompt/selection_rationale belong in params. Defaults to pinned=false — packs in the attribution pipeline are ephemeral unless the caller explicitly opts in.",
+		parameters: Type.Object({
+			entries: Type.Array(Type.Object({
+				entryId: Type.String({ description: "Diary entry UUID" }),
+				rank: Type.Number({ description: "Rank (1..N, lower = more prominent)" })
+			}), { description: "Selected entries with their ranks" }),
+			params: Type.Optional(Type.Record(Type.String(), Type.Unknown(), { description: "Free-form recipe parameters (recipe name, prompt, selection rationale, etc.)" })),
+			tokenBudget: Type.Optional(Type.Number({ description: "Soft token budget recorded on the pack (optional)" })),
+			pinned: Type.Optional(Type.Boolean({ description: "Pin the pack against retention policy (default false)" }))
 		}),
-		defineTool({
-			name: "moltnet_pack_provenance",
-			label: "Get MoltNet Pack Provenance",
-			description: "Get the provenance graph for a context pack by ID or CID.",
-			parameters: Type.Object({
-				packId: Type.Optional(Type.String({ description: "Context pack ID" })),
-				packCid: Type.Optional(Type.String({ description: "Context pack CID" })),
-				depth: Type.Optional(Type.Number({ description: "Supersession ancestry depth to include (default 2)" }))
-			}),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				if (!params.packId && !params.packCid) throw new Error("Provide either packId or packCid");
-				if (params.packId && params.packCid) throw new Error("Provide only one of packId or packCid");
-				const graph = params.packId ? await agent.packs.getProvenance(params.packId, { depth: params.depth ?? 2 }) : await agent.packs.getProvenanceByCid(params.packCid, { depth: params.depth ?? 2 });
-				const payload = {
-					metadata: graph.metadata,
-					counts: {
-						nodes: graph.nodes.length,
-						edges: graph.edges.length
-					},
-					graph
-				};
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(payload, null, 2)
-					}],
-					details: {}
-				};
-			}
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const pack = await agent.packs.create(diaryId, {
+				packType: "custom",
+				params: params.params ?? {},
+				entries: params.entries,
+				tokenBudget: params.tokenBudget,
+				pinned: params.pinned ?? false
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(pack, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const getPackProvenance = defineTool({
+		name: "moltnet_pack_provenance",
+		label: "Get MoltNet Pack Provenance",
+		description: "Get the provenance graph for a context pack by ID or CID.",
+		parameters: Type.Object({
+			packId: Type.Optional(Type.String({ description: "Context pack ID" })),
+			packCid: Type.Optional(Type.String({ description: "Context pack CID" })),
+			depth: Type.Optional(Type.Number({ description: "Supersession ancestry depth to include (default 2)" }))
 		}),
-		defineTool({
-			name: "moltnet_pack_render",
-			label: "Render MoltNet Pack",
-			description: "Fetch a pack with entries, transform it into docs, then preview or persist the rendered pack.",
-			parameters: Type.Object({
-				packId: Type.String({ description: "Context pack ID" }),
-				renderMethod: Type.Optional(Type.String({ description: "Render method label. Defaults to pi:pack-to-docs-v1" })),
-				markdown: Type.Optional(Type.String({ description: "Optional caller-authored markdown override" })),
-				preview: Type.Optional(Type.Boolean({ description: "Preview without persisting (default false)" })),
-				pinned: Type.Optional(Type.Boolean({ description: "Persist the rendered pack as pinned (default false)" }))
-			}),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				const renderMethod = params.renderMethod ?? "pi:pack-to-docs-v1";
-				let renderedMarkdown = params.markdown;
-				if (!renderedMarkdown && !renderMethod.startsWith("server:")) renderedMarkdown = renderPhase6Markdown(await agent.packs.get(params.packId, { expand: "entries" }));
-				const result = params.preview ?? false ? await agent.packs.previewRendered(params.packId, {
-					renderMethod,
-					renderedMarkdown
-				}) : await agent.packs.render(params.packId, {
-					renderMethod,
-					renderedMarkdown,
-					pinned: params.pinned
-				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(result, null, 2)
-					}],
-					details: {}
-				};
-			}
+		async execute(_id, params) {
+			const { agent } = ensureConnected(config);
+			if (!params.packId && !params.packCid) throw new Error("Provide either packId or packCid");
+			if (params.packId && params.packCid) throw new Error("Provide only one of packId or packCid");
+			const graph = params.packId ? await agent.packs.getProvenance(params.packId, { depth: params.depth ?? 2 }) : await agent.packs.getProvenanceByCid(params.packCid, { depth: params.depth ?? 2 });
+			const payload = {
+				metadata: graph.metadata,
+				counts: {
+					nodes: graph.nodes.length,
+					edges: graph.edges.length
+				},
+				graph
+			};
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(payload, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const renderPack = defineTool({
+		name: "moltnet_pack_render",
+		label: "Render MoltNet Pack",
+		description: "Fetch a pack with entries, transform it into docs, then preview or persist the rendered pack.",
+		parameters: Type.Object({
+			packId: Type.String({ description: "Context pack ID" }),
+			renderMethod: Type.Optional(Type.String({ description: "Render method label. Defaults to pi:pack-to-docs-v1" })),
+			markdown: Type.Optional(Type.String({ description: "Optional caller-authored markdown override" })),
+			preview: Type.Optional(Type.Boolean({ description: "Preview without persisting (default false)" })),
+			pinned: Type.Optional(Type.Boolean({ description: "Persist the rendered pack as pinned (default false)" }))
 		}),
-		defineTool({
-			name: "moltnet_rendered_pack_list",
-			label: "List MoltNet Rendered Packs",
-			description: "List rendered packs for the current MoltNet diary, optionally filtered by source pack or render method.",
-			parameters: Type.Object({
-				sourcePackId: Type.Optional(Type.String({ description: "Filter by source pack ID" })),
-				renderMethod: Type.Optional(Type.String({ description: "Filter by render method" })),
-				limit: Type.Optional(Type.Number({ description: "Max results (default 10)" })),
-				offset: Type.Optional(Type.Number({ description: "Offset for pagination (default 0)" }))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const rendered = await agent.packs.listRendered(diaryId, {
+		async execute(_id, params) {
+			const { agent } = ensureConnected(config);
+			const renderMethod = params.renderMethod ?? "pi:pack-to-docs-v1";
+			let renderedMarkdown = params.markdown;
+			if (!renderedMarkdown && !renderMethod.startsWith("server:")) renderedMarkdown = renderPhase6Markdown(await agent.packs.get(params.packId, { expand: "entries" }));
+			const result = params.preview ?? false ? await agent.packs.previewRendered(params.packId, {
+				renderMethod,
+				renderedMarkdown
+			}) : await agent.packs.render(params.packId, {
+				renderMethod,
+				renderedMarkdown,
+				pinned: params.pinned
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(result, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const listRenderedPacks = defineTool({
+		name: "moltnet_rendered_pack_list",
+		label: "List MoltNet Rendered Packs",
+		description: "List rendered packs for the current MoltNet diary, optionally filtered by source pack or render method.",
+		parameters: Type.Object({
+			sourcePackId: Type.Optional(Type.String({ description: "Filter by source pack ID" })),
+			renderMethod: Type.Optional(Type.String({ description: "Filter by render method" })),
+			limit: Type.Optional(Type.Number({ description: "Max results (default 10)" })),
+			offset: Type.Optional(Type.Number({ description: "Offset for pagination (default 0)" }))
+		}),
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const rendered = await agent.packs.listRendered(diaryId, {
+				sourcePackId: params.sourcePackId,
+				renderMethod: params.renderMethod,
+				limit: params.limit ?? 10,
+				offset: params.offset ?? 0
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(rendered, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const getRenderedPack = defineTool({
+		name: "moltnet_rendered_pack_get",
+		label: "Get MoltNet Rendered Pack",
+		description: "Get a rendered pack by ID.",
+		parameters: Type.Object({ renderedPackId: Type.String({ description: "Rendered pack ID" }) }),
+		async execute(_id, params) {
+			const { agent } = ensureConnected(config);
+			const rendered = await agent.packs.getRendered(params.renderedPackId);
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(rendered, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const createJudgePackTask = defineTool({
+		name: "moltnet_judge_pack_task_create",
+		label: "Create Judge Pack Task",
+		description: "Create a judge_pack task for a rendered pack. Returns a taskId that moltnet_rendered_pack_judge can claim and execute. The rubric is required — pass the structured rubric JSON from @moltnet/tasks Rubric schema.",
+		parameters: Type.Object({
+			renderedPackId: Type.String({ description: "Rendered pack ID to judge" }),
+			sourcePackId: Type.String({ description: "Source pack ID. Fetch it from the rendered pack if unknown." }),
+			rubric: Type.Any({ description: "Structured rubric object (Rubric schema from @moltnet/tasks). Must have rubricId, version, criteria[]." }),
+			diaryId: Type.Optional(Type.String({ description: "Diary ID to impose the task on. Defaults to the connected diary." }))
+		}),
+		async execute(_id, params) {
+			const { agent, diaryId: connectedDiaryId, teamId: connectedTeamId } = ensureConnected(config);
+			const task = await agent.tasks.create({
+				taskType: "judge_pack",
+				input: {
+					renderedPackId: params.renderedPackId,
 					sourcePackId: params.sourcePackId,
-					renderMethod: params.renderMethod,
-					limit: params.limit ?? 10,
-					offset: params.offset ?? 0
+					rubric: params.rubric
+				},
+				diaryId: params.diaryId ?? connectedDiaryId,
+				teamId: connectedTeamId
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify({
+						taskId: task.id,
+						task
+					}, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const judgeRenderedPack = defineTool({
+		name: "moltnet_rendered_pack_judge",
+		label: "Judge MoltNet Rendered Pack",
+		description: "Claim a judge_pack task, run the fidelity judge locally, complete the task with structured scores, and set verifiedTaskId on the rendered pack. Create the task first with moltnet_judge_pack_task_create.",
+		parameters: Type.Object({
+			taskId: Type.String({ description: "judge_pack task ID from moltnet_judge_pack_task_create" }),
+			rubricOverride: Type.Optional(Type.String({ description: "Freeform rubric string override for the LLM judge prompt. When omitted the task rubric preamble (or built-in default) is used." }))
+		}),
+		async execute(_id, params, _signal, _onUpdate, ctx) {
+			const { agent } = ensureConnected(config);
+			const model = ctx?.model;
+			if (!model) throw new Error("No active model in pi session — cannot run the fidelity judge.");
+			const claimed = await agent.tasks.claim(params.taskId);
+			const input = claimed.task.input;
+			const rendered = await agent.packs.getRendered(input.renderedPackId);
+			if (!rendered.content?.trim()) throw new Error(`rendered pack ${input.renderedPackId} has empty content`);
+			const sourcePack = await agent.packs.get(input.sourcePackId, { expand: "entries" });
+			if (!sourcePack.entries || sourcePack.entries.length === 0) throw new Error(`source pack ${input.sourcePackId} has no entries`);
+			const sourceEntriesMd = buildSourceEntriesMarkdown(sourcePack.entries.map((entry) => ({
+				title: entry.entry.title,
+				content: entry.entry.content
+			})));
+			const rubric = params.rubricOverride?.trim() || input.rubric?.preamble?.trim() || DEFAULT_RUBRIC;
+			let scores;
+			try {
+				scores = await runFidelityJudge({
+					model,
+					sourceEntries: sourceEntriesMd,
+					renderedContent: rendered.content,
+					rubric
 				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(rendered, null, 2)
-					}],
-					details: {}
-				};
+			} catch (err) {
+				await agent.tasks.fail(params.taskId, claimed.attempt.attemptN, { error: {
+					code: "judge_failed",
+					message: err.message ?? String(err)
+				} }).catch(() => {});
+				throw new Error(`judge failed: ${err.message ?? String(err)}`);
 			}
+			const modelId = model.provider && model.id ? `${model.provider}:${model.id}` : model.id ?? "pi:unknown";
+			const output = {
+				scores: [
+					{
+						criterionId: "coverage",
+						score: scores.coverage
+					},
+					{
+						criterionId: "grounding",
+						score: scores.grounding
+					},
+					{
+						criterionId: "faithfulness",
+						score: scores.faithfulness
+					}
+				],
+				composite: scores.composite,
+				verdict: scores.reasoning,
+				judgeModel: modelId
+			};
+			const outputCid = await computeJsonCid(output);
+			const completed = await agent.tasks.complete(params.taskId, claimed.attempt.attemptN, {
+				output,
+				outputCid,
+				usage: {
+					inputTokens: 0,
+					outputTokens: 0
+				}
+			});
+			await agent.packs.updateRendered(input.renderedPackId, { verifiedTaskId: params.taskId });
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify({
+						renderedPackId: input.renderedPackId,
+						taskId: params.taskId,
+						scores,
+						task: completed
+					}, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const diaryTags = defineTool({
+		name: "moltnet_diary_tags",
+		label: "List MoltNet Diary Tags",
+		description: "Inventory tags on the current diary with entry counts. Cheap reconnaissance before committing to a search or list — use it to discover scope prefixes and cluster sizes. Optional prefix/minCount/entryTypes filters narrow the result.",
+		parameters: Type.Object({
+			prefix: Type.Optional(Type.String({ description: "Filter to tags starting with this prefix (e.g. \"scope:\")" })),
+			minCount: Type.Optional(Type.Number({ description: "Exclude tags with fewer than this many entries" })),
+			entryTypes: Type.Optional(Type.Array(Type.Union([
+				Type.Literal("episodic"),
+				Type.Literal("semantic"),
+				Type.Literal("procedural"),
+				Type.Literal("reflection"),
+				Type.Literal("identity"),
+				Type.Literal("soul")
+			]), { description: "Scope the tag count to these entry types" }))
 		}),
-		defineTool({
-			name: "moltnet_rendered_pack_get",
-			label: "Get MoltNet Rendered Pack",
-			description: "Get a rendered pack by ID.",
-			parameters: Type.Object({ renderedPackId: Type.String({ description: "Rendered pack ID" }) }),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				const rendered = await agent.packs.getRendered(params.renderedPackId);
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(rendered, null, 2)
-					}],
-					details: {}
-				};
-			}
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const result = await agent.diaries.tags(diaryId, {
+				prefix: params.prefix,
+				minCount: params.minCount,
+				entryTypes: params.entryTypes
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(result, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const listEntries = defineTool({
+		name: "moltnet_list_entries",
+		label: "List MoltNet Diary Entries",
+		description: "List entries from the MoltNet diary. When `entryIds` is provided, batch-fetches those specific entries (max 50) and returns full fields including entryType, contentSignature, and contentHash for signature checks. Otherwise returns recent entries with a content preview.",
+		parameters: Type.Object({
+			limit: Type.Optional(Type.Number({ description: "Max entries to return (default 10)" })),
+			tag: Type.Optional(Type.String({ description: "Filter by tag (optional)" })),
+			entryIds: Type.Optional(Type.Array(Type.String(), {
+				description: "Batch-fetch specific entries by UUID (max 50). Overrides `limit` and `tag` for selection.",
+				maxItems: 50
+			}))
 		}),
-		defineTool({
-			name: "moltnet_rendered_pack_verify",
-			label: "Verify MoltNet Rendered Pack",
-			description: "Create a verification workflow for a rendered pack and return the verification ID and nonce.",
-			parameters: Type.Object({
-				renderedPackId: Type.String({ description: "Rendered pack ID" }),
-				nonce: Type.Optional(Type.String({ description: "Caller-supplied idempotency nonce. Generated automatically if omitted." }))
-			}),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				const nonce = params.nonce ?? randomUUID();
-				const verification = await agent.packs.verifyRendered(params.renderedPackId, { nonce });
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							...verification,
-							nonce
-						}, null, 2)
-					}],
-					details: {}
-				};
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const query = {
+				orderBy: "createdAt",
+				order: "desc"
+			};
+			const batchMode = !!params.entryIds?.length;
+			if (batchMode) query.ids = params.entryIds;
+			else {
+				query.limit = params.limit ?? 10;
+				if (params.tag) query.tag = params.tag;
 			}
+			const entries = await agent.entries.list(diaryId, query);
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(entries.items?.map((e) => batchMode ? {
+						id: e.id,
+						title: e.title,
+						entryType: e.entryType,
+						tags: e.tags,
+						importance: e.importance,
+						contentHash: e.contentHash,
+						contentSignature: e.contentSignature,
+						signingNonce: e.signingNonce,
+						createdAt: e.createdAt
+					} : {
+						id: e.id,
+						title: e.title,
+						tags: e.tags,
+						importance: e.importance,
+						createdAt: e.createdAt,
+						contentPreview: typeof e.content === "string" ? e.content.slice(0, 200) : void 0
+					}), null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const getEntry = defineTool({
+		name: "moltnet_get_entry",
+		label: "Get MoltNet Diary Entry",
+		description: "Get the full content of a specific diary entry by ID.",
+		parameters: Type.Object({ entryId: Type.String({ description: "The entry ID to fetch" }) }),
+		async execute(_id, params) {
+			const { agent } = ensureConnected(config);
+			const entry = await agent.entries.get(params.entryId);
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify({
+						id: entry.id,
+						title: entry.title,
+						content: entry.content,
+						tags: entry.tags,
+						importance: entry.importance,
+						createdAt: entry.createdAt
+					}, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const searchEntries = defineTool({
+		name: "moltnet_search_entries",
+		label: "Search MoltNet Diary Entries",
+		description: "Search diary entries by semantic query. Uses vector similarity to find relevant entries.",
+		parameters: Type.Object({
+			query: Type.String({ description: "Natural language search query" }),
+			limit: Type.Optional(Type.Number({ description: "Max results (default 5)" }))
+		}),
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const results = await agent.entries.search({
+				diaryId,
+				query: params.query,
+				limit: params.limit ?? 5
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(results.results?.map((e) => ({
+						id: e.id,
+						title: e.title,
+						tags: e.tags,
+						importance: e.importance,
+						contentPreview: typeof e.content === "string" ? e.content.slice(0, 200) : void 0
+					})), null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const createEntry = defineTool({
+		name: "moltnet_create_entry",
+		label: "Create MoltNet Diary Entry",
+		description: "Create a new diary entry to record decisions, findings, incidents, or reflections.",
+		parameters: Type.Object({
+			title: Type.String({ description: "Entry title (concise, descriptive)" }),
+			content: Type.String({ description: "Entry content (markdown)" }),
+			tags: Type.Optional(Type.Array(Type.String(), { description: "Tags for categorization" })),
+			importance: Type.Optional(Type.Number({ description: "Importance 1-10 (default 5)" }))
 		}),
+		async execute(_id, params) {
+			const { agent, diaryId } = ensureConnected(config);
+			const entry = await agent.entries.create(diaryId, {
+				title: params.title,
+				content: params.content,
+				tags: params.tags ?? [],
+				importance: params.importance ?? 5
+			});
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify({
+						id: entry.id,
+						title: entry.title,
+						createdAt: entry.createdAt
+					}, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const reviewSessionErrors = defineTool({
+		name: "moltnet_review_session_errors",
+		label: "Review Session Tool Errors",
+		description: "Review tool failures buffered during this session (isError=true results). Use this to decide whether any failures are worth persisting as a diary entry via moltnet_create_entry. Most failures are transient (denied prompts, empty greps, mid-iteration typecheck errors) and should NOT be written to the diary — only persist incidents that represent a real finding (root cause identified, non-obvious workaround, recurring pattern). Pass clear=true to drop the buffer after reviewing.",
+		parameters: Type.Object({ clear: Type.Optional(Type.Boolean({ description: "If true, empty the buffer after returning it. Use once you have decided whether to persist." })) }),
+		async execute(_id, params) {
+			const errors = config.getSessionErrors();
+			const payload = {
+				count: errors.length,
+				errors: errors.map((e) => ({
+					toolName: e.toolName,
+					toolCallId: e.toolCallId,
+					timestamp: new Date(e.timestamp).toISOString(),
+					input: e.input,
+					error: e.error
+				}))
+			};
+			if (params.clear) config.clearSessionErrors();
+			return {
+				content: [{
+					type: "text",
+					text: JSON.stringify(payload, null, 2)
+				}],
+				details: {}
+			};
+		}
+	});
+	const HOST_EXEC_ALLOWED = new Set([
+		"git",
+		"gh",
+		"moltnet"
+	]);
+	const hostExecBaseEnv = config.hostExecBaseEnv ?? HOST_EXEC_DEFAULT_BASE_ENV;
+	const HOST_EXEC_TIMEOUT_MS = 6e4;
+	return [
+		getPack,
+		createPack,
+		getPackProvenance,
+		renderPack,
+		listRenderedPacks,
+		getRenderedPack,
+		createJudgePackTask,
+		judgeRenderedPack,
+		diaryTags,
+		listEntries,
+		getEntry,
+		searchEntries,
+		createEntry,
+		reviewSessionErrors,
 		defineTool({
-			name: "moltnet_rendered_pack_judge",
-			label: "Judge MoltNet Rendered Pack",
-			description: "Run the fidelity judge against a rendered pack. Local mode (no nonce): fetch the rendered pack + its source pack with entries, judge locally, return scores. Proctored mode (nonce): claim the verification payload from the API, judge, and submit scores with a Pi judge-recipe CID.",
+			name: "moltnet_host_exec",
+			label: "Run command on host (escape hatch — requires user approval)",
+			description: "Runs a command on the HOST machine, outside the sandbox VM. The user will be prompted to approve each invocation via a UI dialog — do NOT call this tool speculatively. Use ONLY when a sandboxed operation is impossible — e.g. `git push`, `gh pr create`.\n\nAllowed executables: git, gh, moltnet. Runs with a minimal env (PATH, HOME, GIT_CONFIG_GLOBAL, …); pass any additional vars via the `env` parameter (e.g. GH_TOKEN). Every invocation is logged as an auditable host execution.",
 			parameters: Type.Object({
-				renderedPackId: Type.String({ description: "Rendered pack ID" }),
-				nonce: Type.Optional(Type.String({ description: "Verification nonce from moltnet_rendered_pack_verify. If set, runs proctored mode and submits scores. If omitted, runs local mode and does not submit." })),
-				rubric: Type.Optional(Type.String({ description: "Custom rubric override (local mode only). Defaults to the built-in rubric when omitted." }))
+				executable: Type.String({ description: "Executable to run (git | gh | moltnet)" }),
+				args: Type.Array(Type.String(), { description: "Arguments to pass to the executable" }),
+				env: Type.Optional(Type.Record(Type.String(), Type.String(), { description: "Additional environment variables for this invocation (e.g. { \"GH_TOKEN\": \"...\" }). Merged on top of the minimal base env." }))
 			}),
 			async execute(_id, params, _signal, _onUpdate, ctx) {
-				const { agent } = ensureConnected(config);
-				const model = ctx?.model;
-				if (!model) throw new Error("No active model in pi session — cannot run the fidelity judge.");
-				let sourceEntriesMd;
-				let renderedContent;
-				let rubric;
-				if (params.nonce) {
-					if (params.rubric) throw new Error("`rubric` is only supported in local mode (omit `nonce`).");
-					const claim = await agent.packs.claimVerification(params.renderedPackId);
-					sourceEntriesMd = buildSourceEntriesMarkdown(claim.sourceEntries);
-					renderedContent = claim.renderedContent;
-					rubric = claim.rubric?.trim() ? claim.rubric : DEFAULT_RUBRIC;
-				} else {
-					const rendered = await agent.packs.getRendered(params.renderedPackId);
-					if (!rendered.content?.trim()) throw new Error(`rendered pack ${params.renderedPackId} has empty content`);
-					const sourcePack = await agent.packs.get(rendered.sourcePackId, { expand: "entries" });
-					if (!sourcePack.entries || sourcePack.entries.length === 0) throw new Error(`source pack ${rendered.sourcePackId} has no entries`);
-					sourceEntriesMd = buildSourceEntriesMarkdown(sourcePack.entries.map((entry) => ({
-						title: entry.entry.title,
-						content: entry.entry.content
-					})));
-					renderedContent = rendered.content;
-					rubric = params.rubric?.trim() ? params.rubric : DEFAULT_RUBRIC;
+				if (!HOST_EXEC_ALLOWED.has(params.executable)) throw new Error(`host_exec: '${params.executable}' is not in the allowed list (${[...HOST_EXEC_ALLOWED].join(", ")}). Extend HOST_EXEC_ALLOWED only after explicit security review.`);
+				if (ctx?.ui) {
+					const cmdDisplay = [params.executable, ...params.args].join(" ");
+					if (!await ctx.ui.confirm("Allow host command?", `The agent wants to run on your machine:\n\n  ${cmdDisplay}\n\nAllow?`)) throw new Error(`host_exec: user declined approval for: ${cmdDisplay}`);
+				}
+				const cwd = config.getHostCwd?.() ?? process.cwd();
+				const baseEnv = {};
+				for (const key of hostExecBaseEnv) {
+					const val = process.env[key];
+					if (val !== void 0) baseEnv[key] = val;
 				}
-				let scores;
+				const mergedEnv = {
+					...baseEnv,
+					...params.env ?? {}
+				};
+				let stdout;
+				let stderr = "";
 				try {
-					scores = await runFidelityJudge({
-						model,
-						sourceEntries: sourceEntriesMd,
-						renderedContent,
-						rubric
+					stdout = execFileSync(params.executable, params.args, {
+						encoding: "utf8",
+						cwd,
+						env: mergedEnv,
+						stdio: [
+							"pipe",
+							"pipe",
+							"pipe"
+						],
+						timeout: HOST_EXEC_TIMEOUT_MS
 					});
 				} catch (err) {
-					throw new Error(`judge failed: ${err.message ?? String(err)}`);
+					const e = err;
+					stdout = e.stdout ?? "";
+					stderr = e.stderr ?? e.message ?? String(err);
 				}
-				if (!params.nonce) return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							mode: "local",
-							renderedPackId: params.renderedPackId,
-							scores
-						}, null, 2)
-					}],
-					details: {}
-				};
-				const recipe = computePiJudgeRecipeCid({
-					judgePrompt: JUDGE_SYSTEM_PROMPT,
-					rubric,
-					promptAsset: JUDGE_PROMPT_ASSET_PATH,
-					rubricAsset: RUBRIC_ASSET_PATH
-				});
-				const providerName = model.provider ?? "pi";
-				const modelId = model.id ?? "unknown";
-				const submit = await agent.packs.submitVerification(params.renderedPackId, {
-					nonce: params.nonce,
-					coverage: scores.coverage,
-					grounding: scores.grounding,
-					faithfulness: scores.faithfulness,
-					transcript: scores.reasoning,
-					judgeModel: modelId,
-					judgeProvider: providerName,
-					judgeBinaryCid: recipe.cid
-				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							mode: "proctored",
-							renderedPackId: params.renderedPackId,
-							scores,
-							submission: submit,
-							judgeRecipeCid: recipe.cid,
-							judgeRecipeManifest: recipe.manifest
-						}, null, 2)
-					}],
-					details: {}
+				const result = {
+					host_exec: true,
+					executable: params.executable,
+					args: params.args,
+					cwd,
+					stdout: stdout.trimEnd(),
+					stderr: stderr.trimEnd() || void 0
 				};
-			}
-		}),
-		defineTool({
-			name: "moltnet_diary_tags",
-			label: "List MoltNet Diary Tags",
-			description: "Inventory tags on the current diary with entry counts. Cheap reconnaissance before committing to a search or list — use it to discover scope prefixes and cluster sizes. Optional prefix/minCount/entryTypes filters narrow the result.",
-			parameters: Type.Object({
-				prefix: Type.Optional(Type.String({ description: "Filter to tags starting with this prefix (e.g. \"scope:\")" })),
-				minCount: Type.Optional(Type.Number({ description: "Exclude tags with fewer than this many entries" })),
-				entryTypes: Type.Optional(Type.Array(Type.Union([
-					Type.Literal("episodic"),
-					Type.Literal("semantic"),
-					Type.Literal("procedural"),
-					Type.Literal("reflection"),
-					Type.Literal("identity"),
-					Type.Literal("soul")
-				]), { description: "Scope the tag count to these entry types" }))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const result = await agent.diaries.tags(diaryId, {
-					prefix: params.prefix,
-					minCount: params.minCount,
-					entryTypes: params.entryTypes
-				});
 				return {
 					content: [{
 						type: "text",
@@ -7489,169 +7923,6 @@ function createMoltNetTools(config) {
 					details: {}
 				};
 			}
-		}),
-		defineTool({
-			name: "moltnet_list_entries",
-			label: "List MoltNet Diary Entries",
-			description: "List entries from the MoltNet diary. When `entryIds` is provided, batch-fetches those specific entries (max 50) and returns full fields including entryType, contentSignature, and contentHash for signature checks. Otherwise returns recent entries with a content preview.",
-			parameters: Type.Object({
-				limit: Type.Optional(Type.Number({ description: "Max entries to return (default 10)" })),
-				tag: Type.Optional(Type.String({ description: "Filter by tag (optional)" })),
-				entryIds: Type.Optional(Type.Array(Type.String(), {
-					description: "Batch-fetch specific entries by UUID (max 50). Overrides `limit` and `tag` for selection.",
-					maxItems: 50
-				}))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const query = {
-					orderBy: "createdAt",
-					order: "desc"
-				};
-				const batchMode = !!params.entryIds?.length;
-				if (batchMode) query.ids = params.entryIds;
-				else {
-					query.limit = params.limit ?? 10;
-					if (params.tag) query.tag = params.tag;
-				}
-				const entries = await agent.entries.list(diaryId, query);
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(entries.items?.map((e) => batchMode ? {
-							id: e.id,
-							title: e.title,
-							entryType: e.entryType,
-							tags: e.tags,
-							importance: e.importance,
-							contentHash: e.contentHash,
-							contentSignature: e.contentSignature,
-							signingNonce: e.signingNonce,
-							createdAt: e.createdAt
-						} : {
-							id: e.id,
-							title: e.title,
-							tags: e.tags,
-							importance: e.importance,
-							createdAt: e.createdAt,
-							contentPreview: typeof e.content === "string" ? e.content.slice(0, 200) : void 0
-						}), null, 2)
-					}],
-					details: {}
-				};
-			}
-		}),
-		defineTool({
-			name: "moltnet_get_entry",
-			label: "Get MoltNet Diary Entry",
-			description: "Get the full content of a specific diary entry by ID.",
-			parameters: Type.Object({ entryId: Type.String({ description: "The entry ID to fetch" }) }),
-			async execute(_id, params) {
-				const { agent } = ensureConnected(config);
-				const entry = await agent.entries.get(params.entryId);
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							id: entry.id,
-							title: entry.title,
-							content: entry.content,
-							tags: entry.tags,
-							importance: entry.importance,
-							createdAt: entry.createdAt
-						}, null, 2)
-					}],
-					details: {}
-				};
-			}
-		}),
-		defineTool({
-			name: "moltnet_search_entries",
-			label: "Search MoltNet Diary Entries",
-			description: "Search diary entries by semantic query. Uses vector similarity to find relevant entries.",
-			parameters: Type.Object({
-				query: Type.String({ description: "Natural language search query" }),
-				limit: Type.Optional(Type.Number({ description: "Max results (default 5)" }))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const results = await agent.entries.search({
-					diaryId,
-					query: params.query,
-					limit: params.limit ?? 5
-				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(results.results?.map((e) => ({
-							id: e.id,
-							title: e.title,
-							tags: e.tags,
-							importance: e.importance,
-							contentPreview: typeof e.content === "string" ? e.content.slice(0, 200) : void 0
-						})), null, 2)
-					}],
-					details: {}
-				};
-			}
-		}),
-		defineTool({
-			name: "moltnet_create_entry",
-			label: "Create MoltNet Diary Entry",
-			description: "Create a new diary entry to record decisions, findings, incidents, or reflections.",
-			parameters: Type.Object({
-				title: Type.String({ description: "Entry title (concise, descriptive)" }),
-				content: Type.String({ description: "Entry content (markdown)" }),
-				tags: Type.Optional(Type.Array(Type.String(), { description: "Tags for categorization" })),
-				importance: Type.Optional(Type.Number({ description: "Importance 1-10 (default 5)" }))
-			}),
-			async execute(_id, params) {
-				const { agent, diaryId } = ensureConnected(config);
-				const entry = await agent.entries.create(diaryId, {
-					title: params.title,
-					content: params.content,
-					tags: params.tags ?? [],
-					importance: params.importance ?? 5
-				});
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify({
-							id: entry.id,
-							title: entry.title,
-							createdAt: entry.createdAt
-						}, null, 2)
-					}],
-					details: {}
-				};
-			}
-		}),
-		defineTool({
-			name: "moltnet_review_session_errors",
-			label: "Review Session Tool Errors",
-			description: "Review tool failures buffered during this session (isError=true results). Use this to decide whether any failures are worth persisting as a diary entry via moltnet_create_entry. Most failures are transient (denied prompts, empty greps, mid-iteration typecheck errors) and should NOT be written to the diary — only persist incidents that represent a real finding (root cause identified, non-obvious workaround, recurring pattern). Pass clear=true to drop the buffer after reviewing.",
-			parameters: Type.Object({ clear: Type.Optional(Type.Boolean({ description: "If true, empty the buffer after returning it. Use once you have decided whether to persist." })) }),
-			async execute(_id, params) {
-				const errors = config.getSessionErrors();
-				const payload = {
-					count: errors.length,
-					errors: errors.map((e) => ({
-						toolName: e.toolName,
-						toolCallId: e.toolCallId,
-						timestamp: new Date(e.timestamp).toISOString(),
-						input: e.input,
-						error: e.error
-					}))
-				};
-				if (params.clear) config.clearSessionErrors();
-				return {
-					content: [{
-						type: "text",
-						text: JSON.stringify(payload, null, 2)
-					}],
-					details: {}
-				};
-			}
 		})
 	];
 }
@@ -7987,10 +8258,6 @@ function createGondolinBashOps(vm, localCwd) {
 }
 //#endregion
 //#region src/vm-manager.ts
-/**
-* VM lifecycle manager: resume checkpoint, inject credentials, configure
-* egress, fix TLS, and provide clean shutdown.
-*/
 var GUEST_WORKSPACE$1 = "/workspace";
 /**
 * Resolve the main worktree root (where .moltnet/ lives — it's untracked,
@@ -8021,6 +8288,15 @@ function loadCredentials(agentDir) {
 	const sshPrivateKey = existsSync(path.join(sshDir, "id_ed25519")) ? readFileSync(path.join(sshDir, "id_ed25519"), "utf8") : null;
 	const sshPublicKey = existsSync(path.join(sshDir, "id_ed25519.pub")) ? readFileSync(path.join(sshDir, "id_ed25519.pub"), "utf8") : null;
 	const allowedSigners = existsSync(path.join(sshDir, "allowed_signers")) ? readFileSync(path.join(sshDir, "allowed_signers"), "utf8") : null;
+	let githubAppPem = null;
+	let githubAppPemFilename = null;
+	const pemPath = JSON.parse(moltnetJson).github?.private_key_path;
+	if (pemPath) if (!existsSync(pemPath)) process.stderr.write(`[pi-extension] Warning: github.private_key_path not found at ${pemPath} — moltnet github token will fail inside the guest
+`);
+	else {
+		githubAppPem = readFileSync(pemPath, "utf8");
+		githubAppPemFilename = path.basename(pemPath);
+	}
 	return {
 		moltnetJson,
 		agentEnvRaw,
@@ -8029,7 +8305,9 @@ function loadCredentials(agentDir) {
 		gitconfig,
 		sshPrivateKey,
 		sshPublicKey,
-		allowedSigners
+		allowedSigners,
+		githubAppPem,
+		githubAppPemFilename
 	};
 }
 /**
@@ -8076,81 +8354,250 @@ async function resumeVm(config) {
 		apiHost,
 		...config.extraAllowedHosts ?? []
 	] });
+	const vmAgentDir = `/home/agent/.moltnet/${config.agentName}`;
 	const vmAgentEnv = {};
 	for (const [k, v] of Object.entries(creds.agentEnv)) {
 		if (v === void 0 || v === "") continue;
-		if (k === "GIT_CONFIG_GLOBAL") vmAgentEnv[k] = `/home/agent/.moltnet/${config.agentName}/gitconfig`;
-		else if (k.endsWith("_PRIVATE_KEY_PATH")) vmAgentEnv[k] = `/home/agent/.moltnet/${config.agentName}/${path.basename(v)}`;
+		if (k === "GIT_CONFIG_GLOBAL") vmAgentEnv[k] = `${vmAgentDir}/gitconfig`;
+		else if (k.endsWith("_PRIVATE_KEY_PATH")) vmAgentEnv[k] = `${vmAgentDir}/${path.basename(v)}`;
 		else vmAgentEnv[k] = v;
 	}
-	const vfsConfig = config.sandboxConfig?.vfs;
-	let workspaceProvider = new RealFSProvider(config.mountPath);
-	if (vfsConfig?.shadow?.length) {
-		const predicate = createShadowPathPredicate(vfsConfig.shadow);
-		workspaceProvider = new ShadowProvider(workspaceProvider, {
-			shouldShadow: predicate,
-			writeMode: vfsConfig.shadowMode ?? "tmpfs"
-		});
+	vmAgentEnv.MOLTNET_CREDENTIALS_PATH = `${vmAgentDir}/moltnet.json`;
+	const vfsConfig = config.sandboxConfig?.vfs;
+	let workspaceProvider = new RealFSProvider(config.mountPath);
+	if (vfsConfig?.shadow?.length) {
+		const predicate = createShadowPathPredicate(vfsConfig.shadow);
+		workspaceProvider = new ShadowProvider(workspaceProvider, {
+			shouldShadow: predicate,
+			writeMode: vfsConfig.shadowMode ?? "tmpfs"
+		});
+	}
+	const envOverrides = config.sandboxConfig?.env ?? {};
+	const vmEnv = {
+		...secretEnv,
+		...vmAgentEnv,
+		PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/go/bin",
+		HOME: "/home/agent",
+		NODE_NO_WARNINGS: "1",
+		NODE_EXTRA_CA_CERTS: "/etc/ssl/certs/ca-certificates.crt",
+		...envOverrides
+	};
+	const resources = config.sandboxConfig?.resources;
+	const vm = await VmCheckpoint.load(config.checkpointPath).resume({
+		httpHooks,
+		env: vmEnv,
+		...resources?.memory && { memory: resources.memory },
+		...resources?.cpus && { cpus: resources.cpus },
+		vfs: { mounts: { [GUEST_WORKSPACE$1]: workspaceProvider } }
+	});
+	await vm.exec(`sh -c '
+    cp /etc/gondolin/mitm/ca.crt /usr/local/share/ca-certificates/gondolin-mitm.crt
+    update-ca-certificates 2>/dev/null
+    cat /etc/gondolin/mitm/ca.crt >> /etc/ssl/certs/ca-certificates.crt
+  '`);
+	await vm.exec(`sh -c 'echo "nameserver 8.8.8.8
+nameserver 1.1.1.1" > /etc/resolv.conf'`);
+	const vmSshDir = `${vmAgentDir}/ssh`;
+	await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`);
+	await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, { mode: 384 });
+	const vmMoltnetJson = rewriteMoltnetJsonPaths(creds.moltnetJson, vmAgentDir, vmSshDir, creds.githubAppPemFilename);
+	await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, vmMoltnetJson, { mode: 384 });
+	await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, { mode: 384 });
+	if (creds.gitconfig) {
+		const vmSigningKey = `${vmSshDir}/id_ed25519`;
+		let vmGitconfig = creds.gitconfig.replace(/signingKey\s*=\s*.+/g, `signingKey = ${vmSigningKey}`);
+		vmGitconfig = ensureRelativeWorktreePaths(vmGitconfig);
+		await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, { mode: 420 });
+	}
+	if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, { mode: 384 });
+	if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, { mode: 420 });
+	if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, { mode: 420 });
+	if (creds.githubAppPem && creds.githubAppPemFilename) await vm.fs.writeFile(`${vmAgentDir}/${creds.githubAppPemFilename}`, creds.githubAppPem, { mode: 384 });
+	await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet");
+	return {
+		vm,
+		credentials: creds,
+		mountPath: config.mountPath,
+		guestWorkspace: GUEST_WORKSPACE$1,
+		agentDir
+	};
+}
+/**
+* Rewrite host-absolute paths inside moltnet.json to VM-local equivalents.
+*
+* Fields rewritten:
+*   ssh.private_key_path  → <vmSshDir>/<basename of original>
+*   ssh.public_key_path   → <vmSshDir>/<basename of original>
+*   git.config_path       → <vmAgentDir>/gitconfig
+*   github.private_key_path → <vmAgentDir>/<pemFilename>  (if present)
+*
+* All other fields are passed through unchanged.
+* Throws if moltnetJson is not valid JSON — callers must not inject a broken
+* moltnet.json into the guest.
+*/
+function rewriteMoltnetJsonPaths(moltnetJson, vmAgentDir, vmSshDir, githubAppPemFilename) {
+	const config = JSON.parse(moltnetJson);
+	if (config.ssh && typeof config.ssh === "object") {
+		const ssh = config.ssh;
+		const origPrivate = typeof ssh.private_key_path === "string" ? ssh.private_key_path : null;
+		const origPublic = typeof ssh.public_key_path === "string" ? ssh.public_key_path : null;
+		config.ssh = {
+			...ssh,
+			...origPrivate !== null && { private_key_path: `${vmSshDir}/${path.basename(origPrivate)}` },
+			...origPublic !== null && { public_key_path: `${vmSshDir}/${path.basename(origPublic)}` }
+		};
+	}
+	if (config.git && typeof config.git === "object") {
+		const git = { ...config.git };
+		git.config_path = `${vmAgentDir}/gitconfig`;
+		config.git = git;
+	}
+	if (githubAppPemFilename && config.github && typeof config.github === "object") {
+		const github = { ...config.github };
+		github.private_key_path = `${vmAgentDir}/${githubAppPemFilename}`;
+		config.github = github;
+	}
+	return JSON.stringify(config);
+}
+/**
+* Ensure `[worktree] useRelativePaths = true` is set in the given
+* gitconfig text. If the section exists, rewrite the key; otherwise
+* append a new section.
+*/
+function ensureRelativeWorktreePaths(gitconfig) {
+	const sectionRe = /^\[worktree\]\s*$/m;
+	if (/^(\[worktree\][\s\S]*?^)\s*useRelativePaths\s*=\s*\S+\s*$/m.test(gitconfig)) return gitconfig.replace(/^(\s*useRelativePaths\s*=\s*)\S+\s*$/m, "$1true");
+	if (sectionRe.test(gitconfig)) return gitconfig.replace(sectionRe, "[worktree]\n	useRelativePaths = true");
+	return `${gitconfig}${gitconfig.endsWith("\n") ? "" : "\n"}[worktree]\n\tuseRelativePaths = true\n`;
+}
+//#endregion
+//#region src/moltnet/judge-recipe-cid.ts
+var require = createRequire(import.meta.url);
+var SELF_PACKAGE_NAME = "@themoltnet/pi-extension";
+var PI_PACKAGE_NAME = "@mariozechner/pi-coding-agent";
+var SDK_PACKAGE_NAME = "@themoltnet/sdk";
+var CID_VERSION = 1;
+var RAW_CODEC = 85;
+var SHA2_256_CODE = 18;
+var BASE32_ALPHABET = "abcdefghijklmnopqrstuvwxyz234567";
+function findSelfPackageDir() {
+	const start = path.dirname(fileURLToPath(import.meta.url));
+	let dir = start;
+	while (true) {
+		const candidate = path.join(dir, "package.json");
+		if (existsSync(candidate)) {
+			if (JSON.parse(readFileSync(candidate, "utf8")).name === SELF_PACKAGE_NAME) return dir;
+		}
+		const parent = path.dirname(dir);
+		if (parent === dir) return start;
+		dir = parent;
+	}
+}
+var PACKAGE_DIR = findSelfPackageDir();
+function sha256Hex(value) {
+	return createHash("sha256").update(value, "utf8").digest("hex");
+}
+function encodeVarint(value) {
+	const bytes = [];
+	let current = value >>> 0;
+	while (current >= 128) {
+		bytes.push(current & 127 | 128);
+		current >>>= 7;
+	}
+	bytes.push(current);
+	return bytes;
+}
+function base32Lower(bytes) {
+	let bits = 0;
+	let value = 0;
+	let output = "";
+	for (const byte of bytes) {
+		value = value << 8 | byte;
+		bits += 8;
+		while (bits >= 5) {
+			output += BASE32_ALPHABET[value >>> bits - 5 & 31];
+			bits -= 5;
+		}
+	}
+	if (bits > 0) output += BASE32_ALPHABET[value << 5 - bits & 31];
+	return `b${output}`;
+}
+function stableStringify(value) {
+	if (value === null || typeof value !== "object") return JSON.stringify(value);
+	if (Array.isArray(value)) return `[${value.map((item) => stableStringify(item)).join(",")}]`;
+	return `{${Object.entries(value).sort(([left], [right]) => left.localeCompare(right)).map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
+}
+function readPackageVersion(pkgPath, expectedName) {
+	if (!existsSync(pkgPath)) return null;
+	const parsed = JSON.parse(readFileSync(pkgPath, "utf8"));
+	if (expectedName && parsed.name !== expectedName) return null;
+	return typeof parsed.version === "string" ? parsed.version : null;
+}
+function resolveInstalledPackageVersion(packageName) {
+	const candidates = [];
+	try {
+		candidates.push(path.dirname(require.resolve(packageName)));
+	} catch {}
+	let dir = PACKAGE_DIR;
+	while (true) {
+		candidates.push(path.join(dir, "node_modules", packageName));
+		const parent = path.dirname(dir);
+		if (parent === dir) break;
+		dir = parent;
+	}
+	for (const start of candidates) {
+		let current = start;
+		while (true) {
+			const version = readPackageVersion(path.join(current, "package.json"), packageName);
+			if (version) return version;
+			const parent = path.dirname(current);
+			if (parent === current) break;
+			current = parent;
+		}
 	}
-	const envOverrides = config.sandboxConfig?.env ?? {};
-	const vmEnv = {
-		...secretEnv,
-		...vmAgentEnv,
-		PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/go/bin",
-		HOME: "/home/agent",
-		NODE_NO_WARNINGS: "1",
-		NODE_EXTRA_CA_CERTS: "/etc/ssl/certs/ca-certificates.crt",
-		...envOverrides
+	return null;
+}
+function resolvePiJudgeRecipeVersions() {
+	return {
+		pi: resolveInstalledPackageVersion(PI_PACKAGE_NAME),
+		piExtension: readPackageVersion(path.join(PACKAGE_DIR, "package.json"), SELF_PACKAGE_NAME),
+		sdk: resolveInstalledPackageVersion(SDK_PACKAGE_NAME)
 	};
-	const resources = config.sandboxConfig?.resources;
-	const vm = await VmCheckpoint.load(config.checkpointPath).resume({
-		httpHooks,
-		env: vmEnv,
-		...resources?.memory && { memory: resources.memory },
-		...resources?.cpus && { cpus: resources.cpus },
-		vfs: { mounts: { [GUEST_WORKSPACE$1]: workspaceProvider } }
-	});
-	await vm.exec(`sh -c '
-    cp /etc/gondolin/mitm/ca.crt /usr/local/share/ca-certificates/gondolin-mitm.crt
-    update-ca-certificates 2>/dev/null
-    cat /etc/gondolin/mitm/ca.crt >> /etc/ssl/certs/ca-certificates.crt
-  '`);
-	await vm.exec(`sh -c 'echo "nameserver 8.8.8.8
-nameserver 1.1.1.1" > /etc/resolv.conf'`);
-	const vmAgentDir = `/home/agent/.moltnet/${config.agentName}`;
-	const vmSshDir = `${vmAgentDir}/ssh`;
-	await vm.exec(`mkdir -p ${vmAgentDir}/ssh /home/agent/.pi/agent`);
-	await vm.fs.writeFile("/home/agent/.pi/agent/auth.json", creds.piAuthJson, { mode: 384 });
-	await vm.fs.writeFile(`${vmAgentDir}/moltnet.json`, creds.moltnetJson, { mode: 384 });
-	await vm.fs.writeFile(`${vmAgentDir}/env`, creds.agentEnvRaw, { mode: 384 });
-	if (creds.gitconfig) {
-		const vmSigningKey = `${vmSshDir}/id_ed25519`;
-		let vmGitconfig = creds.gitconfig.replace(/signingKey\s*=\s*.+/g, `signingKey = ${vmSigningKey}`);
-		vmGitconfig = ensureRelativeWorktreePaths(vmGitconfig);
-		await vm.fs.writeFile(`${vmAgentDir}/gitconfig`, vmGitconfig, { mode: 420 });
-	}
-	if (creds.sshPrivateKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519`, creds.sshPrivateKey, { mode: 384 });
-	if (creds.sshPublicKey) await vm.fs.writeFile(`${vmSshDir}/id_ed25519.pub`, creds.sshPublicKey, { mode: 420 });
-	if (creds.allowedSigners) await vm.fs.writeFile(`${vmSshDir}/allowed_signers`, creds.allowedSigners, { mode: 420 });
-	await vm.exec("chown -R agent:agent /home/agent/.pi /home/agent/.moltnet");
+}
+function buildPiJudgeRecipeManifest(inputs) {
 	return {
-		vm,
-		credentials: creds,
-		mountPath: config.mountPath,
-		guestWorkspace: GUEST_WORKSPACE$1,
-		agentDir
+		kind: "pi-judge-recipe/v1",
+		versions: {
+			...resolvePiJudgeRecipeVersions(),
+			...inputs.overrides
+		},
+		assets: {
+			promptAsset: inputs.promptAsset ?? null,
+			rubricAsset: inputs.rubricAsset ?? null,
+			skillSourcePath: inputs.skillSourcePath ?? null
+		},
+		hashes: {
+			judgePromptSha256: sha256Hex(inputs.judgePrompt),
+			rubricSha256: sha256Hex(inputs.rubric),
+			skillFragmentSha256: inputs.skillFragment ? sha256Hex(inputs.skillFragment) : null,
+			implementationSha256: inputs.implementationSource ? sha256Hex(inputs.implementationSource) : null
+		}
 	};
 }
-/**
-* Ensure `[worktree] useRelativePaths = true` is set in the given
-* gitconfig text. If the section exists, rewrite the key; otherwise
-* append a new section.
-*/
-function ensureRelativeWorktreePaths(gitconfig) {
-	const sectionRe = /^\[worktree\]\s*$/m;
-	if (/^(\[worktree\][\s\S]*?^)\s*useRelativePaths\s*=\s*\S+\s*$/m.test(gitconfig)) return gitconfig.replace(/^(\s*useRelativePaths\s*=\s*)\S+\s*$/m, "$1true");
-	if (sectionRe.test(gitconfig)) return gitconfig.replace(sectionRe, "[worktree]\n	useRelativePaths = true");
-	return `${gitconfig}${gitconfig.endsWith("\n") ? "" : "\n"}[worktree]\n\tuseRelativePaths = true\n`;
+function computePiJudgeRecipeCid(inputs) {
+	const manifest = buildPiJudgeRecipeManifest(inputs);
+	const manifestBytes = Buffer.from(stableStringify(manifest), "utf8");
+	const digestBytes = createHash("sha256").update(manifestBytes).digest();
+	return {
+		cid: base32Lower(Uint8Array.from([
+			...encodeVarint(CID_VERSION),
+			...encodeVarint(RAW_CODEC),
+			...encodeVarint(SHA2_256_CODE),
+			...encodeVarint(digestBytes.length),
+			...digestBytes
+		])),
+		manifest
+	};
 }
 //#endregion
 //#region ../tasks/src/formats.ts
@@ -8179,9 +8626,9 @@ if (!FormatRegistry.Has("date-time")) FormatRegistry.Set("date-time", (v) => !Nu
 * own signed rows and CIDv1 lookup. The schema below is designed to
 * carry forward unchanged — only storage and addressing differ.
 *
-* Until Phase 2 lands, `rubric_id` + `version` + `content_hash` are
+* Until Phase 2 lands, `rubricId` + `version` + `contentHash` are
 * informational fields the author fills in; no uniqueness is enforced.
-* `content_hash` is optional in Phase 1 because the *task*'s input_cid
+* `contentHash` is optional in Phase 1 because the *task*'s input_cid
 * is the authoritative commitment.
 */
 /**
@@ -8217,12 +8664,12 @@ var RubricCriterion = Type$1.Object({
 * (stored row `body`); only the addressing mechanism differs.
 */
 var Rubric = Type$1.Object({
-	rubric_id: Type$1.String({ minLength: 1 }),
+	rubricId: Type$1.String({ minLength: 1 }),
 	version: Type$1.String({ minLength: 1 }),
 	preamble: Type$1.Optional(Type$1.String()),
 	criteria: Type$1.Array(RubricCriterion, { minItems: 1 }),
 	scope: Type$1.Optional(Type$1.String()),
-	content_hash: Type$1.Optional(Type$1.String())
+	contentHash: Type$1.Optional(Type$1.String())
 }, {
 	$id: "Rubric",
 	additionalProperties: false
@@ -8278,25 +8725,25 @@ var AssessBriefCriterion = Type$1.Object({
 	additionalProperties: false
 });
 var AssessBriefInput = Type$1.Object({
-	target_task_id: Type$1.String({ format: "uuid" }),
+	targetTaskId: Type$1.String({ format: "uuid" }),
 	criteria: Type$1.Array(AssessBriefCriterion, { minItems: 1 }),
-	rubric_preamble: Type$1.Optional(Type$1.String())
+	rubricPreamble: Type$1.Optional(Type$1.String())
 }, {
 	$id: "AssessBriefInput",
 	additionalProperties: false
 });
 /** One score line. */
 var AssessBriefScore = Type$1.Object({
-	criterion_id: Type$1.String({ minLength: 1 }),
+	criterionId: Type$1.String({ minLength: 1 }),
 	score: Type$1.Number({
 		minimum: 0,
 		maximum: 1
 	}),
 	rationale: Type$1.Optional(Type$1.String()),
 	evidence: Type$1.Optional(Type$1.Object({
-		commits_verified: Type$1.Number(),
-		commits_total: Type$1.Number(),
-		signature_failures: Type$1.Array(Type$1.String())
+		commitsVerified: Type$1.Number(),
+		commitsTotal: Type$1.Number(),
+		signatureFailures: Type$1.Array(Type$1.String())
 	}, { additionalProperties: false }))
 }, {
 	$id: "AssessBriefScore",
@@ -8309,7 +8756,7 @@ var AssessBriefOutput = Type$1.Object({
 		maximum: 1
 	}),
 	verdict: Type$1.String({ minLength: 1 }),
-	judge_model: Type$1.Optional(Type$1.String())
+	judgeModel: Type$1.Optional(Type$1.String())
 }, {
 	$id: "AssessBriefOutput",
 	additionalProperties: false
@@ -8340,15 +8787,15 @@ var EntryTypeFilter = Type$1.Union([
 	Type$1.Literal("reflection")
 ]);
 var CuratePackInput = Type$1.Object({
-	diary_id: Type$1.String({ format: "uuid" }),
-	task_prompt: Type$1.String({ minLength: 1 }),
-	entry_types: Type$1.Optional(Type$1.Array(EntryTypeFilter, { minItems: 1 })),
-	tag_filters: Type$1.Optional(Type$1.Object({
+	diaryId: Type$1.String({ format: "uuid" }),
+	taskPrompt: Type$1.String({ minLength: 1 }),
+	entryTypes: Type$1.Optional(Type$1.Array(EntryTypeFilter, { minItems: 1 })),
+	tagFilters: Type$1.Optional(Type$1.Object({
 		include: Type$1.Optional(Type$1.Array(Type$1.String())),
 		exclude: Type$1.Optional(Type$1.Array(Type$1.String())),
 		prefix: Type$1.Optional(Type$1.String())
 	}, { additionalProperties: false })),
-	token_budget: Type$1.Optional(Type$1.Number({ minimum: 500 })),
+	tokenBudget: Type$1.Optional(Type$1.Number({ minimum: 500 })),
 	recipe: Type$1.Optional(Type$1.Union([Type$1.Literal("topic-focused-v1"), Type$1.Literal("scope-inventory-v1")]))
 }, {
 	$id: "CuratePackInput",
@@ -8360,18 +8807,18 @@ var CuratePackInput = Type$1.Object({
 * is the receipt.
 */
 var CuratePackOutput = Type$1.Object({
-	pack_id: Type$1.String({ format: "uuid" }),
-	pack_cid: Type$1.String({ minLength: 1 }),
+	packId: Type$1.String({ format: "uuid" }),
+	packCid: Type$1.String({ minLength: 1 }),
 	entries: Type$1.Array(Type$1.Object({
-		entry_id: Type$1.String({ format: "uuid" }),
+		entryId: Type$1.String({ format: "uuid" }),
 		rank: Type$1.Number({ minimum: 1 }),
 		rationale: Type$1.String({ minLength: 1 })
 	}, { additionalProperties: false }), { minItems: 1 }),
-	recipe_params: Type$1.Record(Type$1.String(), Type$1.Unknown()),
+	recipeParams: Type$1.Record(Type$1.String(), Type$1.Unknown()),
 	checkpoints: Type$1.Optional(Type$1.Array(Type$1.Object({
 		phase: Type$1.String({ minLength: 1 }),
-		candidate_ids: Type$1.Array(Type$1.String({ format: "uuid" })),
-		dropped_ids: Type$1.Optional(Type$1.Array(Type$1.String({ format: "uuid" }))),
+		candidateIds: Type$1.Array(Type$1.String({ format: "uuid" })),
+		droppedIds: Type$1.Optional(Type$1.Array(Type$1.String({ format: "uuid" }))),
 		notes: Type$1.String({ minLength: 1 })
 	}, { additionalProperties: false }))),
 	summary: Type$1.String({ minLength: 1 })
@@ -8392,9 +8839,9 @@ var FULFILL_BRIEF_TYPE = "fulfill_brief";
 var FulfillBriefInput = Type$1.Object({
 	brief: Type$1.String({ minLength: 1 }),
 	title: Type$1.Optional(Type$1.String()),
-	acceptance_criteria: Type$1.Optional(Type$1.Array(Type$1.String())),
-	seed_files: Type$1.Optional(Type$1.Array(Type$1.String())),
-	scope_hint: Type$1.Optional(Type$1.String())
+	acceptanceCriteria: Type$1.Optional(Type$1.Array(Type$1.String())),
+	seedFiles: Type$1.Optional(Type$1.Array(Type$1.String())),
+	scopeHint: Type$1.Optional(Type$1.String())
 }, {
 	$id: "FulfillBriefInput",
 	additionalProperties: false
@@ -8408,10 +8855,10 @@ var FulfillBriefOutput = Type$1.Object({
 	commits: Type$1.Array(Type$1.Object({
 		sha: Type$1.String({ minLength: 7 }),
 		message: Type$1.String(),
-		diary_entry_id: Type$1.Union([Type$1.String({ format: "uuid" }), Type$1.Null()])
+		diaryEntryId: Type$1.Union([Type$1.String({ format: "uuid" }), Type$1.Null()])
 	}, { additionalProperties: false })),
-	pull_request_url: Type$1.Union([Type$1.String(), Type$1.Null()]),
-	diary_entry_ids: Type$1.Array(Type$1.String({ format: "uuid" })),
+	pullRequestUrl: Type$1.Union([Type$1.String(), Type$1.Null()]),
+	diaryEntryIds: Type$1.Array(Type$1.String({ format: "uuid" })),
 	summary: Type$1.String({ minLength: 1 })
 }, {
 	$id: "FulfillBriefOutput",
@@ -8442,8 +8889,8 @@ var FulfillBriefOutput = Type$1.Object({
 */
 var JUDGE_PACK_TYPE = "judge_pack";
 var JudgePackInput = Type$1.Object({
-	rendered_pack_id: Type$1.String({ format: "uuid" }),
-	source_pack_id: Type$1.String({ format: "uuid" }),
+	renderedPackId: Type$1.String({ format: "uuid" }),
+	sourcePackId: Type$1.String({ format: "uuid" }),
 	rubric: Rubric
 }, {
 	$id: "JudgePackInput",
@@ -8451,7 +8898,7 @@ var JudgePackInput = Type$1.Object({
 });
 /** One scored criterion. Mirrors `AssessBriefScore`. */
 var JudgePackScore = Type$1.Object({
-	criterion_id: Type$1.String({ minLength: 1 }),
+	criterionId: Type$1.String({ minLength: 1 }),
 	score: Type$1.Number({
 		minimum: 0,
 		maximum: 1
@@ -8469,8 +8916,8 @@ var JudgePackOutput = Type$1.Object({
 		maximum: 1
 	}),
 	verdict: Type$1.String({ minLength: 1 }),
-	judge_model: Type$1.Optional(Type$1.String()),
-	renderer_binary_cid: Type$1.Optional(Type$1.Union([Type$1.String(), Type$1.Null()]))
+	judgeModel: Type$1.Optional(Type$1.String()),
+	rendererBinaryCid: Type$1.Optional(Type$1.Union([Type$1.String(), Type$1.Null()]))
 }, {
 	$id: "JudgePackOutput",
 	additionalProperties: false
@@ -8494,7 +8941,7 @@ var JudgePackOutput = Type$1.Object({
 */
 var RENDER_PACK_TYPE = "render_pack";
 var RenderPackInput = Type$1.Object({
-	pack_id: Type$1.String({ format: "uuid" }),
+	packId: Type$1.String({ format: "uuid" }),
 	persist: Type$1.Optional(Type$1.Boolean()),
 	pinned: Type$1.Optional(Type$1.Boolean())
 }, {
@@ -8502,11 +8949,11 @@ var RenderPackInput = Type$1.Object({
 	additionalProperties: false
 });
 var RenderPackOutput = Type$1.Object({
-	rendered_pack_id: Type$1.Union([Type$1.String({ format: "uuid" }), Type$1.Null()]),
-	rendered_cid: Type$1.String({ minLength: 1 }),
-	render_method: Type$1.String({ minLength: 1 }),
-	byte_size: Type$1.Number({ minimum: 0 }),
-	entries_rendered: Type$1.Number({ minimum: 0 }),
+	renderedPackId: Type$1.Union([Type$1.String({ format: "uuid" }), Type$1.Null()]),
+	renderedCid: Type$1.String({ minLength: 1 }),
+	renderMethod: Type$1.String({ minLength: 1 }),
+	byteSize: Type$1.Number({ minimum: 0 }),
+	entriesRendered: Type$1.Number({ minimum: 0 }),
 	summary: Type$1.String({ minLength: 1 })
 }, {
 	$id: "RenderPackOutput",
@@ -8578,6 +9025,30 @@ new Proxy({}, { get(_, prop) {
 	return getTaskTypeRegistry().get(prop);
 } });
 //#endregion
+//#region ../tasks/src/validation.ts
+function getTaskTypeEntry(taskType) {
+	const taskTypes = BUILT_IN_TASK_TYPES;
+	if (!Object.prototype.hasOwnProperty.call(taskTypes, taskType)) return;
+	return taskTypes[taskType];
+}
+function formatField(prefix, path) {
+	return path ? `${prefix}${path}` : prefix;
+}
+function schemaErrors(prefix, schema, value) {
+	return [...Value.Errors(schema, value)].map((error) => ({
+		field: formatField(prefix, error.path),
+		message: error.message
+	}));
+}
+function validateTaskOutput(taskType, output) {
+	const entry = getTaskTypeEntry(taskType);
+	if (!entry) return [{
+		field: "taskType",
+		message: `Unknown task type: ${taskType}`
+	}];
+	return schemaErrors("output", entry.outputSchema, output);
+}
+//#endregion
 //#region ../tasks/src/wire.ts
 /**
 * Wire-format types for the MoltNet Task model.
@@ -8589,7 +9060,7 @@ new Proxy({}, { get(_, prop) {
 *   - `TaskReporter` output records (PR 0)
 *
 * Invariant: every property on `Task` is type-neutral (applies to all
-* `task_type`s). Type-specific payloads live inside `input` / `output`
+* `taskType`s). Type-specific payloads live inside `input` / `output`
 * JSONB, validated against schemas registered under `task_types`.
 *
 * Identity rule:
@@ -8632,8 +9103,8 @@ var IsoTimestamp = Type$1.String({ format: "date-time" });
 * Embedded in `tasks.references` JSONB array.
 */
 var TaskRef = Type$1.Object({
-	task_id: Type$1.Union([Uuid, Type$1.Null()]),
-	output_cid: Cid,
+	taskId: Type$1.Union([Uuid, Type$1.Null()]),
+	outputCid: Cid,
 	role: Type$1.Union([
 		Type$1.Literal("judged_work"),
 		Type$1.Literal("reviewed_diff"),
@@ -8662,11 +9133,11 @@ var TaskRef = Type$1.Object({
 * `TaskOutput.usage` for convenience.
 */
 var TaskUsage = Type$1.Object({
-	input_tokens: Type$1.Integer({ minimum: 0 }),
-	output_tokens: Type$1.Integer({ minimum: 0 }),
-	cache_read_tokens: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
-	cache_write_tokens: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
-	tool_calls: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
+	inputTokens: Type$1.Integer({ minimum: 0 }),
+	outputTokens: Type$1.Integer({ minimum: 0 }),
+	cacheReadTokens: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
+	cacheWriteTokens: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
+	toolCalls: Type$1.Optional(Type$1.Integer({ minimum: 0 })),
 	model: Type$1.Optional(Type$1.String()),
 	provider: Type$1.Optional(Type$1.String())
 }, {
@@ -8686,62 +9157,65 @@ var TaskError = Type$1.Object({
 	additionalProperties: false
 });
 Type$1.Object({
-	agent_id: Type$1.Union([Uuid, Type$1.Null()]),
-	human_id: Type$1.Union([Uuid, Type$1.Null()])
+	agentId: Type$1.Union([Uuid, Type$1.Null()]),
+	humanId: Type$1.Union([Uuid, Type$1.Null()])
 }, {
 	$id: "ActorPair",
 	additionalProperties: false
 });
 Type$1.Object({
 	id: Uuid,
-	task_type: Type$1.String({ minLength: 1 }),
-	team_id: Uuid,
-	diary_id: Type$1.Union([Uuid, Type$1.Null()]),
-	output_kind: OutputKind,
+	taskType: Type$1.String({ minLength: 1 }),
+	teamId: Uuid,
+	diaryId: Type$1.Union([Uuid, Type$1.Null()]),
+	outputKind: OutputKind,
 	input: Type$1.Record(Type$1.String(), Type$1.Unknown()),
-	input_schema_cid: Cid,
-	input_cid: Cid,
-	criteria_cid: Type$1.Union([Cid, Type$1.Null()]),
+	inputSchemaCid: Cid,
+	inputCid: Cid,
+	criteriaCid: Type$1.Union([Cid, Type$1.Null()]),
 	references: Type$1.Array(TaskRef),
-	correlation_id: Type$1.Union([Uuid, Type$1.Null()]),
-	imposed_by_agent_id: Type$1.Union([Uuid, Type$1.Null()]),
-	imposed_by_human_id: Type$1.Union([Uuid, Type$1.Null()]),
-	accepted_attempt_n: Type$1.Union([Type$1.Number(), Type$1.Null()]),
+	correlationId: Type$1.Union([Uuid, Type$1.Null()]),
+	imposedByAgentId: Type$1.Union([Uuid, Type$1.Null()]),
+	imposedByHumanId: Type$1.Union([Uuid, Type$1.Null()]),
+	acceptedAttemptN: Type$1.Union([Type$1.Number(), Type$1.Null()]),
 	status: TaskStatus,
-	queued_at: IsoTimestamp,
-	completed_at: Type$1.Union([IsoTimestamp, Type$1.Null()]),
-	expires_at: Type$1.Union([IsoTimestamp, Type$1.Null()]),
-	cancelled_by_agent_id: Type$1.Union([Uuid, Type$1.Null()]),
-	cancelled_by_human_id: Type$1.Union([Uuid, Type$1.Null()]),
-	cancel_reason: Type$1.Union([Type$1.String(), Type$1.Null()]),
-	max_attempts: Type$1.Number({ minimum: 1 })
+	queuedAt: IsoTimestamp,
+	completedAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
+	expiresAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
+	cancelledByAgentId: Type$1.Union([Uuid, Type$1.Null()]),
+	cancelledByHumanId: Type$1.Union([Uuid, Type$1.Null()]),
+	cancelReason: Type$1.Union([Type$1.String(), Type$1.Null()]),
+	maxAttempts: Type$1.Number({ minimum: 1 })
 }, {
 	$id: "Task",
 	additionalProperties: false
 });
 Type$1.Object({
-	task_id: Uuid,
-	attempt_n: Type$1.Number({ minimum: 1 }),
-	claimed_by_agent_id: Uuid,
-	runtime_id: Type$1.Union([Uuid, Type$1.Null()]),
-	claimed_at: IsoTimestamp,
-	started_at: Type$1.Union([IsoTimestamp, Type$1.Null()]),
-	completed_at: Type$1.Union([IsoTimestamp, Type$1.Null()]),
+	taskId: Uuid,
+	attemptN: Type$1.Number({ minimum: 1 }),
+	claimedByAgentId: Uuid,
+	runtimeId: Type$1.Union([Uuid, Type$1.Null()]),
+	claimedAt: IsoTimestamp,
+	startedAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
+	completedAt: Type$1.Union([IsoTimestamp, Type$1.Null()]),
 	status: TaskAttemptStatus,
 	output: Type$1.Union([Type$1.Record(Type$1.String(), Type$1.Unknown()), Type$1.Null()]),
-	output_cid: Type$1.Union([Cid, Type$1.Null()]),
+	outputCid: Type$1.Union([Cid, Type$1.Null()]),
 	error: Type$1.Union([TaskError, Type$1.Null()]),
 	usage: Type$1.Union([TaskUsage, Type$1.Null()]),
-	content_signature: Type$1.Union([Type$1.String(), Type$1.Null()]),
-	signed_at: Type$1.Union([IsoTimestamp, Type$1.Null()])
+	contentSignature: Type$1.Union([Type$1.String(), Type$1.Null()]),
+	signedAt: Type$1.Union([IsoTimestamp, Type$1.Null()])
 }, {
 	$id: "TaskAttempt",
 	additionalProperties: false
 });
 Type$1.Object({
-	task_id: Uuid,
-	attempt_n: Type$1.Number({ minimum: 1 }),
-	seq: Type$1.Number({ minimum: 0 }),
+	taskId: Uuid,
+	attemptN: Type$1.Number({ minimum: 1 }),
+	seq: Type$1.Number({
+		minimum: 0,
+		description: "Monotonically increasing integer assigned by the server. Use as the afterSeq cursor on the list-messages endpoint to poll for new messages without re-fetching earlier ones."
+	}),
 	timestamp: IsoTimestamp,
 	kind: TaskMessageKind,
 	payload: Type$1.Record(Type$1.String(), Type$1.Unknown())
@@ -8750,34 +9224,34 @@ Type$1.Object({
 	additionalProperties: false
 });
 Type$1.Object({
-	task_id: Uuid,
-	attempt_n: Type$1.Number({ minimum: 1 }),
+	taskId: Uuid,
+	attemptN: Type$1.Number({ minimum: 1 }),
 	status: Type$1.Union([
 		Type$1.Literal("completed"),
 		Type$1.Literal("failed"),
 		Type$1.Literal("cancelled")
 	]),
 	output: Type$1.Union([Type$1.Record(Type$1.String(), Type$1.Unknown()), Type$1.Null()]),
-	output_cid: Type$1.Union([Cid, Type$1.Null()]),
+	outputCid: Type$1.Union([Cid, Type$1.Null()]),
 	usage: TaskUsage,
-	duration_ms: Type$1.Number({ minimum: 0 }),
+	durationMs: Type$1.Number({ minimum: 0 }),
 	error: Type$1.Optional(TaskError),
-	content_signature: Type$1.Optional(Type$1.String())
+	contentSignature: Type$1.Optional(Type$1.String())
 }, {
 	$id: "TaskOutput",
 	additionalProperties: false
 });
 Type$1.Object({
-	runtime_id: Uuid,
-	agent_id: Uuid,
+	runtimeId: Uuid,
+	agentId: Uuid,
 	timestamp: IsoTimestamp,
 	status: Type$1.Union([
 		Type$1.Literal("idle"),
 		Type$1.Literal("busy"),
 		Type$1.Literal("draining")
 	]),
-	active_task_ids: Type$1.Array(Uuid),
-	supported_task_types: Type$1.Array(Type$1.String())
+	activeTaskIds: Type$1.Array(Uuid),
+	supportedTaskTypes: Type$1.Array(Type$1.String())
 }, {
 	$id: "RuntimeHeartbeat",
 	additionalProperties: false
@@ -8798,10 +9272,10 @@ function buildAssessBriefPrompt(input, ctx) {
 		...ctx.target.diaryEntryIds.map((id) => `- ${id}`),
 		""
 	].join("\n") : "";
-	const preambleSection = input.rubric_preamble ? [
+	const preambleSection = input.rubricPreamble ? [
 		"### Rubric preamble",
 		"",
-		input.rubric_preamble,
+		input.rubricPreamble,
 		""
 	].join("\n") : "";
 	return [
@@ -8832,12 +9306,12 @@ function buildAssessBriefPrompt(input, ctx) {
 		"",
 		"- `llm_judged`: score 0..1 continuous. `rationale` REQUIRED (2–4 sentences).",
 		"- `boolean`: score exactly 0 or 1. `rationale` optional.",
-		"- `deterministic_signature_check`: run `moltnet entry verify` on every diary entry listed above AND `git verify-commit` on every commit. Score 1 iff ALL signatures are valid; otherwise 0. Populate `evidence.commits_verified`, `evidence.commits_total`, `evidence.signature_failures`.",
+		"- `deterministic_signature_check`: run `moltnet entry verify` on every diary entry listed above AND `git verify-commit` on every commit. Score 1 iff ALL signatures are valid; otherwise 0. Populate `evidence.commitsVerified`, `evidence.commitsTotal`, `evidence.signatureFailures`.",
 		"",
 		"### Final output",
 		"",
 		"Emit a JSON object matching `AssessBriefOutput`:",
-		"  { \"scores\": [{criterion_id, score, rationale?, evidence?}], \"composite\", \"verdict\", \"judge_model\"? }",
+		"  { \"scores\": [{criterionId, score, rationale?, evidence?}], \"composite\", \"verdict\", \"judgeModel\"? }",
 		"`composite` = Σ(weight_i × score_i) recomputed. The runtime will reject a mismatch.",
 		"Write a signed diary entry (tags: \"judgment\", \"assess_brief\") capturing the rationale before emitting the JSON."
 	].filter(Boolean).join("\n");
@@ -8859,7 +9333,7 @@ function buildAssessBriefPrompt(input, ctx) {
 * N isolated `createAgentSession` children (one per tag cluster or
 * entry_type axis the curator picks after recon), each with a narrow
 * tool subset and a turn cap, and returns compressed summaries. Parent
-* curator keeps a warm context and only sees {candidate_ids, notes}
+* curator keeps a warm context and only sees {candidateIds, notes}
 * per probe — mirrors the fan-out pattern pi-mono SDK example #13
 * (session runtime) + #05 (custom tools) makes possible. Until that
 * lands, the `checkpoints[]` output field is the fallback: curator
@@ -8867,7 +9341,7 @@ function buildAssessBriefPrompt(input, ctx) {
 * resume without replaying the tool history.
 */
 function buildCuratePackPrompt(input, ctx) {
-	const { diary_id: diaryId, task_prompt: taskPrompt, entry_types: entryTypes, tag_filters: tagFilters, token_budget: tokenBudget, recipe } = input;
+	const { diaryId, taskPrompt, entryTypes, tagFilters, tokenBudget, recipe } = input;
 	const effectiveEntryTypes = entryTypes ?? [
 		"semantic",
 		"episodic",
@@ -8954,7 +9428,7 @@ function buildCuratePackPrompt(input, ctx) {
 		"",
 		"The tool returns a JSON payload whose top-level fields are `packId` and",
 		"`packCid` (NOT `id`). Copy those exact UUID/CID strings verbatim into",
-		"`pack_id` and `pack_cid` in your final output — do not substitute an",
+		"`packId` and `packCid` in your final output — do not substitute an",
 		"entry id, do not reformat, do not fabricate a UUID.",
 		"",
 		"## Hard constraints",
@@ -8971,14 +9445,14 @@ function buildCuratePackPrompt(input, ctx) {
 		"Write to stdout a JSON object matching `CuratePackOutput`:",
 		"```",
 		"{",
-		"  \"pack_id\": \"<uuid>\",",
-		"  \"pack_cid\": \"<cid>\",",
+		"  \"packId\": \"<uuid>\",",
+		"  \"packCid\": \"<cid>\",",
 		"  \"entries\": [",
-		"    { \"entry_id\": \"<uuid>\", \"rank\": 1, \"rationale\": \"<why>\" }",
+		"    { \"entryId\": \"<uuid>\", \"rank\": 1, \"rationale\": \"<why>\" }",
 		"  ],",
-		"  \"recipe_params\": { \"recipe\": \"...\", \"prompt\": \"...\", ... },",
+		"  \"recipeParams\": { \"recipe\": \"...\", \"prompt\": \"...\", ... },",
 		"  \"checkpoints\": [",
-		"    { \"phase\": \"recon\", \"candidate_ids\": [...], \"dropped_ids\": [...], \"notes\": \"...\" }",
+		"    { \"phase\": \"recon\", \"candidateIds\": [...], \"droppedIds\": [...], \"notes\": \"...\" }",
 		"  ],",
 		"  \"summary\": \"<2-4 sentences: what you looked for, how you narrowed, what defines the final set>\"",
 		"}",
@@ -8996,7 +9470,7 @@ function buildCuratePackPrompt(input, ctx) {
 * is told to inspect them itself.
 */
 function buildFulfillBriefPrompt(input, ctx) {
-	const { brief, title, acceptance_criteria: acceptanceCriteria, seed_files: seedFiles, scope_hint: scopeHint } = input;
+	const { brief, title, acceptanceCriteria, seedFiles, scopeHint } = input;
 	const criteriaSection = acceptanceCriteria?.length ? [
 		"### Acceptance criteria",
 		"",
@@ -9045,14 +9519,14 @@ function buildFulfillBriefPrompt(input, ctx) {
 		"### Final output",
 		"",
 		"When done, write to stdout a JSON object with shape matching `FulfillBriefOutput`:",
-		"  { \"branch\", \"commits\": [{sha, message, diary_entry_id}], \"pull_request_url\", \"diary_entry_ids\", \"summary\" }",
+		"  { \"branch\", \"commits\": [{sha, message, diaryEntryId}], \"pullRequestUrl\", \"diaryEntryIds\", \"summary\" }",
 		"The runtime parses this as the structured task output. Failing to emit it is a failure."
 	].filter(Boolean).join("\n");
 }
 //#endregion
 //#region ../agent-runtime/src/prompts/judge-pack.ts
 function buildJudgePackPrompt(input, ctx) {
-	const { rendered_pack_id: renderedPackId, source_pack_id: sourcePackId, rubric } = input;
+	const { renderedPackId, sourcePackId, rubric } = input;
 	const criteriaList = rubric.criteria.map((c, i) => `${i + 1}. **${c.id}** (weight ${c.weight}, scoring: \`${c.scoring}\`) — ${c.description}`).join("\n");
 	const preambleSection = rubric.preamble ? [
 		"### Rubric preamble",
@@ -9075,7 +9549,7 @@ function buildJudgePackPrompt(input, ctx) {
 		"",
 		`- **Rendered pack**: \`${renderedPackId}\``,
 		`- **Source pack**: \`${sourcePackId}\``,
-		`- **Rubric**: \`${rubric.rubric_id}\` v${rubric.version}`,
+		`- **Rubric**: \`${rubric.rubricId}\` v${rubric.version}`,
 		"",
 		preambleSection,
 		"## Workflow",
@@ -9114,12 +9588,12 @@ function buildJudgePackPrompt(input, ctx) {
 		"  non-empty `contentSignature`. If `required_signed_total` is 0,",
 		"  score = 1. Populate `evidence` with `{ entries_verified,",
 		"  entries_total, required_signed_total, required_signed_ok,",
-		"  signature_failures: [entry_ids] }` where `signature_failures` lists",
+		"  signatureFailures: [entryIds] }` where `signatureFailures` lists",
 		"  ONLY the REQUIRED-SIGNED entries that lack a signature.",
 		"- `deterministic_coverage_check`: for every source entry, check",
-		"  whether its `entry_id` (or a stable reference like title + CID",
+		"  whether its `entryId` (or a stable reference like title + CID",
 		"  prefix) appears in the rendered `content`. Score 1 iff coverage is",
-		"  complete; otherwise 0. Populate `evidence` with `{ covered, total, missing: [entry_ids] }`.",
+		"  complete; otherwise 0. Populate `evidence` with `{ covered, total, missing: [entryIds] }`.",
 		"",
 		"## Constraints",
 		"",
@@ -9133,17 +9607,17 @@ function buildJudgePackPrompt(input, ctx) {
 		"Write to stdout a JSON object matching `JudgePackOutput`:",
 		"```",
 		"{",
-		"  \"scores\": [{\"criterion_id\": \"...\", \"score\": 0.0, \"rationale\": \"...\", \"evidence\": {...}}],",
+		"  \"scores\": [{\"criterionId\": \"...\", \"score\": 0.0, \"rationale\": \"...\", \"evidence\": {...}}],",
 		"  \"composite\": <sum-of-weighted-scores>,",
 		"  \"verdict\": \"<1-3 sentence overall>\",",
-		"  \"judge_model\": \"<provider:model>\",",
-		"  \"renderer_binary_cid\": \"<cid-string-only-if-available>\"",
+		"  \"judgeModel\": \"<provider:model>\",",
+		"  \"rendererBinaryCid\": \"<cid-string-only-if-available>\"",
 		"}",
 		"```",
-		"Omit `renderer_binary_cid` entirely when no binary CID is exposed by",
+		"Omit `rendererBinaryCid` entirely when no binary CID is exposed by",
 		"`moltnet_rendered_pack_get`. Do NOT emit `null` — the field is optional",
 		"and absence is the correct representation when unavailable.",
-		`Write a signed diary entry (tags: \`judgment\`, \`judge_pack\`, \`rubric:${rubric.rubric_id}\`) capturing the rationale before`,
+		`Write a signed diary entry (tags: \`judgment\`, \`judge_pack\`, \`rubric:${rubric.rubricId}\`) capturing the rationale before`,
 		"emitting the JSON."
 	].filter((l) => l !== null).join("\n");
 }
@@ -9154,7 +9628,7 @@ function buildJudgePackPrompt(input, ctx) {
 * wraps `moltnet_pack_render` and emits the receipt.
 */
 function buildRenderPackPrompt(input, ctx) {
-	const { pack_id: packId, persist = true, pinned = false } = input;
+	const { packId, persist = true, pinned = false } = input;
 	return [
 		"# Render Pack Agent",
 		"",
@@ -9194,11 +9668,11 @@ function buildRenderPackPrompt(input, ctx) {
 		"Write to stdout a JSON object matching `RenderPackOutput`:",
 		"```",
 		"{",
-		"  \"rendered_pack_id\": \"<uuid-or-null>\",",
-		"  \"rendered_cid\": \"<cid>\",",
-		"  \"render_method\": \"<label>\",",
-		"  \"byte_size\": <int>,",
-		"  \"entries_rendered\": <int>,",
+		"  \"renderedPackId\": \"<uuid-or-null>\",",
+		"  \"renderedCid\": \"<cid>\",",
+		"  \"renderMethod\": \"<label>\",",
+		"  \"byteSize\": <int>,",
+		"  \"entriesRendered\": <int>,",
 		"  \"summary\": \"<1-3 sentence recap>\"",
 		"}",
 		"```",
@@ -9208,11 +9682,11 @@ function buildRenderPackPrompt(input, ctx) {
 //#endregion
 //#region ../agent-runtime/src/prompts/index.ts
 /**
-* Resolve the correct prompt builder for `task.task_type` and invoke it.
+* Resolve the correct prompt builder for `task.taskType` and invoke it.
 * Throws if the type is unknown or the input fails TypeBox validation.
 */
 function buildPromptForTask(task, ctx) {
-	switch (task.task_type) {
+	switch (task.taskType) {
 		case FULFILL_BRIEF_TYPE:
 			if (!Value.Check(FulfillBriefInput, task.input)) {
 				const errors = [...Value.Errors(FulfillBriefInput, task.input)];
@@ -9262,8 +9736,100 @@ function buildPromptForTask(task, ctx) {
 				diaryId: ctx.diaryId,
 				taskId: ctx.taskId
 			});
-		default: throw new Error(`No prompt builder registered for task_type="${task.task_type}"`);
+		default: throw new Error(`No prompt builder registered for taskType="${task.taskType}"`);
+	}
+}
+//#endregion
+//#region src/runtime/task-output.ts
+async function parseStructuredTaskOutput(assistantText, taskType) {
+	const extracted = extractJsonObject(assistantText);
+	if (!extracted) return {
+		output: null,
+		outputCid: null,
+		error: {
+			code: "output_missing",
+			message: "Agent did not emit a parseable JSON object as its final message."
+		}
+	};
+	const errors = validateTaskOutput(taskType, extracted);
+	if (errors.length > 0) {
+		const details = errors.slice(0, 3).map((error) => `${error.field}: ${error.message}`);
+		const [firstError] = errors;
+		return {
+			output: null,
+			outputCid: null,
+			error: {
+				code: firstError?.field === "taskType" ? "unknown_task_type" : "output_validation_failed",
+				message: `Output failed schema validation: ${details.join("; ")}`
+			}
+		};
+	}
+	try {
+		return {
+			output: extracted,
+			outputCid: await computeJsonCid(extracted),
+			error: null
+		};
+	} catch (error) {
+		return {
+			output: null,
+			outputCid: null,
+			error: {
+				code: "output_cid_compute_failed",
+				message: `Validated output could not be canonicalized: ${error instanceof Error ? error.message : String(error)}`
+			}
+		};
+	}
+}
+/**
+* Find the last balanced top-level JSON object in `text` and parse it.
+* Tolerates markdown fences and leading prose. Returns null if parsing fails.
+*/
+function extractJsonObject(text) {
+	if (!text) return null;
+	const fenceMatch = /```(?:json)?\s*([\s\S]*?)```/gi;
+	const candidates = [];
+	for (const m of text.matchAll(fenceMatch)) candidates.push(m[1]);
+	const scanForObject = (s) => {
+		let depth = 0;
+		let start = -1;
+		let lastComplete = null;
+		let inString = false;
+		let escape = false;
+		for (let i = 0; i < s.length; i++) {
+			const ch = s[i];
+			if (inString) {
+				if (escape) escape = false;
+				else if (ch === "\\") escape = true;
+				else if (ch === "\"") inString = false;
+				continue;
+			}
+			if (ch === "\"") {
+				inString = true;
+				continue;
+			}
+			if (ch === "{") {
+				if (depth === 0) start = i;
+				depth++;
+			} else if (ch === "}") {
+				depth--;
+				if (depth === 0 && start !== -1) {
+					lastComplete = s.slice(start, i + 1);
+					start = -1;
+				}
+			}
+		}
+		return lastComplete;
+	};
+	candidates.push(text);
+	for (let i = candidates.length - 1; i >= 0; i--) {
+		const obj = scanForObject(candidates[i]);
+		if (!obj) continue;
+		try {
+			return JSON.parse(obj);
+		} catch {}
 	}
+	return null;
 }
 //#endregion
 //#region src/runtime/execute-pi-task.ts
@@ -9290,14 +9856,14 @@ function buildPromptForTask(task, ctx) {
 */
 function createPiTaskExecutor(opts) {
 	let cachedCheckpoint = opts.checkpointPath ?? null;
-	return async (task, reporter) => {
+	return async (claimedTask, reporter) => {
 		if (!cachedCheckpoint) cachedCheckpoint = await ensureSnapshot({
 			config: opts.sandboxConfig?.snapshot,
 			onProgress: opts.onSnapshotProgress ?? ((m) => {
 				process.stderr.write(`[snapshot] ${m}\n`);
 			})
 		});
-		return executePiTask(task, reporter, {
+		return executePiTask(claimedTask, reporter, {
 			...opts,
 			checkpointPath: cachedCheckpoint
 		});
@@ -9309,8 +9875,9 @@ function createPiTaskExecutor(opts) {
 * a `TaskOutput` (failures surface as `status: 'failed'`); throws only on
 * unrecoverable setup errors.
 */
-async function executePiTask(task, reporter, opts) {
-	const attemptN = opts.attemptN ?? 1;
+async function executePiTask(claimedTask, reporter, opts) {
+	const task = claimedTask.task;
+	const attemptN = claimedTask.attemptN;
 	const startTime = Date.now();
 	const mountPath = opts.mountPath ?? process.cwd();
 	const checkpointPath = opts.checkpointPath ?? await ensureSnapshot({
@@ -9336,17 +9903,19 @@ async function executePiTask(task, reporter, opts) {
 		extraAllowedHosts: opts.extraAllowedHosts,
 		sandboxConfig: opts.sandboxConfig
 	});
-	const diaryId = task.diary_id ?? "";
+	const diaryId = task.diaryId ?? "";
+	const taskTeamId = task.teamId ?? "";
 	let reporterOpen = false;
 	let session = null;
-	const makeFailedOutput = (code, message, usage = emptyUsage(opts.provider, opts.model)) => ({
-		task_id: task.id,
-		attempt_n: attemptN,
+	const finalUsage = emptyUsage(opts.provider, opts.model);
+	const makeFailedOutput = (code, message, usage = finalUsage) => ({
+		taskId: task.id,
+		attemptN,
 		status: "failed",
 		output: null,
-		output_cid: null,
+		outputCid: null,
 		usage,
-		duration_ms: Date.now() - startTime,
+		durationMs: Date.now() - startTime,
 		error: {
 			code,
 			message,
@@ -9367,8 +9936,8 @@ async function executePiTask(task, reporter, opts) {
 		});
 		await emit("info", {
 			event: "execute_start",
-			task_type: task.task_type,
-			team_id: task.team_id,
+			taskType: task.taskType,
+			teamId: task.teamId,
 			provider: opts.provider,
 			model: opts.model
 		});
@@ -9398,8 +9967,11 @@ async function executePiTask(task, reporter, opts) {
 			const moltnetTools = createMoltNetTools({
 				getAgent: () => moltnetAgent,
 				getDiaryId: () => diaryId,
+				getTeamId: () => taskTeamId,
 				getSessionErrors: () => [],
-				clearSessionErrors: () => {}
+				clearSessionErrors: () => {},
+				getHostCwd: () => mountPath,
+				hostExecBaseEnv: new Set([...HOST_EXEC_DEFAULT_BASE_ENV, ...Object.keys(managed.credentials.agentEnv)])
 			});
 			const piAuthDir = join(homedir(), ".pi", "agent");
 			const modelHandle = getModel(opts.provider, opts.model);
@@ -9427,7 +9999,7 @@ async function executePiTask(task, reporter, opts) {
 		let llmAbort = false;
 		let assistantText = "";
 		let reporterError = null;
-		const usage = emptyUsage(opts.provider, opts.model);
+		const usage = finalUsage;
 		const recordingPromise = [];
 		const track = (p) => {
 			recordingPromise.push(p.catch((err) => {
@@ -9457,12 +10029,12 @@ async function executePiTask(task, reporter, opts) {
 			else if (event.type === "turn_end") {
 				const msg = event.message;
 				if (msg?.role === "assistant" && msg.usage) {
-					usage.input_tokens += Math.max(0, msg.usage.input ?? 0);
-					usage.output_tokens += Math.max(0, msg.usage.output ?? 0);
+					usage.inputTokens += Math.max(0, msg.usage.input ?? 0);
+					usage.outputTokens += Math.max(0, msg.usage.output ?? 0);
 					const cr = Math.max(0, msg.usage.cacheRead ?? 0);
 					const cw = Math.max(0, msg.usage.cacheWrite ?? 0);
-					if (cr) usage.cache_read_tokens = (usage.cache_read_tokens ?? 0) + cr;
-					if (cw) usage.cache_write_tokens = (usage.cache_write_tokens ?? 0) + cw;
+					if (cr) usage.cacheReadTokens = (usage.cacheReadTokens ?? 0) + cr;
+					if (cw) usage.cacheWriteTokens = (usage.cacheWriteTokens ?? 0) + cw;
 				}
 				track(emit("turn_end", { stop_reason: msg?.stopReason ?? "end_turn" }));
 				llmAbort = msg?.stopReason === "error";
@@ -9484,28 +10056,13 @@ async function executePiTask(task, reporter, opts) {
 		}
 		await Promise.all(recordingPromise);
 		let parsedOutput = null;
+		let parsedOutputCid = null;
 		let parseError = null;
 		if (!runError && !llmAbort) {
-			const extracted = extractJsonObject(assistantText);
-			if (!extracted) parseError = {
-				code: "output_missing",
-				message: "Agent did not emit a parseable JSON object as its final message."
-			};
-			else {
-				const entry = BUILT_IN_TASK_TYPES[task.task_type];
-				if (!entry) parseError = {
-					code: "unknown_task_type",
-					message: `No output schema registered for task_type=${task.task_type}`
-				};
-				else {
-					const check = TypeCompiler.Compile(entry.outputSchema);
-					if (check.Check(extracted)) parsedOutput = extracted;
-					else parseError = {
-						code: "output_validation_failed",
-						message: `Output failed schema validation: ${[...check.Errors(extracted)].slice(0, 3).map((e) => `${e.path}: ${e.message}`).join("; ")}`
-					};
-				}
-			}
+			const parsed = await parseStructuredTaskOutput(assistantText, task.taskType);
+			parsedOutput = parsed.output;
+			parsedOutputCid = parsed.outputCid;
+			parseError = parsed.error;
 			if (parseError) await emit("error", {
 				message: parseError.message,
 				phase: "output_validation"
@@ -9515,13 +10072,13 @@ async function executePiTask(task, reporter, opts) {
 		const errorCode = runError?.code ?? parseError?.code ?? reporterError?.code ?? (llmAbort ? "llm_api_error" : void 0);
 		const errorMessage = runError?.message ?? parseError?.message ?? reporterError?.message ?? (llmAbort ? "LLM API error during turn" : void 0);
 		return {
-			task_id: task.id,
-			attempt_n: attemptN,
+			taskId: task.id,
+			attemptN,
 			status,
 			output: parsedOutput,
-			output_cid: null,
+			outputCid: parsedOutputCid,
 			usage,
-			duration_ms: Date.now() - startTime,
+			durationMs: Date.now() - startTime,
 			...errorCode && errorMessage ? { error: {
 				code: errorCode,
 				message: errorMessage,
@@ -9536,7 +10093,7 @@ async function executePiTask(task, reporter, opts) {
 		} catch {}
 		if (reporterOpen) {
 			try {
-				await reporter.finalize(emptyUsage(opts.provider, opts.model));
+				await reporter.finalize(finalUsage);
 			} catch {}
 			try {
 				await reporter.close();
@@ -9547,8 +10104,8 @@ async function executePiTask(task, reporter, opts) {
 }
 function emptyUsage(provider, model) {
 	return {
-		input_tokens: 0,
-		output_tokens: 0,
+		inputTokens: 0,
+		outputTokens: 0,
 		provider,
 		model
 	};
@@ -9582,79 +10139,16 @@ function truncateForWire(value) {
 		};
 	}
 }
-/**
-* Find the last balanced top-level JSON object in `text` and parse it.
-* Tolerates markdown fences and leading prose. Returns null if parsing fails.
-*/
-function extractJsonObject(text) {
-	if (!text) return null;
-	const fenceMatch = /```(?:json)?\s*([\s\S]*?)```/gi;
-	const candidates = [];
-	for (const m of text.matchAll(fenceMatch)) candidates.push(m[1]);
-	const scanForObject = (s) => {
-		let depth = 0;
-		let start = -1;
-		let lastComplete = null;
-		let inString = false;
-		let escape = false;
-		for (let i = 0; i < s.length; i++) {
-			const ch = s[i];
-			if (inString) {
-				if (escape) escape = false;
-				else if (ch === "\\") escape = true;
-				else if (ch === "\"") inString = false;
-				continue;
-			}
-			if (ch === "\"") {
-				inString = true;
-				continue;
-			}
-			if (ch === "{") {
-				if (depth === 0) start = i;
-				depth++;
-			} else if (ch === "}") {
-				depth--;
-				if (depth === 0 && start !== -1) {
-					lastComplete = s.slice(start, i + 1);
-					start = -1;
-				}
-			}
-		}
-		return lastComplete;
-	};
-	candidates.push(text);
-	for (let i = candidates.length - 1; i >= 0; i--) {
-		const obj = scanForObject(candidates[i]);
-		if (!obj) continue;
-		try {
-			return JSON.parse(obj);
-		} catch {}
-	}
-	return null;
-}
 //#endregion
 //#region src/index.ts
 /**
 * @themoltnet/pi-extension — MoltNet pi extension
 *
-* Sandboxes tool execution in a Gondolin VM with:
-*   - Auto-built and cached VM snapshots
-*   - Credential injection (pi OAuth + MoltNet identity)
-*   - Egress policy (only LLM provider + MoltNet API)
-*   - Tool redirection (read/write/edit/bash → VM)
-*   - MoltNet custom tools (diary entries — run on host via SDK)
-*   - Optional git worktree per session
-*
-* Usage:
-*   pi -e @themoltnet/pi-extension
-*   pi -e @themoltnet/pi-extension --agent legreffier
-*   pi -e @themoltnet/pi-extension --worktree-branch feat/my-task
-*   pi -e @themoltnet/pi-extension --sandbox-config ./sandbox.json
+* Runs pi coding-agent sessions inside a Gondolin VM with the agent's
+* MoltNet identity fully available inside the sandbox.
 *
-* Sandbox config resolution (first match):
-*   1. --sandbox-config flag (explicit path to JSON)
-*   2. sandbox.json in cwd (convention)
-*   3. Base only (git, gh, moltnet CLI, agent user)
+* See README.md for credential injection flow, tool split, sandbox.json
+* reference, and headless/programmatic usage.
 */
 var GUEST_WORKSPACE = "/workspace";
 function moltnetExtension(pi) {
@@ -9692,6 +10186,8 @@ function moltnetExtension(pi) {
 	let worktreePath = null;
 	let moltnetAgent = null;
 	let diaryId = null;
+	let teamId = null;
+	let hostExecBaseEnv = HOST_EXEC_DEFAULT_BASE_ENV;
 	async function ensureVm(ctx) {
 		if (vm) return vm;
 		if (vmStarting) return vmStarting;
@@ -9745,6 +10241,8 @@ function moltnetExtension(pi) {
 			activateAgentEnv(managed.credentials.agentEnv, mainRepo);
 			moltnetAgent = await connect({ configDir: managed.agentDir });
 			diaryId = managed.credentials.agentEnv.MOLTNET_DIARY_ID ?? null;
+			teamId = managed.credentials.agentEnv.MOLTNET_TEAM_ID ?? null;
+			hostExecBaseEnv = new Set([...HOST_EXEC_DEFAULT_BASE_ENV, ...Object.keys(managed.credentials.agentEnv)]);
 			vm = managed.vm;
 			const label = worktreePath ? `${mountPath} → ${GUEST_WORKSPACE}` : `${localCwd} → ${GUEST_WORKSPACE}`;
 			ctx?.ui.setStatus("sandbox", ctx.ui.theme.fg("accent", `Sandbox: running (${label})`));
@@ -9765,6 +10263,7 @@ function moltnetExtension(pi) {
 			vm = null;
 			vmStarting = null;
 			moltnetAgent = null;
+			teamId = null;
 		}
 	});
 	pi.on("before_agent_start", async (event, ctx) => {
@@ -9804,10 +10303,13 @@ function moltnetExtension(pi) {
 	const moltnetTools = createMoltNetTools({
 		getAgent: () => moltnetAgent,
 		getDiaryId: () => diaryId,
+		getTeamId: () => teamId,
 		getSessionErrors: () => sessionErrors,
 		clearSessionErrors: () => {
 			sessionErrors.length = 0;
-		}
+		},
+		getHostCwd: () => worktreePath ?? localCwd,
+		hostExecBaseEnv
 	});
 	for (const tool of moltnetTools) pi.registerTool(tool);
 	const sessionStartTime = Date.now();
@@ -9913,4 +10415,4 @@ function moltnetExtension(pi) {
 	registerMoltnetReflectCommand(pi, state);
 }
 //#endregion
-export { activateAgentEnv, buildPiJudgeRecipeManifest, computePiJudgeRecipeCid, createGondolinBashOps, createGondolinEditOps, createGondolinReadOps, createGondolinWriteOps, createMoltNetTools, createPiTaskExecutor, moltnetExtension as default, ensureSnapshot, executePiTask, findMainWorktree, loadCredentials, resolvePiJudgeRecipeVersions, resumeVm, toGuestPath };
+export { HOST_EXEC_DEFAULT_BASE_ENV, activateAgentEnv, buildPiJudgeRecipeManifest, computePiJudgeRecipeCid, createGondolinBashOps, createGondolinEditOps, createGondolinReadOps, createGondolinWriteOps, createMoltNetTools, createPiTaskExecutor, moltnetExtension as default, ensureSnapshot, executePiTask, findMainWorktree, loadCredentials, resolvePiJudgeRecipeVersions, resumeVm, toGuestPath };