@tt-a1i/hive 2.0.2 → 2.1.0

package/dist/src/server/sentinel-heartbeat.js

@@ -0,0 +1,145 @@
+// Sentinel heartbeat — feeds a periodic, read-only workspace snapshot into any RUNNING
+// sentinel-role worker's PTY so the agent can patrol without polling tools itself.
+//
+// INVARIANT (design §3.6): the runtime still detects nothing and decides nothing. This service
+// computes the same kind of read-only view the action center already renders, formats it as text,
+// and hands it to an OBSERVER AGENT; agent states never change (writeSystemMessageToAgent is not a
+// protocol event), no dispatch is touched, and "orphan"/"quiet" lines are hints with generous grace
+// windows — the sentinel (and ultimately the user) judges them.
+import { escapeHiveEnvelopeText } from './hive-envelope-escape.js';
+export const SENTINEL_HEARTBEAT_INTERVAL_MS = 30 * 60 * 1000;
+export const SENTINEL_HEARTBEAT_TICK_MS = 60 * 1000;
+// A dispatch open on a STOPPED worker is only flagged after this grace — restarts happen.
+export const SENTINEL_ORPHAN_GRACE_MS = 15 * 60 * 1000;
+// A submitted dispatch with no report is only mentioned after this — big tasks are slow by nature.
+export const SENTINEL_QUIET_GRACE_MS = 30 * 60 * 1000;
+const dispatchAge = (dispatch, now) => now - (dispatch.submittedAt ?? dispatch.createdAt);
+const minutes = (ms) => `${Math.max(0, Math.floor(ms / 60_000))}m`;
+const shortId = (id) => (id.length > 8 ? id.slice(0, 8) : id);
+export const buildSentinelHeartbeat = (input) => {
+    const { now, workers, openDispatches } = input;
+    const workersById = new Map(workers.map((worker) => [worker.id, worker]));
+    const teammates = workers.filter((worker) => worker.role !== 'sentinel');
+    const workerLines = teammates.map((worker) => {
+        const queued = worker.pendingTaskCount > 0 ? `, ${worker.pendingTaskCount} queued` : '';
+        return `- @${escapeHiveEnvelopeText(worker.name)} (${worker.role}) ${worker.status}${queued}`;
+    });
+    const dispatchLines = openDispatches.map((dispatch) => {
+        const target = workersById.get(dispatch.toAgentId);
+        const name = target
+            ? `@${escapeHiveEnvelopeText(target.name)}`
+            : escapeHiveEnvelopeText(dispatch.toAgentId);
+        return `- ${shortId(dispatch.id)} -> ${name}, ${dispatch.status} for ${minutes(dispatchAge(dispatch, now))}`;
+    });
+    const orphanLines = openDispatches
+        .filter((dispatch) => {
+        const target = workersById.get(dispatch.toAgentId);
+        return target?.status === 'stopped' && dispatchAge(dispatch, now) >= SENTINEL_ORPHAN_GRACE_MS;
+    })
+        .map((dispatch) => {
+        const target = workersById.get(dispatch.toAgentId);
+        return `- ${shortId(dispatch.id)} -> @${escapeHiveEnvelopeText(target?.name ?? dispatch.toAgentId)} (worker stopped, open for ${minutes(dispatchAge(dispatch, now))})`;
+    });
+    const quietLines = openDispatches
+        .filter((dispatch) => {
+        const target = workersById.get(dispatch.toAgentId);
+        return (target !== undefined &&
+            target.status !== 'stopped' &&
+            dispatch.submittedAt !== null &&
+            now - dispatch.submittedAt >= SENTINEL_QUIET_GRACE_MS);
+    })
+        .map((dispatch) => {
+        const target = workersById.get(dispatch.toAgentId);
+        return `- ${shortId(dispatch.id)} -> @${escapeHiveEnvelopeText(target?.name ?? dispatch.toAgentId)}, no report for ${minutes(now - (dispatch.submittedAt ?? now))} (may be a normal long task)`;
+    });
+    const lines = [
+        '<hive-message kind="heartbeat">',
+        `Sentinel snapshot for "${escapeHiveEnvelopeText(input.workspaceName)}" (auto-generated; observe-only).`,
+        '',
+        `Workers (${teammates.length}):`,
+        ...(workerLines.length > 0 ? workerLines : ['- (none)']),
+        '',
+        `Open dispatches (${openDispatches.length}):`,
+        ...(dispatchLines.length > 0 ? dispatchLines : ['- (none)']),
+    ];
+    if (orphanLines.length > 0) {
+        lines.push('', `Possible orphans (worker stopped, open >= ${minutes(SENTINEL_ORPHAN_GRACE_MS)}):`);
+        lines.push(...orphanLines);
+    }
+    if (quietLines.length > 0) {
+        lines.push('', `Long-quiet (no report >= ${minutes(SENTINEL_QUIET_GRACE_MS)}):`);
+        lines.push(...quietLines);
+    }
+    if (orphanLines.length === 0 && quietLines.length === 0) {
+        lines.push('', 'Nothing unusual detected.');
+    }
+    lines.push('', "Cross-check against your own observations. If something needs the Orchestrator's attention,", 'summarize it with: team status "<finding>" — otherwise stay quiet.', 'Do not modify files, run side-effecting commands, or dispatch work.', '</hive-message>', '');
+    return lines.join('\n');
+};
+export const createSentinelHeartbeatService = (deps) => {
+    const intervalMs = deps.intervalMs ?? SENTINEL_HEARTBEAT_INTERVAL_MS;
+    const tickMs = deps.tickMs ?? SENTINEL_HEARTBEAT_TICK_MS;
+    const now = deps.now ?? Date.now;
+    // Keyed by `${workspaceId}:${agentId}`. A sentinel that stops and restarts keeps its slot —
+    // the cadence is "at most one heartbeat per interval", not "one per run".
+    const lastSentAt = new Map();
+    let timer;
+    const tickOnce = () => {
+        const ts = now();
+        for (const workspace of safeList(deps.listWorkspaces)) {
+            let workers;
+            try {
+                workers = deps.listWorkers(workspace.id);
+            }
+            catch {
+                continue;
+            }
+            const sentinels = workers.filter((worker) => worker.role === 'sentinel' && deps.hasActiveRun(workspace.id, worker.id));
+            if (sentinels.length === 0)
+                continue;
+            for (const sentinel of sentinels) {
+                const key = `${workspace.id}:${sentinel.id}`;
+                const last = lastSentAt.get(key);
+                if (last !== undefined && ts - last < intervalMs)
+                    continue;
+                try {
+                    const text = buildSentinelHeartbeat({
+                        now: ts,
+                        openDispatches: deps.listOpenDispatches(workspace.id),
+                        workers,
+                        workspaceName: workspace.name,
+                    });
+                    deps.deliver(workspace.id, sentinel.id, text);
+                    lastSentAt.set(key, ts);
+                }
+                catch {
+                    // Never let one workspace's failure kill the patrol loop; retry next interval.
+                }
+            }
+        }
+    };
+    return {
+        start() {
+            if (timer)
+                return;
+            timer = setInterval(tickOnce, tickMs);
+            timer.unref?.();
+        },
+        /** Test seam + deterministic cadence driver. */
+        tickOnce,
+        close() {
+            if (!timer)
+                return;
+            clearInterval(timer);
+            timer = undefined;
+        },
+    };
+};
+const safeList = (listWorkspaces) => {
+    try {
+        return listWorkspaces();
+    }
+    catch {
+        return [];
+    }
+};

package/dist/src/server/spawn-cli-resolver.d.ts

@@ -0,0 +1,37 @@
+import type { AgentLaunchConfigInput } from './agent-run-store.js';
+/**
+ * CLI selection for `team spawn` (growth research 2026-06-11, P0-B2).
+ *
+ * The old behavior hardcoded the default to 'claude': a Codex/Gemini-only
+ * user whose orchestrator asked for `team spawn coder` got a worker that
+ * died instantly on a missing `claude` binary. The default now:
+ *   1. inherits the workspace orchestrator's CLI brand (preset id first,
+ *      else the brand normalized from its launch command), if available;
+ *   2. else picks the first built-in preset whose command is on PATH;
+ *   3. else falls back to 'claude' as the last resort (old behavior).
+ * An EXPLICIT `--cli` that is not on PATH is now a 400 with a suggestion
+ * instead of a silently-broken worker.
+ *
+ * The PATH probe is injectable so unit tests never touch the real PATH.
+ */
+export interface SpawnCliPresetRecord {
+    id: string;
+    command: string;
+    args: string[];
+    env: Record<string, string>;
+}
+export type CliAvailabilityProbe = (command: string, env: Record<string, string>) => boolean;
+export interface SpawnCliResolverPorts {
+    /** Settings lookup — covers built-in presets (possibly user-edited) and custom ones. */
+    getCommandPreset: (id: string) => SpawnCliPresetRecord | undefined;
+    /** Launch config of this workspace's orchestrator, if it was ever configured. */
+    getOrchestratorLaunchConfig: () => Pick<AgentLaunchConfigInput, 'command' | 'commandPresetId' | 'interactiveCommand'> | undefined;
+    /** PATH probe — defaults to the real probe; tests inject a stub. */
+    isCommandAvailable?: CliAvailabilityProbe;
+}
+/** Built-in preset ids whose command is actually visible on PATH, in built-in order. */
+export declare const listAvailableBuiltinCliIds: (ports: SpawnCliResolverPorts) => string[];
+/** Default-CLI selection when `team spawn` omits `--cli`. */
+export declare const resolveDefaultSpawnCliLaunchConfig: (ports: SpawnCliResolverPorts) => AgentLaunchConfigInput;
+/** Explicit `--cli <id>`: unknown id or a command missing from PATH is a 400. */
+export declare const resolveExplicitSpawnCliLaunchConfig: (ports: SpawnCliResolverPorts, cliId: string) => AgentLaunchConfigInput;

package/dist/src/server/spawn-cli-resolver.js

@@ -0,0 +1,70 @@
+import { isCommandAvailableOnPath } from './agent-command-resolver.js';
+import { BUILTIN_COMMAND_PRESET_IDS, getBuiltinCommandPresetByCommand, } from './command-preset-defaults.js';
+import { BadRequestError } from './http-errors.js';
+import { normalizeExecutableToken } from './startup-command-parser.js';
+const toLaunchConfig = (preset) => ({
+    args: preset.args,
+    command: preset.command,
+    commandPresetId: preset.id,
+});
+const getProbe = (ports) => ports.isCommandAvailable ?? isCommandAvailableOnPath;
+const getAvailablePreset = (ports, presetId) => {
+    const preset = ports.getCommandPreset(presetId);
+    if (!preset)
+        return undefined;
+    return getProbe(ports)(preset.command, preset.env) ? preset : undefined;
+};
+/**
+ * The orchestrator's CLI brand: explicit preset id when the launch config
+ * carries one, else the brand normalized from the launch command (for
+ * startup-command launches the shell is in `command` and the real CLI in
+ * `interactiveCommand`, so prefer the latter). `cursor-agent`-style commands
+ * map back to their preset id via the built-in command table.
+ */
+const inheritedOrchestratorPresetId = (ports) => {
+    const config = ports.getOrchestratorLaunchConfig();
+    if (!config)
+        return undefined;
+    if (config.commandPresetId)
+        return config.commandPresetId;
+    const brand = normalizeExecutableToken(config.interactiveCommand ?? config.command);
+    if (!brand)
+        return undefined;
+    return getBuiltinCommandPresetByCommand(brand)?.id ?? brand;
+};
+/** Built-in preset ids whose command is actually visible on PATH, in built-in order. */
+export const listAvailableBuiltinCliIds = (ports) => BUILTIN_COMMAND_PRESET_IDS.filter((id) => getAvailablePreset(ports, id) !== undefined);
+/** Default-CLI selection when `team spawn` omits `--cli`. */
+export const resolveDefaultSpawnCliLaunchConfig = (ports) => {
+    const inheritedId = inheritedOrchestratorPresetId(ports);
+    if (inheritedId) {
+        const inherited = getAvailablePreset(ports, inheritedId);
+        if (inherited)
+            return toLaunchConfig(inherited);
+    }
+    for (const id of BUILTIN_COMMAND_PRESET_IDS) {
+        const preset = getAvailablePreset(ports, id);
+        if (preset)
+            return toLaunchConfig(preset);
+    }
+    // Last resort: nothing probed as available (or probing is impossible in
+    // this environment) — keep the historical 'claude' fallback so spawn never
+    // hard-fails on the default path.
+    const claude = ports.getCommandPreset('claude');
+    return claude ? toLaunchConfig(claude) : { args: [], command: 'claude' };
+};
+/** Explicit `--cli <id>`: unknown id or a command missing from PATH is a 400. */
+export const resolveExplicitSpawnCliLaunchConfig = (ports, cliId) => {
+    const preset = ports.getCommandPreset(cliId);
+    if (!preset) {
+        throw new BadRequestError(`Unsupported cli '${cliId}'`);
+    }
+    if (!getProbe(ports)(preset.command, preset.env)) {
+        const available = listAvailableBuiltinCliIds(ports);
+        const hint = available.length > 0
+            ? `Install it, or retry with a CLI that is available on this machine: \`team spawn <role> --cli ${available[0]}\` (available: ${available.join(', ')}).`
+            : 'Install it and make sure it is on PATH, then retry.';
+        throw new BadRequestError(`CLI '${cliId}' is not usable here: its command '${preset.command}' is not visible on PATH. ${hint}`);
+    }
+    return toLaunchConfig(preset);
+};

package/dist/src/server/spawn-worker-defaults.d.ts

@@ -0,0 +1,13 @@
+import type { WorkerRole } from '../shared/types.js';
+export interface SpawnWorkerDefaults {
+    role: WorkerRole;
+    name: string;
+    /** Present only when an unknown role label was mapped to 'custom' — keeps
+        the requested label visible instead of the generic custom placeholder. */
+    description?: string;
+}
+export declare const resolveSpawnWorkerDefaults: (input: {
+    requestedRole: string | undefined;
+    requestedName: string | undefined;
+    takenNames: ReadonlySet<string>;
+}) => SpawnWorkerDefaults;

package/dist/src/server/spawn-worker-defaults.js

@@ -0,0 +1,45 @@
+import { randomUUID } from 'node:crypto';
+/**
+ * Role + name defaults for `team spawn` (routes-team /api/team/spawn).
+ *
+ * The natural orchestrator flow is `team spawn researcher` followed by
+ * `team send researcher "..."` — `team send` matches the worker NAME
+ * exactly, so the spawn defaults must keep that flow working:
+ *
+ * - When `--name` is omitted, the worker is named after the requested role
+ *   label verbatim (`researcher`), as long as that name is free. Only on a
+ *   roster collision do we fall back to the old `<label>-<uuid>` form —
+ *   the spawn response echoes the final name either way.
+ * - A role label outside the built-in set maps to 'custom' (NOT 'coder':
+ *   silently relabeling `researcher` as a coder hid the coercion from the
+ *   orchestrator and broke send-by-role). The requested label survives in
+ *   the worker name and in a generated role description.
+ */
+const WORKER_ROLES = new Set(['coder', 'reviewer', 'tester', 'sentinel', 'custom']);
+/* The built-in pseudo-agents ('Orchestrator' / 'Workflow') are not workers,
+   so the store's duplicate-name check can't protect them. Don't let a bare
+   `team spawn orchestrator` mint a second roster entry that reads like the
+   queen — those labels take the uuid fallback instead. */
+const RESERVED_BARE_NAMES = new Set(['orchestrator', 'workflow']);
+/* workspace-store normalizeWorkerName caps names at 64 chars; keep room for
+   the '-' + uuid (37 chars) so the fallback never trips that limit. */
+const MAX_NAME_LENGTH = 64;
+const MAX_LABEL_IN_FALLBACK = MAX_NAME_LENGTH - 37;
+export const resolveSpawnWorkerDefaults = (input) => {
+    const label = input.requestedRole?.trim() || 'coder';
+    const role = WORKER_ROLES.has(label) ? label : 'custom';
+    const description = role === 'custom' && label !== 'custom'
+        ? [
+            `You are ${label}. Work from the task instructions dispatched by the Orchestrator.`,
+            `你是 ${label}，按 Orchestrator 派发的任务说明工作。`,
+            'When done, use `team report` to report results, risks, and blockers. / 完成后用 `team report` 汇报结果、风险和阻塞。',
+        ].join('\n')
+        : undefined;
+    const requestedName = input.requestedName?.trim();
+    const bareLabelAvailable = label.length <= MAX_NAME_LENGTH &&
+        !RESERVED_BARE_NAMES.has(label.toLowerCase()) &&
+        !input.takenNames.has(label);
+    const name = requestedName ||
+        (bareLabelAvailable ? label : `${label.slice(0, MAX_LABEL_IN_FALLBACK)}-${randomUUID()}`);
+    return description === undefined ? { role, name } : { role, name, description };
+};

package/dist/src/server/sqlite-schema-v32.d.ts

@@ -0,0 +1,2 @@
+import type { Database } from 'better-sqlite3';
+export declare const applySchemaVersion32: (db: Database) => void;

package/dist/src/server/sqlite-schema-v32.js

@@ -0,0 +1,17 @@
+export const applySchemaVersion32 = (db) => {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS workspace_uploads (
+      id TEXT PRIMARY KEY,
+      workspace_id TEXT NOT NULL,
+      remote_device_id TEXT,
+      original_name TEXT NOT NULL,
+      mime_type TEXT NOT NULL,
+      size_bytes INTEGER NOT NULL,
+      storage_key TEXT NOT NULL,
+      created_at INTEGER NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_workspace_uploads_workspace_created
+      ON workspace_uploads (workspace_id, created_at DESC, id DESC);
+  `);
+};

package/dist/src/server/sqlite-schema-v33.d.ts

@@ -0,0 +1,3 @@
+import type { Database } from 'better-sqlite3';
+/** v33: built-in Sentinel role template — a read-only patrol observer that reports via `team status`. */
+export declare const applySchemaVersion33: (db: Database) => void;

package/dist/src/server/sqlite-schema-v33.js

@@ -0,0 +1,18 @@
+import { SENTINEL_ROLE_DESCRIPTION } from './role-templates.js';
+/** v33: built-in Sentinel role template — a read-only patrol observer that reports via `team status`. */
+export const applySchemaVersion33 = (db) => {
+    // Runs unguarded on every boot (v30+ pattern), so it must tolerate a
+    // foreign-built DB where role_templates was never created — same
+    // sqlite_master guard v12 uses for the same table.
+    const hasRoleTemplates = db
+        .prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'role_templates'")
+        .get();
+    if (!hasRoleTemplates)
+        return;
+    const now = Date.now();
+    db.prepare(`INSERT INTO role_templates (
+       id, name, role_type, description, default_command, default_args, default_env,
+       is_builtin, created_at, updated_at
+     ) VALUES (?, ?, ?, ?, ?, ?, ?, 1, ?, ?)
+     ON CONFLICT(id) DO NOTHING`).run('sentinel', 'Sentinel', 'sentinel', SENTINEL_ROLE_DESCRIPTION, 'claude', '[]', '{}', now, now);
+};

package/dist/src/server/sqlite-schema-v34.d.ts

@@ -0,0 +1,11 @@
+import type { Database } from 'better-sqlite3';
+/**
+ * v34: local retention signals (issue #23) — per-day protocol event counters.
+ *
+ * Deliberately a dedicated append-only counter table instead of aggregating
+ * `messages` / `dispatches` at read time: both of those are pruned when
+ * workers or workspaces are deleted (ephemeral workers especially), so
+ * historical activity would silently shrink. Counters are local-only —
+ * nothing here is ever transmitted anywhere.
+ */
+export declare const applySchemaVersion34: (db: Database) => void;

package/dist/src/server/sqlite-schema-v34.js

@@ -0,0 +1,19 @@
+/**
+ * v34: local retention signals (issue #23) — per-day protocol event counters.
+ *
+ * Deliberately a dedicated append-only counter table instead of aggregating
+ * `messages` / `dispatches` at read time: both of those are pruned when
+ * workers or workspaces are deleted (ephemeral workers especially), so
+ * historical activity would silently shrink. Counters are local-only —
+ * nothing here is ever transmitted anywhere.
+ */
+export const applySchemaVersion34 = (db) => {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS protocol_event_daily (
+      day TEXT NOT NULL,
+      event TEXT NOT NULL,
+      count INTEGER NOT NULL DEFAULT 0,
+      PRIMARY KEY (day, event)
+    );
+  `);
+};

package/dist/src/server/sqlite-schema-v35.d.ts

@@ -0,0 +1,3 @@
+import type { Database } from 'better-sqlite3';
+/** v35: refresh built-in role contracts to be English-first bilingual prompts. */
+export declare const applySchemaVersion35: (db: Database) => void;

package/dist/src/server/sqlite-schema-v35.js

@@ -0,0 +1,23 @@
+import { CODER_ROLE_DESCRIPTION, ORCHESTRATOR_ROLE_DESCRIPTION, REVIEWER_ROLE_DESCRIPTION, SENTINEL_ROLE_DESCRIPTION, TESTER_ROLE_DESCRIPTION, } from './role-templates.js';
+const BUILTIN_ROLE_DESCRIPTIONS = [
+    ['orchestrator', ORCHESTRATOR_ROLE_DESCRIPTION],
+    ['coder', CODER_ROLE_DESCRIPTION],
+    ['reviewer', REVIEWER_ROLE_DESCRIPTION],
+    ['tester', TESTER_ROLE_DESCRIPTION],
+    ['sentinel', SENTINEL_ROLE_DESCRIPTION],
+];
+/** v35: refresh built-in role contracts to be English-first bilingual prompts. */
+export const applySchemaVersion35 = (db) => {
+    const table = db
+        .prepare("SELECT name FROM sqlite_master WHERE type = 'table' AND name = 'role_templates'")
+        .get();
+    if (!table)
+        return;
+    const now = Date.now();
+    const updateTemplate = db.prepare(`UPDATE role_templates
+     SET description = ?, updated_at = ?
+     WHERE id = ? AND is_builtin = 1`);
+    for (const [id, description] of BUILTIN_ROLE_DESCRIPTIONS) {
+        updateTemplate.run(description, now, id);
+    }
+};

package/dist/src/server/sqlite-schema.d.ts

@@ -1,3 +1,3 @@
 import type { Database } from 'better-sqlite3';
-export declare const CURRENT_SCHEMA_VERSION = 31;
+export declare const CURRENT_SCHEMA_VERSION = 35;
 export declare const initializeRuntimeDatabase: (db: Database) => void;

package/dist/src/server/sqlite-schema.js

@@ -24,7 +24,11 @@ import { applySchemaVersion28 } from './sqlite-schema-v28.js';
 import { applySchemaVersion29 } from './sqlite-schema-v29.js';
 import { applySchemaVersion30 } from './sqlite-schema-v30.js';
 import { applySchemaVersion31 } from './sqlite-schema-v31.js';
-export const CURRENT_SCHEMA_VERSION = 31;
+import { applySchemaVersion32 } from './sqlite-schema-v32.js';
+import { applySchemaVersion33 } from './sqlite-schema-v33.js';
+import { applySchemaVersion34 } from './sqlite-schema-v34.js';
+import { applySchemaVersion35 } from './sqlite-schema-v35.js';
+export const CURRENT_SCHEMA_VERSION = 35;
 // Idempotent column-add helper. SQLite doesn't have `ALTER TABLE … ADD COLUMN
 // IF NOT EXISTS`, so PRAGMA-check first. Safe to call on every init; required
 // for foreign-built DBs where the version-gated migration is skipped.
@@ -176,6 +180,20 @@ export const initializeRuntimeDatabase = (db) => {
       ON workflow_schedules (enabled, next_run_at);
     CREATE INDEX IF NOT EXISTS idx_workflow_schedules_workspace
       ON workflow_schedules (workspace_id, created_at);
+
+    CREATE TABLE IF NOT EXISTS workspace_uploads (
+      id TEXT PRIMARY KEY,
+      workspace_id TEXT NOT NULL,
+      remote_device_id TEXT,
+      original_name TEXT NOT NULL,
+      mime_type TEXT NOT NULL,
+      size_bytes INTEGER NOT NULL,
+      storage_key TEXT NOT NULL,
+      created_at INTEGER NOT NULL
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_workspace_uploads_workspace_created
+      ON workspace_uploads (workspace_id, created_at DESC, id DESC);
   `);
     // Idempotent column additions — run on every init regardless of
     // schema_version. The v19 migration adds these columns but is gated on
@@ -365,4 +383,20 @@ export const initializeRuntimeDatabase = (db) => {
     if (!appliedVersions.has(31)) {
         db.prepare('INSERT INTO schema_version (version, applied_at) VALUES (?, ?)').run(31, Date.now());
     }
+    applySchemaVersion32(db);
+    if (!appliedVersions.has(32)) {
+        db.prepare('INSERT INTO schema_version (version, applied_at) VALUES (?, ?)').run(32, Date.now());
+    }
+    applySchemaVersion33(db);
+    if (!appliedVersions.has(33)) {
+        db.prepare('INSERT INTO schema_version (version, applied_at) VALUES (?, ?)').run(33, Date.now());
+    }
+    applySchemaVersion34(db);
+    if (!appliedVersions.has(34)) {
+        db.prepare('INSERT INTO schema_version (version, applied_at) VALUES (?, ?)').run(34, Date.now());
+    }
+    if (!appliedVersions.has(35)) {
+        applySchemaVersion35(db);
+        db.prepare('INSERT INTO schema_version (version, applied_at) VALUES (?, ?)').run(35, Date.now());
+    }
 };

package/dist/src/server/system-message.d.ts

@@ -3,6 +3,9 @@
  * agent attends to it as system content rather than mistaking it for user
  * input or its own output. `<hive-system-reminder>` is reserved for the short
  * re-anchoring action menu appended at a message tail; this `<hive-system-message>`
- * tag carries larger injected bodies (crash-recovery / restart env-sync).
+ * tag carries larger injected bodies.
+ *
+ * The content must already be escaped or intentionally contain trusted Hive
+ * sub-envelopes such as `<hive-memory>`.
  */
-export declare const wrapSystemMessage: (content: string) => string;
+export declare const wrapRawSystemMessage: (content: string) => string;

package/dist/src/server/system-message.js

@@ -3,6 +3,9 @@
  * agent attends to it as system content rather than mistaking it for user
  * input or its own output. `<hive-system-reminder>` is reserved for the short
  * re-anchoring action menu appended at a message tail; this `<hive-system-message>`
- * tag carries larger injected bodies (crash-recovery / restart env-sync).
+ * tag carries larger injected bodies.
+ *
+ * The content must already be escaped or intentionally contain trusted Hive
+ * sub-envelopes such as `<hive-memory>`.
  */
-export const wrapSystemMessage = (content) => `<hive-system-message>\n${content}\n</hive-system-message>`;
+export const wrapRawSystemMessage = (content) => `<hive-system-message>\n${content}\n</hive-system-message>`;

package/dist/src/server/tasks-file-watcher.d.ts

@@ -23,6 +23,14 @@ import type { WorkflowCliPolicy } from './workflow-cli-policy.js';
  * `atomic` option alone covers atomic-save; if a future workspace
  * needs stronger settling behaviour we can promote it then.
  *
+ * Keep the directory walk shallow. We watch the `.hive` parent directory
+ * instead of the `tasks.md` file so atomic-save editors can replace the
+ * file without making the watcher go deaf, but recursing through
+ * `.hive/reports/assets` or other generated folders can consume a file
+ * descriptor per asset and starve later PTY spawns. `tasks.md` is a
+ * direct child of `.hive`, so depth 0 preserves the needed events without
+ * walking binary artifact trees.
+ *
  * Exported so the configuration is testable in isolation.
  */
 export declare const TASKS_WATCHER_OPTIONS: ChokidarOptions;

package/dist/src/server/tasks-file-watcher.js

@@ -1,9 +1,9 @@
 import { existsSync } from 'node:fs';
 import { readFile } from 'node:fs/promises';
-import { basename, dirname, normalize } from 'node:path';
+import { basename, dirname, normalize, win32 } from 'node:path';
 import chokidar from 'chokidar';
 import { FEATURE_FLAGS_ALL_OFF } from './feature-flags.js';
-import { ensureProtocolFile, ensureTasksFile, getTasksFilePath, TASKS_FILE_NAME, } from './tasks-file.js';
+import { ensureProtocolFile, ensureTasksFile, getTasksFilePath, HIVE_DIR_NAME, TASKS_FILE_NAME, } from './tasks-file.js';
 const DEBOUNCE_MS = 100;
 const WATCHER_RETRY_MS = 5000;
 const WATCHER_CLOSE_TIMEOUT_MS = 2000;
@@ -31,15 +31,44 @@ const WINDOWS_WATCHER_READY_TIMEOUT_MS = 60000;
  * `atomic` option alone covers atomic-save; if a future workspace
  * needs stronger settling behaviour we can promote it then.
  *
+ * Keep the directory walk shallow. We watch the `.hive` parent directory
+ * instead of the `tasks.md` file so atomic-save editors can replace the
+ * file without making the watcher go deaf, but recursing through
+ * `.hive/reports/assets` or other generated folders can consume a file
+ * descriptor per asset and starve later PTY spawns. `tasks.md` is a
+ * direct child of `.hive`, so depth 0 preserves the needed events without
+ * walking binary artifact trees.
+ *
  * Exported so the configuration is testable in isolation.
  */
 export const TASKS_WATCHER_OPTIONS = {
     atomic: 100,
+    depth: 0,
     ignoreInitial: true,
 };
 const isWindowsUncPath = (path, platform = process.platform) => platform === 'win32' && /^[\\/]{2}[^\\/]+[\\/]+[^\\/]+/u.test(path);
+const normalizeWatchPath = (path, platform) => {
+    const normalized = platform === 'win32' ? win32.normalize(path) : normalize(path);
+    return platform === 'win32' ? normalized.toLowerCase() : normalized;
+};
+const getTasksWatchPath = (workspacePath, platform) => platform === 'win32'
+    ? win32.join(workspacePath, HIVE_DIR_NAME, TASKS_FILE_NAME)
+    : getTasksFilePath(workspacePath);
+const createTasksWatcherIgnored = (workspacePath, platform) => {
+    const tasksPath = getTasksWatchPath(workspacePath, platform);
+    const hiveDir = platform === 'win32' ? win32.dirname(tasksPath) : dirname(tasksPath);
+    const hiveKey = normalizeWatchPath(hiveDir, platform);
+    const tasksKey = normalizeWatchPath(tasksPath, platform);
+    return (path) => {
+        const pathKey = normalizeWatchPath(path, platform);
+        if (pathKey === hiveKey || pathKey === tasksKey)
+            return false;
+        return pathKey.startsWith(`${hiveKey}/`) || pathKey.startsWith(`${hiveKey}\\`);
+    };
+};
 export const buildTasksWatcherOptions = (workspacePath, platform = process.platform) => ({
     ...TASKS_WATCHER_OPTIONS,
+    ignored: createTasksWatcherIgnored(workspacePath, platform),
     ...(platform === 'win32' || isWindowsUncPath(workspacePath, platform)
         ? { interval: 500, usePolling: true }
         : {}),

package/dist/src/server/team-authz.d.ts

@@ -1,6 +1,14 @@
 import type { AgentSummary } from '../shared/types.js';
-export type TeamCommand = 'send' | 'list' | 'next' | 'report' | 'recall' | 'memory_add' | 'memory_forget' | 'memory_search' | 'memory_show' | 'status' | 'cancel' | 'help' | 'spawn' | 'dismiss' | 'workflow';
+export type TeamCommand = 'send' | 'list' | 'next' | 'report' | 'recall' | 'memory_add' | 'memory_apply' | 'memory_dream_show' | 'memory_forget' | 'memory_search' | 'memory_show' | 'status' | 'cancel' | 'help' | 'spawn' | 'dismiss' | 'workflow';
 export declare const commandAllowedForRole: (role: AgentSummary["role"], command: TeamCommand) => boolean;
+/**
+ * Dispatch-target gate: the sentinel is an observer, so handing it a dispatch
+ * would strand the task forever (it cannot `team report` to close it).
+ */
+export declare const assertWorkerDispatchable: (worker: {
+    name: string;
+    role: string;
+}) => void;
 interface AuthenticateInput {
     fromAgentId: string | undefined;
     getAgent: (workspaceId: string, agentId: string) => AgentSummary;

package/dist/src/server/team-authz.js

@@ -7,6 +7,8 @@ const ORCHESTRATOR_COMMANDS = new Set([
     'help',
     'recall',
     'memory_add',
+    'memory_apply',
+    'memory_dream_show',
     'memory_forget',
     'memory_search',
     'memory_show',
@@ -19,17 +21,39 @@ const WORKER_COMMANDS = new Set([
     'status',
     'help',
     'recall',
+    'memory_dream_show',
     'memory_search',
     'memory_show',
 ]);
 const WORKER_ROLES = new Set(['coder', 'reviewer', 'tester', 'custom']);
+// Observe-only: a sentinel reports findings via `team status` and may read team
+// memory, but it can NEVER `team report` (it is never assigned dispatch work —
+// see assertWorkerDispatchable) and never dispatches or spawns.
+const SENTINEL_COMMANDS = new Set([
+    'status',
+    'help',
+    'recall',
+    'memory_search',
+    'memory_show',
+]);
 export const commandAllowedForRole = (role, command) => {
     if (role === 'orchestrator')
         return ORCHESTRATOR_COMMANDS.has(command);
+    if (role === 'sentinel')
+        return SENTINEL_COMMANDS.has(command);
     if (WORKER_ROLES.has(role))
         return WORKER_COMMANDS.has(command);
     return false;
 };
+/**
+ * Dispatch-target gate: the sentinel is an observer, so handing it a dispatch
+ * would strand the task forever (it cannot `team report` to close it).
+ */
+export const assertWorkerDispatchable = (worker) => {
+    if (worker.role === 'sentinel') {
+        throw new ForbiddenError(`@${worker.name} is a sentinel (observe-only); it does not take dispatches`);
+    }
+};
 export const authenticateCliAgent = ({ fromAgentId, getAgent, token, validateToken, workspaceId, }) => {
     if (!fromAgentId) {
         throw new UnauthorizedError('Missing agent identity');