@yemi33/minions 0.1.1949 → 0.1.1951

package/engine/ado-mcp-wrapper.js

@@ -3,10 +3,32 @@
  * Wrapper for @azure-devops/mcp that fetches an ADO token via the shared
  * az-first provider chain and sets AZURE_DEVOPS_EXT_PAT before launching the
  * MCP server.
+ *
+ * P-b3f8e1a5: @azure-devops/mcp is pinned in package.json and resolved from
+ * local node_modules. We spawn process.execPath against the resolved bin file
+ * instead of going through npx/npx.cmd. This (a) eliminates the per-cold-start
+ * network fetch that ran with AZURE_DEVOPS_EXT_PAT in env, and (b) avoids the
+ * Windows .cmd shim chain that crashes the runtime under spawn.
  */
 const { spawn } = require('child_process');
+const fs = require('fs');
+const path = require('path');
 const { acquireAdoTokenSync } = require('./ado-token');
 
+const PKG_NAME = '@azure-devops/mcp';
+const BIN_NAME = 'mcp-server-azuredevops';
+
+function resolveMcpBin() {
+  const pkgJsonPath = require.resolve(`${PKG_NAME}/package.json`);
+  const pkgJson = JSON.parse(fs.readFileSync(pkgJsonPath, 'utf8'));
+  const binField = pkgJson.bin;
+  const relBin = typeof binField === 'string' ? binField : binField && binField[BIN_NAME];
+  if (!relBin) {
+    throw new Error(`${PKG_NAME} package.json is missing bin entry "${BIN_NAME}"`);
+  }
+  return path.resolve(path.dirname(pkgJsonPath), relBin);
+}
+
 let token;
 try {
   token = acquireAdoTokenSync().token;
@@ -16,14 +38,17 @@ try {
   process.exit(1);
 }
 
-// Launch the actual MCP server with the token in env
+let binPath;
+try {
+  binPath = resolveMcpBin();
+} catch (e) {
+  process.stderr.write('ado-mcp-wrapper: failed to resolve ' + PKG_NAME + ': ' + e.message + '\n');
+  process.stderr.write('ado-mcp-wrapper: run "npm install" in the minions checkout to restore the pinned dependency\n');
+  process.exit(1);
+}
+
 const args = process.argv.slice(2);
-const child = spawn(process.platform === 'win32' ? 'npx.cmd' : 'npx', [
-  '-y',
-  '--registry=https://registry.npmjs.org/',
-  '@azure-devops/mcp@latest',
-  ...args
-], {
+const child = spawn(process.execPath, [binPath, ...args], {
   stdio: 'inherit',
   env: { ...process.env, AZURE_DEVOPS_EXT_PAT: token, AZURE_DEVOPS_EXT_AZURE_RM_PAT: token },
   windowsHide: true,
@@ -35,3 +60,4 @@ child.on('error', (err) => {
   process.stderr.write('ado-mcp-wrapper: ' + err.message + '\n');
   process.exit(1);
 });
+

package/engine/ado.js

@@ -347,10 +347,16 @@ function applyAdoPrMetadata(pr, prData) {
 
   const sourceBranch = stripRefsHeads(prData.sourceRefName);
   if (sourceBranch && (pr.branch !== sourceBranch || pr._branchResolutionError || pr._pendingReason === shared.PR_PENDING_REASON.MISSING_BRANCH)) {
-    pr.branch = sourceBranch;
-    if (pr._branchResolutionError) delete pr._branchResolutionError;
-    if (pr._pendingReason === shared.PR_PENDING_REASON.MISSING_BRANCH) delete pr._pendingReason;
-    updated = true;
+    // P-a7c4d2e8 (F3): validate ADO-derived branch ref before persistence.
+    // On invalid ref, log + skip so the poller keeps running (defensive).
+    try {
+      pr.branch = shared.validateGitRef(sourceBranch);
+      if (pr._branchResolutionError) delete pr._branchResolutionError;
+      if (pr._pendingReason === shared.PR_PENDING_REASON.MISSING_BRANCH) delete pr._pendingReason;
+      updated = true;
+    } catch (refErr) {
+      log('warn', `ADO: invalid sourceRefName "${sourceBranch.slice(0, 64)}" for PR ${pr.id || '?'}: ${refErr.message}`);
+    }
   }
 
   const title = String(prData.title || '').trim();
@@ -590,6 +596,13 @@ async function forEachActivePr(config, token, callback) {
 
   for (const project of projects) {
     if (isGitHubProject(project)) continue;
+    // W-mp625n27000m6e78 — Honor per-project workSources.pullRequests.enabled.
+    // Default-ON: only skip when explicitly disabled (=== false). Same gate as
+    // engine/github.js:forEachActiveGhPr — without this, disabling PR polling
+    // for an ADO project via the dashboard Settings UI was cosmetic.
+    const src = project?.workSources?.pullRequests || config?.workSources?.pullRequests;
+    if (src && src.enabled === false) continue;
+
     repairAdoProjectConfig(project, 'ADO PR polling');
     if (!project.adoOrg || !project.adoProject) continue;
 
@@ -1060,17 +1073,32 @@ async function pollPrHumanComments(config) {
     const cutoffStr = pr.humanFeedback?.lastProcessedCommentDate || pr.created || '1970-01-01';
     const cutoffMs = new Date(cutoffStr).getTime() || 0;
 
-    // Collect ALL human comments on the PR for full context
+    // Collect ALL human comments on the PR for full context. `allCommentDates`
+    // tracks the publishedDate of every NON-system comment we observed —
+    // including bot/CI bodies and explicitly-ignored authors that get filtered
+    // out before reaching `allHumanComments`. We need their dates so the
+    // cutoff can advance past them on every successful poll, mirroring the
+    // GitHub poller convention (engine/github.js: `allCommentDates`). Without
+    // this, ignored/CI comments are re-fetched and re-filtered every tick.
     const allHumanComments = [];
     const newHumanComments = [];
+    const allCommentDates = [];
     const ignoredAuthors = (config.engine?.ignoredCommentAuthors || []).map(a => a.toLowerCase());
 
     for (const thread of threads) {
-      // Skip resolved/closed threads — only process active (1) and pending (6)
-      if (thread.status && thread.status !== 'active' && thread.status !== 1 && thread.status !== 6) continue;
+      // P-8c6a4f2d: collect comments from ALL threads regardless of status.
+      // Previously we skipped resolved/closed threads here, which dropped
+      // fresh human replies (humans do reply on resolved threads after a
+      // teammate marks them done). Classification below — ignoredAuthors,
+      // CI/coverage report regex, agent (Minions) detection — runs on every
+      // collected comment, mirroring engine/github.js pollPrHumanComments
+      // which has never filtered by thread state.
       for (const comment of (thread.comments || [])) {
         if (!comment.content || comment.commentType === 'system') continue;
         const content = comment.content;
+        // Track date for cutoff BEFORE author/body filters so bot/CI/ignored
+        // comments still advance the cutoff.
+        if (comment.publishedDate) allCommentDates.push(comment.publishedDate);
         // Skip explicitly ignored authors and CI-report bodies, but do not ignore bot authors by default.
         const authorName = (comment.author?.displayName || '').toLowerCase();
         if (ignoredAuthors.some(a => authorName.includes(a))) continue;
@@ -1096,18 +1124,21 @@ async function pollPrHumanComments(config) {
       }
     }
 
-    // Update cutoff even if only agent comments are new
-    const allNewDates = allHumanComments.filter(c => (new Date(c.date).getTime() || 0) > cutoffMs).map(c => c.date);
+    // Persist cutoff unconditionally for any new comment we observed — even
+    // if every new comment was bot/CI/ignored/agent. Mirrors GitHub poller.
+    const allNewDates = allCommentDates.filter(d => (new Date(d).getTime() || 0) > cutoffMs);
     if (allNewDates.length > 0 && newHumanComments.length === 0) {
       pr.humanFeedback = { ...(pr.humanFeedback || {}), lastProcessedCommentDate: allNewDates.sort().pop() };
       return true;
     }
     if (newHumanComments.length === 0) return false;
 
-    // Sort all comments chronologically and build full context for the fix agent
+    // Sort all comments chronologically and build full context for the fix agent.
+    // Cutoff advances to the latest of ALL new comment dates (so newer agent/CI
+    // comments interleaved with the human feedback don't re-scan next tick).
     allHumanComments.sort((a, b) => a.date.localeCompare(b.date));
     newHumanComments.sort((a, b) => a.date.localeCompare(b.date));
-    const latestDate = newHumanComments[newHumanComments.length - 1].date;
+    const latestDate = allNewDates.sort().pop() || newHumanComments[newHumanComments.length - 1].date;
 
     // Provide ALL comments as context — the agent needs full thread context to fix properly
     const feedbackContent = allHumanComments
@@ -1213,10 +1244,15 @@ async function reconcilePrs(config) {
           existing.prNumber = adoPr.pullRequestId;
         }
         if (existing && !existing.branch && branch) {
-          existing.branch = branch;
-          if (existing._branchResolutionError) delete existing._branchResolutionError;
-          if (existing._pendingReason === shared.PR_PENDING_REASON.MISSING_BRANCH) delete existing._pendingReason;
-          metadataUpdated++;
+          // P-a7c4d2e8 (F3): validate ADO-derived branch ref before persistence.
+          try {
+            existing.branch = shared.validateGitRef(branch);
+            if (existing._branchResolutionError) delete existing._branchResolutionError;
+            if (existing._pendingReason === shared.PR_PENDING_REASON.MISSING_BRANCH) delete existing._pendingReason;
+            metadataUpdated++;
+          } catch (refErr) {
+            log('warn', `ADO: invalid sourceRefName "${branch.slice(0, 64)}" for PR ${prId}: ${refErr.message}`);
+          }
         }
         // PR already tracked — write link to pr-links.json if we can extract an ID
         if (confirmedItemId) {
@@ -1331,6 +1367,77 @@ async function checkLiveReviewStatus(pr, project) {
   }
 }
 
+/**
+ * W-mp7b1g8q000fea45 — Reviewer vote reconciliation on verdict flip.
+ *
+ * Resets the *authenticated reviewer's own* prior negative vote (-5 wait-for-author
+ * or -10 rejected) to +10 (approved) when an agent flips their verdict from
+ * request_changes → approved on a re-review. Mirrors the existing target-branch
+ * re-approval pattern at engine/ado.js:837-852 (PUT reviewers/{myId} {vote:10}).
+ *
+ * IMPORTANT: only operates on the authenticated reviewer's own vote. Other
+ * reviewers' negative votes (humans, other minions on a different account) are
+ * left untouched — caller (lifecycle.updatePrAfterReview) re-checks live status
+ * after the reset and refuses to mark the PR locally approved if any negative
+ * vote remains.
+ *
+ * Returns null on transport failure (no token, no project config, network error).
+ * Otherwise returns:
+ *   {
+ *     attempted: boolean,    // true if we found our reviewer entry and tried to PUT
+ *     changed:   boolean,    // true if the reviewer's vote was actually flipped from <0 → 10
+ *     fromVote:  number|null,// the reviewer's prior vote (null if not a reviewer on the PR)
+ *     toVote:    number|null,// the vote after PUT (10 if changed, prior value otherwise)
+ *   }
+ */
+async function resetReviewerNegativeVote(pr, project) {
+  try {
+    repairAdoProjectConfig(project, 'ADO reviewer vote reset', pr ? [pr] : null);
+    if (!project?.adoOrg || !project?.adoProject) return null;
+    const token = await getAdoToken();
+    if (!token) return null;
+    const orgBase = shared.getAdoOrgBase(project);
+    const prNum = shared.getPrNumber(pr);
+    if (!prNum) return null;
+    const adoRepositoryLookupKey = getAdoRepositoryLookupKey(project);
+    if (!adoRepositoryLookupKey) {
+      logMissingAdoRepository(project, 'ADO reviewer vote reset');
+      return null;
+    }
+    const encodedRepoId = encodeURIComponent(adoRepositoryLookupKey);
+    const repoBase = `${orgBase}/${project.adoProject}/_apis/git/repositories/${encodedRepoId}`;
+    const prUrl = `${repoBase}/pullrequests/${prNum}?api-version=7.1`;
+    // 4s timeout — same budget as checkLiveReviewStatus.
+    const prData = await adoFetch(prUrl, token, { timeout: 4000 });
+    if (!prData) return null;
+    // Identify our authenticated reviewer entry.
+    const identityData = await adoFetch(`${orgBase}/_apis/connectionData?api-version=7.1`, token, { timeout: 4000 }).catch(() => null);
+    const myId = identityData?.authenticatedUser?.id;
+    if (!myId) return null;
+    const myReviewer = (prData.reviewers || []).find(r => String(r?.id || '').toLowerCase() === String(myId).toLowerCase());
+    const myVote = myReviewer && Number.isFinite(myReviewer.vote) ? myReviewer.vote : null;
+    if (myVote == null) {
+      // Not a reviewer on this PR — nothing to reset. (Reviewing-without-vote
+      // is the normal GH path; on ADO we generally do vote, so this is rare.)
+      return { attempted: false, changed: false, fromVote: null, toVote: null };
+    }
+    if (myVote >= 0) {
+      // Already neutral or positive — nothing to reset.
+      return { attempted: false, changed: false, fromVote: myVote, toVote: myVote };
+    }
+    await adoFetch(`${repoBase}/pullrequests/${prNum}/reviewers/${myId}?api-version=7.1`, token, {
+      method: 'PUT',
+      body: JSON.stringify({ vote: 10 }),
+      timeout: 4000,
+    });
+    log('info', `PR ${pr.id}: reset reviewer vote ${myVote} → 10 (verdict flipped to approved)`);
+    return { attempted: true, changed: true, fromVote: myVote, toVote: 10 };
+  } catch (e) {
+    log('warn', `Reviewer vote reset for ${pr?.id || 'unknown PR'}: ${e.message}`);
+    return null;
+  }
+}
+
 /**
  * Cheap pre-dispatch freshness check for build status and merge-conflict state.
  * Mirrors checkLiveReviewStatus — fetches PR data once, classifies builds for the
@@ -1767,6 +1874,7 @@ module.exports = {
   reconcileAbandonedPrs, // W-mp60tw0u000j3931 — one-shot startup re-probe of abandoned PRs
   checkLiveReviewStatus,
   checkLiveBuildAndConflict,
+  resetReviewerNegativeVote, // W-mp7b1g8q000fea45 — reset reviewer's prior negative vote on verdict flip
   needsAdoPollRetry,
   isAdoAuthError, // exported for testing
   isAdoThrottled,

package/engine/cc-worker-pool.js

@@ -59,6 +59,11 @@ const IDLE_REAPER_MS = 10 * 60 * 1000;
 // Reaper sweep cadence. Not exposed as ENGINE_DEFAULTS to keep the pool
 // dependency-free; sub-task C/D can plumb a config knob if needed.
 const REAPER_INTERVAL_MS = 60 * 1000;
+// Cap concurrent warm spawns triggered by tab/modal open. Without a cap, a
+// user spamming new tabs would fan out N parallel cold spawns; with one, the
+// excess waits in FIFO order while the first few warm. The actual user-driven
+// getSession() path is NOT throttled — only the pre-warm path is.
+const WARM_MAX_CONCURRENT = 3;
 
 // Test seam — every external side effect goes through `_internals` so
 // test/unit/cc-worker-pool.test.js can stub spawn/now/killImmediate.
@@ -556,6 +561,40 @@ function closeTab(tabId) {
   worker.close();
 }
 
+let _warmInflight = 0;
+const _warmQueue = [];
+
+function _drainWarmQueue() {
+  while (_warmInflight < WARM_MAX_CONCURRENT && _warmQueue.length > 0) {
+    const next = _warmQueue.shift();
+    _warmInflight++;
+    next().finally(() => {
+      _warmInflight--;
+      _drainWarmQueue();
+    });
+  }
+}
+
+// Pre-warm a tab: spawn the process, run the initialize handshake, and create
+// the ACP session (including MCP server init) without sending a prompt. The
+// returned session is registered in `_tabs` exactly as if getSession had built
+// it, so the next real call is a warm-reuse hit. Already-warm tabs are a
+// no-op. Concurrent calls beyond WARM_MAX_CONCURRENT queue in FIFO order.
+async function warmTab(args = {}) {
+  if (!args.tabId) throw new Error('cc-worker-pool.warmTab: tabId is required');
+  return new Promise((resolve, reject) => {
+    _warmQueue.push(async () => {
+      try {
+        const handle = await getSession(args);
+        resolve({ tabId: args.tabId, lifecycle: handle.lifecycle, sessionId: handle.sessionId });
+      } catch (err) {
+        reject(err);
+      }
+    });
+    _drainWarmQueue();
+  });
+}
+
 // Cancel the currently in-flight prompt on this tab without killing the
 // worker. Sends ACP `session/cancel` so the remote daemon stops generating;
 // the warm process + initialized MCP servers + session state are preserved
@@ -598,6 +637,7 @@ function _reapIdleTabs() {
 
 module.exports = {
   getSession,
+  warmTab,
   closeTab,
   cancelInflight,
   shutdown,
@@ -608,4 +648,5 @@ module.exports = {
   _buildSessionNewParams,
   IDLE_REAPER_MS,
   REAPER_INTERVAL_MS,
+  WARM_MAX_CONCURRENT,
 };

package/engine/cleanup.js

@@ -28,6 +28,16 @@ function engine() { if (!_engine) _engine = require('../engine'); return _engine
 let _dispatch = null;
 function dispatchModule() { if (!_dispatch) _dispatch = require('./dispatch'); return _dispatch; }
 
+// Lazy require for worktree-pool — used to protect pool entries from age/cap
+// sweeps (W-mp73ya3e000me6c5). Borrowed entries with live dispatches are
+// always protected; idle entries survive the age sweep but stay eligible for
+// the cap sweep so MAX_WORKTREES is still honored.
+let _worktreePool = null;
+function worktreePool() {
+  if (!_worktreePool) _worktreePool = require('./worktree-pool');
+  return _worktreePool;
+}
+
 // ─── Helpers ────────────────────────────────────────────────────────────────
 
 /**
@@ -247,30 +257,6 @@ async function getWorktreeBranchAsync(wtPath) {
   }
 }
 
-let _orphanPidProcessNamesCache = null;
-function _orphanPidProcessNames() {
-  if (_orphanPidProcessNamesCache) return _orphanPidProcessNamesCache;
-  const names = new Set(['node']);
-  try {
-    for (const name of require('./runtimes').listRuntimes()) names.add(String(name).toLowerCase());
-    // Copilot can run through the GitHub CLI fallback (`gh copilot`), so allow
-    // gh only when the copilot runtime is registered.
-    if (names.has('copilot')) names.add('gh');
-  } catch {
-    names.add('claude');
-  }
-  _orphanPidProcessNamesCache = names;
-  return names;
-}
-
-function _processNameAllowedForOrphanKill(processText) {
-  const firstLine = String(processText || '').trim().split(/\r?\n/).find(Boolean) || '';
-  const imageName = path.basename(firstLine.trim().split(/\s+/)[0] || '').toLowerCase().replace(/\.exe$/, '');
-  if (!imageName) return false;
-  return _orphanPidProcessNames().has(imageName);
-}
-
-
 /**
  * Kill orphaned processes whose dispatch ID appears in the worktree dir name.
  * Only kills processes NOT in the active dispatch queue — never kills live agents.
@@ -300,19 +286,15 @@ function _killProcessInWorktree(dir, activeProcesses, activeIds) {
       if (isActive) continue; // still active — do not kill
       const pid = parseInt(fs.readFileSync(path.join(tmpDir, f), 'utf8').trim(), 10);
       if (pid > 0) {
-        // Verify the PID still belongs to a Minions runtime process before killing
+        // Verify the PID still belongs to a Minions runtime process before killing.
+        // The shared helper inspects the PID's full command line for `claude` /
+        // `copilot` so a recycled PID running an unrelated process is skipped.
         try {
           if (process.platform === 'win32') {
-            const taskInfo = exec(`tasklist /FI "PID eq ${pid}" /NH`, { encoding: 'utf8', timeout: 3000, windowsHide: true });
-            const taskLower = taskInfo.toLowerCase();
-            if (!_processNameAllowedForOrphanKill(taskLower)) continue;
+            if (!shared.isProcessCommandLineMatchingAgent(pid)) continue;
             exec(`taskkill /F /T /PID ${pid}`, { stdio: 'pipe', timeout: 5000, windowsHide: true });
           } else {
-            // Verify the process name before killing (prevent recycled PID kill)
-            try {
-              const psOut = exec(`ps -p ${pid} -o comm=`, { encoding: 'utf8', timeout: 3000 }).trim();
-              if (!_processNameAllowedForOrphanKill(psOut)) continue;
-            } catch { continue; } // process dead or ps failed
+            if (!shared.isProcessCommandLineMatchingAgent(pid)) continue;
             try { process.kill(-pid, 'SIGKILL'); } catch { process.kill(pid, 'SIGKILL'); }
           }
           log('info', `Killed orphaned PID ${pid} (${f}) before worktree removal`);
@@ -477,6 +459,18 @@ async function runCleanup(config, verbose = false) {
       // isn't destroyed alongside the worktree.
       const phantomBranches = collectPhantomBranchesForProject(project);
 
+      // W-mp73ya3e000me6c5 — worktree pool protection sets. Borrowed entries
+      // with live dispatches are ALWAYS protected (no age, no cap). Idle
+      // entries survive the age sweep but stay eligible for the cap sweep so
+      // MAX_WORKTREES is still honored.
+      let _activeBorrowedPaths = new Set();
+      let _idlePaths = new Set();
+      try {
+        _activeBorrowedPaths = worktreePool().getActiveBorrowedPaths(activeDispatchIds);
+        _idlePaths = worktreePool().getIdlePaths();
+      } catch (e) { log('warn', `worktree-pool: cleanup lookup failed: ${e.message}`); }
+      const _normalizePoolPath = worktreePool()._normalizePath;
+
       // Probe `git branch --show-current` for every worktree in chunks of 5.
       // Sequential probing was the dominant cost in the cleanup phase
       // (5–15s tick stall every 10 ticks at 50+ worktrees), but unbounded
@@ -531,6 +525,19 @@ async function runCleanup(config, verbose = false) {
           }
         }
 
+        // W-mp73ya3e000me6c5 — pool-membership protection.
+        const _normWt = _normalizePoolPath ? _normalizePoolPath(wtPath) : wtPath;
+        const _isActiveBorrowed = _activeBorrowedPaths.has(_normWt);
+        const _isIdlePool = _idlePaths.has(_normWt);
+        if (_isActiveBorrowed) {
+          // Borrowed by a live dispatch — full protection (overrides any
+          // earlier shouldClean from merged-branch match too: the borrow
+          // owner is responsible, not stale PR data).
+          isProtected = true;
+          shouldClean = false;
+          if (verbose) console.log(`  Skipping worktree ${dir}: pool-borrowed by active dispatch`);
+        }
+
         // Also clean worktrees older than 2 hours with no active dispatch referencing them
         let mtime = Date.now();
         if (!shouldClean) {
@@ -538,7 +545,7 @@ async function runCleanup(config, verbose = false) {
             const stat = fs.statSync(wtPath);
             mtime = stat.mtimeMs;
             const ageMs = Date.now() - mtime;
-            if (ageMs > 7200000 && !isReferenced && !isProtected) { // 2 hours — P-e0b4f7a5: phantom-protected worktrees survive the age sweep too
+            if (ageMs > 7200000 && !isReferenced && !isProtected && !_isIdlePool) { // 2 hours — P-e0b4f7a5: phantom-protected worktrees survive the age sweep too. W-mp73ya3e000me6c5: idle pool entries also survive (TTL eviction handled by worktree-pool.pruneStale).
               shouldClean = true;
             }
           } catch { /* optional */ }
@@ -625,6 +632,9 @@ async function runCleanup(config, verbose = false) {
           _killProcessInWorktree(entry.dir, activeProcesses, activeDispatchIds);
           if (shared.removeWorktree(entry.wtPath, root, worktreeRoot)) {
             cleaned.worktrees++;
+            // W-mp73ya3e000me6c5 — keep the pool file in sync when an idle
+            // pool entry is reaped by the cap sweep (or any other reason).
+            try { worktreePool().evictEntry(entry.wtPath, 'cleanup-removed'); } catch (_e) { /* optional */ }
             const mergedPr = entry.matchedMergedBranch
               ? freshMergedPrByBranch.get(sanitizeBranch(normalizeLocalBranchName(entry.matchedMergedBranch)).toLowerCase())
               : null;
@@ -639,6 +649,26 @@ async function runCleanup(config, verbose = false) {
     } // end worktreeRoots loop
   }
 
+  // W-mp73ya3e000me6c5 — prune the worktree pool: drop entries whose path is
+  // gone, whose borrower is no longer in dispatch.active, or whose idle TTL
+  // has expired. Runs after the per-project worktree sweeps so we operate on
+  // the freshest dispatch state. The pool file is only mutated when entries
+  // change; default-off projects (no entries) are a no-op.
+  try {
+    const _dispatchForPrune = getDispatch();
+    const _activeIdsForPrune = new Set((_dispatchForPrune.active || []).map(d => d.id));
+    const _config = queries.getConfig();
+    const _idleTtlMs = _config?.engine?.worktreePoolIdleTtlMs ?? ENGINE_DEFAULTS.worktreePoolIdleTtlMs;
+    const _result = worktreePool().pruneStale({
+      activeDispatchIds: _activeIdsForPrune,
+      idleTtlMs: _idleTtlMs,
+    });
+    if (_result.evicted > 0) {
+      cleaned.worktreePoolEvicted = _result.evicted;
+      if (verbose) console.log(`  worktree-pool: evicted ${_result.evicted} stale entr${_result.evicted === 1 ? 'y' : 'ies'}`);
+    }
+  } catch (e) { log('warn', 'worktree-pool prune: ' + e.message); }
+
   // 4. Kill zombie agent processes not tracked by the engine
   // List all node processes, check if any are running spawn-agent.js for our minions
   try {
@@ -683,6 +713,13 @@ async function runCleanup(config, verbose = false) {
       for (const p of allProcs) {
         if (p.cmd && /[\\/]dashboard\.js(?![\w.-])/i.test(p.cmd)) anchorPids.push(p.pid);
       }
+      // W-mp68q6ke0010de68 — opt-in keep_processes flag: PIDs declared in
+      // any agents/<id>/keep-pids.json file are anchors, so the reachability
+      // walk treats them (and their MCP grandchildren) as legitimate.
+      try {
+        const keepProcessSweep = require('./keep-process-sweep');
+        for (const pid of keepProcessSweep.getActiveAnchorPids()) anchorPids.push(pid);
+      } catch (e) { log('warn', `cleanup: keep-process anchor lookup failed: ${e.message}`); }
       const reach = shared.listProcessReachable(anchorPids, allProcs);
       // MCP server commandlines. Matches scoped (@modelcontextprotocol/*,
       // @<scope>/mcp[-*]) and flat (mcp-server-*, *-mcp-server,

package/engine/cli.js

@@ -735,6 +735,43 @@ const commands = {
       }
     })();
 
+    // W-mp68q6ke0010de68 — Boot reconcile for keep_processes: clear out any
+    // stale agents/<id>/keep-pids.json files left over from a prior engine
+    // process (TTL expired while engine was down, or all declared PIDs are
+    // dead). Run once at boot before the first tick. Idempotent.
+    (function startupReconcileKeepProcesses() {
+      try {
+        const { sweepKeepProcesses } = require('./keep-process-sweep');
+        const stats = sweepKeepProcesses();
+        if (stats.scanned > 0 && (stats.expiredFiles || stats.deadFiles)) {
+          console.log(`  Keep-processes boot reconcile: ${stats.expiredFiles} expired, ${stats.deadFiles} dead, ${stats.killedPids} killed`);
+        }
+      } catch (err) {
+        e.log('warn', `Keep-processes boot reconcile failed: ${err.message}`);
+      }
+    })();
+
+    // W-mp73ya3e000me6c5 — Boot reconcile for the worktree pool: drop entries
+    // whose path is gone (manual rm), whose borrower crashed before
+    // returning, or whose idle TTL expired while the engine was down. The
+    // tick-time prune in cleanup.js will catch anything that piles up later;
+    // boot prune just keeps re-attach sane.
+    (function startupReconcileWorktreePool() {
+      try {
+        const worktreePool = require('./worktree-pool');
+        const dispatchSnap = require('./queries').getDispatch();
+        const activeIds = new Set((dispatchSnap.active || []).map(d => d.id));
+        const cfg = require('./queries').getConfig();
+        const idleTtlMs = cfg?.engine?.worktreePoolIdleTtlMs ?? require('./shared').ENGINE_DEFAULTS.worktreePoolIdleTtlMs;
+        const result = worktreePool.pruneStale({ activeDispatchIds: activeIds, idleTtlMs });
+        if (result.evicted > 0) {
+          console.log(`  Worktree-pool boot reconcile: evicted ${result.evicted} stale entr${result.evicted === 1 ? 'y' : 'ies'}`);
+        }
+      } catch (err) {
+        e.log('warn', `Worktree-pool boot reconcile failed: ${err.message}`);
+      }
+    })();
+
     // Initial tick
     e.tick();
 

package/engine/dispatch.js

@@ -9,7 +9,7 @@ const shared = require('./shared');
 const queries = require('./queries');
 const { setCooldownFailure } = require('./cooldown');
 
-const { safeJson, safeWrite, safeReadDir, mutateJsonFileLocked, mutateWorkItems,
+const { safeJson, mutateJsonFileLocked, mutateWorkItems,
   mutatePullRequests, getProjects, projectWorkItemsPath, projectPrPath, log, ts, dateStamp,
   sidecarDispatchPrompt, deleteDispatchPromptSidecar,
   WI_STATUS, WORK_TYPE, DISPATCH_RESULT, ENGINE_DEFAULTS, AGENT_STATUS, FAILURE_CLASS, PR_STATUS } = shared;
@@ -340,7 +340,12 @@ function pruneStalePrDispatches(config = queries.getConfig()) {
 function isRetryableFailureReason(reason = '', failureClass = '') {
   // FAILURE_CLASS-based classification takes precedence when available
   if (failureClass) {
-    const neverRetry = new Set([FAILURE_CLASS.CONFIG_ERROR, FAILURE_CLASS.PERMISSION_BLOCKED]);
+    const neverRetry = new Set([
+      FAILURE_CLASS.CONFIG_ERROR,
+      FAILURE_CLASS.PERMISSION_BLOCKED,
+      FAILURE_CLASS.WORKTREE_PREFLIGHT, // pre-spawn worktree validation — recompute will produce the same failure
+      FAILURE_CLASS.INVALID_KEEP_PROCESSES_WORKDIR, // W-mp6k7ywi000fa33c — keep-pids cwd is not a real git worktree; re-running won't fix the structural issue
+    ]);
     if (neverRetry.has(failureClass)) return false;
   }
   const r = String(reason || '').toLowerCase();
@@ -593,6 +598,8 @@ function completeDispatch(id, result = DISPATCH_RESULT.SUCCESS, reason = '', res
             [FAILURE_CLASS.OUT_OF_CONTEXT]: 'context window exhausted',
             [FAILURE_CLASS.CONFIG_ERROR]: 'configuration error',
             [FAILURE_CLASS.PERMISSION_BLOCKED]: 'permission or auth failure',
+            [FAILURE_CLASS.WORKTREE_PREFLIGHT]: 'worktree preflight rejected (nested in project root or rootDir collapsed to drive root)',
+            [FAILURE_CLASS.INVALID_KEEP_PROCESSES_WORKDIR]: 'keep_processes cwd is not a real git worktree (rerun in a `git worktree add` directory)',
             [FAILURE_CLASS.UNKNOWN]: 'unknown error',
           };
           const classLabel = failureClass ? (CLASS_LABELS[failureClass] || failureClass) : '';
@@ -667,14 +674,30 @@ function completeDispatch(id, result = DISPATCH_RESULT.SUCCESS, reason = '', res
 // ─── Inbox Alert ─────────────────────────────────────────────────────────────
 
 function writeInboxAlert(slug, content) {
+  const safeSlug = shared.safeSlugComponent(slug, 100);
+  const alertKey = `engine-alert-${safeSlug}-${dateStamp()}`;
+  const file = path.join(INBOX_DIR, `${alertKey}.md`);
+  // Atomic dedupe: openSync(_, 'wx') creates exclusively, fails with EEXIST if
+  // the file is already there. Closes the TOCTOU window that the previous
+  // safeReadDir+safeWrite pattern left open between two racing writers.
+  let fd;
   try {
-    const safeSlug = shared.safeSlugComponent(slug, 100);
-    const file = path.join(INBOX_DIR, `engine-alert-${safeSlug}-${dateStamp()}.md`);
-    // Dedupe: don't write the same alert twice in the same day
-    const existing = safeReadDir(INBOX_DIR).find(f => f.startsWith(`engine-alert-${safeSlug}-${dateStamp()}`));
-    if (existing) return;
-    safeWrite(file, content);
-  } catch (e) { log('warn', 'write inbox alert: ' + e.message); }
+    if (!fs.existsSync(INBOX_DIR)) fs.mkdirSync(INBOX_DIR, { recursive: true });
+    fd = fs.openSync(file, 'wx');
+  } catch (e) {
+    if (e && e.code === 'EEXIST') {
+      log('info', `Alert ${alertKey} already exists, skipping duplicate`);
+      return false;
+    }
+    log('warn', 'write inbox alert: ' + e.message);
+    throw e;
+  }
+  try {
+    fs.writeSync(fd, typeof content === 'string' ? content : JSON.stringify(content, null, 2));
+  } finally {
+    try { fs.closeSync(fd); } catch { /* best-effort close */ }
+  }
+  return true;
 }
 
 // ─── Agent Worker Status ────────────────────────────────────────────────────

package/engine/features.js

@@ -26,6 +26,12 @@
 // (knowledge/architecture/2026-05-13-ripley-meeting-conclusion-daily-architecture-bug-review-2.md,
 // PR-C, Option B — keep framework, document the registry).
 const FEATURES = {
+  'slim-ux': {
+    description: 'Experimental redesigned dashboard surface (placeholder gate; Slim UX)',
+    default: false,
+    addedIn: '0.1.1757',
+    expires: '2026-11-01',
+  },
   // ccUseWorkerPool — sub-tasks B/C/D of W-mp2w003600196c51 (CC perf).
   // Routes Command Center / doc-chat through engine/cc-worker-pool.js
   // (persistent `copilot --acp` per CC tab) instead of spawning a fresh CLI