@yemi33/minions 0.1.2087 → 0.1.2088

package/engine/queries.js

@@ -210,6 +210,40 @@ function _findDispatchEntry(dispatch, id) {
   return null;
 }
 
+function _mergeArtifactNotes(existing, additions) {
+  const merged = [];
+  const seen = new Set();
+  function normalize(note) {
+    if (shared.isPlainObject(note)) {
+      const file = String(note.file || '').trim();
+      if (!file) return null;
+      const out = { file };
+      for (const key of ['id', 'title', 'path']) {
+        if (note[key] == null) continue;
+        const value = String(note[key]).trim();
+        if (value) out[key] = value;
+      }
+      return out;
+    }
+    const file = String(note || '').trim();
+    return file ? file : null;
+  }
+  function keyFor(note) {
+    return shared.isPlainObject(note)
+      ? String(note.file || '')
+      : String(note || '');
+  }
+  for (const note of [...(Array.isArray(existing) ? existing : []), ...(Array.isArray(additions) ? additions : [])]) {
+    const normalized = normalize(note);
+    if (!normalized) continue;
+    const key = keyFor(normalized);
+    if (seen.has(key)) continue;
+    seen.add(key);
+    merged.push(normalized);
+  }
+  return merged;
+}
+
 function _completionReportPathForEntry(entryOrId) {
   const id = typeof entryOrId === 'string' ? entryOrId : entryOrId?.id;
   return (typeof entryOrId === 'object' && entryOrId?.meta?.completionReportPath)
@@ -376,7 +410,7 @@ function getMetrics() {
     const agent = (pr.agent || '').toLowerCase();
     if (!agent || agent.startsWith('temp-')) continue;
     prCountByAgent[agent] = (prCountByAgent[agent] || 0) + 1;
-    if (pr.reviewStatus === 'approved' || pr.status === 'merged') prApprovedByAgent[agent] = (prApprovedByAgent[agent] || 0) + 1;
+    if (pr.reviewStatus === shared.REVIEW_STATUS.APPROVED || pr.status === shared.PR_STATUS.MERGED) prApprovedByAgent[agent] = (prApprovedByAgent[agent] || 0) + 1;
     if (pr.reviewStatus === 'rejected') prRejectedByAgent[agent] = (prRejectedByAgent[agent] || 0) + 1;
   }
 
@@ -1436,7 +1470,7 @@ function getWorkItems(config) {
   // Best-effort enrichment for work item _artifacts.notes, not correctness-critical.
   const _kbEntries = getKnowledgeBaseEntriesSnapshot();
   for (const item of allItems) {
-    const arts = {};
+    const arts = shared.isPlainObject(item._artifacts) ? { ...item._artifacts } : {};
     const agentId = item.dispatched_to || item.agent;
     if (agentId) {
       // Output log — match by dispatch ID (output-{dispatchId}.log)
@@ -1461,7 +1495,7 @@ function getWorkItems(config) {
         const matchArchive = _archiveFiles.filter(f => f.includes(agentId) && f.includes(itemId));
         for (const f of matchArchive) allNotes.push('archive:' + f);
       }
-      if (allNotes.length > 0) arts.notes = allNotes;
+      if (allNotes.length > 0) arts.notes = _mergeArtifactNotes(arts.notes, allNotes);
     }
     if (item.branch || item.featureBranch) arts.branch = item.branch || item.featureBranch;
     if (item.sourcePlan) arts.sourcePlan = item.sourcePlan;
@@ -2269,99 +2303,26 @@ function _invalidateMtimePathsCache() {
 }
 
 function getStatusFastStateMtimePaths(config) {
+  // Issue #2949 — /api/status was slimmed to just engine/throttle state +
+  // skills/mcp/projects/version. dispatch.json, work-items.json,
+  // pull-requests.json, watches.json, notes.md, INBOX_DIR, qa-runs.json,
+  // and the meetings dir all moved to dedicated /api/<x> endpoints which
+  // have their OWN input-mtime ETags. Continuing to track those files in
+  // the fast-state registry would bust the /api/status outer cache on
+  // every engine write to them — pure wasted rebuild for slices that no
+  // longer appear in the payload.
+  //
+  // Fast-state inputs are now exclusively in-memory (engine heartbeat,
+  // ADO/GH throttle counters) so no file-mtime tracking is required.
+  // Returning [] makes the fast tracker a no-op; the slow tracker still
+  // catches the few file-derived slices that remain (skills, mcp,
+  // projects/git, autoMode/config). The cache version is bumped by
+  // `emitStateEvent` (db-events) when the slow registry detects a
+  // change OR when explicit invalidateStatusCache() callers fire.
   config = config || getConfig();
   const cacheKey = _mtimePathsCacheKey(config);
   if (_fastMtimePathsCache && _fastMtimePathsCacheKey === cacheKey) return _fastMtimePathsCache;
-  const projects = getProjects(config);
-  const files = [
-    // Engine-level state surfaced by getDispatchQueue. `control.json`,
-    // `log.json`, and `metrics.json` are intentionally omitted — see the
-    // "Files intentionally NOT tracked" section above
-    // (W-mpg8aapw001d7e0c, W-mphejzct00065d8c). dispatch.json stays
-    // tracked because the home + engine sidebar activity dots and
-    // renderDispatch() consume dispatch transitions at sub-FAST_STATE_TTL
-    // cadence (active → completed flips must light up within one SPA
-    // poll, not wait up to 10 s for the periodic SSE backstop).
-    DISPATCH_PATH,
-    // Watches surfaced by watchesMod.getWatches() (W-mpftp7na000td0f4 fix).
-    path.join(ENGINE_DIR, 'watches.json'),
-    // Central work-items.json surfaced by getWorkItems().
-    path.join(MINIONS_DIR, 'work-items.json'),
-    // notes.md (surfaced by getNotesWithMeta) — consolidation writes this
-    // when an inbox batch is processed. Single file, mtime advances on every
-    // write. Without this, the dashboard's notes view sat stale for up to
-    // FAST_STATE_TTL (10 s) after each consolidation cycle.
-    NOTES_PATH,
-    // notes/inbox/ (surfaced by getInbox) — every writeToInbox call CREATES
-    // a new file (engine/shared.js#writeToInbox always uses a uid'd path,
-    // never an in-place edit), so the directory's mtime is a reliable
-    // entry-add/remove signal even on Windows NTFS. Without it, PR-comment
-    // notifications, agent-failure summaries, follow-up build alerts, and
-    // meeting-transcript dumps all lagged up to 10 s before appearing on
-    // the dashboard's inbox view.
-    INBOX_DIR,
-    // engine/qa-runs.json (surfaced by listRuns via fast-state qaRuns slice)
-    // — new QA runs and status flips need to light the sidebar activity dot
-    // within one SPA poll cycle. Single file, mtime advances on each write.
-    path.join(ENGINE_DIR, 'qa-runs.json'),
-  ];
-  // meetings/<id>.json (surfaced by meeting.getMeetings) — round transitions
-  // edit each file in-place via mutateMeeting, so the parent dir's mtime
-  // does NOT advance on Windows. Tracking each file individually catches
-  // in-file edits. Bounded by active meeting count; safeWrite's `.json.backup`
-  // tempfile sidecars are excluded by the `.json` suffix check (a path
-  // ending in `.json.backup` does not end in `.json`).
-  try {
-    const meetingsDir = path.join(MINIONS_DIR, 'meetings');
-    for (const f of fs.readdirSync(meetingsDir)) {
-      if (f.endsWith('.json')) files.push(path.join(meetingsDir, f));
-    }
-  } catch { /* meetings dir absent → no meetings to track */ }
-  // Per-project work-items (surfaced by getWorkItems) and pull-requests
-  // (surfaced by getPullRequests). The PR file was the biggest miss in the
-  // original tracked list — PR status flips (running → passing, waiting →
-  // approved) were waiting on the 10 s SSE backstop instead of the next
-  // 4 s SPA poll.
-  //
-  // Per-project `.git/logs/HEAD` (the reflog) — added to cut the project-
-  // branch-state lag (was 15–25 s typical). The reflog is appended on every
-  // HEAD-changing operation (checkout, commit, reset, merge, rebase), so
-  // its mtime is a perfect signal that getProjectGitStatus's cached value
-  // is stale. Unlike control.json (intentionally excluded above), it is
-  // NOT advanced on a timer — it only moves on user-initiated git
-  // operations, so it can't dominate legitimate state changes. Cheap (one
-  // statSync per project per cache miss).
-  //
-  // Per-project `.git/FETCH_HEAD` — bare `git fetch` advances FETCH_HEAD
-  // without touching `.git/logs/HEAD` (no HEAD move) or `.git/index` (no
-  // working-tree change). Without this entry, an external `git fetch`
-  // (or another tool background-fetching) leaves the dashboard's
-  // _statusCache and getProjectGitStatus's inner cache both serving the
-  // pre-fetch ahead/behind counts until BOTH the 10s FAST_STATE_TTL and
-  // the 15s probe TTL expire (W-mphdmr8c00030124).
-  //
-  // For linked worktrees (`<localPath>/.git` is a file pointing to
-  // `<main>/.git/worktrees/<name>/`), `_resolveGitDir` walks the pointer
-  // so logs/HEAD and FETCH_HEAD are tracked at the actual gitdir; the
-  // statSync in dashboard's `_getMtimes` tolerates ENOENT, so falling
-  // back to `<localPath>/.git/...` for non-linked-worktree repos is safe.
-  for (const p of projects) {
-    files.push(shared.projectWorkItemsPath(p));
-    files.push(shared.projectPrPath(p));
-    if (p && p.localPath) {
-      const gitDir = _resolveGitDir(p.localPath) || path.join(p.localPath, '.git');
-      // logs/HEAD is per-worktree (HEAD moves, commits, checkouts).
-      // FETCH_HEAD lives in the COMMON gitdir — `git fetch` from a linked
-      // worktree writes to `<main>/.git/FETCH_HEAD`, not to the
-      // per-worktree subdir. Tracking only the per-worktree path here
-      // would leave linked-worktree projects stuck after `git fetch`
-      // (the file at `<main>/.git/worktrees/<name>/FETCH_HEAD` never
-      // exists — verified empirically).
-      const commonGitDir = _resolveCommonGitDir(gitDir);
-      files.push(path.join(gitDir, 'logs', 'HEAD'));
-      files.push(path.join(commonGitDir, 'FETCH_HEAD'));
-    }
-  }
+  const files = [];
   _fastMtimePathsCache = files;
   _fastMtimePathsCacheKey = cacheKey;
   return files;
@@ -2441,35 +2402,13 @@ function getStatusSlowStateMtimePaths(config) {
   if (_slowMtimePathsCache && _slowMtimePathsCacheKey === cacheKey) return _slowMtimePathsCache;
   const projects = getProjects(config);
   const homeDir = os.homedir();
-  const files = [
-    // prd/*.json (surfaced by getPrdInfo) — engine writes via syncPrdFromPrs,
-    // the materializer, and plan-to-prd outputs.
-    PRD_DIR,
-    // prd/archive/*.json — manual archive moves PRDs here.
-    path.join(PRD_DIR, 'archive'),
-    // prd/guides/*.md — verify agent writes new files here on E2E completion.
-    path.join(MINIONS_DIR, 'prd', 'guides'),
-    // engine/schedule-runs.json — scheduler rewrites this on every cron fire.
-    path.join(ENGINE_DIR, 'schedule-runs.json'),
-    // engine/pipeline-runs.json — pipeline executor rewrites this on each
-    // stage transition (the most user-visible slow-state lag pre-fix).
-    path.join(ENGINE_DIR, 'pipeline-runs.json'),
-    // pipelines/*.json — pipeline definitions, edited by humans + plan agents.
-    path.join(MINIONS_DIR, 'pipelines'),
-    // pinned.md — single file, dashboard-side writes already call
-    // invalidateStatusCache({includeSlow:true}); tracker entry catches any
-    // CLI/editor edit that bypasses the API.
-    path.join(MINIONS_DIR, 'pinned.md'),
-    // work-items.json — central + per-project files (per-project pushed below
-    // alongside the PR paths). The PRD progress slice in slow-state is
-    // *derived* from work-item statuses via getPrdInfo's input-hash, so a
-    // WI flipping dispatched→done changes prdProgress without touching any
-    // file in this tracker. Without this entry the slow-state cache hangs
-    // on stale PRD progress for up to 60s after a WI completes (user
-    // report: visit /plans, see all items active; switch to /home + hard
-    // refresh; the WIs are done; return to /plans, now items show as done).
-    path.join(MINIONS_DIR, 'work-items.json'),
-  ];
+  // Issue #2949 — slow-state now contains ONLY skills, mcpServers, projects,
+  // autoMode, initialized, installId, version. PRD/PRDProgress/verifyGuides/
+  // archivedPrds/schedules/pipelines/pinned/work-items all moved to dedicated
+  // /api/<x> endpoints which carry their own ETags; tracking their backing
+  // files here would bust the /api/status outer cache for slices that aren't
+  // in the payload anymore.
+  const files = [];
 
   // Skill discovery roots (surfaced by _buildStatusSlowState → getSkills).
   // Mirrors collectSkillFiles' source enumeration so adding a new runtime
@@ -2519,13 +2458,6 @@ function getStatusSlowStateMtimePaths(config) {
     const commonGitDir = _resolveCommonGitDir(gitDir);
     files.push(path.join(gitDir, 'logs', 'HEAD'));
     files.push(path.join(commonGitDir, 'FETCH_HEAD'));
-    // Per-project work-items.json + pull-requests.json — same reason as the
-    // central work-items.json above: the prdProgress slice is derived from
-    // their contents via getPrdInfo's input hash. A WI completion in a
-    // project that uses its own work-items.json file would otherwise hang
-    // slow-state until TTL.
-    try { files.push(projectWorkItemsPath(project)); } catch { /* path helper optional */ }
-    try { files.push(projectPrPath(project)); } catch { /* path helper optional */ }
   }
 
   _slowMtimePathsCache = files;

package/engine/shared.js

@@ -1843,7 +1843,6 @@ const KB_READABLE_CATEGORIES = Object.freeze([
   'consolidated', 'consolidation', 'consolidations',
   'team-memory', 'general', 'patterns',
 ]);
-
 /**
  * Classify an inbox item into a knowledge base category.
  * Single source of truth — used by consolidation.js (both LLM and regex paths).
@@ -1913,6 +1912,14 @@ const ENGINE_DEFAULTS = {
   prNoOpFixPauseAttempts: 2, // pause one PR automation cause after repeated no-op fixes for unchanged evidence
   completionReportRetentionDays: 90, // retain completion report sidecars beyond capped dispatch history
   completionReportMaxFiles: 5000, // hard cap for completion report sidecars during cleanup
+  // P-bfa2c-cors-wildcard: extra Origins permitted to receive an
+  // `Access-Control-Allow-Origin` echo on GET/HEAD dashboard responses
+  // beyond the default `http://localhost:7331`. Default empty (security
+  // default). Reverse-proxy or alternate-port deployments set this to
+  // opt those origins in. Entries are matched verbatim against the
+  // request's `Origin` header (scheme + host + port — no path/wildcards).
+  // See `shared.isAllowedDashboardOrigin()` and the dashboard CORS prelude.
+  allowedDashboardOrigins: [],
   meetingRoundTimeout: 900000, // 15min per meeting round — soft signal; logs a "still waiting" warning each tick
   meetingRoundHardTimeout: 3600000, // 60min hard backstop — non-terminal participants are marked failed and the round advances. Prevents permanent stalls if an agent's dispatch never spawns or its completion gets dropped.
   evalLoop: true, // enable review→fix loop after implementation completes
@@ -2183,33 +2190,6 @@ const ENGINE_DEFAULTS = {
   // Settings UI exposes this as a free-text input; clearing the field deletes
   // the override and falls back to auto-resolution.
   operatorLogin: null,
-  // ── /api/status workItems retention (W-mphejzmj000718bf) ────────────────────
-  // Optional age-based trim for done/failed/cancelled work items in the
-  // /api/status workItems slice. Default 0 = no trim (full list shipped). The
-  // bulk of the payload savings (~3MB → ~500KB) comes from _slimWorkItemForStatus
-  // dropping description / full acceptanceCriteria / references — that slim
-  // projection runs unconditionally. The date filter on top was a second-tier
-  // optimization that surfaced as data loss to users (completed items vanishing
-  // from /api/status after 7 days) so it now opts in via a positive integer.
-  // Active items (pending/dispatched/queued) are ALWAYS shipped regardless of
-  // age. The detail modal fetches the full record on demand via
-  // GET /api/work-items/<id> when description/references/AC are needed.
-  statusWorkItemsRetentionDays: 0,
-
-  // ── /api/status meetings retention (W-mphlrxx6000a8760) ─────────────────────
-  // Same shape as statusWorkItemsRetentionDays — optional age-based trim for
-  // completed/archived meetings in the /api/status meetings slice. Default 0
-  // = no trim (full list shipped). The slim projection (which collapses
-  // ~95KB+ per-round findings/debate/transcript bodies down to {agentId: true}
-  // sentinels) delivers the bulk of the payload savings and always runs.
-  // The date filter on top was demoted to opt-in for the same reason as the
-  // workItems trim: vanishing completed meetings read as data loss. Active
-  // meetings (investigating/debating/concluding) are ALWAYS shipped regardless
-  // of age. The detail modal fetches the full record (findings, debate,
-  // conclusion, transcript bodies) on demand via GET /api/meetings/<id>.
-  // A top-level meetingsTotal field is synthesized so the sidebar activity
-  // dot still fires when ANY meeting gains a new round.
-  statusMeetingsRetentionDays: 0,
 };
 
 // ─── Runtime Fleet Resolution (P-3b8e5f1d) ──────────────────────────────────
@@ -2406,64 +2386,6 @@ function _resetLegacyCcModelMigrationFlag() {
   _legacyCcModelMigrationLogged = false;
 }
 
-// ─── Stale statusWorkItemsRetentionDays Default Migration ────────────────────
-//
-// The retention default was 7 from W-mphejzmj000718bf until users reported the
-// trim hid completed work items from /api/status, which read as data loss.
-// We flipped the baked-in default to 0 (no trim). Installs that opened the
-// Settings page while the default was 7 have `engine.statusWorkItemsRetentionDays: 7`
-// persisted in their config.json — the resolver would return 7 and they'd
-// still see the trim. This shim drops a literal `7` at load time so the new
-// default of 0 applies. Operators who explicitly set a non-7 value (e.g. 14
-// or 30) are left untouched. No on-disk rewrite.
-
-let _staleRetentionMigrationLogged = false;
-
-function applyStatusWorkItemsRetentionMigration(config, { logger = log } = {}) {
-  if (!config || !config.engine || typeof config.engine !== 'object') return false;
-  const e = config.engine;
-  if (e.statusWorkItemsRetentionDays !== 7) return false;
-  delete e.statusWorkItemsRetentionDays;
-  if (!_staleRetentionMigrationLogged) {
-    _staleRetentionMigrationLogged = true;
-    try {
-      logger('warn', 'statusWorkItemsRetentionDays=7 was the previous default — clearing in-memory so the new default (0, no trim) applies. Re-save Settings to persist or set a positive value to opt back in.');
-    } catch { /* logger may not be wired during tests — best-effort */ }
-  }
-  return true;
-}
-
-/** Test helper: reset the dedup flag so repeated tests can re-trigger the log. */
-function _resetStaleRetentionMigrationFlag() {
-  _staleRetentionMigrationLogged = false;
-}
-
-// Same shape as applyStatusWorkItemsRetentionMigration above, for the meetings
-// slice. The prior baked-in default of 7 caused completed/archived meetings to
-// vanish from /api/status after a week; we flipped the default to 0 and strip
-// the literal 7 from persisted configs so the new behavior applies.
-
-let _staleMeetingsRetentionMigrationLogged = false;
-
-function applyStatusMeetingsRetentionMigration(config, { logger = log } = {}) {
-  if (!config || !config.engine || typeof config.engine !== 'object') return false;
-  const e = config.engine;
-  if (e.statusMeetingsRetentionDays !== 7) return false;
-  delete e.statusMeetingsRetentionDays;
-  if (!_staleMeetingsRetentionMigrationLogged) {
-    _staleMeetingsRetentionMigrationLogged = true;
-    try {
-      logger('warn', 'statusMeetingsRetentionDays=7 was the previous default — clearing in-memory so the new default (0, no trim) applies. Re-save Settings to persist or set a positive value to opt back in.');
-    } catch { /* logger may not be wired during tests — best-effort */ }
-  }
-  return true;
-}
-
-/** Test helper: reset the dedup flag so repeated tests can re-trigger the log. */
-function _resetStaleMeetingsRetentionMigrationFlag() {
-  _staleMeetingsRetentionMigrationLogged = false;
-}
-
 // ─── Runtime Config Preflight Warnings ──────────────────────────────────────
 //
 // Emit non-fatal warnings about runtime/CLI configuration drift. Consumed by
@@ -2732,6 +2654,44 @@ const PR_POLLABLE_STATUSES = new Set([PR_STATUS.ACTIVE, PR_STATUS.LINKED]);
 const PR_PENDING_REASON = {
   MISSING_BRANCH: 'missing_pr_branch',
 };
+// PR build-status enum — single source of truth for the literal strings written to
+// pull-requests.json `buildStatus`. Previously drifted across engine/ado.js,
+// engine/github.js, engine/lifecycle.js, engine/watches.js, engine/queries.js, engine/cli.js
+// (P-bfa3d-constants-eslint, audit items #68-#82).
+const BUILD_STATUS = {
+  PASSING: 'passing',
+  FAILING: 'failing',
+  RUNNING: 'running',
+  NONE: 'none',
+};
+// PR review-status enum — single source of truth for the literal strings written to
+// pull-requests.json `reviewStatus`. Previously drifted across engine/ado.js,
+// engine/github.js, engine/lifecycle.js, engine/watches.js, engine/queries.js, engine/cli.js
+// (P-bfa3d-constants-eslint, audit items #68-#82).
+const REVIEW_STATUS = {
+  APPROVED: 'approved',
+  CHANGES_REQUESTED: 'changes-requested',
+  WAITING: 'waiting',
+  PENDING: 'pending',
+};
+// Named fetch-timeout constants — previously hard-coded as `timeout: 4000` /
+// `timeout: 15000` etc. across ADO and GitHub integrations. Per-call-class names so
+// the migrated sites read self-documentingly and drift is grep-able.
+// (P-bfa3d-constants-eslint, audit items #68-#82).
+const FETCH_TIMEOUT_MS = {
+  ADO_API: 4000,        // engine/ado.js — ADO REST API single-shot fetches
+  GH_CLI: 15000,        // engine/github.js, engine/lifecycle.js — `gh pr/api` shell-outs
+  GH_COMMENT: 30000,    // engine/gh-comment.js — comment/review posts (slower endpoint)
+};
+// Retry delay between auto-link fallback attempts in engine/lifecycle.js#resolvePrLinkFallback.
+// Previously a bare `3000` magic number; named so the cadence is grep-able and consistent
+// if other retry paths need the same backoff. (P-bfa3d-constants-eslint).
+const RETRY_DELAY_MS = 3000;
+// Max retries for ADO token-refresh inside engine/ado.js#adoFetch.
+// Distinct from ENGINE_DEFAULTS.maxRetries (dispatch-level cap) — this is the
+// per-request token-refresh ceiling and is intentionally separate.
+// (P-bfa3d-constants-eslint).
+const ADO_TOKEN_REFRESH_MAX_RETRIES = 1;
 
 // Watch statuses — engine-level persistent watches that survive restarts
 const WATCH_STATUS = { ACTIVE: 'active', PAUSED: 'paused', TRIGGERED: 'triggered', EXPIRED: 'expired' };
@@ -4105,6 +4065,42 @@ function isAllowedOrigin(origin) {
   return _ALLOWED_ORIGIN_HOSTS.has(parsed.hostname);
 }
 
+// Canonical dashboard origin — the (scheme+host+port) value echoed on
+// `Access-Control-Allow-Origin` when a browser request originates from the
+// dashboard's own served page. Mirrors the bind addr + port in dashboard.js.
+const DASHBOARD_ACAO_DEFAULT_ORIGIN = 'http://localhost:7331';
+
+/**
+ * Returns true if the given `Origin` header value should receive an
+ * `Access-Control-Allow-Origin` echo on GET/HEAD responses. STRICTER than
+ * `isAllowedOrigin` — that helper is the mutating-request gate (allows any
+ * localhost port the browser may originate from, as defense-in-depth against
+ * CSRF/DNS-rebinding). This helper decides which origins may *cross-origin
+ * READ* dashboard JSON responses, so it admits only:
+ *
+ *   - The dashboard's own served origin (`http://localhost:7331`)
+ *   - Exact strings in `config.engine.allowedDashboardOrigins` (default [])
+ *
+ * Everything else, including other `http://localhost:<port>` URLs, returns
+ * false — the dashboard never opts into cross-origin browser reads for them.
+ * Reverse-proxy or alternate-port deployments can opt in via the config knob;
+ * see CLAUDE.md and docs/security.md (P-bfa2c-cors-wildcard).
+ *
+ * @param {string|null|undefined} origin Raw `Origin` request header value.
+ * @param {object} [config] Engine config (`config.engine.allowedDashboardOrigins`).
+ * @returns {boolean}
+ */
+function isAllowedDashboardOrigin(origin, config) {
+  if (!origin || typeof origin !== 'string') return false;
+  const trimmed = origin.trim();
+  if (!trimmed) return false;
+  if (trimmed === DASHBOARD_ACAO_DEFAULT_ORIGIN) return true;
+  const extras = config && config.engine && Array.isArray(config.engine.allowedDashboardOrigins)
+    ? config.engine.allowedDashboardOrigins
+    : [];
+  return extras.includes(trimmed);
+}
+
 /**
  * Returns the baseline set of security response headers to apply on every HTTP
  * response from the dashboard. Values match OWASP defaults for a same-origin
@@ -5517,12 +5513,10 @@ module.exports = {
   resolveAgentCli, resolveCcCli, resolveCcUseWorkerPool, resolveAgentModel, resolveCcModel,
   resolveAgentMaxBudget, resolveAgentBareMode,
   applyLegacyCcModelMigration, _resetLegacyCcModelMigrationFlag,
-  applyStatusWorkItemsRetentionMigration, _resetStaleRetentionMigrationFlag,
-  applyStatusMeetingsRetentionMigration, _resetStaleMeetingsRetentionMigrationFlag,
   runtimeConfigWarnings,
   projectWorkSourceWarnings,
   backfillProjectWorkSourceDefaults,
-  WI_STATUS, DONE_STATUSES, PLAN_TERMINAL_STATUSES, WORK_TYPE, WORKTREE_REQUIRING_TYPES, PLAN_STATUS, PRD_ITEM_STATUS, PRD_MATERIALIZABLE, PR_STATUS, PR_POLLABLE_STATUSES, PR_PENDING_REASON, DISPATCH_RESULT, mutateMetrics, mutateWatches, mutateScheduleRuns, mutatePipelineRuns, mutateManagedProcesses, mutateWorktreePool, trackReviewMetric, queuePlanToPrd, extractPlanDeclaredProject,
+  WI_STATUS, DONE_STATUSES, PLAN_TERMINAL_STATUSES, WORK_TYPE, WORKTREE_REQUIRING_TYPES, PLAN_STATUS, PRD_ITEM_STATUS, PRD_MATERIALIZABLE, PR_STATUS, PR_POLLABLE_STATUSES, PR_PENDING_REASON, BUILD_STATUS, REVIEW_STATUS, FETCH_TIMEOUT_MS, RETRY_DELAY_MS, ADO_TOKEN_REFRESH_MAX_RETRIES, DISPATCH_RESULT, mutateMetrics, mutateWatches, mutateScheduleRuns, mutatePipelineRuns, mutateManagedProcesses, mutateWorktreePool, trackReviewMetric, queuePlanToPrd, extractPlanDeclaredProject,
   WATCH_STATUS, WATCH_TARGET_TYPE, WATCH_CONDITION, WATCH_ABSOLUTE_CONDITIONS, WATCH_ACTION_TYPE,
   WATCH_STALLED_DEFAULT_TICKS, WATCH_STUCK_STAGE_DEFAULT_TICKS,
   PIPELINE_STATUS, STAGE_TYPE, MEETING_STATUS, AGENT_STATUS,
@@ -5597,6 +5591,8 @@ module.exports = {
   _CC_PROTECTED_FILE_GLOBS, // exported for testing
   _CC_PROTECTED_PREFIXES,  // exported for testing
   isAllowedOrigin,
+  isAllowedDashboardOrigin,
+  DASHBOARD_ACAO_DEFAULT_ORIGIN,
   buildSecurityHeaders,
   hasDangerousKey,
   HAS_DANGEROUS_KEY_MAX_DEPTH,

package/engine/watches.js

@@ -706,9 +706,9 @@ registerTargetType(WATCH_TARGET_TYPE.PR, {
       case WATCH_CONDITION.MERGED:
         return { triggered: pr.status === 'merged', message: pr.status === 'merged' ? `PR ${target} was merged` : '' };
       case WATCH_CONDITION.BUILD_FAIL:
-        return { triggered: pr.buildStatus === 'failing', message: pr.buildStatus === 'failing' ? `PR ${target} build is failing` : '' };
+        return { triggered: pr.buildStatus === shared.BUILD_STATUS.FAILING, message: pr.buildStatus === shared.BUILD_STATUS.FAILING ? `PR ${target} build is failing` : '' };
       case WATCH_CONDITION.BUILD_PASS:
-        return { triggered: pr.buildStatus === 'passing', message: pr.buildStatus === 'passing' ? `PR ${target} build is passing` : '' };
+        return { triggered: pr.buildStatus === shared.BUILD_STATUS.PASSING, message: pr.buildStatus === shared.BUILD_STATUS.PASSING ? `PR ${target} build is passing` : '' };
       case WATCH_CONDITION.STATUS_CHANGE: {
         const changed = prevState.status !== undefined && prevState.status !== pr.status;
         return { triggered: changed, message: changed ? `PR ${target} status changed: ${prevState.status} → ${pr.status}` : '' };
@@ -759,9 +759,9 @@ registerTargetType(WATCH_TARGET_TYPE.PR, {
         // WATCH_ABSOLUTE_CONDITIONS) so it auto-expires on first trigger
         // when stopAfter=0. Treat isDraft !== true (catches null/undefined
         // legacy PRs that don't expose the field).
-        const ready = pr.status === 'active'
-          && pr.reviewStatus === 'approved'
-          && pr.buildStatus === 'passing'
+        const ready = pr.status === shared.PR_STATUS.ACTIVE
+          && pr.reviewStatus === shared.REVIEW_STATUS.APPROVED
+          && pr.buildStatus === shared.BUILD_STATUS.PASSING
           && pr.mergeable === true
           && pr.isDraft !== true;
         return { triggered: ready, message: ready ? `PR ${target} is ready for merge` : '' };

package/engine.js

@@ -161,7 +161,8 @@ const ghToken = require('./engine/gh-token');
 const { runPostCompletionHooks, updateWorkItemStatus, syncPrdItemStatus, reconcilePrdStatuses, handlePostMerge, checkPlanCompletion,
   syncPrsFromOutput, updatePrAfterReview, updatePrAfterFix, checkForLearnings, extractSkillsFromOutput,
   updateAgentHistory, updateMetrics, createReviewFeedbackForAuthor, parseAgentOutput, syncPrdFromPrs,
-  isItemCompleted, classifyFailure: classifyFailureFallback, diagnoseEmptyOutput, processPendingRebases, resolveWorkItemPath } = require('./engine/lifecycle');
+  isItemCompleted, classifyFailure: classifyFailureFallback, diagnoseEmptyOutput, processPendingRebases, resolveWorkItemPath,
+  mergeArtifactNotes, promoteCompletionArtifacts } = require('./engine/lifecycle');
 
 // ─── Agent Spawner ──────────────────────────────────────────────────────────
 
@@ -3302,39 +3303,27 @@ async function spawnAgent(dispatchItem, config) {
     // Track artifacts on the work item for dashboard display
     if (dispatchItem.meta?.item?.id) {
       try {
-        const artWiPath = resolveWorkItemPath(dispatchItem.meta);
-        if (artWiPath) {
-          // Collect inbox notes written by this agent today (with structured IDs if available)
-          const _artToday = shared.dateStamp();
-          const _artInboxDir = path.join(MINIONS_DIR, 'notes', 'inbox');
-          let _artNotes = [];
-          try {
-            const noteFiles = shared.safeReadDir(_artInboxDir).filter(f => f.startsWith(agentId + '-') && f.includes(_artToday));
-            for (const f of noteFiles) {
-              const content = shared.safeRead(path.join(_artInboxDir, f));
-              const noteId = shared.parseNoteId(content);
-              _artNotes.push({ file: f, id: noteId || f.replace(/\.md$/, '') });
-            }
-          } catch {}
-
-          mutateJsonFileLocked(artWiPath, data => {
-            if (!Array.isArray(data)) return data;
-            const wi = data.find(i => i.id === dispatchItem.meta.item.id);
-            if (!wi) return data;
-            const arts = wi._artifacts || {};
-            arts.outputLog = `agents/${agentId}/output-${id}.log`;
-            if (dispatchItem.meta.branch) arts.branch = dispatchItem.meta.branch;
-            if (wi._pr) arts.pr = wi._pr;
-            if (wi._prUrl) arts.prUrl = wi._prUrl;
-            if (_artNotes.length > 0) arts.notes = _artNotes;
-            // Track plan/PRD artifacts from dispatch metadata
-            if (dispatchItem.meta.item?.planFile) arts.plan = dispatchItem.meta.item.planFile;
-            if (dispatchItem.meta.item?._prdFilename) arts.prd = dispatchItem.meta.item._prdFilename;
-            if (dispatchItem.meta.item?.sourcePlan) arts.sourcePlan = dispatchItem.meta.item.sourcePlan;
-            wi._artifacts = arts;
-            return data;
-          });
-        }
+        // Structured completion artifacts are authoritative. The legacy
+        // agent-prefixed inbox scan remains only as a best-effort augmentation
+        // for older runtimes that did not write completion_report.artifacts.
+        const _artToday = shared.dateStamp();
+        const _artInboxDir = path.join(MINIONS_DIR, 'notes', 'inbox');
+        let _artNotes = [];
+        try {
+          const noteFiles = shared.safeReadDir(_artInboxDir).filter(f => f.startsWith(agentId + '-') && f.includes(_artToday));
+          for (const f of noteFiles) {
+            const content = shared.safeRead(path.join(_artInboxDir, f));
+            const noteId = shared.parseNoteId(content);
+            _artNotes.push({ file: f, id: noteId || f.replace(/\.md$/, '') });
+          }
+        } catch {}
+        _artNotes = mergeArtifactNotes([], _artNotes);
+        promoteCompletionArtifacts(dispatchItem.meta, agentId, id, structuredCompletion, {
+          outputLog: `agents/${agentId}/output-${id}.log`,
+          branch: dispatchItem.meta.branch,
+          resultSummary,
+          additionalNotes: _artNotes,
+        });
       } catch (err) { log('warn', `Artifact tracking: ${err.message}`); }
     }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@yemi33/minions",
-  "version": "0.1.2087",
+  "version": "0.1.2088",
   "description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
   "bin": {
     "minions": "bin/minions.js"
@@ -24,7 +24,7 @@
     "test:e2e:accept": "node test/playwright/accept-baseline.js",
     "test:e2e:accept-force": "node test/playwright/accept-baseline.js --force",
     "test:setup": "npx playwright install chromium",
-    "lint": "eslint dashboard/"
+    "lint": "eslint dashboard/ engine/ado.js engine/github.js engine/lifecycle.js engine/queries.js engine/watches.js engine/cli.js"
   },
   "keywords": [
     "ai",