@yemi33/minions 0.1.2107 → 0.1.2109

package/dashboard/js/qa.js

@@ -344,19 +344,81 @@ function _qaRenderRunRow(run) {
   } else if (agentId) {
     liveLink = '<a href="#" class="qa-run-link" onclick="event.preventDefault();qaOpenRunAgent(\'\',this.dataset.agent);" data-agent="' + escHtml(agentId) + '">' + escHtml(linkLabel) + '</a>';
   }
+  // W-mpxp90xs000i5732 — per-row Delete button, terminal-only. The engine
+  // also enforces terminal-only with a 409 (defense in depth); rendering
+  // the button conditionally just keeps the UI honest about what's safe
+  // to click.
+  let deleteBtn = '';
+  if (_qaIsTerminalStatus(status)) {
+    deleteBtn = '<button class="qa-btn-ghost qa-run-delete-btn" ' +
+      'data-run-id="' + escHtml(id) + '" ' +
+      'onclick="qaDeleteRun(this.dataset.runId)">Delete</button>';
+  }
+  const actionsHtml = (liveLink || deleteBtn)
+    ? '<span class="qa-run-actions">' + liveLink + deleteBtn + '</span>'
+    : '';
   const artifactsHtml = _qaRenderArtifactPreviews(id, run.artifacts || []);
-  return '<div class="qa-run-row">' +
+  return '<div class="qa-run-row" data-run-id="' + escHtml(id) + '">' +
     '<div class="qa-run-head">' +
       '<span class="qa-run-status ' + escHtml(statusClass) + '">' + escHtml(status) + '</span>' +
       '<span class="qa-run-name">' + escHtml(runbook) + '</span>' +
       (target ? '<span class="qa-run-target">→ <code>' + escHtml(target) + '</code></span>' : '') +
       (ts ? '<span class="qa-run-ts">' + escHtml(String(ts).slice(0, 19).replace('T', ' ')) + '</span>' : '') +
-      (liveLink ? '<span class="qa-run-actions">' + liveLink + '</span>' : '') +
+      actionsHtml +
     '</div>' +
     (artifactsHtml ? '<div class="qa-run-artifacts">' + artifactsHtml + '</div>' : '') +
     '</div>';
 }
 
+// W-mpxp90xs000i5732 — terminal status set kept in sync with
+// engine/qa-runs.js#TERMINAL_STATUSES. The Delete button only renders for
+// runs in one of these states; the engine's deleteQaRun returns 409 for
+// anything else (defense in depth).
+function _qaIsTerminalStatus(status) {
+  if (!status || typeof status !== 'string') return false;
+  const s = status.toLowerCase();
+  return s === 'passed' || s === 'failed' || s === 'errored';
+}
+
+// W-mpxp90xs000i5732 — per-row Delete handler. Confirms with the user,
+// fires DELETE /api/qa/runs/<id>, optimistic-removes the row on 200, and
+// surfaces errors via showToast(). Does NOT use alert() post-API per the
+// WI's UX contract.
+async function qaDeleteRun(id) {
+  if (!id) return;
+  if (!confirm('Delete QA run ' + id + ' and its artifacts? This cannot be undone.')) return;
+  let res, json;
+  try {
+    res = await fetch('/api/qa/runs/' + encodeURIComponent(id), {
+      method: 'DELETE',
+    });
+  } catch (e) {
+    if (typeof showToast === 'function') {
+      showToast('cmd-toast', 'Delete QA run failed: ' + (e && e.message || String(e)), false);
+    }
+    return;
+  }
+  try { json = await res.json(); } catch { json = {}; }
+  if (res.ok && json && json.ok) {
+    const sel = (window.CSS && CSS.escape ? CSS.escape(id) : id.replace(/"/g, '\\"'));
+    const row = document.querySelector('.qa-run-row[data-run-id="' + sel + '"]');
+    if (row && row.parentNode) row.parentNode.removeChild(row);
+    if (typeof loadQaRuns === 'function') loadQaRuns();
+    if (typeof showToast === 'function') {
+      const msg = json.artifactsRemoved
+        ? 'QA run deleted (artifacts removed).'
+        : 'QA run deleted.';
+      showToast('cmd-toast', msg, true);
+    }
+    return;
+  }
+  const errMsg = (json && (json.error + (json.currentStatus ? ' (status=' + json.currentStatus + ')' : '')))
+    || ('HTTP ' + (res ? res.status : '?'));
+  if (typeof showToast === 'function') {
+    showToast('cmd-toast', 'Delete QA run failed: ' + errMsg, false);
+  }
+}
+
 function _qaRenderArtifactPreviews(runId, artifacts) {
   if (!runId || !Array.isArray(artifacts) || !artifacts.length) return '';
   const parts = [];

package/dashboard/js/render-prd.js

@@ -766,6 +766,20 @@ async function prdItemEdit(source, itemId) {
     d.meta?.item?.id === itemId && d.meta?.item?.sourcePlan === source
   );
 
+  // W-mpxridf8001852f1 — resolve work-item type for the detail-modal pill via
+  // documented fallback chain: structured PRD field, materialized WI, dispatch
+  // sidecar, then prose `Type: <label>` prefix in the description (covers
+  // legacy unmaterialized items like prd/minions-2026-06-03.json).
+  let typeValue = item.type || wi?.type || completedEntry?.meta?.item?.type || '';
+  if (!typeValue && item.description) {
+    const m = /^Type:\s*([a-z-]+)\b/i.exec(item.description.trimStart());
+    if (m) typeValue = m[1];
+  }
+  typeValue = (typeValue || '').toString().toLowerCase();
+  const typePillHtml = typeValue
+    ? '<span style="font-size:10px;font-weight:600;padding:2px 6px;border-radius:3px;background:var(--surface-alt,var(--surface));border:1px solid var(--border);color:var(--muted);text-transform:lowercase">' + escHtml(typeValue) + '</span>'
+    : '';
+
   // Build completion summary section
   let completionHtml = '';
   const isDone = item.status === 'done';
@@ -786,6 +800,7 @@ async function prdItemEdit(source, itemId) {
     completionHtml = '<div style="background:var(--surface);border:1px solid var(--border);border-left:3px solid ' + statusColor + ';border-radius:4px;padding:10px 12px;margin-bottom:12px">' +
       '<div style="display:flex;align-items:center;gap:8px;margin-bottom:6px">' +
         (wi ? '<a href="#" onclick="event.preventDefault();event.stopPropagation();openWorkItemDetail(\'' + escHtml(wi.id) + '\')" title="Open ' + escHtml(wi.id) + ' detail" style="font-size:11px;font-weight:700;color:' + statusColor + ';text-decoration:none;cursor:pointer" onmouseover="this.style.textDecoration=\'underline\'" onmouseout="this.style.textDecoration=\'none\'">' + statusLabel + ' &rarr;</a>' : '<span style="font-size:11px;font-weight:700;color:' + statusColor + '">' + statusLabel + '</span>') +
+        typePillHtml +
         (agent ? '<span style="font-size:11px;color:var(--muted)">by ' + escHtml(agent) + '</span>' : '') +
         (completedAt ? '<span style="font-size:10px;color:var(--muted)">' + escHtml(completedAt.slice(0, 16).replace('T', ' ')) + '</span>' : '') +
       '</div>' +
@@ -795,8 +810,13 @@ async function prdItemEdit(source, itemId) {
     '</div>';
   }
 
+  const standaloneTypePillHtml = (!completionHtml && typePillHtml)
+    ? '<div style="margin-bottom:10px">' + typePillHtml + '</div>'
+    : '';
+
   const html = '<div style="padding:8px 0">' +
     completionHtml +
+    standaloneTypePillHtml +
     '<label style="font-size:11px;color:var(--muted);display:block;margin-bottom:4px">Name</label>' +
     '<input id="prd-edit-name" value="' + escHtml(item.name || '') + '" style="width:100%;padding:6px 10px;background:var(--surface);border:1px solid var(--border);border-radius:4px;color:var(--text);font-size:13px;margin-bottom:10px">' +
     '<div style="display:flex;align-items:center;justify-content:space-between;margin-bottom:4px">' +
@@ -831,7 +851,7 @@ async function prdItemEdit(source, itemId) {
   '</div>';
 
   document.getElementById('modal-title').textContent = item.id + ' — ' + (item.name || '').slice(0, 60);
-  // eslint-disable-next-line no-unsanitized/property -- reason: structural HTML is a string literal; all user data wrapped in escHtml() or renderMd() (fields: PRD item name/description, source, item id, agent, completion summary, PR links)
+  // eslint-disable-next-line no-unsanitized/property -- reason: structural HTML is a string literal; all user data wrapped in escHtml() or renderMd() (fields: PRD item name/description, source, item id, agent, completion summary, PR links, work-item type pill)
   document.getElementById('modal-body').innerHTML = html;
   document.getElementById('modal-body').style.fontFamily = '';
   document.getElementById('modal-body').style.whiteSpace = '';

package/dashboard/js/settings.js

@@ -404,6 +404,7 @@ async function openSettings() {
     '<div class="settings-stack">' +
       settingsToggle('Allow Temp Agents', 'set-allowTempAgents', !!e.allowTempAgents, 'Spawn ephemeral agents when all permanent agents are busy') +
       settingsToggle('Disable model discovery', 'set-disableModelDiscovery', !!e.disableModelDiscovery, 'Skip /api/runtimes/<name>/models REST calls fleet-wide. Settings UI falls back to free-text.') +
+      settingsToggle('QA: dual-write JSON sidecars', 'set-qaDualWriteJson', e.qaDualWriteJson !== false, 'Keep mirroring qa-runs.json and qa-sessions.json on every mutation alongside the SQLite source of truth. Default ON. Disable only once external tooling has been migrated off the JSON files — disabling drops the rollback path back to the JSON store.') +
     '</div>';
 
   // Section registry — order is intentional (Runtime + Auto-fix surface first
@@ -880,6 +881,7 @@ async function saveSettings() {
       copilotReasoningSummaries: !!document.getElementById('set-copilotReasoningSummaries')?.checked,
       maxBudgetUsd: (document.getElementById('set-maxBudgetUsd')?.value ?? '').trim(),
       disableModelDiscovery: !!document.getElementById('set-disableModelDiscovery')?.checked,
+      qaDualWriteJson: !!document.getElementById('set-qaDualWriteJson')?.checked,
       // W-mpmwxkrw000872ec — global font-size scale. Allowlist validation
       // (and clamp messaging) lives server-side in handleSettingsUpdate.
       fontSize: document.getElementById('set-fontSize')?.value || 'small',

package/dashboard.js

@@ -10345,6 +10345,46 @@ What would you like to discuss or change? When you're happy, say "approve" and I
     }
   }
 
+  // W-mpxp90xs000i5732 — DELETE /api/qa/runs/<id>. Hard-delete: removes the
+  // run from engine/qa-runs.json AND best-effort wipes the on-disk artifact
+  // directory under engine/qa-artifacts/<runId>/. Terminal-only — refuses
+  // pending/running runs with 409. Caller must cancel/complete the run via
+  // the lifecycle helpers before deletion. CSRF/Origin gate is applied by
+  // the server dispatcher for all mutating methods (see MUTATING_METHODS).
+  function handleQaRunsDelete(req, res, match) {
+    try {
+      const qa = require('./engine/qa-runs');
+      const id = decodeURIComponent(match[1] || '');
+      if (!_qaIsSafeSegment(id)) {
+        return jsonReply(res, 400, { error: 'invalid run id' }, req);
+      }
+      const result = qa.deleteQaRun(id);
+      if (result && result.ok) {
+        return jsonReply(res, 200, {
+          ok: true,
+          id,
+          artifactsRemoved: !!result.artifactsRemoved,
+        }, req);
+      }
+      const err = result && result.error;
+      if (err === 'not_found') {
+        return jsonReply(res, 404, { error: 'not_found' }, req);
+      }
+      if (err === 'not_terminal') {
+        return jsonReply(res, 409, {
+          error: 'not_terminal',
+          currentStatus: result.currentStatus,
+        }, req);
+      }
+      if (err === 'invalid_id') {
+        return jsonReply(res, 400, { error: 'invalid run id' }, req);
+      }
+      return jsonReply(res, 500, { error: 'qa-runs delete returned unknown result' }, req);
+    } catch (e) {
+      return jsonReply(res, 500, { error: e.message }, req);
+    }
+  }
+
   function handleQaArtifact(req, res, match) {
     try {
       const qa = require('./engine/qa-runs');
@@ -11052,6 +11092,7 @@ What would you like to discuss or change? When you're happy, say "approve" and I
     // traversal attempts return 403, missing files return 404.
     { method: 'GET', path: '/api/qa/runs', desc: 'List QA validation runs (newest first). Optional ?limit=N and ?status=pending|running|passed|failed|errored filters.', handler: handleQaRunsList },
     { method: 'GET', path: /^\/api\/qa\/runs\/([^/?]+)$/, template: '/api/qa/runs/<id>', desc: 'Fetch a single QA run record by id.', handler: handleQaRunsById },
+    { method: 'DELETE', path: /^\/api\/qa\/runs\/([^/?]+)$/, template: '/api/qa/runs/<id>', desc: 'Delete a QA run by id (terminal runs only). Best-effort removes artifacts under engine/qa-artifacts/<runId>/.', destructive: true, handler: handleQaRunsDelete },
     { method: 'GET', path: /^\/api\/qa\/artifacts\/([^/?]+)\/([^?]+)$/, template: '/api/qa/artifacts/<runId>/<file>', desc: 'Serve a QA artifact file (image/video/log). Sandboxed to engine/qa-artifacts/; rejects path traversal with 403.', handler: handleQaArtifact },
     // QA Runbooks (W-mpeiwz6k0005bf34-a) — per-project test plans stored at
     // <MINIONS_DIR>/projects/<name>/runbooks/<id>.json. Pure persistence —

package/docs/dead-code-audit-retractions.md

@@ -0,0 +1,23 @@
+# Dead-code audit retractions
+
+**Future dead-code audit dispatches MUST read this file before re-asserting any of the retracted findings below.**
+
+This file records false-positive findings from past dead-code audits so subsequent weekly audits do not re-cite them. Each entry names the claim verbatim, the correction, and the source lines that disprove it.
+
+```json
+{
+  "id": "reviewFeedbackSourceMatches-not-dead-exported",
+  "retractedOn": "2026-06-03",
+  "retractedBy": "Dead Code Review meeting (Lambert, Dallas, Ripley unanimous)",
+  "claim": "engine/lifecycle.js reviewFeedbackSourceMatches is still dead-exported",
+  "correction": "The function is NOT exported (verify: grep `reviewFeedbackSourceMatches` in engine/lifecycle.js module.exports block at :5161-5220 returns zero hits) and IS live-called intra-file at engine/lifecycle.js:2939 inside createReviewFeedbackForAuthor.",
+  "sources": [
+    "engine/lifecycle.js:2883 (definition)",
+    "engine/lifecycle.js:2939 (live caller inside createReviewFeedbackForAuthor)",
+    "engine/lifecycle.js:5161-5220 (module.exports block — function absent)",
+    "knowledge/project-notes/2026-06-03-ripley-meeting-conclusion-dead-code-review-2026-06-03.md",
+    "notes/inbox/ripley-2026-06-03-1012.md (R2 retraction)"
+  ],
+  "futureGuidance": "Do NOT remove. Do NOT 'un-export' — there is no export. The function is a 33-line scope-filter helper that is intentionally callable separately for testability/naming; inlining it into its sole caller worsens readability of the inbox-scan loop and is not a dead-code action."
+}
+```

package/docs/deprecated.json

@@ -1,4 +1,12 @@
 [
+  {
+    "id": "qa-json-sidecars",
+    "location": "engine/small-state-store.js _mirrorQaRunsJson + _mirrorQaSessionsJson; engine/shared.js _qaMutator (mirror call); dashboard/js/settings.js set-qaDualWriteJson toggle",
+    "reason": "Phase 8 migration (migrate-qa-state-to-sqlite, shipped 2026-06) moved qa_runs + qa_sessions into SQLite (engine/state.db, tables qa_runs + qa_sessions) as the source of truth. The legacy JSON sidecars engine/qa-runs.json and engine/qa-sessions.json are dual-written on every mutation while operators migrate external tooling and dashboards off the JSON files. Gated by engine.qaDualWriteJson (default true).",
+    "deprecated": "2026-06-03",
+    "targetRemovalDate": "2026-09-03",
+    "notes": "Safe to remove on or after 2026-09-03 (90 days post-ship, ~3 release windows) once: (1) operator telemetry / dashboard Settings shows engine.qaDualWriteJson flipped false on the main fleet; (2) no external readers (CI scripts, dashboards, ops runbooks) reference the JSON sidecars directly. Removal scope: delete _mirrorQaRunsJson + _mirrorQaSessionsJson + their exports in engine/small-state-store.js; drop the _qaDualWriteEnabled() + mirror call in engine/shared.js#_qaMutator; remove qaDualWriteJson from ENGINE_DEFAULTS and from the Settings toggle in dashboard/js/settings.js; remove the divergence-rehydrate branch in _resyncQaRunsIfDiverged / _resyncQaSessionsIfDiverged (the JSON files no longer exist to diverge against)."
+  },
   {
     "id": "config-poll-key-migration",
     "location": "engine/queries.js:126-163",
@@ -9,34 +17,34 @@
   },
   {
     "id": "legacy-done-aliases",
-    "location": "engine/cleanup.js:1052-1054",
+    "location": "engine/cleanup.js:1165-1166",
     "constants": ["LEGACY_DONE_ALIASES", "LEGACY_NEEDS_REVIEW_STATUS"],
     "reason": "Read-side tolerance: cleanup sweep auto-migrates four obsolete work-item / PRD status strings ('in-pr', 'implemented', 'complete', 'needs-human-review') to the canonical 'done' / 'failed' values. The aliases are no longer written anywhere in the engine; the constants exist only to repair stale on-disk values from old engine versions.",
     "targetRemovalDate": null,
-    "notes": "Keep indefinitely until telemetry / a sweep log shows zero migrations performed for 30 consecutive days across all known projects (work-items.json + prd/*.json). At that point the constants and both _migrateLegacyItem branches in engine/cleanup.js (definitions at :1052-1054; usage at :1055-1071 for work items and :1156-1162 for PRD missing_features) can be deleted. Total cost on disk today: 4 strings."
+    "notes": "Keep indefinitely until telemetry / a sweep log shows zero migrations performed for 30 consecutive days across all known projects (work-items.json + prd/*.json). At that point the constants and both _migrateLegacyItem branches in engine/cleanup.js (definitions at :1165-1166; usage at :1168-1183 for work items and :1269-1272 for PRD missing_features) can be deleted. Total cost on disk today: 4 strings."
   },
   {
     "id": "completion-fallback-parsers",
     "description": "parseStructuredCompletion and parseCompletionFieldSummary in engine/lifecycle.js",
     "file": "engine/lifecycle.js",
-    "lines": "2856, 3054",
+    "lines": "3075, 3273",
     "telemetryGate": "_engine.completionFallbacks must read 0 (both fenced and summary counters) across sweepWindowDays starting from sweepStartDate",
     "sweepWindowDays": 14,
     "sweepStartDate": "2026-05-27",
     "sweepRationale": "14 days matches the dead-code audit cadence (one full weekly audit cycle plus a buffer week). Policy decision pending confirmation in open-question #1 of the 2026-05-27 Bug Audit Review meeting conclusion — if the human teammate prefers a different cadence, repin this field and the matching enforcingSweepWindowTest fixture.",
     "enforcingTest": "test/unit/completion-fallback-telemetry.test.js:217-234",
     "enforcingSweepWindowTest": "test/unit/completion-fallback-sweep-window.test.js",
-    "notes": "Do NOT set removedAt until telemetry confirms zero usage across the sweepWindowDays from sweepStartDate. The follow-up code-removal PR (dropping parseStructuredCompletion at engine/lifecycle.js:2856, parseCompletionFieldSummary at :3054, and the gated fallback at :3852-3877) is dispatched separately once the window is observed clean."
+    "notes": "Do NOT set removedAt until telemetry confirms zero usage across the sweepWindowDays from sweepStartDate. The follow-up code-removal PR (dropping parseStructuredCompletion at engine/lifecycle.js:3075, parseCompletionFieldSummary at :3273, and the gated fallback at :4240-4266) is dispatched separately once the window is observed clean."
   },
   {
     "id": "config-claude-binary-override",
     "description": "Legacy `config.claude.binary` runtime-resolution override. Older `minions init` versions persisted a `config.claude.binary` field that pointed the Claude runtime at a specific binary path. The runtime adapter still honors this override on every Claude spawn; the engine emits a `deprecated-config-claude` warning at config-load time but does NOT delete the override, so the override branch in claude.js is load-bearing for any install that still carries a non-default value.",
     "code": [
-      { "file": "engine/runtimes/claude.js", "lines": "82-93", "note": "resolveBinary() respects config.claude.binary on every Claude spawn (probes npm package dir or direct binary path)" },
-      { "file": "engine/shared.js", "lines": "2311-2326", "note": "warnings.push({ id: 'deprecated-config-claude' }) — surface-only; never deletes the override" },
-      { "file": "engine/shared.js", "lines": "2770-2774", "note": "DEFAULT_CLAUDE.binary baseline that the warning + prune logic compares against" }
+      { "file": "engine/runtimes/claude.js", "lines": "82-86", "note": "resolveBinary() respects config.claude.binary on every Claude spawn (probes npm package dir or direct binary path)" },
+      { "file": "engine/shared.js", "lines": "2482-2496", "note": "warnings.push({ id: 'deprecated-config-claude' }) — surface-only; never deletes the override" },
+      { "file": "engine/shared.js", "lines": "3120-3124", "note": "DEFAULT_CLAUDE.binary baseline that the warning + prune logic compares against" }
     ],
-    "removalGate": "Telemetry: the `deprecated-config-claude` warning emitted at engine/shared.js:2321-2324 must report zero hits across all known engines for >=30 consecutive days, AND a sweep of every persisted config.json must show no `config.claude.binary` value that diverges from DEFAULT_CLAUDE.binary. Only then is the override branch in resolveBinary() (engine/runtimes/claude.js:82-93) removable, along with the `_deprecatedConfigClaudeFields` membership for `binary` and the warning emitter at engine/shared.js:2311-2326.",
+    "removalGate": "Telemetry: the `deprecated-config-claude` warning emitted at engine/shared.js:2492-2495 must report zero hits across all known engines for >=30 consecutive days, AND a sweep of every persisted config.json must show no `config.claude.binary` value that diverges from DEFAULT_CLAUDE.binary. Only then is the override branch in resolveBinary() (engine/runtimes/claude.js:82-86) removable, along with the `_deprecatedConfigClaudeFields` membership for `binary` and the warning emitter at engine/shared.js:2482-2496.",
     "targetRemovalDate": null,
     "notes": "Do NOT set targetRemovalDate — removal must be signal-gated, not calendar-gated. This entry is paired with `prune-default-claude-config`: the prune strips DEFAULT-matching values but intentionally preserves user overrides, which is precisely why the override branch in claude.js stays reachable. Removing the override before the prune entry's gate clears would silently break installs that still rely on a custom binary path."
   },
@@ -44,15 +52,15 @@
     "id": "legacy-cc-model-migration",
     "description": "applyLegacyCcModelMigration: in-memory shim that promotes legacy `engine.ccModel` to `engine.defaultModel` when defaultModel is unset, so single-model installs keep working after the runtime fleet refactor (P-3b8e5f1d). No on-disk rewrite — the persisted config.json continues to carry the legacy `ccModel` field. Called unconditionally on every engine boot from cli.start().",
     "code": [
-      { "file": "engine/shared.js", "lines": "2236", "note": "applyLegacyCcModelMigration definition (function signature + once-per-process flag via _resetLegacyCcModelMigrationFlag)" },
-      { "file": "engine/cli.js", "lines": "471-472", "note": "Boot call site inside start(); wrapped in try/catch so a migration failure cannot block startup" },
+      { "file": "engine/shared.js", "lines": "2407", "note": "applyLegacyCcModelMigration definition (function signature + once-per-process flag via _resetLegacyCcModelMigrationFlag)" },
+      { "file": "engine/cli.js", "lines": "477", "note": "Boot call site inside start(); wrapped in try/catch so a migration failure cannot block startup" },
       { "file": "CLAUDE.md", "lines": "316", "note": "Architectural documentation calling out the in-memory promotion contract" },
       { "file": "docs/slim-ux/concepts.md", "lines": "671", "note": "Surface-level concepts doc cross-reference" },
-      { "file": "test/unit.test.js", "lines": "19402", "note": "Source-inspection test pinning the CLAUDE.md description against the function name" },
+      { "file": "test/unit.test.js", "lines": "19801", "note": "Source-inspection test pinning the CLAUDE.md description against the function name" },
       { "file": "test/unit/runtime-fleet-helpers.test.js", "lines": "209-254", "note": "Behavioural unit tests (promotion, no-op when defaultModel set, no-op when ccModel unset, empty-string handling, once-only logging, null-safety)" },
       { "file": "test/unit/runtime-fleet-helpers.test.js", "lines": "500-505", "note": "Source-inspection test pinning the cli.js boot call site" }
     ],
-    "removalGate": "Telemetry: the once-per-boot deprecation log line emitted by applyLegacyCcModelMigration (via the injected logger at engine/shared.js:2236) must show zero promotion events across all known engines for >=30 consecutive days, AND a sweep of every persisted config.json must confirm no `engine.ccModel` field remains. Once both conditions hold, removal deletes the function + _resetLegacyCcModelMigrationFlag export at engine/shared.js:4977, the boot call at engine/cli.js:471-472, the CLAUDE.md:316 paragraph and docs/slim-ux/concepts.md:671 reference, and the tests at runtime-fleet-helpers.test.js:209-254 + :500-505 + unit.test.js:19402.",
+    "removalGate": "Telemetry: the once-per-boot deprecation log line emitted by applyLegacyCcModelMigration (via the injected logger at engine/shared.js:2407) must show zero promotion events across all known engines for >=30 consecutive days, AND a sweep of every persisted config.json must confirm no `engine.ccModel` field remains. Once both conditions hold, removal deletes the function + _resetLegacyCcModelMigrationFlag export at engine/shared.js:4977, the boot call at engine/cli.js:477, the CLAUDE.md:316 paragraph and docs/slim-ux/concepts.md:671 reference, and the tests at runtime-fleet-helpers.test.js:209-254 + :500-505 + unit.test.js:19801.",
     "targetRemovalDate": null,
     "notes": "Do NOT set targetRemovalDate — gating is signal-based. The function is silent on no-op (returns false without logging), so the meaningful telemetry signal is the absence of the promotion log line over the sweep window, NOT the absence of function invocations (cli.js calls it every boot regardless)."
   },
@@ -77,18 +85,18 @@
     "id": "prune-default-claude-config",
     "description": "pruneDefaultClaudeConfig: active sanitizer that strips generated `config.claude.{binary,outputFormat,allowedTools,permissionMode}` defaults from persisted config.json so the `deprecated-config-claude` warning stops tripping on stale defaults left by older `minions init` versions. Sub-cluster of `config-claude-binary-override` — the prune deliberately preserves non-default user overrides (binary/allowedTools), which is what keeps the override branch in engine/runtimes/claude.js load-bearing.",
     "code": [
-      { "file": "engine/shared.js", "lines": "2776-2809", "note": "pruneDefaultClaudeConfig definition: preserves non-default binary/allowedTools, always strips permissionMode + outputFormat" },
-      { "file": "engine/shared.js", "lines": "4989", "note": "Module export entry" },
-      { "file": "dashboard.js", "lines": "196", "note": "Called when loading config for the dashboard UI" },
-      { "file": "dashboard.js", "lines": "8753", "note": "Called during first config save handler" },
-      { "file": "dashboard.js", "lines": "8983", "note": "Called during second config save path" },
-      { "file": "dashboard.js", "lines": "9102", "note": "Called during third config save path" },
+      { "file": "engine/shared.js", "lines": "3126", "note": "pruneDefaultClaudeConfig definition: preserves non-default binary/allowedTools, always strips permissionMode + outputFormat" },
+      { "file": "engine/shared.js", "lines": "5673", "note": "Module export entry" },
+      { "file": "dashboard.js", "lines": "202", "note": "Called when loading config for the dashboard UI" },
+      { "file": "dashboard.js", "lines": "9116", "note": "Called during first config save handler" },
+      { "file": "dashboard.js", "lines": "9331", "note": "Called during second config save path" },
+      { "file": "dashboard.js", "lines": "9450", "note": "Called during third config save path" },
       { "file": "minions.js", "lines": "385", "note": "Called during CLI init/update flow" },
-      { "file": "test/unit.test.js", "lines": "2153-2196", "note": "Behavioural unit tests (default strip, override preservation, outputFormat unconditional strip) + dashboard call-site source pin" },
+      { "file": "test/unit.test.js", "lines": "2260-2303", "note": "Behavioural unit tests (default strip, override preservation, outputFormat unconditional strip) + dashboard call-site source pin" },
       { "file": "test/unit/runtime-fleet-helpers.test.js", "lines": "546", "note": "Source-inspection test pinning the dashboard handler call site" }
     ],
-    "removalGate": "Telemetry: pruneDefaultClaudeConfig must return false (no mutation) for every call across all known engines for >=30 consecutive days (add an `_engine.pruneDefaultClaudeConfigStrips` counter if needed to observe this), AND the parent `config-claude-binary-override` entry must have already cleared its own gate. The dependency is strict: removing the prune while users still rely on the override branch would surface the `deprecated-config-claude` warning on every stale generated default. Once both conditions hold, removal is the function definition (engine/shared.js:2776-2809), the export at :4989, all 5 call sites (dashboard.js:196, :8753, :8983, :9102; minions.js:385), and the tests at unit.test.js:2153-2196 + runtime-fleet-helpers.test.js:546.",
+    "removalGate": "Telemetry: pruneDefaultClaudeConfig must return false (no mutation) for every call across all known engines for >=30 consecutive days (add an `_engine.pruneDefaultClaudeConfigStrips` counter if needed to observe this), AND the parent `config-claude-binary-override` entry must have already cleared its own gate. The dependency is strict: removing the prune while users still rely on the override branch would surface the `deprecated-config-claude` warning on every stale generated default. Once both conditions hold, removal is the function definition (engine/shared.js:3126), the export at :5673, all 5 call sites (dashboard.js:202, :9116, :9331, :9450; minions.js:385), and the tests at unit.test.js:2260-2303 + runtime-fleet-helpers.test.js:546.",
     "targetRemovalDate": null,
-    "notes": "Do NOT set targetRemovalDate — gating is signal-based AND ordered. This entry MUST NOT be removed before `config-claude-binary-override` clears its gate, otherwise installs with stale defaults will flood the deprecation channel until their next config save. The 5 call sites form a complete coverage net: load (dashboard.js:196 + minions.js:385) + save (dashboard.js:8753/8983/9102), so any code path that touches config.json runs the sanitizer."
+    "notes": "Do NOT set targetRemovalDate — gating is signal-based AND ordered. This entry MUST NOT be removed before `config-claude-binary-override` clears its gate, otherwise installs with stale defaults will flood the deprecation channel until their next config save. The 5 call sites form a complete coverage net: load (dashboard.js:202 + minions.js:385) + save (dashboard.js:9116/9331/9450), so any code path that touches config.json runs the sanitizer."
   }
 ]

package/docs/design-state-storage.md

@@ -2,7 +2,7 @@
 
 > Author: Rebecca (Architect) | Date: 2026-04-07 | Status: **Accepted — implementation in progress**
 
-> **Implementation status (as of 2026-05):** The `node:sqlite` recommendation in §3 has been adopted ahead of schedule. Phases 0–7 have shipped (events, dispatches, work_items, pull_requests, logs, metrics, watches, schedule_runs + pipeline_runs + managed_processes + worktree_pool — see `CHANGELOG.md`). The SQLite schema lives under `engine/db/migrations/` and the singleton opens `engine/state.db` in WAL mode. The "Phase 2: estimated Node 26 LTS" timeline in §3 is now historical context; treat sections 1–3 as design rationale rather than a forward plan.
+> **Implementation status (as of 2026-06):** The `node:sqlite` recommendation in §3 has been adopted ahead of schedule. Phases 0–8 have shipped (events, dispatches, work_items, pull_requests, logs, metrics, watches, schedule_runs + pipeline_runs + managed_processes + worktree_pool, and qa_runs + qa_sessions — see `CHANGELOG.md`). The SQLite schema lives under `engine/db/migrations/` and the singleton opens `engine/state.db` in WAL mode. Phase 8 added the first opt-out toggle for the JSON sidecars (`engine.qaDualWriteJson`, default true) — when ops trust SQL as the source of truth for QA state, flip it false to halve write I/O on hot loops. The "Phase 2: estimated Node 26 LTS" timeline in §3 is now historical context; treat sections 1–3 as design rationale rather than a forward plan.
 
 ## Executive Summary
 

package/docs/qa-runbook-lifecycle.md

@@ -27,6 +27,41 @@ and clears the interval on page navigation via the `switchPage` wrapper in
 `dashboard/js/qa.js` (matches `_stopPlanPoll`/`_stopMeetingPoll` pattern in
 `dashboard/js/state.js`).
 
+### Persistence (Phase 8: SQLite source of truth)
+
+Since the Phase 8 migration (`migrate-qa-state-to-sqlite`), both
+`qa-runs.json` and `qa-sessions.json` are dual-written sidecars and SQLite
+(`engine/state.db`, tables `qa_runs` + `qa_sessions`) is the source of
+truth. Every mutation goes through `shared.mutateQaRuns` /
+`shared.mutateQaSessions`, which apply inside a SQLite transaction
+(`BEGIN IMMEDIATE`) then best-effort mirror to JSON under a `withFileLock`
+on the sidecar path so cross-process writers serialize. Reads go through
+`small-state-store.readQaRuns` / `readQaSessions`, which compare the SQL
+content-hash to the JSON sidecar and rehydrate SQL from JSON when an
+external editor (operator hand-edit, manual rollback) has diverged.
+
+The JSON mirror is gated by `engine.qaDualWriteJson` (default true). Once
+operators trust SQL as the source of truth and have migrated external
+tooling off the JSON files, flip it false via Dashboard → Settings →
+Advanced → "QA: dual-write JSON sidecars" to halve write I/O. With the
+toggle off, `qa-runs.json` / `qa-sessions.json` stop receiving updates
+(stale snapshot at the moment of the flip), so don't disable until any
+external readers have moved to the SQL tables or the dashboard `/api/qa/*`
+endpoints. The qa-runs cap (`QA_RUNS_MAX_RECORDS=2000`) and qa-sessions
+cap (`QA_SESSIONS_MAX_RECORDS=500`) still apply, enforced in-memory at
+createRun/createSession time.
+
+### Deleting runs
+
+`DELETE /api/qa/runs/<id>` hard-deletes a single terminal-status run
+(`passed`/`failed`/`errored`) and best-effort removes its artifact
+directory under `engine/qa-artifacts/<runId>/`. Non-terminal runs return
+`409 not_terminal` — operators must cancel/complete the run via the
+lifecycle helpers first. Invalid ids return `400 invalid_id`. The /qa
+dashboard page renders a per-row Delete button conditionally (terminal
+only), confirms with the user, and surfaces success/error via
+`showToast()` rather than `alert()`.
+
 ## Artifact contract
 
 `engine/qa-artifacts/<runId>/<file>`, served via
@@ -198,6 +233,7 @@ Documented in `dashboard.js`; routes are visible at `GET /api/routes`.
 | POST   | `/api/qa/sessions/<id>/dismiss`            | Non-terminal → `done`. Accept the draft as final; leaves spawn alive. Optional `{ summary }`.                              |
 | GET    | `/api/qa/runners`                          | List registered runner adapters (built-ins + `qa-runners.d/` plugins). Metadata only — hooks (functions) are stripped.    |
 | POST   | `/api/qa/runners/reload`                   | Clear in-process registry, re-register built-ins, re-scan `qa-runners.d/` for plugin edits. Returns the fresh runner list. |
+| DELETE | `/api/qa/runs/<id>`                        | Hard-delete a single QA run record (terminal-status runs only) and best-effort wipe its artifact directory under `engine/qa-artifacts/<runId>/`. Returns `{ ok: true, id, artifactsRemoved }` on success, `409 not_terminal` for in-flight runs, `404 not_found` for unknown ids. |
 
 The single-session POSTs share `_qaSessionAction` in `dashboard.js`; module
 errors are mapped to HTTP via `_qaSessionsErrorToStatus`:

package/engine/db/migrations/009-qa.js

@@ -0,0 +1,140 @@
+// engine/db/migrations/009-qa.js
+//
+// Phase 8: move the two QA state files into SQL.
+//
+//   engine/qa-runs.json      -> qa_runs       (top-level array → row per id)
+//   engine/qa-sessions.json  -> qa_sessions   (top-level array → row per id)
+//
+// Mirrors the dual-write / content-hash divergence pattern established by
+// the watches and Phase 7 small-state stores. JSON sidecars stay in place as
+// dual-write mirrors for one release cycle (gated by `engine.qaDualWriteJson`).
+
+const path = require('path');
+const fs = require('fs');
+
+function _resolveMinionsDir() {
+  const envHome = process.env.MINIONS_HOME || process.env.MINIONS_TEST_DIR;
+  if (envHome) return envHome;
+  try { return require('../../shared').MINIONS_DIR; } catch { return null; }
+}
+
+function _toMs(v) {
+  if (v == null) return null;
+  if (typeof v === 'number') return Number.isFinite(v) ? v : null;
+  const parsed = Date.parse(v);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+
+function _readJsonOr(filePath, fallback) {
+  try {
+    const raw = fs.readFileSync(filePath, 'utf8');
+    return JSON.parse(raw);
+  } catch { return fallback; }
+}
+
+module.exports = {
+  version: 9,
+  description: 'qa_runs + qa_sessions',
+  up(db) {
+    db.exec(`
+      CREATE TABLE qa_runs (
+        id            TEXT PRIMARY KEY,
+        runbook_id    TEXT NOT NULL,
+        target_name   TEXT NOT NULL,
+        project       TEXT,
+        work_item_id  TEXT,
+        status        TEXT NOT NULL,
+        started_at    INTEGER,
+        completed_at  INTEGER,
+        created_at    INTEGER NOT NULL,
+        data          TEXT NOT NULL
+      );
+      CREATE INDEX idx_qa_runs_status        ON qa_runs(status);
+      CREATE INDEX idx_qa_runs_created_at    ON qa_runs(created_at DESC);
+      CREATE INDEX idx_qa_runs_runbook       ON qa_runs(runbook_id);
+      CREATE INDEX idx_qa_runs_target        ON qa_runs(target_name);
+      CREATE INDEX idx_qa_runs_work_item     ON qa_runs(work_item_id) WHERE work_item_id IS NOT NULL;
+
+      CREATE TABLE qa_sessions (
+        id                TEXT PRIMARY KEY,
+        state             TEXT NOT NULL,
+        primary_project   TEXT,
+        qa_run_id         TEXT,
+        created_at        INTEGER NOT NULL,
+        updated_at        INTEGER NOT NULL,
+        completed_at      INTEGER,
+        data              TEXT NOT NULL
+      );
+      CREATE INDEX idx_qa_sessions_state         ON qa_sessions(state);
+      CREATE INDEX idx_qa_sessions_created_at    ON qa_sessions(created_at DESC);
+      CREATE INDEX idx_qa_sessions_project       ON qa_sessions(primary_project);
+      CREATE INDEX idx_qa_sessions_qa_run        ON qa_sessions(qa_run_id) WHERE qa_run_id IS NOT NULL;
+    `);
+
+    const minionsDir = _resolveMinionsDir();
+    if (!minionsDir) return;
+    const now = Date.now();
+    let inserted = 0;
+
+    // ── qa_runs ────────────────────────────────────────────────────────────
+    {
+      const raw = _readJsonOr(path.join(minionsDir, 'engine', 'qa-runs.json'), null);
+      if (Array.isArray(raw)) {
+        const ins = db.prepare(`
+          INSERT INTO qa_runs (id, runbook_id, target_name, project, work_item_id, status, started_at, completed_at, created_at, data)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+          ON CONFLICT(id) DO NOTHING
+        `);
+        for (const run of raw) {
+          if (!run || !run.id) continue;
+          try {
+            ins.run(
+              String(run.id),
+              String(run.runbookId || ''),
+              String(run.targetName || ''),
+              run.project || null,
+              run.workItemId || null,
+              String(run.status || 'pending'),
+              _toMs(run.startedAt),
+              _toMs(run.completedAt),
+              _toMs(run.createdAt) || now,
+              JSON.stringify(run),
+            );
+            inserted += 1;
+          } catch { /* duplicate / corrupt — skip */ }
+        }
+      }
+    }
+
+    // ── qa_sessions ────────────────────────────────────────────────────────
+    {
+      const raw = _readJsonOr(path.join(minionsDir, 'engine', 'qa-sessions.json'), null);
+      if (Array.isArray(raw)) {
+        const ins = db.prepare(`
+          INSERT INTO qa_sessions (id, state, primary_project, qa_run_id, created_at, updated_at, completed_at, data)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+          ON CONFLICT(id) DO NOTHING
+        `);
+        for (const session of raw) {
+          if (!session || !session.id) continue;
+          try {
+            ins.run(
+              String(session.id),
+              String(session.state || 'pending'),
+              session.primaryProject || (session.spec && session.spec.project) || null,
+              session.qaRunId || null,
+              _toMs(session.createdAt) || now,
+              _toMs(session.updatedAt) || _toMs(session.createdAt) || now,
+              _toMs(session.completedAt),
+              JSON.stringify(session),
+            );
+            inserted += 1;
+          } catch { /* duplicate / corrupt — skip */ }
+        }
+      }
+    }
+
+    // eslint-disable-next-line no-console
+    console.log(`[db-migrate] v9: backfilled ${inserted} QA rows; JSON files kept as dual-write mirrors`);
+  },
+};