aiden-runtime 4.9.1 → 4.9.3

package/dist/core/v4/daemon/idempotency/runIdempotencyStore.js

@@ -74,8 +74,8 @@ function acquire(db, opts) {
     const nowMs = (opts.now ?? Date.now)();
     const nowIso = new Date(nowMs).toISOString();
     const expires = opts.ttlMs ? new Date(nowMs + opts.ttlMs).toISOString() : null;
-    const result = db.prepare(`INSERT OR IGNORE INTO run_idempotency_keys
-       (namespace, key, fingerprint, status, created_at, expires_at)
+    const result = db.prepare(`INSERT OR IGNORE INTO run_idempotency_keys
+       (namespace, key, fingerprint, status, created_at, expires_at)
      VALUES (?, ?, ?, 'accepted', ?, ?)`).run(opts.namespace, opts.key, opts.fingerprint, nowIso, expires);
     if (result.changes > 0) {
         const row = readRow(db, opts.namespace, opts.key);
@@ -95,10 +95,10 @@ function acquire(db, opts) {
 }
 /** Back-fill the run/trigger/span FKs once those rows exist. */
 function link(db, opts) {
-    db.prepare(`UPDATE run_idempotency_keys
-        SET run_id           = COALESCE(?, run_id),
-            trigger_event_id = COALESCE(?, trigger_event_id),
-            span_id          = COALESCE(?, span_id)
+    db.prepare(`UPDATE run_idempotency_keys
+        SET run_id           = COALESCE(?, run_id),
+            trigger_event_id = COALESCE(?, trigger_event_id),
+            span_id          = COALESCE(?, span_id)
       WHERE namespace = ? AND key = ?`).run(opts.runId ?? null, opts.triggerEventId ?? null, opts.spanId ?? null, opts.namespace, opts.key);
 }
 /**
@@ -106,15 +106,15 @@ function link(db, opts) {
  * status: `'completed'` for success, `'failed'` for terminal failure.
  */
 function complete(db, opts) {
-    db.prepare(`UPDATE run_idempotency_keys
-        SET status     = ?,
-            result_ref = COALESCE(?, result_ref)
+    db.prepare(`UPDATE run_idempotency_keys
+        SET status     = ?,
+            result_ref = COALESCE(?, result_ref)
       WHERE namespace = ? AND key = ?`).run(opts.status, opts.resultRef ?? null, opts.namespace, opts.key);
 }
 /** Delete keys whose `expires_at` is in the past. Returns the count. */
 function sweepExpired(db, now) {
     const nowIso = new Date(now ?? Date.now()).toISOString();
-    const r = db.prepare(`DELETE FROM run_idempotency_keys
+    const r = db.prepare(`DELETE FROM run_idempotency_keys
        WHERE expires_at IS NOT NULL AND expires_at < ?`).run(nowIso);
     return { deleted: Number(r.changes ?? 0) };
 }

package/dist/core/v4/daemon/incarnationStore.js

@@ -26,22 +26,22 @@ exports.markEnded = markEnded;
 exports.lastForDaemon = lastForDaemon;
 function insertIncarnation(db, opts) {
     const started = opts.startedAt ?? new Date().toISOString();
-    db.prepare(`INSERT OR IGNORE INTO daemon_incarnations
-       (incarnation_id, daemon_id, pid, started_at, aiden_version, node_version)
+    db.prepare(`INSERT OR IGNORE INTO daemon_incarnations
+       (incarnation_id, daemon_id, pid, started_at, aiden_version, node_version)
      VALUES (?, ?, ?, ?, ?, ?)`).run(opts.incarnationId, opts.daemonId, opts.pid, started, opts.aidenVersion, opts.nodeVersion);
 }
 function markEnded(db, opts) {
     const ended = opts.endedAt ?? new Date().toISOString();
-    db.prepare(`UPDATE daemon_incarnations
-        SET ended_at    = COALESCE(ended_at, ?),
-            exit_reason = COALESCE(exit_reason, ?),
-            exit_code   = COALESCE(exit_code, ?)
+    db.prepare(`UPDATE daemon_incarnations
+        SET ended_at    = COALESCE(ended_at, ?),
+            exit_reason = COALESCE(exit_reason, ?),
+            exit_code   = COALESCE(exit_code, ?)
       WHERE incarnation_id = ?`).run(ended, opts.exitReason, opts.exitCode, opts.incarnationId);
 }
 function lastForDaemon(db, daemonId) {
-    const r = db.prepare(`SELECT * FROM daemon_incarnations
-      WHERE daemon_id = ?
-      ORDER BY started_at DESC
+    const r = db.prepare(`SELECT * FROM daemon_incarnations
+      WHERE daemon_id = ?
+      ORDER BY started_at DESC
       LIMIT 1`).get(daemonId);
     return r ?? null;
 }

package/dist/core/v4/daemon/runs/attemptStore.js

@@ -33,8 +33,8 @@ function createAttempt(db, opts) {
     const tx = db.transaction(() => {
         const row = db.prepare(`SELECT COALESCE(MAX(attempt_number), 0) AS n FROM run_attempts WHERE run_id = ?`).get(opts.runId);
         const nextNumber = row.n + 1;
-        db.prepare(`INSERT INTO run_attempts
-         (attempt_id, run_id, attempt_number, incarnation_id, started_at, status)
+        db.prepare(`INSERT INTO run_attempts
+         (attempt_id, run_id, attempt_number, incarnation_id, started_at, status)
        VALUES (?, ?, ?, ?, ?, 'running')`).run(attemptId, opts.runId, nextNumber, opts.incarnationId, startedAt);
     });
     tx();
@@ -48,12 +48,12 @@ function createAttempt(db, opts) {
  */
 function completeAttempt(db, opts) {
     const endedAt = opts.endedAt ?? new Date().toISOString();
-    db.prepare(`UPDATE run_attempts
-        SET status        = ?,
-            ended_at      = COALESCE(ended_at, ?),
-            finish_reason = COALESCE(finish_reason, ?),
-            error_class   = COALESCE(error_class, ?),
-            error_message = COALESCE(error_message, ?)
+    db.prepare(`UPDATE run_attempts
+        SET status        = ?,
+            ended_at      = COALESCE(ended_at, ?),
+            finish_reason = COALESCE(finish_reason, ?),
+            error_class   = COALESCE(error_class, ?),
+            error_message = COALESCE(error_message, ?)
       WHERE attempt_id = ?`).run(opts.status, endedAt, opts.finishReason ?? null, opts.errorClass ?? null, opts.errorMessage ?? null, opts.attemptId);
 }
 /** List all attempts for a run in attempt-number order. */

package/dist/core/v4/daemon/runs/reclaim.js

@@ -64,21 +64,21 @@ function reclaimStuckRuns(db, opts) {
     // table — unlikely, but cheap to avoid).
     let updateResult;
     if (opts.instanceId !== undefined) {
-        updateResult = db.prepare(`UPDATE runs
-          SET status         = 'interrupted',
-              finish_reason  = 'daemon_crashed',
-              completed_at   = ?,
-              resume_pending = 1,
-              resume_reason  = 'daemon_crashed'
+        updateResult = db.prepare(`UPDATE runs
+          SET status         = 'interrupted',
+              finish_reason  = 'daemon_crashed',
+              completed_at   = ?,
+              resume_pending = 1,
+              resume_reason  = 'daemon_crashed'
         WHERE status = 'running' AND instance_id = ?`).run(now, opts.instanceId);
     }
     else {
-        updateResult = db.prepare(`UPDATE runs
-          SET status         = 'interrupted',
-              finish_reason  = 'daemon_crashed',
-              completed_at   = ?,
-              resume_pending = 1,
-              resume_reason  = 'daemon_crashed'
+        updateResult = db.prepare(`UPDATE runs
+          SET status         = 'interrupted',
+              finish_reason  = 'daemon_crashed',
+              completed_at   = ?,
+              resume_pending = 1,
+              resume_reason  = 'daemon_crashed'
         WHERE status = 'running' AND instance_id != ?`).run(now, opts.currentInstanceId);
     }
     return {

package/dist/core/v4/daemon/runs/stuckAttemptWatchdog.js

@@ -30,37 +30,37 @@ function sweepStuckAttempts(db, opts) {
     const cutoffIso = new Date(now - thresholdMs).toISOString();
     const endedAtIso = new Date(now).toISOString();
     // ── attempts ────────────────────────────────────────────────────────────
-    const attemptRows = db.prepare(`SELECT attempt_id FROM run_attempts
-      WHERE status = 'running'
-        AND incarnation_id != ?
+    const attemptRows = db.prepare(`SELECT attempt_id FROM run_attempts
+      WHERE status = 'running'
+        AND incarnation_id != ?
         AND started_at < ?`).all(opts.currentIncarnationId, cutoffIso);
     const attemptIds = attemptRows.map((r) => r.attempt_id);
     if (attemptIds.length > 0) {
-        db.prepare(`UPDATE run_attempts
-          SET status        = 'crashed',
-              ended_at      = COALESCE(ended_at, ?),
-              finish_reason = COALESCE(finish_reason, 'stuck_attempt_swept')
-        WHERE status = 'running'
-          AND incarnation_id != ?
+        db.prepare(`UPDATE run_attempts
+          SET status        = 'crashed',
+              ended_at      = COALESCE(ended_at, ?),
+              finish_reason = COALESCE(finish_reason, 'stuck_attempt_swept')
+        WHERE status = 'running'
+          AND incarnation_id != ?
           AND started_at < ?`).run(endedAtIso, opts.currentIncarnationId, cutoffIso);
     }
     // ── spans ──────────────────────────────────────────────────────────────
     // Open spans (status NULL = in-flight) from a non-current incarnation.
     // We don't apply the threshold here — any open span owned by a dead
     // incarnation is by definition stuck; the parent process is gone.
-    const spanRows = db.prepare(`SELECT span_id FROM spans
-      WHERE status IS NULL
-        AND ended_at IS NULL
+    const spanRows = db.prepare(`SELECT span_id FROM spans
+      WHERE status IS NULL
+        AND ended_at IS NULL
         AND incarnation_id != ?`).all(opts.currentIncarnationId);
     const spanIds = spanRows.map((r) => r.span_id);
     if (spanIds.length > 0) {
-        db.prepare(`UPDATE spans
-          SET status        = 'cancelled',
-              ended_at      = COALESCE(ended_at, ?),
-              error_class   = COALESCE(error_class, 'OrphanedSpan'),
-              error_message = COALESCE(error_message, 'incarnation died with span open')
-        WHERE status IS NULL
-          AND ended_at IS NULL
+        db.prepare(`UPDATE spans
+          SET status        = 'cancelled',
+              ended_at      = COALESCE(ended_at, ?),
+              error_class   = COALESCE(error_class, 'OrphanedSpan'),
+              error_message = COALESCE(error_message, 'incarnation died with span open')
+        WHERE status IS NULL
+          AND ended_at IS NULL
           AND incarnation_id != ?`).run(endedAtIso, opts.currentIncarnationId);
     }
     return {

package/dist/core/v4/daemon/spans/spanStore.js

@@ -48,9 +48,9 @@ function safeParse(s) {
  */
 function openSpan(db, opts) {
     const startedAt = opts.startedAt ?? new Date().toISOString();
-    db.prepare(`INSERT INTO spans
-       (span_id, trace_id, parent_span_id, run_id, attempt_id,
-        incarnation_id, kind, name, started_at, attrs_json)
+    db.prepare(`INSERT INTO spans
+       (span_id, trace_id, parent_span_id, run_id, attempt_id,
+        incarnation_id, kind, name, started_at, attrs_json)
      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(opts.ctx.spanId, opts.ctx.traceId, opts.ctx.parentSpanId ?? null, opts.runId ?? null, opts.attemptId ?? null, opts.ctx.incarnationId, opts.kind, opts.name, startedAt, safeStringify(opts.attrs));
     return opts.ctx.spanId;
 }
@@ -66,20 +66,20 @@ function closeSpan(db, opts) {
         const cur = db.prepare(`SELECT attrs_json FROM spans WHERE span_id = ?`)
             .get(opts.spanId);
         const merged = { ...safeParse(cur?.attrs_json ?? null), ...opts.attrsPatch };
-        db.prepare(`UPDATE spans
-          SET status        = COALESCE(status, ?),
-              ended_at      = COALESCE(ended_at, ?),
-              error_class   = COALESCE(error_class, ?),
-              error_message = COALESCE(error_message, ?),
-              attrs_json    = ?
+        db.prepare(`UPDATE spans
+          SET status        = COALESCE(status, ?),
+              ended_at      = COALESCE(ended_at, ?),
+              error_class   = COALESCE(error_class, ?),
+              error_message = COALESCE(error_message, ?),
+              attrs_json    = ?
         WHERE span_id = ?`).run(opts.status, endedAt, opts.errorClass ?? null, opts.errorMessage ?? null, safeStringify(merged), opts.spanId);
         return;
     }
-    db.prepare(`UPDATE spans
-        SET status        = COALESCE(status, ?),
-            ended_at      = COALESCE(ended_at, ?),
-            error_class   = COALESCE(error_class, ?),
-            error_message = COALESCE(error_message, ?)
+    db.prepare(`UPDATE spans
+        SET status        = COALESCE(status, ?),
+            ended_at      = COALESCE(ended_at, ?),
+            error_class   = COALESCE(error_class, ?),
+            error_message = COALESCE(error_message, ?)
       WHERE span_id = ?`).run(opts.status, endedAt, opts.errorClass ?? null, opts.errorMessage ?? null, opts.spanId);
 }
 /** Single-span lookup. */

package/dist/core/v4/daemon/triggerBus.js

@@ -79,9 +79,9 @@ function createTriggerBus(opts) {
             let outcome = null;
             const tx = db.transaction(() => {
                 const result = db
-                    .prepare(`INSERT OR IGNORE INTO trigger_events
-               (source, source_key, idempotency_key, payload_json,
-                status, attempts, created_at, updated_at)
+                    .prepare(`INSERT OR IGNORE INTO trigger_events
+               (source, source_key, idempotency_key, payload_json,
+                status, attempts, created_at, updated_at)
              VALUES (?, ?, ?, ?, 'pending', 0, ?, ?)`)
                     .run(ev.source, ev.sourceKey, ev.idempotencyKey ?? null, payloadJson, now, now);
                 if (result.changes > 0) {
@@ -93,9 +93,9 @@ function createTriggerBus(opts) {
                         const ns = `trigger:${ev.source}`;
                         const key = `${ev.sourceKey}::${ev.idempotencyKey}`;
                         const fp = ev.idempotencyKey;
-                        db.prepare(`INSERT OR IGNORE INTO run_idempotency_keys
-                 (namespace, key, fingerprint, trigger_event_id,
-                  status, created_at)
+                        db.prepare(`INSERT OR IGNORE INTO run_idempotency_keys
+                 (namespace, key, fingerprint, trigger_event_id,
+                  status, created_at)
                VALUES (?, ?, ?, ?, 'accepted', ?)`).run(ns, key, fp, newId, new Date(now).toISOString());
                     }
                     outcome = { id: newId, inserted: true };
@@ -135,13 +135,13 @@ function createTriggerBus(opts) {
                 // claim_expires_at is still in the future (re-set by
                 // markFailed with cooldownMs to delay re-claim).
                 const sql = opts2.source
-                    ? `SELECT id FROM trigger_events
-              WHERE status = 'pending' AND source = ?
-                AND (claim_expires_at IS NULL OR claim_expires_at <= ?)
+                    ? `SELECT id FROM trigger_events
+              WHERE status = 'pending' AND source = ?
+                AND (claim_expires_at IS NULL OR claim_expires_at <= ?)
               ORDER BY created_at LIMIT 1`
-                    : `SELECT id FROM trigger_events
-              WHERE status = 'pending'
-                AND (claim_expires_at IS NULL OR claim_expires_at <= ?)
+                    : `SELECT id FROM trigger_events
+              WHERE status = 'pending'
+                AND (claim_expires_at IS NULL OR claim_expires_at <= ?)
               ORDER BY created_at LIMIT 1`;
                 const candidate = (opts2.source
                     ? db.prepare(sql).get(opts2.source, now)
@@ -149,12 +149,12 @@ function createTriggerBus(opts) {
                 if (!candidate)
                     return null;
                 const upd = db
-                    .prepare(`UPDATE trigger_events
-                SET status           = 'claimed',
-                    claim_owner      = ?,
-                    claim_expires_at = ?,
-                    updated_at       = ?,
-                    attempts         = attempts + 1
+                    .prepare(`UPDATE trigger_events
+                SET status           = 'claimed',
+                    claim_owner      = ?,
+                    claim_expires_at = ?,
+                    updated_at       = ?,
+                    attempts         = attempts + 1
               WHERE id = ? AND status = 'pending'`)
                     .run(opts2.ownerId, expires, now, candidate.id);
                 if (upd.changes === 0)
@@ -175,9 +175,9 @@ function createTriggerBus(opts) {
                 return false;
             const now = Date.now();
             const upd = db
-                .prepare(`UPDATE trigger_events
-              SET claim_expires_at = ?,
-                  updated_at       = ?
+                .prepare(`UPDATE trigger_events
+              SET claim_expires_at = ?,
+                  updated_at       = ?
             WHERE id = ? AND status = 'claimed'`)
                 .run(now + extendMs, now, eventId);
             return upd.changes > 0;
@@ -186,11 +186,11 @@ function createTriggerBus(opts) {
             if (activeClaims.get(eventId) !== claimToken)
                 return;
             const now = Date.now();
-            db.prepare(`UPDATE trigger_events
-            SET status           = 'pending',
-                claim_owner      = NULL,
-                claim_expires_at = NULL,
-                updated_at       = ?
+            db.prepare(`UPDATE trigger_events
+            SET status           = 'pending',
+                claim_owner      = NULL,
+                claim_expires_at = NULL,
+                updated_at       = ?
           WHERE id = ? AND status = 'claimed'`).run(now, eventId);
             activeClaims.delete(eventId);
         },
@@ -198,13 +198,13 @@ function createTriggerBus(opts) {
             if (activeClaims.get(eventId) !== claimToken)
                 return;
             const now = Date.now();
-            db.prepare(`UPDATE trigger_events
-            SET status           = 'done',
-                claim_owner      = NULL,
-                claim_expires_at = NULL,
-                updated_at       = ?,
-                completed_at     = ?,
-                run_id           = COALESCE(?, run_id)
+            db.prepare(`UPDATE trigger_events
+            SET status           = 'done',
+                claim_owner      = NULL,
+                claim_expires_at = NULL,
+                updated_at       = ?,
+                completed_at     = ?,
+                run_id           = COALESCE(?, run_id)
           WHERE id = ? AND status = 'claimed'`).run(now, now, runId ?? null, eventId);
             activeClaims.delete(eventId);
         },
@@ -232,22 +232,22 @@ function createTriggerBus(opts) {
                 // attempts was already incremented at claim time. Move to
                 // dead_letter when the count hits max, else return to pending.
                 if (row.attempts >= max) {
-                    db.prepare(`UPDATE trigger_events
-                SET status           = 'dead_letter',
-                    claim_owner      = NULL,
-                    claim_expires_at = NULL,
-                    last_error       = ?,
-                    updated_at       = ?,
-                    completed_at     = ?
+                    db.prepare(`UPDATE trigger_events
+                SET status           = 'dead_letter',
+                    claim_owner      = NULL,
+                    claim_expires_at = NULL,
+                    last_error       = ?,
+                    updated_at       = ?,
+                    completed_at     = ?
               WHERE id = ?`).run(truncated, now, now, eventId);
                 }
                 else {
-                    db.prepare(`UPDATE trigger_events
-                SET status           = 'pending',
-                    claim_owner      = NULL,
-                    claim_expires_at = ?,
-                    last_error       = ?,
-                    updated_at       = ?
+                    db.prepare(`UPDATE trigger_events
+                SET status           = 'pending',
+                    claim_owner      = NULL,
+                    claim_expires_at = ?,
+                    last_error       = ?,
+                    updated_at       = ?
               WHERE id = ?`).run(cooldownUntil, truncated, now, eventId);
                 }
             });
@@ -257,27 +257,27 @@ function createTriggerBus(opts) {
         reclaimExpired(now) {
             const cutoff = now ?? Date.now();
             const upd = db
-                .prepare(`UPDATE trigger_events
-              SET status           = 'pending',
-                  claim_owner      = NULL,
-                  claim_expires_at = NULL,
-                  last_error       = COALESCE(last_error, 'claim lease expired'),
-                  updated_at       = ?
-            WHERE status = 'claimed'
-              AND claim_expires_at IS NOT NULL
+                .prepare(`UPDATE trigger_events
+              SET status           = 'pending',
+                  claim_owner      = NULL,
+                  claim_expires_at = NULL,
+                  last_error       = COALESCE(last_error, 'claim lease expired'),
+                  updated_at       = ?
+            WHERE status = 'claimed'
+              AND claim_expires_at IS NOT NULL
               AND claim_expires_at < ?`)
                 .run(cutoff, cutoff);
             return { reclaimed: upd.changes };
         },
         deadLetter(eventId, reason) {
             const now = Date.now();
-            db.prepare(`UPDATE trigger_events
-            SET status           = 'dead_letter',
-                claim_owner      = NULL,
-                claim_expires_at = NULL,
-                last_error       = ?,
-                updated_at       = ?,
-                completed_at     = ?
+            db.prepare(`UPDATE trigger_events
+            SET status           = 'dead_letter',
+                claim_owner      = NULL,
+                claim_expires_at = NULL,
+                last_error       = ?,
+                updated_at       = ?,
+                completed_at     = ?
           WHERE id = ?`).run(reason.length > 1024 ? reason.slice(0, 1024) + '…' : reason, now, now, eventId);
             activeClaims.delete(eventId);
         },

package/dist/core/v4/hooks/auditQuery.js

@@ -23,15 +23,15 @@ function queryHookExecutions(db, q = {}) {
         params.push(q.since);
     }
     const limit = Math.min(Math.max(q.limit ?? 50, 1), 1000);
-    const sql = `
-    SELECT e.hook_execution_id, e.hook_id, h.name AS hook_name,
-           e.subscription_id, e.event, e.status, e.decision,
-           e.elapsed_ms, e.exit_code, e.error_kind, e.error_message,
-           e.started_at, e.finished_at, e.run_id, e.trace_id
-      FROM hook_executions e
-      LEFT JOIN hooks h ON h.hook_id = e.hook_id
-     ${where.length ? 'WHERE ' + where.join(' AND ') : ''}
-     ORDER BY e.started_at DESC
+    const sql = `
+    SELECT e.hook_execution_id, e.hook_id, h.name AS hook_name,
+           e.subscription_id, e.event, e.status, e.decision,
+           e.elapsed_ms, e.exit_code, e.error_kind, e.error_message,
+           e.started_at, e.finished_at, e.run_id, e.trace_id
+      FROM hook_executions e
+      LEFT JOIN hooks h ON h.hook_id = e.hook_id
+     ${where.length ? 'WHERE ' + where.join(' AND ') : ''}
+     ORDER BY e.started_at DESC
      LIMIT ?`;
     params.push(limit);
     return db.prepare(sql).all(...params);
@@ -41,7 +41,7 @@ function failureRates(db, lookbackN = 100) {
     const ids = db.prepare(`SELECT hook_id, name FROM hooks`).all();
     const rows = [];
     for (const h of ids) {
-        const recent = db.prepare(`SELECT status FROM hook_executions WHERE hook_id = ?
+        const recent = db.prepare(`SELECT status FROM hook_executions WHERE hook_id = ?
          ORDER BY started_at DESC LIMIT ?`).all(h.hook_id, lookbackN);
         if (recent.length === 0)
             continue;
@@ -58,7 +58,7 @@ function failureRates(db, lookbackN = 100) {
 }
 /** Count rows matching a status set over the recent window. */
 function countByStatus(db, sinceIso) {
-    const rows = db.prepare(`SELECT status, COUNT(*) AS n FROM hook_executions
+    const rows = db.prepare(`SELECT status, COUNT(*) AS n FROM hook_executions
        WHERE started_at >= ? GROUP BY status`).all(sinceIso);
     const out = {};
     for (const r of rows)

package/dist/core/v4/hooks/dispatcher.js

@@ -84,7 +84,7 @@ function setAutoDisableLogger(fn) { _autoDisableLogger = fn; }
  * `hook.auto_disabled` log line can cross-reference the failures.
  */
 function recentExecutionIds(db, hookId, n) {
-    const rows = db.prepare(`SELECT hook_execution_id FROM hook_executions WHERE hook_id = ?
+    const rows = db.prepare(`SELECT hook_execution_id FROM hook_executions WHERE hook_id = ?
        ORDER BY started_at DESC LIMIT ?`).all(hookId, n);
     return rows.map((r) => r.hook_execution_id);
 }
@@ -108,7 +108,7 @@ function applyAutoDisablePolicy(db, hookId, subId, status, policy, testMode) {
         return;
     }
     // Increment counter for any non-ok outcome.
-    db.prepare(`UPDATE hooks SET consecutive_failures = consecutive_failures + 1,
+    db.prepare(`UPDATE hooks SET consecutive_failures = consecutive_failures + 1,
                               updated_at=? WHERE hook_id=?`)
         .run(new Date().toISOString(), hookId);
     // Immediate revoke when the subscription explicitly opts in.
@@ -170,12 +170,12 @@ async function readEntrypoint(manifestPath) {
     }
 }
 function writeAudit(db, row) {
-    db.prepare(`INSERT INTO hook_executions
-       (hook_execution_id, hook_id, subscription_id, event,
-        run_id, trace_id, span_id, parent_span_id, tool_call_id,
-        status, decision, elapsed_ms, exit_code,
-        payload_hash, response_hash, stdout_preview, stderr_preview,
-        error_kind, error_message, started_at, finished_at)
+    db.prepare(`INSERT INTO hook_executions
+       (hook_execution_id, hook_id, subscription_id, event,
+        run_id, trace_id, span_id, parent_span_id, tool_call_id,
+        status, decision, elapsed_ms, exit_code,
+        payload_hash, response_hash, stdout_preview, stderr_preview,
+        error_kind, error_message, started_at, finished_at)
      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`).run(row.hookExecId, row.hookId, row.subscriptionId, row.event, row.ctx.runId ?? null, row.ctx.traceId ?? null, row.ctx.spanId ?? null, row.ctx.parentSpanId ?? null, row.ctx.toolCallId ?? null, row.status, row.decision, row.outcome?.elapsedMs ?? 0, row.outcome?.exitCode ?? null, row.outcome?.payloadHash ?? null, row.outcome?.responseHash ?? null, row.outcome?.stdoutPreview ?? null, row.outcome?.stderrPreview ?? null, row.outcome?.errorKind ?? null, row.outcome?.errorMessage ?? null, row.startedAt, row.finishedAt);
 }
 /**
@@ -184,11 +184,11 @@ function writeAudit(db, row) {
  * `mandatory_policy` and fail-open for everything else.
  */
 async function dispatchHook(db, event, payload, ctx) {
-    const subs = db.prepare(`SELECT s.*, h.manifest_path, h.trust_state, h.enabled AS hook_enabled, h.name AS name
-       FROM hook_subscriptions s
-       JOIN hooks h ON h.hook_id = s.hook_id
-      WHERE s.event = ? AND s.enabled = 1
-        AND h.enabled = 1 AND h.trust_state = 'trusted'
+    const subs = db.prepare(`SELECT s.*, h.manifest_path, h.trust_state, h.enabled AS hook_enabled, h.name AS name
+       FROM hook_subscriptions s
+       JOIN hooks h ON h.hook_id = s.hook_id
+      WHERE s.event = ? AND s.enabled = 1
+        AND h.enabled = 1 AND h.trust_state = 'trusted'
       ORDER BY s.priority DESC, s.subscription_id ASC`).all(event);
     const fired = [];
     let workingPayload = { ...payload };

package/dist/core/v4/hooks/registry.js

@@ -111,8 +111,8 @@ function upsertHook(db, m, codeHash, source) {
         hookId = existing.hook_id;
         if (existing.code_hash !== codeHash) {
             drifted = true;
-            db.prepare(`UPDATE hooks SET name=?, version=?, source=?, runtime=?, code_hash=?,
-                          trust_state='drifted', enabled=0, updated_at=?
+            db.prepare(`UPDATE hooks SET name=?, version=?, source=?, runtime=?, code_hash=?,
+                          trust_state='drifted', enabled=0, updated_at=?
           WHERE hook_id = ?`).run(m.name, m.version ?? null, source, m.runtime, codeHash, now, hookId);
         }
         else {
@@ -121,23 +121,23 @@ function upsertHook(db, m, codeHash, source) {
     }
     else {
         hookId = (0, identity_1.newHookId)();
-        db.prepare(`INSERT INTO hooks
-         (hook_id, name, version, source, runtime, manifest_path, code_hash, enabled, trust_state, created_at, updated_at)
+        db.prepare(`INSERT INTO hooks
+         (hook_id, name, version, source, runtime, manifest_path, code_hash, enabled, trust_state, created_at, updated_at)
        VALUES (?, ?, ?, ?, ?, ?, ?, 0, 'untrusted', ?, ?)`).run(hookId, m.name, m.version ?? null, source, m.runtime, m.manifestPath, codeHash, now, now);
     }
     // Replace subscriptions wholesale — simpler than diffing.
     db.prepare(`DELETE FROM hook_subscriptions WHERE hook_id = ?`).run(hookId);
     for (const s of m.subscriptions) {
-        db.prepare(`INSERT INTO hook_subscriptions
-         (subscription_id, hook_id, event, matcher_json, authority, mode, priority, timeout_ms, on_error, on_timeout, enabled)
+        db.prepare(`INSERT INTO hook_subscriptions
+         (subscription_id, hook_id, event, matcher_json, authority, mode, priority, timeout_ms, on_error, on_timeout, enabled)
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 1)`).run((0, identity_1.newHookSubId)(), hookId, s.event, s.matcher ? JSON.stringify(s.matcher) : null, s.authority, s.mode, s.priority ?? 0, s.timeout_ms, s.on_error, s.on_timeout);
     }
     // Capability grants are warn-only — store but don't enforce.
     db.prepare(`DELETE FROM hook_capability_grants WHERE hook_id = ?`).run(hookId);
     if (m.capabilities) {
         for (const [cap, scope] of Object.entries(m.capabilities)) {
-            db.prepare(`INSERT INTO hook_capability_grants
-           (grant_id, hook_id, capability, scope_json, granted_by, granted_at)
+            db.prepare(`INSERT INTO hook_capability_grants
+           (grant_id, hook_id, capability, scope_json, granted_by, granted_at)
          VALUES (?, ?, ?, ?, ?, ?)`).run((0, identity_1.newHookId)(), hookId, cap, JSON.stringify(scope), null, now);
         }
     }

package/dist/core/v4/mcp/transport.js

@@ -23,6 +23,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.HttpTransport = exports.StdioTransport = void 0;
 const node_child_process_1 = require("node:child_process");
+const spawnCommand_1 = require("../util/spawnCommand");
 const DEFAULT_TIMEOUT_MS = 30000;
 const SIGTERM_GRACE_MS = 5000;
 class StdioTransport {
@@ -36,19 +37,18 @@ class StdioTransport {
         this.label = `stdio:${opts.command}`;
         this.defaultTimeout = opts.defaultTimeoutMs ?? DEFAULT_TIMEOUT_MS;
         this.log = opts.log;
-        const spawner = opts.spawnFn ?? node_child_process_1.spawn;
-        // Windows .cmd/.bat shims (npx.cmd) can't be spawned with shell:false
-        // (Node 18.20+ refuses with EINVAL), and shell:true mangles arguments
-        // containing path separators. Callers should resolve the underlying
-        // executable themselves — e.g., spawn `node <npx-cli.js>` instead of
-        // `npx.cmd`. Phase 11 integration tests demonstrate this pattern in
-        // tests/v4/integration/mcpClient.real.test.ts::resolveNpxLaunch.
-        this.proc = spawner(opts.command, opts.args, {
+        // v4.9.2 — cross-platform spawn via shared helper. Windows .cmd/.bat
+        // shims (npx.cmd is the canonical MCP server case) are wrapped
+        // through `cmd.exe /d /s /c` with escaped args; Unix and .exe paths
+        // go direct. No shell:true anywhere — argument injection against
+        // user-supplied MCP server configs is prevented at the helper layer.
+        const { child } = (0, spawnCommand_1.spawnCommand)(opts.command, opts.args, {
             stdio: ['pipe', 'pipe', 'pipe'],
             env: opts.env,
             cwd: opts.cwd,
-            shell: false,
+            spawnImpl: opts.spawnFn ?? node_child_process_1.spawn,
         });
+        this.proc = child;
         this.proc.stdout?.setEncoding('utf8');
         this.proc.stderr?.setEncoding('utf8');
         this.proc.stdout?.on('data', (chunk) => this.onStdout(chunk));