alvin-bot 5.1.6 → 5.1.8

package/CHANGELOG.md

@@ -2,6 +2,45 @@
 
 All notable changes to Alvin Bot are documented here.
 
+## [5.1.8] — 2026-05-17
+
+### Interrupted jobs auto-resume after a controlled restart
+
+If an auto-update, `/update` or `/restart` interrupted a job while it
+was running, the bot used to give up on that run and ask you to
+re-trigger it manually. Now, when the interruption was a controlled
+restart (not a crash) and it happened within the last 15 minutes, the
+job is re-run automatically on the next tick after the bot is back.
+Crash-loops are deliberately excluded — a job that keeps crashing the
+bot will never resume itself — and each interrupted run is resumed at
+most once. You can opt a single job out with `autoResume: false`.
+
+### Sub-agents report a result, not a play-by-play
+
+Finished sub-agents (background tasks, cron jobs) no longer dump a long
+step-by-step recap of how they thought and what tools they called. You
+get the compact status line (success/failed · duration · tokens) plus
+the actual result — nothing more. Cron reports still arrive in full;
+only the meta-narration is gone, since the orchestrator processes the
+real output anyway.
+
+## [5.1.7] — 2026-05-17
+
+### Scheduled jobs no longer run twice after a restart
+
+If two bot instances were briefly alive at the same time — for example
+right after an auto-update or a restart, while the old process was still
+shutting down — a scheduled job could fire twice within the same minute.
+One real case: a weekly report job sent its email, then sent an empty
+duplicate 30 seconds later. The old overlap guard only worked inside a
+single process, so a second instance never saw the first one's claim.
+
+Jobs are now claimed with a small cross-process lock before they run, so
+only one instance can execute a given job for a given slot. A crashed
+run can't wedge the lock — it is reclaimed automatically once the owning
+process is gone. Manual `/cron run` honours the same lock. No
+configuration changes; existing jobs just stop double-firing.
+
 ## [5.1.6] — 2026-05-15
 
 ### Planned restarts really stop counting as crashes now

package/dist/services/cron-scheduling.js

@@ -149,6 +149,15 @@ export function prepareForExecution(job, now) {
 // ── Startup catch-up ───────────────────────────────────────
 /** Default grace window for catching up an interrupted attempt on boot. */
 export const DEFAULT_CATCHUP_GRACE_MS = 6 * 60 * 60 * 1000; // 6 h
+/**
+ * Short window for *fast-resume*: when a controlled restart (auto-update,
+ * /update, /restart) interrupts a running job, re-run it immediately on
+ * the next boot instead of telling the user to re-trigger — but only if
+ * the interruption is this fresh. Deliberately minutes, not hours: a
+ * boot many hours later is the "surprise rerun" case slotAlreadyAttempted
+ * is designed to suppress; fast-resume is the immediate self-heal.
+ */
+export const DEFAULT_FAST_RESUME_MS = 15 * 60 * 1000; // 15 min
 /**
  * Returns true when the job's *current* schedule slot has already been
  * attempted — i.e. the bot fired the job for this slot before the
@@ -195,7 +204,8 @@ function slotAlreadyAttempted(job, now) {
  *
  * PURE: returns a fresh array, never mutates the input.
  */
-export function handleStartupCatchup(jobs, now, graceMs = DEFAULT_CATCHUP_GRACE_MS) {
+export function handleStartupCatchup(jobs, now, graceMs = DEFAULT_CATCHUP_GRACE_MS, opts = {}) {
+    const fastResumeMs = opts.fastResumeMs ?? DEFAULT_FAST_RESUME_MS;
     return jobs.map((job) => {
         if (!job.enabled)
             return job;
@@ -210,11 +220,29 @@ export function handleStartupCatchup(jobs, now, graceMs = DEFAULT_CATCHUP_GRACE_
             return job; // clock weirdness — skip
         if (ageMs > graceMs)
             return job; // outside grace — give up
-        // The current schedule slot has already been attempted (even if it
-        // crashed). Skip catch-up so the user doesn't get a surprise rerun
-        // hours after the originally scheduled time.
-        if (slotAlreadyAttempted(job, now))
-            return job;
+        if (slotAlreadyAttempted(job, now)) {
+            // The slot was already attempted. Normally we leave it alone so the
+            // user doesn't get a surprise rerun hours later. EXCEPTION —
+            // fast-resume: a *controlled* restart interrupted it just minutes
+            // ago. Re-run immediately instead of "please re-trigger".
+            //   • expectedRestart → never true after a crash, so a job that
+            //     crashes the bot can't loop-resume itself.
+            //   • autoResume === false → per-job opt-out.
+            //   • fresh within fastResumeMs → not the "hours later" case.
+            //   • lastFastResumeAttemptAt !== lastAttemptAt → resume a given
+            //     interrupted attempt at most once.
+            const canFastResume = opts.expectedRestart === true &&
+                job.autoResume !== false &&
+                ageMs < fastResumeMs &&
+                job.lastFastResumeAttemptAt !== job.lastAttemptAt;
+            if (!canFastResume)
+                return job;
+            return {
+                ...job,
+                nextRunAt: now,
+                lastFastResumeAttemptAt: job.lastAttemptAt,
+            };
+        }
         // Within grace, never completed, and current slot hasn't been
         // attempted yet → catch up on next tick.
         return { ...job, nextRunAt: now };

package/dist/services/cron.js

@@ -11,10 +11,11 @@
  */
 import fs from "fs";
 import { execSync } from "child_process";
-import { dirname } from "path";
+import { resolve, dirname } from "path";
 import { CRON_FILE, BOT_ROOT } from "../paths.js";
 import { prepareForExecution, handleStartupCatchup, calculateNextRunFrom, } from "./cron-scheduling.js";
 import { resolveJobByNameOrId } from "./cron-resolver.js";
+import { bootWasExpectedRestart } from "./watchdog.js";
 // ── Storage ─────────────────────────────────────────────
 function loadJobs() {
     try {
@@ -256,6 +257,85 @@ async function executeJob(job) {
 // ── Scheduler Loop ──────────────────────────────────────
 let schedulerTimer = null;
 const runningJobs = new Set(); // Guard against overlapping executions
+// ── Cross-process job lock ──────────────────────────────
+//
+// `runningJobs` only guards overlap WITHIN this process. If two bot
+// instances are briefly alive at once (a launchd/pm2 restart that left
+// the old process running, or startup-catchup racing the normal tick),
+// each has its own in-memory Set and the same job can fire twice —
+// observed in the wild: a weekly job mailed its report, then mailed an
+// empty duplicate 30 s later. This atomic `mkdir` lock makes the claim
+// cross-process: the second instance sees the lock and skips the slot
+// instead of double-firing. Stale locks (owning PID gone, or — when the
+// meta is unreadable — older than the catch-up grace) are reclaimed so a
+// crash can never wedge a job forever. No deps, cross-platform.
+const CRON_LOCK_DIR = resolve(dirname(CRON_FILE), ".cron-locks");
+const CRON_LOCK_MAX_AGE_MS = 6 * 60 * 60 * 1000; // backstop for corrupt meta
+function cronLockPath(jobId) {
+    return resolve(CRON_LOCK_DIR, `${jobId.replace(/[^A-Za-z0-9_-]/g, "_")}.lock`);
+}
+function acquireJobLock(jobId) {
+    const lock = cronLockPath(jobId);
+    const writeMeta = () => {
+        try {
+            fs.writeFileSync(resolve(lock, "meta"), JSON.stringify({ pid: process.pid, at: Date.now() }));
+        }
+        catch { /* meta is best-effort */ }
+    };
+    try {
+        fs.mkdirSync(CRON_LOCK_DIR, { recursive: true });
+    }
+    catch { /* ignore */ }
+    try {
+        fs.mkdirSync(lock); // atomic: throws EEXIST if another instance holds it
+        writeMeta();
+        return true;
+    }
+    catch {
+        let stale = false;
+        try {
+            const meta = JSON.parse(fs.readFileSync(resolve(lock, "meta"), "utf-8"));
+            if (typeof meta.pid === "number") {
+                try {
+                    process.kill(meta.pid, 0); // same-host liveness probe (no signal sent)
+                }
+                catch (e) {
+                    if (e.code === "ESRCH")
+                        stale = true; // owner gone
+                }
+            }
+            else {
+                stale = true; // no usable pid recorded
+            }
+        }
+        catch {
+            // meta missing/corrupt → fall back to lock-dir age
+            try {
+                stale = Date.now() - fs.statSync(lock).mtimeMs > CRON_LOCK_MAX_AGE_MS;
+            }
+            catch {
+                stale = false; // can't stat → treat as held (skip rather than double-fire)
+            }
+        }
+        if (!stale)
+            return false;
+        try {
+            fs.rmSync(lock, { recursive: true, force: true });
+            fs.mkdirSync(lock);
+            writeMeta();
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+function releaseJobLock(jobId) {
+    try {
+        fs.rmSync(cronLockPath(jobId), { recursive: true, force: true });
+    }
+    catch { /* ignore */ }
+}
 export function startScheduler() {
     if (schedulerTimer)
         return;
@@ -264,7 +344,9 @@ export function startScheduler() {
     // catch-up nextRunAt rewind is visible on the very next pass.
     try {
         const bootJobs = loadJobs();
-        const caught = handleStartupCatchup(bootJobs, Date.now());
+        const caught = handleStartupCatchup(bootJobs, Date.now(), undefined, {
+            expectedRestart: bootWasExpectedRestart(),
+        });
         // Only persist if something actually changed to avoid needless writes
         const mutated = caught.some((j, i) => j.nextRunAt !== bootJobs[i].nextRunAt);
         if (mutated) {
@@ -301,6 +383,13 @@ export function startScheduler() {
                 // mid-execution, handleStartupCatchup will notice the attempt
                 // without completion and nachholen within the grace window.
                 runningJobs.add(job.id);
+                // Cross-process claim: if another bot instance already owns this
+                // slot, skip instead of double-firing (the duplicate-report bug).
+                if (!acquireJobLock(job.id)) {
+                    runningJobs.delete(job.id);
+                    console.log(`Cron: job "${job.name}" (${job.id}) already claimed by another instance — skipping to avoid double-fire`);
+                    continue;
+                }
                 const prepared = prepareForExecution(job, now);
                 Object.assign(job, prepared);
                 saveJobs(jobs);
@@ -328,6 +417,7 @@ export function startScheduler() {
                 }
                 finally {
                     runningJobs.delete(job.id);
+                    releaseJobLock(job.id);
                 }
                 continue; // Skip the outer changed/save since we save inside
             }
@@ -422,6 +512,11 @@ export async function runJobNow(nameOrId) {
         return { status: "already-running", job };
     }
     runningJobs.add(job.id);
+    // Cross-process: another bot instance may already be running this job.
+    if (!acquireJobLock(job.id)) {
+        runningJobs.delete(job.id);
+        return { status: "already-running", job };
+    }
     try {
         // executeJob catches its own errors and returns { output, error }.
         // The inner try/catch here is a defensive belt against future
@@ -460,6 +555,7 @@ export async function runJobNow(nameOrId) {
     }
     finally {
         runningJobs.delete(job.id);
+        releaseJobLock(job.id);
     }
 }
 /**

package/dist/services/subagents.js

@@ -286,7 +286,9 @@ async function runSubAgent(id, agentConfig, abort, resolvedName) {
         const effectiveCwd = inheritCwd
             ? agentConfig.workingDir || os.homedir()
             : os.homedir();
-        const systemPrompt = `You are a sub-agent named "${resolvedName}". Complete the following task autonomously and report your results clearly when done. Working directory: ${effectiveCwd}`;
+        const systemPrompt = `You are a sub-agent named "${resolvedName}". Complete the following task autonomously. Working directory: ${effectiveCwd}
+
+When done, return ONLY the final result/outcome, concisely. Do NOT narrate your intermediate steps, your reasoning, your tool calls, or a play-by-play of what you did — the orchestrator only needs the outcome (the answer, the report, the list, the artifact path), and on failure the error plus what was and wasn't done. No preamble, no "Here's what I did", no step-by-step recap. Run status, duration and token usage are reported separately, so don't restate them.`;
         // v4.12.2 — Map the toolset preset to an explicit allowedTools list.
         // The provider honors this override (see src/providers/claude-sdk-provider.ts
         // line ~140). Passing undefined = full access (provider default).

package/dist/services/watchdog.js

@@ -39,6 +39,18 @@ const BEACON_INTERVAL_MS = 30_000; // write a beacon every 30 s
 let beaconTimer = null;
 let resetTimer = null;
 let bootTime = 0;
+/** Captured in startWatchdog(): did the previous process exit via a
+ *  controlled restart? Read by the cron scheduler for fast-resume. */
+let bootExpectedRestart = false;
+/**
+ * True when this boot was preceded by a *controlled* restart
+ * (`markExpectedRestart` had set the beacon flag) rather than a crash.
+ * Returns false until startWatchdog() has run, and false after a crash —
+ * the safe default (no fast-resume) in both cases.
+ */
+export function bootWasExpectedRestart() {
+    return bootExpectedRestart;
+}
 function ensureStateDir() {
     try {
         fs.mkdirSync(STATE_DIR, { recursive: true });
@@ -155,6 +167,11 @@ export function startWatchdog() {
     ensureStateDir();
     bootTime = Date.now();
     const previous = readBeacon();
+    // Capture whether the *previous* process exited via a controlled
+    // restart (markExpectedRestart set the flag) BEFORE writeBeacon below
+    // resets it. The cron scheduler uses this to fast-resume a job that a
+    // controlled restart interrupted, while never resuming after a crash.
+    bootExpectedRestart = previous?.expectedRestart === true;
     const decision = decideBrakeAction(previous, bootTime);
     if (decision.action === "brake") {
         console.error(`[watchdog] crash-loop brake triggered: ${decision.reason}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "alvin-bot",
-  "version": "5.1.6",
+  "version": "5.1.8",
   "description": "Alvin Bot — Your personal AI agent on Telegram, WhatsApp, Discord, Signal, and Web.",
   "type": "module",
   "main": "dist/index.js",