claudeboard 2.16.0 → 3.1.1

package/src/scanner.js

@@ -0,0 +1,153 @@
+// src/scanner.js
+const fs = require('fs');
+const path = require('path');
+
+const EXCLUDE_DIRS = new Set([
+  'node_modules', '.git', '.claudeboard', 'dist', 'build',
+  '.next', 'coverage', '.turbo', 'out', '.cache',
+]);
+
+const MAX_DEPTH = 3;
+const MAX_ENTRIES_PER_DIR = 50;
+
+function buildFileTree(dir, depth = 0, prefix = '') {
+  if (depth >= MAX_DEPTH) return [];
+
+  let entries;
+  try {
+    entries = fs.readdirSync(dir, { withFileTypes: true });
+  } catch {
+    return [];
+  }
+
+  const filtered = entries
+    .filter(e => !EXCLUDE_DIRS.has(e.name) && !e.name.startsWith('.'))
+    .slice(0, MAX_ENTRIES_PER_DIR);
+
+  const lines = [];
+  filtered.forEach((entry, idx) => {
+    const isLast = idx === filtered.length - 1;
+    const connector = isLast ? '└── ' : '├── ';
+    lines.push(prefix + connector + entry.name + (entry.isDirectory() ? '/' : ''));
+
+    if (entry.isDirectory()) {
+      const childPrefix = prefix + (isLast ? '    ' : '│   ');
+      lines.push(...buildFileTree(path.join(dir, entry.name), depth + 1, childPrefix));
+    }
+  });
+
+  return lines;
+}
+
+function detectTechStack(pkgJson, projectDir) {
+  const stack = [];
+
+  if (pkgJson) {
+    const deps = { ...pkgJson.dependencies, ...pkgJson.devDependencies };
+
+    if (deps['next'])             stack.push('Next.js');
+    else if (deps['react'])       stack.push('React');
+    if (deps['vue'])              stack.push('Vue');
+    if (deps['svelte'])           stack.push('Svelte');
+    if (deps['@angular/core'])    stack.push('Angular');
+    if (deps['express'])          stack.push('Express');
+    if (deps['fastify'])          stack.push('Fastify');
+    if (deps['koa'])              stack.push('Koa');
+    if (deps['@nestjs/core'])     stack.push('NestJS');
+    if (deps['typescript'] || deps['ts-node']) stack.push('TypeScript');
+    if (deps['tailwindcss'])      stack.push('Tailwind CSS');
+    if (deps['prisma'] || deps['@prisma/client']) stack.push('Prisma');
+    if (deps['mongoose'])         stack.push('MongoDB/Mongoose');
+    if (deps['sequelize'])        stack.push('Sequelize');
+    if (deps['graphql'])          stack.push('GraphQL');
+    if (deps['electron'])         stack.push('Electron');
+    if (deps['jest'] || deps['vitest']) stack.push('Testing');
+  }
+
+  // Detect from files in root
+  try {
+    const files = fs.readdirSync(projectDir);
+    if (files.some(f => f.endsWith('.py') || f === 'requirements.txt' || f === 'pyproject.toml'))
+      stack.push('Python');
+    if (files.some(f => f.endsWith('.rs') || f === 'Cargo.toml'))
+      stack.push('Rust');
+    if (files.some(f => f.endsWith('.go') || f === 'go.mod'))
+      stack.push('Go');
+    if (files.some(f => f.endsWith('.java') || f === 'pom.xml'))
+      stack.push('Java');
+    if (files.some(f => f === 'Gemfile'))
+      stack.push('Ruby');
+    if (files.some(f => f === 'composer.json'))
+      stack.push('PHP');
+  } catch { /* ignore */ }
+
+  // Dedupe
+  return [...new Set(stack)];
+}
+
+function scanProject(projectDir) {
+  if (!projectDir) projectDir = process.cwd();
+  // boardDir is always where ClaudeBoard stores its state (.claudeboard/)
+  const boardDir = process.cwd();
+
+  // Check for existing PRD — in ClaudeBoard's own data dir
+  let existingPrd = null;
+  try {
+    const prdPath = path.join(boardDir, '.claudeboard', 'prd.md');
+    if (fs.existsSync(prdPath)) {
+      existingPrd = fs.readFileSync(prdPath, 'utf-8');
+    }
+  } catch { /* ignore */ }
+
+  // Read package.json from USER's project dir
+  let pkgJson = null;
+  let projectName = path.basename(projectDir);
+  try {
+    const pkgPath = path.join(projectDir, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      pkgJson = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
+      if (pkgJson.name) projectName = pkgJson.name;
+    }
+  } catch { /* ignore */ }
+
+  // Read README from USER's project dir (cap at 3 KB)
+  let readme = null;
+  try {
+    const readmePath = path.join(projectDir, 'README.md');
+    if (fs.existsSync(readmePath)) {
+      readme = fs.readFileSync(readmePath, 'utf-8').slice(0, 3000);
+    }
+  } catch { /* ignore */ }
+
+  // Read context.md — check both project dir and board dir (cap at 8 KB)
+  let contextMd = null;
+  try {
+    for (const base of [projectDir, boardDir]) {
+      const contextPath = path.join(base, '.claudeboard', 'context.md');
+      if (fs.existsSync(contextPath)) {
+        contextMd = fs.readFileSync(contextPath, 'utf-8').slice(0, 8000);
+        break;
+      }
+    }
+  } catch { /* ignore */ }
+
+  // Build file tree
+  const treeLines = buildFileTree(projectDir);
+  const fileTree = treeLines.join('\n') || '(empty directory)';
+
+  // Detect tech stack
+  const techStack = detectTechStack(pkgJson, projectDir);
+
+  return {
+    isNewProject: existingPrd === null,
+    existingPrd,
+    fileTree,
+    techStack,
+    projectName,
+    readme,
+    contextMd,
+    pkgDescription: pkgJson?.description || null,
+  };
+}
+
+module.exports = { scanProject };

package/src/server.js

@@ -0,0 +1,205 @@
+// src/server.js
+const express = require('express');
+const http = require('http');
+const os = require('os');
+const WebSocket = require('ws');
+const path = require('path');
+const { getTasks, getConfig, setConfig, getPRD, getProjectPath, deleteTask, clearTasks } = require('./store');
+const { setBroadcast, setMaxAgents, setServerPort, sendMessage, startTask, processQueue, startOrchestrator, killAll, stopTask, pauseAll, runQA, spawnChecklistAgent, spawnDeployAgent, uploadPRD, provideCredentials } = require('./orchestrator');
+
+const WS_RATE_LIMIT = 10; // max WS messages per second per connection
+const TASK_ID_RE = /^[a-zA-Z0-9_-]{1,64}$/;
+
+function createServer(options = {}) {
+  const { port = 3000, maxAgents = 3, webhook = null, openBrowser = true } = options;
+
+  if (webhook) setConfig({ webhook });
+  setMaxAgents(maxAgents);
+
+  const app = express();
+  app.use(express.json({ limit: '64kb' }));
+  app.use(express.static(path.join(__dirname, '..', 'public')));
+
+  // Read-only REST endpoints
+  app.get('/api/tasks', (req, res) => {
+    try { res.json(getTasks()); }
+    catch { res.status(500).json({ error: 'Failed to read tasks' }); }
+  });
+
+  app.get('/api/prd', (req, res) => {
+    try { res.json({ prd: getPRD() }); }
+    catch { res.status(500).json({ error: 'Failed to read PRD' }); }
+  });
+
+  // Create a task externally (e.g. from scripts or other tools)
+  app.post('/api/tasks', (req, res) => {
+    try {
+      const { title, description, successCriteria, priority } = req.body || {};
+      if (!title || !description) return res.status(400).json({ error: 'title and description are required' });
+      const task = createTask({
+        title: String(title).slice(0, 200),
+        description: String(description).slice(0, 4000),
+        successCriteria: successCriteria ? String(successCriteria).slice(0, 1000) : '',
+        priority: ['high','medium','low'].includes(priority) ? priority : 'medium',
+      });
+      if (wss) wss.clients.forEach(c => { if (c.readyState === 1) c.send(JSON.stringify({ type: 'tasks:created', tasks: [task] })); });
+      processQueue();
+      res.json(task);
+    } catch (e) {
+      res.status(500).json({ error: 'Failed to create task' });
+    }
+  });
+
+  // Start a specific backlog task — ID validated before acting
+  app.post('/api/tasks/:id/start', (req, res) => {
+    const { id } = req.params;
+    if (!TASK_ID_RE.test(id)) return res.status(400).json({ error: 'Invalid task id' });
+    startTask(id);
+    res.json({ ok: true });
+  });
+
+  // System stats endpoint (CPU + RAM)
+  let lastCpuUsage = process.cpuUsage();
+  let lastCpuTime = Date.now();
+  // Warm up: re-baseline after 2s so first API call gets a meaningful delta
+  setTimeout(() => { lastCpuUsage = process.cpuUsage(); lastCpuTime = Date.now(); }, 2000);
+  app.get('/api/system', (req, res) => {
+    const now = Date.now();
+    const elapsed = (now - lastCpuTime) * 1000; // microseconds
+    const usage = process.cpuUsage(lastCpuUsage);
+    const cpuPercent = elapsed > 0 ? Math.round(((usage.user + usage.system) / elapsed) * 100) : 0;
+    lastCpuUsage = process.cpuUsage();
+    lastCpuTime = now;
+
+    const totalRam = os.totalmem();
+    const freeRam  = os.freemem();
+    const usedRam  = totalRam - freeRam;
+    res.json({
+      cpu: Math.min(cpuPercent, 100),
+      ramUsed: Math.round(usedRam / 1024 / 1024),
+      ramTotal: Math.round(totalRam / 1024 / 1024),
+      ramPercent: Math.round((usedRam / totalRam) * 100),
+    });
+  });
+
+  const server = http.createServer(app);
+  const wss = new WebSocket.Server({ server });
+
+  const clients = new Set();
+
+  function broadcast(data) {
+    const msg = JSON.stringify(data);
+    for (const ws of clients) {
+      if (ws.readyState === WebSocket.OPEN) ws.send(msg);
+    }
+  }
+
+  setBroadcast(broadcast);
+
+  wss.on('connection', (ws) => {
+    clients.add(ws);
+
+    // Per-connection rate-limit state
+    let msgCount = 0;
+    let windowStart = Date.now();
+
+    try {
+      ws.send(JSON.stringify({ type: 'init', tasks: getTasks(), prd: getPRD() }));
+    } catch { /* ignore */ }
+
+    ws.on('message', (raw) => {
+      // Rate limit: max WS_RATE_LIMIT messages per second per client
+      const now = Date.now();
+      if (now - windowStart >= 1000) {
+        msgCount = 0;
+        windowStart = now;
+      }
+      msgCount++;
+      if (msgCount > WS_RATE_LIMIT) {
+        ws.send(JSON.stringify({ type: 'error', message: 'Rate limit exceeded — slow down' }));
+        return;
+      }
+
+      let msg;
+      try { msg = JSON.parse(raw.toString()); }
+      catch { return; }
+
+      if (msg.type === 'orchestrator:message' && typeof msg.text === 'string') {
+        // Accept optional image (base64 DataURL), cap at 5 MB to prevent abuse
+        const imageData = (typeof msg.image === 'string' && msg.image.length < 5 * 1024 * 1024) ? msg.image : null;
+        sendMessage(msg.text, imageData); // sanitized inside sendMessage
+      } else if (msg.type === 'errors:retry-all') {
+        getTasks().filter(t => t.status === 'error').forEach(t => startTask(t.id));
+      } else if (msg.type === 'task:start' && typeof msg.taskId === 'string') {
+        if (TASK_ID_RE.test(msg.taskId)) startTask(msg.taskId);
+      } else if (msg.type === 'task:stop' && typeof msg.taskId === 'string') {
+        if (TASK_ID_RE.test(msg.taskId)) stopTask(msg.taskId);
+      } else if (msg.type === 'task:resolve' && typeof msg.taskId === 'string') {
+        // Human marked a blocked task as resolved → restart it
+        if (TASK_ID_RE.test(msg.taskId)) startTask(msg.taskId);
+      } else if (msg.type === 'queue:process') {
+        processQueue();
+      } else if (msg.type === 'agents:pause') {
+        pauseAll();
+      } else if (msg.type === 'qa:run') {
+        runQA();
+      } else if (msg.type === 'checklist:run') {
+        spawnChecklistAgent();
+      } else if (msg.type === 'deploy:run') {
+        spawnDeployAgent();
+      } else if (msg.type === 'task:delete' && typeof msg.taskId === 'string') {
+        if (TASK_ID_RE.test(msg.taskId)) {
+          deleteTask(msg.taskId);
+          broadcast({ type: 'task:deleted', taskId: msg.taskId });
+        }
+      } else if (msg.type === 'tasks:clear') {
+        pauseAll();
+        clearTasks();
+        broadcast({ type: 'tasks:cleared' });
+      } else if (msg.type === 'prd:upload' && typeof msg.content === 'string') {
+        const content = msg.content.slice(0, 20000);
+        uploadPRD(content);
+      } else if (msg.type === 'supabase:credentials') {
+        const supabaseUrl = typeof msg.supabaseUrl === 'string' ? msg.supabaseUrl.slice(0, 500) : '';
+        const anonKey    = typeof msg.anonKey    === 'string' ? msg.anonKey.slice(0, 500)    : '';
+        const serviceKey = typeof msg.serviceKey === 'string' ? msg.serviceKey.slice(0, 500) : '';
+        const writeDotEnv = msg.writeDotEnv !== false;
+        provideCredentials({ supabaseUrl, anonKey, serviceKey, writeDotEnv });
+      }
+    });
+
+    ws.on('close', () => clients.delete(ws));
+    ws.on('error', () => clients.delete(ws));
+  });
+
+  // Bind ONLY to 127.0.0.1 — never 0.0.0.0
+  server.listen(port, '127.0.0.1', async () => {
+    console.log(`ClaudeBoard running at http://127.0.0.1:${port}`);
+    setServerPort(port);
+    startOrchestrator();
+
+    if (openBrowser) {
+      try {
+        const open = await import('open');
+        await open.default(`http://127.0.0.1:${port}`);
+      } catch {
+        console.log(`Open your browser at http://127.0.0.1:${port}`);
+      }
+    }
+  });
+
+  // Graceful shutdown — kill all child processes before exiting
+  function shutdown(signal) {
+    console.log(`\n[server] ${signal} received — shutting down`);
+    killAll();
+    server.close(() => process.exit(0));
+    setTimeout(() => process.exit(1), 5000).unref();
+  }
+
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+  process.on('SIGINT', () => shutdown('SIGINT'));
+
+  return server;
+}
+
+module.exports = { createServer };

package/src/store.js

@@ -0,0 +1,182 @@
+// src/store.js
+const fs = require('fs');
+const path = require('path');
+
+const MAX_OUTPUT_BYTES = 1024 * 1024; // 1 MB — hard cap on stored agent output
+
+function getBoardDir() {
+  // Always relative to process.cwd() — never a system directory
+  return path.join(process.cwd(), '.claudeboard');
+}
+
+function ensureDir() {
+  const dir = getBoardDir();
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  return dir;
+}
+
+function readJSON(filename, defaultVal = []) {
+  const dir = ensureDir();
+  const filePath = path.join(dir, filename);
+  if (!fs.existsSync(filePath)) return defaultVal;
+  try { return JSON.parse(fs.readFileSync(filePath, 'utf-8')); }
+  catch { return defaultVal; }
+}
+
+function writeJSON(filename, data) {
+  const dir = ensureDir();
+  fs.writeFileSync(path.join(dir, filename), JSON.stringify(data, null, 2));
+}
+
+// Tasks CRUD
+function getTasks() { return readJSON('tasks.json', []); }
+function saveTasks(tasks) { writeJSON('tasks.json', tasks); }
+
+function createTask(task) {
+  const tasks = getTasks();
+  const newTask = {
+    id: Date.now().toString(),
+    title: String(task.title || 'Untitled').slice(0, 200),
+    description: String(task.description || '').slice(0, 2000),
+    successCriteria: String(task.successCriteria || '').slice(0, 1000),
+    priority: task.priority || 'medium',
+    status: 'backlog',
+    agentId: null,
+    output: '',
+    createdAt: new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+  };
+  tasks.push(newTask);
+  saveTasks(tasks);
+  return newTask;
+}
+
+function updateTask(id, updates) {
+  const tasks = getTasks();
+  const idx = tasks.findIndex(t => t.id === id);
+  if (idx === -1) return null;
+
+  // Enforce 1 MB cap on stored output
+  if (typeof updates.output === 'string' && Buffer.byteLength(updates.output, 'utf-8') > MAX_OUTPUT_BYTES) {
+    updates.output = updates.output.slice(0, MAX_OUTPUT_BYTES) + '\n[output truncated at 1 MB]';
+  }
+
+  tasks[idx] = { ...tasks[idx], ...updates, updatedAt: new Date().toISOString() };
+  saveTasks(tasks);
+  return tasks[idx];
+}
+
+function getTask(id) { return getTasks().find(t => t.id === id) || null; }
+
+function deleteTask(id) {
+  saveTasks(getTasks().filter(t => t.id !== id));
+}
+
+function clearTasks() {
+  saveTasks([]);
+}
+
+// Agents CRUD
+function getAgents() { return readJSON('agents.json', []); }
+function saveAgents(agents) { writeJSON('agents.json', agents); }
+
+function createAgent(agent) {
+  const agents = getAgents();
+  const newAgent = { id: Date.now().toString(), ...agent, createdAt: new Date().toISOString() };
+  agents.push(newAgent);
+  saveAgents(agents);
+  return newAgent;
+}
+
+function updateAgent(id, updates) {
+  const agents = getAgents();
+  const idx = agents.findIndex(a => a.id === id);
+  if (idx === -1) return null;
+  agents[idx] = { ...agents[idx], ...updates };
+  saveAgents(agents);
+  return agents[idx];
+}
+
+function removeAgent(id) {
+  saveAgents(getAgents().filter(a => a.id !== id));
+}
+
+// Config — read-only from code; write only via CLI flags at startup
+function getConfig() { return readJSON('config.json', {}); }
+function setConfig(updates) {
+  const config = getConfig();
+  const newConfig = { ...config, ...updates };
+  writeJSON('config.json', newConfig);
+  return newConfig;
+}
+
+// PRD
+function savePRD(content) {
+  const dir = ensureDir();
+  fs.writeFileSync(path.join(dir, 'prd.md'), String(content).slice(0, 500 * 1024)); // cap at 500 KB
+}
+function getPRD() {
+  const dir = ensureDir();
+  const p = path.join(dir, 'prd.md');
+  return fs.existsSync(p) ? fs.readFileSync(p, 'utf-8') : null;
+}
+
+// The project is always the directory where claudeboard was launched from.
+// No config override — avoids cross-project data leakage.
+function getProjectPath() {
+  return process.cwd();
+}
+
+// Chat history — persisted to disk
+function getChatHistory() {
+  return readJSON('chat-history.json', []);
+}
+
+function appendChatHistory(entry) {
+  const history = getChatHistory();
+  history.push({ ...entry, timestamp: new Date().toISOString() });
+  writeJSON('chat-history.json', history.slice(-500)); // keep last 500 messages
+}
+
+// Save base64 image from chat to disk, returns absolute path
+function saveChatImage(base64Data) {
+  const match = typeof base64Data === 'string' && base64Data.match(/^data:image\/(\w+);base64,(.+)$/);
+  if (!match) return null;
+  const ext = match[1] === 'jpeg' ? 'jpg' : match[1];
+  const filename = `chat-image-${Date.now()}.${ext}`;
+  const dir = ensureDir();
+  const filepath = path.join(dir, filename);
+  fs.writeFileSync(filepath, Buffer.from(match[2], 'base64'));
+  return filepath;
+}
+
+// Agent handoffs — written by agents after completing a task, read by successors
+function writeHandoff(taskId, content) {
+  const dir = ensureDir();
+  const handoffsDir = path.join(dir, 'handoffs');
+  if (!fs.existsSync(handoffsDir)) fs.mkdirSync(handoffsDir, { recursive: true });
+  fs.writeFileSync(path.join(handoffsDir, `${taskId}.md`), String(content).slice(0, 8000), 'utf-8');
+}
+
+function readHandoffs(excludeTaskId) {
+  const dir = ensureDir();
+  const handoffsDir = path.join(dir, 'handoffs');
+  if (!fs.existsSync(handoffsDir)) return [];
+  try {
+    return fs.readdirSync(handoffsDir)
+      .filter(f => f.endsWith('.md') && f !== `${excludeTaskId}.md`)
+      .map(f => { try { return fs.readFileSync(path.join(handoffsDir, f), 'utf-8'); } catch { return null; } })
+      .filter(Boolean)
+      .slice(-5); // last 5 handoffs only
+  } catch { return []; }
+}
+
+module.exports = {
+  getTasks, saveTasks, createTask, updateTask, getTask, deleteTask, clearTasks,
+  getAgents, createAgent, updateAgent, removeAgent,
+  getConfig, setConfig,
+  savePRD, getPRD,
+  getProjectPath,
+  getChatHistory, appendChatHistory, saveChatImage,
+  writeHandoff, readHandoffs,
+};

package/src/verifier.js

@@ -0,0 +1,131 @@
+// src/verifier.js
+const { spawn } = require('child_process');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { updateTask, createTask, getTask, getProjectPath } = require('./store');
+const { notify } = require('./notifier');
+
+function spawnClaude(prompt, cwd) {
+  const tmpFile = path.join(os.tmpdir(), `cb-${Date.now()}-${Math.random().toString(36).slice(2)}.txt`);
+  fs.writeFileSync(tmpFile, prompt, { encoding: 'utf8' });
+  let child;
+  if (process.platform === 'win32') {
+    const psCmd = `Get-Content -Raw -Encoding UTF8 '${tmpFile}' | claude --permission-mode bypassPermissions --print`;
+    child = spawn('powershell', ['-NoProfile', '-NonInteractive', '-Command', psCmd], {
+      cwd, stdio: ['ignore', 'pipe', 'pipe'], shell: false,
+    });
+  } else {
+    child = spawn('sh', ['-c', `claude --permission-mode bypassPermissions --print < '${tmpFile}'`], {
+      cwd, stdio: ['ignore', 'pipe', 'pipe'], shell: false,
+    });
+  }
+  child.on('close', () => { try { fs.unlinkSync(tmpFile); } catch (_) {} });
+  return child;
+}
+
+const MAX_FIELD_LEN = 2000;
+const MAX_RETRIES = 2;
+
+function sanitizeField(str) {
+  if (typeof str !== 'string') return '';
+  return str.replace(/\0/g, '').slice(0, MAX_FIELD_LEN);
+}
+
+function runVerifier(task, broadcast, onRetry) {
+  const title = sanitizeField(task.title);
+  const description = sanitizeField(task.description);
+  const successCriteria = sanitizeField(task.successCriteria);
+  const agentOutput = sanitizeField(typeof task.output === 'string' ? task.output.slice(-2000) : '');
+  const projectPath = getProjectPath();
+
+  const prompt = `You are a code verifier. Check if this task was completed correctly.
+
+Task: ${title}
+Success criteria: ${successCriteria}
+Project directory: ${projectPath}
+
+What the agent did:
+${agentOutput || '(no output)'}
+
+Instructions:
+1. Read the relevant files in the project directory to check the actual result.
+2. Your ENTIRE response must be ONE of these two formats, nothing else:
+   VERIFIED
+   FAILED: <one sentence reason>
+
+Do not add explanations, greetings, or any other text. Start your response with VERIFIED or FAILED.`;
+
+  broadcast({ type: 'task:verifying', taskId: task.id });
+  updateTask(task.id, { status: 'verifying' });
+
+  const proc = spawnClaude(prompt, projectPath);
+  let output = '';
+
+  proc.stdout.on('data', (data) => {
+    const chunk = data.toString('utf-8');
+    output += chunk;
+    broadcast({ type: 'task:verifier_output', taskId: task.id, chunk });
+  });
+
+  proc.stderr.on('data', () => {});
+
+  proc.on('close', () => {
+    const trimmed = output.trim();
+    // Flexible parsing: check anywhere in the first 300 chars
+    const head = trimmed.slice(0, 300).toUpperCase();
+    const isVerified = head.includes('VERIFIED') && !head.includes('FAILED');
+
+    if (isVerified) {
+      updateTask(task.id, { status: 'done', verifierOutput: trimmed.slice(0, 500) });
+      broadcast({ type: 'task:done', taskId: task.id });
+      notify('task:completed', { taskTitle: task.title, status: 'done' });
+      return;
+    }
+
+    // Extract failure reason
+    const failedMatch = trimmed.match(/FAILED[:\s]+(.+?)(?:\n|$)/i);
+    const reason = failedMatch
+      ? failedMatch[1].trim().slice(0, 300)
+      : trimmed.slice(0, 300) || 'Verificación sin respuesta esperada';
+
+    const retryCount = (task.retryCount || 0) + 1;
+
+    if (retryCount <= MAX_RETRIES) {
+      // Save last output before clearing so the retry agent knows what went wrong
+      const previousOutput = typeof task.output === 'string'
+        ? task.output.slice(-2000)
+        : (Array.isArray(task.output) ? task.output.map(e => e.chunk).join('').slice(-2000) : '');
+      const enrichedDesc = `[Reintento ${retryCount}/${MAX_RETRIES}] Intento anterior falló: ${reason}\n\nTarea original: ${task.description}`;
+      updateTask(task.id, {
+        status: 'backlog',
+        output: '',
+        previousOutput,
+        verifierOutput: reason,
+        retryCount,
+        description: enrichedDesc.slice(0, 2000),
+      });
+      broadcast({ type: 'task:updated', task: getTask(task.id) });
+      notify('task:failed', { taskTitle: task.title, status: 'retrying' });
+      if (onRetry) onRetry();
+    } else {
+      // Human intervention needed
+      updateTask(task.id, {
+        status: 'error',
+        needsHuman: true,
+        humanReason: reason,
+        verifierOutput: trimmed.slice(0, 500),
+      });
+      broadcast({ type: 'task:error', taskId: task.id, reason, needsHuman: true });
+      notify('task:failed', { taskTitle: task.title, status: 'error' });
+    }
+  });
+
+  proc.on('error', (err) => {
+    console.error('[verifier] spawn error:', err.message);
+    updateTask(task.id, { status: 'error', needsHuman: false });
+    broadcast({ type: 'task:error', taskId: task.id, reason: 'Verifier process failed to start' });
+  });
+}
+
+module.exports = { runVerifier };