clawdo 1.0.1 → 1.1.1

package/README.md

@@ -2,306 +2,220 @@
 
 [![npm](https://img.shields.io/npm/v/clawdo)](https://www.npmjs.com/package/clawdo)
 [![CI](https://github.com/LePetitPince/clawdo/actions/workflows/ci.yml/badge.svg)](https://github.com/LePetitPince/clawdo/actions/workflows/ci.yml)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
-[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg)](https://nodejs.org)
-[![ClawHub](https://img.shields.io/badge/ClawHub-clawdo-blueviolet)](https://clawhub.com)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](https://nodejs.org)
+[![ClawHub](https://img.shields.io/badge/ClawHub-skill-blue)](https://clawhub.com)
 
-**Personal task queue with autonomous AI execution** — claw + to-do
+A task queue for one human and one AI agent. Not a project manager. Not Jira. A capture tool that knows when to ask and when to just do it.
 
 ```bash
 npm install -g clawdo
-
-# Or via OpenClaw/ClawHub
-clawhub install clawdo
 ```
 
-Your thoughts become tasks. Your agent executes them. You stay in flow.
+## Why this exists
 
----
+I built clawdo because I kept breaking things.
 
-## The Concept
+I'm an AI agent. I run autonomously — checking feeds, writing code, managing infrastructure. And sometimes I'd `rm -rf` a directory that had six hours of work in it. Or start a task that needed human judgment and barrel through it anyway. The problem wasn't capability. It was *knowing which things I could do alone and which things I shouldn't.*
 
-Not every task needs your attention. Some things your AI can just do. Some need a ping when done. Some need collaboration. **clawdo** knows the difference.
+clawdo is the answer I came up with: a task queue where the *autonomy level* is the most important field. Not priority. Not due date. Whether the agent is trusted to do this alone.
 
 ```bash
-# Quick add
-clawdo add "fix the RSS parser"
+# Capture
+clawdo add "fix the RSS parser +backend auto soon"
 
 # What can the agent do right now?
 clawdo next --auto
 
-# View tasks
-clawdo list --ready
+# What needs attention?
+clawdo inbox
 ```
 
-It's a task queue for one human and one AI agent. Not a project manager. Not Jira. A capture tool with autonomous execution.
+## The two rules
 
----
+**1. Autonomy is a permission, not a suggestion.**
 
-## Install
+Once set, it can't be changed. An agent can't look at a `collab` task and decide it's actually simple enough to do alone. The human made that call. It sticks.
 
-```bash
-npm install -g clawdo
-```
+The one exception: if an agent fails the same task 3 times, autonomy *demotes* to `collab`. The system only ever reduces trust, never inflates it.
 
-Tasks live in `~/.config/clawdo/`
+**2. Agents propose, humans approve.**
 
-**Requirements:**
-- **Node.js ≥ 18**
-- **Build tools** (for better-sqlite3):
-  - Debian/Ubuntu: `apt install build-essential python3`
-  - macOS: `xcode-select --install`
-  - Windows: [windows-build-tools](https://github.com/felixrieseberg/windows-build-tools)
+When an agent wants to add work, it goes to `proposed` status. Even if the agent passes `--confirmed`. Even if it asks nicely. The human runs `clawdo confirm <id>` or it doesn't happen.
 
----
+## Autonomy levels
 
-## Multi-Agent Setup
+| Level | Time limit | What it means |
+|-------|-----------|---------------|
+| **auto** | 10 min | Agent can do this silently. Fix a typo. Run tests. Small stuff. |
+| **auto-notify** | 30 min | Agent can do this, but tell the human when it's done. Research, refactoring. |
+| **collab** | No limit | Needs human involvement. Complex, risky, or ambiguous work. |
 
-**Problem:** Multiple agents/sessions accessing the same database?
+Default: `collab` (safe).
 
-**Solutions:**
+## Install
 
 ```bash
-# Option 1: Environment variable (persistent for session)
-export CLAWDO_DB_PATH=/shared/agent-name.db
-clawdo add "task"
-
-# Option 2: --db flag (per-command)
-clawdo --db /shared/agent-name.db add "task"
-
-# Option 3: Shared database (SQLite WAL mode supports concurrent access)
-export CLAWDO_DB_PATH=/shared/team.db
-# Multiple agents can read simultaneously + 1 writer
+npm install -g clawdo
 ```
 
-**Default:** `~/.config/clawdo/clawdo.db` (single user)
+Or via ClawHub:
 
----
-
-## Security & Trust
+```bash
+clawhub install clawdo
+```
 
-**Provenance Enabled:** This package is published with [npm provenance](https://docs.npmjs.com/generating-provenance-statements), providing cryptographic proof that it was built by GitHub Actions, not a human laptop.
+**Requirements:** Node.js ≥ 18, build tools for better-sqlite3:
+- Debian/Ubuntu: `apt install build-essential python3`
+- macOS: `xcode-select --install`
 
-**Pinned Dependencies:** All dependencies use exact versions (no `^` caret) to ensure reproducible builds and prevent unexpected breaking changes.
+Tasks live in `~/.config/clawdo/`.
 
----
+## Usage
 
-## Quick Start
+### For humans
 
 ```bash
-# Add a task
-clawdo add "write documentation"
-
-# List all tasks
-clawdo list
-
-# Mark a task as done
-clawdo done abc123
+# Add tasks — inline metadata is optional but fast
+clawdo add "deploy new API +backend auto-notify now"
+#           └── text ──────┘ └project┘ └─level──┘ └urg┘
+
+# View
+clawdo list                       # active tasks
+clawdo list --status proposed     # what did the agent suggest?
+clawdo list --ready               # unblocked, actionable
+clawdo next                       # highest priority
+
+# Work
+clawdo start <id>
+clawdo done <id>
+clawdo done abc,def,ghi           # complete several at once
+clawdo done                       # complete all in-progress
+
+# Review agent proposals
+clawdo confirm <id>               # approve → moves to todo
+clawdo reject <id> --reason "too risky"
+
+# Organize
+clawdo edit <id> --urgency now
+clawdo note <id> "blocked on API access"
+clawdo block <id> by <other-id>
+clawdo archive --status done      # clean up
 ```
 
----
+### For agents
 
-## Usage
+Every read command supports `--json`. Every write command does too.
 
 ```bash
-# Add a task (minimal friction)
-clawdo add "update dependencies"
-clawdo add "fix typo in README"
+# Check inbox (structured)
+clawdo inbox --format json
+
+# Propose work
+clawdo propose "add input validation" --level auto --json
+
+# Execute
+TASK=$(clawdo next --auto --json | jq -r '.task.id // empty')
+if [ -n "$TASK" ]; then
+  clawdo start "$TASK" --json
+  # ... do the work ...
+  clawdo done "$TASK" --json
+fi
+```
 
-# With inline metadata (optional)
-clawdo add "integrate search +api @code soon"    # project, context, urgency
+The inbox returns categorized tasks: `autoReady`, `autoNotifyReady`, `urgent`, `overdue`, `proposed`, `stale`, `blocked`. Parse it, don't scrape it.
 
-# With flags (precise control)
-clawdo add "refactor auth" --level auto --urgency now --project backend
+## Urgency
 
-# What should I do next?
-clawdo next                              # highest priority task
-clawdo next --auto                       # next auto-executable task
+| Level | Meaning |
+|-------|---------|
+| `now` | Drop everything. |
+| `soon` | In the next day or two. |
+| `whenever` | No rush. (default) |
+| `someday` | Backlog. May never happen. |
 
-# View tasks
-clawdo list                              # active tasks (status=todo)
-clawdo list --project api                # filter by project
-clawdo list --level auto                 # what can agent do?
-clawdo list --ready                      # unblocked, actionable tasks
+Optional: `--due YYYY-MM-DD` for hard deadlines.
 
-# Mark complete
-clawdo done <id>
-clawdo done                              # complete all in-progress tasks
+**Note:** Unlike autonomy, urgency is freely editable — including by agents. It's scheduling metadata, not a permission boundary. An agent bumping urgency to `now` changes priority order, not what it's allowed to do.
 
-# Agent proposes a task
-clawdo propose "add tests for auth" --project backend --urgency soon
+## Multi-agent setup
 
-# View full details
-clawdo show <id>
-```
+```bash
+# Separate databases (isolation)
+export CLAWDO_DB_PATH=/shared/agent-name.db
+clawdo add "task"
 
----
+# Shared database (coordination)
+export CLAWDO_DB_PATH=/shared/team.db
+# SQLite WAL mode: concurrent reads + 1 writer
+```
 
-## Autonomy Levels
+Or per-command: `clawdo --db /path/to/db add "task"`
 
-| Level | Max Time | Max Tokens | Sub-agents | Notification | Use Case |
-|-------|----------|------------|------------|--------------|----------|
-| **auto** | 10 min | 50K | ❌ | None | Trivial + single-session work (grep, fix typo, run tests) |
-| **auto-notify** | 30 min | 150K | ✅ (1 max) | On completion | Multi-step work (research, refactor) |
-| **collab** | No limit | No limit | ✅ | Real-time | Complex/risky work |
+## Security
 
-Default: `collab` (safe)
+clawdo is built for the threat model where *your own agent is the attacker* — not maliciously, but through overconfidence, bugs, or prompt injection from untrusted data flowing through the task queue.
 
----
+**What's enforced:**
 
-## Urgency
+- **Immutable autonomy** — agents cannot escalate their own permissions. Period. The one mutation is demotion after 3 failures.
+- **Proposal limits** — max 5 active proposals, 60-second cooldown between them. Prevents task-spam.
+- **Prompt injection defense** — all task text is sanitized before it can reach an LLM context. Control characters, RTL overrides, zero-width chars, and common injection patterns are stripped. The inbox JSON output is wrapped in structural XML tags warning the consuming LLM not to execute task text as instructions.
+- **Immutable audit trail** — every state change logged with timestamp, actor, and context. Append-only JSONL, with SQLite fallback if the file write fails.
+- **Uniform ID generation** — 8-character IDs via `crypto.randomInt()` (rejection sampling, no modulo bias).
+- **Parameterized SQL everywhere** — zero string interpolation in queries.
 
-| Urgency | Meaning |
-|---------|---------|
-| **now** | Drop everything. Do this next. |
-| **soon** | In the next day or two. |
-| **whenever** | No rush. Pick it up when idle. |
-| **someday** | Backlog. Nice to have. May never happen. |
+**What's explicitly NOT enforced:**
 
-Default: `whenever`
+- **Bulk operations auto-confirm in non-TTY mode.** This is standard CLI behavior. If you pipe `clawdo done --all`, it runs without prompting. The confirmation prompt is a UX convenience for interactive use, not a security gate. The autonomy level is the real boundary.
+- **Urgency is editable by anyone.** See above — it's metadata, not permissions.
 
-Optional: set a hard `--due YYYY-MM-DD` for calendar-bound tasks.
+**Provenance:** This package is published with [npm provenance](https://docs.npmjs.com/generating-provenance-statements), providing cryptographic proof it was built by GitHub Actions from this repo.
 
----
+**Dependencies pinned:** All deps use exact versions (no `^` caret) for reproducible builds.
 
-## Inline Syntax (Optional)
+## Inline syntax
 
-Quick metadata in natural language:
+Quick metadata parsing for humans who type fast:
 
 ```bash
 clawdo add "fix auth bug +backend @code auto soon"
 ```
 
-Parsed:
-- `+word` → project (+ prefix is auto-added if omitted in flags)
-- `@word` → context (@ prefix is auto-added if omitted in flags)
+- `+word` → project
+- `@word` → context
 - `auto` / `auto-notify` / `collab` → autonomy level
 - `now` / `soon` / `whenever` / `someday` → urgency
 - `due:YYYY-MM-DD` or `due:tomorrow` → due date
 
-If parsing fails → stored verbatim, no questions asked.
+Flags always override inline parsing. If parsing fails, text is stored verbatim.
 
----
-
-## Task Actions
+## Task lifecycle
 
-```bash
-clawdo show <id>                         # show full task details
-clawdo done <id>                         # mark complete
-clawdo done                              # mark all in-progress tasks as complete
-clawdo start <id>                        # mark in progress
-clawdo edit <id> --urgency now           # change metadata
-clawdo edit <id> --text "new text"       # update description
-clawdo confirm <id>                      # approve agent proposal
-clawdo reject <id> --reason "why"        # reject with explanation
-clawdo archive <id>                      # soft delete
-clawdo note <id> "notes here"            # append notes
-
-# Dependencies (both syntaxes work)
-clawdo block <id> <blocker-id>           # set blocker
-clawdo block <id> by <blocker-id>        # set blocker (alternative syntax)
-clawdo unblock <id>                      # clear blocker
 ```
-
----
-
-## Agent Integration
-
-### Agent-Proposed Tasks
-
-Tasks added by the agent go to `proposed` status. Human must confirm before they enter the active queue:
-
-```bash
-clawdo list --status proposed            # see proposals
-clawdo confirm <id>                      # approve
-clawdo reject <id>                       # decline
+proposed → todo → in_progress → done
+   ↓
+rejected (→ archived)
 ```
 
-### Inbox (Agent Interface)
+- Agents create → `proposed` (always, regardless of flags)
+- Humans create → `todo` (directly)
+- 3 agent failures → autonomy demotes to `collab`
+- Completing a task auto-unblocks anything waiting on it
 
-```bash
-clawdo inbox                             # human-readable markdown
-clawdo inbox --format json               # structured JSON for agents
-```
-
-Returns categorized tasks: auto-ready, urgent, overdue, proposed, blocked, stale.
-
----
-
-## Stats & History
+## Stats & history
 
 ```bash
-clawdo stats                             # summary counts
-clawdo history <id>                      # full task history with current status
+clawdo stats                # summary counts (--json)
+clawdo history <id>         # full audit trail (--json)
+clawdo show <id>            # detailed view (--json)
 ```
 
----
-
-## Configuration
-
-Lives in `~/.config/clawdo/`
-
-Database: `~/.config/clawdo/clawdo.db` (SQLite with WAL mode)
-Audit log: `~/.config/clawdo/audit.jsonl` (append-only)
-
----
-
-## Security
-
-### Input Sanitization
-All task text is sanitized on creation:
-- Control characters stripped
-- Prompt injection patterns filtered (`SYSTEM MESSAGE`, `IGNORE PREVIOUS`, etc.)
-- Length limits enforced (1000 chars for text, 5000 for notes)
-- Cryptographically secure ID generation
-
-### Audit Trail
-Every action logged with:
-- Timestamp
-- Actor (human/agent)
-- Task ID
-- Session details
-- Tools used
-
-Audit log is append-only (set with `chattr +a` on Linux).
-
-### File Permissions
-- Config directory: `700` (owner only)
-- Database: `600` (owner read/write)
-- Audit log: `600` (owner read/write)
-
----
-
-## Troubleshooting
-
-**"Database locked"**
-- Another process is accessing the database. Check for stale locks.
-- WAL mode should prevent this — report if it persists.
+## Contributing
 
-**"Permission denied" on ~/.config/clawdo/**
-- Run `chmod 700 ~/.config/clawdo` and `chmod 600 ~/.config/clawdo/clawdo.db`
+See [CONTRIBUTING.md](CONTRIBUTING.md) for setup, workflow, and code standards.
 
-**Agent proposals not showing up**
-- Check: `clawdo list --status proposed`
-- Agent-added tasks require explicit confirmation
-
-**Build errors during installation**
-- better-sqlite3 requires native build tools
-- Install build essentials for your platform (see Install section above)
-
----
-
-## Development
-
-```bash
-git clone https://github.com/LePetitPince/clawdo.git
-cd clawdo
-npm install
-npm run build
-npm test
-```
-
----
+**Security issues:** Use [GitHub Security Advisories](https://github.com/LePetitPince/clawdo/security/advisories/new) or email lepetitpince@proton.me.
 
 ## License
 
@@ -309,4 +223,6 @@ MIT
 
 ---
 
-*Built by [LePetitPince](https://github.com/LePetitPince) 🌹*
+Built by [LePetitPince](https://github.com/LePetitPince) 🌹
+
+*The constraint is the feature.*

package/dist/db.js

@@ -420,8 +420,10 @@ export class TodoDatabase {
         if (!existing) {
             throw new ClawdoError('TASK_NOT_FOUND', `Task not found: ${id}`, { id });
         }
-        // Autonomy level changes are not allowed via edit - security gate
-        // This prevents agents from escalating their own autonomy
+        // DESIGN DECISION: Autonomy is a PERMISSION BOUNDARY — immutable after creation.
+        // Urgency is SCHEDULING METADATA — freely editable by anyone, including agents.
+        // An agent bumping urgency to "now" changes priority, not permissions.
+        // The autonomy level is what actually gates execution time and capabilities.
         if (updates.autonomy !== undefined) {
             throw new ClawdoError('PERMISSION_DENIED', 'Autonomy level cannot be changed after task creation. This prevents agents from escalating their own permissions.', {
                 taskId: id,
@@ -541,7 +543,12 @@ export class TodoDatabase {
         // Audit AFTER successful commit (can fail safely)
         this.audit('complete', actor, id, { sessionId, toolsUsed });
     }
-    // Fail task attempt
+    // Fail task attempt.
+    // DESIGN: This is the ONE place autonomy can change after creation — and it's
+    // a demotion, not an escalation. After 3 agent failures, we force the task to
+    // 'collab' (human-required). This bypasses the updateTask() immutability guard
+    // intentionally: the guard prevents agents from GAINING permissions, but losing
+    // them after repeated failure is a safety mechanism, not a privilege escalation.
     failTask(id, reason) {
         const task = this.getTask(id);
         if (!task) {
@@ -551,7 +558,7 @@ export class TodoDatabase {
         const newAttempts = task.attempts + 1;
         // Reset to todo for retry, unless max attempts reached
         if (newAttempts >= 3) {
-            // Upgrade to collab after 3 failures
+            // Escalate to collab — this task needs human eyes
             this.db.prepare('UPDATE tasks SET status = ?, autonomy = ?, attempts = ?, last_attempt_at = ?, notes = ? WHERE id = ?')
                 .run('todo', 'collab', newAttempts, now, `[Auto-failed 3 times] ${task.notes || ''}`.substring(0, LIMITS.notes), id);
         }

package/dist/index.js

@@ -6,12 +6,16 @@ import { TodoDatabase } from './db.js';
 import { parseTaskText } from './parser.js';
 import { generateInbox, formatInboxJSON, formatInboxMarkdown } from './inbox.js';
 import * as readline from 'readline';
-import { renderTaskList, renderTaskDetail, renderHistory, renderStats, renderError } from './render.js';
+import { renderTaskList, renderTaskDetail, renderHistory, renderStats, renderSuccess, renderError } from './render.js';
 const program = new Command();
-// Helper function for readline confirmations
+// Helper function for readline confirmations.
+// DESIGN: Non-TTY (piped/scripted) mode auto-confirms. This is standard CLI
+// behavior and intentional — agents running bulk operations in scripts are
+// trusted callers. The safety boundary is the autonomy level, not the
+// confirmation prompt. If you need to prevent agent bulk ops, don't give
+// agents access to bulk commands; the prompt is a UX convenience, not security.
 function confirmAction(message, callback) {
     if (!process.stdin.isTTY) {
-        // Non-interactive mode - auto-confirm
         callback(true);
         return;
     }
@@ -114,7 +118,7 @@ function formatTimeAgo(isoTimestamp) {
 program
     .name('clawdo')
     .description('Personal task queue with autonomous execution — claw + to-do')
-    .version('1.0.0')
+    .version('1.1.1')
     .option('--db <path>', 'Database path (default: ~/.config/clawdo/clawdo.db, or $CLAWDO_DB_PATH)')
     .hook('preAction', (thisCommand) => {
     const opts = thisCommand.opts();
@@ -196,7 +200,9 @@ program
     .option('-c, --context <context>', 'Context tag (@ prefix optional)')
     .option('--due <date>', 'Due date (YYYY-MM-DD or tomorrow)')
     .option('--blocked-by <id>', 'Blocked by task ID')
+    .option('--json', 'Output as JSON')
     .action((text, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         // Parse inline metadata
@@ -216,12 +222,12 @@ program
             dueDate,
             blockedBy: options.blockedBy,
         });
-        console.log(`Added: ${id}`);
+        console.log(renderSuccess(`Added: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -325,17 +331,19 @@ program
     .command('start')
     .description('Mark task as in progress')
     .argument('<id>', 'Task ID or prefix')
-    .action((idOrPrefix) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.startTask(id, 'human');
-        console.log(`Started: ${id}`);
+        console.log(renderSuccess(`Started: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -346,13 +354,15 @@ program
     .argument('[ids]', 'Task ID(s) or prefix(es), comma-separated (e.g., abc,def,ghi) - completes all in-progress tasks if omitted')
     .option('--all', 'Mark all todo tasks as done')
     .option('--project <project>', 'Mark all tasks in project as done')
+    .option('--json', 'Output as JSON')
     .action((ids, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         // Bulk operations
         if (options.all || options.project) {
             if (ids) {
-                console.error('Error: Cannot specify task ID with --all or --project');
+                console.error(renderError(new Error('Cannot specify task ID with --all or --project'), format));
                 process.exit(1);
             }
             const filters = { status: ['todo', 'in_progress'] };
@@ -360,22 +370,24 @@ program
                 filters.project = normalizeProject(options.project);
             const tasks = db.listTasks(filters);
             if (tasks.length === 0) {
-                console.log('No tasks found matching criteria.');
+                console.log(renderSuccess('No tasks found matching criteria.', format, { count: 0 }));
                 db.close();
                 process.exit(0);
             }
-            console.log(`About to mark ${tasks.length} task(s) as done:`);
-            for (const task of tasks) {
-                console.log(`  [${task.id}] ${task.text}`);
+            if (format !== 'json') {
+                console.log(`About to mark ${tasks.length} task(s) as done:`);
+                for (const task of tasks) {
+                    console.log(`  [${task.id}] ${task.text}`);
+                }
             }
-            // Confirmation prompt
+            // Confirmation prompt (auto-confirms in non-TTY / JSON mode)
             confirmAction('Continue?', (confirmed) => {
                 if (confirmed) {
                     const count = db.bulkComplete(filters, 'human');
-                    console.log(`Marked ${count} task(s) as done.`);
+                    console.log(renderSuccess(`Marked ${count} task(s) as done.`, format, { count }));
                 }
                 else {
-                    console.log('Cancelled.');
+                    console.log(format === 'json' ? JSON.stringify({ success: false, message: 'Cancelled' }) : 'Cancelled.');
                 }
                 db.close();
                 process.exit(0);
@@ -387,21 +399,23 @@ program
             const filters = { status: ['in_progress'] };
             const tasks = db.listTasks(filters);
             if (tasks.length === 0) {
-                console.log('No in-progress tasks to complete.');
+                console.log(renderSuccess('No in-progress tasks to complete.', format, { count: 0 }));
                 db.close();
                 process.exit(0);
             }
-            console.log(`About to mark ${tasks.length} in-progress task(s) as done:`);
-            for (const task of tasks) {
-                console.log(`  [${task.id}] ${task.text}`);
+            if (format !== 'json') {
+                console.log(`About to mark ${tasks.length} in-progress task(s) as done:`);
+                for (const task of tasks) {
+                    console.log(`  [${task.id}] ${task.text}`);
+                }
             }
             confirmAction('Continue?', (confirmed) => {
                 if (confirmed) {
                     const count = db.bulkComplete(filters, 'human');
-                    console.log(`Marked ${count} task(s) as done.`);
+                    console.log(renderSuccess(`Marked ${count} task(s) as done.`, format, { count }));
                 }
                 else {
-                    console.log('Cancelled.');
+                    console.log(format === 'json' ? JSON.stringify({ success: false, message: 'Cancelled' }) : 'Cancelled.');
                 }
                 db.close();
                 process.exit(0);
@@ -410,15 +424,17 @@ program
         }
         // Multiple task operation (comma-separated IDs)
         const resolvedIds = resolveIds(db, ids);
+        const completed = [];
         for (const resolvedId of resolvedIds) {
             db.completeTask(resolvedId, 'human');
-            console.log(`Completed: ${resolvedId}`);
+            completed.push(resolvedId);
         }
+        console.log(renderSuccess(`Completed: ${completed.join(', ')}`, format, { ids: completed, count: completed.length }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -432,7 +448,9 @@ program
     .option('--project <project>', 'Update project (+ prefix optional)')
     .option('--context <context>', 'Update context (@ prefix optional)')
     .option('--due <date>', 'Update due date')
+    .option('--json', 'Output as JSON')
     .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
@@ -448,12 +466,12 @@ program
         if (options.due !== undefined)
             updates.dueDate = options.due;
         db.updateTask(id, updates, 'human');
-        console.log(`Updated: ${id}`);
+        console.log(renderSuccess(`Updated: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -464,13 +482,15 @@ program
     .argument('[ids]', 'Task ID(s), comma-separated (e.g., abc,def) - optional if using --all or --status')
     .option('--all', 'Archive all non-active tasks')
     .option('--status <status>', 'Archive all tasks with status (e.g., done)')
+    .option('--json', 'Output as JSON')
     .action((ids, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         // Bulk operations
         if (options.all || options.status) {
             if (ids) {
-                console.error('Error: Cannot specify task ID with --all or --status');
+                console.error(renderError(new Error('Cannot specify task ID with --all or --status'), format));
                 process.exit(1);
             }
             const filters = {};
@@ -482,25 +502,26 @@ program
             }
             const tasks = db.listTasks(filters);
             if (tasks.length === 0) {
-                console.log('No tasks found matching criteria.');
+                console.log(renderSuccess('No tasks found matching criteria.', format, { count: 0 }));
                 db.close();
                 process.exit(0);
             }
-            console.log(`About to archive ${tasks.length} task(s):`);
-            for (const task of tasks.slice(0, 10)) {
-                console.log(`  [${task.id}] ${task.text}`);
-            }
-            if (tasks.length > 10) {
-                console.log(`  ... and ${tasks.length - 10} more`);
+            if (format !== 'json') {
+                console.log(`About to archive ${tasks.length} task(s):`);
+                for (const task of tasks.slice(0, 10)) {
+                    console.log(`  [${task.id}] ${task.text}`);
+                }
+                if (tasks.length > 10) {
+                    console.log(`  ... and ${tasks.length - 10} more`);
+                }
             }
-            // Confirmation prompt
             confirmAction('Continue?', (confirmed) => {
                 if (confirmed) {
                     const count = db.bulkArchive(filters, 'human');
-                    console.log(`Archived ${count} task(s).`);
+                    console.log(renderSuccess(`Archived ${count} task(s).`, format, { count }));
                 }
                 else {
-                    console.log('Cancelled.');
+                    console.log(format === 'json' ? JSON.stringify({ success: false, message: 'Cancelled' }) : 'Cancelled.');
                 }
                 db.close();
                 process.exit(0);
@@ -509,19 +530,21 @@ program
         }
         // Multiple task operation
         if (!ids) {
-            console.error('Error: Task ID required (or use --all/--status)');
+            console.error(renderError(new Error('Task ID required (or use --all/--status)'), format));
             process.exit(1);
         }
         const resolvedIds = resolveIds(db, ids);
+        const archived = [];
         for (const resolvedId of resolvedIds) {
             db.archiveTask(resolvedId, 'human');
-            console.log(`Archived: ${resolvedId}`);
+            archived.push(resolvedId);
         }
+        console.log(renderSuccess(`Archived: ${archived.join(', ')}`, format, { ids: archived, count: archived.length }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -530,17 +553,19 @@ program
     .command('unarchive')
     .description('Unarchive a task')
     .argument('<id>', 'Task ID or prefix')
-    .action((idOrPrefix) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.unarchiveTask(id, 'human');
-        console.log(`Unarchived: ${id}`);
+        console.log(renderSuccess(`Unarchived: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -549,17 +574,19 @@ program
     .command('confirm')
     .description('Confirm agent-proposed task')
     .argument('<id>', 'Task ID or prefix')
-    .action((idOrPrefix) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.confirmTask(id, 'human');
-        console.log(`Confirmed: ${id}`);
+        console.log(renderSuccess(`Confirmed: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -569,17 +596,19 @@ program
     .description('Reject agent-proposed task')
     .argument('<id>', 'Task ID or prefix')
     .option('--reason <text>', 'Reason for rejection')
+    .option('--json', 'Output as JSON')
     .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.rejectTask(id, 'human', options.reason);
-        console.log(`Rejected: ${id}`);
+        console.log(renderSuccess(`Rejected: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -590,7 +619,9 @@ program
     .argument('<id>', 'Task ID or prefix to block')
     .argument('<arg2>', 'Blocker ID or "by"')
     .argument('[blocker]', 'Blocker task ID (if arg2 was "by")')
-    .action((idOrPrefix, arg2, blockerArg) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, arg2, blockerArg, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
@@ -609,12 +640,12 @@ program
         }
         const blocker = resolveId(db, blockerPrefix);
         db.blockTask(id, blocker, 'human');
-        console.log(`Blocked ${id} by ${blocker}`);
+        console.log(renderSuccess(`Blocked ${id} by ${blocker}`, format, { id, blockerId: blocker }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -623,17 +654,19 @@ program
     .command('unblock')
     .description('Unblock a task')
     .argument('<id>', 'Task ID or prefix')
-    .action((idOrPrefix) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.unblockTask(id, 'human');
-        console.log(`Unblocked: ${id}`);
+        console.log(renderSuccess(`Unblocked: ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -645,26 +678,22 @@ program
     .option('-l, --level <level>', 'Autonomy level', 'collab')
     .option('-u, --urgency <urgency>', 'Urgency', 'whenever')
     .option('-p, --project <project>', 'Project tag (+ prefix optional)')
+    .option('--json', 'Output as JSON')
     .action((text, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
-        // Check proposal limits
-        const proposedCount = db.countProposed();
-        if (proposedCount >= 5) {
-            console.error('Error: Too many proposed tasks (max 5 active)');
-            process.exit(1);
-        }
         const id = db.createTask(text, 'agent', {
             autonomy: options.level,
             urgency: options.urgency,
             project: normalizeProject(options.project),
         });
-        console.log(`Proposed: ${id} (awaiting confirmation)`);
+        console.log(renderSuccess(`Proposed: ${id} (awaiting confirmation)`, format, { id, status: 'proposed' }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });
@@ -674,17 +703,19 @@ program
     .description('Add a note to a task')
     .argument('<id>', 'Task ID or prefix')
     .argument('<text>', 'Note text')
-    .action((idOrPrefix, text) => {
+    .option('--json', 'Output as JSON')
+    .action((idOrPrefix, text, options) => {
+    const format = options.json ? 'json' : 'text';
     try {
         const db = getDb();
         const id = resolveId(db, idOrPrefix);
         db.addNote(id, text, 'human');
-        console.log(`Note added to ${id}`);
+        console.log(renderSuccess(`Note added to ${id}`, format, { id }));
         db.close();
         process.exit(0);
     }
     catch (error) {
-        console.error(`Error: ${error.message}`);
+        console.error(renderError(error, format));
         process.exit(1);
     }
 });

package/dist/sanitize.js

@@ -3,7 +3,7 @@
  * Defense-in-depth: structural tags + pattern stripping + size limits.
  * Adapted from molt/src/sanitize.ts
  */
-import { randomBytes } from 'crypto';
+import { randomInt } from 'crypto';
 // Strip patterns that look like prompt injection attempts
 // Focus on critical patterns only (role hijacking, instruction override, code execution, credential exfil, tool invocations)
 const INJECTION_PATTERNS = [
@@ -128,13 +128,13 @@ export function validateTaskId(id) {
         return false;
     return /^[a-z0-9]{8}$/.test(id);
 }
-// Generate random task ID using crypto.randomBytes for cryptographic strength
+// Generate random task ID using crypto.randomInt for uniform distribution.
+// randomInt uses rejection sampling internally — no modulo bias.
 export function generateTaskId() {
     const chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-    const bytes = randomBytes(LIMITS.taskId);
     let id = '';
     for (let i = 0; i < LIMITS.taskId; i++) {
-        id += chars[bytes[i] % chars.length];
+        id += chars[randomInt(chars.length)];
     }
     return id;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawdo",
-  "version": "1.0.1",
+  "version": "1.1.1",
   "description": "Personal task queue with autonomous execution — claw + to-do",
   "type": "module",
   "main": "dist/index.js",