codemini-cli 0.3.2 → 0.3.3

package/src/core/chat-runtime.js

@@ -13,13 +13,6 @@ import { listSessions, loadSession, pruneSessions, saveSession } from './session
 import { getConfigValue, loadConfig, resetConfig, setConfigValue } from './config-store.js';
 import { evaluateCommandPolicy } from './command-policy.js';
 import { appendInputHistory, loadInputHistory } from './input-history-store.js';
-import {
-  clearTasks,
-  createTasks,
-  deleteTasks,
-  loadTasks,
-  updateTask
-} from './task-store.js';
 import { createCheckpoint, listCheckpoints, loadCheckpoint } from './checkpoint-store.js';
 import {
   compactMessagesLocally,
@@ -32,6 +25,7 @@ import { getProjectPlansDir, getProjectSpecsDir, getProjectWorkspaceDir, getSess
 import { buildProjectContextSnippet, initializeProjectIndex } from './project-index.js';
 import { buildMemorySnapshot } from './memory-prompt.js';
 import { forgetMemory, listMemories, searchMemories } from './memory-store.js';
+import { countActiveTodos, normalizeTodos } from './todo-state.js';
 
 function toOpenAIMessages(sessionMessages) {
   const mapped = [];
@@ -143,7 +137,6 @@ function getCompletionCopy(language = 'zh') {
         status: '查看运行状态（mode/model/session）',
         mode: '设置执行模式：normal|auto|plan',
         compact: '压缩消息上下文',
-        tasks: '任务面板管理',
         checkpoint: '创建/查看/加载检查点',
         spec: '在 .codemini/specs 中创建 spec',
         plan: '在 .codemini/plans 中创建实施计划',
@@ -158,7 +151,6 @@ function getCompletionCopy(language = 'zh') {
         configCommand: '配置命令',
         historyCommand: '历史会话命令',
         modeCommand: '切换执行模式',
-        taskCommand: '任务面板命令',
         checkpointCommand: '检查点命令',
         specCommand: '创建 spec 文件',
         planCommand: '规划命令',
@@ -232,7 +224,6 @@ function getCompletionCopy(language = 'zh') {
         status: 'show runtime status (mode/model/session)',
         mode: 'set execution mode: normal|auto|plan',
         compact: 'compress message context',
-        tasks: 'task board management',
         checkpoint: 'create/list/load conversation checkpoints',
         spec: 'create a spec markdown file in .codemini/specs',
         plan: 'create an implementation plan markdown file in .codemini/plans',
@@ -247,7 +238,6 @@ function getCompletionCopy(language = 'zh') {
         configCommand: 'config command',
         historyCommand: 'history command',
         modeCommand: 'switch execution mode',
-        taskCommand: 'task board command',
         checkpointCommand: 'checkpoint command',
         specCommand: 'create a spec file',
         planCommand: 'planning command',
@@ -276,7 +266,7 @@ const SUB_AGENT_CONTEXT_MAX_MESSAGES = 4;
 const SUB_AGENT_CONTEXT_MAX_CHARS = 1200;
 const SUB_AGENT_EVIDENCE_MAX_ITEMS = 3;
 const SUB_AGENT_HANDOFF_MAX_ITEMS = 6;
-function getSubAgentRolePrompt(role) {
+export function getSubAgentRolePrompt(role) {
   if (role === 'planner') {
     return 'You are a planning sub-agent. Produce a concrete implementation plan with risks and verification.';
   }
@@ -315,7 +305,11 @@ function getSubAgentRolePrompt(role) {
       '- <single best next step>'
     ].join('\n');
   }
-  return 'You are an execution sub-agent. Produce practical implementation guidance with code-level detail.';
+  return [
+    'You are an execution sub-agent. Produce practical implementation guidance with code-level detail.',
+    'Stop when: you have produced the code change and verified it compiles/passes basic checks.',
+    'If blocked: report what blocked you and what you tried, then stop.'
+  ].join('\n');
 }
 
 function trimInlineText(value, maxLen = 220) {
@@ -1753,14 +1747,19 @@ async function askModel({
 
   const projectContextSnippet = await buildProjectContextSnippet(process.cwd(), text).catch(() => '');
   const effectiveSystemPrompt = projectContextSnippet
-    ? `${systemPrompt}\n\n${projectContextSnippet}\n\nUse this project context as lightweight guidance. Query the project index before broad globs or reading many files, then use targeted reads for fresh verification.`
+    ? `${systemPrompt}\n\n${projectContextSnippet}\n\nUse this project context as lightweight guidance and verify important details with fresh reads when needed.`
     : systemPrompt;
 
   const { definitions, handlers, formatters, deferredDefinitions } = getBuiltinTools({
     workspaceRoot: process.cwd(),
     config,
     sessionId: session.id,
-    onSystemEvent: onAgentEvent
+    onSystemEvent: onAgentEvent,
+    getTodos: () => normalizeTodos(session.todos),
+    onTodosUpdate: (todos) => {
+      session.todos = normalizeTodos(todos);
+      scheduleSessionSave();
+    }
   });
 
   let activeAssistantIndex = -1;
@@ -2122,6 +2121,17 @@ export async function createChatRuntime({
       summary: initialIndex.summary
     });
   }
+  const initialTodos = normalizeTodos(session?.todos);
+  if (initialTodos.length > 0) {
+    startupEvents.push({
+      type: 'tool',
+      id: `startup-todos-${String(session?.id || 'session')}`,
+      name: 'update_todos',
+      status: 'done',
+      arguments: { todos: initialTodos },
+      summary: `${initialTodos.length} todo item(s)`
+    });
+  }
   let currentSession = session;
   let config = initialConfig;
   const baseSystemPrompt = systemPrompt;
@@ -2211,7 +2221,6 @@ export async function createChatRuntime({
     '/memory',
     '/mode',
     '/plan',
-    '/tasks',
     '/history',
     '/checkpoint',
     '/agents',
@@ -2230,7 +2239,6 @@ export async function createChatRuntime({
       { name: 'status', description: completionCopy.commands.status },
       { name: 'mode', description: completionCopy.commands.mode },
       { name: 'compact', description: completionCopy.commands.compact },
-      { name: 'tasks', description: completionCopy.commands.tasks },
       { name: 'checkpoint', description: completionCopy.commands.checkpoint },
       { name: 'spec', description: completionCopy.commands.spec },
       { name: 'plan', description: completionCopy.commands.plan },
@@ -2275,7 +2283,6 @@ export async function createChatRuntime({
   const historyTemplates = ['/history list', '/history current', '/history resume <session_id>'];
   const memoryTemplates = ['/memory list <scope>', '/memory search <scope> <query>', '/memory forget <scope> <id>'];
   const modeTemplates = ['/mode normal', '/mode auto', '/mode plan'];
-  const taskTemplates = ['/tasks', '/tasks add <title>', '/tasks start <id>', '/tasks done <id>', '/tasks remove <id>', '/tasks clear'];
   const checkpointTemplates = [
     '/checkpoint create <name>',
     '/checkpoint list',
@@ -2292,7 +2299,6 @@ export async function createChatRuntime({
     ...memoryTemplates,
     ...historyTemplates,
     ...modeTemplates,
-    ...taskTemplates,
     ...checkpointTemplates,
     ...specTemplates,
     ...planTemplates,
@@ -2338,7 +2344,6 @@ export async function createChatRuntime({
       'memory',
       'compact',
       'mode',
-      'tasks',
       'checkpoint',
       'plan',
       'agents',
@@ -2358,7 +2363,6 @@ export async function createChatRuntime({
     for (const template of memoryTemplates) registerSuggestion(template, completionCopy.generic.memoryCommand);
     for (const template of historyTemplates) registerSuggestion(template, completionCopy.generic.historyCommand);
     for (const template of modeTemplates) registerSuggestion(template, completionCopy.generic.modeCommand);
-    for (const template of taskTemplates) registerSuggestion(template, completionCopy.generic.taskCommand);
     for (const template of checkpointTemplates) registerSuggestion(template, completionCopy.generic.checkpointCommand);
     for (const template of specTemplates) registerSuggestion(template, completionCopy.generic.specCommand);
     for (const template of planTemplates) {
@@ -2460,15 +2464,6 @@ export async function createChatRuntime({
       }
       return materializeSuggestions(modeTemplates);
     }
-    if (commandPart === 'tasks') {
-      if (tokens.length <= 2 && !hasTrailingSpace) {
-        const sub = tokens[1] || '';
-        return ['add', 'start', 'done', 'remove', 'rm', 'clear']
-          .filter((s) => s.startsWith(sub))
-          .map((s) => registerSuggestion(`/tasks ${s}`, completionCopy.generic.taskCommand));
-      }
-      return materializeSuggestions(taskTemplates);
-    }
     if (commandPart === 'checkpoint') {
       if (tokens.length <= 2 && !hasTrailingSpace) {
         const sub = tokens[1] || '';
@@ -2614,7 +2609,7 @@ export async function createChatRuntime({
       workspaceRoot: process.cwd()
     }).catch(() => '');
     const memoryGuide =
-      'Persistent memory is for durable preferences, project conventions, and stable workflow knowledge. Use fresh file reads when the code can verify details. Only write memory when the fact is likely to matter in future sessions, is stable over time, and is not sensitive. Do not store temporary task details, speculative guesses, or secrets. Choose remember_user for user preferences, communication habits, and long-term constraints. Choose remember_global for reusable workflow knowledge that helps across many projects. Choose remember_project for repository-specific conventions, architecture notes, important modules, and local workflow expectations. When memory includes command names, file paths, identifiers, or exact wording, preserve those tokens exactly instead of paraphrasing them.';
+      'Persistent memory stores durable preferences and stable workflow knowledge. Verify changeable details from files, and only write memory for future-useful, non-sensitive facts.';
     return [soulPrompt, memorySnapshot, memoryGuide].filter(Boolean).join('\n\n');
   };
 
@@ -2633,7 +2628,6 @@ export async function createChatRuntime({
       'commands',
       'status',
       'mode',
-      'tasks',
       'checkpoint',
       'history',
       'memory',
@@ -2664,14 +2658,14 @@ export async function createChatRuntime({
       if (parsedInput.command === 'help') {
         return {
           type: 'system',
-          text: 'Commands: /help /exit /commands /status /mode /compact /tasks /checkpoint /spec /plan /agents /config /memory /history /debug /retry /<custom> !<shell>'
+          text: 'Commands: /help /exit /commands /status /mode /compact /checkpoint /spec /plan /agents /config /memory /history /debug /retry /<custom> !<shell>'
         };
       }
       if (parsedInput.command === 'status') {
-        const taskCount = (await loadTasks(process.cwd(), currentSession.id)).length;
+        const todoCount = countActiveTodos(currentSession.todos);
         return {
           type: 'system',
-          text: `mode=${executionMode} | model=${model || config.model.name} | max_ctx=${effectiveMaxContextTokens(config)} | session=${currentSession.id} | tasks=${taskCount}`
+          text: `mode=${executionMode} | model=${model || config.model.name} | max_ctx=${effectiveMaxContextTokens(config)} | session=${currentSession.id} | todos=${todoCount}`
         };
       }
       if (parsedInput.command === 'mode') {
@@ -2689,74 +2683,15 @@ export async function createChatRuntime({
         await persistLocalExchange(line, text);
         return { type: 'system', text };
       }
-      if (parsedInput.command === 'tasks') {
-        const sub = (parsedInput.args[0] || '').trim().toLowerCase();
-        if (!sub) {
-          const tasks = await loadTasks(process.cwd(), currentSession.id);
-          if (tasks.length === 0) return { type: 'system', text: 'No tasks' };
-          const rows = tasks.map((t, idx) => `${idx + 1}. ${t.id} | ${t.status} | ${t.title}`);
-          return { type: 'system', text: rows.join('\n') };
-        }
-        if (sub === 'add') {
-          const title = parsedInput.args.slice(1).join(' ').trim();
-          if (!title) return { type: 'system', text: 'Usage: /tasks add <title>' };
-          const created = await createTasks([{ title }], process.cwd(), currentSession.id);
-          const text = `Created task: ${created[0]?.id || '-'} | ${title}`;
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-        if (sub === 'start') {
-          const id = parsedInput.args[1];
-          if (!id) return { type: 'system', text: 'Usage: /tasks start <id>' };
-          const updated = await updateTask(id, { status: 'in_progress' }, process.cwd(), currentSession.id);
-          if (!updated) return { type: 'system', text: `Task not found: ${id}` };
-          const text = `Task in progress: ${id}`;
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-        if (sub === 'done') {
-          const id = parsedInput.args[1];
-          if (!id) return { type: 'system', text: 'Usage: /tasks done <id>' };
-          const updated = await updateTask(id, { status: 'completed' }, process.cwd(), currentSession.id);
-          if (!updated) return { type: 'system', text: `Task not found: ${id}` };
-          const text = `Task completed: ${id}`;
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-        if (sub === 'remove' || sub === 'rm') {
-          const id = parsedInput.args[1];
-          if (!id) return { type: 'system', text: 'Usage: /tasks remove <id>' };
-          const result = await deleteTasks([id], process.cwd(), currentSession.id);
-          const text = `Removed=${result.removed}, Remaining=${result.remaining}`;
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-        if (sub === 'clear') {
-          await clearTasks(process.cwd(), currentSession.id);
-          const text = 'All tasks cleared';
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-        // shorthand: /tasks implement x
-        const title = parsedInput.args.join(' ').trim();
-        if (title) {
-          const created = await createTasks([{ title }], process.cwd(), currentSession.id);
-          const text = `Created task: ${created[0]?.id || '-'} | ${title}`;
-          await persistLocalExchange(line, text);
-          return { type: 'system', text };
-        }
-      }
       if (parsedInput.command === 'checkpoint') {
         const sub = (parsedInput.args[0] || 'list').trim().toLowerCase();
         if (sub === 'create') {
           const name = parsedInput.args.slice(1).join(' ').trim();
-          const tasks = await loadTasks(process.cwd(), currentSession.id);
           const cp = await createCheckpoint(
             {
               name,
               session: currentSession,
-              config,
-              tasks
+              config
             },
             process.cwd()
           );
@@ -2791,17 +2726,6 @@ export async function createChatRuntime({
             config = cp.config;
             executionMode = config.execution?.mode || executionMode;
           }
-          if (Array.isArray(cp?.tasks)) {
-            await clearTasks(process.cwd(), currentSession.id);
-            if (cp.tasks.length > 0) {
-              // restore with new ids to avoid stale references
-              await createTasks(
-                cp.tasks.map((t) => ({ title: t.title, description: t.description })),
-                process.cwd(),
-                currentSession.id
-              );
-            }
-          }
           const text = `Checkpoint loaded: ${id}`;
           await persistLocalExchange(line, text, { includeUser: false });
           return { type: 'system', text };

package/src/core/checkpoint-store.js

@@ -16,7 +16,7 @@ function makeId(name = '') {
   return `${stamp}-${slug || 'checkpoint'}`;
 }
 
-export async function createCheckpoint({ name, session, config, tasks }, cwd = process.cwd()) {
+export async function createCheckpoint({ name, session, config }, cwd = process.cwd()) {
   const dir = checkpointsDir(cwd);
   await fs.mkdir(dir, { recursive: true });
   const id = makeId(name);
@@ -26,8 +26,7 @@ export async function createCheckpoint({ name, session, config, tasks }, cwd = p
     name: String(name || ''),
     createdAt: new Date().toISOString(),
     session,
-    config,
-    tasks: Array.isArray(tasks) ? tasks : []
+    config
   };
   await fs.writeFile(filePath, `${JSON.stringify(payload, null, 2)}\n`, 'utf8');
   return payload;

package/src/core/command-policy.js

@@ -8,6 +8,138 @@ function firstToken(command) {
   return base.replace(/\.exe$/i, '');
 }
 
+function splitCommandSegments(command) {
+  const text = String(command || '').trim();
+  if (!text) return [];
+  const segments = [];
+  let current = '';
+  let quote = '';
+  let escapeNext = false;
+
+  for (let i = 0; i < text.length; i += 1) {
+    const ch = text[i];
+    const next = text[i + 1];
+
+    if (escapeNext) {
+      current += ch;
+      escapeNext = false;
+      continue;
+    }
+
+    if (ch === '\\' && quote !== '\'') {
+      current += ch;
+      escapeNext = true;
+      continue;
+    }
+
+    if (quote) {
+      current += ch;
+      if (ch === quote) quote = '';
+      continue;
+    }
+
+    if (ch === '"' || ch === '\'') {
+      quote = ch;
+      current += ch;
+      continue;
+    }
+
+    if ((ch === '&' && next === '&') || (ch === '|' && next === '|')) {
+      if (current.trim()) segments.push(current.trim());
+      current = '';
+      i += 1;
+      continue;
+    }
+
+    if (ch === '|' || ch === ';' || ch === '&') {
+      if (current.trim()) segments.push(current.trim());
+      current = '';
+      continue;
+    }
+
+    current += ch;
+  }
+
+  if (current.trim()) segments.push(current.trim());
+  return segments;
+}
+
+function tokenizeTopLevel(command) {
+  const text = String(command || '').trim();
+  if (!text) return [];
+  const tokens = [];
+  let current = '';
+  let quote = '';
+  let escapeNext = false;
+
+  for (let i = 0; i < text.length; i += 1) {
+    const ch = text[i];
+    if (escapeNext) {
+      current += ch;
+      escapeNext = false;
+      continue;
+    }
+    if (ch === '\\' && quote !== '\'') {
+      escapeNext = true;
+      continue;
+    }
+    if (quote) {
+      if (ch === quote) {
+        quote = '';
+      } else {
+        current += ch;
+      }
+      continue;
+    }
+    if (ch === '"' || ch === '\'') {
+      quote = ch;
+      continue;
+    }
+    if (/\s/.test(ch)) {
+      if (current) {
+        tokens.push(current);
+        current = '';
+      }
+      continue;
+    }
+    current += ch;
+  }
+
+  if (current) tokens.push(current);
+  return tokens;
+}
+
+function unwrapShellPayload(command) {
+  const tokens = tokenizeTopLevel(command);
+  const token = firstToken(command);
+  if (!['bash', 'sh', 'zsh', 'powershell', 'pwsh', 'cmd'].includes(token)) return '';
+
+  const index = tokens.findIndex((item, itemIndex) => {
+    if (token === 'cmd') return itemIndex > 0 && /^\/c$/i.test(item);
+    return /^-(?:c|lc|command)$/i.test(item);
+  });
+  if (index < 0 || index + 1 >= tokens.length) return '';
+  return tokens.slice(index + 1).join(' ').trim();
+}
+
+function collectCommandTokens(command) {
+  const cmd = String(command || '').trim();
+  if (!cmd) return [];
+
+  const chained = splitCommandSegments(cmd);
+  if (chained.length > 1) {
+    return chained.flatMap((segment) => collectCommandTokens(segment));
+  }
+
+  const token = firstToken(cmd);
+  const out = token ? [{ token, raw: cmd }] : [];
+  const wrapped = unwrapShellPayload(cmd);
+  if (wrapped && wrapped !== cmd) {
+    out.push(...collectCommandTokens(wrapped));
+  }
+  return out;
+}
+
 function includesAny(haystackLower, patterns = []) {
   return patterns.some((p) => haystackLower.includes(String(p).toLowerCase()));
 }
@@ -46,17 +178,19 @@ export function evaluateCommandPolicy(command, config, workspaceRoot = process.c
   }
 
   const token = firstToken(cmd);
-  if (includesAny(token, policy.blocked_commands)) {
-    return { allowed: false, reason: `blocked command: ${token}`, suggestion: suggestionForToken(token, config) };
-  }
-
+  const inspectedTokens = collectCommandTokens(cmd);
   const allowlist = Array.isArray(policy.command_allowlist) ? policy.command_allowlist : [];
-  if (allowlist.length > 0 && !allowlist.includes(token)) {
-    return {
-      allowed: false,
-      reason: `command not in allowlist: ${token}`,
-      suggestion: suggestionForToken(token, config)
-    };
+  for (const item of inspectedTokens) {
+    if (includesAny(item.token, policy.blocked_commands)) {
+      return { allowed: false, reason: `blocked command: ${item.token}`, suggestion: suggestionForToken(item.token, config) };
+    }
+    if (allowlist.length > 0 && !allowlist.includes(item.token)) {
+      return {
+        allowed: false,
+        reason: `command not in allowlist: ${item.token}`,
+        suggestion: suggestionForToken(item.token, config)
+      };
+    }
   }
 
   const workspaceLower = String(workspaceRoot).toLowerCase().replace(/\//g, '\\');

package/src/core/config-store.js

@@ -46,11 +46,9 @@ const DEFAULT_CONFIG = {
       'run',
       'patch',
       'generate_diff',
-      'start_service',
-      'list_services',
-      'get_service_status',
-      'get_service_logs',
-      'stop_service'
+      'list_background_tasks',
+      'get_background_task',
+      'stop_background_task'
     ],
     max_steps: 16
   },
@@ -154,11 +152,9 @@ function normalizePolicyLists(config) {
       'write',
       'run',
       'generate_diff',
-      'start_service',
-      'list_services',
-      'get_service_status',
-      'get_service_logs',
-      'stop_service',
+      'list_background_tasks',
+      'get_background_task',
+      'stop_background_task',
       ...rawTools
     ].filter((name) => String(name) !== 'list_files')
   );

package/src/core/context-compact.js

@@ -19,7 +19,13 @@ export function estimateMessagesTokens(messages) {
   for (const message of messages || []) {
     const roleOverhead = 6;
     const text = textFromContent(message.content);
-    total += roleOverhead + Math.ceil(text.length / 4);
+    let asciiChars = 0;
+    let nonAsciiChars = 0;
+    for (const char of text) {
+      if (char.charCodeAt(0) <= 0x7f) asciiChars += 1;
+      else nonAsciiChars += 1;
+    }
+    total += roleOverhead + Math.ceil(asciiChars / 4) + Math.ceil(nonAsciiChars / 2);
   }
   return total;
 }

package/src/core/default-system-prompt.js

@@ -18,6 +18,11 @@ Assistant: first narrow the search with the project index
 Tool: query_project_index({"query":"auth flow","path":"src","max_results":3})
 Tool: read({"file_path":"${cwd}/src/auth/service.ts"})
 
+If the visible tool list does not include a needed capability, load it with tool_search instead of assuming it does not exist.
+Example:
+Tool: tool_search({"query":"glob"})
+Tool: glob({"pattern":"src/**/*.ts"})
+
 2. Targeted search then exact text edit
 User: rename loginUser to signInUser
 Assistant: first find the exact occurrences
@@ -29,7 +34,13 @@ User: inspect the reducer around line 120
 Assistant: read only the needed range
 Tool: read({"path":"${cwd}/src/store/reducer.ts:110-150"})
 
-4. Create a new file
+4. Track a complex task with todos
+User: update the login flow and verify it
+Assistant: create a focused todo checklist before starting
+Tool: update_todos({"todos":[{"content":"Inspect the current login flow","activeForm":"Inspecting the current login flow","status":"in_progress"},{"content":"Implement the requested login changes","activeForm":"Implementing the requested login changes","status":"pending"},{"content":"Run focused verification for the login flow","activeForm":"Running focused verification for the login flow","status":"pending"}]})
+Assistant: keep the checklist updated as each phase finishes, and do not give a completion-style wrap-up until the checklist is complete or a blocker is recorded
+
+5. Create a new file
 User: add a notes file
 Assistant: create the file directly
 Tool: write({"file":"${cwd}/notes.txt","text":"todo\\n"})

package/src/core/memory-policy.js

@@ -1,5 +1,11 @@
 const SECRET_PATTERNS = [
   /\b(api[_-]?key|token|secret|password|passwd|bearer)\b/i,
+  /\b(database_url|aws_secret_access_key|aws_access_key_id|openai_api_key|github_token|github_pat|slack_bot_token)\b\s*[:=]\s*\S+/i,
+  /\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis):\/\/[^/\s:@]+:[^@\s]+@/i,
+  /\bAKIA[0-9A-Z]{16}\b/,
+  /\bghp_[a-z0-9]{20,}\b/i,
+  /\bgithub_pat_[a-z0-9_]{20,}\b/i,
+  /\bglpat-[a-z0-9_-]{20,}\b/i,
   /\bsk-[a-z0-9]{8,}\b/i,
   /-----BEGIN [A-Z ]+PRIVATE KEY-----/i
 ];

package/src/core/session-store.js

@@ -1,6 +1,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
 import { getSessionsDir } from './paths.js';
+import { normalizeTodos } from './todo-state.js';
 
 const ALLOWED_ROLES = new Set(['system', 'user', 'assistant', 'tool']);
 
@@ -86,6 +87,9 @@ function sanitizeSession(session, fallbackId = '') {
     }
   }
 
+  const todos = normalizeTodos(session?.todos);
+  if (todos.length > 0) out.todos = todos;
+
   return out;
 }