commandmate 0.3.1 → 0.3.3

package/dist/server/src/lib/cli-tools/vibe-local.js

@@ -0,0 +1,163 @@
+"use strict";
+/**
+ * Vibe Local CLI tool implementation
+ * Provides integration with vibe-local (vibe-coder) in interactive mode
+ *
+ * @remarks Issue #368: Rewritten from non-interactive pipe mode to interactive REPL mode.
+ * Previous implementation used `echo 'msg' | vibe-local` which caused the process to exit
+ * immediately with "(Cancelled)" + "Goodbye!", making response polling impossible.
+ * Now launches `vibe-local -y` in interactive mode within tmux (same approach as Claude/Codex/Gemini).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VibeLocalTool = void 0;
+const base_1 = require("./base");
+const types_1 = require("./types");
+const tmux_1 = require("../tmux");
+const pasted_text_helper_1 = require("../pasted-text-helper");
+const db_instance_1 = require("../db-instance");
+const db_1 = require("../db");
+/**
+ * Extract error message from unknown error type (DRY)
+ */
+function getErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+/**
+ * Wait for vibe-local to initialize after launch.
+ * vibe-local shows a permission check prompt, banner, and model loading.
+ */
+const VIBE_LOCAL_INIT_WAIT_MS = 5000;
+/**
+ * Vibe Local CLI tool implementation
+ * Manages vibe-local interactive sessions using tmux
+ */
+class VibeLocalTool extends base_1.BaseCLITool {
+    id = 'vibe-local';
+    name = 'Vibe Local';
+    command = 'vibe-local';
+    /**
+     * Check if vibe-local session is running for a worktree
+     */
+    async isRunning(worktreeId) {
+        const sessionName = this.getSessionName(worktreeId);
+        return await (0, tmux_1.hasSession)(sessionName);
+    }
+    /**
+     * Start a new vibe-local session for a worktree
+     * Launches `vibe-local -y` in interactive mode within tmux
+     *
+     * @param worktreeId - Worktree ID
+     * @param worktreePath - Worktree path
+     */
+    async startSession(worktreeId, worktreePath) {
+        const vibeLocalAvailable = await this.isInstalled();
+        if (!vibeLocalAvailable) {
+            throw new Error('vibe-local is not installed or not in PATH');
+        }
+        const sessionName = this.getSessionName(worktreeId);
+        const exists = await (0, tmux_1.hasSession)(sessionName);
+        if (exists) {
+            console.log(`Vibe Local session ${sessionName} already exists`);
+            return;
+        }
+        try {
+            // Create tmux session with large history buffer
+            await (0, tmux_1.createSession)({
+                sessionName,
+                workingDirectory: worktreePath,
+                historyLimit: 50000,
+            });
+            // Wait a moment for the session to be created
+            await new Promise((resolve) => setTimeout(resolve, 100));
+            // Read Ollama model preference from DB
+            // [SEC-001] Re-validate model name at point of use (defense-in-depth)
+            let vibeLocalCommand = 'vibe-local -y';
+            try {
+                const db = (0, db_instance_1.getDbInstance)();
+                const wt = (0, db_1.getWorktreeById)(db, worktreeId);
+                if (wt?.vibeLocalModel && types_1.OLLAMA_MODEL_PATTERN.test(wt.vibeLocalModel)) {
+                    vibeLocalCommand = `vibe-local -y -m ${wt.vibeLocalModel}`;
+                }
+            }
+            catch {
+                // DB read failure is non-fatal; use default model
+            }
+            // Start vibe-local in interactive mode with auto-approve (-y)
+            // -y flag skips the permission confirmation prompt
+            await (0, tmux_1.sendKeys)(sessionName, vibeLocalCommand, true);
+            // Wait for vibe-local to initialize (banner + model loading)
+            await new Promise((resolve) => setTimeout(resolve, VIBE_LOCAL_INIT_WAIT_MS));
+            console.log(`✓ Started Vibe Local session: ${sessionName}`);
+        }
+        catch (error) {
+            const errorMessage = getErrorMessage(error);
+            throw new Error(`Failed to start Vibe Local session: ${errorMessage}`);
+        }
+    }
+    /**
+     * Send a message to vibe-local interactive session
+     *
+     * @param worktreeId - Worktree ID
+     * @param message - Message to send
+     */
+    async sendMessage(worktreeId, message) {
+        const sessionName = this.getSessionName(worktreeId);
+        const exists = await (0, tmux_1.hasSession)(sessionName);
+        if (!exists) {
+            throw new Error(`Vibe Local session ${sessionName} does not exist. Start the session first.`);
+        }
+        try {
+            // Send message to vibe-local (without Enter)
+            await (0, tmux_1.sendKeys)(sessionName, message, false);
+            // Wait a moment for the text to be typed
+            await new Promise((resolve) => setTimeout(resolve, 100));
+            // vibe-local uses IME mode: first Enter creates a new line,
+            // second Enter on empty line submits the message.
+            // Send Enter twice with a short delay between.
+            await (0, tmux_1.sendSpecialKey)(sessionName, 'C-m');
+            await new Promise((resolve) => setTimeout(resolve, 200));
+            await (0, tmux_1.sendSpecialKey)(sessionName, 'C-m');
+            // Wait a moment for the message to be processed
+            await new Promise((resolve) => setTimeout(resolve, 200));
+            // Detect [Pasted text] and resend Enter for multi-line messages
+            if (message.includes('\n')) {
+                await (0, pasted_text_helper_1.detectAndResendIfPastedText)(sessionName);
+            }
+            console.log(`✓ Sent message to Vibe Local session: ${sessionName}`);
+        }
+        catch (error) {
+            const errorMessage = getErrorMessage(error);
+            throw new Error(`Failed to send message to Vibe Local: ${errorMessage}`);
+        }
+    }
+    /**
+     * Kill vibe-local session
+     *
+     * @param worktreeId - Worktree ID
+     */
+    async killSession(worktreeId) {
+        const sessionName = this.getSessionName(worktreeId);
+        try {
+            const exists = await (0, tmux_1.hasSession)(sessionName);
+            if (exists) {
+                // Send Ctrl+C to interrupt any running operation
+                await (0, tmux_1.sendSpecialKey)(sessionName, 'C-c');
+                await new Promise((resolve) => setTimeout(resolve, 300));
+                // Send Ctrl+C again to ensure exit
+                await (0, tmux_1.sendSpecialKey)(sessionName, 'C-c');
+                await new Promise((resolve) => setTimeout(resolve, 500));
+            }
+            // Kill the tmux session
+            const killed = await (0, tmux_1.killSession)(sessionName);
+            if (killed) {
+                console.log(`✓ Stopped Vibe Local session: ${sessionName}`);
+            }
+        }
+        catch (error) {
+            const errorMessage = getErrorMessage(error);
+            console.error(`Error stopping Vibe Local session: ${errorMessage}`);
+            throw error;
+        }
+    }
+}
+exports.VibeLocalTool = VibeLocalTool;

package/dist/server/src/lib/cmate-parser.js

@@ -0,0 +1,262 @@
+"use strict";
+/**
+ * CMATE.md Parser
+ * Issue #294: Schedule execution feature
+ *
+ * Parses CMATE.md files (Markdown table format) from worktree root directories.
+ * Provides a generic table parser and a specialized schedule section parser.
+ *
+ * Security:
+ * - Path traversal prevention (realpath + worktree directory validation)
+ * - Unicode control character sanitization
+ * - Name validation with strict pattern matching
+ * - Cron expression validation
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MIN_CRON_INTERVAL = exports.CONTROL_CHAR_REGEX = exports.isValidCronExpression = exports.MAX_SCHEDULE_ENTRIES = exports.MAX_CRON_EXPRESSION_LENGTH = exports.NAME_PATTERN = exports.CMATE_FILENAME = void 0;
+exports.sanitizeMessageContent = sanitizeMessageContent;
+exports.validateCmatePath = validateCmatePath;
+exports.parseCmateFile = parseCmateFile;
+exports.parseSchedulesSection = parseSchedulesSection;
+exports.readCmateFile = readCmateFile;
+const fs_1 = require("fs");
+const path_1 = __importDefault(require("path"));
+const types_1 = require("../lib/cli-tools/types");
+const schedule_config_1 = require("../config/schedule-config");
+const cmate_constants_1 = require("../config/cmate-constants");
+Object.defineProperty(exports, "CMATE_FILENAME", { enumerable: true, get: function () { return cmate_constants_1.CMATE_FILENAME; } });
+Object.defineProperty(exports, "NAME_PATTERN", { enumerable: true, get: function () { return cmate_constants_1.NAME_PATTERN; } });
+Object.defineProperty(exports, "MAX_CRON_EXPRESSION_LENGTH", { enumerable: true, get: function () { return cmate_constants_1.MAX_CRON_EXPRESSION_LENGTH; } });
+Object.defineProperty(exports, "MAX_SCHEDULE_ENTRIES", { enumerable: true, get: function () { return cmate_constants_1.MAX_SCHEDULE_ENTRIES; } });
+Object.defineProperty(exports, "isValidCronExpression", { enumerable: true, get: function () { return cmate_constants_1.isValidCronExpression; } });
+/**
+ * @deprecated Use CONTROL_CHAR_PATTERN from '../config/cmate-constants' instead.
+ * Kept for backward compatibility with existing tests.
+ */
+exports.CONTROL_CHAR_REGEX = new RegExp(cmate_constants_1.CONTROL_CHAR_PATTERN.source, 'g');
+/** Minimum cron interval pattern (every minute) */
+exports.MIN_CRON_INTERVAL = '* * * * *';
+// =============================================================================
+// Sanitization
+// =============================================================================
+/**
+ * Remove Unicode control characters from a string.
+ * Preserves tabs (\t), newlines (\n), and carriage returns (\r).
+ *
+ * @param content - Raw string to sanitize
+ * @returns Sanitized string with control characters removed
+ */
+function sanitizeMessageContent(content) {
+    return (0, cmate_constants_1.sanitizeContent)(content);
+}
+// =============================================================================
+// Path Validation
+// =============================================================================
+/**
+ * Validate that a CMATE.md file path is within the expected worktree directory.
+ * Prevents path traversal attacks by resolving symlinks and verifying containment.
+ *
+ * @param filePath - Path to CMATE.md file
+ * @param worktreeDir - Expected worktree directory
+ * @returns true if path is valid and within worktree directory
+ * @throws Error if path traversal is detected
+ */
+function validateCmatePath(filePath, worktreeDir) {
+    const realFilePath = (0, fs_1.realpathSync)(filePath);
+    const realWorktreeDir = (0, fs_1.realpathSync)(worktreeDir);
+    // Ensure the file is within the worktree directory
+    if (!realFilePath.startsWith(realWorktreeDir + path_1.default.sep) &&
+        realFilePath !== path_1.default.join(realWorktreeDir, cmate_constants_1.CMATE_FILENAME)) {
+        throw new Error(`Path traversal detected: ${filePath} is not within ${worktreeDir}`);
+    }
+    return true;
+}
+// =============================================================================
+// Generic Markdown Table Parser
+// =============================================================================
+/**
+ * Parse a CMATE.md file into a generic structure.
+ * Returns a Map where keys are section names (from ## headers)
+ * and values are arrays of row data (each row is an array of cell values).
+ *
+ * [S1-010] Generic design: returns Map<string, string[][]>
+ *
+ * @param content - Raw CMATE.md file content
+ * @returns Map of section name to table rows
+ */
+function parseCmateFile(content) {
+    const result = new Map();
+    const lines = content.split('\n');
+    let currentSection = null;
+    let headerParsed = false;
+    let separatorParsed = false;
+    for (const line of lines) {
+        const trimmed = line.trim();
+        // Detect section headers (## SectionName)
+        const headerMatch = trimmed.match(/^##\s+(.+)$/);
+        if (headerMatch) {
+            currentSection = headerMatch[1].trim();
+            headerParsed = false;
+            separatorParsed = false;
+            if (!result.has(currentSection)) {
+                result.set(currentSection, []);
+            }
+            continue;
+        }
+        // Skip empty lines
+        if (!trimmed) {
+            continue;
+        }
+        // Skip non-table lines
+        if (!trimmed.startsWith('|')) {
+            continue;
+        }
+        if (!currentSection) {
+            continue;
+        }
+        // Parse table row
+        if (!headerParsed) {
+            // First row is header - skip it
+            headerParsed = true;
+            continue;
+        }
+        if (!separatorParsed) {
+            // Second row is separator (|---|---|) - skip it
+            if (trimmed.match(/^\|[\s-:|]+\|$/)) {
+                separatorParsed = true;
+                continue;
+            }
+            // If it's not a separator, treat it as data
+            separatorParsed = true;
+        }
+        // Parse data row
+        const cells = trimmed
+            .split('|')
+            .slice(1, -1) // Remove leading and trailing empty strings from split
+            .map((cell) => cell.trim());
+        if (cells.length > 0) {
+            result.get(currentSection).push(cells);
+        }
+    }
+    return result;
+}
+// =============================================================================
+// Schedule Section Parser
+// =============================================================================
+/**
+ * Parse the Schedules section of a CMATE.md file into typed ScheduleEntry objects.
+ *
+ * Expected table format:
+ * | Name | Cron | Message | CLI Tool | Enabled |
+ * |------|------|---------|----------|---------|
+ * | daily-review | 0 9 * * * | Review code changes | claude | true |
+ *
+ * Entries with invalid names, cron expressions, or missing required fields
+ * are silently skipped with a console.warn.
+ *
+ * @param rows - Raw table rows from parseCmateFile() for the Schedules section
+ * @returns Array of validated ScheduleEntry objects
+ */
+function parseSchedulesSection(rows) {
+    const entries = [];
+    for (const row of rows) {
+        if (entries.length >= cmate_constants_1.MAX_SCHEDULE_ENTRIES) {
+            console.warn(`[cmate-parser] Maximum schedule entries (${cmate_constants_1.MAX_SCHEDULE_ENTRIES}) reached, skipping remaining`);
+            break;
+        }
+        // Minimum required columns: Name, Cron, Message
+        if (row.length < 3) {
+            console.warn('[cmate-parser] Skipping row with insufficient columns:', row);
+            continue;
+        }
+        const [name, cronExpression, message, cliToolId, enabledStr, permissionStr] = row;
+        // Validate name
+        const sanitizedName = sanitizeMessageContent(name);
+        if (!cmate_constants_1.NAME_PATTERN.test(sanitizedName)) {
+            console.warn(`[cmate-parser] Skipping entry with invalid name: "${sanitizedName}"`);
+            continue;
+        }
+        // Validate cron expression
+        if (!(0, cmate_constants_1.isValidCronExpression)(cronExpression)) {
+            console.warn(`[cmate-parser] Skipping entry "${sanitizedName}" with invalid cron: "${cronExpression}"`);
+            continue;
+        }
+        // Sanitize message
+        const sanitizedMessage = sanitizeMessageContent(message);
+        if (!sanitizedMessage) {
+            console.warn(`[cmate-parser] Skipping entry "${sanitizedName}" with empty message`);
+            continue;
+        }
+        // Parse enabled (default: true)
+        const enabled = enabledStr === undefined ||
+            enabledStr === '' ||
+            enabledStr.toLowerCase() === 'true';
+        // Parse and validate CLI tool ID [SEC-002]
+        const resolvedCliToolId = cliToolId?.trim() || 'claude';
+        if (!(0, types_1.isCliToolType)(resolvedCliToolId)) {
+            console.warn(`[cmate-parser] Skipping entry "${sanitizedName}" with invalid CLI tool: "${resolvedCliToolId}"`);
+            continue;
+        }
+        const defaultPermission = schedule_config_1.DEFAULT_PERMISSIONS[resolvedCliToolId] ?? '';
+        let permission = permissionStr?.trim() || defaultPermission;
+        // Validate permission against allowed values
+        let allowedValues;
+        switch (resolvedCliToolId) {
+            case 'codex':
+                allowedValues = schedule_config_1.CODEX_SANDBOXES;
+                break;
+            case 'gemini':
+            case 'vibe-local':
+                // No permission flags for gemini/vibe-local; only empty string is valid
+                allowedValues = [];
+                if (permission) {
+                    console.warn(`[cmate-parser] Permission "${permission}" ignored for ${resolvedCliToolId} in entry "${sanitizedName}" (no permission flags supported)`);
+                    permission = '';
+                }
+                break;
+            default:
+                allowedValues = schedule_config_1.CLAUDE_PERMISSIONS;
+                break;
+        }
+        if (allowedValues.length > 0 && permission && !allowedValues.includes(permission)) {
+            console.warn(`[cmate-parser] Invalid permission "${permission}" for ${resolvedCliToolId} in entry "${sanitizedName}", using default "${defaultPermission}"`);
+            permission = defaultPermission;
+        }
+        entries.push({
+            name: sanitizedName,
+            cronExpression: cronExpression.trim(),
+            message: sanitizedMessage,
+            cliToolId: resolvedCliToolId,
+            enabled,
+            permission,
+        });
+    }
+    return entries;
+}
+/**
+ * Read and parse a CMATE.md file from a worktree directory.
+ *
+ * @param worktreeDir - Path to the worktree directory
+ * @returns Parsed CmateConfig, or null if the file doesn't exist
+ * @throws Error if path traversal is detected
+ */
+function readCmateFile(worktreeDir) {
+    const filePath = path_1.default.join(worktreeDir, cmate_constants_1.CMATE_FILENAME);
+    try {
+        // Validate path before reading
+        validateCmatePath(filePath, worktreeDir);
+        const content = (0, fs_1.readFileSync)(filePath, 'utf-8');
+        return parseCmateFile(content);
+    }
+    catch (error) {
+        if (error instanceof Error &&
+            'code' in error &&
+            error.code === 'ENOENT') {
+            return null;
+        }
+        throw error;
+    }
+}

package/dist/server/src/lib/db-instance.js

@@ -45,6 +45,9 @@ function getDbInstance() {
             fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
         }
         dbInstance = new better_sqlite3_1.default(dbPath);
+        // Issue #294: Enable foreign key enforcement BEFORE migrations
+        // This ensures ON DELETE CASCADE works correctly for all tables
+        dbInstance.pragma('foreign_keys = ON');
         (0, db_migrations_1.runMigrations)(dbInstance);
     }
     return dbInstance;

package/dist/server/src/lib/db-migrations.js

@@ -19,7 +19,7 @@ const db_1 = require("./db");
  * Current schema version
  * Increment this when adding new migrations
  */
-exports.CURRENT_SCHEMA_VERSION = 16;
+exports.CURRENT_SCHEMA_VERSION = 19;
 /**
  * Migration registry
  * All migrations should be added to this array in order
@@ -717,6 +717,149 @@ const migrations = [
       `);
             console.log('✓ Removed issue_no column from external_apps table');
         }
+    },
+    {
+        version: 17,
+        name: 'add-scheduled-executions-and-execution-logs',
+        up: (db) => {
+            // Issue #294: Schedule execution feature
+            // [S3-002] Clean up orphan records BEFORE creating new tables with FK constraints
+            // These records may exist if worktrees/repositories were deleted while FK was disabled
+            db.exec(`
+        DELETE FROM chat_messages WHERE worktree_id NOT IN (SELECT id FROM worktrees);
+      `);
+            db.exec(`
+        DELETE FROM session_states WHERE worktree_id NOT IN (SELECT id FROM worktrees);
+      `);
+            db.exec(`
+        DELETE FROM worktree_memos WHERE worktree_id NOT IN (SELECT id FROM worktrees);
+      `);
+            db.exec(`
+        UPDATE clone_jobs SET repository_id = NULL
+          WHERE repository_id IS NOT NULL AND repository_id NOT IN (SELECT id FROM repositories);
+      `);
+            // Create scheduled_executions table
+            db.exec(`
+        CREATE TABLE scheduled_executions (
+          id TEXT PRIMARY KEY,
+          worktree_id TEXT NOT NULL,
+          cli_tool_id TEXT DEFAULT 'claude',
+          name TEXT NOT NULL,
+          message TEXT NOT NULL,
+          cron_expression TEXT,
+          enabled INTEGER DEFAULT 1,
+          last_executed_at INTEGER,
+          next_execute_at INTEGER,
+          created_at INTEGER NOT NULL,
+          updated_at INTEGER NOT NULL,
+          UNIQUE(worktree_id, name),
+          FOREIGN KEY (worktree_id) REFERENCES worktrees(id) ON DELETE CASCADE
+        );
+      `);
+            // Create index on worktree_id for scheduled_executions
+            db.exec(`
+        CREATE INDEX idx_scheduled_executions_worktree
+          ON scheduled_executions(worktree_id);
+      `);
+            // Create index on enabled for filtering active schedules
+            db.exec(`
+        CREATE INDEX idx_scheduled_executions_enabled
+          ON scheduled_executions(enabled);
+      `);
+            // Create execution_logs table
+            db.exec(`
+        CREATE TABLE execution_logs (
+          id TEXT PRIMARY KEY,
+          schedule_id TEXT NOT NULL,
+          worktree_id TEXT NOT NULL,
+          message TEXT NOT NULL,
+          result TEXT,
+          exit_code INTEGER,
+          status TEXT DEFAULT 'running' CHECK(status IN ('running', 'completed', 'failed', 'timeout', 'cancelled')),
+          started_at INTEGER NOT NULL,
+          completed_at INTEGER,
+          created_at INTEGER NOT NULL,
+          FOREIGN KEY (schedule_id) REFERENCES scheduled_executions(id) ON DELETE CASCADE,
+          FOREIGN KEY (worktree_id) REFERENCES worktrees(id) ON DELETE CASCADE
+        );
+      `);
+            // Create indexes for execution_logs
+            db.exec(`
+        CREATE INDEX idx_execution_logs_schedule
+          ON execution_logs(schedule_id);
+      `);
+            db.exec(`
+        CREATE INDEX idx_execution_logs_worktree
+          ON execution_logs(worktree_id);
+      `);
+            db.exec(`
+        CREATE INDEX idx_execution_logs_status
+          ON execution_logs(status);
+      `);
+            console.log('✓ Cleaned up orphan records');
+            console.log('✓ Created scheduled_executions table');
+            console.log('✓ Created execution_logs table');
+            console.log('✓ Created indexes for schedule tables');
+        },
+        down: (db) => {
+            db.exec('DROP INDEX IF EXISTS idx_execution_logs_status');
+            db.exec('DROP INDEX IF EXISTS idx_execution_logs_worktree');
+            db.exec('DROP INDEX IF EXISTS idx_execution_logs_schedule');
+            db.exec('DROP TABLE IF EXISTS execution_logs');
+            db.exec('DROP INDEX IF EXISTS idx_scheduled_executions_enabled');
+            db.exec('DROP INDEX IF EXISTS idx_scheduled_executions_worktree');
+            db.exec('DROP TABLE IF EXISTS scheduled_executions');
+            console.log('✓ Dropped scheduled_executions and execution_logs tables');
+        }
+    },
+    {
+        version: 18,
+        name: 'add-selected-agents-column',
+        up: (db) => {
+            // Issue #368: Add selected_agents column for agent selection persistence
+            // NOTE (R1-010): The literal values 'claude', 'codex' in the SQL CASE below
+            // are fixed at migration time and do NOT sync with TypeScript CLI_TOOL_IDS.
+            // Changes to CLI_TOOL_IDS will not retroactively affect already-migrated data.
+            // Migration tests cover all CLIToolType values to catch sync issues.
+            // Step 1: Add column
+            db.exec(`
+        ALTER TABLE worktrees ADD COLUMN selected_agents TEXT;
+      `);
+            // Step 2: Initialize existing data based on cli_tool_id
+            // - If cli_tool_id is 'claude' or 'codex' -> default ["claude","codex"]
+            // - Otherwise (e.g. 'gemini', 'vibe-local') -> [cli_tool_id, "claude"]
+            db.exec(`
+        UPDATE worktrees SET selected_agents =
+          CASE
+            WHEN cli_tool_id NOT IN ('claude', 'codex')
+            THEN json_array(cli_tool_id, 'claude')
+            ELSE '["claude","codex"]'
+          END;
+      `);
+            console.log('✓ Added selected_agents column to worktrees table');
+            console.log('✓ Initialized selected_agents based on cli_tool_id');
+        },
+        down: () => {
+            // selected_agents is a nullable TEXT column; dropping it requires table recreation
+            // which is disproportionate for a rollback. The column is harmless if unused.
+            console.log('No rollback for selected_agents column (SQLite limitation)');
+        }
+    },
+    {
+        version: 19,
+        name: 'add-vibe-local-model-column',
+        up: (db) => {
+            // Issue #368: Add vibe_local_model column for Ollama model selection
+            // NULL means use the default model (vibe-local decides)
+            db.exec(`
+        ALTER TABLE worktrees ADD COLUMN vibe_local_model TEXT DEFAULT NULL;
+      `);
+            console.log('✓ Added vibe_local_model column to worktrees table');
+        },
+        down: () => {
+            // vibe_local_model is a nullable TEXT column; harmless if unused
+            console.log('No rollback for vibe_local_model column (SQLite limitation)');
+        }
     }
 ];
 /**
@@ -904,7 +1047,7 @@ function validateSchema(db) {
       ORDER BY name
     `).all();
         const tableNames = tables.map(t => t.name);
-        const requiredTables = ['worktrees', 'chat_messages', 'session_states', 'schema_version', 'worktree_memos', 'external_apps', 'repositories', 'clone_jobs'];
+        const requiredTables = ['worktrees', 'chat_messages', 'session_states', 'schema_version', 'worktree_memos', 'external_apps', 'repositories', 'clone_jobs', 'scheduled_executions', 'execution_logs'];
         const missingTables = requiredTables.filter(t => !tableNames.includes(t));
         if (missingTables.length > 0) {
             console.error('Missing required tables:', missingTables.join(', '));