groove-dev 0.27.77 → 0.27.78

package/moe-training/test/shared/envelope-schema.test.js

@@ -0,0 +1,351 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+import { validateEnvelope, STEP_TYPES } from '../../shared/envelope-schema.js';
+
+const VALID_HMAC = 'a'.repeat(64);
+const VALID_APP_HASH = 'b'.repeat(64);
+const VALID_CONTRIBUTOR = 'c'.repeat(32);
+
+function validEnvelope() {
+  return {
+    envelope_id: 'env_test-123',
+    session_id: 'sess_test-456',
+    chunk_sequence: 0,
+    contributor_id: VALID_CONTRIBUTOR,
+    attestation: { session_hmac: VALID_HMAC, sequence: 0, app_version_hash: VALID_APP_HASH },
+    metadata: {
+      model_engine: 'claude-opus-4-6',
+      provider: 'claude-code',
+      agent_role: 'backend',
+      agent_id: 'backend-1',
+      task_complexity: 'medium',
+      team_size: 2,
+      groove_version: '0.27.0',
+    },
+    trajectory_log: [
+      { step: 1, type: 'thought', timestamp: Date.now() / 1000, content: 'thinking...', token_count: 10 },
+      { step: 2, type: 'action', timestamp: Date.now() / 1000, tool: 'Read', content: 'reading file' },
+    ],
+  };
+}
+
+describe('envelope-schema', () => {
+  it('valid envelope passes validation', () => {
+    const result = validateEnvelope(validEnvelope());
+    assert.equal(result.valid, true);
+    assert.equal(result.errors.length, 0);
+  });
+
+  it('null envelope fails', () => {
+    const result = validateEnvelope(null);
+    assert.equal(result.valid, false);
+  });
+
+  it('missing session_id fails', () => {
+    const env = validEnvelope();
+    delete env.session_id;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('missing metadata.provider fails', () => {
+    const env = validEnvelope();
+    delete env.metadata.provider;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some((e) => e.includes('provider')));
+  });
+
+  it('invalid step type fails', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].type = 'invalid_type';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some((e) => e.includes('invalid_type')));
+  });
+
+  it('missing step number fails', () => {
+    const env = validEnvelope();
+    delete env.trajectory_log[0].step;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('missing timestamp fails', () => {
+    const env = validEnvelope();
+    delete env.trajectory_log[0].timestamp;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('all STEP_TYPES are valid', () => {
+    for (const type of STEP_TYPES) {
+      const env = validEnvelope();
+      env.trajectory_log = [{ step: 1, type, timestamp: Date.now() / 1000 }];
+      const result = validateEnvelope(env);
+      assert.equal(result.valid, true, `Type "${type}" should be valid`);
+    }
+  });
+
+  // --- New security tests ---
+
+  it('rejects trajectory_log with > 500 steps', () => {
+    const env = validEnvelope();
+    env.trajectory_log = Array.from({ length: 501 }, (_, i) => ({
+      step: i, type: 'thought', timestamp: Date.now() / 1000,
+    }));
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('500')));
+  });
+
+  it('rejects step with content > 10KB', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].content = 'x'.repeat(10_001);
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('10000')));
+  });
+
+  it('rejects step with token_count > 100,000', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].token_count = 100_001;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('token_count')));
+  });
+
+  it('rejects step with negative token_count', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].token_count = -1;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('token_count')));
+  });
+
+  it('rejects step with step number > 50,000', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].step = 50_001;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('rejects step with negative step number', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].step = -1;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('rejects invalid provider', () => {
+    const env = validEnvelope();
+    env.metadata.provider = 'fake-provider';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('provider')));
+  });
+
+  it('rejects invalid model_engine', () => {
+    const env = validEnvelope();
+    env.metadata.model_engine = 'gpt-5-turbo';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('model_engine')));
+  });
+
+  it('rejects contributor_id that is not 32-char hex', () => {
+    const env = validEnvelope();
+    env.contributor_id = 'user_abc';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('contributor_id')));
+  });
+
+  it('rejects contributor_id with uppercase hex', () => {
+    const env = validEnvelope();
+    env.contributor_id = 'A'.repeat(32);
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('contributor_id')));
+  });
+
+  it('rejects attestation.session_hmac that is not 64-char hex', () => {
+    const env = validEnvelope();
+    env.attestation.session_hmac = 'abc';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('session_hmac')));
+  });
+
+  it('rejects attestation.app_version_hash that is not 64-char hex', () => {
+    const env = validEnvelope();
+    env.attestation.app_version_hash = 'def';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('app_version_hash')));
+  });
+
+  it('rejects future timestamps beyond 1 hour', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].timestamp = (Date.now() + 2 * 60 * 60 * 1000) / 1000;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('Timestamp out of range')));
+  });
+
+  it('rejects timestamps older than 7 days', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].timestamp = (Date.now() - 8 * 24 * 60 * 60 * 1000) / 1000;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('Timestamp out of range')));
+  });
+
+  it('rejects team_size outside 1-50', () => {
+    const env = validEnvelope();
+    env.metadata.team_size = 0;
+    let result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+
+    env.metadata.team_size = 51;
+    result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+  });
+
+  it('rejects invalid task_complexity', () => {
+    const env = validEnvelope();
+    env.metadata.task_complexity = 'extreme';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('task_complexity')));
+  });
+
+  it('accepts absent optional metadata fields', () => {
+    const env = validEnvelope();
+    delete env.metadata.team_size;
+    delete env.metadata.task_complexity;
+    delete env.metadata.groove_version;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, true);
+  });
+
+  it('valid SESSION_CLOSE passes', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 5, app_version_hash: VALID_APP_HASH },
+      outcome: {
+        status: 'SUCCESS',
+        user_interventions: 1,
+        total_steps: 100,
+        total_chunks: 2,
+        total_tokens: 5000,
+        duration_seconds: 300,
+        files_modified: 3,
+        errors_encountered: 1,
+        errors_recovered: 1,
+        coordination_events: 0,
+      },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, true);
+  });
+
+  it('SESSION_CLOSE missing outcome fails', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 5, app_version_hash: VALID_APP_HASH },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some((e) => e.includes('outcome')));
+  });
+
+  it('SESSION_CLOSE missing status fails', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 0, app_version_hash: VALID_APP_HASH },
+      outcome: { total_steps: 10, total_chunks: 1 },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some((e) => e.includes('status')));
+  });
+
+  it('SESSION_CLOSE rejects invalid outcome status', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 0, app_version_hash: VALID_APP_HASH },
+      outcome: { status: 'TIMEOUT', total_steps: 10, total_chunks: 1 },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('status')));
+  });
+
+  it('SESSION_CLOSE rejects negative outcome numerics', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 0, app_version_hash: VALID_APP_HASH },
+      outcome: { status: 'SUCCESS', total_steps: 10, total_chunks: 1, user_interventions: -5 },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('user_interventions')));
+  });
+
+  it('SESSION_CLOSE rejects outcome numerics > 50,000', () => {
+    const close = {
+      envelope_id: 'env_close-1',
+      session_id: 'sess_test-1',
+      type: 'SESSION_CLOSE',
+      attestation: { session_hmac: VALID_HMAC, sequence: 0, app_version_hash: VALID_APP_HASH },
+      outcome: { status: 'SUCCESS', total_steps: 50_001, total_chunks: 1 },
+    };
+    const result = validateEnvelope(close);
+    assert.equal(result.valid, false);
+  });
+
+  it('rejects token_count = 999999', () => {
+    const env = validEnvelope();
+    env.trajectory_log[0].token_count = 999_999;
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('token_count')));
+  });
+
+  it('rejects SQL injection in contributor_id', () => {
+    const env = validEnvelope();
+    env.contributor_id = "'; DROP TABLE balances; --";
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('contributor_id')));
+  });
+
+  it('rejects attestation.session_hmac = giant string', () => {
+    const env = validEnvelope();
+    env.attestation.session_hmac = 'x'.repeat(1_000_000);
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('session_hmac')));
+  });
+
+  it('rejects empty attestation.session_hmac', () => {
+    const env = validEnvelope();
+    env.attestation.session_hmac = '';
+    const result = validateEnvelope(env);
+    assert.equal(result.valid, false);
+    assert.ok(result.errors.some(e => e.includes('session_hmac')));
+  });
+});

package/node_modules/@groove-dev/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@groove-dev/cli",
-  "version": "0.27.77",
+  "version": "0.27.78",
   "description": "GROOVE CLI — manage AI coding agents from your terminal",
   "license": "FSL-1.1-Apache-2.0",
   "type": "module",

package/node_modules/@groove-dev/daemon/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@groove-dev/daemon",
-  "version": "0.27.77",
+  "version": "0.27.78",
   "description": "GROOVE daemon — agent orchestration engine",
   "license": "FSL-1.1-Apache-2.0",
   "type": "module",

package/node_modules/@groove-dev/daemon/src/agent-loop.js

@@ -6,6 +6,8 @@
 // existing GROOVE orchestration (rotation, journalist, token tracking, routing).
 
 import { EventEmitter } from 'events';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from 'fs';
+import { resolve, dirname } from 'path';
 import { TOOL_DEFINITIONS, ToolExecutor } from './tool-executor.js';
 
 export class AgentLoop extends EventEmitter {
@@ -36,11 +38,19 @@ export class AgentLoop extends EventEmitter {
       agent.id,
     );
 
-    // Initialize system prompt
-    this.messages.push({
-      role: 'system',
-      content: this._buildSystemPrompt(),
-    });
+    // Session persistence
+    this.sessionPath = resolve(daemon.grooveDir, 'sessions', `${agent.id}.json`);
+
+    // Load existing session or initialize with system prompt
+    const savedMessages = AgentLoop.loadSession(this.sessionPath);
+    if (savedMessages && savedMessages.length > 0) {
+      this.messages = savedMessages;
+    } else {
+      this.messages.push({
+        role: 'system',
+        content: this._buildSystemPrompt(),
+      });
+    }
   }
 
   // --- Lifecycle ---
@@ -68,6 +78,7 @@ export class AgentLoop extends EventEmitter {
       this.emit('error', { message: err.message });
     }
 
+    this._saveSession();
     this.idle = true;
   }
 
@@ -444,4 +455,36 @@ export class AgentLoop extends EventEmitter {
       uptime: Date.now() - this.startedAt,
     };
   }
+
+  // --- Session Persistence ---
+
+  _saveSession() {
+    try {
+      mkdirSync(dirname(this.sessionPath), { recursive: true });
+      let toSave = this.messages;
+      if (toSave.length > 201) {
+        const hasSystem = toSave[0]?.role === 'system';
+        toSave = hasSystem
+          ? [toSave[0], ...toSave.slice(-200)]
+          : toSave.slice(-200);
+      }
+      writeFileSync(this.sessionPath, JSON.stringify(toSave), { mode: 0o600 });
+    } catch { /* non-fatal */ }
+  }
+
+  static loadSession(sessionPath) {
+    try {
+      if (!existsSync(sessionPath)) return null;
+      const data = readFileSync(sessionPath, 'utf8');
+      const messages = JSON.parse(data);
+      if (Array.isArray(messages) && messages.length > 0) return messages;
+    } catch { /* corrupted session */ }
+    return null;
+  }
+
+  clearSession() {
+    try {
+      if (existsSync(this.sessionPath)) unlinkSync(this.sessionPath);
+    } catch { /* non-fatal */ }
+  }
 }

package/node_modules/@groove-dev/daemon/src/api.js

@@ -15,6 +15,7 @@ import { listProviders, getProvider, clearInstallCache, getProviderMetadata, get
 import { OllamaProvider } from './providers/ollama.js';
 import { ClaudeCodeProvider } from './providers/claude-code.js';
 import { supportsSignalFlag, compareSemver, parseSemver } from './providers/groove-network.js';
+import { ConsentManager } from '../../../moe-training/client/index.js';
 import { validateAgentConfig } from './validate.js';
 import { ROLE_INTEGRATIONS, wrapWithRoleReminder } from './process.js';
 
@@ -4402,6 +4403,81 @@ Keep responses concise. Help them think, don't lecture them about the system the
     res.json({ ok: true });
   });
 
+  // --- Training Data ---
+
+  app.get('/api/training/status', (req, res) => {
+    let userId = null;
+    try { userId = ConsentManager.isCaptureEnabled() ? ConsentManager.getOrCreateUserId() : null; } catch (e) { /* no db yet */ }
+    res.json({
+      optedIn: !!daemon.config.training_opt_in,
+      userId: userId ? userId.substring(0, 8) + '...' : null,
+      captureActive: !!daemon.trajectoryCapture,
+      sessionsCaptured: daemon.state.get('training_sessions_captured') || 0,
+      envelopesSent: daemon.state.get('training_envelopes_sent') || 0,
+    });
+  });
+
+  app.post('/api/training/opt-in', async (req, res) => {
+    const { enabled } = req.body;
+    if (typeof enabled !== 'boolean') return res.status(400).json({ error: 'enabled must be boolean' });
+
+    daemon.config.training_opt_in = enabled;
+    const { saveConfig } = await import('./firstrun.js');
+    saveConfig(daemon.grooveDir, daemon.config);
+
+    if (enabled) {
+      const userId = ConsentManager.getOrCreateUserId();
+      const consent = new ConsentManager();
+      try {
+        consent.recordConsent(userId, true, '1.0');
+      } finally {
+        consent.close();
+      }
+      await daemon._initTrajectoryCapture();
+      daemon.state.set('training_enrolled_at', new Date().toISOString());
+    } else {
+      if (daemon.trajectoryCapture) {
+        try { await daemon.trajectoryCapture.shutdown(); } catch (e) { /* */ }
+        daemon.trajectoryCapture = null;
+      }
+      try {
+        const userId = ConsentManager.getOrCreateUserId();
+        const consent = new ConsentManager();
+        try {
+          consent.revokeConsent(userId);
+        } finally {
+          consent.close();
+        }
+      } catch (e) { /* no user_id yet */ }
+    }
+
+    daemon.broadcast({ type: 'training:status', data: { optedIn: enabled, captureActive: !!daemon.trajectoryCapture } });
+    if (daemon.audit) daemon.audit.log('training.consent', { opt_in: enabled });
+    res.json({ ok: true, optedIn: enabled });
+  });
+
+  app.post('/api/training/opt-in/delete', async (req, res) => {
+    try {
+      daemon.config.training_opt_in = false;
+      const { saveConfig } = await import('./firstrun.js');
+      saveConfig(daemon.grooveDir, daemon.config);
+      if (daemon.trajectoryCapture) {
+        try { await daemon.trajectoryCapture.shutdown(); } catch (e) { /* */ }
+        daemon.trajectoryCapture = null;
+      }
+      try {
+        const userId = ConsentManager.getOrCreateUserId();
+        const consent = new ConsentManager();
+        try { consent.revokeConsent(userId); } finally { consent.close(); }
+      } catch (e) { /* */ }
+      daemon.broadcast({ type: 'training:status', data: { optedIn: false, captureActive: false } });
+      if (daemon.audit) daemon.audit.log('training.delete', {});
+      res.json({ ok: true, deleted: true });
+    } catch (e) {
+      res.status(500).json({ error: 'Failed to delete data' });
+    }
+  });
+
   // --- Config ---
 
   app.get('/api/config', (req, res) => {
@@ -4419,6 +4495,7 @@ Keep responses concise. Help them think, don't lecture them about the system the
       'port', 'journalistInterval', 'rotationThreshold', 'autoRotation',
       'qcThreshold', 'maxAgents', 'defaultProvider', 'defaultWorkingDir',
       'onboardingDismissed', 'defaultModel', 'defaultChatProvider', 'defaultChatModel',
+      'training_opt_in',
     ];
     for (const key of Object.keys(req.body)) {
       if (!ALLOWED_KEYS.includes(key)) {

package/node_modules/@groove-dev/daemon/src/index.js

@@ -43,6 +43,7 @@ import { LlamaServerManager } from './llama-server.js';
 import { RepoImporter } from './repo-import.js';
 import { ConversationManager } from './conversations.js';
 import { Toys } from './toys.js';
+import { TrajectoryCapture, ConsentManager } from '../../../moe-training/client/index.js';
 import { isFirstRun, runFirstTimeSetup, loadConfig, saveConfig, printWelcome } from './firstrun.js';
 import { bindDaemon as bindGrooveNetworkDaemon } from './providers/groove-network.js';
 import { setProviderPaths } from './providers/index.js';
@@ -151,6 +152,17 @@ export class Daemon {
     this.tunnelManager = new TunnelManager(this);
     this.repoImporter = new RepoImporter(this);
     this.toys = new Toys(this);
+    this.trajectoryCapture = null;
+
+    // Hook teams.delete to clean up agent-loop session files
+    const originalTeamDelete = this.teams.delete.bind(this.teams);
+    this.teams.delete = (id) => {
+      const agents = this.registry.getAll().filter(a => a.teamId === id);
+      const agentIds = agents.map(a => a.id);
+      const result = originalTeamDelete(id);
+      if (agentIds.length > 0) this.state.cleanupSessions(agentIds);
+      return result;
+    };
 
     // Subscription state (populated by Electron IPC or direct auth)
     this.authToken = null;
@@ -390,6 +402,20 @@ export class Daemon {
         client.send(payload);
       }
     }
+    if (this.trajectoryCapture && message.type) {
+      try {
+        if (['approval:request', 'approval:resolved', 'conflict:detected', 'qc:activated'].includes(message.type)) {
+          const agentId = message.data?.agentId || message.agentId;
+          if (agentId) {
+            this.trajectoryCapture.onCoordinationEvent(agentId, {
+              type: message.type,
+              data: message.data,
+              timestamp: Date.now(),
+            });
+          }
+        }
+      } catch (e) { /* fail silent */ }
+    }
   }
 
   async setAuthToken(token) {
@@ -527,6 +553,17 @@ export class Daemon {
     const purged = this.locks.purgeOrphans(runningIds);
     if (purged > 0) console.log(`  Purged ${purged} orphaned lock(s) from previous session`);
 
+    // Mark agents with saved agent-loop sessions as resumable
+    const resumableIds = new Set(this.state.getResumableSessions());
+    if (resumableIds.size > 0) {
+      for (const agent of this.registry.getAll()) {
+        if (resumableIds.has(agent.id) && (agent.status === 'running' || agent.status === 'idle' || agent.status === 'completed')) {
+          this.registry.update(agent.id, { status: 'completed', hasSession: true, pid: null });
+        }
+      }
+      console.log(`  ${resumableIds.size} agent-loop session(s) marked as resumable`);
+    }
+
     // Migrate old agents without teamId to default team
     this.teams.migrateAgents();
 
@@ -542,6 +579,7 @@ export class Daemon {
         printWelcome(this.port, this.host, this._firstRun);
 
         // Start background services
+        this._initTrajectoryCapture().catch(() => {});
         this.journalist.start();
         this.rotator.start();
         this.scheduler.start();
@@ -627,6 +665,23 @@ export class Daemon {
     });
   }
 
+  async _initTrajectoryCapture() {
+    if (!this.config.training_opt_in) return;
+    try {
+      if (ConsentManager.isCaptureEnabled()) {
+        const pkgPath = new URL('../package.json', import.meta.url);
+        const version = JSON.parse(readFileSync(pkgPath, 'utf8')).version;
+        this.trajectoryCapture = new TrajectoryCapture({
+          centralCommandUrl: process.env.GROOVE_CENTRAL_URL || 'https://api.groovedev.ai',
+          grooveVersion: version,
+        });
+        this.trajectoryCapture.init();
+      }
+    } catch (e) {
+      // Training capture is never critical
+    }
+  }
+
   _startGarbageCollector() {
     // Run once on startup, then every 24 hours
     this._gc();
@@ -737,6 +792,12 @@ export class Daemon {
     // Disconnect all SSH tunnels
     this.tunnelManager.shutdown();
 
+    // Shut down training capture
+    if (this.trajectoryCapture) {
+      try { await this.trajectoryCapture.shutdown(); } catch (e) { /* fail silent */ }
+      this.trajectoryCapture = null;
+    }
+
     // Kill all agent processes, stop MCP servers, and stop inference servers
     await this.processes.killAll();
     if (this.preview) await this.preview.killAll();