npm - pi-crew - Versions diffs - 0.2.20 → 0.2.22 - Mend

pi-crew 0.2.20 → 0.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

package/CHANGELOG.md +23 -10
package/README.md +4 -2
package/docs/PROJECT_REVIEW.md +271 -0
package/docs/PROJECT_REVIEW_FIXES.md +343 -0
package/docs/PROJECT_REVIEW_ROUND4.md +156 -0
package/docs/PROJECT_REVIEW_ROUND5.md +86 -0
package/docs/fixes/BATCH_A_H1_H2.md +86 -0
package/docs/fixes/bug-006-foreground-cancel-concurrent.md +78 -0
package/docs/fixes/bug-007-async-notifier-stale-ctx.md +112 -0
package/docs/fixes/bug-008-child-process-silent-timeout.md +100 -0
package/docs/fixes/bug-009-executor-yield-limit-needs-attention.md +75 -0
package/docs/fixes/bug-010-child-process-api-key-filtered.md +109 -0
package/docs/fixes/bug-011-spawn-pi-enoent.md +92 -0
package/docs/fixes/bug-012-essential-env-stripped.md +89 -0
package/docs/fixes/bug-013-background-runner-death.md +84 -0
package/docs/fixes/bug-014-infinite-retry-loop-needs-attention.md +82 -0
package/docs/fixes/bug-015-background-runner-sigterm.md +65 -0
package/docs/fixes/bug-017-background-runner-session-shutdown.md +66 -0
package/docs/fixes/bug-017-background-runner-sigkill-double-fork.md +28 -0
package/docs/fixes/bug-018-child-pi-worker-stdin-hang.md +61 -0
package/docs/fixes/bug-019-phantom-runs-temp-workspace.md +52 -0
package/docs/pi-crew-bugs.md +954 -0
package/docs/pi-crew-investigation-report.md +411 -0
package/docs/pi-crew-test-final.md +120 -0
package/docs/pi-crew-test-results.md +260 -0
package/docs/pi-crew-test-round2.md +136 -0
package/docs/pi-crew-test-round4.md +100 -0
package/docs/pi-crew-test-round5.md +70 -0
package/docs/pi-crew-test-round6.md +110 -0
package/docs/usage.md +14 -0
package/package.json +4 -2
package/src/adapters/export-util.ts +12 -6
package/src/agents/agent-config.ts +2 -0
package/src/config/defaults.ts +1 -1
package/src/config/markers.ts +22 -17
package/src/config/resilient-parser.ts +1 -1
package/src/extension/async-notifier.ts +4 -2
package/src/extension/management.ts +52 -0
package/src/extension/register.ts +47 -10
package/src/extension/run-index.ts +20 -2
package/src/extension/run-maintenance.ts +2 -2
package/src/extension/team-tool/parallel-dispatch.ts +1 -1
package/src/extension/team-tool/run.ts +3 -6
package/src/extension/team-tool.ts +67 -11
package/src/observability/event-to-metric.ts +2 -1
package/src/runtime/async-runner.ts +42 -34
package/src/runtime/background-runner.ts +165 -7
package/src/runtime/child-pi.ts +111 -18
package/src/runtime/code-summary.ts +1 -1
package/src/runtime/crash-recovery.ts +1 -1
package/src/runtime/crew-agent-runtime.ts +2 -1
package/src/runtime/heartbeat-watcher.ts +4 -0
package/src/runtime/live-agent-manager.ts +1 -1
package/src/runtime/live-session-runtime.ts +2 -1
package/src/runtime/manifest-cache.ts +2 -2
package/src/runtime/model-fallback.ts +2 -1
package/src/runtime/phase-progress.ts +1 -1
package/src/runtime/pi-args.ts +3 -1
package/src/runtime/pi-spawn.ts +6 -0
package/src/runtime/prose-compressor.ts +1 -1
package/src/runtime/result-extractor.ts +0 -1
package/src/runtime/retry-executor.ts +1 -1
package/src/runtime/runtime-resolver.ts +8 -3
package/src/runtime/skill-instructions.ts +0 -1
package/src/runtime/stale-reconciler.ts +30 -3
package/src/runtime/subagent-manager.ts +2 -0
package/src/runtime/task-display.ts +1 -1
package/src/runtime/task-graph-scheduler.ts +1 -1
package/src/runtime/task-runner/live-executor.ts +15 -0
package/src/runtime/task-runner/tail-read.ts +26 -0
package/src/runtime/task-runner.ts +1007 -383
package/src/runtime/team-runner.ts +9 -5
package/src/runtime/worker-startup.ts +3 -1
package/src/schema/team-tool-schema.ts +2 -1
package/src/state/active-run-registry.ts +8 -2
package/src/state/atomic-write.ts +17 -0
package/src/state/contracts.ts +5 -2
package/src/state/event-log-rotation.ts +118 -31
package/src/state/event-log.ts +33 -5
package/src/state/event-reconstructor.ts +4 -2
package/src/state/mailbox.ts +5 -1
package/src/state/schedule.ts +146 -0
package/src/state/types.ts +40 -0
package/src/state/usage.ts +20 -0
package/src/ui/crew-widget.ts +2 -2
package/src/ui/run-event-bus.ts +1 -1
package/src/ui/run-snapshot-cache.ts +2 -1
package/src/ui/snapshot-types.ts +1 -0
package/src/utils/gh-protocol.ts +2 -2
package/src/utils/names.ts +1 -1
package/src/utils/sse-parser.ts +0 -2
package/src/worktree/branch-freshness.ts +1 -1
package/src/worktree/cleanup.ts +54 -14
package/src/worktree/worktree-manager.ts +19 -9

package/src/runtime/team-runner.ts CHANGED Viewed

@@ -101,7 +101,9 @@ function shouldMergeTaskUpdate(current: TeamTaskState, updated: TeamTaskState):
 	return updated.status !== current.status || updated.finishedAt !== current.finishedAt || updated.startedAt !== current.startedAt || Boolean(updated.resultArtifact) || Boolean(updated.error) || Boolean(updated.modelAttempts?.length) || Boolean(updated.usage) || Boolean(updated.attempts?.length);
 }
-export function __test__mergeTaskUpdates(base: TeamTaskState[], results: Array<{ tasks: TeamTaskState[] }>): TeamTaskState[] {
+// H4 fix: rename to descriptive name. Kept __test__ as alias for backward
+// compat test imports.
+export function mergeTaskUpdatesPreservingTerminal(base: TeamTaskState[], results: Array<{ tasks: TeamTaskState[] }>): TeamTaskState[] {
 	let merged = base;
 	for (const result of results) {
 		for (const updated of result.tasks) {
@@ -112,6 +114,8 @@ export function __test__mergeTaskUpdates(base: TeamTaskState[], results: Array<{
 	}
 	return refreshTaskGraphQueues(merged);
 }
+/** @deprecated Use mergeTaskUpdatesPreservingTerminal. Kept for backward test import compat. */
+export const __test__mergeTaskUpdates = mergeTaskUpdatesPreservingTerminal;
 // 2.8: adaptive-plan parsing/repair/injection moved to src/runtime/adaptive-plan.ts.
 // Re-export the test-only helpers so existing test imports still resolve.
@@ -260,10 +264,10 @@ function dagReadyTaskIds(tasks: TeamTaskState[], completedIds: Set<string>): str
 }
 export async function executeTeamRun(input: ExecuteTeamRunInput): Promise<{ manifest: TeamRunManifest; tasks: TeamTaskState[] }> {
-	let workflow = input.workflow;
+	const workflow = input.workflow;
 	let manifest = updateRunStatus(input.manifest, "running", input.executeWorkers ? "Executing team workflow." : "Creating workflow prompts and placeholder results.");
-	const runPromise = registerRunPromise(manifest.runId);
+	void registerRunPromise(manifest.runId);
 	const cleanupUsage = (): void => {
 		for (const task of input.tasks) clearTrackedTaskUsage(task.id);
@@ -541,10 +545,10 @@ async function executeTeamRunCore(
 		);
 		if (results.length === 0) break;
 		manifest = { ...results.at(-1)!.manifest, artifacts: mergeArtifacts([manifest.artifacts, ...results.map((item) => item.manifest.artifacts)].flat()) };
-		tasks = __test__mergeTaskUpdates(tasks, results);
+		tasks = mergeTaskUpdatesPreservingTerminal(tasks, results);
 		// Advance workflow phases whose tasks are all in terminal state
-		const terminalStatuses = new Set(["completed", "failed", "skipped", "cancelled"]);
+		const terminalStatuses = new Set(["completed", "failed", "skipped", "cancelled", "needs_attention"]);
 		const phaseTaskMap = new Map<string, string[]>();
 		for (const task of tasks) {
 			if (!task.stepId) continue;

package/src/runtime/worker-startup.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export type WorkerLifecycleState = "spawning" | "trust_required" | "ready_for_prompt" | "running" | "finished" | "failed";
-export type StartupFailureClassification = "trust_required" | "prompt_misdelivery" | "prompt_acceptance_timeout" | "transport_dead" | "worker_crashed" | "unknown";
+export type StartupFailureClassification = "trust_required" | "prompt_misdelivery" | "prompt_acceptance_timeout" | "transport_dead" | "worker_crashed" | "rate_limited" | "provider_error" | "unknown";
 export interface WorkerStartupEvidence {
 	lastLifecycleState: WorkerLifecycleState;
@@ -20,6 +20,8 @@ export function detectTrustPrompt(text: string): boolean {
 }
 export function classifyStartupFailure(evidence: Omit<WorkerStartupEvidence, "classification">): StartupFailureClassification {
+	if (evidence.stderrPreview && /429|rate.?limit/i.test(evidence.stderrPreview)) return "rate_limited";
+	if (evidence.stderrPreview && /5\d{2}|server.?error|internal.?error|provider.?error/i.test(evidence.stderrPreview)) return "provider_error";
 	if (!evidence.transportHealthy) return "transport_dead";
 	if (evidence.trustPromptDetected || evidence.lastLifecycleState === "trust_required") return "trust_required";
 	if (evidence.promptSentAt && !evidence.promptAccepted && evidence.childProcessAlive) return "prompt_acceptance_timeout";

package/src/schema/team-tool-schema.ts CHANGED Viewed

@@ -49,6 +49,7 @@ export const TeamToolParams = Type.Object({
 		Type.Literal("autonomy"),
 		Type.Literal("api"),
 		Type.Literal("settings"),
+		Type.Literal("steer"),
 	], { description: "Team action. Defaults to 'list' when omitted." })),
 	resource: Type.Optional(Type.Union([
 		Type.Literal("agent"),
@@ -93,7 +94,7 @@ export const TeamToolParams = Type.Object({
 });
 export interface TeamToolParamsValue {
-	action?: "run" | "parallel" | "plan" | "status" | "list" | "get" | "cancel" | "retry" | "resume" | "respond" | "create" | "update" | "delete" | "doctor" | "cleanup" | "events" | "artifacts" | "worktrees" | "forget" | "summary" | "prune" | "export" | "import" | "imports" | "help" | "validate" | "config" | "init" | "recommend" | "autonomy" | "api" | "settings";
+	action?: "run" | "parallel" | "plan" | "status" | "list" | "get" | "cancel" | "retry" | "resume" | "respond" | "create" | "update" | "delete" | "doctor" | "cleanup" | "events" | "artifacts" | "worktrees" | "forget" | "summary" | "prune" | "export" | "import" | "imports" | "help" | "validate" | "config" | "init" | "recommend" | "autonomy" | "api" | "settings" | "steer";
 	resource?: "agent" | "team" | "workflow";
 	team?: string;
 	workflow?: string;

package/src/state/active-run-registry.ts CHANGED Viewed

@@ -121,7 +121,7 @@ export function readActiveRunRegistry(maxEntries = DEFAULT_CACHE.manifestMaxEntr
 	}
 	const entries = Array.isArray(parsed) ? parsed.map(normalizeEntry).filter((entry): entry is ActiveRunRegistryEntry => entry !== undefined) : [];
 	const byId = new Map<string, ActiveRunRegistryEntry>();
-	for (const entry of entries.sort((a, b) => b.updatedAt.localeCompare(a.updatedAt))) {
+	for (const entry of entries.sort((a, b) => (b.updatedAt ?? "").localeCompare(a.updatedAt ?? ""))) {
 		if (!byId.has(entry.runId)) byId.set(entry.runId, entry);
 	}
 	return [...byId.values()].slice(0, Math.max(0, maxEntries));
@@ -157,12 +157,18 @@ function filterAliveEntries(entries: ActiveRunRegistryEntry[]): ActiveRunRegistr
 			return false;
 		}
 		try {
-			const raw = JSON.parse(fs.readFileSync(entry.manifestPath, "utf-8")) as { status?: string; async?: { pid?: number } };
+			const raw = JSON.parse(fs.readFileSync(entry.manifestPath, "utf-8")) as { status?: string; async?: { pid?: number }; updatedAt?: string };
 			if (TERMINAL_STATUSES.has(raw.status ?? "")) return false;
 			// Dead PID = stale async run
 			if (raw.async?.pid) {
 				try { process.kill(raw.async.pid, 0); } catch { return false; }
 			}
+			// 2.19 — Stale non-async run: live-session/scaffold runs older than 30 min
+			// Without this, test runs that crash/leak would stay in the registry forever.
+			if (!raw.async) {
+				const updatedAt = typeof raw.updatedAt === 'string' ? Date.parse(raw.updatedAt) : NaN;
+				if (Number.isFinite(updatedAt) && Date.now() - updatedAt > 30 * 60 * 1000) return false;
+			}
 		} catch {
 			return false;
 		}

package/src/state/atomic-write.ts CHANGED Viewed

@@ -114,6 +114,23 @@ export function atomicWriteFile(filePath: string, content: string): void {
 		try {
 			renameWithRetry(tempPath, filePath);
 		} catch (renameError) {
+			// H3 fix: re-check symlink safety before fallback.
+			// Between isSymlinkSafePath at top and rename attempt, the file
+			// could have been replaced with a symlink (TOCTOU). Refuse if so.
+			try {
+				const lstat = fs.lstatSync(filePath);
+				if (lstat.isSymbolicLink()) {
+					try { fs.rmSync(tempPath, { force: true }); } catch { /* best-effort */ }
+					throw renameError;
+				}
+			} catch (checkError) {
+				// Only ENOENT / ENOTDIR means the file genuinely doesn't exist — safe to proceed.
+				// Re-throw everything else (EACCES, EPERM, EBUSY, etc.)
+				const code = (checkError as NodeJS.ErrnoException).code;
+				if (code !== "ENOENT" && code !== "ENOTDIR") {
+					throw checkError;
+				}
+			}
 			// Fallback: if rename fails (Windows EPERM/EBUSY), try direct write.
 			// This is less atomic but avoids data loss when concurrent writers contend.
 			try {

package/src/state/contracts.ts CHANGED Viewed

@@ -1,11 +1,11 @@
 export const TEAM_RUN_STATUSES = ["queued", "planning", "running", "blocked", "completed", "failed", "cancelled"] as const;
 export type TeamRunStatus = typeof TEAM_RUN_STATUSES[number];
-export const TEAM_TASK_STATUSES = ["queued", "running", "waiting", "completed", "failed", "cancelled", "skipped"] as const;
+export const TEAM_TASK_STATUSES = ["queued", "running", "waiting", "completed", "failed", "cancelled", "skipped", "needs_attention"] as const;
 export type TeamTaskStatus = typeof TEAM_TASK_STATUSES[number];
 export const TEAM_TERMINAL_RUN_STATUSES: ReadonlySet<TeamRunStatus> = new Set(["blocked", "completed", "failed", "cancelled"]);
-export const TEAM_TERMINAL_TASK_STATUSES: ReadonlySet<TeamTaskStatus> = new Set(["completed", "failed", "cancelled", "skipped"]);
+export const TEAM_TERMINAL_TASK_STATUSES: ReadonlySet<TeamTaskStatus> = new Set(["completed", "failed", "cancelled", "skipped", "needs_attention"]);
 export const TEAM_RUN_STATUS_TRANSITIONS: Readonly<Record<TeamRunStatus, readonly TeamRunStatus[]>> = {
 	queued: ["planning", "running", "cancelled", "failed"],
@@ -25,6 +25,7 @@ export const TEAM_TASK_STATUS_TRANSITIONS: Readonly<Record<TeamTaskStatus, reado
 	failed: ["queued", "cancelled"],
 	cancelled: ["queued"],
 	skipped: ["queued", "cancelled"],
+	needs_attention: ["queued", "running"],
 };
 export const TEAM_EVENT_TYPES = [
@@ -46,6 +47,7 @@ export const TEAM_EVENT_TYPES = [
 	"task.failed",
 	"task.cancelled",
 	"task.skipped",
+	"task.needs_attention",
 	"review.approved",
 	"review.rejected",
 	"policy.action",
@@ -77,6 +79,7 @@ export const TEAM_WAKEABLE_EVENT_TYPES: ReadonlySet<TeamEventType> = new Set([
 	"task.failed",
 	"task.cancelled",
 	"task.skipped",
+	"task.needs_attention",
 	"async.completed",
 	"async.failed",
 	"async.stale",

package/src/state/event-log-rotation.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import * as fs from "node:fs";
 import { readEvents } from "./event-log.ts";
 import { atomicWriteFile } from "./atomic-write.ts";
+import { logInternalError } from "../utils/internal-error.ts";
 export interface RotationConfig {
 	maxFileSizeBytes: number;
@@ -77,24 +78,40 @@ export function compactEventLog(eventsPath: string, config?: Partial<RotationCon
 		// Concurrent write conflict — skip compaction this cycle
 		return undefined;
 	}
-	// C2: Re-read to recover any events appended between readEvents and atomicWriteFile
+	// C2: Re-read to recover any events appended during the compaction window.
+	// If events were appended and then overwritten by atomicWriteFile, they are LOST.
+	// Detect this and re-append any missing events.
 	try {
 		const afterWrite = readEvents(eventsPath);
-		if (afterWrite.length > kept.length) {
-			// Events were appended during the window — they're already in the file,
-			// no data loss occurred since atomicWriteFile preserves appends after its write point
-		}
 		const appendedDuringWindow = afterWrite.length - kept.length;
-		const eventsKept = kept.length + Math.max(0, appendedDuringWindow);
-		const compactedSize = fs.statSync(eventsPath).size;
-		return {
+		if (appendedDuringWindow >= 0) {
+			// No data loss — either events were appended and kept, or nothing happened.
+			return {
 				originalSize,
-				compactedSize,
-				eventsRemoved: originalCount + Math.max(0, appendedDuringWindow) - eventsKept,
-				eventsKept,
+				compactedSize: fs.statSync(eventsPath).size,
+				eventsRemoved: originalCount - kept.length,
+				eventsKept: kept.length + Math.max(0, appendedDuringWindow),
 			};
+		}
+		// afterWrite.length < kept.length — events were lost during compaction window.
+		// Find missing events and re-append them.
+		const afterSet = new Set(afterWrite.map((e) => JSON.stringify(e)));
+		const missingEvents = kept.filter((e) => !afterSet.has(JSON.stringify(e)));
+		for (const event of missingEvents) {
+			try {
+				fs.appendFileSync(eventsPath, JSON.stringify(event) + "\n", "utf-8");
+			} catch {
+				// Append failed — log but don't throw.
+			}
+		}
+		return {
+			originalSize,
+			compactedSize: fs.statSync(eventsPath).size,
+			eventsRemoved: originalCount - kept.length,
+			eventsKept: kept.length,
+		};
 	} catch {
-		// Post-write verification failed; compaction likely succeeded
+		// Post-write verification failed — compaction likely succeeded.
 		const compactedSize = fs.statSync(eventsPath).size;
 		return {
 			originalSize,
@@ -105,6 +122,27 @@ export function compactEventLog(eventsPath: string, config?: Partial<RotationCon
 	}
 }
+/**
+ * Rotate an event log file by archiving it with a timestamp.
+ * The current file is renamed to `<eventsPath>.<timestamp>.archive.jsonl`
+ * and a fresh empty file is created in its place.
+ * Readers using `readEvents` will see the new file; archived files can be
+ * picked up by snapshot replay if needed.
+ */
+export function rotateEventLog(eventsPath: string): boolean {
+	if (!fs.existsSync(eventsPath)) return false;
+	try {
+		const ts = new Date().toISOString().replace(/[:.]/g, "-");
+		const archivePath = `${eventsPath}.${ts}.archive.jsonl`;
+		fs.renameSync(eventsPath, archivePath);
+		fs.writeFileSync(eventsPath, "", "utf-8");
+		return true;
+	} catch (error) {
+		logInternalError("event-log.rotate", error, `eventsPath=${eventsPath}`);
+		return false;
+	}
+}
 export interface EventLogStats {
 	fileSizeBytes: number;
 	eventCount: number;
@@ -125,29 +163,77 @@ export function getEventLogStats(eventsPath: string): EventLogStats | undefined
 			return { fileSizeBytes: 0, eventCount: 0 };
 		}
-		// Count lines efficiently using readline-like scan
-		const content = fs.readFileSync(eventsPath, "utf-8");
-		const eventCount = content.split("\n").filter(Boolean).length;
-		// Read first line for oldest timestamp
-		let oldestTimestamp: string | undefined;
-		try {
-			const firstNewline = content.indexOf("\n");
-			const firstLine = firstNewline === -1 ? content : content.slice(0, firstNewline);
-			if (firstLine.trim()) {
-				oldestTimestamp = (JSON.parse(firstLine) as { time: string }).time;
+		// NEW-9 fix: stream-scan for line count (no full-file load).
+		// Read last up-to-1KB for newest timestamp.
+		let newestTimestamp: string | undefined;
+		let lastLine = "";
+		const tailSize = Math.min(fileSizeBytes, 1024);
+		{
+			const tailBuf = Buffer.alloc(tailSize);
+			const fd = fs.openSync(eventsPath, "r");
+			try {
+				fs.readSync(fd, tailBuf, 0, tailSize, fileSizeBytes - tailSize);
+			} finally {
+				fs.closeSync(fd);
 			}
-		} catch { /* corrupt head */ }
+			const tailStr = tailBuf.toString("utf-8");
+			// JSONL files end with "\n", so the last newline bounds an empty string.
+			// Walk backwards to find the last non-empty line.
+			let searchFrom = tailStr.length;
+			for (;;) {
+				const nl = tailStr.lastIndexOf("\n", searchFrom - 1);
+				if (nl < 0) { lastLine = tailStr.trim(); break; }
+				const candidate = tailStr.slice(nl + 1, searchFrom).trim();
+				if (candidate) { lastLine = candidate; break; }
+				searchFrom = nl;
+			}
+			try {
+				if (lastLine) {
+					newestTimestamp = (JSON.parse(lastLine) as { time: string }).time;
+				}
+			} catch { /* corrupt tail */ }
+		}
-		// Read last line for newest timestamp
-		let newestTimestamp: string | undefined;
+		// Stream-scan to count newlines and find first line boundary.
+		let eventCount = 0;
+		let firstLineBytes = 0;
+		const buf = Buffer.alloc(8192);
+		let offset = 0;
+		let newlineCount = 0;
+		const scanFd = fs.openSync(eventsPath, "r");
 		try {
-			const lastNewline = content.lastIndexOf("\n", content.length - 2);
-			const lastLine = content.slice(lastNewline + 1).trim();
-			if (lastLine) {
-				newestTimestamp = (JSON.parse(lastLine) as { time: string }).time;
+			let bytesRead: number;
+			while ((bytesRead = fs.readSync(scanFd, buf, 0, buf.length, offset)) > 0) {
+				for (let i = 0; i < bytesRead; i++) {
+					if (buf[i] === 10) {
+						if (newlineCount === 0) firstLineBytes = offset + i + 1;
+						newlineCount++;
+					}
+					}
+					offset += bytesRead;
+				}
+			} finally {
+				fs.closeSync(scanFd);
 			}
-		} catch { /* corrupt tail */ }
+		eventCount = newlineCount;
+		// Read first line for oldest timestamp.
+		let oldestTimestamp: string | undefined;
+		if (firstLineBytes > 0) {
+			try {
+				const firstBuf = Buffer.alloc(firstLineBytes);
+				const fd = fs.openSync(eventsPath, "r");
+				try {
+					fs.readSync(fd, firstBuf, 0, firstLineBytes, 0);
+				} finally {
+					fs.closeSync(fd);
+				}
+				const firstLine = firstBuf.toString("utf-8").trim();
+				if (firstLine) {
+					oldestTimestamp = (JSON.parse(firstLine) as { time: string }).time;
+				}
+			} catch { /* corrupt head */ }
+		}
 		return {
 			fileSizeBytes,
@@ -159,3 +245,4 @@ export function getEventLogStats(eventsPath: string): EventLogStats | undefined
 		return undefined;
 	}
 }

package/src/state/event-log.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { logInternalError } from "../utils/internal-error.ts";
 import { readJsonlSince, type IncrementalReadState } from "../utils/incremental-reader.ts";
 import { redactSecrets } from "../utils/redaction.ts";
 import { sleepSync } from "../utils/sleep.ts";
-import { needsRotation, compactEventLog } from "./event-log-rotation.ts";
+import { needsRotation, compactEventLog, rotateEventLog } from "./event-log-rotation.ts";
 export type TeamEventProvenance = "live_worker" | "test" | "healthcheck" | "replay" | "api" | "background" | "team_runner";
 export type TeamWatcherAction = "act" | "observe" | "ignore";
@@ -64,7 +64,7 @@ let appendCounter = 0;
 /** Simple cross-process lock for an eventsPath to prevent JSONL interleave on concurrent append.
  *  Detects stale locks by checking the owner PID written inside the lock directory.
  */
-function withEventLogLockSync<T>(eventsPath: string, fn: () => T): T {
+export function withEventLogLockSync<T>(eventsPath: string, fn: () => T): T {
 	const lockDir = `${eventsPath}.lock`;
 	const pidFile = path.join(lockDir, "pid");
 	const start = Date.now();
@@ -208,15 +208,43 @@ function appendEventInsideLock(eventsPath: string, event: AppendTeamEvent): Team
 		metadata = { ...metadata, fingerprint: baseMetadata?.fingerprint ?? computeEventFingerprint(fullEvent) };
 		fullEvent.metadata = metadata;
 	}
+	// H1 fix: handle overflow before appending.
+	// 1. Terminal events must always be persisted regardless of size.
+	// 2. Non-terminal events exceeding MAX_EVENTS_BYTES trigger immediate compact.
+	// 3. After compact, if still over limit, rotate.
+	const isTerminal = TERMINAL_EVENT_TYPES.has(fullEvent.type);
+	let skippedDueToSize = false;
+	if (!isTerminal && fs.existsSync(eventsPath)) {
+		const stat = fs.statSync(eventsPath);
+		if (stat.size > MAX_EVENTS_BYTES) {
+			// Try immediate compact (not waiting for counter % 100)
+			try {
+				compactEventLog(eventsPath);
+			} catch (error) {
+				logInternalError("event-log.immediate-compact", error, `eventsPath=${eventsPath}`);
+			}
+			// Check if still too large after compact — if so, rotate
+			if (fs.existsSync(eventsPath)) {
+				const afterCompact = fs.statSync(eventsPath);
+				if (afterCompact.size > MAX_EVENTS_BYTES) {
+					rotateEventLog(eventsPath);
+				}
+			}
+		}
+	}
 	try {
 		if (fs.existsSync(eventsPath) && fs.statSync(eventsPath).size > MAX_EVENTS_BYTES) {
-			logInternalError("event-log.size-limit", new Error(`events file ${eventsPath} exceeds ${MAX_EVENTS_BYTES} bytes`), `eventsPath=${eventsPath}`);
-			return { ...fullEvent, metadata: { ...(fullEvent.metadata ?? { seq: 0, provenance: "team_runner" }), appended: false } };
+			// Only reach here for non-terminal events that still overflow after compact+rotate.
+			// Log and mark as not appended.
+			logInternalError("event-log.size-limit", new Error(`events file ${eventsPath} exceeds ${MAX_EVENTS_BYTES} bytes after compaction`), `eventsPath=${eventsPath}`);
+			skippedDueToSize = true;
 		}
 	} catch (error) {
 		logInternalError("event-log.size-check", error, `eventsPath=${eventsPath}`);
 	}
-	fs.appendFileSync(eventsPath, `${JSON.stringify(redactSecrets(fullEvent))}\n`, "utf-8");
+	if (!skippedDueToSize) {
+		fs.appendFileSync(eventsPath, `${JSON.stringify(redactSecrets(fullEvent))}\n`, "utf-8");
+	}
 	appendCounter++;
 	if (appendCounter % 100 === 0 && needsRotation(eventsPath)) {
 		try { compactEventLog(eventsPath); } catch (error) { logInternalError("event-log.rotation", error, `eventsPath=${eventsPath}`); }

package/src/state/event-reconstructor.ts CHANGED Viewed

@@ -11,7 +11,7 @@ import type { TeamEvent } from "./event-log.ts";
 import { readEvents } from "./event-log.ts";
 /** Task status values that can be reconstructed from lifecycle events. */
-const RECONSTRUCTABLE_STATUSES = new Set(["created", "queued", "running", "completed", "failed", "cancelled", "skipped", "waiting"]);
+const RECONSTRUCTABLE_STATUSES = new Set(["created", "queued", "running", "completed", "failed", "cancelled", "skipped", "waiting", "needs_attention"]);
 /** Event types that carry task lifecycle state transitions. */
 const TASK_LIFECYCLE_EVENT_TYPES = new Set([
@@ -21,6 +21,7 @@ const TASK_LIFECYCLE_EVENT_TYPES = new Set([
 	"task.failed",
 	"task.skipped",
 	"task.cancelled",
+	"task.needs_attention",
 	"task.waiting",
 	"task.resumed",
 	"task.retried",
@@ -31,7 +32,7 @@ const TASK_LIFECYCLE_EVENT_TYPES = new Set([
 ]);
 /** Terminal events that set finishedAt. */
-const TERMINAL_EVENTS = new Set(["task.completed", "task.failed", "task.cancelled", "task.skipped"]);
+const TERMINAL_EVENTS = new Set(["task.completed", "task.failed", "task.cancelled", "task.skipped", "task.needs_attention"]);
 /** Mapping from event type to the reconstructed task status. */
 const EVENT_STATUS_MAP: Readonly<Record<string, string>> = {
@@ -41,6 +42,7 @@ const EVENT_STATUS_MAP: Readonly<Record<string, string>> = {
 	"task.failed": "failed",
 	"task.skipped": "skipped",
 	"task.cancelled": "cancelled",
+	"task.needs_attention": "needs_attention",
 	"task.waiting": "waiting",
 	"task.resumed": "running",
 	"task.retried": "queued",

package/src/state/mailbox.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import { resolveRealContainedPath } from "../utils/safe-paths.ts";
 import { redactSecrets } from "../utils/redaction.ts";
 import { logInternalError } from "../utils/internal-error.ts";
 import { atomicWriteFile } from "./atomic-write.ts";
+import { withEventLogLockSync } from "./event-log.ts";
 export type MailboxDirection = "inbox" | "outbox";
 export type MailboxMessageStatus = "queued" | "delivered" | "acknowledged";
@@ -298,7 +299,10 @@ export function appendMailboxMessage(manifest: TeamRunManifest, message: Omit<Ma
 		repliedAt: message.repliedAt,
 		replyContent: message.replyContent,
 	};
-	fs.appendFileSync(mailboxFile(manifest, complete.direction, complete.taskId), `${JSON.stringify(redactSecrets(complete))}\n`, "utf-8");
+	// H2 fix: wrap append in cross-process lock to prevent interleaving on Windows.
+	withEventLogLockSync(mailboxFile(manifest, complete.direction, complete.taskId), () => {
+		fs.appendFileSync(mailboxFile(manifest, complete.direction, complete.taskId), `${JSON.stringify(redactSecrets(complete))}\n`, "utf-8");
+	});
 	// 3.3 — rotate mailbox file if it has grown past 10 MB. Cheap stat
 	// check; rotates at most once per append.
 	rotateMailboxFileIfNeeded(mailboxFile(manifest, complete.direction, complete.taskId));

package/src/state/schedule.ts ADDED Viewed

@@ -0,0 +1,146 @@
+/**
+ * schedule.ts — Schedule detection and parsing utilities.
+ *
+ * Mirrors pi-subagents3's SubagentScheduler static methods:
+ *   - detectSchedule(): sniff cron / interval / one-shot from string
+ *   - validateCronExpression(): 6-field cron validation
+ *   - parseRelativeTime(): "+10m" → ISO timestamp
+ *   - parseInterval(): "5m" → milliseconds
+ */
+import type { ScheduleStoreData, ScheduledTask } from "./types.ts";
+export type DetectedSchedule =
+	| { type: "cron"; normalized: string }
+	| { type: "interval"; intervalMs: number; normalized: string }
+	| { type: "once"; normalized: string };
+/** "+10s"/"+5m"/"+1h"/"+2d" → ISO timestamp or null if not a relative time. */
+export function parseRelativeTime(s: string): string | null {
+	const m = s.trim().match(/^\+(\d+)(s|m|h|d)$/);
+	if (!m) return null;
+	const ms = parseInt(m[1], 10) * { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 }[m[2] as "s" | "m" | "h" | "d"];
+	return new Date(Date.now() + ms).toISOString();
+}
+/** "10s"/"5m"/"1h"/"2d" → milliseconds or null if not an interval. */
+export function parseInterval(s: string): number | null {
+	const m = s.trim().match(/^(\d+)(s|m|h|d)$/);
+	if (!m) return null;
+	return parseInt(m[1], 10) * { s: 1000, m: 60_000, h: 3_600_000, d: 86_400_000 }[m[2] as "s" | "m" | "h" | "d"];
+}
+/** 6-field cron validation ("second minute hour dom month dow"). */
+export function validateCronExpression(expr: string): { valid: boolean; error?: string } {
+	const fields = expr.trim().split(/\s+/);
+	if (fields.length !== 6) {
+		return {
+			valid: false,
+			error: `Cron must have 6 fields (second minute hour dom month dow), got ${fields.length}. Example: "0 0 9 * * 1" for 9am every Monday.`,
+		};
+	}
+	// Basic format check: all fields must be non-empty
+	if (!fields.every(f => f.length > 0)) {
+		return { valid: false, error: "Cron expression contains empty fields." };
+	}
+	// Accept any cron pattern — fail silently for malformed expressions
+	// (the croner library will reject at execution time)
+	return { valid: true };
+}
+/**
+ * Sniff a schedule string and tag its type. Throws on invalid input.
+ * Order matters: relative ("+10m") and interval ("5m") both match digit+unit;
+ * relative requires the leading "+" to disambiguate.
+ */
+export function detectSchedule(s: string): DetectedSchedule {
+	const trimmed = s.trim();
+	// "+10m" — relative one-shot
+	const rel = parseRelativeTime(trimmed);
+	if (rel !== null) return { type: "once", normalized: rel };
+	// "5m" — interval
+	const ivl = parseInterval(trimmed);
+	if (ivl !== null) return { type: "interval", intervalMs: ivl, normalized: trimmed };
+	// ISO timestamp — one-shot. Reject past timestamps.
+	if (/^\d{4}-\d{2}-\d{2}T/.test(trimmed)) {
+		const d = new Date(trimmed);
+		if (!Number.isNaN(d.getTime())) {
+			if (d.getTime() <= Date.now()) {
+				throw new Error(`Scheduled time ${d.toISOString()} is in the past.`);
+			}
+			return { type: "once", normalized: d.toISOString() };
+		}
+	}
+	// Cron — 6-field
+	const cronCheck = validateCronExpression(trimmed);
+	if (cronCheck.valid) return { type: "cron", normalized: trimmed };
+	throw new Error(
+		`Invalid schedule "${s}". Use 6-field cron (e.g. "0 0 9 * * 1" — 9am every Monday), interval ("5m"/"1h"), or one-shot ("+10m" / ISO).`,
+	);
+}
+/** ScheduleStore: PID-locked, session-scoped, atomic JSON persistence. */
+export class ScheduleStore {
+	private readonly path: string;
+	private data: ScheduleStoreData;
+	constructor(path: string) {
+		this.path = path;
+		this.data = { version: 1, jobs: [] };
+		try {
+			if (require("node:fs").existsSync(path)) {
+				const content = require("node:fs").readFileSync(path, "utf-8");
+				const parsed = JSON.parse(content);
+				if (parsed && typeof parsed === "object" && "version" in parsed && "jobs" in parsed) {
+					this.data = parsed as ScheduleStoreData;
+				}
+			}
+		} catch {
+			// Corrupt or missing file — start fresh
+		}
+	}
+	private save(): void {
+		try {
+			require("node:fs").mkdirSync(require("node:path").dirname(this.path), { recursive: true });
+			require("node:fs").writeFileSync(this.path, JSON.stringify(this.data, null, 2), "utf-8");
+		} catch (error) {
+			console.warn(`[pi-crew] Failed to save schedule store: ${error instanceof Error ? error.message : String(error)}`);
+		}
+	}
+	list(): ScheduledTask[] {
+		return [...this.data.jobs];
+	}
+	hasName(name: string): boolean {
+		return this.data.jobs.some(j => j.name === name);
+	}
+	get(id: string): ScheduledTask | undefined {
+		return this.data.jobs.find(j => j.id === id);
+	}
+	add(job: ScheduledTask): void {
+		this.data.jobs.push(job);
+		this.save();
+	}
+	update(id: string, patch: Partial<ScheduledTask>): ScheduledTask | undefined {
+		const idx = this.data.jobs.findIndex(j => j.id === id);
+		if (idx === -1) return undefined;
+		this.data.jobs[idx] = { ...this.data.jobs[idx], ...patch };
+		this.save();
+		return this.data.jobs[idx];
+	}
+	remove(id: string): boolean {
+		const before = this.data.jobs.length;
+		this.data.jobs = this.data.jobs.filter(j => j.id !== id);
+		if (this.data.jobs.length !== before) {
+			this.save();
+			return true;
+		}
+		return false;
+	}
+}