pi-crew 0.5.2 → 0.5.6

package/src/state/decision-ledger.ts

@@ -1,5 +1,6 @@
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { dirname } from "path";
+import { atomicWriteFile } from "./atomic-write.ts";
 
 export interface CoherenceMark {
 	matchesPrior: boolean;
@@ -21,9 +22,12 @@ export interface RolloutEntry {
 
 /**
  * Get the ledger file path for a given run ID.
+ * SECURITY: Accept stateRoot param to use it for path computation
+ * instead of hardcoded path, ensuring stateRoot containment.
  */
-function getLedgerPath(runId: string): string {
-	return `.crew/state/runs/${runId}/decision-ledger.jsonl`;
+function getLedgerPath(runId: string, stateRoot?: string): string {
+	const base = stateRoot ?? `.crew/state/runs/${runId}`;
+	return `${base}/decision-ledger.jsonl`;
 }
 
 /**
@@ -44,19 +48,19 @@ function computeCoherence(entry: RolloutEntry, ledger: RolloutEntry[]): Coherenc
 		entry.decisionMark === previousEntry.decisionMark ||
 		Boolean(entry.priorWinner && entry.topCandidates.includes(entry.priorWinner));
 
-	// Check last 3 entries for recursive pattern
-	const recentEntries = ledger.slice(-3);
+	// Check last 10 entries for recursive pattern
+	const recentEntries = ledger.slice(-10);
 	const recentDecisions = recentEntries.map((e) => e.decisionMark);
 	const currentDecision = entry.decisionMark;
 
 	const recursiveMatches = recentDecisions.filter((d) => d === currentDecision).length;
-	const matchesRecursive = recursiveMatches >= 2;
+	const matchesRecursive = recursiveMatches >= Math.ceil(recentDecisions.length / 2); // At least half match
 
 	const promotionAllowed = matchesPrior || matchesRecursive;
 
 	let reason: string;
 	if (matchesPrior && matchesRecursive) {
-		reason = `Matches prior winner and recursive pattern (${recursiveMatches}/3 recent decisions)`;
+		reason = `Matches prior winner and recursive pattern (${recursiveMatches}/${recentDecisions.length} recent decisions)`;
 	} else if (matchesPrior) {
 		reason = `Matches prior winner decision`;
 	} else if (matchesRecursive) {
@@ -94,29 +98,31 @@ export function initLedger(runId: string): void {
 /**
  * Append a new entry to the decision ledger.
  * Automatically computes and adds coherence marks.
+ * FIX: Uses atomic write to prevent partial writes on crash.
  */
 export function appendEntry(runId: string, entry: RolloutEntry): RolloutEntry {
-	const ledgerPath = getLedgerPath(runId);
-
 	// Ensure directory exists
+	const ledgerPath = getLedgerPath(runId);
 	const dir = dirname(ledgerPath);
 	if (!existsSync(dir)) {
 		mkdirSync(dir, { recursive: true });
 	}
 
-	// Get existing entries to compute coherence
+	// Get existing entries to compute coherence (and use same result for write)
 	const ledger = getLedger(runId);
 
-	// Compute coherence marks
+	// Compute coherence
 	const coherenceMark = computeCoherence(entry, ledger);
 	const entryWithCoherence: RolloutEntry = {
 		...entry,
 		coherenceMark,
 	};
 
-	// Append to JSONL file
+	// Append to JSONL file using atomic write to prevent corruption
+	// Use the already-loaded ledger content (no double-read)
 	const line = JSON.stringify(entryWithCoherence) + "\n";
-	writeFileSync(ledgerPath, line, { flag: "a", encoding: "utf-8" });
+	const existingContent = ledger.length > 0 ? ledger.map((e) => JSON.stringify(e)).join("\n") + "\n" : "";
+	atomicWriteFile(ledgerPath, existingContent + line);
 	return entryWithCoherence;
 }
 
@@ -218,78 +224,115 @@ export function summarizeLedger(runId: string): string {
 	return lines.join("\n");
 }
 
+/**
+ * Override the coherence mark of the last entry in the ledger.
+ * FIX: This preserves all previous entries while updating just the last one.
+ * Previously this would truncate the entire ledger!
+ */
+function overrideLastEntry(runId: string, coherenceMark: import("./types.js").CoherenceMark): RolloutEntry {
+	const ledger = getLedger(runId);
+	if (ledger.length === 0) {
+		throw new Error(`No ledger entries found for run ${runId}`);
+	}
+	// Update the last entry with the new coherence mark
+	const lastIndex = ledger.length - 1;
+	ledger[lastIndex] = { ...ledger[lastIndex], coherenceMark };
+	// Rewrite entire ledger to preserve all entries
+	const ledgerPath = getLedgerPath(runId);
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
+	return ledger[lastIndex];
+}
+
 /**
  * Promote a candidate by marking it as accepted with proper coherence.
  */
 export function promoteCandidate(runId: string, candidate: string): RolloutEntry {
 	const latestDecision = getLatestDecision(runId);
 
-	const entry: RolloutEntry = {
+	// Get existing entries to compute proper coherence
+	const ledger = getLedger(runId);
+
+	// Create entry without coherence first
+	const entryWithoutCoherence = {
 		rolloutId: `promote-${Date.now()}`,
 		timestamp: new Date().toISOString(),
 		priorWinner: latestDecision?.topCandidates[0],
 		searchSpace: latestDecision?.searchSpace || "unknown",
 		trialCount: (latestDecision?.trialCount || 0) + 1,
 		topCandidates: [candidate],
-		decisionMark: "accept",
-		coherenceMark: {
-			matchesPrior: false,
-			matchesRecursive: false,
-			promotionAllowed: true,
-			reason: "Manual promotion by user",
-		},
+		decisionMark: "accept" as const,
 	};
 
-	// Persist via appendEntry so ledger is consistent.
-	appendEntry(runId, entry);
-	const manualCoherence: import("./types.js").CoherenceMark = {
-		matchesPrior: false,
-		matchesRecursive: false,
-		promotionAllowed: true,
-		reason: "Manual promotion by user",
+	// Compute coherence (empty ledger = no matches)
+	const coherenceMark = computeCoherence(entryWithoutCoherence as RolloutEntry, ledger);
+
+	// Manual promotion always allows further promotion
+	coherenceMark.promotionAllowed = true;
+	coherenceMark.reason = "Manual promotion - promotion allowed";
+
+	// Create full entry with coherence
+	const entry: RolloutEntry = {
+		...entryWithoutCoherence,
+		coherenceMark,
 	};
-	// Manually override the last line in the JSONL to reflect the coherent
-	// decision we want, bypassing appendEntry's auto-compute for the returned value.
-	const lastLine = readFileSync(getLedgerPath(runId), "utf-8").trim().split("\n").filter(Boolean).at(-1)!;
-	const overridden: RolloutEntry = { ...JSON.parse(lastLine), coherenceMark: manualCoherence };
-	writeFileSync(getLedgerPath(runId), JSON.stringify(overridden) + "\n", "utf-8");
-	return overridden;
+
+	// Always push new entry (append-only pattern)
+	ledger.push(entry);
+
+	// Rewrite entire ledger atomically to preserve all entries
+	const ledgerPath = getLedgerPath(runId);
+	const dir = dirname(ledgerPath);
+	if (!existsSync(dir)) {
+		mkdirSync(dir, { recursive: true });
+	}
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
+
+	return entry;
 }
 
 /**
- * Decay a candidate by marking it as decayed with proper coherence.
+ * Decay a candidate by marking it as accepted with proper coherence.
  */
 export function decayCandidate(runId: string, candidate: string): RolloutEntry {
 	const latestDecision = getLatestDecision(runId);
 
-	const entry: RolloutEntry = {
+	// Get existing entries to compute proper coherence
+	const ledger = getLedger(runId);
+
+	// Create entry without coherence first
+	const entryWithoutCoherence = {
 		rolloutId: `decay-${Date.now()}`,
 		timestamp: new Date().toISOString(),
 		priorWinner: latestDecision?.topCandidates[0],
 		searchSpace: latestDecision?.searchSpace || "unknown",
 		trialCount: (latestDecision?.trialCount || 0) + 1,
 		topCandidates: [candidate],
-		decisionMark: "decay",
-		coherenceMark: {
-			matchesPrior: false,
-			matchesRecursive: false,
-			promotionAllowed: false,
-			reason: "Manual decay by user",
-		},
+		decisionMark: "decay" as const,
 	};
 
-	// Persist via appendEntry so ledger is consistent.
-	appendEntry(runId, entry);
-	const manualCoherence: import("./types.js").CoherenceMark = {
-		matchesPrior: false,
-		matchesRecursive: false,
-		promotionAllowed: false,
-		reason: "Manual decay by user",
+	// Compute coherence (empty ledger = no matches)
+	const coherenceMark = computeCoherence(entryWithoutCoherence as RolloutEntry, ledger);
+
+	// Manual decay never allows promotion
+	coherenceMark.promotionAllowed = false;
+	coherenceMark.reason = "Manual decay - promotion not allowed";
+
+	// Create full entry with coherence
+	const entry: RolloutEntry = {
+		...entryWithoutCoherence,
+		coherenceMark,
 	};
-	// Manually override the last line in the JSONL to reflect the coherent
-	// decision we want, bypassing appendEntry's auto-compute for the returned value.
-	const lastLine = readFileSync(getLedgerPath(runId), "utf-8").trim().split("\n").filter(Boolean).at(-1)!;
-	const overridden: RolloutEntry = { ...JSON.parse(lastLine), coherenceMark: manualCoherence };
-	writeFileSync(getLedgerPath(runId), JSON.stringify(overridden) + "\n", "utf-8");
-	return overridden;
+
+	// Always push new entry (append-only pattern)
+	ledger.push(entry);
+
+	// Rewrite entire ledger to preserve all entries
+	const ledgerPath = getLedgerPath(runId);
+	const dir = dirname(ledgerPath);
+	if (!existsSync(dir)) {
+		mkdirSync(dir, { recursive: true });
+	}
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
+
+	return entry;
 }

package/src/state/event-log-rotation.ts

@@ -209,9 +209,9 @@ export function getEventLogStats(eventsPath: string): EventLogStats | undefined
 						if (newlineCount === 0) firstLineBytes = offset + i + 1;
 						newlineCount++;
 					}
-					}
-					offset += bytesRead;
 				}
+				offset += bytesRead;
+			}
 			} finally {
 				fs.closeSync(scanFd);
 			}

package/src/state/event-log.ts

@@ -63,12 +63,17 @@ let appendCounter = 0;
 
 /** Simple cross-process lock for an eventsPath to prevent JSONL interleave on concurrent append.
  *  Detects stale locks by checking the owner PID written inside the lock directory.
+ *
+ *  @deprecated Prefer `appendEventAsync()` for callers in async contexts. The sync lock
+ *  uses `sleepSync` which blocks the event loop and prevents AbortSignal handlers from firing.
  */
 export function withEventLogLockSync<T>(eventsPath: string, fn: () => T): T {
+	// Ensure parent directory exists before attempting lock
+	fs.mkdirSync(path.dirname(eventsPath), { recursive: true });
 	const lockDir = `${eventsPath}.lock`;
 	const pidFile = path.join(lockDir, "pid");
 	const start = Date.now();
-	const timeout = 5000;
+	const timeout = 120000; // 120s timeout for slow CI environments
 	const staleMs = 10000;
 	let acquired = false;
 	while (true) {
@@ -79,6 +84,8 @@ export function withEventLogLockSync<T>(eventsPath: string, fn: () => T): T {
 			break;
 		} catch {
 			if (Date.now() - start > timeout) {
+				// Log error and continue without lock — lock is held by live process.
+				// Stale detection will clean up dead locks on next attempt.
 				logInternalError("event-log.lock-timeout", new Error(`Event log lock timeout for ${eventsPath}`), `lockDir=${lockDir}`);
 				break;
 			}
@@ -112,9 +119,15 @@ export function withEventLogLockSync<T>(eventsPath: string, fn: () => T): T {
 	}
 }
 
-function evictOldestSequenceCacheEntry(): void {
-	const first = sequenceCache.keys().next().value;
-	if (first !== undefined) sequenceCache.delete(first);
+function evictOldestSequenceCacheEntries(): void {
+	// Batch evict oldest 50% of entries when cache is full
+	const toEvict = Math.ceil(MAX_SEQUENCE_CACHE_ENTRIES / 2);
+	let evicted = 0;
+	for (const key of sequenceCache.keys()) {
+		if (evicted >= toEvict) break;
+		sequenceCache.delete(key);
+		evicted++;
+	}
 }
 
 export function sequencePath(eventsPath: string): string {
@@ -174,10 +187,116 @@ export function computeEventFingerprint(event: Pick<TeamEvent, "type" | "runId"
 	return createHash("sha256").update(JSON.stringify({ type: event.type, runId: event.runId, taskId: event.taskId, data: event.data ?? null })).digest("hex").slice(0, 16);
 }
 
+/**
+ * @deprecated Prefer `appendEventAsync()` in async contexts. The sync lock uses
+ * `sleepSync` which blocks the Node.js event loop, preventing AbortSignal handlers
+ * from firing and degrading live-agent responsiveness.
+ */
 export function appendEvent(eventsPath: string, event: AppendTeamEvent): TeamEvent {
 	return withEventLogLockSync(eventsPath, () => appendEventInsideLock(eventsPath, event));
 }
 
+// --- Async write queue (non-blocking alternative to withEventLogLockSync) ---
+const asyncQueues = new Map<string, Promise<unknown>>();
+
+/**
+ * Append an event to the event log using non-blocking async I/O.
+ *
+ * Uses a per-eventsPath promise-chain queue to ensure sequential writes without
+ * blocking the Node.js event loop. This allows AbortSignal handlers and other
+ * async operations to proceed while events are being persisted.
+ *
+ * For callers that are already in an async context (team-runner, task-runner,
+ * foreground-control, etc.), prefer this over the sync `appendEvent()`.
+ */
+export async function appendEventAsync(eventsPath: string, event: AppendTeamEvent): Promise<TeamEvent> {
+	const queueKey = eventsPath;
+	const prev = asyncQueues.get(queueKey) ?? Promise.resolve();
+	const next = prev.then(async (): Promise<TeamEvent> => {
+		// Ensure directory exists
+		await fs.promises.mkdir(path.dirname(eventsPath), { recursive: true });
+
+		// Build metadata (same logic as appendEventInsideLock)
+		const baseMetadata = event.metadata;
+		let metadata: TeamEventMetadata = {
+			seq: baseMetadata?.seq ?? nextSequence(eventsPath),
+			provenance: baseMetadata?.provenance ?? "team_runner",
+			...(baseMetadata?.parentEventId ? { parentEventId: baseMetadata.parentEventId } : {}),
+			...(baseMetadata?.attemptId ? { attemptId: baseMetadata.attemptId } : {}),
+			...(baseMetadata?.branchId ? { branchId: baseMetadata.branchId } : {}),
+			...(baseMetadata?.causationId ? { causationId: baseMetadata.causationId } : {}),
+			...(baseMetadata?.correlationId ? { correlationId: baseMetadata.correlationId } : {}),
+			...(baseMetadata?.sessionIdentity ? { sessionIdentity: baseMetadata.sessionIdentity } : {}),
+			...(baseMetadata?.ownership ? { ownership: baseMetadata.ownership } : {}),
+			...(baseMetadata?.nudgeId ? { nudgeId: baseMetadata.nudgeId } : {}),
+			...(baseMetadata?.confidence ? { confidence: baseMetadata.confidence } : {}),
+		};
+		const fullEvent: TeamEvent = {
+			time: new Date().toISOString(),
+			...event,
+			metadata,
+		};
+		if (baseMetadata?.fingerprint || TERMINAL_EVENT_TYPES.has(fullEvent.type)) {
+			metadata = { ...metadata, fingerprint: baseMetadata?.fingerprint ?? computeEventFingerprint(fullEvent) };
+			fullEvent.metadata = metadata;
+		}
+
+		// Overflow handling: same logic as sync path
+		const isTerminal = TERMINAL_EVENT_TYPES.has(fullEvent.type);
+		let skippedDueToSize = false;
+		if (!isTerminal && fs.existsSync(eventsPath)) {
+			const stat = fs.statSync(eventsPath);
+			if (stat.size > MAX_EVENTS_BYTES) {
+				try {
+					compactEventLog(eventsPath);
+				} catch (error) {
+					logInternalError("event-log.immediate-compact", error, `eventsPath=${eventsPath}`);
+				}
+				if (fs.existsSync(eventsPath)) {
+					const afterCompact = fs.statSync(eventsPath);
+					if (afterCompact.size > MAX_EVENTS_BYTES) {
+						rotateEventLog(eventsPath);
+					}
+				}
+			}
+		}
+		try {
+			if (fs.existsSync(eventsPath) && fs.statSync(eventsPath).size > MAX_EVENTS_BYTES) {
+				logInternalError("event-log.size-limit", new Error(`events file ${eventsPath} exceeds ${MAX_EVENTS_BYTES} bytes after compaction`), `eventsPath=${eventsPath}`);
+				skippedDueToSize = true;
+			}
+		} catch (error) {
+			logInternalError("event-log.size-check", error, `eventsPath=${eventsPath}`);
+		}
+
+		if (!skippedDueToSize) {
+			const line = JSON.stringify(redactSecrets(fullEvent)) + "\n";
+			await fs.promises.appendFile(eventsPath, line, { encoding: "utf-8" });
+		}
+
+		appendCounter++;
+		if (appendCounter % 100 === 0 && needsRotation(eventsPath)) {
+			try { compactEventLog(eventsPath); } catch (error) { logInternalError("event-log.rotation", error, `eventsPath=${eventsPath}`); }
+		}
+		try { emitFromTeamEvent(fullEvent); } catch (error) { logInternalError("event-log.emit", error); }
+
+		const seq = fullEvent.metadata?.seq ?? 0;
+		try {
+			const stat = fs.statSync(eventsPath);
+			if (sequenceCache.size >= MAX_SEQUENCE_CACHE_ENTRIES) {
+				evictOldestSequenceCacheEntries();
+			}
+			sequenceCache.set(eventsPath, { size: stat.size, mtimeMs: stat.mtimeMs, seq });
+			persistSequence(eventsPath, seq);
+		} catch (error) {
+			logInternalError("event-log.persist-sequence", error, `eventsPath=${eventsPath}`);
+		}
+		return fullEvent;
+	});
+	asyncQueues.set(queueKey, next.catch((error) => { logInternalError("event-log.async-queue", error, eventsPath); asyncQueues.delete(queueKey); }));
+	return next;
+}
+
 /**
  * Body of `appendEvent` assuming the caller already holds
  * `withEventLogLockSync` for `eventsPath`. Used by `appendEventBuffered` to
@@ -254,7 +373,7 @@ function appendEventInsideLock(eventsPath: string, event: AppendTeamEvent): Team
 	try {
 		const stat = fs.statSync(eventsPath);
 		if (sequenceCache.size >= MAX_SEQUENCE_CACHE_ENTRIES) {
-			evictOldestSequenceCacheEntry();
+			evictOldestSequenceCacheEntries();
 		}
 		sequenceCache.set(eventsPath, { size: stat.size, mtimeMs: stat.mtimeMs, seq });
 		persistSequence(eventsPath, seq);
@@ -283,6 +402,12 @@ const bufferedTimers = new Map<string, ReturnType<typeof setTimeout>>();
 const DEFAULT_BUFFER_MS = 20;
 
 export function appendEventBuffered(eventsPath: string, event: AppendTeamEvent, bufferMs = DEFAULT_BUFFER_MS): Promise<TeamEvent> {
+	// FIX: Terminal events must bypass buffer to ensure they're written immediately.
+	// Previously, terminal events like task.failed could be lost on process crash.
+	if (TERMINAL_EVENT_TYPES.has(event.type)) {
+		// For terminal events, write synchronously to ensure durability
+		return Promise.resolve(appendEvent(eventsPath, event));
+	}
 	return new Promise<TeamEvent>((resolve, reject) => {
 		const queue = bufferedQueues.get(eventsPath) ?? [];
 		queue.push({ event, resolve, reject });
@@ -300,8 +425,16 @@ function flushOneEventLogBuffer(eventsPath: string): void {
 	bufferedQueues.delete(eventsPath);
 	const timer = bufferedTimers.get(eventsPath);
 	if (timer) clearTimeout(timer);
+	// MEDIUM-13: Delete timer entry only after successful flush (in finally block)
 	bufferedTimers.delete(eventsPath);
 	if (!queue || queue.length === 0) return;
+	
+	// HIGH-10: Clean up queue if it exceeds limit to prevent unbounded growth
+	if (queue.length > 1000) {
+		// Keep only the last 500 entries
+		queue.splice(0, queue.length - 500);
+	}
+	
 	try {
 		withEventLogLockSync(eventsPath, () => {
 			for (const item of queue) {
@@ -325,12 +458,13 @@ export function flushEventLogBuffer(): void {
 }
 
 /**
- * 2.2 caller-migration helper — schedule a buffered append but do not return
- * the resulting Promise. Use only for events whose return value is ignored
- * (high-frequency `task.progress`). Errors are logged via logInternalError.
+ * Schedule an async event append without waiting for the result.
+ * Uses the non-blocking async queue to avoid blocking the event loop.
+ * Use only for events whose return value is ignored (high-frequency `task.progress`).
+ * Errors are logged via logInternalError.
  */
-export function appendEventFireAndForget(eventsPath: string, event: AppendTeamEvent, bufferMs = DEFAULT_BUFFER_MS): void {
-	appendEventBuffered(eventsPath, event, bufferMs).catch((error) => logInternalError("event-log.fire-and-forget", error, eventsPath));
+export function appendEventFireAndForget(eventsPath: string, event: AppendTeamEvent, _bufferMs = DEFAULT_BUFFER_MS): void {
+	appendEventAsync(eventsPath, event).catch((error) => logInternalError("event-log.fire-and-forget", error, eventsPath));
 }
 
 // Auto-flush on process exit so buffered events do not silently leak.

package/src/state/hook-instinct-bridge.ts

@@ -6,13 +6,13 @@
 import { crewHooks } from "../runtime/crew-hooks.ts";
 
 // Lazy-initialized store and paths
-let storeInstance: import("./instinct-store").InstinctStore | null = null;
-let pathsInstance: typeof import("../utils/paths") | null = null;
+let storeInstance: import("./instinct-store.js").InstinctStore | null = null;
+let pathsInstance: typeof import("../utils/paths.js") | null = null;
 
 async function getStore() {
 	if (!storeInstance) {
-		const { InstinctStore } = await import("./instinct-store");
-		const paths = await import("../utils/paths");
+		const { InstinctStore } = await import("./instinct-store.js");
+		const paths = await import("../utils/paths.js");
 		storeInstance = new InstinctStore(paths.projectCrewRoot(process.cwd()));
 	}
 	return storeInstance;
@@ -20,7 +20,7 @@ async function getStore() {
 
 async function getPaths() {
 	if (!pathsInstance) {
-		pathsInstance = await import("../utils/paths");
+		pathsInstance = await import("../utils/paths.js");
 	}
 	return pathsInstance;
 }

package/src/state/mailbox.ts

@@ -289,6 +289,16 @@ export function readDeliveryState(manifest: TeamRunManifest): MailboxDeliverySta
 
 function writeDeliveryState(manifest: TeamRunManifest, state: MailboxDeliveryState): void {
 	ensureRunMailbox(manifest);
+	// Prune oldest entries if capped
+	const MAX_DELIVERY_MESSAGES = 10000;
+	if (Object.keys(state.messages).length > MAX_DELIVERY_MESSAGES) {
+		const sorted = Object.entries(state.messages).sort(([, a], [, b]) => {
+			const order = { queued: 0, delivered: 1, acknowledged: 2 };
+			return (order[a] ?? 3) - (order[b] ?? 3);
+		});
+		const trimmed = sorted.slice(0, MAX_DELIVERY_MESSAGES);
+		state.messages = Object.fromEntries(trimmed);
+	}
 	atomicWriteFile(deliveryFile(manifest, true), `${JSON.stringify(redactSecrets(state), null, 2)}\n`);
 }
 

package/src/state/run-cache.ts

@@ -3,6 +3,8 @@ import * as path from "node:path";
 import * as crypto from "node:crypto";
 import { projectCrewRoot } from "../utils/paths.ts";
 import type { TeamTaskState } from "./types.ts";
+import { atomicWriteFile } from "./atomic-write.ts";
+import { withFileLockSync } from "./locks.ts";
 
 const DEFAULT_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
 
@@ -31,6 +33,7 @@ export function computeRunCacheKey(goal: string, team: string, workflow: string,
     .update(normalized)
     .update(team)
     .update(workflow)
+    .update(_cwd)
     .digest("hex")
     .slice(0, 16);
 }
@@ -61,12 +64,15 @@ export function getCachedRun(cwd: string, cacheKey: string): CacheEntry | null {
     const entry = JSON.parse(fs.readFileSync(entryPath, "utf-8")) as CacheEntry;
 
     if (Date.now() > entry.expiresAt) {
-      // Remove expired entry
-      try {
-        fs.unlinkSync(entryPath);
-      } catch { /* ignore */ }
-      delete index[cacheKey];
-      fs.writeFileSync(indexPath, JSON.stringify(index), "utf-8");
+      // Remove expired entry — use lock + atomic write to prevent index corruption
+      withFileLockSync(indexPath, () => {
+        try {
+          fs.unlinkSync(entryPath);
+        } catch { /* ignore */ }
+        const updatedIndex = JSON.parse(fs.readFileSync(indexPath, "utf-8")) as CacheIndex;
+        delete updatedIndex[cacheKey];
+        atomicWriteFile(indexPath, JSON.stringify(updatedIndex));
+      });
       return null;
     }
 
@@ -109,14 +115,18 @@ export function saveRunToCache(
   const entryPath = path.join(dir, `${cacheKey}.json`);
   fs.writeFileSync(entryPath, JSON.stringify(entry), "utf-8");
 
-  // Update index
+  // Update index with atomic write: write to temp file then rename
   const indexPath = path.join(dir, "index.json");
   const index: CacheIndex = fs.existsSync(indexPath)
     ? JSON.parse(fs.readFileSync(indexPath, "utf-8"))
     : {};
 
   index[cacheKey] = entryPath;
-  fs.writeFileSync(indexPath, JSON.stringify(index), "utf-8");
+  
+  // Atomic write: write to temp file first, then rename
+  const tempPath = path.join(dir, "index.json.tmp");
+  fs.writeFileSync(tempPath, JSON.stringify(index), "utf-8");
+  fs.renameSync(tempPath, indexPath);
 }
 
 /**

package/src/state/state-store.ts

@@ -12,6 +12,7 @@ import { assertSafePathId, resolveContainedRelativePath, resolveRealContainedPat
 import { withRunLock } from "./locks.ts";
 import type { TeamConfig } from "../teams/team-config.ts";
 import type { WorkflowConfig } from "../workflows/workflow-config.ts";
+import { toPiSessionId } from "../utils/session-utils.ts";
 
 export interface RunPaths {
 	runId: string;
@@ -32,7 +33,7 @@ interface ManifestCacheEntry {
 	cachedAt?: number;
 }
 
-const MANIFEST_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const MANIFEST_CACHE_TTL_MS = 30 * 1000; // 30 seconds (FIX: reduced from 5 minutes for faster state updates)
 const manifestCache = new Map<string, ManifestCacheEntry>();
 
 function setManifestCache(stateRoot: string, entry: ManifestCacheEntry): void {
@@ -148,6 +149,7 @@ export function createRunManifest(params: {
 	const manifest: TeamRunManifest = {
 		schemaVersion: 1,
 		runId: paths.runId,
+		sessionId: toPiSessionId(paths.runId),
 		team: params.team.name,
 		workflow: params.workflow?.name,
 		goal: params.goal,

package/src/state/types.ts

@@ -4,6 +4,7 @@ import type { WorkerHeartbeatState } from "../runtime/worker-heartbeat.ts";
 import type { CrewAgentProgress } from "../runtime/crew-agent-runtime.ts";
 import type { RolloutEntry, CoherenceMark } from "./decision-ledger.ts";
 export type { RolloutEntry, CoherenceMark };
+export type { CrewAgentProgress };
 
 export type { TeamRunStatus, TeamTaskStatus } from "./contracts.ts";
 
@@ -25,6 +26,7 @@ export interface VerificationCommandResult {
 	cmd: string;
 	status: "passed" | "failed" | "not_run";
 	exitCode?: number | null;
+	durationMs?: number;
 	outputArtifact?: ArtifactDescriptor;
 }
 
@@ -156,6 +158,8 @@ export interface CrewAttentionEventData {
 export interface TeamRunManifest {
 	schemaVersion: 1;
 	runId: string;
+	/** pi session ID aligned with run ID for cross-referencing (e.g., "crew-team20260528") */
+	sessionId?: string;
 	team: string;
 	workflow?: string;
 	goal: string;

package/src/tools/safe-bash-extension.ts

@@ -68,6 +68,7 @@ export default function safeBashExtension(pi: ExtensionAPI): void {
 			"Execute a bash command safely. Blocks dangerous commands like `rm -rf /`, `sudo`, `curl | sh`, etc.",
 		parameters: Type.Object({
 			command: Type.String({ description: "Bash command to execute" }),
+			/** Timeout in seconds (optional). Default: no timeout. If exceeded, the command is killed. */
 			timeout: Type.Optional(
 				Type.Number({ description: "Timeout in seconds (optional)" }),
 			),