pi-crew 0.5.5 → 0.5.7

package/src/runtime/team-runner.ts

@@ -36,6 +36,7 @@ import { registerRunPromise, resolveRunPromise, rejectRunPromise } from "./run-t
 import { clearTrackedTaskUsage } from "./usage-tracker.ts";
 import { CrewCancellationError, buildSyntheticTerminalEvidence, cancellationReasonFromSignal } from "./cancellation.ts";
 import { effectivenessPolicyDecision, evaluateRunEffectiveness, formatRunEffectivenessLines } from "./effectiveness.ts";
+import { logInternalError } from "../utils/internal-error.ts";
 
 export interface ExecuteTeamRunInput {
 	manifest: TeamRunManifest;
@@ -279,7 +280,7 @@ export async function executeTeamRun(input: ExecuteTeamRunInput): Promise<{ mani
 		resolveRunPromise(manifest.runId, result);
 		cleanupUsage();
 		// Terminate live agents for this run — agents are done when the run ends.
-		void terminateLiveAgentsForRun(manifest.runId, "completed", appendEvent, manifest.eventsPath).catch(() => {});
+		void terminateLiveAgentsForRun(manifest.runId, "completed", appendEvent, manifest.eventsPath).catch((error) => logInternalError("team-runner.completed.terminate", error, `runId=${manifest.runId}`));
 
 		// Emit run completion hook (100% reliable, fire-and-forget)
 		crewHooks.emit({ type: "run_completed", timestamp: new Date().toISOString(), runId: manifest.runId, data: { status: result.manifest.status, taskCount: result.tasks.length } });
@@ -519,7 +520,7 @@ async function executeTeamRunCore(
 						attemptId: (attempt) => `${manifest.runId}:${task.id}:attempt-${attempt}`,
 						onAttemptFailed: (attempt, error, delayMs, info) => {
 							lastAttemptId = info.attemptId;
-							appendEventAsync(manifest.eventsPath, { type: "crew.task.retry_attempt", runId: manifest.runId, taskId: task.id, message: error.message, data: { attempt, attemptId: info.attemptId, delayMs }, metadata: { attemptId: info.attemptId } }).catch(() => {});
+							appendEventAsync(manifest.eventsPath, { type: "crew.task.retry_attempt", runId: manifest.runId, taskId: task.id, message: error.message, data: { attempt, attemptId: info.attemptId, delayMs }, metadata: { attemptId: info.attemptId } }).catch((error) => logInternalError("team-runner.retry-attempt", error, `taskId=${task.id}`));
 							input.metricRegistry?.histogram("crew.task.retry_delay_ms", "Retry backoff delay, milliseconds").observe({ runId: manifest.runId, taskId: task.id }, delayMs);
 						},
 						onRetryGivenUp: (attempts, error, info) => {
@@ -536,7 +537,7 @@ async function executeTeamRunCore(
 						const freshManifest = fresh?.manifest ?? manifest;
 						const freshTasks = fresh?.tasks ?? tasks;
 						const cancelledTasks = freshTasks.map((item) => item.id === task.id && (item.status === "queued" || item.status === "running") ? { ...item, status: "cancelled" as const, finishedAt: new Date().toISOString(), error: `${reason.message} (${reason.code})` } : item);
-						appendEventAsync(freshManifest.eventsPath, { type: "task.cancelled", runId: freshManifest.runId, taskId: task.id, message: reason.message, data: { reason, phase: "retry" }, metadata: lastAttemptId ? { attemptId: lastAttemptId } : undefined }).catch(() => {});
+						appendEventAsync(freshManifest.eventsPath, { type: "task.cancelled", runId: freshManifest.runId, taskId: task.id, message: reason.message, data: { reason, phase: "retry" }, metadata: lastAttemptId ? { attemptId: lastAttemptId } : undefined }).catch((error) => logInternalError("team-runner.cancelled", error, `taskId=${task.id}`));
 						return { manifest: updateRunStatus(freshManifest, "cancelled", reason.message), tasks: cancelledTasks };
 					}
 					if (lastFailed) return lastFailed;

package/src/schema/team-tool-schema.ts

@@ -58,6 +58,7 @@ export const TeamToolParams = Type.Object({
 				Type.Literal("api"),
 				Type.Literal("settings"),
 				Type.Literal("steer"),
+				Type.Literal("invalidate"),
 				Type.Literal("health"),
 				Type.Literal("graph"),
 				Type.Literal("onboard"),
@@ -68,6 +69,9 @@ export const TeamToolParams = Type.Object({
 				Type.Literal("orchestrate"),
 				Type.Literal("schedule"),
 				Type.Literal("scheduled"),
+				Type.Literal("anchor"),
+				Type.Literal("auto-summarize"),
+				Type.Literal("auto_boomerang"),
 			],
 			{ description: "Team action. Defaults to 'list' when omitted." },
 		),
@@ -209,6 +213,27 @@ export const TeamToolParams = Type.Object({
 			description: "Mark certain bash commands as excludeFromContext to reduce context tokens (default: false).",
 		}),
 	),
+	// Budget tracking options
+	budgetTotal: Type.Optional(
+		Type.Number({
+			description: "Total token budget for the run. When set, enables budget tracking with default 80% warning and 95% abort thresholds.",
+			minimum: 1,
+		}),
+	),
+	budgetWarning: Type.Optional(
+		Type.Number({
+			description: "Budget warning threshold as a fraction (0-1). Default: 0.8 (80%). Emits warning event when this threshold is crossed.",
+			minimum: 0,
+			maximum: 1,
+		}),
+	),
+	budgetAbort: Type.Optional(
+		Type.Number({
+			description: "Budget abort threshold as a fraction (0-1). Default: 0.95 (95%). Aborts further execution when this threshold is crossed.",
+			minimum: 0,
+			maximum: 1,
+		}),
+	),
 });
 
 export interface TeamToolParamsValue {
@@ -294,4 +319,10 @@ export interface TeamToolParamsValue {
 	once?: string | number;
 	/** Mark certain bash commands as excludeFromContext to reduce context tokens (default: false). */
 	excludeContextBash?: boolean;
+	/** Total token budget for the run. When set, enables budget tracking. */
+	budgetTotal?: number;
+	/** Budget warning threshold as a fraction (0-1). Default: 0.8. */
+	budgetWarning?: number;
+	/** Budget abort threshold as a fraction (0-1). Default: 0.95. */
+	budgetAbort?: number;
 }

package/src/skills/discover-skills.ts

@@ -6,6 +6,9 @@ import { isSafePathId, resolveContainedPath, resolveRealContainedPath } from "..
 
 const PACKAGE_SKILLS_DIR = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..", "..", "skills");
 
+const CACHE_TTL_MS = 30_000; // 30 seconds
+let cache: { skills: SkillDescriptor[]; cachedAt: number; cwd: string } | null = null;
+
 export interface SkillDescriptor {
 	name: string;
 	description: string;
@@ -28,6 +31,7 @@ function frontmatterDescription(content: string): string | undefined {
 }
 
 export function discoverSkills(cwd: string): SkillDescriptor[] {
+	if (cache && cache.cwd === cwd && Date.now() - cache.cachedAt < CACHE_TTL_MS) return cache.skills;
 	const results: SkillDescriptor[] = [];
 	for (const dir of listSkillDirs(cwd)) {
 		if (!fs.existsSync(dir.root)) continue;
@@ -63,5 +67,6 @@ export function discoverSkills(cwd: string): SkillDescriptor[] {
 			logInternalError("discoverSkills.readdir", error, `root=${dir.root}`);
 		}
 	}
+	cache = { skills: results, cachedAt: Date.now(), cwd };
 	return results;
 }

package/src/state/active-run-registry.ts

@@ -10,6 +10,9 @@ import { sharedScanCache } from "../utils/scan-cache.ts";
 import { sleepSync } from "../utils/sleep.ts";
 import { logInternalError } from "../utils/internal-error.ts";
 
+/** Magic bytes prefix for binary registry to prevent deserialization of hostile files. */
+const BINARY_MAGIC = Buffer.from("PICREW2BIN", "utf-8");
+
 export interface ActiveRunRegistryEntry {
 	runId: string;
 	cwd: string;
@@ -111,7 +114,11 @@ export function readActiveRunRegistry(maxEntries = DEFAULT_CACHE.manifestMaxEntr
 	// corrupt; this lets a 2-release migration co-exist with old readers.
 	try {
 		const buf = fs.readFileSync(registryBinaryPath());
-		parsed = deserialize(buf);
+		// Security: verify magic bytes before deserializing to prevent RCE from hostile files
+		if (buf.length < BINARY_MAGIC.length || !buf.slice(0, BINARY_MAGIC.length).equals(BINARY_MAGIC)) {
+			throw new Error("Invalid binary registry: missing magic bytes");
+		}
+		parsed = deserialize(buf.slice(BINARY_MAGIC.length));
 	} catch {
 		try {
 			parsed = JSON.parse(fs.readFileSync(registryPath(), "utf-8"));
@@ -128,14 +135,23 @@ export function readActiveRunRegistry(maxEntries = DEFAULT_CACHE.manifestMaxEntr
 }
 
 function writeEntries(entries: ActiveRunRegistryEntry[]): void {
-	const trimmed = entries.slice(0, DEFAULT_CACHE.manifestMaxEntries);
+	const max = DEFAULT_CACHE.manifestMaxEntries;
+	// FIX: Emit warning when entries overflow the cap, instead of silent drop.
+	if (entries.length > max) {
+		logInternalError(
+			"active-run-registry.overflow",
+			new Error(`${entries.length - max} entries dropped (cap=${max})`),
+			JSON.stringify({ dropped: entries.length - max, total: entries.length, cap: max }),
+		);
+	}
+	const trimmed = entries.slice(0, max);
 	fs.mkdirSync(path.dirname(registryPath()), { recursive: true });
 	// 2.4 — dual-ship: write both formats. Readers prefer binary; legacy
 	// readers (other tools / older releases) keep using the JSON file.
 	atomicWriteJson(registryPath(), trimmed);
 	try {
 		const tempBin = `${registryBinaryPath()}.${process.pid}.${Date.now()}.tmp`;
-		fs.writeFileSync(tempBin, serialize(trimmed));
+		fs.writeFileSync(tempBin, Buffer.concat([BINARY_MAGIC, serialize(trimmed)]));
 		fs.renameSync(tempBin, registryBinaryPath());
 	} catch (error) {
 		logInternalError("active-run-registry.binary-write", error);

package/src/state/contracts.ts

@@ -67,6 +67,15 @@ export const TEAM_EVENT_TYPES = [
 	"task.resumed",
 	"task.retried",
 	"supervisor.contact",
+	// Budget tracking events
+	"budget.initialized",
+	"budget.warning",
+	"budget.exhausted",
+	// Phase tracking events
+	"phase.started",
+	"phase.completed",
+	"phase.skipped",
+	"phase.failed",
 ] as const;
 export type TeamEventType = typeof TEAM_EVENT_TYPES[number];
 

package/src/state/crew-init.ts

@@ -108,9 +108,9 @@ export async function ensureCrewDirectory(cwd: string): Promise<void> {
 	];
 
 	for (const dir of dirs) {
-		if (!fs.existsSync(dir)) {
-			fs.mkdirSync(dir, { recursive: true });
-		}
+		// Use mkdirSync directly with recursive:true to avoid TOCTOU race.
+		// This is atomic and doesn't require existsSync check.
+		fs.mkdirSync(dir, { recursive: true });
 	}
 
 	// 2. Create .gitkeep placeholders in directories that should be tracked

package/src/state/decision-ledger.ts

@@ -1,5 +1,6 @@
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
 import { dirname } from "path";
+import { atomicWriteFile } from "./atomic-write.ts";
 
 export interface CoherenceMark {
 	matchesPrior: boolean;
@@ -21,9 +22,12 @@ export interface RolloutEntry {
 
 /**
  * Get the ledger file path for a given run ID.
+ * SECURITY: Accept stateRoot param to use it for path computation
+ * instead of hardcoded path, ensuring stateRoot containment.
  */
-function getLedgerPath(runId: string): string {
-	return `.crew/state/runs/${runId}/decision-ledger.jsonl`;
+function getLedgerPath(runId: string, stateRoot?: string): string {
+	const base = stateRoot ?? `.crew/state/runs/${runId}`;
+	return `${base}/decision-ledger.jsonl`;
 }
 
 /**
@@ -44,19 +48,19 @@ function computeCoherence(entry: RolloutEntry, ledger: RolloutEntry[]): Coherenc
 		entry.decisionMark === previousEntry.decisionMark ||
 		Boolean(entry.priorWinner && entry.topCandidates.includes(entry.priorWinner));
 
-	// Check last 3 entries for recursive pattern
-	const recentEntries = ledger.slice(-3);
+	// Check last 10 entries for recursive pattern
+	const recentEntries = ledger.slice(-10);
 	const recentDecisions = recentEntries.map((e) => e.decisionMark);
 	const currentDecision = entry.decisionMark;
 
 	const recursiveMatches = recentDecisions.filter((d) => d === currentDecision).length;
-	const matchesRecursive = recursiveMatches >= 2;
+	const matchesRecursive = recursiveMatches >= Math.ceil(recentDecisions.length / 2); // At least half match
 
 	const promotionAllowed = matchesPrior || matchesRecursive;
 
 	let reason: string;
 	if (matchesPrior && matchesRecursive) {
-		reason = `Matches prior winner and recursive pattern (${recursiveMatches}/3 recent decisions)`;
+		reason = `Matches prior winner and recursive pattern (${recursiveMatches}/${recentDecisions.length} recent decisions)`;
 	} else if (matchesPrior) {
 		reason = `Matches prior winner decision`;
 	} else if (matchesRecursive) {
@@ -94,17 +98,17 @@ export function initLedger(runId: string): void {
 /**
  * Append a new entry to the decision ledger.
  * Automatically computes and adds coherence marks.
+ * FIX: Uses atomic write to prevent partial writes on crash.
  */
 export function appendEntry(runId: string, entry: RolloutEntry): RolloutEntry {
-	const ledgerPath = getLedgerPath(runId);
-
 	// Ensure directory exists
+	const ledgerPath = getLedgerPath(runId);
 	const dir = dirname(ledgerPath);
 	if (!existsSync(dir)) {
 		mkdirSync(dir, { recursive: true });
 	}
 
-	// Get existing entries to compute coherence
+	// Get existing entries to compute coherence (and use same result for write)
 	const ledger = getLedger(runId);
 
 	// Compute coherence
@@ -114,9 +118,11 @@ export function appendEntry(runId: string, entry: RolloutEntry): RolloutEntry {
 		coherenceMark,
 	};
 
-	// Append to JSONL file
+	// Append to JSONL file using atomic write to prevent corruption
+	// Use the already-loaded ledger content (no double-read)
 	const line = JSON.stringify(entryWithCoherence) + "\n";
-	writeFileSync(ledgerPath, line, { flag: "a", encoding: "utf-8" });
+	const existingContent = ledger.length > 0 ? ledger.map((e) => JSON.stringify(e)).join("\n") + "\n" : "";
+	atomicWriteFile(ledgerPath, existingContent + line);
 	return entryWithCoherence;
 }
 
@@ -233,7 +239,7 @@ function overrideLastEntry(runId: string, coherenceMark: import("./types.js").Co
 	ledger[lastIndex] = { ...ledger[lastIndex], coherenceMark };
 	// Rewrite entire ledger to preserve all entries
 	const ledgerPath = getLedgerPath(runId);
-	writeFileSync(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n", "utf-8");
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
 	return ledger[lastIndex];
 }
 
@@ -270,28 +276,22 @@ export function promoteCandidate(runId: string, candidate: string): RolloutEntry
 		coherenceMark,
 	};
 
-	// Update last entry in memory if there are existing entries
-	if (ledger.length > 0) {
-		const lastIndex = ledger.length - 1;
-		ledger[lastIndex] = entry;
-	} else {
-		// No existing entries - just write this one
-		ledger.push(entry);
-	}
+	// Always push new entry (append-only pattern)
+	ledger.push(entry);
 
-	// Rewrite entire ledger to preserve all entries
+	// Rewrite entire ledger atomically to preserve all entries
 	const ledgerPath = getLedgerPath(runId);
 	const dir = dirname(ledgerPath);
 	if (!existsSync(dir)) {
 		mkdirSync(dir, { recursive: true });
 	}
-	writeFileSync(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n", "utf-8");
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
 
 	return entry;
 }
 
 /**
- * Decay a candidate by marking it as decayed with proper coherence.
+ * Decay a candidate by marking it as accepted with proper coherence.
  */
 export function decayCandidate(runId: string, candidate: string): RolloutEntry {
 	const latestDecision = getLatestDecision(runId);
@@ -323,14 +323,8 @@ export function decayCandidate(runId: string, candidate: string): RolloutEntry {
 		coherenceMark,
 	};
 
-	// Update last entry in memory if there are existing entries
-	if (ledger.length > 0) {
-		const lastIndex = ledger.length - 1;
-		ledger[lastIndex] = entry;
-	} else {
-		// No existing entries - just write this one
-		ledger.push(entry);
-	}
+	// Always push new entry (append-only pattern)
+	ledger.push(entry);
 
 	// Rewrite entire ledger to preserve all entries
 	const ledgerPath = getLedgerPath(runId);
@@ -338,7 +332,7 @@ export function decayCandidate(runId: string, candidate: string): RolloutEntry {
 	if (!existsSync(dir)) {
 		mkdirSync(dir, { recursive: true });
 	}
-	writeFileSync(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n", "utf-8");
+	atomicWriteFile(ledgerPath, ledger.map((e) => JSON.stringify(e)).join("\n") + "\n");
 
 	return entry;
 }

package/src/state/event-log-rotation.ts

@@ -209,9 +209,9 @@ export function getEventLogStats(eventsPath: string): EventLogStats | undefined
 						if (newlineCount === 0) firstLineBytes = offset + i + 1;
 						newlineCount++;
 					}
-					}
-					offset += bytesRead;
 				}
+				offset += bytesRead;
+			}
 			} finally {
 				fs.closeSync(scanFd);
 			}

package/src/state/event-log.ts

@@ -167,11 +167,16 @@ function nextSequence(eventsPath: string): number {
 	if (cached && cached.size === stat.size && cached.mtimeMs === stat.mtimeMs) {
 		return cached.seq + 1;
 	}
-	let current = readStoredSequence(eventsPath);
-	if (current === undefined || (cached && stat.size < cached.size)) {
-		current = scanSequence(eventsPath);
+	// FIX: Trust the sidecar seq file if it exists and the file is non-empty.
+	// Only fall back to O(n) scan if sidecar is missing or file shrunk unexpectedly.
+	const stored = readStoredSequence(eventsPath);
+	if (stored !== undefined && (!cached || stat.size >= cached.size)) {
+		sequenceCache.set(eventsPath, { size: stat.size, mtimeMs: stat.mtimeMs, seq: stored });
+		return stored + 1;
 	}
+	const current = scanSequence(eventsPath);
 	sequenceCache.set(eventsPath, { size: stat.size, mtimeMs: stat.mtimeMs, seq: current });
+	persistSequence(eventsPath, current);
 	return current + 1;
 }
 
@@ -293,7 +298,7 @@ export async function appendEventAsync(eventsPath: string, event: AppendTeamEven
 		}
 		return fullEvent;
 	});
-	asyncQueues.set(queueKey, next.catch(() => {}));
+	asyncQueues.set(queueKey, next.catch((error) => { logInternalError("event-log.async-queue", error, eventsPath); asyncQueues.delete(queueKey); }));
 	return next;
 }
 
@@ -425,8 +430,16 @@ function flushOneEventLogBuffer(eventsPath: string): void {
 	bufferedQueues.delete(eventsPath);
 	const timer = bufferedTimers.get(eventsPath);
 	if (timer) clearTimeout(timer);
+	// MEDIUM-13: Delete timer entry only after successful flush (in finally block)
 	bufferedTimers.delete(eventsPath);
 	if (!queue || queue.length === 0) return;
+	
+	// HIGH-10: Clean up queue if it exceeds limit to prevent unbounded growth
+	if (queue.length > 1000) {
+		// Keep only the last 500 entries
+		queue.splice(0, queue.length - 500);
+	}
+	
 	try {
 		withEventLogLockSync(eventsPath, () => {
 			for (const item of queue) {

package/src/state/mailbox.ts

@@ -6,6 +6,7 @@ import { redactSecrets } from "../utils/redaction.ts";
 import { logInternalError } from "../utils/internal-error.ts";
 import { atomicWriteFile } from "./atomic-write.ts";
 import { withEventLogLockSync } from "./event-log.ts";
+import { DEFAULT_MAILBOX } from "../config/defaults.ts";
 
 export type MailboxDirection = "inbox" | "outbox";
 export type MailboxMessageStatus = "queued" | "delivered" | "acknowledged";
@@ -228,7 +229,7 @@ function safeReadMailboxFile(filePath: string, direction: MailboxDirection): Mai
  * primary file. Readers continue to see all messages because
  * `safeReadMailboxFile` walks both the primary file and any archives.
  */
-const MAILBOX_ARCHIVE_THRESHOLD_BYTES = 10 * 1024 * 1024;
+const MAILBOX_ARCHIVE_THRESHOLD_BYTES = DEFAULT_MAILBOX.perFileThresholdBytes;
 function rotateMailboxFileIfNeeded(filePath: string, thresholdBytes = MAILBOX_ARCHIVE_THRESHOLD_BYTES): boolean {
 	try {
 		if (!fs.existsSync(filePath)) return false;
@@ -238,6 +239,8 @@ function rotateMailboxFileIfNeeded(filePath: string, thresholdBytes = MAILBOX_AR
 		const archivePath = `${filePath}.${ts}.archive.jsonl`;
 		fs.renameSync(filePath, archivePath);
 		fs.writeFileSync(filePath, "", "utf-8");
+		// FIX: Prune old archives so total per-direction count stays bounded.
+		pruneOldMailboxArchives(filePath);
 		return true;
 	} catch (error) {
 		logInternalError("mailbox.rotate", error, filePath);
@@ -245,6 +248,27 @@ function rotateMailboxFileIfNeeded(filePath: string, thresholdBytes = MAILBOX_AR
 	}
 }
 
+/**
+ * Keep at most `DEFAULT_MAILBOX.maxArchivesPerDirection` archive files per
+ * mailbox. Older archives are deleted. Prevents unbounded growth on long runs.
+ */
+function pruneOldMailboxArchives(mailboxFilePath: string): void {
+	try {
+		const dir = path.dirname(mailboxFilePath);
+		const base = path.basename(mailboxFilePath);
+		const archives = fs
+			.readdirSync(dir)
+			.filter((f) => f.startsWith(base) && f.includes(".archive.jsonl"))
+			.sort(); // Chronological (ISO timestamp in filename)
+		const excess = archives.length - DEFAULT_MAILBOX.maxArchivesPerDirection;
+		for (let i = 0; i < excess; i += 1) {
+			fs.rmSync(path.join(dir, archives[i]), { force: true });
+		}
+	} catch (error) {
+		logInternalError("mailbox.prune", error, mailboxFilePath);
+	}
+}
+
 export function readMailbox(manifest: TeamRunManifest, direction?: MailboxDirection, taskId?: string, kind?: MailboxMessageKind): MailboxMessage[] {
 	const directions = direction ? [direction] : ["inbox", "outbox"] as const;
 	return directions.flatMap((item) => safeReadMailboxFile(mailboxFile(manifest, item, taskId), item)).filter((msg) => !kind || msg.kind === kind).sort((a, b) => a.createdAt.localeCompare(b.createdAt));
@@ -289,6 +313,16 @@ export function readDeliveryState(manifest: TeamRunManifest): MailboxDeliverySta
 
 function writeDeliveryState(manifest: TeamRunManifest, state: MailboxDeliveryState): void {
 	ensureRunMailbox(manifest);
+	// Prune oldest entries if capped
+	const MAX_DELIVERY_MESSAGES = 10000;
+	if (Object.keys(state.messages).length > MAX_DELIVERY_MESSAGES) {
+		const sorted = Object.entries(state.messages).sort(([, a], [, b]) => {
+			const order = { queued: 0, delivered: 1, acknowledged: 2 };
+			return (order[a] ?? 3) - (order[b] ?? 3);
+		});
+		const trimmed = sorted.slice(0, MAX_DELIVERY_MESSAGES);
+		state.messages = Object.fromEntries(trimmed);
+	}
 	atomicWriteFile(deliveryFile(manifest, true), `${JSON.stringify(redactSecrets(state), null, 2)}\n`);
 }
 

package/src/state/run-cache.ts

@@ -3,6 +3,8 @@ import * as path from "node:path";
 import * as crypto from "node:crypto";
 import { projectCrewRoot } from "../utils/paths.ts";
 import type { TeamTaskState } from "./types.ts";
+import { atomicWriteFile } from "./atomic-write.ts";
+import { withFileLockSync } from "./locks.ts";
 
 const DEFAULT_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour
 
@@ -31,6 +33,7 @@ export function computeRunCacheKey(goal: string, team: string, workflow: string,
     .update(normalized)
     .update(team)
     .update(workflow)
+    .update(_cwd)
     .digest("hex")
     .slice(0, 16);
 }
@@ -61,12 +64,15 @@ export function getCachedRun(cwd: string, cacheKey: string): CacheEntry | null {
     const entry = JSON.parse(fs.readFileSync(entryPath, "utf-8")) as CacheEntry;
 
     if (Date.now() > entry.expiresAt) {
-      // Remove expired entry
-      try {
-        fs.unlinkSync(entryPath);
-      } catch { /* ignore */ }
-      delete index[cacheKey];
-      fs.writeFileSync(indexPath, JSON.stringify(index), "utf-8");
+      // Remove expired entry — use lock + atomic write to prevent index corruption
+      withFileLockSync(indexPath, () => {
+        try {
+          fs.unlinkSync(entryPath);
+        } catch { /* ignore */ }
+        const updatedIndex = JSON.parse(fs.readFileSync(indexPath, "utf-8")) as CacheIndex;
+        delete updatedIndex[cacheKey];
+        atomicWriteFile(indexPath, JSON.stringify(updatedIndex));
+      });
       return null;
     }
 
@@ -109,14 +115,18 @@ export function saveRunToCache(
   const entryPath = path.join(dir, `${cacheKey}.json`);
   fs.writeFileSync(entryPath, JSON.stringify(entry), "utf-8");
 
-  // Update index
+  // Update index with atomic write: write to temp file then rename
   const indexPath = path.join(dir, "index.json");
   const index: CacheIndex = fs.existsSync(indexPath)
     ? JSON.parse(fs.readFileSync(indexPath, "utf-8"))
     : {};
 
   index[cacheKey] = entryPath;
-  fs.writeFileSync(indexPath, JSON.stringify(index), "utf-8");
+  
+  // Atomic write: write to temp file first, then rename
+  const tempPath = path.join(dir, "index.json.tmp");
+  fs.writeFileSync(tempPath, JSON.stringify(index), "utf-8");
+  fs.renameSync(tempPath, indexPath);
 }
 
 /**

package/src/tools/safe-bash-extension.ts

@@ -68,6 +68,7 @@ export default function safeBashExtension(pi: ExtensionAPI): void {
 			"Execute a bash command safely. Blocks dangerous commands like `rm -rf /`, `sudo`, `curl | sh`, etc.",
 		parameters: Type.Object({
 			command: Type.String({ description: "Bash command to execute" }),
+			/** Timeout in seconds (optional). Default: no timeout. If exceeded, the command is killed. */
 			timeout: Type.Optional(
 				Type.Number({ description: "Timeout in seconds (optional)" }),
 			),