shipwright-cli 3.1.0 → 3.3.0

package/scripts/sw-code-review.sh

@@ -6,7 +6,8 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="3.1.0"
+# shellcheck disable=SC2034
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -72,7 +73,8 @@ detect_code_smells() {
 
     # Check 1: Long functions (>60 lines in bash)
     local func_count
-    func_count=$(grep -c "^[a-zA-Z_][a-zA-Z0-9_]*().*{" "$target_file" 2>/dev/null || echo "0")
+    func_count=$(grep -c "^[a-zA-Z_][a-zA-Z0-9_]*().*{" "$target_file" 2>/dev/null || true)
+    func_count="${func_count:-0}"
     if [[ "$func_count" -gt 0 ]]; then
         while IFS= read -r line; do
             if [[ "$line" =~ ^[a-zA-Z_][a-zA-Z0-9_]*\(\).*\{ ]]; then
@@ -106,7 +108,8 @@ detect_code_smells() {
 
     # Check 3: Duplicate code patterns (repeated >3 times)
     local dup_count=0
-    dup_count=$(grep -c '^\s*\(cd\|cd\|mkdir\|rm\|echo\)' "$target_file" 2>/dev/null || echo "0")
+    dup_count=$(grep -c '^\s*\(cd\|cd\|mkdir\|rm\|echo\)' "$target_file" 2>/dev/null || true)
+    dup_count="${dup_count:-0}"
     if [[ $dup_count -gt 3 ]]; then
         issues+=("REPEATED_PATTERNS: Common operations appear $dup_count times (consider helper functions)")
     fi
@@ -139,7 +142,8 @@ check_solid_principles() {
 
     # Single Responsibility: Check if scripts do multiple unrelated things
     local sourced_count
-    sourced_count=$(grep -c '^\s*source\|^\s*\.\s' "$target_file" 2>/dev/null || echo "0")
+    sourced_count=$(grep -c '^\s*source\|^\s*\.\s' "$target_file" 2>/dev/null || true)
+    sourced_count="${sourced_count:-0}"
     if [[ $sourced_count -gt 3 ]]; then
         violations+=("SRP_VIOLATION: Script sources $sourced_count modules (too many responsibilities)")
     fi
@@ -159,7 +163,8 @@ check_solid_principles() {
         if [[ "$line" =~ ^[a-zA-Z_][a-zA-Z0-9_]*\(\) ]]; then
             local func_name="${line%%(*}"
             local body
-            body=$(awk "/^${func_name}\\(\\)/,/^}/" "$target_file" | grep -c '\$[0-9]' || echo "0")
+            body=$(awk "/^${func_name}\\(\\)/,/^}/" "$target_file" | grep -c '\$[0-9]' || true)
+            body="${body:-0}"
             if [[ $body -gt 5 ]]; then
                 violations+=("ISP_VIOLATION: Function $func_name uses >5 parameters")
             fi
@@ -227,7 +232,9 @@ analyze_complexity() {
 
             # Cyclomatic complexity: count decision points (if, elif, case, &&, ||)
             local cc=1
-            cc=$((cc + $(sed -n "${start_line},${end_line}p" "$target_file" | grep -cE '\s(if|elif|case|&&|\|\|)' || echo 0)))
+            local _cc_count
+            _cc_count=$(sed -n "${start_line},${end_line}p" "$target_file" | grep -cE '\s(if|elif|case|&&|\|\|)' || true)
+            cc=$((cc + ${_cc_count:-0}))
 
             # Lines of code
             local loc=$((end_line - start_line))
@@ -266,8 +273,12 @@ check_style_consistency() {
     local has_trap=false
     local has_set_e=false
 
-    [[ $(grep -c 'trap.*ERR' "$target_file" 2>/dev/null || echo 0) -gt 0 ]] && has_trap=true
-    [[ $(grep -c 'set -e' "$target_file" 2>/dev/null || echo 0) -gt 0 ]] && has_set_e=true
+    local _trap_count
+    _trap_count=$(grep -c 'trap.*ERR' "$target_file" 2>/dev/null || true)
+    [[ "${_trap_count:-0}" -gt 0 ]] && has_trap=true
+    local _set_e_count
+    _set_e_count=$(grep -c 'set -e' "$target_file" 2>/dev/null || true)
+    [[ "${_set_e_count:-0}" -gt 0 ]] && has_set_e=true
 
     if [[ "$has_set_e" == "true" ]] && [[ "$has_trap" == "false" ]]; then
         issues+=("STYLE: Missing ERR trap despite 'set -e' (inconsistent error handling)")
@@ -276,8 +287,10 @@ check_style_consistency() {
     # Check for inconsistent quote usage
     local single_quotes
     local double_quotes
-    single_quotes=$(grep -o "'" "$target_file" 2>/dev/null | wc -l || echo 0)
-    double_quotes=$(grep -o '"' "$target_file" 2>/dev/null | wc -l || echo 0)
+    single_quotes=$(grep -o "'" "$target_file" 2>/dev/null | wc -l || true)
+    single_quotes="${single_quotes:-0}"
+    double_quotes=$(grep -o '"' "$target_file" 2>/dev/null | wc -l || true)
+    double_quotes="${double_quotes:-0}"
     if [[ $single_quotes -gt $((double_quotes * 3)) ]] || [[ $double_quotes -gt $((single_quotes * 3)) ]]; then
         issues+=("STYLE: Inconsistent quote style (mix of single and double quotes)")
     fi
@@ -285,8 +298,10 @@ check_style_consistency() {
     # Check for inconsistent spacing/indentation
     local tab_count
     local space_count
-    tab_count=$(grep -c $'^\t' "$target_file" 2>/dev/null || echo 0)
-    space_count=$(grep -c '^  ' "$target_file" 2>/dev/null || echo 0)
+    tab_count=$(grep -c $'^\t' "$target_file" 2>/dev/null || true)
+    tab_count="${tab_count:-0}"
+    space_count=$(grep -c '^  ' "$target_file" 2>/dev/null || true)
+    space_count="${space_count:-0}"
     if [[ $tab_count -gt 0 ]] && [[ $space_count -gt 0 ]]; then
         issues+=("STYLE: Mixed tabs and spaces")
     fi
@@ -333,7 +348,8 @@ auto_fix() {
 
     # Fix 2: Trailing whitespace
     local trailing_ws
-    trailing_ws=$(grep -c '[[:space:]]$' "$target_file" 2>/dev/null || echo "0")
+    trailing_ws=$(grep -c '[[:space:]]$' "$target_file" 2>/dev/null || true)
+    trailing_ws="${trailing_ws:-0}"
     if [[ $trailing_ws -gt 0 ]]; then
         sed -i '' 's/[[:space:]]*$//' "$target_file"
         info "Removed $trailing_ws lines of trailing whitespace"
@@ -349,7 +365,8 @@ auto_fix() {
 
     # Fix 4: Consistent spacing around operators (simple cases)
     local spacing_fixes=0
-    spacing_fixes=$(grep -c '==' "$target_file" 2>/dev/null || echo "0")
+    spacing_fixes=$(grep -c '==' "$target_file" 2>/dev/null || true)
+    spacing_fixes="${spacing_fixes:-0}"
     if [[ $spacing_fixes -gt 0 ]]; then
         info "Flagged $spacing_fixes operator spacing cases (manual review recommended)"
     fi
@@ -415,7 +432,8 @@ review_changes() {
 
     mkdir -p "${REPO_DIR}/.claude/pipeline-artifacts"
 
-    local review_output="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"scope\":\"$review_scope\",\"findings\":{}}"
+    local review_output
+    review_output="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"scope\":\"$review_scope\",\"findings\":{}}"
     local total_issues=0
 
     # Get changed files (Bash 3.2 compatible — no mapfile)
@@ -498,18 +516,24 @@ review_changes() {
 scan_codebase() {
     info "Running full codebase quality scan..."
 
-    local scan_output="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"files\":[]}"
+    local scan_output
+    # shellcheck disable=SC2034
+    scan_output="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"files\":[]}"
     local total_issues=0
 
+    # shellcheck disable=SC2178,SC2128
     find "$REPO_DIR/scripts" -name "*.sh" -type f 2>/dev/null | while read -r file; do
         local file_rel="${file#$REPO_DIR/}"
         local smells=0
         local solids=0
         local arch_issues=0
 
-        smells=$(detect_code_smells "$file" 2>/dev/null | wc -l || echo 0)
-        solids=$(check_solid_principles "$file" 2>/dev/null | wc -l || echo 0)
-        arch_issues=$(check_architecture_boundaries "$file" 2>/dev/null | wc -l || echo 0)
+        smells=$(detect_code_smells "$file" 2>/dev/null | wc -l || true)
+        smells="${smells:-0}"
+        solids=$(check_solid_principles "$file" 2>/dev/null | wc -l || true)
+        solids="${solids:-0}"
+        arch_issues=$(check_architecture_boundaries "$file" 2>/dev/null | wc -l || true)
+        arch_issues="${arch_issues:-0}"
 
         local file_issues=$((smells + solids + arch_issues))
         total_issues=$((total_issues + file_issues))
@@ -528,7 +552,8 @@ scan_codebase() {
 complexity_report() {
     info "Analyzing code complexity metrics..."
 
-    local complexity_data="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"files\":[]}"
+    local complexity_data
+    complexity_data="{\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"files\":[]}"
 
     find "$REPO_DIR/scripts" -name "*.sh" -type f 2>/dev/null | while read -r file; do
         local file_metrics

package/scripts/sw-connect.sh

@@ -8,7 +8,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="3.1.0"
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # ─── Cross-platform compatibility ──────────────────────────────────────────
@@ -33,6 +33,7 @@ fi
 if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
   emit_event() {
     local event_type="$1"; shift; mkdir -p "${HOME}/.shipwright"
+    # shellcheck disable=SC2155
     local payload="{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"type\":\"$event_type\""
     while [[ $# -gt 0 ]]; do local key="${1%%=*}" val="${1#*=}"; payload="${payload},\"${key}\":\"${val}\""; shift; done
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"

package/scripts/sw-context.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="3.1.0"
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="${SHIPWRIGHT_REPO_DIR:-$(cd "$SCRIPT_DIR/.." && pwd)}"
 
@@ -387,6 +387,7 @@ gather_context() {
 
     local tmp_file
     tmp_file=$(mktemp "${TMPDIR:-/tmp}/sw-context-bundle.XXXXXX")
+    # shellcheck disable=SC2064
     trap "rm -f '$tmp_file'" RETURN
 
     # Write bundle header

package/scripts/sw-cost.sh

@@ -6,8 +6,9 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="3.1.0"
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# shellcheck disable=SC2034
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
 # ─── Cross-platform compatibility ──────────────────────────────────────────
@@ -29,6 +30,7 @@ fi
 if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
   emit_event() {
     local event_type="$1"; shift; mkdir -p "${HOME}/.shipwright"
+    # shellcheck disable=SC2155
     local payload="{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"type\":\"$event_type\""
     while [[ $# -gt 0 ]]; do local key="${1%%=*}" val="${1#*=}"; payload="${payload},\"${key}\":\"${val}\""; shift; done
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
@@ -150,11 +152,11 @@ cost_record() {
     # Always write to JSON (dual-write period)
     (
         if command -v flock >/dev/null 2>&1; then
-            flock -w 10 200 2>/dev/null || { warn "Cost lock timeout"; }
+            flock -w 10 200 2>/dev/null || { warn "Cost lock timeout — proceeding without lock"; }
         fi
         local tmp_file
-        tmp_file=$(mktemp "${COST_FILE}.tmp.XXXXXX")
-        jq --argjson input "$input_tokens" \
+        tmp_file=$(mktemp "${COST_FILE}.tmp.XXXXXX") || { error "mktemp failed for cost record"; exit 1; }
+        if ! jq --argjson input "$input_tokens" \
            --argjson output "$output_tokens" \
            --arg model "$model" \
            --arg stage "$stage" \
@@ -172,7 +174,16 @@ cost_record() {
                ts: $ts,
                ts_epoch: $epoch
            }] | .entries = (.entries | .[-1000:])' \
-           "$COST_FILE" > "$tmp_file" && mv "$tmp_file" "$COST_FILE" || rm -f "$tmp_file"
+           "$COST_FILE" > "$tmp_file" 2>/dev/null; then
+            error "Cost jq transformation failed — entry may be lost"
+            rm -f "$tmp_file"
+            # Continue without updating cost file
+        else
+            mv "$tmp_file" "$COST_FILE" || {
+                error "Failed to update cost file"
+                rm -f "$tmp_file"
+            }
+        fi
     ) 200>"${COST_FILE}.lock"
 
     emit_event "cost.record" \
@@ -602,6 +613,49 @@ cost_dashboard() {
 
     if [[ "$entry_count" -eq 0 ]]; then
         warn "No cost entries in the last ${period_days} day(s)."
+        # Still show context efficiency data if available
+        local events_file="${HOME}/.shipwright/events.jsonl"
+        if [[ -f "$events_file" ]]; then
+            local ctx_events
+            ctx_events=$(grep '"type":"loop.context_efficiency"' "$events_file" 2>/dev/null | tail -200 || true)
+            local ctx_count
+            ctx_count=$(echo "$ctx_events" | grep -c '"loop.context_efficiency"' 2>/dev/null || echo "0")
+            ctx_count="${ctx_count:-0}"
+            if [[ "$ctx_count" -gt 0 ]]; then
+                local avg_utilization avg_trim_ratio total_raw total_trimmed trim_count
+                eval "$(echo "$ctx_events" | awk -F'"' '
+                    /"loop.context_efficiency"/ {
+                        for (i=1; i<=NF; i++) {
+                            if ($i == "budget_utilization") util = $(i+2)
+                            if ($i == "trim_ratio") ratio = $(i+2)
+                            if ($i == "raw_prompt_chars") raw = $(i+2)
+                            if ($i == "trimmed_prompt_chars") trimmed = $(i+2)
+                        }
+                        total_util += util; total_ratio += ratio
+                        total_raw += raw; total_trimmed += trimmed
+                        if (ratio + 0 > 0) trim_events++
+                        n++
+                    }
+                    END {
+                        if (n > 0) {
+                            printf "avg_utilization=%.1f\n", total_util / n
+                            printf "avg_trim_ratio=%.1f\n", total_ratio / n
+                        } else {
+                            printf "avg_utilization=0\navg_trim_ratio=0\n"
+                        }
+                        printf "total_raw=%d\ntotal_trimmed=%d\ntrim_count=%d\n", total_raw, total_trimmed, (trim_events+0)
+                    }
+                ')"
+                local total_discarded=$(( total_raw - total_trimmed ))
+                echo -e "${BOLD}  CONTEXT EFFICIENCY${RESET}"
+                echo -e "    Avg budget used     ${avg_utilization}%"
+                echo -e "    Avg trim ratio      ${avg_trim_ratio}%"
+                echo -e "    Chars generated     $(printf "%'d" "$total_raw")"
+                echo -e "    Chars discarded     $(printf "%'d" "$total_discarded")"
+                echo -e "    Trim events         ${trim_count} / ${ctx_count} iterations"
+                echo ""
+            fi
+        fi
         return 0
     fi
 
@@ -790,6 +844,54 @@ cost_dashboard() {
         fi
     fi
 
+    # Context efficiency (from loop.context_efficiency events)
+    local events_file="${HOME}/.shipwright/events.jsonl"
+    if [[ -f "$events_file" ]]; then
+        local ctx_events
+        ctx_events=$(grep '"type":"loop.context_efficiency"' "$events_file" 2>/dev/null | tail -200 || true)
+        local ctx_count
+        ctx_count=$(echo "$ctx_events" | grep -c '"loop.context_efficiency"' 2>/dev/null || echo "0")
+        ctx_count="${ctx_count:-0}"
+
+        if [[ "$ctx_count" -gt 0 ]]; then
+            # Parse metrics using awk (Bash 3.2 safe — no arrays needed)
+            local avg_utilization avg_trim_ratio total_raw total_trimmed trim_count
+            eval "$(echo "$ctx_events" | awk -F'"' '
+                /"loop.context_efficiency"/ {
+                    for (i=1; i<=NF; i++) {
+                        if ($i == "budget_utilization") util = $(i+2)
+                        if ($i == "trim_ratio") ratio = $(i+2)
+                        if ($i == "raw_prompt_chars") raw = $(i+2)
+                        if ($i == "trimmed_prompt_chars") trimmed = $(i+2)
+                    }
+                    total_util += util; total_ratio += ratio
+                    total_raw += raw; total_trimmed += trimmed
+                    if (ratio + 0 > 0) trim_events++
+                    n++
+                }
+                END {
+                    if (n > 0) {
+                        printf "avg_utilization=%.1f\n", total_util / n
+                        printf "avg_trim_ratio=%.1f\n", total_ratio / n
+                    } else {
+                        printf "avg_utilization=0\navg_trim_ratio=0\n"
+                    }
+                    printf "total_raw=%d\ntotal_trimmed=%d\ntrim_count=%d\n", total_raw, total_trimmed, (trim_events+0)
+                }
+            ')"
+
+            local total_discarded=$(( total_raw - total_trimmed ))
+
+            echo -e "${BOLD}  CONTEXT EFFICIENCY${RESET}"
+            echo -e "    Avg budget used     ${avg_utilization}%"
+            echo -e "    Avg trim ratio      ${avg_trim_ratio}%"
+            echo -e "    Chars generated     $(printf "%'d" "$total_raw")"
+            echo -e "    Chars discarded     $(printf "%'d" "$total_discarded")"
+            echo -e "    Trim events         ${trim_count} / ${ctx_count} iterations"
+            echo ""
+        fi
+    fi
+
     echo -e "${PURPLE}${BOLD}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${RESET}"
     echo ""
 }

package/scripts/sw-daemon.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+# shellcheck disable=SC2034  # config vars used by sourced scripts and subshells
 # ╔═══════════════════════════════════════════════════════════════════════════╗
 # ║  shipwright daemon — Autonomous GitHub Issue Watcher                          ║
 # ║  Polls for labeled issues · Spawns pipelines · Manages worktrees      ║
@@ -8,8 +9,11 @@ trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
 # Allow spawning Claude CLI from within a Claude Code session (daemon, fleet, etc.)
 unset CLAUDECODE 2>/dev/null || true
+# Ignore SIGHUP so daemon survives tmux attach/detach
+trap '' HUP
+trap '' SIGPIPE
 
-VERSION="3.1.0"
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -199,6 +203,8 @@ ISSUE_LIMIT=$(_config_get_int "daemon.issue_limit" 100 2>/dev/null || echo 100)
 PIPELINE_TEMPLATE="autonomous"
 SKIP_GATES=true
 MODEL="opus"
+EFFORT_LEVEL=""
+FALLBACK_MODEL="sonnet"
 BASE_BRANCH="main"
 ON_SUCCESS_REMOVE_LABEL="shipwright"
 ON_SUCCESS_ADD_LABEL="pipeline/complete"
@@ -381,6 +387,8 @@ load_config() {
     PIPELINE_TEMPLATE=$(jq -r '.pipeline_template // "autonomous"' "$config_file")
     SKIP_GATES=$(jq -r '.skip_gates // true' "$config_file")
     MODEL=$(jq -r '.model // "opus"' "$config_file")
+    EFFORT_LEVEL=$(jq -r '.effort_level // ""' "$config_file")
+    FALLBACK_MODEL=$(jq -r '.fallback_model // "sonnet"' "$config_file")
     BASE_BRANCH=$(jq -r '.base_branch // "main"' "$config_file")
 
     # on_success settings
@@ -441,6 +449,7 @@ load_config() {
     # intelligence engine settings (default "auto" = enable when Claude CLI available)
     INTELLIGENCE_ENABLED=$(jq -r '.intelligence.enabled // "auto"' "$config_file")
     INTELLIGENCE_CACHE_TTL=$(jq -r '.intelligence.cache_ttl_seconds // 3600' "$config_file")
+    INTELLIGENCE_MODEL=$(jq -r '.intelligence.model // "haiku"' "$config_file")
     COMPOSER_ENABLED=$(jq -r '.intelligence.composer_enabled // "auto"' "$config_file")
 
     # Auto-enable intelligence when Claude is available (unless explicitly disabled)
@@ -471,14 +480,27 @@ load_config() {
             COMPOSER_ENABLED=false
         fi
     fi
-    OPTIMIZATION_ENABLED=$(jq -r '.intelligence.optimization_enabled // false' "$config_file")
-    PREDICTION_ENABLED=$(jq -r '.intelligence.prediction_enabled // false' "$config_file")
+    OPTIMIZATION_ENABLED=$(jq -r '.intelligence.optimization_enabled // "auto"' "$config_file")
+    PREDICTION_ENABLED=$(jq -r '.intelligence.prediction_enabled // "auto"' "$config_file")
     ANOMALY_THRESHOLD=$(jq -r '.intelligence.anomaly_threshold // 3.0' "$config_file")
 
     # adaptive thresholds (intelligence-driven operational tuning)
-    ADAPTIVE_THRESHOLDS_ENABLED=$(jq -r '.intelligence.adaptive_enabled // false' "$config_file")
+    ADAPTIVE_THRESHOLDS_ENABLED=$(jq -r '.intelligence.adaptive_enabled // "auto"' "$config_file")
     PRIORITY_STRATEGY=$(jq -r '.intelligence.priority_strategy // "quick-wins-first"' "$config_file")
 
+    # Auto-resolve "auto" for prediction, optimization, adaptive (same pattern as intelligence/composer)
+    local _flag_val=""
+    for _flag_var in OPTIMIZATION_ENABLED PREDICTION_ENABLED ADAPTIVE_THRESHOLDS_ENABLED; do
+        eval "_flag_val=\"\${${_flag_var}}\""
+        if [[ "$_flag_val" == "auto" ]]; then
+            if command -v claude &>/dev/null; then
+                eval "${_flag_var}=true"
+            else
+                eval "${_flag_var}=false"
+            fi
+        fi
+    done
+
     # gh_retry: enable retry wrapper on critical GitHub API calls
     GH_RETRY_ENABLED=$(jq -r '.gh_retry // true' "$config_file")
 
@@ -544,19 +566,45 @@ setup_dirs() {
     STATE_FILE="$DAEMON_DIR/daemon-state.json"
     LOG_FILE="$DAEMON_DIR/daemon.log"
     LOG_DIR="$DAEMON_DIR/logs"
-    WORKTREE_DIR=".worktrees"
+
+    # ── Worktree Directory (must be absolute for security) ──
+    # Always use repo-level .claude/worktrees (self-healing: create .claude if missing)
+    local _abs_cwd
+    _abs_cwd="$(cd "$(pwd)" && pwd)"
+    WORKTREE_DIR="${_abs_cwd}/.claude/worktrees"
+
     PAUSE_FLAG="${HOME}/.shipwright/daemon-pause.flag"
 
     mkdir -p "$LOG_DIR"
     mkdir -p "$HOME/.shipwright/progress"
+    mkdir -p "$WORKTREE_DIR"
+
+    # Ensure worktrees are gitignored
+    local _gitignore="${_abs_cwd}/.gitignore"
+    if [[ -f "$_gitignore" ]] && ! grep -q '\.claude/worktrees' "$_gitignore" 2>/dev/null; then
+        echo ".claude/worktrees/" >> "$_gitignore"
+    fi
 }
 
 # ─── Adaptive Threshold Helpers ──────────────────────────────────────────────
 # When intelligence.adaptive_enabled=true, operational thresholds are learned
 # from historical data instead of using fixed defaults.
-# Every function falls back to the current hardcoded value when no data exists.
-
-ADAPTIVE_THRESHOLDS_ENABLED="${ADAPTIVE_THRESHOLDS_ENABLED:-false}"
+# Every function falls back to the config default when no data exists.
+
+# Auto-resolve intelligence defaults when no config file is loaded.
+# All three default to "auto" → true when Claude CLI is available.
+_auto_resolve_intelligence() {
+    local val="${1:-auto}"
+    if [[ "$val" == "auto" ]]; then
+        command -v claude &>/dev/null && echo "true" || echo "false"
+    else
+        echo "$val"
+    fi
+}
+INTELLIGENCE_MODEL="${INTELLIGENCE_MODEL:-haiku}"
+OPTIMIZATION_ENABLED=$(_auto_resolve_intelligence "${OPTIMIZATION_ENABLED:-auto}")
+PREDICTION_ENABLED=$(_auto_resolve_intelligence "${PREDICTION_ENABLED:-auto}")
+ADAPTIVE_THRESHOLDS_ENABLED=$(_auto_resolve_intelligence "${ADAPTIVE_THRESHOLDS_ENABLED:-auto}")
 PRIORITY_STRATEGY="${PRIORITY_STRATEGY:-quick-wins-first}"
 EMPTY_QUEUE_CYCLES=0
 
@@ -669,7 +717,8 @@ daemon_start() {
         fi
 
         # Export current PATH so detached session finds claude, gh, etc.
-        local tmux_cmd="export PATH='${PATH}'; ${cmd_args[*]}"
+        # Unset CLAUDECODE so daemon works when started from inside Claude Code
+        local tmux_cmd="unset CLAUDECODE 2>/dev/null; export PATH='${PATH}'; ${cmd_args[*]}"
         tmux new-session -d -s "sw-daemon" "$tmux_cmd" 2>/dev/null || {
             # Session may already exist — try killing and recreating
             tmux kill-session -t "sw-daemon" 2>/dev/null || true
@@ -934,6 +983,11 @@ daemon_init() {
 
     mkdir -p "$config_dir"
 
+    # Set restrictive umask for sensitive files (owner-only: 600)
+    local _old_umask
+    _old_umask=$(umask)
+    umask 0077
+
     cat > "$config_file" << 'CONFIGEOF'
 {
   "watch_label": "shipwright",
@@ -999,10 +1053,12 @@ daemon_init() {
   "estimated_cost_per_job_usd": 5.0,
   "intelligence": {
     "enabled": "auto",
+    "model": "haiku",
     "cache_ttl_seconds": 3600,
     "composer_enabled": "auto",
-    "optimization_enabled": true,
-    "prediction_enabled": true,
+    "optimization_enabled": "auto",
+    "prediction_enabled": "auto",
+    "adaptive_enabled": "auto",
     "adversarial_enabled": false,
     "simulation_enabled": false,
     "architecture_enabled": false,
@@ -1012,6 +1068,10 @@ daemon_init() {
 }
 CONFIGEOF
 
+    # Restore umask and ensure file has restricted permissions
+    umask "$_old_umask"
+    chmod 600 "$config_file"
+
     success "Generated config: ${config_file}"
     echo ""
     echo -e "${DIM}Edit this file to customize the daemon behavior, then run:${RESET}"

package/scripts/sw-dashboard.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="3.1.0"
+VERSION="3.3.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # ─── Cross-platform compatibility ──────────────────────────────────────────
@@ -29,6 +29,7 @@ fi
 if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
   emit_event() {
     local event_type="$1"; shift; mkdir -p "${HOME}/.shipwright"
+    # shellcheck disable=SC2155
     local payload="{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"type\":\"$event_type\""
     while [[ $# -gt 0 ]]; do local key="${1%%=*}" val="${1#*=}"; payload="${payload},\"${key}\":\"${val}\""; shift; done
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
@@ -41,6 +42,7 @@ TEAMS_DIR="${HOME}/.shipwright"
 PID_FILE="${TEAMS_DIR}/dashboard.pid"
 LOG_DIR="${TEAMS_DIR}/logs"
 LOG_FILE="${LOG_DIR}/dashboard.log"
+# shellcheck disable=SC2034
 EVENTS_FILE="${TEAMS_DIR}/events.jsonl"
 DEFAULT_PORT=$(_config_get_int "dashboard.port" 8767 2>/dev/null || echo 8767)