typeclaw 0.32.1 → 0.34.0

package/src/cli/provider.ts

@@ -2,10 +2,16 @@ import { cancel, intro, isCancel, log, password, select } from '@clack/prompts'
 import { defineCommand } from 'citty'
 
 import {
+  KNOWN_PROVIDER_VENDORS,
   KNOWN_PROVIDERS,
+  listKnownProviderVendorIds,
+  providerIdsForVendor,
   supportsApiKey as providerSupportsApiKey,
   supportsOAuth as providerSupportsOAuth,
+  variantHint,
+  variantLabel,
   type KnownProviderId,
+  type KnownProviderVendorId,
 } from '@/config/providers'
 import {
   addProvider,
@@ -270,15 +276,40 @@ function validateKnownProvider(input: string): KnownProviderId {
 
 async function resolveProviderForAdd(input: string | undefined): Promise<KnownProviderId> {
   if (input !== undefined) return validateKnownProvider(input)
-  const ids = Object.keys(KNOWN_PROVIDERS) as KnownProviderId[]
-  const choice = await select<KnownProviderId>({
+  const vendorId = await pickVendorToAdd()
+  return await pickVariantToAdd(vendorId)
+}
+
+async function pickVendorToAdd(): Promise<KnownProviderVendorId> {
+  const vendorIds = listKnownProviderVendorIds()
+  const choice = await select<KnownProviderVendorId>({
     message: 'Pick a provider to add',
-    options: ids.map((id) => ({
+    options: vendorIds.map((id) => ({
       value: id,
-      label: KNOWN_PROVIDERS[id].name,
-      hint: authHint(id),
+      label: KNOWN_PROVIDER_VENDORS[id].name,
+      hint: vendorAuthHint(id),
     })),
-    initialValue: ids[0],
+    initialValue: vendorIds[0],
+  })
+  if (isCancel(choice)) {
+    cancel('Aborted.')
+    process.exit(0)
+  }
+  return choice
+}
+
+async function pickVariantToAdd(vendorId: KnownProviderVendorId): Promise<KnownProviderId> {
+  const variants = providerIdsForVendor(vendorId)
+  if (variants.length === 1) return variants[0]!
+  const choice = await select<KnownProviderId>({
+    message: `Pick a ${KNOWN_PROVIDER_VENDORS[vendorId].name} option`,
+    options: variants.map((id) => {
+      const hint = variantHint(vendorId, id)
+      return hint !== undefined
+        ? { value: id, label: variantLabel(vendorId, id), hint }
+        : { value: id, label: variantLabel(vendorId, id) }
+    }),
+    initialValue: variants[0],
   })
   if (isCancel(choice)) {
     cancel('Aborted.')
@@ -378,10 +409,10 @@ async function runOAuthLogin(cwd: string, providerId: KnownProviderId): Promise<
   }
 }
 
-function authHint(id: KnownProviderId): string {
-  const provider = KNOWN_PROVIDERS[id]
-  const apiKey = providerSupportsApiKey(provider)
-  const oauth = providerSupportsOAuth(provider)
+function vendorAuthHint(vendorId: KnownProviderVendorId): string {
+  const providers = providerIdsForVendor(vendorId)
+  const apiKey = providers.some((id) => providerSupportsApiKey(KNOWN_PROVIDERS[id]))
+  const oauth = providers.some((id) => providerSupportsOAuth(KNOWN_PROVIDERS[id]))
   if (apiKey && oauth) return 'API key or OAuth'
   if (oauth) return 'OAuth only'
   return 'API key'

package/src/config/providers.ts

@@ -41,6 +41,17 @@ type KnownProvider = {
 // e.g. `OPENAI_API_KEY`). For `oauth` providers, `oauthProviderId` MUST match
 // a pi-ai OAuth provider id exactly, otherwise `authStorage.login()` will
 // throw "Unknown OAuth provider".
+//
+// Granularity rule (split vs merge): a provider id is the runtime API surface,
+// not the brand. Different API call => different provider id; same API call =>
+// same provider id. "Same API call" means same endpoint + same wire transport.
+// So `anthropic` is ONE id because api-key and oauth hit the same
+// /v1/messages endpoint (only the auth header differs), while `openai` /
+// `openai-codex` and `zai` / `zai-coding` are SEPARATE ids because each pair
+// targets different endpoints (and env vars). The user-facing brand grouping
+// lives in `KNOWN_PROVIDER_VENDORS` below — keep it out of this decision.
+// Renaming an id is a breaking change to secrets.json keys and typeclaw.json
+// model refs; only do it behind a migration in a dedicated major-version PR.
 export const KNOWN_PROVIDERS = {
   openai: {
     id: 'openai',
@@ -119,13 +130,12 @@ export const KNOWN_PROVIDERS = {
   // these ids work end-to-end as long as the Codex backend itself accepts
   // them, which it does for ChatGPT Plus/Pro accounts as of 2026-05-10.
   //
-  // Position-load-bearing: must stay adjacent to `openai`. The init wizard's
-  // provider picker, `provider --help`'s `id | id | ...` listing, and the
-  // generated JSON schema's model-ref enum all derive their ordering from
-  // Object.keys() iteration on this literal. Alphabetizing the registry
-  // would scatter `openai-codex` after `fireworks` and re-introduce the
-  // "OpenAI ... Anthropic ... OpenAI" picker order this comment exists to
-  // prevent.
+  // Position-load-bearing: must stay adjacent to `openai`. `provider --help`'s
+  // `id | id | ...` listing and the generated JSON schema's model-ref enum
+  // derive their ordering from Object.keys() iteration on this literal, so
+  // alphabetizing the registry would scatter `openai-codex` after `fireworks`.
+  // (The init wizard's picker no longer depends on this order — it groups by
+  // `KNOWN_PROVIDER_VENDORS` below.)
   'openai-codex': {
     id: 'openai-codex',
     name: 'OpenAI Codex (ChatGPT Plus/Pro)',
@@ -453,10 +463,359 @@ export const KNOWN_PROVIDERS = {
       },
     },
   },
+  // xAI (Grok). The native developer API at api.x.ai/v1 is OpenAI-compatible
+  // (Bearer auth + /chat/completions shape), so models go through pi-ai's
+  // `openai-completions` adapter with a custom baseUrl — same trick as
+  // Fireworks and Z.AI. This is a DUAL-AUTH provider like `anthropic`:
+  //   * api-key — XAI_API_KEY (the standard xAI env var), a plain Bearer token.
+  //   * oauth — Grok subscription login via xAI's OIDC server (auth.x.ai),
+  //     authorization-code + PKCE. pi-ai ships no built-in xAI OAuth provider,
+  //     so `oauthProviderId: 'xai'` resolves to the custom provider registered
+  //     in src/secrets/oauth-xai.ts (registered from createSecretsStoreForAgent
+  //     so both init-login and runtime-refresh see it). The dual-auth runtime
+  //     rule in src/agent/auth.ts applies: an OAuth credential on disk wins over
+  //     XAI_API_KEY in .env — remove it (`typeclaw provider remove xai`) to fall
+  //     back to the key.
+  //
+  // Costs and context windows mirror docs.x.ai/developers/models and the raw
+  // /v1/models price fields as of 2026-06-08 (xAI quotes prices in cents per
+  // 100M tokens; e.g. grok-4.3 prompt 12500 = $1.25/1M). grok-4.3 is the
+  // flagship default; grok-build-0.1 is the coding-tuned model. The
+  // grok-4.20-0309 snapshots are pinned weights for reproducible runs.
+  //
+  // The earlier grok-4 / grok-4-fast / grok-code-fast-1 ids were RETIRED on
+  // 2026-05-15 — they still resolve but silently redirect (and bill) at the
+  // grok-4.3 / grok-build-0.1 rates, so they are intentionally NOT listed.
+  //
+  // cacheWrite is 0: xAI publishes no cache-write price (caching is implicit,
+  // billed only at the cacheRead rate). Models 1-4 also carry a long-context
+  // tier (2x rates above a 200k-token request); pi-ai's Model shape can't
+  // express tiered pricing, so the standard rate is used and the breakpoint is
+  // noted here. When refreshing, rerun `scripts/generate-schema.ts`.
+  xai: {
+    id: 'xai',
+    name: 'xAI (Grok)',
+    baseUrl: 'https://api.x.ai/v1',
+    auth: ['api-key', 'oauth'],
+    apiKeyEnv: 'XAI_API_KEY',
+    oauthProviderId: 'xai',
+    models: {
+      'grok-4.3': {
+        id: 'grok-4.3',
+        name: 'Grok 4.3',
+        api: 'openai-completions',
+        provider: 'xai',
+        baseUrl: 'https://api.x.ai/v1',
+        reasoning: true,
+        input: ['text', 'image'],
+        cost: { input: 1.25, output: 2.5, cacheRead: 0.2, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 64000,
+      },
+      'grok-4.20-0309-reasoning': {
+        id: 'grok-4.20-0309-reasoning',
+        name: 'Grok 4.20 (Reasoning)',
+        api: 'openai-completions',
+        provider: 'xai',
+        baseUrl: 'https://api.x.ai/v1',
+        reasoning: true,
+        input: ['text', 'image'],
+        cost: { input: 1.25, output: 2.5, cacheRead: 0.2, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 64000,
+      },
+      'grok-4.20-0309-non-reasoning': {
+        id: 'grok-4.20-0309-non-reasoning',
+        name: 'Grok 4.20 (Non-Reasoning)',
+        api: 'openai-completions',
+        provider: 'xai',
+        baseUrl: 'https://api.x.ai/v1',
+        reasoning: false,
+        input: ['text', 'image'],
+        cost: { input: 1.25, output: 2.5, cacheRead: 0.2, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 64000,
+      },
+      'grok-build-0.1': {
+        id: 'grok-build-0.1',
+        name: 'Grok Build 0.1',
+        api: 'openai-completions',
+        provider: 'xai',
+        baseUrl: 'https://api.x.ai/v1',
+        reasoning: true,
+        input: ['text', 'image'],
+        cost: { input: 1.0, output: 2.0, cacheRead: 0.2, cacheWrite: 0 },
+        contextWindow: 256000,
+        maxTokens: 64000,
+      },
+    },
+  },
+  // MiniMax (minimax.io) pay-as-you-go API. OpenAI-compatible (Bearer auth +
+  // /chat/completions shape), so models go through pi-ai's `openai-completions`
+  // adapter with a custom baseUrl — same trick as Fireworks and Z.AI.
+  //
+  // Endpoint choice: the international endpoint (api.minimax.io) is the global
+  // surface; the China endpoint (api.minimaxi.com) is a regional alternative on
+  // the same protocol. We pin the international one here — operators who need the
+  // China gateway can front it with an OpenAI-compatible proxy.
+  //
+  // Model lineup mirrors the OpenAI-compatible model enum on
+  // platform.minimax.io as of 2026-06-08: MiniMax-M3 (flagship, 1M context,
+  // image input, controllable reasoning) plus the M2 reasoning series
+  // (204,800 context, reasoning always on, text-only). The `-highspeed`
+  // billing-tier variants and the native-only `M2-her` / `MiniMax-Text-01` /
+  // `abab*` models are intentionally omitted — the first are duplicate weights
+  // on a pricier surface, the rest don't serve the OpenAI-compatible
+  // /chat/completions route this adapter speaks. Costs are USD per 1M tokens
+  // from docs/guides/pricing-paygo (standard tier): M3 reflects the permanent
+  // 50%-off ≤512K-input rate (input 0.30 / output 1.20 / cacheRead 0.06; M3 has
+  // no separate cache-write rate). M2.7 caches at 0.06 read / 0.375 write; the
+  // M2.5/M2.1/M2 series at 0.03 read / 0.375 write.
+  //
+  // M3 tiered pricing is NOT modeled: this single cost record only encodes the
+  // ≤512K-input tier. The >512K tier (input 0.60 / output 2.40 / cacheRead 0.12)
+  // is a limited-availability surcharge that pi-ai's flat per-model cost shape
+  // can't represent, so long-context M3 sessions above 512K under-report cost.
+  minimax: {
+    id: 'minimax',
+    name: 'MiniMax',
+    baseUrl: 'https://api.minimax.io/v1',
+    auth: ['api-key'],
+    apiKeyEnv: 'MINIMAX_API_KEY',
+    oauthProviderId: null,
+    models: {
+      'MiniMax-M3': {
+        id: 'MiniMax-M3',
+        name: 'MiniMax M3',
+        api: 'openai-completions',
+        provider: 'minimax',
+        baseUrl: 'https://api.minimax.io/v1',
+        reasoning: true,
+        input: ['text', 'image'],
+        cost: { input: 0.3, output: 1.2, cacheRead: 0.06, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 524288,
+      },
+      'MiniMax-M2.7': {
+        id: 'MiniMax-M2.7',
+        name: 'MiniMax M2.7',
+        api: 'openai-completions',
+        provider: 'minimax',
+        baseUrl: 'https://api.minimax.io/v1',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.3, output: 1.2, cacheRead: 0.06, cacheWrite: 0.375 },
+        contextWindow: 204800,
+        maxTokens: 204800,
+      },
+      'MiniMax-M2.5': {
+        id: 'MiniMax-M2.5',
+        name: 'MiniMax M2.5',
+        api: 'openai-completions',
+        provider: 'minimax',
+        baseUrl: 'https://api.minimax.io/v1',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.3, output: 1.2, cacheRead: 0.03, cacheWrite: 0.375 },
+        contextWindow: 204800,
+        maxTokens: 204800,
+      },
+      'MiniMax-M2.1': {
+        id: 'MiniMax-M2.1',
+        name: 'MiniMax M2.1',
+        api: 'openai-completions',
+        provider: 'minimax',
+        baseUrl: 'https://api.minimax.io/v1',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.3, output: 1.2, cacheRead: 0.03, cacheWrite: 0.375 },
+        contextWindow: 204800,
+        maxTokens: 204800,
+      },
+      'MiniMax-M2': {
+        id: 'MiniMax-M2',
+        name: 'MiniMax M2',
+        api: 'openai-completions',
+        provider: 'minimax',
+        baseUrl: 'https://api.minimax.io/v1',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.3, output: 1.2, cacheRead: 0.03, cacheWrite: 0.375 },
+        contextWindow: 204800,
+        maxTokens: 204800,
+      },
+    },
+  },
+  // DeepSeek (api.deepseek.com) pay-as-you-go API. OpenAI-compatible (Bearer
+  // auth + /chat/completions shape), so models go through pi-ai's
+  // `openai-completions` adapter with a custom baseUrl — same trick as
+  // Fireworks, Z.AI, and MiniMax. api-key only; DeepSeek ships no OAuth flow.
+  //
+  // baseUrl is bare `https://api.deepseek.com` (no `/v1` segment) — the SDK
+  // appends `/chat/completions`. This mirrors Anthropic's no-`/v1` convention,
+  // not the OpenAI/xAI `/v1` one; `validate-api-key.ts` probes
+  // `${baseUrl}/models` accordingly.
+  //
+  // Model lineup is the V4 generation as listed on api-docs.deepseek.com/quick_start/pricing
+  // as of 2026-06-08: deepseek-v4-flash (fast, cheap default) and
+  // deepseek-v4-pro (stronger). Both default to thinking/reasoning mode (it is
+  // toggleable upstream, but reasoning: true reflects the default). 1M context,
+  // 384K max output, text-only — DeepSeek's API exposes no image input. The
+  // legacy `deepseek-chat` / `deepseek-reasoner` aliases (deprecated 2026-07-24,
+  // they redirect into v4-flash's non-thinking/thinking modes) are intentionally
+  // omitted in favor of the canonical v4 ids.
+  //
+  // Costs are USD per 1M tokens (standard tier). DeepSeek prices input on a
+  // cache-miss/cache-hit split: `input` is the cache-miss rate, `cacheRead` is
+  // the cache-hit rate. There is no published cache-write surcharge, so
+  // cacheWrite is 0.
+  deepseek: {
+    id: 'deepseek',
+    name: 'DeepSeek',
+    baseUrl: 'https://api.deepseek.com',
+    auth: ['api-key'],
+    apiKeyEnv: 'DEEPSEEK_API_KEY',
+    oauthProviderId: null,
+    models: {
+      'deepseek-v4-flash': {
+        id: 'deepseek-v4-flash',
+        name: 'DeepSeek V4 Flash',
+        api: 'openai-completions',
+        provider: 'deepseek',
+        baseUrl: 'https://api.deepseek.com',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.14, output: 0.28, cacheRead: 0.0028, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 384000,
+      },
+      'deepseek-v4-pro': {
+        id: 'deepseek-v4-pro',
+        name: 'DeepSeek V4 Pro',
+        api: 'openai-completions',
+        provider: 'deepseek',
+        baseUrl: 'https://api.deepseek.com',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.435, output: 0.87, cacheRead: 0.003625, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 384000,
+      },
+    },
+  },
 } as const satisfies Record<string, KnownProvider>
 
 export type KnownProviderId = keyof typeof KNOWN_PROVIDERS
 
+// UX-only grouping of provider ids under one vendor for the init/`provider
+// add` pickers. Deliberately does NOT touch the runtime contract:
+// `KnownProviderId`, `KnownModelRef`, secrets.json keys, auth resolution, and
+// the generated schema all stay keyed on the flat ids in `KNOWN_PROVIDERS`.
+// The follow-up "variant" prompt resolves a concrete provider id, then
+// `pickAuthMethod` runs as before; it is auto-resolved for single-provider
+// vendors (Fireworks, Anthropic). `variants` copy lets the prompt read as an
+// auth choice for OpenAI but a plan choice for Z.AI (both api-key, different
+// billing surfaces).
+type KnownProviderVendor = {
+  id: string
+  name: string
+  providers: ReadonlyArray<KnownProviderId>
+  variants?: Partial<Record<KnownProviderId, { label: string; hint?: string }>>
+}
+
+// Ordered by product priority for the picker — independent of the
+// `KNOWN_PROVIDERS` declaration order (which stays load-bearing for the schema
+// enum and `provider --help` listing). Every provider id below MUST appear in
+// exactly one vendor; `providers.test.ts` enforces the partition.
+export const KNOWN_PROVIDER_VENDORS = {
+  openai: {
+    id: 'openai',
+    name: 'OpenAI',
+    providers: ['openai', 'openai-codex'],
+    variants: {
+      openai: { label: 'API key', hint: 'OpenAI API platform' },
+      'openai-codex': { label: 'OAuth (ChatGPT Plus/Pro)', hint: 'ChatGPT subscription' },
+    },
+  },
+  anthropic: {
+    id: 'anthropic',
+    name: 'Anthropic',
+    providers: ['anthropic'],
+  },
+  fireworks: {
+    id: 'fireworks',
+    name: 'Fireworks',
+    providers: ['fireworks'],
+  },
+  zai: {
+    id: 'zai',
+    name: 'Z.AI',
+    providers: ['zai', 'zai-coding'],
+    variants: {
+      zai: { label: 'Pay-as-you-go', hint: 'standard API billing' },
+      'zai-coding': { label: 'Coding Plan', hint: 'GLM Coding Plan subscription' },
+    },
+  },
+  xai: {
+    id: 'xai',
+    name: 'xAI (Grok)',
+    providers: ['xai'],
+  },
+  // Single-provider vendor: pay-as-you-go and Token Plan are the SAME provider
+  // id (same /v1 endpoint, same Bearer transport — only the key prefix differs),
+  // so per the granularity rule above MiniMax is one id like Anthropic, not a
+  // zai-style split. The picker shows one row and skips the variant prompt; the
+  // pay-as-you-go-vs-Token-Plan dashboard hint is handled in the key-entry step.
+  minimax: {
+    id: 'minimax',
+    name: 'MiniMax',
+    providers: ['minimax'],
+  },
+  deepseek: {
+    id: 'deepseek',
+    name: 'DeepSeek',
+    providers: ['deepseek'],
+  },
+} as const satisfies Record<string, KnownProviderVendor>
+
+export type KnownProviderVendorId = keyof typeof KNOWN_PROVIDER_VENDORS
+
+export function listKnownProviderVendorIds(): KnownProviderVendorId[] {
+  return Object.keys(KNOWN_PROVIDER_VENDORS) as KnownProviderVendorId[]
+}
+
+export function providerIdsForVendor(vendorId: KnownProviderVendorId): ReadonlyArray<KnownProviderId> {
+  return KNOWN_PROVIDER_VENDORS[vendorId].providers
+}
+
+export function vendorForProviderId(providerId: KnownProviderId): KnownProviderVendorId {
+  for (const vendorId of listKnownProviderVendorIds()) {
+    if ((KNOWN_PROVIDER_VENDORS[vendorId].providers as ReadonlyArray<KnownProviderId>).includes(providerId)) {
+      return vendorId
+    }
+  }
+  throw new Error(`Provider ${providerId} is not assigned to any vendor in KNOWN_PROVIDER_VENDORS`)
+}
+
+function variantCopy(
+  vendorId: KnownProviderVendorId,
+  providerId: KnownProviderId,
+): { label: string; hint?: string } | undefined {
+  const vendor: KnownProviderVendor = KNOWN_PROVIDER_VENDORS[vendorId]
+  return vendor.variants?.[providerId]
+}
+
+// Falls back to the provider's own name when a vendor supplies no variant copy
+// (single-provider vendors never render this prompt, so the fallback only
+// guards against an incomplete `variants` map on a multi-provider vendor).
+export function variantLabel(vendorId: KnownProviderVendorId, providerId: KnownProviderId): string {
+  return variantCopy(vendorId, providerId)?.label ?? KNOWN_PROVIDERS[providerId].name
+}
+
+export function variantHint(vendorId: KnownProviderVendorId, providerId: KnownProviderId): string | undefined {
+  return variantCopy(vendorId, providerId)?.hint
+}
+
 export type KnownModelRef = {
   [P in KnownProviderId]: `${P}/${Extract<keyof (typeof KNOWN_PROVIDERS)[P]['models'], string>}`
 }[KnownProviderId]

package/src/cron/consumer.ts

@@ -56,9 +56,22 @@ export type CreateCronConsumerOptions = {
   // `ctx.exec`. Optional so unit-test fakes that never schedule handler jobs
   // stay one-liners.
   invokeHandler?: CronHandlerInvoker
+  // Authoritative count gate. The consumer — not the scheduler — owns
+  // accepted-fire accounting: it re-checks the durable count and increments
+  // only for runs that pass coalescing, so a coalesced skip never consumes a
+  // count. Optional so test fakes that don't exercise counts stay one-liners.
+  countStore?: ConsumerCountStore
+  now?: () => number
   logger?: CronConsumerLogger
 }
 
+export type ConsumerCountStore = {
+  get: (id: string, job: CronJob) => number
+  // Resolves true if the fire was accepted/counted, false if the job is no
+  // longer live (so the consumer skips dispatching stale config).
+  increment: (id: string, job: CronJob, at: number) => Promise<boolean>
+}
+
 export type CronConsumer = {
   start: () => void
   stop: () => void
@@ -76,6 +89,8 @@ export function createCronConsumer({
   cwd,
   createSessionForCron,
   invokeHandler,
+  countStore,
+  now = Date.now,
   logger = consoleLogger,
 }: CreateCronConsumerOptions): CronConsumer {
   const inFlight = new Set<string>()
@@ -94,8 +109,26 @@ export function createCronConsumer({
           logger.warn(`[cron] ${job.id}: previous run still in progress, skipping`)
           return
         }
+        // Reserve before the count gate so two close occurrences can't both
+        // pass the `firedCount < count` check before either increment lands.
         inFlight.add(job.id)
         try {
+          if (job.count !== undefined && countStore !== undefined) {
+            if (countStore.get(job.id, job) >= job.count) {
+              logger.info(`[cron] ${job.id}: count boundary reached, skipping`)
+              return
+            }
+            // Durably record the accepted fire BEFORE dispatch. A crash here
+            // consumes the count without running (at-most-count), which is the
+            // correct tradeoff for a reminder versus over-firing on restart.
+            // A false result means a reload removed/replaced the job while the
+            // write was queued — skip dispatch so we never run stale config.
+            const accepted = await countStore.increment(job.id, job, now())
+            if (!accepted) {
+              logger.info(`[cron] ${job.id}: job no longer live, skipping dispatch`)
+              return
+            }
+          }
           if (job.kind === 'prompt') {
             await runPrompt(job, createSessionForCron, stream, logger)
           } else if (job.kind === 'exec') {