typeclaw 0.33.0 → 0.34.0

package/src/cli/channel.ts

@@ -22,8 +22,10 @@ import {
   type GithubCredentialPatch,
   type GithubTunnelProvider,
   type KakaotalkAuthResult,
+  type LineAuthResult,
 } from '@/init'
 import { runKakaotalkBootstrap } from '@/init/kakaotalk-auth'
+import { runLineBootstrap } from '@/init/line-auth'
 import { SecretsKakaoCredentialStore } from '@/secrets/kakao-store'
 
 import { CANCEL_SYMBOL, promptPrivateKeyPem } from './prompt-pem'
@@ -33,6 +35,7 @@ const CHANNEL_LABELS: Record<ChannelKind, string> = {
   'slack-bot': 'Slack',
   'discord-bot': 'Discord',
   'telegram-bot': 'Telegram',
+  line: 'LINE',
   kakaotalk: 'KakaoTalk',
   github: 'GitHub',
 }
@@ -127,6 +130,15 @@ const setSub = defineCommand({
       process.exit(1)
     }
 
+    if (args.adapter === 'line') {
+      console.error(
+        errorLine(
+          'LINE uses an interactive auth flow (QR or email + PIN). Use `typeclaw channel reauth line` to rotate its credentials.',
+        ),
+      )
+      process.exit(1)
+    }
+
     const adapter =
       args.adapter === undefined
         ? await pickSettableAdapter(configured)
@@ -138,7 +150,7 @@ const setSub = defineCommand({
   },
 })
 
-const REAUTHABLE_ADAPTERS = ['kakaotalk'] as const
+const REAUTHABLE_ADAPTERS = ['line', 'kakaotalk'] as const
 type ReauthableAdapter = (typeof REAUTHABLE_ADAPTERS)[number]
 
 const reauthSub = defineCommand({
@@ -234,12 +246,29 @@ function isReauthableAdapter(value: string): value is ReauthableAdapter {
 
 async function runReauth(cwd: string, adapter: ReauthableAdapter): Promise<void> {
   switch (adapter) {
+    case 'line':
+      await runLineReauth(cwd)
+      return
     case 'kakaotalk':
       await runKakaotalkReauth(cwd)
       return
   }
 }
 
+async function runLineReauth(cwd: string): Promise<void> {
+  const login = await promptLineLogin()
+  const s = spinner()
+  s.start('Logging in to LINE...')
+  const result = await runLineBootstrap({ ...login, agentDir: cwd })
+  if (!result.ok) {
+    s.stop(`LINE login failed: ${result.reason}`)
+    process.exit(1)
+  }
+  s.stop('LINE credentials refreshed in secrets.json.')
+
+  await maybePromptReauthRefresh(cwd, 'line')
+}
+
 async function runKakaotalkReauth(cwd: string): Promise<void> {
   const existingEmail = await readExistingKakaotalkEmail(cwd)
   const creds = await promptKakaotalkCredentials({ defaultEmail: existingEmail })
@@ -566,6 +595,7 @@ type CollectedCredentials =
   | { channel: 'discord-bot'; discordBotToken: string }
   | { channel: 'slack-bot'; slackBotToken: string; slackAppToken: string }
   | { channel: 'telegram-bot'; telegramBotToken: string }
+  | { channel: 'line'; runLineAuth: (options: { cwd: string }) => Promise<LineAuthResult> }
   | { channel: 'kakaotalk'; runKakaotalkAuth: (options: { cwd: string }) => Promise<KakaotalkAuthResult> }
   | {
       channel: 'github'
@@ -587,6 +617,13 @@ async function collectCredentials(channel: ChannelKind, cwd: string): Promise<Co
     }
     case 'telegram-bot':
       return { channel, telegramBotToken: await promptTelegramToken() }
+    case 'line': {
+      const login = await promptLineLogin()
+      return {
+        channel,
+        runLineAuth: ({ cwd: agentDir }) => runLineBootstrap({ ...login, agentDir }),
+      }
+    }
     case 'kakaotalk': {
       const creds = await promptKakaotalkCredentials()
       return {
@@ -1023,6 +1060,71 @@ async function promptKakaotalkCredentials(
   return { email, password: pwd }
 }
 
+type LinePromptResult =
+  | { method: 'qr'; callbacks: { onQRUrl: (url: string) => void; onPincode: (pin: string) => void } }
+  | {
+      method: 'email'
+      email: string
+      password: string
+      callbacks: { onPincode: (pin: string) => void }
+    }
+
+async function promptLineLogin(): Promise<LinePromptResult> {
+  note(
+    [
+      'LINE authentication uses a personal account registered as a sub-device.',
+      'Messages will be sent and received under this account — use a',
+      'non-primary account if possible.',
+      '',
+      'QR login is recommended: it works even when the account has no',
+      'email/password set (social-login accounts).',
+    ].join('\n'),
+    'About to log in to LINE',
+  )
+  const method = await select<'qr' | 'email'>({
+    message: 'How do you want to log in to LINE?',
+    options: [
+      { value: 'qr', label: 'QR code — scan with the LINE app on your phone (recommended)' },
+      { value: 'email', label: 'Email + password — for accounts with email login enabled' },
+    ],
+    initialValue: 'qr',
+  })
+  if (isCancel(method)) {
+    cancel('Aborted.')
+    process.exit(0)
+  }
+
+  const onPincode = (pin: string): void => log.info(`Enter this PIN in the LINE app to confirm: ${pin}`)
+
+  if (method === 'qr') {
+    return {
+      method: 'qr',
+      callbacks: {
+        onQRUrl: (url) => note(url, 'Open this URL on your phone (or scan the QR it renders)'),
+        onPincode,
+      },
+    }
+  }
+
+  const email = await text({
+    message: 'LINE email',
+    validate: (value) => (value && value.length > 0 ? undefined : 'Email is required'),
+  })
+  if (isCancel(email)) {
+    cancel('Aborted.')
+    process.exit(0)
+  }
+  const pwd = await password({
+    message: 'LINE password',
+    validate: (value) => (value && value.length > 0 ? undefined : 'Password is required'),
+  })
+  if (isCancel(pwd)) {
+    cancel('Aborted.')
+    process.exit(0)
+  }
+  return { method: 'email', email, password: pwd, callbacks: { onPincode } }
+}
+
 function reportProgress(events: AddChannelStepEvent[]): (event: AddChannelStepEvent) => void {
   const spinners: Partial<Record<AddChannelStepEvent['step'], ReturnType<typeof spinner>>> = {}
 
@@ -1039,6 +1141,9 @@ function reportProgress(events: AddChannelStepEvent[]): (event: AddChannelStepEv
     if (!s) return
 
     switch (event.step) {
+      case 'line-auth':
+        s.stop(reportLineAuth(event.result))
+        break
       case 'kakaotalk-auth':
         s.stop(reportKakaotalkAuth(event.result))
         break
@@ -1056,6 +1161,7 @@ function reportProgress(events: AddChannelStepEvent[]): (event: AddChannelStepEv
 }
 
 const START_MESSAGES: Record<AddChannelStepEvent['step'], string> = {
+  'line-auth': 'Logging in to LINE...',
   'kakaotalk-auth': 'Logging in to KakaoTalk...',
   config: 'Updating typeclaw.json...',
   secrets: 'Saving credentials to secrets.json...',
@@ -1067,6 +1173,11 @@ function reportKakaotalkAuth(result: KakaotalkAuthResult): string {
   return `KakaoTalk login failed: ${result.reason}`
 }
 
+function reportLineAuth(result: LineAuthResult): string {
+  if (result.ok) return 'LINE credentials saved to secrets.json.'
+  return `LINE login failed: ${result.reason}`
+}
+
 async function maybePromptRestart(cwd: string, channel: ChannelKind): Promise<void> {
   const label = CHANNEL_LABELS[channel]
   const current = await status({ cwd }).catch(() => null)

package/src/cli/cron.ts

@@ -114,12 +114,30 @@ function formatEntry(job: CronListEntryPayload, nowMs: number): string {
   const kindBadge = c.dim(`[${job.kind}]`)
   lines.push(`${c.bold(displayId(job))} ${kindBadge} ${sourceLabel}${enabledBadge}`)
 
-  const tz = job.timezone !== undefined ? ` ${c.dim(`(${job.timezone})`)}` : ''
-  lines.push(`  ${c.dim('schedule')} ${job.schedule}${tz}`)
+  if (job.at !== undefined) {
+    lines.push(`  ${c.dim('at      ')} ${job.at}`)
+  } else {
+    const tz = job.timezone !== undefined ? ` ${c.dim(`(${job.timezone})`)}` : ''
+    lines.push(`  ${c.dim('schedule')} ${job.schedule}${tz}`)
+  }
+
+  const stops: string[] = []
+  if (job.until !== undefined) stops.push(`until ${job.until}`)
+  if (job.count !== undefined) stops.push(`count ${job.count}`)
+  if (stops.length > 0) {
+    lines.push(`  ${c.dim('stops   ')} ${stops.join(', ')}`)
+  }
 
   if (job.nextFireMs === null) {
-    const why = job.scheduleError !== undefined ? `: ${job.scheduleError}` : ''
-    lines.push(`  ${c.dim('next    ')} ${c.red('invalid schedule')}${why}`)
+    // A null next-fire means one of two very different things. A parse error
+    // carries `scheduleError` and is a problem to surface in red. No error
+    // means the job hit its count/until boundary and is simply retired — not
+    // broken — so it must not be mislabeled as an invalid schedule.
+    if (job.scheduleError !== undefined) {
+      lines.push(`  ${c.dim('next    ')} ${c.red('invalid schedule')}: ${job.scheduleError}`)
+    } else {
+      lines.push(`  ${c.dim('next    ')} ${c.dim('retired (boundary reached)')}`)
+    }
   } else {
     lines.push(`  ${c.dim('next    ')} ${formatNextFire(job.nextFireMs, nowMs)}`)
   }

package/src/cli/oauth-callbacks.ts

@@ -44,8 +44,9 @@ export function buildOAuthCallbacks(providerName: string): OAuthCallbackHandle {
         const preamble = [
           `Open this URL in your browser to sign in to ${providerName}.`,
           '',
-          'If your browser shows "this site can\'t be reached" after you sign in,',
-          'copy the full address from the top of the browser and paste it below.',
+          'If the page after sign-in shows a code to copy (or a "this site can\'t',
+          'be reached" / "could not establish connection" error), copy that code —',
+          'or the full address from the top of the browser — and paste it below.',
         ]
         if (instructions) preamble.push('', instructions)
         note(preamble.join('\n'), 'Browser login')
@@ -67,8 +68,8 @@ export function buildOAuthCallbacks(providerName: string): OAuthCallbackHandle {
       onManualCodeInput: async () => {
         const value = await text({
           message:
-            'If your browser shows "this site can\'t be reached" after you sign in, copy the full address from the top of the browser and paste it here:',
-          placeholder: 'http://localhost:1455/auth/callback?code=...&state=...',
+            'After signing in, paste the code shown on the page (some providers offer a copy button), or the full redirect address from the top of the browser:',
+          placeholder: 'code, or http://localhost:1455/auth/callback?code=...&state=...',
           signal,
         })
         if (isCancel(value)) throw new Error('Login cancelled by user')

package/src/config/providers.ts

@@ -646,6 +646,63 @@ export const KNOWN_PROVIDERS = {
       },
     },
   },
+  // DeepSeek (api.deepseek.com) pay-as-you-go API. OpenAI-compatible (Bearer
+  // auth + /chat/completions shape), so models go through pi-ai's
+  // `openai-completions` adapter with a custom baseUrl — same trick as
+  // Fireworks, Z.AI, and MiniMax. api-key only; DeepSeek ships no OAuth flow.
+  //
+  // baseUrl is bare `https://api.deepseek.com` (no `/v1` segment) — the SDK
+  // appends `/chat/completions`. This mirrors Anthropic's no-`/v1` convention,
+  // not the OpenAI/xAI `/v1` one; `validate-api-key.ts` probes
+  // `${baseUrl}/models` accordingly.
+  //
+  // Model lineup is the V4 generation as listed on api-docs.deepseek.com/quick_start/pricing
+  // as of 2026-06-08: deepseek-v4-flash (fast, cheap default) and
+  // deepseek-v4-pro (stronger). Both default to thinking/reasoning mode (it is
+  // toggleable upstream, but reasoning: true reflects the default). 1M context,
+  // 384K max output, text-only — DeepSeek's API exposes no image input. The
+  // legacy `deepseek-chat` / `deepseek-reasoner` aliases (deprecated 2026-07-24,
+  // they redirect into v4-flash's non-thinking/thinking modes) are intentionally
+  // omitted in favor of the canonical v4 ids.
+  //
+  // Costs are USD per 1M tokens (standard tier). DeepSeek prices input on a
+  // cache-miss/cache-hit split: `input` is the cache-miss rate, `cacheRead` is
+  // the cache-hit rate. There is no published cache-write surcharge, so
+  // cacheWrite is 0.
+  deepseek: {
+    id: 'deepseek',
+    name: 'DeepSeek',
+    baseUrl: 'https://api.deepseek.com',
+    auth: ['api-key'],
+    apiKeyEnv: 'DEEPSEEK_API_KEY',
+    oauthProviderId: null,
+    models: {
+      'deepseek-v4-flash': {
+        id: 'deepseek-v4-flash',
+        name: 'DeepSeek V4 Flash',
+        api: 'openai-completions',
+        provider: 'deepseek',
+        baseUrl: 'https://api.deepseek.com',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.14, output: 0.28, cacheRead: 0.0028, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 384000,
+      },
+      'deepseek-v4-pro': {
+        id: 'deepseek-v4-pro',
+        name: 'DeepSeek V4 Pro',
+        api: 'openai-completions',
+        provider: 'deepseek',
+        baseUrl: 'https://api.deepseek.com',
+        reasoning: true,
+        input: ['text'],
+        cost: { input: 0.435, output: 0.87, cacheRead: 0.003625, cacheWrite: 0 },
+        contextWindow: 1000000,
+        maxTokens: 384000,
+      },
+    },
+  },
 } as const satisfies Record<string, KnownProvider>
 
 export type KnownProviderId = keyof typeof KNOWN_PROVIDERS
@@ -714,6 +771,11 @@ export const KNOWN_PROVIDER_VENDORS = {
     name: 'MiniMax',
     providers: ['minimax'],
   },
+  deepseek: {
+    id: 'deepseek',
+    name: 'DeepSeek',
+    providers: ['deepseek'],
+  },
 } as const satisfies Record<string, KnownProviderVendor>
 
 export type KnownProviderVendorId = keyof typeof KNOWN_PROVIDER_VENDORS

package/src/cron/consumer.ts

@@ -56,9 +56,22 @@ export type CreateCronConsumerOptions = {
   // `ctx.exec`. Optional so unit-test fakes that never schedule handler jobs
   // stay one-liners.
   invokeHandler?: CronHandlerInvoker
+  // Authoritative count gate. The consumer — not the scheduler — owns
+  // accepted-fire accounting: it re-checks the durable count and increments
+  // only for runs that pass coalescing, so a coalesced skip never consumes a
+  // count. Optional so test fakes that don't exercise counts stay one-liners.
+  countStore?: ConsumerCountStore
+  now?: () => number
   logger?: CronConsumerLogger
 }
 
+export type ConsumerCountStore = {
+  get: (id: string, job: CronJob) => number
+  // Resolves true if the fire was accepted/counted, false if the job is no
+  // longer live (so the consumer skips dispatching stale config).
+  increment: (id: string, job: CronJob, at: number) => Promise<boolean>
+}
+
 export type CronConsumer = {
   start: () => void
   stop: () => void
@@ -76,6 +89,8 @@ export function createCronConsumer({
   cwd,
   createSessionForCron,
   invokeHandler,
+  countStore,
+  now = Date.now,
   logger = consoleLogger,
 }: CreateCronConsumerOptions): CronConsumer {
   const inFlight = new Set<string>()
@@ -94,8 +109,26 @@ export function createCronConsumer({
           logger.warn(`[cron] ${job.id}: previous run still in progress, skipping`)
           return
         }
+        // Reserve before the count gate so two close occurrences can't both
+        // pass the `firedCount < count` check before either increment lands.
         inFlight.add(job.id)
         try {
+          if (job.count !== undefined && countStore !== undefined) {
+            if (countStore.get(job.id, job) >= job.count) {
+              logger.info(`[cron] ${job.id}: count boundary reached, skipping`)
+              return
+            }
+            // Durably record the accepted fire BEFORE dispatch. A crash here
+            // consumes the count without running (at-most-count), which is the
+            // correct tradeoff for a reminder versus over-firing on restart.
+            // A false result means a reload removed/replaced the job while the
+            // write was queued — skip dispatch so we never run stale config.
+            const accepted = await countStore.increment(job.id, job, now())
+            if (!accepted) {
+              logger.info(`[cron] ${job.id}: job no longer live, skipping dispatch`)
+              return
+            }
+          }
           if (job.kind === 'prompt') {
             await runPrompt(job, createSessionForCron, stream, logger)
           } else if (job.kind === 'exec') {

package/src/cron/count-state.ts

@@ -0,0 +1,208 @@
+import { existsSync } from 'node:fs'
+import { mkdir, readFile, rename, writeFile } from 'node:fs/promises'
+import { dirname, join } from 'node:path'
+
+import type { CronJob } from './schema'
+
+export const CRON_STATE_FILE = join('cron', 'state.json')
+
+type StateEntry = {
+  progressFingerprint: string
+  firedCount: number
+  lastAcceptedAt: string
+}
+
+type StateFile = {
+  version: 1
+  jobs: Record<string, StateEntry>
+}
+
+export type CountStore = {
+  // Fingerprint-aware: returns 0 unless the stored entry's recurrence
+  // fingerprint matches `job`. A stale fire from a previous job definition (or
+  // a resurrected entry after reload) therefore can't gate the live job.
+  get: (id: string, job: CronJob) => number
+  // Resolves `true` when the fire was accepted and counted, `false` when the
+  // job is no longer in the live set (removed/replaced while this was queued).
+  // Callers use the result to skip dispatching a stale job, not just to avoid
+  // miscounting it. The verdict is computed inside the write mutex, so it
+  // reflects any reconcile that landed before the write ran.
+  increment: (id: string, job: CronJob, at: number) => Promise<boolean>
+  // Re-applies boot-time reconciliation against a new job set (called on
+  // `typeclaw reload`) so re-added/changed jobs don't inherit stale counts.
+  reconcile: (jobs: CronJob[]) => Promise<void>
+}
+
+export type CountStoreIO = {
+  read: (path: string) => Promise<string | null>
+  write: (path: string, data: string) => Promise<void>
+}
+
+const realIO: CountStoreIO = {
+  read: async (path) => (existsSync(path) ? readFile(path, 'utf8') : null),
+  // Temp-file + rename keeps readers from ever seeing a half-written file.
+  write: async (path, data) => {
+    await mkdir(dirname(path), { recursive: true })
+    const tmp = `${path}.${process.pid}.${Date.now()}.tmp`
+    await writeFile(tmp, data, 'utf8')
+    await rename(tmp, path)
+  },
+}
+
+// `progressFingerprint` identifies the job's RECURRENCE IDENTITY, deliberately
+// excluding the mutable limits (`count`, `until`) and `enabled`. Two jobs with
+// the same id but a changed schedule/target are different recurrences, so the
+// fire counter resets. Bumping only `count` (3 → 5) leaves the fingerprint
+// unchanged, so progress is preserved and the job resumes firing.
+export function progressFingerprint(job: CronJob): string {
+  return JSON.stringify({
+    id: job.id,
+    schedule: job.schedule ?? null,
+    at: job.at ?? null,
+    timezone: job.timezone ?? null,
+    kind: job.kind,
+    target: targetIdentity(job),
+  })
+}
+
+function targetIdentity(job: CronJob): unknown {
+  if (job.kind === 'prompt') return { prompt: job.prompt, subagent: job.subagent ?? null, payload: job.payload ?? null }
+  if (job.kind === 'exec') return job.command
+  return { handler: String(job.handler) }
+}
+
+function matchingCount(entry: StateEntry | undefined, job: CronJob): number {
+  if (entry === undefined) return 0
+  return entry.progressFingerprint === progressFingerprint(job) ? entry.firedCount : 0
+}
+
+function serialize(state: StateFile): string {
+  return JSON.stringify(state)
+}
+
+function activeFingerprints(jobs: CronJob[]): Map<string, string> {
+  const map = new Map<string, string>()
+  for (const job of jobs) {
+    if (job.count !== undefined) map.set(job.id, progressFingerprint(job))
+  }
+  return map
+}
+
+export async function createCountStore(
+  agentDir: string,
+  jobs: CronJob[],
+  io: CountStoreIO = realIO,
+): Promise<CountStore> {
+  const path = join(agentDir, CRON_STATE_FILE)
+  const onDisk = await readState(path, io)
+  const state: StateFile = reconcile(onDisk, jobs)
+  // Serializes writes so concurrent increments (two jobs firing in the same
+  // tick) can't clobber each other via read-modify-write races.
+  let tail: Promise<void> = Promise.resolve()
+  // Guards against a straggler fire that lost a reconcile race re-adding a
+  // tombstone for a removed job: an increment whose id/fingerprint is not in
+  // the current live set is dropped. Maps each live id to its fingerprint.
+  let active = activeFingerprints(jobs)
+
+  // Only touch disk when reconciliation actually pruned/reset something.
+  // Avoids a force-committed no-op rewrite of cron/state.json on every boot.
+  if (serialize(state) !== serialize(onDisk)) {
+    await persist(path, state, io)
+  }
+
+  return {
+    get: (id, job) => matchingCount(state.jobs[id], job),
+    increment: (id, job, at) => {
+      const fp = progressFingerprint(job)
+      const run = tail.then(async () => {
+        // Re-check INSIDE the tail body, not just before queueing: a reconcile
+        // can land synchronously between the queue and this body running, so a
+        // sync-only guard would still let a straggler write a tombstone for a
+        // job that's since been removed. `active` reflects the latest reconcile.
+        if (active.get(id) !== fp) return false
+        const prev = matchingCount(state.jobs[id], job)
+        state.jobs[id] = {
+          progressFingerprint: fp,
+          firedCount: prev + 1,
+          lastAcceptedAt: new Date(at).toISOString(),
+        }
+        await persist(path, state, io)
+        return true
+      })
+      tail = run.then(
+        () => {},
+        () => {},
+      )
+      return run
+    },
+    reconcile: (nextJobs) => {
+      // In-memory map is authoritative for `get`, so it must settle before the
+      // caller arms timers; only the on-disk persist trails behind the mutex.
+      active = activeFingerprints(nextJobs)
+      state.jobs = reconcile(state, nextJobs).jobs
+      const run = tail.then(async () => {
+        await persist(path, state, io)
+      })
+      tail = run.catch(() => {})
+      return run
+    },
+  }
+}
+
+function emptyState(): StateFile {
+  return { version: 1, jobs: {} }
+}
+
+async function readState(path: string, io: CountStoreIO): Promise<StateFile> {
+  const raw = await io.read(path)
+  if (raw === null) return emptyState()
+  try {
+    return validateState(JSON.parse(raw))
+  } catch {
+    return emptyState()
+  }
+}
+
+// Durable on-disk state is untrusted: a corrupt or hand-edited file must never
+// crash the scheduler or feed a bogus count into expiry. Drop the whole file
+// on a version mismatch, and skip individual entries that aren't well-formed.
+function validateState(raw: unknown): StateFile {
+  if (typeof raw !== 'object' || raw === null) return emptyState()
+  const obj = raw as { version?: unknown; jobs?: unknown }
+  if (obj.version !== 1 || typeof obj.jobs !== 'object' || obj.jobs === null) return emptyState()
+
+  const jobs: Record<string, StateEntry> = {}
+  for (const [id, value] of Object.entries(obj.jobs as Record<string, unknown>)) {
+    if (typeof value !== 'object' || value === null) continue
+    const e = value as Record<string, unknown>
+    if (typeof e.progressFingerprint !== 'string') continue
+    if (typeof e.firedCount !== 'number' || !Number.isInteger(e.firedCount) || e.firedCount < 0) continue
+    if (typeof e.lastAcceptedAt !== 'string') continue
+    jobs[id] = {
+      progressFingerprint: e.progressFingerprint,
+      firedCount: e.firedCount,
+      lastAcceptedAt: e.lastAcceptedAt,
+    }
+  }
+  return { version: 1, jobs }
+}
+
+// Boot/reload reconciliation. The scary footgun is a job id removed and later
+// re-added with the SAME id: without this, the re-added job would inherit the
+// old counter and never fire. We drop entries for ids that are gone or no
+// longer counted, and reset entries whose recurrence fingerprint changed.
+export function reconcile(state: StateFile, jobs: CronJob[]): StateFile {
+  const byId = new Map(jobs.map((j) => [j.id, j]))
+  const next: Record<string, StateEntry> = {}
+  for (const [id, entry] of Object.entries(state.jobs)) {
+    const job = byId.get(id)
+    if (!job || job.count === undefined) continue
+    if (entry.progressFingerprint !== progressFingerprint(job)) continue
+    next[id] = entry
+  }
+  return { version: 1, jobs: next }
+}
+
+async function persist(path: string, state: StateFile, io: CountStoreIO): Promise<void> {
+  await io.write(path, JSON.stringify(state, null, 2))
+}

package/src/cron/index.ts

@@ -6,22 +6,10 @@ import type { SubagentRegistry } from '@/agent/subagents'
 
 import { type CronFile, parseCronFile } from './schema'
 
-export { createCronReloadable, type CreateCronReloadableOptions } from './reloadable'
-export {
-  createCronConsumer,
-  type CreateCronConsumerOptions,
-  type CronConsumer,
-  type CronConsumerLogger,
-  type CronSession,
-} from './consumer'
-export {
-  type ComputeNextFireResult,
-  computeNextFire,
-  createScheduler,
-  type JobDiff,
-  type Scheduler,
-  type SchedulerLogger,
-} from './scheduler'
+export { type CountStore, createCountStore } from './count-state'
+export { createCronReloadable } from './reloadable'
+export { createCronConsumer, type CronConsumer } from './consumer'
+export { computeNextFire, createScheduler, type JobDiff, type Scheduler } from './scheduler'
 export { aggregateCronList, type CronListEntry, type CronListSource } from './list'
 export {
   cronFileSchema,
@@ -31,7 +19,6 @@ export {
   type ExecJob,
   type HandlerJob,
   parseCronJson,
-  type ParseCronJsonOptions,
   type ParseCronResult,
   type ParsedCronJob,
   type PromptJob,