vibe-forge 0.3.12 → 0.8.1

package/bin/lib/daemon/display.sh

@@ -0,0 +1,128 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/display.sh
+#
+# Status display functions for the daemon status command
+#
+# Dependencies: colors.sh, constants.sh, json.sh
+# Globals required: FORGE_ROOT, PID_FILE, STATE_FILE, NOTIFY_FILE,
+#                   AGENT_STATUS_DIR, TASKS_ATTENTION, STALE_STATUS_THRESHOLD
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_DISPLAY_LOADED:-}" ]] && return 0
+_DAEMON_DISPLAY_LOADED=1
+
+# Display daemon running status (PID check)
+display_daemon_status() {
+    if [[ -f "$PID_FILE" ]]; then
+        local pid
+        pid=$(cat "$PID_FILE")
+        if kill -0 "$pid" 2>/dev/null; then
+            log_success "Running (PID: $pid)"
+        else
+            log_warn "Stopped (stale PID file)"
+        fi
+    else
+        echo "Status: Stopped"
+    fi
+}
+
+# Display task counts from state file
+display_task_counts() {
+    if [[ -f "$STATE_FILE" ]]; then
+        echo "Task Counts:"
+        grep -E "pending:|in_progress:|completed:|in_review:|approved:|needs_changes:|merged:|attention_needed:" "$STATE_FILE" | sed 's/^/  /'
+    fi
+}
+
+# Display workers needing attention (urgent alerts)
+display_attention_needed() {
+    local attention_count
+    attention_count=$(find "$FORGE_ROOT/$TASKS_ATTENTION" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    if [[ "$attention_count" -gt 0 ]]; then
+        echo -e "${RED}🔔 ATTENTION NEEDED:${NC}"
+        for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+            if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+                local agent issue
+                agent=$(grep -m1 "^agent:" "$attention_file" 2>/dev/null | cut -d':' -f2 | tr -d ' "' | head -c 50)
+                issue=$(sed -n '/^## Issue/,/^##/p' "$attention_file" 2>/dev/null | grep -v "^##" | head -1 | head -c 80)
+                echo -e "  ${YELLOW}$agent${NC}: $issue"
+            fi
+        done
+        echo ""
+    fi
+}
+
+# Get status icon for worker status
+get_status_icon() {
+    local status="$1"
+    case "$status" in
+        "working") echo "🔨" ;;
+        "idle") echo "💤" ;;
+        "blocked") echo "🚫" ;;
+        "testing") echo "🧪" ;;
+        "reviewing") echo "👁️" ;;
+        *) echo "❓" ;;
+    esac
+}
+
+# Display active worker statuses with staleness indicators
+display_worker_status() {
+    if [[ ! -d "$FORGE_ROOT/$AGENT_STATUS_DIR" ]]; then
+        return
+    fi
+
+    local status_count
+    status_count=$(find "$FORGE_ROOT/$AGENT_STATUS_DIR" -maxdepth 1 -name "*.json" -type f 2>/dev/null | wc -l)
+    if [[ "$status_count" -eq 0 ]]; then
+        return
+    fi
+
+    echo "Active Workers:"
+    local now_epoch stale_threshold
+    now_epoch=$(date +%s)
+    stale_threshold=$STALE_STATUS_THRESHOLD
+
+    for status_file in "$FORGE_ROOT/$AGENT_STATUS_DIR"/*.json; do
+        if [[ -f "$status_file" && ! -L "$status_file" ]]; then
+            local agent status task updated stale_marker icon
+            agent=$(json_read "$status_file" "agent" "unknown")
+            status=$(json_read "$status_file" "status" "unknown")
+            task=$(json_read "$status_file" "task" "")
+            updated=$(json_read "$status_file" "updated" "")
+
+            # Check staleness
+            stale_marker=""
+            if [[ -n "$updated" ]]; then
+                local updated_epoch age
+                updated_epoch=$(date -d "$updated" +%s 2>/dev/null || date -j -f "%Y-%m-%dT%H:%M:%S" "${updated%Z}" +%s 2>/dev/null || echo "0")
+                age=$((now_epoch - updated_epoch))
+                if [[ "$age" -gt "$stale_threshold" ]]; then
+                    stale_marker=" ${YELLOW}(stale)${NC}"
+                fi
+            fi
+
+            icon=$(get_status_icon "$status")
+
+            if [[ -n "$task" ]]; then
+                echo -e "  $icon ${CYAN}$agent${NC}: $status ($task)$stale_marker"
+            else
+                echo -e "  $icon ${CYAN}$agent${NC}: $status$stale_marker"
+            fi
+        fi
+    done
+    echo ""
+}
+
+# Display recent notifications from log
+display_recent_notifications() {
+    if [[ -f "$NOTIFY_FILE" ]]; then
+        local notify_count
+        notify_count=$(wc -l < "$NOTIFY_FILE" 2>/dev/null || echo "0")
+        if [[ "$notify_count" -gt 0 ]]; then
+            echo "Recent Notifications (last 5):"
+            tail -5 "$NOTIFY_FILE" | sed 's/^/  /'
+            echo ""
+        fi
+    fi
+}

package/bin/lib/daemon/notifications.sh

@@ -0,0 +1,273 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/notifications.sh
+#
+# Daemon notification functions - pending task alerts, attention signals,
+# system toasts, and Heimdall escalation handling
+#
+# Dependencies: colors.sh, constants.sh
+# Globals required: FORGE_ROOT, NOTIFY_FILE, NOTIFIED_FILE, LOG_FILE,
+#                   TASKS_PENDING, TASKS_NEEDS_CHANGES, TASKS_ATTENTION
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_NOTIFICATIONS_LOADED:-}" ]] && return 0
+_DAEMON_NOTIFICATIONS_LOADED=1
+
+# Node.js frontmatter helper (RT-20260405-001 MEDIUM-5: replaces grep/cut YAML parsing)
+FRONTMATTER_JS="${FRONTMATTER_JS:-$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/frontmatter.js}"
+
+# Parse a single frontmatter field from a markdown file.
+_notif_fm_field() {
+    node "$FRONTMATTER_JS" "$1" "$2" 2>/dev/null | sed -n "s/^${2}=//p"
+}
+
+# SECURITY: Sanitize message for safe use in shell commands
+# Removes/escapes characters that could cause command injection
+sanitize_notification_message() {
+    local msg="$1"
+    # Remove null bytes
+    msg="${msg//$'\0'/}"
+    # Remove characters that could escape out of string contexts
+    # PowerShell: $, `, ', ", (), {}
+    # osascript: ', ", \, $
+    # We allow: alphanumeric, spaces, periods, commas, colons, hyphens, underscores
+    msg=$(echo "$msg" | tr -cd 'a-zA-Z0-9 .,;:!?_-')
+    # Limit length to prevent buffer issues
+    msg="${msg:0:200}"
+    echo "$msg"
+}
+
+notify() {
+    local message="$1"
+    local urgency="${2:-normal}"  # normal or urgent
+    local timestamp
+    timestamp=$(date -Iseconds)
+
+    # SECURITY: Sanitize before logging to prevent ANSI escape injection and
+    # control-character log poisoning. sanitize_notification_message() strips
+    # everything except alphanumeric, spaces, and safe punctuation.
+    local safe_message
+    safe_message=$(sanitize_notification_message "$message")
+
+    # Log to notifications file
+    echo "[$timestamp] $safe_message" >> "$NOTIFY_FILE"
+
+    # Log to main log
+    echo "[$timestamp] NOTIFY: $safe_message" >> "$LOG_FILE"
+
+    # Terminal bell (works in most terminals)
+    printf '\a'
+
+    # System toast notification for urgent messages
+    if [[ "$urgency" == "urgent" ]]; then
+        send_system_notification "$safe_message"
+    fi
+}
+
+# Send system-level notification (platform-specific)
+send_system_notification() {
+    local message="$1"
+    local title="Vibe Forge"
+
+    # SECURITY: Sanitize message to prevent command injection
+    message=$(sanitize_notification_message "$message")
+
+    case "$(uname -s)" in
+        MINGW*|MSYS*|CYGWIN*)
+            # Windows: Use PowerShell toast notification
+            # SECURITY: Message is sanitized above, title is hardcoded
+            powershell.exe -NoProfile -Command "
+                \$null = [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]
+                \$template = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent([Windows.UI.Notifications.ToastTemplateType]::ToastText02)
+                \$textNodes = \$template.GetElementsByTagName('text')
+                \$textNodes.Item(0).AppendChild(\$template.CreateTextNode('$title')) | Out-Null
+                \$textNodes.Item(1).AppendChild(\$template.CreateTextNode('$message')) | Out-Null
+                \$toast = [Windows.UI.Notifications.ToastNotification]::new(\$template)
+                [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier('Vibe Forge').Show(\$toast)
+            " 2>/dev/null &
+            ;;
+        Darwin)
+            # macOS: Use osascript
+            # SECURITY: Message is sanitized above
+            osascript -e "display notification \"$message\" with title \"$title\"" 2>/dev/null &
+            ;;
+        Linux)
+            # Linux: Use notify-send if available
+            # SECURITY: notify-send handles escaping, but message is sanitized anyway
+            if command -v notify-send &>/dev/null; then
+                notify-send "$title" "$message" 2>/dev/null &
+            fi
+            ;;
+    esac
+}
+
+check_new_pending_tasks() {
+    # Create notified file if it doesn't exist
+    touch "$NOTIFIED_FILE"
+
+    # Check for new pending tasks
+    for task in "$FORGE_ROOT/$TASKS_PENDING"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+
+            # Check if we've already notified about this task
+            if ! grep -qF "$filename" "$NOTIFIED_FILE" 2>/dev/null; then
+                # Extract task info from frontmatter safely
+                local task_id task_title assigned_to
+
+                task_id=$(_notif_fm_field "$task" "id")
+                task_title=$(_notif_fm_field "$task" "title")
+                assigned_to=$(_notif_fm_field "$task" "assigned_to")
+
+                # Use filename as fallback
+                task_id="${task_id:-$filename}"
+                task_title="${task_title:-New task}"
+
+                # Notify
+                if [[ -n "$assigned_to" ]]; then
+                    notify "New task for $assigned_to: $task_title ($task_id)"
+                else
+                    notify "New pending task: $task_title ($task_id)"
+                fi
+
+                # Mark as notified (atomic append)
+                echo "$filename" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+
+    # Also check needs-changes for tasks that need rework
+    for task in "$FORGE_ROOT/$TASKS_NEEDS_CHANGES"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename
+            filename=$(basename "$task")
+            local notified_key="needs-changes:$filename"
+
+            if ! grep -qF "$notified_key" "$NOTIFIED_FILE" 2>/dev/null; then
+                local task_id assigned_to
+                task_id=$(_notif_fm_field "$task" "id")
+                assigned_to=$(_notif_fm_field "$task" "assigned_to")
+
+                task_id="${task_id:-$filename}"
+
+                if [[ -n "$assigned_to" ]]; then
+                    notify "Task needs changes ($assigned_to): $task_id"
+                else
+                    notify "Task needs changes: $task_id"
+                fi
+
+                echo "$notified_key" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+}
+
+check_attention_needed() {
+    # Check for workers needing attention (urgent notifications)
+    if [[ ! -d "$FORGE_ROOT/$TASKS_ATTENTION" ]]; then
+        return 0
+    fi
+
+    for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+        if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+            local filename
+            filename=$(basename "$attention_file")
+            local notified_key="attention:$filename"
+
+            if ! grep -qF "$notified_key" "$NOTIFIED_FILE" 2>/dev/null; then
+                # Extract attention info
+                local agent issue
+                agent=$(_notif_fm_field "$attention_file" "agent")
+                issue=$(node "$FRONTMATTER_JS" --section "$attention_file" "Issue" 2>/dev/null)
+                [[ -z "$issue" ]] && issue=$(grep -m1 "^##" "$attention_file" 2>/dev/null | sed 's/^## *//' | head -c 200)
+
+                agent="${agent:-Unknown}"
+                issue="${issue:-Needs attention}"
+
+                # Ring bell multiple times for attention
+                printf '\a\a\a'
+
+                # Send urgent notification with toast
+                notify "🔔 $agent needs help: $issue" "urgent"
+
+                echo "$notified_key" >> "$NOTIFIED_FILE"
+            fi
+        fi
+    done
+}
+
+# check_heimdall_escalations INBOX_DIR
+# Scans the lab worker inbox for .escalation signal files written by Heimdall
+# when a worker accumulates too many policy violations (Gjallarhorn sounded).
+# Writes an escalation handoff for lab sentinel to route to human review.
+check_heimdall_escalations() {
+    local inbox_dir="$1"
+
+    [[ -d "$inbox_dir" ]] || return 0
+
+    # shopt -s globstar needed for **; fall back to find for compatibility
+    local escalation_files
+    mapfile -t escalation_files < <(find "$inbox_dir" -name "*.escalation" -type f 2>/dev/null)
+
+    for escalation_file in "${escalation_files[@]}"; do
+        [[ -f "$escalation_file" ]] || continue
+
+        local story_id agent_dir agent handoff_dir
+        story_id=$(basename "$escalation_file" .escalation)
+        agent_dir=$(dirname "$escalation_file")
+        agent=$(basename "$agent_dir")
+
+        # Read escalation JSON for violation details
+        local violations last_reason
+        # SECURITY: Pass file path as argv, not string interpolation, to prevent
+        # code injection via crafted filenames (RT-20260405-001 HIGH-1)
+        violations=$(node -e "try{const d=JSON.parse(require('fs').readFileSync(process.argv[1],'utf8'));console.log(d.violations||'?')}catch(e){console.log('?')}" -- "$escalation_file" 2>/dev/null)
+        last_reason=$(node -e "try{const d=JSON.parse(require('fs').readFileSync(process.argv[1],'utf8'));console.log(d.last_reason||'')}catch(e){console.log('')}" -- "$escalation_file" 2>/dev/null)
+
+        echo "[$(date -Iseconds)] HEIMDALL SOUNDED: $agent/$story_id ($violations violations) -- writing escalation handoff" >> "$LOG_FILE"
+
+        # Write escalation handoff for lab sentinel
+        # Lab sentinel routes escalations to human review on next cycle
+        local handoff_dir="$FORGE_ROOT/_vibe-chain-output/handoffs"
+        if [[ -d "$handoff_dir" ]]; then
+            local handoff_file="$handoff_dir/${story_id}-worker-escalation.md"
+            cat > "$handoff_file" << HANDOFF
+---
+type: worker-escalation
+story: "$story_id"
+from: forge-daemon
+to: human
+created: $(date -Iseconds)
+status: pending
+agent: "$agent"
+violations: $violations
+---
+
+## Heimdall Escalation
+
+Worker \`$agent\` accumulated $violations policy violations on story \`$story_id\`.
+The worker has been halted for this story. Human review required before resubmitting.
+
+## Last Violation
+
+$last_reason
+
+## Audit Log
+
+Full violation history: \`_vibe-chain-output/heimdall-audit.log\`
+
+## Action Required
+
+Review the audit log and decide:
+- Fix the story spec and resubmit
+- Manually complete the work
+- Cancel the story
+HANDOFF
+            echo "[$(date -Iseconds)] Escalation handoff written: $handoff_file" >> "$LOG_FILE"
+        fi
+
+        # Mark escalation as processed so it is not re-processed next cycle
+        mv "$escalation_file" "${escalation_file}.processed" 2>/dev/null || true
+    done
+}

package/bin/lib/daemon/routing.sh

@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/routing.sh
+#
+# Task routing functions - moves tasks between state folders
+#
+# Dependencies: constants.sh, util.sh (log_*), database.sh (db_record_status_history)
+# Globals required: FORGE_ROOT, LOG_FILE, FORGE_DB,
+#                   TASKS_COMPLETED, TASKS_REVIEW, TASKS_APPROVED, TASKS_MERGED
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_ROUTING_LOADED:-}" ]] && return 0
+_DAEMON_ROUTING_LOADED=1
+
+# Safe file move with symlink protection
+safe_move_task() {
+    local src="$1"
+    local dest_dir="$2"
+
+    # SECURITY: Skip symlinks to prevent symlink attacks
+    if [[ -L "$src" ]]; then
+        echo "[$(date -Iseconds)] WARNING: Skipping symlink: $src" >> "$LOG_FILE"
+        return 1
+    fi
+
+    # SECURITY: Verify source is a regular file
+    if [[ ! -f "$src" ]]; then
+        return 1
+    fi
+
+    # SECURITY: Verify destination is within FORGE_ROOT
+    local real_dest
+    real_dest=$(cd "$dest_dir" 2>/dev/null && pwd)
+    local forge_root_real
+    forge_root_real=$(cd "$FORGE_ROOT" 2>/dev/null && pwd)
+
+    if [[ "$real_dest" != "$forge_root_real"/* ]]; then
+        echo "[$(date -Iseconds)] ERROR: Destination outside FORGE_ROOT: $dest_dir" >> "$LOG_FILE"
+        return 1
+    fi
+
+    local filename
+    filename=$(basename "$src")
+
+    # SECURITY: TOCTOU note - there is a theoretical race between the symlink
+    # check above and this mv. A local attacker with precise timing could swap
+    # the file for a symlink in that window. This risk is accepted because:
+    #   1. Exploiting it requires local filesystem write access (already privileged)
+    #   2. The destination boundary check above limits the blast radius
+    #   3. A fully atomic check+move in bash would require platform-specific tools
+    # Mitigation: the destination is always within FORGE_ROOT (verified above).
+    mv "$src" "$dest_dir/$filename"
+}
+
+route_completed_to_review() {
+    # Move completed tasks to review queue — but ONLY if they have
+    # ready_for_review: true in frontmatter. Tasks that were moved
+    # to completed/ manually (e.g., already reviewed, historical)
+    # should not be re-routed.
+    for task in "$FORGE_ROOT/$TASKS_COMPLETED"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            # Only route tasks explicitly marked for review
+            local ready_for_review
+            ready_for_review=$(grep -m1 "^ready_for_review:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d " \"'" | head -c 10)
+            [[ "$ready_for_review" == "true" ]] || continue
+
+            local filename task_id assigned_to
+            filename=$(basename "$task")
+            task_id=$(grep -m1 "^id:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d " \"'" | head -c 50)
+            assigned_to=$(grep -m1 "^assigned_to:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d " \"'" | head -c 50)
+            echo "[$(date -Iseconds)] Routing $filename to review" >> "$LOG_FILE"
+            if safe_move_task "$task" "$FORGE_ROOT/$TASKS_REVIEW"; then
+                db_record_status_history "${assigned_to:-unknown}" "review" "${task_id:-$filename}" 2>/dev/null || true
+            fi
+        fi
+    done
+}
+
+route_approved_to_merged() {
+    # Move approved tasks to merged archive
+    for task in "$FORGE_ROOT/$TASKS_APPROVED"/*.md; do
+        if [[ -f "$task" && ! -L "$task" ]]; then
+            local filename task_id assigned_to
+            filename=$(basename "$task")
+            task_id=$(grep -m1 "^id:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d " \"'" | head -c 50)
+            assigned_to=$(grep -m1 "^assigned_to:" "$task" 2>/dev/null | cut -d':' -f2 | tr -d " \"'" | head -c 50)
+            echo "[$(date -Iseconds)] Archiving $filename to merged" >> "$LOG_FILE"
+            if safe_move_task "$task" "$FORGE_ROOT/$TASKS_MERGED"; then
+                db_record_status_history "${assigned_to:-unknown}" "merged" "${task_id:-$filename}" 2>/dev/null || true
+            fi
+        fi
+    done
+}

package/bin/lib/daemon/state.sh

@@ -0,0 +1,163 @@
+#!/usr/bin/env bash
+#
+# bin/lib/daemon/state.sh
+#
+# Daemon state management - forge-state.yaml updates, attention tracking,
+# adaptive polling
+#
+# Dependencies: database.sh, constants.sh
+# Requires: sync.sh (for build_worker_status)
+# Globals required: FORGE_ROOT, STATE_FILE, AGENT_STATUS_DIR,
+#                   TASKS_PENDING, TASKS_IN_PROGRESS, TASKS_COMPLETED,
+#                   TASKS_REVIEW, TASKS_APPROVED, TASKS_NEEDS_CHANGES,
+#                   TASKS_MERGED, TASKS_ATTENTION
+
+# Prevent double-sourcing
+[[ -n "${_DAEMON_STATE_LOADED:-}" ]] && return 0
+_DAEMON_STATE_LOADED=1
+
+# Node.js frontmatter helper (RT-20260405-001 MEDIUM-5: replaces grep/cut YAML parsing)
+FRONTMATTER_JS="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/frontmatter.js"
+
+# Parse a single frontmatter field from a markdown file.
+# Usage: fm_field <file> <field>
+fm_field() {
+    node "$FRONTMATTER_JS" "$1" "$2" 2>/dev/null | sed -n "s/^${2}=//p"
+}
+
+# Parse a markdown section's first content line.
+# Usage: fm_section <file> <heading>
+fm_section() {
+    node "$FRONTMATTER_JS" --section "$1" "$2" 2>/dev/null
+}
+
+update_state() {
+    # Count tasks in each folder (using find with -maxdepth for safety)
+    local pending in_progress completed review approved needs_changes merged attention
+    pending=$(find "$FORGE_ROOT/$TASKS_PENDING" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    in_progress=$(find "$FORGE_ROOT/$TASKS_IN_PROGRESS" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    completed=$(find "$FORGE_ROOT/$TASKS_COMPLETED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    review=$(find "$FORGE_ROOT/$TASKS_REVIEW" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    approved=$(find "$FORGE_ROOT/$TASKS_APPROVED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    needs_changes=$(find "$FORGE_ROOT/$TASKS_NEEDS_CHANGES" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    merged=$(find "$FORGE_ROOT/$TASKS_MERGED" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+    attention=$(find "$FORGE_ROOT/$TASKS_ATTENTION" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+
+    local blocked=${BLOCKED_TASK_COUNT:-0}
+
+    # Build active task details for in-progress tasks
+    local active_tasks_details=""
+    if [[ "$in_progress" -gt 0 ]]; then
+        active_tasks_details=$(build_active_tasks)
+    fi
+
+    # Build attention details if any workers need help
+    local attention_details=""
+    if [[ "$attention" -gt 0 ]]; then
+        attention_details=$(build_attention_details)
+    fi
+
+    # Build blocked task details (T2-H2)
+    local blocked_details=""
+    if [[ "$blocked" -gt 0 ]]; then
+        blocked_details=$(build_blocked_tasks)
+    fi
+
+    # Build worker status from agent-status files
+    local worker_status=""
+    if [[ -d "$FORGE_ROOT/$AGENT_STATUS_DIR" ]]; then
+        worker_status=$(build_worker_status)
+    fi
+
+    # Write state file atomically (write to temp, then move)
+    local temp_state="${STATE_FILE}.tmp.$$"
+    cat > "$temp_state" << EOF
+# Vibe Forge State
+# Auto-updated by forge-daemon
+# Last updated: $(date -Iseconds)
+
+forge:
+  status: active
+  daemon_pid: $$
+
+tasks:
+  pending: $pending
+  in_progress: $in_progress
+  completed: $completed
+  in_review: $review
+  approved: $approved
+  needs_changes: $needs_changes
+  merged: $merged
+  blocked: $blocked
+  attention_needed: $attention
+
+$active_tasks_details
+$attention_details
+$blocked_details
+$worker_status
+last_updated: $(date -Iseconds)
+EOF
+    mv "$temp_state" "$STATE_FILE"
+}
+
+build_attention_details() {
+    echo "attention:"
+    for attention_file in "$FORGE_ROOT/$TASKS_ATTENTION"/*.md; do
+        if [[ -f "$attention_file" && ! -L "$attention_file" ]]; then
+            local agent created issue
+            agent=$(fm_field "$attention_file" "agent")
+            created=$(fm_field "$attention_file" "created")
+            issue=$(fm_section "$attention_file" "Issue")
+            issue="${issue:-Needs attention}"
+
+            printf '  - agent: %s\n' "$agent"
+            printf '    since: %s\n' "$created"
+            printf '    issue: "%s"\n' "$issue"
+        fi
+    done
+}
+
+build_active_tasks() {
+    echo "active_tasks:"
+    for task_file in "$FORGE_ROOT/$TASKS_IN_PROGRESS"/*.md; do
+        if [[ -f "$task_file" && ! -L "$task_file" ]]; then
+            local task_id title assigned_to
+            task_id=$(fm_field "$task_file" "id")
+            title=$(fm_field "$task_file" "title")
+            assigned_to=$(fm_field "$task_file" "assigned_to")
+
+            task_id="${task_id:-$(basename "$task_file" .md)}"
+            title="${title:-Untitled}"
+            assigned_to="${assigned_to:-unassigned}"
+
+            printf '  - id: %s\n' "$task_id"
+            printf '    title: "%s"\n' "$title"
+            printf '    assigned_to: %s\n' "$assigned_to"
+        fi
+    done
+}
+
+# Determine daemon state based on activity (for adaptive polling)
+determine_daemon_state() {
+    # Check if there are in-progress tasks
+    local in_progress_count
+    in_progress_count=$(find "$FORGE_ROOT/$TASKS_IN_PROGRESS" -maxdepth 1 -name "*.md" -type f 2>/dev/null | wc -l)
+
+    # Check if there are active workers
+    local active_workers
+    active_workers=$(db_count_active_workers 2>/dev/null || echo "0")
+
+    if [[ "$in_progress_count" -gt 0 ]] || [[ "$active_workers" -gt 0 ]]; then
+        echo "active"
+    else
+        echo "idle"
+    fi
+}
+
+# Get current poll interval in seconds (from DB, with fallback)
+get_poll_interval() {
+    local interval_ms
+    interval_ms=$(db_get_poll_interval_ms 2>/dev/null || echo "30000")
+    # Convert ms to seconds (bash integer division)
+    echo $((interval_ms / 1000))
+}