openclacky 0.8.1 → 0.8.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 570945e2d68d70788a86ecdbd7a21ed30dfcb34d975b8808218e657826108252
-  data.tar.gz: 99feeab9141a907658b65eefe3df5cbff69334ab3143db54b72a3d46128b27cd
+  metadata.gz: 473dceae1c35bc7eeb4095df2f35ea1403f6013168a3daf3318a709df4ce40ec
+  data.tar.gz: 9b7b97d917e13bf43ffff8fe50fda4f1eade74cd530e45959af46d9dbd313043
 SHA512:
-  metadata.gz: d2cb4c26ec397a9ee146562bcf9490ea1021937fc0a150e355d1880d2b2f9a0fc11a24e0694e5d611ccdbcda1d472c94acc67c5beeb869a141937ce12ec89bee
-  data.tar.gz: a495aca929f8cee417fb5ae033068faee73f87fd879f715d20ed05216ba6657968a02354b147c7076d054cf6ba5c970ddb0e98cdffc89adfaaedd6ee308d9cd0
+  metadata.gz: 6717eccea955e82d4dfa4381cb99707785d6ac36c3875ac622d51e854007d2997b16155af3e48d2b644aae3635d3989152a03e6f069bf525d8a8630049b6dfb0
+  data.tar.gz: 58cd3940c885363ae315e0430a318bb181713cdd0e5d1d4f7308343ce357f44075fd06cb8c4882f75824f857211c85c231b3d8b0cb2babe71ef6c76b5f21371c

data/.clacky/skills/gem-release/SKILL.md

@@ -126,7 +126,7 @@ To use this skill, simply say:
    ```
 
 3. **Analyze and Categorize Commits**
-   - Review each commit message and its changes
+   - Review each commit message AND its diff (`git show <hash> --stat`) to understand the actual change
    - Categorize into:
      - **Major Features**: User-visible functionality additions
      - **Improvements**: Performance, UX, architecture enhancements
@@ -134,6 +134,22 @@ To use this skill, simply say:
      - **Changes**: Breaking changes or significant refactoring
      - **Minor Details**: Small fixes, style changes, trivial updates
 
+   **⚠️ Critical: Do NOT over-merge commits on the same topic**
+
+   It is tempting to group multiple commits under one bullet because they share a theme (e.g., "all about memory"). Resist this — each commit with **independent user-facing value** deserves its own bullet.
+
+   Ask for every commit: *"Does this enable something the user couldn't do before, separate from other commits on this topic?"*
+   - YES → write a separate CHANGELOG bullet
+   - NO (pure refactor, stability fix, threshold tweak) → merge into a related bullet or put in "More"
+
+   **Example of the mistake to avoid:**
+   - `feat: add long-term memory update system` and `feat: skill template context and recall-memory meta injection` are both "about memory", but they describe distinct capabilities:
+     - First: agent writes memories after sessions
+     - Second: skills receive a pre-built index so agent can selectively load only relevant memories
+   - These must be two separate bullets, not one.
+
+   **Sanity check after writing:** Count your `### Added` bullets vs the number of `feat:` commits. If `feat` commits > bullets, you likely merged too aggressively — revisit.
+
 4. **Write CHANGELOG Entries**
 
    **Format for Significant Items:**

data/CHANGELOG.md

@@ -7,6 +7,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.8.3] - 2026-03-09
+
+### Added
+- **Slash command skill injection**: skill content is now injected as an assistant message for all `/skill-name` commands, giving the agent full context of the skill instructions at invocation time
+- **Collapsible `<think>` blocks** in web UI: model reasoning enclosed in `<think>…</think>` tags is rendered as a collapsible "Thinking…" section instead of raw text
+
+### Improved
+- **Web UI settings panel**: refined layout and styles for the settings modal
+- **Session state restored on page refresh**: "Thinking…" progress indicator and error messages are now restored from session status after a page reload instead of disappearing
+
+### Fixed
+- **AgentConfig shallow-copy bug**: switching models in Settings no longer pollutes existing sessions — `deep_copy` (JSON round-trip) is now used everywhere instead of `dup` to prevent shared `@models` hash mutation across sessions
+
+## [0.8.2] - 2026-03-09
+
+### Added
+- **Skill count limits**: two-layer guard to keep context tokens bounded — at most 50 skills loaded from disk (`MAX_SKILLS`) and at most 30 injected into the system prompt (`MAX_CONTEXT_SKILLS`); excess skills are skipped and a warning is written to the file logger
+
+### Improved
+- Skill `agent` field is now self-declared in each `SKILL.md` instead of being listed in `profile.yml` — makes skill-to-profile assignment portable and removes the need to edit profile config when adding skills
+- Slash command autocomplete in the web UI now filters by the active session's agent profile, so only relevant skills appear
+
+### Fixed
+- CLI startup crash: `ui: nil` keyword argument now correctly passed to `Agent.new`
+
 ## [0.8.1] - 2026-03-09
 
 ### Added
@@ -14,14 +39,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Skill autocomplete dropdown** in the web UI: type `/` in the chat input to see a filtered list of available skills
 - **File-based logger** (`Clacky::Logger`): thread-safe structured logging to `~/.clacky/logs/` for debugging agent sessions
 - **Session persistence on startup**: server now restores the most recent session for the working directory automatically on boot
-- **Long-term memory update system**: agent automatically updates `~/.clacky/memories/` after sessions using a whitelist-driven approach
+- **Long-term memory update system**: agent automatically updates `~/.clacky/memories/` after sessions using a whitelist-driven approach; memories persist across restarts and are injected into agent context on startup
+- **recall-memory skill with smart meta injection**: the `recall-memory` skill now receives a pre-built index of all memory files (topic, description, last updated) so the agent can selectively load only relevant memories without reading every file
 - **Compressed message archiving**: older messages are compressed and archived to chunk Markdown files to keep context window manageable
 - **Network pre-flight check**: connection is verified before agent starts; helpful VPN/proxy suggestions shown on failure
 - **Encrypted brand skills**: white-label brand skills can now be shipped as encrypted `.enc` files for privacy
 
 ### Improved
-- Memory update logic tightened with a whitelist approach — only writes memory when explicit criteria are met, reducing noise
-- Memory update threshold raised and prompt made dynamic for more reliable triggering
+- Memory update logic tightened: whitelist-driven approach, raised trigger threshold, and dynamic prompt — reduces false writes and improves reliability
 - Slash commands in onboarding (`/create-task`, `/skill-add`) now use the pending-message pattern so they work correctly before WS connects
 - Sidebar shows "No sessions yet" placeholder during onboarding
 - Session delete is now optimistic — UI updates immediately without waiting for WS broadcast, and 404 ghost sessions are cleaned up automatically

data/lib/clacky/agent/session_serializer.rb

@@ -52,6 +52,11 @@ module Clacky
             })
           end
         end
+
+        # Rebuild and refresh the system prompt so any newly installed skills
+        # (or other configuration changes since the session was saved) are
+        # reflected immediately — without requiring the user to create a new session.
+        refresh_system_prompt
       end
 
       # Generate session data for saving
@@ -174,6 +179,10 @@ module Clacky
           ui.show_user_message(display_text, created_at: msg[:created_at])
 
           round[:events].each do |ev|
+            # Skip system-injected messages (e.g. synthetic skill content, memory prompts)
+            # — they are internal scaffolding and must not be shown to the user.
+            next if ev[:system_injected]
+
             case ev[:role].to_s
             when "assistant"
               # Text content
@@ -210,6 +219,28 @@ module Clacky
 
       private
 
+      # Replace the system message in @messages with a freshly built system prompt.
+      # Called after restore_session so newly installed skills and any other
+      # configuration changes since the session was saved take effect immediately.
+      # If no system message exists yet (shouldn't happen in practice), a new one
+      # is prepended so the conversation stays well-formed.
+      def refresh_system_prompt
+        # Reload skills from disk to pick up anything installed since the session was saved
+        @skill_loader.load_all
+
+        fresh_prompt = build_system_prompt
+        system_index = @messages.index { |m| m[:role] == "system" }
+
+        if system_index
+          @messages[system_index] = { role: "system", content: fresh_prompt }
+        else
+          @messages.unshift({ role: "system", content: fresh_prompt })
+        end
+      rescue StandardError => e
+        # Log and continue — a stale system prompt is better than a broken restore
+        Clacky::Logger.warn("refresh_system_prompt failed during session restore: #{e.message}")
+      end
+
       # Extract text from message content (handles string and array formats)
       # @param content [String, Array, Object] Message content
       # @return [String] Extracted text

data/lib/clacky/agent/skill_manager.rb

@@ -31,8 +31,8 @@ module Clacky
           # Check if user can invoke this skill
           return nil unless skill.user_invocable?
 
-          # Check if this skill is allowed by the current agent profile
-          return nil if @agent_profile && !@agent_profile.skill_allowed?(skill.identifier)
+          # Check if this skill is allowed for the current agent profile
+          return nil if @agent_profile && !skill.allowed_for_agent?(@agent_profile.name)
 
           { skill: skill, arguments: arguments }
         else
@@ -64,6 +64,10 @@ module Clacky
         expanded_content
       end
 
+      # Maximum number of skills injected into the system prompt.
+      # Keeps context tokens bounded regardless of how many skills are installed.
+      MAX_CONTEXT_SKILLS = 30
+
       # Generate skill context - loads all auto-invocable skills allowed by the agent profile
       # @return [String] Skill context to add to system prompt
       def build_skill_context
@@ -72,6 +76,17 @@ module Clacky
         all_skills = filter_skills_by_profile(all_skills)
         auto_invocable = all_skills.select(&:model_invocation_allowed?)
 
+        # Enforce system prompt injection limit to control token usage
+        if auto_invocable.size > MAX_CONTEXT_SKILLS
+          dropped = auto_invocable.size - MAX_CONTEXT_SKILLS
+          Clacky::Logger.warn(
+            "Skill context limit: #{auto_invocable.size} auto-invocable skills found, " \
+            "only injecting first #{MAX_CONTEXT_SKILLS} (#{dropped} dropped). " \
+            "Remove unused skills to restore full visibility."
+          )
+          auto_invocable = auto_invocable.first(MAX_CONTEXT_SKILLS)
+        end
+
         return "" if auto_invocable.empty?
 
         plain_skills = auto_invocable.reject(&:encrypted?)
@@ -82,7 +97,7 @@ module Clacky
         context += "=" * 80 + "\n\n"
         context += "CRITICAL SKILL USAGE RULES:\n"
         context += "- When user's request matches a skill description, you MUST use invoke_skill tool — invoke only the single BEST matching skill, do NOT call multiple skills for the same request\n"
-        context += "- Example: invoke_skill(skill_name: 'code-explorer', task: 'Analyze project structure')\n"
+        context += "- Example: invoke_skill(skill_name: 'xxx', task: 'xxx')\n"
         context += "- SLASH COMMAND (HIGHEST PRIORITY): If user input starts with /skill_name, you MUST invoke_skill immediately as the first action with no exceptions.\n"
         context += "\n"
         context += "Available skills:\n\n"
@@ -113,16 +128,59 @@ module Clacky
         context
       end
 
+      # Inject a synthetic assistant message containing the skill content for slash
+      # commands (e.g. /pptx, /onboard).
+      #
+      # When a user types "/skill-name [arguments]", we immediately expand the skill
+      # content and inject it as an assistant message so the LLM receives the full
+      # instructions and acts on them — no waiting for the LLM to discover and call
+      # invoke_skill on its own.
+      #
+      # Message structure after injection:
+      #   user:      "/pptx write a deck about X"
+      #   assistant: "[full skill content]"   <- injected here
+      #   (LLM continues from here)
+      #
+      # Fires when:
+      #   1. Input starts with "/"
+      #   2. The named skill exists and is user-invocable
+      #
+      # @param user_input [String] Raw user input
+      # @param task_id [Integer] Current task ID (for message tagging)
+      # @return [void]
+      def inject_skill_command_as_assistant_message(user_input, task_id)
+        parsed = parse_skill_command(user_input)
+        return unless parsed
+
+        skill = parsed[:skill]
+        arguments = parsed[:arguments]
+
+        # Expand skill content (substitutes $ARGUMENTS if present)
+        expanded_content = skill.process_content(arguments, template_context: build_template_context)
+
+        # Inject as a synthetic assistant message so the LLM treats it as already read
+        @messages << {
+          role: "assistant",
+          content: expanded_content,
+          task_id: task_id,
+          system_injected: true
+        }
+
+        @ui&.log("Injected skill content for /#{skill.identifier}", level: :info)
+      end
+
       private
 
-      # Filter skills by the agent profile's skill whitelist.
-      # If no profile is set, all skills are allowed (backward-compatible).
+      # Filter skills by the agent profile name using the skill's own `agent:` field.
+      # Each skill declares which agents it supports via its frontmatter `agent:` field.
+      # If the skill has no `agent:` field (defaults to "all"), it is allowed everywhere.
+      # If no agent profile is set, all skills are allowed (backward-compatible).
       # @param skills [Array<Skill>]
       # @return [Array<Skill>]
       def filter_skills_by_profile(skills)
         return skills unless @agent_profile
 
-        skills.select { |skill| @agent_profile.skill_allowed?(skill.identifier) }
+        skills.select { |skill| skill.allowed_for_agent?(@agent_profile.name) }
       end
 
       # Build template context for skill content expansion.

data/lib/clacky/agent.rb

@@ -35,7 +35,7 @@ module Clacky
     attr_reader :session_id, :messages, :iterations, :total_cost, :working_dir, :created_at, :total_tasks, :todos,
                 :cache_stats, :cost_source, :ui, :skill_loader, :agent_profile
 
-    def initialize(client, config = {}, working_dir: nil, ui: nil, profile: "coding")
+    def initialize(client, config , working_dir: , ui: , profile: )
       @client = client  # Client for current model
       @config = config.is_a?(AgentConfig) ? config : AgentConfig.new(config)
       @agent_profile = AgentProfile.load(profile)
@@ -90,8 +90,9 @@ module Clacky
     end
 
     # Restore from a saved session
-    def self.from_session(client, config, session_data, ui: nil, profile: "coding")
-      agent = new(client, config, ui: ui, profile: profile)
+    def self.from_session(client, config, session_data, ui: nil, profile:)
+      working_dir = session_data[:working_dir] || session_data["working_dir"] || Dir.pwd
+      agent = new(client, config, working_dir: working_dir, ui: ui, profile: profile)
       agent.restore_session(session_data)
       agent
     end
@@ -143,7 +144,7 @@ module Clacky
     def run(user_input, images: [])
       # Start new task for Time Machine
       task_id = start_new_task
-      
+
       @start_time = Time.now
       @task_cost_source = :estimated  # Reset for new task
       # Note: Do NOT reset @previous_total_tokens here - it should maintain the value from the last iteration
@@ -176,6 +177,11 @@ module Clacky
       @messages << { role: "user", content: user_content, task_id: task_id, created_at: Time.now.to_f }
       @total_tasks += 1
 
+      # If the user typed a slash command targeting a skill with disable-model-invocation: true,
+      # inject the skill content as a synthetic assistant message so the LLM can act on it.
+      # Skills already in the system prompt (model_invocation_allowed?) are skipped.
+      inject_skill_command_as_assistant_message(user_input, task_id)
+
       @hooks.trigger(:on_start, user_input)
 
       begin
@@ -259,7 +265,7 @@ module Clacky
         end
 
         result = build_result(:success)
-        
+
         # Save snapshots of modified files for Time Machine
         if @modified_files_in_task && !@modified_files_in_task.empty?
           save_modified_files_snapshot(@modified_files_in_task)
@@ -488,16 +494,16 @@ module Clacky
           progress_shown = false
           progress_timer = nil
           output_buffer = nil
-          
+
           if @ui
             progress_message = build_tool_progress_message(call[:name], args)
-            
+
             # For shell commands, create shared output buffer
             if call[:name] == "shell" || call[:name] == "safe_shell"
               output_buffer = { content: "", timestamp: Time.now }
               args[:output_buffer] = output_buffer
             end
-            
+
             progress_timer = Thread.new do
               sleep 2
               @ui.show_progress(progress_message, prefix_newline: false, output_buffer: output_buffer)
@@ -670,7 +676,7 @@ module Clacky
     # @return [Agent] New subagent instance
     def fork_subagent(model: nil, forbidden_tools: [], system_prompt_suffix: nil)
       # Clone config to avoid affecting parent
-      subagent_config = @config.dup
+      subagent_config = @config.deep_copy
 
       # Switch to specified model if provided
       if model
@@ -700,12 +706,13 @@ module Clacky
         anthropic_format: subagent_config.anthropic_format?
       )
 
-      # Create subagent (reuses all tools from parent)
+      # Create subagent (reuses all tools from parent, inherits agent profile from parent)
       subagent = self.class.new(
         subagent_client,
         subagent_config,
         working_dir: @working_dir,
-        ui: @ui
+        ui: @ui,
+        profile: @agent_profile.name
       )
 
       # Deep clone messages to avoid cross-contamination
@@ -829,7 +836,7 @@ module Clacky
     # @param args [Hash] Arguments passed to the tool
     def track_modified_files(tool_name, args)
       @modified_files_in_task ||= []
-      
+
       case tool_name
       when "write", "edit"
         file_path = args[:path]

data/lib/clacky/agent_config.rb

@@ -226,6 +226,16 @@ module Clacky
     end
 
     # Save configuration to file
+    # Deep copy — models array contains mutable Hashes, so a shallow dup would
+    # let the copy share the same Hash objects with the original, causing
+    # Settings changes to silently mutate already-running session configs.
+    # JSON round-trip is the cleanest approach since @models is pure JSON-able data.
+    def deep_copy
+      copy = dup
+      copy.instance_variable_set(:@models, JSON.parse(JSON.generate(@models)))
+      copy
+    end
+
     def save(config_file = CONFIG_FILE)
       config_dir = File.dirname(config_file)
       FileUtils.mkdir_p(config_dir)

data/lib/clacky/agent_profile.rb

@@ -21,13 +21,12 @@ module Clacky
     DEFAULT_AGENTS_DIR = File.expand_path("../default_agents", __FILE__).freeze
     USER_AGENTS_DIR = File.expand_path("~/.clacky/agents").freeze
 
-    attr_reader :name, :description, :skills
+    attr_reader :name, :description
 
     def initialize(name)
       @name = name.to_s
       profile_data = load_profile_yml
       @description = profile_data["description"] || ""
-      @skills = Array(profile_data["skills"])
       @system_prompt_content = load_agent_file("system_prompt.md")
     end
 
@@ -58,11 +57,6 @@ module Clacky
       load_global_file("USER.md")
     end
 
-    # @return [Boolean] whether a given skill name is allowed for this profile
-    def skill_allowed?(skill_name)
-      @skills.include?(skill_name.to_s)
-    end
-
     private def load_profile_yml
       path = find_agent_file("profile.yml")
       raise ArgumentError, "Agent profile '#{@name}' not found. " \

data/lib/clacky/cli.rb

@@ -102,7 +102,7 @@ module Clacky
       end
 
       # Create new agent if no session loaded
-      agent ||= Clacky::Agent.new(client, agent_config, working_dir: working_dir, profile: agent_profile)
+      agent ||= Clacky::Agent.new(client, agent_config, working_dir: working_dir, ui: nil, profile: agent_profile)
 
       # Change to working directory
       original_dir = Dir.pwd
@@ -368,7 +368,7 @@ module Clacky
         say ""
       end
 
-      def load_latest_session(client, agent_config, session_manager, working_dir, profile: "coding")
+      def load_latest_session(client, agent_config, session_manager, working_dir, profile:)
         session_data = session_manager.latest_for_directory(working_dir)
 
         if session_data.nil?
@@ -380,7 +380,7 @@ module Clacky
         Clacky::Agent.from_session(client, agent_config, session_data, profile: profile)
       end
 
-      def load_session_by_number(client, agent_config, session_manager, working_dir, identifier, profile: "coding")
+      def load_session_by_number(client, agent_config, session_manager, working_dir, identifier, profile:)
         # Get a larger list to search through (for ID prefix matching)
         sessions = session_manager.list(current_dir: working_dir, limit: 100)
 
@@ -480,7 +480,7 @@ module Clacky
       #   {"type":"confirmation","id":"conf_1","result":"yes"} — answer to request_confirmation
       #
       # If a bare string line is received it is treated as a message content.
-      def run_agent_with_json(agent, working_dir, agent_config, session_manager, client, profile: "coding")
+      def run_agent_with_json(agent, working_dir, agent_config, session_manager, client, profile:)
         json_ui = Clacky::JsonUIController.new
         agent.instance_variable_set(:@ui, json_ui)
 
@@ -514,7 +514,7 @@ module Clacky
             when "/exit", "/quit"
               break
             when "/clear"
-              agent = Clacky::Agent.new(client, agent_config, working_dir: working_dir, profile: profile)
+              agent = Clacky::Agent.new(client, agent_config, working_dir: working_dir, ui: nil, profile: profile)
               agent.instance_variable_set(:@ui, json_ui)
               json_ui.emit("info", message: "Session cleared. Starting fresh.")
               next

data/lib/clacky/default_agents/coding/profile.yml

@@ -1,12 +1,2 @@
 name: coding
 description: AI coding assistant and technical co-founder
-skills:
-  - code-explorer
-  - commit
-  - deploy
-  - gem-release
-  - new
-  - skill-add
-  - create-task
-  - recall-memory
-  - onboard

data/lib/clacky/default_agents/general/profile.yml

@@ -1,7 +1,2 @@
 name: general
 description: A versatile digital employee living on your computer
-skills:
-  - recall-memory
-  - create-task
-  - skill-add
-  - onboard

data/lib/clacky/default_skills/code-explorer/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: code-explorer
 description: Use this skill when exploring, analyzing, or understanding project/code structure. Required for tasks like "analyze project", "explore codebase", "understand how X works".
+agent: coding
 fork_agent: true
 forbidden_tools:
   - write

data/lib/clacky/default_skills/deploy/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: deploy
 description: Deploy Rails applications to Railway PaaS
+agent: coding
 fork_agent: true
 ---
 

data/lib/clacky/default_skills/new/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: new
 description: Create a new project to start development quickly
+agent: coding
 disable-model-invocation: false
 user-invocable: true
 ---

data/lib/clacky/server/http_server.rb

@@ -105,7 +105,7 @@ module Clacky
           session_registry: @registry,
           session_builder:  method(:build_session)
         )
-        @skill_loader    = Clacky::SkillLoader.new
+        @skill_loader    = Clacky::SkillLoader.new(nil, brand_config: Clacky::BrandConfig.load)
       end
 
       def start
@@ -210,7 +210,10 @@ module Clacky
         when ["GET",    "/api/brand/skills"]      then api_brand_skills(res)
         when ["GET",    "/api/brand"]             then api_brand_info(res)
         else
-          if method == "GET" && path.match?(%r{^/api/sessions/[^/]+/messages$})
+          if method == "GET" && path.match?(%r{^/api/sessions/[^/]+/skills$})
+            session_id = path.sub("/api/sessions/", "").sub("/skills", "")
+            api_session_skills(session_id, res)
+          elsif method == "GET" && path.match?(%r{^/api/sessions/[^/]+/messages$})
             session_id = path.sub("/api/sessions/", "").sub("/messages", "")
             api_session_messages(session_id, req, res)
           elsif method == "DELETE" && path.start_with?("/api/sessions/")
@@ -380,6 +383,9 @@ module Clacky
         result = @brand_test ? brand.activate_mock!(key) : brand.activate!(key)
 
         if result[:success]
+          # Refresh skill_loader with the now-activated brand config so brand
+          # skills are loadable from this point forward (e.g. after sync).
+          @skill_loader = Clacky::SkillLoader.new(nil, brand_config: brand)
           json_response(res, 200, { ok: true, brand_name: result[:brand_name] || brand.brand_name })
         else
           json_response(res, 422, { ok: false, error: result[:message] })
@@ -446,8 +452,9 @@ module Clacky
         result = @brand_test ? brand.install_mock_brand_skill!(skill_info) : brand.install_brand_skill!(skill_info)
 
         if result[:success]
-          # Reload skills so the Agent can pick up the new skill immediately
-          @skill_loader.load_all
+          # Reload skills so the Agent can pick up the new skill immediately.
+          # Re-create the loader with the current brand_config so brand skills are decryptable.
+          @skill_loader = Clacky::SkillLoader.new(nil, brand_config: brand)
           json_response(res, 200, { ok: true, slug: result[:slug], version: result[:version] })
         else
           json_response(res, 422, { ok: false, error: result[:error] })
@@ -655,6 +662,38 @@ module Clacky
         json_response(res, 200, { skills: skills })
       end
 
+      # GET /api/sessions/:id/skills — list user-invocable skills for a session,
+      # filtered by the session's agent profile. Used by the frontend slash-command
+      # autocomplete so only skills valid for the current profile are suggested.
+      def api_session_skills(session_id, res)
+        session = @registry.get(session_id)
+        unless session
+          json_response(res, 404, { error: "Session not found" })
+          return
+        end
+
+        agent = session[:agent]
+        unless agent
+          json_response(res, 404, { error: "Agent not found" })
+          return
+        end
+
+        agent.skill_loader.load_all
+        profile = agent.agent_profile
+
+        skills = agent.skill_loader.user_invocable_skills
+        skills = skills.select { |s| s.allowed_for_agent?(profile.name) } if profile
+
+        skill_data = skills.map do |skill|
+          {
+            name:        skill.identifier,
+            description: skill.description || skill.context_description
+          }
+        end
+
+        json_response(res, 200, { skills: skill_data })
+      end
+
       # PATCH /api/skills/:name/toggle — enable or disable a skill
       # Body: { enabled: true/false }
       def api_toggle_skill(name, req, res)
@@ -1076,13 +1115,11 @@ module Clacky
         session_id = @registry.create(name: name, working_dir: working_dir)
 
         client = @client_factory.call
-        config = @agent_config.dup
+        config = @agent_config.deep_copy
         config.permission_mode = permission_mode
-        agent  = Clacky::Agent.new(client, config, working_dir: working_dir, profile: profile)
-
         broadcaster = method(:broadcast)
         ui = WebUIController.new(session_id, broadcaster)
-        agent.instance_variable_set(:@ui, ui)
+        agent  = Clacky::Agent.new(client, config, working_dir: working_dir, ui: ui, profile: profile)
 
         @registry.with_session(session_id) do |s|
           s[:agent] = agent
@@ -1105,12 +1142,10 @@ module Clacky
                                       session_id: original_id)
 
         client = @client_factory.call
-        config = @agent_config.dup
-        agent  = Clacky::Agent.from_session(client, config, session_data, profile: "general")
-
+        config = @agent_config.deep_copy
         broadcaster = method(:broadcast)
         ui = WebUIController.new(session_id, broadcaster)
-        agent.instance_variable_set(:@ui, ui)
+        agent  = Clacky::Agent.from_session(client, config, session_data, ui: ui, profile: "general")
 
         @registry.with_session(session_id) do |s|
           s[:agent] = agent

data/lib/clacky/skill.rb

@@ -95,6 +95,30 @@ module Clacky
       @auto_summarize != false
     end
 
+    # Get the agent scope for this skill.
+    # Parsed from the `agent:` frontmatter field.
+    # Returns an array of agent names, or ["all"] if not specified.
+    # @return [Array<String>]
+    def agents_scope
+      return ["all"] if @agent_type.nil?
+
+      case @agent_type
+      when "all" then ["all"]
+      when Array then @agent_type.map(&:to_s)
+      else [@agent_type.to_s]
+      end
+    end
+
+    # Check if this skill is allowed for the given agent profile name.
+    # Returns true when the skill's `agent:` field is "all" (default) or
+    # includes the given profile name.
+    # @param profile_name [String] e.g. "coding", "general"
+    # @return [Boolean]
+    def allowed_for_agent?(profile_name)
+      scope = agents_scope
+      scope.include?("all") || scope.include?(profile_name.to_s)
+    end
+
     # Get the slash command for this skill
     # @return [String] e.g., "/explain-code"
     def slash_command

data/lib/clacky/skill_loader.rb

@@ -18,6 +18,11 @@ module Clacky
       :brand               # ~/.clacky/brand_skills/ (encrypted, license-gated)
     ].freeze
 
+    # Maximum number of skills that can be loaded in total.
+    # When exceeded, a warning is recorded in @errors and extra skills are dropped.
+    # This prevents runaway memory usage and excessively long system prompts.
+    MAX_SKILLS = 50
+
     # Initialize the skill loader and automatically load all skills
     # @param working_dir [String] Current working directory for project-level discovery
     # @param brand_config [Clacky::BrandConfig, nil] Optional brand config used to
@@ -334,6 +339,14 @@ module Clacky
         end
       end
 
+      # Enforce skill count limit
+      if @skills.size >= MAX_SKILLS
+        msg = "Skill limit reached (max #{MAX_SKILLS}): skipping brand skill '#{skill.identifier}' from #{skill_dir}"
+        @errors << msg
+        Clacky::Logger.warn(msg)
+        return nil
+      end
+
       @skills[skill.identifier]          = skill
       @skills_by_command[skill.slash_command] = skill
       @loaded_from[skill.identifier]     = :brand
@@ -368,6 +381,14 @@ module Clacky
         end
       end
 
+      # Enforce skill count limit
+      if @skills.size >= MAX_SKILLS
+        msg = "Skill limit reached (max #{MAX_SKILLS}): skipping '#{skill.identifier}' from #{skill_dir}"
+        @errors << msg
+        Clacky::Logger.warn(msg)
+        return nil
+      end
+
       # Register skill
       @skills[skill.identifier] = skill
       @skills_by_command[skill.slash_command] = skill

data/lib/clacky/ui2/components/command_suggestions.rb

@@ -46,7 +46,7 @@ module Clacky
           return unless skill_loader
 
           skills = skill_loader.user_invocable_skills
-          skills = skills.select { |s| agent_profile.skill_allowed?(s.identifier) } if agent_profile
+          skills = skills.select { |s| s.allowed_for_agent?(agent_profile.name) } if agent_profile
 
           @skill_commands = skills.map do |skill|
             {

data/lib/clacky/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clacky
-  VERSION = "0.8.1"
+  VERSION = "0.8.3"
 end

data/lib/clacky/web/app.css

@@ -401,6 +401,7 @@ body {
 #chat-title { font-weight: 600; font-size: 15px; }
 .status-idle    { font-size: 11px; color: #8b949e; }
 .status-running { font-size: 11px; color: #3fb950; }
+.status-error   { font-size: 11px; color: #f85149; }
 
 /* Delete session button in chat header */
 .btn-delete-session {
@@ -500,6 +501,52 @@ body {
 .tool-item-status.err    { color: #f85149; }
 .tool-item-status.running { color: #58a6ff; animation: pulse 1.2s infinite; }
 
+/* ── Thinking block (collapsible <think>...</think> sections) ─────────────── */
+.thinking-block {
+  margin: 0 0 6px 0;
+  background: transparent;
+  overflow: hidden;
+}
+
+.thinking-summary {
+  display: inline-flex;
+  align-items: center;
+  gap: 5px;
+  padding: 0;
+  cursor: pointer;
+  user-select: none;
+  list-style: none;
+  color: #6e7681;
+  font-size: 12px;
+  font-style: italic;
+  transition: color 0.15s;
+}
+.thinking-summary::-webkit-details-marker { display: none; }
+.thinking-summary:hover { color: #8b949e; }
+
+.thinking-icon  { display: none; }
+.thinking-label { font-weight: 400; }
+.thinking-chevron {
+  font-size: 12px;
+  color: inherit;
+  transition: transform 0.2s;
+  line-height: 1;
+  display: inline-block;
+}
+.thinking-block[open] .thinking-chevron { transform: rotate(90deg); }
+
+.thinking-body {
+  margin-top: 2px;
+  margin-bottom: 10px;
+  padding-left: 14px;
+  font-size: 12px;
+  line-height: 1.5;
+  color: #6e7681;
+  white-space: pre-wrap;
+  word-break: break-word;
+  font-style: italic;
+}
+
 /* Inline image thumbnails inside user message bubbles */
 .msg-image-thumb {
   display: block;
@@ -828,6 +875,7 @@ body {
   display: flex;
   flex-direction: column;
   gap: 14px;
+  margin-bottom: 16px;
 }
 .model-card-header {
   display: flex;
@@ -958,6 +1006,27 @@ body {
   font-size: 13px;
   padding: 6px 18px;
 }
+.btn-set-default {
+  font-size: 13px;
+  padding: 6px 14px;
+  background: #238636;
+  color: #fff;
+  border: none;
+  border-radius: 6px;
+  cursor: pointer;
+}
+.btn-set-default:hover {
+  background: #2ea043;
+}
+.btn-set-default:disabled {
+  background: #484f58;
+  cursor: not-allowed;
+}
+.model-card-actions-row {
+  display: flex;
+  gap: 8px;
+  align-items: center;
+}
 
 /* ── Modals ──────────────────────────────────────────────────────────────── */
 .modal-overlay {

data/lib/clacky/web/app.js

@@ -136,6 +136,9 @@ const Router = (() => {
         Sessions.renderList();
         $("user-input").focus();
 
+        // Load session-scoped skill list (filtered by agent profile) for slash autocomplete
+        SkillAC.loadForSession(id);
+
         // Always reload history on every switch (cache is not used)
         Sessions.loadHistory(id);
         break;
@@ -553,9 +556,24 @@ $("user-input").addEventListener("blur", () => {
 
 // ── Skill autocomplete ────────────────────────────────────────────────────
 const SkillAC = (() => {
-  let _visible      = false;
-  let _activeIndex  = -1;
-  let _items        = [];  // filtered [{ name, description }]
+  let _visible        = false;
+  let _activeIndex    = -1;
+  let _items          = [];  // filtered [{ name, description }]
+  let _sessionSkills  = [];  // skills allowed for the active session's profile
+
+  /** Fetch session-specific skill list from the server and cache it.
+   *  Called whenever the active session changes. */
+  async function _loadForSession(sessionId) {
+    if (!sessionId) { _sessionSkills = []; return; }
+    try {
+      const res  = await fetch(`/api/sessions/${sessionId}/skills`);
+      const data = await res.json();
+      _sessionSkills = data.skills || [];
+    } catch (e) {
+      console.error("[SkillAC] loadForSession failed", e);
+      _sessionSkills = [];
+    }
+  }
 
   /** Return the /xxx prefix if the entire input is a slash command, else null. */
   function _getSlashQuery(value) {
@@ -568,7 +586,8 @@ const SkillAC = (() => {
   }
 
   function _render(query) {
-    const all = Skills.all;
+    // Use session-scoped skill list when available; fall back to global Skills list
+    const all = _sessionSkills.length > 0 ? _sessionSkills : Skills.all;
     _items = all.filter(s => s.name.toLowerCase().startsWith(query));
 
     if (_items.length === 0) { _hide(); return; }
@@ -665,6 +684,9 @@ const SkillAC = (() => {
     /** Open dropdown with all skills (triggered by / button). */
     openAll: _openAll,
 
+    /** Reload session-scoped skill list when the active session changes. */
+    loadForSession: _loadForSession,
+
     /** Handle keyboard nav inside the dropdown. Returns true if event was consumed. */
     handleKey(e) {
       if (!_visible) return false;

data/lib/clacky/web/sessions.js

@@ -23,6 +23,59 @@ const Sessions = (() => {
   let   _pendingRunTaskId  = null;  // session_id waiting to send "run_task" after subscribe
   let   _pendingMessage    = null;  // { session_id, content } — slash command to send after subscribe
 
+  // ── Thinking block parser ──────────────────────────────────────────────
+  //
+  // Converts <think>...</think> blocks in assistant messages into collapsible
+  // "Thinking" sections. The block is collapsed by default and can be
+  // expanded by clicking the header.
+
+  function _parseThinkingBlocks(rawHtml) {
+    // rawHtml is already HTML-escaped text (via escapeHtml). We need to detect
+    // the escaped versions of <think> and </think>.
+    const OPEN  = "&lt;think&gt;";
+    const CLOSE = "&lt;/think&gt;";
+
+    // Fast path: no thinking block present
+    if (!rawHtml.includes(OPEN)) return rawHtml;
+
+    let result = "";
+    let rest   = rawHtml;
+
+    while (rest.includes(OPEN)) {
+      const openIdx  = rest.indexOf(OPEN);
+      const closeIdx = rest.indexOf(CLOSE, openIdx + OPEN.length);
+
+      // Prepend any text before the <think> block
+      result += rest.slice(0, openIdx);
+
+      if (closeIdx === -1) {
+        // Unclosed <think> — treat remainder as plain text
+        result += rest.slice(openIdx);
+        rest = "";
+        break;
+      }
+
+      const thinkContent = rest.slice(openIdx + OPEN.length, closeIdx);
+      result += _buildThinkingBlock(thinkContent);
+      // Strip leading newlines after </think> to avoid blank space from pre-wrap
+      rest = rest.slice(closeIdx + CLOSE.length).replace(/^\n+/, "");
+    }
+
+    result += rest;
+    return result;
+  }
+
+  // Build the collapsible thinking block HTML for a given (already-escaped) content string.
+  function _buildThinkingBlock(escapedContent) {
+    return `<details class="thinking-block">` +
+      `<summary class="thinking-summary">` +
+        `<span class="thinking-chevron">›</span>` +
+        `<span class="thinking-label">Thought for a moment</span>` +
+      `</summary>` +
+      `<div class="thinking-body">${escapedContent}</div>` +
+    `</details>`;
+  }
+
   // ── Private helpers ────────────────────────────────────────────────────
 
   function _cacheActiveMessages() {
@@ -151,7 +204,7 @@ const Sessions = (() => {
         if (historyCtx.group) { _collapseToolGroup(historyCtx.group); historyCtx.group = null; }
         const el = document.createElement("div");
         el.className = "msg msg-assistant";
-        el.innerHTML = escapeHtml(ev.content || "");
+        el.innerHTML = _parseThinkingBlocks(escapeHtml(ev.content || ""));
         container.appendChild(el);
         break;
       }
@@ -241,6 +294,21 @@ const Sessions = (() => {
           messages.appendChild(frag);
           messages.scrollTop = messages.scrollHeight;
         }
+
+        // Restore transient UI state based on session status after initial load
+        // (not prepend, which is scroll-up pagination — no need to re-restore then)
+        if (!prepend) {
+          const session = _sessions.find(s => s.id === id);
+          if (session) {
+            if (session.status === "running") {
+              // Agent is still running (e.g. page was refreshed mid-task)
+              Sessions.showProgress("Thinking…");
+            } else if (session.status === "error" && session.error) {
+              // Show the stored error message at the end of history
+              Sessions.appendMsg("error", session.error);
+            }
+          }
+        }
       }
     } finally {
       state.loading = false;
@@ -401,7 +469,13 @@ const Sessions = (() => {
 
     updateStatusBar(status) {
       $("chat-status").textContent = status || "idle";
-      $("chat-status").className   = status === "running" ? "status-running" : "status-idle";
+      if (status === "running") {
+        $("chat-status").className = "status-running";
+      } else if (status === "error") {
+        $("chat-status").className = "status-error";
+      } else {
+        $("chat-status").className = "status-idle";
+      }
       $("btn-interrupt").style.display = status === "running" ? "" : "none";
     },
 
@@ -447,7 +521,8 @@ const Sessions = (() => {
       const messages = $("messages");
       const el = document.createElement("div");
       el.className = `msg msg-${type}`;
-      el.innerHTML = html;
+      // Parse thinking blocks out of assistant messages
+      el.innerHTML = type === "assistant" ? _parseThinkingBlocks(html) : html;
       messages.appendChild(el);
       messages.scrollTop = messages.scrollHeight;
     },

data/lib/clacky/web/settings.js

@@ -107,7 +107,10 @@ const Settings = (() => {
 
       <div class="model-card-footer">
         <span class="model-test-result" data-index="${index}"></span>
-        <button class="btn-save-model btn-primary" data-index="${index}">Save</button>
+        <div class="model-card-actions-row">
+          ${!isDefault ? `<button class="btn-set-default" data-index="${index}" title="Set as default model">Set as Default</button>` : ""}
+          <button class="btn-save-model btn-primary" data-index="${index}">Save</button>
+        </div>
       </div>
     `;
 
@@ -143,6 +146,12 @@ const Settings = (() => {
     if (removeBtn) {
       removeBtn.addEventListener("click", () => _removeModel(index));
     }
+
+    // Set as default model
+    const setDefaultBtn = card.querySelector(".btn-set-default");
+    if (setDefaultBtn) {
+      setDefaultBtn.addEventListener("click", () => _setAsDefault(index));
+    }
   }
 
   // ── Read form values from a card ────────────────────────────────────────────
@@ -233,16 +242,69 @@ const Settings = (() => {
     el.className   = `model-test-result ${ok ? "result-ok" : "result-fail"}`;
   }
 
+  // ── Set as Default Model ───────────────────────────────────────────────────
+
+  async function _setAsDefault(index) {
+    const btn = document.querySelector(`.btn-set-default[data-index="${index}"]`);
+    if (!btn) return;
+
+    btn.disabled    = true;
+    btn.textContent = "Setting…";
+
+    // Set the selected one as "default", others as null (not just delete)
+    // Using null ensures the server explicitly updates/removes the type field
+    const updatedModels = _models.map((m, i) => {
+      const model = { ...m };
+      if (i === index) {
+        model.type = "default";
+      } else {
+        model.type = null;
+      }
+      return model;
+    });
+
+    try {
+      const res = await fetch("/api/config", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ models: updatedModels })
+      });
+      const data = await res.json();
+
+      if (data.ok) {
+        btn.textContent = "Done ✓";
+        // Reload to refresh the UI
+        setTimeout(_load, 800);
+      } else {
+        btn.textContent = "Set as Default";
+        btn.disabled    = false;
+        alert(data.error || "Failed to set default model");
+      }
+    } catch (e) {
+      btn.textContent = "Set as Default";
+      btn.disabled    = false;
+      alert("Error: " + e.message);
+    }
+  }
+
   // ── Add / Remove model ───────────────────────────────────────────────────────
 
   function _addModel() {
+    // When adding a new model, automatically set it as default.
+    // Set all existing models' type to null (not just delete) so server updates them.
+    _models = _models.map(m => {
+      const model = { ...m };
+      model.type = null;
+      return model;
+    });
+
     _models.push({
       index:            _models.length,
       model:            "",
       base_url:         "",
       api_key_masked:   "",
       anthropic_format: false,
-      type:             null
+      type:             "default"  // New model automatically becomes default
     });
     _renderCards();
     // Scroll to the new card

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openclacky
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.8.3
 platform: ruby
 authors:
 - windy