@aion0/forge 0.9.16 → 0.9.19

package/components/MonitorPanel.tsx

@@ -9,6 +9,7 @@ interface MonitorData {
     telegram: { running: boolean; pid: string; startedAt?: string };
     workspace: { running: boolean; pid: string; startedAt?: string };
     browserBridge?: { running: boolean; pid: string; startedAt?: string };
+    memory?: { running: boolean; pid: string; startedAt?: string };
     chat?: {
       running: boolean;
       pid: string;
@@ -60,6 +61,7 @@ export default function MonitorPanel({ onClose }: { onClose: () => void }) {
                   { label: 'Telegram Bot', ...data.processes.telegram },
                   { label: 'Workspace Daemon', ...data.processes.workspace },
                   ...(data.processes.browserBridge ? [{ label: 'Browser Bridge', ...data.processes.browserBridge }] : []),
+                  ...(data.processes.memory ? [{ label: 'Memory Worker', ...data.processes.memory }] : []),
                   { label: 'Tunnel', ...data.processes.tunnel },
                 ].map(p => (
                   <div key={p.label} className="flex items-center gap-2 text-xs">

package/lib/chat/agent-loop.ts

@@ -16,16 +16,17 @@ import { loadSettings } from '../settings';
 import {
   appendMessage,
   getSession,
-  listMessages,
+  listMessagesCapped,
 } from './session-store';
 import {
   dispatchTool,
   BUILTIN_TOOL_DEFS,
   type BuiltinHandler,
 } from './tool-dispatcher';
-import { renderMemoryContext } from './temper';
 import { getMemoryStore } from './memory-store';
+import { buildMemoryContext } from './build-memory-context';
 import { buildMemoryTools } from './memory-tools';
+import { estimateTokens } from '../memory/token-estimate';
 import {
   listInstalledConnectors,
   getConnector,
@@ -41,6 +42,28 @@ import type {
 
 const MAX_ITERATIONS = 6;
 const MAX_TOKENS = 16000;
+// Working-window budgets for the LLM history. Capped by message count
+// AND by token estimate (whichever hits first), see design §8. Older
+// raw is summarized by the memory-standalone Temper Summary sub-task
+// and recalled via buildMemoryContext as compact blocks instead.
+const HISTORY_MSG_BUDGET = 60;
+const HISTORY_TOKEN_BUDGET = 8000;
+
+// After clipping to last N, the first kept message may be a tool_result
+// whose tool_use was cut. Anthropic/OpenAI both reject that, so drop
+// leading tool_result-bearing user messages until the slice starts clean.
+function trimOrphanToolResults(history: Message[]): Message[] {
+  let i = 0;
+  while (i < history.length) {
+    const m = history[i];
+    const hasToolResult = m.role === 'user'
+      && Array.isArray(m.blocks)
+      && m.blocks.some((b) => (b as any).type === 'tool_result');
+    if (!hasToolResult) break;
+    i += 1;
+  }
+  return i === 0 ? history : history.slice(i);
+}
 
 export interface AgentEvent {
   type:
@@ -59,7 +82,7 @@ export type AgentCallbacks = {
   onEvent: (event: AgentEvent) => void;
 };
 
-interface ProviderResolution {
+export interface ProviderResolution {
   name: string;
   type: 'anthropic' | 'openai';
   apiKey: string;
@@ -126,7 +149,7 @@ export function pickApiKey(profile: { apiKey?: string; env?: Record<string, stri
   return env.OPENAI_API_KEY || '';
 }
 
-function resolveProvider(sessionProvider: string | null, sessionModel: string | null): ProviderResolution | { error: string } {
+export function resolveProvider(sessionProvider: string | null, sessionModel: string | null): ProviderResolution | { error: string } {
   const settings = loadSettings();
   const agents = settings.agents || {};
 
@@ -372,18 +395,24 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
   for (const t of memTools) memHandlers[t.def.name] = t.handle;
 
   if (memStore.enabled) {
-    const [bp, ba, sp] = await Promise.allSettled([
+    // Inspector strip (memory_status event) wants the full inventory —
+    // keep its own listBlocks call. The prompt-injection text comes
+    // from buildMemoryContext which excludes internal bookkeeping
+    // (cursor / health) and combines pinned + query-driven retrieval
+    // hits in one pass.
+    const [bp, ba, sp, ctx] = await Promise.allSettled([
       memStore.listBlocks({ pinned: true, scope: 'both' }),
       memStore.listBlocks({ scope: 'both' }),
       memStore.search(args.userText, 8),
+      buildMemoryContext({ store: memStore, currentUserMessage: args.userText }),
     ]);
     const pinnedBlocks = bp.status === 'fulfilled' ? bp.value : [];
     const allBlocks = ba.status === 'fulfilled' ? ba.value : [];
     const searchHits = sp.status === 'fulfilled' ? sp.value : [];
-    const firstErr = [bp, ba, sp].find((r) => r.status === 'rejected') as PromiseRejectedResult | undefined;
+    const firstErr = [bp, ba, sp, ctx].find((r) => r.status === 'rejected') as PromiseRejectedResult | undefined;
     const memError = firstErr ? (firstErr.reason instanceof Error ? firstErr.reason.message : String(firstErr.reason)) : undefined;
 
-    memContext = renderMemoryContext(allBlocks, searchHits);
+    memContext = ctx.status === 'fulfilled' ? ctx.value.text : '';
 
     cb({
       type: 'memory_status',
@@ -470,7 +499,9 @@ export async function runTurn(args: RunTurnArgs): Promise<{ ok: boolean; error?:
     while (iter < MAX_ITERATIONS) {
       iter += 1;
 
-      const history = listMessages(args.sessionId);
+      const history = trimOrphanToolResults(
+        listMessagesCapped(args.sessionId, HISTORY_MSG_BUDGET, HISTORY_TOKEN_BUDGET, estimateTokens),
+      );
 
       assistantBlocksAccum = [];
       let currentTextBuf = '';

package/lib/chat/build-memory-context.ts

@@ -0,0 +1,91 @@
+/**
+ * buildMemoryContext — assemble the memory chunk for the agent-loop
+ * system prompt.
+ *
+ * Wraps store.listBlocks (for pinned + recall) and store.search (for
+ * query-driven retrieval) and post-filters out internal bookkeeping
+ * blocks like the summarizer cursor/health by key prefix. The actual
+ * string rendering reuses renderMemoryContext(blocks, hits) — this
+ * helper is just the assembly + filtering layer so callers don't have
+ * to think about it.
+ *
+ * Why post-filter instead of extending MemoryStore.search/listBlocks
+ * with scope filters: the existing API is flat key/value across both
+ * backends (LocalMemoryStore + Temper) and we want zero changes there.
+ * Forge owns the key naming convention (see lib/memory/keys.ts), so we
+ * own the prefix-exclusion decision client-side.
+ */
+
+import type { MemoryBlock, MemoryStore, SearchHit } from './memory-store';
+import { renderMemoryContext } from './temper';
+import { INTERNAL_KEY_PREFIXES } from '../memory/keys';
+
+export interface BuildMemoryContextOpts {
+  store: MemoryStore;
+  /** Used as `store.search(query)` — typically the latest user message. */
+  currentUserMessage?: string;
+  /** Cap on hits returned from store.search. Default 6. */
+  topK?: number;
+  /** Cap on inlined pinned blocks. Default 50 (renderMemoryContext default). */
+  maxBlocks?: number;
+  /** Prefixes that mark internal-only blocks (cursor / health / etc).
+   *  Defaults to lib/memory/keys.INTERNAL_KEY_PREFIXES. */
+  excludeKeyPrefixes?: readonly string[];
+}
+
+export interface BuildMemoryContextResult {
+  text: string;
+  blocks: MemoryBlock[];
+  hits: SearchHit[];
+}
+
+export async function buildMemoryContext(opts: BuildMemoryContextOpts): Promise<BuildMemoryContextResult> {
+  const {
+    store,
+    currentUserMessage,
+    topK = 6,
+    maxBlocks = 50,
+    excludeKeyPrefixes = INTERNAL_KEY_PREFIXES,
+  } = opts;
+
+  const blocks = filterInternal(
+    await safe(() => store.listBlocks({ pinned: true }), [] as MemoryBlock[]),
+    excludeKeyPrefixes,
+  ).slice(0, maxBlocks);
+
+  const q = (currentUserMessage || '').trim();
+  let hits: SearchHit[] = [];
+  if (q) {
+    const rawHits = await safe(() => store.search(q, topK), [] as SearchHit[]);
+    hits = filterInternalHits(rawHits, excludeKeyPrefixes);
+  }
+
+  return { text: renderMemoryContext(blocks, hits), blocks, hits };
+}
+
+function filterInternal(blocks: MemoryBlock[], prefixes: readonly string[]): MemoryBlock[] {
+  if (prefixes.length === 0) return blocks;
+  return blocks.filter((b) => !prefixes.some((p) => b.key.startsWith(p)));
+}
+
+function filterInternalHits(hits: SearchHit[], prefixes: readonly string[]): SearchHit[] {
+  if (prefixes.length === 0) return hits;
+  // SearchHit.id encodes its source: LocalMemoryStore returns 'block:<key>'
+  // for block-derived hits. Temper returns Graphiti UUIDs — those won't
+  // match prefixes, so they pass through (correct: Temper hits aren't
+  // direct block references).
+  return hits.filter((h) => {
+    if (!h.id?.startsWith('block:')) return true;
+    const key = h.id.slice('block:'.length);
+    return !prefixes.some((p) => key.startsWith(p));
+  });
+}
+
+async function safe<T>(fn: () => Promise<T>, fallback: T): Promise<T> {
+  try {
+    return await fn();
+  } catch (err) {
+    console.warn('[buildMemoryContext]', err instanceof Error ? err.message : err);
+    return fallback;
+  }
+}

package/lib/chat/llm/openai.ts

@@ -77,11 +77,14 @@ export const openaiAdapter: LlmAdapter = {
       };
     }
 
+    // Some providers (litellm/vLLM) reject `tools: []` — they want the
+    // field omitted entirely when there are no tools.
+    const hasTools = Object.keys(tools).length > 0;
     const result = streamText({
       model: client(req.model),
       system: req.system,
       messages: historyToModelMessages(req.history),
-      tools,
+      ...(hasTools ? { tools } : {}),
       maxOutputTokens: req.maxTokens,
     });
 

package/lib/chat/local-memory.ts

@@ -133,26 +133,43 @@ export class LocalMemoryStore implements MemoryStore {
     const q = (query || '').trim();
     if (!q) return [];
     const cap = Math.min(50, Math.max(1, limit));
-    const like = `%${q.replace(/[%_]/g, (m) => '\\' + m)}%`;
+    // Tokenize on whitespace and OR-match. Natural-language queries
+    // like "tell me about the X" can't be AND-matched (stop words
+    // wouldn't appear in stored content), so OR keeps recall useful.
+    // Drop tokens shorter than 3 chars to avoid runaway noise. If
+    // every token is too short, fall back to a single-substring match
+    // on the raw query.
+    const allTokens = q.split(/\s+/).filter((t) => t.length > 0);
+    const tokens = allTokens.filter((t) => t.length >= 3);
+    const useTokens = tokens.length > 0 ? tokens : [q];
+    const likes = useTokens.map((t) => `%${t.replace(/[%_]/g, (m) => '\\' + m)}%`);
     const conn = db();
 
+    const blockWhere = useTokens
+      .map(() => `(value LIKE ? ESCAPE '\\' OR key LIKE ? ESCAPE '\\' OR description LIKE ? ESCAPE '\\')`)
+      .join(' OR ');
+    const blockParams: unknown[] = [this.ns];
+    for (const like of likes) { blockParams.push(like, like, like); }
+    blockParams.push(cap);
     const blockHits = conn.prepare(
       `SELECT key, value, description, updated_at
          FROM memory_blocks
         WHERE ns = ?
-          AND (value LIKE ? ESCAPE '\\' OR key LIKE ? ESCAPE '\\' OR description LIKE ? ESCAPE '\\')
+          AND (${blockWhere})
         ORDER BY pinned DESC, updated_at DESC
         LIMIT ?`,
-    ).all(this.ns, like, like, like, cap) as Array<Pick<BlockRow, 'key' | 'value' | 'description' | 'updated_at'>>;
+    ).all(...blockParams) as Array<Pick<BlockRow, 'key' | 'value' | 'description' | 'updated_at'>>;
 
+    const episodeWhere = useTokens.map(() => `content LIKE ? ESCAPE '\\'`).join(' OR ');
+    const episodeParams: unknown[] = [this.ns, ...likes, cap];
     const episodeHits = conn.prepare(
       `SELECT id, content, reference_time, created_at
          FROM memory_episodes
         WHERE ns = ?
-          AND content LIKE ? ESCAPE '\\'
+          AND (${episodeWhere})
         ORDER BY created_at DESC
         LIMIT ?`,
-    ).all(this.ns, like, cap) as Array<Pick<EpisodeRow, 'id' | 'content' | 'reference_time' | 'created_at'>>;
+    ).all(...episodeParams) as Array<Pick<EpisodeRow, 'id' | 'content' | 'reference_time' | 'created_at'>>;
 
     const hits: SearchHit[] = [];
     for (const b of blockHits) {

package/lib/chat/protocols/http.ts

@@ -15,13 +15,20 @@
  * is_error so the LLM can react.
  */
 
-import type { HttpRequestSpec, ConnectorTool } from '../../connectors/types';
+import type { HttpRequestSpec, ConnectorTool, ConnectorAuth, ConnectorFieldSchema } from '../../connectors/types';
 import { expandAllTokens } from '../../plugins/templates';
 
 export interface HttpProtocolArgs {
   tool: ConnectorTool;
   settings: Record<string, any>;
   args: Record<string, any>;
+  /**
+   * Connector-level auth. Tool-level `tool.auth` takes precedence.
+   * Forge resolves the scheme into the right header/query at dispatch
+   * time so manifests don't have to hand-craft Authorization headers
+   * or base64-encode credentials.
+   */
+  connectorAuth?: ConnectorAuth;
   /**
    * When true, return the full response body without the 8KB cap. Used by
    * the Jobs scheduler — it parses JSON, not feeds the response into an
@@ -53,22 +60,42 @@ function expandObjectLeaves(obj: any, settings: Record<string, any>, args: Recor
 }
 
 /**
- * Expand `{args.X}` placeholders in a URL path with the value URL-
- * encoded. `{settings.X}` is NOT encoded — `{settings.base_url}` is the
- * scheme + host (with its own `://` and `/`), which must stay literal.
- *
- * Why: GitLab and many REST APIs accept either a numeric id or a
- * URL-encoded namespace path (`fortinac%2FFortiNAC`) as the project
- * identifier in the path. Without encoding, `args.project_id =
- * "fortinac/FortiNAC"` interpolates as a raw `/` and turns
- * `/projects/{args.project_id}/...` into `/projects/fortinac/FortiNAC/...`
- * (extra path segment), which the API can't parse. Numeric ids encode
- * to themselves — no regression.
+ * Encode a string value per its parameter's `url_encoding` declaration.
+ * Default `uri_component` matches encodeURIComponent (slashes encoded).
+ * `none` is raw, for pre-formatted paths (e.g. Jenkins folder paths
+ * `job/team/job/build`). `path_segments` encodes each `/`-separated
+ * piece but preserves the slashes — good for human-readable paths
+ * that contain spaces or unicode.
+ */
+function encodePathValue(raw: string, mode: ConnectorFieldSchema['url_encoding'] | undefined): string {
+  switch (mode) {
+    case 'none':
+      return raw;
+    case 'path_segments':
+      return raw.split('/').map(encodeURIComponent).join('/');
+    case 'uri_component':
+    case undefined:
+    default:
+      return encodeURIComponent(raw);
+  }
+}
+
+/**
+ * Expand `{args.X}` placeholders in a URL path. Each arg's encoding is
+ * decided by its parameter schema's `url_encoding` field (default
+ * `uri_component` — see `encodePathValue` for the modes). `{settings.X}`
+ * is NOT encoded — `{settings.base_url}` is the scheme + host (with its
+ * own `://` and `/`), which must stay literal.
  */
-function expandUrlPath(template: string, settings: Record<string, any>, args: Record<string, any>): string {
+function expandUrlPath(
+  template: string,
+  settings: Record<string, any>,
+  args: Record<string, any>,
+  paramSchemas?: Record<string, ConnectorFieldSchema>,
+): string {
   // First handle settings.* with raw substitution (keeps base_url intact).
   let out = expandAllTokens(template, settings, {});
-  // Then handle args.* with URL-encoding.
+  // Then handle args.* with per-parameter URL encoding.
   out = out.replace(/\{args\.([^{}]+)\}/g, (full, rawKey) => {
     const path = String(rawKey).trim().split('.');
     let v: any = args;
@@ -78,13 +105,23 @@ function expandUrlPath(template: string, settings: Record<string, any>, args: Re
     }
     if (v == null) return full;
     const s = typeof v === 'string' ? v : (typeof v === 'number' || typeof v === 'boolean' ? String(v) : JSON.stringify(v));
-    return encodeURIComponent(s);
+    // Encoding mode comes from the top-level parameter's schema. Nested
+    // arg paths inherit their root parameter's encoding — common case is
+    // a flat scalar parameter so this matters rarely.
+    const rootParam = path[0];
+    const mode = paramSchemas?.[rootParam]?.url_encoding;
+    return encodePathValue(s, mode);
   });
   return out;
 }
 
-function buildUrl(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): string {
-  const base = expandUrlPath(spec.url, settings, args);
+function buildUrl(
+  spec: HttpRequestSpec,
+  settings: Record<string, any>,
+  args: Record<string, any>,
+  paramSchemas?: Record<string, ConnectorFieldSchema>,
+): string {
+  const base = expandUrlPath(spec.url, settings, args, paramSchemas);
   if (!spec.query) return base;
   const url = new URL(base);
   for (const [k, raw] of Object.entries(spec.query)) {
@@ -98,6 +135,48 @@ function buildUrl(spec: HttpRequestSpec, settings: Record<string, any>, args: Re
   return url.toString();
 }
 
+/**
+ * Apply a connector/tool auth scheme onto an outbound request. Resolves
+ * templated `{settings.*}` inside auth values, base64-encodes basic
+ * credentials, and chooses between header / query placement. The URL is
+ * passed by reference (returned as a new string if the auth scheme
+ * appends a query param). Centralised so the chat dispatcher and the
+ * connector-test probe stay consistent.
+ */
+export function applyAuth(
+  url: string,
+  headers: Headers,
+  auth: ConnectorAuth | undefined,
+  settings: Record<string, any>,
+  args: Record<string, any> = {},
+): string {
+  if (!auth || auth.type === 'none') return url;
+  const exp = (s: string) => expandAllTokens(String(s ?? ''), settings, args);
+  switch (auth.type) {
+    case 'basic': {
+      const u = exp(auth.username);
+      const p = exp(auth.password);
+      const token = Buffer.from(`${u}:${p}`, 'utf-8').toString('base64');
+      headers.set('Authorization', `Basic ${token}`);
+      return url;
+    }
+    case 'bearer': {
+      headers.set('Authorization', `Bearer ${exp(auth.token)}`);
+      return url;
+    }
+    case 'header': {
+      headers.set(auth.name, exp(auth.value));
+      return url;
+    }
+    case 'query': {
+      const u = new URL(url);
+      u.searchParams.set(auth.name, exp(auth.value));
+      return u.toString();
+    }
+  }
+  return url;
+}
+
 function buildHeaders(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): Headers {
   const h = new Headers();
   if (spec.headers) {
@@ -109,12 +188,102 @@ function buildHeaders(spec: HttpRequestSpec, settings: Record<string, any>, args
 }
 
 function buildBody(spec: HttpRequestSpec, settings: Record<string, any>, args: Record<string, any>): { body?: string; contentType?: string } {
-  if (spec.body == null) return {};
-  if (typeof spec.body === 'string') {
-    return { body: expandAllTokens(spec.body, settings, args) };
+  if (spec.body != null) {
+    if (typeof spec.body === 'string') {
+      return { body: expandAllTokens(spec.body, settings, args) };
+    }
+    const obj = expandObjectLeaves(spec.body, settings, args);
+    return { body: JSON.stringify(obj), contentType: 'application/json' };
+  }
+  if (spec.body_form != null || spec.body_form_inject != null || spec.body_form_inject_from != null) {
+    return buildFormBody(spec.body_form, spec.body_form_inject, spec.body_form_inject_from, settings, args);
   }
-  const obj = expandObjectLeaves(spec.body, settings, args);
-  return { body: JSON.stringify(obj), contentType: 'application/json' };
+  return {};
+}
+
+/**
+ * Serialise an object into application/x-www-form-urlencoded body.
+ * The spec value can be:
+ *  - a literal placeholder `{args.NAME}` — resolved to the named arg
+ *    (must be a plain object); used by Jenkins trigger_build to take a
+ *    dynamic `params` map of build parameters.
+ *  - an inline object whose leaves get template-expanded — used when
+ *    the form keys are static.
+ *  - any other string — treated as a JSON-string template, parsed, then
+ *    serialised (less common, but lets manifests build the body inline).
+ *
+ * null/undefined values are dropped (no empty `KEY=`). Non-string values
+ * are stringified.
+ */
+function buildFormBody(spec: string | Record<string, unknown> | undefined, inject: Record<string, string> | undefined, injectFrom: string | undefined, settings: Record<string, any>, args: Record<string, any>): { body?: string; contentType?: string } {
+  let obj: any = null;
+  if (spec != null) {
+    if (typeof spec === 'string') {
+      const m = spec.match(/^\{args\.([^{}]+)\}$/);
+      if (m) {
+        obj = args[m[1]];
+        // LLMs frequently JSON-stringify an object arg even when the
+        // tool schema declares it as `type: json`. Parse it back so the
+        // form serialisation works either way.
+        if (typeof obj === 'string') {
+          try { obj = JSON.parse(obj); } catch { /* leave as null below */ }
+        }
+      } else {
+        const expanded = expandAllTokens(spec, settings, args);
+        try { obj = JSON.parse(expanded); } catch { obj = null; }
+      }
+    } else {
+      obj = expandObjectLeaves(spec, settings, args);
+    }
+  }
+  if (obj == null) obj = {};
+  if (typeof obj !== 'object' || Array.isArray(obj)) obj = {};
+
+  // Server-side inject — typically secrets pulled from settings.
+  // BOTH key and value are templated (against settings only, NOT args,
+  // so the LLM can't shadow injected keys). Templated keys let one
+  // manifest target different Jenkins jobs whose param names vary —
+  // each instance config sets the key name (e.g. TOKEN_PASSWORD)
+  // alongside the value source (e.g. {settings.gitlab_pat}). Entries
+  // where the key OR value comes back empty / unresolved get dropped.
+  if (inject) {
+    for (const [rawKey, rawVal] of Object.entries(inject)) {
+      const k = expandAllTokens(String(rawKey), settings, {});
+      if (!k || /\{(settings|args)\./.test(k)) continue;
+      const v = expandAllTokens(String(rawVal), settings, {});
+      if (!v || /\{(settings|args)\./.test(v)) continue;
+      obj[k] = v;
+    }
+  }
+
+  // body_form_inject_from — settings[X] is expected to be an
+  // `instances`-shaped array (each row { name, value, ... }). Inject
+  // every row as one form key/value pair. Lets the connector defer
+  // the actual key+value choices to per-user instance config without
+  // hardcoding them in the manifest. Rows with empty name or value
+  // are dropped.
+  if (injectFrom) {
+    let rows: any = (settings as any)[injectFrom];
+    if (typeof rows === 'string') {
+      try { rows = JSON.parse(rows); } catch { rows = null; }
+    }
+    if (Array.isArray(rows)) {
+      for (const row of rows) {
+        if (!row || typeof row !== 'object') continue;
+        const k = typeof row.name === 'string' ? row.name.trim() : '';
+        const v = typeof row.value === 'string' ? row.value : (row.value == null ? '' : String(row.value));
+        if (!k || !v) continue;
+        obj[k] = v;
+      }
+    }
+  }
+
+  const usp = new URLSearchParams();
+  for (const [k, v] of Object.entries(obj)) {
+    if (v == null) continue;
+    usp.append(k, typeof v === 'string' ? v : String(v));
+  }
+  return { body: usp.toString(), contentType: 'application/x-www-form-urlencoded' };
 }
 
 function truncate(s: string): { text: string; truncated: boolean; totalBytes: number } {
@@ -124,7 +293,7 @@ function truncate(s: string): { text: string; truncated: boolean; totalBytes: nu
   return { text: slice, truncated: true, totalBytes: buf.byteLength };
 }
 
-export async function runHttp({ tool, settings, args, noTruncation }: HttpProtocolArgs): Promise<HttpProtocolResult> {
+export async function runHttp({ tool, settings, args, connectorAuth, noTruncation }: HttpProtocolArgs): Promise<HttpProtocolResult> {
   const spec = tool.request;
   if (!spec || !spec.url) {
     return { content: 'http tool missing `request.url`', is_error: true };
@@ -145,11 +314,16 @@ export async function runHttp({ tool, settings, args, noTruncation }: HttpProtoc
     }
   }
 
-  const url = buildUrl(spec, settings, argsWithDefaults);
+  let url = buildUrl(spec, settings, argsWithDefaults, tool.parameters);
   const headers = buildHeaders(spec, settings, argsWithDefaults);
   const { body, contentType } = buildBody(spec, settings, argsWithDefaults);
   if (body != null && contentType && !headers.has('content-type')) headers.set('content-type', contentType);
 
+  // Tool-level auth overrides connector-level. `{ type: 'none' }` is a
+  // valid override that disables auth entirely (public endpoint).
+  const effectiveAuth = tool.auth ?? connectorAuth;
+  url = applyAuth(url, headers, effectiveAuth, settings, argsWithDefaults);
+
   const controller = new AbortController();
   const timer = setTimeout(() => controller.abort(), timeoutMs);
 

package/lib/chat/session-store.ts

@@ -265,6 +265,55 @@ export function listMessages(session_id: string, opts?: { limit?: number; after_
   return rows.map(rowToMessage);
 }
 
+/** Last N messages in chronological order — used by agent-loop to cap LLM context. */
+export function listRecentMessages(session_id: string, limit: number): Message[] {
+  ensureSchema();
+  const rows = db().prepare(`
+    SELECT * FROM chat_messages WHERE session_id = ?
+    ORDER BY ts DESC LIMIT ?
+  `).all(session_id, limit) as MessageRow[];
+  return rows.map(rowToMessage).reverse();
+}
+
+/**
+ * Take the most recent messages, stopping when either the message-count
+ * budget OR the token-estimate budget would be exceeded. Walks
+ * newest-first so the most recent dialogue is always kept; returns
+ * chronological order for the LLM history slot.
+ *
+ * msgBudget is enforced via SQL LIMIT (cheap). tokenBudget is enforced
+ * via the caller-supplied estimator (decoupled to avoid pulling the
+ * token-estimator into the storage layer).
+ */
+export function listMessagesCapped(
+  session_id: string,
+  msgBudget: number,
+  tokenBudget: number,
+  estimateTokens: (m: Message) => number,
+): Message[] {
+  ensureSchema();
+  const cap = Math.max(1, Math.floor(msgBudget));
+  // Pull newest-first via SQL — bounded by msgBudget so we never load
+  // more rows than we could possibly keep.
+  const rows = db().prepare(`
+    SELECT * FROM chat_messages WHERE session_id = ?
+    ORDER BY ts DESC LIMIT ?
+  `).all(session_id, cap) as MessageRow[];
+  const newestFirst = rows.map(rowToMessage);
+
+  // Now apply tokenBudget walking newest → oldest. Always keep at
+  // least one (so an oversized last message doesn't strand the loop).
+  const kept: Message[] = [];
+  let used = 0;
+  for (const m of newestFirst) {
+    const cost = estimateTokens(m);
+    if (kept.length > 0 && used + cost > tokenBudget) break;
+    kept.push(m);
+    used += cost;
+  }
+  return kept.reverse();
+}
+
 export function deleteMessage(id: string): boolean {
   ensureSchema();
   const r = db().prepare(`DELETE FROM chat_messages WHERE id = ?`).run(id);