@aitne-sh/aitne 0.1.8 → 0.1.10

package/agent-assets/skills/management-policy/references/policy-workflow.md

@@ -13,7 +13,7 @@ steps `N-1 … 1` in reverse before reporting the failure to the user.
 
 ```bash
 # Optional — only if the policy accumulates data into a new topic.
-curl -sS -X PUT http://localhost:8321/api/context/dossiers/<topic> \
+curl -sS -X PUT http://localhost:8321/api/context/knowledge/dossiers/<topic> \
   -H 'Content-Type: application/json' \
   -d @- <<'JSON'
 {"content":"---\ntype: dossier\nowner: agent\nupdated: 2026-04-24\n---\n# <Topic>\n\n## Daily Log\n"}
@@ -27,7 +27,7 @@ when the rest of the flow rolls back.
 ## 5.2 Create the custom routine (only if scheduling is needed)
 
 ```bash
-curl -sS -X PUT http://localhost:8321/api/context/routines/custom/<slug> \
+curl -sS -X PUT http://localhost:8321/api/context/policies/routines/custom/<slug> \
   -H 'Content-Type: application/json' \
   -d @- <<'JSON'
 {"content":"---\ntype: rule\nslug: <slug>\nprocess_key: routine.custom.<slug>\ncron: \"0 7 * * *\"\nbackend_tier: light\nmax_budget_usd: 0.20\nenabled: true\n---\n# <Title>\n\n## Checks\n\n### <step label>\n**Action**: …\n"}
@@ -52,7 +52,7 @@ line, write a short summary in `origin` and put the verbatim quote in
 a body section called `## Captured From`.
 
 ```bash
-curl -sS -X PUT http://localhost:8321/api/context/rules/policies/<slug> \
+curl -sS -X PUT http://localhost:8321/api/context/policies/management-captures/<slug> \
   -H 'Content-Type: application/json' \
   -d @- <<'JSON'
 {"content":"---\ntype: rule\nkind: policy\nowner: agent\nupdated: 2026-04-24\nslug: <slug>\nstatus: active\ncreated_at: 2026-04-24\ncreated_via: dm\norigin: \"User DM 2026-04-24T14:30Z: <one-line summary or short quote>\"\nlinked:\n  routine: <slug>\n  dossier: <topic>\ntemplate_version: 1\n---\n# <Title>\n\n## Why\n<one short paragraph>\n\n## How\n1. …\n\n## Source of Truth\n- Authoritative: …\n- Local cache: dossiers/<topic>.md\n\n## Captured From\n> <verbatim DM quote, only when too long for the origin line>\n\n## Notes\n- …\n"}
@@ -62,7 +62,7 @@ JSON
 The global FS-watch reconciler picks this up within ~1 s and the
 policy appears in `context-index.md` automatically. The policy-index
 reconciler also fires on the same FS event (chained off the same
-debounce), so `rules/policies/_index.md` and `rules/management.md`'s
+debounce), so `policies/management-captures/_index.md` and `policies/management.md`'s
 `## Active Policies` section refresh within ~10 s — no manual PATCH
 needed.
 
@@ -76,14 +76,13 @@ reconciler can resolve them.
 
 ## 5.4 _(no manual step required)_
 
-`rules/policies/_index.md` is auto-maintained by the daemon's
-policy-index reconciler — it re-renders within ~10 s of step 5.3's
-write. Same for the `## Active Policies` section in
-`rules/management.md`. **Do not PATCH or PUT either path manually**;
-doing so just races the reconciler and creates snapshot churn.
+Both `policies/management-captures/_index.md` and the `## Active Policies`
+section in `policies/management.md` are reconciler-owned and re-render
+within ~10 s of step 5.3's write (see SKILL.md body intro — no manual
+PATCH/PUT).
 
 If you need to confirm the index is up to date before replying to the
-user, GET `rules/policies/_index` after a short wait. The
+user, GET `policies/management-captures/_index` after a short wait. The
 reconciler's last-run record lives at `runtime_state` key
 `reconciler.policy_index.last_run` for diagnostics.
 
@@ -91,8 +90,8 @@ reconciler's last-run record lives at `runtime_state` key
 
 | Failure at | Roll back |
 |---|---|
-| 5.2 | undo 5.1 (`DELETE` the dossier file you just created — only if you created it; do not delete a pre-existing dossier) |
-| 5.3 | undo 5.2 (PUT routines file back to `enabled: false` and the next reconcile clears the cron job; or `DELETE` if you created it new), then undo 5.1 as above |
+| 5.2 | undo 5.1 — the dossier path does **not** accept `DELETE` (`knowledge/dossiers/*` is PUT/PATCH only; a `DELETE` returns `403 context.write_forbidden`). If you created it new, PUT it to empty content / `status: removed`; an empty dossier is harmless (per 5.1). Leave a pre-existing dossier untouched. |
+| 5.3 | undo 5.2 (PUT routines file back to `enabled: false` and the next reconcile clears the cron job; or `DELETE` if you created it new — `policies/routines/custom/*` is DELETE-whitelisted), then undo 5.1 as above |
 | 5.4 | none required — there is no manual 5.4. If the reconciler does not pick the change up within ~30 s, surface the diagnostics record (`runtime_state` key above) to the user rather than rolling back. |
 
 If any rollback step itself fails, **report the partial state to the

package/agent-assets/skills/management-policy/seeds/policy-file-shape.seed.json

@@ -2,7 +2,7 @@
   "kind": "knowledge_layout",
   "files": [
     {
-      "path": "rules/policies/*.md",
+      "path": "policies/management-captures/*.md",
       "purpose": "Durable management policy capturing why a recurring rule exists, how it runs, and where data lands",
       "sections": [
         { "heading": "## Why", "contains": "one short paragraph stating the motivation behind the policy" },

package/agent-assets/skills/notify/SKILL.md

@@ -41,14 +41,13 @@ language-agnostic** — it applies whatever language the agent uses
 with the user.
 
 Anti-examples (non-exhaustive — the positive rule above is
-load-bearing, not this list): "Good morning!", "Evening check-in —",
-"Morning briefing —", "Summary:", "Done.", "Sent.", "OK.", "Here's
-your day:", "Heads-up —", "FYI:", "Quick update:". Near-synonyms of
-these in any language also fail the positive rule.
+load-bearing, not this list): "Good morning!", "Summary:", "Done.",
+"Heads-up —". Near-synonyms of these in any language also fail the
+positive rule.
 
 ### No internal mechanism names
 
-Never mention `today.md`, `user/profile.md`, `roadmap.md`, `## Agent
+Never mention `state/today.md`, `identity/profile.md`, `plans/roadmap.md`, `## Agent
 Plan`, `## Agent Log`, `## Handoff`, `did-not-fire`, "Morning
 Routine", "Evening Review", "scheduled.task", "scheduled.dm",
 "dm_session", "sub_flow", or any other internal mechanism in
@@ -56,9 +55,8 @@ user-visible text. Those go in Agent Log only.
 
 ### No filler timing commentary
 
-Forbidden — "Just a heads-up", "Still about N hours to go", "About N
-hours left", "FYI". If timing matters, the deadline / event time
-itself carries it.
+Forbidden — "Just a heads-up", "About N hours left", "FYI". If timing
+matters, the deadline / event time itself carries it.
 
 ### No table-of-contents readback
 
@@ -71,7 +69,7 @@ rule above bars *introducing* such enumeration in any other surface.)
 ### Language and style
 
 Output language: follow `<output_language_policy>`. Tone: follow
-`user/profile.md` Communication Style and the Character block in your
+`identity/profile.md` Communication Style and the Character block in your
 system prompt. Keep technical terms in original form.
 
 ### Compactness
@@ -91,21 +89,21 @@ Notify when **all three** are true: (1) **actionable** or requires awareness, (2
   `[cal] ... — reminder sent` referencing the same item within the
   last 4 hours. If the injected log is truncated (`[...N earlier
   entries omitted ...]` marker) and you can't rule out a prior
-  notification, `GET /api/context/today` for the full log before
+  notification, `GET /api/context/state/today` for the full log before
   firing. Duplicate notifications are the #1 cause of noise.
 - **A pending Agent Plan row / scheduled DM is already set to fire
   for this item within the next 2 hours** — let the planned channel
   deliver; don't pre-empt it.
-- **Quiet hours (default 22:00-08:00, configurable)** unless `critical` — schedule for after instead
-- **Rate-limited (429)** — do NOT retry; log skip to Agent Log. If time-critical, upgrade priority at next opportunity
+- **Already delivered this item** — `/api/notify` sends immediately and a `200 {status:"sent"}` is proof of delivery, so do NOT re-post on a 200. Self-throttle via `<today>` `## Agent Log` before firing and log the skip rather than re-posting. (No endpoint quiet-hours or rate cap gates this for you — noise control is your job.)
 - **Routine file changes** or **agent internal state** — use Agent Log instead
 - **When in doubt — prefer silence**
 
 ## Priority
 
 **Default to `normal`.** Reserve `high` for 8h-delay-matters. Reserve
-`critical` for 3am-matters. Full per-level table, examples, and
-rate-limit caps are in the priority reference below.
+`critical` for 3am-matters. `priority` is metadata recorded in the
+notification log — it does not gate delivery on this endpoint. Full
+per-level table and examples are in the priority reference below.
 
 {{> ref:priority }}
 
@@ -120,5 +118,5 @@ curl -s -X POST http://localhost:8321/api/notify \
   -H 'Content-Type: application/json' \
   -d '{"message": "Design review starts in 15 minutes.", "priority": "normal"}'
 ```
-Fields: `message` (required, markdown), `priority` (optional: critical/high/normal/low), `platform` (optional, override target).
-Response: `{ "status": "sent", "notificationId": "..." }`. Risk tier: `Autonomous` — the agent decides when to notify; recorded in `notification_log` for the on-demand retrospective.
+Fields: `message` (required, markdown), `priority` (optional: critical/high/normal/low), `platform` (optional, override target) OR `platforms` (optional, array of targets) — mutually exclusive, not both.
+Response: `200 { "status": "sent", "notificationId": "...", "dispatchId": "..." }` = delivered to ≥1 channel; a total delivery failure returns HTTP 500 (not a silent 200-drop). Risk tier: `Autonomous` — the agent decides when to notify; recorded in `notification_log` for the on-demand retrospective.

package/agent-assets/skills/notify/references/priority.md

@@ -1,20 +1,24 @@
 ---
 kind: reference
 name: priority
-description: Notification priority levels — critical / high / normal / low — with quiet-hours behavior and per-level examples.
+description: Notification priority levels — critical / high / normal / low — as metadata you set, with per-level usage examples.
 ---
 
 # Notification priority levels
 
-Pick the lowest priority that still preserves the user-visible
-behavior the message needs. **Default to `normal`.**
+`priority` is a metadata field you set on the `/api/notify` call. It
+travels into `notification_log` and helps the user (and the
+retrospective) gauge how urgent each message was. It does NOT gate
+delivery on this endpoint — `/api/notify` sends immediately regardless
+of level. Pick the lowest priority that still honestly describes the
+message. **Default to `normal`.**
 
-| Priority | Quiet-hours | Use for |
-|---|---|---|
-| `critical` | Bypasses | Security alerts (credential leak, account lockout), data-loss risk (about to overwrite without backup, irreversible deletion in flight), system errors blocking the user from working. Wakes the user. |
-| `high` | Bypasses | Hard deadlines firing in the next 8 hours, urgent inbound messages from people the user has flagged as priority, "meeting starting now". User wants to see this even during quiet hours but not at 3 am. |
-| `normal` | Respects (dropped during quiet hours) | Regular reminders (`15 min until standup`), digest-style summaries, single-recipient FYIs the user opted into. **Default.** |
-| `low` | Respects (dropped during quiet hours) | Background updates, observational FYIs the user did not explicitly ask for, optional context. Often better as an Agent Log entry instead of a notification at all. |
+| Priority | Use for |
+|---|---|
+| `critical` | Security alerts (credential leak, account lockout), data-loss risk (about to overwrite without backup, irreversible deletion in flight), system errors blocking the user from working. The "wake the user at 3 am" tier. |
+| `high` | Hard deadlines firing in the next 8 hours, urgent inbound messages from people the user has flagged as priority, "meeting starting now". Important but not 3 am. |
+| `normal` | Regular reminders (`15 min until standup`), digest-style summaries, single-recipient FYIs the user opted into. **Default.** |
+| `low` | Background updates, observational FYIs the user did not explicitly ask for, optional context. Often better as an Agent Log entry instead of a notification at all. |
 
 ## Examples by level
 
@@ -47,14 +51,18 @@ If the next morning would still be soon enough, it is not `high`.
 If the user did not opt in to receiving this category of update, do not
 send `low`. Drop it to an Agent Log entry instead.
 
-## Rate-limit defaults
-
-3/hour, 12/day across all priorities (`critical` bypasses both caps).
-The agent CANNOT query `notification_log` directly (Approve-tier). Use
-`<today>` `## Agent Log` as the authoritative dedup source (look for
-`notify sent` / `DM sent` lines).
-
-A 429 response is final for this attempt — do NOT retry. Log `notify
-skipped (rate_limited)` to Agent Log. If the message is time-critical
-and the next opportunity arises, upgrade to `high` (or `critical` if
-the situation has escalated) rather than re-sending at the same level.
+## Delivery semantics
+
+`/api/notify` delivers immediately — there is no quiet-hours gate, no
+per-priority suppression, and no rate cap on this endpoint. A `200
+{status:"sent"}` means the message was delivered to at least one
+channel; a total delivery failure THROWS and surfaces as HTTP 500 (not
+a silent 200-drop). So `"sent"` IS proof of delivery — do NOT re-post
+the same item on a 200.
+
+Noise control is YOUR job, not the endpoint's. The agent CANNOT query
+`notification_log` directly (Approve-tier), so use `<today>` `## Agent
+Log` as the authoritative dedup source (look for `notify sent` / `DM
+sent` lines) and self-throttle before firing. Don't re-send the same
+item at the same level; if the situation has genuinely escalated, raise
+the priority metadata to reflect that.

package/agent-assets/skills/notion/SKILL.delegated.claude.md

@@ -29,7 +29,7 @@ delegated mode:
 
 ```bash
 curl -s http://localhost:8321/api/notion/databases
-# → { databases: { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { databases: [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 Resolve label → UUID here BEFORE the `/exec` call so your `task`
@@ -53,7 +53,7 @@ The daemon:
    tool against the per-task allowed-tools envelope, validates the
    final JSON against your `outputSchema`, returns it.
 
-`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=7`,
+`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=8`,
 `maxBudgetUsd=0.05`, `timeoutMs=60000`. Bump up to 15 / 0.50 / 300000
 for genuinely larger intents.
 

package/agent-assets/skills/notion/SKILL.delegated.codex.md

@@ -26,7 +26,7 @@ delegated mode:
 
 ```bash
 curl -sS http://localhost:8321/api/notion/databases
-# → { databases: { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { databases: [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 Resolve label → UUID here BEFORE the `/exec` call so your `task`
@@ -48,7 +48,7 @@ The daemon:
    tool against the per-task allowed-tools envelope, validates the
    final JSON against your `outputSchema`, returns it.
 
-`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=7`,
+`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=8`,
 `maxBudgetUsd=0.05`, `timeoutMs=60000`. Bump up to 15 / 0.50 / 300000
 for genuinely larger intents.
 

package/agent-assets/skills/notion/SKILL.delegated.gemini.md

@@ -26,7 +26,7 @@ delegated mode:
 
 ```bash
 curl -sS http://localhost:8321/api/notion/databases
-# → { databases: { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { databases: [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 Resolve label → UUID here BEFORE the `/exec` call so your `task`
@@ -48,7 +48,7 @@ The daemon:
    tool against the per-task allowed-tools envelope, validates the
    final JSON against your `outputSchema`, returns it.
 
-`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=7`,
+`outputSchema` is **required** (4 KB cap). Defaults: `maxToolCalls=8`,
 `maxBudgetUsd=0.05`, `timeoutMs=60000`. Bump up to 15 / 0.50 / 300000
 for genuinely larger intents.
 

package/agent-assets/skills/notion/SKILL.md

@@ -14,11 +14,10 @@ Base URL: `http://localhost:8321`. All calls via `curl -s` with
 `Content-Type: application/json` on POST/PATCH/PUT. URL-encode spaces in paths.
 
 Full CRUD over Notion pages plus workspace search. Reads and writes are
-Autonomous; writes are still serialized per-process and pre-marked
-`notion:<pageId>` for write attribution. The daemon does not DM the
-owner before a write — the user's `deniedTools` setting is the gate.
-Call `POST /api/notify` yourself when you judge the user would
-want immediate awareness.
+Autonomous; writes are serialized per-process and pre-marked
+`notion:<pageId>` for attribution. The daemon does not DM the owner before
+a write — the `deniedTools` setting is the gate. Call `POST /api/notify`
+yourself when you judge the user would want immediate awareness.
 
 **Parent shorthand**: `parent` accepts a label string (`"tasks"`),
 `{ database: "tasks" }`, `{ data_source_id }`, `{ database_id }`, or
@@ -34,8 +33,10 @@ curl -s "http://localhost:8321/api/notion/search?q=launch+plan"             # se
 curl -s http://localhost:8321/api/notion/pages/abc123...                    # retrieve page
 ```
 
-Pagination: `page_size` (1–100, default 20) + `start_cursor` from response's
-`next_cursor`. Check `has_more` to know if more pages exist.
+Query also accepts `sorts` (URL-encoded JSON) alongside `filter`, and
+`in_trash=true` to query trashed rows. Pagination: `page_size` (1–100,
+default 20) + `start_cursor` from response's `next_cursor`; check
+`has_more` to know if more pages exist.
 
 ## Create a page (write — Autonomous)
 
@@ -55,12 +56,13 @@ curl -s -X PATCH http://localhost:8321/api/notion/pages/abc123... \
 
 ## Update page content (write — Autonomous)
 
-**Concurrency warning**: Notion v5 has no etags. If another client edits
-between GET and PATCH, `oldStr` may fail silently. For high-risk edits,
-prefer `mode=replace_all`.
+**Concurrency**: Notion v5 has no etags — if another client edits between
+GET and PATCH, `oldStr` may fail silently; for high-risk edits prefer
+`mode=replace_all`.
 
 Modes: `append`, `replace_all`, `update` (find-and-replace via
-`updates: [{oldStr, newStr}]`).
+`updates: [{oldStr, newStr}]`), `replace_range` (in-place swap of a line
+range; requires `content` + `contentRange`, optional `allowDeleting`).
 
 ```bash
 curl -s -X PATCH http://localhost:8321/api/notion/pages/abc123.../content \
@@ -80,9 +82,7 @@ Moves to trash (~30 days). Restore via `PATCH` with `{ "in_trash": false }`.
 
 - During `routine.hourly_check` this skill is **read-only** — no creates,
   property updates, content patches, or archives.
-- No bulk operations without user confirmation. If you're about to update
-  3+ pages at once, stop and ask the user first.
-- Writes are Autonomous; the daemon does not DM the owner. Single ops
-  only — the agent's own judgment is the gate, not the daemon. The
-  message-discipline contract for any `POST /api/notify` call you issue
-  here is in the `notify` skill — do not invent ad-hoc phrasing rules.
+- No bulk operations without user confirmation: about to touch 3+ pages,
+  stop and ask first. Single ops only.
+- For any `POST /api/notify` call you issue, the message-discipline
+  contract lives in the `notify` skill — do not invent ad-hoc phrasing.

package/agent-assets/skills/notion/SKILL.native.claude.md

@@ -11,12 +11,16 @@ allowed-tools:
 > **Refusal directive — read first.** Notion is in `native` mode bound
 > to Claude. Do **NOT** call any of:
 >
-> - `POST /api/integrations/notion/exec` (returns `410` with
->   `X-Integration-Mode: native`)
-> - `POST /api/integrations/notion/reconcile` (410)
-> - `/api/notion/query`, `/api/notion/search`, `/api/notion/pages`,
->   `/api/notion/pages/<id>/content` (each route-prefix 410 in native
+> - `POST /api/integrations/notion/exec` (returns `409 mode_mismatch`
+>   in native mode — this route is NOT route-gated and carries no
+>   `X-Integration-Mode` header; `/exec` only succeeds in `delegated`
 >   mode)
+> - `POST /api/integrations/notion/reconcile` (not route-gated either;
+>   an LLM-issued notion reconcile returns `400 validation_error` on the
+>   window-key allowlist, which is calendar-only)
+> - `/api/notion/query`, `/api/notion/search`, `/api/notion/pages`,
+>   `/api/notion/pages/<id>/content` (each route-prefix returns `410`
+>   with `X-Integration-Mode: native` — these ARE route-gated)
 >
 > Reach Notion through the in-session Notion connector your harness
 > exposes. Your tool menu lists every available tool at session start
@@ -38,7 +42,7 @@ connector arguments carry concrete UUIDs.
 
 ```bash
 curl -s http://localhost:8321/api/notion/databases
-# → { "databases": { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { "databases": [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 This route is **not** part of the absolute deny set and is intentionally
@@ -150,7 +154,7 @@ instead).
 When `routine.hourly_check.native.claude.md`'s Step 0c fetches recent
 Notion edits, POST each materialised page to `/api/observations`. The
 daemon computes `contentHash` server-side via
-`@personal-agent/shared/observations-hash.ts`; pass `payload` verbatim.
+`@aitne/shared/observations-hash.ts`; pass `payload` verbatim.
 
 **Batch when you have more than one page.** Use
 `POST /api/observations/batch` with up to 200 items in one

package/agent-assets/skills/notion/SKILL.native.codex.md

@@ -11,11 +11,16 @@ allowed-tools:
 > **Refusal directive — read first.** Notion is in `native` mode bound
 > to Codex. Do **NOT** call any of:
 >
-> - `POST /api/integrations/notion/exec` (returns `410` with
->   `X-Integration-Mode: native`)
-> - `POST /api/integrations/notion/reconcile` (410)
+> - `POST /api/integrations/notion/exec` (returns `409 mode_mismatch`
+>   in native mode — this route is NOT route-gated and carries no
+>   `X-Integration-Mode` header; `/exec` only succeeds in `delegated`
+>   mode)
+> - `POST /api/integrations/notion/reconcile` (not route-gated either;
+>   an LLM-issued notion reconcile returns `400 validation_error` on the
+>   window-key allowlist, which is calendar-only)
 > - `/api/notion/query`, `/api/notion/search`, `/api/notion/pages`,
->   `/api/notion/pages/<id>/content` (each route-prefix 410)
+>   `/api/notion/pages/<id>/content` (each route-prefix returns `410`
+>   with `X-Integration-Mode: native` — these ARE route-gated)
 >
 > Reach Notion through the in-session Notion connector your harness
 > exposes. Your tool menu lists every available tool at session start
@@ -31,7 +36,7 @@ the `<integration-routing-table>` block in the session preamble.
 
 ```bash
 curl -s http://localhost:8321/api/notion/databases
-# → { "databases": { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { "databases": [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 Resolve label → UUID before any Notion call so the connector arguments

package/agent-assets/skills/notion/SKILL.native.gemini.md

@@ -11,11 +11,16 @@ allowed-tools:
 > **Refusal directive — read first.** Notion is in `native` mode bound
 > to Gemini. Do **NOT** call any of:
 >
-> - `POST /api/integrations/notion/exec` (returns `410` with
->   `X-Integration-Mode: native`)
-> - `POST /api/integrations/notion/reconcile` (410)
+> - `POST /api/integrations/notion/exec` (returns `409 mode_mismatch`
+>   in native mode — this route is NOT route-gated and carries no
+>   `X-Integration-Mode` header; `/exec` only succeeds in `delegated`
+>   mode)
+> - `POST /api/integrations/notion/reconcile` (not route-gated either;
+>   an LLM-issued notion reconcile returns `400 validation_error` on the
+>   window-key allowlist, which is calendar-only)
 > - `/api/notion/query`, `/api/notion/search`, `/api/notion/pages`,
->   `/api/notion/pages/<id>/content` (each route-prefix 410)
+>   `/api/notion/pages/<id>/content` (each route-prefix returns `410`
+>   with `X-Integration-Mode: native` — these ARE route-gated)
 >
 > Reach Notion through the in-session Notion connector your harness
 > exposes (typically a user-installed Notion MCP server registered
@@ -41,7 +46,7 @@ the `<integration-routing-table>` block in the session preamble.
 
 ```bash
 curl -s http://localhost:8321/api/notion/databases
-# → { "databases": { "<label>": { "id": "<uuid>", "title": "..." }, ... } }
+# → { "databases": [ { "label": "<label>", "id": "<uuid>" }, ... ] }
 ```
 
 Resolve label → UUID before any Notion call.

package/agent-assets/skills/observations/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: observations
-description: Load when a session needs to drain the pending-observations queue or inspect raw external-source state (Obsidian edits, new git commits, Notion updates) and optionally mark entries consumed.
+description: Drain the pending-observations queue and inspect raw external-source state (Obsidian edits, new git commits, Notion updates), marking processed entries consumed. Use during hourly check or morning routine review.
 allowed-tools:
   - Bash(curl *)
   - Read
@@ -17,8 +17,8 @@ Output language: write-ups inherit the destination file's policy via the `today`
 2. Group related observations before acting.
 3. For each group, apply the **fetch decision** (below) — `summary_text` + `novelty_score` are pre-computed by the daemon's per-observation summarizer; only `novelty_score >= 2` warrants full content fetch.
 4. Decide actionability:
-   - Update `today.md` for TODOs, blockers, decisions, or deadlines
-   - Update `roadmap.md` or `projects/*.md` only for material project-state changes
+   - Update `state/today.md` for TODOs, blockers, decisions, or deadlines
+   - Update `plans/roadmap.md` or `projects/*.md` only for material project-state changes
    - Schedule a wake-up if the observation implies a future reminder
 5. Apply the smallest meaningful set of context updates.
 6. Mark processed observations consumed via the bulk endpoint
@@ -60,20 +60,7 @@ The daemon pre-summarizes every observation with a per-source LLM call (lite tie
 
 ### Legacy fetch-on-doubt (used when `summary_status !== 'done'`)
 
-Before fetching, ask: **"If I fetch this, will my next action actually differ from what I'd do now?"** No → don't fetch. Yes → fetch. Fetching for "verification" wastes tokens; fetching to resolve ambiguity is what these endpoints exist for.
-
-| Situation | Action | Why |
-|---|---|---|
-| Preview contains TODO, deadline, or concrete task reference | **Act on preview** | You have what you need |
-| Preview is truncated on a relevant section | **Fetch full** | Missing load-bearing content |
-| Preview is empty or says `(file read failed)` | **Fetch full** | Preview is broken, not empty |
-| Change type is `deleted` | **Log only — no fetch** | Nothing to read |
-| Journal/diary entry with no task markers visible | **Skip entirely** | Usually no action needed |
-| Active project file with ambiguous preview | **Fetch full** | Active project justifies cost |
-| Clear commit message + small/routine diff | **Act on preview** | Common refactors, renames |
-| Generic commit message ("update","fix","wip") + multi-file | **Fetch full diff** | Vague message requires actual change |
-
-**Availability:** Obsidian → 503 when app not running (fall back to preview); Git → 400 for repos not in `PA_GIT_REPOS`; Notion → empty for unconfigured DBs.
+When the summarizer hasn't run (`summary_status !== 'done'`) or its summary aged out (`summaryStale === true`), fall back to the fetch-on-doubt heuristic table: {{> ref:fetch-fallback }}
 
 ---
 
@@ -105,7 +92,7 @@ Params: `pending` (bool, default true), `actor` (user/agent/system/unknown), `li
 
 The `source` filter is a prefix match: `source=obsidian` returns rows from both the primary management vault (`obsidian:primary`) and the external note vault (`obsidian:external`). Narrow to one side with the namespaced form when the distinction matters — typically `obsidian:primary` refers to the agent's own files and most user-actionable edits come from `obsidian:external`.
 
-Response: `{ "observations": [{ "id", "source", "ref", "changeType", "actor", "observedAt", "payload", "consumedAt?", "consumedBy?", "summaryText?", "noveltyScore?", "summaryStatus?", "summaryAt?", "summaryStale" }], "limit", "offset", "pending" }`
+Response: `{ "observations": [{ "id", "source", "ref", "changeType", "actor", "observedAt", "payload", "consumedAt?", "consumedBy?", "summaryText?", "noveltyScore?", "summaryStatus?", "summaryAt?", "summaryBackend?", "summaryStale" }], "limit", "offset", "pending" }`
 
 `summaryText` / `noveltyScore` are populated asynchronously by the per-observation summarizer (cost-reduction-structural §A). When `summaryStatus !== 'done'` the row may have been skipped (deny-list, agent-actor) or the summarizer hasn't caught up yet — fall back to the legacy fetch-on-doubt rules in that case. `summaryStale === true` flags summaries older than 6 h relative to `observedAt`; treat them the same way as a missing summary.
 
@@ -138,6 +125,16 @@ that caps each curl invocation at one HTTP request and strips heredoc
 bodies before URL validation. The batch endpoint resolves the
 cardinality mismatch without weakening either hook.
 
+> **If `mcp__aitne-observations__submit_observations` is in your allowed
+> tools (the `routine.fetch_window` pre-pass on Claude), submit the batch
+> through that MCP tool instead of the curl below.** The structured
+> transport never goes through the SDK bash preflight, so Unicode-bearing
+> payloads (NBSP/ZWS in subjects, U+3000 in titles) can't trip its
+> `too-complex` gate and cascade to a denied curl / wasted retry /
+> `budget-cap`. The tool input is the same `{"observations":[…]}` envelope
+> and the response is identical. The curl form below is the fallback for
+> sessions without the MCP tool (the hourly check, Codex/Gemini).
+
 ```bash
 curl -s -X POST http://localhost:8321/api/observations/batch \
   -H 'Content-Type: application/json' \
@@ -190,8 +187,8 @@ Hard limits:
 ### POST /api/observations/consume
 
 Marks one or more observations consumed. **Bulk-only** — there is no
-per-id endpoint (`POST /api/observations/<id>/consume` returns 404).
-Always use this shape, even for a single id.
+per-id endpoint (`POST /api/observations/<id>/consume` returns 405
+`use_bulk_endpoint`). Always use this shape, even for a single id.
 
 Copy the `correlationId` value verbatim from the
 `<event_correlation_id>…</event_correlation_id>` tag in your turn
@@ -218,19 +215,19 @@ you to.**
 
 #### Common mistakes — do not retry these, they will keep failing
 
+The live `issues[]` array names any other malformed field; these are the highest-frequency ones.
+
 | Wrong call | Why it fails | Correct shape |
 |---|---|---|
-| `POST /api/observations -d 'limit=30'` | Body is a query string. POST records, GET fetches. | `GET /api/observations?limit=30&pending=true` |
 | `POST /api/observations/14/consume` | Per-id path returns 405 `use_bulk_endpoint`. | `POST /api/observations/consume -d '{"ids":[14],"correlationId":"..."}'` |
-| `GET /api/observations/consume` | Consume is POST-only; GET returns 405. | `POST /api/observations/consume -d '{"ids":[...],"correlationId":"..."}'` |
-| `PATCH /api/observations` | No PATCH route — auth middleware returns 401. | `POST /api/observations/consume` (or `POST /api/observations` for new rows). |
 | `-d '{"ids":[14],"correlation_id":"..."}'` | snake_case. Field must be camelCase. | `-d '{"ids":[14],"correlationId":"..."}'` |
 | `-d '{"ids":["14"],"correlationId":"..."}'` | Stringified ids. Use integers. | `-d '{"ids":[14],"correlationId":"..."}'` |
-| `-d '{"ids":[14],"correlationId":"<event_correlation_id>"}'` | Pasted the angle-bracket placeholder. | Paste the actual id, e.g. `"hourly-2026-04-23T15:00:00Z-7af3"`. |
 
 ### GET /api/observations/stats
 
-`curl -s http://localhost:8321/api/observations/stats` → `{ "total", "pending", "bySource": {...}, "byActor": {...} }`
+`curl -s http://localhost:8321/api/observations/stats` → `{ "totalPending", "oldestPendingObservedAt", "bySource": [{ "source", "pendingCount", "oldestObservedAt" }], "summaryStatusCounts": {...}, "noveltyDistribution": [...] }`
+
+`totalPending` is the single count of unconsumed observations (no separate `total` / `pending` keys). `bySource` is an **array** of per-source rows, not a map. There is no `byActor`. `summaryStatusCounts` / `noveltyDistribution` are summarizer-health telemetry.
 
 ---
 
@@ -267,7 +264,10 @@ current state.
 
 <!-- mode:direct:notion -->
 ```bash
-curl -s "http://localhost:8321/api/notion/query?databaseId=xxx"
+# ?database= takes a database LABEL (default "tasks"), not a UUID.
+# An unrecognized label returns 404 notion.database_not_found with the
+# list of valid labels; an absent param silently uses "tasks".
+curl -s "http://localhost:8321/api/notion/query?database=tasks"
 ```
 <!-- /mode:direct:notion -->
 <!-- mode:delegated-same:notion -->
@@ -331,8 +331,9 @@ names and the canonical search / fetch call shapes. Resolve
 `<databaseId>` first via the un-gated config dump
 (`curl -s http://localhost:8321/api/notion/databases`) and pass the
 UUID to the connector's data-source / search tool. Do NOT call
-`/api/notion/*` (410) or `/api/integrations/notion/exec` (also 410
-in native mode).
+`/api/notion/*` (410) or `/api/integrations/notion/exec` (returns 409
+`mode_mismatch` in native mode — the `/exec` path is not route-gated,
+so it is the handler, not the 410 gate, that rejects it).
 <!-- /mode:native:notion -->
 <!-- mode:disabled:notion -->
 Notion is disabled — there is no live source. Treat the observation

package/agent-assets/skills/observations/references/fetch-fallback.md

@@ -0,0 +1,22 @@
+---
+kind: reference
+name: fetch-fallback
+description: Legacy fetch-on-doubt rules — used only when summary_status !== 'done' (summarizer disabled/lagging/crashed) or summaryStale === true.
+---
+
+# Legacy fetch-on-doubt (used when `summary_status !== 'done'`)
+
+Before fetching, ask: **"If I fetch this, will my next action actually differ from what I'd do now?"** No → don't fetch. Yes → fetch. Fetching for "verification" wastes tokens; fetching to resolve ambiguity is what these endpoints exist for.
+
+| Situation | Action | Why |
+|---|---|---|
+| Preview contains TODO, deadline, or concrete task reference | **Act on preview** | You have what you need |
+| Preview is truncated on a relevant section | **Fetch full** | Missing load-bearing content |
+| Preview is empty or says `(file read failed)` | **Fetch full** | Preview is broken, not empty |
+| Change type is `deleted` | **Log only — no fetch** | Nothing to read |
+| Journal/diary entry with no task markers visible | **Skip entirely** | Usually no action needed |
+| Active project file with ambiguous preview | **Fetch full** | Active project justifies cost |
+| Clear commit message + small/routine diff | **Act on preview** | Common refactors, renames |
+| Generic commit message ("update","fix","wip") + multi-file | **Fetch full diff** | Vague message requires actual change |
+
+**Availability:** Obsidian → 503 when app not running (fall back to preview); Git → 400 for repos not in `PA_GIT_REPOS`; Notion → empty for unconfigured DBs.