@aitne-sh/aitne 0.1.8 → 0.1.9

package/agent-assets/skills/external-services/SKILL.native.claude.md

@@ -37,14 +37,14 @@ in the session preamble.
 The same two files documented in the direct-mode body are still
 authoritative for non-Calendar routing:
 
-1. **`rules/management.md` → `## Source of Truth`** — durable
+1. **`policies/management.md` → `## Source of Truth`** — durable
    user-authored answers ("Schedule = Google Calendar", "Tasks =
    Notion", etc.).
 2. **`~/.personal-agent/integrations.md` → `## Note Sources`** — the
    daemon-rendered snapshot for the user's external Obsidian vault path
    plus Notion's mode.
 
-If `rules/management.md` Schedule = Apple Calendar or Outlook Calendar,
+If `policies/management.md` Schedule = Apple Calendar or Outlook Calendar,
 the user's chosen provider is **not** Google Calendar and the
 native-Claude binding is irrelevant — route to `/api/apple-calendar/*`
 or `/api/calendar/outlook/*` exactly as the direct-mode body documents.
@@ -149,7 +149,7 @@ the window and intersect.
 <!-- service:apple-calendar -->
 ## Apple Calendar (iCloud CalDAV) — direct, unchanged
 
-If `rules/management.md` Schedule = Apple Calendar, use the
+If `policies/management.md` Schedule = Apple Calendar, use the
 `/api/apple-calendar/*` routes documented in the base body. Apple
 Calendar has no MCP connector; native-mode gating does not apply.
 
@@ -165,7 +165,7 @@ native binding above is Google-only.
 <!-- service:outlook-calendar -->
 ## Outlook Calendar (Microsoft Graph) — direct, unchanged
 
-If `rules/management.md` Schedule = Outlook Calendar, use
+If `policies/management.md` Schedule = Outlook Calendar, use
 `/api/calendar/outlook/*` per the direct-mode body. Microsoft does not
 ship a hosted Outlook Calendar connector for Claude / Codex / Gemini
 today; native-mode gating does not apply.
@@ -178,7 +178,7 @@ today; native-mode gating does not apply.
 
 **Scope**: this skill targets the **separate** Obsidian vault the user
 maintains alongside this app — never the agent's primary management
-store (`today.md`, `roadmap.md`, `projects/`, `rules/`, `routines/`,
+store (`state/today.md`, `plans/roadmap.md`, `projects/`, `rules/`, `routines/`,
 `user/`, `agent/`). Those are reached via `/api/context/*` (see the
 `context` skill).
 

package/agent-assets/skills/external-services/SKILL.native.codex.md

@@ -32,9 +32,9 @@ and the `<integration-routing-table>` block in the session preamble.
 
 ## Source of Truth (READ FIRST)
 
-Same as the direct-mode body — `rules/management.md` →
+Same as the direct-mode body — `policies/management.md` →
 `## Source of Truth` and `~/.personal-agent/integrations.md` →
-`## Note Sources`. If `rules/management.md` Schedule != Google
+`## Note Sources`. If `policies/management.md` Schedule != Google
 Calendar, the native binding is irrelevant; route through the
 provider-specific direct route (`/api/apple-calendar/*` or
 `/api/calendar/outlook/*`).
@@ -120,7 +120,7 @@ this file.
 <!-- service:apple-calendar -->
 ## Apple Calendar (iCloud CalDAV) — direct, unchanged
 
-If `rules/management.md` Schedule = Apple Calendar, use the
+If `policies/management.md` Schedule = Apple Calendar, use the
 `/api/apple-calendar/*` routes documented in the base body. Apple
 Calendar has no MCP connector; native-mode gating does not apply.
 <!-- /service:apple-calendar -->
@@ -130,7 +130,7 @@ Calendar has no MCP connector; native-mode gating does not apply.
 <!-- service:outlook-calendar -->
 ## Outlook Calendar (Microsoft Graph) — direct, unchanged
 
-If `rules/management.md` Schedule = Outlook Calendar, use
+If `policies/management.md` Schedule = Outlook Calendar, use
 `/api/calendar/outlook/*` per the direct-mode body. No Outlook
 connector ships for Codex today; native-mode gating does not apply.
 <!-- /service:outlook-calendar -->
@@ -143,7 +143,7 @@ connector ships for Codex today; native-mode gating does not apply.
 Same surface as the direct-mode body. Full CRUD via
 `/api/obsidian/*`; requires the Obsidian app running. Omit `.md`
 extensions from paths. Never use this skill to read or write the
-agent's primary management vault (`today.md`, `roadmap.md`,
+agent's primary management vault (`state/today.md`, `plans/roadmap.md`,
 `projects/`, `rules/`, …) — that lives behind `/api/context/*`.
 
 ```bash
@@ -171,10 +171,10 @@ curl -s -X DELETE http://localhost:8321/api/obsidian/notes/Projects/Old
 
 ```bash
 curl -s http://localhost:8321/api/github/repos
-curl -s "http://localhost:8321/api/github/pulls?state=open"
+curl -s "http://localhost:8321/api/github/pulls?owner=user&repo=repo&state=open"
 curl -s -X POST http://localhost:8321/api/github/pulls/comment \
   -H 'Content-Type: application/json' \
-  -d '{"owner": "user", "repo": "repo", "pullNumber": 42, "body": "LGTM"}'
+  -d '{"owner": "user", "repo": "repo", "pull_number": 42, "comment": "LGTM"}'
 ```
 <!-- /service:github -->
 

package/agent-assets/skills/external-services/SKILL.native.gemini.md

@@ -33,7 +33,7 @@ and the `<integration-routing-table>` block in the session preamble.
 
 ## Source of Truth (READ FIRST)
 
-Same files as the direct-mode body — `rules/management.md` →
+Same files as the direct-mode body — `policies/management.md` →
 `## Source of Truth` and `~/.personal-agent/integrations.md` →
 `## Note Sources`. If Schedule != Google Calendar, route through the
 provider-specific direct route (`/api/apple-calendar/*` or
@@ -124,7 +124,7 @@ materialised event to `/api/observations` per the section below.
 ## Apple Calendar (iCloud CalDAV) — direct, unchanged
 
 Use `/api/apple-calendar/*` per the direct-mode body if
-`rules/management.md` Schedule = Apple Calendar.
+`policies/management.md` Schedule = Apple Calendar.
 <!-- /service:apple-calendar -->
 
 ---
@@ -170,10 +170,10 @@ curl -s -X DELETE http://localhost:8321/api/obsidian/notes/Projects/Old
 
 ```bash
 curl -s http://localhost:8321/api/github/repos
-curl -s "http://localhost:8321/api/github/pulls?state=open"
+curl -s "http://localhost:8321/api/github/pulls?owner=user&repo=repo&state=open"
 curl -s -X POST http://localhost:8321/api/github/pulls/comment \
   -H 'Content-Type: application/json' \
-  -d '{"owner": "user", "repo": "repo", "pullNumber": 42, "body": "LGTM"}'
+  -d '{"owner": "user", "repo": "repo", "pull_number": 42, "comment": "LGTM"}'
 ```
 <!-- /service:github -->
 

package/agent-assets/skills/external-services/references/calendar-apple.md

@@ -7,7 +7,7 @@ description: Apple Calendar (iCloud CalDAV) reference — list/get/create/update
 <!-- service:apple-calendar -->
 ## Apple Calendar (iCloud CalDAV)
 
-Use this section **only when `rules/management.md` Schedule = Apple Calendar**. The provider-routing table at the top of this skill is non-negotiable.
+Use this section **only when `policies/management.md` Schedule = Apple Calendar**. The provider-routing table at the top of this skill is non-negotiable.
 
 The route shape mirrors `/api/calendar/*` so prose patterns transfer: list → get → patch / create / delete. Differences are flagged below.
 
@@ -43,7 +43,7 @@ curl -s -X POST http://localhost:8321/api/apple-calendar/events \
   -H 'Content-Type: application/json' \
   -d '{"summary": "Team meeting", "start": "2026-04-26T14:00:00+09:00", "end": "2026-04-26T15:00:00+09:00"}'
 ```
-Optional: `description`, `location`. **[Apple only]** `attendees`, `reminders`, `recurrence`, `visibility` from the Google shape are accepted by the Zod schema but are silently dropped — iCloud invitations and reminder defaults belong to the user's Apple ID and the agent should not author them. If a user asks for those, tell them and stop.
+Optional: `description`, `location`. **[Apple only]** `attendees`, `reminders`, `recurrence`, `visibility` from the Google shape are **rejected** — the Apple schema is `.strict()`, so including any of them fails the whole request with `400 validation_error` and no event is created (the same applies to PATCH). iCloud invitations and reminder defaults belong to the user's Apple ID and the agent should not author them. If a user asks for those, tell them and stop — do not include the fields in the request.
 
 ### Update event (write — Autonomous)
 ```bash

package/agent-assets/skills/external-services/references/calendar-outlook.md

@@ -7,7 +7,7 @@ description: Outlook Calendar reference (Microsoft Graph) — read-only on-deman
 <!-- service:outlook-calendar -->
 ## Outlook Calendar (Microsoft Graph)
 
-Use this section **only when `rules/management.md` Schedule = Outlook Calendar**. The provider-routing table at the top of this skill is non-negotiable.
+Use this section **only when `policies/management.md` Schedule = Outlook Calendar**. The provider-routing table at the top of this skill is non-negotiable.
 
 v1 is **read-only and on-demand** — there is no Outlook calendar poller, so `schedule.approaching` events do not fire for Outlook calendars (the user's own Outlook clients fill that gap). Write surfaces (create / update / delete) are deferred. If the user asks the agent to schedule or change an Outlook event, tell them you can read the calendar but must defer the write to them.
 

package/agent-assets/skills/external-services/references/obsidian.md

@@ -9,8 +9,8 @@ description: External Obsidian vault CRUD — separate from the agent's primary
 
 **Scope**: this skill targets a **separate** Obsidian vault the user maintains
 alongside this app — e.g. a personal knowledge base. It is **not** the agent's
-own primary management store. The agent's primary files (`today.md`,
-`roadmap.md`, `projects/`, `rules/`, `routines/`, `user/`, `agent/`, …) live
+own primary management store. The agent's primary files (`state/today.md`,
+`plans/roadmap.md`, `projects/`, `rules/`, `routines/`, `user/`, `agent/`, …) live
 in the primary vault and are reached via `/api/context/*` (see the `context`
 skill). **Never** use this skill to read or write the primary vault.
 

package/agent-assets/skills/gmail-lifestyle/SKILL.md

@@ -1,26 +1,24 @@
 ---
 name: gmail-lifestyle
-description: Load when the user mentions receipts / expenses / flights / hotels / trains / commute / travel time / a booking — Gmail-observer-derived travel bookings, calendar-event commute calculations, and receipt save-to-external-vault all live here.
+description: Load when the user mentions receipts / expenses / flights / hotels / trains / a booking — Gmail-observer-derived travel bookings and receipt save-to-external-vault both live here.
 allowed-tools:
   - Bash(curl *)
   - Read
 ---
 
-# Gmail Lifestyle — travel bookings, commute, receipts
+# Gmail Lifestyle — travel bookings, receipts
 
-This skill merges three closely-related surfaces that all depend on
-data the daemon's **Gmail observer** has scanned: travel bookings,
-commute / travel-time calculations over calendar events, and receipt
-attachments saved into the user's external Obsidian vault.
+This skill merges two closely-related surfaces that both depend on
+data the daemon's **Gmail observer** has scanned: travel bookings and
+receipt attachments saved into the user's external Obsidian vault.
 
 It is conditionally loaded — see the manifest predicate
 `gmailLifestyleActive(db)` / `gmailLifestyleActiveForDm(db, msg)`
 in `packages/daemon/src/core/skills-manifest.ts`. Routines load it
 when there is fresh-or-pending data; DM events also load it on
-trigger phrases (`receipt`, `expense`, `flight`, `train`,
-`commute`, `travel time`, plus the user's primary-language
-equivalents — the predicate handles both the structured triggers
-and the message-text triggers).
+trigger phrases (`receipt`, `expense`, `flight`, `train`, plus the
+user's primary-language equivalents — the predicate handles both the
+structured triggers and the message-text triggers).
 
 Output language: Policy C for user-facing summaries — see
 `<output_language_policy>`. Path patterns and external API field
@@ -85,77 +83,6 @@ Reservation.
 
 ---
 
-## Travel time / commute
-
-Uses the Google Maps Directions API to estimate travel time between
-locations. Computes departure times for calendar events with a
-`location` field.
-
-**Prerequisite**: `googleMapsApiKey` configured in the daemon's
-secret store, with the Directions API enabled.
-
-### When to use
-
-- **Morning routine** — for today's calendar events with a location,
-  compute departure times and add to today.md `## Commute & Travel`.
-- **User asks about commute / travel time** — query specific routes.
-- **Pre-event reminders** — DM departure-time suggestions.
-
-### Sourcing today's events
-
-The right fetch path depends on Google Calendar's current mode
-(read `<integration_modes>` injected at session start):
-
-<!-- mode:direct:google_calendar -->
-Direct mode → `GET /api/calendar/events?date=today&days=1`
-(see the `external-services` skill).
-<!-- /mode:direct:google_calendar -->
-<!-- mode:delegated-same:google_calendar -->
-Same-backend delegated → use this session backend's native Calendar
-list-events MCP tool. `/api/calendar/events` returns 410.
-<!-- /mode:delegated-same:google_calendar -->
-<!-- mode:delegated-cross:google_calendar -->
-Cross-backend delegated → `POST /api/integrations/google_calendar/exec`
-with a natural-language `task` + `outputSchema` (see the
-`external-services` skill — cross-backend variant for worked
-examples).
-<!-- /mode:delegated-cross:google_calendar -->
-<!-- mode:native:google_calendar -->
-Native mode → use this session backend's native Calendar list-events
-MCP tool (same call shape as `delegated-same`). The materialized
-`external-services` skill body (`SKILL.native.<session-backend>.md`)
-lists the per-backend tool names. The daemon does not proxy in
-native mode; `/api/calendar/events` returns 410 and
-`/api/integrations/google_calendar/exec` returns 410 too.
-<!-- /mode:native:google_calendar -->
-<!-- mode:disabled:google_calendar -->
-Disabled → skip this section; there is no calendar to source events
-from.
-<!-- /mode:disabled:google_calendar -->
-
-### API
-
-Full `/api/travel-time` reference (point-to-point + for-event) is in
-the dedicated reference below.
-
-{{> ref:travel-time-api }}
-
-### Formatting — today.md
-
-```
-## Commute & Travel
-14:00 Team meeting @ WeWork Times Square — depart by 13:15 (transit, 40 min)
-18:30 Dinner @ Restaurant ABC — depart by 18:00 (transit, 25 min)
-```
-
-Only include events that have a `location` field. Omit the section
-when no events have locations today.
-
-Mode display names: transit → Transit, driving → Driving, walking →
-Walking, bicycling → Bicycle.
-
----
-
 ## Receipts
 
 The daemon's Gmail observer scans travel-booking emails for PDF /
@@ -170,7 +97,7 @@ user's **external Obsidian vault**.
 > **external** Obsidian vault (user's personal knowledge base reached
 > via `/api/obsidian/*`), **not** the primary management store
 > reached via `/api/context/*`. The agent's own state files
-> (`today.md`, `roadmap.md`, `projects/*`, `user/*`, `rules/*`,
+> (`state/today.md`, `plans/roadmap.md`, `projects/*`, `user/*`, `rules/*`,
 > `routines/*`, `agent/*`) live in the primary store and must
 > **never** receive receipt attachments. See the
 > `external-services` skill's obsidian reference for the external

package/agent-assets/skills/mail/SKILL.delegated.claude.md

@@ -90,7 +90,7 @@ Response shape on success:
 `outputSchema` is **required** — the subprocess emits exactly one JSON
 object as its final message and the daemon validates it. Schemas
 larger than 4 KB are rejected (`schema_too_large`). Caps default to
-`maxToolCalls=7`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them via
+`maxToolCalls=8`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them via
 the request body up to the hard caps (15 / 0.50 / 300000) when a task
 genuinely needs more.
 
@@ -206,10 +206,18 @@ curl -s -X POST http://localhost:8321/api/integrations/gmail/exec \
 
 The setup wizard pre-populates `gmail.deniedTools` with the connector's
 destructive defaults (send / batch label mutate / etc.). `/exec`
-honors the deny list: a task that requires a denied tool surfaces as
-`tool_unavailable` (not 403) — the subprocess reports the gap and the
-daemon returns 502. Surface that to the user and ask whether to lift
-the deny before retrying.
+honors the deny list, and the response distinguishes two cases:
+
+- **Every connector tool is denied** → `403 denied_tool`. There is no
+  surface to plan against, so the daemon rejects the task up front
+  without spawning the subprocess.
+- **The connector still has usable tools but the specific tool a planned
+  task needs is denied (or no tool fits)** → `502 tool_unavailable`. The
+  subprocess plans, finds no permitted tool for the intent, and reports
+  the gap.
+
+In both cases, surface that to the user and ask whether to lift the
+relevant deny before retrying.
 
 ## Decision rules
 
@@ -236,6 +244,7 @@ Discriminator: `body.mode === "delegated"`.
 | 400 | `validation_error` / `schema_too_large` | no | Fix the request body. |
 | 409 | `mode_mismatch` | no | Gmail isn't delegated, OR your DM backend matches `delegatedBackend`. Re-read `integrations.md` and stop. |
 | 409 | `precondition` | no | Mode/backend was flipped while the call queued. Re-read `integrations.md` and re-plan. |
+| 403 | `denied_tool` | no | Every tool in the connector is denied — task mode has no surface to plan against. Surface to the user and ask whether to lift the deny. |
 | 429 | `task_quota_exhausted` | no | Daily cap reached; wait or surface. |
 | 502 | `parse_error` / `schema_violation` | no (daemon already retried once) | Consider a simpler schema. |
 | 502 | `tool_unavailable` | no | No connector tool fits the intent. Surface the gap to the user. |

package/agent-assets/skills/mail/SKILL.delegated.codex.md

@@ -85,7 +85,7 @@ Response shape on success:
 `outputSchema` is **required** — the subprocess emits exactly one JSON
 object as its final message and the daemon validates it. Schemas
 larger than 4 KB are rejected (`schema_too_large`). Caps default to
-`maxToolCalls=7`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them
+`maxToolCalls=8`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them
 via the request body up to the hard caps (15 / 0.50 / 300000) when a
 task genuinely needs more.
 
@@ -193,9 +193,12 @@ curl -sS -X POST http://localhost:8321/api/integrations/gmail/exec \
 ## Default deny floor
 
 The setup wizard pre-populates `gmail.deniedTools` with the connector's
-destructive defaults. `/exec` honors the deny list: a task that
-requires a denied tool surfaces as `tool_unavailable` — surface that
-to the user and ask whether to lift the deny before retrying.
+destructive defaults. `/exec` honors the deny list, distinguishing two
+cases: if **every** connector tool is denied → `403 denied_tool` (no
+surface to plan against, rejected up front); if usable tools remain but
+the specific tool a planned task needs is denied (or no tool fits) →
+`502 tool_unavailable`. In both cases, surface that to the user and ask
+whether to lift the relevant deny before retrying.
 
 ## Decision rules
 
@@ -218,6 +221,7 @@ Discriminator: `body.mode === "delegated"`.
 | 400 | `validation_error` / `schema_too_large` | no | Fix the request body. |
 | 409 | `mode_mismatch` | no | Gmail isn't delegated, OR your DM backend matches `delegatedBackend`. Re-read `integrations.md` and stop. |
 | 409 | `precondition` | no | Mode/backend was flipped during queue wait. Re-read `integrations.md` and re-plan. |
+| 403 | `denied_tool` | no | Every tool in the connector is denied — no surface to plan against. Surface to the user and ask whether to lift the deny. |
 | 429 | `task_quota_exhausted` | no | Daily cap reached; wait or surface. |
 | 502 | `parse_error` / `schema_violation` | no (daemon already retried once) | Consider a simpler schema. |
 | 502 | `tool_unavailable` | no | No connector tool fits. Surface the gap. |

package/agent-assets/skills/mail/SKILL.delegated.gemini.md

@@ -83,7 +83,7 @@ Response shape on success:
 `outputSchema` is **required** — the subprocess emits exactly one JSON
 object as its final message and the daemon validates it. Schemas
 larger than 4 KB are rejected (`schema_too_large`). Caps default to
-`maxToolCalls=7`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them
+`maxToolCalls=8`, `maxBudgetUsd=0.05`, `timeoutMs=60000` — bump them
 via the request body up to the hard caps (15 / 0.50 / 300000) when a
 task genuinely needs more.
 
@@ -187,9 +187,12 @@ curl -sS -X POST http://localhost:8321/api/integrations/gmail/exec \
 ## Default deny floor
 
 The setup wizard pre-populates `gmail.deniedTools` with the connector's
-destructive defaults. `/exec` honors the deny list: a task that
-requires a denied tool surfaces as `tool_unavailable` — surface that
-to the user and ask whether to lift the deny before retrying.
+destructive defaults. `/exec` honors the deny list, distinguishing two
+cases: if **every** connector tool is denied → `403 denied_tool` (no
+surface to plan against, rejected up front); if usable tools remain but
+the specific tool a planned task needs is denied (or no tool fits) →
+`502 tool_unavailable`. In both cases, surface that to the user and ask
+whether to lift the relevant deny before retrying.
 
 ## Decision rules
 
@@ -212,6 +215,7 @@ Discriminator: `body.mode === "delegated"`.
 | 400 | `validation_error` / `schema_too_large` | no | Fix the request body. |
 | 409 | `mode_mismatch` | no | Gmail isn't delegated, OR your DM backend matches `delegatedBackend`. Re-read `integrations.md` and stop. |
 | 409 | `precondition` | no | Mode/backend was flipped during queue wait. Re-read `integrations.md` and re-plan. |
+| 403 | `denied_tool` | no | Every tool in the connector is denied — no surface to plan against. Surface to the user and ask whether to lift the deny. |
 | 429 | `task_quota_exhausted` | no | Daily cap reached; wait or surface. |
 | 502 | `parse_error` / `schema_violation` | no (daemon already retried once) | Consider a simpler schema. |
 | 502 | `tool_unavailable` | no | No connector tool fits. Surface the gap. |

package/agent-assets/skills/mail/references/api.md

@@ -70,8 +70,10 @@ skill body.
 ## Send / draft
 
 ```bash
-# Direct send — Autonomous; rejected with 403 when the user has denied
-# the send tool. Call /api/notify yourself if the user should know.
+# Direct send — Autonomous. Direct mode has NO deny-tool gate: this
+# route validates the body and sends unconditionally (no 403/denied_tool
+# path; `deniedTools` only applies to delegated-mode connector tools).
+# Call /api/notify yourself if the user should know.
 curl -sX POST "http://localhost:8321/api/mail/ACCT/messages/send" \
   -H "Content-Type: application/json" \
   -d '{"to": [...], "subject": "...", "textBody": "...", "reply"?: {...}}'

package/agent-assets/skills/mail/references/providers.md

@@ -16,7 +16,7 @@ on this kind — do NOT retry; tell the user and fall back.
 | Thread read (`GET /threads/:id`) | yes | yes | partial (client-walked; `status: "partial"` possible) |
 | Draft read (`GET /drafts`, `GET /drafts/:id`) | yes | yes | yes |
 | Draft write (`POST`/`PATCH`/`DELETE /drafts`, `POST /drafts/:id/send`) | yes | yes | no — **501** — direct `/messages/send` only |
-| Attachment download (via `/receipts/:id/file`) | yes | no — 501 | no — 501 |
+| Attachment download (via `POST /api/receipts/:id/download`) | yes | no — 501 | no — 501 |
 
 **IMAP drafts** (Yahoo / iCloud): every draft *write* returns 501. To
 queue outbound mail for a non-Gmail IMAP user, send directly via

package/agent-assets/skills/managed-tasks/SKILL.md

@@ -11,7 +11,7 @@ allowed-tools:
 A **managed task** is a user-delegated commitment: the agent runs a
 recurring fetch against a specific App at a user-specified Cadence and
 writes the resulting entities into a primary L2 directory (the
-`Output path`). Each row lives in `rules/management.md` §B. The
+`Output path`). Each row lives in `policies/management.md` §B. The
 authoritative store is the `managed_tasks` SQLite table; the file is
 re-rendered from the table after every mutation, so do **not** PUT the
 file yourself — every legal mutation goes through `/api/managed-tasks`
@@ -54,7 +54,7 @@ dedup contract. Do not register a duplicate.
 ### Step 1 — Read current state
 
 ```bash
-curl -s "http://localhost:8321/api/context/rules/management" | jq -r .content
+curl -s "http://localhost:8321/api/context/policies/management" | jq -r .content
 ```
 
 Extract §B (Managed tasks) and §A (Source-of-Truth bindings). §A
@@ -213,7 +213,7 @@ instead of registering twice.
 transaction rolls back and you get a 5xx — surface the body verbatim.
 
 **File render**: post-transaction the daemon re-renders
-`rules/management.md` from DB (locked, snapshotted into
+`policies/management.md` from DB (locked, snapshotted into
 `md_file_snapshots`). You do NOT touch the file.
 
 ### Step 7 — Confirm to user
@@ -307,7 +307,7 @@ for safety.
 
 Server-side transaction: UPDATE `recurring_schedules` (if
 `recurrenceRule` changed) → UPDATE `managed_tasks` → re-render
-`rules/management.md` → INSERT one `agent_actions` row
+`policies/management.md` → INSERT one `agent_actions` row
 (`action_type='management_task.modified', detail={changed, from, to}`).
 
 `mt_id`, `last_run_at`, `last_result`, and `consecutive_failures`
@@ -377,7 +377,7 @@ curl -sS -X DELETE http://localhost:8321/api/managed-tasks/mt_42
 Server-side transaction (atomic): snapshot the row's full state into
 `agent_actions.detail` → DELETE `managed_tasks` (cascades to
 `recurring_schedules` via FK) → cancel pending `agent_schedule`
-rows → re-render `rules/management.md` → INSERT one `agent_actions`
+rows → re-render `policies/management.md` → INSERT one `agent_actions`
 row (`action_type='management_task.deleted'`).
 
 The pre-delete row snapshot in `agent_actions`
@@ -392,7 +392,7 @@ One DM:
 > Stopped `mt_42` Zoom check. The row is gone from the registry; ask
 > me to register a new one any time.
 
-`_activity/<source>.md`'s "Recently changed (90d)" section
+`state/activity/<source>.md`'s "Recently changed (90d)" section
 auto-updates within ~10 s. You do NOT touch that file.
 
 ---
@@ -436,7 +436,7 @@ Idempotency-Key contract are in the errors reference below.
 
 - Does NOT hardcode connector tool names — all tool selection is
   LLM-judged.
-- Does NOT PUT `rules/management.md` directly — the daemon owns the
+- Does NOT PUT `policies/management.md` directly — the daemon owns the
   write. The only legal write is the `/api/managed-tasks` chokepoint.
 - Does NOT INSERT `recurring_schedules` directly. POST
   `/api/managed-tasks` keeps the FK pair consistent.
@@ -451,7 +451,7 @@ Idempotency-Key contract are in the errors reference below.
 - Does NOT register a task that has no probe-passing connector.
   Probe failure is a hard stop.
 - Does NOT delete entity files produced by past runs on stop.
-- Does NOT regenerate `_activity/<source>.md`. The reconciler does.
+- Does NOT regenerate `state/activity/<source>.md`. The reconciler does.
 - Does NOT bulk-stop without per-row confirmation. "Stop all gmail
   tasks" is a series of DM round-trips, one per row.
 
@@ -459,7 +459,7 @@ Idempotency-Key contract are in the errors reference below.
 
 | Verb + path | Used in |
 |---|---|
-| `GET /api/context/rules/management` | Register Step 1 (read §A + §B) |
+| `GET /api/context/policies/management` | Register Step 1 (read §A + §B) |
 | `GET /api/entities?source=<app>` | Register Step 4a (output-path bias) |
 | `GET /api/managed-tasks` / `/api/managed-tasks/:id` | Locate row (Modify / Stop Step 1; Register Step 1 alternate) |
 | `POST /api/managed-tasks` | Register Step 6 (Notify tier; daemon DMs confirmation) |

package/agent-assets/skills/managed-tasks/references/errors.md

@@ -18,12 +18,15 @@ Every endpoint returns the standard daemon error shape:
 ```
 
 `body.message` is intended for the user — preserve it verbatim. The
-daemon does NOT emit `cron_too_tight` (the recurrence schema only
-accepts daily / weekly / monthly, so sub-daily asks never reach the
-POST — refuse them client-side per the recurrence-rule reference) or
-`cadence_partial` (the recurrence rule is one structured field, so
-there is no partial-cadence shape to reject). A future schema gain
-would surface those codes for the first time; surface verbatim.
+daemon does NOT emit `cron_too_tight`. Note: the recurrence schema
+DOES accept `hourly` (the engine supports `hourly`/`daily`/`weekly`/
+`monthly`), so a sub-daily POST is NOT rejected server-side — it
+succeeds (201). The daily-or-coarser floor for managed tasks is a
+**client-side** refusal only: YOU must refuse sub-daily cadences per
+the recurrence-rule reference (`§ Consumer-specific refusal`) before
+POSTing — do not expect the server to 400 an `hourly` rule. The daemon
+also does not emit `cadence_partial` (the recurrence rule is one
+structured field, so there is no partial-cadence shape to reject).
 
 ## POST /api/managed-tasks
 

package/agent-assets/skills/managed-tasks/references/recurrence-rule.md

@@ -76,7 +76,7 @@ Same template applies to "every 5 minutes", "every 30 minutes",
 ## Cadence string vs structured rule
 
 Always send both `cadence` (human-readable, rendered in
-`rules/management.md` §B) and `recurrenceRule` (structured, what the
+`policies/management.md` §B) and `recurrenceRule` (structured, what the
 scheduler executes). They must agree — if they drift, the rendered
 file misleads the user about what the scheduler will actually do.