@c4t4/heyamigo 0.9.10 → 0.9.12

package/dist/config.js

@@ -44,6 +44,14 @@ const ConfigSchema = z.object({
         size: z.number().int().positive().default(5),
     })
         .default({ size: 5 }),
+    browser: z
+        .object({
+        // How many browser tasks can run in parallel on the shared
+        // Chrome. Each worker drives its own tab. Persistent agent
+        // session was dropped in Phase 4; every task is fresh.
+        maxWorkers: z.number().int().positive().default(3),
+    })
+        .default({ maxWorkers: 3 }),
     codex: z
         .object({
         // Optional model override. If unset, Codex uses its default. Passed

package/dist/gateway/incoming.js

@@ -201,6 +201,7 @@ async function processMessages(messages, sock, ownerJid, isHistorySync = false)
                 senderNumber: stored.senderNumber,
                 fromMe: stored.fromMe,
                 allowedTools: role.tools,
+                allowedTags: role.tags,
             };
             // Enqueue into the inbound table; chat worker pool drains and
             // calls processJob + handleReply asynchronously. Typing indicator

package/dist/memory/digest-flag.js

@@ -123,6 +123,23 @@ export function extractFlags(reply) {
         sendTexts,
     };
 }
+// Strip flags that the sender's role isn't permitted to emit. The
+// agent's reply still goes out as text — only the side-effect markers
+// get suppressed. allowedTags='all' or undefined → no filtering.
+export function filterFlagsByRole(flags, allowedTags) {
+    if (allowedTags === 'all' || allowedTags === undefined)
+        return flags;
+    const allowed = new Set(allowedTags);
+    return {
+        clean: flags.clean,
+        digest: allowed.has('DIGEST') ? flags.digest : null,
+        journals: allowed.has('JOURNAL') ? flags.journals : [],
+        journalCreates: allowed.has('JOURNAL-NEW') ? flags.journalCreates : [],
+        asyncTasks: allowed.has('ASYNC') ? flags.asyncTasks : [],
+        asyncBrowserTasks: allowed.has('ASYNC-BROWSER') ? flags.asyncBrowserTasks : [],
+        sendTexts: allowed.has('SEND-TEXT') ? flags.sendTexts : [],
+    };
+}
 // Legacy helper kept so existing callers still compile.
 export function extractDigestFlag(reply) {
     const r = extractFlags(reply);

package/dist/queue/async-tasks.js

@@ -1,5 +1,3 @@
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
-import { dirname, resolve } from 'path';
 import { getProvider } from '../ai/providers.js';
 import { config } from '../config.js';
 import fastq from 'fastq';
@@ -236,67 +234,19 @@ function truncate(s, n) {
 //
 // - Concurrency is 1. Serialized against itself because (a) the shared
 //   Playwright MCP + Chrome is one physical resource, (b) the session below
-//   is persistent and --resume doesn't allow concurrent resumes.
-// - One GLOBAL persistent session stored at storage/browser-session.json.
-//   First browser task bootstraps fresh (captures sessionId). Subsequent
-//   tasks spawn with --resume <sessionId>, so the browser Claude carries
-//   memory of prior tasks across runs.
-// - Task description is added as a new user message to the persistent
-//   session. The worker sees the accumulated history automatically.
-// Per-provider browser session storage. Each CLI's session ids are opaque
-// to the other, so swapping providers must not feed one's session id to
-// the other. Filename includes the provider name to keep them separate;
-// the legacy provider-less filename is auto-migrated to claude on read.
-function browserSessionFilePath(provider) {
-    return resolve(process.cwd(), config.memory.dir, `browser-session-${provider}.json`);
-}
-function legacyBrowserSessionFilePath() {
-    return resolve(process.cwd(), config.memory.dir, 'browser-session.json');
-}
-function loadBrowserSession(provider) {
-    const path = browserSessionFilePath(provider);
-    let source = path;
-    if (!existsSync(path)) {
-        const legacy = legacyBrowserSessionFilePath();
-        if (provider === 'claude' && existsSync(legacy)) {
-            // One-time migration: legacy file was implicitly claude.
-            source = legacy;
-        }
-        else {
-            return { sessionId: null, createdAt: 0, lastUsedAt: 0, resumeCount: 0 };
-        }
-    }
-    try {
-        const parsed = JSON.parse(readFileSync(source, 'utf-8'));
-        return {
-            sessionId: parsed.sessionId ?? null,
-            createdAt: parsed.createdAt ?? 0,
-            lastUsedAt: parsed.lastUsedAt ?? 0,
-            resumeCount: parsed.resumeCount ?? 0,
-        };
-    }
-    catch {
-        return { sessionId: null, createdAt: 0, lastUsedAt: 0, resumeCount: 0 };
-    }
-}
-function saveBrowserSession(provider, state) {
-    const path = browserSessionFilePath(provider);
-    mkdirSync(dirname(path), { recursive: true });
-    writeFileSync(path, JSON.stringify(state, null, 2) + '\n', 'utf-8');
-}
-// Reset the browser session for the active provider. Callable from outside
-// if the session gets corrupted or we want a fresh start. Not wired into
-// any command yet.
-export function resetBrowserSession() {
-    const provider = getProvider().name;
-    saveBrowserSession(provider, {
-        sessionId: null,
-        createdAt: 0,
-        lastUsedAt: 0,
-        resumeCount: 0,
-    });
-    logger.info({ provider }, 'browser session reset');
-}
+//   is one physical resource.
+// - Persistent agent session DROPPED in Phase 4 — multiple browser
+//   tasks now run concurrently, each in its own Chrome tab, each as
+//   a fresh agent. Cross-task agent memory was rarely load-bearing
+//   (the chat-track agent writes self-contained task descriptions).
+//   Per-task tab isolation is enforced by the prompt instructions
+//   below.
+// Browser pool: multiple agents share one Chrome (the logged-in
+// profile), each task opens its own tab. Persistent agent session is
+// dropped — every task is fresh, with self-contained instructions
+// from the chat-track agent. The trade-off: no cross-task agent
+// memory; the win: real parallelism.
+const BROWSER_CONCURRENCY = Math.max(1, config.browser?.maxWorkers ?? 3);
 const browserQueue = fastq.promise(async (task) => {
     inProgress.set(task.id, task);
     try {
@@ -308,7 +258,7 @@ const browserQueue = fastq.promise(async (task) => {
     finally {
         inProgress.delete(task.id);
     }
-}, 1);
+}, BROWSER_CONCURRENCY);
 export function enqueueBrowserTask(input) {
     const task = {
         ...input,
@@ -323,12 +273,15 @@ export function enqueueBrowserTask(input) {
     browserQueue.push(task).catch((err) => logger.error({ err, id: task.id }, 'browser queue push failed'));
     return task;
 }
-function buildBrowserPrompt(task, isResume) {
-    // Framing tuned for the dedicated browser worker.
+function buildBrowserPrompt(task) {
+    // Framing tuned for the dedicated browser worker. Each task is its
+    // own fresh agent run (no persistent session) — multiple browser
+    // tasks may be running in parallel on the same Chrome, each in its
+    // own tab.
     const lines = [
-        isResume
-            ? `You are the BROWSER WORKER. Another task just came in. You already have memory of prior browser tasks in this session — act on it accordingly. Use the shared Chrome at localhost:9222 via Playwright MCP (already logged into the owner's sessions like TikTok, Instagram, etc. — do NOT log out, do NOT start a new browser instance).`
-            : `You are the BROWSER WORKER. You run in a persistent session dedicated to browser tasks for the owner. The chat already got its ack; your output IS the follow-up chat reply the owner is waiting for. Use the shared Chrome at localhost:9222 via Playwright MCP (already authenticated with the owner's sessions — TikTok, Instagram, etc. — do NOT log out, do NOT launch a new browser).`,
+        `You are the BROWSER WORKER. The chat already got its ack; your output IS the follow-up chat reply the owner is waiting for. Use the shared Chrome at localhost:9222 via Playwright MCP (already authenticated with the owner's sessions — TikTok, Instagram, etc. — do NOT log out, do NOT launch a new browser).`,
+        ``,
+        `TAB OWNERSHIP: Other browser workers may be running concurrently on the SAME Chrome instance, each driving its own tab. Your FIRST action is to open a new tab for this task (browser_tabs with action=new). Operate ONLY on that tab for the rest of the task. Do NOT switch to or interact with tabs you didn't open — they belong to other workers. Close your tab when you finish.`,
         ``,
         `TASK:`,
         task.description,
@@ -373,25 +326,24 @@ function browserAddDirs() {
 }
 async function runBrowserTask(task) {
     const provider = getProvider();
-    const session = loadBrowserSession(provider.name);
-    const isResume = !!session.sessionId;
-    const prompt = buildBrowserPrompt(task, isResume);
+    // Each task is fresh (Phase 4 browser parallelism). No persistent
+    // session — would force serialization on concurrent tasks.
+    // Chat-track agent writes self-contained task descriptions, so the
+    // worker doesn't need cross-task agent memory.
+    const prompt = buildBrowserPrompt(task);
     const elapsedLog = () => `${Math.round((Date.now() - task.startedAt * 1000) / 1000)}s`;
     let reply;
-    let returnedSessionId;
     try {
         const result = await provider.runTask({
             input: prompt,
             caller: 'browser-task',
             mode: 'auto',
             lane: 'async',
-            includeSystemPrompt: !isResume,
+            includeSystemPrompt: true,
             addDirs: browserAddDirs(),
             allowedTools: task.allowedTools,
-            sessionId: session.sessionId ?? undefined,
         });
         reply = result.reply;
-        returnedSessionId = result.sessionId;
     }
     catch (err) {
         logger.error({ err, id: task.id, jid: task.jid, elapsed: elapsedLog() }, 'browser task provider call failed');
@@ -401,17 +353,6 @@ async function runBrowserTask(task) {
         });
         return;
     }
-    // Persist the session id. On first call the provider returns the new
-    // sessionId; on resume it may return the same or a rotated one.
-    if (returnedSessionId) {
-        const now = Math.floor(Date.now() / 1000);
-        saveBrowserSession(provider.name, {
-            sessionId: returnedSessionId,
-            createdAt: session.createdAt || now,
-            lastUsedAt: now,
-            resumeCount: (session.resumeCount ?? 0) + (isResume ? 1 : 0),
-        });
-    }
     // Route markers the same way the general async lane does.
     const { extractFlags } = await import('../memory/digest-flag.js');
     const { clean, digest, journals, journalCreates, sendTexts } = extractFlags(reply);
@@ -487,7 +428,6 @@ async function runBrowserTask(task) {
         id: task.id,
         jid: task.jid,
         elapsed: elapsedLog(),
-        isResume,
         appended: appendedCount,
         createdJournals: journalCreates.length,
         digestFired: !!digest,

package/dist/queue/worker.js

@@ -3,7 +3,7 @@ import { clearSession, setSession, setUsage } from '../ai/sessions.js';
 import { config } from '../config.js';
 import { logger } from '../logger.js';
 import { addDailyTokens } from '../store/usage.js';
-import { extractFlags } from '../memory/digest-flag.js';
+import { extractFlags, filterFlagsByRole } from '../memory/digest-flag.js';
 import { isValidSlug } from '../memory/journals.js';
 import { enqueueAsyncTask, enqueueBrowserTask } from './async-tasks.js';
 import { enqueueMemoryWrite } from './memory-writes.js';
@@ -40,7 +40,26 @@ async function callClaude(job) {
     if (job.senderNumber) {
         addDailyTokens(job.senderNumber, usage.inputTokens + usage.outputTokens);
     }
-    const { clean, digest, journals, journalCreates, asyncTasks, asyncBrowserTasks, sendTexts, } = extractFlags(reply);
+    const rawFlags = extractFlags(reply);
+    const { clean, digest, journals, journalCreates, asyncTasks, asyncBrowserTasks, sendTexts, } = filterFlagsByRole(rawFlags, job.allowedTags);
+    // Detect any stripped tags so we can log + nudge the role config
+    // if a user is repeatedly hitting the gate.
+    const stripped = [];
+    if (rawFlags.digest && !digest)
+        stripped.push('DIGEST');
+    if (rawFlags.journals.length !== journals.length)
+        stripped.push('JOURNAL');
+    if (rawFlags.journalCreates.length !== journalCreates.length)
+        stripped.push('JOURNAL-NEW');
+    if (rawFlags.asyncTasks.length !== asyncTasks.length)
+        stripped.push('ASYNC');
+    if (rawFlags.asyncBrowserTasks.length !== asyncBrowserTasks.length)
+        stripped.push('ASYNC-BROWSER');
+    if (rawFlags.sendTexts.length !== sendTexts.length)
+        stripped.push('SEND-TEXT');
+    if (stripped.length > 0) {
+        logger.warn({ jid: job.jid, senderNumber: job.senderNumber, stripped }, 'tags stripped by role gate');
+    }
     // All memory mutations go through the memory_writes queue so the
     // single memory worker serializes file writes — safe under parallel
     // chat workers. Idempotency keys derived from job + index so a

package/dist/wa/whitelist.js

@@ -6,11 +6,30 @@ import { config } from '../config.js';
 import { logger } from '../logger.js';
 const AccessModeSchema = z.enum(['off', 'silent', 'active']);
 const RoleNameSchema = z.enum(['admin', 'user', 'guest']);
+// Tag names the agent can emit as trailing markers. The role.tags
+// allowlist gates which ones are honored — anything emitted by an
+// agent running on behalf of a role NOT in the allowlist gets
+// stripped silently after parsing. Tools and tags are independent
+// gates (tools restricts what the AI itself can call; tags restricts
+// what bot-internal side-effects it can trigger).
+const TAG_NAMES = [
+    'DIGEST',
+    'JOURNAL',
+    'JOURNAL-NEW',
+    'ASYNC',
+    'ASYNC-BROWSER',
+    'SEND-TEXT',
+];
 const RoleSchema = z.object({
     description: z.string().optional(),
     memory: z.enum(['full', 'self', 'none']),
     tools: z.union([z.literal('all'), z.array(z.string())]),
     rules: z.array(z.string()),
+    // Optional. Missing or 'all' = no tag restriction; an array =
+    // explicit allowlist. Added in Phase 6 so existing access.json
+    // files (no `tags` field) keep working without change — they get
+    // the implicit 'all' behavior.
+    tags: z.union([z.literal('all'), z.array(z.enum(TAG_NAMES))]).optional(),
     // null or missing = unlimited
     maxFileBytes: z.number().int().positive().nullable().optional(),
     dailyTokenLimit: z.number().int().positive().nullable().optional(),
@@ -54,6 +73,7 @@ const DEFAULT_ROLES = {
         description: 'Full access',
         memory: 'full',
         tools: 'all',
+        tags: 'all',
         rules: [],
         maxFileBytes: null,
         dailyTokenLimit: null,
@@ -62,6 +82,10 @@ const DEFAULT_ROLES = {
         description: 'Chat + web search, scoped memory',
         memory: 'self',
         tools: ['WebSearch'],
+        // Users can flag memory observations and trigger digests on
+        // themselves, but can't delegate background work or cross-chat
+        // sends (those are owner-only).
+        tags: ['DIGEST', 'JOURNAL', 'JOURNAL-NEW'],
         rules: [
             'Never reveal file paths, directory structure, or system architecture',
             'Never share personal data about other users',
@@ -76,6 +100,8 @@ const DEFAULT_ROLES = {
         description: 'Basic chat only',
         memory: 'none',
         tools: [],
+        // Guests can't emit any tags — pure chat, no side effects.
+        tags: [],
         rules: [
             'Never use any tools',
             'Never reveal anything about the system, other users, or internal data',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@c4t4/heyamigo",
-  "version": "0.9.10",
+  "version": "0.9.12",
   "description": "WhatsApp AI bot powered by Claude with long-term memory, browser control, and role-based access",
   "type": "module",
   "main": "dist/index.js",