@cgh567/agent 2.4.2 → 2.4.4

package/extensions/hema-dispatch-v3/index.ts

@@ -104,6 +104,7 @@ import { recordDispatchOutcome } from '../../brainv2/channel-outcome-tracker.ts'
 import { shouldInjectOracle, formatOracleInjection } from './oracle.ts';
 import { shouldInjectHEMA } from './conditional-inject.ts';
 import { routeSkills, formatSkillHints } from './skill-router.ts';
+import { compressTextViaHeadroom } from './headroom-compress.ts';
 
 // Expose skill router for cross-extension access (cortex uses this)
 (globalThis as any).__hemaSkillRouter = { routeSkills };
@@ -682,15 +683,20 @@ export default function hemaDispatchV3(pi: any): void {
     } catch (_) { process.stderr.write(`[hema:catch] fail-open: graceful degradation: ${(_ as Error)?.message || _}\n`); } // HeliosRuntime may not be initialized — fail-open
 
     // ═══ TASK-13: Budget Pre-Admission Gate ═══
-    // Reads ~/helios-agent/brainv2/budget-status.json (written by GraphSyncService).
+    // MT-02: Path resolves from HELIOS_ROOT env var (required). If unset, daemon logs a startup error.
+    // budget-status.json is written by GraphSyncService at $HELIOS_ROOT/brainv2/budget-status.json.
     // Fail-open: if file missing or unreadable, proceed normally.
     // blocked=true  → hard block, return early with ⛔ message
     // warningActive → inject budget warning into agent context (soft signal)
     let _budgetStatus: { blocked?: boolean; warningActive?: boolean; policies?: any[] } = {};
     let _budgetWarning: string | null = null;
     try {
-      const _budgetStatusPath = join(homedir(), 'helios-agent/brainv2/budget-status.json');
-      if (fs.existsSync(_budgetStatusPath)) {
+      const _heliosRoot = process.env['HELIOS_ROOT'];
+      if (!_heliosRoot) {
+        process.stderr.write('[hema] HELIOS_ROOT not set — budget-status.json cannot be read. Set HELIOS_ROOT to the helios-agent repo root.\n');
+      }
+      const _budgetStatusPath = _heliosRoot ? join(_heliosRoot, 'brainv2/budget-status.json') : null;
+      if (_budgetStatusPath && fs.existsSync(_budgetStatusPath)) {
         _budgetStatus = JSON.parse(fs.readFileSync(_budgetStatusPath, 'utf8'));
       }
     } catch (_budgetErr) {
@@ -1505,71 +1511,7 @@ export default function hemaDispatchV3(pi: any): void {
             // No context available from either path
             enrichedTask = taskText;
             logHemaEvent('hema_no_context', { nativePacksUsed, legacyUsed: admitted.admitted?.length > 0 });
-          }
-
-          // ── Helios Compression: compress HEMA recall payload before injection ──
-          // The recall context contains JSON graph payloads (leads, signals, tasks,
-          // goals, code nodes). Send the assembled text as a tool_result block to
-          // the compression server — it will find and compress embedded JSON arrays.
-          //
-          // Uses direct HTTP to HEADROOM_PROXY_URL (same pattern as context-compaction.ts)
-          // rather than the headroom-ai npm package so this works in Pi subprocess context.
-          // Applies to all companies: the role injection budgets enforce per-agent limits.
-          if (enrichedTask.length > 2000) {
-            const _hrUrl = process.env.HEADROOM_PROXY_URL;
-            if (_hrUrl) {
-              try {
-                // eslint-disable-next-line @typescript-eslint/no-require-imports
-                const http = require('http');
-                const _payload = JSON.stringify({
-                  messages: [{
-                    role: 'user',
-                    content: [{
-                      type: 'tool_result',
-                      tool_use_id: 'hema_recall',
-                      content: enrichedTask,
-                    }],
-                  }],
-                });
-                const _result: any = await new Promise((resolve, reject) => {
-                  const _url = new URL('/headroom/compress', _hrUrl);
-                  const _req = http.request(
-                    {
-                      hostname: _url.hostname,
-                      port: parseInt(_url.port || '8787', 10),
-                      path: '/headroom/compress',
-                      method: 'POST',
-                      headers: {
-                        'Content-Type': 'application/json',
-                        'Content-Length': Buffer.byteLength(_payload),
-                      },
-                    },
-                    (res: any) => {
-                      let body = '';
-                      res.on('data', (c: Buffer) => { body += c; });
-                      res.on('end', () => { try { resolve(JSON.parse(body)); } catch { reject(new Error('bad json')); } });
-                      res.on('error', reject);
-                    }
-                  );
-                  _req.setTimeout(3000, () => { _req.destroy(); reject(new Error('timeout')); });
-                  _req.on('error', reject);
-                  _req.write(_payload);
-                  _req.end();
-                });
-
-                const _compressed = _result?.messages?.[0]?.content?.[0]?.content ?? enrichedTask;
-                if (typeof _compressed === 'string' && _compressed.length < enrichedTask.length) {
-                  const _saved = enrichedTask.length - _compressed.length;
-                  process.stderr.write(`[hema-dispatch-v3] Headroom compressed recall context: -${_saved} chars (${agentType})\n`);
-                  enrichedTask = _compressed;
-                  logHemaEvent('hema_headroom_compressed', { saved: _saved, agentType });
-                }
-              } catch (_hrErr: any) {
-                // Non-fatal: log and continue with uncompressed enrichedTask
-                process.stderr.write(`[hema-dispatch-v3] Headroom recall compress skipped: ${_hrErr?.message}\n`);
-              }
-            }
-          }
+           }
 
           // Wire getReasoningHint for proven reasoning paths (lazy require to avoid circular import under jiti)
           try {
@@ -1655,6 +1597,22 @@ export default function hemaDispatchV3(pi: any): void {
             triggerMatrixRefresh(projectPath);
           }
 
+          // ── Helios Compression: compress full enrichedTask AFTER all appends ──
+          // Fires after reasoningHint, V-Gate block, skillHints, and oracleInjection
+          // are all appended. Compresses embedded JSON arrays (signals, leads, pipeline,
+          // tasks) from the recall context. Prose appends pass through unchanged.
+          // Uses compressTextViaHeadroom() — fail-open, 3s timeout, no throws.
+          {
+            const _hrUrl = process.env.HEADROOM_PROXY_URL;
+            const _taskBefore = enrichedTask.length;
+            enrichedTask = await compressTextViaHeadroom(enrichedTask, _hrUrl, 'hema_task');
+            if (enrichedTask.length < _taskBefore) {
+              const _saved = _taskBefore - enrichedTask.length;
+              process.stderr.write(`[hema-dispatch-v3] Headroom compressed full task: -${_saved} chars (${agentType})\n`);
+              logHemaEvent('hema_headroom_compressed', { saved: _saved, agentType });
+            }
+          }
+
           t.task = enrichedTask;
           if (_budgetWarning) {
             t.task = `${_budgetWarning}\n\n${t.task}`;
@@ -2676,9 +2634,10 @@ export default function hemaDispatchV3(pi: any): void {
       } catch (_) { process.stderr.write(`[hema:catch] fail-open: ${(_ as Error)?.message || _}\n`); }
 
       // Load hot memory — ensure file exists
-      const hotMemoryPath = join(homedir(), 'helios-agent', 'sessions', 'hot-memory.json');
+      const _heliosRootForMem = process.env['HELIOS_ROOT'] ?? join(homedir(), 'helios-agent');
+      const hotMemoryPath = join(_heliosRootForMem, 'sessions', 'hot-memory.json');
       if (!fs.existsSync(hotMemoryPath)) {
-        const sessDir = join(homedir(), 'helios-agent', 'sessions');
+        const sessDir = join(_heliosRootForMem, 'sessions');
         if (!fs.existsSync(sessDir)) fs.mkdirSync(sessDir, { recursive: true });
         fs.writeFileSync(hotMemoryPath, JSON.stringify({ sessions: [] }, null, 2), 'utf8');
       }
@@ -2706,7 +2665,7 @@ export default function hemaDispatchV3(pi: any): void {
         const pendingIds = [..._pendingDispatchIds.keys()];
         try {
           const _walSessionId = di('sessionId') || process.pid;
-        const walPath = join(homedir(), `helios-agent/sessions/.pending-dispatches-${_walSessionId}.json`);
+        const walPath = join(process.env['HELIOS_ROOT'] ?? join(homedir(), 'helios-agent'), `sessions/.pending-dispatches-${_walSessionId}.json`);
           fs.writeFileSync(walPath, JSON.stringify({ ids: pendingIds, timestamp: Date.now(), sessionId: di('sessionId') || 'unknown' }));
           process.stderr.write(`[hema] session_shutdown: wrote ${pendingIds.length} pending dispatch ID(s) to WAL\n`);
         } catch (e: any) {
@@ -3144,7 +3103,7 @@ export default function hemaDispatchV3(pi: any): void {
         return { systemPrompt: appendDynamic(event.systemPrompt, '\n' + evalContext) };
       }
 
-      const hotMemoryPath = join(homedir(), 'helios-agent', 'sessions', 'hot-memory.json');
+      const hotMemoryPath = join(process.env['HELIOS_ROOT'] ?? join(homedir(), 'helios-agent'), 'sessions', 'hot-memory.json');
 
       let hotMemory: any = null;
       if (fs.existsSync(hotMemoryPath)) {
@@ -3532,6 +3491,21 @@ export default function hemaDispatchV3(pi: any): void {
         }
       } catch { /* fail-open */ }
 
+      // ── Helios Compression: compress combined system-prompt block ─────────
+      // `combined` contains company context (JSON graph payloads: goals, tasks,
+      // signals, pipeline), code matrix, EvidencePacks, skill hints, and mission
+      // context. JSON arrays in company context and code matrix benefit from
+      // SmartCrusher. Prose blocks pass through unchanged.
+      // Uses compressTextViaHeadroom() — fail-open, 3s timeout, no throws.
+      {
+        const _hrUrlBAS = process.env.HEADROOM_PROXY_URL;
+        const _combinedBefore = combined.length;
+        combined = await compressTextViaHeadroom(combined, _hrUrlBAS, 'hema_before_agent');
+        if (combined.length < _combinedBefore) {
+          process.stderr.write(`[hema-dispatch-v3] Headroom compressed before_agent_start: -${_combinedBefore - combined.length} chars\n`);
+        }
+      }
+
       return { systemPrompt: appendDynamic(event.systemPrompt, '\n' + combined + observationsBlock) };
     } catch (err) { /* fail-open: system prompt enrichment */ if (process.env.HELIOS_DEBUG) console.error(`[hema] system prompt enrichment error: ${String(err)}`); }
   });

package/extensions/interview/__tests__/server.test.ts

@@ -0,0 +1,117 @@
+/**
+ * extensions/interview/__tests__/server.test.ts
+ * P3-N6: Interview server tests
+ */
+import { describe, it, expect, afterAll, beforeAll } from 'vitest';
+import * as http from 'node:http';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+
+const SERVER_PATH = path.resolve(__dirname, '../server.ts');
+
+// Helper to make HTTP requests to the test server
+function httpRequest(
+  port: number,
+  method: string,
+  urlPath: string,
+  body?: unknown
+): Promise<{ status: number; body: unknown }> {
+  return new Promise((resolve, reject) => {
+    const data = body ? JSON.stringify(body) : undefined;
+    const req = http.request(
+      { hostname: '127.0.0.1', port, method, path: urlPath,
+        headers: { 'Content-Type': 'application/json',
+                   'Content-Length': data ? Buffer.byteLength(data) : 0 } },
+      (res) => {
+        let raw = '';
+        res.on('data', c => { raw += c; });
+        res.on('end', () => {
+          try { resolve({ status: res.statusCode ?? 0, body: JSON.parse(raw) }); }
+          catch { resolve({ status: res.statusCode ?? 0, body: raw }); }
+        });
+      }
+    );
+    req.on('error', reject);
+    if (data) req.write(data);
+    req.end();
+  });
+}
+
+describe('interview/server — HTTP contract', () => {
+  let server: any = null;
+  let port = 0;
+  const tempSessionFile = path.join(os.tmpdir(), `interview-sessions-test-${Date.now()}.json`);
+
+  beforeAll(async () => {
+    if (!fs.existsSync(SERVER_PATH)) return;
+    const mod = await import('../server.ts').catch(() => null) as any;
+    if (!mod) return;
+    const createFn = mod.createServer ?? mod.default;
+    if (typeof createFn !== 'function') return;
+
+    try {
+      server = createFn({ sessionFile: tempSessionFile, port: 0 });
+      if (server && typeof server.listen === 'function') {
+        await new Promise<void>((res) => {
+          server.listen(0, '127.0.0.1', () => {
+            port = (server.address() as any)?.port ?? 0;
+            res();
+          });
+        });
+      }
+    } catch {
+      server = null;
+    }
+  });
+
+  afterAll(async () => {
+    if (server && typeof server.close === 'function') {
+      await new Promise<void>((res) => server.close(() => res()));
+    }
+    if (fs.existsSync(tempSessionFile)) fs.unlinkSync(tempSessionFile);
+  });
+
+  it('createServer returns an http.Server instance (if server starts)', () => {
+    if (!fs.existsSync(SERVER_PATH)) return;
+    if (server === null) return; // guard: module needs runtime
+    expect(server).toBeDefined();
+    expect(typeof server.listen === 'function').toBe(true);
+  });
+
+  it('GET /sessions returns 200 with array body', async () => {
+    if (!server || port === 0) return;
+    const { status, body } = await httpRequest(port, 'GET', '/sessions');
+    expect(status).toBe(200);
+    expect(Array.isArray(body)).toBe(true);
+  });
+
+  it('POST /sessions creates session; GET /sessions includes it', async () => {
+    if (!server || port === 0) return;
+    const { status: createStatus, body: created } = await httpRequest(
+      port, 'POST', '/sessions', { goal: 'test interview goal', context: {} }
+    );
+    expect(createStatus).toBeLessThan(300);
+
+    const { body: list } = await httpRequest(port, 'GET', '/sessions');
+    expect(Array.isArray(list)).toBe(true);
+  });
+
+  it('session file is written after session creation', async () => {
+    if (!server || port === 0) return;
+    await httpRequest(port, 'POST', '/sessions', { goal: 'file write test', context: {} });
+    // Give the server time to write
+    await new Promise(r => setTimeout(r, 100));
+    if (fs.existsSync(tempSessionFile)) {
+      const data = JSON.parse(fs.readFileSync(tempSessionFile, 'utf8'));
+      expect(Array.isArray(data) || typeof data === 'object').toBe(true);
+    }
+  });
+
+  it('server.ts source exports startInterviewServer or createServer', () => {
+    if (!fs.existsSync(SERVER_PATH)) return;
+    const source = fs.readFileSync(SERVER_PATH, 'utf8');
+    const hasExport = source.includes('startInterviewServer') || source.includes('createServer') || source.includes('module.exports') || source.includes('export function');
+    expect(hasExport).toBe(true);
+  });
+});

package/extensions/lib/helios-root.cjs

@@ -0,0 +1,46 @@
+/**
+ * helios-root.cjs — Cross-platform HELIOS_ROOT resolution.
+ *
+ * CommonJS module (works in both require() and jiti-transpiled CJS contexts).
+ * The extensions/ package declares "type":"commonjs" so this must use module.exports.
+ *
+ * Priority order:
+ *   1. HELIOS_ROOT env var — injected by helios-rpc.cjs at spawn time
+ *   2. HELIOS_CODING_AGENT_DIR — alternate env var used by some tools
+ *   3. ~/helios-agent — backward-compatible fallback for direct installs
+ *
+ * Works on:
+ *   - Windows Desktop: C:\Users\<user>\Desktop\Helios\helios-agent-main (HELIOS_ROOT injected)
+ *   - macOS/Linux: ~/helios-agent (fallback)
+ *   - CI: any arbitrary checkout path (via HELIOS_ROOT env var)
+ */
+'use strict';
+
+const { homedir } = require('node:os');
+const { join }    = require('node:path');
+
+/**
+ * The helios-agent repo root. Set by helios-rpc.cjs as HELIOS_ROOT.
+ * Falls back to ~/helios-agent for backward compatibility.
+ */
+const HELIOS_ROOT =
+  process.env.HELIOS_ROOT ||
+  process.env.HELIOS_CODING_AGENT_DIR ||
+  join(homedir(), 'helios-agent');
+
+/**
+ * Build an absolute path under HELIOS_ROOT.
+ * @param {...string} parts - path segments to join
+ * @returns {string} absolute path
+ * @example heliosPath('settings.json')            // → /path/to/helios-agent/settings.json
+ * @example heliosPath('extensions', '.manifest.json')
+ */
+const heliosPath = (...parts) => join(HELIOS_ROOT, ...parts);
+
+/**
+ * Cross-platform home directory (os.homedir()).
+ * Use this instead of process.env.HOME — HOME is not set on Windows.
+ */
+const HOME = homedir();
+
+module.exports = { HELIOS_ROOT, heliosPath, HOME };

package/extensions/subagent-mesh/__tests__/handlers.test.ts

@@ -0,0 +1,98 @@
+/**
+ * extensions/subagent-mesh/__tests__/handlers.test.ts
+ * P3-N2: Subagent mesh handler tests
+ *
+ * This module requires the Pi runtime for full execution.
+ * Guards emit named warnings so gaps are visible in CI output.
+ */
+import { describe, it, expect, vi } from 'vitest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+describe('subagent-mesh/handlers — module contract', () => {
+  it('handlers.ts exports a handler registration function', async () => {
+    const mod = await import('../handlers.ts').catch((e) => {
+      console.warn('[subagent-mesh/handlers] import failed (Pi runtime required):', String(e).slice(0, 120));
+      return null;
+    }) as any;
+    if (!mod) return;
+    const hasExport = typeof mod.registerHandlers === 'function'
+      || typeof mod.registerToolCallHandler === 'function'
+      || typeof mod.registerToolResultHandlers === 'function'
+      || typeof mod.default === 'function';
+    if (!hasExport) {
+      console.warn('[subagent-mesh/handlers] no handler registration export found — check export name');
+    }
+    // Module loaded — must be an object
+    expect(typeof mod).toBe('object');
+  });
+
+  it('registerHandlers called with mock Pi registers tool hooks', async () => {
+    const mod = await import('../handlers.ts').catch(() => null) as any;
+    if (!mod) {
+      console.warn('[subagent-mesh/handlers] SKIP: module unavailable — Pi runtime required');
+      return;
+    }
+    const registerFn = mod.registerHandlers ?? mod.registerToolCallHandler;
+    if (typeof registerFn !== 'function') {
+      console.warn('[subagent-mesh/handlers] SKIP: no register function found — check export name');
+      return;
+    }
+
+    const registeredHooks: string[] = [];
+    const mockPi: any = {
+      on: (event: string, _handler: unknown) => { registeredHooks.push(event); },
+      registerTool: vi.fn(),
+      log: vi.fn(),
+    };
+
+    expect(() => registerFn(mockPi)).not.toThrow();
+    if (registeredHooks.length === 0) {
+      console.warn('[subagent-mesh/handlers] no hooks registered — handler may need Pi session context');
+      return;
+    }
+    // At least one of tool_call or tool_result must be registered
+    const hasToolHook = registeredHooks.includes('tool_call') || registeredHooks.includes('tool_result');
+    expect(hasToolHook).toBe(true);
+  });
+
+  it('Thompson sampling bridge: source has error handling around dynamic require', () => {
+    const handlersPath = path.resolve(__dirname, '../handlers.ts');
+    if (!fs.existsSync(handlersPath)) {
+      console.warn('[subagent-mesh/handlers] SKIP: handlers.ts not found at', handlersPath);
+      return;
+    }
+    const source = fs.readFileSync(handlersPath, 'utf8');
+    const hasThompson = source.includes('thompson') || source.includes('Thompson');
+    if (!hasThompson) {
+      console.warn('[subagent-mesh/handlers] Thompson sampling not referenced — cortex bridge is absent');
+      return;
+    }
+    // Thompson require must be guarded
+    const hasTryCatch = source.includes('catch') || source.includes('?.') || source.includes('|| null');
+    expect(hasTryCatch).toBe(true);
+  });
+
+  it('handlers.ts source file exists and is non-empty', () => {
+    const handlersPath = path.resolve(__dirname, '../handlers.ts');
+    if (!fs.existsSync(handlersPath)) {
+      console.warn('[subagent-mesh/handlers] SKIP: handlers.ts not found');
+      return;
+    }
+    const stat = fs.statSync(handlersPath);
+    expect(stat.size).toBeGreaterThan(100);
+  });
+
+  it('checkpoint eviction: source defines _activeCheckpoints with size limit', () => {
+    const handlersPath = path.resolve(__dirname, '../handlers.ts');
+    if (!fs.existsSync(handlersPath)) return;
+    const source = fs.readFileSync(handlersPath, 'utf8');
+    const hasCheckpoints = source.includes('_activeCheckpoints') || source.includes('activeCheckpoints');
+    if (!hasCheckpoints) {
+      console.warn('[subagent-mesh/handlers] _activeCheckpoints not found in source — eviction is unimplemented');
+      return;
+    }
+    const hasLimit = source.includes('50') || source.includes('.size >=') || source.includes('.size>') || source.includes('.size >');
+    expect(hasLimit).toBe(true);
+  });
+});

package/extensions/warm-tick/warm-tick-maintenance.ts

@@ -713,6 +713,14 @@ export async function runScheduledMaintenance(): Promise<void> {
     }
   }
 
+  // SEC-5: Daily cleanup of expired DraftAction PII nodes (30-day TTL)
+  try {
+    const { rawWrite: _rawWrite } = require('../../lib/safe-memgraph.js');
+    await _rawWrite('MATCH (da:DraftAction) WHERE da.expiresAt < datetime() DETACH DELETE da', {});
+  } catch (err: any) {
+    console.warn('[warm-tick] DraftAction TTL cleanup failed:', err?.message || String(err));
+  }
+
   // Daily: incremental label backfill (ensures critical graph labels are never empty)
   try {
     const { runIncrementalBackfill } = await import('./warm-tick-backfill.js');
@@ -726,6 +734,24 @@ export async function runScheduledMaintenance(): Promise<void> {
   } catch (bfErr: any) {
     process.stderr.write("[warm-tick] backfill failed (non-fatal): " + (bfErr?.message || String(bfErr)) + "\n");
   }
+  // EN3: comms-style enrichment — daily cadence
+  try {
+    const { computeAllStyles } = await import('../../lib/triage-core/mental-model/comms-style-computer.js');
+    await computeAllStyles();
+    process.stderr.write('[warm-tick] warm-tick: comms styles computed\n');
+  } catch (err) {
+    process.stderr.write(`[warm-tick] warm-tick: computeAllStyles failed: ${err}\n`);
+  }
+
+  // EN6: quality profiles — daily cadence
+  try {
+    const { computeAllQualityProfiles } = await import('../../lib/triage-core/mental-model/quality-scorer-v2.js');
+    await computeAllQualityProfiles();
+    process.stderr.write('[warm-tick] warm-tick: quality profiles computed\n');
+  } catch (err) {
+    process.stderr.write(`[warm-tick] warm-tick: computeAllQualityProfiles failed: ${err}\n`);
+  }
+
   await budgetedYield(); // yield between cadence checks
 
   // Every maintenance cycle: embedding catch-all (Layer 2 of 3-layer auto-embed pipeline).
@@ -1178,6 +1204,100 @@ export async function runScheduledMaintenance(): Promise<void> {
           ` roles=${report.rolesChanged} dunbar=${report.dunbarUpdated} elapsed=${report.durationMs}ms\n`
         );
       }
+
+      // SP1: Unsnooze emails past their snooze time
+      try {
+        const { rawRead: rRead, rawWrite: rWrite } = require('../../lib/safe-memgraph.js');
+        const snoozed = await rRead(
+          `MATCH (e:Email) WHERE e.snoozed = true AND e.snoozedUntil IS NOT NULL AND e.snoozedUntil < datetime() RETURN e.messageId AS mid, e.accountEmail AS acct`,
+          {}
+        );
+        if (snoozed && snoozed.length > 0) {
+          const { loadToken, refreshAccessToken } = require('../email/auth/inbox-dog.js');
+          for (const row of snoozed) {
+            try {
+              const token = await loadToken(row.acct);
+              const refreshed = token ? await refreshAccessToken(token) : null;
+              const at = refreshed?.access_token || token?.access_token;
+              if (at) {
+                // Re-add INBOX, remove SNOOZED via raw Gmail API
+                const body = JSON.stringify({ addLabelIds: ['INBOX'], removeLabelIds: ['SNOOZED'] });
+                await new Promise<void>((resolve) => {
+                  const req = require('https').request({ hostname: 'gmail.googleapis.com', path: `/gmail/v1/users/me/messages/${encodeURIComponent(row.mid)}/modify`, method: 'POST', headers: { 'Authorization': `Bearer ${at}`, 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) } }, (r: any) => { r.resume(); r.on('end', resolve); });
+                  req.on('error', () => resolve()); req.write(body); req.end();
+                });
+              }
+              await rWrite(`MATCH (e:Email {messageId: $mid}) REMOVE e.snoozed, e.snoozedUntil`, { mid: row.mid });
+            } catch (e: any) { console.warn(`[warm-tick] unsnooze failed for ${row.mid}: ${e.message}`); }
+          }
+          console.info(`[warm-tick] unsnoozed ${snoozed.length} email(s)`);
+        }
+      } catch (e: any) { console.warn(`[warm-tick] SP1 unsnooze error: ${e.message}`); }
+
+      // SP2: Execute due scheduled sends
+      try {
+        const scheduledSends = require('../../lib/triage-core/scheduled-sends.js');
+        const due = scheduledSends.getDueMessages();
+        if (due && due.length > 0) {
+          // Load GmailProvider for each unique account
+          for (const msg of due) {
+            try {
+              const { loadToken, refreshAccessToken } = require('../email/auth/inbox-dog.js');
+              const token = await loadToken(msg.accountEmail || ''); // H1/M3: use accountEmail, not msg.to
+              const refreshed = token ? await refreshAccessToken(token) : null;
+              const at = refreshed?.access_token || token?.access_token;
+              if (at && msg.draftId) {
+                const body = JSON.stringify({ id: msg.draftId });
+                await new Promise<void>((resolve) => {
+                  const req = require('https').request({ hostname: 'gmail.googleapis.com', path: '/gmail/v1/users/me/drafts/send', method: 'POST', headers: { 'Authorization': `Bearer ${at}`, 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) } }, (r: any) => { r.resume(); r.on('end', resolve); });
+                  req.on('error', () => resolve()); req.write(body); req.end();
+                });
+                scheduledSends.markSent(msg.id);
+                console.info(`[warm-tick] SP2 fired scheduled send ${msg.id}`);
+              } else {
+                scheduledSends.markSent(msg.id);
+                console.info(`[warm-tick] SP2 fired scheduled send ${msg.id}`);
+              }
+            } catch (e: any) {
+              console.warn(`[warm-tick] SP2 scheduled send failed for ${msg.id}: ${e.message}`);
+            }
+          }
+        }
+      } catch (e: any) { console.warn(`[warm-tick] SP2 scheduled sends error: ${e.message}`); }
+
+      // SP5: Auto-trash emails from blocked senders
+      try {
+        const { rawRead: rRead2, rawWrite: rWrite2 } = require('../../lib/safe-memgraph.js');
+        const blocked = await rRead2(`MATCH (bs:BlockedSender) RETURN bs.email AS email`, {});
+        if (blocked && blocked.length > 0) {
+          const blockedEmails = blocked.map((r: any) => r.email);
+          const newEmails = await rRead2(
+            `MATCH (e:Email) WHERE e.from IN $emails AND NOT 'TRASH' IN e.labels AND e.snoozed IS NULL RETURN e.messageId AS mid, e.from AS from LIMIT 50`,
+            { emails: blockedEmails }
+          );
+          if (newEmails && newEmails.length > 0) {
+            // M3: load the authenticated account token (not the blocked sender's email)
+            const { loadToken: _loadDefaultToken, refreshAccessToken: _refreshDefault } = require('../email/auth/inbox-dog.js');
+            const _defaultToken = await _loadDefaultToken(null).catch(() => null);
+            const _refreshed = _defaultToken ? await _refreshDefault(_defaultToken).catch(() => null) : null;
+            const _defaultAt = _refreshed?.access_token || _defaultToken?.access_token;
+            for (const row of newEmails) {
+              try {
+                const body = JSON.stringify({ addLabelIds: ['TRASH'], removeLabelIds: ['INBOX', 'UNREAD'] });
+                const at = _defaultAt;
+                if (at) {
+                  await new Promise<void>((resolve) => {
+                    const req = require('https').request({ hostname: 'gmail.googleapis.com', path: `/gmail/v1/users/me/messages/${encodeURIComponent(row.mid)}/modify`, method: 'POST', headers: { 'Authorization': `Bearer ${at}`, 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) } }, (r: any) => { r.resume(); r.on('end', resolve); });
+                    req.on('error', () => resolve()); req.write(body); req.end();
+                  });
+                }
+                await rWrite2(`MATCH (e:Email {messageId: $mid}) SET e.labels = e.labels + ['TRASH']`, { mid: row.mid });
+              } catch (e: any) { console.warn(`[warm-tick] SP5 block_sender trash failed for ${row.mid}: ${e.message}`); }
+            }
+            console.info(`[warm-tick] SP5 auto-trashed ${newEmails.length} email(s) from blocked senders`);
+          }
+        }
+      } catch (e: any) { console.warn(`[warm-tick] SP5 block sender error: ${e.message}`); }
     } catch (err: any) {
       console.debug('[warm-tick] mental-model maintenance failed (non-fatal):', err?.message || String(err));
     } finally {
@@ -1296,6 +1416,50 @@ export async function runScheduledMaintenance(): Promise<void> {
       const counts: Record<string, number> = {};
       for (const r of trajResults) counts[r.direction] = (counts[r.direction] || 0) + 1;
       process.stderr.write(`[warm-tick] trajectory-detection: ${trajResults.length} contacts, distribution=${JSON.stringify(counts)}\n`);
+
+      // EN5: Snapshot prevCompositeStrength before trajectory overwrites it
+      try {
+        const { rawWrite: _rawWrite } = require('../../lib/safe-memgraph.js');
+        await _rawWrite(
+          "MATCH ()-[k:KNOWS]->() WHERE k.compositeStrength IS NOT NULL SET k.prevCompositeStrength = k.compositeStrength",
+          {}
+        );
+      } catch (err) {
+        process.stderr.write(`[warm-tick] warm-tick: prevCompositeStrength snapshot failed: ${err}\n`);
+      }
+
+      // EN1b: computeTrajectories (trajectoryVelocity) — weekly
+      try {
+        const { computeTrajectories } = await import('../../lib/triage-core/mental-model/strength-tracker.js');
+        await computeTrajectories();
+        process.stderr.write('[warm-tick] warm-tick: trajectoryVelocity computed\n');
+      } catch (err) {
+        process.stderr.write(`[warm-tick] warm-tick: computeTrajectories failed: ${err}\n`);
+      }
+
+      // EN2: clusteringCoefficient — weekly MAGE call
+      try {
+        const { rawWrite: _rawWrite } = require('../../lib/safe-memgraph.js');
+        await _rawWrite(
+          'MATCH (p:Person) CALL local_clustering_coefficient.get() YIELD node, clustering_coefficient WHERE node = p SET p.clusteringCoefficient = clustering_coefficient',
+          {}
+        );
+        process.stderr.write('[warm-tick] warm-tick: clusteringCoefficient computed\n');
+      } catch (err) {
+        process.stderr.write(`[warm-tick] warm-tick: local_clustering_coefficient unavailable: ${err}\n`);
+      }
+
+      // 7D: computeGraphRanksSQL — PageRank + Louvain on SQLite graph (weekly, non-blocking)
+      try {
+        const { computeGraphRanksSQL } = await import('../../lib/triage-core/graph/graph-rank-sql.js');
+        const rankResult = await Promise.race([
+          computeGraphRanksSQL(),
+          new Promise<never>((_, reject) => trackTimer(setTimeout(() => reject(new Error('computeGraphRanksSQL timeout (10min)')), 600000))),
+        ]);
+        process.stderr.write(`[warm-tick] computeGraphRanksSQL: personCount=${rankResult.personCount} edgeCount=${rankResult.edgeCount}\n`);
+      } catch (err: any) {
+        process.stderr.write(`[warm-tick] computeGraphRanksSQL failed (non-fatal): ${err?.message || err}\n`);
+      }
     } catch (err: any) {
       console.debug('[warm-tick] favee-snapshots/trajectory failed (non-fatal):', err?.message || String(err));
     } finally {