@damn-dev/cli 0.15.1 → 0.19.4

package/README.md

@@ -5,10 +5,13 @@ Self-hosted workspace OS for human + AI agent collaboration.
 ## Install
 
 ```sh
-npm install -g @damn-dev/cli
+pnpm add -g @damn-dev/cli
 ```
 
-This installs the `damn-dev` command. Requires **Node.js 18+**.
+This installs the `damn-dev` command. Requires **Node.js 22+**. Install with
+**pnpm**, not npm — a native dependency (`impit`, pulled in by browser-builtin)
+ships an `only-allow pnpm` guard that fails npm-based installs. If you don't have
+pnpm, `corepack enable pnpm` (bundled with Node 22) provides it.
 
 You will also need **OpenClaw** (the agent runtime):
 
@@ -62,7 +65,7 @@ From the CLI:
 
 ```sh
 damn-dev stop
-npm install -g @damn-dev/cli@latest
+pnpm add -g @damn-dev/cli@latest
 damn-dev start
 ```
 

package/lib/commands/start.js

@@ -53,7 +53,7 @@ function run(args) {
   if (!fs.existsSync(BACKEND_ENTRY)) {
     console.error(`[damn.dev] Bundled backend not found at ${BACKEND_ENTRY}.`)
     console.error('[damn.dev] This usually means the package was installed from a broken tarball.')
-    console.error('[damn.dev] Try: npm install -g @damn-dev/cli@latest')
+    console.error('[damn.dev] Try: pnpm add -g @damn-dev/cli@latest')
     process.exit(1)
   }
   if (!fs.existsSync(PRISMA_SCHEMA)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@damn-dev/cli",
-  "version": "0.15.1",
+  "version": "0.19.4",
   "description": "damn.dev — self-hosted workspace OS for human + AI agent collaboration.",
   "license": "Apache-2.0",
   "homepage": "https://damn.dev",
@@ -32,6 +32,7 @@
     "@fastify/static": "^7.0.4",
     "@prisma/client": "^6.0.0",
     "@trpc/server": "^11.0.0",
+    "@whiskeysockets/baileys": "7.0.0-rc13",
     "adm-zip": "^0.5.16",
     "archiver": "^7.0.1",
     "better-auth": "^1.5.4",
@@ -41,8 +42,11 @@
     "fastify": "^4.28.1",
     "fastify-plugin": "^5.0.0",
     "grammy": "^1.41.1",
+    "mammoth": "^1.12.0",
+    "pdf-parse": "^2.4.5",
     "playwright-core": "^1.59.1",
     "prisma": "^6.0.0",
+    "qrcode": "^1.5.4",
     "web-push": "^3.6.7",
     "ws": "^8.18.0",
     "yaml": "^2.8.2",

package/runtime/apps/backend/dist/resources/coo/WORKSPACE_GUIDE.md

@@ -275,6 +275,36 @@ When `Settings → Workspace → Test Mode` is ON:
 When the user turns Test Mode off, the `## Testing Mode` section is cleanly
 removed from every agent's `AGENTS.md`.
 
+## Oversight (Trace · Policy · Pending)
+
+The operator/CISO governance surface, at the **Oversight** icon in the sidebar
+(a speedometer/gauge). One page, three tabs:
+
+- **Pending** — the live approval queue (what needs a human decision now). Filter
+  by agent. This replaces the old standalone "Approvals" panel.
+- **Trace** — the immutable, tamper-evident **audit log**: every meaningful action
+  recorded with who/what/when. Captures agent work (shell commands), approval
+  decisions, and **configuration changes** (agent created/edited/deleted, abilities
+  enabled/disabled, policy changes) — config changes are flagged as the **drift
+  signal**. Filter by category or by agent; export as NDJSON for an auditor; an
+  integrity badge confirms the chain hasn't been tampered with. It is the system
+  of record — "what are the agents set up to do, what did they actually do, and
+  what changed."
+- **Policy** — the CISO-configurable governance policy (what employees and their
+  agents may do): which actions employees can self-approve vs. escalate,
+  capabilities (shell/browsing/external messaging), keep-sensitive-data-on-local-
+  models, visibility, budgets, agent lifecycle. Pick a template (Regulated /
+  Standard / Open) and tune. Granular auto-approve rules live here too.
+
+**Who sees what.** Oversight is visible to everyone but role-scoped: **operators**
+(owner/admin) see the whole workspace, edit policy, export, and verify; **daily
+users** (members) see *their own* activity in Trace and a *read-only* Policy. The
+boundary is enforced server-side, not just hidden in the UI.
+
+When the user asks "what did my agents do?", "did anything change/drift?", "who
+approved X?", or "what are employees allowed to do?", point them to **Oversight**.
+This is damn.dev's enterprise governance layer and a core differentiator.
+
 ## Skills
 Three sources:
 - **ClawHub** — community marketplace. Browse and install from the Skills page.
@@ -431,6 +461,22 @@ trust-update blocks. Mounts are reflected in SOUL.md `## File Access` with
 git context (remote URL, branch) when a git repo is detected. Mounts support
 `ro` (read-only, default) and `rw` (read & write) modes.
 
+## Channel Files-in-Context (0.19.0+)
+Any channel can have files pinned to it via the files button in the channel
+header. Pinned files are shared context for every human and agent in that
+channel — distinct from per-message attachments (which apply only to the
+message they're sent with). File types: anything (documents, images, data).
+
+Consumption is **on-demand**, not auto-loaded: an agent's prompt receives a
+`## Channel Context Files` manifest listing each pinned file's `attachmentId`,
+filename, and type, plus instructions to fetch content only when relevant. To
+read a pinned file, the agent calls `skill_exec(slug: 'channel-context-builtin',
+args: { tool: 'read', attachmentId: '<id>' })`. Text/PDF/DOCX return extracted
+text (truncated at ~30k chars); images return as native vision input. The read
+tool is auto-approved (read-tier) and the `channel-context-builtin` skill is
+always-on for every agent — no manual enabling needed. A file can only be read
+from the channel it's pinned to (cross-channel reads are refused).
+
 ## Integrations
 Settings → Integrations provides one-click setup for external tools. Each
 integration handles env vars, volume mounts, skill installation, and agent
@@ -544,11 +590,20 @@ External channel bridges are configured in each agent's Channels tab.
 Messages from external channels flow through the full pipeline — approvals,
 audit trail, delegation, and block parsing all work identically.
 
-Current supported channels: Telegram (with grammY). Multi-user pairing supported.
-WhatsApp, Discord, and Slack are planned.
+Current supported channels: Telegram (grammY) and WhatsApp (Baileys bridge).
+Discord and Slack are planned. Both Telegram and WhatsApp support multi-user pairing.
 
-When a user asks about connecting agents to Telegram, direct them to the agent's
-Channels tab. Do not suggest configuring OpenClaw's native channel settings.
+WhatsApp: each agent links its own number by scanning a QR (Agent → Channels tab →
+Connect WhatsApp), exactly like a per-agent Telegram bot. Two inbox modes: Open
+(anyone who messages the number gets their own private thread and a reply — a
+support/business line) or Invite-only (only people who send a pairing code can reach
+the agent). Each WhatsApp contact appears as its own tab under a single "WhatsApp"
+inbox channel in the sidebar; clicking a sender's name shows a read-only contact card
+(phone, first/last seen, message count, and whether they're a known workspace member
+or a prospect). CRM depth lives in chut.co, not damn.dev.
+
+When a user asks about connecting agents to Telegram or WhatsApp, direct them to the
+agent's Channels tab. Do not suggest configuring OpenClaw's native channel settings.
 
 ## Scheduling (Heartbeats)
 Agents can run scheduled tasks via their agent panel → Schedule tab. When enabled,
@@ -703,6 +758,25 @@ stress-testing; the purge tool handles surprises.
 
 Import/export from the agent panel or team settings.
 
+## Import from OpenClaw
+Users migrating from a vanilla OpenClaw install can bring their existing agents
+into damn.dev — soul, identity, memory, knowledge, skills, and heartbeat all
+preserved. The importer scans `~/.openclaw` on the host, lists each agent it
+finds, and imports the selected ones on demand. It is **dry-run until the user
+clicks Import** — nothing is written during the scan.
+
+Two surfaces, same flow:
+- **Onboarding** — a step that appears *only* when the scan finds at least one
+  not-yet-imported OpenClaw agent. Fresh users with no prior OpenClaw setup never
+  see it.
+- **Settings → Workspace → "Import from OpenClaw"** — always available, so users
+  who skipped onboarding (or added OpenClaw agents later) can still migrate.
+
+Already-imported agents are greyed out; a "re-import (overwrite)" toggle forces a
+true overwrite of soul/identity/skills. Imported agents land with shell tools
+denied, sandbox off, and the standard governance wiring — identical to natively
+created agents. The `coo` agent is never migrated (it's auto-seeded per install).
+
 ## Agent Creation
 Ask the COO to design agent teams: "I need an agent that handles customer support."
 The COO proposes the full setup — agents, skills, channel assignments — and you
@@ -894,9 +968,11 @@ on another machine, point them at the right one:
 - **Docker** (recommended for most users) — `curl -fsSL install.damn.dev/docker | bash`.
   Native backend + Dockerized OpenClaw. Works on macOS, Linux. Auto-updates
   via in-app banner.
-- **npm** (devs who have Node 18+) — `curl -fsSL install.damn.dev/npm | bash` or
-  `npm install -g @damn-dev/cli` then `damn-dev start`. `@damn-dev/cli` is the
-  canonical npm package; the binary is `damn-dev`. Auto-updates via in-app banner.
+- **npm** (devs who have Node 22+) — `curl -fsSL install.damn.dev/npm | bash` or,
+  manually, `pnpm add -g @damn-dev/cli` then `damn-dev start`. Install with **pnpm**,
+  not npm: a native dependency (`impit`, via browser-builtin) ships an `only-allow
+  pnpm` guard that fails npm-based installs. `@damn-dev/cli` is the canonical
+  package; the binary is `damn-dev`. Auto-updates via in-app banner.
 - **Tauri desktop app** — download the DMG (macOS) / deb / rpm from
   https://github.com/LethoDeter/damn-dev-install/releases/latest. Native app
   with system tray, in-app updater polls for new releases automatically.
@@ -933,8 +1009,9 @@ the rest is automatic.
   as the network heals.
 - **Per-step failure messages.** When an update fails, the banner shows WHICH
   step failed (e.g. `Step 'compose-pull' failed: <stderr>`). Common diagnoses:
-  - `npm-install-cli` failure → user's npm prefix likely needs sudo (Mac default
-    `/usr/local`); they should `npm config set prefix ~/.npm-global` once.
+  - `pnpm-install-cli` failure → pnpm/corepack couldn't install the CLI. Confirm
+    `corepack` is available (it ships with Node 22; `corepack enable` if not) and
+    that pnpm's global bin dir is on PATH.
   - `compose-pull` failure → Docker daemon unreachable or network timeout. Have
     them confirm `docker info` works.
   - `compose-up` failure → port conflict or compose syntax issue. `docker

package/runtime/apps/backend/dist/resources/skills/channel-context-builtin/SKILL.md

@@ -0,0 +1,33 @@
+---
+name: "channel-context-builtin"
+description: "Read files that users or agents have pinned to the current channel for shared reference. When a turn includes a '## Channel Context Files' manifest, those files are available but NOT loaded into context — call this skill to read one on demand. Text, Markdown, JSON, CSV, PDF, and DOCX return extracted text; images return as a viewable picture."
+version: "1.0.0"
+required_secrets: []
+required_tools: []
+tools:
+  - name: read
+    description: "Read one file pinned to the current channel. Pass the attachment `id` exactly as it appears in the '## Channel Context Files' manifest for this turn (the backticked value). Documents (txt/md/json/csv/pdf/docx) return their extracted text — truncated to ~30k characters for very large files, with `truncated: true` set. Images (png/jpeg/gif/webp) are routed back as a native vision input so you can actually see them. Only files pinned to THIS channel are readable; ids from other channels are rejected."
+    parameters:
+      - name: attachmentId
+        type: string
+        description: "The attachment id from the '## Channel Context Files' manifest (the value inside backticks). REQUIRED."
+        required: true
+    endpoint: inprocess://channel-context-builtin/read
+    method: POST
+    requires_approval: false
+---
+
+# Channel Context Files
+
+Users and agents can pin files to a channel via the channel header's Files button. Pinned files are shared reference material for everyone in the channel — they are listed in a `## Channel Context Files` manifest at the start of a turn but are **never** auto-loaded into your context.
+
+When you need the contents of a pinned file, call:
+
+```
+skill_exec({ slug: 'channel-context-builtin', args: { tool: 'read', attachmentId: '<id>' } })
+```
+
+- Use the exact `id` shown in the manifest.
+- Documents come back as extracted text. Large files are truncated (`truncated: true`).
+- Images come back as a native vision input — you'll see the picture directly.
+- You can only read files pinned to the channel you're currently in.