@ducci/jarvis 1.0.72 → 1.0.74

package/README.md

@@ -74,6 +74,21 @@ cd ui && npm run build   # outputs to ui/dist/, served automatically by the serv
 
 Jarvis is designed for **local or private server use only**. The API has no authentication — do not expose port `18008` to the public internet. The `exec` tool runs shell commands with the same permissions as the server process.
 
+If you run Jarvis on a VPS, make sure your firewall only allows what's necessary. With `ufw`:
+
+```bash
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow 22/tcp        # SSH
+ufw enable
+```
+
+Ports like `18008` stay closed to the outside world — access the UI via an SSH tunnel instead:
+
+```bash
+ssh -L 18008:localhost:18008 user@your-vps
+```
+
 ## Data
 
 All runtime data lives in `~/.jarvis/` and is never stored in the repo:

package/docs/cli.md

@@ -33,6 +33,10 @@ Lifecycle management is handled by the CLI using the **programmatic PM2 API** fo
 - The process is named `jarvis-server`.
 - Enables `autorestart` on crash.
 - Merges logs into a single file in the user's data directory.
+- Calls `pm2 save` (`pm2.dump()`) after start to persist the process list for reboot recovery.
+- Prints a tip to run `pm2 startup` once to register the PM2 boot hook with the OS init system.
+
+> **Reboot persistence**: `pm2 save` persists the process list; `pm2 startup` (run once, may need sudo) installs the OS-level boot hook so PM2 — and therefore Jarvis — starts automatically after a system reboot.
 
 ### `jarvis stop`
 - Stops the background process named `jarvis-server` using PM2.

package/docs/system-prompt.md

@@ -72,7 +72,7 @@ You have access to a set of tools. Each tool has a name and description that tel
 - If a tool fails, record the error in `logSummary` and decide whether to retry with a corrected call or explain the failure to the user.
 - Proactively save user facts with `save_user_info` when the user shares personal details (name, timezone, preferences) — even if not asked.
 - Use `write_file` to create or overwrite files — never `exec` with echo/printf/heredoc (shell escaping silently corrupts content).
-- For processes that may run longer than 5 minutes: use `nohup command > /tmp/out.log 2>&1 &` and poll with `exec`.
+- Never use `&` to background a process. For any long-running or background process, use tmux: `tmux new-session -d -s jarvis-<purpose> "command"`. Always check first with `tmux has-session -t <name>` before starting. Read output with `tmux capture-pane -t <name> -p`. Stop with `tmux kill-session -t <name>`. Record active session names in checkpoint `state` (e.g. `{"serverSession": "jarvis-server"}`).
 - Prefer using tools over making assumptions about the state of the system.
 
 ## Failure Recovery

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ducci/jarvis",
-  "version": "1.0.72",
+  "version": "1.0.74",
   "description": "A fully automated agent system that lives on a server.",
   "main": "./src/index.js",
   "type": "module",

package/src/channels/telegram/index.js

@@ -2,7 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { Bot } from 'grammy';
 import { run } from '@grammyjs/runner';
-import { handleChat } from '../../server/agent.js';
+import { handleChat, requestAbort } from '../../server/agent.js';
 import { loadSession } from '../../server/sessions.js';
 import { PATHS } from '../../server/config.js';
 import { load, save } from './sessions.js';
@@ -24,6 +24,12 @@ function escapeHtml(str) {
   return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
 }
 
+function stripHtml(text) {
+  return text
+    .replace(/<[^>]+>/g, '')
+    .replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&amp;/g, '&');
+}
+
 function markdownToHtml(text) {
   // 0. Sanitize unsupported Telegram HTML tags
   // Headings → <b>
@@ -76,7 +82,7 @@ async function sendMessage(api, chatId, text, sessionId) {
             description: e.description || e.message,
           }) + '\n', 'utf8').catch(() => {});
         }
-        await api.sendMessage(chatId, chunk);
+        await api.sendMessage(chatId, stripHtml(chunk));
       } else {
         throw e;
       }
@@ -100,6 +106,7 @@ export async function startTelegramChannel(config) {
   await bot.api.setMyCommands([
     { command: 'new', description: 'Start a fresh session' },
     { command: 'usage', description: 'Show token usage for the current session' },
+    { command: 'stop', description: 'Stop the current run' },
   ]);
 
   bot.command('usage', async (ctx) => {
@@ -131,6 +138,23 @@ export async function startTelegramChannel(config) {
     );
   });
 
+  bot.command('stop', async (ctx) => {
+    const userId = ctx.from?.id;
+    if (!allowedUserIds.includes(userId)) return;
+
+    const chatId = ctx.chat.id;
+    const sessionId = sessions[chatId];
+
+    if (!isRunning.has(chatId) || !sessionId) {
+      await ctx.reply('Nothing is currently running.');
+      return;
+    }
+
+    requestAbort(sessionId);
+    await appendTelegramChatLog(chatId, sessionId, 'SYSTEM', '--- /stop requested ---');
+    await ctx.reply('Stopping current run... I\'ll send a summary when done.');
+  });
+
   bot.command('new', async (ctx) => {
     const userId = ctx.from?.id;
     if (!allowedUserIds.includes(userId)) return;

package/src/index.js

@@ -95,6 +95,15 @@ function pm2Restart() {
   });
 }
 
+function pm2Save() {
+  return new Promise((resolve, reject) => {
+    pm2.dump((err) => {
+      if (err) reject(err);
+      else resolve();
+    });
+  });
+}
+
 const program = new Command();
 
 program
@@ -154,7 +163,9 @@ program
         return;
       }
       await pm2Start();
+      await pm2Save();
       console.log('Jarvis server started.');
+      console.log('Tip: run `pm2 startup` once to make Jarvis survive system reboots.');
       pm2.disconnect();
     } catch (e) {
       console.error('Failed to start Jarvis server:', e.message);
@@ -191,10 +202,13 @@ program
       const isRunning = desc.length > 0 && desc[0].pm2_env?.status === 'online';
       if (isRunning) {
         await pm2Restart();
+        await pm2Save();
         console.log('Jarvis server restarted.');
       } else {
         await pm2Start();
+        await pm2Save();
         console.log('Jarvis server started.');
+        console.log('Tip: run `pm2 startup` once to make Jarvis survive system reboots.');
       }
       pm2.disconnect();
     } catch (e) {

package/src/scripts/onboarding.js

@@ -698,7 +698,22 @@ async function run() {
     }
   }
 
+  // --- TMUX CHECK ---
+  const tmuxCheck = spawnSync('which', ['tmux'], { stdio: 'pipe' });
+  if (tmuxCheck.status !== 0) {
+    console.log(chalk.blue('Installing tmux...'));
+    const hasBrew = spawnSync('which', ['brew'], { stdio: 'pipe' }).status === 0;
+    const hasApt  = spawnSync('which', ['apt-get'], { stdio: 'pipe' }).status === 0;
+    if (hasBrew)     spawnSync('brew', ['install', 'tmux'], { stdio: 'inherit' });
+    else if (hasApt) spawnSync('apt-get', ['install', '-y', 'tmux'], { stdio: 'inherit' });
+    else console.log(chalk.yellow('tmux not found. Install manually: apt-get install tmux / brew install tmux'));
+  }
+
   console.log(chalk.green.bold('\nSetup complete!'));
+  console.log(chalk.cyan('\nNext steps:'));
+  console.log('  1. Run ' + chalk.bold('jarvis start') + ' to launch the server.');
+  console.log('  2. Run ' + chalk.bold('pm2 startup') + ' once to make Jarvis survive system reboots.');
+  console.log('     (Follow the command it prints — usually needs sudo on Linux.)');
 }
 
 run().catch(error => {

package/src/server/agent.js

@@ -53,6 +53,22 @@ function sanitizeJson(text) {
 const CONSECUTIVE_FAILURE_THRESHOLD = 3;
 const MAX_TOOL_RESULT = 4000;
 
+const ABORT_NOTE = `[System: The user has requested an immediate stop. This is your final response for this run.
+Respond with your normal JSON, but add a checkpoint field:
+
+{
+  "response": "Brief message to the user acknowledging the stop and summarising what was completed.",
+  "logSummary": "Human-readable summary of what happened before the stop.",
+  "checkpoint": {
+    "progress": "What has been fully completed — only include items confirmed by tool output.",
+    "remaining": "What still needs to be done to finish the original task — as a plain text string, never an array or object.",
+    "failedApproaches": ["Concise description of each approach that failed. Leave as empty array if nothing failed."],
+    "state": {"factKey": "factValue — concrete facts confirmed by tool output: file paths, binary locations, config values. Use {} if nothing concrete was discovered."}
+  }
+}
+
+The checkpoint will allow the task to be resumed later if needed.]`;
+
 const WRAP_UP_NOTE = `[System: You have reached the iteration limit. This is your final response for this run.
 Respond with your normal JSON, but add a checkpoint field:
 
@@ -74,6 +90,15 @@ The checkpoint field will be used to automatically resume the task in the next r
 // queued request finishes).
 const sessionQueues = new Map();
 
+// Abort flags: set by requestAbort(), checked at each iteration boundary in
+// runAgentLoop. Always cleared in _runHandleChat's finally block to prevent
+// stale flags from killing subsequent runs.
+const sessionAborts = new Map();
+
+export function requestAbort(sessionId) {
+  sessionAborts.set(sessionId, true);
+}
+
 function accumulateUsage(accum, result) {
   const u = result?.usage;
   if (!u) return;
@@ -235,6 +260,48 @@ export async function runAgentLoop(client, config, session, prepareMessages, usa
   while (iteration < config.maxIterations) {
     iteration++;
 
+    // Check for user-requested stop. Do a wrap-up call so the user gets a
+    // meaningful summary and the session can be resumed later if needed.
+    if (sessionAborts.get(config._sessionId)) {
+      sessionAborts.delete(config._sessionId);
+      const abortMessages = [
+        ...prepareMessages(session.messages),
+        { role: 'user', content: ABORT_NOTE },
+      ];
+      try {
+        const abortResult = await callModelWithFallback(client, config, abortMessages, []);
+        accumulateUsage(usageAccum, abortResult);
+        const abortContent = abortResult.choices[0]?.message?.content || '';
+        let parsedAbort = null;
+        try { parsedAbort = JSON.parse(sanitizeJson(abortContent)); } catch { /* use raw */ }
+        session.messages.push({ role: 'assistant', content: abortContent });
+        if (parsedAbort?.checkpoint) {
+          const cp = parsedAbort.checkpoint;
+          if (typeof cp.remaining !== 'string') cp.remaining = Array.isArray(cp.remaining) ? cp.remaining.map(String).join('\n') : cp.remaining != null ? JSON.stringify(cp.remaining) : '';
+          if (!Array.isArray(cp.failedApproaches)) cp.failedApproaches = [];
+          else cp.failedApproaches = cp.failedApproaches.map(i => typeof i === 'string' ? i : JSON.stringify(i));
+          if (typeof cp.state !== 'object' || cp.state === null || Array.isArray(cp.state)) cp.state = {};
+        }
+        return {
+          iteration,
+          response: parsedAbort?.response || abortContent || 'Run stopped.',
+          logSummary: parsedAbort?.logSummary || 'Run stopped by user request.',
+          status: 'aborted',
+          runToolCalls,
+          checkpoint: parsedAbort?.checkpoint || null,
+        };
+      } catch (e) {
+        return {
+          iteration,
+          response: 'Run stopped.',
+          logSummary: `Run stopped by user request. Wrap-up call failed: ${e.message}`,
+          status: 'aborted',
+          runToolCalls,
+          checkpoint: null,
+        };
+      }
+    }
+
     let modelResult;
     const iterationsLeft = config.maxIterations - iteration + 1;
     const base = prepareMessages(session.messages);
@@ -774,6 +841,21 @@ async function _runHandleChat(config, sessionId, userMessage, attachments = [],
         // makes the next one more likely (especially on free models with small context
         // windows). The synthetic note is sufficient context; tool results are preserved
         // in the JSONL log and accessible via read_session_log.
+        // On abort: save checkpoint data so the task can be resumed later,
+        // same as the checkpoint_reached path does for handoff runs.
+        if (finalStatus === 'aborted' && run.checkpoint) {
+          if (run.checkpoint.failedApproaches?.length > 0) {
+            if (!session.metadata.failedApproaches) session.metadata.failedApproaches = [];
+            session.metadata.failedApproaches.push(...run.checkpoint.failedApproaches);
+          }
+          if (run.checkpoint.state && Object.keys(run.checkpoint.state).length > 0) {
+            session.metadata.checkpointState = { ...(session.metadata.checkpointState || {}), ...run.checkpoint.state };
+          }
+          if (run.checkpoint.remaining) {
+            session.metadata.lastCheckpointRemaining = run.checkpoint.remaining.trim();
+          }
+        }
+
         if (finalStatus === 'model_error' || finalStatus === 'format_error') {
           if (finalStatus === 'model_error' && isImageUnsupportedError(run.errorDetail)) {
             finalResponse = 'This model does not support image input. Please switch to a multimodal model (e.g. claude-3.5-sonnet, gpt-4o) in settings.';
@@ -914,6 +996,10 @@ async function _runHandleChat(config, sessionId, userMessage, attachments = [],
     });
     throw e;
   } finally {
+    // Clear any stale abort flag — prevents a flag set just as a run finished
+    // from killing the next run.
+    sessionAborts.delete(sessionId);
+
     // Accumulate token usage into session metadata so /usage can read it
     if (!session.metadata.tokenUsage) session.metadata.tokenUsage = { prompt: 0, completion: 0, cacheRead: 0, cacheCreation: 0 };
     session.metadata.tokenUsage.prompt += usageAccum.prompt;