@heylemon/lemonade 0.0.1 → 0.0.3

package/dist/agents/system-prompt.js

@@ -349,6 +349,10 @@ export function buildAgentSystemPrompt(params) {
         "- If files must be written, use `mktemp -d` and clean up after (`rm -rf $TMPDIR`).",
         "- Skill-provided scripts (docx, xlsx, etc.) are fine to use as-is.",
         "",
+        "## Cron / Reminders",
+        "ALWAYS use the `cron` tool (action: add/update/remove/list/run/status) for managing cron jobs and reminders.",
+        "NEVER use `exec` or shell commands to read/write cron files (e.g. ~/.lemonade/cron/jobs.json) directly — the gateway cron service will not detect the change.",
+        "",
         "## Lemonade CLI Quick Reference",
         "Lemonade is controlled via subcommands. Do not invent commands.",
         "To manage the Gateway daemon service (start/stop/restart):",

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.0.1",
-  "commit": "b1e752b7e12e9b825bce88e0633a044f282ddbd8",
-  "builtAt": "2026-02-20T04:17:06.425Z"
+  "version": "0.0.3",
+  "commit": "8e50eaf2ca7f01fbb0397deb3de3cb00f2708c6a",
+  "builtAt": "2026-02-20T05:09:41.173Z"
 }

package/dist/canvas-host/a2ui/.bundle.hash

@@ -1 +1 @@
-9ea9d25692307b9abbc49da05300ef11092a5af306ffa2d75a550a12063181be
+5ec7ab3a52d725f743100ac38ce0d8c9672f04988280eeecd179252ba58b11dd

package/dist/cli/pairing-cli.js

@@ -2,7 +2,7 @@ import { listPairingChannels, notifyPairingApproved } from "../channels/plugins/
 import { normalizeChannelId } from "../channels/plugins/index.js";
 import { loadConfig } from "../config/config.js";
 import { resolvePairingIdLabel } from "../pairing/pairing-labels.js";
-import { approveChannelPairingCode, listChannelPairingRequests, } from "../pairing/pairing-store.js";
+import { approveChannelPairingCode, listChannelPairingRequests, rejectChannelPairingCode, } from "../pairing/pairing-store.js";
 import { defaultRuntime } from "../runtime.js";
 import { formatDocsLink } from "../terminal/links.js";
 import { renderTable } from "../terminal/table.js";
@@ -116,4 +116,30 @@ export function registerPairingCli(program) {
             defaultRuntime.log(theme.warn(`Failed to notify requester: ${String(err)}`));
         });
     });
+    pairing
+        .command("reject")
+        .alias("decline")
+        .description("Reject a pairing request (removes it without granting access)")
+        .option("--channel <channel>", `Channel (${channels.join(", ")})`)
+        .argument("<codeOrChannel>", "Pairing code (or channel when using 2 args)")
+        .argument("[code]", "Pairing code (when channel is passed as the 1st arg)")
+        .action(async (codeOrChannel, code, opts) => {
+        const channelRaw = opts.channel ?? codeOrChannel;
+        const resolvedCode = opts.channel ? codeOrChannel : code;
+        if (!opts.channel && !code) {
+            throw new Error(`Usage: ${formatCliCommand("lemonade pairing reject <channel> <code>")} (or: ${formatCliCommand("lemonade pairing reject --channel <channel> <code>")})`);
+        }
+        if (opts.channel && code != null) {
+            throw new Error(`Too many arguments. Use: ${formatCliCommand("lemonade pairing reject --channel <channel> <code>")}`);
+        }
+        const channel = parseChannel(channelRaw, channels);
+        const rejected = await rejectChannelPairingCode({
+            channel,
+            code: String(resolvedCode),
+        });
+        if (!rejected) {
+            throw new Error(`No pending pairing request found for code: ${String(resolvedCode)}`);
+        }
+        defaultRuntime.log(`${theme.success("Rejected")} ${theme.muted(channel)} request from ${theme.command(rejected.id)}.`);
+    });
 }

package/dist/cron/service/ops.js

@@ -1,6 +1,6 @@
 import { applyJobPatch, computeJobNextRunAtMs, createJob, findJobOrThrow, isJobDue, nextWakeAtMs, recomputeNextRuns, } from "./jobs.js";
 import { locked } from "./locked.js";
-import { ensureLoaded, persist, warnIfDisabled } from "./store.js";
+import { ensureLoaded, forceReload, persist, startFileWatcher, stopFileWatcher, warnIfDisabled, } from "./store.js";
 import { armTimer, emit, executeJob, stopTimer, wake } from "./timer.js";
 export async function start(state) {
     await locked(state, async () => {
@@ -12,6 +12,18 @@ export async function start(state) {
         recomputeNextRuns(state);
         await persist(state);
         armTimer(state);
+        startFileWatcher(state, () => {
+            state.deps.log.info({}, "cron: external file change detected, reloading");
+            void locked(state, async () => {
+                await forceReload(state);
+                recomputeNextRuns(state);
+                await persist(state);
+                armTimer(state);
+                state.deps.log.info({ jobs: state.store?.jobs.length ?? 0, nextWakeAtMs: nextWakeAtMs(state) ?? null }, "cron: reloaded from disk");
+            }).catch((err) => {
+                state.deps.log.error({ err: String(err) }, "cron: reload after file change failed");
+            });
+        });
         state.deps.log.info({
             enabled: true,
             jobs: state.store?.jobs.length ?? 0,
@@ -21,6 +33,7 @@ export async function start(state) {
 }
 export function stop(state) {
     stopTimer(state);
+    stopFileWatcher(state);
 }
 export async function status(state) {
     return await locked(state, async () => {

package/dist/cron/service/state.js

@@ -6,5 +6,7 @@ export function createCronServiceState(deps) {
         running: false,
         op: Promise.resolve(),
         warnedDisabled: false,
+        fileWatcher: null,
+        lastPersistTs: 0,
     };
 }

package/dist/cron/service/store.js

@@ -1,3 +1,5 @@
+import fs from "node:fs";
+import path from "node:path";
 import { migrateLegacyCronPayload } from "../payload-migration.js";
 import { loadCronStore, saveCronStore } from "../store.js";
 import { inferLegacyName, normalizeOptionalText } from "./normalize.js";
@@ -53,5 +55,44 @@ export function warnIfDisabled(state, action) {
 export async function persist(state) {
     if (!state.store)
         return;
+    state.lastPersistTs = Date.now();
     await saveCronStore(state.deps.storePath, state.store);
 }
+/**
+ * Force-reload the cron store from disk, discarding the in-memory cache.
+ * Used when the file is modified externally (e.g. by `exec`).
+ */
+export async function forceReload(state) {
+    storeCache.delete(state.deps.storePath);
+    state.store = null;
+    await ensureLoaded(state);
+}
+const EXTERNAL_CHANGE_GRACE_MS = 2000;
+export function startFileWatcher(state, onExternalChange) {
+    stopFileWatcher(state);
+    const dir = path.dirname(state.deps.storePath);
+    const basename = path.basename(state.deps.storePath);
+    try {
+        fs.mkdirSync(dir, { recursive: true });
+        const watcher = fs.watch(dir, (eventType, filename) => {
+            if (filename !== basename)
+                return;
+            if (Date.now() - state.lastPersistTs < EXTERNAL_CHANGE_GRACE_MS)
+                return;
+            onExternalChange();
+        });
+        watcher.on("error", () => {
+            // Non-fatal; the watcher may fail on some file systems
+        });
+        state.fileWatcher = watcher;
+    }
+    catch {
+        // Watching is best-effort
+    }
+}
+export function stopFileWatcher(state) {
+    if (state.fileWatcher) {
+        state.fileWatcher.close();
+        state.fileWatcher = null;
+    }
+}

package/dist/pairing/pairing-messages.js

@@ -1,10 +1,9 @@
 export function buildPairingReply(params) {
-    const { channel, idLine, code } = params;
     return [
-        "Hey! I'm not able to chat with you yet.",
+        "Hey! I don't have permission to chat with you yet.",
         "",
-        "Your request has been sent to the admin. Once they accept it, I'll be ready to help you.",
+        "The administrator has been notified of your request. They can grant you access from the Lemon app.",
         "",
-        "Please ask the admin to check their Lemon app to approve your access.",
+        "If you know the administrator, please reach out to them directly to speed things up.",
     ].join("\n");
 }

package/dist/pairing/pairing-store.js

@@ -355,6 +355,34 @@ export async function upsertChannelPairingRequest(params) {
         return { code, created: true };
     });
 }
+export async function rejectChannelPairingCode(params) {
+    const env = params.env ?? process.env;
+    const code = params.code.trim().toUpperCase();
+    if (!code)
+        return null;
+    const filePath = resolvePairingPath(params.channel, env);
+    return await withFileLock(filePath, { version: 1, requests: [] }, async () => {
+        const { value } = await readJsonFile(filePath, {
+            version: 1,
+            requests: [],
+        });
+        const reqs = Array.isArray(value.requests) ? value.requests : [];
+        const nowMs = Date.now();
+        const { requests: pruned } = pruneExpiredRequests(reqs, nowMs);
+        const idx = pruned.findIndex((r) => String(r.code ?? "").toUpperCase() === code);
+        if (idx < 0)
+            return null;
+        const entry = pruned[idx];
+        if (!entry)
+            return null;
+        pruned.splice(idx, 1);
+        await writeJsonFile(filePath, {
+            version: 1,
+            requests: pruned,
+        });
+        return { id: entry.id, entry };
+    });
+}
 export async function approveChannelPairingCode(params) {
     const env = params.env ?? process.env;
     const code = params.code.trim().toUpperCase();

package/dist/slack/monitor/message-handler/prepare.js

@@ -111,57 +111,49 @@ export async function prepareSlackMessage(params) {
                     isGuestSender = true;
                     logVerbose(`slack: guest sender ${directUserId} allowed (responses only, no tools)`);
                 }
-                else if (ctx.dmPolicy === "pairing") {
+                else if (ctx.dmPolicy === "pairing" || ctx.dmPolicy === "allowlist") {
                     const sender = await ctx.resolveUserName(directUserId);
                     const senderName = sender?.name ?? undefined;
-                    const { code, created } = await upsertChannelPairingRequest({
+                    const { created } = await upsertChannelPairingRequest({
                         channel: "slack",
                         id: directUserId,
                         meta: { name: senderName },
                     });
                     if (created) {
-                        logVerbose(`slack pairing request sender=${directUserId} name=${senderName ?? "unknown"} (${allowMatchMeta})`);
+                        logVerbose(`slack access request sender=${directUserId} name=${senderName ?? "unknown"} (${allowMatchMeta})`);
                         const displayName = senderName ?? directUserId;
-                        // Notify frontend via SSE (reliable — works regardless of gateway context)
                         emitAgentEvent({
                             runId: `pairing-slack-${directUserId}-${Date.now()}`,
                             stream: "notification",
                             data: {
                                 type: "pairing",
                                 channel: "slack",
-                                title: "Access Request",
-                                body: `${displayName} wants to message you on Slack.`,
-                                code,
+                                title: "Lemonade Access Request",
+                                body: `${displayName} is requesting access to your Lemon via Slack.`,
                                 name: displayName,
                                 senderId: directUserId,
                             },
                         });
-                        // Also notify via URL scheme (fallback for when SSE isn't connected)
                         try {
-                            const title = encodeURIComponent("Access Request");
-                            const body = encodeURIComponent(`${displayName} wants to message you on Slack.`);
+                            const title = encodeURIComponent("Lemonade Access Request");
+                            const body = encodeURIComponent(`${displayName} is requesting access to your Lemon via Slack.`);
                             const channel = encodeURIComponent("slack");
-                            const encodedCode = encodeURIComponent(code);
                             const encodedName = encodeURIComponent(displayName);
                             const { exec } = await import("node:child_process");
-                            exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&code=${encodedCode}&name=${encodedName}"`);
+                            exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&name=${encodedName}"`);
                         }
                         catch {
                             // Notification is best-effort
                         }
                         try {
-                            await sendMessageSlack(message.channel, buildPairingReply({
-                                channel: "slack",
-                                idLine: `Your Slack user id: ${directUserId}`,
-                                code,
-                            }), {
+                            await sendMessageSlack(message.channel, buildPairingReply({ channel: "slack" }), {
                                 token: ctx.botToken,
                                 client: ctx.app.client,
                                 accountId: account.accountId,
                             });
                         }
                         catch (err) {
-                            logVerbose(`slack pairing reply failed for ${message.user}: ${String(err)}`);
+                            logVerbose(`slack access reply failed for ${message.user}: ${String(err)}`);
                         }
                     }
                     return null;

package/dist/web/inbound/access-control.js

@@ -100,58 +100,50 @@ export async function checkInboundAccessControl(params) {
             const allowed = dmHasWildcard ||
                 (normalizedAllowFrom.length > 0 && normalizedAllowFrom.includes(candidate));
             if (!allowed) {
-                if (dmPolicy === "pairing") {
+                if (dmPolicy === "pairing" || dmPolicy === "allowlist") {
                     if (suppressPairingReply) {
-                        logVerbose(`Skipping pairing reply for historical DM from ${candidate}.`);
+                        logVerbose(`Skipping access reply for historical DM from ${candidate}.`);
                     }
                     else {
-                        const { code, created } = await upsertChannelPairingRequest({
+                        const { created } = await upsertChannelPairingRequest({
                             channel: "whatsapp",
                             id: candidate,
                             meta: { name: (params.pushName ?? "").trim() || undefined },
                         });
                         if (created) {
                             const pushName = (params.pushName ?? "").trim() || "unknown";
-                            logVerbose(`whatsapp pairing request sender=${candidate} name=${pushName}`);
+                            logVerbose(`whatsapp access request sender=${candidate} name=${pushName}`);
                             const displayName = pushName !== "unknown" ? pushName : candidate;
-                            // Notify frontend via SSE (reliable — works regardless of gateway context)
                             emitAgentEvent({
                                 runId: `pairing-whatsapp-${candidate}-${Date.now()}`,
                                 stream: "notification",
                                 data: {
                                     type: "pairing",
                                     channel: "whatsapp",
-                                    title: "Access Request",
-                                    body: `${displayName} wants to message you on WhatsApp.`,
-                                    code,
+                                    title: "Lemonade Access Request",
+                                    body: `${displayName} is requesting access to your Lemon via WhatsApp.`,
                                     name: displayName,
                                     senderId: candidate,
                                 },
                             });
-                            // Also notify via URL scheme (fallback for when SSE isn't connected)
                             try {
-                                const title = encodeURIComponent("Access Request");
-                                const body = encodeURIComponent(`${displayName} wants to message you on WhatsApp.`);
+                                const title = encodeURIComponent("Lemonade Access Request");
+                                const body = encodeURIComponent(`${displayName} is requesting access to your Lemon via WhatsApp.`);
                                 const channel = encodeURIComponent("whatsapp");
-                                const encodedCode = encodeURIComponent(code);
                                 const encodedName = encodeURIComponent(displayName);
                                 const { exec } = await import("node:child_process");
-                                exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&code=${encodedCode}&name=${encodedName}"`);
+                                exec(`open "lemon://notify?title=${title}&body=${body}&type=pairing&channel=${channel}&name=${encodedName}"`);
                             }
                             catch {
                                 // Notification is best-effort
                             }
                             try {
                                 await params.sock.sendMessage(params.remoteJid, {
-                                    text: buildPairingReply({
-                                        channel: "whatsapp",
-                                        idLine: `Your WhatsApp phone number: ${candidate}`,
-                                        code,
-                                    }),
+                                    text: buildPairingReply({ channel: "whatsapp" }),
                                 });
                             }
                             catch (err) {
-                                logVerbose(`whatsapp pairing reply failed for ${candidate}: ${String(err)}`);
+                                logVerbose(`whatsapp access reply failed for ${candidate}: ${String(err)}`);
                             }
                         }
                     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heylemon/lemonade",
-  "version": "0.0.1",
+  "version": "0.0.3",
   "description": "AI gateway CLI for Lemon - local AI assistant with integrations",
   "publishConfig": {
     "access": "restricted"