npm - @hybridaione/hybridclaw - Versions diffs - 0.13.0 → 0.14.0 - Mend

@hybridaione/hybridclaw 0.13.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (576) hide show

package/CHANGELOG.md +146 -0
package/README.md +50 -13
package/SECURITY.md +33 -0
package/config.example.json +29 -2
package/console/dist/assets/chat-DSj1yysO.js +93 -0
package/console/dist/assets/chat-rX_Zff0A.css +1 -0
package/console/dist/assets/cx-DXBDPsU_.js +1 -0
package/console/dist/assets/index-B2-VRNy7.css +1 -0
package/console/dist/assets/index-BPAyWCYB.js +15 -0
package/console/dist/assets/{router-CUFYqD1a.js → router-NXexqZsi.js} +1 -1
package/console/dist/assets/{terminal-Bg7qhQCF.js → terminal-Cax15rBK.js} +1 -1
package/console/dist/assets/{vendor-C4WPVvdh.js → vendor-BCIzCfhA.js} +1 -1
package/console/dist/index.html +5 -5
package/container/dist/approval-policy.js +152 -85
package/container/dist/approval-policy.js.map +1 -1
package/container/dist/browser-tools.js +96 -5
package/container/dist/browser-tools.js.map +1 -1
package/container/dist/extensions.js +63 -9
package/container/dist/extensions.js.map +1 -1
package/container/dist/index.js +118 -20
package/container/dist/index.js.map +1 -1
package/container/dist/providers/anthropic.js +42 -4
package/container/dist/providers/anthropic.js.map +1 -1
package/container/dist/providers/auxiliary.js +3 -0
package/container/dist/providers/auxiliary.js.map +1 -1
package/container/dist/providers/hybridai.js +61 -5
package/container/dist/providers/hybridai.js.map +1 -1
package/container/dist/providers/local-ollama.js +44 -4
package/container/dist/providers/local-ollama.js.map +1 -1
package/container/dist/providers/local-openai-compat.js +234 -27
package/container/dist/providers/local-openai-compat.js.map +1 -1
package/container/dist/providers/openai-codex.js +41 -7
package/container/dist/providers/openai-codex.js.map +1 -1
package/container/dist/providers/router.js +27 -2
package/container/dist/providers/router.js.map +1 -1
package/container/dist/providers/shared.js +53 -0
package/container/dist/providers/shared.js.map +1 -1
package/container/dist/providers/thinking-extractor.js +25 -3
package/container/dist/providers/thinking-extractor.js.map +1 -1
package/container/dist/providers/tool-call-normalizer.js +66 -6
package/container/dist/providers/tool-call-normalizer.js.map +1 -1
package/container/dist/stakes-classifier.js +316 -0
package/container/dist/stakes-classifier.js.map +1 -0
package/container/dist/stalled-turns.js +5 -0
package/container/dist/stalled-turns.js.map +1 -1
package/container/dist/text-normalization.js +6 -0
package/container/dist/text-normalization.js.map +1 -0
package/container/dist/token-usage.js +53 -0
package/container/dist/token-usage.js.map +1 -1
package/container/dist/tools.js +7 -4
package/container/dist/tools.js.map +1 -1
package/container/dist/types.js.map +1 -1
package/container/dist/web-fetch.js +127 -15
package/container/dist/web-fetch.js.map +1 -1
package/container/package-lock.json +2 -2
package/container/package.json +1 -1
package/container/shared/boolean-utils.d.ts +8 -0
package/container/shared/boolean-utils.js +19 -0
package/container/shared/message-tool-channels.d.ts +1 -0
package/container/shared/message-tool-channels.js +2 -0
package/container/shared/network-policy.d.ts +38 -0
package/container/shared/network-policy.js +121 -0
package/container/shared/policy-engine.d.ts +65 -0
package/container/shared/policy-engine.js +62 -0
package/container/shared/skill-policy.d.ts +57 -0
package/container/shared/skill-policy.js +164 -0
package/container/shared/stakes-classifier.d.ts +36 -0
package/container/shared/stakes-classifier.js +1 -0
package/container/src/approval-policy.ts +203 -103
package/container/src/browser-tools.ts +114 -5
package/container/src/extensions.ts +74 -9
package/container/src/index.ts +136 -11
package/container/src/providers/anthropic.ts +44 -3
package/container/src/providers/auxiliary.ts +3 -0
package/container/src/providers/hybridai.ts +63 -4
package/container/src/providers/local-ollama.ts +46 -3
package/container/src/providers/local-openai-compat.ts +271 -27
package/container/src/providers/openai-codex.ts +43 -12
package/container/src/providers/router.ts +34 -6
package/container/src/providers/shared.ts +86 -0
package/container/src/providers/thinking-extractor.ts +26 -2
package/container/src/providers/tool-call-normalizer.ts +69 -6
package/container/src/stakes-classifier.ts +469 -0
package/container/src/stalled-turns.ts +12 -0
package/container/src/text-normalization.ts +5 -0
package/container/src/token-usage.ts +74 -0
package/container/src/tools.ts +7 -2
package/container/src/types.ts +29 -0
package/container/src/web-fetch.ts +139 -15
package/dist/a2a/envelope.d.ts +35 -0
package/dist/a2a/envelope.d.ts.map +1 -0
package/dist/a2a/envelope.js +188 -0
package/dist/a2a/envelope.js.map +1 -0
package/dist/a2a/identity.d.ts +5 -0
package/dist/a2a/identity.d.ts.map +1 -0
package/dist/a2a/identity.js +86 -0
package/dist/a2a/identity.js.map +1 -0
package/dist/a2a/store.d.ts +7 -0
package/dist/a2a/store.d.ts.map +1 -0
package/dist/a2a/store.js +128 -0
package/dist/a2a/store.js.map +1 -0
package/dist/a2a/utils.d.ts +2 -0
package/dist/a2a/utils.d.ts.map +1 -0
package/dist/a2a/utils.js +4 -0
package/dist/a2a/utils.js.map +1 -0
package/dist/agent/agent.d.ts.map +1 -1
package/dist/agent/agent.js +37 -28
package/dist/agent/agent.js.map +1 -1
package/dist/agent/executor-types.d.ts +1 -0
package/dist/agent/executor-types.d.ts.map +1 -1
package/dist/agent/prompt-hooks.d.ts +3 -5
package/dist/agent/prompt-hooks.d.ts.map +1 -1
package/dist/agent/prompt-hooks.js +8 -21
package/dist/agent/prompt-hooks.js.map +1 -1
package/dist/agent/prompt-parts.d.ts +8 -0
package/dist/agent/prompt-parts.d.ts.map +1 -0
package/dist/agent/prompt-parts.js +39 -0
package/dist/agent/prompt-parts.js.map +1 -0
package/dist/agents/agent-registry.d.ts.map +1 -1
package/dist/agents/agent-registry.js +83 -21
package/dist/agents/agent-registry.js.map +1 -1
package/dist/agents/agent-runtime-config.d.ts.map +1 -1
package/dist/agents/agent-runtime-config.js +5 -1
package/dist/agents/agent-runtime-config.js.map +1 -1
package/dist/agents/agent-types.d.ts +12 -0
package/dist/agents/agent-types.d.ts.map +1 -1
package/dist/agents/agent-types.js +49 -0
package/dist/agents/agent-types.js.map +1 -1
package/dist/audit/audit-cli.d.ts.map +1 -1
package/dist/audit/audit-cli.js +14 -0
package/dist/audit/audit-cli.js.map +1 -1
package/dist/audit/audit-events.d.ts.map +1 -1
package/dist/audit/audit-events.js +43 -7
package/dist/audit/audit-events.js.map +1 -1
package/dist/audit/leak-scanner-cli.d.ts +2 -0
package/dist/audit/leak-scanner-cli.d.ts.map +1 -0
package/dist/audit/leak-scanner-cli.js +342 -0
package/dist/audit/leak-scanner-cli.js.map +1 -0
package/dist/audit/leak-scanner.d.ts +116 -0
package/dist/audit/leak-scanner.d.ts.map +1 -0
package/dist/audit/leak-scanner.js +466 -0
package/dist/audit/leak-scanner.js.map +1 -0
package/dist/audit/observability-ingest.d.ts.map +1 -1
package/dist/audit/observability-ingest.js +2 -9
package/dist/audit/observability-ingest.js.map +1 -1
package/dist/channels/channel-registry.d.ts.map +1 -1
package/dist/channels/channel-registry.js +5 -1
package/dist/channels/channel-registry.js.map +1 -1
package/dist/channels/channel.d.ts +3 -2
package/dist/channels/channel.d.ts.map +1 -1
package/dist/channels/channel.js +10 -0
package/dist/channels/channel.js.map +1 -1
package/dist/channels/discord/runtime.d.ts.map +1 -1
package/dist/channels/discord/runtime.js +2 -1
package/dist/channels/discord/runtime.js.map +1 -1
package/dist/channels/message/tool-actions.d.ts.map +1 -1
package/dist/channels/message/tool-actions.js +87 -3
package/dist/channels/message/tool-actions.js.map +1 -1
package/dist/channels/message-tool-advertising.d.ts.map +1 -1
package/dist/channels/message-tool-advertising.js +1 -0
package/dist/channels/message-tool-advertising.js.map +1 -1
package/dist/channels/prompt-adapters.d.ts.map +1 -1
package/dist/channels/prompt-adapters.js +3 -0
package/dist/channels/prompt-adapters.js.map +1 -1
package/dist/channels/signal/api.d.ts +65 -0
package/dist/channels/signal/api.d.ts.map +1 -0
package/dist/channels/signal/api.js +167 -0
package/dist/channels/signal/api.js.map +1 -0
package/dist/channels/signal/delivery.d.ts +18 -0
package/dist/channels/signal/delivery.d.ts.map +1 -0
package/dist/channels/signal/delivery.js +126 -0
package/dist/channels/signal/delivery.js.map +1 -0
package/dist/channels/signal/inbound.d.ts +30 -0
package/dist/channels/signal/inbound.d.ts.map +1 -0
package/dist/channels/signal/inbound.js +162 -0
package/dist/channels/signal/inbound.js.map +1 -0
package/dist/channels/signal/pairing-state.d.ts +18 -0
package/dist/channels/signal/pairing-state.d.ts.map +1 -0
package/dist/channels/signal/pairing-state.js +57 -0
package/dist/channels/signal/pairing-state.js.map +1 -0
package/dist/channels/signal/pairing.d.ts +14 -0
package/dist/channels/signal/pairing.d.ts.map +1 -0
package/dist/channels/signal/pairing.js +135 -0
package/dist/channels/signal/pairing.js.map +1 -0
package/dist/channels/signal/prompt-adapter.d.ts +3 -0
package/dist/channels/signal/prompt-adapter.d.ts.map +1 -0
package/dist/channels/signal/prompt-adapter.js +25 -0
package/dist/channels/signal/prompt-adapter.js.map +1 -0
package/dist/channels/signal/runtime.d.ts +10 -0
package/dist/channels/signal/runtime.d.ts.map +1 -0
package/dist/channels/signal/runtime.js +220 -0
package/dist/channels/signal/runtime.js.map +1 -0
package/dist/channels/signal/target.d.ts +12 -0
package/dist/channels/signal/target.d.ts.map +1 -0
package/dist/channels/signal/target.js +63 -0
package/dist/channels/signal/target.js.map +1 -0
package/dist/channels/signal/typing.d.ts +11 -0
package/dist/channels/signal/typing.d.ts.map +1 -0
package/dist/channels/signal/typing.js +64 -0
package/dist/channels/signal/typing.js.map +1 -0
package/dist/channels/voice/runtime.d.ts.map +1 -1
package/dist/channels/voice/runtime.js +5 -3
package/dist/channels/voice/runtime.js.map +1 -1
package/dist/channels/whatsapp/debounce.d.ts +2 -0
package/dist/channels/whatsapp/debounce.d.ts.map +1 -1
package/dist/channels/whatsapp/debounce.js +14 -0
package/dist/channels/whatsapp/debounce.js.map +1 -1
package/dist/channels/whatsapp/runtime.d.ts.map +1 -1
package/dist/channels/whatsapp/runtime.js +57 -6
package/dist/channels/whatsapp/runtime.js.map +1 -1
package/dist/cli/channels-command.d.ts.map +1 -1
package/dist/cli/channels-command.js +270 -2
package/dist/cli/channels-command.js.map +1 -1
package/dist/cli/help.d.ts.map +1 -1
package/dist/cli/help.js +19 -6
package/dist/cli/help.js.map +1 -1
package/dist/cli/skill-command.d.ts.map +1 -1
package/dist/cli/skill-command.js +124 -68
package/dist/cli/skill-command.js.map +1 -1
package/dist/cli/verbosity.d.ts +30 -0
package/dist/cli/verbosity.d.ts.map +1 -0
package/dist/cli/verbosity.js +42 -0
package/dist/cli/verbosity.js.map +1 -0
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +42 -15
package/dist/cli.js.map +1 -1
package/dist/command-parsing.d.ts +12 -0
package/dist/command-parsing.d.ts.map +1 -0
package/dist/command-parsing.js +30 -0
package/dist/command-parsing.js.map +1 -0
package/dist/command-registry.d.ts.map +1 -1
package/dist/command-registry.js +114 -6
package/dist/command-registry.js.map +1 -1
package/dist/commands/policy-command.d.ts.map +1 -1
package/dist/commands/policy-command.js +9 -14
package/dist/commands/policy-command.js.map +1 -1
package/dist/config/cli-flags.d.ts +8 -1
package/dist/config/cli-flags.d.ts.map +1 -1
package/dist/config/cli-flags.js +121 -34
package/dist/config/cli-flags.js.map +1 -1
package/dist/config/config.d.ts +4 -0
package/dist/config/config.d.ts.map +1 -1
package/dist/config/config.js +25 -13
package/dist/config/config.js.map +1 -1
package/dist/config/runtime-config-revisions.d.ts +15 -0
package/dist/config/runtime-config-revisions.d.ts.map +1 -1
package/dist/config/runtime-config-revisions.js +151 -40
package/dist/config/runtime-config-revisions.js.map +1 -1
package/dist/config/runtime-config.d.ts +87 -4
package/dist/config/runtime-config.d.ts.map +1 -1
package/dist/config/runtime-config.js +366 -14
package/dist/config/runtime-config.js.map +1 -1
package/dist/doctor/checks/config.d.ts.map +1 -1
package/dist/doctor/checks/config.js +85 -6
package/dist/doctor/checks/config.js.map +1 -1
package/dist/doctor/checks/resource-hygiene.d.ts +6 -0
package/dist/doctor/checks/resource-hygiene.d.ts.map +1 -1
package/dist/doctor/checks/resource-hygiene.js +164 -0
package/dist/doctor/checks/resource-hygiene.js.map +1 -1
package/dist/evals/eval-profile.d.ts +1 -1
package/dist/evals/eval-profile.d.ts.map +1 -1
package/dist/evals/eval-profile.js +2 -2
package/dist/evals/eval-profile.js.map +1 -1
package/dist/evals/hybridai-skills-command.d.ts.map +1 -1
package/dist/evals/hybridai-skills-command.js +9 -0
package/dist/evals/hybridai-skills-command.js.map +1 -1
package/dist/gateway/concierge-commands.d.ts.map +1 -1
package/dist/gateway/concierge-commands.js +5 -4
package/dist/gateway/concierge-commands.js.map +1 -1
package/dist/gateway/context-usage.d.ts +25 -0
package/dist/gateway/context-usage.d.ts.map +1 -0
package/dist/gateway/context-usage.js +32 -0
package/dist/gateway/context-usage.js.map +1 -0
package/dist/gateway/gateway-agent-cards.d.ts +1 -0
package/dist/gateway/gateway-agent-cards.d.ts.map +1 -1
package/dist/gateway/gateway-agent-cards.js +1 -0
package/dist/gateway/gateway-agent-cards.js.map +1 -1
package/dist/gateway/gateway-chat-service.d.ts +1 -0
package/dist/gateway/gateway-chat-service.d.ts.map +1 -1
package/dist/gateway/gateway-chat-service.js +114 -18
package/dist/gateway/gateway-chat-service.js.map +1 -1
package/dist/gateway/gateway-client.d.ts +2 -2
package/dist/gateway/gateway-client.d.ts.map +1 -1
package/dist/gateway/gateway-client.js +5 -0
package/dist/gateway/gateway-client.js.map +1 -1
package/dist/gateway/gateway-http-server.d.ts.map +1 -1
package/dist/gateway/gateway-http-server.js +233 -4
package/dist/gateway/gateway-http-server.js.map +1 -1
package/dist/gateway/gateway-lifecycle.d.ts +5 -0
package/dist/gateway/gateway-lifecycle.d.ts.map +1 -1
package/dist/gateway/gateway-lifecycle.js +5 -0
package/dist/gateway/gateway-lifecycle.js.map +1 -1
package/dist/gateway/gateway-plugin-service.d.ts.map +1 -1
package/dist/gateway/gateway-plugin-service.js +11 -10
package/dist/gateway/gateway-plugin-service.js.map +1 -1
package/dist/gateway/gateway-service.d.ts +36 -7
package/dist/gateway/gateway-service.d.ts.map +1 -1
package/dist/gateway/gateway-service.js +1105 -242
package/dist/gateway/gateway-service.js.map +1 -1
package/dist/gateway/gateway-session-status.d.ts +12 -0
package/dist/gateway/gateway-session-status.d.ts.map +1 -1
package/dist/gateway/gateway-session-status.js +125 -5
package/dist/gateway/gateway-session-status.js.map +1 -1
package/dist/gateway/gateway-types.d.ts +102 -22
package/dist/gateway/gateway-types.d.ts.map +1 -1
package/dist/gateway/gateway-types.js.map +1 -1
package/dist/gateway/gateway.js +205 -29
package/dist/gateway/gateway.js.map +1 -1
package/dist/gateway/qr-svg.d.ts +2 -0
package/dist/gateway/qr-svg.d.ts.map +1 -0
package/dist/gateway/qr-svg.js +30 -0
package/dist/gateway/qr-svg.js.map +1 -0
package/dist/gateway/skill-commands.d.ts.map +1 -1
package/dist/gateway/skill-commands.js +158 -103
package/dist/gateway/skill-commands.js.map +1 -1
package/dist/gateway/text-channel-commands.d.ts.map +1 -1
package/dist/gateway/text-channel-commands.js +4 -3
package/dist/gateway/text-channel-commands.js.map +1 -1
package/dist/infra/container-runner.d.ts.map +1 -1
package/dist/infra/container-runner.js +58 -16
package/dist/infra/container-runner.js.map +1 -1
package/dist/infra/host-runner.d.ts.map +1 -1
package/dist/infra/host-runner.js +56 -16
package/dist/infra/host-runner.js.map +1 -1
package/dist/infra/model-response-debug.d.ts +2 -0
package/dist/infra/model-response-debug.d.ts.map +1 -0
package/dist/infra/model-response-debug.js +49 -0
package/dist/infra/model-response-debug.js.map +1 -0
package/dist/infra/stream-debug.d.ts +2 -0
package/dist/infra/stream-debug.d.ts.map +1 -1
package/dist/infra/stream-debug.js +11 -1
package/dist/infra/stream-debug.js.map +1 -1
package/dist/media/path-utils.d.ts +1 -1
package/dist/media/path-utils.d.ts.map +1 -1
package/dist/media/path-utils.js +1 -11
package/dist/media/path-utils.js.map +1 -1
package/dist/media/pdf-context.d.ts.map +1 -1
package/dist/media/pdf-context.js +2 -11
package/dist/media/pdf-context.js.map +1 -1
package/dist/memory/db.d.ts +65 -4
package/dist/memory/db.d.ts.map +1 -1
package/dist/memory/db.js +825 -48
package/dist/memory/db.js.map +1 -1
package/dist/memory/memory-service.d.ts +6 -1
package/dist/memory/memory-service.d.ts.map +1 -1
package/dist/memory/memory-service.js +3 -1
package/dist/memory/memory-service.js.map +1 -1
package/dist/plugins/plugin-install.d.ts.map +1 -1
package/dist/plugins/plugin-install.js +2 -6
package/dist/plugins/plugin-install.js.map +1 -1
package/dist/policy/network-policy.d.ts +1 -1
package/dist/policy/network-policy.d.ts.map +1 -1
package/dist/policy/network-policy.js +1 -1
package/dist/policy/network-policy.js.map +1 -1
package/dist/policy/policy-engine.d.ts +3 -0
package/dist/policy/policy-engine.d.ts.map +1 -0
package/dist/policy/policy-engine.js +2 -0
package/dist/policy/policy-engine.js.map +1 -0
package/dist/policy/skill-policy.d.ts +6 -0
package/dist/policy/skill-policy.d.ts.map +1 -0
package/dist/policy/skill-policy.js +20 -0
package/dist/policy/skill-policy.js.map +1 -0
package/dist/providers/anthropic-discovery.d.ts +3 -0
package/dist/providers/anthropic-discovery.d.ts.map +1 -1
package/dist/providers/anthropic-discovery.js +16 -0
package/dist/providers/anthropic-discovery.js.map +1 -1
package/dist/providers/codex-discovery.d.ts +4 -0
package/dist/providers/codex-discovery.d.ts.map +1 -1
package/dist/providers/codex-discovery.js +3 -0
package/dist/providers/codex-discovery.js.map +1 -1
package/dist/providers/huggingface-discovery.d.ts +3 -0
package/dist/providers/huggingface-discovery.d.ts.map +1 -1
package/dist/providers/huggingface-discovery.js +22 -0
package/dist/providers/huggingface-discovery.js.map +1 -1
package/dist/providers/hybridai-discovery.d.ts +8 -0
package/dist/providers/hybridai-discovery.d.ts.map +1 -1
package/dist/providers/hybridai-discovery.js +18 -0
package/dist/providers/hybridai-discovery.js.map +1 -1
package/dist/providers/hybridai-models.d.ts.map +1 -1
package/dist/providers/hybridai-models.js +4 -120
package/dist/providers/hybridai-models.js.map +1 -1
package/dist/providers/mistral-discovery.d.ts +3 -0
package/dist/providers/mistral-discovery.d.ts.map +1 -1
package/dist/providers/mistral-discovery.js +17 -0
package/dist/providers/mistral-discovery.js.map +1 -1
package/dist/providers/model-catalog.d.ts +9 -0
package/dist/providers/model-catalog.d.ts.map +1 -1
package/dist/providers/model-catalog.js +107 -8
package/dist/providers/model-catalog.js.map +1 -1
package/dist/providers/model-lookup.d.ts +3 -0
package/dist/providers/model-lookup.d.ts.map +1 -0
package/dist/providers/model-lookup.js +39 -0
package/dist/providers/model-lookup.js.map +1 -0
package/dist/providers/model-metadata.d.ts +20 -0
package/dist/providers/model-metadata.d.ts.map +1 -0
package/dist/providers/model-metadata.js +230 -0
package/dist/providers/model-metadata.js.map +1 -0
package/dist/providers/openai-compat-discovery.d.ts +3 -0
package/dist/providers/openai-compat-discovery.d.ts.map +1 -1
package/dist/providers/openai-compat-discovery.js +45 -7
package/dist/providers/openai-compat-discovery.js.map +1 -1
package/dist/providers/openrouter-discovery.d.ts +8 -0
package/dist/providers/openrouter-discovery.d.ts.map +1 -1
package/dist/providers/openrouter-discovery.js +16 -0
package/dist/providers/openrouter-discovery.js.map +1 -1
package/dist/providers/pricing-discovery.d.ts +6 -0
package/dist/providers/pricing-discovery.d.ts.map +1 -0
package/dist/providers/pricing-discovery.js +54 -0
package/dist/providers/pricing-discovery.js.map +1 -0
package/dist/providers/utils.d.ts.map +1 -1
package/dist/providers/utils.js +5 -1
package/dist/providers/utils.js.map +1 -1
package/dist/scheduler/heartbeat.d.ts.map +1 -1
package/dist/scheduler/heartbeat.js +1 -0
package/dist/scheduler/heartbeat.js.map +1 -1
package/dist/scheduler/scheduled-task-runner.d.ts.map +1 -1
package/dist/scheduler/scheduled-task-runner.js +1 -0
package/dist/scheduler/scheduled-task-runner.js.map +1 -1
package/dist/security/confidential-redact.d.ts +41 -0
package/dist/security/confidential-redact.d.ts.map +1 -0
package/dist/security/confidential-redact.js +169 -0
package/dist/security/confidential-redact.js.map +1 -0
package/dist/security/confidential-rules.d.ts +28 -0
package/dist/security/confidential-rules.d.ts.map +1 -0
package/dist/security/confidential-rules.js +150 -0
package/dist/security/confidential-rules.js.map +1 -0
package/dist/security/confidential-runtime.d.ts +37 -0
package/dist/security/confidential-runtime.d.ts.map +1 -0
package/dist/security/confidential-runtime.js +215 -0
package/dist/security/confidential-runtime.js.map +1 -0
package/dist/security/media-paths.d.ts.map +1 -1
package/dist/security/media-paths.js +2 -7
package/dist/security/media-paths.js.map +1 -1
package/dist/security/mount-config.d.ts.map +1 -1
package/dist/security/mount-config.js +3 -10
package/dist/security/mount-config.js.map +1 -1
package/dist/security/runtime-secrets.d.ts +1 -1
package/dist/security/runtime-secrets.d.ts.map +1 -1
package/dist/security/runtime-secrets.js +2 -0
package/dist/security/runtime-secrets.js.map +1 -1
package/dist/session/session-context.d.ts.map +1 -1
package/dist/session/session-context.js +1 -0
package/dist/session/session-context.js.map +1 -1
package/dist/session/session-reset.d.ts.map +1 -1
package/dist/session/session-reset.js +3 -0
package/dist/session/session-reset.js.map +1 -1
package/dist/skills/adaptive-skills-types.d.ts +38 -0
package/dist/skills/adaptive-skills-types.d.ts.map +1 -1
package/dist/skills/agent-scoreboard.d.ts +32 -0
package/dist/skills/agent-scoreboard.d.ts.map +1 -0
package/dist/skills/agent-scoreboard.js +360 -0
package/dist/skills/agent-scoreboard.js.map +1 -0
package/dist/skills/skill-formatters.d.ts +10 -0
package/dist/skills/skill-formatters.d.ts.map +1 -0
package/dist/skills/skill-formatters.js +91 -0
package/dist/skills/skill-formatters.js.map +1 -0
package/dist/skills/skill-import-args.d.ts +1 -1
package/dist/skills/skill-import-args.d.ts.map +1 -1
package/dist/skills/skill-install-mode.d.ts +17 -0
package/dist/skills/skill-install-mode.d.ts.map +1 -0
package/dist/skills/skill-install-mode.js +39 -0
package/dist/skills/skill-install-mode.js.map +1 -0
package/dist/skills/skill-manifest.d.ts +30 -0
package/dist/skills/skill-manifest.d.ts.map +1 -0
package/dist/skills/skill-manifest.js +237 -0
package/dist/skills/skill-manifest.js.map +1 -0
package/dist/skills/skill-run-events.d.ts +72 -0
package/dist/skills/skill-run-events.d.ts.map +1 -0
package/dist/skills/skill-run-events.js +137 -0
package/dist/skills/skill-run-events.js.map +1 -0
package/dist/skills/skill-run-trajectories.d.ts +21 -0
package/dist/skills/skill-run-trajectories.d.ts.map +1 -0
package/dist/skills/skill-run-trajectories.js +120 -0
package/dist/skills/skill-run-trajectories.js.map +1 -0
package/dist/skills/skills-import.d.ts +1 -0
package/dist/skills/skills-import.d.ts.map +1 -1
package/dist/skills/skills-import.js +4 -4
package/dist/skills/skills-import.js.map +1 -1
package/dist/skills/skills-lifecycle.d.ts +54 -0
package/dist/skills/skills-lifecycle.d.ts.map +1 -0
package/dist/skills/skills-lifecycle.js +514 -0
package/dist/skills/skills-lifecycle.js.map +1 -0
package/dist/skills/skills-observation.d.ts +7 -0
package/dist/skills/skills-observation.d.ts.map +1 -1
package/dist/skills/skills-observation.js +145 -32
package/dist/skills/skills-observation.js.map +1 -1
package/dist/skills/skills.d.ts +3 -0
package/dist/skills/skills.d.ts.map +1 -1
package/dist/skills/skills.js +63 -17
package/dist/skills/skills.js.map +1 -1
package/dist/tui-proactive.d.ts.map +1 -1
package/dist/tui-proactive.js +10 -1
package/dist/tui-proactive.js.map +1 -1
package/dist/tui-skill-config.d.ts +1 -1
package/dist/tui-skill-config.d.ts.map +1 -1
package/dist/tui-thinking.d.ts +5 -0
package/dist/tui-thinking.d.ts.map +1 -1
package/dist/tui-thinking.js +157 -3
package/dist/tui-thinking.js.map +1 -1
package/dist/tui.d.ts +4 -0
package/dist/tui.d.ts.map +1 -1
package/dist/tui.js +304 -38
package/dist/tui.js.map +1 -1
package/dist/tunnel/ngrok-tunnel-provider.d.ts +40 -0
package/dist/tunnel/ngrok-tunnel-provider.d.ts.map +1 -0
package/dist/tunnel/ngrok-tunnel-provider.js +119 -0
package/dist/tunnel/ngrok-tunnel-provider.js.map +1 -0
package/dist/tunnel/tunnel-provider.d.ts +13 -0
package/dist/tunnel/tunnel-provider.d.ts.map +1 -0
package/dist/tunnel/tunnel-provider.js +2 -0
package/dist/tunnel/tunnel-provider.js.map +1 -0
package/dist/types/container.d.ts +1 -0
package/dist/types/container.d.ts.map +1 -1
package/dist/types/execution.d.ts +7 -0
package/dist/types/execution.d.ts.map +1 -1
package/dist/types/session.d.ts +4 -0
package/dist/types/session.d.ts.map +1 -1
package/dist/types/usage.d.ts +13 -0
package/dist/types/usage.d.ts.map +1 -1
package/dist/utils/path.d.ts +2 -0
package/dist/utils/path.d.ts.map +1 -0
package/dist/utils/path.js +12 -0
package/dist/utils/path.js.map +1 -0
package/dist/utils/secret-prompt.d.ts.map +1 -1
package/dist/utils/secret-prompt.js +9 -2
package/dist/utils/secret-prompt.js.map +1 -1
package/dist/utils/text-format.d.ts +1 -0
package/dist/utils/text-format.d.ts.map +1 -1
package/dist/utils/text-format.js +5 -0
package/dist/utils/text-format.js.map +1 -1
package/docs/content/README.md +21 -14
package/docs/content/channels/README.md +1 -0
package/docs/content/channels/admin-console.md +13 -2
package/docs/content/channels/overview.md +1 -0
package/docs/content/channels/policies-and-allowlists.md +3 -0
package/docs/content/channels/signal.md +259 -0
package/docs/content/developer-guide/approvals.md +84 -4
package/docs/content/developer-guide/runtime.md +6 -2
package/docs/content/extensibility/adaptive-skills.md +10 -1
package/docs/content/extensibility/skills.md +24 -4
package/docs/content/getting-started/first-channel.md +3 -0
package/docs/content/getting-started/installation.md +59 -0
package/docs/content/getting-started/quickstart.md +10 -0
package/docs/content/guides/remote-access.md +16 -0
package/docs/content/guides/skills/README.md +2 -0
package/docs/content/guides/skills/business-skills.md +114 -0
package/docs/content/internal/roadmap.md +131 -0
package/docs/content/manifesto.md +79 -0
package/docs/content/reference/commands.md +30 -6
package/docs/content/reference/configuration.md +43 -6
package/docs/content/reference/diagnostics.md +11 -0
package/docs/content/reference/model-selection.md +12 -0
package/docs/development/README.md +17 -13
package/docs/development/extensibility/adaptive-skills.md +10 -1
package/docs/development/extensibility/skills.md +24 -4
package/docs/development/getting-started/README.md +1 -1
package/docs/development/getting-started/channels.md +3 -2
package/docs/development/getting-started/installation.md +61 -1
package/docs/development/getting-started/quickstart.md +7 -0
package/docs/development/guides/remote-access.md +16 -0
package/docs/development/guides/skills/README.md +2 -0
package/docs/development/guides/skills/business-skills.md +114 -0
package/docs/development/internals/approvals.md +78 -1
package/docs/development/reference/commands.md +32 -7
package/docs/development/reference/configuration.md +28 -6
package/docs/development/reference/diagnostics.md +11 -0
package/docs/development/reference/model-selection.md +12 -0
package/docs/index.html +12 -12
package/docs/static/docs.js +4 -1
package/package.json +2 -1
package/console/dist/assets/chat-BSXPZ8qI.css +0 -1
package/console/dist/assets/chat-FEmn1-LG.js +0 -93
package/console/dist/assets/cx-D_Ee3160.js +0 -1
package/console/dist/assets/index-D63KL_Xr.js +0 -15
package/console/dist/assets/index-DbvykpXR.css +0 -1
package/docs/chat.html +0 -4417

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,152 @@
 ## Unreleased
+## [0.14.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.14.0) - 2026-04-28
+### Added
+- **Signal channel**: HybridClaw can connect to Signal through a
+  `signal-cli` compatible daemon, with private-by-default DM and group
+  policies, outbound chunk pacing, reconnect handling, admin QR linking, and a
+  full setup guide.
+- **Confidential-info filter and audit leak scanner**: Operators can define
+  NDA-class client, project, person, keyword, and regex rules in
+  `.confidential.yml`; prompts are redacted before model calls, responses are
+  rehydrated for the user, and `hybridclaw audit scan-leaks` can inspect
+  historic audit logs with severity and type filters.
+- **Admin statistics and agent scoreboard**: The admin console adds
+  `/admin/statistics` for session, message, token, cost, and channel trends,
+  plus `/admin/agent-scoreboard` for per-agent skill scores, best skills,
+  reliability, timing, and CV links.
+- **Live context usage controls**: Web chat shows a live context-usage ring,
+  local sessions support `/context`, and compaction headroom is visible before
+  long-running chats hit the model window.
+- **Packaged skill lifecycle**: Production skills can declare manifests with
+  package id, version, capabilities, required credentials, and supported
+  channels. Operators can install, upgrade, uninstall, list revisions, and roll
+  back managed skills with audited snapshots.
+- **Skill autonomy and stakes policy foundations**: `skills.autonomy` records
+  per-agent skill autonomy levels, the container approval policy can classify
+  high-stakes actions, and conditional skill availability can be routed through
+  the generalized policy engine.
+- **Deployment config and ngrok tunnel provider**: Runtime config now declares
+  local or cloud deployment mode, public URLs, tunnel provider intent, and a
+  built-in ngrok tunnel provider backed by the encrypted `NGROK_AUTHTOKEN`
+  secret.
+- **Nix and Homebrew packaging groundwork**: The repo ships a multi-arch Nix
+  flake, NixOS service module, contributor dev shell, packaging notes, and a
+  preview Homebrew formula for future tap publication.
+- **Model metadata, pricing, and monthly usage rollups**: `/model info`,
+  `/usage`, and the admin Models page surface discovered context windows,
+  output limits, capabilities, pricing, and monthly per-model spend when
+  providers expose that metadata.
+- **Headful browser control**: Browser tools can run a visible Chrome session
+  when a user explicitly asks for headed/headful control, while shared browser
+  login profiles stay reusable for automation.
+- **Agent-to-agent and trajectory persistence foundations**: The runtime can
+  persist A2A envelopes and opt-in redacted skill-run trajectories, creating
+  the data trail needed for multi-agent handoffs, skill evaluation, and future
+  workflow tuning.
+### Changed
+- **Browser chat is more operational**: Chat navigation is session-id driven,
+  recent sessions keep richer snippets, the composer can switch agents, slash
+  result streams render correctly, and context-ring data is shared with the
+  `/context` command.
+- **Agent terminology and profile data are consistent**: The UI and internal
+  persistence moved from coworker compatibility naming to agent naming, while
+  agent configs gained owner, role, and CV fields.
+- **Model and provider status is discovery-led**: Provider catalogs cache
+  runtime discovery, merge pinned entries with discovered models, remove stale
+  static pricing assumptions, and keep status/model-info output focused on the
+  active model.
+- **Approval and policy evaluation is more explicit**: Approval tiers can be
+  influenced by autonomy level and stakes classification, invalid policy
+  regexes and thresholds warn early, and unsafe realpath inspection during
+  approval classification is avoided.
+- **Local diagnostics are more precise**: Gateway debug startup flags can
+  capture raw model responses and last prompts for local troubleshooting, and
+  `doctor` resource hygiene can reclaim stale gateway artifacts more safely.
+- **TUI and status reporting are quieter and more useful**: Proactive polling
+  runs less often, streamed TUI responses preserve visible text, transient tool
+  lines truncate cleanly, and status output includes tokens-per-second and
+  time-to-first-token aware metrics.
+### Fixed
+- **Web fetch is guarded against SSRF**: Plain HTTP retrieval now enforces
+  private-network protections more consistently before escalating to browser
+  tools.
+- **Headful browser launches require system Chrome**: Visible browser control
+  refuses unstable headed macOS fallback launches and reports the required
+  Chrome executable setup instead.
+- **Voice turns survive relay reconnects**: Twilio voice relay reconnects no
+  longer lose the active turn state while the gateway is handling a call.
+- **Chat history and streaming edge cases are closed**: Result-only slash
+  streams render, tool-call sentinels are stripped before storage, regenerated
+  replies include tools used, context rings stay visible, and `/chat.html`
+  redirects preserve query strings.
+- **Skill lifecycle and manifest handling are stricter**: Managed skill
+  installs require installed status records, validate snapshot entries, cap
+  restored file modes, preserve unknown deployment tunnel providers, and reject
+  upgrades for uninstalled packages.
+- **Channel runtimes shut down more predictably**: WhatsApp and voice shutdown
+  paths cancel stale work, Signal delivery validates daemon/account state, and
+  channel send tools remain scoped to active transports.
+## [0.13.1](https://github.com/HybridAIOne/hybridclaw/tree/v0.13.1) - 2026-04-24
+### Added
+- **Delegation runtime reporting**: Delegated agent runs now persist their own
+  request logs, audit tool events, model usage, token counts, and artifacts.
+  `/status` rolls first-level delegate usage into the session summary when a
+  dedicated delegate model is configured.
+- **Dedicated proactive delegate model**: Added
+  `proactive.delegation.model`, allowing operators to run delegated tasks on a
+  different model from the parent orchestration turn.
+- **Live delegate progress in the TUI**: Delegate batches now stream status
+  blocks, child tool progress, token totals, and synthesized final-answer
+  deltas into local TUI sessions without interrupting the active prompt.
+- **Shared gateway command parsing helpers**: Added common parsing utilities
+  for command ids, lower-case subcommands, and integer arguments across
+  policy, concierge, skill, session, usage, export, audit, and schedule
+  commands.
+### Changed
+- **Delegation prompts and approvals are clearer**: Delegation metadata moves
+  into the child user prompt, subagents get more explicit tool-use guidance,
+  duplicate delegate task titles are tracked independently, and `delegate` is
+  classified as green because child tool calls are approved separately.
+- **TUI activity rendering is more stable**: Running tools pulse in place,
+  completed tools switch to a green checkmark, streamed text row counts are
+  tracked incrementally, and delegate tool calls suppress partial parent text
+  until delegate output is ready.
+- **Console chat navigation is easier to reach**: The chat sidebar collapses
+  to an icon rail on desktop, exposes a mobile topbar trigger, and respects
+  reduced-motion preferences.
+- **Encrypted web-search credentials feed runtimes consistently**: Brave,
+  Perplexity, and Tavily API keys are resolved through the runtime secret store
+  and injected into host/container agent runtimes from the active encrypted
+  credentials, with environment variables used as fallback.
+- **Liquid/LFM local model tool prompts are more compatible**: Local
+  OpenAI-compatible Liquid/LFM requests include a compact tool list in the
+  system prompt while preserving normal tool-choice request fields.
+### Fixed
+- **WhatsApp shutdown no longer waits on stale inbound batches**: Runtime
+  shutdown cancels debounced WhatsApp batches, aborts in-flight handlers,
+  stops typing indicators, and avoids starting new typing state after shutdown
+  begins.
+- **Console audit inspection stays visible while browsing events**: The audit
+  detail panel remains sticky as the event list scrolls.
+- **Whitespace-padded command arguments normalize consistently**: Gateway
+  command handlers now trim ids and lower-case subcommands through shared
+  helpers before dispatching.
 ## [0.13.0](https://github.com/HybridAIOne/hybridclaw/tree/v0.13.0) - 2026-04-22
 ### Added

package/README.md CHANGED Viewed

@@ -19,9 +19,9 @@ security, and operational visibility. It combines sandboxed execution, secure
 credentials, approvals, persistent memory, and admin surfaces behind a single
 gateway.
-Connect it to Discord, Slack, WhatsApp, Telegram, Microsoft Teams, email,
-Twilio voice, or the web. Run it locally, deploy it for business workflows,
-and keep your agents, secrets, and data under your control.
+Connect it to Discord, Slack, Signal, WhatsApp, Telegram, Microsoft Teams,
+email, Twilio voice, or the web. Run it locally, deploy it for business
+workflows, and keep your agents, secrets, and data under your control.
 [Quick Start](https://www.hybridclaw.io/docs/getting-started/quickstart) ·
 [Installation](https://www.hybridclaw.io/docs/getting-started/installation) ·
@@ -78,7 +78,7 @@ Open locally:
 - Chat UI: `http://127.0.0.1:9090/chat`
 - Admin UI: `http://127.0.0.1:9090/admin` for channels, versioned agent files,
-  scheduler, audit, config, and channel-specific instructions
+  scheduler, audit, statistics, config, and channel-specific instructions
 - Agents UI: `http://127.0.0.1:9090/agents`
 - OpenAI-compatible API: `http://127.0.0.1:9090/v1/models` and `http://127.0.0.1:9090/v1/chat/completions`
@@ -95,16 +95,21 @@ Once the gateway is running, open HybridClaw locally:
 - Web Chat: `http://127.0.0.1:9090/chat`
 - Web Chat keeps a recent-session sidebar and can search conversation titles
   with contextual snippets before you reopen an older browser session
+- Web Chat shows live context-window usage, accepts `/context`, and lets you
+  switch the active agent from the composer
 - Web Chat accepts `/btw <question>` side questions while a primary run is
   active, so you can ask an ephemeral follow-up without interrupting the
   current run
 - Admin Console: `http://127.0.0.1:9090/admin` for channels, versioned agent files,
-  scheduler, audit, config, and channel-specific instructions
+  scheduler, audit, statistics, config, and channel-specific instructions
 - Agent Dashboard: `http://127.0.0.1:9090/agents`
-- or connect Slack, WhatsApp, Telegram, Discord, Microsoft Teams, Email
+- or connect Slack, Signal, WhatsApp, Telegram, Discord, Microsoft Teams, Email
 ## Operator workflows
+- Install from npm, source, or the multi-arch Nix flake; a preview Homebrew
+  formula is available for `--HEAD` builds while stable tap publication is
+  prepared.
 - `hybridclaw gateway status` reports sandbox/runtime details, and in
   container mode it includes the configured image name plus the resolved
   version and short image id.
@@ -114,23 +119,39 @@ Once the gateway is running, open HybridClaw locally:
 - `/admin/agents` edits allowlisted bootstrap markdown files such as
   `AGENTS.md`, keeps saved revisions, and restores earlier versions from the
   browser.
+- `/admin/statistics` reports message, session, token, cost, and channel trends
+  across a selected date range.
+- `/admin/agent-scoreboard` ranks agents by observed skill scores, reliability,
+  timing, best skills, and CV links.
 - `hybridclaw agent config` accepts generated JSON payloads to upsert agent
   metadata, write bootstrap markdown, import profile images into the agent
   workspace, and optionally activate the agent.
 - `/admin/channels` edits transport config, encrypted channel credentials,
-  Twilio voice settings, and per-channel instructions that are injected into
-  prompts at runtime.
+  Signal QR linking, Twilio voice settings, and per-channel instructions that
+  are injected into prompts at runtime.
 - `/admin/approvals` manages approval policies from the browser.
 - `/admin/gateway` reloads runtime config and refreshes secrets from the
   browser without tearing down the enclosing workspace container; keep
   `hybridclaw gateway restart` for local/manual full restarts.
+- `/context` and the web chat context ring show current context-window usage,
+  remaining headroom, and compaction counts for the active session.
+- `proactive.delegation.model` can pin delegated work to a different model
+  from the parent turn; `/status` shows delegate token totals and local-token
+  share when that split is configured.
+- `deployment.mode`, `deployment.public_url`, and `deployment.tunnel.provider`
+  describe local/cloud exposure. The built-in ngrok tunnel provider reads
+  `NGROK_AUTHTOKEN` from the encrypted runtime secret store.
 - `container.persistBashState` controls whether bash tool calls share shell
   state (`cd`, exported env vars, aliases) across turns in the same active
   runtime session; `/admin/config` exposes the same setting as `Persistent bash state`.
+- `hybridclaw audit scan-leaks` scans historical audit logs against optional
+  `.confidential.yml` rules for NDA-class client, project, person, keyword,
+  and regex matches.
 - Generated artifacts remain downloadable and attachable even when the sandbox
   exposes a custom workspace display root such as `/app`.
-- `hybridclaw tui` includes a keyboard-driven approval picker and prints a
-  ready-to-run `hybridclaw tui --resume <sessionId>` command on exit.
+- `hybridclaw tui` includes live delegate progress, pulsing tool rows,
+  completion checkmarks, a keyboard-driven approval picker, and a ready-to-run
+  `hybridclaw tui --resume <sessionId>` command on exit.
 - `hybridclaw doctor` checks runtime health including resource hygiene
   maintenance for stale gateway artifacts.
 - `hybridclaw onboarding` and related local setup flows can restore the last
@@ -138,6 +159,9 @@ Once the gateway is running, open HybridClaw locally:
   `config.json` becomes invalid.
 - `hybridclaw skill import` supports community sources, local directories,
   and `.zip` archives.
+- `hybridclaw skill install <source>`, `skill upgrade`, `skill revisions`, and
+  `skill rollback` manage packaged business skills with manifests, audit
+  events, and snapshots.
 - The bundled tutorials cover owner, GTM, marketing, sales, DevRel, content,
   invoicing, webinar, and release-launch workflows that can run from the TUI,
   web chat, or connected channels.
@@ -157,14 +181,23 @@ Once the gateway is running, open HybridClaw locally:
   Kimi, MiniMax, DashScope, Xiaomi, Kilo Code, and local backends such as
   Ollama, LM Studio, llama.cpp, and vLLM. Remote OpenAI-compatible providers
   can merge runtime-discovered model catalogs with operator-pinned lists.
+- `/model info`, `/usage monthly`, `/usage model monthly`, and the admin
+  Models page surface discovered context windows, output limits, model
+  capabilities, pricing, and per-model monthly spend where provider metadata is
+  available.
 - Anthropic can run through the direct Messages API with `ANTHROPIC_API_KEY`
   or through the official Claude CLI transport in host sandbox mode.
+- Brave, Perplexity, and Tavily web-search credentials can live in the
+  encrypted runtime secret store and are passed into host or container agent
+  runtimes from the active config.
 - Google OAuth credentials for Workspace skills live in the encrypted runtime
   secret store; agent runtimes receive short-lived access tokens for `gog` and
   `gws` instead of long-lived refresh tokens.
 - Skills can be enabled or disabled globally or per channel from
   `hybridclaw skill enable|disable`, TUI `/skill config`, or the admin
   `Skills` page.
+- Packaged skills can declare versioned manifests, capabilities, required
+  credentials, supported channels, and per-agent autonomy policy.
 - Bundled skills include API-backed Google Workspace workflows (`gog`, `gws`),
   GitHub issue queue processing (`gh-issues`), and editable Excalidraw diagram
   creation.
@@ -203,6 +236,8 @@ Once the gateway is running, open HybridClaw locally:
 ## Security and governance built in
 - secure credential storage
+- optional confidential-info redaction before model calls
+- retroactive audit leak scanning
 - sandboxed execution
 - approvals
 - audit trails with hash chain
@@ -226,11 +261,12 @@ Once the gateway is running, open HybridClaw locally:
 ## Architecture
-- **Gateway service** (Node.js) — shared message/command handlers, SQLite persistence (KV + semantic + knowledge graph + canonical sessions + usage events), scheduler, heartbeat, web/API, loopback OpenAI-compatible API, and channel integrations for Discord, Slack, Microsoft Teams, Telegram, iMessage, WhatsApp, Twilio voice, and email
+- **Gateway service** (Node.js) — shared message/command handlers, SQLite persistence (KV + semantic + knowledge graph + canonical sessions + usage events), scheduler, heartbeat, web/API, loopback OpenAI-compatible API, and channel integrations for Discord, Slack, Signal, Microsoft Teams, Telegram, iMessage, WhatsApp, Twilio voice, and email
 - **TUI client** — thin client over HTTP (`/api/chat`, `/api/command`) with
   a structured startup banner that surfaces model, sandbox, gateway, and
-  chatbot context before the first prompt, an interactive approval picker for
-  pending approvals, and an exit summary with a ready-to-run resume command
+  chatbot context before the first prompt, live delegate status/progress,
+  an interactive approval picker for pending approvals, and an exit summary
+  with a ready-to-run resume command
 - **Container** (Docker, ephemeral) — HybridAI API client, sandboxed tool executor, and preinstalled browser automation runtime with cursor-aware snapshots for JS-heavy custom UI
 - Communication via file-based IPC (input.json / output.json)
@@ -260,6 +296,7 @@ Browse the full manual at
   [Discord](https://www.hybridclaw.io/docs/channels/discord),
   [Slack](https://www.hybridclaw.io/docs/channels/slack),
   [Telegram](https://www.hybridclaw.io/docs/channels/telegram),
+  [Signal](https://www.hybridclaw.io/docs/channels/signal),
   [Email](https://www.hybridclaw.io/docs/channels/email),
   [WhatsApp](https://www.hybridclaw.io/docs/channels/whatsapp),
   [iMessage](https://www.hybridclaw.io/docs/channels/imessage), and

package/SECURITY.md CHANGED Viewed

@@ -101,6 +101,39 @@ Implementation: [src/session/session-key.ts](./src/session/session-key.ts),
 [src/session/session-routing.ts](./src/session/session-routing.ts),
 [src/memory/db.ts](./src/memory/db.ts)
+### 4.1) Confidential-Info Filter (NDA / secret-leak detector)
+Optional, opt-in filter that prevents NDA-class business data from leaving the
+host:
+- Define rules in `.confidential.yml`. The loader checks the current working
+  directory first (`./.confidential.yml`) and then
+  `~/.hybridclaw/.confidential.yml`; first hit wins. The file holds clients,
+  projects, people, keywords, and regex patterns, each tagged with a
+  sensitivity level.
+- Before every prompt is sent to a model, matches are replaced with stable
+  placeholders (`«CONF:CLIENT_001»`); the mapping is held in process memory and
+  forgotten when the request ends.
+- Streaming text deltas and the final response are rehydrated for the user, so
+  the model never sees the original strings but the user sees real names.
+- Disabled via `HYBRIDCLAW_CONFIDENTIAL_DISABLE=1` for debugging or dry-runs.
+A retroactive scanner walks existing audit logs to surface possible past leaks
+and assigns a 0-100 risk score:
+```bash
+hybridclaw audit scan-leaks                # scan every session
+hybridclaw audit scan-leaks <sessionId>    # scan one session
+hybridclaw audit scan-leaks --level high   # critical/high only
+hybridclaw audit scan-leaks --type in,out  # prompts and model responses only
+hybridclaw audit scan-leaks --json         # machine-readable report
+```
+Implementation: [src/security/confidential-rules.ts](./src/security/confidential-rules.ts),
+[src/security/confidential-redact.ts](./src/security/confidential-redact.ts),
+[src/security/confidential-runtime.ts](./src/security/confidential-runtime.ts),
+[src/audit/leak-scanner.ts](./src/audit/leak-scanner.ts).
 ### 5) Audit & Tamper Evidence
 Security-relevant behavior is written to structured audit logs:

package/config.example.json CHANGED Viewed

@@ -1,23 +1,32 @@
 {
-  "version": 21,
+  "version": 23,
   "security": {
     "trustModelAccepted": false,
     "trustModelAcceptedAt": "",
     "trustModelVersion": "",
     "trustModelAcceptedBy": ""
   },
+  "deployment": {
+    "mode": "local",
+    "public_url": "",
+    "tunnel": {
+      "provider": "manual"
+    }
+  },
   "skills": {
     "extraDirs": [],
     "disabled": [],
     "channelDisabled": {
       "discord": [],
       "msteams": [],
+      "signal": [],
       "slack": [],
       "telegram": [],
       "voice": [],
       "whatsapp": [],
       "email": []
-    }
+    },
+    "installed": []
   },
   "tools": {
     "disabled": []
@@ -25,6 +34,7 @@
   "channelInstructions": {
     "discord": "",
     "msteams": "",
+    "signal": "",
     "slack": "",
     "telegram": "",
     "voice": "This is a live phone call. Produce plain spoken text only.\nKeep each reply short and conversational, usually one or two short sentences.\nAbsolutely no markdown, bullets, numbered lists, headings, code fences, tables, JSON, or decorative formatting.\nDo not narrate internal reasoning, planning, tool usage, or stage directions. Say only what the caller should hear.\nDo not spell punctuation, formatting marks, or raw URLs unless the caller explicitly asks for exact characters.",
@@ -35,6 +45,10 @@
   "adaptiveSkills": {
     "enabled": false,
     "observationEnabled": true,
+    "trajectoryCapture": {
+      "enabledAgentIds": [],
+      "storeDir": ""
+    },
     "inspectionIntervalMs": 3600000,
     "observationRetentionDays": 30,
     "trailingWindowHours": 168,
@@ -157,6 +171,18 @@
     "textChunkLimit": 4000,
     "mediaMaxMb": 20
   },
+  "signal": {
+    "enabled": false,
+    "daemonUrl": "http://127.0.0.1:8080",
+    "account": "",
+    "dmPolicy": "allowlist",
+    "groupPolicy": "disabled",
+    "allowFrom": [],
+    "groupAllowFrom": [],
+    "textChunkLimit": 4000,
+    "reconnectIntervalMs": 5000,
+    "outboundDelayMs": 350
+  },
   "whatsapp": {
     "dmPolicy": "pairing",
     "groupPolicy": "disabled",
@@ -525,6 +551,7 @@
     },
     "delegation": {
       "enabled": true,
+      "model": "",
       "maxConcurrent": 3,
       "maxDepth": 2,
       "maxPerTurn": 3