@inetafrica/open-claudia 2.6.37 → 2.6.39

package/core/pack-review.js

@@ -9,14 +9,21 @@
 const { spawnSubagent } = require("./subagent");
 const packs = require("./packs");
 const entities = require("./entities");
+const lessons = require("./lessons");
 const packGuard = require("./pack-guard");
 const { redactSensitive } = require("./redact");
 
 const MIN_TURN_CHARS = 400;
-const MAX_TEXT_CHARS = 7000;
-const REVIEW_MODEL = process.env.PACK_REVIEW_MODEL || "haiku";
+const MAX_TEXT_CHARS = 16000;
+// Create/merge decisions need real judgement (the cheap model over-created
+// per-version/per-facet packs), so default to the latest Sonnet. Override with
+// PACK_REVIEW_MODEL if cost/latency of running it on every substantial turn matters.
+const REVIEW_MODEL = process.env.PACK_REVIEW_MODEL || "claude-sonnet-4-6";
 const MAX_ACTIONS = 2;
 const MAX_ENTITY_ACTIONS = 3;
+// Lessons are precious always-on budget — at most one promotion per turn,
+// and only when the turn shows a genuine miss.
+const MAX_LESSON_ACTIONS = 1;
 
 function enabled() {
   return (process.env.PACK_REVIEW || "on").toLowerCase() !== "off";
@@ -52,14 +59,22 @@ function formatAnnouncement(lines) {
 }
 
 function buildReviewPrompt(userText, assistantText) {
-  const index = packs.listPacks().map((p) =>
-    `- ${p.dir}: ${p.name} — ${p.description}${p.tags.length ? ` [${p.tags.join(", ")}]` : ""}`
-  ).join("\n") || "(none yet)";
+  const index = packs.listPacks().map((p) => {
+    const ab = p.kind === "ability" ? " ◆ability" : "";
+    const prov = p.kind === "ability" && p.learned_on
+      ? ` (learned on ${p.learned_on}${p.applied_on && p.applied_on.length ? `; applied on ${p.applied_on.join(", ")}` : ""})`
+      : "";
+    return `- ${p.dir}: ${p.name} — ${p.description}${p.tags.length ? ` [${p.tags.join(", ")}]` : ""}${ab}${prov}`;
+  }).join("\n") || "(none yet)";
 
   const entityIndex = entities.listEntities().map((e) =>
     `- ${e.slug}: ${e.name} (${e.type})${e.aliases.length ? ` aka ${e.aliases.join(", ")}` : ""} — ${e.description}`
   ).join("\n") || "(none yet)";
 
+  const lessonIndex = lessons.listLessons().map((l) =>
+    `- ${l.text}${l.src ? ` (src: ${l.src})` : ""}`
+  ).join("\n") || "(none yet)";
+
   return `You are the memory reviewer for a personal AI assistant. After each conversation turn you decide whether the assistant's long-term "context packs" and "entity notes" should change.
 
 A context pack is a living document about ONE topic (a project, a system, a recurring task, a domain). It has four sections:
@@ -72,12 +87,19 @@ An entity note is a short memory file about ONE specific named entity — a pers
 - Notes: current truth about the entity (who/what it is, role, preferences, relationships). Replaces wholesale.
 - Log: one-line dated observations, appended.
 
+An ABILITY is a special kind of pack (kind:"ability") for a REUSABLE HOW-TO that is NOT tied to one project — a procedure, pattern, or technique you would follow just as well on a different project later (e.g. "ship a mobile app: bump versionCode, build the APK, push the in-app updater"; "safely run a destructive DB write"; "wire up a new ArgoCD app"). A normal pack (kind:"context", the default) is about ONE project/system and stays scoped to it. Decide by NATURE, not by repetition: if THIS turn demonstrated a self-contained method you would re-run on a DIFFERENT project, capture it as an ability the FIRST time you see it — do not wait for it to recur. Give an ability an ACTIVITY-oriented name, description, and tags (what you DO — the verbs, tools, and artifacts involved) so it can be found later from a different project by the work being done, not by a project name. Set "learned_on" to the project pack dir this turn worked on and list that same dir in "applied_on". If an ability below (marked ◆ability) already covers the method, do NOT duplicate it — UPDATE it and add the current project dir to "applied_on" so it visibly transfers.
+
+A LESSON is a single always-loaded rule (NOT topic-gated like packs/entities — it loads on every turn). Lessons exist for ONE purpose: to stop a recurring mistake. Propose a lesson ONLY when THIS turn shows the assistant MISSED something it should already have known — i.e. the user corrected the assistant ("no", "that's wrong", "actually it's X"), or signalled repetition ("again", "I keep telling you", "as I said", "I've told you before", "like I mentioned"). That friction is the proof that topic-matched memory failed, so the corrected fact must move to the always-on tier. No correction/repetition signal in the turn → NO lesson (return an empty lessons array). A lesson is the CORRECT fact written as one crisp imperative line, cross-cutting and durable (a mechanism, rule, or constraint that will matter on future, possibly off-topic turns) — never a one-off task detail or a fact with no miss behind it. Point "src" at the pack that should hold the full context if one fits. If an existing lesson below already covers it, reuse its EXACT wording so it reinforces rather than duplicating.
+
 Existing packs:
 ${index}
 
 Known entities:
 ${entityIndex}
 
+Current lessons (always loaded):
+${lessonIndex}
+
 The turn to review:
 
 <user_message>
@@ -92,22 +114,27 @@ Decide. Rules:
 - Bias toward action: if the turn did real work on an identifiable topic (a named system, project, server, app, person, or domain), record it — at minimum a journal line. Most working turns deserve one. Reserve empty actions for small talk, pure status checks, and turns that contain nothing new.
 - UPDATE an existing pack when the turn touched that topic: append a journal line, and rewrite State if where-things-stand changed. Update Stance when the user expressed a lasting preference or rule; Procedure when a verified working method emerged.
 - PROMOTE durable conclusions out of the Journal. A confirmed root-cause diagnosis, an established fact, or a settled design decision must go into Stance/Procedure/State (the parts always injected in full), NOT only a Journal line — Journal is truncated to the last few lines on injection, so a conclusion left only there will silently fall out of recall over time.
-- CREATE a pack when the turn worked on a durable topic no existing pack covers. Topics recur more than you expect — a named system or project is durable by default. Do not create packs for one-off trivia, and prefer update when an existing pack fits.
+- CREATE a pack ONLY when the turn worked on a durable topic that NO existing pack covers. Before creating, scan the existing packs above for one already about this project/system/domain — if one exists, UPDATE it instead. A new pack must be a genuinely DISTINCT topic, never a narrower facet, version, release, sub-feature, phase, or component of a topic an existing pack already owns. In particular: a release or version of a project (e.g. a pack named after "<project> v2.6.39") is a Journal line + State update on that project's EXISTING pack — NEVER its own pack. Likewise sub-features of one system belong in that system's pack, not in siblings. When unsure whether something is a new topic or a facet of an existing one, treat it as a facet and UPDATE. Do not create packs for one-off trivia.
+- ABILITY vs CONTEXT: most creates are context packs (a project/system tracker). Create an ability (kind:"ability") only for a genuinely reusable how-to as defined above, and always set learned_on + applied_on to the originating project dir. When a turn re-used an EXISTING ability on a NEW project, do NOT create anything — UPDATE that ability and put the new project dir in "applied_on" so the cross-project reuse is recorded.
 - Never store secrets, tokens, passwords, or credentials.
 - State should be concise (under 150 words). Journal entries one sentence. Never start a journal or log sentence with a date — dates are prepended automatically.
 - At most ${MAX_ACTIONS} pack actions.
 - Entities: add an item when the turn revealed something durable about a specific named person, place, project, org, or system — their role, status, preferences, or relationship to other work. Use the existing entity name when one matches (check aliases). Skip entities mentioned only in passing with nothing learned. Notes under 100 words; "notes" null means leave Notes unchanged. At most ${MAX_ENTITY_ACTIONS} entity items.
 - Packs and entities are independent — a turn can update both, either, or neither. Do not duplicate the same fact in a pack AND an entity unless it genuinely belongs to both.
+- Lessons are the rare case: at most ${MAX_LESSON_ACTIONS} per turn, and ONLY on a real correction/repetition signal as defined above. The default is an empty lessons array. When you do promote one, ALSO record the same fact in the appropriate pack (update/create) so the durable home stays authoritative — the lesson is just the always-on shortcut. Never put secrets in a lesson.
 
 Reply with ONLY a JSON object, no prose, no code fences:
 {"actions": [
-  {"action": "update", "pack": "<existing dir>", "journal": "<one sentence>", "state": "<full new State or null>", "stance": null, "procedure": null}
-  | {"action": "create", "dir": "<kebab-slug>", "name": "<title>", "description": "<one line: when this pack is relevant>", "tags": ["..."], "stance": "<or empty>", "procedure": "<or empty>", "state": "<where things stand>", "journal": "<one sentence>"}
+  {"action": "update", "pack": "<existing dir>", "journal": "<one sentence>", "state": "<full new State or null>", "stance": null, "procedure": null, "applied_on": ["<project dir, ONLY when this turn re-applied an existing ability to a new project>"]}
+  | {"action": "create", "dir": "<kebab-slug>", "name": "<title>", "description": "<one line: when this pack is relevant>", "tags": ["..."], "kind": "context|ability", "learned_on": "<originating project dir — abilities only>", "applied_on": ["<project dirs — abilities only>"], "stance": "<or empty>", "procedure": "<or empty>", "state": "<where things stand>", "journal": "<one sentence>"}
 ],
 "entities": [
   {"name": "<canonical name>", "type": "person|place|project|org|system|thing", "aliases": ["..."], "description": "<one line: who/what this is>", "notes": "<full new Notes or null>", "log": "<one sentence observation>"}
+],
+"lessons": [
+  {"text": "<the correct fact as one crisp imperative line>", "src": "<pack dir that holds the full context, or empty>", "trigger": "<the exact correction/repetition phrase from the turn>"}
 ]}
-or {"actions": [], "entities": []}`;
+or {"actions": [], "entities": [], "lessons": []}`;
 }
 
 function parseDecision(text) {
@@ -119,7 +146,8 @@ function parseDecision(text) {
     const obj = JSON.parse(raw.slice(start, end + 1));
     const actions = Array.isArray(obj.actions) ? obj.actions.slice(0, MAX_ACTIONS) : (obj.action ? [obj] : []);
     const entityActions = Array.isArray(obj.entities) ? obj.entities.slice(0, MAX_ENTITY_ACTIONS) : [];
-    return { actions, entities: entityActions };
+    const lessonActions = Array.isArray(obj.lessons) ? obj.lessons.slice(0, MAX_LESSON_ACTIONS) : [];
+    return { actions, entities: entityActions, lessons: lessonActions };
   } catch (e) {
     return null;
   }
@@ -139,6 +167,35 @@ function guardCheck(a) {
   return hit;
 }
 
+// Deterministic dedupe backstop for the create path. Even with the prompt rule,
+// a cheap model tends to spawn a fresh pack for each version/release/facet of a
+// project an existing pack already owns. This catches two robust signals — a
+// slug that is a hyphen-boundary prefix/extension of an existing pack dir, and a
+// version-named proposal whose name/description strongly matches an existing
+// pack — and the caller folds the proposal into that pack instead. Conservative
+// by design (only context packs; only a clear prefix relationship or a versioned
+// proposal with a strong text match) so genuinely distinct topics still get their
+// own pack. Mirrors the structural "no lesson without a trigger" enforcement.
+function findDuplicatePack({ dir, name, description, tags }) {
+  const slug = packs.slugify(dir || name || "");
+  if (!slug) return null;
+  const contextDirs = packs.listPacks().filter((p) => p.kind !== "ability").map((p) => p.dir);
+  for (const d of contextDirs) {
+    if (d === slug) continue;
+    if (slug.startsWith(d + "-") || d.startsWith(slug + "-")) return d;
+  }
+  const tagStr = Array.isArray(tags) ? tags.join(" ") : "";
+  const versioned = /\bv?\d+\.\d+(?:\.\d+)?\b|\brelease\b|\bv\d+\b/i.test(`${slug} ${name || ""} ${description || ""} ${tagStr}`);
+  if (versioned) {
+    const ctx = new Set(contextDirs);
+    const text = `${name || ""} ${description || ""} ${tagStr}`.trim();
+    for (const m of packs.matchPacks(text, { limit: 3, threshold: 4 })) {
+      if (m.dir !== slug && ctx.has(m.dir)) return m.dir;
+    }
+  }
+  return null;
+}
+
 function applyAction(a) {
   if (!a || typeof a !== "object") return null;
   const guard = guardCheck(a);
@@ -154,14 +211,38 @@ function applyAction(a) {
       stance: typeof a.stance === "string" ? a.stance : "",
       procedure: typeof a.procedure === "string" ? a.procedure : "",
     }, "reviewer");
-    return { kind: "update", dir: a.pack, name: existing.name, note: a.journal || "state updated", protectedStance: !!r.protectedStance };
+    // Cross-project reuse: only abilities carry applied_on, so ignore the field
+    // on context packs (keeps project trackers churn-free).
+    let appliedTo = null;
+    if (existing.kind === "ability" && Array.isArray(a.applied_on)) {
+      for (const proj of a.applied_on.map((x) => String(x || "").trim()).filter(Boolean)) {
+        if (packs.recordApplied(a.pack, proj)) appliedTo = proj;
+      }
+    }
+    return { kind: "update", dir: a.pack, name: existing.name, note: a.journal || (appliedTo ? `reused on ${appliedTo}` : "state updated"), protectedStance: !!r.protectedStance, appliedTo };
   }
   if (a.action === "create" && (a.dir || a.name)) {
     const dir = packs.slugify(a.dir || a.name);
+    const kind = a.kind === "ability" ? "ability" : "context";
+    const learned_on = String(a.learned_on || "").trim();
+    const applied_on = Array.isArray(a.applied_on)
+      ? a.applied_on.map((x) => String(x || "").trim()).filter(Boolean)
+      : [];
+    const projects = applied_on.length ? applied_on : (learned_on ? [learned_on] : []);
     if (packs.readPack(dir)) {
       packs.updatePack(dir, { journal: a.journal || "", state: a.state || "" }, "reviewer");
+      if (kind === "ability") for (const proj of projects) packs.recordApplied(dir, proj);
       return { kind: "update", dir, name: a.name || dir, note: a.journal || "state updated" };
     }
+    // Deterministic dedupe: a versioned/facet proposal folds INTO the project
+    // pack it belongs to rather than spawning a sibling (abilities are exempt —
+    // they are activity-named and cross-project by design).
+    const dupeDir = kind === "context" ? findDuplicatePack({ dir, name: a.name, description: a.description, tags: a.tags }) : null;
+    if (dupeDir && packs.readPack(dupeDir)) {
+      packs.updatePack(dupeDir, { journal: a.journal || "", state: a.state || "" }, "reviewer");
+      const ex = packs.readPack(dupeDir);
+      return { kind: "update", dir: dupeDir, name: (ex && ex.name) || dupeDir, note: a.journal || "folded a new-pack proposal into the existing pack" };
+    }
     const pack = packs.createPack({
       dir,
       name: a.name,
@@ -171,8 +252,11 @@ function applyAction(a) {
       procedure: a.procedure || "",
       state: a.state || "",
       journal: a.journal || "",
+      kind,
+      learned_on: kind === "ability" ? learned_on : "",
+      applied_on: kind === "ability" ? projects : [],
     }, "reviewer");
-    return { kind: "create", dir: pack.dir, name: pack.name, note: a.description || "" };
+    return { kind: "create", dir: pack.dir, name: pack.name, note: a.description || "", ability: kind === "ability", learned_on: pack.learned_on };
   }
   return null;
 }
@@ -190,6 +274,25 @@ function applyEntityAction(e) {
   return { kind: created ? "create" : "update", slug: entity.slug, name: entity.name, type: entity.type, note: e.log || e.description || "" };
 }
 
+function applyLessonAction(l) {
+  if (!l || typeof l !== "object") return null;
+  const text = String(l.text || "").trim();
+  if (!text) return null;
+  // Structural enforcement of "promote only after a miss": the model must
+  // cite the in-turn correction/repetition phrase. No trigger → no lesson,
+  // regardless of what the model decided.
+  if (!String(l.trigger || "").trim()) return null;
+  const guard = packGuard.scanForInjection(text, { strict: true });
+  if (guard.flagged) {
+    console.warn(`[pack-review] guard blocked lesson (${guard.kind}): ${guard.evidence || text.slice(0, 60)}`);
+    return { kind: "skipped", reason: guard.kind };
+  }
+  const r = lessons.addLesson({ text, src: String(l.src || "").trim(), origin: "reviewer" });
+  if (r.added) return { kind: "create", id: r.id, text, overCap: !!r.overCap };
+  if (r.reinforced) return { kind: "reinforce", id: r.id, text };
+  return { kind: "skipped", reason: r.reason || "not added" };
+}
+
 // Fire-and-forget. `announce` is an async (text) => void bound to the
 // originating channel; failures are logged, never thrown into the turn.
 function reviewTurn({ userText, assistantText, channelId, announce }) {
@@ -206,17 +309,19 @@ function reviewTurn({ userText, assistantText, channelId, announce }) {
     systemPrompt: "You are a background memory reviewer. Reply with ONLY the requested JSON object. No prose, no markdown, no tool use.",
   }).then(({ text }) => {
     const decision = parseDecision(text);
-    if (!decision || (decision.actions.length === 0 && decision.entities.length === 0)) return;
+    if (!decision || (decision.actions.length === 0 && decision.entities.length === 0 && (decision.lessons || []).length === 0)) return;
     const lines = [];
     for (const a of decision.actions) {
       try {
         const r = applyAction(a);
         if (r && r.kind === "skipped") {
           lines.push(`🛡️ Skipped a memory write that looked like an injected instruction (${r.reason}).`);
+        } else if (r && r.kind === "create" && r.ability) {
+          lines.push(`🧩 New ability: ${r.name}${r.learned_on ? ` (learned on ${r.learned_on})` : ""}\n${clipWords(r.note, 180)}\n↳ open-claudia pack show ${r.dir}`);
+        } else if (r && r.kind === "create") {
+          lines.push(`📦 New pack: ${r.name}\n${clipWords(r.note, 180)}\n↳ open-claudia pack show ${r.dir}`);
         } else if (r) {
-          lines.push(r.kind === "create"
-            ? `📦 New pack: ${r.name}\n${clipWords(r.note, 180)}\n↳ open-claudia pack show ${r.dir}`
-            : `✏️ ${r.name} — ${clipWords(r.note, 180)}\n↳ open-claudia pack show ${r.dir}`);
+          lines.push(`✏️ ${r.name} — ${clipWords(r.note, 180)}${r.appliedTo ? ` 🧩 (now also applies to ${r.appliedTo})` : ""}\n↳ open-claudia pack show ${r.dir}`);
         }
       } catch (e) {
         console.warn(`[pack-review] apply failed: ${e.message}`);
@@ -235,6 +340,23 @@ function reviewTurn({ userText, assistantText, channelId, announce }) {
         console.warn(`[pack-review] entity apply failed: ${e.message}`);
       }
     }
+    for (const la of (decision.lessons || [])) {
+      try {
+        const r = applyLessonAction(la);
+        if (!r) continue;
+        if (r.kind === "skipped") {
+          if (r.reason && /exfil|override|base64/.test(r.reason)) {
+            lines.push(`🛡️ Skipped a lesson that looked like an injected instruction (${r.reason}).`);
+          }
+        } else if (r.kind === "create") {
+          lines.push(`📌 New lesson — I got this wrong before, so I'll always keep it loaded now:\n"${clipWords(r.text, 200)}"${r.overCap ? "\n(That's over the lessons cap — the nightly dream will tidy.)" : ""}`);
+        } else if (r.kind === "reinforce") {
+          lines.push(`📌 Reinforced a lesson I keep needing — clearly worth keeping front of mind:\n"${clipWords(r.text, 200)}"`);
+        }
+      } catch (e) {
+        console.warn(`[pack-review] lesson apply failed: ${e.message}`);
+      }
+    }
     if (lines.length > 0 && typeof announce === "function") {
       announce(formatAnnouncement(lines)).catch(() => {});
     }
@@ -243,4 +365,4 @@ function reviewTurn({ userText, assistantText, channelId, announce }) {
   });
 }
 
-module.exports = { reviewTurn, parseDecision, applyAction, applyEntityAction, buildReviewPrompt, clipWords, ENTITY_EMOJI };
+module.exports = { reviewTurn, parseDecision, applyAction, applyEntityAction, applyLessonAction, buildReviewPrompt, clipWords, ENTITY_EMOJI };

package/core/packs.js

@@ -66,6 +66,10 @@ function serialize(pack) {
     `tags: ${(pack.tags || []).join(", ")}`,
   ];
   if (pack.parent) fmLines.push(`parent: ${pack.parent}`);
+  if (pack.skill) fmLines.push("skill: true");
+  if (pack.kind && pack.kind !== "context") fmLines.push(`kind: ${pack.kind}`);
+  if (pack.learned_on) fmLines.push(`learned_on: ${pack.learned_on}`);
+  if (Array.isArray(pack.applied_on) && pack.applied_on.length) fmLines.push(`applied_on: ${pack.applied_on.join(", ")}`);
   fmLines.push(
     `created: ${pack.created || new Date().toISOString()}`,
     `updated: ${pack.updated || new Date().toISOString()}`,
@@ -98,6 +102,10 @@ function readPack(dir) {
     description: fm.description || "",
     tags: (fm.tags || "").split(",").map((t) => t.trim()).filter(Boolean),
     parent: fm.parent || null,
+    skill: fm.skill === "true" || fm.skill === true,
+    kind: fm.kind || "context",
+    learned_on: fm.learned_on || "",
+    applied_on: (fm.applied_on || "").split(",").map((t) => t.trim()).filter(Boolean),
     created: fm.created || "",
     updated: fm.updated || (stat ? stat.mtime.toISOString() : ""),
     last_used: fm.last_used || "",
@@ -128,6 +136,83 @@ function findPack(nameOrDir) {
   return listPacks().find((p) => p.dir.toLowerCase() === needle || p.name.toLowerCase() === needle) || null;
 }
 
+// Packs explicitly flagged as reusable how-tos. These get an always-on
+// Tier-1 index in the system prompt (name + description), so the agent knows
+// the skill exists and can load its Procedure on demand. Most packs are
+// project trackers, not skills — so this is opt-in, not "any pack with a
+// Procedure".
+function listSkillPacks() {
+  return listPacks().filter((p) => p.skill && !p.archived);
+}
+
+function setSkill(nameOrDir, on) {
+  const pack = findPack(nameOrDir);
+  if (!pack) return null;
+  pack.skill = !!on;
+  if (on && pack.kind !== "ability") pack.kind = "ability";
+  pack.updated = new Date().toISOString();
+  writePack(pack);
+  return pack;
+}
+
+// Reusable abilities (how-tos / patterns / themes) — kind:"ability". These are
+// the nodes that transfer across projects via governed-by edges, and the pool
+// the always-on skill index is promoted from. Project trackers are kind:"context".
+function listAbilities() {
+  return listPacks().filter((p) => p.kind === "ability" && !p.archived);
+}
+
+function setKind(nameOrDir, kind) {
+  const pack = findPack(nameOrDir);
+  if (!pack) return null;
+  pack.kind = String(kind || "context").trim() || "context";
+  pack.updated = new Date().toISOString();
+  writePack(pack);
+  return pack;
+}
+
+// Record that an ability was applied on a project (provenance of reuse): appends
+// to applied_on (deduped) and sets learned_on to the first project if unset.
+function recordApplied(nameOrDir, project) {
+  const pack = findPack(nameOrDir);
+  if (!pack || !project) return null;
+  const proj = String(project).trim();
+  if (!proj) return pack;
+  if (!pack.learned_on) pack.learned_on = proj;
+  const set = new Set(pack.applied_on || []);
+  set.add(proj);
+  pack.applied_on = [...set];
+  pack.updated = new Date().toISOString();
+  writePack(pack);
+  return pack;
+}
+
+// Close the learning loop from actual USE. Given the node ids the agent opened
+// together in one turn (pack:<dir> / entity:<slug>), treat every ability opened
+// alongside a project (context) pack as "this ability was applied while working
+// on that project" and record it. applied_on growing is what forms the
+// project→ability governed-by edge on the next structural sync, so reuse
+// transfers automatically from real use. Returns the pairs NEWLY transferred
+// (for a one-line "it transfers there now too" announcement).
+function recordCoUse(openedIds) {
+  const opened = [...new Set(openedIds || [])]
+    .filter((id) => typeof id === "string" && id.startsWith("pack:"))
+    .map((id) => readPack(id.slice(5)))
+    .filter(Boolean);
+  const abilities = opened.filter((p) => p.kind === "ability");
+  const contexts = opened.filter((p) => p.kind !== "ability");
+  const transferred = [];
+  for (const ab of abilities) {
+    for (const ctx of contexts) {
+      if (ab.dir === ctx.dir) continue;
+      const isNew = !(ab.applied_on || []).includes(ctx.dir);
+      recordApplied(ab.dir, ctx.dir);
+      if (isNew) transferred.push({ ability: ab.dir, abilityName: ab.name, project: ctx.dir, projectName: ctx.name });
+    }
+  }
+  return transferred;
+}
+
 function writePack(pack) {
   ensureDir();
   const dir = path.join(PACKS_DIR, pack.dir);
@@ -137,7 +222,7 @@ function writePack(pack) {
   return pack.dir;
 }
 
-function createPack({ dir, name, description, tags, stance, procedure, state, journal, parent }, origin = "user") {
+function createPack({ dir, name, description, tags, stance, procedure, state, journal, parent, skill, kind, learned_on, applied_on }, origin = "user") {
   const d = slugify(dir || name);
   if (!d) throw new Error("pack needs a name");
   if (readPack(d)) throw new Error(`pack ${d} already exists`);
@@ -147,6 +232,10 @@ function createPack({ dir, name, description, tags, stance, procedure, state, jo
     description: description || "",
     tags: Array.isArray(tags) ? tags : [],
     parent: parent || null,
+    skill: !!skill,
+    kind: kind || "context",
+    learned_on: learned_on || "",
+    applied_on: Array.isArray(applied_on) ? applied_on : [],
     created: new Date().toISOString(),
     sections: {
       Stance: stance || "",
@@ -227,12 +316,15 @@ function recordForegroundWrite(dir, { tool, oldString, content } = {}) {
 
 // Apply a reviewer mutation. Only supplied fields change; journal entries
 // append (capped); state replaces (it represents "current truth").
-function updatePack(dir, { description, tags, stance, procedure, state, journal } = {}, origin = "user") {
+function updatePack(dir, { description, tags, stance, procedure, state, journal, skill, kind, learned_on } = {}, origin = "user") {
   const pack = readPack(dir);
   if (!pack) throw new Error(`no pack: ${dir}`);
   pack.updated = new Date().toISOString();
   if (description) pack.description = description;
   if (Array.isArray(tags) && tags.length) pack.tags = tags;
+  if (typeof skill === "boolean") pack.skill = skill;
+  if (typeof kind === "string" && kind.trim()) pack.kind = kind.trim();
+  if (typeof learned_on === "string" && learned_on.trim()) pack.learned_on = learned_on.trim();
   const applied = [];
   let protectedStance = false;
   if (typeof stance === "string" && stance.trim()) {
@@ -470,6 +562,7 @@ function matchPacks(text, { limit = 3, threshold = null } = {}) {
 module.exports = {
   PACKS_DIR, SECTIONS, slugify,
   listPacks, findPack, readPack, writePack, createPack, updatePack, removePack,
+  listSkillPacks, setSkill, listAbilities, setKind, recordApplied, recordCoUse,
   touchUsed, packNameFromPath, matchPacks, reindex, markIndexDirty,
   archivePack, restorePack, listArchived,
   readProvenance, provenanceOf, setProvenance, recordForegroundWrite,

package/core/recall/graph.js

@@ -264,6 +264,7 @@ function parseLinks(text) {
 }
 
 function isSharedConcern(pack) {
+  if (pack && pack.kind === "ability") return true;
   const tags = (pack.tags || []).map((t) => t.toLowerCase());
   return tags.includes("shared") || tags.includes("concern") || tags.includes("cross-cutting");
 }
@@ -303,6 +304,22 @@ function syncFromCorpus(packsLib, entitiesLib) {
       const type = targetPack && isSharedConcern(targetPack) ? "governed-by" : "related";
       if (addEdge(id, target, type)) count++;
     }
+    // Abilities transfer across projects: derive governed-by edges from the
+    // ability's OWN provenance (learned_on + applied_on) so the link forms after
+    // the FIRST occurrence, without having to mutate the project packs. Direction
+    // matches the [[link]] convention — project (child) → ability (concern).
+    if (p.kind === "ability") {
+      const projects = new Set(
+        [p.learned_on, ...(p.applied_on || [])]
+          .map((x) => String(x || "").trim().toLowerCase())
+          .filter(Boolean)
+      );
+      for (const proj of projects) {
+        const src = resolve(proj);
+        if (!src || src === id) continue;
+        if (addEdge(src, id, "governed-by")) count++;
+      }
+    }
   }
   for (const e of entities) {
     const id = `entity:${e.slug}`;

package/core/recall/index.js

@@ -4,8 +4,10 @@
 // Each engine implements: async run(ctx) -> { packBlock, entityBlock,
 // packMatches, entityMatches }. The active engine is chosen per channel via
 // the `recallEngine` setting (set by the /engine slash command), falling back
-// to the RECALL_ENGINE env var, then to "classic". Unknown names fall back to
-// classic so a bad value can never break recall.
+// to the RECALL_ENGINE env var, then to DEFAULT_ENGINE. Unknown names fall
+// back to the default so a bad value can never break recall. The discoverer is
+// the default: it's fail-open (falls back to the classic keyword baseline on
+// any error), so it never recalls worse than classic, only better.
 
 const classic = require("./classic");
 const discoverer = require("./discoverer");
@@ -15,6 +17,11 @@ const ENGINES = {
   discoverer,
 };
 
+// The default recall engine for channels that haven't explicitly chosen one
+// (recallEngine === null). Single source of truth — flip this to change the
+// product default. `classic` remains selectable as an explicit opt-out.
+const DEFAULT_ENGINE = "discoverer";
+
 function listEngines() {
   return Object.keys(ENGINES);
 }
@@ -22,12 +29,12 @@ function listEngines() {
 function activeEngineName(settings) {
   const fromSettings = settings && settings.recallEngine;
   const fromEnv = process.env.RECALL_ENGINE;
-  const name = String(fromSettings || fromEnv || "classic").toLowerCase();
-  return ENGINES[name] ? name : "classic";
+  const name = String(fromSettings || fromEnv || DEFAULT_ENGINE).toLowerCase();
+  return ENGINES[name] ? name : DEFAULT_ENGINE;
 }
 
 function getEngine(name) {
   return ENGINES[name] || classic;
 }
 
-module.exports = { ENGINES, listEngines, activeEngineName, getEngine };
+module.exports = { ENGINES, listEngines, activeEngineName, getEngine, DEFAULT_ENGINE };

package/core/redact.js

@@ -1,15 +1,37 @@
 // Secret-redaction + terminal-control stripping. Used everywhere we ship
 // CLI output (stderr, stdout, transcripts) back to a chat surface.
 
+// Known literal secrets (operational keyring values) registered at startup
+// and whenever one is set. Matched by literal substring, not regex, so a
+// value containing regex metacharacters can't break or widen the match.
+const dynamicSecrets = new Set();
+
+// Register one or more secret literals to scrub from all future output.
+// Short values are ignored to avoid redacting common substrings.
+function registerSecrets(values) {
+  for (const v of [].concat(values || [])) {
+    const s = String(v == null ? "" : v);
+    if (s.length >= 6) dynamicSecrets.add(s);
+  }
+}
+
+function redactDynamic(text) {
+  let out = String(text);
+  for (const secret of dynamicSecrets) {
+    if (out.includes(secret)) out = out.split(secret).join("[REDACTED_SECRET]");
+  }
+  return out;
+}
+
 function redactSensitive(value) {
-  return String(value || "")
+  return redactDynamic(String(value || "")
     .replace(/sk-ant-[A-Za-z0-9._-]+/g, "[REDACTED_TOKEN]")
     .replace(/sk-proj-[A-Za-z0-9._-]+/g, "[REDACTED_OPENAI_KEY]")
     .replace(/sk-[A-Za-z0-9._-]{20,}/g, "[REDACTED_OPENAI_KEY]")
     .replace(/(Bearer\s+)[A-Za-z0-9._=-]+/gi, "$1[REDACTED_TOKEN]")
     .replace(/(CLAUDE_CODE_OAUTH_TOKEN\s*=\s*)\S+/gi, "$1[REDACTED_TOKEN]")
     .replace(/(OPENAI_API_KEY\s*=\s*)\S+/gi, "$1[REDACTED_OPENAI_KEY]")
-    .replace(/([?&](?:token|access_token|refresh_token|api_key)=)[^\s&]+/gi, "$1[REDACTED]");
+    .replace(/([?&](?:token|access_token|refresh_token|api_key)=)[^\s&]+/gi, "$1[REDACTED]"));
 }
 
 function stripTerminalControls(value) {
@@ -23,4 +45,4 @@ function extractUrls(text) {
   return [...stripTerminalControls(text).matchAll(/https?:\/\/[^\s)]+/g)].map((m) => m[0]);
 }
 
-module.exports = { redactSensitive, stripTerminalControls, extractUrls };
+module.exports = { redactSensitive, registerSecrets, stripTerminalControls, extractUrls };