@lobu/cli 6.1.1 → 7.1.0

package/dist/commands/_lib/apply/desired-state.js

@@ -1,8 +1,36 @@
+import { existsSync, readdirSync, readFileSync } from "node:fs";
 import { readdir, readFile, stat } from "node:fs/promises";
 import { join, resolve } from "node:path";
+import Ajv from "ajv";
+import addFormats from "ajv-formats";
 import { parse as parseToml } from "smol-toml";
 import { ValidationError } from "../../memory/_lib/errors.js";
+import { expandModelDefinition, parseModelYamlFile, validateModel, } from "../../memory/_lib/schema.js";
 import { CONFIG_FILENAME, isLoadError, loadConfig, } from "../../../config/loader.js";
+import { CronExpressionParser } from "cron-parser";
+// ── Connector slug / schedule validators (round-2) ─────────────────────────
+// Mirror packages/server/src/utils/connections.ts CONNECTION_SLUG_PATTERN and
+// the server's validateSchedule (packages/server/src/utils/cron.ts) so the CLI
+// fails loud *before* any mutation instead of getting a server 4xx.
+const CONNECTION_SLUG_PATTERN = /^[a-z0-9][a-z0-9-]{0,62}$/;
+// auth_profiles slugs are sanitized server-side; require canonical form so the
+// diff key matches what is stored (server cap is 80 chars).
+const AUTH_PROFILE_SLUG_PATTERN = /^[a-z0-9][a-z0-9-]{0,79}$/;
+const MIN_CRON_INTERVAL_MS = 60_000;
+function cronError(schedule) {
+    try {
+        const it = CronExpressionParser.parse(schedule);
+        const first = it.next().toDate();
+        const second = it.next().toDate();
+        if (second.getTime() - first.getTime() < MIN_CRON_INTERVAL_MS) {
+            return `schedule "${schedule}" is too frequent (minimum interval is 1 minute)`;
+        }
+        return null;
+    }
+    catch (err) {
+        return `invalid cron expression "${schedule}" — ${err instanceof Error ? err.message : String(err)}`;
+    }
+}
 // ── Stable platform IDs (mirror of file-loader.ts) ─────────────────────────
 //
 // keep in sync with packages/server/src/gateway/config/file-loader.ts
@@ -25,55 +53,48 @@ function asEnvRef(value) {
     const match = ENV_REF.exec(value.trim());
     return match?.[1] ?? null;
 }
+/** Visit every string leaf in `value` (recursing arrays + plain objects). */
+function walkStrings(value, visit) {
+    if (typeof value === "string") {
+        visit(value);
+        return;
+    }
+    if (Array.isArray(value)) {
+        for (const item of value)
+            walkStrings(item, visit);
+        return;
+    }
+    if (value && typeof value === "object") {
+        for (const v of Object.values(value)) {
+            walkStrings(v, visit);
+        }
+    }
+}
+/** Add every `$ENV` reference found among the string leaves of `value`. */
+function collectEnvRefsFrom(value, out) {
+    walkStrings(value, (s) => {
+        const ref = asEnvRef(s);
+        if (ref)
+            out.add(ref);
+    });
+}
 function collectEnvRefs(config, out) {
     for (const agentConfig of Object.values(config.agents)) {
         for (const provider of agentConfig.providers) {
-            if (provider.key) {
-                const ref = asEnvRef(provider.key);
-                if (ref)
-                    out.add(ref);
-            }
-            if (provider.secret_ref) {
-                const ref = asEnvRef(provider.secret_ref);
-                if (ref)
-                    out.add(ref);
-            }
+            if (provider.key)
+                collectEnvRefsFrom(provider.key, out);
+            if (provider.secret_ref)
+                collectEnvRefsFrom(provider.secret_ref, out);
         }
         for (const platform of agentConfig.platforms) {
-            for (const value of Object.values(platform.config)) {
-                const ref = asEnvRef(value);
-                if (ref)
-                    out.add(ref);
-            }
+            collectEnvRefsFrom(platform.config, out);
         }
         if (agentConfig.skills.mcp) {
             for (const mcp of Object.values(agentConfig.skills.mcp)) {
-                if (mcp.headers) {
-                    for (const v of Object.values(mcp.headers)) {
-                        const ref = asEnvRef(v);
-                        if (ref)
-                            out.add(ref);
-                    }
-                }
-                if (mcp.env) {
-                    for (const v of Object.values(mcp.env)) {
-                        const ref = asEnvRef(v);
-                        if (ref)
-                            out.add(ref);
-                    }
-                }
-                if (mcp.oauth) {
-                    if (mcp.oauth.client_id) {
-                        const ref = asEnvRef(mcp.oauth.client_id);
-                        if (ref)
-                            out.add(ref);
-                    }
-                    if (mcp.oauth.client_secret) {
-                        const ref = asEnvRef(mcp.oauth.client_secret);
-                        if (ref)
-                            out.add(ref);
-                    }
-                }
+                collectEnvRefsFrom(mcp.headers, out);
+                collectEnvRefsFrom(mcp.env, out);
+                collectEnvRefsFrom(mcp.oauth?.client_id, out);
+                collectEnvRefsFrom(mcp.oauth?.client_secret, out);
             }
         }
     }
@@ -426,6 +447,17 @@ function buildPlatforms(agentId, agentConfig, env) {
         };
         if (platform.name)
             desired.name = platform.name;
+        if (platform.channels && platform.channels.length > 0) {
+            if (platform.type !== "slack") {
+                throw new ValidationError(`agent "${agentId}" platform "${platform.type}": \`channels\` is only supported for Slack`);
+            }
+            for (const entry of platform.channels) {
+                if (!/^[^/\s]+\/[^/\s]+$/.test(entry.trim())) {
+                    throw new ValidationError(`agent "${agentId}" Slack \`channels\` entry "${entry}" must be in "<teamId>/<channelId>" form (e.g. "T0ABCDEF/C0123ABCD")`);
+                }
+            }
+            desired.channels = platform.channels.map((e) => e.trim());
+        }
         out.push(desired);
     }
     return out;
@@ -435,25 +467,197 @@ function isRecord(value) {
 }
 function parseEntityType(raw) {
     if (!isRecord(raw) || typeof raw.slug !== "string") {
-        throw new ValidationError(`memory.entity_types entries must be objects with a "slug" string field; got ${JSON.stringify(raw)}`);
+        throw new ValidationError(`model-bundle "entities" entries must be objects with a "slug" string field; got ${JSON.stringify(raw)}`);
     }
     const out = { slug: raw.slug };
     if (typeof raw.name === "string")
         out.name = raw.name;
     if (typeof raw.description === "string")
         out.description = raw.description;
-    if (Array.isArray(raw.required)) {
-        out.required = raw.required.filter((v) => typeof v === "string");
+    if (isRecord(raw.metadata_schema)) {
+        if (Array.isArray(raw.metadata_schema.required)) {
+            out.required = raw.metadata_schema.required.filter((v) => typeof v === "string");
+        }
+        if (isRecord(raw.metadata_schema.properties)) {
+            out.properties = raw.metadata_schema.properties;
+        }
     }
-    if (isRecord(raw.properties))
-        out.properties = raw.properties;
     if (isRecord(raw.metadata))
         out.metadata = raw.metadata;
     return out;
 }
+const NOTIFICATION_CHANNELS = new Set(["canvas", "notification", "both"]);
+const NOTIFICATION_PRIORITIES = new Set(["low", "normal", "high"]);
+const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function parseWatcher(raw, modelFileAbsPath) {
+    if (!isRecord(raw) || typeof raw.slug !== "string") {
+        throw new ValidationError(`watcher model files must be objects with a "slug" string field; got ${JSON.stringify(raw)}`);
+    }
+    if (typeof raw.prompt !== "string" || !raw.prompt.trim()) {
+        throw new ValidationError(`watcher "${raw.slug}" is missing a "prompt" string`);
+    }
+    if (typeof raw.agent !== "string" || !raw.agent.trim()) {
+        throw new ValidationError(`watcher "${raw.slug}" is missing an "agent" field — every watcher must name the agent that owns it (e.g. \`agent: my-agent\`, matching an \`[agents.<id>]\` block in lobu.toml)`);
+    }
+    const extractionSchema = isRecord(raw.extraction_schema)
+        ? raw.extraction_schema
+        : {};
+    const out = {
+        slug: raw.slug,
+        agent: raw.agent,
+        prompt: raw.prompt,
+        extractionSchema,
+    };
+    if (typeof raw.name === "string")
+        out.name = raw.name;
+    if (typeof raw.description === "string")
+        out.description = raw.description;
+    if (typeof raw.schedule === "string") {
+        const err = cronError(raw.schedule);
+        if (err) {
+            throw new ValidationError(`watcher "${raw.slug}" ${err}`);
+        }
+        out.schedule = raw.schedule;
+    }
+    if (Array.isArray(raw.sources)) {
+        out.sources = raw.sources
+            .filter(isRecord)
+            .filter((s) => typeof s.name === "string" && typeof s.query === "string")
+            .map((s) => ({ name: s.name, query: s.query }));
+    }
+    // Reaction script — sibling `.ts` file, resolved relative to the YAML.
+    // Path constraints: must be a relative POSIX-style path that stays under
+    // the YAML's directory tree (no leading `/`, no `..` segments), must end
+    // in `.ts`, and the file must be ≤ 256 KiB. The server compiles and
+    // executes the source in an isolate, so the trust boundary is the
+    // operator's file system — this validation prevents a hostile YAML
+    // (e.g. a PR that touches an unrelated model file) from sucking in a
+    // sensitive file like `/etc/passwd` or `../../.ssh/id_rsa`.
+    if (raw.reaction_script !== undefined) {
+        if (typeof raw.reaction_script !== "string" ||
+            !raw.reaction_script.trim()) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` must be a path to a sibling .ts file (e.g. \`reaction_script: ./funnel-digest.ts\`). Inline scripts are not supported — keep the TypeScript in its own file so your IDE can type-check it.`);
+        }
+        const rel = raw.reaction_script.trim();
+        if (rel.startsWith("/") || rel.includes("\\")) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` must be a relative POSIX path (./foo.ts) — absolute paths and backslashes are not allowed`);
+        }
+        if (rel.split("/").some((seg) => seg === "..")) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` must not contain \`..\` segments — keep the script under the model file's directory tree`);
+        }
+        if (!rel.endsWith(".ts")) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` must end in \`.ts\` (got ${JSON.stringify(rel)})`);
+        }
+        const baseDir = resolve(modelFileAbsPath, "..");
+        const abs = resolve(baseDir, rel);
+        // Belt-and-braces — symlinks or unusual relative-path forms shouldn't
+        // escape the baseDir even if the above checks let one through.
+        if (!abs.startsWith(`${baseDir}/`) && abs !== baseDir) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` resolves outside the model directory (${abs})`);
+        }
+        let sourceCode;
+        try {
+            sourceCode = readFileSync(abs, "utf-8");
+        }
+        catch {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` ${rel} does not exist (resolved to ${abs})`);
+        }
+        const REACTION_SCRIPT_MAX_BYTES = 256 * 1024;
+        if (Buffer.byteLength(sourceCode, "utf8") > REACTION_SCRIPT_MAX_BYTES) {
+            throw new ValidationError(`watcher "${raw.slug}" \`reaction_script\` exceeds the ${REACTION_SCRIPT_MAX_BYTES}-byte cap — reaction scripts should be a few hundred lines, not a vendored library`);
+        }
+        out.reactionScript = { sourcePath: abs, sourceCode };
+    }
+    if (raw.reactions_guidance !== undefined) {
+        if (typeof raw.reactions_guidance !== "string") {
+            throw new ValidationError(`watcher "${raw.slug}" \`reactions_guidance\` must be a string`);
+        }
+        out.reactionsGuidance = raw.reactions_guidance;
+    }
+    if (raw.device_worker_id !== undefined) {
+        if (typeof raw.device_worker_id !== "string" ||
+            !UUID_PATTERN.test(raw.device_worker_id.trim())) {
+            throw new ValidationError(`watcher "${raw.slug}" \`device_worker_id\` must be a UUID string (the device_workers.id of the device this watcher should run on)`);
+        }
+        out.deviceWorkerId = raw.device_worker_id.trim();
+    }
+    if (raw.scheduler_client_id !== undefined) {
+        if (typeof raw.scheduler_client_id !== "string" ||
+            !raw.scheduler_client_id.trim()) {
+            throw new ValidationError(`watcher "${raw.slug}" \`scheduler_client_id\` must be a non-empty string`);
+        }
+        out.schedulerClientId = raw.scheduler_client_id.trim();
+    }
+    if (raw.notification_channel !== undefined) {
+        if (typeof raw.notification_channel !== "string" ||
+            !NOTIFICATION_CHANNELS.has(raw.notification_channel)) {
+            throw new ValidationError(`watcher "${raw.slug}" \`notification_channel\` must be one of: canvas, notification, both`);
+        }
+        out.notificationChannel =
+            raw.notification_channel;
+    }
+    if (raw.notification_priority !== undefined) {
+        if (typeof raw.notification_priority !== "string" ||
+            !NOTIFICATION_PRIORITIES.has(raw.notification_priority)) {
+            throw new ValidationError(`watcher "${raw.slug}" \`notification_priority\` must be one of: low, normal, high`);
+        }
+        out.notificationPriority =
+            raw.notification_priority;
+    }
+    if (raw.min_cooldown_seconds !== undefined) {
+        if (typeof raw.min_cooldown_seconds !== "number" ||
+            !Number.isFinite(raw.min_cooldown_seconds) ||
+            raw.min_cooldown_seconds < 0) {
+            throw new ValidationError(`watcher "${raw.slug}" \`min_cooldown_seconds\` must be a non-negative number`);
+        }
+        out.minCooldownSeconds = raw.min_cooldown_seconds;
+    }
+    if (raw.tags !== undefined) {
+        if (!Array.isArray(raw.tags) ||
+            !raw.tags.every((t) => typeof t === "string")) {
+            throw new ValidationError(`watcher "${raw.slug}" \`tags\` must be an array of strings`);
+        }
+        out.tags = raw.tags;
+    }
+    if (raw.agent_kind !== undefined) {
+        if (typeof raw.agent_kind !== "string" || !raw.agent_kind.trim()) {
+            throw new ValidationError(`watcher "${raw.slug}" \`agent_kind\` must be a non-empty string`);
+        }
+        out.agentKind = raw.agent_kind.trim();
+    }
+    if (raw.json_template !== undefined) {
+        out.jsonTemplate = raw.json_template;
+    }
+    if (raw.keying_config !== undefined) {
+        if (!isRecord(raw.keying_config)) {
+            throw new ValidationError(`watcher "${raw.slug}" \`keying_config\` must be an object`);
+        }
+        out.keyingConfig = raw.keying_config;
+    }
+    if (raw.classifiers !== undefined) {
+        if (!Array.isArray(raw.classifiers)) {
+            throw new ValidationError(`watcher "${raw.slug}" \`classifiers\` must be an array`);
+        }
+        out.classifiers = raw.classifiers;
+    }
+    if (raw.condensation_prompt !== undefined) {
+        if (typeof raw.condensation_prompt !== "string") {
+            throw new ValidationError(`watcher "${raw.slug}" \`condensation_prompt\` must be a string`);
+        }
+        out.condensationPrompt = raw.condensation_prompt;
+    }
+    if (raw.condensation_window_count !== undefined) {
+        if (typeof raw.condensation_window_count !== "number" ||
+            raw.condensation_window_count < 2) {
+            throw new ValidationError(`watcher "${raw.slug}" \`condensation_window_count\` must be a number ≥ 2`);
+        }
+        out.condensationWindowCount = raw.condensation_window_count;
+    }
+    return out;
+}
 function parseRelationshipType(raw) {
     if (!isRecord(raw) || typeof raw.slug !== "string") {
-        throw new ValidationError(`memory.relationship_types entries must be objects with a "slug" string field; got ${JSON.stringify(raw)}`);
+        throw new ValidationError(`model-bundle "relationships" entries must be objects with a "slug" string field; got ${JSON.stringify(raw)}`);
     }
     const out = { slug: raw.slug };
     if (typeof raw.name === "string")
@@ -471,57 +675,83 @@ function parseRelationshipType(raw) {
     return out;
 }
 /**
- * Read memory schema files referenced by `[memory].models`. Each YAML
- * file in that directory should declare `type: entity_type` or
- * `type: relationship_type` (matches the seed-cmd schema).
- *
- * v1: parse only entity_type and relationship_type. Watchers are deferred.
+ * Read memory schema files referenced by `[memory].models`. Every nested YAML
+ * file must be a dbt-style `version: 2` bundle with top-level `entities`,
+ * `relationships`, and `watchers` arrays; multi-document YAML streams are
+ * supported. `lobu apply` syncs entity types, relationship types, and watchers
+ * from these files; watcher sync is create-only (drift ignored).
  */
-async function loadMemorySchema(config, projectRoot) {
-    const empty = { entityTypes: [], relationshipTypes: [] };
+async function loadMemoryModels(config, projectRoot) {
+    const empty = {
+        entityTypes: [],
+        relationshipTypes: [],
+        watchers: [],
+    };
     const mem = config.memory;
     if (!mem || mem.enabled === false)
         return empty;
-    const inline = config.memory;
-    if (inline?.schema) {
-        const entityTypesRaw = Array.isArray(inline.schema.entity_types)
-            ? inline.schema.entity_types
-            : [];
-        const relTypesRaw = Array.isArray(inline.schema.relationship_types)
-            ? inline.schema.relationship_types
-            : [];
-        return {
-            entityTypes: entityTypesRaw.map(parseEntityType),
-            relationshipTypes: relTypesRaw.map(parseRelationshipType),
-        };
-    }
     // Models directory (matches seed-cmd's resolution rules).
     const modelsRel = mem.models?.trim() || "./models";
     const modelsPath = resolve(projectRoot, modelsRel);
-    const { existsSync, readdirSync, readFileSync } = await import("node:fs");
-    const { parse: parseYaml } = await import("yaml");
     if (!existsSync(modelsPath))
         return empty;
     const entityTypes = [];
     const relationshipTypes = [];
-    const files = readdirSync(modelsPath)
-        .filter((f) => f.endsWith(".yaml") || f.endsWith(".yml"))
-        .sort();
-    for (const file of files) {
+    const watchers = [];
+    const readModelFiles = (dir, prefix = "") => {
+        return readdirSync(dir, { withFileTypes: true })
+            .sort((a, b) => a.name.localeCompare(b.name))
+            .flatMap((entry) => {
+            const relPath = prefix ? join(prefix, entry.name) : entry.name;
+            const fullPath = join(dir, entry.name);
+            if (entry.isDirectory())
+                return readModelFiles(fullPath, relPath);
+            if (entry.isFile() &&
+                (entry.name.endsWith(".yaml") || entry.name.endsWith(".yml"))) {
+                return [relPath];
+            }
+            return [];
+        });
+    };
+    const errors = [];
+    for (const file of readModelFiles(modelsPath)) {
         const raw = readFileSync(join(modelsPath, file), "utf-8");
-        const parsed = parseYaml(raw);
-        if (!isRecord(parsed) || typeof parsed.type !== "string")
-            continue;
-        if (parsed.type === "entity_type" || parsed.type === "entity") {
-            entityTypes.push(parseEntityType(parsed));
-        }
-        else if (parsed.type === "relationship_type" ||
-            parsed.type === "relationship") {
-            relationshipTypes.push(parseRelationshipType(parsed));
+        const { documents, errors: parseErrors } = parseModelYamlFile(raw, file);
+        errors.push(...parseErrors);
+        for (const { data: document, file: documentFile } of documents) {
+            const expanded = expandModelDefinition(document, documentFile);
+            errors.push(...expanded.errors);
+            for (const model of expanded.models) {
+                const modelErrors = validateModel(model.data, model.file);
+                if (modelErrors.length > 0) {
+                    errors.push(...modelErrors);
+                    continue;
+                }
+                if (model.modelType === "entity") {
+                    entityTypes.push(parseEntityType(model.data));
+                }
+                else if (model.modelType === "relationship") {
+                    relationshipTypes.push(parseRelationshipType(model.data));
+                }
+                else if (model.modelType === "watcher") {
+                    // `model.file` is like `schema.yaml:watchers[0]` (optionally with
+                    // `#docIdx` for multi-doc streams) — strip the synthetic suffix
+                    // before resolving on disk, then map through `modelsPath` to the
+                    // absolute YAML path. `parseWatcher` reads `reaction_script:`
+                    // sibling .ts files relative to that.
+                    const yamlRel = model.file.replace(/[:#].*$/, "");
+                    watchers.push(parseWatcher(model.data, join(modelsPath, yamlRel)));
+                }
+            }
         }
-        // watcher files are out of scope for v1 apply
     }
-    return { entityTypes, relationshipTypes };
+    if (errors.length > 0) {
+        const detail = errors
+            .map((e) => `${e.file}: ${e.field} — ${e.message}`)
+            .join("\n  ");
+        throw new ValidationError(`Model validation failed\n  ${detail}`);
+    }
+    return { entityTypes, relationshipTypes, watchers };
 }
 /**
  * The Zod schema strips unknown keys, so we re-parse the raw TOML to surface
@@ -552,10 +782,534 @@ async function rejectUnsupportedAgentShapes(cwd) {
             continue;
         const watchers = agentConfig.watchers;
         if (Array.isArray(watchers) && watchers.length > 0) {
-            throw new ValidationError(`agent "${agentId}" declares [[agents.${agentId}.watchers]] — \`lobu apply\` does not sync watchers in v1. Remove the block or use \`lobu memory seed\`.`);
+            throw new ValidationError(`agent "${agentId}" declares [[agents.${agentId}.watchers]] in lobu.toml — watchers live in a \`[memory].models\` YAML bundle (the same file as your entity types), each with an \`agent: ${agentId}\` field pointing back here. Move the watcher there.`);
         }
     }
 }
+// ── Connectors (data-source connectors) ───────────────────────────────────
+const AUTH_PROFILE_KINDS = new Set([
+    "env",
+    "oauth_app",
+    "oauth_account",
+    "browser_session",
+]);
+function asString(value) {
+    return typeof value === "string" && value.trim() ? value : undefined;
+}
+function parseConnectionDoc(raw, file) {
+    const slug = asString(raw.slug);
+    if (!slug) {
+        throw new ValidationError(`${file}: \`type: connection\` doc is missing a "slug" string`);
+    }
+    if (!CONNECTION_SLUG_PATTERN.test(slug)) {
+        throw new ValidationError(`${file}: connection slug "${slug}" must match /^[a-z0-9][a-z0-9-]{0,62}$/ (lowercase letters/digits/hyphens, no leading hyphen, ≤63 chars)`);
+    }
+    const connector = asString(raw.connector);
+    if (!connector) {
+        throw new ValidationError(`${file}: connection "${slug}" is missing a "connector" key`);
+    }
+    const out = {
+        slug,
+        connector,
+        feeds: [],
+        sourceFile: file,
+    };
+    const name = asString(raw.name);
+    if (name)
+        out.name = name;
+    const auth = asString(raw.auth);
+    if (auth)
+        out.authProfileSlug = auth;
+    const appAuth = asString(raw.app_auth);
+    if (appAuth)
+        out.appAuthProfileSlug = appAuth;
+    if (raw.device_worker_id !== undefined) {
+        if (typeof raw.device_worker_id !== "string" ||
+            !UUID_PATTERN.test(raw.device_worker_id.trim())) {
+            throw new ValidationError(`${file}: connection "${slug}" \`device_worker_id\` must be a UUID (the device_workers.id of the device this connection runs on)`);
+        }
+        out.deviceWorkerId = raw.device_worker_id.trim();
+    }
+    if (raw.config !== undefined) {
+        if (!isRecord(raw.config)) {
+            throw new ValidationError(`${file}: connection "${slug}" \`config\` must be an object`);
+        }
+        // action_modes is keyed by operation_key and each value must be one of
+        // 'disabled' | 'approval' | 'auto'. The server tolerates unknown values
+        // (falls back to the connector default), so a typo like 'auto-approve'
+        // would silently degrade. Fail fast at apply time instead.
+        if (raw.config.action_modes !== undefined) {
+            if (!isRecord(raw.config.action_modes)) {
+                throw new ValidationError(`${file}: connection "${slug}" \`config.action_modes\` must be an object mapping operation keys to one of: disabled, approval, auto`);
+            }
+            for (const [opKey, mode] of Object.entries(raw.config.action_modes)) {
+                if (mode !== "disabled" && mode !== "approval" && mode !== "auto") {
+                    throw new ValidationError(`${file}: connection "${slug}" \`config.action_modes.${opKey}\` must be one of: disabled, approval, auto (got ${JSON.stringify(mode)})`);
+                }
+            }
+        }
+        out.config = raw.config;
+    }
+    if (raw.feeds !== undefined) {
+        if (!Array.isArray(raw.feeds)) {
+            throw new ValidationError(`${file}: connection "${slug}" \`feeds\` must be an array`);
+        }
+        const seen = new Set();
+        for (const entry of raw.feeds) {
+            if (!isRecord(entry)) {
+                throw new ValidationError(`${file}: connection "${slug}" feed entries must be objects`);
+            }
+            const feedKey = asString(entry.feed);
+            if (!feedKey) {
+                throw new ValidationError(`${file}: connection "${slug}" feed entry is missing a "feed" key`);
+            }
+            if (seen.has(feedKey)) {
+                throw new ValidationError(`${file}: connection "${slug}" declares feed "${feedKey}" twice`);
+            }
+            seen.add(feedKey);
+            const feed = { feedKey };
+            const feedName = asString(entry.name);
+            if (feedName)
+                feed.name = feedName;
+            const schedule = asString(entry.schedule);
+            if (schedule) {
+                const err = cronError(schedule);
+                if (err) {
+                    throw new ValidationError(`${file}: connection "${slug}" feed "${feedKey}" ${err}`);
+                }
+                feed.schedule = schedule;
+            }
+            if (entry.config !== undefined) {
+                if (!isRecord(entry.config)) {
+                    throw new ValidationError(`${file}: connection "${slug}" feed "${feedKey}" \`config\` must be an object`);
+                }
+                feed.config = entry.config;
+            }
+            out.feeds.push(feed);
+        }
+    }
+    return out;
+}
+function parseAuthProfileDoc(raw, file) {
+    const slug = asString(raw.slug);
+    if (!slug) {
+        throw new ValidationError(`${file}: \`type: auth_profile\` doc is missing a "slug" string`);
+    }
+    if (!AUTH_PROFILE_SLUG_PATTERN.test(slug)) {
+        throw new ValidationError(`${file}: auth_profile slug "${slug}" must match /^[a-z0-9][a-z0-9-]{0,79}$/ (lowercase letters/digits/hyphens, no leading hyphen, ≤80 chars)`);
+    }
+    const connector = asString(raw.connector);
+    if (!connector) {
+        throw new ValidationError(`${file}: auth_profile "${slug}" is missing a "connector" key`);
+    }
+    const kind = asString(raw.kind);
+    if (!kind || !AUTH_PROFILE_KINDS.has(kind)) {
+        throw new ValidationError(`${file}: auth_profile "${slug}" \`kind\` must be one of env|oauth_app|oauth_account|browser_session (got ${JSON.stringify(raw.kind)})`);
+    }
+    const out = {
+        slug,
+        connector,
+        kind: kind,
+        sourceFile: file,
+    };
+    const name = asString(raw.name);
+    if (name)
+        out.name = name;
+    if (raw.credentials !== undefined) {
+        if (!isRecord(raw.credentials)) {
+            throw new ValidationError(`${file}: auth_profile "${slug}" \`credentials\` must be an object`);
+        }
+        const creds = {};
+        for (const [k, v] of Object.entries(raw.credentials)) {
+            if (typeof v !== "string") {
+                throw new ValidationError(`${file}: auth_profile "${slug}" credential "${k}" must be a string (use $ENV for secrets)`);
+            }
+            creds[k] = v;
+        }
+        if (kind === "oauth_account" || kind === "browser_session") {
+            if (Object.keys(creds).length > 0) {
+                throw new ValidationError(`${file}: auth_profile "${slug}" has \`kind: ${kind}\` — credentials must not be set; \`lobu apply\` never writes interactive-auth tokens (complete auth via the connect URL).`);
+            }
+        }
+        else {
+            out.credentials = creds;
+        }
+    }
+    return out;
+}
+function parseConnectorDoc(raw, file) {
+    const key = asString(raw.key);
+    if (!key) {
+        throw new ValidationError(`${file}: \`type: connector\` doc is missing a "key" string`);
+    }
+    const sourcePath = asString(raw.source_path);
+    const sourceUrl = asString(raw.source_url);
+    if (!!sourcePath === !!sourceUrl) {
+        throw new ValidationError(`${file}: connector "${key}" must declare exactly one of \`source_path\` or \`source_url\``);
+    }
+    if (sourceUrl) {
+        let parsed;
+        try {
+            parsed = new URL(sourceUrl);
+        }
+        catch {
+            throw new ValidationError(`${file}: connector "${key}" source_url is not a valid URL: ${sourceUrl}`);
+        }
+        if (parsed.protocol !== "https:") {
+            throw new ValidationError(`${file}: connector "${key}" source_url must use https (got ${parsed.protocol}//)`);
+        }
+    }
+    return {
+        key,
+        ...(sourcePath ? { sourcePath } : {}),
+        ...(sourceUrl ? { sourceUrl } : {}),
+    };
+}
+const EMPTY_CONNECTORS = {
+    definitions: [],
+    authProfiles: [],
+    connections: [],
+};
+/**
+ * Load the `[memory].connectors` directory:
+ *  - every `*.connector.ts` is auto-discovered as a connector definition
+ *    (raw source pushed to the server, which compiles + extracts the key)
+ *  - `*.yaml` files are multi-doc (`---`-separated); each doc carries
+ *    `version: 1` and a `type:` of `connection`, `auth_profile`, or `connector`
+ *
+ * `connector:` config validation against the connector's `optionsSchema` /
+ * feed `configSchema` / `authSchema` happens later (in `apply-cmd`) once the
+ * remote connector-definition catalog is available — the CLI never compiles
+ * connectors locally.
+ */
+async function loadConnectors(config, projectRoot, env, envRefs) {
+    const mem = config.memory;
+    if (!mem || mem.enabled === false)
+        return EMPTY_CONNECTORS;
+    const dirRel = mem.connectors?.trim() || "./connectors";
+    const dirPath = resolve(projectRoot, dirRel);
+    let entries;
+    try {
+        entries = (await readdir(dirPath)).sort();
+    }
+    catch {
+        return EMPTY_CONNECTORS;
+    }
+    const { parseAllDocuments } = await import("yaml");
+    const definitionsByKey = new Map();
+    // Keys explicitly declared by a `type: connector` doc (vs auto-discovered
+    // from a `*.connector.ts` filename). A given connector key may be declared by
+    // at most one such doc — even two docs pointing at the same `source_path`.
+    const connectorDocKeyDeclaredBy = new Map();
+    // `.connector.ts` files keyed by their *absolute path* — we don't know the
+    // connector key until the server compiles them. `type: connector` docs with
+    // `source_path:` that point at one of these files just dedupe to the file.
+    const tsFileDefinitions = new Map();
+    const authProfiles = new Map();
+    const connections = new Map();
+    for (const entry of entries) {
+        const entryPath = join(dirPath, entry);
+        let entryStat;
+        try {
+            entryStat = await stat(entryPath);
+        }
+        catch {
+            continue;
+        }
+        if (!entryStat.isFile())
+            continue;
+        // Auto-discovered local connector definition.
+        if (entry.endsWith(".connector.ts")) {
+            const sourceCode = await readFile(entryPath, "utf-8");
+            tsFileDefinitions.set(entryPath, {
+                key: null,
+                sourcePath: entryPath,
+                sourceCode,
+                sourceFile: `${dirRel}/${entry}`,
+            });
+            continue;
+        }
+        if (!entry.endsWith(".yaml") && !entry.endsWith(".yml"))
+            continue;
+        const rel = `${dirRel}/${entry}`;
+        const raw = await readFile(entryPath, "utf-8");
+        let docs;
+        try {
+            docs = parseAllDocuments(raw)
+                .map((doc) => doc.toJSON())
+                .filter((doc) => doc !== null && doc !== undefined);
+        }
+        catch (err) {
+            throw new ValidationError(`${rel}: failed to parse YAML — ${err instanceof Error ? err.message : String(err)}`);
+        }
+        for (const doc of docs) {
+            if (!isRecord(doc)) {
+                throw new ValidationError(`${rel}: each connectors doc must be a mapping with \`version\` and \`type\``);
+            }
+            const type = asString(doc.type);
+            if (!type) {
+                throw new ValidationError(`${rel}: connectors doc is missing a "type" (connection|auth_profile|connector)`);
+            }
+            if (doc.version !== undefined && doc.version !== 1) {
+                throw new ValidationError(`${rel}: unsupported connectors doc version ${JSON.stringify(doc.version)} (expected 1)`);
+            }
+            if (type === "connection") {
+                const conn = parseConnectionDoc(doc, rel);
+                if (connections.has(conn.slug)) {
+                    throw new ValidationError(`${rel}: duplicate connection slug "${conn.slug}"`);
+                }
+                connections.set(conn.slug, conn);
+            }
+            else if (type === "auth_profile") {
+                const profile = parseAuthProfileDoc(doc, rel);
+                if (authProfiles.has(profile.slug)) {
+                    throw new ValidationError(`${rel}: duplicate auth_profile slug "${profile.slug}"`);
+                }
+                if (profile.credentials) {
+                    // Expand `$ENV` refs in-place (collect them too, so the apply
+                    // secrets gate fails loud) — never push literal `$NAME` strings.
+                    const resolved = {};
+                    for (const [k, v] of Object.entries(profile.credentials)) {
+                        const ref = asEnvRef(v);
+                        if (!ref) {
+                            resolved[k] = v;
+                            continue;
+                        }
+                        envRefs.add(ref);
+                        const value = env[ref];
+                        if (value === undefined || value === "") {
+                            throw new ValidationError(`${rel}: auth_profile "${profile.slug}" credential "${k}" references $${ref}, but it is unset or empty in the apply environment`);
+                        }
+                        resolved[k] = value;
+                    }
+                    profile.credentials = resolved;
+                }
+                authProfiles.set(profile.slug, profile);
+            }
+            else if (type === "connector") {
+                const parsed = parseConnectorDoc(doc, rel);
+                const priorDoc = connectorDocKeyDeclaredBy.get(parsed.key);
+                if (priorDoc) {
+                    throw new ValidationError(`connector key "${parsed.key}" is declared by two \`type: connector\` docs — ${priorDoc} and ${rel}; keys must be unique`);
+                }
+                connectorDocKeyDeclaredBy.set(parsed.key, rel);
+                if (parsed.sourceUrl) {
+                    const prior = definitionsByKey.get(parsed.key);
+                    if (prior) {
+                        throw new ValidationError(`connector key "${parsed.key}" is declared twice — in ${prior.sourceFile} and ${rel}; keys must be unique`);
+                    }
+                    const priorTs = [...tsFileDefinitions.values()].find((d) => d.key === parsed.key);
+                    if (priorTs) {
+                        throw new ValidationError(`connector key "${parsed.key}" is declared twice — in ${priorTs.sourceFile} and ${rel}; keys must be unique`);
+                    }
+                    definitionsByKey.set(parsed.key, {
+                        key: parsed.key,
+                        sourceUrl: parsed.sourceUrl,
+                        sourceFile: rel,
+                    });
+                }
+                else if (parsed.sourcePath) {
+                    // `source_path` is resolved relative to the manifest YAML file's
+                    // directory (the connectors/ dir), matching the watcher-classifier
+                    // `source_path` convention.
+                    const abs = resolve(dirPath, parsed.sourcePath);
+                    // The declared key must not collide with another connector definition.
+                    const keyClash = definitionsByKey.get(parsed.key) ??
+                        [...tsFileDefinitions.entries()].find(([p, d]) => d.key === parsed.key && p !== abs)?.[1];
+                    if (keyClash) {
+                        throw new ValidationError(`connector key "${parsed.key}" is declared twice — in ${keyClash.sourceFile} and ${rel}; keys must be unique`);
+                    }
+                    if (tsFileDefinitions.has(abs)) {
+                        // Already auto-discovered as a `*.connector.ts` file; the
+                        // `type: connector` doc just declares its key for clearer output.
+                        const existing = tsFileDefinitions.get(abs);
+                        if (existing) {
+                            if (existing.key !== null && existing.key !== parsed.key) {
+                                throw new ValidationError(`${existing.sourceFile} declares connector key "${existing.key}" but ${rel} declares "${parsed.key}" for the same file — they must agree`);
+                            }
+                            existing.key = parsed.key;
+                        }
+                    }
+                    else {
+                        let sourceCode;
+                        try {
+                            sourceCode = await readFile(abs, "utf-8");
+                        }
+                        catch {
+                            throw new ValidationError(`${rel}: connector "${parsed.key}" \`source_path\` ${parsed.sourcePath} does not exist`);
+                        }
+                        tsFileDefinitions.set(abs, {
+                            key: parsed.key,
+                            sourcePath: abs,
+                            sourceCode,
+                            sourceFile: rel,
+                        });
+                    }
+                }
+            }
+            else {
+                throw new ValidationError(`${rel}: unknown connectors doc type "${type}" (expected connection|auth_profile|connector)`);
+            }
+        }
+    }
+    const allDefs = [...definitionsByKey.values(), ...tsFileDefinitions.values()];
+    const seenKeys = new Map();
+    for (const def of allDefs) {
+        if (def.key === null)
+            continue;
+        const prior = seenKeys.get(def.key);
+        if (prior) {
+            throw new ValidationError(`connector key "${def.key}" is declared twice — in ${prior} and ${def.sourceFile}; keys must be unique`);
+        }
+        seenKeys.set(def.key, def.sourceFile);
+    }
+    return {
+        definitions: allDefs.sort((a, b) => (a.key ?? a.sourceFile).localeCompare(b.key ?? b.sourceFile)),
+        authProfiles: [...authProfiles.values()].sort((a, b) => a.slug.localeCompare(b.slug)),
+        connections: [...connections.values()].sort((a, b) => a.slug.localeCompare(b.slug)),
+    };
+}
+function schemaFromAuthMethods(authSchema) {
+    const kinds = new Set();
+    if (!authSchema || typeof authSchema !== "object")
+        return kinds;
+    const methods = authSchema.methods;
+    if (!Array.isArray(methods))
+        return kinds;
+    for (const method of methods) {
+        if (!isRecord(method))
+            continue;
+        const t = asString(method.type);
+        // ConnectorAuthMethod `type` ∈ env_keys | oauth | browser | interactive | none
+        if (t === "env_keys")
+            kinds.add("env");
+        else if (t === "oauth") {
+            kinds.add("oauth_app");
+            kinds.add("oauth_account");
+        }
+        else if (t === "browser" || t === "interactive") {
+            kinds.add("browser_session");
+        }
+    }
+    return kinds;
+}
+/**
+ * Build per-connector validation schemas from a connector definition. Accepts
+ * either a typed `ConnectorDefinition` (from `@lobu/connector-sdk`) or the
+ * snake_cased shape the server's `manage_connections list_connector_definitions`
+ * returns (`options_schema`, `feeds_schema`, `auth_schema`).
+ */
+export function resolveConnectorSchemas(def) {
+    const optionsSchema = ("optionsSchema" in def ? def.optionsSchema : undefined) ??
+        ("options_schema" in def ? (def.options_schema ?? undefined) : undefined) ??
+        undefined;
+    const feedsRaw = ("feeds" in def ? def.feeds : undefined) ??
+        ("feeds_schema" in def ? (def.feeds_schema ?? undefined) : undefined) ??
+        undefined;
+    const authSchema = ("authSchema" in def ? def.authSchema : undefined) ??
+        ("auth_schema" in def ? (def.auth_schema ?? undefined) : undefined) ??
+        undefined;
+    const feedKeys = new Set();
+    const feedConfigSchemas = new Map();
+    if (feedsRaw && typeof feedsRaw === "object") {
+        for (const [feedKey, feedDef] of Object.entries(feedsRaw)) {
+            if (!feedDef || typeof feedDef !== "object")
+                continue;
+            feedKeys.add(feedKey);
+            const cfg = feedDef.configSchema;
+            if (cfg && typeof cfg === "object") {
+                feedConfigSchemas.set(feedKey, cfg);
+            }
+        }
+    }
+    return {
+        ...(optionsSchema ? { optionsSchema } : {}),
+        feedKeys,
+        feedConfigSchemas,
+        authKinds: schemaFromAuthMethods(authSchema),
+    };
+}
+let sharedAjv = null;
+function getAjv() {
+    if (!sharedAjv) {
+        sharedAjv = new Ajv({ allErrors: true, strict: false });
+        addFormats(sharedAjv);
+    }
+    return sharedAjv;
+}
+function validateAgainstSchema(schema, value, context) {
+    const ajv = getAjv();
+    let validate;
+    try {
+        validate = ajv.compile(schema);
+    }
+    catch (err) {
+        // A malformed connector schema is the connector author's problem, not the
+        // operator's — surface it but don't block the whole apply on it.
+        throw new ValidationError(`${context}: connector declares an invalid JSON schema — ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (!validate(value ?? {})) {
+        const detail = (validate.errors ?? [])
+            .map((e) => `${e.instancePath || "(root)"} ${e.message ?? ""}`.trim())
+            .join("; ");
+        throw new ValidationError(`${context}: ${detail || "does not match the connector schema"}`);
+    }
+}
+/**
+ * Validate a single connection (+ its feeds) and its referenced auth-profile
+ * kinds against a resolved connector schema. Pass `null` to skip schema
+ * checks (e.g. a connector that only exists as a local `.ts` not yet
+ * compiled by the server) — structural checks have already run at load time.
+ */
+export function validateConnectionAgainstConnector(connection, authProfiles, schemas) {
+    // Validate against `{}` when config is omitted too — that surfaces missing
+    // required keys instead of letting an empty config slip through.
+    if (schemas?.optionsSchema) {
+        validateAgainstSchema(schemas.optionsSchema, connection.config ?? {}, `${connection.sourceFile}: connection "${connection.slug}" config`);
+    }
+    for (const feed of connection.feeds) {
+        if (!schemas)
+            continue;
+        if (schemas.feedKeys.size > 0 && !schemas.feedKeys.has(feed.feedKey)) {
+            throw new ValidationError(`${connection.sourceFile}: connection "${connection.slug}" references unknown feed "${feed.feedKey}" for connector "${connection.connector}" (known feeds: ${[...schemas.feedKeys].sort().join(", ") || "(none)"})`);
+        }
+        const feedSchema = schemas.feedConfigSchemas.get(feed.feedKey);
+        if (feedSchema) {
+            validateAgainstSchema(feedSchema, feed.config ?? {}, `${connection.sourceFile}: connection "${connection.slug}" feed "${feed.feedKey}" config`);
+        }
+    }
+    // `auth:` must reference a runtime/account profile (never `oauth_app`);
+    // `app_auth:` must reference an `oauth_app` profile.
+    if (connection.authProfileSlug) {
+        const profile = requireAuthProfile(connection, authProfiles, connection.authProfileSlug);
+        if (profile.kind === "oauth_app") {
+            throw new ValidationError(`${connection.sourceFile}: connection "${connection.slug}" \`auth\` references auth profile "${connection.authProfileSlug}" of kind \`oauth_app\` — use \`app_auth\` for OAuth-app credentials and \`auth\` for the account/runtime profile`);
+        }
+    }
+    if (connection.appAuthProfileSlug) {
+        const profile = requireAuthProfile(connection, authProfiles, connection.appAuthProfileSlug);
+        if (profile.kind !== "oauth_app") {
+            throw new ValidationError(`${connection.sourceFile}: connection "${connection.slug}" \`app_auth\` must reference an \`oauth_app\` auth profile (got \`${profile.kind}\`)`);
+        }
+    }
+}
+function requireAuthProfile(connection, authProfiles, slugRef) {
+    const profile = authProfiles.get(slugRef);
+    if (!profile) {
+        throw new ValidationError(`${connection.sourceFile}: connection "${connection.slug}" references auth profile "${slugRef}" which is not declared in any \`type: auth_profile\` doc`);
+    }
+    if (profile.connector !== connection.connector) {
+        throw new ValidationError(`${connection.sourceFile}: connection "${connection.slug}" references auth profile "${slugRef}" for connector "${profile.connector}", but the connection uses connector "${connection.connector}"`);
+    }
+    return profile;
+}
+export function validateAuthProfileAgainstConnector(profile, schemas) {
+    if (!schemas)
+        return;
+    if (schemas.authKinds.size > 0 && !schemas.authKinds.has(profile.kind)) {
+        throw new ValidationError(`${profile.sourceFile}: auth_profile "${profile.slug}" uses \`kind: ${profile.kind}\`, but connector "${profile.connector}" supports: ${[...schemas.authKinds].sort().join(", ") || "(none)"}`);
+    }
+}
 export async function loadDesiredState(opts) {
     const result = await loadConfig(opts.cwd);
     if (isLoadError(result)) {
@@ -579,19 +1333,56 @@ export async function loadDesiredState(opts) {
         ]);
         const settings = buildAgentSettings(agentConfig, markdown, skillFiles);
         const platforms = buildPlatforms(agentId, agentConfig, env);
+        // Resolve `[[providers]] key = "$VAR"` against the apply env. The
+        // required-secrets gate in apply-cmd already failed loudly if any $VAR
+        // is unset, so a missing value here means the operator omitted `key`
+        // entirely (BYOK / web-UI flow); silently skip those.
+        const providerKeys = [];
+        for (const provider of agentConfig.providers) {
+            if (!provider.key)
+                continue;
+            const ref = asEnvRef(provider.key);
+            const resolved = ref ? env[ref] : provider.key;
+            if (!resolved)
+                continue;
+            providerKeys.push({ providerId: provider.id, value: resolved });
+        }
         const metadata = {
             agentId,
             name: agentConfig.name,
         };
         if (agentConfig.description)
             metadata.description = agentConfig.description;
-        agents.push({ metadata, settings, platforms });
+        agents.push({ metadata, settings, platforms, providerKeys });
+    }
+    const { entityTypes, relationshipTypes, watchers } = await loadMemoryModels(config, opts.cwd);
+    for (const watcher of watchers) {
+        if (!config.agents[watcher.agent]) {
+            throw new ValidationError(`watcher "${watcher.slug}" names agent "${watcher.agent}", but there is no \`[agents.${watcher.agent}]\` block in lobu.toml`);
+        }
     }
-    const memorySchema = await loadMemorySchema(config, opts.cwd);
+    const connectors = opts.only
+        ? { definitions: [], authProfiles: [], connections: [] }
+        : await loadConnectors(config, opts.cwd, env, requiredSecrets);
+    const memory = config.memory && config.memory.enabled !== false
+        ? {
+            ...(config.memory.org ? { org: config.memory.org } : {}),
+            ...(config.memory.organization_id
+                ? { organizationId: config.memory.organization_id }
+                : {}),
+            ...(config.memory.name ? { name: config.memory.name } : {}),
+            ...(config.memory.description
+                ? { description: config.memory.description }
+                : {}),
+        }
+        : undefined;
     return {
         state: {
             agents,
-            memorySchema,
+            ...(memory ? { memory } : {}),
+            memorySchema: { entityTypes, relationshipTypes },
+            watchers,
+            connectors,
             requiredSecrets: [...requiredSecrets].sort(),
         },
         configPath,