@nanhara/hara 0.48.0 → 0.62.0

package/dist/index.js

@@ -6,7 +6,7 @@ import { runTui } from "./tui/run.js";
 import { readClipboardImage } from "./images.js";
 import { describeImages, locateImage, classifyVision, SCREENSHOT_SYSTEM } from "./vision.js";
 import { setTheme } from "./tui/theme.js";
-import { memoryDigest, memoryDir } from "./memory/store.js";
+import { memoryDigest, memoryDir, readRecentLogs, scaffoldMemory } from "./memory/store.js";
 import { nextMode as cycleMode } from "./tui/InputBox.js";
 import { stdin, stdout } from "node:process";
 import { readFileSync, existsSync, writeFileSync, rmSync } from "node:fs";
@@ -15,6 +15,14 @@ import { fileURLToPath } from "node:url";
 import { dirname, join } from "node:path";
 import { loadConfig, configPath, readRawConfig, writeConfigValue, setModelVisionOverride, providerEnvKey, CONFIG_KEYS, APPROVAL_MODES, SANDBOX_MODES, } from "./config.js";
 import { runAgent } from "./agent/loop.js";
+import { notifyDone } from "./notify.js";
+import { startMcpServer, mcpServeToolNames } from "./mcp/server.js";
+import { completionScript } from "./completions.js";
+import { parseVerdict, captureChanges, reviewPrompt, fixPrompt, REVIEWER_SYSTEM, isTreeClean, stripCommitFence } from "./org/review-chain.js";
+import { parseSchedule, describeSchedule, nextRun } from "./cron/schedule.js";
+import { addJob, removeJob, setEnabled, resolveJob, loadJobs, recordRun, logPath } from "./cron/store.js";
+import { runTick, runJobOnce, selfArgv } from "./cron/runner.js";
+import { installScheduler, uninstallScheduler, isInstalled } from "./cron/install.js";
 import { getTools } from "./tools/registry.js";
 import { createAnthropicProvider } from "./providers/anthropic.js";
 import { createOpenAIProvider } from "./providers/openai.js";
@@ -25,9 +33,9 @@ import { collectRepoChunks, collectDirChunks, buildIndex, indexPath, indexExists
 import { searchHybrid } from "./search/hybrid.js";
 import { expandMentions, fileCandidates } from "./context/mentions.js";
 import { newSessionId, shortId, resolveSessionId, saveSession, loadSession, listSessions, latestForCwd, titleFrom, slugify, } from "./session/store.js";
-import { loadRoles, scaffoldRoles } from "./org/roles.js";
+import { loadRoles, scaffoldRoles, subagentToolFilter } from "./org/roles.js";
 import { loadSkillIndex, loadSkillBody, scaffoldSkills, globalSkillsDir } from "./skills/skills.js";
-import { installPlugin, uninstallPlugin, listInstalled, enabledPlugins, setPluginEnabled, pluginMcpServers } from "./plugins/plugins.js";
+import { installPlugin, uninstallPlugin, listInstalled, enabledPlugins, setPluginEnabled, pluginMcpServers, pluginHooks } from "./plugins/plugins.js";
 import { routeByKeywords, buildDispatchPrompt, parseRoleId } from "./org/router.js";
 import { decompose, topoOrder, topoWaves, savePlan, loadPlan, atomPrompt, verify, runCheck } from "./org/planner.js";
 import { connectMcpServers, closeMcp } from "./mcp/client.js";
@@ -46,9 +54,22 @@ import "./tools/agent.js"; // register agent (subagent spawn)
 import "./tools/memory.js"; // register memory_search/get/write/forget/skill_create
 import "./tools/skill.js"; // register the skill loader tool
 import "./tools/codebase.js"; // register codebase_search (repo as a knowledge base)
+import "./tools/todo.js"; // register todo_write (inline task checklist)
 import { computerBackends } from "./tools/computer.js"; // register the computer tool + expose the backend probe
 const here = dirname(fileURLToPath(import.meta.url));
-const pkg = JSON.parse(readFileSync(join(here, "..", "package.json"), "utf8"));
+// Version: from a build-time define in the compiled single-binary (no package.json on its virtual FS),
+// else read package.json (npm install / `node dist`). The read is wrapped so the binary never hits it.
+const pkg = {
+    version: process.env.HARA_BUILD_VERSION ??
+        ((() => {
+            try {
+                return JSON.parse(readFileSync(join(here, "..", "package.json"), "utf8")).version;
+            }
+            catch {
+                return "0.0.0";
+            }
+        })()),
+};
 const maskKey = (v) => (v ? `${v.slice(0, 7)}…${v.slice(-4)}` : "(unset)");
 async function buildProvider(cfg) {
     if (cfg.provider === "qwen-oauth") {
@@ -73,6 +94,61 @@ async function runInit(provider, cwd, sandbox = "off") {
     const history = [{ role: "user", content: INIT_PROMPT }];
     await runAgent(history, { provider, ctx: { cwd, sandbox }, approval: "full-auto", confirm: async () => true });
 }
+/** Stage everything and commit with an AI-written message. Returns a one-line summary or "error: …".
+ *  Used by `hara org --commit`; the caller guards on a clean start tree so this only captures the run's work. */
+async function autoCommit(provider, cwd) {
+    try {
+        await runShell("git add -A", cwd, "off", { timeout: 30_000, maxBuffer: 1_000_000 });
+    }
+    catch {
+        /* fall through — empty diff is reported below */
+    }
+    let diff = "";
+    try {
+        diff = (await runShell("git diff --staged", cwd, "off", { timeout: 30_000, maxBuffer: 8_000_000 })).stdout;
+    }
+    catch (e) {
+        return `error: git diff failed (${e instanceof Error ? e.message : String(e)})`;
+    }
+    if (!diff.trim())
+        return "nothing to commit";
+    const r = await provider.turn({
+        system: COMMIT_SYSTEM,
+        history: [{ role: "user", content: `Write a commit message for these staged changes:\n\n\`\`\`diff\n${diff.slice(0, 120_000)}\n\`\`\`` }],
+        tools: [],
+        onText: () => { },
+    });
+    const msg = stripCommitFence(r.text);
+    if (!msg)
+        return "error: no commit message produced";
+    const tmp = join(tmpdir(), `hara-org-commit-${process.pid}.txt`);
+    writeFileSync(tmp, msg + "\n", "utf8");
+    try {
+        const res = await runShell(`git commit -F ${JSON.stringify(tmp)}`, cwd, "off", { timeout: 30_000, maxBuffer: 1_000_000 });
+        return (res.stdout || "").trim().split("\n")[0] || "committed";
+    }
+    catch (e) {
+        return `error: git commit failed (${e instanceof Error ? e.message : String(e)})`;
+    }
+    finally {
+        try {
+            rmSync(tmp);
+        }
+        catch {
+            /* best-effort cleanup */
+        }
+    }
+}
+/** Format an autoCommit result + emit it. */
+async function commitStep(provider, cwd) {
+    const r = await autoCommit(provider, cwd);
+    if (r.startsWith("error:"))
+        out(c.red(`✗ ${r}\n`));
+    else if (r === "nothing to commit")
+        out(c.dim("(nothing to commit)\n"));
+    else
+        out(c.green(`✓ committed · ${r.slice(0, 100)}\n`));
+}
 /** Dispatch a task to the owning role and run that role's agent (its persona + tool subset + model). */
 async function runOrg(task, o) {
     const roles = loadRoles(o.cwd);
@@ -113,7 +189,7 @@ async function runOrg(task, o) {
             ? (n) => !role.denyTools.includes(n)
             : undefined;
     const history = [{ role: "user", content: expandMentions(task, o.cwd) }];
-    await runAgent(history, {
+    const runImplementer = () => runAgent(history, {
         provider: roleProvider,
         ctx: { cwd: o.cwd, sandbox: o.sandbox },
         approval: o.approval,
@@ -124,6 +200,61 @@ async function runOrg(task, o) {
         systemOverride: role.system,
         toolFilter,
     });
+    const wasClean = o.commit ? isTreeClean(o.cwd) : false; // capture BEFORE the implementer edits anything
+    const doCommit = async (ok) => {
+        if (!o.commit)
+            return;
+        if (!ok)
+            return void out(c.yellow("(not committing — review didn't approve; changes left in your working tree)\n"));
+        if (!wasClean)
+            return void out(c.yellow("(not auto-committing — the tree wasn't clean before this run; commit manually)\n"));
+        await commitStep(o.baseProvider, o.cwd);
+    };
+    await runImplementer();
+    if (!o.review) {
+        await doCommit(true);
+        return;
+    }
+    // Review chain: a reviewer role inspects the diff and APPROVES or sends it back, looping until clean.
+    const reviewer = roles.find((r) => r.id === "reviewer");
+    const revProvider = reviewer?.model && reviewer.model !== o.cfg.model ? ((await buildProvider({ ...o.cfg, model: reviewer.model })) ?? o.baseProvider) : o.baseProvider;
+    const revSystem = reviewer?.system ?? REVIEWER_SYSTEM;
+    const revTools = reviewer?.allowTools ? (n) => reviewer.allowTools.includes(n) : (n) => READONLY_TOOLS.has(n);
+    const maxRounds = Math.max(1, o.rounds ?? 3);
+    for (let round = 1; round <= maxRounds; round++) {
+        const changes = captureChanges(o.cwd);
+        if (!changes.diff && !changes.newFiles.length) {
+            out(c.dim("(no changes to review)\n"));
+            return;
+        }
+        out(c.dim(`🔍 reviewer · round ${round}/${maxRounds}\n`));
+        const rHist = [{ role: "user", content: reviewPrompt(task, changes) }];
+        await runAgent(rHist, {
+            provider: revProvider,
+            ctx: { cwd: o.cwd, sandbox: o.sandbox },
+            approval: "full-auto", // reviewer is read-only via revTools, so nothing to confirm
+            confirm: o.confirm,
+            projectContext: o.projectContext,
+            memory: memoryDigest(o.cwd),
+            stats: o.stats,
+            systemOverride: revSystem,
+            toolFilter: revTools,
+        });
+        const verdict = parseVerdict(lastAssistantText(rHist));
+        if (verdict.approved) {
+            out(c.green(`✓ reviewer approved after ${round} round(s)\n`));
+            await doCommit(true);
+            return;
+        }
+        if (round === maxRounds) {
+            out(c.yellow(`⚠ stopped after ${maxRounds} round(s) — reviewer still wants changes.\n`));
+            await doCommit(false);
+            return;
+        }
+        out(c.yellow(`✗ changes requested — back to ${role.id} (round ${round})\n`));
+        history.push({ role: "user", content: fixPrompt(verdict.issues) });
+        await runImplementer();
+    }
 }
 function lastAssistantText(history) {
     for (let i = history.length - 1; i >= 0; i--) {
@@ -271,7 +402,7 @@ async function runResume(o) {
     savePlan(o.cwd, plan);
     await executePlan(plan, roles, o);
 }
-const READONLY_TOOLS = new Set(["read_file", "grep", "glob", "ls", "web_fetch", "codebase_search"]);
+const READONLY_TOOLS = new Set(["read_file", "grep", "glob", "ls", "web_fetch", "web_search", "codebase_search", "todo_write"]);
 const REVIEW_SYSTEM = "You are a senior code reviewer. Review the git diff the user provides for: correctness bugs, security " +
     "issues, missing error handling, unclear naming, and missing/weak tests. You may read files (read-only) " +
     "for context. Be concise and specific — cite file:line and the concrete fix. Group findings by severity: " +
@@ -310,6 +441,11 @@ const PLAN_SYSTEM = "You are in PLAN MODE. Investigate read-only (read_file / gr
     "End your message with the plan as a short numbered list.";
 const DISTILL_SYSTEM = "The session is ending. Reflect and persist only durable, reusable learnings: memory_write for facts / " +
     "conventions / the user's preferences, skill_create for reusable how-tos. Be selective — skip the trivial. Then reply DONE.";
+const MEMORY_DISTILL_SYSTEM = "You consolidate an agent's short-term daily memory logs into its durable long-term memory. You're given " +
+    "the current durable memory and recent daily logs. Extract ONLY durable, reusable facts / decisions / " +
+    "conventions / user preferences from the logs that are NOT already captured, and persist each with " +
+    "memory_write (target=memory, or target=user for preferences; pick the right scope=project|global). " +
+    "Skip the ephemeral, the one-off, and anything already known. Be terse and de-duplicated. Then reply DONE.";
 const COMPACT_SYSTEM = "Summarize the conversation so far into a concise but complete brief so the assistant can " +
     "continue seamlessly: the user's goal, key decisions, files changed, current state, and open next steps. " +
     "Be specific. Output only the summary.";
@@ -324,11 +460,10 @@ async function runSubagent(cfg, baseProvider, cwd, sandbox, projectContext, stat
     const roles = loadRoles(cwd);
     const role = roleId ? roles.find((r) => r.id === roleId) : undefined;
     const provider = role?.model && role.model !== cfg.model ? ((await buildProvider({ ...cfg, model: role.model })) ?? baseProvider) : baseProvider;
-    const toolFilter = role?.allowTools
-        ? (n) => role.allowTools.includes(n)
-        : role?.denyTools
-            ? (n) => !role.denyTools.includes(n)
-            : (n) => READONLY_TOOLS.has(n); // default sub-agent = read-only (safe to parallelize)
+    // A sub-agent runs full-auto + UNCONFIRMED + parallel, so it is ALWAYS read-only — a role may narrow
+    // further but can never GRANT write/exec to a fan-out sub-agent (that would bypass the approval gate).
+    // Write-capable roles run in the main loop via `hara org`, behind the user's gate.
+    const toolFilter = subagentToolFilter(role, (n) => READONLY_TOOLS.has(n));
     const subHistory = [{ role: "user", content: task }];
     await runAgent(subHistory, {
         provider,
@@ -375,7 +510,11 @@ function runDoctor(cfg) {
         `${dot} vision · ${c.bold(cfg.model)} ${vdesc}${cfg.visionModel ? c.dim(" · describer ") + c.bold(cfg.visionModel) : vcap === "text" ? c.yellow(" · set /vision <model>") : ""}`,
         `${dot} screen ${cfg.computerUse === "off" ? c.dim("off (hara config set computerUse read|click|full)") : c.bold(cfg.computerUse) + c.dim(` · ${computerBackends()}${cfg.computerApps.length ? " · apps: " + cfg.computerApps.join(", ") : " · no app allowlist"}`)}`,
         `${dot} plugins ${(() => { const inst = listInstalled(); const on = enabledPlugins().length; return inst.length ? c.dim(`${on}/${inst.length} enabled: ${inst.map((p) => p.name).slice(0, 6).join(", ")}`) : c.dim("none — hara plugin add <source>"); })()}`,
-        `${dot} mcp servers ${c.dim(String(Object.keys({ ...pluginMcpServers(), ...cfg.mcpServers }).length))}`,
+        `${dot} mcp ${c.dim(`client: ${Object.keys({ ...pluginMcpServers(), ...cfg.mcpServers }).length} server(s) · serve: ${mcpServeToolNames().length} read tools via \`hara mcp\``)}`,
+        `${dot} hooks ${(() => { const ph = pluginHooks(); const pre = (cfg.hooks.PreToolUse ?? []).length + (ph.PreToolUse ?? []).length; const post = (cfg.hooks.PostToolUse ?? []).length + (ph.PostToolUse ?? []).length; return pre + post ? c.dim(`${pre} pre · ${post} post`) : c.dim("none — config.json \"hooks\""); })()}`,
+        `${dot} notify ${cfg.notify === "off" ? c.dim("off — hara config set notify bell|system") : c.bold(cfg.notify)}`,
+        `${dot} cron ${(() => { const n = loadJobs().length; return n ? `${n} job(s) · ${isInstalled() ? c.green("scheduler installed") : c.yellow("scheduler off — hara cron install")}` : c.dim("no jobs — hara cron add"); })()}`,
+        `${dot} input ${cfg.vimMode ? c.bold("vim") + c.dim(" (modal)") : c.dim("default — hara config set vimMode true for vim keys")}`,
     ];
     return lines.join("\n");
 }
@@ -430,8 +569,11 @@ program
 });
 program
     .command("org <task...>")
-    .description("dispatch a task to the owning role and run it")
+    .description("dispatch a task to the owning role and run it (--review loops a reviewer until it approves)")
     .option("--role <id>", "force a specific role")
+    .option("--review", "after implementing, loop a reviewer role until it approves (implement → review → fix)")
+    .option("--rounds <n>", "max review rounds with --review (default 3)", (v) => parseInt(v, 10))
+    .option("--commit", "commit the result with an AI message (with --review: only after approval; needs a clean start tree)")
     .action(async (taskParts, opts2) => {
     const cfg = loadConfig();
     const provider = await buildProvider(cfg);
@@ -450,6 +592,9 @@ program
         projectContext: loadAgentsMd(cfg.cwd) || undefined,
         stats,
         forceRole: opts2.role,
+        review: opts2.review,
+        rounds: opts2.rounds,
+        commit: opts2.commit,
     });
     if (stats.input || stats.output)
         out(statusLine(cfg.model, stats.input, stats.output) + "\n");
@@ -551,6 +696,31 @@ program
     .command("doctor")
     .description("check your hara setup (provider / auth / model / node / assets / roles)")
     .action(() => out(runDoctor(loadConfig()) + "\n"));
+program
+    .command("completions <shell>")
+    .description("print a shell completion script: bash | zsh | fish (eval it in your shell rc)")
+    .action((shell) => {
+    const top = program.commands.map((cmd) => cmd.name()).filter((n) => n && n !== "completions").sort();
+    const subs = {};
+    for (const cmd of program.commands) {
+        const sub = cmd.commands.map((s) => s.name()).filter(Boolean);
+        if (sub.length)
+            subs[cmd.name()] = sub;
+    }
+    const script = completionScript(shell, { top, subs });
+    if (!script)
+        return void out(c.red(`Unsupported shell '${shell}'. Use: bash | zsh | fish\n`));
+    out(script);
+});
+program
+    .command("mcp")
+    .description("run hara as an MCP server (stdio) — expose its read/search tools (incl. codebase_search) to other MCP clients")
+    .action(async () => {
+    const cfg = loadConfig();
+    // stdout is the JSON-RPC transport — diagnostics MUST go to stderr only.
+    process.stderr.write(c.dim(`hara mcp · serving over stdio · cwd ${cfg.cwd}\n  tools: ${mcpServeToolNames().join(", ") || "(none)"}\n  (read-only by default; set HARA_MCP_TOOLS to override)\n`));
+    await startMcpServer(pkg.version, { cwd: cfg.cwd, sandbox: "read-only" });
+});
 program
     .command("review")
     .description("review your uncommitted changes (git diff) for bugs, security, and missing tests")
@@ -656,6 +826,154 @@ program
         }
     }
 });
+function renderCronJobs() {
+    const jobs = loadJobs();
+    const head = isInstalled() ? c.green("scheduler: installed") : c.yellow("scheduler: NOT installed — run `hara cron install`");
+    if (!jobs.length)
+        return head + "\n" + c.dim('No jobs. Add one:  hara cron add "every 1h" "<task>"\n');
+    const now = Date.now();
+    const lines = jobs.map((j) => {
+        const nxt = nextRun(j, now);
+        const status = j.lastStatus ? (j.lastStatus === "ok" ? c.green("ok") : c.red("err")) : c.dim("—");
+        return `${c.bold(j.id)} ${describeSchedule(j.schedule)} ${c.dim(`· ${j.mode} · next ${nxt ? new Date(nxt).toLocaleString() : "—"} · last ${status}`)}${j.enabled ? "" : c.dim(" [disabled]")}\n   ${c.dim(j.name)}`;
+    });
+    return head + "\n" + lines.join("\n") + "\n";
+}
+const cronCmd = program.command("cron").description("scheduled tasks — run a prompt/org task on a schedule (fired by your OS via `hara cron install`)");
+cronCmd
+    .command("add <schedule> <task...>")
+    .description('schedule a task — schedule = cron expr ("0 9 * * *"), "every 30m", "in 2h", or an ISO timestamp')
+    .option("--name <name>", "a label for the job")
+    .option("--org", "run via `hara org` (role routing + review) instead of a plain `hara -p` prompt")
+    .action((schedule, taskParts, opts) => {
+    const task = taskParts.join(" ");
+    const sched = parseSchedule(schedule, Date.now());
+    if ("error" in sched)
+        return void out(c.red(sched.error + "\n"));
+    const job = addJob({ name: opts.name || task.slice(0, 48), schedule: sched, task, mode: opts.org ? "org" : "print", cwd: process.cwd(), createdAt: Date.now() });
+    out(c.green(`✓ scheduled ${job.id}`) + c.dim(` · ${describeSchedule(sched)} · ${job.mode} · cwd ${job.cwd}\n`));
+    if (!isInstalled())
+        out(c.yellow("⚠ scheduler not installed yet — run `hara cron install` so jobs actually fire.\n"));
+});
+// Resolve an id/prefix to one job, printing a clear error for none / ambiguous (never act on a guess).
+const cronResolve = (id) => {
+    const r = resolveJob(id);
+    if (r === "ambiguous")
+        return void out(c.red(`ambiguous id "${id}" — matches multiple jobs; type more characters\n`)), null;
+    if (!r)
+        return void out(c.red(`no such job: ${id}\n`)), null;
+    return r;
+};
+cronCmd.command("list").alias("ls").description("list scheduled jobs").action(() => out(renderCronJobs()));
+cronCmd
+    .command("remove <id>")
+    .alias("rm")
+    .description("delete a job (by id or unique prefix)")
+    .action((id) => {
+    const j = cronResolve(id);
+    if (j)
+        out(removeJob(j.id) ? c.green(`✓ removed ${j.id}\n`) : c.red("no such job\n"));
+});
+cronCmd.command("enable <id>").description("enable a job").action((id) => {
+    const j = cronResolve(id);
+    if (j) {
+        setEnabled(j.id, true);
+        out(c.green(`✓ enabled ${j.id}\n`));
+    }
+});
+cronCmd.command("disable <id>").description("disable a job (keeps it, stops firing)").action((id) => {
+    const j = cronResolve(id);
+    if (j) {
+        setEnabled(j.id, false);
+        out(c.green(`✓ disabled ${j.id}\n`));
+    }
+});
+cronCmd
+    .command("run <id>")
+    .description("run a job right now, ignoring its schedule")
+    .action(async (id) => {
+    const job = cronResolve(id);
+    if (!job)
+        return;
+    out(c.dim(`running ${job.id} (${job.name})…\n`));
+    const r = await runJobOnce(job);
+    recordRun(job.id, Date.now(), r.ok ? "ok" : "error", r.error);
+    out((r.ok ? c.green("✓ done") : c.red(`✗ ${r.error}`)) + c.dim(` · log: ${logPath(job.id)}\n`));
+});
+cronCmd
+    .command("tick")
+    .description("run all due jobs now (your OS scheduler calls this every minute)")
+    .action(async () => {
+    const r = await runTick(Date.now());
+    if (r.skipped)
+        return void out(c.dim(`(skipped — ${r.skipped})\n`));
+    out(c.dim(r.ran.length ? `ran ${r.ran.length} job(s): ${r.ran.join(", ")}\n` : "(no jobs due)\n"));
+});
+cronCmd
+    .command("install")
+    .description("register the per-minute tick with your OS scheduler (launchd on macOS, crontab on Linux)")
+    .action(() => {
+    const r = installScheduler(selfArgv());
+    out((r.ok ? c.green("✓ ") : c.red("✗ ")) + r.msg + "\n");
+});
+cronCmd.command("uninstall").description("remove the OS scheduler entry").action(() => {
+    const r = uninstallScheduler();
+    out((r.ok ? c.green("✓ ") : c.red("✗ ")) + r.msg + "\n");
+});
+cronCmd
+    .command("logs <id>")
+    .description("show a job's recent run output")
+    .action((id) => {
+    const job = cronResolve(id);
+    if (!job)
+        return;
+    const p = logPath(job.id);
+    out(existsSync(p) ? readFileSync(p, "utf8").slice(-4000) + "\n" : c.dim("(no runs yet)\n"));
+});
+const memoryCmd = program.command("memory").description("inspect + consolidate hara's durable memory (~/.hara/memory + project .hara/memory)");
+memoryCmd.command("show").description("print the memory digest injected at session start").action(() => {
+    const d = memoryDigest(process.cwd());
+    out(d ? d + "\n" : c.dim("(memory is empty — `hara memory init`, or let the agent write via memory_write)\n"));
+});
+memoryCmd.command("init").description("scaffold the memory dirs + seed files (global + project)").action(() => {
+    const w = scaffoldMemory(process.cwd());
+    out(w.length ? c.green(`Scaffolded: ${w.join(", ")}\n`) : c.dim("Memory already scaffolded.\n"));
+});
+memoryCmd
+    .command("distill")
+    .description("consolidate recent daily logs into durable MEMORY (promote short-term → long-term)")
+    .option("--days <n>", "days of logs to consider (default 14)", (v) => parseInt(v, 10))
+    .option("--scope <s>", "global | project | all (default all)")
+    .action(async (opts) => {
+    const cfg = loadConfig();
+    const provider = await buildProvider(cfg);
+    if (!provider) {
+        out(c.red(`Not authenticated for provider '${cfg.provider}'.\n`) + authHint(cfg) + "\n");
+        process.exit(1);
+    }
+    const days = opts.days && opts.days > 0 ? opts.days : 14;
+    const scopes = opts.scope === "global" ? ["global"] : opts.scope === "project" ? ["project"] : ["project", "global"];
+    const logs = scopes
+        .map((s) => readRecentLogs(s, cfg.cwd, days))
+        .filter(Boolean)
+        .join("\n\n");
+    if (!logs.trim())
+        return void out(c.dim(`No daily logs in the last ${days} day(s) to distill. (The agent jots them via memory_write target=log.)\n`));
+    out(c.dim(`Distilling ${days}-day logs → durable memory…\n`));
+    const stats = { input: 0, output: 0, lastInput: 0 };
+    const history = [{ role: "user", content: `Current durable memory:\n\n${memoryDigest(cfg.cwd) || "(empty)"}\n\n---\n\nRecent daily logs (last ${days} days):\n\n${logs.slice(0, 80_000)}` }];
+    await runAgent(history, {
+        provider,
+        ctx: { cwd: cfg.cwd, sandbox: cfg.sandbox },
+        approval: "full-auto",
+        confirm: async () => true,
+        toolFilter: (n) => n === "memory_write" || READONLY_TOOLS.has(n),
+        systemOverride: MEMORY_DISTILL_SYSTEM,
+        stats,
+    });
+    if (stats.input || stats.output)
+        out(statusLine(cfg.model, stats.input, stats.output) + "\n");
+});
 const rolesCmd = program.command("roles").description("manage org roles (.hara/roles)");
 rolesCmd
     .command("init")
@@ -711,6 +1029,18 @@ pluginCmd
             m.mcpServers ? `${Object.keys(m.mcpServers).length} mcp server(s)` : "",
         ].filter(Boolean);
         out(c.green(`Installed ${p.name}@${p.version}${parts.length ? c.dim(" — " + parts.join(", ")) : ""}\n`));
+        // Surface the code-execution surface: a plugin's MCP servers + hooks run shell commands on every
+        // hara launch with no prompt. Installing a plugin = trusting its author to run code; show what.
+        const execs = [];
+        for (const [name, s] of Object.entries(m.mcpServers ?? {}))
+            execs.push(`mcp ${name}: ${[s.command, ...(s.args ?? [])].join(" ")}`);
+        for (const h of [...(m.hooks?.PreToolUse ?? []), ...(m.hooks?.PostToolUse ?? [])])
+            execs.push(`hook: ${h.command}`);
+        if (execs.length) {
+            out(c.yellow(`⚠ ${p.name} will run these commands on every hara launch (a plugin is code you run — review them):\n`) +
+                execs.map((e) => c.dim(`    ${e}`)).join("\n") +
+                c.dim(`\n    disable: hara plugin disable ${p.name}\n`));
+        }
     }
     catch (e) {
         out(c.red(`Install failed: ${e.message}\n`));
@@ -1268,6 +1598,7 @@ program.action(async (opts) => {
             header: { version: pkg.version, model: `${cfg.provider}:${cfg.model}`, cwd, vision: visionLine, session: meta.id, tip: `/help · @file attaches · shift+tab cycles modes · esc interrupts${projectContext ? " · AGENTS.md loaded" : ""}` },
             cycleApproval: (m) => cycleMode(m),
             onClipboardImage: readClipboardImage,
+            vim: cfg.vimMode,
             onSubmit: async (line, h, images) => {
                 if (line.startsWith("/")) {
                     const [nm, ...rest] = line.slice(1).split(/\s+/);
@@ -1416,6 +1747,49 @@ program.action(async (opts) => {
                         h.setApproval(m);
                         return void h.sink.notice(`(approval → ${m})`);
                     }
+                    if (nm === "diff") {
+                        try {
+                            const d = (await runShell(arg === "staged" ? "git diff --staged" : "git diff HEAD", cwd, "off", { timeout: 30_000, maxBuffer: 8_000_000 })).stdout.trim();
+                            if (!d)
+                                return void h.sink.notice(arg === "staged" ? "(nothing staged)" : "(no changes vs HEAD — /diff staged for the index)");
+                            return void h.sink.diff(d.length > 12_000 ? d.slice(0, 12_000) + "\n…[truncated]" : d);
+                        }
+                        catch {
+                            return void h.sink.notice("(git diff failed — is this a git repo?)");
+                        }
+                    }
+                    if (nm === "commit") {
+                        h.sink.notice("✻ writing a commit message…");
+                        const r = await autoCommit(provider, cwd); // stages all + commits with an AI message
+                        return void h.sink.notice(r.startsWith("error:") ? `✗ ${r}` : r === "nothing to commit" ? "(nothing to commit — make or stage changes first)" : `✓ committed · ${r.slice(0, 100)}`);
+                    }
+                    if (nm === "review") {
+                        let diff = "";
+                        try {
+                            diff = (await runShell("git diff HEAD", cwd, "off", { timeout: 30_000, maxBuffer: 8_000_000 })).stdout;
+                        }
+                        catch {
+                            /* not a git repo → empty */
+                        }
+                        if (!diff.trim())
+                            return void h.sink.notice("(nothing to review — no changes vs HEAD)");
+                        const rui = { text: h.sink.assistantDelta, reasoning: h.sink.reasoningDelta, tool: h.sink.tool, diff: h.sink.diff, notice: h.sink.notice };
+                        const xin = stats.input;
+                        const xout = stats.output;
+                        await runAgent([{ role: "user", content: `Review this diff:\n\n\`\`\`diff\n${diff.slice(0, 120_000)}\n\`\`\`` }], {
+                            provider,
+                            ctx: { cwd, sandbox, ui: rui },
+                            approval: "full-auto", // read-only via the tool filter, so nothing prompts
+                            confirm: h.confirm,
+                            toolFilter: (n) => READONLY_TOOLS.has(n),
+                            systemOverride: REVIEW_SYSTEM,
+                            memory: buildMemory(),
+                            stats,
+                            signal: h.signal,
+                        });
+                        h.sink.usage(stats.input - xin, stats.output - xout);
+                        return;
+                    }
                     if (byName.has(nm))
                         return void h.sink.notice(`/${nm} isn't wired into the TUI yet — use \`hara ${nm} …\` as a subcommand, or HARA_TUI=0.`);
                     const near = nearest(nm, [...byName.keys()]);
@@ -1423,6 +1797,22 @@ program.action(async (opts) => {
                 }
                 const ui = { text: h.sink.assistantDelta, reasoning: h.sink.reasoningDelta, tool: h.sink.tool, diff: h.sink.diff, notice: h.sink.notice };
                 const appr = h.approval;
+                // Type-ahead steering: fold messages typed mid-turn into the next model call (codex-style) so a
+                // clarification/addition course-corrects the live task, rather than waiting for a fresh turn.
+                // Shared by every turn below (plan investigate, plan execute, and the regular turn).
+                const pendingInput = async () => {
+                    const out = [];
+                    for (const it of h.drainQueue()) {
+                        const r2 = await resolveImages(it.images, h);
+                        const body = expandMentions(it.line, cwd) + (r2.skip ? "" : (r2.extraText ?? ""));
+                        const attach = !r2.skip && r2.attach?.length ? r2.attach : undefined;
+                        if (!body.trim() && !attach)
+                            continue; // image-only message whose image was skipped → nothing to add
+                        out.push({ role: "user", content: `[I sent this while you were working on the above]\n\n${body}`, ...(attach ? { images: attach } : {}) });
+                    }
+                    return out;
+                };
+                const turnStart = Date.now(); // for the task-done notification (gated on elapsed)
                 if (appr === "plan") {
                     // PLAN MODE: read-only investigate → propose a plan → selectable proceed → execute.
                     const planImg = await resolveImages(images, h);
@@ -1443,6 +1833,7 @@ program.action(async (opts) => {
                         projectContext,
                         stats,
                         signal: h.signal,
+                        pendingInput,
                     });
                     if (!meta.title) {
                         meta.title = await nameSession(provider, history);
@@ -1470,10 +1861,12 @@ program.action(async (opts) => {
                             projectContext,
                             stats,
                             signal: h.signal,
+                            pendingInput,
                         });
                         h.sink.usage(stats.input - xin, stats.output - xout);
                         saveSession(meta, history);
                     }
+                    notifyDone(cfg.notify, { message: meta.title || "plan turn complete", elapsedMs: Date.now() - turnStart });
                     return;
                 }
                 const ri = await resolveImages(images, h);
@@ -1494,12 +1887,14 @@ program.action(async (opts) => {
                     projectContext,
                     stats,
                     signal: h.signal,
+                    pendingInput,
                 });
                 if (!meta.title) {
                     meta.title = await nameSession(provider, history);
                     h.sink.session(meta.title);
                 }
                 h.sink.usage(stats.input - beforeIn, stats.output - beforeOut);
+                notifyDone(cfg.notify, { message: meta.title || "turn complete", elapsedMs: Date.now() - turnStart });
                 saveSession(meta, history);
             },
         });
@@ -1546,6 +1941,7 @@ program.action(async (opts) => {
         recalledContext = "";
         history.push({ role: "user", content: userContent });
         currentTurn = new AbortController();
+        const t0 = Date.now();
         try {
             await runAgent(history, { provider, ctx: { cwd, sandbox, spawn }, approval, confirm, autoApprove, projectContext, memory: buildMemory(), stats, signal: currentTurn.signal });
         }
@@ -1555,6 +1951,7 @@ program.action(async (opts) => {
         finally {
             currentTurn = null;
         }
+        notifyDone(cfg.notify, { message: meta.title || "turn complete", elapsedMs: Date.now() - t0 });
         if (!meta.title)
             meta.title = await nameSession(provider, history);
         if (bar.isActive()) {

package/dist/mcp/server.js

@@ -0,0 +1,56 @@
+// MCP server — expose hara's safe read/search tools over stdio so other MCP clients (Claude Desktop,
+// Cursor, another hara, …) can use them. The high-value one is `codebase_search` over the current repo
+// (semantic if you've built an index, lexical otherwise). `hara mcp` runs this.
+//
+// Read-only by DEFAULT: no edit/write/bash/computer — an external client must not be able to mutate your
+// machine through hara. Override the exposed set with HARA_MCP_TOOLS (comma list) at your own risk.
+//
+// IMPORTANT: stdio is the JSON-RPC transport — this module must never write to stdout. Diagnostics go to
+// stderr (the `hara mcp` command handles that); tool output flows back through the protocol.
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { ListToolsRequestSchema, CallToolRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { getTool, getTools } from "../tools/registry.js";
+/** Safe default: navigate + search the repo + the web. No state, no mutation, no privacy-sensitive memory. */
+const SAFE_TOOLS = ["read_file", "grep", "glob", "ls", "codebase_search", "web_fetch", "web_search"];
+/** Names to expose: HARA_MCP_TOOLS (comma list) if set, else the safe default — intersected with what's
+ *  actually registered. An unknown name in the override is silently dropped. */
+export function mcpServeToolNames() {
+    const env = process.env.HARA_MCP_TOOLS;
+    const want = env ? env.split(",").map((s) => s.trim()).filter(Boolean) : SAFE_TOOLS;
+    const have = new Set(getTools().map((t) => t.name));
+    return want.filter((n) => have.has(n));
+}
+/** The exposed tools in MCP `tools/list` shape. */
+export function mcpToolList() {
+    return mcpServeToolNames().map((n) => {
+        const t = getTool(n);
+        return { name: t.name, description: t.description, inputSchema: t.input_schema };
+    });
+}
+/** Run one exposed tool. Refuses anything outside the exposed set (defense in depth, even if a client
+ *  asks for a name it shouldn't know). Never throws — errors come back as `isError` results. */
+export async function mcpCallTool(name, args, ctx) {
+    if (!mcpServeToolNames().includes(name)) {
+        return { content: [{ type: "text", text: `Tool not exposed by \`hara mcp\`: ${name}` }], isError: true };
+    }
+    const tool = getTool(name);
+    if (!tool)
+        return { content: [{ type: "text", text: `Unknown tool: ${name}` }], isError: true };
+    try {
+        const out = await tool.run(args ?? {}, ctx);
+        return { content: [{ type: "text", text: String(out) }] };
+    }
+    catch (e) {
+        return { content: [{ type: "text", text: `Error: ${e instanceof Error ? e.message : String(e)}` }], isError: true };
+    }
+}
+/** Start the stdio MCP server and block (the transport keeps the process alive). */
+export async function startMcpServer(version, ctx) {
+    const server = new Server({ name: "hara", version }, { capabilities: { tools: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: mcpToolList() }));
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- SDK's result union has a task-augmented
+    // member TS can't narrow to; our {content,isError} shape is a valid CallToolResult (validated at runtime).
+    server.setRequestHandler(CallToolRequestSchema, async (req) => (await mcpCallTool(req.params.name, (req.params.arguments ?? {}), ctx)));
+    await server.connect(new StdioServerTransport());
+}