@newsails/veil-cli 1.0.1

package/core/loop.js

@@ -0,0 +1,564 @@
+'use strict';
+
+const { callLLM, extractMessage, extractUsage } = require('../llm/client');
+const { resolveTool, validateToolInput, buildToolsForLLM, listCustomToolSummaries, activateToolByName } = require('./registry');
+const { assembleSystemPrompt, buildReminder } = require('./prompt');
+const { addMessage, getMessages, updateSession, updateTask, addTaskEvent, saveTodos, getTodos, saveTaskContext } = require('../infrastructure/database');
+const { getModelConfig } = require('../utils/settings');
+const { calculateCost } = require('../utils/models');
+const { manageContext } = require('./compaction');
+const { drainNonFollowup, drainFollowup, postCorrelatedResponse } = require('./queue');
+const F = require('../settings/fields');
+const eventBus = require('./events');
+const remoteMethodQueue = require('./remote-methods');
+const runningSessions = require('./running-sessions');
+
+const ANTI_DRIFT_EVERY = 10; // inject anti-drift reminder every N iterations
+const STALL_THRESHOLD = 3;   // iterations with no tool calls = stall
+
+/**
+ * Check permissions for a tool call.
+ * @param {{ toolName: string, mode: string, settings: Object, agentConfig: Object }} opts
+ * @returns {'allow'|'deny'|'ask'}
+ */
+function checkPermission({ toolName, toolInput, mode, settings, agentConfig, modeConfig }) {
+  // Always deny auth file reads
+  const authDenyPatterns = ['.veil/auth.json', '.veil\\auth.json'];
+  const inputStr = JSON.stringify(toolInput || {});
+  for (const p of authDenyPatterns) {
+    if (inputStr.includes(p)) return 'deny';
+  }
+
+  // Check agent-level per-mode deny list
+  const agentDeny = modeConfig.permissions?.deny || [];
+  for (const pattern of agentDeny) {
+    if (matchPermissionPattern(toolName, toolInput, pattern)) return 'deny';
+  }
+
+  // Check agent-level per-mode allow list
+  const agentAllow = modeConfig.permissions?.allow || [];
+  for (const pattern of agentAllow) {
+    if (matchPermissionPattern(toolName, toolInput, pattern)) return 'allow';
+  }
+
+  // Check settings-level deny
+  const settingsDeny = settings.permissions?.deny || [];
+  for (const pattern of settingsDeny) {
+    if (matchPermissionPattern(toolName, toolInput, pattern)) return 'deny';
+  }
+
+  // Check settings-level ask
+  const settingsAsk = settings.permissions?.ask || [];
+  for (const pattern of settingsAsk) {
+    if (matchPermissionPattern(toolName, toolInput, pattern)) return 'ask';
+  }
+
+  // Check settings-level allow
+  const settingsAllow = settings.permissions?.allow || [];
+  for (const pattern of settingsAllow) {
+    if (matchPermissionPattern(toolName, toolInput, pattern)) return 'allow';
+  }
+
+  // Default: chat=ask, others=deny
+  return mode === 'chat' ? 'ask' : 'deny';
+}
+
+/**
+ * Simple permission pattern matcher: tool_name(glob_pattern)
+ * @param {string} toolName
+ * @param {Object} toolInput
+ * @param {string} pattern
+ * @returns {boolean}
+ */
+function matchPermissionPattern(toolName, toolInput, pattern) {
+  const match = pattern.match(/^([\w:.*]+)(?:\((.+)\))?$/);
+  if (!match) return false;
+  const [, patTool, patArg] = match;
+
+  // Tool name match (support wildcards)
+  if (!globMatch(toolName, patTool)) return false;
+
+  // Argument pattern (optional)
+  if (patArg) {
+    const inputStr = JSON.stringify(toolInput || '');
+    if (!inputStr.includes(patArg.replace(/\*\*/g, '').replace(/\*/g, ''))) return false;
+  }
+
+  return true;
+}
+
+/**
+ * Simple glob matcher (* = any chars except /, ** = any chars including /).
+ * @param {string} str
+ * @param {string} pattern
+ * @returns {boolean}
+ */
+function globMatch(str, pattern) {
+  if (pattern === '*' || pattern === '**') return true;
+  const regexStr = pattern
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+    .replace(/\*\*/g, '__DOUBLESTAR__')
+    .replace(/\*/g, '[^/]*')
+    .replace(/__DOUBLESTAR__/g, '.*');
+  return new RegExp(`^${regexStr}$`).test(str);
+}
+
+
+/**
+ * Build a structured error object for task failures.
+ * @param {{ code: string, message: string, iteration?: number, tool?: string, tokensUsed?: number, elapsed?: number }} opts
+ * @returns {string} JSON string
+ */
+function buildStructuredError({ code, message, iteration, tool, tokensUsed, elapsed }) {
+  return JSON.stringify({ code, message, ...(iteration !== undefined && { iteration }), ...(tool && { tool }), ...(tokensUsed !== undefined && { tokensUsed }), ...(elapsed !== undefined && { elapsed }) });
+}
+
+/**
+ * Emit an event on the WebSocket bus.
+ * @param {{ type: string, taskId?: string, sessionId?: string, agentName: string, event: Object }} opts
+ */
+function emitBusEvent({ type, taskId, sessionId, agentName, event }) {
+  try {
+    eventBus.emit('event', { type, ...(taskId && { taskId }), ...(sessionId && { sessionId }), agentName, event: { ...event, timestamp: Date.now() } });
+  } catch { /* bus errors must never crash the loop */ }
+}
+
+/**
+ * Core agentic loop — async generator.
+ * Yields progress events. Runs identically for all modes.
+ *
+ * @param {{ agent: Object, messages: Object[], settings: Object, mode: string, taskId?: string, sessionId: string, cwd: string, modeConfig: Object, cancelSignal?: AbortSignal, tokenBudget?: number, thinking?: Object, onStreamChunk?: (text: string) => void }} opts
+ */
+async function* runLoop({ agent, messages, settings, mode, taskId, sessionId, cwd, modeConfig, cancelSignal, tokenBudget, thinking, onStreamChunk, onInferenceToolStart }) {
+  runningSessions.add(sessionId);
+  try {
+  const modelConfig = getModelConfig(settings, F.MODEL_MAIN);
+  const maxIterations = modeConfig.maxIterations || F.DEFAULT_MAX_ITERATIONS;
+  const maxDurationSeconds = modeConfig.maxDurationSeconds || F.DEFAULT_MAX_DURATION_SECONDS;
+  const startTime = Date.now();
+
+  let iteration = 0;
+  let stallCount = 0;
+  let lastToolCallIteration = -1;
+  let totalTokens = { input: 0, output: 0, cache: 0, cost: 0 };
+  const modelKey = agent.model || modelConfig[F.MODEL_NAME];
+  let consecutiveLlmErrors = 0;
+  const MAX_CONSECUTIVE_LLM_ERRORS = 3;
+
+  // Build tools list for LLM
+  let llmTools = buildToolsForLLM({ agentConfig: agent, cwd, modeConfig });
+  const customSummaries = listCustomToolSummaries({ agentConfig: agent, cwd });
+
+  // Append custom tool summaries to system prompt context (Tier 2)
+  if (customSummaries.length > 0) {
+    const customList = customSummaries.map(t => `- **${t.name}**: ${t.description}`).join('\n');
+    const lastSystem = messages.findIndex(m => m.role === 'system');
+    if (lastSystem >= 0) {
+      messages[lastSystem].content += `\n\n## Additional Available Tools\n\nUse \`tool_search\` to find tools by name or description and inspect their full schemas.\nUse \`tool_activate\` to make a specific tool callable before using it.\n\n${customList}`;
+    }
+  }
+
+  let pendingCorrelationIds = [];
+
+  while (true) {
+    iteration++;
+
+    // ── Cancellation check ───────────────────────────────────────────────────
+    if (cancelSignal?.aborted) {
+      yield { type: 'status.change', from: 'processing', to: 'canceled', reason: 'user_cancel' };
+      if (taskId) {
+        updateTask(taskId, { status: 'canceled', finishedAt: new Date().toISOString() });
+        addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'canceled', reason: 'user_cancel' } });
+        emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'canceled', reason: 'user_cancel' } });
+      }
+      return;
+    }
+
+    // ── Limits check ────────────────────────────────────────────────────────
+    if (iteration > maxIterations) {
+      const errStr = buildStructuredError({ code: 'MAX_ITERATIONS', message: `Max iterations (${maxIterations}) reached`, iteration, tokensUsed: totalTokens.input + totalTokens.output });
+      yield { type: 'limit.reached', reason: 'maxIterations', iteration };
+      if (modeConfig.onExhausted === 'wait') {
+        yield { type: 'status.change', from: 'processing', to: 'waiting', reason: 'maxIterations exhausted' };
+        if (taskId) updateTask(taskId, { status: 'waiting' });
+        return;
+      }
+      if (taskId) {
+        updateTask(taskId, { status: 'failed', error: errStr });
+        addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'failed', reason: 'maxIterations' } });
+        emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'failed', error: JSON.parse(errStr) } });
+      }
+      return;
+    }
+
+    const elapsed = (Date.now() - startTime) / 1000;
+    if (elapsed > maxDurationSeconds) {
+      const errStr = buildStructuredError({ code: 'MAX_DURATION', message: `Max duration (${maxDurationSeconds}s) exceeded`, iteration, elapsed, tokensUsed: totalTokens.input + totalTokens.output });
+      yield { type: 'limit.reached', reason: 'maxDurationSeconds', elapsed };
+      if (modeConfig.onExhausted === 'wait') {
+        yield { type: 'status.change', from: 'processing', to: 'waiting', reason: 'maxDuration exhausted' };
+        if (taskId) updateTask(taskId, { status: 'waiting' });
+        return;
+      }
+      if (taskId) {
+        updateTask(taskId, { status: 'failed', error: errStr });
+        addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'failed', reason: 'maxDuration' } });
+        emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'failed', error: JSON.parse(errStr) } });
+      }
+      return;
+    }
+
+    // ── Inject reminders ─────────────────────────────────────────────────────
+    if (iteration > 1 && iteration % ANTI_DRIFT_EVERY === 0) {
+      const taskBrief = messages.find(m => m.role === 'user')?.content?.slice(0, 200) || 'current task';
+      const reminder = buildReminder({ type: 'anti-drift', vars: { TASK_BRIEF: taskBrief } });
+      if (reminder) messages.push({ role: 'user', content: reminder });
+    }
+
+    if (stallCount >= STALL_THRESHOLD) {
+      const reminder = buildReminder({ type: 'stall-recovery', vars: { STALL_COUNT: stallCount } });
+      if (reminder) messages.push({ role: 'user', content: reminder });
+      stallCount = 0;
+    }
+
+    // ── Drain non-followup messages ──────────────────────────────────────────
+    const { messages: nonFollowupMsgs, correlationIds: drainedIds } = drainNonFollowup(agent.name, sessionId);
+    messages.push(...nonFollowupMsgs);
+    if (drainedIds.length > 0) pendingCorrelationIds.push(...drainedIds);
+
+    // ── Context compaction ──────────────────────────────────────────────────
+    const taskBrief = messages.find(m => m.role === 'user')?.content?.slice(0, 500) || '';
+    const { messages: managedMessages, compacted } = await manageContext({
+      messages,
+      settings,
+      taskBrief,
+      cwd,
+      agentName: agent.name,
+    });
+    if (compacted) {
+      messages.length = 0;
+      messages.push(...managedMessages);
+      yield { type: 'context.compacted', iteration, messageCount: messages.length };
+      if (taskId) addTaskEvent({ taskId, type: 'context.compacted', data: { iteration, messageCount: messages.length } });
+    }
+
+    yield { type: 'iteration.start', iteration, tokensSoFar: totalTokens.input + totalTokens.output };
+    if (taskId) addTaskEvent({ taskId, type: 'iteration.start', data: { iteration, tokensSoFar: totalTokens.input + totalTokens.output } });
+    emitBusEvent({ type: taskId ? 'task.event' : 'chat.event', taskId, sessionId, agentName: agent.name, event: { type: 'iteration.start', iteration, tokensSoFar: totalTokens.input + totalTokens.output } });
+
+    // ── Context snapshot (for debuggability) ─────────────────────────────────
+    if (taskId) {
+      try {
+        saveTaskContext(taskId, {
+          messages: messages.map(m => ({
+            role: m.role,
+            content: m.content ? String(m.content).slice(0, 2000) : null,
+            tool_calls: m.tool_calls || undefined,
+            tool_call_id: m.tool_call_id || undefined,
+          })),
+          tools: llmTools.map(t => t.function.name),
+          iteration,
+        });
+      } catch { /* snapshot failure must not crash the loop */ }
+    }
+
+    // ── LLM call ─────────────────────────────────────────────────────────────
+    let response;
+    try {
+      response = await callLLM({
+        baseUrl: modelConfig[F.MODEL_BASE_URL],
+        apiKey: modelConfig[F.MODEL_API_KEY],
+        model: agent.model || modelConfig[F.MODEL_NAME],
+        messages,
+        tools: llmTools,
+        temperature: agent.temperature,
+        reasoning: agent.reasoning,
+        maxTokens: agent.maxTokens,
+        thinking: thinking || agent.thinking || null,
+        onChunk: onStreamChunk || null,
+        onToolStart: onInferenceToolStart || null,
+      });
+    } catch (err) {
+      consecutiveLlmErrors++;
+      yield { type: 'llm.error', error: err.message, iteration, attempt: consecutiveLlmErrors };
+      emitBusEvent({ type: taskId ? 'task.event' : 'chat.event', taskId, sessionId, agentName: agent.name, event: { type: 'llm.error', error: err.message, iteration, attempt: consecutiveLlmErrors } });
+      if (consecutiveLlmErrors <= MAX_CONSECUTIVE_LLM_ERRORS) {
+        await new Promise(r => setTimeout(r, 1000 * consecutiveLlmErrors));
+        continue;
+      }
+      const errStr = buildStructuredError({ code: 'LLM_ERROR', message: `LLM error after ${consecutiveLlmErrors} attempts: ${err.message}`, iteration, tokensUsed: totalTokens.input + totalTokens.output });
+      if (taskId) {
+        updateTask(taskId, { status: 'failed', error: errStr });
+        emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'failed', error: JSON.parse(errStr) } });
+      }
+      return;
+    }
+
+    consecutiveLlmErrors = 0; // reset on successful LLM call
+
+    const { content, toolCalls, finishReason } = extractMessage(response);
+    const usage = extractUsage(response);
+    totalTokens.input += usage.input;
+    totalTokens.output += usage.output;
+    totalTokens.cache += usage.cache;
+    const turnCost = usage.cost || calculateCost(modelKey, { input: usage.input, output: usage.output, cache: usage.cache });
+    totalTokens.cost += turnCost;
+
+    // Save assistant message
+    const assistantMsg = { role: 'assistant', content: content || null };
+    if (toolCalls) assistantMsg.tool_calls = toolCalls;
+    messages.push(assistantMsg);
+
+    // Reply to any pending correlated agent_message senders
+    if (content && pendingCorrelationIds.length > 0) {
+      for (const cid of pendingCorrelationIds) postCorrelatedResponse(cid, content);
+      pendingCorrelationIds = [];
+    }
+
+    // Persist assistant message and capture DB id for message event
+    const assistantCreatedAt = new Date().toISOString();
+    let assistantMsgId = null;
+    if (sessionId) {
+      assistantMsgId = addMessage({ sessionId, role: 'assistant', content: content || null, toolCalls,
+        modelKey, inputTokens: usage.input, outputTokens: usage.output, cacheTokens: usage.cache, cost: turnCost });
+      updateSession(sessionId, {
+        totalInputTokens: totalTokens.input, totalOutputTokens: totalTokens.output,
+        totalCacheTokens: totalTokens.cache, cost: totalTokens.cost,
+        contextSize: usage.input + usage.output,
+      });
+    }
+    if (taskId) {
+      updateTask(taskId, { tokenInput: totalTokens.input, tokenOutput: totalTokens.output, tokenCache: totalTokens.cache, iterations: iteration });
+    }
+
+    // Emit session-aligned message event (all modes, all iterations with content or tool calls)
+    if (content || toolCalls) yield {
+      type: 'message',
+      message: {
+        id: assistantMsgId,
+        session_id: sessionId || null,
+        role: 'assistant',
+        content: content || null,
+        tool_calls: toolCalls || null,
+        tool_call_id: null,
+        created_at: assistantCreatedAt,
+      },
+      finishReason,
+      iteration,
+      tokenUsage: { input: usage.input, output: usage.output, cache: usage.cache, cost: turnCost },
+    };
+
+    // ── Token budget check ───────────────────────────────────────────────────
+    const effectiveBudget = tokenBudget || modeConfig.tokenBudget;
+    if (effectiveBudget && (totalTokens.input + totalTokens.output) >= effectiveBudget) {
+      const tokensUsed = totalTokens.input + totalTokens.output;
+      const errStr = buildStructuredError({ code: 'BUDGET_EXCEEDED', message: `Token budget exhausted: ${tokensUsed} / ${effectiveBudget}`, iteration, tokensUsed, elapsed: (Date.now() - startTime) / 1000 });
+      yield { type: 'limit.reached', reason: 'tokenBudget', tokensUsed, tokenBudget: effectiveBudget };
+      if (taskId) {
+        updateTask(taskId, { status: 'failed', error: errStr, finishedAt: new Date().toISOString() });
+        addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'failed', reason: 'tokenBudget', tokensUsed, tokenBudget: effectiveBudget } });
+        emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'failed', error: JSON.parse(errStr) } });
+      }
+      return;
+    }
+
+    // ── Tool calls ───────────────────────────────────────────────────────────
+    if (toolCalls && toolCalls.length > 0) {
+      lastToolCallIteration = iteration;
+      stallCount = 0;
+
+      for (const tc of toolCalls) {
+        const toolName = tc.function.name;
+        let toolInput;
+        try {
+          toolInput = JSON.parse(tc.function.arguments || '{}');
+        } catch {
+          toolInput = {};
+        }
+
+        yield { type: 'tool.start', toolName, toolInput };
+        if (taskId) addTaskEvent({ taskId, type: 'tool.start', data: { toolName, toolInput } });
+        emitBusEvent({ type: taskId ? 'task.event' : 'chat.tool', taskId, sessionId, agentName: agent.name, event: { type: 'tool.start', toolName, toolInput } });
+
+        const toolStartTime = Date.now();
+
+        // Mid-tool cancellation check
+        if (cancelSignal?.aborted) {
+          yield { type: 'status.change', from: 'processing', to: 'canceled', reason: 'user_cancel' };
+          if (taskId) {
+            updateTask(taskId, { status: 'canceled', finishedAt: new Date().toISOString() });
+            addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'canceled', reason: 'user_cancel' } });
+            emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'canceled', reason: 'user_cancel' } });
+          }
+          return;
+        }
+
+        // Permission check
+        const permission = checkPermission({ toolName, toolInput, mode, settings, agentConfig: agent, modeConfig });
+        if (permission === 'deny') {
+          const toolResult = { role: 'tool', tool_call_id: tc.id, content: `Permission denied for tool "${toolName}"` };
+          messages.push(toolResult);
+          yield { type: 'tool.end', toolName, toolInput, durationMs: 0, success: false, output: 'Permission denied', outputPreview: 'Permission denied' };
+          if (taskId) addTaskEvent({ taskId, type: 'tool.end', data: { toolName, durationMs: 0, success: false, outputPreview: 'Permission denied' } });
+          emitBusEvent({ type: taskId ? 'task.event' : 'chat.tool', taskId, sessionId, agentName: agent.name, event: { type: 'tool.end', toolName, durationMs: 0, success: false, outputPreview: 'Permission denied' } });
+          continue;
+        }
+
+        // In chat mode with 'ask', we'll treat as allow for now (interactive approval TBD in v2)
+
+        // Validate input
+        const { valid, errors } = validateToolInput(toolName, toolInput);
+        if (!valid) {
+          const errMsg = `Invalid tool input for "${toolName}": ${errors.join('; ')}`;
+          messages.push({ role: 'tool', tool_call_id: tc.id, content: errMsg });
+          yield { type: 'tool.end', toolName, toolInput, durationMs: 0, success: false, output: errMsg, outputPreview: errMsg };
+          continue;
+        }
+
+        // Resolve and execute
+        const tool = resolveTool({ name: toolName, agentConfig: agent, cwd });
+        let toolOutput;
+        let toolSuccess = true;
+
+        if (!tool) {
+          toolOutput = `Tool "${toolName}" not found`;
+          toolSuccess = false;
+        } else {
+          try {
+            // Run PreToolUse hook if configured
+            await runHook({ hookType: 'PreToolUse', toolName, toolInput, settings, agent, sessionId, taskId, mode, cwd });
+
+            const _remoteMethodExecution = ({ method, data, timeoutMs } = {}) =>
+              remoteMethodQueue.enqueue({ method, data, timeoutMs });
+
+            const result = await Promise.race([
+              tool.execute({ ...toolInput, _cwd: cwd, _agent: agent, _sessionId: sessionId, _taskId: taskId, _settings: settings, _remoteMethodExecution }),
+              new Promise((_, reject) => setTimeout(() => reject(new Error(`Tool timeout after ${tool.schema.timeout || 30}s`)), (tool.schema.timeout || 30) * 1000))
+            ]);
+
+            toolOutput = typeof result === 'string' ? result : JSON.stringify(result, null, 2);
+
+            // Run PostToolUse hook if configured
+            await runHook({ hookType: 'PostToolUse', toolName, toolInput, toolOutput, settings, agent, sessionId, taskId, mode, cwd });
+          } catch (err) {
+            toolOutput = `Tool error: ${err.message}`;
+            toolSuccess = false;
+          }
+        }
+
+        const durationMs = Date.now() - toolStartTime;
+        const toolContent = String(toolOutput);
+        const outputPreview = toolContent.slice(0, 200);
+        const toolCreatedAt = new Date().toISOString();
+
+        messages.push({ role: 'tool', tool_call_id: tc.id, content: toolContent });
+        let toolMsgId = null;
+        if (sessionId) toolMsgId = addMessage({ sessionId, role: 'tool', toolCallId: tc.id, content: toolContent });
+
+        yield {
+          type: 'message',
+          message: {
+            id: toolMsgId,
+            session_id: sessionId || null,
+            role: 'tool',
+            content: toolContent,
+            tool_calls: null,
+            tool_call_id: tc.id,
+            created_at: toolCreatedAt,
+          },
+        };
+        yield { type: 'tool.end', toolName, toolInput, durationMs, success: toolSuccess, output: toolContent, outputPreview };
+        if (taskId) addTaskEvent({ taskId, type: 'tool.end', data: { toolName, durationMs, success: toolSuccess, outputPreview } });
+        emitBusEvent({ type: taskId ? 'task.event' : 'chat.tool', taskId, sessionId, agentName: agent.name, event: { type: 'tool.end', toolName, durationMs, success: toolSuccess, outputPreview } });
+
+        // Explicit activation: inject the requested custom tool into llmTools for the next LLM call
+        if (toolName === 'tool_activate' && toolSuccess) {
+          const requestedName = toolInput.name;
+          if (requestedName && !llmTools.find(lt => lt.function.name === requestedName)) {
+            const oaiFmt = activateToolByName(requestedName, agent, cwd, modeConfig);
+            if (oaiFmt) llmTools.push(oaiFmt);
+          }
+        }
+
+        // Drain non-followup messages after each tool
+        const { messages: toolNonFollowupMsgs, correlationIds: toolDrainedIds } = drainNonFollowup(agent.name, sessionId);
+        messages.push(...toolNonFollowupMsgs);
+        if (toolDrainedIds.length > 0) pendingCorrelationIds.push(...toolDrainedIds);
+      }
+
+      // Continue loop (send tool results back to LLM)
+      continue;
+    }
+
+    // ── No tool calls — agent produced a text response ────────────────────
+    stallCount++;
+
+    // Drain followup messages
+    const followupMsgs = drainFollowup(agent.name, sessionId);
+    messages.push(...followupMsgs);
+
+    // Mode-specific completion logic
+    if (mode === 'chat') {
+      // Chat mode: return response, stop
+      yield { type: 'chat.response', content, sessionId, totalTokens: { ...totalTokens }, model: modelKey, iteration };
+      return;
+    }
+
+    if (mode === 'task' || mode === 'subagent') {
+      // Task done if agent produced a final answer (finish_reason = stop with no tools)
+      if (finishReason === 'stop') {
+        yield { type: 'task.complete', content, sessionId, taskId };
+        if (taskId) {
+          updateTask(taskId, { status: 'finished', output: content, finishedAt: new Date().toISOString() });
+          addTaskEvent({ taskId, type: 'status.change', data: { from: 'processing', to: 'finished' } });
+          emitBusEvent({ type: 'task.status', taskId, agentName: agent.name, event: { status: 'finished', output: content ? content.slice(0, 500) : null } });
+        }
+        return;
+      }
+    }
+
+    if (mode === 'daemon') {
+      // Daemon done after one response
+      yield { type: 'daemon.tick.complete', content };
+      return;
+    }
+
+    // If we reach here with no tool calls and no return, continue (handles edge cases)
+  }
+  } finally {
+    runningSessions.delete(sessionId);
+  }
+}
+
+/**
+ * Run a PreToolUse or PostToolUse hook.
+ * @param {{ hookType: string, toolName: string, toolInput: Object, toolOutput?: string, settings: Object, agent: Object, sessionId?: string, taskId?: string, mode: string, cwd: string }} opts
+ */
+async function runHook({ hookType, toolName, toolInput, toolOutput, settings, agent, sessionId, taskId, mode, cwd }) {
+  const hookCmd = settings.hooks?.[hookType];
+  if (!hookCmd) return;
+
+  const env = {
+    ...process.env,
+    VEIL_TOOL_NAME: toolName,
+    VEIL_TOOL_INPUT: JSON.stringify(toolInput),
+    VEIL_AGENT_NAME: agent.name,
+    VEIL_SESSION_ID: sessionId || '',
+    VEIL_TASK_ID: taskId || '',
+    VEIL_MODE: mode,
+    VEIL_AGENT_FOLDER: agent.agentFolder || '',
+  };
+  if (toolOutput !== undefined) env.VEIL_TOOL_OUTPUT = JSON.stringify(toolOutput);
+
+  try {
+    const { execSync } = require('child_process');
+    execSync(hookCmd, { cwd, env, timeout: 10000, stdio: 'ignore' });
+  } catch (err) {
+    if (hookType === 'PreToolUse' && err.status === 1) {
+      throw new Error(`PreToolUse hook blocked tool execution`);
+    }
+    // PostToolUse failures are logged but don't affect tool result
+  }
+}
+
+module.exports = { runLoop, checkPermission };

package/core/memory.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const paths = require('../utils/paths');
+
+const MAX_LINES_DEFAULT = 200;
+
+/**
+ * Append content to memory, then check line cap and export if needed.
+ * @param {{ cwd: string, agentName: string, scope?: 'agent'|'global', content: string, maxLines?: number }} opts
+ */
+function writeMemory({ cwd, agentName, scope = 'agent', content, maxLines = MAX_LINES_DEFAULT }) {
+  const dir = scope === 'global'
+    ? paths.getProjectMemoryDir(cwd)
+    : paths.getAgentMemoryDir(cwd, agentName);
+
+  fs.mkdirSync(dir, { recursive: true });
+
+  const filePath = path.join(dir, 'MEMORY.md');
+  const timestamp = new Date().toISOString().slice(0, 10);
+  const entry = `\n\n<!-- ${timestamp} -->\n${content.trim()}`;
+
+  fs.appendFileSync(filePath, entry, 'utf8');
+
+  // Check line cap — if exceeded, export oldest content to topic files
+  const lines = fs.readFileSync(filePath, 'utf8').split('\n');
+  if (lines.length > maxLines) {
+    exportOldMemory({ filePath, dir, lines, maxLines });
+  }
+}
+
+/**
+ * Export overflow memory lines to a dated archive file.
+ * @param {{ filePath: string, dir: string, lines: string[], maxLines: number }} opts
+ */
+function exportOldMemory({ filePath, dir, lines, maxLines }) {
+  const keepFrom = lines.length - maxLines;
+  const overflow = lines.slice(0, keepFrom).join('\n');
+  const keep = lines.slice(keepFrom).join('\n');
+
+  const date = new Date().toISOString().slice(0, 7); // YYYY-MM
+  const archivePath = path.join(dir, `archive-${date}.md`);
+
+  if (overflow.trim()) {
+    fs.appendFileSync(archivePath, overflow + '\n', 'utf8');
+  }
+  fs.writeFileSync(filePath, keep, 'utf8');
+}
+
+module.exports = { writeMemory };