@opencoreai/opencore 0.2.2 → 0.4.0

package/src/index.ts

@@ -14,6 +14,7 @@ import { MacController } from "./mac-controller.mjs";
 import { SKILL_CATALOG } from "./skill-catalog.mjs";
 import {
   buildCredentialExecutionContext,
+  credentialStorePath,
   ensureCredentialStore,
   extractCredentialSaveCandidates,
   readCredentialStore,
@@ -35,6 +36,7 @@ const MANAGER_HEARTBEAT_INTERVAL_MS = Math.max(
 const OPENCORE_HOME = path.join(os.homedir(), ".opencore");
 const SOUL_PATH = path.join(OPENCORE_HOME, "soul.md");
 const MEMORY_PATH = path.join(OPENCORE_HOME, "memory.md");
+const COMPUTER_PROFILE_PATH = path.join(OPENCORE_HOME, "computer-profile.md");
 const HEARTBEAT_PATH = path.join(OPENCORE_HOME, "heartbeat.md");
 const GUIDELINES_PATH = path.join(OPENCORE_HOME, "guidelines.md");
 const INSTRUCTIONS_PATH = path.join(OPENCORE_HOME, "instructions.md");
@@ -49,9 +51,18 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const ROOT_DIR = path.resolve(__dirname, "..");
 const TEMPLATE_DIR = path.join(ROOT_DIR, "templates");
-const INDICATOR_SCRIPT_PATH = path.join(ROOT_DIR, "src", "opencore-indicator.js");
+const INDICATOR_SOURCE_PATH = path.join(ROOT_DIR, "src", "opencore-indicator.m");
+const INDICATOR_BINARY_PATH = path.join(OPENCORE_HOME, "cache", "opencore-indicator");
 const DEFAULT_SOUL = "# OpenCore Soul\nName: OpenCore\n";
 const DEFAULT_MEMORY = "# OpenCore Memory\n";
+const DEFAULT_COMPUTER_PROFILE = `# OpenCore Computer Profile
+
+## Machine Snapshot
+- Pending first machine scan.
+
+## Learned Facts
+- None yet.
+`;
 const DEFAULT_HEARTBEAT = `# OpenCore Heartbeat
 
 ## Current Task
@@ -74,6 +85,7 @@ This file stores durable notes and action history for both the Manager Agent and
 const EDITABLE_FILES: Record<string, string> = {
   soul: SOUL_PATH,
   memory: MEMORY_PATH,
+  "computer-profile": COMPUTER_PROFILE_PATH,
   heartbeat: HEARTBEAT_PATH,
   guidelines: GUIDELINES_PATH,
   instructions: INSTRUCTIONS_PATH,
@@ -147,6 +159,7 @@ type TelegramConfig = {
 const require = createRequire(import.meta.url);
 const { version: APP_VERSION } = require("../package.json");
 const execFileAsync = promisify(execFile);
+process.umask(0o077);
 
 async function readSettings() {
   try {
@@ -178,6 +191,155 @@ async function ensureTemplateApplied(filePath: string, template: string, legacyD
   }
 }
 
+async function chmodIfPossible(targetPath: string, mode: number) {
+  try {
+    await fs.chmod(targetPath, mode);
+  } catch {}
+}
+
+async function enforceOpenCorePermissions() {
+  const dirs = [
+    OPENCORE_HOME,
+    path.join(OPENCORE_HOME, "configs"),
+    path.join(OPENCORE_HOME, "logs"),
+    path.join(OPENCORE_HOME, "cache"),
+    SCREENSHOT_DIR,
+    SKILLS_DIR,
+  ];
+  const files = [
+    SOUL_PATH,
+    MEMORY_PATH,
+    COMPUTER_PROFILE_PATH,
+    HEARTBEAT_PATH,
+    GUIDELINES_PATH,
+    INSTRUCTIONS_PATH,
+    SETTINGS_PATH,
+    SCHEDULES_PATH,
+    INDICATOR_STATE_PATH,
+    SCHEDULER_LOG_PATH,
+    credentialStorePath(),
+  ];
+  for (const dir of dirs) await chmodIfPossible(dir, 0o700);
+  for (const file of files) await chmodIfPossible(file, 0o600);
+}
+
+function upsertMarkedSection(text: string, startMarker: string, endMarker: string, body: string) {
+  const nextSection = `${startMarker}\n${body.trim()}\n${endMarker}`;
+  const pattern = new RegExp(`${startMarker}[\\s\\S]*?${endMarker}`, "m");
+  if (pattern.test(text)) {
+    return text.replace(pattern, nextSection);
+  }
+  const base = String(text || "").trimEnd();
+  return `${base}\n\n${nextSection}\n`;
+}
+
+async function safeExecOutput(file: string, args: string[] = []) {
+  try {
+    const { stdout } = await execFileAsync(file, args, { maxBuffer: 1024 * 1024 * 2 } as any);
+    return String(stdout || "").trim();
+  } catch {
+    return "";
+  }
+}
+
+async function detectDefaultBrowser() {
+  const bundleId = await safeExecOutput("osascript", ["-e", 'id of application (path to default web browser)']);
+  return bundleId || "unknown";
+}
+
+async function collectComputerProfileSnapshot() {
+  const [productName, productVersion, buildVersion, arch, model, browserBundleId] = await Promise.all([
+    safeExecOutput("sw_vers", ["-productName"]),
+    safeExecOutput("sw_vers", ["-productVersion"]),
+    safeExecOutput("sw_vers", ["-buildVersion"]),
+    safeExecOutput("uname", ["-m"]),
+    safeExecOutput("sysctl", ["-n", "hw.model"]),
+    detectDefaultBrowser(),
+  ]);
+
+  const appNames = [];
+  for (const baseDir of ["/Applications", path.join(os.homedir(), "Applications")]) {
+    try {
+      const entries = await fs.readdir(baseDir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        if (!entry.name.toLowerCase().endsWith(".app")) continue;
+        appNames.push(entry.name.replace(/\.app$/i, ""));
+      }
+    } catch {}
+  }
+  const apps = [...new Set(appNames)].sort((a, b) => a.localeCompare(b)).slice(0, 30);
+
+  return [
+    "## Machine Snapshot",
+    `- Computer model: ${model || "unknown"}`,
+    `- Architecture: ${arch || "unknown"}`,
+    `- macOS: ${[productName, productVersion].filter(Boolean).join(" ") || "unknown"}${buildVersion ? ` (${buildVersion})` : ""}`,
+    `- Default browser bundle ID: ${browserBundleId}`,
+    `- User home: ${os.homedir()}`,
+    `- Current workspace root: ${process.cwd()}`,
+    `- OpenCore project root: ${ROOT_DIR}`,
+    `- Sample installed apps: ${apps.length ? apps.join(", ") : "none detected"}`,
+  ].join("\n");
+}
+
+async function refreshComputerProfileSnapshot() {
+  const existing = await readTextFile(COMPUTER_PROFILE_PATH, DEFAULT_COMPUTER_PROFILE);
+  const snapshot = await collectComputerProfileSnapshot();
+  const next = upsertMarkedSection(
+    existing,
+    "<!-- OPENCORE_COMPUTER_SNAPSHOT_START -->",
+    "<!-- OPENCORE_COMPUTER_SNAPSHOT_END -->",
+    snapshot,
+  );
+  await fs.writeFile(COMPUTER_PROFILE_PATH, `${next.trimEnd()}\n`, "utf8");
+  await enforceOpenCorePermissions();
+}
+
+function shouldStoreAsComputerFact(note: string) {
+  const text = String(note || "").toLowerCase();
+  return [
+    "browser",
+    "safari",
+    "chrome",
+    "arc",
+    "finder",
+    "application",
+    "app ",
+    "installed",
+    "mac",
+    "computer",
+    "workspace",
+    "screen recording",
+    "accessibility",
+    "permission",
+    "display",
+    "desktop",
+    "folder",
+    "directory",
+  ].some((token) => text.includes(token));
+}
+
+async function appendComputerProfileFacts(notes: string[]) {
+  const lines = Array.isArray(notes)
+    ? notes.map((note) => String(note || "").trim()).filter((note) => note && shouldStoreAsComputerFact(note))
+    : [];
+  if (!lines.length) return;
+  const existing = await readTextFile(COMPUTER_PROFILE_PATH, DEFAULT_COMPUTER_PROFILE);
+  const existingLines = new Set(
+    existing
+      .split("\n")
+      .map((line) => line.trim().replace(/^- /, ""))
+      .filter(Boolean),
+  );
+  const additions = lines.filter((line) => !existingLines.has(line));
+  if (!additions.length) return;
+  const updated = existing.trimEnd().replace(/\n*$/, "");
+  const body = `${updated}\n${additions.map((line) => `- ${line}`).join("\n")}\n`;
+  await fs.writeFile(COMPUTER_PROFILE_PATH, body, "utf8");
+  await enforceOpenCorePermissions();
+}
+
 async function ensureOpenCoreHome() {
   await fs.mkdir(path.join(OPENCORE_HOME, "configs"), { recursive: true });
   await fs.mkdir(path.join(OPENCORE_HOME, "logs"), { recursive: true });
@@ -187,12 +349,14 @@ async function ensureOpenCoreHome() {
 
   const soulTemplate = await readTemplate("default-soul.md", DEFAULT_SOUL);
   const memoryTemplate = await readTemplate("default-memory.md", LEGACY_DEFAULT_MEMORY);
+  const computerProfileTemplate = await readTemplate("default-computer-profile.md", DEFAULT_COMPUTER_PROFILE);
   const guidelinesTemplate = await readTemplate("default-guidelines.md", DEFAULT_GUIDELINES);
   const instructionsTemplate = await readTemplate("default-instructions.md", DEFAULT_INSTRUCTIONS);
   const heartbeatTemplate = await readTemplate("default-heartbeat.md", DEFAULT_HEARTBEAT);
 
   await ensureTemplateApplied(SOUL_PATH, soulTemplate, [DEFAULT_SOUL]);
   await ensureTemplateApplied(MEMORY_PATH, memoryTemplate, [LEGACY_DEFAULT_MEMORY, DEFAULT_MEMORY]);
+  await ensureTemplateApplied(COMPUTER_PROFILE_PATH, computerProfileTemplate, [DEFAULT_COMPUTER_PROFILE]);
   await ensureTemplateApplied(HEARTBEAT_PATH, heartbeatTemplate, [DEFAULT_HEARTBEAT]);
   await ensureTemplateApplied(GUIDELINES_PATH, guidelinesTemplate, [DEFAULT_GUIDELINES]);
   await ensureTemplateApplied(INSTRUCTIONS_PATH, instructionsTemplate, [DEFAULT_INSTRUCTIONS]);
@@ -231,6 +395,7 @@ async function ensureOpenCoreHome() {
   }
   await ensureDefaultOpenCoreSkills();
   await ensureCredentialStore();
+  await enforceOpenCorePermissions();
 }
 
 async function ensureDefaultOpenCoreSkills() {
@@ -277,6 +442,7 @@ async function readSchedules(): Promise<ScheduledTaskRecord[]> {
 
 async function writeSchedules(items: ScheduledTaskRecord[]) {
   await fs.writeFile(SCHEDULES_PATH, `${JSON.stringify(items, null, 2)}\n`, "utf8");
+  await enforceOpenCorePermissions();
 }
 
 async function updateScheduleRecord(id: string, apply: (item: ScheduledTaskRecord) => ScheduledTaskRecord | null) {
@@ -431,23 +597,82 @@ async function showMacNotification(title: string, message: string) {
   }
 }
 
+const indicatorStateCache: {
+  running: boolean;
+  active: boolean;
+  message: string;
+  events: string[];
+  updated_at?: string;
+} = {
+  running: false,
+  active: false,
+  message: "OpenCore is idle",
+  events: [],
+};
+
 async function writeIndicatorState(state: {
   running: boolean;
   active: boolean;
   message?: string;
+  events?: string[];
 }) {
+  indicatorStateCache.running = Boolean(state.running);
+  indicatorStateCache.active = Boolean(state.active);
+  indicatorStateCache.message = String(state.message || indicatorStateCache.message || "").trim();
+  if (Array.isArray(state.events)) {
+    indicatorStateCache.events = state.events.slice(-14);
+  }
+  indicatorStateCache.updated_at = new Date().toISOString();
   const payload = {
-    running: Boolean(state.running),
-    active: Boolean(state.active),
-    message: String(state.message || "").trim(),
+    running: indicatorStateCache.running,
+    active: indicatorStateCache.active,
+    message: indicatorStateCache.message,
+    events: indicatorStateCache.events,
     updated_at: new Date().toISOString(),
   };
   await fs.writeFile(INDICATOR_STATE_PATH, `${JSON.stringify(payload, null, 2)}\n`, "utf8").catch(() => {});
+  await enforceOpenCorePermissions();
+}
+
+async function appendIndicatorEvent(text: string, options: { active?: boolean; message?: string } = {}) {
+  const line = String(text || "").trim();
+  if (!line) return;
+  const stamp = new Date().toLocaleTimeString([], { hour: "2-digit", minute: "2-digit", second: "2-digit" });
+  const events = [...indicatorStateCache.events, `${stamp}  ${line}`].slice(-14);
+  await writeIndicatorState({
+    running: indicatorStateCache.running || true,
+    active: options.active ?? indicatorStateCache.active,
+    message: options.message ?? indicatorStateCache.message,
+    events,
+  });
 }
 
-function startIndicatorProcess() {
+async function ensureIndicatorBinary() {
   try {
-    const child = spawn("osascript", ["-l", "JavaScript", INDICATOR_SCRIPT_PATH], {
+    const [sourceStat, binaryStat] = await Promise.all([
+      fs.stat(INDICATOR_SOURCE_PATH),
+      fs.stat(INDICATOR_BINARY_PATH).catch(() => null),
+    ]);
+    if (binaryStat && binaryStat.mtimeMs >= sourceStat.mtimeMs) {
+      return INDICATOR_BINARY_PATH;
+    }
+    await execFileAsync("clang", ["-framework", "Cocoa", "-framework", "QuartzCore", INDICATOR_SOURCE_PATH, "-o", INDICATOR_BINARY_PATH], {
+      maxBuffer: 1024 * 1024 * 8,
+    } as any);
+    await chmodIfPossible(INDICATOR_BINARY_PATH, 0o755);
+    return INDICATOR_BINARY_PATH;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    console.warn(`[indicator] build failed: ${message}`);
+    return "";
+  }
+}
+
+async function startIndicatorProcess() {
+  try {
+    const binaryPath = await ensureIndicatorBinary();
+    if (!binaryPath) return null;
+    const child = spawn(binaryPath, [], {
       stdio: ["ignore", "ignore", "pipe"],
       env: { ...process.env, OPENCORE_INDICATOR_STATE_PATH: INDICATOR_STATE_PATH },
     });
@@ -506,6 +731,7 @@ async function writeSettingsPatch(patch: Record<string, any>) {
   const current = await readSettings();
   const next = { ...current, ...patch };
   await fs.writeFile(SETTINGS_PATH, `${JSON.stringify(next, null, 2)}\n`, "utf8");
+  await enforceOpenCorePermissions();
   return next;
 }
 
@@ -565,6 +791,39 @@ async function sendTelegramMessage(config: TelegramConfig, text: string) {
   }
 }
 
+async function sendTelegramPhoto(config: TelegramConfig, filePath: string, caption = "") {
+  if (!config.enabled || !config.chatId || !filePath) return;
+  const data = await fs.readFile(filePath);
+  const form = new FormData();
+  form.append("chat_id", config.chatId);
+  if (caption.trim()) form.append("caption", caption.trim().slice(0, 1024));
+  const ext = path.extname(filePath).toLowerCase();
+  const type = ext === ".jpg" || ext === ".jpeg" ? "image/jpeg" : "image/png";
+  form.append("photo", new Blob([data], { type }), path.basename(filePath));
+
+  const controller = new AbortController();
+  const timeoutMs = 12_000;
+  const timeout = setTimeout(() => controller.abort(new Error(`Telegram API sendPhoto timed out after ${timeoutMs}ms`)), timeoutMs);
+  try {
+    const res = await fetch(`https://api.telegram.org/bot${config.botToken}/sendPhoto`, {
+      method: "POST",
+      body: form,
+      signal: controller.signal,
+    });
+    if (!res.ok) {
+      throw new Error(`Telegram API sendPhoto failed with HTTP ${res.status}`);
+    }
+    const json = await res.json();
+    if (!json?.ok) {
+      throw new Error(String(json?.description || "Telegram API sendPhoto failed."));
+    }
+  } catch (error) {
+    throw new Error(`Telegram API sendPhoto request failed: ${formatNetworkError(error)}`);
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
 function publicTelegramConfig(config: TelegramConfig) {
   return {
     enabled: config.enabled,
@@ -582,10 +841,12 @@ async function loadPromptContext() {
   const guidelinesTemplate = await readTemplate("default-guidelines.md", DEFAULT_GUIDELINES);
   const instructionsTemplate = await readTemplate("default-instructions.md", DEFAULT_INSTRUCTIONS);
   const heartbeatTemplate = await readTemplate("default-heartbeat.md", DEFAULT_HEARTBEAT);
+  const computerProfileTemplate = await readTemplate("default-computer-profile.md", DEFAULT_COMPUTER_PROFILE);
   const soul = await readTextFile(SOUL_PATH, soulTemplate);
   const heartbeat = await readTextFile(HEARTBEAT_PATH, heartbeatTemplate);
   const guidelines = await readTextFile(GUIDELINES_PATH, guidelinesTemplate);
   const instructions = await readTextFile(INSTRUCTIONS_PATH, instructionsTemplate);
+  const computerProfile = await readTextFile(COMPUTER_PROFILE_PATH, computerProfileTemplate);
   const config = await readSettings();
   const credentials = await readCredentialStore();
   const memoryExcerpt = await readMemoryExcerpt(4000);
@@ -595,6 +856,7 @@ async function loadPromptContext() {
     heartbeat,
     guidelines,
     instructions,
+    computerProfile,
     installedSkills: installedSkills || "(no installed skills found)",
     config: JSON.stringify(maskConfig(config), null, 2),
     credentialsSummary: summarizeCredentialStoreForPrompt(credentials),
@@ -624,6 +886,8 @@ async function buildComputerSystemPrompt() {
     ctx.credentialsSummary,
     "OpenCore memory excerpt (recent):",
     ctx.memoryExcerpt,
+    "OpenCore computer profile:",
+    ctx.computerProfile,
   ].join("\n\n");
 }
 
@@ -635,14 +899,14 @@ async function buildManagerSystemPrompt() {
     "Manager Agent handles everything except direct computer-use actions.",
     "You receive user tasks first. Decide whether to answer directly, edit local markdown files, or delegate to Computer Agent.",
     "You also maintain durable OpenCore state. When the user states a lasting rule, preference, permission, restriction, identity update, or computer fact, update the appropriate markdown files automatically.",
-    "Use guidelines.md for safety, permission, and capability restrictions. Use instructions.md for workflow preferences and operating style. Use soul.md for OpenCore identity/personality. Use memory.md for durable learned facts about the computer, apps, environment, and user preferences.",
+    "Use guidelines.md for safety, permission, and capability restrictions. Use instructions.md for workflow preferences and operating style. Use soul.md for OpenCore identity/personality. Use memory.md for durable learned facts and task history. Use computer-profile.md for durable machine facts, installed apps, browser facts, workspace context, and environment inventory.",
     "Delegate to Computer Agent when UI/computer control is needed.",
     "Use route=local when the work can be performed locally with shell/file commands without UI control, such as file management, project inspection, text generation to files, and command-line maintenance.",
     "Do direct answer when task is informational and no computer control is required.",
     "Do edit_file when user asks to update any markdown/state/config file or when task requires writing files.",
     "You may edit files and folders anywhere on the user's computer when needed, unless guidelines/instructions explicitly forbid it.",
     "Return strict JSON only, no markdown, no explanations.",
-    'JSON schema: {"route":"direct|computer|edit_file|local","direct_answer":"...","computer_task":"...","file_target":"soul|memory|heartbeat|guidelines|instructions|/absolute/or/relative/path","edit_instructions":"...","local_task":"..."}',
+    'JSON schema: {"route":"direct|computer|edit_file|local","direct_answer":"...","computer_task":"...","file_target":"soul|memory|computer-profile|heartbeat|guidelines|instructions|/absolute/or/relative/path","edit_instructions":"...","local_task":"..."}',
     "Follow OpenCore guidelines exactly:",
     ctx.guidelines,
     "Follow OpenCore user instructions exactly:",
@@ -657,6 +921,8 @@ async function buildManagerSystemPrompt() {
     ctx.credentialsSummary,
     "OpenCore memory excerpt (recent):",
     ctx.memoryExcerpt,
+    "OpenCore computer profile:",
+    ctx.computerProfile,
   ].join("\n\n");
 }
 
@@ -1114,6 +1380,7 @@ async function managerBuildLocalCommand({
       "Rules:\n" +
       "- Use zsh-compatible syntax.\n" +
       "- Prefer safe file and project commands.\n" +
+      "- Do not use sudo, rm -rf, eval, disk erase commands, reboot commands, or download-and-execute patterns.\n" +
       "- Use absolute cwd when useful, or omit it.\n" +
       "- Do not include explanations or markdown.",
     maxTokens: 700,
@@ -1233,11 +1500,20 @@ async function runLocalCommandTask({
   if (!built || !built.command) {
     return "I could not build a valid local shell command for that task.";
   }
+  const commandSafetyError = getUnsafeLocalCommandReason(built.command);
+  if (commandSafetyError) {
+    await appendMemory(`[manager] blocked_local_command=${built.command}`);
+    return `I refused to run that local command because it violated OpenCore security rules: ${commandSafetyError}`;
+  }
   const cwd = built.cwd
     ? path.isAbsolute(built.cwd)
       ? built.cwd
       : path.resolve(os.homedir(), built.cwd)
     : os.homedir();
+  const cwdSafetyError = await getUnsafeLocalCommandCwdReason(cwd);
+  if (cwdSafetyError) {
+    return `I refused to run that local command because the working directory was not allowed: ${cwdSafetyError}`;
+  }
   await appendMemory(`[manager] local_command=${built.command} cwd=${cwd}`);
   const { stdout, stderr } = await execFileAsync("/bin/zsh", ["-lc", built.command], {
     cwd,
@@ -1248,6 +1524,44 @@ async function runLocalCommandTask({
   return output ? `${summary}\n\n${output}`.trim() : summary;
 }
 
+function getUnsafeLocalCommandReason(command: string) {
+  const value = String(command || "").trim();
+  if (!value) return "empty command";
+  if (value.includes("\n")) return "multi-line commands are blocked";
+  const checks: Array<[RegExp, string]> = [
+    [/\bsudo\b/i, "sudo escalation is blocked"],
+    [/\brm\s+-rf\b/i, "recursive forced deletion is blocked"],
+    [/\bdiskutil\s+erase/i, "disk erase operations are blocked"],
+    [/\bmkfs\b/i, "filesystem formatting is blocked"],
+    [/\bdd\s+if=/i, "raw disk write patterns are blocked"],
+    [/\bshutdown\b|\breboot\b/i, "system shutdown and reboot are blocked"],
+    [/\blaunchctl\s+bootout\b/i, "launchctl bootout is blocked"],
+    [/\bcurl\b[\s\S]*\|\s*(sh|bash|zsh)\b/i, "pipe-to-shell download execution is blocked"],
+    [/\bwget\b[\s\S]*\|\s*(sh|bash|zsh)\b/i, "pipe-to-shell download execution is blocked"],
+    [/\beval\b/i, "shell eval is blocked"],
+    [/<\(/, "process substitution is blocked"],
+  ];
+  for (const [pattern, reason] of checks) {
+    if (pattern.test(value)) return reason;
+  }
+  return "";
+}
+
+async function getUnsafeLocalCommandCwdReason(cwd: string) {
+  const resolved = path.resolve(cwd);
+  const disallowedRoots = ["/System", "/Library", "/private", "/usr"];
+  if (disallowedRoots.some((root) => resolved === root || resolved.startsWith(`${root}/`))) {
+    return "system-owned directories are blocked for manager local tasks";
+  }
+  try {
+    const stat = await fs.stat(resolved);
+    if (!stat.isDirectory()) return "working directory is not a directory";
+  } catch {
+    return "working directory does not exist";
+  }
+  return "";
+}
+
 function isValidCronExpression(value: string) {
   return /^(\S+\s+){4}\S+$/.test(String(value || "").trim());
 }
@@ -1334,7 +1648,7 @@ async function recoverScheduledTasksIfNeeded({
         last_run_at: new Date().toISOString(),
         last_error: "",
       });
-      const answer = await runManagedTask({
+      const result = await runManagedTask({
         runtime,
         controller,
         userPrompt: item.task,
@@ -1349,7 +1663,7 @@ async function recoverScheduledTasksIfNeeded({
         await setScheduleRecordState(item.id, { last_status: "done", last_error: "" });
       }
       results.push(`${item.id}: recovered successfully`);
-      await appendMemory(`[schedule_recovered id=${item.id}] ${answer.slice(0, 200)}`);
+      await appendMemory(`[schedule_recovered id=${item.id}] ${result.answer.slice(0, 200)}`);
     } catch (error) {
       const msg = error instanceof Error ? error.message : String(error);
       await setScheduleRecordState(item.id, { last_status: "error", last_error: msg });
@@ -1374,13 +1688,13 @@ async function managerInferPersistentUpdates({
     userText:
       `User message:\n${userPrompt}\n\n` +
       "Determine whether this message contains durable instructions, restrictions, preferences, identity updates, or computer facts that should be persisted for future tasks.\n" +
-      'Return JSON only using schema: {"memory_notes":["..."],"file_updates":[{"target":"guidelines|instructions|soul|memory","instructions":"..."}]}\n' +
+      'Return JSON only using schema: {"memory_notes":["..."],"file_updates":[{"target":"guidelines|instructions|soul|memory|computer-profile","instructions":"..."}]}\n' +
       "Rules:\n" +
       "- Only include file_updates for durable information that should persist beyond the current task.\n" +
       "- If the user says something cannot be done on this computer or should never be done, update guidelines.\n" +
       "- If the user gives preferred behavior or workflow style, update instructions.\n" +
       "- If the user changes OpenCore identity/personality, update soul.\n" +
-      "- Store important learned facts about the computer or apps in memory_notes.\n" +
+      "- Store important learned facts about the computer or apps in memory_notes and/or computer-profile updates.\n" +
       "- If nothing durable should be saved, return empty arrays.",
     maxTokens: 900,
   });
@@ -1425,6 +1739,7 @@ async function applyPersistentUpdatePlan({
   }
   const notes = Array.isArray(plan.memory_notes) ? plan.memory_notes : [];
   await appendLearnedFacts(notes);
+  await appendComputerProfileFacts(notes);
 }
 
 async function managerExtractLearnedFacts({
@@ -1450,7 +1765,9 @@ async function managerExtractLearnedFacts({
     maxTokens: 500,
   });
   const parsed = extractJsonObject(text);
-  return Array.isArray((parsed as any)?.memory_notes) ? (parsed as any).memory_notes : [];
+  const notes = Array.isArray((parsed as any)?.memory_notes) ? (parsed as any).memory_notes : [];
+  await appendComputerProfileFacts(notes);
+  return notes;
 }
 
 async function managerWriteHeartbeat({
@@ -1843,11 +2160,13 @@ async function runManagedTask({
   dashboard?: DashboardServer | null;
   publishToConsole?: boolean;
   indicatorMessage?: string;
-}) {
+}): Promise<{ answer: string; screenshotPath?: string }> {
+  let lastScreenshotPath = "";
   await appendMemory(`[user] ${userPrompt}`);
   await dashboard?.publishChat({ role: "user", source: source === "schedule" ? "manager" : source, text: userPrompt });
   dashboard?.publishEvent({ type: "task_started", source: source === "schedule" ? "manager" : source });
   await writeIndicatorState({ running: true, active: true, message: indicatorMessage });
+  await appendIndicatorEvent(`Task started: ${userPrompt.slice(0, 120)}`, { active: true, message: indicatorMessage });
   await showMacNotification("OpenCore", indicatorMessage);
   if (publishToConsole) console.log(`Running (${source})...`);
 
@@ -1865,8 +2184,9 @@ async function runManagedTask({
     await dashboard?.publishChat({ role: "assistant", source: "system", text: telegramSetup.answer });
     dashboard?.publishEvent({ type: "task_completed", source: source === "schedule" ? "manager" : source });
     await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+    await appendIndicatorEvent("Updated Telegram settings", { active: false, message: "OpenCore is idle" });
     await showMacNotification("OpenCore", "OpenCore updated Telegram settings.");
-    return telegramSetup.answer;
+    return { answer: telegramSetup.answer };
   }
 
   const credentialSetup = await handleCredentialSetupRequest(userPrompt);
@@ -1875,8 +2195,9 @@ async function runManagedTask({
     await dashboard?.publishChat({ role: "assistant", source: "system", text: credentialSetup.answer });
     dashboard?.publishEvent({ type: "task_completed", source: source === "schedule" ? "manager" : source });
     await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+    await appendIndicatorEvent("Updated local credentials", { active: false, message: "OpenCore is idle" });
     await showMacNotification("OpenCore", "OpenCore updated local credentials.");
-    return credentialSetup.answer;
+    return { answer: credentialSetup.answer };
   }
 
   if (wantsHeartbeatAudit(userPrompt)) {
@@ -1892,7 +2213,8 @@ async function runManagedTask({
     await appendMemory(`[assistant] ${answer}`);
     await dashboard?.publishChat({ role: "assistant", source: "system", text: answer });
     await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
-    return answer;
+    await appendIndicatorEvent("Heartbeat check completed", { active: false, message: "OpenCore is idle" });
+    return { answer };
   }
 
   const schedulePlan = await managerDetectScheduleRequest({ runtime, userPrompt });
@@ -1908,8 +2230,9 @@ async function runManagedTask({
     await dashboard?.publishChat({ role: "assistant", source: "system", text: scheduleAnswer });
     dashboard?.publishEvent({ type: "task_completed", source: source === "schedule" ? "manager" : source });
     await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+    await appendIndicatorEvent("Scheduled task created", { active: false, message: "OpenCore is idle" });
     await showMacNotification("OpenCore", "OpenCore scheduled the requested task.");
-    return scheduleAnswer;
+    return { answer: scheduleAnswer };
   }
 
   const decision = await managerDecide({ runtime, userPrompt });
@@ -1954,7 +2277,15 @@ async function runManagedTask({
       controller,
       prompt: delegatedTask,
       secretTaskContext: credentialTaskContext,
-      onEvent: (evt) => dashboard?.publishEvent(evt),
+      onEvent: (evt) => {
+        if (evt?.type === "screenshot" && evt?.path) {
+          lastScreenshotPath = String(evt.path);
+          void appendIndicatorEvent(`Screenshot captured · step ${evt.step || "?"}`, { active: true, message: indicatorMessage });
+        } else if (evt?.type === "action" && evt?.action) {
+          void appendIndicatorEvent(`Action: ${String(evt.action)}`, { active: true, message: indicatorMessage });
+        }
+        dashboard?.publishEvent(evt);
+      },
     });
   }
 
@@ -1967,18 +2298,29 @@ async function runManagedTask({
   await appendLearnedFacts(await managerExtractLearnedFacts({ runtime, userPrompt, answer }));
   await clearCompletedHeartbeat();
   dashboard?.publishEvent({ type: "file_updated", target: HEARTBEAT_PATH });
-  await dashboard?.publishChat({ role: "assistant", source: "system", text: answer });
+  await dashboard?.publishChat({
+    role: "assistant",
+    source: "system",
+    text: answer,
+    screenshot_path: lastScreenshotPath || undefined,
+  });
   dashboard?.publishEvent({ type: "task_completed", source: source === "schedule" ? "manager" : source });
   await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+  await appendIndicatorEvent(source === "schedule" ? "Scheduled task finished" : "Task finished", {
+    active: false,
+    message: "OpenCore is idle",
+  });
   await showMacNotification("OpenCore", source === "schedule" ? "OpenCore finished a scheduled task." : "OpenCore finished the current task.");
-  return answer;
+  return { answer, screenshotPath: lastScreenshotPath || undefined };
 }
 
 async function main() {
   const argv = process.argv.slice(2);
   const scheduledMode = argv[0] === "--scheduled-id" ? String(argv[1] || "").trim() : "";
   await ensureOpenCoreHome();
-  await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+  await refreshComputerProfileSnapshot();
+  await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle", events: [] });
+  await appendIndicatorEvent("OpenCore started", { active: false, message: "OpenCore is idle" });
   const settings = await readSettings();
   const provider = "chatgpt";
   const openaiKey = String(process.env.OPENAI_API_KEY || settings.openai_api_key || "").trim();
@@ -2000,7 +2342,7 @@ async function main() {
     displayHeight: process.env.COMPUTER_USE_DISPLAY_HEIGHT,
   });
   await controller.init();
-  let indicator: any = startIndicatorProcess();
+  let indicator: any = await startIndicatorProcess();
 
   if (scheduledMode) {
     const schedules = await readSchedules();
@@ -2028,7 +2370,7 @@ async function main() {
           last_error: "",
         });
       }
-      const answer = await runManagedTask({
+      const result = await runManagedTask({
         runtime,
         controller,
         userPrompt: schedule.task,
@@ -2043,7 +2385,7 @@ async function main() {
       } else {
         await setScheduleRecordState(schedule.id, { last_run_at: now, last_status: "done", last_error: "" });
       }
-      console.log(answer);
+      console.log(result.answer);
       await writeIndicatorState({ running: false, active: false, message: "OpenCore has stopped" });
       stopIndicatorProcess(indicator);
       process.exit(0);
@@ -2292,16 +2634,27 @@ async function main() {
         const item = queue.shift();
         if (!item) continue;
         try {
-          const answer = await runManagedTask({
+          const result = await runManagedTask({
             runtime,
             controller,
             userPrompt: item.text,
             source: item.source,
             dashboard,
           });
-          console.log(`\nAssistant:\n${answer}\n`);
+          console.log(`\nAssistant:\n${result.answer}\n`);
           if (item.source === "telegram") {
-            await sendTelegramMessage(telegramConfig, answer);
+            await sendTelegramMessage(telegramConfig, result.answer);
+            if (result.screenshotPath) {
+              try {
+                await sendTelegramPhoto(telegramConfig, result.screenshotPath, "Final OpenCore screenshot");
+              } catch (photoError) {
+                console.warn(
+                  `[telegram] final screenshot send failed: ${
+                    photoError instanceof Error ? photoError.message : String(photoError)
+                  }`,
+                );
+              }
+            }
           }
         } catch (error) {
           const msg = error instanceof Error ? error.message : String(error);
@@ -2310,6 +2663,7 @@ async function main() {
           await dashboard.publishChat({ role: "error", source: "system", text: `Request failed: ${msg}` });
           dashboard.publishEvent({ type: "task_failed", source: item.source });
           await writeIndicatorState({ running: true, active: false, message: "OpenCore is idle" });
+          await appendIndicatorEvent(`Task failed: ${msg}`, { active: false, message: "OpenCore is idle" });
           await showMacNotification("OpenCore", "OpenCore stopped because the current task failed.");
           if (item.source === "telegram") {
             await sendTelegramMessage(telegramConfig, `Request failed: ${msg}`);