@openpalm/lib 0.11.0-beta.10 → 0.11.0-beta.13

package/src/control-plane/registry.ts

@@ -1,8 +1,9 @@
 /**
- * Registry catalog discovery and refresh.
+ * Built-in addon/profile discovery and legacy registry helpers.
  *
- * `OP_HOME/state/registry` is the only persistent catalog location.
- * Install seeds it once; refresh replaces it explicitly.
+ * Runtime addon enablement is recorded in stack.yml and resolved to Compose
+ * profiles. The fixed compose files under config/stack are the runtime source
+ * of truth.
  */
 import { cpSync, existsSync, mkdtempSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
 import { execFile, execFileSync } from 'node:child_process';
@@ -10,19 +11,26 @@ import { join } from 'node:path';
 import { tmpdir } from 'node:os';
 import { parse as parseYaml } from 'yaml';
 import { createLogger } from '../logger.js';
-import { isChannelAddon } from './channels.js';
-import { randomHex, writeChannelSecrets } from './config-persistence.js';
+import { resolveLocalOpenpalmDir } from './ui-assets.js';
+import { ensureChannelSecret } from './config-persistence.js';
 import { patchSecretsEnvFile, readStackEnv } from './secrets.js';
+import { writeRunScript } from './compose-args.js';
+import { readBundledStackAsset } from './core-assets.js';
+import { canonicalAddonProfileSelection, resolveHardwareProfileVariant } from './profile-ids.js';
+import { listStackSpecAddons, setStackSpecAddon } from './stack-spec.js';
+import type { ControlPlaneState } from './types.js';
 import {
   resolveRegistryAddonsDir,
   resolveRegistryAutomationsDir,
   resolveRegistryDir,
+  resolveStashDir,
 } from './home.js';
 
 const BRANCH_RE = /^[a-zA-Z0-9._\/-]+$/;
 const URL_RE = /^(https:\/\/|git@)/;
 const VALID_NAME_RE = /^[a-z0-9][a-z0-9-]{0,62}$/;
 const logger = createLogger('registry');
+const BUILTIN_ADDONS = ['api', 'chat', 'discord', 'ollama', 'slack', 'ssh', 'voice'] as const;
 
 let warnedMissingRegistryAddonsDir = false;
 
@@ -107,8 +115,8 @@ function countValidAutomations(rootDir: string): number {
   const automationsDir = join(rootDir, 'automations');
   if (!existsSync(automationsDir)) return 0;
   return readdirSync(automationsDir).filter((file) => {
-    if (!file.endsWith('.md')) return false;
-    return isValidComponentName(file.replace(/\.md$/, ''));
+    if (!file.endsWith('.yml')) return false;
+    return isValidComponentName(file.replace(/\.yml$/, ''));
   }).length;
 }
 
@@ -127,8 +135,8 @@ export function verifyRegistryCatalog(rootDir = resolveRegistryDir()): RegistryC
 }
 
 export function materializeRegistryCatalog(sourceRoot: string): string {
-  const sourceAddonsDir = join(sourceRoot, '.openpalm', 'state', 'registry', 'addons');
-  const sourceAutomationsDir = join(sourceRoot, '.openpalm', 'state', 'registry', 'automations');
+  const sourceAddonsDir = join(sourceRoot, '.openpalm', 'data', 'registry', 'addons');
+  const sourceAutomationsDir = join(sourceRoot, '.openpalm', 'data', 'registry', 'automations');
   const tempRoot = mkdtempSync(join(tmpdir(), 'openpalm-registry-materialize-'));
 
   try {
@@ -205,29 +213,28 @@ export function discoverRegistryComponents(): Record<string, RegistryComponentEn
 }
 
 export function discoverRegistryAutomations(stashDir: string): RegistryAutomationEntry[] {
-  const automationsDir = resolveRegistryAutomationsDir();
+  const localOpenpalmDir = resolveLocalOpenpalmDir();
+  const automationsDir = localOpenpalmDir
+    ? join(localOpenpalmDir, 'knowledge', 'tasks')
+    : join(stashDir, 'tasks');
   if (!existsSync(automationsDir)) return [];
 
   return readdirSync(automationsDir)
-    .filter((file) => file.endsWith('.md'))
+    .filter((file) => file.endsWith('.yml'))
     .map((file) => {
-      const name = file.replace(/\.md$/, '');
+      const name = file.replace(/\.yml$/, '');
       if (!VALID_NAME_RE.test(name)) return null;
 
       const content = readFileSync(join(automationsDir, file), 'utf-8');
       let description = '';
       let schedule = '';
 
-      // Extract frontmatter metadata (between --- delimiters)
+      // Extract YAML metadata.
       try {
-        const after = content.startsWith('---') ? content.slice(3) : '';
-        const end = after.indexOf('\n---');
-        if (end !== -1) {
-          const parsed = parseYaml(after.slice(0, end));
-          if (parsed && typeof parsed === 'object') {
-            description = (parsed as Record<string, unknown>).description as string ?? '';
-            schedule = (parsed as Record<string, unknown>).schedule as string ?? '';
-          }
+        const parsed = parseYaml(content);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+          description = (parsed as Record<string, unknown>).description as string ?? '';
+          schedule = (parsed as Record<string, unknown>).schedule as string ?? '';
         }
       } catch {
         // best-effort metadata extraction
@@ -246,75 +253,65 @@ export function discoverRegistryAutomations(stashDir: string): RegistryAutomatio
 
 export function getRegistryAutomation(name: string): string | null {
   if (!VALID_NAME_RE.test(name)) return null;
-  const mdPath = join(resolveRegistryAutomationsDir(), `${name}.md`);
-  if (!existsSync(mdPath)) return null;
-  return readFileSync(mdPath, 'utf-8');
+  const localOpenpalmDir = resolveLocalOpenpalmDir();
+  const candidates = [
+    localOpenpalmDir ? join(localOpenpalmDir, 'knowledge', 'tasks', `${name}.yml`) : '',
+    join(resolveStashDir(), 'tasks', `${name}.yml`),
+    join(resolveRegistryAutomationsDir(), `${name}.yml`),
+  ].filter(Boolean);
+  for (const ymlPath of candidates) {
+    if (existsSync(ymlPath)) return readFileSync(ymlPath, 'utf-8');
+  }
+  return null;
 }
 
-export function getRegistryAddonConfig(homeDir: string, name: string): RegistryAddonConfig {
+export function getRegistryAddonConfig(_homeDir: string, name: string): RegistryAddonConfig {
   if (!VALID_NAME_RE.test(name)) {
     throw new Error(`Invalid addon name: ${name}`);
   }
 
-  // Overlay-only addons (compose.yml only, no .env.schema) have no env vars
-  // to render, so the schema reads as an empty string.
-  const schemaPath = `state/registry/addons/${name}/.env.schema`;
-  const schemaFile = join(homeDir, schemaPath);
   return {
-    schemaPath,
-    userEnvPath: 'config/stack/stack.env',
-    envSchema: existsSync(schemaFile) ? readFileSync(schemaFile, 'utf-8') : '',
+    schemaPath: '',
+    userEnvPath: 'knowledge/env/stack.env',
+    envSchema: '',
   };
 }
 
 export function listAvailableAddonIds(): string[] {
-  const addonsDir = resolveRegistryAddonsDir();
-  if (!existsSync(addonsDir) && !warnedMissingRegistryAddonsDir) {
-    warnedMissingRegistryAddonsDir = true;
-    logger.warn('registry addons directory is missing', { addonsDir });
-  }
-  return Object.keys(discoverRegistryComponents()).sort();
+  return [...BUILTIN_ADDONS].sort();
 }
 
 export function listEnabledAddonIds(homeDir: string): string[] {
-  const addonsDir = join(homeDir, 'config', 'stack', 'addons');
-  if (!existsSync(addonsDir)) return [];
-
-  return readdirSync(addonsDir, { withFileTypes: true })
-    .filter((entry) => entry.isDirectory() && existsSync(join(addonsDir, entry.name, 'compose.yml')))
-    .map((entry) => entry.name)
-    .sort();
-}
-
-function copyAddonFromRegistry(homeDir: string, name: string): void {
-  if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
-
-  const sourceDir = join(resolveRegistryAddonsDir(), name);
-  // compose.yml is the only required file. Overlay-only addons may omit
-  // .env.schema entirely.
-  if (!existsSync(join(sourceDir, 'compose.yml'))) {
-    throw new Error(`Addon "${name}" not found in registry`);
+  const enabled = new Set(listStackSpecAddons(join(homeDir, 'config', 'stack')));
+  const env = readStackEnv(join(homeDir, 'config', 'stack'));
+  const profiles = new Set((env.COMPOSE_PROFILES ?? '').split(',').map((p) => p.trim()).filter(Boolean));
+  for (const key of ['OP_VOICE_PROFILE', 'OP_OLLAMA_PROFILE']) {
+    const profile = env[key]?.trim();
+    if (profile) profiles.add(profile);
   }
-
-  const targetDir = join(homeDir, 'config', 'stack', 'addons', name);
-  rmSync(targetDir, { recursive: true, force: true });
-  mkdirSync(join(homeDir, 'config', 'stack', 'addons'), { recursive: true });
-  cpSync(sourceDir, targetDir, { recursive: true });
-}
-
-function removeEnabledAddon(homeDir: string, name: string): void {
-  if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
-  rmSync(join(homeDir, 'config', 'stack', 'addons', name), { recursive: true, force: true });
+  for (const profile of profiles) {
+    const match = profile.match(/^addon\.([a-z0-9-]+)(?:\.|$)/);
+    if (match?.[1]) enabled.add(match[1]);
+  }
+  return [...enabled].sort();
 }
 
-function readAddonServiceNames(composePath: string): string[] {
-  if (!existsSync(composePath)) return [];
-
+function readAddonServiceNamesFromContent(composeContent: string, composePath: string, addonName?: string): string[] {
   try {
-    const parsed = parseYaml(readFileSync(composePath, "utf-8"));
+    const parsed = parseYaml(composeContent);
     const services = parsed && typeof parsed === "object" ? (parsed as { services?: unknown }).services : undefined;
     if (!services || typeof services !== "object" || Array.isArray(services)) return [];
-    return Object.keys(services as Record<string, unknown>);
+    const entries = Object.entries(services as Record<string, unknown>);
+    if (!addonName) return entries.map(([name]) => name);
+    return entries
+      .filter(([serviceName, raw]) => {
+        if (serviceName === 'guardian') return false;
+        if (serviceName === addonName || serviceName.startsWith(`${addonName}-`)) return true;
+        if (!raw || typeof raw !== 'object') return false;
+        const profiles = (raw as { profiles?: unknown }).profiles;
+        return Array.isArray(profiles) && profiles.some((p) => typeof p === 'string' && p.startsWith(`addon.${addonName}`));
+      })
+      .map(([serviceName]) => serviceName);
   } catch (error) {
     logger.warn("failed to parse addon compose services", {
       composePath,
@@ -324,16 +321,27 @@ function readAddonServiceNames(composePath: string): string[] {
   }
 }
 
+function readAddonServiceNames(composePath: string, addonName?: string): string[] {
+  if (!existsSync(composePath)) return [];
+  return readAddonServiceNamesFromContent(readFileSync(composePath, "utf-8"), composePath, addonName);
+}
+
 export function getAddonServiceNames(homeDir: string, name: string): string[] {
   if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
 
   const composeCandidates = [
-    join(homeDir, "config", "stack", "addons", name, "compose.yml"),
-    join(homeDir, "state", "registry", "addons", name, "compose.yml"),
+    join(homeDir, "config", "stack", "channels.compose.yml"),
+    join(homeDir, "config", "stack", "services.compose.yml"),
+    join(homeDir, "config", "stack", "custom.compose.yml"),
   ];
 
   for (const composePath of composeCandidates) {
-    const services = readAddonServiceNames(composePath);
+    const services = readAddonServiceNames(composePath, name);
+    if (services.length > 0) return services;
+  }
+
+  for (const assetName of ["channels.compose.yml", "services.compose.yml", "custom.compose.yml"]) {
+    const services = readAddonServiceNamesFromContent(readBundledStackAsset(assetName), `bundled:${assetName}`, name);
     if (services.length > 0) return services;
   }
 
@@ -418,14 +426,13 @@ function execFileNoThrow(
 /**
  * Compute the openpalm/voice image ref for a given GPU variant, matching
  * the substitution chain in the addon compose file:
- *   ${OP_IMAGE_NAMESPACE:-openpalm}/voice:${OP_VOICE_IMAGE_TAG:-${OP_IMAGE_TAG:-v0.11.0}-<variant>}
+ *   ${OP_IMAGE_NAMESPACE:-openpalm}/voice:${OP_VOICE_IMAGE_TAG:-${OP_IMAGE_TAG:-latest}-<variant>}
  */
 function voiceImageRef(variant: 'cpu' | 'cu121' | 'rocm6'): string {
   const namespace = process.env.OP_IMAGE_NAMESPACE?.trim() || 'openpalm';
   const explicit = process.env.OP_VOICE_IMAGE_TAG?.trim();
   if (explicit) return `${namespace}/voice:${explicit}`;
-  const baseTag = process.env.OP_IMAGE_TAG?.trim() || 'v0.11.0';
-  return `${namespace}/voice:${baseTag}-${variant}`;
+  return `${namespace}/voice:latest-${variant}`;
 }
 
 /**
@@ -525,11 +532,12 @@ export async function getAddonProfileAvailability(
 
   let result: AddonProfileAvailability;
   try {
-    if (profile.id === 'cpu') {
+    const variant = resolveHardwareProfileVariant(profile.id);
+    if (variant === 'cpu') {
       result = { available: true };
-    } else if (profile.id === 'cuda') {
+    } else if (variant === 'cuda') {
       result = await probeCuda();
-    } else if (profile.id === 'rocm') {
+    } else if (variant === 'rocm') {
       result = await probeRocm();
     } else {
       // Unknown profile id — assume available; caller is responsible for
@@ -564,12 +572,10 @@ export async function annotateAddonProfileAvailability(
   return results;
 }
 
-function readAddonProfiles(composePath: string): AddonProfile[] {
-  if (!existsSync(composePath)) return [];
-
+function readAddonProfilesFromContent(composeContent: string, composePath: string): AddonProfile[] {
   let parsed: unknown;
   try {
-    parsed = parseYaml(readFileSync(composePath, "utf-8"));
+    parsed = parseYaml(composeContent);
   } catch (error) {
     logger.warn("failed to parse addon compose profiles", {
       composePath,
@@ -616,6 +622,11 @@ function readAddonProfiles(composePath: string): AddonProfile[] {
   return [...byProfile.values()];
 }
 
+function readAddonProfiles(composePath: string): AddonProfile[] {
+  if (!existsSync(composePath)) return [];
+  return readAddonProfilesFromContent(readFileSync(composePath, "utf-8"), composePath);
+}
+
 function readServiceLabels(raw: unknown): Record<string, string> {
   if (!raw) return {};
   const out: Record<string, string> = {};
@@ -639,12 +650,26 @@ export function getAddonProfiles(homeDir: string, name: string): AddonProfile[]
   if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
 
   const composeCandidates = [
-    join(homeDir, "config", "stack", "addons", name, "compose.yml"),
-    join(homeDir, "state", "registry", "addons", name, "compose.yml"),
+    join(homeDir, "config", "stack", "channels.compose.yml"),
+    join(homeDir, "config", "stack", "services.compose.yml"),
+    join(homeDir, "config", "stack", "custom.compose.yml"),
   ];
 
+	const localOpenpalmDir = resolveLocalOpenpalmDir();
+	if (localOpenpalmDir) {
+		composeCandidates.push(join(localOpenpalmDir, 'config', 'stack', 'channels.compose.yml'));
+		composeCandidates.push(join(localOpenpalmDir, 'config', 'stack', 'services.compose.yml'));
+		composeCandidates.push(join(localOpenpalmDir, 'config', 'stack', 'custom.compose.yml'));
+	}
+
   for (const composePath of composeCandidates) {
-    const profiles = readAddonProfiles(composePath);
+    const profiles = readAddonProfiles(composePath).filter((profile) => profile.id.startsWith(`addon.${name}`));
+    if (profiles.length > 0) return profiles;
+  }
+
+  for (const assetName of ["channels.compose.yml", "services.compose.yml", "custom.compose.yml"]) {
+    const profiles = readAddonProfilesFromContent(readBundledStackAsset(assetName), `bundled:${assetName}`)
+      .filter((profile) => profile.id.startsWith(`addon.${name}`));
     if (profiles.length > 0) return profiles;
   }
 
@@ -659,42 +684,46 @@ function profileEnvKey(name: string): string {
 export function getAddonProfileSelection(stackDir: string, name: string): string | null {
   const env = readStackEnv(stackDir);
   const value = env[profileEnvKey(name)];
-  return value && value.trim() ? value.trim() : null;
+  const normalized = value ? canonicalAddonProfileSelection(name, value) : '';
+  return normalized ? normalized : null;
 }
 
-export function setAddonProfileSelection(stackDir: string, name: string, profile: string): void {
-  const trimmed = profile.trim();
-  if (!trimmed) throw new Error('Profile id cannot be empty');
+export function setAddonProfileSelection(stackDir: string, name: string, profile: string, state?: ControlPlaneState): void {
+  const trimmed = canonicalAddonProfileSelection(name, profile);
+  if (!trimmed) throw new Error(`Invalid canonical profile id for addon ${name}: ${profile}`);
   patchSecretsEnvFile(stackDir, { [profileEnvKey(name)]: trimmed });
+  if (state) writeRunScript(state);
 }
 
-function enableAddon(homeDir: string, name: string): MutationResult {
+function enableAddon(homeDir: string, stackDir: string, name: string): MutationResult {
   try {
-    copyAddonFromRegistry(homeDir, name);
-    // Pre-create the addon services directory so Docker doesn't create it as root
-    mkdirSync(join(homeDir, 'services', name), { recursive: true });
+    if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
+    setStackSpecAddon(stackDir, name, true);
+    if (name === 'ssh') patchSecretsEnvFile(stackDir, { OPENCODE_ENABLE_SSH: '1' });
     return { ok: true };
   } catch (error) {
     return { ok: false, error: error instanceof Error ? error.message : String(error) };
   }
 }
 
-function disableAddonByName(homeDir: string, name: string): MutationResult {
+function disableAddonByName(homeDir: string, stackDir: string, name: string): MutationResult {
   try {
-    removeEnabledAddon(homeDir, name);
+    if (!VALID_NAME_RE.test(name)) throw new Error(`Invalid addon name: ${name}`);
+    setStackSpecAddon(stackDir, name, false);
+    if (name === 'ssh') patchSecretsEnvFile(stackDir, { OPENCODE_ENABLE_SSH: '0' });
     return { ok: true };
   } catch (error) {
     return { ok: false, error: error instanceof Error ? error.message : String(error) };
   }
 }
 
-export function setAddonEnabled(homeDir: string, stackDir: string, name: string, enabled: boolean): AddonMutationResult {
+export function setAddonEnabled(homeDir: string, stackDir: string, name: string, enabled: boolean, state?: ControlPlaneState): AddonMutationResult {
   if (!VALID_NAME_RE.test(name)) {
     return { ok: false, error: `Invalid addon name: ${name}` };
   }
 
   if (!listAvailableAddonIds().includes(name)) {
-    return { ok: false, error: `Addon "${name}" not found in registry` };
+    return { ok: false, error: `Addon "${name}" is not built in` };
   }
 
   const wasEnabled = listEnabledAddonIds(homeDir).includes(name);
@@ -709,16 +738,19 @@ export function setAddonEnabled(homeDir: string, stackDir: string, name: string,
     };
   }
 
-  const mutation = enabled ? enableAddon(homeDir, name) : disableAddonByName(homeDir, name);
+  const mutation = enabled ? enableAddon(homeDir, stackDir, name) : disableAddonByName(homeDir, stackDir, name);
   if (!mutation.ok) return mutation;
 
   if (enabled) {
-    const composePath = join(homeDir, "config", "stack", "addons", name, "compose.yml");
-    if (isChannelAddon(composePath)) {
-      writeChannelSecrets(stackDir, { [name]: randomHex(16) });
+    if (['api', 'chat', 'discord', 'slack'].includes(name)) {
+      for (const channel of ['api', 'chat', 'discord', 'slack']) {
+        ensureChannelSecret(stackDir, channel);
+      }
     }
   }
 
+  if (state) writeRunScript(state);
+
   return {
     ok: true,
     enabled,
@@ -732,20 +764,20 @@ export function installAutomationFromRegistry(name: string, stashDir: string): M
     return { ok: false, error: `Invalid automation name: ${name}` };
   }
 
-  const markdownContent = getRegistryAutomation(name);
-  if (!markdownContent) {
+  const taskContent = getRegistryAutomation(name);
+  if (!taskContent) {
     return { ok: false, error: `Automation "${name}" not found in registry` };
   }
 
   const tasksDir = join(stashDir, 'tasks');
   mkdirSync(tasksDir, { recursive: true });
 
-  const mdPath = join(tasksDir, `${name}.md`);
-  if (existsSync(mdPath)) {
+  const ymlPath = join(tasksDir, `${name}.yml`);
+  if (existsSync(ymlPath)) {
     return { ok: false, error: `Automation "${name}" is already installed` };
   }
 
-  writeFileSync(mdPath, markdownContent);
+  writeFileSync(ymlPath, taskContent);
   // The assistant container's 60-second akm tasks sync loop picks up the new
   // file from the shared stash mount and registers it with OS cron.
   return { ok: true };
@@ -756,12 +788,12 @@ export function uninstallAutomation(name: string, stashDir: string): MutationRes
     return { ok: false, error: `Invalid automation name: ${name}` };
   }
 
-  const mdPath = join(stashDir, 'tasks', `${name}.md`);
-  if (!existsSync(mdPath)) {
+  const ymlPath = join(stashDir, 'tasks', `${name}.yml`);
+  if (!existsSync(ymlPath)) {
     return { ok: false, error: `Automation "${name}" is not installed` };
   }
 
-  rmSync(mdPath, { force: true });
+  rmSync(ymlPath, { force: true });
   // The assistant container's 60-second akm tasks sync will notice the file
   // is gone and deregister it from OS cron on next sync.
   return { ok: true };

package/src/control-plane/rollback.ts

@@ -2,10 +2,10 @@
  * Snapshot-based rollback for the OpenPalm control plane.
  *
  * Before writing validated changes to live paths, the current state
- * is snapshotted to ~/.cache/openpalm/rollback/. On deploy failure
+ * is snapshotted to OP_HOME/data/rollback/. On deploy failure
  * (or manual `openpalm rollback`), the snapshot is restored.
  */
-import { mkdirSync, copyFileSync, existsSync, readdirSync, readFileSync, writeFileSync } from "node:fs";
+import { mkdirSync, copyFileSync, existsSync, readFileSync, writeFileSync } from "node:fs";
 import { join, dirname } from "node:path";
 import type { ControlPlaneState } from "./types.js";
 import { resolveRollbackDir } from "./home.js";
@@ -14,9 +14,11 @@ import { resolveRollbackDir } from "./home.js";
  *  Only config/ system files are included — user-editable config files
  *  are never overwritten by lifecycle operations. */
 const SNAPSHOT_FILES = [
-  "config/stack/stack.env",
-  "config/stack/guardian.env",
-  "config/auth.json",
+  "knowledge/env/stack.env",
+  "config/stack/services.compose.yml",
+  "config/stack/channels.compose.yml",
+  "config/stack/custom.compose.yml",
+  "knowledge/secrets/auth.json",
 ];
 
 /**
@@ -30,8 +32,7 @@ function safeCopy(src: string, dest: string): void {
 
 /**
  * Save the current live configuration files to the rollback directory.
- * Also snapshots stack/core.compose.yml and all addon compose.yml files
- * under stack/addons/.
+ * Also snapshots stack/core.compose.yml.
  */
 export function snapshotCurrentState(state: ControlPlaneState): void {
   const rollbackDir = resolveRollbackDir();
@@ -48,22 +49,6 @@ export function snapshotCurrentState(state: ControlPlaneState): void {
   const coreCompose = join(state.homeDir, "config/stack/core.compose.yml");
   safeCopy(coreCompose, join(rollbackDir, "config/stack/core.compose.yml"));
 
-  // Snapshot config/stack/addons/*/compose.yml
-  const addonsDir = join(state.homeDir, "config/stack/addons");
-  if (existsSync(addonsDir)) {
-    for (const entry of readdirSync(addonsDir, { withFileTypes: true })) {
-      if (entry.isDirectory()) {
-        const addonCompose = join(addonsDir, entry.name, "compose.yml");
-        if (existsSync(addonCompose)) {
-          safeCopy(
-            addonCompose,
-            join(rollbackDir, "config/stack/addons", entry.name, "compose.yml"),
-          );
-        }
-      }
-    }
-  }
-
   // Write a timestamp marker
   writeFileSync(
     join(rollbackDir, ".snapshot-ts"),
@@ -94,21 +79,6 @@ export function restoreSnapshot(state: ControlPlaneState): void {
     safeCopy(srcCoreCompose, join(state.homeDir, "config/stack/core.compose.yml"));
   }
 
-  // Restore config/stack/addons/*/compose.yml
-  const srcAddons = join(rollbackDir, "config/stack/addons");
-  if (existsSync(srcAddons)) {
-    for (const entry of readdirSync(srcAddons, { withFileTypes: true })) {
-      if (entry.isDirectory()) {
-        const srcAddonCompose = join(srcAddons, entry.name, "compose.yml");
-        if (existsSync(srcAddonCompose)) {
-          safeCopy(
-            srcAddonCompose,
-            join(state.homeDir, "config/stack/addons", entry.name, "compose.yml"),
-          );
-        }
-      }
-    }
-  }
 }
 
 /**

package/src/control-plane/scheduler.ts

@@ -1,7 +1,7 @@
 /**
  * Automation scheduler — types and akm CLI integration.
  *
- * Automations are AKM markdown task files at ${stashDir}/tasks/*.md.
+ * Automations are AKM task files at ${stashDir}/tasks/*.yml.
  * Scheduling is handled by the OS cron daemon (via `akm tasks sync`).
  * Execution is handled by `akm tasks run <id>`.
  */
@@ -69,8 +69,8 @@ export async function executeAutomation(
   id: string,
   akmEnv: NodeJS.ProcessEnv,
 ): Promise<AutomationRunResult> {
-  // Strip .md suffix if caller passes the full filename
-  const taskId = id.replace(/\.md$/, "");
+  // Strip file suffix if caller passes the full filename.
+  const taskId = id.replace(/\.(?:ya?ml|md)$/, "");
   return new Promise((resolve) => {
     execFile(
       "akm",
@@ -89,7 +89,7 @@ export async function executeAutomation(
   });
 }
 
-// ── Sync crontab with stash/tasks/*.md ───────────────────────────────────
+// ── Sync crontab with knowledge/tasks/*.yml ──────────────────────────────────
 
 export async function syncAutomations(akmEnv: NodeJS.ProcessEnv): Promise<void> {
   return new Promise((resolve, reject) => {
@@ -112,11 +112,11 @@ export async function syncAutomations(akmEnv: NodeJS.ProcessEnv): Promise<void>
 
 export function readAutomationLogs(
   id: string,
-  cacheDir: string,
+  dataDir: string,
   limit: number = 50,
 ): string[] {
-  const taskId = id.replace(/\.md$/, "");
-  const logDir = join(cacheDir, "akm", "tasks", "logs", taskId);
+  const taskId = id.replace(/\.(?:ya?ml|md)$/, "");
+  const logDir = join(dataDir, "akm", "cache", "tasks", "logs", taskId);
   if (!existsSync(logDir)) return [];
 
   const logFiles = readdirSync(logDir, { withFileTypes: true })